OMA – SUPL Security SUPL 1.0 has reliable security for H-SLP non-emergency location of a SET 3GPP solution 1: GBA (Generic Bootstrap Architecture) support of PSK-TLS 3GPP solution 2: root certificate public key authentication of H-SLP by SET plus IP address binding to SET MSISDN to authenticate SET 3GPP2 solution: PSK-TLS using shared secret keys in H-SLP and SET (in SUPL 2.0, GBA is also being added) Copyright © April 2007 Open Mobile Alliance Ltd. All Rights Reserved.

OMA – SUPL Security SUPL 2.0 is adding security for Location of IP Based Emergency Calls An E-SLP in the serving network now replaces the normal H-SLP in the user’s home network E-SLP = H-SLP only if SET is not roaming (can then use SUPL 1.0 security) If SET is roaming, solutions 1 and 2 will be adapted for the E-SLP for both 3GPP and 3GPP2 Provisional details for solution2 (not yet approved) Define a default E-SLP FQDN based on the serving network MCC and MNC E-SLP can also include a different FQDN in the SUPL INIT SET can verify E-SLP IP address corresponds to the FQDN using DNS SET can authenticate E-SLP FQDN using a root certificate SET can also receive a white list of known E-SLPs (e.g. FQDNs) for its current location from the H-SLP (e.g. periodically) E-SLP can authenticate the SET using the known SET IP address used for the emergency call (e.g. as provided by the E-CSCF) TLS can then be used An alternate solution using tunneling of SUPL messages via the secure SIP connection between the SET and E-CSCF is also being studied which would avoid the need for additional authentication and ciphering capabilities Copyright © April 2007 Open Mobile Alliance Ltd. All Rights Reserved.