WPCI 2%.B pz W"S^11>bbu"::Dg1:11bbbbbbbbbb11gggbuuuk1Xubuukuuuk111Rb:bbXbb1bb''X'bbbb:X1bXXXX;.;g:=::m:::mmmmm::::::mm:k1mubububububXubububub11111111bbbbbbbbbuXubbkbuXmmmmumububXXXXbububububbmbbbbbb:k:k::=kmmX:uXb'b:b:b:b'bmbbbb:::uXuXuXuXk:k:k:mbbbmbuXkXkXKQmmmm^b:kbbbbmbA@mmbmmbmmmmmmm:b:mmmbbmmmmmmmmmmmmXXmmmmmmmmmmmmmmmmmmcm`m`mm`m:mmmmmm}}}mjjmmmmmmmmmmmmmmm0mm}mmmmmmmmmmmmmmmmmmmmmmm}Mmmmmmmmmmmmmjmmmtmmmmmmmmm`'mmm`mmjmlWmmmmmmmmmmmmmmmmmmmW`mmmmjmM-lveticaHelveticaCourierCourier Bold4PkCQMS PS Jet Plus /800 II QPJPII.PRSPl`D4PkCg2W_qr#|xHelveticaCourier@ ,`H1`D4PkCmQrrr r  @C2 KG@ ,`H1`D4PkCmQrrr r  @CmQrrrr  `C ` X` hp x (#%'H   x|@  3'3'Standard@8'@8'StandardC6QMS $=R- lt2)  ` ` < < <  <AP IX50E < lltx  ` ` < < <  <AP IX50E < l:(3191) :a(3191)    Recommendation X.32 < INTERFACE BETWEEN DATA TERMINAL EQUIPMENT (DTE) <AND DATA CIRCUITTERMINATING EQUIPMENT (DCE) FOR < TERMINALS OPERATING IN THE PACKET MODE AND < ACCESSING A PACKET SWITCHED PUBLIC DATA NETWORK < THROUGH A PUBLIC SWITCHED TELEPHONE NETWORK < OR AN INTEGRATED SERVICES DIGITAL NETWORK < OR A CIRCUIT SWITCHED PUBLIC DATA NETWORK Preface  ` H HThe establishment in various countries of packet switched public data networks (PSPDN) providing data services creates the need to produce Recommendations to facilitate access to the PSPDN through a public switched telephone network (PSTN) or an integrated services digital network (ISDN) or a circuit switched public data network (CSPDN). HThe CCITT, considering: H(a)  that Recommendation X.1 specifies the user classes of service for DTEs operating in the packet mode, that RecommendationX.2 defines user facilities provided by public data networks, that RecommendationX.10 defines categories of access, that RecommendationsX.21 and X.21 bis define DTE/DCE physical level interface characteristics, that RecommendationX.25 defines the interface between the DTE and the DCE for terminals operating in the packet mode and connected to public data networks by dedicated lines, that RecommendationX.31 defines the support of packet mode terminal equipment by an ISDN, that RecommendationX.121 defines the international numbering plan for public data networks (PDNs), that RecommendationX.300 defines the principles and arrangements for interworking between PDNs and other public networks; H(b)  that the VSeries Recommendations define modem and interface characteristics for use of data services on the PSTN; H(c)  that Recommendation T.70 defines the procedures and interfaces to be used by telematic terminals, that RecommendationT.71 defines the extension of Link Access Procedure Balanced (LAPB) procedure to be used in halfduplex transmission facilities (LAPX); H(d)  that a need has been identified to access a PSPDN through a PSTN, or an ISDN, or CSPDN, because a dedicated circuit to the PSPDN is not  H justified, or because global service availability is required with backup network access via public switched networks; however permanent virtual circuits are not available in the types of access covered in this Recommendation; H(e)  that some Administrations have considered the provision of Telematic services in different types of networks, e.g. PSPDN, PSTN, ISDN and CSPDN;  % H(f)  that, when this Recommendation is used to provide the Network Service defined in RecommendationX.213, the physical, link and packet layers correspond to the Physical, Data link and Network layers respectively, as defined in RecommendationX.200, (unanimously) recommends Hthat the functional and procedural aspects of packet mode DTEs accessing a PSPDN through a PSTN or an ISDN circuit switched bearer service, or CSPDN, are as specified in this Recommendation. Note A packet mode terminal (TE 1 or TE 2) conforming to the ISeries Recommendations may access a PSPDN through an ISDN circuit switched bearer service. In this case the functional and procedural aspects related to layer 2 and layer 3 in the Bchannel are as specified in this Recommendation.  "  $CONTENTS 1HScope 2HFunctional aspects H2.1  Dialin and dialout considerations H2.2  Identification H2.3  Service aspects H2.4  DTE identification methods H2.5  DCE identification methods H2.6  DialinbytheDTE and dialoutbythePSPDN operation H2.7  DTE service requirement H2.8  Duplex and halfduplex operation H2.9  Identification protocol H2.10  Negotiation of values 3HDTE service descriptions H3.1  DTE service attributes H3.2  Summary of DTE services H3.3  Nonidentified DTE service H3.4  Identified DTE service H3.5  Customized DTE service 4HInterface characteristics (physical layer) H4.1  X.21 interface H4.2  X.21 bis interface H4.3  VSeries interface 5HLink access procedure across the DTE/DCE interface H5.1  Introduction H5.2  Link layer address assignment H5.3  Use of XID frames H5.4  Link setup and disconnection H5.5  Multilink H5.6  Halfduplex operation 6HPacket layer H6.1  Scope and field of application H6.2  Use of registration packets for identification of DTE and/or DCE and for conveyance of X.32 optional user facilities% H6.3  Identification and authentication of the DTE using the NUI selection facility in call setup packets%  # 7HX.32 procedures, formats, and facilities H7.1  Identification protocol H7.2  Procedures for X.32 optional user facilities H7.3  Coding of the identification protocol elements and X.32 facilities% H7.4  Security grade 2 method% H7.5  DCE timer T14 H7.6  DCE timer T15 Annex A   Actions taken by the DCE in the roles of questioning and challenged parties for security grade1 and security grade2 identifications% Annex B   Abbreviations% HHX HAppendix I  Implementation of LAPX% HHX HAppendix II RSA public key algorithm% HHX HAppendix III Relationship of T14 to the different methods of DTE identification%   1HScope HThis Recommendation defines the functional and procedural aspects of the DTE/DCE interface for packet mode user classes of service DTEs as defined in RecommendationsX.1 and X.10, for DTEs that access a PSPDN via public switched networks. In this Recommendation, a public switched network (PSN) is either a public switched telephone network (PSTN) or an integrated services digital network (ISDN) providing circuit switched bearer service or a circuit switched public data network (CSPDN). Note The ISDN interface specification for transparent circuit connection is described in RecommendationX.31. In this Recommendation only the DTE functionalities for the access to a PSPDN service through an ISDN are considered. HIn the PSTN case, the X.32 DTE/DCE interface coincides with the interface between the DTE and the modem. In the ISDN case, the X.32 interface coincides with the R reference point (see Figure1/X.32). In the CSPDN case, the X.32 DTE/DCE interface coincides with the X.21 or X.21 bis interface. This definition applies whether or not the administration provides the DCE and regardless of how the interface is physically realized (e.g., whether or not the DTE and DCE are contained within the same enclosure). In either case the PSN is involved only: HHa)X  in the establishment of the switched access path;%  `  HHb)X  to provide a transmission medium; andx HHc)X  optionally, to provide a PSN number for purposes of identification and addressing.x  ` H HAdministrations may offer one or more of the following physical layer interfaces:  H HH1)X  for access by way of a CSPDN, either RecommendationX.21 or RecommendationX.21bis will be used, as described in 4.1 or 4.2, respectively; 8"  `   `  HH2)X  for access by way of a PSTN, appropriate VSeries Recommendations will be used as described in 4.3;%  `   `  HH3)X  for access by way of an ISDN, refer to Recommendation X.31.!  `   `  HThe exact use of the relevant points in these Recommendations is given in 4. HThe transmission facility is duplex or, optionally, halfduplex. Specific procedures are defined in 5.6 of this Recommendation for operation over a halfduplex transmission facility. HAt the link layer, the LAPB link access procedure of RecommendationX.25 is used over a single switched physical circuit. The LAPB formats and procedures shall be in accordance with 2.2, 2.3 and 2.4 of RecommendationX.25, with additions as noted in 5 of this Recommendation. HThe formats and the procedures at the packet layer shall be in accordance with 3, 4, 5, 6 and 7 of RecommendationX.25 with the additions noted in 6 of this Recommendation.  ) !FIGURE 1/X.32 '  ISDN reference point ă Note The DTE and TA functionalities may be implemented in the same piece of equipment in the case of a TE1 terminal. In this case this Recommendation covers layers 2 and 3 operation in the Bchannel while the S reference point procedures are described in RecommendationX.31. 2HFunctional aspects 2.1HDialin and dialout considerations HDialin operation allows a packetmode DTE to access a PSPDN by means of selection procedures on a PSTN or CSPDN or ISDN (see Figure2/X.32). This operation is termed "dialinbytheDTE" within this Recommendation. !FIGURE 2/X.32 '  DialinbytheDTE operation ă Note In the ISDN case, the ISDN is accessed via TA functions that may be implemented in separate equipment (DTE and TA case) or in the same piece of equipment (TE 1) case as the DTE functions. HFor performing this operation, the DTE may use an automatic or manual calling procedure. HDialout operation allows a PSPDN to access a packetmode DTE by means of selection procedures on a PSTN or CSPDN or ISDN (see Figure3/X.32). This operation is termed "dialoutbythePSPDN" within this Recommendation. !FIGURE 3/X.32 '  DialoutbythePSPDN operation ă N* Note In the ISDN case, the ISDN is accessed via TA functions that may be implemented in separate equipment (DTE and TA) or in the same piece of equipment (TE1 case) as the DTE functions. HFor dialoutbythePSPDN operation, the DTE should use the automatic answering procedure but may use manual answering. HVirtual call origination is independent of dialinbytheDTE and dial outbythePSPDN operations. That is, a DTE that has been involved in a dialin bytheDTE or dialoutbythePSPDN operation may then initiate or receive virtual calls, subject to the limitations in specific situations as described in 3. 2.2HIdentification 2.2.1HDTE identity HWhen a DTE accesses a PSPDN through a PSN (dialinbytheDTE) or when a DTE is accessed by a PSPDN through a PSN (dialoutbythePSPDN), there may be a requirement for identification of the DTE to the DCE. HThe DTE "identity" is a means of referring to the DTE. The DTE identity is either explicitly agreed to between the DTE and the Administration or is implicitly acceptable to the administration through agreements with other Administrations, organizations or authorities. It may be composed of different elements such as a number from a numbering plan, identification of the DTE service and authority, validity dates and period, public keys used for authentication, etc. HThe characteristics of the service which a DTE obtains via dialinby theDTE or dialoutbythePSPDN access depend upon whether the PSPDN considers the DTE identified for each particular switched access connection or virtual call. If the DTE is identified, then the PSPDN has a way to accrue charges to be paid on behalf of the DTE. That is, either the DTE or some other party is billable. HTwo components are required in order for a DTE to be considered identified: HHa) the DTE is administratively registered either:%H  `  HHX 1)Xthrough direct arrangement with the PSPDN (i.e. explicitly), orx  `  H 2)through prearrangement between the PSPDN and a PSN or another authority, and direct arrangement between the DTE and that authority (i.e. not explicitly),8"   HHb)X  the DTE identity is made known to the DCE during the switched access connection using one of the methods described in 2.4.(#  `   `  HA DTE may incur charges even if not identified because some Administrations collect charges via the PSTN, ISDN or CSPDN.  ^$   HIn any case, DTE identification is used for billing and accounting purposes. In addition to this basic function, DTE identification may optionally be used for one or both of the following purposes:  8 HHa) enabling the PSPDN to provide a calling DTE address to a called DTE, orƠ#H  8`   ` X HHb) enabling the DTE to obtain a different service than that offered to DTEs which do not establish an identity (see2.3).ƀ%H  X`  2.2.2HDCE identity  ` X HWhen a network supports dialoutbythePSPDN access to DTEs, there may be a requirement for identification of the network (i.e. DCE) to the DTE. In the case of dialinbytheDTE access, although the identity of the DCE may already be known by the DTE (as the DTE originated the switched access connection), there may also be a DTE requirement for identification of the network. The identification of the DCE to the DTE may be used for different purposes, such as:  X HHa)X  to enable the DTE to select the specific security related information (e.g. encrypted key, password, etc.) appropriate to that network for use in exchanges with the DCE;H!  `   `  HHb)X  to enable the DTE to select different parameters, procedures or profiles appropriate to that network;$  `   `  HHc)X  to enable a DTE to ascertain by which PSPDN the switched access has been established, thus enabling proper operation of the optional closed user group facility and of the conveyance of the appropriate calling DTE address provided by the PSPDN, if applicable.$  `   `  HFor each dialinbytheDTE or dialoutbythePSPDN access, the DCE may establish its identity by successfully completing one of the methods for DCE identification described in 2.5. The DCE identity is composed of the network's Data Network Identification Code (DNIC), and optionally, a DTE profile designator (see 3.1.11), except when the identity is provided by the PSN (see5.2.1.1); in the latter case the identity is a number of the PSN numbering plan. 2.3HService aspects HThe switched access service given to a particular DTE is dependent upon: Ha)  the PSPDN; Hb)  the use/nonuse of DTE identification, and Hc)  the DTE service available to and chosen by the DTE. HThree DTE service types are defined in this Recommendation (see2.3.2). One of the DTE service types (nonidentified) is independent of the specific DTE identity. One service type (identified) may or may not be independent of the specific DTE identity. The third type (customized) is related to the specific DTE identity in order to provide customization of some service aspects.  V' HThe types of DTE service are further distinguished by whether there is a number assigned by the network to be used to represent the DTE identity in the address fields of call setup packets. This number is called a "DTE address" and is defined in 3.1.3. 2.3.1HService attributes "Attributes" are defined to describe each aspect of switched access service. However, the values of the attributes do not necessarily include all capabilities offered to PSPDN users that access the PSPDN via a leased line. The attributes are: Ha)  DTE identity; Hb)  DTE identification method; Hc)  DTE address; Hd)  registered address; He)  registered PSN number; Hf)  X.25 subscription set; Hg)  logical channels assignment; Hh)  dialoutbythePSPDN availability; Hi)  dialout access type; Hj)  X.32 optional user facilities; Hk)  DCE identity presentation, and Hl)  link layer address assignment. HFor each DTE service, each attribute is either provided or not provided; if it is provided it is either:  X HH1)X  set to a default value specified by the network (Network Default) orƀ%  X`   `  HH2)X  set to a value selected by the user from a set of values provided by the network (User Selectable). (Note A network may define a default value for the attribute).%  `   `  HA DTE profile is the set of values of the Network Default and User Selectable attributes that have been selected for a particular DTE identity. Note The DTE profile need not be stored in the PSPDN.  H HSome networks may allow a subscriber to arrange for more than one DTE profile to meet different requirements for switched access service. Each DTE profile is independent. A "DTE profile designator" is used to differentiate the multiple profiles of the DTE.  (  2.3.2HDTE services HSome networks may offer service to unidentified DTEs, that is, to DTEs for which no identification is provided to the DCE. HSome networks may offer service to identified DTEs, that is, to DTEs for which an implicit or explicit DTE identity is provided to the DCE via one of the methods specified in 2.4. Different types of service are defined for use in different situations. The network may offer one or more of these services. HThe three types of service defined in this Recommendation are called DTE services. One is a service for unidentified DTEs. The other two are services for identified DTEs. The three DTE services are: HHa)  nonidentified,Ɛ$H  H`  Hb)  identified, and Hc)  customized. 2.3.2.1HService for unidentified DTEs  `  HThe service offered to unidentified DTEs is called nonidentified DTE service and is detailed in 3.3. This DTE service may be offered as part of dialinbytheDTE or dialoutbythePSPDN operation or both. HFor a dialoutbythePSPDN operation, the lifetime of a switched access path corresponds to the lifetime of the virtual call. That is, at the completion of the clearing procedures for the virtual call, the DCE initiates those procedures necessary to disconnect the switched access path. HFor a dialinbytheDTE operation, the switched access path shall not be disconnected for a period of time (T14) even in the absence of any virtual calls. This allows users a period of time to reestablish a virtual call. See7.5. HFor dialinbytheDTE operation, the PSPDN may limit the number of unsuccessful attempts to establish a virtual call. HWhen a DTE uses the nonidentified DTE service: Ha)  it is not required to use any optional procedures;   HHb)X  it is able to operate with different networks without having to subscribe to any of them (i.e. not administratively registered and/or assigned an identity with any PSPDN); and$  `   `  HHc)X  it should not be permitted to make paid calls or receive reverse charged calls (i.e. the local charging prevention facility is set by the network), thus allowing the administration to guarantee collection of charges. However, some administrations may permit nonidentified DTEs to make free calls or may use other methods to collect charges (e.g. via the PSTN, ISDN or CSPDN).%  `  &  2.3.2.2HServices for identified DTEs HThe services offered to identified DTEs provide a set of capabilities/facilities different from and/or enhanced beyond the nonidentified DTE service. In particular, on those networks which allow only identified DTEs to accrue charges, it is possible for DTEs to:  `  HHa)X  make calls for which the calling DTE assumes responsibility for the charges, and/or $  `  Hb)  receive reversecharged calls. 2.3.2.2.1 Identified DTE service HThe PSPDN may offer the identified DTE service in which:  `  HHa)X  the DTE identity has not been explicitly agreed to with the administration, or8"  `   `  HHX the DTE identity has been explicitly agreed to. In this case, allocation of registered addresses, to some DTEs, by the administration is a network option;(#  `   `  Hb)  the other attributes have the values set by the network as specified in 3.4.!  H HThe effect of the identified DTE service is that this DTE is billable but the service is otherwise similar to the nonidentified DTE service. Note that the use of the network user identification (NUI) subscription facility provides a DTE identity used for billing purposes and may, in conjunction with the NUI override facility (6.3), override, for the specific virtual call, the default set of X.25 subscription facilities. However, when using the NUI override facility feature, overridding the facilities is performed only when a Call Request is made by the switched access DTE and not for an Incoming Call to the switched access DTE. HThe identified DTE service may be offered as part of dialinbytheDTE or dialoutbythePSPDN operation or both. 2.3.2.2.2 Customized DTE service HThe PSPDN may offer the customized DTE service in which the DTE identity has been explicitly agreed to with the administration, a registered address has been allocated and the other attributes are set according to the DTE profile which has been customized for the DTE according to the capabilities supported by the network as permitted within the specification given in 3.5. The effect is that this DTE is billable, has an X.121 address registered with the PSPDN, and is provided a service tailored in many aspects to its requirements. This DTE service may be offered as part of dialinbytheDTE or dialoutbythePSPDN operation or both. 2.4HDTE identification methods HThis Recommendation provides four distinct methods for DTE identification. These methods are:  H HHa)X  identification provided by the public switched network,  `  N*   `  Hb)  identification by means of a link layer Exchange Identification (XID) procedure,$   HHc)X  identification by means of a packet layer registration procedure,  `   `  HHd)X  identification by means of the NUI selection facility in call setup packets.(#  `   `  HHX (Note For an interim period, support of the use of a DTE identification method by means of the calling address field in call request packets is a national matter. It should be remembered that the use of the calling address field for conveying identification conflicts with the use of this field for addressing, and problems can arise if both uses are needed.)!  `   `  HA network may support any, all or none of these methods in conjunction with the DTE services offered (see 2.7). HThe mechanisms in b), c) and d) may be used by some networks to offer functions other than, or in addition to, DTE identification. HThe identity of the DTE becomes known to the network via one of the identification procedures at either or both of the following times:   HH1)X  prior to any virtual call establishment (see 2.4.1), or H!  `  H2)  on a per virtual call basis (see 2.4.2).x  `  HIt is considered vital that a reasonable degree of protection be achieved in the DTE identification procedure so that administrations and subscribers can prevent fraudulent DTE identification. Therefore, the identification procedure includes the capabilities to verify and/or authenticate the correctness of the DTE identification. The XID and registration methods obey an "identification protocol" that has been defined in 2.9 and 7.1 for conveying the information necessary for the DCE to receive the DTE identity, verify it to the proper degree of authenticity, and to report on the success of the procedure. Two grades of security are defined in the identification protocol. Identification provided by the public switched network and the X.25 NUI selection facility do not use an explicit identification protocol. However, the success of authentication is implicit in the reception by the DTE of a call connected packet.  X HDCE identification may be achieved by using the identification protocol while it is simultaneously being used for DTE identification, but as an independent invocation of the protocol. HNetworks may choose to offer "secure dialback" as an additional means for authentication of the DTE identity. Secure dialback, as specified in 7.2.1, uses physical location as a basis for DTE authentication by combining dialinbytheDTE, dialoutbythePSPDN, and DTE identification prior to virtual call establishment. 2.4.1HIdentification prior to virtual call establishment HThere are three methods by which the identity of the DTE can be determined by the DCE prior to the establishment of any virtual call. These methods are described in the following three subsections. All three methods apply to both dialinbytheDTE and dialoutbythePSPDN operation.  +  HThe service that a DTE which is identified prior to virtual call establishment obtains is either the identified or the customized DTE service. HIf the service obtained is the customized DTE service and includes customized values for link layer options and system parameters, the DTE identification must be performed at the link level (see 2.4.1.2) or be provided by the public switched network (see 2.4.1.1). HThe DTE identification that is determined by any of the priorto virtualcallestablishment methods remains in effect even in the absence of any virtual calls. 2.4.1.1HIdentity provided by the public switched network  HIn the case of dialinbytheDTE operation, the DTE identity may be provided by the public switched network (i.e. PSTN, ISDN or CSPDN) to the PSPDN during the PSN connection establishment stage. Note The administrative arrangements described in 2.2.1 are necessary for the calling line identification to be used by the PSPDN as a DTE identity. HThe DTE is a subscriber of the PSTN, ISDN or CSPDN network, and, therefore, the PSTN number, the ISDN number or the CSPDN number (as well as some additional management information in some circumstances) may be available and will be signalled to the PSPDN. HIn the case of dialoutbythePSPDN, the PSPDN uses, as the DTE identification, the information which has been provided to the PSN in order to do the dialoutbythePSPDN operation. Note This method of identification may be used in the case of dialoutbythe PSPDN operation even when the PSN does not provide calling line identification. HAs the PSN is providing the identification information, the DTE is not required to use any optional user procedures in order to accomplish DTE identification. HThe DTE identification determined by means of this method remains in effect until the switched access path is disconnected. Note Although the operational requirements for a DTE which is not identified or which is identified via the "providedbypublicswitchednetwork" method are the same, the capabilities/facilities available to DTEs using these methods can be very different. This may result in differences in general DTE operation, especially in regard to reverse charging. In particular, the differences are those between the nonidentified DTE service and the identified or customized DTE services. 2.4.1.2HIdentity provided by means of the link layer XID procedure HIdentification of the DTE may be provided by a link layer procedure, as described in 5 and 7, based on exchanges of XID frames between the DTE and the DCE before the logical link is established (disconnected phase of RecommendationX.25).  V'  HThis procedure may be optionally offered by networks depending, in part, on the offering by the network of the optional frames that this procedure uses. When it is offered by the network, use of this identification procedure by DTEs is optional. HThe XID frame used in this method may also be used for other link layer functions. HThe DTE identification determined by means of this method remains in effect until the switched access path is disconnected or the link layer has left the information transfer phase and has entered the disconnected phase.  Xh 2.4.1.3HIdentity provided by means of the packet layer registration procedure HIdentification of the DTE may be provided by means of a packet layer procedure described in 6 and 7. This procedure is based on one or more exchanges of registration request packets (from DTE to DCE) and registration confirmation packets (from DCE to DTE) and is always initiated by the DTE. (These packets are described in 5.7.2 of RecommendationX.25). The DTE may initiate this procedure (for purposes of identification) once at the beginning of the existence of the switched access path, i.e. before any virtual calls are made in which the nonidentified DTE service is obtained or in which a per virtualcallDTE identification method is used. The DTE identification determined by means of this method remains in effect until the switched access path is disconnected or the link layer has entered the disconnected phase. Also, the receipt of a restart indication packet by the DTE may mean that DTE identification has been lost (see 6.1 of RecommendationX.25 and 6 and 7 of this Recommendation). HThis procedure may be optionally offered by networks depending, in part, on the offering by the network of the optional registration packets that this procedure uses. When it is offered by the network, use of this identification procedure by DTEs is optional. HThe registration packets used in this method are also used by those networks which offer the optional online facility registration facility. 2.4.2HHIdentification per virtual call by means of network user identification facilityp&H HThere is a method, using the network user identification selection facility, by which the identity of the DTE can be determined on a pervirtual call basis. HThe identification of the DTE is provided in the facility field of the call request packet via the use of the optional NUI selection facility. Use of NUI in the facility field in a call accepted packet allows a modification of billing (e.g. subaccount billing) to be carried out and has no effect on the values of the DTE profile in use for this DTE. HThis procedure may be optionally offered by networks depending, in part, on the offering by the network of the optional NUI selection facility that this procedure uses. When it is offered by the network, use of this identification procedure by DTEs is optional. HThe identification established by this method is accomplished at the same time as virtual call setup and remains in effect until the virtual call is cleared.  ( HThe NUI selection facility may also be used when a priortovirtual callestablishment identification method has been used. In this case, the service obtained by the DTE using the NUI selection facility in a call request packet is detailed in 6.3.2 concerning operation of the NUI selection facility. HThe service that a DTE using the NUI method obtains is the identified DTE service. Upon termination of the virtual call:  hH HHa)X  if no priortovirtualcallestablishment DTE identification had been accomplished, the logical channel is usable again for a nonidentified call or a DTEidentificationviaNUI call, orƐ$  H`   `  HHb)X  if a priortovirtualcallestablishment DTE identification had been accomplished, the logical channel is usable again under the conditions of the DTE service that the priortovirtualcall DTE identity had invoked.$  `  2.5HDCE identification methods  `  HThis Recommendation provides three distinct methods for DCE identification. These methods are:   HHa)X  identification provided by the public switched network,  `   `  Hb)  identification by means of a link layer XID procedure, and Hc)  identification by means of a packet layer registration procedure.H!  H HWhen a network provides dialinbytheDTE access and/or dialoutby thePSPDN access, it need not provide the DCE identification to the DTE. Some networks may not provide the DCE identification to the DTE regardless of the approach used for the DTE identification. HHowever, for the networks that choose to provide the DCE identification to the DTE using one of the optional identification procedures, it is possible that the DTE may not use that optional identification procedure and, therefore, may not recognize the DCE identification. Additionally, networks are not required to provide DCE identification on dialinbytheDTE operation. HThere is a need to provide a reasonable degree of protection in the identification procedure so that Administrations and subscribers can prevent inaccurate DCE identification. Therefore, the identification procedure incorporates the functions of authentication and verification of the DCE's identity. The XID and registration methods of DCE identification obey an "identification protocol" that has been defined in 2.9 and 7.1 for conveying the information necessary for the DTE to recognize the DCE identity, including verifying the identity to the proper degree of authenticity and reporting on the success of the procedure. HWhen no DCE identification is received by the DTE, it is the responsibility of the DTE to decide if the level of security is sufficient to continue operation. HDTE identification may be achieved by using the identification protocol while it is simultaneously being used for DCE identification, but as an independent invocation of the protocol.  N* 2.5.1HIdentification prior to virtual call establishment 2.5.1.1HIdentity provided by the public switched network HIn the case of dialoutbythePSPDN, the PSTN number, the ISDN number or the CSPDN number identifying the DCE may be provided by the public switched network (as well as some additional network management information from the PSPDN in some circumstances). HWhen identification is provided by the PSN, the DCE is not required to use any optional packet/frame types or any optional packet/frame fields defined in 5, 6 or 7 or in RecommendationX.25. 2.5.1.2HIdentity provided by means of the link layer XID procedure HDCE identification can be optionally provided to the DTE by means of the exchange of XID frames prior to the link setup. The detailed procedure to provide such information is the identification protocol given in 2.9 and7.1.  Hh 2.5.1.3HIdentity provided by means of the packet layer registration procedure HDCE identification can be optionally provided to the DTE using the registration packets. The exact process is the identification protocol given in 2.9 and 7.1. 2.5.2HIdentification per virtual call HIdentification of the DCE to the DTE on a pervirtualcall basis is currently not provided. The need for such a capability has been left for further study. 2.6HDialinbytheDTE and dialoutbythePSPDN operation HAll PSPDNs conforming to this Recommendation shall provide dialinby theDTE operation. Provision of dialoutbythePSPDN operation is optional. 2.7HDTE service requirement HTo provide a switched access service to DTEs, without introducing additional procedures, all PSPDNs conforming to this Recommendation shall offer the nonidentified DTE service and/or support use of the providedbythePSN DTE identification method. HNetworks may also provide access to and/or from DTEs through a PSN, with the DTE being identified to the network using one of the optional identification procedures (see 2.4.1.2, 2.4.1.3 and 2.4.2). 2.8HDuplex and halfduplex operation HIf CSPDN access is used, the transmission facility is duplex. If PSTN access is used, the transmission facility operation is duplex, or, optionally, some networks may also provide for halfduplex operation. The additional procedures necessary for halfduplex operation are described in 5.6. If an ISDN transparent circuit connection is used, the transmission facility is duplex.  & 2.9HIdentification protocol HThe elements of protocol which are used in performing DTE or DCE identification by either the XID or registration methods are independent of the procedure (the vehicle) used to transfer these elements between DTE and DCE (i.e. either XID frames or registration packets). HThe "identification protocol" consists of exchanges between the "challenged" party and the "questioning" party. The "challenged" party provides and, optionally, certifies its identity and the "questioning" party checks and authenticates this identity. HThe DTE and DCE, either calling or called, may be questioning, challenged, or both questioning and challenged. This is the result of the identification protocol being used independently for DTE identification and DCE identification, possibly simultaneously. HThe identification protocol provides two grades of security characterized by how many operations are needed and which elements are needed in each direction. HThe operational details of the identification protocol are given in 7.1. 2.10HNegotiation of values HNegotiation of link layer parameters is left for further study. Presently, DCE parameters are set to specific values according to the DTE profile as outlined in 2.3 and 3. HSome networks may provide the capability for negotiation of packet layer facilities by means of the online facility registration facility. When provided, this negotiation takes as a starting point the values established in the DTE profile and, as a result, may override them. HPacket layer facilities may also be overridden by using the NUI selection facility when the NUI override facility is in effect. 3HDTE service descriptions 3.1HDTE service attributes 3.1.1HDTE identity HThe DTE identity attribute, when provided, defines the identity of the DTE. 3.1.2HDTE identification method HThe DTE identification method attribute, when provided, defines the DTE identification method used for establishing the DTE identity (see 2.4). The method is the same for dialinbytheDTE and dialoutbythePSPDN operation unless the providedbyPSN method is selected for one operation, in which case the methods may be different.  % 3.1.3HDTE address HWhen this attribute is provided a DTE address is assigned by the network for a given DTE identity. HThe DTE address can be derived and validated from the identification method. HThis DTE address may be, as a network option, either an X.121 number from the PSPDN numbering plan (see  2.3 of Recommendation X.121) or a number in the X.121 format from the PSN numbering plan. The number in the X.121 format from the PSN numbering plan for CSPDN is according to 2.3 of RecommendationX.121. The number in the X.121 format from the PSN numbering plan for PSTN and for ISDN is either according to 2.2.1.3 of Recommendation X.121 or to 2.6 of Recommendation X.121. The possible formats of the DTE address are given in 6.6 of RecommendationX.301. Note The inclusion or application of the TOA/NP1 address format to Recommendation X.32 as defined in RecommendationX.25 requires further study. 3.1.3.1HDTE address not provided HIn the case of dialinbytheDTE, when the DTE makes a call request, the contents of the calling address field in the corresponding incoming call packet are either:  h HHa)X  incomplete X.121 PSN format; this means the contents of the calling address field are not valid with respect to the definition of a "valid number" in the various Recommendations (e.g. a four digit number representing a DNIC that is assigned to a PSN; a number in the form 0 + CC; and a number in the form 9+TCC are not valid numbers as defined in RecommendationsX.121, E.164 and E.163); or8"  `   ` 8 HHb)X  temporary number from the PSPDN numbering plan; this means the contents of the calling address field, although valid with respect to the definition of a "valid number" in the various Recommendations, is not a number permanently attributed to the DTE. It may be, as an example, attributed to the dialin part used for a particular call.Ơ#  8`   ` X Note If the temporary number is used, the called DTE must be made aware that the contents of the calling address field is not a DTE address. The means to convey this information are for further study. Pending the results of such a study, this option may be used nationally, but such a temporary number shall not be carried on international interconnections. HMoreover, when the PSN implements calling line identification but there is no arrangement between the PSN and PSPDN to use the number provided by the PSN as DTE identification and when no other DTE identification method is used, the PSPDN may include the PSNprovided number in the calling address field of the incoming call packet.  % 8:Qm(3191) CCITT\APIX\DOC\050E4.TXS 88:T(3191) CCITT\APIX\DOC\050E4.TXS 8  3.1.3.2HDTE address provided HWhen an identified DTE makes a call request, the contents of the calling DTE address field in the incoming call packet given to the called DTE is the DTE address. This applies even if the temporary location facility has been used to change the registered PSN number (see 7.2). 3.1.4HRegistered address HThis attribute, when provided, permits the DCE to be aware of a possible already established PSN connection with the DTE. The value of the registered address is always identical to the value of the DTE address. 3.1.4.1. Registered address not provided HIf the called DTE address field in a call request packet contains an X.121 number from the PSN numbering plan which is not a registered address, then a dialoutbythePSPDN call is made to that PSN number without checking if a switched connection already exists with the DTE. If a switched connection already exists, a subsequent dialoutbythePSPDN operation will result in a busy signal. Therefore, the incoming virtual call is cleared. 3.1.4.2HRegistered address provided HUpon receiving a call request with a called DTE address, that is the registered address, the PSPDN needs to determine whether or not to perform a dialoutbythePSPDN operation. If there is a switched connection in existence on which the DTE identity that corresponds to the registered address has been established, that switched connection will be used by the PSPDN. Otherwise, the PSPDN will perform the dialoutbythePSPDN operation. Note This dialoutbythePSPDN will not be successful if there is already a switched connection to the DTE when there has not been an establishment of a DTE identity or there has been a DTE identity established that does not correspond to the registered address. HThe PSN number used for the dialoutbyPSPDN is the registered PSN number. Note In some networks, if the called address used in a Call Request packet to call a switched access DTE is not the registered address for a DTE identity but is a registered PSN number, the PSPDN will not recognize this as a registered address and may treat the call according to the nonidentified DTE service (see 3.5 and 3.3).