5G Temporary Mobile Subscription Identifier

Description

The 5G-TMSI (5G Temporary Mobile Subscription Identifier) is a fundamental temporary identifier used within the 5G Core (5GC) network to uniquely and temporarily identify a User Equipment (UE) during its registration and active sessions. It is a 32-bit value assigned by the Access and Mobility Management Function (AMF) to a UE upon successful registration or service request procedures. The primary architectural role of the 5G-TMSI is to serve as a local alias within the serving AMF and its associated AMF set, allowing the network to reference the UE's security context and subscription profile without repeatedly transmitting its permanent, globally unique SUPI (Subscription Permanent Identifier) over the radio interface, which is a critical security and privacy measure.

Operationally, the 5G-TMSI is constructed and managed by the AMF. When a UE initially registers with the network without a valid 5G-TMSI (e.g., during initial attach or after moving to a new tracking area), it uses its SUPI or a privacy-protected variant (SUCI) for identification. Upon successful authentication and registration, the AMF allocates a fresh 5G-TMSI and delivers it to the UE in a secured NAS (Non-Access Stratum) message. Subsequently, for most signaling procedures like Service Requests, Periodic Registration Updates, or Mobility Registration Updates, the UE includes this 5G-TMSI in the RRC (Radio Resource Control) and NAS messages. The AMF uses the received 5G-TMSI to efficiently retrieve the UE's context from its local database.

The identifier's structure, while a 32-bit string, is subdivided to encode routing information. The most significant bits can indicate the AMF Set ID and AMF Pointer, which helps the Radio Access Network (RAN) in the RAN-based Notification Area (RNA) or during RRC Inactive state to route the initial message from the UE to the correct AMF within the pool. This routing capability is a key component for efficient mobility and session management, preventing the need for broadcast paging across all AMFs in a pool. The 5G-TMSI's validity is tied to the UE's registration state; it may be reallocated by the network upon re-registration, inter-AMF mobility, or for periodic refreshment as a privacy enhancement.

In the broader 5G system, the 5G-TMSI works in conjunction with other identifiers like the 5G-GUTI (5G Globally Unique Temporary Identifier), which provides a globally routable temporary identity. The 5G-TMSI forms the least significant 32 bits of the 5G-GUTI. While the 5G-GUTI is used for inter-AMF and inter-PLMN mobility, the 5G-TMSI is optimized for intra-AMF-set signaling efficiency. Its role is critical for reducing signaling overhead, enabling fast context retrieval, and fundamentally upholding user privacy by minimizing the transmission of permanent credentials, making it a cornerstone of 5G secure access and mobility management.

Purpose & Motivation

The 5G-TMSI was created to address critical shortcomings in previous mobile generations, particularly the exposure of long-term subscriber identities over the air interface. In pre-5G systems like LTE, while a Temporary Mobile Subscriber Identity (TMSI) was used, the overall identifier structure and privacy mechanisms were less robust. The 5G-TMSI, as part of the 5G-GUTI framework, provides a more structured and secure temporary identification system designed for the service-based architecture of 5GC.

A primary problem it solves is user privacy protection. The permanent subscriber identifier (SUPI) must never be transmitted in clear text over non-secure radio links. By using a frequently changing 5G-TMSI for most signaling interactions, the SUPI is shielded from eavesdroppers, preventing subscriber tracking and profiling. This addresses growing regulatory and consumer demands for enhanced privacy. Furthermore, it solves network efficiency problems. The 5G-TMSI, with its encoded AMF routing information, allows the RAN to quickly route connection requests to the correct AMF without extensive querying, reducing connection setup delays and signaling load on the network, which is essential for supporting massive numbers of IoT devices and ultra-reliable low-latency communications.

Historically, temporary identifiers existed in 2G/3G/4G, but 5G's decoupled architecture (separating AMF from SMF) and support for new states like RRC Inactive required a more refined approach. The 5G-TMSI is designed to work seamlessly within the 5G-GUTI structure to support efficient mobility across AMF pools and PLMNs, a scenario more common in 5G's dense and heterogeneous network deployments. Its creation was motivated by the need for a scalable, secure, and efficient identity management scheme that supports 5G's diverse use cases, from enhanced mobile broadband to massive machine-type communications, without compromising performance or security.

Key Features

• 32-bit temporary identifier assigned by the AMF
• Protects the permanent SUPI from over-the-air exposure
• Encodes AMF Set ID and AMF Pointer for efficient routing
• Forms the least significant part of the 5G-GUTI
• Used for UE identification in NAS and RRC signaling
• Refreshed periodically or during mobility for enhanced privacy

Evolution Across Releases

Defining Specifications