WO2022028717A1

WO2022028717A1 - Service based communication between access networks and core networks

Info

Publication number: WO2022028717A1
Application number: PCT/EP2020/072291
Authority: WO
Inventors: Bruno Landais; Horst Thomas BELLING
Original assignee: Nokia Technologies Oy
Priority date: 2020-08-07
Filing date: 2020-08-07
Publication date: 2022-02-10

Abstract

There are provided measures for service based communication between access networks and core networks. Such measures exemplarily comprise, at a first network entity, noticing that a first abstract syntax notation (1) encoded next generation application protocol packet data unit is to be sent to a second network entity, encapsulating said first abstract syntax notation (1) encoded next generation application protocol packet data unit into a first hypertext transfer protocol message, and transmitting said first hypertext transfer protocol message towards said second network entity, wherein said first network entity is an access network entity and said second network entity is a core network entity, or wherein said first network entity is a core network entity and said second network entity is an access network entity.

Description

Title

Service based communication between access networks and core networks

Field

Various example embodiments relate to service based communication between access networks and core networks. More specifically, various example embodiments exemplarily relate to measures (including methods, apparatuses and computer program products) for realizing service based communication between access networks and core networks.

Background

The present specification generally relates to the (potential) use of the service-based architecture (SBA) in the Third Generation Partnership Project (3GPP) (radio) access network (AN) and/or on the interface between the AN and the 3GPP core network (ON). With 5G, the core network of (3GPP) cellular networks has been redesigned to use SBA. Discussion is starting on whether (or not) the SBA should be used in future cellular networks also in the RAN or on the interface AN-CN (service-based interface (SBI)).

In other words, 5G core network (5GC) is defined as an SBA. On the other hand, the interface between the AN and the ON is defined as a legacy point to point interface since the very early generations of public land mobile network (PLMN). In the 5G system (5GS), N2 is designed as a 3GPP NG-C application protocol over stream control transmission protocol (SCTP), between the gNB (or ng-eNB) and the access and mobility management function (AMF). Figure 13 shows a schematic diagram of an example of a system environment of a 5G system illustrating the SBA being applied to the 5G core network and non-service based interfaces to the access network (e.g. point to point interface N2).

The legacy point to point interface and protocol between the AN and ON bears some problems and disadvantages, a couple of which are discussed herein below.

On the one hand, the interface relies on a 3GPP specific protocol (NG application protocol messages encoded in abstract syntax notation one (ASN.l, abstract syntax notation 1)), which is not as cloud-friendly, easy to deploy and open as web technologies such as HTTP based APIs.

Further, the legacy point to point interface assumes fixed communicating peers ("point-to-point interface") and a fixed set of functionalities, which does not allow easy and fast roll-out of new functionalities.

Still further, the legacy point to point interface does not allow services to be deployed independently from each other, which limits the scalability of the AN by not enabling services to be scaled up and down easily and flexibly.

Furthermore, the legacy point to point interface does not enable different functionalities to be placed flexibly and independently in the network, e.g., does not take into account different service requirements.

Finally, maintaining a 3GPP system consisting of cloud native and non-cloud native protocols in predominantly cloud based environment causes complexities and costs for operators to deploy and operate.

Re-designing an SBI between the AN and ON would address at least some of the problems and disadvantages. Namely, web technologies (hypertext transfer protocol (HTTP) based application programming interfaces (API)) are cloud-friendly, easy to deploy and open. Besides, a large user community exists for web services.

Further, with an SBI, operators could deploy and scale 5G AN services (APIs) independently from each other (e.g. scaling "paging" service instances dynamically as a function of traffic).

Still further, an SBI would allow to instantiate different AN service instances per network slice.

Furthermore, an SBI would allow leveraging the SBA service framework deployed by the operator for the 5GC services.

Finally, an SBI would allow to support embedded security (hypertext transfer protocol security (HTTPS)), i.e. an SBI would render a security gateway (SeGW) to secure the AN-CN interface superfluous.

However, re-designing the AN along an SBA requires a major re-design of the AN and all the interactions between the AN and ON. Considering the extent of the required changes, this is unlikely to happen in near or even mid term. Furthermore, once the system architecture would be re-designed as a SBA, upgrading or deploying ANs supporting the SBA would take time.

Hence, the problem arises that there is a need to design a potential shorter- term solution with minimal impacts on the AN and the CN, that could be deployed as an interim solution towards an SBI between the AN and CN much earlier, even possibly in the 5GS.

Hence, there is a need to provide for service based communication between access networks and core networks. Various example embodiments aim at addressing at least part of the above issues and/or problems and drawbacks.

Various aspects of example embodiments are set out in the appended claims.

According to an example aspect, there is provided a method of a first network entity, the method comprising noticing that a first abstract syntax notation 1 encoded next generation application protocol packet data unit is to be sent to a second network entity, encapsulating said first abstract syntax notation 1 encoded next generation application protocol packet data unit into a first hypertext transfer protocol message, and transmitting said first hypertext transfer protocol message towards said second network entity, wherein said first network entity is an access network entity, and said second network entity is a core network entity, or wherein said first network entity is a core network entity, and said second network entity is an access network entity.

According to an example aspect, there is provided a method of a first network entity, the method comprising receiving, from a second network entity, a first hypertext transfer protocol message having a first abstract syntax notation 1 encoded next generation application protocol packet data unit encapsulated, and extracting said first abstract syntax notation 1 encoded next generation application protocol packet data unit from said first hypertext transfer protocol message, wherein said first network entity is an access network entity, and said second network entity is a core network entity, or wherein said first network entity is a core network entity, and said second network entity is an access network entity.

According to an example aspect, there is provided a method of a network repository function entity, the method comprising receiving, from a first network entity, a registration request registering said first network entity as providing a service allowing encapsulation and/or extraction of abstract syntax notation 1 encoded next generation application protocol packet data units into/from hypertext transfer protocol messages, entering, into a register, said first network entity as providing said service allowing encapsulation and/or extraction of abstract syntax notation 1 encoded next generation application protocol packet data units into/from hypertext transfer protocol messages, receiving, from a second network entity, a discovery message enquiring available service endpoints for a specific service allowing encapsulation and/or extraction of abstract syntax notation 1 encoded next generation application protocol packet data units into/from hypertext transfer protocol messages, wherein said discovery message includes at least information on said specific service and an identifier of a set of service endpoints, and transmitting, towards said second network entity, a discovery response message including information on at least one available service endpoint for said specific service, wherein said discovery response message includes information on said first network entity, if said service allowing encapsulation and/or extraction of abstract syntax notation 1 encoded next generation application protocol packet data units into/from hypertext transfer protocol messages is said specific service and said first network entity is included in said set of service endpoints, wherein said first network entity is an access network entity, and said second network entity is a core network entity, or wherein said first network entity is a core network entity, and said second network entity is an access network entity.

According to an example aspect, there is provided a method of an authorization server, the method comprising receiving, from a first network entity, a request for an access authorization token with respect to a second network entity, and transmitting, towards said first network entity, said access authorization token with respect to said second network entity, wherein said first network entity is an access network entity, and said second network entity is a core network entity, or wherein said first network entity is a core network entity, and said second network entity is an access network entity. According to an example aspect, there is provided an apparatus of a first network entity, the apparatus comprising noticing circuitry configured to notice that a first abstract syntax notation 1 encoded next generation application protocol packet data unit is to be sent to a second network entity, encapsulating circuitry configured to encapsulate said first abstract syntax notation 1 encoded next generation application protocol packet data unit into a first hypertext transfer protocol message, and transmitting circuitry configured to transmit said first hypertext transfer protocol message towards said second network entity, wherein said first network entity is an access network entity, and said second network entity is a core network entity, or wherein said first network entity is a core network entity, and said second network entity is an access network entity.

According to an example aspect, there is provided an apparatus of a first network entity, the apparatus comprising receiving circuitry configured to receive, from a second network entity, a first hypertext transfer protocol message having a first abstract syntax notation 1 encoded next generation application protocol packet data unit encapsulated, and extracting circuitry configured to extract said first abstract syntax notation 1 encoded next generation application protocol packet data unit from said first hypertext transfer protocol message, wherein said first network entity is an access network entity, and said second network entity is a core network entity, or wherein said first network entity is a core network entity, and said second network entity is an access network entity.

According to an example aspect, there is provided an apparatus of a network repository function entity, the apparatus comprising receiving circuitry configured to receive, from a first network entity, a registration request registering said first network entity as providing a service allowing encapsulation and/or extraction of abstract syntax notation 1 encoded next generation application protocol packet data units into/from hypertext transfer protocol messages, entering circuitry configured to enter, into a register, said first network entity as providing said service allowing encapsulation and/or extraction of abstract syntax notation 1 encoded next generation application protocol packet data units into/from hypertext transfer protocol messages, receiving circuitry configured to receive, from a second network entity, a discovery message enquiring available service endpoints for a specific service allowing encapsulation and/or extraction of abstract syntax notation 1 encoded next generation application protocol packet data units into/from hypertext transfer protocol messages, wherein said discovery message includes at least information on said specific service and an identifier of a set of service endpoints, and transmitting circuitry configured to transmit, towards said second network entity, a discovery response message including information on at least one available service endpoint for said specific service, wherein said discovery response message includes information on said first network entity, if said service allowing encapsulation and/or extraction of abstract syntax notation 1 encoded next generation application protocol packet data units into/from hypertext transfer protocol messages is said specific service and said first network entity is included in said set of service endpoints, wherein said first network entity is an access network entity, and said second network entity is a core network entity, or wherein said first network entity is a core network entity, and said second network entity is an access network entity.

According to an example aspect, there is provided an apparatus of an authorization server, the apparatus comprising receiving circuitry configured to receive, from a first network entity, a request for an access authorization token with respect to a second network entity, and transmitting circuitry configured to transmit, towards said first network entity, said access authorization token with respect to said second network entity, wherein said first network entity is an access network entity, and said second network entity is a core network entity, or wherein said first network entity is a core network entity, and said second network entity is an access network entity.

According to an example aspect, there is provided an apparatus of a first network entity, the apparatus comprising at least one processor, at least one memory including computer program code, and at least one interface configured for communication with at least another apparatus, the at least one processor, with the at least one memory and the computer program code, being configured to cause the apparatus to perform noticing that a first abstract syntax notation 1 encoded next generation application protocol packet data unit is to be sent to a second network entity, encapsulating said first abstract syntax notation 1 encoded next generation application protocol packet data unit into a first hypertext transfer protocol message, and transmitting said first hypertext transfer protocol message towards said second network entity, wherein said first network entity is an access network entity, and said second network entity is a core network entity, or said first network entity is a core network entity, and said second network entity is an access network entity.

According to an example aspect, there is provided an apparatus of a first network entity, the apparatus comprising at least one processor, at least one memory including computer program code, and at least one interface configured for communication with at least another apparatus, the at least one processor, with the at least one memory and the computer program code, being configured to cause the apparatus to perform receiving, from a second network entity, a first hypertext transfer protocol message having a first abstract syntax notation 1 encoded next generation application protocol packet data unit encapsulated, and extracting said first abstract syntax notation 1 encoded next generation application protocol packet data unit from said first hypertext transfer protocol message, wherein said first network entity is an access network entity, and said second network entity is a core network entity, or wherein said first network entity is a core network entity, and said second network entity is an access network entity.

According to an example aspect, there is provided an apparatus of a network repository function entity, the apparatus comprising at least one processor, at least one memory including computer program code, and at least one interface configured for communication with at least another apparatus, the at least one processor, with the at least one memory and the computer program code, being configured to cause the apparatus to perform receiving, from a first network entity, a registration request registering said first network entity as providing a service allowing encapsulation and/or extraction of abstract syntax notation 1 encoded next generation application protocol packet data units into/from hypertext transfer protocol messages, entering, into a register, said first network entity as providing said service allowing encapsulation and/or extraction of abstract syntax notation 1 encoded next generation application protocol packet data units into/from hypertext transfer protocol messages, receiving, from a second network entity, a discovery message enquiring available service endpoints for a specific service allowing encapsulation and/or extraction of abstract syntax notation 1 encoded next generation application protocol packet data units into/from hypertext transfer protocol messages, wherein said discovery message includes at least information on said specific service and an identifier of a set of service endpoints, and transmitting, towards said second network entity, a discovery response message including information on at least one available service endpoint for said specific service, wherein said discovery response message includes information on said first network entity, if said service allowing encapsulation and/or extraction of abstract syntax notation 1 encoded next generation application protocol packet data units into/from hypertext transfer protocol messages is said specific service and said first network entity is included in said set of service endpoints, wherein said first network entity is an access network entity, and said second network entity is a core network entity, or wherein said first network entity is a core network entity, and said second network entity is an access network entity.

According to an example aspect, there is provided an apparatus of an authorization server, the apparatus comprising at least one processor, at least one memory including computer program code, and at least one interface configured for communication with at least another apparatus, the at least one processor, with the at least one memory and the computer program code, being configured to cause the apparatus to perform receiving, from a first network entity, a request for an access authorization token with respect to a second network entity, and transmitting, towards said first network entity, said access authorization token with respect to said second network entity, wherein said first network entity is an access network entity, and said second network entity is a core network entity, or wherein said first network entity is a core network entity, and said second network entity is an access network entity.

According to an example aspect, there is provided a computer program product comprising computer-executable computer program code which, when the program is run on a computer (e.g. a computer of an apparatus according to any one of the aforementioned apparatus-related exemplary aspects of the present disclosure), is configured to cause the computer to carry out the method according to any one of the aforementioned method- related exemplary aspects of the present disclosure.

Such computer program product may comprise (or be embodied) a (tangible) computer-readable (storage) medium or the like on which the computerexecutable computer program code is stored, and/or the program may be directly loadable into an internal memory of the computer or a processor thereof.

Any one of the above aspects enables an efficient service based architecture like communication and cooperation between the access network and the core network with a reduced effort for deployment of the corresponding interface and with minimal impacts on the access network and the core network to thereby solve at least part of the problems and drawbacks identified in relation to the prior art.

By way of example embodiments, there is provided service based communication between access networks and core networks. More specifically, by way of example embodiments, there are provided measures and mechanisms for realizing service based communication between access networks and core networks.

Thus, improvement is achieved by methods, apparatuses and computer program products enabling/realizing service based communication between access networks and core networks.

Brief description of the drawings

In the following, the present disclosure will be described in greater detail by way of non-limiting examples with reference to the accompanying drawings, in which

Figure 1 is a block diagram illustrating an apparatus according to example embodiments,

Figure 2 is a block diagram illustrating an apparatus according to example embodiments,

Figure 3 is a block diagram illustrating an apparatus according to example embodiments,

Figure 4 is a block diagram illustrating an apparatus according to example embodiments,

Figure 5 is a block diagram illustrating an apparatus according to example embodiments,

Figure 6 is a block diagram illustrating an apparatus according to example embodiments,

Figure 7 is a block diagram illustrating an apparatus according to example embodiments, Figure 8 is a block diagram illustrating an apparatus according to example embodiments,

Figure 9 is a schematic diagram of a procedure according to example embodiments,

Figure 10 is a schematic diagram of a procedure according to example embodiments,

Figure 11 is a schematic diagram of a procedure according to example embodiments,

Figure 12 is a schematic diagram of a procedure according to example embodiments,

Figure 13 shows a schematic diagram of an example of a system environment of a 5G system illustrating the SBA being applied to the 5G core network and non-service based interfaces to the access network (e.g. point to point interface N2),

Figure 14 shows a schematic diagram of signaling sequences according to example embodiments,

Figure 15 shows a schematic diagram of signaling sequences according to example embodiments,

Figure 16 shows a schematic diagram of signaling sequences according to example embodiments,

Figure 17 shows a schematic diagram of signaling sequences according to example embodiments, Figure 18 shows a schematic diagram of signaling sequences according to example embodiments,

Figure 19 shows a schematic diagram of signaling sequences according to example embodiments,

Figure 20 shows a schematic diagram of signaling sequences according to example embodiments,

Figure 21 shows a schematic diagram of signaling sequences according to example embodiments, and

Figure 22 is a block diagram alternatively illustrating apparatuses according to example embodiments.

Detailed description

The present disclosure is described herein with reference to particular nonlimiting examples and to what are presently considered to be conceivable embodiments. A person skilled in the art will appreciate that the disclosure is by no means limited to these examples, and may be more broadly applied.

It is to be noted that the following description of the present disclosure and its embodiments mainly refers to specifications being used as non-limiting examples for certain exemplary network configurations and deployments. Namely, the present disclosure and its embodiments are mainly described in relation to 3GPP specifications being used as non-limiting examples for certain exemplary network configurations and deployments. As such, the description of example embodiments given herein specifically refers to terminology which is directly related thereto. Such terminology is only used in the context of the presented non-limiting examples, and does naturally not limit the disclosure in any way. Rather, any other communication or communication related system deployment, etc. may also be utilized as long as compliant with the features described herein.

Hereinafter, various embodiments and implementations of the present disclosure and its aspects or embodiments are described using several variants and/or alternatives. It is generally noted that, according to certain needs and constraints, all of the described variants and/or alternatives may be provided alone or in any conceivable combination (also including combinations of individual features of the various variants and/or alternatives).

According to example embodiments, in general terms, there are provided measures and mechanisms for (enabling/realizing) service based communication between access networks and core networks.

In general, according to example embodiments, one single AN service (i.e. API) and CN service is defined to support the transfer of next generation application protocol (NGAP) packet data units (PDU) encapsulated in HTTP (multipart) messages.

Figure 1 is a block diagram illustrating an apparatus according to example embodiments. The apparatus may be a first network entity 10 such as a ("transmitting"/"initiating") AN or ("transmitting"/"initiating") CN (or element thereof) comprising a noticing circuitry 11, an encapsulating circuitry 12, and a transmitting circuitry 13. The noticing circuitry 11 notices that a first abstract syntax notation 1 encoded next generation application protocol packet data unit is to be sent to a second network entity. The encapsulating circuitry 12 encapsulates said first abstract syntax notation 1 encoded next generation application protocol packet data unit into a first hypertext transfer protocol message. The transmitting circuitry 13 transmits said first hypertext transfer protocol message towards said second network entity. Here, said first network entity 10 is an access network entity, and said second network entity is a core network entity. Alternatively, said first network entity 10 is a core network entity, and said second network entity is an access network entity. Figure 9 is a schematic diagram of a procedure according to example embodiments. The apparatus according to Figure 1 may perform the method of Figure 9 but is not limited to this method. The method of Figure 9 may be performed by the apparatus of Figure 1 but is not limited to being performed by this apparatus.

As shown in Figure 9, a procedure according to example embodiments comprises an operation of noticing (S91) that a first abstract syntax notation 1 encoded next generation application protocol packet data unit is to be sent to a second network entity, an operation of encapsulating (S92) said first abstract syntax notation 1 encoded next generation application protocol packet data unit into a first hypertext transfer protocol message, and an operation of transmitting (S93) said first hypertext transfer protocol message towards said second network entity, wherein said first network entity is an access network entity and said second network entity is a core network entity, or wherein said first network entity is a core network entity and said second network entity is an access network entity.

Figure 2 is a block diagram illustrating an apparatus according to example embodiments. In particular, Figure 2 illustrates a variation of the apparatus shown in Figure 1. The apparatus according to Figure 2 may thus further comprise receiving circuitry 21, extracting circuitry 22, selecting circuitry 23, and/or including circuitry 24.

In an embodiment at least some of the functionalities of the apparatus shown in Figure 1 (or 2) may be shared between two physically separate devices forming one operational entity. Therefore, the apparatus may be seen to depict the operational entity comprising one or more physically separate devices for executing at least some of the described processes.

According to a variation of the procedure shown in Figure 9, exemplary additional operations are given, which are inherently independent from each other as such. According to such variation, an exemplary method according to example embodiments may comprise an operation of receiving a second hypertext transfer protocol message in response to said first hypertext transfer protocol message, said second hypertext transfer protocol message having a second abstract syntax notation 1 encoded next generation application protocol packet data unit encapsulated, and an operation of extracting said second abstract syntax notation 1 encoded next generation application protocol packet data unit from said second hypertext transfer protocol message.

According to further example embodiments, said first hypertext transfer protocol message is a first hypertext transfer protocol secure message. Alternatively, or in addition, said second hypertext transfer protocol message is a second hypertext transfer protocol secure message.

According to further example embodiments, said first hypertext transfer protocol message is a hypertext transfer protocol multipart message including a JavaScript object notation binary body part having said first abstract syntax notation 1 encoded next generation application protocol packet data unit encapsulated. Alternatively, or in addition, said second hypertext transfer protocol message is a hypertext transfer protocol multipart message including a JavaScript object notation binary body part having said second abstract syntax notation 1 encoded next generation application protocol packet data unit encapsulated.

According to further example embodiments, said first hypertext transfer protocol message is a hypertext transfer protocol POST message. Alternatively, or in addition, said second hypertext transfer protocol message is a hypertext transfer protocol 200 OK message.

According to a variation of the procedure shown in Figure 9, exemplary additional operations are given, which are inherently independent from each other as such. According to such variation, an exemplary method according to example embodiments may comprise an operation of transmitting, to a network repository function entity, a discovery message enquiring available service endpoints for a specific service allowing encapsulation and/or extraction of abstract syntax notation 1 encoded next generation application protocol packet data units into/from hypertext transfer protocol messages, wherein said discovery message includes at least information on said specific service and an identifier of a set of service endpoints, and an operation of receiving, from said network repository function entity, a discovery response message including information on at least one available service endpoint for said specific service.

According to a variation of the procedure shown in Figure 9, exemplary additional operations are given, which are inherently independent from each other as such. According to such variation, an exemplary method according to example embodiments may comprise an operation of selecting, from said at least one available service endpoint for said specific service, a selected service endpoint for said specific service, and an operation of transmitting, to said selected service endpoint for said specific service, a communication request requesting communication utilizing said specific service.

According to a variation of the procedure shown in Figure 9, exemplary additional operations are given, which are inherently independent from each other as such. According to such variation, an exemplary method according to example embodiments may comprise an operation of transmitting, to an authorization server, a request for an access authorization token with respect to said selected service endpoint, an operation of receiving said access authorization token with respect to said selected service endpoint, and an operation of including said access authorization token with respect to said selected service endpoint into said communication request.

According to further example embodiments, said communication request or response comprises binding information to indicate suitable service endpoints for selection, reselection or routing of requests, from said at least one available service endpoint for said specific service.

According to further example embodiments, said selected service endpoint for said specific service pertains to said second network entity.

According to a variation of the procedure shown in Figure 9, exemplary additional operations are given, which are inherently independent from each other as such. According to such variation, an exemplary method according to example embodiments may comprise an operation of transmitting, to said network repository function entity, a status subscription message indicating subscription to service related changes with respect to said set of service endpoints, wherein said status subscription message includes at least information on said specific service and said identifier of said set of service endpoints, and an operation of receiving a notification on a composition change of said set of service endpoints and/or a service related change with respect to a changed service endpoint of said set of service endpoints in response to a respective change.

According to further example embodiments, transmissions between said first network entity and said second network entity are routed through a service communication proxy entity.

According to further example embodiments, said first network entity is a member of an access network entity set including access network entities each being enabled to control same radio cells and to handle same terminal contexts. Alternatively, said second network entity is said member of said access network entity set including access network entities each being enabled to control same radio cells and to handle same terminal contexts.

Figure 3 is a block diagram illustrating an apparatus according to example embodiments. The apparatus may be a first network entity 30 such as a ("receiving"/"terminating") AN or ("receiving"/"terminating") CN (or element thereof) comprising a receiving circuitry 21, and an extracting circuitry 22. The receiving circuitry 31 receives, from a second network entity, a first hypertext transfer protocol message having a first abstract syntax notation 1 encoded next generation application protocol packet data unit encapsulated. The extracting circuitry 32 extracts said first abstract syntax notation 1 encoded next generation application protocol packet data unit from said first hypertext transfer protocol message. Here, said first network entity 30 is an access network entity, and said second network entity is a core network entity. Alternatively, said first network entity 30 is a core network entity, and said second network entity is an access network entity. Figure 10 is a schematic diagram of a procedure according to example embodiments. The apparatus according to Figure 3 may perform the method of Figure 10 but is not limited to this method. The method of Figure 10 may be performed by the apparatus of Figure 3 but is not limited to being performed by this apparatus.

As shown in Figure 10, a procedure according to example embodiments comprises an operation of receiving (S101), from a second network entity, a first hypertext transfer protocol message having a first abstract syntax notation 1 encoded next generation application protocol packet data unit encapsulated, and an operation of extracting (S102) said first abstract syntax notation 1 encoded next generation application protocol packet data unit from said first hypertext transfer protocol message, wherein said first network entity is an access network entity and said second network entity is a core network entity, or wherein said first network entity is a core network entity and said second network entity is an access network entity.

Figure 4 is a block diagram illustrating an apparatus according to example embodiments. In particular, Figure 4 illustrates a variation of the apparatus shown in Figure 3. The apparatus according to Figure 4 may thus further comprise encapsulating circuitry 41, transmitting circuitry 42, and/or registering circuitry 43. In an embodiment at least some of the functionalities of the apparatus shown in Figure 3 (or 4) may be shared between two physically separate devices forming one operational entity. Therefore, the apparatus may be seen to depict the operational entity comprising one or more physically separate devices for executing at least some of the described processes.

According to a variation of the procedure shown in Figure 10, exemplary additional operations are given, which are inherently independent from each other as such. According to such variation, an exemplary method according to example embodiments may comprise an operation of encapsulating, in response to said first hypertext transfer protocol message, a second abstract syntax notation 1 encoded next generation application protocol packet data unit into a second hypertext transfer protocol message, and an operation of transmitting said second hypertext transfer protocol message towards said second network entity.

According to a variation of the procedure shown in Figure 10, exemplary additional operations are given, which are inherently independent from each other as such. According to such variation, an exemplary method according to example embodiments may comprise an operation of registering, at a network repository function entity, itself as providing a service allowing encapsulation and/or extraction of abstract syntax notation 1 encoded next generation application protocol packet data units into/from hypertext transfer protocol messages.

According to a variation of the procedure shown in Figure 10, exemplary additional operations are given, which are inherently independent from each other as such. According to such variation, an exemplary method according to example embodiments may comprise an operation of receiving, from said second network entity, a communication request requesting communication utilizing said service allowing encapsulation and/or extraction of abstract syntax notation 1 encoded next generation application protocol packet data units into/from hypertext transfer protocol messages.

According to further example embodiments, said communication request comprises an access authorization token with respect to said first network entity.

According to further example embodiments, said communication request or response comprises binding information to indicate suitable service endpoints for selection, reselection or routing of requests, from at least one available service endpoint for said service allowing encapsulation and/or extraction of abstract syntax notation 1 encoded next generation application protocol packet data units into/from hypertext transfer protocol messages. According to further example embodiments, transmissions between said first network entity and said second network entity are routed through a service communication proxy entity.

Figure 5 is a block diagram illustrating an apparatus according to example embodiments. The apparatus may be a network entity 50 such as a network repository function (NRF) (entity) comprising a receiving circuitry 51, an entering circuitry 52, and a transmitting circuitry 53. The receiving circuitry 51 receives, from a first network entity, a registration request registering said first network entity as providing a service allowing encapsulation and/or extraction of abstract syntax notation 1 encoded next generation application protocol packet data units into/from hypertext transfer protocol messages. The entering circuitry 52 enters, into a register, said first network entity as providing said service allowing encapsulation and/or extraction of abstract syntax notation 1 encoded next generation application protocol packet data units into/from hypertext transfer protocol messages. The receiving circuitry 51 receives, from a second network entity, a discovery message enquiring available service endpoints for a specific service allowing encapsulation and/or extraction of abstract syntax notation 1 encoded next generation application protocol packet data units into/from hypertext transfer protocol messages, wherein said discovery message includes at least information on said specific service and an identifier of a set of service endpoints. The transmitting circuitry 53 transmits, towards said second network entity, a discovery response message including information on at least one available service endpoint for said specific service, wherein said discovery response message includes information on said first network entity, if said service allowing encapsulation and/or extraction of abstract syntax notation 1 encoded next generation application protocol packet data units into/from hypertext transfer protocol messages is said specific service and said first network entity is included in said set of service endpoints. Here, said first network entity is an access network entity, and said second network entity is a core network entity. Alternatively, said first network entity is a core network entity, and said second network entity is an access network entity. Figure 11 is a schematic diagram of a procedure according to example embodiments. The apparatus according to Figure 5 may perform the method of Figure 11 but is not limited to this method. The method of Figure 11 may be performed by the apparatus of Figure 5 but is not limited to being performed by this apparatus.

As shown in Figure 11, a procedure according to example embodiments comprises an operation of receiving (Sill), from a first network entity, a registration request registering said first network entity as providing a service allowing encapsulation and/or extraction of abstract syntax notation 1 encoded next generation application protocol packet data units into/from hypertext transfer protocol messages, an operation of entering (S112), into a register, said first network entity as providing said service allowing encapsulation and/or extraction of abstract syntax notation 1 encoded next generation application protocol packet data units into/from hypertext transfer protocol messages, an operation of receiving (SI 13), from a second network entity, a discovery message enquiring available service endpoints for a specific service allowing encapsulation and/or extraction of abstract syntax notation 1 encoded next generation application protocol packet data units into/from hypertext transfer protocol messages, wherein said discovery message includes at least information on said specific service and an identifier of a set of service endpoints, and an operation of transmitting (SI 14), towards said second network entity, a discovery response message including information on at least one available service endpoint for said specific service, wherein said discovery response message includes information on said first network entity, if said service allowing encapsulation and/or extraction of abstract syntax notation 1 encoded next generation application protocol packet data units into/from hypertext transfer protocol messages is said specific service and said first network entity is included in said set of service endpoints, wherein said first network entity is an access network entity, and said second network entity is a core network entity, or wherein said first network entity is a core network entity, and said second network entity is an access network entity.

Figure 6 is a block diagram illustrating an apparatus according to example embodiments. In particular, Figure 6 illustrates a variation of the apparatus shown in Figure 5. The apparatus according to Figure 6 may thus further comprise detecting circuitry 61.

In an embodiment at least some of the functionalities of the apparatus shown in Figure 5 (or 6) may be shared between two physically separate devices forming one operational entity. Therefore, the apparatus may be seen to depict the operational entity comprising one or more physically separate devices for executing at least some of the described processes.

According to a variation of the procedure shown in Figure 11, exemplary additional operations are given, which are inherently independent from each other as such. According to such variation, an exemplary method according to example embodiments may comprise an operation of receiving, from a second network entity, a status subscription message indicating subscription to service related changes with respect to said set of service endpoints, wherein said status subscription message includes at least information on said specific service and said identifier of said set of service endpoints, an operation of detecting a composition change of said set of service endpoints and/or a service related change with respect to a changed service endpoint of said set of service endpoints, and an operation of transmitting a notification on said composition change of said set of service endpoints and/or said service related change with respect to a changed service endpoint of said set of service endpoints. Figure 7 is a block diagram illustrating an apparatus according to example embodiments. The apparatus may be a network entity 70 such as a network repository function (NRF) (entity) comprising a receiving circuitry 71, and a transmitting circuitry 72. The receiving circuitry 71 receives, from a first network entity, a request for an access authorization token with respect to a second network entity. The transmitting circuitry 72 transmits, towards said first network entity, said access authorization token with respect to said second network entity. Here, said first network entity is an access network entity, and said second network entity is a core network entity. Alternatively, said first network entity is a core network entity, and said second network entity is an access network entity. Figure 12 is a schematic diagram of a procedure according to example embodiments. The apparatus according to Figure 7 may perform the method of Figure 12 but is not limited to this method. The method of Figure 12 may be performed by the apparatus of Figure 7 but is not limited to being performed by this apparatus.

As shown in Figure 12, a procedure according to example embodiments comprises an operation of receiving (S121), from a first network entity, a request for an access authorization token with respect to a second network entity, and an operation of transmitting (S122), towards said first network entity, said access authorization token with respect to said second network entity, wherein said first network entity is an access network entity and said second network entity is a core network entity, or wherein said first network entity is a core network entity and said second network entity is an access network entity.

Figure 8 is a block diagram illustrating an apparatus according to example embodiments. In particular, Figure 8 illustrates a variation of the apparatus shown in Figure 7. The apparatus according to Figure 8 may thus further comprise deciding circuitry 81 and/or prohibiting circuitry 82. In an embodiment at least some of the functionalities of the apparatus shown in Figure 7 (or 8) may be shared between two physically separate devices forming one operational entity. Therefore, the apparatus may be seen to depict the operational entity comprising one or more physically separate devices for executing at least some of the described processes.

According to a variation of the procedure shown in Figure 12, exemplary additional operations are given, which are inherently independent from each other as such. According to such variation, an exemplary method according to example embodiments may comprise an operation of deciding whether said first network entity is an access network entity or a core network entity, an operation of deciding whether a service allowing encapsulation and/or extraction of abstract syntax notation 1 encoded next generation application protocol packet data units into/from hypertext transfer protocol messages which is provided by said second network entity and for which said access authorization token is requested is for access network service consumers or for core network service consumers, an operation of prohibiting said transmitting, if said first network entity is an access network entity and said service is for core network service consumers, and an operation of prohibiting said transmitting, if said first network entity is a core network entity and said service is for access network service consumers.

Example embodiments are now described in more detail.

According to example embodiments, HTTP or HTTPS connections are used between AN and CN. These HTTP or HTTPS connections replace the SCTP connections currently supported between AN and CN as discussed above.

According to further example embodiments, AN and CN both support a new API to enable the transfer of existing NGAP PDUs in HTTP requests/responses. The API may be limited to support a single service operation. The following table represents a possible definition of the services provided according to the new API according to example embodiments. The table particularly illustrates a possible service name and an association with possible consumers of the respective services.

Figures 14 and 15 show schematic diagrams of signaling sequences according to example embodiments.

In particular, Figures 14 and 15 illustrate an example of the service produced by the CN or AN according to example embodiments.

Figure 14 particularly illustrates an N2 communication service produced by the CN.

In step 1 of Figure 14, a message is transmitted from AN to CN using an HTTP POST method. In the message, an N2 PDU is encapsulated.

In step 2 of Figure 14, a response is returned from CN to AN. In the response, an N2 PDU may be encapsulated (step 2b of Figure 14).

Figure 15 particularly illustrates an N2 communication service produced by the AN. In step 1 of Figure 15, a message is transmitted from CN to AN using an HTTP POST method. In the message, an N2 PDU is encapsulated.

In step 2 of Figure 15, a response is returned from AN to CN. In the response, an N2 PDU may be encapsulated (step 2b of Figure 15).

According to example embodiments, HTTP requests/ responses are designed as HTTP multipart messages, with a JavaScript object notation (JSON) body part (with minimal content, e.g. containing AMF UE NGAP ID and RAN UE NGAP ID) and with a JSON binary body part encapsulating the ASN.l encoded NGAP PDU.

An example of an HTTP multipart message encapsulating an NGAP PDU according to example embodiments is illustrated below.

POST /gnbl2. operator.com/nan-com/vl/send-n2-msg HTTP/2

Content-Type: multipart/related; type="application/json"; boundary= — Boundary

Content- Length: xyz

- Boundary

Content-Type: application/json

{

"AMF UE NGAP ID": 235,

"RAN UE NGAP ID": 567098,

"n2Msg": {

"contentld": "n2msg"

}

- Boundary

Content-Type: application/vnd.3gpp.ngap

Content-Id: n2msg { ... NGAP Message binary data ...}

- Boundary

According to example embodiments, HTTPS provides security (SeGWs do no longer need to be deployed when using HTTPS).

According to example embodiments, the AN is part of an AN set. All nodes within the AN set can control the same radio cells and can handle the same user equipment (UE) context (terminal context). This allows higher reliability as other instances can take over when one AN instance fails, and also allows dynamic addition and removal of AN instances depending on load, e.g. for power saving purposes. According to example embodiments, the ON can address any AN instance within the set with the Nan_Communication request.

According to example embodiments, AN and ON may register the service they provide in a network repository function (NRF), in which case the AN and ON can discover the available service endpoints via the NRF. This allows AN and CN instances or service instances to be deployed, scaled-in or out, and be discovered by peer NFs.

This removes the need for the CN to maintain a duplicate domain name system (DNS) with the information about the available CN instances (e.g. AMF instances in an AMF set). Instead, the AN can discover the CN (e.g. AMF) instance and service instances dynamically, and/or can subscribe to the NRF to be notified e.g. when there is a change in the set of available CN (e.g. AMF) instances in a CN network function (NF) (e.g. AMF) set.

Figures 16 and 17 show schematic diagrams of signaling sequences according to example embodiments. In particular, Figures 16 and 17 illustrate registration, discovery and subscription processing according to example embodiments. In Figure 16, the CN takes the function of a service provider, while the AN takes the function of a service consumer.

In step 1 of Figure 16, the CN (e.g. AMF) instance registers its NF profile and Ncn_Communication service instances to the NRF.

In step 2a of Figure 16, the AN performs an NF discovery request to discover the CN (e.g. AMF) service instances supporting the Ncn_Communication service e.g. within a given NF set (e.g. AMF set).

In step 2b of Figure 16, the NRF returns one or multiple profiles of CN service instances matching the query.

In step 3 of Figure 16, the AN selects an NF service instance from the returned profiles and sends an Noncommunication request (Ncn_Communication request) to that instance.

In step 4 of Figure 16, the AN subscribes to NF status changes e.g. within an NF set (e.g. AMF set).

In step 5 of Figure 16, the NRF notifies the subscribed AN nodes about new or removed CN (e.g. AMF) service instances or about changes of the NF profile of an existing NF service instance (e.g. modified addressing information).

It is also possible that the AN registers its service to the NRF and the CN discovers the Nan_Communication service instances via the NRF, e.g. to send an N2 paging request to the AN. The related call flow is similar as that described with reference to Figure 16, with the roles of the AN and CN being exchanged. In Figure 17, the AN takes the function of a service provider, while the CN takes the function of a service consumer. In step 1 of Figure 17, the AN (e.g. gNB) instance registers its NF profile and Nan_Communication service instances to the NRF. If the AN is part of a set, it also indicates the set in the profile.

In step 2a of Figure 17, the CN performs a NF discovery request to discover AN service instances supporting the Nan_Communication service e.g. within a given AN set (e.g. AMF).

In step 2b of Figure 17, the NRF returns one or multiple profiles of AN service instances matching the query.

In step 3 of Figure 17, the CN selects a service instance from the returned profile(s) and sends a NanCommunication request (Nan_Communication request) to that instance.

In step 4 of Figure 17, the CN subscribes to NF status changes e.g. within an AN set.

In step 5 of Figure 17, the NRF notifies the subscribed CN node(s) about new or removed AN service instances or about changes of the NF profile of an existing AN service instance (e.g. modified addressing information).

According to further example embodiments, open authorization 2.0 (OAuth2) procedures are be supported to authorize AN or CN instances to access the service of a peer CN or AN instance. In this case, the AN or CN instance needs to request an access authorization token from the authorization server (e.g. NRF) and to include the returned access authorization token in the HTTP request issued to send an N2 message.

Figures 18 and 19 show schematic diagrams of signaling sequences according to example embodiments. In particular, Figures 18 and 19 illustrate requesting, receiving and utilizing an access token according to example embodiments. In Figure 18, the AN takes the function of a service provider, while the CN takes the function of a service consumer and thus requests an access token beforehand.

In detail, in step 1 of Figure 18, the CN requests an access token.

In step 2 of Figure 18, the authorization server (here an NRF) provides an access token response including an access authorization token with respect to the AN or the service provided by the AN to the CN.

In step 3 of Figure 18, the CN transmits a NanCommunication request (Nan_Communication request) including the access authorization token to the AN to make use of the service provided by the AN.

In Figure 19, the CN takes the function of a service provider, while the AN takes the function of a service consumer and thus requests an access token beforehand.

In detail, in step 1 of Figure 19, the AN requests an access token.

In step 2 of Figure 19, the authorization server (here an NRF) provides an access token response including an access authorization token with respect to the CN or the service provided by the CN to the AN.

In step 3 of Figure 19, the AN transmits a Noncommunication request (Ncn_Communication request) including the access authorization token to the CN to make use of the service provided by the CN.

According to example embodiments, if a common NRF for CN and AN is deployed, the NRF provides access tokens only allowing access to AMF services with AN service consumers (such as the AN communication service) to AN nodes and only allowing access to AMF services with CN service consumers to CN nodes to enable a security separation of core network and access network.

According to example embodiments, the communication between the AN and CN (as e.g. discussed above) may be direct or indirect though a service communication proxy (SCP).

Figures 20 and 21 show schematic diagrams of signaling sequences according to example embodiments.

In particular, Figure 20 illustrates an example call flow for a PDU session resource setup according to example embodiments. On the left side of Figure 20, the communication for the PDU session resource setup is direct (between AN and AMF (CN)), while on the right side of Figure 20, the communication for the PDU session resource setup is indirect (via an SCP in the path).

Further, Figure 21 illustrates an example call flow for a path switch request according to example embodiments. On the left side of Figure 21, the communication with respect to the path switch request is direct (between AN and AMF (CN)), while on the right side of Figure 21, the communication with respect to the path switch request is indirect (via an SCP in the path).

According to example embodiments, the Nan_Communication request and reply and Ncn_Communication request and reply contain binding information as specified in 3GPP TS 23.501 subclause 6.3.1.0 that informs about the possible reselection of instances with an AN or CN set.

According to example embodiments as described above, a short term solution is provided that has minimal impacts on the AN and the CN and could be deployed in near or mid term. The solution does not require drastic architectural changes to the AN and CN, nor application changes since it still relies on the existing N2 (NGAP) procedures and PDUs. Further, the solution according to example embodiments enables a unified protocol and network infrastructure to be used in the 5GS, i.e. 5GC and up to the AN.

Still further, the solution according to example embodiments allows to support indirect communication between AN and ON via an SOP.

Moreover, the solution according to example embodiments allows embedded security (HTTPS), such that SeGWs are no longer required.

Furthermore, the solution according to example embodiments represents a first step towards SBA and use of cloud-native and Web technologies (HTTP based APIs are cloud-friendly, easy to deploy and open, have a large user community for web services, a rich landscape of frameworks, tools and software).

Furthermore, according to example embodiments, by allowing the AN to discover the AMF using the NRF NF discovery service also used by other CN network functions, the need for operators to duplicate AMF instances information in a DNS like currently required for AMF discovery by AN functions is removed.

Still further, the solution according to example embodiments allows to rely on authorization procedures to authorize access to the communication service produced by the AN or CN, e.g. to only authorize specific CN instances to access resources of an AN.

Moreover, the solution according to example embodiments provides higher reliability of an AN via an AN set.

Finally, the solution according to example embodiments provides the possibility to scale in/out AN service instances dependent on NGAP traffic. The above-described procedures and functions may be implemented by respective functional elements, processors, or the like, as described below.

In the foregoing exemplary description of the network entity, only the units that are relevant for understanding the principles of the disclosure have been described using functional blocks. The network entity may comprise further units that are necessary for its respective operation. However, a description of these units is omitted in this specification. The arrangement of the functional blocks of the devices is not construed to limit the disclosure, and the functions may be performed by one block or further split into sub-blocks.

When in the foregoing description it is stated that the apparatus, i.e. network entity (or some other means) is configured to perform some function, this is to be construed to be equivalent to a description stating that a (i.e. at least one) processor or corresponding circuitry, potentially in cooperation with computer program code stored in the memory of the respective apparatus, is configured to cause the apparatus to perform at least the thus mentioned function. Also, such function is to be construed to be equivalently implementable by specifically configured circuitry or means for performing the respective function (i.e. the expression "unit configured to" is construed to be equivalent to an expression such as "means for").

In Figure 22, an alternative illustration of apparatuses according to example embodiments is depicted. As indicated in Figure 22, according to example embodiments, the apparatus (network entity) 10' (corresponding to the network entity 10) comprises a processor 221, a memory 222 and an interface 223, which are connected by a bus 224 or the like. Further, according to example embodiments, the apparatus (network entity) 30' (corresponding to the network entity 30) comprises a processor 221, a memory 222 and an interface 223, which are connected by a bus 224 or the like. Further, according to example embodiments, the apparatus (network entity) 50' (corresponding to the network repository function entity 50) comprises a processor 221, a memory 222 and an interface 223, which are connected by a bus 224 or the like. Further, according to example embodiments, the apparatus (network entity) 70' (corresponding to the network repository function entity 70) comprises a processor 221, a memory 222 and an interface 223, which are connected by a bus 224 or the like. Each of the apparatuses 10', 30', 50', 70' may be connected to another network entity or network entities 226 via link 225, which may include apparatuses 10', 30', 50', 70'.

The processor 221 and/or the interface 223 may also include a modem or the like to facilitate communication over a (hardwire or wireless) link, respectively. The interface 223 may include a suitable transceiver coupled to one or more antennas or communication means for (hardwire or wireless) communications with the linked or connected device(s), respectively. The interface 223 is generally configured to communicate with at least one other apparatus, i.e. the interface thereof.

The memory 222 may store respective programs assumed to include program instructions or computer program code that, when executed by the respective processor, enables the respective electronic device or apparatus to operate in accordance with the example embodiments.

In general terms, the respective devices/apparatuses (and/or parts thereof) may represent means for performing respective operations and/or exhibiting respective functionalities, and/or the respective devices (and/or parts thereof) may have functions for performing respective operations and/or exhibiting respective functionalities.

When in the subsequent description it is stated that the processor (or some other means) is configured to perform some function, this is to be construed to be equivalent to a description stating that at least one processor, potentially in cooperation with computer program code stored in the memory of the respective apparatus, is configured to cause the apparatus to perform at least the thus mentioned function. Also, such function is to be construed to be equivalently implementable by specifically configured means for performing the respective function (i.e. the expression "processor configured to [cause the apparatus to] perform xxx-ing" is construed to be equivalent to an expression such as "means for xxx-ing").

According to example embodiments, an apparatus representing the network entity 10 (first network entity) comprises at least one processor 221, at least one memory 222 including computer program code, and at least one interface 223 configured for communication with at least another apparatus. The processor (i.e. the at least one processor 221, with the at least one memory 222 and the computer program code) is configured to perform noticing that a first abstract syntax notation 1 encoded next generation application protocol packet data unit is to be sent to a second network entity (thus the apparatus comprising corresponding means for noticing), to perform encapsulating said first abstract syntax notation 1 encoded next generation application protocol packet data unit into a first hypertext transfer protocol message (thus the apparatus comprising corresponding means for encapsulating), and to perform transmitting said first hypertext transfer protocol message towards said second network entity (thus the apparatus comprising corresponding means for transmitting), wherein said first network entity is an access network entity and said second network entity is a core network entity, or wherein said first network entity is a core network entity and said second network entity is an access network entity.

According to further example embodiments, an apparatus representing the network entity 30 (first network entity) comprises at least one processor 221, at least one memory 222 including computer program code, and at least one interface 223 configured for communication with at least another apparatus. The processor (i.e. the at least one processor 221, with the at least one memory 222 and the computer program code) is configured to perform receiving, from a second network entity, a first hypertext transfer protocol message having a first abstract syntax notation 1 encoded next generation application protocol packet data unit encapsulated (thus the apparatus comprising corresponding means for receiving), and to perform extracting said first abstract syntax notation 1 encoded next generation application protocol packet data unit from said first hypertext transfer protocol message (thus the apparatus comprising corresponding means for extracting), wherein said first network entity is an access network entity and said second network entity is a core network entity, or wherein said first network entity is a core network entity and said second network entity is an access network entity.

According to example embodiments, an apparatus representing the network entity 50 (network repository function entity) comprises at least one processor 221, at least one memory 222 including computer program code, and at least one interface 223 configured for communication with at least another apparatus. The processor (i.e. the at least one processor 221, with the at least one memory 222 and the computer program code) is configured to perform receiving, from a first network entity, a registration request registering said first network entity as providing a service allowing encapsulation and/or extraction of abstract syntax notation 1 encoded next generation application protocol packet data units into/from hypertext transfer protocol messages (thus the apparatus comprising corresponding means for receiving), to perform entering, into a register, said first network entity as providing said service allowing encapsulation and/or extraction of abstract syntax notation 1 encoded next generation application protocol packet data units into/from hypertext transfer protocol messages (thus the apparatus comprising corresponding means for entering), to perform receiving, from a second network entity, a discovery message enquiring available service endpoints for a specific service allowing encapsulation and/or extraction of abstract syntax notation 1 encoded next generation application protocol packet data units into/from hypertext transfer protocol messages, wherein said discovery message includes at least information on said specific service and an identifier of a set of service endpoints, and to perform transmitting, towards said second network entity, a discovery response message including information on at least one available service endpoint for said specific service, wherein said discovery response message includes information on said first network entity, if said service allowing encapsulation and/or extraction of abstract syntax notation 1 encoded next generation application protocol packet data units into/from hypertext transfer protocol messages is said specific service and said first network entity is included in said set of service endpoints (thus the apparatus comprising corresponding means for transmitting), wherein said first network entity is an access network entity and said second network entity is a core network entity, or wherein said first network entity is a core network entity and said second network entity is an access network entity.

According to example embodiments, an apparatus representing the network entity 70 (network repository function entity) comprises at least one processor 221, at least one memory 222 including computer program code, and at least one interface 223 configured for communication with at least another apparatus. The processor (i.e. the at least one processor 221, with the at least one memory 222 and the computer program code) is configured to perform receiving, from a first network entity, a request for an access authorization token with respect to a second network entity (thus the apparatus comprising corresponding means for receiving), and to perform transmitting, towards said first network entity, said access authorization token with respect to said second network entity (thus the apparatus comprising corresponding means for transmitting), wherein said first network entity is an access network entity and said second network entity is a core network entity, or wherein said first network entity is a core network entity and said second network entity is an access network entity.

For further details regarding the operability/functionality of the individual apparatuses, reference is made to the above description in connection with any one of Figures 1 to 21, respectively.

For the purpose of the present disclosure as described herein above, it should be noted that - method steps likely to be implemented as software code portions and being run using a processor at a network server or network entity (as examples of devices, apparatuses and/or modules thereof, or as examples of entities including apparatuses and/or modules therefore), are software code independent and can be specified using any known or future developed programming language as long as the functionality defined by the method steps is preserved;

- generally, any method step is suitable to be implemented as software or by hardware without changing the idea of the embodiments and its modification in terms of the functionality implemented;

- method steps and/or devices, units or means likely to be implemented as hardware components at the above-defined apparatuses, or any module(s) thereof, (e.g., devices carrying out the functions of the apparatuses according to the embodiments as described above) are hardware independent and can be implemented using any known or future developed hardware technology or any hybrids of these, such as MOS (Metal Oxide Semiconductor), CMOS (Complementary MOS), BiMOS (Bipolar MOS), BiCMOS (Bipolar CMOS), ECL (Emitter Coupled Logic), TTL (Transistor-Transistor Logic), etc., using for example ASIC (Application Specific IC (Integrated Circuit)) components, FPGA (Field-programmable Gate Arrays) components, CPLD (Complex Programmable Logic Device) components or DSP (Digital Signal Processor) components;

- devices, units or means (e.g. the above-defined network entity or network register, or any one of their respective units/means) can be implemented as individual devices, units or means, but this does not exclude that they are implemented in a distributed fashion throughout the system, as long as the functionality of the device, unit or means is preserved;

- an apparatus like the user equipment and the network entity /network register may be represented by a semiconductor chip, a chipset, or a (hardware) module comprising such chip or chipset; this, however, does not exclude the possibility that a functionality of an apparatus or module, instead of being hardware implemented, be implemented as software in a (software) module such as a computer program or a computer program product comprising executable software code portions for execution/being run on a processor;

- a device may be regarded as an apparatus or as an assembly of more than one apparatus, whether functionally in cooperation with each other or functionally independently of each other but in a same device housing, for example.

In general, it is to be noted that respective functional blocks or elements according to above-described aspects can be implemented by any known means, either in hardware and/or software, respectively, if it is only adapted to perform the described functions of the respective parts. The mentioned method steps can be realized in individual functional blocks or by individual devices, or one or more of the method steps can be realized in a single functional block or by a single device.

Generally, any method step is suitable to be implemented as software or by hardware without changing the idea of the present disclosure. Devices and means can be implemented as individual devices, but this does not exclude that they are implemented in a distributed fashion throughout the system, as long as the functionality of the device is preserved. Such and similar principles are to be considered as known to a skilled person.

Software in the sense of the present description comprises software code as such comprising code means or portions or a computer program or a computer program product for performing the respective functions, as well as software (or a computer program or a computer program product) embodied on a tangible medium such as a computer-readable (storage) medium having stored thereon a respective data structure or code means/portions or embodied in a signal or in a chip, potentially during processing thereof.

The present disclosure also covers any conceivable combination of method steps and operations described above, and any conceivable combination of nodes, apparatuses, modules or elements described above, as long as the above-described concepts of methodology and structural arrangement are applicable.

In view of the above, there are provided measures for service based communication between access networks and core networks. Such measures exemplarily comprise, at a first network entity, noticing that a first abstract syntax notation 1 encoded next generation application protocol packet data unit is to be sent to a second network entity, encapsulating said first abstract syntax notation 1 encoded next generation application protocol packet data unit into a first hypertext transfer protocol message, and transmitting said first hypertext transfer protocol message towards said second network entity, wherein said first network entity is an access network entity and said second network entity is a core network entity, or wherein said first network entity is a core network entity and said second network entity is an access network entity.

Even though the disclosure is described above with reference to the examples according to the accompanying drawings, it is to be understood that the disclosure is not restricted thereto. Rather, it is apparent to those skilled in the art that the present disclosure can be modified in many ways without departing from the scope of the inventive idea as disclosed herein.

List of acronyms and abbreviations

3GPP Third Generation Partnership Project

5GC 5G core network

5GS 5G system

AMF access and mobility management function

AN access network

API application programming interface

ASN.l abstract syntax notation one, abstract syntax notation 1

CN core network DNS domain name system

HTTP hypertext transfer protocol

HTTPS hypertext transfer protocol security

JSON JavaScript object notation NF network function

NGAP next generation application protocol

NR.F network repository function

0Auth2 open authorization 2.0

PDU packet data units PLMN public land mobile network

SBI service-based interface

SBA service-based architecture

SCP service communication proxy

SCTP stream control transmission protocol SeGW security gateway

UE user equipment

Claims

44 Claims

1. A method of a first network entity, the method comprising noticing that a first abstract syntax notation 1 encoded next generation application protocol packet data unit is to be sent to a second network entity, encapsulating said first abstract syntax notation 1 encoded next generation application protocol packet data unit into a first hypertext transfer protocol message, and transmitting said first hypertext transfer protocol message towards said second network entity, wherein said first network entity is an access network entity, and said second network entity is a core network entity, or wherein said first network entity is a core network entity, and said second network entity is an access network entity.

2. The method according to claim 1, further comprising receiving a second hypertext transfer protocol message in response to said first hypertext transfer protocol message, said second hypertext transfer protocol message having a second abstract syntax notation 1 encoded next generation application protocol packet data unit encapsulated, and extracting said second abstract syntax notation 1 encoded next generation application protocol packet data unit from said second hypertext transfer protocol message.

3. The method according to claim 1 or 2, wherein said first hypertext transfer protocol message is a first hypertext transfer protocol secure message, and/or said second hypertext transfer protocol message is a second hypertext transfer protocol secure message.

4. The method according to any of claims 1 to 3, wherein 45 said first hypertext transfer protocol message is a hypertext transfer protocol multipart message including a JavaScript object notation binary body part having said first abstract syntax notation 1 encoded next generation application protocol packet data unit encapsulated, and/or said second hypertext transfer protocol message is a hypertext transfer protocol multipart message including a JavaScript object notation binary body part having said second abstract syntax notation 1 encoded next generation application protocol packet data unit encapsulated.

5. The method according to any of claims 1 to 4, wherein said first hypertext transfer protocol message is a hypertext transfer protocol POST message, and/or said second hypertext transfer protocol message is a hypertext transfer protocol 200 OK message.

6. The method according to any of claims 1 to 5, further comprising transmitting, to a network repository function entity, a discovery message enquiring available service endpoints for a specific service allowing encapsulation and/or extraction of abstract syntax notation 1 encoded next generation application protocol packet data units into/from hypertext transfer protocol messages, wherein said discovery message includes at least information on said specific service and an identifier of a set of service endpoints, and receiving, from said network repository function entity, a discovery response message including information on at least one available service endpoint for said specific service.

7. The method according to claim 6, further comprising selecting, from said at least one available service endpoint for said specific service, a selected service endpoint for said specific service, and transmitting, to said selected service endpoint for said specific service, a communication request requesting communication utilizing said specific service. 46

8. The method according to claim 7, further comprising transmitting, to an authorization server, a request for an access authorization token with respect to said selected service endpoint, receiving said access authorization token with respect to said selected service endpoint, and including said access authorization token with respect to said selected service endpoint into said communication request.

9. The method according to claim 7 or 8, wherein said communication request or response comprises binding information to indicate suitable service endpoints for selection, reselection or routing of requests, from said at least one available service endpoint for said specific service.

10. The method according to any of claims 7 to 9, wherein said selected service endpoint for said specific service pertains to said second network entity.

11. The method according to any of claims 6 to 10, further comprising transmitting, to said network repository function entity, a status subscription message indicating subscription to service related changes with respect to said set of service endpoints, wherein said status subscription message includes at least information on said specific service and said identifier of said set of service endpoints, and receiving a notification on a composition change of said set of service endpoints and/or a service related change with respect to a changed service endpoint of said set of service endpoints in response to a respective change.

12. The method according to any of claims 1 to 11, wherein transmissions between said first network entity and said second network entity are routed through a service communication proxy entity.

13. The method according to any of claims 1 to 12, wherein said first network entity is a member of an access network entity set including access network entities each being enabled to control same radio cells and to handle same terminal contexts, or wherein said second network entity is said member of said access network entity set including access network entities each being enabled to control same radio cells and to handle same terminal contexts.

14. A method of a first network entity, the method comprising receiving, from a second network entity, a first hypertext transfer protocol message having a first abstract syntax notation 1 encoded next generation application protocol packet data unit encapsulated, and extracting said first abstract syntax notation 1 encoded next generation application protocol packet data unit from said first hypertext transfer protocol message, wherein said first network entity is an access network entity, and said second network entity is a core network entity, or wherein said first network entity is a core network entity, and said second network entity is an access network entity.

15. The method according to claim 14, further comprising encapsulating, in response to said first hypertext transfer protocol message, a second abstract syntax notation 1 encoded next generation application protocol packet data unit into a second hypertext transfer protocol message, and transmitting said second hypertext transfer protocol message towards said second network entity.

16. The method according to claim 14 or 15, wherein said first hypertext transfer protocol message is a first hypertext transfer protocol secure message, and/or said second hypertext transfer protocol message is a second hypertext transfer protocol secure message.

17. The method according to any of claims 14 to 16, wherein said first hypertext transfer protocol message is a hypertext transfer protocol multipart message including a JavaScript object notation binary body part having said first abstract syntax notation 1 encoded next generation application protocol packet data unit encapsulated, and/or said second hypertext transfer protocol message is a hypertext transfer protocol multipart message including a JavaScript object notation binary body part having said second abstract syntax notation 1 encoded next generation application protocol packet data unit encapsulated.

18. The method according to any of claims 14 to 17, wherein said first hypertext transfer protocol message is a hypertext transfer protocol POST message, and/or said second hypertext transfer protocol message is a hypertext transfer protocol 200 OK message.

19. The method according to any of claims 14 to 18, further comprising registering, at a network repository function entity, itself as providing a service allowing encapsulation and/or extraction of abstract syntax notation 1 encoded next generation application protocol packet data units into/from hypertext transfer protocol messages.

20. The method according to claim 19, further comprising receiving, from said second network entity, a communication request requesting communication utilizing said service allowing encapsulation and/or extraction of abstract syntax notation 1 encoded next generation application protocol packet data units into/from hypertext transfer protocol messages.

21. The method according to claim 20, wherein said communication request comprises an access authorization token with respect to said first network entity. 49

22. The method according to claim 20 or 21, wherein said communication request or response comprises binding information to indicate suitable service endpoints for selection, reselection or routing of requests, from at least one available service endpoint for said service allowing encapsulation and/or extraction of abstract syntax notation 1 encoded next generation application protocol packet data units into/from hypertext transfer protocol messages.

23. The method according to any of claims 14 to 22, wherein transmissions between said first network entity and said second network entity are routed through a service communication proxy entity.

24. The method according to any of claims 14 to 23, wherein said first network entity is a member of an access network entity set including access network entities each being enabled to control same radio cells and to handle same terminal contexts, or wherein said second network entity is said member of said access network entity set including access network entities each being enabled to control same radio cells and to handle same terminal contexts.

25. A method of a network repository function entity, the method comprising receiving, from a first network entity, a registration request registering said first network entity as providing a service allowing encapsulation and/or extraction of abstract syntax notation 1 encoded next generation application protocol packet data units into/from hypertext transfer protocol messages, entering, into a register, said first network entity as providing said service allowing encapsulation and/or extraction of abstract syntax notation 1 encoded next generation application protocol packet data units into/from hypertext transfer protocol messages, receiving, from a second network entity, a discovery message enquiring available service endpoints for a specific service allowing encapsulation and/or extraction of abstract syntax notation 1 encoded next generation application protocol packet data units into/from hypertext transfer 50 protocol messages, wherein said discovery message includes at least information on said specific service and an identifier of a set of service endpoints, and transmitting, towards said second network entity, a discovery response message including information on at least one available service endpoint for said specific service, wherein said discovery response message includes information on said first network entity, if said service allowing encapsulation and/or extraction of abstract syntax notation 1 encoded next generation application protocol packet data units into/from hypertext transfer protocol messages is said specific service and said first network entity is included in said set of service endpoints, wherein said first network entity is an access network entity, and said second network entity is a core network entity, or wherein said first network entity is a core network entity, and said second network entity is an access network entity.

26. The method according to claim 25, further comprising receiving, from a second network entity, a status subscription message indicating subscription to service related changes with respect to said set of service endpoints, wherein said status subscription message includes at least information on said specific service and said identifier of said set of service endpoints, detecting a composition change of said set of service endpoints and/or a service related change with respect to a changed service endpoint of said set of service endpoints, and transmitting a notification on said composition change of said set of service endpoints and/or said service related change with respect to a changed service endpoint of said set of service endpoints.

27. A method of an authorization server, the method comprising receiving, from a first network entity, a request for an access authorization token with respect to a second network entity, and 51 transmitting, towards said first network entity, said access authorization token with respect to said second network entity, wherein said first network entity is an access network entity, and said second network entity is a core network entity, or wherein said first network entity is a core network entity, and said second network entity is an access network entity.

28. The method according claim 27, further comprising deciding whether said first network entity is an access network entity or a core network entity, deciding whether a service allowing encapsulation and/or extraction of abstract syntax notation 1 encoded next generation application protocol packet data units into/from hypertext transfer protocol messages which is provided by said second network entity and for which said access authorization token is requested is for access network service consumers or for core network service consumers, prohibiting said transmitting, if said first network entity is an access network entity and said service is for core network service consumers, and prohibiting said transmitting, if said first network entity is a core network entity and said service is for access network service consumers.

29. An apparatus of a first network entity, the apparatus comprising noticing circuitry configured to notice that a first abstract syntax notation 1 encoded next generation application protocol packet data unit is to be sent to a second network entity, encapsulating circuitry configured to encapsulate said first abstract syntax notation 1 encoded next generation application protocol packet data unit into a first hypertext transfer protocol message, and transmitting circuitry configured to transmit said first hypertext transfer protocol message towards said second network entity, wherein said first network entity is an access network entity, and said second network entity is a core network entity, or wherein 52 said first network entity is a core network entity, and said second network entity is an access network entity.

30. The apparatus according to claim 29, further comprising receiving circuitry configured to receive a second hypertext transfer protocol message in response to said first hypertext transfer protocol message, said second hypertext transfer protocol message having a second abstract syntax notation 1 encoded next generation application protocol packet data unit encapsulated, and extracting circuitry configured to extract said second abstract syntax notation 1 encoded next generation application protocol packet data unit from said second hypertext transfer protocol message.

31. The apparatus according to claim 29 or 30, wherein said first hypertext transfer protocol message is a first hypertext transfer protocol secure message, and/or said second hypertext transfer protocol message is a second hypertext transfer protocol secure message.

32. The apparatus according to any of claims 29 or 31, wherein said first hypertext transfer protocol message is a hypertext transfer protocol multipart message including a JavaScript object notation binary body part having said first abstract syntax notation 1 encoded next generation application protocol packet data unit encapsulated, and/or said second hypertext transfer protocol message is a hypertext transfer protocol multipart message including a JavaScript object notation binary body part having said second abstract syntax notation 1 encoded next generation application protocol packet data unit encapsulated.

33. The apparatus according to any of claims 29 to 32, wherein said first hypertext transfer protocol message is a hypertext transfer protocol POST message, and/or 53 said second hypertext transfer protocol message is a hypertext transfer protocol 200 OK message.

34. The apparatus according to any of claims 29 to 33, further comprising transmitting circuitry configured to transmit, to a network repository function entity, a discovery message enquiring available service endpoints for a specific service allowing encapsulation and/or extraction of abstract syntax notation 1 encoded next generation application protocol packet data units into/from hypertext transfer protocol messages, wherein said discovery message includes at least information on said specific service and an identifier of a set of service endpoints, and receiving circuitry configured to receive, from said network repository function entity, a discovery response message including information on at least one available service endpoint for said specific service.

35. The apparatus according to claim 34, further comprising selecting circuitry configured to select, from said at least one available service endpoint for said specific service, a selected service endpoint for said specific service, and transmitting circuitry configured to transmit, to said selected service endpoint for said specific service, a communication request requesting communication utilizing said specific service.

36. The apparatus according to claim 35, further comprising transmitting circuitry configured to transmit, to an authorization server, a request for an access authorization token with respect to said selected service endpoint, receiving circuitry configured to receive said access authorization token with respect to said selected service endpoint, and including circuitry configured to include said access authorization token with respect to said selected service endpoint into said communication request. 54

37. The apparatus according to claim 35 or 36, wherein said communication request or response comprises binding information to indicate suitable service endpoints for selection, reselection or routing of requests, from said at least one available service endpoint for said specific service.

38. The apparatus according to any of claims 35 to 37, wherein said selected service endpoint for said specific service pertains to said second network entity.

39. The apparatus according to any of claims 34 to 38, further comprising transmitting circuitry configured to transmit, to said network repository function entity, a status subscription message indicating subscription to service related changes with respect to said set of service endpoints, wherein said status subscription message includes at least information on said specific service and said identifier of said set of service endpoints, and receiving circuitry configured to receive a notification on a composition change of said set of service endpoints and/or a service related change with respect to a changed service endpoint of said set of service endpoints in response to a respective change.

40. The apparatus according to any of claims 29 to 39, wherein transmissions between said first network entity and said second network entity are routed through a service communication proxy entity.

41. The apparatus according to any of claims 29 to 40, wherein said first network entity is a member of an access network entity set including access network entities each being enabled to control same radio cells and to handle same terminal contexts, or wherein said second network entity is said member of said access network entity set including access network entities each being enabled to control same radio cells and to handle same terminal contexts. 55

42. An apparatus of a first network entity, the apparatus comprising receiving circuitry configured to receive, from a second network entity, a first hypertext transfer protocol message having a first abstract syntax notation 1 encoded next generation application protocol packet data unit encapsulated, and extracting circuitry configured to extract said first abstract syntax notation 1 encoded next generation application protocol packet data unit from said first hypertext transfer protocol message, wherein said first network entity is an access network entity, and said second network entity is a core network entity, or wherein said first network entity is a core network entity, and said second network entity is an access network entity.

43. The apparatus according to claim 42, further comprising encapsulating circuitry configured to encapsulate, in response to said first hypertext transfer protocol message, a second abstract syntax notation 1 encoded next generation application protocol packet data unit into a second hypertext transfer protocol message, and transmitting circuitry configured to transmit said second hypertext transfer protocol message towards said second network entity.

44. The apparatus according to claim 42 or 43, wherein said first hypertext transfer protocol message is a first hypertext transfer protocol secure message, and/or said second hypertext transfer protocol message is a second hypertext transfer protocol secure message.

45. The apparatus according to any of claims 42 to 44, wherein said first hypertext transfer protocol message is a hypertext transfer protocol multipart message including a JavaScript object notation binary body part having said first abstract syntax notation 1 encoded next generation application protocol packet data unit encapsulated, and/or 56 said second hypertext transfer protocol message is a hypertext transfer protocol multipart message including a JavaScript object notation binary body part having said second abstract syntax notation 1 encoded next generation application protocol packet data unit encapsulated.

46. The apparatus according to any of claims 42 to 45, wherein said first hypertext transfer protocol message is a hypertext transfer protocol POST message, and/or said second hypertext transfer protocol message is a hypertext transfer protocol 200 OK message.

47. The apparatus according to any of claims 42 to 46, further comprising registering circuitry configured to register, at a network repository function entity, itself as providing a service allowing encapsulation and/or extraction of abstract syntax notation 1 encoded next generation application protocol packet data units into/from hypertext transfer protocol messages.

48. The apparatus according to claim 47, further comprising receiving circuitry configured to receive, from said second network entity, a communication request requesting communication utilizing said service allowing encapsulation and/or extraction of abstract syntax notation 1 encoded next generation application protocol packet data units into/from hypertext transfer protocol messages.

49. The apparatus according to claim 48, wherein said communication request comprises an access authorization token with respect to said first network entity.

50. The apparatus according to claim 48 or 49, wherein said communication request or response comprises binding information to indicate suitable service endpoints for selection, reselection or routing of requests, from at least one available service endpoint for said service allowing encapsulation and/or extraction of abstract syntax notation 1 encoded next 57 generation application protocol packet data units into/from hypertext transfer protocol messages.

51. The apparatus according to any of claims 42 to 50, wherein transmissions between said first network entity and said second network entity are routed through a service communication proxy entity.

52. The apparatus according to any of claims 42 to 51, wherein said first network entity is a member of an access network entity set including access network entities each being enabled to control same radio cells and to handle same terminal contexts, or wherein said second network entity is said member of said access network entity set including access network entities each being enabled to control same radio cells and to handle same terminal contexts.

53. An apparatus of a network repository function entity, the apparatus comprising receiving circuitry configured to receive, from a first network entity, a registration request registering said first network entity as providing a service allowing encapsulation and/or extraction of abstract syntax notation 1 encoded next generation application protocol packet data units into/from hypertext transfer protocol messages, entering circuitry configured to enter, into a register, said first network entity as providing said service allowing encapsulation and/or extraction of abstract syntax notation 1 encoded next generation application protocol packet data units into/from hypertext transfer protocol messages, receiving circuitry configured to receive, from a second network entity, a discovery message enquiring available service endpoints for a specific service allowing encapsulation and/or extraction of abstract syntax notation 1 encoded next generation application protocol packet data units into/from hypertext transfer protocol messages, wherein said discovery message includes at least information on said specific service and an identifier of a set of service endpoints, and 58 transmitting circuitry configured to transmit, towards said second network entity, a discovery response message including information on at least one available service endpoint for said specific service, wherein said discovery response message includes information on said first network entity, if said service allowing encapsulation and/or extraction of abstract syntax notation 1 encoded next generation application protocol packet data units into/from hypertext transfer protocol messages is said specific service and said first network entity is included in said set of service endpoints, wherein said first network entity is an access network entity, and said second network entity is a core network entity, or wherein said first network entity is a core network entity, and said second network entity is an access network entity.

54. The apparatus according to claim 53, further comprising receiving circuitry configured to receive, from a second network entity, a status subscription message indicating subscription to service related changes with respect to said set of service endpoints, wherein said status subscription message includes at least information on said specific service and said identifier of said set of service endpoints, detecting circuitry configured to detect a composition change of said set of service endpoints and/or a service related change with respect to a changed service endpoint of said set of service endpoints, and transmitting circuitry configured to transmit a notification on said composition change of said set of service endpoints and/or said service related change with respect to a changed service endpoint of said set of service endpoints.

55. An apparatus of an authorization server, the apparatus comprising receiving circuitry configured to receive, from a first network entity, a request for an access authorization token with respect to a second network entity, and 59 transmitting circuitry configured to transmit, towards said first network entity, said access authorization token with respect to said second network entity, wherein said first network entity is an access network entity, and said second network entity is a core network entity, or wherein said first network entity is a core network entity, and said second network entity is an access network entity.

56. The apparatus according claim 55, further comprising deciding circuitry configured to decide whether said first network entity is an access network entity or a core network entity, and to decide whether a service allowing encapsulation and/or extraction of abstract syntax notation 1 encoded next generation application protocol packet data units into/from hypertext transfer protocol messages which is provided by said second network entity and for which said access authorization token is requested is for access network service consumers or for core network service consumers, prohibiting circuitry configured to prohibit said transmitting, if said first network entity is an access network entity and said service is for core network service consumers, and to prohibit said transmitting, if said first network entity is a core network entity and said service is for access network service consumers.

57. An apparatus of a first network entity, the apparatus comprising at least one processor, at least one memory including computer program code, and at least one interface configured for communication with at least another apparatus, the at least one processor, with the at least one memory and the computer program code, being configured to cause the apparatus to perform : 60 noticing that a first abstract syntax notation 1 encoded next generation application protocol packet data unit is to be sent to a second network entity, encapsulating said first abstract syntax notation 1 encoded next generation application protocol packet data unit into a first hypertext transfer protocol message, and transmitting said first hypertext transfer protocol message towards said second network entity, wherein said first network entity is an access network entity, and said second network entity is a core network entity, or said first network entity is a core network entity, and said second network entity is an access network entity.

58. The apparatus according to claim 57, wherein the at least one processor, with the at least one memory and the computer program code, being configured to cause the apparatus to perform : receiving a second hypertext transfer protocol message in response to said first hypertext transfer protocol message, said second hypertext transfer protocol message having a second abstract syntax notation 1 encoded next generation application protocol packet data unit encapsulated, and extracting said second abstract syntax notation 1 encoded next generation application protocol packet data unit from said second hypertext transfer protocol message.

59. The apparatus according to claim 57 or 58, wherein said first hypertext transfer protocol message is a first hypertext transfer protocol secure message, and/or said second hypertext transfer protocol message is a second hypertext transfer protocol secure message.

60. The apparatus according to any of claims 57 to 59, wherein said first hypertext transfer protocol message is a hypertext transfer protocol multipart message including a JavaScript object notation binary body 61 part having said first abstract syntax notation 1 encoded next generation application protocol packet data unit encapsulated, and/or said second hypertext transfer protocol message is a hypertext transfer protocol multipart message including a JavaScript object notation binary body part having said second abstract syntax notation 1 encoded next generation application protocol packet data unit encapsulated.

61. The apparatus according to any of claims 57 to 60, wherein said first hypertext transfer protocol message is a hypertext transfer protocol POST message, and/or said second hypertext transfer protocol message is a hypertext transfer protocol 200 OK message.

62. The apparatus according to any of claims 57 to 61, wherein the at least one processor, with the at least one memory and the computer program code, being configured to cause the apparatus to perform : transmitting, to a network repository function entity, a discovery message enquiring available service endpoints for a specific service allowing encapsulation and/or extraction of abstract syntax notation 1 encoded next generation application protocol packet data units into/from hypertext transfer protocol messages, wherein said discovery message includes at least information on said specific service and an identifier of a set of service endpoints, and receiving, from said network repository function entity, a discovery response message including information on at least one available service endpoint for said specific service.

63. The apparatus according to claim 62, wherein the at least one processor, with the at least one memory and the computer program code, being configured to cause the apparatus to perform : selecting, from said at least one available service endpoint for said specific service, a selected service endpoint for said specific service, and 62 transmitting, to said selected service endpoint for said specific service, a communication request requesting communication utilizing said specific service.

64. The apparatus according to claim 63, wherein the at least one processor, with the at least one memory and the computer program code, being configured to cause the apparatus to perform : transmitting, to an authorization server, a request for an access authorization token with respect to said selected service endpoint, receiving said access authorization token with respect to said selected service endpoint, and including said access authorization token with respect to said selected service endpoint into said communication request.

65. The apparatus according to claim 63 or 64, wherein said communication request or response comprises binding information to indicate suitable service endpoints for selection, reselection or routing of requests, from said at least one available service endpoint for said specific service.

66. The apparatus according to any of claims 63 to 65, wherein said selected service endpoint for said specific service pertains to said second network entity.

67. The apparatus according to any of claims 62 to 66, wherein the at least one processor, with the at least one memory and the computer program code, being configured to cause the apparatus to perform : transmitting, to said network repository function entity, a status subscription message indicating subscription to service related changes with respect to said set of service endpoints, wherein said status subscription message includes at least information on said specific service and said identifier of said set of service endpoints, and 63 receiving a notification on a composition change of said set of service endpoints and/or a service related change with respect to a changed service endpoint of said set of service endpoints in response to a respective change.

68. The apparatus according to any of claims 57 to 67, wherein transmissions between said first network entity and said second network entity are routed through a service communication proxy entity.

69. The apparatus according to any of claims 57 to 68, wherein said first network entity is a member of an access network entity set including access network entities each being enabled to control same radio cells and to handle same terminal contexts, or wherein said second network entity is said member of said access network entity set including access network entities each being enabled to control same radio cells and to handle same terminal contexts.

70. An apparatus of a first network entity, the apparatus comprising at least one processor, at least one memory including computer program code, and at least one interface configured for communication with at least another apparatus, the at least one processor, with the at least one memory and the computer program code, being configured to cause the apparatus to perform : receiving, from a second network entity, a first hypertext transfer protocol message having a first abstract syntax notation 1 encoded next generation application protocol packet data unit encapsulated, and extracting said first abstract syntax notation 1 encoded next generation application protocol packet data unit from said first hypertext transfer protocol message, wherein said first network entity is an access network entity, and said second network entity is a core network entity, or wherein said first network entity is a core network entity, and said second network entity is an access network entity. 64

71. The apparatus according to claim 70, wherein the at least one processor, with the at least one memory and the computer program code, being configured to cause the apparatus to perform : encapsulating, in response to said first hypertext transfer protocol message, a second abstract syntax notation 1 encoded next generation application protocol packet data unit into a second hypertext transfer protocol message, and transmitting said second hypertext transfer protocol message towards said second network entity.

72. The apparatus according to claim 70 or 71, wherein said first hypertext transfer protocol message is a first hypertext transfer protocol secure message, and/or said second hypertext transfer protocol message is a second hypertext transfer protocol secure message.

73. The apparatus according to any of claims 70 to 72, wherein said first hypertext transfer protocol message is a hypertext transfer protocol multipart message including a JavaScript object notation binary body part having said first abstract syntax notation 1 encoded next generation application protocol packet data unit encapsulated, and/or said second hypertext transfer protocol message is a hypertext transfer protocol multipart message including a JavaScript object notation binary body part having said second abstract syntax notation 1 encoded next generation application protocol packet data unit encapsulated.

74. The apparatus according to any of claims 70 to 73, wherein said first hypertext transfer protocol message is a hypertext transfer protocol POST message, and/or said second hypertext transfer protocol message is a hypertext transfer protocol 200 OK message. 65

75. The apparatus according to any of claims 70 to 74, wherein the at least one processor, with the at least one memory and the computer program code, being configured to cause the apparatus to perform : registering, at a network repository function entity, itself as providing a service allowing encapsulation and/or extraction of abstract syntax notation 1 encoded next generation application protocol packet data units into/from hypertext transfer protocol messages.

76. The apparatus according to claim 75, wherein the at least one processor, with the at least one memory and the computer program code, being configured to cause the apparatus to perform : receiving, from said second network entity, a communication request requesting communication utilizing said service allowing encapsulation and/or extraction of abstract syntax notation 1 encoded next generation application protocol packet data units into/from hypertext transfer protocol messages.

77. The apparatus according to claim 76, wherein said communication request comprises an access authorization token with respect to said first network entity.

78. The apparatus according to claim 76 or 77, wherein said communication request or response comprises binding information to indicate suitable service endpoints for selection, reselection or routing of requests, from at least one available service endpoint for said service allowing encapsulation and/or extraction of abstract syntax notation 1 encoded next generation application protocol packet data units into/from hypertext transfer protocol messages.

79. The method according to any of claims 70 to 78, wherein transmissions between said first network entity and said second network entity are routed through a service communication proxy entity.

80. The apparatus according to any of claims 70 to 79, wherein 66 said first network entity is a member of an access network entity set including access network entities each being enabled to control same radio cells and to handle same terminal contexts, or wherein said second network entity is said member of said access network entity set including access network entities each being enabled to control same radio cells and to handle same terminal contexts.

81. An apparatus of a network repository function entity, the apparatus comprising at least one processor, at least one memory including computer program code, and at least one interface configured for communication with at least another apparatus, the at least one processor, with the at least one memory and the computer program code, being configured to cause the apparatus to perform : receiving, from a first network entity, a registration request registering said first network entity as providing a service allowing encapsulation and/or extraction of abstract syntax notation 1 encoded next generation application protocol packet data units into/from hypertext transfer protocol messages, entering, into a register, said first network entity as providing said service allowing encapsulation and/or extraction of abstract syntax notation 1 encoded next generation application protocol packet data units into/from hypertext transfer protocol messages, receiving, from a second network entity, a discovery message enquiring available service endpoints for a specific service allowing encapsulation and/or extraction of abstract syntax notation 1 encoded next generation application protocol packet data units into/from hypertext transfer protocol messages, wherein said discovery message includes at least information on said specific service and an identifier of a set of service endpoints, and transmitting, towards said second network entity, a discovery response message including information on at least one available service endpoint for said specific service, wherein said discovery response message includes 67 information on said first network entity, if said service allowing encapsulation and/or extraction of abstract syntax notation 1 encoded next generation application protocol packet data units into/from hypertext transfer protocol messages is said specific service and said first network entity is included in said set of service endpoints, wherein said first network entity is an access network entity, and said second network entity is a core network entity, or wherein said first network entity is a core network entity, and said second network entity is an access network entity.

82. The apparatus according to claim 81, wherein the at least one processor, with the at least one memory and the computer program code, being configured to cause the apparatus to perform : receiving, from a second network entity, a status subscription message indicating subscription to service related changes with respect to said set of service endpoints, wherein said status subscription message includes at least information on said specific service and said identifier of said set of service endpoints, detecting a composition change of said set of service endpoints and/or a service related change with respect to a changed service endpoint of said set of service endpoints, and transmitting a notification on said composition change of said set of service endpoints and/or said service related change with respect to a changed service endpoint of said set of service endpoints.

83. An apparatus of an authorization server, the apparatus comprising at least one processor, at least one memory including computer program code, and at least one interface configured for communication with at least another apparatus, the at least one processor, with the at least one memory and the computer program code, being configured to cause the apparatus to perform : 68 receiving, from a first network entity, a request for an access authorization token with respect to a second network entity, and transmitting, towards said first network entity, said access authorization token with respect to said second network entity, wherein said first network entity is an access network entity, and said second network entity is a core network entity, or wherein said first network entity is a core network entity, and said second network entity is an access network entity.

84. The apparatus according claim 83, wherein the at least one processor, with the at least one memory and the computer program code, being configured to cause the apparatus to perform : deciding whether said first network entity is an access network entity or a core network entity, deciding whether a service allowing encapsulation and/or extraction of abstract syntax notation 1 encoded next generation application protocol packet data units into/from hypertext transfer protocol messages which is provided by said second network entity and for which said access authorization token is requested is for access network service consumers or for core network service consumers, prohibiting said transmitting, if said first network entity is an access network entity and said service is for core network service consumers, and prohibiting said transmitting, if said first network entity is a core network entity and said service is for access network service consumers.

85. A computer program product comprising computer-executable computer program code which, when the program is run on a computer, is configured to cause the computer to carry out the method according to any one of claims 1 to 13, 14 to 24, 25 to 26, or 27 to 28.

86. The computer program product according to claim 85, wherein the computer program product comprises a computer-readable medium on which the computer-executable computer program code is stored, and/or wherein 69 the program is directly loadable into an internal memory of the computer or a processor thereof.