3GPP Mobile Broadcast Multicast Systems (MBMS) offering Mobile TV service is now requested by mobile operators. MBMS uses, for security purposes, 3GPP Generic Bootstrapping Architecture (GBA).
In the 3GPP specification TS 33.220 (e.g. BSF (Bootstrapping Server Function), GBA), section 4.5.3, TS 33.220 has following functions: “If the NAF shares a key with a UE (User equipment), but the NAF requires an update of that key, e.g. because the key's lifetime has expired or will expire soon, or the key can not meet the NAF local validity condition, it shall send a suitable bootstrapping renegotiation request to the UE. If the key's lifetime has expired, the protocol used over reference point Ua (to be described herein below) shall be terminated. The form of this indication depends on the particular protocol used over reference point Ua. If the UE receives a bootstrapping renegotiation request, it starts a run of the protocol over reference point Ub, as specified in clause 4.5.2 and 5.3 and Annex I, in order to obtain a new key Ks (referred to as master key information herein below).”
Furthermore, the MBMS security specification 3GPP TS 33.246 defines: “Along with the GBA-keys, the BSF shall send an IMPI (International Mobile Subscriber Persistent Identity) of the user (equipment) to the BM-SC (Broadcast-Multicast Service Center), which is the content providing server. When the UE has bootstrapped, the UE will use a new B-TID (Bootstrapping Transaction Identifier) over the Ua reference point. The IMPI is used in the BM-SC to bind the old and the new B-TID together.”
An MBMS service solicited pull procedure is the bootstrapping renegotiation request quoted above. The procedure is performed as e.g. described in 3GPP TS 33.246. The solicited pull procedure performs following steps:
1. A BM-SC (Broadcast-Multicast Service Center) (that may act as a GBA NAF) is configured to send an empty MIKEY (Multimedia Internet Keying) message to trigger the UE.
2. The UE is then be configured to perform a bootstrapping procedure which then results a new MUK (MBMS User Key). The UE is configured to contact the BSF and to run GBA as normal. Afterwards, the UE is configured to run a new MUK key, but the application server (BM-SC) has no information of the fact that the UE is configured to use a new MUK, i.e. that the UE can be taken into use for the service.
In an initial procedure of MBMS service, the BM-SC is configured to contact the GBA server after receiving a register request of the UE. During service procedure, however, the MUK update is slightly different: When a user (equipment) is using a valid MSK (MBMS Service Key) e.g. for watching TV program, then the UE does not need to register again (the UE is already registered).