Content for TS 33.221 Word version: 18.0.0
1 Scope p. 6
The present document describes subscriber certificate distribution by means of generic bootstrapping architecture (GBA) TS 33.220. Subscriber certificates support services whose provision the mobile operator assists, as well as services that are offered by the mobile operator.
The scope of this specification presents signalling procedures for support of issuing certificates to subscribers and the standard format of certificates and digital signatures. It is not intended to duplicate existing standards being developed by other groups on these topics, and will reference these where appropriate.
2 References p. 6
The following documents contain provisions which, through reference in this text, constitute provisions of the present document.
- References are either specific (identified by date of publication, edition number, version number, etc.) or non specific.
- For a specific reference, subsequent revisions do not apply.
- For a non-specific reference, the latest version applies. In the case of a reference to a 3GPP document (including a GSM document), a non-specific reference implicitly refers to the latest version of that document in the same Release as the present document.
[1]
RFC 2986 : "PKCS#10 Certification Request Syntax Standard" Version 1.7 (2000).
[2]
RFC 2510: "Internet X.509 Public Key Infrastructure Certificate Management Protocols".
[3]
RFC 2511: "Internet X.509 Certificate Request Message Format".
[4]
RFC 2527: "Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework".
[5] Void.
[6]
RFC 3280: "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile".
[7]
OMA Security: "Certificate and CRL Profiles", version 1.1 (2004).
[8]
OMA Security: "Wireless Identity Module; Part: Security, version 1.2 (2005).
[9]
OMA Security: "Wireless Application Profile; Public Key Infrastructure Definition", version 1.2 (2005).
[10]
ITU-T Recommendation X.509 (1997) | ISO/IEC 9594-8:1997: "Information Technology - Open Systems Interconnection - The Directory: Authentication Framework".
[11]
TS 33.220: "3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; Generic Authentication Architecture (GAA); Generic Bootstrapping Architecture".
[12] Void
[13] Void.
[14]
OMA: "Crypto Object for the ECMAScript Mobile Profile", version 1.1 (2005).
[15]
RFC 3546: "Transport Layer Security (TLS) Extensions".
[16] Void.
[17]
RFC 3039: "Internet X.509 Public Key Infrastructure Qualified Certificates Profile".
[18]
ETSI TS 101 862: "Qualified certificate profile".
[19]
OMA: "Provisioning Content Version 1.1" (2005).
[20]
TS 24.109: "Bootstrapping interface (Ub) and Network application function interface (Ua); Protocol details".
[21] Void
[22]
RFC 2797: "Certificate Management Messages over CMS".
[23]
TS 33.310: "Network Domain Security (NDS); Authentication Framework (AF)".
3 Definitions and abbreviations p. 7
3.1 Definitions p. 7
For the purposes of the present document, the following terms and definitions apply.
Subscriber certificate:
a certificate issued to a subscriber. It contains the subscriber's own public key and possibly other information such as the subscriber's identity in some form.
CA certificate:
A Certificate Authority signs all certificates that it issues with its private key. The corresponding Certificate Authority public key is itself contained within a certificate, called a CA Certificate.
3.2 Abbreviations p. 7
For the purposes of the present document, the following abbreviations apply:
AK
Anonymity Key
AKA
Authentication and Key Agreement
B-TID
Bootstrapping Transaction Identifier
blob
Binary Large Object
BSF
Bootstrapping Server Function
CA
Certificate Authority
CMC
Certificate Management Messages over CMS
CMP
Certificate Management Protocols
CMS
Cryptographic Message Syntax
GAA
Generic Authentication Architecture
GBA
Generic Bootstrapping Architecture
HSS
Home Subscriber System
IK
Integrity Key
MNO
Mobile Network Operator
NAF
Network Application Function
PKCS
Public-Key Cryptography Standards
PKI
Public Key Infrastructure
UE
User Equipment
