Revision 8b68e4ec
Added by osmith about 4 years ago
| docs/imsi-pseudo-spec.adoc | ||
|---|---|---|
| 150 | 150 |
that the HLR controls. The pseudonymous IMSI must not be used by any subscriber |
| 151 | 151 |
as pseudonymous IMSI yet, but may be the real IMSI of a subscriber. |
| 152 | 152 |
|
| 153 |
[[hlr-imsi-pseudo-i]] |
|
| 153 | 154 |
==== imsi_pseudo_i |
| 154 | 155 |
|
| 155 | 156 |
The counter imsi_pseudo_i indicates how often a subscriber's pseudonymous IMSI |
| ... | ... | |
| 161 | 162 |
|
| 162 | 163 |
=== SIM Provisioning |
| 163 | 164 |
|
| 165 |
The HLR is allocating a pseudonymous IMSI for the subscriber. This pseudonymous |
|
| 166 |
IMSI is stored as IMSI on the subscriber's SIM instead of the real IMSI. |
|
| 167 |
|
|
| 168 |
==== SIM applet |
|
| 169 |
|
|
| 170 |
The SIM is provisioned with a SIM applet, which is able to change the IMSI once |
|
| 171 |
the next pseudonymous IMSI arrives from the HLR. A reference implementation is |
|
| 172 |
provided in <<reference-src>>. |
|
| 173 |
|
|
| 174 |
The SIM applet registers to a suitable SMS trigger (3GPP TS 03.19, Section |
|
| 175 |
6.2). When an SMS from the HLR in the format of <<sms-format>> arrives, the |
|
| 176 |
applet must verify that the SMS is not outdated by comparing imsi_pseudo_i from |
|
| 177 |
the SMS with the last imsi_pseudo_i that was used when changing the IMSI |
|
| 178 |
(initially 1 as in <<hlr-imsi-pseudo-i>>). The new value must be higher, |
|
| 179 |
otherwise the SMS should not be processed further. |
|
| 180 |
|
|
| 181 |
The SIM applet registers a timer with min_sleep_time from the SMS. When the |
|
| 182 |
timer triggers, the IMSI of the SIM is overwritten with the new pseudonymous |
|
| 183 |
IMSI, the TMSI and GSM Ciphering key Kc (3GPP TS 31.102, Section 4.4.3.1) are |
|
| 184 |
invalidated. The current imsi_pseudo_i value is stored to compare it with the |
|
| 185 |
next SMS. Afterwards, the EF~IMSI~ changing procedure in 3GPP TS 11.14, Section |
|
| 186 |
6.4.7.1 is executed to apply the new IMSI. |
|
| 187 |
|
|
| 188 |
// FIXME: do we need to enforce the LU now, with an arbitrary CM Service |
|
| 189 |
// Request, or would this only be necessary for Osmocom? (OS#4404) |
|
| 190 |
|
|
| 164 | 191 |
=== Successful Location Update With Pseudonymous IMSI |
| 165 | 192 |
|
| 166 |
// HLR may choose not to give out next IMSI if it is short on available IMSIS |
|
| 193 |
// HLR may choose not to give out next IMSI if it is short on available IMSIs |
|
| 194 |
|
|
| 195 |
[[sms-format]] |
|
| 196 |
==== Format of the SMS |
|
| 197 |
|
|
| 198 |
* min_sleep_time |
|
| 199 |
* imsi_pseudo |
|
| 200 |
* imsi_pseudo_i |
|
| 167 | 201 |
|
| 168 | 202 |
=== Next Pseudonymous IMSI Arrives Via SMS |
| 169 | 203 |
|
| ... | ... | |
| 171 | 205 |
=== Next Pseudonymous IMSI SMS is Lost |
| 172 | 206 |
=== SMS Arrives Late |
| 173 | 207 |
|
| 208 |
// === SMS Arrives Before Timer Expires |
|
| 209 |
// FIXME: OS#4486 |
|
| 210 |
|
|
| 211 |
[[reference-src]] |
|
| 174 | 212 |
== Reference Implementation with Source Code |
| 175 | 213 |
|
| 176 | 214 |
== Recommendations for Real-World Implementations |
Also available in: Unified diff
spec: describe SIM applet