[go: up one dir, main page]

WO2025211365A1 - Procédé mis en œuvre par un équipement utilisateur, procédé mis en œuvre par un premier dispositif de réseau central, équipement utilisateur et premier dispositif de réseau central - Google Patents

Procédé mis en œuvre par un équipement utilisateur, procédé mis en œuvre par un premier dispositif de réseau central, équipement utilisateur et premier dispositif de réseau central

Info

Publication number
WO2025211365A1
WO2025211365A1 PCT/JP2025/013362 JP2025013362W WO2025211365A1 WO 2025211365 A1 WO2025211365 A1 WO 2025211365A1 JP 2025013362 W JP2025013362 W JP 2025013362W WO 2025211365 A1 WO2025211365 A1 WO 2025211365A1
Authority
WO
WIPO (PCT)
Prior art keywords
supi
akma
network
message
dual
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
PCT/JP2025/013362
Other languages
English (en)
Inventor
Kundan Tiwari
Toshiyuki Tamura
Iskren Ianev
Jasmina MCMENAMY
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
NEC Corp
Original Assignee
NEC Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by NEC Corp filed Critical NEC Corp
Publication of WO2025211365A1 publication Critical patent/WO2025211365A1/fr
Pending legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Definitions

  • the present disclosure relates to a method of a User Equipment (UE), a method of a core network communication apparatus etc.
  • UE User Equipment
  • the Dual Steer device shall be able to handle user data (for different services) across two 3GPP accesses.
  • the following requirements are captured for the Dual Steer device in 3GPP 22.261 [2]: - a subscriber with two subscriptions/SUPIs, sharing one subscription profile from the same operator; - for simultaneous transmission over two networks, a Dual Steer device is assumed to include two separate UEs.
  • the AKMA shall use the UE subscription and the credentials used for 5G access.
  • Dual Steer device uses the AKMA function for providing a security to applications, it is unclear which subscription/SUPI to be used for AKMA function, as there might be two subscriptions/SUPIs associated to the Dual Steer device.
  • the Dual Steer device uses a security key to an application derived from a SUPI while the application server in an external network uses a security key derived from another SUPI, then the security function in the application does not work as security keys are different between the application client in the Dual Steer device and the application server. This security key mismatch leads to out of service to the end users for all applications in the application server.
  • 3GPP should define an overall architecture that makes a cross feature functioning possible between the Dual Steer function and AKMA function together.
  • the present disclosure provide a method performed by a user equipment (UE), a method performed by a first core network (CN) device, a user equipment (UE), and a first core network (CN) device.
  • UE user equipment
  • CN core network
  • the disclosure provides a method performed by a user equipment (UE), the method comprising: having a first Subscription Permanent Identifier (SUPI) and a second SUPI; sending, to a first core network (CN) device, a first request message comprising first information related to multiple Authentication and Key Management for Applications (AKMA); and receiving, from the first CN device, a first response message comprising a first AKMA for the first SUPI and/or a second AKMA for the second SUPI.
  • SUPI Subscription Permanent Identifier
  • AKMA Authentication and Key Management for Applications
  • the disclosure provides a method performed by a first core network (CN) device, the method comprising: receiving, from a user equipment (UE) having a first Subscription Permanent Identifier (SUPI) and a second SUPI, a first request message comprising first information related to multiple Authentication and Key Management for Applications (AKMA); sending, to the UE, a first response message comprising a first AKMA for the first SUPI and/or a second AKMA for the second SUPI.
  • a first core network (CN) device comprising: receiving, from a user equipment (UE) having a first Subscription Permanent Identifier (SUPI) and a second SUPI, a first request message comprising first information related to multiple Authentication and Key Management for Applications (AKMA); sending, to the UE, a first response message comprising a first AKMA for the first SUPI and/or a second AKMA for the second SUPI.
  • UE user equipment
  • SUPI Subscription Permanent Identifier
  • AKMA Authentication and Key
  • the disclosure provides a user equipment (UE) comprising: one or more memories storing instructions; and one or more processors configured to process the instructions to control the UE to: have a first Subscription Permanent Identifier (SUPI) and a second SUPI; send, to a first core network (CN) device, a first request message comprising first information related to multiple Authentication and Key Management for Applications (AKMA); and receive, from the first CN device, a first response message comprising a first AKMA for the first SUPI and/or a second AKMA for the second SUPI.
  • SUPI Subscription Permanent Identifier
  • AKMA Authentication and Key Management for Applications
  • the disclosure provides a first core network (CN) device comprising: one or more memories storing instructions; and one or more processors configured to process the instructions to control the first CN to: receive, from a user equipment (UE) having a first Subscription Permanent Identifier (SUPI) and a second SUPI, a first request message comprising first information related to multiple Authentication and Key Management for Applications (AKMA); send, to the UE, a first response message comprising a first AKMA for the first SUPI and/or a second AKMA for the second SUPI.
  • UE user equipment
  • SUPI Subscription Permanent Identifier
  • AKMA Authentication and Key Management for Applications
  • a method performed by a user equipment (UE), a method performed by a first core network (CN) device, a user equipment (UE), and a first core network (CN) device are provided.
  • Fig. 1 is a Signaling diagram of a First example of the First Aspect.
  • Fig. 2 is a Signaling diagram of a Variant 1 of the Signaling diagram of the First example of the First Aspect.
  • Fig. 3 is a Signaling diagram of a Variant 2 of the Signaling diagram of the First example of the First Aspect.
  • Fig. 4 is a Signaling diagram of a Second example of the First Aspect.
  • Fig. 5 is a Signaling diagram of a Third example of the First Aspect.
  • Fig. 6 is a Signaling diagram of a Fourth example of the First Aspect.
  • Fig. 7 is a Signaling diagram of a Fifth example of the First Aspect.
  • Fig. 8 is a Signaling diagram of a Fifth example of the First Aspect.
  • Fig. 1 is a Signaling diagram of a First example of the First Aspect.
  • Fig. 2 is a Signaling diagram of a Variant 1 of the Signaling diagram of the First example of the
  • FIG. 9 is an Architecture supporting AKMA applicability information management of a First example of a Second Aspect.
  • Fig. 10 is a data model of AKMA applicability information in Traffic descriptor in a First example of a Second Aspect.
  • Fig. 11 is a data model of AKMA applicability information in route Selectin Descriptor in a First example of a Second Aspect.
  • Fig. 12 is a Signaling diagram of a Second example of the Second Aspect.
  • Fig. 13 is a diagram illustrating a system overview.
  • Fig. 14 is a block diagram illustrating a UE.
  • Fig. 15 is a block diagram illustrating an (R)AN node.
  • FIG. 16 is a diagram illustrating System overview of (R)AN node based on O-RAN architecture.
  • Fig. 17 is a block diagram illustrating an RU.
  • Fig. 18 is a block diagram illustrating a DU.
  • Fig. 19 is a block diagram illustrating a CU.
  • Fig. 20 is a block diagram illustrating an AMF.
  • Fig. 21 is a block diagram illustrating an SMF.
  • Fig. 22 is a block diagram illustrating a UPF.
  • Fig. 23 is a block diagram illustrating a PCF.
  • Fig. 24 is a block diagram illustrating an NWDAF.
  • Fig. 25 is a block diagram illustrating a UDM.
  • Fig. 26 is a block diagram illustrating an AUSF.
  • Fig. 17 is a block diagram illustrating an RU.
  • Fig. 18 is a block diagram illustrating a DU.
  • Fig. 19 is a block diagram illustrating CU.
  • FIG. 27 is a block diagram illustrating an AAnF.
  • Fig. 28 is a block diagram illustrating an NRF.
  • Fig. 29 is a block diagram illustrating an NEF.
  • Fig. 30 is a block diagram illustrating an UDR.
  • Fig. 31 is a block diagram illustrating an BSF.
  • Fig. 32 is a block diagram illustrating an AF.
  • Fig. 33 is a block diagram illustrating an AP.
  • Fig. 34 is a block diagram illustrating an NAF.
  • 3GPP TR 21.905 "Vocabulary for 3GPP Specifications”.
  • 3GPP TS 22.261 “Service requirements for the 5G system Stage 1”.
  • V19.5.0 (2023-12) [3]
  • 3GPP TS 33.535 "Authentication and Key Management for Applications (AKMA) based on 3GPP credentials in the 5G System (5GS)”.
  • AKMA Authentication and Key Management for Applications
  • GAA Generic Authentication Architecture
  • GBA Generic Bootstrapping Architecture
  • each of Aspects and elements included in the each of Aspects described below may be implemented independently or in combination with any other. These Aspects include novel characteristics different from one another. Accordingly, these Aspects contribute to achieving objects or solving problems different from one another and contribute to obtaining advantages different from one another.
  • An example object of this disclosure is to provide a method and apparatus that can solve the above-mentioned problem.
  • AF 201 in all examples in the First Aspect may be replaced with the AP 202 in case where an Authentication Proxy (AP) is deployed in operator's network.
  • AP Authentication Proxy
  • This example discloses an architecture to support the AKMA function for the Dual Steer devices with two or more USIMs by managing multiple AKMA keys in both Dual Steer device 3 and AF 201.
  • AF 201 has multiple AKMA keys
  • the AF 201 can adapt a right AKMA key to an Application Session Establishment Request from Dual Steer device 3 with any valid A-KID (AKMA Key Identifier).
  • Fig. 1 discloses the Deriving AKMA key after primary authentication during the Registration procedure (starting with step 3 in Fig. 1)
  • the Deriving AKMA key after primary authentication procedure can be triggered by any other event.
  • the primary authentication triggered by Session Establishment procedure the home network triggered primary authentication procedure as defined in 3GPP TS 33.501 [7].
  • Dual Steer device 3 can manage multiple AKMA keys and choose (or switch to) one AKMA key that is to be applied for an application-level security for a communication with the AF 201.
  • the AKMA for dual steer supported indicator indicates that Dual Steer device 3 with the User ID supports the AKMA function regardless of Dual Steer function that Dual Steer device 3 supports.
  • Dual Steer device 3 indicates the UE capability in general whether UE 3 support the AKMA function or not.
  • Step 2 AMF 70 sends an Nausf_UEAuthentication_Authenticate Request message to the AUSF 7601 in HPLMN including at least one of User ID, and AKMA for dual steer supported indicator.
  • step 1 in the First scenario in First example of the First Aspect for parameter details.
  • Step 3 Upon reception of the Nausf_UEAuthentication_Authenticate Request message from the AMF 70, the AUSF 7601 sends an Nudm_UEAuthentication_Get Request message to the UDM 7501 including at least one of User ID and AKMA for dual steer supported indicator.
  • the AUSF 7601 Upon reception of the Nausf_UEAuthentication_Authenticate Request message from the AMF 70, the AUSF 7601 sends an Nudm_UEAuthentication_Get Request message to the UDM 7501 including at least one of User ID and AKMA for dual steer supported indicator.
  • Step 4 Upon reception of the Nudm_UEAuthentication_Get Request message from the AUSF 7601 in step 3, The UDM 7501 generates a 5G HE AV for SUPI 1 in Dual Steer device 3.
  • the 5G HE AV is a Home Environment Authentication Vector for SUPI 1 in Dual Steer device 3.
  • UDM 7501 sends an Nudm_UEAuthentication_Get Response message to AUSF 7601 including at least one of 5G HE AV, Associated SUPI, RID for associated SUPI and prime indication.
  • the 5G HE AV The 5G HE AV is a Home Environment Authentication Vector for the SUPI.
  • Associated SUPI indicates an associated SUPI that the Dual Steer device can configure with.
  • the Associated SUPI is SUPI 2.
  • - RID for associated SUPI The RID for associated SUPI indicates a Routing Indicator for the associated SUPI.
  • the RID for the associated SUPI is the Routing Indicator for SUPI 2.
  • - prime indication The prime indication indicates either the SUPI, indicated in the Registration Request message in Step 1, is a prime SUPI or other than the prime SUPI.
  • the other than the prime SUPI may be a secondary SUPI.
  • the prime SUPI is a SUPI that might represent Dual Steer device 3 to the RAN node 5, core network 7, Operation and Maintenance system and AF 201, AP 202 in data network 20.
  • the prime indication may include a SUPI value.
  • the prime indication includes SUPI 1 to indicate that SUPI 1 is the prime SUPI among the other SUPIs.
  • Step 5 The Authentication procedure continues either from steps 3 to 11 in section 6.1.3.1 in 3GPP TS 33.501 [7] or from steps 3 to 12 in section 6.1.3.2.0 in 3GPP TS 33.501 [7].
  • Step 6 After successful Authentication procedure in Step 5, the AUSF 7601 generates an AKMA information for SUPI 1.
  • the AKMA information include a KAKMA (AKMA Anchor Key), A-KID (AKMA Key Identifier).
  • Step 7 If AUSF 7601 received the Associated SUPI, set to SUPI 2, in the Step 4, AUSF 7601 finds AUSF 7602 as an AUSF for SUPI 2. In case that the Nausf_UEAuthentication_Authenticate Request message from AMF 70 in Step 2 does not include the AKMA for dual steer supported indicator, AUSF 7601 does not perform Steps 7 to 9.
  • Step 8. AUSF 7601 sends the Nausf_Get_AKMA_info message to AUSF 7602 including at least SUPI.
  • the SUPI includes SUPI 2.
  • Step 9 Upon reception of the Nausf_Get_AKMA_info message from the AUSF 7601, the AUSF 7602 generates an AKMA information for SUPI 2.
  • the AKMA information include a KAKMA (AKMA Anchor Key) and A-KID (AKMA Key Identifier) for SUPI 2.
  • AUSF 7601 finds an associated AAnF for SUPI 2.
  • AUSF 7602 sends the Nausf_Get_AKMA_info response message to AUSF 7601 including at least AKMA information, AAnF address for associated SUPI and UE AKMA related subscription information.
  • the following bullets explain each parameter in detail.
  • the AKMA information includes the KAKMA (AKMA Anchor Key) and A-KID (AKMA Key Identifier) for SUPI 2. Both the KAKMA and A-KID are generated from the KAUAF.
  • - AAnF address for associated SUPI The AAnF address for associated SUPI includes the AAnF address that is associated with the AUSF 7602 for SUPI 2.
  • - UE AKMA related subscription information for SUPI Example. list of NF_ID subscribed for SUPI 2.
  • AUSF 7602 cannot generate the AKMA information for any reason, for example SUPI 2 is not registered, AUSF 7602 provides a cause information indicating a reason why the AKMA information cannot be generated. Possible cause information includes "UE not registered”, “AKMA not supported”, “AKMA for dual steer not supported”, etc.
  • Step 10 Upon reception of the Nausf_Get_AKMA_info response message from AUSF 7602, AUSF 7601 sends the Naanf_AKMA_AnchorKey_Resister Request message to the AAnF1 including at least two sets of AKMA information, AUSF address for associated SUPI, AAnF address for associated SUPI and prime indication.
  • AAnF address for associated SUPI The following bullets explain each parameter in detail.
  • Two sets of AKMA information to include the AKMA information for SUPI 1 and the AKMA information for SUPI 2.
  • - AUSF address for the associated SUPI The AUSF address for associated SUPI includes the AUSF address that is associated with SUPI 2.
  • - AAnF address for the associated SUPI Refer to Step 9 in Fig. 1.
  • the prime indication indicates which SUPI is a prime SUPI, either SUPI 1 or SUPI 2.
  • Step 11 Upon reception of the Naanf_AKMA_AnchorKey_Resister Request message from AUSF 7601, AAnF 7701 stores two sets of AKMA information, one for SUPI 1 and the other one for SUPI 2, the AUSF address for SUPI 2, the AAnF address for SUPI 2 and prime indication. AAnF 7701 sends the Naanf_AKMA_AnchorKey_Resister Response message to the AUSF 7601.
  • Step 12 The Registration procedure continues from steps 10 to 19c in section 4.2.2.2.2 in 3GPP TS 23.502 [5].
  • Step 13 The AMF 70 sends the Registration Accept message to Dual Steer device 3 including at least 5G-GUTI and AKMA for dual steer registered.
  • - 5G-GUTI The 5G-GUTI is a temporary identifier for SUPI 1 assigned by AMF 70.
  • - AKMA for dual steer registered The AKMA for dual steer registered indicates that the AKMA keys for Dual Steer device 3 have been successfully configured and the AKMA function is ready to be used in core network 7.
  • the AKMA for dual steer registered may indicate that either a single AKMA key for SUPI 1 is successfully configured or that two sets of AKMA keys for both SUP1 and SUPI 2 are successfully configured in the core network 7.
  • AKMA for dual steer registered is employed, however it is not limited, any other notation for a parameter to indicate that the AKMA keys for Dual Steer device 3 has been successfully configured the AKMA function ready to use in the core network 7 may be used, and/or any other notation for a parameter to indicate that either a single AKMA keys for SUPI 1 is successfully configured or two sets of AKMA keys for both SUP1 and SUPI 2 are successfully configured in the core network 7 may be used, and/or any other notation for a parameter to indicate that Dual Steer device 3 with the User ID has been successfully configured the AKMA function ready to use in core network 7, i.e.. Dual Steer device 3 , with single USIM, has been successfully configured the AKMA function ready to use in the core network 7 may be used.
  • Dual Steer device 3 and core network 7 have two sets of AKMA keys synchronized and ready to use the either key when Dual Steer device 3 establishes an application session with AF 201 that supports AKMA.
  • Fig. 4 discloses an example of AKMA key handling when the application session is established for Dual Steer device 3.
  • Fig. 1 discloses the mechanism that the AUSF fetches the AKMA information for an associated SUPI by contacting an AUSF for the associated SUPI
  • the UDM may also fetch the AKMA information for an associated SUPI and forward them to the AUSF
  • Fig. 2 illustrates an example of a Deriving AKMA key after primary authentication during the Registration procedure.
  • Step 1 Steps 0 to 3 in Fig. 1 are executed.
  • Step 2 Upon reception of the Nudm_UEAuthentication_Get Request message from AUSF 7601 in step 3 in Fig. 1, UDM 7501 generates a 5G HE AV for SUPI 1 in Dual Steer device 3.
  • the 5G HE AV is a Home Environment Authentication Vector for SUPI 1 in Dual Steer device 3.
  • UDM 7501 has an Associated SUPI (SUPI 2) and the Nudm_UEAuthentication_Get Request message from AUSF 7601 in step 3 of Fig. 1 including the AKMA for dual steer supported indicator, UDM 7501 finds AUSF 7602 as an AUSF for SUPI 2 and following steps take place.
  • SUPI 2 Associated SUPI
  • Step 3 UDM 7501 sends the Nausf_Get_AKMA_info message to AUSF 7602 including at least SUPI.
  • the SUPI includes SUPI 2.
  • Step 4 Upon reception of the Nausf_Get_AKMA_info message from UDM 7501, the AUSF 7602 generates an AKMA information for SUPI 2.
  • the AKMA information includes a KAKMA (AKMA Anchor Key) and A-KID (AKMA Key Identifier) for SUPI 2.
  • AUSF 7602 finds an associated AAnF for SUPI 2.
  • AUSF 7602 sends the Nausf_Get_AKMA_info response message to UDM 7501 including at least AKMA information and Associated AAnF address.
  • the AKMA information includes the KAKMA (AKMA Anchor Key) and A-KID (AKMA Key Identifier) for SUPI 2.
  • the Associated AAnF address includes the AAnF address that is associated with AUSF 7602 for SUPI 2.
  • AUSF 7602 In case AUSF 7602 cannot generate the AKMA information for any reason, for example SUPI 2 is not registered, AUSF 7602 provides a cause information indicating a reason why the AKMA information cannot be generated. Possible cause information may include "UE not registered”, “AKMA not supported”, “AKMA for dual steer not supported”, etc.
  • UDM 7501 sends an Nudm_UEAuthentication_Get Response message to AUSF 7601 including at least one of the following: 5G HE AV, Associated SUPI, RID for associated SUPI, prime indication, the AUSF address for the associated SUPI, the AAnF address for the associated SUPI.
  • 5G HE AV Refer to Step 4 in Fig. 1.
  • Associated SUPI Refer to Step 4 in Fig. 1.
  • Associated SUPI includes SUPI2.
  • - RID for associated SUPI Refer to Step 4 in Fig. 1.
  • - prime indication Refer to Step 4 in Fig. 1.
  • - AUSF address for associated SUPI Refer to Step 10 in Fig. 1.
  • - AAnF address for associated SUPI Refer to Step 9 in Fig. 1.
  • Step 6 Steps 5 and 6 in Fig. 1 are executed.
  • Fig. 1 discloses the mechanism whereby the AUSF fetches the AKMA information for an associated SUPI by contacting a UDM for the associated SUPI, the UDM may also fetch the AKMA information for the associated SUPI and forward them to the AUSF.
  • Fig. 3 illustrates an example of a Deriving AKMA key after primary authentication during the Registration procedure.
  • Step 1 Steps 0 to 3 in Fig. 1 are executed.
  • Step 4 Upon reception of the Nudm_Get_AKMA_info message from UDM 7501, UDM 7502 sends the Nausf_Get_AKMA_info message to AUSF 7602 including at least SUPI.
  • the SUPI includes SUPI 2.
  • AUSF 7602 In case AUSF 7602 cannot generate the AKMA information for any reason, for example SUPI 2 is not registered, AUSF 7602 provides a cause information indicating a reason why the AKMA information cannot be generated. Possible cause information includes "UE not registered”, “AKMA not supported”, “AKMA for dual steer not supported”, etc.
  • Step 7 Steps 5 to 7 in Fig. 2 are executed.
  • a UDM for SUPI 2 detects that SUPI 2 is de-registered from core network 7, the UDM for SUPI 2 sends Naanf_AKMA_Context_Remove request to AAnF 7701 for SUPI 1 indicating partial removal of the AKMA information for SUPI 2.
  • the UDM for SUPI 2 sends the Nausf_AKMA_Context_Remove request to AUSF 7601 for SUPI 1 indicating partial removal of the AKMA information for SUPI 2.
  • the subscriber data that is described in Step 0 in Fig. 1 may be stored in UDR 7A.
  • UDM 7501 may obtain the subscriber data from UDR 7A.
  • AUSF 7601 sends Nausf_GET_AKMA_info from AAnF 7602 of SUPI 2.
  • AAnF 7602 stores SUPI 2, and K AKMA2 and A-KID2 of SUPI 2.
  • AAnF 7602 sends SUPI 2, K AKMA2 and A-KID2.
  • the AMF sends i) Identity request message with identity type both SUPI or dual steer device SUPI.
  • the UE3 receives the identity request message then the UE3 sends Identity response message containing SUPI 1 and SUPI 2 of the UE3 to the AMF.
  • Identity request message with identity type associated SUPI.
  • the UE sends second SUPI (i.e., SUPI 2) to the AMF.
  • SUPI 2 SUPI 2
  • the AMF sends both SUPI 1 and SUPI2 to the AUSF7601 and AUSF sends these two SUPIs to the UDM 7501.
  • the UDM7501 finds that two SUPIs are associated, then the UE3 will indicate to the AMF70 and AMF then indicates AKMA for dual steer registered.
  • the UDM also indicates to the AUSF7601 or AUSF 7602 that the UE3 contains associated SUPI.
  • the AUSF7601 and AUSF 7602 tells to the AAnF which in turns to the AF201 using the message defined in the embodiments.
  • Second example of the First Aspect This example discloses a mechanism detailing how the AKMA key is chosen and used for the application session with Dual Steer device 3. Based on the mechanism disclosed by the first example of the First Aspect, the AAnFs for both SUPI 1 and SUPI 2 have two AKMA keys, one for SUPI 1 and the other one for SUPI 2.
  • Fig. 4 illustrates an example for a selection or update of the AKMA key applied to the application session with Dual Steer device 3.
  • USIM 3502 with SUPI 2 registers to AMF 7002 and obtains an AKMA key for SUPI 2.
  • SUPI 2 is associated with AAnF 7702.
  • the AKMA key includes KAKMA (AKMA Anchor Key) and A-KID (AKMA Key Identifier) for SUPI 2.
  • USIM 3501 with SUPI 1 establishes a PDU Session (PDU Session 1) with SMF 71 and UPF 72 that is applicable to the Application session.
  • USIM 3502 with SUPI 2 establishes a PDU Session (PDU Session 2) with SMF 71 and UPF 72 that is applicable to the Application session.
  • PDU Session 2 PDU Session 2
  • Dual Steer device 3 establishes the Application Session using an A-KID generated based on KAUSF for SUPI 1 using the PDU Session 1.
  • Dual Steer device 3 may also send Dual Steer device support indicator in a Ua* message between Dual Steer device 3 and AF 201.
  • the Ua* message includes the Application Session Establishment Request message, in an existing Ua* message or in a new Ua* message.
  • Step 0-6 The PDU Session Switch procedure is performed for switching from the PDU Session 1 to PDU Session 2 for Dual Steer device 3.
  • PDU Session 1 is active, and the Application Session is established with AKMA based security using AKMA keys for SUPI 1.
  • Dual Steer device 3 decides to switch from PDU Session 1 to PDU Session 2.
  • the switching between the PDU sessions can happen due to any reason, for example, round-trip delay between a Dual Steer device 3 and UPF 72 may exceed a predefined threshold or radio conditions on the access network serving of PDU Session 1 with SUPI 1 may become unstable.
  • PDU Session 1 and PDU Session 2 are established but there is no Application Session on any of the PDU session 1 and PDU session 2.
  • Step 1 is the very first time that the Application Session is established.
  • Dual Steer device 3 sends the Application Session Establishment Request to AF 201 including at least A-KID.
  • the A-KID may be associated with SUPI 1 or associated with SUPI 2.
  • the A-KID is associated with SUPI 2.
  • the A-KID may be selected based on the following criteria.
  • - Device configuration of Dual Steer device 3. - Based on the URSP rule setting in Dual Steer device 3 as disclosed by the First example of the Second Aspect. - In one example the A-KID is related to the SUPI which is associated with the PDU session to which the application chooses to switch the traffic.
  • Step 2 Upon reception of the Application Session Establishment Request from Dual Steer device 3 in Step 1, the AF 201 sends the Naanf_AKMA_ApplicationKey_Get request message to AAnF 7702 including at least A-KID and AF_ID.
  • AF 201 sends the Naanf_AKMA_ApplicationKey_Get request message to AAnF 7702 including at least A-KID and AF_ID when AF 201 doesn't have application context associated with A-KID otherwise AF 201 uses the existing application context associated with the A-KID.
  • the following bullets explain each parameter in detail.
  • A-KID is a AKMA Key Identifier that is globally unique and identifies the KAKMA of the UE.
  • A-KID shall be in NAI format, i.e. username@realm.
  • the username part shall include the RID and the A-TID (AKMA Temporary UE Identifier), and the realm part shall include Home Network Identifier.
  • - AF_ID The AF_ID identifies the AF 201.
  • the AF_ID consists of the FQDN of the AF 201.
  • Step 3 AAnF 7702 derives the AKMA Application Key (KAF) from KAKMA for SUPI 2.
  • KAF AKMA Application Key
  • Step 4 If AAnF 7702 has an AKMA information for the Associated SUPI (SUPI 1), AAnF 7702 sends the Naanf_AKMA_ApplicationKey_Get request message to AAnF 7701 including at least A-KID and AF_ID for SUPI 1.
  • Step 5 Upon reception of the Naanf_AKMA_ApplicationKey_Get request message from AAnF 7702, AAnF 7701 derives the AKMA Application Key (KAF) from KAKMA for SUPI 1.
  • KAF AKMA Application Key
  • Step 6 AAnF 7701 sends the Naanf_AKMA_ApplicationKey_Get response message to AAnF 7702 including SUPI, GPSI, KAF and the KAF expiration time for SUPI 1.
  • SUPI Subscription Permanent Identifier. In this example, it is SUPI 1.
  • GPSI Generic Public Subscription Identifier.
  • the GPSI is an identifier used in data networks outside of the 3GPP system that can address a 3GPP subscription. It can be either an MSISDN or an External Identifier.
  • - KAF AKMA Application Key. The KAF is used by AF 201 for enabling the AKMA service.
  • - KAF expiration time Expiration time of the KAF.
  • Dual Steer device 3 and AF 201 have two sets of AKMA information, one set with SUPI 1 and the other set with SUPI 2.
  • Step 8 the AF 201 applies the KAF for SUPI 2 for AKMA based application security since it is assumed in this example that the Application Session Establishment Request message in Step 1 includes the A-KID for SUPI 2.
  • AF 201 applies the KAF for SUPI 1 for AKMA based application security.
  • AF 201 sends an existing Ua* message e.g. the Application Session Establishment Response message containing A-KID chosen by the AF 201 to apply the security context related to the A-KID for the current application session establishment.
  • Dual Steer device 3 receives A-KID in the Ua* message e.g. the Application Session Establishment Response containing A-KID, Dual Steer device 3 applies security context related to the A-KID related for the application session.
  • any the KAF is used as far as Dual Steer device 3 and core network 7 (i.e. AAnF) share the same AKMA information for multiple SUPIs that are equipped in Dual Steer device 3.
  • Step 1 in Fig. 4 triggers when Dual Steer device 3 sends the Application Session Establishment Request to AF 201 with an updated A-KDI are listed below as examples: - When the PDU Session Switch procedure is performed for switching from the PDU Session 1 to the PDU Session 2 for Dual Steer device 3 and the Application Session uses new PDU Session (PDU Session 2) for a connectivity service to AF 201. (This is an example that Second example of the First Aspect takes.) In this case, it is reasonable to use the KAF with SUPI 2 for AKMA as the PDU Session 2 is associated with SUPI 2.
  • the deregistration procedure with a SUPI that provides the A-KID and KAF for the Application Session could happen in the following sequence: - Two PDU Sessions, PDU Session 1 and PDU Session 2, with SUPI 1 and SUPI 2 respectively are established for Dual Steer device 3. - An Application Session is established over the PDU Session 1 with A-KID and AKF with SUPI 1. - The PDU Session Switch procedure is performed for switching from the PDU Session 1 to the PDU Session 2 for the Application Session but the A-KID and AKF with SUPI 1 continues applying to the Application Session by both Dual Steer device 3 and AF 201. - The SUP1 is deregistered with any reason.
  • the UICC Universal Integrated Circuit Card
  • the existing NF e.g., UDM 75 indicates to AAnF 7701 (e.g. to all the AAnF associated with SUPI 2) using an existing message between UDM 7501 and AAnF 7701 or a new message between UDM 7501 and AAnF 7701 indicating that SUPI 1 is deregistered to SUPI 2.
  • the message contains SUPI 1 and indication deregister or the message contains SUPI 1 only the meaning of the message is to indicate deregistration of the SUPI.
  • AAnF 7701 Upon receiving the message, AAnF 7701 indicates to AF 201 that SUPI 1 is deregistered to SUPI 2 either by including SUPI 1 or GPSI or any other user identity associated with SUPI 1.
  • UDM 7501 sends an existing message or a new message directly to AF 201 (e.g., to all AKMA enabled AF associated with the SUPI) indicating SUPI 1 is deregistered for SUPI 2.
  • the message contains SUPI 1 GPSI, or any other user identity associated with SUPI 1 and indicator deregistered.
  • Dual Steer device 3 sends A-KID 1 and A-KID 2 to AF 201.
  • the AF 201 receives A-KID 1 and A-KID2
  • the AF 201 fetches Application Function Key KAF, user identity and other subscription parameter of SUPI 1 and SUPI 2 from the AAnFs, AAnF 7701 corresponding to the A-KID 1 and AAnF 7702 corresponding to A-KID 2 respectively.
  • the AF 201 determines based on the subscription parameter of both SUPI 1 and SUPI 2 which KAF to use for the security parameter at the AF 201 for the current application session and sends the selected A-KID to Dual Steer device 3 in the existing message at the Ua* interface or in a new Ua* message.
  • Dual Steer device 3 receives the Ua* message
  • Dual Steer device 3 and AF 201 start using the AKMA security parameter corresponding to the received A-KID.
  • the primary KAF should be used then the AF 201 sends A-KID related to the primary SUPI.
  • the subscription parameter stores the priority of the two SUPIs, SUPI 1 and SUPI 2. The priority of whichever SUPI is higher than the AF 201 shall choose the KAF related to the higher priority SUPI.
  • any AAnF (e.g. AAnF of SUPI 2 in step 7) in Fig. 4 can take decision which KAF can be used based on the subscription or local policy of the AAnF and pass corresponding A-KID to the AF 201.
  • the AF 201 informs to Dual Steer device 3 as described above in this embodiment.
  • step 1 the UE3 keeps using the KAF (in this case it is KAF related to SUPI 1) used in step 0-5 and AF201 also keep using the KAF which was used in step 0-5 implicitly the UE sending any Application Session Establishment Request message.
  • the UE may send Application Session Establishment Request message sending A-KID 1 to the AF201.
  • step 1 if the KAF of SUPI 1 expiration timer expires in AF201 or KAF is deleted at the AAnF function by a NF then the AF201 or AAnF7701 or AAnF 7702 selects A-KID of SUPI 2 and sends in the Application Session Establishment Response message.
  • the UE03 and the AF201 will start using the KAF related to A-KID of SUPI 2 to as security context for the application data.
  • All the embodiments apply for the case i) when a same PDU address is assigned to PDU session 1 and PDU session 2 or ii) different PDU sessions assigned to PDU session 1 and PDU session 2.
  • the UE3 and AF201 establishes a new connection (e.g., TCP connection, UDP connection or HTTPS connection) or application session- (e.g., IMS session) between UE3 and AF201 when an application switches from PDU session 1 to PDU session 2.
  • the UE3 and the AF201 start applying the new selected KAF as chosen in the above embodiments to the new connection or the application session.
  • This example discloses a mechanism that the AKMA key that are generated by a SUPI in which a PDU Session being used for Application Session is always used.
  • UPF 72 notifies the change to AF 201.
  • the AF 201 verifies that the A-KID received from Dual Steer device 3 is the one generated by the KAUSF of the SUPI that is associated with the latest PDU Session. With this authorization, the AKMA with the SUPI that is associated with the latest PDU Session can be confirmed.
  • Fig. 5 illustrates an example of applying AKMA key with SUPI that is associated with the latest PDU Session.
  • Step 1 Steps 0-1 to 0-5 in Fig. 4 take place.
  • Step 1 Upon establishing the Application Session with Dual Steer device 3, the AF 201 sends the Nnef_EventExposure_Subscribe request message to the NEF 79 including at least Dual Steer status requested, A-KID, AF ID, User IP address and SUPI.
  • Dual Steer status requested The Dual Steer status requested indicates that the service consumer is requesting a dual steer status notification.
  • A-KID Refer to Step 2 of Fig. 4.
  • - AF ID Refer to Step 2 of Fig. 4.
  • - User IP address End User IP address of Dual Steer device 3 being used.
  • - SUPI Refer to Step 6 of Fig. 4.
  • Step 2 NEF 79 authorizes AF 201 request. If the authorization is not granted, NEF 79 replies to AF 201 with a Result value indicating authorization failure.
  • Step 3 If NEF 79 does not have an IP address of UPF 72 as a PDU Session Anchor for the Application Session, NEF 79 sends Nnrf_NFDiscovery message to NRF 78 including at least User IP address, AF ID and SUPI.
  • NRF 78 including at least User IP address, AF ID and SUPI.
  • - User IP address Refer to Step 1 of Fig. 5.
  • - AF ID Refer to Step 2 of Fig. 4.
  • - SUPI Refer to Step 6 of Fig. 4.
  • Step 4 Upon reception of the Nnrf_NFDiscovery message from NEF 79, NRF 78 finds the UPF address of UPF 72 implementing NAT functionality for the UE IP address. NRF 78 sends the Nnrf_NFDiscovery response message to NEF 79 including at least UPF address. The UPF address indicates UPF 72 that implements the NAT functionality for the UE IP address for Dual Steer device 3.
  • NEF 79 sends Nupf_EventExposure_Subscribe message to UPF 72 including at least Dual Steer status requested, SUPI and User IP address. The following bullets explain each parameter in detail.
  • Dual Steer status requested Refer to Step 1 of Fig. 5.
  • SUPI Refer to Step 6 of Fig. 4.
  • User IP address Refer to Step 1 of Fig. 5.
  • NEF 79 sends Nnef_EventExposure_Subscribe response message to AF 201.
  • NEF 79 sends Nnef_EventExposure_Subscribe response message to AF 201 after Step 2.
  • Step 8 The PDU Session Switch procedure is performed for switching from the PDU Session 1 to the PDU Session 2 for Dual Steer device 3.
  • Step 9 UPF 72 detects the PDU Session change for the Dual Steer device 3 as executed in Step 8, UPF 72 sends the Nupf_EventExposure_Notify message to NEF 79 including at least User IP address, Dual Steer status (Switch to SUPI 2 in this example). The following bullets explain each parameter in detail.
  • - User IP address Refer to Step 1 of Fig. 5.
  • Dual Steer status Dual Steer status indicates the latest status or even of the PDU Session used for Dual Steer device 3.
  • Dual Steer status may indicate "PDU Session switched with SUPI information where new PDU Session is associated with", “PDU Session is reduced to one with SUPI information where the released PDU Session is associated with”, “New PDU Session added with SUPI information where the added PDU Session is associated with”, “Entire Session is released”, “Switched to non-3GPP access”, “Switched to 3GPP access” and etc.
  • Step 10 Upon reception of the Nupf_EventExposure_Notify message from UPF 72, NEF 79 sends the Nnef_EventExposure Notify message to the AF 201 including at least User IP address, Dual Steer status (Switch to SUPI 2 in this example). Refer to Step 9 for parameter details.
  • Dual Steer device 3 sends the Application Session Establishment Request to the AF 201 including at least A-KID of SUPI 2 since the PDU Session Switch procedure is performed for switching from PDU Session 1 to PDU Session 2 in Step 8.
  • Step 10 in Fig. 5 once the AF 201 obtains new SUPI associated with the latest PDU Session being used for Application Session, the AF 201 may initiate the KAF refresh procedure over the Ua* reference point. (Note that the Ua* reference point applies between Dual Steer device 3 and AF 201.) The AF 201 sends a KAF refresh request message to Dual Steer device 3 including an A-KID that the AF 201 wishes to apply for the AKMA function to the Application Session.
  • the A-KID in the KAF refresh request message may be a A-KID generated from an KAUSF of a SUPI that is associated with the latest PDU Session being used for Application Session.
  • Dual Steer device 3 may send the Application Session Establishment Request to the AF 201 including at least the received A-KID.
  • the Dual Steer Status parameter may also indicate the reason for the PDU Session switch from SUPI 1 to SUPI 2 or vice versa.
  • the reason for the PDU Session switch may be a congestion in one of the SUPIs when both SUPIs are from the same network operator.
  • the Dual Steer Status parameter may indicate 'congestion on SUPIx' cause to AF 201.
  • Another reason for the PDU Session switch between the SUPIs could be no or low coverage on one of the SUPIs when the two SUPIs are from different network operators.
  • the Dual Steer Status parameter may indicate 'no/low coverage on SUPIx' cause to AF 201.
  • the Dual Steer Status parameter may also indicate the time at which the PDU Session switched between the SUPIs.
  • Step 1 Steps 0-1 to 0-5 in Fig. 4 take place.
  • Dual Steer device 3 sends a Request message to the AF 201 including at least User IP address and AF-ID.
  • - User IP address Refer to Step 1 of Fig. 5.
  • - AF ID Refer to Step 2 of Fig. 4.
  • Step 2 Upon reception of the Request message from Dual Steer device 3, the AF 201 finds the associated A-KID with the AF ID for the user that has the received User IP address has been assigned. If AF 201 finds multiple A-KIDs, AF 201 selects one A-KID to apply AKMA based security for the Application session, linked with the AF ID, based on operator policy, based on configuration, or based on subscriber data or any combination of selection making criteria. Once AF 201 chooses an appropriate A-KID, AF 201 sends the KAMA initiation message to Dual Steer device 3 including at least A-KID. Refer to Step 2 of Fig. 4 for parameter detail of A-KID. One example, the AF 201 sends multiple A-KID with priority order that may be used for the AKMA based security for the Application session as linked with the AF ID.
  • Step 4 Steps 2 to 7 in the AAnF response with UE Identity procedure as described in section 6.2.1 in 3GPP TS 33.535 [3] take place for deriving AKMA Application Key for the Application session.
  • Step 4 the AKMA based security with the selected A-KID applies to the Application Session between Dual Steer device 3 and AF 201.
  • This example discloses a mechanism that the AKMA key to apply to the Application Session with Dual Steer device 3 is decided based on a decision made by AF 201.
  • Fig. 7 illustrates an example of the A-KID selection by the AF.
  • Step 1 Steps 0-1 to 0-5 in Fig. 4 take place.
  • Step 2 Upon reception of the Application Session Establishment Request from Dual Steer device 3, the AF 201 examines the received one or multiple A-KIDs whether they are valid to apply for AKMA based security for the Application Session. If the AF 201 finds multiple A-KIDs valid to apply AKMA based security for the Application session, the AF 201 selects one A-KID to apply AKMA based security for the Application session, linked with the AF ID, based on operator policy, based on configuration, or based on subscriber data or any combination of selection making criteria.
  • Steps 2 to 6 in the AAnF response with UE Identity procedure as described in section 6.2.1 in 3GPP TS 33.535 [3] take place with the selected A-KID for deriving AKMA Application Key for the Application session.
  • Step 3 AF 201 sends the Application Session Establishment Response to Dual Steer device 3 including at least A-KID.
  • Dual Steer device 3 apply the received A-KID for the AKMA based security to the Application session.
  • Step 3 the AKMA based security with the selected A-KID applies to the Application Session between Dual Steer device 3 and AF 201.
  • This example discloses an architecture to support the Generic Authentication Architecture (GAA) and Generic Bootstrapping Architecture (GBA) functions for the Dual Steer devices with two or more USIMs by managing multiple Ks_NAFs in both, Dual Steer device 3 and NAF 203.
  • GAA Generic Authentication Architecture
  • GBA Generic Bootstrapping Architecture
  • Fig. 8 illustrates an example of the GAA and the GBA for Dual Steer device 3.
  • Registration Procedures > Step 0-1.
  • the Registration procedure for SUPI 1 in Dual Steer device 3 takes place with the GAA and GBA supported 5GC.
  • the First example of the First Aspect applies to this procedure with the following replacements showing after the Step 0-2.
  • Step 0-2. The Registration procedure for SUPI 2 in Dual Steer device 3 takes place with the GAA and GBA supported 5GC.
  • the First example of the First Aspect applies to this procedure with the following replacements.
  • - AUSF 7601 is replaced with BSF 7B01.
  • - AUSF 7602 is replaced with BSF 7B02.
  • - AF 201 is replaced with NAF 203.
  • - UDM 7501 may stay the same.
  • UDM 7501 may be HSS or HLR.
  • - AKMA for dual steer supported indicator is replaced with GAA and GBA for dual steer supported indicator.
  • - AKMA for dual steer registered is replaced with GAA and GBA for dual steer registered.
  • the Bootstrapping procedure in section 4.5.2 of 3GPP TS 33.220 [9] take place for SUPI 1.
  • SUPI 1 derives B-TID1 and associated lifetime of the key Ks.
  • Step 0-4 The Bootstrapping procedure in section 4.5.2 of 3GPP TS 33.220 [9] take place for SUPI 2. After the Bootstrapping procedure, SUPI 2 derives B-TID2 and associated lifetime of the key Ks.
  • Dual Steer device 3 selects a B-TID, from B-TID 1 and B-TID 2.
  • the B-TID may be selected based on the following criteria.
  • - Device configuration of Dual Steer device 3. - Based on the URSP rule setting in Dual Steer device 3 as disclosed by the First example of the Second Aspect.
  • Dual Steer device 3 may decide to update the Key Ks for the Application security for NAF 203.
  • the Security Key update trigger is listed below. But not limited with the following triggers: - When the PDU Session Switch procedure is performed for switching from the PDU Session 1 to the PDU Session 2 for Dual Steer device 3 and the Application Session uses new PDU Session (PDU Session 2) for a connectivity service to NAF 203. (This is an example that Second example of the First Aspect takes.) In this case, it is reasonable to use the Key As with SUPI 2 for GAA and GBA as PDU Session 2 is associated with SUPI 2.
  • Dual Steer device 3 may select new B-TID to use for Application security.
  • Dual Steer device 3 performs the Bootstrapping usage procedure as defined in section 4.5.3 of 3GPP TS 33.220 [9].
  • a B-TID in the Application request in Step 1 of the section 4.5.3 of 3GPP TS 33.220 [9] may be different from the one being used for the Application security with NAF 203.
  • Second Aspect includes a general architecture how the AKMA applicability information is managed in core network 7 and shared with Dual Steer device 3.
  • Fig. 9 illustrates an example of general architecture for the AKMA applicability information management.
  • the AKMA applicability information is stored in the UDR 7A for each SUPI as a subscriber data.
  • SUPI 1 is associated with the UDR 7A01 and SUPI 2 is associated with UDR 7A02.
  • the AKMA applicability information is defined per Application.
  • the subscriber data may have multiple Applications that can be accessed with the corresponding SUPI.
  • SUPI 1 has three Applications, APL-1, APL-2 and APL-3, allowed to access. While APL-1 and APL-3 can use AKMA function, APL-2 is not allowed to use AKMA function.
  • Fig. 10 illustrates an example how the AKMA applicability information is structured in the URSP rule. This example discloses that the AKMA applicability information may be stored in the Traffic descriptor in the URSP Rule.
  • a value of the AKMA applicability information may be form any of the followings.
  • This example explains the Application (APL-3) behaver in Dual Steer device 3 by referring to Fig. 9.
  • the APL-3 may take the following steps in order to find an appropriate SUPI to use for a connectivity service for the Application Session.
  • Step 1 the APL-3 confirms how many UICCs being equipped in Dual Steer device 3.
  • the APL-3 confirms that the UICCs for SUPI 1 and SUPI 2 are equipped.
  • Step 2 the APL-3 confirms each equipped SUPIs whether they have been registered or not. Dual Steer device 3 may initiate the Registration procedure with the equipped SUPI if possible and needed.
  • Step 4 the APL-3 confirms whether any SUPIs registered to have a UE policy (URSP rule) that allowed to access to a target Application server for the Application service for the APL-3 based on the URSP rules.
  • URSP rule UE policy
  • the URSP 1 for SUPI 1 has associated information (Priority High) for APL-3
  • the URSP 2 for SUPI 2 has associated information (Priority Low) for APL-3.
  • Step 5 the APL-3 confirms that SUPI 1 is the most relevant SUPI to use for Application Session. If a PDU Session that is applicable to the Application Session has been established with SUPI 1, Dual Steer device 3 initiates the AAnF response with UE Identity procedure as described in Section 6.2.1 in 3GPP TS 33.535 [3] with an A-KID for SUPI 1 for establishing the Application Session for the APL-3. Otherwise, Dual Steer device 3 may initiate the UE Requested PDU Session Establishment procedure as described in section 4.3.2.2 in 3GPP TS 23.502 [5] and the AAnF response with UE Identity procedure with an A-KID for SUPI 1 takes place after successful PDU Session establishment.
  • Step 6 If the APL-3 finds that there is no PDU Session available with SUPI 1 for the APL-3 (Example, network congestion, resource not available, service restriction on SUPI 1, etc), the APL-3 takes the Step 5 with SUPI 2 since SUPI 2 is usable for the APL-3 but it is rated as Low priority.
  • the URSP for AKMA is coded "AKMAURSP", "URSPAKMA” or any other expressions in the UE policy classmark as defined in Section D.6.5 in 3GPP TS 24.501 [8].
  • Step 2 When the PCF 73 initiates the Network-requested UE policy management procedure as defined in Section D.2.1 in 3GPP TS 24.501 [8], the received URSP for AKMA into account for generating the URSP rule Dual Steer device 3.
  • the PCF 73 may send AKMA support indication to each application in the URSP rule which indicates whether the application in the URSP support AKMA AF or not.
  • Step 2 in Fig. 12 when the PCF 73 received the URSP for AKMA supported from Dual Steer device 3 in Step 1 and the PCF needs to send the MANAGE UE POLICY COMMAND message to Dual Steer device 3, the MANAGE UE POLICY COMMAND message may include "AKMA support" to newly defined information element "AKMAURSP", "URSPAKMA” or any other expressions in the UE policy network classmark in case where the PCF 73 can handle or generates the AKMA related information in the URSP rule.
  • the (R)AN node 5 can also support a communication using the satellite access.
  • the (R)AN node 5 may support a satellite access and a terrestrial access.
  • the (R)AN node 5 can also be referred as an access node for a non-wireless access.
  • the non-wireless access includes a fixed line access as defined by the Broadband Forum (BBF) and an optical access as defined by the innovative Optical and Wireless Network (IOWN).
  • a UE 3 may enter and leave the areas (i.e. radio cells) served by the (R)AN node 5 as the UE 3 is moving around in the geographical area covered by the telecommunication system 1.
  • the core network 7 comprises at least one access and mobility management function (AMF) 70.
  • the AMF 70 is in communication with the (R)AN node 5 coupled to the core network 7.
  • a mobility management entity (MME) or a mobility management node for beyond 5G or a mobility management node for 6G may be used instead of the AMF 70.
  • the data network 20 can be an internet, a public network, an external network, a private network or an internal network of the PLMN.
  • the IP Multimedia Subsystem (IMS) service may be provided by that data network 20.
  • the UE 3 can be connected to the data network 20 using IPv4, IPv6, IPv4v6, Ethernet or unstructured data type.
  • the data network may include an Application Function (AF) 201.
  • AF Application Function
  • RRC setup complete message This message is sent from the UE 3 to the (R)AN node 5.
  • RRC setup complete message - guami-Type, iab-NodeIndication, idleMeasAvailable, ue-MeasurementsAvailable, mobilityState, ng-5G-S-TMSI-Part2, registeredAMF, selectedPLMN-Identity, s-NSSAI-List , onboardingRequest
  • - registration accept message This message is sent from the AMF 70 to the UE 3.
  • following parameters may be included together in the registration accept message.
  • - Registration Complete message This message is sent from the UE 3 to the AMF 70. In addition to the parameters that are disclosed by Aspects in this disclosure, following parameters may be included together in the Registration Complete message. - SOR transparent container. - Authentication Request message: This message is sent from the AMF 70 to the UE 3. In addition to the parameters that are disclosed by Aspects in this disclosure, following parameters may be included together in the Authentication Request message. - ngKSI, ABBA, Authentication parameter RAND (5G authentication challenge), Authentication parameter AUTN (5G authentication challenge) and EAP message. - Authentication Response message: This message is sent from the UE 3 to the AMF 70.
  • Authentication Response message - Authentication response message identity, Authentication response parameter and EAP message.
  • - Authentication Result message This message is sent from the AMF 70 to the UE 3.
  • following parameters may be populated together in the Authentication Result message.
  • - Authentication Failure message This message is sent from the UE 3 to the AMF 70.
  • following parameters may be populated together in the Authentication Failure message.
  • - Authentication failure message identity 5GMM cause and Authentication failure parameter.
  • - Authentication Reject message This message is sent from the AMF 70 to the UE 3. In addition to the parameters that are disclosed by Aspects in this disclosure, following parameters may be populated together in the Authentication Reject message.
  • EAP message This message is sent from the UE 3 to the AMF 70. In addition to the parameters that are disclosed by Aspects in this disclosure, following parameters may be populated together in the Service Request message. - ngKSI, Service type, 5G-S-TMSI, Uplink data status, PDU session status, Allowed PDU session status, NAS message container.
  • - Service Accept message This message is sent from the AMF 70 to the UE 3.
  • Service Accept message - PDU session status, PDU session reactivation result, PDU session reactivation result error cause, EAP message and T3448 value.
  • Service Reject message This message is sent from the AMF 70 to the UE 3.
  • Service Reject message This message is sent from the AMF 70 to the UE 3.
  • Service Reject message - 5GMM cause, PDU session status, T3346 value, EAP message, T3448 value and CAG information list.
  • Configuration Update Command message This message is sent from the AMF 70 to the UE 3.
  • a controller 33 controls the operation of the UE 3 in accordance with software stored in a memory 36.
  • the software includes, among other things, an operating system 361 and a communications control module 362 having at least a transceiver control module 3621.
  • the communications control module 362 (using its transceiver control module 3621) is responsible for handling (generating/sending/receiving) signalling and uplink/downlink data packets between the UE 3 and other nodes, such as the (R)AN node 5 and the AMF 70.
  • Such signalling may include, for example, appropriately formatted signalling messages (e.g. a registration request message and associated response messages) relating to access and mobility management procedures (for the UE 3).
  • the controller 33 interworks with one or more Universal Subscriber Identity Module (USIM) 35. If there are multiple USIMs 35 equipped, the controller 33 may activate only one USIM 35 or may activate multiple USIMs 35 at the same time.
  • USIM Universal Subscriber Identity Module
  • the UE 3 may, for example, support the Non-Public Network (NPN),
  • NPN Non-Public Network
  • the NPN may be a Stand-alone Non-Public Network (SNPN) or a Public Network Integrated NPN (PNI-NPN).
  • SNPN Stand-alone Non-Public Network
  • PNI-NPN Public Network Integrated NPN
  • the UE 3 may, for example, be an item of equipment for production or manufacture and/or an item of energy related machinery (for example equipment or machinery such as: boilers; engines; turbines; solar panels; wind turbines; hydroelectric generators; thermal power generators; nuclear electricity generators; batteries; nuclear systems and/or associated equipment; heavy electrical machinery; pumps including vacuum pumps; compressors; fans; blowers; oil hydraulic equipment; pneumatic equipment; metal working machinery; manipulators; robots and/or their application systems; tools; molds or dies; rolls; conveying equipment; elevating equipment; materials handling equipment; textile machinery; sewing machines; printing and/or related machinery; paper converting machinery; chemical machinery; mining and/or construction machinery and/or related equipment; machinery and/or implements for agriculture, forestry and/or fisheries; safety and/or environment preservation equipment; tractors; precision bearings; chains; gears; power transmission equipment; lubricating equipment; valves; pipe fittings; and/or application systems for any of the previously mentioned equipment or machinery etc.).
  • equipment or machinery such as: boilers
  • the UE 3 may, for example, be an item of transport equipment (for example transport equipment such as: rolling stocks; motor vehicles; motor cycles; bicycles; trains; buses; carts; rickshaws; ships and other watercraft; aircraft; rockets; satellites; drones; balloons etc.).
  • transport equipment for example transport equipment such as: rolling stocks; motor vehicles; motor cycles; bicycles; trains; buses; carts; rickshaws; ships and other watercraft; aircraft; rockets; satellites; drones; balloons etc.
  • the UE 3 may, for example, be an item of information and communication equipment (for example information and communication equipment such as: electronic computer and related equipment; communication and related equipment; electronic components etc.).
  • the UE 3 may, for example, be a refrigerating machine, a refrigerating machine applied product, an item of trade and/or service industry equipment, a vending machine, an automatic service machine, an office machine or equipment, a consumer electronic and electronic appliance (for example a consumer electronic appliance such as: audio equipment; video equipment; a loud speaker; a radio; a television; a microwave oven; a rice cooker; a coffee machine; a dishwasher; a washing machine; a dryer; an electronic fan or related appliance; a cleaner etc.).
  • the UE 3 may, for example, be an electrical application system or equipment (for example an electrical application system or equipment such as: an x-ray system; a particle accelerator; radio isotope equipment; sonic equipment; electromagnetic application equipment; electronic power application equipment etc.).
  • an electrical application system or equipment such as: an x-ray system; a particle accelerator; radio isotope equipment; sonic equipment; electromagnetic application equipment; electronic power application equipment etc.
  • the UE 3 may, for example, be an electronic lamp, a luminaire, a measuring instrument, an analyzer, a tester, or a surveying or sensing instrument (for example a surveying or sensing instrument such as: a smoke alarm; a human alarm sensor; a motion sensor; a wireless tag etc.), a watch or clock, a laboratory instrument, optical apparatus, medical equipment and/or system, a weapon, an item of cutlery, a hand tool, or the like.
  • a surveying or sensing instrument such as: a smoke alarm; a human alarm sensor; a motion sensor; a wireless tag etc.
  • the UE 3 may, for example, be a wireless-equipped personal digital assistant or related equipment (such as a wireless card or module designed for attachment to or for insertion into another electronic device (for example a personal computer, electrical measuring machine)).
  • a wireless-equipped personal digital assistant or related equipment such as a wireless card or module designed for attachment to or for insertion into another electronic device (for example a personal computer, electrical measuring machine)).
  • the UE 3 may be a device or a part of a system that provides applications, services, and solutions described below, as to "internet of things (IoT)", using a variety of wired and/or wireless communication technologies.
  • IoT Internet of things
  • IoT devices may be equipped with appropriate electronics, software, sensors, network connectivity, and/or the like, which enable these devices to collect and exchange data with each other and with other communication devices.
  • IoT devices may comprise automated equipment that follow software instructions stored in an internal memory. IoT devices may operate without requiring human supervision or interaction. IoT devices might also remain stationary and/or inactive for a long period of time. IoT devices may be implemented as a part of a (generally) stationary apparatus. IoT devices may also be embedded in non-stationary apparatus (e.g. vehicles) or attached to animals or persons to be monitored/tracked.
  • IoT technology can be implemented on any communication devices that can connect to a communications network for sending/receiving data, regardless of whether such communication devices are controlled by human input or software instructions stored in memory.
  • the UE 3 may be a smart phone or a wearable device (e.g. smart glasses, a smart watch, a smart ring, or a hearable device).
  • a wearable device e.g. smart glasses, a smart watch, a smart ring, or a hearable device.
  • the UE 3 may be a reduced capability device (RedCap).
  • the UE 3 may be a car, or a connected car, or an autonomous car, or a vehicle device, or a motorcycle or V2X (Vehicle to Everything) communication module (e.g. Vehicle to Vehicle communication module, Vehicle to Infrastructure communication module, Vehicle to People communication module and Vehicle to Network communication module).
  • V2X Vehicle to Everything
  • FIG. 15 is a block diagram illustrating the main components of an exemplary (R)AN node 5, for example a base station ('eNB' in LTE, 'gNB' in 5G, a base station for 5G beyond, a base station for 6G).
  • the (R)AN node 5 includes a transceiver circuit 51 which is operable to transmit signals to and to receive signals from connected UE(s) 3 via one or more antennas 52 and to transmit signals to and to receive signals from other network nodes (either directly or indirectly) via a network interface 53.
  • a controller 54 controls the operation of the (R)AN node 5 in accordance with software stored in a memory 55.
  • Software may be pre-installed in the memory and/or may be downloaded via the telecommunication network or from a removable data storage device (RMD), for example.
  • the software includes, among other things, an operating system 551 and a communications control module 552 having at least a transceiver control module 5521.
  • the communications control module 552 (using its transceiver control sub-module) is responsible for handling (generating/sending/receiving) signalling between the (R)AN node 5 and other nodes, such as the UE 3, another (R)AN node 5, the AMF 70 and the UPF 72 (e.g. directly or indirectly).
  • the signalling may include, for example, appropriately formatted signalling messages relating to a radio connection and a connection with the core network 7 (for a particular UE 3), and in particular, relating to connection establishment and maintenance (e.g. RRC connection establishment and other RRC messages), NG Application Protocol (NGAP) messages (i.e. messages by N2 reference point) and Xn application protocol (XnAP) messages (i.e. messages by Xn reference point), etc.
  • Such signalling may also include, for example, broadcast information (e.g. Master Information and System information) in a sending case.
  • the RAN 501 and the RAN 502 may have same components to the (R)AN node 5.
  • the (R)AN node 5 may be expressed as a RAN node, RAN, (R)AN etc.
  • the (R)AN node 5 based on O-RAN architecture represents a system overview in which the (R)AN node is split into a Radio Unit (RU) 60, Distributed Unit (DU) 61 and Centralized Unit (CU) 62.
  • each unit may be combined.
  • the RU 60 can be integrated/combined with the DU 61 as an integrated/combined unit
  • the DU 61 can be integrated/combined with the CU 62 as another integrated/combined unit.
  • Any functionality in the description for a unit e.g. one of RU 60, DU 61 and CU 62
  • the UE 3 and a respective serving RU 60 are connected via an appropriate air interface (for example the so-called “Uu” interface and/or the like).
  • Each RU 60 is connected to the DU 61 via an appropriate interface (such as the so-called “Front haul”, “Open Front haul”, “F1” interface and/or the like).
  • Each DU 61 is connected to the CU 62 via an appropriate interface (such as the so-called “Mid haul”, “Open Mid haul", “E2" interface and/or the like).
  • Each CU 62 is also connected to nodes in the core network 7 (such as the so-called core network nodes) via an appropriate interface (such as the so-called “Back haul”, “Open Back haul”, “N2"/ “N3” interface(s) and/or the like).
  • an appropriate interface such as the so-called "Back haul”, “Open Back haul”, “N2"/ “N3” interface(s) and/or the like.
  • a user plane part of the DU 61 can also be connected to the core network nodes via an appropriate interface (such as the so-called “N3" interface(s) and/or the like).
  • each unit provides some of the functionality that is provided by the (R)AN node 5.
  • the RU 60 may provide a functionalities to communicate with a UE 3 (e.g., the Network Relay UE 300) over air interface
  • the DU 61 may provide functionalities to support MAC layer and RLC layer
  • the CU 62 may provide functionalities to support PDCP layer, SDAP layer and RRC layer.
  • Fig. 17 is a block diagram illustrating the main components of an exemplary RU 60, for example a RU part of base station ('eNB' in LTE, 'gNB' in 5G, a base station for 5G beyond, a base station for 6G).
  • the RU 60 includes a transceiver circuit 601 which is operable to transmit signals to and to receive signals from connected UE(s) 3 via one or more antennas 602 and to transmit signals to and to receive signals from other network nodes or network unit (either directly or indirectly) via a network interface 603.
  • a controller 604 controls the operation of the RU 60 in accordance with software stored in a memory 605.
  • Software may be pre-installed in the memory and/or may be downloaded via the telecommunication network or from a removable data storage device (RMD), for example.
  • the software includes, among other things, an operating system 6051 and a communications control module 6052 having at least a transceiver control module 60521.
  • the communications control module 6052 (using its transceiver control sub-module) is responsible for handling (generating/sending/receiving) signalling between the RU 60 and other nodes or units, such as the UE 3, another RU 60 and DU 61 (e.g. directly or indirectly).
  • the signalling may include, for example, appropriately formatted signalling messages relating to a radio connection and a connection with the RU 60 (for a particular UE 3 (e.g., the Network Relay UE 300)), and in particular, relating to MAC layer and RLC layer.
  • the controller 604 is also configured (by software or hardware) to handle related tasks such as, when implemented, UE mobility estimate and/or moving trajectory estimation.
  • the RU 60 may support the Non-Public Network (NPN),
  • NPN may be a Stand-alone Non-Public Network (SNPN) or a Public Network Integrated NPN (PNI-NPN).
  • SNPN Stand-alone Non-Public Network
  • PNI-NPN Public Network Integrated NPN
  • the RU 60 can be integrated/combined with the DU 61 as an integrated/combined unit. Any functionality in the description for the RU 60 can be implemented in the integrated/combined unit above.
  • FIG. 18 is a block diagram illustrating the main components of an exemplary DU 61, for example a DU part of a base station ('eNB' in LTE, 'gNB' in 5G, a base station for 5G beyond, a base station for 6G).
  • the apparatus includes a transceiver circuit 611 which is operable to transmit signals to and to receive signals from other nodes or units (including the RU 60) via a network interface 612.
  • a controller 613 controls the operation of the DU 61 in accordance with software stored in a memory 614.
  • Software may be pre-installed in the memory 614 and/or may be downloaded via the telecommunication network or from a removable data storage device (RMD), for example.
  • RMD removable data storage device
  • the DU 61 may support the Non-Public Network (NPN),
  • NPN may be a Stand-alone Non-Public Network (SNPN) or a Public Network Integrated NPN (PNI-NPN).
  • SNPN Stand-alone Non-Public Network
  • PNI-NPN Public Network Integrated NPN
  • the software includes, among other things, an operating system 6241 and a communications control module 6242 having at least a transceiver control module 62421.
  • the communications control module 6242 (using its transceiver control module 62421 is responsible for handling (generating/sending/receiving) signalling between the CU 62 and other nodes or units, such as the DU 61 and other nodes and units.
  • the CU 62 can be integrated/combined with the DU 61 as an integrated/combined unit. Any functionality in the description for the CU 62 can be implemented in the integrated/combined unit above.
  • FIG. 20 is a block diagram illustrating the main components of the AMF 70.
  • the apparatus includes a transceiver circuit 701 which is operable to transmit signals to and to receive signals from other nodes (including the UE 3 (e.g., the Network Relay UE 300 and the UE 3), the NSSF 76) via a network interface 702.
  • a controller 703 controls the operation of the AMF 70 in accordance with software stored in a memory 704.
  • Software may be pre-installed in the memory 704 and/or may be downloaded via the telecommunication network or from a removable data storage device (RMD), for example.
  • RMD removable data storage device
  • the software includes, among other things, an operating system 7041 and a communications control module 7042 having at least a transceiver control module 70421.
  • the communications control module 7042 (using its transceiver control module 70421 is responsible for handling (generating/sending/receiving) signalling between the AMF 70 and other nodes, such as the UE 3 (e.g. via the (R)AN node 5) and other core network nodes (including core network nodes in the HPLMN of the UE 3 when the UE 3 is roaming-in.
  • signalling may include, for example, appropriately formatted signalling messages (e.g. a registration request message and associated response messages) relating to access and mobility management procedures (for the UE 3).
  • FIG. 21 is a block diagram illustrating the main components of the SMF 71.
  • the apparatus includes a transceiver circuit 711 which is operable to transmit signals to and to receive signals from other nodes (including the AMF 70) via a network interface 712.
  • a controller 713 controls the operation of the SMF 71 in accordance with software stored in a memory 714.
  • Software may be pre-installed in the memory 714 and/or may be downloaded via the telecommunication network or from a removable data storage device (e.g. a removable memory device (RMD)), for example.
  • the software includes, among other things, an operating system 7141 and a communications control module 7142 having at least a transceiver control module 71421.
  • the communications control module 7142 (using its transceiver control module 71421 is responsible for handling (generating/sending/receiving) signalling between the SMF 71 and other nodes, such as the AMF 70 and other core network nodes (including core network nodes in the HPLMN of the UE 3 (e.g., the Network Relay UE 300 and the UE 3) when the UE 3 is roaming-in.
  • signalling may include, for example, appropriately formatted signalling messages (e.g. a HTTP restful methods based on the service based interfaces) relating to policy management procedures (for the UE 3).
  • the SMF 71 may support the Non-Public Network (NPN),
  • NPN may be a Stand-alone Non-Public Network (SNPN) or a Public Network Integrated NPN (PNI-NPN).
  • SNPN Stand-alone Non-Public Network
  • PNI-NPN Public Network Integrated NPN
  • the SMF 7101 and the SMF 7102 may have same components to the SMF 71.
  • Fig. 22 is a block diagram illustrating the main components of the UPF 72.
  • the apparatus includes a transceiver circuit 721 which is operable to transmit signals to and to receive signals from other nodes (including the SMF 71) via a network interface 722.
  • a controller 723 controls the operation of the UPF 72 in accordance with software stored in a memory 724.
  • Software may be pre-installed in the memory 724 and/or may be downloaded via the telecommunication network or from a removable data storage device (e.g. a removable memory device (RMD)), for example.
  • the software includes, among other things, an operating system 7241 and a communications control module 7242 having at least a transceiver control module 72421.
  • the UPF 72 may support the Non-Public Network (NPN),
  • NPN may be a Stand-alone Non-Public Network (SNPN) or a Public Network Integrated NPN (PNI-NPN).
  • SNPN Stand-alone Non-Public Network
  • PNI-NPN Public Network Integrated NPN
  • the UPF 7201, the UPF 7202 and the UPF 7203 may have same components to the UPF 72.
  • the communications control module 7342 (using its transceiver control module 73421 is responsible for handling (generating/sending/receiving) signalling between the PCF 73 and other nodes, such as the AMF 70 and other core network nodes (including core network nodes in the HPLMN of the UE 3 (e.g., the Network Relay UE 300 and the UE 3) when the UE 3 is roaming-in.
  • signalling may include, for example, appropriately formatted signalling messages (e.g. a HTTP restful methods based on the service based interfaces) relating to policy management procedures (for the UE 3).
  • the PCF 73 may support the Non-Public Network (NPN),
  • NPN may be a Stand-alone Non-Public Network (SNPN) or a Public Network Integrated NPN (PNI-NPN).
  • the PCF 7301, the PCF 7302, the PCF 7303, the V-PCF 7301, the V-PCF 7302 and the H-PCF 7303 may have same components to the PCF 73.
  • Fig. 24 is a block diagram illustrating the main components of the NWDAF 74.
  • the apparatus includes a transceiver circuit 741 which is operable to transmit signals to and to receive signals from other nodes (including the AMF 70 and the UDM 75) via a network interface 742.
  • a controller 743 controls the operation of the NWDAF 74 in accordance with software stored in a memory 744.
  • Software may be pre-installed in the memory 744 and/or may be downloaded via the telecommunication network or from a removable data storage device (e.g. a removable memory device (RMD)), for example.
  • a removable data storage device e.g. a removable memory device (RMD)
  • the software includes, among other things, an operating system 7441 and a communications control module 7442 having at least a transceiver control module 74421.
  • the communications control module 7442 (using its transceiver control module 74421 is responsible for handling (generating/sending/receiving) signalling between the NWDAF 74 and other nodes, such as the AMF 70 and other core network nodes (including core network nodes in the HPLMN of the UE 3 when the UE 3 is roaming-in.
  • signalling may include, for example, appropriately formatted signalling messages (e.g. a HTTP restful methods based on the service based interfaces) relating to policy management procedures (for the UE 3).
  • the NWDAF 74 may support the Non-Public Network (NPN),
  • NPN may be a Stand-alone Non-Public Network (SNPN) or a Public Network Integrated NPN (PNI-NPN).
  • SNPN Stand-alone Non-Public Network
  • PNI-NPN Public Network Integrated NPN
  • Fig. 25 is a block diagram illustrating the main components of the UDM 75.
  • the apparatus includes a transceiver circuit 751 which is operable to transmit signals to and to receive signals from other nodes (including the AMF 70) via a network interface 752.
  • a controller 753 controls the operation of the UDM 75 in accordance with software stored in a memory 754.
  • Software may be pre-installed in the memory 754 and/or may be downloaded via the telecommunication network or from a removable data storage device (RMD), for example.
  • the software includes, among other things, an operating system 7541 and a communications control module 7542 having at least a transceiver control module 75421.
  • the communications control module 7542 (using its transceiver control module 75421 is responsible for handling (generating/sending/receiving) signalling between the UDM 75 and other nodes, such as the AMF 70 and other core network nodes (including core network nodes in the VPLMN of the UE 3 (e.g., the Network Relay UE 300 and the UE 3) when the UE 3 is roaming-out.
  • signalling may include, for example, appropriately formatted signalling messages (e.g. a HTTP restful methods based on the service based interfaces) relating to mobility management procedures (for the UE 3).
  • the UDM 75 may support the Non-Public Network (NPN),
  • NPN may be a Stand-alone Non-Public Network (SNPN) or a Public Network Integrated NPN (PNI-NPN).
  • SNPN Stand-alone Non-Public Network
  • PNI-NPN Public Network Integrated NPN
  • FIG. 26 is a block diagram illustrating the main components of the AUSF 76.
  • the apparatus includes a transceiver circuit 761 which is operable to transmit signals to and to receive signals from other nodes (including the AMF 70) via a network interface 762.
  • a controller 763 controls the operation of the AUSF 76 in accordance with software stored in a memory 764.
  • Software may be pre-installed in the memory 764 and/or may be downloaded via the telecommunication network or from a removable data storage device (RMD), for example.
  • the software includes, among other things, an operating system 7641 and a communications control module 7642 having at least a transceiver control module 76421.
  • the communications control module 7642 (using its transceiver control module 76421 is responsible for handling (generating/sending/receiving) signalling between the AUSF 76 and other nodes, such as the AMF 70 and other core network nodes (including core network nodes in the VPLMN of the UE 3 when the UE 3 is roaming-out.
  • signalling may include, for example, appropriately formatted signalling messages (e.g. a HTTP restful methods based on the service based interfaces) relating to mobility management procedures (for the UE 3).
  • the AUSF 76 may support the Non-Public Network (NPN),
  • NPN may be a Stand-alone Non-Public Network (SNPN) or a Public Network Integrated NPN (PNI-NPN).
  • SNPN Stand-alone Non-Public Network
  • PNI-NPN Public Network Integrated NPN
  • Fig. 27 is a block diagram illustrating the main components of the AAnF 77.
  • the apparatus includes a transceiver circuit 771 which is operable to transmit signals to and to receive signals from other nodes (including the AMF 70) via a network interface 772.
  • a controller 773 controls the operation of the AAnF 77 in accordance with the software stored in a memory 774.
  • the Software may be pre-installed in the memory 774 and/or may be downloaded via the telecommunication network or from a removable data storage device (e.g. a removable memory device (RMD)), for example.
  • a removable data storage device e.g. a removable memory device (RMD)
  • the software includes, among other things, an operating system 7741 and a communications control module 7742 having at least a transceiver control module 77421.
  • the communications control module 7742 (using its transceiver control module 77421 is responsible for handling (generating/sending/receiving) signalling between the AAnF 77 and other nodes, such as the AMF 70 and other core network nodes (including core network nodes in the HPLMN of the UE 3 when the UE 3 is roaming-in.
  • signalling may include, for example, appropriately formatted signalling messages (e.g. a HTTP restful methods based on the service based interfaces) relating to network data analytics function procedures (for the UE 3).
  • the AAnF 77 may support the Non-Public Network (NPN),
  • NPN may be a Stand-alone Non-Public Network (SNPN) or a Public Network Integrated NPN (PNI-NPN).
  • SNPN Stand-alone Non-Public Network
  • PNI-NPN Public Network Integrated NPN
  • AAnF 7702, the AAnF 7703 and the AAnF 7704 may have same components to the AAnF 77.
  • Fig. 28 is a block diagram illustrating the main components of the NRF 78.
  • the apparatus includes a transceiver circuit 781 which is operable to transmit signals to and to receive signals from other nodes (including the AMF 70) via a network interface 782.
  • a controller 783 controls the operation of the NRF 78 in accordance with the software stored in a memory 784.
  • the Software may be pre-installed in the memory 784 and/or may be downloaded via the telecommunication network or from a removable data storage device (e.g. a removable memory device (RMD)), for example.
  • the software includes, among other things, an operating system 7841 and a communications control module 7842 having at least a transceiver control module 78421.
  • the communications control module 7842 (using its transceiver control module 78421 is responsible for handling (generating/sending/receiving) signalling between the NRF 78 and other nodes, such as the AMF 70 and other core network nodes (including core network nodes in the HPLMN of the UE 3 when the UE 3 is roaming-in.
  • signalling may include, for example, appropriately formatted signalling messages (e.g. a HTTP restful methods based on the service based interfaces) relating to network data analytics function procedures (for the UE 3).
  • Fig. 29 is a block diagram illustrating the main components of the NEF 79.
  • the apparatus includes a transceiver circuit 791 which is operable to transmit signals to and to receive signals from other nodes (including the AMF 70) via a network interface 792.
  • a controller 793 controls the operation of the NEF 79 in accordance with the software stored in a memory 794.
  • the Software may be pre-installed in the memory 794 and/or may be downloaded via the telecommunication network or from a removable data storage device (e.g. a removable memory device (RMD)), for example.
  • the software includes, among other things, an operating system 7941 and a communications control module 7942 having at least a transceiver control module 79421.
  • the communications control module 7942 (using its transceiver control module 79421 is responsible for handling (generating/sending/receiving) signalling between the NEF 79 and other nodes, such as the AMF 70 and other core network nodes (including core network nodes in the HPLMN of the UE 3 when the UE 3 is roaming-in.
  • signalling may include, for example, appropriately formatted signalling messages (e.g. a HTTP restful methods based on the service based interfaces) relating to network data analytics function procedures (for the UE 3).
  • the NEF 79 may support the Non-Public Network (NPN),
  • NPN may be a Stand-alone Non-Public Network (SNPN) or a Public Network Integrated NPN (PNI-NPN).
  • SNPN Stand-alone Non-Public Network
  • PNI-NPN Public Network Integrated NPN
  • FIG. 30 is a block diagram illustrating the main components of the UDR 7A.
  • the apparatus includes a transceiver circuit 7A1 which is operable to transmit signals to and to receive signals from other nodes (including the AMF 70) via a network interface 7A2.
  • a controller 7A3 controls the operation of the UDR 7A in accordance with the software stored in a memory 7A4.
  • the Software may be pre-installed in the memory 7A4 and/or may be downloaded via the telecommunication network or from a removable data storage device (e.g. a removable memory device (RMD)), for example.
  • the software includes, among other things, an operating system 7A41 and a communications control module 7A42 having at least a transceiver control module 7A421.
  • the communications control module 7A42 (using its transceiver control module 7A421 is responsible for handling (generating/sending/receiving) signalling between the UDR 7A and other nodes, such as the AMF 70 and other core network nodes (including core network nodes in the HPLMN of the UE 3 when the UE 3 is roaming-in.
  • signalling may include, for example, appropriately formatted signalling messages (e.g. a HTTP restful methods based on the service based interfaces) relating to network data analytics function procedures (for the UE 3).
  • the UDR 7A may support the Non-Public Network (NPN),
  • NPN may be a Stand-alone Non-Public Network (SNPN) or a Public Network Integrated NPN (PNI-NPN).
  • SNPN Stand-alone Non-Public Network
  • PNI-NPN Public Network Integrated NPN
  • FIG. 31 is a block diagram illustrating the main components of the BSF 7B.
  • the apparatus includes a transceiver circuit 7B1 which is operable to transmit signals to and to receive signals from other nodes (including the AMF 70) via a network interface 7B2.
  • a controller 7B3 controls the operation of the BSF 7B in accordance with the software stored in a memory 7B4.
  • the Software may be pre-installed in the memory 7B4 and/or may be downloaded via the telecommunication network or from a removable data storage device (e.g. a removable memory device (RMD)), for example.
  • the software includes, among other things, an operating system 7B41 and a communications control module 7B42 having at least a transceiver control module 7B421.
  • the communications control module 7B42 (using its transceiver control module 7B421 is responsible for handling (generating/sending/receiving) signalling between the BSF 7B and other nodes, such as the AMF 70 and other core network nodes (including core network nodes in the HPLMN of the UE 3 when the UE 3 is roaming-in.
  • signalling may include, for example, appropriately formatted signalling messages (e.g. a HTTP restful methods based on the service based interfaces) relating to network data analytics function procedures (for the UE 3).
  • the BSF 7B may support the Non-Public Network (NPN),
  • NPN may be a Stand-alone Non-Public Network (SNPN) or a Public Network Integrated NPN (PNI-NPN).
  • SNPN Stand-alone Non-Public Network
  • PNI-NPN Public Network Integrated NPN
  • Fig. 32 is a block diagram illustrating the main components of the AF 201.
  • the apparatus includes a transceiver circuit 2011 which is operable to transmit signals to and to receive signals from other nodes (including the UE 3 (e.g., the Network Relay UE 300 and the UE 3)) via a network interface 2012.
  • a controller 2013 controls the operation of the AF 201 in accordance with software stored in a memory 2014.
  • Software may be pre-installed in the memory 2014 and/or may be downloaded via the telecommunication network or from a removable data storage device (e.g. a removable memory device (RMD)), for example.
  • a removable data storage device e.g. a removable memory device (RMD)
  • the software includes, among other things, an operating system 20141 and a communications control module 20142 having at least a transceiver control module 201421.
  • the communications control module 20142 (using its transceiver control module 201421 is responsible for handling (generating/sending/receiving) signalling between the AF 201 and other nodes, such as the UE 3 and other core network nodes (including core network nodes in the HPLMN of the UE 3 when the UE 3 is roaming-in.
  • signalling may include, for example, appropriately formatted signalling messages (e.g. a HTTP restful methods based on the service based interfaces) relating to policy management procedures (for the UE 3).
  • the AF 201 may support the Non-Public Network (NPN),
  • NPN may be a Stand-alone Non-Public Network (SNPN) or a Public Network Integrated NPN (PNI-NPN).
  • SNPN Stand-alone Non-Public Network
  • PNI-NPN Public Network Integrated NPN
  • the software includes, among other things, an operating system 20241 and a communications control module 20242 having at least a transceiver control module 202421.
  • the communications control module 20242 (using its transceiver control module 202421 is responsible for handling (generating/sending/receiving) signalling between the AP 202 and other nodes, such as the UE 3 and other core network nodes (including core network nodes in the HPLMN of the UE 3 when the UE 3 is roaming-in.
  • signalling may include, for example, appropriately formatted signalling messages (e.g. a HTTP restful methods based on the service based interfaces) relating to policy management procedures (for the UE 3).
  • the AP 202 may support the Non-Public Network (NPN),
  • NPN may be a Stand-alone Non-Public Network (SNPN) or a Public Network Integrated NPN (PNI-NPN).
  • SNPN Stand-alone Non-Public Network
  • PNI-NPN Public Network Integrated NPN
  • Fig. 34 is a block diagram illustrating the main components of the NAF 203.
  • the apparatus includes a transceiver circuit 2031 which is operable to transmit signals to and to receive signals from other nodes (including the UE 3 (e.g., the Network Relay UE 300 and the UE 3)) via a network interface 2032.
  • a controller 2033 controls the operation of the NAF 203 in accordance with software stored in a memory 2034.
  • Software may be pre-installed in the memory 2034 and/or may be downloaded via the telecommunication network or from a removable data storage device (e.g. a removable memory device (RMD)), for example.
  • a removable data storage device e.g. a removable memory device (RMD)
  • the NAF 203 may support the Non-Public Network (NPN),
  • NPN may be a Stand-alone Non-Public Network (SNPN) or a Public Network Integrated NPN (PNI-NPN).
  • SNPN Stand-alone Non-Public Network
  • PNI-NPN Public Network Integrated NPN
  • the UE 3 and the network apparatus are described for ease of understanding as having a number of discrete modules (such as the communication control modules). Whilst these modules may be provided in this way for certain applications, for example where an existing system has been modified to implement the disclosure, in other applications, for example in systems designed with the inventive features in mind from the outset, these modules may be built into the overall operating system or code and so these modules may not be discernible as discrete entities. These modules may also be implemented in software, hardware, firmware or a mix of these.
  • Each controller may comprise any suitable form of processing circuitry including (but not limited to), for example: one or more hardware implemented computer processors; microprocessors; central processing units (CPUs); arithmetic logic units (ALUs); input/output (IO) circuits; internal memories / caches (program and/or data); processing registers; communication buses (e.g. control, data and/or address buses); direct memory access (DMA) functions, hardware or software implemented counters, pointers and/or timers; and/or the like.
  • processors e.g. one or more hardware implemented computer processors; microprocessors; central processing units (CPUs); arithmetic logic units (ALUs); input/output (IO) circuits; internal memories / caches (program and/or data); processing registers; communication buses (e.g. control, data and/or address buses); direct memory access (DMA) functions, hardware or software implemented counters, pointers and/or timers; and/or the like.
  • CPUs central processing
  • the software modules may be provided in compiled or un-compiled form and may be supplied to the UE 3 and the network apparatus as a signal over a computer network, or on a recording medium. Further, the functionality performed by part or all of this software may be performed using one or more dedicated hardware circuits. However, the use of software modules is preferred as it facilitates the updating of the UE 3 and the network apparatus in order to update their functionalities.
  • radio access radio access
  • any other radio communications technology e.g. WLAN, Wi-Fi, WiMAX, Bluetooth, etc.
  • other fix line communications technology e.g. BBF Access, Cable Access, optical access, etc.
  • Items of user equipment might include, for example, communication devices such as mobile telephones, smartphones, user equipment, personal digital assistants, laptop/tablet computers, web browsers, e-book readers and/or the like.
  • Such mobile (or even generally stationary) devices are typically operated by a user, although it is also possible to connect so-called 'Internet of Things' (IoT) devices and similar machine-type communication (MTC) devices to the network.
  • IoT Internet of Things
  • MTC machine-type communication
  • the present application refers to mobile devices (or UEs) in the description but it will be appreciated that the technology described can be implemented on any communication devices (mobile and/or generally stationary) that can connect to a communications network for sending/receiving data, regardless of whether such communication devices are controlled by human input or software instructions stored in memory.
  • the present disclosure may be embodied as a method, and system. Accordingly, the present disclosure may take the form of an entirely hardware embodiment, a software embodiment or an embodiment combining software and hardware aspects.
  • each block of the block diagrams can be implemented by computer program instructions.
  • These computer program instructions may be provided to a processor of a general-purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks.
  • a general-purpose processor may be a microprocessor, but in the alternative, the processor may be any conventional processor, controller, microcontroller, or state machine.
  • a processor may also be implemented as a combination of computing devices, e.g., a plurality of microprocessors, one or more microprocessors, or any other such configuration.
  • a software module may reside in RAM memory, flash memory, ROM memory, EPROM memory, EEPROM memory, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
  • a storage medium may be coupled to the processor such that the processor can read information from, and write information to, the storage medium. In the alternative, the storage medium may be integral to the processor.
  • the processor and the storage medium may reside in an ASIC.
  • a first CN device comprises an Access and Mobility Management Function.
  • the first request message further comprises information related to user identity.
  • 5G-GUTI 5G Globally Unique Temporary Identifier
  • UE user equipment
  • SUPI Subscription Permanent Identifier
  • AKMA Authentication and Key Management for Applications
  • the method according to supplementary note 5, wherein the sending the first response message comprises: based on a determination that an AKMA function related to the first SUPI is set, the first response message comprises the first AKMA for the first SUPI.
  • the sending the first response message comprises: based on a determination that an AKMA function related to the second SUPI is set, the first response message comprises the second AKMA for the second SUPI.
  • the first request message further comprises information related to user identity.
  • the first response message further comprises information related to 5G Globally Unique Temporary Identifier (5G-GUTI).
  • 5G-GUTI 5G Globally Unique Temporary Identifier
  • a user equipment comprising: one or more memories storing instructions; and one or more processors configured to process the instructions to control the UE to: have a first Subscription Permanent Identifier (SUPI) and a second SUPI; send, to a first core network (CN) device, a first request message comprising first information related to multiple Authentication and Key Management for Applications (AKMA); and receive, from the first CN device, a first response message comprising a first AKMA for the first SUPI and/or a second AKMA for the second SUPI.
  • SUPI Subscription Permanent Identifier
  • AKMA Authentication and Key Management for Applications
  • the UE according to supplementary note 10 wherein the first request message further comprises information related to user identity.
  • the first response message further comprises information related to 5G Globally Unique Temporary Identifier (5G-GUTI).
  • 5G-GUTI 5G Globally Unique Temporary Identifier
  • a first core network (CN) device comprising: one or more memories storing instructions; and one or more processors configured to process the instructions to control the first CN to: receive, from a user equipment (UE) having a first Subscription Permanent Identifier (SUPI) and a second SUPI, a first request message comprising first information related to multiple Authentication and Key Management for Applications (AKMA); send, to the UE, a first response message comprising a first AKMA for the first SUPI and/or a second AKMA for the second SUPI.
  • UE user equipment
  • SUPI Subscription Permanent Identifier
  • AKMA Authentication and Key Management for Applications
  • the first CN according to supplementary note 14, wherein based on a determination that an AKMA function related to the first SUPI is set, the first response message comprises the first AKMA for the first SUPI.
  • the first CN according to supplementary note 14 wherein based on a determination that an AKMA function related to the second SUPI is set, the first response message comprises the second AKMA for the second SUPI.
  • the first request message further comprises information related to user identity.
  • the first response message further comprises information related to 5G Globally Unique Temporary Identifier (5G-GUTI).
  • 5G-GUTI 5G Globally Unique Temporary Identifier

Landscapes

  • Mobile Radio Communication Systems (AREA)

Abstract

Un aspect de la présente divulgation concerne un procédé mis en œuvre par un équipement utilisateur (UE). Le procédé consiste à se procurer un premier identifiant permanent d'abonnement (SUPI) et un second SUPI ; à envoyer, à un premier dispositif de réseau central (CN), un premier message de demande comprenant des premières informations relatives à une authentification multiple et à une gestion de clé d'applications (AKMA) ; et à recevoir, en provenance du premier dispositif de CN, un premier message de réponse comprenant une première AKMA pour le premier SUPI et/ou une seconde AKMA pour le second SUPI.
PCT/JP2025/013362 2024-04-05 2025-04-01 Procédé mis en œuvre par un équipement utilisateur, procédé mis en œuvre par un premier dispositif de réseau central, équipement utilisateur et premier dispositif de réseau central Pending WO2025211365A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
IN202411028207 2024-04-05
IN202411028207 2024-04-05

Publications (1)

Publication Number Publication Date
WO2025211365A1 true WO2025211365A1 (fr) 2025-10-09

Family

ID=97267071

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2025/013362 Pending WO2025211365A1 (fr) 2024-04-05 2025-04-01 Procédé mis en œuvre par un équipement utilisateur, procédé mis en œuvre par un premier dispositif de réseau central, équipement utilisateur et premier dispositif de réseau central

Country Status (1)

Country Link
WO (1) WO2025211365A1 (fr)

Similar Documents

Publication Publication Date Title
WO2022259830A1 (fr) Procédé d'équipement utilisateur (ue) et équipement utilisateur (ue)
WO2023032529A1 (fr) Procédé d'appareil de communication, procédé de gnb-cu-cp, procédé d'appareil amf, procédé d'appareil smf, procédé d'appareil gnb-du, procédé d'appareil upf, appareil de communication, appareil gnb-cu-cp, appareil amf, appareil smf, appareil gnb du et appareil upf
WO2022270259A1 (fr) Procédé d'appareil de fonction de gestion de session (smf), procédé d'appareil de fonction de commande d'admission de tranche de réseau (nsacf), procédé d'appareil de fonction de gestion de mobilité et d'accès (amf), procédé d'appareil associé à smf, appareil smf, appareil nsacf, appareil amf et appareil associé à smf
WO2023286779A1 (fr) Procédé exécuté par un terminal radio, et terminal radio
WO2023145526A1 (fr) Procédé d'équipement utilisateur (eu), procédé d'appareil de communication, eu et appareil de communication
WO2022270386A1 (fr) Procédé de premier appareil à fonction de gestion d'accès et de mobilité (amf), procédé d'équipement utilisateur (ue), premier appareil à fonction de gestion d'accès et de mobilité (amf) et équipement utilisateur (ue)
WO2024150678A1 (fr) Terminal radio, nœud de réseau central, gestion de données unifiée (udm), serveur d'abonné domestique (hss), équipement utilisateur (ue) et procédé
WO2024162185A1 (fr) Fonction de gestion d'accès et de mobilité, amf, réseau d'accès radio partagé, ran et procédé
WO2023182199A1 (fr) Procédé d'équipement utilisateur (eu), procédé d'appareil de communication et appareil de communication
WO2025211365A1 (fr) Procédé mis en œuvre par un équipement utilisateur, procédé mis en œuvre par un premier dispositif de réseau central, équipement utilisateur et premier dispositif de réseau central
WO2025211360A1 (fr) Procédé mis en œuvre par un équipement utilisateur (ue), procédé mis en œuvre par un premier dispositif de réseau central (cn), un équipement utilisateur (ue) et un premier dispositif de réseau central (cn)
WO2025211350A1 (fr) Procédé mis en œuvre par un équipement utilisateur (ue), procédé mis en œuvre par un premier dispositif de réseau central (cn), équipement utilisateur (ue) et premier dispositif de réseau central (cn)
WO2024225050A1 (fr) Procédé d'équipement utilisateur (ue) distant, procédé de premier appareil de communication, ue distant et premier appareil de communication
WO2025069797A1 (fr) Procédé d'équipement utilisateur (ue), procédé de fonction de gestion d'accès et de mobilité (amf), ue et amf
WO2025069793A1 (fr) Procédé d'équipement utilisateur (ue), procédé de fonction de gestion d'accès et de mobilité (amf), ue et amf
WO2024029421A1 (fr) Procédé de fonction de gestion d'accès et de mobilité (amf), procédé d'équipement utilisateur (ue), amf et ue
WO2024150683A1 (fr) Station radio, nœud de réseau central, terminal radio et procédés
WO2024053389A1 (fr) Équipement utilisateur (ue), procédé d'ue et fonction de gestion d'accès et de mobilité (amf)
WO2025018243A1 (fr) Terminal radio, premier nœud de réseau central, deuxième nœud de réseau central, troisième nœud de réseau central, quatrième nœud de réseau central, procédé pour un terminal radio, procédé pour un premier nœud de réseau central, procédé pour un deuxième nœud de réseau central, procédé pour un troisième nœud de réseau central et procédé pour un quatrième nœud de réseau central
WO2025018277A1 (fr) Procédé d'équipement utilisateur (ue) et ue
WO2025018268A1 (fr) Procédé d'équipement utilisateur (ue), procédé d'appareil de réseau central, ue et appareil de réseau central
WO2025018242A1 (fr) Procédé d'équipement utilisateur (ue), procédé d'un appareil de communication, ue et appareil de communication
WO2025018244A1 (fr) Procédé d'équipement utilisateur (ue), procédé d'appareil de communication, ue et appareil de communication
WO2025018245A1 (fr) Terminal radio, premier nœud de réseau central maître, premier nœud de réseau central secondaire, deuxième nœud de réseau central, quatrième nœud de réseau central, procédé pour terminal radio, procédé pour premier nœud de réseau central maître, procédé pour premier nœud de réseau central secondaire, procédé pour deuxième nœud de réseau central, et procédé pour quatrième nœud de réseau central
WO2025018276A1 (fr) Procédé d'équipement utilisateur (ue), procédé d'appareil de communication, ue et appareil de communication