7 Security related services

33.5353GPPAuthentication and Key Management for Applications (AKMA) based on 3GPP credentials in the 5G System (5GS)Release 17TS

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

7.1 Services provided by AAnF

7.1.1 General

The following table shows the AAnF Services and AAnF Service Operations.

Table 7.1.1-1: List of AAnF Services

Service Name	Service Operations	Operation Semantics	Example Consumer(s)
Naanf_AKMA	AnchorKey_Register	Request/Response	AUSF
	ApplicationKey_Get	Request/Response	AF, NEF
	ApplicationKey_ AnonUser_Get	Request/Response	AF

7.1.2 Naanf_AKMA_AnchorKey_Register service operation

Service operation name: Naanf_AKMA_AnchorKey_Register.

Description: The NF consumer requests the AAnF to store the AKMA related key material.

Input, Required: SUPI, A-KID, K_AKMA

Input, Optional: None.

Output, Required: None.

Output, Optional: None.

7.1.3 Naanf_AKMA_ApplicationKey_Get service operation

Service operation name: Naanf_AKMA_ApplicationKey_Get.

Description: The NF consumer requests AKMA Application Key and UE ID from the AAnF.

Input, Required: A-KID, AF_ID

Input, Optional: None.

Output, Required: K_AF, K_AF expiration time and SUPI.

Output, Optional: None.

7.1.4 Naanf_AKMA_Context_Remove operation

Service operation name: Naanf_AKMA_Context_Remove.

Description: The NF consumer requests the AAnF to remove the AKMA related key material.

Input, Required: SUPI.

Input, Optional: None.

Output, Required: None.

Output, Optional: None.

7.1.5 Naanf_AKMA_ApplicationKey_ AnonUser_Getservice operation

Service operation name: Naanf_AKMA_ApplicationKey_AnonUser_Get.

Description: The NF consumer requests only the AKMA Application Key from the AAnF. This service is for allowing anonymous user access to the AF based on A-KID (i.e., UE identification is not required at the AF). The A-KID functions as a temporary user identifier.

Input, Required: A-KID, AF_ID

Input, Optional: None.

Output, Required: K_AF, K_AF expiration time.

Output, Optional: None.

7.2 Void

7.3 Services provided by NEF

7.3.1 General

The NEF exposes AKMA Application Key derivation service to the requester NF.

The following table shows the NEF Services and NEF Service Operations related to AKMA service.

Table 7.3.1-1: List of NEF Services

Service Name

Service Operations

Operation

Semantics

Example Consumer(s)

Nnef_AKMA

ApplicationKey_Get

Request/Response

7.3.2 Nnef_AKMA_ApplicationKey_Get service operation

Service operation name: Nnef_AKMA_ApplicationKey_Get.

Description: The NF consumer requests the NEF to provide AF related key material.

Input, Required: A-KID, AF_ID

Input, Optional: UEID not needed indication.

Output, Required: K_AF, K_AF expiration time.

Output, Optional: GPSI (external ID).

7.4 Services provided by UDM

UDM services related to AKMA service are defined in TS 33.501 [2] clause 14.2.2.

Annex A (normative):
Key derivation functions