ImageVerifierCode 换一换
格式:PDF , 页数:19 ,大小:128.21KB ,
资源ID:743420      下载积分:10000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-743420.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(ETSI TS 133 141-2017 Universal Mobile Telecommunications System (UMTS) LTE Presence service Security (V14 0 0 3GPP TS 33 141 version 14 0 0 Release 14)《通用移动通信系统(UMTS) 长期演进技术(LTE) 在.pdf)为本站会员(twoload295)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

ETSI TS 133 141-2017 Universal Mobile Telecommunications System (UMTS) LTE Presence service Security (V14 0 0 3GPP TS 33 141 version 14 0 0 Release 14)《通用移动通信系统(UMTS) 长期演进技术(LTE) 在.pdf

1、 ETSI TS 133 141 V14.0.0 (2017-04) Universal Mobile Telecommunications System (UMTS); LTE; Presence service; Security (3GPP TS 33.141 version 14.0.0 Release 14) TECHNICAL SPECIFICATION ETSI ETSI TS 133 141 V14.0.0 (2017-04)13GPP TS 33.141 version 14.0.0 Release 14Reference RTS/TSGS-0333141ve00 Keywo

2、rds LTE,SECURITY,UMTS ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice The present document can

3、be downloaded from: http:/www.etsi.org/standards-search The present document may be made available in electronic versions and/or in print. The content of any electronic and/or print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any

4、 existing or perceived difference in contents between such versions and/or in print, the only prevailing document is the print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may b

5、e subject to revision or change of status. Information on the current status of this and other ETSI documents is available at https:/portal.etsi.org/TB/ETSIDeliverableStatus.aspx If you find errors in the present document, please send your comment to one of the following services: https:/portal.etsi

6、.org/People/CommiteeSupportStaff.aspx Copyright Notification No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm except as authorized by written permission of ETSI. The content of the PDF version shall not be modified with

7、out the written authorization of ETSI. The copyright and the foregoing restriction extend to reproduction in all media. European Telecommunications Standards Institute 2017. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTMand the ETSI logo are Trade Marks of ETSI registered for the benefit of its Me

8、mbers. 3GPPTM and LTE are Trade Marks of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. oneM2M logo is protected for the benefit of its Members GSM and the GSM logo are Trade Marks registered and owned by the GSM Association. ETSI ETSI TS 133 141 V14.0.0 (201

9、7-04)23GPP TS 33.141 version 14.0.0 Release 14Intellectual Property Rights IPRs essential or potentially essential to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be fo

10、und in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (https:/ipr.etsi.org/). Pursuant to the ETSI IPR P

11、olicy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. Foreword This T

12、echnical Specification (TS) has been produced by ETSI 3rd Generation Partnership Project (3GPP). The present document may refer to technical specifications or reports using their 3GPP identities, UMTS identities or GSM identities. These should be interpreted as being references to the corresponding

13、ETSI deliverables. The cross reference between GSM, UMTS, 3GPP and ETSI identities can be found under http:/webapp.etsi.org/key/queryform.asp. Modal verbs terminology In the present document “shall“, “shall not“, “should“, “should not“, “may“, “need not“, “will“, “will not“, “can“ and “cannot“ are t

14、o be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of provisions). “must“ and “must not“ are NOT allowed in ETSI deliverables except when used in direct citation. ETSI ETSI TS 133 141 V14.0.0 (2017-04)33GPP TS 33.141 version 14.0.0 Release 14Conte

15、nts Intellectual Property Rights 2g3Foreword . 2g3Modal verbs terminology 2g3Foreword . 4g3Introduction 4g31 Scope 5g32 References 5g33 Definitions and abbreviations . 6g33.1 Definitions 6g33.2 Abbreviations . 6g34 Security architecture . 7g34.1 Overview of the security architecture . 7g34.2 The Ut

16、reference point 7g35 Security features . 8g35.1 Secure Access to the Presence Server over the Ut reference point . 8g35.1.1 Authentication of the subscriber and the presence server . 8g35.1.2 Confidentiality protection . 8g35.1.3 Integrity protection . 8g35.1.4 Authentication Proxy 8g36 Security Mec

17、hanisms for the Ut reference point 9g36.1 Authentication and key agreement . 9g36.1.1 Authentication of the subscriber . 9g36.1.2 Authentication of the AP/Presence Server 9g36.1.3 Management of public user identities . 9g36.1.4 Authentication failures 9g36.2 Confidentiality protection . 10g36.3 Inte

18、grity protection . 10g37 Security parameters agreement 10g37.1 Set-up of Security parameters 10g37.2 Error cases 10g3Annex A: Void 11g3Annex B (informative): Void . 12g3Annex C (normative): Requirements specific to 3GPP2 Access 13g3C.1 General . 13g3C.2 Authentication of the subscriber . 13g3C.3 Aut

19、hentication of the Presence Server . 13g3C.4 Management of public user identities 13g3C.5 Authentication failures . 13g3C.6 Set-up of Security parameters 14g3C.7 Error cases 14g3Annex D (normative): GPRS-IMS-Bundled Authentication for Ut interface security 15g3Annex E (informative): Change history .

20、 17g3History 18 ETSI ETSI TS 133 141 V14.0.0 (2017-04)43GPP TS 33.141 version 14.0.0 Release 14Foreword This Technical Specification has been produced by the 3rdGeneration Partnership Project (3GPP). The contents of the present document are subject to continuing work within the TSG and may change fo

21、llowing formal TSG approval. Should the TSG modify the contents of the present document, it will be re-released by the TSG with an identifying change of release date and an increase in version number as follows: Version x.y.z where: x the first digit: 1 presented to TSG for information; 2 presented

22、to TSG for approval; 3 or greater indicates TSG approved document under change control. y the second digit is incremented for all changes of substance, i.e. technical enhancements, corrections, updates, etc. z the third digit is incremented when editorial only changes have been incorporated in the d

23、ocument. Introduction This technical specification gives an overview of the security architecture and defines the security features and security mechanisms for the presence services. Presence services enable the dissemination of presence information of a user to other users or services. A presence e

24、ntity or presentity comprises the user, users devices, services and service components. It is the intention that this platform will enable new services like e.g. enhancement to chat, multimedia messaging, cinema ticket information, the score of a football game and so on. A user has the possibility t

25、o control if her or his information is made available to other users or services. This control is possible to achieve with high granularity e.g. explicitly define which user or users and services have access to presence information. A presentity is a uniquely identifiable entity with the capability

26、to provide the presence information and it has only one principal associated with it. Hence a principal is distinct from all other principals and can be e.g. a human, organisation, program or even a collection thereof. One example of such a relation is when the presentity is a terminal and the princ

27、ipal of the terminal is the subscriber. However, the presence service is based on Public Identities, and consequently it is possible to have several terminals related to the same presentity. A watcher is also a uniquely identifiable entity but with the aim to fetch or request information about a pre

28、sentity. There are access rules that set the rules for how presence information gets available to watchers. Presence information consists of a number of elements or presence tuples as defined in TS 23.141 3 ETSI ETSI TS 133 141 V14.0.0 (2017-04)53GPP TS 33.141 version 14.0.0 Release 141 Scope The pr

29、esent document is the Stage 2 specification for the security requirements, security architecture, security features and security mechanisms for the Presence Service, which includes the elements necessary to realise the requirements in TS 22.141 2 and TS 23.141 3. As far as SIP-based procedures are c

30、oncerned, this specification refers to TS 33.203 4. The main content of this specification is the security for the Ut reference point, which is HTTPbased, as applied in presence services. The present document includes information applicable to network operators, service providers and manufacturers.

31、2 References The following documents contain provisions which, through reference in this text, constitute provisions of the present document. - References are either specific (identified by date of publication, edition number, version number, etc.) or non-specific. - For a specific reference, subseq

32、uent revisions do not apply. - For a non-specific reference, the latest version applies. In the case of a reference to a 3GPP document (including a GSM document), a non-specific reference implicitly refers to the latest version of that document in the same Release as the present document. 1 3GPP TR

33、21.905: “Vocabulary for 3GPP Specifications“. 2 3GPP TS 22.141: “Presence service; Stage 1“. 3 3GPP TS 23.141: “Presence service; Architecture and functional description“. 4 3GPP TS 33.203: “3G Security; Access security for IP-based services“. 5 Void 6 Void 7 3GPP TS 23.002: “Network architecture“.

34、8 Void 9 Void 10 3GPP TS 33.210: “3G Security; Network Domain Security; IP network layer security“. 11 3GPP TS 33.220: “Generic Authentication Architecture (GAA); Generic Bootstrapping Architecture“. 12 Void 13 Void. 14 Void 15 3GPP TR 33.919: “Generic Authentication Architecture (GAA); System descr

35、iption“. 16 Void 17 Void 18 Void 19 3GPP TS 33.222: “ Generic Authentication Architecture (GAA); Access to network application functions using secure hypertext transfer protocol (HTTPS)“. ETSI ETSI TS 133 141 V14.0.0 (2017-04)63GPP TS 33.141 version 14.0.0 Release 1420 Void. 21 3GPP2 S.S0109-A v1.0:

36、 “Generic bootstrapping architecture“ 22 3GPP2 S.S0114-A v1.0: “Security mechanisms using GBA“ 23 3GPP TS 29.329: “Sh interface based on the Diameter protocol; Protocol details“ 24 3GPP TS 24.109: “Bootstrapping interface (Ub) and network application function interface (Ua); Protocol details 25 3GPP

37、 TS 23.003: “Numbering, addressing and identification“. 26 3GPP TS 29.328: “IP Multimedia (IM) Subsystem Sh interface; Signalling flows and message contents“. 3 Definitions and abbreviations 3.1 Definitions For the purposes of the present document, the following terms and definitions apply. Confiden

38、tiality: The property that information is not made available or disclosed to unauthorised individuals, entities or processes. Data integrity: The property that data has not been altered in an unauthorised manner. Data origin authentication: The corroboration that the source of data received is as cl

39、aimed. Entity authentication: The provision of assurance of the claimed identity of an entity. 3.2 Abbreviations For the purposes of the present document, the following abbreviations apply, TR 21.905 1 contains additional applicable abbreviations: AKA Authentication and key agreement AP Authenticati

40、on Proxy APN Access Point Name AS Application ServerBSF Bootstrapping Server Function CSCF Call Session Control Function ESP Encapsulating Security Payload GBA Generic Bootstrapping ArchitectureGGSN Gateway GPRS Support Node GIBA GPRS-IMS-Bundled Authentication HTTP HyperText Transfer Protocol HTTPS

41、 HTTP over TLS IM IP MultimediaIMPI IM Private Identity IMPU IM Public Identity IMS IP Multimedia Core Network Subsystem IP Internet Protocol IPsec IP SecurityISIM IM Services Identity Module NAF Network Application Function NDS/IP Network Domain Security for IP based Protocols P-CSCF Proxy Call Ses

42、sion Control Function PDP Packet Data Protocol SEG Security GatewayETSI ETSI TS 133 141 V14.0.0 (2017-04)73GPP TS 33.141 version 14.0.0 Release 14SIP Session Initiation Protocol TLS Transport Layer Security 4 Security architecture 4.1 Overview of the security architecture An IMS operator using the C

43、SCFs as Watcher Presence proxies and Presentity Presence proxies may offer the Presence services on top of the IMS network, see TS 22.141 2. The access security for IMS is specified in TS 33.203 4 ensuring that SIP signalling is integrity protected and that IMS subscribers are authenticated through

44、the use of IMS AKA. The security termination point from the UE towards the network is in the P-CSCF utilising IPsec ESP. A watcher may send a SIP SUBSCRIBE over IMS towards the network, to subscribe or to fetch presence information, i.e., the Presence Service supports SIP-based communications for pu

45、blishing presence information. The presence information is provided by the Presence Server to the Watcher Application using SIP NOTIFY along the dialogue setup by SUBSCRIBE. This traffic is protected in a hop-by-hop fashion as specified in TS 33.210 10 with the access security provided in TS 33.203

46、4. The Presence Server is responsible for managing presence information on behalf of the presence entity and it resides in the presentitys home network. Furthermore, the Presence Server provides a subscription authorization policy that is used to determine which watchers are allowed to subscribe to

47、certain presence information. Prior to accepting the subscription requests from watchers, the presence server attempts to verify the identities of the watchers. Optionally, depending on the implementation, the Presence Server may authenticate an anonymous watcher depending on the Subscription Author

48、ization Policy. A Presence List Server is responsible of storing grouped lists of watched presentities and enables a Watcher Application to subscribe to the presence of multiple presentities using a single SIP SUBSCRIBE transaction. The Presence List Server also stores and enables management of filt

49、ers in the presence list, see figure 1. Watcher applicationPx = CxP-CSCF S-CSCFI-CSCFS-CSCFPresence ServerPresentity Presence ProxyHSSPw = ISCPw =MwWatcher Presence ProxyPw = GmApplication Server(Presence List)ISCWatcher applicationPw = ISCFigure 1: The Location of the Presence Server and the Presence List Server from an IMS point of view 4.2 The Ut reference point A Presence User Agent shall be able to manage the data on the Presence Server and the Presence List Server over the Ut reference point, see T

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1