An LCS client or AF may or may not be authorised to retrieve the UE location, e.g. for commercial use. UE LCS privacy is a feature which allows a UE and/or AF to control which LCS clients and AFs are and are not allowed access to UE location information. UE LCS privacy can be supported via subscription and via UE LCS privacy profile handling.
With subscription, privacy preferences for a UE are stored in a UE LCS privacy profile as part of UE subscription data in the UDM and queried from the UDM by another NF such as GMLC or NEF. The UDM may also store the UE privacy profile in the UDR. In this release of the specification, subscription of privacy preferences is restricted to the Call/Session unrelated Class as defined in the clause 126.96.36.199.3
and the PLMN Operator Class as defined in the clause 188.8.131.52.4
With UE LCS privacy profile handling, the UE and/or AF can provide and update part of the UE privacy profile and provide it to the network as an update to the UDR. In this release of the specification, UE LCS privacy profile handling is restricted to the Location Privacy Indication as defined in the clause 184.108.40.206
The UE LCS privacy profile is used to indicate whether LCS requests from LCS clients and AFs are allowed or disallowed, together with the POI as defined in clause 5.4.4
In clause 5.4
, even if the UE LCS privacy detail is only described for LCS client, the same detail is also applicable for AF, if no exception statement.
220.127.116.11 Privacy Classes Word-p. 27
The UE LCS privacy profile shall include information related to classes of LCS client, referred to as "privacy classes", which are permitted, or conditionally permitted, to obtain location information for the UE. Privacy classes are defined in clause 9.5.3 of TS 23.271
, but not all classes defined in TS 23.271
are supported in this specification. Privacy classes are supported as described below. The differences between the Privacy classes for 5GS and those for EPS are described in Annex A.
The UE LCS privacy profile also includes the Location Privacy Indication, as defined in clause 18.104.22.168
, which can be provided and updated by the UE and/or AFs.
22.214.171.124.1 Universal Class
126.96.36.199 Location Privacy Indication (LPI) Word-p. 28
188.8.131.52.2 Call/Session related Class
The universal class defined in clause 184.108.40.206 of TS 23.271
is not supported in this specification.
220.127.116.11.3 Call/Session unrelated Class
The call/session related class defined in clause 18.104.22.168 of TS 23.271
is not supported in this specification.
The call/session unrelated class defined in clause 22.214.171.124 of TS 23.271
is supported for a 5GC-MT-LR. The subscription options for the Call/Session unrelated Class may be assigned to an identified value added LCS Client, AF, value added LCS Client group or service type as described in clause 7.1
and comprise one of the following alternatives:
The subscription options for the Call/Session unrelated Class may further indicate additional information for each identified value added LCS client, for each identified service type and for the unidentified value added LCS clients as follows:
A valid time period for positioning;
A valid geographic area for positioning.
The UE LCS privacy profile may also indicate that any unidentified value added LCS client or an LCS Client associated with an identified service type shall provide a codeword in order to locate the UE, where the codeword is verified by either a GMLC or the UE. When verification by a GMLC is indicated, a list of one or more codewords is included as part of the UE LCS privacy profile.
126.96.36.199.4 PLMN Operator Class
The PLMN operator class defined in clause 188.8.131.52 of TS 23.271
The Location Privacy Indication is not defined in TS 23.271
. The Location Privacy Indication defines whether LCS requests for UE from any LCS clients are allowed or disallowed.
The LPI at least includes one of the following global settings (for all LCS clients and AFs):
Location for UE is disallowed (location for UE not allowed to any LCS client except where POI applies).
Location for UE is allowed (default setting, and LCS requests for UE from LCS clients are authorized based on their associated privacy classes as defined in clause 184.108.40.206).
Additional LPI values may be supported for additional differentiation of location request types.
The LPI also allows the following optional settings:
Valid time period for LPI, including start time and end time.
The LPI takes precedence on the subscribed privacy classes as defined in clause 220.127.116.11
. The LPI allows a UE to override the location preference of the subscribed privacy classes. The usage of LPI is described in clause 6.1.2
A generation or change to the LPI in UE LCS privacy profile is determined by the UE and provided to the network using N1 NAS message. It may be updated by UE any time.
An authorized AF is allowed to provision the LPI in UE LCS privacy profile for specific UE(s) via NEF.
The AF allowed to provision the UE LCS privacy profile is different from the AF sending location requests.
The LPI in UE LCS privacy profile may be provided or updated by the target UE during the 5GC-MT-LR and Deferred 5GC-MT-LR Procedure for Periodic, Triggered and UE Available Location Events. The updated profile is stored into the UDR by the UDM after the interaction with the AMF. The LPI in UE LCS privacy profile shall include an indication if location is allowed or disallowed and may include a valid time period for LPI as described in clause 18.104.22.168
In addition, a notification is sent by the UDM in order to notify the subscribed consumer i.e. GMLC and NEF about the change of UE LCS privacy profile:
Target UE identity (one or both of GPSI and SUPI);
Updated UE LCS privacy profile.
The POI is used to determine whether the UE LCS privacy profile of the subscriber to be positioned shall be overridden by the request for location services. The POI is applicable only to regulatory services. The assignment of a POI value with an "override" or "not override" value in the LCS client profile (see clause 7.2.1
) is done during the LCS client provisioning (out of scope of this specification). The type of LCS client requesting location information (i.e. emergency, law-enforcement etc.) shall determine the value of the POI assigned to the LCS client profile.
UDM provides the UE LCS privacy profile to NEF and GMLC, if the information is available.
For a 5GC_MT_LR request for immediate location, the GMLC in the HPLMN, or the HGMLC when the UE is roaming, determines whether the LCS client or NF is authorized to retrieve UE location, based on the UE privacy profile.
The UE LCS privacy profiles are not sent to the VGMLC.
Authorization is determined by first verifying whether the location request is allowed according to the Location Privacy Indication (LPI) defined in clause 22.214.171.124
. If the location request is not allowed, an error response is returned to the LCS client, AF, or NF. If the location request is allowed according to the LPI, authorization is next verified according to the Call/Session unrelated Class for an LCS Client or AF or according to the PLMN Operator Class for an NF.
For the Call/Session unrelated Class client types where POI does not apply, the HGMLC determines one of the following indications to be included in the location request forwarded to the serving AMF, or VGMLC in the case of roaming:
Location allowed without notification;
Location allowed with notification;
Location with notification and privacy verification; location allowed if no response;
Location with notification and privacy verification; location restricted if no response.
For PLMN Operator Class client types that are permitted to receive UE location information or where POI applies, a "location allowed without notification" is included.
For a Call/Session unrelated Class client type, which a geographic area restriction was included in the UE LCS privacy profile, the (H)GMLC performs an initial location by including a "location allowed without notification" indication in the location request sent to the VGMLC or AMF. The (H)GMLC then determines, based on the obtained location, whether location of the UE is allowed. If location of the UE is allowed subject to notification or verification, the (H)GMLC initiates a second location request to the VGMLC or serving AMF for the purpose of notification and/or verification only and includes one of the following indications in the second location request forwarded to the serving AMF, or VGMLC in the case of roaming:
Notification and privacy verification only
When "Notification and privacy verification only" is included, the serving AMF shall report the result of privacy verification back to the (H)GMLC (i.e. location allowed, location not allowed or timeout on a response) and the (H)GMLC shall determine whether or not to return the location received for the first request back to the LCS client based or AF on this result.
For a direct NEF query to a serving AMF, or for an NEF query via the UDM, if GMLC is not involved, the NEF determines whether the AF is authorized to retrieve UE location, based on the UE LCS privacy profile.
Notification and verification are not supported for a direct NEF query to a serving AMF, or for an NEF query via the UDM. Consequently, when notification or verification are required, or may be required based on a geographic area restriction, an NEF shall forward a location request to a GMLC or return an error indication to the requesting AF.
Support of UE LCS privacy for a deferred UE location is the same as that described in clause 5.4.5
for an immediate UE location with the differences and qualifications described in this clause.
An (H)GMLC or NEF shall subscribe to notification of a change in the UE LCS privacy profile from the UDM at the start of a deferred 5GC-MT-LR procedure and shall verify UE privacy both at the start of the deferred 5GC-MT-LR procedure and for each location result returned to an LCS client or AF based on the most recent UE LCS privacy profile received from the UDM.
If the UE LCS privacy profile indicates notification or verification of a location request is required for a particular value added LCS client, the (H)GMLC indicates this in the initial location request sent to the serving AMF and the serving AMF notifies the UE or verifies the location request with the UE, as for an immediate location request, when the UE first becomes reachable. The serving AMF also indicates the type of deferred location request in the NAS Location Notification Invoke Request sent to the UE. However, the location notification or verification is not repeated for each UE location in the case of a periodic or triggered 5GC-MT-LR.
For a value added LCS client, AF, value added LCS client group or LCS service type, for which a geographic area restriction was included, the (H)GMLC includes any request for notification or verification of the location request in the initial location request sent to the serving AMF. The (H)GMLC then determines whether a location result can be returned to the LCS client or AF based on whether the location result is or is not restricted by the geographic area restriction. If the location result is allowed by the geographic area restriction, the (H)GMLC does not perform a second location request to the serving AMF for the purpose of notification and/or verification only. If the location result is not allowed by the geographic area restriction, the (H)GMLC discards the location result without notifying the LCS client or AF.