5.6 Handling subscription identifier privacy for 5G – SUPI type in NAI format
31.1213GPPRelease 16TSUICC-terminal interfaceUniversal Subscriber Identity Module (USIM) application test specification
5.6.1 SUCI calculation by ME using null scheme
5.6.1.1 Definition and applicability
If the operator’s decision is that ME shall calculate the SUCI, the home network operator shall provision a list of the Protection Scheme Identifiers in the USIM that the operator allows. The list of Protection Scheme Identifiers in the USIM may contain one or more Protection Scheme Identifiers in the order of their priority. The ME shall read the SUCI calculation information from the USIM, including the SUPI, the Home Network Public Key, the Home Network Public Key Identifier, and the list of Protection Scheme Identifiers. The ME shall select the protection scheme from its supported schemes that has the highest priority in the list obtained from the USIM.
The ME shall calculate the SUCI using the null-scheme if the highest priority of the protection schemes listed in the USIM is the null-scheme.
5.6.1.2 Conformance requirement
1) SUCI calculation procedure shall be performed by the ME if Service n°124 is "available" and Service n°125 is not "available" in EFUST
2) SUPI is available in EFSUPI_NAI if Service n°130 is "available" in EFUST
3) A subscriber identifier is in the form of a SUPI in NAI format
4) The SUPI may contain:
– a network-specific identifier, used for private networks as defined in TS 22.261 [43] or
– a GLI and an operator identifier of the 5GC operator, used for supporting FN-BRGs, as further described in TS 23.316 [55] or
– a GCI and an operator identifier of the 5GC operator, used for supporting FN-CRGs and 5G-CRG, as further described in TS 23.316 [55].
5) As part of the SUCI calculation performed by the ME, the ME performs the reading procedure for EFSUCI_Calc_Info.
6) The ME shall calculate the SUCI using the null-scheme if highest priority of the protection schemes listed in the USIM is the null-scheme.
Reference:
– TS 31.102 [4], clauses 4.4.11.8, 4.4.11.10, 4.4.11.11, 5.2.33, 5.3.47 and 5.3.51;
– TS 33.501 [41], clause Annex C;
– TS 23.003 [19], clause 28.2, 28.7.2.
– TS 24.501 [42], clause 5.5.1.2, 5.5.1.2.4.
5.6.1.3 Test purpose
1) To verify that the READ EFSUCI_Calc_Info, EFRouting_Indicator and EFSUPI_NAI commands are performed correctly by the ME.
2) To verify that the ME performs the SUCI calculation procedure using null-scheme.
5.6.1.4 Method of test
5.6.1.4.1 Initial conditions
The NG-SS transmits on the BCCH, with the following network parameters:
– TAI (MCC/MNC/TAC): 244/083/000001.
– Access control: unrestricted.
The default 5G-NR UICC non-IMSI SUPI Type is used with the following exception:
EFSUCI_Calc_Info (Subscription Concealed Identifier Calculation Information EF)
Logically:
Protection Scheme Identifier List data object
Protection Scheme Identifier 1 – null-scheme
Key Index 1: 0
Protection Scheme Identifier 2 – ECIES scheme profile B
Key Index 2: 1
Protection Scheme Identifier 3 – ECIES scheme profile A
Key Index 3: 2
Home Network Public Key List data object
Home Network Public Key 1 Identifier: 27
Home Network Public Key 1:
– 04 72 DA 71 97 62 34 CE 83 3A 69 07 42 58 67 B8 2E 07 4D 44 EF 90 7D FB 4B 3E 21 C1 C2 25 6E BC D1 5A 7D ED 52 FC BB 09 7A 4E D2 50 E0 36 C7 B9 C8 C7 00 4C 4E ED C4 F0 68 CD 7B F8 D3 F9 00 E3 B4
Home Network Public Key 2 Identifier: 30
Home Network Public Key 2:
– 5A 8D 38 86 48 20 19 7C 33 94 B9 26 13 B2 0B 91 63 3C BD 89 71 19 27 3B F8 E4 A6 F4 EE C0 A6 50
|
Coding: |
B1 |
B2 |
B3 |
B4 |
B5 |
B6 |
B7 |
B8 |
|
Hex |
A0 |
06 |
00 |
00 |
02 |
01 |
01 |
02 |
|
B9 |
B10 |
B11 |
B12 |
B13 |
B14 |
B15 |
B16 |
|
|
A1 |
6B |
80 |
01 |
1B |
81 |
41 |
04 |
|
|
B17 |
B18 |
B19 |
B20 |
B21 |
B22 |
B23 |
B24 |
|
|
72 |
DA |
71 |
97 |
62 |
34 |
CE |
83 |
|
|
B25 |
B26 |
B27 |
B28 |
B29 |
B30 |
B31 |
B32 |
|
|
3A |
69 |
07 |
42 |
58 |
67 |
B8 |
2E |
|
|
B33 |
B34 |
B35 |
B36 |
B37 |
B38 |
B39 |
B40 |
|
|
07 |
4D |
44 |
EF |
90 |
7D |
FB |
4B |
|
|
B41 |
B42 |
B43 |
B44 |
B45 |
B46 |
B47 |
B48 |
|
|
3E |
21 |
C1 |
C2 |
25 |
6E |
BC |
D1 |
|
|
B49 |
B50 |
B51 |
B52 |
B53 |
B54 |
B55 |
B56 |
|
|
5A |
7D |
ED |
52 |
FC |
BB |
09 |
7A |
|
|
B57 |
B58 |
B59 |
B60 |
B61 |
B62 |
B63 |
B64 |
|
|
4E |
D2 |
50 |
E0 |
36 |
C7 |
B9 |
C8 |
|
|
B65 |
B66 |
B67 |
B68 |
B69 |
B70 |
B71 |
B72 |
|
|
C7 |
00 |
4C |
4E |
ED |
C4 |
F0 |
68 |
|
|
B73 |
B74 |
B75 |
B76 |
B77 |
B78 |
B79 |
B80 |
|
|
CD |
7B |
F8 |
D3 |
F9 |
00 |
E3 |
B4 |
|
|
B81 |
B82 |
B83 |
B84 |
B85 |
B86 |
B87 |
B88 |
|
|
80 |
01 |
1E |
81 |
20 |
5A |
8D |
38 |
|
|
B89 |
B90 |
B91 |
B92 |
B93 |
B94 |
B95 |
B96 |
|
|
86 |
48 |
20 |
19 |
7C |
33 |
94 |
B9 |
|
|
B97 |
B98 |
B99 |
B100 |
B101 |
B102 |
B103 |
B104 |
|
|
26 |
13 |
B2 |
0B |
91 |
63 |
3C |
BD |
|
|
B105 |
B106 |
B107 |
B108 |
B109 |
B110 |
B111 |
B112 |
|
|
89 |
71 |
19 |
27 |
3B |
F8 |
E4 |
A6 |
|
|
B113 |
B114 |
B115 |
B116 |
B117 |
||||
|
F4 |
EE |
C0 |
A6 |
50 |
The UICC is installed into the ME.
5.6.1.4.2 Procedure
a) The UE is switched on.
b) The UE sends REGISTRATION REQUEST to the NG-SS indicating the 5GS registration type IE as "initial registration" and 5GS mobile identity information element type "SUCI".
c) Upon reception of REGISTRATION ACCEPT message with a 5G-GUTI, the UE sends REGISTRATION COMPLETE message to the NG-SS.
5.6.1.5 Acceptance criteria
1) After step a) the ME shall read EFSUPI_NAI, EFRouting_Indicator and EFSUCI_Calc_Info.
2) In step b) the UE shall include the SUCI as coded below in the 5GS mobile identity IE in the REGISTRATION REQUEST.
SUPI format: 3
Routing indicator: 17
Protection scheme id: 00
Home network public key Id: 0
Scheme output: 00-00-5E-00-53-00@5gc.mnc012.mcc345.3gppnetwork.org
5.6.2 UE identification by SUCI during initial registration – SUCI calculation by USIM using profile A
5.6.2.1 Definition and applicability
If the operator’s decision, indicated by the USIM, is that the USIM shall calculate the SUCI, then the USIM shall not give to the ME any parameter for the calculation of the SUCI including the Home Network Public Key Identifier, the Home Network Public Key, and the Protection Scheme Identifier. If the ME determines that the calculation of the SUCI, indicated by the USIM, shall be performed by the USIM, the ME shall delete any previously received or locally cached parameters for the calculation of the SUCI including the Routing Indicator, the Home Network Public Key Identifier, the Home Network Public Key and the Protection Scheme Identifier.
5.6.2.2 Conformance requirement
1) SUCI calculation procedure shall be performed by the USIM if Service n°124 is "available" and Service n°125 is "available" in EFUST
2) SUPI is available in EFSUPI_NAI if Service n°130 is "available" in EFUST
3) A subscriber identifier is in the form of a SUPI in NAI format
4) The SUPI may contain:
– a NSI, used for private networks as defined in TS 22.261 [43] or
– a GLI and an operator identifier of the 5GC operator, used for supporting FN-BRGs, as further described in TS 23.316 [55] or
– a GCI and an operator identifier of the 5GC operator, used for supporting FN-CRGs and 5G-CRG, as further described in TS 23.316 [55].
5) The ME shall use the GET IDENTITY command in SUCI context to retrieve the SUCI calculated by the USIM.
6) This GET IDENTITY command shall be as per 7.5.2 in 3GPP TS 31.102 [4].
7) The USIM shall calculate the SUCI using the ECIES scheme profile A.
Reference:
– 3GPP TS 31.102 [4], clauses 4.4.11.10, 4.4.11.11, 5.3.48 and 7.5.
– 3GPP TS 33.501 [41], clauses 6.12.1, 6.12.2 and Annex C.
– TS 23.003 [19], clauses 2.2A, 2.2B, 28.2, 28.7.2, 28.7.3, 28.15.2 and 28.15.5.
– 3GPP TS 24.501 [42], clause 5.5.1.2, 5.5.1.2.4.
5.6.2.3 Test purpose
1) To verify that the GET IDENTITY command is performed correctly by the ME.
2) To verify that the ME includes the SUCI received from the USIM within GET IDENTITY response in the 5GS mobile identity IE.
5.6.2.4 Method of test
5.6.2.4.1 Initial conditions
The NG-SS transmits on the BCCH, with the following network parameters:
– TAI (MCC/MNC/TAC): 244/083/000001.
– Access control: unrestricted.
The NG-SS shall be configured with Home Network Private Key for profile A:
|
Coding: |
B1 |
B2 |
B3 |
B4 |
B5 |
B6 |
B7 |
B8 |
|
Hex |
C5 |
3C |
22 |
20 |
8B |
61 |
86 |
0B |
|
B9 |
B10 |
B11 |
B12 |
B13 |
B14 |
B15 |
B16 |
|
|
06 |
C6 |
2E |
54 |
06 |
A7 |
B3 |
30 |
|
|
B17 |
B18 |
B19 |
B20 |
B21 |
B22 |
B23 |
B24 |
|
|
C2 |
B5 |
77 |
AA |
55 |
58 |
98 |
15 |
|
|
B25 |
B26 |
B27 |
B28 |
B29 |
B30 |
B31 |
B32 |
|
|
10 |
D1 |
28 |
24 |
7D |
38 |
BD |
1D |
5G-NR UICC – non-IMSI SUPI Type is configured with:
Protection Scheme Identifier : ECIES scheme profile A
Key Index: 1
Home Network Public Key Identifier: 30
Home Network Public Key:
|
Coding: |
B1 |
B2 |
B3 |
B4 |
B5 |
B6 |
B7 |
B8 |
|
Hex |
5A |
8D |
38 |
86 |
48 |
20 |
19 |
7C |
|
B9 |
B10 |
B11 |
B12 |
B13 |
B14 |
B15 |
B16 |
|
|
33 |
94 |
B9 |
26 |
13 |
B2 |
0B |
91 |
|
|
B17 |
B18 |
B19 |
B20 |
B21 |
B22 |
B23 |
B24 |
|
|
63 |
3C |
BD |
89 |
71 |
19 |
27 |
3B |
|
|
B25 |
B26 |
B27 |
B28 |
B29 |
B30 |
B31 |
B32 |
|
|
F8 |
E4 |
A6 |
F4 |
EE |
C0 |
A6 |
50 |
EFSUCI_Calc_Info (Subscription Concealed Identifier Calculation Information EF): Not available to the ME.
EFUST (USIM Service Table)
Settings from clause 4.10.1 of the present document apply with the following changes:
Logically:
|
Service n°125: |
SUCI calculation by the USIM |
available |
|
Coding: |
B1 |
B2 |
B3 |
B4 |
B5 |
B6 |
B7 |
B8 |
|
Binary: |
xxxx xx1x |
xxxx xxxx |
xxxx 1×00 |
xxxx x1xx |
xxxx xx11 |
xxxx xxxx |
xxxx xxxx |
xxxx xxxx |
|
B9 |
B10 |
B11 |
B16 |
B17 |
||||
|
xxxx xxxx |
xxxx xxxx |
xx11 xxxx |
….. |
xxx1 111x |
xxxx xx1x |
EFSUPI_NAI (SUPI as Network Access Identifier)
Logically: verylongusername1@3gpp.com
SUPI Type: NSI
Username: verylongusername1
Realm: 3gpp.com
|
Coding: |
B1 |
B2 |
B3 |
B4 |
B5 |
B6 |
B7 |
B8 |
|
Hex |
80 |
1A |
76 |
65 |
72 |
79 |
6C |
6F |
|
B9 |
B10 |
B11 |
B12 |
B13 |
B14 |
B15 |
B16 |
|
|
6E |
67 |
75 |
73 |
65 |
72 |
6E |
61 |
|
|
B17 |
B18 |
B19 |
B20 |
B21 |
B22 |
B23 |
B24 |
|
|
6D |
65 |
31 |
40 |
33 |
67 |
70 |
70 |
|
|
B25 |
B26 |
B27 |
B28 |
B29 |
B30 |
B31 |
B32 |
|
|
2E |
63 |
6F |
6D |
5.6.2.4.2 Procedure
a) The UE is switched on.
b) The UE sends REGISTRATION REQUEST to the NG-SS indicating the 5GS registration type IE as "initial registration" and 5GS mobile identity information element type "SUCI".
c) Upon reception of REGISTRATION ACCEPT message with a 5G-GUTI, the UE sends REGISTRATION COMPLETE message to the NG-SS.
5.6.2.5 Acceptance criteria
1) After step a) the ME shall send GET IDENTITY command with Identity Context in P2 as SUCI (0x01) to the 5G-NR UICC
2) After step b) the UE shall include the SUCI (coded below) in the 5GS mobile identity IE in the REGISTRATION REQUEST.
SUPI format: 1
Home Network Identifier: 246/081
Routing indicator: 17
Protection scheme id: 01
Home network public key Id: 30
Scheme output: ECC ephemeral public key, encryption of verylongusername1@3gpp.com.org and MAC tag value
As exemple with test data from 3GPP TS 33.501 [43] Annex C :
type1.rid17.schid1.hnkey30.ecckey977D8B2FDAA7B64AA700D04227D5B440630EA4EC50F9082273A26BB678C92222.cip8E358A1582ADB15322C10E515141D2039A.mac12E1D7783A97F1AC@3gpp.com
5.6.3 UE identification by SUCI during initial registration – SUCI calculation by USIM using profile B
5.6.3.1 Definition and applicability
If the operator’s decision, indicated by the USIM, is that the USIM shall calculate the SUCI, then the USIM shall not give to the ME any parameter for the calculation of the SUCI including the Home Network Public Key Identifier, the Home Network Public Key, and the Protection Scheme Identifier. If the ME determines that the calculation of the SUCI, indicated by the USIM, shall be performed by the USIM, the ME shall delete any previously received or locally cached parameters for the calculation of the SUCI including the Routing Indicator, the Home Network Public Key Identifier, the Home Network Public Key and the Protection Scheme Identifier.
5.6.3.2 Conformance requirement
1) SUCI calculation procedure shall be performed by the USIM if Service n°124 is "available" and Service n°125 is "available" in EFUST
2) SUPI is available in EFSUPI_NAI if Service n°130 is "available" in EFUST
3) A subscriber identifier is in the form of a SUPI in NAI format
4) The SUPI may contain:
– a NSI, used for private networks as defined in TS 22.261 [43] or
– a GLI and an operator identifier of the 5GC operator, used for supporting FN-BRGs, as further described in TS 23.316 [55] or
– a GCI and an operator identifier of the 5GC operator, used for supporting FN-CRGs and 5G-CRG, as further described in TS 23.316 [55].
5) The ME shall use the GET IDENTITY command in SUCI context to retrieve the SUCI calculated by the USIM.
6) This GET IDENTITY command shall be as per 7.5.2 in 3GPP TS 31.102 [4].
7) The USIM shall calculate the SUCI using the ECIES scheme profile B.
Reference:
– 3GPP TS 31.102 [4], clauses 4.4.11.10, 4.4.11.11, 5.3.48 and 7.5.
– 3GPP TS 33.501 [41], clauses 6.12.1, 6.12.2 and Annex C.
– TS 23.003 [19], clauses 2.2A, 2.2B, 28.2, 28.7.2, 28.7.3, 28.15.2 and 28.15.5.
– 3GPP TS 24.501 [42], clause 5.5.1.2, 5.5.1.2.4.
5.6.3.3 Test purpose
1) To verify that the GET IDENTITY command is performed correctly by the ME.
2) To verify that the ME includes the SUCI received from the USIM within GET IDENTITY response in the 5GS mobile identity IE.
5.6.3.4 Method of test
5.6.3.4.1 Initial conditions
The NG-SS transmits on the BCCH, with the following network parameters:
– TAI (MCC/MNC/TAC): 244/083/000001.
– Access control: unrestricted.
The default 5G-NR UICC – non-IMSI SUPI Type is used and installed into the Terminal.
The NG-SS shall be configured with Home Network Private Key for profile B:
|
Coding: |
B1 |
B2 |
B3 |
B4 |
B5 |
B6 |
B7 |
B8 |
|
Hex |
F1 |
AB |
10 |
74 |
47 |
7E |
BC |
C7 |
|
B9 |
B10 |
B11 |
B12 |
B13 |
B14 |
B15 |
B16 |
|
|
F5 |
54 |
EA |
1C |
5F |
C3 |
68 |
B1 |
|
|
B17 |
B18 |
B19 |
B20 |
B21 |
B22 |
B23 |
B24 |
|
|
61 |
67 |
30 |
15 |
5E |
00 |
41 |
AC |
|
|
B25 |
B26 |
B27 |
B28 |
B29 |
B30 |
B31 |
B32 |
|
|
44 |
7D |
63 |
01 |
97 |
5F |
EC |
DA |
5G-NR UICC – non-IMSI SUPI Type is configured with:
Protection Scheme Identifier : ECIES scheme profile B
Key Index: 1
Home Network Public Key Identifier: 27
Home Network Public Key:
|
Coding: |
B1 |
B2 |
B3 |
B4 |
B5 |
B6 |
B7 |
B8 |
|
Hex |
04 |
72 |
DA |
71 |
97 |
62 |
34 |
CE |
|
B9 |
B10 |
B11 |
B12 |
B13 |
B14 |
B15 |
B16 |
|
|
83 |
3A |
69 |
07 |
42 |
58 |
67 |
B8 |
|
|
B17 |
B18 |
B19 |
B20 |
B21 |
B22 |
B23 |
B24 |
|
|
2E |
07 |
4D |
44 |
EF |
90 |
7D |
FB |
|
|
B25 |
B26 |
B27 |
B28 |
B29 |
B30 |
B31 |
B32 |
|
|
4B |
3E |
21 |
C1 |
C2 |
25 |
6E |
BC |
|
|
B33 |
B34 |
B35 |
B36 |
B37 |
B38 |
B39 |
B40 |
|
|
D1 |
5A |
7D |
ED |
52 |
FC |
BB |
09 |
|
|
B41 |
B42 |
B43 |
B44 |
B45 |
B46 |
B47 |
B48 |
|
|
7A |
4E |
D2 |
50 |
E0 |
36 |
C7 |
B9 |
|
|
B49 |
B50 |
B51 |
B52 |
B53 |
B54 |
B55 |
B56 |
|
|
C8 |
C7 |
00 |
4C |
4E |
ED |
C4 |
F0 |
|
|
B57 |
B58 |
B59 |
B60 |
B61 |
B62 |
B63 |
B64 |
|
|
68 |
CD |
7B |
F8 |
D3 |
F9 |
00 |
E3 |
|
|
B65 |
||||||||
|
B4 |
EFSUCI_Calc_Info (Subscription Concealed Identifier Calculation Information EF): Not available to the ME.
EFUST (USIM Service Table)
Settings from clause 4.10.1 of the present document apply with the following changes:
Logically:
|
Service n°125: |
SUCI calculation by the USIM |
available |
|
Coding: |
B1 |
B2 |
B3 |
B4 |
B5 |
B6 |
B7 |
B8 |
|
Binary: |
xxxx xx1x |
xxxx xxxx |
xxxx 1×00 |
xxxx x1xx |
xxxx xx11 |
xxxx xxxx |
xxxx xxxx |
xxxx xxxx |
|
B9 |
B10 |
B11 |
B16 |
B17 |
||||
|
xxxx xxxx |
xxxx xxxx |
xx11 xxxx |
….. |
xxx1 111x |
xxxx xx1x |
EFSUPI_NAI (SUPI as Network Access Identifier)
Logically: verylongusername1@3gpp.com
SUPI Type: NSI
Username: verylongusername1
Realm: 3gpp.com
|
Coding: |
B1 |
B2 |
B3 |
B4 |
B5 |
B6 |
B7 |
B8 |
|
Hex |
80 |
1A |
76 |
65 |
72 |
79 |
6C |
6F |
|
B9 |
B10 |
B11 |
B12 |
B13 |
B14 |
B15 |
B16 |
|
|
6E |
67 |
75 |
73 |
65 |
72 |
6E |
61 |
|
|
B17 |
B18 |
B19 |
B20 |
B21 |
B22 |
B23 |
B24 |
|
|
6D |
65 |
31 |
40 |
33 |
67 |
70 |
70 |
|
|
B25 |
B26 |
B27 |
B28 |
B29 |
B30 |
B31 |
B32 |
|
|
2E |
63 |
6F |
6D |
5.6.3.4.2 Procedure
a) The UE is switched on.
b) The UE sends REGISTRATION REQUEST to the NG-SS indicating the 5GS registration type IE as "initial registration" and 5GS mobile identity information element type "SUCI".
c) Upon reception of REGISTRATION ACCEPT message with a 5G-GUTI, the UE sends REGISTRATION COMPLETE message to the NG-SS.
5.6.3.5 Acceptance criteria
1) After step a) the ME shall send GET IDENTITY command with Identity Context in P2 as SUCI (0x01) to the 5G-NR UICC
2) After step b) the UE shall include the SUCI (coded below) in the 5GS mobile identity IE in the REGISTRATION REQUEST.
SUPI format: 1
Home Network Identifier: 246/081
Routing indicator: 17
Protection scheme id: 02
Home network public key Id: 27
Scheme output: ECC ephemeral public key, encryption of verylongusername1@3gpp.com and MAC tag value
As exemple with test data from 3GPP TS 33.501 [43] Annex C :
type1.rid17.schid2.hnkey27.ecckey03759BB22C563D9F4A6B3C1419E543FC2F39D6823F02A9D71162B39399218B244B.cipBE22D8B9F856A52ED381CD7EAF4CF2D525.mac3CDDC61A0A7882EB@3gpp.com
5.6.4 UE identification after SUPI is changed
5.6.4.1 Definition and applicability
A globally unique temporary user identity for 5GS-based services, the 5G globally unique temporary identity (5G-GUTI), is used for identification within the signalling procedures. A UE supporting N1 mode includes a valid 5G-GUTI, if any is available, in the REGISTRATION REQUEST and DEREGISTRATION REQUEST messages.
5.6.4.2 Conformance requirement
The following 5GMM parameters shall be stored on the USIM if the corresponding file is present:
a) 5G-GUTI;
b) last visited registered TAI;
c) 5GS update status; and
d) 5G NAS security context parameters from a full native 5G NAS security context.
The presence and format of corresponding files on the USIM is specified in 3GPP TS 31.102 [4].
If the corresponding file is not present on the USIM, these 5GMM parameters are stored in a non-volatile memory in the ME together with the SUPI from the USIM in the EFSUPI_NAI.. These 5GMM parameters can only be used if the SUPI from the USIM in the EFSUPI_NAI matches the SUPI stored in the non-volatile memory; else the UE shall delete the 5GMM parameters.
Reference:
– TS 24.501 [42], clauses 5.3.3, 5.5.1.2 and Annex C.
5.6.4.3 Test purpose
1) To verify that the READ EFSUPI_NAI command is performed correctly by the ME.
2) To verify that the ME deletes the 5GMM parameters from non-volatile memory in case SUPI is changed.
3) To verify that the GET IDENTITY command is performed correctly by the ME.
4) To verify that the ME includes the SUCI received from the USIM within GET IDENTITY response in the 5GS mobile identity IE.
5.6.4.4 Method of test
5.6.4.4.1 Initial conditions
The NG-SS transmits on the BCCH, with the following network parameters:
– TAI (MCC/MNC/TAC): 244/083/000001.
– Access control: unrestricted.
The default 5G-NR UICC – non-IMSI SUPI Type is used and installed into the Terminal.
EFUST (USIM Service Table)
Settings from clause 4.10.1 of the present document apply with the following changes:
Logically:
|
Service n°125: |
SUCI calculation by the USIM |
available |
|
Coding: |
B1 |
B2 |
B3 |
B4 |
B5 |
B6 |
B7 |
B8 |
|
Binary: |
xxxx xx1x |
xxxx xxxx |
xxxx 1×00 |
xxxx x1xx |
xxxx xx11 |
xxxx xxxx |
xxxx xxxx |
xxxx xxxx |
|
B9 |
B10 |
B11 |
B16 |
B17 |
||||
|
xxxx xxxx |
xxxx xxxx |
xx11 xxxx |
….. |
xxx1 111x |
xxxx xx1x |
5G-NR UICC – non-IMSI SUPI Type is configured with:
Protection Scheme Identifier : null-scheme
Key Index: 0
EFSUCI_Calc_Info (Subscription Concealed Identifier Calculation Information EF): Not available to the ME.
5.6.4.4.2 Procedure
a) The UE is switched on.
b) The UE sends REGISTRATION REQUEST to the NG-SS indicates the 5GS registration type IE as "initial registration".
c) The NG-SS sends a REGISTRATION ACCEPT message with the following parameters:
5G-GUTI: 24408300010266436587
TAI: 244 083 000001
d) The UE sends a REGISTRATION COMPLETE message to the NG-SS.
e) The UE is switched off, change the UICC configuration by setting the SUPI value from 00-00-5E-00-53-00@5gc.mnc012.mcc345.3gppnetwork.org to 00-00-5E-00-53-01@5gc.mnc012.mcc345.3gppnetwork.org.
f) The UE is switched on.
g) The UE sends REGISTRATION REQUEST to the NG-SS indicating the 5GS registration type IE as "initial registration" and 5GS mobile identity information element type "SUCI" with the new SUCI corresponding to the new SUPI value.
5.6.4.5 Acceptance criteria
1) After step a) and f) the ME shall read EFSUPI_NAI and then the ME shall send GET IDENTITY command with Identity Context in P2 as SUCI (0x01) to the 5G-NR UICC.
2) In step g) the UE shall not use the 5G-GUTI or the Last visited registered TAI parameters in the REGISTRATION REQUEST message, instead it shall use the new SUCI as 5GS mobile identity IE.
3) The UE shall include the new SUCI (coded below).
SUPI format: 3
Home Network Identifier: 246/081
Routing indicator: 17
Protection scheme id: 00
Home network public key Id: 0
Scheme output: 00-00-5E-00-53-01@5gc.mnc012.mcc345.3gppnetwork.org