WO2022021155A1 - Method and apparatus for managing access control information - Google Patents

Method and apparatus for managing access control information Download PDF

Info

Publication number
WO2022021155A1
WO2022021155A1 PCT/CN2020/105581 CN2020105581W WO2022021155A1 WO 2022021155 A1 WO2022021155 A1 WO 2022021155A1 CN 2020105581 W CN2020105581 W CN 2020105581W WO 2022021155 A1 WO2022021155 A1 WO 2022021155A1
Authority
WO
WIPO (PCT)
Prior art keywords
control information
access control
updated access
updated
information
Prior art date
Application number
PCT/CN2020/105581
Other languages
French (fr)
Inventor
Jianning Liu
Genadi Velev
Tingfang Tang
Original Assignee
Lenovo (Beijing) Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Lenovo (Beijing) Limited filed Critical Lenovo (Beijing) Limited
Priority to PCT/CN2020/105581 priority Critical patent/WO2022021155A1/en
Publication of WO2022021155A1 publication Critical patent/WO2022021155A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W48/00Access restriction; Network selection; Access point selection
    • H04W48/16Discovering, processing access restriction or access information

Definitions

  • Embodiments of the present application generally relate to a wireless communication technology, and especially to a method and apparatus for managing access control information for a user equipment (UE) by home standalone non-public network (SNPN) of the UE.
  • UE user equipment
  • SNPN home standalone non-public network
  • a private 5G network is also termed a non-public network (NPN) .
  • NPN non-public network
  • the 5G private network provides 5G network services to a clearly defined user organization or group of user organizations.
  • the 5G private network is deployed on the organization’s defined premises, such as a campus or a factory.
  • 3GPP 3 rd generation partnership project
  • a SNPN which does not rely on a public land mobile network (PLMN) and is operated by a SNPN operator
  • PLMN public land mobile network
  • a public network integrated NPN which is a nonpublic network deployed with the support of a PLMN network.
  • the serving SNPN operators may decide to restrict access attempt (s) from some UEs (e.g., in the case that a congestion happens) , by using relevant barring parameters that vary depending on an access identity and an access category.
  • access identities are pre-configured by home network or home SNPN.
  • Access categories are pre-configured by home network or home SNPN, or dynamically updated by a serving network (e.g., operator defined access categories) .
  • Embodiments of the present application provide a method and apparatus for managing access control information for a UE by home SNPN of the UE.
  • An embodiment of the present application provides a method performed by a data management entity.
  • the method may include: receiving a notification of changes for access control information regarding a specific network; determining to update a user equipment (UE) by utilizing an updated access control information based on the notification; and transmitting the updated access control information to the UE.
  • UE user equipment
  • determining to update the UE by utilizing the updated access control information may include: determining whether to request an acknowledgement from the UE for successful reception of the updated access control information, wherein the updated access control information comprises a first indication information indicating whether to request the acknowledgement from the UE for successful reception of the updated access control information.
  • the notification may include at least one of access identities regarding the specific network.
  • the notification comprises at least one of access identities and at least one of access categories regarding the specific network.
  • receiving the notification of changes for access control information regarding the specific network may include: receiving a second indication information for indicating changes for the access control information from a mobility management function (AMF) entity; and retrieving the updated access control information from a unified data repository (UDR) entity.
  • AMF mobility management function
  • UDR unified data repository
  • the updated access control information may further include: at least one of access identities regarding the specific network.
  • the updated access control information may further include: a list of standalone non-public network (SNPN) identities; and at least one of access identities for each SNPN.
  • the updated access control information may further include: a third indication information indicating there is no updated information provided.
  • the updated access control information may further include: at least one of access categories.
  • transmitting the updated access control information to the UE may include: transmitting the updated access control information to the UE during a registration procedure.
  • the updated access control information may be transmitted in an enhanced steering of roaming information during the registration procedure.
  • transmitting the updated access control information to the UE may include: transmitting the updated access control information to the UE in an enhanced steering of roaming information after a registration procedure.
  • transmitting the updated access control information to the UE may include: transmitting the updated access control information to the UE during a parameters update procedure after a registration procedure.
  • the method may include: receiving an updated access control information, wherein the updated access control information may include: at least one of access identities regarding a specific network; and a first indication information indicating whether to request an acknowledgement from the UE for successful reception of the updated access control information.
  • the updated access control information may further include: a list of standalone non-public network (SNPN) identities, and the at least one of access identities is at least one of access identities for each SNPN.
  • the updated access control information may further include: at least one of access categories
  • the method may further include: transmitting an acknowledgement upon successful reception of the updated access control information according to the first indication information.
  • receiving the updated access control information may include: receiving the updated access control information during a registration procedure.
  • the updated access control information is received in an enhanced steering of roaming information during the registration procedure.
  • receiving the updated access control information may include: receiving the updated access control information in an enhanced steering of roaming information after a registration procedure.
  • the method may further include: performing a network re-selection based on the updated access control information and if the UE is in idle mode.
  • receiving the updated access control information during a parameters update procedure after a registration procedure In another embodiment of the present application, receiving the updated access control information during a parameters update procedure after a registration procedure.
  • the method may further include: performing a re-registration if it is requested by a data management entity.
  • the apparatus may include at least one non-transitory computer-readable medium having computer executable instructions stored therein; at least one receiver; at least one transmitter; and at least one processor coupled to the at least one non-transitory computer-readable medium, the at least one receiver and the at least one transmitter.
  • the computer executable instructions are programmed to implement the above method with the at least one receiver, the at least one transmitter and the at least one processor.
  • the home SNPN can steer the UE′s access behaviors based on the access identity (s) and/or access category (s) provided by the home SNPN when the UE moves to a visited SNPN.
  • FIG. 1 is a flow chart illustrating a method for a home SNPN to manage the access control information for a UE according to an embodiment of the present application
  • FIG. 2 is a flow chart illustrating a method for a home SNPN to manage the access control information for a UE according to another embodiment of the present application;
  • FIG. 3 is a flow chart illustrating a method for a home SNPN to manage the access control information for a UE according to yet another embodiment of the present application
  • FIG. 4 illustrates an apparatus according to some embodiments of the present application.
  • FIG. 5 illustrates an apparatus according to some other embodiments of the present application.
  • the serving SNPN operators may decide to restrict access attempt (s) from some UEs by using relevant barring parameters that vary depending on the pre-configured access identity and the pre-configured access category.
  • relevant barring parameters that vary depending on the pre-configured access identity and the pre-configured access category.
  • the home SNPN to control the UE’s behavior, for example, by using dynamical access identities per visited SNPN when performing access control.
  • an enhanced steering of roaming (eSoR) information is defined.
  • the eSoR information may include the necessary information for supporting the roaming case of a UE.
  • the access control information may be included in the eSoR information.
  • the eSoR information may include:
  • FIG. 1 is a flow chart illustrating a method for a home SNPN to manage the access control information for a UE according to an embodiment of the present application.
  • the access control information is included in the eSoR information during a registration procedure.
  • the method is performed among a UE, a (radio) access network (R) AN, a new access and mobility management function (AMF) , an old AMF, a policy control function (PCF) , a session management function (SMF) , an authentication server function (AUSF) , and a unified data management (UDM) .
  • R radio access network
  • AMF new access and mobility management function
  • PCF policy control function
  • SMF session management function
  • AUSF authentication server function
  • UDM unified data management
  • the UE may include a computing device, such as a desktop computer, a laptop computer, a personal digital assistant (PDA) , a tablet computer, a smart television (e.g., television connected to the Internet) , a set-top box, a game console, a security system (including a security camera) , a vehicle on-board computer, a network device (e.g., a router, a switch, and a modem) , or the like.
  • a computing device such as a desktop computer, a laptop computer, a personal digital assistant (PDA) , a tablet computer, a smart television (e.g., television connected to the Internet) , a set-top box, a game console, a security system (including a security camera) , a vehicle on-board computer, a network device (e.g., a router, a switch, and a modem) , or the like.
  • the UE may include a portable wireless communication device, a smart phone, a cellular telephone, a flip phone, a device having a subscriber identity module, a personal computer, a selective call receiver, or any other device that is capable of sending and receiving communication signals on a wireless network.
  • the UE may include a wearable device, such as a smart watch, a fitness band, an optical head-mounted display, or the like.
  • the UE may be referred to as a subscriber unit, a mobile phone, a mobile station, a user, a terminal, a mobile terminal, a wireless terminal, a fixed terminal, a subscriber station, a user terminal, or any device described using other terminology used in the art.
  • the (R) AN may be configured to provide a network access service for the UE.
  • the (R) AN may also be referred to as access network (AN) entity, an access point, an access terminal, a base, a macro cell, a Node-B, an enhanced Node B (eNB) , a gNB, a home Node-B, a relay node, or any device described using other terminology used in the art.
  • AN access network
  • the AMF, the PCF, the SMF, the AUSF, and the UDM are network function entities of a 5G core network.
  • the AMF is a network function entity used for receiving all the connection and session information from a UE or the AN, and handling connection and mobility management tasks.
  • the PCF is a network function entity used for supporting unified policy framework to govern network behavior, providing policy rules for control plane functions, which includes network slicing, roaming and mobility management, and accessing subscription information relevant for policy decisions in a unified data repository (UDR) .
  • the SMF is a network function entity used for interacting with the decoupled data plane, creating, updating and removing PDU sessions and managing session context with user plane function (UPF) .
  • the AUSF is a network function entity used for authentication.
  • the UDM is a network function entity used for managing network user data in a single, centralized element.
  • the UDR is a converged repository of subscriber information and can be used to service a number of network functions.
  • step 101 the UE transmits a registration request to the (R) AN.
  • step 102 the (R) AN performs an AMF selection based on the received registration request. And then in step 103, the (R) AN transmits the registration request to the new AMF. If the registration type in the registration request indicates this procedure is periodic registration update, the following steps 104-119 will not be performed.
  • step 104 the new AMF transmits Namf_Communication_UEContextTransfer to the old AMF. If the new AMF has received the UE context during a handover procedure from the old AMF, the steps 104, 105 and 110 will not be performed.
  • step 105 the old AMF transmits Namf_Communication_UEContextTransfer response to the new AMF as a response to the Namf_Communication_UEContextTransfer.
  • step 106 if the subscription concealed identifier (SUCI) is not provided by the UE nor retrieved from the old AMF, the new AMF transmits an identity request message to the UE requesting the SUCI. As a response to the identity request, in step 107, the UE transmits an identity response including the SUCI to the new AMF.
  • SUCI subscription concealed identifier
  • step 108 the new AMF performs an AUSF selection based on the subscription permanent identifier (SUPI) or the SUCI.
  • SUPI subscription permanent identifier
  • step 109 the AUSF performs authentication for the UE.
  • the new AMF transmits Namf_Communication_RegistrationCompleteNotify to the old AMF. For example, if the AMF has changed, the new AMF notifies the old AMF that the registration of the UE in the new AMF is completed by invoking the Namf_Communication_RegistrationCompleteNotify service operation.
  • an identity request or an identity response is transmitted between the new AMF and the UE.
  • the identity request procedure is initiated by the new AMF sending an identity request message to the UE to retrieve the PEI.
  • the PEI shall be transferred encrypted unless the UE performs emergency registration and cannot be authenticated.
  • the new AMF initiates mobile equipment (ME) identity check by invoking the N5g-eir_EquipmentIdentityCheck_Get service operation.
  • ME mobile equipment
  • step 113 the new AMF selects a UDM based on the SUPI, and then the UDM may select a UDR instance.
  • step 114a if the AMF has changed since the last registration procedure, or if the UE provides a SUPI which doesn′t refer to a valid context in the AMF, or if the UE registers to the same AMF it has already registered to a non-3GPP access (i.e. the UE is registered over a non-3GPP access and initiates this registration procedure to add a 3GPP access) , the new AMF registers with the UDM using Nudm_UECM_Registration for the access to be registered.
  • the UDM determines whether the eSoR including the access control information for the UE needs to be updated. In an embodiment, the UDM determines the eSoR needs to be updated based on a request from the AMF. For example, the UDM may receive indication information for indicating changes for the access control information from the AMF, and then retrieves the updated access control information from the UDR.
  • the UDM determines the eSoR needs to be updated based on a notification of the change of the eSoR (that is, the changes of the access control information) from the UDR.
  • the notification may include at least one of access identities regarding the specific network.
  • the notification may include at least one of access identities and at least one of access categories regarding the specific network.
  • the specific network may be the one or more SNPNs which the UE is visiting or will visit.
  • the UDM transmit the eSoR including the updated access control information to the new AMF by using a Nudm_SDM_Get message.
  • the updated access control information may include a list of SNPN identities for which the access control information for the UE needs to be updated, and at least one of access identities for each SNPN.
  • the updated access control information may further include at least one of access categories for each SNPN.
  • the UDM may further determine whether to request an acknowledgement from the UE for successful reception of the updated access control information.
  • the UDM may further transmit indication information indicating whether to request the acknowledgement from the UE for successful reception of the updated access control information to the new AMF, by using the Nudm_SDM_Get message.
  • the UDM may transmit indication information indicating there is no updated information provided in the eSoR to the new AMF, by using the Nudm_SDM_Get message.
  • the new AMF transmits Nudm_SDM_Subscribe to the UDM.
  • the new AMF subscribes to be notified using Nudm_SDM_Subscribe when the data requested is modified, the UDM may subscribe to the UDR by Nudr_DM_Subscribe.
  • step 114d when the UDM stores the associated Access Type (e.g. 3GPP) together with the serving AMF as indicated in step 114a, it will cause the UDM to initiate a Nudm_UECM_DeregistrationNotification to the old AMF corresponding to the same (e.g. 3GPP) access, if one exists.
  • the UDM stores the associated Access Type (e.g. 3GPP) together with the serving AMF as indicated in step 114a
  • it will cause the UDM to initiate a Nudm_UECM_DeregistrationNotification to the old AMF corresponding to the same (e.g. 3GPP) access, if one exists.
  • step 114e if the old AMF does not have UE context for another access type (i.e. non-3GPP access) , the old AMF unsubscribes with the UDM for subscription data using a Nudm_SDM_unsubscribe message.
  • step 115 if the AMF decides to initiate PCF communication, the AMF performs a PCF selection.
  • step 116 the new AMF performs an AM Policy Association Establishment/Modification.
  • step 117 the new AMF transmits Nsmf_PDUSession_UpdateSMContext or Nsmf_PDUSession_ReleaseSMContext to the SMF.
  • step 118 the new AMF transmits a UE Context Modification Request to N3IWF/TNGF/W-AGF, and in step 119, N3IWF/TNGF/W-AGF transmits a UE Context Modification Response to the new AMF.
  • step 119a the new AMF registers with the UDM using Nudm_UECM_Registration with the Access Type set to ′′non-3GPP access′′ .
  • step 119b when the UDM stores the associated Access Type (i.e. non-3GPP) together with the serving AMF, it will cause the UDM to initiate a Nudm_UECM_DeregistrationNotification to the old AMF corresponding to the same (i.e. non-3GPP) access.
  • the old AMF removes the UE context for non-3GPP access.
  • step 119c the Old AMF unsubscribes with the UDM for subscription data using Nudm_SDM_unsubscribe.
  • step 120 the new AMF transmits a registration accept message having the eSoR.
  • the eSoR was received in step 114b from the UDM.
  • step 121 the new AMF performs a UE policy association establishment.
  • step 122 when the UE successfully receives the eSoR informaiton and finds that there is an indication informaiton in the eSoR informaiton indicating that an acknowledgement needs to be tranmitted to the UDM for successful reception of the updated access control information in the eSoR information, the UE tranmits an acknowledgement to the new AMF. In particular, the UE transmits the acknowledgement to the new AMF by a registration complete message. In another embodiment, if the indication informaiton in the eSoR indicating that an acknowledgement does not need to be tranmitted to the UDM for successful reception of the updated access control information, the UE does not need to transmit the acknowledgement.
  • step 123 if there is an indication informaiton in the eSoR indicating that an acknowledgement needs to be tranmitted to the UDM for successful reception of the updated access control information (eSoR) , the new AMF provides the UE acknowledgement to UDM by using Nudm_SDM_Info.
  • step 123a for Registration over 3GPP access, if the AMF does not release the signalling connection, the AMF sends the RRC inactive assistance information to the (R) AN.
  • step 124 after the step 114a, and in parallel to any of the preceding steps, the AMF shall send a ′′Homogeneous Support of IMS Voice over PS Sessions′′ indication to the UDM using Nudm_UECM_Update.
  • step 125a after successfully receiving the eSoR informaiton, the UE updates the local access control information with the updated access control information in the eSoR information. Furthermore, the UE may initiate to perform a network re-selection depending on the information in the eSoR and other necessary conditions, e.g., if the UE is in idle mode.
  • step 125 the UE, the (R) AN, and the new AMF perform network slice-specific authentication and authorization.
  • steps 101-114a, steps 114c-119c, step 121, steps 123a, 124 and 125 are described briefly. It should be understood that steps 101-114a are the same steps as steps 1-14a in Figure 4.2.2.2.2-1 (Registration procedure) in section 4.2.2.2.2 in 3GPP 23.502, steps 114c-119c are the same steps as steps 14c-19c in Figure 4.2.2.2.2-1 (Registration procedure) in section 4.2.2.2.2 in 3GPP 23.502, step 121 is the same step as step 21b in Figure 4.2.2.2.2-1 (Registration procedure) in section 4.2.2.2.2 in 3GPP 23.502, steps 123a and 124 are the same steps as steps 23a and 24 in Figure 4.2.2.2.2-1 (Registration procedure) in section 4.2.2.2.2 in 3GPP 23.502, and step 125 is the same step as step 25 in Figure 4.2.2.2.2-1 (Registration procedure) in section 4.2.2.2.2 in 3GPP 23.502. Regarding more details regarding these
  • FIG. 2 is a flow chart illustrating a method for a home SNPN to manage the access control information for a UE according to another embodiment of the present application.
  • the access control information is included in the eSoR information as above disccused after a registration procedure.
  • the method is performed among a UE, an AMF and a UDM.
  • the UDM can use Nudm_SDM_Notification service operation to update the access control information stored in the UE via the AMF.
  • the UDM may include an indication for the UE to send an acknowledgement of the reception of this information.
  • the AMF may provide the acknowledgement sent from the UE to the UDM using the Nudm_SDM_Info service operation.
  • the UDM determines whether the eSoR information including the access control information for the UE needs to be updated, for example, based on a notification of the changes of the eSoR information (that is, the changes of the access control information) from a UDR.
  • the notification may include at least one of access identities regarding the specific network.
  • the notification may include at least one of access identities and at least one of access categories regarding the specific network.
  • the specific network may be one or more SNPNs which the UE is visiting or will visit.
  • the UDM notifies the changes of the user profile (that is, the updated accecc control informaiton for the UE) to the AMF by invoking the Nudm_SDM_Notification service operation, and the Nudm_SDM_Notification message contains the eSoR information including the updated access control information.
  • the updated access control information needs to be delivery transparently to the UE over non-access stratum (NAS) signalling within the access and mobility subscription data.
  • the updated access control information may include a list of SNPN identities for which the access control information for the UE needs to be updated, and at least one of access identities for each SNPN.
  • the updated access control information may further include at least one of access categories for each SNPN.
  • the UDM may further determine whether to request an acknowledgement from the UE for successful reception of the updated access control information.
  • the UDM may further transmit indication information indicating whether to request the acknowledgement from the UE for successful reception of the updated access control information to the AMF, by using the Nudm_SDM_Notification message.
  • the UDM may transmit indication information indicating there is no updated information provided in the eSoR inforamtion to the AMF.
  • step 202 the AMF transmits the eSoR inforamtion received from the UDM to the served UE by a DL NAS TRANSPORT message.
  • step 203 upon receiving the eSoR information, the UE firstly performs a security check on the eSoR information. If the security check on the eSoR information is successful, the UE updates the local access control information with the updated access control information in the eSoR information. And then the UE may initiate to perform the network re-selection depending on the updated access control information in the eSoR information and other necessary conditions, e.g., if the UE is in idle mode.
  • step 204 when the UE successfully receives the eSoR informaiton and finds that there is indication informaiton in the eSoR informaiton indicating that an acknowledgement needs to be tranmitted to the UDM for successful reception of the updated access control information in the eSoR information, and then the UE tranmits an acknowledgement to the AMF by a DL NAS TRANSPORT message.
  • step 205 the AMF trasnmits an acknowledgement to the UDM by a Nudm_SDM_Info message.
  • the UE does not need to transmit the acknowledgement. That is, the steps 204 and 205 are skipped. In another embodiment, if there is no such indication informaiton received in the UE, the steps 204 and 205 are skipped.
  • FIG. 3 is a flow chart illustrating a method for a home SNPN to manage the access control information for a UE according to yet another embodiment of the present application.
  • the access control information is tranmitted during a UE parameters update procedure via a control plane after a registration procedure.
  • the method is performed among a UE, an AMF and a UDM.
  • the UE parameters update procedure via a control plane is to allow the home SPNP to update the UE with a specific set of parameters (e.g., the updated access control information in this embodiemnt) generated and stored in the UDM, by delivering protected UDM update data via NAS signalling.
  • the home SNPN may update such parameters based on the local policy and/or the operator policies.
  • the UDM determines whether the access control information for the UE in the serving SNPN needs to be updated, for example, based on a notification of the changes of the access control information from a UDR.
  • the notification may include at least one of access identities regarding a specific network (such as, the serving SNPN) .
  • the notification may include at least one of access identities and at least one of access categories regarding the specific network (such as, the serving SNPN) .
  • the UDM notifies the changes of the accecc control informaiton for the serving SNPN to the AMF by invoking the Nudm_SDM_Notification service operation, and the Nudm_SDM_Notification message contains the updated access control information.
  • the updated access control information needs to be delivered transparently to the UE over NAS signalling within the access and mobility subscription data.
  • the updated access control information may include at least one of access identities for the serving SNPN.
  • the updated access control information may include at least one of access identities and at least one of access categories for the serving SNPN.
  • the UDM may further determine whether to request an acknowledgement from the UE for successful reception of the updated access control information.
  • the UDM may further transmit indication information indicating whether to request the acknowledgement from the UE for successful reception of the updated access control information to the AMF, by using the Nudm_SDM_Notification message.
  • step 302 the AMF transmits the updated access control information received from the UDM to the served UE by a DL NAS TRANSPORT message.
  • the UE After receiving the updated access control information, the UE updates the local access control information with the updated access control information.
  • step 303 when the UE successfully receives the updated access control information and finds that there is indication informaiton indicating that an acknowledgement needs to be tranmitted to the UDM for successful reception of the updated access control information, and then the UE tranmits an acknowledgement to the AMF by a DL NAS TRANSPORT message.
  • step 304 the AMF trasnmits an acknowledgement to the UDM by a Nudm_SDM_Info message.
  • the UE does not need to transmit the acknowledgement. That is, the steps 304 and 304 are skipped. In another embodiment, if there is no such indication informaiton received in the UE, the steps 204 and 205 are skipped.
  • the UE may initiate re-registration if it is requested by the UDM.
  • the home SNPN it is possible for the home SNPN to steer the UE′s access behaviors based on the access identity (s) and/or access category (s) provided by the home SNPN when the UE moves to a visited SNPN.
  • FIG. 4 illustrates an apparatus according to some embodiments of the present application.
  • the apparatus 400 may be the UDM illustrated in the above embodiments of the present application.
  • the apparatus 400 may include a receiver 401, a transmitter 403, a processer 405, and a non-transitory computer-readable medium 407.
  • the non-transitory computer-readable medium 407 has computer executable instructions stored therein.
  • the processer 405 is configured to be coupled to the non-transitory computer readable medium 407, the receiver 401, and the transmitter 403. It is contemplated that the apparatus 400 may include more computer-readable mediums, receiver, transmitter and processors in some other embodiments of the present application according to practical requirements.
  • the receiver 401 and the transmitter 403 are integrated into a single device, such as a transceiver.
  • the apparatus 400 may further include an input device, a memory, and/or other components.
  • the non-transitory computer-readable medium 407 may have stored thereon computer-executable instructions to cause a processor to implement the processes performed by the UE in the above methods according to embodiments of the present application.
  • FIG. 5 illustrates an apparatus according to some other embodiments of the present application.
  • the apparatus 500 may be the UE illustrated in the above embodiments of the present application.
  • the apparatus 500 may include a receiver 501, a transmitter 503, a processer 505, and a non-transitory computer-readable medium 507.
  • the non-transitory computer-readable medium 507 has computer executable instructions stored therein.
  • the processer 505 is configured to be coupled to the non-transitory computer readable medium 507, the receiver 501, and the transmitter 503. It is contemplated that the apparatus 500 may include more computer-readable mediums, receiver, transmitter and processors in some other embodiments of the present application according to practical requirements.
  • the receiver 501 and the transmitter 503 are integrated into a single device, such as a transceiver.
  • the apparatus 500 may further include an input device, a memory, and/or other components.
  • the non-transitory computer-readable medium 507 may have stored thereon computer-executable instructions to cause a processor to implement the processes performed by the AMF in the above methods according to embodiments of the present application.
  • a software module may reside in RAM memory, flash memory, ROM memory, EPROM memory, EEPROM memory, registers, a hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
  • the steps of a method may reside as one or any combination or set of codes and/or instructions on a non-transitory computer-readable medium, which may be incorporated into a computer program product.
  • the terms ′′comprises, ′′ ′′comprising, ′′ or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus.
  • An element proceeded by ′′a, ′′ ′′an, ′′ or the like does not, without more constraints, preclude the existence of additional identical elements in the process, method, article, or apparatus that comprises the element.
  • the term ′′another′′ is defined as at least a second or more.
  • the terms ′′including, ′′ ′′having, ′′ and the like, as used herein, are defined as ′′comprising. ′′

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Embodiments of the present application are directed to a method and apparatus for managing access control information. A method performed by a data management entity is provided. The method may include: receiving a notification of changes for access control information regarding a specific network; determining to update a UE by utilizing an updated access control information based on the notification; and transmitting the updated access control information to the UE.

Description

METHOD AND APPARATUS FOR MANAGING ACCESS CONTROL INFORMATION TECHNICAL FIELD
Embodiments of the present application generally relate to a wireless communication technology, and especially to a method and apparatus for managing access control information for a user equipment (UE) by home standalone non-public network (SNPN) of the UE.
BACKGROUND
A private 5G network is also termed a non-public network (NPN) . In contrast to a network that offers mobile network services to the general public, the 5G private network provides 5G network services to a clearly defined user organization or group of user organizations. The 5G private network is deployed on the organization’s defined premises, such as a campus or a factory. According to 3 rd generation partnership project (3GPP) TS 23. 501, there are two types of 5G private network: a SNPN, which does not rely on a public land mobile network (PLMN) and is operated by a SNPN operator; and a public network integrated NPN, which is a nonpublic network deployed with the support of a PLMN network.
Due to problems in certain areas, the serving SNPN operators may decide to restrict access attempt (s) from some UEs (e.g., in the case that a congestion happens) , by using relevant barring parameters that vary depending on an access identity and an access category. In general, access identities are pre-configured by home network or home SNPN. Access categories are pre-configured by home network or home SNPN, or dynamically updated by a serving network (e.g., operator defined access categories) .
SUMMARY OF THE APPLICATION
Embodiments of the present application provide a method and apparatus for managing access control information for a UE by home SNPN of the UE.
An embodiment of the present application provides a method performed by a data management entity. The method may include: receiving a notification of changes for access control information regarding a specific network; determining to update a user equipment (UE) by utilizing an updated access control information based on the notification; and transmitting the updated access control information to the UE.
In an embodiment of the present application, determining to update the UE by utilizing the updated access control information may include: determining whether to request an acknowledgement from the UE for successful reception of the updated access control information, wherein the updated access control information comprises a first indication information indicating whether to request the acknowledgement from the UE for successful reception of the updated access control information.
In an embodiment of the present application, the notification may include at least one of access identities regarding the specific network. In another embodiment of the present application, the notification comprises at least one of access identities and at least one of access categories regarding the specific network. In yet another embodiment of the present application, receiving the notification of changes for access control information regarding the specific network may include: receiving a second indication information for indicating changes for the access control information from a mobility management function (AMF) entity; and retrieving the updated access control information from a unified data repository (UDR) entity.
In an embodiment of the present application, the updated access control information may further include: at least one of access identities regarding the specific network. In another embodiment of the present application, the updated access control information may further include: a list of standalone non-public network (SNPN) identities; and at least one of access identities for each SNPN. In yet another embodiment of the present application, the updated access control information may further include: a third indication information indicating there is no updated information provided. In yet another embodiment of the present application,  the updated access control information may further include: at least one of access categories.
In an embodiment of the present application, transmitting the updated access control information to the UE may include: transmitting the updated access control information to the UE during a registration procedure. The updated access control information may be transmitted in an enhanced steering of roaming information during the registration procedure.
In another embodiment of the present application, transmitting the updated access control information to the UE may include: transmitting the updated access control information to the UE in an enhanced steering of roaming information after a registration procedure.
In another embodiment of the present application, transmitting the updated access control information to the UE may include: transmitting the updated access control information to the UE during a parameters update procedure after a registration procedure.
Another embodiment of the present application provides a method performed by a UE. The method may include: receiving an updated access control information, wherein the updated access control information may include: at least one of access identities regarding a specific network; and a first indication information indicating whether to request an acknowledgement from the UE for successful reception of the updated access control information.
In an embodiment of the present application, the updated access control information may further include: a list of standalone non-public network (SNPN) identities, and the at least one of access identities is at least one of access identities for each SNPN. The updated access control information may further include: at least one of access categories
In an embodiment of the present application, the method may further include: transmitting an acknowledgement upon successful reception of the updated access control information according to the first indication information.
In an embodiment of the present application, receiving the updated access control information may include: receiving the updated access control information during a registration procedure. In an example, the updated access control information is received in an enhanced steering of roaming information during the registration procedure.
In another embodiment of the present application, receiving the updated access control information may include: receiving the updated access control information in an enhanced steering of roaming information after a registration procedure.
In an embodiment of the present application, the method may further include: performing a network re-selection based on the updated access control information and if the UE is in idle mode.
In another embodiment of the present application, receiving the updated access control information during a parameters update procedure after a registration procedure.
In another embodiment of the present application, the method may further include: performing a re-registration if it is requested by a data management entity.
Another embodiment of the present application provides an apparatus. The apparatus may include at least one non-transitory computer-readable medium having computer executable instructions stored therein; at least one receiver; at least one transmitter; and at least one processor coupled to the at least one non-transitory computer-readable medium, the at least one receiver and the at least one transmitter. The computer executable instructions are programmed to implement the above method with the at least one receiver, the at least one transmitter and the at least one processor.
Through the embodiments of the present application, it is possible for the home SNPN to steer the UE′s access behaviors based on the access identity (s) and/or access category (s) provided by the home SNPN when the UE moves to a visited SNPN.
BRIEF DESCRIPTION OF THE DRAWINGS
In order to describe the manner in which advantages and features of the application can be obtained, a description of the application is rendered by reference to specific embodiments thereof, which are illustrated in the appended drawings. These drawings depict only example embodiments of the application and are not therefore to be considered limiting of its scope.
FIG. 1 is a flow chart illustrating a method for a home SNPN to manage the access control information for a UE according to an embodiment of the present application;
FIG. 2 is a flow chart illustrating a method for a home SNPN to manage the access control information for a UE according to another embodiment of the present application;
FIG. 3 is a flow chart illustrating a method for a home SNPN to manage the access control information for a UE according to yet another embodiment of the present application;
FIG. 4 illustrates an apparatus according to some embodiments of the present application; and 
FIG. 5 illustrates an apparatus according to some other embodiments of the present application.
DETAILED DESCRIPTION
The detailed description of the appended drawings is intended as a description of preferred embodiments of the present application and is not intended to represent the only form in which the present application may be practiced. It should be understood that the same or equivalent functions may be accomplished by different embodiments that are intended to be encompassed within the spirit and scope of the present application.
Reference will now be made in detail to some embodiments of the present application, examples of which are illustrated in the accompanying drawings. To facilitate understanding, embodiments are provided under specific network architecture and new service scenarios, such as 3GPP 5G. It is contemplated that along with developments of network architectures and new service scenarios, all embodiments in the present application are also applicable to similar technical problems; and moreover, the terminologies recited in the present application may change, which should not affect the principle of the present application.
As described above, the serving SNPN operators may decide to restrict access attempt (s) from some UEs by using relevant barring parameters that vary depending on the pre-configured access identity and the pre-configured access category. However, there is no flexible mechanism for the home SNPN to control the UE’s behavior, for example, by using dynamical access identities per visited SNPN when performing access control.
Therefore, a method for the home SNPN to manage the access control information for the UE is needed.
According to some embodiments of the present application, an enhanced steering of roaming (eSoR) information is defined. The eSoR information may include the necessary information for supporting the roaming case of a UE. For example, the access control information may be included in the eSoR information.
For example, the eSoR information may include:
(1) a first indication information which indicates whether to request an acknowledgement from the UE for successful reception of an updated access control information; and
(2) one of the following:
a) a list of SNPN identities, and one or more access identities for each SNPN; optionally, at least one of access categories for each SNPN; and
b) a second indication information which indicates that there is no updated information provided.
FIG. 1 is a flow chart illustrating a method for a home SNPN to manage the access control information for a UE according to an embodiment of the present application. In this embodiment, the access control information is included in the eSoR information during a registration procedure.
In this embodiment, the method is performed among a UE, a (radio) access network (R) AN, a new access and mobility management function (AMF) , an old AMF, a policy control function (PCF) , a session management function (SMF) , an authentication server function (AUSF) , and a unified data management (UDM) .
The UE may include a computing device, such as a desktop computer, a laptop computer, a personal digital assistant (PDA) , a tablet computer, a smart television (e.g., television connected to the Internet) , a set-top box, a game console, a security system (including a security camera) , a vehicle on-board computer, a network device (e.g., a router, a switch, and a modem) , or the like. According to an embodiment of the present disclosure, the UE may include a portable wireless communication device, a smart phone, a cellular telephone, a flip phone, a device having a subscriber identity module, a personal computer, a selective call receiver, or any other device that is capable of sending and receiving communication signals on a wireless network. In some embodiments, the UE may include a wearable device, such as a smart watch, a fitness band, an optical head-mounted display, or the like. Moreover, the UE may be referred to as a subscriber unit, a mobile phone, a mobile station, a user, a terminal, a mobile terminal, a wireless terminal, a fixed terminal, a subscriber station, a user terminal, or any device described using other terminology used in the art.
The (R) AN may be configured to provide a network access service for the UE. The (R) AN may also be referred to as access network (AN) entity, an access point, an access terminal, a base, a macro cell, a Node-B, an enhanced Node B (eNB) , a gNB, a home Node-B, a relay node, or any device described using other terminology used in the art.
The AMF, the PCF, the SMF, the AUSF, and the UDM are network function entities of a 5G core network.
In particular, the AMF is a network function entity used for receiving all the connection and session information from a UE or the AN, and handling connection and mobility management tasks. The PCF is a network function entity used for supporting unified policy framework to govern network behavior, providing policy rules for control plane functions, which includes network slicing, roaming and mobility management, and accessing subscription information relevant for policy decisions in a unified data repository (UDR) . The SMF is a network function entity used for interacting with the decoupled data plane, creating, updating and removing PDU sessions and managing session context with user plane function (UPF) . The AUSF is a network function entity used for authentication. The UDM is a network function entity used for managing network user data in a single, centralized element. The UDR is a converged repository of subscriber information and can be used to service a number of network functions.
Now referring to FIG. 1, in step 101, the UE transmits a registration request to the (R) AN.
In step 102, the (R) AN performs an AMF selection based on the received registration request. And then in step 103, the (R) AN transmits the registration request to the new AMF. If the registration type in the registration request indicates this procedure is periodic registration update, the following steps 104-119 will not be performed.
Conditionally, in step 104, the new AMF transmits Namf_Communication_UEContextTransfer to the old AMF. If the new AMF has received the UE context during a handover procedure from the old AMF, the  steps  104, 105 and 110 will not be performed. In step 105, the old AMF transmits Namf_Communication_UEContextTransfer response to the new AMF as a response to the Namf_Communication_UEContextTransfer.
Conditionally, in step 106, if the subscription concealed identifier (SUCI) is not provided by the UE nor retrieved from the old AMF, the new AMF transmits an identity request message to the UE requesting the SUCI. As a response to the identity request, in step 107, the UE transmits an identity response including the SUCI to the new AMF.
In step 108, the new AMF performs an AUSF selection based on the subscription permanent identifier (SUPI) or the SUCI.
In step 109, the AUSF performs authentication for the UE.
Conditionally, in step 110, the new AMF transmits Namf_Communication_RegistrationCompleteNotify to the old AMF. For example, if the AMF has changed, the new AMF notifies the old AMF that the registration of the UE in the new AMF is completed by invoking the Namf_Communication_RegistrationCompleteNotify service operation.
Conditionally, in step 111, an identity request or an identity response is transmitted between the new AMF and the UE. For example, if a permanent equipment identifier (PEI) was not provided by the UE nor retrieved from the old AMF, the identity request procedure is initiated by the new AMF sending an identity request message to the UE to retrieve the PEI. The PEI shall be transferred encrypted unless the UE performs emergency registration and cannot be authenticated.
Optionally, in step 112, the new AMF initiates mobile equipment (ME) identity check by invoking the N5g-eir_EquipmentIdentityCheck_Get service operation.
If step 114 is to be performed, in step 113, the new AMF selects a UDM based on the SUPI, and then the UDM may select a UDR instance.
In step 114a, if the AMF has changed since the last registration procedure, or if the UE provides a SUPI which doesn′t refer to a valid context in the AMF, or if the UE registers to the same AMF it has already registered to a non-3GPP access (i.e. the UE is registered over a non-3GPP access and initiates this registration procedure to add a 3GPP access) , the new AMF registers with the UDM using Nudm_UECM_Registration for the access to be registered.
In step 114b, the UDM determines whether the eSoR including the access control information for the UE needs to be updated. In an embodiment, the UDM  determines the eSoR needs to be updated based on a request from the AMF. For example, the UDM may receive indication information for indicating changes for the access control information from the AMF, and then retrieves the updated access control information from the UDR.
In another embodiment, the UDM determines the eSoR needs to be updated based on a notification of the change of the eSoR (that is, the changes of the access control information) from the UDR. In an example, the notification may include at least one of access identities regarding the specific network. In another example, the notification may include at least one of access identities and at least one of access categories regarding the specific network. The specific network may be the one or more SNPNs which the UE is visiting or will visit.
Furthermore, in step 114b, the UDM transmit the eSoR including the updated access control information to the new AMF by using a Nudm_SDM_Get message. For example, the updated access control information may include a list of SNPN identities for which the access control information for the UE needs to be updated, and at least one of access identities for each SNPN. In another example, besides the list of SNPN identities and the access identities, the updated access control information may further include at least one of access categories for each SNPN.
In step 114b, the UDM may further determine whether to request an acknowledgement from the UE for successful reception of the updated access control information. The UDM may further transmit indication information indicating whether to request the acknowledgement from the UE for successful reception of the updated access control information to the new AMF, by using the Nudm_SDM_Get message.
In another embodiment, if there is no updated information provided, the UDM may transmit indication information indicating there is no updated information provided in the eSoR to the new AMF, by using the Nudm_SDM_Get message.
In step 114c, the new AMF transmits Nudm_SDM_Subscribe to the UDM. For example, after a successful response is received, the new AMF subscribes to be notified using Nudm_SDM_Subscribe when the data requested is modified, the UDM  may subscribe to the UDR by Nudr_DM_Subscribe.
Optionally, in step 114d, when the UDM stores the associated Access Type (e.g. 3GPP) together with the serving AMF as indicated in step 114a, it will cause the UDM to initiate a Nudm_UECM_DeregistrationNotification to the old AMF corresponding to the same (e.g. 3GPP) access, if one exists.
Conditionally, in step 114e, if the old AMF does not have UE context for another access type (i.e. non-3GPP access) , the old AMF unsubscribes with the UDM for subscription data using a Nudm_SDM_unsubscribe message.
In step 115, if the AMF decides to initiate PCF communication, the AMF performs a PCF selection.
Optionally, in step 116, the new AMF performs an AM Policy Association Establishment/Modification.
Conditionally, in step 117, the new AMF transmits Nsmf_PDUSession_UpdateSMContext or Nsmf_PDUSession_ReleaseSMContext to the SMF.
Conditionally, in step 118, the new AMF transmits a UE Context Modification Request to N3IWF/TNGF/W-AGF, and in step 119, N3IWF/TNGF/W-AGF transmits a UE Context Modification Response to the new AMF.
Conditionally, in step 119a, the new AMF registers with the UDM using Nudm_UECM_Registration with the Access Type set to ″non-3GPP access″ .
Conditionally, in step 119b, when the UDM stores the associated Access Type (i.e. non-3GPP) together with the serving AMF, it will cause the UDM to initiate a Nudm_UECM_DeregistrationNotification to the old AMF corresponding to the same (i.e. non-3GPP) access. The old AMF removes the UE context for non-3GPP access.
In step 119c, the Old AMF unsubscribes with the UDM for subscription data  using Nudm_SDM_unsubscribe.
In step 120, the new AMF transmits a registration accept message having the eSoR. The eSoR was received in step 114b from the UDM.
Optionally, in step 121, the new AMF performs a UE policy association establishment.
Conditionally, in step 122, when the UE successfully receives the eSoR informaiton and finds that there is an indication informaiton in the eSoR informaiton indicating that an acknowledgement needs to be tranmitted to the UDM for successful reception of the updated access control information in the eSoR information, the UE tranmits an acknowledgement to the new AMF. In particular, the UE transmits the acknowledgement to the new AMF by a registration complete message. In another embodiment, if the indication informaiton in the eSoR indicating that an acknowledgement does not need to be tranmitted to the UDM for successful reception of the updated access control information, the UE does not need to transmit the acknowledgement. 
Conditionally, in step 123, if there is an indication informaiton in the eSoR indicating that an acknowledgement needs to be tranmitted to the UDM for successful reception of the updated access control information (eSoR) , the new AMF provides the UE acknowledgement to UDM by using Nudm_SDM_Info.
In step 123a, for Registration over 3GPP access, if the AMF does not release the signalling connection, the AMF sends the RRC inactive assistance information to the (R) AN.
Conditionally, in step 124, after the step 114a, and in parallel to any of the preceding steps, the AMF shall send a ″Homogeneous Support of IMS Voice over PS Sessions″ indication to the UDM using Nudm_UECM_Update.
In step 125a, after successfully receiving the eSoR informaiton, the UE updates the local access control information with the updated access control information in the eSoR information. Furthermore, the UE may initiate to perform a  network re-selection depending on the information in the eSoR and other necessary conditions, e.g., if the UE is in idle mode.
Conditionally, in step 125, the UE, the (R) AN, and the new AMF perform network slice-specific authentication and authorization.
In the above steps, for example, steps 101-114a, steps 114c-119c, step 121,  steps  123a, 124 and 125 are described briefly. It should be understood that steps 101-114a are the same steps as steps 1-14a in Figure 4.2.2.2.2-1 (Registration procedure) in section 4.2.2.2.2 in 3GPP 23.502, steps 114c-119c are the same steps as steps 14c-19c in Figure 4.2.2.2.2-1 (Registration procedure) in section 4.2.2.2.2 in 3GPP 23.502, step 121 is the same step as step 21b in Figure 4.2.2.2.2-1 (Registration procedure) in section 4.2.2.2.2 in 3GPP 23.502,  steps  123a and 124 are the same steps as steps 23a and 24 in Figure 4.2.2.2.2-1 (Registration procedure) in section 4.2.2.2.2 in 3GPP 23.502, and step 125 is the same step as step 25 in Figure 4.2.2.2.2-1 (Registration procedure) in section 4.2.2.2.2 in 3GPP 23.502. Regarding more details regarding these steps in the above embodiment, please refer to the corresponding description in section 4.2.2.2.2 in 3GPP 23.502.
FIG. 2 is a flow chart illustrating a method for a home SNPN to manage the access control information for a UE according to another embodiment of the present application. In this embodiment, the access control information is included in the eSoR information as above disccused after a registration procedure.
In this embodiment, the method is performed among a UE, an AMF and a UDM. The UDM can use Nudm_SDM_Notification service operation to update the access control information stored in the UE via the AMF. The UDM may include an indication for the UE to send an acknowledgement of the reception of this information. The AMF may provide the acknowledgement sent from the UE to the UDM using the Nudm_SDM_Info service operation.
As shown in FIG. 2, in step 201, the UDM determines whether the eSoR information including the access control information for the UE needs to be updated, for example, based on a notification of the changes of the eSoR information (that is, the changes of the access control information) from a UDR. In an example, the  notification may include at least one of access identities regarding the specific network. In another example, the notification may include at least one of access identities and at least one of access categories regarding the specific network. The specific network may be one or more SNPNs which the UE is visiting or will visit.
Furthermore, in step 201, the UDM notifies the changes of the user profile (that is, the updated accecc control informaiton for the UE) to the AMF by invoking the Nudm_SDM_Notification service operation, and the Nudm_SDM_Notification message contains the eSoR information including the updated access control information. The updated access control information needs to be delivery transparently to the UE over non-access stratum (NAS) signalling within the access and mobility subscription data. For example, the updated access control information may include a list of SNPN identities for which the access control information for the UE needs to be updated, and at least one of access identities for each SNPN. In another example, besides the list of SNPN identities and the access identities, the updated access control information may further include at least one of access categories for each SNPN.
In step 201, the UDM may further determine whether to request an acknowledgement from the UE for successful reception of the updated access control information. The UDM may further transmit indication information indicating whether to request the acknowledgement from the UE for successful reception of the updated access control information to the AMF, by using the Nudm_SDM_Notification message.
In another embodiment, if there is no updated information provided, the UDM may transmit indication information indicating there is no updated information provided in the eSoR inforamtion to the AMF.
In step 202, the AMF transmits the eSoR inforamtion received from the UDM to the served UE by a DL NAS TRANSPORT message.
In step 203, upon receiving the eSoR information, the UE firstly performs a security check on the eSoR information. If the security check on the eSoR information is successful, the UE updates the local access control information with  the updated access control information in the eSoR information. And then the UE may initiate to perform the network re-selection depending on the updated access control information in the eSoR information and other necessary conditions, e.g., if the UE is in idle mode.
In step 204, when the UE successfully receives the eSoR informaiton and finds that there is indication informaiton in the eSoR informaiton indicating that an acknowledgement needs to be tranmitted to the UDM for successful reception of the updated access control information in the eSoR information, and then the UE tranmits an acknowledgement to the AMF by a DL NAS TRANSPORT message.
In step 205, the AMF trasnmits an acknowledgement to the UDM by a Nudm_SDM_Info message.
In another embodiment, if the indication informaiton in the eSoR inforamtion indicating that an acknowledgement does not need to be tranmitted to the UDM for successful reception of the updated access control information, the UE does not need to transmit the acknowledgement. That is, the  steps  204 and 205 are skipped. In another embodiment, if there is no such indication informaiton received in the UE, the  steps  204 and 205 are skipped.
FIG. 3 is a flow chart illustrating a method for a home SNPN to manage the access control information for a UE according to yet another embodiment of the present application. In this embodiment, the access control information is tranmitted during a UE parameters update procedure via a control plane after a registration procedure.
In this embodiment, the method is performed among a UE, an AMF and a UDM. For exmaple, the UE parameters update procedure via a control plane is to allow the home SPNP to update the UE with a specific set of parameters (e.g., the updated access control information in this embodiemnt) generated and stored in the UDM, by delivering protected UDM update data via NAS signalling. The home SNPN may update such parameters based on the local policy and/or the operator policies.
As shown in FIG. 3, in step 301, the UDM determines whether the access control information for the UE in the serving SNPN needs to be updated, for example, based on a notification of the changes of the access control information from a UDR. In an example, the notification may include at least one of access identities regarding a specific network (such as, the serving SNPN) . In another example, the notification may include at least one of access identities and at least one of access categories regarding the specific network (such as, the serving SNPN) .
Furthermore, in step 301, the UDM notifies the changes of the accecc control informaiton for the serving SNPN to the AMF by invoking the Nudm_SDM_Notification service operation, and the Nudm_SDM_Notification message contains the updated access control information. The updated access control information needs to be delivered transparently to the UE over NAS signalling within the access and mobility subscription data. For example, the updated access control information may include at least one of access identities for the serving SNPN. In another example, the updated access control information may include at least one of access identities and at least one of access categories for the serving SNPN.
In step 301, the UDM may further determine whether to request an acknowledgement from the UE for successful reception of the updated access control information. The UDM may further transmit indication information indicating whether to request the acknowledgement from the UE for successful reception of the updated access control information to the AMF, by using the Nudm_SDM_Notification message.
In step 302, the AMF transmits the updated access control information received from the UDM to the served UE by a DL NAS TRANSPORT message. After receiving the updated access control information, the UE updates the local access control information with the updated access control information.
In step 303, when the UE successfully receives the updated access control information and finds that there is indication informaiton indicating that an acknowledgement needs to be tranmitted to the UDM for successful reception of the updated access control information, and then the UE tranmits an acknowledgement to the AMF by a DL NAS TRANSPORT message.
In step 304, the AMF trasnmits an acknowledgement to the UDM by a Nudm_SDM_Info message.
In another embodiment, if the indication informaiton indicating that an acknowledgement does not need to be tranmitted to the UDM for successful reception of the updated access control information, the UE does not need to transmit the acknowledgement. That is, the  steps  304 and 304 are skipped. In another embodiment, if there is no such indication informaiton received in the UE, the  steps  204 and 205 are skipped.
In step 305, the UE may initiate re-registration if it is requested by the UDM.
Therefore, through the above described embodiments of the present application, it is possible for the home SNPN to steer the UE′s access behaviors based on the access identity (s) and/or access category (s) provided by the home SNPN when the UE moves to a visited SNPN.
FIG. 4 illustrates an apparatus according to some embodiments of the present application. In some embodiments of the present disclosure, the apparatus 400 may be the UDM illustrated in the above embodiments of the present application.
As shown in FIG. 4, the apparatus 400 may include a receiver 401, a transmitter 403, a processer 405, and a non-transitory computer-readable medium 407. The non-transitory computer-readable medium 407 has computer executable instructions stored therein. The processer 405 is configured to be coupled to the non-transitory computer readable medium 407, the receiver 401, and the transmitter 403. It is contemplated that the apparatus 400 may include more computer-readable mediums, receiver, transmitter and processors in some other embodiments of the present application according to practical requirements. In some embodiments of the present application, the receiver 401 and the transmitter 403 are integrated into a single device, such as a transceiver. In certain embodiments, the apparatus 400 may further include an input device, a memory, and/or other components.
In some embodiments of the present application, the non-transitory computer-readable medium 407 may have stored thereon computer-executable  instructions to cause a processor to implement the processes performed by the UE in the above methods according to embodiments of the present application.
FIG. 5 illustrates an apparatus according to some other embodiments of the present application. In some embodiments of the present disclosure, the apparatus 500 may be the UE illustrated in the above embodiments of the present application.
As shown in FIG. 5, the apparatus 500 may include a receiver 501, a transmitter 503, a processer 505, and a non-transitory computer-readable medium 507. The non-transitory computer-readable medium 507 has computer executable instructions stored therein. The processer 505 is configured to be coupled to the non-transitory computer readable medium 507, the receiver 501, and the transmitter 503. It is contemplated that the apparatus 500 may include more computer-readable mediums, receiver, transmitter and processors in some other embodiments of the present application according to practical requirements. In some embodiments of the present application, the receiver 501 and the transmitter 503 are integrated into a single device, such as a transceiver. In certain embodiments, the apparatus 500 may further include an input device, a memory, and/or other components.
In some embodiments of the present application, the non-transitory computer-readable medium 507 may have stored thereon computer-executable instructions to cause a processor to implement the processes performed by the AMF in the above methods according to embodiments of the present application.
Persons skilled in the art should understand that as the technology develops and advances, the terminologies described in the present application may change, and should not affect or limit the principle and spirit of the present application.
Those having ordinary skill in the art would understand that the steps of a method described in connection with the aspects disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in RAM memory, flash memory, ROM memory, EPROM memory, EEPROM memory, registers, a hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art. Additionally, in some aspects, the steps of a method may reside as one or any  combination or set of codes and/or instructions on a non-transitory computer-readable medium, which may be incorporated into a computer program product.
While this disclosure has been described with specific embodiments thereof, it is evident that many alternatives, modifications, and variations may be apparent to those skilled in the art. For example, various components of the embodiments may be interchanged, added, or substituted in the other embodiments. Also, all of the elements of each figure are not necessary for operation of the disclosed embodiments. For example, one of ordinary skill in the art of the disclosed embodiments would be enabled to make and use the teachings of the disclosure by simply employing the elements of the independent claims. Accordingly, embodiments of the disclosure as set forth herein are intended to be illustrative, not limiting. Various changes may be made without departing from the spirit and scope of the disclosure.
In this document, the terms ″comprises, ″ ″comprising, ″ or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. An element proceeded by ″a, ″ ″an, ″ or the like does not, without more constraints, preclude the existence of additional identical elements in the process, method, article, or apparatus that comprises the element. Also, the term ″another″ is defined as at least a second or more. The terms ″including, ″ ″having, ″ and the like, as used herein, are defined as ″comprising. ″

Claims (25)

  1. A method performed by a data management entity, comprising:
    receiving a notification of changes for access control information regarding a specific network;
    determining to update a user equipment (UE) by utilizing an updated access control information based on the notification; and
    transmitting the updated access control information to the UE.
  2. The method of Claim 1, wherein determining to update the UE by utilizing the updated access control information comprises:
    determining whether to request an acknowledgement from the UE for successful reception of the updated access control information,
    wherein the updated access control information comprises a first indication information indicating whether to request the acknowledgement from the UE for successful reception of the updated access control information.
  3. The method of Claim 1, wherein the notification comprises at least one of access identities regarding the specific network.
  4. The method of Claim 1, wherein the notification comprises at least one of access identities and at least one of access categories regarding the specific network.
  5. The method of Claim 1, wherein receiving the notification of changes for access control information regarding the specific network comprises:
    receiving a second indication information for indicating changes for the access control information from a mobility management function (AMF) entity; and
    retrieving the updated access control information from a unified data repository (UDR) entity.
  6. The method of claim 2, wherein the updated access control information further comprises:
    at least one of access identities regarding the specific network.
  7. The method of claim 2, wherein the updated access control information further comprises:
    a list of standalone non-public network (SNPN) identities; and
    at least one of access identities for each SNPN.
  8. The method of claim 2, wherein the updated access control information further comprises:
    a third indication information indicating there is no updated information provided.
  9. The method of Claim 6 or 7, wherein the updated access control information further includes at least one of access categories.
  10. The method of Claim 7, wherein transmitting the updated access control information to the UE comprises:
    transmitting the updated access control information to the UE during a registration procedure.
  11. The method of Claim 10, wherein the updated access control information is transmitted in an enhanced steering of roaming information during the registration procedure.
  12. The method of Claim 7, wherein transmitting the updated access control information to the UE comprises:
    transmitting the updated access control information to the UE in an enhanced steering of roaming information after a registration procedure.
  13. The method of Claim 6, wherein transmitting the updated access control information to the UE comprises:
    transmitting the updated access control information to the UE during a parameters update procedure after a registration procedure.
  14. A method performed by a user equipment (UE) , comprising:
    receiving an updated access control information,
    wherein the updated access control information comprises:
    at least one of access identities regarding a specific network; and
    a first indication information indicating whether to request an acknowledgement from the UE for successful reception of the updated access control information.
  15. The method of Claim 14, wherein the updated access control information further comprises: a list of standalone non-public network (SNPN) identities, and the at least one of access identities is at least one of access identities for each SNPN.
  16. The method of Claim 14 or 15, wherein the updated access control information further comprises: at least one of access categories.
  17. The method of Claim 14, wherein further comprising:
    transmitting an acknowledgement upon successful reception of the updated access control information according to the first indication information.
  18. The method of Claim 15, wherein receiving the updated access control information comprises:
    receiving the updated access control information during a registration procedure.
  19. The method of Claim 18, wherein the updated access control information is received in an enhanced steering of roaming information during the registration procedure.
  20. The method of Claim 15, wherein receiving the updated access control information comprises:
    receiving the updated access control information in an enhanced steering of roaming information after a registration procedure.
  21. The method of Claim 15, further comprising: performing a network re-selection based on the updated access control information and if the UE is in idle mode.
  22. The method of Claim 14, wherein receiving the updated access control information comprises:
    receiving the updated access control information during a parameters update procedure after a registration procedure.
  23. The method of Claim 14, further comprising: performing a re-registration if it is requested by a data management entity.
  24. An apparatus, comprising:
    at least one non-transitory computer-readable medium having computer executable instructions stored therein;
    at least one receiver;
    at least one transmitter; and
    at least one processor coupled to the at least one non-transitory computer-readable medium, the at least one receiver and the at least one transmitter;
    wherein the computer executable instructions are programmed to implement a method according to any one of Claims 1-13 with the at least one receiver, the at least one transmitter and the at least one processor.
  25. An apparatus, comprising:
    at least one non-transitory computer-readable medium having computer executable instructions stored therein;
    at least one receiver;
    at least one transmitter; and
    at least one processor coupled to the at least one non-transitory computer-readable medium, the at least one receiver and the at least one transmitter;
    wherein the computer executable instructions are programmed to implement a method according to any one of Claims 14-23 with the at least one receiver, the at least one transmitter and the at least one processor.
PCT/CN2020/105581 2020-07-29 2020-07-29 Method and apparatus for managing access control information WO2022021155A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/CN2020/105581 WO2022021155A1 (en) 2020-07-29 2020-07-29 Method and apparatus for managing access control information

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2020/105581 WO2022021155A1 (en) 2020-07-29 2020-07-29 Method and apparatus for managing access control information

Publications (1)

Publication Number Publication Date
WO2022021155A1 true WO2022021155A1 (en) 2022-02-03

Family

ID=80037053

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/105581 WO2022021155A1 (en) 2020-07-29 2020-07-29 Method and apparatus for managing access control information

Country Status (1)

Country Link
WO (1) WO2022021155A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US12149936B2 (en) 2022-06-24 2024-11-19 Cisco Technology, Inc. Private 5G federation system for dynamic user equipment on-boarding

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110574431A (en) * 2017-05-05 2019-12-13 英特尔Ip公司 access control mechanism
US20200084691A1 (en) * 2017-06-16 2020-03-12 Telefonaktiebolaget Lm Ericsson (Publ) User Equipment and Method in a Wireless Communications Network
WO2020067749A1 (en) * 2018-09-28 2020-04-02 Lg Electronics Inc. Access control for data transmission
CN111165021A (en) * 2017-08-11 2020-05-15 诺基亚技术有限公司 Network slice-specific access restriction for wireless networks

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110574431A (en) * 2017-05-05 2019-12-13 英特尔Ip公司 access control mechanism
US20200084691A1 (en) * 2017-06-16 2020-03-12 Telefonaktiebolaget Lm Ericsson (Publ) User Equipment and Method in a Wireless Communications Network
CN111165021A (en) * 2017-08-11 2020-05-15 诺基亚技术有限公司 Network slice-specific access restriction for wireless networks
WO2020067749A1 (en) * 2018-09-28 2020-04-02 Lg Electronics Inc. Access control for data transmission

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
ANONYMOUS: "Non-Access-Stratum (NAS) protocol for 5G System (5GS)", 3GPP STANDARD; TECHNICAL SPECIFICATION; 3GPP TS 24.501, vol. CT WG1, no. V16.5.1, 17 July 2020 (2020-07-17), pages 1 - 709, XP051925239 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US12149936B2 (en) 2022-06-24 2024-11-19 Cisco Technology, Inc. Private 5G federation system for dynamic user equipment on-boarding

Similar Documents

Publication Publication Date Title
US11659481B2 (en) Methods and systems for UE to request appropriate NSSAI in 5G
JP7075066B2 (en) UE configuration and update with network slice selection policy
JP6885970B2 (en) Methods and equipment for creating and using roaming lists based on user roaming plans
CN115362715A (en) Configuration of specific network slices
US11503533B2 (en) Method of registration with access and mobility management function re-allocation
US20230156584A1 (en) Target network slice information for target network slices
US20240023013A1 (en) Methods and Apparatus for Service Assurance for Time-Restricted Short-Lived Networks
US20240284320A1 (en) Network slicing based vplmn prioritization
US20230217241A1 (en) Providing subscription data of an external subscriber
US20240147235A1 (en) Network slice admission control
JP7332802B2 (en) Method and Apparatus for Manual Network Selection
US20230156457A1 (en) Method and apparatus for providing onboarding and provisioning services
CN115769616A (en) Security context for target AMF
CN115299168A (en) Method and apparatus for handover
US20230337105A1 (en) Priority data transport service
WO2022021155A1 (en) Method and apparatus for managing access control information
WO2023174971A1 (en) Network reselection
EP4385224A1 (en) Methods and systems for steering of roaming
WO2022021139A1 (en) Method and apparatus for subscribing and provisioning
CN117178602A (en) Network slice admission control
WO2021201729A1 (en) Faster release or resume for ue in inactive state
WO2022016512A1 (en) Method and apparatus for managing external subscription data
WO2024092467A1 (en) Information transmission method and apparatus, communication device, and storage medium
US20240107287A1 (en) Support of non-subscribed temporary local slices while roaming for local ims service
WO2024088573A1 (en) Network slice availability for legacy devices in a wireless communication network

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20947052

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205 DATED 16/05/2023)

122 Ep: pct application non-entry in european phase

Ref document number: 20947052

Country of ref document: EP

Kind code of ref document: A1