Message Fact Sheet

Protocol	nas	Network	5g
Spec	3GPP TS 24.501	Spec Section	8.2.10
Direction	AMF to UE	Message Type	5GMM signaling

Full message name	5G NAS - Identity Request
Protocol	NAS
Technology	5G
Direction	AMF to UE
Interface	N1
Signaling bearer / channel	NAS signaling / Dedicated NAS message, commonly transported via DL Information Transfer
Typical trigger	Sent when the AMF cannot proceed using the identity already available from Registration Request or later mobility context.
Main purpose	Requests the exact UE identity the AMF needs before it can continue authentication, registration, security handling, or policy decisions.
Main specification	3GPP TS 24.501, 8.2.10
Release added	Release 15
Procedures where used	5G Initial Registration, Mobility Registration Update, Service Request
Related timers	T3570
Related cause values	Identity type requested

What is Identity Request in simple terms?

Identity Request is the NAS message the network sends when it needs the UE to provide a specific identity such as SUCI, 5G-GUTI-related context, IMEI, IMEISV, or other identity information.

Requests the exact UE identity the AMF needs before it can continue authentication, registration, security handling, or policy decisions.

Why this message matters

Identity Request is the network asking the UE to provide a specific identity before the procedure can continue.

Where this message appears in the call flow

5G Initial Registration

Call flow position: Network query step after Registration Request when the identity available from the UE is not sufficient for the AMF to continue.

Typical state: UE is trying to enter or refresh 5GMM context, but the network needs more identity information first.

Preconditions:

The AMF has received a NAS request but requires a different or more explicit UE identity.

Next likely message: Identity Response

Mobility Registration Update

Call flow position: Identity clarification step when existing temporary context is not enough for the update procedure.

Typical state: UE has some prior context, but the AMF cannot rely on it directly.

Preconditions:

The AMF needs stronger or alternate identity confirmation.

Next likely message: Identity Response or Authentication Request

Call flow position

Previous message(s): Registration Request, Service Request, Mobility management context evaluation

Next message(s): Identity Response, Authentication Request, Registration Reject

Message direction and transport

Sender and receiver: AMF to UE

Interface: N1

Domain: Core-side mobility management signaling with access-side NAS transport dependency

Signaling bearer: NAS signaling

Logical channel: Dedicated NAS message, commonly transported via DL Information Transfer

Transport / encapsulation: NAS 5GS message carried end-to-end between AMF and UE

Security context: Can appear before full NAS security is active, especially in fresh registration flows where the network still needs identity clarification.

Message Structure Overview

Identity Request is a short NAS 5GMM query message whose main operational value is in the requested identity type.
Engineers usually inspect why the AMF could not continue using the identity already present in the earlier NAS exchange.

Structure Syntax

This message is not typically analyzed as ASN.1 on the wire. Engineers usually inspect it as a NAS or protocol field decode rather than an ASN.1 tree.

Identity Request follows NAS 24.501 encoding rather than ASN.1 syntax.

Decoded Message Dump

Identity Request
  Extended Protocol Discriminator: 5G Mobility Management
  Security Header Type: Plain NAS
  Message Type: Identity Request
  Identity Type: SUCI

How to read this dump

The key field is the requested identity type because it explains what the AMF still needs from the UE.
The message is most useful when correlated with the preceding Registration Request and the following Identity Response.

Important Information Elements

IE	Required	Description
`Identity type`	Yes	Tells the UE exactly which identity the network wants, such as SUCI, 5G-GUTI-related identity, IMEI, or IMEISV.

Detailed field explanation

`Identity type`

Tells the UE exactly which identity the network wants, such as SUCI, 5G-GUTI-related identity, IMEI, or IMEISV.

Presence: Required

What to check in logs and traces

Check which identity type the network requested.
Confirm whether the earlier NAS message already carried an identity and why it may not have been sufficient.
Correlate the message with the later Identity Response and Authentication Request.
Inspect whether the request is plain or protected NAS and whether that matches the procedure stage.

Common Issues and Troubleshooting

Registration stalls after Registration Request and the UE receives Identity Request.

Likely cause: The AMF could not proceed using the identity available in the earlier NAS exchange.

What to inspect: Check the requested identity type, the prior UE identity form, and whether the UE answers with Identity Response.

Next step: Compare the identity path with a known-good trace and confirm that the UE provides the requested identity format.

Identity Request repeats unexpectedly.

Likely cause: The Identity Response may be missing, malformed, or not accepted by the network.

What to inspect: Check the returned identity contents and the uplink NAS transport path.

Next step: Move analysis to Identity Response and subsequent Authentication Request / Reject handling.

Detailed explanation

5G NAS - Identity Request Explained

Identity Request is the NAS message the network sends when it needs the UE to provide a specific identity before the AMF can continue the current procedure. It commonly appears during registration when the identity already available from the UE is not sufficient for authentication, policy handling, or mobility-management context decisions.

For beginners, the simple meaning is: the network is asking the UE to identify itself more clearly.
For engineers, this message is one of the key branching points in registration analysis because it explains why the AMF did not move directly from Registration Request into authentication or accept handling.

What is Identity Request in simple terms?

The UE already sent a NAS message, such as Registration Request, but the network still needs a particular identity value. The AMF sends Identity Request to ask for that identity explicitly.

Why Identity Request matters

This message matters because it shows the AMF could not continue using only the identity context it already had. That can happen because:

the earlier identity form was not enough for the procedure
temporary identity context was missing or unusable
the network needed a different explicit identity type

If engineers miss this step, later authentication or reject behavior can look confusing.

Where Identity Request appears in the call flow

UE                              gNB / AMF
|--- Registration Request ------>|
|<-- Identity Request -----------|
|--- Identity Response --------->|
|<-- Authentication Request -----|

It most commonly appears in registration flows, but it can also appear in other 5GMM procedures that depend on clearer UE identity.

Transport characteristics

Direction: AMF to UE
Interface: N1
Transport on access side: commonly via DL Information Transfer
Security expectation: often plain NAS during early registration, though the exact protection state depends on the procedure stage

What Identity Request means operationally

Operationally, Identity Request tells engineers that the AMF is pausing the main registration or service path until it gets a more useful identity from the UE. It is not a reject by itself. It is a clarification step.

The first useful question is: what identity type did the AMF ask for, and why did it need that instead of what it already had?

Important Information Elements

IE	Why it matters
`Identity type`	Tells you exactly what identity the network expects the UE to return next.

Example message dump

Identity Request
  Extended Protocol Discriminator: 5G Mobility Management
  Security Header Type: Plain NAS
  Message Type: Identity Request
  Identity Type: SUCI

How to read this dump

Read the requested Identity Type first.
Then go back to the earlier UE NAS message and see what identity was already present.
After that, check whether the UE answered with the correct Identity Response.

What to check in logs

inspect the exact identity type requested by the AMF
compare it with the identity already carried in the preceding NAS message
verify that the UE sends Identity Response promptly and with the right identity form
correlate the identity exchange with the later Authentication Request or Registration Reject

FAQ

What does Identity Request do in 5G?

It asks the UE to provide a specific identity the network needs before registration or another 5GMM procedure can continue.

What identity can the network request?

Common examples include SUCI-related identity, IMEI, IMEISV, or other identity types defined by the NAS procedure.

Does Identity Request always mean failure?

No. It is often a normal intermediate step in registration when the AMF needs more identity information before continuing.

Summary

Identity Request is the NAS message the network sends when it needs the UE to provide a specific identity such as SUCI, 5G-GUTI-related context, IMEI, IMEISV, or other identity information.

Advanced Engineer Notes

This message is often the cleanest clue that the AMF could not trust or use the earlier identity context directly.
Repeated identity exchange is usually a sign of context mismatch, identity-format mismatch, or incomplete uplink delivery.

Related message pages

Related Procedures

Related Tools

Use This Reference in Practice

Decode this message with the 3GPP Decoder, inspect the related message database, or open the matching call flow to see where this signaling step fits in the full procedure.