Tech-invite3GPPspaceIETFspace
21222324252627282931323334353637384‑5x
Top   in Index   Prev   Next

TS 33.222
Generic Authentication Architecture (GAA) –
Access to Network Application Functions using HTTPS

3GPP‑Page   ETSI‑search   fToC   Partial Content
V19.0.0 (PDF)  2025/09  39 p.
V18.0.0  2024/03  39 p.
V17.2.0  2022/06  39 p.
V16.1.0  2020/12  38 p.
V15.0.0  2018/06  35 p.
V14.0.0  2017/03  37 p.
V13.0.0  2016/01  37 p.
V12.3.0  2013/12  38 p.
V11.3.0  2013/12  25 p.
V10.0.1  2011/12  24 p.
V9.1.0  2010/06  24 p.
V8.0.0  2008/06  24 p.
V7.3.0  2007/12  24 p.
V6.6.0  2006/03  22 p.
Rapporteur:
Mr. Lehtovirta, Vesa
Ericsson LM

full Table of Contents for  TS 33.222  Word version:  19.0.0

each clause number in 'red' refers to the equivalent title in the Partial Content
Here   Top
0Introduction  p. 5
1Scope  p. 6
2References  p. 6
3Definitions, symbols and abbreviations  p. 7
3.1Definitions  p. 7
3.2Abbreviations  p. 8
4Overview of the Security Architecture  p. 8
5Authentication schemes  p. 9
5.1Reference model  p. 9
5.2General requirements and principles  p. 9
5.2.1Requirements on the UE  p. 9
5.2.2Requirements on the NAF  p. 9
5.3Shared key-based UE authentication with certificate-based NAF authentication  p. 10
5.3.0Procedures |R11|p. 10
5.3.1TLS profile  p. 11
5.3.1.0General |R11|p. 11
5.3.1.1Protection mechanisms  p. 12
5.3.1.2Voidp. …
5.3.1.3Authentication of the AP/AS  p. 12
5.3.1.4Authentication Failures  p. 12
5.3.1.5Set-up of Security parameters  p. 12
5.3.1.6Error cases  p. 12
5.4Shared key-based mutual authentication between UE and NAF  p. 13
5.4.0Procedures |R11|p. 13
5.4.0.0General |R17|p. 13
5.4.0.1TLS 1.2 |R17|p. 13
5.4.0.2TLS 1.3 |R17|p. 14
5.4.1TLS Profile  p. 15
5.4.1.0General |R11|p. 15
5.4.1.1Protection mechanisms  p. 16
5.4.1.2Authentication of the AP/AS  p. 16
5.4.1.3Authentication Failures  p. 16
5.4.1.4Set-up of Security parameters  p. 16
5.5Certificate based mutual authentication between UE and application server  p. 16
5.5.1General |R7|p. 16
5.5.2TLS Profile |R7|p. 16
5.5.2.1General  p. 16
5.5.2.2Protection mechanisms  p. 17
5.5.2.3Voidp. …
6Use of Authentication Proxy  p. 18
6.1Architectural view  p. 18
6.2Requirements and principles  p. 19
6.4Reference points  p. 20
6.4.1Ua reference point  p. 20
6.4.2AP-AS reference point  p. 20
6.5Management of UE identity  p. 20
6.5.1Granularity of Authentication and Access Control by AP  p. 20
6.5.1.1Authorised Participant of GBA  p. 20
6.5.1.2Authorised User of Application  p. 21
6.5.2Transfer of Asserted Identity from AP to AS  p. 21
6.5.2.1Authorised Participant of GBA  p. 21
6.5.2.2Authorised User of Application Anonymous to AS  p. 21
6.5.2.3Authorised User of Application with Transferred Identity asserted to AS  p. 21
6.5.2.4Authorised User of Application with Transferred Identity asserted to AS and Check of User Inserted Identity  p. 22
ATechnical Solutions for Access to Application Servers via Authentication Proxy and HTTPS  p. 23
BGuidance on Certificate-based mutual authentication between UE and application server  p. 24
CConsiderations for GBA security using a web browser and Javascript |R12|p. 25
C.1Usage Scenario  p. 25
C.2Threats  p. 25
C.3Control of GBA Credentials and GBA Module in the UE  p. 26
C.3.1General  p. 26
C.3.2Control Mechanism 1- Same Origin Authentication Tokens  p. 26
C.3.3Control Mechanism 2 - Server Authenticated TLS  p. 26
C.3.4Control Mechanism 3 - Channel Binding  p. 26
C.3.5Control Mechanism 4 - Key Usage  p. 26
C.4Security Considerations  p. 27
C.4.1General Scripting Security Considerations  p. 27
C.4.2GBA key control  p. 27
C.4.3User grants  p. 27
C.4.4Root CAs in Browser  p. 27
D(Normative)  Security measures for usage of GBA with a web browser |R12|p. 29
D.1Extension of Protocol Mechanism used on Ua Reference Point  p. 29
D.1.1General  p. 29
D.1.2Key derivation  p. 29
D.1.3Channel binding  p. 29
D.1.3.1Background  p. 29
D.1.3.2Channel binding using RFC 5705 and RFC 5929  p. 30
D.2Sequence flow  p. 30
D.2.1Sequence flow with channel binding  p. 30
D.3Javascript GBA API description  p. 34
D.3.1GBA API Description  p. 34
D.3.2API usage  p. 35
$Change history  p. 36

Up   Top