UE Identity Procedure for Authentication Failure Call Flow

This section describes the UE Identity Procedure for Authentication Failure call flow.

When the authentication fails at the Step 5 mentioned in the following call flow, the AMF triggers the Identity Request towards UE. Authentication is proceeded with the new UE identity.

UE Identity Procedure for Authentication Failure Call Flow
UE Identity Procedure for Authentication Failure Call Flow Description

Step

Description

1

The UE sends a Registration Request to the gNB.

2

The gNB forwards the Registration Request with the AMF selection to the AMF.

3

The AUSF sends the authentication data along with the AUSF selection to the AMF.

4

The AMF sends an Authentication Request to the UE.

5

During the registration procedure when Authentication Response is received from the UE, the AMF examines the Authentication Response parameters and confirms that the authentication has failed. In such a case, the AMF triggers Identity Request to UE asking for its SUCI.

6

The UE sends the Identity Request message to AMF.

7

The UE responds with its SUCI in the Identity Response message to the AMF.

8

The AMF extracts fresh authentication data from AUSF using the SUCI of the subscriber.

9

The AMF sends Authentication-Request to the UE to initiate authentication of the UE identity.

10

The UE sends Authentication Response to the AMF to deliver a calculated authentication response to the network. The AMF verifies that the result received and if the result is as expected then the registration procedure starts.

11

The NAS security initiation is performed.

12

After the NAS security function setup is complete, the AMF starts the NGAP procedure to provide the 5G-AN with security context. The 5G-AN stores the security context and notifies it to the AMF. The 5G-AN uses the security context to protect the messages exchanged with the UE.

13

The AMF selects an UDM based on the PLMN info through the NRF query or static configuration and registers the UE with the UDM using Nudm_UECM_Registration. The UDM stores the AMF identity associated to the Access Type.

14

The AMF retrieves the Access and Mobility Subscription data using Nudm_SDM_Get. The AMF subscribes to be notified using Nudm_SDM_Subscribe when the data requested is modified.

15

The AMF selects PCF based on PLMN-info and slice- info and performs a Policy Association Establishment. The PCF sends policy data to the AMF with restrictions and other policies to be applied for the UE. The policies are not applied for UE and are stored in AMF.

16

The AMF sends a Registration Accept message to the UE indicating that the Registration Request is accepted. Registration Accept contains the following:

  • 5G-GUTI

  • Registration Area

  • Mobility restrictions

  • PDU Session status

  • Allowed NSSAI

  • Configured NSSAI for the Serving PLMN

  • Periodic Registration Update timer

  • Emergency Service Support indicator

  • Accepted DRX parameters

17

The UE sends a Registration Complete message to the AMF to acknowledge that a new 5G-GUTI was assigned.