A Subscription Concealed Identifier (SUCI) is a unique identifier designed to protect the privacy of the subscriber's identity. It's generated by the User Equipment (UE) using an Elliptic Curve Integrated Encryption Scheme (ECIES)-based protection scheme. The UE encrypts the Subscriber Permanent Identifier (SUPI) in a concealed method with the public key of the Home Network. It's securely provisioned to the Universal Subscriber Identity Module (USIM) during the registration process.

The protection scheme used in generating the SUCI only conceals the Mobile Subscriber Identification Number (MSIN) part of the SUPI, while the Mobile Country Code (MCC) and Mobile Network Code (MNC) that constitute the Home Network Identifier are transmitted in plain text. The SUCI data fields include the following in the chronological order:

• SUPI Type Field—This field is a numeric value ranging 0–7, which indicates the type of SUPI concealed in the SUCI. The following values are currently defined:

  • 0—International Mobile Subscriber Identity (IMSI)

  • 1—Network Access Identifier (NAI)

  • 2–7—Reserved for future use

• Home Network Identifier Field—This field identifies the home network of the subscriber. When the SUPI Type is IMSI, the Home Network Identifier is composed of the MCC and the MNC that uniquely identify the home network. When the SUPI Type is a NAI, the Home Network Identifier is a variable-length string of characters that represents a domain name. For example, in the form of user@domain.com

• Routing Indicator Field—This field is a numerical value consisting of 1–4 decimal digits. It’s assigned by the home network operator and securely provisioned within the Universal Subscriber Identity Module (USIM).

• Protection Scheme Field—This field is a 4-bit value ranging 0–15, which identifies the protection scheme used to generate the SUCI. The following values are currently defined:

  • Null Scheme—0x0

  • Profile <A>—0x1

  • Profile <B>—0x2

  • Other Values (3–15)—Reserved for future use

• Home Network Public Key ID Field—This field is an 8-bit value ranging 0–255, which identifies the public key provisioned by the Home Public Land Mobile Network (HPLMN) and used for SUPI protection. When the Null Scheme is used, this field is set to 0.

• Protection Scheme Output Field—This field is a variable-length string of characters or hexadecimal digits, depending on the protection scheme used to generate the SUCI.

Note	When the Null Scheme is supported, the AMF can derive the SUPI value from the SUCI. However, if a protection scheme other than Null is used, the AMF needs to obtain the SUPI value through interaction with the AUSF.