What is 5G-S-TMSI? 5G S-Temporary Mobile Subscription Identifier

Description

The 5G-S-TMSI (5G S-Temporary Mobile Subscription Identifier) is a critical temporary identifier within the 5G Core Network (5GC) architecture, specifically managed by the Access and Mobility Management Function (AMF). It is assigned to a User Equipment (UE) after a successful initial registration procedure. The primary purpose of the 5G-S-TMSI is to serve as a concise, temporary alias for the user's permanent and privacy-sensitive Subscription Permanent Identifier (SUPI), thereby preventing the SUPI from being transmitted in the clear over the radio interface.

Architecturally, the 5G-S-TMSI is generated and allocated by the serving AMF. It is structured to contain information that allows the network to efficiently route and manage the UE. The identifier is composed of two main parts: the AMF Set ID, AMF Pointer, and a 5G-TMSI (Temporary Mobile Subscription Identifier). The AMF Set ID identifies a group of AMFs for redundancy and load balancing, while the AMF Pointer specifies a particular AMF within that set. The 5G-TMSI is a unique number assigned by that specific AMF to the UE for the duration of its registration context. This structure enables the Radio Access Network (RAN) to determine which AMF instance is serving the UE without needing to decode the full NAS message.

In operation, the 5G-S-TMSI is used extensively in signaling procedures. During the initial random-access procedure when a UE is in RRC_IDLE or RRC_INACTIVE state, it includes the 5G-S-TMSI in the RRCSetupComplete message if it has one stored from a previous registration. More importantly, it is the primary identifier used in the Paging message broadcast by the gNB. When the network needs to reach a UE (e.g., for an incoming session), it pages the UE using the 5G-S-TMSI. Upon receiving a paging message containing its 5G-S-TMSI, the UE responds with a Service Request, including the same identifier, allowing the network to re-establish the connection and retrieve the full UE context from the AMF.

The 5G-S-TMSI's role extends beyond simple identification; it is fundamental to network efficiency and security. By using this temporary identifier for frequent over-the-air transmissions like paging and connection resumption, the permanent SUPI is shielded from eavesdroppers, addressing a significant privacy concern present in earlier generations. Furthermore, its compact size (shorter than the full GUTI from 4G in many cases) reduces signaling overhead. The inclusion of AMF routing information directly within the identifier allows for efficient and scalable AMF selection and re-selection processes within the 5GC's service-based architecture, supporting features like AMF mobility and load balancing.

Purpose & Motivation

The 5G-S-TMSI was created to address critical shortcomings in subscriber identity management from previous cellular generations, primarily focusing on enhanced privacy and signaling efficiency. In 4G LTE, the Globally Unique Temporary Identifier (GUTI) served a similar purpose but had a larger size and a different structural logic tied to the MME. The 5G system introduced a redesigned, flatter core network with a clear separation between the Access and Mobility Management Function (AMF) and the Session Management Function (SMF). This new architecture necessitated a temporary identifier optimized for the service-based interfaces and the specific procedures of 5G, such as the RRC_INACTIVE state.

A key problem the 5G-S-TMSI solves is the protection of the permanent subscriber identity (SUPI) from being transmitted in plain text over the radio link. In early mobile systems, the International Mobile Subscriber Identity (IMSI) was sometimes sent unprotected, creating a major privacy vulnerability for tracking subscribers. The 5G-S-TMSI, by replacing the SUPI in almost all radio signaling after initial authentication, effectively mitigates this threat. Its design also solves the problem of efficient network node routing. By embedding AMF Set and Pointer information, the RAN can directly determine which AMF instance holds the UE's context, enabling faster connection resumption and more efficient paging without requiring complex lookup procedures, which is essential for supporting the low-latency use cases envisioned for 5G.

Classification

Part ofGUTI

Related approaches

Detected Changes Across Releases

from 3GPP Change Requests

Specific changes extracted from the „Change history“ tables of 3GPP specifications (216 CRs across 5 releases). Complements the general historical overview above with the evidence-based evolution of this function.

Rel-15 59 changes

In Release 15, the 5G-S-TMSI was newly introduced to enable EPS interworking, specifically for the derivation of the 5G-S-TMSI and subsequent retrieval of the UE context when moving between 5GS and EPS. The release also involved changes to the length and mapping of 5GS temporary identifiers and addressed the partitioning of the identifier space to ensure the success of this context retrieval procedure for interworking.

GUTI unique across AMFs in an AMF SET TS 23.501CR0089
5GS Support for MCS Subscription TS 23.501CR0693
Use of identifiers for mobility between GERAN/UTRAN and 5GS TS 23.501CR0017
Wildcard DNN subscription TS 23.501CR0021
EPS Interworking: 5G-S-TMSI derivation and context retrieval TS 23.501CR0085
Partitioning of Identifier space to ensure success of Context retrieval for EPS Interworking TS 23.501CR0090

+ 53 more changes

Rel-16 42 changes

In Release 16, the primary new feature for the 5G-S-TMSI was the introduction of a **Truncated 5G-S-TMSI** for use in Non-Access Stratum (NAS) signalling, as detailed in the Change Requests "Truncated 5G-S-TMSI over NAS" and "NAS signalling of CP Relocation Indication Truncated 5G-S-TMSI Parameters". This provided a mechanism to convey a shorter form of this temporary identifier within specific NAS procedures.

SUPI and SUCI for wireline access TS 23.501CR0744
Subscription Information Influence on PDU Session Rate Control TS 23.501CR1251
Alternative 2: Handling of a UE not allowed to access SNPN services via a PLMN by subscription with 5GMM cause value #72 TS 24.501CR2252
Truncated 5G-S-TMSI over NAS TS 24.501CR1932
Subscription Segmentation in PCF and UDR TS 23.501CR1366
Clarification for the related CAG identifier TS 23.501CR1371

+ 36 more changes

Rel-17 41 changes

In Release 17, the 5G-S-TMSI's context was updated to clarify its use in new subscription scenarios, specifically for Standalone Non-Public Networks (SNPNs) and when accessing an SNPN using credentials owned by a Credentials Holder. The release also introduced handling for new SUPI/SUCI formats for SNPN access and provided corrections to the encoding of the 5GS mobile identity IE that contains the 5G-S-TMSI.

SNPN with separate entity hosting subscription TS 23.501CR2625
IMSI based SUPI support when access an SNPN using credentials owned by CH TS 23.501CR2919
Format of SUCI/SUPI used for Onboarding TS 23.501CR3097
Authentication and Subscription information checking for Disaster Roaming service TS 23.501CR3251
Requirements related to UAS subscription change TS 24.501CR3770
PDU session establishment with the DNN/S-NSSAI for UAS service from the UE whch has valid aerial subscription but UUAA-MM is failed abnormally TS 24.501CR3792

+ 35 more changes

Rel-18 34 changes

In Release 18, there were no specific changes or enhancements documented for the "5G-S-TMSI" function itself. The release introduced new identifiers and clarifications for other areas, such as LCS specific identifiers, MPQUIC specific identifiers, and updates for mobile IAB. However, the technical details and CR titles provided do not indicate any modifications to the 5G-S-TMSI's structure, allocation, or procedures.

SNPN Identifier based N3IWF FQDN TS 23.003CR0687
Decorated NAI format for 5G-NSWO for SUPI TS 23.003CR0696
Adding time synchronization service based on subscription TS 23.501CR3762
Introduction of Mobile Base Station Relay TS 23.501CR3813
PIN identifiers TS 23.501CR4287
Equivalent SNPN usage for mobile identity selection TS 24.501CR4840

+ 28 more changes

Rel-19 40 changes

In Release 19, the enhancements for the 5G-S-TMSI function primarily involved its role in supporting new identifiers for non-3GPP devices connecting behind a UE or 5G-RG, as detailed in the CR titles. These updates included clarifications to session management signaling procedures that utilize non-3GPP device identifiers for QoS differentiation, which can be associated with the subscriber's temporary identity. Furthermore, the release introduced procedure updates to enable the suspension and support of reject QoS differentiation specifically for these non-3GPP device identifiers.

Non-3GPP Device Identifier TS 23.003CR0708
Definition of AIoT Device Permanent Identifier TS 23.003CR0713
Subscription-based routing to a target core network TS 23.501CR5380
Supporting direct subscription of UPF event exposure using UE's IP address TS 23.501CR5540
Adding support of Mobile Wireless Access Backhaul in 5GS TS 23.501CR5596
KI#2: UE subscription and policy control for energy efficiency and energy saving TS 23.501CR5739

+ 34 more changes

Explore further

Broader topics and technologies where 5G-S-TMSI plays a role.

Topics

RRC (Radio Resource Control)Authentication (5G-AKA, EAP)IMS & Voice (VoLTE, VoNR)NAS (Non-Access Stratum)Privacy (SUPI, SUCI)LTE / LTE-Advanced

Technologies

LTE 5G

Defining Specifications

3GPP specifications that define or reference 5G-S-TMSI, with the latest known release. Sourced from the 3GPP document catalog — see methodology.

Specification	Title	Release
TS 23.003 vj50	Numbering, addressing and identification in 3GPP	Rel-19
TS 23.501 vk00	5G System Architecture Stage 2	Rel-20
TS 24.501 vj50	5G NAS Protocols Specification	Rel-19
TS 24.890 vg00	5G NAS Protocol for 5GS Stage 3	Rel-16