Description
The Malicious Communication Identity (MCID) service is a standardized security mechanism within 3GPP networks designed to combat malicious communications, including fraudulent calls, spam, and harassment. It operates as a supplementary service that can be invoked by a subscriber or network operator to identify the originator of a potentially malicious communication. The service involves specific procedures for activation, deactivation, and interrogation, typically managed through the core network's Call Session Control Function (CSCF) in IMS-based networks or equivalent entities in circuit-switched domains. When activated, the network can trace and log identity information, such as calling line identity, for further analysis or legal action.
Architecturally, MCID integrates with various network functions, including the Home Subscriber Server (HSS) for subscriber data and the Policy and Charging Rules Function (PCRF) for policy enforcement. The service relies on signaling protocols like SIP (Session Initiation Protocol) in IMS or ISUP (ISDN User Part) in legacy systems to exchange identity-related information. Key components include the service logic within network nodes, identity verification mechanisms, and interfaces to law enforcement or fraud management systems. The MCID service ensures that identity data is handled securely, adhering to privacy regulations while enabling effective threat mitigation.
In operation, MCID can be triggered automatically based on network policies (e.g., detecting patterns of malicious activity) or manually by a subscriber reporting an incident. Upon invocation, the network captures detailed identity parameters, such as the calling party number, IP address, or IMSI (International Mobile Subscriber Identity), and may store this in a secure database. The service supports both real-time intervention, like blocking a call, and post-event analysis for forensic purposes. Its role extends beyond individual protection to broader network security, helping operators maintain trust and comply with regulatory requirements against communication-based crimes.
Purpose & Motivation
MCID was introduced to address growing concerns over malicious communications in telecommunications networks, including fraud, spam, and harassment, which undermine user trust and network reliability. Prior to its standardization, operators lacked a unified, interoperable method to identify and handle such threats, leading to fragmented solutions that were inefficient and prone to evasion. The service provides a standardized framework for identity verification, enabling consistent enforcement across different network types and regions.
Historically, as mobile networks evolved from 2G to 3G and beyond, the complexity and volume of communications increased, making malicious activities more prevalent and sophisticated. MCID was motivated by the need for a proactive security measure that could integrate with evolving network architectures, such as IMS (IP Multimedia Subsystem), while addressing legal and regulatory mandates for subscriber protection. It solves problems like anonymous fraud calls, where perpetrators hide their identity, by mandating traceability and reporting capabilities.
The creation of MCID also reflects 3GPP's focus on enhancing service security alongside functional advancements. By standardizing identity handling, it allows operators to collaborate on threat intelligence and reduces the cost and effort of implementing custom security solutions. This has become increasingly important with the rise of VoIP and multimedia services, where traditional identity mechanisms are less effective.
Classification
Detected Changes Across Releases
from 3GPP Change RequestsSpecific changes extracted from the „Change history“ tables of 3GPP specifications (30 CRs across 3 releases). Complements the general historical overview above with the evidence-based evolution of this function.
Studied in Rel-7, normative work from Rel-15.
In Release 15, the Malicious Communication Identification (MCID) supplementary service was formally introduced for the IMS Multimedia Telephony service. This service enables a user to request the network to identify and log a malicious communication, such as a spoofed call intended to defraud or illegally obscure the real caller identity. The service operates within the IP Multimedia (IM) Core Network subsystem and applies to all media components of a telephony communication.
- IMS multimedia telephony communication service and supplementary services TS 24.173CR0122
- Communication HOLD (HOLD) using IP Multimedia (IM) Core Network (CN) subsystem TS 24.610CR0043
- Anonymous Communication Rejection (ACR) and Communication Barring (CB) using IP Multimedia (IM) Core Network (CN) subsystem TS 24.611CR0051
- Communication Waiting (CW) using IP Multimedia (IM) Core Network (CN) subsystem TS 24.615CR0073
- Malicious Communication Identification (MCID) using IP Multimedia (IM) Core Network (CN) subsystem TS 24.616CR0026
- Completion of Communications to Busy Subscriber (CCBS) and Completion of Communications by No Reply (CCNR) using IP Multimedia (IM) Core Network (CN) subsystem TS 24.642CR0088
+ 1 more changes
In Release 16, the MCID function was enhanced to interact with new "Multi-Device" and "Multi-Identity" services. This included defining how a user can indicate which of their allowed identities to use for an outgoing communication and how the network indicates the intended identity for an incoming communication. The updates also addressed identity management by allowing identities to be added and deleted asymmetrically between users.
- Multi-Device and Multi-Identity services TS 24.173CR0137
- Adding interactions with "Multi-Device" and "Multi-Identity" services TS 24.196CR0002
- Adding interactions with "Multi-Device" and "Multi-Identity" services TS 24.604CR0188
- Adding interactions with "Multi-Device" and "Multi-Identity" services TS 24.605CR0028
- Adding interactions with "Multi-Device" and "Multi-Identity" services TS 24.606CR0026
- Adding interactions with "Multi-Device" and "Multi-Identity" services TS 24.607CR0058
+ 14 more changes
In Release 17, the enhancements for the Malicious Communication Identity (MCID) function specifically improved the handling of Identity header errors in SIP signaling. This was achieved by introducing support for a Reason header to provide more detailed error information during these procedures. The update aligned capabilities and referenced the relevant IETF draft for standardized error handling in authenticated identity management.
Explore further
Broader topics and technologies where MCID plays a role.
Defining Specifications
3GPP specifications that define or reference MCID, with the latest known release. Sourced from the 3GPP document catalog — see methodology.
| Specification | Title | Release |
|---|---|---|
| TS 22.173 vk00 | IMS Multimedia Telephony Service Definition | Rel-20 |
| TS 22.273 v1700 | IMS Multimedia Telephony with PSTN/ISDN Simulation | Rel-7 |
| TS 22.401 v1800 | Videotelephony Service Requirements for NGN | Rel-8 |
| TS 22.495 v1700 | NGN Requirements for IMS Services | Rel-7 |
| TS 24.173 vj00 | Multimedia Telephony Service and Supplementary Services in IMS | Rel-19 |
| TS 24.196 vj00 | Enhanced Calling Name (eCNAM) Stage 3 Protocol | Rel-19 |
| TS 24.404 v1700 | Communication Diversion Services (CDIV) | Rel-7 |
| TS 24.405 v1700 | Conference Service Protocol Description | Rel-7 |
| TS 24.406 v810 | Message Waiting Indication (MWI) Protocol | Rel-8 |
| TS 24.407 v830 | OIP and OIR Simulation Services Protocol | Rel-8 |
| TS 24.408 v1700 | TIP/TIR Services Protocol Specification | Rel-7 |
| TS 24.410 v810 | Protocol Description of HOLD Services | Rel-8 |
| TS 24.411 v1830 | ACR and CB Service Protocol Specification | Rel-8 |
| TS 24.416 v1700 | Malicious Call Identification Service | Rel-7 |
| TS 24.429 v1700 | Explicit Communication Transfer (ECT) Service Specification | Rel-7 |
| TS 24.447 v800 | Advice Of Charge (AOC) Service Protocol | Rel-8 |
| TS 24.454 v840 | Closed User Group (CUG) Protocol Specification | Rel-8 |
| TS 24.504 v8m0 | Communication Diversion Services Stage 3 | Rel-8 |
| TS 24.505 v810 | Protocol Description of the Conference Service | Rel-8 |
| TS 24.508 v820 | TIP and TIR Service Protocol Description | Rel-8 |
| TS 24.516 v830 | MCID Protocol Specification for NGN | Rel-8 |
| TS 24.529 v820 | Explicit Communication Transfer (ECT) Simulation Service | Rel-8 |
| TS 24.604 vj00 | Communications Diversion (CDIV) Protocol Spec | Rel-19 |
| TS 24.605 vj00 | 3GPP CONF Service Protocol Specification | Rel-19 |
| TS 24.606 vj00 | MWI Service Protocol Description | Rel-19 |
| TS 24.607 vj10 | OIP and OIR Supplementary Services Stage 3 | Rel-19 |
| TS 24.608 vj00 | 3GPP TS 24608: TIP/TIR Services Protocol | Rel-19 |
| TS 24.610 vj00 | Communication Hold (HOLD) Service Protocol | Rel-19 |
| TS 24.611 vj00 | Anonymous Communication Rejection & Barring | Rel-19 |
| TS 24.615 vj00 | Communication Waiting (CW) Service Protocol | Rel-19 |
| TS 24.616 vj00 | Malicious Call Identification (MCID) Protocol | Rel-19 |
| TS 24.629 vj00 | Explicit Communication Transfer (ECT) Protocol | Rel-19 |
| TS 24.642 vj00 | CCBS/CCNR/CCNL SIP Protocol Specification | Rel-19 |
| TS 24.647 vj00 | Advice of Charge (AOC) service protocol | Rel-19 |
| TS 24.654 vj00 | Closed User Group (CUG) supplementary service | Rel-19 |
| TS 29.163 vj00 | Interworking between 3GPP IM CN and CS networks | Rel-19 |
| TS 29.165 vj10 | Inter-IMS Network to Network Interface (NNI) | Rel-19 |
| TS 29.364 vj10 | IMS AS Service Data Descriptions | Rel-19 |
| TS 29.864 v801 | Application Server Service Data Definition for IMS Telephony | Rel-8 |
| TS 32.275 vj00 | MMTel Charging Specification | Rel-19 |
| TS 32.850 ve00 | IMS Charging Correlation Methods Study | Rel-14 |
| TS 33.838 vb00 | Study on Protection against Unsolicited Communication for IMS | Rel-11 |