Description
The Private Call Key Identifier (PCK-ID) is a critical security parameter within the 3GPP Mission Critical Services (MCS) architecture, specifically for Mission Critical Push-to-Talk (MCPTT). It functions as a unique label or reference to a specific Private Call Key (PCK), which is a symmetric cryptographic key. This key is used to protect private group calls, which are a core feature of MCPTT allowing a predefined, closed group of users to communicate securely. The PCK-ID is not the key itself but a handle used by the network and user equipment (UE) to identify which key should be used for a particular private group session.
The architecture involves several functional entities defined in 3GPP TS 23.280. The Key Management Server (KMS) is responsible for generating, distributing, and managing the lifecycle of Private Call Keys. When a private group is established or its key is updated, the KMS generates a new PCK and assigns it a unique PCK-ID. This PCK and its associated PCK-ID are then securely provisioned to the group members' UEs via the MCPTT server. The provisioning typically occurs over secure signaling channels, often leveraging the MCPTT service authorization and key establishment procedures.
During the setup of a private group call, the calling MCPTT client includes the relevant PCK-ID in the session initiation signaling (e.g., within SIP/SDP or specific MCPTT protocol messages). Upon receiving this, the called UEs use the PCK-ID to locate the corresponding PCK stored securely in their local key storage. Once the correct key is identified, it is used for media encryption (e.g., using AES) and message authentication for the duration of the call. This process ensures that only UEs possessing the key referenced by the PCK-ID can decrypt the media and verify the authenticity of the transmission, thereby enforcing group confidentiality and integrity.
The role of the PCK-ID extends beyond simple call setup. It is integral to key management operations such as key renewal, revocation, and synchronization. If a key is compromised or a member leaves the group, the KMS can generate a new PCK, assign a new PCK-ID, and distribute it to the remaining authorized members, effectively re-keying the group. The PCK-ID allows the system to clearly distinguish between the old and new keys, ensuring a seamless transition without service interruption. Its specification across multiple technical specifications (TS), including those for security (33-series) and protocol details (24-series and 29-series), underscores its foundational role in the end-to-end security model for mission-critical group communications.
Purpose & Motivation
The PCK-ID was introduced to address the stringent security requirements of professional and mission-critical communications, such as those used by public safety, emergency services, and utility organizations. Traditional commercial group communication services lacked the robust, managed cryptographic security needed for sensitive operations where eavesdropping or impersonation could have severe consequences. The primary problem solved by the PCK-ID is the secure and efficient binding of cryptographic keys to specific private communication groups within a scalable, standardized framework.
Historically, secure group voice communications often relied on proprietary systems or less dynamic key management, making interoperability difficult and key updates cumbersome. The 3GPP's standardization of Mission Critical Services (MCS) aimed to create a global, LTE/5G-based standard. A core requirement was enabling secure private group calls. The PCK-ID concept provides the necessary abstraction, allowing the key management infrastructure to update cryptographic material without changing the group's logical identity, and enabling UEs to unambiguously select the correct key from potentially several stored keys for different groups.
Its creation was motivated by the need for a standardized identifier that works in conjunction with 3GPP's security architecture for MCPTT, defined in TS 33.179 and TS 33.180. It solves the problem of key identification and lifecycle management in a network where users may belong to multiple private groups simultaneously. By using a PCK-ID, the system ensures that the correct key is applied for encryption and integrity protection of each private call, maintaining confidentiality and preventing unauthorized access, which is paramount for life-critical communications.
Classification
Detected Changes Across Releases
from 3GPP Change RequestsSpecific changes extracted from the „Change history“ tables of 3GPP specifications (12 CRs across 3 releases). Complements the general historical overview above with the evidence-based evolution of this function.
Studied in Rel-13, normative work from Rel-15.
In Release 15, the specification introduced updates to the Non-controlling MCPTT function for Multi Talker scenarios. This included the use of a passive floor request queue for monitoring received Floor Request messages and clarified procedures for handling media plane control messages over pre-established sessions for various call types, including private calls.
- Updates to Non-controlling MCPTT function for Multi Talker TS 24.380CR0183
In Release 17, the PCK-ID function was enhanced through corrections to enable private calls without floor control using a pre-established session. These alignments ensured that the media plane control protocols for call setup and release over such a session functioned correctly for this specific call type. The changes provided the necessary procedural corrections for establishing and managing these floor-control-exempt private calls within the pre-established session framework.
In Release 18, the PCK-ID (Private Call Key Identifier) function was not directly addressed in the provided grounding context or Change Request titles. The listed enhancements for MCPTT instead focused on areas such as integrating 5G Multicast-Broadcast Services (MBS) into the media plane, adding user identification within floor request messages, supporting media multiplexing, and providing corrections to the MCPTT User Identity field. Therefore, based solely on the given materials, no specific new features or changes for the PCK-ID function in Release 18 can be described.
- Addition of 5G MBS in MCPTT media plane TS 24.380CR0332
- Add timers and counters in the participating MCPTT function for MBS channel control TS 24.380CR0347
- MCPTT Adding user ID in Floor Request message from NCF to CF TS 24.380CR0348
- MCPTT support of multiplexing - SSRC used in RTCP signalling over 5MBS TS 24.380CR0363
- MCPTT support of multiplexing - SSRCs used for RTP audio and RTCP floor control TS 24.380CR0356
- Corrections to MCPTT User Identity field TS 24.380CR0365
+ 2 more changes
Explore further
Broader topics and technologies where PCK-ID plays a role.
Defining Specifications
3GPP specifications that define or reference PCK-ID, with the latest known release. Sourced from the 3GPP document catalog — see methodology.
| Specification | Title | Release |
|---|---|---|
| TS 24.380 vj10 | MCPTT Media Plane Control Protocol | Rel-19 |
| TS 24.581 vj00 | MCVideo Media Plane Control Protocol Specification | Rel-19 |
| TS 24.582 vj00 | MCData Media Plane Control Protocols | Rel-19 |
| TS 29.380 vj00 | MCPTT-LMR Interworking Media Plane Control | Rel-19 |
| TS 29.582 vj00 | MCData Interworking with LMR Systems | Rel-19 |
| TS 33.179 vdc0 | MCPTT Security Architecture and Procedures | Rel-13 |
| TS 33.180 vk00 | Security of Mission Critical (MC) Service | Rel-20 |
| TS 33.879 vd10 | MCPTT Security Study | Rel-13 |