Tech-invite   World Map
3GPPspecs     Glossaries     IETF     RFCs     Groups     SIP     ABNFs
Top        in Index        Prev        Next

TS 33.310 (SA3)
Network Domain Security (NDS) – Authentication Framework (AF)

ToC      3GPP‑Page      ETSI‑search      Help       
V14.0.0 (PDF)    2016/12    58 p.
V13.2.0    2016/12    59 p.
V12.2.0    2014/09    58 p.
V11.2.0    2012/12    55 p.
V10.7.0    2012/12    56 p.
V9.8.0    2012/12    54 p.
V8.4.0    2010/06    45 p.
V7.1.0    2006/10    38 p.
V6.2.0    2004/09    31 p.

Rapporteur:  Dr. Horn, Guenther
Antecedent:  TR 33.810    
See also:  SEC-related TS/TR

For 3GPP systems there is a need for truly scalable entity Authentication Framework (AF) since an increasing number of network elements and interfaces are covered by security mechanisms.

This specification provides a highly scalable entity authentication framework for 3GPP network nodes. This framework is developed in the context of the Network Domain Security work item, which effectively limits the scope to the control plane entities of the core network. Thus, the Authentication Framework will provide entity authentication for the nodes that are using NDS/IP.

Feasible trust models (i.e. how CAs are organized) and their effects are provided. Additionally, requirements are presented for the used protocols and certificate profiles, to make it possible for operator IPsec and PKI implementations to interoperate.

The scope of thiS TS is limited to authentication of network elements, which are using NDS/IP or TLS.


Here        Top        None        None        Next
1…      6…       B…     



1   Scope [R6]   PDF-p. 7
2   References [R6]   PDF-p. 8
3   Definitions and abbreviations [R6]   PDF-p. 9
4   Introduction to Public Key Infrastructure (PKI) [R6]
5   Architecture and use cases of the NDS/AF [R6]
5.1   PKI architecture for NDS/AF
5.2   Use cases   PDF-p. 14
5.2.1   Operator Registration: Creation of interconnect agreement
5.2.2   Establishment of secure communications   PDF-p. 16
5.2.3   Operator deregistration: Termination of interconnect agreement   PDF-p. 18      Up
5.2.3a   Interconnection CA registration [R7]
5.2.3b   Interconnection CA deregistration [R7]
5.2.3c   Interconnection CA certification creation [R7]
5.2.3d   Interconnection CA certification revocation [R7]   PDF-p. 19
5.2.3e   Interconnection CA certification renewal [R7]
5.2.4   SEG/TLS CA registration
5.2.5   SEG/TLS CA deregistration
5.2.6   SEG/TLS CA certificate creation
5.2.7   SEG/TLS CA certificate revocation   PDF-p. 20
5.2.8   SEG/TLS CA certificate renewal      Up
5.2.9   End entity registration
5.2.10   End entity deregistration
5.2.11   End entity certificate creation
5.2.12   End entity certificate revocation
5.2.13   End entity certificate renewal
5.2.14   NE CA deregistration [R8]
5.2.15   NE CA certification creation [R8]
5.2.16   NE CA certificate revocation [R8]   PDF-p. 22
5.2.17   NE CA certificate renewal [R8]

Up        Top        ToC