WO2020141355A1 - Optimisation de la découverte d'un service nf - Google Patents

Optimisation de la découverte d'un service nf Download PDF

Info

Publication number
WO2020141355A1
WO2020141355A1 PCT/IB2019/050077 IB2019050077W WO2020141355A1 WO 2020141355 A1 WO2020141355 A1 WO 2020141355A1 IB 2019050077 W IB2019050077 W IB 2019050077W WO 2020141355 A1 WO2020141355 A1 WO 2020141355A1
Authority
WO
WIPO (PCT)
Prior art keywords
service discovery
authorization
service
response
request
Prior art date
Application number
PCT/IB2019/050077
Other languages
English (en)
Inventor
Simone Ferlin
Zhang FU
Juha KUJANEN
Göran RUNE
Patrik Salmela
Jari Arkko
Original Assignee
Telefonaktiebolaget Lm Ericsson (Publ)
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Telefonaktiebolaget Lm Ericsson (Publ) filed Critical Telefonaktiebolaget Lm Ericsson (Publ)
Priority to PCT/IB2019/050077 priority Critical patent/WO2020141355A1/fr
Publication of WO2020141355A1 publication Critical patent/WO2020141355A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W48/00Access restriction; Network selection; Access point selection
    • H04W48/18Selecting a network or a communication service
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/51Discovery or management thereof, e.g. service location protocol [SLP] or web services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos

Definitions

  • the present disclosure relates to Network Function (NF) services provided by a
  • CN telecommunications Core Network
  • the 5G network architecture shown in Figure 1 comprises a plurality of UEs connected to either a RAN or an Access Network (AN), referred to herein as a“(R)AN,” as well as an Access and Mobility Management Function (AMF).
  • the (R)AN comprises base stations, e.g., such as enhanced or evolved Node Bs (eNBs) or 5G base stations (gNBs) or similar.
  • eNBs enhanced or evolved Node Bs
  • gNBs 5G base stations
  • the 5G core NFs shown in Figure 1 include a Network Slice Selection Function (NSSF), an Authentication Server Function (AUSF), a Unified Data Management (UDM), a Policy Control Function (PCF), an Application Function (AF), an AMF, a Session Management Function (SMF), and a User Plane Function (UPF).
  • NSSF Network Slice Selection Function
  • AUSF Authentication Server Function
  • UDM Unified Data Management
  • PCF Policy Control Function
  • AF Application Function
  • AMF Session Management Function
  • UPF User Plane Function
  • the N1 reference point is defined to carry signaling between the UE and AMF.
  • the reference points for connecting between the (R)AN and AMF and between the (R)AN and UPF are defined as N2 and N3, respectively.
  • N4 is used by the SMF and UPF so that the UPF can be set using the control signal generated by the SMF, and the UPF can report its state to the SMF.
  • N5 is the reference point by which the PCF applies policy to the AF.
  • N7 is the reference point between the SMF and the PCF and by which the PCF applies policy to the SMF.
  • N8 is the reference point by which the AMF gets subscription data for the UE from the UDM.
  • N9 is the reference point for the connection between different UPFs.
  • N10 is the reference point by which the SMF gets subscription data for the UE from the UDM.
  • N12 is required for the AMF to perform authentication of the UE via the AUSF.
  • N3 is the reference point by which the AUSF communicates with the UDM.
  • N14 is the reference point connecting between different AMFs, respectively.
  • N15 is the reference point through which the PCF applies policy to the AMF.
  • N22 is the reference point by which the AMF communicates with the NSSF.
  • the 5G core network aims at separating user plane and control plane.
  • the user plane carries user traffic while the control plane carries signaling in the network.
  • the UPF is in the user plane and all other NFs, i.e., the AMF, SMF, PCF, AF, AUSF, and UDM, are in the control plane.
  • At least one UPF is traversed by the packets between the (R)AN - in this example, an NG-RAN - and a destination DN.
  • N6 is the reference point for the connection between the UPF and the DN.
  • Separating the user and control planes guarantees each plane resource to be scaled independently. It also allows UPFs to be deployed separately from control plane functions in a distributed fashion. In this architecture, UPFs may be deployed very close to UEs to shorten the Round Trip Time (RTT) between UEs and data network for some applications requiring low latency.
  • RTT Round Trip Time
  • the core 5G network architecture is composed of modularized functions.
  • the AMF and SMF are independent functions in the control plane. Separated AMF and SMF allow independent evolution and scaling.
  • Other control plane functions like the PCF and AUSF can be separated as shown in Figure 1.
  • Modularized function design enables the 5G core network to support various services flexibly.
  • Each NF interacts with another NF directly. It is possible to use intermediate functions to route messages from one NF to another NF.
  • a set of interactions between two NFs is defined as service so that its reuse is possible. This service enables support for modularity.
  • the user plane supports interactions such as forwarding operations between different UPFs.
  • SBA Service Based Architecture
  • SBI Service Based Interface
  • Figure 2 illustrates a 5G network architecture using service-based interfaces between the NFs in the control plane, instead of the point-to-point reference points/interfaces used in the 5G network architecture of Figure 1.
  • the NFs described above with reference to Figure 1 correspond to the NFs shown in Figure 2.
  • Figure 2 also includes a User Data Repository (UDR).
  • UDR User Data Repository
  • the service(s) etc. that an NF provides to other authorized NFs can be exposed to the authorized NFs through the service-based interface.
  • the service based interfaces are indicated by the letter“N” followed by the name of the NF, e.g., Namf for the service based interface of the AMF and Nsmf for the service based interface of the SMF etc.
  • the Network Exposure Function (NEF) and the Network Repository Function (NRF) in Figure 2 are not shown in Figure 1 discussed above. Flowever, it should be clarified that all NFs depicted in Figure 1 can interact with the NEF and the NRF of Figure 2 as necessary, though not explicitly indicated in Figure 1. [0010] Some properties of the NFs shown in Figures 1 and 2 may be described in the following manner.
  • the AMF provides UE-based authentication, authorization, mobility management, etc. A UE even using multiple access technologies is basically connected to a single AMF because the AMF is independent of the access technologies.
  • the SMF is responsible for session management and allocates Internet Protocol (IP) addresses to UEs. It also selects and controls the UPF for data transfer.
  • IP Internet Protocol
  • the AF provides information on the packet flow to the PCF responsible for policy control in order to support QoS. Based on the information, the PCF determines policies about mobility and session management to make the AMF and SMF operate properly.
  • the AUSF supports authentication function for UEs or similar and thus stores data for authentication of UEs or similar while the UDM stores subscription data of the UE.
  • the DN not part of the 5G core network, provides Internet access or operator services and similar.
  • FIG. 3 illustrates an overview of the conventional process for NF service registration, discovery, authorization, and access.
  • 3GPP TS 33.501 Version 15.3.1
  • the NF and NRF service access authorization and authentication are mandatory and based on the OAuth 2.0 framework (Internet Engineering Task Force (IETF) Request for Comments (RFC) 6749 and RFC 8252) and Transport Layer Security (TLS) (RFC 8446), respectively.
  • An NF may be an NF service producer ⁇ i.e., may offer a service), an NF service consumer [ i.e., may use a service), or both.
  • the terms“NF service producer,”“NF producer,” and“service producer” are synonymous.
  • the terms“NF service consumer,”“NF consumer,” and“service consumer” are synonymous.
  • the NF consumer contacts with the NRF first to find NF producers. If the NRF authorizes the access to a certain NF producer, e.g., the NF producer may be deployed in a different slice or have some access restriction policy in place, some information such as IP or Uniform Resource Locator (URL) address is sent back in the response message. Subsequently, the NF consumer must request an access token for the discovered NF producer from the NRF.
  • the entity that owns the resource i.e., the functions registry
  • the authorization server i.e., the authorization server
  • Service Registration An NF that is a service producer must register itself (step 300) with the NRF. This registration process can include authorization and/or authentication (e.g., the NRF can decide whether or not the NF is authorized to provide the advertised service and the NRF can determine whether or not the purported NF provider is authentic). As used herein, the terms“NF service registration request,” “NF registration request,”“service registration request,” and“registration request” are synonymous except where explicitly indicated otherwise.
  • Service Discovery Once the NF service producer is registered with the NRF, that service producer can be discovered by an NF service consumer, by issuing an NF Service Discovery request (step 302) to the NRF.
  • the NRF may check to see whether the NF service consumer is authorized to make such a discovery request, and if so, the NRF will provide the NF service consumer with the identity of an appropriate NF service producer.
  • the terms“NF service discovery request,”“NF discovery request,”“service discovery request,” and“discovery request” are synonymous except where explicitly indicated otherwise.
  • An NF service consumer may be authorized to discover available services and yet not be authorized to access some of those available services. Thus, the NF service consumer issues an NF service authorization request (step 304) to the NRF.
  • the NRF may grant or deny authorization.
  • the authorization may be granted in the form of an authorization token provided to the NF service consumer by the NRF.
  • the terms“NF service authorization request,”“NF authorization request,”“service authorization request,” and“authorization request” are synonymous except where explicitly indicated otherwise.
  • Service Request If the NF service consumer is authorized to access the NF service, the NF service consumer may then make a service request (step 306) to the NF service producer. Where an authorization token was provided to the NF service consumer by the NRF, the NF service consumer must provide that authorization token to the NF service producer, either a part of the service request (step 306) or in a separate communication (step 308).
  • the terms“NF service access request,”“NF access request,”“service access request,”“service request,” and“access request” are synonymous except where explicitly indicated otherwise.
  • FIG. 4 illustrates in more detail the conventional NF service registration, whereby NF service producers contact the NRF to register their services that should be made available to other NFs.
  • An NF service producer sends an NF service registration request to an NRF or other authorization server (step 400).
  • the NRF registers the NF service producer and stores the NF service producer profile (step 402), and sends an NF service registration response to the NF service producer (step 404).
  • NF service consumers contact the NRF to find out about NF producers. This process is shown in Figure 5.
  • an NF service consumer may be authorized to perform an NF service discovery, that does not necessarily mean that the NF service consumer will be granted access to a discovered NF service.
  • an NF service consumer may be able to determine a list of available NF services in the area, including those services that the NF service consumer is not authorized to access.
  • the NF service consumer requests the service from the NF service producer directly using the token.
  • the same token must be verified in a separate step by the NF service producer and/or against the NRF, as shown in Figure 6.
  • Figure 6 illustrates in more detail the conventional NF service request with an access token.
  • the NF service consumer issues an NF service access request to the NF service producer (step 600).
  • the NF service access request includes the access token that the NF service consumer previously received from the NRF, such as in step 510 of Figure 5.
  • the NF service producer validates the token (step 602), which may or may not be done with assistance from the NRF (optional step 604).
  • the NF service consumer then sends an NF service access response to the NF service consumer (step 606) indicating that the service access request was granted or denied.
  • FIG. 7 illustrates the conventional NF service discovery process in a roaming scenario.
  • a roaming NF service consumer issues an NF service discovery request (step 700) towards the home authorization server, which in this example is the Flome NRF (HNRF).
  • the NF service discovery request is routed to the HNRF via a Visited NRF (VNRF), which receives the NF service discovery request and determines whether the NF service consumer is authorized for NF service discovery (step 702).
  • VNRF Visited NRF
  • the roaming NF service consumer is authorized to make such a request, and so the NF service discovery request is forwarded from the VNRF to the HNRF (step 704).
  • the HNRF responds by sending an NF service discovery response (step 706) to the VNRF, which forwards the response to the roaming NF service consumer (step 708).
  • FIG. 8 illustrates the conventional NF authorization process in a roaming scenario.
  • a roaming NF service consumer must first register within the visited network (step 800), which involves a mutual authentication (step 802) between the VNRF and the HNRF.
  • the roaming NF service consumer then issues an access token request (step 804) towards the HNRF, which is received by the VNRF.
  • the access token request includes parameters such as the NF instance ID, the NF consumer type, the target NF type, the FIPLMN ID, and the VPLMN ID.
  • the VNRF authenticates the client (step 806).
  • the authentication was successful, and so the VNRF forwards the access token request to the target HNRF (step 808).
  • the HNRF authorizes the client (step 810), and if successful, generates an access token.
  • the client is successfully authorized, so the HNRF issues an access token response (step 812) to the VNRF, which forwards the access token response to the roaming NF service consumer (step 814).
  • the NF service consumers and/or consumers may cross the Public Land Mobile Network (PLMN) or other network operator’s borders, e.g., between a Flome PLMN (FIPLMN) and a Visiting PLMN (VPLMN).
  • PLMN Public Land Mobile Network
  • FAMN Flome PLMN
  • VPN Visiting PLMN
  • a roaming NF service consumer has to reach their home network operator to request access at the NRF, where NF service producers must be registered.
  • the high signaling overhead associated with conventional methods of NF discovery and access extends across networks in a roaming scenario, thus increasing network traffic between operator networks.
  • NF Network Function
  • a method, implemented in an NF consumer, for optimizing NF service discovery comprises: sending, to an authorization server, a combined service discovery and authorization request for an NF service; and receiving, from the authorization server, a service discovery response and an authorization response for the NF service.
  • sending the service discovery and authorization request to an authorization server comprises sending the service discovery and authorization request to a NRF.
  • receiving the service discovery response and the authorization response comprises receiving a combined service discovery and authorization response.
  • sending the combined service discovery and authorization request comprises sending a combined service discovery and authorization request for a plurality of NF services.
  • receiving the service discovery response and an authorization response comprises receiving a service discovery response for the plurality of NF services.
  • the service discovery response further comprises an authorization response for the plurality of NF services.
  • receiving the service discovery response and an authorization response comprises receiving at least one authorization response separate from the service discovery response.
  • the authorization response for the plurality of NF services comprises one access token to be used for accessing the plurality of NF services.
  • the authorization response for the plurality of NF services comprises a plurality of tokens to be used for accessing the plurality of NF services.
  • sending the combined service discovery and authorization request comprises sending a service discovery request that comprises an access token request message having access token request message parameters.
  • sending the combined service discovery and authorization request comprises sending a service discovery request that comprises at least one access token request message parameter.
  • sending the combined service discovery and authorization request comprises sending an access token request message parameter that is not known until after service discovery, the access token request message parameter being set to a placeholder value within the combined service discovery and authorization request and replaced with an actual value after service discovery.
  • the combined service discovery and authorization request specifies an access type, all possible access types, or all allowed access types for access to the NF service.
  • a method, implemented in an authorization server, for optimizing NF service discovery comprises: receiving, from a requesting entity, a service discovery request; determining that the received request is a combined service discovery and authorization request, and, upon determination that the received request is a combined service discovery and authorization request: authorizing the service discovery, and, upon determination that the service discovery is authorized, prepare a service discovery response; authorizing the client, and, upon determination that the client is authorized to access the service, prepare an authorization response; and sending, to the requesting entity, the service discovery response and the authorization response.
  • the authorization server comprises an NRF.
  • determining that the received service discovery request is a combined service discovery and authorization request for an NF service comprises determining that the received combined service discovery and authorization request comprises an access token request message having access token request message parameters.
  • determining that the received service discovery request is a combined service discovery and authorization request for an NF service comprises determining that the received combined service discovery and authorization request comprises at least one access token request message parameter.
  • determining that the received service discovery request is a combined service discovery and authorization request for an NF service comprises determining that the received combined service discovery and authorization request comprises an access token request message parameter that is not known until after service discovery.
  • the combined service discovery and authorization request specifies an access type, all possible access types, or all allowed access types for access to the NF service.
  • sending the service discovery response and the authorization response comprises sending a combined service discovery and authorization response.
  • sending the service discovery response and the authorization response comprises sending the service discovery response separate from the authorization response.
  • the authorization response comprises an access token for accessing the NF service.
  • sending the combined service discovery and authorization request comprises sending a combined service discovery and authorization request for a plurality of NF services.
  • receiving the service discovery response and an authorization response comprises receiving a service discovery response for the plurality of NF services.
  • the service discovery response further comprises an authorization response for the plurality of NF services.
  • receiving the service discovery response and an authorization response comprises receiving at least one authorization response separate from the service discovery response.
  • the authorization response for the plurality of NF services comprises at least one access token.
  • the authorization response for the plurality of NF services comprises one access token to be used for accessing the plurality of NF services.
  • the authorization response for the plurality of NF services comprises a plurality of tokens to be used for accessing the plurality of NF services.
  • the requesting entity comprises an NF service consumer.
  • the NF service consumer comprises an AMF.
  • a method, implemented in an authorization server, for optimizing NF service discovery comprises: receiving, from a requesting entity, a service discovery request; determining that the received request is a combined service discovery and authorization request, and, upon determination that the received request is a combined service discovery and authorization request: determining that the requesting entity is a roaming entity, and, upon determination that the requesting entity is a roaming entity, authorizing the service discovery, and, upon determination that the service discovery is authorized: forwarding the received service discovery and authorization request to an authorization server in the home network of the requesting entity; receiving from the authorization server in the home network of the requesting entity, a service discovery and authorization response; and sending, to the requesting entity, the service discovery and authorization response.
  • At least one of the authorization server and the authorization server in the home network of the requesting entity comprises an NRF.
  • the requesting entity comprises an NF service consumer.
  • determining that the received service discovery request is a combined service discovery and authorization request for an NF service comprises determining that the received combined service discovery and authorization request comprises an access token request message having access token request message parameters.
  • determining that the received service discovery request is a combined service discovery and authorization request for an NF service comprises determining that the received combined service discovery and authorization request comprises at least one access token request message parameter.
  • determining that the received service discovery request is a combined service discovery and authorization request for an NF service comprises determining that the received combined service discovery and authorization request comprises an access token request message parameter that is not known until after service discovery.
  • the combined service discovery and authorization request specifies an access type, all possible access types, or all allowed access types for access to the NF service.
  • sending the service discovery response and the authorization response comprises sending a combined service discovery and authorization response.
  • sending the service discovery response and the authorization response comprises sending the service discovery response separate from the authorization response.
  • authorizing the service discovery further comprises performing the service discovery and preparing the service discovery response.
  • forwarding the received service discovery and authorization request to the authorization server in the home network further comprises forwarding the prepared service discovery response to the authorization server in the home network.
  • a method, implemented in an authorization server, for optimizing NF service discovery comprises: receiving, from a requesting entity, a service discovery request; determining that the received request is a combined service discovery and authorization request, and, upon determination that the received request is a combined service discovery and authorization request: determining that the requesting entity is an authorization server in a visited network, and, upon determination that the requesting entity is an authorization server in a visited network:
  • At least one of the authorization server and the authorization server in the visited network comprises an NRF.
  • determining that the received service discovery request is a combined service discovery and authorization request for an NF service comprises determining that the received combined service discovery and authorization request comprises an access token request message having access token request message parameters.
  • determining that the received service discovery request is a combined service discovery and authorization request for an NF service comprises determining that the received combined service discovery and authorization request comprises at least one access token request message parameter.
  • determining that the received service discovery request is a combined service discovery and authorization request for an NF service comprises determining that the received combined service discovery and authorization request comprises an access token request message parameter that is not known until after service discovery.
  • the combined service discovery and authorization request specifies an access type, all possible access types, or all allowed access types for access to the NF service.
  • receiving the combined service discovery and authorization request comprises receiving a service discovery response prepared by the authorization server in the visited network.
  • sending the authorization response further comprises sending the received service discovery response.
  • the method further comprises preparing a service discovery response, and sending the authorization response further comprises sending the service discovery response.
  • sending the service discovery response and the authorization response comprises sending a combined service discovery and authorization response.
  • sending the service discovery response and the authorization response comprises sending the service discovery response separate from the authorization response.
  • a network node for performing optimized NF service discovery comprises: a network interface; one or more processors; and memory storing instructions executable by the one or more processors, whereby the network node is operable to perform any of the methods disclosed herein.
  • a network node for performing optimized NF service discovery is provided, the network node being adapted to perform any of the methods disclosed herein.
  • a network node for performing optimized NF service discovery comprises means for performing any of the methods disclosed herein.
  • a network node for performing optimized NF service discovery comprises one or more modules operable to perform any of the methods disclosed herein.
  • a non-transitory computer readable medium stores software instructions that when executed by one or more processors of a network node for performing optimized NF service discovery, cause network node to perform any of the methods disclosed herein.
  • a computer program comprises instructions which, when executed by at least one processor, cause the at least one processor to perform any of the methods disclosed herein.
  • a carrier comprises the computer program above, wherein the carrier is one of an electronic signal, an optical signal, a radio signal, or a computer readable storage medium.
  • Figure 1 illustrates a conventional wireless communication system represented as a Fifth Generation Core Network (5GC) architecture composed of core Network Functions (NFs), where interaction between any two NFs is represented by a point-to-point reference point/interface;
  • 5GC Fifth Generation Core Network
  • NFs core Network Functions
  • Figure 2 illustrates a 5G network architecture using service-based interfaces between the NFs in the control plane instead of the point-to-point reference points/interfaces used in the 5G network architecture of Figure 1 ;
  • Figure 3 illustrates an overview of the conventional process for NF service registration, discovery, and access
  • Figure 4 illustrates in more detail the conventional NF service registration process
  • Figure 5 illustrates in more detail the conventional NF service discovery and authorization processes
  • Figure 6 illustrates in more detail the conventional NF service access process
  • Figure 7 illustrates the conventional NF service discovery process in a roaming scenario
  • Figure 8 illustrates the conventional NF authorization process in a roaming scenario
  • Figure 9 illustrates one example of a cellular communications network according to some embodiments of the present disclosure.
  • Figure 10 illustrates an exemplary method for NF service discovery according to some embodiments of the present disclosure
  • Figure 11 illustrates an exemplary method for NF service discovery in a roaming scenario according to some embodiments of the present disclosure
  • Figure 12 illustrates a simplified example of a conventional User Equipment (UE) registration procedure, in which separate service discovery requests and authorization requests are made for each NF needed;
  • UE User Equipment
  • Figure 13 illustrates an optimized UE registration process according to some embodiments of the present disclosure, which uses a combined service discovery and authorization request for each NF needed;
  • Figure 14 illustrates a UE registration process even further optimized according to some embodiments of the present disclosure, which uses a single combined service discovery and authorization request for multiple NFs;
  • Figure 15 illustrates an optimized NF service discovery according to some embodiments of the present disclosure, which uses a single service discovery request for multiple NFs;
  • Figure 16 is a schematic block diagram of a network node according to some embodiments of the present disclosure.
  • Figure 17 is a schematic block diagram that illustrates a virtualized embodiment of the network node of Figure 16 according to some embodiments of the present disclosure
  • Figure 18 is a schematic block diagram of the network node of Figure 15 according to some other embodiments of the present disclosure.
  • Figure 19 is a schematic block diagram of a UE according to some embodiments of the present disclosure.
  • Figure 20 is a schematic block diagram of the UE of Figure 18 according to some other embodiments of the present disclosure.
  • Figure 21 illustrates a telecommunication network connected via an intermediate network to a host computer in accordance with some embodiments of the present disclosure
  • Figure 22 is a generalized block diagram of a host computer communicating via a base station with a UE over a partially wireless connection in accordance with some embodiments of the present disclosure
  • Figure 23 is a flowchart illustrating a method implemented in a communication system in accordance with one embodiment of the present disclosure
  • Figure 24 is a flowchart illustrating a method implemented in a communication system in accordance with one embodiment of the present disclosure
  • Figure 25 is a flowchart illustrating a method implemented in a communication system in accordance with one embodiment on the present disclosure.
  • Figure 26 is a flowchart illustrating a method implemented in a communication system in accordance with one embodiment of the present disclosure. Detailed Description
  • NF Network Function
  • Combining the service discovery and authorization steps provides several benefits, including: lower latency, which is particularly relevant in roaming when NFs and the NRF may be in different locations, e.g., NF via a Flome NRF (HNRF) and Visiting NRF (VNRF); optimized signaling in the Fifth Generation Core Network (5GC) by reducing the number of messages exchanged between NFs and the NRF; and lower resource usage at the NRF, which may be a bottlenecked resource.
  • the NRF can proactively provision an access token to the NF during the discovery process.
  • Radio Node As used herein, a“radio node” is either a radio access node or a wireless device.
  • Radio Access Node As used herein, a“radio access node” or“radio network node” is any node in a radio access network of a cellular communications network that operates to wirelessly transmit and/or receive signals.
  • a radio access node include, but are not limited to, a base station (e.g., a New Radio (NR) base station (gNB) in a Third Generation Partnership Project (3GPP) Fifth Generation (5G) NR network or an enhanced or evolved Node B (eNB) in a 3GPP Long Term Evolution (LTE) network), a high-power or macro base station, a low-power base station (e.g., a micro base station, a pico base station, a home eNB, or the like), and a relay node.
  • a base station e.g., a New Radio (NR) base station (gNB) in a Third Generation Partnership Project (3GPP) Fifth Generation (5G) NR network or an enhanced or evolved Node B (eNB) in a
  • a“core network node” is any type of node in a core network.
  • Some examples of a core network node include, e.g., a Mobility Management Entity (MME), a Packet Data Network Gateway (P-GW), a Service Capability Exposure Function (SCEF), or the like.
  • MME Mobility Management Entity
  • P-GW Packet Data Network Gateway
  • SCEF Service Capability Exposure Function
  • a“wireless device” is any type of device that has access to (i.e., is served by) a cellular communications network by wirelessly transmitting and/or receiving signals to a radio access node(s).
  • Some examples of a wireless device include, but are not limited to, a User Equipment device (UE) in a 3GPP network and a Machine Type Communication (MTC) device.
  • UE User Equipment device
  • MTC Machine Type Communication
  • Network Node As used herein, a“network node” is any node that is either part of the radio access network or the core network of a cellular communications network/system.
  • FIG. 9 illustrates one example of a cellular communications network 900 according to some embodiments of the present disclosure.
  • the cellular communications network 900 is a 5G NR network.
  • the cellular communications network 900 includes base stations 902-1 and 902-2, which in LTE are referred to as eNBs and in 5G NR are referred to as gNBs, controlling corresponding macro cells 904-1 and 904-2.
  • the base stations 902-1 and 902-2 are generally referred to herein collectively as base stations 902 and individually as base station 902.
  • the macro cells 904-1 and 904-2 are generally referred to herein collectively as macro cells 904 and individually as macro cell 904.
  • the cellular communications network 900 may also include a number of low power nodes 906-1 through 906-4 controlling corresponding small cells 908-1 through 908-4.
  • the low power nodes 906-1 through 906-4 can be small base stations (such as pico or femto base stations) or Remote Radio Heads (RRHs), or the like.
  • RRHs Remote Radio Heads
  • one or more of the small cells 908-1 through 908-4 may alternatively be provided by the base stations 902.
  • the low power nodes 906-1 through 906-4 are generally referred to herein collectively as low power nodes 906 and individually as low power node 906.
  • the small cells 908-1 through 908-4 are generally referred to herein collectively as small cells 908 and individually as small cell 908.
  • the base stations 902 (and optionally the low power nodes 906) are connected to a core network 910, such as the core network illustrated in Figure 1 or 2.
  • the base stations 902 and the low power nodes 906 provide service to wireless devices 912-1 through 912-5 in the corresponding cells 904 and 908.
  • the wireless devices 912-1 through 912-5 are generally referred to herein collectively as wireless devices 912 and individually as wireless device 912.
  • the wireless devices 912 are also sometimes referred to herein as UEs.
  • An NF may be implemented either as a network element on a dedicated hardware, as a software instance running on a dedicated hardware, or as a virtualized function instantiated on an appropriate platform, e.g., a cloud infrastructure.
  • An NF may be an NF producer, an NF consumer, or both an NF producer and an NF consumer.
  • An NF consumer may also be an entity that is not also an NF, such as a wireless device or UE.
  • the NF service discovery and NF service authorization steps are combined so that an NF consumer does not need to explicitly request an access token in a separate step after discovering an NF service.
  • Figure 10 illustrates an exemplary method for NF service discovery according to some embodiments of the present disclosure.
  • the service discovery request and the authorization request are combined into a single NF service discovery and authorization request (step 1000).
  • the service discovery message also includes the necessary parameters to indicate that a token is also requested as well as data which are needed by the NRF to generate the token.
  • an authorization request may also be referred to as an“access token request”
  • the combined message may also be referred to herein as an“NF service discovery and access token request” or as an“NF service discovery and access request.”
  • the NF service discovery and authorization request includes the NF service name, the NF type, and Client ID, but other parameters, or other combinations of parameters, are also considered to be within the scope the present disclosure.
  • the NF service discovery and authorization request is sent to an authorization server.
  • the authorization server is an NRF.
  • the NRF authorizes the NF service discovery (step 1002), then authorizes the client (step 1004). If the client is authorized, the NRF will generate an access token.
  • the message sent in step 1000 is both a service discovery request and an authorization request
  • that message will include the necessary access token request parameters inside the service discovery request in step 1000. This could be implemented in a number of ways. For example:
  • the service discovery message also contains the access token request message, i.e., a full token request message or all the parameters sent with a regular access token request, except that the parameters of a conventional access token request message that normally identifies the target NF, for instance - information that, in the conventional process, is provided by a prior discovery request -- could either be set to NULL or set to the values that are normally part of the conventional discovery message. That is, where the conventional access token request message would contain the Internet Protocol (IP) address of the discovered NF producer, the new message might use the name of the desired NF (e.g., Authentication Server Function (AUSF)).
  • IP Internet Protocol
  • AUSF Authentication Server Function
  • the NRF will know the identity, etc., of the consumer through the consumer having authenticated to the NRF as part of service discovery, and will know the details of the producer instance through the service discovery and the response generated for the consumer.
  • the NRF might or might not know the resource provided by the producer that the consumer wants to access, so the consumer might have to explicitly indicate this in the message unless the service discovery itself is directly targeting a resource.
  • the NRF will not know what type of access (e.g.,
  • the NRF could generate a token that authorizes all of the access types that the requester is allowed to perform. In this approach, the consumer does not need to indicate the access type desired.
  • the message might contain an indication that the message is a combined resource discovery and authorization request message or the fact that the selected additional access request related parameters are included implicitly communicates this.
  • the consumer does not indicate that it wants to do a combined service discovery and access token request, e.g., not with a flag, nor by having any additional parameters included in the service discovery message.
  • the NRF could have some pre-configured policies such that when an NF of a certain type does service discovery for another specific type of NF, it most probably means it will want a token for a specific resource of the identified NF. Based on this, the NRF could opportunistically generate a token and communicate it to the NF performing service discovery.
  • the NRF then responds to the NF service consumer.
  • the NRF sends a single message that includes both the service discovery response and the authorization response (step 1006) that includes, but is not limited to, information identifying the NF instance and authorization information.
  • the authorization information includes, but is not limited to, an access token and may also include additional information associated with the access token, such as an expiration date.
  • the NRF may send the service discovery response (step 1008) and the authorization response (step 1010) as separate messages. This alternative may be used to avoid having to define a new response message such as the one in step 1006, or if space is critical, e.g., if the service discovery and authorization response and the access token in one message becomes too big.
  • the NF consumer prior to authorization, during the authentication steps between NF consumer and the NRF for performing the service discovery, the NF consumer must provide enough information, e.g., NF consumer type, NF consumer ID, or target NF producer type, so that the NRF can figure out the correct and corresponding access rights.
  • the NRF can then authorize the discovery, perform the discovery for the consumer, and finally generate a suitable access token for the consumer based on the received parameters and the policies stored in the NRF.
  • the service discovery and authorization response may include a list of available instances of the NF producer (i.e., the service discovery response), e.g., instances that the NF consumer can access. If there are multiple NF producer instances in the response, then in one embodiment the access token can be used to access any of these instances, which should be stated in the token claims.
  • the NRF can also append a set of (typically short lived) tokens in the response, each of them usable to access one specific of the NF producer instance provided in the response.
  • Some NFs might follow a specific access pattern in the network. For example, some NF needs to contact other NFs in its initialization phase.
  • the NRF could be pre-configured with some policies indicating that when a certain NF type performs a service registration, it is very likely that the same NF will conduct service discovery and request an access token to certain NF producer(s).
  • the registration could for specific NF types be seen as also containing an implicit service discovery and authorization request.
  • the registration response could also include an opportunistic service discovery response for identified services as well as associated access token(s).
  • an NF service consumer such as a UE that belongs to a subscriber to a home PLMN (HPLMN) is operating within a visited PLMN (VPLMN) and therefore referred to herein as a roaming NF service consumer.
  • An NRF within the VPLMN is herein referred to as a VNRF
  • an NRF within the FIPLMN is herein referred to as an HNRF.
  • a roaming NF service consumer requests access to an NF service, such requests are received by the VNRF and forwarded to the HNRF.
  • the response from the HNRF is sent to the VNRF, which forwards the response to the roaming NF service consumer.
  • the VNRF is responsible for generating access tokens for granting access to an NF within the VPLMN
  • the HNRF is responsible for generating access tokens for granting access to an NF within the HPLMN.
  • it is the HNRF that controls what NF services any of its subscribers - roaming or not - may access.
  • NF service discovery in a roaming scenario generally involves interactions between the VNRF and the HNRF. These interactions may be optimized according to the present disclosure, as will now be described.
  • Figure 10 illustrates a scenario in which the NF producer is in the same PLMN as the NRF, in which case the NRF performs both service discovery and service authorization step.
  • This process may apply when the NF service consumer, the authorization server, and the NF service provider are all in the NF service consumer’s home network (HPLMN) or when the NF service consumer, the authorization server, and the NF service provider are all in a visited network (VPLMN).
  • HPLMN home network
  • VPLMN visited network
  • the process illustrated in Figure 10 may represent a non-roaming scenario, but it also may represent a roaming scenario in which it is not necessary to access an NF service provider in the HPLMN, i.e., the desired NF service exists within the VPLMN (and, optionally, where the authorization server within the VPLMN possesses sufficient information to authorize access and thus does not need to interact with the authorization server within the HPLMN.
  • FIG 11 illustrates an exemplary method for NF service discovery in a roaming scenario according to some embodiments of the present disclosure.
  • an NF service consumer is registered with a VNRF (step 1 100) which has mutually authenticated with an HNRF (step 1 102).
  • the NF service consumer issues an NF service discovery and authorization request (step 1104) towards the HNRF via the VNRF.
  • the VNRF receives the NF service discovery and authorization request and, in response, authenticates the client and authorizes the NF service discovery (step 1106).
  • the client is successfully authenticated and authorized for service discovery, so the VNRF forwards the NF service discovery and authorization request to the HNRF (step 1 108).
  • the HNRF performs discovery, authorizes the client, and generates the authorization response, e.g., the HNRF generates an access token (step 11 10), then issues an NF service discovery and authorization response (step 1 112) to the VNRF, which forwards the NF service discovery and authorization response to the NF service consumer (step 1 1 14).
  • the NF service discovery and authorization response sent by the HNRF to the VNRF does not include the discovery response, e.g., such as when the authorization response contains sufficient information such that the discovery response is redundant or unnecessary.
  • the HNRF sends both a discovery response and an authorization response.
  • the discovery response may be sent together with the authorization response, or the discovery response may be sent separately from the authorization response.
  • the desired NF service exists within the VPLMN, in which case the VNRF may generate the discovery response, forward the original NF service discovery and authorization response (with or without the discovery response) to the HNRF, which authorizes the request and (if authorized), sends an authorization response to the VNRF.
  • the VNRF sends both a discovery response and an authorization response to the NF service consumer.
  • the discovery response may be sent together with the authorization response, or the discovery response may be sent separately from the authorization response.
  • AMF Management Function
  • UDM Unified Data Management
  • SMF Session Management Function
  • PDU Protocol Data Unit
  • FIG 12 illustrates a simplified example of this conventional procedure, in which the service discovery and the authorization token request are separated.
  • the procedure includes the following steps.
  • a UE issues a UE registration request to its current Radio Access Network (RAN) (step 1200), which forwards the request to the serving AMF (step 1202).
  • the AMF then communicates with the NRF several times: first, to discover an AUSF service (steps 1204 and 1206); then, to request access to the discovered AUSF (steps 1208 and 1210).
  • the AMF then authenticates the UE with the AUSF (step 1212).
  • the AMF again communicates with the NRF several times: to discover a UDM service (steps 1214 and 1216) and request access to the discovered UDM service (steps 1218 and 1220) in order to register the UE context information with the UDM (step 1222); to discover an SMF service (steps 1224 and 1226) and request access to the discovered SMF service (steps 1228 and 1230) in order to perform PDU session updates with the SMF (step 1232).
  • the AMF then responds to the UE registration request by sending a UE registration response to the UE (step 1234). As can be seen in this more detailed example, registration of just one UE requires multiple signaling messages to and from the NRF.
  • FIG. 13 illustrates an optimized UE registration process according to some embodiments of the present disclosure.
  • a UE issues a UE registration request to its current RAN (step 1300), which forwards the request to the serving AMF (step 1302).
  • the AMF then communicates with the NRF several times: first, it sends a combined service discovery and authorization request to the NRF for an AUSF service (step 1304), and receives a response from the NRF that identifies an AUSF instance and provides an access token for accessing the identified AUSF (step 1306).
  • the AMF then authenticates the UE with the AUSF (step 1308).
  • the AMF then sends a combined service discovery and authorization request to the NRF for a UDM service (step 1310), and receives a response from the NRF that identifies a UDM instance and provides an access token for accessing the identified UDM (step 1312).
  • the AMF registers the UE context association with the UDM (step 1314).
  • the AMF then sends a combined service discovery and authorization request to the NRF for an SMF service (step 1316), and receives a response from the NRF that identifies an SMF instance and provides an access token for accessing the identified SMF (step 1318).
  • the AMF then performs PDU session updates with the SMF (step 1320), and responds to the UE registration request by sending a UE registration response to the UE (step 1322).
  • registration of one UE according to the optimized procedure illustrated in Figure 13 requires six fewer signaling messages to and from the NRF compared with the conventional process.
  • Figure 14 illustrates a UE registration process even further optimized according to some embodiments of the present disclosure, by combining multiple service discovery and token requests together.
  • the AMF knows that it will need to contact an AUSF, a UDM, and an SMF. Therefore, the AMF can send the corresponding service discoveries all together as well as the token requests. This is shown in Figure 14.
  • a UE issues a UE registration request to its current RAN (step 1400), which forwards the request to the serving AMF (step 1402).
  • the AMF then communicates with the NRF just once: it sends a combined service discovery and authorization request to the NRF (step 1404) for all of the services that will be needed by the UE registration procedure - in this example, an AUSF service, a UDM service, and an SMF service.
  • the AMF receives a response from the NRF (step 1406) that identifies an AUSF instance, a UDM instance, and an SMF instance, and provides one or more access token(s) for accessing the identified AUSF, UDM, and SMF.
  • the NRF may send a single token that is used to access multiple NFs. In another embodiment, the NRF may send multiple tokens, each for a different NF.
  • the NRF may send all of the tokens together in one discovery and authorization response message (e.g., step 1406), or it may send the tokens in separate discovery and authorization response messages.
  • the AMF then authenticates the UE with the AUSF (step 1408), registers the UE context association with the UDM (step 1410), performs PDU session updates with the SMF (step 1412), and responds to the UE registration request by sending a UE registration response to the UE (step 1414).
  • registration of one UE according to the optimized procedure illustrated in Figure 14 requires eleven fewer signaling messages to and from the NRF compared with the conventional process.
  • the OAuth 2.0 framework Representational State Transfer (REST)-ful Application Program Interface (APIs) are used.
  • HTTP Hypertext Transfer Protocol
  • the HTTP-based communication is moving towards HTTP/2, the de facto application layer protocol improvement over HTTP/1.1 and HTTP/1.0, and described in the Internet Engineering Task Force (IETF) Request for Comments (RFC) 7540.
  • IETF Internet Engineering Task Force
  • RRC Request for Comments
  • all communication is via HTTP/2.
  • a HTTP/2-based framework supports better connection management compared to its predecessor HTTP/1.1 and HTTP/1.0.
  • the SERVER PUSH option in HTTP/2 allows the server to preemptively send responses to the client in association with a previous request.
  • this feature from HTTP/2 may be employed where NFs service discovery and service requests are separate requests.
  • SERVER PUSH is meant for web servers preemptively sending content towards a client, which the server knows that the client will need based on a previous request from the same client, e.g., some style files that format all pages from a website that client is interested to download.
  • Figures 13 and 14 illustrate an optimized UE registration
  • the subject matter of the present disclosure is not limited to UE registration.
  • the optimizations described herein are applicable to other procedures that involve multiple NF services.
  • Figure 13 illustrates an optimization in which, for each NF, the service discovery request and authorization request are combined into one request (e.g., combined requests 1304, 1310, and 1316).
  • Figure 14 illustrates an optimization in which all of the separate combined service discovery and authorization requests for each NF are combined into one combined service discovery and authorization request for multiple NF services (e.g., combined request for multiple NFs 1404).
  • Figure 15 illustrates an optimized NF service discovery according to some embodiments of the present disclosure, which uses a single service discovery request (with no authorization request) for multiple NFs.
  • an NF consumer issues an NF service discovery request (step 1500) to an authorization server, the service discovery request identifying a plurality of NF services (e.g., NF service 1 , NF service 2, ).
  • the authorization server authorizes the NF service discoveries (step 1502) and generates the NF service discovery responses (step 1504).
  • the authorization server then sends the service discovery responses to the NF service consumer, which may be in various forms, such as, for example, a combined multi-NF response (step 1506), or as separate, single-NF responses (steps 1508 and 1510).
  • the AMF would issue a service discovery request for an AUSF service, a UDM service, and an SMF service
  • the NRF would issue a service discovery response that identifies an AUSF instance, a UDM instance, and an SMF instance.
  • the authorization requests would be handled using a mechanism separate from the multiple-NF discovery request.
  • the service discovery is performed via a HTTP GET message whereas a token request (service authorization), is performed via a HTTP POST message which is aligned with OAuth 2.0 framework.
  • this difference may be used to an advantage when combining both discovery and authorization together: a conventional service discovery could be sent via HTTP GET as usual while a combined service discovery and authorization could be sent via HTTP POST. In this manner, the NRF receiving the request can distinguish a conventional request from a combined request based simply on whether the request was sent via HTTP GET or HTTP POST.
  • the NRF receives a service discovery request using HTTP GET, it means that the discovery should be performed according to how it is currently defined in 3GPP, as shown in Figure 5.
  • Flowever if the NF consumer uses HTTP POST, it means that it is sending a combined service discovery and authorization with the access token request, as shown in Figure 10.
  • FIG. 16 is a schematic block diagram of a network node 1600 according to some embodiments of the present disclosure.
  • the network node 1600 may be, for example, a radio network node or a core network node.
  • the network node 1600 includes a control system 1602 that includes one or more processors 1604 (e.g., Central Processing Units (CPUs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs), and/or the like), memory 1606, and a network interface 1608.
  • the one or more processors 1604 are also referred to herein as processing circuitry.
  • the network node 1600 may include one or more radio units 1610 that each includes one or more transmitters 1612 and one or more receivers 1614 coupled to one or more antennas 1616.
  • the radio units 1610 may be referred to or be part of radio interface circuitry.
  • the radio unit(s) 1610 is external to the control system 1602 and connected to the control system 1602 via, e.g., a wired connection (e.g., an optical cable).
  • the radio unit(s) 1610 and potentially the antenna(s) 1616 are integrated together with the control system 1602.
  • the one or more processors 1604 operate to provide one or more functions of a network node 1600 as described herein.
  • the function(s) are implemented in software that is stored, e.g., in the memory 1606 and executed by the one or more processors 1604.
  • Figure 17 is a schematic block diagram that illustrates a virtualized embodiment of the network node 1600 according to some embodiments of the present disclosure. This discussion is equally applicable to radio network nodes, core network nodes, or other types of network nodes. Further, other types of network nodes may have similar virtualized architectures.
  • a“virtualized” network node is an implementation of the network node 1600 in which at least a portion of the functionality of the network node 1600 is implemented as a virtual component(s) (e.g., via a virtual machine(s) executing on a physical processing node(s) in a network(s)).
  • the network node 1600 includes the control system 1602 that includes the one or more processors 1604 (e.g., CPUs, ASICs, FPGAs, and/or the like), the memory 1606, and the network interface 1608 and the one or more radio units 1610 that each includes the one or more transmitters 1612 and the one or more receivers 1614 coupled to the one or more antennas 1616, as described above.
  • the control system 1602 is connected to the radio unit(s) 1610 via, for example, an optical cable or the like.
  • the control system 1602 is connected to one or more processing nodes 1700 coupled to or included as part of a network(s) 1702 via the network interface 1608.
  • Each processing node 1700 includes one or more processors 1704 (e.g., CPUs, ASICs, FPGAs, and/or the like), memory 1706, and a network interface 1708.
  • functions 1710 of the network node 1600 described herein are implemented at the one or more processing nodes 1700 or distributed across the control system 1602 and the one or more processing nodes 1700 in any desired manner.
  • some or all of the functions 1710 of the network node 1600 described herein are implemented as virtual components executed by one or more virtual machines implemented in a virtual environment(s) hosted by the processing node(s) 1700.
  • additional signaling or communication between the processing node(s) 1700 and the control system 1602 is used in order to carry out at least some of the desired functions 1710.
  • control system 1602 may not be included, in which case each of the radio unit(s) 1610 communicates directly with the processing node(s) 1700 via an appropriate network interface(s).
  • a computer program including instructions which, when executed by at least one processor, causes the at least one processor to carry out the functionality of network node 1600 or a node (e.g., a processing node 1700) implementing one or more of the functions 1710 of the network node 1600 in a virtual environment according to any of the embodiments described herein is provided.
  • a carrier comprising the aforementioned computer program product is provided.
  • the carrier is one of an electronic signal, an optical signal, a radio signal, or a computer readable storage medium (e.g., a non-transitory computer readable medium such as memory).
  • FIG 18 is a schematic block diagram of the network node 1600 according to some other embodiments of the present disclosure.
  • the network node 1600 includes one or more modules 1800, each of which is implemented in software.
  • the module(s) 1800 provide the functionality of the network node 1600 described herein. This discussion is equally applicable to the processing node 1700 of Figure 17 where the modules 1800 may be implemented at one of the processing nodes 1700 or distributed across multiple processing nodes 1700 and/or distributed across the processing node(s) 1700 and the control system 1602.
  • FIG 19 is a schematic block diagram of a UE 1900 according to some embodiments of the present disclosure.
  • the UE 1900 includes one or more processors 1902 (e.g., CPUs, ASICs, FPGAs, and/or the like), memory 1904, and one or more transceivers 1906 each including one or more transmitters 1908 and one or more receivers 1910 coupled to one or more antennas 1912.
  • the transceiver(s) 1906 includes radio-front end circuitry connected to the antenna(s) 1912 that is configured to condition signals communicated between the antenna(s) 1912 and the processor(s) 1902, as will be appreciated by on of ordinary skill in the art.
  • the processors 1902 are also referred to herein as processing circuitry.
  • the transceivers 1906 are also referred to herein as radio circuitry.
  • the functionality of the UE 1900 described above may be fully or partially implemented in software that is, e.g., stored in the memory 1904 and executed by the processor(s) 1902.
  • the UE 1900 may include additional components not illustrated in Figure 19 such as, e.g., one or more user interface components (e.g., an input/output interface including a display, buttons, a touch screen, a microphone, a speaker(s), and/or the like and/or any other components for allowing input of information into the UE 1900 and/or allowing output of information from the UE 1900), a power supply (e.g., a battery and associated power circuitry), etc.
  • a power supply e.g., a battery and associated power circuitry
  • a computer program including instructions which, when executed by at least one processor, causes the at least one processor to carry out the functionality of the UE 1900 according to any of the embodiments described herein is provided.
  • a carrier comprising the aforementioned computer program product is provided.
  • the carrier is one of an electronic signal, an optical signal, a radio signal, or a computer readable storage medium (e.g., a non-transitory computer readable medium such as memory).
  • Figure 20 is a schematic block diagram of the UE 1900 according to some other embodiments of the present disclosure.
  • the UE 1900 includes one or more modules 2000, each of which is implemented in software.
  • the module(s) 2000 provide the functionality of the UE 1900 described herein.
  • FIG. 21 illustrates an exemplary telecommunication network connected via an intermediate network to a host computer according to some embodiments of the present disclosure.
  • a communication system includes a telecommunication network 2100, such as a 3GPP-type cellular network, which comprises an access network 2102, such as a RAN, and a core network 2104.
  • the access network 2102 comprises a plurality of base stations 2106A, 2106B, 2106C, such as NBs, eNBs, gNBs, or other types of wireless Access Points (APs), each defining a corresponding coverage area 2108A, 2108B, 2108C.
  • base stations 2106A, 2106B, 2106C such as NBs, eNBs, gNBs, or other types of wireless Access Points (APs)
  • Each base station 2106A, 2106B, 2106C is connectable to the core network 2104 over a wired or wireless connection 21 10.
  • a first UE 21 12 located in coverage area 2108C is configured to wirelessly connect to, or be paged by, the corresponding base station 2106C.
  • a second UE 21 14 in coverage area 2108A is wirelessly connectable to the corresponding base station 2106A. While a plurality of UEs 21 12, 21 14 are illustrated in this example, the disclosed embodiments are equally applicable to a situation where a sole UE is in the coverage area or where a sole UE is connecting to the corresponding base station 2106.
  • the telecommunication network 2100 is itself connected to a host computer 2116, which may be embodied in the hardware and/or software of a standalone server, a cloud-implemented server, a distributed server, or as processing resources in a server farm.
  • the host computer 21 16 may be under the ownership or control of a service provider, or may be operated by the service provider or on behalf of the service provider.
  • Connections 2118 and 2120 between the telecommunication network 2100 and the host computer 21 16 may extend directly from the core network 2104 to the host computer 21 16 or may go via an optional intermediate network 2122.
  • the intermediate network 2122 may be one of, or a combination of more than one of, a public, private, or hosted network; the intermediate network 2122, if any, may be a backbone network or the Internet; in particular, the intermediate network 2122 may comprise two or more sub-networks (not shown).
  • the communication system of Figure 21 as a whole enables connectivity between the connected UEs 21 12, 21 14 and the host computer 21 16.
  • the connectivity may be described as an Over- the-Top (OTT) connection 2124.
  • the host computer 21 16 and the connected UEs 21 12, 21 14 are configured to communicate data and/or signaling via the OTT connection 2124, using the access network 2102, the core network 2104, any intermediate network 2122, and possible further infrastructure (not shown) as intermediaries.
  • the OTT connection 2124 may be transparent in the sense that the participating communication devices through which the OTT connection 2124 passes are unaware of routing of uplink and downlink communications.
  • the base station 2106 may not or need not be informed about the past routing of an incoming downlink communication with data originating from the host computer 21 16 to be forwarded (e.g., handed over) to a connected UE 21 12. Similarly, the base station 2106 need not be aware of the future routing of an outgoing uplink communication originating from the UE 21 12 towards the host computer 21 16.
  • Figure 22 illustrates an exemplary generalized block diagram of a host computer
  • a host computer 2202 comprises hardware 2204 including a communication interface 2206 configured to set up and maintain a wired or wireless connection with an interface of a different communication device of the communication system 2200.
  • the host computer 2202 further comprises processing circuitry 2208, which may have storage and/or processing capabilities.
  • the processing circuitry 2208 may comprise one or more programmable processors, ASICs, FPGAs, or combinations of these (not shown) adapted to execute instructions.
  • the host computer 2202 further comprises software 2210, which is stored in or accessible by the host computer 2202 and executable by the processing circuitry 2208.
  • the software 2210 includes a host application 2212.
  • the host application 2212 may be operable to provide a service to a remote user, such as a UE 2214 connecting via an OTT connection 2216 terminating at the UE 2214 and the host computer 2202. In providing the service to the remote user, the host application 2212 may provide user data which is transmitted using the OTT connection 2216.
  • the communication system 2200 further includes a base station 2218 provided in a telecommunication system and comprising hardware 2220 enabling it to communicate with the host computer 2202 and with the UE 2214.
  • the hardware 2220 may include a communication interface 2222 for setting up and maintaining a wired or wireless connection with an interface of a different communication device of the communication system 2200, as well as a radio interface 2224 for setting up and maintaining at least a wireless connection 2226 with the UE 2214 located in a coverage area (not shown in Figure 22) served by the base station 2218.
  • the communication interface 2222 may be configured to facilitate a connection 2228 to the host computer 2202.
  • connection 2228 may be direct or it may pass through a core network (not shown in Figure 22) of the telecommunication system and/or through one or more intermediate networks outside the telecommunication system.
  • the hardware 22120 of the base station 2218 further includes processing circuitry 2230, which may comprise one or more programmable processors, ASICs, FPGAs, or combinations of these (not shown) adapted to execute instructions.
  • the base station 2218 further has software 2232 stored internally or accessible via an external connection.
  • the communication system 2200 further includes the UE 2214 already referred to.
  • the UE’s 2214 hardware 2234 may include a radio interface 2236 configured to set up and maintain a wireless connection 2226 with a base station serving a coverage area in which the UE 2214 is currently located.
  • the hardware 2234 of the UE 2214 further includes processing circuitry 2238, which may comprise one or more programmable processors, ASICs, FPGAs, or combinations of these (not shown) adapted to execute instructions.
  • the UE 2214 further comprises software 2240, which is stored in or accessible by the UE 2214 and executable by the processing circuitry 2238.
  • the software 2240 includes a client application 2242.
  • the client application 2242 may be operable to provide a service to a human or non-human user via the UE 2214, with the support of the host computer 2202.
  • the executing host application 2212 may communicate with the executing client application 2242 via the OTT connection 2216 terminating at the UE 2214 and the host computer 2202.
  • the client application 2242 may receive request data from the host application 2212 and provide user data in response to the request data.
  • the OTT connection 2216 may transfer both the request data and the user data.
  • the client application 2242 may interact with the user to generate the user data that it provides.
  • the host computer 2202, the base station 2218, and the UE 2214 illustrated in Figure 22 may be similar or identical to the host computer 21 16, one of the base stations 2106A, 2106B,
  • the network infrastructure may determine the routing, which may be configured to hide from the UE 2214 or from the service provider operating the host computer 2202, or both. While the OTT connection 2216 is active, the network infrastructure may further take decisions by which it dynamically changes the routing (e.g., on the basis of load balancing consideration or reconfiguration of the network).
  • the wireless connection 226 between the UE 2214 and the base station 2218 is in accordance with the teachings of the embodiments described throughout this disclosure.
  • One or more of the various embodiments improve the performance of OTT services provided to the UE 2214 using the OTT connection 2216, in which the wireless connection 2226 forms the last segment. More precisely, the teachings of these embodiments may reduce the signaling and processing overhead of NF service discovery and access authentication and thereby provide benefits such as reduced signaling and processing latency for the NRF as well as for NF consumers and NF producers, as well as reduced processing overhead for the NRF.
  • a measurement procedure may be provided for the purpose of monitoring data rate, latency, and other factors on which the one or more embodiments improve.
  • the measurement procedure and/or the network functionality for reconfiguring the OTT connection 2216 may be implemented in the software 2210 and the hardware 2204 of the host computer 2202 or in the software 2240 and the hardware 2234 of the UE 2214, or both.
  • sensors may be deployed in or in association with communication devices through which the OTT connection 2216 passes; the sensors may participate in the measurement procedure by supplying values of the monitored quantities exemplified above, or supplying values of other physical quantities from which the software 2210, 2240 may compute or estimate the monitored quantities.
  • the reconfiguring of the OTT connection 2216 may include message format, retransmission settings, preferred routing, etc.; the reconfiguring need not affect the base station 2218, and it may be unknown or imperceptible to the base station 2218. Such procedures and functionalities may be known and practiced in the art.
  • measurements may involve proprietary UE signaling facilitating the host computer’s 2202 measurements of throughput, propagation times, latency, and the like. The measurements may be implemented in that the software 2210 and 2240 causes messages to be transmitted, in particular empty or‘dummy’ messages, using the OTT connection 2216 while it monitors propagation times, errors, etc.
  • FIG. 23 is a flowchart illustrating a method implemented in a communication system, in accordance with one embodiment.
  • the communication system includes a host computer, a base station, and a UE which may be those described with reference to Figures 21 and 22. For simplicity of the present disclosure, only drawing references to Figure 23 will be included in this section.
  • the host computer provides user data.
  • sub-step 2302 (which may be optional) of step 2300, the host computer provides the user data by executing a host application.
  • the host computer initiates a transmission carrying the user data to the UE.
  • step 2306 the base station transmits to the UE the user data which was carried in the transmission that the host computer initiated, in accordance with the teachings of the embodiments described throughout this disclosure.
  • step 2308 the UE executes a client application associated with the host application executed by the host computer.
  • FIG. 24 is a flowchart illustrating a method implemented in a communication system, in accordance with one embodiment.
  • the communication system includes a host computer, a base station, and a UE which may be those described with reference to Figures 21 and 22. For simplicity of the present disclosure, only drawing references to Figure 24 will be included in this section.
  • the host computer provides user data.
  • the host computer provides the user data by executing a host application.
  • the host computer initiates a transmission carrying the user data to the UE. The transmission may pass via the base station, in accordance with the teachings of the embodiments described throughout this disclosure.
  • step 2404 (which may be optional), the UE receives the user data carried in the transmission.
  • Figure 25 is a flowchart illustrating a method implemented in a communication system, in accordance with one embodiment.
  • the communication system includes a host computer, a base station, and a UE which may be those described with reference to Figures 21 and 22. For simplicity of the present disclosure, only drawing references to Figure 25 will be included in this section.
  • step 2500 (which may be optional) the UE receives input data provided by the host computer. Additionally or alternatively, in step 2502, the UE provides user data.
  • sub-step 2504 (which may be optional) of step 2500, the UE provides the user data by executing a client application.
  • sub-step 2506 (which may be optional) of step 2502
  • the UE executes a client application which provides the user data in reaction to the received input data provided by the host computer.
  • the executed client application may further consider user input received from the user.
  • the UE initiates, in sub-step 2508 (which may be optional), transmission of the user data to the host computer.
  • the host computer receives the user data transmitted from the UE, in accordance with the teachings of the embodiments described throughout this disclosure.
  • FIG. 26 is a flowchart illustrating a method implemented in a communication system, in accordance with one embodiment.
  • the communication system includes a host computer, a base station, and a UE which may be those described with reference to Figures 21 and 22. For simplicity of the present disclosure, only drawing references to Figure 26 will be included in this section.
  • the base station receives user data from the UE.
  • the base station initiates transmission of the received user data to the host computer.
  • step 2604 (which may be optional)
  • the host computer receives the user data carried in the transmission initiated by the base station.
  • any appropriate steps, methods, features, functions, or benefits disclosed herein may be performed through one or more functional units or modules of one or more virtual apparatuses.
  • Each virtual apparatus may comprise a number of these functional units.
  • These functional units may be implemented via processing circuitry, which may include one or more microprocessor or microcontrollers, as well as other digital hardware, which may include Digital Signal Processors (DSPs), special-purpose digital logic, and the like.
  • the processing circuitry may be configured to execute program code stored in memory, which may include one or several types of memory such as Read Only Memory (ROM), Random Access Memory (RAM), cache memory, flash memory devices, optical storage devices, etc.
  • Program code stored in memory includes program instructions for executing one or more telecommunications and/or data communications protocols as well as instructions for carrying out one or more of the techniques described herein.
  • the processing circuitry may be used to cause the respective functional unit to perform corresponding functions according one or more embodiments of the present disclosure.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

L'invention concerne des procédés et des systèmes pour optimiser la découverte d'un service de fonction réseau (NF). Selon un aspect, un procédé mis en œuvre dans un consommateur NF consiste à : envoyer, à un serveur d'autorisation, une demande combinée de découverte et d'autorisation de service pour un service NF ; et recevoir, en provenance du serveur d'autorisation, une réponse de découverte de service et une réponse d'autorisation pour le service NF. Dans certains modes de réalisation, le consommateur NF peut comprendre une fonction de gestion d'accès et de mobilité (AMF). Dans certains modes de réalisation, le serveur d'autorisation peut comprendre une fonction de référentiel réseau (NRF). Dans certains modes de réalisation, la réponse d'autorisation peut faire partie de la réponse de découverte ou elle peut être séparée de la réponse de découverte. Dans certains modes de réalisation, la réponse d'autorisation peut comprendre un ou plusieurs jetons d'accès. Dans certains modes de réalisation, la demande combinée de découverte et d'autorisation de service peut demander une découverte et une autorisation pour une pluralité de services NF.
PCT/IB2019/050077 2019-01-04 2019-01-04 Optimisation de la découverte d'un service nf WO2020141355A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/IB2019/050077 WO2020141355A1 (fr) 2019-01-04 2019-01-04 Optimisation de la découverte d'un service nf

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/IB2019/050077 WO2020141355A1 (fr) 2019-01-04 2019-01-04 Optimisation de la découverte d'un service nf

Publications (1)

Publication Number Publication Date
WO2020141355A1 true WO2020141355A1 (fr) 2020-07-09

Family

ID=65365989

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2019/050077 WO2020141355A1 (fr) 2019-01-04 2019-01-04 Optimisation de la découverte d'un service nf

Country Status (1)

Country Link
WO (1) WO2020141355A1 (fr)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113973294A (zh) * 2020-07-24 2022-01-25 中国电信股份有限公司 信令处理方法、网络仓库功能网元和通信系统
WO2022028717A1 (fr) * 2020-08-07 2022-02-10 Nokia Technologies Oy Communication basée sur des services entre des réseaux d'accès et des réseaux centraux
WO2022033478A1 (fr) * 2020-08-10 2022-02-17 Telefonaktiebolaget Lm Ericsson (Publ) Procédé et appareil de communication de sécurité
CN114760620A (zh) * 2022-04-20 2022-07-15 中国电信股份有限公司 注册号码的校验方法、装置及系统
US20220240089A1 (en) * 2019-06-15 2022-07-28 Nokia Technologies Oy Authorization for network function sets in communication system
CN115843434A (zh) * 2020-09-29 2023-03-24 Oppo广东移动通信有限公司 网元发现方法、装置、设备及存储介质
WO2023102861A1 (fr) * 2021-12-09 2023-06-15 Nokia Shanghai Bell Co., Ltd. Procédé, appareil et programme informatique
CN116325829A (zh) * 2020-10-09 2023-06-23 上海诺基亚贝尔股份有限公司 用于动态授权的机制
WO2024015403A1 (fr) * 2022-07-11 2024-01-18 Interdigital Patent Holdings, Inc. Procédés d'authentification pour dispositifs activés par sba
WO2024110951A1 (fr) * 2023-02-10 2024-05-30 Lenovo (Singapore) Pte. Ltd. Procédé d'autorisation d'une fonction d'application pour un réseau d'internet des objets personnel

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160344823A1 (en) * 2014-01-08 2016-11-24 Hewlett Packard Enterprise Development Lp Service discovery management

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160344823A1 (en) * 2014-01-08 2016-11-24 Hewlett Packard Enterprise Development Lp Service discovery management

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
"3 rd Generation Partnership Project; Technical Specification Group Services and System Aspects; Security architecture and procedures for 5G system (Release 15)", no. ; 20181201, 26 December 2018 (2018-12-26), XP051686846, Retrieved from the Internet <URL:http://www.3gpp.org/ftp/3guInternal/3GPP%5Fultimate%5Fversions%5Fto%5Fbe%5Ftransposed/sentToDpc/33501%2Df31%2Ezip> [retrieved on 20181226] *
"Procedures for the 5G System; Stage 2 (Release 15)", 3GPP STANDARD; TECHNICAL SPECIFICATION; 3GPP TS 23.502, vol. SA WG2, no. V15.4.0, 18 December 2018 (2018-12-18), pages 1 - 346, XP051591142 *
CHINA MOBILE: "Living Document: Security of Service Based Architecture of 5G phase 1", vol. SA WG3, no. La Jolla (US); 20180521 - 20180525, 25 May 2018 (2018-05-25), XP051502434, Retrieved from the Internet <URL:http://www.3gpp.org/ftp/tsg%5Fsa/WG3%5FSecurity/TSGS3%5F91Bis%5FLaJolla/Docs/S3%2D181945%2Ezip> *

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20220240089A1 (en) * 2019-06-15 2022-07-28 Nokia Technologies Oy Authorization for network function sets in communication system
CN113973294A (zh) * 2020-07-24 2022-01-25 中国电信股份有限公司 信令处理方法、网络仓库功能网元和通信系统
CN113973294B (zh) * 2020-07-24 2023-11-21 中国电信股份有限公司 信令处理方法、网络仓库功能网元和通信系统
WO2022028717A1 (fr) * 2020-08-07 2022-02-10 Nokia Technologies Oy Communication basée sur des services entre des réseaux d'accès et des réseaux centraux
WO2022033478A1 (fr) * 2020-08-10 2022-02-17 Telefonaktiebolaget Lm Ericsson (Publ) Procédé et appareil de communication de sécurité
CN115843434A (zh) * 2020-09-29 2023-03-24 Oppo广东移动通信有限公司 网元发现方法、装置、设备及存储介质
CN116325829A (zh) * 2020-10-09 2023-06-23 上海诺基亚贝尔股份有限公司 用于动态授权的机制
WO2023102861A1 (fr) * 2021-12-09 2023-06-15 Nokia Shanghai Bell Co., Ltd. Procédé, appareil et programme informatique
CN114760620A (zh) * 2022-04-20 2022-07-15 中国电信股份有限公司 注册号码的校验方法、装置及系统
WO2024015403A1 (fr) * 2022-07-11 2024-01-18 Interdigital Patent Holdings, Inc. Procédés d'authentification pour dispositifs activés par sba
WO2024110951A1 (fr) * 2023-02-10 2024-05-30 Lenovo (Singapore) Pte. Ltd. Procédé d'autorisation d'une fonction d'application pour un réseau d'internet des objets personnel

Similar Documents

Publication Publication Date Title
EP3906647B1 (fr) Autorisation flexible dans un réseau central basé sur un service 5g
WO2020141355A1 (fr) Optimisation de la découverte d&#39;un service nf
US11659481B2 (en) Methods and systems for UE to request appropriate NSSAI in 5G
US20210258842A1 (en) METHODS AND SYSTEMS FOR ONLINE SERVICES APPS, BROWSERS, OR EXTERNAL DEVICES TO REQUEST UE HANDOVER VIA MODEM APIs
US20190289666A1 (en) Selection of ip version
WO2022159725A1 (fr) Gestion d&#39;identités fédérée dans un système de cinquième génération (5g)
WO2019010702A1 (fr) Gestion d&#39;orientation, de commutation et de division de trafic d&#39;accès
JP2022535933A (ja) マルチユーザモバイル端末のためのサービス配信を実行するための装置、システム、方法、およびコンピュータ可読媒体
WO2021094349A1 (fr) Autorisation de services en plusieurs étapes pour la communication indirecte dans un système de communication
WO2020217224A1 (fr) Comportement amf et scp dans la découverte déléguée de pcf
US20230132454A1 (en) Method and apparatus for supporting edge computing service for roaming ue in wireless communication system
WO2021064714A1 (fr) Prise en charge de tranchage de réseau pour sms
EP4173328A1 (fr) Détermination d&#39;une tranche de réseau par défaut
US20240196316A1 (en) Systems and methods for inhomogeneous slice support
US20220247623A1 (en) Network node and method performed therein for handling communication in a wireless communication network
US20220303833A1 (en) Relation indication for multi-sim devices
US20220311871A1 (en) UE Provisioning and Charging for Sidelink Group Communication
WO2022179367A1 (fr) Nouveau procédé de fourniture de paramètres externes pour une session af
US20230071815A1 (en) Path section between uu and pc5
WO2020201207A1 (fr) Informations système pour un accès filaire
EP4376461A1 (fr) Procédé et dispositif pour faire fonctionner un terminal dans un système de communication sans fil
US11956236B2 (en) System and method for tracking privacy policy in access networks
US20240080651A1 (en) Rvas network function for hplmn
WO2024078313A1 (fr) Procédé d&#39;authentification et d&#39;autorisation et appareil de communication
WO2023186902A1 (fr) Réseau de courtiers pour services localisés

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19704677

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19704677

Country of ref document: EP

Kind code of ref document: A1