ON-SNPN

Onboarding Standalone Non-Public Network

IoT →
Introduced in Rel-17

ON-SNPN is a 3GPP mechanism enabling IoT devices to securely discover, authenticate, and connect to a Standalone Non-Public Network without prior subscription data.

Category
IoT
Introduced
Rel-17
Where
Core Network › 5G Core
Specifications
5 specs
ON-SNPN Description Purpose Related Classification Detected Changes Specifications

Description

ON-SNPN is a standardized procedure defined by 3GPP for onboarding devices onto a Standalone Non-Public Network. An SNPN is a 5G network operated by a private entity, not relying on a Public Land Mobile Network (PLMN) for core network functions. The primary challenge ON-SNPN addresses is the initial provisioning of devices that lack a valid subscription or credentials for the target SNPN. The architecture involves several key functional entities: the device seeking access (User Equipment - UE), the SNPN's Access and Mobility Management Function (AMF) and Authentication Server Function (AUSF), and an Onboarding Network (ONN). The ONN is a separate, trusted network that facilitates the initial connection and credential provisioning.

The ON-SNPN procedure typically begins when a UE, configured for onboarding, attempts to connect to a network. The UE broadcasts a registration request indicating its onboarding intent. The SNPN, recognizing the request, may redirect the UE to a designated ONN. The ONN provides limited, initial access, often using a generic or provisional credential. Through this secured channel, the UE then interacts with an onboarding server, which is part of or trusted by the SNPN's ecosystem. This server authenticates the device's identity (e.g., using a factory-installed certificate) and provisions it with the necessary credentials (like a subscription permanent identifier - SUPI and associated keys) specific to the target SNPN.

Once the device receives its SNPN-specific credentials, it can disconnect from the ONN and perform a standard registration procedure directly with the target SNPN using the newly provisioned subscription data. The SNPN's AUSF validates these credentials, completing the authentication. This process is heavily secured to prevent man-in-the-middle attacks and credential theft, employing mechanisms like certificate-based device authentication and secure tunneling during credential transfer. ON-SNPN is a cornerstone for zero-touch provisioning in Industry 4.0, enabling the seamless integration of sensors, actuators, and other IoT devices into private 5G networks without manual intervention.

Purpose & Motivation

ON-SNPN was created to solve the logistical and security challenges of deploying large-scale IoT devices in private 5G networks (SNPNs). Prior to its standardization, provisioning credentials for thousands of industrial devices was a manual, error-prone, and insecure process, often involving physical access or pre-loading network-specific keys at the factory, which limited supply chain flexibility. The need for automated, secure, and scalable onboarding became critical with the rise of Industry 4.0 and massive IoT deployments in manufacturing, logistics, and utilities.

The technology addresses the limitation of traditional PLMN-based subscription models, which are ill-suited for privately owned and operated networks. It enables device manufacturers to produce generic devices without binding them to a specific customer's network during production. Instead, the secure onboarding process allows the end-user (the SNPN operator) to take ownership and provision credentials after deployment. This decoupling streamlines the supply chain and provides operational flexibility. Furthermore, ON-SNPN enhances security by ensuring that even the initial, limited-access connection for onboarding occurs over a controlled and authenticated channel, preventing unauthorized devices from accessing the primary SNPN resources during the provisioning phase.

Classification

Part ofSNPN

Detected Changes Across Releases

from 3GPP Change Requests

Specific changes extracted from the „Change history“ tables of 3GPP specifications (350 CRs across 5 releases). Complements the general historical overview above with the evidence-based evolution of this function.

Rel-15 1 change

In Release 15, the Onboarding Standalone Non-Public Network (ON-SNPN) function was newly introduced as an SNPN providing Onboarding access and enabling Remote Provisioning for a UE registered for Onboarding. This allows a UE configured with default credentials to be provisioned with network credentials by a Provisioning Server for subsequent SNPN access. The introduction also involved refining associated identifiers, such as the Home Network Public Key Identifier used for SUPI protection in the onboarding process.

  • Removal of Editor's note on home network public key and home network public key identifier update and removal of protection scheme identifier TS 24.501CR0845
Rel-16 92 changes

In Release 16, the ON-SNPN function was newly introduced, defining an Onboarding Standalone Non-Public Network as an SNPN that provides Onboarding access and enables Remote Provisioning for a UE. This included the support for a UE to be provisioned with network credentials from a Provisioning Server and the definition of Default UE credentials for the onboarding procedure. The release also specified architectural support for onboarding via credentials from a separate Credentials Holder.

  • TS 23.501: Introducing Non-public network TS 23.501CR0734
  • Introducing support for Non-Public Networks TS 23.501CR0757
  • Introducing Non-public network TS 23.501CR0734
  • FQDN format of N3IWF in a standalone non-public network TS 23.501CR0841
  • Support of emergency services in public network integrated NPNs TS 23.501CR1073
  • Adding support for SNPNs (Stand-alone Non-Public Networks) TS 24.501CR0963

+ 86 more changes

Rel-17 156 changes

In Release 17, the ON-SNPN function introduced the capability for a UE to be provisioned with network credentials via an Onboarding SNPN, using default UE credentials for initial registration. This release defined the architecture and procedures for UE onboarding, including support for a separate Credentials Holder entity and the handling of deregistration for a UE registered specifically for onboarding. It also specified the format of the SUCI/SUPI used for this onboarding process and enabled mobility support between SNPNs and between an SNPN and a PLMN.

  • Informative guideline on supporting session/service continuity between SNPN and PLMN when using N3IWF TS 23.501CR2563
  • SNPN support AAA Server for primary authentication and authorization TS 23.501CR2611
  • SNPN with separate entity hosting subscription TS 23.501CR2625
  • General introduction of Enhancements to Support SNPN along with credentials owned by an entity separate from the SNPN TS 23.501CR2684
  • UE onboarding TS 23.501CR2562
  • De-registration for onboarding registered UE TS 23.501CR2755

+ 150 more changes

Rel-18 91 changes

In Release 18, the ON-SNPN function was enhanced to support non-3GPP and wireline access types for onboarding and accessing SNPN services, expanding connectivity options beyond 3GPP radio. The release also introduced more sophisticated network selection mechanisms, including Credentials Holder-controlled prioritized lists of preferred SNPNs and Group IDs (GINs) for localized services. Furthermore, it provided clarifications and procedures for handling equivalent SNPNs, forbidden lists, and network access control specifically for UEs accessing SNPNs that provide localized services.

  • Support of Non-3GPP access for SNPN TS 23.501CR3714
  • Equivalent SNPN support TS 23.501CR3730
  • N5CW device access to SNPN services TS 23.501CR3821
  • Clarification of SNPN access mode TS 23.501CR3841
  • Clarifications on Onboarding in SNPN supporting localized services TS 23.501CR3927
  • SNPN broadcast system information and manual network selection for localized service TS 23.501CR4095

+ 85 more changes

Rel-19 10 changes

In Release 19, the ON-SNPN function was enhanced to improve network selection and service continuity for localized services, including the use of a Group ID for Network Selection (GIN) to aid in selecting a preferred SNPN. The release also introduced refined procedures for managing UE timers and lists, such as the removal of forbidden SNPN lists upon the expiry of timer T3245 and conditions for clearing memorized network identifiers. Furthermore, it added mechanisms for the recognition of an SNPN providing access for localized services and ensured appropriate cell reselection to support these services.

  • Enhancement of getting public UE IP address and port number TS 23.501CR5445
  • Information for ensuring appropriate cell reselection for localized services in SNPN TS 24.501CR6486
  • Support MSK for SNPN and resolve EN for 3GPP-Charging ID-v2 TS 29.561CR0197
  • T3525 abnormal case in SNPN TS 24.501CR6368
  • Addition of a condition for the removal of memorized PLMN and SNPN Ids. TS 24.501CR6548
  • Missing NOTE for T3540 for a UE with high priority access in selected PLMN or SNPN TS 24.501CR6546

+ 4 more changes

Explore further

Broader topics and technologies where ON-SNPN plays a role.

Topics
Authentication (5G-AKA, EAP)MEC (Edge Computing)Lawful InterceptSMS & MessagingIoT & MTCManagement & Operations
Technologies
5G

Defining Specifications

3GPP specifications that define or reference ON-SNPN, with the latest known release. Sourced from the 3GPP document catalog — see methodology.

SpecificationTitleRelease
TS 23.501 vk00 5G System Architecture Stage 2 Rel-20
TS 24.501 vj50 5G NAS Protocols Specification Rel-19
TS 29.512 vj40 5G Session Management Policy Control Service Rel-19
TS 29.513 vj40 5G PCC Signalling Flows & QoS Mapping Rel-19
TS 29.561 vj30 5G Interworking with External Data Networks Rel-19