WO2024239213A1

WO2024239213A1 - Protect relay discovery for serving network driven scenario

Info

Publication number: WO2024239213A1
Application number: PCT/CN2023/095632
Authority: WO
Inventors: Jing PING; Ling Yu; Mohamed Amin Nassar
Original assignee: Nokia Shanghai Bell Co Ltd; Nokia Solutions and Networks Oy; Nokia Technologies Oy
Current assignee: Nokia Shanghai Bell Co Ltd; Nokia Solutions and Networks Oy; Nokia Technologies Oy
Priority date: 2023-05-22
Filing date: 2023-05-22
Publication date: 2024-11-28
Anticipated expiration: 2025-11-22
Also published as: CN121040101A

Abstract

Example embodiments of the present disclosure relate to for protecting relay discovery for a serving network driven scenario. A first network device receives, from a second network device, a request for information about at least one public land mobile network (PLMN) where a terminal device is authorized to use a relay service. Then, the first network device obtains the information about the at least one PLMN based on the request. Moreover, the first network device transmits, to the second network device, a response comprising the information about the at least one PLMN. In this way, relay discovery security can be ensured and thus communication performance and communication efficiency can be improved.

Description

PROTECT RELAY DISCOVERY FOR SERVING NETWORK DRIVEN SCENARIO

FIELD

Various example embodiments of the present disclosure generally relate to the field of telecommunication and in particular, to devices, methods, apparatus and computer readable storage media for protecting relay discovery for a serving network driven scenario.

BACKGROUND

The Fifth Generation (5G) system support proximity based services (ProSe) feature. 5G ProSe features may comprise 5G ProSe Direct Discovery, 5G ProSe Direct Communication, 5G ProSe UE-to-Network (U2N) relay, and 5G ProSe UE-to-UE (U2U) relay. In the 5G ProSe U2N relay feature, a remote user equipment (UE) may connect to a U2U relay via a PC5 interface with 5G ProSe Direct Communication, and communicate with a data network via the U2U relay and 5G network. In order to perform the 5G ProSe Direct Communication between the remote UE and the U2N relay, the remote UE and the U2N relay may perform a 5G ProSe Direct discovery procedure using security information for relay discovery. In the 5G ProSe U2U relay feature, 5G ProSe End UEs communicate with each other via a 5G ProSe U2E relay. Similar to 5G ProSe U2U relay case, the 5G ProSe End UE (for example, a source UE or a target UE) and the U2U relay may perform a 5G ProSe Direct discovery procedure using security information for 5G ProSe U2U relay discovery.

SUMMARY

In general, example embodiments of the present disclosure provide a solution for protecting relay discovery for a serving network driven scenario.

In a first aspect, there is provided a first network device. The first network device comprises at least one processor and at least one memory storing instructions. When the instructions are executed by the at least one processor, the instructions cause the first network device at least to: receive, from a second network device, a request for information about at least one public land mobile network (PLMN) where a terminal device is authorized to use a relay service; obtain the information about the at least one PLMN based on the request; and transmit, to the second network device, a response comprising the information about the at least one PLMN.

In a second aspect, there is provided a second network device. The second network device comprises at least one processor and at least one memory storing instructions. When the instructions are executed by the at least one processor, the instructions cause the second network device at least to: transmit, to a first network device, a request for information about at least one PLMN where a terminal device is authorized to use a relay service; and receive, from the first network device, a response comprising the information about the at least one PLMN.

In a third aspect, there is provided an apparatus. The apparatus comprises: means for receiving, at a first network device, from a second network device, a request for information about at least one PLMN where a terminal device is authorized to use a relay service; means for obtaining the information about the at least one PLMN based on the request; and means for transmitting, to the second network device, a response comprising the information about the at least one PLMN.

In a fourth aspect, there is provided an apparatus. The apparatus comprises: means for transmitting, at a second network device, to a first network device, a request for information about at least one PLMN where a terminal device is authorized to use a relay service; and means for receiving, from the first network device, a response comprising the information about the at least one PLMN.

In a fifth aspect, there is provided a method. The method comprises: receiving, at a first network device, from a second network device, a request for information about at least one PLMN where a terminal device is authorized to use a relay service; obtaining the information about the at least one PLMN based on the request; and transmitting, to the second network device, a response comprising the information about the at least one PLMN.

In a sixth aspect, there is provided a method. The method comprises: transmitting, at a second network device, to a first network device, a request for information about at least one PLMN where a terminal device is authorized to use a relay service; and receiving, from the first network device, a response comprising the information about the at least one PLMN.

In a seventh aspect, there is provided a computer readable medium. The computer readable medium comprises program instructions that, when executed by at least one processor, cause an apparatus to perform at least the method according to the fifth aspect or the sixth aspect.

In an eighth aspect, there is provided a computer program comprising instructions, which, when executed by an apparatus, cause the apparatus at least to perform at least the method according to the fifth aspect or the sixth aspect.

In a ninth aspect, there is provided a first network device. The first device comprises receiving circuitry configured to receive, from a second network device, a request for information about at least one PLMN where a terminal device is authorized to use a relay service; obtaining circuitry configured to obtain the information about the at least one PLMN based on the request; and transmitting circuitry configured to transmit, to the second network device, a response comprising the information about the at least one PLMN.

In a tenth aspect, there is provided a second network device. The first device comprises transmitting circuitry configured to transmit, to a first network device, a request for information about at least one PLMN where a terminal device is authorized to use a relay service; and receiving circuitry configured to receive, from the first network device, a response comprising the information about the at least one PLMN.

It is to be understood that the summary section is not intended to identifier key or essential features of example embodiments of the present disclosure, nor is it intended to be used to limit the scope of the present disclosure. Other features of the present disclosure will become easily comprehensible through the following description.

BRIEF DESCRIPTION OF THE DRAWINGS

Some example embodiments will now be described with reference to the accompanying drawings, where:

Figs. 1A to 1D illustrates example communication networks in which example embodiments of the present disclosure may be implemented;

Fig. 2 illustrates a signaling chart illustrating an example implementation of a process for obtaining security information for relay discovery in a 5G ProSe U2N relay scenario;

Fig. 3 illustrates a signaling chart illustrating a process for protecting relay discovery in accordance with some example embodiments of the present disclosure;

Fig. 4 illustrates a signaling chart illustrating an example implementation of a process for protecting relay discovery in accordance with some example embodiments of the present disclosure;

Fig. 5 illustrates a flowchart of a method implemented at a first network device in accordance with some example embodiments of the present disclosure;

Fig. 6 illustrates a flowchart of a method implemented at a second network device in accordance with some example embodiments of the present disclosure;

Fig. 7 illustrates a simplified block diagram of an apparatus that is suitable for implementing example embodiments of the present disclosure; and

Fig. 8 illustrates a block diagram of an example computer readable medium in accordance with some example embodiments of the present disclosure.

Throughout the drawings, the same or similar reference numerals represent the same or similar element.

DETAILED DESCRIPTION

Principle of the present disclosure will now be described with reference to some example embodiments. It is to be understood that these example embodiments are described only for the purpose of illustration and help those skilled in the art to understand and implement the present disclosure, without suggesting any limitation as to the scope of the disclosure. The disclosure described herein can be implemented in various manners other than the ones described below.

In the following description and claims, unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skills in the art to which this disclosure belongs.

References in the present disclosure to “one embodiment, ” “an embodiment, ” “an example embodiment, ” and the like indicate that the embodiment described may include a particular feature, structure, or characteristic, but it is not necessary that every embodiment includes the particular feature, structure, or characteristic. Moreover, such phrases are not necessarily referring to the same embodiment. Further, when a particular feature, structure, or characteristic is described in connection with an example embodiment, it is submitted that it is within the knowledge of one skilled in the art to affect such feature, structure, or characteristic in connection with other example embodiments whether or not explicitly described.

It shall be understood that although the terms “first” and “second” etc. may be used herein to describe various elements, these elements should not be limited by these terms. These terms are only used to distinguish one element from another. For example, a first element could be termed a second element, and similarly, a second element could be termed a first element, without departing from the scope of example embodiments. As used herein, the term “and/or” includes any and all combinations of one or more of the listed terms.

The terminology used herein is for the purpose of describing particular example embodiments only and is not intended to be limiting of example embodiments. As used herein, the singular forms “a” , “an” and “the” are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms “comprises” , “comprising” , “has” , “having” , “includes” and/or “including” , when used herein, specify the presence of stated features, elements, and/or components etc., but do not preclude the presence or addition of one or more other features, elements, components and/or combinations thereof.

As used in this application, the term “circuitry” may refer to one or more or all of the following:

(a) hardware-only circuit implementations (such as implementations in only analog and/or digital circuitry) and

(b) combinations of hardware circuits and software, such as (as applicable) :

(i) a combination of analog and/or digital hardware circuit (s) with software/firmware and

(ii) any portions of hardware processor (s) with software (including digital signal processor (s) ) , software, and memory (ies) that work together to cause an apparatus, such as a mobile phone or server, to perform various functions) and

(c) hardware circuit (s) and or processor (s) , such as a microprocessor (s) or a portion of a microprocessor (s) , that requires software (e.g., firmware) for operation, but the software may not be present when it is not needed for operation.

This definition of circuitry applies to all uses of this term in this application, including in any claims. As a further example, as used in this application, the term circuitry also covers an implementation of merely a hardware circuit or processor (or multiple processors) or portion of a hardware circuit or processor and its (or their) accompanying software and/or firmware. The term circuitry also covers, for example and if applicable to the particular claim element, a baseband integrated circuit or processor integrated circuit for a mobile device or a similar integrated circuit in server, a cellular network device, or other computing or network device.

As used herein, the term “communication network” refers to a network following any suitable communication standards, such as fifth generation (5G) systems, Long Term Evolution (LTE) , LTE-Advanced (LTE-A) , Wideband Code Division Multiple Access (WCDMA) , High-Speed Packet Access (HSPA) , Narrow Band Internet of Things (NB-IoT) and so on. Furthermore, the communications between a terminal device and a network device in the communication network may be performed according to any suitable generation communication protocols, including, but not limited to, the first generation (1G) , the second generation (2G) , 2.5G, 2.75G, the third generation (3G) , the fourth generation (4G) , 4.5G, the fifth generation (5G) new radio (NR) communication protocols, and/or any other protocols either currently known or to be developed in the future. Example embodiments of the present disclosure may be applied in various communication systems. Given the rapid development in communications, there will of course also be future type communication technologies and systems with which the present disclosure may be embodied. It should not be seen as limiting the scope of the present disclosure to only the aforementioned system.

As used herein, the term “access network device” refers to a node in a communication network via which a terminal device accesses the network and receives services therefrom. The network device may refer to a base station (BS) or an access point (AP) , for example, a node B (NodeB or NB) , an evolved NodeB (eNodeB or eNB) , a NR Next Generation NodeB (gNB) , a Remote Radio Unit (RRU) , a radio header (RH) , a remote radio head (RRH) , a relay, a low power node such as a femto, a pico, and so forth, depending on the applied terminology and technology. A Radio Access Network (RAN) split architecture comprises a gNB Centralized unit (gNB-CU , hosting Radio Resource Control (RRC) , Service Data Adaption Protocol (SDAP) and Packet Data Convergence Protocol (PDCP) ) controlling a plurality of gNB Distributed units (gNB-DUs (, hosting Radio Link Control (RLC) , Media Access Control (MAC) and Physical layer (PHY) ) .

As used herein, the term “network device” refers to a device capable of communicating with the access network device and providing services to the terminal device in a core network. Examples of the core network device may include user plane functions (UPFs) , application servers, Mobile Switching Centers (MSCs) , Mobile Management Entities (MMEs) , Operation and Management (O&M) nodes, Operation Support System (OSS) nodes, Self-Organization Network (SON) nodes, positioning nodes such as Enhanced Serving Mobile Location Centers (E-SMLCs) , Mobile Data Terminals (MDTs) , a Common Control Network Function (CCNF) , an Access and mobility Management Function (AMF) , a Session Management Function (SMF) , a Policy Control Function (PCF) , a Location Management Function (LMF) , a direct discovery name management function (DDNMF) and/or a ProSe key management function (PKMF) .

The term “terminal device” refers to any end device that may be capable of wireless communication. By way of example rather than limitation, a terminal device may also be referred to as a communication device, user equipment (UE) , a Subscriber Station (SS) , a Portable Subscriber Station, a Mobile Station (MS) , or an Access Terminal (AT) . The terminal device may include, but not limited to, a mobile phone, a cellular phone, a smart phone, voice over IP (VoIP) phones, wireless local loop phones, a tablet, a wearable terminal device, a personal digital assistant (PDA) , portable computers, desktop computer, image capture terminal devices such as digital cameras, gaming terminal devices, music storage and playback appliances, vehicle-mounted wireless terminal devices, wireless endpoints, mobile stations, laptop-embedded equipment (LEE) , laptop-mounted equipment (LME) , USB dongles, smart devices, wireless customer-premises equipment (CPE) , an Internet of Things (IoT) device, a watch or other wearable, a head-mounted display (HMD) , a vehicle, a drone, a medical device and applications (e.g., remote surgery) , an industrial device and applications (e.g., a robot and/or other wireless devices operating in an industrial and/or an automated processing chain contexts) , a consumer electronics device, a device operating on commercial and/or industrial wireless networks, and the like. In the following description, the terms “terminal device” , “communication device” , “terminal” , “user equipment” and “UE” may be used interchangeably.

Although functionalities described herein can be performed, in various example embodiments, in a fixed and/or a wireless network node, in other example embodiments, functionalities may be implemented in a user equipment apparatus (such as a cell phone or tablet computer or laptop computer or desktop computer or mobile IoT device or fixed IoT device) . This user equipment apparatus can, for example, be furnished with corresponding capabilities as described in connection with the fixed and/or the wireless network node (s) , as appropriate. The user equipment apparatus may be the user equipment and/or or a control device, such as a chipset or processor, configured to control the user equipment when installed therein. Examples of such functionalities include the bootstrapping server function and/or the home subscriber server, which may be implemented in the user equipment apparatus by providing the user equipment apparatus with software configured to cause the user equipment apparatus to perform from the point of view of these functions/nodes.

Figs. 1A to 1D show example communication environments 100A to 100D in which example embodiments of the present disclosure can be implemented, respectively.

Each of the environments 100A to 100D may be a part of a communication network. Each of the environments 100A, 100B and 100D may comprise a first serving public land mobile network (SPLMN) 102, a first home PLMN (HPLMN) 104 and a second SPLMN 106. The environments 100C comprises the first SPLMN 102 and the second SPLML 106.

A terminal device 140 may communicate with a PKMF device or a DDNMF device 160 in the second SPLMN 106.

In the environment 100A, a terminal device 110 may communicate with a first network device 120 and a second network device 130 in the first SPLMN 102 and with a third network device 150 in the home HPLMN 104. The first network device 120 may be a visited PCF (V-PCF) device, and the second network device 130 may be a DDNMF device, or a PKMF device, and the third network device 150 may be a home PCF (H-PCF) device.

The environment 100B is similar to the environment 100A. The environment 100B is different from the environment 100A in that the first network device 120 may be a home PCF (H-PCF) device, the second network device 130 may be a V-PCF device and the first SPLMN 102 further comprises a PKMF device or a DDNMF device 170. The terminal device 110 may communicate with the PKMF device or DDNMF device 170, the second network device 130 in the first SPLMN 102 and the first network device 120 in the home HPLMN 104.

The environment 100C is similar to the environment 100A. The environment 100C is different from the environment 100A in that the first SPLMN 102 is the same as the first HPLMN 104. In this case, the first network device 120 may be an H-PCF device, and the second network device 130 may be a DDNMF device, or a PKMF device. The terminal device 110 may communicate with the first network device 120 and the second network device 130 in the first SPLMN 102.

The environment 100D is similar to the environment 100C. The environment 100D is different from the environment 100C in that the first SPLMN 102 is different from the first HPLMN 104. In this case, the first network device 120 may be an H-PCF device, and the second network device 130 may be a DDNMF device, or a PKMF device. The terminal device 110 may communicate with the first network device 120 in the first HPLMN 104 and the second network device 130 in the first SPLMN 102.

It is to be understood that the number of the devices is only for ease of understanding without suggesting any limitations. The communication environments 100A to 100D may include any suitable number or type of the devices adapted for implementing embodiments of the present disclosure.

Communications in the communication environments 100A to 100D may be implemented according to any proper communication protocol (s) , comprising, but not limited to, cellular communication protocols of the first generation (1G) , the second generation (2G) , the third generation (3G) , the fourth generation (4G) , the fifth generation (5G) or the future sixth generation (6G) wireless local network communication protocols such as Institute for Electrical and Electronics Engineers (IEEE) 802.11 and the like, and/or any other protocols currently known or to be developed in the future. Moreover, the communication may utilize any proper wireless communication technology, comprising but not limited to: Code Division Multiple Access (CDMA) , Frequency Division Multiple Access (FDMA) , Time Division Multiple Access (TDMA) , Frequency Division Duplex (FDD) , Time Division Duplex (TDD) , Multiple-Input Multiple-Output (MIMO) , Orthogonal Frequency Division Multiple (OFDM) , Discrete Fourier Transform spread OFDM (DFT-s-OFDM) and/or any other technologies currently known or to be developed in the future.

In some example embodiments, the communication environments 100A to 100D may support ProSe feature, such as 5G ProSe, 4G ProSe and so on. Hereinafter, example embodiments of the present disclosure will be described by taking 5G ProSe as example. However, the present disclosure may be appliable to 4G ProSe or any future ProSe.

5G ProSe features may comprise 5G ProSe Direct Discovery, 5G ProSe Direct Communication, 5G ProSe U2N relay and 5G ProSe U2U relay.

In the 5G ProSe U2N relay feature, the terminal device 110 may connect to the terminal device 140 via a PC5 interface with 5G ProSe Direct Communication, and communicate with a data network via the terminal device 140 and 5G network. In this regard, the terminal device 110 may be referred to as a remote terminal device or a remote UE, and the terminal device 140 may be referred to as a U2N relay. In some example embodiments, the terminal device 110 and the terminal device 140 may perform a 5G ProSe Direct discovery procedure using security information for 5G ProSe U2N relay discovery.

In the 5G ProSe U2U relay feature, the terminal device 110 may communicate with a further terminal device (not shown) via the terminal device 140. In this regard, the terminal device 110 and the further terminal device may be referred to as end terminal devices or end UEs, and the terminal device 140 may be referred to as a U2U relay. One of the terminal device 110 and the further terminal device may act as a source terminal devices or source UE, the other may act as a target terminal device or a target UE.

In some example embodiments, the end terminal device (such as a source terminal device or a target source terminal device) and the terminal device 140 may perform a 5G ProSe Direct discovery procedure using security information for 5G ProSe U2U relay discovery.

Fig. 2 illustrates a signaling chart illustrating a process 200 for obtaining security information for relay discovery in a 5G ProSe U2N relay scenario.

Generally, in the process 200, HPLMNs of potential ProSe U2N relays are determined either with local configuration or from PCF of the remote UE. Then, the HPLMNs are used to discovery DDNMF/PKMF of the potential ProSe U2N relays and obtain security parameters to protect U2N relay discovery message.

Specifically, at 210, the U2N relay 203 transmits a Discovery Key Request to its DDNMF/PKMF 209 to get security information for relay discovery to protect PC5 discovery messages. The request may include a relay service code (RSC) and security capabilities of the U2N relay 203.

Then, the DDNMF/PKMF 209 of the U2N relay 203 generates a relay restricted identifier (ID) for the U2N relay 203 with a valid timer. The relay restricted ID is associated with the RSC and a relay ID for discovery for the U2N relay 203. Hereinafter, the relay ID for discovery is also referred to as “relay ID” for brevity. For example, the relay ID may include HPLMN ID (such as PLMN ID#2) of the U2N relay 203. Then, the DDNMF/PKMF 209 obtains the security information associated with the relay restricted ID. For example, the DDNMF/PKMF 209 may generate security parameters and select PC5 ciphering algorithm.

At 212, the DDNMF/PKMF 209 transmits a Discovery Key Response to the U2N relay 203. The response includes the RSC, the ProSe restrict code and valid timer, the code specific security parameters and Chosen PC5 ciphering algorithm, CURRENT_TIME, MAX_OFFSET, and optional PC5 security policies.

At 214, the remote UE 201 transmits a Discovery Key Request to its DDNMF/PKMF 205 to get security information for relay discovery to protect PC5 discovery messages. The request may include a UE identifier of the remote UE 201, an RSC, and security capability of remote UE 201.

At 216, the DDNMF/PKMF 205 of the remote UE 201 transmits a request to its PCF device 207 to obtain IDs for HPLMNs supporting an RSC for the remote UE 201. The request may include a UE identifier of the remote UE 201 and the RSC. This request is also referred to as “Get HPLMNs of potential relays request” .

At 218, the PCF device 207 of the remote UE 201 obtains HPLMNs of potential relays locally based on the RSC.

At 220, the PCF device 207 of the remote UE 201 transmits a response to the DDNMF/PKMF 205. This response is also referred to as “get HPLMNs response” . The response may include the UE identifier of the remote UE 201, the RSC and a list of PLMN IDs.

At 222, the DDNMF/PKMF 205 of the remote UE 201 generates relay restricted id and obtain code security parameters linked to a PLMN id.

At 224, the DDNMF/PKMF 205 of the remote UE 201 transmits a Discovery Key Request to the DDNMF/PKMF 209 of the HPLMN 120, so as to obtain security information associated with the RSC. The request may include security capability of the remote UE 201 and the RSC. At 226, the DDNMF/PKMF 205 of the remote UE 201 receives a discovery key response from the DDNMF/PKMF 209 of the U2N relay 203. The response may include a list of relay restricted ID with corresponding valid timer, code security parameters and PC5 ciphering algorithms. Actions 224 and 26 repeat for each PLMN of potential relays associated to the RSC.

At 228, the DDNMF/PKMF 205 of the remote UE 201 constructs a list of relay restricted ID with corresponding valid timer, code security parameters, DUIK, and PC5 ciphering algorithms.

At 230, the DDNMF/PKMF 205 of the remote UE 201 transmits a Discovery Key Response to the remote UE 201. The response may include the RSC, optional PC5 security policies, CURRENT_TIME, MAX_OFFSET, a list of (relay restricted ID, valid timer, Code-Rcv-SecParams (i.e., the security parameters) , Chosen PC5 ciphering algorithm) .

At 232, the remote UE 201 and the U2N relay 203 perform the relay discovery over PC5. The discovery messages are protected with the at least one set of security information. Each of the at least one set of security information is associated with the relay restricted ID (which is per relay per RSC) .

Thus, it is allowed to support the discovery security parameters to be obtaind from DDNMFs/PKMFs in the HPLMN of remote UE and potential U2N relays. Thus, in this 5G ProSe U2N relay scenario, to perform the 5G ProSe Direct Communication between the remote UE and the U2N relay, the remote UE and the U2N relay may perform a 5G ProSe Direct discovery procedure using the obtained security parameters for 5G ProSe U2N relay discovery.

Likewise, in the 5G U2U relay scenario, the 5G ProSe End UE (such as a source UE or a target UE) and the U2U relay may perform a 5G ProSe Direct discovery procedure using the obtained security information for 5G ProSe U2U relay discovery.

The 5G ProSe remote UE, 5G ProSe U2N relay UE, 5G ProSe End UE and 5G ProSe U2U relay UE are provisioned with authorization related information by corresponding PCF in the HPLMN of the UEs when those UEs registered to the 5G network.

The basic principles of service authorization and provisioning for 5G ProSe Direct Discovery, 5G ProSe Direct Communication, 5G ProSe U2N relay and 5G ProSe U2U relay service are as follows:

- The PCF in the HPLMN may configure a list of PLMNs where the UE is authorized to use 5G ProSe Direct Discovery.

- The PCF in the HPLMN may configure a list of PLMNs where the UE is authorized to use 5G ProSe Direct Communication.

- The PCF in the HPLMN may configure a list of PLMNs where the UE is authorized to act as 5G ProSe U2N relay. Authorisation for 5G ProSe Layer-2 U2N relay and 5G ProSe Layer-3 U2N relay are independent of each other.

- The PCF in the HPLMN may configure a list of PLMNs where the UE is authorized to access 5GC via 5G ProSe U2N relay (i.e. to act as 5G ProSe Remote UE) . Authorisation to access via 5G ProSe Layer-2 U2N relay and via 5G ProSe Layer-3 U2N relay are independent of each other.

- The PCF in the HPLMN may configure a list of PLMNs where the UE is authorized to act as 5G ProSe U2U relay. Authorisation for 5G ProSe Layer-2 U2U relay and 5G ProSe Layer-3 U2U relay are independent of each other.

- The PCF in the HPLMN may configure a list of PLMNs where the UE is authorized to access 5G ProSe U2U relay (i.e. to act as 5G ProSe End UE) . Authorisation to access via 5G ProSe Layer-2 U2U relay and via 5G ProSe Layer-3 U2U relay are independent of each other.

- The PCF in the HPLMN merges authorization information from home and other PLMNs and provides the UE with the final authorization information.

- The PCF in the VPLMN or HPLMN may revoke the authorization (via H-PCF when roaming) at any time by using the UE Configuration Update procedure for transparent UE Policy delivery procedure.

Configuration of a list of PLMNs where the UE is authorized to access 5G ProSe U2U/U2N relay is only required for 5G ProSe Layer-2 U2U/U2N service as the ProSe End UE/Remote UE checks the authorization to access PLMNs only in 5G ProSe Layer-2 U2U/U2N scenario, but not necessarily for 5G ProSe Layer-3 U2U/U2N scenario.

In some scenarios, especially for ProSe U2U relay discovery introduced in release 18 (Rel-18) , the ProSe End UE (such as a source UE or target UE) and U2U UE relay may connect to the PKMF in its SPLMN to get discovery security parameters. If the PKMFs serving U2U relay UE and End UE are located in different SPLMNs, the PKMF of the End UE cannot locate the PKMF of the U2U relay UE.

Thus, there is a need for an improved way for the PKMF of an end/remote UE to get serving PLMNs of potential U2U/U2N relays when discovery key request from the end/remote UE is received. Then, the PKMF of the end/remote UE can discovery the PKMF (s) of potential U2U/U2N relay UEs and get corresponding security parameters for U2U/U2N relay discovery.

The present disclosure provides a solution for relay discovery for a serving network driven scenario. According to the solution, a first network device receives, from a second network device, a request for information about at least one PLMN where a terminal device is authorized to use a relay service. Then, the first network device obtains the information about the at least one PLMN based on the request. Moreover, the first network device transmits, to the second network device, a response comprising the information about the at least one PLMN. In this way, the second network device may discover a target DDNMF or PKMF and get security parameters for U2U/U2N relay discovery. Thus, delay discovery security can be ensured and thus communication performance and communication efficiency can be improved.

Hereinafter, principle of the present disclosure will be described with reference to Figs. 3 to 8.

Fig. 3 illustrates a signaling chart illustrating a process 300 for protecting relay discovery in accordance with some example embodiments of the present disclosure. For the purpose of discussion, the process 300 will be described with reference to Figs. 1A to 1Ddevice located in the first SPLMN 102 of the terminal device 110, and the second network device 130 may be a DDNMF device or a PKMF device located in the first SPLMN 102 of the terminal device 110, as shown in Fig. 1A.

In such example embodiments, after receiving the request from the second device 130, the first network device 120 may forward the request to the third network device 150 (acting as an H-PCF device) in the first HPLMN 104 of the terminal device 110 if the SPLMN 102 is different from the HPLMN 104. The third network device 150 may be preconfigured or provisioned with the information about the at least one PLMN. Then, the third network device 150 may determine the information and transmit it to the first network device 120. Accordingly, the first network device 120 may obtain the information about the at least one PLMN from the third network device 150.

Alternatively, the first network device 120 may be preconfigured, provisioned or cached with the information about the at least one PLMN. In this case, the first network device 110 may determine the information based on the request and its local configuration. As an example, the first network device 120 may determine the information based on at least one of the following: the identifier of the terminal device 110, the RSC, the identifier of the first SPLMN 102 of the terminal device 110, and the relay indicator, as well as its local configuration.

Alternatively, in some example embodiments, the first network device 120 may be an H-PCF device located in the first HPLMN 104 of the terminal device 110, and the second network device 130 may be a V-PCF device located in the first SPLMN 102 of the terminal device 110, as shown in Fig. 1B.

In such example embodiments, the second network device 130 may receive the request for the information about the at least one PLMN from the PKMF device or DDNMF device 170. The second network device 130 may forward the request to the first network device 120.

The first network device 120 may be preconfigured or provisioned with the information about the at least one PLMN. Thus, the first network device 120 may determine the information based on the received request and local configuration. As an example, the first network device 120 may determine the information based on at least one of the following: the identifier of the terminal device 110, the RSC, the identifier of the first SPLMN 102 of the terminal device 110, and the relay indicator, as well as its local configuration.

Alternatively, in some example embodiments, the first SPLMN 102 is the same as the first HPLMN 104, the first network device 120 may be an H-PCF device located in the first SPLMN 102 of the terminal device 110, and the second network device 130 may be a DDNMF device or a PKMF device located in the first SPLMN 102, as shown in Fig. 1C. In such example embodiments, the second network device 130 may transmit the request for the information about the at least one PLMN directly to the first network device 120. Then, the first network device 120 may determine the information in the similar way as described above with reference to FIG. 1B. Thus, details of the determining the information are omitted for brevity.

Alternatively, in some example embodiments, the first SPLMN 102 is differnent from the first HPLMN 104, the first network device 120 may be an H-PCF device located in the first HPLMN 104 of the terminal device 110, and the second network device 130 may be a DDNMF device or a PKMF device located in the first SPLMN 102, as shown in Fig. 1D. In such example embodiments, the second network device 130 may transmit the request for the information about the at least one PLMN directly to the first network device 120. Then, the first network device 120 may determine the information in the similar way as described above with reference to FIG. 1B. Thus, details of the determining the information are omitted for brevity.

As shown in Fig. 3, the first network device 120 transmits (315) , to the second network device 130, a response comprising the information about the at least one PLMN. Accordingly, the second network device 130 receives the response from the first network device 120.

In some example embodiments, the response may comprise the identifier of the terminal device 110. Alternatively or additionally, the response may comprise the RSC.

In some example embodiments, the information may comprise a list of PLMNs (also referred to as a first list of PLMNs) associated with the RSC. As an example, the first list of PLMNs may comprise at least one of following: a first list of PLMNs where the terminal device 110 is authorized to access 5G ProSe U2N Layer 2 relay, a second list of PLMNs where the terminal device 110 is authorized to access 5G ProSe U2N Layer 3 relay, a third list of PLMNs where the terminal device 110 is authorized to access 5G ProSe U2U Layer 2 relay, or a fourth list of PLMNs where the terminal device 110 is authorized to access 5G ProSe U2U Layer 3 relay.

Alternatively or additionally, the information may comprise a set of PLMN lists (also referred to as a first set of PLMN lists) , and each of the PLMN lists may be associated with a relay indicator. For example, the first set of the PLMN lists may comprise at least one of following: a first list of PLMNs where the terminal device 110 is authorized to access 5G ProSe U2N Layer 2 relay, a second list of PLMNs where the terminal device 110 is authorized to access 5G ProSe U2N Layer 3 relay, a third list of PLMNs where the terminal device 110 is authorized to access 5G ProSe U2U Layer 2 relay, or a fourth list of PLMNs where the terminal device 110 is authorized to access 5G ProSe U2U Layer 3 relay.

It is to be understood that authorization to access the 5G ProSe U2N Layer 2 relay, via the 5G ProSeU2N Layer 3 relay, via the 5G ProSe U2U Layer 2 relay, and the via 5G ProSe U2U Layer 3relay may be independent from each other.

Based on the inforamtion about the at least one PLMN where the terminal device 110 is authorized to use relay service, the second network device 130 may locate one or more network devices (for example, PKMF device or DDNMF device) serving the potential ProSe U2U/U2N relay terminal devices (for example, the fourth network device 160) . The second network device 130 may get security parameters for U2U/U2N relay discovery from the located network devices serving the potential ProSe U2U/U2N relay terminal devices. Then, the second network device 130 may construct a discovery key response with security parameters and return to the terminal device 110.

In some example embodiments, the second network device 130 may subscribe to the first network device 120 for update or change of the information about the at least one PLMN. For example, the second network device 130 may transmit, to the first network device 120, a subscription request for update of the information about the at least one PLMN. Then, if it is determined that the information is updated, the first network device 120 may transmit, to the second network device 130, a subscription notification comprising the updated information.

As an example, the subscription request may comprise an identifier of the terminal device 110. Alternatively or in addition, the subscription request may comprise an RSC. Alternatively or in addition, the subscription request may comprise a relay indicator.

As an example, the relay indicator may comprise at least one of the following: a 5G ProSe U2N relay indicator; a 5G ProSe U2U relay indicator; a 5G ProSe Layer 2 relay indicator; a 5G ProSe Layer 3 relay indicator; a 5G ProSe U2N Layer 2 relay indicator; a 5G ProSe U2N Layer 3 relay indicator; a 5G ProSe U2U Layer 2 relay indicator; or a 5G ProSe U2U Layer 3 relay indicator.

As an example, the subscription notification may comprise an identifier of the terminal device 110. Alternatively or in addition, the subscription notification may comprise an RSC.

In some example embodiments, the updated information may comprise another list of PLMNs (also referred to as a second list of PLMNs) associated with the RSC. The second list of PLMNs may comprise at least one of the following: a first updated list of PLMNs where the terminal device 110 is authorized to access 5G ProSe U2N Layer 2 relay, a second updated list of PLMNs where the terminal device 110 is authorized to access 5G ProSe U2N Layer 3 relay, a third updated list of PLMNs where the terminal device 110 is authorized to access 5G ProSe U2U Layer 2 relay, or a fourth updated list of PLMNs where the terminal device 110 is authorized to access 5G ProSe U2U Layer 3 relay.

Alternatively or in addition, the updated information may comprise another set of PLMN lists (also referred to as a second set of PLMN lists) , and each of the PLMN lists may be associated with a relay indicator. For example, the second set of PLMN lists may comprise at least one of following: a first updated list of PLMNs where the terminal device 110 is authorized to access 5G ProSe U2N Layer 2 relay, a second updated list of PLMNs where the terminal device 110 is authorized to access 5G ProSe U2N Layer 3 relay, a third updated list of PLMNs where the terminal device 110 is authorized to access 5G ProSe U2U Layer 2 relay, or a fourth updated list of PLMNs where the terminal device 110 is authorized to access 5G ProSe U2U Layer 3 relay.

In some example embodiments, the first network device 120 may subscribe to the second network device 130 for more than one terminal devices. In this case, the second network device 130 may transmit multiple sets of PLMN lists to the first network device 120, and each of the multiple sets may be associated with one of the more than one terminal devices.

In some example embodiments, the first network device 120 may comprise new services to enable the second network device 130 to get (serving) PLMNs where the terminal device 110 is authorized to access 5G ProSe U2U/U2N relay. Alternatively or additionally, the first network device 120 may comprise new services to enable the second network device 130 to subscribe to be notified of a change of the authorized (serving) PLMNs. The service to get PLMNs where the terminal device 110 is authorized to access 5G ProSe U2U relay and the service to get PLMNs where the terminal device 110 is authorized to access 5G ProSe U2N relay may be different services, or may be same service but differentiated with input parameters.

In some example embodiments, a new reference point may be provided between the first network device 110 and the second network device 120. The new reference point may be used to define interactions between the first network device 110 and the second network device 120 to get authorized PLMNs from the first network device 110.

In this way, the security procedure of 5G ProSe U2U/U2N relay discovery may be enhanced.

Fig. 4 illustrates a signaling chart illustrating an example process 400 for protecting relay discovery in accordance with some example embodiments of the present disclosure. It would be appreciated that the process 400 may be considered as an example implementation of the process 300 as shown in Fig. 3. For the purpose of discussion, the process 400 will be described with reference to Fig. 1A. In the process 400, a remote/end UE 401 may be an example of the terminal device 110, a PKMF 403 may be an example of the second network device 130, a PCF 405 may be an example of the first network device 120, a U2N/U2U relay 407 may be an example of the terminal device 140, and a PKMF 409 may be an example of the PKMF device 160 in Fig 1A.

As shown in Fig. 4, at 410, the U2N/U2U relay 407 transmits a discovery key request to the PKMF 409 in its SPLMN 106 to get a discovery key to protect a PC5 discovery message.

The PKMF 409 of the U2N/U2U relay 407 generates security parameters and selects a PC5 ciphering algorithm, and then transmits, at 412, the discovery key response to the U2N/U2U relay 407.

At 414, The remote/end UE 401 transmits a discovery key request to the PKMF 403 in its SPLMN 102. The discovery key request includes the identifier of the remote/end UE 401, an RSC, and security capability of the remote/end UE 401.

At 416, the PKMF 403 of the remote/end UE 401 transmits a request to the PCF 405 in its SPLMN 102 to get information about at least one PLMN where the remote/end UE 401 is authorized to access 5G ProSe U2N relay and/or U2U relay. For example, the request may include the identifier of the remote/end UE 401, at least one of the following: a 5G ProSe U2N relay indicator, a 5G ProSe U2U relay indicator, a 5G ProSe Layer 2 relay indicator, a 5G ProSe Layer 3 relay indicator, a 5G ProSe U2N Layer 2 relay indicator, a 5G ProSe U2N Layer 3 relay indicator, a 5G ProSe U2U Layer 2 relay indicator, or a 5G ProSe U2U Layer 3 relay indicator, an RSC and an ID of the SPLMN 102 of the remote/end UE 401.

At 418, the PCF 405 of the remote/end UE 401 obtains the information about at least one PLMN where the remote/end UE 401 is authorized to access 5G ProSe U2N relay and/or U2U relay according to input parameters in the request from the remote/end UE 401. For example, the PCF 405 may obtain the information about at least one PLMN based on the identifier of the remote/end UE 401, the RSC, at least one of the 5G ProSe relay indicators as described with respect to action 416, and the ID of the SPLMN 102 of the remote/end UE 401.

For example, the PCF 405 may act as a V-PCF. In this case, the PCF 405 may forward the request to the third network device 150 (acting as a H-PCF) and obtain the information about at least one PLMN where the remote/end UE 401 is authorized to access 5G ProSe U2N relay and/or U2U relay from the third network device 150.

Alternatively, the PCF 405 can be a serving PCF (in case the SPLMN 102 is the same as the HPLMN 104) or H-PCF (in case the SPLMN 102 is different from the HPLMN 104) the PCF 405 may be pre-configured with the information about at least one PLMN where the remote/end UE 401 is authorized to access 5G ProSe U2N relay and/or U2U relay. Thus, the PCF 405 may obtain the information based on the request and local configuration.

At 420, the PCF 405 transmits a response to the PKMF 403. The response includes the identifier of the remote/end UE 401, and at least one of the following: a list of PLMNs where the remote/end UE 401 is authorized to access 5G ProSe U2N Layer 2 relay, a list of PLMNs where the remote/end UE 401 is authorized to access 5G ProSe U2N Layer 3 relay, a list of PLMNs where the remote/end UE 401 is authorized to access 5G ProSe U2U Layer 2 relay, a list of PLMNs where the remote/end UE 401 is authorized to access 5G ProSe U2U Layer 3 relay. Optionally, the response comprises the RSC.

At 422, the PKMF 403 of the remote/end UE 401 transmits a discovery key request to the PKMF 409 of the U2N/U2U relay 407 (for example, together with other PKMF (s) of the potential relay (s) ) . The request may include security capability of the remote/end UE 401 and the RSC. The PKMF 403 of the remote/end UE 401 determines or locates the PKMF 409 of the U2N/U2U relay 407 and the other PKMF (s) of the potential relay (s) based on the list of PLMNs received from the PCF 405 at action 420.

At 424, the PKMF 403 of the remote/end UE 401 receives a discovery key response from the PKMF 409 of the U2N/U2U relay 407 (for example, together with other PKMF (s) of the potential relay (s) ) . The response includes security parameters and a Chosen PC5 ciphering algorithm. For example, the security parameters comprise code security paramerters (Code-SecParams) and Discovery User Integrity Key (DUIK) . Actions 422 and 424 may be repeated for each PLMN in the PLMN list received at action 420.

At 426, the PKMF 403 of the remote/end UE 401 transmits a discovery key response to the remote/end UE 401. The response includes the RSC, optional PC5 security policies, CURRENT_TIME, MAX_OFFSET, Code-SecParams, and the Chosen PC5 ciphering algorithm. The Code-SecParams may be assoicated with the authorized PLMN (s) . The security related information (such as Code-SecParams and the Chosen PC5 ciphering algorithm) is constructed from the security parameters received from the PKMF (s) of potential relay (s) at actions 422 and 424.

At 428, the remote end/UE 401 and the U2N/U2U relay 407 perform discovery over PC5. The discovery messages are protected with specific security parameters and the chosen PC5 ciphering algorithm.

At 430, the PKMF 403 of the remote/end UE 401 subscribes to the PCF 405 of the remote/end UE 401 to receive a notification of a change of PLMNs where the remote/end UE 401 is authorized to access 5G ProSe U2N relay and/or U2U relay. The request includes the identifier of the remote/end UE 401, and at least one of the following: a 5G ProSe U2N relay indicator, a 5G ProSe U2U relay indicator, a 5G ProSe Layer 2 relay indicator, a 5G ProSe Layer 3 relay indicator, a 5G ProSe U2N Layer 2 relay indicator, a 5G ProSe U2N Layer 3 relay indicator, a 5G ProSe U2U Layer 2 relay indicator, and a 5G ProSe U2U Layer 3 relay indicator.

At 432, if there is a change on the PLMNs where the remote/end UE 401 is authorized to access 5G ProSe U2N relay and/or U2U relay, the PCF 405 checks the subscription, updates the authorized PLMNs for the remote/end UE 401 and generates the notification accordingly.

At 434, the PCF 405 transmits the notification to the PKMF 403. The notification includes the identifier of the remote/end remote/end UE 401 401, at least one of the following: a list of PLMNs where the remote/end UE 401 is authorized to access 5G ProSe U2N Layer 2 relay, a list of PLMNs where the remote/end UE 401 is authorized to access 5G ProSe U2N Layer 3 relay, a list of PLMNs where the remote/end UE 401 is authorized to access 5G ProSe U2U Layer 2 relay, a list of PLMNs where the remote/end UE 401 is authorized to access 5G ProSe U2U Layer 3 relay, and optional RSC.

It is to be understood that Fig. 4 shows that the actions 430, 432 and 434 are performed after the action 428 by way of example. In other example embodiments, the actions 430, 432 and 434 are performed after the action 420 and before the action 422. Alternatively, the actions 430, 432 and 434 are performed after any of the actions 422, 424, 426 and 428.

It shall be understood that the process 400 has been described with respect to Fig. 1A by way of example. In other example embodiments, the process 400 may be also applied to the environments 100B to 100D in Figs. 1B to 1D. Details of such example embodiments are omitted for brevity.

In some example embodiments, the process 400 may be performed after “user plane” security solution is used.

In some example embodiments, each the PKMFs 403 and 409 in Fig. 4 may be replaced by DDNMF. In such example embodiments, the process 400 may be performed after “control plane” security solution is used.

In some example embodiments, the process 400 may be applied for model A relay discovery procedure. A process similar to the process 400 may be applied for model B relay discovery procedure. In the model B relay discovery procedure, a remote UE (such as the remote/end UE 401) sends a relay solicitation message and a relay UE (such as the U2N/U2U relay 407) sends a relay response message, and the remote UE may send multiple relay solicitation messages and each relay solicitation message is protected using the security information corresponding to a PLMN of the potential relay UE. Alternatively, in another solution, the PKMF of the relay UE may apply a process similar to the process 400 to obtain and construct the security information of the potential remote/end UEs. In this solution, the remote UE only needs to send one relay solicitation message and the relay UE uses the corresponding security information for handling the received solicitation message from the remote UE.

Fig. 5 shows a flowchart of an example method 500 implemented at a first network device in accordance with some example embodiments of the present disclosure. For the purpose of discussion, the method 500 will be described from the perspective of the first network device 120 with respect to any of Figs. 1A to 1D.

At block 510, the first network device 120 receives, from a second network device 130, a request for information about at least one PLMN where a terminal device 110 is authorized to use a relay service. At block 520, the first network device 120 obtains the information about the at least one PLMN based on the request. At block 530, the first network device 120 transmits, to the second network device 130, a response comprising the information about the at least one PLMN.

In some example embodiments, the request may comprise at least one of the following: an identifier of the terminal device 110; a relay indicator; a relay service code (RSC) ; or an identifier of a serving PLMN of the terminal device 110.

In some example embodiments, the relay indicator may comprise at least one of the following: a fifth generation (5G) proximity based service (ProSe) user equipment (UE) -to-Network relay indicator; a 5G ProSe UE-to-UE relay indicator; a 5G ProSe Layer 2 relay indicator; a 5G ProSe Layer 3 relay indicator; a 5G ProSe UE-to-Network Layer 2 relay indicator; a 5G ProSe UE-to-Network Layer 3 relay indicator; a 5G ProSe UE-to-UE Layer 2 relay indicator; or a 5G ProSe UE-to-UE Layer 3 relay indicator.

In some example embodiments, the response may further comprise the identifier of the terminal device 110.

In some example embodiments, the information may comprise a first list of PLMNs associated with a relay service code (RSC) . Alternatively or additionally, the information may comprise a first set of PLMN lists, each of the PLMN lists being associated with a relay indicator.

In some example embodiments, the first list of PLMNs or the first set of the PLMN lists may comprise at least one of following: a first list of PLMNs where the terminal device 110 is authorized to access 5G ProSe UE-to-Network Layer 2 relay, a second list of PLMNs where the terminal device 110 is authorized to access 5G ProSe UE-to-Network Layer 3 relay, a third list of PLMNs where the terminal device 110 is authorized to access 5G ProSe UE-to-UE Layer 2 relay, or a fourth list of PLMNs where the terminal device 110 is authorized to access 5G ProSe UE-to-UE Layer 3 relay.

In some example embodiments, the first network device 120 may further receive, from the second network device 130, a subscription request for an update of the information about the at least one PLMN; and, based on determining that the information is updated, transmit, to the second network device 130, a subscription notification comprising the updated information.

In some example embodiments, the subscription request may comprise at least one of the following: an identifier of the terminal device 110; a relay service code (RSC) ; or a relay indicator.

In some example embodiments, the subscription notification may comprise an identifier of the terminal device 110.

In some example embodiments, the updated information may comprise a second list of PLMNs associated with a relay service code (RSC) . Alternatively or additionally, the updated information may comprise a second set of PLMN lists, each of the PLMN lists being associated with a relay indicator.

In some example embodiments, the second list of PLMNs or the second set of the PLMN lists may comprise at least one of following: a first updated list of PLMNs where the terminal device 110 is authorized to access 5G ProSe UE-to-Network Layer 2 relay; a second updated list of PLMNs where the terminal device 110 is authorized to access 5G ProSe UE-to-Network Layer 3 relay; a third updated list of PLMNs where the terminal device 110 is authorized to access 5G ProSe UE-to-UE Layer 2 relay; or a fourth updated list of PLMNs where the terminal device 110 is authorized to access 5G ProSe UE-to-UE Layer 3 relay.

In some example embodiments, the first network device 120 may be a home policy control function (PCF) device located in a home PLMN of the terminal device 110, and the second network device 130 may be a visited PCF device or a direct discovery name management function (DDNMF) device or a proximity based services (ProSe) key management function (PKMF) device located in a serving PLMN of the terminal device 110.

In some example embodiments, the first network device 120 may be a visited PCF device located in a serving PLMN of the terminal device 110, and the second network device 130 may be a direct discovery name management function (DDNMF) device or a proximity based services (ProSe) key management function (PKMF) device located in a serving PLMN of the terminal device 110.

In some example embodiments, the first network device 120 may further forward the request to a third network device in a home PLMN of the terminal device 110; and to obtain the information about the at least one PLMN, the first network device 120 may obtain the information about the at least one PLMN from the third network device.

Fig. 6 shows a flowchart of an example method 600 implemented at a second network device in accordance with some example embodiments of the present disclosure. For the purpose of discussion, the method 600 will be described from the perspective of the second network device 130 with respect to any of Figs. 1A to 1D.

At block 610, the second network device 130 transmits, to a first network device 120, a request for information about at least one public land mobile network (PLMN) where a terminal device 110 is authorized to use a relay service. At block 620, the second network device 130 receives, from the first network device 120, a response comprising the information about the at least one PLMN.

In some example embodiments, the response may comprise the identifier of the terminal device 110.

In some example embodiments, the information comprises a first list of PLMNs associated with a relay service code (RSC) . Alternatively or additionally, the information may comprise a first set of PLMN lists, each of the PLMN lists being associated with a relay indicator.

In some example embodiments, the first list of PLMNs or the first set of the PLMN lists may comprise at least one of following: a first list of PLMNs where the terminal device 110 is authorized to access 5G ProSe UE-to-Network Layer 2 relay, a second list of PLMNs where the terminal device 110 is authorized to access 5G ProSe UE-to-Network Layer 3 relay, a third list of PLMNs where the terminal device 110 is authorized to access 5G ProSe UE-to-UE Layer 2 relay, a fourth list of PLMNs where the terminal device 110 is authorized to access 5G ProSe UE-to-UE Layer 3 relay.

In some example embodiments, the first network device 120 may further transmit, to the first network device 120, a subscription request for an update of the information about the at least one PLMN; and receive, from the first network device 120, a subscription notification comprising the updated information.

In some example embodiments, the subscription may comprise at least one of the following: an identifier of the terminal device 110; a relay service code (RSC) ; or a relay indicator.

In some example embodiments, the notification may comprise an identifier of the terminal device 110.

In some example embodiments, the first network device 120 may be a home policy control function (PCF) device located in a home PLMN of the terminal device 110, and the second network device 130 may be a visited PCF device or a direct discovery name management function (DDNMF) device or a ProSe key management function (PKMF) device located in a serving PLMN of the terminal device 110.

In some example embodiments, the first network device 120 may be a visited PCF device located in a serving PLMN of the terminal device 110, and the second network device 130 may be a direct discovery name management function (DDNMF) device or a ProSe key management function (PKMF) device located in a serving PLMN of the terminal device 110.

In some example embodiments, an apparatus capable of performing any of the method 500 (for example, the first network device 120) may comprise means for performing the respective operations of the method 500. The means may be implemented in any suitable form. For example, the means may be implemented in a circuitry or software module. The apparatus may be implemented as or included in the first network device 120. In some example embodiments, the means may comprise a processor and a memory.

In some example embodiments, the apparatus comprises: means for receiving, from a second network device, a request for information about at least one public land mobile network (PLMN) where a terminal device is authorized to use a relay service; means for obtaining the information about the at least one PLMN based on the request; and means for transmitting, to the second network device, a response comprising the information about the at least one PLMN.

In some example embodiments, the request comprises at least one of the following: an identifier of the terminal device; a relay indicator; a relay service code (RSC) ; or an identifier of a serving PLMN of the terminal device.

In some example embodiments, the relay indicator comprises at least one of the following: a fifth generation (5G) proximity based service (ProSe) user equipment (UE) -to-Network relay indicator; a 5G ProSe UE-to-UE relay indicator; a 5G ProSe Layer 2 relay indicator; a 5G ProSe Layer 3 relay indicator; a 5G ProSe UE-to-Network Layer 2 relay indicator; a 5G ProSe UE-to-Network Layer 3 relay indicator; a 5G ProSe UE-to-UE Layer 2 relay indicator; or a 5G ProSe UE-to-UE Layer 3 relay indicator.

In some example embodiments, the response further comprises the identifier of the terminal device.

In some example embodiments, the information comprises a first list of PLMNs associated with a relay service code (RSC) ; or the information comprises a first set of PLMN lists, each of the PLMN lists being associated with a relay indicator.

In some example embodiments, the first list of PLMNs or the first set of the PLMN lists comprises at least one of following: a first list of PLMNs where the terminal device is authorized to access 5G ProSe UE-to-Network Layer 2 relay, a second list of PLMNs where the terminal device is authorized to access 5G ProSe UE-to-Network Layer 3 relay, a third list of PLMNs where the terminal device is authorized to access 5G ProSe UE-to-UE Layer 2 relay, or a fourth list of PLMNs where the terminal device is authorized to access 5G ProSe UE-to-UE Layer 3 relay.

In some example embodiments, the apparatus further comprises: means for receiving, from the second network device, a subscription request for an update of the information about the at least one PLMN; and means for, based on determining that the information is updated, transmitting, to the second network device, a subscription notification comprising the updated information.

In some example embodiments, the subscription request comprises at least one of the following: an identifier of the terminal device; a relay service code (RSC) ; or a relay indicator.

In some example embodiments, the subscription notification comprises an identifier of the terminal device.

In some example embodiments, the updated information comprises a second list of PLMNs associated with a relay service code (RSC) ; or the updated information comprises a second set of PLMN lists, each of the PLMN lists being associated with a relay indicator.

In some example embodiments, the second list of PLMNs or the second set of the PLMN lists comprises at least one of following: a first updated list of PLMNs where the terminal device is authorized to access 5G ProSe UE-to-Network Layer 2 relay; a second updated list of PLMNs where the terminal device is authorized to access 5G ProSe UE-to-Network Layer 3 relay; a third updated list of PLMNs where the terminal device is authorized to access 5G ProSe UE-to-UE Layer 2 relay; or a fourth updated list of PLMNs where the terminal device is authorized to access 5G ProSe UE-to-UE Layer 3 relay.

In some example embodiments, the first network device is a home policy control function (PCF) device located in a home PLMN of the terminal device, and the second network device is a visited PCF device or a direct discovery name management function (DDNMF) device or a proximity based services (ProSe) key management function (PKMF) device located in a serving PLMN of the terminal device.

In some example embodiments, the first network device is a visited PCF device located in a serving PLMN of the terminal device, and the second network device is a direct discovery name management function (DDNMF) device or a proximity based services (ProSe) key management function (PKMF) device located in a serving PLMN of the terminal device.

In some example embodiments, the apparatus further comprises means for forwarding the request to a third network device in a home PLMN of the terminal device; and the means for obtaining the information about the at least one PLMN comprises means for obtaining the information about the at least one PLMN from the third network device.

In some example embodiments, an apparatus capable of performing any of the method 600 (for example, the second network device 130) may comprise means for performing the respective operations of the method 600. The means may be implemented in any suitable form. For example, the means may be implemented in a circuitry or software module. The apparatus may be implemented as or included in the second network device 130. In some example embodiments, the means may comprise a processor and a memory.

In some example embodiments, the apparatus comprises: means for transmitting, to a first network device, a request for information about at least one public land mobile network (PLMN) where a terminal device is authorized to use a relay service; and means for receiving, from the first network device, a response comprising the information about the at least one PLMN.

In some example embodiments, the response comprises the identifier of the terminal device.

In some example embodiments, the first list of PLMNs or the first set of the PLMN lists comprises at least one of following: a first list of PLMNs where the terminal device is authorized to access 5G ProSe UE-to-Network Layer 2 relay, a second list of PLMNs where the terminal device is authorized to access 5G ProSe UE-to-Network Layer 3 relay, a third list of PLMNs where the terminal device is authorized to access 5G ProSe UE-to-UE Layer 2 relay, a fourth list of PLMNs where the terminal device is authorized to access 5G ProSe UE-to-UE Layer 3 relay.

In some example embodiments, the apparatus further comprises means for transmitting, to the first network device, a subscription request for an update of the information about the at least one PLMN; and means for receiving, from the first network device, a subscription notification comprising the updated information.

In some example embodiments, the subscription comprises at least one of the following: an identifier of the terminal device; a relay service code (RSC) ; or a relay indicator.

In some example embodiments, the notification comprises an identifier of the terminal device.

In some example embodiments, the updated information comprises a second list of PLMNs associated with a relay service code (RSC) . Alternatively or additionally, the updated information comprises a second set of PLMN lists, each of the PLMN lists being associated with a relay indicator.

In some example embodiments, the first network device is a home policy control function (PCF) device located in a home PLMN of the terminal device, and the second network device is a visited PCF device or a direct discovery name management function (DDNMF) device or a ProSe key management function (PKMF) device located in a serving PLMN of the terminal device.

In some example embodiments, the first network device is a visited PCF device located in a serving PLMN of the terminal device, and the second network device is a direct discovery name management function (DDNMF) device or a ProSe key management function (PKMF) device located in a serving PLMN of the terminal device.

It shall be understood that details of example embodiments of the present disclosure which have been described with reference to Figs. 3 and 4 are also applied to the methods 500 and 600.

Fig. 7 is a simplified block diagram of a device 700 that is suitable for implementing embodiments of the present disclosure. The device 700 may be provided to implement the communication device, for example, the first network device 120 or the second network device 130 as shown in any of Figs. 1A to 1D. As shown, the device 700 includes one or more processors 710, one or more memories 720 coupled to the processor 710, and one or more communication modules 740 coupled to the processor 710.

The communication module 740 is for bidirectional communications. The communication module 740 has at least one antenna to facilitate communication. The communication interface may represent any interface that is necessary for communication with other network elements.

The processor 710 may be of any type suitable to the local technical network and may include one or more of the following: general purpose computers, special purpose computers, microprocessors, digital signal processors (DSPs) and processors based on multicore processor architecture, as non-limiting examples. The device 700 may have multiple processors, such as an application specific integrated circuit chip that is slaved in time to a clock which synchronizes the main processor.

The memory 720 may include one or more non-volatile memories and one or more volatile memories. Examples of the non-volatile memories include, but are not limited to, a Read Only Memory (ROM) 724, an electrically programmable read only memory (EPROM) , a flash memory, a hard disk, a compact disc (CD) , a digital video disk (DVD) , and other magnetic storage and/or optical storage. Examples of the volatile memories include, but are not limited to, a random access memory (RAM) 722 and other volatile memories that will not last in the power-down duration.

A computer program 730 includes computer executable instructions that are executed by the associated processor 710. The program 730 may be stored in the ROM 724. The processor 710 may perform any suitable actions and processing by loading the program 730 into the RAM 722.

The embodiments of the present disclosure may be implemented by means of the program 730 so that the device 700 may perform any process of the disclosure as discussed with reference to Figs. 1 to 6. The embodiments of the present disclosure may also be implemented by hardware or by a combination of software and hardware.

In some example embodiments, the program 730 may be tangibly contained in a computer readable medium which may be included in the device 700 (such as in the memory 720) or other storage devices that are accessible by the device 700. The device 700 may load the program 730 from the computer readable medium to the RAM 722 for execution. The computer readable medium may include any types of tangible non-volatile storage, such as ROM, EPROM, a flash memory, a hard disk, CD, DVD, and the like. Fig. 8 shows an example of the computer readable medium 800 in form of CD or DVD. The computer readable medium has the program 730 stored thereon.

Generally, various embodiments of the present disclosure may be implemented in hardware or special purpose circuits, software, logic or any combination thereof. Some aspects may be implemented in hardware, while other aspects may be implemented in firmware or software which may be executed by a controller, microprocessor or other computing device. While various aspects of embodiments of the present disclosure are illustrated and described as block diagrams, flowcharts, or using some other pictorial representations, it is to be understood that the block, apparatus, system, technique or method described herein may be implemented in, as non-limiting examples, hardware, software, firmware, special purpose circuits or logic, general purpose hardware or controller or other computing devices, or some combination thereof.

The present disclosure also provides at least one computer program product tangibly stored on a non-transitory computer readable storage medium. The computer program product includes computer-executable instructions, such as those included in program modules, being executed in a device on a target real or virtual processor, to carry out the methods 500 and 600 as described above with reference to Figs. 5 and 6. Generally, program modules include routines, programs, libraries, objects, classes, components, data structures, or the like that perform particular tasks or implement particular abstract data types. The functionality of the program modules may be combined or split between program modules as desired in various embodiments. Machine-executable instructions for program modules may be executed within a local or distributed device. In a distributed device, program modules may be located in both local and remote storage media.

Program code for carrying out methods of the present disclosure may be written in any combination of one or more programming languages. These program codes may be provided to a processor or controller of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the program codes, when executed by the processor or controller, cause the functions/operations specified in the flowcharts and/or block diagrams to be implemented. The program code may execute entirely on a machine, partly on the machine, as a stand-alone software package, partly on the machine and partly on a remote machine or entirely on the remote machine or server.

In the context of the present disclosure, the computer program codes or related data may be carried by any suitable carrier to enable the device, apparatus or processor to perform various processes and operations as described above. Examples of the carrier include a signal, computer readable medium, and the like.

The computer readable medium may be a computer readable signal medium or a computer readable storage medium. A computer readable medium may include but not limited to an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of the computer readable storage medium would include an electrical connection having one or more wires, a portable computer diskette, a hard disk, a random access memory (RAM) , a read-only memory (ROM) , an erasable programmable read-only memory (EPROM or Flash memory) , an optical fiber, a portable compact disc read-only memory (CD-ROM) , an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.

Further, while operations are depicted in a particular order, this should not be understood as requiring that such operations be performed in the particular order shown or in sequential order, or that all illustrated operations be performed, to achieve desirable results. In certain circumstances, multitasking and parallel processing may be advantageous. Likewise, while several specific implementation details are contained in the above discussions, these should not be construed as limitations on the scope of the present disclosure, but rather as descriptions of features that may be specific to particular embodiments. Certain features that are described in the context of separate embodiments may also be implemented in combination in a single embodiment. Conversely, various features that are described in the context of a single embodiment may also be implemented in multiple embodiments separately or in any suitable sub-combination.

Although the present disclosure has been described in languages specific to structural features and/or methodological acts, it is to be understood that the present disclosure defined in the appended claims is not necessarily limited to the specific features or acts described above. Rather, the specific features and acts described above are disclosed as example forms of implementing the claims.

Claims

A first network device, comprising:

at least one processor; and

at least one memory storing instructions that, when executed by the at least one processor, cause the first network device at least to:

receive, from a second network device, a request for information about at least one public land mobile network (PLMN) where a terminal device is authorized to use a relay service;

obtain the information about the at least one PLMN based on the request; and

transmit, to the second network device, a response comprising the information about the at least one PLMN.
The first network device of claim 1, wherein the request comprises at least one of the following:

an identifier of the terminal device;

a relay indicator;

a relay service code (RSC) ; or

an identifier of a serving PLMN of the terminal device.
The first network device of claim 2, wherein the relay indicator comprises at least one of the following:

a fifth generation (5G) proximity based service (ProSe) user equipment (UE) -to-Network relay indicator;

a 5G ProSe UE-to-UE relay indicator;

a 5G ProSe Layer 2 relay indicator;

a 5G ProSe Layer 3 relay indicator;

a 5G ProSe UE-to-Network Layer 2 relay indicator;

a 5G ProSe UE-to-Network Layer 3 relay indicator;

a 5G ProSe UE-to-UE Layer 2 relay indicator; or

a 5G ProSe UE-to-UE Layer 3 relay indicator.
The first network device of claim 2, wherein the response further comprises the identifier of the terminal device.
The first network device of claim 1, wherein:

the information comprises a first list of PLMNs associated with a relay service code (RSC) ; or

the information comprises a first set of PLMN lists, each of the PLMN lists being associated with a relay indicator.
The first network device of claim 5, wherein the first list of PLMNs or the first set of the PLMN lists comprises at least one of following:

a first list of PLMNs where the terminal device is authorized to access 5G ProSe UE-to-Network Layer 2 relay,

a second list of PLMNs where the terminal device is authorized to access 5G ProSe UE-to-Network Layer 3 relay,

a third list of PLMNs where the terminal device is authorized to access 5G ProSe UE-to-UE Layer 2 relay, or

a fourth list of PLMNs where the terminal device is authorized to access 5G ProSe UE-to-UE Layer 3 relay.
The first network device of claim 1, wherein the first network device is further caused to:

receive, from the second network device, a subscription request for an update of the information about the at least one PLMN; and

based on determining that the information is updated, transmit, to the second network device, a subscription notification comprising the updated information.
The first network device of claim 7, wherein the subscription request comprises at least one of the following:

an identifier of the terminal device;

a relay service code (RSC) ; or

a relay indicator.
The first network device of claim 7, wherein the subscription notification comprises an identifier of the terminal device.
The first network device of claim 7, wherein:

the updated information comprises a second list of PLMNs associated with a relay service code (RSC) ; or

the updated information comprises a second set of PLMN lists, each of the PLMN lists being associated with a relay indicator.
The first network device of claim 10, wherein the second list of PLMNs or the second set of the PLMN lists comprises at least one of following:

a first updated list of PLMNs where the terminal device is authorized to access 5G ProSe UE-to-Network Layer 2 relay;

a second updated list of PLMNs where the terminal device is authorized to access 5G ProSe UE-to-Network Layer 3 relay;

a third updated list of PLMNs where the terminal device is authorized to access 5G ProSe UE-to-UE Layer 2 relay; or

a fourth updated list of PLMNs where the terminal device is authorized to access 5G ProSe UE-to-UE Layer 3 relay.
The first network device of claim 1, wherein the first network device is a home policy control function (PCF) device located in a home PLMN of the terminal device, and the second network device is a visited PCF device, a direct discovery name management function (DDNMF) device or a proximity based services (ProSe) key management function (PKMF) device located in a serving PLMN of the terminal device.
The first network device of claim 1, wherein the first network device is a visited PCF device located in a serving PLMN of the terminal device, and the second network device is a direct discovery name management function (DDNMF) device or a proximity based services (ProSe) key management function (PKMF) device located in the serving PLMN of the terminal device.
The first network device of claim 13, wherein:

the first network device is further caused to:

forward the request to a third network device in a home PLMN of the terminal device; and

the first network device is caused to obtain the information about the at least one PLMN by:

obtaining the information about the at least one PLMN from the third network device.
A second network device, comprising:

at least one processor; and

at least one memory storing instructions that, when executed by the at least one processor, cause the second network device at least to:

transmit, to a first network device, a request for information about at least one public land mobile network (PLMN) where a terminal device is authorized to use a relay service; and

receive, from the first network device, a response comprising the information about the at least one PLMN.
The second network device of claim 15, wherein the request comprises at least one of the following:

an identifier of the terminal device;

a relay indicator;

a relay service code (RSC) ; or

an identifier of a serving PLMN of the terminal device.
The second network device of claim 16, wherein the relay indicator comprises at least one of the following:

a fifth generation (5G) proximity based service (ProSe) user equipment (UE) -to-Network relay indicator;

a 5G ProSe UE-to-UE relay indicator;

a 5G ProSe Layer 2 relay indicator;

a 5G ProSe Layer 3 relay indicator;

a 5G ProSe UE-to-Network Layer 2 relay indicator;

a 5G ProSe UE-to-Network Layer 3 relay indicator;

a 5G ProSe UE-to-UE Layer 2 relay indicator; or

a 5G ProSe UE-to-UE Layer 3 relay indicator.
The second network device of claim 16, wherein the response comprises the identifier of the terminal device.
The second network device of claim 15, wherein:

the information comprises a first list of PLMNs associated with a relay service code (RSC) ; or

the information comprises a first set of PLMN lists, each of the PLMN lists being associated with a relay indicator.
The second network device of claim 19, wherein the first list of PLMNs or the first set of the PLMN lists comprises at least one of following:

a first list of PLMNs where the terminal device is authorized to access 5G ProSe UE-to-Network Layer 2 relay,

a second list of PLMNs where the terminal device is authorized to access 5G ProSe UE-to-Network Layer 3 relay,

a third list of PLMNs where the terminal device is authorized to access 5G ProSe UE-to-UE Layer 2 relay,

a fourth list of PLMNs where the terminal device is authorized to access 5G ProSe UE-to-UE Layer 3 relay.
The second network device of claim 15, wherein the first network device is further caused to:

transmit, to the first network device, a subscription request for an update of the information about the at least one PLMN; and

receive, from the first network device, a subscription notification comprising the updated information.
The second network device of claim 21, wherein the subscription comprises at least one of the following:

an identifier of the terminal device;

a relay service code (RSC) ; or

a relay indicator.
The second network device of claim 21, wherein the notification comprises an identifier of the terminal device.
The second network device of claim 21, wherein:

the updated information comprises a second list of PLMNs associated with a relay service code (RSC) ; or

the updated information comprises a second set of PLMN lists, each of the PLMN lists being associated with a relay indicator.
The second network device of claim 24, wherein the second list of PLMNs or the second set of the PLMN lists comprises at least one of following:

a first updated list of PLMNs where the terminal device is authorized to access 5G ProSe UE-to-Network Layer 2 relay;

a second updated list of PLMNs where the terminal device is authorized to access 5G ProSe UE-to-Network Layer 3 relay;

a third updated list of PLMNs where the terminal device is authorized to access 5G ProSe UE-to-UE Layer 2 relay; or

a fourth updated list of PLMNs where the terminal device is authorized to access 5G ProSe UE-to-UE Layer 3 relay.
The second network device of claim 15, wherein the first network device is a home policy control function (PCF) device located in a home PLMN of the terminal device, and the second network device is a visited PCF device or a direct discovery name management function (DDNMF) device or a ProSe key management function (PKMF) device located in a serving PLMN of the terminal device.
The second network device of claim 15, wherein the first network device is a visited PCF device located in a serving PLMN of the terminal device, and the second network device is a direct discovery name management function (DDNMF) device or a ProSe key management function (PKMF) device located in a serving PLMN of the terminal device.
An apparatus, comprising:

means for receiving, at a first network device, from a second network device, a request for information about at least one public land mobile network (PLMN) where a terminal device is authorized to use a relay service;

means for obtaining the information about the at least one PLMN based on the request; and

means for transmitting, to the second network device, a response comprising the information about the at least one PLMN.
An apparatus, comprising:

means for transmitting, at a second network device, to a first network device, a request for information about at least one public land mobile network (PLMN) where a terminal device is authorized to use a relay service; and

means for receiving, from the first network device, a response comprising the information about the at least one PLMN.
A method, comprising:

receiving, at a first network device, from a second network device, a request for information about at least one public land mobile network (PLMN) where a terminal device is authorized to use a relay service;

obtaining the information about the at least one PLMN based on the request; and

transmitting, to the second network device, a response comprising the information about the at least one PLMN.
A method, comprising:

transmitting, at a second network device, to a first network device, a request for information about at least one public land mobile network (PLMN) where a terminal device is authorized to use a relay service; and

receiving, from the first network device, a response comprising the information about the at least one PLMN.
A computer readable medium comprising program instructions for causing an apparatus to perform at least the method of claim 30 or 31.