Revision 8b68e4ec
Added by osmith about 4 years ago
docs/imsi-pseudo-spec.adoc | ||
---|---|---|
150 | 150 |
that the HLR controls. The pseudonymous IMSI must not be used by any subscriber |
151 | 151 |
as pseudonymous IMSI yet, but may be the real IMSI of a subscriber. |
152 | 152 |
|
153 |
[[hlr-imsi-pseudo-i]] |
|
153 | 154 |
==== imsi_pseudo_i |
154 | 155 |
|
155 | 156 |
The counter imsi_pseudo_i indicates how often a subscriber's pseudonymous IMSI |
... | ... | |
161 | 162 |
|
162 | 163 |
=== SIM Provisioning |
163 | 164 |
|
165 |
The HLR is allocating a pseudonymous IMSI for the subscriber. This pseudonymous |
|
166 |
IMSI is stored as IMSI on the subscriber's SIM instead of the real IMSI. |
|
167 |
|
|
168 |
==== SIM applet |
|
169 |
|
|
170 |
The SIM is provisioned with a SIM applet, which is able to change the IMSI once |
|
171 |
the next pseudonymous IMSI arrives from the HLR. A reference implementation is |
|
172 |
provided in <<reference-src>>. |
|
173 |
|
|
174 |
The SIM applet registers to a suitable SMS trigger (3GPP TS 03.19, Section |
|
175 |
6.2). When an SMS from the HLR in the format of <<sms-format>> arrives, the |
|
176 |
applet must verify that the SMS is not outdated by comparing imsi_pseudo_i from |
|
177 |
the SMS with the last imsi_pseudo_i that was used when changing the IMSI |
|
178 |
(initially 1 as in <<hlr-imsi-pseudo-i>>). The new value must be higher, |
|
179 |
otherwise the SMS should not be processed further. |
|
180 |
|
|
181 |
The SIM applet registers a timer with min_sleep_time from the SMS. When the |
|
182 |
timer triggers, the IMSI of the SIM is overwritten with the new pseudonymous |
|
183 |
IMSI, the TMSI and GSM Ciphering key Kc (3GPP TS 31.102, Section 4.4.3.1) are |
|
184 |
invalidated. The current imsi_pseudo_i value is stored to compare it with the |
|
185 |
next SMS. Afterwards, the EF~IMSI~ changing procedure in 3GPP TS 11.14, Section |
|
186 |
6.4.7.1 is executed to apply the new IMSI. |
|
187 |
|
|
188 |
// FIXME: do we need to enforce the LU now, with an arbitrary CM Service |
|
189 |
// Request, or would this only be necessary for Osmocom? (OS#4404) |
|
190 |
|
|
164 | 191 |
=== Successful Location Update With Pseudonymous IMSI |
165 | 192 |
|
166 |
// HLR may choose not to give out next IMSI if it is short on available IMSIS |
|
193 |
// HLR may choose not to give out next IMSI if it is short on available IMSIs |
|
194 |
|
|
195 |
[[sms-format]] |
|
196 |
==== Format of the SMS |
|
197 |
|
|
198 |
* min_sleep_time |
|
199 |
* imsi_pseudo |
|
200 |
* imsi_pseudo_i |
|
167 | 201 |
|
168 | 202 |
=== Next Pseudonymous IMSI Arrives Via SMS |
169 | 203 |
|
... | ... | |
171 | 205 |
=== Next Pseudonymous IMSI SMS is Lost |
172 | 206 |
=== SMS Arrives Late |
173 | 207 |
|
208 |
// === SMS Arrives Before Timer Expires |
|
209 |
// FIXME: OS#4486 |
|
210 |
|
|
211 |
[[reference-src]] |
|
174 | 212 |
== Reference Implementation with Source Code |
175 | 213 |
|
176 | 214 |
== Recommendations for Real-World Implementations |
Also available in: Unified diff
spec: describe SIM applet