5 Subscription related tests

31.1273GPPnon-removable Universal Subscriber Identity Module (nrUSIM) application behavioural test specificationRelease 17TSUICC-terminal interaction

5.1 IMSI/TMSI handling

5.1.1 UE identification by short IMSI

5.1.1.1 Definition and applicability

The IMSI is used for unique identification of the UE by a UTRAN. The IMSI is stored in the USIM and read during the UICC-Terminal initialisation procedure.

5.1.1.2 Conformance requirement

CR 1 The ME correctly performs the READ BINARY command on EF_IMSI.

References:

– TS 31 101 [33], clause 11.1.3;

– ETSI TS 102 221 [8], clause 11.1.3 and 14.1.1.

CR 2 After successful completion of the RRCConnectionEstablishment procedure the UE shall send a PagingResponse/AttachRequest containing the IMSI of the USIM which has less than the maximum length.

References:

– TS 31.102 [19], clause 4.2.2, 4.2.18, 5.1.1 and 5.1.2;

– TS 24.008 [31], clause 10.5.1.4.

5.1.1.3 Test purpose

The purpose of this test is to verify that:

1) the ME used the IMSI stored in the USIM when attaching to the network;

2) the ME can handle an IMSI of less than the maximum length stored in EF_IMSI;

5.1.1.4 Method of test

5.1.1.4.1 Initial conditions

The values of the Default UICC as defined in clause 4.5.1 of the present document are used with EF_IMSI as defined in clause 4.5.8.2.

The UICC/USIM configuration defined for this test case is installed in the UE.

The USS transmits on the BCCH, with the following network parameters:

– Attach/detach: disabled

– LAI (MCC/MNC/LAC): 246/081/0001

– RAI (MCC/MNC/LAC/RAC): 246/081/0001/05 (only for UTRAN cell)

– Access control: unrestricted

The UE runs an initial activation.

5.1.1.4.2 Procedure

Execute the test procedure "Expected Sequence A" as defined in TS 31.121 [2], clause 5.1.1.4.2.

5.1.1.5 Acceptance criteria

CR 1 can only be verified by a method explicitly verifying the correct execution of the READ command on the listed EF_IMSI. (A.2/1, A.2/2 or A.2/4).

CR 2 is verified by analysing the IMSI value transferred to the USS in the PagingResponse or the AttachRequest. The conformance requirement CR 2 is met if the IMSI value generated and stored on the USIM during preparation of the initial conditions matches the IMSI value provided to the TT (USS). Explicit verification of EF_IMSI contents shall be done using A.2/3.

5.1.2 UE identification by short IMSI using a 2-digit MNC

5.1.2.1 Definition and applicability

In some networks the IMSI identifying the UTRAN/GERAN can consist of a 2-digit MNC. The IMSI is stored in the USIM and read during the UICC-Terminal initialisation procedure.

5.1.2.2 Conformance requirement

CR 1 After successful completion of the RRCConnectionEstablishment procedure the UE shall send PagingResponse/AttachRequest containing the IMSI of the USIM.

Reference:

– TS 31.102 [19], clause 4.2.2 and 4.2.18, and 5.1.1.2;

– TS 24.008 [31], clause 10.5.1.4 and 4.7.9.1.2.

5.1.2.3 Test purpose

The purpose of this test is to verify that:

1) the ME uses the IMSI stored in the USIM when attaching to the network;

2) the ME is capable to handle an IMSI with a 2-digit MNC if indicated in EF_AD.

5.1.2.4 Method of test

5.1.2.4.1 Initial conditions

The values of the Default UICC as defined in clause 4.5.1 of the present document are used with EF_IMSI as defined in clause 4.5.8.3.

EF_LOCI and EF_AD are used as defined in [2] clause 5.1.2.4.1.

The UICC/USIM configuration defined for this test case is installed in the UE.

The USS transmits on the BCCH, with the following network parameters:

– Attach/detach: disabled

– LAI (MCC/MNC/LAC): 246/81/0001

– RAI (MCC/MNC/LAC/RAC): 246/81/0001/05 (only for UTRAN cell)

– Access control: unrestricted

The UE runs an initial activation.

5.1.2.4.2 Procedure

Execute the test procedure "Expected Sequence A" as defined in TS 31.121 [2] clause 5.1.2.4.2.

5.1.2.5 Acceptance criteria

CR 1 is verified by analysing the IMSI value transferred to the USS in the PagingResponse or the AttachRequest. The conformance requirement CR 1 is met if the IMSI value stored on the USIM matches the IMSI value provided to the TT (USS). Explicit verification of EF_IMSI contents shall be done using A.2/3.

5.1.3 UE identification by "short" TMSI

5.1.3.1 Definition and applicability

The TMSI is assigned by the network and stored in the USIM by the Terminal. The TMSI previously assigned and stored in the USIM is read during the USIM-Terminal initialisation procedure and used by the UTRAN to identify the UE.

5.1.3.2 Conformance requirement

CR 1 After successful completion of the RRCConnectionEstablishment procedure the UE shall send a PagingResponse containing the TMSI of the USIM.

CR 2 The TMSI has a fixed length of 32 bit (8 digits) when used inside the PagingType 1/PagingRequest message (see clause 10.3.1.17 of TS 25.331 [32])

Reference:

– TS 31.102 [19], clause 5.1.1 and 5.1.2.

– TS 24.008 [19], clause 10.5.1.4.

– TS 25.331 [32], clause 10.3.1.17.

5.1.3.3 Test purpose

The purpose of this test is to verify that:

1) the TMSI stored in the USIM is used to identify the UE in the network;

2) the ME can handle a TMSI of less than the maximum length.

NOTE: According to TS 23.003 [34], clause 2.4, a TMSI always consists of 8 digits (4 bytes). Within this test the handling of a TMSI with leading zeros will be tested. The term "short" TMSI is used in the present test in order to distinguish from the tests defined in clause 5.1.4.

5.1.3.4 Method of test

5.1.3.4.1 Initial conditions

The values of the Default UICC as defined in clause 4.5.1 of the present document are used with EF_LOCI as defined in clause 4.5.8.8.

The UICC/USIM configuration defined for this test case is installed in the UE.

The USS transmits on the BCCH, with the following network parameters:

– Attach/detach: disabled.

– LAI (MCC/MNC/LAC): 246/081/0001

– Access control: unrestricted.

The UE runs an initial activation.

5.1.3.4.2 Procedure

Execute the test procedure "Expected Sequence A" as defined in TS 31.121 [2] clause 5.1.3.4.2.

5.1.3.5 Acceptance criteria

CR 1 and CR 2 are verified by analysing the TMSI value transferred to the USS in the PagingResponse. The conformance requirements CR 1 and CR 2 are met if the TMSI value stored in EF_LOCI on the USIM matches the TMSI value provided to the TT (USS). Explicit verification of EF_TMSI contents shall be done using A.2/3.

5.1.4 UE identification by "long" TMSI

5.1.4.1 Definition and applicability

The TMSI is assigned by the network and stored in the USIM by the Terminal. The TMSI previously assigned and stored in the USIM is read during the USIM-Terminal initialisation procedure and used by the UTRAN to identify the UE.

5.1.4.2 Conformance requirement

CR 1 After successful completion of the RRCConnectionEstablishment procedure the UE shall send a PagingResponse containing the TMSI of the USIM.

CR 2 The TMSI has a fixed length of 32 bit (8 digits) when used inside the PagingType 1/PagingRequest

Reference:

– TS 25.331 [32], clause 10.3.1.17.

CR 3 The UE is not responding to a PagingType 1 with a TMSI other than the TMSI stored in the USIM.

Reference:

– TS 31.102 [19], clause 5.1.1 and 5.1.2;

– TS 24.008 [19], clause 10.5.1.4;

– TS 25.331 [32], clause 10.3.1.17.

5.1.4.3 Test purpose

The purpose of this test is to verify that:

1. the TMSI stored in the USIM is used to identify the UE in the network;
2. the ME can handle a TMSI of the maximum length;
3. the ME is not responding to a page request containing the previous TMSI.

NOTE: According to TS 23.003 [34], clause 2.4, a TMSI always consists of 8 digits (4 bytes). Within this test the handling of a TMSI with leading zeros will be tested. The term "long" TMSI is used in order to distinguish between the tests as defined in clauses 5.1.3 and 5.1.4.

5.1.4.4 Method of test

5.1.4.4.1 Initial conditions

Ensure that the UE has been operated with a USIM containing a LOCI set as defined in clause 4.5.8.7. Store the selected value for x (D: x ∈ {0x0; …; 0x9, 0xF}). The values of the Default UICC as defined in clause 4.5.1 of the present document are used with EF_LOCI set as defined in clause 4.5.8.7, with an x value set to the same value as during initial activation (or as in in test 5.1.3 if executed directly before this test case).

The USS transmits on the BCCH, with the following network parameters:

– Attach/detach: disabled

– LAI (MCC/MNC/LAC): 246/081/0001

– Access control: unrestricted

If test case 5.1.3 was executed directly before and the provided TMSI can be used by the USS:

The UICC/USIM data including EF_LOCI is installed in the UE.

Ensure that the UE is using the test UICC/USIM configuration defined for this test case and runs an initial activation.

If no known "short" TMSI can be used by the USS:

The UICC/USIM data including the Initial EF_LOCI is installed in the UE.

Ensure that the UE is using the UICC/USIM configuration defined for this test case, runs an initial activation and attaches to the BCCH provided by the USS.

Deactivate the UE and provide the data defined for EF_LOCI to the USIM.

Activate the UE

5.1.4.4.2 Procedure

Execute the test procedure "Expected Sequence A" as defined in TS 31.121 [2] clause 5.1.5.4.2, where the TMSI used by the USS in the PagingType 1 shall be "0000214x" as set when executing test case 5.1.3 or the alternative initial procedure.

5.1.4.5 Acceptance criteria

CR 1 and CR 2 are verified by analysing the TMSI value transferred to the USS in the PagingResponse. The conformance requirements CR 1 and CR 2 are met if the TMSI value stored in EF_LOCI on the USIM matches the TMSI value provided to the TT (USS). Explicit verification of EF_LOCI contents shall be done using A.2/3.

CR 3 is met if the UE is not responding to the PagingType 1 with TMSI "0000214x" sent by the USS.

5.1.5 UE identification by long IMSI, TMSI updating and key set identifier assignment

5.1.5.1 Definition and applicability

The IMSI and TMSI are used for identification of the UE by UTRAN. They are read from the USIM during the USIM-Terminal initialisation procedure. Within the authentication procedure the UTRAN sends a key set identifier to the UE. In addition, the network may allocate a new TMSI to the UE. Key set identifier and TMSI are stored in the USIM after UTRAN call termination and/or at a 3G session termination.

NOTE: According to TS 24.008 [31] the term KSI may be used instead of the term ciphering key sequence number which is used inside the MM message AuthenticationRequest.

5.1.5.2 Conformance requirement

CR 1 After successful completion of the RRCConnectionEstablishment procedure the UE shall send PagingResponse containing the correct IMSI stored in the USIM.

Reference:

– TS 31.102 [19], clauses 5.1.1 and 5.2.2;

– TS 24.008 [31], clause 10.5.1.4.

CR 2 After call termination the USIM shall contain the key set identifier and TMSI received by the UE during the authentication and TMSI reallocation procedures.

Reference:

– TS 31.102 [19], clauses 5.1.2, 5.2.5 and 5.2.6;

– TS 21.111 [20], clause 10.1;

– TS 24.008 [31], clause 4.3.2.4.

CR 3 After call termination the ME shall have updated EF_LOCI

Reference:

– ETSI TS 102 221 [28], clause 11.1.4 and 14.1.2;

5.1.5.3 Test purpose

The purpose of this test is to verify that:

1. the ME uses the IMSI stored in the USIM when attaching to the network;
2. the ME does not respond to a paging message containing an IMSI a previous IMSI;
3. the ME can handle an IMSI of the maximum length;

4) the ME correctly updates the ciphering key sequence number at call termination;

5) the ME correctly updates the TMSI at call termination;

6) the UPDATE EF_LOCI command is performed correctly by the ME.

5.1.5.4 Method of test

5.1.5.4.1 Initial conditions

Ensure that the UE has been operated with a USIM containing an IMSI with a logical value "246081357x" (D: x ∈ {0x0; …; 0x9, 0xF}).

NOTE: This may be achieved by executing the previous test (5.1.4) prior to this test.

The values of the Default UICC as defined in clause 4.5.1 of the present document are used with EF_IMSI as defined in clause 4.5.8.4.

The UICC/USIM configuration defined for this test case is installed in the UE.

The USS transmits on the BCCH, with the following network parameters:

– Attach /detach: disabled

– LAI (MCC/MNC/LAC): 246/081/0001

– Access control: unrestricted

The UE runs an initial activation.

5.1.5.4.2 Procedure

Step	Direction	Action	Comment	REQ	SA
1	TT > UE	Send Paging Type 1 with IMSI 246081357x	The UE does not send an RRCConnectionRequest
2	TT > UE	Send Paging Type 1 with the IMSI stored in the USIM
3	UE > TT	Send RRCConnectionRequest
4	TT > UE	Send RRCConnectionSetup
5	UE > TT	Send RRCConnectionSetupComplete
6	UE > TT	Send PagingResponse		CR 1
7	TT > UE	Send AuthenticationRequest	The AuthenticationRequest is containing Key Set Identifier KSI (ciphering key sequence number) set to binary 010
8	UE > TT	Send AuthenticationResponse	The security procedure is completed on RRC
9	TT > UE	Send TMSI ReallocationCommand	TMSI reallocation command contains TMSI "32547698"
10	UE > TT	Send TMSI ReallocationComplete		CR 2
11	TT > UE	Send RRCConnectionRelease	The RRCConnectionRelease is sent within 5 s after reception of the TMSI ReallocationComplete
	UE	UPDATE EFLOCI		CR 3	A.2/1 OR A.2/2 OR A.2/3

5.1.5.5 Acceptance criteria

CR 1 is implicitly verified by analysing the IMSI value transferred by the UE in the PagingResponse. The conformance requirement CR 1 is met if the IMSI value stored on the USIM matches the IMSI value provided to the TT (USS) in step 4).

CR 2 is implicitly verified by executing the TMSI reallocation procedure. The conformance requirement CR 2 is met if the TMSI reallocation procedure can be completed successfully.

CR 3 is explicitly verified either by analysing EF_LOCI after call termination via File Content verification (A.2/3) or by analysing the UPDATE command used to update EF_LOCI (A.2/1 or A.2/2). CR 3 is met if the EF_LOCI value available on the USIM matches the EF_LOCI value of the last update initiated by the ME.

5.1.6 UE identification by short IMSI when accessing E-UTRAN/EPC

5.1.6.1 Definition and applicability

Paging for EPS services using IMSI is an abnormal procedure used for error recovery in the network. The IMSI is used for unique identification of the UE by an E-UTRAN/EPC if there is no GUTI available. The IMSI is stored in the USIM and read during the UICC-Terminal initialisation procedure.

5.1.6.2 Conformance requirement

CR 1 Only after reception of a Paging message containing the IMSI stored in the USIM the UE shall send the RRCConnectionRequest message.

Reference:

– TS 31.102 [19], clauses 5.1.1 and 5.2.2;

– TS 24.301 [21], clause 5.6.2.2.2 and 5.6.2.4.

CR 2 For NB-IoT, the Paging message shall include a CN domain indicator set to "PS". If the paging message includes a UE Paging Identity set to the UE’s IMSI, the paging procedure is performed according to clause 5.6.2.2.2 of [21].

Reference:

– TS 31.102 [19], clauses 5.1.1 and 5.2.2;

– TS 24.301 [21], clause 5.6.2.2.2 and 5.6.2.4.

CR 3 The ME correctly performs the READ BINARY command on EF_IMSI.

Reference:

– TS 31 101 [33], clause 11.1.3;

– ETSI TS 102 221 [8], clause 11.1.3 and 14.1.1.

5.1.6.3 Test purpose

The purpose of this test is to verify that:

1) the ME uses the IMSI stored in the USIM when attaching to the network;

2) the ME can handle an IMSI of less than the maximum length.

3) To verify that the READ EFIMSI command is performed correctly by the terminal.

4) To verify that the terminal does not respond to a paging message containing an IMSI not stored in the USIM.

5.1.6.4 Method of test

5.1.6.4.1 Initial conditions

The values of the E-UTRAN/EPC UICC as defined in clause 4.5.2 of the present document are used with EF_IMSI as defined in clause 4.5.8.2.

The UICC/USIM configuration defined for this test case is installed in the UE.

For Test Procedure A the E-USS transmits on the BCCH, with the following network parameters:

– TAI (MCC/MNC/TAC): 246/081/0001

– Access control: unrestricted

For Test Procedure B the NB-SS transmits on the BCCH, with the following network parameters:

– TAI (MCC/MNC/TAC): 246/081/0001

– Access control: unrestricted

The UE runs an initial activation.

5.1.6.4.2 Procedure

5.1.6.4.2.1 Test Procedure A

Step	Direction	Action	Comment	REQ	SA
1	UE > TT	Send AttachRequest
2	TT > UE	Send Paging with IMSI 24608122222	The UE does not send an RCConnectionRequest
	UE	READ EFIMSI		CR 3	A.2/1 OR A.2/2 OR A.2/4
3	TT > UE	Send Paging with the IMSI stored in the USIM
4	UE > TT	Send RRCConnectionRequest		CR 1
5	TT > UE	Send RRCConnectionSetup
6	UE > TT	SendRRCConnectionSetupComplete	The UE performs the EPS attach procedure
7	TT > UE	Send RRCConnectionRelease

5.1.6.4.2.2 Test Procedure B

Step	Direction	Action	Comment	REQ	SA
1	UE > TT	Send AttachRequest
2	TT > UE	Send Paging-NB with IMSI 24608122222	The UE does not send an RCConnectionRequest-NB
	UE	READ EFIMSI		CR 3	A.2/1 OR A.2/2 OR A.2/4
3	TT > UE	Send Paging-NB with the IMSI stored in the USIM
4	UE > TT	Send RRCConnectionRequest-NB		CR 2
5	TT > UE	Send RRCConnectionSetup-NB
6	UE > TT	Send RRCConnectionSetupComplete‑NB	The UE performs the EPS attach procedure
7	TT > UE	Send RRCConnectionRelease-NB

5.1.6.5 Acceptance criteria

5.1.6.5.1 Acceptance criteria for Test Procedure A

CR 1 is verified by analysing the IMSI value transferred by the UE in the RRCConnectionRequest. The conformance requirement CR 1 is met if the IMSI value stored on the USIM matches the IMSI value provided to the TT (USS).

5.1.6.5.2 Acceptance criteria for Test Procedure B

CR 2 is verified by analysing the IMSI value transferred by the UE in the RRCConnectionRequest-NB. The conformance requirement CR 2 is met if the IMSI value stored on the USIM matches the IMSI value provided to the TT (NB-SS).

5.1.6.4.3 Common acceptance criteria

CR 3 can be verified by a method capable to trace APDU command handling or running any other method to verify correct handling of the READ command used to read the contents of EF_IMSI. CR 3 is met if the READ command is executed as defined in [28], clause 14.1.1.

5.1.7 UE identification by short IMSI using a 2-digit MNC when accessing E-UTRAN/EPC

5.1.7.1 Definition and applicability

In some networks the IMSI identifying the E-UTRAN/EPC can consist of a 2-digit MNC. Paging for EPS services using IMSI is an abnormal procedure used for error recovery in the network. The IMSI is used for unique identification of the UE by an E-UTRAN/EPC if there is no GUTI available. The IMSI is stored in the USIM and read during the UICC-Terminal initialisation procedure.

5.1.7.2 Conformance requirement

CR 1 Only after reception of a Paging message containing the IMSI stored in the USIM the UE shall send the RRCConnectionRequest message.

Reference:

– TS 31.102 [19], clause 5.1.1 and 5.2.2;

– ETSI TS 102 221 [28], clause 14.1.1;

– TS 24.301 [21], clause 5.6.2.2.2 and 5.6.2.4.

CR 2 The ME correctly handles the an IMSI that contains a 2-digit MNC.

Reference:

– TS 23 003 [34], clause 2.2;

5.1.7.3 Test purpose

The purpose of this test is to verify that:

1) the ME uses the IMSI stored in the USIM when attaching to the network;

2) the ME is capable of handling an IMSI with a 2-digit MNC;

3) the EFIMSI is correctly read by the ME;

4) the ME does not respond to a Paging message containing an IMSI not stored in the USIM.

5.1.7.4 Method of test

5.1.7.4.1 Initial conditions

The values of the E-UTRAN/EPC UICC as defined in clause 4.5.2 of the present document are used with EF_IMSI as defined in clause 4.5.8.3, and the following exception:

EF_AD

Logically:

UE operation mode: normal operation

Additional information: ciphering indicator feature disabled

MNC: 2 digits

Coding:

Byte	B1	B2	B3	B4
Hex	00	00	00	02

The UICC/USIM configuration defined for this test case is installed in the UE.

For Test Procedure A the E-USS transmits on the BCCH, with the following network parameters:

– TAI (MCC/MNC/TAC): 246/81/0001

– Access control: unrestricted

For Test Procedure B the NB-SS transmits on the BCCH, with the following network parameters:

– TAI (MCC/MNC/TAC): 246/81/0001

– Access control: unrestricted

The UE runs an initial activation.

5.1.7.4.2 Procedure

5.1.7.4.2.1 Test Procedure A

Step	Direction	Action	Comment	REQ	SA
1	UE > TT	Send AttachRequest
2	TT > UE	Send Paging with IMSI 24608122222	The UE does not send an RCConnectionRequest
	UE	READ EFIMSI			O
3	TT > UE	Send Paging with the IMSI stored in the USIM
4	UE > TT	Send RRCConnectionRequest		CR 1 CR 2
5	TT > UE	Send RRCConnectionSetup
6	UE > TT	SendRRCConnectionSetupComplete	The UE performs the EPS attach procedure
7	TT > UE	Send RRCConnectionRelease

5.1.7.4.2.2 Test Procedure B

Step	Direction	Action	Comment	REQ	SA
1	UE > TT	Send AttachRequest
2	TT > UE	Send Paging-NB with IMSI 24608122222	The UE does not send an RCConnectionRequest-NB
	UE	READ EFIMSI			O
3	TT > UE	Send Paging-NB with the IMSI stored in the USIM
4	UE > TT	Send RRCConnectionRequest-NB		CR 1 CR 2
5	TT > UE	Send RRCConnectionSetup-NB
6	UE > TT	Send RRCConnectionSetupComplete‑NB	The UE performs the EPS attach procedure
7	TT > UE	Send RRCConnectionRelease-NB

5.1.7.4 Acceptance criteria

For Procedure A, CR 1 is verified by analysing the RRCConnectionRequest. The conformance requirement CR 1 is met if the IMSI value stored on the USIM matches the IMSI value provided to the TT (E-USS)

For Procedure B, CR 1 is verified by analysing the RRCConnectionRequest-NB. The conformance requirement CR 1 is met if the IMSI value stored on the USIM matches the IMSI value provided to the TT (NB-SS).

CR 2 can be implicitly verified by assuring that the RRCConnectionRequest/RRCConnectionRequest-NB sent from the UE contains the IMSI value stored on the USIM.

NOTE: An explicit verification of the READ command is done in test 5.1.6 and another verification is not required. Nevertheless, it is optional to explicitly verify the READ EF_IMSI command in step 2) using any of the test options A.2/1, A.2/2 or A.2/4.

5.1.8 UE identification after changed IMSI with service "EMM Information" not available

5.1.8.1 Definition and applicability

The attach procedure is used to attach for packet services in EPS. With a successful attach procedure, a context is established for the UE in the MME, and a default bearer is established between the UE and the PDN GW, thus enabling always-on IP connectivity to the UE. The network may also initiate the activation of dedicated bearers as part of the attach procedure. For NB-IoT terminals the establishment of the PDN connection is optional.

5.1.8.2 Conformance requirement

CR 1 The following EMM parameters shall be stored on the USIM if the corresponding file is present:

– GUTI;

– last visited registered TAI;

– EPS update status.

Reference:

– TS 31.102 [19], clause 5.1.1 and 5.2.2;

– TS 24.301 [21], clause 5.5.1.2.1, 5.5.1.2.2, 5.5.1.2.4 and Annex C.

CR 2 The UE includes the IMSI stored in the USIM during the attach procedure.

5.1.8.3 Test purpose

The purpose of this test is to verify that:

• the UE deletes existing EMM parameters from the UE’s non-volatile memory in case a different IMSI is activated;
• the UE includes the IMSI stored in the USIM during the attach procedure.

5.1.8.4 Method of test

5.1.8.4.1 Initial conditions

The values of the Default UICC as defined in clause 4.5.1 of the present document are used.

NOTE: In EF_UST of the Default UICC service n°85 (EPS Mobility Management Information) is not available.

The UICC/USIM configuration defined for this test case is installed in the UE.

The E-USS transmits on the BCCH, with the following network parameters:

– TAI (MCC/MNC/TAC): 246/081/0001

– Access control: unrestricted

The NB-SS transmits on the BCCH, with the following network parameters:

– TAI (MCC/MNC/TAC): 246/081/0001

– Access control: unrestricted

The UE runs an initial activation.

5.1.8.4.2 Procedure

5.1.8.4.2.1 Test Procedure A

Step	Direction	Action	Comment	REQ	SA
1	UE > TT	Send RRCConnectionRequest
2	TT > UE	Send RRCConnectionSetup
3	UE > TT	Send RRCConnectionSetupComplete
4	UE > TT	Send AttachRequest	The UE performs the EPS attach procedure
5	TT > UE	Send AttachAccept	The sent AttachAccept includes the following values: – GUTI: "24608100010266345678" – TAI (MCC/MNC/TAC): 246/081/0001
6	UE > TT	Send AttachComplete
7	TT > UE	Send RRCConnectionRelease
8	UE	Switch off
9	UE	Reconfigure UICC	The values of the Default UICC as defined in clause 4.5.1 of the present document are used with EFIMSI as defined in clause 4.5.8.6
10	UE	Switch on
11	UE > TT	Send RRCConnectionRequest
12	TT > UE	Send RRCConnectionSetup
13	UE > TT	Send RRCConnectionSetupComplete
14	UE > TT	Send AttachRequest	The UE sends an AttachRequest including the IMSI as generated in accordance to the definition in clause 4.5.8.6 but neither a GUTI nor the TAI	CR 1 CR 2

5.1.8.4.2.2 Test Procedure B

Step	Direction	Action	Comment	REQ	SA
1	UE > TT	Send RRCConnectionRequest-NB
2	TT > UE	Send RRCConnectionSetup-NB
3	UE > TT	Send RRCConnectionSetupComplete_NB
4	UE > TT	Send AttachRequest	The UE performs the EPS attach procedure
5	TT > UE	Send AttachAccept	The sent AttachAccept includes the following values: – GUTI: "24608100010266345678" – TAI (MCC/MNC/TAC): 246/081/0001
6	UE > TT	Send AttachComplete
7	TT > UE	Send RRCConnectionRelease-NB
8	UE	Switch off
9	UE	Reconfigure UICC	The values of the Default UICC as defined in clause 4.5.1 of the present document are used with EFIMSI as defined in clause 4.5.8.6
10	UE	Switch on
11	UE > TT	Send RRCConnectionRequest-NB
12	TT > UE	Send RRCConnectionSetup-NB
13	UE > TT	Send RRCConnectionSetupComplete‑NB
14	UE > TT	Send AttachRequest	The UE sends an AttachRequest including the IMSI as generated in accordance to the definition in clause 4.5.8.6 but neither a GUTI nor the TAI	CR 1 CR 2

5.1.8.5 Acceptance criteria

CR 1 and

CR 2 can be implicitly verified by assuring that the AttachRequest sent from the UE in step 14) contains the IMSI value provided during reconfiguration (step 9)).

NOTE: As service n°85 is not available, no EMM parameters shall be stored on the USIM. Further verification of CR 1 is not needed.

5.1.9 UE identification by GUTI when using USIM with service "EMM Information" not available

5.1.9.1 Definition and applicability

The attach procedure is used to attach for packet services in EPS. With a successful attach procedure, a context is established for the UE in the MME, and a default bearer is established between the UE and the PDN GW, thus enabling always-on IP connectivity to the UE. The network may also initiate the activation of dedicated bearers as part of the attach procedure. For NB-IoT terminals the establishment of the PDN connection is optional.

5.1.9.2 Conformance requirement

CR 1 The following EMM parameters shall be stored on the USIM if the corresponding file is present:

– GUTI;

– last visited registered TAI;

– EPS update status

NOTE: If the corresponding file is not present on the USIM, these EMM parameters except allowed CSG list are stored in a non-volatile memory in the ME together with the IMSI from the USIM. These EMM parameters can only be used if the IMSI from the USIM matches the IMSI stored in the non-volatile memory; else the UE shall delete the EMM parameters.

Reference:

– TS 31.102 [19], clause 5.1.1 and 5.2.2;

– TS 24.301 [21], clause 5.5.1.2.1, 5.5.1.2.2, 5.5.1.2.4 and Annex C.

CR 2 The UE uses the GUTI and the TAI from the UE’s non-volatile memory during the attach procedure if the IMSI stored in the UE’s non-volatile memory and the IMSI stored in the USIM are identical.

5.1.9.3 Test purpose

The purpose of this test is to verify that:

1) the UE stores the GUTI and the TAI in the UE’s non-volatile memory;

2) the UE includes the IMSI stored in the USIM during the attach procedure.

5.1.9.4 Method of test

5.1.9.4.1 Initial conditions

The values of the Default UICC as defined in clause 4.5.1 of the present document are used.

NOTE: In EF_UST of the Default UICC service n°85 (EPS Mobility Management Information) is not available.

The UICC/USIM configuration defined for this test case is installed in the UE.

The E-USS transmits on the BCCH, with the following network parameters:

– TAI (MCC/MNC/TAC): 246/081/0001

– Access control: unrestricted

The NB-SS transmits on the BCCH, with the following network parameters:

– TAI (MCC/MNC/TAC): 246/081/0001

– Access control: unrestricted

The UE runs an initial activation.

5.1.9.4.2 Procedure

5.1.9.4.2.1 Test Procedure A

Step	Direction	Action	Comment	REQ	SA
1	UE > TT	Send RRCConnectionRequest
2	TT > UE	Send RRCConnectionSetup
3	UE > TT	Send RRCConnectionSetupComplete
4	UE > TT	Send AttachRequest	The UE performs the EPS attach procedure
5	TT > UE	Send AttachAccept	The sent AttachAccept includes the following values: – GUTI: "24608100010266345678" – TAI (MCC/MNC/TAC): 246/081/0001
6	UE > TT	Send AttachComplete
7	TT > UE	Send RRCConnectionRelease
8	UE	Switch off
9	UE	Switch on
10	UE > TT	Send RRCConnectionRequest
11	TT > UE	Send RRCConnectionSetup
12	UE > TT	Send RRCConnectionSetupComplete
13	UE > TT	Send AttachRequest	The sent AttachAccept includes the following values: – GUTI: "24608100010266345678" – TAI (MCC/MNC/TAC): 246/081/0001	CR 1 CR 2

5.1.9.4.2.2 Test Procedure B

Step	Direction	Action	Comment	REQ	SA
1	UE > TT	Send RRCConnectionRequest-NB
2	TT > UE	Send RRCConnectionSetup-NB
3	UE > TT	Send RRCConnectionSetupComplete_NB
4	UE > TT	Send AttachRequest	The UE performs the EPS attach procedure
5	TT > UE	Send AttachAccept	The sent AttachAccept includes the following values: – GUTI: "24608100010266345678" – TAI (MCC/MNC/TAC): 246/081/0001
6	UE > TT	Send AttachComplete
7	TT > UE	Send RRCConnectionRelease-NB
8	UE	Switch off
9	UE	Switch on
10	UE > TT	Send RRCConnectionRequest-NB
11	TT > UE	Send RRCConnectionSetup-NB
12	UE > TT	Send RRCConnectionSetupComplete‑NB
13	UE > TT	Send AttachRequest	The sent AttachAccept includes the following values: – GUTI: "24608100010266345678" – TAI (MCC/MNC/TAC): 246/081/0001	CR 1 CR 2

5.1.9.5 Acceptance criteria

CR 1 and CR 2 can be implicitly verified by assuring that the AttachRequest sent from the UE in step 13) contains the GUTI and TAI values provided during the first attach procedure.

NOTE: As service n°85 is not available, no EMM parameters shall be stored on the USIM. Further verification of CR 1 is not needed.

5.1.10 UE identification by GUTI when using USIM with service "EMM Information" available

5.1.10.1 Definition and applicability

The attach procedure is used to attach for packet services in EPS. With a successful attach procedure, a context is established for the UE in the MME, and a default bearer is established between the UE and the PDN GW, thus enabling always-on IP connectivity to the UE. The network may also initiate the activation of dedicated bearers as part of the attach procedure. For NB-IoT terminals the establishment of the PDN connection is optional.

5.1.10.2 Conformance requirement

CR 1 The following EMM parameters shall be stored on the USIM if the corresponding file is present:

– GUTI;

– last visited registered TAI;

– EPS update status

NOTE: The presence and format of corresponding files on the USIM is specified in TS 31.102 [19].

Reference:

– TS 31.102 [19], clause 5.1.1 and 5.2.2;

– TS 24.301 [21], clause 5.5.1.2.1, 5.5.1.2.2, 5.5.1.2.4 and Annex C.

CR 2 The UE uses the GUTI and the TAI stored in EFEPSLOCI on the USIM during the attach procedure.

5.1.10.3 Test purpose

The purpose of this test is to verify that:

1) the UE stores the GUTI and the TAI in in EFEPSLOCI if service n°85 is available in EF_UST;

2) the UE uses GUTI and the TAI values stored in EFEPSLOCI during the attach procedure.

5.1.10.4 Method of test

5.1.10.4.1 Initial conditions

The values of the E-UTRAN/EPC UICC as defined in clause 4.5.2 of the present document are used with EF_EPSLOCI as defined in clause 4.5.8.10 and the following exception:

EF_EPSNSC (EPS NAS Security Context)

Logically:

Key Set Identifier KSIASME: ’07’ (no key available)

ASME Key (KSIASME): 32 byte key, any value

Uplink NAS count: ’00’

Downlink NAS count: ’01’

Identifiers of selected NAS integrity
and encryption algorithm: ’01’

Coding:

Byte	B1	B2	B3	B4	B5	B6	B7	B8	…	B39	B40
Hex	A0	34	80	01	07	81	20	xx	…	xx	82
	B41	B42	B43	B44	B45	B46	B47	B48	B49	B50	B51
	04	00	00	00	00	83	04	00	00	00	01
	B52	B53	B54
	84	01	01

The UICC/USIM configuration defined for this test case is installed in the UE.

The E-USS transmits on the BCCH, with the following network parameters:

– TAI (MCC/MNC/TAC): 246/081/0002

– Access control: unrestricted

The NB-SS transmits on the BCCH, with the following network parameters:

– TAI (MCC/MNC/TAC): 246/081/0002

– Access control: unrestricted

The UE runs an initial activation.

5.1.10.4.2 Procedure

5.1.10.4.2.1 Test Procedure A

Step	Direction	Action	Comment	REQ	SA
1	UE > TT	Send RRCConnectionRequest
2	TT > UE	Send RRCConnectionSetup
3	UE > TT	Send RRCConnectionSetupComplete
4	UE > TT	Send AttachRequest	The UE performs the EPS attach procedure, were the AttachRequest includes the values available from EFEPSLOCI as defined in clause 4.5.8.10	CR 2
5	TT > UE	Send AttachAccept	The sent AttachAccept includes the following values: – GUTI: "24608100010266436587" – TAI (MCC/MNC/TAC): 246/081/0002
6	UE > TT	Send AttachComplete
7	TT > UE	Send RRCConnectionRelease

5.1.10.4.2.2 Test Procedure B

Step	Direction	Action	Comment	REQ	SA
1	UE > TT	Send RRCConnectionRequest-NB
2	TT > UE	Send RRCConnectionSetup-NB
3	UE > TT	Send RRCConnectionSetupComplete_NB
4	UE > TT	Send AttachRequest	The UE performs the EPS attach procedure, were the AttachRequest includes the values available from EFEPSLOCI as defined in clause 4.5.8.10	CR 2
5	TT > UE	Send AttachAccept	The sent AttachAccept includes the following values: – GUTI: "24608100010266436587" – TAI (MCC/MNC/TAC): 246/081/0002
6	UE > TT	Send AttachComplete
7	TT > UE	Send RRCConnectionRelease-NB

5.1.10.4.2.3 Common final Test Procedure

Step	Direction	Action	Comment	REQ	SA
7 OR 7+x	UE	READ EFEPSLOCI	The TT is enabled to verify the contents of EFEPSLOCI either while executing step 7) or in an additional action that might be executed after ending the test	CR 1	A.2/1 OR A.2/2 OR A.2/3 OR A.2/4

5.1.10.5 Acceptance criteria

CR 2 can be implicitly verified by assuring that the AttachRequest sent from the UE in step 4) contains the GUTI and TAI values provided from the EF_EPSLOCI stored on the USIM during configuration.

CR 1 shall be explicitly verified using any of the methods identified in clause 3.7.2 of the present document. CR 1 is met if EF_EPSLOCI contains the following data:

EF_EPSLOCI

Logically:

GUTI: 24608100010266436587

Last visited registered TAI: 246/081/0002

EPS update status: updated

Coding:

Byte	B1	B2	B3	B4	B5	B6	B7	B8
Hex	0B	F6	42	16	80	00	01	02
	B9	B10	B11	B12	B13	B14	B15	B16
	66	34	56	78	42	16	80	00
	B17	B18
	02	00

5.2 Access Control handling

5.2.1 Access Control information handling

5.2.1.1 Definition and applicability

Access Control allows restriction of call access attempts. All user equipment (UE) are assigned to one out of ten randomly allocated classes, and optionally (for priority uses) also to one or more special categories.

An Access Class of the special Categories is only valid in the HPLMN or HPLMN country. Otherwise, the randomly allocated class is used.

The classes are programmed on the USIM. The network controls which classes at any time may be barred.

In addition, there is a separate mechanism for control of network access for emergency call attempts.

5.2.1.2 Conformance requirement

CR 1 The ME shall read the access control value as part of the USIM-Terminal initialisation procedure and subsequently adopt this value.

Reference:

– TS 31.102 [19], clause 5.1.1.

CR 2 If the UE is a member of at least one access class which corresponds to the permitted classes as signalled over the air interface, and the access class is applicable in the serving network, access attempts are allowed. Otherwise access attempts are not allowed.

CR 3 If access class 10 is barred, then the UE of classes 0 – 9 and the MEs with not accessible UICCs shall not make emergency call attempts.

CR 4 UE of classes 11 – 15 are not allowed to make emergency call attempts if access class 10 and the relevant access class(es) between 11 and 15 are barred. Otherwise, emergency call attempts are allowed irrespective of the conditions of access class 10.

All options are shown in figure 5-1 of TS 31.121 [2] and are referenced to the tests.

Reference:

– TS 22.011 [18], clauses 4.3 and 4.4

5.2.1.3 Test purpose

The purpose of this test is to verify that:

1) the ME reads the access control value as part of the USIM-Terminal initialisation procedure, and subsequently adopts this value;

2) the UE controls its network access in accordance with its access control class and the conditions imposed by the serving network.

The tests verify ME performance for the following:

Tests (a) and (b): UICC in the ME is not accessible.

Tests (c) to (e): UE with access class 0 to 9.

Test (f): UE with access class 11 and 15 not in HPLMN, and
UE with access class 12,13 and 14 not in HPLMN country.

Test (g) and (h): UE with access class 11 and 15 in HPLMN, and
UE with access class 12,13 and 14 in HPLMN country.

Each of the above are tested against all relevant combinations of access control and emergency call bits signalled by the network, as shown in table 5-1 of TS 31.121 [2].

5.2.1.4 Method of test

5.2.1.4.1 Initial conditions

The values of the Default UICC as defined in clause 4.5.1 of the present document are used with the exceptions given in TS 31.121 [2] clauses 5.2.1.4.1 and 5.2.1.4.2.

The UICC/USIM configuration defined for this test case is installed in the UE.

The USS transmits on the BCCH, with the following network parameters:

– Attach/detach: disabled,

– LAI (MCC/MNC/LAC): MCC, MNC: see table 5-1 of [2], LAC="0001",

– Access control: see table 5-1 of [2],

– RACH: see table 5-1 of [2].

The UE runs an initial activation with an IMSI and access control values as given in table 5-1 of [2].

NOTE: Depending on the initial value of the EFLOCI, the UE may perform a location update. This shall be accepted by the USS.

5.2.1.4.2 Coding details

The coding details defined in TS 31.121 [2] clause 5.2.1.4.2 apply.

5.2.1.4.3 Procedure

Execute the test procedure as defined in TS 31.121 [2] clause 5.2.1.4.3.

5.2.1.5 Acceptance criteria

CR 1 is met and implicitly verified after step a) if the ME has adopted the access control parameters as requested.

CR 2, CR 3 and CR 4 are met and verified after step b) if the ME accesses the network, or makes no access attempt, in accordance with the Test Result entries given in table 5-1 of [2].

NOTE 1: In tables 5-1a and 5-1b of [2] the following notation is used to describe the Access Class Barred IE:

"0" = not barred, "1" =barred.

NOTE 2: For conformance testing, to limit testing, in test (c), (d) and (e) it is only necessary that one of the access classes is tested. This access class may be chosen randomly.

5.2.2 Access Control information handling for E-UTRAN/EPC

5.2.2.1 Definition and applicability

Access Control allows restriction of EPS bearer context activation access attempts. All user equipment (UE) are assigned to one out of ten randomly allocated classes, and optionally (for priority uses) also to one or more special categories.

An Access Class of the special categories is only valid in the HPLMN or HPLMN country. Otherwise, the randomly allocated class is used.

The classes are programmed on the USIM. The network controls which classes at any time may be barred.

Emergency call handling is FFS.

5.2.2.2 Conformance requirement

CR 1 The ME shall read the access control value as part of the USIM-Terminal initialisation procedure and subsequently adopt this value.

Reference:

– TS 31.102 [19], clause 5.1.1.

CR 2 If the UE is a member of at least one access class which corresponds to the permitted classes as signalled over the air interface, and the access class is applicable in the serving network, access attempts are allowed. Otherwise access attempts are not allowed.

Reference:

– TS 22.011 [6], clauses 4.3 and 4.4,

– TS 24.301 [26], clause 5.5.1.2.6,

NOTE: All options are shown in figure 5-2 of [2] and are referenced to the tests.

5.2.2.3 Test purpose

The purpose of this test is to verify that:

1) the ME reads the access control value as part of the USIM-Terminal initialisation procedure, and subsequently adopts this value;

2) the UE controls its network access in accordance with its access control class and the conditions imposed by the serving network.

The tests verify ME performance for the following:

Tests (a) and (b): UE with access class 0 to 9,

Tests (c): UE with access class 11 and 15 not in HPLMN, and
UE with access class 12,13 and 14 not in HPLMN country;

Test (d) and (e): UE with access class 11 and 15 not in HPLMN, and
UE with access class 12,13 and 14 not in HPLMN country;

Test (g) and (h): UE with access class 11 and 15 in HPLMN, and
UE with access class 12,13 and 14 in HPLMN country.

Each of the above are tested against all relevant combinations of access control bits signalled by the network, as shown in table 5-2 of TS 31.121 [2].

5.2.2.4 Method of test

5.2.2.4.1 Initial conditions

The values of the Default UICC as defined in clause 4.5.1 of the present document are used with the exceptions given in TS 31.121 [2] clauses 5.2.2.4.1 and 5.2.2.4.2.

The UICC/USIM configuration defined for this test case is installed in the UE.

The E-USS transmits on the BCCH, with the following network parameters:

– TAI (MCC/MNC/TAC): MCC, MNC: see table 5-2 of [2], TAC="0001".

– Access control: see table 5-2 of [2].

Ensure that the UE is using the UICC/USIM configuration defined for this test case with an IMSI and access control values as given in table 5-2 of [2] and runs an initial activation.

NOTE: Depending on the initial value of the EF_EPSLOCI, the UE may perform a location update. This shall be accepted by the E-USS.

5.2.2.4.2 Coding details

The coding details defined in TS 31.121 [2] clause 5.2.2.4.2 apply.

5.2.2.4.3 Procedure

Execute the test procedure as defined in TS 31.121 [2] clause 5.2.2.4.3.

5.2.2.5 Acceptance criteria

CR 1 is implicitly verified after step a) if the ME has adopted the access control parameters as requested.

CR 2 is verified after step b) if the ME accesses the network, or makes no access attempt, in accordance with the Test Result entries given in table 5-2 of [2].

NOTE 1: barred = yes, in these sub-sequences, the UE shall not establish a connection
barred = no, the UE shall establish a connection.

NOTE 2: For conformance testing, to limit testing, in test (a), (b) and (c) it is only necessary that one of the access classes is tested. This access class may be chosen randomly.

5.2.3 Access Control information handling for NB-IoT

5.2.3.1 Definition and applicability

Access Control allows restriction RRC connection establishment attempts. All user equipment (UE) are assigned to one out of ten randomly allocated classes, and optionally (for priority uses) also to one or more special categories.

An Access Class of the special categories is only valid in the HPLMN or HPLMN country. Otherwise, the randomly allocated class is used.

The classes are programmed on the USIM. The network controls which classes at any time may be barred.

5.2.3.2 Conformance requirement

CR 1 The ME shall read the access control value as part of the USIM-Terminal initialisation procedure and subsequently adopt this value.

Reference:

– TS 31.102 [19], clause 5.1.1.

CR 2 If the UE is a member of at least one access class which corresponds to the permitted classes as signalled over the air interface, and the access class is applicable in the serving network, access attempts are allowed. Otherwise access attempts are not allowed.

Reference:

– TS 22.011 [6], clauses 4.3 and 4.4,

– TS 24.301 [26], clause 5.5.1.2.6,

5.2.3.3 Test purpose

The purpose of this test is to verify that:

1) the ME reads the access control value as part of the USIM-Terminal initialisation procedure, and subsequently adopts this value;

2) the UE controls its network access in accordance with its access control class and the conditions imposed by the serving network.

The tests verify ME performance for the following:

Tests (a) and (b): UE with access class 0 to 9,

Tests (c): UE with access class 11 and 15 not in HPLMN, and
UE with access class 12,13 and 14 not in HPLMN country;

Test (d) and (e): UE with access class 11 and 15 not in HPLMN, and
UE with access class 12,13 and 14 not in HPLMN country.

Each of the above are tested against all relevant combinations of access control bits signalled by the network, as shown in table 5-3 of TS 31.121 [2].

5.2.3.4 Method of test

5.2.3.4.1 Initial conditions

The values of the Default UICC as defined in clause 4.5.1 of the present document are used with the exceptions given in TS 31.121 [2] clauses 5.2.3.4.1 and 5.2.3.4.2.

The UICC/USIM configuration defined for this test case is installed in the UE.

The E-USS transmits on the BCCH, with the following network parameters:

– TAI (MCC/MNC/TAC): MCC, MNC: see table 5-3 of [2], TAC="0001".

– Access control: see table 5-3 of [2].

Ensure that the UE is using the UICC/USIM configuration defined for this test case with an IMSI and access control values as given in table 5-3 of [2] and runs an initial activation.

NOTE: Depending on the initial value of the EF_EPSLOCI, the UE may perform a location update. This shall be accepted by the NB-SS.

5.2.3.4.2 Coding details

The coding details defined in TS 31.121 [2] clause 5.2.3.4.2 apply.

5.2.3.4.3 Procedure

Execute the test procedure as defined in TS 31.121 [2] clause 5.2.3.4.3.

5.2.3.5 Acceptance criteria

CR 1 is implicitly verified after step a) if the ME has adopted the access control parameters as requested.

CR 2 is verified after step a) if the ME accesses the network, or makes no access attempt, in accordance with the Test Result entries given in table 5-3 of [2].

NOTE 1: barred = yes, in these sub-sequences, the UE shall not establish a connection
barred = no, the UE shall establish a connection.

NOTE 2: For conformance testing, to limit testing, in test (a), (b) and (c) it is only necessary that one of the access classes is tested. This access class may be chosen randomly.

5.3 Handling subscription identifier privacy for 5G

5.3.1 SUCI calculation by ME using null scheme

5.3.1.1 Definition and applicability

If the operator’s decision is that ME shall calculate the SUCI, the home network operator shall provision a list of the Protection Scheme Identifiers in the USIM that the operator allows. The list of Protection Scheme Identifiers in the USIM may contain one or more Protection Scheme Identifiers in the order of their priority. The ME shall read the SUCI calculation information from the USIM, including the SUPI, the Home Network Public Key, the Home Network Public Key Identifier, and the list of Protection Scheme Identifiers. The ME shall select the protection scheme from its supported schemes that has the highest priority in the list obtained from the USIM.

The ME shall calculate the SUCI using the null-scheme if the highest priority of the protection schemes listed in the USIM is the null-scheme.

5.3.1.2 Conformance requirement

CR 1 The SUCI calculation procedure shall be performed by the ME if Service n°124 is "available" and Service n°125 is not "available" in EF_UST.

Reference:

– TS 31.102 [19], clauses 4.4.11.8 and 4.4.11.11

CR 2 The ME shall read the SUCI calculation information from the USIM, including the SUPI, the Home Network Public Key, the Home Network, Public Key Identifier, and the list of Protection Scheme Identifiers.

Reference:

– TS 31.102 [19], clauses 4.4.11.8 and 4.4.11.11 and clauses 5.3.47 and 5.3.51.

CR 3 The ME shall calculate the SUCI including the SUCI calculation information procedure and the routing indicator procedure, using the null-scheme if highest priority of the protection schemes listed in the USIM is the null-scheme.

Reference:

– TS 31.102 [19], clauses 5.3.47 and 5.3.51;

– TS 33.501 [24], clause Annex C.

CR 4 The UE shall successfully authenticate and perform an initial registration on the network.

Reference:

– TS 24.501 [25], clause 5.5.1.2.4.

5.3.1.3 Test purpose

The purpose of this test is to verify that:

1) the ME correctly reads EF_{SUCI_Calc_Info}, EF_{Routing_indicator} and EF_IMSI from the USIM,

2) the SUCI calculation procedure is performed by the ME if Service n°124 is "available" and Service n°125 is "not available" in EF_UST,

3) the ME selects the protection scheme that has the highest priority from the list obtained by the USIM,

4) the ME is calculating the SUCI using the null-scheme*,

5) the UE successfully registers to the network.

NOTE: In the used configuration the null-scheme is the protection scheme with the highest priority listed in the USIM.

5.3.1.4 Method of test

5.3.1.4.1 Initial conditions

The values of the 5G-NR UICC as defined in clause 4.5.7 of the present document are used with EF_IMSI as defined in clause 4.5.8.5, EF_{Routing_Indicator} as defined in clause 4.5.8.7, and the following exception:

EF_{SUCI_Calc_Info}

Logically:

Protection Scheme Identifier List data object:

Protection Scheme Identifier 1 – null-scheme

Key Index 1: 0

Protection Scheme Identifier 2 – ECIES scheme profile B

Key Index 2: 1

Protection Scheme Identifier 3 – ECIES scheme profile A

Key Index 3: 2

Home Network Public Key List data object:

Home Network Public Key 1 Identifier: 27

Home Network Public Key 1:

04 72 DA 71 97 62 34 CE 83 3A 69 07 42 58 67 B8 2E 07 4D 44 EF 90 7D FB 4B 3E 21 C1 C2 25 6E

BC D1 5A 7D ED 52 FC BB 09 7A 4E D2 50 E0 36 C7 B9 C8 C7 00 4C 4E ED C4 F0 68 CD 7B F8 D3

F9 00 E3 B4

Home Network Public Key 2 Identifier: 30

Home Network Public Key 2:

5A 8D 38 86 48 20 19 7C 33 94 B9 26 13 B2 0B 91 63 3C BD 89 71 19 27 3B F8 E4 A6 F4 EE C0 A6

50

Coding:

Byte	B1	B2	B3	B4	B5	B6	B7	B8
Hex	A0	06	00	00	02	01	01	02
	B9	B10	B11	B12	B13	B14	B15	B16
	A1	6B	80	01	1B	81	41	04
	B17	B18	B19	B20	B21	B22	B23	B24
	72	DA	71	97	62	34	CE	83
	B25	B26	B27	B28	B29	B30	B31	B32
	3A	69	07	42	58	67	B8	2E
	B33	B34	B35	B36	B37	B38	B39	B40
	07	4D	44	EF	90	7D	FB	4B
	B41	B42	B43	B44	B45	B46	B47	B48
	3E	21	C1	C2	25	6E	BC	D1
	B49	B50	B51	B52	B53	B54	B55	B56
	5A	7D	ED	52	FC	BB	09	7A
	B57	B58	B59	B60	B61	B62	B63	B64
	4E	D2	50	E0	36	C7	B9	C8
	B65	B66	B67	B68	B69	B70	B71	B72
	C7	00	4C	4E	ED	C4	F0	68
	B73	B74	B75	B76	B77	B78	B79	B80
	CD	7B	F8	D3	F9	00	E3	B4
	B81	B82	B83	B84	B85	B86	B87	B88
	80	01	1E	81	20	5A	8D	38
	B89	B90	B91	B92	B93	B94	B95	B96
	86	48	20	19	7C	33	94	B9
	B97	B98	B99	B100	B101	B102	B103	B104
	26	13	B2	0B	91	63	3C	BD
	B105	B106	B107	B108	B109	B110	B111	B112
	89	71	19	27	3B	F8	E4	A6
	B113	B114	B115	B116	B117
	F4	EE	C0	A6	50

The UICC/USIM configuration defined for this test case is installed in the UE.

The NG-SS transmits on the BCCH, with the following network parameters:

– TAI (MCC/MNC/TAC): 244/083/000001

– Access control: unrestricted.

Ensure that the UE is using the UICC/USIM configuration defined for this test case and runs an initial activation.

5.3.1.4.2 Procedure

Step	Direction	Action	Comment	REQ	SA
1	UE	READ EFIMSI READ EFSUCI_Calc_Info READ EFRouting_indicator		CR 2	A.2/1 OR A.2/2 OR A.2/4
		READ EFUST	(Evaluation of service settings)	CR 1	O
		Perform SUCI calculation	The ME performs a SUCI calculation using null scheme	CR 3
2	UE > TT	Send RegistrationRequest	The UE sends a RegistrationRequest with 5GS registration type IE as "initial registration" and 5GS mobile identity information element type "SUCI"
3	TT > UE	Send RegistrationAccept	The TT sends a RegistrationAccept with 5G-GUTI
4	UE > TT	Send RegistrationComplete		CR 4

5.3.1.5 Acceptance criteria

Actions required to fulfil CR 1 and CR 3 are executed in step 1). The implicitly verification of these requirements is done in step 2). The conformance requirements are met if the 5GS mobile identity IE in the REGISTRATION REQUEST performed in step 2) includes the following values:

– SUPI format: 0

– Home Network Identifier: 246/081

– Routing Indicator: 1y

– Protection Scheme Identifier: 00

– Home Network Public Key Identifier: 0

– Scheme output: 35793579x

CR 2 can be verified by a method explicitly verifying the correct execution of the READ commands on the listed EFs (A.2/1, A.2/2 or A.2/4). CR 2 is met if the READ procedure on EF_{SUCI_Calc_Info}, EF_{Routing_indicator} and EF_IMSI has been executed as defined in [28], clause 14.1.1.

CR 4 is met if the UE sends REGISTRATION COMPLETE message to the NG-SS in step 4).

NOTE: It is optional to explicitly verify CR 1 in step 1) using any of the test options A.2/1 or A.2/2, checking the service options set in EFUST.

5.3.2 SUCI calculation by ME using Profile B

5.3.2.1 Definition and applicability

If the operator’s decision is that ME shall calculate the SUCI, the home network operator shall provision a list of the Protection Scheme Identifiers that the operator allows in the USIM. The list of Protection Scheme Identifiers in the USIM may contain one or more Protection Scheme Identifiers in order of their priority. The ME shall read the SUCI calculation information from the USIM, including the SUPI, the Home Network Public Key, the Home Network Public Key Identifier, and the list of Protection Scheme Identifiers. The ME shall select the protection scheme from its supported schemes that has the highest priority in the list obtained from the USIM.

5.3.2.2 Conformance requirement

CR 1 SUCI calculation procedure shall be performed by the ME if Service n°124 is "available" and Service n°125 is not "available" in EF_UST

Reference:

– TS 31.102 [19], clause 4.4.11.8

CR 2 As part of the SUCI calculation performed by the ME, the ME performs the reading procedure with EF_{SUCI_Calc_Info}.

Reference:

– TS 31.102 [19], clause 4.4.11.8 and 5.3.47

CR 3 The ME shall calculate the SUCI using the ECIES scheme profile B if highest priority of the protection schemes listed in the USIM is the ECIES scheme profile B.

Reference:

– TS 31.102 [19], clause 4.4.11.8

– TS 33.501 [24], Annex C, clause C.3 and C.4

– TS 24.501 [25], clause 9.11.3

CR 4 The UE shall successfully authenticate and perform an initial registration on the network.

Reference:

– TS 24.501 [25], clause 5.5.1.2.4.

5.3.2.3 Test purpose

The purpose of this test is to verify that:

1. the ME reads the SUCI calculation information from the USIM, including the SUPI, the Home Network Public Key, the Home Network Public Key Identifier, and the list of Protection Scheme Identifiers,

2) the ME selects the protection scheme from its supported schemes that has the highest priority in the list obtained from the USIM (i.e. ECIES scheme profile B and the home network public key),

3) the UE successfully registers to the network.

NOTE: In the used configuration profile B is the protection scheme with the highest priority listed in the USIM.

5.3.2.4 Method of test

5.3.2.4.1 Initial conditions

The values of the default 5G-NR UICC defined in clause 4.5.7 of the present document are used with EF_IMSI as defined in clause 4.5.8.5, EF_{Routing_Indicator} as defined in clause 4.5.8.7.

The UICC/USIM configuration defined for this test case is installed in the UE.

The NG-SS transmits on the BCCH, with the following network parameters:

– TAI (MCC/MNC/TAC): 244/083/000001.

– Access control: unrestricted.

The NG-SS shall be configured with Home Network Private Key as following:

Coding:

Byte	B1	B2	B3	B4	B5	B6	B7	B8
Hex	F1	AB	10	74	47	7E	BC	C7
	B9	B10	B11	B12	B13	B14	B15	B16
	5F	54	EA	1C	5F	C3	68	B1
	B17	B18	B19	B20	B21	B22	B23	B24
	61	67	30	15	5E	00	41	AC
	B25	B26	B27	B28	B29	B30	B31	B32
	44	7D	63	01	97	5F	EC	DA

The UE is prepared to runs an initial activation within step 1).

5.3.2.4.2 Procedure

Step	Direction	Action	Comment	REQ	SA
1	UE	READ EFSUCI_Calc_Info READ EFUST	(Evaluation of service settings)	CR 2 CR 1	O
		Perform SUCI calculation	The ME performs a SUCI calculation using Profile B	CR 3
2	UE > TT	Send RegistrationRequest	The UE sends a RegistrationRequest with 5GS registration type IE as "initial registration" and 5GS mobile identity information element type "SUCI"
3	TT > UE	Send RegistrationAccept	The TT sends a RegistrationAccept with a new 5G-GUTI
4	UE > TT	Send RegistrationComplete		CR 4

5.3.2.5 Acceptance criteria

Actions required to fulfil CR 1, CR 2 and CR 3 are executed in step 1). The implicitly verification of these requirements is done in step 2). The conformance requirements are met if the 5GS mobile identity IE in the REGISTRATION REQUEST performed in step 2) includes the following values:

– SUPI format: 0

– Home Network Identifier: 246/081

– Routing Indicator: 1y

– Protection Scheme Identifier: 02

– Home Network Public Key Identifier: 27

– Scheme output: ECC ephemeral public key, encryption of 35793579x and
MAC tag value

CR 4 is met if the UE sends RegistrationComplete message to the NG-SS in step 4).

NOTE: It is optional to explicitly verify CR 1 and CR 2 in step 1) using any of the test options A.2/1 or A.2/2, checking the READ commands on EFSUCI_Calc__Info (CR 2) and evaluating the service options settings in EF_UST (CR 1).

5.3.3 UE identification by SUCI during initial registration – SUCI calculation by USIM using profile B

RFU – agreed method to verify the GET IDENTITY command needed.

5.3.4 UE identification by SUCI in response to IDENTITY REQUEST message

5.3.4.1 Definition and applicability

The identification procedure is specified to request a particular UE to provide specific identification parameters, e.g. the SUCI or the IMEI. The SUCI is a privacy preserving identifier containing the concealed SUPI and IMEI is a format of PEI.

The network initiates the identification procedure by sending an IdentityRequest message to the UE and starting timer T3570. The IdentityRequest message specifies the requested identification parameters in the Identity type information element and the UE shall be ready to respond to an IdentityRequest message at any time whilst in 5GMM‑CONNECTED mode.

5.3.4.2 Conformance requirement

CR 1 A UE shall be ready to respond to an IdentityRequest message at any time whilst in 5GMM‑CONNECTED mode.

CR 2 Upon receipt of the IdentityRequest message, if the Identity type IE in the IdentityRequest message is set to "SUCI", the UE shall:

– if timer T3519 is not running, generate a fresh SUCI as specified in TS 33.501 [41], send an IdentityResponse message with the SUCI, start timer T3519 and store the value of the SUCI sent in the IdentityResponse message; and

– if timer T3519 is running, send an IdentityResponse message with the stored SUCI.

CR 3 If the RegistrationAccept message contained a 5G-GUTI, the UE shall return a RegistrationComplete message to the AMF to acknowledge the received 5G-GUTI, stop timer T3519 if running, and delete any stored SUCI.

Reference:

– TS 31.102 [19], clauses 5.3.47 and 5.3.51;

– TS 33.501 [24], clause Annex C.

CR 4 The ME shall correctly read EF_{SUCI_Calc_Info}, EF_{Routing_indicator} and EF_IMSI from the USIM.

Reference:

– TS 31.102 [19], clause 4.4.11.8 and 5.3.47

– TS 24.501 [25], clause 5.5.1.2.4.

5.3.4.3 Test purpose

The purpose of this test is to verify that:

1. the ME correctly performs the READ commands for EF_{SUCI_Calc_Info}, EF_{Routing_indicator} and EF_IMSI from the USIM,
2. upon reception of the IdentityRequest message with Identity type IE set to "SUCI", the UE will:

– if timer T3519 is not running, generate a fresh SUCI, send an IdentityResponse message with the SUCI, start timer T3519 and store the value of the SUCI sent in the IdentityResponse message; and

– if timer T3519 is running, send an IdentityResponse message with the stored SUCI

1. upon reception of the RegistrationAccept message containing a 5G-GUTI UE deletes the stored SUCI and stops timer T3519 if running.

5.3.4.4 Method of test

5.3.4.4.1 Initial conditions

The values of the default 5G-NR UICC defined in clause 4.5.7 of the present document are used with EF_IMSI as defined in clause 4.5.8.5, EF_{Routing_Indicator} as defined in clause 4.5.8.7 and the following exception:

EF_5GS3GPPLOCI (5GS 3GPP location information)

Logically:

5G-GUTI: 244083 00010266436587

TAI: 244 083 000001

5GS update status: 5U2 NOT UPDATED

Coding:

Byte	B1	B2	B3	B4	B5	B6	B7	B8
Hex	00	0B	F2	42	34	80	00	01
	B9	B10	B11	B12	B13	B14	B15	B16
	02	66	43	65	87	42	34	80
	B17	B18	B19	B20
	00	00	01	01

The UICC/USIM configuration defined for this test case is installed in the UE.

The NG-SS transmits on the BCCH, with the following network parameters:

Cell A:

– TAI (MCC/MNC/TAC): 244/083/000001

– Access control: unrestricted.

Cell B:

– TAI (MCC/MNC/TAC): 244/084/000001

– Access control: unrestricted.

The Cell A on the NG-SS is activated and transmits on the BCCH.

The UE is prepared to runs an initial activation within step 1).

5.3.4.4.2 Procedure

Step	Direction	Action	Comment	REQ	SA
1	UE	READ EFIMSI READ EFSUCI_Calc_Info READ EFRouting_indicator		CR 4	A.2/1 OR A.2/2 OR A.2/4
2	UE > TT	Send RegistrationRequest	The UE sends a RegistrationRequest to Cell A with 5GS registration type IE as "initial registration" and 5GS mobile identity information element type "5G‑GUTI"
	UE	Start timer T3519
3	TT > UE	Send IdentityRequest	The TT sends an IdentityRequest indicating that the Identity type information element is "SUCI"
	TT	Start timer T3570
4	UE > TT	Send IdentityResponse	The UE sends an IdentityResponse message with a fresh generated SUCI	CR 1 CR 2
	UE	Start timer T3519
	UE	Store SUCI	Store the SUCI sent in the IdentityResponse
5	TT > UE	Send IdentityRequest	The TT ignores the IdentityResponse sent by the UE and re-sends the IdentityRequest indicating that the Identity type information element is "SUCI" before the expiry of T3519
6	UE > TT	Send IdentityResponse	The UE sends an IdentityResponse message with the stored SUCI	CR 1 CR 2
7	TT > UE	Send RegistrationAccept	The TT sends a RegistrationAccept message with a 5G‑GUTI
	TT	Stop timer T3570 (if running)
8	UE > TT	Send RegistrationComplete		CR 3
	UE	Stop timer T3510 (if running) Stop timer T3519 Delete the stored SUCI
9	TT	Deactivate Cell A on BCCH
		Activate Cell B on BCCH
10	UE > TT	Send RegistrationRequest	The UE sends a RegistrationRequest to Cell B with 5GS registration type IE as "mobility registration updating" or as "initial registration" and 5GS mobile identity information element type "5G‑GUTI"
	UE	Start timer T3510
11	TT > UE	Send IdentityRequest	The TT sends an IdentityRequest indicating that the Identity type information element is "SUCI"
	TT	Start timer T3570
12	UE > TT	Send IdentityResponse	The UE sends an IdentityResponse message with a fresh generated SUCI	CR 1 CR 2
	UE	Start timer T3519 Store SUCI	Store the SUCI sent in the IdentityResponse
13	TT > UE	Send RegistrationAccept	The TT sends a RegistrationAccept message with a 5G‑GUTI
	TT	Stop timer T3570 (if running)
14	UE > TT	Send RegistrationComplete		CR 3
	UE	Stop timer T3510 (if running) Stop timer T3519 Delete the stored SUCI

5.3.4.5 Acceptance criteria

CR 1 and CR 2 are implicitly verified in step 4), step 6) and step 12). The conformance requirements are met if the UE sends an IdentityResponse message with:

• a fresh generated SUCI if timer T3519 is not running;
• the stored SUCI if timer T3519 is running.

CR 3 is implicitly verified in step 8) and step 14). The conformance requirement is met if the UE sent a RegistrationComplete message after receiving the 5G-GUTI.

CR 4

can be verified in step 1) by a method explicitly verifying the correct execution of the READ commands on the listed EFs (A.2/1, A.2/2 or A.2/4).

CR 2 is met if the READ procedure on EF_{SUCI_Calc_Info}, EF_{Routing_indicator} and EF_IMSI has been executed as defined in [28], clause 14.1.1.

5.3.5 UE identification by SUCI in response to IDENTITY REQUEST message with T3519 timer expiry

5.3.5.1 Definition and applicability

The identification procedure is specified to request a particular UE to provide specific identification parameters, e.g. the SUCI or the IMEI. The SUCI is a privacy preserving identifier containing the concealed SUPI and IMEI is a format of PEI.

The network initiates the identification procedure by sending an IdentityRequest message to the UE and starting timer T3570. The IdentityRequest message specifies the requested identification parameters in the Identity type information element and the UE shall be ready to respond to an IdentityRequest message at any time whilst in 5GMM‑CONNECTED mode.

5.3.5.2 Conformance requirement

CR 1 A UE shall be ready to respond to an IdentityRequest message at any time whilst in 5GMM‑CONNECTED mode.

CR 2 Upon receipt of the IdentityRequest message, if the Identity type IE in the IdentityRequest message is set to "SUCI", the UE shall:

– if timer T3519 is not running, generate a fresh SUCI as specified in TS 33.501 [41], send an IdentityResponse message with the SUCI, start timer T3519 and store the value of the SUCI sent in the IdentityResponse message; and

– if timer T3519 is running, send an IdentityResponse message with the stored SUCI.

CR 3 If the RegistrationAccept message contained a 5G-GUTI, the UE shall return a RegistrationComplete message to the AMF to acknowledge the received 5G-GUTI, stop timer T3519 if running, and delete any stored SUCI.

Reference:

– TS 31.102 [19], clauses 5.3.47 and 5.3.51;

– TS 33.501 [24], clause Annex C.

CR 4 On expiry of timer T3519 (60s) the UE shall delete the stored SUCI

Reference:

– TS 24.501 [25], Table 10.2.1.

CR 5 During initial registration the UE handles the 5GS mobile identity IE in the following order as defined in TS 24.501 [25] clause 5.5.1.2.2:

a) a valid 5G-GUTI assigned by the same PLMN;

b) a valid 5G-GUTI assigned by an equivalent PLMN;

c) a valid 5G-GUTI assigned by any other PLMN;

d) a SUCI is available in the UE.

5.3.5.3 Test purpose

The purpose of this test is to verify that:

1. the ME correctly performs the READ commands for EF_{SUCI_Calc_Info}, EF_{Routing_indicator} and EF_IMSI from the USIM,
2. upon reception of the IdentityRequest message with Identity type IE set to "SUCI", the UE will:

– if timer T3519 is not running, generate a fresh SUCI, send an IdentityResponse message with the SUCI, start timer T3519 and store the value of the SUCI sent in the IdentityResponse message; and

– if timer T3519 is running, send an IdentityResponse message with the stored SUCI,

1. upon expiry of T3519 UE deletes the stored SUCI,
2. the UE handles the 5GS mobile identity IE in the correct order during initial registration and use 5G-GUTI as identity when it has both, a valid 5G-GUTI and the SUCI.

5.3.5.4 Method of test

5.3.5.4.1 Initial conditions

The values of the default 5G-NR UICC defined in clause 4.5.7 of the present document are used with EF_IMSI as defined in clause 4.5.8.5, EF_{Routing_Indicator} as defined in clause 4.5.8.7 and the following exception:

EF_5GS3GPPLOCI (5GS 3GPP location information)

Logically:

5G-GUTI: 24408300010266436587

TAI: 244/083/000001

5GS update status: 5U2 NOT UPDATED

Coding:

Byte	B1	B2	B3	B4	B5	B6	B7	B8
Hex	00	0B	F2	42	34	80	00	01
	B9	B10	B11	B12	B13	B14	B15	B16
	02	66	43	65	87	42	34	80
	B17	B18	B19	B20
	00	00	01	01

The UICC/USIM configuration defined for this test case is installed in the UE.

The NG-SS transmits on the BCCH, with the following network parameters:

Cell A:

– TAI (MCC/MNC/TAC): 244/083/000001

– CellIdentity: "000000001"

– Access control: unrestricted.

Cell B :

– TAI (MCC/MNC/TAC): 244/084/000001

– CellIdentity: "000000002"

– Access control: unrestricted.

The Cell A on the NG-SS is activated and transmits on the BCCH.

The UE is prepared to runs an initial activation within step 1).

5.3.5.4.2 Procedure

Step	Direction	Action	Comment	REQ	SA
1	UE > TT	Send RegistrationRequest	The UE sends a RegistrationRequest to Cell A with 5GS registration type IE as "initial registration" and 5GS mobile identity information element type "5G‑GUTI"	CR 5
	UE	Start timer T3510
2	TT > UE	Send IdentityRequest	The TT sends an IdentityRequest indicating that the Identity type information element is "SUCI"	CR 1 CR 2
3	UE > TT	Send IdentityResponse	The UE sends an IdentityResponse message with a fresh generated SUCI
	UE	Start timer T3519 Store SUCI	Store the SUCI sent in the IdentityResponse
4	TT	Deactivate Cell A on BCCH	Execute before the expiry of timer T3519 and the UE stops timer T3510
		Activate Cell B on BCCH
5	UE > TT	Send RegistrationRequest	While timer T3519 is running the UE sends a RegistrationRequest to Cell B with 5GS registration type IE as "initial registration" and 5GS mobile identity information element type "5G‑GUTI"	CR 5
	UE	Start timer T3510
6	TT > UE	Send IdentityRequest	The TT sends an IdentityRequest indicating that the Identity type information element is "SUCI"
7	UE > TT	Send IdentityResponse	The UE sends an IdentityResponse message with the stored SUCI
8	TT	Deactivate Cell B on BCCH	Execute after 70 sec (after timer T3519 expires) and the UE stops timer T3510
		Activate Cell A on BCCH
9	UE > TT	Send RegistrationRequest	The UE sends a RegistrationRequest to Cell A with 5GS registration type IE as "initial registration" and 5GS mobile identity information element type "5G‑GUTI"	CR 5
	UE	Start timer T3510
10	TT > UE	Send IdentityRequest	The TT sends an IdentityRequest indicating that the Identity type information element is "SUCI"
11	UE > TT	Send IdentityResponse	The UE sends an IdentityResponse message with the freshly generated SUCI	CR 1 CR 2
	UE	Start timer T3519 Store SUCI	Store the SUCI sent in the IdentityResponse
12	TT > UE	Send RegistrationAccept	The TT sends a RegistrationAccept message with a 5G‑GUTI
13	UE > TT	Send RegistrationComplete		CR 3 CR 4
	UE	Stop timer T3510 Stop timer T3519 (if running) Delete the stored SUCI

5.3.5.5 Acceptance criteria

CR 1 and CR 2 are implicitly verified in step 2) and step 11). The conformance requirements are met if the UE sends an IdentityResponse message with:

• a fresh generated SUCI if timer T3519 is not running;
• the stored SUCI if timer T3519 is running.

CR 3 is implicitly verified in step 13). The conformance requirement is met if the UE sent a RegistrationComplete message after receiving the 5G-GUTI.

CR 4 is verified in step 13). The conformance requirement is met if no SUCI is stored on the UE.

CR 5 is implicitly verified in step 1), step 5) and step 9). The conformance requirement is met if the expected 5GS mobile identity IE is sent in the RegistrationRequest during initial registration.

5.3.6 UE identification by SUCI in response to IDENTITY REQUEST message and AUTHENTICATION REJECT

TBD for the first release of the present document.

5.3.7 SUCI calculation by the ME using null scheme – missing parameters for subscription identifier privacy support by the USIM

RFU – agreed method to verify the READ command on EF_UST, EF_IMSI, EF_Routing_Indicator and EF_SUCI_calc_Info needed.

5.3.8 UE identification by 5G-GUTI – Last Registered TAI stored on USIM

RFU – agreed method to verify multiple READ commands on EF_IMSI and EF_5GS3GPPLOCI needed.

5.3.9 UE identification by 5G-GUTI – Last Registered TAI stored by ME

RFU – agreed method to verify READ command on EF_IMSI.

5.3.10 UE identification after SUPI is changed

RFU – agreed method to verify READ command on EF_IMSI.

5.3.11 SUCI calculation by ME using Profile A

RFU – agreed method to verify the READ command on EF_UST, EF_IMSI, EF_Routing_Indicator and EF_SUCI_calc_Info needed.

5.3.12 UE identification by SUCI during initial registration – SUCI calculation by USIM using profile A

TBD for the first releasee of this document – random values shall be used. No other modification needed to align with the present document.

5.3.13 SUCI calculation by ME using null scheme– no Protection Scheme Identifier provisioned in the USIM

TBD for the first release of this document – random values shall be used. No other modification needed to align with the present document.

5.3.14 SUCI calculation by ME using null scheme – no Home Network Public Key for supported protection scheme provisioned in the USIM

RFU – agreed method to verify the READ command on EF_UST, EF_IMSI, EF_Routing_Indicator and EF_SUCI_calc_Info needed.

5.3.15 SUCI calculation by ME using null scheme with the E-UTRAN/EPC UICC

RFU – agreed method to verify READ command on EF_IMSI.

5.3.16 SUCI calculation by ME using the lower priority protection scheme when the higher priority protection scheme is not supported by the ME

RFU – agreed method to verify the READ command on EF_UST, EF_IMSI, EF_Routing_Indicator and EF_SUCI_calc_Info needed.

5.3.17 SUCI calculation by ME using Profile B with compressed Home Network Public Key

RFU – agreed method to verify the READ command on EF_UST, EF_IMSI, EF_Routing_Indicator and EF_SUCI_calc_Info needed.

5.4 Unified Access Control information handling for 5G-NR

5.4.1 Unified Access Control – Access identity 0, no access identities indicated by USIM

5.4.1.1 Definition and applicability

The purpose of Unified Access Control procedure is to perform access barring check for a 5GS access attempt associated with a given Access Category and one or more Access Identities upon request from upper layers or the RRC layer.

The 5G network shall be able to broadcast barring control information (i.e. a list of barring parameters associated with an Access Identity and an Access Category) in SIB1.

If no Access Identities are configured in EF_{UAC_AIC} and in EF_ACC, Access Identity 0 is applicable. The UE shall read EF_{UAC_AIC} and EF_ACC as part of USIM Initialization procedure.

The UE shall be able to determine whether or not a particular new access attempt is allowed based on barring parameters that the UE receives from the broadcast barring control information and the configuration in the USIM.

When the NAS detects an access event, the NAS shall perform the mapping of the kind of request to one or more access identities and one access category and lower layers will perform access barring checks for that request based on the determined access identities and access category.

5.4.1.2 Conformance requirement

CR 1 The ME shall read the access control value as part of the USIM-ME initialization procedure, and subsequently adopt this value.

Reference:

– 3GPP TS 31.102 [19], clause 5.1.1.2.

CR 2 Access Identities are configured at the UE as listed in TS 22.261 [36] Table 6.22.2.2-1. Access Categories are defined by the combination of conditions related to UE and the type of access attempt as listed in TS 22.261 [36] Table 6.22.2.3-1. One or more Access Identities and only one Access Category are selected and tested for an access attempt.

Reference:

– 3GPP TS 22.261 [36], clause 6.22.2.

CR 3 The UE shall be able to determine whether or not a particular new access attempt is allowed based on uac‑BarringInfo broadcast in SIB1. Access Control check shall be performed as per the information received in uac‑BarringInfoSetList.

Reference:

– 3GPP TS 38.331 [37], clause 5.3.14.

5.4.1.3 Test purpose

The purpose of this test is to verify that:

1) the ME reads the access control value from EF_UAC-AIC and EF_ACC as part of the USIM-ME initialisation procedure, and subsequently adopts this value.

2) the UE maps the kind of request to one or more access identities and one access category and lower layers performs access barring checks for that request based on the determined access identities and access category.

5.4.1.4 Method of test

5.4.1.4.1 Initial conditions

The values of the 5G-NR UICC as defined in clause 4.5.7 of the present document are used with EF_IMSI as defined in clause 4.5.8.5 and the following exceptions:

EF_{UAC_AIC} and EF_ACC

No Access Identities configured in EF_{UAC_AIC} and no Access Classes configured in EF_ACC as shown in table 5.4.1-1.

EF_UST (USIM Service Table)

Logically:

Settings from clause 4.5.7 (5G-NR UICC) of the present document apply with the following changes:

Service n°126

UAC Access Identities support

available

Coding:

Byte:	B1	B2	B3	B4	B5	B6	B7	B8
Binary:	xxxx xx1x	xxxx xxxx	xxxx 1×00	xxxx x1xx	xxxx xx11	xxx1 xx1x	xxxx xxxx	xxxx xxxx
	B9	B10	B11	…	B16
	xxxx xxxx	xxxx xxxx	xx11 xxxx	…	xx10 111x

The UICC/USIM configuration defined for this test case is installed in the UE.

The NG-SS is configured to transmit the following parameters on Cell A and B:

Cell A:

Transmits on the BCCH, with the following network parameters:

– TAI (MCC/MNC/TAC): MCC, MNC: see table 5.4.1-1, TAC="000001".

– CellIdentity: "000000001"

For the table 5.4.1-1:

uac-BarringInfo in SIB1 should be set as in the table:

– Refer to Annex A for the Methods UAC_BarringInfo_xxxxxx() in the table.

If present in the RegistrationAccept, the 5GS network feature support IE indicates Access identities 1 and 2 are not valid.

Ensure that the UE is using the UICC/USIM configuration defined for this test case.

5.4.1.4.2 Procedure

Procedure/steps to be repeated for all sequences listed in table 5.4.1-1:

Step	Direction	Action		Comment	REQ	SA
1	TT	SIB1 of Cell A is transmitted as defined in the initial conditions for tests from table 5.4.1-1		Barring info is set as in table 5.4.1-1 See Annex A for the Methods UAC_BarringInfo_xxxxxx() in the table
2	UE	Switch UE on		The UE performs a SIM initialisation. (includes reading of EFUAC-AIC and EFACC)	CR 1	A.2/1 OR A.2/2 OR A.2/4
If cell access is not allowed:
3	UE > TT	RegistrationRequest in not sent		See column ‘Registration successful?’ for the result	CR 2 CR 3
4	Tester	End test sequence
If cell access is allowed:
3	UE > TT	Send RegistrationRequest		See column ‘Registration successful?’ for the result	CR 2 CR 3
4	TT > UE	Send RegistrationAccept		For simplicity other signalling is not shown
If MO Data call is not allowed:
5	UE		Attempt to set up MO Data call	To set up the MO Data call the MMI or EMMI is used	CR 2 CR 3
6	Tester		End test sequence
If MO Data call is allowed:
5	UE > TT		Set up MO Data call (PDU SessionEstablishment)	To set up the MO Data call the MMI or EMMI is used	CR 2 CR 3
6	Tester		End test sequence

5.4.1.5 Acceptance criteria

For the scenarios in table 5.4.1-1:

CR 1 is explicitly verified at step 2) by analysing the file READ commands for EF_UAC-AIC and EF_ACC during the USIM‑ME initialisation procedure.

CR 2 and CR 3 are verified

• at steps 3) and 5) by analysing if the UE shall make a successful or not successful Registration to the network in accordance with the result indicated in the table and
• at steps 4) and 5) by analysing if the UE shall make a successful or not successful MO Data call in accordance with the result indicated in the table if the step is applicable.

Table 5.4.1-1

TC Seq#	Access Category	USIM		SIB1 on Cell A		REGISTRATION ACCEPT (5GS network feature support IE)		Result
		EFUAC_AIC	EFACC (Byte 1 b8-b4)	uac-BarringInfo	PLMN-Identity (MCC/MNC)	MPS indicator Bit	MCS indicator Bit	Registration successful?	MO Data call successful?
1.1	7	0x00 00 00 00	00000	Not Present	246 / 081	0	0	Yes	Yes
1.2	3	0x00 00 00 00	00000	UAC_BarringInfo_Common( 3,0×0000000’B)	246 / 081	0	0	No	N/A
1.3	3	0x00 00 00 00	00000	UAC_BarringInfo_PerPLMN( 3,0×0000000’B)	246 / 081	0	0	No	N/A
1.4	3	0x00 00 00 00	00000	UAC_BarringInfo_PerPLMN( 3,0×1000000’B)	246 / 081	0	0	No	N/A
1.5	7	0x00 00 00 00	00000	UAC_BarringInfo_Common( 7,0×0000000’B)	246 / 081	0	0	Yes	No
1.6	7	0x00 00 00 00	00000	UAC_BarringInfo_PerPLMN( 7,0×0000000’B)	246 / 081	0	0	Yes	No
1.7	3	0x00 00 00 00	00000	UAC_BarringInfo_Common2( 7,0×1000000’B, 3,0×0000000’B)	244 / 081	0	0	No	N/A

5.4.1A Unified Access Control – Access identity 0, no access identities indicated by USIM, Access Category 8

5.4.1A.1 Definition and applicability

The purpose of Unified Access Control procedure is to perform access barring check for a 5GS access attempt associated with a given Access Category and one or more Access Identities upon request from upper layers or the RRC layer.

The 5G network shall be able to broadcast barring control information (i.e. a list of barring parameters associated with an Access Identity and an Access Category) in SIB1.

If no Access Identities are configured in EF_{UAC_AIC} and in EF_ACC, Access Identity 0 is applicable. The UE shall read EF_{UAC_AIC} and EF_ACC as part of USIM Initialization procedure.

The UE shall be able to determine whether or not a particular new access attempt is allowed based on barring parameters that the UE receives from the broadcast barring control information and the configuration in the USIM.

When the NAS detects an access event, the NAS shall perform the mapping of the kind of request to one or more access identities and one access category and lower layers will perform access barring checks for that request based on the determined access identities and access category.

If RRC state is RRC_INACTIVE and the resumption of the RRC connection is triggered due to an RNA Update, RRC layer shall select Access Category as ‘8’ and perform unified access control procedure in case there is no ongoing emergency service.

5.4.1A.2 Conformance requirement

CR 1 The ME shall read the access control value as part of the USIM-ME initialization procedure, and subsequently adopt this value.

Reference:

– 3GPP TS 31.102 [19], clause 5.1.1.2.

CR 2 Access Identities are configured at the UE as listed in TS 22.261 [36] Table 6.22.2.2-1. Access Categories are defined by the combination of conditions related to UE and the type of access attempt as listed in TS 22.261 [36] Table 6.22.2.3-1. One or more Access Identities and only one Access Category are selected and tested for an access attempt.

Reference:

– 3GPP TS 22.261 [36], clause 6.22.2.

CR 3 The UE shall be able to determine whether or not a particular new access attempt is allowed based on uac‑BarringInfo broadcast in SIB1. Access Control check shall be performed as per the information received in uac‑BarringInfoSetList.

Reference:

– 3GPP TS 38.331 [37], clause 5.3.14.

CR 4 If the resumption of the RRC connection is triggered due to an RNA update and there is no ongoing emergency service RRC shall select ‘8’ as the Access Category and perform the unified access control procedure.

Reference:

– 3GPP 38.331 [37], clause 5.3.13.2.

5.4.1A.3 Test purpose

The purpose of this test is to verify that:

1) the ME reads the access control value from EF_UAC-AIC and EF_ACC as part of the USIM-ME initialisation procedure, and subsequently adopts this value.

2) the UE maps the kind of request to one or more access identities and one access category and lower layers performs access barring checks for that request based on the determined access identities and access category.

3) the UE performs unified access control procedure if RNA Update procedure is triggered.

5.4.1A.4 Method of test

5.4.1A.4.1 Initial conditions

The values of the 5G-NR UICC as defined in clause 4.5.7 of the present document are used with EF_IMSI as defined in clause 4.5.8.5 and the following exceptions:

EF_{UAC_AIC} and EF_ACC

No Access Identities configured in EF_{UAC_AIC} and no Access Classes configured in EF_ACC as shown in table 5.4.1A-2.

EF_UST (USIM Service Table)

Logically:

Settings from clause 4.5.7 (5G-NR UICC) of the present document apply with the following changes:

Service n°126

UAC Access Identities support

available

Coding:

Byte:	B1	B2	B3	B4	B5	B6	B7	B8
Binary:	xxxx xx1x	xxxx xxxx	xxxx 1×00	xxxx x1xx	xxxx xx11	xxx1 xx1x	xxxx xxxx	xxxx xxxx
	B9	B10	B11	…	B16
	xxxx xxxx	xxxx xxxx	xx11 xxxx	…	xx10 111x

The UICC/USIM configuration defined for this test case is installed in the UE.

The NG-SS is configured to transmit the following parameters on Cell A and B:

Cell A:

Transmits on the BCCH, with the following network parameters:

– TAI (MCC/MNC/TAC): MCC, MNC: see table 5.4.1A-2, TAC="000001".

– CellIdentity: "000000001"

For the table 5.4.1A-2:

No uac-BarringInfo in SIB1.

If present in the RegistrationAccept, the 5GS network feature support IE indicates Access identities 1 and 2 are not valid.

Cell B:

Transmits on the BCCH, with the following network parameters:

– TAI (MCC/MNC/TAC): MCC, MNC: see table 5.4.1A-2, TAC="000001".

– CellIdentity: "000000002"

For the table 5.4.1A-2:

uac-BarringInfo in SIB1 should be set as in the table:

– Refer to Annex A for the Methods UAC_BarringInfo_xxxxxx() in the table.

If present in the RegistrationAccept, the 5GS network feature support IE indicates Access identities 1 and 2 are not valid.

Ensure that the UE is using the UICC/USIM configuration defined for this test case.

5.4.1A.4.2 Procedure

Procedure/steps to be repeated for all sequences listed in table 5.4.1A-2:

Step	Direction	Action	Comment	REQ	SA
1	TT	SIB1 of Cell A is transmitted as defined in the initial conditions for tests from table 5.4.1A-2	No barring info is provided to Cell A
2	UE	Switch UE on	The UE performs a SIM initialisation (includes reading of EFUAC-AIC and EFACC)	CR 1	A.2/1 OR A.2/2 OR A.2/4
3	UE > TT	Send RegistrationRequest
4	TT > UE	Send RegistrationAccept	The registration is successful
5	UE > TT	Set up MO Data call (PDU SessionEstablishment)	To set up the MO Data call the MMI or EMMI is used. The MO Data call is set up successfully
6	TT > UE	Send RRCRelease with suspendConfig in criticalExtensions (with the choice rrcRelease)	ran-NotificationAreaInfo in suspendConfig contains the cellList with cellIdentity of Cell A: cellList { plmn-Identity {mcc, mnc}, — see table 5.4.1A-2 for MCC/MNC ran-AreaCells 000000001’B }
7	TT	Deactivate Cell A and activate Cell B
8	TT	SIB1 of Cell B is transmitted as defined in table 5.4.1A-2	Barring info is as in the table. See Annex A for the Methods UAC_BarringInfo_xxxxxx() in the table
9	UE > TT	Initiate RRCResumeRequest procedure with resumeCause set to rna-Update.	See the column ‘RRCResumeRequest with resumeCause set to rna-Update successful?’ for the result	CR 2 CR 3 CR 4

5.4.1A.5 Acceptance criteria

For the scenarios in table 5.4.1A-2:

CR 1 is explicitly verified at step 2) by analysing the file READ commands for EF_UAC-AIC and EF_ACC during the USIM-Terminal initialisation procedure.

CR 2, CR 3, and CR 4 are verified

– at steps 9) and 10) by analysing if the UE shall make a successful or not successful RRC Resumption for RNA Update in accordance with the result indicated in the table.

Table 5.4.1A-2

TC Seq#	Access Category	USIM		SIB1 on Cell A		REGISTRATION ACCEPT (5GS network feature support IE)		Result
		EFUAC_AIC	EFACC (Byte 1 b8-b4)	uac-BarringInfo	PLMN-Identity (MCC/MNC)	MPS indicator Bit	MCS indicator Bit	RRCResumeRequest with resumeCause set to rna-Update successful?
2.1	8	0x00 00 00 00	00000	Not Present	246 / 081	0	0	Yes
2.2	8	0x00 00 00 00	00000	UAC_BarringInfo_Common( 8,0×0000000’B)	246 / 081	0	0	No
2.3	8	0x00 00 00 00	00000	UAC_BarringInfo_PerPLMN( 8,0×0000000’B)	246 / 081	0	0	No
2.4	8	0x00 00 00 00	00000	UAC_BarringInfo_Common2( 7,0×1000000’B, 8,0×0000000’B)	244 / 081	0	0	No

5.4.2 Unified Access Control – Access Identity 1 – MPS indicated by USIM

5.4.2.1 Definition and applicability

The purpose of Unified Access Control procedure is to perform access barring check for a 5GS access attempt associated with a given Access Category and one or more Access Identities upon request from upper layers or the RRC layer.

The 5G network shall be able to broadcast barring control information (i.e. a list of barring parameters associated with an Access Identity and an Access Category) in SIB1.

The EF_UAC-AIC in the USIM contains the configuration information pertaining to access identity 1 allocated for high priority services MPS.

The UE shall be able to determine whether or not a particular new access attempt is allowed based on barring parameters that the UE receives from the broadcast barring control information and the configuration in the USIM.

When the NAS detects an access event, the NAS shall perform the mapping of the kind of request to one or more access identities and one access category and lower layers will perform access barring checks for that request based on the determined access identities and access category.

5.4.2.2 Conformance requirement

CR 1 The ME shall read the access control value as part of the USIM-ME initialization procedure, and subsequently adopt this value.

Reference:

– 3GPP TS 31.102 [19], clause 5.1.1.2.

CR 2 Access Identities are configured at the UE as listed in TS 22.261 [36] Table 6.22.2.2-1. Access Categories are defined by the combination of conditions related to UE and the type of access attempt as listed in TS 22.261 [36] Table 6.22.2.3-1. One or more Access Identities and only one Access Category are selected and tested for an access attempt.

Reference:

– 3GPP TS 22.261 [36], clause 6.22.2

CR 3 Access Identity 1 is valid if the RPLMN is the HPLMN, EHPLMN or visited PLMN of the home country.

Reference:

– 3GPP TS 24.501 [25], clause 4.5.2

CR 4 The UE shall be able to determine whether or not a particular new access attempt is allowed based on uac‑BarringInfo broadcast in SIB1. Access Control check shall be performed as per the information received in uac‑BarringInfoSetList.

Reference:

– 3GPP TS 38.331 [37], clauses 5.3.14

5.4.2.3 Test purpose

The purpose of this test is to verify that:

1) the ME reads the access control value from EF_UAC-AIC and EF_ACC as part of the USIM-ME initialisation procedure, and subsequently adopts this value.

2) the UE maps the kind of request to one or more access identities and one access category and lower layers performs access barring checks for that request based on the determined access identities and access category.

3) the UE determines whether or not a particular access attempt is allowed based on uac-BarringInfo broadcast in SIB1 and if the RPLMN is the HPLMN, EHPLMN or visited PLMN of the home country.

5.4.2.4 Method of test

5.4.2.4.1 Initial conditions

The values of the 5G-NR UICC as defined in clause 4.5.7 of the present document are used with EF_IMSI as defined in clause 4.5.8.5 and the following exceptions:

EF_{UAC_AIC} and EF_ACC

No Access Identities configured in EF_{UAC_AIC} and no Access Classes configured in EF_ACC as also shown in table 5.4.2-1.

EF_UST (USIM Service Table)

Logically:

Settings from clause 4.5.7 (5G-NR UICC) of the present document apply with the following changes:

Service n°126

UAC Access Identities support

available

Coding:

Byte:	B1	B2	B3	B4	B5	B6	B7	B8
Binary:	xxxx xx1x	xxxx xxxx	xxxx 1×00	xxxx x1xx	xxxx xx11	xxx1 xx1x	xxxx xxxx	xxxx xxxx
	B9	B10	B11	…	B16
	xxxx xxxx	xxxx xxxx	xx11 xxxx	…	xx10 111x

The defined UICC/USIM data is installed on the UE.

The NG-SS is configured to transmit the following parameters on Cell A and B:

Cell A:

Transmits on the BCCH, with the following network parameters:

– TAI (MCC/MNC/TAC): MCC, MNC: see table 5.4.2-1, TAC="000001".

– CellIdentity: "000000001"

For the table 5.4.2-1:

uac-BarringInfo in SIB1 should be set as in the table:

– Refer to Annex A for the Methods UAC_BarringInfo_xxxxxx() in the table.

Ensure that the UE is using the UICC/USIM configuration defined for this test case.

5.4.2.4.2 Procedure

Procedure/steps to be repeated for all sequences listed in table 5.4.2-1:

Step	Direction	Action	Comment	REQ	SA
1	TT	SIB1 of Cell A is transmitted as defined in the initial conditions for tests from table 5.4.2-1	Barring info is set as in table 5.4.2-1 See Annex A for the Methods UAC_BarringInfo_xxxxxx() in the table
2	UE	Switch UE on	The UE performs a SIM initialisation. (includes reading of EFUAC-AIC and EFACC)	CR 1	A.2/1 OR A.2/2 OR A.2/4
If cell access is not allowed:
3	UE > TT	RegistrationRequest is not send	See column ‘Registration successful?’ for the result	CR 2 CR 3 CR 4
4	Tester	End test sequence
If cell access is allowed:
3	UE > TT	Send RegistrationRequest	See column ‘Registration successful?’ for the result	CR 2 CR 3 CR 4
4	TT > UE	Send RegistrationAccept	For simplicity other signalling is not shown
If MO Data call is not allowed:
5	UE	Attempt to set up MO Data call	To set up the MO Data call the MMI or EMMI is used	CR 2 CR 3 CR 4
6	Tester	End test sequence
If MO Data call is allowed:
5	UE > TT	Set up MO Data call (PDU SessionEstablishment)	To set up the MO Data call the MMI or EMMI is used	CR 2 CR 3 CR 4
6	Tester	End test sequence

5.4.2.5 Acceptance criteria

For the scenarios in table 5.4.2-1:

CR 1 is explicitly verified at step 2) by analysing the file READ commands for EF_UAC-AIC and EF_ACC during the USIM-ME initialisation procedure.

CR 2, CR 3, and CR 4 are verified

• at step 3) by analysing if the UE shall make a successful or not successful registration to the network in accordance with the result indicated in the table and
• at step 5) by analysing if the UE shall make a successful or not successful MO Data call in accordance with the result indicated in the table if the step is applicable.

5.4.2.4.4 Tables related to the test case

Table 5.4.2-1

TC Seq#	Access Category	USIM		SIB1 on Cell A		REGISTRATION ACCEPT (5GS network feature support IE)		Result
		EFUAC_AIC	EFACC (Byte 1 b8-b4)	uac-BarringInfo	PLMN-Identity (MCC/MNC)	MPS indicator Bit	MCS indicator Bit	Registration successful?	MO Data call successful?
1.1	7	0x01 00 00 00	00000	Not Present	246 / 081	0	0	Yes	Yes
1.2	3	0x01 00 00 00	00000	UAC_BarringInfo_Common( 3,0×1000000’B)	246 / 081	0	0	No	NA
1.3	3	0x01 00 00 00	00000	UAC_BarringInfo_PerPLMN( 3,0×1000000’B)	246 / 081	0	0	No	NA
1.4	3	0x01 00 00 00	00000	UAC_BarringInfo_Common( 3,0×1000000’B)	246 / 082	0	0	No	NA
1.5	3	0x01 00 00 00	00000	UAC_BarringInfo_Common( 3,0×0100000’B)	246 / 081	0	0	Yes	Yes
1.6	3	0x03 00 00 00	00000	UAC_BarringInfo_Common( 3,0×0100000’B)	246 / 081	0	0	Yes	Yes
1.7	7	0x01 00 00 00	00000	UAC_BarringInfo_Common( 7,0×0000000’B)	246 / 081	0	0	Yes	Yes
1.8	3	0x01 00 00 00	00000	UAC_BarringInfo_Common( 3,0×0000000’B)	244 / 081	0	0	No	NA
1.9	7	0x01 00 00 00	00000	UAC_BarringInfo_Common( 7,0×1000000’B)	246 / 081	0	0	Yes	No
1.10	7	0x01 00 00 00	00000	UAC_BarringInfo_PerPLMN( 7,0×1000000’B)	246 / 081	0	0	Yes	No
1.11	7	0x01 00 00 00	00000	UAC_BarringInfo_Common( 7,0×1000000’B)	246 / 082	0	0	Yes	No
1.12	7	0x01 00 00 00	00000	UAC_BarringInfo_Common( 7,0×0000000’B)	244 / 081	0	0	Yes	No
1.13	7	0x01 00 00 00	00000	UAC_BarringInfo_Common( 7,0×01000000’B)	244 / 081	1	0	Yes	Yes
1.14	7	0x02 00 00 00	00000	UAC_BarringInfo_Common( 7,0×01000000’B)	244 / 081	1	0	Yes	Yes
1.15	7	0x01 00 00 00	00000	UAC_BarringInfo_Common2( 3,0×0100000’B, 7,0×1000000’B)	246 / 081	0	0	Yes	No
1.16	3	0x01 00 00 00	00000	UAC_BarringInfo_Common2( 7,0×1000000’B, 3,0×0000000’B)	244 / 081	0	0	No	NA
2.5	8	0x01 00 00 00	00000	UAC_BarringInfo_Common2 ( 7,0×1000000’B, 8,0×0000000’B)	244 / 081	0	0	No
2.6	8	0x01 00 00 00	00000	UAC_BarringInfo_Common( 8,0×0000000’B)	246 / 081	0	0	Yes

5.4.2A Unified Access Control – Access Identity 1 – MPS indicated by USIM, Access Category 8

5.4.2A.1 Definition and applicability

The purpose of Unified Access Control procedure is to perform access barring check for a 5GS access attempt associated with a given Access Category and one or more Access Identities upon request from upper layers or the RRC layer.

The 5G network shall be able to broadcast barring control information (i.e. a list of barring parameters associated with an Access Identity and an Access Category) in SIB1.

The EF_UAC-AIC in the USIM contains the configuration information pertaining to access identity 1 allocated for high priority services MPS.

The UE shall be able to determine whether or not a particular new access attempt is allowed based on barring parameters that the UE receives from the broadcast barring control information and the configuration in the USIM.

When the NAS detects an access event, the NAS shall perform the mapping of the kind of request to one or more access identities and one access category and lower layers will perform access barring checks for that request based on the determined access identities and access category.

If RRC state is RRC_INACTIVE and the resumption of the RRC connection is triggered due to an RNA Update RRC layer shall select Access Category as ‘8’ and perform unified access control procedure in case there is no ongoing emergency service.

5.4.2A.2 Conformance requirement

CR 1 The ME shall read the access control value as part of the USIM-ME initialization procedure, and subsequently adopt this value.

Reference:

– 3GPP TS 31.102 [19], clause 5.1.1.2.

CR 2 Access Identities are configured at the UE as listed in TS 22.261 [36] Table 6.22.2.2-1. Access Categories are defined by the combination of conditions related to UE and the type of access attempt as listed in TS 22.261 [36] Table 6.22.2.3-1. One or more Access Identities and only one Access Category are selected and tested for an access attempt.

Reference:

– 3GPP TS 22.261 [36], clause 6.22.2

CR 3 Access Identity 1 is valid if the RPLMN is the HPLMN, EHPLMN or visited PLMN of the home country.

Reference:

– 3GPP TS 24.501 [25], clause 4.5.2

CR 4 The UE shall be able to determine whether or not a particular new access attempt is allowed based on uac‑BarringInfo broadcast in SIB1. Access Control check shall be performed as per the information received in uac‑BarringInfoSetList.

Reference:

– 3GPP TS 38.331 [37], clauses 5.3.14

CR 5 If the resumption of the RRC connection is triggered due to an RNA update and there is no ongoing emergency service RRC shall select ‘8’ as the Access Category and perform the unified access control procedure.

Reference:

– 3GPP TS 38.331 [37], clauses 5.3.13.2

5.4.2A.3 Test purpose

The purpose of this test is to verify that:

1) the ME reads the access control value from EF_UAC-AIC and EF_ACC as part of the USIM-ME initialisation procedure, and subsequently adopts this value.

2) the UE maps the kind of request to one or more access identities and one access category and lower layers performs access barring checks for that request based on the determined access identities and access category.

3) the UE determines whether or not a particular access attempt is allowed based on uac-BarringInfo broadcast in SIB1 and if the RPLMN is the HPLMN, EHPLMN or visited PLMN of the home country.

4) the UE performs unified access control procedure if RNA Update procedure is triggered.

5.4.2A.4 Method of test

5.4.2A.4.1 Initial conditions

The values of the 5G-NR UICC as defined in clause 4.5.7 of the present document are used with EF_IMSI as defined in clause 4.5.8.5 and the following exceptions:

EF_{UAC_AIC} and EF_ACC

No Access Identities configured in EF_{UAC_AIC} and no Access Classes configured in EF_ACC as also shown in table 5.4.2A-2.

EF_UST (USIM Service Table)

Logically:

Settings from clause 4.5.7 (5G-NR UICC) of the present document apply with the following changes:

Service n°126

UAC Access Identities support

available

Coding:

Byte:	B1	B2	B3	B4	B5	B6	B7	B8
Binary:	xxxx xx1x	xxxx xxxx	xxxx 1×00	xxxx x1xx	xxxx xx11	xxx1 xx1x	xxxx xxxx	xxxx xxxx
	B9	B10	B11	…	B16
	xxxx xxxx	xxxx xxxx	xx11 xxxx	…	xx10 111x

The defined UICC/USIM data is installed on the UE.

The NG-SS is configured to transmit the following parameters on Cell A and B:

Cell A:

Transmits on the BCCH, with the following network parameters:

– TAI (MCC/MNC/TAC): MCC, MNC: see table 5.4.2A-2, TAC="000001".

– CellIdentity: "000000001"

For the table 5.4.2A-2:

No uac-BarringInfo in SIB1.

Cell B:

Transmits on the BCCH, with the following network parameters:

– TAI (MCC/MNC/TAC): MCC, MNC: see table 5.4.2A-2, TAC="000001".

– CellIdentity: "000000002"

For the table 5.4.2A-2:

uac-BarringInfo in SIB1 should be set as in the table:

– Refer to Annex A for the Methods UAC_BarringInfo_xxxxxx() in the table.

Ensure that the UE is using the UICC/USIM configuration defined for this test case.

5.4.2A.4.2 Procedure

Procedure/steps to be repeated for all sequences listed in table 5.4.2A-2:

Step	Direction	Action	Comment	REQ	SA
1	TT	SIB1 of Cell A is transmitted as defined in the initial conditions and in table 5.4.2-2	No barring info is provided to Cell A
2	UE	Switch UE on	The UE performs a SIM initialisation	CR 1	A.2/1 OR A.2/2 OR A.2/4
3	UE > TT	Send RegistrationRequest
4	TT > UE	Send RegistrationAccept	The registration is successful
5	UE > TT	Set up MO Data call (PDU SessionEstablishment)	To set up the MO Data call the MMI or EMMI is used. The MO Data call is set up successfully
6	TT > UE	Send RRCRelease with suspendConfig in criticalExtensions (with the choice rrcRelease)	ran-NotificationAreaInfo in suspendConfig contains the cellList with cellIdentity of Cell A: cellList { plmn-Identity {mcc, mnc}, — see table 5.4.2A-2 for MCC/MNC ran-AreaCells 000000001’B }
7	TT	Deactivate Cell A and activate Cell B
8	TT	SIB1 of Cell B is transmitted as defined in table 5.4.2A-2	Barring info is as in the table. See Annex A for the Methods UAC_BarringInfo_xxxxxx() in the table
9	UE > TT	Initiate RRCResumeRequest procedure with resumeCause set to rna-Update.	See the column ‘RRCResumeRequest with resumeCause set to rna-Update successful?’ for the result	CR 2 CR 3 CR 4 CR 5

5.4.2A.5 Acceptance criteria

For the scenarios in table 5.4.2A-2:

CR 1 is explicitly verified at step 2) by analysing the file READ commands for EF_UAC-AIC and EF_ACC during the USIM-Terminal initialisation procedure.

CR 2, CR 3, CR 4, and CR 5 are verified

– at step 9) by analysing if the UE shall make a successful or not successful RRC Resumption for RNA Update in accordance with the result indicated in the table.

5.4.2.4.4 Tables related to the test case

Table 5.4.2A-2

TC Seq#	Access Category	USIM		SIB1 on Cell B		REGISTRATION ACCEPT (5GS network feature support IE)		Result
		EFUAC_AIC	EFACC (Byte 1 b8-b4)	uac-BarringInfo	PLMN-Identity (MCC/MNC)	MPS indicator Bit	MCS indicator Bit	RRCResumeRequest with resumeCause set to rna-Update successful?
2.1	8	0x01 00 00 00	00000	Not Present	246 / 081	0	0	Yes
2.2	8	0x01 00 00 00	00000	UAC_BarringInfo_Common( 8,0×1000000’B)	246 / 081	0	0	No
2.3	8	0x01 00 00 00	00000	UAC_BarringInfo_PerPLMN( 8,0×0000000’B)	246 / 081	0	0	Yes
2.4	8	0x01 00 00 00	00000	UAC_BarringInfo_Common( 8,0×1000000’B)	244 / 081	1	0	No
2.5	8	0x01 00 00 00	00000	UAC_BarringInfo_Common2 ( 7,0×1000000’B, 8,0×0000000’B)	244 / 081	0	0	No
2.6	8	0x01 00 00 00	00000	UAC_BarringInfo_Common( 8,0×0000000’B)	246 / 081	0	0	Yes

5.4.3 Unified Access Control – Access Identity 1 – no MPS indication by USIM and SUPI not changed

TBD for the first release of the present document.

5.4.4 Unified Access Control – Access Identity 1 – no MPS indication by USIM and SUPI is changed

TBD for the first release of the present document.

5.4.5 Unified Access Control – Access Identity 2 – MCS indicated by USIM

TBD for the first release of the present document.

5.4.6 Unified Access Control – Access Identity 2 – no MCS indication by USIM and SUPI is not changed

TBD for the first release of the present document.

5.4.7 Unified Access Control – Access Identity 2 – no MCS indication by USIM and SUPI is changed

TBD for the first release of the present document.

5.4.8 Unified Access Control – Access Identities 11 and 15 indicated by USIM

TBD for the first release of the present document.

5.4.9 Unified Access Control – Access Identities 12, 13 and 14 indicated by USIM

TBD for the first release of the present document.

5.4.10 Unified Access Control – Operator-Defined Access Category

TBD for the first release of the present document.

5.4.11 Unified Access Control – Operator-Defined Access Categories, no change in SUPI

TBD for the first release of the present document.

5.4.12 Unified Access Control – Operator-Defined Access Categories, SUPI change

TBD for the first release of the present document.

5.5 Handling of operator controlled features

5.5.1 Display of registered 5G PLMN name from USIM

5.5.1.1 Definition and applicability

If the operator’s decision, as indicated by the USIM, is that the ME shall use EF_OPL5G in association with EF_PNN or EF_PNNI to display the Operator 5G PLMN name from USIM, then the ME shall be able to associate the prioritised list of Tracking Area Identity (TAI) identities for NG-RAN in EF_OPL5G with the operator name contained in EF_PNN. This prioritized list takes precedence over any network name stored within the ME’s internal list and any network name received when registered to the PLMN, as defined by TS 24.501 [25].

5.5.1.2 Conformance requirement

CR 1 EF_OPL5G association with the EF_PNN shall be performed by the USIM if service n°129 is "available" in EF_UST.

CR 2 The ME shall display the correct Operator network name per 4.4.11.9 in TS 31.102 [19].

Reference:

– TS 31.102 [19], clauses 4.4.11.9.

– TS 24.008 [31], clause 10.5.3.5a

5.5.1.3 Test purpose

The purpose of this test is to verify that the ME displays the 5G Operator PLMN name correctly for the following cases:

1) Entire range of TAC for a specific PLMN is configured in EF_OPL5G;

2) Specific range of TAC for a specific PLMN is configured in EF_OPL5G;

3) Specific TAC for a specific PLMN is configured in EF_OPL5G.

5.5.1.4 Method of tests

5.5.1.4.1 Initial conditions

The values of the 5G-NR UICC as defined in clause 4.5.7 of the present document are used with the following exceptions:

EF_UST (USIM Service Table)

Logically:

Settings from clause 4.5.7 (5G-NR UICC) of the present document apply with the following changes:

Service n°42:		Operator controlled PLMN selector with Access Technology	available
Service n°45:		PLMN Network Name	available
Service n°129:		5GS Operator PLMN List	available

Coding:	B1	B2	B3	B4	B5	B6	B7	B8
Binary:	xxxx xx1x	xxxx xxxx	xxxx 1×00	xxxx x1xx	xxxx xx11	xxx1 xx1x	xxxx xxxx	xxxx xxxx
	B9	B10	B11	…	B16	B17
	xxxx xxxx	xxxx xxxx	xx11 xxxx	…	xxx0 111x	xxxx xxx1

EF_OPLMNwACT

Logically:

1^st PLMN: 244 010 (MCC MNC), 1^st ACT: NG-RAN

2^nd PLMN: 244 020 (MCC MNC), 2^nd ACT: NG-RAN

3^rd PLMN: 244 030 (MCC MNC), 3^rd ACT: NG-RAN

4^th PLMN: 244 040 (MCC MNC), 4^th ACT: NG-RAN

5^th PLMN: 244 050 (MCC MNC), 5^th ACT: NG-RAN

6^th PLMN: 244 060 (MCC MNC), 6^th ACT: NG-RAN

7^th PLMN: 244 070 (MCC MNC), 7^th ACT: NG-RAN

8^th PLMN: 244 080 (MCC MNC), 8^th ACT: NG-RAN

Coding:

Byte	B1	B2	B3	B4	B5	B6	B7	B8
Hex	42	04	10	08	00	42	04	20
	B9	B10	B11	B12	B13	B14	B15	B16
	08	00	42	04	30	08	00	42
	B17	B18	B19	B20	B21	B22	B23	B24
	04	40	08	00	42	04	50	08
	B25	B26	B27	B28	B29	B30	B31	B32
	00	42	04	60	08	00	42	04
	B33	B34	B35	B36	B37	B38	B39	B40
	70	08	00	42	04	80	08	00

EF_OPL5G

Record 1:

Logically:

MCC: 244,

MNC: 010,

TAC: Entire range,

PNN Record Identifier: 01

Coding:

Byte	B1	B2	B3	B4	B5	B6	B7	B8	B9	B10
Hex	42	04	10	00	00	00	FF	FF	FE	01

Record 2:

Logically:

MCC: 244,

MNC: 020,

TAC: 000003 – 000006,

PNN Record Identifier: 02

Coding:

Byte	B1	B2	B3	B4	B5	B6	B7	B8	B9	B10
Hex	42	04	20	00	00	03	00	00	06	02

Record 3:

Logically:

MCC: 244,

MNC: 030,

TAC: 000003,

PNN Record Identifier: 02

Coding:

Byte	B1	B2	B3	B4	B5	B6	B7	B8	B9	B10
Hex	42	04	30	00	00	03	00	00	03	02

EF_PNN

Record 1:

Logically:

Long name: PLMN 5G

Coding:

Byte	B1	B2	B3	B4	B5	B6	B7	B8	B9	B10
Hex	43	08	87	50	66	D3	09	AA	1D	01
	B11	B12	B13	B14	B15	B16	B17	B18	B19	B20
	FF	FF	FF	FF	FF	FF	FF	FF	FF	FF

Record 2:

Logically:

Long name: ABCD

Coding:

Byte	B1	B2	B3	B4	B5	B6	B7	B8	B9	B10
Hex	43	05	84	41	E1	90	08	FF	FF	FF
	B11	B12	B13	B14	B15	B16	B17	B18	B19	B20
	FF	FF	FF	FF	FF	FF	FF	FF	FF	FF

Record 3:

Logically:

Long name: CCCDDD

Coding:

Byte	B1	B2	B3	B4	B5	B6	B7	B8	B9	B10
Hex	43	07	86	C3	E1	90	48	24	02	FF
	B11	B12	B13	B14	B15	B16	B17	B18	B19	B20
	FF	FF	FF	FF	FF	FF	FF	FF	FF	FF

The UICC/USIM configuration defined for this test case is installed in the UE.

The NG-SS transmits on the BCCH, with the following network parameters:

– TAI (MCC/MNC/TAC): 244/010/000001

– Access control: unrestricted

The UE runs an initial activation.

5.5.1.4.2 Procedure

Step	Direction	Action	Comment	REQ	SA
1	UE > TT	Send RegistrationRequest	In the registration type IE indicates: – "initial registration" – 5GS mobile identity information element type "SUCI"
2	TT > UE	Send RegistrationAccept	The RegistrationAccept is sent with a 5G-GUTI
3	UE > TT	Send RegistrationComplete
4	Tester	Wait 30 seconds	"PLMN 5G" is shown as Operator 5G PLMN name	CR 1 CR 2
5	UE	Switch off
6	TT	Stop RF output on the BCCH
7	TT	Resume the RF output on the BCCH with: – TAI (MCC/MNC/TAC): 244/020/000004 – Access control: unrestricted
8	UE	Switch on
9	UE > TT	Send RegistrationRequest	In the registration type IE indicates: – "initial registration" – 5GS mobile identity information element type "5G-GUTI"
10	TT > UE	Send RegistrationAccept	The RegistrationAccept is sent with a 5G-GUTI
11	UE > TT	Send RegistrationComplete
12	Tester	Wait 30 seconds	"ABCD" is shown as Operator 5G PLMN name	CR 1 CR 2
13	UE	Switch off
14	TT	Stop RF output on the BCCH
15	TT	Resume the RF output on the BCCH with: – TAI (MCC/MNC/TAC): 244/030/000003 – Access control: unrestricted
16	UE	Switch on
17	UE > TT	Send RegistrationRequest	In the registration type IE indicates: – "initial registration" – 5GS mobile identity information element type "5G-GUTI"
18	TT > UE	Send RegistrationAccept	The RegistrationAccept is sent with a 5G-GUTI
19	UE > TT	Send RegistrationComplete
20	Tester	Wait 30 seconds	"ABCD" is shown as Operator 5G PLMN name	CR 1 CR 2
21	UE	Switch off
	TT

5.5.1.4.3 Acceptance criteria

CR 1 can be implicitly verified. The conformance requirement is met if the expected Operator 5G PLMN name is shown in step 4), step 12) and step 17).

CR 2 shall be verified by checking the UE output for the Operator 5G PLMN name (e.g. on a display). The conformance requirement is met if the appropriate Operator 5G PLMN name is shown:

– "PLMN 5G" in step 4);

– "ABCD" in step 12);

– "ABCD" in step 17).

5.5.2 Display of registered 5G PLMN name from ME

5.5.2.1 Definition and applicability

If the operator’s decision, as indicated by the USIM, is that the ME shall use EF_OPL5G in association with EF_PNN or EF_PNNI to display the Operator 5G PLMN name from ME or other sources, then the displayed network name will be either from the one stored within the ME’s internal list or any network name received when registered to the PLMN, as defined by TS 24.501 [25].

5.5.2.2 Conformance requirement

CR 1 EF_OPL5G association with the EF_PNN shall be performed by the USIM if service n°129 is "available" in EF_UST.

CR 2 The ME shall display the correct Operator network name per 4.4.11.9 in TS 31.102 [19].

Reference:

– TS 31.102 [19], clauses 4.4.11.9.

– TS 24.008 [31], clause 10.5.3.5a

5.5.2.3 Test purpose

The purpose of this test is to verify that the ME displays the 5G Operator PLMN name correctly for the following cases:

1) ME registers to a TAI outside the range referenced in EF_OPL5G;

2) ME registers to a TAI configured in EF_OPL5G and PNN record identified is set as 00.

5.5.2.4 Method of tests

5.5.2.4.1 Initial conditions

The values of the 5G-NR UICC as defined in clause 4.5.7 of the present document are used with the following exceptions:

EF_UST (USIM Service Table)

Logically:

Settings from clause 4.5.7 (5G-NR UICC) of the present document apply with the following changes:

Service n°42:		Operator controlled PLMN selector with Access Technology	available
Service n°45:		PLMN Network Name	available
Service n°129:		5GS Operator PLMN List	available

Coding:	B1	B2	B3	B4	B5	B6	B7	B8
Binary:	xxxx xx1x	xxxx xxxx	xxxx 1×00	xxxx x1xx	xxxx xx11	xxx1 xx1x	xxxx xxxx	xxxx xxxx
	B9	B10	B11	…	B16	B17
	xxxx xxxx	xxxx xxxx	xx11 xxxx	…	xxx0 111x	xxxx xxx1

EF_OPLMNwACT

Logically:

1^st PLMN: 244 010 (MCC MNC), 1^st ACT: NG-RAN

2^nd PLMN: 244 020 (MCC MNC), 2^nd ACT: NG-RAN

3^rd PLMN: 244 030 (MCC MNC), 3^rd ACT: NG-RAN

4^th PLMN: 244 040 (MCC MNC), 4^th ACT: NG-RAN

5^th PLMN: 244 050 (MCC MNC), 5^th ACT: NG-RAN

6^th PLMN: 244 060 (MCC MNC), 6^th ACT: NG-RAN

7^th PLMN: 244 070 (MCC MNC), 7^th ACT: NG-RAN

8^th PLMN: 244 080 (MCC MNC), 8^th ACT: NG-RAN

Coding:

Byte	B1	B2	B3	B4	B5	B6	B7	B8
Hex	42	04	10	08	00	42	04	20
	B9	B10	B11	B12	B13	B14	B15	B16
	08	00	42	04	30	08	00	42
	B17	B18	B19	B20	B21	B22	B23	B24
	04	40	08	00	42	04	50	08
	B25	B26	B27	B28	B29	B30	B31	B32
	00	42	04	60	08	00	42	04
	B33	B34	B35	B36	B37	B38	B39	B40
	70	08	00	42	04	80	08	00

EF_OPL5G

Record 1:

Logically:

MCC: 244,

MNC: 010,

TAC: Entire range,

PNN Record Identifier: 01

Coding:

Byte	B1	B2	B3	B4	B5	B6	B7	B8	B9	B10
Hex	42	04	10	00	00	00	FF	FF	FE	01

Record 2:

Logically:

MCC: 244,

MNC: 020,

TAC: 000003 – 000006,

PNN Record Identifier: 02

Coding:

Byte	B1	B2	B3	B4	B5	B6	B7	B8	B9	B10
Hex	42	04	20	00	00	03	00	00	06	02

Record 3:

Logically:

MCC: 244,

MNC: 030,

TAC: 000005 – 000009,

PNN Record Identifier: 00

Coding:

Byte	B1	B2	B3	B4	B5	B6	B7	B8	B9	B10
Hex	42	04	30	00	00	05	00	00	09	00

EF_PNN

Record 1:

Logically:

Long name: PLMN 5G

Coding:

Byte	B1	B2	B3	B4	B5	B6	B7	B8	B9	B10
Hex	43	08	87	50	66	D3	09	AA	1D	01
	B11	B12	B13	B14	B15	B16	B17	B18	B19	B20
	FF	FF	FF	FF	FF	FF	FF	FF	FF	FF

Record 2:

Logically:

Long name: ABCD

Coding:

Byte	B1	B2	B3	B4	B5	B6	B7	B8	B9	B10
Hex	43	05	84	41	E1	90	08	FF	FF	FF
	B11	B12	B13	B14	B15	B16	B17	B18	B19	B20
	FF	FF	FF	FF	FF	FF	FF	FF	FF	FF

Record 3:

Logically:

Long name: CCCDDD

Coding:

Byte	B1	B2	B3	B4	B5	B6	B7	B8	B9	B10
Hex	43	07	86	C3	E1	90	48	24	02	FF
	B11	B12	B13	B14	B15	B16	B17	B18	B19	B20
	FF	FF	FF	FF	FF	FF	FF	FF	FF	FF

The UICC/USIM configuration defined for this test case is installed in the UE.

The NG-SS transmits on the BCCH, with the following network parameters:

– TAI (MCC/MNC/TAC): 244/020/000007

– Access control: unrestricted

The UE runs an initial activation.

5.5.2.4.2 Procedure

Step	Direction	Action	Comment	REQ	SA
1	UE > TT	Send RegistrationRequest	In the registration type IE indicates: – "initial registration" – 5GS mobile identity information element type "SUCI"
2	TT > UE	Send RegistrationAccept	The RegistrationAccept is sent with a 5G-GUTI
3	UE > TT	Send RegistrationComplete
4	Tester	Wait 30 seconds	The ME shows: – MCC: "244" – MNC: "020"	CR 1 CR 2
5	UE	Switch off
6	TT	Stop RF output on the BCCH
7	TT	Resume the RF output on the BCCH with: – TAI (MCC/MNC/TAC): 244/030/000006 – Access control: unrestricted
8	UE	Switch on
9	UE > TT	Send RegistrationRequest	In the registration type IE indicates: – "initial registration" – 5GS mobile identity information element type "5G-GUTI"
10	TT > UE	Send RegistrationAccept	The RegistrationAccept is sent with a 5G-GUTI
11	UE > TT	Send RegistrationComplete
12	Tester	Wait 30 seconds	The ME shows: – MCC: "244" – MNC: "030"	CR 1 CR 2
13	UE	Switch off
	TT

5.5.1.4.3 Acceptance criteria

CR 1 can be implicitly verified. The conformance requirement is met if the expected or a pre-configured Operator 5G PLMN name is shown in step 4) and step 12).

CR 2 shall be verified by checking the UE output for the Operator 5G PLMN name (e.g. on a display). The conformance requirement is met if the appropriate Operator 5G PLMN name is shown:

– MCC: "244", MNC: "020", but not: "PLMN 5G", "ABCD" or "CCCDDD" in step 4);

– MCC: "244", MNC: "030", but not: "PLMN 5G", "ABCD" or "CCCDDD" in step 12);

NOTE: MCC/MNC combinations are displayed as formatted by the ME manufacturer. MCC/MNC combinations with correct values are valid, independent from the formatting (e.g. with or without a separator). Different from the MCC/MNC combinations anything else configured by ME as Operator 5G PLMN name may be displayed.

5.6 Handling subscription identifier privacy for 5G – SUPI type in NAI format

5.6.1 SUCI calculation by ME using null scheme

5.6.1.1 Definition and applicability

If the operator’s decision is that ME shall calculate the SUCI, the home network operator shall provision a list of the Protection Scheme Identifiers in the USIM that the operator allows. The list of Protection Scheme Identifiers in the USIM may contain one or more Protection Scheme Identifiers in the order of their priority. The ME shall read the SUCI calculation information from the USIM, including the SUPI, the Home Network Public Key, the Home Network Public Key Identifier, and the list of Protection Scheme Identifiers. The ME shall select the protection scheme from its supported schemes that has the highest priority in the list obtained from the USIM.

The ME shall calculate the SUCI using the null-scheme if the highest priority of the protection schemes listed in the USIM is the null-scheme.

5.6.1.2 Conformance requirement

1) SUCI calculation procedure shall be performed by the ME if Service n°124 is "available" and Service n°125 is not "available" in EF_UST

2) SUPI is available in EF_{SUPI_NAI} if Service n°130 is "available" in EF_UST

3) A subscriber identifier is in the form of a SUPI in NAI format

4) The SUPI may contain:

– a network-specific identifier, used for private networks as defined in TS 22.261 [43] or

– a GLI and an operator identifier of the 5GC operator, used for supporting FN-BRGs, as further described in TS 23.316 [55] or

– a GCI and an operator identifier of the 5GC operator, used for supporting FN-CRGs and 5G-CRG, as further described in TS 23.316 [55].

5) As part of the SUCI calculation performed by the ME, the ME performs the reading procedure for EF_{SUCI_Calc_Info}.

6) The ME shall calculate the SUCI using the null-scheme if highest priority of the protection schemes listed in the USIM is the null-scheme.

Reference:

– TS 31.102 [4], clauses 4.4.11.8, 4.4.11.10, 4.4.11.11, 5.2.33, 5.3.47 and 5.3.51;

– TS 33.501 [41], clause Annex C;

– TS 23.003 [19], clause 28.2, 28.7.2.

– TS 24.501 [42], clause 5.5.1.2, 5.5.1.2.4.

5.6.1.3 Test purpose

1) To verify that the READ EF_{SUCI_Calc_Info}, EF_{Routing_Indicator} and EF_{SUPI_NAI} commands are performed correctly by the ME.

2) To verify that the ME performs the SUCI calculation procedure using null-scheme.

5.6.1.4 Method of test

5.6.1.4.1 Initial conditions

The NG-SS transmits on the BCCH, with the following network parameters:

– TAI (MCC/MNC/TAC): 244/083/000001.

– Access control: unrestricted.

The default 5G-NR UICC non-IMSI SUPI Type is used with the following exception:

EF_{SUCI_Calc_Info} (Subscription Concealed Identifier Calculation Information EF)

Logically:

Protection Scheme Identifier List data object

Protection Scheme Identifier 1 – null-scheme

Key Index 1: 0

Protection Scheme Identifier 2 – ECIES scheme profile B

Key Index 2: 1

Protection Scheme Identifier 3 – ECIES scheme profile A

Key Index 3: 2

Home Network Public Key List data object

Home Network Public Key 1 Identifier: 27

Home Network Public Key 1:

– 04 72 DA 71 97 62 34 CE 83 3A 69 07 42 58 67 B8 2E 07 4D 44 EF 90 7D FB 4B 3E 21 C1 C2 25 6E BC D1 5A 7D ED 52 FC BB 09 7A 4E D2 50 E0 36 C7 B9 C8 C7 00 4C 4E ED C4 F0 68 CD 7B F8 D3 F9 00 E3 B4

Home Network Public Key 2 Identifier: 30

Home Network Public Key 2:

– 5A 8D 38 86 48 20 19 7C 33 94 B9 26 13 B2 0B 91 63 3C BD 89 71 19 27 3B F8 E4 A6 F4 EE C0 A6 50

Coding:	B1	B2	B3	B4	B5	B6	B7	B8
Hex	A0	06	00	00	02	01	01	02
	B9	B10	B11	B12	B13	B14	B15	B16
	A1	6B	80	01	1B	81	41	04
	B17	B18	B19	B20	B21	B22	B23	B24
	72	DA	71	97	62	34	CE	83
	B25	B26	B27	B28	B29	B30	B31	B32
	3A	69	07	42	58	67	B8	2E
	B33	B34	B35	B36	B37	B38	B39	B40
	07	4D	44	EF	90	7D	FB	4B
	B41	B42	B43	B44	B45	B46	B47	B48
	3E	21	C1	C2	25	6E	BC	D1
	B49	B50	B51	B52	B53	B54	B55	B56
	5A	7D	ED	52	FC	BB	09	7A
	B57	B58	B59	B60	B61	B62	B63	B64
	4E	D2	50	E0	36	C7	B9	C8
	B65	B66	B67	B68	B69	B70	B71	B72
	C7	00	4C	4E	ED	C4	F0	68
	B73	B74	B75	B76	B77	B78	B79	B80
	CD	7B	F8	D3	F9	00	E3	B4
	B81	B82	B83	B84	B85	B86	B87	B88
	80	01	1E	81	20	5A	8D	38
	B89	B90	B91	B92	B93	B94	B95	B96
	86	48	20	19	7C	33	94	B9
	B97	B98	B99	B100	B101	B102	B103	B104
	26	13	B2	0B	91	63	3C	BD
	B105	B106	B107	B108	B109	B110	B111	B112
	89	71	19	27	3B	F8	E4	A6
	B113	B114	B115	B116	B117
	F4	EE	C0	A6	50

The UICC is installed into the ME.

5.6.1.4.2 Procedure

a) The UE is switched on.

b) The UE sends REGISTRATION REQUEST to the NG-SS indicating the 5GS registration type IE as "initial registration" and 5GS mobile identity information element type "SUCI".

c) Upon reception of REGISTRATION ACCEPT message with a 5G-GUTI, the UE sends REGISTRATION COMPLETE message to the NG-SS.

5.6.1.5 Acceptance criteria

1) After step a) the ME shall read EF_{SUPI_NAI}, EF_{Routing_Indicator} and EF_{SUCI_Calc_Info.}

2) In step b) the UE shall include the SUCI as coded below in the 5GS mobile identity IE in the REGISTRATION REQUEST.

SUPI format: 3

Routing indicator: 17

Protection scheme id: 00

Home network public key Id: 0

Scheme output: 00-00-5E-00-53-00@5gc.mnc012.mcc345.3gppnetwork.org

5.6.2 UE identification by SUCI during initial registration – SUCI calculation by USIM using profile A

5.6.2.1 Definition and applicability

If the operator’s decision, indicated by the USIM, is that the USIM shall calculate the SUCI, then the USIM shall not give to the ME any parameter for the calculation of the SUCI including the Home Network Public Key Identifier, the Home Network Public Key, and the Protection Scheme Identifier. If the ME determines that the calculation of the SUCI, indicated by the USIM, shall be performed by the USIM, the ME shall delete any previously received or locally cached parameters for the calculation of the SUCI including the Routing Indicator, the Home Network Public Key Identifier, the Home Network Public Key and the Protection Scheme Identifier.

5.6.2.2 Conformance requirement

1) SUCI calculation procedure shall be performed by the USIM if Service n°124 is "available" and Service n°125 is "available" in EF_UST

2) SUPI is available in EF_{SUPI_NAI} if Service n°130 is "available" in EF_UST

3) A subscriber identifier is in the form of a SUPI in NAI format

4) The SUPI may contain:

– a NSI, used for private networks as defined in TS 22.261 [43] or

– a GLI and an operator identifier of the 5GC operator, used for supporting FN-BRGs, as further described in TS 23.316 [55] or

– a GCI and an operator identifier of the 5GC operator, used for supporting FN-CRGs and 5G-CRG, as further described in TS 23.316 [55].

5) The ME shall use the GET IDENTITY command in SUCI context to retrieve the SUCI calculated by the USIM.

6) This GET IDENTITY command shall be as per 7.5.2 in 3GPP TS 31.102 [4].

7) The USIM shall calculate the SUCI using the ECIES scheme profile A.

Reference:

– 3GPP TS 31.102 [4], clauses 4.4.11.10, 4.4.11.11, 5.3.48 and 7.5.

– 3GPP TS 33.501 [41], clauses 6.12.1, 6.12.2 and Annex C.

– TS 23.003 [19], clauses 2.2A, 2.2B, 28.2, 28.7.2, 28.7.3, 28.15.2 and 28.15.5.

– 3GPP TS 24.501 [42], clause 5.5.1.2, 5.5.1.2.4.

5.6.2.3 Test purpose

1) To verify that the GET IDENTITY command is performed correctly by the ME.

2) To verify that the ME includes the SUCI received from the USIM within GET IDENTITY response in the 5GS mobile identity IE.

5.6.2.4 Method of test

5.6.2.4.1 Initial conditions

The NG-SS transmits on the BCCH, with the following network parameters:

– TAI (MCC/MNC/TAC): 244/083/000001.

– Access control: unrestricted.

The NG-SS shall be configured with Home Network Private Key for profile A:

Coding:	B1	B2	B3	B4	B5	B6	B7	B8
Hex	C5	3C	22	20	8B	61	86	0B
	B9	B10	B11	B12	B13	B14	B15	B16
	06	C6	2E	54	06	A7	B3	30
	B17	B18	B19	B20	B21	B22	B23	B24
	C2	B5	77	AA	55	58	98	15
	B25	B26	B27	B28	B29	B30	B31	B32
	10	D1	28	24	7D	38	BD	1D

5G-NR UICC – non-IMSI SUPI Type is configured with:

Protection Scheme Identifier : ECIES scheme profile A

Key Index: 1

Home Network Public Key Identifier: 30

Home Network Public Key:

Coding:	B1	B2	B3	B4	B5	B6	B7	B8
Hex	5A	8D	38	86	48	20	19	7C
	B9	B10	B11	B12	B13	B14	B15	B16
	33	94	B9	26	13	B2	0B	91
	B17	B18	B19	B20	B21	B22	B23	B24
	63	3C	BD	89	71	19	27	3B
	B25	B26	B27	B28	B29	B30	B31	B32
	F8	E4	A6	F4	EE	C0	A6	50

EF_{SUCI_Calc_Info} (Subscription Concealed Identifier Calculation Information EF): Not available to the ME.

EF_UST (USIM Service Table)

Settings from clause 4.10.1 of the present document apply with the following changes:

Logically:

Service n°125:

SUCI calculation by the USIM

available

Coding:	B1	B2	B3	B4	B5	B6	B7	B8
Binary:	xxxx xx1x	xxxx xxxx	xxxx 1×00	xxxx x1xx	xxxx xx11	xxxx xxxx	xxxx xxxx	xxxx xxxx
	B9	B10	B11		B16	B17
	xxxx xxxx	xxxx xxxx	xx11 xxxx	…..	xxx1 111x	xxxx xx1x

EF_{SUPI_NAI} (SUPI as Network Access Identifier)

Logically: verylongusername1@3gpp.com

SUPI Type: NSI

Username: verylongusername1

Realm: 3gpp.com

Coding:	B1	B2	B3	B4	B5	B6	B7	B8
Hex	80	1A	76	65	72	79	6C	6F
	B9	B10	B11	B12	B13	B14	B15	B16
	6E	67	75	73	65	72	6E	61
	B17	B18	B19	B20	B21	B22	B23	B24
	6D	65	31	40	33	67	70	70
	B25	B26	B27	B28	B29	B30	B31	B32
	2E	63	6F	6D

5.6.2.4.2 Procedure

a) The UE is switched on.

b) The UE sends REGISTRATION REQUEST to the NG-SS indicating the 5GS registration type IE as "initial registration" and 5GS mobile identity information element type "SUCI".

c) Upon reception of REGISTRATION ACCEPT message with a 5G-GUTI, the UE sends REGISTRATION COMPLETE message to the NG-SS.

5.6.2.5 Acceptance criteria

1) After step a) the ME shall send GET IDENTITY command with Identity Context in P2 as SUCI (0x01) to the 5G-NR UICC

2) After step b) the UE shall include the SUCI (coded below) in the 5GS mobile identity IE in the REGISTRATION REQUEST.

SUPI format: 1

Home Network Identifier: 246/081

Routing indicator: 17

Protection scheme id: 01

Home network public key Id: 30

Scheme output: ECC ephemeral public key, encryption of verylongusername1@3gpp.com.org and MAC tag value

As exemple with test data from 3GPP TS 33.501 [43] Annex C :

type1.rid17.schid1.hnkey30.ecckey977D8B2FDAA7B64AA700D04227D5B440630EA4EC50F9082273A26BB678C92222.cip8E358A1582ADB15322C10E515141D2039A.mac12E1D7783A97F1AC@3gpp.com

5.6.3 UE identification by SUCI during initial registration – SUCI calculation by USIM using profile B

5.6.3.1 Definition and applicability

If the operator’s decision, indicated by the USIM, is that the USIM shall calculate the SUCI, then the USIM shall not give to the ME any parameter for the calculation of the SUCI including the Home Network Public Key Identifier, the Home Network Public Key, and the Protection Scheme Identifier. If the ME determines that the calculation of the SUCI, indicated by the USIM, shall be performed by the USIM, the ME shall delete any previously received or locally cached parameters for the calculation of the SUCI including the Routing Indicator, the Home Network Public Key Identifier, the Home Network Public Key and the Protection Scheme Identifier.

5.6.3.2 Conformance requirement

1) SUCI calculation procedure shall be performed by the USIM if Service n°124 is "available" and Service n°125 is "available" in EF_UST

2) SUPI is available in EF_{SUPI_NAI} if Service n°130 is "available" in EF_UST

3) A subscriber identifier is in the form of a SUPI in NAI format

4) The SUPI may contain:

– a NSI, used for private networks as defined in TS 22.261 [43] or

– a GLI and an operator identifier of the 5GC operator, used for supporting FN-BRGs, as further described in TS 23.316 [55] or

– a GCI and an operator identifier of the 5GC operator, used for supporting FN-CRGs and 5G-CRG, as further described in TS 23.316 [55].

5) The ME shall use the GET IDENTITY command in SUCI context to retrieve the SUCI calculated by the USIM.

6) This GET IDENTITY command shall be as per 7.5.2 in 3GPP TS 31.102 [4].

7) The USIM shall calculate the SUCI using the ECIES scheme profile B.

Reference:

– 3GPP TS 31.102 [4], clauses 4.4.11.10, 4.4.11.11, 5.3.48 and 7.5.

– 3GPP TS 33.501 [41], clauses 6.12.1, 6.12.2 and Annex C.

– TS 23.003 [19], clauses 2.2A, 2.2B, 28.2, 28.7.2, 28.7.3, 28.15.2 and 28.15.5.

– 3GPP TS 24.501 [42], clause 5.5.1.2, 5.5.1.2.4.

5.6.3.3 Test purpose

1) To verify that the GET IDENTITY command is performed correctly by the ME.

2) To verify that the ME includes the SUCI received from the USIM within GET IDENTITY response in the 5GS mobile identity IE.

5.6.3.4 Method of test

5.6.3.4.1 Initial conditions

The NG-SS transmits on the BCCH, with the following network parameters:

– TAI (MCC/MNC/TAC): 244/083/000001.

– Access control: unrestricted.

The default 5G-NR UICC – non-IMSI SUPI Type is used and installed into the Terminal.

The NG-SS shall be configured with Home Network Private Key for profile B:

Coding:	B1	B2	B3	B4	B5	B6	B7	B8
Hex	F1	AB	10	74	47	7E	BC	C7
	B9	B10	B11	B12	B13	B14	B15	B16
	F5	54	EA	1C	5F	C3	68	B1
	B17	B18	B19	B20	B21	B22	B23	B24
	61	67	30	15	5E	00	41	AC
	B25	B26	B27	B28	B29	B30	B31	B32
	44	7D	63	01	97	5F	EC	DA

5G-NR UICC – non-IMSI SUPI Type is configured with:

Protection Scheme Identifier : ECIES scheme profile B

Key Index: 1

Home Network Public Key Identifier: 27

Home Network Public Key:

Coding:	B1	B2	B3	B4	B5	B6	B7	B8
Hex	04	72	DA	71	97	62	34	CE
	B9	B10	B11	B12	B13	B14	B15	B16
	83	3A	69	07	42	58	67	B8
	B17	B18	B19	B20	B21	B22	B23	B24
	2E	07	4D	44	EF	90	7D	FB
	B25	B26	B27	B28	B29	B30	B31	B32
	4B	3E	21	C1	C2	25	6E	BC
	B33	B34	B35	B36	B37	B38	B39	B40
	D1	5A	7D	ED	52	FC	BB	09
	B41	B42	B43	B44	B45	B46	B47	B48
	7A	4E	D2	50	E0	36	C7	B9
	B49	B50	B51	B52	B53	B54	B55	B56
	C8	C7	00	4C	4E	ED	C4	F0
	B57	B58	B59	B60	B61	B62	B63	B64
	68	CD	7B	F8	D3	F9	00	E3
	B65
	B4

EF_{SUCI_Calc_Info} (Subscription Concealed Identifier Calculation Information EF): Not available to the ME.

EF_UST (USIM Service Table)

Settings from clause 4.10.1 of the present document apply with the following changes:

Logically:

Service n°125:

SUCI calculation by the USIM

available

Coding:	B1	B2	B3	B4	B5	B6	B7	B8
Binary:	xxxx xx1x	xxxx xxxx	xxxx 1×00	xxxx x1xx	xxxx xx11	xxxx xxxx	xxxx xxxx	xxxx xxxx
	B9	B10	B11		B16	B17
	xxxx xxxx	xxxx xxxx	xx11 xxxx	…..	xxx1 111x	xxxx xx1x

EF_{SUPI_NAI} (SUPI as Network Access Identifier)

Logically: verylongusername1@3gpp.com

SUPI Type: NSI

Username: verylongusername1

Realm: 3gpp.com

Coding:	B1	B2	B3	B4	B5	B6	B7	B8
Hex	80	1A	76	65	72	79	6C	6F
	B9	B10	B11	B12	B13	B14	B15	B16
	6E	67	75	73	65	72	6E	61
	B17	B18	B19	B20	B21	B22	B23	B24
	6D	65	31	40	33	67	70	70
	B25	B26	B27	B28	B29	B30	B31	B32
	2E	63	6F	6D

5.6.3.4.2 Procedure

a) The UE is switched on.

b) The UE sends REGISTRATION REQUEST to the NG-SS indicating the 5GS registration type IE as "initial registration" and 5GS mobile identity information element type "SUCI".

c) Upon reception of REGISTRATION ACCEPT message with a 5G-GUTI, the UE sends REGISTRATION COMPLETE message to the NG-SS.

5.6.3.5 Acceptance criteria

1) After step a) the ME shall send GET IDENTITY command with Identity Context in P2 as SUCI (0x01) to the 5G-NR UICC

2) After step b) the UE shall include the SUCI (coded below) in the 5GS mobile identity IE in the REGISTRATION REQUEST.

SUPI format: 1

Home Network Identifier: 246/081

Routing indicator: 17

Protection scheme id: 02

Home network public key Id: 27

Scheme output: ECC ephemeral public key, encryption of verylongusername1@3gpp.com and MAC tag value

As exemple with test data from 3GPP TS 33.501 [43] Annex C :

type1.rid17.schid2.hnkey27.ecckey03759BB22C563D9F4A6B3C1419E543FC2F39D6823F02A9D71162B39399218B244B.cipBE22D8B9F856A52ED381CD7EAF4CF2D525.mac3CDDC61A0A7882EB@3gpp.com

5.6.4 UE identification after SUPI is changed

5.6.4.1 Definition and applicability

A globally unique temporary user identity for 5GS-based services, the 5G globally unique temporary identity (5G-GUTI), is used for identification within the signalling procedures. A UE supporting N1 mode includes a valid 5G-GUTI, if any is available, in the REGISTRATION REQUEST and DEREGISTRATION REQUEST messages.

5.6.4.2 Conformance requirement

The following 5GMM parameters shall be stored on the USIM if the corresponding file is present:

a) 5G-GUTI;

b) last visited registered TAI;

c) 5GS update status; and

d) 5G NAS security context parameters from a full native 5G NAS security context.

The presence and format of corresponding files on the USIM is specified in 3GPP TS 31.102 [4].

If the corresponding file is not present on the USIM, these 5GMM parameters are stored in a non-volatile memory in the ME together with the SUPI from the USIM in the EF_{SUPI_NAI.}. These 5GMM parameters can only be used if the SUPI from the USIM in the EF_{SUPI_NAI} matches the SUPI stored in the non-volatile memory; else the UE shall delete the 5GMM parameters.

Reference:

– TS 24.501 [42], clauses 5.3.3, 5.5.1.2 and Annex C.

5.6.4.3 Test purpose

1) To verify that the READ EF_{SUPI_NAI} command is performed correctly by the ME.

2) To verify that the ME deletes the 5GMM parameters from non-volatile memory in case SUPI is changed.

3) To verify that the GET IDENTITY command is performed correctly by the ME.

4) To verify that the ME includes the SUCI received from the USIM within GET IDENTITY response in the 5GS mobile identity IE.

5.6.4.4 Method of test

5.6.4.4.1 Initial conditions

The NG-SS transmits on the BCCH, with the following network parameters:

– TAI (MCC/MNC/TAC): 244/083/000001.

– Access control: unrestricted.

The default 5G-NR UICC – non-IMSI SUPI Type is used and installed into the Terminal.

EF_UST (USIM Service Table)

Settings from clause 4.10.1 of the present document apply with the following changes:

Logically:

Service n°125:

SUCI calculation by the USIM

available

Coding:	B1	B2	B3	B4	B5	B6	B7	B8
Binary:	xxxx xx1x	xxxx xxxx	xxxx 1×00	xxxx x1xx	xxxx xx11	xxxx xxxx	xxxx xxxx	xxxx xxxx
	B9	B10	B11		B16	B17
	xxxx xxxx	xxxx xxxx	xx11 xxxx	…..	xxx1 111x	xxxx xx1x

5G-NR UICC – non-IMSI SUPI Type is configured with:

Protection Scheme Identifier : null-scheme

Key Index: 0

EF_{SUCI_Calc_Info} (Subscription Concealed Identifier Calculation Information EF): Not available to the ME.

5.6.4.4.2 Procedure

a) The UE is switched on.

b) The UE sends REGISTRATION REQUEST to the NG-SS indicates the 5GS registration type IE as "initial registration".

c) The NG-SS sends a REGISTRATION ACCEPT message with the following parameters:

5G-GUTI: 24408300010266436587

TAI: 244 083 000001

d) The UE sends a REGISTRATION COMPLETE message to the NG-SS.

e) The UE is switched off, change the UICC configuration by setting the SUPI value from 00-00-5E-00-53-00@5gc.mnc012.mcc345.3gppnetwork.org to 00-00-5E-00-53-01@5gc.mnc012.mcc345.3gppnetwork.org.

f) The UE is switched on.

g) The UE sends REGISTRATION REQUEST to the NG-SS indicating the 5GS registration type IE as "initial registration" and 5GS mobile identity information element type "SUCI" with the new SUCI corresponding to the new SUPI value.

5.6.4.5 Acceptance criteria

1) After step a) and f) the ME shall read EF_{SUPI_NAI} and then the ME shall send GET IDENTITY command with Identity Context in P2 as SUCI (0x01) to the 5G-NR UICC.

2) In step g) the UE shall not use the 5G-GUTI or the Last visited registered TAI parameters in the REGISTRATION REQUEST message, instead it shall use the new SUCI as 5GS mobile identity IE.

3) The UE shall include the new SUCI (coded below).

SUPI format: 3

Home Network Identifier: 246/081

Routing indicator: 17

Protection scheme id: 00

Home network public key Id: 0

Scheme output: 00-00-5E-00-53-01@5gc.mnc012.mcc345.3gppnetwork.org