The key hierarchy (see Figure 5.1-1) includes the following keys: K AUSF
, K AKMA
, K AF
. K AUSF
is generated by AUSF as specified in clause 6 of TS 33.501
Keys for AAnF:
K AKMA is a key derived by ME and AUSF from K AUSF.
Keys for AF:
K AF is a key derived by ME and AAnF from K AKMA.
and K AF
are derived according to the procedures of clauses 6.1
The K AKMA
and A-KID are valid until the next primary authentication is performed (implicit lifetime), in which case the K AKMA
and A-KID might be replaced after a successful new authentication or removed after an unsuccessful one.
AKMA Application Keys K AF
shall use explicit lifetimes based on the operator's policy. The lifetime of K AF
shall be sent by the AAnF as described in clause 6.2
. In case that a new AKMA Anchor Key K AKMA
is established, the AKMA Application Key K AF
can continue to be used until its lifetime expires. When the K AF
lifetime expires, a new AKMA Application Key is established based on the current AKMA Anchor Key K AKMA