What it does

Originating Identification Restriction (OIR) service enables the originating user to prevent presentation of its identity to the terminating user. This allows the network to insert a privacy header field into the originating user’s SIP messages.

The declarative configuration for the OIR applies calling party identity restriction rules network wide for all OIR subscribed parties. Whether the OIR service is active and if it may diverge from this network default is determined by how the subscribers involved are provisioned in the MMTel Services document. The OIR service depends on the originating user’s provisioned settings for OIR.

Interactions with other services

Originating Identity Presentation (OIP)

OIP is directly impacted by the configuration and subscriber provisioning for the OIR service. The OIP service uses the privacy header adjustments made by the OIR service to remove data accordingly.

Setting identity restrictions

The OIR service adjusts the privacy header of the originating party’s outgoing requests. The privacy header designates to the OIP service what should be removed from the request before it reaches the terminating user. The OIP service configuration determines how the privacy header is interpreted and used to remove identifying information.

The provisioned OIR settings for the originating user stored in the HSS MMTel Service document take precedence where relevant. Otherwise, the default network configuration given in the declarative configuration of the Rhino VoLTE TAS is used for all OIR subscribers.

The provided table OIR configurability describes how the user’s provisioned settings and the network wide configuration interact with each other.

Table 1. Configurability of the OIR service
Configurable option Network configurable options Subscriber configurable options

When identity restriction occurs for an OIR subscriber

Specific details of when identity restriction occurs are given in 3GPP 24.607 Section 4.5.2.4

Mode

  • Permanent mode

    OIR processes all outgoing requests

  • Temporary mode

    OIP processes only outgoing requests that include a Privacy header

N/A

Temporary Mode Default Action

N/A

For when temporary mode is active:

  • Presentation Restricted

    Enact restriction unless the Privacy header contains 'none'

  • Presentation Not Restricted

    Enact restriction if and only if the outgoing request’s Privacy header contains 'id' or 'header'

What is restricted by OIR on a subscriber’s outgoing requests

Presentation Restriction

  • Restrict ONLY-IDENTITY

    • OIR adds 'id' to the Privacy header

      • Therefore, OIP to anonymize the network associated id

  • Restrict ALL-PRIVATE-INFORMATION

    • OIR adds 'header' to Privacy header

      • Therefore, OIP to anonymize possible identifying fields

  • Restrict ONLY-IDENTITY

    • OIR adds 'id' to the Privacy header

      • Therefore, OIP set to anonymize the network associated id

  • Restrict ALL-PRIVATE-INFORMATION

    • OIR adds 'header' to Privacy header

      • Therefore, OIP set to anonymize possible identifying fields

User Policy

  • NONE

  • ANONYMIZE_FROM

    • OIR anonymizes the From field on the outgoing request

  • ADD_USER_PRIVACY

    • OIR adds 'user' to the Privacy header

      • Therefore, OIP to anonymize user configurable fields

    • OIR anonymizes the From field on the outgoing request

N/A

Configuration

The example for sentinel-volte-gsm-config.yaml and example for sentinel-volte-cdma-config.yaml show example configuration relevant to OIR in the sentinel-volte/mmtel/privacy/originating-identification-restriction section.

What you need

  • ❏ Whether to set the default presentation restriction for an OIR subscriber to:

    • restrict all private information (Privacy:header), or

    • only restrict the identity (Privacy:id) of the originating party.

  • ❏ Whether to set the default OIR subscriber’s OIR user policy to:

    • anonymize the from header in the originating party’s requests,

    • restrict all user data in a request (Privacy:user) and anonymize the from in the originating party’s requests, or

    • to specify no default user policy.

You will also need to configure the OIP service as well to enforce these identity restrictions to the terminating user.

Setting up subscriber data

There are subscriber provisioned restriction rules configured in the HSS inside the MMTel-Services XML document for the subscriber.

The presentation-restriction-type subscriber defined restriction rule directly overrides the network’s default configuration.

Setting up service codes

The Rhino VoLTE TAS standard deployment includes service code actions for subscribers to activate OIR.

Table 2. Supplied service code actions
Display name Action

Set Dialled Caller ID Restriction Type

Used to override the OIR service’s PRESENTATION_RESTRICTION for a subscriber.

There are 3 valid values:

* OIR_AS_CONFIGURED — use OIR as configured by the network configuration and the subscriber provisioned configuration.

* OIR_CALLER_ID_BLOCK — override configured OIR to restrict identity.

* OIR_CALLER_ID_UNBLOCK — override configured OIR to not restrict identity.

For more information, see Vertical service codes.

Setting up OIR

I want to…​

Restrict only network defined user identity information for OIR subscribers
Note If a subscriber has provisioned the presentation-restriction-type in the MMTel Services Document, their setting will override this configuration.

In the privacy, originating-identification-restriction section, set presentation-restriction-type to ONLY_IDENTITY:

                presentation-restriction-type: ONLY_IDENTITY
Restrict all network defined private user information for OIR subscribers
Note If a subscriber has provisioned the presentation-restriction-type in the MMTel Services Document, their setting will override this configuration.

In the privacy, originating-identification-restriction section, set presentation-restriction-type to ALL_PRIVATE_INFORMATION:

                presentation-restriction-type: ALL_PRIVATE_INFORMATION
Anonymize the from for OIR subscribers by default

In the privacy, originating-identification-restriction section, set user-policy to ANONYMIZE_FROM:

                user-policy: ANONYMIZE_FROM
Remove all user configurable identifying information for OIR subscribers
Note This includes anonymizing the from header for OIR subscribers.

In the privacy, originating-identification-restriction section, set user-policy to ADD_USER_PRIVACY:

                user-policy: ADD_USER_PRIVACY
Previous page Next page
Rhino VoLTE TAS Version 4.2