Restricted ProSe Application User ID

Description

The Restricted ProSe Application User ID (RPAUID) is a critical privacy-enhancing identifier defined within the 3GPP Proximity Services (ProSe) architecture. It serves as a temporary, application-layer alias for a user within the context of a specific ProSe-enabled application. The RPAUID is derived from, but not directly linkable to, the user's permanent subscription identifier (such as IMSI or SUPI) through cryptographic functions managed by the ProSe Function in the network. Its primary role is to facilitate discovery and communication between ProSe-enabled User Equipments (UEs) while obfuscating the user's true identity from other UEs and, in some scenarios, from the application servers.

Architecturally, the RPAUID is generated and managed by the ProSe Function, a core network entity specified for ProSe. When a UE registers for ProSe services, the ProSe Function, in coordination with the Home Subscriber Server (HSS), can assign or authorize the use of an RPAUID for a specific ProSe Application ID. This identifier is then used in ProSe discovery procedures (Model A or Model B) and direct communication setup. In discovery messages, the RPAUID is included to indicate which application on the discovering UE is seeking or announcing availability, allowing the receiving UE's application layer to match it against authorized or interesting applications without knowing the discoverer's global identity.

The RPAUID operates within a broader ProSe identifier framework that includes the ProSe Application Code and ProSe Restricted Code. It is 'restricted' because its scope and validity are limited—typically to a specific application, a certain geographical area, or a time window. This limitation is a key privacy mechanism, preventing long-term tracking of a user across different services or locations. The management of RPAUID lifecycle—including generation, assignment, refreshment, and revocation—is detailed in specifications like TS 23.303 (ProSe architecture) and TS 33.303 (ProSe security). Its use is essential for fulfilling regulatory privacy requirements while enabling innovative peer-to-peer and public safety services that rely on direct device discovery.

Purpose & Motivation

The RPAUID was introduced to solve the inherent privacy conflict in device-to-device discovery services. Early direct communication concepts risked exposing a user's permanent, unique identifier (like IMSI) during broadcast-based discovery processes, enabling unauthorized tracking and profiling. The primary motivation was to enable commercial and public safety ProSe applications—such as social networking, local service discovery, and direct communication for first responders—without compromising user privacy.

Before RPAUID, similar services might have relied on application-specific identifiers managed solely at the application layer, lacking integration with network-level authentication and authorization. This could lead to security vulnerabilities and inconsistent user experiences. The RPAUID provides a standardized, network-assisted method where privacy is built into the architecture. It allows the network operator's ProSe Function to act as a trusted third party, issuing temporary identifiers that are valid only within a controlled context. This addresses limitations of previous ad-hoc solutions by providing a secure, scalable, and privacy-by-design mechanism that is integral to the 3GPP standards, ensuring interoperability and compliance with global data protection regulations.

Key Features

• Privacy preservation by decoupling from permanent subscriber identifiers
• Application-specific scope, bound to a ProSe Application ID
• Network-generated and managed by the ProSe Function
• Used in both open and restricted ProSe discovery models
• Supports validity constraints based on time and location
• Enables secure discovery without revealing user identity to other UEs

Evolution Across Releases

Defining Specifications