SNN

Serving Network Name

Identifier →
Introduced in Rel-15

SNN is the Serving Network Name, a unique identifier for the 5G serving network derived from the PLMN ID and optionally a NID, used as a key parameter in authentication and security procedures.

Category
Identifier
Introduced
Rel-15
Where
Core Network › 5G Core
Specifications
2 specs
SNN Description Purpose Related Classification Detected Changes Specifications

Description

The Serving Network Name (SNN) is a critical identifier in the 5G System (5GS) defined in 3GPP Release 15 and beyond. It serves as a human-readable and machine-processable name for the network currently serving a User Equipment (UE). The primary purpose of the SNN is to provide an unambiguous identifier for the serving network during authentication and security key derivation procedures, ensuring that security contexts are bound to the correct network.

Architecturally, the SNN is constructed and used by the core network, specifically the Authentication Server Function (AUSF) and the UE. It is derived from the core network identifiers. For a public network, the SNN is typically constructed as "5G:mnc<MNC>.mcc<MCC>.3gppnetwork.org", where MNC and MCC are the Mobile Network Code and Mobile Country Code from the PLMN ID. For a Non-Public Network (NPN), the SNN may additionally include a Network Identifier (NID), formatted as "5G:mnc<MNC>.mcc<MCC>.nid<NID>.3gppnetwork.org". This structure ensures global uniqueness.

During the 5G Authentication and Key Agreement (5G-AKA) or Extensible Authentication Protocol (EAP)-based procedures, the SNN is sent from the network to the UE. The UE and the AUSF both use this SNN as an input parameter (along with other values like the Subscription Permanent Identifier (SUPI)) into the key derivation functions. This binds the generated security keys (like K_AUSF, K_SEAF) specifically to this serving network name. This mechanism prevents key reuse across different networks and enhances security, particularly in scenarios involving network slicing or roaming, by ensuring a cryptographic separation between different serving network contexts.

Purpose & Motivation

The SNN was introduced with 5G in Release 15 to address specific security and identification requirements that were not fully met by previous mechanisms like the Serving Network (SN) identity used in EPS. In 4G EPS, the network identity was implicitly derived from the PLMN ID but wasn't always explicitly and consistently formatted as a named parameter in all security procedures. 5G's enhanced security architecture demanded a more robust and explicit method.

Its creation was motivated by the need for stronger network authentication, support for new network deployment models like Non-Public Networks (NPNs), and the foundational requirements for network slicing. By having a standardized, structured name, the 5G system can more securely anchor the authentication process. It solves the problem of ensuring that the keys generated during authentication are uniquely tied to the specific network (or network slice instance) the UE is accessing, which is crucial for preventing security context confusion, especially in complex multi-operator, multi-slice, or private network environments.

Classification

Part ofNID
Related approachesSUPI

Detected Changes Across Releases

from 3GPP Change Requests

Specific changes extracted from the „Change history“ tables of 3GPP specifications (23 CRs across 5 releases). Complements the general historical overview above with the evidence-based evolution of this function.

Rel-15 6 changes

In Release 15, the specification formally introduced the Serving Network Name (SNN) function for primary authentication, defining its specific format as described in clause 9. The SNN is used as a key input (the AT_KDF_INPUT attribute) in the EAP-request/AKA'-challenge message, and the UE is required to perform an SNN check during this authentication procedure, sending a rejection if the check fails.

  • Initial registration not accepted due to serving network not authorized TS 24.501CR0301
  • Remove the remaining instance of SUPI paging TS 24.501CR0055
  • Serving network name format for primary authentication TS 24.501CR0300
  • Correction to SUPI definition due to NAI format TS 24.501CR0628
  • Limited service and no SUPI states in 5GMM instance for non-3GPP accesst TS 24.501CR0693
  • Issue in SNN TS 24.501CR0860
Rel-16 6 changes

In Release 16, the SNN (Serving Network Name) function was enhanced to support Standalone Non-Public Networks (SNPNs), as indicated by the CR "Serving network name in SNPN." Furthermore, the specification introduced formal "SNN coding" rules and included corrections to the technical references for the SNN to ensure consistency. These updates were part of broader work that also involved serving PLMN rate control mechanisms, though those are separate functions.

  • Serving PLMN rate control, general description TS 24.501CR0972
  • Serving PLMN rate control, activation TS 24.501CR0973
  • Serving network name in SNPN TS 24.501CR1511
  • Serving PLMN rate control at PDU session modification TS 24.501CR1648
  • SNN coding TS 24.501CR2018
  • Correction to serving network name (SNN) reference TS 24.501CR1171
Rel-17 9 changes

In Release 17, the SNN (Serving Network Name) function was enhanced to support authentication and authorization via an AAA-Server for Standalone Non-Public Networks (SNPNs), including scenarios involving onboarding SUPIs. Furthermore, the specifications were extended to define UE behavior for entering the 5GMM-DEREGISTERED.NO-SUPI substate when no valid subscriber data is available and to clarify SNN usage and verification procedures during EAP-AKA' authentication for SNPNs.

  • SNN verification for SNPN supporting AAA-Server for primary authentication and authorization TS 24.501CR3137
  • Extension of SNN description for NSWO TS 24.501CR4123
  • SUPI type of onboarding SUPI TS 24.501CR3849
  • UE enter in substate NO-SUPI TS 24.501CR4327
  • SUPI handling in case of CH using AAA server TS 24.501CR4421
  • Storage of 5GMM parameters mapping with SUPI from USIM for AKA based SNPN TS 24.501CR4424

+ 3 more changes

Rel-18 1 change

In Release 18, a correction was made for the Serving Network Name (SNN) function specifically related to its use in 5G Non-Seamless WLAN Offload (NSWO) scenarios. The SNN, which is provided in the EAP-AKA' authentication challenge, is used by the UE's USIM to successfully authenticate the network. This update ensures the SNN is correctly handled within the authentication procedures for these offload cases.

  • Correction for SNN related to 5G NSWO TS 24.501CR5125
Rel-19 1 change

In Release 19, enhancements were introduced for the Serving Network Name (SNN) function, specifically detailing its critical role in the network authentication process. The specification clarifies that the SNN, in its defined format, is set by the AUSF or AAA server and used as the AT_KDF_INPUT attribute during the EAP-AKA' challenge. Furthermore, it explicitly states that a failed SNN check by the UE's USIM during this procedure leads to the transmission of an EAP-response/AKA'-authentication-reject message, terminating authentication.

  • Restricting access technology of NG-RAN cell serving the UE without loss of PDU sessions while the UE is in connected mode TS 24.501CR6789

Explore further

Broader topics and technologies where SNN plays a role.

Topics
OAM (Operations & Maintenance)Authentication (5G-AKA, EAP)Mission Critical (MCPTT)Roaming & InterconnectEncryption & IntegrityMEC (Edge Computing)
Technologies
LTE5G

Defining Specifications

3GPP specifications that define or reference SNN, with the latest known release. Sourced from the 3GPP document catalog — see methodology.

SpecificationTitleRelease
TS 24.501 vj50 5G NAS Protocols Specification Rel-19
TS 24.890 vg00 5G NAS Protocol for 5GS Stage 3 Rel-16