S.4 3GPP2 AKA Credentials

33.2033G Security3GPPAccess security for IP-based servicesTS

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

S.4.1 Realisations of 3GPP2 AKA Credentials

For the purposes of this Annex, the following implementation options for 3GPP2 AKA Credentials are permitted:

– Use of a distinct ISIM application which does not share security functions with the CSIM or USIM;

– Use of a distinct ISIM application which does share security functions with the CSIM;

– Use of a distinct USIM application on a UICC;

– Use of a distinct IMC which does not share security functions with the UIM;

– Use of a distinct IMC which does share security functions with the UIM;

– Use of a CSIM application on a UICC (3GPP2 C.S0065 [45] );

– Use of a UIM or R-UIM (3GPP2 C.S0023 [41] ).

There shall only be one 3GPP2 AKA credential for each IMPI.

If there is an IMC or ISIM, then the IMC or ISIM shall always be used for IMS authentication using AKA.

The IMS subscriber shall not be able to modify or enter the IMPI. The IMS subscriber shall not be able to modify or enter the Home Domain Name.

If the IMS specific identities are not present, i.e. neither an ISIM or an IMC is used as the 3GPP2 AKA credential, the IMS identities (e.g., IMPI/IMPU) shall be derived from the Mobile Station Identity (MSID) used to access cdma2000 access networks as specified in clause 13 of TS 23.003 [46]. The MSID can be either IMSI or Mobile Indentification Number (MIN).

The AKA algorithms for 3GPP2 networks are specified in 3GPP2 S.S0055 [43] and 3GPP2 S.S0078 [44].

The ISIM application as defined in clause 8.1 and the rules for sharing security functions between an ISIM application and USIM given in clause 8.2 apply to the above cases.

At UE power off, the existing SAs (session keys and related information) shall be deleted.