A unique International Mobile Subscription Identity (IMSI) shall be allocated to each mobile subscriber in the GSM/UMTS/EPS system.
In order to support the subscriber identity confidentiality service the VLRs, SGSNs and MME may allocate Temporary Mobile Subscriber Identities (TMSI) to visiting mobile subscribers. The VLR,SGSN and MME must be capable of correlating an allocated TMSI with the IMSI of the MS to which it is allocated.
An MS may be allocated three TMSIs, one for services provided through the MSC, one for services provided through the SGSN (P-TMSI for short) and one for the services provided via the MME (M-TMSI part GUTI for short).
For addressing on resources used for GPRS, a Temporary Logical Link Identity (TLLI) is used. The TLLI to use is built by the MS either on the basis of the P-TMSI (local or foreign TLLI), or directly (random TLLI).
In order to speed up the search for subscriber data in the VLR a supplementary Local Mobile Station Identity (LMSI) is defined.
The LMSI may be allocated by the VLR at location updating and is sent to the HLR together with the IMSI. The HLR makes no use of it but includes it together with the IMSI in all messages sent to the VLR concerning that MS.
Mobile Country Code (MCC) consisting of three digits. The MCC identifies uniquely the country of domicile of the mobile subscription;
Mobile Network Code (MNC) consisting of two or three digits for 3GPP network applications. The MNC identifies the home PLMN of the mobile subscription within its country of domicile, or it identifies together with MCC and NID the mobile subscription's SNPN. The length of the MNC (two or three digits) depends on the value of the MCC. A mixture of two and three digit MNC codes within a single MCC area is not recommended and is outside the scope of this specification.
Mobile Subscriber Identification Number (MSIN) identifying the mobile subscription within a PLMN or SNPN.
The SUPI is a globally unique 5G Subscription Permanent Identifier allocated to each subscriber in the 5G System. It is defined in clause 5.9.2 of TS 23.501.
The SUPI is defined as:
a SUPI type: in this release of the specification, it may indicate an IMSI, a Network Specific Identifier (NSI), a Global Line Identifier (GLI) or a Global Cable Identifier (GCI); and
SUPI Type, consisting in a value in the range 0 to 7. It identifies the type of the SUPI concealed in the SUCI. The following values are defined:
0: IMSI
1: Network Specific Identifier (NSI)
2: Global Line Identifier (GLI)
3: Global Cable Identifier (GCI)
4 to 7: spare values for future use.
Home Network Identifier, identifying the home network of the subscriber.
When the SUPI Type is an IMSI, the Home Network Identifier is composed of two parts:
Mobile Country Code (MCC), consisting of three decimal digits. The MCC identifies uniquely the country of domicile of the mobile subscription;
Mobile Network Code (MNC), consisting of two or three decimal digits. The MNC identifies the home PLMN or SNPN of the mobile subscription.
When the SUPI type is a Network Specific Identifier (NSI), a GLI or a GCI, the Home Network Identifier consists of a string of characters with a variable length representing a domain name as specified in Section 2.2 of RFC 7542. For a GLI or a GCI, the domain name shall correspond to the realm part specified in the NAI format for SUPI in clauses 28.15.2 and 28.16.2.
Routing Indicator, consisting of 1 to 4 decimal digits assigned by the home network operator and provisioned in the USIM, that allow together with the Home Network Identifier to route network signalling with SUCI to AUSF and UDM instances capable to serve the subscriber.
Each decimal digit present in the Routing Indicator shall be regarded as meaningful (e.g. value "012" is not the same as value "12"). If no Routing Indicator is configured on the USIM or the ME, this data field shall be set to the value 0 (i.e. only consist of one decimal digit of "0").
Protection Scheme Identifier, consisting in a value in the range of 0 to 15 (see Annex C.1 of TS 33.501). It represents the null scheme or a non-null scheme specified in Annex C of TS 33.501 or a protection scheme specified by the HPLMN; the null scheme shall be used if the SUPI type is a GLI or GCI.
Home Network Public Key Identifier, consisting in a value in the range 0 to 255. It represents a public key provisioned by the HPLMN or SNPN and it is used to identify the key used for SUPI protection. This data field shall be set to the value 0 if and only if null protection scheme is used;
Scheme Output, consisting of a string of characters with a variable length or hexadecimal digits, dependent on the used protection scheme, as defined below. It represents the output of a public key protection scheme specified in Annex C of TS 33.501 or the output of a protection scheme specified by the HPLMN.
Figure 2.2B-2 defines the scheme output for the null protection scheme.
The Mobile Subscriber Identification Number ("MSIN") is defined in clause 2.2; the "username" corresponds to the username part of a NAI, and it is applicable to SUPI types Network-Specific Identifier (clause 28.7.2), GLI (clause 28.16.2) or GCI (clause 28.15.2).
An anonymous SUCI is composed by setting the SUPI Type field to 1 (Network-Specific Identifier), using the null protection scheme, and where the scheme output corresponds to a username set to either the "anonymous" string or to an empty string (see Section 2.4 of RFC 7542).
The scheme output is formatted as a variable length of characters as specified for the username in Section 2.2 of RFC 7542.
Figure 2.2B-3 defines the scheme output for the Elliptic Curve Integrated Encryption Scheme Profile A.
The ECC ephemeral public key is formatted as 64 hexadecimal digits, which allows to encode 256 bits.
The ciphertext value is formatted as a variable length of hexadecimal digits.
The MAC tag value is formatted as 16 hexadecimal digits, which allows to encode 64 bits.
Figure 2.2B-4 defines the scheme output for the Elliptic Curve Integrated Encryption Scheme Profile B.
The ECC ephemeral public key is formatted as 66 hexadecimal digits, which allows to encode 264 bits.
The ciphertext value is formatted as a variable length of hexadecimal digits.
The MAC tag value is formatted as 16 hexadecimal digits, which allows to encode 64 bits.
Figure 2.2B-5 defines the scheme output for Home Network proprietary protection schemes.
The Home Network defined scheme output is formatted as a variable length of hexadecimal digits. Its format is not further defined in 3GPP specifications.
As examples, assuming the IMSI 234150999999999, where MCC=234, MNC=15 and MSISN=0999999999, the Routing Indicator 678, and a Home Network Public Key Identifier of 27:
the SUCI for the null protection scheme is composed of: 0, 234, 15, 678, 0, 0 and 0999999999
the SUCI for the Profile <A> protection scheme is composed of: 0, 234, 15, 678, 1, 27, <EEC ephemeral public key value>, <encryption of 0999999999> and <MAC tag value>
IMSI shall consist of decimal digits (0 through 9) only.
The number of digits in IMSI shall not exceed 15.
The allocation and assignment of Mobile Country Codes (MCCs) is administered by the ITU. The current assignment is available on ITU web site (https://www.itu.int/en/ITU-T/inr/Pages/default.aspx).
The assignment of Mobile network Codes (MNC) is the responsibility of each national numbering plan administrator. MNCs under MCC ranges 90x are administered by the ITU. The MSIN is the third field of the IMSI, and is administered by the relevant MNC assignee to identify individual subscriptions.
If more than one PLMN exists in a country, the same Mobile Network Code should not be assigned to more than one PLMN.
The allocation of IMSIs should be such that not more than the digits MCC + MNC of the IMSI have to be analysed in a foreign PLMN for information transfer.
Since the TMSI has only local significance (i.e. within a VLR and the area controlled by a VLR, or within an SGSN and the area controlled by an SGSN, or within an MME and the area controlled by an MME), the structure and coding of it can be chosen by agreement between operator and manufacturer in order to meet local needs.
The TMSI consists of 4 octets. It can be coded using a full hexadecimal representation.
In order to avoid double allocation of TMSIs after a restart of an allocating node, some part of the TMSI may be related to the time when it was allocated or contain a bit field which is changed when the allocating node has recovered from the restart.
In areas where both MSC-based services and SGSN-based services are provided, some discrimination is needed between the allocation of TMSIs for MSC-based services and the allocation of TMSIs for SGSN-based services. The discrimination shall be done on the 2 most significant bits, with values 00, 01, and 10 being used by the VLR, and 11 being used by the SGSN.
If intra domain connection of RAN nodes to multiple CN nodes as described in TS 23.236 is applied in the MSC/VLR or SGSN, then the NRI shall be part of the TMSI. The NRI has a configurable length of 0 to 10 bits. A configurable length of 0 bits indicates that the NRI is not used and this feature is not applied in the MSC/VLR or SGSN. The NRI shall be coded in bits 23 to 14. An NRI shorter than 10 bits shall be encoded with the most significant bit of the NRI field in bit 23.
The TMSI shall be allocated only in ciphered form. See also TS 43.020 and TS 33.102.
The network shall not allocate a TMSI with all 32 bits equal to 1 (this is because the TMSI must be stored in the SIM, and the SIM uses 4 octets with all bits equal to 1 to indicate that no valid TMSI is available).
To allow for eventual modifications of the management of the TMSI code space management, MSs shall not check if an allocated TMSI belongs to the range allocated to the allocating node. MSs shall use an allocated TMSI according to the specifications, whatever its value.
The LMSI consists of 4 octets and may be allocated by the VLR. The VLR shall not allocate the value zero. The value zero is reserved to indicate that an LMSI parameter sent from the HLR to the VLR shall not be interpreted.
A TLLI is built by the MS or by the SGSN either on the basis of the P-TMSI (local or foreign TLLI), or directly (random or auxiliary TLLI), according to the following rules.
The TLLI consists of 32 bits, numbered from 0 to 31 by order of significance, with bit 0 being the LSB.
A local TLLI is built by an MS which has a valid P-TMSI as follows:
bits 31 down to 30 are set to 1; and
bits 29 down to 0 are set equal to bits 29 to 0 of the P-TMSI.
A foreign TLLI is built by an MS which has a valid P-TMSI as follows:
bit 31 is set to 1 and bit 30 is set to 0; and
bits 29 down to 0 are set equal to bits 29 to 0 of the P-TMSI.
A random TLLI is built by an MS as follows:
bit 31 is set to 0;
bits 30 down to 27 are set to 1; and
bits 0 to 26 are chosen randomly.
An auxiliary TLLI is built by the SGSN as follows:
bit 31 is set to 0;
bits 30 down to 28 are set to 1;
bit 27 is set to 0; and
bits 0 to 26 can be assigned independently.
Other types of TLLI may be introduced in the future.
Part of the TLLI codespace is re-used in GERAN to allow for the inclusion of the GERAN Radio Network Temporary Identifier in RLC/MAC messages. The G-RNTI is defined in TS 44.118.
The structure of the TLLI is summarised in Table 1.
'T', 'R', 'A' and 'X' indicate bits which can take any value for the type of TLLI. More precisely, 'T' indicates bits derived from a P-TMSI, 'R' indicates bits chosen randomly, 'A' indicates bits chosen by the SGSN, 'G' indicates bits derived from the assigned G-RNTI and 'X' indicates bits in reserved ranges.
The P-TMSI Signature consists of 3 octets and may be allocated by the SGSN.
The network shall not allocate a P-TMSI Signature with all 24 bits equal to 1 (this is because the P-TMSI Signature must be stored in the SIM, and the SIM uses 3 octets with all bits equal to 1 to indicate that no valid P-TMSI signature is available.