The document discusses private and public user identities in 3GPP systems. Private user identities uniquely identify a subscription and are permanently allocated. They are stored and used for authentication during registration. If there is no ISIM application, the private identity can be derived from the IMSI. Public user identities are provisioned and stored separately, are not authenticated during registration, and can be shared across multiple private identities within a subscription. Service profiles associated with public identities are stored in the HSS and define the services available to a user.

1. 1

2. 2

3. Source: TS 23.228
• The Private User Identity shall be permanently allocated to a user's subscription (it is not a
dynamic identity), and is valid for the duration of the user's subscription with the home
network.
• The Private User Identity is used to identify the user's information (for example
authentication information) stored within the HSS (for use for example during Registration).
• The Private User Identity may be present in charging records based on operator policies.
• The Private User Identity is authenticated only during registration of the user, (including re-
registration and de-registration).
Source: RFC 4282
• nai = username
• nai =/ "@" realm
• nai =/ username "@" realm
• realm = domain
• =/ means Incremental Alternatives
Source: TS23.003
• It is possible for a representation of the IMSI to be contained within the NAI for the private
identity.
• For 3GPP systems, if there is no ISIM application, the private user identity is not known. If the
private user identity is not known, the private user identity shall be derived from the IMSI.
The following steps show how to build the private user identity out of the IMSI:
1. Use the whole string of digits as the username part of the private user identity; and
2. Convert the leading digits of the IMSI, i.e. MNC and MCC, into a domain name, as
described in subclause 13.2.
• The result will be a private user identity of the form
"<IMSI>@ims.mnc<MNC>.mcc<MCC>.3gppnetwork.org". For example: If the IMSI is
234150999999999 (MCC = 234, MNC = 15), the private user identity then takes the form
"234150999999999@ims.mnc015.mcc234.3gppnetwork.org".
3

4. The Public User Identity shall take the form as defined in TS 23.003 [24].
Public User Identities are not authenticated by the network during registration.
Public User Identities are stored in the HSS. A distinct Public User Identity
contains the Public User Identity that is used in routing and it is explicitly
provisioned in the HSS.
4

5. Only one service profile shall be associated with a Public User Identity at the
S-CSCF at a given time. Multiple service profiles may be defined in the HSS for a
subscription. Each Public User Identity is associated with one and only one
service profile. Each service profile is associated with one or more Public User
Identities.
Public User Identities with different Service Profiles may belong to the same
Implicit Registration Set.
The IMS Service Profile is a collection of service and user related data. The IMS
service profile is defined and maintained in the HSS and its scope is limited to IM
CN Subsystem. The service profile is downloaded from the HSS to the S-CSCF.
5

6. Public User Identities may be shared across multiple Private User Identities
within the same IMS subscription. Hence, a particular Public User Identity may be
simultaneously registered from multiple UEs that use different Private User
Identities and different contact addresses.
All Service Profiles of a user shall be stored in the same HSS, even if the user has
one or more shared Public User Identities.
6

7. 7

8. 8