IP Multimedia CN subsystem Private Identity

Description

The IP Multimedia CN subsystem Private Identity (IMPI) is a critical identifier within the 3GPP IMS architecture, defined as a permanent and globally unique credential assigned to a user. It is stored securely in the Home Subscriber Server (HSS) and within the IP Multimedia Services Identity Module (ISIM) application on the user's Universal Integrated Circuit Card (UICC). The IMPI is used exclusively for authentication and registration procedures, never for routing SIP messages or public communication. It typically follows the format of a Network Access Identifier (NAI), such as user@realm. During IMS registration, the User Equipment (UE) presents the IMPI along with authentication vectors derived from a shared secret key to the Serving-Call Session Control Function (S-CSCF) via the Proxy-CSCF (P-CSCF). The S-CSCF verifies the credentials with the HSS using authentication protocols like Digest AKAv1-MD5 or later, more secure methods. This process establishes a secure registration binding between the IMPI and the user's IP address, enabling subsequent service authorization. The IMPI's separation from public identities ensures that the user's private authentication key is never exposed on the network, providing a foundational layer of security. It is intrinsically linked to a user's subscription and remains constant, unlike temporary identifiers, forming the anchor for the user's IMS service profile and associated public identities (IMPUs).

Purpose & Motivation

The IMPI was created to provide a secure, subscription-based authentication mechanism for the IMS, which was introduced in 3GPP Release 5 to enable IP-based multimedia services over packet-switched networks. Prior to IMS, circuit-switched mobile networks used the International Mobile Subscriber Identity (IMSI) for authentication, but a new identity was needed for the SIP-based, all-IP service layer that is independent of the underlying access network (e.g., GPRS, WLAN, fixed broadband). The IMPI solves the problem of securely identifying and authenticating a user to the IMS core without revealing permanent credentials during service invocation. It enables a single user with multiple devices or service profiles to have a consistent private identity for authentication, while maintaining multiple public identities for communication. Its creation was motivated by the need for a robust security model that separates authentication (private) from addressing (public), a principle borrowed from Internet security architectures, to prevent impersonation and ensure that only authorized subscribers can access and use IMS services like VoLTE, ViLTE, and RCS.

Key Features

• Globally unique and permanent identifier for a user's IMS subscription
• Stored securely in the HSS and the ISIM application on the UICC
• Used exclusively for authentication and registration, not for routing
• Formatted as a Network Access Identifier (NAI), e.g., [email protected]
• Anchors the user's IMS service profile and associated public identities (IMPUs)
• Enables authentication via shared secret key and challenge-response protocols

Evolution Across Releases

Defining Specifications