Mission Critical Communications for public safety is of significant interest and considered very important in a telecom standardization industry, a national regulatory agency, a telecom service provider, a network vendor, a device manufacturer or the like. With the growing interest within the public safety and critical communications community of securing Long-Term Evolution (LTE) as the next-generation platform for the public safety communications, over traditional narrowband technologies such as Project 25 (P25) and Terrestrial Trunked Radio (TETRA) systems, Third Generation Partnership Project (3GPP) has established a new work-item Mission Critical Push To Talk (MCPTT) for Release 13. The main objective of this work in the 3GPP is to create single common standard that meets the needs of all critical communications users globally.
While Public Safety over LTE (PS-LTE) standards are already in development within the 3GPP with initiatives such as Proximity Services (ProSe) and Group Communication Services Enabler (GCSE). Since the 3GPP Release 12, the MCPTT is responsible for developing the overall application and service layer aspects of mission critical applications. It is however, expected that the MCPTT utilizes the underlying technologies such as ProSe and GCSE as necessary in order to realize the MCPTT requirements.
In order to support multiple deployment models for a MCPTT application, the management of application plane and signaling plane are handled by different organizations, it is envisioned that there will be two or more distinct identities i.e., some at the application plane and the others at the signaling plane. In other words, each plane or domain defines their own identities.
There are significant efforts in considering Internet Protocol (IP) Multimedia Subsystem (IMS) based Architecture (i.e., Session Initiation Protocol (SIP) core) for the MCPTT applications. However, for the MCPTT service, it may be required to use its own identity separate from mobile/service subscriber identities assigned by the IMS/LTE (e.g., Public Land Mobile Network (PLMN)) operator. This is due to the following MCPTT requirements.
The MCPTT service supports the MCPTT user with globally unique identities, independent of the International Mobile Subscriber Identity (IMSI) assigned by a 3GPP network operator to the UEs. The MCPTT identities shall be part of the MCPTT application service domain. The MCPTT identities shall form the basis of the MCPTT application layer security for the MCPTT service.
When the MCPTT UE is powered on, it accesses the LTE system, and connects to an Evolved Packet Core (EPC). During this phase, the credentials from a Universal Subscriber Identity Module (USIM) application (or possibly, the ISIM application, if the IMS is used) on a Universal Integrated Circuit Card (UICC) associated with the MCPTT UE is used for authentication with a Home Subscriber Server (HSS). This is followed by the MCPTT application, resident on the MCPTT UE, establishing a connection, employing MCPTT application layer security in its connection to the MCPTT service.
Further, in some scenarios when the MCPTT service provider and IMS operator are independent, it is required to have MCPTT user identity and mission critical organization confidentiality i.e., MCPTT ID hiding maintained between the MCPTT service provider and the IMS operator, due to the following MCPTT requirement. The MCPTT service shall support confidentiality of the identity of the Mission Critical Organization.
The MCPTT also has requirements for sharing UE from a pool of UEs i.e., each UE being interchangeable with any other, and users randomly choosing one or more UEs from the pool. Based on the MCPTT requirements and scenarios, it is required to establish, store and utilize the relationship between the MCPTT identities and the identities assigned by an IMS (SIP Core) operator for seamless operation of MCPTT service over IMS (SIP Core).
Thus, it is desired to address the above mentioned shortcomings or at least provide a useful alternative.
The principal object of the embodiments herein is to provide a method and system for identity management across multiple planes.
Another object of the embodiments herein is to provide a method and system for receiving, by a MCPTT server, a first request message to establish a call between a first MCPTT client and a second MCPTT client from a signaling plane entity.
Another object of the embodiments herein is to provide a method and system for translating, at the MCPTT server, the application plane identity of the second MCPTT client to a signaling plane identity of the second MCPTT client.
Another object of the embodiments herein is to provide a method and system for sending, by the MCPTT server, one or more second request messages including the signaling plane identity of the one or more second MCPTT clients to establish the call to the signaling plane entity.
Another object of the embodiments herein is to provide a method and system for encrypting an application plane identity of a first MCPTT client and an application plane identity of one or more second MCPTT clients in a first request message sent by the first MCPTT client.
Another object of the embodiments herein is to provide a method and system for decrypting an application plane identity of a first MCPTT client and an application plane identity of one or more second MCPTT clients.
Another object of the embodiments herein is to provide a method and system for encrypting a signaling plane identity of one or more second MCPTT clients in a request message sent by the MCPTT server.