S-TMSI

SAE Temporary Mobile Subscriber Identity

Identifier →
Introduced in Rel-8 Also in: Radio Access Network

S-TMSI is a temporary identifier assigned by the MME to a UE in the EPS to protect the user's permanent IMSI during signaling procedures like paging, thereby enhancing privacy and reducing radio interface overhead.

Category
Identifier
Introduced
Rel-8
Where
Core Network › Evolved Packet Core
Also touches
1 segments
Specifications
8 specs
S-TMSI Description Purpose Related Classification Detected Changes Specifications

Description

The SAE Temporary Mobile Subscriber Identity (S-TMSI) is a crucial temporary identifier used within the 3GPP Evolved Packet System (EPS). It is constructed and assigned by the Mobility Management Entity (MME) to a User Equipment (UE) upon successful attachment to the network or during a Tracking Area Update (TAU). The S-TMSI serves as a concise alias for the globally unique International Mobile Subscriber Identity (IMSI), with the primary objective of safeguarding subscriber privacy and optimizing radio signaling efficiency. It is used in scenarios where the UE's identity needs to be conveyed over the radio interface, such as during the paging procedure to alert a UE of incoming data, or in the initial Non-Access Stratum (NAS) message of a service request.

Structurally, the S-TMSI is a 40-bit value composed of two main parts: the MME Code (MMEC) and the MME Temporary Mobile Subscriber Identity (M-TMSI). The MMEC is an 8-bit code that uniquely identifies the MME within a group of MMEs (an MME Group, identified by the MME Group ID or GUMMEI). The M-TMSI is a 32-bit number that uniquely identifies the UE within the scope of that specific MME. When combined with the MME Group ID (which is derived from the PLMN ID and the MME Group ID part of the GUMMEI), the S-TMSI allows any network entity to uniquely identify the serving MME for that UE. The S-TMSI is delivered to the UE within the Attach Accept or TAU Accept NAS messages.

From a procedural perspective, the S-TMSI is used extensively. In the paging process, the MME sends a paging message to the eNodeB containing the S-TMSI (or, if not available, the IMSI). The eNodeB then broadcasts the paging message over the air using this S-TMSI. The UE, monitoring the paging channel, recognizes its assigned S-TMSI and initiates a service request procedure. In the initial NAS message of this service request (or during a periodic TAU), the UE includes its S-TMSI, allowing the network to quickly identify the UE's context in the MME without transmitting the full IMSI. This mechanism not only protects the IMSI from eavesdroppers but also reduces the message size on the radio link, conserving valuable radio resources and speeding up connection establishment.

Purpose & Motivation

The S-TMSI was introduced with the EPS in 3GPP Release 8 to address two key shortcomings of previous systems: subscriber identity privacy and signaling efficiency. In pre-LTE systems like GSM and UMTS, the Temporary Mobile Subscriber Identity (TMSI) served a similar purpose, but the S-TMSI was redesigned for the flatter, all-IP architecture of EPS. Its primary purpose is to obfuscate the permanent IMSI, which is a critical privacy concern, as frequent transmission of the IMSI would allow for easy tracking and profiling of subscribers. By using a frequently changing temporary identifier, user location and activity become more difficult to correlate for unauthorized observers.

Furthermore, the S-TMSI solves the problem of signaling overhead. The IMSI is a long, 15-digit identifier. Transmitting it frequently for paging and connection setup consumes significant radio bandwidth. The compact, fixed-length 40-bit S-TMSI drastically reduces the size of signaling messages. Its structure also serves an architectural purpose: by including the MMEC, it provides a efficient routing mechanism within the core network. When an eNodeB or another MME receives an S-TMSI, it can infer the serving MME (or at least the MME pool) without extensive lookups, streamlining procedures like inter-MME handovers. The motivation for its creation was integral to the EPS design goals of improved security, reduced latency, and support for a massive number of devices, making it a foundational element for all subsequent cellular generations, including 5G, where a similar concept (the 5G-S-TMSI) is used.

Classification

Part ofNAS
Specific typesM-TMSI
Related approachesIMSIGUMMEIMME

Detected Changes Across Releases

from 3GPP Change Requests

Specific changes extracted from the „Change history“ tables of 3GPP specifications (33 CRs across 5 releases). Complements the general historical overview above with the evidence-based evolution of this function.

Studied in Rel-8, normative work from Rel-15.

Rel-15 6 changes

In Release 15, the S-TMSI's function was extended to support idle mode mobility between 5GS and EPS through the introduction of a mapped GUMMEI derived from the 5G GUTI. This enabled attach procedures for single-registered UEs operating without an N26 interface. The update also involved corrections to the handling of UE identity transmission in specific NAS message flows.

  • EPS mobile identity and UE status in the ATTACH REQUEST message TS 24.301CR3028
  • Update of UE identity used for attach in S1 mode for single-registered UE without N26 TS 24.301CR3070
  • Correction on transmission failure of IDENTITY RESPONSE message TS 24.301CR3078
  • GUMMEI mapped from 5G GUTI with indication at 5G interworking TS 24.301CR3108
  • [E201] CR to 36.331 on handling of mapped GUMMEI/GUAMI at idle mode mobility between 5GS and EPS TS 36.331CR3592
  • Extending GUMMEI Type TS 36.413CR1644
Rel-16 4 changes

In Release 16, the S-TMSI's role was expanded through the introduction of a "Signalling UE capability identity" for more efficient procedure handling. However, this specific enhancement related to temporary identifier usage at interworking was noted as not being implemented within the release, as its containing work item was incomplete. The update focused on leveraging temporary identifiers within interworking scenarios to signal UE capability.

  • Subscriber RRM Group as additional parameter to SPID/RFSP TS 23.401CR3499
  • Temporary Identifier usage at interworking TS 36.413CR1643
  • Signalling UE capability identity (The CR is not implemented. The CR was marked agreed by mistake while the WI is not yet complete) TS 36.413CR1746
  • Signalling UE capability identity TS 36.413CR1746
Rel-17 14 changes

In Release 17, enhancements to the S-TMSI function were introduced to support MUSIM (Multiple USIM) devices in EPS, primarily through the concept of an IMSI Offset. This offset is negotiated and applied during Attach and Tracking Area Update (TAU) procedures, including scenarios where TAU COMPLETE is not received, and is stored alongside an Alternative IMSI within the MM Context in the MME. The changes also clarified timer handling for the offset and its inclusion in mobility-related TAUs.

  • Introducing IMSI Offset to Attach and TAU procedures for MUSIM handling in EPS TS 24.301CR3527
  • Negotiated IMSI offset and TAU COMPLETE TS 24.301CR3614
  • Negotiated IMSI offset when TAU COMPLETE is not received by network TS 24.301CR3625
  • Storing of alternative IMSI TS 24.301CR3679
  • Clarification on removing condition of paging restriction and IMSI Offset TS 23.401CR3652
  • Adding Alternative IMSI to the MM Context in the MME TS 23.401CR3677

+ 8 more changes

Rel-18 6 changes

In Release 18, enhancements to S-TMSI-related procedures were introduced, including specific handling for the UE identity during USIM removal in an Attach or Tracking Area Update (TAU) procedure. Furthermore, updates were made to address abnormal cases and protocol configuration options related to DN-specific identities within the PDN CONNECTIVITY REQUEST and other ESM procedures. These changes also involved corrections to timers, such as the periodic and mobile reachable timers, based on User Plane (UP) states.

  • Include DN-specific identity in PDN CONNECTIVITY REQUEST TS 24.301CR3861
  • Indicating the SDNAEPC DN-specific identity in the protocol configuration options TS 24.301CR3886
  • Correction to determination of periodic timer, mobile reachable timer based on UP and start of UP TS 24.301CR3996
  • Abnormal case for SDNAEPC related to DN-specific identity TS 24.301CR4011
  • UE identity handling in case of a USIM removal during an Attach or TAU procedure TS 24.301CR4024
  • Custom throttling to temporary failed ESM procedure TS 24.301CR4053
Rel-19 3 changes

In Release 19, specific updates were made to procedures involving the S-TMSI and idle mode management, focusing on timer adjustments for the mobile reachable timer and the implicit detach timer. These changes aimed to correct and refine the behavior of these timers, which are crucial for tracking UE reachability and managing network resources. Additionally, a correction was introduced regarding the handling of an invalid EPS bearer identity within the Data container Information Element of the EMM TRANSPORT message.

  • The adjustment of mobile reachable timer or the implicit detach timer TS 24.301CR4343
  • Invalid EPS bearer identity in the Data container IE in the EMM TRANSPORT message TS 24.301CR4494
  • Correction to the mobile reachable timer TS 24.301CR4656

Explore further

Broader topics and technologies where S-TMSI plays a role.

Topics
Authentication (5G-AKA, EAP)IMS & Voice (VoLTE, VoNR)NAS (Non-Access Stratum)Privacy (SUPI, SUCI)MEC (Edge Computing)LTE / LTE-Advanced
Technologies
LTE5G

Defining Specifications

3GPP specifications that define or reference S-TMSI, with the latest known release. Sourced from the 3GPP document catalog — see methodology.

SpecificationTitleRelease
TR 21.905 vj00 3GPP Technical Terms and Definitions Rel-19
TS 23.401 vj50 Evolved Packet System (EPS) Stage 2 Description Rel-19
TS 24.301 vj60 NAS protocol for Evolved Packet System Rel-19
TS 24.801 v810 CT1 SAE NAS Aspects for EPC Rel-8
TS 33.401 vj10 EPS Security Architecture Rel-19
TS 36.331 vj00 LTE RRC Protocol Specification Rel-19
TS 36.401 vj00 E-UTRAN Overall Architecture Description Rel-19
TS 36.413 vj10 S1 Application Protocol (S1AP) Rel-19