HO

Home Operator

Security
Introduced in Rel-8
The Home Operator (HO) is the subscriber's primary mobile network provider, responsible for authentication, billing, and service provisioning. It is a fundamental concept in roaming and security architectures, enabling users to access services outside their home network through visited operators.

Description

The Home Operator (HO) is a core administrative and functional entity within 3GPP network architectures, representing the mobile network operator with whom a subscriber holds a permanent subscription. It is the central authority for the subscriber's identity, credentials, and service profile. The HO's primary roles are executed through its core network components, notably the Home Subscriber Server (HSS) in 4G/5G Core or the Home Location Register (HLR) in earlier systems. These databases store the master copy of subscriber data, including International Mobile Subscriber Identity (IMSI), authentication vectors (keys and algorithms), subscribed services, and QoS profiles.

In security and mobility procedures, the HO is indispensable. During initial network attachment or a handover into a new network, the serving (visited) operator must authenticate the user. This is achieved through an authentication and key agreement (AKA) protocol where the visited network requests authentication vectors from the HO's HSS. The HO generates these vectors using the shared secret key (K) unique to the subscriber's Universal Subscriber Identity Module (USIM). This process ensures that only the legitimate HO can vouch for the subscriber's identity, forming the bedrock of network access security and preventing fraud.

Beyond security, the HO is central to service delivery and mobility management. It authorizes the services a roaming subscriber can access based on their subscription profile. In the 5G system, the HO's Authentication Server Function (AUD) within the HSS interacts with the visited network's Security Anchor Function (SEAF) to manage primary authentication. The HO also plays a critical role in lawful interception and billing mediation, generating Charging Data Records (CDRs) for roaming usage that are settled between operators. Its architectural role is defined in interfaces like the S6a (between MME and HSS) in 4G and the Nudm (UDM service-based interface) in 5G, facilitating secure data retrieval and updates.

Purpose & Motivation

The concept of a Home Operator exists to enable secure and seamless mobile communications across different administrative network domains, primarily for roaming. Before standardized roaming agreements and architectures, subscribers were effectively tethered to their provider's physical network coverage. The HO model solves this by establishing a trusted home authority that can authenticate and authorize a subscriber's access to services in a foreign (visited) network. This decouples service provision from network access, which is the foundation of global mobile interoperability.

Historically, the need for the HO concept became acute with the rise of GSM and the desire for international roaming. It addressed the critical problem of how a visited network, which has no direct relationship with the subscriber, can trust the user and provide service. The solution was to centralize subscriber identity and cryptographic secrets at the HO. This architecture also addresses business and operational problems, such as billing settlement between operators and consistent service policy enforcement regardless of the user's location. The HO maintains the 'golden record' of the subscription, ensuring that service changes or suspensions are controlled from a single point.

In modern networks, the purpose extends to supporting complex service architectures like network slicing and edge computing in 5G. The HO (via its UDM) provides the subscription data that dictates which network slices a user is permitted to access, even when those slices are instantiated in a visited network. Thus, the HO is not just a security anchor but a policy and service control anchor, enabling the flexible, service-based architecture of contemporary 5G systems while maintaining robust security and commercial frameworks.

Key Features

  • Acts as the ultimate authority for subscriber authentication and security key management.
  • Hosts the master subscriber database (HSS/HLR/UDM) containing identity, service profiles, and credentials.
  • Generates and distributes authentication vectors to visited networks via secure interfaces.
  • Authorizes subscriber access to specific services and network slices during roaming.
  • Serves as the anchor point for billing and charging data generation in roaming scenarios.
  • Enables lawful interception for subscribers by providing identity and service data to authorities.

Evolution Across Releases

Rel-8 Initial

Introduced as a foundational concept for the Evolved Packet System (EPS). The Home Operator's role was formalized with the Home Subscriber Server (HSS) as its central node, interacting with the Mobility Management Entity (MME) via the S6a interface for authentication and subscriber data retrieval in 4G LTE networks.

TS 33.401TS 33.812TS 33.859

Defining Specifications

SpecificationTitle
TS 33.401 3GPP TR 33.401
TS 33.812 3GPP TR 33.812
TS 33.859 3GPP TR 33.859