5G Identifiers SUPI and SUCI - Techplayon NAS Signalling
UMTS: Universal Mobile Telecommunication System
TMSI: Temporary Mobile Subscriber Identity, 3G systems
GUTI: Global Unique Temporary Identifier (GUTI) 4/5G
Subscription Permanent Identifier (SUPI)
A SUPI is a 5G globally unique Subscription Permanent Identifier (SUPI) allocated to each subscriber and defined in 3GPP specification TS 23.501. The SUPI value is provisioned in USIM and UDM/UDR function in 5G Core.
A SUPI is usually a string of 15 decimal digits. The first three digits represent the Mobile Country Code (MCC) while the next two or three form the Mobile Network Code (MNC) identifying the network operator. The remaining (nine or ten) digits are known as Mobile Subscriber Identification Number (MSIN) and represent the individual user of that particular operator. SUPI is equivalent to IMSI which uniquely identifies the ME, is also a string of 15 digits.
Subscription Concealed Identifier (SUCI)
Subscription Concealed Identifier (SUCI) is a privacy preserving identifier containing the concealed SUPI. The UE generates a SUCI using a ECIES-based protection scheme with the public key of the Home Network that was securely provisioned to the USIM during the USIM registration.
Only the MSIN part of the SUPI gets concealed by the protection scheme while the home network identifier i.e. MCC/MNC gets transmitted in plain-text. The data fields constituting the SUCI are following
-
SUPI Type: consisting in a value in the range 0 to 7. It identifies the type of the SUPI concealed in the SUCI. The following values are defined
- 0: IMSI
- 1: Network Access Identifier (NAI)
- 2 to 7: spare values for future use.
- Home Network Identifier: identifying the home network of the subscriber. When the SUPI Type is an IMSI, the Home Network Identifier is composed of MCC and MNC. When the SUPI type is a Network Access Identifier, the Home Network Identifier consists of a string of characters with a variable length representing a domain name. e.g. user@techno.com
- Routing Indicator: It is consist of 1 to 4 decimal digits assigned by the home network operator and provisioned within the USIM.
-
Protection Scheme Identifier: It is consist of a value in the range of 0 to 15 and represented with 4 bits
- null-scheme 0x0
- Profile <A> 0x1
- Profile <B> 0x2
- Home Network Public Key Identifier: It is consist of a value in the range 0 to 255. It represents a public key provisioned by the HPLMN and it is used to identify the key used for SUPI protection. In case of null-scheme being used, this data field shall be set to the value as 0
- Protection Scheme Output : It is consist of a string of characters with a variable length or hexadecimal digits, dependent on the used protection scheme
In telecommunication systems, network operator allocate to each SIM card a unique identifier, known up to the 4G as an IMSI (International Mobile Subscriber Identity) and for the 5G as a SUPI (Subscription Permanent Identifier)