Description
The Provisioning Server (PVS) is a standardized network function introduced in 5G System (5GS) architecture, operating within the management and enabling framework. Its primary role is the secure, reliable, and efficient delivery of provisioning information to User Equipment (UE). This information is diverse and can include initial bootstrap configuration for devices (especially crucial for IoT), policy parameters, service-related configuration data, updates for applications on the UE, and parameters for network slice selection. The PVS interacts with other 5G core network functions and external entities like application servers or device management platforms.
Architecturally, the PVS is defined as an application server that communicates with the UE via the 5G core network. A key protocol for this communication is the Provisioning Protocol, which can be based on HTTPS or CoAP for constrained IoT devices. The UE discovers and connects to the PVS using information that may be pre-configured, derived from the UICC, or provided by the network during registration (e.g., via the UDM or PCF). The 5G core network, specifically the Network Exposure Function (NEF), often acts as an intermediary or enabler, providing a secure API-based interface for external Application Functions (AFs) to request the delivery of provisioning data to specific UEs via the PVS.
The provisioning process typically involves several steps. First, the UE triggers provisioning, often at initial power-on or based on a policy. It establishes a secure connection (e.g., TLS/DTLS) to the PVS, authenticated using 5G credentials. The PVS, which may have received provisioning instructions from an external management system, then delivers a structured data package (e.g., a JSON object) to the UE. The UE's provisioning client processes this data, applying the configuration to the relevant subsystems (e.g., updating connectivity policies, configuring an application, or storing service parameters). The PVS supports both push and pull models of data delivery and can handle acknowledgements and error reporting, ensuring the provisioning transaction is complete and successful.
Purpose & Motivation
The PVS was created to address the critical need for scalable, automated, and secure remote device provisioning in 5G, a system designed to support a massive number of diverse devices, from smartphones to massive IoT sensors. Traditional manual provisioning or device-specific management protocols were insufficient for this scale and heterogeneity. The PVS provides a unified, standards-based mechanism within the 5G architecture.
It solves several key problems. First, it enables zero-touch provisioning for IoT devices, allowing them to be deployed in the field and automatically receive their operational configuration from the network, drastically reducing operational costs. Second, it allows for dynamic updates of policies and service parameters without requiring a full device firmware update or user intervention, enabling flexible service delivery. Third, it provides a secure channel for delivering sensitive configuration data, leveraging 5G's robust authentication and security framework. Its introduction was motivated by the vision of network slicing and service-based architecture, where a device's configuration may need to be tailored for specific network slices or applications on-the-fly. The PVS is a foundational enabler for efficient device lifecycle management in the 5G era.
Classification
Detected Changes Across Releases
from 3GPP Change RequestsSpecific changes extracted from the „Change history“ tables of 3GPP specifications (111 CRs across 6 releases). Complements the general historical overview above with the evidence-based evolution of this function.
In Release 15, the Provisioning Server (PVS) function was newly introduced to enable the remote provisioning of network credentials to a UE for Standalone Non-Public Network (SNPN) access. The release also specified support for the provisioning of credentials used for secondary authentication and authorization by an external DN-AAA server. Furthermore, capabilities for provisioning Access Network Discovery and Selection Policy (ANDSP) for non-3GPP access and Network Slice Selection Policy (NSSP) were introduced.
In Release 16, the Provisioning Server (PVS) function was enhanced to support the remote provisioning of credentials for secondary authentication/authorization over a User Plane, requiring the UE to establish a PDU session to access the provisioning server. Additionally, new provisioning capabilities were introduced, including the provisioning of satellite coverage availability information to the UE via PDU session or SMS to support discontinuous satellite access operations. The release also defined provisioning interactions for Non-Seamless WLAN Offload (NSWO) authentication using credentials from a Credentials Holder via a 5G Core AAA server.
- NEF service for service specific parameter provisioning TS 23.501CR0878
- External parameters provisioning to the 5GS TS 23.501CR0898
- Provisioning of DNS server security information to the UE TS 24.008CR3226
- Provisioning of an allowed CAG list and a CAG access only indication TS 24.501CR1056
- UPDS updates enabling UE-requested V2X policy provisioning procedure TS 24.501CR1692
- Provisioning of DNS server security information to the UE TS 24.501CR2345
+ 6 more changes
In Release 17, the Provisioning Server (PVS) function was enhanced to support remote credential provisioning for Standalone Non-Public Networks (SNPNs) and for secondary authentication/authorization via the User Plane. Key additions include enabling a restricted PDU Session specifically for remote UE provisioning and providing PVS address information to the UE during PDU session establishment for onboarding purposes. The release also introduced mechanisms for the Default Credentials Server (DCS) to supply the PVS address and for provisioning parameters related to disaster roaming.
- SNPN support AAA Server for primary authentication and authorization TS 23.501CR2611
- Enabling restricted PDU Session for remote provisioning of UE via User Plane TS 23.501CR2709
- Remote provisioning of credentials for NSSAA or secondary authentication/authorisation TS 23.501CR2714
- User Plane Remote Provisioning of UEs if PLMN as ON TS 23.501CR2802
- UE configuration for remote provisioning TS 23.501CR2832
- Use UPF to transfer DNS message between EASDF and DNS server TS 23.501CR3186
+ 50 more changes
In Release 18, the Provisioning Server (PVS) function was enhanced with new capabilities for satellite and non-public network access. Key additions include the provisioning of satellite coverage availability information to both the UE and the AMF to support discontinuous coverage operations, and the support for WLANSP provisioning within an SNPN. Furthermore, the release introduced architectural support for authenticating Non-seamless WLAN offload using credentials from a Credentials Holder via a 5G Core AAA Server.
- Service area provisioning and LADN aspects for enhanced group management TS 23.501CR3914
- Support URSP provisioning in EPS TS 23.501CR3924
- KI#3: provisioning of traffic characteristics and monitoring of performance characteristics TS 23.501CR4087
- Support URSP provisioning in EPS TS 23.501CR4253
- Provisioning Satellite Coverage Availability to the AMF TS 23.501CR4302
- URSP provisioning in EPS - support indicators TS 24.008CR3335
+ 20 more changes
In Release 19, the Provisioning Server (PVS) function was enhanced with new capabilities for provisioning Closed Access Group (CAG) information to enable SNPN access, alongside clarifications for its roaming support. The release also introduced provisioning support for parameters like Data Burst Size and Time to Next Burst to the NG-RAN, and enabled the provisioning of a Multi-modal Service ID. Furthermore, it provided clarifications on UPSec and AF provisioning, and corrected procedures for UPF-provided DNS server information to the SMF.
- Local Offloading Policy provisioning TS 23.501CR5463
- Support of Data Burst Size provisioning to NG-RAN TS 23.501CR5784
- Support of Time to Next Burst provisioning to NG-RAN TS 23.501CR5785
- CAG information provisioning TS 23.501CR5808
- CAG information Provisioning clarification of roaming support TS 23.501CR5856
- Provisioning Multi-modal Service ID to NG-RAN TS 23.501CR6148
+ 7 more changes
In Release 20, the specification for the Provisioning Server (PVS) was updated by removing editor's notes related to VFL server registration, providing a cleaner and more definitive technical description. This change specifically streamlined the documentation surrounding server registration processes. No new procedures, interfaces, or capabilities for the PVS were introduced in this release beyond this editorial clarification.
- Removal of editor's notes related to VFL server registration TS 23.501CR6488
Explore further
Broader topics and technologies where PVS plays a role.
Defining Specifications
3GPP specifications that define or reference PVS, with the latest known release. Sourced from the 3GPP document catalog — see methodology.
| Specification | Title | Release |
|---|---|---|
| TS 23.501 vk00 | 5G System Architecture Stage 2 | Rel-20 |
| TS 24.008 vj50 | 3GPP TS 24008: Core Network Protocols | Rel-19 |
| TS 24.501 vj50 | 5G NAS Protocols Specification | Rel-19 |