WO2022021239A1 - Notification de réseau concernant le résultat d'authentification et d'autorisation d'un dispositif terminal - Google Patents

Notification de réseau concernant le résultat d'authentification et d'autorisation d'un dispositif terminal Download PDF

Info

Publication number
WO2022021239A1
WO2022021239A1 PCT/CN2020/105937 CN2020105937W WO2022021239A1 WO 2022021239 A1 WO2022021239 A1 WO 2022021239A1 CN 2020105937 W CN2020105937 W CN 2020105937W WO 2022021239 A1 WO2022021239 A1 WO 2022021239A1
Authority
WO
WIPO (PCT)
Prior art keywords
authentication
authorization
notification
result
unmanned aerial
Prior art date
Application number
PCT/CN2020/105937
Other languages
English (en)
Inventor
Rainer Liebhart
Peter Leis
Sung Hwan Won
Yang Shen
Anja Jerichow
Original Assignee
Nokia Shanghai Bell Co., Ltd.
Nokia Solutions And Networks Oy
Nokia Technologies Oy
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nokia Shanghai Bell Co., Ltd., Nokia Solutions And Networks Oy, Nokia Technologies Oy filed Critical Nokia Shanghai Bell Co., Ltd.
Priority to PCT/CN2020/105937 priority Critical patent/WO2022021239A1/fr
Priority to CN202080104526.8A priority patent/CN116114002A/zh
Publication of WO2022021239A1 publication Critical patent/WO2022021239A1/fr

Links

Images

Classifications

    • GPHYSICS
    • G08SIGNALLING
    • G08GTRAFFIC CONTROL SYSTEMS
    • G08G5/00Traffic control systems for aircraft, e.g. air-traffic control [ATC]
    • G08G5/0004Transmission of traffic-related information to or from an aircraft
    • G08G5/0013Transmission of traffic-related information to or from an aircraft with a ground station
    • GPHYSICS
    • G08SIGNALLING
    • G08GTRAFFIC CONTROL SYSTEMS
    • G08G5/00Traffic control systems for aircraft, e.g. air-traffic control [ATC]
    • G08G5/0017Arrangements for implementing traffic-related aircraft activities, e.g. arrangements for generating, displaying, acquiring or managing traffic information
    • G08G5/0026Arrangements for implementing traffic-related aircraft activities, e.g. arrangements for generating, displaying, acquiring or managing traffic information located on the ground
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • H04W12/72Subscriber identity
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B64AIRCRAFT; AVIATION; COSMONAUTICS
    • B64UUNMANNED AERIAL VEHICLES [UAV]; EQUIPMENT THEREFOR
    • B64U2201/00UAVs characterised by their flight controls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials

Definitions

  • Embodiments of the present disclosure generally relate to the field of telecommunication and in particular, to methods, devices, apparatuses and computer readable media for notifying a network about a result of authentication and authorization of a terminal device.
  • the 3rd Generation Partnership Project (3GPP) is working on enhancements for control of terminal devices, specifically control of Unmanned Aerial Vehicles (UAV) .
  • the enhancements may include identification, authentication, authorization, tracking of the terminal devices.
  • tracking the terminal devices for example, and being able to report to a UAV domain; allowing one terminal device to advertise itself or send data to other terminal devices in a certain area via the 3GPP network; and allowing authentication and authorization with the help of Unmanned Aerial System (UAS) Traffic Management (UTM) or UAS Service Supplier (USS) which is part of the UTM.
  • UAS Unmanned Aerial System
  • UTM Traffic Management
  • USS UAS Service Supplier
  • One main problem is the authentication and authorization of a terminal device via the 5G system (5GS) .
  • 5GS 5G system
  • 5GS user plane 5GS user plane
  • 5GS control plane 5GS control plane
  • example embodiments of the present disclosure provide a solution for notifying a device about a result of authentication and authorization for another device.
  • a first device comprising at least one processor; and at least one memory including computer program codes; the at least one memory and the computer program codes are configured to, with the at least one processor, cause the first device to: receive a notification from a second device, the notification indicating a result of authentication and authorization performed by the second device for a third device; and update a policy for communication between the third device and a data network based on the result of the authentication and authorization.
  • a second device comprising at least one processor; and at least one memory including computer program codes; the at least one memory and the computer program codes are configured to, with the at least one processor, cause the second device to: perform authentication and authorization for a third device; and transmit a notification to a first device, the notification indicating a result of the authentication and authorization.
  • a method implemented at a first device comprises: receiving a notification at a first device from a second device, the notification indicating a result of authentication and authorization performed by the second device for a third device; and updating a policy for communication between the third device and a data network based on the result of the authentication and authorization.
  • a method implemented at a second device comprises: performing, at a second device, authentication and authorization for a third device; and transmitting a notification to a first device, the notification indicating a result of the authentication and authorization.
  • an apparatus comprising: means for receiving a notification at a first device from a second device, the notification indicating a result of authentication and authorization performed by the second device for a third device; and means for updating a policy for communication between the third device and a data network based on the result of the authentication and authorization.
  • an apparatus comprising: means for performing, at a second device, authentication and authorization for a third device; and means for transmitting a notification to a first device, the notification indicating a result of the authentication and authorization.
  • a computer readable medium comprising a computer program for causing an apparatus to perform at least the method according to the above third or fourth aspect.
  • Fig. 1 shows an example communication network in which embodiments of the present disclosure may be implemented
  • Fig. 2 shows a signaling chart illustrating a process for authentication and authorization for a terminal device in accordance with a conventional solution
  • Fig. 3 shows a signaling chart illustrating a process for notifying a device about a result of authentication and authorization for another device in accordance with some example embodiments of the present disclosure
  • Fig. 4 shows a signaling chart illustrating a process for notifying a device about a result of authentication and authorization for another device in accordance with other example embodiments of the present disclosure
  • Fig. 5 shows a signaling chart illustrating a process for notifying a device about a result of authentication and authorization for another device in accordance with still other example embodiments of the present disclosure
  • Fig. 6 shows a flowchart of a method for notifying a device about a result of authentication and authorization for another device in accordance with some embodiments of the present disclosure
  • Fig. 7 shows a flowchart of a method for notifying a device about a result of authentication and authorization for another device in accordance with other embodiments of the present disclosure
  • Fig. 8 illustrates a simplified block diagram of an apparatus that is suitable for implementing some other embodiments of the present disclosure.
  • Fig. 9 illustrates a block diagram of an example computer readable medium in accordance with some example embodiments of the present disclosure.
  • references in the present disclosure to “one embodiment, ” “an embodiment, ” “an example embodiment, ” and the like indicate that the embodiment described may include a particular feature, structure, or characteristic, but it is not necessary that every embodiment includes the particular feature, structure, or characteristic. Moreover, such phrases are not necessarily referring to the same embodiment. Further, when a particular feature, structure, or characteristic is described in connection with an example embodiment, it is submitted that it is within the knowledge of one skilled in the art to affect such feature, structure, or characteristic in connection with other embodiments whether or not explicitly described.
  • first and second etc. may be used herein to describe various elements, these elements should not be limited by these terms. These terms are only used to distinguish one element from another. For example, a first element could be termed a second element, and similarly, a second element could be termed a first element, without departing from the scope of example embodiments.
  • the term “and/or” includes any and all combinations of one or more of the listed terms.
  • circuitry may refer to one or more or all of the following:
  • circuitry also covers an implementation of merely a hardware circuit or processor (or multiple processors) or portion of a hardware circuit or processor and its (or their) accompanying software and/or firmware.
  • circuitry also covers, for example and if applicable to the particular claim element, a baseband integrated circuit or processor integrated circuit for a mobile device or a similar integrated circuit in server, a cellular network device, or other computing or network device.
  • the term “communication network” refers to a network following any suitable communication standards, such as fifth generation (5G) systems, Long Term Evolution (LTE) , LTE-Advanced (LTE-A) , Wideband Code Division Multiple Access (WCDMA) , High-Speed Packet Access (HSPA) , Narrow Band Internet of Things (NB-IoT) and so on.
  • 5G fifth generation
  • LTE Long Term Evolution
  • LTE-A LTE-Advanced
  • WCDMA Wideband Code Division Multiple Access
  • HSPA High-Speed Packet Access
  • NB-IoT Narrow Band Internet of Things
  • the communications between a terminal device and a network device in the communication network may be performed according to any suitable generation communication protocols, including, but not limited to, the first generation (1G) , the second generation (2G) , 2.5G, 2.75G, the third generation (3G) , the fourth generation (4G) , 4.5G, the future fifth generation (5G) new radio (NR) communication protocols, and/or any other protocols either currently known or to be developed in the future.
  • suitable generation communication protocols including, but not limited to, the first generation (1G) , the second generation (2G) , 2.5G, 2.75G, the third generation (3G) , the fourth generation (4G) , 4.5G, the future fifth generation (5G) new radio (NR) communication protocols, and/or any other protocols either currently known or to be developed in the future.
  • Embodiments of the present disclosure may be applied in various communication systems. Given the rapid development in communications, there will of course also be future type communication technologies and systems with which the present disclosure may be embodied. It should not be seen as limiting the
  • the term “network device” refers to a node in a communication network via which a terminal device accesses the network and receives services therefrom.
  • the network device may refer to a base station (BS) or an access point (AP) , for example, a node B (NodeB or NB) , an evolved NodeB (eNodeB or eNB) , a NR Next Generation NodeB (gNB) , a Remote Radio Unit (RRU) , a radio header (RH) , a remote radio head (RRH) , a relay, a low power node such as a femto, a pico, and so forth, depending on the applied terminology and technology.
  • BS base station
  • AP access point
  • NodeB or NB node B
  • eNodeB or eNB evolved NodeB
  • gNB Next Generation NodeB
  • RRU Remote Radio Unit
  • RH radio header
  • RRH remote radio head
  • relay a
  • An RAN split architecture comprises a gNB-CU (Centralized unit, hosting RRC, SDAP and PDCP) controlling a plurality of gNB-DUs (Distributed unit, hosting RLC, MAC and PHY) .
  • the term “network device” may also refer to a network function such as Access and Mobility management Function (AMF) , Session Management Function (SMF) , User Plane Function (UPF) , Unified Data Management (UDM) , Policy Control Function (PCF) , Network Exposure Function (NEF) , Network Slice Selection Function (NSSF) , Network Slice-Specific Authentication and Authorization Function (NSSAAF) , Network Repository Function (NRF) , Unstructured Data Storage Function (UDSF) , or Unified Data Repository (UDR) .
  • AMF Access and Mobility management Function
  • SMF Session Management Function
  • UPF User Plane Function
  • UDM Unified Data Management
  • PCF Policy Control Function
  • NEF Network Exposure Function
  • terminal device refers to any end device that may be capable of wireless communication.
  • a terminal device may also be referred to as a communication device, user equipment (UE) , Unmanned Aerial Vehicle (UAV) , UAV controller (UAVC) , a Subscriber Station (SS) , a Portable Subscriber Station, a Mobile Station (MS) , or an Access Terminal (AT) .
  • UE user equipment
  • UAV Unmanned Aerial Vehicle
  • UAV controller UAV controller
  • SS Subscriber Station
  • MS Mobile Station
  • AT Access Terminal
  • the terminal device may include, but not limited to, a mobile phone, a cellular phone, a smart phone, voice over IP (VoIP) phones, wireless local loop phones, a tablet, a wearable terminal device, a personal digital assistant (PDA) , portable computers, desktop computer, image capture terminal devices such as digital cameras, gaming terminal devices, music storage and playback appliances, vehicle-mounted wireless terminal devices, wireless endpoints, mobile stations, laptop-embedded equipment (LEE) , laptop-mounted equipment (LME) , USB dongles, smart devices, wireless customer-premises equipment (CPE) , an Internet of Things (IoT) device, a watch or other wearable, a head-mounted display (HMD) , a vehicle, a drone, a medical device and applications (e.g., remote surgery) , an industrial device and applications (e.g., a robot and/or other wireless devices operating in an industrial and/or an automated processing chain contexts) , a consumer electronics device, a device operating on commercial and/
  • a user equipment apparatus such as a cell phone or tablet computer or laptop computer or desktop computer or mobile IoT device or fixed IoT device
  • This user equipment apparatus can, for example, be furnished with corresponding capabilities as described in connection with the fixed and/or the wireless network node (s) , as appropriate.
  • the user equipment apparatus may be the user equipment and/or or a control device, such as a chipset or processor, configured to control the user equipment when installed therein. Examples of such functionalities include the bootstrapping server function and/or the home subscriber server, which may be implemented in the user equipment apparatus by providing the user equipment apparatus with software configured to cause the user equipment apparatus to perform from the point of view of these functions/nodes.
  • Fig. 1 shows an example communication network 100 in which embodiments of the present disclosure can be implemented.
  • the network 100 comprises a Network Slice-Specific Authentication and Authorization Function (NSSAAF) 101, a Network Slice Selection Function (NSSF) 102, an Authentication Server Function (AUSF) 103, a Unified Data Management (UDM) 104, an Access and Mobility management Function (AMF) 105, a Session Management Function (SMF) 106, a Policy Control Function (PCF) 107, an Application Function (AF) 108, a terminal device 109, a Radio Access Network (RAN) 110, a User Plane Function (UPF) 111, and a data network (DN) 112.
  • NSSAAF Network Slice-Specific Authentication and Authorization Function
  • NSSF Network Slice Selection Function
  • AUSF Authentication Server Function
  • UDM Unified Data Management
  • AMF Access and Mobility management Function
  • SMF Session Management Function
  • PCF Policy Control Function
  • AF Application Function
  • RAN
  • the UDM 104 may include support for the following functionality: generation of 3GPP Authentication Credentials, User Identification Handling (e, g, storage and management of SUPI for each subscriber in the 5G system) , support of de-concealment of privacy-protected subscription identifier (SUCI) , access authorization based on subscription data (e, g, roaming restrictions) , UE's Serving NF Registration Management (e, g, storing serving AMF for UE, storing serving SMF for UE's PDU Session) , support to service/session continuity e.g., by keeping SMF/Data Network Name (DNN) assignment of ongoing sessions, MT-SMS delivery support, lawful Intercept Functionality (especially in outbound roaming case where UDM is the only point of contact for LI) , subscription management, SMS management, 5GLAN group management handling, support of external parameter provisioning (Expected UE Behaviour parameters or Network Configuration parameters) .
  • 3GPP Authentication Credentials e,
  • the AMF 105 may include the following functionality. Some or all of the AMF 105 functionalities may be supported in a single instance of an AMF: termination of RAN Control Plane interface (N2) , termination of NAS (N1) , NAS ciphering and integrity protection, registration management, connection management, reachability management, Mobility Management, lawful intercept (for AMF events and interface to LI System) , provide transport for SM messages between UE and SMF, transparent proxy for routing SM messages, access Authentication, access Authorization, provide transport for SMS messages between UE and SMSF, security Anchor Functionality (SEAF) , location Services management for regulatory services, provide transport for Location Services messages between UE and LMF as well as between RAN and LMF, EPS Bearer ID allocation for interworking with EPS, UE mobility event notification, support for Control Plane CIoT 5GS Optimisation, support for User Plane CIoT 5GS Optimisation, provisioning of external parameters (Expected UE Behaviour parameters or
  • the SMF 106 may include the following functionality. Some or all functionalities of the SMF 106 may be supported in a single instance of a SMF: session Management e.g., Session Establishment, modify and release, including tunnel maintained between UPF and AN node; UE IP address allocation &management (including optional Authorization) , the UE IP address may be received from a UPF or from an external data network; DHCPv4 (server and client) and DHCPv6 (server and client) functions; functionality to respond to Address Resolution Protocol (ARP) requests and/or IPv6 Neighbour Solicitation requests based on local cache information for the Ethernet PDUs, the SMF responds to the ARP and/or the IPv6 Neighbour Solicitation Request by providing the MAC address corresponding to the IP address sent in the request; selection and control of UP function, including controlling the UPF to proxy ARP or IPv6 Neighbour Discovery, or to forward all ARP/IPv6 Neigh
  • the PCF 107 may include the following functionality: supports unified policy framework to govern network behavior; provides policy rules to Control Plane function (s) to enforce them; and accesses subscription information relevant for policy decisions in a Unified Data Repository (UDR) .
  • UDR Unified Data Repository
  • the AF 108 may support interaction with the 3GPP core network to provide services, such as influencing data routing decisions, policy control functions or providing third-party services to the network.
  • the UPF 111 may include the following functionality. Some or all functionalities of the UPF 111 may be supported in a single instance of a UPF: anchor point for Intra/InterRAT mobility (when applicable) ; allocation of UE IP address/prefix (if supported) in response to SMF request; external PDU Session point of interconnect to Data Network; packet routing &forwarding (e.g., support of Uplink classifier to route traffic flows to an instance of a data network, support of Branching point to support multihomed PDU Session, support of traffic forwarding within a 5G VN group (UPF local switching, via N6, via N19) ) ; packet inspection (e.g., Application detection based on service data flow template and the optional PFDs received from the SMF in addition) ; User Plane part of policy rule enforcement, e.g., Gating, Redirection, Traffic steering) ; lawful intercept (UP collection) ; traffic usage reporting; QoS handling for user plane,
  • anchor point for Intra/InterRAT mobility
  • the UPF 111 may be responsible for forwarding and receiving user data in the terminal device 109.
  • the UPF 111 can receive user data from the DN 112 and transmit it to the terminal device 109 via the RAN 110.
  • the UPF 111 can also receive user data from the terminal device 109 through the RAN 110 and forward it to the DN 112.
  • the transmission resources and scheduling functions in the UPF 111 that serve the terminal device 109 are managed and controlled by the SMF 106.
  • the numbers of network elements and terminal device in the network 100 are only for the purpose of illustration without suggesting any limitations.
  • the network 100 may include any suitable number of network elements and terminal devices adapted for implementing embodiments of the present disclosure.
  • Communications in the communication network 100 may be implemented according to any proper communication protocol (s) , comprising, but not limited to, cellular communication protocols of the first generation (1G) , the second generation (2G) , the third generation (3G) , the fourth generation (4G) and the fifth generation (5G) and on the like, wireless local network communication protocols such as Institute for Electrical and Electronics Engineers (IEEE) 802.11 and the like, and/or any other protocols currently known or to be developed in the future.
  • s cellular communication protocols of the first generation (1G) , the second generation (2G) , the third generation (3G) , the fourth generation (4G) and the fifth generation (5G) and on the like, wireless local network communication protocols such as Institute for Electrical and Electronics Engineers (IEEE) 802.11 and the like, and/or any other protocols currently known or to be developed in the future.
  • IEEE Institute for Electrical and Electronics Engineers
  • the communication may utilize any proper wireless communication technology, comprising but not limited to: Code Division Multiple Access (CDMA) , Frequency Division Multiple Access (FDMA) , Time Division Multiple Access (TDMA) , Frequency Division Duplex (FDD) , Time Division Duplex (TDD) , Multiple-Input Multiple-Output (MIMO) , Orthogonal Frequency Division Multiple (OFDM) , Discrete Fourier Transform spread OFDM (DFT-s-OFDM) and/or any other technologies currently known or to be developed in the future.
  • CDMA Code Division Multiple Access
  • FDMA Frequency Division Multiple Access
  • TDMA Time Division Multiple Access
  • FDD Frequency Division Duplex
  • TDD Time Division Duplex
  • MIMO Multiple-Input Multiple-Output
  • OFDM Orthogonal Frequency Division Multiple
  • DFT-s-OFDM Discrete Fourier Transform spread OFDM
  • Fig. 2 shows a signaling chart illustrating a process 200 for authentication and authorization for the terminal device 109 in accordance with a conventional solution.
  • the authentication and authorization is performed via 5GS user plane, and the terminal device 109 may comprise a UAV or UAVC.
  • the terminal device 109 performs a registration (201) to the network.
  • the terminal device 109 requests (202) a PDU Session establishment or the PCF 107 provides PCC rules for the terminal device 109 via the SMF 106 to the UPF 111.
  • An application on the terminal device 109 starts (203) .
  • the terminal device 109 sends (204-1) a request for authentication and authorization to the UAS AF 113 over the user plane. Accordingly, the UAS AF 113 receives (204-2) the request.
  • the UAS AF 113 requests (205) subscription information specific to the terminal device 109 from the UDM 104 and/or the PCF/BSF 107.
  • the UAS AF 113 checks if the terminal device 109 has a valid aerial subscription based on the subscription information received from the UDM 104. If the check is successful, the UAS AF 113 determines, based on the subscription information, the UTM/USS 114 serving the terminal device 109 and triggers (206-1) authentication and authorization (also referred to as A&A) request towards the UTM/USS 114. Accordingly, the UTM/USS 114 receives (206-2) the request. The request can contain an indication about the used mobile operator and the 3GPP identity of the terminal device 109. If the check is un-successful, a response is sent to the terminal device 109 to reject the request.
  • the UTM/USS 114 checks (207) the request for operation of the terminal device 109 from the UAS AF 113 using the combined information from the terminal device 109 and from the mobile network operator of the terminal device 109.
  • UTM/USS 114 transmits (208-1) an accept response to the UAS AF 113. Accordingly, the UAS AF 113 receives (208-2) the accept response.
  • the response can include information specific to the application on the terminal device 109. For example, the information may include a token to be included for authentication reasons in succeeding application content interactions. If the check is un-successful, a response is sent to the UAS AF to reject the request.
  • the UAS AF 113 forwards (209-1) the response from the UTM/USS 114 to the terminal device 109 as a response to the request for authentication and authorization. Accordingly, the terminal device 109 receives (209-2) the response.
  • the terminal device 109 triggers a set-up of a secure connection to UTM/USS 114 using the token received in the response, for example.
  • the operation of the terminal device 109 can be handled (211) over the secure connection between the terminal device 109 and the UTM/USS 114.
  • the terminal device 109 executes normal 5G registration, establishes a PDU connection and then transmits the request for authentication and authorization to the UAS AF 113. Then, the request is forwarded to UTM/USS 114.
  • the 5G Core Network is not directly involved in the process of authentication and authorization. Thus, the 5G Core Network does not know the result of the authentication and authorization.
  • the network e.g. AMF, gNB
  • the network should be aware of whether the terminal device 109 is authorized in the drone domain. That is, the result of the authentication and authorization from the UTM/USS 114 needs to be provided to the 3GPP system providing connectivity.
  • example embodiments of the present disclosure provide a solution for notifying a device (for example a network device) about a result of authentication and authorization for another device (for example a terminal device) .
  • a first device receives a notification from a second device.
  • the notification indicates a result of authentication and authorization performed by the second device for the third device.
  • the first device updates a policy for communication between the third device and a Data Network based on the result.
  • the solution allows the 5GS to set policies and control the message exchange between UAV (s) via the 5G network (e.g. advertisements sent from a UAV to all other UAVs in a vicinity) or between UAVC and UAV.
  • FIG. 3 shows a signaling chart illustrating a process 300 for notifying a device about a result of authentication and authorization for another device in accordance with some example embodiments of the present disclosure.
  • a second device 302 performs (310) authentication and authorization for a third device.
  • the second device 302 Upon completion of the authentication and authorization, the second device 302 transmits (320) a notification to a first device 301. Accordingly, the first device 301 receives (330) the notification from the second device 302. The notification indicates a result of the authentication and authorization.
  • the first device 301 updates (340) a policy for communication between the third device and a DN based on the result.
  • the notification comprises an identity of the third device.
  • the first device 301 may transmit a subscription request for the result to the second device 302.
  • the subscription request comprises the identity of the third device.
  • the first device 301 may determine whether the result indicates a success of the authentication and authorization. If the result indicates a success of the authentication and authorization, the first device 301 may obtain a first policy for mobility management of the third device and update the policy for communication with the first policy. In some example embodiments, the first device 301 may install the first policy locally so as to update the policy for communication.
  • the notification further indicates an association between the third device and a fourth device.
  • the third device is controlled by the fourth device or the fourth device is controlled by the third device.
  • the third device comprises the terminal device 109 in Fig. 1.
  • the third device comprises a UAV and the fourth device comprises a UAVC.
  • the third device comprises the UAVC and the fourth device comprises the UAV.
  • the first device 301 if the result indicates the success of the authentication and authorization, the first device 301 establishes, based on the association between the third device and the fourth device, a Packet Data Unit (PDU) session for communication between the third device and the fourth device.
  • PDU Packet Data Unit
  • the first device 301 configures, based on the association between the third device and the fourth device, the UPF device 111 to route traffic between the second device 302 and the third device.
  • the first device 301 if the result indicates a failure of the authentication and authorization, the first device 301 terminates a PDU session for communication between the third device and a DN.
  • the first device 301 modifies a policy in the UPF device 111 to enable the third device to only communicate with the second device 302.
  • the first device 301 may receive the notification via a Network Exposure Function (NEF) device, which will be described below with reference to Figs. 4 and 5.
  • NEF Network Exposure Function
  • the first device 301 may receive the notification via a Service Capability Exposure Function (SCEF) device, or a Machine Type Communication Interworking Function (MTC-IWF) device.
  • SCEF Service Capability Exposure Function
  • MTC-IWF Machine Type Communication Interworking Function
  • the first device 301 comprises the AMF device 105. Upon receiving the notification, the first device 301 forwards the notification to at least one of the following: the UDM device 104, the SMF device 105, or a Policy Control Function device, which will be described below with reference to Fig. 4.
  • Fig. 4 shows a signaling chart illustrating a process 400 for notifying a device about a result of authentication and authorization for another device in accordance with other example embodiments of the present disclosure.
  • the process 400 may involve the AMF 105 in Fig. 1 implementing the first device 301 in Fig. 3, a UTM/USS 114 implementing the second device 302 in Fig. 3, and the terminal device 109 in Fig. 1 implementing the third device.
  • the process 400 may also involve the UDM 104, the SMF 106 in Fig. 1 and a NEF 115.
  • the communication process 400 will be described with reference to Fig. 1.
  • the terminal device 109 transmits (401-1) a REGISTRATION REQUEST message to the AMF 105. Accordingly, the AMF 105 receives (401-2) the REGISTRATION REQUEST.
  • the REGISTRATION REQUEST may optionally comprise an indication of a type of the terminal device 109.
  • the message may comprise an indication indicating that the terminal device 109 is a UAV.
  • the message may comprise an indication indicating that the terminal device 109 is a UAVC.
  • the indication of the type of the terminal device 109 may be provided by the terminal device 109 using e.g. a NAS signaling or stored in the UDM 104.
  • the AMF 105 obtains (402) subscriber data from the UDM 104 and the AMF 105 executes an IMEI check.
  • the subscriber data may include the indication of the type of the terminal device 109.
  • the subscriber data may include an identity of a UAS that the terminal device 109 belongs to.
  • the AMF 105 transmits (403-1) a REGISTRATION ACCEPT message to the terminal device 109.
  • the message may optionally comprise the indication of the type of the terminal device 109. Accordingly, the indication of the type of the terminal device 109 receives (403-2) the REGISTRATION ACCEPT message.
  • the AMF 105 transmits (404-1) optionally a SUSBCRIBE REQUEST to the UTM/USS 114 and/or UAS/AF (not shown) to be informed about the result of authentication and authorization for the terminal device 109.
  • the AMF 105 may transmit the SUSBCRIBE REQUEST directly to UTM/USS 114 and/or UAS/AF.
  • the AMF 105 may transmit the SUSBCRIBE REQUEST to UTM/USS 114 and/or UAS/AF via the NEF 115. Accordingly, the UTM/USS 114 receives (404-2) the SUSBCRIBE REQUEST.
  • the NEF 115 may support exposure of capabilities and events.
  • NF capabilities and events may be securely exposed by the NEF 115 for e.g. 3rd party, Application Functions, Edge Computing.
  • the NEF 115 stores/retrieves information as structured data using a standardized interface (Nudr) to the Unified Data Repository (UDR) .
  • Nudr standardized interface
  • UDR Unified Data Repository
  • the NEF 115 may support secure provision of information from external application to 3GPP network.
  • the NEF 115 provides a means for the Application Functions to securely provide information to 3GPP network, e.g. Expected UE Behaviour, 5GLAN group information and service specific information.
  • the NEF 115 may authenticate and authorize and assist in throttling the Application Functions.
  • the NEF 115 may support translation of internal-external information. For example, the NEF 115 translates between information exchanged with the AF and information exchanged with the internal network function. For example, the NEF 115 translates between an AF-Service-Identifier and internal 5G Core information such as DNN, S-NSSAI. In particular, the NEF 115 handles masking of network and user sensitive information to external AF's according to the network policy.
  • the NEF 115 may receive information from other network functions (based on exposed capabilities of other network functions) .
  • the NEF 115 may store the received information as structured data using a standardized interface to a Unified Data Repository (UDR) .
  • UDR Unified Data Repository
  • the stored information can be accessed and "re-exposed" by the NEF 115 to other network functions and Application Functions, and used for other purposes such as analytics.
  • the NEF 115 may also support a PFD Function.
  • the PFD Function in the NEF 115 may store and retrieve PFD (s) in the UDR and shall provide PFD (s) to the SMF on the request of SMF (pull mode) or on the request of PFD management from NEF (push mode) .
  • the NEF 115 may also support a 5GLAN Group Management Function.
  • the 5GLAN Group Management Function in the NEF may store the 5GLAN group information in the UDR via UDM.
  • the NEF 115 may also support exposure of analytics. NWDAF analytics may be securely exposed by NEF for external party.
  • the NEF 115 may also support retrieval of data from external party by NWDAF. Data provided by the external party may be collected by NWDAF via the NEF 115 for analytics generation purpose. The NEF 115 handles and forwards requests and notifications between NWDAF and AF.
  • the NEF 115 may also support Non-IP Data Delivery.
  • the NEF 115 provides a means for management of NIDD configuration and delivery of MO/MT unstructured data by exposing the NIDD APIs on the N33/Nnef reference point.
  • the SUSBCRIBE REQESST message may comprise an identity of the terminal device 109.
  • the identity of the terminal device 109 comprises one of the following: an identity of the UAS that the terminal device 109 belongs to, a Generic Public Subscription Identifier (GPSI) of the terminal device 109, or an Subscription Permanent Identifier (SUPI) of the terminal device 109.
  • GPSI Generic Public Subscription Identifier
  • SUPI Subscription Permanent Identifier
  • the terminal device 109 requests (405) a PDU SESSION ESTABLISHEMENT with the AMF 105, the SMF 106, and the UPF 111.
  • the PCF 107 provides PCC rules for the terminal device 109 via the SMF 106 to the UPF 111.
  • the authentication and authorization procedure 406 for the terminal device 109 is exchanged between the terminal device 109 and the UAS/AF and/or the UTM/USS 114.
  • Control of access to the UTM/USS 114 can be achieved by using a special Data Network Name (DNN) and/or using a special slice or a pre-defined policy in the UPF 111.
  • DNN Data Network Name
  • the UAS/AF and/or UTM/USS 114 transmits (407-1) a notification to the NEF 115.
  • a network address of the UAS/AF and/or UTM/USS 114 may be stored in the UDM 104 per UE or locally in the NEF 115.
  • a network address of the NEF 115 may be pre-configured.
  • the UTM/USS 114 may use other techniques (for example, DNS resolution) to receive the network address of the NEF 115.
  • the notification indicates a result of the authentication and authorization for the terminal device 109. Accordingly, the NEF 115 receives (407-2) the notification.
  • network addresses of the AMF 105, SMF 106 and PCF 107 may be stored in the UDM 104.
  • the NEF 115 may look up the UDM 104 to obtain the network addresses of the AMF 105, SMF 106 and PCF 107 and forwards the notification to one or several of these network functions.
  • the NEF 115 forwards (408-1) the notification to the AMF 105.
  • the AMF 105 receives (408-2) the notification.
  • the AMF 105 forwards (409-1) the notification to the UDM 104. Accordingly, the UDM 104 receives (409-2) the notification.
  • the AMF 105 forwards (410-1) the notification to the SMF 106. Accordingly, the SMF 106 receives (410-2) the notification.
  • the notification comprises the identity of the terminal device 109.
  • the notification comprises additional data relevant to the terminal device 109.
  • the additional data may comprise at least one of the following: allowed flight paths associated with identities of cells serving the third device, tracking areas associated with the terminal device 109, an allowed flight altitude for the terminal device 109, an allowed flight speed for the terminal device 109, an allowed mobility behavior for the terminal device 109, or capabilities of the terminal device 109.
  • the notification further indicates an association between the terminal device 109 and the fourth device controlling the terminal device 109.
  • the notification may indicate an association between a UAV 109 and a UAVC.
  • the AMF 105, the SMF 106 and the PCF 107 may store the result locally as part of the context for the terminal device 109.
  • the AMF 105, the SMF 106 and the PCF 107 may store the result in an Unstructured Data Storage Function (UDSF) .
  • UDSF Unstructured Data Storage Function
  • the AMF 105, the SMF 106 and the PCF 107 may take appropriate actions based on the result.
  • the actions can be pre-configured in the network or the AF or the UTM/USS 114 may instruct the AMF 105, the SMF 106 and the PCF 107 via the NEF 115 about the actions to be taken, either as part of the notification or in an extra message.
  • the AMF 105 may obtain the first policy for mobility management of the terminal device 109 from the PCF 111.
  • the AMF 105 may update the policy for communication between the terminal device 109 and the fourth device controlling the terminal device 109 with the first policy.
  • the first device 301 may install the first policy locally so as to update the policy for the communication. This allows the 5GS to set policies and control the message exchange between UAV (s) via the 5G network (e.g. advertisements sent from a UAV to all other UAVs in a vicinity) or between UAVC and UAV.
  • the first policy may comprise a paging policy for the terminal device 109 or the fourth device controlling the terminal device 109.
  • the paging policy may define paging in certain areas only, or step-wise paging.
  • the AMF 105 or the SMF 106 may determine that a PDU session for communication between the terminal device 109 and the UTM/USS 114 is to be established or modified based on the association between the terminal device 109 and the fourth device.
  • the AMF 105 or the SMF 106 may configure, based on the association, the UPF 111 to route traffic between the UTM/USS 114 and the terminal device 109. In this way, the routing for Command and Control Communication may be optimized.
  • the AMF 105 may terminate a PDU session for communication between the terminal device 109 and the DN 112.
  • the SMF 106 may modify a policy in the UPF 111 in such a way that the terminal device 109 only communicates with the UTM/USS 114 or other servers.
  • the SMF 106 may install (411) one or more policies specific to the terminal device 109 in the UPF 111. For example, the SMF 106 may install the one or more policies with the help of the PCF 107.
  • a network address of the AF or UTM/USS 114 may be stored in the UDM 104 per UE or locally in the NEF 115.
  • a network address of the NEF 115 may be obtained from the UDM 104 by looking up of Network Repository Function (NRF) or locally configured in the AMF 105, SMF 106, or PCF 107.
  • NEF Network Repository Function
  • the communication process 400 may be equally applicable to other communication scenarios.
  • the communication process 400 may be equally applicable to Evolved UMTS Terrestrial Radio Access Network (E-UTRAN) or Evolved Packet Core (EPC) .
  • Applicability to E-UTRAN or EPC may be achieved by replacing the UDM 104 with a Home Subscriber Server (HSS) , the AMF 105 or the SMF 106 with a Mobility Management Entity (MME) , the NEF 115 with a Service Capability Exposure Function (SCEF) and/or MTC-IWF, the UPF 111 with Packet Data Network Gateway (PGW) , the PCF 107 with a Policy Control and Charging Rules Function (PCRF) .
  • HSS Home Subscriber Server
  • MME Mobility Management Entity
  • SCEF Service Capability Exposure Function
  • PCRF Policy Control and Charging Rules Function
  • Fig. 5 shows a signaling chart illustrating a process 500 for notifying a device about a result of authentication and authorization for another device in accordance with other example embodiments of the present disclosure.
  • the process 500 may involve the UDM 104 in Fig. 1 implementing the first device 301 in Fig. 3, a UTM/USS 114 implementing the second device 302 in Fig. 3, and the terminal device 109 in Fig. 1 implementing the third device.
  • the process 500 may also involve the AMF 105, the SMF 106 in Fig. 1 and a NEF 115.
  • the communication process 500 will be described with reference to Fig. 1.
  • the process 500 is similar to the process 400. However, the process 500 is different from the process 400 in that in the process 500, the UTM/USS 114 transmits the notification to the UDM 104 via the NEF 115.
  • the UDM 104 forwards the notification to the AMF 105, and then the AMF 105 forwards the notification to the SMF 106.
  • the NEF 115 receives (407-2) the notification from the UTM/USS 114.
  • the NEF 115 forwards (503-1) the notification to the UDM 104. Accordingly, the UDM 104 receives (503-2) the notification.
  • the UDM 104 forwards (504-1) the notification to the AMF 105. Accordingly, the AMF 105 receives (504-2) the notification.
  • the process 500 is also different from the process 400 in that in the process 500, in order to be informed about the result of authentication and authorization, the AMF 105 transmits (501-1) a SUSBCRIBE REQUEST on behalf of the UDM 104 to the UTM/USS 114 and/or UAS/AF (including the address of the UDM 104) . Accordingly, the UTM/USS 114 receives (501-2) the SUSBCRIBE REQUEST. Alternatively, the UDM 104 transmits (502-1) a SUSBCRIBE REQUEST directly to the UTM/USS 114 and/or UAS/AF. Accordingly, the UTM/USS 114 receives (502-2) the SUSBCRIBE REQUEST.
  • Fig. 6 shows a flowchart of a method 600 for notifying a device about a result of authentication and authorization for another device in accordance with some embodiments of the present disclosure.
  • the method 600 may be implemented at the first device.
  • the first device receives a notification from a second device.
  • the notification indicates a result of authentication and authorization performed by the second device for the third device.
  • the first device updates a policy for communication between the third device and a data network based on the result of the authentication and authorization.
  • the method 600 further comprises transmitting a subscription request for the result from the first device to the second device.
  • the subscription request comprises an identity of the third device.
  • the identity of the third device comprises one of the following: an identity of an unmanned aerial system that the third device belongs to, a generic public subscription identifier of the third device, or a subscription permanent identifier of the third device.
  • the first device updates the policy for communication by: in accordance with a determination that the result indicates a success of the authentication and authorization, obtaining a first policy for mobility management of the third device, and updating the policy for communication with the first policy.
  • the notification further indicates an association between the third device and a fourth device, the third device is controlled by the fourth device or the fourth device is controlled by the third device.
  • the method 600 further comprises: in accordance with a determination that the result indicates a success of the authentication and authorization, establishing a first packet data unit session for communication between the third device and the second device and a second packet data unit session for communication between the fourth device and the second device based on the association.
  • the method 600 further comprises configuring, based on the association, a user plane function device to route traffic between the second device and the third device.
  • the method 600 further comprises: in accordance with a determination that the result indicates a failure of the authentication and authorization, terminating a packet data unit session for communication between the third device and a data network.
  • the method 600 further comprises: in accordance with a determination that the result indicates a failure of the authentication and authorization, modifying a policy in a user plane function device to enable the third device to only communicate with the second device.
  • the first device receives the notification by receiving the notification via one of the following: a network exposure function device, a service capability exposure function device, or a machine type communication interworking function device.
  • the first device comprises an Access and Mobility management Function device
  • the method 600 further comprises forwarding the notification to at least one of the following: a unified data management device, a session management function device, or a policy control function device.
  • the first device comprises a unified data management device
  • the method 600 further comprises forwarding the notification to at least one of the following: an access and mobility management function device, a session management function device via the access and mobility management function device, or a policy control function device via the access and mobility management function device.
  • the second device comprises an unmanned aerial system traffic management device
  • the third device comprises an unmanned aerial vehicle or unmanned aerial vehicle controller
  • the notification further comprises at least one of the following: allowed flight paths associated with identities of cells serving the third device, tracking areas associated with the third device, an allowed flight altitude for the third device, an allowed flight speed for the third device, an allowed mobility behavior for the third device, or capabilities of the third device.
  • Fig. 7 shows a flowchart of a method 700 for notifying a device about a result of authentication and authorization for another device in accordance with some embodiments of the present disclosure.
  • the method 700 may be implemented at the second device.
  • the second device performs authentication and authorization for a third device.
  • the second device transmits a notification to a first device, the notification indicating a result of the authentication and authorization.
  • the method 700 further comprises: receiving a subscription request for the result from the first device, the subscription request comprising an identity of the third device.
  • the identity of the third device comprises one of the following: an identity of an unmanned aerial system that the third device belongs to, a generic public subscription identifier of the third device, or a subscription permanent identifier of the third device.
  • the notification further indicates an association between the third device and a fourth device, the third device is controlled by the fourth device or the fourth device is controlled by the third device.
  • transmitting the notification comprises transmitting the notification via one of the following: a network exposure function device, a service capability exposure function device, or a machine type communication interworking function device.
  • the first device comprises an access and mobility management function device or a unified data management device
  • the second device comprises an unmanned aerial system traffic management device
  • the third device comprises an unmanned aerial vehicle or unmanned aerial vehicle controller.
  • the notification further comprises at least one of the following: allowed flight paths associated with identities of cells serving the third device, tracking areas associated with the third device, an allowed flight altitude for the third device, an allowed flight speed for the third device, an allowed mobility behavior for the third device, or capabilities of the third device.
  • an apparatus capable of performing any of the method 600 may comprise means for performing the respective steps of the method 600.
  • the means may be implemented in any suitable form.
  • the means may be implemented in a circuitry or software module.
  • the apparatus comprises: means for receiving a notification at a first device from a second device, the notification indicating a result of authentication and authorization performed by the second device for the third device; and means for updating a policy for communication between the third device and a data network based on the result of the authentication and authorization.
  • the apparatus further comprises means for transmitting a subscription request for the result from the first device to the second device.
  • the subscription request comprises an identity of the third device.
  • the identity of the third device comprises one of the following: an identity of an unmanned aerial system that the third device belongs to, a generic public subscription identifier of the third device, or a subscription permanent identifier of the third device.
  • the first device updates the policy for communication by: in accordance with a determination that the result indicates a success of the authentication and authorization, obtaining a first policy for mobility management of the third device, and updating the policy for communication with the first policy.
  • the notification further indicates an association between the third device and a fourth device, the third device is controlled by the fourth device or the fourth device is controlled by the third device.
  • the apparatus further comprises: in accordance with a determination that the result indicates a success of the authentication and authorization, means for establishing a first packet data unit session for communication between the third device and the second device and a second packet data unit session for communication between the fourth device and the second device based on the association.
  • the apparatus further comprises means for configuring, based on the association, a user plane function device to route traffic between the second device and the third device.
  • the apparatus further comprises: in accordance with a determination that the result indicates a failure of the authentication and authorization, means for terminating a packet data unit session for communication between the third device and a data network.
  • the apparatus further comprises: in accordance with a determination that the result indicates a failure of the authentication and authorization, means for modifying a policy in a user plane function device to enable the third device to only communicate with the second device.
  • the means for receiving the notification comprises means for receiving the notification via one of the following: a network exposure function device, a service capability exposure function device, or a machine type communication interworking function device.
  • the first device comprises an Access and Mobility management Function device
  • the apparatus further comprises means for forwarding the notification to at least one of the following: a unified data management device, a session management function device, or a policy control function device.
  • the first device comprises a unified data management device
  • the apparatus further comprises means for forwarding the notification to at least one of the following: an access and mobility management function device, a session management function device via the access and mobility management function device, or a policy control function device via the access and mobility management function device.
  • the second device comprises an unmanned aerial system traffic management device
  • the third device comprises an unmanned aerial vehicle or unmanned aerial vehicle controller
  • the notification further comprises at least one of the following: allowed flight paths associated with identities of cells serving the third device, tracking areas associated with the third device, an allowed flight altitude for the third device, an allowed flight speed for the third device, an allowed mobility behavior for the third device, or capabilities of the third device.
  • an apparatus capable of performing any of the method 700 may comprise means for performing the respective steps of the method 700.
  • the means may be implemented in any suitable form.
  • the means may be implemented in a circuitry or software module.
  • the apparatus comprises: means for performing, at a second device, authentication and authorization for a third device; and means for transmitting a notification to a first device, the notification indicating a result of the authentication and authorization.
  • the apparatus further comprises: receiving a subscription request for the result from the first device, the subscription request comprising an identity of the third device.
  • the identity of the third device comprises one of the following: an identity of an unmanned aerial system that the third device belongs to, a generic public subscription identifier of the third device, or a subscription permanent identifier of the third device.
  • the notification further indicates an association between the third device and a fourth device, the third device is controlled by the fourth device or the fourth device is controlled by the third device.
  • means for transmitting the notification comprises means for transmitting the notification via one of the following: a network exposure function device, a service capability exposure function device, or a machine type communication interworking function device.
  • the first device comprises an access and mobility management function device or a unified data management device
  • the second device comprises an unmanned aerial system traffic management device
  • the third device comprises an unmanned aerial vehicle or unmanned aerial vehicle controller.
  • the notification further comprises at least one of the following: allowed flight paths associated with identities of cells serving the third device, tracking areas associated with the third device, an allowed flight altitude for the third device, an allowed flight speed for the third device, an allowed mobility behavior for the third device, or capabilities of the third device.
  • Fig. 8 is a simplified block diagram of a device 800 that is suitable for implementing embodiments of the present disclosure.
  • the device 800 may be provided to implement the communication device, for example the first device 301, the second device 302, the AMF 105, the UDM 104, the SMF 106 or the PCF 107.
  • the device 800 includes one or more processors 810, one or more memories 820 coupled to the processor 810, and one or more communication modules 840 coupled to the processor 810.
  • the communication module 840 is for bidirectional communications.
  • the communication module 840 has at least one antenna to facilitate communication.
  • the communication interface may represent any interface that is necessary for communication with other network elements.
  • the processor 810 may be of any type suitable to the local technical network and may include one or more of the following: general purpose computers, special purpose computers, microprocessors, digital signal processors (DSPs) and processors based on multicore processor architecture, as non-limiting examples.
  • the device 800 may have multiple processors, such as an application specific integrated circuit chip that is slaved in time to a clock which synchronizes the main processor.
  • the memory 820 may include one or more non-volatile memories and one or more volatile memories.
  • the non-volatile memories include, but are not limited to, a Read Only Memory (ROM) 824, an electrically programmable read only memory (EPROM) , a flash memory, a hard disk, a compact disc (CD) , a digital video disk (DVD) , and other magnetic storage and/or optical storage.
  • the volatile memories include, but are not limited to, a random access memory (RAM) 822 and other volatile memories that will not last in the power-down duration.
  • a computer program 830 includes computer executable instructions that are executed by the associated processor 810.
  • the program 830 may be stored in the ROM 820.
  • the processor 810 may perform any suitable actions and processing by loading the program 830 into the RAM 820.
  • the embodiments of the present disclosure may be implemented by means of the program 830 so that the device 800 may perform any process of the disclosure as discussed with reference to Figs. 6 to 7.
  • the embodiments of the present disclosure may also be implemented by hardware or by a combination of software and hardware.
  • the program 830 may be tangibly contained in a computer readable medium which may be included in the device 800 (such as in the memory 820) or other storage devices that are accessible by the device 800.
  • the device 800 may load the program 830 from the computer readable medium to the RAM 822 for execution.
  • the computer readable medium may include any types of tangible non-volatile storage, such as ROM, EPROM, a flash memory, a hard disk, CD, DVD, and the like.
  • Fig. 9 shows an example of the computer readable medium 900 in form of CD or DVD.
  • the computer readable medium has the program 830 stored thereon.
  • NFV network functions virtualization
  • a virtualized network function may comprise one or more virtual machines running computer program codes using standard or general type servers instead of customized hardware. Cloud computing or data storage may also be utilized.
  • radio communications this may mean node operations to be carried out, at least partly, in a central/centralized unit, CU, (e.g. server, host or node) operationally coupled to distributed unit, DU, (e.g. a radio head/node) . It is also possible that node operations will be distributed among a plurality of servers, nodes or hosts. It should also be understood that the distribution of labour between core network operations and base station operations may vary depending on implementation.
  • the server may generate a virtual network through which the server communicates with the distributed unit.
  • virtual networking may involve a process of combining hardware and software network resources and network functionality into a single, software-based administrative entity, a virtual network.
  • Such virtual network may provide flexible distribution of operations between the server and the radio head/node.
  • any digital signal processing task may be performed in either the CU or the DU and the boundary where the responsibility is shifted between the CU and the DU may be selected according to implementation.
  • a CU-DU architecture is implemented.
  • the device 800 may be comprised in a central unit (e.g. a control unit, an edge cloud server, a server) operatively coupled (e.g. via a wireless or wired network) to a distributed unit (e.g. a remote radio head/node) .
  • the central unit e.g. an edge cloud server
  • the distributed unit may be stand-alone apparatuses communicating with each other via a radio path or via a wired connection. Alternatively, they may be in a same entity communicating via a wired connection, etc.
  • the edge cloud or edge cloud server may serve a plurality of distributed units or a radio access networks.
  • at least some of the described processes may be performed by the central unit.
  • the device 800 may be instead comprised in the distributed unit, and at least some of the described processes may be performed by the distributed unit.
  • the execution of at least some of the functionalities of the device 800 may be shared between two physically separate devices (DU and CU) forming one operational entity. Therefore, the apparatus may be seen to depict the operational entity comprising one or more physically separate devices for executing at least some of the described processes.
  • CU-DU architecture may provide flexible distribution of operations between the CU and the DU. In practice, any digital signal processing task may be performed in either the CU or the DU and the boundary where the responsibility is shifted between the CU and the DU may be selected according to implementation.
  • the device 800 controls the execution of the processes, regardless of the location of the apparatus and regardless of where the processes/functions are carried out.
  • various embodiments of the present disclosure may be implemented in hardware or special purpose circuits, software, logic or any combination thereof. Some aspects may be implemented in hardware, while other aspects may be implemented in firmware or software which may be executed by a controller, microprocessor or other computing device. While various aspects of embodiments of the present disclosure are illustrated and described as block diagrams, flowcharts, or using some other pictorial representations, it is to be understood that the block, apparatus, system, technique or method described herein may be implemented in, as non-limiting examples, hardware, software, firmware, special purpose circuits or logic, general purpose hardware or controller or other computing devices, or some combination thereof.
  • the present disclosure also provides at least one computer program product tangibly stored on a non-transitory computer readable storage medium.
  • the computer program product includes computer-executable instructions, such as those included in program modules, being executed in a device on a target real or virtual processor, to carry out the method 600 or 700 as described above with reference to Figs. 6-7.
  • program modules include routines, programs, libraries, objects, classes, components, data structures, or the like that perform particular tasks or implement particular abstract data types.
  • the functionality of the program modules may be combined or split between program modules as desired in various embodiments.
  • Machine-executable instructions for program modules may be executed within a local or distributed device. In a distributed device, program modules may be located in both local and remote storage media.
  • Program code for carrying out methods of the present disclosure may be written in any combination of one or more programming languages. These program codes may be provided to a processor or controller of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the program codes, when executed by the processor or controller, cause the functions/operations specified in the flowcharts and/or block diagrams to be implemented.
  • the program code may execute entirely on a machine, partly on the machine, as a stand-alone software package, partly on the machine and partly on a remote machine or entirely on the remote machine or server.
  • the computer program codes or related data may be carried by any suitable carrier to enable the device, apparatus or processor to perform various processes and operations as described above.
  • Examples of the carrier include a signal, computer readable medium, and the like.
  • the computer readable medium may be a computer readable signal medium or a computer readable storage medium.
  • a computer readable medium may include but not limited to an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of the computer readable storage medium would include an electrical connection having one or more wires, a portable computer diskette, a hard disk, a random access memory (RAM) , a read-only memory (ROM) , an erasable programmable read-only memory (EPROM or Flash memory) , an optical fiber, a portable compact disc read-only memory (CD-ROM) , an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Aviation & Aerospace Engineering (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Des modes de réalisation de la présente invention concernent la notification d'un dispositif concernant un résultat d'authentification et d'autorisation pour un autre dispositif. Un premier dispositif reçoit une notification en provenance d'un deuxième dispositif. La notification indique un résultat d'authentification et d'autorisation impliquant le deuxième dispositif et un troisième dispositif. Le premier dispositif met également à jour des politiques de communication entre le troisième dispositif et un réseau de données ou un quatrième dispositif sur la base du résultat d'authentification et d'autorisation.
PCT/CN2020/105937 2020-07-30 2020-07-30 Notification de réseau concernant le résultat d'authentification et d'autorisation d'un dispositif terminal WO2022021239A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/CN2020/105937 WO2022021239A1 (fr) 2020-07-30 2020-07-30 Notification de réseau concernant le résultat d'authentification et d'autorisation d'un dispositif terminal
CN202080104526.8A CN116114002A (zh) 2020-07-30 2020-07-30 向网络通知终端设备的认证和授权的结果

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2020/105937 WO2022021239A1 (fr) 2020-07-30 2020-07-30 Notification de réseau concernant le résultat d'authentification et d'autorisation d'un dispositif terminal

Publications (1)

Publication Number Publication Date
WO2022021239A1 true WO2022021239A1 (fr) 2022-02-03

Family

ID=80037422

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/105937 WO2022021239A1 (fr) 2020-07-30 2020-07-30 Notification de réseau concernant le résultat d'authentification et d'autorisation d'un dispositif terminal

Country Status (2)

Country Link
CN (1) CN116114002A (fr)
WO (1) WO2022021239A1 (fr)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018178752A1 (fr) * 2017-03-31 2018-10-04 Telefonaktiebolaget Lm Ericsson (Publ) Procédés et systèmes d'utilisation de services de localisation de réseau dans un cadre de gestion de trafic de systèmes d'aéronef sans pilote
CN111433828A (zh) * 2017-10-16 2020-07-17 交互数字专利控股公司 用于无人驾驶航空系统(uas)业务管理(utm)的协议设计

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100428677C (zh) * 2006-01-21 2008-10-22 华为技术有限公司 一种订阅呈现信息的方法和系统
CN110015418B (zh) * 2015-03-31 2021-05-18 深圳市大疆创新科技有限公司 用于生成飞行管制的认证系统和方法
US20190087576A1 (en) * 2016-04-14 2019-03-21 Rhombus Systems Group, Inc. System for verification of integrity of unmanned aerial vehicles
US10338609B2 (en) * 2017-03-31 2019-07-02 T-Mobile Usa, Inc. Authorizing drone access to fulfillment centers
CN110278085A (zh) * 2018-03-15 2019-09-24 宗鹏 无人机远程授权与遥控信道加密技术
WO2020091281A1 (fr) * 2018-11-02 2020-05-07 엘지전자 주식회사 Procédé et appareil pour effectuer une authentification de serveur mandataire pour une permission d'accès par un terminal dans un système de communication sans fil
CN111432457A (zh) * 2019-01-09 2020-07-17 华为技术有限公司 一种通信方法和通信装置
CN111436050B (zh) * 2019-01-11 2022-04-05 华为技术有限公司 无线网络通信方法、网络设备和终端
CN109756261B (zh) * 2019-02-03 2022-03-11 飞牛智能科技(南京)有限公司 基于移动运营商网络的无人机身份标识告警与通知方法

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018178752A1 (fr) * 2017-03-31 2018-10-04 Telefonaktiebolaget Lm Ericsson (Publ) Procédés et systèmes d'utilisation de services de localisation de réseau dans un cadre de gestion de trafic de systèmes d'aéronef sans pilote
CN111433828A (zh) * 2017-10-16 2020-07-17 交互数字专利控股公司 用于无人驾驶航空系统(uas)业务管理(utm)的协议设计

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
INTERDIGITAL: "Solution for UAV Authentication and Authorization by USS/UTM using key bootstrapping based on 3GPP credentials", 3GPP DRAFT; S2-2004166, 3RD GENERATION PARTNERSHIP PROJECT (3GPP), MOBILE COMPETENCE CENTRE ; 650, ROUTE DES LUCIOLES ; F-06921 SOPHIA-ANTIPOLIS CEDEX ; FRANCE, vol. SA WG2, no. e-meeting; 20200601 - 20200612, 22 May 2020 (2020-05-22), Mobile Competence Centre ; 650, route des Lucioles ; F-06921 Sophia-Antipolis Cedex ; France , XP051890171 *
INTERDIGITAL: "Solution for UAV Authentication and Authorization by UTM using UTM authorization token", 3GPP DRAFT; S2-2004167, 3RD GENERATION PARTNERSHIP PROJECT (3GPP), MOBILE COMPETENCE CENTRE ; 650, ROUTE DES LUCIOLES ; F-06921 SOPHIA-ANTIPOLIS CEDEX ; FRANCE, vol. SA WG2, no. e-meeting; 20200601 - 20200612, 22 May 2020 (2020-05-22), Mobile Competence Centre ; 650, route des Lucioles ; F-06921 Sophia-Antipolis Cedex ; France , XP051890172 *

Also Published As

Publication number Publication date
CN116114002A (zh) 2023-05-12

Similar Documents

Publication Publication Date Title
KR102664128B1 (ko) 향상된 nef 기능, mec 및 5g 통합
US11363447B2 (en) Method and device for managing and allocating binding service in a wireless network
US20230189380A1 (en) Small data exchange handling by a user equipment in inactive state
ES2925551T3 (es) Aparato, método y programa informático para el control de la función del plano de usuario mediante un conjunto de controladores
US20240205781A1 (en) User equipment trajectory-assisted handover
WO2019101292A1 (fr) Fonction et procédé de traitement de trafic pour une application
EP3817453A1 (fr) Procédé et appareil de communication
CN115997375A (zh) 在第五代(5g)系统中提供对本地化服务的接入(pals)
WO2023016395A1 (fr) Procédé et appareil de communication pour une communication sécurisée
EP4406335A1 (fr) Utilisation d'un canal d'accès aléatoire physique (prach) pour identifier de multiples caractéristiques et combinaisons de caractéristiques
US11071051B1 (en) Systems and methods for SCEF-assisted MEC traffic breakout
EP4221315A1 (fr) Fonction de plan d'utilisateur multiple prenant en charge l'orientation, la commutation et la division du trafic d'accès pour une session d'unité de données par paquets à accès multiple
US20240236183A1 (en) Remote direct memory access (rdma) support in cellular networks
US20240154883A1 (en) Sixth generation (6g) system architecture and functions
US20240187340A1 (en) Enhanced service classification for service function chaining in next generation cellular networks
JP2024527221A (ja) 物理アップリンク共有チャネルの複数のスロットにわたるトランスポートブロックの処理のレートマッチング
WO2022021239A1 (fr) Notification de réseau concernant le résultat d'authentification et d'autorisation d'un dispositif terminal
JP2024528779A (ja) 単一のdciを介したマルチpdsch/puschスケジューリングを伴うマルチセル通信
CN115250465A (zh) 用在核心网中的装置
WO2022140170A1 (fr) Améliorations apportées à des états inactifs et au repos de commande de ressources radio (rrc) et à une transition à un état connecté dans des réseaux cellulaires
WO2022039835A1 (fr) Identification d'un ue à l'aide de son adresse ip source
WO2023212872A1 (fr) Gestion d'interface ip externe dans un nœud de routeur ip 5gs
US20230247482A1 (en) Access traffic steering, switching, and splitting with branching point or uplink classifier on the path
WO2023212882A1 (fr) Opération de routage et de transfert ip et gestion de noeud de routeur ip
US20240340772A1 (en) Steering of roaming enhancement during registration reject

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20947737

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20947737

Country of ref document: EP

Kind code of ref document: A1