[go: up one dir, main page]

WO2025211365A1 - Method performed by user equipment, method performed by first core network device, user equipment, and first core network device - Google Patents

Method performed by user equipment, method performed by first core network device, user equipment, and first core network device

Info

Publication number
WO2025211365A1
WO2025211365A1 PCT/JP2025/013362 JP2025013362W WO2025211365A1 WO 2025211365 A1 WO2025211365 A1 WO 2025211365A1 JP 2025013362 W JP2025013362 W JP 2025013362W WO 2025211365 A1 WO2025211365 A1 WO 2025211365A1
Authority
WO
WIPO (PCT)
Prior art keywords
supi
akma
network
message
dual
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
PCT/JP2025/013362
Other languages
French (fr)
Inventor
Kundan Tiwari
Toshiyuki Tamura
Iskren Ianev
Jasmina MCMENAMY
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
NEC Corp
Original Assignee
NEC Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by NEC Corp filed Critical NEC Corp
Publication of WO2025211365A1 publication Critical patent/WO2025211365A1/en
Pending legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Definitions

  • the present disclosure relates to a method of a User Equipment (UE), a method of a core network communication apparatus etc.
  • UE User Equipment
  • the Dual Steer device shall be able to handle user data (for different services) across two 3GPP accesses.
  • the following requirements are captured for the Dual Steer device in 3GPP 22.261 [2]: - a subscriber with two subscriptions/SUPIs, sharing one subscription profile from the same operator; - for simultaneous transmission over two networks, a Dual Steer device is assumed to include two separate UEs.
  • the AKMA shall use the UE subscription and the credentials used for 5G access.
  • Dual Steer device uses the AKMA function for providing a security to applications, it is unclear which subscription/SUPI to be used for AKMA function, as there might be two subscriptions/SUPIs associated to the Dual Steer device.
  • the Dual Steer device uses a security key to an application derived from a SUPI while the application server in an external network uses a security key derived from another SUPI, then the security function in the application does not work as security keys are different between the application client in the Dual Steer device and the application server. This security key mismatch leads to out of service to the end users for all applications in the application server.
  • 3GPP should define an overall architecture that makes a cross feature functioning possible between the Dual Steer function and AKMA function together.
  • the present disclosure provide a method performed by a user equipment (UE), a method performed by a first core network (CN) device, a user equipment (UE), and a first core network (CN) device.
  • UE user equipment
  • CN core network
  • the disclosure provides a method performed by a user equipment (UE), the method comprising: having a first Subscription Permanent Identifier (SUPI) and a second SUPI; sending, to a first core network (CN) device, a first request message comprising first information related to multiple Authentication and Key Management for Applications (AKMA); and receiving, from the first CN device, a first response message comprising a first AKMA for the first SUPI and/or a second AKMA for the second SUPI.
  • SUPI Subscription Permanent Identifier
  • AKMA Authentication and Key Management for Applications
  • the disclosure provides a method performed by a first core network (CN) device, the method comprising: receiving, from a user equipment (UE) having a first Subscription Permanent Identifier (SUPI) and a second SUPI, a first request message comprising first information related to multiple Authentication and Key Management for Applications (AKMA); sending, to the UE, a first response message comprising a first AKMA for the first SUPI and/or a second AKMA for the second SUPI.
  • a first core network (CN) device comprising: receiving, from a user equipment (UE) having a first Subscription Permanent Identifier (SUPI) and a second SUPI, a first request message comprising first information related to multiple Authentication and Key Management for Applications (AKMA); sending, to the UE, a first response message comprising a first AKMA for the first SUPI and/or a second AKMA for the second SUPI.
  • UE user equipment
  • SUPI Subscription Permanent Identifier
  • AKMA Authentication and Key
  • the disclosure provides a user equipment (UE) comprising: one or more memories storing instructions; and one or more processors configured to process the instructions to control the UE to: have a first Subscription Permanent Identifier (SUPI) and a second SUPI; send, to a first core network (CN) device, a first request message comprising first information related to multiple Authentication and Key Management for Applications (AKMA); and receive, from the first CN device, a first response message comprising a first AKMA for the first SUPI and/or a second AKMA for the second SUPI.
  • SUPI Subscription Permanent Identifier
  • AKMA Authentication and Key Management for Applications
  • the disclosure provides a first core network (CN) device comprising: one or more memories storing instructions; and one or more processors configured to process the instructions to control the first CN to: receive, from a user equipment (UE) having a first Subscription Permanent Identifier (SUPI) and a second SUPI, a first request message comprising first information related to multiple Authentication and Key Management for Applications (AKMA); send, to the UE, a first response message comprising a first AKMA for the first SUPI and/or a second AKMA for the second SUPI.
  • UE user equipment
  • SUPI Subscription Permanent Identifier
  • AKMA Authentication and Key Management for Applications
  • a method performed by a user equipment (UE), a method performed by a first core network (CN) device, a user equipment (UE), and a first core network (CN) device are provided.
  • Fig. 1 is a Signaling diagram of a First example of the First Aspect.
  • Fig. 2 is a Signaling diagram of a Variant 1 of the Signaling diagram of the First example of the First Aspect.
  • Fig. 3 is a Signaling diagram of a Variant 2 of the Signaling diagram of the First example of the First Aspect.
  • Fig. 4 is a Signaling diagram of a Second example of the First Aspect.
  • Fig. 5 is a Signaling diagram of a Third example of the First Aspect.
  • Fig. 6 is a Signaling diagram of a Fourth example of the First Aspect.
  • Fig. 7 is a Signaling diagram of a Fifth example of the First Aspect.
  • Fig. 8 is a Signaling diagram of a Fifth example of the First Aspect.
  • Fig. 1 is a Signaling diagram of a First example of the First Aspect.
  • Fig. 2 is a Signaling diagram of a Variant 1 of the Signaling diagram of the First example of the
  • FIG. 9 is an Architecture supporting AKMA applicability information management of a First example of a Second Aspect.
  • Fig. 10 is a data model of AKMA applicability information in Traffic descriptor in a First example of a Second Aspect.
  • Fig. 11 is a data model of AKMA applicability information in route Selectin Descriptor in a First example of a Second Aspect.
  • Fig. 12 is a Signaling diagram of a Second example of the Second Aspect.
  • Fig. 13 is a diagram illustrating a system overview.
  • Fig. 14 is a block diagram illustrating a UE.
  • Fig. 15 is a block diagram illustrating an (R)AN node.
  • FIG. 16 is a diagram illustrating System overview of (R)AN node based on O-RAN architecture.
  • Fig. 17 is a block diagram illustrating an RU.
  • Fig. 18 is a block diagram illustrating a DU.
  • Fig. 19 is a block diagram illustrating a CU.
  • Fig. 20 is a block diagram illustrating an AMF.
  • Fig. 21 is a block diagram illustrating an SMF.
  • Fig. 22 is a block diagram illustrating a UPF.
  • Fig. 23 is a block diagram illustrating a PCF.
  • Fig. 24 is a block diagram illustrating an NWDAF.
  • Fig. 25 is a block diagram illustrating a UDM.
  • Fig. 26 is a block diagram illustrating an AUSF.
  • Fig. 17 is a block diagram illustrating an RU.
  • Fig. 18 is a block diagram illustrating a DU.
  • Fig. 19 is a block diagram illustrating CU.
  • FIG. 27 is a block diagram illustrating an AAnF.
  • Fig. 28 is a block diagram illustrating an NRF.
  • Fig. 29 is a block diagram illustrating an NEF.
  • Fig. 30 is a block diagram illustrating an UDR.
  • Fig. 31 is a block diagram illustrating an BSF.
  • Fig. 32 is a block diagram illustrating an AF.
  • Fig. 33 is a block diagram illustrating an AP.
  • Fig. 34 is a block diagram illustrating an NAF.
  • 3GPP TR 21.905 "Vocabulary for 3GPP Specifications”.
  • 3GPP TS 22.261 “Service requirements for the 5G system Stage 1”.
  • V19.5.0 (2023-12) [3]
  • 3GPP TS 33.535 "Authentication and Key Management for Applications (AKMA) based on 3GPP credentials in the 5G System (5GS)”.
  • AKMA Authentication and Key Management for Applications
  • GAA Generic Authentication Architecture
  • GBA Generic Bootstrapping Architecture
  • each of Aspects and elements included in the each of Aspects described below may be implemented independently or in combination with any other. These Aspects include novel characteristics different from one another. Accordingly, these Aspects contribute to achieving objects or solving problems different from one another and contribute to obtaining advantages different from one another.
  • An example object of this disclosure is to provide a method and apparatus that can solve the above-mentioned problem.
  • AF 201 in all examples in the First Aspect may be replaced with the AP 202 in case where an Authentication Proxy (AP) is deployed in operator's network.
  • AP Authentication Proxy
  • This example discloses an architecture to support the AKMA function for the Dual Steer devices with two or more USIMs by managing multiple AKMA keys in both Dual Steer device 3 and AF 201.
  • AF 201 has multiple AKMA keys
  • the AF 201 can adapt a right AKMA key to an Application Session Establishment Request from Dual Steer device 3 with any valid A-KID (AKMA Key Identifier).
  • Fig. 1 discloses the Deriving AKMA key after primary authentication during the Registration procedure (starting with step 3 in Fig. 1)
  • the Deriving AKMA key after primary authentication procedure can be triggered by any other event.
  • the primary authentication triggered by Session Establishment procedure the home network triggered primary authentication procedure as defined in 3GPP TS 33.501 [7].
  • Dual Steer device 3 can manage multiple AKMA keys and choose (or switch to) one AKMA key that is to be applied for an application-level security for a communication with the AF 201.
  • the AKMA for dual steer supported indicator indicates that Dual Steer device 3 with the User ID supports the AKMA function regardless of Dual Steer function that Dual Steer device 3 supports.
  • Dual Steer device 3 indicates the UE capability in general whether UE 3 support the AKMA function or not.
  • Step 2 AMF 70 sends an Nausf_UEAuthentication_Authenticate Request message to the AUSF 7601 in HPLMN including at least one of User ID, and AKMA for dual steer supported indicator.
  • step 1 in the First scenario in First example of the First Aspect for parameter details.
  • Step 3 Upon reception of the Nausf_UEAuthentication_Authenticate Request message from the AMF 70, the AUSF 7601 sends an Nudm_UEAuthentication_Get Request message to the UDM 7501 including at least one of User ID and AKMA for dual steer supported indicator.
  • the AUSF 7601 Upon reception of the Nausf_UEAuthentication_Authenticate Request message from the AMF 70, the AUSF 7601 sends an Nudm_UEAuthentication_Get Request message to the UDM 7501 including at least one of User ID and AKMA for dual steer supported indicator.
  • Step 4 Upon reception of the Nudm_UEAuthentication_Get Request message from the AUSF 7601 in step 3, The UDM 7501 generates a 5G HE AV for SUPI 1 in Dual Steer device 3.
  • the 5G HE AV is a Home Environment Authentication Vector for SUPI 1 in Dual Steer device 3.
  • UDM 7501 sends an Nudm_UEAuthentication_Get Response message to AUSF 7601 including at least one of 5G HE AV, Associated SUPI, RID for associated SUPI and prime indication.
  • the 5G HE AV The 5G HE AV is a Home Environment Authentication Vector for the SUPI.
  • Associated SUPI indicates an associated SUPI that the Dual Steer device can configure with.
  • the Associated SUPI is SUPI 2.
  • - RID for associated SUPI The RID for associated SUPI indicates a Routing Indicator for the associated SUPI.
  • the RID for the associated SUPI is the Routing Indicator for SUPI 2.
  • - prime indication The prime indication indicates either the SUPI, indicated in the Registration Request message in Step 1, is a prime SUPI or other than the prime SUPI.
  • the other than the prime SUPI may be a secondary SUPI.
  • the prime SUPI is a SUPI that might represent Dual Steer device 3 to the RAN node 5, core network 7, Operation and Maintenance system and AF 201, AP 202 in data network 20.
  • the prime indication may include a SUPI value.
  • the prime indication includes SUPI 1 to indicate that SUPI 1 is the prime SUPI among the other SUPIs.
  • Step 5 The Authentication procedure continues either from steps 3 to 11 in section 6.1.3.1 in 3GPP TS 33.501 [7] or from steps 3 to 12 in section 6.1.3.2.0 in 3GPP TS 33.501 [7].
  • Step 6 After successful Authentication procedure in Step 5, the AUSF 7601 generates an AKMA information for SUPI 1.
  • the AKMA information include a KAKMA (AKMA Anchor Key), A-KID (AKMA Key Identifier).
  • Step 7 If AUSF 7601 received the Associated SUPI, set to SUPI 2, in the Step 4, AUSF 7601 finds AUSF 7602 as an AUSF for SUPI 2. In case that the Nausf_UEAuthentication_Authenticate Request message from AMF 70 in Step 2 does not include the AKMA for dual steer supported indicator, AUSF 7601 does not perform Steps 7 to 9.
  • Step 8. AUSF 7601 sends the Nausf_Get_AKMA_info message to AUSF 7602 including at least SUPI.
  • the SUPI includes SUPI 2.
  • Step 9 Upon reception of the Nausf_Get_AKMA_info message from the AUSF 7601, the AUSF 7602 generates an AKMA information for SUPI 2.
  • the AKMA information include a KAKMA (AKMA Anchor Key) and A-KID (AKMA Key Identifier) for SUPI 2.
  • AUSF 7601 finds an associated AAnF for SUPI 2.
  • AUSF 7602 sends the Nausf_Get_AKMA_info response message to AUSF 7601 including at least AKMA information, AAnF address for associated SUPI and UE AKMA related subscription information.
  • the following bullets explain each parameter in detail.
  • the AKMA information includes the KAKMA (AKMA Anchor Key) and A-KID (AKMA Key Identifier) for SUPI 2. Both the KAKMA and A-KID are generated from the KAUAF.
  • - AAnF address for associated SUPI The AAnF address for associated SUPI includes the AAnF address that is associated with the AUSF 7602 for SUPI 2.
  • - UE AKMA related subscription information for SUPI Example. list of NF_ID subscribed for SUPI 2.
  • AUSF 7602 cannot generate the AKMA information for any reason, for example SUPI 2 is not registered, AUSF 7602 provides a cause information indicating a reason why the AKMA information cannot be generated. Possible cause information includes "UE not registered”, “AKMA not supported”, “AKMA for dual steer not supported”, etc.
  • Step 10 Upon reception of the Nausf_Get_AKMA_info response message from AUSF 7602, AUSF 7601 sends the Naanf_AKMA_AnchorKey_Resister Request message to the AAnF1 including at least two sets of AKMA information, AUSF address for associated SUPI, AAnF address for associated SUPI and prime indication.
  • AAnF address for associated SUPI The following bullets explain each parameter in detail.
  • Two sets of AKMA information to include the AKMA information for SUPI 1 and the AKMA information for SUPI 2.
  • - AUSF address for the associated SUPI The AUSF address for associated SUPI includes the AUSF address that is associated with SUPI 2.
  • - AAnF address for the associated SUPI Refer to Step 9 in Fig. 1.
  • the prime indication indicates which SUPI is a prime SUPI, either SUPI 1 or SUPI 2.
  • Step 11 Upon reception of the Naanf_AKMA_AnchorKey_Resister Request message from AUSF 7601, AAnF 7701 stores two sets of AKMA information, one for SUPI 1 and the other one for SUPI 2, the AUSF address for SUPI 2, the AAnF address for SUPI 2 and prime indication. AAnF 7701 sends the Naanf_AKMA_AnchorKey_Resister Response message to the AUSF 7601.
  • Step 12 The Registration procedure continues from steps 10 to 19c in section 4.2.2.2.2 in 3GPP TS 23.502 [5].
  • Step 13 The AMF 70 sends the Registration Accept message to Dual Steer device 3 including at least 5G-GUTI and AKMA for dual steer registered.
  • - 5G-GUTI The 5G-GUTI is a temporary identifier for SUPI 1 assigned by AMF 70.
  • - AKMA for dual steer registered The AKMA for dual steer registered indicates that the AKMA keys for Dual Steer device 3 have been successfully configured and the AKMA function is ready to be used in core network 7.
  • the AKMA for dual steer registered may indicate that either a single AKMA key for SUPI 1 is successfully configured or that two sets of AKMA keys for both SUP1 and SUPI 2 are successfully configured in the core network 7.
  • AKMA for dual steer registered is employed, however it is not limited, any other notation for a parameter to indicate that the AKMA keys for Dual Steer device 3 has been successfully configured the AKMA function ready to use in the core network 7 may be used, and/or any other notation for a parameter to indicate that either a single AKMA keys for SUPI 1 is successfully configured or two sets of AKMA keys for both SUP1 and SUPI 2 are successfully configured in the core network 7 may be used, and/or any other notation for a parameter to indicate that Dual Steer device 3 with the User ID has been successfully configured the AKMA function ready to use in core network 7, i.e.. Dual Steer device 3 , with single USIM, has been successfully configured the AKMA function ready to use in the core network 7 may be used.
  • Dual Steer device 3 and core network 7 have two sets of AKMA keys synchronized and ready to use the either key when Dual Steer device 3 establishes an application session with AF 201 that supports AKMA.
  • Fig. 4 discloses an example of AKMA key handling when the application session is established for Dual Steer device 3.
  • Fig. 1 discloses the mechanism that the AUSF fetches the AKMA information for an associated SUPI by contacting an AUSF for the associated SUPI
  • the UDM may also fetch the AKMA information for an associated SUPI and forward them to the AUSF
  • Fig. 2 illustrates an example of a Deriving AKMA key after primary authentication during the Registration procedure.
  • Step 1 Steps 0 to 3 in Fig. 1 are executed.
  • Step 2 Upon reception of the Nudm_UEAuthentication_Get Request message from AUSF 7601 in step 3 in Fig. 1, UDM 7501 generates a 5G HE AV for SUPI 1 in Dual Steer device 3.
  • the 5G HE AV is a Home Environment Authentication Vector for SUPI 1 in Dual Steer device 3.
  • UDM 7501 has an Associated SUPI (SUPI 2) and the Nudm_UEAuthentication_Get Request message from AUSF 7601 in step 3 of Fig. 1 including the AKMA for dual steer supported indicator, UDM 7501 finds AUSF 7602 as an AUSF for SUPI 2 and following steps take place.
  • SUPI 2 Associated SUPI
  • Step 3 UDM 7501 sends the Nausf_Get_AKMA_info message to AUSF 7602 including at least SUPI.
  • the SUPI includes SUPI 2.
  • Step 4 Upon reception of the Nausf_Get_AKMA_info message from UDM 7501, the AUSF 7602 generates an AKMA information for SUPI 2.
  • the AKMA information includes a KAKMA (AKMA Anchor Key) and A-KID (AKMA Key Identifier) for SUPI 2.
  • AUSF 7602 finds an associated AAnF for SUPI 2.
  • AUSF 7602 sends the Nausf_Get_AKMA_info response message to UDM 7501 including at least AKMA information and Associated AAnF address.
  • the AKMA information includes the KAKMA (AKMA Anchor Key) and A-KID (AKMA Key Identifier) for SUPI 2.
  • the Associated AAnF address includes the AAnF address that is associated with AUSF 7602 for SUPI 2.
  • AUSF 7602 In case AUSF 7602 cannot generate the AKMA information for any reason, for example SUPI 2 is not registered, AUSF 7602 provides a cause information indicating a reason why the AKMA information cannot be generated. Possible cause information may include "UE not registered”, “AKMA not supported”, “AKMA for dual steer not supported”, etc.
  • UDM 7501 sends an Nudm_UEAuthentication_Get Response message to AUSF 7601 including at least one of the following: 5G HE AV, Associated SUPI, RID for associated SUPI, prime indication, the AUSF address for the associated SUPI, the AAnF address for the associated SUPI.
  • 5G HE AV Refer to Step 4 in Fig. 1.
  • Associated SUPI Refer to Step 4 in Fig. 1.
  • Associated SUPI includes SUPI2.
  • - RID for associated SUPI Refer to Step 4 in Fig. 1.
  • - prime indication Refer to Step 4 in Fig. 1.
  • - AUSF address for associated SUPI Refer to Step 10 in Fig. 1.
  • - AAnF address for associated SUPI Refer to Step 9 in Fig. 1.
  • Step 6 Steps 5 and 6 in Fig. 1 are executed.
  • Fig. 1 discloses the mechanism whereby the AUSF fetches the AKMA information for an associated SUPI by contacting a UDM for the associated SUPI, the UDM may also fetch the AKMA information for the associated SUPI and forward them to the AUSF.
  • Fig. 3 illustrates an example of a Deriving AKMA key after primary authentication during the Registration procedure.
  • Step 1 Steps 0 to 3 in Fig. 1 are executed.
  • Step 4 Upon reception of the Nudm_Get_AKMA_info message from UDM 7501, UDM 7502 sends the Nausf_Get_AKMA_info message to AUSF 7602 including at least SUPI.
  • the SUPI includes SUPI 2.
  • AUSF 7602 In case AUSF 7602 cannot generate the AKMA information for any reason, for example SUPI 2 is not registered, AUSF 7602 provides a cause information indicating a reason why the AKMA information cannot be generated. Possible cause information includes "UE not registered”, “AKMA not supported”, “AKMA for dual steer not supported”, etc.
  • Step 7 Steps 5 to 7 in Fig. 2 are executed.
  • a UDM for SUPI 2 detects that SUPI 2 is de-registered from core network 7, the UDM for SUPI 2 sends Naanf_AKMA_Context_Remove request to AAnF 7701 for SUPI 1 indicating partial removal of the AKMA information for SUPI 2.
  • the UDM for SUPI 2 sends the Nausf_AKMA_Context_Remove request to AUSF 7601 for SUPI 1 indicating partial removal of the AKMA information for SUPI 2.
  • the subscriber data that is described in Step 0 in Fig. 1 may be stored in UDR 7A.
  • UDM 7501 may obtain the subscriber data from UDR 7A.
  • AUSF 7601 sends Nausf_GET_AKMA_info from AAnF 7602 of SUPI 2.
  • AAnF 7602 stores SUPI 2, and K AKMA2 and A-KID2 of SUPI 2.
  • AAnF 7602 sends SUPI 2, K AKMA2 and A-KID2.
  • the AMF sends i) Identity request message with identity type both SUPI or dual steer device SUPI.
  • the UE3 receives the identity request message then the UE3 sends Identity response message containing SUPI 1 and SUPI 2 of the UE3 to the AMF.
  • Identity request message with identity type associated SUPI.
  • the UE sends second SUPI (i.e., SUPI 2) to the AMF.
  • SUPI 2 SUPI 2
  • the AMF sends both SUPI 1 and SUPI2 to the AUSF7601 and AUSF sends these two SUPIs to the UDM 7501.
  • the UDM7501 finds that two SUPIs are associated, then the UE3 will indicate to the AMF70 and AMF then indicates AKMA for dual steer registered.
  • the UDM also indicates to the AUSF7601 or AUSF 7602 that the UE3 contains associated SUPI.
  • the AUSF7601 and AUSF 7602 tells to the AAnF which in turns to the AF201 using the message defined in the embodiments.
  • Second example of the First Aspect This example discloses a mechanism detailing how the AKMA key is chosen and used for the application session with Dual Steer device 3. Based on the mechanism disclosed by the first example of the First Aspect, the AAnFs for both SUPI 1 and SUPI 2 have two AKMA keys, one for SUPI 1 and the other one for SUPI 2.
  • Fig. 4 illustrates an example for a selection or update of the AKMA key applied to the application session with Dual Steer device 3.
  • USIM 3502 with SUPI 2 registers to AMF 7002 and obtains an AKMA key for SUPI 2.
  • SUPI 2 is associated with AAnF 7702.
  • the AKMA key includes KAKMA (AKMA Anchor Key) and A-KID (AKMA Key Identifier) for SUPI 2.
  • USIM 3501 with SUPI 1 establishes a PDU Session (PDU Session 1) with SMF 71 and UPF 72 that is applicable to the Application session.
  • USIM 3502 with SUPI 2 establishes a PDU Session (PDU Session 2) with SMF 71 and UPF 72 that is applicable to the Application session.
  • PDU Session 2 PDU Session 2
  • Dual Steer device 3 establishes the Application Session using an A-KID generated based on KAUSF for SUPI 1 using the PDU Session 1.
  • Dual Steer device 3 may also send Dual Steer device support indicator in a Ua* message between Dual Steer device 3 and AF 201.
  • the Ua* message includes the Application Session Establishment Request message, in an existing Ua* message or in a new Ua* message.
  • Step 0-6 The PDU Session Switch procedure is performed for switching from the PDU Session 1 to PDU Session 2 for Dual Steer device 3.
  • PDU Session 1 is active, and the Application Session is established with AKMA based security using AKMA keys for SUPI 1.
  • Dual Steer device 3 decides to switch from PDU Session 1 to PDU Session 2.
  • the switching between the PDU sessions can happen due to any reason, for example, round-trip delay between a Dual Steer device 3 and UPF 72 may exceed a predefined threshold or radio conditions on the access network serving of PDU Session 1 with SUPI 1 may become unstable.
  • PDU Session 1 and PDU Session 2 are established but there is no Application Session on any of the PDU session 1 and PDU session 2.
  • Step 1 is the very first time that the Application Session is established.
  • Dual Steer device 3 sends the Application Session Establishment Request to AF 201 including at least A-KID.
  • the A-KID may be associated with SUPI 1 or associated with SUPI 2.
  • the A-KID is associated with SUPI 2.
  • the A-KID may be selected based on the following criteria.
  • - Device configuration of Dual Steer device 3. - Based on the URSP rule setting in Dual Steer device 3 as disclosed by the First example of the Second Aspect. - In one example the A-KID is related to the SUPI which is associated with the PDU session to which the application chooses to switch the traffic.
  • Step 2 Upon reception of the Application Session Establishment Request from Dual Steer device 3 in Step 1, the AF 201 sends the Naanf_AKMA_ApplicationKey_Get request message to AAnF 7702 including at least A-KID and AF_ID.
  • AF 201 sends the Naanf_AKMA_ApplicationKey_Get request message to AAnF 7702 including at least A-KID and AF_ID when AF 201 doesn't have application context associated with A-KID otherwise AF 201 uses the existing application context associated with the A-KID.
  • the following bullets explain each parameter in detail.
  • A-KID is a AKMA Key Identifier that is globally unique and identifies the KAKMA of the UE.
  • A-KID shall be in NAI format, i.e. username@realm.
  • the username part shall include the RID and the A-TID (AKMA Temporary UE Identifier), and the realm part shall include Home Network Identifier.
  • - AF_ID The AF_ID identifies the AF 201.
  • the AF_ID consists of the FQDN of the AF 201.
  • Step 3 AAnF 7702 derives the AKMA Application Key (KAF) from KAKMA for SUPI 2.
  • KAF AKMA Application Key
  • Step 4 If AAnF 7702 has an AKMA information for the Associated SUPI (SUPI 1), AAnF 7702 sends the Naanf_AKMA_ApplicationKey_Get request message to AAnF 7701 including at least A-KID and AF_ID for SUPI 1.
  • Step 5 Upon reception of the Naanf_AKMA_ApplicationKey_Get request message from AAnF 7702, AAnF 7701 derives the AKMA Application Key (KAF) from KAKMA for SUPI 1.
  • KAF AKMA Application Key
  • Step 6 AAnF 7701 sends the Naanf_AKMA_ApplicationKey_Get response message to AAnF 7702 including SUPI, GPSI, KAF and the KAF expiration time for SUPI 1.
  • SUPI Subscription Permanent Identifier. In this example, it is SUPI 1.
  • GPSI Generic Public Subscription Identifier.
  • the GPSI is an identifier used in data networks outside of the 3GPP system that can address a 3GPP subscription. It can be either an MSISDN or an External Identifier.
  • - KAF AKMA Application Key. The KAF is used by AF 201 for enabling the AKMA service.
  • - KAF expiration time Expiration time of the KAF.
  • Dual Steer device 3 and AF 201 have two sets of AKMA information, one set with SUPI 1 and the other set with SUPI 2.
  • Step 8 the AF 201 applies the KAF for SUPI 2 for AKMA based application security since it is assumed in this example that the Application Session Establishment Request message in Step 1 includes the A-KID for SUPI 2.
  • AF 201 applies the KAF for SUPI 1 for AKMA based application security.
  • AF 201 sends an existing Ua* message e.g. the Application Session Establishment Response message containing A-KID chosen by the AF 201 to apply the security context related to the A-KID for the current application session establishment.
  • Dual Steer device 3 receives A-KID in the Ua* message e.g. the Application Session Establishment Response containing A-KID, Dual Steer device 3 applies security context related to the A-KID related for the application session.
  • any the KAF is used as far as Dual Steer device 3 and core network 7 (i.e. AAnF) share the same AKMA information for multiple SUPIs that are equipped in Dual Steer device 3.
  • Step 1 in Fig. 4 triggers when Dual Steer device 3 sends the Application Session Establishment Request to AF 201 with an updated A-KDI are listed below as examples: - When the PDU Session Switch procedure is performed for switching from the PDU Session 1 to the PDU Session 2 for Dual Steer device 3 and the Application Session uses new PDU Session (PDU Session 2) for a connectivity service to AF 201. (This is an example that Second example of the First Aspect takes.) In this case, it is reasonable to use the KAF with SUPI 2 for AKMA as the PDU Session 2 is associated with SUPI 2.
  • the deregistration procedure with a SUPI that provides the A-KID and KAF for the Application Session could happen in the following sequence: - Two PDU Sessions, PDU Session 1 and PDU Session 2, with SUPI 1 and SUPI 2 respectively are established for Dual Steer device 3. - An Application Session is established over the PDU Session 1 with A-KID and AKF with SUPI 1. - The PDU Session Switch procedure is performed for switching from the PDU Session 1 to the PDU Session 2 for the Application Session but the A-KID and AKF with SUPI 1 continues applying to the Application Session by both Dual Steer device 3 and AF 201. - The SUP1 is deregistered with any reason.
  • the UICC Universal Integrated Circuit Card
  • the existing NF e.g., UDM 75 indicates to AAnF 7701 (e.g. to all the AAnF associated with SUPI 2) using an existing message between UDM 7501 and AAnF 7701 or a new message between UDM 7501 and AAnF 7701 indicating that SUPI 1 is deregistered to SUPI 2.
  • the message contains SUPI 1 and indication deregister or the message contains SUPI 1 only the meaning of the message is to indicate deregistration of the SUPI.
  • AAnF 7701 Upon receiving the message, AAnF 7701 indicates to AF 201 that SUPI 1 is deregistered to SUPI 2 either by including SUPI 1 or GPSI or any other user identity associated with SUPI 1.
  • UDM 7501 sends an existing message or a new message directly to AF 201 (e.g., to all AKMA enabled AF associated with the SUPI) indicating SUPI 1 is deregistered for SUPI 2.
  • the message contains SUPI 1 GPSI, or any other user identity associated with SUPI 1 and indicator deregistered.
  • Dual Steer device 3 sends A-KID 1 and A-KID 2 to AF 201.
  • the AF 201 receives A-KID 1 and A-KID2
  • the AF 201 fetches Application Function Key KAF, user identity and other subscription parameter of SUPI 1 and SUPI 2 from the AAnFs, AAnF 7701 corresponding to the A-KID 1 and AAnF 7702 corresponding to A-KID 2 respectively.
  • the AF 201 determines based on the subscription parameter of both SUPI 1 and SUPI 2 which KAF to use for the security parameter at the AF 201 for the current application session and sends the selected A-KID to Dual Steer device 3 in the existing message at the Ua* interface or in a new Ua* message.
  • Dual Steer device 3 receives the Ua* message
  • Dual Steer device 3 and AF 201 start using the AKMA security parameter corresponding to the received A-KID.
  • the primary KAF should be used then the AF 201 sends A-KID related to the primary SUPI.
  • the subscription parameter stores the priority of the two SUPIs, SUPI 1 and SUPI 2. The priority of whichever SUPI is higher than the AF 201 shall choose the KAF related to the higher priority SUPI.
  • any AAnF (e.g. AAnF of SUPI 2 in step 7) in Fig. 4 can take decision which KAF can be used based on the subscription or local policy of the AAnF and pass corresponding A-KID to the AF 201.
  • the AF 201 informs to Dual Steer device 3 as described above in this embodiment.
  • step 1 the UE3 keeps using the KAF (in this case it is KAF related to SUPI 1) used in step 0-5 and AF201 also keep using the KAF which was used in step 0-5 implicitly the UE sending any Application Session Establishment Request message.
  • the UE may send Application Session Establishment Request message sending A-KID 1 to the AF201.
  • step 1 if the KAF of SUPI 1 expiration timer expires in AF201 or KAF is deleted at the AAnF function by a NF then the AF201 or AAnF7701 or AAnF 7702 selects A-KID of SUPI 2 and sends in the Application Session Establishment Response message.
  • the UE03 and the AF201 will start using the KAF related to A-KID of SUPI 2 to as security context for the application data.
  • All the embodiments apply for the case i) when a same PDU address is assigned to PDU session 1 and PDU session 2 or ii) different PDU sessions assigned to PDU session 1 and PDU session 2.
  • the UE3 and AF201 establishes a new connection (e.g., TCP connection, UDP connection or HTTPS connection) or application session- (e.g., IMS session) between UE3 and AF201 when an application switches from PDU session 1 to PDU session 2.
  • the UE3 and the AF201 start applying the new selected KAF as chosen in the above embodiments to the new connection or the application session.
  • This example discloses a mechanism that the AKMA key that are generated by a SUPI in which a PDU Session being used for Application Session is always used.
  • UPF 72 notifies the change to AF 201.
  • the AF 201 verifies that the A-KID received from Dual Steer device 3 is the one generated by the KAUSF of the SUPI that is associated with the latest PDU Session. With this authorization, the AKMA with the SUPI that is associated with the latest PDU Session can be confirmed.
  • Fig. 5 illustrates an example of applying AKMA key with SUPI that is associated with the latest PDU Session.
  • Step 1 Steps 0-1 to 0-5 in Fig. 4 take place.
  • Step 1 Upon establishing the Application Session with Dual Steer device 3, the AF 201 sends the Nnef_EventExposure_Subscribe request message to the NEF 79 including at least Dual Steer status requested, A-KID, AF ID, User IP address and SUPI.
  • Dual Steer status requested The Dual Steer status requested indicates that the service consumer is requesting a dual steer status notification.
  • A-KID Refer to Step 2 of Fig. 4.
  • - AF ID Refer to Step 2 of Fig. 4.
  • - User IP address End User IP address of Dual Steer device 3 being used.
  • - SUPI Refer to Step 6 of Fig. 4.
  • Step 2 NEF 79 authorizes AF 201 request. If the authorization is not granted, NEF 79 replies to AF 201 with a Result value indicating authorization failure.
  • Step 3 If NEF 79 does not have an IP address of UPF 72 as a PDU Session Anchor for the Application Session, NEF 79 sends Nnrf_NFDiscovery message to NRF 78 including at least User IP address, AF ID and SUPI.
  • NRF 78 including at least User IP address, AF ID and SUPI.
  • - User IP address Refer to Step 1 of Fig. 5.
  • - AF ID Refer to Step 2 of Fig. 4.
  • - SUPI Refer to Step 6 of Fig. 4.
  • Step 4 Upon reception of the Nnrf_NFDiscovery message from NEF 79, NRF 78 finds the UPF address of UPF 72 implementing NAT functionality for the UE IP address. NRF 78 sends the Nnrf_NFDiscovery response message to NEF 79 including at least UPF address. The UPF address indicates UPF 72 that implements the NAT functionality for the UE IP address for Dual Steer device 3.
  • NEF 79 sends Nupf_EventExposure_Subscribe message to UPF 72 including at least Dual Steer status requested, SUPI and User IP address. The following bullets explain each parameter in detail.
  • Dual Steer status requested Refer to Step 1 of Fig. 5.
  • SUPI Refer to Step 6 of Fig. 4.
  • User IP address Refer to Step 1 of Fig. 5.
  • NEF 79 sends Nnef_EventExposure_Subscribe response message to AF 201.
  • NEF 79 sends Nnef_EventExposure_Subscribe response message to AF 201 after Step 2.
  • Step 8 The PDU Session Switch procedure is performed for switching from the PDU Session 1 to the PDU Session 2 for Dual Steer device 3.
  • Step 9 UPF 72 detects the PDU Session change for the Dual Steer device 3 as executed in Step 8, UPF 72 sends the Nupf_EventExposure_Notify message to NEF 79 including at least User IP address, Dual Steer status (Switch to SUPI 2 in this example). The following bullets explain each parameter in detail.
  • - User IP address Refer to Step 1 of Fig. 5.
  • Dual Steer status Dual Steer status indicates the latest status or even of the PDU Session used for Dual Steer device 3.
  • Dual Steer status may indicate "PDU Session switched with SUPI information where new PDU Session is associated with", “PDU Session is reduced to one with SUPI information where the released PDU Session is associated with”, “New PDU Session added with SUPI information where the added PDU Session is associated with”, “Entire Session is released”, “Switched to non-3GPP access”, “Switched to 3GPP access” and etc.
  • Step 10 Upon reception of the Nupf_EventExposure_Notify message from UPF 72, NEF 79 sends the Nnef_EventExposure Notify message to the AF 201 including at least User IP address, Dual Steer status (Switch to SUPI 2 in this example). Refer to Step 9 for parameter details.
  • Dual Steer device 3 sends the Application Session Establishment Request to the AF 201 including at least A-KID of SUPI 2 since the PDU Session Switch procedure is performed for switching from PDU Session 1 to PDU Session 2 in Step 8.
  • Step 10 in Fig. 5 once the AF 201 obtains new SUPI associated with the latest PDU Session being used for Application Session, the AF 201 may initiate the KAF refresh procedure over the Ua* reference point. (Note that the Ua* reference point applies between Dual Steer device 3 and AF 201.) The AF 201 sends a KAF refresh request message to Dual Steer device 3 including an A-KID that the AF 201 wishes to apply for the AKMA function to the Application Session.
  • the A-KID in the KAF refresh request message may be a A-KID generated from an KAUSF of a SUPI that is associated with the latest PDU Session being used for Application Session.
  • Dual Steer device 3 may send the Application Session Establishment Request to the AF 201 including at least the received A-KID.
  • the Dual Steer Status parameter may also indicate the reason for the PDU Session switch from SUPI 1 to SUPI 2 or vice versa.
  • the reason for the PDU Session switch may be a congestion in one of the SUPIs when both SUPIs are from the same network operator.
  • the Dual Steer Status parameter may indicate 'congestion on SUPIx' cause to AF 201.
  • Another reason for the PDU Session switch between the SUPIs could be no or low coverage on one of the SUPIs when the two SUPIs are from different network operators.
  • the Dual Steer Status parameter may indicate 'no/low coverage on SUPIx' cause to AF 201.
  • the Dual Steer Status parameter may also indicate the time at which the PDU Session switched between the SUPIs.
  • Step 1 Steps 0-1 to 0-5 in Fig. 4 take place.
  • Dual Steer device 3 sends a Request message to the AF 201 including at least User IP address and AF-ID.
  • - User IP address Refer to Step 1 of Fig. 5.
  • - AF ID Refer to Step 2 of Fig. 4.
  • Step 2 Upon reception of the Request message from Dual Steer device 3, the AF 201 finds the associated A-KID with the AF ID for the user that has the received User IP address has been assigned. If AF 201 finds multiple A-KIDs, AF 201 selects one A-KID to apply AKMA based security for the Application session, linked with the AF ID, based on operator policy, based on configuration, or based on subscriber data or any combination of selection making criteria. Once AF 201 chooses an appropriate A-KID, AF 201 sends the KAMA initiation message to Dual Steer device 3 including at least A-KID. Refer to Step 2 of Fig. 4 for parameter detail of A-KID. One example, the AF 201 sends multiple A-KID with priority order that may be used for the AKMA based security for the Application session as linked with the AF ID.
  • Step 4 Steps 2 to 7 in the AAnF response with UE Identity procedure as described in section 6.2.1 in 3GPP TS 33.535 [3] take place for deriving AKMA Application Key for the Application session.
  • Step 4 the AKMA based security with the selected A-KID applies to the Application Session between Dual Steer device 3 and AF 201.
  • This example discloses a mechanism that the AKMA key to apply to the Application Session with Dual Steer device 3 is decided based on a decision made by AF 201.
  • Fig. 7 illustrates an example of the A-KID selection by the AF.
  • Step 1 Steps 0-1 to 0-5 in Fig. 4 take place.
  • Step 2 Upon reception of the Application Session Establishment Request from Dual Steer device 3, the AF 201 examines the received one or multiple A-KIDs whether they are valid to apply for AKMA based security for the Application Session. If the AF 201 finds multiple A-KIDs valid to apply AKMA based security for the Application session, the AF 201 selects one A-KID to apply AKMA based security for the Application session, linked with the AF ID, based on operator policy, based on configuration, or based on subscriber data or any combination of selection making criteria.
  • Steps 2 to 6 in the AAnF response with UE Identity procedure as described in section 6.2.1 in 3GPP TS 33.535 [3] take place with the selected A-KID for deriving AKMA Application Key for the Application session.
  • Step 3 AF 201 sends the Application Session Establishment Response to Dual Steer device 3 including at least A-KID.
  • Dual Steer device 3 apply the received A-KID for the AKMA based security to the Application session.
  • Step 3 the AKMA based security with the selected A-KID applies to the Application Session between Dual Steer device 3 and AF 201.
  • This example discloses an architecture to support the Generic Authentication Architecture (GAA) and Generic Bootstrapping Architecture (GBA) functions for the Dual Steer devices with two or more USIMs by managing multiple Ks_NAFs in both, Dual Steer device 3 and NAF 203.
  • GAA Generic Authentication Architecture
  • GBA Generic Bootstrapping Architecture
  • Fig. 8 illustrates an example of the GAA and the GBA for Dual Steer device 3.
  • Registration Procedures > Step 0-1.
  • the Registration procedure for SUPI 1 in Dual Steer device 3 takes place with the GAA and GBA supported 5GC.
  • the First example of the First Aspect applies to this procedure with the following replacements showing after the Step 0-2.
  • Step 0-2. The Registration procedure for SUPI 2 in Dual Steer device 3 takes place with the GAA and GBA supported 5GC.
  • the First example of the First Aspect applies to this procedure with the following replacements.
  • - AUSF 7601 is replaced with BSF 7B01.
  • - AUSF 7602 is replaced with BSF 7B02.
  • - AF 201 is replaced with NAF 203.
  • - UDM 7501 may stay the same.
  • UDM 7501 may be HSS or HLR.
  • - AKMA for dual steer supported indicator is replaced with GAA and GBA for dual steer supported indicator.
  • - AKMA for dual steer registered is replaced with GAA and GBA for dual steer registered.
  • the Bootstrapping procedure in section 4.5.2 of 3GPP TS 33.220 [9] take place for SUPI 1.
  • SUPI 1 derives B-TID1 and associated lifetime of the key Ks.
  • Step 0-4 The Bootstrapping procedure in section 4.5.2 of 3GPP TS 33.220 [9] take place for SUPI 2. After the Bootstrapping procedure, SUPI 2 derives B-TID2 and associated lifetime of the key Ks.
  • Dual Steer device 3 selects a B-TID, from B-TID 1 and B-TID 2.
  • the B-TID may be selected based on the following criteria.
  • - Device configuration of Dual Steer device 3. - Based on the URSP rule setting in Dual Steer device 3 as disclosed by the First example of the Second Aspect.
  • Dual Steer device 3 may decide to update the Key Ks for the Application security for NAF 203.
  • the Security Key update trigger is listed below. But not limited with the following triggers: - When the PDU Session Switch procedure is performed for switching from the PDU Session 1 to the PDU Session 2 for Dual Steer device 3 and the Application Session uses new PDU Session (PDU Session 2) for a connectivity service to NAF 203. (This is an example that Second example of the First Aspect takes.) In this case, it is reasonable to use the Key As with SUPI 2 for GAA and GBA as PDU Session 2 is associated with SUPI 2.
  • Dual Steer device 3 may select new B-TID to use for Application security.
  • Dual Steer device 3 performs the Bootstrapping usage procedure as defined in section 4.5.3 of 3GPP TS 33.220 [9].
  • a B-TID in the Application request in Step 1 of the section 4.5.3 of 3GPP TS 33.220 [9] may be different from the one being used for the Application security with NAF 203.
  • Second Aspect includes a general architecture how the AKMA applicability information is managed in core network 7 and shared with Dual Steer device 3.
  • Fig. 9 illustrates an example of general architecture for the AKMA applicability information management.
  • the AKMA applicability information is stored in the UDR 7A for each SUPI as a subscriber data.
  • SUPI 1 is associated with the UDR 7A01 and SUPI 2 is associated with UDR 7A02.
  • the AKMA applicability information is defined per Application.
  • the subscriber data may have multiple Applications that can be accessed with the corresponding SUPI.
  • SUPI 1 has three Applications, APL-1, APL-2 and APL-3, allowed to access. While APL-1 and APL-3 can use AKMA function, APL-2 is not allowed to use AKMA function.
  • Fig. 10 illustrates an example how the AKMA applicability information is structured in the URSP rule. This example discloses that the AKMA applicability information may be stored in the Traffic descriptor in the URSP Rule.
  • a value of the AKMA applicability information may be form any of the followings.
  • This example explains the Application (APL-3) behaver in Dual Steer device 3 by referring to Fig. 9.
  • the APL-3 may take the following steps in order to find an appropriate SUPI to use for a connectivity service for the Application Session.
  • Step 1 the APL-3 confirms how many UICCs being equipped in Dual Steer device 3.
  • the APL-3 confirms that the UICCs for SUPI 1 and SUPI 2 are equipped.
  • Step 2 the APL-3 confirms each equipped SUPIs whether they have been registered or not. Dual Steer device 3 may initiate the Registration procedure with the equipped SUPI if possible and needed.
  • Step 4 the APL-3 confirms whether any SUPIs registered to have a UE policy (URSP rule) that allowed to access to a target Application server for the Application service for the APL-3 based on the URSP rules.
  • URSP rule UE policy
  • the URSP 1 for SUPI 1 has associated information (Priority High) for APL-3
  • the URSP 2 for SUPI 2 has associated information (Priority Low) for APL-3.
  • Step 5 the APL-3 confirms that SUPI 1 is the most relevant SUPI to use for Application Session. If a PDU Session that is applicable to the Application Session has been established with SUPI 1, Dual Steer device 3 initiates the AAnF response with UE Identity procedure as described in Section 6.2.1 in 3GPP TS 33.535 [3] with an A-KID for SUPI 1 for establishing the Application Session for the APL-3. Otherwise, Dual Steer device 3 may initiate the UE Requested PDU Session Establishment procedure as described in section 4.3.2.2 in 3GPP TS 23.502 [5] and the AAnF response with UE Identity procedure with an A-KID for SUPI 1 takes place after successful PDU Session establishment.
  • Step 6 If the APL-3 finds that there is no PDU Session available with SUPI 1 for the APL-3 (Example, network congestion, resource not available, service restriction on SUPI 1, etc), the APL-3 takes the Step 5 with SUPI 2 since SUPI 2 is usable for the APL-3 but it is rated as Low priority.
  • the URSP for AKMA is coded "AKMAURSP", "URSPAKMA” or any other expressions in the UE policy classmark as defined in Section D.6.5 in 3GPP TS 24.501 [8].
  • Step 2 When the PCF 73 initiates the Network-requested UE policy management procedure as defined in Section D.2.1 in 3GPP TS 24.501 [8], the received URSP for AKMA into account for generating the URSP rule Dual Steer device 3.
  • the PCF 73 may send AKMA support indication to each application in the URSP rule which indicates whether the application in the URSP support AKMA AF or not.
  • Step 2 in Fig. 12 when the PCF 73 received the URSP for AKMA supported from Dual Steer device 3 in Step 1 and the PCF needs to send the MANAGE UE POLICY COMMAND message to Dual Steer device 3, the MANAGE UE POLICY COMMAND message may include "AKMA support" to newly defined information element "AKMAURSP", "URSPAKMA” or any other expressions in the UE policy network classmark in case where the PCF 73 can handle or generates the AKMA related information in the URSP rule.
  • the (R)AN node 5 can also support a communication using the satellite access.
  • the (R)AN node 5 may support a satellite access and a terrestrial access.
  • the (R)AN node 5 can also be referred as an access node for a non-wireless access.
  • the non-wireless access includes a fixed line access as defined by the Broadband Forum (BBF) and an optical access as defined by the innovative Optical and Wireless Network (IOWN).
  • a UE 3 may enter and leave the areas (i.e. radio cells) served by the (R)AN node 5 as the UE 3 is moving around in the geographical area covered by the telecommunication system 1.
  • the core network 7 comprises at least one access and mobility management function (AMF) 70.
  • the AMF 70 is in communication with the (R)AN node 5 coupled to the core network 7.
  • a mobility management entity (MME) or a mobility management node for beyond 5G or a mobility management node for 6G may be used instead of the AMF 70.
  • the data network 20 can be an internet, a public network, an external network, a private network or an internal network of the PLMN.
  • the IP Multimedia Subsystem (IMS) service may be provided by that data network 20.
  • the UE 3 can be connected to the data network 20 using IPv4, IPv6, IPv4v6, Ethernet or unstructured data type.
  • the data network may include an Application Function (AF) 201.
  • AF Application Function
  • RRC setup complete message This message is sent from the UE 3 to the (R)AN node 5.
  • RRC setup complete message - guami-Type, iab-NodeIndication, idleMeasAvailable, ue-MeasurementsAvailable, mobilityState, ng-5G-S-TMSI-Part2, registeredAMF, selectedPLMN-Identity, s-NSSAI-List , onboardingRequest
  • - registration accept message This message is sent from the AMF 70 to the UE 3.
  • following parameters may be included together in the registration accept message.
  • - Registration Complete message This message is sent from the UE 3 to the AMF 70. In addition to the parameters that are disclosed by Aspects in this disclosure, following parameters may be included together in the Registration Complete message. - SOR transparent container. - Authentication Request message: This message is sent from the AMF 70 to the UE 3. In addition to the parameters that are disclosed by Aspects in this disclosure, following parameters may be included together in the Authentication Request message. - ngKSI, ABBA, Authentication parameter RAND (5G authentication challenge), Authentication parameter AUTN (5G authentication challenge) and EAP message. - Authentication Response message: This message is sent from the UE 3 to the AMF 70.
  • Authentication Response message - Authentication response message identity, Authentication response parameter and EAP message.
  • - Authentication Result message This message is sent from the AMF 70 to the UE 3.
  • following parameters may be populated together in the Authentication Result message.
  • - Authentication Failure message This message is sent from the UE 3 to the AMF 70.
  • following parameters may be populated together in the Authentication Failure message.
  • - Authentication failure message identity 5GMM cause and Authentication failure parameter.
  • - Authentication Reject message This message is sent from the AMF 70 to the UE 3. In addition to the parameters that are disclosed by Aspects in this disclosure, following parameters may be populated together in the Authentication Reject message.
  • EAP message This message is sent from the UE 3 to the AMF 70. In addition to the parameters that are disclosed by Aspects in this disclosure, following parameters may be populated together in the Service Request message. - ngKSI, Service type, 5G-S-TMSI, Uplink data status, PDU session status, Allowed PDU session status, NAS message container.
  • - Service Accept message This message is sent from the AMF 70 to the UE 3.
  • Service Accept message - PDU session status, PDU session reactivation result, PDU session reactivation result error cause, EAP message and T3448 value.
  • Service Reject message This message is sent from the AMF 70 to the UE 3.
  • Service Reject message This message is sent from the AMF 70 to the UE 3.
  • Service Reject message - 5GMM cause, PDU session status, T3346 value, EAP message, T3448 value and CAG information list.
  • Configuration Update Command message This message is sent from the AMF 70 to the UE 3.
  • a controller 33 controls the operation of the UE 3 in accordance with software stored in a memory 36.
  • the software includes, among other things, an operating system 361 and a communications control module 362 having at least a transceiver control module 3621.
  • the communications control module 362 (using its transceiver control module 3621) is responsible for handling (generating/sending/receiving) signalling and uplink/downlink data packets between the UE 3 and other nodes, such as the (R)AN node 5 and the AMF 70.
  • Such signalling may include, for example, appropriately formatted signalling messages (e.g. a registration request message and associated response messages) relating to access and mobility management procedures (for the UE 3).
  • the controller 33 interworks with one or more Universal Subscriber Identity Module (USIM) 35. If there are multiple USIMs 35 equipped, the controller 33 may activate only one USIM 35 or may activate multiple USIMs 35 at the same time.
  • USIM Universal Subscriber Identity Module
  • the UE 3 may, for example, support the Non-Public Network (NPN),
  • NPN Non-Public Network
  • the NPN may be a Stand-alone Non-Public Network (SNPN) or a Public Network Integrated NPN (PNI-NPN).
  • SNPN Stand-alone Non-Public Network
  • PNI-NPN Public Network Integrated NPN
  • the UE 3 may, for example, be an item of equipment for production or manufacture and/or an item of energy related machinery (for example equipment or machinery such as: boilers; engines; turbines; solar panels; wind turbines; hydroelectric generators; thermal power generators; nuclear electricity generators; batteries; nuclear systems and/or associated equipment; heavy electrical machinery; pumps including vacuum pumps; compressors; fans; blowers; oil hydraulic equipment; pneumatic equipment; metal working machinery; manipulators; robots and/or their application systems; tools; molds or dies; rolls; conveying equipment; elevating equipment; materials handling equipment; textile machinery; sewing machines; printing and/or related machinery; paper converting machinery; chemical machinery; mining and/or construction machinery and/or related equipment; machinery and/or implements for agriculture, forestry and/or fisheries; safety and/or environment preservation equipment; tractors; precision bearings; chains; gears; power transmission equipment; lubricating equipment; valves; pipe fittings; and/or application systems for any of the previously mentioned equipment or machinery etc.).
  • equipment or machinery such as: boilers
  • the UE 3 may, for example, be an item of transport equipment (for example transport equipment such as: rolling stocks; motor vehicles; motor cycles; bicycles; trains; buses; carts; rickshaws; ships and other watercraft; aircraft; rockets; satellites; drones; balloons etc.).
  • transport equipment for example transport equipment such as: rolling stocks; motor vehicles; motor cycles; bicycles; trains; buses; carts; rickshaws; ships and other watercraft; aircraft; rockets; satellites; drones; balloons etc.
  • the UE 3 may, for example, be an item of information and communication equipment (for example information and communication equipment such as: electronic computer and related equipment; communication and related equipment; electronic components etc.).
  • the UE 3 may, for example, be a refrigerating machine, a refrigerating machine applied product, an item of trade and/or service industry equipment, a vending machine, an automatic service machine, an office machine or equipment, a consumer electronic and electronic appliance (for example a consumer electronic appliance such as: audio equipment; video equipment; a loud speaker; a radio; a television; a microwave oven; a rice cooker; a coffee machine; a dishwasher; a washing machine; a dryer; an electronic fan or related appliance; a cleaner etc.).
  • the UE 3 may, for example, be an electrical application system or equipment (for example an electrical application system or equipment such as: an x-ray system; a particle accelerator; radio isotope equipment; sonic equipment; electromagnetic application equipment; electronic power application equipment etc.).
  • an electrical application system or equipment such as: an x-ray system; a particle accelerator; radio isotope equipment; sonic equipment; electromagnetic application equipment; electronic power application equipment etc.
  • the UE 3 may, for example, be an electronic lamp, a luminaire, a measuring instrument, an analyzer, a tester, or a surveying or sensing instrument (for example a surveying or sensing instrument such as: a smoke alarm; a human alarm sensor; a motion sensor; a wireless tag etc.), a watch or clock, a laboratory instrument, optical apparatus, medical equipment and/or system, a weapon, an item of cutlery, a hand tool, or the like.
  • a surveying or sensing instrument such as: a smoke alarm; a human alarm sensor; a motion sensor; a wireless tag etc.
  • the UE 3 may, for example, be a wireless-equipped personal digital assistant or related equipment (such as a wireless card or module designed for attachment to or for insertion into another electronic device (for example a personal computer, electrical measuring machine)).
  • a wireless-equipped personal digital assistant or related equipment such as a wireless card or module designed for attachment to or for insertion into another electronic device (for example a personal computer, electrical measuring machine)).
  • the UE 3 may be a device or a part of a system that provides applications, services, and solutions described below, as to "internet of things (IoT)", using a variety of wired and/or wireless communication technologies.
  • IoT Internet of things
  • IoT devices may be equipped with appropriate electronics, software, sensors, network connectivity, and/or the like, which enable these devices to collect and exchange data with each other and with other communication devices.
  • IoT devices may comprise automated equipment that follow software instructions stored in an internal memory. IoT devices may operate without requiring human supervision or interaction. IoT devices might also remain stationary and/or inactive for a long period of time. IoT devices may be implemented as a part of a (generally) stationary apparatus. IoT devices may also be embedded in non-stationary apparatus (e.g. vehicles) or attached to animals or persons to be monitored/tracked.
  • IoT technology can be implemented on any communication devices that can connect to a communications network for sending/receiving data, regardless of whether such communication devices are controlled by human input or software instructions stored in memory.
  • the UE 3 may be a smart phone or a wearable device (e.g. smart glasses, a smart watch, a smart ring, or a hearable device).
  • a wearable device e.g. smart glasses, a smart watch, a smart ring, or a hearable device.
  • the UE 3 may be a reduced capability device (RedCap).
  • the UE 3 may be a car, or a connected car, or an autonomous car, or a vehicle device, or a motorcycle or V2X (Vehicle to Everything) communication module (e.g. Vehicle to Vehicle communication module, Vehicle to Infrastructure communication module, Vehicle to People communication module and Vehicle to Network communication module).
  • V2X Vehicle to Everything
  • FIG. 15 is a block diagram illustrating the main components of an exemplary (R)AN node 5, for example a base station ('eNB' in LTE, 'gNB' in 5G, a base station for 5G beyond, a base station for 6G).
  • the (R)AN node 5 includes a transceiver circuit 51 which is operable to transmit signals to and to receive signals from connected UE(s) 3 via one or more antennas 52 and to transmit signals to and to receive signals from other network nodes (either directly or indirectly) via a network interface 53.
  • a controller 54 controls the operation of the (R)AN node 5 in accordance with software stored in a memory 55.
  • Software may be pre-installed in the memory and/or may be downloaded via the telecommunication network or from a removable data storage device (RMD), for example.
  • the software includes, among other things, an operating system 551 and a communications control module 552 having at least a transceiver control module 5521.
  • the communications control module 552 (using its transceiver control sub-module) is responsible for handling (generating/sending/receiving) signalling between the (R)AN node 5 and other nodes, such as the UE 3, another (R)AN node 5, the AMF 70 and the UPF 72 (e.g. directly or indirectly).
  • the signalling may include, for example, appropriately formatted signalling messages relating to a radio connection and a connection with the core network 7 (for a particular UE 3), and in particular, relating to connection establishment and maintenance (e.g. RRC connection establishment and other RRC messages), NG Application Protocol (NGAP) messages (i.e. messages by N2 reference point) and Xn application protocol (XnAP) messages (i.e. messages by Xn reference point), etc.
  • Such signalling may also include, for example, broadcast information (e.g. Master Information and System information) in a sending case.
  • the RAN 501 and the RAN 502 may have same components to the (R)AN node 5.
  • the (R)AN node 5 may be expressed as a RAN node, RAN, (R)AN etc.
  • the (R)AN node 5 based on O-RAN architecture represents a system overview in which the (R)AN node is split into a Radio Unit (RU) 60, Distributed Unit (DU) 61 and Centralized Unit (CU) 62.
  • each unit may be combined.
  • the RU 60 can be integrated/combined with the DU 61 as an integrated/combined unit
  • the DU 61 can be integrated/combined with the CU 62 as another integrated/combined unit.
  • Any functionality in the description for a unit e.g. one of RU 60, DU 61 and CU 62
  • the UE 3 and a respective serving RU 60 are connected via an appropriate air interface (for example the so-called “Uu” interface and/or the like).
  • Each RU 60 is connected to the DU 61 via an appropriate interface (such as the so-called “Front haul”, “Open Front haul”, “F1” interface and/or the like).
  • Each DU 61 is connected to the CU 62 via an appropriate interface (such as the so-called “Mid haul”, “Open Mid haul", “E2" interface and/or the like).
  • Each CU 62 is also connected to nodes in the core network 7 (such as the so-called core network nodes) via an appropriate interface (such as the so-called “Back haul”, “Open Back haul”, “N2"/ “N3” interface(s) and/or the like).
  • an appropriate interface such as the so-called "Back haul”, “Open Back haul”, “N2"/ “N3” interface(s) and/or the like.
  • a user plane part of the DU 61 can also be connected to the core network nodes via an appropriate interface (such as the so-called “N3" interface(s) and/or the like).
  • each unit provides some of the functionality that is provided by the (R)AN node 5.
  • the RU 60 may provide a functionalities to communicate with a UE 3 (e.g., the Network Relay UE 300) over air interface
  • the DU 61 may provide functionalities to support MAC layer and RLC layer
  • the CU 62 may provide functionalities to support PDCP layer, SDAP layer and RRC layer.
  • Fig. 17 is a block diagram illustrating the main components of an exemplary RU 60, for example a RU part of base station ('eNB' in LTE, 'gNB' in 5G, a base station for 5G beyond, a base station for 6G).
  • the RU 60 includes a transceiver circuit 601 which is operable to transmit signals to and to receive signals from connected UE(s) 3 via one or more antennas 602 and to transmit signals to and to receive signals from other network nodes or network unit (either directly or indirectly) via a network interface 603.
  • a controller 604 controls the operation of the RU 60 in accordance with software stored in a memory 605.
  • Software may be pre-installed in the memory and/or may be downloaded via the telecommunication network or from a removable data storage device (RMD), for example.
  • the software includes, among other things, an operating system 6051 and a communications control module 6052 having at least a transceiver control module 60521.
  • the communications control module 6052 (using its transceiver control sub-module) is responsible for handling (generating/sending/receiving) signalling between the RU 60 and other nodes or units, such as the UE 3, another RU 60 and DU 61 (e.g. directly or indirectly).
  • the signalling may include, for example, appropriately formatted signalling messages relating to a radio connection and a connection with the RU 60 (for a particular UE 3 (e.g., the Network Relay UE 300)), and in particular, relating to MAC layer and RLC layer.
  • the controller 604 is also configured (by software or hardware) to handle related tasks such as, when implemented, UE mobility estimate and/or moving trajectory estimation.
  • the RU 60 may support the Non-Public Network (NPN),
  • NPN may be a Stand-alone Non-Public Network (SNPN) or a Public Network Integrated NPN (PNI-NPN).
  • SNPN Stand-alone Non-Public Network
  • PNI-NPN Public Network Integrated NPN
  • the RU 60 can be integrated/combined with the DU 61 as an integrated/combined unit. Any functionality in the description for the RU 60 can be implemented in the integrated/combined unit above.
  • FIG. 18 is a block diagram illustrating the main components of an exemplary DU 61, for example a DU part of a base station ('eNB' in LTE, 'gNB' in 5G, a base station for 5G beyond, a base station for 6G).
  • the apparatus includes a transceiver circuit 611 which is operable to transmit signals to and to receive signals from other nodes or units (including the RU 60) via a network interface 612.
  • a controller 613 controls the operation of the DU 61 in accordance with software stored in a memory 614.
  • Software may be pre-installed in the memory 614 and/or may be downloaded via the telecommunication network or from a removable data storage device (RMD), for example.
  • RMD removable data storage device
  • the DU 61 may support the Non-Public Network (NPN),
  • NPN may be a Stand-alone Non-Public Network (SNPN) or a Public Network Integrated NPN (PNI-NPN).
  • SNPN Stand-alone Non-Public Network
  • PNI-NPN Public Network Integrated NPN
  • the software includes, among other things, an operating system 6241 and a communications control module 6242 having at least a transceiver control module 62421.
  • the communications control module 6242 (using its transceiver control module 62421 is responsible for handling (generating/sending/receiving) signalling between the CU 62 and other nodes or units, such as the DU 61 and other nodes and units.
  • the CU 62 can be integrated/combined with the DU 61 as an integrated/combined unit. Any functionality in the description for the CU 62 can be implemented in the integrated/combined unit above.
  • FIG. 20 is a block diagram illustrating the main components of the AMF 70.
  • the apparatus includes a transceiver circuit 701 which is operable to transmit signals to and to receive signals from other nodes (including the UE 3 (e.g., the Network Relay UE 300 and the UE 3), the NSSF 76) via a network interface 702.
  • a controller 703 controls the operation of the AMF 70 in accordance with software stored in a memory 704.
  • Software may be pre-installed in the memory 704 and/or may be downloaded via the telecommunication network or from a removable data storage device (RMD), for example.
  • RMD removable data storage device
  • the software includes, among other things, an operating system 7041 and a communications control module 7042 having at least a transceiver control module 70421.
  • the communications control module 7042 (using its transceiver control module 70421 is responsible for handling (generating/sending/receiving) signalling between the AMF 70 and other nodes, such as the UE 3 (e.g. via the (R)AN node 5) and other core network nodes (including core network nodes in the HPLMN of the UE 3 when the UE 3 is roaming-in.
  • signalling may include, for example, appropriately formatted signalling messages (e.g. a registration request message and associated response messages) relating to access and mobility management procedures (for the UE 3).
  • FIG. 21 is a block diagram illustrating the main components of the SMF 71.
  • the apparatus includes a transceiver circuit 711 which is operable to transmit signals to and to receive signals from other nodes (including the AMF 70) via a network interface 712.
  • a controller 713 controls the operation of the SMF 71 in accordance with software stored in a memory 714.
  • Software may be pre-installed in the memory 714 and/or may be downloaded via the telecommunication network or from a removable data storage device (e.g. a removable memory device (RMD)), for example.
  • the software includes, among other things, an operating system 7141 and a communications control module 7142 having at least a transceiver control module 71421.
  • the communications control module 7142 (using its transceiver control module 71421 is responsible for handling (generating/sending/receiving) signalling between the SMF 71 and other nodes, such as the AMF 70 and other core network nodes (including core network nodes in the HPLMN of the UE 3 (e.g., the Network Relay UE 300 and the UE 3) when the UE 3 is roaming-in.
  • signalling may include, for example, appropriately formatted signalling messages (e.g. a HTTP restful methods based on the service based interfaces) relating to policy management procedures (for the UE 3).
  • the SMF 71 may support the Non-Public Network (NPN),
  • NPN may be a Stand-alone Non-Public Network (SNPN) or a Public Network Integrated NPN (PNI-NPN).
  • SNPN Stand-alone Non-Public Network
  • PNI-NPN Public Network Integrated NPN
  • the SMF 7101 and the SMF 7102 may have same components to the SMF 71.
  • Fig. 22 is a block diagram illustrating the main components of the UPF 72.
  • the apparatus includes a transceiver circuit 721 which is operable to transmit signals to and to receive signals from other nodes (including the SMF 71) via a network interface 722.
  • a controller 723 controls the operation of the UPF 72 in accordance with software stored in a memory 724.
  • Software may be pre-installed in the memory 724 and/or may be downloaded via the telecommunication network or from a removable data storage device (e.g. a removable memory device (RMD)), for example.
  • the software includes, among other things, an operating system 7241 and a communications control module 7242 having at least a transceiver control module 72421.
  • the UPF 72 may support the Non-Public Network (NPN),
  • NPN may be a Stand-alone Non-Public Network (SNPN) or a Public Network Integrated NPN (PNI-NPN).
  • SNPN Stand-alone Non-Public Network
  • PNI-NPN Public Network Integrated NPN
  • the UPF 7201, the UPF 7202 and the UPF 7203 may have same components to the UPF 72.
  • the communications control module 7342 (using its transceiver control module 73421 is responsible for handling (generating/sending/receiving) signalling between the PCF 73 and other nodes, such as the AMF 70 and other core network nodes (including core network nodes in the HPLMN of the UE 3 (e.g., the Network Relay UE 300 and the UE 3) when the UE 3 is roaming-in.
  • signalling may include, for example, appropriately formatted signalling messages (e.g. a HTTP restful methods based on the service based interfaces) relating to policy management procedures (for the UE 3).
  • the PCF 73 may support the Non-Public Network (NPN),
  • NPN may be a Stand-alone Non-Public Network (SNPN) or a Public Network Integrated NPN (PNI-NPN).
  • the PCF 7301, the PCF 7302, the PCF 7303, the V-PCF 7301, the V-PCF 7302 and the H-PCF 7303 may have same components to the PCF 73.
  • Fig. 24 is a block diagram illustrating the main components of the NWDAF 74.
  • the apparatus includes a transceiver circuit 741 which is operable to transmit signals to and to receive signals from other nodes (including the AMF 70 and the UDM 75) via a network interface 742.
  • a controller 743 controls the operation of the NWDAF 74 in accordance with software stored in a memory 744.
  • Software may be pre-installed in the memory 744 and/or may be downloaded via the telecommunication network or from a removable data storage device (e.g. a removable memory device (RMD)), for example.
  • a removable data storage device e.g. a removable memory device (RMD)
  • the software includes, among other things, an operating system 7441 and a communications control module 7442 having at least a transceiver control module 74421.
  • the communications control module 7442 (using its transceiver control module 74421 is responsible for handling (generating/sending/receiving) signalling between the NWDAF 74 and other nodes, such as the AMF 70 and other core network nodes (including core network nodes in the HPLMN of the UE 3 when the UE 3 is roaming-in.
  • signalling may include, for example, appropriately formatted signalling messages (e.g. a HTTP restful methods based on the service based interfaces) relating to policy management procedures (for the UE 3).
  • the NWDAF 74 may support the Non-Public Network (NPN),
  • NPN may be a Stand-alone Non-Public Network (SNPN) or a Public Network Integrated NPN (PNI-NPN).
  • SNPN Stand-alone Non-Public Network
  • PNI-NPN Public Network Integrated NPN
  • Fig. 25 is a block diagram illustrating the main components of the UDM 75.
  • the apparatus includes a transceiver circuit 751 which is operable to transmit signals to and to receive signals from other nodes (including the AMF 70) via a network interface 752.
  • a controller 753 controls the operation of the UDM 75 in accordance with software stored in a memory 754.
  • Software may be pre-installed in the memory 754 and/or may be downloaded via the telecommunication network or from a removable data storage device (RMD), for example.
  • the software includes, among other things, an operating system 7541 and a communications control module 7542 having at least a transceiver control module 75421.
  • the communications control module 7542 (using its transceiver control module 75421 is responsible for handling (generating/sending/receiving) signalling between the UDM 75 and other nodes, such as the AMF 70 and other core network nodes (including core network nodes in the VPLMN of the UE 3 (e.g., the Network Relay UE 300 and the UE 3) when the UE 3 is roaming-out.
  • signalling may include, for example, appropriately formatted signalling messages (e.g. a HTTP restful methods based on the service based interfaces) relating to mobility management procedures (for the UE 3).
  • the UDM 75 may support the Non-Public Network (NPN),
  • NPN may be a Stand-alone Non-Public Network (SNPN) or a Public Network Integrated NPN (PNI-NPN).
  • SNPN Stand-alone Non-Public Network
  • PNI-NPN Public Network Integrated NPN
  • FIG. 26 is a block diagram illustrating the main components of the AUSF 76.
  • the apparatus includes a transceiver circuit 761 which is operable to transmit signals to and to receive signals from other nodes (including the AMF 70) via a network interface 762.
  • a controller 763 controls the operation of the AUSF 76 in accordance with software stored in a memory 764.
  • Software may be pre-installed in the memory 764 and/or may be downloaded via the telecommunication network or from a removable data storage device (RMD), for example.
  • the software includes, among other things, an operating system 7641 and a communications control module 7642 having at least a transceiver control module 76421.
  • the communications control module 7642 (using its transceiver control module 76421 is responsible for handling (generating/sending/receiving) signalling between the AUSF 76 and other nodes, such as the AMF 70 and other core network nodes (including core network nodes in the VPLMN of the UE 3 when the UE 3 is roaming-out.
  • signalling may include, for example, appropriately formatted signalling messages (e.g. a HTTP restful methods based on the service based interfaces) relating to mobility management procedures (for the UE 3).
  • the AUSF 76 may support the Non-Public Network (NPN),
  • NPN may be a Stand-alone Non-Public Network (SNPN) or a Public Network Integrated NPN (PNI-NPN).
  • SNPN Stand-alone Non-Public Network
  • PNI-NPN Public Network Integrated NPN
  • Fig. 27 is a block diagram illustrating the main components of the AAnF 77.
  • the apparatus includes a transceiver circuit 771 which is operable to transmit signals to and to receive signals from other nodes (including the AMF 70) via a network interface 772.
  • a controller 773 controls the operation of the AAnF 77 in accordance with the software stored in a memory 774.
  • the Software may be pre-installed in the memory 774 and/or may be downloaded via the telecommunication network or from a removable data storage device (e.g. a removable memory device (RMD)), for example.
  • a removable data storage device e.g. a removable memory device (RMD)
  • the software includes, among other things, an operating system 7741 and a communications control module 7742 having at least a transceiver control module 77421.
  • the communications control module 7742 (using its transceiver control module 77421 is responsible for handling (generating/sending/receiving) signalling between the AAnF 77 and other nodes, such as the AMF 70 and other core network nodes (including core network nodes in the HPLMN of the UE 3 when the UE 3 is roaming-in.
  • signalling may include, for example, appropriately formatted signalling messages (e.g. a HTTP restful methods based on the service based interfaces) relating to network data analytics function procedures (for the UE 3).
  • the AAnF 77 may support the Non-Public Network (NPN),
  • NPN may be a Stand-alone Non-Public Network (SNPN) or a Public Network Integrated NPN (PNI-NPN).
  • SNPN Stand-alone Non-Public Network
  • PNI-NPN Public Network Integrated NPN
  • AAnF 7702, the AAnF 7703 and the AAnF 7704 may have same components to the AAnF 77.
  • Fig. 28 is a block diagram illustrating the main components of the NRF 78.
  • the apparatus includes a transceiver circuit 781 which is operable to transmit signals to and to receive signals from other nodes (including the AMF 70) via a network interface 782.
  • a controller 783 controls the operation of the NRF 78 in accordance with the software stored in a memory 784.
  • the Software may be pre-installed in the memory 784 and/or may be downloaded via the telecommunication network or from a removable data storage device (e.g. a removable memory device (RMD)), for example.
  • the software includes, among other things, an operating system 7841 and a communications control module 7842 having at least a transceiver control module 78421.
  • the communications control module 7842 (using its transceiver control module 78421 is responsible for handling (generating/sending/receiving) signalling between the NRF 78 and other nodes, such as the AMF 70 and other core network nodes (including core network nodes in the HPLMN of the UE 3 when the UE 3 is roaming-in.
  • signalling may include, for example, appropriately formatted signalling messages (e.g. a HTTP restful methods based on the service based interfaces) relating to network data analytics function procedures (for the UE 3).
  • Fig. 29 is a block diagram illustrating the main components of the NEF 79.
  • the apparatus includes a transceiver circuit 791 which is operable to transmit signals to and to receive signals from other nodes (including the AMF 70) via a network interface 792.
  • a controller 793 controls the operation of the NEF 79 in accordance with the software stored in a memory 794.
  • the Software may be pre-installed in the memory 794 and/or may be downloaded via the telecommunication network or from a removable data storage device (e.g. a removable memory device (RMD)), for example.
  • the software includes, among other things, an operating system 7941 and a communications control module 7942 having at least a transceiver control module 79421.
  • the communications control module 7942 (using its transceiver control module 79421 is responsible for handling (generating/sending/receiving) signalling between the NEF 79 and other nodes, such as the AMF 70 and other core network nodes (including core network nodes in the HPLMN of the UE 3 when the UE 3 is roaming-in.
  • signalling may include, for example, appropriately formatted signalling messages (e.g. a HTTP restful methods based on the service based interfaces) relating to network data analytics function procedures (for the UE 3).
  • the NEF 79 may support the Non-Public Network (NPN),
  • NPN may be a Stand-alone Non-Public Network (SNPN) or a Public Network Integrated NPN (PNI-NPN).
  • SNPN Stand-alone Non-Public Network
  • PNI-NPN Public Network Integrated NPN
  • FIG. 30 is a block diagram illustrating the main components of the UDR 7A.
  • the apparatus includes a transceiver circuit 7A1 which is operable to transmit signals to and to receive signals from other nodes (including the AMF 70) via a network interface 7A2.
  • a controller 7A3 controls the operation of the UDR 7A in accordance with the software stored in a memory 7A4.
  • the Software may be pre-installed in the memory 7A4 and/or may be downloaded via the telecommunication network or from a removable data storage device (e.g. a removable memory device (RMD)), for example.
  • the software includes, among other things, an operating system 7A41 and a communications control module 7A42 having at least a transceiver control module 7A421.
  • the communications control module 7A42 (using its transceiver control module 7A421 is responsible for handling (generating/sending/receiving) signalling between the UDR 7A and other nodes, such as the AMF 70 and other core network nodes (including core network nodes in the HPLMN of the UE 3 when the UE 3 is roaming-in.
  • signalling may include, for example, appropriately formatted signalling messages (e.g. a HTTP restful methods based on the service based interfaces) relating to network data analytics function procedures (for the UE 3).
  • the UDR 7A may support the Non-Public Network (NPN),
  • NPN may be a Stand-alone Non-Public Network (SNPN) or a Public Network Integrated NPN (PNI-NPN).
  • SNPN Stand-alone Non-Public Network
  • PNI-NPN Public Network Integrated NPN
  • FIG. 31 is a block diagram illustrating the main components of the BSF 7B.
  • the apparatus includes a transceiver circuit 7B1 which is operable to transmit signals to and to receive signals from other nodes (including the AMF 70) via a network interface 7B2.
  • a controller 7B3 controls the operation of the BSF 7B in accordance with the software stored in a memory 7B4.
  • the Software may be pre-installed in the memory 7B4 and/or may be downloaded via the telecommunication network or from a removable data storage device (e.g. a removable memory device (RMD)), for example.
  • the software includes, among other things, an operating system 7B41 and a communications control module 7B42 having at least a transceiver control module 7B421.
  • the communications control module 7B42 (using its transceiver control module 7B421 is responsible for handling (generating/sending/receiving) signalling between the BSF 7B and other nodes, such as the AMF 70 and other core network nodes (including core network nodes in the HPLMN of the UE 3 when the UE 3 is roaming-in.
  • signalling may include, for example, appropriately formatted signalling messages (e.g. a HTTP restful methods based on the service based interfaces) relating to network data analytics function procedures (for the UE 3).
  • the BSF 7B may support the Non-Public Network (NPN),
  • NPN may be a Stand-alone Non-Public Network (SNPN) or a Public Network Integrated NPN (PNI-NPN).
  • SNPN Stand-alone Non-Public Network
  • PNI-NPN Public Network Integrated NPN
  • Fig. 32 is a block diagram illustrating the main components of the AF 201.
  • the apparatus includes a transceiver circuit 2011 which is operable to transmit signals to and to receive signals from other nodes (including the UE 3 (e.g., the Network Relay UE 300 and the UE 3)) via a network interface 2012.
  • a controller 2013 controls the operation of the AF 201 in accordance with software stored in a memory 2014.
  • Software may be pre-installed in the memory 2014 and/or may be downloaded via the telecommunication network or from a removable data storage device (e.g. a removable memory device (RMD)), for example.
  • a removable data storage device e.g. a removable memory device (RMD)
  • the software includes, among other things, an operating system 20141 and a communications control module 20142 having at least a transceiver control module 201421.
  • the communications control module 20142 (using its transceiver control module 201421 is responsible for handling (generating/sending/receiving) signalling between the AF 201 and other nodes, such as the UE 3 and other core network nodes (including core network nodes in the HPLMN of the UE 3 when the UE 3 is roaming-in.
  • signalling may include, for example, appropriately formatted signalling messages (e.g. a HTTP restful methods based on the service based interfaces) relating to policy management procedures (for the UE 3).
  • the AF 201 may support the Non-Public Network (NPN),
  • NPN may be a Stand-alone Non-Public Network (SNPN) or a Public Network Integrated NPN (PNI-NPN).
  • SNPN Stand-alone Non-Public Network
  • PNI-NPN Public Network Integrated NPN
  • the software includes, among other things, an operating system 20241 and a communications control module 20242 having at least a transceiver control module 202421.
  • the communications control module 20242 (using its transceiver control module 202421 is responsible for handling (generating/sending/receiving) signalling between the AP 202 and other nodes, such as the UE 3 and other core network nodes (including core network nodes in the HPLMN of the UE 3 when the UE 3 is roaming-in.
  • signalling may include, for example, appropriately formatted signalling messages (e.g. a HTTP restful methods based on the service based interfaces) relating to policy management procedures (for the UE 3).
  • the AP 202 may support the Non-Public Network (NPN),
  • NPN may be a Stand-alone Non-Public Network (SNPN) or a Public Network Integrated NPN (PNI-NPN).
  • SNPN Stand-alone Non-Public Network
  • PNI-NPN Public Network Integrated NPN
  • Fig. 34 is a block diagram illustrating the main components of the NAF 203.
  • the apparatus includes a transceiver circuit 2031 which is operable to transmit signals to and to receive signals from other nodes (including the UE 3 (e.g., the Network Relay UE 300 and the UE 3)) via a network interface 2032.
  • a controller 2033 controls the operation of the NAF 203 in accordance with software stored in a memory 2034.
  • Software may be pre-installed in the memory 2034 and/or may be downloaded via the telecommunication network or from a removable data storage device (e.g. a removable memory device (RMD)), for example.
  • a removable data storage device e.g. a removable memory device (RMD)
  • the NAF 203 may support the Non-Public Network (NPN),
  • NPN may be a Stand-alone Non-Public Network (SNPN) or a Public Network Integrated NPN (PNI-NPN).
  • SNPN Stand-alone Non-Public Network
  • PNI-NPN Public Network Integrated NPN
  • the UE 3 and the network apparatus are described for ease of understanding as having a number of discrete modules (such as the communication control modules). Whilst these modules may be provided in this way for certain applications, for example where an existing system has been modified to implement the disclosure, in other applications, for example in systems designed with the inventive features in mind from the outset, these modules may be built into the overall operating system or code and so these modules may not be discernible as discrete entities. These modules may also be implemented in software, hardware, firmware or a mix of these.
  • Each controller may comprise any suitable form of processing circuitry including (but not limited to), for example: one or more hardware implemented computer processors; microprocessors; central processing units (CPUs); arithmetic logic units (ALUs); input/output (IO) circuits; internal memories / caches (program and/or data); processing registers; communication buses (e.g. control, data and/or address buses); direct memory access (DMA) functions, hardware or software implemented counters, pointers and/or timers; and/or the like.
  • processors e.g. one or more hardware implemented computer processors; microprocessors; central processing units (CPUs); arithmetic logic units (ALUs); input/output (IO) circuits; internal memories / caches (program and/or data); processing registers; communication buses (e.g. control, data and/or address buses); direct memory access (DMA) functions, hardware or software implemented counters, pointers and/or timers; and/or the like.
  • CPUs central processing
  • the software modules may be provided in compiled or un-compiled form and may be supplied to the UE 3 and the network apparatus as a signal over a computer network, or on a recording medium. Further, the functionality performed by part or all of this software may be performed using one or more dedicated hardware circuits. However, the use of software modules is preferred as it facilitates the updating of the UE 3 and the network apparatus in order to update their functionalities.
  • radio access radio access
  • any other radio communications technology e.g. WLAN, Wi-Fi, WiMAX, Bluetooth, etc.
  • other fix line communications technology e.g. BBF Access, Cable Access, optical access, etc.
  • Items of user equipment might include, for example, communication devices such as mobile telephones, smartphones, user equipment, personal digital assistants, laptop/tablet computers, web browsers, e-book readers and/or the like.
  • Such mobile (or even generally stationary) devices are typically operated by a user, although it is also possible to connect so-called 'Internet of Things' (IoT) devices and similar machine-type communication (MTC) devices to the network.
  • IoT Internet of Things
  • MTC machine-type communication
  • the present application refers to mobile devices (or UEs) in the description but it will be appreciated that the technology described can be implemented on any communication devices (mobile and/or generally stationary) that can connect to a communications network for sending/receiving data, regardless of whether such communication devices are controlled by human input or software instructions stored in memory.
  • the present disclosure may be embodied as a method, and system. Accordingly, the present disclosure may take the form of an entirely hardware embodiment, a software embodiment or an embodiment combining software and hardware aspects.
  • each block of the block diagrams can be implemented by computer program instructions.
  • These computer program instructions may be provided to a processor of a general-purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks.
  • a general-purpose processor may be a microprocessor, but in the alternative, the processor may be any conventional processor, controller, microcontroller, or state machine.
  • a processor may also be implemented as a combination of computing devices, e.g., a plurality of microprocessors, one or more microprocessors, or any other such configuration.
  • a software module may reside in RAM memory, flash memory, ROM memory, EPROM memory, EEPROM memory, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
  • a storage medium may be coupled to the processor such that the processor can read information from, and write information to, the storage medium. In the alternative, the storage medium may be integral to the processor.
  • the processor and the storage medium may reside in an ASIC.
  • a first CN device comprises an Access and Mobility Management Function.
  • the first request message further comprises information related to user identity.
  • 5G-GUTI 5G Globally Unique Temporary Identifier
  • UE user equipment
  • SUPI Subscription Permanent Identifier
  • AKMA Authentication and Key Management for Applications
  • the method according to supplementary note 5, wherein the sending the first response message comprises: based on a determination that an AKMA function related to the first SUPI is set, the first response message comprises the first AKMA for the first SUPI.
  • the sending the first response message comprises: based on a determination that an AKMA function related to the second SUPI is set, the first response message comprises the second AKMA for the second SUPI.
  • the first request message further comprises information related to user identity.
  • the first response message further comprises information related to 5G Globally Unique Temporary Identifier (5G-GUTI).
  • 5G-GUTI 5G Globally Unique Temporary Identifier
  • a user equipment comprising: one or more memories storing instructions; and one or more processors configured to process the instructions to control the UE to: have a first Subscription Permanent Identifier (SUPI) and a second SUPI; send, to a first core network (CN) device, a first request message comprising first information related to multiple Authentication and Key Management for Applications (AKMA); and receive, from the first CN device, a first response message comprising a first AKMA for the first SUPI and/or a second AKMA for the second SUPI.
  • SUPI Subscription Permanent Identifier
  • AKMA Authentication and Key Management for Applications
  • the UE according to supplementary note 10 wherein the first request message further comprises information related to user identity.
  • the first response message further comprises information related to 5G Globally Unique Temporary Identifier (5G-GUTI).
  • 5G-GUTI 5G Globally Unique Temporary Identifier
  • a first core network (CN) device comprising: one or more memories storing instructions; and one or more processors configured to process the instructions to control the first CN to: receive, from a user equipment (UE) having a first Subscription Permanent Identifier (SUPI) and a second SUPI, a first request message comprising first information related to multiple Authentication and Key Management for Applications (AKMA); send, to the UE, a first response message comprising a first AKMA for the first SUPI and/or a second AKMA for the second SUPI.
  • UE user equipment
  • SUPI Subscription Permanent Identifier
  • AKMA Authentication and Key Management for Applications
  • the first CN according to supplementary note 14, wherein based on a determination that an AKMA function related to the first SUPI is set, the first response message comprises the first AKMA for the first SUPI.
  • the first CN according to supplementary note 14 wherein based on a determination that an AKMA function related to the second SUPI is set, the first response message comprises the second AKMA for the second SUPI.
  • the first request message further comprises information related to user identity.
  • the first response message further comprises information related to 5G Globally Unique Temporary Identifier (5G-GUTI).
  • 5G-GUTI 5G Globally Unique Temporary Identifier

Landscapes

  • Mobile Radio Communication Systems (AREA)

Abstract

An aspect of this disclosure includes a method performed by a user equipment (UE). The method includes having a first Subscription Permanent Identifier (SUPI) and a second SUPI; sending, to a first core network (CN) device, a first request message comprising first information related to multiple Authentication and Key Management for Applications (AKMA); and receiving, from the first CN device, a first response message comprising a first AKMA for the first SUPI and/or a second AKMA for the second SUPI.

Description

METHOD PERFORMED BY USER EQUIPMENT, METHOD PERFORMED BY FIRST CORE NETWORK DEVICE, USER EQUIPMENT, AND FIRST CORE NETWORK DEVICE
The present disclosure relates to a method of a User Equipment (UE), a method of a core network communication apparatus etc.
According to the 3GPP 22.261 [2], the Dual Steer device shall be able to handle user data (for different services) across two 3GPP accesses.
The following requirements are captured for the Dual Steer device in 3GPP 22.261 [2]:
-  a subscriber with two subscriptions/SUPIs, sharing one subscription profile from the same operator;
-  for simultaneous transmission over two networks, a Dual Steer device is assumed to include two separate UEs.
On the other hand, 3GPP defines the Authentication and Key Management for Applications (AKMA) based on 3GPP credentials in the 5G System (5GS) in 3GPP TS 33.535 [3].
According to 3GPP TS 33.535 [3], the AKMA shall use the UE subscription and the credentials used for 5G access.
If the Dual Steer device uses the AKMA function for providing a security to applications, it is unclear which subscription/SUPI to be used for AKMA function, as there might be two subscriptions/SUPIs associated to the Dual Steer device.
In case where the Dual Steer device uses a security key to an application derived from a SUPI while the application server in an external network uses a security key derived from another SUPI, then the security function in the application does not work as security keys are different between the application client in the Dual Steer device and the application server. This security key mismatch leads to out of service to the end users for all applications in the application server.
This out of service, due to undefined 3GPP standard for the AKMA key handling by the Dual Steer device, can be seen as a serious social problem since the mobile data communication is considered an essential social infrastructure nowadays.
    3GPP should define an overall architecture that makes a cross feature functioning possible between the Dual Steer function and AKMA function together.
Accordingly, the present disclosure provide a method performed by a user equipment (UE), a method performed by a first core network (CN) device, a user equipment (UE), and a first core network (CN) device.
In one aspect, the disclosure provides a method performed by a user equipment (UE), the method comprising:
  having a first Subscription Permanent Identifier (SUPI) and a second SUPI;
  sending, to a first core network (CN) device, a first request message comprising first information related to multiple Authentication and Key Management for Applications (AKMA); and
  receiving, from the first CN device, a first response message comprising a first AKMA for the first SUPI and/or a second AKMA for the second SUPI.
In one aspect, the disclosure provides a method performed by a first core network (CN) device, the method comprising:
  receiving, from a user equipment (UE) having a first Subscription Permanent Identifier (SUPI) and a second SUPI, a first request message comprising first information related to multiple Authentication and Key Management for Applications (AKMA);
  sending, to the UE, a first response message comprising a first AKMA for the first SUPI and/or a second AKMA for the second SUPI.
In one aspect, the disclosure provides a user equipment (UE) comprising:
  one or more memories storing instructions; and
one or more processors configured to process the instructions to control the UE to:
  have a first Subscription Permanent Identifier (SUPI) and a second SUPI;
  send, to a first core network (CN) device, a first request message comprising first information related to multiple Authentication and Key Management for Applications (AKMA); and
  receive, from the first CN device, a first response message comprising a first AKMA for the first SUPI and/or a second AKMA for the second SUPI.
In one aspect, the disclosure provides a first core network (CN) device comprising:
  one or more memories storing instructions; and
one or more processors configured to process the instructions to control the first CN to:
  receive, from a user equipment (UE) having a first Subscription Permanent Identifier (SUPI) and a second SUPI, a first request message comprising first information related to multiple Authentication and Key Management for Applications (AKMA);
  send, to the UE, a first response message comprising a first AKMA for the first SUPI and/or a second AKMA for the second SUPI.
According to the present disclosure, a method performed by a user equipment (UE), a method performed by a first core network (CN) device, a user equipment (UE), and a first core network (CN) device are provided.
The foregoing and further objects, features and advantages of the present subject matter will become apparent from the following description of exemplary embodiments with reference to the accompanying drawings, wherein like numerals are used to represent like elements.
It is to be noted, however, that the appended drawings along with the reference numerals illustrate only typical embodiments of the present subject matter, and are therefore, not to be considered for limiting of its scope, for the subject matter may admit to other equally effective embodiments.
Fig. 1 is a Signaling diagram of a First example of the First Aspect. Fig. 2 is a Signaling diagram of a Variant 1 of the Signaling diagram of the First example of the First Aspect. Fig. 3 is a Signaling diagram of a Variant 2 of the Signaling diagram of the First example of the First Aspect. Fig. 4 is a Signaling diagram of a Second example of the First Aspect. Fig. 5 is a Signaling diagram of a Third example of the First Aspect. Fig. 6 is a Signaling diagram of a Fourth example of the First Aspect. Fig. 7 is a Signaling diagram of a Fifth example of the First Aspect. Fig. 8 is a Signaling diagram of a Fifth example of the First Aspect. Fig. 9 is an Architecture supporting AKMA applicability information management of a First example of a Second Aspect. Fig. 10 is a data model of AKMA applicability information in Traffic descriptor in a First example of a Second Aspect. Fig. 11 is a data model of AKMA applicability information in route Selectin Descriptor in a First example of a Second Aspect. Fig. 12 is a Signaling diagram of a Second example of the Second Aspect. Fig. 13 is a diagram illustrating a system overview. Fig. 14 is a block diagram illustrating a UE. Fig. 15 is a block diagram illustrating an (R)AN node. Fig. 16 is a diagram illustrating System overview of (R)AN node based on O-RAN architecture. Fig. 17 is a block diagram illustrating an RU. Fig. 18 is a block diagram illustrating a DU. Fig. 19 is a block diagram illustrating a CU. Fig. 20 is a block diagram illustrating an AMF. Fig. 21 is a block diagram illustrating an SMF. Fig. 22 is a block diagram illustrating a UPF. Fig. 23 is a block diagram illustrating a PCF. Fig. 24 is a block diagram illustrating an NWDAF. Fig. 25 is a block diagram illustrating a UDM. Fig. 26 is a block diagram illustrating an AUSF. Fig. 27 is a block diagram illustrating an AAnF. Fig. 28 is a block diagram illustrating an NRF. Fig. 29 is a block diagram illustrating an NEF. Fig. 30 is a block diagram illustrating an UDR. Fig. 31 is a block diagram illustrating an BSF. Fig. 32 is a block diagram illustrating an AF. Fig. 33 is a block diagram illustrating an AP. Fig. 34 is a block diagram illustrating an NAF.
Description of Example Embodiments
< Abbreviations >
For the purposes of the present document, the abbreviations given in 3GPP TR 21.905 [1] and the following apply. An abbreviation defined in the present document takes precedence over the definition of the same abbreviation, if any, in 3GPP TR 21.905 [1].
4G-GUTI  4G Globally Unique Temporary UE Identity
5GC  5G Core Network
5GLAN  5G Local Area Network
5G HE AV  5G Home Environment Authentication Vector
5G SE AV  5G Serving Environment Authentication Vector
5GS  5G System
5G-AN  5G Access Network
5G-AN PDB  5G Access Network Packet Delay Budget
5G-EIR  5G-Equipment Identity Register
5G-GUTI  5G Globally Unique Temporary Identifier
5G-BRG  5G Broadband Residential Gateway
5G-CRG  5G Cable Residential Gateway
5G GM  5G Grand Master
5G-RG  5G Residential Gateway
5G-S-TMSI  5G S-Temporary Mobile Subscription Identifier
5G VN  5G Virtual Network
5QI  5G QoS Identifier
AAnF  AKMA Anchor Function
ABBA  Anti-Bidding down Between Architectures
AF  Application Function
A-KID  AKMA Key Identifier
AKMA  Authentication and Key Management for Applications
AMF  Access and Mobility Management Function
AMF-G  Geographically selected Access and Mobility Management Function
AMF-NG  Non-Geographically selected Access and Mobility Management Function
ANDSF  Access Network Discovery and Selection Function
AP  Authentication Proxy
AR  Augmented Reality
ARFCN  Absolute radio-frequency channel number
AS  Access Stratum
ASN  Abstract Syntax Notation
A-TID  AKMA Temporary UE Identifier
ATSSS  Access Traffic Steering, Switching, Splitting
ATSSS-LL  ATSSS Low-Layer
AuC  Authentication Centre
AUSF  Authentication Server Function
AUTN  Authentication token
BCCH  Broadcast Control Channel
BMCA  Best Master Clock Algorithm
BSF  Binding Support Function
BSF  Bootstrapping Server Function
B-TID  Bootstrapping Transaction Identifier
CAG  Closed Access Group
CAPIF  Common API Framework for 3GPP northbound APIs
CDR  Charging Data Record
CHF  Charging Function
CN PDB  Core Network Packet Delay Budget
CP  Control Plane
CSG  Closed Subscriber Group
DAPS  Dual Active Protocol Stacks
DL  Downlink
DN  Data Network
DNAI  DN Access Identifier
DNN  Data Network Name
DRX  Discontinuous Reception
DSATSSS  Dual Steer Access Traffic Steering, Switching, Splitting
DSATSSS-LL  Dual Steer Access Traffic Steering, Switching, Splitting- Low-Layer
DSMA  Dual Steer Multi Access
DS-TT  Device-side TSN translator
ePDG  evolved Packet Data Gateway
EBI  EPS Bearer Identity
ECGI  E-UTRAN Cell Global Identifier
EPS  Evolved Packet System
EUI  Extended Unique Identifier
FAR  Forwarding Action Rule
FN-BRG  Fixed Network Broadband RG
FN-CRG  Fixed Network Cable RG
FN-RG  Fixed Network RG
FQDN  Fully Qualified Domain Name
GBA  Generic Bootstrapping Architecture
GCI  Global Cable Identifier
GEO  Geostationary Earth Orbit
GFBR  Guaranteed Flow Bit Rate
GMLC  Gateway Mobile Location Centre
G-PDU  GTP encapsulated user Plane Data Unit
GPS  Global Positioning System
GPSI  Generic Public Subscription Identifier
GSO  Geosynchronous Orbit
GUAMI  Globally Unique AMF Identifier
GUTI  Globally Unique Temporary UE Identity
HPLMN  Home Public Land Mobile Network
HR  Home Routed (roaming)
HSS  Home Subscriber Server
IAB  Integrated access and backhaul
IEC  International Electrotechnical Commission
IMEI/TAC  IMEI Type Allocation Code
IMSI  International Mobile Subscriber Identity
IPsec  Internet Protocol Security
IPUPS  Inter PLMN UP Security
I-SMF  Intermediate SMF
ISO  International Organization for Standardization
I-UPF  Intermediate UPF
KAF  AKMA Application Key
KAKMA  AKMA Anchor Key
LADN  Local Area Data Network
LBO  Local Break Out (roaming)
LCS  Location Service
LEO  Low Earth Orbit
LMF  Location Management Function
LoA  Level of Automation
LPP  LTE Positioning Protocol
LRF  Location Retrieval Function
MA  Multi Access
MCC  Mobile country code
MCX  Mission Critical Service
MDBV  Maximum Data Burst Volume
ME  Mobile Equipment
MFBR  Maximum Flow Bit Rate
MICO  Mobile Initiated Connection Only
MINT  Minimization of service interruption
MITM  Man In the Middle
MME  Mobility Management Entity
MN  Master Node
MNC  Mobile Network Code
MNO  Mobile Network Operator
MOCN  Multiple Operator Core Network
MPS  Multimedia Priority Service
MPTCP  Multi-Path TCP Protocol
MR  Mixed Reality
MT  Mobile Termination, Mobile Terminating, Mobile terminated
N3IWF  Non-3GPP InterWorking Function
N3GPP  Non-3GPP access
N5CW  Non-5G-Capable over WLAN
NAF  Network Application Function
NAI  Network Access Identifier
NAS  Non-Access-Stratum
NCGI  NR Cell Global Identity
NCI  NR Cell Identity
NEF  Network Exposure Function
NF  Network Function
NGAP  Next Generation Application Protocol
NGSO  Non-Geosynchronous Orbit
NID  Network identifier
NMEA  National Marine Electronics Association
NPN  Non-Public Network
NR  New Radio
NSAG  Network Slice Access Stratum Group
NRF  Network Repository Function
NSAC  Network Slice Admission Control
NSACF  Network Slice Admission Control Function
NSI ID  Network Slice Instance Identifier
NSSAA  Network Slice-Specific Authentication and Authorization
NSSAAF  Network Slice-Specific Authentication and Authorization Function
NSSAI  Network Slice Selection Assistance Information
NSSF  Network Slice Selection Function
NSSP  Network Slice Selection Policy
NSSRG  Network Slice Simultaneous Registration Group
NW-TT  Network-side TSN translator
NWDAF  Network Data Analytics Function
PCF  Policy Control Function
PCO  Protocol Configuration Options
PCRF  Policy and Charging Rules Function
PDB  Packet Delay Budget
PDR  Packet Detection Rule
PDU  Protocol Data Unit
PEI  Permanent Equipment Identifier
PER  Packet Error Rate
PFD  Packet Flow Description
PLMN  Public Land Mobile Network
PNI-NPN  Public Network Integrated Non-Public Network
PPD  Paging Policy Differentiation
PPF  Paging Proceed Flag
PPI  Paging Policy Indicator
ProSe  Proximity based Services
PSA  PDU Session Anchor
PTP  Precision Time Protocol
QFI  QoS Flow Identifier
QoE  Quality of Experience
RACS  Radio Capabilities Signalling optimisation
(R)AN  (Radio) Access Network
RAT  Radio Access Technology
RFID  Radio Frequency Identification
RG  Residential Gateway
RID  Routing Indicator
RIM  Remote Interference Management
RQA  Reflective QoS Attribute
RQI  Reflective QoS Indication
RRC  Radio Resource Control
RSC  Relay Service Code
RSD  Route Selection Descriptor
RSN  Redundancy Sequence Number
RSRP  Reference Signal Received Power
RSRQ  Reference Signal Received Quality
RTT  Round-Trip Time
RVAS  Roaming Value Added Service
SA NR  Standalone New Radio
SBA  Service Based Architecture
SBI  Service Based Interface
SCP  Service Communication Proxy
SD  Slice Differentiator
SEAF  Security Anchor Functionality
SENSE  Signal Level Enhanced Network Selection
SEPP  Security Edge Protection Proxy
SGW  Serving Gateway
SIB  System Information Block
SINR  Signal to Interference plus Noise Ratio
SLA  Service Level Agreement
SMF  Session Management Function
SMS  Short Message Service
SMSF  Short Message Service Function
SN  Sequence Number
SN  Secondary Node
SN name  Serving Network Name.
SNPN  Stand-alone Non-Public Network
S-NSSAI  Single Network Slice Selection Assistance Information
SOR  Steering of Roaming
SSC  Session and Service Continuity
SSCMSP  Session and Service Continuity Mode Selection Policy
SST  Slice/Service Type
SUCI  Subscription Concealed Identifier
SUPI  Subscription Permanent Identifier
SV  Software Version
TAI  Tracking Area Identity
TAU  Tracking Area Update
TEID  Tunnel Endpoint Identifier
TMGI  Temporary Mobile Group Identity
TMSI  Temporary Mobile Subscriber Identity
TNAN  Trusted Non-3GPP Access Network
TNAP  Trusted Non-3GPP Access Point
TNGF  Trusted Non-3GPP Gateway Function
TNL  Transport Network Layer
TNLA  Transport Network Layer Association
TSC  Time Sensitive Communication
TSCAI  TSC Assistance Information
TSN  Time Sensitive Networking
TSN GM  TSN Grand Master
TSP  Traffic Steering Policy
TT  TSN Translator
TWIF  Trusted WLAN Interworking Function
UCMF  UE radio Capability Management Function
UCU  UE Configuration Update
UDM  Unified Data Management
UDR  Unified Data Repository
UDSF  Unstructured Data Storage Function
UE  User Equipment
UL  Uplink
UL CL  Uplink Classifier
UPF  User Plane Function
UPSI  UE Policy Section Identifier
URLLC  Ultra Reliable Low Latency Communication
URRP-AMF  UE Reachability Request Parameter for AMF
URSP  UE Route Selection Policy
USIM  User Services Identity Module
VID  VLAN Identifier
VLAN  Virtual Local Area Network
VPLMN  Visited Public Land Mobile Network
VR  Virtual Reality
W-5GAN  Wireline 5G Access Network
W-5GBAN  Wireline BBF Access Network
W-5GCAN  Wireline 5G Cable Access Network
W-AGF  Wireline Access Gateway Function
WPT  Wireless Power Transfer
< Definitions >
For the purposes of the present document, the terms and definitions given in 3GPP TR 21.905 [1] and the following apply. A term defined in the present document takes precedence over the definition of the same term, if any, in 3GPP TR 21.905 [1].
[1] 3GPP TR 21.905: "Vocabulary for 3GPP Specifications". V17.1.0 (2021-12)
[2] 3GPP TS 22.261: "Service requirements for the 5G system Stage 1". V19.5.0 (2023-12)
[3] 3GPP TS 33.535: "Authentication and Key Management for Applications (AKMA) based on 3GPP credentials in the 5G System (5GS)". V18.3.0 (2024-03)
[4] 3GPP TS 23.501: "System architecture for the 5G System (5GS)". V18.5.0 (2024-03)
[5] 3GPP TS 23.502: "Procedures for the 5G System (5GS)". V18.5.0 (2024-03)
[6] 3GPP TS 23.503: "Policy and charging control framework for the 5G System (5GS) Stage 2". V18.5.0 (2024-03)
[7] 3GPP TS 33.501: "Security architecture and procedures for 5G system". V18.5.0 (2024-03)
[8] 3GPP TS 24.501: "Non-Access-Stratum (NAS) protocol for 5G System (5GS) Stage 3". V18.5.0 (2023-12)
[9] 3GPP TS 33.220: "Generic Authentication Architecture (GAA); Generic Bootstrapping Architecture (GBA)". V18.3.0 (2024-03)
< General >
Those skilled in the art will appreciate that elements in the Figs are illustrated for simplicity and may not have necessarily been drawn to scale. Furthermore, in terms of the construction of the device, one or more components of the device may have been represented in the Figs by conventional symbols, and the Figs may show only those specific details that are pertinent to understanding the Aspects of the present disclosure so as not to obscure the Figs with details that will be readily apparent to those skilled in the art having the benefit of the description herein. For the purpose of promoting an understanding of the principles of the disclosure, reference will now be made to the Aspect illustrated in the Figs and specific language will be used to describe them. It will nevertheless be understood that no limitation of the scope of the disclosure is thereby intended. Such alterations and further modifications in the illustrated system, and such further applications of the principles of the disclosure as would normally occur to those skilled in the art are to be construed as being within the scope of the present disclosure.
The terms "comprises", "comprising", or any other variations thereof, are intended to cover a non-exclusive inclusion, such that a process or method that comprises a list of steps does not include only those steps but may include other steps not expressly listed or inherent to such a process or method. Similarly, one or more devices or entities or sub-systems or elements or structures or components preceded by "comprises... a" does not, without more constraints, preclude the existence of other devices, sub-systems, elements, structures, components, additional devices, additional sub-systems, additional elements, additional structures or additional components. Appearances of the phrase "in an Aspect", "in another Aspect" and similar language throughout this specification may, but not necessarily do, all refer to the same Aspect.
Unless otherwise defined, all technical and scientific terms used herein have the same meaning as commonly understood by those skilled in the art to which this disclosure belongs. The system, methods, and examples provided herein are only illustrative and not intended to be limiting.
In the following specification and the claims, reference will be made to a number of terms, which may be defined to have the following meanings. The singular forms "a", "an", and "the" include plural references unless the context clearly dictates otherwise.
As used herein, information is associated with data and knowledge, as data is meaningful information and represents the values attributed to parameters. Further knowledge signifies understanding of an abstract or concrete concept. Note that this example system is simplified to facilitate description of the disclosed subject matter and is not intended to limit the scope of this disclosure. Other devices, systems, and configurations may be used to implement the Aspects disclosed herein in addition to, or instead of, a system, and all such Aspects are contemplated as within the scope of the present disclosure.
Each of Aspects and elements included in the each of Aspects described below may be implemented independently or in combination with any other. These Aspects include novel characteristics different from one another. Accordingly, these Aspects contribute to achieving objects or solving problems different from one another and contribute to obtaining advantages different from one another.
Any lists described in following aspects include at least one parameter or multiple parameters.
An example object of this disclosure is to provide a method and apparatus that can solve the above-mentioned problem.
In this disclosure, the term Dual Steer device can be interpreted as a UE or a set of UEs that structures one terminal (device).
The Dual Steer device may be associated with one SUPI, two SUPIs or more than two SUPIs.
The Dual Steer device may be expressed as UE, User Equipment, DualSteer device, Dual SIM UE, Multi SIM UE, Dual USIM UE, Multi USIM UE.
The KAUSF in this disclosure is equal to the KAUSF.
The KADMA in this disclosure is equal to the KADMA.
The KAF in this disclosure is equal to the KAF.
The Key As in this disclosure is equal to Key AS or the Key AS_NAF.
< First Aspect >
This aspect discloses an architecture and mechanisms to support the AKMA function for the Dual Steer devices with two or more USIMs.
Note that the AF 201 in all examples in the First Aspect may be replaced with the AP 202 in case where an Authentication Proxy (AP) is deployed in operator's network.
< First example of the First Aspect >
This example discloses an architecture to support the AKMA function for the Dual Steer devices with two or more USIMs by managing multiple AKMA keys in both Dual Steer device 3 and AF 201. As AF 201 has multiple AKMA keys, the AF 201 can adapt a right AKMA key to an Application Session Establishment Request from Dual Steer device 3 with any valid A-KID (AKMA Key Identifier).
Fig. 1 illustrates an example of Deriving AKMA key after primary authentication during the Registration procedure.
Although Fig. 1 discloses the Deriving AKMA key after primary authentication during the Registration procedure (starting with step 3 in Fig. 1), the Deriving AKMA key after primary authentication procedure, , can be triggered by any other event. For example, the primary authentication triggered by Session Establishment procedure, the home network triggered primary authentication procedure as defined in 3GPP TS 33.501 [7].
Note that AF 201 in this example may be replaced with the AP 202 in case where Authentication Proxy (AP) is deployed in operator network.
The detailed processes of the First example of the First Aspect are described below with reference to Fig. 1.
Step 0. UDM 7501 for SUPI 1 maintains at least the following subscriber data.
-  prime indication: The prime indication indicates either the SUPI is a prime SUPI or SUPI other than the prime SUPI. In one example, the other than the prime SUPI may be a secondary SUPI. The prime SUPI is a SUPI that might represent Dual Steer device 3 to RAN node 5, core network 7, Operation and Maintenance system and AF 201, AP 202 in data network 20.
-  Associated SUPI: The Associated SUPI indicates an associated SUPI that the Dual Steer device can be configured with.
Step 1. Dual Steer device 3 sends a Registration Request message to AMF 70 including at least one of User ID for SUPI 1, AKMA for dual steer supported indicator.
The following bullets explain each parameter in detail.
-  User ID: User ID (e.g., the User ID may be expressed as User Identity) may be a 5G-GUTI, SUCI or SUPI.
-  AKMA for dual steer supported indicator: The AKMA for dual steer supported indicator indicates that Dual Steer device 3 supports multiple AKMA keys that are associated with multiple USIMs/SUPIs. If Dual Steer device 3 supports AKMA for dual steer, Dual Steer device 3 can manage multiple AKMA keys and choose (or switch to) one AKMA key that is to be applied for an application-level security for a communication with the AF 201.
  In another example, the AKMA for dual steer supported indicator indicates that Dual Steer device 3 with the User ID supports the AKMA function regardless of Dual Steer function that Dual Steer device 3 supports. In other words, Dual Steer device 3 indicates the UE capability in general whether UE 3 support the AKMA function or not.
  In this example, the term: AKMA for dual steer supported indicator is employed, however it is not limited, any other notation for a parameter to indicate that Dual Steer device 3 supports multiple AKMA keys that are associated with multiple USIMs/SUPIs may be used, and/or
  any other notation for a parameter to indicate that Dual Steer device 3 with the User ID supports the AKMA function regardless of Dual Steer function that Dual Steer device 3 supports may be used.
Step 2. AMF 70 sends an Nausf_UEAuthentication_Authenticate Request message to the AUSF 7601 in HPLMN including at least one of User ID, and AKMA for dual steer supported indicator. Refer to step 1 in the First scenario in First example of the First Aspect for parameter details.
Step 3. Upon reception of the Nausf_UEAuthentication_Authenticate Request message from the AMF 70, the AUSF 7601 sends an Nudm_UEAuthentication_Get Request message to the UDM 7501 including at least one of User ID and AKMA for dual steer supported indicator. Refer to step 1 in the First scenario in First example of the First Aspect for parameter details.
Step 4. Upon reception of the Nudm_UEAuthentication_Get Request message from the AUSF 7601 in step 3, The UDM 7501   generates a 5G HE AV for SUPI 1 in Dual Steer device 3. The 5G HE AV is a Home Environment Authentication Vector for SUPI 1 in Dual Steer device 3.
Then, UDM 7501 sends an Nudm_UEAuthentication_Get Response message to AUSF 7601 including at least one of 5G HE AV, Associated SUPI, RID for associated SUPI and prime indication. The following bullets explain each parameter in detail.
-  5G HE AV: The 5G HE AV is a Home Environment Authentication Vector for the SUPI.
-  Associated SUPI: The Associated SUPI indicates an associated SUPI that the Dual Steer device can configure with. One example, the Associated SUPI is SUPI 2.
-  RID for associated SUPI: The RID for associated SUPI indicates a Routing Indicator for the associated SUPI. In this example, the RID for the associated SUPI is the Routing Indicator for SUPI 2.
-  prime indication: The prime indication indicates either the SUPI, indicated in the Registration Request message in Step 1, is a prime SUPI or other than the prime SUPI. One example, the other than the prime SUPI may be a secondary SUPI. The prime SUPI is a SUPI that might represent Dual Steer device 3 to the RAN node 5, core network 7, Operation and Maintenance system and AF 201, AP 202 in data network 20.
The prime indication may include a SUPI value. For example, the prime indication includes SUPI 1 to indicate that SUPI 1 is the prime SUPI among the other SUPIs.
In case that the Nudm_UEAuthentication_Get Request message from AUSF 7601 in Step 3 does not include the AKMA for dual steer supported indicator, UDM 7501 does not provide the Associated SUPI, RID for associated SUPI and prime indication to AUSF 7601 in Step 4.
Step 5. The Authentication procedure continues either from steps 3 to 11 in section 6.1.3.1 in 3GPP TS 33.501 [7] or from steps 3 to 12 in section 6.1.3.2.0 in 3GPP TS 33.501 [7].
Step 6. After successful Authentication procedure in Step 5, the AUSF 7601 generates an AKMA information for SUPI 1. The AKMA information include a KAKMA (AKMA Anchor Key), A-KID (AKMA Key Identifier).
Step 7. If AUSF 7601 received the Associated SUPI, set to SUPI 2, in the Step 4, AUSF 7601 finds AUSF 7602 as an AUSF for SUPI 2.
In case that the Nausf_UEAuthentication_Authenticate Request message from AMF 70 in Step 2 does not include the AKMA for dual steer supported indicator, AUSF 7601 does not perform Steps 7 to 9.
Step 8. AUSF 7601 sends the Nausf_Get_AKMA_info message to AUSF 7602 including at least SUPI. In this example,the SUPI includes SUPI 2.
Step 9. Upon reception of the Nausf_Get_AKMA_info message from the AUSF 7601, the AUSF 7602 generates an AKMA information for SUPI 2. The AKMA information include a KAKMA (AKMA Anchor Key) and A-KID (AKMA Key Identifier) for SUPI 2. In addition, AUSF 7601 finds an associated AAnF for SUPI 2.
AUSF 7602 sends the Nausf_Get_AKMA_info response message to AUSF 7601 including at least AKMA information, AAnF address for associated SUPI and UE AKMA related subscription information.
The following bullets explain each parameter in detail.
-  AKMA information: The AKMA information includes the KAKMA (AKMA Anchor Key) and A-KID (AKMA Key Identifier) for SUPI 2. Both the KAKMA and A-KID are generated from the KAUAF.
-  AAnF address for associated SUPI: The AAnF address for associated SUPI includes the AAnF address that is associated with the AUSF 7602 for SUPI 2.
-  UE AKMA related subscription information for SUPI: Example. list of NF_ID subscribed for SUPI 2.
In case, AUSF 7602 cannot generate the AKMA information for any reason, for example SUPI 2 is not registered, AUSF 7602 provides a cause information indicating a reason why the AKMA information cannot be generated. Possible cause information includes "UE not registered", "AKMA not supported", "AKMA for dual steer not supported", etc.
Step 10. Upon reception of the Nausf_Get_AKMA_info response message from AUSF 7602, AUSF 7601 sends the Naanf_AKMA_AnchorKey_Resister Request message to the AAnF1 including at least two sets of AKMA information, AUSF address for associated SUPI, AAnF address for associated SUPI and prime indication.
The following bullets explain each parameter in detail.
-  Two sets of AKMA information to include the AKMA information for SUPI 1 and the AKMA information for SUPI 2.
-  AUSF address for the associated SUPI: The AUSF address for associated SUPI includes the AUSF address that is associated with SUPI 2.
-  AAnF address for the associated SUPI: Refer to Step 9 in Fig. 1.
-  The prime indication indicates which SUPI is a prime SUPI, either SUPI 1 or SUPI 2.
Step 11. Upon reception of the Naanf_AKMA_AnchorKey_Resister Request message from AUSF 7601, AAnF 7701 stores two sets of AKMA information, one for SUPI 1 and the other one for SUPI 2, the AUSF address for SUPI 2, the AAnF address for SUPI 2 and prime indication.
AAnF 7701 sends the Naanf_AKMA_AnchorKey_Resister Response message to the AUSF 7601.
Step 12. The Registration procedure continues from steps 10 to 19c in section 4.2.2.2.2 in 3GPP TS 23.502 [5].
Step 13. The AMF 70 sends the Registration Accept message to Dual Steer device 3 including at least 5G-GUTI and AKMA for dual steer registered. The following bullets explain each parameter in detail.
-  5G-GUTI: The 5G-GUTI is a temporary identifier for SUPI 1 assigned by AMF 70.
-  AKMA for dual steer registered: The AKMA for dual steer registered indicates that the AKMA keys for Dual Steer device 3 have been successfully configured and the AKMA function is ready to be used in core network 7. Optionally, the AKMA for dual steer registered may indicate that either a single AKMA key for SUPI 1 is successfully configured or that two sets of AKMA keys for both SUP1 and SUPI 2 are successfully configured in the core network 7.
In another example, the AKMA for dual steer registered indicates that Dual Steer device 3 with the User ID has been successfully configured with the AKMA function ready for use in core network 7, i.e.. Dual Steer device 3, with single USIM, has been successfully configured with the AKMA function ready for use in core network 7.
In this example, the term : AKMA for dual steer registered is employed, however it is not limited, any other notation for a parameter to indicate that the AKMA keys for Dual Steer device 3 has been successfully configured the AKMA function ready to use in the core network 7 may be used, and/or any other notation for a parameter to indicate that either a single AKMA keys for SUPI 1 is successfully configured or two sets of AKMA keys for both SUP1 and SUPI 2 are successfully configured in the core network 7 may be used, and/or
any other notation for a parameter to indicate that Dual Steer device 3 with the User ID has been successfully configured the AKMA function ready to use in core network 7, i.e.. Dual Steer device 3 , with single USIM, has been successfully configured the AKMA function ready to use in the core network 7 may be used.
After Step 13, dual Steer device 3 and core network 7 have two sets of AKMA keys synchronized and ready to use the either key when Dual Steer device 3 establishes an application session with AF 201 that supports AKMA.
Fig. 4 discloses an example of AKMA key handling when the application session is established for Dual Steer device 3.
< Variant 1 of First example of the First Aspect >
While Fig. 1 discloses the mechanism that the AUSF fetches the AKMA information for an associated SUPI by contacting an AUSF for the associated SUPI, the UDM may also fetch the AKMA information for an associated SUPI and forward them to the AUSF.
Fig. 2 illustrates an example of a Deriving AKMA key after primary authentication during the Registration procedure.
The detailed processes of Variant 1 of the First example of the First Aspect are described below with reference to Fig. 2.
Step 1. Steps 0 to 3 in Fig. 1 are executed.
Step 2. Upon reception of the Nudm_UEAuthentication_Get Request message from AUSF 7601 in step 3 in Fig. 1, UDM 7501 generates a 5G HE AV for SUPI 1 in Dual Steer device 3. The 5G HE AV is a Home Environment Authentication Vector for SUPI 1 in Dual Steer device 3.
If UDM 7501 has an Associated SUPI (SUPI 2) and the Nudm_UEAuthentication_Get Request message from AUSF 7601 in step 3 of Fig. 1 including the AKMA for dual steer supported indicator, UDM 7501 finds AUSF 7602 as an AUSF for SUPI 2 and following steps take place.
Step 3. UDM 7501 sends the Nausf_Get_AKMA_info message to AUSF 7602 including at least SUPI. The SUPI includes SUPI 2.
Step 4. Upon reception of the Nausf_Get_AKMA_info message from UDM 7501, the AUSF 7602 generates an AKMA information for SUPI 2. The AKMA information includes a KAKMA (AKMA Anchor Key) and A-KID (AKMA Key Identifier) for SUPI 2. In addition, AUSF 7602 finds an associated AAnF for SUPI 2.
AUSF 7602 sends the Nausf_Get_AKMA_info response message to UDM 7501 including at least AKMA information and Associated AAnF address. The AKMA information includes the KAKMA (AKMA Anchor Key) and A-KID (AKMA Key Identifier) for SUPI 2. The Associated AAnF address includes the AAnF address that is associated with AUSF 7602 for SUPI 2.
In case AUSF 7602 cannot generate the AKMA information for any reason, for example SUPI 2 is not registered, AUSF 7602 provides a cause information indicating a reason why the AKMA information cannot be generated. Possible cause information may include "UE not registered", "AKMA not supported", "AKMA for dual steer not supported", etc.
Step 5. UDM 7501 sends an Nudm_UEAuthentication_Get Response message to AUSF 7601 including at least one of the following: 5G HE AV, Associated SUPI, RID for associated SUPI, prime indication, the AUSF address for the associated SUPI, the AAnF address for the associated SUPI. The following bullets explain each parameter in detail.
-  5G HE AV: Refer to Step 4 in Fig. 1.
-  Associated SUPI: Refer to Step 4 in Fig. 1. In this example, Associated SUPI includes SUPI2.
-  RID for associated SUPI: Refer to Step 4 in Fig. 1.
-  prime indication: Refer to Step 4 in Fig. 1.
-  AUSF address for associated SUPI: Refer to Step 10 in Fig. 1.
-  AAnF address for associated SUPI: Refer to Step 9 in Fig. 1.
Step 6. Steps 5 and 6 in Fig. 1 are executed.
Step 7. Steps 10 to 13 in Fig. 1 are executed.
< Variant 2 of First example of the First Aspect >
While Fig. 1 discloses the mechanism whereby the AUSF fetches the AKMA information for an associated SUPI by contacting a UDM for the associated SUPI, the UDM may also fetch the AKMA information for the associated SUPI and forward them to the AUSF.
Fig. 3 illustrates an example of a Deriving AKMA key after primary authentication during the Registration procedure.
The detailed processes of the Variant 2 of the First example of the First Aspect are described below with reference to Fig. 3.
Step 1. Steps 0 to 3 in Fig. 1 are executed.
Step 2. Upon reception of the Nudm_UEAuthentication_Get Request message from the AUSF 7601 in step 3 in Fig. 1, UDM 7501 generates a 5G HE AV for the SUPI 1 in Dual Steer device 3. The 5G HE AV is a Home Environment Authentication Vector for the SUPI 1 in Dual Steer device 3.
If UDM 7501 has an Associated SUPI (e.g. SUPI 2) and the Nudm_UEAuthentication_Get Request message from AUSF 7601 in step 3 of Fig. 1 including the AKMA for dual steer supported indicator, UDM 7501 finds UDM 7502 as an UDM for SUPI 2 and following steps take place.
Step 3. UDM 7501 sends the Nudm_Get_AKMA_info message to UDM 7502 including at least SUPI. The SUPI includes SUPI 2.
Step 4. Upon reception of the Nudm_Get_AKMA_info message from UDM 7501, UDM 7502 sends the Nausf_Get_AKMA_info message to AUSF 7602 including at least SUPI. The SUPI includes SUPI 2.
Step 5. Upon reception of the Nausf_Get_AKMA_info message from UDM 7502, AUSF 7602 generates an AKMA information for SUPI 2. The AKMA information includes a KAKMA (AKMA Anchor Key) and A-KID (AKMA Key Identifier) for SUPI 2. In addition, AUSF 7602 finds an associated AAnF for SUPI 2.
AUSF 7602 sends the Nausf_Get_AKMA_info response message to UDM 7502 including at least AKMA information and Associated AAnF address. The AKMA information includes the KAKMA (AKMA Anchor Key) and A-KID (AKMA Key Identifier) for SUPI 2. The Associated AAnF address includes the AAnF address that is associated with AUSF 7602 for SUPI 2.
In case AUSF 7602 cannot generate the AKMA information for any reason, for example SUPI 2 is not registered, AUSF 7602 provides a cause information indicating a reason why the AKMA information cannot be generated. Possible cause information includes "UE not registered", "AKMA not supported", "AKMA for dual steer not supported", etc.
Step 6. Upon reception of the Nausf_Get_AKMA_info response message from AUSF 7602, UDM 7502 sends the Nudm_Get_AKMA_info response message to UDM 7501 including at least AKMA information, Associated AAnF address and Associated AUSF address. The AKMA information include the KAKMA (AKMA Anchor Key) and A-KID (AKMA Key Identifier) for SUPI 2. The Associated AAnF address includes the AAnF address that is associated with AUSF 7602 for SUPI 2.
The Associated AUSF address includes the AUSF address that is associated with SUPI 2 (AUSF 7602 address).
Step 7. Steps 5 to 7 in Fig. 2 are executed.
< Variant 3 of First example of the First Aspect >
In case that any NF (Network Function) detects that AKMA information becomes invalid for SUPI 2, for example, due to De-registration procedure for SUPI 2, the NF sends the Naanf_AKMA_Context_Remove request to AAnF 7701 for SUPI 1 indicating partial removal of the AKMA information only for SUPI 2.
Similarly, the NF sends the Nausf_AKMA_Context_Remove request to AUSF 7601 for SUPI 1 indicating partial removal of the AKMA information only for SUPI 2.
For example, if a UDM for SUPI 2 detects that SUPI 2 is de-registered from core network 7, the UDM for SUPI 2 sends Naanf_AKMA_Context_Remove request to AAnF 7701 for SUPI 1 indicating partial removal of the AKMA information for SUPI 2.
Similarly, the UDM for SUPI 2 sends the Nausf_AKMA_Context_Remove request to AUSF 7601 for SUPI 1 indicating partial removal of the AKMA information for SUPI 2.
< Variant 4 of First example of the First Aspect >
The subscriber data that is described in Step 0 in Fig. 1 may be stored in UDR 7A.
One example, UDM 7501 may obtain the subscriber data from UDR 7A.
In another example, UDM 7501 in Fig. 1, Fig. 2 and Fig. 3 may be replaced with UDR 7A. In this case, all messages from/to UDM 7501 in Fig. 1, Fig. 2 and Fig. 3 may be read as messages from/to UDR 7A.
< Variant 5 of First example of the First Aspect >
In another example, in Fig. 1 in step 8, AUSF 7601 sends Nausf_GET_AKMA_info from AAnF 7602 of SUPI 2. AAnF 7602 stores SUPI 2, and KAKMA2 and A-KID2 of SUPI 2. AAnF 7602 sends SUPI 2, KAKMA2 and A-KID2.
< Variant 6 of First example of the First Aspect >
In another example in Fig. 1, steps 8 and 9 are skipped. In Step 10, AUSF 7601 for SUPI1 sends the Naanf_AKMA_AnchorKey_RegisterRequest including SUPI 2 and RID 2 with AKMA information of SUPI1. AAnF 7701 for SUPI 1 finds AAnF address for SUPI 2 based on RID2 of SUPI 2. AAnF 7701 for SUPI 1 fetches the AKMA information of SUPI2 from the AAnF for SUPI 2 and stores AKMA information of SUPI 1 and AKMA information of SUPI2.
In general, the AUSF of a SUPI always provides associated SUPI and RID of the associated SUPI to the AAnF of the SUPI in using existing message between the AUSF and the AAnF or a new message between the AUSF and the AAnF. The AAnF of the SUPI selects the AAnF of the associated SUPI based on the RID of the associated SUPI and fetches the AKMA information of the associated SUPI in an existing message between AAnFs or in a new message between AAnFs.
< Variant 7 of First example of the First Aspect >
In one example, after step 5 the AMF sends
i)  Identity request message with identity type both SUPI or dual steer device SUPI. When the UE3 receives the identity request message then the UE3 sends Identity response message containing SUPI 1 and SUPI 2 of the UE3 to the AMF.
ii)  Identity request message with identity type associated SUPI. When the UE3 receives the identity request message the UE sends second SUPI (i.e., SUPI 2) to the AMF.
Following either step i or step ii the AMF sends both SUPI 1 and SUPI2 to the AUSF7601 and AUSF sends these two SUPIs to the UDM 7501. If the UDM7501 finds that two SUPIs are associated, then the UE3 will indicate to the AMF70 and AMF then indicates AKMA for dual steer registered. The UDM also indicates to the AUSF7601 or AUSF 7602 that the UE3 contains associated SUPI. The AUSF7601 and AUSF 7602 tells to the AAnF which in turns to the AF201 using the message defined in the embodiments.
In one example the AF201 executes step defined in the embodiments when the AF knows that the UE3 contains associated SUPIs.
In one example, the AMF may send Identity request message with identity type = IMEI or IMEI both or IMEI dual steer. The UE3 sends both IMEIs of the dual steer to the AMF70 in the Identity response message. The UE3 sends both IMEIs to the UDM7501 via AUSF as defined in Fig. 1.
< Second example of the First Aspect >
This example discloses a mechanism detailing how the AKMA key is chosen and used for the application session with Dual Steer device 3.
Based on the mechanism disclosed by the first example of the First Aspect, the AAnFs for both SUPI 1 and SUPI 2 have two AKMA keys, one for SUPI 1 and the other one for SUPI 2.
Fig. 4 illustrates an example for a selection or update of the AKMA key applied to the application session with Dual Steer device 3.
The detailed processes of the Second example of the First Aspect are described below with reference to Fig. 4.
Step 0-1. USIM 3501 with SUPI 1 registers to AMF 7001 and obtains an AKMA key for SUPI 1. After successful Deriving AKMA key after primary authentication procedure, SUPI 1 is associated with AAnF 7701.
The AKMA key includes KAKMA (AKMA Anchor Key) and A-KID (AKMA Key Identifier) for SUPI 1.
Step 0-2. USIM 3502 with SUPI 2 registers to AMF 7002 and obtains an AKMA key for SUPI 2. After successful Deriving AKMA key after primary authentication procedure, SUPI 2 is associated with AAnF 7702.
The AKMA key includes KAKMA (AKMA Anchor Key) and A-KID (AKMA Key Identifier) for SUPI 2.
Step 0-3. USIM 3501 with SUPI 1 establishes a PDU Session (PDU Session 1) with SMF 71 and UPF 72 that is applicable to the Application session.
Step 0-4. USIM 3502 with SUPI 2 establishes a PDU Session (PDU Session 2) with SMF 71 and UPF 72 that is applicable to the Application session.
Step 0-5. Dual Steer device 3 establishes the Application Session using an A-KID generated based on KAUSF for SUPI 1 using the PDU Session 1. Dual Steer device 3 may also send Dual Steer device support indicator in a Ua* message between Dual Steer device 3 and AF 201. For example, the Ua* message includes the Application Session Establishment Request message, in an existing Ua* message or in a new Ua* message.
Step 0-6. The PDU Session Switch procedure is performed for switching from the PDU Session 1 to PDU Session 2 for Dual Steer device 3.
In one example, PDU Session 1 is active, and the Application Session is established with AKMA based security using AKMA keys for SUPI 1. Dual Steer device 3 decides to switch from PDU Session 1 to PDU Session 2. The switching between the PDU sessions can happen due to any reason, for example, round-trip delay between a Dual Steer device 3 and UPF 72 may exceed a predefined threshold or radio conditions on the access network serving of PDU Session 1 with SUPI 1 may become unstable.
In another example, PDU Session 1 and PDU Session 2 are established but there is no Application Session on any of the PDU session 1 and PDU session 2. In this case, Step 1 is the very first time that the Application Session is established.
Step 1. Dual Steer device 3 sends the Application Session Establishment Request to AF 201 including at least A-KID.
The A-KID may be associated with SUPI 1 or associated with SUPI 2. In this example, the A-KID is associated with SUPI 2.
The A-KID may be selected based on the following criteria.
-  Device configuration of Dual Steer device 3.
-  Based on the URSP rule setting in Dual Steer device 3 as disclosed by the First example of the Second Aspect.
-  In one example the A-KID is related to the SUPI which is associated with the PDU session to which the application chooses to switch the traffic.
Step 2. Upon reception of the Application Session Establishment Request from Dual Steer device 3 in Step 1, the AF 201 sends the Naanf_AKMA_ApplicationKey_Get request message to AAnF 7702 including at least A-KID and AF_ID. In one example, AF 201 sends the Naanf_AKMA_ApplicationKey_Get request message to AAnF 7702 including at least A-KID and AF_ID when AF 201 doesn't have application context associated with A-KID otherwise AF 201 uses the existing application context associated with the A-KID. The following bullets explain each parameter in detail.
-  A-KID: The A-KID is a AKMA Key Identifier that is globally unique and identifies the KAKMA of the UE. A-KID shall be in NAI format, i.e. username@realm. The username part shall include the RID and the A-TID (AKMA Temporary UE Identifier), and the realm part shall include Home Network Identifier.
-  AF_ID: The AF_ID identifies the AF 201. The AF_ID consists of the FQDN of the AF 201.
Step 3. AAnF 7702 derives the AKMA Application Key (KAF) from KAKMA for SUPI 2.
Step 4. If AAnF 7702 has an AKMA information for the Associated SUPI (SUPI 1), AAnF 7702 sends the Naanf_AKMA_ApplicationKey_Get request message to AAnF 7701 including at least A-KID and AF_ID for SUPI 1.
Step 5. Upon reception of the Naanf_AKMA_ApplicationKey_Get request message from AAnF 7702, AAnF 7701 derives the AKMA Application Key (KAF) from KAKMA for SUPI 1.
Step 6. AAnF 7701 sends the Naanf_AKMA_ApplicationKey_Get response message to AAnF 7702 including SUPI, GPSI, KAF and the KAF expiration time for SUPI 1. The following bullets explain each parameter in detail.
-  SUPI: Subscription Permanent Identifier. In this example, it is SUPI 1.
-  GPSI: Generic Public Subscription Identifier. The GPSI is an identifier used in data networks outside of the 3GPP system that can address a 3GPP subscription. It can be either an MSISDN or an External Identifier.
-  KAF: AKMA Application Key. The KAF is used by AF 201 for enabling the AKMA service.
-  KAF expiration time: Expiration time of the KAF.
Step 7. Upon reception of the Naanf_AKMA_ApplicationKey_Get response message from AAnF 7701, AAnF 7702 sends the Naanf_AKMA_ApplicationKey_Get response message to AF 201 including Application Key for SUPI 1 (SUPI=SUPI 1, GPSI, KAF and the KAF expiration time for SUPI 1) and Application Key for SUPI 2 (SUPI=SUPI 2, GPSI, KAF and the KAF expiration time for SUPI 2).
After Step 7 both, Dual Steer device 3 and AF 201 have two sets of AKMA information, one set with SUPI 1 and the other set with SUPI 2.
Step 8. In this example, the AF 201 applies the KAF for SUPI 2 for AKMA based application security since it is assumed in this example that the Application Session Establishment Request message in Step 1 includes the A-KID for SUPI 2.
One another example, if the Application Session Establishment Request message in Step 1 includes the A-KID for SUPI 1, AF 201 applies the KAF for SUPI 1 for AKMA based application security.
AF 201 sends an existing Ua* message e.g. the Application Session Establishment Response message containing A-KID chosen by the AF 201 to apply the security context related to the A-KID for the current application session establishment. When Dual Steer device 3 receives A-KID in the Ua* message e.g. the Application Session Establishment Response containing A-KID, Dual Steer device 3 applies security context related to the A-KID related for the application session.
With this disclosure any the KAF is used as far as Dual Steer device 3 and core network 7 (i.e. AAnF) share the same AKMA information for multiple SUPIs that are equipped in Dual Steer device 3.
In one example, UE 3 uses the A-KID related to the primary SUPI in step 1 i.e. UE 3 sends A-KID related to the primary SUPI in the Application session Establishment Request message.
< Variant 1 of Second example of the First Aspect >
For Step 1 in Fig. 4, triggers when Dual Steer device 3 sends the Application Session Establishment Request to AF 201 with an updated A-KDI are listed below as examples:
-  When the PDU Session Switch procedure is performed for switching from the PDU Session 1 to the PDU Session 2 for Dual Steer device 3 and the Application Session uses new PDU Session (PDU Session 2) for a connectivity service to AF 201. (This is an example that Second example of the First Aspect takes.) In this case, it is reasonable to use the KAF with SUPI 2 for AKMA as the PDU Session 2 is associated with SUPI 2.
-  When the PDU Session that is being used for the connectivity service to the AF 201 is released. In this case, it is reasonable to use a KAF associated with a SUPI being used for providing the PDU Session for Dual Steer device 3 to communicate with the AF 201.
-  When the SUPI that is being used for the connectivity service to AF 201 is de-registered. In this case, it is inevitable to switch to a KAF with a SUPI being used for providing the PDU Session for Dual Steer device 3 to communicate with AF 201 since KAUSF, KAKMA, A-KID and Kaf being generated by the de-registered SUPI will be invalid.
One example, the deregistration procedure with a SUPI that provides the A-KID and KAF for the Application Session could happen in the following sequence:
-    Two PDU Sessions, PDU Session 1 and PDU Session 2, with SUPI 1 and SUPI 2 respectively are established for Dual Steer device 3.
-    An Application Session is established over the PDU Session 1 with A-KID and AKF with SUPI 1.
-    The PDU Session Switch procedure is performed for switching from the PDU Session 1 to the PDU Session 2 for the Application Session but the A-KID and AKF with SUPI 1 continues applying to the Application Session by both Dual Steer device 3 and AF 201.
-    The SUP1 is deregistered with any reason. For example, the UICC (Universal Integrated Circuit Card) for SUPI 1 is removed from Dual Steer device 3, the Network-initiated Deregistration procedure due to subscription removal and etc.
In this case when SUPI 1 in Dual Steer device 3 is deregistered, then the existing NF e.g., UDM 75 indicates to AAnF 7701 (e.g. to all the AAnF associated with SUPI 2) using an existing message between UDM 7501 and AAnF 7701 or a new message between UDM 7501 and AAnF 7701 indicating that SUPI 1 is deregistered to SUPI 2. The message contains SUPI 1 and indication deregister or the message contains SUPI 1 only the meaning of the message is to indicate deregistration of the SUPI. Upon receiving the message, AAnF 7701 indicates to AF 201 that SUPI 1 is deregistered to SUPI 2 either by including SUPI 1 or GPSI or any other user identity associated with SUPI 1. In one example UDM 7501 sends an existing message or a new message directly to AF 201 (e.g., to all AKMA enabled AF associated with the SUPI) indicating SUPI 1 is deregistered for SUPI 2. The message contains SUPI 1 GPSI, or any other user identity associated with SUPI 1 and indicator deregistered.
< Variant 2 of Second example of the First Aspect >
In one example in Step 1 Dual Steer device 3 sends A-KID 1 and A-KID 2 to AF 201. When the AF 201 receives A-KID 1 and A-KID2, then the AF 201 fetches Application Function Key KAF, user identity and other subscription parameter of SUPI 1 and SUPI 2 from the AAnFs, AAnF 7701 corresponding to the A-KID 1 and AAnF 7702 corresponding to A-KID 2 respectively. The AF 201 then determines based on the subscription parameter of both SUPI 1 and SUPI 2 which KAF to use for the security parameter at the AF 201 for the current application session and sends the selected A-KID to Dual Steer device 3 in the existing message at the Ua* interface or in a new Ua* message. When Dual Steer device 3 receives the Ua* message Dual Steer device 3 and AF 201 start using the AKMA security parameter corresponding to the received A-KID. In one example based on the subscription the primary KAF should be used then the AF 201 sends A-KID related to the primary SUPI. In one example the subscription parameter stores the priority of the two SUPIs, SUPI 1 and SUPI 2. The priority of whichever SUPI is higher than the AF 201 shall choose the KAF related to the higher priority SUPI.
In one example, any AAnF (e.g. AAnF of SUPI 2 in step 7) in Fig. 4 can take decision which KAF can be used based on the subscription or local policy of the AAnF and pass corresponding A-KID to the AF 201. The AF 201 informs to Dual Steer device 3 as described above in this embodiment.
< Variant 3 of Second example of the First Aspect >
Prior to Step 1 in Fig. 4, the AF 201 is supposed to have already interacted with AAnF 7701 for SUPI 1 as there is an active PDU Session on SUPI 1. This means the AF 201 has already obtained the Application Key for SUPI 1 (SUPI=SUPI 1, GPSI, KAF and the KAF expiration time for SUPI 1). After Step 1 and the PDU Session switch from PDU Session 1 on SUPI 1 to PDU Session 2 on SUPI 2, the AF 201 only interact with the AAnF for SUPI 2 to obtain the Application Key for SUPI 2 (SUPI=SUPI 2, GPSI, KAF and the KAF expiration time for SUPI 2).
< Variant 4 of Second example of the First Aspect >
In one example in step 1 the UE3 keeps using the KAF (in this case it is KAF related to SUPI 1) used in step 0-5 and AF201 also keep using the KAF which was used in step 0-5 implicitly the UE sending any Application Session Establishment Request message. In one example the UE may send Application Session Establishment Request message sending A-KID 1 to the AF201.
In one example, in step 1, if the KAF of SUPI 1 expiration timer expires in AF201 or KAF is deleted at the AAnF function by a NF then the AF201 or AAnF7701 or AAnF 7702 selects A-KID of SUPI 2 and sends in the Application Session Establishment Response message. The UE03 and the AF201 will start using the KAF related to A-KID of SUPI 2 to as security context for the application data.
All the embodiments apply for the case i) when a same PDU address is assigned to PDU session 1 and PDU session 2 or ii) different PDU sessions assigned to PDU session 1 and PDU session 2. In the case ii) the UE3 and AF201 establishes a new connection (e.g., TCP connection, UDP connection or HTTPS connection) or application session- (e.g., IMS session) between UE3 and AF201 when an application switches from PDU session 1 to PDU session 2. The UE3 and the AF201, start applying the new selected KAF as chosen in the above embodiments to the new connection or the application session.
< Third example of the First Aspect >
This example discloses a mechanism that the AKMA key that are generated by a SUPI in which a PDU Session being used for Application Session is always used.
When the PDU Session being used for Dual Steer device 3 is changed, UPF 72 notifies the change to AF 201.
When the Application Session Establishment Request message arrives to AF 201 with new A-KID generated by the KAUSF of the SUPI that is associated with the latest PDU Session, the AF 201 verifies that the A-KID received from Dual Steer device 3 is the one generated by the KAUSF of the SUPI that is associated with the latest PDU Session.
With this authorization, the AKMA with the SUPI that is associated with the latest PDU Session can be confirmed.
Fig. 5 illustrates an example of applying AKMA key with SUPI that is associated with the latest PDU Session.
The detailed processes of the Third example of the First Aspect are described below with reference to Fig. 5.
Step 0. Steps 0-1 to 0-5 in Fig. 4 take place.
Step 1. Upon establishing the Application Session with Dual Steer device 3, the AF 201 sends the Nnef_EventExposure_Subscribe request message to the NEF 79 including at least Dual Steer status requested, A-KID, AF ID, User IP address and SUPI.
The following bullets explain each parameter in detail.
-  Dual Steer status requested: The Dual Steer status requested indicates that the service consumer is requesting a dual steer status notification.
-  A-KID: Refer to Step 2 of Fig. 4.
-  AF ID: Refer to Step 2 of Fig. 4.
-  User IP address: End User IP address of Dual Steer device 3 being used.
-  SUPI: Refer to Step 6 of Fig. 4.
Step 2. NEF 79 authorizes AF 201 request. If the authorization is not granted, NEF 79 replies to AF 201 with a Result value indicating authorization failure.
Step 3. If NEF 79 does not have an IP address of UPF 72 as a PDU Session Anchor for the Application Session, NEF 79 sends Nnrf_NFDiscovery message to NRF 78 including at least User IP address, AF ID and SUPI.
The following bullets explain each parameter in detail.
-  User IP address: Refer to Step 1 of Fig. 5.
-  AF ID: Refer to Step 2 of Fig. 4.
-  SUPI: Refer to Step 6 of Fig. 4.
Step 4. Upon reception of the Nnrf_NFDiscovery message from NEF 79, NRF 78 finds the UPF address of UPF 72 implementing NAT functionality for the UE IP address.
NRF 78 sends the Nnrf_NFDiscovery response message to NEF 79 including at least UPF address. The UPF address indicates UPF 72 that implements the NAT functionality for the UE IP address for Dual Steer device 3.
Step 5. NEF 79 sends Nupf_EventExposure_Subscribe message to UPF 72 including at least Dual Steer status requested, SUPI and User IP address.
The following bullets explain each parameter in detail.
-  Dual Steer status requested: Refer to Step 1 of Fig. 5.
-  SUPI: Refer to Step 6 of Fig. 4.
-  User IP address: Refer to Step 1 of Fig. 5.
The UPF 72 starts monitoring the dual steer status related to the User IP address received in Step 5.
Step 6. UPF 72 sends Nupf_EventExposure_Subscribe response message to NEF 79.
Step 7. NEF 79 sends Nnef_EventExposure_Subscribe response message to AF 201.
In one example, NEF 79 sends Nnef_EventExposure_Subscribe response message to AF 201 after Step 2.
Step 8. The PDU Session Switch procedure is performed for switching from the PDU Session 1 to the PDU Session 2 for Dual Steer device 3.
Step 9. UPF 72 detects the PDU Session change for the Dual Steer device 3 as executed in Step 8, UPF 72 sends the Nupf_EventExposure_Notify message to NEF 79 including at least User IP address, Dual Steer status (Switch to SUPI 2 in this example).
The following bullets explain each parameter in detail.
-  User IP address: Refer to Step 1 of Fig. 5.
-  Dual Steer status: Dual Steer status indicates the latest status or even of the PDU Session used for Dual Steer device 3. For example, Dual Steer status may indicate "PDU Session switched with SUPI information where new PDU Session is associated with", "PDU Session is reduced to one with SUPI information where the released PDU Session is associated with", "New PDU Session added with SUPI information where the added PDU Session is associated with", "Entire Session is released", "Switched to non-3GPP access", "Switched to 3GPP access" and etc.
Step 10. Upon reception of the Nupf_EventExposure_Notify message from UPF 72, NEF 79 sends the Nnef_EventExposure Notify message to the AF 201 including at least User IP address, Dual Steer status (Switch to SUPI 2 in this example). Refer to Step 9 for parameter details.
Step 11. Dual Steer device 3 sends the Application Session Establishment Request to the AF 201 including at least A-KID of SUPI 2 since the PDU Session Switch procedure is performed for switching from PDU Session 1 to PDU Session 2 in Step 8.
Step 12. AF 201 authorizes the A-KID change by confirming that the PDU Session with SUPI 2 is the latest PDU Session being used for Application Session.
Step 13. The AKMA based security with the latest SUPI being used for PDU Session applies to the Application Session between Dual Steer device 3 and AF 201.
< Variant 1 of Third example of the First Aspect >
In Step 12 in Fig. 5, if the AF 201 detects that the A-KID is sent over the Application Session Establishment Request in Step 11 does not match with an A-KID with the latest PDU Session being used for Application Session, The AF 201 may reject the Application Session Establishment Request with a cause value indicating that "A-KID is not appropriate", "A-KID is obsoleted" or any other cause values. In addition to the new cause value, the AF 201 may indicate an alternative K-KID value asking Dual Steer device 3 to use for next Application Session Establishment Request.
One example, the alternative A-KID may be an A-KID that is associated with a SUPI where that SUPI is associated with the latest PDU Session being used for Application Session.
< Variant 2 of Third example of the First Aspect >
In Step 10 in Fig. 5, once the AF 201 obtains new SUPI associated with the latest PDU Session being used for Application Session, the AF 201 may initiate the KAF refresh procedure over the Ua* reference point. (Note that the Ua* reference point applies between Dual Steer device 3 and AF 201.)
The AF 201 sends a KAF refresh request message to Dual Steer device 3 including an A-KID that the AF 201 wishes to apply for the AKMA function to the Application Session. One example, the A-KID in the KAF refresh request message may be a A-KID generated from an KAUSF of a SUPI that is associated with the latest PDU Session being used for Application Session.
Once Dual Steer device 3 receives the A-KID in the KAF refresh request message from the AF 201, Dual Steer device 3 may send the Application Session Establishment Request to the AF 201 including at least the received A-KID.
< Variant 3 of Third example of the First Aspect >
At Steps 9 and 10 in Fig. 5, the Dual Steer Status parameter may also indicate the reason for the PDU Session switch from SUPI 1 to SUPI 2 or vice versa. For example, the reason for the PDU Session switch may be a congestion in one of the SUPIs when both SUPIs are from the same network operator. In such a case the Dual Steer Status parameter may indicate 'congestion on SUPIx' cause to AF 201. Another reason for the PDU Session switch between the SUPIs could be no or low coverage on one of the SUPIs when the two SUPIs are from different network operators. In such a case the Dual Steer Status parameter may indicate 'no/low coverage on SUPIx' cause to AF 201. The Dual Steer Status parameter may also indicate the time at which the PDU Session switched between the SUPIs.
< Fourth example of the First Aspect >
This example discloses a mechanism that the AKMA key to apply to the Application Session with Dual Steer device 3 is decided based on a negotiation between Dual Steer device 3 and AF 201 before Application Session is established.
Fig. 6 illustrates an example of negotiation mechanism for A-KID selection.
The detailed processes of the Fourth example of the First Aspect are described below with reference to Fig. 6.
Step 0. Steps 0-1 to 0-5 in Fig. 4 take place.
Step 1. Dual Steer device 3 sends a Request message to the AF 201 including at least User IP address and AF-ID.
The following bullets explain each parameter in detail.
-  User IP address: Refer to Step 1 of Fig. 5.
-  AF ID: Refer to Step 2 of Fig. 4.
Step 2. Upon reception of the Request message from Dual Steer device 3, the AF 201 finds the associated A-KID with the AF ID for the user that has the received User IP address has been assigned.
If AF 201 finds multiple A-KIDs, AF 201 selects one A-KID to apply AKMA based security for the Application session, linked with the AF ID, based on operator policy, based on configuration, or based on subscriber data or any combination of selection making criteria.
Once AF 201 chooses an appropriate A-KID, AF 201 sends the KAMA initiation message to Dual Steer device 3 including at least A-KID.
Refer to Step 2 of Fig. 4 for parameter detail of A-KID.
One example, the AF 201 sends multiple A-KID with priority order that may be used for the AKMA based security for the Application session as linked with the AF ID.
Step 3. Based on the A-KID received in Step 2, Dual Steer device 3 sends the Application Session Establishment Request to the AF 201 including at least A-KID that is received A-KID in Step 2 taking inro account.
One example, the A-KID set on the Application Session Establishment Request message is equal to the A-KID received from AF 201 in Step 2.
Step 4. Steps 2 to 7 in the AAnF response with UE Identity procedure as described in section 6.2.1 in 3GPP TS 33.535 [3] take place for deriving AKMA Application Key for the Application session.
After Step 4, the AKMA based security with the selected A-KID applies to the Application Session between Dual Steer device 3 and AF 201.
< Fifth example of the First Aspect >
This example discloses a mechanism that the AKMA key to apply to the Application Session with Dual Steer device 3 is decided based on a decision made by AF 201.
Fig. 7 illustrates an example of the A-KID selection by the AF.
The detailed processes of the Fifth example of the First Aspect are described below with reference to Fig. 7.
Step 0. Steps 0-1 to 0-5 in Fig. 4 take place.
Step 1. Dual Steer device 3 sends the Application Session Establishment Request to the AF 201 including at least one A-KID or multiple A-KIDs. Multiple A-KIDs may be included in case Dual Steer device 3 has multiple PDU Sessions that can be used for the Application session.
Refer to Step 2 of Fig. 3 for parameter detail of A-KID.
Step 2. Upon reception of the Application Session Establishment Request from Dual Steer device 3, the AF 201 examines the received one or multiple A-KIDs whether they are valid to apply for AKMA based security for the Application Session.
If the AF 201 finds multiple A-KIDs valid to apply AKMA based security for the Application session, the AF 201 selects one A-KID to apply AKMA based security for the Application session, linked with the AF ID, based on operator policy, based on configuration, or based on subscriber data or any combination of selection making criteria.
Once the A-KID is selected, Steps 2 to 6 in the AAnF response with UE Identity procedure as described in section 6.2.1 in 3GPP TS 33.535 [3] take place with the selected A-KID for deriving AKMA Application Key for the Application session.
Step 3. AF 201 sends the Application Session Establishment Response to Dual Steer device 3 including at least A-KID.
Refer to Step 2 of Fig. 4 for parameter detail of A-KID.
Dual Steer device 3 apply the received A-KID for the AKMA based security to the Application session.
After Step 3, the AKMA based security with the selected A-KID applies to the Application Session between Dual Steer device 3 and AF 201.
< Sixth example of the First Aspect >
This example discloses an architecture to support the Generic Authentication Architecture (GAA) and
Generic Bootstrapping Architecture (GBA) functions for the Dual Steer devices with two or more USIMs by managing multiple Ks_NAFs in both, Dual Steer device 3 and NAF 203.
This example discloses the following procedures specific to the GAA and GBA as defined in 3GPP TS 33.220 [9].
-  Registration Procedure
-  Bootstrapping procedure
-  Bootstrapped Security Association procedure
-  Bootstrapping renegotiation request procedure
Fig. 8 illustrates an example of the GAA and the GBA for Dual Steer device 3.
The detailed processes of the Sixth example of the First Aspect are described below with reference to Fig. 8.
< Registration Procedures >
Step 0-1. The Registration procedure for SUPI 1 in Dual Steer device 3 takes place with the GAA and GBA supported 5GC. The First example of the First Aspect applies to this procedure with the following replacements showing after the Step 0-2.
Step 0-2. The Registration procedure for SUPI 2 in Dual Steer device 3 takes place with the GAA and GBA supported 5GC. The First example of the First Aspect applies to this procedure with the following replacements.
-  AUSF 7601 is replaced with BSF 7B01.
-  AUSF 7602 is replaced with BSF 7B02.
-  AF 201 is replaced with NAF 203.
-  UDM 7501 may stay the same. One example, UDM 7501 may be HSS or HLR.
-  AKMA for dual steer supported indicator is replaced with GAA and GBA for dual steer supported indicator.
-  AKMA for dual steer registered is replaced with GAA and GBA for dual steer registered.
< Bootstrapping procedures >
Step 0-3. The Bootstrapping procedure in section 4.5.2 of 3GPP TS 33.220 [9] take place for SUPI 1. After the Bootstrapping procedure, SUPI 1 derives B-TID1 and associated lifetime of the key Ks.
Step 0-4. The Bootstrapping procedure in section 4.5.2 of 3GPP TS 33.220 [9] take place for SUPI 2. After the Bootstrapping procedure, SUPI 2 derives B-TID2 and associated lifetime of the key Ks.
< Bootstrapped Security Association procedure >
Step 1. Dual Steer device 3 selects a B-TID, from B-TID 1 and B-TID 2.
The B-TID may be selected based on the following criteria.
-  Device configuration of Dual Steer device 3.
-  Based on the URSP rule setting in Dual Steer device 3 as disclosed by the First example of the Second Aspect.
Step 2. Dual Steer device 3 performs the Bootstrapping usage procedure as defined in section 4.5.3 of 3GPP TS 33.220 [9].
< Bootstrapping renegotiation request procedure >
Step 3. Depending on a situation that Dual Steer device 3 faces, Dual Steer device 3 may decide to update the Key Ks for the Application security for NAF 203.
The Security Key update trigger is listed below. But not limited with the following triggers:
-  When the PDU Session Switch procedure is performed for switching from the PDU Session 1 to the PDU Session 2 for Dual Steer device 3 and the Application Session uses new PDU Session (PDU Session 2) for a connectivity service to NAF 203. (This is an example that Second example of the First Aspect takes.) In this case, it is reasonable to use the Key As with SUPI 2 for GAA and GBA as PDU Session 2 is associated with SUPI 2.
-  When the PDU Session that is being used for the connectivity service to NAF 203 is released. In this case, it is reasonable to use a Key Ks associated with a SUPI being used for providing the PDU Session for Dual Steer device 3 to communicate with NAF 203.
-  When the SUPI that is being used for the connectivity service to NAF 203 is de-registered. In this case, it is inevitable to switch to a Key Ks with a SUPI being used for providing the PDU Session for Dual Steer device 3 to communicate with the NAF 203 since CK, IK, B-TID and Key Ks being generated by the de-registered SUPI will be invalid.
Step 4. Based on the decision in Step 3, Dual Steer device 3 may select new B-TID to use for Application security.
Step 5. Dual Steer device 3 performs the Bootstrapping usage procedure as defined in section 4.5.3 of 3GPP TS 33.220 [9].
One example, a B-TID in the Application request in Step 1 of the section 4.5.3 of 3GPP TS 33.220 [9] may be different from the one being used for the Application security with NAF 203.
< Variant 1 of Sixth example of the First Aspect >
The disclosures in this example are also applicable to bootstrapping procedure and bootstrapping usage procedure for the UICC-based enhancements to Generic Bootstrapping Architecture as defined in section 5 in 3GPP TS 33.220 [9].
< Second Aspect >
This aspect discloses an architecture and mechanisms to provide an AKMA applicability information to Dual Steer device 3 from the operator network.
Based on this disclosure, the HPLM operator can designate SUPI to use for the AKMA function to an Application in case Dual Steer device 3 has multiple associated SUPIs.
The AKMA applicability information is managed by UDR 7A in the core network 7 and provided to Dual Steer device 3 using the Network-requested UE policy management procedure as defined section D.2.1 in the 3GPP TS 24.501 [8].
< First example of the Second Aspect >
This example includes a general architecture how the AKMA applicability information is managed in core network 7 and shared with Dual Steer device 3.
Fig. 9 illustrates an example of general architecture for the AKMA applicability information management.
The architecture and mechanisms of the AKMA applicability information management of the First example of the Second Aspect are described below with reference to Fig. 9.
The AKMA applicability information is stored in the UDR 7A for each SUPI as a subscriber data.
In this example, SUPI 1 is associated with the UDR 7A01 and SUPI 2 is associated with UDR 7A02.
The AKMA applicability information is defined per Application. The subscriber data may have multiple Applications that can be accessed with the corresponding SUPI. In this example in Fig. 9, SUPI 1 has three Applications, APL-1, APL-2 and APL-3, allowed to access. While APL-1 and APL-3 can use AKMA function, APL-2 is not allowed to use AKMA function.
The URSP Rule in the UDR 7A is transferred to Dual Steer device 3 by procedures for the Policy Framework as defined in Section 4.16 in 3GPP TS 23.502 [5].
AKMA applicability information storage in the core network 7
This example discloses that the AKMA applicability information is stored in the UDR 7A for each SUPI.
The AKMA applicability information may be stored in the URSP rule per Application basis.
There might be several variations how the AKMA applicability information is structured in the URSP rule. See some examples of storage of the AKMA applicability information.
-  The AKMA applicability information is managed under the URSP Rule (UE Route Selection Policy Rule).
Fig. 10 illustrates an example how the AKMA applicability information is structured in the URSP rule.
This example discloses that the AKMA applicability information may be stored in the Traffic descriptor in the URSP Rule.
A value of the AKMA applicability information may be form any of the followings.
-    Yes or No (Yes means that AKMA is applicable, while No means that AKMA is not applicable.) "Yes or No" may be expressed as "Supported or Not supported" or "Applicable or Not applicable"
-    Supported or Not supported (Supported means that AKMA is applicable, while Not supported means that AKMA is not applicable.)
-    Yes or No with a priority: The priority indicates a priority of SUPI for the AKMA in case where the SUPI may be configured in Dual Steer device 3 with other SUPI.
-  The AKMA applicability information is managed under the RSD (Route Selectin Descriptor).
Fig. 11 illustrates an example how the AKMA applicability information is structured in the URSP rule.
This example discloses that the AKMA applicability information may be stored in the RSD in the URSP Rule.
Refer to Fig. 9 for a value of the AKMA applicability information.
AKMA applicability information storage in Dual Steer device 3
This example discloses that the AKMA applicability information is stored in Dual Steer device 3 for each SUPI.
The AKMA applicability information may be stored in the Non-volatile memory
36 as a part of the URSP for each SUPI together with the SUPI value.
In this example, Dual Steer device 3 has two URSP rules that correspond to two SUPIs, SUPI 1 and SUPI 2, that Dual Steer device 3 is associated with.
It is assumed that any URSP rules in Dual Steer device 3 are accessible from the Applications in an Application layer in Dual Steer device 3.
The Application in Dual Steer device 3 accesses to all URSP rules stored in the Non-volatile memory 36 and find the best suitable SUPI that applies to the AKMA function for the Application.
-  For example, the Application in Dual Steer device 3 selects a SUPI that applies to the AKMA function for the Application if the URSP Rule for the SUPI has a value AKMA applicability supported.
-  For example, the Application in Dual Steer device 3 does not select a SUPI that applies to the AKMA function for the Application if the URSP Rule for the SUPI has a value AKMA applicability not supported.
  In this case, for example Dual Steer device 3 may establish the Application Session for the Application without applying the AKMA function.
In this case, for another example, Dual Steer device 3 cannot establish the Application Session for the Application without applying the AKMA function according to the configuration in Dual Steer device 3.
Example of an Application behaver in the Dual Steer device
This example explains the Application (APL-3) behaver in Dual Steer device 3 by referring to Fig. 9.
When the APL-3 decides to establish an Application Session, the APL-3 may take the following steps in order to find an appropriate SUPI to use for a connectivity service for the Application Session.
Step 1: the APL-3 confirms how many UICCs being equipped in Dual Steer device 3. In this example, the APL-3 confirms that the UICCs for SUPI 1 and SUPI 2 are equipped.
Step 2: the APL-3 confirms each equipped SUPIs whether they have been registered or not. Dual Steer device 3 may initiate the Registration procedure with the equipped SUPI if possible and needed.
Step 3: the APL-3 confirms whether the APL-3 requires the AKMA based Application security.
In this example, the AKMA based Application security is needed based on URSP rules.
Step 4: the APL-3 confirms whether any SUPIs registered to have a UE policy (URSP rule) that allowed to access to a target Application server for the Application service for the APL-3 based on the URSP rules.
In this example, the UE policy for both SUPI 1 and SUPI 2 allowed to access to the target Application server together with the AKMA function. In addition, while the URSP 1 for SUPI 1 has associated information (Priority High) for APL-3, the URSP 2 for SUPI 2 has associated information (Priority Low) for APL-3.
Step 5: the APL-3 confirms that SUPI 1 is the most relevant SUPI to use for Application Session. If a PDU Session that is applicable to the Application Session has been established with SUPI 1, Dual Steer device 3 initiates the AAnF response with UE Identity procedure as described in Section 6.2.1 in 3GPP TS 33.535 [3] with an A-KID for SUPI 1 for establishing the Application Session for the APL-3. Otherwise, Dual Steer device 3 may initiate the UE Requested PDU Session Establishment procedure as described in section 4.3.2.2 in 3GPP TS 23.502 [5] and the AAnF response with UE Identity procedure with an A-KID for SUPI 1 takes place after successful PDU Session establishment.
Step 6. If the APL-3 finds that there is no PDU Session available with SUPI 1 for the APL-3 (Example, network congestion, resource not available, service restriction on SUPI 1, etc), the APL-3 takes the Step 5 with SUPI 2 since SUPI 2 is usable for the APL-3 but it is rated as Low priority.
< Second example of the Second Aspect >
This example includes a mechanism for Dual Steer device 3 to indicate its support of the AKMA function to the core network 7.
Fig. 12 illustrates an example of the AKMA support indication to the core network 7.
The detailed processes of the Second example of the Second Aspect are described below with reference to Fig. 12.
Step 1. At any time, Dual Steer device 3 sends the UE STATE INDICATION message to the PCF 73 including URSP for AKMA.
A value of the AKMA applicability information may be form any of the followings.
-  URSP for AKMA: The URSP for AKMA indicates that Dual Steer device 3 supports the AKMA function.
One example, the URSP for AKMA indicates that SUPI 1 in the USIM 3501 supports AKMA function.
In another example, the URSP for AKMA indicates that Dual Steer device 3 (including both SUPI 1 in the USIM 3501 and SUPI 2 in the USIM 3502) supports AKMA function.
One example, the URSP for AKMA is coded "AKMAURSP", "URSPAKMA" or any other expressions in the UE policy classmark as defined in Section D.6.5 in 3GPP TS 24.501 [8].
Step 2. When the PCF 73 initiates the Network-requested UE policy management procedure as defined in Section D.2.1 in 3GPP TS 24.501 [8], the received URSP for AKMA into account for generating the URSP rule Dual Steer device 3. For example, the PCF 73 may send AKMA support indication to each application in the URSP rule which indicates whether the application in the URSP support AKMA AF or not.
< Variant 1 of Second example of the Second Aspect >
In Step 2 in Fig. 12, when the PCF 73 received the URSP for AKMA not supported from Dual Steer device 3 in Step 1 and the PCF 73 needs to send the MANAGE UE POLICY COMMAND message to the Dual Steer device 3, the MANAGE UE POLICY COMMAND message may generate an URSP rule without AKMA related information although the PCF 73 has an AKMA related information in the URSP for Dual Steer device 3.
< Variant 2 of Second example of the Second Aspect >
In Step 2 in Fig. 12, when the PCF 73 received the URSP for AKMA supported from Dual Steer device 3 in Step 1 and the PCF needs to send the MANAGE UE POLICY COMMAND message to Dual Steer device 3, the MANAGE UE POLICY COMMAND message may include "AKMA support" to newly defined information element "AKMAURSP", "URSPAKMA" or any other expressions in the UE policy network classmark in case where the PCF 73 can handle or generates the AKMA related information in the URSP rule.
In contrast, the MANAGE UE POLICY COMMAND message may include "AKMA not support" to newly defined information element "AKMAURSP", "URSPAKMA" or any other expressions in the UE policy network classmark in case where the PCF 73 cannot handle or generates the AKMA related information in the URSP rule.
< Variant 3 of Second example of the Second Aspect >
It is possible that the URSP for AKMA upgrade to the URSP rules is not supported homogeneously by the networks, e.g. not supported by some PLMNs or not supported in some locations by the same PLMN. For backward compatibility, as some URSP for AKMA supporting Dual Steer device 3 may trigger the UE STATE INDICATION (URSP for AKMA) message to the network destined to the PCF 73, it is assumed that the network shall indicate its support for the URSP for AKMA feature upgrade to the URSP rules so that Dual Steer device 3s capable for URSP for AKMA do not trigger the UE STATE INDICATION (URSP for AKMA) message if the URSP for AKMA is not supported by the network (e.g. the network is older release network or the network does not support the feature or the network does not support the feature in some locations). Thus, the network may indicate the support for URSP for AKMA in one of the SIBs (System information blocks) during the SIB broadcast in a designated parameter called for example 'URSP for AKMA support' or any other notation for a parameter to indicate that the network supports the URSP for AKMA feature upgrade to the URSP rules. When a URSP for AKMA supporting Dual Steer device 3 reads in the SIB broadcast that the 'URSP for AKMA support' parameter is set OFF or no such parameter is broadcast in the SIN, Dual Steer device 3 shall not trigger the UE STATE INDICATION (URSP for AKMA) message to the network.
< System overview >
Fig. 13 schematically illustrates a telecommunication system 1 for a mobile (cellular or wireless) to which the above aspects are applicable.
The telecommunication system 1 represents a system overview in which an end-to-end communication is possible. For example, UE 3 (or user equipment, 'mobile device' 3) communicates with other UEs 3 or service servers in the data network 20 via respective (R)AN nodes 5 and a core network 7.
The (R)AN node 5 supports any radio accesses including a 5G radio access technology (RAT), an E-UTRA radio access technology, a beyond 5G RAT, a 6G RAT and non-3GPP RAT including wireless local area network (WLAN) technology as defined by the Institute of Electrical and Electronics Engineers (IEEE).
The (R)AN node 5 may split into a Radio Unit (RU), Distributed Unit (DU) and Centralized Unit (CU). In some aspects, each of the units may be connected to each other and structure the (R)AN node 5 by adopting an architecture as defined by the Open RAN (O-RAN) Alliance, where the units above are referred to as O-RU, O-DU and O-CU respectively.
The (R)AN node 5 may be split into control plane function and user plane function. Further, multiple user plane functions can be allocated to support a communication. In some aspects, user traffic may be distributed to multiple user plane functions and user traffic over each user plane functions are aggregated in both the UE 3 and the (R)AN node 5. This split architecture may be called as 'dual connectivity' or 'Multi connectivity'.
The (R)AN node 5 can also support a communication using the satellite access. In some aspects, the (R)AN node 5 may support a satellite access and a terrestrial access.
In addition, the (R)AN node 5 can also be referred as an access node for a non-wireless access. The non-wireless access includes a fixed line access as defined by the Broadband Forum (BBF) and an optical access as defined by the Innovative Optical and Wireless Network (IOWN).
The core network 7 may include logical nodes (or 'functions') for supporting a communication in the telecommunication system 1. For example, the core network 7 may be 5G Core Network (5GC) that includes, amongst other functions, control plane functions and user plane functions. Each function in logical nodes can be considered as a network function. The network function may be provided to another node by adapting the Service Based Architecture (SBA).
A Network Function can be deployed as distributed, redundant, stateless, and scalable that provides the services from several locations and several execution instances in each location by adapting the network virtualization technology as defined by the European Telecommunications Standards Institute, Network Functions Virtualization (ETSI NFV).
The core network 7 may support the Non-Public Network (NPN). The NPN may be a Stand-alone Non-Public Network (SNPN) or a Public Network Integrated NPN (PNI-NPN).
As is well known, a UE 3 may enter and leave the areas (i.e. radio cells) served by the (R)AN node 5 as the UE 3 is moving around in the geographical area covered by the telecommunication system 1. In order to keep track of the UE 3 and to facilitate movement between the different (R)AN nodes 5, the core network 7 comprises at least one access and mobility management function (AMF) 70. The AMF 70 is in communication with the (R)AN node 5 coupled to the core network 7. In some core networks, a mobility management entity (MME) or a mobility management node for beyond 5G or a mobility management node for 6G may be used instead of the AMF 70.
The core network 7 also includes, amongst others, a Session Management Function (SMF) 71, a User Plane Function (UPF) 72, a Policy Control Function (PCF) 73, a Network Data Analytics Function (NWDAF) 74, a Unified Data Management (UDM) 75, a Network Slice Selection Function (NSSF) 76 and a Network Slice Admission Control Function (NSACF) 77. When the UE 3 is roaming to a visited Public Land Mobile Network (VPLMN), a home Public Land Mobile Network (HPLMN) of the UE 3 provides the UDM 75 and at least some of the functionalities of the SMF 71, UPF 72, PCF 73 and NSACF 77 for the roaming-out UE 3.
The UE 3 and a respective serving (R)AN node 5 are connected via an appropriate air interface (for example the so-called "Uu" interface and/or the like). Neighboring (R)AN node 5 are connected to each other via an appropriate (R)AN node 5 to (R)AN node interface (such as the so-called "Xn" interface and/or the like). Each (R)AN node 5 is also connected to nodes in the core network 7 (such as the so-called core network nodes) via an appropriate interface (such as the so-called "N2"/ "N3" interface(s) and/or the like). From the core network 7, connection to a data network 20 is also provided. The data network 20 can be an internet, a public network, an external network, a private network or an internal network of the PLMN. In case that the data network 20 is provided by a PLMN operator or Mobile Virtual Network Operator (MVNO), the IP Multimedia Subsystem (IMS) service may be provided by that data network 20. The UE 3 can be connected to the data network 20 using IPv4, IPv6, IPv4v6, Ethernet or unstructured data type. The data network may include an Application Function (AF) 201.
The "Uu" interface may include a Control plane of Uu interface and User plane of Uu interface.
The User plane of Uu interface is responsible to convey user traffic between the UE 3 and a serving (R)AN node 5. The User plane of Uu interface may have a layered structure with SDAP, PDCP, RLC and MAC sublayer over the physical connection (i.e. PHY sublayer).
The Control plane of Uu interface is responsible to establish, modify and release a connection between the UE 3 and a serving (R)AN node 5. The Control plane of Uu interface may have a layered structure with RRC, PDCP, RLC and MAC sublayers over the physical connection.
For example, the following messages are communicated over the RRC layer to support AS signaling.
-  RRC Setup Request message: This message is sent from the UE 3 to the (R)AN node 5. In addition to the parameters that are disclosed by Aspects in this disclosure, following parameters may be included together in the RRC Setup Request message.
-    establishmentCause and ue-Identity. The ue-Identity may have a value of ng-5G-S-TMSI-Part1 or randomValue.
-  RRC Setup message: This message is sent from the (R)AN node 5 to the UE 3. In addition to the parameters that are disclosed by Aspects in this disclosure, following parameters may be included together in the RRC Setup message.
-    masterCellGroup and radioBearerConfig
-  RRC setup complete message: This message is sent from the UE 3 to the (R)AN node 5. In addition to the parameters that are disclosed by Aspects in this disclosure, following parameters may be included together in the RRC setup complete message.
-    guami-Type, iab-NodeIndication, idleMeasAvailable, ue-MeasurementsAvailable, mobilityState, ng-5G-S-TMSI-Part2, registeredAMF, selectedPLMN-Identity, s-NSSAI-List , onboardingRequest
The UE 3 and the AMF 70 are connected via an appropriate interface (for example the so-called N1 interface and/or the like). The N1 interface is responsible to provide a communication between the UE 3 and the AMF 70 to support NAS signaling. The N1 interface may be established over a 3GPP access and over a non-3GPP access. For example, the following messages are communicated over the N1 interface.
-  registration request message: This message is sent from the UE 3 to the AMF 70. In addition to the parameters that are disclosed by Aspects in this disclosure, following parameters may be included together in the registration request message.
-    5GS registration type, ngKSI, 5GS mobile identity, Non-current native NAS key set identifier, 5GMM capability, UE security capability, Requested NSSAI, Last visited registered TAI, S1 UE network capability, Uplink data status, PDU session status, MICO indication, UE status, Additional GUTI, Allowed PDU session status, UE's usage setting, Requested DRX parameters, EPS NAS message container, LADN indication, Payload container type, Payload container, Network slicing indication, 5GS update type, Mobile station classmark 2, Supported codecs, NAS message container, EPS bearer context status, Requested extended DRX parameters, T3324 value, UE radio capability ID, Requested mapped NSSAI, Additional information requested, Requested WUS assistance information, N5GC indication and Requested NB-N1 mode DRX parameters.
-  registration accept message: This message is sent from the AMF 70 to the UE 3. In addition to the parameters that are disclosed by Aspects in this disclosure, following parameters may be included together in the registration accept message.
-    5GS registration result, 5G-GUTI, Equivalent PLMNs, TAI list, Allowed NSSAI, Rejected NSSAI, Configured NSSAI, 5GS network feature support, PDU session status, PDU session reactivation result, PDU session reactivation result error cause, LADN information, MICO indication, Network slicing indication, Service area list, T3512 value, Non-3GPP de-registration timer value, T3502 value, Emergency number list, Extended emergency number list, SOR transparent container, EAP message, NSSAI inclusion mode, Operator-defined access category definitions, Negotiated DRX parameters, Non-3GPP NW policies, EPS bearer context status, Negotiated extended DRX parameters, T3447 value, T3448 value, T3324 value, UE radio capability ID, UE radio capability ID deletion indication, Pending NSSAI, Ciphering key data, CAG information list, Truncated 5G-S-TMSI configuration, Negotiated WUS assistance information, Negotiated NB-N1 mode DRX parameters and Extended rejected NSSAI.
-  Registration Complete message: This message is sent from the UE 3 to the AMF 70. In addition to the parameters that are disclosed by Aspects in this disclosure, following parameters may be included together in the Registration Complete message.
-    SOR transparent container.
-  Authentication Request message: This message is sent from the AMF 70 to the UE 3. In addition to the parameters that are disclosed by Aspects in this disclosure, following parameters may be included together in the Authentication Request message.
-    ngKSI, ABBA, Authentication parameter RAND (5G authentication challenge), Authentication parameter AUTN (5G authentication challenge) and EAP message.
-  Authentication Response message: This message is sent from the UE 3 to the AMF 70. In addition to the parameters that are disclosed by Aspects in this disclosure, following parameters may be populated together in the Authentication Response message.
-    Authentication response message identity, Authentication response parameter and EAP message.
-  Authentication Result message: This message is sent from the AMF 70 to the UE 3. In addition to the parameters that are disclosed by Aspects in this disclosure, following parameters may be populated together in the Authentication Result message.
-    ngKSI, EAP message and ABBA.
-  Authentication Failure message: This message is sent from the UE 3 to the AMF 70. In addition to the parameters that are disclosed by Aspects in this disclosure, following parameters may be populated together in the Authentication Failure message.
-    Authentication failure message identity, 5GMM cause and Authentication failure parameter.
-  Authentication Reject message: This message is sent from the AMF 70 to the UE 3. In addition to the parameters that are disclosed by Aspects in this disclosure, following parameters may be populated together in the Authentication Reject message.
-    EAP message.
-  Service Request message: This message is sent from the UE 3 to the AMF 70. In addition to the parameters that are disclosed by Aspects in this disclosure, following parameters may be populated together in the Service Request message.
-    ngKSI, Service type, 5G-S-TMSI, Uplink data status, PDU session status, Allowed PDU session status, NAS message container.
-  Service Accept message: This message is sent from the AMF 70 to the UE 3. In addition to the parameters that are disclosed by Aspects in this disclosure, following parameters may be populated together in the Service Accept message.
-    PDU session status, PDU session reactivation result, PDU session reactivation result error cause, EAP message and T3448 value.
-  Service Reject message: This message is sent from the AMF 70 to the UE 3. In addition to the parameters that are disclosed by Aspects in this disclosure, following parameters may be populated together in the Service Reject message.
-    5GMM cause, PDU session status, T3346 value, EAP message, T3448 value and CAG information list.
-  Configuration Update Command message: This message is sent from the AMF 70 to the UE 3. In addition to the parameters that are disclosed by Aspects in this disclosure, following parameters may be populated together in the Configuration Update Command message.
-    Configuration update indication,5G-GUTI, TAI list, Allowed NSSAI, Service area list, Full name for network, Short name for network, Local time zone, Universal time and local time zone, Network daylight saving time, LADN information, MICO indication, Network slicing indication, Configured NSSAI, Rejected NSSAI, Operator-defined access category definitions, SMS indication, T3447 value, CAG information list, UE radio capability ID, UE radio capability ID deletion indication, 5GS registration result, Truncated 5G-S-TMSI configuration, Additional configuration indication and Extended rejected NSSAI.
-  Configuration Update Complete message: This message is sent from the UE 3 to the AMF 70. In addition to the parameters that are disclosed by Aspects in this disclosure, following parameters may be populated together in the Configuration Update Complete message.
-    Configuration update complete message identity.
< User equipment (UE) >
Fig. 14 is a block diagram illustrating the main components of the UE 3 (mobile device 3). As shown, the UE 3 includes a transceiver circuit 31 which is operable to transmit signals to and to receive signals from the connected node(s) via one or more antennas 32. Further, the UE 3 may include a user interface 34 for inputting information from outside or outputting information to outside. Although not necessarily shown in the Fig. 14, the UE 3 may have all the usual functionality of a conventional mobile device and this may be provided by any one or any combination of hardware, software and firmware, as appropriate. Software may be pre-installed in the memory and/or may be downloaded via the telecommunication network or from a removable data storage device (RMD), for example. A controller 33 controls the operation of the UE 3 in accordance with software stored in a memory 36. The software includes, among other things, an operating system 361 and a communications control module 362 having at least a transceiver control module 3621. The communications control module 362 (using its transceiver control module 3621) is responsible for handling (generating/sending/receiving) signalling and uplink/downlink data packets between the UE 3 and other nodes, such as the (R)AN node 5 and the AMF 70. Such signalling may include, for example, appropriately formatted signalling messages (e.g. a registration request message and associated response messages) relating to access and mobility management procedures (for the UE 3). The controller 33 interworks with one or more Universal Subscriber Identity Module (USIM) 35. If there are multiple USIMs 35 equipped, the controller 33 may activate only one USIM 35 or may activate multiple USIMs 35 at the same time.
The UE 3 may, for example, support the Non-Public Network (NPN), The NPN may be a Stand-alone Non-Public Network (SNPN) or a Public Network Integrated NPN (PNI-NPN).
The UE 3 may, for example, be an item of equipment for production or manufacture and/or an item of energy related machinery (for example equipment or machinery such as: boilers; engines; turbines; solar panels; wind turbines; hydroelectric generators; thermal power generators; nuclear electricity generators; batteries; nuclear systems and/or associated equipment; heavy electrical machinery; pumps including vacuum pumps; compressors; fans; blowers; oil hydraulic equipment; pneumatic equipment; metal working machinery; manipulators; robots and/or their application systems; tools; molds or dies; rolls; conveying equipment; elevating equipment; materials handling equipment; textile machinery; sewing machines; printing and/or related machinery; paper converting machinery; chemical machinery; mining and/or construction machinery and/or related equipment; machinery and/or implements for agriculture, forestry and/or fisheries; safety and/or environment preservation equipment; tractors; precision bearings; chains; gears; power transmission equipment; lubricating equipment; valves; pipe fittings; and/or application systems for any of the previously mentioned equipment or machinery etc.).
The UE 3 may, for example, be an item of transport equipment (for example transport equipment such as: rolling stocks; motor vehicles; motor cycles; bicycles; trains; buses; carts; rickshaws; ships and other watercraft; aircraft; rockets; satellites; drones; balloons etc.).
The UE 3 may, for example, be an item of information and communication equipment (for example information and communication equipment such as: electronic computer and related equipment; communication and related equipment; electronic components etc.).

The UE 3 may, for example, be a refrigerating machine, a refrigerating machine applied product, an item of trade and/or service industry equipment, a vending machine, an automatic service machine, an office machine or equipment, a consumer electronic and electronic appliance (for example a consumer electronic appliance such as: audio equipment; video equipment; a loud speaker; a radio; a television; a microwave oven; a rice cooker; a coffee machine; a dishwasher; a washing machine; a dryer; an electronic fan or related appliance; a cleaner etc.).
the UE 3 may, for example, be an electrical application system or equipment (for example an electrical application system or equipment such as: an x-ray system; a particle accelerator; radio isotope equipment; sonic equipment; electromagnetic application equipment; electronic power application equipment etc.).
The UE 3 may, for example, be an electronic lamp, a luminaire, a measuring instrument, an analyzer, a tester, or a surveying or sensing instrument (for example a surveying or sensing instrument such as: a smoke alarm; a human alarm sensor; a motion sensor; a wireless tag etc.), a watch or clock, a laboratory instrument, optical apparatus, medical equipment and/or system, a weapon, an item of cutlery, a hand tool, or the like.
The UE 3 may, for example, be a wireless-equipped personal digital assistant or related equipment (such as a wireless card or module designed for attachment to or for insertion into another electronic device (for example a personal computer, electrical measuring machine)).
The UE 3 may be a device or a part of a system that provides applications, services, and solutions described below, as to "internet of things (IoT)", using a variety of wired and/or wireless communication technologies.
Internet of Things devices (or "things") may be equipped with appropriate electronics, software, sensors, network connectivity, and/or the like, which enable these devices to collect and exchange data with each other and with other communication devices. IoT devices may comprise automated equipment that follow software instructions stored in an internal memory. IoT devices may operate without requiring human supervision or interaction. IoT devices might also remain stationary and/or inactive for a long period of time. IoT devices may be implemented as a part of a (generally) stationary apparatus. IoT devices may also be embedded in non-stationary apparatus (e.g. vehicles) or attached to animals or persons to be monitored/tracked.
It will be appreciated that IoT technology can be implemented on any communication devices that can connect to a communications network for sending/receiving data, regardless of whether such communication devices are controlled by human input or software instructions stored in memory.
It will be appreciated that IoT devices are sometimes also referred to as Machine-Type Communication (MTC) devices or Machine-to-Machine (M2M) communication devices or Narrow Band-IoT UE (NB-IoT UE). It will be appreciated that a UE 3 may support one or more IoT or MTC applications.
The UE 3 may be a smart phone or a wearable device (e.g. smart glasses, a smart watch, a smart ring, or a hearable device). For a wearable device, the UE 3 may be a reduced capability device (RedCap).
The UE 3 may be a car, or a connected car, or an autonomous car, or a vehicle device, or a motorcycle or V2X (Vehicle to Everything) communication module (e.g. Vehicle to Vehicle communication module, Vehicle to Infrastructure communication module, Vehicle to People communication module and Vehicle to Network communication module).
< (R)AN node >
Fig. 15 is a block diagram illustrating the main components of an exemplary (R)AN node 5, for example a base station ('eNB' in LTE, 'gNB' in 5G, a base station for 5G beyond, a base station for 6G). As shown, the (R)AN node 5 includes a transceiver circuit 51 which is operable to transmit signals to and to receive signals from connected UE(s) 3 via one or more antennas 52 and to transmit signals to and to receive signals from other network nodes (either directly or indirectly) via a network interface 53. A controller 54 controls the operation of the (R)AN node 5 in accordance with software stored in a memory 55. Software may be pre-installed in the memory and/or may be downloaded via the telecommunication network or from a removable data storage device (RMD), for example. The software includes, among other things, an operating system 551 and a communications control module 552 having at least a transceiver control module 5521.
The communications control module 552 (using its transceiver control sub-module) is responsible for handling (generating/sending/receiving) signalling between the (R)AN node 5 and other nodes, such as the UE 3, another (R)AN node 5, the AMF 70 and the UPF 72 (e.g. directly or indirectly). The signalling may include, for example, appropriately formatted signalling messages relating to a radio connection and a connection with the core network 7 (for a particular UE 3), and in particular, relating to connection establishment and maintenance (e.g. RRC connection establishment and other RRC messages), NG Application Protocol (NGAP) messages (i.e. messages by N2 reference point) and Xn application protocol (XnAP) messages (i.e. messages by Xn reference point), etc. Such signalling may also include, for example, broadcast information (e.g. Master Information and System information) in a sending case.
The controller 54 is also configured (by software or hardware) to handle related tasks such as, when implemented, UE mobility estimate and/or moving trajectory estimation.
The (R)AN node 5 may support the Non-Public Network (NPN), The NPN may be a Stand-alone Non-Public Network (SNPN) or a Public Network Integrated NPN (PNI-NPN).
The RAN 501 and the RAN 502 may have same components to the (R)AN node 5. The (R)AN node 5 may be expressed as a RAN node, RAN, (R)AN etc.
< System overview of (R)AN node 5 based on O-RAN architecture >
Fig. 16 schematically illustrates a (R)AN node 5 based on O-RAN architecture to which the (R)AN node 5 aspects are applicable.
The (R)AN node 5 based on O-RAN architecture represents a system overview in which the (R)AN node is split into a Radio Unit (RU) 60, Distributed Unit (DU) 61 and Centralized Unit (CU) 62. In some aspects, each unit may be combined. For example, the RU 60 can be integrated/combined with the DU 61 as an integrated/combined unit, the DU 61 can be integrated/combined with the CU 62 as another integrated/combined unit. Any functionality in the description for a unit (e.g. one of RU 60, DU 61 and CU 62) can be implemented in the integrated/combined unit above. Further, CU 62 can separate into two functional units such as CU Control plane (CP) and CU User plane (UP). The CU CP has a control plane functionality in the (R)AN node 5. The CU UP has a user plane functionality in the (R)AN node 5. Each CU CP is connected to the CU UP via an appropriate interface (such as the so-called "E1" interface and/or the like).
The UE 3 and a respective serving RU 60 are connected via an appropriate air interface (for example the so-called "Uu" interface and/or the like). Each RU 60 is connected to the DU 61 via an appropriate interface (such as the so-called "Front haul", "Open Front haul", "F1" interface and/or the like). Each DU 61 is connected to the CU 62 via an appropriate interface (such as the so-called "Mid haul", "Open Mid haul", "E2" interface and/or the like). Each CU 62 is also connected to nodes in the core network 7 (such as the so-called core network nodes) via an appropriate interface (such as the so-called "Back haul", "Open Back haul", "N2"/ "N3" interface(s) and/or the like). In addition, a user plane part of the DU 61 can also be connected to the core network nodes via an appropriate interface (such as the so-called "N3" interface(s) and/or the like).
Depending on functionality split among the RU 60, DU 61 and CU 62, each unit provides some of the functionality that is provided by the (R)AN node 5. For example, the RU 60 may provide a functionalities to communicate with a UE 3 (e.g., the Network Relay UE 300) over air interface, the DU 61 may provide functionalities to support MAC layer and RLC layer, the CU 62 may provide functionalities to support PDCP layer, SDAP layer and RRC layer.
< Radio Unit (RU) >
Fig. 17 is a block diagram illustrating the main components of an exemplary RU 60, for example a RU part of base station ('eNB' in LTE, 'gNB' in 5G, a base station for 5G beyond, a base station for 6G). As shown, the RU 60 includes a transceiver circuit 601 which is operable to transmit signals to and to receive signals from connected UE(s) 3 via one or more antennas 602 and to transmit signals to and to receive signals from other network nodes or network unit (either directly or indirectly) via a network interface 603. A controller 604 controls the operation of the RU 60 in accordance with software stored in a memory 605. Software may be pre-installed in the memory and/or may be downloaded via the telecommunication network or from a removable data storage device (RMD), for example. The software includes, among other things, an operating system 6051 and a communications control module 6052 having at least a transceiver control module 60521.
The communications control module 6052 (using its transceiver control sub-module) is responsible for handling (generating/sending/receiving) signalling between the RU 60 and other nodes or units, such as the UE 3, another RU 60 and DU 61 (e.g. directly or indirectly). The signalling may include, for example, appropriately formatted signalling messages relating to a radio connection and a connection with the RU 60 (for a particular UE 3 (e.g., the Network Relay UE 300)), and in particular, relating to MAC layer and RLC layer.
The controller 604 is also configured (by software or hardware) to handle related tasks such as, when implemented, UE mobility estimate and/or moving trajectory estimation.
The RU 60 may support the Non-Public Network (NPN), The NPN may be a Stand-alone Non-Public Network (SNPN) or a Public Network Integrated NPN (PNI-NPN).
As described above, the RU 60 can be integrated/combined with the DU 61 as an integrated/combined unit. Any functionality in the description for the RU 60 can be implemented in the integrated/combined unit above.
< Distributed Unit (DU) >
Fig. 18 is a block diagram illustrating the main components of an exemplary DU 61, for example a DU part of a base station ('eNB' in LTE, 'gNB' in 5G, a base station for 5G beyond, a base station for 6G). As shown, the apparatus includes a transceiver circuit 611 which is operable to transmit signals to and to receive signals from other nodes or units (including the RU 60) via a network interface 612. A controller 613 controls the operation of the DU 61 in accordance with software stored in a memory 614. Software may be pre-installed in the memory 614 and/or may be downloaded via the telecommunication network or from a removable data storage device (RMD), for example. The software includes, among other things, an operating system 6141 and a communications control module 6142 having at least a transceiver control module 61421. The communications control module 6142 (using its transceiver control module 61421 is responsible for handling (generating/sending/receiving) signalling between the DU 61 and other nodes or units, such as the RU 60 and other nodes and units.
The DU 61 may support the Non-Public Network (NPN), The NPN may be a Stand-alone Non-Public Network (SNPN) or a Public Network Integrated NPN (PNI-NPN).
As described above, the RU 60 can be integrated/combined with the DU 61 or CU 62 as an integrated/combined unit. Any functionality in the description for DU 61 can be implemented in one of the integrated/combined unit above.
< Centralized Unit (CU) >
Fig. 19 is a block diagram illustrating the main components of an exemplary CU 62, for example a CU part of base station ('eNB' in LTE, 'gNB' in 5G, a base station for 5G beyond, a base station for 6G). As shown, the apparatus includes a transceiver circuit 621 which is operable to transmit signals to and to receive signals from other nodes or units (including the DU 61) via a network interface 622. A controller 623 controls the operation of the CU 62 in accordance with software stored in a memory 624. Software may be pre-installed in the memory 624 and/or may be downloaded via the telecommunication network or from a removable data storage device (RMD), for example. The software includes, among other things, an operating system 6241 and a communications control module 6242 having at least a transceiver control module 62421. The communications control module 6242 (using its transceiver control module 62421 is responsible for handling (generating/sending/receiving) signalling between the CU 62 and other nodes or units, such as the DU 61 and other nodes and units.
The CU 62 may support the Non-Public Network (NPN), The NPN may be a Stand-alone Non-Public Network (SNPN) or a Public Network Integrated NPN (PNI-NPN).
As described above, the CU 62 can be integrated/combined with the DU 61 as an integrated/combined unit. Any functionality in the description for the CU 62 can be implemented in the integrated/combined unit above.
< AMF >
Fig. 20 is a block diagram illustrating the main components of the AMF 70. As shown, the apparatus includes a transceiver circuit 701 which is operable to transmit signals to and to receive signals from other nodes (including the UE 3 (e.g., the Network Relay UE 300 and the UE 3), the NSSF 76) via a network interface 702. A controller 703 controls the operation of the AMF 70 in accordance with software stored in a memory 704. Software may be pre-installed in the memory 704 and/or may be downloaded via the telecommunication network or from a removable data storage device (RMD), for example. The software includes, among other things, an operating system 7041 and a communications control module 7042 having at least a transceiver control module 70421. The communications control module 7042 (using its transceiver control module 70421 is responsible for handling (generating/sending/receiving) signalling between the AMF 70 and other nodes, such as the UE 3 (e.g. via the (R)AN node 5) and other core network nodes (including core network nodes in the HPLMN of the UE 3 when the UE 3 is roaming-in. Such signalling may include, for example, appropriately formatted signalling messages (e.g. a registration request message and associated response messages) relating to access and mobility management procedures (for the UE 3).
The AMF 70 may support the Non-Public Network (NPN), The NPN may be a Stand-alone Non-Public Network (SNPN) or a Public Network Integrated NPN (PNI-NPN). The AMF 7001, the AMF 7002, the MN AMF 7001 and the SN AMF 7002 may have same components to the AMF 70.
< SMF >
Fig. 21 is a block diagram illustrating the main components of the SMF 71. As shown, the apparatus includes a transceiver circuit 711 which is operable to transmit signals to and to receive signals from other nodes (including the AMF 70) via a network interface 712. A controller 713 controls the operation of the SMF 71 in accordance with software stored in a memory 714. Software may be pre-installed in the memory 714 and/or may be downloaded via the telecommunication network or from a removable data storage device (e.g. a removable memory device (RMD)), for example. The software includes, among other things, an operating system 7141 and a communications control module 7142 having at least a transceiver control module 71421. The communications control module 7142 (using its transceiver control module 71421 is responsible for handling (generating/sending/receiving) signalling between the SMF 71 and other nodes, such as the AMF 70 and other core network nodes (including core network nodes in the HPLMN of the UE 3 (e.g., the Network Relay UE 300 and the UE 3) when the UE 3 is roaming-in. Such signalling may include, for example, appropriately formatted signalling messages (e.g. a HTTP restful methods based on the service based interfaces) relating to policy management procedures (for the UE 3).
The SMF 71 may support the Non-Public Network (NPN), The NPN may be a Stand-alone Non-Public Network (SNPN) or a Public Network Integrated NPN (PNI-NPN). The SMF 7101 and the SMF 7102 may have same components to the SMF 71.
< UPF >
Fig. 22 is a block diagram illustrating the main components of the UPF 72. As shown, the apparatus includes a transceiver circuit 721 which is operable to transmit signals to and to receive signals from other nodes (including the SMF 71) via a network interface 722. A controller 723 controls the operation of the UPF 72 in accordance with software stored in a memory 724. Software may be pre-installed in the memory 724 and/or may be downloaded via the telecommunication network or from a removable data storage device (e.g. a removable memory device (RMD)), for example. The software includes, among other things, an operating system 7241 and a communications control module 7242 having at least a transceiver control module 72421. The communications control module 7242 (using its transceiver control module 72421 is responsible for handling (generating/sending/receiving) signalling between the UPF 72 and other nodes, such as the SMF 71 and other core network nodes (including core network nodes in the HPLMN of the UE 3 (e.g., the Network Relay UE 300 and the UE 3) when the UE 3 is roaming-in. Such signalling may include, for example, appropriately formatted signalling messages (e.g. a HTTP restful methods based on the service based interfaces) relating to policy management procedures (for the UE 3).
The UPF 72 may support the Non-Public Network (NPN), The NPN may be a Stand-alone Non-Public Network (SNPN) or a Public Network Integrated NPN (PNI-NPN). The UPF 7201, the UPF 7202 and the UPF 7203 may have same components to the UPF 72.
< PCF >
Fig. 23 is a block diagram illustrating the main components of the PCF 73. As shown, the apparatus includes a transceiver circuit 731 which is operable to transmit signals to and to receive signals from other nodes (including the AMF 70) via a network interface 732. A controller 733 controls the operation of the PCF 73 in accordance with software stored in a memory 734. Software may be pre-installed in the memory 734 and/or may be downloaded via the telecommunication network or from a removable data storage device (e.g. a removable memory device (RMD)), for example. The software includes, among other things, an operating system 7341 and a communications control module 7342 having at least a transceiver control module 73421. The communications control module 7342 (using its transceiver control module 73421 is responsible for handling (generating/sending/receiving) signalling between the PCF 73 and other nodes, such as the AMF 70 and other core network nodes (including core network nodes in the HPLMN of the UE 3 (e.g., the Network Relay UE 300 and the UE 3) when the UE 3 is roaming-in. Such signalling may include, for example, appropriately formatted signalling messages (e.g. a HTTP restful methods based on the service based interfaces) relating to policy management procedures (for the UE 3).
The PCF 73 may support the Non-Public Network (NPN), The NPN may be a Stand-alone Non-Public Network (SNPN) or a Public Network Integrated NPN (PNI-NPN). The PCF 7301, the PCF 7302, the PCF 7303, the V-PCF 7301, the V-PCF 7302 and the H-PCF 7303 may have same components to the PCF 73.
< NWDAF >
Fig. 24 is a block diagram illustrating the main components of the NWDAF 74. As shown, the apparatus includes a transceiver circuit 741 which is operable to transmit signals to and to receive signals from other nodes (including the AMF 70 and the UDM 75) via a network interface 742. A controller 743 controls the operation of the NWDAF 74 in accordance with software stored in a memory 744. Software may be pre-installed in the memory 744 and/or may be downloaded via the telecommunication network or from a removable data storage device (e.g. a removable memory device (RMD)), for example. The software includes, among other things, an operating system 7441 and a communications control module 7442 having at least a transceiver control module 74421. The communications control module 7442 (using its transceiver control module 74421 is responsible for handling (generating/sending/receiving) signalling between the NWDAF 74 and other nodes, such as the AMF 70 and other core network nodes (including core network nodes in the HPLMN of the UE 3 when the UE 3 is roaming-in. Such signalling may include, for example, appropriately formatted signalling messages (e.g. a HTTP restful methods based on the service based interfaces) relating to policy management procedures (for the UE 3).
The NWDAF 74 may support the Non-Public Network (NPN), The NPN may be a Stand-alone Non-Public Network (SNPN) or a Public Network Integrated NPN (PNI-NPN).
< UDM >
Fig. 25 is a block diagram illustrating the main components of the UDM 75. As shown, the apparatus includes a transceiver circuit 751 which is operable to transmit signals to and to receive signals from other nodes (including the AMF 70) via a network interface 752. A controller 753 controls the operation of the UDM 75 in accordance with software stored in a memory 754. Software may be pre-installed in the memory 754 and/or may be downloaded via the telecommunication network or from a removable data storage device (RMD), for example. The software includes, among other things, an operating system 7541 and a communications control module 7542 having at least a transceiver control module 75421. The communications control module 7542 (using its transceiver control module 75421 is responsible for handling (generating/sending/receiving) signalling between the UDM 75 and other nodes, such as the AMF 70 and other core network nodes (including core network nodes in the VPLMN of the UE 3 (e.g., the Network Relay UE 300 and the UE 3) when the UE 3 is roaming-out. Such signalling may include, for example, appropriately formatted signalling messages (e.g. a HTTP restful methods based on the service based interfaces) relating to mobility management procedures (for the UE 3).
The UDM 75 may support the Non-Public Network (NPN), The NPN may be a Stand-alone Non-Public Network (SNPN) or a Public Network Integrated NPN (PNI-NPN).
< AUSF >
Fig. 26 is a block diagram illustrating the main components of the AUSF 76. As shown, the apparatus includes a transceiver circuit 761 which is operable to transmit signals to and to receive signals from other nodes (including the AMF 70) via a network interface 762. A controller 763 controls the operation of the AUSF 76 in accordance with software stored in a memory 764. Software may be pre-installed in the memory 764 and/or may be downloaded via the telecommunication network or from a removable data storage device (RMD), for example. The software includes, among other things, an operating system 7641 and a communications control module 7642 having at least a transceiver control module 76421. The communications control module 7642 (using its transceiver control module 76421 is responsible for handling (generating/sending/receiving) signalling between the AUSF 76 and other nodes, such as the AMF 70 and other core network nodes (including core network nodes in the VPLMN of the UE 3 when the UE 3 is roaming-out. Such signalling may include, for example, appropriately formatted signalling messages (e.g. a HTTP restful methods based on the service based interfaces) relating to mobility management procedures (for the UE 3).
The AUSF 76 may support the Non-Public Network (NPN), The NPN may be a Stand-alone Non-Public Network (SNPN) or a Public Network Integrated NPN (PNI-NPN).
< AAnF >
Fig. 27 is a block diagram illustrating the main components of the AAnF 77. As shown, the apparatus includes a transceiver circuit 771 which is operable to transmit signals to and to receive signals from other nodes (including the AMF 70) via a network interface 772. A controller 773 controls the operation of the AAnF 77 in accordance with the software stored in a memory 774. The Software may be pre-installed in the memory 774 and/or may be downloaded via the telecommunication network or from a removable data storage device (e.g. a removable memory device (RMD)), for example. The software includes, among other things, an operating system 7741 and a communications control module 7742 having at least a transceiver control module 77421. The communications control module 7742 (using its transceiver control module 77421 is responsible for handling (generating/sending/receiving) signalling between the AAnF 77 and other nodes, such as the AMF 70 and other core network nodes (including core network nodes in the HPLMN of the UE 3 when the UE 3 is roaming-in. Such signalling may include, for example, appropriately formatted signalling messages (e.g. a HTTP restful methods based on the service based interfaces) relating to network data analytics function procedures (for the UE 3).
The AAnF 77 may support the Non-Public Network (NPN), The NPN may be a Stand-alone Non-Public Network (SNPN) or a Public Network Integrated NPN (PNI-NPN). AAnF 7702, the AAnF 7703 and the AAnF 7704 may have same components to the AAnF 77.
< NRF >
Fig. 28 is a block diagram illustrating the main components of the NRF 78. As shown, the apparatus includes a transceiver circuit 781 which is operable to transmit signals to and to receive signals from other nodes (including the AMF 70) via a network interface 782. A controller 783 controls the operation of the NRF 78 in accordance with the software stored in a memory 784. The Software may be pre-installed in the memory 784 and/or may be downloaded via the telecommunication network or from a removable data storage device (e.g. a removable memory device (RMD)), for example. The software includes, among other things, an operating system 7841 and a communications control module 7842 having at least a transceiver control module 78421. The communications control module 7842 (using its transceiver control module 78421 is responsible for handling (generating/sending/receiving) signalling between the NRF 78 and other nodes, such as the AMF 70 and other core network nodes (including core network nodes in the HPLMN of the UE 3 when the UE 3 is roaming-in. Such signalling may include, for example, appropriately formatted signalling messages (e.g. a HTTP restful methods based on the service based interfaces) relating to network data analytics function procedures (for the UE 3).
The NRF 78 may support the Non-Public Network (NPN), The NPN may be a Stand-alone Non-Public Network (SNPN) or a Public Network Integrated NPN (PNI-NPN).
< NEF >
Fig. 29 is a block diagram illustrating the main components of the NEF 79. As shown, the apparatus includes a transceiver circuit 791 which is operable to transmit signals to and to receive signals from other nodes (including the AMF 70) via a network interface 792. A controller 793 controls the operation of the NEF 79 in accordance with the software stored in a memory 794. The Software may be pre-installed in the memory 794 and/or may be downloaded via the telecommunication network or from a removable data storage device (e.g. a removable memory device (RMD)), for example. The software includes, among other things, an operating system 7941 and a communications control module 7942 having at least a transceiver control module 79421. The communications control module 7942 (using its transceiver control module 79421 is responsible for handling (generating/sending/receiving) signalling between the NEF 79 and other nodes, such as the AMF 70 and other core network nodes (including core network nodes in the HPLMN of the UE 3 when the UE 3 is roaming-in. Such signalling may include, for example, appropriately formatted signalling messages (e.g. a HTTP restful methods based on the service based interfaces) relating to network data analytics function procedures (for the UE 3).
The NEF 79 may support the Non-Public Network (NPN), The NPN may be a Stand-alone Non-Public Network (SNPN) or a Public Network Integrated NPN (PNI-NPN).
< UDR >
Fig. 30 is a block diagram illustrating the main components of the UDR 7A. As shown, the apparatus includes a transceiver circuit 7A1 which is operable to transmit signals to and to receive signals from other nodes (including the AMF 70) via a network interface 7A2. A controller 7A3 controls the operation of the UDR 7A in accordance with the software stored in a memory 7A4. The Software may be pre-installed in the memory 7A4 and/or may be downloaded via the telecommunication network or from a removable data storage device (e.g. a removable memory device (RMD)), for example. The software includes, among other things, an operating system 7A41 and a communications control module 7A42 having at least a transceiver control module 7A421. The communications control module 7A42 (using its transceiver control module 7A421 is responsible for handling (generating/sending/receiving) signalling between the UDR 7A and other nodes, such as the AMF 70 and other core network nodes (including core network nodes in the HPLMN of the UE 3 when the UE 3 is roaming-in. Such signalling may include, for example, appropriately formatted signalling messages (e.g. a HTTP restful methods based on the service based interfaces) relating to network data analytics function procedures (for the UE 3).
The UDR 7A may support the Non-Public Network (NPN), The NPN may be a Stand-alone Non-Public Network (SNPN) or a Public Network Integrated NPN (PNI-NPN).
< BSF >
Fig. 31 is a block diagram illustrating the main components of the BSF 7B. As shown, the apparatus includes a transceiver circuit 7B1 which is operable to transmit signals to and to receive signals from other nodes (including the AMF 70) via a network interface 7B2. A controller 7B3 controls the operation of the BSF 7B in accordance with the software stored in a memory 7B4. The Software may be pre-installed in the memory 7B4 and/or may be downloaded via the telecommunication network or from a removable data storage device (e.g. a removable memory device (RMD)), for example. The software includes, among other things, an operating system 7B41 and a communications control module 7B42 having at least a transceiver control module 7B421. The communications control module 7B42 (using its transceiver control module 7B421 is responsible for handling (generating/sending/receiving) signalling between the BSF 7B and other nodes, such as the AMF 70 and other core network nodes (including core network nodes in the HPLMN of the UE 3 when the UE 3 is roaming-in. Such signalling may include, for example, appropriately formatted signalling messages (e.g. a HTTP restful methods based on the service based interfaces) relating to network data analytics function procedures (for the UE 3).
The BSF 7B may support the Non-Public Network (NPN), The NPN may be a Stand-alone Non-Public Network (SNPN) or a Public Network Integrated NPN (PNI-NPN).
< AF >
Fig. 32 is a block diagram illustrating the main components of the AF 201. As shown, the apparatus includes a transceiver circuit 2011 which is operable to transmit signals to and to receive signals from other nodes (including the UE 3 (e.g., the Network Relay UE 300 and the UE 3)) via a network interface 2012. A controller 2013 controls the operation of the AF 201 in accordance with software stored in a memory 2014. Software may be pre-installed in the memory 2014 and/or may be downloaded via the telecommunication network or from a removable data storage device (e.g. a removable memory device (RMD)), for example. The software includes, among other things, an operating system 20141 and a communications control module 20142 having at least a transceiver control module 201421. The communications control module 20142 (using its transceiver control module 201421 is responsible for handling (generating/sending/receiving) signalling between the AF 201 and other nodes, such as the UE 3 and other core network nodes (including core network nodes in the HPLMN of the UE 3 when the UE 3 is roaming-in. Such signalling may include, for example, appropriately formatted signalling messages (e.g. a HTTP restful methods based on the service based interfaces) relating to policy management procedures (for the UE 3).
The AF 201 may support the Non-Public Network (NPN), The NPN may be a Stand-alone Non-Public Network (SNPN) or a Public Network Integrated NPN (PNI-NPN).
< AP >
Fig. 33 is a block diagram illustrating the main components of the AP 202. As shown, the apparatus includes a transceiver circuit 2021 which is operable to transmit signals to and to receive signals from other nodes (including the UE 3 (e.g., the Network Relay UE 300 and the UE 3)) via a network interface 2022. A controller 2023 controls the operation of the AP 202 in accordance with software stored in a memory 2024. Software may be pre-installed in the memory 2024 and/or may be downloaded via the telecommunication network or from a removable data storage device (e.g. a removable memory device (RMD)), for example. The software includes, among other things, an operating system 20241 and a communications control module 20242 having at least a transceiver control module 202421. The communications control module 20242 (using its transceiver control module 202421 is responsible for handling (generating/sending/receiving) signalling between the AP 202 and other nodes, such as the UE 3 and other core network nodes (including core network nodes in the HPLMN of the UE 3 when the UE 3 is roaming-in. Such signalling may include, for example, appropriately formatted signalling messages (e.g. a HTTP restful methods based on the service based interfaces) relating to policy management procedures (for the UE 3).
The AP 202 may support the Non-Public Network (NPN), The NPN may be a Stand-alone Non-Public Network (SNPN) or a Public Network Integrated NPN (PNI-NPN).
< NAF >
Fig. 34 is a block diagram illustrating the main components of the NAF 203. As shown, the apparatus includes a transceiver circuit 2031 which is operable to transmit signals to and to receive signals from other nodes (including the UE 3 (e.g., the Network Relay UE 300 and the UE 3)) via a network interface 2032. A controller 2033 controls the operation of the NAF 203 in accordance with software stored in a memory 2034. Software may be pre-installed in the memory 2034 and/or may be downloaded via the telecommunication network or from a removable data storage device (e.g. a removable memory device (RMD)), for example. The software includes, among other things, an operating system 20341 and a communications control module 20342 having at least a transceiver control module 203421. The communications control module 20342 (using its transceiver control module 203421 is responsible for handling (generating/sending/receiving) signalling between the NAF 203 and other nodes, such as the UE 3 and other core network nodes (including core network nodes in the HPLMN of the UE 3 when the UE 3 is roaming-in. Such signalling may include, for example, appropriately formatted signalling messages (e.g. a HTTP restful methods based on the service based interfaces) relating to policy management procedures (for the UE 3).
The NAF 203 may support the Non-Public Network (NPN), The NPN may be a Stand-alone Non-Public Network (SNPN) or a Public Network Integrated NPN (PNI-NPN).
< Modifications and Alternatives >
Detailed aspects have been described above. As those skilled in the art will appreciate, a number of modifications and alternatives can be made to the above aspects whilst still benefiting from the disclosures embodied therein. By way of illustration only a number of these alternatives and modifications will now be described.
In the above description, the UE 3 and the network apparatus are described for ease of understanding as having a number of discrete modules (such as the communication control modules). Whilst these modules may be provided in this way for certain applications, for example where an existing system has been modified to implement the disclosure, in other applications, for example in systems designed with the inventive features in mind from the outset, these modules may be built into the overall operating system or code and so these modules may not be discernible as discrete entities. These modules may also be implemented in software, hardware, firmware or a mix of these.
Each controller may comprise any suitable form of processing circuitry including (but not limited to), for example: one or more hardware implemented computer processors; microprocessors; central processing units (CPUs); arithmetic logic units (ALUs); input/output (IO) circuits; internal memories / caches (program and/or data); processing registers; communication buses (e.g. control, data and/or address buses); direct memory access (DMA) functions, hardware or software implemented counters, pointers and/or timers; and/or the like.
In the above aspects, a number of software modules were described. As those skilled in the art will appreciate, the software modules may be provided in compiled or un-compiled form and may be supplied to the UE 3 and the network apparatus as a signal over a computer network, or on a recording medium. Further, the functionality performed by part or all of this software may be performed using one or more dedicated hardware circuits. However, the use of software modules is preferred as it facilitates the updating of the UE 3 and the network apparatus in order to update their functionalities.
In the above aspects, a 3GPP radio communications (radio access) technology is used. However, any other radio communications technology (e.g. WLAN, Wi-Fi, WiMAX, Bluetooth, etc.) and other fix line communications technology (e.g. BBF Access, Cable Access, optical access, etc.) may also be used in accordance with the above aspects.
Items of user equipment might include, for example, communication devices such as mobile telephones, smartphones, user equipment, personal digital assistants, laptop/tablet computers, web browsers, e-book readers and/or the like. Such mobile (or even generally stationary) devices are typically operated by a user, although it is also possible to connect so-called 'Internet of Things' (IoT) devices and similar machine-type communication (MTC) devices to the network. For simplicity, the present application refers to mobile devices (or UEs) in the description but it will be appreciated that the technology described can be implemented on any communication devices (mobile and/or generally stationary) that can connect to a communications network for sending/receiving data, regardless of whether such communication devices are controlled by human input or software instructions stored in memory.
Various other modifications will be apparent to those skilled in the art and will not be described in further detail here.
As will be appreciated by one of skill in the art, the present disclosure may be embodied as a method, and system. Accordingly, the present disclosure may take the form of an entirely hardware embodiment, a software embodiment or an embodiment combining software and hardware aspects.
It will be understood that each block of the block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general-purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks. A general-purpose processor may be a microprocessor, but in the alternative, the processor may be any conventional processor, controller, microcontroller, or state machine. A processor may also be implemented as a combination of computing devices, e.g., a plurality of microprocessors, one or more microprocessors, or any other such configuration.
The methods or algorithms described in connection with the examples disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in RAM memory, flash memory, ROM memory, EPROM memory, EEPROM memory, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art. A storage medium may be coupled to the processor such that the processor can read information from, and write information to, the storage medium. In the alternative, the storage medium may be integral to the processor. The processor and the storage medium may reside in an ASIC.
The previous description of the disclosed examples is provided to enable any person skilled in the art to make or use the present disclosure. Various modifications to these examples will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other examples without departing from the spirit or scope of the disclosure. Thus, the present disclosure is not intended to be limited to the examples shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
While the disclosure has been particularly shown and described with reference to exemplary Aspects thereof, the disclosure is not limited to these Aspects. It will be understood by those of ordinary skill in the art that various changes in form and details may be made therein without departing from the spirit and scope of the present disclosure as defined by this document. For example, the Aspects above are not limited to 5GS, and the Aspects are also applicable to communication system other than 5GS (e.g., 6G system, 5G beyond system).
This application is based upon and claims the benefit of priority from Indian patent application No. 202411028207, filed on April 5, 2024, the disclosure of which is incorporated herein in its entirety by reference.
< Supplementary notes >
The whole or part of the example Aspects disclosed above can be described as, but not limited to, the following supplementary notes.
(supplementary note 1)
  A method performed by a user equipment (UE), the method comprising:
  having a first Subscription Permanent Identifier (SUPI) and a second SUPI;
  sending, to a first core network (CN) device, a first request message comprising first information related to multiple Authentication and Key Management for Applications (AKMA); and
  receiving, from the first CN device, a first response message comprising a first AKMA for the first SUPI and/or a second AKMA for the second SUPI.
(supplementary note 2)
  The method according to supplementary note 1, wherein
  the first CN device comprises an Access and Mobility Management Function.
(supplementary note 3)
  The method according to supplementary note 1, wherein
  the first request message further comprises information related to user identity.
(supplementary note 4)
  The method according to supplementary note 1, wherein
  the first response message further comprises information related to 5G Globally Unique Temporary Identifier (5G-GUTI).
(supplementary note 5)
  A method performed by a first core network (CN) device, the method comprising:
  receiving, from a user equipment (UE) having a first Subscription Permanent Identifier (SUPI) and a second SUPI, a first request message comprising first information related to multiple Authentication and Key Management for Applications (AKMA);
  sending, to the UE, a first response message comprising a first AKMA for the first SUPI and/or a second AKMA for the second SUPI.
(supplementary note 6)
  The method according to supplementary note 5, wherein
  the sending the first response message comprises:
  based on a determination that an AKMA function related to the first SUPI is set,
  the first response message comprises the first AKMA for the first SUPI.
(supplementary note 7)
  The method according to supplementary note 5, wherein
  the sending the first response message comprises:
based on a determination that an AKMA function related to the second SUPI is set,
  the first response message comprises the second AKMA for the second SUPI.
(supplementary note 8)
  The method according to supplementary note 5, wherein
  the first request message further comprises information related to user identity.
(supplementary note 9)
  The method according to supplementary note 5, wherein
  the first response message further comprises information related to 5G Globally Unique Temporary Identifier (5G-GUTI).
(supplementary note 10)
  A user equipment (UE) comprising:
  one or more memories storing instructions; and
one or more processors configured to process the instructions to control the UE to:
  have a first Subscription Permanent Identifier (SUPI) and a second SUPI;
  send, to a first core network (CN) device, a first request message comprising first information related to multiple Authentication and Key Management for Applications (AKMA); and
  receive, from the first CN device, a first response message comprising a first AKMA for the first SUPI and/or a second AKMA for the second SUPI.
(supplementary note 11)
  The UE according to supplementary note 10, wherein
  the first CN device comprises an Access and Mobility Management Function.
(supplementary note 12)
  The UE according to supplementary note 10, wherein
  the first request message further comprises information related to user identity.
(supplementary note 13)
  The UE according to supplementary note 10, wherein
  the first response message further comprises information related to 5G Globally Unique Temporary Identifier (5G-GUTI).
(supplementary note 14)
  A first core network (CN) device comprising:
  one or more memories storing instructions; and
one or more processors configured to process the instructions to control the first CN to:
  receive, from a user equipment (UE) having a first Subscription Permanent Identifier (SUPI) and a second SUPI, a first request message comprising first information related to multiple Authentication and Key Management for Applications (AKMA);
  send, to the UE, a first response message comprising a first AKMA for the first SUPI and/or a second AKMA for the second SUPI.
(supplementary note 15)
  The first CN according to supplementary note 14, wherein
  based on a determination that an AKMA function related to the first SUPI is set,
  the first response message comprises the first AKMA for the first SUPI.
(supplementary note 16)
  The first CN according to supplementary note 14, wherein
  based on a determination that an AKMA function related to the second SUPI is set,
  the first response message comprises the second AKMA for the second SUPI.
(supplementary note 17)
  The first CN according to supplementary note 14, wherein
  the first request message further comprises information related to user identity.
(supplementary note 18)
  The first CN according to supplementary note 14, wherein
  the first response message further comprises information related to 5G Globally Unique Temporary Identifier (5G-GUTI).
1 TELECOMMUNICATION SYSTEM
3 UE
5 (R)AN node
7 CORE NETWORK
70 AMF
71 SMF
72 UPF
73 PCF
74 NWDAF
75 UDM
76 AUSF, NSSF
20 DATA NETWORK
35 USIM

Claims (18)

  1.   A method performed by a user equipment (UE), the method comprising:
      having a first Subscription Permanent Identifier (SUPI) and a second SUPI;
      sending, to a first core network (CN) device, a first request message comprising first information related to multiple Authentication and Key Management for Applications (AKMA); and
      receiving, from the first CN device, a first response message comprising a first AKMA for the first SUPI and/or a second AKMA for the second SUPI.
  2.   The method according to claim 1, wherein
      the first CN device comprises an Access and Mobility Management Function.
  3.   The method according to claim 1, wherein
      the first request message further comprises information related to user identity.
  4.   The method according to claim 1, wherein
      the first response message further comprises information related to 5G Globally Unique Temporary Identifier (5G-GUTI).
  5.   A method performed by a first core network (CN) device, the method comprising:
      receiving, from a user equipment (UE) having a first Subscription Permanent Identifier (SUPI) and a second SUPI, a first request message comprising first information related to multiple Authentication and Key Management for Applications (AKMA);
      sending, to the UE, a first response message comprising a first AKMA for the first SUPI and/or a second AKMA for the second SUPI.
  6.   The method according to claim 5, wherein
      the sending the first response message comprises:
      based on a determination that an AKMA function related to the first SUPI is set,
      the first response message comprises the first AKMA for the first SUPI.
  7.   The method according to claim 5, wherein
      the sending the first response message comprises:
    based on a determination that an AKMA function related to the second SUPI is set,
      the first response message comprises the second AKMA for the second SUPI.
  8.   The method according to claim 5, wherein
      the first request message further comprises information related to user identity.
  9.   The method according to claim 5, wherein
      the first response message further comprises information related to 5G Globally Unique Temporary Identifier (5G-GUTI).
  10.   A user equipment (UE) comprising:
      one or more memories storing instructions; and
    one or more processors configured to process the instructions to control the UE to:
      have a first Subscription Permanent Identifier (SUPI) and a second SUPI;
      send, to a first core network (CN) device, a first request message comprising first information related to multiple Authentication and Key Management for Applications (AKMA); and
      receive, from the first CN device, a first response message comprising a first AKMA for the first SUPI and/or a second AKMA for the second SUPI.
  11.   The UE according to claim 10, wherein
      the first CN device comprises an Access and Mobility Management Function.
  12.   The UE according to claim 10, wherein
      the first request message further comprises information related to user identity.
  13.   The UE according to claim 10, wherein
      the first response message further comprises information related to 5G Globally Unique Temporary Identifier (5G-GUTI).
  14.   A first core network (CN) device comprising:
      one or more memories storing instructions; and
    one or more processors configured to process the instructions to control the first CN to:
      receive, from a user equipment (UE) having a first Subscription Permanent Identifier (SUPI) and a second SUPI, a first request message comprising first information related to multiple Authentication and Key Management for Applications (AKMA);
      send, to the UE, a first response message comprising a first AKMA for the first SUPI and/or a second AKMA for the second SUPI.
  15.   The first CN according to claim 14, wherein
      based on a determination that an AKMA function related to the first SUPI is set,
      the first response message comprises the first AKMA for the first SUPI.
  16.   The first CN according to claim 14, wherein
      based on a determination that an AKMA function related to the second SUPI is set,
      the first response message comprises the second AKMA for the second SUPI.
  17.   The first CN according to claim 14, wherein
      the first request message further comprises information related to user identity.
  18.   The first CN according to claim 14, wherein
      the first response message further comprises information related to 5G Globally Unique Temporary Identifier (5G-GUTI).
PCT/JP2025/013362 2024-04-05 2025-04-01 Method performed by user equipment, method performed by first core network device, user equipment, and first core network device Pending WO2025211365A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
IN202411028207 2024-04-05
IN202411028207 2024-04-05

Publications (1)

Publication Number Publication Date
WO2025211365A1 true WO2025211365A1 (en) 2025-10-09

Family

ID=97267071

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2025/013362 Pending WO2025211365A1 (en) 2024-04-05 2025-04-01 Method performed by user equipment, method performed by first core network device, user equipment, and first core network device

Country Status (1)

Country Link
WO (1) WO2025211365A1 (en)

Similar Documents

Publication Publication Date Title
WO2022259830A1 (en) Method of user equipment (ue) and user equipment (ue)
WO2023032529A1 (en) METHOD OF COMMUNICATION APPARATUS, METHOD OF gNB-CU-CP APPARATUS, METHOD OF AMF APPARATUS, METHOD OF SMF APPARATUS, METHOD OF gNB-DU APPARATUS, METHOD OF UPF APPARATUS, COMMUNICATION APPARATUS, gNB-CU-CP APPARATUS, AMF APPARATUS, SMF APPARATUS, gNB-DU APPARATUS AND UPF APPARATUS
WO2022270259A1 (en) Method of session management function (smf) apparatus, method of network slice admission control function (nsacf) apparatus, method of access and mobility management function (amf) apparatus, method of apparatus related to smf, smf apparatus, nsacf apparatus, amf apparatus and apparatus related to smf
WO2023286779A1 (en) Method performed by radio terminal and radio terminal
WO2023145526A1 (en) Method of user equipment (ue), method of communication apparatus, ue and communication apparatus
WO2022270386A1 (en) Method of first access and mobility management function (amf) apparatus, method of user equipment (ue), first access and mobility management function (amf) apparatus, and user equipment (ue)
WO2024150678A1 (en) Radio terminal, core network node, unified data management (udm), home subscriber server(hss),user equipment (ue), and method
WO2024162185A1 (en) Access and mobility management function, amf, shared radio access network, ran, and method
WO2023182199A1 (en) Method of user equipment (ue), ue, method of communication apparatus and communication apparatus
WO2025211365A1 (en) Method performed by user equipment, method performed by first core network device, user equipment, and first core network device
WO2025211360A1 (en) Method performed by user equipment (ue), method performed by first core network (cn) device, user equipment (ue), and first core network (cn) device
WO2025211350A1 (en) Method performed by user equipment (ue), method performed by first core network (cn) device, user equipment (ue), and first core network (cn) device
WO2024225050A1 (en) Method of remote user equipment (ue), method of first communication apparatus, remote ue and first communication apparatus
WO2025069797A1 (en) Method of user equipment (ue), method of access and mobility management function (amf), ue, and amf
WO2025069793A1 (en) Method of user equipment (ue), method of access and mobility management function (amf), ue, and amf
WO2024029421A1 (en) Method of access and mobility management function (amf), method of user equipment (ue), amf, and ue
WO2024150683A1 (en) Radio station, core network node, radio terminal, and methods
WO2024053389A1 (en) User equipment (ue), method of ue and access and mobility management function (amf)
WO2025018243A1 (en) Radio terminal, first core network node, second core network node, third core network node, fourth core network node, method for a radio terminal, method for a first core network node, method for a second core network node, method for a third core network node, and method for a fourth core network node
WO2025018277A1 (en) Method of user equipment (ue) and ue
WO2025018268A1 (en) Method of user equipment (ue), method of core network apparatus, ue and core network apparatus
WO2025018242A1 (en) Method of user equipment (ue), method of communication apparatus, ue and communication apparatus
WO2025018244A1 (en) Method of user equipment (ue), method of communication apparatus, ue and communication apparatus
WO2025018245A1 (en) Radio terminal, master first core network node, secondary first core network node, second core network node, fourth core network node, method for radio terminal, method for master first core network node, method for secondary first core network node, method for second core network node, and method for fourth core network node
WO2025018276A1 (en) Method of user equipment (ue), method of communication apparatus, ue and communication apparatus