Tech-invite
Overview21222324252627282931323334353637384‑5x

Content for  TS 23.008  Word version:  16.3.0

Top   Top   Up   Prev   Next
0…   2…   2.3…   2.4…   2.5…   2.8…   2.10…   2.13…   2.13.50…   2.13.100…   2.13.150…   2.14…   2.16…   2.22…   2.23…   2.25…   3…   3.2…   3.4…   3.10…   3.13…   3.14…   3.15…   4…   5.1   5.2   5.2A   5.2B   5.3   5.4…   5.6…   5.8…   5.10…

 

3.10  Data related to Generic Authentication Architecture |R6|

The Generic Authentication Architecture (GAA) is independent from CS/PS and IM domains, but it requires a subscription in the HSS for every its users at least in one of the domains for generation of authentication vectors. The need for a GAA specific subscription data in the HSS for GAA specific user identities and/or authorization controls is GAA application dependent. At the same time, GAA shall not be considered as a separate domain in the same sense as the notion of a "domain" is considered for CS and PS.
The Generic Authentication Architecture is defined in TS 33.220 and TS 29.109. For data related to GAA, see also the definition of Private User Identity in chapter 3.1.1.
Up

3.10.1  GAA Service TypeWord‑p. 101
The GAA Service Type is an enumerated integer, which is defined in TS 29.109.
The GAA Service Type is permanent subscriber data and is stored in the HSS, BSF and NAF.

3.10.2  GAA Service Identifier

The GAA Service Identifier (GSID) is an integer, which uniquely identifies a GAA Service. For example a set of NAFs belonging to a certain GAA Service Type and owned or managed by a certain operator may provide the same operator specific service and they may use the same GAA Service Identifier to identify their services to BSF. The owner of the user's home HSS may define different GAA Authorization flags and allowed Private User Identities for each GAA Service Identifiers separately.
The GAA Service Identifier is permanent subscriber data and is stored in the HSS, BSF and NAF.
Up

3.10.3  GBA User Security Settings

The GBA User Security Settings (GUSS) is identified by a Private User Identity. The GBA User Security Settings contains optional BSF control information (i.e., UICC Security Type and optional Key Lifetime) and a set of User Security Setting (USS).
The GBA User Security Settings is permanent subscriber data and is stored in the HSS, and the BSF.

3.10.4  User Security Setting

The User Security Setting (USS) is unique identified by a combination of Private User Identifiers (IMPI) and GAA Service Identifiers (GSID). The User Security Setting contains a list of allowed public identities for the service and possible authorization flags. No duplicates are allowed.
The User Security Setting is permanent subscriber data and is stored in the HSS, BSF and NAF.

3.10.5  User Public Identity

The User Public Identity (UID) is a freely defined string that can be used as user's public identity in a GAA application. A list of allowed User Public Identities is stored for each GAA Service Subscription. A User Public Identity may be connected to several GAA Service Subscription.
The User Public Identity is permanent subscriber data and is stored in the HSS, BSF and NAF.

3.10.6  GAA Authorization flag

The GAA Authorization flag is a GAA Service type specific integer code, which authorizes a defined security operation in the GAA service. A list of allowed operations is stored for each GAA Service Subscription.
The values of the authorization flags for each application type using them are listed in TS 29.109
The Authorization Flag is permanent subscriber data and is stored in the HSS, BSF and NAF.

3.10.7  Bootstrapping Transaction Identifier

The Bootstrapping Transaction Identifier (B-TID) identifies the security association between a BSF and a UE after a bootstrapping procedure in GAA. According [57] the B-TID value shall be also generated in format of NAI by taking the base64 encoded RAND value [60] and the BSF server name, i.e. base64 encoded (RAND)@BSF_servers_domain_name.
The Bootstrapping Transaction Identifier is temporary subscriber data and is stored in the BSF and NAF.
Up

3.10.8  Key LifetimeWord‑p. 102
Key Lifetime is an integer which defines the length of the validity period of bootstrapping information in BSF in seconds.
The Key Lifetime is permanent subscriber data and is stored in the HSS, and the BSF.

3.10.9  UICC Security Type

The UICC Security Type indicates the allocation of security procedure inside a User Equipment i.e. are security applications executed entirely inside mobile equipment or also in UICC .
The values of UICC Security Type are defined in TS 29.109
The UICC Security Type is permanent subscriber data and is stored in the HSS and BSF.

3.10.10  NAF Group

The NAF Group contains one or more NAF Address elements (cf. clause 3.9.12) defining the NAFs that belong to the NAF Group. The NAF Group is identified by NAF Group Identity (cf. clause 3.9.11).
The NAF Group Setting is permanent subscriber data and is stored in the BSF.

3.10.11  NAF Group Identity

The NAF Group Identity is a freely defined string that the home operator can uses as a name of a group of NAFs.
The NAF Group Identity is permanent subscriber data and is stored in the HSS and BSF.

3.10.12  NAF Address

The NAF Address is a freely defined string that can be used identify one or more NAFs. The NAF Address may contain a fully qualified domain identifying a single NAF. The NAF Address may also contain a domain name with wildcards "*" and it can be used to identity multiple NAFs.
The NAF Address is permanent subscriber data and is stored in the BSF.

3.10.13  Key Expirytime

Key Expirytime is an integer which defines the expiry time of bootstrapping information in BSF in seconds according to Diameter Time format as specified in RFC 3588.
The Key Expirytime is temporary subscriber data and is stored in the BSF and NAF.

3.10.14  Boostrapping Info Creation Time

Boostrapping Info Creation Time is an integer which defines the point of time when the corresponding boostrapping information is created in BSF in seconds according.

3.10.15  Diameter Server Identity of HSS |R8|

The Diameter Server Identity of HSS identifies the HSS storing the GAA specific subscription data for a subscriber. It is used in requests send by the BSF to the HSS. The format of the Diameter Server Identity is the Diameter Identity defined in RFC 3588.
The Diameter Server Identity of the HSS is temporary data and is stored in BSF.

3.11  Definition of subscriber data I-WLAN domain |R6|Word‑p. 103

3.11.1  Data related to subscription, identification and numbering

3.11.1.1  IMSI

The International Mobile Subscriber Identity (IMSI) is defined in TS 23.003. The IMSI serves as the root of the subscriber data pseudo-tree.

3.11.1.2  Mobile Subscriber ISDN Number (MSISDN)

Mobile Subscriber ISDN Number (MSISDN) is defined in TS 23.003. One MSISDN is used for WLAN-IW subscription. If the multinumbering option applies, the MSISDN used is the Basic MSISDN (see clause 2.1.3 for more information on MSISDNs for multinumbering option).

3.11.1.3  W-APN

The WLAN Access Point Name (W-APN) is defined in TS 23.003. This parameter identifies a data network and a point of interconnection to that network (Packet Data Gateway).

3.11.1.4  List of authorized visited network identifiers

The list of authorized visited network identifiers field indicates which 3GPP visited network identifiers are allowed for roaming.
This list can be a linear list of visited network identifiers or a compound list of network identifier types e.g. home PLMN or home country; however the exact structure of the list is an implementation option.

3.11.1.5  3GPP AAA Proxy Name

The 3GPP AAA Proxy Name, specified in TS 29.234, defines the Diameter or RADIUS Identity of the 3GPP AAA Proxy node.

3.11.1.6  3GPP AAA Server Name

The 3GPP AAA Server Name, specified in TS 29.234, defines the Diameter or RADIUS Identity of the 3GPP AAA Server node.

3.11.1.7  Serving PDG List

The Serving PDG List field contains the addresses of the PDGs to which the WLAN UE is connected.

3.11.1.8  Serving WAG

The Serving WAG field contains the WAG address information obtained through the successful user authentication procedure.

3.11.1.9  WLAN UE Local IP Address

The WLAN UE Local IP Address field, specified in TS 23.234, represents the IPv4/IPv6 address of the WLAN UE in the WLAN AN. It is an address used to deliver the packet to a WLAN UE in a WLAN AN.

3.11.1.10  WLAN UE Remote IP AddressWord‑p. 104
The WLAN UE Remote IP Address field, specified in TS 23.234, represents the IPv4/IPv6 address of the WLAN UE in the network which the WLAN UE is accessing. It is an address used in the data packet encapsulated by the WLAN UE-initiated tunnel and is the source address used by applications in the WLAN UE. The WLAN UE Remote IP address is per W-APN, see clause 3.11.5.1.4.
Up

3.11.2  Data related to registration

3.11.2.1  User Status

The User Status field identifies the registration status of the I-WLAN User. The User Status shall be either REGISTERED, in which case there is an associated Serving 3GPP AAA Server Name stored at the HSS, or NOT_REGISTERED, in which case there may or may not be a 3GPP AAA Server Name stored.

3.11.2.2  Emergency Access Flag |R7|

The Emergency Access flag is specified in TS 29.234. It enables operators to control the access to I-WLAN for emergency purposes. The parameter takes either of the following values:
  • Access is for emergency purposes.
  • Access is not for emergency purposes.
    The flag is set in the 3GPP AAA Server if the WLAN Direct IP access is indicated to be for emergency purposes.

3.11.2.3  Diameter Server Identity of HSS |R8|

The Diameter Server Identity of HSS identifies the identity of HSS storing the I-WLAN specific subscription data for a subscriber. It is used in requests send by the 3GPP AAA Server to the HSS. The format of the Diameter Server Identity is the Diameter Identity defined in RFC 3588.
The Diameter Server Identity of the HSS is temporary data and is stored in 3GPP AAA Server.

3.11.3  Data related to authentication and ciphering

3.11.3.1  Random Number (RAND), Signed Response (SRES) and Ciphering Key (Kc)

Random Number (RAND), Signed Response (SRES) and Ciphering Key (Kc) fields form a triplet vector used for authentication and encryption as defined in TS 43.020.
In I-WLAN for SIM based users, triplet vectors are calculated in the 2G AuC and provided to the 2G HLR/HSS (see GSM 12.03 [36]). For USIM based users, triplet vectors are derived from quintuplet vectors in the 3G HLR/HSS if needed (see TS 33.102).
A set of up to 5 triplet values are sent from the 2G HLR/HSS to the 3GPP AAA Server upon request. These data are temporary subscriber data stored in the 3GPP AAA Server.
Up

3.11.3.2  Random Challenge (RAND), Expected Response (XRES), Cipher Key (CK), Integrity Key (IK) and Authentication Token (AUTN)

Random Challenge (RAND), Expected Response (XRES), Cipher Key (CK), Integrity Key (IK) and Authentication Token (AUTN) fields form a quintuplet vector used for user authentication, data confidentiality and data integrity as defined in TS 33.102.
In I-WLAN, a set of quintuplet vectors are calculated in the AuC, and up to 5 quintuplets are sent from the HLR/HSS to the 3GPP AAA Server upon request (see TS 29.002).
These data are temporary subscriber data stored in the HSS and 3GPP AAA Server.
Up

3.11.3.3  Master Key (MK)Word‑p. 105
The Master Key (MK) field is defined in TS 33.234. It enables keys to be derived.

3.11.3.4  Transient EAP Keys (TEKs)

The Transient EAP Keys (TEKs) field is defined in TS 33.234 and are used to protect the EAP packets.

3.11.3.5  Master Session Key (MSK)

The Master Session Key (MSK) field is defined in TS 33.234 and is used to obtain the key material required for the link layer confidentiality mechanism and IPsec confidentiality mechanism.

3.11.4  Data related to session

3.11.4.1  Session Identifier

The Session Identifier field, specified in TS 29.234, indicates a unique Diameter signalling session specific to the user.

3.11.4.2  Session-Timeout

The Session-Timeout field, specified in TS 29.234, indicates the maximum period for a session measured in seconds. It is used for re-authentication purposes. If this field does not appear, the WLAN AN shall apply default time intervals.

3.11.5  Operator Determined Barring general data

3.11.5.1  W-APN Authorised List |R8|

The W-APN Authorised field is specified in TS 29.234. It contains authorization information for each W-APN. This parameter indicates the list of allowed W-APNs, the environment where the access is allowed and optionally the charging data specific for that W-APN and the Static IP address.
3.11.5.1.1  W-APN Identifier List
3.11.5.1.2  W-APN Barring Type List
The W-APN Barring Type field is specified in TS 29.234. It indicates the subscriber access type to the home and visited network's services. The parameter takes either of the following values:
  • Allow access to this W-APN regardless of whether the subscriber is located in a VPLMN or in the HPLMN;
  • Prohibit access to this W-APN within the HPLMN when the subscriber is located in a VPLMN;
  • Prohibit access to this W-APN within the VPLMN when the subscriber is located in a VPLMN;
  • Prohibit access to this W-APN within the HPLMN when the subscriber is located in the HPLMN;
  • Prohibit access to public Internet through any W-APN regardless of whether the subscriber is located in a VPLMN or in the HPLMN.
Up
3.11.5.1.3  W-APN Charging Data List
The W-APN Charging Data field is specified in TS 29.234. When this parameter is present, it supersedes the general charging information to be applied for the subscriber. See clause 3.11.7.
3.11.5.1.4  Static WLAN UE Remote IP Address ListWord‑p. 106
WLAN UE IP Address field identifies the IPv4/IPv6 address that the operator has statically assigned to the WLAN UE. See clause 3.11.1.10.
3.11.5.1.5  Maximum Number of Accesses List
The Maximum Number of Accesses is specified in TS 29.234. It enables operators to specify the maximum number of concurrent accesses per W-APN.
3.11.5.1.6  Access Number List
Access Number is an integer counter kept at the 3GPP AAA Server per W-APN.

3.11.5.2  Access Dependence Flag |R8|

The Access Dependence Flag is specified in TS 29.234. It enables operators to authenticate a subscriber accessing the I-WLAN by WLAN 3GPP IP Access independently of a previous WLAN Direct IP Access. The parameter takes either of the following values:
  • Allow access to WLAN 3GPP IP Access independently of a previous WLAN Direct IP Access.
  • Prohibit access to WLAN 3GPP IP Access independently of a previous WLAN Direct IP Access.

3.11.5.3  I-WLAN Access Type |R8|

The I-WLAN Access Type field is specified in TS 29.234. It indicates the types of access the subscriber has used to access to the IWLAN. The parameter takes either of the following values:
  • WLAN 3GPP IP Access;
  • WLAN Direct IP Access.

3.11.5.4  WLAN Direct IP Access |R11|

WLAN Direct IP Access (see TS 29.234) is permanent data conditionally stored in HSS. It indicates whether the user is allowed to have WLAN direct IP access to external IP networks from the WLAN Access Network. The WLAN Direct IP Access is stored as temporary data also in the 3GPP AAA Server.

3.11.6  QoS general data

3.11.6.1  Max Subscribed Bandwidth

The Max Subscribed Bandwidth field, specified in TS 29.234, indicates the Max subscribed bandwidth.

3.11.6.2  Routing Policy

The Routing Policy field, specified in TS 29.234, defines a packet filter for an IP flow.

3.11.6.3  Subscribed 3GPP WLAN QoS Profile |R7|

The Subscribed 3GPP WLAN QoS Profile field, specified in TS 29.234, defines a subscribed 3GPP WLAN QoS profile per W-APN.

3.11.6.4  Authorized 3GPP WLAN QoS Profile |R7|

The Authorized 3GPP WLAN QoS Profile field, specified in TS 29.234, defines the authorized 3GPP WLAN QoS profile per W-APN for a user.

3.11.7  Data related to ChargingWord‑p. 107

3.11.7.1  Charging Data

The Charging Data field identifies the Charging Characteristics plus the Charging Nodes to be applied per user for all W-APNs or per user for individual W-APNs.
3.11.7.1.1  Charging Characteristics
Charging Characteristics field is defined in TS 32.252. It indicates the charging type to be applied to the user tunnel.

3.11.7.2  Primary OCS Charging Function Name

The Primary OCS Charging Function Name field identifies the Primary OCS Function node that performs on-line based charging. The format is specified in TS 29.234.

3.11.7.3  Secondary OCS Charging Function Name

The Secondary OCS Charging Function Name field identifies the Secondary OCS Charging Function node that performs on-line based charging. The format is specified in TS 29.234.

3.11.7.4  Primary Charging Collection Function Name

The Primary Charging Collection Function Name field identifies the primary Charging Collection Function node that provides off-line charging support for the IMS subscribers. The format is specified in TS 29.234.

3.11.7.5  Secondary Charging Collection Function Name

The Secondary Charging Collection Function Name field identifies the secondary Charging Collection Function node that provides off-line charging support for the IMS subscribers. The format is specified in TS 29.234.

3.11.7.6  WLAN Session Identifier

The WLAN Session Identifier is the identifier generated by 3GPP AAA Server and sent to PDG. Togther with PDG Charging Identifier, it is used for correlating WLAN AN and PDG charging data. The format is specified in TS 32.299.

3.11.7.7  PDG Charging Identifier

The PDG Charging Identifier is the identifier generated by PDG and sent to 3GPP AAA Server. Togther with WLAN Session Identifier, it is used for correlating WLAN AN and PDG charging data. The format is specified in TS 32.299.

3.12  Data related to Access Network Discovery and Selection Function (ANDSF) |R9|

3.12.1  General

Following clauses describe the Data that is defined on per user basis and is related to Access Network Discovery and Selection Function (ANDSF).

3.12.2  Policy InformationWord‑p. 108
This set and contains a list of inter-system mobility policies. Each policy contains the following information while the corresponding coding is defined in TS 24.312:
  • Rule Priority: indicates the priority of the correspondent intersystem mobility policy;
  • Prioritized Access: a set of information providing lists of possible technologies the UE can access. The technologies are prioritized based on operator preferences. It is also possible to indicate an access technology as forbidden or as restricted;
  • Validity Area and Time of the Day: these two sets of information indicate where and when the policy can be applied by the UE. Different ways to describe the area of validity of the policy are provided and described in TS 24.312. There can be multiple policies valid (e.g. overlapping validity areas): in this case, the value of Rule Priority is used as discriminator;
  • Roaming: it indicates if the policy is also valid if the UE is roaming.
This set is permanent data conditionally stored in the ANDSF.
Up

3.12.3  Discovery Information

This set contains the information regarding the access networks the UE can discover.
It contains the following information while the corresponding coding is defined in TS 24.312:
  • Access Network Type: indicates the type of the network for which discovery assistance information is provided;
  • Access Network Area: describes the location where the access network indicated in the correspondent Access Network Type is expected to be available. Different ways to describe the area of validity of the policy are provided in TS 24.312;
  • Access Network Information Reference: is a pointer to a set containing the relevant information for the networks the UE can discover (e.g. SSIDs and correspondent channels in case of WLAN access).
This set is permanent data conditionally stored in the ANDSF.
Up

3.12.4  UE Location

This set provides information about the UE location, i.e. it is a way to indicate the position of the UE. This information can be used by ANDSF to limit the number of information sent to the UE. Different ways to describe the UE location are provided in TS 24.312.
This set is temporary data conditionally stored in the ANDSF.

Up   Top   ToC