WO2022075498A1

WO2022075498A1 - Method by which terminal displays authenticity of network on basis of selection input of user in wireless communication system, and apparatus therefor

Info

Publication number: WO2022075498A1
Application number: PCT/KR2020/013605
Authority: WO
Inventors: 김준웅
Original assignee: 엘지전자 주식회사
Priority date: 2020-10-07
Filing date: 2020-10-07
Publication date: 2022-04-14

Abstract

According to one aspect of the present specification, a restricted local operator services (RLOS) connection procedure is performed on a network, an authentication request including information about a connection state between a UE and the network is transmitted to a server in which information related to the UE's user account is stored, an authentication response including authentication information regarding the network is received from the server, the authentication information being generated by the server on the basis of the information about the connection state, an RLOS security question is displayed through a display, an answer to the RLOS security question is obtained from a user through the display, and the authenticity of the network is determined on the basis of the answer and the authentication information.

Description

Method and apparatus for displaying network authenticity by a terminal based on a user's selection input in a wireless communication system

The present specification provides a method and an apparatus therefor in which a terminal receives a user's selection input in a wireless communication system and determines whether a network is authentic or not based on the received user's selection input.

Wireless communication systems are being widely deployed to provide various types of communication services such as voice and data. In general, a wireless communication system is a multiple access system that can support communication with multiple users by sharing available system resources (bandwidth, transmission power, etc.). Examples of the multiple access system include a code division multiple access (CDMA) system, a frequency division multiple access (FDMA) system, a time division multiple access (TDMA) system, an orthogonal frequency division multiple access (OFDMA) system, and a single carrier frequency (SC-FDMA) system. There is a division multiple access) system, a multi carrier frequency division multiple access (MC-FDMA) system, and the like.

Various devices and technologies, such as smartphones and tablet PCs, which require machine-to-machine (M2M) communication and high data transfer rates, are emerging and disseminated. Accordingly, the amount of data required to be processed in a cellular network is increasing very rapidly. In order to satisfy such rapidly increasing data processing requirements, carrier aggregation technology, cognitive radio technology, etc., to efficiently use more frequency bands, increase the data capacity transmitted within a limited frequency. For multi-antenna technology, multi-base station cooperation technology, etc. are developing.

On the other hand, a mobile communication service provider may provide a predetermined voice or data service limitedly without a normal procedure for authenticating a subscriber or UE (3GPP UE authentication procedure) for the convenience of customers in special situations or according to local regulations. RLOS (Restricted Local Operator Services) is defined to provide this as a standard through the 3GPP system.

If the 3GPP network permits and processes the network registration or service request procedure without performing the normal authentication procedure for UE subscription, the 3GPP network requires limited services (eg, USIM or the terminal in which the USIM is stored. If there is, it can limit the unreasonable abuse of network resources by providing only a service that connects only to the operator's customer center (restrictions on connection time or data speed or amount, restrictions on the range or service that can be connected, etc.). However, in this case, from the perspective of the UE or the user of the UE, the user's personal information or sensitive information may be transmitted through voice or data connection without the UE going through the network authentication procedure performed in the normal 3GPP UE authentication procedure. there is a risk

In other words, since the 3GPP system authentication procedure that the UE can safely check whether the 3GPP communication network to which the UE is connected is a subscribed home network or another network that has a roaming agreement with the home network is omitted in the RLOS, a malicious fake base station or network Measures must be taken to prevent it from being misused. Among the limited services, certain services protect data communication through TLS and the UE verifies the server certificate of the server to prevent leakage of user data to the 3GPP Access Network or Core network in the middle. In the case of a server or voice call, a separate protection method is required.

The purpose of the present specification is to propose a method for securing security before sending data to the Serving Network that has been accessed/registered from the RLOS from the terminal point of view.

In addition, an object of the present specification is to propose a method for determining the authenticity of a 3GPP Network (Serving Network) that provides a RLOS service.

The technical problems to be achieved by this specification are not limited to the technical problems mentioned above, and other technical problems not mentioned are clear to those of ordinary skill in the art to which this specification belongs from the detailed description of the invention below. can be understood clearly.

In a method for a UE (User Equipment) to determine the authenticity of a network based on a user input in a wireless communication system according to an embodiment of the present specification, a Restricted Local Operator Services (RLOS) connection procedure to the network performing a; transmitting an authentication request including connection state information between the UE and the network to a server in which information related to a user account of the UE is stored; receiving an authentication response including authentication information for the network generated by the server based on the connection state information from the server; presenting the RLOS security question through a display; obtaining an answer to the RLOS security question from a user via the display; and determining whether the network is authentic or not based on the answer and the authentication information.

In addition, the authentication information may be generated based on a result of comparing the first location information of the UE obtained from the network and the second location information of the UE included in the connection state information.

In addition, the connection state information includes at least one of an ID of the network, an ID of the UE, the user account ID, location information of the UE, time information at which the connection procedure is performed, and first random number information. can be done with

In addition, the authentication request may be encrypted by the UE with a public key obtained in advance from the server, and the authentication response may be decrypted by the server with a private key corresponding to the public key.

In addition, the authentication request includes a preset question, and the step of determining whether the authenticity is authenticity may include determining the authenticity of the network based on whether an answer included in the authentication response matches the preset question can be characterized as

In addition, it may be characterized in that the authenticity of the network is determined based on a result of comparing the answer with the previously stored authentication answer.

The method may further include displaying the authentication answer on the display.

The method may further include displaying a screen indicating a RLOS security server connection process through the display.

The method may further include displaying an answer to the RLOS security question through the display.

According to the embodiment of the present specification, there is an advantage of being able to determine a malicious fake serving base station or network.

In addition, according to the embodiment of the present specification, it is possible to determine a fake base station connected to the UE in an unauthorized area other than the registration area by additionally using the location information and/or identification information (ID) of the UE (terminal).

The effects obtainable in the present specification are not limited to the effects mentioned above, and other effects not mentioned will be clearly understood by those of ordinary skill in the art to which this specification belongs from the description below. .

1 shows an AI device according to an embodiment of the present specification.

2 shows an AI server according to an embodiment of the present specification.

3 shows an AI system according to an embodiment of the present specification.

4 is a diagram illustrating a schematic structure of an Evolved Packet System (EPS) including an Evolved Packet Core (EPC).

5 is an exemplary diagram of a network structure of an evolved universal terrestrial radio access network (E-UTRAN) to which this specification can be applied.

6 is a diagram illustrating an architecture of a general NR-RAN.

7 shows an example of a general architecture of 5G.

8 shows a registration procedure for a roaming user without a roaming contract with a RLOS IMS home network applied herein.

9 shows an example of failure of the RLOS IMS registration procedure applied to the present specification.

10 shows a wireless communication device according to an embodiment of the present invention.

11 illustrates a block diagram of a network node according to an embodiment of the present invention.

12 illustrates a block diagram of a communication device according to an embodiment of the present invention.

13 is an exemplary diagram showing the structure of a radio interface protocol (Radio Interface Protocol) in the control plane between the UE and the eNodeB.

14 illustrates a 3GPP network confirmation procedure for a RLOS service of a UE according to an embodiment of the present specification.

15 illustrates a case in which a procedure for confirming a 3GPP network through the first uplink data is performed before RLOS connection establishment is completed.

FIG. 16 shows an example of a case in which the procedure of FIG. 15 is performed through an IMS service.

17 illustrates a procedure for confirming the 3GPP Network and Security Server for the RLOS service of the UE according to the present specification.

18 illustrates a procedure for confirming a 3GPP network for a RLOS service without a public key structure according to the present specification.

19 shows a 3GPP network verification procedure screen through a RLOS secure server connection according to the present specification.

21 shows a screen in which the user directly confirms such an answer.

22 shows a case in which a match is checked through a user input of an answer with respect to a case in which an answer comes as a code.

23 shows a screen in which the user confirms the result of the password matching.

24 is a flowchart illustrating a method for a UE to indicate whether a network is authentic or not based on a user's selection input according to an embodiment of the present specification.

The terms used in the present specification have been selected while considering the functions in the present specification and are currently widely used general terms, which may vary depending on the intention or precedent of a person skilled in the art, the emergence of new technology, and the like. In addition, in a specific case, there is a term arbitrarily selected by the applicant, and in this case, the meaning will be described in detail in the description of the corresponding invention. Therefore, the terms used in this specification should be defined based on the meaning of the terms and the contents of the entire specification, rather than the simple names of terms.

The following embodiments combine elements and features of the present specification in a predetermined form. Each component or feature may be considered optional unless explicitly stated otherwise. Each component or feature may be implemented in a form that is not combined with other components or features. In addition, some elements and/or features may be combined to constitute an embodiment of the present specification. The order of operations described in the embodiments of the present specification may be changed. Some configurations or features of one embodiment may be included in other embodiments, or may be replaced with corresponding configurations or features of other embodiments.

In the description of the drawings, procedures or steps that may obscure the gist of the present specification are not described, and procedures or steps that can be understood at the level of a person skilled in the art are also not described.

Throughout the specification, when a part is said to "comprising or including" a certain component, it does not exclude other components unless otherwise stated, meaning that other components may be further included. do. In addition, terms such as "...unit", "...group", and "module" described in the specification mean a unit that processes at least one function or operation, which is hardware or software or a combination of hardware and software. can be implemented as Also, "a or an", "one", "the", and like related terms are used differently herein in the context of describing this specification (especially in the context of the claims that follow). Unless indicated or clearly contradicted by context, it may be used in a sense including both the singular and the plural.

Embodiments of the present specification may be supported by standard documents disclosed in at least one of the IEEE 802.xx system, the 3GPP system, the 3GPP LTE system, and the 3GPP2 system, which are wireless access systems. That is, obvious steps or parts not described in the embodiments of the present specification may be described with reference to the above documents.

In addition, all terms disclosed in this document may be described by the standard document. For example, in the present specification, 3GPP TS 36.211, 3GPP TS 36.213, 3GPP TS 36.321, 3GPP TS 36.322, 3GPP TS 36.323, 3GPP TS 36.331, 3GPP TS 23.203, 3GPP TS 23.401, 3GPP TS 24.228, 3GPP TS 23.228, 3GPP TS 23.228 , 3GPP TS 23.218, 3GPP TS 22.011, 3GPP TS 36.413 may be incorporated by one or more of the standard documents.

Hereinafter, preferred embodiments according to the present specification will be described in detail with reference to the accompanying drawings. DETAILED DESCRIPTION The detailed description set forth below in conjunction with the appended drawings is intended to describe exemplary embodiments of the present specification, and is not intended to represent the only embodiments in which the present specification may be practiced.

In addition, specific terms used in the embodiments of the present specification are provided to help the understanding of the present specification, and the use of these specific terms may be changed to other forms without departing from the technical spirit of the present specification.

In this specification, the base station has a meaning as a terminal node of a network that directly communicates with the terminal. A specific operation described as being performed by the base station in this document may be performed by an upper node of the base station in some cases. That is, it is obvious that various operations performed for communication with the terminal in a network including a plurality of network nodes including the base station may be performed by the base station or other network nodes other than the base station. 'Base station (BS: Base Station)' is a term such as a fixed station (fixed station), Node B, eNB (evolved-NodeB), BTS (base transceiver system), access point (AP: Access Point), gNB (general NB), etc. can be replaced by In addition, 'terminal' may be fixed or have mobility, and UE (User Equipment), MS (Mobile Station), UT (user terminal), MSS (Mobile Subscriber Station), SS (Subscriber Station), AMS ( Advanced Mobile Station), a wireless terminal (WT), a machine-type communication (MTC) device, a machine-to-machine (M2M) device, a device-to-device (D2D) device, and the like.

Hereinafter, downlink (DL: downlink) means communication from a base station to a terminal, and uplink (UL: uplink) means communication from a terminal to a base station. In the downlink, the transmitter may be a part of the base station, and the receiver may be a part of the terminal. In the uplink, the transmitter may be a part of the terminal, and the receiver may be a part of the base station.

For clarity of explanation, 3GPP LTE/LTE-A/NR (New Radio) is mainly described, but the technical features of the present specification are not limited thereto.

The three main requirements areas for 5G are (1) Enhanced Mobile Broadband (eMBB) area, (2) Massive Machine Type Communication (mMTC) area and (3) Ultra-reliable and It includes an Ultra-reliable and Low Latency Communications (URLLC) area.

Some use cases may require multiple areas for optimization, while other use cases may focus on only one key performance indicator (KPI). 5G is to support these various use cases in a flexible and reliable way.

eMBB goes far beyond basic mobile Internet access, covering rich interactive work, media and entertainment applications in the cloud or augmented reality. Data is one of the key drivers of 5G, and for the first time in the 5G era, we may not see dedicated voice services. In 5G, voice is simply expected to be processed as an application using the data connection provided by the communication system. The main causes for increased traffic volume are an increase in content size and an increase in the number of applications requiring high data rates. Streaming services (audio and video), interactive video and mobile Internet connections will become more widely used as more devices connect to the Internet. Many of these applications require always-on connectivity to push real-time information and notifications to users. Cloud storage and applications are rapidly increasing in mobile communication platforms, which can be applied to both work and entertainment. And, cloud storage is a special use case that drives the growth of uplink data rates. 5G is also used for remote work in the cloud, requiring much lower end-to-end latency to maintain a good user experience when tactile interfaces are used. Entertainment For example, cloud gaming and video streaming are other key factors that increase the demand for mobile broadband capabilities. Entertainment is essential on smartphones and tablets anywhere, including in high-mobility environments such as trains, cars and airplanes. Another use example is augmented reality for entertainment and information retrieval. Here, augmented reality requires very low latency and instantaneous amount of data.

Also, one of the most anticipated 5G use cases relates to the ability to seamlessly connect embedded sensors in all fields, namely mMTC. By 2020, the number of potential IoT devices is projected to reach 20.4 billion. Industrial IoT is one of the areas where 5G will play a major role in enabling smart cities, asset tracking, smart utilities, agriculture and security infrastructure.

URLLC includes new services that will transform industries through ultra-reliable/low-latency links that allow for remote control of critical infrastructure and self-driving vehicles, such as self-driving vehicles. This level of reliability and latency is essential for smart grid control, industrial automation, robotics, and drone control and coordination.

Next, a number of usage examples will be described in more detail.

5G could complement fiber-to-the-home (FTTH) and cable-based broadband (or DOCSIS) as a means of delivering streams rated from hundreds of megabits per second to gigabits per second. This high speed is required to deliver TVs in resolutions of 4K and higher (6K, 8K and higher), as well as virtual and augmented reality. Virtual Reality (VR) and Augmented Reality (AR) applications almost include immersive sporting events. Certain applications may require special network settings. For VR games, for example, game companies may need to integrate core servers with network operators' edge network servers to minimize latency.

Automotive is expected to be an important new driving force for 5G with many use cases for mobile communication to vehicles. For example, entertainment for passengers requires simultaneous high capacity and high mobility mobile broadband. The reason is that future users continue to expect high-quality connections regardless of their location and speed. Another use case in the automotive sector is augmented reality dashboards. It identifies objects in the dark and overlays information that tells the driver about the distance and movement of the object over what the driver is seeing through the front window. In the future, wireless modules will allow for communication between vehicles, the exchange of information between the vehicle and the supporting infrastructure, and the exchange of information between the automobile and other connected devices (eg, devices carried by pedestrians). Safety systems can help drivers lower the risk of accidents by guiding alternative courses of action to help them drive safer. The next step will be remote-controlled or self-driven vehicles. This requires very reliable and very fast communication between different self-driving vehicles and between vehicles and infrastructure. In the future, self-driving vehicles will perform all driving activities, allowing drivers to focus only on traffic anomalies that the vehicle itself cannot discern. The technological requirements of self-driving vehicles demand ultra-low latency and ultra-fast reliability to increase traffic safety to unattainable levels for humans.

Smart cities and smart homes, referred to as smart societies, will be embedded with high-density wireless sensor networks. A distributed network of intelligent sensors will identify conditions for cost and energy-efficient maintenance of a city or house. A similar setup can be performed for each household. Temperature sensors, window and heating controllers, burglar alarms and appliances are all connected wirelessly. Many of these sensors are typically low data rates, low power and low cost. However, for example, real-time HD video may be required in certain types of devices for surveillance.

The consumption and distribution of energy, including heat or gas, is highly decentralized, requiring automated control of distributed sensor networks. Smart grids use digital information and communication technologies to interconnect these sensors to gather information and act on it. This information can include supplier and consumer behavior, enabling smart grids to improve efficiency, reliability, economics, sustainability of production and distribution of fuels such as electricity in an automated manner. The smart grid can also be viewed as another low-latency sensor network.

The health sector has many applications that can benefit from mobile communications. The communication system may support telemedicine providing clinical care from a remote location. This can help reduce barriers to distance and improve access to consistently unavailable health care services in remote rural areas. It is also used to save lives in critical care and emergency situations. A wireless sensor network based on mobile communication may provide remote monitoring and sensors for parameters such as heart rate and blood pressure.

Wireless and mobile communications are becoming increasingly important in industrial applications. Wiring is expensive to install and maintain. Thus, the tolerance for replacement of cables with reconfigurable wireless links is an attractive opportunity for many industries. Achieving this, however, requires that the wireless connection operate with cable-like delay, reliability and capacity, and that its management be simplified. Low latency and very low error probability are new requirements that need to be connected with 5G.

Logistics and freight tracking are important use cases for mobile communications that use location-based information systems to allow tracking of inventory and packages from anywhere. Logistics and freight tracking use cases typically require low data rates but require wide range and reliable location information.

The present specification, which will be described later in this specification, may be implemented by combining or changing each embodiment to satisfy the above-described 5G requirements.

Hereinafter, it will be described in detail in relation to a technical field to which the present specification, which will be described later, can be applied.

Artificial Intelligence (AI)

Artificial intelligence refers to a field that studies artificial intelligence or methodologies that can create it, and machine learning refers to a field that defines various problems dealt with in the field of artificial intelligence and studies methodologies to solve them. do. Machine learning is also defined as an algorithm that improves the performance of a certain task through constant experience.

An artificial neural network (ANN) is a model used in machine learning, and may refer to an overall model having problem-solving ability, which is composed of artificial neurons (nodes) that form a network by combining synapses. An artificial neural network may be defined by a connection pattern between neurons of different layers, a learning process that updates model parameters, and an activation function that generates an output value.

The artificial neural network may include an input layer, an output layer, and optionally one or more hidden layers. Each layer includes one or more neurons, and the artificial neural network may include neurons and synapses connecting neurons. In the artificial neural network, each neuron may output a function value of an activation function for input signals, weights, and biases input through synapses.

Model parameters refer to parameters determined through learning, and include the weight of synaptic connections and the bias of neurons. In addition, the hyperparameter refers to a parameter that must be set before learning in a machine learning algorithm, and includes a learning rate, the number of iterations, a mini-batch size, an initialization function, and the like.

The purpose of learning the artificial neural network can be seen as determining the model parameters that minimize the loss function. The loss function may be used as an index for determining optimal model parameters in the learning process of the artificial neural network.

Machine learning can be classified into supervised learning, unsupervised learning, and reinforcement learning according to a learning method.

Supervised learning refers to a method of training an artificial neural network in a state where a label for the training data is given, and the label is the correct answer (or result value) that the artificial neural network should infer when the training data is input to the artificial neural network. can mean Unsupervised learning may refer to a method of training an artificial neural network in a state where no labels are given for training data. Reinforcement learning can refer to a learning method in which an agent defined in an environment learns to select an action or sequence of actions that maximizes the cumulative reward in each state.

Among artificial neural networks, machine learning implemented as a deep neural network (DNN) including a plurality of hidden layers is also called deep learning (deep learning), and deep learning is a part of machine learning. Hereinafter, machine learning is used in a sense including deep learning.

Robot

A robot can mean a machine that automatically handles or operates a task given by its own capabilities. In particular, a robot having a function of recognizing an environment and performing an operation by self-judgment may be referred to as an intelligent robot.

Robots can be classified into industrial, medical, home, military, etc. depending on the purpose or field of use.

The robot may be provided with a driving unit including an actuator or a motor to perform various physical operations such as moving the robot joints. In addition, the moving robot includes a wheel, a brake, a propeller, etc. in the driving unit, and can travel on the ground or fly in the air through the driving unit.

Self-Driving, Autonomous-Driving

Autonomous driving refers to a technology that drives itself, and an autonomous driving vehicle refers to a vehicle that travels without or with minimal manipulation of a user.

For example, autonomous driving includes technology for maintaining a driving lane, technology for automatically adjusting speed such as adaptive cruise control, technology for automatically driving along a predetermined route, technology for automatically setting a route when a destination is set, etc. All of these can be included.

The vehicle includes a vehicle having only an internal combustion engine, a hybrid vehicle having both an internal combustion engine and an electric motor, and an electric vehicle having only an electric motor, and may include not only automobiles, but also trains, motorcycles, and the like.

In this case, the autonomous vehicle can be viewed as a robot having an autonomous driving function.

Extended Reality (XR)

The extended reality is a generic term for virtual reality (VR), augmented reality (AR), and mixed reality (MR). VR technology provides only CG images of objects or backgrounds in the real world, AR technology provides virtual CG images on top of images of real objects, and MR technology is a computer that mixes and combines virtual objects in the real world. graphic technology.

MR technology is similar to AR technology in that it shows both real and virtual objects. However, there is a difference in that in AR technology, a virtual object is used in a form that complements a real object, whereas in MR technology, a virtual object and a real object are used with equal characteristics.

XR technology can be applied to HMD (Head-Mount Display), HUD (Head-Up Display), mobile phone, tablet PC, laptop, desktop, TV, digital signage, etc. can be called

1 shows an AI device 100 according to an embodiment of the present specification.

AI device 100 is TV, projector, mobile phone, smart phone, desktop computer, notebook computer, digital broadcasting terminal, PDA (personal digital assistants), PMP (portable multimedia player), navigation, tablet PC, wearable device, set-top box (STB) ), a DMB receiver, a radio, a washing machine, a refrigerator, a desktop computer, a digital signage, a robot, a vehicle, etc., may be implemented as a fixed device or a device allowing movement.

Referring to FIG. 1 , the terminal 100 includes a communication unit 110 , an input unit 120 , a learning processor 130 , a sensing unit 140 , an output unit 150 , a memory 170 and a processor 180 , etc. may include

The communication unit 110 may transmit/receive data to and from external devices such as other AI devices 100a to 100e or the AI server 200 using wired/wireless communication technology. For example, the communication unit 110 may transmit and receive sensor information, a user input, a learning model, a control signal, and the like with external devices.

In this case, the communication technology used by the communication unit 110 includes GSM (Global System for Mobile communication), CDMA (Code Division Multi Access), LTE (Long Term Evolution), 5G, WLAN (Wireless LAN), Wi-Fi (Wireless-Fidelity) ), Bluetooth, RFID (Radio Frequency Identification), Infrared Data Association (IrDA), ZigBee, NFC (Near Field Communication), and the like.

The input unit 120 may acquire various types of data.

In this case, the input unit 120 may include a camera for inputting an image signal, a microphone for receiving an audio signal, a user input unit for receiving information from a user, and the like. Here, by treating the camera or the microphone as a sensor, a signal obtained from the camera or the microphone may be referred to as sensing data or sensor information.

The input unit 120 may acquire training data for model training and input data to be used when acquiring an output using the training model. The input unit 120 may acquire raw input data, and in this case, the processor 180 or the learning processor 130 may extract an input feature by preprocessing the input data.

The learning processor 130 may train a model composed of an artificial neural network by using the training data. Here, the learned artificial neural network may be referred to as a learning model. The learning model may be used to infer a result value with respect to new input data other than the training data, and the inferred value may be used as a basis for a decision to perform a certain operation.

In this case, the learning processor 130 may perform AI processing together with the learning processor 240 of the AI server 200 .

In this case, the learning processor 130 may include a memory integrated or implemented in the AI device 100 . Alternatively, the learning processor 130 may be implemented using the memory 170 , an external memory directly coupled to the AI device 100 , or a memory maintained in an external device.

The sensing unit 140 may acquire at least one of internal information of the AI device 100 , information on the surrounding environment of the AI device 100 , and user information by using various sensors.

At this time, sensors included in the sensing unit 140 include a proximity sensor, an illuminance sensor, an acceleration sensor, a magnetic sensor, a gyro sensor, an inertial sensor, an RGB sensor, an IR sensor, a fingerprint recognition sensor, an ultrasonic sensor, an optical sensor, a microphone, and a lidar. , radar, etc.

The output unit 150 may generate an output related to sight, hearing, or touch.

In this case, the output unit 150 may include a display unit that outputs visual information, a speaker that outputs auditory information, and a haptic module that outputs tactile information.

The memory 170 may store data supporting various functions of the AI device 100 . For example, the memory 170 may store input data obtained from the input unit 120 , learning data, a learning model, a learning history, and the like.

The processor 180 may determine at least one execution permitted operation of the AI device 100 based on information determined or generated using a data analysis algorithm or a machine learning algorithm. In addition, the processor 180 may control the components of the AI device 100 to perform the determined operation.

To this end, the processor 180 may request, search, receive, or utilize the data of the learning processor 130 or the memory 170, and is an operation that is predicted or preferred among the at least one execution permitted operation. It is possible to control the components of the AI device 100 to execute.

In this case, when the connection of the external device is required to perform the determined operation, the processor 180 may generate a control signal for controlling the corresponding external device and transmit the generated control signal to the corresponding external device.

The processor 180 may obtain intention information with respect to a user input, and determine a user's requirement based on the obtained intention information.

In this case, the processor 180 uses at least one of a speech to text (STT) engine for converting a voice input into a character string or a natural language processing (NLP) engine for obtaining intention information of a natural language, Intention information corresponding to the input may be obtained.

At this time, at least one of the STT engine and the NLP engine may be configured as an artificial neural network, at least a part of which is learned according to a machine learning algorithm. And, at least one or more of the STT engine or the NLP engine is learned by the learning processor 130, or learned by the learning processor 240 of the AI server 200, or learned by distributed processing thereof. it could be

The processor 180 collects history information including the user's feedback on the operation contents or operation of the AI device 100 and stores it in the memory 170 or the learning processor 130, or the AI server 200 It can be transmitted to an external device. The collected historical information may be used to update the learning model.

The processor 180 may control at least some of the components of the AI device 100 in order to drive an application program stored in the memory 170 . Furthermore, in order to drive the application program, the processor 180 may operate two or more of the components included in the AI device 100 in combination with each other.

2 shows an AI server 200 according to an embodiment of the present specification.

Referring to FIG. 2 , the AI server 200 may refer to a device that trains an artificial neural network using a machine learning algorithm or uses a learned artificial neural network. Here, the AI server 200 may be configured with a plurality of servers to perform distributed processing, and may be defined as a 5G network. In this case, the AI server 200 may be included as a part of the AI device 100 to perform at least a part of AI processing together.

The AI server 200 may include a communication unit 210 , a memory 230 , a learning processor 240 , a processor 260 , and the like.

The communication unit 210 may transmit/receive data to and from an external device such as the AI device 100 .

The memory 230 may include a model storage unit 231 . The model storage unit 231 may store a model (or artificial neural network, 231a) being trained or learned through the learning processor 240 .

The learning processor 240 may train the artificial neural network 231a using the training data. The learning model may be used while being mounted on the AI server 200 of the artificial neural network, or may be used while being mounted on an external device such as the AI device 100 .

The learning model may be implemented in hardware, software, or a combination of hardware and software. When a part or all of the learning model is implemented in software, one or more instructions constituting the learning model may be stored in the memory 230 .

The processor 260 may infer a result value with respect to new input data using the learning model, and may generate a response or a control command based on the inferred result value.

3 shows an AI system 1 according to an embodiment of the present specification.

Referring to FIG. 3 , the AI system 1 includes at least one of an AI server 200 , a robot 100a , an autonomous vehicle 100b , an XR device 100c , a smartphone 100d , or a home appliance 100e . It is connected to the cloud network 10 . Here, the robot 100a to which the AI technology is applied, the autonomous driving vehicle 100b, the XR device 100c, the smart phone 100d, or the home appliance 100e may be referred to as AI devices 100a to 100e.

The cloud network 10 may constitute a part of the cloud computing infrastructure or may refer to a network existing in the cloud computing infrastructure. Here, the cloud network 10 may be configured using a 3G network, a 4G or Long Term Evolution (LTE) network, or a 5G network.

That is, each of the devices 100a to 100e and 200 constituting the AI system 1 may be connected to each other through the cloud network 10 . In particular, each of the devices 100a to 100e and 200 may communicate with each other through the base station, but may directly communicate with each other without passing through the base station.

The AI server 200 may include a server performing AI processing and a server performing an operation on big data.

The AI server 200 includes at least one of the AI devices constituting the AI system 1, such as a robot 100a, an autonomous vehicle 100b, an XR device 100c, a smartphone 100d, or a home appliance 100e, and It is connected through the cloud network 10 and may help at least a part of AI processing of the connected AI devices 100a to 100e.

In this case, the AI server 200 may train an artificial neural network according to a machine learning algorithm on behalf of the AI devices 100a to 100e, and directly store the learning model or transmit it to the AI devices 100a to 100e.

At this time, the AI server 200 receives input data from the AI devices 100a to 100e, infers a result value with respect to the input data received using the learning model, and provides a response or control command based on the inferred result value. It can be generated and transmitted to the AI devices 100a to 100e.

Alternatively, the AI devices 100a to 100e may infer a result value with respect to input data using a direct learning model, and generate a response or a control command based on the inferred result value.

Hereinafter, various embodiments of the AI devices 100a to 100e to which the above-described technology is applied will be described. Here, the AI devices 100a to 100e shown in FIG. 3 can be viewed as specific examples of the AI device 100 shown in FIG. 1 .

AI and robots to which this specification can be applied

The robot 100a may be implemented as a guide robot, a transport robot, a cleaning robot, a wearable robot, an entertainment robot, a pet robot, an unmanned flying robot, etc. to which AI technology is applied.

The robot 100a may include a robot control module for controlling an operation, and the robot control module may mean a software module or a chip implemented as hardware.

The robot 100a acquires state information of the robot 100a by using sensor information obtained from various types of sensors, detects (recognizes) surrounding environments and objects, generates map data, moves path and travels A plan may be determined, a response to a user interaction may be determined, or an action may be determined.

Here, the robot 100a may use sensor information obtained from at least one sensor among LiDAR, radar, and camera in order to determine a movement route and a travel plan.

The robot 100a may perform the above-described operations using a learning model composed of at least one artificial neural network. For example, the robot 100a may recognize a surrounding environment and an object using a learning model, and may determine an operation using the recognized surrounding environment information or object information. Here, the learning model may be directly learned from the robot 100a or learned from an external device such as the AI server 200 .

In this case, the robot 100a may perform an operation by generating a result using a direct learning model, but transmits sensor information to an external device such as the AI server 200 and receives the result generated accordingly to perform the operation You may.

The robot 100a determines a movement path and travel plan using at least one of map data, object information detected from sensor information, or object information obtained from an external device, and controls the driving unit to apply the determined movement path and travel plan. Accordingly, the robot 100a may be driven.

The map data may include object identification information for various objects disposed in a space in which the robot 100a moves. For example, the map data may include object identification information for fixed objects such as walls and doors and objects that are allowed to move, such as flowerpots and desks. In addition, the object identification information may include a name, a type, a distance, a location, and the like.

In addition, the robot 100a may perform an operation or drive by controlling the driving unit based on the user's control/interaction. In this case, the robot 100a may acquire intention information of an interaction according to a user's motion or voice utterance, determine a response based on the acquired intention information, and perform the operation.

AI and autonomous driving to which this specification can be applied

The autonomous driving vehicle 100b may be implemented as a mobile robot, a vehicle, an unmanned aerial vehicle, etc. by applying AI technology.

The autonomous driving vehicle 100b may include an autonomous driving control module for controlling an autonomous driving function, and the autonomous driving control module may mean a software module or a chip implemented as hardware. The autonomous driving control module may be included as a component of the autonomous driving vehicle 100b, or may be configured and connected to the outside of the autonomous driving vehicle 100b as separate hardware.

The autonomous vehicle 100b obtains state information of the autonomous vehicle 100b using sensor information obtained from various types of sensors, detects (recognizes) surrounding environments and objects, generates map data, A movement route and a driving plan may be determined, or an operation may be determined.

Here, the autonomous driving vehicle 100b may use sensor information obtained from at least one sensor among a lidar, a radar, and a camera, similarly to the robot 100a, in order to determine a moving route and a driving plan.

In particular, the autonomous vehicle 100b may receive sensor information from external devices to recognize an environment or object for an area where the field of view is obscured or an area over a certain distance, or receive information recognized directly from external devices. .

The autonomous vehicle 100b may perform the above-described operations by using a learning model composed of at least one artificial neural network. For example, the autonomous driving vehicle 100b may recognize a surrounding environment and an object using a learning model, and may determine a driving route using the recognized surrounding environment information or object information. Here, the learning model may be directly learned from the autonomous vehicle 100b or learned from an external device such as the AI server 200 .

In this case, the autonomous vehicle 100b may generate a result by using the direct learning model and perform the operation, but it operates by transmitting sensor information to an external device such as the AI server 200 and receiving the result generated accordingly. can also be performed.

The autonomous vehicle 100b determines a movement path and a driving plan by using at least one of map data, object information detected from sensor information, or object information acquired from an external device, and controls the driving unit to determine the movement path and driving The autonomous vehicle 100b may be driven according to a plan.

The map data may include object identification information for various objects disposed in a space (eg, a road) in which the autonomous vehicle 100b travels. For example, the map data may include object identification information for fixed objects such as street lights, rocks, and buildings, and objects that are allowed to move, such as vehicles and pedestrians. In addition, the object identification information may include a name, a type, a distance, a location, and the like.

Also, the autonomous vehicle 100b may perform an operation or drive by controlling the driving unit based on the user's control/interaction. In this case, the autonomous vehicle 100b may acquire intention information of an interaction according to a user's motion or voice utterance, determine a response based on the obtained intention information, and perform the operation.

AI and XR to which this specification may be applied

The XR device 100c is AI technology applied, so a head-mount display (HMD), a head-up display (HUD) provided in a vehicle, a television, a mobile phone, a smart phone, a computer, a wearable device, a home appliance, and a digital signage , a vehicle, a stationary robot, or a mobile robot.

The XR device 100c analyzes 3D point cloud data or image data acquired through various sensors or from an external device to generate location data and attribute data for 3D points, thereby providing information on surrounding space or real objects. It can be obtained and output by rendering the XR object to be output. For example, the XR apparatus 100c may output an XR object including additional information on the recognized object to correspond to the recognized object.

The XR apparatus 100c may perform the above-described operations using a learning model composed of at least one artificial neural network. For example, the XR apparatus 100c may recognize a real object from 3D point cloud data or image data using a learning model, and may provide information corresponding to the recognized real object. Here, the learning model may be directly learned from the XR device 100c or learned from an external device such as the AI server 200 .

In this case, the XR device 100c may perform an operation by generating a result using the direct learning model, but it transmits sensor information to an external device such as the AI server 200 and receives the result generated accordingly to perform the operation. can also be done

AI, robot and autonomous driving to which this specification can be applied

The robot 100a may be implemented as a guide robot, a transport robot, a cleaning robot, a wearable robot, an entertainment robot, a pet robot, an unmanned flying robot, etc. to which AI technology and autonomous driving technology are applied.

The robot 100a to which AI technology and autonomous driving technology are applied may mean a robot having an autonomous driving function or a robot 100a that interacts with the autonomous driving vehicle 100b.

The robot 100a having an autonomous driving function may collectively refer to devices that move by themselves according to a given movement line without user's control or by determining a movement line by themselves.

The robot 100a with the autonomous driving function and the autonomous driving vehicle 100b may use a common sensing method to determine one or more of a moving route or a driving plan. For example, the robot 100a having an autonomous driving function and the autonomous driving vehicle 100b may determine one or more of a movement route or a driving plan by using information sensed through lidar, radar, and camera.

The robot 100a interacting with the autonomous driving vehicle 100b exists separately from the autonomous driving vehicle 100b and is linked to an autonomous driving function inside or outside the autonomous driving vehicle 100b, or the autonomous driving vehicle 100b ) can perform an operation associated with the user on board.

At this time, the robot 100a interacting with the autonomous driving vehicle 100b acquires sensor information on behalf of the autonomous driving vehicle 100b and provides it to the autonomous driving vehicle 100b, or obtains sensor information and obtains information about the surrounding environment or By generating object information and providing it to the autonomous driving vehicle 100b, the autonomous driving function of the autonomous driving vehicle 100b may be controlled or supported.

Alternatively, the robot 100a interacting with the autonomous driving vehicle 100b may monitor a user riding in the autonomous driving vehicle 100b or control a function of the autonomous driving vehicle 100b through interaction with the user. . For example, when it is determined that the driver is in a drowsy state, the robot 100a may activate an autonomous driving function of the autonomous driving vehicle 100b or assist in controlling a driving unit of the autonomous driving vehicle 100b. Here, the function of the autonomous driving vehicle 100b controlled by the robot 100a may include not only an autonomous driving function, but also a function provided by a navigation system or an audio system provided in the autonomous driving vehicle 100b.

Alternatively, the robot 100a interacting with the autonomous driving vehicle 100b may provide information or assist a function to the autonomous driving vehicle 100b from the outside of the autonomous driving vehicle 100b. For example, the robot 100a may provide traffic information including signal information to the autonomous driving vehicle 100b, such as a smart traffic light, or interact with the autonomous driving vehicle 100b, such as an automatic electric charger for an electric vehicle. You can also automatically connect an electric charger to the charging port.

AI, Robot and XR to which this specification can be applied

The robot 100a may be implemented as a guide robot, a transport robot, a cleaning robot, a wearable robot, an entertainment robot, a pet robot, an unmanned flying robot, a drone, etc. to which AI technology and XR technology are applied.

The robot 100a to which the XR technology is applied may mean a robot that is a target of control/interaction within an XR image. In this case, the robot 100a is distinguished from the XR device 100c and may be interlocked with each other.

When the robot 100a, which is the target of control/interaction within the XR image, obtains sensor information from sensors including a camera, the robot 100a or the XR device 100c generates an XR image based on the sensor information. and the XR apparatus 100c may output the generated XR image. In addition, the robot 100a may operate based on a control signal input through the XR device 100c or a user's interaction.

For example, the user can check the XR image corresponding to the viewpoint of the remotely linked robot 100a through an external device such as the XR device 100c, and adjust the autonomous driving path of the robot 100a through interaction or , control motion or driving, or check information of surrounding objects.

AI, autonomous driving and XR to which this specification may be applied

The autonomous vehicle 100b may be implemented as a mobile robot, a vehicle, an unmanned aerial vehicle, etc. by applying AI technology and XR technology.

The autonomous driving vehicle 100b to which the XR technology is applied may mean an autonomous driving vehicle equipped with a means for providing an XR image or an autonomous driving vehicle subject to control/interaction within the XR image. In particular, the autonomous driving vehicle 100b, which is the target of control/interaction within the XR image, is distinguished from the XR device 100c and may be interlocked with each other.

The autonomous driving vehicle 100b having means for providing an XR image may obtain sensor information from sensors including a camera, and output an XR image generated based on the acquired sensor information. For example, the autonomous vehicle 100b may provide an XR object corresponding to a real object or an object in a screen to the passenger by outputting an XR image with a HUD.

In this case, when the XR object is output to the HUD, at least a portion of the XR object may be output to overlap the real object to which the passenger's gaze is directed. On the other hand, when the XR object is output to the display provided inside the autonomous vehicle 100b, at least a portion of the XR object may be output to overlap the object in the screen. For example, the autonomous vehicle 100b may output XR objects corresponding to objects such as a lane, other vehicles, traffic lights, traffic signs, two-wheeled vehicles, pedestrians, and buildings.

When the autonomous driving vehicle 100b, which is the subject of control/interaction in the XR image, acquires sensor information from sensors including a camera, the autonomous driving vehicle 100b or the XR device 100c performs An XR image is generated, and the XR apparatus 100c may output the generated XR image. In addition, the autonomous vehicle 100b may operate based on a control signal input through an external device such as the XR device 100c or a user's interaction.

First, terms used in this specification are defined as follows.

- IMS (IP Multimedia Subsystem or IP Multimedia Core Network Subsystem): an architectural framework for providing standardization for delivering voice or other multimedia services over IP.

- UMTS (Universal Mobile Telecommunications System): GSM (Global System for Mobile Communication)-based 3rd generation mobile communication technology developed by 3GPP.

- EPS (Evolved Packet System): A network system composed of an Internet Protocol (IP)-based PS (packet switched) core network, an Evolved Packet Core (EPC) network, and an access network such as LTE/UTRAN. UMTS is an evolved network.

- NodeB: base station of GERAN/UTRAN. It is installed outdoors and the coverage is macro cell scale.

- eNodeB/eNB: base station of E-UTRAN. It is installed outdoors and the coverage is macro cell scale.

- UE (User Equipment): User equipment. A UE may be referred to as a terminal (UE), a mobile equipment (ME), a mobile station (MS), or the like. In addition, the UE may be a portable device such as a laptop computer, a mobile phone, a personal digital assistant (PDA), a smart phone, a multimedia device, or the like, or a non-portable device such as a personal computer (PC) or in-vehicle device. In the context of MTC, the term UE or terminal may refer to an MTC device.

- HNB (Home NodeB): As a base station of the UMTS network, it is installed indoors and the coverage is micro cell scale.

- HeNB (Home eNodeB): As a base station of the EPS network, it is installed indoors and the coverage is micro-cell scale.

- MME (Mobility Management Entity): Mobility Management (MM), Session Management (Session Management; SM) network node of the EPS network that performs the function.

- PDN-GW (Packet Data Network-Gateway)/PGW/P-GW: A network node of the EPS network that performs UE IP address assignment, packet screening and filtering, charging data collection functions, and the like.

- Serving Gateway (SGW) / S-GW: Mobility anchor (mobility anchor), packet routing (routing), idle mode packet buffering, a function of triggering the MME to page the UE, etc. Network node of the EPS network .

- PCRF (Policy and Charging Rule Function): A network node of the EPS network that performs policy decision to dynamically apply QoS and charging policies differentiated for each service flow.

- OMA DM (Open Mobile Alliance Device Management): A protocol designed to manage mobile devices such as cell phones, PDAs, and portable computers. Device configuration, firmware upgrade, error report, etc. perform the function of

- OAM (Operation Administration and Maintenance): A set of network management functions that provide network fault indication, performance information, and data and diagnostic functions.

- NAS (Non-Access Stratum): the upper end of the control plane (control plane) between the UE and the MME (stratum). As a functional layer for exchanging signaling and traffic messages between the UE and the core network in the LTE / UMTS protocol stack, the session supports mobility of the UE and establishes and maintains an IP connection between the UE and the PDN GW It supports management procedures and IP address management.

- EMM (EPS Mobility Management): As a sub-layer of the NAS layer, the EMM is in "EMM-Registered" or "EMM-Deregistered" state depending on whether the UE is network attached or detached. there may be

- ECM (EMM Connection Management) connection (connection): a signaling connection (connection) for the exchange (exchange) of NAS messages established between the UE and the MME. The ECM connection is a logical connection consisting of an RRC connection between the UE and the eNB and an S1 signaling connection between the eNB and the MME. When the ECM connection is established/terminated, the RRC and S1 signaling connections are also established/terminated. The established ECM connection means having an RRC connection established with the eNB to the UE, and means having an S1 signaling connection established with the eNB to the MME. Depending on whether a NAS signaling connection, that is, an ECM connection is established, the ECM may have a status of "ECM-Connected" or "ECM-Idle".

- AS (Access-Stratum): Includes the protocol stack between the UE and the wireless (or access) network, and is responsible for data and network control signal transmission.

- NAS configuration (configuration) MO (Management Object): MO (Management object) used in the process of setting parameters (parameters) related to NAS function (Functionality) to the UE.

- PDN (Packet Data Network): A network in which a server supporting a specific service (eg, Multimedia Messaging Service (MMS) server, Wireless Application Protocol (WAP) server, etc.) is located.

- PDN Connection: A logical connection between the UE and the PDN, expressed by one IP address (one IPv4 address and/or one IPv6 prefix).

- APN (Access Point Name): A string that refers to or distinguishes a PDN. In order to access a requested service or network, it goes through a specific P-GW, and it means a name (string) predefined in the network to find this P-GW. (e.g. internet.mnc012.mcc345.gprs)

- RAN (Radio Access Network): a unit including a NodeB, an eNodeB, and a Radio Network Controller (RNC) for controlling them in a 3GPP network. It exists between UEs and provides connectivity to the core network.

- HLR (Home Location Register)/HSS (Home Subscriber Server): A database having subscriber information in the 3GPP network. The HSS may perform functions such as configuration storage, identity management, and user state storage.

- PLMN (Public Land Mobile Network): A network configured for the purpose of providing mobile communication services to individuals. It may be configured to be divided for each operator.

-ANDSF (Access Network Discovery and Selection Function): As one network entity, it provides a policy to discover and select the access allowed by the UE in the operator unit.

- EPC path (or infrastructure data path): User plane communication path through EPC

- E-RAB (E-UTRAN Radio Access Bearer): refers to the concatenation of the S1 bearer and the corresponding data radio bearer. If the E-RAB exists, there is a one-to-one mapping between the E-RAB and the EPS bearer of the NAS.

- GPRS Tunneling Protocol (GTP): A group of IP-based communications protocols used to carry general packet radio service (GPRS) within GSM, UMTS and LTE networks. Within the 3GPP architecture, GTP and Proxy Mobile IPv6-based interfaces are specified on various interface points. GTP can be decomposed into several protocols (eg GTP-C, GTP-U and GTP'). GTP-C is used within a GPRS core network for signaling between Gateway GPRS Support Nodes (GGSN) and Serving GPRS Support Nodes (SGSN). In the GTP-C, the SGSN activates a session for the user (eg, activates the PDN context), deactivates the same session, and adjusts the quality of service parameters. ), or update a session for a subscriber that has just operated from another SGSN. GTP-U is used to carry user data within the GPRS core network and between the radio access network and the core network. 1 is a diagram illustrating a schematic structure of an Evolved Packet System (EPS) including an Evolved Packet Core (EPC).

- Cell as a radio resource: The 3GPP LTE / LTE-A system uses the concept of a cell to manage radio resources, and a cell associated with a radio resource is a cell of a geographic area. is separated from A "cell" associated with a radio resource is defined as a combination of downlink resources (DL resources) and uplink resources (UL resources), that is, a combination of a DL carrier and a UL carrier. A cell may be configured with a DL resource alone or a combination of a DL resource and a UL resource. When carrier aggregation is supported, linkage between a carrier frequency of a DL resource and a carrier frequency of a UL resource may be indicated by system information. Here, the carrier frequency means a center frequency of each cell or carrier. In particular, a cell operating on a primary frequency is referred to as a primary cell (Pcell), and a cell operating on a secondary frequency is referred to as a secondary cell (Scell). . Scell refers to a cell that can be used to allow setup after RRC (Radio Resource Control) connection establishment is made and to provide additional radio resources. According to the capabilities of the UE, the Scell may form a set of serving cells for the UE together with the Pcell. In the case of a UE in the RRC_CONNECTED state but carrier aggregation is not configured or does not support carrier aggregation, there is only one serving cell configured only as a Pcell. On the other hand, a "cell" of a geographic area can be understood as coverage in which a node can provide a service using a carrier, and a "cell" of radio resources is a frequency range configured by the carrier. It is related to bandwidth (BW). The downlink coverage, which is the range in which a node can transmit a valid signal, and the uplink coverage, which is the range in which a valid signal can be received from the UE, depend on the carrier carrying the corresponding signal. It is also associated with the coverage of a "cell". Therefore, the term “cell” may be used to mean the coverage of a service by a node, sometimes a radio resource, and sometimes a range that a signal using the radio resource can reach with an effective strength.

EPC is a key element of SAE (System Architecture Evolution) to improve the performance of 3GPP technologies. SAE corresponds to a research task to determine a network structure that supports mobility between various types of networks. SAE aims to provide an optimized packet-based system, for example, supporting various radio access technologies based on IP and providing improved data transmission capability.

Specifically, EPC is a core network of an IP mobile communication system for a 3GPP LTE system, and can support packet-based real-time and non-real-time services. In the existing mobile communication system (ie, 2nd generation or 3rd generation mobile communication system), the core network through two distinct sub-domains, CS (Circuit-Switched) for voice and PS (Packet-Switched) for data. The function has been implemented. However, in the 3GPP LTE system, which is the evolution of the 3G mobile communication system, sub-domains of CS and PS are unified into one IP domain. That is, in the 3GPP LTE system, the connection between the UE and the UE having IP capability is an IP-based base station (eg, eNodeB (evolved Node B)), EPC, application domain (eg, IMS ( IP Multimedia Subsystem)). That is, the EPC is an essential structure for implementing an end-to-end IP service.

The EPC may include various components, and in FIG. 1 , some of them are a Serving Gateway (SGW), a Packet Data Network Gateway (PDN GW), a Mobility Management Entity (MME), and a Serving General Packet (GPRS) (SGSN). Radio Service) Supporting Node) and ePDG (enhanced Packet Data Gateway) are shown.

The SGW (or S-GW) is an element that functions as a boundary point between the radio access network (RAN) and the core network, and maintains a data path between the eNB and the PDN GW. In addition, when the UE moves over an area served by the eNB, the SGW serves as a local mobility anchor point. That is, packets may be routed through the SGW for mobility within the E-UTRAN (Evolved-Universal Mobile Telecommunications System (UMTS) Terrestrial Radio Access Network defined after 3GPP Release-8). In addition, the SGW provides mobility with other 3GPP networks (RANs defined before 3GPP Release-8, for example, UTRAN or GERAN (Global System for Mobile Communication) / EDGE (Enhanced Data rates for Global Evolution) Radio Access Network). It may serve as an anchor point for

The PDN GW (or P-GW) corresponds to the termination point of the data interface towards the packet data network. The PDN GW may support policy enforcement features, packet filtering, charging support, and the like. In addition, mobility management between 3GPP networks and non-3GPP networks (eg, untrusted networks such as Interworking Wireless Local Area Network (I-WLAN), Code Division Multiple Access (CDMA) networks or trusted networks such as WiMax). It can serve as an anchor point for

Although the example of the network structure of FIG. 4 shows that the SGW and the PDN GW are configured as separate gateways, the two gateways may be implemented according to a single gateway configuration option.

The MME is an element that performs signaling and control functions to support access to a network connection of the UE, allocation of network resources, tracking, paging, roaming and handover, and the like. The MME controls control plane functions related to subscriber and session management. The MME manages numerous eNBs and performs signaling for selection of a conventional gateway for handover to other 2G/3G networks. In addition, the MME performs functions such as security procedures, terminal-to-network session handling, and idle terminal location management.

The SGSN handles all packet data such as user's mobility management and authentication to other 3GPP networks (eg, GPRS networks).

The ePDG acts as a security node for untrusted non-3GPP networks (eg, I-WLAN, WiFi hotspots, etc.).

As described with reference to FIG. 4 , the UE having IP capability is an IP provided by an operator (ie, an operator) via various elements in the EPC on the basis of 3GPP access as well as non-3GPP access. A service network (eg, IMS) may be accessed.

4 also shows various reference points (eg, S1-U, S1-MME, etc.). In the 3GPP system, a conceptual link connecting two functions existing in different functional entities of E-UTRAN and EPC is defined as a reference point. Table 1 below summarizes the reference points shown in FIG. 4 . In addition to the examples in Table 1, various reference points may exist according to the network structure.

reference pointreference point	설명(description)description
S1-MMES1-MME	E-UTRAN와 MME 간의 제어 평면 프로토콜에 대한 레퍼런스 포인트(Reference point for the control plane protocol between E-UTRAN and MME)Reference point for the control plane protocol between E-UTRAN and MME
S1-US1-U	핸드오버 동안 eNB 간 경로 스위칭 및 베어러 당 사용자 평면 터널링에 대한 E-UTRAN와 SGW 간의 레퍼런스 포인트 (Reference point between E-UTRAN and Serving GW for the per bearer user plane tunneling and inter eNodeB path switching during handover)Reference point between E-UTRAN and Serving GW for the per bearer user plane tunneling and inter eNodeB path switching during handover
S3S3	유휴(idle) 및/또는 활성화 상태에서 3GPP 액세스 네트워크 간 이동성에 대한 사용자 및 베어러 정보 교환을 제공하는 MME와 SGSN 간의 레퍼런스 포인트. 이 레퍼런스 포인트는 PLMN-내 또는 PLMN-간(예를 들어, PLMN-간 핸드오버의 경우)에 사용될 수 있음) (It enables user and bearer information exchange for inter 3GPP access network mobility in idle and/or active state. This reference point can be used intra-PLMN or inter-PLMN (e.g. in the case of Inter-PLMN HO).)Reference point between MME and SGSN providing user and bearer information exchange for mobility between 3GPP access networks in idle and/or active state. This reference point may be used for intra-PLMN or inter-PLMN (eg, in the case of inter-PLMN handover)) (It enables user and bearer information exchange for inter 3GPP access network mobility in idle and/or active state This reference point can be used intra-PLMN or inter-PLMN (e.g. in the case of Inter-PLMN HO).)
S4S4	GPRS 코어와 SGW의 3GPP 앵커 기능 간의 관련 제어 및 이동성 지원을 제공하는 SGW와 SGSN 간의 레퍼런스 포인트. 또한, 직접 터널이 수립되지 않으며, 사용자 플레인 터널링을 제공함 (It provides related control and mobility support between GPRS Core and the 3GPP Anchor function of Serving GW. In addition, if Direct Tunnel is not established, it provides the user plane tunneling.)A reference point between the SGW and SGSN that provides related control and mobility support between the GPRS core and the 3GPP anchor function of the SGW. In addition, if Direct Tunnel is not established, it provides the user plane tunneling .)
S5S5	SGW와 PDN GW 간의 사용자 평면 터널링 및 터널 관리를 제공하는 레퍼런스 포인트. 단말 이동성으로 인해, 그리고 요구되는 PDN 연결성을 위해서 SGW가 함께 위치하지 않은 PDN GW로의 연결이 필요한 경우, SGW 재배치를 위해서 사용됨 (It provides user plane tunneling and tunnel management between Serving GW and PDN GW. It is used for Serving GW relocation due to UE mobility and if the Serving GW needs to connect to a non-collocated PDN GW for the required PDN connectivity.)Reference point providing user plane tunneling and tunnel management between SGW and PDN GW. Used for SGW relocation when connection to a PDN GW where the SGW is not located is required due to terminal mobility and required PDN connectivity (It provides user plane tunneling and tunnel management between Serving GW and PDN GW. It is used for Serving GW relocation due to UE mobility and if the Serving GW needs to connect to a non-collocated PDN GW for the required PDN connectivity.)
S11S11	MME와 SGW 간의 제어 평면 프로토콜에 대한 레퍼런스 포인트Reference point for control plane protocol between MME and SGW
SGiSGi	PDN GW와 PDN 간의 레퍼런스 포인트. 여기서, PDN은, 오퍼레이터 외부 공용 또는 사설 PDN이거나 오퍼레이터-내 PDN(예를 들어, IMS 서비스)이 해당될 수 있음. 이 레퍼런스 포인트는 3GPP 액세스의 Gi에 해당함 (It is the reference point between the PDN GW and the packet data network. Packet data network may be an operator external public or private packet data network or an intra operator packet data network, e.g. for provision of IMS services. This reference point corresponds to Gi for 3GPP accesses.)Reference point between PDN GW and PDN. Here, the PDN may be an operator external public or private PDN or an operator-internal PDN (eg, IMS service). This reference point corresponds to Gi of 3GPP access (It is the reference point between the PDN GW and the packet data network. Packet data network may be an operator external public or private packet data network or an intra operator packet data network, e.g. for This reference point corresponds to Gi for 3GPP accesses.)

Among the reference points shown in FIG. 4 , S2a and S2b correspond to non-3GPP interfaces. S2a is a reference point that provides the user plane with trusted non-3GPP access and related control and mobility support between PDN GWs. S2b is a reference point that provides the user plane with related control and mobility support between the ePDG and PDN GW.

5 shows an example of a network structure of an evolved universal terrestrial radio access network (E-UTRAN) to which this specification can be applied.

The E-UTRAN system is a system evolved from the existing UTRAN system, and may be, for example, a 3GPP LTE/LTE-A system. Communication networks are widely deployed to provide various communication services such as voice (eg, Voice over Internet Protocol (VoIP)) via IMS and packet data.

Referring to FIG. 4 , the E-UMTS network includes an E-UTRAN, an EPC, and one or more UEs. The E-UTRAN consists of eNBs that provide a control plane and a user plane protocol to the UE, and the eNBs are connected through an X2 interface.

An X2 user plane interface (X2-U) is defined between the eNBs. The X2-U interface provides non-guaranteed delivery of a user plane packet data unit (PDU). An X2 control plane interface (X2-CP) is defined between two neighboring eNBs. X2-CP performs functions such as context transfer between eNBs, control of a user plane tunnel between a source eNB and a target eNB, transfer of a handover related message, and uplink load management.

The eNB is connected to the UE through the wireless interface and connected to the evolved packet core (EPC) through the S1 interface.

The S1 user plane interface (S1-U) is defined between the eNB and a serving gateway (S-GW). The S1 control plane interface (S1-MME) is defined between the eNB and a mobility management entity (MME). The S1 interface performs an evolved packet system (EPS) bearer service management function, a non-access stratum (NAS) signaling transport function, network sharing, an MME load balancing function, and the like. The S1 interface supports many-to-many-relation between the eNB and the MME/S-GW.

MME is NAS signaling security (security), AS (Access Stratum) security (security) control, CN (Core Network) inter-node (Inter-CN) signaling to support mobility between 3GPP access networks, (perform and control paging retransmission) Including) idle (IDLE) mode UE accessibility (reachability), (for idle and active mode terminals) tracking area identifier (TAI: Tracking Area Identity) management, PDN GW and SGW selection, MME for handover in which the MME is changed Bearer management functions including selection, SGSN selection for handover to 2G or 3G 3GPP access network, roaming, authentication, dedicated bearer establishment, Public Warning System (PWS) System) (including Earthquake and Tsunami Warning System (ETWS) and Commercial Mobile Alert System (CMAS)) message transmission.

6 is a diagram illustrating an architecture of a general NR-RAN.

Referring to FIG. 6 , the NG-RAN node may be one of the following.

gNB providing NR user plane and control plane protocols towards the UE; or

ng-eNB providing E-UTRA user plane and control plane protocols towards the UE.

The gNB and the ng-eNB are connected to each other through the Xn interface. In addition, gNB and ng-eNB via NG interface to 5GC, more specifically via NG-C interface, Access and Mobility Management Function (AMF), user plane function via NG-U interface ( UPF: User Plane Function) (refer to 3GPP TS 23.501 [3]).

For reference, the architecture for functional separation and the F1 interface are defined in 3GPP TS 38.401 [4].

7 shows an example of a general architecture of 5G. The following is a description of each reference interface and node in FIG. 7 .

Access and Mobility Management Function (AMF: Access and Mobility Management Function) is a CN inter-node signaling for mobility between 3GPP access networks, a radio access network (RAN: Radio Access Network) CP interface (N2) termination (termination), NAS It supports functions such as end of signaling (N1), registration management (registration area management), idle mode UE accessibility (reachability), network slicing support, SMF selection, and the like.

Some or all functions of AMF may be supported within a single instance of one AMF.

A data network (DN: Data network) means, for example, an operator service, Internet access, or a third party service. The DN transmits a downlink protocol data unit (PDU) to the UPF or receives a PDU transmitted from the UE from the UPF.

A policy control function (PCF) provides a function of receiving information about a packet flow from an application server and determining policies such as mobility management and session management.

A session management function (SMF: Session Management Function) provides a session management function, and when the UE has a plurality of sessions, it may be managed by a different SMF for each session.

Some or all functions of the SMF may be supported within a single instance of one SMF.

Unified Data Management (UDM) stores user subscription data, policy data, and the like.

User plane function (UPF) delivers the downlink PDU received from the DN to the UE via (R)AN, and delivers the uplink PDU received from the UE via (R)AN to the DN. .

Application Function (AF) supports service provision (eg, application impact on traffic routing, network capability exposure access, interaction with policy framework for policy control, etc.) to interact with the 3GPP core network.

(Radio) Access Network ((R)AN: (Radio) Access Network) is an evolved version of 4G radio access technology, evolved E-UTRA (E-UTRA) and new radio access technology (NR: New Radio) ( For example, gNB) is a generic term for a new radio access network that supports both.

gNB has functions for radio resource management (ie, Radio Bearer Control, Radio Admission Control, Connection Mobility Control), and dynamic resource allocation to the UE in uplink/downlink. It supports functions such as dynamic allocation of resources (ie, scheduling)).

User Equipment (UE: User Equipment) refers to user equipment.

In the 3GPP system, a conceptual link connecting NFs in the 5G system is defined as a reference point.

N1 is the reference point between the UE and AMF, N2 is the reference point between (R)AN and AMF, N3 is the reference point between (R)AN and UPF, N4 is the reference point between SMF and UPF, N6 the reference point between UPF and the data network , N9 is a reference point between the two core UPFs, N5 is a reference point between PCF and AF, N7 is a reference point between SMF and PCF, N24 is a PCF in a visited network and a PCF in a home network Reference point, N8 is a reference point between UDM and AMF, N10 is a reference point between UDM and SMF, N11 is a reference point between AMF and SMF, N12 is a reference point between AMF and Authentication Server function (AUSF), N13 is Reference point between UDM and AUSF, N14 is a reference point between two AMFs, N15 is a reference point between PCF and AMF in case of non-roaming scenario, and reference point between PCF and AMF in visited network in case of roaming scenario , N16 is the reference point between the two SMFs (in the roaming scenario, the reference point between the SMF in the visited network and the SMF between the home network), N17 is the reference point between the AMF and the 5G-EIR (Equipment Identity Register), and N18 is the AMF and the Unstructured UDSF (UDSF) Data Storage Function), N22 is the reference point between AMF and Network Slice Selection Function (NSSF), N23 is the reference point between PCF and NWDAF (Network Data Analytics Function), N24 is the reference point between NSSF and NWDAF, N27 is visit Reference point between NRF (Network Repository Function) in network and NRF in home network, N31 is N in visited network Reference point between SSF and NSSF in home network, N32 is a reference point between SEPP (Security Protection Proxy) in visited network and SEPP in home network, N33 is reference point between NEF (Network Exposure Function) and AF, N40 is SMF and CHF ( A reference point between the charging function, N50 means a reference point between the AMF and the Circuit Bearer Control Function (CBCF).

Meanwhile, FIG. 7 exemplifies a reference model for a case in which the UE accesses one DN using one PDU session for convenience of description, but is not limited thereto.

Hereinafter, downlink (DL) means communication from a base station (BS) to user equipment (UE), and uplink (UL) means communication from UE to BS. In the downlink, a transmitter may be a part of a BS, and a receiver may be a part of the UE. In the uplink, the transmitter may be part of the UE and the receiver may be part of the BS. In this specification, a UE may be represented as a first communication device, and a BS may be represented as a second communication device. BS is a fixed station, Node B, evolved-NodeB (eNB), Next Generation NodeB (gNB), base transceiver system (BTS), access point (AP), network or 5G (5th generation) network node , AI (Artificial Intelligence) system, RSU (road side unit), may be replaced by terms such as robot. In addition, the UE is a terminal, MS (Mobile Station), UT (User Terminal), MSS (Mobile Subscriber Station), SS (Subscriber Station), AMS (Advanced Mobile Station), WT (Wireless terminal), MTC (Machine) -Type Communication) device, M2M (Machine-to-Machine) device, D2D (Device-to-Device) device, vehicle, robot, AI module, drone, aerial UE, etc. can be replaced.

The following technologies are various radio access methods such as Code Division Multiple Access (CDMA), Frequency Division Multiple Access (FDMA), Time Division Multiple Access (TDMA), Orthogonal Frequency Division Multiple Access (OFDMA), Single Carrier FDMA (SC-FDMA), and the like. can be used in the system. CDMA may be implemented with a radio technology such as Universal Terrestrial Radio Access (UTRA) or CDMA2000. TDMA may be implemented with a radio technology such as Global System for Mobile communications (GSM)/General Packet Radio Service (GPRS)/Enhanced Data Rates for GSM Evolution (EDGE). OFDMA may be implemented with a radio technology such as IEEE 802.11 (Wi-Fi), IEEE 802.16 (WiMAX), IEEE 802-20, Evolved UTRA (E-UTRA), and the like. UTRA is part of the Universal Mobile Telecommunications System (UMTS). 3GPP (3rd Generation Partnership Project) Long Term Evolution (LTE) is a part of Evolved UMTS (E-UMTS) using E-UTRA and LTE-A (Advanced)/LTE-A pro is an evolved version of 3GPP LTE. 3GPP NR (New Radio or New Radio Access Technology) is an evolved version of 3GPP LTE/LTE-A/LTE-A pro.

For clarity of explanation, although description is based on a 3GPP communication system (eg, LTE-A, NR), the technical spirit of the present invention is not limited thereto. LTE refers to technology after 3GPP TS 36.xxx Release 8. In detail, LTE technology after 3GPP TS 36.xxx Release 10 is referred to as LTE-A, and LTE technology after 3GPP TS 36.xxx Release 13 is referred to as LTE-A pro. 3GPP 5G (5th generation) technology refers to technology after TS 36.xxx Release 15 and technology after TS 38.XXX Release 15, among which technology after TS 38.xxx Release 15 is referred to as 3GPP NR, and TS 36.xxx Release 15 and later technologies may be referred to as enhanced LTE. "xxx" stands for standard document detail number. LTE/NR may be collectively referred to as a 3GPP system.

In this specification (disclosure), a node refers to a fixed point that can communicate with the UE to transmit/receive a radio signal. Various types of BSs can be used as nodes regardless of their names. For example, BS, NB, eNB, pico-cell eNB (PeNB), home eNB (HeNB), relay (relay), repeater (repeater), etc. may be a node. Also, the node may not need to be a BS. For example, it may be a radio remote head (RRH) or a radio remote unit (RRU). RRH, RRU, and the like generally have a lower power level compared to the power level of the BS. At least one antenna is installed in one node. The antenna may mean a physical antenna, an antenna port, a virtual antenna, or an antenna group. A node is also called a point.

In the present specification, a cell refers to a certain geographic area or radio resource in which one or more nodes provide a communication service. A "cell" of a geographic area can be understood as coverage in which a node can provide a service using a carrier, and a "cell" of radio resources is a bandwidth (a frequency size configured by the carrier) ( bandwidth, BW). The downlink coverage, which is the range in which a node can transmit a valid signal, and the uplink coverage, which is the range in which a valid signal can be received from the UE, depend on the carrier carrying the corresponding signal. It is also associated with the coverage of a "cell". Therefore, the term “cell” may be used to mean the coverage of a service by a node, sometimes a radio resource, and sometimes a range that a signal using the radio resource can reach with an effective strength.

In the present specification, communication with a specific cell may mean communicating with a BS or node that provides a communication service to the specific cell. In addition, the downlink/uplink signal of a specific cell means a downlink/uplink signal from/to a BS or node that provides a communication service to the specific cell. A cell providing an uplink/downlink communication service to the UE is specifically referred to as a serving cell. In addition, the channel state/quality of a specific cell means the channel state/quality of a channel or communication link formed between a UE and a BS or node providing a communication service to the specific cell.

Meanwhile, a "cell" associated with a radio resource may be defined as a combination of downlink resources (DL resources) and uplink resources (UL resources), that is, a combination of a DL component carrier (CC) and UL CC. A cell may be configured with a DL resource alone or a combination of a DL resource and a UL resource. When carrier aggregation is supported, the linkage between the carrier frequency of the DL resource (or DL CC) and the carrier frequency of the UL resource (or UL CC) is the linkage. It may be indicated by system information transmitted through the cell. Here, the carrier frequency may be the same as or different from the center frequency of each cell or CC. Hereinafter, a cell operating on a primary frequency is referred to as a primary cell (Pcell) or PCC, and a cell operating on a secondary frequency is referred to as a secondary cell (Scell). Or called SCC. Scell refers to a state in which the UE performs a radio resource control (RRC) connection establishment process with the BS to establish an RRC connection between the UE and the BS, that is, after the UE is in the RRC_CONNECTED state. there is. Here, the RRC connection may mean a path through which the RRC of the UE and the RRC of the BS can exchange RRC messages with each other. The Scell may be configured to provide additional radio resources to the UE. According to the capabilities of the UE, the Scell may form a set of serving cells for the UE together with the Pcell. In the case of a UE in the RRC_CONNECTED state but carrier aggregation is not configured or does not support carrier aggregation, there is only one serving cell configured only as a Pcell.

The cell supports its own radio access technology. For example, transmission/reception according to LTE radio access technology (RAT) is performed on an LTE cell, and transmission/reception according to 5G RAT is performed on a 5G cell.

The carrier aggregation technique refers to a technique for aggregating and using a plurality of carriers having a system bandwidth smaller than a target bandwidth for broadband support. In that carrier aggregation performs downlink or uplink communication using a plurality of carrier frequencies each forming a system bandwidth (also referred to as a channel bandwidth), a basic frequency band divided into a plurality of orthogonal subcarriers is divided into one It is distinguished from OFDMA technology in which downlink or uplink communication is performed on a carrier frequency. For example, in the case of OFDMA or orthogonal frequency division multiplexing (OFDM), one frequency band having a constant system bandwidth is divided into a plurality of subcarriers having a predetermined subcarrier interval, and information/data is divided into the plurality of The frequency band to which the information/data is mapped is transmitted to a carrier frequency of the frequency band through frequency upconversion. In the case of radio carrier aggregation, frequency bands each having their own system bandwidth and carrier frequency may be used for communication at the same time, and each frequency band used for carrier aggregation may be divided into a plurality of subcarriers having a predetermined subcarrier interval. .

The 3GPP-based communication standard is an upper layer of the physical layer (eg, medium access control (MAC) layer, radio link control (RLC) layer, packet data convergence protocol ( protocol data convergence protocol (PDCP) layer, radio resource control (RRC) layer, service data adaptation protocol (SDAP), non-access layer (non-access stratum, NAS) layer) Defines downlink physical channels corresponding to resource elements carrying one piece of information and downlink physical signals corresponding to resource elements used by the physical layer but not carrying information originating from a higher layer . For example, a physical downlink shared channel (PDSCH), a physical broadcast channel (PBCH), a physical multicast channel (PMCH), a physical control format indicator channel (physical control) A format indicator channel (PCFICH) and a physical downlink control channel (PDCCH) are defined as downlink physical channels, and a reference signal and a synchronization signal are defined as downlink physical signals. A reference signal (RS), also referred to as a pilot, means a signal of a predefined special waveform that the BS and the UE know each other, for example, cell specific RS (RS), UE- UE-specific RS (UE-RS), positioning RS (PRS), channel state information RS (channel state information RS, CSI-RS), demodulation reference signal (DMRS) down Defined as link reference signals. On the other hand, the 3GPP-based communication standard supports uplink physical channels corresponding to resource elements carrying information originating from a higher layer, and resource elements used by the physical layer but not carrying information originating from a higher layer. Uplink physical signals are defined. For example, a physical uplink shared channel (PUSCH), a physical uplink control channel (PUCCH), and a physical random access channel (PRACH) are uplink physical channels. is defined, and a demodulation reference signal (DMRS) for an uplink control/data signal and a sounding reference signal (SRS) used for uplink channel measurement are defined.

In this specification, a physical downlink control channel (PDCCH) and a physical downlink shared channel (PDSCH) are physical layer downlink control information (DCI) and downlink data. It may mean a set of time-frequency resources to be carried or a set of resource elements, respectively. In addition, the physical uplink control channel (physical uplink control channel), the physical uplink shared channel (physical uplink shared channel, PUSCH) and the physical random access channel (physical random access channel) uplink control information of the physical layer (uplink control information , UCI), a set of time-frequency resources carrying uplink data and random access signals, or a set of resource elements, respectively. Hereinafter, when the UE transmits an uplink physical channel (eg, PUCCH, PUSCH, PRACH), it means that UCI, uplink data, or a random access signal is transmitted on the corresponding uplink physical channel or through the uplink physical channel. can When the BS receives the uplink physical channel, it may mean that it receives DCI, uplink data, or a random access signal on or through the corresponding uplink physical channel. When the BS transmits a downlink physical channel (eg, PDCCH, PDSCH), it is used in the same meaning as transmitting DCI or downlink data on a corresponding downlink physical channel or through a downlink physical channel. Receiving the downlink physical channel by the UE may mean receiving DCI or downlink data on or through the corresponding downlink physical channel.

In this specification, a transport block is a payload for a physical layer. For example, data given to a physical layer from an upper layer or a medium access control (MAC) layer is basically referred to as a transport block.

In the present specification, HARQ (Hybrid Automatic Repeat and reQuest) is a kind of error control method. HARQ acknowledgment (HARQ-ACK) transmitted through downlink is used for error control on uplink data, and HARQ-ACK transmitted through uplink is used for error control on downlink data. The transmitter performing the HARQ operation waits for acknowledgment (ACK) after transmitting data (eg, transport block, codeword). The receiving end performing the HARQ operation sends a positive acknowledgment (ACK) only when data is properly received, and sends a negative acknowledgment (negative ACK, NACK) when an error occurs in the received data. When the transmitting end receives the ACK, it can transmit (new) data, and when it receives the NACK, it can retransmit the data. After the BS transmits scheduling information and data according to the scheduling information, a time delay occurs until ACK/NACK is received from the UE and retransmission data is transmitted. Such a time delay is caused by a channel propagation delay and a time taken for data decoding/encoding. Therefore, when new data is transmitted after the current HARQ process is finished, a gap occurs in data transmission due to a time delay. Accordingly, a plurality of independent HARQ processes are used to prevent gaps in data transmission during the time delay period. For example, if there are 7 transmission occasions between the initial transmission and the retransmission, the communication device may operate 7 independent HARQ processes to perform data transmission without a gap. Utilizing a plurality of parallel HARQ processes, UL/DL transmission may be continuously performed while waiting for HARQ feedback for a previous UL/DL transmission.

In the present specification, channel state information (CSI) refers to information that can indicate the quality of a radio channel (or link) formed between the UE and the antenna port. CSI is a channel quality indicator (channel quality indicator, CQI), precoding matrix indicator (PMI), CSI-RS resource indicator (CSI-RS resource indicator, CRI), SSB resource indicator (SSB resource indicator, SSBRI) , may include at least one of a layer indicator (LI), a rank indicator (RI), and a reference signal received power (RSRP).

In this specification, frequency division multiplexing (FDM) may mean transmitting/receiving signals/channels/users in different frequency resources, and time division multiplexing (TDM) is It may mean transmitting/receiving signals/channels/users in different time resources.

In the present invention, frequency division duplex (FDD) refers to a communication method in which uplink communication is performed on an uplink carrier and downlink communication is performed on a downlink carrier linked to the uplink carrier, and time division Duplex (time division duplex, TDD) refers to a communication method in which uplink communication and downlink communication are performed by dividing time on the same carrier.

For background art, terms, abbreviations, etc. used in this specification, reference may be made to matters described in standard documents published before the present invention. For example, you can refer to the following documents:

3GPP LTE

- 3GPP TS 36.211: Physical channels and modulation

- 3GPP TS 36.212: Multiplexing and channel coding

- 3GPP TS 36.213: Physical layer procedures

- 3GPP TS 36.214: Physical layer; Measurements

- 3GPP TS 36.300: Overall description

- 3GPP TS 36.304: User Equipment (UE) procedures in idle mode

- 3GPP TS 36.306: User Equipment (UE) radio access capabilities

- 3GPP TS 36.314: Layer 2 - Measurements

- 3GPP TS 36.321: Medium Access Control (MAC) protocol

- 3GPP TS 36.322: Radio Link Control (RLC) protocol

- 3GPP TS 36.323: Packet Data Convergence Protocol (PDCP)

- 3GPP TS 36.331: Radio Resource Control (RRC) protocol

- 3GPP TS 36.413: S1 Application Protocol (S1AP)

- 3GPP TS 36.423: X2 Application Protocol (X2AP)

- 3GPPP TS 22.125: Unmanned Aerial System support in 3GPP; Stage 1

- 3GPP TS 23.303: Proximity-based services (Prose); Stage 2

- 3GPP TS 23.401: General Packet Radio Service (GPRS) enhancements for Evolved Universal Terrestrial Radio

Access Network (E-UTRAN) access

- 3GPP TS 23.402: Architecture enhancements for non-3GPP accesses

- 3GPP TS 23.286: Application layer support for V2X services; Functional architecture and information flows

- 3GPP TS 24.301: Non-Access-Stratum (NAS) protocol for Evolved Packet System (EPS); Stage 3

- 3GPP TS 24.302: Access to the 3GPP Evolved Packet Core (EPC) via non-3GPP access networks; Stage 3

- 3GPP TS 24.334: Proximity-services (ProSe) User Equipment (UE) to ProSe function protocol aspects; Stage 3

- 3GPP TS 24.386: User Equipment (UE) to V2X control function; protocol aspects; Stage 3

3GPP NR

- 3GPP TS 38.211: Physical channels and modulation

- 3GPP TS 38.212: Multiplexing and channel coding

- 3GPP TS 38.213: Physical layer procedures for control

- 3GPP TS 38.214: Physical layer procedures for data

- 3GPP TS 38.215: Physical layer measurements

- 3GPP TS 38.300: NR and NG-RAN Overall Description

- 3GPP TS 38.304: User Equipment (UE) procedures in idle mode and in RRC inactive state

- 3GPP TS 38.321: Medium Access Control (MAC) protocol

- 3GPP TS 38.322: Radio Link Control (RLC) protocol

- 3GPP TS 38.323: Packet Data Convergence Protocol (PDCP)

- 3GPP TS 38.331: Radio Resource Control (RRC) protocol

- 3GPP TS 37.324: Service Data Adaptation Protocol (SDAP)

- 3GPP TS 37.340: Multi-connectivity; Overall description

- 3GPP TS 23.501: System Architecture for the 5G System

- 3GPP TS 23.502: Procedures for the 5G System

- 3GPP TS 23.503: Policy and Charging Control Framework for the 5G System; Stage 2

- 3GPP TS 24.501: Non-Access-Stratum (NAS) protocol for 5G System (5GS); Stage 3

- 3GPP TS 24.502: Access to the 3GPP 5G Core Network (5GCN) via non-3GPP access networks

- 3GPP TS 24.526: User Equipment (UE) policies for 5G System (5GS); Stage 3

Provision of limited local operator services allows UEs to access operators who are not authenticated and provide limited local operator services. This need is covered by CFR Chapter 47 B, Part 20, Section 20.3, and CFR, Chapter 47, Chapter 47, Part 1, Chapter 20, Chapter 20, Chapter 20, Section 12 (Resale and Roaming). Based on specified US FCC rules.

The ability to access restricted area operator services as mandated by the FCC may be used to provide access to other operator specific restricted area operator services. The service itself is outside the scope of 3GPP. Access to certain local services is entirely under the operator's control. The local service set may be specified by the operator so that no other services are allowed for these UEs. Three examples of limited local operator services are:

A limited local operator service can support a variety of use cases. The first example is the temporary manual roaming use case. The end user moves to an area where their home operator does not have a roaming agreement with a local service provider. End-users may contact their local service provider's roaming care services to temporarily arrange services in their area. End Users may not access other Services until this Agreement has been established.

Another example of limited local operator service is customer care for subscribers who have questions about their subscription. In this case, the end user can access the customer service center of the business operator. The customer care center service can answer questions about the end user.

A third example of limited local operator service is access to local service by an unlocked UE that contacts a customer subscription center to initiate a subscription with a network operator. In this case, the UE cannot be authenticated in any network until a subscription with the local service provider is established.

Operators may choose to provide access to a specific set of limited local operator services. Operators may choose to allow unauthenticated UEs to access these restricted local operator services.

The ability to provide access to such limited regional operator services was exclusively available to U.S. operators. However, the widespread deployment of LTE and the corresponding introduction of VoLTE put a need for a standardized mechanism for UEs to access these limited local operator services (eg dialing certain numeric strings, accessing captive portals) without being successfully authenticated for access. causes Today, the leading provider of these services handles more than 23 million local service attempts per month, indicating widespread use of the feature.

Note: In the use cases covered below, local services are not specific to the described access mechanism. Different access mechanisms can be applied to local services.

RLOS support

Limited local operator service is an optional feature supported in certain countries. The service requirements for limited local operator services are defined in TS 22.101 [80], and the structural requirements are defined in TS 23.221 [27].

Access to restricted local operator services may be granted to UEs in restricted service state by the service network according to local regulations and operator policies. The UE may enter the restricted service state specified in clause 4.3.12.1.

RLOS is requested by the UE based on the user's explicit request. When connecting to the network to access the RLOS, the UE shall send a NAS RLOS indication to the MME, and the MME shall proceed with the RLOS attachment procedure described in clause 5.3.2.1. A specific RLOS-APN is configured uniquely to the PLMN.

Granting access to RLOS is completely under the control of the local operator. For example, EPC access to RLOS does not depend on whether the UE is authenticated or whether authentication succeeds or fails.

To provide access to limited local operator services, the MME is configured with MME RLOS configuration data applied to the RLOS PDN connection established by the MME upon UE request. The MME RLOS configuration data may include the RLOS APN used to derive the PDN GW, or the MME RLOS configuration data may include the PDN GW that is statically configured for the RLOS APN.

The UE in the restricted service state that wants to access the restricted local operator service determines that the cell supports the RLOS service through E-UTRAN through the broadcast indicator of the AS, and then indicates that the attach procedure is for accessing the RLOS. start Networks supporting limited local operator services provide access to these UEs regardless of whether authentication is performed for them and, if so, regardless of the authentication result. If the PLMN does not advertise support for RLOS, the UE SHOULD block an attempt to initiate it for RLOS.

Limited local operator service only applies to WB-E-UTRAN. The limited local operator service does not support the PDN connection, inter-RAT mobility and network triggered service request requested by the UE. For UEs connected for RLOS, handover between 3GPP and connections other than 3GPP is not supported. Location services do not apply to limited local operator services.

Note: For example, in a situation where E-UTRAN lacks resources, the E-UTRAN node may set a broadcast indicator accordingly to indicate that the cell's RLOS UE is not allowed.

Online charging is not active for RLOS APNs. For offline charging, the IMEI as well as the RLOS APN indication will be added to the charging history if available.

Reference model for regionally specialized operators

The same architecture as the emergency service specified above applies.

Mobility and Access Restrictions

Where access to restricted area operator services is supported, the mobility restrictions of clause 4.3.5.7 shall not apply to UEs receiving restricted area operator services. However, in the case of a UE connected to RLOS, the MME shall restrict movement to GERAN and UTRAN, and include GERAN and UTRAN in the handover restriction list.

Ability to select PDN GWs for limited local operator services

The same mechanisms as for emergency service specified in clause 4.3.12.4 apply with the following differences:

For limited local operator service, RLOS configuration data including RLOS APN is required for MME, but HRPD or WLAN handover does not apply.

QoS for limited local operator services

During the RLOS connection, the initial QoS value used to establish the RLOS PDN connection is obtained from the MME RLOS configuration data.

PCC for Limited Local Operator Services

Dynamic PCC based on the procedure described in TS 23.203 [6] can be used for UEs accessing limited local operator services including voice services. When establishing a PDN connection towards a PDN GW and a RLOS APN, according to clause 4.7.5, the PCRF provides QoS parameters to the PDN GW. This includes ARP values reserved for RLOS low-priority local operator services.

PCRF ensures that RLOS PDN connections are used only for limited local operator service RLOS IMS sessions. The PCRF rejects the IMS session established over the RLOS PDN connection if the AF (ie, P-CSCF) does not provide the PCRF with a RLOS indication.

IP address assignment

RLOS is provided by PLMN as a service. The UE and the PLMN must have compatible IP address versions to obtain a RLOS PDN connection. With the exception that the PDN GW associated with the RLOS APN must support PDN format IPv4 and PDN format IPv6, the IP address assignment of the Serving PLMN is provided in accordance with clause 5.3.1.

IMS-based RLOS (Limited Local Operator Services) support

Normal

This clause describes the functions required to support IMS-based Restricted Local Operator Services (RLOS). The RLOS service is an operator-owned service provided to the following subscribers:

- A roaming user is a roaming user who does not have a roaming agreement or cannot communicate with the roaming user's network.

- Roaming Users who are subscribers of another Operator for which the Local Operator has a roaming agreement for the IMS Service and the Limited Operator Local Service.

- Operator-owned subscribers roaming in a cell with limited service These subscribers may or may not have been successfully authenticated prior to roaming in a service-restricted cell.

Note: Operator restricted services may also be provided to subscribers of local operators roaming in unrestricted areas, but this is outside the scope of this.

RLOS is used only for outgoing services.

In this version of the specification, RLOS is defined only for users connected to the IMS via EPS (see TS 23.401 [70]);

rescue

To support RLOS, additional functions of P-CSCF, I-CSCF and S-CSCF are required as shown in the figure below. Additional functions can be built on to existing functions that support RLOS and non-RLOS IMS services. Optionally, a dedicated IMS node (P/I/S-CSCF) that supports only RLOS can be deployed.

Note: The architecture for roaming scenarios without an IMS-level roaming agreement (as defined in Annex W) does not apply to RLOS users accessing IMS.

IMS registration for RLOS access

RLOS IMS registration for roaming users (no roaming contract with home network)

As shown in Fig. 8, the registration procedure is as follows.

1. After the UE obtains an IP connection (as defined in TS 23.401 [70] for RLOS users), it performs periodic IMS registration, and includes an indication in the registration information indicating that it is a RLOS-related IMS registration.

2. P CSCF is a P-CSCF that supports RLOS. Upon receiving register information, the security check of Article Z.3.3 is selectively performed and based on operator policy. Based on the RLOS indication of the roaming user and registration information for which the subscriber does not have a roaming contract with the home network, the P-CSCF processes the RLOS user by sending the registration information to the S-CSCF configured in the P-CSCF.

Note: The P-CSCF ID for RLOS processing would have been sent to the UE during the attachment procedure including an explicit indication to access the RLOS.

If the S-CSCF responds with a 420 response, steps 3-8 apply.

3. S-CSCF receiving the Register information, based on the RLOS indication, if the subscriber is a roaming user according to the network configuration without roaming consent with the home network, and if the network supports GIBA, Send a 420 reply of the secondary value.

4. The P-CSCF forwards a response of 420 to the UE.

5. The UE initiates a new registration request and does not include an authorization header field.

6. The P-CSCF optionally performs RLOS APN verification in Article Z.3.3, and then sends the registration information to the S-CSCF assigned to the UE.

7. Upon receiving the registration information, the S-CSCF approves the registration, creates a temporary record for the UE not authenticated with the default service profile, and responds with 200 OK.

8. P-CSCF sends 200 OK to UE.

If the S-CSCF responds with a 403 response, steps 9-10 apply.

9. S-CSCF receiving the Register information responds with a 403 response according to the network configuration as well as the operator configuration (no support for GIBA) based on the subscriber being a roaming user without roaming consent with the home network based on the RLOS indication do. The S-CSCF creates a temporary registration record for an unauthenticated UE with a default service profile.

10. The P-CSCF sends a 403 response to the UE. The P-CSCF creates a temporary registration record for an unauthenticated UE, taking into account that the subscriber is a roaming user without roaming consent with the home network. The UE may initiate an IMS session.

RLOS IMS registered operator-owned subscribers and roaming users with roaming agreements with home networks

Roaming Users with IMS Services and Restricted Local Operator Services roaming agreements with carrier-owned subscribers or/or home networks must register for a new IMS as specified below to access IMS-based Restricted Local Operator Services when roaming in cells with limited services. should be performed In addition, the UE must also delete a valid IMS registration performed by the UE before roaming in a service-restricted cell.

IMS registration failed

As shown in FIG. 9 , the RLOS IMS registration procedure failure scenario is as follows.

1. After the UE obtains an IP connection (as defined in TS 23.401 [70] for RLOS users), it performs periodic IMS registration, and includes in the registration information an indication that this is a RLOS IMS-related registration.

2. P-CSCF is a P-CSCF that supports RLOS. It selectively receives register information and performs RLOS APN verification in Section Z.3.3 based on operator policy. The RLOS indication and the P-CSCF of which the subscriber is its subscriber sends the registration information to the I-CSCF.

NOTE 1: The P-CSCF ID for handling the RLOS would have been sent to the UE during the attachment procedure including an explicit indication to access the RLOS.

3. The I-CSCF queries the HSS for the subscriber S-CSCF. If the received S-CSCF does not support RLOS and the RLOS-related registration I-CSCF re-queries the HSS for the list of S-CSCFs and their functions. The I-CSCF shall use the returned S-CSCF function information to select an S-CSCF that supports RLOS.

Note 2: The S-CSCF assigned to a subscriber may be a non-expired, non-deleted previous registration or RLOS-related registration.

4. I-CSCF transmits register information to the selected S-CSCF.

5. S-CSCF gets authentication information from HSS.

6. The S-CSCF challenges the UE by sending a 401 reply.

7. The I-CSCF forwards the 401 response to the P-CSCF.

8. The P-CSCF forwards a 401 response to the UE.

9. The UE sends a new registration request including authentication information to the P-CSCF.

10. The P-CSCF optionally performs the RLOS APN verification of clause Z.3.3 based on the operator policy, and then transmits the registration information to the I-CSCF.

11. The I-CSCF queries the HSS for the subscriber S-CSCF and receives the S-CSCF name assigned to the UE. If the received S-CSCF does not support RLOS and the RLOS-related registration I-CSCF re-queries the HSS for the list of S-CSCFs and their functions. The I-CSCF shall use the returned S-CSCF function information to select an S-CFCF that supports RLOS.

12. I-CSCF transmits register information to the selected S-CSCF.

13. The S-CSCF verifies the authentication information received by the UE, but did not successfully authenticate the UE. Since this is a RLOS-related IMS registration, the S-CSCF creates a temporary "Unauthenticated Subscriber" registration record for the UE with the default service profile and responds with a 403 response.

14. The I-CSCF sends a 403 response to the P-CSCF.

15. The P-CSCF sends a 403 response to the UE, and creates a temporary "Unauthenticated Subscriber" registration record for the UE.

IMS registration successful

A successful IMS registration is identical to a failed registration with the following exceptions.

- The S-CSCF successfully authenticates the UE in step 12.

- The S-CSCF tags the UE registration record as successful in RLOS registration.

- The S-CSCF updates the HSS with the S-CSCF name assigned to the UE, and downloads and stores the UE profile from the HSS. This step is not performed in the previous case.

IMS-based RLOS session initiation

Clause 5.6.2 applies, including the following additional requirements:

- The UE shall include the RLOS indication in all outgoing sessions. The P-CSCF shall reject the initiating session without such an indication.

- The S-CSCF shall include the RLOS indication in the charging data related to the IMS session.

- The S-CSCF shall forward the session initiation request to the telephony application server. The telephony application server shall bypass the outgoing service for all successfully authenticated UEs. The telephony application server can be configured with a different policy (eg destination set) for all of the above registration cases based on the operator policy. The phone application server enforces these policies.

- Use your registered ID as your ID.

6 major issues

6.1 Introduction

This clause details the main issues identified with respect to the security aspects related to the PARLOS service. Each key issue defines the background of the issue, defines the threats associated with the issue, and proposes requirements to address the key issue.

6.2 Key Issue #1: Temporary Security Settings for PARLOS Sessions

When the UE requests a PARLOS connection to the PLMN, the UE may be unauthenticated or in a restricted service state. If the UE is not authenticated or is in limited service state, the serving PLMN will not obtain credentials for the UE from the HSS, and it may be impossible to establish regular NAS and AS contexts. If the NAS and AS security context are not established, the PLMN may not be able to secure NAS and AS communication. Therefore, in the case of a UE accessing the PARLOS portal, a normal procedure for establishing NAS and AS security is impossible. Please note that if the UE is successfully authenticated and the network has established the NAS and AS security context, the UE will not connect to the PARLOS portal for service.

In order to activate the service entered through PARLOS, the service PLMN may request certain personal information such as the user's name, the user's address or the location of the user who needs the service. For some services, the PLMN in service may also request your credit card information and charge you for the service. When such personal information is transferred, without adequate protection, eavesdroppers can eavesdrop on communications and identify users' personal information. In many countries, transmission of personal data over unprotected communication links is also prohibited by law.

Therefore, the transfer of this personal information to unprotected communication links is a security threat to the provision of PARLOS services. This needs to be addressed for the UE before providing the PARLOS service. Before the PARLOS service is activated, it is necessary to establish a temporary security context for the UE accessing the PRALOS portal.

6.2.2 Potential Security Threats

If the PARLOS service session is not secure, sensitive personal data such as the user's name, address, and credit card information can be stolen by the eaves dropper along with confidentiality and integrity protection.

6.2.3 Potential Security Requirements

At a minimum, it should be possible to establish end-to-end security at the application layer while the network and UE provide PARLOS services.

UE and MME shall protect NAS signaling for PARLOS service with integrity and confidentiality.

UE and eNB must protect AS signaling for PARLOS service with integrity and confidentiality.

6.3 Main Issue #2: Support for RLOS Access by Unauthenticated UEs Using EPC

6.3.1 Major Issues

A large number of malicious and unauthenticated UEs with RLOS connections can exhaust the network resources of the EPS network with additional signaling and traffic generation.

6.3.2 Potential Security Threats

An attacker could initiate a DoS attack on an EPS network by simply introducing a number of malicious UEs to initiate RLOS access to the network.

6.3.3 Potential security requirements

6.4 Key Issue #3: Permission to Use PARLOS Services.

6.4.1 Main Issues

When the user currently connects to the 4G or 5G network, it is clear that the serving network is authorized from the home network. However, if network authentication needs to be skipped, it can allow unauthorized networks to provide services to users. This allows an unauthorized network to be a man in the middle of any service being provided.

Setting up an unlicensed network is as easy as placing a fake base station by putting the network in a box that broadcasts its RLOS capabilities, while taking steps such as disrupting the existing cell and preventing the victim from attaching to the real network. This attack will not be limited to areas where manual roaming is required, but could be carried out anywhere.

6.4.2 Potential Security Threats

Unauthorized networks can exploit men in intermediate positions.

- The UE must obtain user consent for the use of PARLOS-based services. If the security risk is not sufficiently explained to the user as part of this interaction, the user is likely to be unaware of the security implications of the PARLOS-based service. The man in the middle will be able to use this to respond to PDN session attempts and access full communication.

- If the man in the middle is doing business in a place where the user expects to do manual roaming, the man in the middle may collect payment information and other information from the user.

6.4.3 Potential security requirements

The UE shall establish RLOS sessions only with authorized networks.

Note: User interaction is one possible solution to user awareness.

6.4 Key Issue #4: User perceptions of the use of PARLOS services.

6.4.1 Main Issues

When a user currently connects to a 4G or 5G network, the user or application of the UE may depend on:

3GPP Security

- 3GPP TS 33.51: Physical Channels and Modulation

- 3GPP TS 33.401: Physical Channels and Modulation

- 3GPP TS 33.303: Proximity Based Services (ProSe); security aspect

<5G usage scenario>

The three main requirement areas for 5G are (1) enhanced mobile broadband (eMBB) area, (2) massive machine type communication (mMTC) area, and (3) high reliability/ultra-low latency communication (URLLC; ultra-reliable and low latency communications). Some use cases may require multiple domains for optimization, while other use cases may focus on only one key performance indicator (KPI). 5G is to support these various use cases in a flexible and reliable way.

eMBB focuses on overall improvements in data rates, latency, user density, capacity and coverage of mobile broadband connections. eMBB aims for a throughput of around 10 Gbps. eMBB goes far beyond basic mobile internet access, covering rich interactive work, media and entertainment applications in the cloud or augmented reality. Data is one of the key drivers of 5G, and for the first time in the 5G era, we may not see dedicated voice services. In 5G, voice is simply expected to be processed as an application using the data connection provided by the communication system. The main causes of the increased traffic volume are the increase in content size and the increase in the number of applications requiring high data rates. Streaming services (audio and video), interactive video and mobile Internet connections will become more widely used as more devices connect to the Internet. Many of these applications require always-on connectivity to push real-time information and notifications to users. Cloud storage and applications are rapidly increasing in mobile communication platforms, which can be applied to both work and entertainment. Cloud storage is a special use case that drives the growth of uplink data rates. 5G is also used for remote work on the cloud, requiring much lower end-to-end latency to maintain a good user experience when tactile interfaces are used. In entertainment, for example, cloud gaming and video streaming are another key factor demanding improvements in mobile broadband capabilities. Entertainment is essential on smartphones and tablets anywhere, including in high-mobility environments such as trains, cars and airplanes. Another use example is augmented reality for entertainment and information retrieval. Here, augmented reality requires very low latency and instantaneous amount of data.

mMTC is designed to enable communication between a large number of low-cost devices powered by batteries and is intended to support applications such as smart metering, logistics, field and body sensors. mMTC is targeting a battery life of 10 years or so and/or a million devices per square kilometer. mMTC enables the seamless connection of embedded sensors in all fields to form a sensor network, and is one of the most anticipated 5G use cases. Potentially, by 2020, there will be 20.4 billion IoT devices. Smart networks leveraging industrial IoT is one of the areas where 5G will play a major role in enabling smart cities, asset tracking, smart utilities, agriculture and security infrastructure.

URLLC enables devices and machines to communicate very reliably, with very low latency and high availability, enabling autonomous vehicle-to-vehicle communication and control, industrial control, factory automation, mission-critical applications such as telesurgery and healthcare, smart grid and public Ideal for safety applications. URLLC aims for a delay on the order of 1 ms. URLLC includes new services that will transform industries through high-reliability/ultra-low-latency links such as remote control of critical infrastructure and autonomous vehicles. This level of reliability and latency is essential for smart grid control, industrial automation, robotics, and drone control and coordination.

Next, a plurality of usage examples included in the triangle of FIG. T will be described in more detail.

5G could complement fiber-to-the-home (FTTH) and cable-based broadband (or DOCSIS) as a means of delivering streams rated from hundreds of megabits per second to gigabits per second. Such a high speed may be required to deliver TVs with resolutions of 4K or higher (6K, 8K and higher) as well as virtual reality (VR) and augmented reality (AR). VR and AR applications almost include immersive sporting events. Certain applications may require special network settings. For VR games, for example, game companies may need to integrate core servers with network operators' edge network servers to minimize latency.

Automotive is expected to be an important new driving force for 5G, with many use cases for mobile communication to vehicles. For example, entertainment for passengers requires both high capacity and high mobile broadband. The reason is that future users continue to expect high-quality connections regardless of their location and speed. Another example of use in the automotive sector is augmented reality dashboards. The augmented reality contrast board allows drivers to identify objects in the dark above what they are seeing through the front window. The augmented reality dashboard superimposes information to inform the driver about the distance and movement of objects. In the future, wireless modules will enable communication between vehicles, information exchange between vehicles and supporting infrastructure, and information exchange between automobiles and other connected devices (eg, devices carried by pedestrians). Safety systems can lower the risk of accidents by guiding drivers through alternative courses of action to help them drive safer. The next step will be remote-controlled vehicles or autonomous vehicles. This requires very reliable and very fast communication between different autonomous vehicles and/or between vehicles and infrastructure. In the future, autonomous vehicles will perform all driving activities, allowing drivers to focus only on traffic anomalies that the vehicle itself cannot discern. The technological requirements of autonomous vehicles demand ultra-low latency and ultra-fast reliability to increase traffic safety to unattainable levels for humans.

Smart cities and smart homes, referred to as smart societies, will be embedded as high-density wireless sensor networks as examples of smart networks. A distributed network of intelligent sensors will identify conditions for keeping a city or house cost- and energy-efficient. A similar setup can be performed for each household. Temperature sensors, window and heating controllers, burglar alarms and appliances are all connected wirelessly. Many of these sensors typically require low data rates, low power and low cost. However, for example, real-time HD video may be required in certain types of devices for surveillance.

Wireless and mobile communications are becoming increasingly important in industrial applications. Wiring is expensive to install and maintain. Thus, the possibility of replacing cables with reconfigurable radio links is an attractive opportunity for many industries. Achieving this, however, requires that wireless connections operate with similar delays, reliability and capacity as cables, and that their management is simplified. Low latency and very low error probability are new requirements that need to be connected with 5G.

Logistics and freight tracking are important use cases for mobile communications that use location-based information systems to enable tracking of inventory and packages from anywhere. Logistics and freight tracking use cases typically require low data rates but require wide range and reliable location information.

Hereinafter, an apparatus to which the present invention can be applied will be described.

Referring to FIG. 10 , a wireless communication system may include a first device 9010 and a second device 9020 .

The first device 9010 includes a base station, a network node, a transmitting terminal, a receiving terminal, a wireless device, a wireless communication device, a vehicle, a vehicle equipped with an autonomous driving function, a connected car, a drone (Unmanned Aerial Vehicle, UAV), Artificial Intelligence (AI) Module, Robot, AR (Augmented Reality) Device, VR (Virtual Reality) Device, MR (Mixed Reality) Device, Hologram Device, Public Safety Device, MTC Device, IoT Device, Medical Device, Pin It may be a tech device (or financial device), a security device, a climate/environment device, a device related to 5G services, or other devices related to the 4th industrial revolution field.

The second device 9020 includes a base station, a network node, a transmitting terminal, a receiving terminal, a wireless device, a wireless communication device, a vehicle, a vehicle equipped with an autonomous driving function, a connected car, a drone (Unmanned Aerial Vehicle, UAV), Artificial Intelligence (AI) Module, Robot, AR (Augmented Reality) Device, VR (Virtual Reality) Device, MR (Mixed Reality) Device, Hologram Device, Public Safety Device, MTC Device, IoT Device, Medical Device, Pin It may be a tech device (or financial device), a security device, a climate/environment device, a device related to 5G services, or other devices related to the 4th industrial revolution field.

For example, the terminal includes a mobile phone, a smart phone, a laptop computer, a digital broadcasting terminal, personal digital assistants (PDA), a portable multimedia player (PMP), a navigation system, a slate PC, and a tablet. PC (tablet PC), ultrabook (ultrabook), wearable device (wearable device, for example, a watch-type terminal (smartwatch), glass-type terminal (smart glass), HMD (head mounted display), etc. may be included. . For example, the HMD may be a display device worn on the head. For example, an HMD may be used to implement VR, AR or MR.

For example, the drone may be a flying vehicle that does not have a human and flies by a wireless control signal. For example, the VR device may include a device that implements an object or a background of a virtual world. For example, the AR device may include a device implemented by connecting an object or background of the virtual world to an object or background of the real world. For example, the MR device may include a device that implements a virtual world object or background by fusion with a real world object or background. For example, the hologram device may include a device for realizing a 360-degree stereoscopic image by recording and reproducing stereoscopic information by utilizing an interference phenomenon of light generated by the meeting of two laser beams called holography. For example, the public safety device may include an image relay device or an image device that can be worn on a user's body. For example, the MTC device and the IoT device may be devices that do not require direct human intervention or manipulation. For example, the MTC device and the IoT device may include a smart meter, a bending machine, a thermometer, a smart light bulb, a door lock, or various sensors. For example, a medical device may be a device used for the purpose of diagnosing, treating, alleviating, treating, or preventing a disease. For example, a medical device may be a device used for the purpose of diagnosing, treating, alleviating or correcting an injury or disorder. For example, a medical device may be a device used for the purpose of examining, replacing, or modifying structure or function. For example, the medical device may be a device used for the purpose of controlling pregnancy. For example, the medical device may include a medical device, a surgical device, an (ex vivo) diagnostic device, a hearing aid, or a device for a procedure. For example, the security device may be a device installed to prevent a risk that may occur and maintain safety. For example, the security device may be a camera, CCTV, recorder or black box. For example, the fintech device may be a device capable of providing financial services such as mobile payment. For example, the fintech device may include a payment device or a Point of Sales (POS). For example, the climate/environment device may include a device for monitoring or predicting the climate/environment.

The first device 9010 may include at least one or more processors such as a processor 9011 , at least one memory such as a memory 9012 , and at least one transceiver such as a transceiver 9013 . The processor 9011 may perform the functions, procedures, and/or methods described above. The processor 9011 may perform one or more protocols. For example, the processor 9011 may perform one or more layers of an air interface protocol. The memory 9012 is connected to the processor 9011 and may store various types of information and/or commands. The transceiver 9013 may be connected to the processor 9011 and controlled to transmit/receive a wireless signal.

The second device 9020 may include at least one processor such as a processor 9021 , at least one memory device such as a memory 9022 , and at least one transceiver such as a transceiver 9023 . The processor 9021 may perform the functions, procedures, and/or methods described above. The processor 9021 may implement one or more protocols. For example, the processor 9021 may implement one or more layers of an air interface protocol. The memory 9022 is connected to the processor 9021 and may store various types of information and/or commands. The transceiver 9023 may be connected to the processor 9021 and may be controlled to transmit/receive a wireless signal.

The memory 9012 and/or the memory 9022 may be respectively connected inside or outside the processor 9011 and/or the processor 9021 , and may be connected to another processor through various technologies such as wired or wireless connection. may be connected to

The first device 9010 and/or the second device 9020 may have one or more antennas. For example, antenna 9014 and/or antenna 9024 may be configured to transmit and receive wireless signals.

In particular, in FIG. 11 , when the base station is divided into a central unit (CU) and a distributed unit (DU), it is a diagram illustrating the network node of FIG. 10 in more detail.

Referring to FIG. 11 , base stations W20 and W30 may be connected to the core network W10 , and the base station W30 may be connected to a neighboring base station W20 . For example, the interface between the base stations W20 and W30 and the core network W10 may be referred to as NG, and the interface between the base station W30 and the neighboring base station W20 may be referred to as Xn.

The base station W30 may be divided into CUs W32 and DUs W34 and W36. That is, the base station W30 may be hierarchically separated and operated. The CU W32 may be connected to one or more DUs W34 and W36, for example, an interface between the CU W32 and the DUs W34 and W36 may be referred to as F1. The CU (W32) may perform functions of upper layers of the base station, and the DUs (W34, W36) may perform functions of lower layers of the base station. For example, the CU W32 is a radio resource control (RRC), service data adaptation protocol (SDAP), and packet data convergence protocol (PDCP) layer of a base station (eg, gNB) hosting a logical node (logical node) , and the DUs W34 and W36 may be logical nodes hosting radio link control (RLC), media access control (MAC), and physical (PHY) layers of the base station. Alternatively, the CU W32 may be a logical node hosting the RRC and PDCP layers of the base station (eg, en-gNB).

The operation of the DUs W34 and W36 may be partially controlled by the CU W32. One DU (W34, W36) may support one or more cells. One cell can be supported by only one DU (W34, W36). One DU (W34, W36) may be connected to one CU (W32), and by appropriate implementation, one DU (W34, W36) may be connected to a plurality of CUs.

In particular, FIG. 12 is a diagram illustrating the terminal of FIG. 10 in more detail.

12 , the terminal includes a processor (or a digital signal processor (DSP) (Y10), an RF module (or an RF unit) (Y35), and a power management module (Y05). ), antenna (Y40), battery (Y55), display (Y15), keypad (Y20), memory (Y30), SIM card (SIM (Subscriber Identification Module) ) card) (Y25) (this configuration is optional), a speaker (Y45) and a microphone (Y50) may be included. The terminal may also include a single antenna or multiple antennas. can

The processor Y10 implements the functions, processes and/or methods proposed above. The layer of the air interface protocol may be implemented by the processor Y10.

The memory Y30 is connected to the processor Y10 and stores information related to the operation of the processor Y10. The memory Y30 may be inside or outside the processor Y10, and may be connected to the processor Y10 by various well-known means.

The user inputs command information such as a phone number by, for example, pressing (or touching) a button of the keypad Y20 or by voice activation using the microphone Y50. The processor Y10 receives such command information and processes it to perform an appropriate function, such as making a call to a phone number. Operational data may be extracted from the SIM card Y25 or the memory Y30. In addition, the processor Y10 may display command information or driving information on the display Y15 for the user to recognize and for convenience.

The RF module Y35 is connected to the processor Y10 to transmit and/or receive RF signals. The processor Y10 transmits command information to the RF module Y35 to transmit, for example, a radio signal constituting voice communication data to initiate communication. The RF module Y35 includes a receiver and a transmitter to receive and transmit a radio signal. The antenna Y40 functions to transmit and receive radio signals. When receiving a wireless signal, the RF module Y35 may forward the signal and convert the signal to baseband for processing by the processor Y10. The processed signal may be converted into audible or readable information output through the speaker Y45.

The embodiments described above are those in which elements and features of the present invention are combined in a predetermined form. Each component or feature should be considered optional unless explicitly stated otherwise. Each component or feature may be implemented in a form that is not combined with other components or features. It is also possible to configure embodiments of the present invention by combining some elements and/or features. The order of operations described in the embodiments of the present invention may be changed. Some features or features of one embodiment may be included in another embodiment, or may be replaced with corresponding features or features of another embodiment. It is apparent that claims that are not explicitly cited in the claims can be combined to form an embodiment or included as a new claim by amendment after filing.

Embodiments according to the present invention may be implemented by various means, for example, hardware, firmware, software, or a combination thereof. In the case of implementation by hardware, an embodiment of the present invention provides one or more application specific integrated circuits (ASICs), digital signal processors (DSPs), digital signal processing devices (DSPDs), programmable logic devices (PLDs), FPGAs ( field programmable gate arrays), a processor, a controller, a microcontroller, a microprocessor, and the like.

In the case of implementation by firmware or software, an embodiment of the present invention may be implemented in the form of a module, procedure, function, etc. that perform the functions or operations described above. The software code may be stored in the memory and driven by the processor. The memory may be located inside or outside the processor, and may transmit/receive data to and from the processor by various well-known means.

The radio interface protocol is based on the 3GPP radio access network standard. The radio interface protocol is horizontally composed of a physical layer, a data link layer, and a network layer, and vertically a user plane for data information transmission and control. It is divided into a control plane for signal transmission.

The protocol layers are L1 (first layer), L2 (second layer), and L3 (third layer) based on the lower three layers of the Open System Interconnection (OSI) reference model widely known in communication systems. ) can be distinguished.

Hereinafter, each layer of the control plane shown in FIG. 13 will be described.

The first layer, the physical layer, provides an information transfer service using a physical channel. The physical layer is connected to an upper medium access control layer through a transport channel, and data between the medium access control layer and the physical layer is transmitted through the transport channel. And, data is transferred between different physical layers, that is, between the physical layers of the transmitting side and the receiving side through a physical channel.

A physical channel consists of several subframes on the time axis and several sub-carriers on the frequency axis. Here, one sub-frame is composed of a plurality of symbols and a plurality of sub-carriers on the time axis. One subframe is composed of a plurality of resource blocks (Resource Block), and one resource block is composed of a plurality of symbols and a plurality of subcarriers. A Transmission Time Interval (TTI), which is a unit time for data transmission, is 1 ms corresponding to one subframe.

According to 3GPP LTE, the physical channels existing in the physical layer of the transmitting side and the receiving side are a data channel, a Physical Downlink Shared Channel (PDSCH) and a PUSCH (Physical Uplink Shared Channel), and a control channel, a Physical Downlink Control Channel (PDCCH), It can be divided into a Physical Control Format Indicator Channel (PCFICH), a Physical Hybrid-ARQ Indicator Channel (PHICH), and a Physical Uplink Control Channel (PUCCH).

The PCFICH transmitted in the first OFDM symbol of the subframe carries a control format indicator (CFI) regarding the number of OFDM symbols used for transmission of control channels in the subframe (ie, the size of the control region). The wireless device first receives the CFI on the PCFICH and then monitors the PDCCH.

Unlike the PDCCH, the PCFICH does not use blind decoding and is transmitted through a fixed PCFICH resource of a subframe.

The PHICH carries a positive-acknowledgement (ACK)/negative-acknowledgement (NACK) signal for a UL hybrid automatic repeat request (HARQ). An ACK/NACK signal for UL (uplink) data on a PUSCH transmitted by a wireless device is transmitted on a PHICH.

The PBCH (Physical Broadcast Channel) is transmitted in the preceding four OFDM symbols of the second slot of the first subframe of the radio frame. The PBCH carries system information essential for a wireless device to communicate with a base station, and the system information transmitted through the PBCH is called a master information block (MIB). In comparison, system information transmitted on the PDSCH indicated by the PDCCH is referred to as a system information block (SIB).

PDCCH is a resource allocation and transmission format of a downlink-shared channel (DL-SCH), resource allocation information of an uplink shared channel (UL-SCH), paging information on the PCH, system information on the DL-SCH, random access transmitted on the PDSCH Resource allocation of a higher layer control message such as a response, a set of transmission power control commands for individual UEs in an arbitrary UE group, and activation of voice over internet protocol (VoIP) may be carried. A plurality of PDCCHs may be transmitted in the control region, and the UE may monitor the plurality of PDCCHs. The PDCCH is transmitted on an aggregation of one or several consecutive control channel elements (CCEs). The CCE is a logical allocation unit used to provide the PDCCH with a coding rate according to the state of a radio channel. The CCE corresponds to a plurality of resource element groups. The format of the PDCCH and the possible number of bits of the PDCCH are determined according to the correlation between the number of CCEs and the coding rates provided by the CCEs.

Control information transmitted through the PDCCH is referred to as downlink control information (DCI). DCI is a PDSCH resource allocation (this is also called a DL grant (downlink grant)), PUSCH resource allocation (this is also called a UL grant (uplink grant)), a set of transmit power control commands for individual UEs in an arbitrary UE group and/or activation of Voice over Internet Protocol (VoIP).

In the second layer, there are several layers. First, the Medium Access Control (MAC) layer serves to map various logical channels to various transport channels, and is also a logical channel multiplexing layer that maps multiple logical channels to one transport channel. play a role The MAC layer is connected to the RLC layer, which is the upper layer, by a logical channel, and the logical channel is largely divided into a control channel that transmits information in the control plane and a control channel according to the type of transmitted information. It is divided into a traffic channel that transmits user plane information.

The radio link control (RLC) layer of the second layer divides and concatenates the data received from the upper layer to adjust the data size so that the lower layer is suitable for data transmission in the radio section perform the role In addition, in order to ensure various QoS required by each radio bearer (RB), TM (Transparent mode, transparent mode), UM (Un-acknowledged mode, no response mode), and AM (Acknowledged mode, It provides three operation modes of response mode). In particular, the AM RLC performs a retransmission function through an automatic repeat and request (ARQ) function for reliable data transmission.

The packet data convergence protocol (PDCP) layer of the second layer is a relatively large IP containing unnecessary control information in order to efficiently transmit an IP packet such as IPv4 or IPv6 in a wireless section with a small bandwidth. It performs a header compression function that reduces the packet header size. This serves to increase the transmission efficiency of the radio section by transmitting only necessary information in the header part of the data. In addition, in the LTE system, the PDCP layer also performs a security function, which is composed of encryption (Ciphering) to prevent data interception by a third party and integrity protection (Integrity protection) to prevent data manipulation by a third party.

The Radio Resource Control (RRC) layer located at the uppermost part of the third layer is defined only in the control plane, and sets (setup), reconfiguration (Re) of radio bearers (Radio Bearer; abbreviated as RB). -Responsible for controlling logical channels, transport channels and physical channels in relation to setting) and release. In this case, the RB means a service provided by the second layer for data transfer between the UE and the E-UTRAN.

When there is an RRC connection between the RRC of the terminal and the RRC layer of the radio network, the terminal is in the RRC connected state (Connected mode), otherwise it is in the RRC idle state (Idle mode).

Hereinafter, an RRC state of the UE and an RRC connection method will be described. The RRC state refers to whether or not the RRC of the UE is logically connected to the RRC of the E-UTRAN. If it is connected, it is called an RRC_CONNECTED state, and if it is not connected, it is called an RRC_IDLE state. Since the UE in the RRC_CONNECTED state has an RRC connection, the E-UTRAN can determine the existence of the UE on a cell-by-cell basis, and thus can effectively control the UE. On the other hand, for the UE in the RRC_IDLE state, the E-UTRAN cannot detect the UE's existence, and the core network manages it in a tracking area (TA) unit larger than the cell. That is, the UE in the RRC_IDLE state only detects whether the UE exists in a larger regional unit than the cell, and in order to receive a normal mobile communication service such as voice or data, the UE must transition to the RRC_CONNECTED state. Each TA is identified through a tracking area identity (TAI). The UE may configure the TAI through a tracking area code (TAC), which is information broadcast in a cell.

When the user turns on the terminal for the first time, the terminal searches for an appropriate cell, establishes an RRC connection in the cell, and registers the terminal information in the core network. After this, the UE stays in the RRC_IDLE state. The terminal staying in the RRC_IDLE state selects (re-)selects a cell as needed, and examines system information or paging information. This is called Camping on the cell. When the UE that stayed in the RRC_IDLE state needs to establish an RRC connection, it establishes an RRC connection with the RRC of the E-UTRAN through an RRC connection procedure and transitions to the RRC_CONNECTED state. There are several cases in which the terminal in the RRC_IDLE state needs to establish an RRC connection. For example, when uplink data transmission is required due to a user's call attempt, or when a paging signal is received from the E-UTRAN. and sending a response message to it.

The NAS (Non-Access Stratum) layer performs functions such as session management and mobility management.

Hereinafter, the NAS layer shown in FIG. 13 will be described in detail.

The NAS layer is divided into a NAS entity for MM (Mobility Management) and a NAS entity for SM (Session Management).

1) The NAS entity for MM provides the following general functions.

NAS procedures related to AMF, including the following.

- Registration management and access management procedures. AMF supports the following functions.

- Secure NAS signal connection between UE and AMF (integrity protection, encryption)

2) The NAS entity for SM performs session management between the UE and the SMF.

SM signaling messages are processed, ie, generated and processed in the NAS-SM layer of the UE and SMF. The content of the SM signaling message is not interpreted by the AMF.

- In case of SM signaling transmission,

- The NAS entity for MM creates a NAS-MM message that derives how and where to forward the SM signaling message with a security header indicating the NAS transmission of the SM signaling, additional information about the receiving NAS-MM.

- Upon reception of SM signaling, the NAS entity for SM performs an integrity check of the NAS-MM message, and interprets additional information to derive a method and a place to derive the SM signaling message.

Meanwhile, in FIG. 13 , the RRC layer, the RLC layer, the MAC layer, and the PHY layer located below the NAS layer are collectively referred to as an access layer (Access Stratum: AS).

Examples of the present specification

A separate RLOS security server is used to check whether the UE is connected to a normal 3GPP network. A general user account must exist on this server (User ID and Password, etc.), and the UE securely stores the server certificate and URL from this server (it must be stored in a secure space in the USIM and ME).

A procedure for confirming the 3GPP network accessed by the UE to receive the RLOS service is shown in FIG. 14 .

An attach or registration procedure for RLOS is performed between the UE and the 3GPP system (refer to 3GPP TS 23.401, TS 23.228, etc.). By including the URL of the RLOS Security Server as an option, you can check whether access to the server is possible.

First, in step 1., the UE has a Serving network ID, a UE ID (IMSI if there is IMSI, IMEI depending on settings or not), User ID of the RLOS security server account, Cell ID, and location information obtained through GPS, etc. , the current date and time, and the randomly generated nonce are all encrypted with the public key of the RLOS security server received in advance and transmitted to the RLOS security server. Public key cryptography can use well-known secure algorithms such as RSA and ECIES. The RLOS security server decrypts the encrypted data with the private key corresponding to the public key.

In step 2., optionally, the RLOS security server requests a location inquiry along with the UE ID to the 3GPP network that delivered the data in step 2.

In step 3., optionally, the 3GPP network retrieves the UE ID from the list of subscribers temporarily created without authentication for RLOS, inquires which cell or region the UE is currently registered in, and returns the information to the RLOS security server. do.

In step 4., the RLOS security server checks whether the location information received from the 3GPP network matches the location information received from the UE.

In step 5, the RLOS security server succeeds in decrypting in step 2, and if the time is within the specified range with the current time, the UE ID, the current time, and the low significant bits half of the nonce received from the UE are used for signing. Signed with the private key and delivered to the UE (the corresponding certificate must have been delivered to the UE in advance). If the location information inquiry of 3 or 4 is selectively performed, the signed value is transmitted to the UE only when the location information matches, and if the location information does not match, a failure result is transmitted.

In step 6., the UE checks whether the signed value matches the values and the current time delivered in step 2, and whether the signature is correct. If all verification is completed normally, the 3GPP network providing the RLOS has a network ID and a cell ID. It can be seen that is correct. If not, it may be connected to the 3GPP network spoofed for attack, so the RLOS connection is stopped.

The procedure of FIG. 14 assumes that the connection to the 3GPP network for the RLOS service is once completed, and as shown in FIG. 15, it is also possible to perform step 2 of FIG. 14 from the time when uplink data can be used for the first time. .

After the UE obtains IP connectivity, during the registration procedure with the P-SCSF (step 1), during the policy check with the PCRF, the permission of accessing the RLOS security server URL is checked (step 2), and if there is no problem here It connects to an external network through I-SCSF and performs the procedure shown in Figs. 14 or 15 through the RLOS security server (steps 3 to 11).

In addition, the user's personal questions and answers are stored in the RLOS security server in order to directly obtain the user's confidence without relying solely on the UE device. For example, the questions are "Where did you first enter the elementary school?", "The second overseas travel destination?" It is more preferable if it is information that cannot be known from general personal details such as. It is more preferable to register questions and answers in a device other than the UE (eg, other UE or PC), and store only the questions in a way that transmits only questions to devices that will use RLOS. The procedure for storing questions in the device may be possible, for example, by accessing and downloading the one-time URL provided by the RLOS security server from the device.

17 illustrates a procedure for confirming the 3GPP Network and Security Server for the RLOS service of the UE according to the present specification. A procedure for confirming a 3GPP network accessed by the UE to receive the RLOS service is shown in FIG. 17 .

In step 1, an attach or registration procedure for RLOS is performed between the UE and the 3GPP system (refer to 3GPP TS 23.401, TS 23.228, etc.). By including the URL of the RLOS Security Server as an option, you can check whether access to the server is possible.

In step 2, the UE has a Serving network ID, a UE ID (IMSI if there is an IMSI, or IMEI depending on the setting), User ID of the RLOS security server account, Cell ID, location information obtained through GPS, etc., current date and time, the randomly generated nonce, and the personal information question selected by the user are all encrypted with the public key of the RLOS security server received in advance and sent to the RLOS security server. Public key cryptography can use well-known secure algorithms such as RSA and ECIES. The RLOS security server decrypts the encrypted data with the private key corresponding to the public key. A personal information question may be a sentence of the question itself, or this code if a code has been previously assigned to the questions by the RLOS security server (simply, it may be a sequence number indicating the sequence) .

19 shows the procedure for selecting these personalized questions.

In addition, FIG. 20 shows a screen in which the user can confirm the procedure for connecting to the RLOS security server to confirm the 3GPP network and the RLOS security server and to stop if necessary.

In step 3, optionally, the RLOS security server requests a location inquiry along with the UE ID to the 3GPP network that delivered the data in step 2.

In step 4, optionally, the 3GPP network retrieves the UE ID from the list of subscribers temporarily created for RLOS without authentication, inquires which cell or region the UE is currently registered in, and returns the information to the RLOS security server. .

In step 5, the RLOS security server checks whether the location information received from the 3GPP network matches the location information received from the UE.

In step 6, the RLOS security server succeeds in decrypting in step 2, and if the time is within a predetermined range with the current time, the UE ID, the current time, and the lower (low significant bits) half of the nonce received from the UE, and the individual The answer to the information question is signed with the private key for signing and delivered to the UE (the corresponding certificate must be delivered to the UE in advance). If the location information inquiry of 3 or 4 is selectively performed, the signed value is transmitted to the UE only when the location information matches, and if the location information does not match, a failure result is transmitted. In addition, if you want to prevent leakage and collection of answers to questions in personal information, it is also possible to include only the results of answers through a well-known secure hash algorithm.

In step 7, the UE checks whether the signed value matches the values and the current time transmitted in step 2, and whether the signature is correct. Also, check that the answers to the questions you have chosen are correct.

21 shows a screen in which the user directly confirms such an answer. As shown in FIG. 21 , if the answers do not match, the UE may stop the RLOS service connection. In case the answer comes as a hash result value instead of as text, the user enters the answer and hashes it, compares it with the signed hash value and checks if it matches. If all checks are completed normally, it can be seen that the network ID and cell ID of the 3GPP network providing RLOS are correct.

22 shows a case in which a match is checked through a user input of an answer with respect to a case in which an answer comes as a code. If not, it may be connected to the 3GPP network spoofed for attack, so the RLOS connection is stopped.

As shown in FIG. 22 , the UE may display 3GPP network verification through the RLOS server and

verification results

2201 and 2202 of the security server through the display. In the case of FIG. 22 , the answer to the security question is passed to the code to indicate the UE to compare with the user input.

By checking the answers to the questions set in advance by the user in the procedure of FIG. 17, the user can directly check whether at least the connection to the RLOS security server is connected to the RLOS security server, in addition to checking the 3GPP network, without completely relying on the verification procedure on the UE device. .

As another method, a procedure for 3GPP network verification without maintaining a public key structure with the RLOS security server is shown in FIG. 18 .

According to FIG. 18 , instead of the public key, the user directly checks whether the password registered by the RLOS security server matches, and the server can check the 3GPP network instead of the user. The procedure is specifically as follows.

In step 2, the UE has a Serving network ID, a UE ID (IMSI if there is an IMSI, or IMEI depending on the setting), User ID of the RLOS security server account, Cell ID, location information obtained through GPS, etc., current date and time, and randomly generated nonce1 are delivered to the RLOS security server. When passing, all these values are passed through the secure hash algorithm and the values are also transmitted. In addition, for user verification of the RLOS security server in the absence of a public key, the user enters the pre-registered password for the RLOS security server, and passes the hash result value along with nonce1.

In step 6, when the time received in step 2 is within a predetermined range with the current time, and optionally, when the location information obtained in steps 3 to 4 matches the value delivered in step 2 or is within a valid range , hash by adding nonce1 received in step 2 to the value to which hash is applied by combining with random nonce2, which is the storage type of password stored by the user when registering password in the RLOS security server in advance. As a result, the value, nonce1, and time are signed and delivered to the UE. In addition, nonce 2 and newly randomly generated nonce3 are signed and delivered.

In step 7, the hash is applied again to the nonce2 received by the UE, along with the value to which the hash is applied along with the password, and the nonce1 and time transmitted in 2, and check whether the result matches the received value. If they match, the RLOS security server has the registered password, and it can be regarded as confirming the 3GPP network.

23 , the UE may display a screen 2301 for receiving a user input of a password to confirm the RLOS security server, and display a result 2302 of checking whether the server's password storage value matches. there is.

In step 8, (optional) if it is confirmed as a normal value to match in step 7, the UE applies the hash with the nonce2 received in step 7 to the password, and hashes it with the nonce3 again to the RLOS security server transmit

In step 9, (optional) the RLOS security server hashes the stored password and the hash of nonce2 by combining nonce3, and checks whether the result matches the value received from the UE in step 8, and checks whether the UE is correct. to complete the procedure.

Steps 8 to 9 of FIG. 18 are additional measures for the RLOS security server to check whether the UE has correctly entered the pre-registered password from the user. If these values do not match, the 3GPP network has a security problem with the UE. and take measures against possible password theft for the user.

19 illustrates a screen for querying RLOS security question selection in accordance with this specification.

As shown in FIG. 19 , the UE via display 1901 "Choose a RLOS security question." And a plurality of questions may be displayed as a button.

20 shows a screen showing a process of connecting a RLOS security server according to the present specification.

As shown in FIG. 20 , the UE via the display 2001 "Connecting to the RLOS security server, URL: https://a.b.c." and a "Cancel" button.

First, the UE may perform a RLOS connection procedure to the network (2401).

Subsequently, the UE may transmit an authentication request including connection state information between the UE and the network to a server in which information related to a user account of the UE is stored ( S2403 ).

Then, the UE may receive an authentication response including authentication information for the network generated by the server based on the connection state information from the server (S2405).

Subsequently, the UE may display the RLOS security question through the display, and obtain an answer to the RLOS security question from the user through the display (S2407).

Then, the UE may determine the authenticity of the network based on the answer and authentication information (S2409). Here, the authentication information is generated based on a result of comparing the first location information of the UE obtained from the network and the second location information of the UE included in the connection state information.

Here, the wireless communication technology implemented in the wireless device 100 of the present specification may include a narrowband Internet of Things for low-power communication as well as LTE, NR, and 6G. At this time, for example, NB-IoT technology may be an example of LPWAN (Low Power Wide Area Network) technology, and may be implemented in standards such as LTE Cat NB1 and/or LTE Cat NB2, and is limited to the above-mentioned names. not. Additionally or alternatively, the wireless communication technology implemented in the wireless device 100 of the present specification may perform communication based on LTE-M technology. In this case, as an example, the LTE-M technology may be an example of an LPWAN technology, and may be called various names such as enhanced machine type communication (eMTC). For example, LTE-M technology is 1) LTE CAT 0, 2) LTE Cat M1, 3) LTE Cat M2, 4) LTE non-BL (non-Bandwidth Limited), 5) LTE-MTC, 6) LTE Machine Type Communication, and/or 7) may be implemented in at least one of various standards such as LTE M, and is not limited to the above-described name. Additionally or alternatively, the wireless communication technology implemented in the wireless device 100 of the present specification is at least one of ZigBee, Bluetooth, and Low Power Wide Area Network (LPWAN) in consideration of low power communication. may include, and is not limited to the above-mentioned names. For example, the ZigBee technology can create PAN (personal area networks) related to small/low-power digital communication based on various standards such as IEEE 802.15.4, and can be called by various names.

The above-described specification can be implemented as computer-readable code on a medium in which a program is recorded. The computer-readable medium includes all types of recording devices in which data readable by a computer system is stored. Examples of computer-readable media include Hard Disk Drive (HDD), Solid State Disk (SSD), Silicon Disk Drive (SDD), ROM, RAM, CD-ROM, magnetic tape, floppy disk, optical data storage device, etc. There is also a carrier wave (eg, transmission over the Internet) that is implemented in the form of. Accordingly, the above detailed description should not be construed as restrictive in all respects but as exemplary. The scope of this specification should be determined by a reasonable interpretation of the appended claims, and all modifications within the scope of equivalents of this specification are included in the scope of this specification.

Claims

In a method for a UE (User Equipment) to determine the authenticity of a network based on a user input in a wireless communication system, the method comprising:

performing a Restricted Local Operator Services (RLOS) connection procedure to the network;

transmitting an authentication request including connection state information between the UE and the network to a server in which information related to a user account of the UE is stored;

receiving an authentication response including authentication information for the network generated by the server based on the connection state information from the server;

presenting the RLOS security question through a display;

obtaining an answer to the RLOS security question from a user via the display;

Determining the authenticity of the network based on the answer and the authentication information; Containing,

Way.
The method of claim 1,

The authentication information is

Characterized in that it is generated based on a result of comparing the first location information of the UE obtained from the network and the second location information of the UE included in the connection state information,

Way.
3. The method of claim 1 or 2,

The connection state information is

characterized by including at least one of the network ID, the UE ID, the user account ID, location information of the UE, time information at which the connection procedure was performed, and first random number information,

Way.
4. The method according to any one of claims 1 to 3,

The authentication request is encrypted by the UE with a public key obtained in advance from the server,

The authentication response is decrypted by the server with a private key corresponding to the public key,

Way.
5. The method according to any one of claims 1 to 4,

The authentication request includes a preset question,

The step of determining the authenticity is,

characterized in that the authenticity of the network is determined based on whether the answer included in the authentication response matches the preset question,

Way.
6. The method according to any one of claims 1 to 5,

characterized in that it is determined whether the network is authentic or not based on a result of comparing the answer with the previously stored authentication answer,

Way.
7. The method according to any one of claims 1 to 6,

It characterized in that it further comprises the step of displaying the authentication answer on the display,

Way.
8. The method according to any one of claims 1 to 7,

Further comprising the step of displaying a screen indicating the RLOS security server connection process through the display,

Way.
9. The method according to any one of claims 1 to 8,

and displaying an answer to the RLOS security question via the display.

Way.