WO2022031505A1 - Procédures de sécurité en périphérie pour l'intégration d'un serveur de développement en périphérie - Google Patents

Procédures de sécurité en périphérie pour l'intégration d'un serveur de développement en périphérie Download PDF

Info

Publication number
WO2022031505A1
WO2022031505A1 PCT/US2021/043627 US2021043627W WO2022031505A1 WO 2022031505 A1 WO2022031505 A1 WO 2022031505A1 US 2021043627 W US2021043627 W US 2021043627W WO 2022031505 A1 WO2022031505 A1 WO 2022031505A1
Authority
WO
WIPO (PCT)
Prior art keywords
edge
server
enabler
client
edge enabler
Prior art date
Application number
PCT/US2021/043627
Other languages
English (en)
Inventor
Abhijeet Ashok KOLEKAR
Original Assignee
Intel Corporation
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Intel Corporation filed Critical Intel Corporation
Priority to CN202180048169.2A priority Critical patent/CN115777193A/zh
Publication of WO2022031505A1 publication Critical patent/WO2022031505A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/166Implementing security features at a particular protocol layer at the transport layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless

Definitions

  • Embodiments pertain to fifth generation (5G) wireless communications.
  • some embodiments relate to edge computing in 5G networks.
  • FIG. 1 A illustrates an architecture of a network, in accordance with some aspects.
  • FIG. IB illustrates a non-roaming 5G system architecture in accordance with some aspects.
  • FIG. 1C illustrates a non-roaming 5G system architecture in accordance with some aspects.
  • FIG. 2 illustrates a block diagram of a communication device in accordance with some embodiments.
  • FIG. 3 illustrates an architecture for enabling edge applications in accordance with some embodiments.
  • FIG. 4 illustrates a security procedure for Edge Enabler Client onboarding in accordance with some embodiments.
  • FIG. 5 illustrates selection of a security method to be used in an EDGE-1 reference point in accordance with some embodiments.
  • FIG. 6 illustrates an EDGE-1 interface authentication and protection using Transport Layer Security pre-shared key ciphersuites (TLS- PSK) in accordance with some embodiments.
  • FIG. 7 illustrates EDGE-1 interface authentication and protection using certificate-based mutual authentication in accordance with some embodiments.
  • FIG. 8 illustrates EDGE-1 interface authentication and protection using Access Tokens in accordance with some embodiments.
  • FIG. 9 illustrates a security procedure for Edge Application Server onboarding in accordance with some embodiments.
  • FIG. I A illustrates an architecture of a network in accordance with some aspects.
  • the network 140A includes 3GPP LTE/4G and NG network functions that may be extended to 6G functions. Accordingly, although 5G will be referred to, it is to be understood that this is to extend as able to 6G structures, systems, and functions.
  • a network function can be implemented as a discrete network element on a dedicated hardware, as a software instance running on dedicated hardware, and/or as a virtualized function instantiated on an appropriate platform, e.g., dedicated hardware or a cloud infrastructure.
  • the network 140 A is shown to include user equipment (UE) 101 and UE 102.
  • the UEs 101 and 102 are illustrated as smartphones (e.g., handheld touchscreen mobile computing devices connectable to one or more cellular networks) but may also include any mobile or non-mobile computing device, such as portable (laptop) or desktop computers, wireless handsets, drones, or any other computing device including a wired and/or wireless communications interface.
  • the UEs 101 and 102 can be collectively referred to herein as UE 101, and UE 101 can be used to perform one or more of the techniques disclosed herein.
  • Any of the radio links described herein may operate according to any exemplary radio communication technology and/or standard.
  • Any spectrum management scheme including, for example, dedicated licensed spectrum, unlicensed spectrum, (licensed) shared spectrum (such as Licensed Shared Access (LSA) in 2, 3-2.4 GHz, 3.4-3, 6 GHz, 3.6-3.8 GHz, and other frequencies and Spectrum Access System (SAS) in 3.55-3.7 GHz and other frequencies).
  • LSA Licensed Shared Access
  • SAS Spectrum Access System
  • Single Carrier or Orthogonal Frequency Domain Multiplexing (OFDM) modes CP-OFDM, SC-FDMA, SC-OFDM, filter bank-based multicarrier (FBMC), OFDMA, etc.
  • 3GPP NR may be used by allocating the OFDM carrier data bit vectors to the corresponding symbol resources.
  • any of the UEs 101 and 102 can comprise an Intemet-of-Things (loT) UE or a Cellular loT (CIoT) UE, which can comprise a network access layer designed for low-power loT applications utilizing short- lived UE connections.
  • any of the UEs 101 and 102 can include a narrowband (NB) loT UE (e.g., such as an enhanced NB-IoT (eNB-IoT) UE and Further Enhanced (FeNB-IoT) UE).
  • NB narrowband
  • eNB-IoT enhanced NB-IoT
  • FeNB-IoT Further Enhanced
  • An loT UE can utilize technologies such as machine-to-machine (M2M) or machine-type communications (MTC) for exchanging data with an MTC server or device via a public land mobile network (PLMN), Proximity-Based Service (ProSe) or device-to-device (D2D) communication, sensor networks, or loT networks.
  • M2M or MTC exchange of data may be a machine-initiated exchange of data.
  • An loT network includes interconnecting loT UEs, which may include uniquely identifiable embedded computing devices (within the Internet infrastructure), with short-lived connections.
  • the loT UEs may execute background applications (e.g., keepalive messages, status updates, etc. ) to facilitate the connections of the loT network.
  • any of the UEs 101 and 102 can include enhanced MTC (eMTC) UEs or further enhanced MTC (FeMTC) UEs.
  • the UEs 101 and 102 may be configured to connect, e.g., communicatively couple, with a radio access network (RAN) 110.
  • the RAN 110 may be, for example, an Evolved Universal Mobile Telecommunications System (UMTS) Terrestrial Radio Access Network (E-UTRAN), a NextGen RAN (NG RAN), or some other type of RAN.
  • UMTS Evolved Universal Mobile Telecommunications System
  • E-UTRAN Evolved Universal Mobile Telecommunications System
  • NG RAN NextGen RAN
  • the UEs 101 and 102 utilize connections 103 and 104, respectively, each of which comprises a physical communications interface or layer (discussed in further detail below); in this example, the connections 103 and 104 are illustrated as an air interface to enable communicative coupling, and can be consistent with cellular communications protocols, such as a Global System for Mobile Communications (GSM) protocol, a code-division multiple access (CDMA) network protocol, a Push-to-Talk (PTT) protocol, a PTT over Cellular (POC) protocol, a Universal Mobile Telecommunications System (UMTS) protocol, a 3GPP Long Term Evolution (LTE) protocol, a 5G protocol, a 6G protocol, and the like.
  • GSM Global System for Mobile Communications
  • CDMA code-division multiple access
  • PTT Push-to-Talk
  • POC PTT over Cellular
  • UMTS Universal Mobile Telecommunications System
  • LTE 3GPP Long Term Evolution
  • the UEs 101 and 102 may further directly exchange communication data via a ProSe interface 105.
  • the ProSe interface 105 may alternatively be referred to as a sidelink (SL) interface comprising one or more logical channels, including but not limited to a Physical Sidelink Control Channel (PSCCH), a Physical Sidelink Shared Channel (PSSCH), a Physical Sidelink Discovery Channel (PSDCH), a Physical Sidelink Broadcast Channel (PSBCH), and a Physical Sidelink Feedback Channel (PSFCH).
  • PSCCH Physical Sidelink Control Channel
  • PSSCH Physical Sidelink Shared Channel
  • PSDCH Physical Sidelink Discovery Channel
  • PSBCH Physical Sidelink Broadcast Channel
  • PSFCH Physical Sidelink Feedback Channel
  • the UE 102 is shown to be configured to access an access point (AP) 106 via connection 107.
  • the connection 107 can comprise a local wireless connection, such as, for example, a connection consistent with any IEEE 802. 11 protocol, according to which the AP 106 can comprise a wireless fidelity (WiFi®) router.
  • the AP 106 is shown to be connected to the Internet without connecting to the core network of the wireless system (described in further detail below).
  • the RAN 1 10 can include one or more access nodes that enable the connections 103 and 104.
  • ANs access nodes
  • BSs base stations
  • eNBs evolved NodeBs
  • gNBs Next Generation NodeBs
  • RAN nodes and the like, and can comprise ground stations (e.g., terrestrial access points) or satellite stations providing coverage within a geographic area (e.g., a cell).
  • the communication nodes 111 and 112 can be transmission/reception points (TRPs).
  • TRPs transmission/reception points
  • the communication nodes 111 and 112 are NodeBs (e.g., eNBs or gNBs)
  • one or more TRPs can function within the communication cell of the NodeBs.
  • the RAN 110 may include one or more RAN nodes for providing macrocells, e.g., macro RAN node 111, and one or more RAN nodes for providing femtocells or picocells (e.g., cells having smaller coverage areas, smaller user capacity, or higher bandwidth compared to macrocells), e.g., low power (LP) RAN node 112.
  • RAN nodes 111 and 1 12 can terminate the air interface protocol and can be the first point of contact for the UEs 101 and 102.
  • any of the RAN nodes 111 and 112 can fulfill various logical functions for the RAN 110 including, but not limited to, radio network controller (RNC) functions such as radio bearer management, uplink and downlink dynamic radio resource management and data packet scheduling, and mobility management.
  • RNC radio network controller
  • any of the nodes 1 1 1 and/or 112 can be a gNB, an eNB, or another type of RAN node.
  • the RAN 110 is shown to be communicatively coupled to a core network (CN) 120 via an SI interface 113.
  • the ON 120 may be an evolved packet core (EPC) network, a NextGen Packet Core (NPC) network, or some other type of CN (e.g., as illustrated in reference to FIGS. 1B-1C).
  • EPC evolved packet core
  • NPC NextGen Packet Core
  • the SI interface 113 is split into two parts: the Sl-U interface 114, which carries traffic data between the RAN nodes 111 and 112 and the seiwing gateway (S-GW) 122, and the S I -mobility management entity (MME) interface 115, which is a signaling interface between the RAN nodes 111 and 112 and MMEs 121.
  • S-GW seiwing gateway
  • MME S I -mobility management entity
  • the CN 120 comprises the MMEs 121, the S-GW
  • the MMEs 121 may be similar in function to the control plane of legacy Serving General Packet Radio Sendee (GPRS) Support Nodes (SGSN).
  • the MMEs 121 may manage mobility aspects in access such as gateway selection and tracking area list management.
  • the HSS 124 may comprise a database for network users, including subscription-related information to support the network entities' handling of communication sessions.
  • the CN 120 may comprise one or several HSSs 124, depending on the number of mobile subscribers, on the capacity of the equipment, on the organization of the network, etc. For example, the HSS 124 can provide support for routing/roaming, authentication, authorization, naming/addressing resolution, location dependencies, etc.
  • the S-GW 122 may terminate the SI interface 113 towards the RAN 110, and routes data packets between the RAN 110 and the CN 120.
  • the S-GW 122 may be a local mobility anchor point for inter-RAN node handovers and also may provide an anchor for inter-3GPP mobility. Other responsibilities of the S-GW 122 may include a lawful intercept, charging, and some policy enforcement.
  • the P-GW 123 may terminate an SGi interface toward a PDN.
  • the P-GW 123 may route data packets between the EPC network 120 and external networks such as a network including the application server 184 (alternatively referred to as application function (AF)) via an Internet Protocol (IP) interface 125.
  • the P-GW 123 can also communicate data to other external networks 131 A, which can include the Internet, IP multimedia subsystem (IPS) network, and other networks.
  • the application server 184 may be an element offering applications that use IP bearer resources with the core network (e.g., UMTS Packet Services (PS) domain, LTE PS data services, etc.).
  • PS UMTS Packet Services
  • LTE PS data services etc.
  • the P-GW 123 is shown to be communicatively coupled to an application server 184 via an IP interface 125.
  • the application server 184 can also be configured to support one or more communication sendees (e.g., Voice-over- In temet Protocol (VoIP) sessions, PTT sessions, group communication sessions, social networking sendees, etc.) for the UEs 101 and 102 via the CN 120.
  • the P-GW 123 may further be a node for policy enforcement and charging data collection.
  • Policy and Charging Rules Function (PCRF) 126 is the policy and charging control element of the CN 120.
  • PCRF Policy and Charging Rules Function
  • HPLMN Home Public Land Mobile Network
  • IP-CAN Internet Protocol Connectivity Access Network
  • the communication network 140 A can be an loT network or a 5G or 6G network, including 5G new radio network using communications in the licensed (5G NR) and the unlicensed (5G NR-U) spectrum.
  • 5G NR licensed
  • 5G NR-U unlicensed
  • NB-IoT narrowband-IoT
  • Operation in the unlicensed spectrum may include dual connectivity (DC) operation and the standalone LTE system in the unlicensed spectrum, according to which LTE-based technology solely operates in unlicensed spectrum without the use of an “anchor” in the licensed spectrum, called MulteFire.
  • DC dual connectivity
  • LTE-based technology solely operates in unlicensed spectrum without the use of an “anchor” in the licensed spectrum, called MulteFire.
  • Further enhanced operation of LTE systems in the licensed as well as unlicensed spectrum is expected in future releases and 5G systems.
  • Such enhanced operations can include techniques for sidelink resource allocation and UE processing behaviors for NR sidelink V2X communications.
  • An NG system architecture (or 6G system architecture) can include the RAN 110 and a 5G network core (5GC) 120.
  • the NG-RAN 110 can include a plurality of nodes, such as gNBs and NG-eNBs.
  • the core network 120 (e.g., a 5G core netw'ork/5GC) can include an access and mobility function
  • the AMF and the UPF can be communicatively coupled to the gNBs and the NG-eNBs via NG interfaces. More specifically, in some aspects, the gNBs and the NG-eNBs can be connected to the AMF by NG-C interfaces, and to the UPF by NG-U interfaces. The gNBs and the NG-eNBs can be coupled to each other via Xn interfaces.
  • the NG system architecture can use reference points between various nodes.
  • each of the gNBs and the NG- eNBs can be implemented as a base station, a mobile edge server, a small cell, a home eNB, and so forth.
  • a gNB can be a master node (MN) and NG-eNB can be a secondary' node (SN) in a 5G architecture.
  • MN master node
  • SN secondary' node
  • FIG. 1 B illustrates a non-roaming 5G system architecture in accordance with some aspects.
  • FIG. IB illustrates a 5G system architecture 140B in a reference point representation, which may be extended to a 6G system architecture.
  • UE 102 can be in communication with RAN 110 as well as one or more other 5GC network entities.
  • the 5G system architecture 140B includes a plurality of network functions (NFs), such as an AMF 132, session management function (SMF) 136, policy control function (PCF) 148, application function (AF) 150, UPF 134, network slice selection function (NSSF) 142, authentication server function (AUSF) 144, and unified data management (UDM)/home subscriber server (HSS) 146.
  • NFs network functions
  • AMF session management function
  • PCF policy control function
  • AF application function
  • UPF network slice selection function
  • AUSF authentication server function
  • UDM unified data management
  • HSS home subscriber server
  • the UPF 134 can provide a connection to a data network (DN) 152, which can include, for example, operator services, Internet access, or third- party sendees.
  • the AMF 132 can be used to manage access control and mobility and can also include network slice selection functionality.
  • the AMF 132 may provide UE-based authentication, authorization, mobility management, etc., and may be independent of the access technologies.
  • the SMF 136 can be configured to set up and manage various sessions according to network policy.
  • the SMF 136 may thus be responsible for session management and allocation of IP addresses to UEs.
  • the SMF 136 may also select and control the UPF 134 for data transfer.
  • the SMF 136 may be associated with a single session of a UE 101 or multiple sessions of the UE 101. This is to say that the UE 101 may have multiple 5G sessions. Different SMFs may be allocated to each session. The use of different SMFs may permit each session to be individually managed. As a consequence, the functionalities of each session may be independent
  • the UPF 134 can be deployed in one or more configurations according to the desired sendee type and may be connected with a data network.
  • the PCF 148 can be configured to provide a policy framework using network slicing, mobility management, and roaming (similar to PCRF in a 4G communication system).
  • the UDM can be configured to store subscriber profiles and data (similar to an HSS in a 4G communication system).
  • the AF 150 may provide information on the packet flow to the
  • the PCF 148 responsible for policy control to support a desired QoS.
  • the PCF 148 may set mobility and session management policies for the UE 101. To this end, the PCF 148 may use the packet flow information to determine the appropriate policies for proper operation of the AMF 132 and SMF 136.
  • the AUSF 144 may store data for UE authentication.
  • the 5G system architecture 140B includes an IP multimedia subsystem (IMS) 168B as well as a plurality of IP multimedia core network subsystem entities, such as call session control functions (CSCFs).
  • IMS IP multimedia subsystem
  • CSCFs call session control functions
  • the IMS 168B includes a CSCF, which can act as a proxy CSCF (P-CSCF) 162BE, a serving CSCF (S-CSCF) 164B, an emergency CSCF (E-CSCF) (not illustrated in FIG. IB), or interrogating CSCF (I-CSCF) I66B.
  • the P-CSCF 162B can be configured to be the first contact point for the UE 102 within the IM subsystem (IMS) 168B.
  • the S-CSCF 164B can be configured to handle the session states in the network, and the E-CSCF can be configured to handle certain aspects of emergency sessions such as routing an emergency request to the correct emergency center or PSAP.
  • the I-CSCF 166B can be configured to function as the contact point within an operator's network for all IMS connections destined to a subscriber of that network operator, or a roaming subscriber currently located within that network operator's service area.
  • the I-CSCF 166B can be connected to another IP multimedia network 170E, e.g. an IMS operated by a different network operator.
  • the UDMZHSS 146 can be coupled to an application server 160E, which can include a telephony application server (TAS) or another application server (AS),
  • the AS 160B can be coupled to the IMS 168B via the S-CSCF 164B or the I-C SCF 166B .
  • FIG. IB illustrates the following reference points: N1 (between the UE 102 and the AMF 132), N2 (between the RAN 110 and the AMF 132), N3 (between the RAN 110 and the UPF 134), N4 (between the SMF 136 and the UPF 134), N5 (between the PCF 148 and the AF 150, not shown), N6 (between the UPF 134 and the DN 152), N7 (between the SMF 136 and the PCF 148, not shown), N8 (between the UDM 146 and the AMF 132, not shown), N9 (between two UPFs 134, not shown), N10 (between the UDM 146 and the SMF 136, not shown), N11 (between the following reference points: N1 (between the UE 102 and the AMF 132), N2 (between the RAN 110 and the AMF 132), N3 (between the RAN 110 and the UPF 134), N4 (between the SMF 136 and the UPF 134), N5 (between the
  • AMF 132 and the SMF 136, not shown N12 (between the AUSF 144 and the AMF 132, not shown), N13 (between the AUSF 144 and the UDM 146, not shown), N14 (between two AMFs 132, not shown), N15 (between the PCF 148 and the AMF 132 in case of a non-roaming scenario, or between the PCF 148 and a visited network and AMF 132 in case of a roaming scenario, not shown), N16 (between two SMFs, not shown), and N22 (between AMF 132 and NSSF 142, not shown).
  • Other reference point representations not shown in FIG. IB can also be used.
  • FIG. 1C illustrates a 5G system architecture 140C and a service- based representation.
  • system architecture 140C can also include a network exposure function (NEF) 154 and a network repository function (, ⁇ Rr ) 156.
  • NEF network exposure function
  • , ⁇ Rr network repository function
  • 5G system architectures can be service-based and interaction between network functions can be represented by corresponding point-to-point reference points Ni or as service-based interfaces.
  • sendee-based representations can be used to represent network functions within the control plane that enable other authorized network functions to access their sendees.
  • 5G system architecture 140C can include the following service- based interfaces: Namf 158H (a service-based interface exhibited by the AMF 132), Nsmf 1581 (a sendee-based interface exhibited by the SMF 136), Nnef 158B (a service-based interface exhibited by the NEF 154), Npcf 158D (a sendee-based interface exhibited by the PCF 148), a Nudm 158E (a sendeebased interface exhibited by the UDM 146), Naf 158F (a sendee-based interface exhibited by the AF 150), Nnrf 158C (a service-based interface exhibited by the NRF 156), Nnssf 158A (a service-based interface exhibited by the NSSF 142), Nausf 158G
  • NR-V2X architectures may support high-reliability low latency sidelink communications with a variety of traffic patterns, including periodic and aperiodic communications with random packet arrival time and size.
  • Techniques disclosed herein can be used for supporting high reliability in distributed communication systems with dynamic topologies, including sidelink NR V2X communication systems.
  • FIG. 2 illustrates a block diagram of a communication device in accordance with some embodiments.
  • the communication device 200 may be a UE such as a specialized computer, a personal or laptop computer (PC), a tablet PC, or a smart, phone, dedicated network equipment such as an eNB, a server running software to configure the server to operate as a network device, a virtual device, or any machine capable of executing instructions (sequential or otherwise) that specify actions to be taken by that machine.
  • the communication device 200 may be implemented as one or more of the devices shown in FIGS. 1A-1C. Note that communications described herein may be encoded before transmission by the transmitting entity (e.g., UE, gNB) for reception by the receiving entity (e.g., gNB, UE) and decoded after reception by the receiving entity.
  • the transmitting entity e.g., UE, gNB
  • the receiving entity e.g., gNB, UE
  • Examples, as described herein, may include, or may operate on, logic or a number of components, modules, or mechanisms.
  • Modules and components are tangible entities (e.g., hardware) capable of performing specified operations and may be configured or arranged in a certain manner.
  • circuits may be arranged (e.g., internally or with respect to external entities such as other circuits) in a specified manner as a module.
  • the whole or part of one or more computer systems e.g., a standalone, client or server computer system
  • one or more hardware processors may be configured by firmware or software (e.g., instructions, an application portion, or an application) as a module that operates to perform specified operations.
  • the software may reside on a machine readable medium.
  • the software when executed by the underlying hardware of the module, causes the hardware to perform the specified operations.
  • module (and “component”) is understood to encompass a tangible entity, be that an entity that is physically constructed, specifically configured (e.g., hardwired), or temporarily (e.g., transitorily) configured (e.g., programmed) to operate in a specified manner or to perform pail or all of any operation described herein.
  • each of the modules need not be instantiated at any one moment in time.
  • the modules comprise a general-purpose hardware processor configured using software
  • the general-purpose hardware processor may be configured as respective different modules at different times.
  • Software may accordingly configure a hardware processor, for example, to constitute a particular module at one instance of time and to constitute a different module at a different instance of time.
  • the communication device 200 may include a hardware processor (or equivalently processing circuitry) 202 (e.g., a central processing unit (CPU), a GPU, a hardware processor core, or any combination thereof), a main memory 204 and a static memory' 206, some or all of which may communicate with each other via an interlink (e.g., bus) 208.
  • the main memory' 204 may contain any or all of removable storage and non-removable storage, volatile memory or non-volatile memory.
  • the communication device 200 may further include a display unit 210 such as a video display, an alphanumeric input device 212 (e.g., a keyboard), and a user interface (UI) navigation device 214 (e.g., a mouse).
  • UI user interface
  • the display unit 210, input device 212 and Ul navigation device 214 may be a touch screen display.
  • the communication device 200 may additionally include a storage device (e.g., drive unit) 216, a signal generation device 218 (e.g., a speaker), a network interface device 220, and one or more sensors, such as a global positioning system (GPS) sensor, compass, accelerometer, or other sensor.
  • the communication device 200 may further include an output controller, such as a serial (e.g., universal serial bus (USB), parallel, or other wired or wireless (e.g., infrared (IR), near field communication (NFC), etc.) connection to communicate or control one or more peripheral devices (e.g., a printer, card reader, etc.).
  • a serial e.g., universal serial bus (USB), parallel, or other wired or wireless (e.g., infrared (IR), near field communication (NFC), etc.) connection to communicate or control one or more peripheral devices (e.
  • the storage device 216 may include a non-transitory machine readable medium 222 (hereinafter simply referred to as machine readable medium) on which is stored one or more sets of data structures or instructions 224 (e.g., software) embody ing or utilized by any one or more of the techniques or functions described herein.
  • the instructions 224 may also reside, completely or at. least partially, within the main memory 204, within static memory 206, and/or within the hardware processor 202 during execution thereof by the communication device 200.
  • machine readable medium 222 is illustrated as a single medium, the term “machine readable medium” may include a single medium or multiple media (e.g., a centralized or distributed database, and/or associated caches and seivers) configured to store the one or more instructions 224.
  • machine readable medium may include a single medium or multiple media (e.g., a centralized or distributed database, and/or associated caches and seivers) configured to store the one or more instructions 224.
  • machine readable medium may include any medium that is capable of storing, encoding, or carrying instructions for execution by the communication device 200 and that cause the communication device 200 to perform any one or more of the techniques of the present disclosure, or that is capable of storing, encoding or carrying data structures used by or associated with such instructions.
  • Non-limiting machine readable medium examples may include solid-state memories, and optical and magnetic media.
  • machine readable media may include: non-volatile memory, such as semiconductor memory devices (e.g., Electrically Programmable Read-Only Memory (EPROM), Electrically Erasable Programmable Read-Only Memory (EEPROM)) and flash memory devices; magnetic disks, such as internal hard disks and removable disks; magneto-optical disks; Random Access Memory' (RAM); and CD-ROM and DVD-ROM disks.
  • non-volatile memory such as semiconductor memory devices (e.g., Electrically Programmable Read-Only Memory (EPROM), Electrically Erasable Programmable Read-Only Memory (EEPROM)) and flash memory devices
  • EPROM Electrically Programmable Read-Only Memory
  • EEPROM Electrically Erasable Programmable Read-Only Memory
  • flash memory devices e.g., electrically Erasable Programmable Read-Only Memory (EEPROM)
  • EPROM Electrically Programmable Read-Only Memory
  • EEPROM Electrically Erasable Programmable Read-Only Memory
  • flash memory devices e.
  • the instructions 224 may further be transmitted or received over a communications network using a transmission medium 226 via the network interface device 220 utilizing any one of a number of wireless local area network (WLAN) transfer protocols (e.g., frame relay, internet protocol (IP), transmission control protocol (TCP), user datagram protocol (UDP), hypertext transfer protocol (HTTP), etc,).
  • WLAN wireless local area network
  • Example communication networks may include a local area network (LAN), a wide area network (WAN), a packet data network (e.g., the Internet), mobile telephone networks (e.g., cellular networks), Plain Old Telephone (POTS) networks, and wireless data networks.
  • LAN local area network
  • WAN wide area network
  • POTS Plain Old Telephone
  • Communications over the networks may include one or more different protocols, such as Institute of Electrical and Electronics Engineers (IEEE) 802.11 family of standards known as Wi-Fi, IEEE 802.16 family of standards known as WiMax, IEEE 802.15.4 family of standards, a Long Term Evolution (LTE) family of standards, a Universal Mobile Telecommunications System (UMTS) family of standards, peer-to-peer (P2P) networks, a next generation (NGVS 111 generation (5G) standards among others.
  • the network interface device 220 may include one or more physical jacks (e.g., Ethernet, coaxial, or phonejacks) or one or more antennas to connect to the transmission medium 226.
  • circuitry 7 refers to, is part of, or includes hardware components such as an electronic circuit, a logic circuit, a processor (shared, dedicated, or group) and/or memory (shared, dedicated, or group), an Application Specific Integrated Circuit (ASIC), a field-programmable device (FPD) (e.g., a field-programmable gate array ( FPGA ), a programmable logic device (PLD), a complex PLD (CPLD), a high-capacity PLD (HCPLD), a structured ASIC, or a programmable SoC), digital signal processors (DSPs), etc., that are configured to provide the described functionality.
  • FPD field-programmable device
  • FPGA field-programmable gate array
  • PLD programmable logic device
  • CPLD complex PLD
  • HPLD high-capacity PLD
  • DSPs digital signal processors
  • the circuitry may execute one or more software or firmware programs to provide at least some of the described functionality.
  • the term “circuitry” may also refer to a combination of one or more hardware elements (or a combination of circuits used in an electrical or electronic system) with the program code used to carry out the functionality of that program code. In these embodiments, the combination of hardware elements and program code may be referred to as a particular type of circuitry 7 .
  • processor circuitry or “processor” as used herein thus refers to, is part of, or includes circuitry capable of sequentially and automatically carrying out a sequence of arithmetic or logical operations, or recording, storing, and/or transferring digital data.
  • processor circuitry or “processor” may refer to one or more application processors, one or more baseband processors, a physical central processing unit (CPU), a single- or multi-core processor, and/or any other device capable of executing or otherwise operating computer-executable instructions, such as program code, software modules, and/or functional processes.
  • Radio links described herein may operate according to any one or more of the following radio communication technologies and/or standards including but not limited to: a Global System for Mobile
  • GSM Global System for Mobile communications
  • GPRS General Packet Radio Service
  • EDGE Enhanced Data Rates for GSM Evolution
  • 3GPP Third Generation Partnership Project
  • UMTS Universal Mobile Telecommunications System
  • FOMA Freedom of Multimedia Access
  • LTE 3 GPP Long Term Evolution
  • LTE Advanced 3 GPP Long Term Evolution Advanced
  • CDMA2000 Code division multiple access 2000
  • CDPD Cellular Digital Packet Data
  • Mobitex Third Generation
  • Third Generation (3G) Circuit Switched Data (CSD), High-Speed Circuit-Switched Data
  • HCSD Universal Mobile Telecommunications System
  • UMTS Universal Mobile Telecommunications System
  • W-CDMA Wideband Code Division Multiple Access
  • HSPA High Speed Packet Access
  • HSDPA High-Speed Downlink Packet Access
  • HSUPA High-Speed Uplink Packet Access
  • HSPA+ Universal Mobile Telecommunications System-Time-Division Duplex
  • TD-CDMA Time Division-Code Division Multiple Access
  • TD-CDMA Time Division- Synchronous Code Division Multiple Access
  • TD-CDMA 3rd Generation Partnership Project Release 8 (Pre-4th Generation) (3 GPP Rel. 8 (Pre-4G)
  • 3rd Generation Partnership Project Release 9 3rd Generation Partnership Project Release 9
  • 3GPP Rel. 10 3rd Generation Partnership Project Release 10
  • 3GPP Rel, 11 3rd Generation Partnership Project Release 11
  • 3GPP Rel. 12 3rd Generation Partnership Project Release 12
  • 3GPP Rel. 13 3rd Generation Partnership Project Release 13
  • 3GPP Rel. 14 3rd Generation Partnership Project Release 14
  • 3GPP Rel. 15 3rd Generation Partnership Project Release 15
  • 3GPP Rel. 16 3rd Generation Partnership Project Release 9
  • V2V Vehi cl e-to- Vehicle
  • V2X Vehicle-to-X
  • V2I Vehicle-to- Infrastructure
  • 12 V Infrastructure-to- Vehicle
  • ITS-G5 system i.e. the European flavor of IEEE 802.1 Ip based DSRC, including ITS-G5A (i.e., Operation of ITS-G5 in European ITS frequency bands dedicated to ITS for safety re-lated applications in the frequency range 5,875 GHz to 5,905 GHz), ITS-G5B (i.e., Operation in European ITS frequency bands dedicated to ITS non- safety applications in the frequency range 5,855 GHz to 5,875 GHz), ITS-G5C (i.e., Operation of ITS applications in the frequency range 5,470 GHz to 5,725 GHz)), DSRC in Japan in the 700MHz band (including 715 MHz to 725 MHz), IEEE 802.1 Ibd based systems, etc.
  • ITS-G5A i.e., Operation of ITS-G5 in European ITS frequency bands dedicated to ITS for safety re-lated applications in the frequency range 5,875 GHz to 5,905 GHz
  • ESA Licensed Shared Access in 2.3-2.4 GHz, 3.4-3.6 GHz, 3.6-3.8 GHz and further frequencies
  • Applicable spectrum bands include IMT (International Mobile Telecommunications) spectrum as well as other types of spectrum/bands, such as bands with national allocation (including 450 - 470 MHz, 902-928 MHz (note: allocated for example in US (FCC Part 15)), 863-868.6 MHz (note: allocated for example in European Union (ETSI EN 300 220)), 915.9-929.7 MHz (note: allocated for example in Japan), 917-923.5 MHz (note: allocated for example in South Korea), 755-779 MHz and 779-787 MHz (note: allocated for example in China), 790 - 960 MHz, 1710 - 2025 MHz, 2110 - 2200 MHz, 2300 - 2400 MHz, 2.4-2.4835 GHz (note: it is an ISM band with global availability and it is used by Wi-Fi technology family (11 b/g/n/ax) and also by Bluetooth), 2500 - 2690 MHz, 698-790 MHz, 610 - 790
  • Wi-Fi (note: allocated for example in South Korea, 5925-7125 MHz and 5925-6425MHz band (note: under consideration in US and EU, respectively.
  • Next generation Wi-Fi system is expected to include the 6 GHz spectrum as operating band but it is noted that, as of December 2017, Wi-Fi system is not yet allowed in this band.
  • IMT-advanced spectrum IMT-2020 spectrum (expected to include 3600-3800 MHz, 3800 - 4200 MHz, 3.5 GHz bands, 700 MHz bands, bands within the 24.25-86 GHz range, etc.), spectrum made available under FCC's "Spectrum Frontier" 5G initiative (including 27.5 - 28.35 GHz, 29.1 - 29.25 GHz, 31 - 31.3 GHz, 37 - 38.6 GHz, 38.6 - 40 GHz, 42 - 42.5 GHz, 57 - 64 GHz, 71 - 76 GHz, 81 - 86 GHz and 92 - 94 GHz, etc), the ITS (Intelligent Transport Systems) band of 5.9 GHz (typically 5.85-5.925 GHz) and 63-64 GHz, bands currently allocated to WiGig such as WiGig Band 1 (57.24-59.40 GHz), WiGig Band 2 (59.40-61.56 GHz
  • aspects described herein can also implement a hierarchical application of the scheme is possible, e.g. by introducing a hierarchical prioritization of usage for different types of users (e.g., low/medium/high priority, etc.), based on a prioritized access to the spectrum e.g. with highest priority to tier-1 users, followed by tier-2, then tier-3, etc. users, etc.
  • a hierarchical prioritization of usage for different types of users e.g., low/medium/high priority, etc.
  • a prioritized access to the spectrum e.g. with highest priority to tier-1 users, followed by tier-2, then tier-3, etc. users, etc.
  • a UE may take this role as well and act as an AP, eNB, or gNB; that is some or all features defined for network equipment may be implemented by a UE.
  • 5G fifth generation
  • Edge computing is used in distributed computing to bring computing and storage closer to a particular data source.
  • the Edge Data Network is a local Data Network.
  • FIG. 3 illustrates an architecture for enabling edge applications in accordance with some embodiments.
  • Edge Application Sers erf s ⁇ and the Edge Enabler Server are contained within the Edge Data Network.
  • the Edge Configuration Server provides configurations related to the Edge Enabler Server, including details of the Edge Data Network hosting the Edge Enabler Server.
  • the UE contains one or more Application Client! s) and the Edge Enabler Client.
  • the Edge Application Server! s), the Edge Enabler Server and the Edge Configuration Server may interact with the 3 GPP Core Network.
  • To use Edge Computing the various entities are authenticated and authorized.
  • Edge Computing authentication and authorization includes Edge Computing EDGE-4 authentication and Edge-1 reference point authentication and authorization. Prior to starting the security flow for either EDGE-1 or Edge 4 authentication and authorization, successful onboarding of the Edge Configuration Server (ECS) and Edge Enabler Client (EEC) takes place.
  • ECS Edge Configuration Server
  • EEC Edge Enabler Client
  • each EDGE reference point enables different interactions.
  • the EDGE-6 reference point enables interactions between the Edge Configuration Server and the Edge Enabler Server.
  • EDGE-6 supported registration and registration updates, and deregistration, of Edge Enabler Server information to the Edge Enabler Network Configuration Server.
  • the Edge Enabler Server Registration procedure allows an Edge Enabler Server to provide information to an Edge Configuration Server to request the use of its edge configuration capabilities.
  • the Edge Enabler Server registration update procedure allows an Edge Enabler Sen' er to update the Edge Configuration Server if there is a change in the information at the Edge Enabler Server.
  • the Edge Enabler Server uses the Edge Enabler Server deregistration procedure to remove its information from the Edge Configuration Server.
  • the Edge Configuration Server can be deployed in the mobile network operator (MNO) domain or can be deployed in a 3 rd party domain by the sendee provider in which one Edge Enabler Client may communicate with one or more Edge Configuration Server(s) concurrently.
  • One Edge Enabler Server may concurrently connect to one or more Edge Configuration Server with a separate EDGE-6 reference point interface.
  • the Edge Enabler server that is configured with multiple Edge Configuration Server endpoint addresses(es) may perform the service registration, updates, or deregistration procedures per the Edge Configuration Server of each Edge Configuration Server multiple times.
  • the Security Context of each of EDGE-6 interfaces is to be separate from each other as the trust domain may be different.
  • Enabler Server may be able to register with the Edge Configuration Server, further exposing its services to UE's Edge, enabling clients and applications running on UE.
  • Registration updates without any confidentiality or integrity maybe able to help a man-in-the-middle actor impersonating the Edge Configuration Server to the Edge Enabler Server, exposing and possibly altering the registration updates with falsified Edge Enabler Server profile to the Edge Configuration Server. Also, this attack leads to exposing the topology details, server information within the PLMN domain. Malicious actors can use this exposed information for the benefit of PLAIN'S or Edge Computing Service provider's competitors.
  • Edge Configuration Server is to be able to authenticate the Edge Enabler Server to register and update the server profile information.
  • the Edge Configuration Server is to be able to authorize the Edge Enabler Server to register and update the server profile information.
  • the EDGE-3 reference point enables interactions between the Edge Enabler Server and the Edge Application Server.
  • EDGE-3 like EDGE-6, supports the registration and registration updates, and deregistration, of Edge Application Sen/ er information to the Edge Enabler Server.
  • One Edge Application Server may concurrently connect to one or more Edge Enabler Server with a separate EDGE-3 reference point interface.
  • the Security Context of each of EDGE-3 interfaces is to be separate from each other as the trust domain may be different.
  • the confidentiality and integrity protection should be supported for the transport messages and data over the EDGE-3 reference point.
  • the transport of messages over the EDGE-3 reference points is to be protected from replay attacks.
  • the onboarding flow starts with the Edge Enabler Client establishing a Transport Layer Security (TLS) connection to the Edge Configuration Server over the Edge-4 interface.
  • TLS Transport Layer Security
  • Successful TLS establishment results in the opportunity for the Edge Configuration Server to transfer Edge-1 Edge Enabler Server authentication and authorization information to the Edge Enabler Client.
  • the TLS session is released and the Edge-4 security flow ends.
  • the Edge Enabler Client and the Edge Configuration Server secures and authenticates the onboarding of the Edge Enabler Client to the Edge Configuration Server.
  • the Edge Enabler Client and the Edge Configuration Server establishes a secure session using TLS. Security profiles for TLS implementation and usage follow the provisions given in TS 33.310, Annex E.
  • the Edge Enabler Client sends an Onboard Edge Enabler Client Request message to the Edge Configuration Server.
  • the Onboard Edge Enabler Client Request message carries an onboard credential obtained during pre-provisioning of the onboard enrollment information, which may be an OAuth 2.0 access token.
  • the access token is encoded as JavaScript Object Notation (JSON) web token as specified in Internet Engineering Task Force (IETF) Request for Comments (RFC) 7519, includes a JSON web signature as specified in IETF RFC 7515, and validated per OAuth 2.0, IETF RFC 7519 and IETF RFC 7515.
  • Other credentials may also be used (e.g. a message digest).
  • FIG. 4 illustrates a security procedure for Edge Enabler Client onboarding in accordance with some embodiments.
  • An OAuth 2.0 token-based authentication credential is shown in FIG. 4.
  • the Edge Enabler Client obtains onboarding enrollment information from the Edge Computing Service Provider domain.
  • the onboarding enrollment information is used to authenticate and establish a secure TLS communication with the Edge Configuration Server during the onboarding process.
  • the enrollment information includes details of the Edge Configuration Server (address and root certificate authority (CA) certificate) and includes an onboarding credential (the OAuth 2.0 access token).
  • CA root certificate authority
  • the Edge Enabler Client uses the enrollment information obtained in operation I to establish the TLS session with the Edge Configuration Server.
  • the Edge Enabler Client sends an Onboard Edge Enabler Client request message to the Edge Configuration Server along with the enrollment credential (OAuth 2.0 access token).
  • the Edge Enabler Client generates the key pair ⁇ Private Key, Public key ⁇ and provides the public key along with the Onboard Edge Enabler
  • the Edge Configuration Server validates the enrollment credential (OAuth 2.0 access token). If validation of the credential (the OAuth 2.0 access token in FIG. 4) is successful, the Edge Configuration Server generates an Edge Enabler Client's profile as specified in TS 23.558 which may contain the selected method for Edge Enabler Server authentication and authorization between the Edge Enabler Client and the Edge Enabler Server.
  • the Edge Configuration Server may generate Edge Enabler Client's certificate on its own, for the assigned Edge Enabler Client identity and public key. This certificate is used by the Edge Enabler Client for subsequent authentication procedures with the Edge Configuration Server and may be used for establishing a secure connection and authentication with the Edge Enabler Server.
  • the Edge Configuration Server may optionally generate an Onboarding_Secret_token.
  • the Onboarding_Secret_token value remains the same during the lifetime of the onboarding, and is bound to the Edge Configuration Server specific Edge
  • the Edge Enabler Client can additionally include the certificate in Onboard Edge Enabler Client request message. If the Edge Configuration Server trusts the issuer of the Edge Enabler Client's client certificate, then the Edge Configuration Server includes the provided certificate in the Edge Enabler Client's profile in operation 4. It is up to the Edge Computing Service Provider domain policy to accept the client certificates issued by third party. 70 [0081] At operation 5, the Edge Configuration Server responds with an Onboard Edge Enabler Client response message. The response includes the Edge Configuration Server assigned Edge Enabler Client ID, Edge Enabler Server Authentication and authorization information (if generated in operation 4), Edge Enabler Client's certificate and the Edge Enabler Client
  • Onboarding_Secret_token (if generated by the Edge Configuration Server).
  • the EDGE-1 reference point enables interactions between the Edge Enabler Server and the Edge Enabler Client.
  • EDGE-1 reference point supports registration and deregistration of the Edge Enabler Client to the Edge Enabler Server, retrieval and provisioning of Edge Application Server configuration information, and discover ⁇ - of Edge Application Servers available in the Edge Data Network.
  • the edge Application server provides functionalities to the Edge Enabler Client over the EDGE-1 reference point, such as provisioning of configuration information and supports the functionalities of application context transfer.
  • the Edge Enabler Client performs functionalities such as configuration information retrieval from the Edge Enabler Server and discovering of the Edge Application Servers available in the Edge Data Network.
  • the Edge Application Server(s) and the Edge Enabler Server are contained within the Edge Data Network.
  • the UE is initially provisioned with the configurations to connect to the Edge Data Network.
  • the Edge Enabler Client of the UE registers with the selected Edge Enabler Server(s) from the list of provisioned Edge Enabler Server(s).
  • the Edge Enabler Client consumes service offered by the Edge Enabler Server, e.g., discovering Edge Application Servers in an area of interest.
  • the procedure enables initialization or update of the Edge Enabler Client context information at the Edge Enabler Server,
  • the Edge Enabler Client sends an Edge Enabler Client registration request to the Edge Enabler Server.
  • the Edge Application Server discovery enables Edge Enabler Clients to obtain information about available Edge Application Servers of interest.
  • a malicious Edge Enabler Client receives a list of Services and topology structure within the Edge Data Network from an Edge Enabler Server discovery' response message or a provisioning response message.
  • the received information can reveal the Edge Data Network’s topology (e.g., Uniform Resource Identifier (URI), Internet Protocol (IP) address, number of Edge Application Servers, Application Server Functionalities, API type, protocols).
  • URI Uniform Resource Identifier
  • IP Internet Protocol
  • a malicious Edge Enabler Client may use the information to launch attacks on the Edge Data Network or use the information for competitive reasons.
  • the transport of messages over the EDGE-1 interface should be protected from a Replay Attack, Man-in- the-middle (MITM) attacks and altercation to the message should be prohibited.
  • the Edge Enabler Server is able to provide mutual authentication with the Edge Enabler Client over the EDGE-1 Interface.
  • the Edge Enabler Server is able to determine whether the Edge
  • Enabler Client is authorized to access the Edge Enabler Seiver’s sendees.
  • the EDGE-4 reference point enables interactions between the Edge Configuration Server and the Edge Enabler Client.
  • the Edge Configuration Server provides supporting functions for the Edge Enabler Client to connect with an Edge Enabler Server.
  • the EDGE-4 reference point supports provisioning of Edge configuration information (e.g., URI or LADN service information) to the Edge Enabler Client.
  • Edge Enabler Client performs the functionalities like configuration information retrieval from the Edge
  • the Edge Configuration Server can be deployed in the MNO domain or can be deployed in a 3 rd party domain. If a non-MNO Edge computing service provider deploys the Edge Configuration Server, the Edge Configuration Server endpoint address is pre-configured with the Edge Enabler Client.
  • the Edge Enabler Client which is configured with multiple Edge Configuration Server endpoint addresses(es), may perform the sendee provisioning procedure per the Edge Configuration Server of each Edge Configuration Server multiple times.
  • the UE can contain a single Application Client or multiple Application Clients, which are served by a single Edge Configuration Server. In another scenario, the UE has multiple Application Clients where each Application Client can be served by an Edge Application Server, which in turn served by a different Edge Configuration Server's Edge Enabler Server.
  • a malicious Edge Enabler Client may be able to receive a list of Edge Enabler Server configuration information and topology' structure within the Edge Data Network from the provisioning response message.
  • the received information can reveal the Edge Data Network's topology (e.g., URI, fully qualified domain name (FQDN), IP address, Local Area Data Network (LADN) service information, Application Server Functionalities, application programming interface (API) type, protocols).
  • the Edge Configuration Server should be able to hide the topology and provisioning information between the trust domains of each application.
  • a malicious application client may be able to get access to other Edge Enabler Servers and Edge Application Servers.
  • the malicious Edge Enabler Client may use the information to launch attacks on Edge Data Network or use the information for competitive reasons.
  • the transport of messages over EDGE-4 should be protected from Replay Attack, MITM attacks and alteration to the message should be prohibited.
  • Edge 4 Security the confidentiality and integrity protection should be supported for the transport messages and data over the EDGE-4 reference point.
  • Edge Configuration Server the Edge Configuration Server is able to provide mutual authentication with Edge Enabler Client over the EDGE-4
  • the Edge Configuration Server is able to determine whether the Edge Enabler Client is authorized to access provisioning sendees offered by the Edge Configuration Server.
  • the Edge Configuration Server is able to hide topology details between the trust domains of each application client.
  • TLS is used to provide integrity protection, replay protection and confidentiality protection.
  • the support of TLS is mandatory or optional to use based on the domain administrator's policy to protect interfaces within the trusted domain. The procedure below may be followed unless the security of EDGE -4 reference point is provided by other means.
  • TLS is used to provide integrity protection, replay protection and confidentiality protection for EDGE-4 interface.
  • the support of TLS on the EDGE-4 interface is mandatory'.
  • Security profiles for TLS implementation and usage follow the provisions given in TS 33.310, Annex E. [00111] Security method negotiation
  • the Edge Enabler Client and the Edge Configuration Server negotiate a security method that is used by the Edge Enabler Client and the Edge Enabler Server for EDGE-1 interface authentication and protection. After successful mutual authentication on the EDGE-4 interface, based on the Edge Enabler Server capabilities, the Edge Configuration Server chooses the security method and sends the chosen security' methods along with the information for authentication of the Edge Enabler Client at the Edge Enabler Server to the Edge Enabler Client. The information may' include the validity time of the EDGE- 1 credentials. This is depicted in FIG. 5, which illustrates selection of a security method to be used in an EDGE-1 reference point in accordance with some embodiments.
  • Enabler Client is onboarded with the Edge Configuration Server.
  • FIG. 5 at operation 1, mutual authentication based on client and server certificates is established using TLS between the Edge Enabler Client and the Edge Configuration Server. The client certificate that was provided to the Edge Enabler Client as the result of successful onboarding is used.
  • the Edge Enabler Client may send EDGE-1 security capability information to the Edge Configuration Server in the Security Method Request message, indicating the list of security methods that the Edge Enabler Client supports over EDGE-1 reference point for each Edge Enabler Server.
  • the Edge Configuration Server selects a security method to be used over the EDGE-1 reference point for each requested Edge
  • Enabler Server taking into account the information from the Edge Enabler Client in operation 2, access scenarios and Edge Enabler Server capabilities.
  • the Edge Configuration Server sends a Security Method Response message to the Edge Enabler Client, indicating the selected security method for each Edge Enabler Server, any security information related to the security method.
  • the Edge Enabler Client uses this method in the subsequent communication establishment with the Edge Enabler Server over the EDGE-1 reference point
  • the Edge Configuration Sewer After successful authenti cation between the Edge Enabler Client and the Edge Configuration Sewer, the Edge Configuration Sewer decides whether the Edge Enabler Client is authorized to perform discovery based on Edge Enabler Client ID and discovery’ policy.
  • the Edge Configuration Server When topology hiding is enabled, the Edge Configuration Server responds to service application programming interface (API) discovery requests with Edge Enabler Server information and acts as a topology hiding entity.
  • API application programming interface
  • TLS is used to provide integrity protection, replay protection, and confidentiality protection.
  • the support of TLS is mandatory or optional to use based on the domain administrator's policy to protect interfaces within the trusted domain.
  • Edge Enabler Client one of the methods specified below 7 is used by the Edge Enabler Client and the Edge Enabler Server for EDGE-1 interface authentication and protection.
  • Authentication and authorization one of the methods specified below 7 is used by the Edge Enabler Client and the Edge Enabler Server for EDGE-1 interface authentication and protection.
  • the Edge Enabler Client and the Edge Enabler Server follow 7 the procedure of method 1 to establish a dedicated secure session using TLS connection based on Pre-Shared Key (PSK).
  • PSK Pre-Shared Key
  • EDGE-4 authentication is used to bootstrap a Pre-Shared key for authenticating a TLS connection for EDGE-1. It is assumed that both the Edge Enabler Client and the Edge Configuration Server are pre-provisioned with certificates.
  • the TLS profile as specified in Annex E of TS 33.310, is used.
  • FIG. 6 illustrates an EDGE-1 interface authentication and protection using TLS-PSK in accordance with some embodiments
  • FIG. 5 details the message flow 7 between the Edge Enabler Client, the Edge Configuration Server, and the Edge Enabler Server, to establish a secure EDGE- 1 interface using a pre-shared key for authentication.
  • the EDGE-4 authentication and the secure session is established as specified above.
  • the Edge Configuration Server provides the validity timer value for the key EESPSK.
  • the Edge Enabler Client and the Edge Configuration Server derives the key EESPSK.
  • the Key EESPSK is bound to an Edge Enabler Server.
  • the Edge Enabler Client and the Edge Configuration Server starts the validity timer for the kev EESPSK.
  • the Edge Enabler Client sends an Authentication
  • the Edge Enabler Server requests security information from the Edge Configuration Server to perform authentication and secure interface establishment with the Edge Enabler Client if the Edge Enabler Server does not have a valid key.
  • the Edge Configuration Server provides the security information related to the chosen security method (TLS-PSK: EESPSK) to the Edge Enabler Server over the EDGE-6 reference point.
  • EESPSK chosen security method
  • the Edge Enabler Server After fetching the relevant security 7 information (EESPSK) for the authentication, the Edge Enabler Server sends an Authentication Initiation Response message to Edge Enabler Client to initiate the TLS session establishment.
  • the Edge Enabler Server starts the validity timer based on the value received from the Edge Configuration Server in operation 4.
  • the Edge Enabler Client and the Edge Enabler Server perform mutual authentication using the key EESPSK and establish TLS session over the EDGE- 1 .
  • the Edge Enabler Server After the successful establishment of TLS on the EDGE- 1 reference point, the Edge Enabler Server authorizes the Edge Enabler Client’s service API invocation request based on authorization information obtained from Edge Configuration Server.
  • FIG. 7 illustrates EDGE-1 interface authentication and protection using certificate-based mutual authentication in accordance with some embodiments.
  • FIG. 7 details the message flow between the Edge Enabler Client, the Edge Configuration Server, and the Edge Enabler Server related to this security method.
  • the Edge Enabler Client sends an Authentication Initiation Request to the Edge Enabler Server.
  • the request includes Edge Enabler Client ID.
  • the Edge Enabler Server requests security information from the Edge Configuration Server to perform authentication and secure interface establishment with the Edge Enabler Client.
  • the Edge Configuration Server provides the security information related to the chosen security method (TLS-PKI) to the Edge Enabler Server over the EDGE-6 reference point.
  • TLS-PKI chosen security method
  • the Edge Configuration Server may return Edge Enabler Client's root CA certificate for the Edge Enabler Server to validate the Edge Enabler Client's certificate,
  • Edge Enabler Server After fetching the relevant security 7 information for the authentication, Edge Enabler Server sends an Authentication Initiation Response message to the Edge Enabler Client to initiate the TLS session establishment procedure.
  • the Edge Enabler Client and the Edge Enabler Server perform mutual authentication using certificates and establish a TLS session over the EDGE-1 . Certificate-based authentication follow the profiles given in 3GPP TS 33.310, clauses 6.1.3a, and 6.1.4a.
  • the Edge Enabler Server After the successful establishment of TLS on the EDGE-1 reference point, the Edge Enabler Server authorize the Edge Enabler Client's service API invocation request, based on authorization information obtained from Edge Configuration Server.
  • FIG. 8 illustrates EDGE-1 interface authentication and protection using Access Tokens in accordance with some embodiments.
  • FIG. 8 details security information flows between the Edge Enabler Client, the Edge Configuration Server, and the Edge Enabler Server; It is assumed that the Edge Enabler Client, the Edge Configuration Server, and the Edge Enabler Server are pre-provisioned with the appropriate credentials and related information to establish a secure session.
  • the Edge Configuration Server performs the functionalities of the Authorization and token protocol endpoints; the Edge Enabler Client performs the functions of the resource owner, client, and redirection endpoints functionalities, while the Edge Enabler Server performs the resource server functions.
  • the Edge Enabler Client (Client endpoint) is registered as a confidential client type with an authorization grant type of ‘client credentials.
  • the Edge Enabler Client sends an Access Token Request message to the Edge Configuration Server as per the OAuth 2.0 specification.
  • the Edge Configuration Server verifies the Access Token Request message per OAuth 2.0 specification.
  • the Edge Enabler Client begins the procedure at operation 5.
  • the Edge Enabler Client may include the Edge Configuration Server assigned Edge Enabler Client ID and the Onboard Secret token in the OAuth access token request message for the Edge Configuration Server to validate the access token request.
  • the Edge Enabler Client authenticates to the Edge Enabler Server by establishing a TLS session with the Edge Enabler Server based on the authentication and authorization method (i.e., Server (Edge Enabler Server) side certificate authentication or certificate-based mutual authentication) as indicated by Edge Configuration Server.
  • the authentication and authorization method i.e., Server (Edge Enabler Server) side certificate authentication or certificate-based mutual authentication
  • the request includes Edge Enabler Client
  • the Edge Enabler Server request security information from the Edge Configuration Server to perform authentication and secure interface establishment with the Edge Enabler Client.
  • the Edge Configuration Server provides the security information related to the chosen security method (TLS with OAuth token) to the Edge Enabler Server over the EDGE-6 reference point.
  • the Edge Configuration Server may return Edge Enabler Client's root CA certificate for the Edge Enabler Server to validate the Edge Enabler Client's certificate.
  • the Edge Enabler Server After fetching the relevant security information for the authentication, the Edge Enabler Server sends an Authentication Initiation Response message to the Edge Enabler Client to initiate the TLS session establishment procedure. [00158] At operation 6, with successful authentication to the Edge Enabler
  • the Edge Enabler Client initiates other procedures like registration, discovery, deregistration with the Edge Enabler Server.
  • the access token is sent along with these methods.
  • the Edge Enabler Server validates the access token.
  • the Edge Enabler Server verifies the integrity of the access token by verifying the Edge Configuration Server signature. If validation of the access token is successful, the Edge Enabler Server verifies the Edge Enabler Client's Service request against the authorization claims in the access token, ensuring that, the Edge Enabler Client has access permission for the requested service.
  • the Edge Enabler Server sends a response to request at operation 6 from the Edge Enabler Client.
  • FIG. 9 illustrates a security procedure for Edge Application Server onboarding in accordance with some embodiments.
  • An OAuth 2.0 tokenbased authentication credential is shown in FIG. 9.
  • the Edge Application Server obtains onboarding enrollment information from the Edge Computing Service Provider domain.
  • the onboarding enrollment information is used to authenticate and establish a secure TLS communication with the Edge Enabler Server during the onboarding process.
  • the enrollment information includes details of the Edge Enabler Server (Address, and Root CA certificate) and includes an onboarding credential (the OAuth 2.0 access token).
  • the Edge Application Server and Edge Enabler Server establishes a secure session based on the TLS (Server-side certificate authentication).
  • the Edge Application Server uses the enrollment information obtained in operation 1 to establish the TLS session with the Edge Enabler Server.
  • the Edge Application Server sends an Onboard Edge Application Server request message to the Edge Enabler Server along with the enrollment credential (OAuth 2.0 access token).
  • the Edge Application Server generates the key pair ⁇ Private Key, Public key ⁇ and provides the public key along with the Onboard Edge Application Server request.
  • the Edge Enabler Server validates the enrollment credential (OAuth 2.0 access token). If validation of the credential (the OAuth 2.0 access token in FIG. 9) is successful, the Edge Enabler Server generates an Edge Application Server’s profile as specified in TS 23.558 which may contain the selected method for Edge Application Server authentication and authorization between the Edge Application Server and the Edge Enabler Server.
  • the Edge Enabler Server may generate Edge Application Server’s certificate on its own, for the assigned Edge Application Server identity and public key. This certificate is used by the Edge Application Server for subsequent authentication procedures with the Edge Enabler Server and may be used for establishing a secure connection and authentication with the Edge Application Server.
  • the Edge Enabler Server may optionally generate an Onboarding Secret token.
  • the Onboarding_Secret_token value remains the same during the lifetime of the onboarding, and is bound to the Edge Enabler Server-specific Edge Application Server ID.
  • the Edge Enabler Server trusts the issuer of the Edge Application Server's client certificate, then the Edge Enabler Server includes the provided certificate in the Edge Application Server's profile in operation 4. It is up to the Edge Computing Service Provider domain policy to accept the client certificates issued by third party.
  • the Edge Enabler Server responds with an Onboard Edge Application Server response message.
  • the response includes the Edge Enabler Sewer assigned Edge Application Sewer ID, Edge Enabler Sewer Authentication and authorization information (if generated in operation 4), Edge Application Sewer's certificate and the Edge Application Sewer Onboarding Secret token (if generated by the Edge Enabler Sewer).
  • the Onboarding_Secret_token can be bound to the event received from the Application Client on the UE.
  • the events can be, for example, UE configuration or a user’s approval to access a specific API.
  • the Edge Application Server can request access to the UE’s location by sending a request to the Edge Enabler server, which in turn can contact to 3 GPP core network through the EDGE-2 interface.
  • the Edge Enabler Server checks the Onboarding_Secret_token, which can be bound to user’s permission on the UE to such access by the Edge Application Sewer (to its own location in the above example). After a yes/no indication related to permission (whether bound to Onboarding_secret_token or used to generate the token in a token generation function), the Edge Enabler Server can verify the token received from the Edge Application Sewer for the confirmation by the user for such access and then can proceed to access the location as per the procedures in TS 23.558.
  • a Token Binding Algorithm computes a token signature using a byte string representing the concatenation of: a TokenBindingType value contained in the TokenBinding. tokenbinding type field, which is “User configuration parameter” and “Type of Sewice requested, e.g Location Service,” a TokenBindingKeyParameters value contained in the
  • TokenBindingID.key_parameters field which is “value of the user configuration parameter, e.g., yes/no,” and an Exported Keying Material (EKM) value obtained from the current TLS connection.
  • EKM Exported Keying Material
  • the TokenBindingKeyParameters value may be checked initially and the TokenBinding.tokenbinding type value may be checked if the TokenBindingKeyParameters value indicates a yes for the service.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Sont décrits, un appareil et un système destinés à permettre des procédures de sécurité pour des dispositifs en périphérie. L'authentification et l'autorisation sont effectuées pour l'intégration d'un serveur de configuration en périphérie d'un serveur de développement en périphérie et d'un serveur d'application en périphérie. Des procédures de sécurité sont également décrites pour des points de référence PÉRIPHÉRIE-1 et PÉRIPHÉRIE-4 à l'aide d'un procédé de sécurité sélectionné par un client de développement en périphérie et négocié avec le serveur de configuration en périphérie. Le procédé de sécurité est basé sur une TLS-PSK, une authentification mutuelle basée sur un certificat ou basé sur un jeton d'accès.
PCT/US2021/043627 2020-08-04 2021-07-29 Procédures de sécurité en périphérie pour l'intégration d'un serveur de développement en périphérie WO2022031505A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202180048169.2A CN115777193A (zh) 2020-08-04 2021-07-29 用于边缘使能器服务器装载的边缘安全程序

Applications Claiming Priority (8)

Application Number Priority Date Filing Date Title
US202063061095P 2020-08-04 2020-08-04
US202063061071P 2020-08-04 2020-08-04
US202063061068P 2020-08-04 2020-08-04
US202063061096P 2020-08-04 2020-08-04
US63/061,068 2020-08-04
US63/061,071 2020-08-04
US63/061,095 2020-08-04
US63/061,096 2020-08-04

Publications (1)

Publication Number Publication Date
WO2022031505A1 true WO2022031505A1 (fr) 2022-02-10

Family

ID=80117660

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2021/043627 WO2022031505A1 (fr) 2020-08-04 2021-07-29 Procédures de sécurité en périphérie pour l'intégration d'un serveur de développement en périphérie

Country Status (2)

Country Link
CN (1) CN115777193A (fr)
WO (1) WO2022031505A1 (fr)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2023240657A1 (fr) * 2022-06-17 2023-12-21 北京小米移动软件有限公司 Procédé et appareil d'authentification et d'autorisation, dispositif de communication et support de stockage
WO2024065706A1 (fr) * 2022-09-30 2024-04-04 北京小米移动软件有限公司 Procédé et appareil de construction de connexion
WO2024065503A1 (fr) * 2022-09-29 2024-04-04 Apple Inc. Négociation de procédures d'authentification dans un calcul périphérique

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20200186568A1 (en) * 2018-12-05 2020-06-11 Akamai Technologies, Inc. High performance distributed system of record with secure interoperability to external systems

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20200186568A1 (en) * 2018-12-05 2020-06-11 Akamai Technologies, Inc. High performance distributed system of record with secure interoperability to external systems

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
"3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; Study on authentication and key management for applications based on 3GPP credential in 5G (Release 16)", 3GPP STANDARD; TECHNICAL REPORT; 3GPP TR 33.835, 3RD GENERATION PARTNERSHIP PROJECT (3GPP), MOBILE COMPETENCE CENTRE ; 650, ROUTE DES LUCIOLES ; F-06921 SOPHIA-ANTIPOLIS CEDEX ; FRANCE, no. V16.1.0, 10 July 2020 (2020-07-10), Mobile Competence Centre ; 650, route des Lucioles ; F-06921 Sophia-Antipolis Cedex ; France , pages 1 - 83, XP051924938 *
"3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; Study on enhancement of support for Edge Computing in 5G Core network (5GC) (Release 17)", 3GPP STANDARD; TECHNICAL REPORT; 3GPP TR 23.748, 3RD GENERATION PARTNERSHIP PROJECT (3GPP), MOBILE COMPETENCE CENTRE ; 650, ROUTE DES LUCIOLES ; F-06921 SOPHIA-ANTIPOLIS CEDEX ; FRANCE, no. V0.4.0, 3 August 2020 (2020-08-03), Mobile Competence Centre ; 650, route des Lucioles ; F-06921 Sophia-Antipolis Cedex ; France , pages 1 - 189, XP051925857 *
A. POPOV, ED. M. NYSTROEM MICROSOFT CORP. D. BALFANZ A. LANGLEY GOOGLE INC. J. HODGES PAYPAL: "The Token Binding Protocol Version 1.0; draft-ietf-tokbind-protocol-19.txt", THE TOKEN BINDING PROTOCOL VERSION 1.0; DRAFT-IETF-TOKBIND-PROTOCOL-19.TXT; INTERNET-DRAFT: INTERNET ENGINEERING TASK FORCE, INTERNET ENGINEERING TASK FORCE, IETF; STANDARDWORKINGDRAFT, INTERNET SOCIETY (ISOC) 4, RUE DES FALAISES CH- 1205 GENEVA, SWI, no. 19, 24 May 2018 (2018-05-24), Internet Society (ISOC) 4, rue des Falaises CH- 1205 Geneva, Switzerland , pages 1 - 18, XP015126539 *
ANONYMOUS: "3 Generation Partnership Project; Technical Specification Group Services and System Aspects; Study on application architecture for enabling Edge Applications; (Release 17)", 3GPP STANDARD; TECHNICAL REPORT; 3GPP TR 23.758, 3RD GENERATION PARTNERSHIP PROJECT (3GPP), MOBILE COMPETENCE CENTRE ; 650, ROUTE DES LUCIOLES ; F-06921 SOPHIA-ANTIPOLIS CEDEX ; FRANCE, vol. SA WG6, no. V17.0.0, 19 December 2019 (2019-12-19), Mobile Competence Centre ; 650, route des Lucioles ; F-06921 Sophia-Antipolis Cedex ; France , pages 1 - 113, XP051840754 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2023240657A1 (fr) * 2022-06-17 2023-12-21 北京小米移动软件有限公司 Procédé et appareil d'authentification et d'autorisation, dispositif de communication et support de stockage
WO2024065503A1 (fr) * 2022-09-29 2024-04-04 Apple Inc. Négociation de procédures d'authentification dans un calcul périphérique
WO2024065706A1 (fr) * 2022-09-30 2024-04-04 北京小米移动软件有限公司 Procédé et appareil de construction de connexion

Also Published As

Publication number Publication date
CN115777193A (zh) 2023-03-10

Similar Documents

Publication Publication Date Title
US20210368341A1 (en) Secure access for 5g iot devices and services
CN110476448B (zh) 用于大规模物联网设备的基于组的上下文和安全性
US10708783B2 (en) Method for performing multiple authentications within service registration procedure
WO2022031505A1 (fr) Procédures de sécurité en périphérie pour l'intégration d'un serveur de développement en périphérie
US20220330022A1 (en) Ue onboarding and provisioning using one way authentication
WO2022159725A1 (fr) Gestion d'identités fédérée dans un système de cinquième génération (5g)
US11496894B2 (en) Method and apparatus for extensible authentication protocol
CN114339688A (zh) 用于ue与边缘数据网络的认证的装置和方法
KR20230164031A (ko) 검색 공간 세트 그룹들(sssg들)의 물리적 다운링크 제어 채널(pdcch) 모니터링 구성들 간의 스위칭
US20210368556A1 (en) Snpn behavior for ue onboarding and provisioning
EP3632072A1 (fr) Authentification d'utilisateurs dans un réseau d'accès sans fil
US20230254829A1 (en) Uplink (ul) transmissions in full duplex (fd) systems
US20230035866A1 (en) Intra-ue prioritization or multiplexing for handling overlap of uplink channels
US20240172272A1 (en) Msg3 physical uplink shared channel (pusch) repetition requests
US20240155503A1 (en) Spatial relationship and power control configuration for uplink transmissions
WO2023154881A1 (fr) Affectation de ressources de liaison latérale new radio (nr) avec procédure de filtrage de retour pour coordination entre équipements utilisateur (ue)
WO2023044025A1 (fr) Utilisation d'un canal d'accès aléatoire physique (prach) pour identifier de multiples caractéristiques et combinaisons de caractéristiques
WO2022031555A1 (fr) Services de délestage de calcul dans des systèmes 6g
CN113676903B (zh) 切片认证授权管理方法、装置和系统
US20240121745A1 (en) Data plane for ng cellular networks
US20240147438A1 (en) Time domain resource allocation for data transmissions
WO2023150721A1 (fr) Architecture de sécurité basée sur la sécurité de couche de transport mutuelle (mtls) de sixième génération (6g) entre un équipement d'utilisateur (ue) et un réseau 6g
WO2024097004A1 (fr) Mise à jour de règles ursp par l'intermédiaire d'une procédure pcf cp
WO2023196811A1 (fr) Transmission en liaison descendante (dl) ou en liaison montante (ul) en fonctionnement duplex
WO2023154691A1 (fr) Communication de microservice et déchargement informatique par l'intermédiaire d'un maillage de service

Legal Events

Date Code Title Description
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21852638

Country of ref document: EP

Kind code of ref document: A1