PEMC

PIN Elements with Management Capability

Management →
Introduced in Rel-18 Also in: Services

PEMC is a framework for managing PIN elements and their attributes on a UICC or eSIM to enable remote security management.

Category
Management
Introduced
Rel-18
Where
Core Network › 5G Core
Also touches
1 segments
Specifications
7 specs
PEMC Description Purpose Related Classification Detected Changes Specifications

Description

PIN Elements with Management Capability (PEMC) is a management framework standardized in 3GPP Release 18, primarily within the context of enhanced SIM/UICC management. It defines a structured data model and remote management procedures for PIN-related security elements stored on a UICC. A 'PIN Element' refers to a PIN, its associated PIN Unblocking Key (PUK), and all related attributes such as the PIN value, retry counter, enabled/disabled status, and usage rules (e.g., which operations require PIN verification). The 'Management Capability' signifies that these elements can be created, modified, enabled, disabled, or deleted through remote management protocols, such as those defined by the Remote SIM Provisioning (RSP) architecture for eSIM. The framework is specified across multiple 3GPP specifications: the system architecture (23.501, 23.542), the service requirements for PEMC (23.700), the Non-Access Stratum (NAS) protocols for conveying PIN management messages between UE and network (24.501, 24.583), the management protocol details (26.806), and the security procedures (33.127). Architecturally, PEMC involves the UE, the UICC/eSIM, and network functions like the Subscription Manager - Data Preparation (SM-DP+) or other management servers. The management commands are securely transported to the UICC, which then applies the changes to the specified PIN Element. This allows, for example, an enterprise IT department to remotely reset a device PIN or a mobile operator to initialize PINs during eSIM provisioning without physical access to the device.

Purpose & Motivation

PEMC was developed to overcome the limitations of static, hard-coded PIN management in traditional SIM cards. In legacy systems, PINs and PUKs were pre-programmed by the SIM vendor and could only be changed locally by the user via the device menu, if allowed at all. This posed significant operational challenges for large-scale IoT deployments, enterprise device fleets, and standard consumer eSIM provisioning. If a user forgot a PIN or exhausted retry attempts, physical intervention was often required. PEMC addresses these problems by enabling remote, over-the-air management of PIN security elements. This is crucial for the eSIM ecosystem, where profiles are downloaded remotely; PEMC allows the associated PINs to be configured dynamically as part of the profile provisioning process. It solves logistical headaches in IoT by allowing fleet managers to remotely reset PINs on thousands of sensors. For consumers, it enables self-service PIN recovery through operator portals. The motivation stems from the industry's shift towards fully remote device and subscription lifecycle management, demanding the same flexibility for security features (PINs) as for other subscription data. It enhances both security posture through centralized policy control and user experience by simplifying PIN recovery.

Classification

Part ofPIN
Related approachesPUK

Detected Changes Across Releases

from 3GPP Change Requests

Specific changes extracted from the „Change history“ tables of 3GPP specifications (282 CRs across 5 releases). Complements the general historical overview above with the evidence-based evolution of this function.

Rel-15 34 changes

In Release 15, the PEMC (PIN Element with Management Capability) function was newly introduced as a specific type of Personal IoT Network Element (PINE) with the capability to manage the PIN, with this management supported by an Application Function (AF) if deployed. A key architectural stipulation is that a PIN must include at least one PEMC, and a single UE acting as a PINE may combine the roles of both PEMC and PEGC (PIN Element with Gateway Capability). This enables PIN management traffic, which is part of the communication between PINE, PEGC, PEMC, and the AF, to be carried either directly between PINEs or indirectly via the 5G network.

  • Registration procedure triggered by a change of UE Radio Capability TS 24.501CR0278
  • UE Core Network Capability handling TS 23.501CR0107
  • User Plane management to support interworking with EPS TS 23.501CR0122
  • Management of service area restriction information TS 23.501CR0144
  • Corrections to PFD management TS 23.501CR0210
  • Correction on capability negotiation on "SMS over NAS" TS 23.501CR0305

+ 28 more changes

Rel-16 80 changes

In Release 16, the PEMC function was enhanced through new procedures for exchanging port management capabilities during PDU session establishment and for the transfer of port management information containers, MAC addresses, and DS-TT residence time. Specifically, support was added for the NAS protocol to deliver Ethernet port management information containers, detailing the mechanisms for PIN management traffic. These extensions provided the PEMC with more granular management capabilities for the Personal IoT Network's data and control plane communications.

  • 5GS Logical TSN bridge management TS 23.501CR1002
  • UPF Selection influenced by the indication of the identity/identities of 5G AN N3 User Plane capability TS 23.501CR0862
  • Further detailing of 5G LAN group management TS 23.501CR1052
  • CIoT capability negotiation between UE and network TS 24.501CR0987
  • 5GMM capability for SRVCC from NG-RAN to UTRAN TS 24.501CR1187
  • V2X capability and V2X PC5 capability TS 24.501CR1280

+ 74 more changes

Rel-17 45 changes

In Release 17, the new functionality for the PIN Element with Management Capability (PEMC) was its formal introduction as a defined network role with the specific capability to manage a Personal IoT Network (PIN), with this management being supported by an Application Function (AF) if deployed. This established that a PIN must include at least one PEMC and clarified that a single User Equipment (UE) acting as a PINE could simultaneously fulfill the roles of both a PEMC and a PIN Element with Gateway Capability (PEGC).

  • Adding the usage of Session Management Congestion Control Experience analytics TS 23.501CR2708
  • Alignment of NWDAF discovery of data exposure capability in TS 23.501. TS 23.501CR2759
  • Introduction of MUSIM capability exchange TS 23.501CR2927
  • The impact on UE due to the introduction of Authentication and Key Management for Applications (AKMA) TS 24.501CR2794
  • Add target QoS flow capability for access performance measurement TS 24.501CR3248
  • UE ProSe capability negotiation with 5GC TS 24.501CR3159

+ 39 more changes

Rel-18 87 changes

In Release 18, the new enhancements for the PIN Element with Management Capability (PEMC) function specifically introduced support for QoS management for the Personal IoT Network (PIN). This builds upon the foundational PEMC role, defined as a PINE with the capability to manage the PIN, with management supported by an AF if deployed. The update focuses on enabling the PEMC to manage Quality of Service for PIN communications, which includes both PIN management traffic and data traffic.

  • TS 23.501 Enhancing External Exposure of Network Capability TS 23.501CR3715
  • UPF event exposure service for TSC management TS 23.501CR3720
  • Service area provisioning and LADN aspects for enhanced group management TS 23.501CR3914
  • Considering ML model management capability during ADRF discovery and selection TS 23.501CR3929
  • CN based MT communication capability indication TS 23.501CR4081
  • KI#1: Support the enhancement of group attribute management TS 23.501CR4086

+ 81 more changes

Rel-19 36 changes

In Release 19, the PEMC function was enhanced with clarifications and support for managing PIN elements that are non-3GPP devices, as indicated by the CRs on handling Non-3GPP Device Identifiers. Furthermore, the release provided clarifications on the integration of PEMC management with network policies, specifically regarding the interaction with Local Offloading Management and URSP.

  • KI#1 Architecture for Local Offloading Management TS 23.501CR5752
  • PCF's awareness of I-SMF insertion for Local Offloading Management TS 23.501CR5833
  • Handling of UE capability for MPQUIC-IP and MPQUIC-E steering functionalities TS 23.501CR5844
  • Enhancement of 5G ProSe capability for multi-hop relays TS 24.501CR6552
  • Update 5GMM capability for 5G ProSe multi-hop relays TS 24.501CR6692
  • Inclusion of ATSSS status in related session management messages TS 24.501CR6880

+ 30 more changes

Explore further

Broader topics and technologies where PEMC plays a role.

Topics
SON (Self-Organizing Networks)Mission Critical (MCPTT)NAS (Non-Access Stratum)Lawful InterceptIoT & MTCManagement & Operations

Defining Specifications

3GPP specifications that define or reference PEMC, with the latest known release. Sourced from the 3GPP document catalog — see methodology.

SpecificationTitleRelease
TS 23.501 vk00 5G System Architecture Stage 2 Rel-20
TS 23.542 vk10 Application layer support for Personal IoT Network Rel-20
TS 23.700 vk00 XR Services Application Enablement Layer Rel-20
TS 24.501 vj50 5G NAS Protocols Specification Rel-19
TS 24.583 vj00 Application Layer Support for Personal IoT Network Rel-19
TR 26.806 vi00 Technical Report on Smartly Tethering AR Glasses Rel-18
TS 33.127 vj50 Lawful Interception Architecture and Functions Rel-19