KR20210088301A - Method and apparatus for performing session authneication in wireless communication system - Google Patents

Abstract

The present invention relates to a method for performing authentication of a session in a wireless communication system and a device thereof. According to an embodiment of the present invention, UE sends a PDU session authentication complete message to a session management function (SMF), receives a message that authentication of a PDU session fails from the SMF according as it is determined that the PDU session is not valid, and can determine re-request of authentication for the PDU session based on a back-off timer value included in the message received from the SMF.

Description

Method and device for performing session authentication in a wireless communication system {METHOD AND APPARATUS FOR PERFORMING SESSION AUTHNEICATION IN WIRELESS COMMUNICATION SYSTEM}

The present disclosure relates to a technique for performing session authentication in a wireless communication system, and more particularly, to a method and apparatus for performing session authentication using a NAS message.

Efforts are being made to develop a 5G communication system or a pre-5G communication system to meet the increasing demand for wireless data traffic after commercialization of the 4G communication system. For this reason, the 5G communication system or the pre-5G communication system is called a system after the 4G network (Beyond 4G Network) communication system or after the LTE system (Post LTE).

The 5G communication system defined by 3GPP is called the New Radio (NR) system. In order to achieve a high data rate, the 5G communication system is considering transmitting and receiving radio waves in a very high frequency (mmWave) band (such as a 60 gigabyte (60 GHz) band), mitigating the path loss of radio waves in the very high frequency band, and To increase the propagation distance of radio waves, beamforming, massive MIMO, Full Dimensional MIMO (FD-MIMO), array antenna, analog beamforming Beam-forming), and large scale antenna technologies are applied to radio wave transmission and reception.

In addition, for network improvement of the system, in the 5G communication system, an evolved small cell, an advanced small cell, a cloud radio access network (cloud RAN), an ultra-dense network (ultra-dense network) ), Device to Device communication (D2D), wireless backhaul, moving network, cooperative communication, Coordinated Multi-Points (CoMP), and interference cancellation ) and other technologies are being developed. In addition, in the 5G system, advanced coding modulation (ACM) methods such as FQAM (Hybrid FSK and QAM Modulation) and SWSC (Sliding Window Superposition Coding), and advanced access technologies such as Filter Bank Multi Carrier (FBMC), NOMA (non-orthogonal multiple access), and sparse code multiple access (SCMA) are being developed.

As various technologies can be applied according to the above-mentioned and the development of the wireless communication system, a method for efficiently managing the wireless communication system through these various technologies is required. The present disclosure relates to a method for managing authentication of a session in a wireless communication system.

The present disclosure may provide a NAS processing method and apparatus for releasing, establishing, and modifying a session when session authentication fails in a wireless communication system.

A method for a user equipment (UE) to authenticate a session in a wireless communication system according to an embodiment of the present disclosure includes: transmitting a PDU session authentication completion message to a session management function (SMF); receiving a PDU session establishment rejection or PDU session release message from the SMF when it is determined that authentication of the PDU session has failed; and determining a re-request for PDU session establishment based on the back-off timer value included in the message received from the SMF.

A method for a session management function (SMF) to authenticate a session in a wireless communication system according to an embodiment of the present disclosure includes: receiving a PDU session authentication completion message from a UE; Transmitting a PDU session establishment rejection or PDU session release message to the UE as it is determined that authentication of the PDU session has failed, and based on a back-off timer value included in the PDU session establishment rejection message, a PDU session establishment request message can perform retransmission of

A user equipment (UE) that performs session authentication in a wireless communication system according to an embodiment of the present disclosure includes: a transceiver; and at least one processor connected to the transceiver, wherein the at least one processor transmits a PDU session authentication completion message to a session management function (SMF), and as it is determined that the PDU session authentication has failed, the PDU session from the SMF may control the transceiver to receive an establishment rejection or session release message of , and determine retransmission of the PDU session establishment request based on a back-off timer value included in the message received from the SMF.

A network entity for performing session authentication in a wireless communication system according to an embodiment of the present disclosure includes: a transceiver; and at least one processor connected to the transceiver, wherein the at least one processor controls the transceiver to receive a PDU session authentication complete message from the UE, and when it is determined that the PDU session authentication has failed, the UE rejects the PDU session establishment Alternatively, the transceiver may be controlled to transmit a PDU session release message, and retransmission of the PDU session establishment request may be determined according to a PDU session establishment rejection or a back-off timer value included in the PDU session release message.

According to an embodiment of the present disclosure, various services can be efficiently supported by performing session authentication in a wireless communication system.

1 is a diagram for explaining the structure of a wireless communication system according to an embodiment of the present disclosure.
2 is a flowchart illustrating an operation according to a back-off timer value included in a PDU session establishment rejection message during session authentication in a 5G network environment according to an embodiment of the present disclosure.
3 is a flowchart illustrating an operation according to a back-off timer value included in a PDU session establishment rejection message during session authentication in a 5G network environment according to another embodiment of the present disclosure.
4A is a flowchart illustrating an operation according to a back-off timer value included in a PDU session establishment release message during session authentication in a 5G network environment according to an embodiment of the present disclosure.
4B is a flowchart illustrating an operation according to a back-off timer value included in a PDU session establishment release message during session authentication in a 5G network environment according to another embodiment of the present disclosure.
5A is a flowchart illustrating an operation according to a back-off timer value included in a PDU session establishment release message during session authentication in a 5G network environment according to another embodiment of the present disclosure.
5B is a flowchart illustrating an operation according to a back-off timer value included in a PDU session establishment release message during session authentication in a 5G network environment according to another embodiment of the present disclosure.
6 is a flowchart illustrating operations of a UE and an SMF during PDU session authentication according to an embodiment.
7 is a diagram illustrating a configuration of a UE according to an embodiment of the present disclosure.
8 is a diagram illustrating a configuration of a network entity according to an embodiment of the present disclosure.

Hereinafter, embodiments of the present disclosure will be described in detail with reference to the accompanying drawings. In describing the embodiments, descriptions of technical content that are well known in the technical field to which the present disclosure pertains and are not directly related to the present disclosure will be omitted. This is to more clearly convey the gist of the present disclosure without obscuring the gist of the present disclosure by omitting unnecessary description.

For the same reason, some components are exaggerated, omitted, or schematically illustrated in the accompanying drawings. In addition, the size of each component does not fully reflect the actual size. The same reference numerals are assigned to the same or corresponding elements in each figure.

Advantages and features of the present disclosure, and methods for achieving them, will become apparent with reference to the embodiments described below in detail in conjunction with the accompanying drawings. However, the present disclosure is not limited to the embodiments disclosed below, but may be implemented in various different forms, and only the present embodiments allow the disclosure of the present disclosure to be complete, and common knowledge in the art to which the present disclosure pertains. It is provided to fully inform those who have the scope of the invention, and the present disclosure is only defined by the scope of the claims. Like reference numerals refer to like elements throughout.

At this time, it will be understood that each block of the flowchart diagrams and combinations of the flowchart diagrams may be performed by computer program instructions.

Additionally, each block may represent a module, segment, or portion of code that includes one or more executable instructions for executing specified logical function(s). It should also be noted that in some alternative implementations it is also possible for the functions recited in blocks to occur out of order. For example, two blocks shown one after another may in fact be performed substantially simultaneously, or it is possible that the blocks are sometimes performed in the reverse order according to the corresponding function.

In this case, the term '~ unit' used in this embodiment means software or hardware components such as FPGA (Field Programmable Gate Array) or ASIC (Application Specific Integrated Circuit), and '~ unit' performs certain roles do. However, '-part' is not limited to software or hardware. The '~ unit' may be configured to reside on an addressable storage medium or may be configured to refresh one or more processors. Thus, as an example, '~' denotes components such as software components, object-oriented software components, class components, and task components, and processes, functions, properties, and procedures. , subroutines, segments of program code, drivers, firmware, microcode, circuitry, data, databases, data structures, tables, arrays, and variables. The functions provided in the components and '~ units' may be combined into a smaller number of components and '~ units' or further separated into additional components and '~ units'. In addition, components and '~ units' may be implemented to play one or more CPUs in a device or secure multimedia card. Also, in an embodiment, '~ unit' may include one or more processors.

A term for identifying an access node used in the following description, a term referring to a network entity or network functions, a term referring to messages, a term referring to an interface between network objects, Terms and the like referring to various pieces of identification information are exemplified for convenience of description. Accordingly, the present disclosure is not limited to the terms described below, and other terms referring to objects having equivalent technical meanings may be used.

For convenience of description, the present disclosure uses terms and names defined in 3GPP LTE (3rd Generation Partnership Project Long Term Evolution) standard, or terms and names modified based on the terms and names. However, the present disclosure is not limited by the above-described terms and names, and may be equally applied to systems conforming to other standards. In the present disclosure, eNB may be used interchangeably with gNB for convenience of description. That is, a base station described as an eNB may represent a gNB. In the present disclosure, the term terminal may refer to a mobile phone, NB-IoT devices, sensors, as well as various wireless communication devices.

That is, in describing the embodiments of the present disclosure in detail, the 3GPP will mainly target the communication standards set by the standards, but the main gist of the present disclosure is to greatly expand the scope of the present disclosure to other communication systems having similar technical backgrounds. It can be applied with some modifications within the scope not departing from, which will be possible at the judgment of a person skilled in the art of the present disclosure.

In the 5G or NR system, an Access and Mobility Management Function (AMF), which is a management entity that manages the mobility of a terminal, and a Session Management Function (SMF), an entity that manages a session, are separated. Unlike in the 4G LTE communication system, where the Mobility Management Entity (MME) performs both mobility management and session management, in the 5G or NR system, as the entity performing mobility management and session management is separated, communication between the terminal and the network entity Methods and communication management methods may change.

In the 5G or NR system, when the terminal accesses the network through non 3GPP access, mobility management is performed through AMF through N3IWF (Non-3GPP Inter-Working Function), and session management through SMF. management) can be performed. In addition, the AMF may process security-related information, which is an important element in mobility management.

As described above, in the 4G LTE system, the MME is in charge of both mobility management and session management. In the 5G or NR system, a non-standalone architecture for performing communication by using the network entity of the 4G LTE system together may be supported.

In the present disclosure, when the network rejects the PDU session or releases the PDU session as the PDU session authentication fails, by defining the operation of the UE and the network, the PDU session (session) ), as the terminal and network operations are synchronized according to the success or failure of authentication, communication can be performed efficiently.

1 is a diagram for explaining the structure of a wireless communication system according to an embodiment of the present disclosure.

1, the core network of the wireless communication system according to an embodiment is UPF (User Plane Function, 131), SMF (Session Management Function, 121), AMF (Access and Mobility Management Function, 111) , 5G RAN (Radio Access Network, 103), UDM (User Data Management, 151), and may include a network function (NF, Network Function) such as PCF (Policy Control Function, 161).

In addition, for authentication of entities corresponding to each of these NFs, entities such as AUSF (Authentication Server Function, 141) and AAA (authentication, authorization and accounting, 171) may be included in the wireless communication system.

Hereinafter, a method for performing session authentication will be described assuming that the wireless communication system is a 5G communication system in the present disclosure, but this is only an example, and the method for performing session authentication according to the present disclosure in other communication systems may be applied. .

When communicating through 3GPP access, UE (User Equipment, Terminal, 101-1) may access the 5G core network through a base station (5G RAN, Radio Access Network, basestation, BS, 103). On the other hand, when the UE 101-1 communicates through non 3GPP access, an N3 interworking function (N3IWF) exists, and session management is controlled through the UE, non 3GPP access, N3IWF, SMF, and mobility. Management (mobility management) can be controlled through the UE, non 3GPP access, N3IWF, AMF.

In the 5G or NR system, entities performing mobility management and session management are separated into an AMF 111 and an SMF 121 . On the other hand, the 5G or NR system is a standalone deployment structure that communicates only with 5G or NR entities and a non-stand alone deployment structure that uses 4G entities and 5G or NR entities together. can support

2 is a flowchart illustrating an operation according to a back-off timer value included in a PDU session establishment rejection message during session authentication in a 5G network environment according to an embodiment of the present disclosure.

In step 201 , the UE 100 may transmit a protocol data unit (PDU) session establishment request (PDU SESSION ESTABLISHMENT REQUEST) message to the SMF 200 . The PDU SESSION ESTABLISHMENT REQUEST message may be transmitted from the UE 100 to the SMF 200 to request establishment of a PDU session.

In step 211, the SMF (200) may transmit a PDU session authentication command (PDU SESSION AUTHENTICATION COMMAND) message to the UE (100). The SMF 200 may include a PDU session authentication process as a part of the PDU session establishment according to the request of the UE 100 . Therefore, the SMF may transmit a PDU SESSION AUTHENTICATION COMMAND message to the UE 100 in order to authenticate the PDU session.

In step 213 , the UE 100 may transmit a PDU SESSION AUTHENTICATION COMPLETE message to the SMF 200 .

In step 221, the SMF 200 may transmit a PDU session establishment rejection (PDU SESSION ESTABLISHMENT REJECT) message to the UE. If it is determined that the PDU session authentication is invalid ( PDU session authentication fails), the SMF 200 may transmit a PDU SESSION ESTABLISHMENT REJECT message to the UE 100 . The PDU SESSION ESTABLISHMENT REJECT message according to an embodiment may include the IE shown in Table 1 below, for example, a back-off timer value may be included in the PDU SESSION ESTABLISHMENT REJECT message.

[Table 1] PDU SESSION ESTABLISHMENT REJECT message

In step 231 , the UE 100 may transmit a PDU SESSION ESTABLISHMENT REQUEST message to the SMF 200 . When the back-off timer value is included in the received PDU SESSION ESTABLISHMENT REJECT message, the UE 100 may transmit a PDU SESSION ESTABLISHMENT REQUEST message to the SMF 200 after back-off by the corresponding back-off timer value. Meanwhile, at this time, the UE 100 may transmit a PDU SESSION ESTABLISHMENT REQUEST message to an equivalent public land mobile network (EPLMN). The EPLMN corresponds to a PLMN that the UE 100 recognizes identically or equivalently to the PLMN in which the UE 100 is currently located, and the UE 100 may transmit a PDU SESSION ESTABLISHMENT REQUEST message to the EPLMN selected based on the stored EPLMN list. have.

3 is a flowchart illustrating an operation according to a back-off timer value included in a PDU session establishment rejection message during session authentication in a 5G network environment according to another embodiment of the present disclosure.

In step 301 , the UE 100 may transmit a PDU SESSION ESTABLISHMENT REQUEST message to the SMF 200 . The PDU SESSION ESTABLISHMENT REQUEST message may be transmitted from the UE 100 to the SMF 200 to request establishment of a PDU session.

In step 311 , the SMF 200 may transmit a PDU SESSION AUTHENTICATION COMMAND message to the UE 100 . The SMF 200 may transmit a PDU SESSION AUTHENTICATION COMMAND message to the UE 100 to authenticate the PDU session.

In step 313 , the UE 100 may transmit a PDU SESSION AUTHENTICATION COMPLETE message to the SMF 200 .

In step 321 , the SMF 200 may transmit a PDU SESSION ESTABLISHMENT REJECT to the UE 100 . If it is determined that the PDU session authentication is invalid (PDU session authentication fails), the SMF 200 may transmit a PDU SESSION ESTABLISHMENT REJECT message to the UE. The PDU SESSION ESTABLISHMENT REJECT message according to an embodiment may include the IE shown in Table 2 below. Also, according to an embodiment, the back-off timer value included in the PDU SESSION ESTABLISHMENT REJECT message may be set to 0.

[Table 2] PDU SESSION ESTABLISHMENT REJECT message

In step 331, the UE 100 may determine that authentication for the PDU session has failed, and may not retry (RETRY) the transmission of the PDU SESSION ESTABLISHMENT REQUEST. That is, as the UE 100 receives the PDU SESSION ESTABLISHMENT REJECT message from the SMF 200 , it may determine that authentication for the PDU session has failed. In this case, the UE 100 may determine whether to retry the establishment request of the PDU session based on the back-off value included in the PDU SESSION ESTABLISHMENT REJECT message. For example, when the back-off value included in the SESSION ESTABLISHMENT REJECT message is 0, the UE 100 may not retry the establishment request of the PDU session. However, this is only an example, and the back-off value when the UE 100 does not retry the establishment request of the PDU session is not limited to the above-described example.

4A is a flowchart illustrating an operation according to a back-off timer value included in a PDU session establishment release message during session authentication in a 5G network environment according to an embodiment of the present disclosure.

In step 411 , the SMF 200 may transmit a PDU SESSION AUTHENTICATION COMMAND message to the UE 100 . The SMF 200 may transmit a PDU SESSION AUTHENTICATION COMMAND message to the UE 100 to authenticate the PDU session.

In step 413 , the UE 100 may transmit a PDU SESSION AUTHENTICATION COMPLETE message to the SMF 200 .

In step 421 , the SMF 200 may transmit a PDU SESSION RELEASE COMMAND message to the UE 100 . Even after the establishment of the PDU session with the UE 100 is completed, the SMF 200 may perform an authentication process for the PDU session through the PDU session authentication command. At this time, when it is determined that the PDU session authentication is invalid (the PDU session authentication process fails), the SMF 200 may transmit a PDU SESSION RELEASE COMMAND message to the UE 100 .

In this case, the PDU SESSION RELEASE COMMAND message may include IEs according to Table 3 below. For example, the PDU SESSION RELEASE COMMAND message may include a back-off timer value.

[Table 3] PDU SESSION RELEASE COMMAND MESSAGE message

In step 431 , the UE 100 may transmit a PDU SESSION ESTABLISHMENT REQUEST message to the SMF 200 . When a back-off timer value is included in the received PDU SESSION RELEASE COMMAND message, the UE 100 may transmit a PDU SESSION ESTABLISHMENT REQUEST message to the SMF 200 after back-off by the corresponding back-off timer value. In this case, the UE 100 may transmit a PDU SESSION ESTABLISHMENT REQUEST message to the SMF 200 after back-off by the set back-off timer value.

Meanwhile, at this time, the UE 100 may transmit a PDU SESSION ESTABLISHMENT REQUEST message to the EPLMN. The EPLMN corresponds to a PLMN that the UE 100 recognizes identically or equivalently to the PLMN in which the UE 100 is currently located, and the UE 100 may transmit a PDU SESSION ESTABLISHMENT REQUEST message to the EPLMN selected based on the stored EPLMN list. have.

4B is a flowchart illustrating an operation according to a back-off timer value included in a PDU session establishment release message during session authentication in a 5G network environment according to another embodiment of the present disclosure.

In step 411 , the SMF 200 may transmit a PDU SESSION AUTHENTICATION COMMAND message to the UE 100 . The SMF 200 may transmit a PDU SESSION AUTHENTICATION COMMAND message to the UE 100 to authenticate the PDU SESSION.

In step 413 , the UE 100 may transmit a PDU SESSION AUTHENTICATION COMPLETE message to the SMF 200 .

In step 421 , the SMF 200 may transmit a PDU SESSION RELEASE COMMAND message to the UE 100 . Even after the establishment of the PDU session with the UE 100 is completed, the SMF 200 may send a PDU session authentication command to the UE to perform PDU session authentication. At this time, if it is determined that the PDU session authentication is invalid (the authentication of the PDU session has failed), the SMF 200 may transmit a PDU SESSION RELEASE COMMAND message to the UE 100 .

In this case, the PDU SESSION RELEASE COMMAND message may include IEs according to Table 3 above. For example, the PDU SESSION RELEASE COMMAND message may include a back-off timer value set to 0.

In step 431, the UE 100 may not retry (RETRY) the transmission of the PDU SESSION ESTABLISHMENT REQUEST message by determining that authentication for the PDU session has failed. The UE 100 may determine that authentication for the PDU session has failed as it receives the PDU SESSION ESTABLISHMENT RELEASE message from the SMF 200 . In this case, the UE 100 may determine whether to retry the establishment request of the PDU session based on the back-off value included in the PDU SESSION ESTABLISHMENT release message. For example, when the back-off value included in the SESSION ESTABLISHMENT release message is 0, the UE 100 may not retry the establishment request of the PDU session. However, this is only an example, and the back-off value when the UE 100 does not retry the establishment request of the PDU session is not limited to the above-described example.

5A is a flowchart illustrating an operation according to a back-off timer value included in a PDU session establishment release message during session authentication in a 5G network environment according to another embodiment of the present disclosure.

In step 511 , the SMF 200 may transmit a PDU SESSION AUTHENTICATION COMMAND message to the UE 100 . The SMF 200 may transmit a PDU SESSION AUTHENTICATION COMMAND message to the UE 100 to authenticate the PDU session.

In step 513 , the UE 100 may transmit a PDU SESSION AUTHENTICATION COMPLETE message to the SMF 200 .

In step 521 , the SMF 200 may transmit a PDU SESSION RELEASE COMMAND message to the UE 100 . Even after the establishment of the PDU session with the UE 100 is completed, the SMF 200 may send a PDU session authentication command message to the UE to perform the PUD session authentication process. At this time, if it is determined that the PDU session authentication is invalid (the PDU session authentication has failed), the SMF 200 may transmit a PDU SESSION RELEASE COMMAND message to the UE 100 .

In this case, the PDU SESSION RELEASE COMMAND message may include IEs according to Table 4 below. For example, the PDU SESSION RELEASE COMMAND message may include a back-off timer value.

[Table 4] PDU SESSION RELEASE COMMAND MESSAGE message

In step 531 , the UE 100 may transmit a PDU SESSION MOFIFICATION REQUEST message to the SMF 200 . When a back-off timer value is included in the received PDU SESSION RELEASE COMMAND message, the UE 100 may transmit a PDU SESSION modification REQUEST message to the SMF 200 after back-off by the corresponding back-off timer value. In this case, the UE 100 may transmit a PDU SESSION MODIFICATION REQUEST message to the SMF 200 after backing off by the set backoff timer value.

Meanwhile, at this time, the UE 100 may transmit a PDU SESSION MODIFICATION REQUEST message to the EPLMN. The EPLMN corresponds to a PLMN recognized by the UE 100 identically or equivalently to the PLMN in which the UE 100 is currently located, and the UE 100 may transmit a PDU SESSION modification REQUEST message to the EPLMN selected based on the stored EPLMN list. have.

5B is a flowchart illustrating an operation according to a back-off timer value included in a PDU session establishment release message during session authentication in a 5G network environment according to another embodiment of the present disclosure.

In step 511 , the SMF 200 may transmit a PDU SESSION AUTHENTICATION COMMAND message to the UE 100 . The SMF 200 may transmit a PDU SESSION AUTHENTICATION COMMAND message to the UE 100 to authenticate the PDU SESSION.

In step 513 , the UE 100 may transmit a PDU SESSION AUTHENTICATION COMPLETE message to the SMF 200 .

In step 521 , the SMF 200 may transmit a PDU SESSION RELEASE COMMAND message to the UE 100 . Even after the establishment of the PDU session with the UE 100 is completed, the SMF 200 may send a PDU session authentication command message to the UE to perform the PDU session authentication process. At this time, when it is determined that the PDU session authentication is invalid (authentication for the PDU session has failed), the SMF 200 may transmit a PDU SESSION RELEASE COMMAND message to the UE 100 .

In this case, the PDU SESSION RELEASE COMMAND message may include IEs according to Table 4 above. For example, the PDU SESSION RELEASE COMMAND message may include a back-off timer value set to 0.

In step 531 , the UE 100 may not retry (RETRY) transmission of the PDU SESSION modification REQUEST message by determining that authentication for the PDU session has failed. The UE 100 may determine that authentication for the PDU session has failed as it receives the PDU SESSION RELEASE message from the SMF 200 . In this case, the UE 100 may determine whether to retry the PDU session modification: PDU SESSION MODIFICATION request based on the back-off value included in the PDU SESSION release message. For example, when the back-off value included in the PDU SESSION release message is 0, the UE 100 may not retry the PDU session modification request. However, this is only an example, and the back-off value when the UE 100 does not retry the PDU session modification request is not limited to the above-described example.

6 is a flowchart illustrating operations of a UE and an SMF during PDU session authentication according to an embodiment.

In step 610, the UE may transmit a PDU session establishment request message to the SMF. The PDU session establishment request message may be transmitted from the UE to the SMF to request establishment of a PDU session.

In step 620, the UE may receive a PDU session authentication command message from the SMF. The SMF may include a PDU session authentication process as a part of the PDU session establishment process according to the UE's request, and may transmit a PDU session authentication command message to the UE to authenticate the PDU session.

In step 630, the UE may transmit a PDU session authentication complete message to the SMF.

In step 640, the SMF may determine whether PDU session authentication is valid (authentication is successful or failed).

In step 650, when it is determined that the PDU session authentication is valid (when the PDU session authentication is successful), a PDU session establishment process is performed between the UE and the SMF, or the previously established PDU session may be maintained.

In step 660, the UE may receive a PDU session establishment rejection message in which the back-off timer is set from the SMF. The UE may receive a PDU session establishment rejection message with a back-off timer set from the SMF.

In step 670, the UE may check the value of the back-off timer included in the PDU session establishment rejection message.

In step 680, when the value of the back-off timer is not 0, the UE may retransmit the PDU session establishment request message after the back-off timer expires.

In step 690, when the value of the back-off timer is 0, the UE may not perform an operation of attempting to establish a PDU session.

As an example, when the UE receives the PDU session establishment rejection message, the UE may start a timer based on a back-off timer included in the PDU session establishment rejection message. In this case, as described above, when the back-off timer value is not 0, the UE expires the timer after the back-off timer value and transmits a PDU session establishment request message to attempt to establish a PDU session. On the other hand, when the back-off timer value included in the PDU session rejection message is 0, the UE may not attempt to establish a PDU session. For example, when PDU session establishment fails and PUD session establishment is impossible, the UE transmits the PDU session request message after receiving the PDU session rejection message may be unnecessary. In consideration of the above, the SMF may instruct the UE not to perform the PDU session establishment operation. In this case, as an example, the SMF may transmit a PDU session rejection message in which the back-off timer value is set to 0 to the UE. In this case, when the back-off timer value is 0, the UE may not attempt to establish a PDU session. That is, the back-off timer value set to 0 may be used as an indicator not to perform the PDU session establishment attempt operation. Through this, it is possible to control the UE not to perform unnecessary operations.

On the other hand, although it has been described in FIG. 6 that the UE receives the PDU session establishment rejection message, this is only an example, and the UE receives the PDU session establishment release message as described above in FIGS. 4A, 4B, 5A and 5B. You may.

That is, the back-off timer value may be set to 0 or a non-zero value even in the PUD session establishment release message. In this case, for example, when the back-off timer value of the PDU session establishment release message is 0, the UE does not transmit the PDU session establishment request message and may not perform the PUD session establishment operation. Also, as an example, when the back-off timer value of the PDU establishment release message is 0, the UE may not transmit a PDU session change request message and may not perform a PUD change operation.

Also, as an example, when the back-off timer value of the PDU session establishment release message is not 0, the UE may operate based on the back-off timer operation, as described above.

7 is a diagram illustrating a configuration of a UE according to an embodiment of the present disclosure.

As shown in FIG. 7 , the UE of the present disclosure may include a transceiver 710 , a memory 720 , and a processor 730 . According to the communication method of the UE described above, the processor 730 , the transceiver 710 , and the memory 720 of the UE may operate. However, the components of the UE are not limited to the above-described examples. For example, the terminal may include more or fewer components than the aforementioned components. In addition, the processor 730 , the transceiver 710 , and the memory 720 may be implemented in the form of a single chip.

The transceiver 710 collectively refers to a receiver of a UE and a transmitter of a terminal, and may transmit/receive signals to and from a base station or a network entity. In this case, the signal may include control information and data. To this end, the transceiver 710 may include an RF transmitter for up-converting and amplifying the frequency of a transmitted signal, and an RF receiver for low-noise amplifying a received signal and down-converting the frequency. However, this is only an embodiment of the transceiver 710 and components of the transceiver 710 are not limited to the RF transmitter and the RF receiver. In addition, the transceiver 710 may include a wired/wireless transceiver, and may further include various components for transmitting and receiving signals.

In addition, the transceiver 710 may receive a signal through a wireless channel and output it to the processor 730 , and transmit the signal output from the processor 730 through a wireless channel.

In addition, the transceiver 710 may receive a communication signal and output it to the processor, and transmit the signal output from the processor to a network entity through a wired/wireless network.

The memory 720 may store programs and data necessary for the operation of the UE. Also, the memory 720 may store control information or data included in a signal obtained from the UE. The memory 720 may be configured as a storage medium or a combination of storage media, such as ROM, RAM, hard disk, CD-ROM, and DVD.

The processor 730 may control a series of processes so that the UE can operate according to the above-described embodiment of the present disclosure. The processor 730 may include at least one or more processors. For example, the processor 730 may include a communication processor (CP) that controls for communication and an application processor (AP) that controls an upper layer such as an application program.

8 is a diagram illustrating a configuration of a network entity according to an embodiment of the present disclosure.

As shown in FIG. 8 , the network entity of the present disclosure may include a transceiver 810 , a memory 820 , and a processor 830 . According to the above-described communication method of the network entity, the processor 830 , the transceiver 810 , and the memory 820 of the network entity may operate. However, the components of the network entity are not limited to the above-described example. For example, the network entity may include more or fewer components than the aforementioned components. In addition, the processor 830 , the transceiver 810 , and the memory 820 may be implemented in the form of a single chip. The network entity may include a network function (NF, Network Function) such as the SMF Session Management Function described above. The transmitter/receiver 810 collectively refers to a receiver of a network entity and a transmitter of a network entity, and may transmit/receive a signal to/from a terminal or other network entity. In this case, the transmitted/received signal may include control information and data. To this end, the transceiver 810 may include an RF transmitter that up-converts and amplifies a frequency of a transmitted signal, and an RF receiver that low-noise amplifies and down-converts a received signal. However, this is only an embodiment of the transceiver 810 and components of the transceiver 810 are not limited to the RF transmitter and the RF receiver. The transceiver 810 may include a wired/wireless transceiver, and may include various components for transmitting and receiving signals.

Also, the transceiver 810 may receive a signal through a communication channel (eg, a wireless channel) and output it to the processor 830 , and transmit the signal output from the processor 830 through the communication channel.

Also, the transceiver 810 may receive a communication signal and output it to the processor, and transmit the signal output from the processor to a terminal or a network entity through a wired/wireless network.

The memory 820 may store programs and data necessary for the operation of the network entity. Also, the memory 820 may store control information or data included in a signal obtained from a network entity. The memory 820 may be configured as a storage medium or a combination of storage media, such as ROM, RAM, hard disk, CD-ROM, and DVD.

The processor 830 may control a series of processes so that the network entity operates according to the above-described embodiment of the present disclosure. The processor 830 may include at least one processor. Methods according to the embodiments described in the claims or specifications of the present disclosure may be implemented in the form of hardware, software, or a combination of hardware and software.

When implemented in software, a computer-readable storage medium storing one or more programs (software modules) may be provided. One or more programs stored in the computer-readable storage medium are configured to be executable by one or more processors in an electronic device (device). One or more programs include instructions for causing an electronic device to execute methods according to embodiments described in a claim or specification of the present disclosure.

Such programs (software modules, software) include random access memory, non-volatile memory including flash memory, read only memory (ROM), electrically erasable programmable ROM (electrically erasable programmable read only memory, EEPROM), magnetic disc storage device, compact disc-ROM (CD-ROM), digital versatile discs (DVDs), or other It may be stored in an optical storage device or a magnetic cassette. Alternatively, it may be stored in a memory composed of a combination of some or all thereof. In addition, each configuration memory may be included in plurality.

In addition, the program is transmitted through a communication network consisting of a communication network such as the Internet, intranet, local area network (LAN), wide area network (WAN), or storage area network (SAN), or a combination thereof It may be stored on an attachable storage device that can be accessed. Such a storage device may be connected to a device implementing an embodiment of the present disclosure through an external port. In addition, a separate storage device on the communication network may be connected to the device implementing the embodiment of the present disclosure.

In the specific embodiments of the present disclosure described above, components included in the disclosure are expressed in the singular or plural according to the specific embodiments presented. However, the singular or plural expression is appropriately selected for the context presented for convenience of description, and the present disclosure is not limited to the singular or plural element, and even if the element is expressed in plural, it is composed of the singular or singular. Even an expressed component may be composed of a plurality of components.

Meanwhile, although specific embodiments have been described in the detailed description of the present disclosure, various modifications are possible without departing from the scope of the present disclosure. Therefore, the scope of the present disclosure should not be limited to the described embodiments and should be defined by the claims described below as well as the claims and equivalents.

Claims (20)

A method for a user equipment (UE) to authenticate a session in a wireless communication system, the method comprising:
transmitting a protocol data unit (PDU) session authentication completion message to a session management function (SMF);
receiving a PDU session establishment rejection message from the SMF when the PDU session authentication fails; and
based on a back-off timer value included in the message received from the SMF, determining retransmission of the PDU session establishment message. The method of claim 1, wherein the message indicating that authentication of the PDU session fails,
PDU session establishment rejection message or PDU session establishment release message. The method of claim 1, wherein determining the retransmission of the PDU session establishment request comprises:
When the back-off timer value corresponds to a preset value, it is determined not to re-request authentication for the PDU session. If the back-off timer value does not correspond to the preset value, the PDU determining to perform a re-request of authentication for the session. The method of claim 1,
The method further comprising the step of sending a PDU session establishment request message or a PDU session modification request message to the SMF when it is determined to perform a re-request of authentication for the PDU session. The method of claim 1,
The method further comprising the step of transmitting a PDU session establishment request message or a PDU session modification request message to an equivalent public land mobile network (EPLMN) when it is determined to perform a re-request for authentication for the PDU session. In a method for an SMF (session management function) to authenticate a session in a wireless communication system,
Receiving a protocol data unit (PDU) session authentication complete message from a user equipment (UE);
determining whether to re-request authentication for the PDU session when it is determined that the PDU session is invalid;
Transmitting a message informing the UE that authentication of the PDU session has failed,
A method of determining a back-off timer value included in a message indicating that authentication of the PDU session fails based on whether or not authentication of the PDU session is re-requested. The method of claim 6, wherein the message indicating that authentication of the PDU session fails,
PDU session establishment rejection message or PDU session establishment release message. 7. The method of claim 6,
When it is determined not to perform a re-request for authentication for the PDU session, the back-off timer value is set to a preset value, and when it is determined to perform a re-request for authentication for the PDU session, the back- The off-timer value is set to a value other than the preset value. 7. The method of claim 6,
The method further comprising the step of receiving a PDU session establishment request message or a PDU session modification request message from the UE when it is determined to perform a re-request of authentication for the PDU session. 7. The method of claim 6,
When it is determined to perform a re-request for authentication for the PDU session, a PDU session establishment request message or a PDU session modification request message is transmitted to an equivalent public land mobile network (EPLMN). In a user equipment (UE) for authenticating a session in a wireless communication system,
transceiver; and
At least one processor connected to the transceiver,
the at least one processor,
transmit a protocol data unit (PDU) session authentication completion message to a session management function (SMF), and when it is determined that the PDU session is invalid, receive a message from the SMF indicating that authentication of the PDU session fails control the transceiver,
Based on a back-off timer value included in the message received from the SMF, the UE determines a re-request for authentication for the PDU session. The method of claim 11, wherein the message indicating that authentication of the PDU session fails,
A UE comprising a PDU session establishment rejection message or a PDU session establishment release message. The method of claim 11 , wherein the at least one processor comprises:
When the back-off timer value corresponds to a preset value, it is determined not to re-request authentication for the PDU session. If the back-off timer value does not correspond to the preset value, the PDU determining to perform a re-request of authentication for the session. The method of claim 11 , wherein the at least one processor comprises:
Controlling the transceiver to transmit a PDU session establishment request message or a PDU session modification request message to the SMF when it is determined to perform a re-request of authentication for the PDU session. The method of claim 11 , wherein the at least one processor comprises:
Controlling the transceiver to transmit a PDU session establishment request message or a PDU session modification request message to an equivalent public land mobile network (EPLMN) when it is determined to perform a re-request for authentication for the PDU session. A network entity for authenticating a session in a wireless communication system, comprising:
transceiver; and
At least one processor connected to the transceiver,
the at least one processor,
controlling the transceiver to receive a protocol data unit (PDU) session authentication completion message from a user equipment (UE);
When it is determined that the PDU session is invalid, it is determined whether to re-request authentication for the PDU session,
Controls the transceiver to transmit a message informing the UE that authentication of the PDU session fails,
A network entity that determines a back-off timer value included in a message indicating that authentication of the PDU session has failed based on whether or not authentication of the PDU session is re-requested. The method of claim 16, wherein the message indicating that authentication of the PDU session fails,
A network entity comprising a PDU Session Establishment Reject message or a PDU Session Establishment Release message. 17. The method of claim 16,
When it is determined not to perform a re-request for authentication for the PDU session, the back-off timer value is set to a preset value, and when it is determined to perform a re-request for authentication for the PDU session, the back- A network entity that sets the off-timer value to a value other than the preset value. The method of claim 16, wherein the at least one processor comprises:
When it is determined to perform a re-request of authentication for the PDU session, the network entity controls the transceiver to receive a PDU session establishment request message or a PDU session modification request message from the UE. 17. The method of claim 16,
When it is determined to perform a re-request of authentication for the PDU session, a PDU session establishment request message or a PDU session modification request message is transmitted to an equivalent public land mobile network (EPLMN).

Images