SUCI context shall be supported if "SUCI calculation is to be performed by the USIM" (i.e. Service No. 124 and Service No. 125 are "available"). The command returns the SUCI which is a privacy preserving identifier containing the concealed SUPI. The function is used in 5GS in the specific cases described in TS 33.501 prior to mutual authentication between the UE and the SN. The SUCI returned is calculated as described in TS 33.501. For the execution of the command, the following information shall be available in the USIM:

• Home network identifier (i.e. MCC and MNC when SUPI Type is IMSI or domain name when SUPI Type is Network Specific Identifier, Global Line Identifier or Global Cable Identifier) (see NOTE).
• Routing indicator (configured in EFRouting_Indicator).
• Home network public key (see Note).
• Home network public key identifier (see Note).
• Protection scheme identifier (see Note).
• SUPI.

The SUCI is designed for one-time use, however, the freshness and randomness of SUCI returned upon each call of the command depends on the protection scheme configured. There is the special case where the protection scheme used is null-scheme, in such case SUCI contains the non concealed SUPI. If the home network public key is not provisioned in the USIM, the SUCI shall be calculated using the null-scheme irrespective of the protection scheme stored in the USIM. The returned SUCI consists of the concatenation of the following information as described in TS 23.003:

• SUPI Type
• Home network identifier (i.e. MCC and MNC when SUPI Type is IMSI or domain name when SUPI Type is Network Specific Identifier, Global Line Identifier or Global Cable Identifier).
• Routing indicator.
• Protection scheme identifier.
• Home network pu33.501
• Scheme output, resulting from the protection scheme profile, identified by the protection scheme identifier. The protection scheme profile shall be one of those defined in Annex C of TS 33.501 or one of those specified by the Home network.
• Network Identifier for SNPN (NID) in case of SUCI in NAI format (see TS 23.003 for details) and if Service No. 146 is "available".

If SUCI context is supported and:

• Service No. 124 is not "available" or:
• "SUCI calculation is to be performed by the ME" (i.e. Service No. 124 is "available", and Service No. 125 is not "available")

the status word '6985' (Conditions of use not satisfied) shall be returned. In case the information required for the SUCI calculation as listed above is not correctly configured in the USIM, the USIM shall return an error status word as described in clause 7.3.2.

SUCI 5G NSWO context shall be supported if "SUCI calculation is to be performed by the USIM" (i.e. Service No. 124 and Service No. 125 are "available") and "5G NSWO support" is activated (i.e. Service No. 142 is "available"). The command returns the SUCI which is a privacy preserving identifier containing the concealed SUPI. The function is used in 5GS in the specific cases of NSWO authentication described in TS 33.501 Annex S. For the execution of the command, the following information shall be available in the USIM:

• Home network identifier (i.e. MCC and MNC when SUPI Type is IMSI) (see NOTE 1).
• Routing indicator (configured in EFRouting_Indicator).
• Home network public key (see NOTE 1).
• Home network public key identifier (see NOTE 1).
• Protection scheme identifier (see NOTE 1).
• SUPI (NOTE 2).
• Network Identifier for SNPN (NID) (NOTE 3).

The SUCI is designed for one-time use, however, the freshness and randomness of SUCI returned upon each call of the command depends on the protection scheme configured. There is the special case where the protection scheme used is null-scheme, in such case, SUCI contains the non concealed SUPI. If the home network public key is not provisioned in the USIM, the SUCI shall be calculated using the null scheme irrespective of the protection scheme stored in the USIM. The returned SUCI shall be in the NAI format as in TS 23.003 and is computed as described in TS 33.501 Annex S.3. If SUCI 5G NSWO context is supported and:

• Service No. 124 is not "available" or
• "SUCI calculation is to be performed by the ME" (i.e. Service No. 124 is "available", and Service No. 125 is not "available") or
• "5G NSWO support" is not activated (i.e. Service No. 142 is not "available")
  the status word '6985' (Conditions of use not satisfied) shall be returned.

In case the information required for the SUCI calculation as listed above is not correctly configured in the USIM, the USIM shall return an error status word as described in clause 7.3.2.

Command parameters/data: None Response parameters/data:

Byte(s)	Description	Length
1 to Le	SUCI TLV data object	Le

  Subscription Concealed Identifier TLV data object:

Description	Value	M/O/C	Length (bytes)
SUCI TLV data object tag	'A1'	M	1
Length	X	M	Note
SUCI value	--	M	X
NOTE: The length is coded according to ISO/IEC 8825-1 [35].

It contains the SUCI as defined in TS 33.501. When SUPI Type is IMSI, the SUCI is coded as part of 5GS mobile identity information element for type of identity "SUCI" and SUPI format "IMSI" defined in TS 24.501. The correspondence between the SUCI value and the octets of the above referenced 5GS mobile identity information element is provided below: Byte 1 corresponds to "octet 4" and the value is '01':

b8	b7	b6	b5	b4	b3	b2	b1
0	0	0	0	0	0	0	1

  From byte 2 to 4, the Home Network Identifier (i.e. MCC and MNC) is coded and corresponds from "octet 5" to "octet 7". Byte 5 and 6 code the Routing Indicator which correspond to "octet 8" and "octet 9". Byte 7 codes the Protection Scheme Identifier which corresponds to "octet 10". Byte 8 codes the Home Network Public Key Identifier which corresponds to "octet 11". Byte 9 corresponds to "octet 12". From Byte 9 onwards, the Scheme Output is coded and the length depends on the Protection Scheme used. When SUPI Type is Network Specific Identifier (i.e. service No. 130 is "available" and EFSUPI_NAI contains a Network Specific Identifier), the SUCI is coded as part of 5GS mobile identity information element for type of identity "SUCI" and SUPI format "Network specific identifier" defined in TS 24.501. The correspondence between the SUCI value and the octets of the above referenced 5GS mobile identity information element is provided below: Byte 1 corresponds to "octet 4" and the value is '11':

b8	b7	b6	b5	b4	b3	b2	b1
0	0	0	1	0	0	0	1

  Byte 2 corresponds to "octet 5". From byte 2 onwards, the SUCI NAI is coded as defined in TS 24.501. If service No. 146 is "available", the NID shall be part of the SUCI NAI and shall be coded as defined for EFNID (see clause 4.4.12.3), The 4 most significant bits of the Assignment mode byte shall be set to 0. When SUPI Type is Global Line Identifier (i.e. service No. 130 is "available" and EFSUPI_NAI contains a Global Line Identifier), the SUCI is coded as part of 5GS mobile identity information element for type of identity "SUCI" and SUPI format "Global Line Identifier" (GLI) defined in TS 24.501. The correspondence between the SUCI value and the octets of the above referenced 5GS mobile identity information element is provided below: Byte 1 corresponds to "octet 4" and the value is '31':

b8	b7	b6	b5	b4	b3	b2	b1
0	0	1	1	0	0	0	1

  Byte 2 corresponds to "octet 5". From byte 2 onwards, the SUCI NAI is coded as defined in TS 24.501. When SUPI Type is Global Cable Identifier (i.e. service No. 130 is "available" and EFSUPI_NAI contains a Global Cable Identifier), the SUCI is coded as part of 5GS mobile identity information element for type of identity "SUCI" and SUPI format "Global Cable Identifier" (GCI) defined in TS 24.501. The correspondence between the SUCI value and the octets of the above referenced 5GS mobile identity information element is provided below: Byte 1 corresponds to "octet 4" and the value is '21':

b8	b7	b6	b5	b4	b3	b2	b1
0	0	1	0	0	0	0	1

  Byte 2 corresponds to "octet 5". From byte 2 onwards, the SUCI NAI is coded as defined in TS 24.501.

Command parameters/data: None Response parameters/data:

Byte(s)	Description	Length
1 to Le	SUCI TLV data object	Le

  Subscription Concealed Identifier TLV data object:

Description	Value	M/O/C	Length (bytes)
SUCI TLV data object tag	'A1'	M	1
Length	X	M	Note
SUCI value	--	M	X
NOTE: The length is coded according to ISO/IEC 8825-1 [35].

It contains the SUCI in NAI format as defined in TS 33.501 Annex S. When SUPI Type is IMSI, the SUCI in NAI format is coded as part of 5GS mobile identity information element as defined in TS 24.501 Figure 9.11.3.4.4. The correspondence between the SUCI value and the octets of the above referenced 5GS mobile identity information element is provided below: Byte 1 corresponds to "octet 4" and the value is '01':

b8	b7	b6	b5	b4	b3	b2	b1
0	0	0	0	0	0	0	1

  Byte 2 corresponds to "octet 5". From byte 2 onwards, the SUCI NAI field contains an NAI constructed as specified in clause 28.7.3 of TS 23.003. If service No. 146 is "available", the NID shall be part of the SUCI NAI and shall be coded as defined for EFNID (see clause 4.4.12.3), The 4 most significant bits of the Assignment mode byte shall be set to 0.