US20190191309A1 - Method for requesting authentication between terminal and 3rd party server in wireless communication system, terminal therefor, and network slice instance management device - Google Patents
Method for requesting authentication between terminal and 3rd party server in wireless communication system, terminal therefor, and network slice instance management device Download PDFInfo
- Publication number
- US20190191309A1 US20190191309A1 US16/327,205 US201716327205A US2019191309A1 US 20190191309 A1 US20190191309 A1 US 20190191309A1 US 201716327205 A US201716327205 A US 201716327205A US 2019191309 A1 US2019191309 A1 US 2019191309A1
- Authority
- US
- United States
- Prior art keywords
- terminal
- unit
- party server
- authentication
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/02—Details
- H04L12/14—Charging, metering or billing arrangements for data wireline or wireless communications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/02—Details
- H04L12/14—Charging, metering or billing arrangements for data wireline or wireless communications
- H04L12/1403—Architecture for metering, charging or billing
- H04L12/1407—Policy-and-charging control [PCC] architecture
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M15/00—Arrangements for metering, time-control or time indication ; Metering, charging or billing arrangements for voice wireline or wireless communications, e.g. VoIP
- H04M15/82—Criteria or parameters used for performing billing operations
- H04M15/8228—Session based
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W48/00—Access restriction; Network selection; Access point selection
- H04W48/18—Selecting a network or a communication service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W80/00—Wireless network protocols or protocol adaptations to wireless operation
- H04W80/08—Upper layer protocols
- H04W80/10—Upper layer protocols adapted for application session management, e.g. SIP [Session Initiation Protocol]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
- H04L9/3213—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
Definitions
- the present invention relates to a terminal, a method for authentication request between the terminal and a third party server, and a terminal and network slice management device; in particular, the present invention relates to a method for the network slice instance management device to assign a network for use in authentication between the terminal and the third party server.
- the 5G or pre-5G communication system is also called a “Beyond 4G Network” or a “Post LTE System”.
- mmWave massive multiple-input multiple-output
- FD-MIMO Full Dimensional MIMO
- array antenna analog beam forming, and large scale antenna techniques are being discussed for the 5G communication system.
- the Internet which is a human centered connectivity network where humans generate and consume information
- IoT Internet of Things
- IoE Internet of Everything
- sensing technology “wired/wireless communication and network infrastructure”, “service interface technology”, and “security technology”
- M2M Machine-to-Machine
- MTC Machine Type Communication
- Such an IoT environment may provide intelligent Internet technology services that create new values for human life by collecting and analyzing data generated among connected things.
- the IoT may be applied to a variety of fields including smart home, smart building, smart city, smart car or connected car, smart grid, health care, smart appliances, and advanced medical services through convergence and combination between existing Information Technology (IT) and various industrial applications.
- IT Information Technology
- the 5G system is also referred to as a New Radio access technology (NR) system.
- NR New Radio access technology
- the NR system aims to provide data services at a data rate of a few Gbps with an ultra-high bandwidth broader than the 100 MHz of the legacy LTE and LTE-A systems.
- NG next generation
- NG core network a new concept of “network function” is introduced for virtualizing legacy network entities (NEs). Furthermore, the functionality of the mobility management entity (MME) is divided into a mobility management function and a session management function, and terminal mobility management varies with terminal usage type.
- MME mobility management entity
- the 5G communication system needs designing to support enhanced mobile broadband (eMBB), ultra-reliable low-latency communications (URLLC), and massive machine type communications (mMTC) services.
- eMBB enhanced mobile broadband
- URLLC ultra-reliable low-latency communications
- mMTC massive machine type communications
- the requirements for the NG core network to serve the terminals may vary with the type of the service to be provided to the terminal.
- an eMBB communication service may require a high data rate while a URLLC communication may require a high reliability and low latency.
- the network slicing technology virtualizes a physical network to generate multiple logical networks.
- network slice instances as the instances generated based on respective network slices, may have different service characteristics. That is, the NSIs may support different network functions suitable for respective service characteristics.
- the 5G communication system is capable of supporting 5G communication services efficiently by assigning to a terminal an NSI suitable for the service characteristics required by the terminal
- a network carrier may rent out sliced networks to mobile virtual network operators (MVNOs) or third party service (or content) providers to create extra profits.
- MVNOs mobile virtual network operators
- content third party service providers
- the NSIs are functionally isolated from each other so as to operate as independent networks.
- the third party service providers may provide the users subscribed to their services with improved quality of service (QoS) using the tenanted network slices.
- QoS quality of service
- the third party service providers need to authenticate the terminals of the users subscribed to their services among the users attempting access to their services.
- the present invention aims to provide a method and device that is capable of authenticating a terminal in order for the user of the terminal to use an NSI created based on the network slice tenanted by a third party service provider.
- a method for a terminal to request to a third party server for authentication includes transmitting a service request message including a tenant identifier (ID) and a slice type provided by an application associated with the third party server to a common control plane network function serving unit, receiving, if a limited data session (limited packet data unit session) for authentication between the terminal and the third party server is established by a network slice instance management device (network slice instance unit) selected by the common control plane network function serving unit based on the service request message, a service response message including information on a limited data session from the network slice instance management device, and transmitting an authentication request message requesting for authentication on the terminal to the third party server through the limited data session based on the service response message.
- a network slice instance management device network slice instance unit
- a method for a network slice instance management device (network slice instance unit) to establish a data session includes receiving a service request message from a terminal, establishing a limited data session (limited packet data unit session) for authentication between the terminal and a third party server based on the received service request message, and transmitting a service response message including information on the limited data session to the terminal to assign the limited data session between the terminal and the third party server.
- a limited data session limited packet data unit session
- a terminal requesting to a third party server for authentication includes a communication unit configured to communicate with an external node, a storage unit configured to store a tenant identifier (ID) and a slice type, and a processor configured to control the communication unit to transmit a service request message including a tenant identifier (ID) and a slice type provided by an application associated with the third party server to a common control plane network function serving unit, receive, if a limited data session (limited packet data unit session) for authentication between the terminal and the third party server is established by a network slice instance management device (network slice instance unit) selected by the common control plane network function serving unit based on the service request message, a service response message including information on a limited data session from the network slice instance management device; and transmit an authentication request message requesting for authentication on the terminal to the third party server through the limited data session based on the service response message.
- a limited data session limited packet data unit session
- a network slice instance management device for establishing a data session includes a communication unit configured to communicate with an external node and a controller configured to control the communication unit to receive a service request message from a terminal, establish a limited data session (limited packet data unit session) for authentication between the terminal and a third party server based on the received service request message, and transmit a service response message including information on the limited data session to the terminal to assign the limited data session between the terminal and the third party server.
- the authentication method for use of a network slice according to the present invention is advantageous in terms of simplifying the authentication procedure between a terminal and a third party server.
- the present invention is advantageous in that only installing an application associated with a third party server on a terminal makes it possible to facilitate transmitting traffic of the installed application to the third party server.
- the present invention is also advantageous in that the third party server is capable of authenticating a user of a terminal for use of a network slice according to a legacy user authentication scheme. This makes it possible to simplify wireless communication network deployment scenarios and expect a cost reduction effect.
- FIG. 1 is a diagram illustrating a 5G wireless communication system according to an embodiment of the present invention
- FIG. 2 is a block diagram illustrating a configuration of a terminal that requests to a third party server for authentication according to an embodiment of the present invention
- FIG. 3 is a signal flow diagram illustrating a procedure for a UE to request to a third party server for authentication for use of a network slice according to an embodiment of the present invention
- FIG. 4 is a block diagram illustrating a configuration of a UE in a wireless communication system according to an embodiment of the present invention
- FIG. 5 is a block diagram illustrating a configuration of an NSI unit of a wireless communication system according to an embodiment of the present invention
- FIG. 6 is a flowchart illustrating a procedure for a UE to request to a third party server for authentication in a wireless communication system according to an embodiment of the present invention.
- FIG. 7 is a flowchart illustrating a procedure for an NSI unit to establish a data session in a wireless communication according to an embodiment of the present invention.
- ordinal terms such as “first,” “second,” etc. are used to describe various components; however, it is obvious that the components should not be defined by these terms. The terms are used only for distinguishing one component from another component. For example, a first component may be referred to as a second component and, likewise, a second component may also be referred to as a first component, without departing from the teaching of the inventive concept. Also, the expression “and/or” is taken as a specific invention of each and any combination of enumerated things.
- phrases “associated with” and “associated therewith” as well as derivatives thereof may mean to include, be included within, interconnect with, contain, be contained within, connect to or with, couple to or with, be communicable with, cooperate with, interleave, juxtapose, be proximate to, be bound to or with, have, have a property of, or the like.
- a part is (functionally or communicably) “connected to” or “coupled to” another part, this may mean to include not only the case of “being directly connected to” but also the case of “being indirectly connected to” by interposing another device being interposed therebetween.
- a first part transmits data to a second part this may mean to include not only the case of delivering the data from the first part to the second part directly but also the case of delivering the data from the first part to the second part via another part (e.g., third part).
- a terminal transmits data to a core network this may mean to include a situation where the terminal transmits the data to the core network via a base station or an access point (AP).
- AP access point
- base station denotes an entity allocating resources to terminals for communications therewith and may be interchangeably referred to as BS, node B (NB), evolved node B (eNB), next generation radio access network (NG RAN), radio access unit, base station controller, and a node on a network.
- BS node B
- eNB evolved node B
- NG RAN next generation radio access network
- terminal may denote an entity communicating with a base station or another terminal and may be interchangeably referred to as node, user equipment (UE), next generation UE (NG UE), mobile station (MS), mobile equipment (ME), and device.
- UE user equipment
- NG UE next generation UE
- MS mobile station
- ME mobile equipment
- the terminal may include at least one of a smart phone, a tablet personal computer (PC), a mobile phone, a video phone, an e-book reader, a desktop PC, a laptop PC, a netbook computer, a Personal Digital Assistant (PDA), a portable Multimedia Player (PMP), an MP3 player, a medical device, a camera, and a wearable device.
- a smart phone a tablet personal computer (PC)
- PC personal computer
- PDA Personal Digital Assistant
- PMP portable Multimedia Player
- MP3 player MP3 player
- the terminal may also include at least one of a television (TV), a Digital Video Disk (DVD) player, an audio player, a refrigerator, an air conditioner, a cleaner, an oven, a microwave oven, a washing machine, an air cleaner, a set-top box, a home automation control panel, a security control panel, a media box (for example, Samsung HomeSyncTM, Apple TVTM, or Google TVTM), a game console (e.g., XboxTM and PlayStationTM), an electronic dictionary, an electronic key, a camcorder, and an electronic frame.
- TV television
- DVD Digital Video Disk
- an audio player for example, Samsung HomeSyncTM, Apple TVTM, or Google TVTM
- a refrigerator for example, Samsung HomeSyncTM, Apple TVTM, or Google TVTM
- a game console e.g., XboxTM and PlayStationTM
- an electronic dictionary for example, an electronic key, a camcorder, and an electronic frame.
- the terminal may also include at least one of a medical device (such as portable medical measuring devices (including a glucometer, a heart rate monitor, a blood pressure monitor, and a body temperature thermometer), a Magnetic Resonance Angiography (MRA) device, a Magnetic Resonance Imaging (MRI) device, a Computed Tomography (CT) device, a camcorder, and a microwave scanner), a navigation device, a Global Navigation Satellite System (GNSS), an Event Data Recorder (EDR), a Flight Data Recorder (FDR), an automotive infotainment device, marine electronic equipment (such as marine navigation system and gyro compass), aviation electronics (avionics), security equipment, an automotive head unit, an industrial or household robot, a drone, an Automated Teller Machine (ATM), a Point Of Sales (POS) terminal, and an Internet-of-Things (IoT) device (such as electric bulb, sensor, sprinkler system, fire alarm system, temperature controller, street lamp, toaster, fitness equipment, hot
- the terminal may further include various types of multimedia systems having a communication function.
- the embodiments of the present invention are directed to the 5G wireless communication system, the present invention is applicable to other communication systems having a similar technical background. It will be also understood by those skilled in the art that the present invention can be applied to other communication systems, with a slight modification, without departing from the spirit and scope of the present invention.
- FIG. 1 is a diagram illustrating a 5G wireless communication system according to an embodiment of the present invention.
- the NG UE 101 denotes a terminal being served by the 5G wireless communication system
- the NG RAN 103 denotes a base station performing wireless communication with the UE in the 5G wireless communication system.
- the common control plane network function (CCNF) 105 is connected with the NG RAN 103 to process control messages for management of the NG UE 101 and manages mobility of the NG UE 101 .
- the CCNF 105 may have a network function set including network functions available in common for the NSIs created based on the network slices 110 , 120 , and 130 among the network control functions (control plane network functions).
- the common network functions may include a mobility management network function MM NF, an authentication/authorization NF, an NSI selector NF, and a non-access stratum routing NF (NAS routing NF).
- the NSI selector NF may be a network function for selecting the best NSI for providing the service requested by the UE 101 .
- the NAS routing NF may be responsible for routing an NAS signal from the UE 101 to a proper NSI.
- the subscriber repository 107 may receive subscriber information to authenticate the UE 101 and include subscription information for providing a QoS policy.
- the NSIs created for use of the respective network slices 110 , 120 , and 130 may include respective control plane NFs (CP NFs) 131 a to 131 n and user plane NFs (UP NFs).
- the CP NF is responsible for session management to establish, modify, and release a session for a service.
- the UP NF may manage a service data transmission to the data network 140 via IP address assignment.
- the UE 1010 may connect to multiple NSIs. That is, there may be multiple reference points.
- the NG 1 interface 151 is an interface established between the UE 101 and the CP NF and may be similar in role to the interface for NAS signaling in the legacy LTE communication network.
- the NG 2 interface 152 is an interface established between the RAN 103 and the CP NF and may be similar in role to the interface for S1-MME signaling in the legacy LTE communication network.
- the NG 3 interface 153 is an interface established between the RAN 103 and the UP NF and may be similar in role to the S1-U bearer interface in the legacy LTE communication network.
- the signaling over the NG 1 interface 151 and the NG 2 interface 152 may access the Per NSI CP NFs via the CCNF 105 , and the NG 3 interface 153 may provide direct connections from the RAN 103 to per-NSI UP NFs.
- a device responsible for the CCNF is referred to as a common control function provision device (CCNF unit), a device responsible for NSI function as a network slice instance management device (NSI), a device responsible for CP NF as a network session management device (CP NF unit), and a device responsible for UP NF as a network data management device (UP NF unit), for convenience of explanation.
- CCNF unit common control function provision device
- NSI network slice instance management device
- CP NF unit network session management device
- UP NF unit network data management device
- the term “device” may be a unit of software, hardware, firmware, or any combination thereof; for example, the term “module” may be interchangeably used with the terms “unit”, “logic”, “logical block”, “component”, or “circuit”. At least part of the device may be implemented in the form of a program module with commands stored in a computer-readable storage medium.
- the device may also include an Application-Specific Integrated Circuit (ASIC) chip, Field-Programmable Gate Arrays (FPGAs), and a Programmable-Logic Device known or to be developed for certain operations.
- ASIC Application-Specific Integrated Circuit
- FPGAs Field-Programmable Gate Arrays
- Programmable-Logic Device known or to be developed for certain operations.
- the integrated devices may be implemented as hardware, software, or firmware modules as parts of one device.
- the NSI management device may include the network session management device (CP NF unit) and the network data management device (UP NF unit) implemented as software modules as parts of the NSI management device (NSI unit).
- FIG. 2 is a block diagram illustrating a configuration of a terminal that requests to a third party server for authentication according to an embodiment of the present invention.
- a third party application 201 associated with the third party server may be installed on the NG UE 200 .
- the third party application 201 associated with the third party server may be installed for use of a network slice tenanted by a third party service provider operating the third party server.
- the third party application 201 may be provided by the third party service provider or an application provider cooperating with one or more third party service providers.
- the third party server being operated by the third part service provider is a social network server (SNS) server
- the application may be an application associated with the SNS server.
- SNS social network server
- the third party application 201 may be installed on the UE 200 along with a tenant identifier (ID) for use in identifying the third party service provider providing the application and a slice type specifying service requirements.
- the slice type may include information on the usage or type of data, which indicates whether the data are multimedia data or IoT data by way of example.
- the third party application 201 is installed on the UE 200 along with the tenant ID and slice type, this means that the tenant ID and slice type are stored in the UE 200 in association with or in binding with the application upon detection of a predetermined event during, right after, or since the installation of the third party application 201 .
- the tenant ID and slice type may be sent to a communication processor (CP) 205 via an application processor (AP) 203 , the tenant ID and slice type being transmitted to a communication network via control signaling.
- CP communication processor
- AP application processor
- the third party service provider may have per-operator tenant IDs and slice types, which are determined based on the public land mobile network identifiers (PLMN IDs) of the operators subscribed to by the UE and sent to the CP 205 .
- PLMN IDs public land mobile network identifiers
- the CP may transmit a service request message including the tenant ID and slice type to a CCNF unit.
- the UE 200 may transmit traffic of the third party application 200 to the third party server through a data session established by the NSI unit.
- the UE is capable of using the network slice tenanted by the third party service provider only with the operation of installing the application associated with the third party server. That is, the user only needs to install the application for the traffic of the installed application to be transmitted to the third party server through the network slice.
- the tenant ID and slice type may be acquired from the third party server.
- the UE may request to the third party server for the tenant ID and slice type. If the third party server transmits the tenant ID and slice type in response to the request from the UE, the UE may use the network slice tenanted by the third party service provider based on the received tenant ID and the slice type.
- FIG. 3 is a signal flow diagram illustrating a procedure for a UE to request to a third party server for authentication for use of a network slice according to an embodiment of the present invention.
- the wireless communication system may include a UE 301 , a RAN 302 , a CCNF unit (serving CCNF unit or CCNF serving unit) 303 , an NSI unit (core NSI tenanted by 3 rd party) 304 , a CP NF unit (Slice CP NF unit), an UP NF unit (Slice UP NF unit), and a third party server 307 .
- the third party server 307 is a third party service-related server for providing the third party service or performing user authentication for providing the third party service.
- the UE 301 may be in the state of being previously attached to the communication operator network.
- the UE 301 may also be in the state of being authenticated by the communication operation and assigned a UE ID.
- the UE 301 may also be in the state of having an application associated with the third party server 307 installed and the tenant ID and slice type along with the application.
- the UE 301 may transmit a new service request message to the communication network 301 .
- the new service request message may include the tenant ID, the slice type, and a previously assigned UE ID because the third party application, tenant ID, and slice type are associated with each other.
- the UE 301 transmits the new service request message to the RAN 302 at step 311 , and the RAN relays the new service request message to the CCNF unit 303 at step 312 .
- the CCNF unit 303 may select an NSI unit 305 suitable for the received tenant ID and slice type by means of an NSI selector NF.
- the CCNF unit 303 may relay the new service request message to the NSI unit 304 .
- the NSI unit 304 may establish a limited data session for authentication between the UE 301 and the third party server 307 to transmit traffic for authentication based on the new service request message.
- the limited data session may be a data session with a limited bandwidth and HTTP redirection.
- the UE 301 may need to pass an authentication process of the third party service provider in addition to the authentication process of the communication operator in order to use the NSI unit 304 leased by the third party service provider. Alternatively, if the third party service provider has not leased the NSI unit 304 , the authentication process may not be performed.
- the CP NF unit 305 of the NSI unit 304 may send a session creation request message to the UP NF unit 306 at step 315 .
- the session creation request message may include a UE ID, a data session identifier (packet data unit (PDU) session ID), and a policy and charging control (PCC) rule predefined properly for the limited session.
- PDU packet data unit
- PCC policy and charging control
- the PCC rule may include limited bandwidth and HTTP redirection information.
- the data session may need to be established as a limited packet data unit session.
- the data session is limited in traffic bandwidth to a predetermined bandwidth (e.g., 64 kbps), and the HTTP redirection is configured such that all traffic is oriented to the third party server. That is, the UE 301 may only be authenticated only through the data session (PDU session).
- a predetermined bandwidth e.g. 64 kbps
- the UP NF unit 306 may send a session creation response message to the CP NF unit 305 in reply to the session creation request message.
- the session creation response message may include the UE ID and UE Internet protocol (IP) address.
- the CP NF unit 305 may transmit to the UE 301 a new service response message including information related to the limited data session in reply to the new service request message transmitted at step 314 so as to establish the limited session for authentication between the UE 301 and the third party server 307 .
- Transmitting the new service response message to the UE 301 may include transmitting the new service response message to the UE 301 via the RAN 302 .
- the information related to the limited data session may include a UE ID, a UE IP address, a tenant ID, a slice type, a data session identifier, and a predetermined QoS profile.
- the limited data session may be established between the UE 301 and the third party server 307 at step 318 .
- the UE 301 may connect to the third party server 307 for user authentication.
- the user authentication may be performed in compliance with a predefined authentication scheme.
- examples of the authentication scheme may include a credential authentication scheme, a public key/private key pair authentication scheme, a certificate authentication scheme, a private information authentication scheme, and an ID/password authentication scheme. That is, the third party server 307 may directly perform authentication on the UE based on a legacy authentication scheme.
- the third party application 301 - 1 may transmit, at step 319 , a third party service request message as an authentication request message for authentication of the UE 301 to the third party server 307 through the limited data session.
- the third party service request message may include an identifier of the user of the UE 301 , a password, and a network identifier (PLMN ID).
- PLMN ID network identifier
- User authentication may be performed between the UE 301 and the third party server 307 at step 320 based on the third party service request message.
- the third party server 307 may transmit a service response message as an authentication response message to the third party application 301 - 1 at step 321 .
- the service response message may include a token containing a PCC rule as an update rule to be applied to the UE 301 and a temporary identifier.
- the third party server 307 may transmit to the CP NF unit 305 a service authentication server result message including the token transmitted to the UE 301 .
- the UE 301 may transmit a service authentication application result method including the token to the CP NF unit 305 .
- the CP NF unit 305 may identify the right of the UE 301 for use of the NSI unit 304 based on the service authentication server result message received form the third party server 307 and the service authentication application result message received from the UE 301 and update the temporarily-established limited data session based on the PCC rule included in the token provided by the third party server.
- the CP NF unit 305 sends, at step 324 , a message including the PCC rule for updating the data session, a data session identifier, and a UE identifier to the UP NF unit 306 , and the UP NF unit 306 may update the previously established data session based on the PCC rule.
- the updated data session is assigned between the UE 301 and the third party server 307 at step 325 .
- the traffic bandwidth available for the user of the UE 301 in the communication operator network during the previously established data session is 50 Mbps, it may be updated to 100 Mbps in the data session updated based on the new PCC rule.
- Both the third party application 301 - 1 and the CP NF unit 305 may store the token received from the third party server 307 .
- the token may include a timer.
- the UE 301 may use the previously authenticated NSI unit 304 until the timer expires. In this case, any additional authentication process between the UE 301 and the third party server 307 may be omitted.
- a new data session may be established to be appropriate for use of the third party service based on the PCC rule.
- FIG. 4 is a block diagram illustrating a configuration of a UE in a wireless communication system according to an embodiment of the present invention.
- the UE includes a radio frequency (RF) processor 410 , a baseband processor 420 , a storage unit 440 , and a controller 450 .
- RF radio frequency
- the RF processor 410 has a function for transmitting/receiving a signal over a radio channel such as band conversion and amplification of the signal. That is, the RF processing unit 410 up-converts a baseband signal from the baseband processor 420 to an RF band signal and transmits the RF signal via an antenna and down-converts the RF signal received via the antenna to a baseband signal.
- the RF processor 410 may include a transmission filter, a reception filter, an amplifier, a mixer, an oscillator, a digital-to-analog converter (DAC), and an analog-to-digital converter (ADC).
- DAC digital-to-analog converter
- ADC analog-to-digital converter
- the RF processor 410 may also include a plurality of RF chains.
- the RF processor 410 may perform beamforming For beamforming, the RF processor 410 may adjust the phase and size of a signal to be transmitted/received by means of the antennas or antenna elements.
- the RF processor 410 may be configured to perform a MIMO operation through which the UE can receive multiple layers simultaneously.
- the RF processor 410 may perform a reception beam sweeping operation by properly configuring the antennas or antenna elements and adjust reception beam direction and beamwidth such that the reception beam is aligned with the corresponding transmission beam.
- the baseband processor 420 has a baseband signal-bit string conversion function according to a physical layer standard of the system. For example, in a data transmission mode, the baseband processor 420 performs encoding and modulation on the transmission bit string to generate complex symbols. In a data reception mode, the baseband processor 420 performs demodulation and decoding on the baseband signal from the RF processor 410 to recover the transmitted bit string. In the case of using an OFDM scheme for data transmission, the baseband processor 420 performs encoding and modulation on the transmission bit string to generate complex symbols, maps the complex symbols to subcarriers, performs inverse fast Fourier transform (IFFT) on the symbols, and inserts a cyclic prefix (CP) into the symbols to generate OFDM symbols.
- IFFT inverse fast Fourier transform
- CP cyclic prefix
- the baseband processor 420 splits the baseband signal from the RF processor 410 into OFDM symbols, perform fast Fourier transform (FFT) on the OFDM symbols to recover the signals mapped to the subcarriers, and performs demodulation and decoding on the signals to recover the transmitted bit string.
- FFT fast Fourier transform
- the baseband processor 420 and the RF processor 410 process the transmission and reception signals as described above. Accordingly, the baseband processor 420 and the RF processor 410 may be referred to as a transmitter, a receiver, a transceiver, or a communication unit 430 .
- the communication unit 430 may communicate with an external node.
- the external node may be the NG RAN, CCNF unit, NSI unit, or third party server of the present invention by way of example; if the communication unit 430 communicates with an external node, this may include that the communication unit 430 communicates with the external node via an intermediate medium.
- the communication unit 430 communicates with the CCNF unit, this may include that the communication unit 430 communicates with the CCNF unit via the NG RAN.
- the communication unit 430 communicates with the third party server, this may include that the communication unit 430 communicates with the third party server via the NG RAN and the NSI unit.
- At least one of the baseband processor 420 and the RF processor 410 may include a plurality of communication modules for supporting different radio access technologies. At least one of the baseband processor 420 and the RF processor 410 may also include multiple communication modules for processing the signals in different frequency bands.
- the different radio access technologies may include an LTE network and an NR network.
- the different frequency bands may include a super high frequency (SHF) band (e.g., 2.5 GHz and 5 GHz bands) and an mmWave band (e.g., 60 GHz).
- SHF super high frequency
- mmWave band e.g., 60 GHz
- the storage unit 440 may store data such as basic programs for operation of the UE, application programs, and setting information. The storage unit 440 may provide the stored data in response to a request from the controller 450 .
- the storage unit 440 may include an internal memory and an external memory by way of example.
- the internal memory may include at least one of a volatile memory (e.g., DRAM, SRAM, and SDRAM), a non-volatile memory (e.g., one time programmable ROM (OTPROM)), PROM, EPROM, EEPROM, mask ROM, flash ROM, flash memory, a hard drive, and a solid state drive (SSD) by way of example.
- the external memory may include a flash drive such as compact flash (CF), secure digital (SD), Micro-SD, Mini-SD, extreme digital (xD), multimedia card (MMC), and memory stick.
- CF compact flash
- SD secure digital
- Micro-SD Micro-SD
- Mini-SD mini-SD
- xD extreme digital
- MMC multimedia card
- the external memory may be functionally or physically connected to the UE via various interfaces.
- an application associated with the third party server is installed, and the storage unit 440 may store a tenant ID and a slice type in association with the application.
- the controller 450 controls overall operations of the UE.
- the controller 440 controls the communication unit 430 to transmit and receive signals.
- the controller 450 also writes and reads data to and from the storage unit 440 .
- the controller 450 may include at least one processor.
- the controller 450 may include a communication processor (CP) for controlling communications and an application processor (AP) for controlling higher layer programs such as applications.
- CP communication processor
- AP application processor
- the controller 450 may control the communication unit 430 to transmit a service request message including the tenant ID and slice type being provided by the application associated with the third party server to the CCNF unit. If a limited data session for authentication between the UE and the third party server is established by the NSI unit selected by the CCNF unit, the controller 450 may control the communication unit 430 to receive a service response message including information on the limited data session from the NSI unit. The controller 450 may also control the communication unit 430 to transmit an authentication request message for requesting authentication on the UE to the third party server through the limited data session based on the service response message.
- the tenant ID and slice type may be stored in the UE in association with an application while the application is installed in the UE.
- the controller 450 in the case where the controller 450 is configured to control the communication unit 430 to transmit the service request message, if the third party application is installed or executed on the UE or generates an event triggering a third party service, the controller controls the communication unit to transmit the service request message to the CCNF unit via the NG RAN.
- the controller 450 may control the communication unit 430 to receive an authentication response message including a token from the third party server.
- the controller 450 may control the communication unit 430 to transmit a service authentication result message including the token to the NSI unit and forward the traffic of the application to the third party server through the data session updated based on the service authentication result message.
- At least one of the tenant ID and the slice type may be determined based on the network identifier (PLMN ID) of the communication operator subscribed to by the UE.
- PLMN ID network identifier
- FIG. 5 is a block diagram illustrating a configuration of an NSI unit of a wireless communication system according to an embodiment of the present invention.
- the NSI unit includes a communication unit 510 and a controller 520 .
- the communication unit 510 may communicate with an external node.
- the external node may be the NG RAN, CCNF unit, NSI unit, or third party server of the present invention by way of example; if the communication unit 510 communicates with an external node, this may include that the communication unit 430 communicates with the external node via an intermediate medium.
- the communication unit 510 communicates with a UE, this may include that the communication unit 510 communicates with the UE via an NG RAN.
- a storage unit stores data such as basic programs for operation of the NSI unit, application programs, and setting information.
- the storage unit may provide the stored data in response to a request from the controller 520 .
- the storage unit may include an internal memory and an external memory by way of example.
- the internal memory may include at least one of a volatile memory (e.g., DRAM, SRAM, and SDRAM), a non-volatile memory (e.g., one time programmable ROM (OTPROM)), PROM, EPROM, EEPROM, mask ROM, flash ROM, flash memory, a hard drive, and a solid state drive (SSD) by way of example.
- the external memory may include a flash drive such as compact flash (CF), secure digital (SD), Micro-SD, Mini-SD, extreme digital (xD), multimedia card (MMC), and memory stick.
- CF compact flash
- SD secure digital
- Micro-SD Micro-SD
- Mini-SD mini-SD
- xD extreme digital
- MMC multimedia card
- the external memory may be functionally or physically connected to the NSI unit via various interfaces.
- the controller 520 controls overall operations of the NSI unit.
- the controller 520 controls the communication unit 510 to transmit and receive signals.
- the controller 520 also writes and reads data to and from the storage unit (not shown).
- the controller 520 may include at least one processor.
- the controller 520 may include a communication processor (CP) for controlling communications and an application processor (AP) for controlling higher layer programs such as applications.
- CP communication processor
- AP application processor
- the controller 520 may control the communication unit 510 to receive a service request message from the UE.
- the controller 520 may establish a limited data session for authentication between the UE and the third party server based on the received service request message.
- the controller 520 may also control the communication unit 510 to transmit a service response message including information on the limited data session to the UE for assigning the limited data session.
- the controller 520 may control the communication unit 510 to receive a service authentication result message including an update rule from the third party server.
- the controller 520 may also establish an updated data session based on the update rule.
- the controller may control the communication unit 510 to receive the service request message from the UE via a CCNF unit selected by the NSI.
- the controller 520 may control the CP NF unit to send a session creation request message to a UP NF unit based on the service request message.
- the controller 520 may also control the UP NF unit to send a session creation response message to the CP NF unit in reply to the session creation request message.
- FIG. 6 is a flowchart illustrating a procedure for a UE to request to a third party server for authentication in a wireless communication system according to an embodiment of the present invention.
- the UE may first transmit to a CCNF unit a service request message including a tenant ID and a slice type provided by an application associated with the third party server.
- the tenant ID and slice type may be stored in the UE in association with the application while the application is being installed on the UE. At least one of the tenant ID and the slice type may be determined based on a network ID (PLMN ID) of the communication operator previously subscribed to by the UE.
- PLMN ID network ID
- the UE may transmit the service request message to a CCNF unit via a GN RAN, if the third party application is installed or executed on the UE or generates an event triggering a third party service.
- the UE may receive a service response message including information on the limited data session from the NSI unit at step 603 .
- the UE may transmit an authentication request message for authentication on the UE to the third party server, at step 605 , through the limited data session based on the service response message.
- the UE may receive an authentication response message including a token from the third party server.
- the UE may transmit a service authentication result message including the token to the NSI unit. Then, the UE may transmit traffic of the application to the third party server via the data session updated based on the service authentication result message.
- FIG. 7 is a flowchart illustrating a procedure for an NSI unit to establish a data session in a wireless communication according to an embodiment of the present invention.
- the NSI unit may first receive a service request message from a UE.
- the NSI unit may receive the service request message from the UE via a CCNF that has selected the NSI.
- the NSI unit may establish a limited data session for authentication between the UE and the third party server at step 703 .
- a CP NF unit of the NSI unit may send a session creation request message to a UP NF unit of the NSI unit based on the service request message.
- the UP NF unit may send the CP NF unit a session creation response message including information on the established data session.
- the NSI unit may transmit a service response message including the information on the limited data session to the UE, at step 705 , for assigning the limited data session between the UE and the third party server.
- the NSI unit may receive a service authentication result message including an update rule from the third party server.
- the NSI unit may establish a data session updated based on the updated rule.
- the UE may transmit traffic of the application to the third party server through the updated data session.
- At least part of the components (e.g. modules or their functions) of the wireless communication system or methods may be implemented in the form of program modules stored in a non-transitory computer-readable storage medium.
- the instructions are executed by a processor, the processor may execute the functions corresponding to the instructions.
- a program may be stored in a non-transitory computer-readable storage medium and read and executed by a computer according to an embodiment of the present invention.
- non-transitory storage media may include volatile and non-volatile memories storing data temporarily for operation or transmission such as a resistor, a cache, and a buffer as well as media storing data readable by a device semi-persistently.
- temporary transmission media such as signals and current are not included in the non-transitory storage media.
- the above described programs may be provided in the state of being stored in a non-transitory computer-readable storage medium such as CD, DVD, hard disk, blu-ray disk, USB, internal memory of the device of the present invention, memory card, ROM, and RAM.
- a non-transitory computer-readable storage medium such as CD, DVD, hard disk, blu-ray disk, USB, internal memory of the device of the present invention, memory card, ROM, and RAM.
- the above-described programs may also be stored in a memory of a server and transmitted to a terminal (e.g., device of the present invention) connected to server through a network for sale or transferred or registered to the server by a program provider (e.g., program developer and program producer).
- a terminal e.g., device of the present invention
- program provider e.g., program developer and program producer
- the above-described programs are transmitted from a server to a terminal for sale, at least part of the programs may be loaded on a buffer of the server temporarily before being transmitted.
- the buffer of the server may be the non-transitory storage medium.
- the non-transitory computer-readable storage medium may store a program being executed by a terminal, which transmits a service request message including a tenant ID and a slice type provided by the application associated with the third party server to a CCNF unit, receives, if a limited data session is established by an NSI unit selected by the CCNF unit for authentication between the terminal and the third party server based on the service request message, a service response message including information on the limited data session from the NSI unit, and transmit an authentication request message for authenticating the terminal to the third party server through the limited data session based on the service response message.
- the non-transitory computer-readable storage medium may store a program being executed by an NSI unit, which receives a service request message from a terminal, establishes a limited data session for authentication between the terminal and a third party server based on the received service request message, and transmits a service response message including information on the limited data session to the terminal to assign the limited data session between the terminal and the third party server.
- an NSI unit which receives a service request message from a terminal, establishes a limited data session for authentication between the terminal and a third party server based on the received service request message, and transmits a service response message including information on the limited data session to the terminal to assign the limited data session between the terminal and the third party server.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Mobile Radio Communication Systems (AREA)
- Telephonic Communication Services (AREA)
Abstract
The present invention relates to a communication method for merging, with IoT technology, a 5G communication system for supporting a data transmission rate higher than that of a 4G system, and a system therefor. The present invention can be applied to an intelligent service (for example, smart home, smart building, smart city, smart car or connected car, healthcare, digital education, retail, security and safety related services, and the like) on the basis of a 5G communication technology and an IoT-related technology. The present invention provides a method by which a terminal requests authentication from a 3rd party server comprises the steps of: transmitting, to a common control function providing device (common control plane network function serving unit), a service request message including a tenant ID and a slice type provided by an application related to the 3rd party server; receiving a service response message including information on the limited data session from the network slice instance management device when a network slice instance management device (network slice instance unit) selected by the common function providing device generates a limited data session (limited packet data unit session) for authentication between the terminal and the 3rd party server on the basis of the service request message; and transmitting an authentication request message requesting authentication of the terminal through the limited data session to the 3rd party server on the basis of the service response message.
Description
- The present invention relates to a terminal, a method for authentication request between the terminal and a third party server, and a terminal and network slice management device; in particular, the present invention relates to a method for the network slice instance management device to assign a network for use in authentication between the terminal and the third party server.
- To meet the increased demand for wireless data traffic since the deployment of 4G communication systems, efforts have been made to develop an improved 5G or pre-5G communication system. Therefore, the 5G or pre-5G communication system is also called a “Beyond 4G Network” or a “Post LTE System”. Implementation of the 5G communication system in higher frequency (mmWave) bands, e.g., 60 GHz bands, is being considered in order to accomplish higher data rates. To decrease propagation loss of radio waves and increase the transmission distance, beamforming, massive multiple-input multiple-output (MIMO), Full Dimensional MIMO (FD-MIMO), array antenna, analog beam forming, and large scale antenna techniques are being discussed for the 5G communication system. In addition, in the 5G communication system, there are developments under way for system network improvement based on advanced small cells, cloud Radio Access Networks (RANs), ultra-dense networks, device-to-device (D2D) communication, wireless backhaul, moving network, cooperative communication, Coordinated Multi-Points (CoMP), reception-end interference cancellation, and the like. In the 5G system, Hybrid FSK and QAM Modulation (FQAM) and sliding window superposition coding (SWSC) as advanced coding modulation (ACM) and filter bank multi carrier (FBMC), non-orthogonal multiple access (NOMA), and sparse code multiple access (SCMA) as advanced access technology have been developed.
- The Internet, which is a human centered connectivity network where humans generate and consume information, is now evolving into the Internet of Things (IoT) where distributed entities, such as things, exchange and process information without human intervention. The Internet of Everything (IoE), which is a combination of IoT technology and Big Data processing technology through connection with a cloud server, has emerged. As technology elements, such as “sensing technology”, “wired/wireless communication and network infrastructure”, “service interface technology”, and “security technology” have been demanded for IoT implementation, recently there has been research into a sensor network, Machine-to-Machine (M2M) communication, Machine Type Communication (MTC), and so forth. Such an IoT environment may provide intelligent Internet technology services that create new values for human life by collecting and analyzing data generated among connected things. The IoT may be applied to a variety of fields including smart home, smart building, smart city, smart car or connected car, smart grid, health care, smart appliances, and advanced medical services through convergence and combination between existing Information Technology (IT) and various industrial applications.
- In line with these developments, various attempts have been made to apply the 5G communication system to IoT networks. For example, technologies such as a sensor network, Machine Type Communication (MTC), and Machine-to-Machine (M2M) communication may be implemented by beamforming, MIMO, and array antennas. Application of a cloud Radio Access Network (RAN) as the above-described Big Data processing technology may also be considered to be an example of convergence between the 5G technology and the IoT technology.
- Recent mobile communication systems employ various new technologies to meet requirements for rapidly increasing data traffic and diverse services. In order to meet such requirements, discussions are underway on 5G standards for next generation mobile communication systems capable of meeting such requirements. The 5G system is also referred to as a New Radio access technology (NR) system. The NR system aims to provide data services at a data rate of a few Gbps with an ultra-high bandwidth broader than the 100 MHz of the legacy LTE and LTE-A systems.
- For the 5G communication system, a next generation (NG) core network is newly defined.
- In the NG core network, a new concept of “network function” is introduced for virtualizing legacy network entities (NEs). Furthermore, the functionality of the mobility management entity (MME) is divided into a mobility management function and a session management function, and terminal mobility management varies with terminal usage type.
- Meanwhile, it is necessary for the 5G communication system to support various types of terminals. For example, the 5G communication system needs designing to support enhanced mobile broadband (eMBB), ultra-reliable low-latency communications (URLLC), and massive machine type communications (mMTC) services. In this case, the requirements for the NG core network to serve the terminals may vary with the type of the service to be provided to the terminal.
- For example, an eMBB communication service may require a high data rate while a URLLC communication may require a high reliability and low latency.
- In this respect, discussions are underway on a network slicing technology for supporting various services and terminals.
- The network slicing technology virtualizes a physical network to generate multiple logical networks. Here, network slice instances (NSIs), as the instances generated based on respective network slices, may have different service characteristics. That is, the NSIs may support different network functions suitable for respective service characteristics.
- That is, the 5G communication system is capable of supporting 5G communication services efficiently by assigning to a terminal an NSI suitable for the service characteristics required by the terminal
- In the case where the 5G communication system supports the network slicing technology, a network carrier may rent out sliced networks to mobile virtual network operators (MVNOs) or third party service (or content) providers to create extra profits. In this case, the NSIs are functionally isolated from each other so as to operate as independent networks.
- The third party service providers may provide the users subscribed to their services with improved quality of service (QoS) using the tenanted network slices. In this case, the third party service providers need to authenticate the terminals of the users subscribed to their services among the users attempting access to their services.
- The present invention aims to provide a method and device that is capable of authenticating a terminal in order for the user of the terminal to use an NSI created based on the network slice tenanted by a third party service provider.
- The objects of the present invention are not limited to the aforesaid, and other objects not described herein will be clearly understood by those skilled in the art from the descriptions below.
- In accordance with an aspect of the present invention, a method for a terminal to request to a third party server for authentication includes transmitting a service request message including a tenant identifier (ID) and a slice type provided by an application associated with the third party server to a common control plane network function serving unit, receiving, if a limited data session (limited packet data unit session) for authentication between the terminal and the third party server is established by a network slice instance management device (network slice instance unit) selected by the common control plane network function serving unit based on the service request message, a service response message including information on a limited data session from the network slice instance management device, and transmitting an authentication request message requesting for authentication on the terminal to the third party server through the limited data session based on the service response message.
- In accordance with another aspect of the present invention, a method for a network slice instance management device (network slice instance unit) to establish a data session includes receiving a service request message from a terminal, establishing a limited data session (limited packet data unit session) for authentication between the terminal and a third party server based on the received service request message, and transmitting a service response message including information on the limited data session to the terminal to assign the limited data session between the terminal and the third party server.
- In accordance with another aspect of the present invention, a terminal requesting to a third party server for authentication includes a communication unit configured to communicate with an external node, a storage unit configured to store a tenant identifier (ID) and a slice type, and a processor configured to control the communication unit to transmit a service request message including a tenant identifier (ID) and a slice type provided by an application associated with the third party server to a common control plane network function serving unit, receive, if a limited data session (limited packet data unit session) for authentication between the terminal and the third party server is established by a network slice instance management device (network slice instance unit) selected by the common control plane network function serving unit based on the service request message, a service response message including information on a limited data session from the network slice instance management device; and transmit an authentication request message requesting for authentication on the terminal to the third party server through the limited data session based on the service response message.
- In accordance with still another aspect of the present invention, a network slice instance management device (network slice instance unit) for establishing a data session includes a communication unit configured to communicate with an external node and a controller configured to control the communication unit to receive a service request message from a terminal, establish a limited data session (limited packet data unit session) for authentication between the terminal and a third party server based on the received service request message, and transmit a service response message including information on the limited data session to the terminal to assign the limited data session between the terminal and the third party server.
- The authentication method for use of a network slice according to the present invention is advantageous in terms of simplifying the authentication procedure between a terminal and a third party server.
- The present invention is advantageous in that only installing an application associated with a third party server on a terminal makes it possible to facilitate transmitting traffic of the installed application to the third party server.
- The present invention is also advantageous in that the third party server is capable of authenticating a user of a terminal for use of a network slice according to a legacy user authentication scheme. This makes it possible to simplify wireless communication network deployment scenarios and expect a cost reduction effect.
- The other effects may be explicitly or implicitly disclosed in the description of the embodiments of the present invention. That is, various effects expected from the present invention will become clear in the following description of the embodiments of the present invention.
-
FIG. 1 is a diagram illustrating a 5G wireless communication system according to an embodiment of the present invention; -
FIG. 2 is a block diagram illustrating a configuration of a terminal that requests to a third party server for authentication according to an embodiment of the present invention; -
FIG. 3 is a signal flow diagram illustrating a procedure for a UE to request to a third party server for authentication for use of a network slice according to an embodiment of the present invention; -
FIG. 4 is a block diagram illustrating a configuration of a UE in a wireless communication system according to an embodiment of the present invention; -
FIG. 5 is a block diagram illustrating a configuration of an NSI unit of a wireless communication system according to an embodiment of the present invention; -
FIG. 6 is a flowchart illustrating a procedure for a UE to request to a third party server for authentication in a wireless communication system according to an embodiment of the present invention; and -
FIG. 7 is a flowchart illustrating a procedure for an NSI unit to establish a data session in a wireless communication according to an embodiment of the present invention. - Exemplary embodiments of the present invention are described in detail with reference to the accompanying drawings. The same reference numbers are used throughout the drawings to refer to the same or like parts; detailed descriptions of well-known functions and structures incorporated herein may be omitted to avoid obscuring the subject matter of the present invention. Further, the following terms are defined in consideration of the functionality in the present invention and may vary according to the intention of a user or an operator, usage, etc. Therefore, the definition should be made on the basis of the overall content of the present specification.
- As used herein, the singular forms “a”, “an”, and “the” are intended to include the plural forms as well, unless the context clearly indicates otherwise.
- As used herein, ordinal terms such as “first,” “second,” etc. are used to describe various components; however, it is obvious that the components should not be defined by these terms. The terms are used only for distinguishing one component from another component. For example, a first component may be referred to as a second component and, likewise, a second component may also be referred to as a first component, without departing from the teaching of the inventive concept. Also, the expression “and/or” is taken as a specific invention of each and any combination of enumerated things.
- The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used herein, singular forms are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be understood that the terms “comprises” and/or “has” when used in this specification, specify the presence of a stated feature, number, step, operation, component, element, or a combination thereof, but they do not preclude the presence or addition of one or more other features, numbers, steps, operations, components, elements, or combinations thereof.
- The phrases “associated with” and “associated therewith” as well as derivatives thereof may mean to include, be included within, interconnect with, contain, be contained within, connect to or with, couple to or with, be communicable with, cooperate with, interleave, juxtapose, be proximate to, be bound to or with, have, have a property of, or the like.
- When it is described that a part is (functionally or communicably) “connected to” or “coupled to” another part, this may mean to include not only the case of “being directly connected to” but also the case of “being indirectly connected to” by interposing another device being interposed therebetween.
- When it is described that a first part transmits data to a second part, this may mean to include not only the case of delivering the data from the first part to the second part directly but also the case of delivering the data from the first part to the second part via another part (e.g., third part). For example, if it is expressed that a terminal transmits data to a core network, this may mean to include a situation where the terminal transmits the data to the core network via a base station or an access point (AP).
- Unless otherwise defined herein, all terms including technical or scientific terms used herein have the same meanings as commonly understood by those skilled in the art to which the present invention belongs. It will be further understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of the specification and relevant art and should not be interpreted in an idealized or overly formal sense unless expressly so defined herein.
- Before undertaking the detailed description of the present invention below, it may be advantageous to set forth definitions of certain words and phrases used throughout the specification. However, it should be noted that the words and phrases are not limited to the exemplary interpretations herein.
- The term “base station” denotes an entity allocating resources to terminals for communications therewith and may be interchangeably referred to as BS, node B (NB), evolved node B (eNB), next generation radio access network (NG RAN), radio access unit, base station controller, and a node on a network.
- The term “terminal (or communication terminal)” may denote an entity communicating with a base station or another terminal and may be interchangeably referred to as node, user equipment (UE), next generation UE (NG UE), mobile station (MS), mobile equipment (ME), and device.
- The terminal may include at least one of a smart phone, a tablet personal computer (PC), a mobile phone, a video phone, an e-book reader, a desktop PC, a laptop PC, a netbook computer, a Personal Digital Assistant (PDA), a portable Multimedia Player (PMP), an MP3 player, a medical device, a camera, and a wearable device. The terminal may also include at least one of a television (TV), a Digital Video Disk (DVD) player, an audio player, a refrigerator, an air conditioner, a cleaner, an oven, a microwave oven, a washing machine, an air cleaner, a set-top box, a home automation control panel, a security control panel, a media box (for example, Samsung HomeSync™, Apple TV™, or Google TV™), a game console (e.g., Xbox™ and PlayStation™), an electronic dictionary, an electronic key, a camcorder, and an electronic frame. The terminal may also include at least one of a medical device (such as portable medical measuring devices (including a glucometer, a heart rate monitor, a blood pressure monitor, and a body temperature thermometer), a Magnetic Resonance Angiography (MRA) device, a Magnetic Resonance Imaging (MRI) device, a Computed Tomography (CT) device, a camcorder, and a microwave scanner), a navigation device, a Global Navigation Satellite System (GNSS), an Event Data Recorder (EDR), a Flight Data Recorder (FDR), an automotive infotainment device, marine electronic equipment (such as marine navigation system and gyro compass), aviation electronics (avionics), security equipment, an automotive head unit, an industrial or household robot, a drone, an Automated Teller Machine (ATM), a Point Of Sales (POS) terminal, and an Internet-of-Things (IoT) device (such as electric bulb, sensor, sprinkler system, fire alarm system, temperature controller, street lamp, toaster, fitness equipment, hot water tank, heater, and boiler).
- The terminal may further include various types of multimedia systems having a communication function.
- Although the embodiments of the present invention are directed to the 5G wireless communication system, the present invention is applicable to other communication systems having a similar technical background. It will be also understood by those skilled in the art that the present invention can be applied to other communication systems, with a slight modification, without departing from the spirit and scope of the present invention.
-
FIG. 1 is a diagram illustrating a 5G wireless communication system according to an embodiment of the present invention. - In
FIG. 1 , theNG UE 101 denotes a terminal being served by the 5G wireless communication system, and theNG RAN 103 denotes a base station performing wireless communication with the UE in the 5G wireless communication system. The common control plane network function (CCNF) 105 is connected with theNG RAN 103 to process control messages for management of theNG UE 101 and manages mobility of theNG UE 101. TheCCNF 105 may have a network function set including network functions available in common for the NSIs created based on the network slices 110, 120, and 130 among the network control functions (control plane network functions). - For example, the common network functions may include a mobility management network function MM NF, an authentication/authorization NF, an NSI selector NF, and a non-access stratum routing NF (NAS routing NF). Among them, the NSI selector NF may be a network function for selecting the best NSI for providing the service requested by the
UE 101. The NAS routing NF may be responsible for routing an NAS signal from theUE 101 to a proper NSI. - The
subscriber repository 107 may receive subscriber information to authenticate theUE 101 and include subscription information for providing a QoS policy. - The NSIs created for use of the respective network slices 110, 120, and 130 may include respective control plane NFs (CP NFs) 131 a to 131 n and user plane NFs (UP NFs). The CP NF is responsible for session management to establish, modify, and release a session for a service. The UP NF may manage a service data transmission to the
data network 140 via IP address assignment. - In
FIG. 1 , the UE 1010 may connect to multiple NSIs. That is, there may be multiple reference points. - For example, the
NG 1interface 151 is an interface established between theUE 101 and the CP NF and may be similar in role to the interface for NAS signaling in the legacy LTE communication network. TheNG 2interface 152 is an interface established between theRAN 103 and the CP NF and may be similar in role to the interface for S1-MME signaling in the legacy LTE communication network. TheNG 3interface 153 is an interface established between theRAN 103 and the UP NF and may be similar in role to the S1-U bearer interface in the legacy LTE communication network. - In this case, the signaling over the
NG 1interface 151 and theNG 2interface 152 may access the Per NSI CP NFs via theCCNF 105, and theNG 3interface 153 may provide direct connections from theRAN 103 to per-NSI UP NFs. - In the following description, a device responsible for the CCNF is referred to as a common control function provision device (CCNF unit), a device responsible for NSI function as a network slice instance management device (NSI), a device responsible for CP NF as a network session management device (CP NF unit), and a device responsible for UP NF as a network data management device (UP NF unit), for convenience of explanation.
- Here, the term “device” may be a unit of software, hardware, firmware, or any combination thereof; for example, the term “module” may be interchangeably used with the terms “unit”, “logic”, “logical block”, “component”, or “circuit”. At least part of the device may be implemented in the form of a program module with commands stored in a computer-readable storage medium. The device may also include an Application-Specific Integrated Circuit (ASIC) chip, Field-Programmable Gate Arrays (FPGAs), and a Programmable-Logic Device known or to be developed for certain operations.
- It may be possible to integrate at least two devices into one device. In this case, the integrated devices may be implemented as hardware, software, or firmware modules as parts of one device. For example, the NSI management device (NSI unit) may include the network session management device (CP NF unit) and the network data management device (UP NF unit) implemented as software modules as parts of the NSI management device (NSI unit).
-
FIG. 2 is a block diagram illustrating a configuration of a terminal that requests to a third party server for authentication according to an embodiment of the present invention. - In
FIG. 2 , athird party application 201 associated with the third party server may be installed on theNG UE 200. Thethird party application 201 associated with the third party server may be installed for use of a network slice tenanted by a third party service provider operating the third party server. - The
third party application 201 may be provided by the third party service provider or an application provider cooperating with one or more third party service providers. For example, if the third party server being operated by the third part service provider is a social network server (SNS) server, the application may be an application associated with the SNS server. - The
third party application 201 may be installed on theUE 200 along with a tenant identifier (ID) for use in identifying the third party service provider providing the application and a slice type specifying service requirements. The slice type may include information on the usage or type of data, which indicates whether the data are multimedia data or IoT data by way of example. - In this case, if the
third party application 201 is installed on theUE 200 along with the tenant ID and slice type, this means that the tenant ID and slice type are stored in theUE 200 in association with or in binding with the application upon detection of a predetermined event during, right after, or since the installation of thethird party application 201. - If the
third party application 201 is installed, the tenant ID and slice type may be sent to a communication processor (CP) 205 via an application processor (AP) 203, the tenant ID and slice type being transmitted to a communication network via control signaling. - In this case, the third party service provider may have per-operator tenant IDs and slice types, which are determined based on the public land mobile network identifiers (PLMN IDs) of the operators subscribed to by the UE and sent to the
CP 205. - In the case where the
third party application 201 is installed or executed on theUE 200 or generates an event triggering a third party service (e.g., event occurring when the user selects a wireless communication connection UI), the CP may transmit a service request message including the tenant ID and slice type to a CCNF unit. - Next, if the CCNF unit selects an NSI unit based on the tenant ID and slice type, the
UE 200 may transmit traffic of thethird party application 200 to the third party server through a data session established by the NSI unit. - As described above, the UE is capable of using the network slice tenanted by the third party service provider only with the operation of installing the application associated with the third party server. That is, the user only needs to install the application for the traffic of the installed application to be transmitted to the third party server through the network slice.
- According to various embodiments, the tenant ID and slice type may be acquired from the third party server. For example, in the case where the application associated with the third party server is installed, the UE may request to the third party server for the tenant ID and slice type. If the third party server transmits the tenant ID and slice type in response to the request from the UE, the UE may use the network slice tenanted by the third party service provider based on the received tenant ID and the slice type.
-
FIG. 3 is a signal flow diagram illustrating a procedure for a UE to request to a third party server for authentication for use of a network slice according to an embodiment of the present invention. - In
FIG. 3 , the wireless communication system may include aUE 301, aRAN 302, a CCNF unit (serving CCNF unit or CCNF serving unit) 303, an NSI unit (core NSI tenanted by 3rd party) 304, a CP NF unit (Slice CP NF unit), an UP NF unit (Slice UP NF unit), and athird party server 307. Here, thethird party server 307 is a third party service-related server for providing the third party service or performing user authentication for providing the third party service. - In this case, the
UE 301 may be in the state of being previously attached to the communication operator network. TheUE 301 may also be in the state of being authenticated by the communication operation and assigned a UE ID. TheUE 301 may also be in the state of having an application associated with thethird party server 307 installed and the tenant ID and slice type along with the application. - At
steps UE 301 may transmit a new service request message to thecommunication network 301. For example, if the application associated with the third party server is installed or executed or generates an event triggering a third party service, theUE 301 may transmit the new service request message. As described above, the new service request message may include the tenant ID, the slice type, and a previously assigned UE ID because the third party application, tenant ID, and slice type are associated with each other. - In detail, the
UE 301 transmits the new service request message to theRAN 302 atstep 311, and the RAN relays the new service request message to theCCNF unit 303 atstep 312. - At
step 313, theCCNF unit 303 may select anNSI unit 305 suitable for the received tenant ID and slice type by means of an NSI selector NF. - At
step 314, theCCNF unit 303 may relay the new service request message to theNSI unit 304. - The
NSI unit 304 may establish a limited data session for authentication between theUE 301 and thethird party server 307 to transmit traffic for authentication based on the new service request message. The limited data session may be a data session with a limited bandwidth and HTTP redirection. - That is, the
UE 301 may need to pass an authentication process of the third party service provider in addition to the authentication process of the communication operator in order to use theNSI unit 304 leased by the third party service provider. Alternatively, if the third party service provider has not leased theNSI unit 304, the authentication process may not be performed. - In detail, the
CP NF unit 305 of theNSI unit 304 may send a session creation request message to theUP NF unit 306 atstep 315. The session creation request message may include a UE ID, a data session identifier (packet data unit (PDU) session ID), and a policy and charging control (PCC) rule predefined properly for the limited session. - Here, the PCC rule may include limited bandwidth and HTTP redirection information. For use in authentication of the
UE 301, the data session may need to be established as a limited packet data unit session. For this purpose, the data session is limited in traffic bandwidth to a predetermined bandwidth (e.g., 64 kbps), and the HTTP redirection is configured such that all traffic is oriented to the third party server. That is, theUE 301 may only be authenticated only through the data session (PDU session). - At
step 316, theUP NF unit 306 may send a session creation response message to theCP NF unit 305 in reply to the session creation request message. The session creation response message may include the UE ID and UE Internet protocol (IP) address. - At
step 317, theCP NF unit 305 may transmit to the UE 301 a new service response message including information related to the limited data session in reply to the new service request message transmitted atstep 314 so as to establish the limited session for authentication between theUE 301 and thethird party server 307. Transmitting the new service response message to theUE 301 may include transmitting the new service response message to theUE 301 via theRAN 302. - For example, the information related to the limited data session may include a UE ID, a UE IP address, a tenant ID, a slice type, a data session identifier, and a predetermined QoS profile.
- As a consequence, the limited data session may be established between the
UE 301 and thethird party server 307 atstep 318. - If the session is established, the UE 301 (third party application 301-1 installed on the UE 301) may connect to the
third party server 307 for user authentication. In this case, the user authentication may be performed in compliance with a predefined authentication scheme. For example, examples of the authentication scheme may include a credential authentication scheme, a public key/private key pair authentication scheme, a certificate authentication scheme, a private information authentication scheme, and an ID/password authentication scheme. That is, thethird party server 307 may directly perform authentication on the UE based on a legacy authentication scheme. - In detail, if the limited data session is established, the third party application 301-1 may transmit, at
step 319, a third party service request message as an authentication request message for authentication of theUE 301 to thethird party server 307 through the limited data session. The third party service request message may include an identifier of the user of theUE 301, a password, and a network identifier (PLMN ID). User authentication may be performed between theUE 301 and thethird party server 307 atstep 320 based on the third party service request message. - If the user authentication succeeds, the
third party server 307 may transmit a service response message as an authentication response message to the third party application 301-1 atstep 321. The service response message may include a token containing a PCC rule as an update rule to be applied to theUE 301 and a temporary identifier. - At
step 322, thethird party server 307 may transmit to the CP NF unit 305 a service authentication server result message including the token transmitted to theUE 301. - At
step 323, theUE 301 may transmit a service authentication application result method including the token to theCP NF unit 305. - The
CP NF unit 305 may identify the right of theUE 301 for use of theNSI unit 304 based on the service authentication server result message received form thethird party server 307 and the service authentication application result message received from theUE 301 and update the temporarily-established limited data session based on the PCC rule included in the token provided by the third party server. - In detail, if the
CP NF unit 305 sends, atstep 324, a message including the PCC rule for updating the data session, a data session identifier, and a UE identifier to theUP NF unit 306, and theUP NF unit 306 may update the previously established data session based on the PCC rule. - As a consequence, the updated data session is assigned between the
UE 301 and thethird party server 307 atstep 325. - For example, if the traffic bandwidth available for the user of the
UE 301 in the communication operator network during the previously established data session is 50 Mbps, it may be updated to 100 Mbps in the data session updated based on the new PCC rule. - Both the third party application 301-1 and the
CP NF unit 305 may store the token received from thethird party server 307. - The token may include a timer. The
UE 301 may use the previously authenticatedNSI unit 304 until the timer expires. In this case, any additional authentication process between theUE 301 and thethird party server 307 may be omitted. - Because the PCC rule is stored in the
CP NF unit 305, a new data session may be established to be appropriate for use of the third party service based on the PCC rule. -
FIG. 4 is a block diagram illustrating a configuration of a UE in a wireless communication system according to an embodiment of the present invention. - As shown in the drawing, the UE includes a radio frequency (RF)
processor 410, abaseband processor 420, astorage unit 440, and acontroller 450. - The
RF processor 410 has a function for transmitting/receiving a signal over a radio channel such as band conversion and amplification of the signal. That is, theRF processing unit 410 up-converts a baseband signal from thebaseband processor 420 to an RF band signal and transmits the RF signal via an antenna and down-converts the RF signal received via the antenna to a baseband signal. For example, theRF processor 410 may include a transmission filter, a reception filter, an amplifier, a mixer, an oscillator, a digital-to-analog converter (DAC), and an analog-to-digital converter (ADC). Although one antenna is depicted in the drawing, the UE may be provided with a plurality of antennas. TheRF processor 410 may also include a plurality of RF chains. TheRF processor 410 may perform beamforming For beamforming, theRF processor 410 may adjust the phase and size of a signal to be transmitted/received by means of the antennas or antenna elements. TheRF processor 410 may be configured to perform a MIMO operation through which the UE can receive multiple layers simultaneously. TheRF processor 410 may perform a reception beam sweeping operation by properly configuring the antennas or antenna elements and adjust reception beam direction and beamwidth such that the reception beam is aligned with the corresponding transmission beam. - The
baseband processor 420 has a baseband signal-bit string conversion function according to a physical layer standard of the system. For example, in a data transmission mode, thebaseband processor 420 performs encoding and modulation on the transmission bit string to generate complex symbols. In a data reception mode, thebaseband processor 420 performs demodulation and decoding on the baseband signal from theRF processor 410 to recover the transmitted bit string. In the case of using an OFDM scheme for data transmission, thebaseband processor 420 performs encoding and modulation on the transmission bit string to generate complex symbols, maps the complex symbols to subcarriers, performs inverse fast Fourier transform (IFFT) on the symbols, and inserts a cyclic prefix (CP) into the symbols to generate OFDM symbols. In the data reception mode, thebaseband processor 420 splits the baseband signal from theRF processor 410 into OFDM symbols, perform fast Fourier transform (FFT) on the OFDM symbols to recover the signals mapped to the subcarriers, and performs demodulation and decoding on the signals to recover the transmitted bit string. - The
baseband processor 420 and theRF processor 410 process the transmission and reception signals as described above. Accordingly, thebaseband processor 420 and theRF processor 410 may be referred to as a transmitter, a receiver, a transceiver, or acommunication unit 430. Thecommunication unit 430 may communicate with an external node. The external node may be the NG RAN, CCNF unit, NSI unit, or third party server of the present invention by way of example; if thecommunication unit 430 communicates with an external node, this may include that thecommunication unit 430 communicates with the external node via an intermediate medium. For example, if thecommunication unit 430 communicates with the CCNF unit, this may include that thecommunication unit 430 communicates with the CCNF unit via the NG RAN. Alternatively, if thecommunication unit 430 communicates with the third party server, this may include that thecommunication unit 430 communicates with the third party server via the NG RAN and the NSI unit. - At least one of the
baseband processor 420 and theRF processor 410 may include a plurality of communication modules for supporting different radio access technologies. At least one of thebaseband processor 420 and theRF processor 410 may also include multiple communication modules for processing the signals in different frequency bands. For example, the different radio access technologies may include an LTE network and an NR network. The different frequency bands may include a super high frequency (SHF) band (e.g., 2.5 GHz and 5 GHz bands) and an mmWave band (e.g., 60 GHz). - The
storage unit 440 may store data such as basic programs for operation of the UE, application programs, and setting information. Thestorage unit 440 may provide the stored data in response to a request from thecontroller 450. Thestorage unit 440 may include an internal memory and an external memory by way of example. The internal memory may include at least one of a volatile memory (e.g., DRAM, SRAM, and SDRAM), a non-volatile memory (e.g., one time programmable ROM (OTPROM)), PROM, EPROM, EEPROM, mask ROM, flash ROM, flash memory, a hard drive, and a solid state drive (SSD) by way of example. The external memory may include a flash drive such as compact flash (CF), secure digital (SD), Micro-SD, Mini-SD, extreme digital (xD), multimedia card (MMC), and memory stick. The external memory may be functionally or physically connected to the UE via various interfaces. - In the present invention, an application associated with the third party server is installed, and the
storage unit 440 may store a tenant ID and a slice type in association with the application. - The
controller 450 controls overall operations of the UE. For example, thecontroller 440 controls thecommunication unit 430 to transmit and receive signals. Thecontroller 450 also writes and reads data to and from thestorage unit 440. For this purpose, thecontroller 450 may include at least one processor. For example, thecontroller 450 may include a communication processor (CP) for controlling communications and an application processor (AP) for controlling higher layer programs such as applications. - According to various embodiments, the
controller 450 may control thecommunication unit 430 to transmit a service request message including the tenant ID and slice type being provided by the application associated with the third party server to the CCNF unit. If a limited data session for authentication between the UE and the third party server is established by the NSI unit selected by the CCNF unit, thecontroller 450 may control thecommunication unit 430 to receive a service response message including information on the limited data session from the NSI unit. Thecontroller 450 may also control thecommunication unit 430 to transmit an authentication request message for requesting authentication on the UE to the third party server through the limited data session based on the service response message. - According to various embodiments, the tenant ID and slice type may be stored in the UE in association with an application while the application is installed in the UE.
- According to various embodiments, in the case where the
controller 450 is configured to control thecommunication unit 430 to transmit the service request message, if the third party application is installed or executed on the UE or generates an event triggering a third party service, the controller controls the communication unit to transmit the service request message to the CCNF unit via the NG RAN. - According to various embodiments, if the UE is authenticated, the
controller 450 may control thecommunication unit 430 to receive an authentication response message including a token from the third party server. - According to various embodiments, the
controller 450 may control thecommunication unit 430 to transmit a service authentication result message including the token to the NSI unit and forward the traffic of the application to the third party server through the data session updated based on the service authentication result message. - According to various embodiments, at least one of the tenant ID and the slice type may be determined based on the network identifier (PLMN ID) of the communication operator subscribed to by the UE.
-
FIG. 5 is a block diagram illustrating a configuration of an NSI unit of a wireless communication system according to an embodiment of the present invention. - As shown in the drawing, the NSI unit includes a
communication unit 510 and acontroller 520. - The
communication unit 510 may communicate with an external node. The external node may be the NG RAN, CCNF unit, NSI unit, or third party server of the present invention by way of example; if thecommunication unit 510 communicates with an external node, this may include that thecommunication unit 430 communicates with the external node via an intermediate medium. For example, if thecommunication unit 510 communicates with a UE, this may include that thecommunication unit 510 communicates with the UE via an NG RAN. - A storage unit (not shown) stores data such as basic programs for operation of the NSI unit, application programs, and setting information. The storage unit (not shown) may provide the stored data in response to a request from the
controller 520. The storage unit (not shown) may include an internal memory and an external memory by way of example. The internal memory may include at least one of a volatile memory (e.g., DRAM, SRAM, and SDRAM), a non-volatile memory (e.g., one time programmable ROM (OTPROM)), PROM, EPROM, EEPROM, mask ROM, flash ROM, flash memory, a hard drive, and a solid state drive (SSD) by way of example. The external memory may include a flash drive such as compact flash (CF), secure digital (SD), Micro-SD, Mini-SD, extreme digital (xD), multimedia card (MMC), and memory stick. The external memory may be functionally or physically connected to the NSI unit via various interfaces. - The
controller 520 controls overall operations of the NSI unit. For example, thecontroller 520 controls thecommunication unit 510 to transmit and receive signals. Thecontroller 520 also writes and reads data to and from the storage unit (not shown). For this purpose, thecontroller 520 may include at least one processor. For example, thecontroller 520 may include a communication processor (CP) for controlling communications and an application processor (AP) for controlling higher layer programs such as applications. - According to various embodiments, the
controller 520 may control thecommunication unit 510 to receive a service request message from the UE. Thecontroller 520 may establish a limited data session for authentication between the UE and the third party server based on the received service request message. Thecontroller 520 may also control thecommunication unit 510 to transmit a service response message including information on the limited data session to the UE for assigning the limited data session. - According to various embodiments, if the authentication is achieved between the UE and the third party server through the limited data session, the
controller 520 may control thecommunication unit 510 to receive a service authentication result message including an update rule from the third party server. Thecontroller 520 may also establish an updated data session based on the update rule. - According to various embodiments, if the controller is configured to control the
communication unit 510 to receive a service request message from the UE in the wireless communication system, it may control thecommunication unit 510 to receive the service request message from the UE via a CCNF unit selected by the NSI. - According to various embodiments, if the
controller 520 is configured to establish a session for authentication between the UE and the third party server, it may control the CP NF unit to send a session creation request message to a UP NF unit based on the service request message. Thecontroller 520 may also control the UP NF unit to send a session creation response message to the CP NF unit in reply to the session creation request message. -
FIG. 6 is a flowchart illustrating a procedure for a UE to request to a third party server for authentication in a wireless communication system according to an embodiment of the present invention. - At
step 601, the UE may first transmit to a CCNF unit a service request message including a tenant ID and a slice type provided by an application associated with the third party server. - Here, the tenant ID and slice type may be stored in the UE in association with the application while the application is being installed on the UE. At least one of the tenant ID and the slice type may be determined based on a network ID (PLMN ID) of the communication operator previously subscribed to by the UE.
- In the case of being configured to transmit the service request message, the UE may transmit the service request message to a CCNF unit via a GN RAN, if the third party application is installed or executed on the UE or generates an event triggering a third party service.
- If a limited data session for authentication between the UE and the third party server is established by the NSI unit selected by the CCNF unit, the UE may receive a service response message including information on the limited data session from the NSI unit at
step 603. - Next, the UE may transmit an authentication request message for authentication on the UE to the third party server, at
step 605, through the limited data session based on the service response message. - If the UE is authenticated, it may receive an authentication response message including a token from the third party server.
- Next, the UE may transmit a service authentication result message including the token to the NSI unit. Then, the UE may transmit traffic of the application to the third party server via the data session updated based on the service authentication result message.
-
FIG. 7 is a flowchart illustrating a procedure for an NSI unit to establish a data session in a wireless communication according to an embodiment of the present invention. - At
step 701, the NSI unit may first receive a service request message from a UE. In this case, the NSI unit may receive the service request message from the UE via a CCNF that has selected the NSI. - Next, the NSI unit may establish a limited data session for authentication between the UE and the third party server at
step 703. - For example, a CP NF unit of the NSI unit may send a session creation request message to a UP NF unit of the NSI unit based on the service request message. In response to the session creation request message, the UP NF unit may send the CP NF unit a session creation response message including information on the established data session.
- Next, the NSI unit may transmit a service response message including the information on the limited data session to the UE, at
step 705, for assigning the limited data session between the UE and the third party server. - If the authentication is achieved between the UE and the third party server through the limited data session, the NSI unit may receive a service authentication result message including an update rule from the third party server. The NSI unit may establish a data session updated based on the updated rule.
- As a consequence, the UE may transmit traffic of the application to the third party server through the updated data session.
- According to an embodiment of the present invention, at least part of the components (e.g. modules or their functions) of the wireless communication system or methods (e.g., operations) may be implemented in the form of program modules stored in a non-transitory computer-readable storage medium. In the case that the instructions are executed by a processor, the processor may execute the functions corresponding to the instructions.
- Here, a program may be stored in a non-transitory computer-readable storage medium and read and executed by a computer according to an embodiment of the present invention.
- Here, non-transitory storage media may include volatile and non-volatile memories storing data temporarily for operation or transmission such as a resistor, a cache, and a buffer as well as media storing data readable by a device semi-persistently. However, temporary transmission media such as signals and current are not included in the non-transitory storage media.
- In detail, the above described programs may be provided in the state of being stored in a non-transitory computer-readable storage medium such as CD, DVD, hard disk, blu-ray disk, USB, internal memory of the device of the present invention, memory card, ROM, and RAM.
- The above-described programs may also be stored in a memory of a server and transmitted to a terminal (e.g., device of the present invention) connected to server through a network for sale or transferred or registered to the server by a program provider (e.g., program developer and program producer).
- In the case where the above-described programs are transmitted from a server to a terminal for sale, at least part of the programs may be loaded on a buffer of the server temporarily before being transmitted. In this case, the buffer of the server may be the non-transitory storage medium.
- According to an embodiment, the non-transitory computer-readable storage medium may store a program being executed by a terminal, which transmits a service request message including a tenant ID and a slice type provided by the application associated with the third party server to a CCNF unit, receives, if a limited data session is established by an NSI unit selected by the CCNF unit for authentication between the terminal and the third party server based on the service request message, a service response message including information on the limited data session from the NSI unit, and transmit an authentication request message for authenticating the terminal to the third party server through the limited data session based on the service response message.
- According to an embodiment, the non-transitory computer-readable storage medium may store a program being executed by an NSI unit, which receives a service request message from a terminal, establishes a limited data session for authentication between the terminal and a third party server based on the received service request message, and transmits a service response message including information on the limited data session to the terminal to assign the limited data session between the terminal and the third party server.
- Although the description has been made with reference to particular embodiments, the present invention can be implemented with various modifications without departing from the scope of the present invention. Thus, the present invention is not limited to the particular embodiments disclosed and will include the following claims and their equivalents.
Claims (15)
1. A method for a terminal to request to a third party server for authentication, the method comprising:
transmitting a service request message including a tenant identifier (ID) and a slice type provided by an application associated with the third party server to a common control plane network function serving unit;
receiving, if a limited data session (limited packet data unit session) for authentication between the terminal and the third party server is established by a network slice instance management device (network slice instance unit) selected by the common control plane network function serving unit based on the service request message, a service response message including information on a limited data session from the network slice instance management device; and
transmitting an authentication request message requesting for authentication on the terminal to the third party server through the limited data session based on the service response message.
2. The method of claim 1 , wherein the tenant ID and the slice type are stored in the terminal in association with the application while the application is installed on the terminal.
3. The method of claim 1 , wherein transmitting the service request message comprises transmitting, if the application is installed or executed on the terminal or an event for receiving a third party service via the application occurs, the service request message to the common control plane network function serving unit via a base station.
4. The method of claim 1 , further comprising:
receiving, if the terminal is authenticated, an authentication response message including a token from the third party server;
transmitting a service authentication result message including the token to the network slice instance management device; and
transferring traffic of the application to the third party server through a data session updated based on the service authentication result message,
wherein at least one of the tenant ID and the slice type is determined based on a network identifier (public land mobile network ID) of a communication operator subscribed to by the terminal.
5. A method for a network slice instance management device (network slice instance unit) to establish a data session, the method comprising:
receiving a service request message from a terminal;
establishing a limited data session (limited packet data unit session) for authentication between the terminal and a third party server based on the received service request message; and
transmitting a service response message including information on the limited data session to the terminal to assign the limited data session between the terminal and the third party server.
6. The method of claim 5 , further comprising:
receiving, if the authentication between the terminal and the third party server succeeds through the limited data session, a service authentication result message including an update rule from the third party server; and
establishing an updated data session based on the update rule.
7. The method of claim 5 , wherein receiving the service request message from the terminal of the wireless communication system comprises receiving the service request message from the terminal via a common control plane network function serving unit that has selected the network slice instance management device.
8. The method of claim 5 , wherein establishing the limited data session for authentication between the terminal and the third party server comprises:
sending a session creation request message from a network session management device (core plane network function unit) of the network slice instance management device to a network data management unit (user plane network function unit) of the network slice instance management device based on the service request message; and
sending a session creation response message from the network data management unit to the network session management device in response to the session creation request message.
9. A terminal requesting to a third party server for authentication, the terminal comprising:
a communication unit configured to communicate with an external node;
a storage unit configured to store a tenant identifier (ID) and a slice type; and
a processor configured to:
control the communication unit to transmit a service request message including a tenant identifier (ID) and a slice type provided by an application associated with the third party server to a common control plane network function serving unit,
receive, if a limited data session (limited packet data unit session) for authentication between the terminal and the third party server is established by a network slice instance management device (network slice instance unit) selected by the common control plane network function serving unit based on the service request message, a service response message including information on a limited data session from the network slice instance management device, and
transmit an authentication request message requesting for authentication on the terminal to the third party server through the limited data session based on the service response message.
10. The terminal of claim 9 , wherein the tenant ID and the slice type are stored in the terminal in association with the application while the application is installed on the terminal.
11. The terminal of claim 9 , wherein the controller is configured to control the communication unit to transmit, if the application is installed or executed on the terminal or an event for receiving a third party service via the application occurs, the service request message to the common control plane network function serving unit via a base station.
12. The terminal of claim 9 ,
wherein the controller is configured to:
control the communication unit to receive, if the terminal is authenticated, an authentication response message including a token from the third party server,
transmit a service authentication result message including the token to the network slice instance management device, and
transfer traffic of the application to the third party server through a data session updated based on the service authentication result message,
wherein at least one of the tenant ID and the slice type is determined based on a network identifier (public land mobile network ID) of a communication operator subscribed to by the terminal.
13. A network slice instance management device (network slice instance unit) for establishing a data session, the network slice instance management device comprising:
a communication unit configured to communicate with an external node; and
a controller configured to:
control the communication unit to receive a service request message from a terminal,
establish a limited data session (limited packet data unit session) for authentication between the terminal and a third party server based on the received service request message, and
transmit a service response message including information on the limited data session to the terminal to assign the limited data session between the terminal and the third party server.
14. The network slice instance management device of claim 13 , wherein the controller is configured to control the communication unit to receive, if the authentication between the terminal and the third party server succeeds through the limited data session, a service authentication result message including an update rule from the third party server and establish an updated data session based on the update rule.
15. The network slice instance management device of claim 13 , wherein the controller is configured to control the communication unit to receive the service request message from the terminal via a common control plane network function servicing unit that has selected the network slice instance unit, a network session management device (core plane network function unit) of the network slice instance management device to send a session creation request message to a network data management unit (user plane network function unit) of the network slice instance management device based on the service request message, and the network data management unit to send a session creation response message to the network session management device in response to the session creation request message.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US16/327,205 US20190191309A1 (en) | 2016-08-22 | 2017-08-21 | Method for requesting authentication between terminal and 3rd party server in wireless communication system, terminal therefor, and network slice instance management device |
Applications Claiming Priority (5)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US201662377866P | 2016-08-22 | 2016-08-22 | |
KR1020160164157A KR102633995B1 (en) | 2016-08-22 | 2016-12-05 | Method and apparatus for requesting authorization between terminal and third party in wireless communication system |
KR10-2016-0164157 | 2016-12-05 | ||
PCT/KR2017/009102 WO2018038489A1 (en) | 2016-08-22 | 2017-08-21 | Method for requesting authentication between terminal and 3rd party server in wireless communication system, terminal therefor, and network slice instance management device |
US16/327,205 US20190191309A1 (en) | 2016-08-22 | 2017-08-21 | Method for requesting authentication between terminal and 3rd party server in wireless communication system, terminal therefor, and network slice instance management device |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/KR2017/009102 A-371-Of-International WO2018038489A1 (en) | 2016-08-22 | 2017-08-21 | Method for requesting authentication between terminal and 3rd party server in wireless communication system, terminal therefor, and network slice instance management device |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US17/127,123 Continuation US11758397B2 (en) | 2016-08-22 | 2020-12-18 | Method for requesting authentication between terminal and 3rd party server in wireless communication system, terminal therefor, and network slice instance management device |
Publications (1)
Publication Number | Publication Date |
---|---|
US20190191309A1 true US20190191309A1 (en) | 2019-06-20 |
Family
ID=61726763
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US16/327,205 Abandoned US20190191309A1 (en) | 2016-08-22 | 2017-08-21 | Method for requesting authentication between terminal and 3rd party server in wireless communication system, terminal therefor, and network slice instance management device |
US17/127,123 Active US11758397B2 (en) | 2016-08-22 | 2020-12-18 | Method for requesting authentication between terminal and 3rd party server in wireless communication system, terminal therefor, and network slice instance management device |
Family Applications After (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US17/127,123 Active US11758397B2 (en) | 2016-08-22 | 2020-12-18 | Method for requesting authentication between terminal and 3rd party server in wireless communication system, terminal therefor, and network slice instance management device |
Country Status (4)
Country | Link |
---|---|
US (2) | US20190191309A1 (en) |
EP (1) | EP3499796A4 (en) |
KR (1) | KR102633995B1 (en) |
CN (1) | CN109644133A (en) |
Cited By (28)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20180139107A1 (en) * | 2016-11-14 | 2018-05-17 | Huawei Technologies Co., Ltd. | Creation and modification of shareable slice instances |
US20200053562A1 (en) * | 2017-03-21 | 2020-02-13 | Lg Electronics Inc. | Session management method and smf node |
US10785652B1 (en) | 2019-09-11 | 2020-09-22 | Cisco Technology, Inc. | Secure remote access to a 5G private network through a private network slice |
US20200329372A1 (en) * | 2016-04-27 | 2020-10-15 | Nec Corporation | Key derivation method, communication system, communication terminal, and communication device |
US10834669B2 (en) | 2019-02-22 | 2020-11-10 | Vmware, Inc. | Stateful network slice selection using replay of connection handshake |
US10939369B2 (en) * | 2019-02-22 | 2021-03-02 | Vmware, Inc. | Retrieval of slice selection state for mobile device connection |
US10980084B2 (en) * | 2018-02-15 | 2021-04-13 | Huawei Technologies Co., Ltd. | Supporting multiple QOS flows for unstructured PDU sessions in wireless system using non-standardized application information |
US20210120409A1 (en) * | 2018-04-05 | 2021-04-22 | Nokia Technologies Oy | User authentication in first network using subscriber identity module for second legacy network |
US11006004B2 (en) | 2017-08-11 | 2021-05-11 | Samsung Electronics Co., Ltd. | Manual roaming and data usage rights |
US11024144B2 (en) | 2019-02-22 | 2021-06-01 | Vmware, Inc. | Redirecting traffic from mobile device to initial slice selector for connection |
US11083028B2 (en) | 2017-03-31 | 2021-08-03 | Telefonaktiebolaget Lm Ericsson (Publ) | Coordinated selection of user plane functions in core and radio access networks |
US11108643B2 (en) | 2019-08-26 | 2021-08-31 | Vmware, Inc. | Performing ingress side control through egress side limits on forwarding elements |
US11146964B2 (en) | 2019-02-22 | 2021-10-12 | Vmware, Inc. | Hierarchical network slice selection |
US11246087B2 (en) | 2019-02-22 | 2022-02-08 | Vmware, Inc. | Stateful network slice selection using slice selector as connection termination proxy |
US11296957B2 (en) * | 2017-03-19 | 2022-04-05 | Huawei Technologies Co., Ltd. | Network slice management method, unit, and system |
US20220117015A1 (en) * | 2019-01-14 | 2022-04-14 | Idac Holdings, Inc. | Methods and wireless transmit/receive units for supporting virtual machine migration |
US11310868B2 (en) * | 2017-03-31 | 2022-04-19 | Telefonaktiebolaget Lm Ericsson (Publ) | Application topology aware user plane selection in NR and 5GC |
CN114521004A (en) * | 2020-11-19 | 2022-05-20 | 中国移动通信集团有限公司 | Data transmission method, device, equipment and storage medium |
US11382163B2 (en) * | 2017-12-19 | 2022-07-05 | At&T Intellectual Property I, L.P. | Instantiating intelligent service delivery parameters within protected hardware |
US11483762B2 (en) | 2019-02-22 | 2022-10-25 | Vmware, Inc. | Virtual service networks |
US11490327B2 (en) * | 2017-07-31 | 2022-11-01 | Huawei Technologies Co., Ltd. | Method, device, and system for deploying network slice |
US11528328B2 (en) * | 2017-12-15 | 2022-12-13 | Nokia Technologies Oy | Stateless network function support in the core network |
US11540287B2 (en) | 2021-03-05 | 2022-12-27 | Vmware, Inc. | Separate IO and control threads on one datapath Pod of a RIC |
US11558355B2 (en) * | 2018-02-26 | 2023-01-17 | Mcafee, Llc | Gateway with access checkpoint |
WO2023099011A1 (en) * | 2021-12-03 | 2023-06-08 | Telefonaktiebolaget Lm Ericsson (Publ) | Assigning a network slice to a tenant using tenant information |
US11836551B2 (en) | 2021-03-05 | 2023-12-05 | Vmware, Inc. | Active and standby RICs |
US11838176B1 (en) | 2022-12-19 | 2023-12-05 | Vmware, Inc. | Provisioning and deploying RAN applications in a RAN system |
US20240121702A1 (en) * | 2017-08-09 | 2024-04-11 | Interdigital Patent Holdings, Inc. | Access control in 5g nr |
Families Citing this family (19)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
FR3084232A1 (en) * | 2018-07-19 | 2020-01-24 | Orange | METHOD FOR MANAGING AN ATTACHMENT OF A COMMUNICATION DEVICE TO A NETWORK OF AN OPERATOR |
JP7261872B2 (en) * | 2018-09-18 | 2023-04-20 | オッポ広東移動通信有限公司 | Method and apparatus for network slice authentication |
KR102078718B1 (en) * | 2018-10-26 | 2020-02-19 | 에스케이텔레콤 주식회사 | Session management function, user plane function and method for associating service using the same |
CN113748697A (en) * | 2019-04-25 | 2021-12-03 | 三星电子株式会社 | Method and system for providing non-access stratum (NAS) message protection |
CN111865597B (en) * | 2019-04-29 | 2022-05-17 | 华为技术有限公司 | Communication method and communication device |
KR102185853B1 (en) * | 2019-05-16 | 2020-12-02 | 라인플러스 주식회사 | Method and system for connecting between terminals in multimedia communication |
JP6833906B2 (en) * | 2019-05-28 | 2021-02-24 | Necプラットフォームズ株式会社 | Wireless systems, wireless system control methods and wireless system control programs |
GB2586328B (en) * | 2019-06-11 | 2022-04-27 | Samsung Electronics Co Ltd | Improvements in and relating to the provision of data analytics in a telecommunication network |
KR20200143134A (en) * | 2019-06-14 | 2020-12-23 | 삼성전자주식회사 | Method and apparatus for providing service in wireless communication system |
US11171837B2 (en) * | 2019-07-17 | 2021-11-09 | Samsung Electronics Co., Ltd. | Methods and systems for management of shared network slice instance (NSI) in a wireless network |
US11343698B2 (en) * | 2019-10-02 | 2022-05-24 | Samsung Electronics Co., Ltd. | Method and device for data rate control in network slice in wireless communication system |
KR20210088268A (en) * | 2020-01-06 | 2021-07-14 | 삼성전자주식회사 | Apparatus and method for controlling network slice data rate in wireless communication system |
WO2021167370A2 (en) * | 2020-02-21 | 2021-08-26 | 유동호 | Platform system for controlling vertical service of mobile communication network, and method for controlling same |
KR102358371B1 (en) * | 2020-02-21 | 2022-02-08 | 유동호 | Platform system for controlling vertical service in mobile network and controlling method thereof |
CN113498055B (en) * | 2020-03-20 | 2022-08-26 | 维沃移动通信有限公司 | Access control method and communication equipment |
CN113676904B (en) * | 2020-04-30 | 2023-02-03 | 华为技术有限公司 | Slice authentication method and device |
CN113905019B (en) * | 2021-09-29 | 2023-12-01 | 天翼物联科技有限公司 | Data transmission method, device, equipment and medium based on terminal address management |
CN116671141A (en) * | 2021-12-27 | 2023-08-29 | 北京小米移动软件有限公司 | Information processing method, device, communication equipment and storage medium |
WO2023216060A1 (en) * | 2022-05-09 | 2023-11-16 | Apple Inc. | Home network-triggered authentication procedure |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20170142591A1 (en) * | 2015-11-13 | 2017-05-18 | Huawei Technologies Co., Ltd. | System and methods for network management and orchestration for network slicing |
US20170339688A1 (en) * | 2016-05-17 | 2017-11-23 | Industrial Technology Research Institute | Method of network slicing and related apparatuses using the same |
US20190149329A1 (en) * | 2016-07-16 | 2019-05-16 | Huawei Technologies Co., Ltd. | Network authentication method, and related device and system |
Family Cites Families (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101683883B1 (en) | 2009-12-31 | 2016-12-08 | 삼성전자주식회사 | Method and system for supporting security in mobile telecommunication system |
US9265087B2 (en) | 2011-03-31 | 2016-02-16 | Lg Electronics Inc. | Method for user equipment setting security with network in wireless communication system and apparatus for same |
US9172678B2 (en) | 2011-06-28 | 2015-10-27 | At&T Intellectual Property I, L.P. | Methods and apparatus to improve security of a virtual private mobile network |
US10298580B2 (en) * | 2015-06-01 | 2019-05-21 | Huawei Technologies Co., Ltd. | Admission of an individual session in a network |
JP6925411B2 (en) * | 2016-08-16 | 2021-08-25 | アイディーエーシー ホールディングス インコーポレイテッド | Network slice reselection |
CN108012267B (en) * | 2016-10-31 | 2022-05-24 | 华为技术有限公司 | Network authentication method, related equipment and system |
-
2016
- 2016-12-05 KR KR1020160164157A patent/KR102633995B1/en active IP Right Grant
-
2017
- 2017-08-21 EP EP17843909.7A patent/EP3499796A4/en active Pending
- 2017-08-21 CN CN201780051660.4A patent/CN109644133A/en active Pending
- 2017-08-21 US US16/327,205 patent/US20190191309A1/en not_active Abandoned
-
2020
- 2020-12-18 US US17/127,123 patent/US11758397B2/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20170142591A1 (en) * | 2015-11-13 | 2017-05-18 | Huawei Technologies Co., Ltd. | System and methods for network management and orchestration for network slicing |
US20170339688A1 (en) * | 2016-05-17 | 2017-11-23 | Industrial Technology Research Institute | Method of network slicing and related apparatuses using the same |
US20190149329A1 (en) * | 2016-07-16 | 2019-05-16 | Huawei Technologies Co., Ltd. | Network authentication method, and related device and system |
Non-Patent Citations (1)
Title |
---|
LG ELECTRONICS INC., `Network Slice Selection considering Authentication and Authorization', S2-163395, hereinafter 3GPP * |
Cited By (41)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20200329372A1 (en) * | 2016-04-27 | 2020-10-15 | Nec Corporation | Key derivation method, communication system, communication terminal, and communication device |
US10742522B2 (en) * | 2016-11-14 | 2020-08-11 | Huawei Technologies Co., Ltd. | Creation and modification of shareable slice instances |
US20180139107A1 (en) * | 2016-11-14 | 2018-05-17 | Huawei Technologies Co., Ltd. | Creation and modification of shareable slice instances |
US11296957B2 (en) * | 2017-03-19 | 2022-04-05 | Huawei Technologies Co., Ltd. | Network slice management method, unit, and system |
US20200053562A1 (en) * | 2017-03-21 | 2020-02-13 | Lg Electronics Inc. | Session management method and smf node |
US11576043B2 (en) * | 2017-03-21 | 2023-02-07 | Lg Electronics Inc. | Session management method and SMF node |
US11083028B2 (en) | 2017-03-31 | 2021-08-03 | Telefonaktiebolaget Lm Ericsson (Publ) | Coordinated selection of user plane functions in core and radio access networks |
US11310868B2 (en) * | 2017-03-31 | 2022-04-19 | Telefonaktiebolaget Lm Ericsson (Publ) | Application topology aware user plane selection in NR and 5GC |
US11490327B2 (en) * | 2017-07-31 | 2022-11-01 | Huawei Technologies Co., Ltd. | Method, device, and system for deploying network slice |
US20240121702A1 (en) * | 2017-08-09 | 2024-04-11 | Interdigital Patent Holdings, Inc. | Access control in 5g nr |
US11006004B2 (en) | 2017-08-11 | 2021-05-11 | Samsung Electronics Co., Ltd. | Manual roaming and data usage rights |
US11470204B2 (en) | 2017-08-11 | 2022-10-11 | Samsung Electronics Co., Ltd. | Manual roaming and data usage rights |
US11528328B2 (en) * | 2017-12-15 | 2022-12-13 | Nokia Technologies Oy | Stateless network function support in the core network |
US11382163B2 (en) * | 2017-12-19 | 2022-07-05 | At&T Intellectual Property I, L.P. | Instantiating intelligent service delivery parameters within protected hardware |
US10980084B2 (en) * | 2018-02-15 | 2021-04-13 | Huawei Technologies Co., Ltd. | Supporting multiple QOS flows for unstructured PDU sessions in wireless system using non-standardized application information |
US11558355B2 (en) * | 2018-02-26 | 2023-01-17 | Mcafee, Llc | Gateway with access checkpoint |
US20210120409A1 (en) * | 2018-04-05 | 2021-04-22 | Nokia Technologies Oy | User authentication in first network using subscriber identity module for second legacy network |
US11722891B2 (en) * | 2018-04-05 | 2023-08-08 | Nokia Technologies Oy | User authentication in first network using subscriber identity module for second legacy network |
US20220117015A1 (en) * | 2019-01-14 | 2022-04-14 | Idac Holdings, Inc. | Methods and wireless transmit/receive units for supporting virtual machine migration |
US11146964B2 (en) | 2019-02-22 | 2021-10-12 | Vmware, Inc. | Hierarchical network slice selection |
US11024144B2 (en) | 2019-02-22 | 2021-06-01 | Vmware, Inc. | Redirecting traffic from mobile device to initial slice selector for connection |
US11483762B2 (en) | 2019-02-22 | 2022-10-25 | Vmware, Inc. | Virtual service networks |
US10939369B2 (en) * | 2019-02-22 | 2021-03-02 | Vmware, Inc. | Retrieval of slice selection state for mobile device connection |
US10834669B2 (en) | 2019-02-22 | 2020-11-10 | Vmware, Inc. | Stateful network slice selection using replay of connection handshake |
US11246087B2 (en) | 2019-02-22 | 2022-02-08 | Vmware, Inc. | Stateful network slice selection using slice selector as connection termination proxy |
US11108643B2 (en) | 2019-08-26 | 2021-08-31 | Vmware, Inc. | Performing ingress side control through egress side limits on forwarding elements |
US11240113B2 (en) | 2019-08-26 | 2022-02-01 | Vmware, Inc. | Forwarding element slice identifying control plane |
US11178016B2 (en) | 2019-08-26 | 2021-11-16 | Vmware, Inc. | Performing slice based operations in a data plane circuit |
US11522764B2 (en) | 2019-08-26 | 2022-12-06 | Vmware, Inc. | Forwarding element with physical and virtual data planes |
US10785652B1 (en) | 2019-09-11 | 2020-09-22 | Cisco Technology, Inc. | Secure remote access to a 5G private network through a private network slice |
CN114521004A (en) * | 2020-11-19 | 2022-05-20 | 中国移动通信集团有限公司 | Data transmission method, device, equipment and storage medium |
US11704148B2 (en) | 2021-03-05 | 2023-07-18 | Vmware, Inc. | Datapath load distribution for a RIC |
US11743131B2 (en) | 2021-03-05 | 2023-08-29 | Vmware, Inc. | Cloudified user-level tracing |
US11750466B2 (en) | 2021-03-05 | 2023-09-05 | Vmware, Inc. | RIC and RIC framework communication |
US11805020B2 (en) | 2021-03-05 | 2023-10-31 | Vmware, Inc. | Cloudified MAC scheduler |
US11831517B2 (en) | 2021-03-05 | 2023-11-28 | Vmware, Inc. | Data IO and service on different pods of a RIC |
US11836551B2 (en) | 2021-03-05 | 2023-12-05 | Vmware, Inc. | Active and standby RICs |
US11540287B2 (en) | 2021-03-05 | 2022-12-27 | Vmware, Inc. | Separate IO and control threads on one datapath Pod of a RIC |
US11973655B2 (en) | 2021-03-05 | 2024-04-30 | VMware LLC | SDL cache for O-RAN |
WO2023099011A1 (en) * | 2021-12-03 | 2023-06-08 | Telefonaktiebolaget Lm Ericsson (Publ) | Assigning a network slice to a tenant using tenant information |
US11838176B1 (en) | 2022-12-19 | 2023-12-05 | Vmware, Inc. | Provisioning and deploying RAN applications in a RAN system |
Also Published As
Publication number | Publication date |
---|---|
EP3499796A1 (en) | 2019-06-19 |
KR102633995B1 (en) | 2024-02-06 |
US11758397B2 (en) | 2023-09-12 |
EP3499796A4 (en) | 2020-03-04 |
CN109644133A (en) | 2019-04-16 |
US20210105623A1 (en) | 2021-04-08 |
KR20180021630A (en) | 2018-03-05 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11758397B2 (en) | Method for requesting authentication between terminal and 3rd party server in wireless communication system, terminal therefor, and network slice instance management device | |
US20230422034A1 (en) | Method for requesting authentication between terminal and 3rd party server in wireless communication system, terminal therefor, and network slice instance management device | |
KR102270507B1 (en) | Network slice selection method, user equipment and network equipment | |
US10798761B2 (en) | Method for establishing protocol data unit session in communication system | |
CN106060900B (en) | Access control method and device for network slice, terminal cell and SDN controller | |
US11558911B2 (en) | Communication method and device for edge computing system | |
CN106664676B (en) | Apparatus and method for providing service connection through access layer in wireless communication system | |
EP3605995A1 (en) | Method and apparatus for discussing digital certificate by esim terminal and server | |
KR102669819B1 (en) | A method and apparatus for mutually exclusively connecting to a network slice of a roaming terminal in a wireless communication system | |
EP3861827B1 (en) | Method and apparatus for transmitting and receiving data in wireless communication system | |
US11134370B2 (en) | Initial operation method for roaming terminal accessing network in mobile communication environment | |
US20230239215A1 (en) | Server availability checking for edge computing services | |
US11330063B2 (en) | Method and apparatus for supporting reauthentication of DN authorized PDU session and managing PDU session according to change of DN authorization data | |
US20230318780A1 (en) | Channel scrambling techniques in wireless communications | |
US20240048632A1 (en) | Target services for authentication and authorization | |
WO2023173284A1 (en) | Techniques for configuring communications based on unified transmission configuration indicator states | |
WO2022032560A1 (en) | Flexible network slice selection procedure | |
WO2024026710A1 (en) | Cross-carrier scheduling in unified transmission configuration indicator frameworks | |
US20230413032A1 (en) | Consent management procedures for wireless devices | |
WO2022047690A1 (en) | Establishing a network slicing connection | |
WO2023039816A1 (en) | Inter-message certificate and digest arrangements in wireless communications systems | |
US20220322462A1 (en) | Method and apparatus for configuring edge computing service information | |
US20240236870A9 (en) | Reference signal available slot indication by group common downlink control information | |
US20240137874A1 (en) | Reference signal available slot indication by group common downlink control information | |
WO2023081608A1 (en) | Ue capability identity signaling over non access stratum (nas) |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: SAMSUNG ELECTRONICS CO., LTD., KOREA, REPUBLIC OF Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:KWEON, KISUK;LEE, JOOHYUNG;LEE, JICHEOL;AND OTHERS;SIGNING DATES FROM 20190122 TO 20190211;REEL/FRAME:048400/0678 |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER |
|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |