Location Services Security Framework Update

1. Location Services Security Framework Update Phil Hawkes phawkes@qualcomm.com

2. Document Status • Assigned doc # S.P0110 • First draft distributed a week ago. • Baseline text to be agreed on conference call in 2 weeks. • TSG-S WG4 on schedule to have a stable document by April TSG-X WG2/ TSG-S WG4 joint meeting

3. Philosophy • Keys provisioned in (R-)UIM and H-PS • All key management occurs in (R-)UIM • Agreed to use pure TLS-PSK • TLS-RSA/DHE-PSK, etc., may be added in the future if deemed necessary. Would only require changes to ME, no ME-UIM interface changes

5. Questions for CSN • How many simultaneous PDE’s assigned? • We have assumed only one. • Are new spec’s for UIM OK? • We have assumed so. • Is message generation/ message expiry time currently included in SUPL_INIT/ SUPL_END? • Is expiry time currently included in SUPL_RESPONSE?

6. FYI: TLS-PSK Key Management Computed or Stored in ME Chosen by ME TLS-RSA-PSK EncryptedPreMasterSecret Randomly generated by ME and Server TLS-PSK 0...0 TLS-DHE-PSK Resulting DH key PSK Premaster _secret other_secret = + Initial Client_random, Server_random Master_secret PRF Client_random, Server_random PRF Computed or Stored In UIM session secrets MD5 Handshake_messages PRF SHA-1 Verify_data