If the s cscf has already two ha1 stored and yet

Info icon This preview shows pages 81–84. Sign up to view the full content.

View Full Document Right Arrow Icon
delete the old H(A1). If the S-CSCF has already two H(A1) stored, and yet another H(A1) is pushed or pulled to the S- CSCF, then the S-CSCF should delete the oldest H(A1) not yet successfully used. NOTE 4: The possibility for the S-CSCF to store two H(A1) needs to consider the fact that a user may be slow in taking the new H(A1) into use. An S-CSCF could receive more than one H(A1) pushed or pulled from the HSS between two SIP requests received from the user when the user for some reason changes his password repeatedly. In this case the last sentence of the previous paragraph applies. NOTE 5: It is implementation dependent in which order the S-CSCF tries the stored H(A1) values. As a default setting, it is suggested that the S-CSCF try a H(A1) received later before a H(A1) received earlier. It is recommended that older H(A1) are deleted some time after receiving a new H(A1), even if the new H(A1) value is not successfully used. A typical value for such time is recommended to be in the order of a few minutes to give the user enough time to take the new password into use. It is also recommended that a user is informed to stop using the old password immediately after having received a new one. An old password in the UE should be deleted as soon as a new password is available in the UE. 3GPP 3GPP TS 33.203 V12.67.0 (2014-0609) 81 Release 12
Image of page 81

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
NOTE 6: The above mechanism assumes that the user actively changes the password, and keeps both the old and new password confidential. In the event the user's password is changed due to the fact that it is compromised (e.g., loss of terminal etc), the usage of the above mechanism can lead to service misuse during the time the old password remains active as it is not immediately revoked. For such scenarios, an administrative de-registration prior to password change would ensure that the old H(A1) is not kept in the S-CSCF. 3GPP 3GPP TS 33.203 V12.67.0 (2014-0609) 82 Release 12
Image of page 82
Annex O (normative): Enhancements to the access security to enable TLS O.1 TLS O.1.1 TLS Access Security TLS access security and the requirements in this Annex shall not apply to access networks defined in 3GPP specifications. SIP Digest, as specified in Annex N, shall be used when TLS access security, as specified in Annex O, is used. When TLS as specified in Annex O is implemented and used, TLS shall be implemented and used according to the TLS profile specified in TS 33.310 [24], Annex E with the addition that TLS 1.0 ( RFC 2246 [34] ) shall also be supported. For all TLS versions the provisions on ciphersuites given in TS 33.310 [24], Annex E, shall apply. NOTE 1: It is likely that support of TLS 1.0 will no longer be mandatory in a future 3GPP release. The provisions in Annex O are optional for implementation. The provisions in Annex O are optional for use. NOTE 2: If the risk of man-in-the-middle attacks in the access network between UE and P-CSCF cannot be ruled out then the operator should configure the UEs such that the UEs always use either TLS, according to Annex O, or IPsec, according to the main body or Annex M, or abort the communication. Otherwise,
Image of page 83

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Image of page 84
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern