Unified Data Management

Description

The Unified Data Management (UDM) function is a critical component of the 5G Core Network (5GC) based on the Service-Based Architecture (SBA). It serves as the centralized repository and management point for subscriber-related data. The UDM is responsible for storing and managing long-term subscription information, including user identities, security credentials, service profiles, and policy-related data. It interacts with other network functions through standardized service-based interfaces, primarily using HTTP/2 with JSON or CBOR encoding. The UDM's primary roles include authentication credential processing, user identification handling, access authorization, and subscription data management.

Architecturally, the UDM is a software-based network function that can be deployed in cloud environments. It often works in conjunction with the Unified Data Repository (UDR), which provides the actual persistent storage for the subscriber data. The UDM contains the application logic to process and manage this data, while the UDR acts as the database. Key internal components include the Authentication Credential Repository and Processing Function (ARPF), which stores long-term keys and runs authentication algorithms, and subscription data management logic. The UDM exposes its capabilities as services to other NFs, such as Nudm_UEAuthentication for authentication, Nudm_SubscriberDataManagement for subscription data, and Nudm_EventExposure for monitoring subscriber events.

How it works: When a user equipment (UE) attempts to register with the 5G network, the Access and Mobility Management Function (AMF) contacts the UDM. The UDM's ARPF generates authentication vectors (using the 5G Authentication and Key Agreement (5G-AKA) or EAP-AKA' procedures) and provides them to the AMF via the AUSF. For session establishment, the Session Management Function (SMF) retrieves the user's subscription data and policy profile from the UDM to determine allowed services, QoS parameters, and charging rules. The UDM also manages the binding between the user's permanent subscription identifier (SUPI) and the temporary identifier (SUCI) used for privacy, and it tracks the serving AMF for each subscriber to route signaling messages correctly.

Its role is central to network security, service personalization, and mobility management. By centralizing subscriber data, the UDM enables consistent policy enforcement across the network, supports seamless mobility and session continuity, and provides a single point of truth for user profiles. This is essential for advanced 5G features like network slicing, where the UDM provides the slice selection subscription information. Furthermore, its service-based design allows for flexible integration, scalability, and support for new services, forming the foundation for subscriber management in the 5G era.

Purpose & Motivation

The UDM was created to address the limitations of legacy subscriber data management in pre-5G networks, which was fragmented across different network elements. In 4G EPC, functions like the Home Subscriber Server (HSS) managed user profiles and authentication, but the architecture was node-based and less flexible. The proliferation of diverse 5G services, IoT, and network slicing demanded a more agile, scalable, and unified approach to data management.

The primary problem the UDM solves is the centralization and standardization of subscriber data handling. It consolidates functions previously spread across the HSS, Home Location Register (HLR), and other entities into a single, cloud-native network function. This unification simplifies operations, reduces data duplication, and provides a consistent view of the subscriber to all other core network functions. Its creation was motivated by the shift to the Service-Based Architecture (SBA), which requires network functions to expose capabilities as reusable services.

Historically, the UDM evolved from the HSS/HLR concepts but with a fundamental architectural redesign. It enables dynamic subscription management, real-time policy updates, and efficient support for massive numbers of IoT devices. By separating the application logic (UDM) from storage (UDR), it allows independent scaling and leverages modern cloud and software-defined networking principles. This addresses the need for a more programmable, automated, and service-aware core network capable of supporting the wide array of use cases envisioned for 5G and beyond.

Key Features

• Centralized repository and management for 3GPP subscriber data
• Generates authentication vectors and manages security credentials via ARPF
• Stores subscription profiles including service, policy, and slice selection data
• Provides service-based interfaces (e.g., Nudm) to other 5GC network functions
• Manages binding between permanent (SUPI) and concealed (SUCI) subscriber identities
• Supports network slicing by providing slice-specific subscription information

Evolution Across Releases

Defining Specifications