diff --git a/src/amf/context.c b/src/amf/context.c
index a9fa84626..7d3c0ec1f 100644
--- a/src/amf/context.c
+++ b/src/amf/context.c
@@ -1353,6 +1353,7 @@ amf_ue_t *amf_ue_find_by_message(ogs_nas_5gs_message_t *message)
     ogs_nas_5gs_service_request_t *service_request = NULL;
     ogs_nas_5gs_mobile_identity_t *mobile_identity = NULL;
     ogs_nas_5gs_mobile_identity_header_t *mobile_identity_header = NULL;
+    ogs_nas_5gs_mobile_identity_suci_t *mobile_identity_suci = NULL;
     ogs_nas_5gs_mobile_identity_guti_t *mobile_identity_guti = NULL;
     ogs_nas_5gs_mobile_identity_s_tmsi_t *mobile_identity_s_tmsi = NULL;
     ogs_nas_5gs_guti_t nas_guti;
@@ -1379,8 +1380,19 @@ amf_ue_t *amf_ue_find_by_message(ogs_nas_5gs_message_t *message)
 
         switch (mobile_identity_header->type) {
         case OGS_NAS_5GS_MOBILE_IDENTITY_SUCI:
-            /*mobile_identity_suci =
-                (ogs_nas_5gs_mobile_identity_suci_t *)mobile_identity->buffer;*/
+            mobile_identity_suci =
+                (ogs_nas_5gs_mobile_identity_suci_t *)mobile_identity->buffer;
+
+            if (mobile_identity_suci->protection_scheme_id !=
+                    OGS_NAS_5GS_NULL_SCHEME &&
+                mobile_identity_suci->protection_scheme_id !=
+                    OGS_NAS_5GS_ECIES_SCHEME_PROFILE_A &&
+                mobile_identity_suci->protection_scheme_id !=
+                    OGS_NAS_5GS_ECIES_SCHEME_PROFILE_B) {
+                ogs_error("Invalid ProtectionSchemeID(%d) in SUCI",
+                    mobile_identity_suci->protection_scheme_id);
+                return NULL;
+            }
 
             suci = ogs_nas_5gs_suci_from_mobile_identity(mobile_identity);
             ogs_assert(suci);
diff --git a/src/amf/gmm-handler.c b/src/amf/gmm-handler.c
index d3617b861..d75922699 100644
--- a/src/amf/gmm-handler.c
+++ b/src/amf/gmm-handler.c
@@ -42,6 +42,7 @@ int gmm_handle_registration_request(amf_ue_t *amf_ue,
     ogs_nas_5gs_registration_type_t *registration_type = NULL;
     ogs_nas_5gs_mobile_identity_t *mobile_identity = NULL;
     ogs_nas_5gs_mobile_identity_header_t *mobile_identity_header = NULL;
+    ogs_nas_5gs_mobile_identity_suci_t *mobile_identity_suci = NULL;
     ogs_nas_5gs_mobile_identity_guti_t *mobile_identity_guti = NULL;
     ogs_nas_ue_security_capability_t *ue_security_capability = NULL;
     ogs_nas_5gs_guti_t nas_guti;
@@ -140,8 +141,23 @@ int gmm_handle_registration_request(amf_ue_t *amf_ue,
 
     switch (mobile_identity_header->type) {
     case OGS_NAS_5GS_MOBILE_IDENTITY_SUCI:
-        /*mobile_identity_suci =
-            (ogs_nas_5gs_mobile_identity_suci_t *)mobile_identity->buffer;*/
+        mobile_identity_suci =
+            (ogs_nas_5gs_mobile_identity_suci_t *)mobile_identity->buffer;
+
+        if (mobile_identity_suci->protection_scheme_id !=
+                OGS_NAS_5GS_NULL_SCHEME &&
+            mobile_identity_suci->protection_scheme_id !=
+                OGS_NAS_5GS_ECIES_SCHEME_PROFILE_A &&
+            mobile_identity_suci->protection_scheme_id !=
+                OGS_NAS_5GS_ECIES_SCHEME_PROFILE_B) {
+            ogs_error("Invalid ProtectionSchemeID(%d) in SUCI",
+                mobile_identity_suci->protection_scheme_id);
+            ogs_assert(OGS_OK ==
+                nas_5gs_send_registration_reject(amf_ue,
+                    OGS_5GMM_CAUSE_SEMANTICALLY_INCORRECT_MESSAGE)
+            );
+            return OGS_ERROR;
+        }
         amf_ue_set_suci(amf_ue, mobile_identity);
         ogs_info("[%s]    SUCI", amf_ue->suci);
         break;