How 5G Registration works

Latest posts by prasanna sahu (see all)
5G wireless technology is the most recent wireless technology by 3gpp. when the mobile handset tries to connect to a 5G core network, it goes through registration procedure to gain access to the network. As per LTE/4G technology, registration and default PDN connection(IP allocation) was happening simultaneously when mobile is switch on. But it was not the case in older wireless technologies like 3G or 2G. And the same prospective is going to come back in 5G wireless technology again, due to user-plane and Control-plane Separation.
When UE initiates Registration ?
  1. Initial registration during the switch on of the device.
  2. If there is a new tracking area outside the UE’s current registration area.
  3. When UE need to update its capability or protocol parameters  that are negotiated during previous Registration.
  4. Periodic Registration update, if configured.
  5. Emergency Registration.
What UE does during registration ?
  • During initial registration UE updates its location to 5G Core Network.
  • During initial registration UE may use SUPI or 5G GUTI for the registration.
  • UE may provide its PEI(IMEI + IMEIsv) to AMF on demand.
UE Registration States
Registration FLow
Registration Request Contents (Important parameters only)
1.Registration Type-> Initial reg, Mobility Reg, Periodic Reg or Emergency reg 2.User Identity ->5G-GUTI, SUPI, PEI or 5G-GUTI derived from 4G GUTI for inter-working. 3.List of Visited TAI -> last visited TAI list 4.Security Capability-> Integrity and Encryption algos UE Supports. 5.Requested NSSAI -> Any preferred NSSAI on which UE want to camp on. 6.Default NSSAI indication -> If AMF can select default NSSAI if Requested NSSAI is not available. 7.UE Capabilities -> UE Radio capabilities and MM Capabilities. 8.PDU Session Status -> Previously connected PDU sessions under previous PLMN (3Gpp or Non 3Gpp) 9.List of PDU session need to be activated->  If there is some pending UL traffic for a PDU session then UE include that PDU session in the list of PDU sessions.
  • gNB select a AMF based on the 5G-GUTI(SUCI) or existing N2connection for the UE. Else it selects preferred AMF based on NSSAI, if SUPI or PEI are included.
  • After AMF selection, NG-RAN(gNB) forwards Registration request to MME piggybacking on NGAP Initial UE message.
  • If SUCI is not provided in Registration request or retrieved from old AMF then AMF sends Identity request message to get SUCI from UE.
  • Then AMF initiates Authentication procedure with AUSF and UDM.
  • If PEI check is enforced by operator then AMF may send an Identity Request to UE if PEI is not obtained from old AMF.
  • If AMF has changed from last registration or SUPI is provided as identity then AMF will select appropriate UDM and setup a UDM registration for the UE session.
  • AMF retrieves Mobility Subscription data, SMF selection data, UE context in SMF data by using Nudm_SDM_Get.
  • AMF select PCF and communicates with PCF for Policy association for the UE.
  • In case of Emergency Registration and registration type is Mobility Registration, AMF communicates with SMF to activate or Re-activate PDU sessions requested in “List of PDU sessions need to be activated” IE.
  • Once AMF finishes the Registration, It sends back Registration Accept message to UE.
  • In response to Registration Accept message UE sends back Registration Complete message.

25 Replies to “How 5G Registration works”

  1. “Authentication Response” and “Security Mode Complete” should be put inside the NGAP UL NAS Transport message not DL NAS Transport.

  2. I think it should be SUCI, not SUPI, for security issue.
    During initial registration UE may use SUPI or 5G GUTI for the registration.

  3. I think it should be SUCI too.

    2.User Identity ->5G-GUTI, SUPI, PEI or 5G-GUTI derived from 4G GUTI for inter-working.

  4. The Registration FLow is for 5G-GUTI registration, right?
    Because there’s identity request for getting UE’s SUCI.
    By the way, do we need to do identity request for UE’s PEI after security mode command/complete? (TS 23.502 V15.3.0 Figure Registration procedure step 11)

    1. Hi Lin,
      Thanks for the comments, these are really helpful to identify the missing links. Regarding Identity procedure( after Security mode) is optional and depend on operator policy to check for the Equipment Identity of the device, same as 4G.

      Thanks and Regards
      Prasanna Sahu

  5. According to TS 23.502 (V15.3.0) subclause 4.2.2 Registration Management Procedures
    (page 19) It writes
    When the UE is performing an Initial Registration the UE shall indicate its UE identity in the Registration Request message as follows, listed in decreasing order of preference:
    – a native 5G-GUTI assigned by the PLMN to which the UE is attempting to register, if available;
    – a native 5G-GUTI assigned by an equivalent PLMN to the PLMN to which the UE is attempting to register, if available;
    – a native 5G-GUTI assigned by any other PLMN, if available.
    – Otherwise, the UE shall include its SUCI in the Registration Request as defined in TS 33.501 [15].

    So UE uses 5G-GUTI or SUCI for registration, not SUPI.

    1. The AUSF authentication service accepts SupiOrSuci as an input parameter from the AMF.Therefore there should be cases when SUPI is transferred.

      1. Yes, If UE has already registered(SUCI registration) earlier with AMF and AMF sent that SUCI to AUSF/UDM, and received a SUPI from AUSF/UDM(UDM deconcealed SUCI from UE) and then AMF issued 5G-GUTI and keeps a mapping of 5G-GUTI and SUPI (received from AUSF). Next time when UE try to connect to AMF using 5g-GUTI, AMF takes out corresponding SUPI and sends it to AUSF for Authentication.


  6. can you please identify any scenario where AMF transmits 5g-guti but not SUCI to AUSF? Or does the AMF always go back to UE to retrieve SUCI whenever UE passes 5g-guti to itself?

    1. Hi
      AMF never transmits 5G-GUTI to AUSF. It will either send SUCI or SUPI as an identifier to AUSF. when UE sends 5G-GUTI, AMF checks if corresponding SUPI mapping is available, if available then it will send SUPI to AUSF as identifier, if no SUPI available, then it will initiate an Identity Procedure with UE to retrieve SUCI. and then send SUCI to AUSF.


  7. Can you imagine any scenario where the AUSF responds with EAP-Request/Identity to an incoming UE Authentication request from the AMF? Or can you please name scenarios where the AUSF should initiate eap-identification . kind regards

  8. Could you please tell what should be the values of GUAMI And NSSAI during initial registration. Ie when UE is registering for the first time.

    1. HI Suri, During initial registration if no GUAMI available then UE registers with SUCI. and Based on the service it is trying to register for, it will send appropriate NSSAI and UE must have subscription to that NSSAI. gNB select an appropriate AMF based on the load value(weight factor) of AMF. and if that AMF will not be able to support the requested NSSAI in Registration request then, AMF will initiate a AMF re-allocation procedure (described towards end of the blog).


    1. Hi,
      These are stated in Release 16 of 3GPP Spec.

      As an example following ATSSS rules could be sent to UE:
      1. “Traffic Descriptor: UDP, DestAddr”, “Steering Mode: Active-Standby, Active=3GPP, Standby=non-3GPP”
      2. “Traffic Descriptor: TCP, DestPort 8080”, “Steering Mode: Smallest Delay”
      3. “Traffic Descriptor: Application-1”, “Steering Mode: Load-Balancing, 3GPP=20%, non-3GPP=80%”, “Steering Functionality: MPTCP”:

      Please see Section 5.32.8 of 23.501 Release 16.

      Nice post. Do you get any chance to post Handover and Interworking with EPC flows?

  9. In Registration request, Is UE identity is depends on Registraion type? If so, what is the UE identity when Registration type is “Initial” ,”mobility”, “periodic”, “emergency”?

    1. Hi Meemoh, It depends. If it is initial registration and no security context avaialble between UE and NW, then there is no integrity protection. UE us doing Registration update or fresh registration whiile there is an existing security context then Registration request will be Integrity protected and Ciphered.


Leave a Reply

Your email address will not be published. Required fields are marked *