Operators can provide an ID to portals using a unique identifier, without exposing the user's secure information (for example, the MSISDN). For this purpose, AA supports header enrichment with Anonymous Customer Record (ACR) of two types: static ACR and dynamic ACR.
A static ACR is always the same for a user. The content provider is not able to retrieve the user's MSISDN, but can track the number of times the same user has connected. To make the encryption result deterministic for the static ACR, the encryption must have padding with null ASCI characters. This ensures the same sequence of bytes is produced every time.
A dynamic ACR is created during session establishment and remains the same while the session is active. A new dynamic ACR is generated when the user reconnects. With a dynamic ACR, the operator cannot track the user's MSISDN or the number of times the user accessed the portal.
Table: ACR formats describes how an ACR is constructed.
| Code | Description | Format | Length | Notes |
|---|---|---|---|---|
CC |
Country Code |
NUM |
3 digits |
Example: 234 (UK) |
NC |
Network Code |
NUM |
3 digits |
Example: 015 |
T |
ACR Type |
CHAR |
4 characters |
"STAT" or "DYNM" |
RC |
Date and time of transactions |
"RSV" || CCYYMMD DT hh:mm:ssZ |
23 characters |
The string "RSV" followed by the date time (ISO8601 date), followed by the character "Z" with no spaces Example: RSV2009-07-09T15:51:15Z |
Encrypted |
Encryption of the MSISDN and timestamp |
— |
344 characters |
STAT = encrypted MSISDN DYNM = encrypted [ISO8601 date + MSISDN] The timestamp defines the creation time of the ACR The format of MSISDN is without '+' and leading '0 |