Editing
My 3GPP 33.501 notes
(section)
Jump to navigation
Jump to search
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
=== 6.12.2 Subscription concealed identifier === ;subscription concealed identifier: A one-time use subscription identifier, called the SUbscription Concealed Identifier (SUCI), which contains the Scheme-Output, and additional non-concealed information needed for home network routing and protection scheme usage. The SUbscription Concealed Identifier, called SUCI, is a privacy preserving identifier containing the concealed SUPI. The UE shall generate a SUCI using a protection scheme with the raw public key, i.e. the Home Network Public Key, that was securely provisioned in control of the home network. The protection schemes shall be the ones specified in Annex C of this document or the ones specified by the HPLMN. The UE shall construct a scheme-input from the subscription identifier part of the SUPI as follows: * For SUPIs containing IMSI, the subscription identifier part of the SUPI includes the MSIN of the IMSI as defined in TS 23.003. * For SUPIs taking the form of a NAI, the subscription identifier part of the SUPI includes the "username" portion of the NAI as defined in NAI RFC 7542. The UE shall execute the protection scheme with the constructed scheme-input as input and take the output as the Scheme Output. The UE shall not conceal the Home Network Identifier and the Routing Indicator. For SUPIs containing IMSI, the UE shall construct the SUCI with the following data fields: * The SUPI Type as defined in TS 23.003 identifies the type of the SUPI concealed in the SUCI. * The Home Network Identifier is set to the MCC and MNC of the IMSI as specified in 23.003. * The Routing Indicator as specified in TS 23.003. * The Protection Scheme Identifier as specified in Annex C of this specification. * The Home Network Public Key Identifier as specified in this document and detailed in TS 23.003. * The Scheme Output as specified in this document and detailed in TS 23.003. For SUPIs containing Network Specific Identifier, the UE shall construct the SUCI in NAI format with the following data fields: * realm part of the SUCI is set to the realm part of the SUPI. * username part of the SUCI is formatted as specified in TS 23.003 using the SUPI Type, Routing Indicator, the Protection Scheme Identifier, the Home Network Public Key Identifier and the Scheme Output. :NOTE 1: The format of the SUPI protection scheme identifiers is defined in Annex C. :NOTE 2: The identifier and the format of the Scheme Output are defined by the protection schemes in Annex C. In case of non-null-schemes, the freshness and randomness of the SUCI will be taken care of by the corresponding SUPI protection schemes. :NOTE 2a: In case of null-scheme being used, the Home Network Public Key Identifier is set to a default value as described in TS 23.003. <span style="color:red">The UE shall include a SUCI only in the following 5G NAS messages</span>: * <span style="color:red">if the UE is sending a Registration Request message of type "initial registration" to a PLMN for which the UE does not already have a 5G-GUTI, the UE shall include a SUCI to the Registration Request message</span>, or * <span style="color:red">if the UE responds to an Identity Request message by which the network requests the UE to provide its permanent identifier, the UE includes a SUCI in the Identity Response message</span> as specified in clause 6.12.4. * <span style="color:red">if the UE is sending a De-Registration Request message to a PLMN during an initial registration procedure for which the UE did not receive the registration accept message with 5G-GUTI, the UE shall include the SUCI used in the initial registration to the De-Registration Request message</span>. :NOTE 3: In response to the Identity Request message, the UE never sends the SUPI. The UE shall generate a SUCI using "null-scheme" only in the following cases: * if the UE is making an unauthenticated emergency session and it does not have a 5G-GUTI to the chosen PLMN, or * if the home network has configured "null-scheme" to be used, or * if the home network has not provisioned the public key needed to generate a SUCI. If the operator's decision, indicated by the USIM, is that the USIM shall calculate the SUCI, then the USIM shall not give the ME any parameter for the calculation of the SUCI including the Home Network Public Key Identifier, the Home Network Public Key, and the Protection Scheme Identifier. If the ME determines that the calculation of the SUCI, indicated by the USIM, shall be performed by the USIM, the ME shall delete any previously received or locally cached parameters for the calculation of the SUCI including the SUPI Type, the Routing Indicator, the Home Network Public Key Identifier, the Home Network Public Key and the Protection Scheme Identifier. The operator should use proprietary identifier for protection schemes if the operator chooses that the calculation of the SUCI shall be done in USIM. If the operator's decision is that ME shall calculate the SUCI, the home network operator shall provision in the USIM an ordered priority list of the protection scheme identifiers that the operator allows. The priority list of protection scheme identifiers in the USIM shall only contain protection scheme identifiers specified in Annex C, and the list may contain one or more protection schemes identifiers. The ME shall read the SUCI calculation information from the USIM, including the SUPI, the SUPI Type, the Routing Indicator, the Home Network Public Key Identifier, the Home Network Public Key and the list of protection scheme identifiers. The ME shall select the protection scheme from its supported schemes that has the highest priority in the list are obtained from the USIM. The ME shall calculate the SUCI using the null-scheme if the Home Network Public Key or the priority list are not provisioned in the USIM. :NOTE 4: The above feature is introduced since additional protection schemes could be specified in the future for a release newer than the ME release. In this case, the protection scheme selected by older MEs may not be the protection scheme with the highest priority in the list of the USIM.
Summary:
Please note that all contributions to GotOpinion may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see
GotOpinion:Copyrights
for details).
Do not submit copyrighted work without permission!
Cancel
Editing help
(opens in new window)
Navigation menu
Personal tools
Not logged in
Talk
Contributions
Log in
Namespaces
Page
Discussion
English
Views
Read
Edit
Edit source
View history
More
Search
Navigation
Main page
Recent changes
Random page
Help about MediaWiki
Tools
What links here
Related changes
Special pages
Page information