AMF supports the authentication activities and the GUTI (Globally Unique Temporary Identity) reallocation configuration control for call flows.

GUTI

GUTI is used to keep the subscriber's IMSI confidential. AMF allocates a GUTI to the UE. It's composed of PLMN ID, AMF ID, and TMSI. As it's a temporary identifier, its associations aren’t fixed to any specific subscriber or mobile. A single 5G-GUTI is used to access the Security Context of 3GPP and non-3GPP technologies within the AMF.

Supported Functions

AMF supports the following functions:

• Authentication and GUTI reallocation counter maintained as per the UE. For each supported type, separate counters are maintained.

• Time reference per UE for network-initiated GUTI reallocation

• GUTI reallocation attempted as per the configuration for a specific time interval.

• Includes the new GUTI in either Registration Accept or Configuration Update Command NAS message

• AMF shows the allocated GUTI and the allocated time in the show subscriber command output.

Note	Collision of GUTI reallocation in Registration Accept or Configuration Update Command with other procedures isn’t supported.

Supported Scenarios

This feature supports the following scenarios based on the UE on time and frequency of access attempts. These scenarios are part of the Registration and Service Request procedure:

• Selective authentication

• GUTI reallocation

The frequency supports access attempts per UE and not across UEs.

Unsupported Scenarios

The following scenario isn’t supported:

• Authentication requirements dependent or based on EAP-AKA or EAPAKA' or EAPAKA Prime

• When the latest GUTI isn’t acknowledged, the UE is paged simultaneously with the old and the new GUTI.

Note	GUTI reallocation process takes place only for the successful procedure.

To configure this feature, use the following configuration:

config 
    call-control-policy ccp_name 
        authenticate registration-request type { frequency frequency_count | periodicity duration } 
        no authenticate registration registration-request 
        authenticate service-request type { frequency frequency_count | periodicity duration } 
        no authenticate registration service-request 
        authenticate all-events { frequency frequency_count | periodicity duration } 
        no authenticate all-events 
        guti-reallocation type { frequency frequency_count | periodicity duration } 
        no guti-reallocation 
        end 

NOTES:

• call-control-policy ccp_name —Specify the UE-specific name for call control policy. Must be a string.

• authenticate registration-request { normal | periodic | inter-rat | intra-rat } —Specify the required option to authenticate the registration process.

• registration-type normal —Specify the initial registration details with locally allocated GUTI.

• authenticate service-request { data | signaling } —Specify the option to authenticate the service type for the service request.

• authenticate all-events —Specify the option to authenticate all events. It’s also the default or the fallback authentication option, when the configuration doesn’t present for any type.

• guti-reallocation { periodic-registration | service-request } —Specify the options to authenticate the GUTI reallocation process.

• no authenticate { [ registration-request ] | [ service-request ] | [ all-events ] | [ guti-reallocation ] } —Specify the option for which the authentication isn’t required.

• frequency frequency_count —Specify the required frequency duration or count for authenticating each option. The frequency range is 0–256. The disabled value is 0.

• periodicity duration —Specify the time, period, or duration for authenticating the selected option. The periodicity duration range is 0–10800 (minutes). The disabled value is 0.

Note

The AMF does not maintain periodicity and frequency after the context is deleted. If UE context is not available, the frequency and periodicity triggers doesn't work. For example, if the mobile identifier in the NAS Attach is a foreign GUTI, the AMF doesn't trigger authentication/GUTI reallocation for the subscriber based on frequency/periodicity. Inter-rat ReAuth/SelectiveAuth is supported for frequency 1 and periodicity 0 only. If the GUTI reallocation and reauthentication need to be configured on the basis of only frequency or only periodicity, then the non-used or disabled configuration parameter (such as periodicity or frequency) must be set as 0. The periodicity values in minutes indicate that Amf ReAuth or ReAllocateGuti time difference between the two successive requests is more than the defined values. The periodicity timer configured for any procedure starts on the first occurrence of that procedure. The defined frequency value indicates that Amf ReAuth or ReAllocateGuti for every subscriber. When the AMF resets both frequency and periodicity, it indicates the expired value for either frequency or periodicity. The default GUTI reallocation is enabled for periodic-registration . The following commands are used to disable or enable this option. config amf-global call-control-policy ccp-name guti-reallocation periodic-registration disabled end config amf-global call-control-policy ccp-name no guti-reallocation periodic-registration disabled guti-reallocation periodic-registration { frequency count | periodicity duration } end