Tech-invite3GPPspaceIETFspace
21222324252627282931323334353637384‑5x
Top   in Index   Prev   Next

TS 24.109
Bootstrapping Interface (Ub) and
Network Application Function Interface (Ua)

3GPP‑Page   ETSI‑search   fToC   Partial Content
V19.0.0 (PDF)2025/09  89 p.
V18.0.0  2023/12  88 p.
V17.2.0  2022/06  88 p.
V16.0.0  2020/06  82 p.
V15.0.0  2018/06  82 p.
V14.0.0  2016/12  82 p.
V13.1.0  2016/03  82 p.
V12.3.0  2014/03  82 p.
V11.4.0  2014/03  82 p.
V10.2.0  2013/12  76 p.
V9.3.0  2013/12  75 p.
V8.5.0  2013/12  75 p.
V7.8.0  2013/12  69 p.
V6.10.0  2011/09  66 p.
Rapporteur:
Mr. Leis, Peter
Nokia Networks

full Table of Contents for  TS 24.109  Word version:  19.0.0

each clause number in 'red' refers to the equivalent title in the Partial Content
Here   Top
1Scope  p. 7
2References  p. 7
3Definitions and abbreviations  p. 9
3.1Definitions  p. 9
3.2Abbreviations  p. 9
4Generic Bootstrapping Architecture; Ub interface  p. 10
4.1Introduction  p. 10
4.2Bootstrapping procedure  p. 11
4.3User authentication failure  p. 12
4.4Network authentication failure  p. 12
4.5Synchronization failure  p. 13
4AGeneric Bootstrapping Achitecture Push; Upa |R8|p. 13
4A.1Introduction  p. 13
4A.2Bootstrapping procedure  p. 13
4A.3User authentication failure  p. 14
4A.4Network authentication failure  p. 14
4A.5Synchronization failure  p. 14
5Network application function; Ua interface  p. 14
5.1Introduction  p. 14
5.2HTTP Digest authentication  p. 15
5.2.1General  p. 15
5.2.2Authentication procedure  p. 15
5.2.2.1General  p. 15
5.2.3Authentication failures  p. 16
5.2.4Bootstrapping required indication  p. 16
5.2.5Bootstrapping renegotiation indication  p. 16
5.2.6Integrity protection  p. 17
5.3UE and NAF authentication using HTTPS  p. 17
5.3.1General  p. 17
5.3.2Shared key-based UE authentication with certificate-based NAF authentication  p. 17
5.3.2.1Authentication procedure  p. 17
5.3.2.2Authentication failures  p. 18
5.3.2.3Bootstrapping required indication  p. 18
5.3.2.4Bootstrapping renegotiation indication  p. 18
5.3.3Shared key-based mutual authentication between UE and NAF  p. 18
5.3.3.1Authentication procedure  p. 18
5.3.3.1.1General |R17|p. 18
5.3.3.1.2Authentication procedure using TLS 1.2 |R17|p. 18
5.3.3.1.3Authentication procedure using TLS 1.3 |R17|p. 19
5.3.3.2Authentication failures  p. 21
5.3.3.3Bootstrapping required indication  p. 21
5.3.3.4Bootstrapping renegotiation indication  p. 21
5.3.4Certificate based mutual authentication between UE and application server  p. 21
5.3.5Integrity protection  p. 21
6PKI portal, Ua interface  p. 22
6.1Introduction  p. 22
6.2Subscriber certificate enrolment  p. 22
6.2.1Enrolment procedure  p. 22
6.2.2WIM specific authentication code for key generation  p. 24
6.2.3WIM specific authentication code for proof of key origin  p. 24
6.2.4Error situations  p. 25
6.3CA certificate delivery  p. 25
6.3.1CA certificate delivery procedure  p. 26
6.3.2Error situations  p. 26
7Authentication Proxy  p. 27
7.1Introduction  p. 27
7.2Authentication  p. 27
7.3Authorization  p. 28
ASignalling flows of bootstrapping procedure  p. 29
A.1Scope of signalling flows  p. 29
A.2Introduction  p. 29
A.2.1General  p. 29
A.2.2Key required to interpret signalling flows  p. 29
A.3Signalling flows demonstrating a successful bootstrapping procedure  p. 29
A.4Signalling flows demonstrating a synchronization failure in the bootstrapping procedure  p. 33
A1Signalling flows of GBA Push procedure |R8|p. 36
A1.1Scope of signalling flows  p. 36
A1.2Introduction  p. 36
A1.2.1General  p. 36
A1.2.2Key required to interpret signalling flows  p. 36
A1.3Signalling flows demonstrating a successful GBA Push procedure  p. 36
BSignalling flows for HTTP Digest Authentication with bootstrapped security association  p. 39
B.1Scope of signalling flows  p. 39
B.2Introduction  p. 39
B.2.1General  p. 39
B.2.2Key required to interpret signalling flows  p. 39
B.3Signalling flows demonstrating a successful authentication procedure  p. 39
C(Normative)  XML Schema Definition  p. 44
C.1Introduction  p. 44
DSignalling flows for Authentication Proxy  p. 45
D.1Scope of signalling flows  p. 45
D.2Introduction  p. 45
D.2.1Key required to interpret signalling flows  p. 45
D.3Signalling flow demonstrating a successful authentication procedure  p. 45
ESignalling flows for PKI portal  p. 51
E.1Scope of signalling flows  p. 51
E.2Introduction  p. 51
E.2.1General  p. 51
E.2.2Key required to interpret signalling flows  p. 51
E.3Signalling flows demonstrating a successful subscriber certificate enrolment  p. 51
E.3.1Simple subscriber certificate enrolment  p. 51
E.3.2Subscriber certificate enrolment with WIM authentication codes  p. 55
E.4Signalling flows demonstrating a failure in subscriber certificate enrolment  p. 62
E.5Signalling flows demonstrating a successful CA certificate delivery  p. 62
E.6Signalling flows demonstrating a failure in CA certificate delivery  p. 66
FSignalling flows for PSK TLS with bootstrapped security association  p. 67
F.1Scope of signalling flows  p. 67
F.2Introduction  p. 67
F.2.1General  p. 67
F.2.2Key required to interpret signalling flows  p. 67
F.3Signalling flow demonstrating a successful PSK TLS authentication procedure  p. 68
G(Normative)  3GPP specific extension-headers for HTTP entity-header fields  p. 70
G.1General  p. 70
G.2X-3GPP-Intended-Identity extension-header  p. 70
G.3X-3GPP-Asserted-Identity extension-header  p. 71
G.4X-3GPP-Authorization-Flags extension-header  p. 71
H(Normative)  2G GBA |R7|p. 71
H.1Introduction  p. 71
H.22G GBA bootstrapping procedure  p. 71
H.3User authentication failure  p. 73
H.4Network authentication failure  p. 73
I(Normative)  GBA_Digest |R11|p. 74
I.1Introduction  p. 74
I.2GBA_Digest bootstrapping procedure  p. 74
I.3User authentication failure  p. 75
I.4Network authentication failure  p. 75
J(Normative)  Realization of GBA Push delivery |R11|p. 75
J.1Introduction  p. 75
J.2GPI delivery using WAP Push  p. 75
J.2.1General  p. 75
J.2.2Push-NAF procedures  p. 75
J.2.3UE procedures  p. 76
J.2.3.1Reception of GPI in push message  p. 76
J.3PDUs and parameters specific to the present document  p. 77
J.3.1GPI envelope  p. 77
J.3.1.1General  p. 77
J.3.1.2Structure  p. 77
J.3.1.3GPI envelope short code values  p. 77
J.3.1.4IANA registration template  p. 78
K(Normative)  TLS with AKMA profiles |R17|p. 79
K.1General  p. 79
K.2Shared key-based UE authentication with certificate-based AF authentication  p. 79
K.3Shared key-based mutual authentication between UE and AF  p. 80
K.3.1General  p. 80
K.3.2TLS 1.2  p. 80
K.3.3TLS 1.3  p. 80
$Change history  p. 82

Up   Top