Security in Multicase

3GPP TS 33.246 V9.1.
0 (2012-12)
Technical Specification
3rd Generation Partnership Project;
Technical Specification Group Services and System Aspects;
3G Security;
Security of Multimedia Broadcast/Multicast Service (MBMS
(!elease "
The present document has been developed within the 3
rd
Generation Partnership Project (3GPP
TM
) and may be further elaborated for the purposes of 3GPP.
The present document has not been subject to any approval process by the 3GPP

Orani!ational Partners and shall not be implemented.
This "pecification is provided for future development wor# within 3GPP

only. The Orani!ational Partners accept no liability for any use of this
"pecification.
"pecifications and reports for implementation of the 3GPP
TM
system should be obtained via the 3GPP Orani!ational Partners$ Publications Offices.
3GPP
%eywords
LTE, UMTS, multimedia, b!ad"a#t, #e"uit$
3GPP
Postal address
3GPP support office address
6%0 &!ute de# Lu"i!le# - S!'(ia )*ti'!li#
Valb!**e - +&),-E
Tel.. /33 4 92 94 42 00 +a0. /33 4 93 6% 41 16
&nternet
(tt'.22333.34''.!4
Copyright Notification
'o part may be reproduced e(cept as authori!ed by written permission.
The copyriht and the foreoin restriction e(tend to reproduction in all media.
) *+,*- 3GPP Orani!ational Partners (./&0- .T&"- 11".- 2T"&- TT.- TT1).
.ll rihts reserved.
3MT"4 is a Trade Mar# of 2T"& reistered for the benefit of its members
3GPP4 is a Trade Mar# of 2T"& reistered for the benefit of its Members and of the 3GPP Orani!ational Partners
5T24 is a Trade Mar# of 2T"& currently bein reistered for the benefit of its Members and of the 3GPP
Orani!ational Partners
G"M6 and the G"M loo are reistered and owned by the G"M .ssociation
3GPP TS 33#$%& '"#(#) ($)($*($ $ !elease "
-!*te*t#
7oreword..........................................................................................................................................................
&ntroduction......................................................................................................................................................
, "cope......................................................................................................................................................
* /eferences..............................................................................................................................................
3 8efinitions- abbreviations- symbols and conventions.............................................................................
3., 8efinitions...........................................................................................................................................................
3.* .bbreviations.......................................................................................................................................................
3.3 "ymbols...............................................................................................................................................................
3.9 1onventions.......................................................................................................................................................
9 M0M" security overview.....................................................................................................................
9., M0M" security architecture..............................................................................................................................
9.,., General.........................................................................................................................................................
9.,.* 0M:"1 sub:functions..................................................................................................................................
9.,.3 32 security architecture...............................................................................................................................
9.,. Granularity of M0M" security..........................................................................................................................
9.* %ey manaement overview...............................................................................................................................
; M0M" security functions.....................................................................................................................
;., .uthenticatin and authori!in the user............................................................................................................
;.* %ey derivation- manaement and distribution...................................................................................................
;.3 Protection of the transmitted traffic...................................................................................................................
< "ecurity mechanisms............................................................................................................................
<., 3sin G0. for M0M"......................................................................................................................................
<.* .uthentication and authorisation of a user........................................................................................................
<.*., .uthentication and authorisation in =TTP procedures................................................................................
<.*.,., General...................................................................................................................................................
<.*.,.* 0ootstrappin.........................................................................................................................................
<.*.,.3 =TTP diest authentication....................................................................................................................
<.*.* .uthentication and authorisation in M0M" bearer establishment.............................................................
<.*.3 >oid..............................................................................................................................................................
<.*.9 >oid..............................................................................................................................................................
<.3 %ey manaement procedures.............................................................................................................................
<.3., General.........................................................................................................................................................
<.3.* M"% procedures..........................................................................................................................................
<.3.*., M"% identification.................................................................................................................................
<.3.*.,. M0M" 3ser "ervice /eistration procedure.........................................................................................
<.3.*.,0 M0M" 3ser "ervice 8ereistration procedure.....................................................................................
<.3.*.* M"% re?uest procedures........................................................................................................................
<.3.*.*., 0asic M"% re?uest procedure..........................................................................................................
<.3.*.*.* >oid...................................................................................................................................................
<.3.*.*.3 Missed #ey update procedure...........................................................................................................
<.3.*.*.9 0M:"1 solicited pull procedure.......................................................................................................
<.3.*.3 M"% delivery procedures.......................................................................................................................
<.3.*.3., Pushin the M"% to the 32.............................................................................................................
<.3.*.3.* >oid...................................................................................................................................................
<.3.*.9 =andlin of multiple status codes within one response messae...........................................................
<.3.3 MT% procedures..........................................................................................................................................
<.3.3., MT% identification.................................................................................................................................
<.3.3.* MT% update procedure..........................................................................................................................
<.3.3.*., MT% delivery in download..............................................................................................................
<.3.3.*.* MT% delivery in streamin..............................................................................................................
<.3.9 Multiple 0M:"1 deployments.....................................................................................................................
<.3.9, General *@
<.3.9.* "ervice announcement coordination......................................................................................................
3GPP
3GPP TS 33#$%& '"#(#) ($)($*($ 3 !elease "
<.3.9.3 M"% #ey manaement anchor point......................................................................................................
<.3.9.9 M"% coordination..................................................................................................................................
<.3.9.; MT% coordination..................................................................................................................................
<.3.9.< M&%2A MT% timestamp coordination..................................................................................................
<.9 M&%2A messae creation and processin in the M2........................................................................................
<.9., General.........................................................................................................................................................
<.9.* M&%2A common header..............................................................................................................................
<.9.3 /eplay protection.........................................................................................................................................
<.9.9 General e(tension payload...........................................................................................................................
<.9.; M&%2A messae structure...........................................................................................................................
<.9.;., M"% messae structure..........................................................................................................................
<.9.;.* M"% >erification messae structure......................................................................................................
<.9.;.3 MT% messae structure.........................................................................................................................
<.9.< Processin of received messaes in the M2................................................................................................
<.9.<., M"% M&%2A Messae /eception.........................................................................................................
<.9.<.* MT% M&%2A Messae /eception.........................................................................................................
<.; >alidation and #ey derivation functions in MG>:7...........................................................................................
<.;., General.........................................................................................................................................................
<.;.* 3sae of M3%.............................................................................................................................................
<.;.3 M"% processin...........................................................................................................................................
<.;.9 MT% processin...........................................................................................................................................
<.< Protection of the transmitted traffic...................................................................................................................
<.<., General.........................................................................................................................................................
<.<.* Protection of streamin data........................................................................................................................
<.<.*., 3sae of "/TP.......................................................................................................................................
<.<.*.,. 3sae of "/T1P.....................................................................................................................................
<.<.*.* Pac#et processin in the 32...................................................................................................................
<.<.3 Protection of download data........................................................................................................................
<.<.3., General...................................................................................................................................................
<.<.3.* 3sae of OM. 8/M 817.....................................................................................................................
Annex A (informative): Trust model...................................................................................................
Annex B (informative): Security threats.............................................................................................
0., Threats associated with attac#s on the radio interface..........................................................................
0.,., 3nauthorised access to M0M" 3ser "ervice data............................................................................................
0.,.* Threats to interity.............................................................................................................................................
0.,.3 8enial of service attac#s....................................................................................................................................
0.,.9 3nauthorised access to M0M" 3ser "ervices..................................................................................................
0.,.; Privacy violation................................................................................................................................................
0.* Threats associated with attac#s on other parts of the system................................................................
0.*., 3nauthorised access to data...............................................................................................................................
0.*.* Threats to interity.............................................................................................................................................
0.*.3 8enial of service................................................................................................................................................
0.*.9 . malicious 32 eneratin MT%s for malicious use later on...........................................................................
0.*.; 3nauthorised insertion of M0M" user data and #ey manaement data...........................................................
Annex C (normative): MBMS security requirements......................................................................
1., /e?uirements on security service access..............................................................................................
1.,., /e?uirements on secure service access.............................................................................................................
1.,.* /e?uirements on secure service provision........................................................................................................
3GPP
3GPP TS 33#$%& '"#(#) ($)($*($ % !elease "
1.* /e?uirements on M0M" Transport "ervice sinallin protection........................................................
1.3 /e?uirements on Privacy......................................................................................................................
1.9 /e?uirements on M0M" %ey Manaement.........................................................................................
1.; /e?uirements on interity protection of M0M" 3ser "ervice data......................................................
1.< /e?uirements on confidentiality protection of M0M" 3ser "ervice data............................................
1.B /e?uirements on content provider to 0M:"1 reference point.............................................................
Annex D (normative): !CC"M# interface......................................................................................
8., M"% 3pdate Procedure........................................................................................................................
8.* >oid......................................................................................................................................................
8.3 MT% eneration and validation............................................................................................................
8.9 M"% deletion procedure......................................................................................................................
8.; M3% deletion procedure.....................................................................................................................
Annex # (!nformative): M!$#% features not used in MBMS...........................................................
Annex & (normative): M'$ (ey derivation for M# )ased MBMS (ey mana*ement..................
Annex + (normative): ,TT- )ased (ey mana*ement messa*es.....................................................
G., &ntroduction..........................................................................................................................................
G.* %ey manaement procedures................................................................................................................
G.*., M0M" 3ser "ervice /eistration.....................................................................................................................
G.*.* M0M" 3ser "ervice 8ereistration..................................................................................................................
G.*.3 M"% re?uest......................................................................................................................................................
G.*.9 2rror situations..................................................................................................................................................
Annex , (informative): Si*nallin* flo.s for MS$ /rocedures..........................................................
=., "cope of sinallin flows......................................................................................................................
=.* "inallin flows demonstratin a successful M"% re?uest procedure..................................................
=.*., "uccessful M"% re?uest procedure...................................................................................................................
Annex ! (informative): #xam/le of usin* MS$s and MT$s in MBMS..........................................
Annex 0 (informative): Ma//in* the MBMS security requirements into security functions
and mechanism.............................................................................................
C., 1onsistency chec#.............................................................................................................................................
C.,., /e?uirements on secure service access........................................................................................................
C.,.* /e?uirements on M0M" transport "ervice sinallin protection...............................................................
C.,.3 /e?uirements on Privacy.............................................................................................................................
C.,.9 /e?uirements on M0M" %ey Manaement................................................................................................
C.,.; /e?uirements on interity protection of M0M" 3ser "ervice data............................................................
C.,.< /e?uirements on confidentiality protection of M0M" 3ser "ervice data..................................................
C.,.B /e?uirements on content provider to 0M:"1 reference point....................................................................
C.* 1onclusions..........................................................................................................................................
Annex $ (!nformative): S'T- features not used in MBMS...............................................................
Annex 1 (2ormative): Multicastin* MBMS user data on !u).........................................................
Annex M (informative): 'elation to !MS )ased MBMS user services...............................................
Annex 2 (informative): Chan*e history..............................................................................................
3GPP
3GPP TS 33#$%& '"#(#) ($)($*($ + !elease "
+!e3!d
This Technical "pecification has been produced by the 3
rd
Generation Partnership Project (3GPP).
The contents of the present document are subject to continuin wor# within the T"G and may chane followin formal
T"G approval. "hould the T"G modify the contents of the present document- it will be re:released by the T"G with an
identifyin chane of release date and an increase in version number as followsD
>ersion (.y.!
whereD
( the first diitD
, presented to T"G for informationE
* presented to T"G for approvalE
3 or reater indicates T"G approved document under chane control.
y the second diit is incremented for all chanes of substance- i.e. technical enhancements- corrections-
updates- etc.
! the third diit is incremented when editorial only chanes have been incorporated in the document.
5*t!du"ti!*
The security of M0M" provides different challenes compared to the security of services delivered over point:to:point
services. &n addition to the normal threat of eavesdroppin- there is also the threat that it may not be assumed that valid
subscribers have any interest in maintainin the privacy and confidentiality of the communications- and they may
therefore conspire to circumvent the security solution (for e(ample one subscriber may publish the decryption #eys
enablin non:subscribers to view broadcast content). 1ounterin this threat re?uires the decryption #eys to be updated
fre?uently in a manner that may not be predicted by subscribers while ma#in efficient use of the radio networ#.
3GPP
3GPP TS 33#$%& '"#(#) ($)($*($ & !elease "
1 S"!'e
The Technical "pecification covers the security procedures of the Multimedia 0roadcastFMulticast "ervice (M0M") for
3GPP systems (3T/.'- G2/.' and 2:3T/.'). M0M" is a 3GPP system networ# bearer service over which many
different applications could be carried. The actual method of protection may vary dependin on the type of M0M"
application.
2 &e6ee*"e#
The followin documents contain provisions- which- throuh reference in this te(t- constitute provisions of the present
document.
/eferences are either specific (identified by date of publication- edition number- version number- etc.) or non:specific.
7or a specific reference- subse?uent revisions do not apply.
7or a non:specific reference- the latest version applies. &n the case of a reference to a 3GPP document (includin
a G"M document)- a non:specific reference implicitly refers to the latest version of that document in the same
Release as the present document.
G,H 3GPP T/ *,.I+;D J>ocabulary for 3GPP "pecificationsJ.
G*H 3GPP T" **.,9<D JMultimedia 0roadcastFMulticast "erviceE "tae ,J.
G3H 3GPP T" *3.*9<D JMultimedia 0roadcastFMulticast "ervice (M0M")E .rchitecture and 7unctional
8escriptionJ.
G9H 3GPP T" 33.,+*D J3G "ecurityE "ecurity .rchitectureJ.
G;H 3GPP T" **.*9<D JM0M" 3ser "ervicesJ.
G<H 3GPP T" 33.**+D JGeneric .uthentication .rchitecture (G..)E Generic 0ootstrappin
.rchitectureJ.
GBH 3GPP T" 3,.,+*D J1haracteristics of the 3"&M applicationJ.
G@H &2T7 /71 *<,B J=TTP 8iest .uthenticationJ.
GIH &2T7 /71 3@3+ JM&%2AD Multimedia &nternet %2AinJ
G,+H &2T7 /71 ,I@* J"erial 'umber .rithmeticJ.
G,,H &2T7 /71 3B,, J"ecure /eal:time Transport ProtocolJ.
G,*H 3GPP T" 93.+*+D J"ecurity related networ# functionsJ.
G,3H 3GPP T" *<.39<D JMultimedia 0roadcastFMulticast "erviceE Protocols and 1odecsJ.
G,9H 3GPP T" 33.*,+D J'etwor# domain securityE &P networ# layer securityJ.
G,;H OM.:8/M:817:v*K+D JOM. 8/M 1ontent 7ormatJ- 333.!'e*m!bileallia*"e.!4
G,<H &2T7 /71 9;<3 JThe %ey &8 &nformation Type for the General 2(tension Payload in Multimedia
&nternet %2Ain (M&%2A) J
G,BH Port numbers at &.'.- (tt'.22333.ia*a.!42a##i4*me*t#2'!t-*umbe#.
G,@H 3GPP T" *9.,+ID J3rd Generation Partnership ProjectE Technical "pecification Group 1ore
'etwor#E 0ootstrappin interface (3b) and networ# application function interface (3a)E Protocol
detailsJ.
G,IH &2T7 /71 *<,< J =yperte(t Transfer Protocol :: =TTPF,.,J.
3GPP
3GPP TS 33#$%& '"#(#) ($)($*($ , !elease "
G*+H 3GPP T" *I.,+ID J3rd Generation Partnership ProjectE Technical "pecification Group 1ore
'etwor#E Generic .uthentication .rchitecture (G..)E Lh and Ln &nterfaces based on the
8iameter protocolE "tae 3J.
G*,H &2T7 /71 3<*I J3T7:@- a transformation format of &"O ,+<9<J.
G**H &2T7 /71 9BB, J&nterity Transform 1arryin /oll:Over 1ounter for the "ecure /eal:time
Transport Protocol ("/TP)J.
G*3H 3GPP T" *3.,+BD J3rd Generation Partnership ProjectE Technical "pecification Group "ervices and
"ystem .spectsE Muality of "ervice (Mo") concept and architectureJ.
G*9H OM. 8/M v*.+ 2(tensions for 0roadcast "upport- 1andidate >ersion ,.+ N *I May *++BO
(OM.:T":8/MKP0":>,K+:*++B+;*I:1).
G*;H &2T7 /71 33B< J&nternet Group Manaement Protocol- >ersion 3J.
G*<H &2T7 /71 3@,+ JMulticast 5istener 8iscovery >ersion * (M58v*) for &Pv<J.
G*BH 3GPP T" *;.939- J3T/.' &ub &nterface 8ata Transport and Transport "inallin for 1ommon
Transport 1hannel 8ata "treamsJ.
G*@H &2T7 /71 93+3D J&P 2ncapsulatin "ecurity Payload (2"P)J.
G*BH 3GPP T" *<.*3BD J&P Multimedia "ubsystem (&M") based Pac#et "witch "treamin (P"") and
Multimedia 0roadcastFMulticast "ervice (M0M") 3ser "erviceE ProtocolsJ.
G*@H 3GPP T" **.*+3D J Policy and charin control architectureJ.
3 7e6i*iti!*#, abbe8iati!*#, #$mb!l# a*d "!*8e*ti!*#
3.1 7e6i*iti!*#
7or the purposes of the present document- the terms and definitions iven in T/ *,.I+; G,H and the followin apply.
7or the definitions of M0M" 3ser "ervice refer to T" **.*9< G;H.
,D' Q the eneral M&%2A =ea8e/.
!M-! Q &n the conte(t of current specification &M"& is used in the format of &MP& as specified in G0.- cf.
T" 33.**+ G<H.
$#MAC Q . payload included in the M&%2A messae- which contains a set of encrypted sub:payloads and a M.1.
$ey +rou/Q . roup of M"%s that are identified by the same %ey Group part of the M"% &8. %ey Group part is used
to roup #eys toether in order to allow redundant M"%s to be deleted.
MBMS do.nload session: "ee T" *<.39< G,3H.
MBMS streamin* session: "ee T" *<.39< G,3H.
M'$ Q M0M" /e?uest %eyD This #ey is to authenticate the 32 to the 0M:"1 when performin #ey re?uests etc.
MS$ Q M0M" "ervice %eyD The M0M" "ervice #ey that is securely transferred (usin the #ey M3%) from the 0M:
"1 towards the 32. The M"% is not used directly to protect the M0M" 3ser "ervice data (see MT%).
MT$ Q M0M" Traffic %eyD . #ey that is obtained by the 3&11 or M2 by callin a decryption function MG>:7 with
the M"%. The #ey MT% is used to decrypt the received M0M" data on the M2.
M$ Q M0M" 3ser %eyD The M0M" user individual #ey that is used by the 0M:"1 to protect the point to point
transfer of M"%$s to the 32.
3GPP
3GPP TS 33#$%& '"#(#) ($)($*($ - !elease "
'OT2D Rhen a 3&11 is used- the #eys M"% and M3% may be stored within the 3&11 or the M2 dependin on
the 3&11 capabilities. Rhen a "&M card is used- the #eys M"% and M3% are stored within the M2.
Salt (ey Q a random or pseudo:random strin used to protect aainst some off:line pre:computation attac#s on the
underlyin security protocol.
S#3l Q 5ower limit of the MT% &8 se?uence number intervalD 5ast accepted MT% &8 se?uence number interval stored
within MG>:". The oriinal value of "2Ml is delivered in the #ey validity data field of M"% messaes.
S#3/ Q The MT% &8- which is received in a M&%2A pac#et.
S#3u Q 3pper limit of the MT% &8 se?uence number interval- which is delivered in the #ey validity data field of M"%
messaes.
(S)'T- SessionD The (")/TP and (")/T1P traffic sent to a specific &P multicast address and port pair (one port each for
(")/TP and (")/T1P) durin the time period the session is specified to e(ist. .n (")/TP session is used to transport a
sinle media type (e.. audio- video- or te(t). .n (")/TP session may contain several different streams of (")/TP
pac#ets usin different ""/1s.
3.2 )bbe8iati!*#
7or the purposes of the present document- the followin abbreviations applyD
0:T&8 0ootstrappin Transaction &dentifier
0M:"1 0roadcast:Multicast "ervice 1entre
0"7 0ootstrappin "erver 7unction
817 8/M 1ontent 7ormat
8/M 8iital /ihts Manaement
2PT 2(tension payload
78T 753T2 7ile 8elivery Table
753T2 7ile delivery over 3nidirectional Transport
G0. Generic 0ootstrappin .rchitecture
G0.KM2 M2:based G0.
G0.K3 G0. with 3&11:based enhancements
&8i &dentity of the initiator
&8r &dentity of the responder
%sKe(tK'.7 8erived #ey in G0.K3
%sKintK'.7 8erived #ey in G0.K3- which remains on 3&11
%sK'.7 8erived #ey in G0.KM2 of 3G G0. or in *G G0.
M.1 Messae authentication code
M0M" Multimedia 0roadcastFMulticast "ervice
MG>:7 M0M" #ey Generation and >alidation 7unction
MG>:" M0M" #ey Generation and >alidation "torae
M&%2A Multimedia &nternet %eyin
M%& Master %ey identifier
M/% M0M" /e?uest %ey
M"% M0M" "ervice %ey
MT% M0M" Traffic %ey
M3% M0M" 3ser %ey
'.7 'etwor# .pplication 7unction
OM. Open Mobile .lliance
/O1 /oll:Over 1ounter
"P "ecurity Policy
"/T1P "ecure /T1P
"/TP "ecure /TP
3.3 S$mb!l#
7or the purposes of the present document- the followin symbols applyD
SS 1oncatenation
3GPP
3GPP TS 33#$%& '"#(#) ($)($*($ " !elease "
3.4 -!*8e*ti!*#
.ll data variables in this specification are presented with the most sinificant substrin on the left hand side and the
least sinificant substrin on the riht hand side. . substrin may be a bit- byte or other arbitrary lenth bitstrin. Rhere
a variable is bro#en down into a number of substrins- the leftmost (most sinificant) substrin is numbered +- the ne(t
most sinificant is numbered ,- and so on throuh to the least sinificant.
4 M9MS #e"uit$ !8e8ie3
4.1 M9MS #e"uit$ a"(ite"tue
4.1.1 Ge*eal
M0M" introduces the concept of a point:to:multipoint service into a 3GPP system. . re?uirement of a M0M" 3ser
"ervice is to be able to securely transmit data to a iven set of users. &n order to achieve this- there needs to be a method
of authentication- #ey distribution and data protection for a M0M" 3ser "ervice.
This means that M0M" security is specified to protect M0M" 3ser "ervices- and it is independent on whether
multicast or broadcast mode is used.
'OT2D There are two cases when multicast and broadcast mode are handled differentlyD usae of Membership
function in authori!ation (see e.. clause 9.,.,) and authori!ation of user related M0M" bearers (see e..
clause <.*.*) are only defined for multicast mode. M0M" in 2P" supports only broadcast mode and
functionality related to multicast mode does not apply to 2P".
3GPP
3GPP TS 33#$%& '"#(#) ($)($*($ () !elease "

BM"SC
$ey Mana*ement &unction
Session 4 Transmission &unction
$ey 'equest &unction
$ey Distri)ution &unction
# 2)
M+5"S6&
BS&
=TTP 8iest
.uthentication (M/%)
=TTP 8iest .%. (2stablish %s)
%s
M3%
M&%2A MT% delivery
(protected with M"%)
M"%
eneration
M"% messae
eneration
Content
/rovider
%sK((K'.7
M/%
M3%
MT%
eneration
MT% messae
eneration
Traffic
encryption
M"% messae
decryption
MT% messae
decryption
Traffic
decryption
M/%
M"%
MT%
M&%2A M"% delivery
(protected with M3%)
2ncrypted 8ata 1)
(protected with MT%)
3a
3b
Ln
,SS
Lh
8ata
8ata
P
o
i
n
t
:
T
o
:
P
o
i
n
t

P
o
i
n
t
:
T
o
:
M
u
l
t
i
P
o
i
n
t

%s
%sK((K'.7
Note 1) "/TP is used for streamin and
modified 817 format for download
Mem)ershi/
&unction
8erivation
M/%
8erivation 3)
8erivation
MT%
M"%
M/%
8erivation 3)
Note 3) Not applicable for GBA_U, since
R!"!s_e#t_NA$
Note 2)!s_##_NA$ stands for GBA_% or
GBA_U based NA$ &e's
.i/ure %#(0 MBMS security architecture
7iure 9., ives an overview of the networ# elements involved in M0M" from a security perspective. 'early all the
security functionality for M0M"- e(cept for the normal networ# bearer security- resides in either the 0M:"1 or the 32.
The 0"7 is a part of G0. (T" 33.**+ G<H). The 32 and the 0M:"1 use G0. to establish shared #eys that are used to
protect the point:to:point communication between the 32 and the 0M:"1.
The 0M:"1 is a source for M0M" data. &t could also be responsible for schedulin data and receivin data from third
parties (this is beyond the scope of the standardisation wor#) for transmission. The 0M:"1 is responsible for
establishin shared secrets with the 32 usin G0.- authenticatin the 32 with =TTP diest authentication mechanism-
reisterin and de:reisterin 32s for M0M" 3ser "ervices- eneratin and distributin the #eys necessary for M0M"
security to the 32s with M&%2A protocol and for applyin the appropriate protection to data that is transmitted as part
of a M0M" 3ser "ervice. The 0M:"1 also provides the M0M" bearer authorisation for 32s attemptin to establish
M0M" bearer.
The 0M:"1 also verifies whether a user is authori!ed to reister and receive #eys for a M0M" 3ser "ervice. 7or
M0M" Multicast Mode this authori!ation is done with the help of Membership function in the 0M:"1. 7or M0M"
3GPP
3GPP TS 33#$%& '"#(#) ($)($*($ (( !elease "
0roadcast Mode this authori!ation is done without the help of Membership function because the Membership function
is only defined in the conte(t of M0M" Multicast Mode in T" *3.*9< G3H.
The 32 is responsible for establishin shared secrets with the 0M:"1 usin G0.- reisterin to and de:reisterin
from M0M" 3ser "ervices- re?uestin and receivin #eys for the M0M" 3ser "ervice from the 0M:"1 and also usin
those #eys to decrypt the M0M" data that is received.
M0M" imposes the followin re?uirements on the M0M" capable elementsD
: a 3&11 that contains M0M" #ey manaement functions shall implement G0.K3E
: a M2 that supports M0M" shall implement G0.K3 and G0.KM2- and shall be capable of utilisin the M0M"
#ey manaement functions on the 3&11 as well as providin M0M" #ey manaement functions itselfE
: a 0M:"1 shall support usin both G0.KM2 and G0.K3 #eys to enable both M2 based and 3&11 based
M0M" #ey manaement- respectively.
4.1.2 9M-S- #ub-6u*"ti!*#
The 0M:"1 has the followin sub:functions related to M0M" security- see fiure 9.,.
: $ey Mana*ement function: The %ey Manaement function includes two sub:functionsD %ey /e?uest function
and %ey 8istribution function.
: $ey 'equest function: The sub:function is responsible for retrievin G0. #eys from the 0"7- derivin M3%
and M/% from G0. #eys- performin M0M" 3ser "ervice /eistration- 8ereistration and M"% re?uest
procedures and related user authentication usin M/%- providin M3% to %ey 8istribution function-
performin authori!ation chec#. The sub:function implements the followin functions and proceduresD
: 0ootstrappin initiation
: 0ootstrappin re:neotiation
: =TTP diest authentication
: M/% derivation
: M0M" 3ser "ervice /eistration procedure
: M0M" 3ser "ervice 8ereistration procedure
: M"% re?uest procedure
: $ey Distri)ution function: The sub:function is responsible for retrievin M3% from /eistration function-
eneratin and distributin M"%s and MT%s to the 32- providin MT% to "ession and Transmission function.
The sub:function implements the followin security proceduresD
: M"% delivery procedure
: MT% delivery procedure
: 0M:"1 solicited pull procedure
: Session and Transmission function: The sub:function is responsible for session and transmission functions cf.
T" *<.39< G,3H. .s part of these session and transmission functions- this function performs protection of data
with MT% (encryption andFor interity protection). The sub:function implements the followin security
proceduresD
: Protection of streamin data
: Protection of download data
: Mem)ershi/ function: The Membership function is used to verify if a user is authori!ed to reister- receive
#eys or to establish a M0M" bearer for M0M" Multicast Mode. The Membership function is defined only for
M0M" Multicast Mode in T" *3.*9< G3H.
3GPP
3GPP TS 33#$%& '"#(#) ($)($*($ ($ !elease "
4.1.3 UE #e"uit$ a"(ite"tue
&t is assumed that the 32 includes a secure storae (MG>:"). This MG>:" may be reali!ed on the M2 or on the 3&11.
The MG>:7 is implemented in a protected e(ecution environment to prevent lea#ae of security sensitive information
such as M0M" #eys. MG>:" stores the M0M" #eys and MG>:7 performs the functions that should not be e(posed to
unprotected parts of the M2. .n overview of M2 based #ey manaement and 3&11 based #ey manaement in 32 is
described in fiures 9.*a and 9.*b.
&n particular in M2 based #ey manaement it shall be ensured that the #eys are not e(posed to unprotected parts of the
M2 when they are transmitted from the 3&11 to the MG>:" or durin the #ey derivations.
.i/ure %#$0 M1 and 2344 5ased 6ey mana/ement in 21

M+5"S6&
#
M+5"S6&
!CC or S!M card
#
%sK'.7
M/%
1%- &%
or
"/2"- %c
%sKe(tK'.7
M/%
derivation
8ecryption
M3%
8ecryption
M"%
MT%
%s
%ey
derivation
M"% ms
MT% ms
M2 based #ey manaement based on G0.KM2 M2 based #ey manaement based on G0.K3
M/%
M/%
derivation
8ecryption
M3%
M"%
MT%
M"% ms
MT% ms
8ecryption
!CC
%sKintK'.7
%s
%ey
derivation
1%- &%
.i/ure %#$a0 M1 5ased 6ey mana/ement in 21
3GPP
3GPP TS 33#$%& '"#(#) ($)($*($ (3 !elease "

#
!CC
M+5"S6&
M/%
%sKe(tK'.7
%sKintK'.7
%s
%ey
derivation
8ecryption
M3%
8ecryption
M"%
MT%
1%- &%
M"% ms
MT% ms
3&11 based #ey manaement
.i/ure %#$50 2344 5ased 6ey mana/ement in 21
4.1) Ga*ulait$ !6 M9MS #e"uit$
.n M0M" 3ser "ervice is composed of one or more M0M" "treamin "essions andFor M0M" 8ownload "essions.
.n M0M" "treamin "ession is composed of one or more /TP sessions- and an M0M" 8ownload "ession is
composed of one or more 753T2 channels as defined in T" *<.39< G,3H. M0M" streaminFdownload sessions may be
transported over one or more M0M" Transport "ervices. Transport "ervices are defined in T" **.*9< G3H. M0M"
security is used to protect /TP sessions and 753T2 channels. .s such M0M" 3ser "ervice protection is Transport
"ervice independent- in particular- it is independent on whether it is carried over point:to:point bearer or M0M" bearer
(in multicast mode or in broadcast mode).
4.2 :e$ ma*a4eme*t !8e8ie3
The 0M:"1 controls the use of the M0M" "ervice %eys (M"%s) to secure the different /TP sessions and 753T2
channels. The M"%s are used to protect the delivery of M0M" Transport %eys (MT%s)- which are used to secure the
/TP sessions and 753T2 channels as specified within clauses <.; and <.<. The delivery of M"%s is secured with user
specific M0M" 3ser %ey (M3%)- which is received from G0.- cf. clause <.,. M"%s and MT%s are manaed at the
M0M" 3ser "ervice 5evel.
The followin rules apply for M0M" #ey manaementD
The use of the same MT% within two different /TP sessions is not allowed accordin to /713B,, G,,H section I.,.
&t shall be possible to update the MT%s durin an /TP session or 753T2 channel to enhance the security.
M"%s shall be used to protect MT%s of only one /TP session or 753T2 channel. &t shall be possible to update the
M"%s durin an /TP session or 753T2 channel to enhance the security.
M"%s within one %ey Group shall be used to protect MT%s of only one /TP session or 753T2 channel. To allow
smooth transition from JcurrentJ M"% to the Jne(tJ- the MG>:" shall be capable of storin two M"%s within the same
%ey Group as specified in clause <.3.*., of T" 33.*9<.
3GPP
3GPP TS 33#$%& '"#(#) ($)($*($ (% !elease "
"ome of the rules are illustrated in fiures 9.3 and 9.9.
The usae of M"%s and MT%s applied to a /TP session or 753T2 channel (i.e. usae of M"%s and MT%s for one %ey
roup) is depicted in fiure 9.3. 7iure 9.9 shows an e(ample of the usae of M"%s and MT%s for three /TP sessions.
&n particular it shows that M"%s and MT%s of one %ey Group are used to protect e(actly one /TP session.

2stablish M3% (G0.)
M"%*
M3%
M"%, M"%n
MT%
,*
MT%
,,
MT%
,(
MT%
**
MT%
*,
MT%
*y
MT%
n*
MT%
n,
MT%
n#
.rrow means Tprotected byO
8ata 8ata 8ata 8ata 8ata 8ata
8ata pac#ets for /TP session or 753T2 channel

.i/ure %#30 MBMS 6ey hierarchy0 usa/e of MS7s and MT7s 8ithin one !TP session or .92T1
channel

2stablish M3% (G0.)
M"%s
%ey Group 0

M3%
M"%s
%ey Group .
M"%s
%ey Group 1

MT%s

/TP session
,
MT%s
/TP session
*

MT%s
/TP session3

.rrow means Tprotected byO
.i/ure %#%0 MBMS 6ey hierarchy0 usa/e of MS7s and MT7s for three separate !TP sessions
.ccordin to T" **.*9< G;H there e(ist M0M" 3ser "ervices with shared and non:shared Transport "ervices. &n case
two M0M" 3ser "ervices share an M0M" Transport "ervice- they also share one or more /TP sessions or 753T2
channels carried in the Transport "ervice. &n this case- it shall be possible for the M0M" 3ser "ervices to share one or
more M"%s and MT%s of the %ey Groups that are used to protect the M0M" data.
.n e(ample showin how #ey manaement is used with M0M" 3ser and Transport "ervices is depicted in .nne( &.
.s described in clause <.<- the MT% is used as master #ey for "/TP (and for correspondin "/T1P) and to protect
817 in case of download. .ccordin to /71 3B,, G,,H it is mandatory to support master #ey lenths of ,*@- ,I* and
*;< bits for "/TP. The lenth of the M"% does not need to e(ceed the lenth of the MT%- but should be at least as
lon.
% M9MS #e"uit$ 6u*"ti!*#
%.1 )ut(e*ti"ati*4 a*d aut(!i;i*4 t(e u#e
. 32 is authenticated and authorised such that only leitimate users are able to participate in an M0M" 3ser "ervice.
3GPP
3GPP TS 33#$%& '"#(#) ($)($*($ (+ !elease "
Rhen the 32 uses =TTP protocol towards the 0M:"1- the 32 is authenticated with =TTP diest as described in
clause <.*.,. The Membership function within the 0M:"1 is used to verify the subscription information in M0M"
Multicast Mode.
The followin procedures use =TTP diest authenticationD
: M0M" 3ser "ervice /eistration procedure (clause <.3.*)E
: M0M" 3ser "ervice 8ereistration procedure (clause <.3.*)E
: M"% re?uest procedure. This can have many triers (clause <.3.*)E
: .ssociated delivery procedures (specified in T" *<.39< G,3H).
Rhen the 32 establishes (or releases) the M0M" bearer(s) to receive an M0M" 3ser "ervice- it is authenticated and
authori!ed as defined in clause <.*.*.
%.2 :e$ dei8ati!*, ma*a4eme*t a*d di#tibuti!*
5i#e any service- the #eys that are used to protect the transmitted data in a M0M" 3ser "ervice should be reularly
chaned to ensure that they are fresh. This ensures that only leitimate users can et access to the data in the M0M"
3ser "ervice. &n particular fre?uent re:#eyin acts as a deterrent for an attac#er to pass the M0M" #eys to others users
to allow those other users to access the data in an M0M" 3ser "ervice.
The 0M:"1 is responsible for the eneration and distribution of the M0M" #eys to the 32. . 32 has the ability to
re?uest a #ey when it does not have the relevant #ey to decrypt the data. This re?uest may also be initiated by a messae
from the 0M:"1 to indicate that a new #ey is available.
The followin function is used by the procedures listed belowD
: M/% derivation (clause <.,)E
The followin procedures are involved in %ey manaement and distributionD
: M0M" 3ser "ervice /eistration procedure (clause <.3.*)E
: M0M" 3ser "ervice 8ereistration procedure (clause <.3.*)E
: M"% re?uest procedure (clause <.3.*)E
: M"% delivery procedure (clause <.3.*)E
: MT% delivery procedure (clause <.3.3)E
: 0M:"1 solicited pull procedure (clause <.3.*).
%.3 P!te"ti!* !6 t(e ta*#mitted ta66i"
The traffic for a particular M0M" 3ser "ervice may re?uire some protection dependin on the sensitivity of the data
bein transmitted (e.. it is possible that the data bein transmitted by the M0M" 3ser "ervice is actually protected by
the 8/M security method and hence miht not re?uire additional protection. =owever- M0M" protection is
independent of 8/M protection). &f this protection is re?uired- it will be either confidentiality and interity or
confidentiality only- or interity only. The protection is applied end:to:end between the 0M:"1 and the 32s and will be
based on a symmetric #ey shared between the 0M:"1 and the 32s that are currently accessin the service. The actual
method of protection specified may vary dependin on the type of data bein transmitted- e.. media streamin
application or file download.
'OT2D Rhen M0M" data is received over a point:to:point M0M" radio bearer- it would be ciphered between
the 0M:"1 and 32 and may also ciphered over the radio interface. This Jdouble cipherinJ is
unnecessary from a security point of view and hence the decision of whether or not to apply radio
interface cipherin to a point:to:point M0M" radio bearer is outside the scope of this specification.
The followin traffic protection functions can be distinuishedD
3GPP
3GPP TS 33#$%& '"#(#) ($)($*($ (& !elease "
: Protection of streamin data (clause <.<.*)E
: Protection of download data (clause <.<.3).
6 Se"uit$ me"(a*i#m#
6.1 U#i*4 G9) 6! M9MS
T" 33.**+ G<H G0. (Generic 0ootstrappin .rchitecture) is used to aree #eys that are needed to run an M0M" 3ser
"ervice. The 3a security protocol identifier that shall be used for M0M" is defined in T" 33.**+ G<H.
The use of *G G0.- as specified in .nne( & of T" 33.**+ G<H- for M0M" may be supported as an implementation
option to allow the use of "&M cards or "&Ms on 3&11s.
.ccordin to T" 33.**+ G<H- it is possible for operators to e(plicitly prohibit the use of "&Ms for M0M" access based
on policy confiuration at the 0"7.
&f the "ervice .nnouncement indicates that protection of the M0M" 3ser "ervice is applied- then the 32 needs to share
G0.:#eys with the 0M:"1. &f no valid G0.:#eys are available at the 32- the 32 shall perform a G0. run with the
0"7 of the home networ# as described within T" 33.**+ G<H. The 0M:"1 will act as a '.7 ('etwor# .pplication
7unction) accordin to T" 33.**+ G<H.
.lon with the G0.:#eys the 0"7 shall send the &MP& of the user to the 0M:"1. Rhen the 32 has bootstrapped- it
will use a new 0:T&8 over the 3a reference point. The &MP& is used in the 0M:"1 to bind the old and the new 0:T&8
toether.
The M"%s for an M0M" 3ser "ervice shall be stored on either the 3&11- if the 3&11 is capable of M0M" #ey
manaement- or the M2- if the 3&11 is not capable of M0M" #ey manaement or a "&M card is used.
"torin the M"%s on the 3&11 re?uires a 3&11 that contains the M0M" manaement functions.
.s a result of a G0.K3 run- the 0M:"1 will share a #ey %sKe(tK'.7 with the M2 and share a #ey %sKintK'.7 with
the 3&11. &n case the 3&11 supports M0M" then this #ey %sKintK'.7 is used by the 0M:"1 and the 3&11 as the #ey
M3% (M0M" 3ser %ey) to protect M"% (M0M" "ervice %ey) deliveries to the 3&11 as described within clause <.3.
The #ey %sKe(tK'.7 is used as the #ey M/% (M0M" /e?uest %ey) within the protocols as described within
clause <.*. &n case the 3&11 does not support M0M" then the #ey %sKintK'.7 can not be used for M2 based #ey
manaement- but the #ey %sKe(tK'.7 shall be used as M3% and the #ey M/% is derived from the #ey %sKe(tK'.7
by the 0M:"1 and the M2 as specified in .nne( 7 of this specification.
. run of G0.KM2 or *G G0. results in the 0M:"1 sharin a #ey %sK'.7 with the M2. 0oth the 0M:"1 and the M2
use the #ey %sK'.7 as M3%. The #ey M/% is derived from the #ey %sK'.7 by the 0M:"1 and the M2 as specified
in .nne( 7 of this specification. The #ey M3% is used to protect M"% deliveries to the M2 as described within
clause <.3. The #ey M/% is used to authenticate the 32 towards the 0M:"1 within the protocols as described within
clause <.*.
The M3% and M/% are identified by the combination of 0:T&8 and '.7:&8 (without the 3a security protocol
identifier) in the 32 and by 0:T&8 in the 0M:"1- where 0:T&8 and '.7:&8 are defined as specified in T" 33.**+ G<H.
&n the 32 two different M3%s- i.e. the last enerated and the last successfully used- are used to uarantee that the 32
and the 0M:"1 share always one M3%. The last enerated M3% is replaced immediately after when a new M3% is
enerated and the last successfully used M3% is updated after the successful reception of the M&%2A messae- which
is protected usin the last enerated M3%. The usae of M3%s is described within clause <.3.
7or M2 based #ey manaementD
: .ll M0M" #eys (M3%- M/%- M"% and MT%) shall be deleted from the M2 when a different 3&11 or "&M is
inserted. Therefore the M2 needs to store in non:volatile memory the last inserted 3&11 or "&M identity to be
able to compare that with the used 3&11 or "&M identity at card insertion and power on.
: .ll M0M" #eys (M/%- M"% and MT%) may be deleted from the M2 when the M2 is powered down. &f the
M2 does not delete the M0M" #eys at power down then the M0M" #eys need to be stored in non:volatile
3GPP
3GPP TS 33#$%& '"#(#) ($)($*($ (, !elease "
memory. The M2 should store the M3%s in non:volatile memory in order to be able to authenticate the first
M&%2A messae of a 0M:"1 solicited pull procedure (see clause <.3.*.*.9).
'OT2D &f the M2 deletes the M"% at power down- then the M0M" client would need to re?uest M"% to the
0M:"1 and may need to run G0. to reconvene an M0M" session.
7or 3&11:based #ey manaementD
: Rhen a M"% delivery procedure has to be performed and the correspondin %sKintK'.7 (G0. '.7 #ey) is no
loner available in the 3&11- the 32 shall re:enerate a %sKintK'.7 #ey. &f the received M"% delivery
procedure refers to a %sKintK'.7 #ey no loner available and if the bootstrapped #ey %s is associated to the
same 0:T&8- then the M2 should re:enerate %sKintK'.7 with a G0. '.7 derivation procedure. &n case that
the bootstrapped #ey %s has been updated- the M2 should ta#e the new 0:T&8 into use and run the M"% re?uest
procedure towards the 0M:"1 which retrieves the latest %sKintK'.7 from the 0"7.
: The M2 shall control the deletion of M3%s stored on the 3&11. Rhen the M2 wants to free up storae in the
3&11 for new M3%- the M2 selects the M3% no loner needed to be deleted. &f a M3% is deleted then the
correspondin G0. '.7 %eys (i.e. G0. '.7 %eys with same '.7:&8) shall be deletedE the bootstrapped #ey
%s shall also be deleted if %s is present and associated to the same 0:T&8.
6.2 )ut(e*ti"ati!* a*d aut(!i#ati!* !6 a u#e
6.2.1 )ut(e*ti"ati!* a*d aut(!i#ati!* i* <TTP '!"edue#
6.2.1.1 Ge*eal
This clause describes authentication of the user to the 0M:"1 when usin =TTP diest with bootstrapped security
associations.
6.2.1.2 9!!t#ta''i*4
The 0M:"1 shall implement-initiation of bootstrappin and bootstrappin reneotiation procedures over 3a as
specified in T" 33.**+ G<H and in T" *9.,+I G,@H. The 3a interface procedures shall use M/%.
6.2.1.3 <TTP di4e#t aut(e*ti"ati!*
Rhen the 32 initiates an =TTP procedure towards the 0M:"1- =TTP diest authentication as defined in /71 *<,B G@H
shall be used for mutual authentication. =TTP diest is run between 0M:"1 and M2. The M0M" authentication
procedure is based on the eneral user authentication procedure over 3a interface that is specified in clause JProcedures
usin the bootstrapped "ecurity .ssociationJ in T" 33.**+ G<H. The 0M:"1 will act as a '.7 accordin to
T" 33.**+ G<H. .lon with the G0.:#eys the 0"7 shall send the &MP& of the user to the 0M:"1. The details of =TTP
diest authentication are specified in clause ;.* of T" *9.,+I G,@H
The followin adaptations apply to =TTP diestD
: the 0:T&8 as specified in T" 33.**+ G<H is used as usernameE
: M/% (M0M" /e?uest %ey) is used as password.
.ll =TTP procedures within this specification includin the associated delivery procedures in T" *<.39< G,3H shall be
interity protected with =TTP diest as specified in this clause.
3GPP
3GPP TS 33#$%& '"#(#) ($)($*($ (- !elease "
6.2.2 )ut(e*ti"ati!* a*d aut(!i#ati!* i* M9MS beae e#tabli#(me*t
.s defined in T" *3.*9< G3H M0M" bearer establishment applies only to multicast mode. The authentication of the 32
durin M0M" bearer establishment relies on the authenticated point:to:point connection with the networ#- which was
set up usin networ# security described in T" 33.,+* G9H or T" 93.+*+ G,*H. .uthorisation for the M0M" bearer
establishment happens by the networ# ma#in an authorisation re?uest to the 0M:"1 to ensure that the 32 is allowed
to establish the M0M" bearer(s) correspondin to an M0M" 3ser "ervice (see T" *3.*9< G3H for the details). .s
M0M" bearer establishment authorisation lies outside the control of the M0M" bearer networ# (i.e. it is controlled by
the 0M:"1)- there is an additional procedure to remove the M0M" bearer(s) related to a 32 that is no loner
authorised to access an M0M" 3ser "ervice.
'OT2D M0M" in 2P" supports only broadcast mode and functionality described in this clause applies only to
multicast mode.
6.2.3 V!id
6.2.4 V!id
6.3 :e$ ma*a4eme*t '!"edue#
6.3.1 Ge*eal
&n order to protect an M0M" 3ser "ervice- it is necessary to deliver both M"%s and MT%s from the 0M:"1 to the 32.
M"% procedures are further divided to M"% re?uest procedures- described in clause <.3.*.*- and M"% delivery
procedure- described in clause <.3.*.3. M"% procedures use a point:to:point bearer. M"% procedures are similar for
both streamin and download services.
M0M" #ey manaement messaes shall use a non:real time P8P conte(t of Mo" class Jbac#roundJ or JinteractiveJ as
defined by T" *3.,+B G*3H or P8' connection with similar Mo" properties as defined T" *3.*+3 G*@H.
'OT2D &n 3T/.' the P" radio resources for a P8P conte(t of Mo" class Jbac#roundJ and JinteractiveJ can be
released and re:established on re?uest of the networ#- while the &P address remains assined to the P8P
conte(t. &f the radio resources were released and the 0M:"1 wants to deliver an M"% (see clause <.3.*.3)
the networ# will pae the 32. "imilar functionality applies to P8' connections in 2:3T/.'.
The 0M:"1 shall store the &P:address which was assined for the P8P conte(t for further #ey manaement usae. The
0M:"1 receives the &P address of the 32 from the source &P address field of the M0M" 3ser "ervice /eistration
messae. &t shall be ensured by the networ# that the oriinal source 32 &P address is visible to the 0M:"1.
The operator may confiure the 0M:"1 to refrain from pushin the M"% update messae to the 32 and let the 32
re?uest for the M"%. This may be needed in some download services where the 32 fetches the M"% after receivin
encrypted download object. &n this case the bac#:off mode as described in clause <.3.*.*., shall be used if present
within the "ervice .nnouncement.
MT% delivery procedures use the same bearer as the M0M" 3ser "ervice. MT% delivery procedures are different for
streamin and download services and they are described in clause <.3.3.
The details of the =TTP procedures and =TTP error situations are specified in .nne( G. .n e(ample of detailed M"%
re?uest procedure is described in .nne( =. The PM5 schemas of the =TTP payloads are specified in T" *<.39< G,3H.
6.3.2 MS: '!"edue#
6.3.2.1 MS: ide*ti6i"ati!*
2very M"% is uni?uely identifiable by its %ey 8omain &8 and M"% &8
3GPP
3GPP TS 33#$%& '"#(#) ($)($*($ (" !elease "
where
%ey 8omain &8 Q M11 SS M'1 and is 3 bytes lon.
'OT2 ,D Rhen M11 SS M'1 is used as #ey identifier- the 32 should not try to use it in another conte(t- e.. the
32 should not compare the received M11 SS M'1 to parameters in radio level.
M"% &8 is 9 bytes lon and with byte + and , containin the %ey Group part- and byte * and 3 containin the
%ey 'umber part. The %ey 'umber part is used to distinuish M"%s that have the same %ey 8omain &8 and
%ey Group part. The %ey 'umber part value !ero (+(+) is reserved for special use to denote the current M"%.
%ey Group part is used to roup #eys toether in order to allow redundant M"%s to be deleted. The %ey Group
part value !ero (+(+) is not allowed as it is reserved for future use. The M"% &8 is carried in the e(tension
payload of M&%2A e(tension payload.
'OT2 *D &f the %ey 8omain &8 does not uni?uely identify the 0M:"1- it needs to be ensured that the %ey Group
parts are uni?ue within an operator- i.e. two 0M:"1s within an operator shall not use the same %ey Group
value unless multiple 0M:"1 deployment is used as is defined in clause <.3.9.
6.3.2.1) M9MS U#e Se8i"e &e4i#tati!* '!"edue
Rhen a 32 has received M0M" 3ser "ervice information- which indicates that the service is protected- via 3ser
"ervice 8iscovery F .nnouncement procedures describin a M0M" 3ser "ervice- and the user wants to receive that
M0M" 3ser "ervice- the 32 shall reister to the M0M" 3ser "ervice. /eistration is re?uired to ensure that the 32
receives the necessary M"% updates.
M0M" 3ser "ervice /eistration shall be performed by the 32 irrespective of the type of M0M" Transport "ervice i.e.
in multicast mode or broadcast mode- as soon as the user first indicates that he wants to receive the M0M" 3ser
"ervice. &n addition- it shall be performed at subse?uent power on- unless the user has previously indicated that heFshe
no loner wants to receive the M0M" 3ser "ervice- or unless the 3"&M or "&M has chaned.
'OT2 ,D The 3ser "ervice 8iscovery F .nnouncement procedures are specified in T" *<.39< G,3H. &t is out of the
scope of the present specification how the 32 receives the 3ser "ervice information and how the 3ser
"ervice is triered in the 32.
'OT2 *D The M0M" 3ser "ervice announcements are not protected when sent over M0M" bearer.
The 32 shall not release the P8P conte(t used by the M0M" 3ser "ervice /eistration until an M0M" 3ser "ervice
8e:reistration has been performed. This is to ensure that the 0M:"1 is aware of the correct 32 &P address for the
purpose of performin M"% deliveries from the 0M:"1 as specified in clause <.3.*.*.9 and clause <.3.*.3.,.
&f the 32 detects that a P8P conte(t- which is used for M0M" #ey manaement- is released by the networ#- the 32
should try to re:run M0M" 3ser "ervice /eistration for those M0M" 3ser "ervices which were usin the released
P8P conte(t for M0M" #ey manaement. 7or performin these re:reistrations the 32 may establish a new P8P
conte(t or the 32 may use some other e(istin appropriate P8P conte(t as defined in clause <.3.,- if available. This is
to ensure that the 0M:"1 becomes aware of the new 32 &P address for the purpose of performin M"% deliveries from
the 0M:"1. .ny new reistrations should override any e(istin reistrations of the 32 to the same M0M" 3ser
"ervices.
&f the M0M" 3ser "ervice does not re?uire any protection (i.e. if a service protection description is not present in the
"ervice .nnouncement)- the 32 shall not perform 3ser "ervice /eistration for #ey manaement purposes- which
means that the 32 needs no shared secret with the 0M:"1 and should therefore not perform a G0.:run with 0"7 for
M0M" (e.. if no shared secret for M0M" is available in the 32).
The 32 shall receive the followin information via the 3ser "ervice 8iscovery F .nnouncement procedures if
protection of the M0M" 3ser "ervice is appliedD
: One or more fully ?ualified domain names (7M8') of the #ey manaement servers (i.e. the 0M:"1). This is for
the 32 to #now to which &P address to send within the M0M" 3ser "ervice /eistrationF8ereistration and
M"% re?uest Procedures. One or more 7M8's may be indicated in the "ervice .nnouncement for load
balancin purposes. The 32 shall choose the 7M8' at the reistration phase with the same mechanism as the
7ile /epair "erver is selected in T" *<.39< G,3H. The 32 shall #eep the same 7M8' for subse?uent #ey
manaement procedures.
: 3&11 #ey manaement re?uiredD yesF no.
3GPP
3GPP TS 33#$%& '"#(#) ($)($*($ $) !elease "
: *G G0. allowedD yesFno
&f the fla *G G0. is not present then *G G0. is not allowed.
: M&%2A 721:protection- as defined in T" *<.39< G,3H- may be specified in the service protection description if
M&%2A is 721 protected and encapsulated in 721 source pac#ets.
: &dentifiers of the M"%s needed for the 3ser "ervice.
7or each M"%- the identifiers that shall be included are %ey 8omain &8 and M"% &8. The %ey 'umber part of
each M"% &8 shall be set to +(+ to denote the current M"%. The %ey 'umber values in the "ervice
.nnouncement shall be inored by the 32- since they may chane over time and %ey Group part of M"% &8 is
sufficient to identify the M"%s- see clause <.3.*.,.
: Mappin information how the M"%s are used to protect the different /TP sessions or 753T2 channels.
'OT2 3D >oid
'OT2 9D >oid
: 0ac# off mode parameters- as defined in T" *<.39< G,3H- may be specified for M"% re?uests- if wanted by the
service provider. These parameters are then valid for all M"%s in the user service. The 0ac# off mode is used to
avoid conestion in M"% re?uests. &n the rare cases that more than one 3ser "ervice share the same M"%- but
have different bac# off parameters- the 32 is allowed to choose which ones to use. The 0ac# off mode is
optional to implement in the 0M:"1 and mandatory to implement in the 32. The 32 shall use 0ac# off mode if
it is re?uested by the 0M:"1 in the "ervice .nnouncement.
The 32 shall not reister for an M0M" user service if it does not have enouh storae available for any additional
M"%s and MT%s re?uired for that service. The 32 should delete M"%s and MT%s that are no loner needed in order
to free up storae for new M"%s and MT%s. 7or 3&11:based #ey manaement- the M2 shall control the deletion of
M"%s stored on the 3&11.
'OT2 9aD &t is up to the M2 implementation as to which #eys are not needed any loner.
&n case the service protection description indicates that the 3&11 #ey manaement is re?uired- the 32 should only try
to access the M0M" 3ser "ervice if the selected 3&11 application is capable of M0M" #ey manaement.
&n case the service protection description indicates that 3&11 #ey manaement is not re?uired- the use of either 3&11
#ey manaement or M2 #ey manaement for a particular 32- depends on if the used 3&11 application is capable of
M0M" #ey manaement or not- i.e. if the used 3&11 application is capable of M0M" #ey manaement- then 3&11
#ey manaement shall be used.
&n case the service protection description indicates that 3&11 #ey manaement is not re?uired and *G G0. is not
allowed- the 32 should only try to access the M0M" 3ser "ervice if a 3"&M is present in the 32 as the use of "&M is
not allowed for this M0M" 3ser "ervice.
&n case the service protection description indicates that 3&11 #ey manaement is not re?uired and *G G0. is allowed-
the use of either *G or 3G G0. for a particular 32 depends on whether a 3&11 with a 3"&M is present in the 32 or
not as defined in T" 33.**+ G<H. &.e.- if a 3&11 with a 3"&M is present then 3G G0. shall be used- and if no 3&11 with
a 3"&M is present then a "&M toether with *G G0. shall be used. The service protection description shall not allow
*G G0. and re?uire 3&11 #ey manaement at the same time.
3GPP
3GPP TS 33#$%& '"#(#) ($)($*($ $( !elease "

21 BM * S4
<TTP P=ST
(&e4i#tati!* i*di"ati!*,
M9MS U#e Se8i"e 57#)
<TTP 200 =: )ut(e*ti"ati!*-5*6!
(Statu# "!de#)
<TTP 401 >>>-)ut(e*ti"ate

<TTP P=ST )ut(!i;ati!* e?ue#t
(&e4i#tati!* i*di"ati!*,
.i/ure &#)A0 MBMS 2ser Service !e/istration procedure
The communication between the 32 and the 0M:"1 is authenticated and interity protected with =TTP 8iest usin
bootstrapped security association as described in clause <.*., of this specification.
The 32 sends a reistration re?uest for the M0M" 3ser "ervice usin the =TTP PO"T messae to the 0M:"1 %ey
/e?uest function. The followin information shall be included in the =TTP messae.
: &ndication that the 32 re?uests to reister to the M0M" 3ser "erviceE
: . list of one or more M0M" 3ser "ervice &8s.
The 0M:"1 %ey /e?uest function authenticates the 32 with =TTP 8iest usin M/% #ey as described in clause <.*.,.
&f the authentication is successful- the 0M:"1 %ey /e?uest function shall verify whether the 32 is authori!ed to
reister to the M0M" 3ser "ervice(s) specified in the re?uest. &f the 32 is authori!ed- the 0M:"1 %ey /e?uest
function reisters the 32 to the M0M" 3ser "ervice(s)- which means that the 32 is reistered to receive the M"%s
used in these M0M" 3ser "ervice(s). The 0M:"1 %ey /e?uest function sends a =TTP *++ O% messae with
.uthentication:&nfo header to the 32. The followin information shall be included in the payload of the =TTP response
messaeD
: . list includin one status code for each M0M" 3ser "ervice &8 that was present in the /eistration re?uest.
The handlin of multiple status codes in one response messae is specified in clause <.3.*.9.
'OT2 ;D The 0M:"1 may not need to challene the 32 (dashed bo( in fiure <.+.)- if the 32 has used RRR
.uthori!ation re?uest headers in the first messae in fiure <.+. and 0M:"1 is able to authenticate the
32.
&f the authentication fails- the 0M:"1 %ey /e?uest function resends =TTP 9+, .uthori!ation re?uired messae with
the RRR:.uthenticate header.
The 32 chec#s the validity of the =TTP response messae. &f the messae indicated failure in the =TTP status line- the
32 may retry to send the re?uest messae.
The 32 shall chec# the status codes in the payload and act accordinly. 7or e(ample- the 32 may retry to reister to the
M0M" 3ser "ervice(s) that were indicated to have failed. 7urther error cases are described in clause G.*.9.
The 0M:"1 %ey 8istribution function initiates M"% delivery procedure(s) as specified in clause <.3.*.3 for those
M0M" 3ser "ervices for which the response messae indicated success. The 0M:"1 may decide to not initiate M"%
#ey delivery procedures- if the combination of services is such that it only ma#es sense to use all of them
simultaneously.
'OT2 <D The time between the M0M" 3ser "ervice /eistration procedure and M"% delivery procedures may
vary- i.e. the 32 should not e(pect the M"% delivery procedures to start immediately.
3GPP
3GPP TS 33#$%& '"#(#) ($)($*($ $$ !elease "
6.3.2.19 M9MS U#e Se8i"e 7ee4i#tati!* '!"edue
Rhen the user desires to dereister from one or more M0M" 3ser "ervices- the 32 shall perform an M0M" 3ser
"ervice 8e:reistration. This shall be done irrespective of the type of M0M" Transport "ervice i.e. in multicast mode or
in broadcast mode.
The 32 shall also perform an M0M" 3ser "ervice 8e:reistration- at 32 power down- for all onoin M0M" 3ser
"ervices to ensure that the 0M:"1 is made aware that the user is no loner contactable.
&t may happen that the 32 is unable to perform a M0M" 3ser "ervice 8e:reistration for all onoin M0M" 3ser
"ervices e.. due to uncontrolled power down or loss of coverae. This could lead to situations where the 0M:"1 wants
to initiate an M"% delivery procedure (see clause <.3.*.3) towards an unreachable 32.

21 BM * S4
<TTP P=ST
(7ee4i#tati!* i*di"ati!*,
<TTP 200 =: )ut(e*ti"ati!*-5*6!
(Statu# "!de#)

(7ee4i#tati!* i*di"ati!*,
.i/ure &#)B0 MBMS 2ser Service :ere/istration procedure
The 32 sends a dereistration re?uest for the M0M" 3ser "ervice usin the =TTP PO"T messae to the 0M:"1 %ey
/e?uest function. The followin information shall be included in the =TTP messae.
: &ndication that the 32 re?uests to dereister from the M0M" 3ser "erviceE
: . list of one or more M0M" 3ser "ervice &8s.
The 0M:"1 %ey /e?uest function authenticates the 32 with =TTP 8iest usin M/% #ey as described in clause <.*.,.
&f the authentication is successful- the 0M:"1 %ey /e?uest function dereisters the 32 from the M0M" 3ser
"ervice(s)- which means that the 32 will no loner receive the M"%s used in these M0M" 3ser "ervice(s). The 0M:
"1 %ey /e?uest function sends a =TTP *++ O% messae with .uthentication:&nfo header to the 32. The followin
information shall be included in the payload of the =TTP response messaeD
: . list includin one status code for each M0M" 3ser "ervice &8 that was present in the 8e:/eistration re?uest.
'OT2D The 0M:"1 may not need to challene the 32 (dashed bo( in fiure <.+0)- if the 32 has used RRR
.uthori!ation re?uest headers in the first messae in fiure <.+.0 and 0M:"1 is able to authenticate the
32.
&f the authentication fails then the 0M:"1 %ey /e?uest function resends =TTP 9+, .uthori!ation re?uired messae
with the RRR:.uthenticate header.
32 may retry to send the re?uest messae. The 32 shall chec# the status codes in the payload and act accordinly.
2rror cases are described in clause G.*.9.
3GPP
3GPP TS 33#$%& '"#(#) ($)($*($ $3 !elease "
The 0M:"1 should invalidate those M"%s from the 32- which are not used by any other M0M" 3ser "ervices where
the 32 is reistered. The 0M:"1 %ey 8istribution function performs this by runnin M"% delivery procedure for each
M"%- where the %ey >alidity data is set to invalid value (see clause <.3.*.3)- i.e. "2Ml is reater than "2Mu.
6.3.2.2 MS: e?ue#t '!"edue#
6.3.2.2.1 9a#i" MS: e?ue#t '!"edue
Rhen a 32 detects that it needs the M"%(s) for a specific M0M" 3ser "ervice- the 32 should try to et the M"%s that
will be used to protect the data transmitted as part of this M0M" 3ser "ervice. &n the M"% re?uest procedure the 32
shall list the %ey 8omain &8 : M"% &8 pairs for which the 32 needs the M"%(s). The 32 shall always (e(cept in the
case of a 0M:"1 solicited pull) wait a period of time as specified by the bac#:off parameters in the 3ser "ervice
8escription (if they are present) before ma#in a re?uest.
The basic M"% re?uest procedure is a part of different other procedures- e..D
: re?uest of M"%(s) when the 32 has missed a #ey update procedure e.. due to bein out of coverae.
: 0M:"1 solicited pull procedure.

21 BM * S4
<TTP P=ST
(Li#t !6 :e$ 7!mai* 57 - MS: 57 'ai#)
<TTP 200 =: )ut(e*ti"ati!*-5*6!
(Statu# "!de#)

(Li#t !6 :e$ 7!mai* 57 - MS: 57 'ai#)
.i/ure &#(0 Basic MS7 re;uest procedure
The 32 re?uests for one or several M"%s usin the =TTP PO"T messae. The followin information is included in the
=TTP messae.
: #ey identification informationD a list of one or several %ey 8omain &8 : M"% &8 pairs.
32s may re?uest specific M"%(s) by settin the %ey 'umber part of the M"% &8 to the re?uested value. Rhen the %ey
'umber part of the M"% &8 is set to +(+- this means the current M"%- see clause <.3.*.,. The 32 may re?uest M"%(s)
associated to more than one M0M" 3ser "ervice in the same M"% re?uest procedure.
The 0M:"1 %ey /e?uest function authenticates the 32 with =TTP 8iest usin the #eys received from G0. as
described in clause <.*.,.
&f the authentication is successful- the 0M:"1 %ey /e?uest function shall verify whether the 32 is reistered to any
M0M" 3ser "ervice that uses the M"%s specified in the re?uest. &f the 32 is authori!ed- the 0M:"1 %ey 8istribution
function shall deliver re?uested M"%s to the 32 (see clause <.3.*.3). The 0M:"1 sends a =TTP *++ O% messae with
.uthentication:&nfo header. The followin information shall be included in the payload of the =TTP response messaeD
: . list includin one status code for each %ey 8omain &8 : M"% &8 pair that was present in the /eistration
re?uest.
3GPP
3GPP TS 33#$%& '"#(#) ($)($*($ $% !elease "
'OT2 ,D The 0M:"1 may not need to challene the 32 (dashed bo( in fiure <.,)- if the 32 has used RRR
.uthori!ation re?uest headers in the first messae in fiure <., and 0M:"1 is able to authenticate the 32.
&f the authentication fails then the 0M:"1 %ey /e?uest function resends =TTP 9+, .uthori!ation re?uired messae
with the RRR:.uthenticate header.
32 may retry to send the re?uest messae.
The 32 shall chec# the status codes in the payload and act accordinly. 7or e(ample- the 32 may retry to re?uest those
M"%s that were indicated to have failed or leave the M0M" 3ser "ervice.
&f the =TTP procedure above resulted to success- the 0M:"1 %ey 8istribution function initiates M"% delivery
procedure as specified in clause <.3.*.3.
6.3.2.2.2 V!id
6.3.2.2.3 Mi##ed @e$ u'date '!"edue
Rhen the 32 has missed an M"% update and it detects that it has not ot the current M"%- e.. from the received
traffic- it may trier the retrieval of the current M"% from the 0M:"1. The procedure is the same as the 0asic M"%
re?uest procedure in clause <.3.*.*.,.
6.3.2.2.4 9M-S- #!li"ited 'ull '!"edue
Rhile the push is the reular way of updatin the M"% to the 32- there may be situations where the 0M:"1 %ey
8istribution function solicits the 32 to contact the 0M:"1 and re?uest for new M"%. .n e(ample of such a situation is
when the 0M:"1 %ey 8istribution function wants to trier the 32 that it needs to update the M"%.
21

BM*S4
M&%2A (%ey 'umber part of M"% &8 Q +(+) with last M3% #nown by the 0M:"1
=TTP PO"T (%ey 8omain &8 : M"% &8 pair)
>alidate messae based on last M3%
#nown by 0M:"1. /un G0. if that M3%
was e(pired and no valid G0.:#ey is
present
.i/ure &#$50 BM*S4 solicited pull
The 0M:"1 %ey 8istribution function sends a M&%2A messae over 38P to the 32. The M&%2A messae shall be
protected by the last M3% #nown by the 0M:"1. The %ey 'umber part of the M"% &8 in the e(tension payload of the
M&%2A messae shall be set to +(+ to indicate that the 32 should re?uest for current M"% from the 0M:"1.
&f the received M3%K&8 (i.e. the last M3% #nown by the 0M:"1) does not correspond to the last M3% #nown by the
32- then the 32 chec#s the solicited pull M&%2A messae with the last M3% successfully used by the 0M:"1.
The 0M:"1 shall not set the >:bit in the common header when initiatin the 0M:"1 solicited pull procedure.
'OT2 ,D . M3% may be used by the 0M:"1 %ey 8istribution function beyond the G0. #ey lifetime of the
correspondin %sK((K'.7 for the purpose of usin the M3% within the first M&%2A messae of a push
solicited pull procedure.
3GPP
3GPP TS 33#$%& '"#(#) ($)($*($ $+ !elease "
'OT2 *D "ince the interity of the M&%2A messae still needs to be assured- a %2M.1 payload shall be included
in the M&%2A messae from the 0M:"1 %ey 8istribution function. There is however no #ey present in
the messae. Thus by settin the 2ncr data len field to !ero- only the M.1 of the messae will be
included.
Rhen receivin the messae- the 32 shall re?uest for the current M"% for the specified %ey Group as specified in
clause <.3.*.*.,.
. situation where the use of the solicited pull procedure is needed for the 0M:"1 to be able to update successfully
M"%Us to a 32 is when the 0M:"1 has chosen the M3% lifetime less than the G0. #ey lifetime of the correspondin
%sK((K'.7- and the M3% lifetime has e(pired in the 0M:"1. &n that case the 0M:"1 should initiate the 0M:"1
solicited pull procedure and answer to the =TTP PO"T of 7iure <.*b with a 0ootstrappin /eneotiation /e?uest
accordin to T" 33.**+ G<H.
6.3.2.3 MS: deli8e$ '!"edue#
6.3.2.3.1 Pu#(i*4 t(e MS: t! t(e UE
The 0M:"1 %ey 8istribution function controls when the M"%s used in a M0M" 3ser "ervice are to be chaned. The
below flow describes how M"% chanes are performed. This procedure can be initiated after the 32 has re?uested for
M"%(s) as described in clause <.3.*.*.

# BM " SC
M&%2A ( M"% ) F 38P
M&%2A .1% F 38P
.i/ure &#30 Pushin/ the MS7s to the 21
Rhen the 0M:"1 %ey 8istribution function decides that it is time to update the M"%- the 0M:"1 %ey 8istribution
function sends M&%2A messae over 38P transportin the re?uested M"% to the 32.
&f re?uested by the 0M:"1 %ey 8istribution function- the 32 sends a M&%2A ac#nowledement messae to the 0M:
"1.
'OT2D The M"% is not necessarily updated in the messae- since a M"% transport messae can be sent e.. to
update the %ey >alidity data.
Rhen an M"% push M&%2A messae is not directly preceded by an M"% #ey re?uest- then it may happen that the 0M:
"1 uses a still valid M3% that is not the last enerated M3% at the 32. The 32 shall handle such a M&%2A push
messae in a similar way as the push solicited pull M&%2A messae (i.e. upon a successful interity chec# the 32 shall
initiate an M"% re?uest with the specified %ey Group). .dditionally- in this case- the 32 shall not create a M&%2A
ac#nowledement messae.
'OT2D This procedure uarantees that the 32 contacts the 0M:"1 with the last 0:T&8- such that the 32 now
receives a M&%2A push messae with the last enerated M3%. The interity of the initial pushed M&%2A
messae can be verified at the 32 with the M3%:&8 that is #nown as the last successfully used 0M:"1
M3%:&8.
6.3.2.3.2 V!id
6.3.2.4 <a*dli*4 !6 multi'le #tatu# "!de# 3it(i* !*e e#'!*#e me##a4e
The 32 shall include a list of one or more M0M" 3ser "ervice &8s (in M0M" 3ser "ervice reistration and de:
reistration procedures) or M"% &8:%ey 8omain &8 :pairs (in M"% re?uest procedure) in the payload of one =TTP
re?uest messae.
3GPP
3GPP TS 33#$%& '"#(#) ($)($*($ $& !elease "
Rhen the 0M:"1 has processed the re?uest messae- it shall include a list of correspondin status codes in the =TTP
response messae- i.e. a status code for each M0M" 3ser "ervice &8 or M"% &8:%ey 8omain &8 :pair. The status
codes are carried in the payload of the =TTP response messae and they use the values as specified in /71 *<,< G,IH.
. successful code- e.. *++ O%- means that the (de:) reistration or M"% re?uest for that specific M0M" 3ser "ervice
&8 or M"% was successful. The M0M" specific error codes are described in clause G.*.9.
There is also a status code in the status line of the =TTP response messae- which has a successful value if the 0M:"1
was able to successfully process the correspondin re?uest messae. Otherwise the status code in the =TTP status line
shall indicate the appropriate error.
'OT2 ,D This means that there are two levels of status codes in the response messaeD the status code in the =TTP
status line that is specific to the =TTP messae and processed by the =TTP application and the one or
more status codes in the payload that are specific to and processed by the M0M" application.
&n case the response messae does not include all the same status codes in the payload that were in the re?uest messae-
the 32 may still process the status codes that it is able to process.
The list of status codes is also used in case only one M"% or reistration is re?uested. 7iure <.9 below illustrates an
e(ample of a 32 tryin to reister to two M0M" 3ser "ervices. The reistration is successful for the first but fails for
the second M0M" 3ser service. The e(ample procedure shows only parameters that are relevant for the functionality in
?uestion.

21 BM *S4
<TTP P=ST (&e4i#tati!*)
Pa$l!ad.
(#e8i"e57. ))))
(#e8i"e57. 999)
<TTP 200 =: )ut(e*ti"ati!*-5*6!
Pa$l!ad.
(#e8i"e57. ))), "!de. 200)
(#e8i"e57. 999, "!de. 403)
.i/ure &#%0 1<ample re/istration procedure
6.3.3 MT: '!"edue#
6.3.3.1 MT: ide*ti6i"ati!*
2very MT% is uni?uely identifiable by its %ey 8omain &8- M"% &8 and MT% &8
where
%ey 8omain &8 and M"% &8 are as defined in clause <.3.*.,.
MT% &8 is * bytes lon se?uence number and is used to distinuish MT%s that have the same %ey 8omain &8
and M"% &8. &t is carried in the MT% &8 field of M&%2A e(tension payload. 2very time a M"% with a new
M"% &8 is ta#en into use by the 0M:"1- the MT% &8 of the first MT% sent by the 0M:"1 protected by that
M"% shall be set to an initial value reater than !ero chosen by the 0M:"1.
'OT2 ,D &n most situations the practical choice for the initial MT% &8 will be one- but this does not prevent the
0M:"1 to choose a value different for each service and reater than one.
The MT% &8 that will be used in a ne(t MT% update needs to be reater than the previously used MT%:&8.
'OT2 *D The practical choice to increment is , but also other increments are allowed.
3GPP
3GPP TS 33#$%& '"#(#) ($)($*($ $, !elease "
'OT2 3D .s the MT% &8 is * bytes lon- this allows to use *
,<
:* MT%s protected by one M"% if the MT%:&8 is
always incremented by one and the initial MT% &8 starts at ,. The ma(imum value for MT% &8 is
disallowed (see clause <.9.;.,).
6.3.3.2 MT: u'date '!"edue
The MT% is delivered to the 32 usin M&%2A over 38P- but the >:bit in the common header shall not be set.
The 32 shall not send an error messae to the 0M:"1 as a result of receivin an MT% messae.
6.3.3.2.1 MT: deli8e$ i* d!3*l!ad
&n the download case the M&%2A messae carryin the MT% shall be delivered over the same 753T2 stream as the
object to be downloaded to the 32 (see T" *<.39< G,3H). This means that the messae is specified as a separate object in
the 753T2 7ile 8elivery Table (78T)- havin its own identifier. This means the MT% delivery inherits the reliability
features of 753T2. The mime:type of the object carryin the M&%2A messae shall be the &.'.:reistered type for
M&%2A.
6.3.3.2.2 MT: deli8e$ i* #teami*4
M&%2A messaes transportin MT%s shall be sent usin the same &P destination address as the /TP traffic. M&%2A
messaes shall be transported to 38P port number **<I specified for M&%2A. /eliability of MT% delivery is reached
by re:sendin MT% messaes periodically.
'OT2D /e:sendin of MT% messae will also allow the 32 to faster switch between "/TP streams.
&n order to increase the possibility that 32s receive a new MT% in time- MT% messaes may be sent before the /TP
traffic chanes over to a new MT%.
6.3.4 Multi'le 9M-S- de'l!$me*t#
6.3.41 Ge*eal
The re?uirements in the followin sub:clauses apply when one and the same M0M" 3ser "ervice is transmitted via
multiple 0M:"1s- as this case re?uires some coordination between the 0M:"1s reardin M0M" #ey manaement.
6.3.4.2 Se8i"e a**!u*"eme*t "!!di*ati!*
Rhen one and the same M0M" 3ser "ervice is transmitted via multiple 0M:"1s the service shall be announced with
one "ervice .nnouncement indicatin common security protectection description for the involved 0M:"1s.
6.3.4.3 MS: @e$ ma*a4eme*t a*"(! '!i*t
The 32 shall reister to one 0M:"1 indicated in the "ervice .nnouncement and shall #eep the same 0M:"1 for all
subse?uent M"% manaement procedures as defined in clause <.3.*.,..
,=TE. T(e MS: @e$ ma*a4eme*t "a* be @e't !* t(e !i4i*al 9M-S- e8e* t(!u4( t(e UE "!uld m!8e u*de a
*e3 9M-S-. T(i# i# be"au#e t(e MS: @e$ ma*a4eme*t u#e# t(e P7P2P7, "!**e"ti!*.
6.3.4.4 MS: "!!di*ati!*
The 0M:"1s shall use M"%s in a synchroni!ed way. .t a certain point in time the same M"% (identified by the %ey
8omain &8- M"% %ey Group and %ey 'umber part) shall be used in all 0M:"1s per a streamin or download session.
Rhen the M"% needs to be updated- the 0M:"1s shall ta#e the new M"% (identified by the %ey 'umber part) into use
at the same time. This is to ensure that the 0M:"1s are able to use the MT%s in a synchroni!ed way. 7or M"% #ey
manaement anchor point see clause <.3.P.3.
3GPP
3GPP TS 33#$%& '"#(#) ($)($*($ $- !elease "
6.3.4.% MT: "!!di*ati!*
The 0M:"1s shall use MT%s in a synchroni!ed way. .t a certain point in time the same MT% (identified by the MT%
&8 as defined in clause <.3.3.,) shall be used in all 0M:"1s per a streamin or download session. Rhen the MT% needs
to be updated- the 0M:"1s shall ta#e the new MT% into use at the same point in time. This is to ensure that a 32 that
moves under a new 0M:"1- which is transmittin the same M0M" 3ser "ervice as the old 0M:"1- is able to decrypt
the service without interruption. The 0M:"1s transmittin the same M0M" 3ser "ervice may transmit identical
content or slihtly different content- e.. local news. 2specially in the latter case it is important that the update of the
MT% happens at the same point in time and is not based on the amount of content (pac#ets or files) sent in the
streamin or download session since the amount of content may vary between the 0M:"1s. This is to ensure that the
0M:"1s #eep synchroni!ed in their use of MT%s reardless of the amount of content sent.
6.3.4.6 M5:EA MT: time#tam' "!!di*ati!*
M0M" uses counter:based M&%2A timestamps as specified in clause <.9.3. The 0M:"1s shall use M&%2A timestamps
in MT% delivery messaes in a synchroni!ed way. .t a certain point in time the same M&%2A MT% timestamp shall be
used in all 0M:"1s for a streamin or download session.
'OT2D There is no need to synchroni!e the M&%2A timestamp for M"% delivery messaes as the M"% messaes
are sent from one 0M:"1- see also clause <.3.9.3.
Rhen the same M0M" 3ser "ervice is transmitted via multiple 0M:"1s it may happen that the 0M:"1s send different
amount of MT% delivery messaes within a streamin or download session. This will result to that the M&%2A MT%
timestamps are not in synchroni!ation between the 0M:"1s- and that a 32 that moves under a new 0M:"1 is not able
to decrypt the service without interruption due to replay protection.
The 0M:"1s may #eep synchroni!ation for the use of M&%2A MT% timestamps by sendin the same amount of
M&%2A MT% delivery messaes at the same pace. =owever- this may not always be possible e.. due to different
amount of content transmitted by the 0M:"1s. .nother possibility is that the 0M:"1s increase the M&%2A MT%
timestamp based on 'TP 3T1 time reardless of how many M&%2A MT% delivery messaes are sent- and add the first
3* most sinificant bits (i.e. the interal part) of 'TP 3T1 time to the counter:based timestamp payload field of
M&%2A MT% messaes. This ensures that the 0M:"1s are synchroni!ed and the 32 will treat the timestamp as a
counter.
6.4 M5:EA me##a4e "eati!* a*d '!"e##i*4 i* t(e ME
6.4.1 Ge*eal
M&%2A is used to transport the M"%s and MT%s from the 0M:"1 to the 32. 1lauses <.9.*- <.9.3- <.9.9 and <.9.;
describe how to create the M&%2A messaes- while clause <.9.< describes the initial processin by the M2 on these
messaes. The final processin is done by the M0M" #ey Generation and >alidation 7unction (MG>:7) and is
described in clause <.;.
M&%2A shall be used with pre:shared #eys as described in /71 3@3+ GIH. The 38P port number for M&%2A is **<I
(see G,BH).
To #eep trac# of M"%s and MT%s- a new 2(tension Payload (2PT) G,<H is added to M&%2A. The 2(tension Payload
can contain the #ey types and identities of M"% and the MT% and %ey 8omain &8 (see clauses <.3.* and <.3.3).
"ome M&%2A payloads contain te(t strins- e..- the &8i and &8r payloads. These strins shall be encoded accordin to
3T7:@ G*,H.
&n case M&%2A pac#ets are 721:protected (see T" *<.39< G,3H)- this is sinalled within the M0M" 3ser "ervice
8escription.
.s M&%2A is used in a #ey transport mode- the #ey derivation function as defined in section 9.,.9 of /71 3@3+ GIH
shall be used for M&%2A internal #eys and M&%2A internal salt. The preshared #ey used for transmission of M"% is the
M3%- and the pre:shared #ey used for transmission of MT% is the M"%.
The si!e of the authentication #ey to be used to verify the M.1 field of a M&%2A messae shall be ,<+ bits.
3GPP
3GPP TS 33#$%& '"#(#) ($)($*($ $" !elease "
6.4.2 M5:EA "!mm!* (eade
M"%s shall be carried in M&%2A messaes. The messaes are sent point:to:point between the 0M:"1 and each 32.
The messaes use the M3% shared between the 0M:"1 and the 32 as the pre:shared secret in M&%2A.
Once the M"% is in place in the 32- the 32 can ma#e use of the MT% messaes sent by the 0M:"1 over M0M"
bearer. The MT% is carried in messaes conformin to the structure defined by M&%2A and use the M"% as the pre:
shared secret.
&f the 0M:"1 re?uires an .1% for an M"% #ey update messae this is indicated by settin the >:bit in the M&%2A
common header. The 32 shall then respond with a M&%2A messae containin the verification payload. &n the case the
server does not receive an .1%- normal reliability constructions can be used- e..- start a timer when the messae is sent
and then resend the messae if no .1% is received before the timer e(pires.
The 1"0 &8 field of M&%2A common header is not used for identification purposes but shall be present in both M"%
messaes and MT% messaes.
'OT2D .s the 1"0 &8 field has no meanin within the conte(t of M0M"- the 0M:"1 is free to assin any value
to 1"0 &8. .ssinin random values to 1"0 &8 enhances security as 1"0 &8 is ta#en into account for
M&%2A #ey derivations (section 9.,.3 and 9.,.9 of /71 3@3+ GIH).
6.4.3 &e'la$ '!te"ti!*
2ach M&%2A messae contains the timestamp field (T") of type *. This means that the contents of the timestamp field
is a 3*:bit counter. The counter shall be increased by one for each M"% messae sent from the 0M:"1 to the 32 even
in case 0M:"1 retransmits a previously sent M"% messae. The counter shall be increased by one for each new MT%
messae created in the 0M:"1.
'OT2D The 0M:"1 is allowed to retransmit a previously sent MT% messae for streamin in order to provide a
hiher reliability of MT% delivery (cfr section <.3.3.*.*) without havin to increment the T" field for
each sent MT% messae. .s specified in step * of clause <.9.<.*- the M2 will discard duplicate MT%
messaes based on the last received T".
There is one counter per 32 for M"% delivery- and one counter common to all 32s for MT% delivery. The counter is
used for replay protectionE messaes with a counter less than or e?ual to the current counter are discarded. 5ess than or
e?ual is to be ta#en in the meanin of /71,I@*. &f the less than or e?ual relation is undefined in the sense of /71,I@*-
the messae should be considered as bein replayed and shall be discarded. The counter in the T" field shall be reset for
M"% transport messaes when the M3% is updated. The counter in the T" field shall be reset for MT% transport
messaes when the M"% is updated.
6.4.4 Ge*eal e0te*#i!* 'a$l!ad
The M"% and MT% shall be delivered in messaes that conform to the structure defined in /71 3@3+ GIH (M&%2A). To
be able to #eep trac# of the #ey that is derived in the messae- a eneral 2(tension Payload (2PT) is used that conforms
to the structure defined in reference G,<H.
The 2PT includes a %ey 8omain &8 and one or two %ey Type &8 sub:payloads dependin on the messae. These are
used as follows.
7or M"% delivery the 2PT includes the %ey 8omain &8 and a %ey Type &8 sub:payload. The %ey 8omain &8 has the
value as specified in clause <.3.*.,. The %ey Type &8 sub:payload includes the type and &8 of the #ey that is delivered
in the messae- i.e. the M"% &8- see fiure <.9a. The #ey that is used to protect the messae- i.e. M3%- is identified as
specified in clause <.,.
7or MT% delivery the 2PT includes the %ey 8omain &8 and two %ey Type &8 sub:payloads. The %ey 8omain &8 has
the value as specified in clause <.3.*.,. The first %ey Type &8 sub:payload includes the type and &8 of the #ey that is
used to protect the messae- i.e. the M"% &8- and the second %ey Type &8 sub:payload includes the type and &8 of the
#ey that is delivered in the messae- i.e. the MT% &8- see fiure <.9b.
"ee clauses <.3.*., and <.3.3., for definition of M"% &8 and MT% &8. The MT% &8 is increased every time the
correspondin #ey is updated. &t is possible that the same MT% is delivered several times over M0M" bearer- and the
M2 can then discard messaes related to a #ey it already has instead of passin them to the MG>:7.
3GPP
3GPP TS 33#$%& '"#(#) ($)($*($ 3) !elease "
The MG>:7 (see clause <.;) protects itself from a possibly malicious M2 by chec#in the interity and freshness of the
M&%2A messae.
The format of the #ey &8s shall be represented by unsined inteers.

:e$ 7!mai* 57 #ub-'a$l!ad
:e$ T$'e 57 #ub-'a$l!ad (MS: 57)

.i/ure &#%a0 1<tension payload used 8ith M371= MS7 messa/e

:e$ 7!mai* 57 #ub-'a$l!ad
:e$ T$'e 57 #ub-'a$l!ad (MS: 57)

:e$ T$'e 57 #ub-'a$l!ad (MT: 57)

.i/ure &# %50 1<tension payload used 8ith M371= MT7 messa/e
6.4.% M5:EA me##a4e #tu"tue
6.4.%.1 MS: me##a4e #tu"tue
The followin applies for both streamin services and download servicesD
: The structure of the M&%2A messae carryin a M"% #ey shall be accordin to 7iure <.;. (7or handlin of
un#nown M&%2A e(tension payloads in MG>:7- cf. clause <.;.3.).
: The actual M"% #ey that is delivered is #ept in the %2M.1 payload. Only one M"% #ey shall be transported in
the %2M.1 payload.
: The format of the 2PT payload is as described in chapter <.9.9.
: The M&%2A:/.'8 is used to derive e.. encryption and authentication #eys from the received #eys. &t is sent in
all the M"% delivery messaes. . 32 and 0M:"1 shall support a M&%2A:/.'8 of ,*@:bit.7or a specific M"%
(identified by the M"% &8 includin the %ey 'umber part) within an M0M" streamin or download session- the
same M&%2A:/.'8 shall be used in M"% delivery messaes for all 32s. This ensures that all 32s will use the
same M&%2A:/.'8 for MT% messae processin- cf. clause <.;.9.
: The identity payloads of the initiator$s and responder$s &8s shall be included in the M"% transport messaes. &8i
is the &8 (i.e. 7M8') of the 0M:"1 (i.e. '.7:&8 without the 3a security protocol identifier) and &8r is the &8
of the 32$s username (i.e. 0:T&8). The &8 Type field of &8i and &8r payloads shall be set to value + (Q'.&). .s
the content of the &8i field is not a '.&- but a 7M8' of the 0M:"1- the &8 Type field of the &8i payload shall
be inored by the receiver and the &8 data field shall be handled as a te(t strin.
'OT2D '.7:&8 without the 3a security protocol identifier (i.e. 7M8' of 0M:"1) is used to identify a server
while a '.& identifies a user-
: The Type subfield shall be set to value * (QT2%) in the %2M.1 payload in all M"% delivery messaes.
: The %> (%ey validity period) subfield shall be set to value * (Q&nterval) in the %2M.1 payload in all M"%
delivery messaes.
: The %ey >alidity 8ata subfield is present in the %2M.1 payload when M"% is transported. The field defines
the validity time for M"% in terms of se?uence number interval (i.e. lower limit of MT% &8 and upper limit of
MT% &8). The lower limit of the interval defines the oriinal value of "2Ml to be used by the MG>:7 (see
3GPP
3GPP TS 33#$%& '"#(#) ($)($*($ 3( !elease "
clause <.;) and the upper limit of the interval defines the "2Mu. The 0M:"1 shall never set "2Mu to its
ma(imum possible value.
: The use of '355 alorithm in the M.1 al field is not allowed.
: The use of '355 alorithm in the 2ncr al field is not allowed.
The followin applies only for streamin servicesD
: Only one 1rypto"ession can be transported in the field 1" &8 map info for streamin.
: The V1" field shall be set to one- and 1" &8 map info shall be present in the M"% messae.
: The 1" &8 map type subfield shall be set to T"/TP:&8O as defined in G,<H.
: The "P payload shall be used only with streamin services.
: "ecurity Policy ("P) payload shall include information for the security protocol such as alorithms to use- #ey
lenths- initial values for alorithms etc.
: The 0M:"1 shall ensure that the 32 has received the "P payload before the "P payload needs to be applied in
the streamin service.
: The 0M:"1 is not allowed to chane the "P payload anymore once the streamin service usin that "P has
started for the first time.
: The 0M:"1 shall include the "P payload when the M"% delivery was triered by the 32 usin the M"%
re?uest procedure or the M0M" 3ser "ervice /eistration procedure- otherwise it is optional for the 0M:"1 to
include the "P payload into M"% delivery messaes.
: .n "/TP #ey derivation rate of !ero shall be used. The 0M:"1 can achieve this either by e(plicitly sinallin a
#ey derivation rate of !ero via M&%2A "/TP policy (/71 3@3+ GIH) or by omittin this parameter in M&%2A
"/TP policy as the default #ey derivation rate of "/TP is !ero.
The followin applies only for download servicesD
: The V1" field shall be set to !ero- and no 1" &8 map info shall be present in the M"% messae.
: The 1" &8 map type subfield shall be set to T2mpty mapO as defined in G,<H.
: The "P payload shall not be included in the M"% messaes.

-!mm!* <7&
M5:EA &),7
57i
57
BSPC
EDT
:EM)-
TS
.i/ure &#+0 The lo/ical structure of the M371= messa/e used to deliver MS7#
.or use of 5rac6ets> cf# section (#3 of !.4 3-3) ?"@ (M371=
6.4.%.2 MS: Vei6i"ati!* me##a4e #tu"tue
&f the 0M:"1 e(pects a response to the M"%:transport messae (i.e.- the >:bit in the M&%2A common header is e?ual
to ,)- the 32 shall send a verification messae as a response. The verification messae shall be constructed accordin to
section 3., of M&%2A- and shall consist of the followin fieldsD =8/ SS T" SS &8r SS >- where &8r is the &8 of the 32. The
&8 Type field of &8r payload shall be set to value + (Q'.&). The 1" &8 map type subfield shall be set to T2mpty mapO
3GPP
3GPP TS 33#$%& '"#(#) ($)($*($ 3$ !elease "
as defined in G,<H. The V1" field shall be set to !ero- and no 1" &8 map info shall be present in the M"% verification
messae. The use of the '355 alorithm in the M.1 al field is not allowed. 'ote that the M.1 included in the
verification payload- shall be computed over both the initiator$s and the responder$s &8 as well as the timestamp in
addition to be computed over the response messae as defined in /71 3@3+ GIH.
The 32 shall use the same 1"0 &8 in the verification messaes as received in the M"% delivery messae.

-!mm!* <7&
57
V
TS
.i/ure &#&0 The lo/ical structure of the M371= 'erification messa/e
The verification messae shall not be sent as a response to M&%2A messaes deliverin MT%.
The M2 shall send the verification messae- when received as result from the MG>:7- to the 0M:"1.
6.4.%.3 MT: me##a4e #tu"tue
7ollowin re?uirements apply for both streamin and download servicesD
: The structure of the M&%2A messae carryin a MT% #ey shall be accordin to 7iure <.B. (7or handlin of
un#nown M&%2A e(tension payloads in MG>:7- cf. clause <.;.9)
: The actual MT% #ey that is delivered is #ept in the %2M.1 payload. Only one MT% #ey can be transported in
the %2M.1 payload.
: The 2PT payload has format as described in clause <.9.9.
: The V1" field shall be set to !ero- and no 1" &8 map info shall be present in the MT% messae.
: The 1" &8 type map type subfield shall be set to T2mpty mapO as defined in G,<H.
: 'either shall the "P payload be included in MT% messaes.
: The %> (%ey validity period) subfield shall be set to '355 in the %2M.1 payload when MT% is transported.
: The %ey >alidity 8ata subfield shall not be present in the %2M.1 payload when MT% is transported.
: The use of '355 alorithm in the M.1 al field in the %2M.1 payload is not allowed.
: The use of '355 alorithm in the 2ncr al field in the %2M.1 payload is not allowed.
'OT2D M&%2A:/.'8 is not included in MT% messaes since the M&%2A:/.'8 sent within M"% delivery
messaes is used for MT% messae processin- cf. clause <.9.;., and <.;.9.
7ollowin re?uirement applies for streamin services onlyD
: The Type subfield shall be set to value 3 (QT2% W salt) in the %2M.1 payload in all MT% delivery messaes
for streamin services.
: . ,,* bit salt shall be added to the %2M.1 payload in addition to the MT%.
7ollowin re?uirement applies for dowload services onlyD
: The Type subfield shall be set to value + (QTG%) in the %2M.1 payload in all MT% delivery messaes for
download services.
: 'o salt shall be added to the %2M.1 payload.
3GPP
3GPP TS 33#$%& '"#(#) ($)($*($ 33 !elease "

-!mm!* <7&
EDT
:EM)-
TS
.i/ure &#,0 The lo/ical structure of the M371= messa/e used to deliver MT7
6.4.6 P!"e##i*4 !6 e"ei8ed me##a4e# i* t(e ME
6.4.6.1 MS: M5:EA Me##a4e &e"e'ti!*
Rhen the M&%2A messae arrives at the M2- the processin proceeds followin the steps below (basically followin
section ;.3 of /71 3@3+ GIH).
,. The 2(tension Payload (2PT) is e(amined- and if it indicates an M"% delivery protected with M3%- the M3%
&8 is received by combinin &8i and &8r.
*. The Timestamp Payload is chec#ed- and the messae is discarded if the counter in the Timestamp Payload is
smaller or e?ual to the stored replay counter associated with the iven M3% (the stored replay counter value is
retrieved from MG>:").
3. The "ecurity Policy payload is stored temporarily in the M2 if it was present.
9. The messae is transported to MG>:7 for further processin- cf. clause <.;.3.
;. The MG>:7 replies success or failure. &n case of success the temporarily stored "ecurity Policy payload is ta#en
into use. Otherwise it is deleted.
<. The M2 shall chec# if the M&%2A messae indicates a 0M:"1 solicited pull procedure and behave as described
in clause <.3.*.*.9.
6.4.6.2 MT: M5:EA Me##a4e &e"e'ti!*
Rhen the M&%2A messae arrives at the M2- the processin proceeds followin the steps below (basically followin
section ;.3 of /71 3@3+ GIH).
,. The 2(tension Payload (2PT) is e(amined- and if it indicates an MT% delivery protected with M"%- the M"%
&8 is e(tracted from the 2(tension Payload.
*. The Timestamp Payload is chec#ed- and the messae is discarded if the counter in the Timestamp Payload is
smaller or e?ual to the stored replay counter associated with the iven M"% (the stored replay counter value is
retrieved from MG>:").
3. &f the MT% &8 e(tracted from the 2(tension payload is less than or e?ual to the current MT% &8 (#ept in the
M2)- the messae shall be discarded.
9. The messae is transported to MG>:7 for further processin- cf. <.;.9.
;. The MG>:7 replies success (i.e. sendin the MT% and salt if available) or failure.
6.% Validati!* a*d @e$ dei8ati!* 6u*"ti!*# i* MGV-+
6.%.1 Ge*eal
Rhen an M"% or MT% messae is received in the 32- it is processed in protected environment MG>:".
3GPP
3GPP TS 33#$%& '"#(#) ($)($*($ 3% !elease "
6.%.2 U#a4e !6 MU:
Rhen a M3% has been installed in the MG>:"- i.e. as a result of a G0. run- it is used as pre:shared secret used to
verify the interity of the M"% transport messae and decrypt the M"% carried in the %2M.1 payload as described in
/71 3@3+ GIH.
6.%.3 MS: '!"e##i*4
Rhen the MG>:7 receives the M&%2A messae- the MG>:7 first determines the type of messae by readin the 2PT.
&f the 2PT indicates M"% delivery (clause <.9.9) then the te(t in this clause applies.
The MG>:7 shall not abort processin of a M&%2A messae when encountered with an e(tension payload with
un#nown type. The content of an un#nown e(tension payload (e(cept for the ne(t payload- type and lenth fields) shall
be treated as an opa?ue object. The M.1 computation re?uired for the %2M.1 payload shall include any un#nown
e(tension payloads preceedin it.
'OT2D This is because an un#nown e(tension payload may be specified for M2 use only and it is therefore
Jun#nownJ to the MG>:7. "#ippin un#nown payloads durin the payload parsin is a deviation from
recommended receiver behavior in section ;.3 of /71 3@3+.
The MG>:7 retrieves the M3% identified as specified in clause <.,. &f the %ey 'umber part of the M"% &8 in the 2PT
e?uals +(+ then this indicates a solicited pull procedure (clause <.3.*.*.9) for which the M&%2A messae does not
contain an M"% and for which the M3% shall be applied accordin to clause <.3.*.*.9.
The interity of the messae is validated and if valid then the M"%- if present- shall be e(tracted from the %2M.1
payload as described in section ; of reference GIH- and the %ey >alidity data- shall be e(tracted from the messae and
stored (in the form of MT% &8 interval).
&f interity validation is successful- then the MG>:7 shall update the stored Time "tamp value associated with the
correspondin M3% &8 in MG>:" with the counter value in the Time "tamp payload.
&f the MG>:7 receives an M"% and already contains two other M"%s under the same %ey 8omain &8 and %ey Group
part- then the 32 shall #eep the newer and delete the older of these two M"%s. The newer M"% (i.e. the M"% to be
#ept) of the two stored M"%s under the same %ey 8omain &8 and %ey Group part is determined by the 32 from the
combination of M3% &8 and Time "tamp value in the followin way. The M"% that was protected with the newer
M3% is the newer M"% reardless of the value of the Time "tamp. &n case the M3% &8s are e?ual- the M"% with
hiher Time "tamp value is the newer M"%. 3pdatin an e(istin M"% (e.. by updatin the %ey >alidity 8ata) or
resendin an M"% means then also that the updated M"% becomes the newer M"% since the Time "tamp value is
increased in these cases. &n case the M3% &8 values are not e?ual- the newer M3% is the last M3% successfully used
by the 0M:"1 as specified in clause <.3.*.*.9.
&f the MG>:7 receives an M"%- which has the same M"% &8 as a stored M"%- the received M"% shall replace the
stored M"% and update the %ey >alidity data. &n case the M"% messae does not include any #ey in %2M.1 payload-
then the %ey >alidity data shall be updated for the specified M"% e(cept if the M"% &8 is +(+.
6.%.4 MT: '!"e##i*4
Rhen the MG>:7 receives the M&%2A messae- it first determines the type of messae by readin the 2PT. &f the #ey
inside the messae is an MT% protected by M"%- MG>:7 retrieves the M"% with the &8 iven by the 2(tension
payload.
The MG>:7 shall not abort processin of a M&%2A messae when encountered with an e(tension payload with
un#nown type. The content of an un#nown e(tension payload (e(cept for the ne(t payload- type and lenth fields) shall
be treated as an opa?ue object. The M.1 computation re?uired for the %2M.1 payload shall include any un#nown
e(tension payloads preceedin it.
'OT2 ,D This is because an un#nown e(tension payload may be specified for M2 use only and it is therefore
Jun#nownJ to the MG>:7. "#ippin un#nown payloads durin the payload parsin is a deviation from
recommended receiver behavior in section ;.3 of /71 3@3+.
&t is assumed that the M0M" service specific data- M"%- M&%2A:/.'8 and the se?uence numbers "2Ml and "2Mu-
have been stored within a secure storae (MG>:"). M"%- M&%2A:/.'8- "2Ml and "2Mu were transferred to the
3GPP
3GPP TS 33#$%& '"#(#) ($)($*($ 3+ !elease "
MG>:" with the e(ecution of the M"% update procedures. The initial values of "2Ml and "2Mu are determined by the
service provider.
The MG>:7 shall only calculate and deliver the M0M" Traffic %eys (MT%) to the M2 if the ptm:#ey information is
deemed to be fresh.
The MG>:7 shall compare the received "2Mp- i.e. MT% &8 from the M&%2A messae with the stored "2Ml and "2Mu.
&f "2Mp is e?ual to or lower than "2Ml or "2Mp is reater than "2Mu- then the MG>:7 shall indicate a failure to the
M2. Otherwise- the MG>:7 shall verify the interity of the M&%2A messae accordin to /71 3@3+ GIH. The random
value to use as input to the P/7 function (section 9.,.9 of /713@3+ GIH) is the M&%2A:/.'8 stored toether with the
M"%. &f the verification is unsuccessful- then the MG>:7 will indicate a failure to the M2. &f the verification is
successful- then the MG>:7 shall update "2Ml with "2Mp value and e(tract the MT% from the messae. The MG>:7
then provides the MT% to the M2.
&f M.1 verification is successful- the MG>:7 shall update in MG>:" the counter value in the Time "tamp payload
associated with the correspondin M"% &8.
'OT2 *D &t is advised for the implementers of MG>:" (either on the 3&11 or M2) to e(ercise caution when
implementin memory manaement for the MT% parameters (e.. MT% &8 field). 2.. on the 3&11- the
file 27M"% containin the M"%K&8s and related timestamps is mar#ed as a hih update activity file- but
that miht not be sufficient to avoid potential wear:out of the non:volatile memory- if the networ# uses a
very short MT% lifetime (e.. ; seconds). The approach chosen by implementers needs also to ta#e into
account the fact that users may roam and use the service in other networ#s than their home networ#.
Those networ#s may have a different confiuration.
The M2 shall store the two most recent MT%s used per M0M" streamin or download session. &n particular- if the M2
receives an MT% and already stores two other MT%s for that M0M" streamin or download session- then the 32 shall
#eep the newer and delete the older of the two stored MT%s before storin the received MT%. .ny MT%s stored in
association with a particular M0M" streamin or download session should be deleted at the end of that session.
&n the case of streamin- "/TP and "/T1P re?uire a master #ey and a master salt. The MT% is used as a common
master #ey for both "/TP and "/T1P- and the salt in the %2M.1 payload is used as master salt.
&n case of download service- #ey derivation as defined in section 9.,.3 of M&%2A GIH shall be used to derive
authentication and encryption #eys from MT% in the M2 usin the constants for authentication and encryption #eys
defined in table 9.,.3 of M&%2A GIH. .s there shall be no 1" field present for download services as specified in
clause <.9.;.3- csKid shall be set to +(++++++++ within the #ey derivation of section 9.,.3 of M&%2A GIH. The derived
authentication and encryption #eys shall be provided to the download protection protocol.
6.6 P!te"ti!* !6 t(e ta*#mitted ta66i"
6.6.1 Ge*eal
The data transmitted to the 32s is protected by a symmetric #ey (an MT%) that is shared by the 0M:"1 and 32s that
are accessin the M0M" 3ser "ervice. The protection of the data is applied by the 0M:"1 "ession and Transmission
7unction. &n order to determine which MT% was used to protect the data #ey identification information is included with
the protected data. The #ey identification information will uni?uely identify the M"% and MT%. The MT% is processed
accordin to the methods described in clauses <.9 and <.;. Rhenever data from an M0M" 3ser "ervice has been
decrypted- if it is to be stored on the 32 it will be stored decrypted.
'OT2D &ncludin the #ey identification information with the protected data stops the 32 tryin to decrypt and
render content for which it does not have the M"%.
6.6.2 P!te"ti!* !6 #teami*4 data
6.6.2.1 U#a4e !6 S&TP
Rhen it is re?uired to protect M0M" streamin data "/TP ("ecure /eal:time Transport Protocol) as defined in
/71 3B,, G,,H shall be used. The MT% is carried to the 32s from the 0M:"1 usin /71 3@3+ GIH (M&%2A) with
e(tensions defined accordin to this specification. MT% shall be used as the master #ey in "/TP #ey derivation to
3GPP
3GPP TS 33#$%& '"#(#) ($)($*($ 3& !elease "
derive the "/TP session #eys as defined in section 9.3 of /71 3B,, G,,H. . #ey derivation rate as defined in clause
<.9.; shall be used.
The correct MT% to use to decrypt the data is indicated usin the M%& (Master %ey identifier) field- which is included
in the "/TP pac#ets as defined in /71 3B,, G,,H. The form of M%& shall be a concatenation of M"% &8 and MT% &8-
i.e. M%& Q (M"% &8 SS MT% &8).
'OT2 ,D The 32 #nows the %ey 8omain &8 related to this M%& from the 3ser "ervice 8escription which includes
mappin between &P address and port of the traffic and the correspondin %ey 8omain &8 and M"% &8.
The "/TP authentication ta shall be appended to the pac#ets as defined in G**H.
'OT2 *D &n G**H it is specified that the /O1 is transferred in every /th "/TP pac#et. The specification furthermore
defines how the constant / and the interity transform is neotiated usin M&%2A.
The parameter- constant /- shall be included in the M"% delivery messaes.
'OT2 3D &n G**H it is specified that if the constant / is not sinalled then the default value , is to be used. =owever
e(plicit sinallin of / is here re?uired in each M"% delivery messae in order to re?uire the operator of
choosin the most optimal value for the "/TP stream. The default value of /Q, causes to add a /O1 to
each "/TP pac#et implyin that a M.1 of ,+ octets (proposed by G**H) and a /O1 of 9 octets will be
added to each "/TP pac#et in both mode /11m, and /11m*. .lso a /O1 of 9 octets will be added to
each "/TP pac#et in mode /11m3 (but no M.1).
"/TP security policy parameters- such as encryption alorithm- are transported in M&%2A "ecurity Policy payload as
defined in section <.,+., in /71 3@3+ GIH.
721 shall be applied beneath the "/TP layer as described within T" *<.39< G,3H
'OT2 9D This deviates from the default 721 order as described within /713B,, G,,H clause ,+. The reversed order
is not sinalled within the service protection description of the M0M" 3ser "ervice .nnouncement.
6.6.2.1) U#a4e !6 S&T-P
"ecure /T1P ("/T1P) provides the same security services to /T1P as "/TP does to /TP. .s defined in T" *<.39< G,3H
only /T1P sender reports are allowed in M0M".
.s defined in /71 3B,,G,,H "/T1P shall be applied to /T1P control pac#ets when "/TP is applied to /TP with the
followin profilinD
: 2ncryption of "/T1P pac#ets is optionalE
: "/T1P pac#ets shall be interity protected as defined in /71 3B,, G,,HE
: "/T1P shall share master #ey and master salt with the correspondin "/TP streamE
: "/T1P pac#ets shall carry the same M%& field value as the correspondin "/TP streamE
'OT2 ,D This is a conse?uence of sharin the same master #ey.
: "/T1P shall use the same encryption alorithm as correspondin "/TP session
'OT2 *D "/T1P does not need additional mechanisms- e.. /71 9BB, G**H- to synchroni!e the /O1 as "/T1P
header e(plicitly carries the "/T1P pac#et inde(.
6.6.2.2 Pa"@et '!"e##i*4 i* t(e UE
Rhen the "/TP module receives a pac#et- it will retrieve the correct cryptoraphic conte(t identified by destination
transport address- destination port and ""/1 (accordin to /71 3B,, G,,H)- chec# if it has the MT% correspondin to
the value in the M%& field in the "/TP cryptoraphic conte(t.
'OT2 ,D The cryptoraphic conte(t needs to be uni?ue for each "/TP stream.
'OT2 *D The "/TP module does not need to interpret the M%& field semantics. &t only chec#s whether it has the
MT% correspondin to the M%& value.
3GPP
3GPP TS 33#$%& '"#(#) ($)($*($ 3, !elease "
&f the chec# is successful- the "/TP module processes the pac#et accordin to the security policy.
&f the "/TP module does not have the MT%- it will re?uest the MT% correspondin to the M%& from the #ey
manaement module. Rhen the #ey manaement module returns a new MT%- the "/TP module will derive new
session #eys from the MT% and process the pac#et. =owever- if the #ey manaement module does not have the M"%
indicated by M%&- then it should fetch the M"% usin the methods discussed in the clause <.3.
&f the correct MT% is not present in the 32 when /TP traffic arrives- the 32 shall wait for the ne(t MT% update
procedure from the 0M:"1 as described in clause <.3.3.*.
'OT2 3D &t is implementation specific issue whether the 32 spools encrypted pac#ets or discards all pac#ets before
the 32 has received the correct MT%.
The below flow shows how the protected content is delivered to the 32.
# BM"SC
"/TP pac#et (M%&- auth ta)
.i/ure &#-0 :elivery of protected streamin/ content to the 21
6.6.3 P!te"ti!* !6 d!3*l!ad data
6.6.3.1 Ge*eal
8ata that belons to a download M0M" 3ser "ervice is decrypted as soon as possible by the 32- if the M"% needed to
provide the relevant MT% is already available on the 32.
6.6.3.2 U#a4e !6 =M) 7&M 7-+
'OT2D &f the OM. 8/M >*.+ 817 G,;H specification is upraded- these uprades do not apply for the present
document.
Rhen it is re?uired to protect M0M" download data- OM. 8/M >*.+ 817 as defined in reference G,;H shall be used.
M0M" download data are therefore indicated by minor version +(+++++++* in a 817. OM. 8/M /ihts Objects are
not utili!ed. &nstead- encryption and authentication #eys are enerated from MT%. 7or interity protection- an
OM.8/M"inature as specified below is attached inside the optional Mutable 8/M information bo( ($mdri$) of the
817.
The OM.8/M"inature 0o( is an e(tension to OM. 8/M >*.+ 817 for use by M0M"- and is defined as followsD
aligned(8) class OMADRMSignature extends Fullbox(odfs, version, flags)
!nsigned int(8) SignatureMet"od# $$ Signature Met"od
%"ar Signature&'# $$ Actual Signature
(
SignatureMet"od Field)
*!++ ,x,,
-MA%.S-A/ ,x,/
The rane of data for the =M.1 calculation shall be accordin to section ;.3 of reference G,;H.
The correct MT% for decryptin and verifyin the interity of the download data is indicated by the %ey&8 in the
OM.01."T%ey&nfo0o( $ob#i$ included in the 2(tended=eadersfield in the OM.8/M1ommon=eaders bo( (cf.
OM. 8/M P0" G*9H). The use of the $ob#i$ bo( by M0M" is as followsD
: %ey&ssuerPresent set to , if %ey&ssuer3/5 is provided (the 817 /ihts&ssuer3/5 field is not used)
: "T%MPresent set to + (no "T%M stored in file)
: T0%Present set to + (no Terminal0indin%ey used)
3GPP
3GPP TS 33#$%& '"#(#) ($)($*($ 3- !elease "
: T0%&ssuer3/5Present set to + (no T0%&ssuer3/5 present)
: %ey&8Type set to +(+* (reserved by OM. 01."T for 3GPP M0M"- identifies the %ey&8 for M0M" usae.
%ey&8 is the base<9 encoded concatenation (%ey 8omain &8 SS M"% &8 SS MT% &8).
&f the M0M" download data re?uires protection- see <.3.*.,.- then the 78T of the 753T2 protocol shall be interity
protectedby wrappin the 78T in a 817 of its own. The correct MT% for verifyin the interity of the 78T shall be
indicated by the%ey&8 in the OM.01."T%ey&nfo0o( $ob#i$ included in the 2(tended=eaders field in the
OM.8/M1ommon=eaders bo(.
The M0M" 817 implementation shall support the followin bo(es specified in OM. 8/M >*.+ 817 G,;HD
: 7i(ed 817 headerE
: Mutable 8/M information 0o(E
: OM. 8/M 1ontainer 0o(.
3GPP
3GPP TS 33#$%& '"#(#) ($)($*($ 3" !elease "
)**e0 ) (i*6!mati8e).
Tu#t m!del
The followin trust relationship between the roles that are participatin in M0M" services are proposedD
: the user trusts the home networ# operator to provide the M0M" service accordin to the service level
areementE
: the user trusts the networ# operator after mutual authenticationE
: the networ# trusts an authenticated user usin interity protection and encryption at /.' levelE
: the networ# may have trust or no trust in a content provider.
The home networ# and visited networ# trust each other when a roamin areement is defined- in the case the user is
roamin in a >P5M'.
3GPP
3GPP TS 33#$%& '"#(#) ($)($*($ %) !elease "
)**e0 9 (i*6!mati8e).
Se"uit$ t(eat#
9.1 T(eat# a##!"iated 3it( atta"@# !* t(e adi! i*te6a"e
The threats associated with attac#s on the radio interface are split into the followin cateories- which are described in
the followin clausesD
: unauthori!ed access to M0M" 3ser "ervice dataE
: threats to interityE
: denial of serviceE
: unauthori!ed access to M0M" 3ser "ervicesE
: privacy violation.
The attac#s on the M0M" service announcements to the users on the radio interface are not discussed here because in
case these are transferred on a point:to:point connection (e.. P" sinallin connection)- they are already secured. &n
case the service announcement is transferred over =TTP- it is protected by =TTP 8iest as defined in the current
specification andFor it may be interity protected and optionally encrypted at the /.' level. &n case the service
announcements are sent over M0M" bearer- it is impractical to protect them.
9.1.1 U*aut(!i#ed a""e## t! M9MS U#e Se8i"e data
A7D &ntruders may eavesdrop M0M" 3ser "ervice data on the air:interface.
A8D 3sers that have not joined and activated a M0M" 3ser "ervice receivin that service without bein
chared.
A9D 3sers that have joined and then left a M0M" 3ser "ervice continuin to receive the M0M" 3ser "ervice
without bein chared.
A:D >alid subscribers may derive decryption #eys (MT%) and distribute them to unauthori!ed parties.
'OT2D &t is assumed that the leitimate end user has a motivation to defeat the system and distribute the shared
#eys (M"%- MT%) that are a necessary feature of any broadcast security scheme.
9.1.2 T(eat# t! i*te4it$
B7D Modifications and replay of messaes in a way to fool the user of the content from the actual source- e..
replace the actual content with a fa#e one.
9.1.3 7e*ial !6 #e8i"e atta"@#
C7D Cammin of radio resources. 8eliberate manipulation of the data to disturb the communication.
9.1.4 U*aut(!i#ed a""e## t! M9MS U#e Se8i"e#
D7D .n attac#er usin the 3GPP networ# to ain Jfree accessJ of M0M" 3ser "ervices and other services on
another user$s bill.
D8D .n attac#er usin M0M" shared #eys (M"%- MT%) to ain free access to content without any
#nowlede of the service provider.
3GPP
3GPP TS 33#$%& '"#(#) ($)($*($ %( !elease "
'OT2D &t cannot be assumed that #eys held in a terminal are secure. 'o matter how the shared #eys (M"%-
MT%) are delivered to the terminal- we have to assume they can be derived in an attac#. 7or e(ample- the
shared #eys- while secure in the 3&11- may be passed over an insecure 3&11:M2 interface.
9.1.% Pi8a"$ 8i!lati!*
#7D The user identity could be e(posed to the content provider- in the case the content provider is located in
the 3GPP networ#- and then lin#ed to the content.
9.2 T(eat# a##!"iated 3it( atta"@# !* !t(e 'at# !6 t(e
#$#tem
The threats associated with attac#s on other parts of the system are split into the followin cateories- which are
described in the followin clausesD
: unauthori!ed access to dataE
: threats to interityE
: denial of serviceE
: a malicious 32 eneratin MT%s for malicious use later onE
: unauthori!ed insertion of M0M" user data and #ey manaement data.
9.2.1 U*aut(!i#ed a""e## t! data
&7D &t is assumed that the 0M:"1 and the GG"' are located in the same networ#. The 0M:"1 can thouh be
located in a different place than the GG"'- and therefore can open up for intruders who may eavesdrop
the interface Gi and Gmb between the 0M:"1 and GG"'.
&8D &ntruders may eavesdrop the interface between the content provider and the 0M:"1.
9.2.2 T(eat# t! i*te4it$
+7D &t is assumed that the 0M:"1 and the GG"' are located in the same networ#. The 0M:"1 can thouh be
located in a different place than the GG"'- and therefore can open up for new attac#s on the interfaces Gi
and Gmb between the 0M:"1 and GG"'.
+8: The interface between the content provider and the 0M:"1 may open up for attac#s as modifications of
multimedia content.
9.2.3 7e*ial !6 #e8i"e
,7D 8eliberated manipulation of the data between the 0M:"1 X:Y 1ontent Provider to disturb the
communication.
,8D 8eliberated manipulation of the data between the 0M:"1 X:Y GG"' to disturb the communication.
9.2.4 ) mali"i!u# UE 4e*eati*4 MT:# 6! mali"i!u# u#e late !*
!7D . malicious M2 ?ueryin the MT% eneration function for MT%$s to use them later on in an attac# (e..
in order to use the retrieved MT%s within an unauthori!ed data insertion attac#s ("ee 0.*.;)).
3GPP
3GPP TS 33#$%& '"#(#) ($)($*($ %$ !elease "
9.2.% U*aut(!i#ed i*#eti!* !6 M9MS u#e data a*d @e$
ma*a4eme*t data
07D .n M2- which deliberately inserts #ey manaement and malicious data- encrypted with valid (previously
retrieved) MT% from the MT% eneration function- within the M0M" 3ser "ervice stream.
08D .n M2- which deliberately inserts #ey manaement and malicious data- encrypted with old (usin
replayed #ey manaement messaes) MT%- within the M0M" 3ser "ervice stream.
09D .n attac#er- which deliberately inserts incorrect #ey manaement information within the M0M" 3ser
"ervice stream to cause 8enial of "ervice attac#s.
3GPP
3GPP TS 33#$%& '"#(#) ($)($*($ %3 !elease "
)**e0 - (*!mati8e).
M9MS #e"uit$ e?uieme*t#
-.1 &e?uieme*t# !* #e"uit$ #e8i"e a""e##
-.1.1 &e?uieme*t# !* #e"ue #e8i"e a""e##
/,aD . valid 3"&M or "&M shall be re?uired to access M0M" 3ser "ervices.
/,bD &t shall be possible to prevent intruders from obtainin unauthori!ed access of M0M" 3ser "ervices by
mas?ueradin as authori!ed users.
-.1.2 &e?uieme*t# !* #e"ue #e8i"e '!8i#i!*
/*aD &t shall be possible for the networ# (i.e. 0M:"1) to authenticate users at the start of- and durin- service
delivery to prevent intruders from obtainin unauthori!ed access to M0M" 3ser "ervices.
/*bD &t shall be possible to prevent the use of a particular 3"&M or "&M to access M0M" 3ser "ervices.
,=TE. ,! #e"uit$ e?uieme*t# #(all be 'la"ed !* t(e UE t(at e?uie# UE t! be "u#t!mi#ed t! a
'ati"ula "u#t!me 'i! t! t(e '!i*t !6 #ale.
-.2 &e?uieme*t# !* M9MS Ta*#'!t Se8i"e #i4*alli*4
'!te"ti!*
/3aD &t shall be possible to protect aainst unauthori!ed modification- insertion- replay or deletion of M0M"
transport service sinallin on the Gmb reference point.
'OT2 ,D This re?uirement may be fulfilled by physical or proprietary security measures if the Gmb protocol
endpoints (i.e. GG"'- Gmb:Pro(y and 0M:"1) are located within the same security domain of the
operatorUs networ#. Otherwise the security mechanisms as specified within T" 33.*,+ G,9H shall be
applied.
/3bD 3nauthori!ed modification- insertion- replay or deletion of all M0M" Transport "ervice sinallin- on the
/.' shall be prevented when the /.' selects a point:to:multipoint (ptm) lin# for the distribution of
M0M" data to the 32.
'OT2 *D 3T/.'F2:3T/.' bearer sinallin interity protection will not be provided for point to multipoint
M0M" sinallin and G2/.' has no bearer sinallin interity protection- even for point to point
sinallin.
-.3 &e?uieme*t# !* Pi8a"$
/9aD The 3ser identity should not be e(posed to the content provider or lin#ed to the content in the case the
1ontent Provider is located outside the 3GPP operator$s networ#.
/9bD M0M" identity and control information shall not be e(posed when the /.' selects a point:to:multipoint
lin# for the distribution of M0M" data to the 32.
'OT2D 3T/.'- 2:3T/.' and G2/.' bearer confidentiality protection will be not be provided for point to
multipoint M0M" sessions.
3GPP
3GPP TS 33#$%& '"#(#) ($)($*($ %% !elease "
-.4 &e?uieme*t# !* M9MS :e$ Ma*a4eme*t
/;aD The transfer of the M0M" #eys between the M0M" #ey enerator and the 32 shall be confidentiality
protected.
/;bD The transfer of the M0M" #eys between the M0M" #ey enerator and the 32 shall be interity
protected.
/;cD The 32 and M0M" #ey enerator shall support the operator to perform re:#eyin as fre?uently as it
believes necessary to ensure thatD
: users that have joined an M0M" 3ser "ervice- but then left- shall not ain further access to the
M0M" 3ser "ervice without bein chared appropriately
: users joinin an M0M" 3ser "ervice shall not ain access to data from previous transmissions in the
M0M" 3ser "ervice without havin been chared appropriately
: the effect of subscribed users distributin decryption #eys to non:subscribed users shall be
controllable.
/;dD Only authori!ed users that have joined an M0M" 3ser "ervice shall be able to receive M0M" #eys
delivered from the M0M" #ey enerator.
/;eD The M0M" #eys shall not allow the 0M:"1 to infer any information about used 32:#eys at radio level
(i.e. if they would be derived from it).
/;fD .ll #eys used for the M0M" 3ser "ervice shall be uni?uely identifiable. The identity may be used by the
32 to retrieve the actual #ey (based on identity match- and mismatch reconition) when an update was
missed or was erroneousFincomplete.
/;D The 0M:"1 shall be aware of where all M0M" specific #eys are stored in the 32 (i.e. M2 or 3&11).
/;hD The function of providin MT% to the M2 shall only deliver a MT% to the M2 if the input values used
for obtainin the MT% were fresh (have not been replayed) and came from a trusted source.
-.% &e?uieme*t# !* i*te4it$ '!te"ti!* !6 M9MS U#e
Se8i"e data
/<aD &t shall be possible to protect aainst unauthori!ed modification- insertion- replay or deletion of M0M"
3ser "ervice data sent to the 32 on the radio interface. The use of interity shall be optional.
'OT2 ,D &t may be possible to detect the deletion of M0M" data pac#ets- but it is impossible to prevent the
deletion. Pac#ets may be lost because of bad radio conditions- providin interity protection will not help
to detect or recover from this situation.
'OT2 *D The use of shared #eys (interity and confidentiality) to a roup of untrusted users only prevents attac#s
of lower levels of sophistication- such as preventin eavesdroppers from simply listenin in
/<bD The M0M" 3ser "ervice data may be interity protected with a common interity #ey- which shall be
available to all users that have joined the M0M" 3ser "ervice.
/<cD &t may be re?uired to interity protect the J0M:"1 : GG"'J interface i.e. reference point Gi.
3GPP
3GPP TS 33#$%& '"#(#) ($)($*($ %+ !elease "
-.6 &e?uieme*t# !* "!*6ide*tialit$ '!te"ti!* !6 M9MS
U#e Se8i"e data
/BaD &t shall be possible to protect the confidentiality of M0M" 3ser "ervice data on the radio interface.
/BbD The M0M" 3ser "ervice data may be encrypted with common encryption #eys- which shall be available
to all users that have joined the M0M" 3ser "ervice.
/BcD &t may be re?uired to encrypt the M0M" 3ser "ervice data on the J0M:"1 : GG"'J interface- i.e. the
reference points Gi.
/BdD &t shall be infeasible for a man:in:the:middle to bid down the confidentiality protection used on protect
the M0M" 3ser "ervice from the 0M:"1 to the 32.
/BeD &t shall be infeasible for an eavesdropper to brea# the confidentiality protection of the M0M" 3ser
"ervice when it is applied.
-.1 &e?uieme*t# !* "!*te*t '!8ide t! 9M-S-
e6ee*"e '!i*t
/@aD The 0M:"1 shall be able to authenticate and authori!e a 3
rd
party content provider that wishes to transmit
data to the 0M:"1.
/@bD &t shall be possible to interity and confidentiality protect data sent from a 3
rd
party content provider to the
0M:"1.
'OT2D This reference point will not be standardised.
3GPP
3GPP TS 33#$%& '"#(#) ($)($*($ %& !elease "
)**e0 7 (*!mati8e).
U5---ME i*te6a"e
7.1 MS: U'date P!"edue
This procedure is part of the M"% update procedure as described in clause <.; (>alidation and #ey derivation functions
in MG>:7).
The M2 has previously performed a G0.K3 bootstrappin procedure and a subse?uent G0.K3 '.7 8erivation
procedure as described in T" 33.**+ G<H. The 3&11 stores the correspondin %sKintK'.7 and associated 0:T&8
toether with the '.7K&d without the 3a security protocol identifier- associated with this particular bootstrappin
procedure.
The M2 receives a M&%2A messae containin an M"% update. .fter performin some validity chec#s- the M2 sends
the whole messae to the 3&11. The 3&11 uses the M3% &8 (included in the M&%2A messae- see clause <.,) to
identify the stored %sKintK'.7.
The 3&11 then uses %sKintK'.7 as the M3% value for M3% derivation and M"% validation and derivation (as
described in clause <.;.3).
.fter successful M"% 3pdate procedure the 3&11 stores the %ey 8omain &8- M"% &8- M"% and M"% >alidity Time
(in the form of MT% &8 interval).

3&11 M2
B( )rocedure *(! Update ode)
M&%2A
(uccess+$ailure, optional ,erification messa-e

.i/ure :#(0 MS7 2pdate Procedure
&n case the M"% update M&%2A messae is acceptable (i.e. the received M"% &8 corresponds to the last enerated
M3% in the 32- and the M"% 3pdate procedure has been performed successfully) and the >:bit was set in the =8/-
then a M"% >erification Messae as described in clause <.9.;.* (M"% >erification messae) shall be produced. The
3&11 uses the same M3% &8 and T"- which were received from the M"% M&%2A Messae (see clause <.,)- for the
M"% >erification Messae Generation.
7.2 V!id
7.3 MT: 4e*eati!* a*d 8alidati!*
This procedure is part of the MT% eneration and validation function as described in clause <.;.9 (MT% processin).
The M2 receives the M&%2A messae (containin =eader- Time stamp- %ey 8omain &8- M"% &8- MT% &8 Q "2Mp-
an encrypted MT%SS"alt (if salt is available) and M.1). .fter performin some validity chec#s- the M2 sends the whole
messae to the 3&11. The 3&11 computes the MG>:7 function as described in clause <.;. (>alidation and #ey
derivation functions in MG>:7). .fter successful MG>:7 procedure the 3&11 returns the MT%.
3GPP
3GPP TS 33#$%& '"#(#) ($)($*($ %, !elease "

3&11 M2
B( )rocedure *.! traffic ode)
M&%2A
B( )rocedure response
MT% SS "alt (if available)F 7ailure

.i/ure :#30 MT7 Generation and 'alidation
7.4 MS: deleti!* '!"edue
This procedure enables the M2 to control the deletion of M"%s stored on the 3&11 as described in clause <.3.*.,..
The M2 sends to the 3&11 the %ey 8omain &8 and %ey Group part of the M"% &8 to delete. The 3&11 deletes all
correspondin M"%s.

3&11 M2
!e' /omain 0/ 11 !e' Group
(uccess+$ailure

.i/ure :#%0 MS7 :eletion
7.% MU: deleti!* '!"edue
T(i# '!"edue e*able# t(e ME t! "!*t!l t(e deleti!* !6 MU:# #t!ed !* t(e U5--.
T(e ME #e*d# t(e MU: 57 t! t(e U5-- t! delete. T(e U5-- delete# t(e ta4eted MU: , t(e "!e#'!*di*4
G9) ,)+ :e$ (:#Ei*tE,)+ a##!"iated t! t(e #ame ,)+E57) #(all be deletedF t(e b!!t#ta''ed @e$ :# #(all
al#! be deleted i6 :# i# 'e#e*t a*d a##!"iated t! t(e #ame 9-T57.
#

3&11 M2
U! 0!
(uccess+$ailure

.i/ure :#+0 M27 :eletion
3GPP
3GPP TS 33#$%& '"#(#) ($)($*($ %- !elease "
)**e0 E (5*6!mati8e).
M5:EA 6eatue# *!t u#ed i* M9MS
: .n M0M" capable M2F3&11 and 0M:"1 do not need to implement the public #ey encryption method of
M&%2A (section 3.* of /71 3@3+ GIH) and related payloads- althouh mentioned in /71 3@3+ GIH as mandatory
for implementation.
: .n M0M" capable M2F3&11 and 0M:"1 do not need to implement the Time "tamp payload types 'TP:3T1
and 'TP of M&%2A (section <.< of /71 3@3+ GIH) althouh mentioned in /71 3@3+ GIH as mandatory for
implementation.
: .n M0M" capable M2F3&11 and 0M:"1 do not need to implement the .2" %ey Rrap alorithm of M&%2A
(section 9.*.3 and <.* of /71 3@3+ GIH).
3GPP
3GPP TS 33#$%& '"#(#) ($)($*($ %" !elease "
)**e0 + (*!mati8e).
M&: @e$ dei8ati!* 6! ME ba#ed M9MS @e$ ma*a4eme*t
The M/% shall be derived from the #ey %sK'.7 or %sKe(tK'.7 usin the G0. #ey derivation function (see .nne( 0
of T" 33.**+ G<H) as follows (see notation style is e(plained in .nne( 0 of T" 33.**+ G<H)D
: 71 Q +(+,-
: P+ Q Jmbms:mr#J (i.e. +(<d +(<* +(<d +(B3 +(*d +(<d +(B* +(<b)- and
: 5+ Q lenth of P+ is @ octets (i.e. +(++ +(+@).
The %ey to be used in #ey derivation shall beD
: %sK'.7 or %sKe(tK'.7 (i.e. '.7 specific #ey) as specified in T" 33.**+ G<H.
&n summary- the M/% shall be derived from the %sK'.7 or %sKe(tK'.7- and static strin Jmbms:mr#J as followsD
: M/% Q %87 (%sK'.7- Jmbms:mr#J) in case of G0.KM2 runE
: M/% Q %87 (%sKe(tK'.7- Jmbms:mr#J) in case of G0.K3 run.
3GPP
3GPP TS 33#$%& '"#(#) ($)($*($ +) !elease "
)**e0 G (*!mati8e).
<TTP ba#ed @e$ ma*a4eme*t me##a4e#
G.1 5*t!du"ti!*
1lause < specifies the =TTP based #ey manaement procedures between the 0M:"1 and the 32. &t specifies that the
authentication of these procedures is based on G0. and more specifically on the =TTP 8iest authentication as
described in clause <.* of the present document.
G.2 :e$ ma*a4eme*t '!"edue#
This clause contains the followin =TTP based proceduresD
: M0M" 3ser "ervice /eistrationE
: M0M" 3ser "ervice 8ereistrationE
: M"% re?uest.
G.2.1 M9MS U#e Se8i"e &e4i#tati!*
The 32 shall enerate a re?uest for M0M" 3ser "ervice /eistration accordin to clause <.3.*.,.. The 32 shall send
the /eistration re?uest for one or more M0M" 3ser "ervices to the 0M:"1 in the =TTP payload in a =TTP PO"T
re?uest. The /e?uest:3/& shall indicate the type of the messae- i.e. /eistration re?uest. 3pon successful re?uest-
0M:"1 shall return indication of success.
The 32 populates the =TTP PO"T re?uest as followsD
: the =TTP version shall be ,., which is specified in /71 *<,< G,IHE
: the base of the /e?uest:3/& shall contain the full 0M:"1 #ey manaement 3/& (e..
httpDFFbmsc.home,.netD,*39)E
: the /e?uest:3/& shall contain an 3/& parameter Jre?uesttypeJ that shall be set to JreisterJ- i.e. /e?uest:3/&
ta#es the form of JF#eymanaementZre?uesttypeQ reisterJE
: the 32 may add additional 3/& parameters to the /e?uest:3/&E
: the =TTP header 1ontent:Type shall be the M&M2 type of the payload- i.e. JapplicationFmbms:reisterW(mlJ.
The PM5 schema of the payload is specified in T" *<.39< G,3HE
: the =TTP payload shall contain re?uest includin a list of one or more user"ervice&ds of M0M" 3ser "ervices
to which the 32 wants to reisterE
: the 32 may add additional =TTP headers to the =TTP PO"T re?uest.
The 32 sends the =TTP PO"T to the 0M:"1. The 0M:"1 chec#s that the =TTP PO"T is valid- and e(tracts the
re?uest for further processin. The 0M:"1 %ey Manaement function shall verify that the subscriber is authori!ed to
reister to the particular M0M" 3ser "ervice.
3pon successful authori!ation verification- the 0M:"1 shall return the =TTP *++ O% to the 32.
The 0M:"1 shall populate =TTP response as followsD
: the =TTP status code in the =TTP status line shall be *++E
: the =TTP header 1ontent:Type shall be the M&M2 type of the payload- i.e. JapplicationFmbms:reister:
responseW(ml J. The PM5 schema of the payload is specified in T" *<.39< G,3HE
3GPP
3GPP TS 33#$%& '"#(#) ($)($*($ +( !elease "
: the =TTP payload shall contain a list includin one status code for each M0M" 3ser "ervice.
The 0M:"1 shall send the =TTP response to the 32. The 32 shall chec# that the =TTP response is valid.
G.2.2 M9MS U#e Se8i"e 7ee4i#tati!*
The 32 shall enerate a re?uest for M0M" 3ser "ervice 8ereistration accordin to clause <.3.*.,0. The 32 shall
send the 8ereistration re?uest for one or more M0M" 3ser "ervices to the 0M:"1 in the =TTP payload in a =TTP
PO"T re?uest. The /e?uest:3/& shall indicate the type of the messae- i.e. 8ereistration re?uest. 3pon successful
re?uest- 0M:"1 shall return indication of success.
: the /e?uest:3/& shall contain an 3/& parameter Jre?uesttypeJ that shall be set to JdereisterJ- i.e. /e?uest:3/&
ta#es the form of J#eymanaementZre?uesttypeQ dereisterJE
: the =TTP header 1ontent:Type shall be the M&M2 type of the payload- i.e. JapplicationFmbms:dereisterW(mlJ.
The PM5 schema of the payload is specified in T" *<.39< G,3HE
: the =TTP payload shall contain the re?uest includin a list of one or more user"ervice&ds of M0M" 3ser
"ervices from which the 32 wants to dereisterE
The 32 sends the =TTP PO"T to the 0M:"1. The 0M:"1 chec#s that the =TTP PO"T is valid- and e(tracts the
re?uest for further processin.
3pon successful authentication verification- the 0M:"1 shall return the =TTP *++ O% to the 32.
: the =TTP header 1ontent:Type shall be the M&M2 type of the payload- i.e. JapplicationFmbms:reister:
responseW(mlJ. The PM5 schema of the payload is specified in T" *<.39< G,3HE
: the =TTP payload shall contain a list includin one status code for each M0M" 3ser "ervice.
G.2.3 MS: e?ue#t
The 32 shall enerate a M"% re?uest accordin to clause <.3.*.*. The 32 shall send the M"% re?uest for one or more
M"%s to the 0M:"1 in the =TTP payload in a =TTP PO"T re?uest. The /e?uest:3/& shall indicate the type of the
messae- i.e.. M"% re?uest. 3pon successful re?uest- 0M:"1 shall return indication of success.
: the /e?uest:3/& shall contain an 3/& parameter Jre?uesttypeJ that shall be set to Jms#:re?uestJ- i.e. /e?uest:
3/& ta#es the form of JF#eymanaementZre?uesttypeQ ms#:re?uestJE
3GPP
3GPP TS 33#$%& '"#(#) ($)($*($ +$ !elease "
: the =TTP header 1ontent:Type shall be the M&M2 type of the payload- i.e.. JapplicationFmbms:ms#W(mlJ. The
PM5 schema of the payload is specified in T" *<.39< G,3HE
: the =TTP payload shall contain a list of one or more %ey 8omain &8 : M"% &8 pair(s) of the M"%s that the 32
wants to receiveE
The 32 sends the =TTP PO"T to the 0M:"1. The 0M:"1 chec#s that the =TTP PO"T is valid- and e(tracts the M"%
re?uest for further processin. The 0M:"1 %ey Manaement function shall verify that the subscriber is authori!ed to
receive the particular M"%s.
3pon successful authori!ation verification- the 0M:"1 shall return the =TTP *++ O% to the 32.
: the =TTP header 1ontent:Type shall be the M&M2 type of the payload- i.e.. J applicationFmbms:ms#:
responseW(mlJ. The PM5 schema of the payload is specified in T" *<.39< G,3HE
: the =TTP payload shall contain a list includin one status code for each M"%.
.n e(ample flow of a successful M"% re?uest procedure can be found in .nne( =.
G.2.4 E! #ituati!*#
The #ey manaement procedures may not be successful for multiple reasons. The error cases are indicated by usin 9((
and ;(( =TTP "tatus 1odes as defined in /71 *<,< G,IH. The 9(( status code indicates that the 32 seems to have
erred- and the ;(( status code indicates that the 0M:"1 is aware that it has erred. Possible error situations durin #ey
manaement and their mappins to =TTP "tatus 1odes are described in table G.*.9:,. The handlin of multiple status
codes within one response messae is specified in clause <.3.*.9.
'OT2D &n table G.*.9:,- the J8escriptionJ column describes the error situation in 0M:"1. The J0M:"1 errorJ
column describes the typical reason for the error.
3GPP
3GPP TS 33#$%& '"#(#) ($)($*($ +3 !elease "
Ta5le G#$#%*(0 ATTP Status 4odes used for 6ey mana/ement errors
ATTP Status
4ode
ATTP 1rror 21 should
repeat the
re;uest
:escription BM*S4 error
400 9ad &e?ue#t ,! &e?ue#t "!uld *!t be
u*de#t!!d
&e?ue#t 3a# mi##i*4, !
mal6!med
401 U*aut(!i;e
d
Ae# &e?ue#t e?uie# aut(e*ti"ati!*
("6. "lau#e 6.2)
)ut(e*ti"ati!* 'e*di*4,
("6. "lau#e 6.2)
402 Pa$me*t
&e?uied
,! &e#e8ed 6! 6utue u#e -
403 +!bidde* ,! 9M-S- u*de#t!!d t(e e?ue#t,
but i# e6u#i*4 t! 6ul6il it
T(e e?ue#t 3a# 8alid, but
#ub#"ibe i# *!t all!3ed t!
e4i#te t! t(i# 'ati"ula M9MS
U#e Se8i"e ! UE e?ue#ted
MS: 6! a M9MS U#e Se8i"e
3(ee it 3a# *!t e4i#teed !
e?ue#t "!*tai*ed u*a""e'table
'aamete#
404 ,!t +!u*d ,! 9M-S- (a# *!t 6!u*d a*$t(i*4
mat"(i*4 t(e &e?ue#t-U&5
T(e &e?ue#t-U&5 3a# mal6!med
a*d 9M-S- "a**!t 6ul6il t(e
e?ue#t
40% Met(!d *!t
all!3ed
,! T(e met(!d #'e"i6ied i* t(e
&e?ue#t-Li*e i# *!t all!3ed 6!
t(e e#!u"e ide*ti6ied b$ t(e
&e?ue#t-U&5.
406 t! 411 G ,! ,!t u#ed b$ 9M-S- -
%00 5*te*al
Se8e E!
,! ,!t u#ed b$ 9M-S- -
%01 ,!t
5m'leme*ted
,! 9M-S- d!e# *!t #u''!t t(e
e?ue#ted 6u*"ti!*alit$
T(e #e8e d!e# *!t "!*tai*
'ati"ula 9M-S- #e8i"e
e?ue#ted
%02 9ad
Gate3a$
,! ,!t u#ed b$ 9M-S- -
%03 Se8i"e
U*a8ailable
Ae# 9M-S- #e8i"e i# "ue*tl$
u*a8ailable
9M-S- i# tem'!ail$ u*a8ailable,
UE ma$ e'eat t(e e?ue#t a6te
dela$ i*di"ated b$ H&et$-)6teH
(eade
%04 Gate3a$
Time!ut
,! T(e #e8e, 3(ile a"ti*4 a# a
4ate3a$ ! '!0$, did *!t
e"ei8e a timel$ e#'!*#e 6!m
t(e u'#team #e8e
T(e 9M-S- did *!t 4et e#'!*#e
!8e I* i*te6a"e.
%0% <TTP
Ve#i!* ,!t
Su''!ted
,! 9M-S- d!e# *!t #u''!t t(e
<TTP '!t!"!l 8e#i!* t(at 3a#
u#ed i* t(e e?ue#t li*e
UE #(!uld u#e <TTP21.1 8e#i!*
3it( 9M-S-
3GPP
3GPP TS 33#$%& '"#(#) ($)($*($ +% !elease "
)**e0 < (i*6!mati8e).
Si4*alli*4 6l!3# 6! MS: '!"edue#
<.1 S"!'e !6 #i4*alli*4 6l!3#
This anne( ives e(amples of sinallin flows for the #ey manaement procedures.
<.2 Si4*alli*4 6l!3# dem!*#tati*4 a #u""e##6ul MS:
e?ue#t '!"edue
<.2.1 Su""e##6ul MS: e?ue#t '!"edue
The sinallin flow in fiure =.*.,:, describes the messae e(chane between 32 and 0M:"1 when 32 wants to
re?uest M"%.

UE
9M-S- 9S+
3. Ge*eati!* !6 ,)+
#'e"i6i" @e$ mateial
1. 5*itial MS: e?ue#t
2. 401 U*aut(!i;ed
4. )ut(e*ti"ated MS: e?ue#t
1. &e#'!*#e i*di"ati*4 #u""e##
%. I* i*te6a"e
6. )ut(e*ti"ati!* a*d
Membe#(i' +u*"ti!*
"(e"@
J. )ut(e*ti"ati!*
.i/ure A#$#(*(0 Successful MS7 re;uest procedure#
,. !nitial MS$ request (# to BM"SC) : see e(ample in table =.*.,:,
The 32 sends an =TTP re?uest to the 0M:"1 containin a M"% re?uest.
3GPP
3GPP TS 33#$%& '"#(#) ($)($*($ ++ !elease "
Ta5le A#$#(*(0 MS7 re;uest (21 to BM*S4
0OS1 $2e34anage4ent5re6uestt37e84s2.re6uest -110$/9/
-ost) b4sc9"o4e/9net)/:;<
%ontent.137e) a77lication$4b4s.4s2=x4l
%ontent.+engt") (999)
!ser.Agent) M>MSAgent# Release.? ;g77.gba
Date) 1"u, ,8 @an :,,< /,)A,);A BM1
Acce7t) C$C
Referrer) "tt7)$$b4sc9"o4e/9net)/:;<$service
DMSE re6uest >+O>F
'equest"'!: The /e?uest:3/& (the 3/& that follows the method name- JPO"TJ- in the first line) indicates the
resource of this PO"T re?uest. The /e?uest:3/& contains the parameter Jre?uesttypeJ which is set
to Jms#:re?uestJ to indicate to the 0M:"1 the desired re?uest type- i.e. 32 re?uests for one or
several M"%s.
,ost: "pecifies the &nternet host and port number of the 0M:"1- obtained from the oriinal 3/& iven
by referrin resource.
Content"Ty/e: 1ontains the media type JapplicationFmbms:ms#W(mlJ- i.e. M"% re?uest.
Content"1en*th: &ndicates the si!e of the entity:body- in decimal number of O1T2Ts- sent to the recipient.
ser"A*ent: 1ontains information about the user aent oriinatin the re?uest and it shall include the static
strin J3pp:baJ to indicate to the application server (i.e. '.7) that the 32 supports 3GPP:
bootstrappin based authentication.
Date: /epresents the date and time at which the messae was oriinated.
Acce/t: Media types which are acceptable for the response.
'eferrer: .llows the user aent to specify the address (3/&) of the resource from which the 3/& for the
0M:"1 was obtained.
'OT2 ,D This step is used to trier the G0.:based authentication between the 32 and the 0M:"1.
*. :;7 nauthori<ed res/onse (BM"SC to #) : see e(ample in table =.*.,:*
3pon receivin an =TTP re?uest that contains static strin J3pp:baJ in the 3ser:.ent header the 0M:"1
responds with =TTP response code 9+, J3nauthori!edJ which contains a RRR .uthenticate header. The
header instructs the 32 to use =TTP 8iest .uthentication with a bootstrapped security association.
Ta5le A#$#(*$0 %)( 2nauthoriBed response (BM*S4 to 21
-110$/9/ <,/ !naut"oriGed
Server) A7ac"e$/9;9:: (!nix) 4odH7erl$/9:I
Date) 1"u, ,8 @an :,,< /,)A,);A BM1
JJJ.Aut"enticate) Digest real48K;B00.bootstra77ingLb4sc9"o4e/9netK,
nonce8K??:Mfae<M;M;a,A;MI<A,MI8A,Ic<ef/K, algorit"48MDA, 6o78Kaut",aut".intK,
o7a6ue8KAccc,?Mc<,;ebafMf,/I/eMA/If;,e</K
Server: 1ontains information about the software used by the oriin server (0M:"1).
Date: /epresents the date and time at which the messae was oriinated.
==="Authenticate: The 0M:"1 challenes the user. The header instructs the 32 to use =TTP 8iest
.uthentication with a bootstrapped security association.
The options for the ?uality of protection (?op) attribute is by default Jauth:intJ meanin that the
payload of the followin =TTP re?uests and responses should be interity protected.
The realm attribute contains two parts delimited by J[J sin. The first part is a constant strin
J3GPP:bootstrappinJ instructin the 32 to use a bootstrapped security association. The second
part is the hostname of the server (i.e. 7M8' of the 0M:"1).
3GPP
3GPP TS 33#$%& '"#(#) ($)($*($ +& !elease "
3. +eneration of 2A& s/ecific (eys at #
The 32 verifies that the second part of the realm attribute does correspond to the server it is tal#in to.
32 derives the '.7 specific #ey material as specified in T" 33.**+ G<H. 32 further derives M0M" specific
#ey material M/% and M3% as specified in clause <.,.
'OT2 *D &f 32 does not have a bootstrapped security association available- it will obtain one by runnin
bootstrappin procedure over 3b interface.
9. Authenticated MS$ request (# to BM"SC) : see e(ample in table =.*.,:3
32 enerates the =TTP re?uest by calculatin the .uthori!ation header values usin the bootstrappin
transaction identifier 0:T&8 it received from the 0"7 as the username and the M/% (base<9 encoded) as the
password- and sends the re?uest to 0M:"1.
Ta5le A#$#(*30 Authenticated MS7 re;uest (21 to BM*S4
0OS1 $2e34anage4ent5re6uestt37e84s2.re6uest -110$/9/
-ost) b4sc9"o4e/9net)/:;<
!ser.Agent) M>MSAgent# Release.? ;g77.gba
Date) 1"u, ,8 @an :,,< /,)A,);A BM1
Acce7t) C$C
Referer) "tt7)$$b4sc9"o4e/9net)/:;<$service
Aut"oriGation) Digest userna4e8K(>.1ND)K, real48K;B00.bootstra77ingLb4sc9"o4e/9netK,
nonce8Ka?;;:ffd:d:;<88K, uri8K$b4sc9"o4e/9net$2e34anage4ent5re6uestt37e84s2.re6uestK, 6o78aut".int,
nc8,,,,,,,/, cnonce8K??:Mfae<M;M;a,A;MI<A,MI8A,Ic<ef/K, res7onse8K??:Mfae<M;M;a,A;MI<A,MI8A,Ic<ef/K,
o7a6ue8KAccc,?Mc<,;ebafMf,/I/eMA/If;,e</K, algorit"48MDA
DMSE re6uest >+O>F
Authori<ation: This carries the response to the authentication challene received in step * alon with the
username- the realm- the nonce- the 3/&- the ?op- the '1- the cnonce- the response- the opa?ue-
and the alorithm.
The ?op attribute is set to Jauth:intJ by default.
'OT2 3D &f step , was a PO"T re?uest then this re?uest would also be a PO"T re?uest and contain the same client
payload in the =TTP re?uest as was carried in step ,.
;. >n: 2A& s/ecific (ey /rocedure
0M:"1 retrieves the '.7 specific #ey material and &MP& of the user. 0M:"1 further derives M0M" specific
#ey material M/% and M3% as specified in clause <.,.
7or detailed sinallin flows see T" *I.,+I G*+H.
Ta5le A#$#(*%0 Bootstrappin/ authentication information procedure (BM*S4 to BS.
Messa/e source and
destination
Cn 3nformation element
name
3nformation Source in
G1T
:escription
,)+ t! 9S+ 9-T57 )ut(!i;ati!* T(e b!!t#ta''i*4 ta*#a"ti!*
ide*ti6ie i# e*"!ded i* t(e
u#e*ame 6ield a""!di*4 t! t(e
)ut(!i;ati!* '!t!"!l.
<. Authentication at BM"SC
0M:"1 verifies the .uthori!ation header by usin the bootstrappin transaction identifier 0:T&8 and the #ey
M/%. 0M:"1 calculates the correspondin diest values usin M/%- and compares the calculated values
with the received values in the .uthori!ation header.
The 0M:"1 also verifies that the hostname (i.e. its 7M8') in the realm attribute matches its own.
3GPP
3GPP TS 33#$%& '"#(#) ($)($*($ +, !elease "
&f the verification succeeds- the incomin client:payload re?uest is ta#en in for further processin. The 0M:
"1 continues processin of the M"% re?uest accordin to its internal policies. The 0M:"1 verifies that the
subscriber is allowed to receive the particular M"%(s) indicated in the M"% re?uest.
B. 'es/onse indicatin* success (BM"SC to #) : see e(ample in table =.*.,:;
The 0M:"1 sends *++ O% response to the 32 to indicate the success of the authentication and the M"%
re?uest. The 0M:"1 enerates a =TTP response. The 0M:"1 can use #ey M/% derived from '.7 #ey
material to interity protect and authenticate the response.
'OT2 ;D The re?uested M"% #eys are not delivered within the M"% re?uest procedure. They are delivered with a
separate M&%2A procedure- see clause <.3.*.3.
Ta5le A#$#(*+0 Successful ATTP response (BM*S4 to 21
-110$/9/ :,, OE
Server) A7ac"e$/9;9:: (!nix) 4odH7erl$/9:I
Aut"entication.Nnfo) 6o78aut".int, rs7aut"8K??:Mfae<M;M<a,A;MI<A,MI8A,Ic<ef/K,
cnonce8K??:Mfae<M;M;a,A;MI<A,MI8A,Ic<ef/K, nc8,,,,,,,/
Date) 1"u, ,8 @an :,,< /,)A,);A BM1
Ox7ires) Fri, ,M @an :,,< /,)A,);? BM1
DMSE res7onse >+O>F
Authentication"!nfo: This carries the protection.
#x/ires: Gives the dateFtime after which the response is considered stale.
@. Authentication at #
The 32 receives the response and verifies the .uthentication:&nfo header. &f the verification succeeds- the 32
can reard the M"% re?uest procedure as successful.
3GPP
3GPP TS 33#$%& '"#(#) ($)($*($ +- !elease "
)**e0 5 (i*6!mati8e).
E0am'le !6 u#i*4 MS:# a*d MT:# i* M9MS
The followin table shows an e(ample of two M0M" 3ser "ervices- sports Mobile T> channel and news Mobile T>
channel. 0oth of the M0M" 3ser "ervices include an M0M" 3ser "ervice "ession that downloads a jo#e per day. The
table shows how the M0M" 3ser "ervices are bro#en down into /TP sessions (each includin the data stream with
related /T1P) and 753T2 channels.
The table shows how M"%s and MT%s belonin to different %ey Groups are used to protect the /TP sessions and
753T2 channels. &t should be noted that the M0M" download session is shared with 3ser "ervices , and * so these
M0M" 3ser "ervices need to be able to share M"%s in %ey Group 1.
7urthermore the table shows how traffic could be carried over M0M" bearers- but this is not a security issue and is only
shown here for completeness.
Ta5le 3#(0 1<ample of usin/ MS7s and MT7s in MBMS
2ser
Service
level
2ser
Service
(
S'!t "(a**el 3it( K!@e !6 t(e da$
2ser
Service
$
,e3# "(a**el 3it( K!@e !6 t(e da$
2ser
Service
Session
level
2ser
Service
Session
M9MS Steami*4 Se##i!* (S'!t) M9MS
7!3*l!ad
Se##i!*
(L!@e 2 da$)
M9MS Steami*4 Se##i!* (,e3#)
'T-
session6
&1T#
channel
#teami*4 audi!
(&TP #e##i!*)
#teami*4 8ide!
(&TP #e##i!*)
6ile !bKe"t
d!3*l!ad
(+LUTE
"(a**el)
#teami*4 audi!
(&TP #e##i!*)
#teami*4 8ide!
(&TP #e##i!*)
7ey
mana/e
ment
level
7ey
:omain
M--2M,- M--2M,- M--2M,- M--2M,- M--2M,-
7ey
Group
:e$ G!u' ) :e$ G!u' 9 :e$ G!u' - :e$ G!u' 7 :e$ G!u' E
MS7
Dote (
MS: )1
("ue*t)
MS:
)2
(*e0t)
MS: 91 MS:
92
MS:
-1
MS:
-2
MS:
71
MS:
72
MS:
E1
MS:
E2
MT7
Dote (
MT: M MT
:
M MT: M MT
:
M M
T
:
M M
T
:
M MT
:
M M
T
:
M M
T
:
M M
T
:
M
Transpo
rt
Service
level
Transpo
rt
Service
M9MS 9eae , M9MS 9eae
,/1
M9MS
9eae ,/2
M9MS 9eae
,/3
M9MS 9eae
,/4
,!te 1. T(i# !3 (a# a time dime*#i!* t! illu#tate t(at MS:# a*d MT:# "a* be u'dated.
3GPP
3GPP TS 33#$%& '"#(#) ($)($*($ +" !elease "
)**e0 L (i*6!mati8e).
Ma''i*4 t(e M9MS #e"uit$ e?uieme*t# i*t! #e"uit$
6u*"ti!*# a*d me"(a*i#m
L.1 -!*#i#te*"$ "(e"@
L.1.1 &e?uieme*t# !* #e"ue #e8i"e a""e##
Security re;uirement 4hec6 result
&1a. ) 8alid US5M ! S5M #(all be e?uied t! a""e## M9MS
U#e Se8i"e#.
T(i# i# '!8ided b$ G9).
:#E(e0t2i*t)E,)+ 4e*eati!*
e?uie# a 8alid US5M ! S5M.
&1b. 5t #(all be '!##ible t! 'e8e*t i*tude# 6!m !btai*i*4
u*aut(!i;ed a""e## !6 M9MS U#e Se8i"e# b$
ma#?ueadi*4 a# aut(!i;ed u#e#.
G9) a*d <TTP di4e#t
aut(e*ti"ati!* '!8ide t(i#.
&2a. 5t #(all be '!##ible 6! t(e *et3!@ (i.e. 9M-S-) t!
aut(e*ti"ate u#e# at t(e #tat !6, a*d dui*4, #e8i"e
deli8e$ t! 'e8e*t i*tude# 6!m !btai*i*4 u*aut(!i;ed
a""e## t! M9MS U#e Se8i"e#.
) u#e i# aut(e*ti"ated dui*4 t(e
M9MS u#e #e8i"e e4i#tati!*
a*d MS: e-@e$i*4.
&2b. 5t #(all be '!##ible t! 'e8e*t t(e u#e !6 a 'ati"ula US5M
! S5M t! a""e## M9MS U#e Se8i"e#.
G)) u#e #e"uit$ #etti*4# '!8ide
t(i#.
L.1.2 &e?uieme*t# !* M9MS ta*#'!t Se8i"e #i4*alli*4 '!te"ti!*
&3a. 5t #(all be '!##ible t! '!te"t a4ai*#t u*aut(!i;ed
m!di6i"ati!*, i*#eti!*, e'la$ ! deleti!* !6 M9MS ta*#'!t
#e8i"e #i4*alli*4 !* t(e Gmb e6ee*"e '!i*t.
,7S25P "!8e# t(i#.
&3b. U*aut(!i;ed m!di6i"ati!*, i*#eti!*, e'la$ ! deleti!* !6 all
ta*#'!t #e8i"e #i4*alli*4, !* t(e &), #(all be 'e8e*ted
3(e* t(e &), #ele"t# a '!i*t-t!-multi'!i*t ('tm) li*@ 6! t(e
di#tibuti!* !6 M9MS data t! t(e UE.
E0am'le# !6 t(e atta"@# "!uld be.
- -(a*4i*4 t(e #!u"e adde##
!6 t(e "!*te*t e.4. 6!m
i*di"ati*4 "!m'a*$ ) t!
"!m'a*$ 9.
- -(a*4i*4 data i*di"ati*4 t(e
t$'e !6 "!*te*t 6!m t$'e ) t!
T$'e 9
- -(a*4i*4 data i*di"ati*4 t$'e
!6 '!te"ti!* e?uied et"
- )''e*di*4 "!*te*t t! t(e e*d
!6 t(e !i4i*al "!*te*t
)*al$#i# (a# #(!3* t(at t(ee i#
*!t a*$ ta*#'!t #e8i"e #i4*alli*4
#e*t !8e PTM t(at 3!uld *eed
'!te"ti!*.
3GPP
3GPP TS 33#$%& '"#(#) ($)($*($ &) !elease "
L.1.3 &e?uieme*t# !* Pi8a"$
&4a. T(e U#e ide*tit$ #(!uld *!t be e0'!#ed t! t(e "!*te*t
'!8ide ! li*@ed t! t(e "!*te*t i* t(e "a#e t(e -!*te*t
P!8ide i# l!"ated !ut#ide t(e 3GPP !'eat!N# *et3!@.
T(e "!*te*t '!8ide @*!3# !*l$
t(e 9M-S-.
&4b. M9MS ide*tit$ a*d "!*t!l i*6!mati!* #(all *!t be e0'!#ed
3(e* t(e &), #ele"t# a '!i*t-t!-multi'!i*t li*@ 6! t(e
di#tibuti!* !6 M9MS data t! t(e UE.
Su"( ide*tit$ a*d "!*t!l
i*6!mati!* "!uld be.
- T(e ide*titie# !6 t(e "!*te*t
'!8ide#
- 5*6!mati!* !* 3(i"( "!*te*t
'!8ide# (a8e t(e m!#t
"u#t!me#
- T(e ide*titie# !6 t(e "!*te*t
e"i'ie*t# i* t(e "a#e !6
multi"a#t #e8i"e# t! #mall
4!u'# !6 u#e#
5*6!mati!* 3(i"( "!uld be u#ed t!
ide*ti6$ #'e"i6i" u#e# i# *!t
e0'!#ed !* t(e '!i*t-t!-multi'!i*t
"(a**el. <!3e8e, it ma$ #till be
'!##ible t! ide*ti6$ 3(et(e a
'ati"ula u#e i# #ub#"ibed t! a
'ati"ula M9MS #e8i"e. T(i#
"!uld be d!*e b$ 6!ll!3i*4 t(e
'($#i"al m!8eme*t !6 a 'ati"ula
#ub#"ibe a*d t(e "(a*4e#
bet3ee* t(e u#e !6 '!i*t-t!-'!i*t
a*d '!i*t-t!-multi'!i*t beae# 6!
'ati"ula M9MS #e8i"e# i* t(e
"ell# t(at #e8e t(e ta4et
#ub#"ibe. 5t i# #ee* u**e"e##a$
t! '!te"t a4ai*#t t(i# @i*d !6 a*
atta"@.
T(e !*l$ "!*t!l i*6!mati!*
e0'!#ed !* t(e '!i*t-t!-multi'!i*t
"(a**el i# t(e u*'!te"ted 6ield# i*
t(e M5:EA MT: ta*#'!t
me##a4e. <!3e8e, e8eali*4 t(i#
i*6!mati!* d!e# *!t #eem t! '!#e
a #i4*i6i"a*t #e"uit$ i#@.
L.1.4 &e?uieme*t# !* M9MS :e$ Ma*a4eme*t
&%a. T(e ta*#6e !6 t(e M9MS @e$# bet3ee* t(e M9MS @e$
4e*eat! a*d t(e UE #(all be "!*6ide*tialit$ '!te"ted..
T(e MS: a*d MT: u'date
me##a4e# ae e*"$'ted.
&%b. T(e ta*#6e !6 t(e M9MS @e$# bet3ee* t(e M9MS @e$
4e*eat! a*d t(e UE #(all be i*te4it$ '!te"ted.
T(e MS: a*d MT: deli8eie# "a*
be i*te4it$ '!te"ted.
&%". T(e UE a*d M9MS @e$ 4e*eat! #(all #u''!t t(e !'eat!
t! 'e6!m e-@e$i*4 a# 6e?ue*tl$ a# it belie8e# *e"e##a$
t! e*#ue t(at.
u#e# t(at (a8e K!i*ed a* M9MS U#e Se8i"e, but t(e* le6t, #(all *!t
4ai* 6ut(e a""e## t! t(e M9MS U#e Se8i"e 3it(!ut bei*4
"(a4ed a''!'iatel$
u#e# K!i*i*4 a* M9MS U#e Se8i"e #(all *!t 4ai* a""e## t! data
6!m 'e8i!u# ta*#mi##i!*# i* t(e M9MS U#e Se8i"e
3it(!ut (a8i*4 bee* "(a4ed a''!'iatel$
t(e e66e"t !6 #ub#"ibed u#e# di#tibuti*4 de"$'ti!* @e$# t! *!*-
#ub#"ibed u#e# #(all be "!*t!llable.
Su''!ted b$ e-@e$i*4
6u*"ti!*alit$.
/;dD Only authori!ed users that have joined an M0M" 3ser "ervice
shall be able to receive M0M" #eys delivered from the M0M" #ey
enerator.
MS:# ae deli8eed !*l$ t!
aut(!i;ed u#e# a*d t(e deli8e$ i#
'!te"ted u#i*4 MU: le8el @e$#.
3GPP
3GPP TS 33#$%& '"#(#) ($)($*($ &( !elease "
&%e. T(e M9MS @e$# #(all *!t all!3 t(e 9M-S- t! i*6e a*$
i*6!mati!* ab!ut u#ed UE-@e$# at adi! le8el (i.e. i6 t(e$
3!uld be dei8ed 6!m it).
T(e #ame -: a*d 5: ae *!t u#ed
i* G9) a*d adi! le8el. 5* additi!*,
:#E(e0t2i*t)E,)+ 4e*eati!* u#e#
a !*e-3a$ 6u*"ti!*.
&%6. )ll @e$# u#ed 6! t(e M9MS U#e Se8i"e #(all be u*i?uel$
ide*ti6iable. T(e ide*tit$ ma$ be u#ed b$ t(e UE t! etie8e
t(e a"tual @e$ (ba#ed !* ide*tit$ mat"(, a*d mi#mat"(
e"!4*iti!*) 3(e* a* u'date 3a# mi##ed ! 3a#
e!*e!u#2i*"!m'lete
MU: i# ide*ti6ied b$ t(e
"!mbi*ati!* !6 9-T57 a*d ,)+-57
3it(!ut t(e Ua #e"uit$ '!t!"!l
ide*ti6ie, a*d t(e M&: i# de6i*ed
b$ 9-T57
MS: i# u*i?uel$ ide*ti6iable b$ it#
:e$ 7!mai* 57 a*d MS: 57
MT: i# u*i?uel$ ide*ti6iable b$ it#
:e$ 7!mai* 57, MS: 57 a*d MT:
57
&%4. T(e 9M-S- #(all be a3ae !6 3(ee all M9MS #'e"i6i" @e$#
ae #t!ed i* t(e UE (i.e. ME ! U5--).
T(e 9M-S- @*!3# 3(et(e
:#Ei*tE,)+ / :#Ee0tE,)+ !
:#E,)+ 3a# 4e*eated.
&%(. T(e 6u*"ti!* !6 '!8idi*4 MT: t! t(e ME #(all !*l$ deli8e a
MT: t! t(e ME i6 t(e i*'ut 8alue# u#ed 6! !btai*i*4 t(e
MT: 3ee 6e#( ((a8e *!t bee* e'la$ed) a*d "ame 6!m a
tu#ted #!u"e.
+e#(*e## i# "(e"@ed b$ MGV-+.
L.1.% &e?uieme*t# !* i*te4it$ '!te"ti!* !6 M9MS U#e Se8i"e data
&6a. 5t #(all be '!##ible t! '!te"t a4ai*#t u*aut(!i;ed
m!di6i"ati!*, i*#eti!*, e'la$ ! deleti!* !6 M9MS U#e
Se8i"e data #e*t t! t(e UE !* t(e adi! i*te6a"e. T(e u#e
!6 i*te4it$ #(all be !'ti!*al.
T(i# i# '!8ided at t(e a''li"ati!*
la$e u#i*4 S&TP ! =M) 7&M
7-+.
&6b. T(e M9MS U#e Se8i"e data ma$ be i*te4it$ '!te"ted
3it( a "!mm!* i*te4it$ @e$, 3(i"( #(all be a8ailable t! all
u#e# t(at (a8e K!i*ed t(e M9MS U#e Se8i"e.
7-+.
&6". 5t ma$ be e?uied t! i*te4it$ '!te"t t(e H9M-S- - GGS,H
i*te6a"e i.e. e6ee*"e '!i*t Gi.
T(i# "a* be '!8ided b$ ,7S25P.
L.1.6 &e?uieme*t# !* "!*6ide*tialit$ '!te"ti!* !6 M9MS U#e Se8i"e data
&1a. 5t #(all be '!##ible t! '!te"t t(e "!*6ide*tialit$ !6 M9MS
U#e Se8i"e data !* t(e adi! i*te6a"e.
7-+.
&1b. T(e M9MS U#e Se8i"e data ma$ be e*"$'ted 3it(
"!mm!* e*"$'ti!* @e$#, 3(i"( #(all be a8ailable t! all
u#e# t(at (a8e K!i*ed t(e M9MS U#e Se8i"e
7-+.
&1". 5t ma$ be e?uied t! e*"$'t t(e M9MS U#e Se8i"e data
!* t(e H9M-S- - GGS,H i*te6a"e, i.e. t(e e6ee*"e '!i*t#
Gi.
T(i# "a* be '!8ided b$ ,7S25P.
&1d. 5t #(all be i*6ea#ible 6! a ma*-i*-t(e-middle t! bid d!3* t(e
"!*6ide*tialit$ '!te"ti!* u#ed !* '!te"t t(e M9MS U#e
Se8i"e 6!m t(e 9M-S- t! t(e UE.
T(e 9M-S- de"ide# ab!ut t(e
#e"uit$ le8el. T(ee i# *! #e"uit$
a##!"iati!* *e4!tiati!* bet3ee*
t(e UE a*d t(e 9M-S-.
&1e. 5t #(all be i*6ea#ible 6! a* ea8e#d!''e t! bea@ t(e
"!*6ide*tialit$ '!te"ti!* !6 t(e M9MS U#e Se8i"e 3(e* it
i# a''lied.
7-+.
3GPP
3GPP TS 33#$%& '"#(#) ($)($*($ &$ !elease "
L.1.1 &e?uieme*t# !* "!*te*t '!8ide t! 9M-S- e6ee*"e '!i*t
&Ja. T(e 9M-S- #(all be able t! aut(e*ti"ate a*d aut(!i;e a 3
d
'at$ "!*te*t '!8ide t(at 3i#(e# t! ta*#mit data t! t(e
9M-S-.
T(e me"(a*i#m t! meet t(e
e?uieme*t i# le6t t! be
im'leme*ted bet3ee* t(e 9M-S-
a*d a 3d 'at$.
&Jb. 5t #(all be '!##ible t! i*te4it$ a*d "!*6ide*tialit$ '!te"t
data #e*t 6!m a 3
d
'at$ "!*te*t '!8ide t! t(e 9M-S-.
T(e me"(a*i#m t! meet t(e
e?uieme*t i# le6t t! be
im'leme*ted bet3ee* t(e 9M-S-
a*d a 3d 'at$.
L.2 -!*"lu#i!*#
0ased on the above results of the consistency chec# between the security re?uirements and security
functionsFmechanisms the M0M" security re?uirements have been ade?uately met.
3GPP
3GPP TS 33#$%& '"#(#) ($)($*($ &3 !elease "
)**e0 : (5*6!mati8e).
S&TP 6eatue# *!t u#ed i* M9MS
: .n M0M" capable M2 and 0M:"1 do not need to implement an "/TP #ey derivation rate different from !ero.
3GPP
3GPP TS 33#$%& '"#(#) ($)($*($ &% !elease "
)**e0 L (,!mati8e).
Multi"a#ti*4 M9MS u#e data !* 5ub
T" *;.939 G*BH specifies the possibility to use &P multicast G*;H- G*<H for 7.1= data streams on &ub &nterface. &n order
to protect the transfer of M0M" user plane data multicast between the /'1 and 'ode0s on the &ub interface over
unprotected &P networ# sements- it is re?uired to use &Psec 2"P with shared secrets accordin to /71 93+3 G*@H as
profiled by T" 33.*,+ G,9H section ;.3 with interity protection. The use of confidentiality protection is optional.
'OT2D &n case the &ub interfaces are physically protected- the above &Psec based protection is not needed and this is
rearded as a closed &P based /.'.
3GPP
3GPP TS 33#$%& '"#(#) ($)($*($ &+ !elease "
)**e0 M (i*6!mati8e).
&elati!* t! 5MS ba#ed M9MS u#e #e8i"e#
"ecurity procedures for &M" based M0M" 3ser "ervices are specified in T" *<.*3B G*IH.
3GPP
3GPP TS 33#$%& '"#(#) ($)($*($ && !elease "
)**e0 , (i*6!mati8e).
-(a*4e (i#t!$
4han/e history
:ate TSG E TSG :oc# 4! !ev 4at Su5ject/4omment Fld De8 G3
2003-11 SP-22 U'dated 3it( #!me edit!ial m!di6i"ati!* a*d
'e#e*ted t! t(e S) 'le*a$ 6! i*6!mati!*
0.3.0 1.0.0
2004-02 U'dated t! e6le"t "(a*4e# a4eed at S)3O32 1.0.0 1.1.0
2004-04 Mi*! "!e"ti!*# a4eed b$ e-mail di#"u##i!* 1.1.0 1.1.1
2004-0% U'dated t! e6le"t t(e de"i#i!*# ta@e* at
S)3O33
1.1.1 1.2.0
2004-06 Small edit!ial "!e"ti!*# 1.2.0 1.2.1
2004-01 U'dated t! e6le"t t(e de"i#i!*# ta@e* at
S)3O34
S3-040410, S3-040469, S3-040%%3, S3-
040%3%, S3-0404J9, S3-040%6%, S3-04%13,
S3-040620 (u'date !6 S3-040%J2), S3-040616
(u'date !6 S3-040491 8ia S3-04061J) a*d S3-
040611 (u'date !6 S3-040%J2 8ia S3-040619)
1.2.1 1.3.0
2004-09 Edit!ial u'date# a6te S)3O34 a*d #!me
"(a*4e# '!'!#ed b$ K!i*t S)32S)4 meeti*4
1.3.0 1.3.1
2004-09 SPE2% SP-040624 Edit!iall$ u'dated 6! 'e#e*tati!* t! TSG S)
O2% 6! a''!8al
1.3.1 2.0.0
2004-09 - - - - U'dated t! 86.0.0 a6te a''!8al b$ TSG S) 2.0.0 6.0.0
2004-12 SPE26 SP-040J%9 001 4 7eleti!* !6 M9MS @e$# #t!ed i* t(e ME 6.0.0 6.1.0
2004-12 SPE26 SP-040J%9 002 - -lai6i"ati!* !* @e$ ma*a4eme*t 6.0.0 6.1.0
2004-12 SPE26 SP-040J%9 00% 3 -lea* u' !6 M9MS TS 6.0.0 6.1.0
2004-12 SPE26 SP-040J%9 006 1 Ta66i" '!te"ti!* "!mbi*ati!*# 6.0.0 6.1.0
2004-12 SPE26 SP-040J%9 001 3 -lai6$i*4 ME a*d 9M-S- "a'abilitie# 6.0.0 6.1.0
2004-12 SPE26 SP-040J%9 009 1 M9MS MT: 7!3*l!ad ta*#'!t 6.0.0 6.1.0
2004-12 SPE26 SP-040J%9 010 3 M9MS Ta*#'!t !6 #alt 6.0.0 6.1.0
2004-12 SPE26 SP-040J%9 011 1 S&TP i*de0 #$*"(!*i#ati!* 3it(i* ME 6.0.0 6.1.0
2004-12 SPE26 SP-040J%9 012 2 -lai6$ t(e u#e !6 ma*dat!$ M5:EA 6eatue#
6! M9MS
6.0.0 6.1.0
2004-12 SPE26 SP-040J%9 014 - P!te"ti!* !6 t(e Gmb e6ee*"e '!i*t 6.0.0 6.1.0
2004-12 SPE26 SP-040J%9 01% 1 U#e !6 'aallel MS:# a*d MT:# 6.0.0 6.1.0
2004-12 SPE26 SP-040J%9 016 3 S"!'e !6 M9MS #e"uit$ 6.0.0 6.1.0
2004-12 SPE26 SP-040J%9 01J 4 -lai6i"ati!* !6 t(e 6!mat !6 MT: 57 a*d MS:
57
6.0.0 6.1.0
2004-12 SPE26 SP-040J%9 020 3 MT: u'date '!"edue 6! #teami*4 #e8i"e# 6.0.0 6.1.0
2004-12 SPE26 SP-040J%9 021 J -lai6i"ati!* !6 MS: @e$ ma*a4eme*t 6.0.0 6.1.0
2004-12 SPE26 SP-040J%9 022 1 M!di6i"ati!* !6 deli8e$ !6 M5:EA &),7 6ield
i* MS: u'date#
6.0.0 6.1.0
2004-12 SPE26 SP-040J%9 023 2 =M) 7&M 7-+ 6! '!te"ti!* !6 d!3*l!ad
#e8i"e#
6.0.0 6.1.0
2004-12 SPE26 SP-040J%9 02J 1 S(!te M:5 6.0.0 6.1.0
2004-12 SPE26 SP-040J%9 033 1 <a*dli*4 !6 M9MS ide*titie# a*d de6i*iti!*
"!m'leti!*2m!di6i"ati!*
6.0.0 6.1.0
200%-03 SPE21 SP-0%0143 034 2 <a*dli*4 !6 M9MS ide*titie# a*d de6i*iti!*
"!m'leti!*2m!di6i"ati!*
6.1.0 6.2.0
200%-03 SPE21 SP-0%0143 03% 1 ME ba#ed M9MS @e$ dei8ati!* 6! ME ba#ed
M9MS @e$ ma*a4eme*t
6.1.0 6.2.0
200%-03 SPE21 SP-0%0143 031 1 -!e"t t(e MS: 8ei6i"ati!* me##a4e
(a*dli*4
6.1.0 6.2.0
200%-03 SPE21 SP-0%0143 03J 2 -lai6$ MU: @e$ #$*"(!*i#ati!* 6! MS: 'u#(
'!"edue
6.1.0 6.2.0
200%-03 SPE21 SP-0%0143 039 - )dd mi##i*4 'at# !6 -&33 (S)3O36) 6.1.0 6.2.0
200%-03 SPE21 SP-0%0143 042 - )**e0 7.1. "!e"ti!* !6 t(e de#"i'ti!* !6 t(e
G9) u*
6.1.0 6.2.0
200%-03 SPE21 SP-0%0143 043 1 )li4*me*t a""!di*4 t! M5:EA elated 5ET+
3!@
6.1.0 6.2.0
200%-03 SPE21 SP-0%0143 044 1 -lai6i"ati!* !6 <TTP '!"edue# 6.1.0 6.2.0
200%-03 SPE21 SP-0%0143 04% 1 U#a4e !6 #e"uit$ '!li"$ 'a$l!ad 6.1.0 6.2.0
200%-03 SPE21 SP-0%0143 041 1 -lai6i"ati!* !6 MS: a*d MT: '!"edue# 6.1.0 6.2.0
200%-03 SPE21 SP-0%0143 049 2 MGV-+ 6u*"ti!*alit$ elated t! MT:-57 u''e
limit
6.1.0 6.2.0
200%-03 SPE21 SP-0%0143 0%1 1 U#i*4 t(e tem HM9MS U#e Se8i"eH i*#tead
!6 Hmulti"a#tH
6.1.0 6.2.0
200%-03 SPE21 SP-0%0143 0%2 1 5*t!du"ti!* !6 9M-S- #ub6u*"ti!*# 6.1.0 6.2.0
3GPP
3GPP TS 33#$%& '"#(#) ($)($*($ &, !elease "
200%-03 SPE21 SP-0%0143 0%3 - &em!8i*4 57i 6!m MT: me##a4e 6.1.0 6.2.0
200%-03 SPE21 SP-0%0143 0%4 2 M9MS d!3*l!ad '!te"ti!* detail# 6.1.0 6.2.0
200%-03 SPE21 SP-0%0143 0%% 1 &em!8al !6 Edit!# *!te# 6.1.0 6.2.0
200%-03 SPE21 SP-0%0143 0%6 - P!te"ti!* !6 M9MS Se8i"e )**!u*"eme*t
#e*t !8e M9MS beae
6.1.0 6.2.0
200%-03 SPE21 SP-0%0143 0%1 - 5*t!du"ti!* !6 mi##i*4 abbe8iati!*#, #$mb!l#
a*d de6i*iti!*#
6.1.0 6.2.0
200%-06 SP-2J SP-0%0266 0%J 1 - M:5 a*d aut(e*ti"ati!* ta4 le*4t( i* U#e
Se8i"e 7e#"i'ti!*
6.2.0 6.3.0 M9MS
200%-06 SP-2J SP-0%0266 0%9 1 - -lai6i"ati!* !6 :e$ d!mai* 57 i* #e8i"e
a**!u*"eme*t
6.2.0 6.3.0 M9MS
200%-06 SP-2J SP-0%0266 060 1 + :e$ u#a4e "lai6i"ati!* 6.2.0 6.3.0 M9MS
200%-06 SP-2J SP-0%0266 061 1 - =mitted MT: U'date E! Me##a4e 6.2.0 6.3.0 M9MS
200%-06 SP-2J SP-0%0266 062 1 7 Edit!ial "!e"ti!*# t! TS 33.246 6.2.0 6.3.0 M9MS
200%-06 SP-2J SP-0%0266 063 1 - -lai6i"ati!*# !* M9MS @e$ ma*a4eme*t 6.2.0 6.3.0 M9MS
200%-06 SP-2J SP-0%0266 064 1 + U#e !6 5MP5 i* M9MS 6.2.0 6.3.0 M9MS
200%-06 SP-2J SP-0%0266 06% - + -lai6i"ati!* !* -S9 57 a*d SP 'a$l!ad u#e 6.2.0 6.3.0 M9MS
200%-06 SP-2J SP-0%0266 066 - + M5ME t$'e adKu#tme*t# a""!di*4 t! LS S3-
0%0192
6.2.0 6.3.0 M9MS
200%-06 SP-2J SP-0%0266 061 - + &e#ult# !6 ma''i*4 t(e M9MS #e"uit$
e?uieme*t# i*t! #e"uit$ 6u*"ti!*# a*d
me"(a*i#m#
6.2.0 6.3.0 M9MS
200%-09 SP-29 SP-0%0%4J 006J - + -lai6$ +E- (a*dli*4 6.3.0 6.4.0 M9MS
200%-09 SP-29 SP-0%0%4J 0069 - + -lai6i"ati!* t! UE (a*dli*4 at e"e'ti!* !6
#e8i"e a**!u*"eme*t de#"i'ti!*
6.3.0 6.4.0 M9MS
200%-09 SP-29 SP-0%0%4J 0010 - + 9a"@-!66 'aamete bi*di*4 #"!'e 6.3.0 6.4.0 M9MS
200%-09 SP-29 SP-0%0%4J 0011 - + 57# a*d e*"!di*4 !6 M5:EA me##a4e# 6.3.0 6.4.0 M9MS
200%-09 SP-29 SP-0%0%4J 0012 - + M!8i*4 t(e EDT 'a$l!ad 6.3.0 6.4.0 M9MS
200%-09 SP-29 SP-0%0%4J 0013 - + <a*dli*4 !6 e-#e*t MS: me##a4e# 6.3.0 6.4.0 M9MS
200%-09 SP-29 SP-0%0%4J 0014 - + -lai6i"ati!* !6 MS: 57 i* #e8i"e
a**!u*"eme*t
6.3.0 6.4.0 M9MS
200%-09 SP-29 SP-0%0%4J 001% - + M!e t(a* !*e +P7, 6! @e$ ma*a4eme*t 6.3.0 6.4.0 M9MS
200%-09 SP-29 SP-0%0%%9 0016 - + ,)+ 5d ali4*me*t 3it( TS 33.220 6.3.0 6.4.0 SE-1-
S-
200%-09 SP-29 SP-0%0%4J 0011 - + :e$ 7!mai* 57 i* MS: e?ue#t 6.3.0 6.4.0 M9MS
200%-09 SP-29 SP-0%0%4J 001J - + 5de*ti6$i*4 "!e"t M5ME t$'e#, "!e"ti*4
8ai!u# edit!ial# a*d 3!*4 e6ee*"e#
6.3.0 6.4.0 M9MS
200%-12 SP-30 SP-0%0166 0019 - + &=- #$*"(!*i;ati!* 6.4.0 6.%.0 M9MS
200%-12 SP-30 SP-0%0166 00J0 - + -!e"ti!* !* MS: '!"e##i*4 i* "a#e !6
#!li"ited 'ull '!"edue
6.4.0 6.%.0 M9MS
200%-12 SP-30 SP-0%0166 00J1 - + <a*dli*4 #e8eal #tatu# "!de# i* !*e e#'!*#e
me##a4e
6.4.0 6.%.0 M9MS
200%-12 SP-30 SP-0%0166 00J2 - + 7e6i*iti!* !6 *e3e MS: 6.4.0 6.%.0 M9MS
2006-03 SP-31 SP-06004J 00J3 - + <a*dli*4 u*@*!3* M5:EA 'a$l!ad# i* MGV-+ 6.%.0 6.6.0 M9MS
2006-03 SP-31 SP-06004J 00J4 - + -lai6i"ati!* !6 MT: 57 e#et i* MS: u'date 6.%.0 6.6.0 M9MS
2006-06 SP-32 SP-0603J1 00J6 - + S5M a""e## t! M9MS 6.6.0 1.0.0 M9MS
2006-09 SP-33 SP-060491 00J1 - + 9M-S- "(!!#e# MU: li6etime le## t(a*
"!e#'!*di*4 G9) :e$ li6etime
1.0.0 1.1.0 M9MS
2006-09 SP-33 SP-060490 00J9 - ) -!e"ti*4 (tt' #$*ta0 !6 @e$ ma*a4eme*t
'!"edue#
1.0.0 1.1.0 M9MS
2006-09 SP-33 SP-060491 0090 - + -!e"ti!* !6 i*"!e"t de#"i'ti!* !6 9M-S- 1.0.0 1.1.0 M9MS
2006-09 SP-33 SP-060491 0091 - + -!e"ti!* !6 '!##ible @e$ 57 8alue# 1.0.0 1.1.0 M9MS
2006-09 SP-33 SP-060491 0092 - + &em!8al !6 M5:EA i*te*al @e$# 1.0.0 1.1.0 M9MS
2006-09 SP-33 SP-060491 0094 - ) &em!8i*4 T)G a*d M:5 le*4t( 6!m Se8i"e
)**!u*"eme*t
1.0.0 1.1.0 M9MS
2006-09 SP-33 SP-060649 009% 1 9 )dditi!* !6 a H2G G9) all!3edH 6la4 i* M9MS
u#e #e8i"e a**!u*"eme*t
1.0.0 1.1.0 M9MS
2006-12 SP-34 SP-060J03 0096 - + :e$# dei8ed 6!m MT: 1.1.0 1.2.0 M9MS
2006-12 SP-34 SP-060J03 0091 - + S&TP @e$ dei8ati!* ate #(all be ;e! 1.1.0 1.2.0 M9MS
2006-12 SP-34 SP-060194 009J 1 ) -lai6$ t(e u#e !6 M9MS U#e Se8i"e
&e4i#tati!*27ee4i#tati!* 6! '!te"ted
M9MS U#e Se8i"e#.
1.1.0 1.2.0 M9MS
2006-12 SP-34 SP-06019% 0101 1 ) -!e"ti!* !* t(e u#e !6 @e$ dei8ati!*
6u*"ti!*#
1.1.0 1.2.0 M9MS
2006-12 SP-34 SP-060J9J 0103 2 ) -!e"ti!* !6 t(e M5:EA E0te*#i!* 'a$l!ad
"!di*4
1.1.0 1.2.0 M9MS
2006-12 SP-34 SP-060J03 010% 1 + )ES :e$ >a' *!t e?uied 6! M9MS 1.1.0 1.2.0 M9MS
2006-12 SP-34 SP-060191 0101 1 ) -!e"ti!* t! t(e P!"e##i*4 !6 e"ei8ed
me##a4e# i* t(e ME
1.1.0 1.2.0 M9MS
2006-12 SP-34 SP-06019J 0109 1 + S'e"i6$ t(e aut(e*ti"ati!* @e$ le*4t( !6
M5:EA
1.1.0 1.2.0 M9MS
2006-12 SP-34 SP-060J03 0111 1 + T$'i"al MS: a*d MT: @e$ #i;e 1.1.0 1.2.0 M9MS
3GPP
3GPP TS 33#$%& '"#(#) ($)($*($ &- !elease "
2006-12 SP-34 SP-060199 0113 1 ) MT: #t!a4e ule# !* UE# 1.1.0 1.2.0 M9MS
2001-03 SP-3% SP-01014J 0116 1 - )ll!3 t(e 9M-S- t! e#e*t MT: me##a4e#
3it(!ut TS i*"eme*tati!*
1.2.0 1.3.0 M9MSE
2001-03 SP-3% SP-01014J 0111 1 + -lai6i"ati!* !* t(e u#e !6 t(e "!*#ta*t & 1.2.0 1.3.0 M9MSE
2001-03 SP-3% SP-01014J 011J 1 + -lai6i"ati!* !6 MS: me##a4e #tu"tue 1.2.0 1.3.0 M9MSE
2001-03 SP-3% SP-01014J 0119 1 + -lai6i"ati!* !6 MT: me##a4e #tu"tue 1.2.0 1.3.0 M9MSE
2001-03 SP-3% SP-010142 0121 1 ) M!di6i"ati!* t! ule# 6! MS: a*d MT:
ma*a4eme*t !* t(e UE
1.2.0 1.3.0 M9MS
2001-03 SP-3% SP-010143 0122 1 ) +7T '!te"ti!* 1.2.0 1.3.0 M9MS
2001-06 SP-36 SP-010334 0126 - ) Ma*dati*4 t(e #u''!t !6 M5:EA-&),7 le*4t(
!6 12J bit
1.3.0 1.4.0 M9MS
2001-06 SP-36 SP-010334 012J - ) )ddi*4 mi##i*4 e?uieme*t# ab!ut P7P
"!*te0t a*d 5P adde## (a*dli*4 6! 't' @e$
ma*a4eme*t
1.3.0 1.4.0 M9MS
2001-06 SP-36 SP-010334 0130 - ) )ddi*4 a mi##i*4 i*te3!@i*4 #"e*ai! 1.3.0 1.4.0 M9MS
2001-06 SP-36 SP-010334 0132 - ) +i0ed "#Eid 6! M5:EA P&+ i* "a#e !6
d!3*l!ad @e$ dei8ati!*
1.3.0 1.4.0 M9MS
2001-06 SP-36 SP-010334 0133 1 + -!e"t t(e S)LT @e$ 4e*eati!* dui*4 MS:
'!"e##i*4
1.3.0 1.4.0 M9MS
2001-06 SP-36 SP-010334 0131 1 ) G9) ,)+ :e$ a8ailabilit$ i* t(e U5-- 1.3.0 1.4.0 M9MS
2001-09 SP-31 SP-010%19 0141 1 ) -!e"t t(e e*"!di*4 !6 M9MS @e$
ma*a4eme*t '!"edue#
1.4.0 1.%.0 M9MS
2001-09 SP-31 SP-010%19 0143 - ) -!e"ti!* !6 7&M -!*te*t +!mat u#a4e 1.4.0 1.%.0 M9MS
2001-12 SP-3J SP-010191 0144 - + U#a4e !6 TE: a*d TG: i* M9MS 1.%.0 1.6.0 M9MS
200J-03 SP-39 SP-0J0149 0141 1 + -lai6i"ati!* !6 u#a4e !6 S&T-P i* M9MS 1.6.0 J.0.0 M9MS
200J-06 SP-40 SP-0J0266 0146 2 9 P!te"ti!* !6 5ub 3(e* multi"a#ti*4 M9MS
u#e data
J.0.0 J.1.0 M9MS
200J-06 SP-40 SP-0J0266 014J 1 + -lai6i"ati!* !6 UE 5P adde## i* M9MS J.0.0 J.1.0 M9MS
200J-06 SP-40 SP-0J0266 0149 1 + 5P "!**e"ti8it$ !6 t(e UE i* M9MS J.0.0 J.1.0 M9MS
200J-12 SP-42 SP-0J014J 01%1 1 + -lai6i"ati!* !6 M9MS aut(!i;ati!* J.1.0 J.2.0 TE5J
2009-03 SP-43 SP-090139 01%0 2 + E*"!di*4 !6 ide*titie# a# ,)5# J.2.0 J.3.0 TE5J
2009-06 SP-44 SP-09021% 01%2 - + )dd e6ee*"e t! 5MS ba#ed M9MS TS J.3.0 J.4.0 TE5J
2009-06 SP-44 SP-09021% 01%3 - + -lai6i"ati!* !6 Se8i"e P!te"ti!* 7e#"i'ti!* J.3.0 J.4.0 TE5J
2009-12 SP-46 SP-090J60 01%4 1 5m'a"t# !6 EPS t! M9MS #e"uit$ J.4.0 9.0.0 M9MSE
EPS
2012-12 SP-%J SP-120J60 016% 2 + Su''!t 6! multi'le 9M-S-# 9.0.0 9.1.0 TE59
2012-12 SP-%J SP-120J60 0169 -- + M5:EA-&),7 i* MT: me##a4e# 9.0.0 9.1.0 TE59
3GPP
3GPP TS 33#$%& '"#(#) ($)($*($ &" !elease "

Security in Multicase

Diunggah oleh

Informasi Dokumen

Judul Asli

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

Security in Multicase

Diunggah oleh

Hak Cipta:

Format Tersedia

3GPP TS 33.246 V9.1.

Anda mungkin juga menyukai