RPAUID

Restricted ProSe Application User ID

Identifier →
Introduced in Rel-13 Also in: Core Network, Security

RPAUID is a privacy-preserving ProSe application identifier used for service authorization and discovery in direct device-to-device communication, which protects a user's permanent subscription identity.

Category
Identifier
Introduced
Rel-13
Where
Services
Also touches
2 segments
Specifications
11 specs
RPAUID Description Purpose Related Classification Detected Changes Specifications

Description

The Restricted ProSe Application User ID (RPAUID) is a critical privacy-enhancing identifier defined within the 3GPP Proximity Services (ProSe) architecture. It serves as a temporary, application-layer alias for a user within the context of a specific ProSe-enabled application. The RPAUID is derived from, but not directly linkable to, the user's permanent subscription identifier (such as IMSI or SUPI) through cryptographic functions managed by the ProSe Function in the network. Its primary role is to facilitate discovery and communication between ProSe-enabled User Equipments (UEs) while obfuscating the user's true identity from other UEs and, in some scenarios, from the application servers.

Architecturally, the RPAUID is generated and managed by the ProSe Function, a core network entity specified for ProSe. When a UE registers for ProSe services, the ProSe Function, in coordination with the Home Subscriber Server (HSS), can assign or authorize the use of an RPAUID for a specific ProSe Application ID. This identifier is then used in ProSe discovery procedures (Model A or Model B) and direct communication setup. In discovery messages, the RPAUID is included to indicate which application on the discovering UE is seeking or announcing availability, allowing the receiving UE's application layer to match it against authorized or interesting applications without knowing the discoverer's global identity.

The RPAUID operates within a broader ProSe identifier framework that includes the ProSe Application Code and ProSe Restricted Code. It is 'restricted' because its scope and validity are limited—typically to a specific application, a certain geographical area, or a time window. This limitation is a key privacy mechanism, preventing long-term tracking of a user across different services or locations. The management of RPAUID lifecycle—including generation, assignment, refreshment, and revocation—is detailed in specifications like TS 23.303 (ProSe architecture) and TS 33.303 (ProSe security). Its use is essential for fulfilling regulatory privacy requirements while enabling innovative peer-to-peer and public safety services that rely on direct device discovery.

Purpose & Motivation

The RPAUID was introduced to solve the inherent privacy conflict in device-to-device discovery services. Early direct communication concepts risked exposing a user's permanent, unique identifier (like IMSI) during broadcast-based discovery processes, enabling unauthorized tracking and profiling. The primary motivation was to enable commercial and public safety ProSe applications—such as social networking, local service discovery, and direct communication for first responders—without compromising user privacy.

Before RPAUID, similar services might have relied on application-specific identifiers managed solely at the application layer, lacking integration with network-level authentication and authorization. This could lead to security vulnerabilities and inconsistent user experiences. The RPAUID provides a standardized, network-assisted method where privacy is built into the architecture. It allows the network operator's ProSe Function to act as a trusted third party, issuing temporary identifiers that are valid only within a controlled context. This addresses limitations of previous ad-hoc solutions by providing a secure, scalable, and privacy-by-design mechanism that is integral to the 3GPP standards, ensuring interoperability and compliance with global data protection regulations.

Classification

Part ofProSe

Detected Changes Across Releases

from 3GPP Change Requests

Specific changes extracted from the „Change history“ tables of 3GPP specifications (395 CRs across 6 releases). Complements the general historical overview above with the evidence-based evolution of this function.

Studied in Rel-13, normative work from Rel-15.

Rel-15 17 changes

In Release 15, the RPAUID function was enhanced to support WLAN-based ProSe Direct Discovery, with specific updates to authorization and request procedures for both open and restricted discovery models. This included modifications to the Announce, Discoveree, Discoverer, and Monitor request procedures to accommodate the new WLAN direct discovery technologies as an alternative. Furthermore, updates were made to the ProSe Service Authorisation and Match report procedures to integrate these WLAN-based capabilities for restricted discovery.

  • Inclusion of WLAN direct discovery technologies as an alternative for ProSe Direct Discovery: WLAN technology agnostic part TS 23.303CR0324
  • Inclusion of WLAN direct discovery technologies as an alternative for ProSe Direct Discovery: NAN specific part TS 23.303CR0325
  • Add PPPR introduction to ProSe QoS descriptions TS 23.303CR0328
  • Updates to ProSe Service Authorisation for WLAN Direct Discovery TS 24.334CR0298
  • Updates to Announce request procedure for open WLAN based ProSe direct discovery TS 24.334CR0299
  • Updates to Announce request procedure for restricted WLAN based ProSe direct discovery model A TS 24.334CR0300

+ 11 more changes

Rel-16 1 change

In Release 16, the specification introduced the "Restricted ProSe Application User ID" (RPAUID) as a new identifier for use within the context of a specific application, distinct from the existing ProSe Application ID used for open ProSe Direct Discovery. This addition was part of broader refinements to ProSe direct discovery procedures, as indicated by a Change Request focused on correcting open ProSe direct discovery. The RPAUID functions as an application-layer identity for a user, operating alongside other defined identifiers like the Application Layer Group ID within the ProSe architecture.

  • Correct open ProSe direct discovery TS 29.343CR0031
Rel-17 100 changes

In Release 17, the RPAUID function was enhanced through the introduction of the **ProSe application traffic descriptor** and related security procedures for the **5G ProSe UE-to-network relay**. These updates included new security mode control and re-keying procedures, which introduced the **5GPRUK ID** and **GBA Push Info (GPI)** to strengthen security for relay-assisted communication over the PC5 interface.

  • ProSe remote user key procedure TS 24.554CR0007
  • 5G ProSe UE-to-network relay discovery security parameters request procedure for PC8 interface TS 24.554CR0012
  • ProSe application traffic descriptor introduction TS 24.554CR0041
  • Resolving the EN related to possible changes to the 5G ProSe direct link re-keying procedure due to the security requirements of UE-to-network relay TS 24.554CR0063
  • Resolving the EN related to possible changes to the 5G ProSe direct link security mode control procedure due to the security requirements of UE-to-network relay TS 24.554CR0065
  • Introducing the GBA Push Info (GPI) in the 5G ProSe direct link security mode control procedure TS 24.554CR0067

+ 94 more changes

Rel-18 148 changes

In Release 18, the RPAUID function was extended to support new 5G ProSe UE-to-UE Relay operations, including relay discovery, communication, and reselection. Specifically, the identifiers and authorization procedures for RPAUID were updated to accommodate Layer-3 UE-to-UE Relay communication for both IP and Non-IP traffic. These enhancements also integrated RPAUID within the UE-requested ProSe Function provisioning procedure to authorize and provision relay-specific capabilities.

  • 5G ProSe Communication via U2U Relay TS 23.304CR0125
  • 5G ProSe UE-to-UE Relay reference architecture TS 23.304CR0144
  • 5G ProSe UE-to-UE Relay reselection TS 23.304CR0148
  • 5.2.X 5G ProSe UE-to-UE Relay Discovery TS 23.304CR0155
  • 5G ProSe Layer-3 UE-to-UE Relay Communication for Non-IP Traffic TS 23.304CR0161
  • Introducing 5G ProSe ph2 function for KI#7 (Support of Emergency for UE-to-Network Relaying) TS 23.304CR0162

+ 142 more changes

Rel-19 128 changes

In Release 19, the RPAUID (Restricted ProSe Application User ID) function was enhanced to support ProSe operations within Standalone Non-Public Networks (SNPNs) and Non-Public Networks (NPNs), as indicated by the multiple CRs for SNPN/NPN support. The updates specifically included modifications to the restricted ProSe direct discovery Model A announce request procedure and other core ProSe procedures to function within these restricted network environments.

  • ProSe support for NPNs TS 23.304CR0436
  • Authorization and Provisioning for 5G ProSe multi-hop Relays TS 23.304CR0444
  • Enhancement of 5G ProSe Capability for multi-hop Relays TS 23.304CR0445
  • Functional Entities enhancements for 5G ProSe multi-hop Relays TS 23.304CR0448
  • Update on ProSe U2U Multihop Relay for non-IP PDU TS 23.304CR0450
  • Support ProSe U2N Multihop Relay TS 23.304CR0451

+ 122 more changes

Rel-20 1 change

In Release 20, the RPAUID (Restricted ProSe Application User ID) function was enhanced to support new 5G ProSe capabilities for MANET multicast and IP-based communication. Specifically, these enhancements enabled the function to operate within the new Layer-3 multi-hop UE-to-UE relay architecture for ProSe Direct Communication. This allowed the RPAUID to be used in more complex, multi-hop proximity service scenarios beyond direct UE-to-UE links.

  • 5G ProSe Enhancements to support MANET multicast for IP based 5G ProSe Layer-3 Multi-hop UE-to-UE Relay TS 23.304CR0565

Explore further

Broader topics and technologies where RPAUID plays a role.

Topics
Authentication (5G-AKA, EAP)IMS & Voice (VoLTE, VoNR)Encryption & IntegrityPrivacy (SUPI, SUCI)MEC (Edge Computing)Lawful Intercept

Defining Specifications

3GPP specifications that define or reference RPAUID, with the latest known release. Sourced from the 3GPP document catalog — see methodology.

SpecificationTitleRelease
TS 23.303 vj00 Proximity Services (ProSe) Stage 2 Rel-19
TS 23.304 vk00 5G Proximity Services (ProSe) Stage 2 Rel-20
TS 24.334 vj00 ProSe Protocols and Procedures Rel-19
TS 24.554 vj40 5G Proximity Services (ProSe) Protocols Rel-19
TS 29.343 vj00 PC2 Reference Point Stage 3 Specification Rel-19
TS 29.345 vj00 Diameter-based PC6/PC7 interfaces for ProSe Rel-19
TS 29.555 vj10 5G Direct Discovery Name Management Services Rel-19
TS 29.557 vj20 5G AF ProSe Service Stage 3 Protocol Rel-19
TS 29.559 vj40 5G PKMF Service Based Interface Stage 3 Rel-19
TS 33.303 vj00 ProSe Security Specification for EPS Rel-19
TS 33.503 vj20 Security for Proximity Services (ProSe) in 5G Rel-19