IUI

International USIM Identifier

Identifier
Introduced in Rel-4
The IUI is a unique identifier for the USIM (Universal Subscriber Identity Module) in mobile networks, introduced in 3GPP Rel-4. It distinguishes individual USIM applications on UICC cards, enabling secure subscriber authentication and service management. Its persistence across releases underscores its role in identity and security frameworks.

Description

The International USIM Identifier (IUI) is a globally unique identifier assigned to a USIM (Universal Subscriber Identity Module) application residing on a UICC (Universal Integrated Circuit Card) in mobile devices. Defined in 3GPP specifications such as TS 21.905 and TS 22.975, the IUI serves to uniquely identify the USIM instance, which is critical for subscriber authentication, network access, and service provisioning in 3G and beyond networks. It operates within the security and identity management layers of the network architecture, interfacing with authentication centers and core network elements to verify subscriber credentials. The IUI is structured to ensure uniqueness across all USIMs worldwide, typically incorporating elements that reference the issuing authority or application provider, and it is stored securely on the UICC alongside other USIM data like the IMSI and authentication keys. In terms of how it works, the IUI is used during initial network attachment procedures, where the mobile device presents the USIM's identity to the network. The network, upon receiving the IUI, can correlate it with subscriber profiles in databases such as the HSS (Home Subscriber Server) to initiate authentication and key agreement processes. This identifier enables the network to distinguish between multiple USIM applications on a single UICC, supporting advanced features like multi-SIM capabilities or separate profiles for different services. Key components involved include the UICC hardware, the USIM application software, and network entities like the MME (Mobility Management Entity) in LTE or AMF (Access and Mobility Management Function) in 5G, which process the IUI for access control. The role of the IUI in the network extends beyond mere identification; it facilitates secure roaming by allowing visited networks to identify the home network of the USIM, supports lawful interception by providing a traceable identity, and aids in fraud prevention by ensuring that only authorized USIMs can access network services. Over successive 3GPP releases, the IUI has been maintained as a stable identifier, reflecting its foundational importance in the subscriber identity ecosystem, even as networks evolved from UMTS to LTE and 5G, where USIM-based security remains paramount.

Purpose & Motivation

The IUI was created to provide a standardized, unique identifier for USIM applications, addressing the need for precise identification in the context of evolving mobile security and multi-application UICCs. Introduced in 3GPP Rel-4, it emerged as 3G networks expanded and USIMs became more sophisticated, supporting not just basic authentication but also value-added services and applications. The motivation behind the IUI was to overcome limitations in earlier identity schemes that might not adequately distinguish between different USIM instances on a single card, which could lead to security vulnerabilities or service conflicts in advanced network scenarios. Historically, identifiers like the IMSI focused on the subscriber, but as UICCs began to host multiple applications (e.g., for banking or transport), a dedicated USIM identifier became necessary to manage application-specific security and network interactions. The IUI solves problems related to secure authentication, enabling networks to uniquely verify each USIM application, which is crucial for preventing cloning attacks and ensuring that only legitimate USIMs gain access. It also supports the growth of machine-to-machine (M2M) communications and IoT, where USIMs might be embedded in diverse devices, requiring robust identity management. By standardizing the IUI, 3GPP provided a consistent framework that enhanced interoperability across operators and equipment vendors, facilitating global roaming and the deployment of secure mobile services across generations.

Key Features

  • Globally unique identifier for USIM applications on UICC cards
  • Defined in 3GPP TS 21.905 and TS 22.975
  • Supports secure authentication and network access control
  • Enables distinction between multiple USIMs on a single UICC
  • Facilitates roaming and inter-operator identity management
  • Integrates with core network security entities like HSS

Evolution Across Releases

Rel-4 Initial

Introduced the IUI as a new identifier for USIM applications within the 3GPP framework. It provided a standardized way to uniquely identify USIM instances on UICCs, enhancing security and multi-application support in UMTS networks. The initial architecture included its use in authentication procedures and subscriber identity management.

TS 21.905TS 22.975

Defining Specifications

SpecificationTitle
TS 21.905 3GPP TS 21.905
TS 22.975 3GPP TS 22.975