Description
The 5G-GUTI is a fundamental identifier in 5G system architecture, designed to uniquely and temporarily identify a User Equipment (UE) within the network. It serves as a privacy-preserving alias for the permanent Subscription Permanent Identifier (SUPI), ensuring that the user's long-term identity is not exposed during radio communication, which mitigates tracking and eavesdropping risks. The identifier is structured to support efficient network operations, including registration, service requests, and mobility management, by allowing the network to correlate sessions and context without repeatedly querying the SUPI.
Architecturally, the 5G-GUTI is assigned by the Access and Mobility Management Function (AMF) during initial registration procedures. It consists of two main components: the GUAMI (Globally Unique AMF Identifier) and the 5G-TMSI (5G Temporary Mobile Subscriber Identity). The GUAMI uniquely identifies the AMF that allocated the 5G-GUTI, comprising a Mobile Country Code (MCC), Mobile Network Code (MNC), and an AMF Region ID, AMF Set ID, and AMF Pointer. The 5G-TMSI is a unique identifier within that AMF, used to distinguish the UE locally. This hierarchical structure allows for scalable routing and management, as the network can determine the serving AMF from the GUAMI and then use the 5G-TMSI to locate the specific UE context.
In operation, the UE includes the 5G-GUTI in signaling messages, such as Registration Requests or Service Requests, to identify itself to the network. The AMF validates the 5G-GUTI to retrieve the UE's security context and subscription data from its local storage or the Unified Data Management (UDM). If the 5G-GUTI is invalid or expired, the network may initiate a re-authentication procedure, potentially requesting the SUPI securely. The identifier can be reallocated or updated during mobility events, like handovers or inter-AMF transfers, to reflect changes in the serving network entity. This dynamic assignment supports seamless mobility across different AMFs and network slices.
The role of the 5G-GUTI extends beyond identity protection; it is integral to network efficiency and scalability. By using a temporary identifier, the network reduces signaling overhead, as the AMF can quickly resolve the UE context without extensive database queries. It also facilitates paging and notification procedures, where the 5G-TMSI is used to page the UE within a specific area. In scenarios involving network slicing, the 5G-GUTI helps associate the UE with the appropriate slice instance, ensuring that mobility and service continuity are maintained across slice boundaries. Overall, the 5G-GUTI is a cornerstone of 5G security and operational design, balancing privacy, performance, and flexibility.
Purpose & Motivation
The 5G-GUTI was created to address critical privacy and security vulnerabilities present in previous mobile generations, such as 4G/LTE, where temporary identifiers like the GUTI could still be linked to permanent identities over time, enabling potential tracking. In 5G, enhanced privacy is a core requirement, driven by regulations like GDPR and increased user awareness. The 5G-GUTI solves this by providing a robust mechanism to obscure the SUPI during radio transmissions, preventing passive attackers from correlating user activities or locations with their permanent identity. This separation ensures that even if temporary identifiers are intercepted, they cannot be easily mapped to the user's long-term subscription.
Historically, identifiers in 2G/3G/4G networks, such as the IMSI or 4G-GUTI, had limitations in privacy protection and scalability. The 4G-GUTI, for example, could be used to track users if not frequently refreshed, and its structure was less optimized for distributed architectures like 5G's service-based interface. The 5G-GUTI introduces a more hierarchical and globally unique design, aligning with 5G's cloud-native and sliced network environments. It supports efficient mobility management across diverse deployment scenarios, including non-public networks and edge computing, by enabling clear routing to the correct AMF instance.
Furthermore, the 5G-GUTI addresses operational challenges in large-scale networks by reducing dependency on central databases for every UE interaction. By allowing the AMF to manage temporary identifiers locally, it decreases latency and signaling load, which is crucial for 5G's low-latency use cases like URLLC. The identifier also facilitates network slicing by embedding AMF-specific information, ensuring that UE contexts are handled within the appropriate slice. Overall, the 5G-GUTI embodies 5G's principles of enhanced security, privacy by design, and scalable architecture, solving legacy issues while enabling future innovations.
Classification
Detected Changes Across Releases
from 3GPP Change RequestsSpecific changes extracted from the „Change history“ tables of 3GPP specifications (155 CRs across 5 releases). Complements the general historical overview above with the evidence-based evolution of this function.
In Release 15, the 5G-GUTI was newly introduced as a key temporary identifier for subscriber privacy, built upon the foundational Subscription Permanent Identifier (SUPI). The release specified its structure and usage, including coordination for mobility and interworking with EPS, and defined rules for the mapping and randomness of its temporary component, the 5G-TMSI. It also introduced the GUAMI (Globally Unique AMF Identifier) as part of the 5G-GUTI to enable routing and context retrieval.
- GUTI unique across AMFs in an AMF SET TS 23.501CR0089
- Use of identifiers for mobility between GERAN/UTRAN and 5GS TS 23.501CR0017
- Partitioning of Identifier space to ensure success of Context retrieval for EPS Interworking TS 23.501CR0090
- UDM Discovery with SUPI as input TS 23.501CR0091
- Subscription Permanent Identifier TS 23.501CR0189
- Temporary restriction of Reflective QoS TS 23.501CR0169
+ 43 more changes
In Release 16, key enhancements for the 5G-GUTI included its use as an additional GUTI during initial registration when a UE also holds a 4G-GUTI, and the clarification that a 5G-GUTI is not globally unique within a Standalone Non-Public Network (SNPN). Furthermore, the specification ensured octet alignment for the 5G-GUTI within the 5GS mobile identity information element and defined the inclusion of a native 5G-GUTI within the Additional GUTI IE.
- SUPI and SUCI for wireline access TS 23.501CR0744
- SUPI pattern TS 29.518CR0302
- Clarification for the related CAG identifier TS 23.501CR1371
- GUAMI allocation for standalone non-public network TS 23.501CR1608
- UE identifier for SNPN TS 23.501CR1881
- Clarification on SMF identifier in HR roaming TS 23.501CR1895
+ 27 more changes
In Release 17, specific clarifications and handling rules were defined for the 5G-GUTI in Standalone Non-Public Network (SNPN) scenarios, particularly when a UE is onboarding or using credentials from a Credentials Holder. The release introduced handling for scenarios where a T3346 timer is running and specified the inclusion of the NID of the SNPN that assigned the 5G-GUTI during mobility registration updates. Furthermore, it provided clarifications on maintaining the 5G-GUTI during abnormal cases and on the mapped 5G-GUTI terminology.
- IMSI based SUPI support when access an SNPN using credentials owned by CH TS 23.501CR2919
- Format of SUCI/SUPI used for Onboarding TS 23.501CR3097
- Group Identifier for Network Selection TS 23.003CR0636
- Handling of SUPI/SUCI format when accessing to a SNPN TS 23.501CR3045
- Corrections on the AF related identifier TS 23.501CR3064
- Update BSF NF profile to support SUPI and GPSI TS 23.501CR3108
+ 19 more changes
In Release 18, the key enhancement for the 5G-GUTI function was the introduction of rules for **5G-GUTI selection in the context of Equivalent SNPNs**. This update provides specific guidance on how to select the temporary identifier when a User Equipment is served by a Standalone Non-Public Network that is part of a group of equivalent SNPNs.
- SNPN Identifier based N3IWF FQDN TS 23.003CR0687
- Decorated NAI format for 5G-NSWO for SUPI TS 23.003CR0696
- PIN identifiers TS 23.501CR4287
- Protecting the N3IWF/TNGF identifier information in the REGISTRATION REJECT message TS 24.501CR5932
- NSI Identifier definition TS 23.003CR0678
- NSAC Service Area Identifier TS 23.003CR0677
+ 15 more changes
In Release 19, the 5G-GUTI function was enhanced to support new Non-3GPP Device Identifiers for devices connecting behind a UE or 5G-RG, requiring updates to session management procedures for QoS differentiation. These identifiers, such as the AIoT Device Permanent Identifier, were integrated into service operations like Namf_AIoT_MessageDelivery and stored in the UDR. Furthermore, clarifications were added for roaming support and handling these identifiers within session management signaling.
- Non-3GPP Device Identifier TS 23.003CR0708
- Definition of AIoT Device Permanent Identifier TS 23.003CR0713
- UDR enhancement supporting Device Identifier of non-3GPP Devices connecting behind a UE/5G-RG TS 23.501CR5547
- Definition of identifiers of N3GPP device behind UE/5G-RG TS 23.501CR5749
- Support of reject QoS differentiation for non-3GPP device identifier(s) TS 24.501CR6926
- Procedure update for QoS differentiation of non-3GPP device identifiers TS 24.501CR6994
+ 21 more changes
Explore further
Broader topics and technologies where 5G-GUTI plays a role.
Defining Specifications
3GPP specifications that define or reference 5G-GUTI, with the latest known release. Sourced from the 3GPP document catalog — see methodology.
| Specification | Title | Release |
|---|---|---|
| TS 23.003 vj50 | Numbering, addressing and identification in 3GPP | Rel-19 |
| TS 23.501 vk00 | 5G System Architecture Stage 2 | Rel-20 |
| TS 24.301 vj60 | NAS protocol for Evolved Packet System | Rel-19 |
| TS 24.501 vj50 | 5G NAS Protocols Specification | Rel-19 |
| TS 24.890 vg00 | 5G NAS Protocol for 5GS Stage 3 | Rel-16 |
| TS 29.518 vj50 | AMF Service Based Interface Protocol | Rel-19 |