WO2025247804A1

WO2025247804A1 - Method, apparatus and computer program

Info

Publication number: WO2025247804A1
Application number: PCT/EP2025/064448
Authority: WO
Inventors: David NAVRÁTIL; Pilar ANDRÉS MALDONADO; Devaki Chandramouli; Troels Emil Kolding
Original assignee: Nokia Technologies Oy
Current assignee: Nokia Technologies Oy
Priority date: 2024-05-30
Filing date: 2025-05-26
Publication date: 2025-12-04
Anticipated expiration: 2026-11-30
Also published as: GB2641386A; GB202407640D0

Abstract

A terminal device is disclosed The terminal device comprises means for performing: receiving, from an application function via establishing an application session with the application function, information associated with accessing the application function; and providing, to a control plane network entity of a serving network of the terminal device, the information associated with accessing the application function; wherein the application function is in an untrusted network separated from the serving network of the terminal device; and wherein the information associated with accessing the application function comprises an identifier of an interface of the application function.

Description

METHOD, APPARATUS AND COMPUTER PROGRAM

TECHNICAL FIELD

Various example embodiments of this disclosure relate to a method, apparatus, system and computer program and in particular but not exclusively to provisioning and programmatic discovery of an interface of a network entity residing outside of a trusted domain of a public land mobile network (PLMN).

BACKGROUND

A communication network can be seen as a facility that enables communications between two or more communication devices or provides communication devices access to a data network. A mobile or wireless communication network is one example of a communication network. A communication device may be provided with a service by an application server.

The communication networks operate in accordance with standards such as those provided by 3GPP (Third Generation Partnership Project) or ETSI (European Telecommunications Standards Institute). Examples of standards provided by 3GPP are the so-called 3GPP standards for cellular technology generations, such as 3GPP standards for 4G technology, 5G technology, etc.

SUMMARY

Some example embodiments of this disclosure will be described with respect to certain aspects. These aspects are not intended to indicate key or essential features of the various example embodiments of this disclosure. Nor are they intended to be used to limit the scope thereof. Other related features, aspects, and elements will be apparent to a person skilled in the art in view of this disclosure. For example, it should be appreciated that further aspects may be provided by the combination of any two or more of the various aspects described below.

According to an aspect, there is provided an apparatus comprising means for (performing): receiving, from an application function via establishing an application session with the application function, information associated with accessing the application function; and providing, to a control plane network entity of a serving network of the terminal device, the information associated with accessing the application function; wherein the application function is in an untrusted network separated from the serving network of the terminal device; and wherein the information associated with accessing the application function comprises an identifier of an interface of the application function.

In some embodiments, the identifier of the interface of the application function comprises a configuration of {apiRoot} of the interface.

In some embodiments, the information further comprises at least one of the following: an identifier of the application function; an access security token for retrieving user data of the terminal device from the application function; an application identity of a client application of the application session; at least one application session identity associated with at least one data flows of the client application; at least one quality-of-service rule, information of data available for being collected from the application function; or a universally unique identifier of the application function.

In some embodiments, the means for performing receiving, from the application function via establishing the application session with the application function, the information associated with accessing the application function is for: receiving, from a client application of the application session, the information associated with accessing the application function.

In some embodiments, the information is provided to the control plane network entity in a non- access stratum message.

According to an aspect there is provided an apparatus comprising means for (performing): providing, to a terminal device via establishing an application session with the terminal device, information associated with accessing the application function, wherein the application function is in an untrusted network of a serving network of the terminal device; and wherein the attribute information comprises an identifier of an interface of the application function.

In some embodiments, the identifier of the interface of the application function comprises a configuration of {apiRoot} of the interface. In some embodiments, the information further comprises at least one of the following: an identifier of the application function; an access security token for retrieving user data of the terminal device from the application function; an application identity of a client application of the application session; at least one application session identity associated with at least one data flows of the client application; at least one quality-of-service rule, information of data available for being collected from the application function; or a universally unique identifier of the application function.

In some embodiments, the means for performing providing, to the terminal device via establishing the application session with the terminal device, the information associated with accessing the application function is for: providing, to a client application of the application session, the information associated with accessing the application function.

In some embodiments, the apparatus further comprises means for performing: receiving, from a control plane network entity via the interface, a request for information associated with at least one data flow or at least one application session; and providing, to the control plane network entity via the interface, the information associated with the at least one data flow or the at least one application session.

In some embodiments, the apparatus further comprises means for performing: receiving, from a control plane network entity via the interface, a subscription request of subscribing to information associated with at least one data flow or at least one application session; providing, to the control plane network entity via the interface, an acknowledgement message in response to the subscription request; and providing, to the control plane network entity via the interface, a notification comprising the information associated with the at least one data flow or the at least one application session.

In some embodiments, the information associated with the at least one data flow or the at least one application session comprises at least one of: at least one quality-of-service rule for the at least one data flow or the at least one application session; or statistic data associated with the at least one data flow or the at least one application session.

According to an aspect there is provided an apparatus comprising means for (performing): receiving, from a terminal device, information associated with accessing an application function, wherein the application function is in an untrusted network of a serving network of the terminal device; and wherein the information comprises an identifier of an interface of the application function.

In some embodiments, the information is received in a non-access stratum message.

In some embodiments, the apparatus further comprises means for (performing): providing, to the application function via the interface of the application function, a first request for information associated with at least one data flow or at least one application session; and receiving, from the application function via the interface of the application function, the information associated with the at least one data flow or the at least one application session. In some embodiments, the means for performing providing, to the application function via the interface of the application function, the first request for the information associated with the at least one data flow or the at least one application session is for: receiving, from a user plane network entity, a second request for the information associated with the at least one data flow or the at least one application session; and providing, to the application function via the interface of the application function, the first request for the information associated with the at least one data flow or the at least one application session.

In some embodiments, the user plane network entity comprises a radio access network node or a user plane function.

In some embodiments, the means for performing providing, to the application function via the interface of the application function, the first request for the information associated with the at least one data flow is for: determining that at least one fetch event occurs, and providing, in response to the determination of that the at least one fetch event occurs, the first request for the information associated with the at least one data flow to the application function via the interface of the application function.

In some embodiments, the apparatus further comprises means for (performing): causing a subscription request of subscribing to information associated with at least one data flow or at least one application session to be provided to the application function via the interface; receiving, from the application function, an acknowledgement message in response to the subscription request; and receiving, from the application function via the interface, a notification comprising the information associated with the at least one data flow or the at least one application session.

In some embodiments, the information associated with the at least one data flow comprises at least one of: at least one quality-of-service rule for the at least one data flow or the at least one application session; or statistic data associated with the at least one data flow or the at least one application session.

In some embodiments, the apparatus further comprises means for (performing): providing, to at least one of a network exposure function or a network repository function, the information associated with accessing the application function.

In some embodiments, the apparatus further comprises means for (performing): providing, to a user data management entity, at least part of the information associated with accessing the application function.

According to an aspect, there is provided an apparatus comprising at least one processor and at least one memory storing instructions that, when executed by the at least one processor, cause the apparatus at least to: receive, from an application function via establishing an application session with the application function, information associated with accessing the application function; and provide, to a control plane network entity of a serving network of the terminal device, the information associated with accessing the application function; wherein the application function is in an untrusted network separated from the serving network of the terminal device; and wherein the information associated with accessing the application function comprises an identifier of an interface of the application function.

In some embodiments, the apparatus is caused to receive, from the application function via establishing the application session with the application function, the information associated with accessing the application function by: receiving, from a client application of the application session, the information associated with accessing the application function.

According to an aspect, there is provided an apparatus comprising at least one processor and at least one memory storing instructions that, when executed by the at least one processor, cause the apparatus at least to: provide, to a terminal device via establishing an application session with the terminal device, information associated with accessing the application function, wherein the application function is in an untrusted network of a serving network of the terminal device; and wherein the attribute information comprises an identifier of an interface of the application function.

In some embodiments, the apparatus is caused to provide, to the terminal device via establishing the application session with the terminal device, the information associated with accessing the application function by: providing, to a client application of the application session, the information associated with accessing the application function.

In some embodiments, the apparatus is further caused to: receive, from a control plane network entity via the interface, a request for information associated with at least one data flow or at least one application session; and provide, to the control plane network entity via the interface, the information associated with the at least one data flow or the at least one application session.

In some embodiments, the apparatus is further caused to: receive, from a control plane network entity via the interface, a subscription request of subscribing to information associated with at least one data flow or at least one application session; provide, to the control plane network entity via the interface, an acknowledgement message in response to the subscription request; and provide, to the control plane network entity via the interface, a notification comprising the information associated with the at least one data flow or the at least one application session.

According to an aspect, there is provided an apparatus comprising at least one processor and at least one memory storing instructions that, when executed by the at least one processor, cause the apparatus at least to: receive, from a terminal device, information associated with accessing an application function, wherein the application function is in an untrusted network of a serving network of the terminal device; and wherein the information comprises an identifier of an interface of the application function.

In some embodiments, the apparatus is further caused to: provide, to the application function via the interface of the application function, a first request for information associated with at least one data flow or at least one application session; and receive, from the application function via the interface of the application function, the information associated with the at least one data flow or the at least one application session.

In some embodiments, the apparatus is caused to provide, to the application function via the interface of the application function, the first request for the information associated with the at least one data flow or the at least one application session by: receiving, from a user plane network entity, a second request for the information associated with the at least one data flow or the at least one application session; and providing, to the application function via the interface of the application function, the first request for the information associated with the at least one data flow or the at least one application session.

In some embodiments, the apparatus is caused to provide, to the application function via the interface of the application function, the first request for the information associated with the at least one data flow by: determining that at least one fetch event occurs, and providing, in response to the determination of that the at least one fetch event occurs, the first request for the information associated with the at least one data flow to the application function via the interface of the application function. In some embodiments, the apparatus is further caused to: cause a subscription request of subscribing to information associated with at least one data flow or at least one application session to be provided to the application function via the interface; receive, from the application function, an acknowledgement message in response to the subscription request; and receive, from the application function via the interface, a notification comprising the information associated with the at least one data flow or the at least one application session.

In some embodiments, the apparatus is further caused to: providing, to at least one of a network exposure function or a network repository function, the information associated with accessing the application function.

In some embodiments, the apparatus is further caused to: providing, to a user data management entity, at least part of the information associated with accessing the application function.

According to an aspect, there is provided a method comprising: receiving, from an application function via establishing an application session with the application function, information associated with accessing the application function; and providing, to a control plane network entity of a serving network of the terminal device, the information associated with accessing the application function; wherein the application function is in an untrusted network separated from the serving network of the terminal device; and wherein the information associated with accessing the application function comprises an identifier of an interface of the application function.

In some embodiments, receiving, from the application function via establishing the application session with the application function, the information associated with accessing the application function comprises: receiving, from a client application of the application session, the information associated with accessing the application function.

According to an aspect there is provided a method comprising: providing, to a terminal device via establishing an application session with the terminal device, information associated with accessing the application function, wherein the application function is in an untrusted network of a serving network of the terminal device; and wherein the attribute information comprises an identifier of an interface of the application function.

In some embodiments, providing, to the terminal device via establishing the application session with the terminal device, the information associated with accessing the application function comprises: providing, to a client application of the application session, the information associated with accessing the application function.

In some embodiments, the method further comprises: receiving, from a control plane network entity via the interface, a request for information associated with at least one data flow or at least one application session; and providing, to the control plane network entity via the interface, the information associated with the at least one data flow or the at least one application session.

In some embodiments, the method further comprises: receiving, from a control plane network entity via the interface, a subscription request of subscribing to information associated with at least one data flow or at least one application session; providing, to the control plane network entity via the interface, an acknowledgement message in response to the subscription request; and providing, to the control plane network entity via the interface, a notification comprising the information associated with the at least one data flow or the at least one application session.

According to an aspect there is provided a method comprising: receiving, from a terminal device, information associated with accessing an application function, wherein the application function is in an untrusted network of a serving network of the terminal device; and wherein the information comprises an identifier of an interface of the application function.

In some embodiments, the method further comprises: providing, to the application function via the interface of the application function, a first request for information associated with at least one data flow or at least one application session; and receiving, from the application function via the interface of the application function, the information associated with the at least one data flow or the at least one application session.

In some embodiments, performing providing, to the application function via the interface of the application function, the first request for the information associated with the at least one data flow or the at least one application session comprises: receiving, from a user plane network entity, a second request for the information associated with the at least one data flow or the at least one application session; and providing, to the application function via the interface of the application function, the first request for the information associated with the at least one data flow or the at least one application session. In some embodiments, the user plane network entity comprises a radio access network node or a user plane function.

In some embodiments, providing, to the application function via the interface of the application function, the first request for the information associated with the at least one data flow comprises: determining that at least one fetch event occurs, and providing, in response to the determination of that the at least one fetch event occurs, the first request for the information associated with the at least one data flow to the application function via the interface of the application function.

In some embodiments, the method further comprises: causing a subscription request of subscribing to information associated with at least one data flow or at least one application session to be provided to the application function via the interface; receiving, from the application function, an acknowledgement message in response to the subscription request; and receiving, from the application function via the interface, a notification comprising the information associated with the at least one data flow or the at least one application session.

In some embodiments, the method further comprises: providing, to at least one of a network exposure function or a network repository function, the information associated with accessing the application function.

In some embodiments, the method further comprises: providing, to a user data management entity, at least part of the information associated with accessing the application function. According to an aspect, there is provided a computer readable medium comprising instructions which, when executed by an apparatus, cause the apparatus to perform at least the following: receiving, from an application function via establishing an application session with the application function, information associated with accessing the application function; and providing, to a control plane network entity of a serving network of the terminal device, the information associated with accessing the application function; wherein the application function is in an untrusted network separated from the serving network of the terminal device; and wherein the information associated with accessing the application function comprises an identifier of an interface of the application function.

In some embodiments, the information is provided to the control plane network entity in a non- access stratum message. According to an aspect, there is provided a computer readable medium comprising instructions which, when executed by an apparatus, cause the apparatus to perform at least the following: providing, to a terminal device via establishing an application session with the terminal device, information associated with accessing the application function, wherein the application function is in an untrusted network of a serving network of the terminal device; and wherein the attribute information comprises an identifier of an interface of the application function.

In some embodiments, the apparatus is caused to perform providing, to the terminal device via establishing the application session with the terminal device, the information associated with accessing the application function by: providing, to a client application of the application session, the information associated with accessing the application function.

In some embodiments, the apparatus is further caused to perform: receiving, from a control plane network entity via the interface, a request for information associated with at least one data flow or at least one application session; and providing, to the control plane network entity via the interface, the information associated with the at least one data flow or the at least one application session.

In some embodiments, the apparatus is further caused to perform: receiving, from a control plane network entity via the interface, a subscription request of subscribing to information associated with at least one data flow or at least one application session; providing, to the control plane network entity via the interface, an acknowledgement message in response to the subscription request; and providing, to the control plane network entity via the interface, a notification comprising the information associated with the at least one data flow or the at least one application session.

According to an aspect, there is provided a computer readable medium comprising instructions which, when executed by an apparatus, cause the apparatus to perform at least the following: receiving, from a terminal device, information associated with accessing an application function, wherein the application function is in an untrusted network of a serving network of the terminal device; and wherein the information comprises an identifier of an interface of the application function.

In some embodiments, the apparatus is further caused to perform: providing, to the application function via the interface of the application function, a first request for information associated with at least one data flow or at least one application session; and receiving, from the application function via the interface of the application function, the information associated with the at least one data flow or the at least one application session.

In some embodiments, the apparatus is further caused to perform providing, to the application function via the interface of the application function, the first request for the information associated with the at least one data flow or the at least one application session by: receiving, from a user plane network entity, a second request for the information associated with the at least one data flow or the at least one application session; and providing, to the application function via the interface of the application function, the first request for the information associated with the at least one data flow or the at least one application session.

In some embodiments, the apparatus is further caused to perform providing, to the application function via the interface of the application function, the first request for the information associated with the at least one data flow by: determining that at least one fetch event occurs, and providing, in response to the determination of that the at least one fetch event occurs, the first request for the information associated with the at least one data flow to the application function via the interface of the application function.

In some embodiments, the apparatus is further caused to perform: causing a subscription request of subscribing to information associated with at least one data flow or at least one application session to be provided to the application function via the interface; receiving, from the application function, an acknowledgement message in response to the subscription request; and receiving, from the application function via the interface, a notification comprising the information associated with the at least one data flow or the at least one application session.

In some embodiments, the apparatus is further caused to perform: providing, to at least one of a network exposure function or a network repository function, the information associated with accessing the application function.

In some embodiments, the apparatus is further caused to perform: providing, to a user data management entity, at least part of the information associated with accessing the application function.

According to an aspect, there is provided a non-transitory computer readable medium comprising program instructions that, when executed by an apparatus, cause the apparatus to perform at least the method according to any of the preceding aspects.

In the above, many different aspects have been described. As previously noted, it should be appreciated that further aspects may be provided by the combination of any two or more of the aspects described above. Other features, aspects, and elements will become apparent in view of the following.

DESCRIPTION OF FIGURES

Some example embodiments will now be described, by way of non-limiting and illustrative example only, with reference to the accompanying Figures in which:

FIG. 1 shows a representation of a 5^th generation communication system;

FIG. 2 shows a representation of an apparatus for the communication system of FIG. 1 according to some example embodiments;

FIG. 3 shows a representation of an apparatus according to some example embodiments; FIG. 4 shows video resolution and corresponding bit rate requirements according to an embodiment of the present disclosure;

FIG.5 shows a schematic diagram of a signaling flow according to an embodiment of the present disclosure;

FIG. 6 shows a schematic diagram of a process according to an embodiment of the present disclosure;

FIGS. 7a and 7b show schematic diagrams of a process according to an embodiment of the present disclosure;

FIGS. 8a and 8b shows a schematic diagram of a process according to an embodiment of the present disclosure;

FIGS. 9a and 9b shows a schematic diagram of a process according to an embodiment of the present disclosure;

FIG. 10 shows a flowchart of a method according to an embodiment of the present disclosure; FIG. 11 shows a flowchart of a method according to an embodiment of the present disclosure; FIG. 12 shows a flowchart of a method according to an embodiment of the present disclosure; and

FIG. 13 shows a schematic representation of an apparatus according to some examples.

DETAILED DESCRIPTION

In the following various example embodiments are described with reference to communication devices capable of communication with a communication system. To help understand various example embodiments in the context better, a 5^th generation communication system (5GS), an access network and a 5G core network (5GC) thereof, and communication devices will be described for illustrative purpose with reference to FIGS. 1 , 2 and 3. Note that methods and apparatuses in each embodiment of the present disclosure are not limited to applications in the 5GS and may be applied in 6G and beyond communication systems.

FIG. 1 shows a schematic representation of a 5GS. The 5GS may comprise a user equipment (UE) 100 (or Terminal) , an access network, such as a (radio) access network ((R)AN) 101 or a next generation radio access network (NG-RAN), a 5GC 102, and one or more application functions (AFs) 103. One AF 103 may be deployed in the 5GS as a trusted AF. In addition, an AF 103 may be deployed or hosted on one or more application servers of a data network (DN) 104. Such AF 103, in this instance, are an untrusted AF. The 5GS connects the UE 100 to the data network 104 via the access network and the 5GC 102 (e.g., a UPF of the 5GC). The (R)AN 101 may comprise one or more radio access nodes, such as a gNodeB (gNB). The gNB may include one or more gNB distributed units (DUs) connected to one or more gNB centralized units (CUs).

The 5GC 102 may comprise the following network functions: a Network Slice Selection Function (NSSF); a Network Exposure Function (NEF) 105; a Network Repository Function (NRF); a Policy Control Function (PCF); a Unified Data Management (UDM) 106; Application Function(s) (AF(s)) 103; an Authentication Server Function (AUSF) 107; an Access and Mobility Management Function (AMF) 108; a Session Management Function (SMF) 109; and a user plane function (UPF) 110. FIG. 1 also shows the various interfaces (N1 , N2, etc.) that are implemented between the various elements of the system.

FIG. 2 illustrates an example of a control apparatus 200 for controlling/implementing a (network) function or a network entity of the access network 102 of FIG. 1 (e.g., the (R)AN 101 illustrated in FIG. 1 or a next-generation RAN (NG-RAN)). The control apparatus 200 may comprise at least one random access memory (RAM) 211a, at least on read only memory (ROM) 211 b, at least one processor 212, 213 and a network interface 214. The at least one processor 212, 213 may be coupled to the RAM 211a and the ROM 211 b. The at least one processor 212, 213 may be configured to execute software code 215. Execution of the software code 215 may, for example, cause the apparatus 200 to perform operations for controlling a (network) function of the access network 102. The software code 215 may be stored in the ROM 211 b. The control apparatus 200 may be interconnected with another control apparatus 200 for controlling another (network) function or another network entity of the access network 102. In some embodiments, each (network) function or each network entity of access network 102 is deployed or hosted on one control apparatus 200. In alternative embodiments, two or more (network functions) or network entities of the access network 102 may share one control apparatus.

FIG. 3 illustrates an example of a communication device 300, such as the UE 100 in FIG. 1 (e.g., terminal (device)). The communication device 300 may be implemented by any device capable of sending and receiving radio signals. Non-limiting examples of a communication device 300 comprise a mobile station (MS) or mobile device, such as a mobile phone or what is known as a ’smart phone’, a computer provided with a wireless interface card or other wireless interface facility (e.g., a USB (Universal Serial Bus) dongle), a personal data assistant (PDA) or a tablet provided with wireless communication capabilities, a machine-type communications (MTC) device, an Internet of things (loT) type communication device or any combinations of these or the like. The communication device 300 may comprise a transceiver for transmitting and/or receiving, for example, wireless signals carrying communications, for example radio signals. The communications may be one or more of voice, electronic mail (email), text messages, multimedia data, machine data and so on.

The communication device 300 may receive wireless signals (e g., radio signals) over an air or radio interface 307 via an appropriate apparatus for receiving and may transmit wireless signals via an appropriate apparatus for transmitting radio signals. In FIG. 3, the transceiver is designated schematically by block 306. The transceiver 306 may comprise, for example, a radio part and an associated antenna arrangement. The antenna arrangement may be arranged internally or externally to the communication device 300 and may comprise one or more antenna elements. The antenna arrangement may be a multi-input multi output (MIMO) antenna.

The communication device 300 may be implemented by at least one processor 301, at least one memory ROM 302a, at least one RAM 302b and other possible components 303 for use in software and hardware aided execution of tasks it is designed to perform, including control of access to and communications with the access network 102 (e.g., the (R)AN 101 in FIG. 1) and other communication devices. The at least one processor 301 is coupled to the RAM 302b and the ROM 302a. The at least one processor 301 may be configured to execute software code 308. The software code 308 may, for example, allow to perform one or more operations of the communication device 300. The software code 308 may be stored in the ROM 302a.

The processor, the ROM, and the RAM, the transceiver and other circuitry of the communication device (e.g., a modem) can be provided on a circuit board, in chipsets, or in a system on chip. The circuit board, chipsets or system on chip is denoted by reference 304. The communication device 300 may optionally have a user interface, such as keypad 305, a touch sensitive screen or a touch pad, combinations thereof or the like. Optionally one or more of a display, a speaker and a microphone may be provided depending on the type of communication device 300.

In some embodiments, a northbound Application Programming Interface (API) is used for communications between the NEF 105 and the AF 103 (see, e.g., 3GPP TS 29.522 V18.5.0 and 3GPP TS 29.517 V18.5.0). The northbound API is used, for example, for monitoring, device triggering, packet flow description management, AF sessions with QoS (Quality-of- Service), etc. The network system relies on the AF 103 to provision the QoS requirements over the northbound API. To provide a common reference model for API-based service provisioning in the network systems, a Common API Framework (CAPIF) for APIs is introduced. The CAPIF may provide mechanisms (e.g., publish service APIs, authorization, logging, charging) to support service API operations, enabling an interaction between the network and API invoker(s).

In some embodiments, a Network Data Analytics Function (NWDAF) collects data from one or more AFs 103 and such data collection introduces an API at the AF. The AF registers its available data to the NWDAF via Operation Administration and Maintenance (OAM) configuration at the NEF 105. The need for configuration via the OAM means that a discovery of the available data of the AF 103 is limited only to the AF 103 that may be configured via OAM and the discovery may not be made in a programmable way without an adaptation to a vendor specific OAM interface.

Regarding the programmability of exposure APIs: a configuration of {apiRoot} is partially addressed by the CAPIF for Northbound APIs in 3GPP TS 29.222 V18.5.0, where the {apiRoot} of discovered APIs may be constructed as described in 3GPP TS 29.222 V18.5.0, e.g., clause 5.2.2.2.2. The related contents in 3GPP TS 29.222 V18.5.0 clause 5.2.2.2.2 are reproduced below:

NOTE: The {apiRoot} part of the URI structure (defined in clause 5.2.4 of 3GPP TS 29. 122 [ 14]) for the discovered APIs can be constructed by the API invoker based on either the "domainName" attribute (which contains all the required information, e.g. FQDN or IP address, port, a deployment specific string in the form of a sequence of path segments) or the "interfaceDescri ptions" attribute of the AefProfile data type.

However, the functional model of CAPIF framework places the API provider within a PLMN domain which excludes an untrusted AF 103 (e.g., the AF 103 outside of the PLMN domain).

While the API at the AF 103 has been introduced in the network system architecture, the NEF 105 may need to be configured with available Afs 103 and supported events by the OAM. How such configuration of the NEF 105 is done becomes a topic to be discussed.

For example, the AF 103 is unknown to the network system until this AF 103 queries the API of the NEF 105. There is currently no means for the network to determine a suitable AF for a given service/PDU (protocol data unit) Session for the UE 101 in relevant 3GPP specification. The access to the northbound API of the NEF 105 is typically a subject of service level agreement (SLA). The API definition assumes that some parameters such as an NEF domain name, {apiRoot}, and certain API specific parameters (e.g. QoS reference) are defined as part of the SLA. However, deployments of application functions 103 in large regions or even globally may require negotiations between a large number of SLAs for the application providers and MNOs (Mobile Network Operators) in each region, thereby increasing integration efforts. These requirements basically limit use of the northbound API and the API at the AF 103 to deployments where the AF 103 resides in trusted domain of the MNO and specific use cases, for example, AF sessions with QoS requirements for IMS (IP Multimedia Subsystem), and the data collection by the NWDAF.

In 3GPP TS 29.122 V18.5.0 clauses 5.2.4.1 , the API URIs of APIs are defined as: {apiRoot}/<apiName>/<apiVersion>, wherein, "apiName" and "apiVersion" are set dependent on the API.

In the present disclosure, methods and/or apparatuses for provisioning and programmatic discovery of API provided by an API provider (e.g., AF103) residing outside of the trusted domain of PLMN are disclosed. For example, any AF 103 on the network/lnternet may provide an API which could be discovered programmatically and invoked by NFs in the PLMN domain (e.g., NWDAF in the MNO domain, or the trusted domain of the PLMN/MNO.

In the present disclosure, an API provider or an AF 103 (residing) outside of the trusted domain of PLMN, i.e. untrusted API provider or untrusted AF, refers to an API provider or an AF (residing) outside of MNO (trusted) domain or PLMN (trusted) domain of an API consumer (e.g., NWDAF).

In some embodiments, methods (and/or apparatuses) for programmability of APIs offered by a(n) (untrusted) AF 103 are provided with at least one of the following (means for):

1. provisioning, by a client application, of information about the AF APIs availability as well as necessary information needed for accessing the APIs is provided to the UE;

2. forwarding, by the UE, of the provisioned information to a network entity, e.g., using NAS (non-access stratum) SM (session management) signaling for a given DNN (data network name)/S-NSSAI (single Network Slice Selection Assistance Information);

3. determining, by the network entity, based on configured policies or thresholds when to invoke requests towards the AF APIs; and

4. invoking, by the network entity, requests towards the AF APIs, e.g., to acquire one or more of QoS requirements, QoE (Quality-of-Experience) feedback, (analytics) data collection and so on. In some embodiments for QoS APIs, an automatic management of the APIs (e.g., northbound interfaces) is proposed, leading to an autonomous configuration of an exchange of QoS/QoE information between the network element/entity and the AF when/if relevant network conditions require the QoS/QoE information. For example, if the network is under feasible/low load, the network may operate with a minimal subset of QoS information (e.g., based on a subscription or pre-configuration) or based on best effort congestion control without using the AF APIs. When/lf the network conditions change towards unfeasible load (e.g. flow bit rate lower than a pre-configured threshold for a minimum flow bit rate, or queue/buffer size exceeding a pre-configured value), the user plane nodes (e.g., RAN nodes or UPF) may need additional QoS configuration(s) to fine tune user plane operations and maximize use of the resources. Under such conditions, the network may request such additional information (e.g., QoS configuration) from the control plane network. The (control plane) network may request the additional QoS information and requirements from the AF 103 using the AF APIs. Note that, in some embodiments, some prior knowledge of the QoS requirements (e.g., based on operator’s pre-configuration) may be needed for the user plane operation (e.g., admission control to ensure the users admitted to the system can be served). In addition to or as an alternative, policies can be derived from user subscription indicating to the network entity that the AF APIs should be invoked for a given subscriber, domain network name, or a slice if the UE signals the availability of the AF API.

In some embodiments, any API on AF 103 related to a basic service of such API are fully standardized to minimize integration efforts. This does not preclude application provider specific extensions, which would require further integration.

Note that certain example implementations of the present disclosure assume that the API offered by the AF 103 is for QoS management (i.e., QoS API). However, the same implementation principles are applicable to other types of APIs for the northbound interface (e.g., APIs for QoE or APIs for data collection for analytics).

In some embodiments for the QoS API, many services can adopt to the underlaying network performance. For example, a video streaming service may switch between different image resolutions which may have significantly different requirements on the available network capacity, see FIG. 4 which shows video resolution and corresponding bit rate requirements according to an embodiment. In FIG. 4, the bit rate requirements for 4k (2160p), 1080p, 720p and 480p video are 20 Mbps, 5 Mbps, 2.5 Mbps and 1.1 Mbps, respectively. Similar adaptation capability is expected to be supported by XR. When/if a network is lightly loaded and/or there are sufficient resources to support high bit rates with low latency to the connected UEs, the network may not even need to know QoS requirements associated with the served flows. Considering the example of video streaming, the network can treat the flows as best effort services applying a fair scheduling while the users are being served 4K or Full HD video. In this case, the signaling from the AF 103 to the network (NEF 105/PCF) may not be required.

In some embodiments, the number of users in a cell may increase and the network resources could become overutilized or congested. Under such conditions, the knowledge of the QoS requirements becomes significantly more important, e.g., because the network can benefit from the knowledge of minimum required bit rate and latency the application requires to provide the minimum user experience.

In the present disclosure, methods and/or apparatuses for providing programable API to allow the network to acquire information (e.g., QoS requirements and/or QoE feedback, and/or collected analytic data) from untrusted AFs are disclosed. Two alternative implementations can be considered for the proposed programable API:

• In a first (Reactive) implementation: The network elements/entities trigger a request for the information, e.g., when/if they experience resource shortage and/or unfeasible load and/or when/if resource prioritization is needed.

• In a second (Proactive) implementation: The network elements/entities trigger a request for the information without the need for a related event or being under unfeasible load (i.e., there is no congestion in the network).

FIG. 5 shows a schematic diagram of a signaling flow according to an embodiment of the present disclosure. The signaling flow shown in FIG. 5 may reuse at least part of signaling procedures in the existing 5GS, such as PDU Session procedures (e.g., PDU session establishment or modification procedure), to provision necessary information to discover and use the AF API to the core network. The provisioned information may be used by network entities/functions (e.g., PCF and/or NEF and/or SMF) to directly contact the AF (via the core network). In addition, northbound interface signaling flow may also follow request/response framework in the existing 5G system, except that roles of the entities in the request/response framework are swapped. For example, unliked the request/response framework in the existing 5G system, the AF is the service producer and an NF in the core network is the service consumer.

Step 501 : An application session is established between the client application (C-App) at the UE side and the AF (e.g., server-side application). The AF provides the C-App with information about network host hosting QoS APIs. The AF may also generate a security token for authentication and authorization (e.g., “an access token”) of the network with the AF on behalf of the C-app. Note that, the QoS APIs are used for illustrations in this embodiment and can be other types of API in other embodiments.

Step 502: The C-App provides the API host information to the UE, the security details for authentication and authorization to the UE via operating system and 3GPP modem APIs.

In some embodiments, an identity of client application (C-App ID) is provided in step 502. That is the C-App ID may be provided from the C-APP to the UE. In other words, the UE may acknowledge the C-App ID. The C-App ID may be used for the queries towards the AF in addition to the access token to identify the client application if necessary.

In some embodiments, one or more application session identities may be provided in step 502 (e.g., from the C-App to the UE). The application session identities may be integrity protected or encrypted. For example, an application session identity may be associated with an application data flow such as a video stream or an audio stream.

In some embodiments, the C-App may provide one or more QoS rules for identification of QoS flows to the UE (e.g., UE’s 3GPP modem). The C-App may provide only a subset of parameters comprising QoS rule (e.g., QoS rule identifier, QoS flow identifier, packets filters, precedence value) depending on the API offered by the operating system and modem.

In some embodiments, it is assumed that the C-App provides at minimum packet filters to match application data flows for which a specific QoS treatment is required.

For the QoS API, each session identity could be associated with at least one QoS rule. The QoS rule may include a packet filter comprising a local IP address which may not be known to the AF, for example, because the local IP address is a private IP address and network address translation is performed on the communication path between the client application and the AF. If the network address translations are performed by the PLMN serving the UE, the network may use the session identities in the requests towards the AF in order to identify the application data flows correctly.

Specifically, the UE may request one or more QoS rules and one or more QoS flow description in a PDU session modification request. The QoS rules are used to define packet filters for service data flows, which are referred in the paragraph as sessions. The QoS flow descriptions are used to define QoS parameters for the QoS rules. The link between these two information elements is a QFI (QoS flow identifier).

In the present disclosure, the UE (e g., NAS layer of the UE) may include an element “session identity” in the PDU session modification request. The “session identity” is associated with at least one QoS rule which includes one or more filters to identify PDUs belonging to this application session.

When the network makes a request to the AF, the network uses the received session identity. If there are more than one application sessions between the C-App and the AF (server), the AF uses the session identity in addition to other input such as client ID, access token to determine QoS requirements.

In some embodiments, the request from the network to the AF needs to include the session identity when/if IPv4 is used and the UE is allocated a private address (e.g. 10.10.10.10) and the UPF performs network address translation, because the AF would not understand if the network provides the packet filter information received in the QoS rules unless the C-App would send the packet filter information to the AF.

Step 503: The UE provides the API host information, security token and optionally the C-App ID, application session identities and QoS rules to the control plane core network (CP-CN) as an application/DNN S-NSSAI specific container along with DNN/S-NSSAI (e.g., over NAS SM signaling to the SMF). The provided information may be used in various types of procedure (e.g., a UE-requested PDU session modification procedure. The network stores the information for later use. In some embodiments, the UE (i.e. , the modem) may receive only a subset of the information included in the QoS rule from the application. Information fields of QoS rule required in the communication with the CP-CN might need to be determined by the UE, e.g. QoS rule identifier if not received from the application.

Step 504: Network nodes involved in user plane operation (e.g., gNB-DU, gNB-CU, UPF) (illustrated in FIG. 5 as RAN and UP-CN) perform performance and congestion monitoring (e.g., buffer status, ECN field of IP header). When/if a congestion is detected (e.g. configured minimum bit rate per flow or UE bit rate cannot be achieved), the user plane network entity requests from a control plane network function (e.g. PCF, SMF) to provide QoS requirements information. In some embodiments, when requesting information to the network function, the user plane network entity may prioritize the flows to target based on the current load and the prior QoS knowledge available in the entity (e.g., scheduler determining how close it is to meet guarantee rates if known for the users it is serving). In some embodiments, the network node may determine that there is a congestion when/if one or more of the following events occur and/or based on one or more of the following parameters: a) a configured minimum per flow bit rate cannot be achieved for at least one flow; b) a configured minimum per UE bit rate cannot be achieved at least for one UE; c) a buffer size for a flow exceeds a configured value; d) Traffic queue build-up; e) Latency / reliability requirement not met; f) Number of UEs in a cell.

In some embodiments, the event of Traffic queue build-up may be that the number of packets waiting to be served in the queue are increasing, e.g., to exceed a threshold.

In some embodiments, the event of Traffic queue build-up may be that Number of UEs in a cell exceeds a threshold.

Steps 505a and 505b: In this embodiment, the user plane network entity (e.g., the RAN node and/or the UPF) makes a QoS requirements information request to a network function (e.g. PCF or SMF). The request includes or is associated with UE identity. The network function (e.g., PCF and/or SMF) checks whether the API information (API host, security token, [C-App ID]) for one or more AFs is available. The API information could be available locally in the network function or stored in a database (e.g., UDR and/or UDM).

Step 506: The network function then invokes the AF APIs (QoS API in this embodiment) to request QoS requirements for application flows using the provided security token and, optionally, C-App ID, the session identities and flow descriptions. The flow descriptions are derived by the CP-CN based on the received QoS rules and network configuration (e.g. network address configuration, which would mean that the CP-CN could translate the local identifiers (IP addresses and ports) to public identifiers).

In some embodiments, the AF may verify the service consumer identity. For example, the AF may require the network function (i. e. , the service consumer) to provide a domain name which is in the control of the network function. In some embodiments, the AF verify that the service consumer controls the domain name. The verification could be automated through challenges in a way similar to the mechanisms described for Automatic Certificate Management Environment. Step 507: The AF determines QoS flow descriptions and QoS requirements. The determination is based on the received application session identifiers which might be associated with flow descriptions. One application data flow identified by the application session identifier or a flow description may correspond to one QoS flow description for which QoS requirements are provided. As an alternative, the AF may aggregate multiple application data flows to one QoS flow for which QoS requirements are provided.

Step 508: The AF replies with QoS requirements per the flow description. In some embodiments, (QoS) flow description includes at least one of the following: a) one or more application session identifiers, or b) packet filters to match PDUs of the flow similar to QoS rule or Flowinfo (see, e.g., 3GPP 29.122 V18.5.0).

Step 509: Policy decision is taken based on the received QoS flow descriptions and QoS requirements.

Step 510: QoS flow information based on the policy decision is delivered to the RAN for the enforcement of the QoS. The QoS flow information may be also provided to the UE. In some embodiments, the QoS flow information provided to the UE and that provided to the RAN may be different. For example, the SMF may provide only the information relevant for UL flows to the UE (e.g., in NAS PDU Modification Command). In comparison, the SMF may provide to the RAN with both information for both UL and DL flows (e.g., as a part of NGAP (next generation application protocol) message).

Step 511 : N4 session is modified based on the QoS flow information and the policy decision is delivered to the UP-CN (e.g., UPF).

In FIG. 5, the core network of network system invokes the AF API upon/after receiving the request from a user plane entity (step 505a/505b). In some embodiments, the user plane entity transmits the request when/if the user plane entity detects the congestion (step 504).

FIG. 6 shows a schematic diagram of a process according to an embodiment of the present disclosure. In the process shown in FIG. 6, the network may proactively invoke the AF API (e.g., QoS API).

The process shown in FIG. 3 may comprise the following steps:

Steps 601 to 603: These steps can be referred to steps 501 to 503 in FIG. 5. Step 604: The CP-CN node (e.g., network function such as the SMF and/or PCF) determines, based on the availability of the API at the AF, to fetch QoS requirements and/or service information for known service data flows (e.g., L4S) or selected services which may include information about service data flows with associated QoS requirements.

Steps 605 and 606: These steps may be referred to steps 506 and 507 in FIG. 5. The QoS flow description and QoS requirements could describe service data flow(s) which could be applied to any session for this application (e.g. based on one or more source addresses and ports) allowing the core network to store the service information for future sessions.

Step 607. The AF responds with one or more of the following: service information, service data flows, and QoS requirements for each service data flow.

Step 608: The control plane core network entity may store the received service information, service data flow(s) description, and associated requirements for further sessions. The received information may be stored locally in a network function (e.g. PCF) or in a database (e.g. UDR and/or UDM).

Steps 609 to 611 : These steps can be referred to steps 509 to 511 in FIG. 5. The information received from the AF may trigger a PDU session modification procedure (e.g., step 610).

In some embodiments, the device (e.g., an operating system (OS) of the device) supports necessary API as for the UE requested PDU session modification procedure with requested QoS handling. As a result, the network is able to request the information from the AF when/if necessary for the internal optimization of QoS operation and resource allocation, if and/or when desirable.

In some embodiments, the network could gain access to information stored at the AF when/if the UE (or a group of UEs) has no active connection with the network. Similar to future background data transfer API available in 5G specification and extending its use to analyse in the network, how a service may impact the network performance before the PDU Session(s) are established or after PDU Session(s) release for postprocessing/charging.

In some embodiments, the network could access information about QoE measurements the Application has for a bulk of UEs consuming the same service (e.g., with the objective of enhancing the service provisioning) or learn service capabilities to optimize QoS operations (e.g., support for L4S operation, QoE metrics monitoring). In some embodiments, at least one of the following may occur at the UE side:

- Additional AF ID related attributes (along with security token) need to be included in the PDU Session procedures for the UE to signal to the core network;

- Additional application level logic to exchange the API host, C-App ID and the access security token for the retrieval of API information. For example, for QoS API case: service flow descriptions and QoS requirements for the service.

In some embodiments, at least one of the following may occur at the CN side:

- Logic to determine when to request additional attributes (based on a network situation as in reactive implementation or due to another internal trigger as in proactive implementation) via AF APIs. For example, for QoS API, the requested attributes may comprise at least QoS attributes or assistance information;

- Extend AF APIs to enable AF being service producer and the CN being service consumer. For example, the CN may be enabled to be a consumer to request QoS information from the AF.

In some embodiments, the following may occur at the Radio side:

- Logic to determine when to request additional attributes to the core network (based on a network situation as in reactive implementation or due to another internal trigger as in proactive implementation).

In some embodiments, the AF API may be utilized for collection of data by NWDAF from the untrusted AF.

In 3GPP TS 23.288 V18.5.0 clause 6.2.2.3, a procedure for data collection from AF by NWDAF via NEF for untrusted AF requires CAM configuration at the NEF. The QAM configuration is used to register collectable data at the AF. The AF collectable data information includes at least one of: AF identification, one or more AF apiRoot entries for AF service identification (e.g. endpoint information of Naf_EventExposure), available data to be collected per application (e.g. identified by Event ID(s)).

In the following embodiments shown in FIGS. 7a, 7b, 8a, 8b, 9a and 9b, the QAM configuration can be avoided. FIGS. 7a and 7b show schematic diagrams of a process according to an embodiment of the present disclosure. In FIGS. 7a and 7b, the NWDAF may have per application security token. Specifically, the process shown in FIGS. 7a and 7b comprises at least following steps:

Step 701 in FIG. 7a: An application session is established between the UE (e.g., a UE client application) and the AF (e.g., an application backend). The UE obtains at least one of: AF apiRoot, a security token, and an information about available data that can be collected from the AF. The security token can be generated for MCC and MNC pair. For example, the security token may be generated by the AF based on the MCC and MNC pair reported by the UE to the AF earlier. The NEF and the AF may use transport layer security mutual authentication procedure at or prior step 706. The NEF can then use the security token as an access token which is validated by the AF.

Step 702: The UE sends a NAS message to the SMF containing the AF apiRoot, security token, the information about the available data that can be collected from the AF.

Step 703: The SMF provides the information received from the AF in the NAS message to the NEF, e.g., by invoking Nnef_AfRegistration service.

Step 704a: After the registration of AF available data at the NEF, the NEF generates an event exposure with a new Event ID to be associated with available data to be collected from the AF. The NEF invokes Nnrf_NFManagement_NFUpdate_request service operation to update its registration information (i.e., NEF Profile) including the generated Event IDs and associated AF identification, Application ID(s) (i.e., internal application ID or Application ID known in the core network). The security token may be stored either locally by the NEF or the token could be also stored in the NRF.

Step 704b: The NRF stores the received NEF registration information including the available data to be collected from AF.

Step 704c: The NRF sends Nnrf_NFManagement_NFUpdate_response message to the NEF.

Step 704d: When/lf the NWDAF needs to discovery the available data from AFs and the appropriate NEF to collect the data, the NWDAF invokes Nnrf_NFDiscovery_Request_request service operation using as parameter the NEF NF Type and optionally a list of Event ID(s), AF identification and application ID. Step 704e: The NRF matches the requested query for available data in AFs with the registered NEF Profiles and sends this information via Nnrf_NFDiscovery_Request_response message to the NWDAF.

In some embodiments, after the registration and discovery procedure described in steps 704a to 704e, the NWDAF identifies the available data per AF per application and the proper NEF to collect such data.

Step 705 in FIG. 7b: The NWDAF subscribes to or cancels subscription to data in AF via NEF by invoking the Nnef_EventExposure_Subscribe or Nnef_EventExposure_Unsubscribe service operation. If the event subscription is authorized by the NEF, the NEF records the association of the event trigger and the NWDAF identity.

In some embodiments, user consent for retrieving user data in the AF via the NEF may be required for providing data to the NWDAF.

Step 706: Based on the request from the NWDAF, the NEF subscribes to or cancels subscription to data in AF by invoking the Naf_EventExposure_Subscribe/ Naf_EventExposure_Unsubscribe service operation. The NEF uses the security token when subscribing to the AF.

Step 707: If/When/After the NEF subscribes to data in AF, the AF notifies the NEF with the data by invoking Naf_EventExposure_Notify service operation according to Event Reporting Information in the subscription.

Step 708: If/When/After the NEF receives the notification from the AF, the NEF notifies the NWDAF with the data by invoking Nnef_EventExposure_Notify service operation.

FIGS. 8a and 8b shows a schematic diagram of a process according to an embodiment of the present disclosure. The process shown in FIGS. 8a and 8b is based on the process shown in FIGS. 7a and 7b with storing of user consent (e.g., security token) for retrieving user data in the AF to the UDM. The difference between the process shown in FIGS. 8a and 8b and that shown in FIGS. 7a and 7b may lie in that the security token is created by the AF for a particular user (e.g., UE), if the user (e.g., UE) has given consent.

Specifically, the process shown in FIGS. 8a and 8b comprises at least the following steps: Step 801 in FIG. 8a: An application session is established between the UE (e.g., a UE client application) and the AF (e.g., an application backend). The UE obtains AF apiRoot, a security token, and an information about available data that can be collected from the AF together with AF identity (AF ID). In some embodiments, the security token is generated for the user based on user’s consent. In some embodiments, the NEF and the AF may also use transport layer security mutual authentication procedure at or prior step 811 which would require that the NEF presents a certificate.

Step 802: The UE sends, to the SMF, a NAS message containing the AF ID, the AF apiRoot, the security token, and the information about the available data that can be collected from the AF.

Step 803: The SMF updates its context information with the AF ID and the security token in the UE context in the UDM by invoking the Nudm_UECM_Update service.

Step 804: The UDM sends the Nudm_UECM_Update response to the SMF.

Step 805: The SMF provides the AF ID and the information about the available data received from the AF in the NAS message to the NEF by invoking Nnef_AfRegistration service.

Step 806: The NEF responds the SMF, to report successful operation.

Step 807a. After the registration of the AF available data at the NEF, the NEF generates an event exposure with new Event ID to be associated with available data to be collected from the AF. The NEF invokes Nnrf_NFManagement_NFUpdate_request service operation to update its registration information (i.e., NEF Profile) including the generated Event IDs and associated AF identification, Application ID(s) (i.e., internal application ID or Application ID known in the core network).

Step 807b: The NRF stores the received NEF registration information including available data to be collected from AF.

Step 807c: The NRF sends Nnrf_NFManagement_NFUpdate_response message to the NEF.

Step 807d in FIG. 8b: When/lf the NWDAF needs to discovery the available data from AFs and the appropriate NEF to collect data, the NWDAF invokes Nnrf_NFDiscovery_Request_request service operation using as parameter the NEF NF Type and optionally a list of Event I D(s), AF identification and application ID.

Step 807e: The NRF matches the requested query for available data in AFs with the registered NEF Profiles and sends this information via Nnrf_NFDiscovery_Request_response message to the NWDAF.

In some embodiments, after the registration and discovery procedure described in steps 807a to 807e, the NWDAF identifies the available data per AF per application and the proper NEF to collect such data.

Step 808: The NWDAF requests the UE context to retrieve the AF ID and the security token for the user by invoking the Nudm_UECM_Get service.

Step 809: The NWDAF receives the AF ID and the security token as part of the UE context from the UDM.

In some embodiments, the NEF gets the UE context from the UDM after the NWDAF invoked the Nnef_EventExposure_Subscribe.

Step 810: The NWDAF subscribes to or cancels subscription to data in the AF via the NEF by invoking the Nnef_EventExposure_Subscribe or Nnef_EventExposure_Unsubscribe service operation. If the event subscription is authorized by the NEF, the NEF records the association of the event trigger and the NWDAF identity. The security token is provided to the NEF.

Step 811 : Based on the request from the NWDAF, the NEF subscribes to or cancels subscription to data in AF by invoking the Naf_EventExposure_Subscribe/ Naf_EventExposure_Unsubscribe service operation. If the NEF received the security token in step 10 then it uses it in the subscription towards the AF.

Step 812: If/When/After the NEF subscribes to data in AF, the AF notifies the NEF with the data by invoking Naf_EventExposure_Notify service operation according to Event Reporting Information in the subscription.

Step 813: If/When/After the NEF receives the notification from the AF, the NEF notifies the NWDAF with the data by invoking Nnef_EventExposure_Notify service operation. FIGS. 9a and 9b shows a schematic diagram of a process according to an embodiment of the present disclosure. In the process shown in FIGS. 9a and 9b, the SMF registers the AF to the NRF on behave of the AF. In comparison, the NEF updates its profile in the NRF in the embodiments shown in FIGS. 7a, 7b, 8a and 8b.

Specifically, the process shown in FIGS. 9a and 9b comprises at least the following steps:

Step 901 in FIG. 9a: An application session is established between the UE (e.g., a UE client application) and the AF (e.g., an application backend). The UE obtains universally unique identifier of the AF instance (uuid), AF apiRoot, a security token, and an information about available data that can be collected from the AF together with AF identity (AF ID). In some embodiments, the security token is generated for the user based on user’s consent. In Some embodiments, the NEF and the AF may also use transport layer security mutual authentication procedure at or prior step 911.

Step 902: The UE sends, to the SMF, a NAS message containing the uuid, the AF ID, the AF apiRoot, the security token, the available data.

Step 903: The SMF registers the AF in the NRF using the uuid, the AF ID and the information about the available data received from the UE in the NAS message. In some embodiments, the AF profile may also include information about slice or data network (e.g., data network name (DNN)), so that a corresponding NEF can be found in step 909, if needed.

Step 904: The NRF responds the SMF, to report successful operation.

Step 905: The SMF updates its context information with the AF ID and the security token to the UDM.

Step 906: The UDM sends the Nudm_UECM_Update response to the SMF.

Step 907: The NWDAF has subscribed for notification when/if NF with “AF” type is registered to the NRF. The subscription may include some filter information, for example, type of API supported by the AF or available data. The NWDAF is notified about the AF registration.

Steps 908a and 908b: The NWDAF discovers the AF. Steps 909a and 909b in FIG. 9b: If the NWDAF cannot communicate directly with the AF, the NWDAF discovers a suitable NEF through which the AF communication can be done. For example, the NEF could be registered in the NRF including the associated slice or data network name.

Step 910: The NWDAF requests the UE context to retrieve the AF ID and the security token for the user by invoking the Nudm_UECM_Get service.

Step 911 : The NWDAF receives the AF ID and the security token as part of the UE context from the UDM.

As an alternative, the NEF gets the UE context from the UDM after the NWDAF invoked the Nnef_EventExposure_Subscribe.

Step 912: The NWDAF subscribes to or cancels subscription to data in the AF via the NEF by invoking the Nnef_EventExposure_Subscribe or Nnef_EventExposure_Unsubscribe service operation. If the event subscription is authorized by the NEF, the NEF records the association of the event trigger and the NWDAF identity. In some embodiments, the security token is provided to the NEF.

Step 913: Based on the request from the NWDAF, the NEF subscribes to or cancels subscription to data in the AF by invoking the Naf_EventExposure_Subscribe/ Naf_EventExposure_Unsubscribe service operation. If the NEF received the security token in step 910, the NEF uses the security token in the subscription towards the AF.

Step 914: If/When/After the NEF subscribes to data in AF, the AF notifies the NEF with the data by invoking Naf_EventExposure_Notify service operation according to Event Reporting Information in the subscription.

Step 915: IfA/Vhen/After the NEF receives the notification from the AF, the NEF notifies the NWDAF with the data by invoking Nnef_EventExposure_Notify service operation.

FIG. 10 shows a flowchart of a method according to an embodiment of the present disclosure. The method shown in FIG. 9 may be used/applied in a terminal device/UE and comprises the following steps: Step 1001 : Receive, from an AF via establishing an application session with the AF, information associated with accessing the AF.

Step 1002: Provide, to a control plane network entity of a serving network of the UE, the information.

In FIG. 10, the UE establishes an application session with an AF. During/After/Via/By establishing the application session, the UE (e.g., C-App of the application session) receives (attribute) information associated with accessing an AF from the AF. The UE provides the received information to a control plane network entity of a serving network of the UE, e.g., via the application session. Note that, in this embodiment, the AF is in an untrusted network separated from the serving network of the UE. That is the AF is an untrusted AF and/or the AF is outside of a trusted domain of the serving network and/or the AF is outside of the serving network of the UE. The information comprises an identifier of an interface (e.g., API) of the AF. As a result, the control plane network entities are able to access the AF (via the interface) and/or to request information from the AF (via the interface). Note that the control plane network entity receiving the information may be different from the control plane network entity accessing the AF. For example, the SMF may receive the information and store the information in the UDM. If the NWDAF needs to collect information from the AF, the NWDAF may acquire the information from the UDM.

In some embodiments, step 1001 may mean that the application session is established for transmitting the information associated with accessing the AF from the AF to the UE or the information associated with accessing the AF from the AF to the UE using the application session.

In some embodiments, the identifier of the interface of the AF comprises a configuration of {apiRoot} of the interface.

In some embodiments, the information associated with accessing the AF further comprises at least one of the following: an identifier of the AF; an access security token for retrieving user data of the UE from the AF; an application identity of a C-App associated with the application session; at least one application session identity associated with at least one data flows of the C-App; at least one QoS rule, information of data available for being collected from the AF; or a universally unique identifier of the AF.

In some embodiments, the information of data available for being collected from the AF refers to an enumeration type which defines what type of events the AF exposes (see, e.g., Table 5.6.3.3-1 : Enumeration AfEvent of 3GPP TS 29.517 V18.5.0).

In some embodiments, the information of data available for being collected from the AF comprises at least one of the following:

Service Experience information for an application;

UE mobility information;

UE communication information;

Exceptions information;

User Data Congestion information;

Collective Behaviour information;

Dispersion information;

Performance Data information;

End-to-end data volume transfer time information;

Media Streaming QoE metrics.

In some embodiments, the information is provided to the control plane network entity in a non- access stratum (NAS) message.

FIG. 11 shows a flowchart of a method according to an embodiment of the present disclosure. The method shown in FIG. 11 may be used/applied in an AF (e.g., an apparatus comprising an AF) and comprises the following step:

Step 1101 : Provide, to the terminal device, information associated with accessing the AF.

In FIG. 11, the AF provides information associated with accessing the application function to a terminal device/UE (e.g., C-App in the UE). In this embodiment, the application function is in an untrusted network of a serving network of the UE. In addition, the information comprises an identifier of an interface (e.g. API) of the AF.

In some embodiments, the identifier of the interface of the AF comprises a configuration of {apiRoot} of the interface. In some embodiments, the information further comprises at least one of the following: an identifier of the AF; an access security token for retrieving user data of the UE from the AF; an application identity of a C-App of the UE; at least one application session identity associated with at least one data flows of the C-App; at least one QoS rule, information of data available for being collected from the AF; or a universally unique identifier of the AF.

In some embodiments, the AF provides the information to C-APP of the application session. That is the information is transmitted in application layer.

In some embodiments, the AF receives a first request for information associated with at least one data flow or at least one application session from a control plane network entity via the interface. In response to the first request, the AF (collects and) provides the information associated with the at least one data flow or the at least one application session to the control plane network entity via the interface,

In some embodiments, the AF receives a subscription request of subscribing to information associated with at least one data flow or at least one application session from a control plane network entity via the interface. The AF provides, to the control plane network entity via the interface, an acknowledgement message in response to the subscription request and a notification comprising the information associated with the at least one data flow or the at least one application session.

In some embodiments, the information associated with the at least one data flow or the at least one application session comprises at least one of: at least one QoS rule for the at least one data flow or the at least one application session; or statistic data associated with the at least one data flow or the at least one application session.

FIG. 12 shows a flowchart of a method according to an embodiment of the present disclosure. The method shown in FIG. 12 may be used/applied in an apparatus (e.g., a control plane network entity (e.g., SMF) or a device/apparatus comprising a control plane network entity) and comprises the following step: Step 1201 : Receive, from a terminal device, information associated with accessing an AF.

In FIG. 12, the apparatus receives information associated with accessing an AF from a terminal device (e.g., UE), wherein the AF is in an untrusted network of a serving network of the terminal device. In this embodiment, the information comprises an identifier of an interface (e.g., API) of the AF. Based on/Using the information, the apparatus and/or other control plane network entity is able to access the AF via the interface and to request information/data from the AF.

In some embodiments, the information further comprises at least one of the following: an identifier of the AF; an access security token for retrieving user data of the UE from the AF; an application identity of a C-App of the UE; at least one application session identity associated with at least one data flows of the C-App; at least one QoS rule, information of data available for being collected from the AF; or a universally unique identifier of the AF.

In some embodiments, the information is received in a NAS message.

In some embodiments, the apparatus provides a first request for information associated with at least one data flow or at least one application session to the AF via the interface (e.g., using the information). The apparatus may receive the information associated with the at least one data flow or the at least one application session from the AF via the interface of the AF,

In some embodiments, the apparatus provides the first request to the AF via the interface if/when/after receiving a second request for the information associated with the at least one data flow or the at least one application session from a user plane network entity (see, e.g., FIG. 5).

In some embodiments, the user plane network entity comprises a RAN node (e.g., gNB) or a UPF. In some embodiments, the apparatus provides the first request to the AF via the interface if/when/after determining that at least one fetch event occurs (see, e.g., FIG. 6).

In some embodiments, the apparatus causes a subscription request of subscribing to information associated with at least one data flow or at least one application session to be provided to the AF via the interface. The apparatus may receive, from the application function, an acknowledgement message in response to the subscription request and/or a notification comprising the information associated with the at least one data flow or the at least one application session.

In some embodiments, the information associated with the at least one data flow comprises at least one of: at least one QoS rule for the at least one data flow or the at least one application session; or statistic data associated with the at least one data flow or the at least one application session.

In some embodiments, the apparatus provides (e.g., stores/updates) the information associated with accessing the AF to at least one of an NEF or an NRF. For example, the information is provided to the NEF or the NRF in a registration request for the AF.

In some embodiments, the apparatus provides (e.g., stores/updates) at least part of the information to a UDM. For example, the part of the information provided to the UDM may comprise at least one of the following: an identifier of the AF; an access security token for retrieving user data of the terminal device.

The at least part of the information may be provided to the UDM in a user context update request for the terminal device.

FIG. 13 shows a schematic representation of non-volatile memory media 1300a (e.g., computer disc (CD) or digital versatile disc (DVD)) and 1300b (e.g. universal serial bus (USB) memory stick) storing instructions and/or parameters 1302 which when executed by a processor allow the processor to perform one or more of the steps of the method of FIGS. 10 to 12. It is understood that references in the above to various network functions (e.g., to an AMF, an SMF, TNF etc.) may be implemented by apparatus that perform at least some of the functionalities associated with those network functions. Further, an apparatus configured to implement a network function may further be configured to implement a virtual network function instance of that network function.

In some examples, an apparatus may be, comprise or be configured to implement a network function, such as an AF, NEF, UDM/UDR, AMF etc. In the present disclosure, the apparatus being/comprising/configured to implement a network function may refer to an apparatus/device configured to provide/perform at least part of functionalities of that network function.

It should be understood that the apparatuses may comprise or be coupled to other units or modules etc., such as radio parts or radio heads, used in or for transmission and/or reception. Although the apparatuses have been described as one entity, different modules and memory may be implemented in one or more physical or logical entities.

It is noted that whilst some example embodiments have been described in relation to 5G networks, similar example embodiments can be applied in relation to other networks and communication systems. Therefore, although certain example embodiments were described above by way of example with reference to certain example architectures for wireless networks, technologies and standards, further example embodiments may be applied to any other suitable forms of communication systems than those illustrated and described herein.

It is also noted herein that there are several variations and modifications which may be made to the various example embodiments described herein without departing from the scope of this disclosure.

As used herein, “at least one of the following: <a list of two or more elements>” and “at least one of <a list of two or more elements*” and similar wording, where the list of two or more elements are joined by “and” or “or”, mean at least any one of the elements, or at least any two or more of the elements, or at least all the elements. As used herein, the expression “and/or” includes any and all combinations of the listed terms, including at least any one of the elements, at least any two or more of the elements, or at least all of the elements.

As used herein, the term “or” refers to a non-exclusive “or” unless otherwise indicated (e.g., use of “or else” or “or in the alternative”). As used herein, unless stated explicitly, performing a step “in response to A” does not indicate that the step is performed immediately after “A” occurs and one or more intervening steps may be included. Analogously, performing a step or functionality “based on A” does not indicate that the step or functionality is performed solely based on “A” as one or more additional conditions may be included.

In general, the various embodiments may be implemented in hardware or special purpose circuitry, software, logic or any combination thereof. Some aspects of the disclosure may be implemented in hardware, while other aspects may be implemented in firmware or software which may be executed by a controller, microprocessor or other computing device, although the disclosure is not limited thereto. While various aspects of the disclosure may be illustrated and described as block diagrams, flow charts, or using some other pictorial representation, it is well understood that these blocks, apparatus, systems, techniques or methods described herein may be implemented in, as non-limiting and illustrative examples, hardware, software, firmware, special purpose circuits or logic, general purpose hardware or controller or other computing devices, or some combination thereof.

As used herein, the term “circuitry” may refer to one or more or all of the following:

(a) hardware-only circuit implementations (such as implementations in only analog and/or digital circuitry) and

(b) combinations of hardware circuits and software, such as (as applicable):

(i) a combination of analog and/or digital hardware circuit(s) with software/firmware and

(ii) any portions of hardware processor(s) with software (including digital signal processor(s)), software, and memory(ies) that work together to cause an apparatus, such as a mobile phone or server, to perform various functions) and

(c) hardware circuit(s) and or processor(s), such as a microprocessor(s) or a portion of a microprocessor(s), that utilizes software (e.g., firmware) for operation, but the software may not be present when it is not utilized for operation.”

This definition of circuitry applies to all uses of this term herein, including in any claims. As a further example, as used herein, the term circuitry also covers an implementation of merely a hardware circuit or processor (or multiple processors) or portion of a hardware circuit or processor and its (or their) accompanying software and/or firmware. The term circuitry also covers, for example and if applicable to the particular claim element, a baseband integrated circuit or processor integrated circuit for a mobile device or a similar integrated circuit in server, a cellular network device, or other computing or network device. The embodiments of this disclosure may be implemented by computer software executable by a data processor of the mobile device, such as in the processor entity, or by hardware, or by a combination of software and hardware. Computer software or program, also called program product, including software routines, applets and/or macros, may be stored in any apparatus-readable data storage medium and they comprise program instructions to perform particular tasks. A computer program product may comprise one or more computerexecutable components which, when the program is run, are configured to carry out embodiments. The one or more computer-executable components may be at least one software code or portions of it.

Further in this regard it should be noted that any blocks of the logic flow as in the FIGs. may represent program steps, or interconnected logic circuits, blocks and functions, or a combination of program steps and logic circuits, blocks and functions. The software may be stored on such physical media as memory chips, or memory blocks implemented within the processor, magnetic media, such as hard disk or floppy disks, and optical media, such as DVD and the data variants thereof, CD. The physical media is a non-transitory media.

The term “non-transitory,” as used herein, is a limitation of the medium itself (e.g., tangible, not a signal) as opposed to a limitation on data storage persistency (e.g., RAM vs. ROM).

The memory may be of any type suitable to the local technical environment and may be implemented using any suitable data storage technology, such as semiconductor based memory devices, magnetic memory devices and systems, optical memory devices and systems, fixed memory and removable memory. The data processors may be of any type suitable to the local technical environment, and may comprise one or more of general purpose computers, special purpose computers, microprocessors, digital signal processors (DSPs), application specific integrated circuits (ASIC), FPGA, gate level circuits and processors based on multi core processor architecture, as non-limiting examples.

Various example embodiments of the disclosure may be practiced in various components, such as integrated circuit modules. The design of integrated circuits is by and large a highly automated process. Complex and powerful software tools are available for converting a logic level design into a semiconductor circuit design ready to be etched and formed on a semiconductor substrate. The scope of protection sought for various example embodiments of the disclosure is set out by the independent claims. The example embodiments and features thereof, if any, described in this disclosure that do not fall under the scope of the independent claims are to be interpreted as examples useful for understanding various example embodiments of the disclosure.

The foregoing description has provided, by way of non-limiting and illustrative examples, a full and informative description of the various example embodiments of this disclosure. However, various modifications and adaptations may become apparent to those skilled in the relevant arts in view of this disclosure, when read in conjunction with the drawings and the claims.

However, all such and similar modifications of the teachings will still fall within the various example embodiments of this disclosure. By way of non-limiting and illustrative example, there is a further example embodiment comprising a combination of one or more example embodiments with any of the other example embodiments previously discussed.

Claims

1. A terminal device, comprising means for performing: receiving, from an application function via establishing an application session with the application function, information associated with accessing the application function; and providing, to a control plane network entity of a serving network of the terminal device, the information associated with accessing the application function; wherein the application function is in an untrusted network separated from the serving network of the terminal device; and wherein the information associated with accessing the application function comprises an identifier of an interface of the application function.

2. The terminal device of claim 1 , wherein the identifier of the interface of the application function comprises a configuration of {apiRoot} of the interface.

3. The terminal device of claim 1 or 2, wherein the information further comprises at least one of the following: an identifier of the application function; an access security token for retrieving user data of the terminal device from the application function; an application identity of a client application of the application session; at least one application session identity associated with at least one data flows of the client application; at least one quality-of-service rule, information of data available for being collected from the application function; or a universally unique identifier of the application function.

4. The terminal device of any of claims 1 to 3, wherein the means for performing receiving, from the application function via establishing the application session with the application function, the information associated with accessing the application function is for: receiving, from a client application of the application session, the information associated with accessing the application function.

5. The terminal device of any of claims 1 to 4, wherein the information is provided to the control plane network entity in a non-access stratum message.

6. An apparatus comprising an application function, wherein the apparatus comprising means for performing: providing, to a terminal device via establishing an application session with the terminal device, information associated with accessing the application function, wherein the application function is in an untrusted network of a serving network of the terminal device; and wherein the attribute information comprises an identifier of an interface of the application function.

7. The apparatus of claim 6, wherein the identifier of the interface of the application function comprises a configuration of {apiRoot} of the interface.

8. The apparatus of claim 6 or 7, wherein the information further comprises at least one of the following: an identifier of the application function; an access security token for retrieving user data of the terminal device from the application function; an application identity of a client application of the terminal device; at least one application session identity associated with at least one data flows of the client application; at least one quality-of-service rule, information of data available for being collected from the application function; or a universally unique identifier of the application function.

9. The apparatus of any of claims 6 to 8, wherein the means for performing providing, to the terminal device via establishing the application session with the terminal device, the information associated with accessing the application function is for: providing, to a client application of the application session, the information associated with accessing the application function.

10. The apparatus of any of claims 6 to 9, further comprising means for performing: receiving, from a control plane network entity via the interface, a request for information associated with at least one data flow or at least one application session; and providing, to the control plane network entity via the interface, the information associated with the at least one data flow or the at least one application session.

11 . The apparatus of any of claims 6 to 9, further comprising means for performing: receiving, from a control plane network entity via the interface, a subscription request of subscribing to information associated with at least one data flow or at least one application session; providing, to the control plane network entity via the interface, an acknowledgement message in response to the subscription request; and providing, to the control plane network entity via the interface, a notification comprising the information associated with the at least one data flow or the at least one application session.

12. The apparatus of claim 10 or 11 , wherein the information associated with the at least one data flow or the at least one application session comprises at least one of: at least one quality-of-service rule for the at least one data flow or the at least one application session; or statistic data associated with the at least one data flow or the at least one application session.

13. An apparatus, comprising means for performing: receiving, from a terminal device, information associated with accessing an application function, wherein the application function is in an untrusted network of a serving network of the terminal device; and wherein the information comprises an identifier of an interface of the application function.

14. The apparatus of claim 13, wherein the identifier of the interface of the application function comprises a configuration of {apiRoot} of the interface.

15. The apparatus of claim 13 or 14, wherein the information associated with accessing the application function further comprises at least one of the following: an identifier of the application function; an access security token for retrieving user data of the terminal device; an application identity of a client application of the terminal device; at least one application session identity associated with at least one data flows of the client application; at least one quality-of-service rule, information of data available for being collected from the application function; or a universally unique identifier of the application function.

16. The terminal device of any of claims 13 to 15, wherein the information is received in a non-access stratum message.

17. The apparatus of any of claims 13 to 16, further comprising means for performing: providing, to the application function via the interface of the application function, a first request for information associated with at least one data flow or at least one application session; and receiving, from the application function via the interface of the application function, the information associated with the at least one data flow or the at least one application session.

18. The apparatus of claim 17, wherein the means for performing providing, to the application function via the interface of the application function, the first request for the information associated with the at least one data flow or the at least one application session is for: receiving, from a user plane network entity, a second request for the information associated with the at least one data flow or the at least one application session; and providing, to the application function via the interface of the application function, the first request for the information associated with the at least one data flow or the at least one application session.

19. The apparatus of claim 18, wherein the user plane network entity comprises a radio access network node or a user plane function.

20. The apparatus of claim 17, wherein the means for performing providing, to the application function via the interface of the application function, the first request for the information associated with the at least one data flow is for: determining that at least one fetch event occurs, and providing, in response to the determination of that the at least one fetch event occurs, the first request for the information associated with the at least one data flow to the application function via the interface of the application function.

21 . The apparatus of any of claims 13 to 16, further comprising means for performing: causing a subscription request of subscribing to information associated with at least one data flow or at least one application session to be provided to the application function via the interface; receiving, from the application function, an acknowledgement message in response to the subscription request; and receiving, from the application function via the interface, a notification comprising the information associated with the at least one data flow or the at least one application session.

22. The apparatus of any of claims 17 to 21 , wherein the information associated with the at least one data flow comprises at least one of: at least one quality-of-service rule for the at least one data flow or the at least one application session; or statistic data associated with the at least one data flow or the at least one application session.

23. The apparatus of any of claims 13 to 22, further comprising means for performing: providing, to at least one of a network exposure function or a network repository function, the information associated with accessing the application function.

24. The apparatus of any of claims 13 to 23, further comprising means for performing: providing, to a user data management entity, at least part of the information associated with accessing the application function.