PIN

Personal Identification Number

Security →
Introduced in Rel-2 Also in: Core Network, User Equipment, Security, Radio Access Network

PIN is a numeric password used in 3GPP to authenticate a user and secure SIM/USIM cards, device access, and network services, preventing unauthorized use.

Category
Security
Introduced
Rel-2
Where
Services › Codecs
Also touches
4 segments
Specifications
35 specs
PIN Description Purpose Related Classification Detected Changes Specifications

Description

The Personal Identification Number (PIN) is a core security concept in 3GPP systems, serving as a secret numeric code used for authentication and access control. Primarily, it is associated with the Subscriber Identity Module (SIM) or Universal SIM (USIM) card inserted into a mobile device. The PIN locks the SIM/USIM itself; if enabled, the user must enter the correct PIN to unlock the card and allow the mobile equipment to access the network services stored on it. This prevents unauthorized use of the SIM if the device is lost or stolen. There are typically two PINs: PIN1 (the standard PIN) and PIN2 (used for certain advanced functions like fixed dialing numbers). The PIN is stored securely on the SIM/USIM and is verified locally by the card; it is not transmitted over the network, enhancing security. Beyond SIM locking, PIN concepts extend to service access, such as PIN authentication for value-added services or as part of two-factor authentication schemes. The management of PINs includes capabilities to enable/disable PIN checking, change the PIN, and handle PIN unblocking using a PUK (PIN Unblocking Key) if the PIN is entered incorrectly too many times. Architecturally, the PIN verification is handled between the Mobile Equipment (ME) and the SIM/USIM via standardized commands (e.g., ENTER PIN). The network operator can set initial PIN values and PUKs. PINs are a critical element in the 3GPP security framework, protecting subscriber identity and subscription data at the physical card level.

Purpose & Motivation

The PIN was introduced from the earliest GSM releases (Rel-2) to address the fundamental security problem of protecting the physical SIM card and the subscriber's identity. Without a PIN, a SIM card could be used freely in any device, leading to fraud and unauthorized access to network services. The PIN provides a simple, user-managed layer of protection for the subscription. It solves the issue of device theft or loss by ensuring the SIM itself is locked. Over releases, the PIN concept evolved to support more complex services and management capabilities, reflecting its role as a basic but vital authentication element. Its persistence across all releases underscores its enduring importance in mobile security, even as more advanced authentication like biometrics emerge. The extensive list of specifications referencing PIN highlights its integration into subscription management, service access, device management, and security procedures.

Classification

Specific typesDPPEMCPEGCPUK
Related approachesSIMUSIMPUK

Detected Changes Across Releases

from 3GPP Change Requests

Specific changes extracted from the „Change history“ tables of 3GPP specifications (253 CRs across 6 releases). Complements the general historical overview above with the evidence-based evolution of this function.

Studied in Rel-2, normative work from Rel-15.

Rel-15 33 changes

In Release 15, the PIN function itself was not a primary focus of new introductions. The release's updates concerning the USIM and subscriber module functionality were centered on enabling new 5G capabilities, such as enhancing USIM configuration data to support mission-critical services and updating the USIM Service Table to provide PDU session call control support. These changes built upon the existing, unchanged PIN mechanism for user authentication, which remained defined as the verification of a numeric PIN of four to eight decimal digits.

  • How to determine the maximum number of established PDU sessions TS 24.501CR0077
  • UE configuration for NAS signalling low priority via OMA-DM or USIM not applicable in 5GS TS 24.501CR0084
  • Preferred list terminating at ME or USIM TS 24.501CR0212
  • Addition of the extended emergency number list in AT-command +CEN TS 27.007CR0564
  • USIM Service Table update for PDU session call control support TS 31.102CR0786
  • Allow configuration of MCS (Access Identity 2) via USIM. TS 31.102CR0794

+ 27 more changes

Rel-16 31 changes

In Release 16, the PIN function itself was not modified, but the release introduced new USIM configuration capabilities for network selection and access. Specifically, it added support for the USIM to store a Trusted non-3GPP access networks list and to configure an RLOS (Radio Layer Only Service) PLMN list and an RLOS allowed MCC list. These enhancements allowed the USIM to govern network connectivity parameters beyond the core user authentication PIN procedure.

  • Add new general abbreviations MCC Note: CR cover sheet wrongly shows CR number as "1118". TS 21.905CR0118
  • Identification of LTE-M (eMTC) traffic TS 23.501CR1363
  • Support for USIM configuration of RLOS PLMN list TS 31.102CR0847
  • URSP storage in USIM TS 31.102CR0861
  • Specify storage for a potentially separate KSEAF for non-3gpp access on the USIM TS 31.102CR0864
  • USIM configuration of RLOS allowed MCC list TS 31.102CR0881

+ 25 more changes

Rel-17 63 changes

In Release 17, the primary new PIN-related functions involved the introduction of new USIM files for storing network configuration data, rather than changes to the core PIN authentication mechanism itself. Specifically, new USIM files were defined to store pre-configured CAG (Closed Access Group) information lists and SOR-CMCI (Steering of Roaming - Connected Mode Control Information) parameters. These additions expanded the USIM's role in storing network policy and access configuration data to support new 5G system features.

  • Definitions and abbreviations for Multi-USIM in 5GS TS 24.501CR3119
  • Using Service Request procedure for removing paging restrictions in 5GS for a Multi-USIM UE TS 24.501CR3226
  • Multi-USIM UE support indications in 5GS TS 24.501CR3121
  • S-NSSAI rejected due to maximum number of UEs reached and BO timer value TS 24.501CR3123
  • Maximum number of established PDU sessions already reached for a NW slice TS 24.501CR3213
  • IP Address and Port number Replacement IE in EAS Discovery procedure with Local DNS Server/Resolver TS 29.244CR0610

+ 57 more changes

Rel-18 103 changes

In Release 18, the Personal Identification Number (PIN) function was extended from its traditional USIM-centric role to become a native network capability within the 5G Core (5GC). New specifications were introduced for PIN communication configuration, PIN policy configuration, and support for QoS management and traffic routing for PIN-related communications. This release also defined PIN architecture, identifiers, and procedures for a UE to request to be added to a PIN.

  • Adding leftover PIN requirement to normative spec TS 22.261CR0622
  • Requirements on PIN element discovery restriction TS 22.859CR0001
  • Addition of consolidated requirements for use case on PIN element discovery restriction TS 22.859CR0017
  • UE requesting to be added to a PIN TS 22.859CR0018
  • Reference point numbers for charging TS 23.501CR3752
  • PIN support in 5GC TS 23.501CR3854

+ 97 more changes

Rel-19 21 changes

In Release 19, the Personal Identification Number (PIN) function was enhanced with the introduction of a "PIN element discovery" capability. Furthermore, specific corrections and clarifications were made to PIN-related procedures, including a correction for the "PIN service switch configure procedure" and clarifications on "URSP rule limitations with PIN."

  • Enhancement of getting public UE IP address and port number TS 23.501CR5445
  • Support PDU Set information identification based on MoQ for encrypted XRM traffic TS 23.501CR5632
  • PDU Set Information Identification for end-to-end encrypted traffic using connect-UDP - architecture part TS 23.501CR5728
  • PIN element discovery TS 23.542CR0061
  • PDU set identification for non-3GPP access TS 24.501CR6577
  • Identification and marking of Data Burst Size in DL GTP-U packets TS 29.244CR0892

+ 15 more changes

Rel-20 2 changes

In Release 20, the PIN function was enhanced to support complex tethered device scenarios, addressing the identification of INS cases and the hosting operator. This builds upon the existing framework where the USIM authenticates the user via a numeric PIN and manages PIN blocking and unblocking procedures. The update specifically extends these mechanisms to accommodate more intricate device attachment and operator hosting situations.

  • Identification of INS case and hosting operator TS 23.501CR6423
  • PIN enhance to support for complex tethered device scenarios TS 23.542CR0068

Explore further

Broader topics and technologies where PIN plays a role.

Topics
SON (Self-Organizing Networks)Authentication (5G-AKA, EAP)MEC (Edge Computing)Lawful InterceptServices & ApplicationsManagement & Operations

Defining Specifications

3GPP specifications that define or reference PIN, with the latest known release. Sourced from the 3GPP document catalog — see methodology.

SpecificationTitleRelease
TS 21.111 vj00 USIM and UICC Requirements for 3G Rel-19
TS 21.133 v1400 3G Security Requirements Rel-5
TR 21.905 vj00 3GPP Technical Terms and Definitions Rel-19
TS 22.101 vk00 Service Principles for PLMNs Rel-20
TS 22.105 vj00 Telecommunication Services Framework Rel-19
TS 22.153 vk00 Multimedia Priority Service (MPS) requirements Rel-20
TS 22.261 vk30 5G System Service Requirements Rel-20
TR 22.854 vh10 Feasibility Study on Multimedia Priority Service - Phase 2 Rel-17
TR 22.859 vi20 Technical Report Rel-18
TR 22.950 vj00 Feasibility Study on Priority Service Rel-19
TR 22.953 vj00 Multimedia Priority Service Feasibility Study Rel-19
TS 23.501 vk00 5G System Architecture Stage 2 Rel-20
TS 23.542 vk10 Application layer support for Personal IoT Network Rel-20
TS 23.700 vk00 XR Services Application Enablement Layer Rel-20
TS 24.501 vj50 5G NAS Protocols Specification Rel-19
TS 24.583 vj00 Application Layer Support for Personal IoT Network Rel-19
TS 25.123 vj00 Radio Resource Management for TDD Rel-19
TS 25.133 vj00 UTRAN RRM Requirements for FDD Rel-19
TR 26.806 vi00 Technical Report on Smartly Tethering AR Glasses Rel-18
TS 27.007 vj40 AT Command Set for UE Rel-19
TS 29.244 vj40 PFCP Specification for Control/User Plane Separation Rel-19
TS 29.502 vj50 5G System; Nsmf Service Based Interface; Stage 3 Rel-19
TS 29.503 vj50 UDM Service Based Interface Stage 3 Rel-19
TS 29.525 vj40 5G UE Policy Control Service Stage 3 Rel-19
TS 29.583 vj00 PINAPP Stage 3 Protocol for PIN-9 Interface Rel-19
TS 31.102 vj40 USIM Application Specification Rel-19
TS 31.103 vj00 ISIM Application Specification Rel-19
TS 31.105 vj10 Slice Subscriber Identity Module (SSIM) Application Rel-19
TS 31.113 v1800 USAT Interpreter Byte Code Specification Rel-8
TS 31.121 vi50 UICC-terminal interface test specification Rel-18
TS 31.220 vj00 Contact Manager for UICC Applications Rel-19
TR 31.900 vj00 3GPP TS 31.900: Security Interworking Guidance Rel-19
TS 32.808 v1800 Common User Profile Storage Framework Rel-8
TS 33.127 vj50 Lawful Interception Architecture and Functions Rel-19
TR 33.882 vi01 Technical Report on 5G Security for Personal IoT Networks Rel-18