3 Definitions and abbreviations

33.3103GPPAuthentication Framework (AF)Network Domain Security (NDS)TS

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

3.1 Definitions

For the purposes of the present document, the definitions given in TR 21.905 [8] and the following definitions apply:

CA: "Certification Authority", a PKI entity issuing X.509 certificates

Interconnection CA: The CA that issues cross-certificates on behalf of a particular operator to the SEG CAs of other domains with which the operator’s SEGs have interconnection.

Interconnect Agreement: In the context of this specification an interconnect agreement is an agreement by two operators to establish secure communications. This may be for the purpose of protecting various forms of communications between the operators, e.g. GPRS roaming, MMS interconnect, WLAN roaming and IMS interconnect.

Local CR: Repository that contains cross-certificates.

Local CRL: Repository that contains cross-certificate revocations.

OSCP: Online Certificate Status Protocol. Protocol for revocation checking which is can also be used offline in so called “OCSP stapling”. Can be used instead of CRL or together with CRL.

PSK: Pre-Shared Key. Method of authentication used by IKE between SEG in NDS/IP [1].

Public CRL: Repository that contains revocations of SEG and CA certificates and can be accessed by other operators.

RA: "Registration Authority", an optional PKI entity that does not issue certificates and is separate from the CA.

NOTE: An RA is delegated by a CA to receive and evaluate certificate signing requests, potentially verify them, and forward them to the CA which will issue an X.509 certificate.

RA/CA: The PKI entity or entities in the operator network issuing certificates, and making them available to base stations via CMPv2.

NOTE: If used in context of receiving certificate signing requests from a base station, the term may mean RA. If used in context of issuing certificates, the term means CA.

SEG CA: The CA that issues end entity certificates to SEGs within a particular operator’s domain.

3.2 Abbreviations

For the purposes of the present document, the abbreviations given in TR 21.905 [8] and the following abbreviations apply:

AF Authentication Framework

CA Certification Authority

CR Certificate Repository

CRL Certificate Revocation List

GBA Generic Bootstrapping Architecture

IMS IP Multimedia Subsystem

NDS Network Domain Security

OCSP Online Certificate Status Protocol

PKI Public Key Infrastructure

POP Proof Of Possession

PSK Pre-Shared Key

RA Registration Authority

SEG Security Gateway

VPN Virtual Private Network

Za Interface between SEGs belonging to different networks/security domains (a Za interface may be an intra or an inter operator interface).

Zb Interface between SEGs and NEs and interface between NEs within the same network/security domain