Digital cellular telecommunications system (Phase 2+) (GSM); Security related network functions (GSM 03.20 version 5.1.1)

This European Telecommunication Standard (ETS) specifies the network f unctions needed to provide the security related service and functions specified in GSM 02.09.  This ETS does not address the cryptological algorithms that are needed to provide different security related features. This topic is addressed i n annex C. Wherever a cryptological algorithm or mechanism is needed, this is signalled with a reference to annex C. The references refers only to functionali ties, and some algorithms may be identical or use common hardware.

Digitalni celični telekomunikacijski sistem (faza 2+) – Omrežne funkcije v zvezi z varnostjo (GSM 03.20, različica 5.1.1)

General Information

Status
Published
Publication Date
30-Nov-2003
Current Stage
6060 - National Implementation/Publication (Adopted Project)
Start Date
01-Dec-2003
Due Date
01-Dec-2003
Completion Date
01-Dec-2003

Buy Standard

Standard
ETS 300 929 E2:2003
English language
51 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)

SLOVENSKI STANDARD
SIST ETS 300 929 E2:2003
01-december-2003
'LJLWDOQLFHOLþQLWHOHNRPXQLNDFLMVNLVLVWHP ID]D ±2PUHåQHIXQNFLMHY]YH]L]
YDUQRVWMR *60UD]OLþLFD
Digital cellular telecommunications system (Phase 2+) (GSM); Security related network
functions (GSM 03.20 version 5.1.1)
Ta slovenski standard je istoveten z: ETS 300 929 Edition 2
ICS:
33.070.50 Globalni sistem za mobilno Global System for Mobile
telekomunikacijo (GSM) Communication (GSM)
SIST ETS 300 929 E2:2003 en
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------

SIST ETS 300 929 E2:2003

---------------------- Page: 2 ----------------------

SIST ETS 300 929 E2:2003
EUROPEAN ETS 300 929
TELECOMMUNICATION August 1997
STANDARD Second Edition
Source: ETSI SMG Reference: RE/SMG-030320QR
ICS: 33.020
Key words: Digital cellular telecommunications system, Global System for Mobile communications (GSM)
R
GLOBAL SYSTEM FOR
MOBILE COMMUNICATIONS
Digital cellular telecommunications system (Phase 2+);
Security related network functions
(GSM 03.20 version 5.1.1)
ETSI
European Telecommunications Standards Institute
ETSI Secretariat
Postal address: F-06921 Sophia Antipolis CEDEX - FRANCE
Office address: 650 Route des Lucioles - Sophia Antipolis - Valbonne - FRANCE
X.400: c=fr, a=atlas, p=etsi, s=secretariat - Internet: secretariat@etsi.fr
Tel.: +33 4 92 94 42 00 - Fax: +33 4 93 65 47 16
Copyright Notification: No part may be reproduced except as authorized by written permission. The copyright
and the foregoing restriction extend to reproduction in all media.
© European Telecommunications Standards Institute 1997. All rights reserved.

---------------------- Page: 3 ----------------------

SIST ETS 300 929 E2:2003
Page 2
ETS 300 929 (GSM 03.20 version 5.1.1): August 1997
Whilst every care has been taken in the preparation and publication of this document, errors in content,
typographical or otherwise, may occur. If you have comments concerning its accuracy, please write to
"ETSI Editing and Committee Support Dept." at the address shown on the title page.

---------------------- Page: 4 ----------------------

SIST ETS 300 929 E2:2003
Page 3
ETS 300 929 (GSM 03.20 version 5.1.1): August 1997
Contents
Foreword .5
0 Scope .7
0.1 Normative references .7
0.2 Abbreviations .7
1 General.8
2 Subscriber identity confidentiality .9
2.1 Generality.9
2.2 Identifying method.9
2.3 Procedures.10
2.3.1 Location updating in the same MSC area .10
2.3.2 Location updating in a new MSCs area, within the same VLR area .11
2.3.3 Location updating in a new VLR; old VLR reachable .12
2.3.4 Location Updating in a new VLR; old VLR not reachable.13
2.3.5 Reallocation of a new TMSI .14
2.3.6 Local TMSI unknown.15
2.3.7 Location updating in a new VLR in case of a loss of information.16
2.3.8 Unsuccessful TMSI allocation .16
3 Subscriber identity authentication.17
3.1 Generality.17
3.2 The authentication procedure .17
3.3 Subscriber Authentication Key management.18
3.3.1 General authentication procedure.18
3.3.2 Authentication at location updating in a new VLR, using TMSI.19
3.3.3 Authentication at location updating in a new VLR, using IMSI .20
3.3.4 Authentication at location updating in a new VLR, using TMSI, TMSI
unknown in "old" VLR.21
3.3.5 Authentication at location updating in a new VLR, using TMSI, old VLR
not reachable.22
3.3.6 Authentication with IMSI if authentication with TMSI fails .22
3.3.7 Re-use of security related information in failure situations.23
4 Confidentiality of signalling information elements, connectionless data and user information
elements on physical connections.24
4.1 Generality.24
4.2 The ciphering method .24
4.3 Key setting .25
4.4 Ciphering key sequence number .26
4.5 Starting of the ciphering and deciphering processes.26
4.6 Synchronization.26
4.7 Handover .27
4.8 Negotiation of A5 algorithm.27
5 Synthetic summary.28
Annex A (informative): Security issues related to signalling schemes and key management .29
A.1 Introduction.29
A.2 Short description of the schemes.29
A.3 List of abbreviations .30

---------------------- Page: 5 ----------------------

SIST ETS 300 929 E2:2003
Page 4
ETS 300 929 (GSM 03.20 version 5.1.1): August 1997
Annex B (informative): Security information to be stored in the entities of the GSM system . 44
B.1 Introduction. 44
B.2 Entities and security information. 44
B.2.1 Home Location Register (HLR). 44
B.2.2 Visitor Location Register (VLR). 44
B.2.3 Mobile services Switching Centre (MSC)/Base Station System (BSS). 44
B.2.4 Mobile Station (MS). 45
B.2.5 Authentication Centre (AuC) . 45
Annex C (normative): External specifications of security related algorithms. 46
C.0 Scope. 46
C.1 Specifications for Algorithm A5. 46
C.1.1 Purpose. 46
C.1.2 Implementation indications. 46
C.1.3 External specifications of Algorithm A5. 48
C.1.4 Internal specification of Algorithm A5. 48
C.2 Algorithm A3 . 48
C.2.1 Purpose. 48
C.2.2 Implementation and operational requirements. 48
C.3 Algorithm A8 . 49
C.3.1 Purpose. 49
C.3.2 Implementation and operational requirements. 49
Annex D (informative): Status of Technical Specification GSM 03.20. 50
History. 51

---------------------- Page: 6 ----------------------

SIST ETS 300 929 E2:2003
Page 5
ETS 300 929 (GSM 03.20 version 5.1.1): August 1997
Foreword
This European Telecommunication Standard (ETS) has been produced by the Special Mobile Group
(SMG) of the European Telecommunications Standards Institute (ETSI).
This ETS defines the security related network functions within the digital cellular telecommunications
system.
The specification from which this ETS has been derived was originally based on CEPT documentation,
hence the presentation of this ETS may not be entirely in accordance with the ETSI rules.
Transposition dates
Date of adoption: 25 July 1997
Date of latest announcement of this ETS (doa): 30 November 1997
Date of latest publication of new National Standard
or endorsement of this ETS (dop/e): 31 May 1998
Date of withdrawal of any conflicting National Standard (dow): 31 May 1998

---------------------- Page: 7 ----------------------

SIST ETS 300 929 E2:2003
Page 6
ETS 300 929 (GSM 03.20 version 5.1.1): August 1997
Blank page

---------------------- Page: 8 ----------------------

SIST ETS 300 929 E2:2003
Page 7
ETS 300 929 (GSM 03.20 version 5.1.1): August 1997
0 Scope
This European Telecommunication Standard (ETS) specifies the network functions needed to provide the
security related service and functions specified in GSM 02.09.
This ETS does not address the cryptological algorithms that are needed to provide different security
related features. This topic is addressed in annex C. Wherever a cryptological algorithm or mechanism is
needed, this is signalled with a reference to annex C. The references refers only to functionalities, and
some algorithms may be identical or use common hardware.
0.1 Normative references
This ETS incorporates by dated and undated reference, provisions from other publications. These
normative references are cited at the appropriate places in the text and the publications are listed
hereafter. For dated references, subsequent amendments to or revisions of any of these publications
apply to this ETS only when incorporated in it by amendment or revision. For undated references, the
latest edition of the publication referred to applies.
[1] GSM 01.04 (ETR 350): "Digital cellular telecommunications system (Phase 2+);
Abbreviations and acronyms".
[2] GSM 02.07: "Digital cellular telecommunications system (Phase 2+); Mobile
Station (MS) features".
[3] GSM 02.09 (ETS 300 920): "Digital cellular telecommunications system;
Security aspects".
[4] GSM 02.17 (ETS 300 922): "Digital cellular telecommunications system;
Subscriber Identity Modules (SIM) Functional characteristics".
[5] GSM 03.03 (ETS 300 927): "Digital cellular telecommunications system
(Phase 2+); Numbering, addressing and identification".
[6] GSM 04.08 (ETS 300 940): "Digital cellular telecommunications system
(Phase 2+); Mobile radio interface layer 3 specification".
[7] GSM 05.01: "Digital cellular telecommunication system (Phase 2+); Physical
layer on the radio path; General description".
[8] GSM 05.02 (ETS 300 908): "Digital cellular telecommunications system
(Phase 2+); Multiplexing and multiple access on the radio path".
[9] GSM 05.03 (ETS 300 909): "Digital cellular telecommunications system
(Phase 2+); Channel coding".
[10] GSM 09.02 (ETS 300 974): "Digital cellular telecommunications system
(Phase 2+); Mobile Application Part (MAP) specification".
0.2 Abbreviations
Abbreviations used in this ETS are listed in GSM 01.04.
Specific abbreviations used in annex A are listed in clause A.3.

---------------------- Page: 9 ----------------------

SIST ETS 300 929 E2:2003
Page 8
ETS 300 929 (GSM 03.20 version 5.1.1): August 1997
1 General
The different security related services and functions that are listed in GSM 02.09 are grouped as follows:
- Subscriber identity confidentiality;
- Subscriber identity authentication;
- Signalling information element and connectionless user data confidentiality and data confidentiality
for physical connections (ciphering).
It shall be possible to introduce new authentication and ciphering algorithms during the systems lifetime.
The fixed network may support more than one authentication and ciphering algorithm.
The security procedures include mechanisms to enable recovery in event of signalling failures. These
recovery procedures are designed to minimize the risk of a breach in the security of the system.
General on figures in this ETS:
- In the figures below, signalling exchanges are referred to by functional names. The exact messages
and message types are specified in GSM 04.08 and GSM 09.02.
- No assumptions are made for function splitting between MSC (Mobile Switching Centre), VLR
(Visitor Location Register) and BSS (Base Station System). Signalling is described directly between
MS and the local network (i.e. BSS, MSC and VLR denoted in the figures by BSS/MSC/VLR). The
splitting in annex A is given only for illustrative purposes.
- Addressing fields are not given; all information relates to the signalling layer. The TMSI allows
addressing schemes without IMSI, but the actual implementation is specified in the GSM 04-series.
- The term HPLMN in the figures below is used as a general term which should be understood as
HLR (Home Location Register) or AuC (Authentication Centre).
- What is put in a box is not part of the described procedure but it is relevant to the understanding of
the figure.

---------------------- Page: 10 ----------------------

SIST ETS 300 929 E2:2003
Page 9
ETS 300 929 (GSM 03.20 version 5.1.1): August 1997
2 Subscriber identity confidentiality
2.1 Generality
The purpose of this function is to avoid the possibility for an intruder to identify which subscriber is using a
given resource on the radio path (e.g. TCH (Traffic Channel) or signalling resources) by listening to the
signalling exchanges on the radio path. This allows both a high level of confidentiality for user data and
signalling and protection against the tracing of a user's location.
The provision of this function implies that the IMSI (International Mobile Subscriber Identity), or any
information allowing a listener to derive the IMSI easily, should not normally be transmitted in clear text in
any signalling message on the radio path.
Consequently, to obtain the required level of protection, it is necessary that:
- a protected identifying method is normally used instead of the IMSI on the radio path; and
- the IMSI is not normally used as addressing means on the radio path (see GSM 02.09);
- when the signalling procedures permit it, signalling information elements that convey information
about the mobile subscriber identity must be ciphered for transmission on the radio path.
The identifying method is specified in the following subclause. The ciphering of communication over the
radio path is specified in clause 4.
2.2 Identifying method
The means used to identify a mobile subscriber on the radio path consists of a TMSI (Temporary Mobile
Subscriber Identity). This TMSI is a local number, having a meaning only in a given location area; the
TMSI must be accompanied by the LAI (Location Area Identification) to avoid ambiguities. The maximum
length and guidance for defining the format of a TMSI are specified in GSM 03.03.
The network (e.g. a VLR) manages suitable data bases to keep the relation between TMSIs and IMSIs.
When a TMSI is received with an LAI that does not correspond to the current VLR, the IMSI of the MS
must be requested from the VLR in charge of the indicated location area if its address is known; otherwise
the IMSI is requested from the MS.
A new TMSI must be allocated at least in each location updating procedure. The allocation of a new TMSI
corresponds implicitly for the MS to the de-allocation of the previous one. In the fixed part of the network,
the cancellation of the record for an MS in a VLR implies the de-allocation of the corresponding TMSI.
To cope with some malfunctioning, e.g. arising from a software failure, the fixed part of the network can
require the identification of the MS in clear. This procedure is a breach in the provision of the service, and
should be used only when necessary.
When a new TMSI is allocated to an MS, it is transmitted to the MS in a ciphered mode. This ciphered
mode is the same as defined in clause 4.
The MS must store its current TMSI in a non volatile memory, together with the LAI, so that these data are
not lost when the MS is switched off.

---------------------- Page: 11 ----------------------

SIST ETS 300 929 E2:2003
Page 10
ETS 300 929 (GSM 03.20 version 5.1.1): August 1997
2.3 Procedures
This subclause presents the procedures, or elements of procedures, pertaining to the management of
TMSIs.
2.3.1 Location updating in the same MSC area
This procedure is part of the location updating procedure which takes place when the original location
area and the new location area depend on the same MSC. The part of this procedure relative to TMSI
management is reduced to a TMSI re-allocation (from TMSIo with "o" for "old" to TMSIn with "n" for
"new").
The MS sends TMSIo as an identifying field at the beginning of the location updating procedure.
The procedure is schematized in figure 2.1.
‚¶¶¶¶¶„‚¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶„‚¶¶¶¶¶¶¶¶¶¶¶¶„
•06••5DGLRSDWK••%6606&9/5•
”¶¶¶¶»”¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶»”¶¶¶¶¶¶¶¶¶¶¶»
••
•/$,706,R•
…¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶!‰
••
‚¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶„
•0DQDJHPHQWRIPHDQVIRUQHZFLSKHULQJ•
•VHHFODXVH•
”¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶»
••
•‚¶¶¶¶¶¶¶¶¶¶¶¶„
••$OORFDWLRQ•
••RI706,Q•
•”¶¶¶¶¶¶¶¶¶¶¶¶»
•&LSKHU706,Q•
…¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶‰
••
•$FNQRZOHGJH•
…¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶!‰
••
‚¶¶¶¶¶¶¶¶¶¶¶¶¶„
•’HDOORFDWLRQ•
•RI706,R•
”¶¶¶¶¶¶¶¶¶¶¶¶¶»
Figure 2.1: Location updating in the same MSC area
Signalling Functionalities:
Management of means for new ciphering:
The MS and BSS/MSC/VLR agree on means for ciphering signalling information elements, in
particular to transmit TMSIn.

---------------------- Page: 12 ----------------------

SIST ETS 300 929 E2:2003
Page 11
ETS 300 929 (GSM 03.20 version 5.1.1): August 1997
2.3.2 Location updating in a new MSCs area, within the same VLR area
This procedure is part of the location updating procedure which takes place when the original location
area and the new location area depend on different MSCs, but on the same VLR.
The procedure is schematized on figure 2.2.
‚¶¶¶¶¶„‚¶¶¶¶¶¶¶¶¶¶„‚¶¶¶¶¶¶¶¶¶¶¶¶„‚¶¶¶¶¶¶¶„
•06••5DGLRSDWK••%6606&9/5••+3/01•
”¶¶¶¶»”¶¶¶¶¶¶¶¶¶¶»”¶¶¶¶¶¶¶¶¶¶¶»”¶¶¶¶¶¶»
•••
•/$,706,R••
…¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶!‰•
•••
‚¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶„•
•0DQDJHPHQWRIPHDQVIRUQHZ••
•FLSKHULQJVHHFODXVH••
”¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶»•
•‚¶¶¶¶¶¶¶¶¶¶¶¶„•
••DOORFDWLRQ••
••RI706,Q••
•”¶¶¶¶¶¶¶¶¶¶¶¶»•
••••
•••QRWH•
•&LSKHU706,QQRWH••/RF8SGDWLQJ•
…¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶‰…¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶!‰
••••
•••QRWH•
•$FNQRZOHGJHQRWH••$FNQRZOHGJH•
…¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶!‰…¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶‰
‚¶¶¶¶¶¶¶¶¶¶¶¶¶„
•’HDOORFDWLRQ•
•RI706,R•
”¶¶¶¶¶¶¶¶¶¶¶¶¶»
NOTE: From a security point of view, the order of the procedures is irrelevant.
Figure 2.2: Location updating in a new MSCs area, within the same VLR area
Signalling functionalities:
Loc.Updating:
stands for Location Updating
The BSS/MSC/VLR indicates that the location of the MS must be updated.

---------------------- Page: 13 ----------------------

SIST ETS 300 929 E2:2003
Page 12
ETS 300 929 (GSM 03.20 version 5.1.1): August 1997
2.3.3 Location updating in a new VLR; old VLR reachable
This procedure is part of the normal location updating procedure, using TMSI and LAI, when the original
location area and the new location area depend on different VLRs.
The MS is still registered in VLRo ("o" for old or original) and requests registration in VLRn ("n" for new).
LAI and TMSIo are sent by MS as identifying fields during the location updating procedure.
The procedure is schematized in figure 2.3.
‚¶¶¶¶¶„‚¶¶¶¶¶¶¶¶¶¶¶¶¶„‚¶¶¶¶¶¶¶¶¶¶¶¶„‚¶¶¶¶¶¶¶¶„‚¶¶¶¶¶„
•06••5DGLRSDWK••%6606&9/5Q••06&9/5R••+3/01•
”¶¶¶¶»”¶¶¶¶¶¶¶¶¶¶¶¶¶»”¶¶¶¶¶¶¶¶¶¶»”¶¶¶¶¶¶¶»”¶¶¶¶»
•••••
•/$,706,R••706,R••
…¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶!‰…¶¶¶¶¶¶¶¶¶¶!‰•
•••••
•••,06,••
••…¶¶¶¶¶¶¶¶¶¶‰•
‚¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶„•6HF5HO,QI••
•0DQDJHPHQWRIPHDQVIRUQHZ•••
•FLSKHULQJVHHFODXVH•••
”¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶»••
•‚¶¶¶¶¶¶¶¶¶¶¶¶„••
••$OORFDWLRQ•••
••RI706,Q•••
•”¶¶¶¶¶¶¶¶¶¶¶¶»•
••••
••••
•&LSKHU706,QQRWH••/RF8SGDWLQJQRWH•
…¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶‰…¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶!‰
••••
••••
•$FNQRZOHGJHQRWH••$FNQRZOHGJHQRWH•
…¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶!‰…¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶‰
••
•&DQFHOODWLRQ
…¶¶¶¶¶¶¶‰
‚¶¶¶¶¶¶¶¶¶¶¶¶¶„
•’HDOORFDWLRQ•
•RI706,R•
”¶¶¶¶¶¶¶¶¶¶¶¶¶»
NOTE: From a security point of view, the order of the procedures is irrelevant.
Figure 2.3: Location updating in a new VLR; old VLR reachable
Signalling functionalities:
Sec.Rel.Info.:
Stands for Security Related information
The MSC/VLRn needs some information for authentication and ciphering; this information is
obtained from MSC/VLRo.
Cancellation:
The HLR indicates to VLRo that the MS is now under control of another VLR. The "old" TMSI is free
for allocation.

---------------------- Page: 14 ----------------------

SIST ETS 300 929 E2:2003
Page 13
ETS 300 929 (GSM 03.20 version 5.1.1): August 1997
2.3.4 Location Updating in a new VLR; old VLR not reachable
This variant of the procedure in subclause 2.3.3 arises when the VLR receiving the LAI and TMSIo cannot
identify the VLRo. In that case the relation between TMSIo and IMSI is lost, and the identification of the
MS in clear is necessary.
The procedure is schematized in figure 2.4
‚¶¶¶¶„‚¶¶¶¶¶¶¶¶¶¶¶¶¶¶„‚¶¶¶¶¶¶¶¶¶¶¶¶„‚¶¶¶¶¶¶¶¶„‚¶¶¶¶¶„
•06••5DGLRSDWK••%6606&9/5Q••06&9/5R••+3/01•
”¶¶¶»”¶¶¶¶¶¶¶¶¶¶¶¶¶¶»”¶¶¶¶¶¶¶¶¶¶¶»”¶¶¶¶¶¶¶¶»”¶¶¶¶»
•••
•/$,706,R••
…¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶!‰•
•‚¶¶¶¶¶¶¶¶¶¶¶¶„•
••ROG9/5QRW••
••UHDFKDEOH••
•,GHQWLW\5HTXHVW”¶¶¶¶¶¶¶¶¶¶¶¶»•
…¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶‰•
•••
•,06,••
…¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶!‰•
•••
‚¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶„
•0DQDJHPHQWRIPHDQVIRUQHZ•
•FLSKHULQJVHHFODXVH•
”¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶»
•‚¶¶¶¶¶¶¶¶¶¶¶¶„•
••$OORFDWLRQ••
••RI706,Q••
•”¶¶¶¶¶¶¶¶¶¶¶¶»•
••••
••••
•&LSKHU706,QQRWH••/RFDWLRQ8SGDWLQJQRWH•
…¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶‰…¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶!‰
••••
•$FNQRZOHGJHQRWH••$FNQRZOHGJHQRWH•
…¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶!‰…¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶‰
••
•&DQFHOODWLRQ•
…¶¶¶¶¶¶¶¶¶¶¶‰
‚¶¶¶¶¶¶¶¶¶¶¶¶¶„
•’HDOORFDWLRQ•
•RI706,R•
”¶¶¶¶¶¶¶¶¶¶¶¶¶»
NOTE: From a security point of view, the order of the procedures is irrelevant.
Figure 2.4: Location Updating in a new VLR; old VLR not reachable

---------------------- Page: 15 ----------------------

SIST ETS 300 929 E2:2003
Page 14
ETS 300 929 (GSM 03.20 version 5.1.1): August 1997
2.3.5 Reallocation of a new TMSI
This function can be initiated by the network whenever a radio connection exists. The procedure can be
included in other procedures, e.g. through the means of optional parameters. The execution of this
function is left to the network operator.
When a new TMSI is allocated to an MS the network must prevent the old TMSI from being allocated
again until the MS has acknowledged the allocation of the new TMSI.
If an IMSI record is deleted in the VLR by O&M action, the network must prevent any TMSI associated
with the deleted IMSI record from being allocated again until a new TMSI is successfully allocated to that
IMSI.
If an IMSI record is deleted in the HLR by O&M action, it is not possible to prevent any TMSI associated
with the IMSI record from being allocated again. However, if the MS whose IMSI record was deleted
should attempt to access the network using the TMSI after the TMSI has been allocated to a different
IMSI, then authentication or ciphering of the MS whose IMSI was deleted will almost certainly fail, which
will cause the TMSI to be deleted from the MS.
The case where allocation of a new TMSI is unsuccessful is described in subclause 2.3.8.
This procedure is schematized in figure 2.5.
‚¶¶¶¶¶„‚¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶„‚¶¶¶¶¶¶¶¶¶¶¶¶„
•06••5DGLRSDWK••%6606&9/5•
”¶¶¶¶¶»”¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶»”¶¶¶¶¶¶¶¶¶¶¶¶»
•‚¶¶¶¶¶¶¶¶¶¶¶¶„
••$OORFDWLRQ•
••RI706,Q•
•”¶¶¶¶¶¶¶¶¶¶¶¶»
•&LSKHU706,Q•
…¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶‰
••
•$FNQRZOHGJH•
…¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶!‰
••
‚¶¶¶¶¶¶¶¶¶¶¶¶¶„
•’HDOORFDWLRQ•
•RI706,R•
”¶¶¶¶¶¶¶¶¶¶¶¶¶»
Figure 2.5: Reallocation of a new TMSI

---------------------- Page: 16 ----------------------

SIST ETS 300 929 E2:2003
Page 15
ETS 300 929 (GSM 03.20 version 5.1.1): August 1997
2.3.6 Local TMSI unknown
This procedure is a variant of the procedure described in subclauses 2.3.1 and 2.3.2, and happens when
a data loss has occurred in a VLR and when a MS uses an unknown TMSI, e.g. for a communication
request or for a location updating request in a location area managed by the same VLR.
This procedure is schematized in figure 2.6.
‚¶¶¶¶¶„‚¶¶¶¶¶¶¶¶¶¶¶¶¶¶„‚¶¶¶¶¶¶¶¶¶¶¶¶„‚¶¶¶¶¶¶¶„
•06••5DGLRSDWK••%6606&9/5••+3/01•
”¶¶¶¶»”¶¶¶¶¶¶¶¶¶¶¶¶¶¶»”¶¶¶¶¶¶¶¶¶¶¶»”¶¶¶¶¶¶»
•••
•706,RQRWH••
…¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶!‰•
•‚¶¶¶¶¶¶¶¶¶¶¶¶„•
••706,RLV••
••XQNQRZQ••
•,GHQWLW\5HTXHVW”¶¶¶¶¶¶¶¶¶¶¶¶»•
…¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶‰•
•••
•,06,••
…¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶!‰•
•••
‚¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶„
•0DQDJHPHQWRIPHDQVIRUQHZ•
•FLSKHULQJVHHFODXVH•
”¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶»
•‚¶¶¶¶¶¶¶¶¶¶¶¶„
••$OORFDWLRQ•
••RI706,Q•
•&LSKHU706,Q”¶¶¶¶¶¶¶¶¶¶¶¶»
…¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶‰
••
•$FNQRZOHGJH•
…¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶!‰
••
NOTE: Any message in which TMSIo is used as an identifying means in a location area managed by
the same VLR.
Figure 2.6: Location updating in the same MSC area; local TMSI unknown

---------------------- Page: 17 ----------------------

SIST ETS 300 929 E2:2003
Page 16
ETS 300 929 (GSM 03.20 version 5.1.1): August 1997
2.3.7 Location updating in a new VLR in case of a loss of information
This variant of the procedure described in 2.3.3 arises when the VLR in charge of the MS has suffered a
loss of data. In that case the relation between TMSIo and IMSI is lost, and the identification of the MS in
clear is necessary.
The procedure is schematized in figure 2.7.
‚¶¶¶¶„‚¶¶¶¶¶¶¶¶¶¶¶¶¶¶„‚¶¶¶¶¶¶¶¶¶¶¶¶„‚¶¶¶¶¶¶¶¶„‚¶¶¶¶¶„
•06••5DGLRSDWK••%6606&9/5Q••06&9/5R••+3/01•
”¶¶¶»”¶¶¶¶¶¶¶¶¶¶¶¶¶¶»”¶¶¶¶¶¶¶¶¶¶»”¶¶¶¶¶¶¶»”¶¶¶¶»
•••••
•/$,706,R••706,R••
…¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶!‰…¶¶¶¶¶¶¶¶¶¶!‰•
•••••
•••8QNQRZQ••
•,GHQWLW\5HTXHVW•…¶¶¶¶¶¶¶¶¶¶‰•
…¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶‰•••
•••
•,06,••
…¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶!‰•
•••
‚¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶„
•0DQDJHPHQWRIPHDQVIRUQHZ•
•FLSKHULQJVHHFODXVH•
”¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶»
•‚¶¶¶¶¶¶¶¶¶¶¶¶„•
••$OORFDWLRQ••
••RI706,Q••
•”¶¶¶¶¶¶¶¶¶¶¶¶»•
••••
•&LSKHU706,QQRWH••/RFDWLRQ8SGDWLQJQRWH•
…¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶‰…¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶!‰
••••
•$FNQRZOHGJHQRWH••$F
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.