5.3 Handling subscription identifier privacy for 5G
31.1213GPPRelease 16TSUICC-terminal interfaceUniversal Subscriber Identity Module (USIM) application test specification
5.3.1 SUCI calculation by ME using null scheme
5.3.1.1 Definition and applicability
If the operator’s decision is that ME shall calculate the SUCI, the home network operator shall provision a list of the Protection Scheme Identifiers in the USIM that the operator allows. The list of Protection Scheme Identifiers in the USIM may contain one or more Protection Scheme Identifiers in the order of their priority. The ME shall read the SUCI calculation information from the USIM, including the SUPI, the Home Network Public Key, the Home Network Public Key Identifier, and the list of Protection Scheme Identifiers. The ME shall select the protection scheme from its supported schemes that has the highest priority in the list obtained from the USIM.
The ME shall calculate the SUCI using the null-scheme if the highest priority of the protection schemes listed in the USIM is the null-scheme..
5.3.1.2 Conformance requirement
1) SUCI calculation procedure shall be performed by the ME if Service n°124 is "available" and Service n°125 is not "available" in EFUST
2) As part of the SUCI calculation performed by the ME, the ME performs the reading procedure for EFSUCI_Calc_Info.
3) The ME shall calculate the SUCI using the null-scheme if highest priority of the protection schemes listed in the USIM is the null-scheme.
Reference:
– TS 31.102 [4], clauses 4.4.11.8, 4.4.11.11, 5.3.47 and 5.3.51;
– TS 33.501 [41], clause Annex C;
– TS 24.501 [42], clause 5.5.1.2, 5.5.1.2.4.
5.3.1.3 Test purpose
1) To verify that the READ EFSUCI_Calc_Info, EFRouting_Indicator and EFIMSI commands are performed correctly by the ME.
2) To verify that the ME performs the SUCI calculation procedure using null-scheme.
5.3.1.4 Method of test
5.3.1.4.1 Initial conditions
The NG-SS transmits on the BCCH, with the following network parameters:
– TAI (MCC/MNC/TAC): 244/083/000001.
– Access control: unrestricted.
The default 5G-NR UICC is used with the following exception:
EFSUCI_Calc_Info (Subscription Concealed Identifier Calculation Information EF)
Logically:
Protection Scheme Identifier List data object
Protection Scheme Identifier 1 – null-scheme
Key Index 1: 0
Protection Scheme Identifier 2 – ECIES scheme profile B
Key Index 2: 1
Protection Scheme Identifier 3 – ECIES scheme profile A
Key Index 3: 2
Home Network Public Key List data object
Home Network Public Key 1 Identifier: 27
Home Network Public Key 1:
– 04 72 DA 71 97 62 34 CE 83 3A 69 07 42 58 67 B8 2E 07 4D 44 EF 90 7D FB 4B 3E 21 C1 C2 25 6E BC D1 5A 7D ED 52 FC BB 09 7A 4E D2 50 E0 36 C7 B9 C8 C7 00 4C 4E ED C4 F0 68 CD 7B F8 D3 F9 00 E3 B4
Home Network Public Key 2 Identifier: 30
Home Network Public Key 2:
– 5A 8D 38 86 48 20 19 7C 33 94 B9 26 13 B2 0B 91 63 3C BD 89 71 19 27 3B F8 E4 A6 F4 EE C0 A6 50
|
Coding: |
B1 |
B2 |
B3 |
B4 |
B5 |
B6 |
B7 |
B8 |
|
Hex |
A0 |
06 |
00 |
00 |
02 |
01 |
01 |
02 |
|
B9 |
B10 |
B11 |
B12 |
B13 |
B14 |
B15 |
B16 |
|
|
A1 |
6B |
80 |
01 |
1B |
81 |
41 |
04 |
|
|
B17 |
B18 |
B19 |
B20 |
B21 |
B22 |
B23 |
B24 |
|
|
72 |
DA |
71 |
97 |
62 |
34 |
CE |
83 |
|
|
B25 |
B26 |
B27 |
B28 |
B29 |
B30 |
B31 |
B32 |
|
|
3A |
69 |
07 |
42 |
58 |
67 |
B8 |
2E |
|
|
B33 |
B34 |
B35 |
B36 |
B37 |
B38 |
B39 |
B40 |
|
|
07 |
4D |
44 |
EF |
90 |
7D |
FB |
4B |
|
|
B41 |
B42 |
B43 |
B44 |
B45 |
B46 |
B47 |
B48 |
|
|
3E |
21 |
C1 |
C2 |
25 |
6E |
BC |
D1 |
|
|
B49 |
B50 |
B51 |
B52 |
B53 |
B54 |
B55 |
B56 |
|
|
5A |
7D |
ED |
52 |
FC |
BB |
09 |
7A |
|
|
B57 |
B58 |
B59 |
B60 |
B61 |
B62 |
B63 |
B64 |
|
|
4E |
D2 |
50 |
E0 |
36 |
C7 |
B9 |
C8 |
|
|
B65 |
B66 |
B67 |
B68 |
B69 |
B70 |
B71 |
B72 |
|
|
C7 |
00 |
4C |
4E |
ED |
C4 |
F0 |
68 |
|
|
B73 |
B74 |
B75 |
B76 |
B77 |
B78 |
B79 |
B80 |
|
|
CD |
7B |
F8 |
D3 |
F9 |
00 |
E3 |
B4 |
|
|
B81 |
B82 |
B83 |
B84 |
B85 |
B86 |
B87 |
B88 |
|
|
80 |
01 |
1E |
81 |
20 |
5A |
8D |
38 |
|
|
B89 |
B90 |
B91 |
B92 |
B93 |
B94 |
B95 |
B96 |
|
|
86 |
48 |
20 |
19 |
7C |
33 |
94 |
B9 |
|
|
B97 |
B98 |
B99 |
B100 |
B101 |
B102 |
B103 |
B104 |
|
|
26 |
13 |
B2 |
0B |
91 |
63 |
3C |
BD |
|
|
B105 |
B106 |
B107 |
B108 |
B109 |
B110 |
B111 |
B112 |
|
|
89 |
71 |
19 |
27 |
3B |
F8 |
E4 |
A6 |
|
|
B113 |
B114 |
B115 |
B116 |
B117 |
||||
|
F4 |
EE |
C0 |
A6 |
50 |
The UICC is installed into the ME.
5.3.1.4.2 Procedure
a) The UE is switched on.
b) The UE sends REGISTRATION REQUEST to the NG-SS indicating the 5GS registration type IE as "initial registration" and 5GS mobile identity information element type "SUCI".
c) Upon reception of REGISTRATION ACCEPT message with a 5G-GUTI, the UE sends REGISTRATION COMPLETE message to the NG-SS.
5.3.1.5 Acceptance criteria
1) After step a) the ME shall read EFIMSI, EFRouting_Indicator and EFSUCI_Calc_Info.
2) In step b) the UE shall include the SUCI as coded below in the 5GS mobile identity IE in the REGISTRATION REQUEST.
SUPI format: 0
Home Network Identifier: 246/081
Routing indicator: 17
Protection scheme id: 00
Home network public key Id: 0
Scheme output: 357935793
5.3.2 SUCI calculation by ME using Profile B
5.3.2.1 Definition and applicability
If the operator’s decision is that ME shall calculate the SUCI, the home network operator shall provision a list of the Protection Scheme Identifiers that the operator allows in the USIM. The list of Protection Scheme Identifiers in the USIM may contain one or more Protection Scheme Identifiers in order of their priority. The ME shall read the SUCI calculation information from the USIM, including the SUPI, the Home Network Public Key, the Home Network Public Key Identifier, and the list of Protection Scheme Identifiers. The ME shall select the protection scheme from its supported schemes that has the highest priority in the list obtained from the USIM.
5.3.2.2 Conformance requirement
1) SUCI calculation procedure shall be performed by the ME if Service n°124 is "available" and Service n°125 is not "available" in EFUST
2) As part of the SUCI calculation performed by the ME, the ME performs the reading procedure with EFSUCI_Calc_Info.
3) The ME shall calculate the SUCI using the ECIES scheme profile B if highest priority of the protection schemes listed in the USIM is the ECIES scheme profile B.
Reference:
– 3GPP TS 31.102 [4], clauses 4.4.11.8, 4.4.11.11, 5.3.47 and 5.3.51;
– 3GPP TS 33.501 [41], clause Annex C;
– 3GPP TS 24.501 [42], clause 5.5.1.2, 5.5.1.2.4.
5.3.2.3 Test purpose
1) To verify that the READ EFRouting_Indicator, EFSUCI_Calc_Info and EFIMSI commands are performed correctly by the terminal.
2) To verify that the ME performs the SUCI calculation procedure using the profile with the highest priority (i.e. ECIES scheme profile B and the home network public key).
5.3.2.4 Method of test
5.3.2.4.1 Initial conditions
The NG-SS transmits on the BCCH, with the following network parameters:
– TAI (MCC/MNC/TAC): 244/083/000001.
– Access control: unrestricted.
The default 5G-NR UICC is used and the UICC is installed into the ME.
The NG-SS shall be configured with Home Network Private Key as following:
|
Coding: |
B1 |
B2 |
B3 |
B4 |
B5 |
B6 |
B7 |
B8 |
|
Hex |
F1 |
AB |
10 |
74 |
47 |
7E |
BC |
C7 |
|
B9 |
B10 |
B11 |
B12 |
B13 |
B14 |
B15 |
B16 |
|
|
F5 |
54 |
EA |
1C |
5F |
C3 |
68 |
B1 |
|
|
B17 |
B18 |
B19 |
B20 |
B21 |
B22 |
B23 |
B24 |
|
|
61 |
67 |
30 |
15 |
5E |
00 |
41 |
AC |
|
|
B25 |
B26 |
B27 |
B28 |
B29 |
B30 |
B31 |
B32 |
|
|
44 |
7D |
63 |
01 |
97 |
5F |
EC |
DA |
5.3.2.4.2 Procedure
a) The UE is switched on.
b) The UE sends REGISTRATION REQUEST to the NG-SS indicating the 5GS registration type IE as "initial registration" and 5GS mobile identity information element type "SUCI".
c) Upon reception of REGISTRATION ACCEPT message with a new 5G-GUTI, the UE sends REGISTRATION COMPLETE message to the NG-SS.
5.3.2.5 Acceptance criteria
1) After step a) the ME shall read EFIMSI, EFRouting_Indicator and EFSUCI_Calc_Info.
2) After step b) the UE shall include the SUCI (coded below) in the 5GS mobile identity IE in the REGISTRATION REQUEST.
SUPI format: 0
Home Network Identifier: 246/081
Routing indicator: 17
Protection scheme id: 02
Home network public key Id: 27
Scheme output: ECC ephemeral public key, encryption of 357935793 and MAC tag value
5.3.3 UE identification by SUCI during initial registration – SUCI calculation by USIM using profile B
5.3.3.1 Definition and applicability
If the operator’s decision, indicated by the USIM, is that the USIM shall calculate the SUCI, then the USIM shall not give the ME any parameter for the calculation of the SUCI including the Home Network Public Key Identifier, the Home Network Public Key, and the Protection Scheme Identifier. If the ME determines that the calculation of the SUCI, indicated by the USIM, shall be performed by the USIM, the ME shall delete any previously received or locally cached parameters for the calculation of the SUCI including the Routing Indicator, the Home Network Public Key Identifier, the Home Network Public Key and the Protection Scheme Identifier.
5.3.3.2 Conformance requirement
1) SUCI calculation procedure shall be performed by the USIM if service n°124 is "available" in EFUST and service n°125 is "available" in EFUST.
2) The ME shall use the GET IDENTITY command in SUCI context to retrieve the SUCI calculated by the USIM.
3) This GET IDENTITY command shall be as per 7.5.2 in 3GPP TS 31.102 [4].
Reference:
– 3GPP TS 31.102 [4], clauses 4.4.11.8, 5.3.48 and 7.5;
– 3GPP TS 33.501 [41], clause Annex C;
– 3GPP TS 24.501 [42], clause 5.5.1.2.2, 5.5.1.2.4.
5.3.3.3 Test purpose
1) To verify that the GET IDENTITY command is performed correctly by the ME.
2) To verify that the ME includes the SUCI received from the 5G-NR UICC within GET IDENTITY response in the 5GS mobile identity IE.
5.3.3.4 Method of test
5.3.3.4.1 Initial conditions
The NG-SS transmits on the BCCH, with the following network parameters:
– TAI (MCC/MNC/TAC): 244/083/000001.
– Access control: unrestricted.
The default 5G-NR UICC is used and the UICC is installed into the ME.
The NG-SS shall be configured with Home Network Private Key for profile B:
|
Coding: |
B1 |
B2 |
B3 |
B4 |
B5 |
B6 |
B7 |
B8 |
|
Hex |
F1 |
AB |
10 |
74 |
47 |
7E |
BC |
C7 |
|
B9 |
B10 |
B11 |
B12 |
B13 |
B14 |
B15 |
B16 |
|
|
F5 |
54 |
EA |
1C |
5F |
C3 |
68 |
B1 |
|
|
B17 |
B18 |
B19 |
B20 |
B21 |
B22 |
B23 |
B24 |
|
|
61 |
67 |
30 |
15 |
5E |
00 |
41 |
AC |
|
|
B25 |
B26 |
B27 |
B28 |
B29 |
B30 |
B31 |
B32 |
|
|
44 |
7D |
63 |
01 |
97 |
5F |
EC |
DA |
EFUST (USIM Service Table)
Logically:
User controlled PLMN selector available
Fixed dialling numbers available
The GSM Access available
The Group Identifier level 1 and level 2 not available
Service n° 33 (Packed Switched Domain) shall be set to ‘1’
Enabled Services Table available
EPS Mobility Management Information available
Allowed CSG Lists and corresponding indications available
5GS Mobility Management Information available
5G Security Parameters available
Subscription identifier privacy support available
SUCI calculation by USIM available
|
Byte: |
B1 |
B2 |
B3 |
B4 |
B5 |
B6 |
B7 |
B8 |
|||||||||||
|
Binary: |
xxxx xx1x |
xxxx xxxx |
xxxx 1×00 |
xxxx x1xx |
xxxx xx11 |
xxxx xxxx |
xxxx xxxx |
xxxx xxxx |
|||||||||||
|
B9 |
B10 |
B11 |
B16 |
||||||||||||||||
|
xxxx xxxx |
xxxx xxxx |
xx11 xxxx |
….. |
xxx1 111x |
|||||||||||||||
5G-NR UICC is configured with:
Protection Scheme Identifier: ECIES scheme profile B
Key Index: 1
Home Network Public Key Identifier: 27
Home Network Public Key:
|
Coding: |
B1 |
B2 |
B3 |
B4 |
B5 |
B6 |
B7 |
B8 |
|
Hex |
04 |
72 |
DA |
71 |
97 |
62 |
34 |
CE |
|
B9 |
B10 |
B11 |
B12 |
B13 |
B14 |
B15 |
B16 |
|
|
83 |
3A |
69 |
07 |
42 |
58 |
67 |
B8 |
|
|
B17 |
B18 |
B19 |
B20 |
B21 |
B22 |
B23 |
B24 |
|
|
2E |
07 |
4D |
44 |
EF |
90 |
7D |
FB |
|
|
B25 |
B26 |
B27 |
B28 |
B29 |
B30 |
B31 |
B32 |
|
|
4B |
3E |
21 |
C1 |
C2 |
25 |
6E |
BC |
|
|
B33 |
B34 |
B35 |
B36 |
B37 |
B38 |
B39 |
B40 |
|
|
D1 |
5A |
7D |
ED |
52 |
FC |
BB |
09 |
|
|
B41 |
B42 |
B43 |
B44 |
B45 |
B46 |
B47 |
B48 |
|
|
7A |
4E |
D2 |
50 |
E0 |
36 |
C7 |
B9 |
|
|
B49 |
B50 |
B51 |
B52 |
B53 |
B54 |
B55 |
B56 |
|
|
C8 |
C7 |
00 |
4C |
4E |
ED |
C4 |
F0 |
|
|
B57 |
B58 |
B59 |
B60 |
B61 |
B62 |
B63 |
B64 |
|
|
68 |
CD |
7B |
F8 |
D3 |
F9 |
00 |
E3 |
|
|
B65 |
||||||||
|
B4 |
EFSUCI_Calc_Info (Subscription Concealed Identifier Calculation Information EF): Not available to the ME
5.3.3.4.2 Procedure
a) The UE is switched on.
b) The UE sends REGISTRATION REQUEST to the NG-SS indicating the 5GS registration type IE as "initial registration" and 5GS mobile identity information element type "SUCI".
c) Upon reception of REGISTRATION ACCEPT message with a 5G-GUTI, the UE sends REGISTRATION COMPLETE message to the NG-SS.
5.3.3.5 Acceptance criteria
1) After step a) the ME shall send GET IDENTITY command with Identity Context in P2 as SUCI (0x01) to the 5G-NR UICC
2) After step b) the UE shall include the SUCI (coded below) in the 5GS mobile identity IE in the REGISTRATION REQUEST.
SUPI format: 0
Home Network Identifier: 246/081
Routing indicator: 17
Protection scheme id: 02
Home network public key Id: 27
Scheme output: ECC ephemeral public key, encryption of 357935793 and MAC tag value
5.3.4 UE identification by SUCI in response to IDENTITY REQUEST message
5.3.4.1 Definition and applicability
The identification procedure is specified to request a particular UE to provide specific identification parameters, e.g. the SUCI or the IMEI. The SUCI is a privacy preserving identifier containing the concealed SUPI and IMEI is a format of PEI.
The network initiates the identification procedure by sending an IDENTITY REQUEST message to the UE and starting timer T3570. The IDENTITY REQUEST message specifies the requested identification parameters in the Identity type information element and the UE shall be ready to respond to an IDENTITY REQUEST message at any time whilst in 5GMM-CONNECTED mode.
5.3.4.2 Conformance requirement
1) A UE shall be ready to respond to an IDENTITY REQUEST message at any time whilst in 5GMM- CONNECTED mode.
2) Upon receipt of the IDENTITY REQUEST message, if the Identity type IE in the IDENTITY REQUEST message is set to "SUCI", the UE shall:
– if timer T3519 is not running, generate a fresh SUCI as specified in 3GPP TS 33.501 [41], send an IDENTITY RESPONSE message with the SUCI, start timer T3519 and store the value of the SUCI sent in the IDENTITY RESPONSE message; and
– if timer T3519 is running, send an IDENTITY RESPONSE message with the stored SUCI.
3) If the REGISTRATION ACCEPT message contained a 5G-GUTI, the UE shall return a REGISTRATION COMPLETE message to the AMF to acknowledge the received 5G-GUTI, stop timer T3519 if running, and delete any stored SUCI.
Reference:
– TS 31.102 [4], clauses 4.4.11.8, 4.4.11.11, 5.3.47 and 5.3.51;
– TS 33.501 [41], clauses 6.12.4 and Annex C;
– TS 24.501 [42], clauses 5.5.1.2.4,5.4.3 and 5.2.3.2.5.
5.3.4.3 Test purpose
1) To verify that the READ EFSUCI_Calc_Info, EFRouting_Indicator and EFIMSI commands are performed correctly by the terminal.
2) To verify that the UE will perform SUCI calculation procedure correctly.
3) To verify that upon reception of the IDENTITY REQUEST message with Identity type IE set to "SUCI", the UE will:
– if timer T3519 is not running, generate a fresh SUCI, send an IDENTITY RESPONSE message with the SUCI, start timer T3519 and store the value of the SUCI sent in the IDENTITY RESPONSE message; and
– if timer T3519 is running, send an IDENTITY RESPONSE message with the stored SUCI
4) To verify that upon reception of the REGISTRATION ACCEPT message containing a 5G-GUTI UE deletes the stored SUCI and stops timer T3519 if running.
5.3.4.4 Method of test
5.3.4.4.1 Initial conditions
The NG-SS transmits on the BCCH, with the following network parameters:
Cell A – TAI (MCC/MNC/TAC): 244/083/000001.
Access control: unrestricted.
Cell B – TAI (MCC/MNC/TAC): 244/084/000001.
Access control: unrestricted.
The default 5G-NR UICC is used with the following exception:
EF5GS3GPPLOCI (5GS 3GPP location information)
Logically:
5G-GUTI: 244083 00010266436587
TAI: 244 083 000001
5GS update status: 5U2 NOT UPDATED
|
Coding: |
B1 |
B2 |
B3 |
B4 |
B5 |
B6 |
B7 |
B8 |
|
Hex |
00 |
0B |
F2 |
42 |
34 |
80 |
00 |
01 |
|
B9 |
B10 |
B11 |
B12 |
B13 |
B14 |
B15 |
B16 |
|
|
02 |
66 |
43 |
65 |
87 |
42 |
34 |
80 |
|
|
B17 |
B18 |
B19 |
B20 |
|||||
|
00 |
00 |
01 |
01 |
The UICC is installed into the terminal.
5.3.4.4.2 Procedure
a) Bring up the Cell A and the UE is switched on.
b) The UE sends REGISTRATION REQUEST to the NG-SS indicating the 5GS registration type IE as "initial registration" and 5GS mobile identity information element type "5G-GUTI", then the UE starts timer T3510.
c) NG-SS sends IDENTITY REQUEST message to the UE indicating Identity type information element is "SUCI" and starts timer T3570.
d) The UE sends IDENTITY RESPONSE message with the fresh generated SUCI, starts timer T3519 and stores the value of the SUCI sent in the IDENTITY RESPONSE message.
e) NG-SS should ignore the IDENTITY RESPONSE sent by the UE and shall resend IDENTITY REQUEST message to the UE indicating Identity type information element is "SUCI" before the expiry of T3519.
f) The UE sends the IDENTITY RESPONSE message with the stored SUCI.
g) NG-SS accepts IDENTITY RESPONSE message and stops timer T3570 if running and upon reception of REGISTRATION ACCEPT message with a 5G-GUTI by UE, UE sends REGISTRATION COMPLETE message to the NG-SS, stops T3519, T3510 if running and deletes stored SUCI.
h) Bring down Cell A and bring up Cell B.
i) The UE sends REGISTRATION REQUEST to the Cell B NG-SS indicating the 5GS registration type IE as "mobility registration updating" or as "initial registration", and 5GS mobile identity information element type "5G-GUTI", then the UE starts timer T3510.
j) NG-SS sends IDENTITY REQUEST message to the UE indicating Identity type information element is "SUCI" and starts timer T3570.
k) The UE sends IDENTITY RESPONSE message with the fresh generated SUCI, starts timer T3519 and stores the value of the SUCI sent in the IDENTITY RESPONSE message.
l) NG-SS accepts IDENTITY RESPONSE message and stops timer T3570 if running and upon reception of REGISTRATION ACCEPT message with a 5G-GUTI by UE, UE sends REGISTRATION COMPLETE message to the NG-SS, stops T3519, T3510 if running and deletes stored SUCI.
5.3.4.5 Acceptance criteria
a) In step d) the UE shall send IDENTITY RESPONSE with new generated SUCI.
b) In step f) the UE shall send IDENTITY RESPONSE with the same SUCI generated in step d).
c) In step k) the UE shall send IDENTITY RESPONSE with new generated SUCI.
5.3.5 UE identification by SUCI in response to IDENTITY REQUEST message with T3519 timer expiry
5.3.5.1 Definition and applicability
The identification procedure is specified to request a particular UE to provide specific identification parameters, e.g. the SUCI or the IMEI. The SUCI is a privacy preserving identifier containing the concealed SUPI and IMEI is a format of PEI.
The network initiates the identification procedure by sending an IDENTITY REQUEST message to the UE and starting timer T3570. The IDENTITY REQUEST message specifies the requested identification parameters in the Identity type information element and the UE shall be ready to respond to an IDENTITY REQUEST message at any time whilst in 5GMM-CONNECTED mode.
5.3.5.2 Conformance requirement
1) A UE shall be ready to respond to an IDENTITY REQUEST message at any time whilst in 5GMM- CONNECTED mode.
2) Upon receipt of the IDENTITY REQUEST message, if the Identity type IE in the IDENTITY REQUEST message is set to "SUCI", the UE shall:
– if timer T3519 is not running, generate a fresh SUCI as specified in 3GPP TS 33.501 [41], send an IDENTITY RESPONSE message with the SUCI, start timer T3519 and store the value of the SUCI sent in the IDENTITY RESPONSE message; and
– if timer T3519 is running, send an IDENTITY RESPONSE message with the stored SUCI.
3) If the REGISTRATION ACCEPT message contained a 5G-GUTI, the UE shall return a REGISTRATION COMPLETE message to the AMF to acknowledge the received 5G-GUTI, stop timer T3519 if running, and delete any stored SUCI.
4) On expiry of T3519 (60s) timer UE shall delete stored SUCI (Table 10.2.1 in 3GPP TS 24.501 [42]).
5) During initial registration the UE handles the 5GS mobile identity IE in the following order as defined in TS 24.501 [42] clause 5.5.1.2.2:
b) a valid 5G-GUTI assigned by the same PLMN;
c) a valid 5G-GUTI assigned by an equivalent PLMN;
d) a valid 5G-GUTI assigned by any other PLMN;
e) a SUCI is available in the UE;
Reference:
– 3GPP TS 31.102 [4], clauses 4.4.11.8, 4.4.11.11, 5.3.47 and 5.3.51;
– 3GPP TS 33.501 [41], clauses 6.12.2 and Annex C;
– 3GPP TS 24.501 [42], clauses 5.5.1.2.2, 5.5.1.2.4, 5.4.3 and 10.2.
5.3.5.3 Test purpose
1) To verify that the READ EFSUCI_Calc_Info, EFRouting_Indicator and EFIMSI commands are performed correctly by the terminal.
2) To verify that the UE will perform SUCI calculation procedure correctly.
3) To verify that upon reception of the IDENTITY REQUEST message with Identity type IE set to "SUCI", the UE will:
– if timer T3519 is not running, generate a fresh SUCI, send an IDENTITY RESPONSE message with the SUCI, start timer T3519 and store the value of the SUCI sent in the IDENTITY RESPONSE message; and
– if timer T3519 is running, send an IDENTITY RESPONSE message with the stored SUCI.
4) To verify that upon expiry of T3519 UE deletes the stored SUCI.
5) To verify UE handles the 5GS mobile identity IE in the correct order during initial registration and use 5G-GUTI as identity when it has a valid 5G-GUTI and the SUCI both.
5.3.5.4 Method of test
5.3.5.4.1 Initial conditions
The NG-SS transmits on the BCCH, with the following network parameters:
Cell A -TAI (MCC/MNC/TAC): 244/083/000001.
– CellIdentity: "000000001"
Access control: unrestricted.
Cell B -TAI (MCC/MNC/TAC): 244/083/000001.
– CellIdentity: "000000002"
Access control: unrestricted.
The default 5G-NR UICC is used with the following exception:
EF5GS3GPPLOCI (5GS 3GPP location information)
Logically:
5G-GUTI: 244083 00010266436587
TAI: 244 083 000001
5GS update status: 5U2 NOT UPDATED
|
Coding: |
B1 |
B2 |
B3 |
B4 |
B5 |
B6 |
B7 |
B8 |
|
Hex |
00 |
0B |
F2 |
42 |
34 |
80 |
00 |
01 |
|
B9 |
B10 |
B11 |
B12 |
B13 |
B14 |
B15 |
B16 |
|
|
02 |
66 |
43 |
65 |
87 |
42 |
34 |
80 |
|
|
B17 |
B18 |
B19 |
B20 |
|||||
|
00 |
00 |
01 |
01 |
The UICC is installed into the Terminal.
5.3.5.4.2 Procedure
a) Bring up the Cell A and the UE is switched on.
b) The UE sends REGISTRATION REQUEST to the NG-SS indicating the 5GS registration type IE as "initial registration" and 5GS mobile identity information element type "5G-GUTI", then the UE starts timer T3510.
c) NG-SS sends IDENTITY REQUEST message to the UE indicating Identity type information element is "SUCI", then the UE sends IDENTITY RESPONSE message with the fresh generated SUCI, starts timer T3519 and stores the value of the SUCI sent in the IDENTITY RESPONSE message.
d) Bring down Cell A and bring up Cell B before the expiry of T3519 and the UE shall stop timer T3510.
e) While T3519 is still running, the UE sends REGISTRATION REQUEST to the Cell B NG-SS indicating the 5GS registration type IE as "initial registration" and 5GS mobile identity information element type "5G-GUTI", then the UE starts timer T3510.
f) NG-SS sends IDENTITY REQUEST message to the UE indicating Identity type information element is "SUCI", then the UE sends IDENTITY RESPONSE message with the stored SUCI.
g) Bring down Cell B and bring up Cell A after 70 sec (that is, after T3519 expires) and the UE shall stop timer T3510.
h) The UE sends REGISTRATION REQUEST to the Cell A NG-SS indicating the 5GS registration type IE as "initial registration" and 5GS mobile identity information element type "5G-GUTI", then the UE starts timer T3510.
i) NG-SS sends IDENTITY REQUEST message to the UE indicating Identity type information element is "SUCI", then the UE sends IDENTITY RESPONSE message with a freshly generated SUCI, start timer T3519 and store the value of the SUCI sent in the IDENTITY RESPONSE message.
j) NG-SS sends REGISTRATION ACCEPT message with a 5G-GUTI.
k) Upon reception of REGISTRATION ACCEPT message, the UE sends REGISTRATION COMPLETE message to the NG-SS, stops timers T3510 and T3519 if running and deletes any stored SUCI.
5.3.5.5 Acceptance criteria
a) In step c) the UE shall send IDENTITY RESPONSE with new generated SUCI.
b) In step f) the UE shall send IDENTITY RESPONSE with the stored SUCI in step c).
c) In step i) the UE shall send IDENTITY RESPONSE with new generated SUCI.
5.3.6 UE identification by SUCI in response to IDENTITY REQUEST message and AUTHENTICATION REJECT
5.3.6.1 Definition and applicability
The identification procedure is specified to request a particular UE to provide specific identification parameters, e.g. the SUCI or the IMEI. The SUCI is a privacy preserving identifier containing the concealed SUPI and IMEI is a format of PEI.
The network initiates the identification procedure by sending an IDENTITY REQUEST message to the UE and starting timer T3570. The IDENTITY REQUEST message specifies the requested identification parameters in the Identity type information element and the UE shall be ready to respond to an IDENTITY REQUEST message at any time whilst in 5GMM-CONNECTED mode.
5.3.6.2 Conformance requirement
1) A UE shall be ready to respond to an IDENTITY REQUEST message at any time whilst in 5GMM- CONNECTED mode.
2) Upon receipt of the IDENTITY REQUEST message, if the Identity type IE in the IDENTITY REQUEST message is set to "SUCI", the UE shall:
– if timer T3519 is not running, generate a fresh SUCI as specified in 3GPP TS 33.501 [41], send an IDENTITY RESPONSE message with the SUCI, start timer T3519 and store the value of the SUCI sent in the IDENTITY RESPONSE message; and
– if timer T3519 is running, send an IDENTITY RESPONSE message with the stored SUCI.
3) If the REGISTRATION ACCEPT message contained a 5G-GUTI, the UE shall return a REGISTRATION COMPLETE message to the AMF to acknowledge the received 5G-GUTI, stop timer T3519 if running, and delete any stored SUCI.
4) If the AUTHENTICATION REJECT message is received by the UE, the UE shall abort any 5GMM signalling procedure, stop any of the timers T3510, T3516, T3517, T3519 or T3521 (if they were running), delete stored SUCI and enter state 5GMM-DEREGISTERED.
Reference:
– TS 31.102 [4], clauses 4.4.11.8, 4.4.11.11, 5.3.47 and 5.3.51;
– TS 33.501 [41], clauses 6.12.2 and Annex C;
– TS 24.501 [42], clauses 5.5.1.2.2, 5.5.1.2.4, 5.4.3, 5.4.1.3.5 and 5.4.1.2.2.11.
5.3.6.3 Test purpose
1) To verify that the READ EFSUCI_Calc_Info, EFRouting_Indicator and EFIMSI commands are performed correctly by the terminal.
2) To verify that the UE will perform SUCI calculation procedure correctly.
3) To verify that upon reception of the IDENTITY REQUEST message with Identity type IE set to "SUCI", the UE will:
– if timer T3519 is not running, generate a fresh SUCI as specified in 3GPP TS 33.501 [41], send an IDENTITY RESPONSE message with the SUCI, start timer T3519 and store the value of the SUCI sent in the IDENTITY RESPONSE message; and
– if timer T3519 is running, send an IDENTITY RESPONSE message with the stored SUCI.
4) To verify that upon receiving AUTHENTICATION REJECT UE deletes the stored SUCI.
5.3.6.4 Method of test
5.3.6.4.1 Initial conditions
The NG-SS transmits on the BCCH, with the following network parameters:
Cell A -TAI (MCC/MNC/TAC): 244/083/000001.
Access control: unrestricted.
Cell B -TAI (MCC/MNC/TAC): 244/084/000001.
Access control: unrestricted.
The default 5G-NR UICC is used with the following exception:
EF5GS3GPPLOCI (5GS 3GPP location information)
Logically:
5G-GUTI: 244083 00010266436587
TAI: 244 083 000001
5GS update status: 5U2 NOT UPDATED
|
Coding: |
B1 |
B2 |
B3 |
B4 |
B5 |
B6 |
B7 |
B8 |
|
Hex |
00 |
0B |
F2 |
42 |
34 |
80 |
00 |
01 |
|
B9 |
B10 |
B11 |
B12 |
B13 |
B14 |
B15 |
B16 |
|
|
02 |
66 |
43 |
65 |
87 |
42 |
34 |
80 |
|
|
B17 |
B18 |
B19 |
B20 |
|||||
|
00 |
00 |
01 |
01 |
The UICC is installed into the Terminal.
5.3.6.4.2 Procedure
a) Bring up the Cell A and the UE is switched on.
b) The UE sends REGISTRATION REQUEST to the Cell A, indicates the 5GS registration type IE as "initial registration" and 5GS mobile identity information element type "5G-GUTI", then the UE starts timer T3510.
c) NG-SS sends IDENTITY REQUEST message to the UE indicating Identity type information element is "SUCI, then the UE sends IDENTITY RESPONSE message with the fresh generated SUCI and start T3519 timer.
d) NG-SS sends AUTHENTICATION REQUEST to the UE.
e) Upon receiving AUTHENTICATION RESPONSE from UE, NG-SS sends AUTHENTICATION REJECT.
f) UE stops T3510 and T3519 timers and deletes the stored SUCI.
g) Bring down Cell A and bring up Cell B, switch off and then switch on UE.
h) The UE sends REGISTRATION REQUEST to the Cell B, indicates the 5GS registration type IE as "initial registration" and 5GS mobile identity information element type "SUCI", with fresh SUCI then the UE starts timers T3519, T3510.
i) NG-SS sends REGISTRATION ACCEPT message with a 5G-GUTI.
j) Upon reception of REGISTRATION ACCEPT message, the UE sends REGISTRATION COMPLETE message to the NG-SS, stops timers T3510 and T3519 if running and deletes any stored SUCI.
5.3.6.5 Acceptance criteria
a) In step c) the UE shall send IDENTITY RESPONSE with new generated SUCI
b) In step h) the UE shall send REGISTRATION REQUEST with a fresh generated SUCI.
5.3.7 SUCI calculation by the ME using null scheme – missing parameters for subscription identifier privacy support by the USIM
5.3.7.1 Definition and applicability
If the operator’s decision is that ME shall calculate the SUCI, the home network operator shall provision a list of the Protection Scheme Identifiers that the operator allows in the USIM. The list of Protection Scheme Identifiers in the USIM may contain one or more Protection Scheme Identifiers in order of their priority. The ME shall read the SUCI calculation information from the USIM, including the SUPI, the Home Network Public Key, the Home Network Public Key Identifier, and the list of Protection Scheme Identifiers. The ME shall select the protection scheme from its supported schemes that has the highest priority in the list obtained from the USIM.
The ME shall calculate the SUCI using the null-scheme if one or more parameters (i.e. Home Network Public Key, Protection Scheme Identifier) required for the calculation of the SUCI are not provisioned in the USIM.
5.3.7.2 Conformance requirement
1) SUCI calculation procedure shall be performed by the ME if Service n°124 is "available" and Service n°125 is not "available" in EFUST
2) As part of the SUCI calculation performed by the ME, the ME shall perform reading procedure on EFSUCI_Calc_Info and EFRouting_Indicator.
3) The ME shall calculate the SUCI using the null-scheme if no Protection Scheme Identifier is provisioned in the USIM or if there is no Home Network Public Key configured in the USIM for the highest priority protection scheme configured in the USIM that the ME supports.
Reference:
– 3GPP TS 31.102 [4], clauses 4.4.11.8, 4.4.11.11, 5.3.47 and 5.3.51;
– 3GPP TS 33.501 [41], clause Annex C;
– 3GPP TS 24.501 [42], clause 5.5.1.2.2.
5.3.7.3 Test purpose
1) To verify that the READ EFUST, EFIMSI, EFSUCI_Calc_Info and EFRouting_Indicator commands are performed correctly by the ME.
2) To verify that the ME performs SUCI calculation procedure using null-scheme.
5.3.7.4 Method of test
5.3.7.4.1 Initial conditions
The NG-SS transmits on the BCCH, with the following network parameters:
– TAI (MCC/MNC/TAC): 244/083/000001.
– Access control: unrestricted.
The default 5G-NR UICC is used with the following exceptions:
The USIM does not have the Home Network Public Key configured for the highest priority protection scheme configured in the USIM that the ME supports.
EFSUCI_Calc_Info (Subscription Concealed Identifier Calculation Information EF)
Logically:
null
|
Coding: |
B1 |
B2 |
B3 |
B4 |
B5 |
B6 |
|
Hex |
A0 |
02 |
01 |
01 |
A1 |
00 |
The UICC is installed into the ME.
5.3.7.4.2 Procedure
a) The UE is switched on.
b) The UE sends REGISTRATION REQUEST to the NG-SS indicating the 5GS registration type IE as "initial registration" and 5GS mobile identity information element type "SUCI".
c) Upon reception of REGISTRATION ACCEPT message with a 5G-GUTI, the UE sends REGISTRATION COMPLETE message to the NG-SS.
5.3.7.5 Acceptance criteria
1) After step a) the ME shall read EFIMSI, EFUST, EFSUCI_Calc_Info and EFRouting_Indicator
2) After step b) the UE shall include the SUCI as coded below in the 5GS mobile identity IE in the REGISTRATION REQUEST.
SUPI format: 0
Home Network Identifier: 246/081
Routing indicator: 17
Protection scheme id: 00
Home network public key Id: 0
Scheme output: 357935793
5.3.8 UE identification by 5G-GUTI – Last Registered TAI stored on USIM
5.3.8.1 Definition and applicability
A globally unique temporary user identity for 5GS-based services, the 5G globally unique temporary identity (5G-GUTI), is used for identification within the signalling procedures. A UE supporting N1 mode includes a valid 5G-GUTI, if any is available, in the REGISTRATION REQUEST and DEREGISTRATION REQUEST messages.
5.3.8.2 Conformance requirement
The following 5GMM parameters shall be stored on the USIM if the corresponding file is present:
a) 5G-GUTI;
b) last visited registered TAI; and
c) 5GS update status.
The presence and format of corresponding files on the USIM is specified in 3GPP TS 31.102 [4].
If the corresponding file is not present on the USIM, these 5GMM parameters are stored in a non-volatile memory in the ME together with the SUPI from the USIM. These 5GMM parameters can only be used if the SUPI from the USIM matches the SUPI stored in the non-volatile memory; else the UE shall delete the 5GMM parameters.
Reference:
– TS 31.102 [4], clause 4.4.11.2;
– TS 24.501 [42], clauses 5.3.3, 5.5.1.2 and Annex C.
5.3.8.3 Test purpose
1) To verify that the READ EFIMSI and EF5GS3GPPLOCI commands are performed correctly by the ME.
2) To verify that the ME uses 5G-GUTI in the Registration Request.
5.3.8.4 Method of test
5.3.8.4.1 Initial conditions
The NG-SS transmits on the BCCH, with the following network parameters:
– TAI (MCC/MNC/TAC): 244/083/000002.
– Access control: unrestricted.
The default 5G-NR UICC is used with the following exception:
EF5GS3GPPLOCI (5GS 3GPP location information)
Logically:
5G-GUTI: 24408300010266436587
TAI: 244083000001
5GS update status: 5U2 NOT UPDATED
|
Coding: |
B1 |
B2 |
B3 |
B4 |
B5 |
B6 |
B7 |
B8 |
|
Hex |
00 |
0B |
F2 |
42 |
34 |
80 |
00 |
01 |
|
B9 |
B10 |
B11 |
B12 |
B13 |
B14 |
B15 |
B16 |
|
|
02 |
66 |
43 |
65 |
87 |
42 |
34 |
80 |
|
|
B17 |
B18 |
B19 |
B20 |
|||||
|
00 |
00 |
01 |
01 |
The UICC is installed into the Terminal.
5.3.8.4.2 Procedure
a) Bring up the NG-SS and the UE is switched on.
b) The UE sends REGISTRATION REQUEST to the NG-SS, indicates the 5GS registration type IE as "initial registration". and 5GS mobile identity information element type "5G-GUTI.
c) Upon reception of REGISTRATION ACCEPT message with the new 5G-GUTI (244083 00010266555555) and the 5GS TAI list with TAI (244 083 000002) UE sends REGISTRATION COMPLETE message to the NG-SS and stops timer T3510 if running.
d) Power reset the UE. Valid NAS security context gets updated in the USIM
e) The UE sends REGISTRATION REQUEST to the NG-SS, indicates the 5GS registration type IE as "initial registration" and 5GS mobile identity information element type "5G-GUTI", then the UE starts timer T3510.
f) Upon reception of REGISTRATION ACCEPT message with a 5G-GUTI the UE sends REGISTRATION COMPLETE message to the NG-SS.
5.3.8.5 Acceptance criteria
1) After steps a) and e) the ME shall read EFIMSI and EF5GS3GPPLOCI.
2) In step e) the UE shall use new 5G-GUTI and Last visited TAI in the REGISTRATION REQUEST:
5G-GUTI: 24408300010266555555
TAI (MCC/MNC/TAC): 244/083/000002
5.3.9 UE identification by 5G-GUTI – Last Registered TAI stored by ME
5.3.9.1 Definition and applicability
A globally unique temporary user identity for 5GS-based services, the 5G globally unique temporary identity (5G-GUTI), is used for identification within the signalling procedures. A UE supporting N1 mode includes a valid 5G-GUTI, if any is available, in the REGISTRATION REQUEST and DEREGISTRATION REQUEST messages.
5.3.9.2 Conformance requirement
The following 5GMM parameters shall be stored on the USIM if the corresponding file is present:
a) 5G-GUTI;
b) last visited registered TAI; and
c) 5GS update status.
The presence and format of corresponding files on the USIM is specified in 3GPP TS 31.102 [4].
If the corresponding file is not present on the USIM, these 5GMM parameters are stored in a non-volatile memory in the ME together with the SUPI from the USIM. These 5GMM parameters can only be used if the SUPI from the USIM matches the SUPI stored in the non-volatile memory; else the UE shall delete the 5GMM parameters.
Reference:
– TS 24.501 [42], clauses 5.3.3, 5.5.1.2, 5.2.3.2.5 and Annex C.
5.3.9.3 Test purpose
1) To verify that the READ EFIMSI command is performed correctly by the ME.
2) To verify that the ME uses 5G-GUTI in the Registration Request.
3) To verify that the ME stores the new 5G-GUTI in its non-volatile memory if the corresponding file is not present in the USIM.
5.3.9.4 Method of test
5.3.9.4.1 Initial conditions
The NG-SS transmits on the BCCH, with the following network parameters:
Cell A -TAI (MCC/MNC/TAC): 244/083/000001.
Access control: unrestricted.
Cell B -TAI (MCC/MNC/TAC): 244/084/000001.
Access control: unrestricted.
The default E-UTRAN UICC is used and installed into the Terminal.
5.3.9.4.2 Procedure
a) Bring up the Cell A and the UE is switched on.
b) The UE sends REGISTRATION REQUEST to the NG-SS, indicates the 5GS registration type IE as "initial registration".
c) The NG-SS sends a REGISTRATION ACCEPT message with the following parameters:
5G-GUTI: 244083 00010266436587
TAI: 244 083 000001
d) The UE sends REGISTRATION COMPLETE message to the NG-SS.
e) The UE is switched off.
f) The UE is switched on.
g) The UE sends REGISTRATION REQUEST to the NG-SS, indicates the 5GS registration type IE as "initial registration" and 5GS mobile identity information element type "5G-GUTI", then the UE starts timer T3510.
h) The NG-SS sends REGISTRATION ACCEPT message with the following parameters:
5G-GUTI: 244 083 00010266434444
TAI: 244 083 000001
i) The UE sends REGISTRATION COMPLETE message to the NG-SS and stops timer T3510.
j) Turn cell A off, then turn cell B on.
k) The UE sends REGISTRATION REQUEST to the NG-SS, indicates the 5GS registration type IE as "mobility registration updating" or as "initial registration" and 5GS mobile identity information element type "5G-GUTI", then the UE starts timer T3510.
5.3.9.5 Acceptance criteria
1) After step a) the ME shall read EFIMSI.
2) In step g) the UE shall use in the REGISTRATION REQUEST the following parameters:
5G-GUTI: 244083 00010266436587
Last visited registered TAI: 244 083 000001
3) In step k) the UE shall use in the REGISTRATION REQUEST with the following parameters:
5G-GUTI: 244 083 00010266434444
Last visited registered TAI: 244 083 000001
5.3.10 UE identification after SUPI is changed
5.3.10.1 Definition and applicability
A globally unique temporary user identity for 5GS-based services, the 5G globally unique temporary identity (5G-GUTI), is used for identification within the signalling procedures. A UE supporting N1 mode includes a valid 5G-GUTI, if any is available, in the REGISTRATION REQUEST and DEREGISTRATION REQUEST messages.
5.3.10.2 Conformance requirement
The following 5GMM parameters shall be stored on the USIM if the corresponding file is present:
a) 5G-GUTI;
b) last visited registered TAI;
c) 5GS update status; and
d) 5G NAS security context parameters from a full native 5G NAS security context.
The presence and format of corresponding files on the USIM is specified in 3GPP TS 31.102 [4].
If the corresponding file is not present on the USIM, these 5GMM parameters are stored in a non-volatile memory in the ME together with the SUPI from the USIM. These 5GMM parameters can only be used if the SUPI from the USIM matches the SUPI stored in the non-volatile memory; else the UE shall delete the 5GMM parameters.
Reference:
– TS 24.501 [42], clauses 5.3.3, 5.5.1.2 and Annex C.
5.3.10.3 Test purpose
1) To verify that the READ EFIMSI command is performed correctly by the ME.
2) To verify that the ME deletes the 5GMM parameters from non-volatile memory in case SUPI is changed.
5.3.10.4 Method of test
5.3.10.4.1 Initial conditions
The NG-SS transmits on the BCCH, with the following network parameters:
– TAI (MCC/MNC/TAC): 244/083/000001.
– Access control: unrestricted.
The default E-UTRAN UICC is used and installed into the Terminal.
5.3.10.4.2 Procedure
a) The UE is switched on.
b) The UE sends REGISTRATION REQUEST to the NG-SS indicates the 5GS registration type IE as "initial registration".
c) The NG-SS sends a REGISTRATION ACCEPT message with the following parameters:
5G-GUTI: 24408300010266436587
TAI: 244 083 000001
d) The UE sends a REGISTRATION COMPLETE message to the NG-SS.
e) The UE is switched off, change the UICC configuration by setting the IMSI to (24681685533963)
f) The UE is switched on.
g) The UE sends REGISTRATION REQUEST to the NG-SS.
5.3.10.5 Acceptance criteria
1) After step a) the ME shall read EFIMSI
2) In step g) the UE shall not use the 5G-GUTI or the Last visited registered TAI parameters in the REGISTRATION REQUEST message, instead it shall use SUCI as 5GS mobile identity IE.
5.3.11 SUCI calculation by ME using Profile A
5.3.11.1 Definition and applicability
If the operator’s decision is that the ME shall calculate the SUCI, the Home Network Operator shall provision a list of the Protection Scheme Identifiers that the operator allows in the USIM. The list of Protection Scheme Identifiers in the USIM may contain one or more Protection Scheme Identifiers in order of their priority. The ME shall read the SUCI calculation information from the USIM, including the SUPI, the Home Network Public Key, the Home Network Public Key Identifier, and the list of Protection Scheme Identifiers. The ME shall select the protection scheme from its supported schemes that has the highest priority in the list obtained from the USIM.
5.3.11.2 Conformance requirement
1) SUCI calculation procedure shall be performed by the ME if Service n°124 is "available" and Service n°125 is not "available" in EFUST.
2) As part of the SUCI calculation performed by the ME, the ME performs the reading procedure with EFSUCI_Calc_Info.
3) The ME shall calculate the SUCI using the ECIES scheme profile A if highest priority of the protection schemes listed in the USIM is the ECIES scheme profile A
Reference:
– 3GPP TS 31.102 [4], clauses 4.4.11.8, 4.4.11.11, 5.3.47 and 5.3.51;
– 3GPP TS 33.501 [41], clause Annex C;
– 3GPP TS 24.501 [42], clause 5.5.1.2, 5.5.1.2.4.
5.3.11.3 Test purpose
1) To verify that the READ EFRouting_Indicator, EFSUCI_Calc_Info and EFIMSI commands are performed correctly by the ME.
2) To verify that the terminal performs SUCI calculation procedure using the profile with the highest priority (i.e. ECIES scheme profile A and the Home Network Public Key).
5.3.11.4 Method of test
5.3.11.4.1 Initial conditions
The NG-SS transmits on the BCCH, with the following network parameters:
– TAI (MCC/MNC/TAC): 244/083/000001.
– Access control: unrestricted.
The 5G-NR UICC is configured with the following parameters in the order of priority and installed into the ME.
EFSUCI_Calc_Info (Subscription Concealed Identifier Calculation Information EF)
Logically:
Protection Scheme Identifier List data object
Protection Scheme Identifier 1 – ECIES scheme profile A
Key Index 1: 1
Protection Scheme Identifier 2 – ECIES scheme profile B
Key Index 2: 2
Protection Scheme Identifier 3 – null-scheme
Key Index 3: 0
Home Network Public Key List data object
Home Network Public Key 1 Identifier: 30
Home Network Public Key 1:
– 5A 8D 38 86 48 20 19 7C 33 94 B9 26 13 B2 0B 91 63 3C BD 89 71 19 27 3B F8 E4 A6 F4 EE C0 A6 50
Home Network Public Key 2 Identifier: 27
Home Network Public Key 2:
– 04 72 DA 71 97 62 34 CE 83 3A 69 07 42 58 67 B8 2E 07 4D 44 EF 90 7D FB 4B 3E 21 C1 C2 25 6E BC D1 5A 7D ED 52 FC BB 09 7A 4E D2 50 E0 36 C7 B9 C8 C7 00 4C 4E ED C4 F0 68 CD 7B F8 D3 F9 00 E3 B4
The NG-SS shall be configured with Home Network Private Key as following (for Profile A):
|
Coding: |
B1 |
B2 |
B3 |
B4 |
B5 |
B6 |
B7 |
B8 |
|
Hex |
C5 |
3C |
22 |
20 |
8B |
61 |
86 |
0B |
|
B9 |
B10 |
B11 |
B12 |
B13 |
B14 |
B15 |
B16 |
|
|
06 |
C6 |
2E |
54 |
06 |
A7 |
B3 |
30 |
|
|
B17 |
B18 |
B19 |
B20 |
B21 |
B22 |
B23 |
B24 |
|
|
C2 |
B5 |
77 |
AA |
55 |
58 |
98 |
15 |
|
|
B25 |
B26 |
B27 |
B28 |
B29 |
B30 |
B31 |
B32 |
|
|
10 |
D1 |
28 |
24 |
7D |
38 |
BD |
1D |
5.3.11.4.2 Procedure
a) The UE is switched on.
b) The UE sends REGISTRATION REQUEST to the NG-SS indicating the 5GS registration type IE as "initial registration" and 5GS mobile identity information element type "SUCI".
c) Upon reception of REGISTRATION ACCEPT message with a 5G-GUTI, the UE sends REGISTRATION COMPLETE message to the NG-SS.
5.3.11.5 Acceptance criteria
1) After step a) the ME shall read EFIMSI, EFUST, EFRouting_Indicator and EFSUCI_Calc_Info.
2) After step b) the UE shall include the SUCI (coded below) in the 5GS mobile identity IE in the REGISTRATION REQUEST.
SUPI format: 0
Home Network Identifier: 246/081
Routing indicator: 17
Protection scheme id: 01
Home network public key Id: 30
Scheme output: ECC ephemeral public key, encryption of 357935793 and MAC tag value
5.3.12 UE identification by SUCI during initial registration – SUCI calculation by USIM using profile A
5.3.12.1 Definition and applicability
If the operator’s decision, indicated by the USIM, is that the USIM shall calculate the SUCI, then the USIM shall not give the ME any parameter for the calculation of the SUCI including the Home Network Public Key Identifier, the Home Network Public Key, and the Protection Scheme Identifier. If the ME determines that the calculation of the SUCI, indicated by the USIM, shall be performed by the USIM, the ME shall delete any previously received or locally cached parameters for the calculation of the SUCI including the Routing Indicator, the Home Network Public Key Identifier, the Home Network Public Key and the Protection Scheme Identifier.
5.3.12.2 Conformance requirement
1) SUCI calculation procedure shall be performed by the USIM if service n°124 is "available" in EFUST and service n°125 is "available" in EFUST.
2) The ME shall use the GET IDENTITY command in SUCI context to retrieve the SUCI calculated by the USIM.
3) This GET IDENTITY command shall be as per 7.5.2 in TS 31.102
Reference:
– TS 31.102 [4], clauses 4.4.11.8, 5.3.48 and 7.5;
– TS 33.501 [41], clause Annex C;
– TS 24.501 [42], clause 5.5.1.2.2.
5.3.12.3 Test purpose
1) To verify that the GET IDENTITY command is performed correctly by the terminal.
2) To verify that the terminal includes the SUCI received from the 5G-NR UICC within GET IDENTITY response in the 5GS mobile identity IE.
5.3.12.4 Method of test
5.3.12.4.1 Initial conditions
The NG-SS transmits on the BCCH, with the following network parameters:
– TAI (MCC/MNC/TAC): 244/083/000001.
– Access control: unrestricted.
The default 5G-NR UICC is used and the UICC is installed into the Terminal.
The NG-SS shall be configured with Home Network Private Key for profile A:
|
Coding: |
B1 |
B2 |
B3 |
B4 |
B5 |
B6 |
B7 |
B8 |
|
Hex |
C5 |
3C |
22 |
20 |
8B |
61 |
86 |
0B |
|
B9 |
B10 |
B11 |
B12 |
B13 |
B14 |
B15 |
B16 |
|
|
06 |
C6 |
2E |
54 |
06 |
A7 |
B3 |
30 |
|
|
B17 |
B18 |
B19 |
B20 |
B21 |
B22 |
B23 |
B24 |
|
|
C2 |
B5 |
77 |
AA |
55 |
58 |
98 |
15 |
|
|
B25 |
B26 |
B27 |
B28 |
B29 |
B30 |
B31 |
B32 |
|
|
10 |
D1 |
28 |
24 |
7D |
38 |
BD |
1D |
EFUST (USIM Service Table)
Logically:
User controlled PLMN selector available
Fixed dialling numbers available
The GSM Access available
The Group Identifier level 1 and level 2 not available
Service n° 33 (Packed Switched Domain) shall be set to ‘1’
Enabled Services Table available
EPS Mobility Management Information available
Allowed CSG Lists and corresponding indications available
5GS Mobility Management Information available
5G Security Parameters available
Subscription identifier privacy support available
SUCI calculation by USIM available
|
Byte: |
B1 |
B2 |
B3 |
B4 |
B5 |
B6 |
B7 |
B8 |
|||||||||||
|
Binary: |
xxxx xx1x |
xxxx xxxx |
xxxx 1×00 |
xxxx x1xx |
xxxx xx11 |
xxxx xxxx |
xxxx xxxx |
xxxx xxxx |
|||||||||||
|
B9 |
B10 |
B11 |
B16 |
||||||||||||||||
|
xxxx xxxx |
xxxx xxxx |
xx11 xxxx |
….. |
xxx1 111x |
|||||||||||||||
5G-NR UICC is configured with:
Protection Scheme Identifier: ECIES scheme profile A
Key Index: 1
Home Network Public Key Identifier: 30
Home Network Public Key:
|
Coding: |
B1 |
B2 |
B3 |
B4 |
B5 |
B6 |
B7 |
B8 |
|
Hex |
5A |
8D |
38 |
86 |
48 |
20 |
19 |
7C |
|
B9 |
B10 |
B11 |
B12 |
B13 |
B14 |
B15 |
B16 |
|
|
33 |
94 |
B9 |
26 |
13 |
B2 |
0B |
91 |
|
|
B17 |
B18 |
B19 |
B20 |
B21 |
B22 |
B23 |
B24 |
|
|
63 |
3C |
BD |
89 |
71 |
19 |
27 |
3B |
|
|
B25 |
B26 |
B27 |
B28 |
B29 |
B30 |
B31 |
B32 |
|
|
F8 |
E4 |
A6 |
F4 |
EE |
C0 |
A6 |
50 |
EFSUCI_Calc_Info (Subscription Concealed Identifier Calculation Information EF): Not available to the ME
5.3.12.4.2 Procedure
a) The UE is switched on.
b) The UE sends REGISTRATION REQUEST to the NG-SS indicating the 5GS registration type IE as "initial registration" and 5GS mobile identity information element type "SUCI".
c) Upon reception of REGISTRATION ACCEPT message with a 5G-GUTI, the UE sends REGISTRATION COMPLETE message to the NG-SS.
5.3.12.5 Acceptance criteria
1) After step a) the ME shall send GET IDENTITY command with Identity Context in P2 as SUCI (0x01) to the 5G-NR UICC
2) After step b) the UE shall include the SUCI (coded below) in the 5GS mobile identity IE in the REGISTRATION REQUEST.
SUPI format: 0
Home Network Identifier: 246/081
Routing indicator: 17
Protection scheme id: 01
Home network public key Id: 30
Scheme output: ECC ephemeral public key, encryption of 357935793 and MAC tag value
5.3.13 SUCI calculation by ME using null scheme– no Protection Scheme Identifier provisioned in the USIM
5.3.13.1 Definition and applicability
If the operator’s decision is that ME shall calculate the SUCI, and the home network operator has not provisioned any Protection Scheme Identifier definition in the list of Protection Scheme Identifiers in the USIM, the ME shall calculate the SUCI using the null-scheme.
5.3.13.2 Conformance requirement
1) SUCI calculation procedure shall be performed by the ME if Service n°124 is "available" and Service n°125 is not "available" in EFUST
2) As part of the SUCI calculation performed by the ME, the ME performs the reading procedure on EFSUCI_Calc_Info and EFRouting_Indicator.
3) The ME shall calculate the SUCI using the null-scheme if no Protection Scheme Identifier is provisioned in the USIM.
Reference:
– TS 31.102 [4], clauses 4.4.11.8, 4.4.11.11, 5.3.47 and 5.3.51;
– TS 33.501 [41], clause 6.12.2, Annex C;
– TS 24.501 [42], clause 5.5.1.2, 5.5.1.2.4.
5.3.13.3 Test purpose
1) To verify that the READ EFSUCI_Calc_Info, EFRouting_Indicator and EFIMSI commands are performed correctly by the ME.
2) To verify that the ME performs the SUCI calculation procedure using null-scheme.
5.3.13.4 Method of test
5.3.13.4.1 Initial conditions
The NG-SS transmits on the BCCH, with the following network parameters:
– TAI (MCC/MNC/TAC): 244/083/000001.
– Access control: unrestricted.
The default 5G-NR UICC is used with the following exception:
EFSUCI_Calc_Info (Subscription Concealed Identifier Calculation Information EF)
Logically:
null
|
Coding: |
B1 |
B2 |
|
Hex |
A0 |
00 |
The UICC is installed into the Terminal.
5.3.13.4.2 Procedure
a) The UE is switched on.
b) The UE sends REGISTRATION REQUEST to the NG-SS indicating the 5GS registration type IE as "initial registration" and 5GS mobile identity information element type "SUCI".
c) Upon reception of REGISTRATION ACCEPT message with a 5G-GUTI, the UE sends REGISTRATION COMPLETE message to the NG-SS.
5.3.13.5 Acceptance criteria
1) After step a) the ME shall read EFIMSI , EFRouting_Indicator and EFSUCI_Calc_Info
2) After step b) the UE shall include the SUCI as coded below in the 5GS mobile identity IE in the REGISTRATION REQUEST.
SUPI format: 0
Home Network Identifier: 246/081
Routing indicator: 17
Protection scheme id: 00
Home network public key Id: 0
Scheme output: 357935793
5.3.14 SUCI calculation by ME using null scheme – no Home Network Public Key for supported protection scheme provisioned in the USIM
5.3.14.1 Definition and applicability
If the operator’s decision is that ME shall calculate the SUCI, and the home network operator has not provisioned the Home Network Public Key for the protection scheme configured in the USIM that the ME supports, the ME shall calculate the SUCI using the null-scheme.
5.3.14.2 Conformance requirement
1) SUCI calculation procedure shall be performed by the ME if Service n°124 is "available" and Service n°125 is not "available" in EFUST
2) As part of the SUCI calculation performed by the ME, the ME performs the reading procedure on EFSUCI_Calc_Info and EFRouting_Indicator.
3) The ME shall calculate the SUCI using the null-scheme if no Home Network Public Key configured in the USIM for the protection scheme configured in the USIM that the ME supports..
Reference:
– TS 31.102 [4], clauses 4.4.11.8, 4.4.11.11, 5.3.47 and 5.3.51;
– TS 33.501 [41], clause 6.12.2, Annex C;
– TS 24.501 [42], clause 5.5.1.2, 5.5.1.2.4.
5.3.14.3 Test purpose
1) To verify that the READ EFSUCI_Calc_Info, EFRouting_Indicator and EFIMSI commands are performed correctly by the ME.
2) To verify that the ME performs the SUCI calculation procedure using null-scheme.
5.3.14.4 Method of test
5.3.14.4.1 Initial conditions
The NG-SS transmits on the BCCH, with the following network parameters:
– TAI (MCC/MNC/TAC): 244/083/000001.
– Access control: unrestricted.
The default 5G-NR UICC is used with the following exception:
EFSUCI_Calc_Info (Subscription Concealed Identifier Calculation Information EF)
Logically:
Protection Scheme Identifier List data object
Protection Scheme Identifier 1 – ECIES scheme profile B
Key Index 1: 0
|
Coding: |
B1 |
B2 |
B3 |
B4 |
|
Hex |
A0 |
02 |
02 |
00 |
The UICC is installed into the Terminal.
5.3.14.4.2 Procedure
a) The UE is switched on.
b) The UE sends REGISTRATION REQUEST to the NG-SS indicating the 5GS registration type IE as "initial registration" and 5GS mobile identity information element type "SUCI".
c) Upon reception of REGISTRATION ACCEPT message with a 5G-GUTI, the UE sends REGISTRATION COMPLETE message to the NG-SS.
5.3.14.5 Acceptance criteria
1) After step a) the ME shall read EFIMSI , EFRouting_Indicator and EFSUCI_Calc_Info
2) After step b) the UE shall include the SUCI as coded below in the 5GS mobile identity IE in the REGISTRATION REQUEST.
SUPI format: 0
Home Network Identifier: 246/081
Routing indicator: 17
Protection scheme id: 00
Home network public key Id: 0
Scheme output: 357935793
5.3.15 SUCI calculation by ME using null scheme with the E-UTRAN/EPC UICC
5.3.15.1 Definition and applicability
If the operator’s decision is that ME shall calculate the SUCI, the home network operator shall provision the Protection Scheme and public key in the USIM that the operator allows. But if the SUCI calculation indication is not present, the calculation is in the ME. If the Home Network Public Key or the priority list are not provisioned in the USIM, the ME shall calculate the SUCI using the null-scheme. The Routing Indicator shall be stored in the USIM. If the Routing Indicator is not present in the USIM, the ME shall set it to a default value 0.
5.3.15.2 Conformance requirement
1) SUCI calculation procedure shall be performed by the ME if the SUCI calculation indication is not present in the USIM.
2) The ME shall calculate the SUCI using the null-scheme if E-UTRAN/EPC UICC is installed into the ME.
Reference:
– TS 31.102 [4], clause Annex E;
– TS 33.501 [41], clause 5.2.5, 6.12.2,Annex C;
– TS 24.501 [42], clause 5.5.1.2, 5.5.1.2.4, 9.11.3.4.
5.3.15.3 Test purpose
1) To verify that the ME performs the SUCI calculation procedure using null-scheme.
5.3.15.4 Method of test
5.3.15.4.1 Initial conditions
The NG-SS transmits on the BCCH, with the following network parameters:
– TAI (MCC/MNC/TAC): 244/083/000001.
– Access control: unrestricted.
The default E-UTRAN/EPC is used with the following exception:
EFIMSI (IMSI)
Logically: 246081357935793
|
Coding: |
B1 |
B2 |
B3 |
B4 |
B5 |
B6 |
B7 |
B8 |
B9 |
|
Hex |
08 |
29 |
64 |
80 |
31 |
75 |
39 |
75 |
39 |
The UICC is installed into the Terminal.
5.3.15.4.2 Procedure
a) Bring up Cell A and the UE is switched on.
b) The UE sends REGISTRATION REQUEST to NG-SS, Further NG-SS responds with REGISTRATION REJECT (cause: Roaming not allowed in this tracking area), and the UE is switched off.
c) The UE is switched on.
d) The UE sends REGISTRATION REQUEST to the NG-SS indicating the 5GS registration type IE as "initial registration" and 5GS mobile identity information element type "SUCI".
e) Upon reception of REGISTRATION ACCEPT message with a 5G-GUTI, the UE sends REGISTRATION COMPLETE message to the NG-SS.
5.3.15.5 Acceptance criteria
1) After step c) the ME shall read EFIMSI.
2) At step d) the UE shall include the SUCI as coded below in the 5GS mobile identity IE in the REGISTRATION REQUEST.
SUPI format: 0
Home Network Identifier: 246/081
Routing indicator: 0
Protection scheme id: 00
Home network public key Id: 0
Scheme output: 357935793
5.3.16 SUCI calculation by ME using the lower priority protection scheme when the higher priority protection scheme is not supported by the ME
5.3.16.1 Definition and applicability
If the operator’s decision is that the ME shall calculate the SUCI, the Home Network Operator shall provision a list of the Protection Scheme Identifiers that the operator allows in the USIM. The list of Protection Scheme Identifiers in the USIM may contain one or more Protection Scheme Identifiers in order of their priority. The ME shall read the SUCI calculation information from the USIM, including the SUPI, the Home Network Public Key, the Home Network Public Key Identifier, and the list of Protection Scheme Identifiers. The ME shall select the protection scheme from its supported schemes that has the highest priority in the list obtained from the USIM. If the higher priority protection scheme is not supported by the ME, the ME should use the lower priority protection scheme to calculate the SUCI.
5.3.16.2 Conformance requirement
1) SUCI calculation procedure shall be performed by the ME if Service n°124 is "available" and Service n°125 is not "available" in EFUST.
2) As part of the SUCI calculation performed by the ME, the ME performs the reading procedure with EFSUCI_Calc_Info.
3) The ME shall select the protection scheme from its supported schemes that has the highest priority in the list are obtained from the USIM. If the higher priority protection scheme is not supported by the ME, the ME should use the lower priority protection scheme to calculate the SUCI.
Reference:
– 3GPP TS 31.102 [4], clauses 4.4.11.8, 4.4.11.11, 5.3.47 and 5.3.51;
– 3GPP TS 33.501 [41], clause 6.12.2, Annex C;
– 3GPP TS 24.501 [42], clause 5.5.1.2, 5.5.1.2.4.
5.3.16.3 Test purpose
1) To verify that the READ EFRouting_Indicator, EFSUCI_Calc_Info and EFIMSI commands are performed correctly by the ME.
2) To verify that if the higher priority protection scheme is not supported by the ME, the ME should use the lower priority protection scheme to calculate the SUCI.
5.3.16.4 Method of test
5.3.16.4.1 Initial conditions
The NG-SS transmits on the BCCH, with the following network parameters:
– TAI (MCC/MNC/TAC): 244/083/000001.
– Access control: unrestricted.
The 5G-NR UICC is configured with the following parameters in the order of priority and installed into the ME.
EFSUCI_Calc_Info (Subscription Concealed Identifier Calculation Information EF)
Logically:
Protection Scheme Identifier List data object
Protection Scheme Identifier 1 – any value of the reserved range (i.e 0x3 – 0xB) that is not standardized
Key Index 1: 1
Protection Scheme Identifier 2 – ECIES scheme profile A
Key Index 2: 2
Protection Scheme Identifier 3 – null-scheme
Key Index 3: 0
Home Network Public Key List data object
Home Network Public Key 1 Identifier: 16
Home Network Public Key 1: 2E 85 DA EC 6A C9 B5 2B 5D 2D 58 02 33 29 57
75 49 44 5A 39 3D 2A 68 E6 12 14 27 34 95 AD
BE 65
Home Network Public Key 2 Identifier: 30
Home Network Public Key 2: 5A 8D 38 86 48 20 19 7C 33 94 B9 26 13 B2 0B
91 63 3C BD 89 71 19 27 3B F8 E4 A6 F4 EE C0
A6 50
|
Coding: |
B1 |
B2 |
B3 |
B4 |
B5 |
B6 |
B7 |
B8 |
|
Hex |
A0 |
06 |
Note1 |
01 |
01 |
02 |
00 |
00 |
|
B9 |
B10 |
B11 |
B12 |
B13 |
B14 |
B15 |
B16 |
|
|
A1 |
4A |
80 |
01 |
10 |
81 |
20 |
2E |
|
|
B17 |
B18 |
B19 |
B20 |
B21 |
B22 |
B23 |
B24 |
|
|
85 |
DA |
EC |
6A |
C9 |
B5 |
2B |
5D |
|
|
B25 |
B26 |
B27 |
B28 |
B29 |
B30 |
B31 |
B32 |
|
|
2D |
58 |
02 |
33 |
29 |
57 |
75 |
49 |
|
|
B33 |
B34 |
B35 |
B36 |
B37 |
B38 |
B39 |
B40 |
|
|
44 |
5A |
39 |
3D |
2A |
68 |
E6 |
12 |
|
|
B41 |
B42 |
B43 |
B44 |
B45 |
B46 |
B47 |
B48 |
|
|
14 |
27 |
34 |
95 |
AD |
BE |
65 |
80 |
|
|
B49 |
B50 |
B51 |
B52 |
B53 |
B54 |
B55 |
B56 |
|
|
01 |
1E |
81 |
20 |
5A |
8D |
38 |
86 |
|
|
B57 |
B58 |
B59 |
B60 |
B61 |
B62 |
B63 |
B64 |
|
|
48 |
20 |
19 |
7C |
33 |
94 |
B9 |
26 |
|
|
B65 |
B66 |
B67 |
B68 |
B69 |
B70 |
B71 |
B72 |
|
|
13 |
B2 |
0B |
91 |
63 |
3C |
BD |
89 |
|
|
B73 |
B74 |
B75 |
B76 |
B77 |
B78 |
B79 |
B80 |
|
|
71 |
19 |
27 |
3B |
F8 |
E4 |
A6 |
F4 |
|
|
B81 |
B82 |
B83 |
B84 |
|||||
|
EE |
C0 |
A6 |
50 |
NOTE1: Any value of the reserved range (i.e 0x3 – 0xB) that is not standardized (e.g. 0xB).
The NG-SS shall be configured with Home Network Private Key as following (for Profile A):
|
Coding: |
B1 |
B2 |
B3 |
B4 |
B5 |
B6 |
B7 |
B8 |
|
Hex |
C5 |
3C |
22 |
20 |
8B |
61 |
86 |
0B |
|
B9 |
B10 |
B11 |
B12 |
B13 |
B14 |
B15 |
B16 |
|
|
06 |
C6 |
2E |
54 |
06 |
A7 |
B3 |
30 |
|
|
B17 |
B18 |
B19 |
B20 |
B21 |
B22 |
B23 |
B24 |
|
|
C2 |
B5 |
77 |
AA |
55 |
58 |
98 |
15 |
|
|
B25 |
B26 |
B27 |
B28 |
B29 |
B30 |
B31 |
B32 |
|
|
10 |
D1 |
28 |
24 |
7D |
38 |
BD |
1D |
5.3.16.4.2 Procedure
a) The UE is switched on.
b) The UE sends REGISTRATION REQUEST to the NG-SS indicating the 5GS registration type IE as "initial registration" and 5GS mobile identity information element type "SUCI".
c) Upon reception of REGISTRATION ACCEPT message with a 5G-GUTI, the UE sends REGISTRATION COMPLETE message to the NG-SS.
5.3.16.5 Acceptance criteria
1) After step a) the ME shall read EFIMSI, EFUST, EFRouting_Indicator and EFSUCI_Calc_Info.
2) After step b) the UE shall include the SUCI (coded below) in the 5GS mobile identity IE in the REGISTRATION REQUEST.
SUPI format: 0
Home Network Identifier: 246/081
Routing indicator: 17
Protection scheme id: 01
Home network public key Id: 30
Scheme output: ECC ephemeral public key, encryption of 357935793 and MAC tag value
5.3.17 SUCI calculation by ME using Profile B with compressed Home Network Public Key
5.3.17.1 Definition and applicability
If the operator’s decision is that ME shall calculate the SUCI, the home network operator shall provision a list of the Protection Scheme Identifiers that the operator allows in the USIM. The list of Protection Scheme Identifiers in the USIM may contain one or more Protection Scheme Identifiers in order of their priority. The ME shall read the SUCI calculation information from the USIM, including the SUPI, the Home Network Public Key, the Home Network Public Key Identifier, and the list of Protection Scheme Identifiers. The ME shall select the protection scheme from its supported schemes that has the highest priority in the list obtained from the USIM.
According to RFC 5480 [46] the ECC public key used with Profile B might have been calculated in compressed format.
5.3.17.2 Conformance requirement
1) SUCI calculation procedure shall be performed by the ME if Service n°124 is "available" and Service n°125 is not "available" in EFUST
2) As part of the SUCI calculation performed by the ME, the ME performs the reading procedure with EFSUCI_Calc_Info.
3) The ME shall calculate the SUCI using the highest priority supported protection scheme and the home network public key stored on the USIM
4) The ME shall be capable to calculate the SUCI using Profile B with the ECC public key provided in compressed format.
Reference:
– 3GPP TS 31.102 [4], clauses 4.4.11.8, 4.4.11.11, 5.3.47 and 5.3.51;
– 3GPP TS 33.501 [41], clause Annex C;
– 3GPP TS 24.501 [42], clause 5.5.1.2, 5.5.1.2.4;
– RFC 5480 [46], clause 2.2.
5.3.17.3 Test purpose
1) To verify that the READ EFRouting_Indicator, EFSUCI_Calc_Info and EFIMSI commands are performed correctly by the ME.
2) To verify that the ME performs the SUCI calculation procedure using the profile with the highest priority (i.e. ECIES scheme profile B and the home network public key).
5.3.17.4 Method of test
5.3.17.4.1 Initial conditions
The NG-SS transmits on the BCCH, with the following network parameters:
– TAI (MCC/MNC/TAC): 244/083/000001.
– Access control: unrestricted.
The default 5G-NR UICC is used with the following exception:
EFSUCI_Calc_Info (Subscription Concealed Identifier Calculation Information EF)
Logically:
Protection Scheme Identifier List data object:
Protection Scheme Identifier 1 – ECIES scheme profile B
Key Index 1: 1
Protection Scheme Identifier 2 – ECIES scheme profile A
Key Index 2: 2
Protection Scheme Identifier 3 – null-scheme
Key Index 3: 0
Home Network Public Key List data object:
Home Network Public Key 1 Identifier: 27
Home Network Public Key 1 (see Note 1):
– 02 72 DA 71 97 62 34 CE 83 3A 69 07 42 58 67 B8 2E 07 4D 44 EF 90 7D FB 4B 3E 21 C1 C2 25 6E BC D1
Home Network Public Key 2 Identifier: 30
Home Network Public Key 2:
– 5A 8D 38 86 48 20 19 7C 33 94 B9 26 13 B2 0B 91 63 3C BD 89 71 19 27 3B F8 E4 A6 F4 EE C0 A6 50
|
Coding: |
B1 |
B2 |
B3 |
B4 |
B5 |
B6 |
B7 |
B8 |
|
Hex |
A0 |
06 |
02 |
01 |
01 |
02 |
00 |
00 |
|
B9 |
B10 |
B11 |
B12 |
B13 |
B14 |
B15 |
B16 |
|
|
A1 |
4B |
80 |
01 |
1B |
81 |
21 |
02 |
|
|
B17 |
B18 |
B19 |
B20 |
B21 |
B22 |
B23 |
B24 |
|
|
72 |
DA |
71 |
97 |
62 |
34 |
CE |
83 |
|
|
B25 |
B26 |
B27 |
B28 |
B29 |
B30 |
B31 |
B32 |
|
|
3A |
69 |
07 |
42 |
58 |
67 |
B8 |
2E |
|
|
B33 |
B34 |
B35 |
B36 |
B37 |
B38 |
B39 |
B40 |
|
|
07 |
4D |
44 |
EF |
90 |
7D |
FB |
4B |
|
|
B41 |
B42 |
B43 |
B44 |
B45 |
B46 |
B47 |
B48 |
|
|
3E |
21 |
C1 |
C2 |
25 |
6E |
BC |
D1 |
|
|
B49 |
B50 |
B51 |
B52 |
B53 |
B54 |
B55 |
B56 |
|
|
80 |
01 |
1E |
81 |
20 |
5A |
8D |
38 |
|
|
B57 |
B58 |
B59 |
B60 |
B61 |
B62 |
B63 |
B64 |
|
|
86 |
48 |
20 |
19 |
7C |
33 |
94 |
B9 |
|
|
B65 |
B66 |
B67 |
B68 |
B69 |
B70 |
B71 |
B72 |
|
|
26 |
13 |
B2 |
0B |
91 |
63 |
3C |
BD |
|
|
B73 |
B74 |
B75 |
B76 |
B77 |
B78 |
B79 |
B80 |
|
|
89 |
71 |
19 |
27 |
3B |
F8 |
E4 |
A6 |
|
|
B81 |
B82 |
B83 |
B84 |
B85 |
||||
|
F4 |
EE |
C0 |
A6 |
50 |
NOTE 1: EFSUCI_Calc_Info contains the compressed form of the ECC public key for Profile B.
The UICC is installed into the ME.
The NG-SS shall be configured with Home Network Private Key as following:
|
Coding: |
B1 |
B2 |
B3 |
B4 |
B5 |
B6 |
B7 |
B8 |
|
Hex |
F1 |
AB |
10 |
74 |
47 |
7E |
BC |
C7 |
|
B9 |
B10 |
B11 |
B12 |
B13 |
B14 |
B15 |
B16 |
|
|
F5 |
54 |
EA |
1C |
5F |
C3 |
68 |
B1 |
|
|
B17 |
B18 |
B19 |
B20 |
B21 |
B22 |
B23 |
B24 |
|
|
61 |
67 |
30 |
15 |
5E |
00 |
41 |
AC |
|
|
B25 |
B26 |
B27 |
B28 |
B29 |
B30 |
B31 |
B32 |
|
|
44 |
7D |
63 |
01 |
97 |
5F |
EC |
DA |
5.3.17.4.2 Procedure
a) The UE is switched on.
b) The UE sends REGISTRATION REQUEST to the NG-SS indicating the 5GS registration type IE as "initial registration" and 5GS mobile identity information element type "SUCI".
c) Upon reception of REGISTRATION ACCEPT message with a new 5G-GUTI, the UE sends REGISTRATION COMPLETE message to the NG-SS.
5.3.17.5 Acceptance criteria
1) After step a) the ME shall read EFIMSI, EFRouting_Indicator and EFSUCI_Calc_Info.
2) After step b) the UE shall include the SUCI (coded below) in the 5GS mobile identity IE in the REGISTRATION REQUEST.
SUPI format: 0
Home Network Identifier: 246/081
Routing indicator: 17
Protection scheme id: 02
Home network public key Id: 27
Scheme output: ECC ephemeral public key, encryption of 357935793 and MAC tag value