A.2 Short description of the schemes

3GPP43.020Release 17Security related network functionsTS

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

Scheme 1: Location registration

– no TMSI available.

The situation occurs where an MS requests registration and for some reason e.g. TMSI is lost or this is the first registration, there is no TMSI available. In this case the IMSI is used for identification. The IMSI is sent in clear text via the radio path as part of the location updating.

Scheme 2: Location updating

– MS registered in VLR;

– TMSI is still available.

The mobile station stays within the area controlled by the VLR. The mobile station is already registered in this VLR. All information belonging to the mobile station is stored in the VLR, so no connection with the HLR is necessary. Identification is done by the CKSN, LAI and TMSI. For authentication a new set of RAND, SRES and Kc is already available in the VLR.

Scheme 3: Location updating

– MS not yet registered in VLR;

– TMSI is still available.

The MS has roamed to an area controlled by another VLR. The LAI is used to address the "old" VLR. The TMSI is used for identification. The "old" VLR informs the "new" VLR about this MS. The security related information is sent by the "old" VLR to the "new" VLR.

Scheme 4: Location updating

– MS not yet registered in VLR and no old LAI.

The VLR cannot identify the VLR where the MS was last registered. Identification is therefore done by using the IMSI. The VLR cannot request authentication information from the previous VLR (LAI not available), so the HLR has to send the authentication information to the VLR.

Scheme 5: Call set-up

– mobile originated;

– early assignment.

The users of the registered MS wants to set-up a call. Identification is done by using the TMSI. All signalling information elements in all messages on the radio path are encrypted with ciphering key Kc. The PLMN is setting up calls with "early assignment".

Scheme 6: Call set-up

– mobile originated;

– off air call set-up.

As in scheme 5 the user of the registered MS wants to set-up a call. Identification is done by using the TMSI. All signalling information elements in all messages on the radio path are encrypted with ciphering key Kc after the cipher mode command message. The PLMN is setting up calls with "off air call set-up"

Scheme 7: Call set-up

– mobile terminated;

– early assignment.

A paging request is sent to the registered MS, addressed by the TMSI. All signalling information elements in all messages on the radio path are encrypted with ciphering key Kc after the cipher mode command message. The PLMN is setting up calls with "early assignment".