CN118020269A - Transmitting and storing air system security information - Google Patents

Transmitting and storing air system security information Download PDF

Info

Publication number
CN118020269A
CN118020269A CN202180102700.XA CN202180102700A CN118020269A CN 118020269 A CN118020269 A CN 118020269A CN 202180102700 A CN202180102700 A CN 202180102700A CN 118020269 A CN118020269 A CN 118020269A
Authority
CN
China
Prior art keywords
combination
session
security
user plane
aircraft
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202180102700.XA
Other languages
Chinese (zh)
Inventor
S·B·M·巴斯克阿朗
D·卡拉姆帕特斯
R·阿塔瑞斯
A·孔茨
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Lenovo Singapore Pte Ltd
Original Assignee
Lenovo Singapore Pte Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Lenovo Singapore Pte Ltd filed Critical Lenovo Singapore Pte Ltd
Priority claimed from PCT/EP2021/084068 external-priority patent/WO2023072416A1/en
Publication of CN118020269A publication Critical patent/CN118020269A/en
Pending legal-status Critical Current

Links

Landscapes

  • Mobile Radio Communication Systems (AREA)

Abstract

Apparatuses, methods, and systems for transmitting and storing over-the-air system security information are disclosed. A method (600) includes transmitting (602) a request message to an unmanned aerial system network function, a network exposure function, or a combination thereof, the request message including: an aircraft identifier; a common public subscription identifier; session security information. The method (600) includes receiving (604) a response message from the unmanned aerial system network function, the network exposure function, or a combination thereof, the response message including: the aircraft identifier; the common public subscription identifier; an aircraft authentication result; air system session security requirement information. The method (600) includes storing (606) the air system session security requirement information with the aircraft identifier, the common public subscription identifier, and the aircraft authentication result.

Description

Transmitting and storing air system security information
Technical Field
The subject matter disclosed herein relates generally to wireless communications, and more particularly to communicating and storing air system security information.
Background
In some wireless communication networks, different network devices may increase the complexity and/or delay of the system. In such networks, network devices may not support integrity protection, which may impact security.
Disclosure of Invention
Methods for transmitting and storing air system security information are disclosed. The apparatus and system also perform the functions of the method. One embodiment of a method includes transmitting a request message from a session management function to an unmanned aerial system network function, a network exposure function, or a combination thereof, the request message including: an aircraft identifier; a common public subscription identifier; session security information. In some embodiments, the method includes receiving a response message from an unmanned aerial system network function, a network exposure function, or a combination thereof, the response message including: an aircraft identifier; a common public subscription identifier; an aircraft authentication result; air system session security requirement information. In certain embodiments, the method includes storing air system session security requirement information with an aircraft identifier, a common public subscription identifier, and an aircraft authentication result.
An apparatus for transmitting and storing air system security information includes a session management function. In some embodiments, the apparatus includes a transmitter that transmits a request message to an unmanned aerial system network function, a network exposure function, or a combination thereof, the request message including: an aircraft identifier; a common public subscription identifier; session security information. In various embodiments, the apparatus includes a receiver that receives a response message from an unmanned aerial system network function, a network exposure function, or a combination thereof, the response message including: an aircraft identifier; a common public subscription identifier; an aircraft authentication result; air system session security requirement information. In certain embodiments, the apparatus includes a processor that stores air system session security requirement information along with an aircraft identifier, a common public subscription identifier, and an aircraft authentication result.
Another embodiment of a method for communicating and storing air system security information includes receiving, at an unmanned air system network function, a network exposure function, or a combination thereof, a first request message from a session management function, the first request message including: an aircraft identifier; a common public subscription identifier; session security information. In some embodiments, the method includes transmitting a second request message to the unmanned aerial system service provider, the unmanned aerial system traffic management function, or a combination thereof, the second request message including: an aircraft identifier; a common public subscription identifier; session security information. In certain embodiments, the method includes receiving a second response message from the unmanned aerial system service provider, the unmanned aerial system traffic management function, or a combination thereof, the second response message including: an aircraft identifier; a common public subscription identifier; an aircraft authentication result; air system session security requirement information. In various embodiments, the method includes transmitting a first response message to a session management function, the first response message including: an aircraft identifier; a common public subscription identifier; an aircraft authentication result; air system session security requirement information. In some embodiments, the method includes storing the air system session security requirement information with an aircraft identifier, a common public subscription identifier, and an aircraft authentication result.
Another apparatus for communicating and storing air system security information includes unmanned air system network functions, network exposure functions, or a combination thereof. In some embodiments, the apparatus includes a receiver that receives a first request message from a session management function, the first request message including: an aircraft identifier; a common public subscription identifier; session security information. In various embodiments, the apparatus includes a transmitter that transmits a second request message to an unmanned aerial system service provider, an unmanned aerial system traffic management function, or a combination thereof, the second request message including: an aircraft identifier; a common public subscription identifier; session security information. In certain embodiments, the apparatus comprises a processor, wherein: the receiver receives a second response message from the unmanned aerial system service provider, the unmanned aerial system traffic management function, or a combination thereof, the second response message comprising: an aircraft identifier; a common public subscription identifier; an aircraft authentication result; the air system session security requirement information; the transmitter transmits a first response message to the session management function, the first response message comprising: an aircraft identifier; a common public subscription identifier; an aircraft authentication result; the air system session security requirement information; and the processor stores the air system session security requirement information with the aircraft identifier, the common public subscription identifier, and the aircraft authentication result.
Another embodiment of a method for communicating and storing air system security information includes receiving, at an unmanned air system service provider, an unmanned air system traffic management function, or a combination thereof, a request message from an unmanned air system network function, a network exposure function, or a combination thereof, the request message including: an aircraft identifier; a common public subscription identifier; session security information. In some embodiments, the method includes performing authentication, authorization, or a combination thereof, of the aircraft corresponding to the aircraft identifier. In certain embodiments, the method includes determining air system session security requirement information based on the session security information. In various embodiments, the method includes storing air system session security requirement information with an aircraft identifier, a common public subscription identifier, and an aircraft authentication result. In some embodiments, the method includes transmitting a response message to the unmanned aerial system network function, the network exposure function, or a combination thereof, the response message including: an aircraft identifier; a common public subscription identifier; air system session security requirement information.
Another apparatus for communicating and storing air system security information includes an unmanned air system service provider, an unmanned air system traffic management function, or a combination thereof. In some embodiments, the apparatus includes a receiver that receives a request message from an unmanned aerial system network function, a network exposure function, or a combination thereof, the request message including: an aircraft identifier; a common public subscription identifier; session security information. In various embodiments, the apparatus includes a processor that: performing authentication, authorization, or a combination thereof, of the aircraft corresponding to the aircraft identifier; determining air system session security requirement information based on the session security information; and storing the air system session security requirement information with the aircraft identifier, the common public subscription identifier, and the aircraft authentication result. In certain embodiments, the apparatus includes a transmitter that transmits a response message to the unmanned aerial system network function, the network exposure function, or a combination thereof, the response message including: an aircraft identifier; a common public subscription identifier; air system session security requirement information.
Drawings
A more particular description of the embodiments briefly described above will be rendered by reference to specific embodiments that are illustrated in the appended drawings. Understanding that these drawings depict only some embodiments and are not therefore to be considered limiting of its scope, the embodiments will be described and explained with additional specificity and detail through the use of the accompanying drawings in which:
FIG. 1 is a schematic block diagram illustrating one embodiment of a wireless communication system for transmitting and storing air system security information;
FIG. 2 is a schematic block diagram illustrating one embodiment of an apparatus that may be used to transfer and store air system security information;
FIG. 3 is a schematic block diagram illustrating one embodiment of an apparatus that may be used to transfer and store air system security information;
FIG. 4 is a schematic block diagram illustrating one embodiment of a system for service-based usage plane security policy enforcement for UAS-related PDU session establishment and/or modification;
fig. 5 is a schematic block diagram illustrating one embodiment of a system for user plane security enforcement during PDN connection establishment and/or modification;
FIG. 6 is a flow chart illustrating one embodiment of a method for transmitting and storing air system security information;
FIG. 7 is a flow chart illustrating another embodiment of a method for transmitting and storing air system security information; and
Fig. 8 is a flow chart illustrating another embodiment of a method for transmitting and storing air system security information.
Detailed Description
Aspects of the embodiments may be embodied as a system, apparatus, method or program product as will be appreciated by those skilled in the art. Thus, embodiments may take the form of an entirely hardware embodiment, an entirely software embodiment (including firmware, resident software, micro-code, etc.) or an embodiment combining software and hardware aspects that may all generally be referred to herein as a "circuit," module "or" system. Furthermore, embodiments may take the form of a program product embodied in one or more computer-readable storage devices storing machine-readable code, computer-readable code, and/or program code (hereinafter referred to as code). The storage device may be tangible, non-transitory, and/or non-transmitting. The storage device may not embody a signal. In one embodiment, the storage device employs only signals to access the code.
Some of the functional units described in this specification may be labeled as modules, in order to more particularly emphasize their implementation independence. For example, a module may be implemented as a hardware circuit comprising custom very large scale integration ("VLSI") circuits or gate arrays, off-the-shelf semiconductors such as logic chips, transistors, or other discrete components. A module may also be implemented in programmable hardware devices such as field programmable gate arrays, programmable array logic, programmable logic devices or the like.
Modules may also be implemented in code and/or software for execution by various types of processors. For example, an identified module of code may comprise one or more physical or logical blocks of executable code, which may, for instance, be organized as an object, procedure, or function. However, the executables of an identified module need not be physically located together, but may comprise disparate instructions stored in different locations which, when joined logically together, comprise the module and achieve the stated purpose for the module.
Indeed, a module of code may be a single instruction, or many instructions, and may even be distributed over several different code segments, among different programs, and across several memory devices. Similarly, operational data may be identified and illustrated herein within modules, and may be embodied in any suitable form and organized within any suitable type of data structure. The operational data may be collected as a single data set, or may be distributed over different locations including over different computer readable storage devices. Where a module or portion of a module is implemented in software, the software portion is stored on one or more computer-readable storage devices.
Any combination of one or more computer readable media may be utilized. The computer readable medium may be a computer readable storage medium. The computer readable storage medium may be a storage device that stores code. The storage device may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, holographic, micromechanical or semiconductor system, apparatus, or device, or any suitable combination of the foregoing.
More specific examples (a non-exhaustive list) of the storage device would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a random access memory ("RAM"), a read-only memory ("ROM"), an erasable programmable read-only memory ("EPROM" or flash memory), a portable compact disc read-only memory ("CD-ROM"), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
Code for performing operations of embodiments may be any number of rows and may be written in any combination of one or more programming languages, including an object oriented programming language (e.g., python, ruby, java, smalltalk, C ++ or the like) and conventional procedural programming languages (e.g., the "C" programming language or the like) and/or machine languages (e.g., assembly language). The code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the latter scenario, the remote computer may be connected to the user's computer through any type of network, including a local area network ("LAN"), or a wide area network ("WAN"), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
Reference throughout this specification to "one embodiment," "an embodiment," or similar language means that a particular feature, structure, or characteristic described in connection with the embodiment is included in at least one embodiment. Thus, appearances of the phrases "in one embodiment," "in an embodiment," and similar language throughout this specification may, but do not necessarily, all refer to the same embodiment, but mean "one or more but not all embodiments," unless expressly specified otherwise. The terms "comprising," "including," "having," and variations thereof mean "including but not limited to," unless expressly specified otherwise. The enumerated listing of items does not imply that any or all of the items are mutually exclusive, unless expressly specified otherwise. The terms "a," "an," and "the" also mean "one or more," unless expressly specified otherwise.
Furthermore, the described features, structures, or characteristics of the embodiments may be combined in any suitable manner. In the following description, numerous specific details are provided, such as examples of programming, software modules, user selections, network transactions, database queries, database structures, hardware modules, hardware circuits, hardware chips, etc., to provide a thorough understanding of embodiments. One skilled in the relevant art will recognize, however, that the embodiments may be practiced without one or more of the specific details, or with other methods, components, materials, etc. In other instances, well-known structures, materials, or operations are not shown or described in detail to avoid obscuring aspects of the embodiments.
Aspects of the embodiments are described below with reference to schematic flow chart diagrams and/or schematic block diagrams of methods, apparatuses, systems and program products according to the embodiments. It is understood that each block of the schematic flow diagrams and/or schematic block diagrams, and combinations of blocks in the schematic flow diagrams and/or schematic block diagrams, can be implemented by codes. Code may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions/acts specified in the schematic flowchart and/or schematic block diagram block or blocks.
Code may also be stored in the storage device that can direct a computer, other programmable data processing apparatus, or other devices to function in a particular manner, such that the instructions stored in the storage device produce an article of manufacture including instructions which implement the function/act specified in the schematic flowchart and/or schematic block diagram block or blocks.
The code may also be loaded onto a computer, other programmable data processing apparatus, or other devices to cause a series of operational steps to be performed on the computer, other programmable apparatus or other devices to produce a computer implemented process such that the code which executes on the computer or other programmable apparatus provides processes for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks.
The schematic flow chart diagrams and/or schematic block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of apparatuses, systems, methods and program products according to various embodiments. In this regard, each block in the schematic flow chart diagrams and/or schematic block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s).
It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. Other steps and methods may be conceived that are equivalent in function, logic, or effect to one or more blocks, or portions thereof, of the illustrated figure.
Although various arrow types and line types may be employed in the flow chart diagrams and/or block diagrams, they are understood not to limit the scope of the corresponding embodiments. Indeed, some arrows or other connectors may be used to indicate only the logical flow of the depicted embodiment. For example, an arrow may indicate a waiting or monitoring period of unspecified duration between enumerated steps of the depicted embodiment. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and code.
The description of the elements in each figure may refer to the elements of the previous figures. Like numbers refer to like elements throughout, including alternative embodiments of like elements.
Fig. 1 depicts an embodiment of a wireless communication system 100 for transmitting and storing air system security information. In one embodiment, the wireless communication system 100 includes a remote unit 102 and a network unit 104. Although a particular number of remote units 102 and network units 104 are depicted in fig. 1, one of ordinary skill in the art will recognize that any number of remote units 102 and network units 104 may be included in the wireless communication system 100.
In one embodiment, remote unit 102 may comprise a computing device, such as a desktop computer, a laptop computer, a personal digital assistant ("PDA"), a tablet computer, a smart phone, a smart television (e.g., a television connected to the internet), a set-top box, a game console, a security system (including a security camera), an on-board computer, a network device (e.g., a router, switch, modem), an aircraft, a drone, or the like. In some embodiments, the remote unit 102 includes a wearable device, such as a smart watch, a fitness bracelet, an optical head mounted display, or the like. Further, remote unit 102 may be referred to as a subscriber unit, mobile device, mobile station, user, terminal, mobile terminal, fixed terminal, subscriber station, UE, user terminal, device, or other terminology used in the art. Remote unit 102 may communicate directly with one or more of network units 104 via UL communication signals. In some embodiments, remote units 102 may communicate directly with other remote units 102 via side-link communications.
Network elements 104 may be distributed over a geographic area. In certain embodiments, network element 104 may also be referred to and/or may include one or more of the following: an access point, an access terminal, a base station, a location server, a core network ("CN"), a radio network entity, a node B, an evolved node B ("eNB"), a 5G node B ("gNB"), a home node B, a relay node, a device, a core network, an air server, a radio access node, an access point ("AP"), a new radio ("NR"), a network entity, an access and mobility management function ("AMF"), a unified data management ("UDM"), a unified data repository ("UDR"), a UDM/UDR, a policy control function ("PCF"), a radio access network ("RAN"), a network slice selection function ("NSSF"), an operation, administration and management ("OAM"), a session management function ("SMF"), a user plane function ("UPF"), an application function, an authentication server function ("AUSF"), a security anchor function ("SEAF"), a trusted non-3 GPP gateway function ("TNGF"), an unmanned air system network function ("UAS NF"), a network exposure function ("NEF"), a service provider ("USS"), an unmanned air system traffic management ("UTM"), or other terminology used in the art. The network element 104 is typically part of a radio access network that includes one or more controllers communicatively coupled to one or more corresponding network elements 104. The radio access network is typically communicatively coupled to one or more core networks, which may be coupled to other networks, such as the internet and public switched telephone networks, and other networks. These and other elements of the radio access network and the core network are not illustrated, but are generally well known to those of ordinary skill in the art.
In one implementation, the wireless communication system 100 conforms to an NR protocol standardized in the third generation partnership project ("3 GPP"), where the network element 104 transmits on the downlink ("DL") using an OFDM modulation scheme, and the remote element 102 transmits on the uplink ("UL") using a single carrier frequency division multiple access ("SC-FDMA") scheme or an orthogonal frequency division multiplexing ("OFDM") scheme. More generally, however, the wireless communication system 100 may implement some other open or proprietary communication protocol such as WiMAX, institute of Electrical and electronics Engineers ("IEEE") 802.11 variants, global System for Mobile communications ("GSM"), general packet radio service ("GPRS"), universal Mobile telecommunications system ("UMTS"), long term evolution ("LTE") variants, code division multiple Access 2000 ("CDMA 2000"), code division multiple Access,ZigBee, sigfoxx, and other protocols. The present disclosure is not intended to be limited to any particular wireless communication system architecture or protocol implementation.
Network element 104 may serve several remote units 102 within a service area, such as a cell or cell sector, via wireless communication links. The network unit 104 transmits DL communication signals to serve the remote units 102 in the time, frequency, and/or spatial domains.
In various embodiments, the network element 104 may transmit a request message to the unmanned aerial system network function, the network exposure function, or a combination thereof, the request message including: an aircraft identifier; a common public subscription identifier; session security information. In some embodiments, the network element 104 may receive a response message from the unmanned aerial system network function, the network exposure function, or a combination thereof, the response message including: an aircraft identifier; a common public subscription identifier; an aircraft authentication result; air system session security requirement information. In some embodiments, network element 104 may store air system session security requirement information along with the aircraft identifier, the common public subscription identifier, and the aircraft authentication result. Thus, network element 104 may be used to communicate and store air system security information.
In some embodiments, the network element 104 may receive a first request message from the session management function, the first request message including: an aircraft identifier; a common public subscription identifier; session security information. In some embodiments, the network element 104 may transmit a second request message to the unmanned aerial system service provider, the unmanned aerial system traffic management function, or a combination thereof, the second request message including: an aircraft identifier; a common public subscription identifier; session security information. In certain embodiments, the network element 104 may receive a second response message from the unmanned aerial system service provider, the unmanned aerial system traffic management function, or a combination thereof, the second response message including: an aircraft identifier; a common public subscription identifier; an aircraft authentication result; air system session security requirement information. In various embodiments, the network element 104 may transmit a first response message to the session management function, the first response message including: an aircraft identifier; a common public subscription identifier; an aircraft authentication result; air system session security requirement information. In some embodiments, network element 104 may store the air system session security requirement information with the aircraft identifier, the common public subscription identifier, and the aircraft authentication result. Thus, network element 104 may be used to communicate and store air system security information.
In some embodiments, the network element 104 may receive an unmanned aerial system traffic management function, or a combination thereof, a request message from an unmanned aerial system network function, a network exposure function, or a combination thereof, the request message including: an aircraft identifier; a common public subscription identifier; session security information. In some embodiments, network element 104 may perform authentication, authorization, or a combination thereof, of the aircraft corresponding to the aircraft identifier. In some embodiments, network element 104 may determine air system session security requirement information based on the session security information. In various embodiments, network element 104 may store air system session security requirement information along with an aircraft identifier, a common public subscription identifier, and an aircraft authentication result. In some embodiments, the network element 104 may transmit a response message to the unmanned aerial system network function, the network exposure function, or a combination thereof, the response message including: an aircraft identifier; a common public subscription identifier; air system session security requirement information. Thus, network element 104 may be used to communicate and store air system security information.
Fig. 2 depicts one embodiment of an apparatus 200 that may be used to transmit and store air system security information. The apparatus 200 includes one embodiment of the remote unit 102. Further, remote unit 102 may include a processor 202, memory 204, an input device 206, a display 208, a transmitter 210, and a receiver 212. In some embodiments, the input device 206 and the display 208 are combined into a single device, such as a touch screen. In certain embodiments, the remote unit 102 may not include any input devices 206 and/or display 208. In various embodiments, remote unit 102 may include one or more of processor 202, memory 204, transmitter 210, and receiver 212, and may not include input device 206 and/or display 208.
In one embodiment, the processor 202 may include any known controller capable of executing computer-readable instructions and/or capable of performing logical operations. For example, the processor 202 may be a microcontroller, microprocessor, central processing unit ("CPU"), graphics processing unit ("GPU"), auxiliary processing unit, field programmable gate array ("FPGA"), or similar programmable controller. In some embodiments, the processor 202 executes instructions stored in the memory 204 to perform the methods and routines described herein. The processor 202 is communicatively coupled to the memory 204, the input device 206, the display 208, the transmitter 210, and the receiver 212.
In one embodiment, the memory 204 is a computer-readable storage medium. In some embodiments, memory 204 includes a volatile computer storage medium. For example, memory 204 may include RAM, including dynamic RAM ("DRAM"), synchronous dynamic RAM ("SDRAM"), and/or static RAM ("SRAM"). In some embodiments, memory 204 includes a non-volatile computer storage medium. For example, the memory 204 may include a hard drive, flash memory, or any other suitable non-volatile computer storage device. In some embodiments, the memory 204 includes both volatile and nonvolatile computer storage media. In some embodiments, memory 204 also stores program codes and related data, such as an operating system or other controller algorithm operating on remote unit 102.
In one embodiment, the input device 206 may comprise any known computer input device, including a touch panel, buttons, keyboard, stylus, microphone, and the like. In some embodiments, the input device 206 may be integrated with the display 208 as, for example, a touch screen or similar touch sensitive display. In some embodiments, the input device 206 includes a touch screen such that text may be entered using a virtual keyboard displayed on the touch screen and/or by handwriting on the touch screen. In some embodiments, the input device 206 includes two or more different devices, such as a keyboard and a touch panel.
In one embodiment, the display 208 may comprise any known electronically controllable display or display device. The display 208 may be designed to output visual, audible, and/or tactile signals. In some embodiments, the display 208 comprises an electronic display capable of outputting visual data to a user. For example, the display 208 may include, but is not limited to, a liquid crystal display ("LCD"), a light emitting diode ("LED") display, an organic light emitting diode ("OLED") display, a projector, or similar display device capable of outputting images, text, or the like to a user. As another non-limiting example, the display 208 may include a wearable display, such as a smart watch, smart glasses, head-up display, or the like. Further, the display 208 may be a component of a smart phone, personal digital assistant, television, desktop computer, notebook (laptop) computer, personal computer, vehicle dashboard, or the like.
In certain embodiments, the display 208 includes one or more speakers for producing sound. For example, the display 208 may generate an audible alarm or notification (e.g., beep or sound). In some embodiments, the display 208 includes one or more haptic devices for generating vibrations, motion, or other haptic feedback. In some embodiments, all or part of the display 208 may be integrated with the input device 206. For example, the input device 206 and the display 208 may form a touch screen or similar touch sensitive display. In other embodiments, the display 208 may be positioned near the input device 206.
Although only one transmitter 210 and one receiver 212 are illustrated, the remote unit 102 may have any suitable number of transmitters 210 and receivers 212. The transmitter 210 and receiver 212 may be any suitable type of transmitter and receiver. In one embodiment, the transmitter 210 and the receiver 212 may be part of a transceiver.
Fig. 3 depicts one embodiment of an apparatus 300 that may be used to transmit and store air system security information. The device 300 comprises an embodiment of the network element 104. Further, network element 104 may include a processor 302, a memory 304, an input device 306, a display 308, a transmitter 310, and a receiver 312. As can be appreciated, the processor 302, the memory 304, the input device 306, the display 308, the transmitter 310, and the receiver 312 can be substantially similar to the processor 202, the memory 204, the input device 206, the display 208, the transmitter 210, and the receiver 212, respectively, of the remote unit 102.
In certain embodiments, the transmitter 310 transmits a request message to the unmanned aerial system network function, the network exposure function, or a combination thereof, the request message comprising: an aircraft identifier; a common public subscription identifier; session security information. In various embodiments, the receiver 312 receives a response message from the unmanned aerial system network function, the network exposure function, or a combination thereof, the response message comprising: an aircraft identifier; a common public subscription identifier; an aircraft authentication result; air system session security requirement information. In certain embodiments, processor 302 stores the air system session security requirement information along with the aircraft identifier, the common public subscription identifier, and the aircraft authentication result.
In some embodiments, the receiver 312 receives a first request message from the session management function, the first request message including: an aircraft identifier; a common public subscription identifier; session security information. In various embodiments, the transmitter 310 transmits a second request message to the unmanned aerial system service provider, the unmanned aerial system traffic management function, or a combination thereof, the second request message comprising: an aircraft identifier; a common public subscription identifier; session security information. In certain embodiments, the receiver 312 receives a second response message from the unmanned aerial system service provider, the unmanned aerial system traffic management function, or a combination thereof, the second response message comprising: an aircraft identifier; a common public subscription identifier; an aircraft authentication result; the air system session security requirement information; the transmitter 310 transmits a first response message to the session management function, the first response message including: an aircraft identifier; a common public subscription identifier; an aircraft authentication result; the air system session security requirement information; and processor 302 stores the air system session security requirement information with the aircraft identifier, the common public subscription identifier, and the aircraft authentication result.
In various embodiments, the receiver 312 receives a request message from an unmanned aerial system network function, a network exposure function, or a combination thereof, the request message including: an aircraft identifier; a common public subscription identifier; session security information. In various embodiments, processor 302: performing authentication, authorization, or a combination thereof, of the aircraft corresponding to the aircraft identifier; determining air system session security requirement information based on the session security information; and storing the air system session security requirement information with the aircraft identifier, the common public subscription identifier, and the aircraft authentication result. In certain embodiments, the transmitter 310 transmits a response message to the unmanned aerial system network function, the network exposure function, or a combination thereof, the response message comprising: an aircraft identifier; a common public subscription identifier; air system session security requirement information.
In certain embodiments, unmanned air system ("UAS") service providers ("USS") and/or unmanned air system traffic management ("UTM") may or may not provide end-to-end security to UAS communications, and it may be invisible and/or agnostic to fifth generation ("5G") systems ("5 GS") and/or evolved packet systems ("EPS"). In some embodiments, there may be a problem with user plane ("UP") security implementations related to UAS services, including: 1) If USS and/or UTM apply end-to-end security to UAS service application data, applying additional user plane security at the physical data convergence protocol ("PDCP") layer in 5GS may increase the complexity and delay of time sensitive applications such as UAS services; and 2) UAS communication may be supported on EPS, but EPS may not support integrity protection of user plane data. Thus, if USS and/or UTM do not apply end-to-end security to UAS communications, they can cause serious security impact on user plane data and related services-command and control ("C2") messages and service data can be included in UAS connection communications over EPS, resulting in unmanned aerial vehicle ("UAV") hijacking and other problems.
In various embodiments, user plane data protection information may be coordinated between the 3GPP network and a third party service provider (e.g., USS and/or UTM for UAS communication, for example) to ensure user plane security enforcement of UAS related data. In certain embodiments, complexity and delay in 5G systems due to the application of multiple user plane security on a single user plane data may be reduced by enabling only one user plane security method (e.g., hop-by-hop security or end-to-end security) to be used. In some embodiments, even if user plane security (e.g., confidentiality and/or integrity) is not supported and/or provisioned by the EPS, another user plane security may be applied by USS and/or UTM to UAS communications and/or C2 data.
In a first embodiment, there may be service-based user plane security implementations in 3gpp 5 gs. Specifically, in a first embodiment, the 5G system may negotiate and inform USS and/or UTM whether or not the 5GS will apply session security for the user plane during protocol data unit ("PDU") session establishment and/or modification procedures. This may enable USS and/or UTM to activate end-to-end security if 5GS may not apply user plane security. In some embodiments, USS and/or UTM may skip end-to-end security if 5GS is to apply user plane security.
Fig. 4 is a schematic block diagram illustrating one embodiment of a system 400 for service-based usage plane security policy enforcement for UAS-related PDU session establishment and/or modification. The system 400 includes a user equipment ("UE") 402 (e.g., a UAV), AN access network ("AN") 404 (e.g., a radio access network ("RAN")), AN AMF 406, AN SMF 408, a UAS 410 (e.g., a UAS network function ("NF") and/or a network exposure function ("NEF")), a UDM 412, and a data network ("DN") 414 (e.g., USS/UTM). It should be noted that each of the communications in system 400 may include one or more messages.
In the first communication 416, the UE 402 sends a PDU session establishment request to the AMF 406 in a non-access stratum ("NAS") message that includes a service level device identification (e.g., civil aviation administration ("CAA") level of the UAV ("CAA level") UAV identifier ("ID")) and optionally authentication data (e.g., USS UAV authorization and/or authentication ("UUAA") aviation payload). In various embodiments, the first communication 416 may include UAV and/or UAV-C pairing information and a C2 aviation payload for PDU session establishment and/or modification related to UAV and UAV controller ("UAV-C") pairing authorization.
In the second communication 418, the AMF 406 selects the SMF 408 and sends Nsmf _ PDUSession _ CreateSMContext request message and PDU session establishment request. In some embodiments, AMF 406 may send Nsmf _ PDUSession _ UpdateSMContext request message to SMF 408.
In steps 420, 422, 434, and 426, if session management subscription data, user plane security policies and slices for the corresponding subscription permanent identifier ("SUPI"), data network name ("DNN"), and single ("S") network slice selection assistance information ("NSSAI") for the home public land mobile network ("HPLMN") are not available, SMF 408 retrieves session management subscription data and user plane security policies using Nudm SDM Get (e.g., SUPI, session management subscription data, selected DNN, S-NSSAI for HPLMN, serving public land mobile network ("PLMN") ID, network identifier ("NID")), and is pre-determined to be notified when this subscription data is modified using Nudm SDM subscnribe (e.g., SUPI, session management subscription data, selected DNN, S-NSSAI for HPLMN, serving PLMN ID, NID). The UDM 412 may obtain this information (e.g., SUPI, subscription data, session management subscription data, selected DNN, S-NSSAI of HPLMN, serving PLMN ID, NID) from the UDR through Nudr _dm_query, and may subscribe to notifications of the same data from the UDR through Nudr _dm_subscription.
In some embodiments, for UAVs and/or UEs with over-the-air subscriptions, UDM 412 may contain an over-the-air subscription user plane security policy (e.g., and subscription data) set to "needed" in the UDR, and the data key may be SUPI. In such embodiments, if AMF 406 and/or SMF 408 request subscription data, the UDM may provide the AMF 406 and/or SMF 408 with an over-the-air subscription user plane security policy as well as over-the-air subscription data. In various embodiments, user plane security policies for confidentiality and integrity protection may be set to "needed" if DNN and/or S-NSSAI are specific to UAV, UAS 410, and/or C2 communications.
In some embodiments, from SMF 408 to AMF 406, the nsmf_pduse_createsmcontext response (e.g., cause, session management ("SM") context ID, or N1 SM container (PDU session reject (cause))) or Nsmf _ PDUSession _ UpdateSMContext response depends on the request received in step 418. If the SMF 408 receives the Nsmf _ PDUSession _ CreateSMContext request in step 418 and the SMF 408 is able to process the PDU session setup request, the SMF 408 creates an SM context and responds to the AMF 406 by providing the SM context ID. If the UP security policy of the PDU session is determined to set integrity protection to "needed," then SMF 408 may decide whether to accept or reject the PDU session request based on the UE integrity protection maximum data rate based on the local configuration. If the SMF 408 decides not to accept the establishment of the PDU session, the SMF 408 denies the UE 402 request by responding to the AMF 406 with a Nsmf _ PDUSession _ CreateSMContext response via NAS SM signaling containing the relevant SM reject reason. The SMF 408 also indicates to the AMF 406 that the PDU session ID is to be considered released and stops the PDU session establishment procedure.
The SMF 408 determines 428, based on the provided DNN and/or S-NSSAI, that it needs to invoke UAS 410 service operations for UUAA authentication and/or authorization of PDU session establishment requests. The UAV includes a service level device identification (e.g., CAA-level UAV ID of the UAV) and may include an authentication server address (e.g., USS address) and optionally authentication data (e.g., UUAA aviation payload) in the PDU session establishment request. In some embodiments, for PDU session establishment and/or modification related to UAV and UAV-C pairing authorization, in step 428, SMF 408 may determine to invoke authorization to USS and/or UTM.
In the fifth communication 430, the SMF 408 invokes Nnef _authentication_ Authenticate service operations including service level device identification (e.g., that contains the CAA level UAV ID of the UAV), session security information, and/or user plane security policies, DNN, S-NSSAI, and may include Authentication server address (e.g., USS address) and Authentication data (e.g., UUAA aeronautical payload), if provided by the UE 402, general public subscription identifier ("GPSI"), and so on. In various embodiments, step 430 may also include UAV and/or UAV-C pairing information and C2 aviation payloads for PDU session establishment and/or modification related to UAV and UAV-C pairing authority. In certain embodiments, the UAS 410 session security information and/or session security information may be referred to as "user plane security policies" and/or "external user plane security policies".
In some embodiments, the SMF 408 includes session security information in Nnef _authentication_ Authenticate service operations (or in any NF service operation messages) based on local configuration related to user plane security and/or user plane security policies retrieved from the UDM 412 as part of subscription data and/or UE integrity protection maximum data rate and/or if invoked UUAA, invokes C2 pairing authorization to USS and/or UTM.
In various embodiments, the purpose of the session security information sent from the SMF 408 is to inform USS and/or UTM whether user plane security (e.g., confidentiality and/or integrity) is applicable by the 5G system.
In certain embodiments, SMF 408 sets session security information and/or user plane security policies to "support and/or enable" based on one or more of the following conditions: 1) Whether the locally configured user plane security policy is "needed"; 2) Whether the user plane security policy obtained from the UDM 412 is "required"; 3) Whether the UE integrity protection maximum data rate is valid for application user plane security; and/or 4) whether the over-the-air subscription user plane security policy obtained from the UDM 412 is "needed".
In some embodiments, SMF 408 sets session security information and/or user plane security policies to "unsupported, not preferred, and/or not needed" based on one or more of the following conditions: 1) Whether a locally configured user plane security policy is "not needed and/or not preferred"; 2) Whether the user plane security policy obtained from the UDM 412 is "not needed and/or not preferred"; 3) Whether the UE integrity protection maximum data rate is invalid for application user plane security; and/or 4) whether there is no over-the-air subscription or whether it is set to "not needed and/or not preferred".
In a sixth communication 432 from UAS 410 to DN 414, naf_authentication_ Authenticate _service operation forwarding an Authentication request with session security information and/or user plane security policies receives information from SMF 408. In various embodiments, step 432 may also include UAV and/or UAV-C pairing information and C2 aviation payloads for PDU session establishment and/or modification related to UAV and UAV-C pairing authority.
In optional seventh communication 434, a number of round trip messages are performed as required by the authentication method used by DN 414. The n33_authentication_ Authenticate response message from DN 414 may include GPSI and may include Authentication messages transparently forwarded to UE 402 through NAS mobility management ("MM") transport messages.
In various embodiments, the USS and/or UTM may perform UAV and/or UAV-C pairing authorization for PDU session establishment and/or modification related to UAV and UAV-C pairing authorization.
In an eighth communication 436 transmitted from DN 414 to UAS 410, a Naf_authentication_ Authenticate response is transmitted. In particular, DN 414 sends to UAS 410 a Naf_authentication_ Authenticate response with Authentication and/or authorization results containing UUAA results, UAS session security requirement information, service level device identification containing a new CAA level UAV ID, requested policy information, and/or authorization data (e.g., UUAA authorization payload). Policy information requested from DN 414 may contain a DN grant profile index and/or a DN grant session aggregate maximum bit rate ("AMBR").
In certain embodiments, step 436 may also contain pairing results and C2 session security requirement information for PDU session establishment and/or modification related to UAV and UAV-C pairing authorization. In some embodiments, UAS session security requirement information may be provided to UAS 410 by DN 414 in the requested policy information.
In various embodiments, the UAS session security requirement information may be referred to as C2 session security requirement information and/or user plane data security requirement information. In some embodiments, the purpose of the session security requirement information sent from DN 412 may be to inform NF (e.g., SMF 408) in 5GS whether the 5G system needs to apply user plane security (e.g., confidentiality and/or integrity).
In some embodiments, the UAS session security requirement information may contain the following information: 1) First case: 3GPP user plane security is "required" and the cause value indicates "end-to-end security implemented by USS and/or UTM is inapplicable and/or unsupported"; or 2) a second case: the 3GPP user plane security is "not needed" and the cause value indicates that "end-to-end security implemented by USS and/or UTM is applicable and/or supported".
In the first case, USS and/or UTM sets the UAS session security requirement information to "needed" based on one or more of the following conditions: 1) In step 432, whether the USS and/or UTM received session security information and/or user plane security policies from the UAS 410 indicating "supported"; and/or 2) whether USS and/or UTM determine not to apply end-to-end security to session and/or user plane data. In various embodiments, a cause value may be sent. The cause value may indicate that end-to-end security is not applicable and/or not supported.
In the second case, the USS and/or UTM sets the UAS session security requirement information to "not needed" based on one or more of the following conditions: 1) In step 432, whether the USS and/or UTM received session security information and/or user plane security policies from the UAS 410 indicating "not needed and/or not preferred"; and/or 2) whether USS and/or UTM determine to apply end-to-end security to session and/or user plane data. In some embodiments, a cause value may be sent. The cause value may indicate that end-to-end security is applicable and/or supported.
In some embodiments, if the USS and/or UTM received session security information and/or user plane security policy from the UAS 410 in step 432 is "supported and/or enabled," the USS and/or UTM may determine to skip end-to-end security and may set the UAS session security requirement information to "required" and the cause value may be set to end-to-end security inapplicable and/or unsupported.
In various embodiments, if the USS and/or UTM received session security information and/or user plane security policy from the UAS 410 in step 432 is "not needed and/or not preferred," then the USS and/or UTM may determine to perform end-to-end security and may set the UAS session security requirement information to "not needed" and may set the cause value to end-to-end security applicable and/or supported. In some embodiments, for both the first case or the second case, an "acknowledgement" indication may be sent in the UAS Session Security requirement information.
In some embodiments, DN 414 stores a mapping between CAA-level UAV IDs and external identifiers (e.g., GPSI) and related UAS session security requirement information. The external identifier (e.g., GPSI) and/or UAV IP address may be later used by DN 414 to access various services exposed by the 3GPP network (e.g., location information retrieval, monitoring event configuration, requesting a dedicated policy for C2, etc.). The external identifier and/or UAV IP address and UAS session security requirement information may be used later by DN 414 for a special policy requesting C2 security, and so on.
In a ninth communication 438, the UAS 410 acknowledges successful authentication and/or authorization of the PDU session. The UAS 410 stores UUAA results along with GPSI and UAS session security requirement information. The UAS 410 forwards authentication and/or authorization results, UAS session security requirement information, service level device identification (if received from DN 414) containing a new CAA level UAV ID, and authorization data (e.g., UUAA authorization payload) (if received from DN 414) to the SMF 408. If authentication and/or authorization is successful, SMF 408, upon receiving this request from DN 414, subscribes to notifications from UAS 410 that may be used to trigger re-authentication, update authorization data, or revoke authorization of the UAV.
In various embodiments, step 438 may also contain pairing results and C2 session security requirement information for PDU session establishment and/or modification related to UAV and UAV-C pairing authorization.
If the SMF 408 receives UAS session security requirement information from USS and/or UTM via the UAS 410, the SMF 408 stores 440 the UAS session security requirement information with the GPSI, PDU session ID, and user plane security policy.
In certain embodiments, step 440 may involve the storage of pairing results and C2 session security requirement information for PDU session establishment and/or modification related to UAV and UAV-C pairing authorization.
In some embodiments, SMF 408 may set user plane security enforcement information based on the UAS session security information provided by DN 414. In various embodiments, the SMF 408 sets the user plane security enforcement information to "needed" based on whether the UAS session security requirement information is set to "needed". In some embodiments, the SMF 408 sets the user plane security enforcement information to "not needed and/or not preferred" based on whether the UAS session security requirement information is set to "not needed".
In a tenth communication 442, the SMF 408 sends Nsmf _ PDUSession _ UpdateSMContext responses (e.g., N2 SM information, PDU session ID, qoS flow ID ("QFI"), quality of service ("QoS") profile, core network ("CN") N3 tunnel information, S-NSSAI, user plane security enforcement, and other information) to the AMF 406. The SMF 408 also communicates authentication and/or authorization results, service level device identification and authorization data (e.g., UUAA authorization payload) containing the new CAA level UAV ID to the UAV. In various embodiments, the user plane security enforcement may be sent in Namf _ communciation _n1n2message transport service operations.
In the eleventh communication 444, the AMF 406 sends AN N2 PDU session request with NAS message to the AN 404 and the AN 404 applies user plane security based on the received user plane security enforcement information. In addition, the AN 404 sends a PDU session accept message to the UE 402.
In some embodiments, for DNNs and/or S-NSSAI related to UAV, UAS, and/or C2 communications (if an over-the-air subscription for the UE exists), the 5GS may authorize user plane confidentiality and integrity protection as needed (e.g., based on operator policies), and then NF (e.g., SMF) in the 5GS may send a user plane security-enablement indication for USS and/or UTM to USS and/or UTM via UAS NF and/or NEF. In such embodiments, USS and/or UTM receiving the user plane security-enabled indication may determine to skip end-to-end security of the UAS and/or C2 data connection.
In a second embodiment, there may be user plane security enforcement by the EPS. In a second embodiment, the EPS may ensure user plane security for UAV and/or UAS communications even though the user plane security is not supported by the EPS itself. In some embodiments, EPS cannot support user plane integrity protection, and user plane confidentiality is optionally supported in EPS. The second embodiment may enable the EPS to notify USS and/or UTM of lack of user plane security support at the EPS and request USS and/or UTM to provide end-to-end security for user planes related to UAV, UAS, and/or C2 communications.
Fig. 5 is a schematic block diagram illustrating one embodiment of a system 500 for user plane security enforcement during PDN connection establishment and/or modification. The system 500 includes a UE 502 (e.g., UAV), AN 504 (e.g., RAN), MME 506, serving gateway ("SGW") 508, SMF 510 (e.g., SMF and/or packet data gateway ("PGW") control ("PGW-C"), including EPS interworking support and serving as SMF plus PGW-C), PGW user ("PGWu") 512 (e.g., UPF plus PGW-U), UAS 514 (e.g., UAS NF and/or NEF), and USS 516. It should be noted that each of the communications in system 500 may include one or more messages.
In a first communication 518, the UE 502 initiates an attach procedure with the EPS by including a service level device identification (e.g., CAA level UAV ID of the UAV), an authentication server address (e.g., USS address), and authentication data (e.g., UUAA aviation payload) in a protocol configuration option ("PCO") to the SMF 510.
In some embodiments, MME 506 may determine that UE 502 has an over-the-air subscription and select a default APN for connection with USS 516. An over-the-air subscription (e.g., stored in the HSS and retrieved from the HSS by the MME 506) may also contain a user plane security policy set to "required".
In some embodiments, MME 506 may send the user plane security policy as "needed and/or needed external support" to SMF 510 directly or via SGW 508 using any service-based interface-related service operation message. In various embodiments, step 516 may include UAV and/or UAV-C pairing information and C2 aviation payloads for packet data network ("PDN") session establishment and/or modification related to UAV and UAV-C pairing authorization.
In the second communication 522, the SMF 510 invokes Nnef _authentication_ Authenticate service operations including service level device identification (e.g., that contains the CAA level UAV ID of the UAV), session security information, and/or user plane security policies, DNN, S-NSSAI, and may include Authentication server address (e.g., USS address) and Authentication data (e.g., UUAA aviation payload if provided by the UE 502), GPSI, and so on.
In various embodiments, if the SMF 510 determines 520 to invoke UUAA to the USS and/or UTM via the UAS 516, and/or if the SMF 510 receives a user plane security requirement policy as "needed" from the MME 506 (e.g., directly or via the SGW 508), the SMF 510 may include session security information and/or user plane security policies in Nnef _authentication_ Authenticate service operations.
It should be noted that the UAS session security information and/or session security information may be referred to as a "user plane security policy" and/or an "external user plane security policy". In certain embodiments, step 522 may also include UAV and/or UAV-C pairing information and C2 aviation payloads for PDN session establishment and/or modification related to UAV and UAV-C pairing authorization.
In some embodiments, SMF 510 may include session security information and/or user plane security policies in service operation (or in any NF service operation messages) based on locally configured Nnef _authentication_ Authenticate related to user plane security and/or user plane security requirement policies retrieved from a home subscriber server ("HSS"), MME 506, and/or SGW 508, as part of subscription data and/or over-the-air subscription, and/or if UUAA is invoked and/or C2 pairing authorization is invoked to USS 516 and/or UTM.
In some embodiments, SMF 510 sets session security information and/or user plane security policies to "unsupported, non-optional, not needed, and/or not enabled" based on one or more of the following conditions: 1) Whether locally configured air user plane security requirement policies are "needed" and/or whether external support is needed; 2) Whether the air user plane security requirement policy obtained from the HSS is "required" and/or whether external support is required; 3) Whether the service is associated with UAS communication; 4) Whether the SMF 510 determines to invoke UUAA to the USS 516 and/or UTM; 5) The SMF 510 determines whether to invoke C2 pairing authorization to USS 516 and/or UTM; and/or 6) whether the SMF 510 handles PDN connection establishment and/or modification related to UAV or UAS communication services.
In a third communication 524 from the UAS 514 to the USS 516, the Naf_authentication_ Authenticate _service operation forwards an Authentication request with session security information and/or user plane security policies from the SMF 510.
In the optional fourth communication 526, a plurality of round trip messages are performed as required by the authentication method used by the USS 516. The Authentication Authenticate response message from the USS 516 may contain the GPSI and may contain an Authentication message that is transparently forwarded to the UE 502 over the NAS MM transport message.
In various embodiments, step 524 involves UAV and/or UAV-C pairing authority and related message exchange for PDN session establishment and/or modification related to UAV and UAV-C pairing authority.
In a fifth communication 528 from the USS 516 to the UAS 514, a naf_authentication_ Authenticate response is transmitted. USS 516 sends to UAS 514 a Naf Authentication Authenticate response with Authentication and/or authorization results containing UUAA results, UAS session security requirement information, service level device identification containing a new CAA level UAV ID, requested policy information, and/or authorization data (e.g., UUAA authorization payload). The policy information requested from USS may contain a DN grant profile index and/or a DN grant session AMBR.
In certain embodiments, step 528 may include pairing authorization results and C2 session security requirement information for PDN session establishment and/or modification related to UAV and UAV-C pairing authorization.
In some embodiments, the UAS session security requirement information may be referred to as C2 session security requirement information, session security information, and/or user plane data security requirement information. In various embodiments, the UAS session security requirement information may be provided to the UAS 514 by the USS 516 in the requested policy information.
In some embodiments, USS 516 sets the UAS session security requirement information to "no need and/or no acknowledgement" based on one or more of the following conditions: 1) If the USS 516 and/or UTM received session security information and/or user plane security policies from the UAS 514 in step 528 is indicated as "not supported, not optional, not needed and/or not enabled".
In some embodiments, end-to-end security is applied to session and/or user plane data if USS 516 and/or UTM determines. In various embodiments, a cause value may be sent. The cause value may indicate that end-to-end security is applicable and/or supported.
In some embodiments, USS 516 stores a mapping between CAA-level UAV ID and an external identifier (e.g., GPSI) and associated UAS session security requirement information. The external identifier (e.g., GPSI) and/or UAV internet protocol ("IP") address may be later used by USS 516 to access various services exposed by the 3GPP network (e.g., location information retrieval, monitoring event configuration, requesting a dedicated policy for C2, etc.). The external identifier and/or UAV IP address and UAS session security requirement information may be used by USS 516 later on to request a specific policy for C2 security, and so on.
In a sixth communication 530, the UAS 514 acknowledges successful authentication and/or authorization of the PDN connection. The UAS 514 stores UUAA results along with GPSI and UAS session security requirement information. The UAS 514 forwards authentication and/or authorization results, UAS session security requirement information, service level device identification (if received from USS 516) containing the new CAA level UAV ID, and authorization data (e.g., UUAA authorization payload) (if received from USS 516) to the SMF 510. If authentication and/or authorization is successful, the SMF 510, upon receiving this request from the USS 516, subscribes to notifications from the UAS 514 that may be used to trigger re-authentication, update authorization data, or revoke authorization of the UAV.
In various embodiments, step 530 may include pairing authorization results and C2 session security requirement information for PDN session establishment and/or modification related to UAV and UAV-C pairing authorization.
The SMF 510 stores 532UAS session security requirement information along with CAA-level UAV IDs and/or GPSI.
In certain embodiments, for PDN session establishment and/or modification related to UAV and UAV-C pairing authorization, the SMF 510 may store the pairing authorization result and the C2 session security requirement information in step 532.
In the seventh communication 534, the rest of the PDN connection may be the same as in the EPS system.
In some embodiments, the access control list may be configured and may be executed UUAA in the PCO.
In various embodiments, the UE 502 may initiate the attachment procedure with the EPS by including a service level device identification (e.g., CAA level UAV ID of the UAV), an authentication server address (e.g., USS 516 address), and authentication data (e.g., UUAA aviation payload) in the PCO to the SMF 510, etc.
In some embodiments, MME 506 may determine that UE 502 has an over-the-air subscription and select a default access point ("APN") for connection with USS 516. An over-the-air subscription (e.g., stored in the HSS and retrieved from the HSS by the MME 506) may also contain a user plane security policy set to "required".
In some embodiments, MME 506 may send the user plane security policy as "needed" to SMF 510 directly or via SGW 508 using any service-based interface-related service operation message.
In various embodiments, the SMF 510 may configure an access control list ("ACL") in the upf+pgw-U to stop any traffic on the default PDN connection.
In some embodiments UUAA may be invoked by SMF 510.
In some embodiments, PCO including authentication messages from USS 516 is transferred by SMF 510 to UE 502 in an update bearer request and downlink NAS transport. The response from the UE 502 may be transferred to the SMF 510 in an uplink NAS transport and update bearer response.
In various embodiments, the SMF 510 may store UAS session security requirement information along with CAA-level UAV IDs and/or GPSIs.
Fig. 6 is a flow chart illustrating one embodiment of a method 600 for transmitting and storing air system security information. In some embodiments, method 600 is performed by a device, such as network element 104. In certain embodiments, the method 600 may be performed by a processor executing program code, such as a microcontroller, microprocessor, CPU, GPU, auxiliary processing unit, FPGA, or the like.
In various embodiments, the method 600 includes transmitting 602 a request message from a session management function to an unmanned aerial system network function, a network exposure function, or a combination thereof, the request message including: an aircraft identifier; a common public subscription identifier; session security information. In some embodiments, the method 600 includes receiving 604 a response message from the unmanned aerial system network function, the network exposure function, or a combination thereof, the response message including: an aircraft identifier; a common public subscription identifier; an aircraft authentication result; air system session security requirement information. In certain embodiments, the method 600 includes storing 606 air system session security requirement information with an aircraft identifier, a common public subscription identifier, and an aircraft authentication result.
In certain embodiments, the method 600 further comprises setting the session security information to support, enable, or a combination thereof based on: whether a locally configured user plane security policy is required; whether a user plane security policy acquired from unified data management is required; whether the user equipment integrity protection data rate is valid to be applicable to the user plane security policy; whether an air subscription user plane security policy acquired from unified data management is needed; or some combination thereof. In some embodiments, the method 600 further includes setting the session security information to unsupported, not preferred, not required, not enabled, or some combination thereof based on: whether a locally configured user plane security policy is unnecessary, not preferred, or a combination thereof; whether the user plane security policy obtained from unified data management is unnecessary, not preferred, or a combination thereof; whether the user equipment integrity protection data rate is invalid to apply to the user plane security policy; whether there is no over-the-air subscription user plane security policy, or whether the over-the-air subscription user plane security policy is set to not required, not preferred, or a combination thereof; or some combination thereof.
In various embodiments, method 600 further comprises enforcing user plane security based on the air system session security requirement information. In one embodiment, the session security information is a user plane security policy, an external user plane security policy, or a combination thereof. In some embodiments, the air system session security requirement information is command and control session security requirement information, user plane data security requirement information, or a combination thereof.
In some embodiments, the air system session security requirement information includes information indicating that user plane security is not required and a cause value indicating that end-to-end security applies, supports, or a combination thereof. In various embodiments, the air system session security requirement information includes information indicating that user plane security is required and cause values indicating that end-to-end security is not applicable, not supported, or a combination thereof. In one embodiment, the method 600 further comprises receiving a user plane security policy from the network function, wherein the user plane security policy comprises an indication of whether external support is not supported or is required.
In certain embodiments, the method 600 further comprises setting the session security information, the user plane security policy, or a combination thereof to unsupported, not preferred, not required, not enabled, or some combination thereof based on: whether a locally configured user plane security policy is required; whether a user plane security policy acquired from a home subscription server is required; whether the service is related to over-the-air system communication; whether the session management function determines to invoke aircraft authentication; whether the session management function determines to invoke a command and control pairing authorization; whether the session management function handles connection establishment, connection modification, or a combination thereof; or some combination thereof. In some embodiments, the session management function is part of an evolved packet system network and is implemented by a combination of the session management function and a packet data network gateway core.
Fig. 7 is a flow chart illustrating another embodiment of a method 700 for transmitting and storing air system security information. In some embodiments, method 700 is performed by a device, such as network element 104. In certain embodiments, the method 700 may be performed by a processor executing program code, such as a microcontroller, microprocessor, CPU, GPU, auxiliary processing unit, FPGA, or the like.
In various embodiments, the method 700 includes receiving 702, at an unmanned aerial system network function, a network exposure function, or a combination thereof, a first request message from a session management function, the first request message including: an aircraft identifier; a common public subscription identifier; session security information. In some embodiments, the method 700 includes transmitting 704 a second request message to the unmanned aerial system service provider, the unmanned aerial system traffic management function, or a combination thereof, the second request message including: an aircraft identifier; a common public subscription identifier; session security information. In certain embodiments, the method 700 includes receiving 706 a second response message from the unmanned aerial system service provider, the unmanned aerial system traffic management function, or a combination thereof, the second response message including: an aircraft identifier; a common public subscription identifier; an aircraft authentication result; air system session security requirement information. In various embodiments, the method 700 includes transmitting 708 a first response message to the session management function, the first response message including: an aircraft identifier; a common public subscription identifier; an aircraft authentication result; air system session security requirement information. In some embodiments, method 700 includes storing 710 air system session security requirement information with an aircraft identifier, a common public subscription identifier, and an aircraft authentication result.
Fig. 8 is a flow chart illustrating another embodiment of a method 800 for transmitting and storing air system security information. In some embodiments, method 800 is performed by a device, such as network element 104. In certain embodiments, the method 800 may be performed by a processor executing program code, such as a microcontroller, microprocessor, CPU, GPU, auxiliary processing unit, FPGA, or the like.
In various embodiments, the method 800 includes receiving 802, at an unmanned aerial system service provider, an unmanned aerial system traffic management function, or a combination thereof, a request message from an unmanned aerial system network function, a network exposure function, or a combination thereof, the request message including: an aircraft identifier; a common public subscription identifier; session security information. In some embodiments, method 800 includes performing 804 authentication, authorization, or a combination thereof, of the aircraft corresponding to the aircraft identifier. In certain embodiments, the method 800 includes determining 806 air system session security requirement information based on the session security information. In various embodiments, the method 800 includes storing 808 air system session security requirement information with an aircraft identifier, a common public subscription identifier, and an aircraft authentication result. In some embodiments, the method 800 includes transmitting 810 a response message to the unmanned aerial system network function, the network exposure function, or a combination thereof, the response message including: an aircraft identifier; a common public subscription identifier; air system session security requirement information.
In certain embodiments, the method 800 further comprises setting the air system session security requirement information as needed based on: whether session security information, user plane security policies, or a combination thereof are indicated as supported or enabled; whether or not the unmanned aerial system service provider, the unmanned aerial system traffic management function, or a combination thereof, determines to apply end-to-end security to session data, user plane data, or a combination thereof; or a combination thereof. In some embodiments, the method 800 further includes transmitting a cause value indicating that end-to-end security is not applicable, not supported, or a combination thereof.
In various embodiments, method 800 further comprises setting the air system session security requirement information to be unnecessary based on: whether session security information, user plane security policies, or a combination thereof are indicated as unsupported, not enabled, not needed, not preferred, or a combination thereof; whether the unmanned aerial system service provider, the unmanned aerial system traffic management function, or a combination thereof, determines to apply end-to-end security to the session, data, user plane data, or a combination thereof; or a combination thereof. In one embodiment, the method 800 further includes transmitting a cause value indicating end-to-end security applicability, support, or a combination thereof.
In one embodiment, a method of session management functions includes: transmitting a request message to an unmanned aerial system network function, a network exposure function, or a combination thereof, the request message comprising: an aircraft identifier; a common public subscription identifier; session security information; receiving a response message from the unmanned aerial system network function, the network exposure function, or a combination thereof, the response message comprising: an aircraft identifier; a common public subscription identifier; an aircraft authentication result; the air system session security requirement information; and storing the air system session security requirement information with the aircraft identifier, the common public subscription identifier, and the aircraft authentication result.
In certain embodiments, the method further comprises setting the session security information to support, enable, or a combination thereof based on: whether a locally configured user plane security policy is required; whether a user plane security policy acquired from unified data management is required; whether the user equipment integrity protection data rate is valid to be applicable to the user plane security policy; whether an air subscription user plane security policy acquired from unified data management is needed; or some combination thereof.
In some embodiments, the method further comprises setting the session security information to unsupported, not preferred, not required, not enabled, or some combination thereof based on: whether a locally configured user plane security policy is unnecessary, not preferred, or a combination thereof; whether the user plane security policy obtained from unified data management is unnecessary, not preferred, or a combination thereof; whether the user equipment integrity protection data rate is invalid to apply to the user plane security policy; whether there is no over-the-air subscription user plane security policy, or whether the over-the-air subscription user plane security policy is set to not required, not preferred, or a combination thereof; or some combination thereof.
In various embodiments, the method further comprises enforcing user plane security based on the air system session security requirement information.
In one embodiment, the session security information is a user plane security policy, an external user plane security policy, or a combination thereof.
In some embodiments, the air system session security requirement information is command and control session security requirement information, user plane data security requirement information, or a combination thereof.
In some embodiments, the air system session security requirement information includes information indicating that user plane security is not required and a cause value indicating that end-to-end security applies, supports, or a combination thereof.
In various embodiments, the air system session security requirement information includes information indicating that user plane security is required and cause values indicating that end-to-end security is not applicable, not supported, or a combination thereof.
In one embodiment, the method further comprises receiving a user plane security policy from the network function, wherein the user plane security policy comprises an indication of whether external support is not supported or is required.
In certain embodiments, the method further comprises setting the session security information, the user plane security policy, or a combination thereof to unsupported, not preferred, not required, not enabled, or some combination thereof based on: whether a locally configured user plane security policy is required; whether a user plane security policy acquired from a home subscription server is required; whether the service is related to over-the-air system communication; whether the session management function determines to invoke aircraft authentication; whether the session management function determines to invoke a command and control pairing authorization; whether the session management function handles connection establishment, connection modification, or a combination thereof; or some combination thereof.
In some embodiments, the session management function is part of an evolved packet system network and is implemented by a combination of the session management function and a packet data network gateway core.
In one embodiment, a device includes a session management function. The apparatus further comprises: a transmitter that transmits a request message to an unmanned aerial system network function, a network exposure function, or a combination thereof, the request message comprising: an aircraft identifier; a common public subscription identifier; session security information; a receiver that receives a response message from an unmanned aerial system network function, a network exposure function, or a combination thereof, the response message comprising: an aircraft identifier; a common public subscription identifier; an aircraft authentication result; the air system session security requirement information; and a processor that stores the air system session security requirement information with the aircraft identifier, the common public subscription identifier, and the aircraft authentication result.
In some embodiments, the processor sets the session security information to support, enable, or a combination thereof based on: whether a locally configured user plane security policy is required; whether a user plane security policy acquired from unified data management is required; whether the user equipment integrity protection data rate is valid to be applicable to the user plane security policy; whether an air subscription user plane security policy acquired from unified data management is needed; or some combination thereof.
In some embodiments, the processor sets the session security information to unsupported, not preferred, not required, not enabled, or some combination thereof based on: whether a locally configured user plane security policy is unnecessary, not preferred, or a combination thereof; whether the user plane security policy obtained from unified data management is unnecessary, not preferred, or a combination thereof; whether the user equipment integrity protection data rate is invalid to apply to the user plane security policy; whether there is no over-the-air subscription user plane security policy, or whether the over-the-air subscription user plane security policy is set to not required, not preferred, or a combination thereof; or some combination thereof.
In various embodiments, the processor implements user plane security based on air system session security requirement information.
In one embodiment, the session security information is a user plane security policy, an external user plane security policy, or a combination thereof.
In some embodiments, the air system session security requirement information is command and control session security requirement information, user plane data security requirement information, or a combination thereof.
In some embodiments, the air system session security requirement information includes information indicating that user plane security is not required and a cause value indicating that end-to-end security applies, supports, or a combination thereof.
In various embodiments, the air system session security requirement information includes information indicating that user plane security is required and cause values indicating that end-to-end security is not applicable, not supported, or a combination thereof.
In one embodiment, the receiver receives a user plane security policy from the network function and the user plane security policy includes an indication of whether external support is not supported or is required.
In some embodiments, the processor sets the session security information, the user plane security policy, or a combination thereof to unsupported, not preferred, not required, not enabled, or some combination thereof based on: whether a locally configured user plane security policy is required; whether a user plane security policy acquired from a home subscription server is required; whether the service is related to over-the-air system communication; whether the session management function determines to invoke aircraft authentication; whether the session management function determines to invoke a command and control pairing authorization; whether the session management function handles connection establishment, connection modification, or a combination thereof; or some combination thereof.
In some embodiments, the session management function is part of an evolved packet system network and is implemented by a combination of the session management function and a packet data network gateway core.
In one embodiment, a method of unmanned aerial system network functionality, network exposure functionality, or a combination thereof, comprises: receiving a first request message from a session management function, the first request message comprising: an aircraft identifier; a common public subscription identifier; session security information; transmitting a second request message to the unmanned aerial system service provider, the unmanned aerial system traffic management function, or a combination thereof, the second request message comprising: an aircraft identifier; a common public subscription identifier; session security information; receiving a second response message from the unmanned aerial vehicle service provider, the unmanned aerial vehicle traffic management function, or a combination thereof, the second response message comprising: an aircraft identifier; a common public subscription identifier; an aircraft authentication result; the air system session security requirement information; transmitting a first response message to the session management function, the first response message comprising: an aircraft identifier; a common public subscription identifier; an aircraft authentication result; the air system session security requirement information; and storing the air system session security requirement information with the aircraft identifier, the common public subscription identifier, and the aircraft authentication result.
In one embodiment, an apparatus includes an unmanned aerial system network function, a network exposure function, or a combination thereof. The apparatus further comprises: a receiver that receives a first request message from a session management function, the first request message comprising: an aircraft identifier; a common public subscription identifier; session security information; a transmitter that transmits a second request message to an unmanned aerial system service provider, an unmanned aerial system traffic management function, or a combination thereof, the second request message comprising: an aircraft identifier; a common public subscription identifier; session security information; and a processor, wherein: the receiver receives a second response message from the unmanned aerial vehicle system service provider, the unmanned aerial vehicle system traffic management function, or a combination thereof, the second response message comprising: an aircraft identifier; a common public subscription identifier; an aircraft authentication result; the air system session security requirement information; a transmitter that transmits a first response message to a session management function, the first response message comprising: an aircraft identifier; a common public subscription identifier; an aircraft authentication result; the air system session security requirement information; and the processor stores the air system session security requirement information with the aircraft identifier, the common public subscription identifier, and the aircraft authentication result.
In one embodiment, a method of an unmanned aerial system service provider, an unmanned aerial system traffic management function, or a combination thereof, comprises: receiving a request message from an unmanned aerial system network function, a network exposure function, or a combination thereof, the request message comprising: an aircraft identifier; a common public subscription identifier; session security information; performing authentication, authorization, or a combination thereof, of an aircraft corresponding to the aircraft identifier; determining air system session security requirement information based on the session security information; storing the air system session security requirement information with the aircraft identifier, the common public subscription identifier, and an aircraft authentication result; and transmitting a response message to the unmanned aerial system network function, the network exposure function, or a combination thereof, the response message comprising: an aircraft identifier; a common public subscription identifier; air system session security requirement information.
In certain embodiments, the method further comprises setting the air system session security requirement information as needed based on: whether session security information, user plane security policies, or a combination thereof are indicated as supported or enabled; whether or not the unmanned aerial system service provider, the unmanned aerial system traffic management function, or a combination thereof, determines to apply end-to-end security to session data, user plane data, or a combination thereof; or a combination thereof.
In some embodiments, the method further comprises transmitting a cause value indicating that end-to-end security is not applicable, not supported, or a combination thereof.
In various embodiments, the method further comprises setting the air system session security requirement information to be unnecessary based on: whether session security information, user plane security policies, or a combination thereof are indicated as unsupported, not enabled, not needed, not preferred, or a combination thereof; whether the unmanned aerial system service provider, the unmanned aerial system traffic management function, or a combination thereof, determines to apply end-to-end security to the session, data, user plane data, or a combination thereof; or a combination thereof.
In one embodiment, the method further comprises transmitting a cause value indicating end-to-end security applicability, support, or a combination thereof.
In one embodiment, an apparatus includes an unmanned aerial system service provider, an unmanned aerial system traffic management function, or a combination thereof. The apparatus further comprises: a receiver that receives a request message from an unmanned aerial vehicle network function, a network exposure function, or a combination thereof, the request message comprising: an aircraft identifier; a common public subscription identifier; session security information; a processor that: performing authentication, authorization, or a combination thereof, of an aircraft corresponding to the aircraft identifier; determining air system session security requirement information based on the session security information; and storing the air system session security requirement information with the aircraft identifier, the common public subscription identifier, and an aircraft authentication result; and a transmitter that transmits a response message to the unmanned aerial system network function, the network exposure function, or a combination thereof, the response message comprising: an aircraft identifier; a common public subscription identifier; air system session security requirement information.
In some embodiments, the processor sets the air system session security requirement information as needed based on: whether session security information, user plane security policies, or a combination thereof are indicated as supported or enabled; whether or not the unmanned aerial system service provider, the unmanned aerial system traffic management function, or a combination thereof, determines to apply end-to-end security to session data, user plane data, or a combination thereof; or a combination thereof.
In some embodiments, the transmitter transmits a cause value indicating that end-to-end security is not applicable, not supported, or a combination thereof.
In various embodiments, the processor sets the air system session security requirement information to not be needed based on: whether session security information, user plane security policies, or a combination thereof are indicated as unsupported, not enabled, not needed, not preferred, or a combination thereof; whether the unmanned aerial system service provider, the unmanned aerial system traffic management function, or a combination thereof, determines to apply end-to-end security to the session, data, user plane data, or a combination thereof; or a combination thereof.
In one embodiment, the transmitter transmits a cause value indicating that end-to-end security applies, supports, or a combination thereof.
Embodiments may be practiced in other specific forms. The described embodiments are to be considered in all respects only as illustrative and not restrictive. The scope of the invention is, therefore, indicated by the appended claims rather than by the foregoing description. All changes which come within the meaning and range of equivalency of the claims are to be embraced within their scope.

Claims (15)

1. An apparatus comprising session management functionality, the apparatus further comprising:
A transmitter that transmits a request message to an unmanned aerial system network function, a network exposure function, or a combination thereof, the request message comprising:
An aircraft identifier;
A common public subscription identifier; and
Session security information;
A receiver that receives a response message from the unmanned aerial system network function, the network exposure function, or the combination thereof, the response message comprising:
The aircraft identifier;
The common public subscription identifier;
an aircraft authentication result; and
Air system session security requirement information; and
A processor that stores the air system session security requirement information with the aircraft identifier, the common public subscription identifier, and the aircraft authentication result.
2. The apparatus of claim 1, wherein the processor sets the session security information to support, enable, or a combination thereof based on:
whether a locally configured user plane security policy is required;
whether the user plane security policy acquired from unified data management is required;
Whether a user equipment integrity protection data rate is valid to be applicable to the user plane security policy;
whether an air subscription user plane security policy acquired from the unified data management is needed;
or some combination thereof.
3. The apparatus of claim 1, wherein the processor sets the session security information to unsupported, not preferred, not required, not enabled, or some combination thereof based on:
Whether a locally configured user plane security policy is unnecessary, not preferred, or a combination thereof;
Whether the user plane security policy obtained from unified data management is unnecessary, not preferred, or a combination thereof;
Whether a user equipment integrity protection data rate is invalid to apply to the user plane security policy;
Whether there is no over-the-air subscription user plane security policy, or whether the over-the-air subscription user plane security policy is set to not required, not preferred, or a combination thereof;
or some combination thereof.
4. An apparatus as in claims 1,2, or 3, wherein the processor implements user plane security based on the air system session security requirement information.
5. The apparatus of any preceding claim, wherein the session security information is a user plane security policy, an external user plane security policy, or a combination thereof.
6. The apparatus of any preceding claim, wherein the air system session security requirement information is command and control session security requirement information, user plane data security requirement information, or a combination thereof.
7. The apparatus of any preceding claim, wherein the air system session security requirement information comprises information indicating that user plane security is not required and a cause value indicating that end-to-end security applies, supports, or a combination thereof.
8. The apparatus of any preceding claim, wherein the air system session security requirement information comprises information indicating that user plane security is required and a cause value indicating that end-to-end security is not applicable, not supported, or a combination thereof.
9. The apparatus of any preceding claim, wherein the receiver receives a user plane security policy from a network function and the user plane security policy includes an indication of whether external support is not supported or is required.
10. The apparatus of any preceding claim, wherein the processor sets the session security information, user plane security policy, or a combination thereof to unsupported, not preferred, not required, not enabled, or some combination thereof based on:
whether a locally configured user plane security policy is required;
Whether the user plane security policy acquired from a home subscription server is required;
Whether the service is related to over-the-air system communication;
whether the session management function determines to invoke aircraft authentication;
whether the session management function determines to invoke a command and control pairing authorization;
Whether the session management function handles connection establishment, connection modification, or a combination thereof;
or some combination thereof.
11. The apparatus of any preceding claim, wherein the session management function is part of an evolved packet system network and is implemented by a combination of the session management function and a packet data network gateway core.
12. An apparatus comprising an unmanned aerial system network function, a network exposure function, or a combination thereof, the apparatus further comprising:
A receiver that receives a first request message from a session management function, the first request message comprising:
An aircraft identifier;
A common public subscription identifier; and
Session security information;
a transmitter that transmits a second request message to an unmanned aerial system service provider, an unmanned aerial system traffic management function, or a combination thereof, the second request message comprising:
The aircraft identifier;
The common public subscription identifier; and
The session security information; and
A processor, wherein:
the receiver receives a second response message from the unmanned aerial system service provider, the unmanned aerial system traffic management function, or the combination thereof, the second response message comprising:
The aircraft identifier;
The common public subscription identifier;
an aircraft authentication result; and
Air system session security requirement information;
The transmitter transmits a first response message to the session management function, the first response message comprising:
The aircraft identifier;
The common public subscription identifier;
The aircraft authentication result; and
The air system session security requirement information; and
The processor stores the air system session security requirement information with the aircraft identifier, the common public subscription identifier, and the aircraft authentication result.
13. A method of an unmanned aerial system service provider, an unmanned aerial system traffic management function, or a combination thereof, the method comprising:
Receiving a request message from an unmanned aerial system network function, a network exposure function, or a combination thereof, the request message comprising:
An aircraft identifier;
A common public subscription identifier; and
Session security information;
Performing authentication, authorization, or a combination thereof, of an aircraft corresponding to the aircraft identifier;
determining air system session security requirement information based on the session security information;
Storing the air system session security requirement information with the aircraft identifier, the common public subscription identifier, and an aircraft authentication result; and
Transmitting a response message to the unmanned aerial system network function, the network exposure function, or a combination thereof, the response message comprising:
The aircraft identifier;
The common public subscription identifier; and
The air system session security requirement information.
14. The method as recited in claim 13, further comprising:
the air system session security requirement information is set as required based on:
whether the session security information, user plane security policy, or a combination thereof is indicated as supported or enabled;
whether the unmanned aerial system service provider, the unmanned aerial system traffic management function, or the combination thereof, determines to apply end-to-end security to session data, user plane data, or a combination thereof;
Or a combination thereof; and
A cause value is transmitted indicating that end-to-end security is not applicable, not supported, or a combination thereof.
15. The method as recited in claim 13, further comprising:
The over-the-air system session security requirement information is set to be unnecessary based on:
whether the session security information, user plane security policy, or a combination thereof is indicated as unsupported, not enabled, not needed, not preferred, or a combination thereof;
whether the unmanned aerial system service provider, the unmanned aerial system traffic management function, or the combination thereof, determines to apply end-to-end security to a session, data, user plane data, or a combination thereof;
Or a combination thereof; and
A cause value is transmitted indicating that end-to-end security applies, supports, or a combination thereof.
CN202180102700.XA 2021-10-26 2021-12-02 Transmitting and storing air system security information Pending CN118020269A (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
GR20210100735 2021-10-26
GR20210100735 2021-10-26
PCT/EP2021/084068 WO2023072416A1 (en) 2021-10-26 2021-12-02 Communicating and storing aerial system security information

Publications (1)

Publication Number Publication Date
CN118020269A true CN118020269A (en) 2024-05-10

Family

ID=90948974

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202180102700.XA Pending CN118020269A (en) 2021-10-26 2021-12-02 Transmitting and storing air system security information

Country Status (1)

Country Link
CN (1) CN118020269A (en)

Similar Documents

Publication Publication Date Title
CN112534844B (en) Indicating wireless capability change in an inactive state
EP3949339B1 (en) Requesting data connection for uav operation
US20220345887A1 (en) Accessing a mobile communication network using a user identifier
WO2022067654A1 (en) Key-based authentication for a mobile edge computing network
US20230276509A1 (en) Authorizing and configuring pairing of unmanned aerial system
US20240147235A1 (en) Network slice admission control
CN118020269A (en) Transmitting and storing air system security information
WO2023072416A1 (en) Communicating and storing aerial system security information
US20240129845A1 (en) Data connection establishment in response to a disaster condition
US20240187856A1 (en) Registration authentication based on a capability
CN118176758A (en) Communicating and storing aeronautical system security information
CN116711369A (en) Authorization for unmanned aerial vehicles
WO2023073559A1 (en) Configuring buffering based on information in a container
WO2023135571A1 (en) Configuring based on aerial subscription information
WO2023156024A1 (en) Requesting aerial subscription information
CN117223275A (en) Allowing connectivity between UAV and UAV-C
CN118120266A (en) Providing secure packets
CN116602042A (en) LCH configuration for small data transmission
CN116569536A (en) Application registration with a network
WO2023156023A1 (en) Uncrewed aerial system service supplier uncrewed aerial vehicle authorization and authentication event subscription
WO2023078576A1 (en) Multi-access protocol data unit session access type usage
WO2023072419A1 (en) Communicating and storing aerial system security information
CN118176818A (en) Multi-access protocol data unit session access type usage
WO2023143751A1 (en) Registering with multiple networks
AU2022347394A1 (en) Provisioning a secured packet

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication