AUSF
Authentication Server Function: the 5GC function that performs UE authentication by executing 5G-AKA or EAP-AKA' procedures using credentials from UDM.
Authentication in 5G is split between two functions, and the AUSF is the one sitting in the serving network's path. When a UE registers, the AMF kicks off authentication by calling the AUSF, which runs the actual procedure — 5G-AKA or EAP-AKA' — using authentication vectors derived from the subscriber's long-term key. The key material itself comes from the UDM/ARPF in the home network; the AUSF orchestrates the exchange and confirms the result.
One subtle but important job: it helps anchor the home network's involvement in authentication even when the UE is roaming, so a visited network can't fake a successful auth. After success it hands the AMF the key (KSEAF) from which the rest of the 5G key hierarchy is derived. Day to day you meet the AUSF when you're debugging registration failures that bottom out in authentication reject causes.
Frequently asked questions
- AUSF vs UDM — which one actually authenticates the UE?
- They share the work. The UDM (via its ARPF component) holds the subscriber's permanent key and generates the authentication vectors — the secret-bearing part. The AUSF runs the authentication procedure with the UE through the AMF and decides pass/fail. Think of the UDM as the credential vault and the AUSF as the function that executes the challenge-response.
Related terms
Want to truly understand AUSF? Learn it in context — free for 7 days.
AUSF is taught inside our 5G Core Network (5GC) course with diagrams, labs and a TelcoMentor AI coach. Start a free 7-day Pro trial — no credit card.
- No credit card
- Full Pro access
- 21 verifiable certs
- TELCOMA since 2009
Get weekly 5G/LTE engineering deep-dives
One technical breakdown every Tuesday — plus first access to new tools and lessons. No spam, no marketing, just engineering. Unsubscribe in one click.