P.6 Considerations on the Cx interface

33.2033G Security3GPPAccess security for IP-based servicesTS

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

The specification of certain Cx commands in TS 29.228 [39] requires the inclusion of a private user identity (IMPI). When a registration request is sent without an Authorization header then such a private user identity is not available.

For GIBA, an Authorization header is never included in a registration request. However, it is specified for GIBA in TS 23.003 [46] how to create the private and temporary public user identity, and in TS 24.229 [8] (c.f., clause 5.3.1.2) how to derive a private user identity from a public user identity. This derived private user identity is then used in Cx commands.

For NBA the inclusion of an Authorization header in a registration request is optional. However, it is specified for NBA in TS 24.229 [8] (c.f., clause 5.3.1.2) how to derive a private user identity from a public user identity. This derived private user identity is then used in Cx commands.

For SIP Digest, an Authorization header is not necessarily present in a registration request. However, it is specified in TS 24.229 [8] (c.f. clause 5.3.1.2) how to derive a private user identity from a public user identity. This derived private user identity is then used in Cx commands.

Annex Q (informative):
Usage of the authentication mechanisms for non-registration messages in Annexes N and O