5G-S-TMSI

5G S-Temporary Mobile Subscription Identifier

Identifier
Introduced in Rel-15
A temporary identifier assigned to a UE in the 5G system to protect the user's permanent subscription identity (SUPI) during initial network access and paging. It is used for radio resource control procedures and is a key element for privacy and efficient signaling.

Description

The 5G-S-TMSI (5G S-Temporary Mobile Subscription Identifier) is a critical temporary identifier within the 5G Core Network (5GC) architecture, specifically managed by the Access and Mobility Management Function (AMF). It is assigned to a User Equipment (UE) after a successful initial registration procedure. The primary purpose of the 5G-S-TMSI is to serve as a concise, temporary alias for the user's permanent and privacy-sensitive Subscription Permanent Identifier (SUPI), thereby preventing the SUPI from being transmitted in the clear over the radio interface.

Architecturally, the 5G-S-TMSI is generated and allocated by the serving AMF. It is structured to contain information that allows the network to efficiently route and manage the UE. The identifier is composed of two main parts: the AMF Set ID, AMF Pointer, and a 5G-TMSI (Temporary Mobile Subscription Identifier). The AMF Set ID identifies a group of AMFs for redundancy and load balancing, while the AMF Pointer specifies a particular AMF within that set. The 5G-TMSI is a unique number assigned by that specific AMF to the UE for the duration of its registration context. This structure enables the Radio Access Network (RAN) to determine which AMF instance is serving the UE without needing to decode the full NAS message.

In operation, the 5G-S-TMSI is used extensively in signaling procedures. During the initial random-access procedure when a UE is in RRC_IDLE or RRC_INACTIVE state, it includes the 5G-S-TMSI in the RRCSetupComplete message if it has one stored from a previous registration. More importantly, it is the primary identifier used in the Paging message broadcast by the gNB. When the network needs to reach a UE (e.g., for an incoming session), it pages the UE using the 5G-S-TMSI. Upon receiving a paging message containing its 5G-S-TMSI, the UE responds with a Service Request, including the same identifier, allowing the network to re-establish the connection and retrieve the full UE context from the AMF.

The 5G-S-TMSI's role extends beyond simple identification; it is fundamental to network efficiency and security. By using this temporary identifier for frequent over-the-air transmissions like paging and connection resumption, the permanent SUPI is shielded from eavesdroppers, addressing a significant privacy concern present in earlier generations. Furthermore, its compact size (shorter than the full GUTI from 4G in many cases) reduces signaling overhead. The inclusion of AMF routing information directly within the identifier allows for efficient and scalable AMF selection and re-selection processes within the 5GC's service-based architecture, supporting features like AMF mobility and load balancing.

Purpose & Motivation

The 5G-S-TMSI was created to address critical shortcomings in subscriber identity management from previous cellular generations, primarily focusing on enhanced privacy and signaling efficiency. In 4G LTE, the Globally Unique Temporary Identifier (GUTI) served a similar purpose but had a larger size and a different structural logic tied to the MME. The 5G system introduced a redesigned, flatter core network with a clear separation between the Access and Mobility Management Function (AMF) and the Session Management Function (SMF). This new architecture necessitated a temporary identifier optimized for the service-based interfaces and the specific procedures of 5G, such as the RRC_INACTIVE state.

A key problem the 5G-S-TMSI solves is the protection of the permanent subscriber identity (SUPI) from being transmitted in plain text over the radio link. In early mobile systems, the International Mobile Subscriber Identity (IMSI) was sometimes sent unprotected, creating a major privacy vulnerability for tracking subscribers. The 5G-S-TMSI, by replacing the SUPI in almost all radio signaling after initial authentication, effectively mitigates this threat. Its design also solves the problem of efficient network node routing. By embedding AMF Set and Pointer information, the RAN can directly determine which AMF instance holds the UE's context, enabling faster connection resumption and more efficient paging without requiring complex lookup procedures, which is essential for supporting the low-latency use cases envisioned for 5G.

Key Features

  • Temporary alias for the permanent SUPI to ensure subscriber privacy
  • Contains AMF Set ID and AMF Pointer for efficient routing within the 5G Core
  • Used as the primary identifier in Paging messages for UEs in idle/inactive states
  • Included in RRC signaling (e.g., RRCSetupComplete) for context retrieval
  • Compact structure designed to reduce signaling overhead on radio interface
  • Uniquely assigned per UE by the serving AMF for the duration of its registration

Evolution Across Releases

Rel-15 Initial

Introduced as the foundational temporary identifier for the 5G System. Its structure, defined in TS 23.003, includes the AMF Set ID, AMF Pointer, and 5G-TMSI to enable efficient AMF routing and UE identification. It was specified for use in initial registration, service request, and paging procedures to protect the SUPI and streamline signaling.

TS 23.003TS 23.501TS 24.501TS 24.890

Defining Specifications

SpecificationTitle
TS 23.003 3GPP TS 23.003
TS 23.501 3GPP TS 23.501
TS 24.501 3GPP TS 24.501
TS 24.890 3GPP TS 24.890