NW 3GLTEInfo

4G, 5G, 6G, Wireless technologies - Tools, Tutorials and Updates

Home / Call Flows / 5g-identity-request-procedure

5G Identity Request Procedure Explained

call-flow 5G NR | 5GC | NAS | Security

Introduction

The Identity Request procedure in 5G networks is used by the network to request the identity of a User Equipment (UE) when the network cannot determine the subscriber identity from the initial signaling.

This procedure typically occurs during:

  • Initial Registration
  • Mobility Registration Update
  • Service Request procedures

The identity procedure allows the network to obtain identifiers such as:

  • SUCI (Subscription Concealed Identifier)
  • SUPI (Subscription Permanent Identifier)
  • 5G-GUTI (Globally Unique Temporary Identifier)

The procedure is defined by the 3rd Generation Partnership Project in TS 24.501 - NAS Protocol.

5G Identity Request procedure call flow diagram showing UE, gNB, and AMF signaling

Why Identity Request Is Needed

In many scenarios the UE may not send its full identity during the first message exchange.

The network may request identity when:

  • the UE identity is unknown
  • the temporary identity is not recognized
  • the UE context is lost
  • the UE moves between network regions

This ensures that the network can properly authenticate and authorize the subscriber.

Network Elements Involved

UE (User Equipment)

Responds to the identity request and sends its identifier.

gNB (5G Base Station)

Provides radio connectivity and forwards NAS signaling.

AMF (Access and Mobility Management Function)

Initiates the identity request procedure when the UE identity must be verified.

Interfaces Used

Interface Description
NR-UuRadio interface between UE and gNB
N1NAS signaling between UE and AMF
N2Control plane between gNB and AMF

Identity Request Call Flow

Below is the simplified message sequence for the Identity Request procedure.

UE                gNB                AMF
 |                 |                  |
 |                 |<--Identity Request
 |<--Identity Request---------------|
 |---Identity Response-------------->|
 |                 |----N2---------->|

The AMF requests the UE identity and the UE responds with the appropriate identifier.

Step-by-Step Explanation

Step 1: Network Detects Unknown UE Identity

During procedures such as Registration, the network may not recognize the UE’s identity.

Examples include:

  • invalid 5G-GUTI
  • UE context not available in AMF
  • UE moved to a different AMF region

The AMF then triggers the Identity Request procedure.

Important parameters to check

Engineers should verify:

  • received UE identity type
  • GUTI validity
  • AMF context lookup result

Step 2: Identity Request Message

The AMF sends an Identity Request NAS message to the UE.

This message specifies the identity type requested.

Possible identity types include:

Identity Type Description
SUCIConcealed subscriber identity
SUPIPermanent subscriber identity
5G-GUTITemporary identity

Important parameters to check

Check:

  • identity type requested
  • security context status
  • NAS message integrity

Step 3: Identity Response

The UE sends an Identity Response message containing the requested identifier.

Examples include:

  • SUCI generated by the USIM
  • stored 5G-GUTI

This allows the network to correctly identify the subscriber.

Important parameters to check

Verify:

  • identity value format
  • SUCI encryption scheme
  • identity consistency

Step 4: Identity Processing

After receiving the identity, the AMF performs:

  • subscriber lookup in UDM
  • authentication preparation
  • context creation

The registration procedure can then continue normally.

Common Identity Types in 5G

Identity Purpose
SUPIPermanent subscriber identity
SUCIEncrypted SUPI used for privacy
5G-GUTITemporary identifier assigned by the network

One key improvement in 5G is the use of SUCI, which protects the permanent subscriber identity from being exposed over the air.

When Identity Request Happens

The Identity Request procedure commonly occurs during:

  • Initial Registration
  • Mobility Registration Update
  • Service Request
  • Network re-authentication

Troubleshooting Identity Request Issues

UE Does Not Respond to Identity Request

Possible causes:

  • NAS message decoding failure
  • UE software issue
  • security context mismatch

Network Rejects Identity

Possible causes:

  • unknown subscriber
  • incorrect SUCI format
  • roaming restrictions

Identity Request Repeated

Possible reasons:

  • AMF context lost
  • incorrect temporary identity
  • network configuration errors

Key NAS Messages

Message Purpose
Identity RequestNetwork asks for UE identity
Identity ResponseUE provides requested identity

Relevant 3GPP Specifications

The identity procedure is defined in:

  • TS 24.501 - NAS Protocol
  • TS 23.502 - 5G System Procedures
  • TS 33.501 - 5G Security Architecture

Published by the 3rd Generation Partnership Project.

Summary

The 5G Identity Request procedure allows the network to retrieve the correct identity of a UE when the identity cannot be determined from the initial signaling.

This ensures that the network can:

  • authenticate the subscriber
  • retrieve subscriber data
  • continue registration or service procedures

The introduction of SUCI in 5G significantly improves subscriber privacy by preventing permanent identifiers from being transmitted in clear text.