Content for TS 33.102 Word version: 17.0.0

1… 4 5… 6… 6.4… 6.5… 6.6… 6.8… 6.8.4… 6.8.8… 8… B… C… F…

6.8.4 Intersystem handover for CS Services - from UTRAN to GSM BSS 6.8.5 Intersystem handover for CS Services - from GSM BSS to UTRAN 6.8.6 Intersystem change for PS Services - from UTRAN to GSM BSS 6.8.7 Intersystem change for PS services - from GSM BSS to UTRAN
...

6.8.4 Intersystem handover for CS Services - from UTRAN to GSM BSS p. 49

If ciphering has been started when an intersystem handover occurs from UTRAN to GSM BSS, the necessary information (e.g. Kc, supported/allowed GSM ciphering algorithms) is transmitted within the system infrastructure before the actual handover is executed to enable the communication to proceed from the old RNC to the new GSM BSS, and to continue the communication in ciphered mode. The RNC may request the MS to send the MS Classmarks 2 and 3 which include information on the GSM ciphering algorithm capabilities of the MS. This is necessary only if the MS Classmarks 2 and 3 were not transmitted from UE to UTRAN during the RRC Connection Establishment. The intersystem handover will imply a change of ciphering algorithm from a UEA to a GSM A5. The GSM BSS includes the selected GSM ciphering mode in the handover command message sent to the MS via the RNC.

The integrity protection of signalling messages is stopped at handover to GSM BSS.

6.8.4.1 UMTS security context p. 49

A UMTS security context in UTRAN is only established for a UMTS subscriber with a ME that is capable of UMTS AKA. At the network side, four cases are distinguished:

In case of a handover to a GSM BSS controlled by the same MSC/VLR, the MSC/VLR derives the 64-bit GSM cipher key Kc from the UMTS cipher/integrity keys CK and IK used before the intersystem handover (using the conversion function c3) and sends the 64-bit Kc to the target BSC (which forwards it to the BTS). If the MSC/VLR is Rel-9+ and MSC/VLR has included a 128-bit GSM ciphering algorithms as a permitted ciphering algorithm, the MSC/VLR shall also derive the 128-bit ciphering key Kc 128 and send also this to the target BSC (which forwards it to the BTS).
In case of a handover to a GSM BSS controlled by another MSC/VLR, depending on the capability of the inter-MSC communication protocol version, the initial MSC/VLR sends to the target MSC/VLR the security keys associated with the allowed security algorithms. If the inter-MSC communication protocol version only allows inclusion of the 64-bit GSM security key Kc, and the initial MSC/VLR includes a 64-bit GSM A5 ciphering algorithm as allowed ciphering algorithm, the initial MSC/VLR derives the 64-bit Kc and sends it to the new MSC/VLR. Otherwise, if the inter-MSC communication protocol version allows inclusion of UMTS security keys, the initial MSC/VLR sends, in addition, the UMTS cipher/integrity keys CK and IK used before the intersystem handover to the new MSC/VLR. If the initial MSC/VLR includes a 128-bit GSM A5 ciphering algorithm as an allowed ciphering algorithm, the initial MSC/VLR shall also calculate a Kc 128 from the CK/IK and forward this to the new MSC. The new MSC/VLR stores the key(s) and then forwards them to the target BSC (which forwards them to the BTS). The initial MSC/VLR remains the anchor point throughout the service.

At the user side, in either case, the ME applies the derived 64-bit GSM cipher key Kc from the key set which was used before the intersystem handover if the selected GSM ciphering algorithm requires a 64-bit key. If the selected GSM A5 ciphering algorithm requires a 128-bit key, the ME shall apply the derived 128-bit GSM cipher key Kc 128 from the key set which was used before the intersystem handover.

6.8.4.2 GSM security context p. 50

A GSM security context in UTRAN is only established for a GSM subscribers with a R99+ ME. At the network side, two cases are distinguished:

In case of a handover to a GSM BSS controlled by the same MSC/VLR, the MSC/VLR sends the 64-bit GSM cipher key Kc from the key set used before the intersystem handover to the target BSC (which forwards it to the BTS).
In case of a handover to a GSM BSS controlled by another MSC/VLR (R99+ or R98-), the initial MSC/VLR sends the 64-bit GSM cipher key Kc from the key set used before the intersystem handover to the BSC via the new MSC/VLR controlling the target BSC. The initial MSC/VLR remains the anchor point throughout the service.
If the non-anchor MSC/VLR is R99+, then the anchor MSC/VLR also derives and sends to the non-anchor MSC/VLR the UMTS cipher/integrity keys CK and IK. The non-anchor MSC/VLR stores all keys. This is done to allow subsequent handovers in a non-anchor R99+ MSC/VLR.

At the user side, in either case, the ME applies the GSM cipher key Kc from the key set which was used before the intersystem handover.

6.8.5 Intersystem handover for CS Services - from GSM BSS to UTRAN p. 50

If ciphering has been started when an intersystem handover occurs from GSM BSS to UTRAN, the necessary information (e.g. CK, IK, START value information, supported/allowed UMTS algorithms) is transmitted within the system infrastructure before the actual handover is executed to enable the communication to proceed from the old GSM BSS to the new RNC, and to continue the communication in ciphered mode. The GSM BSS requests the MS to send the UMTS capability information, which includes information on the START values and UMTS security capabilities of the MS. The intersystem handover will imply a change of ciphering algorithm from a GSM A5 to a UEA. The target UMTS RNC includes the selected UMTS ciphering mode in the handover to UTRAN command message sent to the MS via the GSM BSS.

The integrity protection of signalling messages shall be started immediately after the intersystem handover from GSM BSS to UTRAN is completed. The Serving RNC will do this by initiating the RRC security mode control procedure when the first RRC message (i.e. the Handover to UTRAN complete message) has been received from the MS. In this case, the RRC security mode control procedure is initiated by the Serving RNC without receipt of a corresponding RANAP security mode control procedure from the MSC/VLR.The UE security capability information, that has been sent from MS to RNC via the GSM radio access and the system infrastructure before the actual handover execution, will be included in the RRC Security mode command message sent to MS and then verified by the MS (i.e. verified that it is equal to the UE security capability information stored in the MS).

6.8.5.1 UMTS security context p. 50

A UMTS security context in GSM BSS is only established for UMTS subscribers with a ME that is capable of UMTS AKA under GSM BSS controlled by a R99+ VLR/SGSN. At the network side, two cases are distinguished:

In case of a handover to a UTRAN controlled by the same MSC/VLR, the UMTS cipher/integrity keys CK and IK from the key set used before the intersystem handover are sent to the target RNC.
In case of a handover to a UTRAN controlled by another MSC/VLR, the initial MSC/VLR sends the UMTS cipher/integrity keys CK and IK from the key set used before the intersystem handover to the new RNC via the new MSC/VLR that controls the target RNC. The initial MSC/VLR remains the anchor point for throughout the service.
The anchor MSC/VLR also derives and sends to the non-anchor MSC/VLR the 64-bit GSM cipher key Kc, if any 64-bit ciphering algorithm is permitted, and/or the 128-bit ciphering key Kc 128 if a 128-bit ciphering algorithm is also permitted. The non-anchor MSC/VLR stores all keys. This is done to allow subsequent handovers in a non-anchor R99+ MSC/VLR.

At the user side, in either case, the ME applies the UMTS cipher/integrity keys CK and IK from the key set which was used before the intersystem handover.

6.8.5.2 GSM security context p. 51

Handover from GSM BSS to UTRAN with a GSM security context is possible for a GSM subscriber with a R99+ ME or for a UMTS subscriber with a R99+ ME when the initial MSC/VLR is R98-. At the network side, two cases are distinguished:

In case of a handover to a UTRAN controlled by the same MSC/VLR, UMTS cipher/integrity keys CK and IK are derived from the 64-bit GSM cipher key Kc used before the intersystem handover (using the conversion functions c4 and c5) and sent to the target RNC. In case of subsequent handover in a non-anchor R99+ MSC/VLR, a 64-bit GSM cipher key Kc is received for a UMTS subscriber if the anchor MSC/VLR is R98-.
In case of a handover to a UTRAN controlled by another MSC/VLR, the initial MSC/VLR (R99+ or R98-) sends the 64-bit GSM cipher key Kc used before the intersystem handover to the new MSC/VLR controlling the target RNC. That MSC/VLR derives UMTS cipher/integrity keys CK and IK which are then forwarded to the target RNC. The initial MSC/VLR remains the anchor point for throughout the service.

At the user side, in either case, the ME derives the UMTS cipher/integrity keys CK and IK from the 64-bit GSM cipher key Kc (using the conversion functions c4 and c5) which was used before the intersystem handover and applies them.

6.8.6 Intersystem change for PS Services - from UTRAN to GSM BSS p. 51

6.8.6.1 UMTS security context p. 51

A UMTS security context in UTRAN is only established for UMTS subscribers. At the network side, four cases are distinguished:

In case of an intersystem change to a GSM BSS controlled by the same SGSN, the SGSN derives the 64-bit GSM cipher key Kc from the UMTS cipher/integrity keys CK and IK agreed during the latest UMTS AKA procedure (using the conversion function c3) and applies it if the selected GEA ciphering algorithm requires a 64-bit key.
In case of an intersystem change to a GSM BSS controlled by another R99+ SGSN, the initial SGSN sends the UMTS cipher/integrity keys CK and IK agreed during the latest UMTS AKA procedure to the new SGSN. The new SGSN stores the keys, derives the 64-bit GSM cipher key Kc and applies the latter. The new SGSN becomes the new anchor point for the service.
In case of an intersystem change to a GSM BSS controlled by a R98- SGSN, the initial SGSN derives the GSM cipher key Kc from the UMTS cipher/integrity keys CK and IK agreed during the latest UMTS AKA procedure and sends the GSM cipher key Kc to the new SGSN. The new SGSN stores the GSM cipher key Kc and applies it. The new SGSN becomes the new anchor point for the service.
In case of a handover to another Rel-9+ SGSN, the initial SGSN sends the UMTS cipher/integrity keys CK and IK agreed at the latest UMTS AKA procedure to the new SGSN. The new SGSN derives the 64-bit Kc. The new SGSN stores the keys. If the new SGSN selects a GEA ciphering algorithm requiring a 128-bit key, the new SGSN shall compute Kc 128 from the CK/IK and shall apply it. If the new SGSN selects a GEA ciphering algorithm requiring a 64-bit key then Kc shall be applied. The new SGSN becomes the new anchor point for the service.

At the user side, in all cases, the ME applies the derived 64-bit GSM cipher key Kc received from the USIM during the latest UMTS AKA procedure if the selected GEA ciphering algorithm requires a 64-bit key. If the selected GEA ciphering algorithm requires a 128-bit key, the ME shall derive 128-bit GSM cipher key Kc 128 from the CK and IK agreed during the latest UMTS AKA and apply it.

In case the current UMTS security context is mapped from an EPS security context and there has been no UMTS AKA run since the current UMTS security context was mapped, the CK , IK and Kc belonging to the mapped UMTS security context shall be considered to be the keys from the latest AKA.

6.8.6.2 GSM security context p. 52

A GSM security context in UTRAN is only established for GSM subscribers. At the network side, two cases are distinguished:

In case of an intersystem change to a GSM BSS controlled by the same SGSN, the SGSN starts to apply the 64-bit GSM cipher key Kc agreed during the latest GSM AKA procedure.
In case of an intersystem change to a GSM BSS controlled by another SGSN, the initial SGSN sends the 64-bit GSM cipher key Kc agreed during the latest GSM AKA procedure to the (new) SGSN controlling the BSC. The new SGSN stores the key and applies it. The new SGSN becomes the new anchor point for the service.

At the user side, in both cases, the ME applies the GSM cipher key Kc received from the SIM during the latest GSM AKA procedure.

6.8.7 Intersystem change for PS services - from GSM BSS to UTRAN p. 52

6.8.7.1 UMTS security context p. 52

A UMTS security context in GSM BSS is only established for UMTS subscribers with a ME that is capable of UMTS AKA and connected to a R99+ VLR/SGSN. At the network side, two cases are distinguished:

In case of an intersystem change to a UTRAN controlled by the same SGSN, the UMTS cipher/integrity keys CK and IK agreed during the latest UMTS AKA procedure are sent to the target RNC.
In case of an intersystem change to a UTRAN controlled by another SGSN, the initial SGSN sends the UMTS cipher/integrity keys CK and IK agreed during the latest UMTS AKA procedure to the (new) SGSN controlling the target RNC. The new SGSN becomes the new anchor point for the service. The new SGSN then stores the UMTS cipher/integrity keys CK and IK and sends them to the target RNC.

At the user side, in both cases, the ME applies the UMTS cipher/integrity keys CK and IK received from the USIM during the latest UMTS AKA procedure.

6.8.7.2 GSM security context p. 52

A GSM security context in GSM BSS can be either:

Established for a UMTS subscriber
A GSM security context for a UMTS subscriber is established in case the user has a ME not capable of UMTS AKA, where intersystem change to UTRAN is not possible, or in case the user has a R99+ ME but the SGSN is R98-, where intersystem change to UTRAN implies a change to a R99+ SGSN.
As result, in case of intersystem change to a UTRAN controlled by another R99+ SGSN, the initial R98- SGSN sends the 64-bit GSM cipher key Kc agreed during the latest GSM AKA procedure to the new SGSN controlling the target RNC.
Since the new R99+ SGSN has no indication of whether the subscriber is GSM or UMTS, a R99+ SGSN shall perform a new UMTS AKA when receiving the 64-bit Kc from a R98- SGSN. A UMTS security context using fresh quintets is then established between the R99+ SGSN and the USIM. The new SGSN becomes the new anchor point for the service.
At the user side, new keys shall be agreed during the new UMTS AKA initiated by the R99+ SGSN.
Established for a GSM subscriber
Handover from GSM BSS to UTRAN for GSM subscriber is only possible with R99+ ME. At the network side, three cases are distinguished:
1. In case of an intersystem change to a UTRAN controlled by the same SGSN, the SGSN derives UMTS cipher/integrity keys CK and IK from the 64-bit GSM cipher key Kc (using the conversion functions c4 and c5) agreed during the latest GSM AKA procedure and sends them to the target RNC.
2. In case of an intersystem change from a R99+ SGSN to a UTRAN controlled by another SGSN, the initial SGSN sends the 64-bit GSM cipher key Kc agreed during the latest GSM AKA procedure to the (new) SGSN controlling the target RNC. The new SGSN becomes the new anchor point for the service. The new SGSN stores the 64-bit GSM cipher key Kc and derives the UMTS cipher/integrity keys CK and IK which are then forwarded to the target RNC.
3. In case of an intersystem change from an R98-SGSN to a UTRAN controlled by another SGSN, the initial SGSN sends the 64-bit GSM cipher key Kc agreed during the latest GSM AKA procedure to the (new) SGSN controlling the target RNC. The new SGSN becomes the new anchor point for the service. To ensure use of UMTS keys for a possible UMTS subscriber (superfluous in this case), a R99+ SGSN will perform a new AKA when a R99+ ME is coming from a R98-SGSN.
At the user side, in all cases, the ME derives the UMTS cipher/integrity keys CK and IK from the GSM cipher key Kc (using the conversion functions c4 and c5) received from the SIM during the latest GSM AKA procedure and applies them. In case c) these keys will be over-written with a new CK, IK pair due to the new AKA.