1、 ETSI TS 124 109 V15.0.0 (2018-06) Universal Mobile Telecommunications System (UMTS); LTE; Bootstrapping interface (Ub) and network application function interface (Ua); Protocol details (3GPP TS 24.109 version 15.0.0 Release 15) TECHNICAL SPECIFICATION ETSI ETSI TS 124 109 V15.0.0 (2018-06)13GPP TS
2、24.109 version 15.0.0 Release 15Reference RTS/TSGC-0124109vf00 Keywords LTE,UMTS ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grass
3、e (06) N 7803/88 Important notice The present document can be downloaded from: http:/www.etsi.org/standards-search The present document may be made available in electronic versions and/or in print. The content of any electronic and/or print versions of the present document shall not be modified with
4、out the prior written authorization of ETSI. In case of any existing or perceived difference in contents between such versions and/or in print, the only prevailing document is the print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat. Users of t
5、he present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at https:/portal.etsi.org/TB/ETSIDeliverableStatus.aspx If you find errors in the present document, please send your c
6、omment to one of the following services: https:/portal.etsi.org/People/CommiteeSupportStaff.aspx Copyright Notification No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm except as authorized by written permission of ETSI
7、. The content of the PDF version shall not be modified without the written authorization of ETSI. The copyright and the foregoing restriction extend to reproduction in all media. ETSI 2018. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTMand the ETSI logo are trademarks of ETSI registered for the be
8、nefit of its Members. 3GPPTM and LTETMare trademarks of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. oneM2M logo is protected for the benefit of its Members. GSMand the GSM logo are trademarks registered and owned by the GSM Association. ETSI ETSI TS 124 10
9、9 V15.0.0 (2018-06)23GPP TS 24.109 version 15.0.0 Release 15Intellectual Property Rights Essential patents IPRs essential or potentially essential to normative deliverables may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI memb
10、ers and non-members, and can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (https:/ipr.etsi
11、.org/). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the
12、 present document. Trademarks The present document may include trademarks and/or tradenames which are asserted and/or registered by their owners. ETSI claims no ownership of these except for any which are indicated as being the property of ETSI, and conveys no right to use or reproduce any trademark
13、 and/or tradename. Mention of those trademarks in the present document does not constitute an endorsement by ETSI of products, services or organizations associated with those trademarks. Foreword This Technical Specification (TS) has been produced by ETSI 3rd Generation Partnership Project (3GPP). T
14、he present document may refer to technical specifications or reports using their 3GPP identities, UMTS identities or GSM identities. These should be interpreted as being references to the corresponding ETSI deliverables. The cross reference between GSM, UMTS, 3GPP and ETSI identities can be found un
15、der http:/webapp.etsi.org/key/queryform.asp. Modal verbs terminology In the present document “shall“, “shall not“, “should“, “should not“, “may“, “need not“, “will“, “will not“, “can“ and “cannot“ are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expre
16、ssion of provisions). “must“ and “must not“ are NOT allowed in ETSI deliverables except when used in direct citation. ETSI ETSI TS 124 109 V15.0.0 (2018-06)33GPP TS 24.109 version 15.0.0 Release 15Contents Intellectual Property Rights 2g3Foreword . 2g3Modal verbs terminology 2g3Foreword . 6g31 Scope
17、 7g32 References 7g33 Definitions and abbreviations . 8g33.1 Definitions 8g33.2 Abbreviations . 9g34 Generic Bootstrapping Architecture; Ub interface . 10g34.1 Introduction 10g34.2 Bootstrapping procedure 11g34.3 User authentication failure . 12g34.4 Network authentication failure . 12g34.5 Synchron
18、ization failure 12g34A Generic Bootstrapping Achitecture Push; Upa . 12g34A.1 Introduction 12g34A.2 Bootstrapping procedure 13g34A.3 User authentication failure . 13g34A.4 Network authentication failure . 13g34A.5 Synchronization failure 14g35 Network application function; Ua interface . 14g35.1 Int
19、roduction 14g35.2 HTTP Digest authentication . 14g35.2.1 General 14g35.2.2 Authentication procedure 15g35.2.2.1 General 15g35.2.3 Authentication failures 16g35.2.4 Bootstrapping required indication . 16g35.2.5 Bootstrapping renegotiation indication . 16g35.2.6 Integrity protection . 16g35.3 UE and N
20、AF authentication using HTTPS . 16g35.3.1 General 16g35.3.2 Shared key-based UE authentication with certificate-based NAF authentication . 17g35.3.2.1 Authentication procedure 17g35.3.2.2 Authentication failures 17g35.3.2.3 Bootstrapping required indication . 17g35.3.2.4 Bootstrapping renegotiation
21、indication . 17g35.3.3 Shared key-based mutual authentication between UE and NAF 17g35.3.3.1 Authentication procedure 17g35.3.3.2 Authentication failures 19g35.3.3.3 Bootstrapping required indication . 19g35.3.3.4 Bootstrapping renegotiation indication . 19g35.3.4 Certificate based mutual authentica
22、tion between UE and application server . 19g35.3.5 Integrity protection . 19g36 PKI portal, Ua interface 19g36.1 Introduction 19g36.2 Subscriber certificate enrolment . 19g36.2.1 Enrolment procedure. 20g36.2.2 WIM specific authentication code for key generation 21g36.2.3 WIM specific authentication
23、code for proof of key origin 22g36.2.4 Error situations 22g3ETSI ETSI TS 124 109 V15.0.0 (2018-06)43GPP TS 24.109 version 15.0.0 Release 156.3 CA certificate delivery . 23g36.3.1 CA certificate delivery procedure . 23g36.3.2 Error situations 24g37 Authentication Proxy 25g37.1 Introduction 25g37.2 Au
24、thentication 25g37.3 Authorization 26g3Annex A (informative): Signalling flows of bootstrapping procedure . 27g3A.1 Scope of signalling flows . 27g3A.2 Introduction 27g3A.2.1 General . 27g3A.2.2 Key required to interpret signalling flows 27g3A.3 Signalling flows demonstrating a successful bootstrapp
25、ing procedure 27g3A.4 Signalling flows demonstrating a synchronization failure in the bootstrapping procedure . 31g3Annex A1 (informative): Signalling flows of GBA Push procedure. 34g3A1.1 Scope of signalling flows . 34g3A1.2 Introduction 34g3A1.2.1 General . 34g3A1.2.2 Key required to interpret sig
26、nalling flows 34g3A1.3 Signalling flows demonstrating a successful GBA Push procedure . 34g3Annex B (informative): Signalling flows for HTTP Digest Authentication with bootstrapped security association 37g3B.1 Scope of signalling flows . 37g3B.2 Introduction 37g3B.2.1 General . 37g3B.2.2 Key require
27、d to interpret signalling flows 37g3B.3 Signalling flows demonstrating a successful authentication procedure . 37g3Annex C (normative): XML Schema Definition 42g3C.1 Introduction 42g3Annex D (informative): Signalling flows for Authentication Proxy . 43g3D.1 Scope of signalling flows . 43g3D.2 Introd
28、uction 43g3D.2.1 Key required to interpret signalling flows 43g3D.3 Signalling flow demonstrating a successful authentication procedure . 43g3Annex E (informative): Signalling flows for PKI portal . 49g3E.1 Scope of signalling flows . 49g3E.2 Introduction 49g3E.2.1 General . 49g3E.2.2 Key required t
29、o interpret signalling flows 49g3E.3 Signalling flows demonstrating a successful subscriber certificate enrolment 49g3E.3.1 Simple subscriber certificate enrolment . 49g3E.3.2 Subscriber certificate enrolment with WIM authentication codes 53g3E.4 Signalling flows demonstrating a failure in subscribe
30、r certificate enrolment 60g3E.5 Signalling flows demonstrating a successful CA certificate delivery 60g3ETSI ETSI TS 124 109 V15.0.0 (2018-06)53GPP TS 24.109 version 15.0.0 Release 15E.6 Signalling flows demonstrating a failure in CA certificate delivery 64g3Annex F (informative): Signalling flows f
31、or PSK TLS with bootstrapped security association . 65g3F.1 Scope of signalling flows . 65g3F.2 Introduction 65g3F.2.1 General . 65g3F.2.2 Key required to interpret signalling flows 65g3F.3 Signalling flow demonstrating a successful PSK TLS authentication procedure 66g3Annex G (normative): 3GPP spec
32、ific extension-headers for HTTP entity-header fields 69g3G.1 General . 69g3G.2 X-3GPP-Intended-Identity extension-header . 69g3G.3 X-3GPP-Asserted-Identity extension-header . 69g3G.4 X-3GPP-Authorization-Flags extension-header . 69g3Annex H (normative): 2G GBA . 71g3H.1 Introduction 71g3H.2 2G GBA b
33、ootstrapping procedure 71g3H.3 User authentication failure . 72g3H.4 Network authentication failure . 72g3Annex I (normative): GBA_Digest 73g3I.1 Introduction 73g3I.2 GBA_Digest bootstrapping procedure . 73g3I.3 User authentication failure . 74g3I.4 Network authentication failure . 74g3Annex J (Norm
34、ative): Realization of GBA Push delivery 75g3J.1 Introduction 75g3J.2 GPI delivery using WAP Push . 75g3J.2.1 General . 75g3J.2.2 Push-NAF procedures 75g3J.2.3 UE procedures 76g3J.2.3.1 Reception of GPI in push message . 76g3J.3 PDUs and parameters specific to the present document 77g3J.3.1 GPI enve
35、lope 77g3J.3.1.1 General 77g3J.3.1.2 Structure 77g3J.3.1.3 GPI envelope short code values 77g3J.3.1.4 IANA registration template. 77g3Annex K (informative): Change history . 79g3History 81g3ETSI ETSI TS 124 109 V15.0.0 (2018-06)63GPP TS 24.109 version 15.0.0 Release 15Foreword This Technical Specifi
36、cation has been produced by the 3rdGeneration Partnership Project (3GPP). The contents of the present document are subject to continuing work within the TSG and may change following formal TSG approval. Should the TSG modify the contents of the present document, it will be re-released by the TSG wit
37、h an identifying change of release date and an increase in version number as follows: Version x.y.z where: x the first digit: 1 presented to TSG for information; 2 presented to TSG for approval; 3 or greater indicates TSG approved document under change control. y the second digit is incremented for
38、all changes of substance, i.e. technical enhancements, corrections, updates, etc. z the third digit is incremented when editorial only changes have been incorporated in the document. ETSI ETSI TS 124 109 V15.0.0 (2018-06)73GPP TS 24.109 version 15.0.0 Release 151 Scope The present document defines s
39、tage 3 for the HTTP Digest AKA 6 based implementation of Ub interface (UE-BSF), the Disposable-Ks model based implementation of Upa interface (NAF-UE) and the HTTP Digest 9 and the PSK TLS based implementation of bootstrapped security association usage over Ua interface (UE-NAF) in Generic Authentic
40、ation Architecture (GAA) as specified in 3GPP TS 33.220 1. The purpose of the Ub interface is to create a security association between UE and BSF for further usage in GAA applications. The purpose of the Upa interface is to provide a push mechanism to created a bootstrapped security association betw
41、een the UE and NAF for secure communication of pushed messages. The purpose of the Ua interface is to use the so created bootstrapped security association between UE and NAF for secure communication. The present document also defines stage 3 for the Authentication Proxy usage as specified in 3GPP TS
42、 33.222 5. The present document also defines stage 3 for the subscriber certificate enrolment as specified in 3GPP TS 33.221 4 which is one realization of the Ua interface. The subscriber certificate enrolment uses the HTTP Digest based implementation of bootstrapped security association usage to en
43、rol a subscriber certificate and the delivery of a CA certificate. 2 References The following documents contain provisions, which, through reference in this text, constitute provisions of the present document. References are either specific (identified by date of publication, edition number, version
44、 number, etc.) or non-specific. For a specific reference, subsequent revisions do not apply. For a non-specific reference, the latest version applies. In the case of a reference to a 3GPP document (including a GSM document), a non-specific reference implicitly refers to the latest version of that do
45、cument in the same Release as the present document. 1 3GPP TS 33.220: “Generic Authentication Architecture (GAA); Generic bootstrapping architecture“. 2 3GPP TR 33.919: “Generic Authentication Architecture (GAA); System description“. 3 3GPP TS 29.109: “Generic Authentication Architecture (GAA); Zh a
46、nd Zn Interfaces based on the Diameter protocol; Protocol details“. 4 3GPP TS 33.221: “Generic Authentication Architecture (GAA); Support for Subscriber Certificates“. 5 3GPP TS 33.222: “Generic Authentication Architecture (GAA); Access to network application functions using Hypertext Transfer Proto
47、col over Transport Layer Security (HTTPS)“. 6 IETF RFC 3310: “Hypertext Transfer Protocol (HTTP) Digest Authentication Using Authentication and Key Agreement (AKA)“. 7 3GPP TS 23.003: “Numbering, addressing and identification“. 8 IETF RFC 3023: “XML Media Types“. 9 IETF RFC 2617: “HTTP Authenticatio
48、n: Basic and Digest Access Authentication“. 10 IETF RFC 3548: “The Base16, Base32, and Base64 Data Encodings“. 11 Void. 12 IETF RFC 2818: “HTTP over TLS“. 13 3GPP TS 24.228 Release 5: “Signalling flows for the IP multimedia call control based on Session Initiation Protocol (SIP) and Session Descript
49、ion Protocol (SDP); Stage 3“. ETSI ETSI TS 124 109 V15.0.0 (2018-06)83GPP TS 24.109 version 15.0.0 Release 1514 IETF RFC 2616: “Hypertext Transfer Protocol - HTTP/1.1“. 15 Void. 16 PKCS#10 v1.7: “Certification Request Syntax Standard“. NOTE: ftp:/ 17 WAP Forum: “WPKI: Wireless Application Protocol; Public Key Infrastructure Definition“ NOTE: http:/www1.wapforum.org/tech/documents/WAP-217-WPKI-20010424-a.pdf. 18 Void. 19 Open Mobile Alliance: “ECMAScript Crypto Object“ N
copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1