Description
The Application Layer User ID (ALUID) is a privacy-sensitive identifier defined within the 3GPP Proximity Services (ProSe) architecture, primarily specified in TS 23.303. It operates at the application layer, decoupled from the underlying cellular network identifiers like IMSI or MSISDN. The ALUID is used by ProSe-enabled applications to identify users or devices during ProSe Discovery and ProSe Direct Communication procedures. Its primary function is to allow a user's application to be discoverable by or communicate with other nearby users' applications while protecting the user's permanent subscription identity from exposure over the air interface.
Architecturally, the ALUID is managed in conjunction with the ProSe Function in the network. A user's device (ProSe-enabled UE) can register one or more ALUIDs with the ProSe Function. These ALUIDs are typically derived or mapped from application-specific identifiers (like a social media username) but are formatted and managed according to 3GPP specifications to ensure interoperability and security within the ProSe system. The ProSe Function acts as a trusted entity that validates ALUIDs and may assist in discovery by maintaining mappings between ALUIDs and other ProSe identifiers, such as ProSe Application Codes or ProSe Restricted Codes, depending on the discovery model (e.g., Model A "I am here" or Model B "who is there?/are you there?").
During ProSe Discovery, an announcing UE broadcasts a ProSe Application Code, which is a temporary, frequently changing identifier derived from or linked to its registered ALUID. A monitoring UE receiving this code can query the ProSe Function (via the PC3 interface) to resolve the code to the corresponding ALUID of the announcing user, but only if authorized by the discovery policy. This resolution process allows the monitoring user's application to identify the announcing user at the application layer (via the ALUID) without ever learning the announcing user's cellular identity. For ProSe Direct Communication (one-to-one or one-to-many direct data paths between UEs), ALUIDs can be used within session establishment signaling to identify the communicating parties at the application layer.
The security and privacy aspects of ALUID are crucial. Specifications like TS 33.303 detail the security mechanisms. The use of ALUID, combined with ephemeral ProSe Application Codes and network-assisted authorization, prevents tracking of a user's permanent identity based on over-the-air discovery signals. The ProSe Function ensures that ALUID resolution is subject to strict policies, including user consent and subscription checks. The ALUID itself is typically not transmitted in the clear over the PC5 direct interface between devices; instead, its derived temporary codes are used, adding a layer of privacy protection.
Purpose & Motivation
ALUID was created to address the fundamental identity and privacy challenges inherent in device-to-device (D2D) proximity services standardized in 3GPP Release 12 and beyond. Prior to ProSe, cellular networks primarily identified users via network-layer identifiers (IMSI, IMEI, MSISDN) tightly bound to the subscription and the SIM card. Directly using these identifiers for over-the-air discovery between nearby devices would create severe privacy risks, enabling tracking, profiling, and unsolicited contact. Furthermore, application developers needed a way to integrate user identities from their own ecosystems (e.g., app usernames) with the underlying 3GPP proximity service mechanics.
The primary problem ALUID solves is enabling user and application recognizability for proximity services while enforcing privacy-by-design. It allows a user's social, public safety, or commercial application persona to be used for discovery and communication without linking that persona directly to their private, billable cellular identity. This decoupling was essential for regulatory compliance (e.g., for public safety services used by government agencies) and for user acceptance of commercial "find people nearby" features. The motivation stemmed from use cases like public safety communication between first responders, social networking discovery, and local area advertising, all of which require a notion of user identity but must protect subscriber privacy.
ALUID also provides a standardized interface between the 3GPP network ProSe capabilities and over-the-top applications. By defining a formal application-layer identifier, 3GPP enabled application servers and ProSe Functions to interoperate securely (via interfaces like PC2 and PC4). This allows network operators to offer ProSe as an enabler to application providers, who can then use ALUIDs to identify their users within the ProSe system, facilitating a service ecosystem beyond simple network connectivity.
Key Features
- Privacy-preserving user identification for over-the-air discovery
- Decoupling from permanent subscriber identifiers (IMSI, MSISDN)
- Application-layer semantics, mappable to app-specific usernames
- Managed and validated by the network-based ProSe Function
- Used in both ProSe Discovery and ProSe Direct Communication procedures
- Enables authorization policies based on user consent and subscription
Evolution Across Releases
Introduced ALUID as a core component of the initial Proximity Services (ProSe) architecture. Defined its role in ProSe Discovery (both Model A and B) and ProSe Direct Communication. Established the basic procedures for ALUID registration with the ProSe Function, its mapping to ephemeral ProSe Application Codes for discovery, and the privacy protection rationale. Specified the initial security framework in TS 33.303.
Defining Specifications
| Specification | Title |
|---|---|
| TS 23.303 | 3GPP TS 23.303 |
| TS 29.343 | 3GPP TS 29.343 |
| TS 29.345 | 3GPP TS 29.345 |
| TS 33.303 | 3GPP TR 33.303 |