WO2023077273A1 - Method, apparatus, and computer program - Google Patents

Method, apparatus, and computer program Download PDF

Info

Publication number
WO2023077273A1
WO2023077273A1 PCT/CN2021/128218 CN2021128218W WO2023077273A1 WO 2023077273 A1 WO2023077273 A1 WO 2023077273A1 CN 2021128218 W CN2021128218 W CN 2021128218W WO 2023077273 A1 WO2023077273 A1 WO 2023077273A1
Authority
WO
WIPO (PCT)
Prior art keywords
slice
network slice
network
service type
value
Prior art date
Application number
PCT/CN2021/128218
Other languages
French (fr)
Inventor
Benjamin Cheung
Klaus Negle
Jing PING
Original Assignee
Nokia Shanghai Bell Co., Ltd.
Nokia Solutions And Networks Oy
Nokia Technologies Oy
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nokia Shanghai Bell Co., Ltd., Nokia Solutions And Networks Oy, Nokia Technologies Oy filed Critical Nokia Shanghai Bell Co., Ltd.
Priority to PCT/CN2021/128218 priority Critical patent/WO2023077273A1/en
Publication of WO2023077273A1 publication Critical patent/WO2023077273A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/80Ingress point selection by the source endpoint, e.g. selection of ISP or POP
    • H04L45/85Selection among different networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W48/00Access restriction; Network selection; Access point selection
    • H04W48/02Access restriction performed under specific conditions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W60/00Affiliation to network, e.g. registration; Terminating affiliation with the network, e.g. de-registration
    • H04W60/04Affiliation to network, e.g. registration; Terminating affiliation with the network, e.g. de-registration using triggered events

Definitions

  • the present application relates to a method, apparatus, and computer program and in particular but not exclusively a method, apparatus, and computer program relating to an open access network slices.
  • a communication system can be seen as a facility that enables communication sessions between two or more entities such as communication devices, base stations and/or other nodes by providing carriers between the various entities involved in the communications path.
  • the communication system may be a wireless communication system.
  • wireless systems comprise public land mobile networks (PLMN) operating based on radio standards such as those provided by 3GPP, satellite-based communication systems and different wireless local networks, for example wireless local area networks (WLAN) .
  • PLMN public land mobile networks
  • WLAN wireless local area networks
  • the wireless systems can typically be divided into cells and are therefore often referred to as cellular systems.
  • the communication system and associated devices typically operate in accordance with a given standard or specification which sets out what the various entities associated with the system are permitted to do and how that should be achieved. Communication protocols and/or parameters which shall be used for the connection are also typically defined. Examples of standards are the so-called 5G standards.
  • Slicing is a concept which has been introduced in 5G.
  • a service provider transforms its network into a set of logical networks on top of a shared infrastructure.
  • Each logical network (known as a slice) of the set of logical networks may be designed to serve at least one defined purpose and comprises the required network resources, configured and connected end-to-end (from end user through RAN/core to application) .
  • the slices are assigned to a subscriber for the desired services.
  • Non-Public Networks can be categorized into two different kinds of NPN: a Standalone Non-Public Network (SNPN) which is typically hosted by, for example, a vertical industry owner and Public Network Integrated-Non-Public Network (PNINPN) , which are offered as a “private” branch of a public network.
  • SNPN Standalone Non-Public Network
  • PNINPN Public Network Integrated-Non-Public Network
  • Non-Public Networks are changing the networking landscape in a way that these new networks may attract users which have contracts with big communications service provider (CSP) network providers.
  • CSP big communications service provider
  • the new networks may offer local services which are open to others than regular users of the NPN.
  • apparatus comprising means for providing a network slice with a defined one of: slice/service type value; or a slice/service type and slice differentiator value, the network slice configured to permit a communications device to conditionally access at least one service through the network slice without authentication and credentials.
  • the means may be further for providing at least one default network slice that the communications device does not belong to and through which communication devices attempt to access services.
  • the means for providing the network slice with the defined slice/service type value or defined slice/service type and slice differentiator value, the network slice configured to permit the communications device to conditionally access at least one service through the network slice without authentication and credentials may be for allocating resources for the network slice, and wherein the means for allocating resources for the network slice may be further for determining one of: a slice/service type value for the network slice; or a slice/service type and slice differentiator value for the network slice.
  • the means for allocating resources for the network slice may be further for determining at least one of: a coverage area for the network slice; a maximum number of communications devices which can use the network slice; and a temporary grant time period for the network slice; an isolation value requirement setting for the network slice; a service limit for the network slice; and an endpoint for the network slice.
  • the means for providing the network slice with the defined slice/service type value or the defined slice/service type and slice differentiator value, the network slice configured to permit the communications device to conditionally access at least one service through the network slice without authentication and credentials may be for generating information for configuring at least one core network apparatus to support the network slice, wherein the means for generating information for configuring the at least one core network apparatus to support the network slice may be for determining one of: an open access network slice indicator for the network slice; a slice/service type value for the network slice; or a slice/service type and slice differentiator value for the network slice.
  • the means for generating information for configuring the at least one core network apparatus to support the network slice may be for determining at least one of: a coverage area for the network slice; a maximum number of communications devices; a quality-of-service requirement for the network slice; a service limit for the network slice; an endpoint for the network slice; a temporary grant time period for the network slice; and an isolation requirement for the network slice.
  • the means for providing the network slice with the defined slice/service type value or the defined a slice/service type and slice differentiator value, the network slice configured to permit the communications device to conditionally access at least one service through the network slice without authentication and credentials may be for generating information for configuring at least one radio access network apparatus to support the network slice, wherein the means for generating information for configuring the at least one radio access network apparatus to support the network slice may be for determining one of: an open access network slice indicator for the network slice; a slice/service type value for the network slice; or a slice/service type and slice differentiator value for the network slice.
  • the means for generating information for configuring the at least one radio access network apparatus to support the network slice may be for determining at least one of: a slice differentiator value for the network slice; a quality-of-service requirement for the network slice; a service limit for the network slice defining a maximum number of communications devices which can use the network slice; and an isolation value requirement for the network slice.
  • the apparatus may be a Management System function for a Management Plane or M-Plane.
  • the means for providing the network slice with the defined slice/service type or the defined slice/service type and slice differentiator value, the network slice configured to permit the communications device to conditionally access at least one service through the network slice without authentication and credentials may be for: obtaining information for supporting the network slice, the information may comprise one of: the defined network slice/service type value; or the defined slice/service type and slice differentiator value; and obtaining via at least one radio access network apparatus a request from the communications device to access the network slice, the request may comprise one of: a request slice/service type value; or a request slice/service type and slice differentiator value; validating the request, wherein the validating the request may be for: determining a match between the requested slice/service type value and the defined network slice/service type value; or determining a match between the requested slice/service type and slice differentiator value and the defined single network slice selection assistance information value; and generating a registration response based on the validation.
  • the means for validating the request may be further for bypassing communicating with at least one unified data management function to validate subscription information associated with the communications device, when there is a match between the requested slice/service type value and the defined network slice/service type value or there is a match between the requested slice/service type and slice differentiator value and the defined slice/service type and slice differentiator value.
  • the means for validating the request may be further for the Access and Mobility Management Function bypassing a validation communication with at least one unified data management function for validating subscription information associated with the communications device when there is a match between the requested slice/service type value and the defined network slice/service type value or a match between the requested slice/service type and slice differentiator value and the defined slice/service type and slice differentiator value.
  • the information may further comprise a maximum number of communications devices which can use the network slice, and wherein the means for validating the request may be for determining a number of current users of the network slice is less than the maximum number of communications devices which can use the network slice.
  • the apparatus may comprise a radio access network apparatus, and the means for providing the network slice with the defined one of: slice/service type value; or a slice/service type and slice differentiator value may be for: obtaining information for supporting the network slice, the information may comprise one of: an open access network slice indicator for the network slice; the defined slice/service type value; or the defined slice/service type and slice differentiator value; and generating information for enabling the at least one communications device to request access to the network slice, the information comprising at least one network slice selection access information identifier associated with the network slice.
  • the information may further comprise a quality-of-service requirement for the network slice.
  • the means may be for transmitting the information for enabling the at least one communications device to request access to the network slice over a signalling plane.
  • the apparatus may comprise a communication device apparatus, and the means for providing the network slice with the defined one of: slice/service type value; or a slice/service type and slice differentiator value may be for: obtaining information for enabling the communications device apparatus to attempt to access at least one default network slice which the communications device apparatus may or may not belong to and may or may not be permitted to access; obtaining information for enabling the communications device apparatus to access the network slice comprising the defined slice/service type value or the defined slice/service type and slice differentiator value; generating a request to access the network slice, the request comprising one of: the defined slice/service type value or the defined slice/service type and slice differentiator value; obtaining a response for access to the network slice based on the request being validated; requesting and obtaining a protocol data unit session on the network slice; and requesting and obtaining a user plane data connection to a fixed endpoint.
  • the communications device apparatus may be further for: generating a default network slice access request for attempting to access the at least one default network slice which the communications device apparatus may or may not belong to and may or may not be permitted to access prior to generating the request to access the network slice; and generating the request to access the network slice when the attempt to access the at least one default network slice fails.
  • the at least one network slice may be one of: part of a stand-alone non-public network; or public-network integrated non-public network; or part of a public network.
  • the means for generating a request to access the network slice may be for: determining the at least one service is only accessible at a fixed endpoint through the network slice; and generating the request.
  • the means following the obtaining of the user plane data connection to the fixed endpoint, may be further for authenticating the communications device at the determined endpoint so to enable the communications device to execute the service.
  • the network slice may comprise one of: an open access network slice; a static open access network slice; and a dynamic open access network slice.
  • an apparatus comprising at least one processor and at least one memory including a computer program code, the at least one memory and computer program code configured to, with the at least one processor, cause the apparatus at least to: provide a network slice with a defined one of:slice/service type value; or a slice/service type and slice differentiator value, the network slice configured to permit a communications device to conditionally access at least one service through the network slice without authentication and credentials.
  • the apparatus may be further caused to provide at least one default network slice that the communications device does not belong to through which communication devices attempt to access services.
  • the apparatus caused to provide the network slice with the defined slice/service type value or the defined slice/service type and slice differentiator value, the network slice configured to permit the communications device to conditionally access at least one service through the network slice without authentication and credentials may be caused to allocate resources for the network slice, and wherein the apparatus caused to allocate resources for the network slice may be further caused to determine one of: a slice/service type value for the network slice; or a slice/service type and slice differentiator value for the network slice.
  • the apparatus caused to allocate resources for the network slice may be further caused to determine at least one of: a coverage area for the network slice; a maximum number of communications devices which can use the network slice; and a temporary grant time period for the network slice; an isolation value requirement setting for the network slice; a service limit for the network slice; and an endpoint for the network slice.
  • the apparatus caused to provide the network slice with the defined slice/service type or the defined slice/service type and slice differentiator value, the network slice configured to permit the communications device to conditionally access at least one service through the network slice without authentication and credentials may be caused to generate information for configuring at least one core network apparatus to support the network slice, wherein the apparatus caused to generate information for configuring the at least one core network apparatus to support the network slice may be caused to determine one of: an open access network slice indicator for the network slice; a slice/service type value for the network slice; or a slice/service type and slice differentiator value for the network slice.
  • the apparatus caused to generate information for configuring the at least one core network apparatus to support the network slice may be caused to determine at least one of: a coverage area for the network slice; a maximum number of communications devices; a quality-of-service requirement for the network slice; a service limit for the network slice; an endpoint for the network slice; a temporary grant time period for the network slice; and an isolation requirement for the network slice.
  • the apparatus caused to provide the network slice with the defined slice/service type or the defined slice/service type and slice differentiator value, the network slice configured to permit the communications device to conditionally access at least one service through the network slice without authentication and credentials may be caused to generate information for configuring at least one radio access network apparatus to support the network slice, wherein the apparatus caused to generate information for configuring the at least one radio access network apparatus to support the network slice may be caused to determine one of: an open access network slice indicator for the network slice; a slice/service type value for the network slice; or a slice/service type and slice differentiator value for the network slice.
  • the apparatus caused to generate information for configuring the at least one radio access network apparatus to support the network slice may be caused to determine at least one of: a slice differentiator value for the network slice; a quality-of-service requirement for the network slice; a service limit for the network slice defining a maximum number of communications devices which can use the network slice; and an isolation value requirement for the network slice.
  • the apparatus may be a Management System function for a Management Plane or M-Plane.
  • the apparatus may be caused to provide the network slice with the defined slice/service type or the defined slice/service type and slice differentiator value, the network slice configured to permit the communications device to conditionally access at least one service through the network slice without authentication and credentials may be caused to: obtain information for supporting the network slice, the information may comprise one of: the defined network slice/service type value; or the slice/service type and slice differentiator value; and obtain via at least one radio access network apparatus a request from the communications device to access the network slice, the request may comprise one of: a request slice/service type value; or a request slice/service type and slice differentiator value; validating the request, wherein the apparatus caused to validate the request may be caused to: determine a match between the requested slice/service type value and the defined network slice/service type value; or determine a match between the requested slice/service type and slice differentiator value and the defined single network slice selection assistance information value; and generate a registration response based on the validation.
  • the apparatus caused to validate the request may be further caused to bypass communicating with at least one unified data management function to validate subscription information associated with the communications device, when there is a match between the requested slice/service type value and the defined network slice/service type value or there is a match between the requested slice/service type and slice differentiator value and the defined requested slice/service type and slice differentiator value.
  • the apparatus caused to validate the request may be further for the Access and Mobility Management Function caused to bypass a validation communication with at least one unified data management function for validating subscription information associated with the communications device when there is a match between the requested slice/service type value and the defined network slice/service type value or a match between the requested slice/service type and slice differentiator value and the defined slice/service type and slice differentiator value.
  • the information may further comprise a maximum number of communications devices which can use the network slice, and wherein the apparatus caused to validate the request may be caused to determine a number of current users of the network slice is less than the maximum number of communications devices which can use the network slice.
  • the apparatus may comprise a radio access network apparatus, and the apparatus caused to provide the network slice with the defined one of: slice/service type value; or slice/service type and slice differentiator value may be caused to: obtain information for supporting the network slice, the information may comprise one of: an open access network slice indicator for the network slice; the defined slice/service type value; or the defined slice/service type and slice differentiator value; and generate information for enabling the at least one communications device to request access to the network slice, the information comprising at least one network slice selection access information identifier associated with the network slice.
  • the information may further comprise a quality-of-service requirement for the network slice.
  • the apparatus may be caused to transmit the information for enabling the at least one communications device to request access to the network slice over a signalling plane.
  • the apparatus may comprise a communication device apparatus, and the apparatus caused to provide the network slice with the defined one of: slice/service type value; or a slice/service type and slice differentiator value may be caused to: obtain information for enabling the communications device apparatus to attempt to access at least one default network slice which the communications device apparatus may or may not belong to and may or may not be permitted to access; obtain information for enabling the communications device apparatus to access the network slice comprising the defined slice/service type value or the defined slice/service type and slice differentiator value; generate a request to access the network slice, the request comprising one of: the defined slice/service type value or the defined slice/service type and slice differentiator value; obtain a response for access to the network slice based on the request being validated; request and obtain a protocol data unit session on the network slice; and request and obtain a user plane data connection to a fixed endpoint.
  • the communications device apparatus may be further caused to: generate an default network slice access request for attempting to access the at least one default network slice which the communications device apparatus may or may not belong to and may or may not be permitted to access prior to generating the request to access the network slice; and generate the request to access the network slice when the attempt to access the default network slice fails.
  • the at least one network slice may be one of: part of a stand-alone non-public network; or public-network integrated non-public network; or part of a public network.
  • the apparatus caused to generate a request to access the network slice may be caused to: determine the at least one service is only accessible at a fixed endpoint through the network slice; and generate the request.
  • the apparatus following the obtaining of the user plane data connection to the fixed endpoint, may be further caused to authenticate the communications device at the determined endpoint so to enable the communications device to execute the service.
  • the network slice may comprise one of: an open access network slice; a static open access network slice; and a dynamic open access network slice.
  • a method comprising: providing a network slice with a defined one of: slice/service type value; or a slice/service type and slice differentiator value, the network slice configured to permit a communications device to conditionally access at least one service through the network slice without authentication and credentials.
  • the method may further comprise providing at least one default network slice that the communications device does not belong to and through which communication devices attempt to access services.
  • Providing the network slice with the defined slice/service type value or defined slice/service type and slice differentiator value, the network slice configured to permit the communications device to conditionally access at least one service through the network slice without authentication and credentials may comprise allocating resources for the network slice, and wherein allocating resources for the network slice may further comprise determining one of: a slice/service type value for the network slice; or a slice/service type and slice differentiator value for the network slice.
  • Allocating resources for the network slice may further comprise determining at least one of: a coverage area for the network slice; a maximum number of communications devices which can use the network slice; and a temporary grant time period for the network slice; an isolation value requirement setting for the network slice; a service limit for the network slice; and an endpoint for the network slice.
  • Providing the network slice with the defined slice/service type value or the defined slice/service type and slice differentiator value, the network slice configured to permit the communications device to conditionally access at least one service through the network slice without authentication and credentials may comprise generating information for configuring at least one core network apparatus to support the network slice, wherein generating information for configuring the at least one core network apparatus to support the network slice may comprise determining one of: an open access network slice indicator for the network slice; a slice/service type value for the network slice; or a slice/service type and slice differentiator value for the network slice.
  • Generating information for configuring the at least one core network apparatus to support the network slice may comprise determining at least one of: a coverage area for the network slice; a maximum number of communications devices; a quality-of-service requirement for the network slice; a service limit for the network slice; an endpoint for the network slice; a temporary grant time period for the network slice; and an isolation requirement for the network slice.
  • the network slice configured to permit the communications device to conditionally access at least one service through the network slice without authentication and credentials may comprise generating information for configuring at least one radio access network apparatus to support the network slice, wherein generating information for configuring the at least one radio access network apparatus to support the network slice may comprise determining one of: an open access network slice indicator for the network slice; a slice/service type value for the network slice; or a slice/service type and slice differentiator value for the network slice.
  • Generating information for configuring the at least one radio access network apparatus to support the network slice may comprise determining at least one of: a slice differentiator value for the network slice; a quality-of-service requirement for the network slice; a service limit for the network slice defining a maximum number of communications devices which can use the network slice; and an isolation value requirement for the network slice.
  • the method may be implemented on a Management System function for a Management Plane or M-Plane.
  • Providing the network slice with the defined slice/service type or the defined slice/service type and slice differentiator value, the network slice configured to permit the communications device to conditionally access at least one service through the network slice without authentication and credentials may comprise: obtaining information for supporting the network slice, the information may comprise one of: the defined network slice/service type value; or the slice/service type and slice differentiator value; and obtaining via at least one radio access network apparatus a request from the communications device to access the network slice, the request may comprise one of: a request slice/service type value; or a request slice/service type and slice differentiator value; validating the request, wherein validating the request may comprise: determining a match between the requested slice/service type value and the defined network slice/service type value; or determining a match between the requested slice/service type and slice differentiator value and the defined single network slice selection assistance information value; and generating a registration response based on the validation.
  • Validating the request may comprise bypassing communicating with at least one unified data management function to validate subscription information associated with the communications device, when there is a match between the requested slice/service type value and the defined network slice/service type value or there is a match between the requested slice/service type and slice differentiator value and the defined requested slice/service type and slice differentiator value.
  • Validating the request may be further for an Access and Mobility Management Function bypassing a validation communication with at least one unified data management function for validating subscription information associated with the communications device when there is a match between the requested slice/service type value and the defined network slice/service type value or a match between the requested slice/service type and slice differentiator value and the defined slice/service type and slice differentiator value.
  • the information may further comprise a maximum number of communications devices which can use the network slice, and wherein validating the request may comprise determining a number of current users of the network slice is less than the maximum number of communications devices which can use the network slice.
  • the method may be implemented on a radio access network apparatus, and providing the network slice with the defined one of: slice/service type value; or a slice/service type and slice differentiator value may comprise: obtaining information for supporting the network slice, the information may comprise one of: an open access network slice indicator for the network slice; the defined slice/service type value; or the defined slice/service type and slice differentiator value; and generating information for enabling the at least one communications device to request access to the network slice, the information comprising at least one network slice selection access information identifier associated with the network slice.
  • the information may further comprise a quality-of-service requirement for the network slice.
  • the method may further comprise transmitting the information for enabling the at least one communications device to request access to the network slice over a signalling plane.
  • the method may be implemented on a communication device apparatus, and providing the network slice with the defined one of: slice/service type value; or a slice/service type and slice differentiator value may comprise: obtaining information for enabling the communications device apparatus to attempt to access at least one default network slice which the communications device apparatus may or may not belong to and may or may not be permitted to access; obtaining information for enabling the communications device apparatus to access the network slice comprising the defined slice/service type value or the defined slice/service type and slice differentiator value; generating a request to access the network slice, the request comprising one of: the defined slice/service type value or the defined slice/service type and slice differentiator value; obtaining a response for access to the network slice based on the request being validated; requesting and obtaining a protocol data unit session on the network slice; and requesting and obtaining a user plane data connection to a fixed endpoint.
  • the method may comprise: generating a default network slice access request for attempting to access the at least one default slice which the communications device apparatus may or may not belong to and may or may not be permitted to access prior to generating the request to access the network slice; and generating the request to access the network slice when the attempt to access the default network slice fails.
  • the at least one network slice may be one of: part of a stand-alone non-public network; or public-network integrated non-public network; or part of a public network.
  • Generating a request to access the network slice may comprise: determining the at least one service is only accessible at a fixed endpoint through the network slice; and generating the request.
  • the method following the obtaining of the user plane data connection to the fixed endpoint, may comprise authenticating the communications device at the determined endpoint so to enable the communications device to execute the service.
  • the network slice may comprise one of: an open access network slice; a static open access network slice; and a dynamic open access network slice.
  • a network entity comprising means for: providing a network slice with a defined one of: slice/service type value; or a slice/service type and slice differentiator value, the network slice configured to permit a communications device to conditionally access at least one service through the network slice without authentication and credentials.
  • a network entity comprising at least one processor and at least one memory including a computer program code, the at least one memory and computer program code configured to, with the at least one processor, cause the network entity at least to: providing a network slice with a defined one of: slice/service type value; or a slice/service type and slice differentiator value, the network slice configured to permit a communications device to conditionally access at least one service through the network slice without authentication and credentials.
  • a computer readable medium comprising program instructions for causing an apparatus to perform at least the method according to any of the preceding aspects.
  • a non-transitory computer readable medium comprising program instructions for causing an apparatus to perform at least the method according to any of the preceding aspects.
  • Figure 1 shows a schematic diagram of an example 5G system as defined by the 3GPP
  • Figure 2 shows a schematic diagram of an example communications device
  • Figure 3 shows a schematic diagram of an example apparatus
  • Figures 4a and 4b show schematic views of example S-NPN and public network architecture and interactions
  • Figure 4c show a schematic view of an open access network architecture and interactions according to some embodiments
  • Figure 5 shows a schematic view of the lifecycle management of network slicing as defined by the 3GPP which can be applied to the open access network slice according to some embodiments;
  • Figure 6 schematically shows an example flow of the open access network slice according to some embodiments
  • Figure 7 schematically shows an example open network slice slice/service type value extension according to some embodiments.
  • Figure 8 shows a flowchart of open access network slice flow with respect to deployment operations according to an example embodiment
  • Figure 9 shows a flowchart of open access network slice flow with respect to call processing operations according to an example embodiment
  • Figure 10 shows a flowchart of open access network slice flow with respect to an emergency use implementation
  • Figure 11 shows a further example of an open access network slice implementation with respect to an industry 4.0 environment.
  • FIG. 1 shows a schematic representation of a 5G system (5GS) .
  • the 5GS may be comprised by a terminal or user equipment (UE) , a 5G radio access network (5GRAN) or next generation radio access network (NG-RAN) , a 5G core network (5GC) , one or more application functions (AF) and one or more data networks (DN) .
  • UE terminal or user equipment
  • 5GRAN 5G radio access network
  • NG-RAN next generation radio access network
  • GC 5G core network
  • AF application functions
  • DN data networks
  • the 5G-RAN may comprise one or more base stations.
  • the base station may be referred to as a gNodeB (gNB) .
  • the RAN may comprise one or more gNodeB (gNB) (or base station) distributed unit functions connected to one or more gNodeB (gNB) (or base station) centralized unit functions.
  • gNB gNodeB
  • gNB gNodeB
  • the 5GC may comprise the following entities: one or more access management functions (AMF) , one or more session management functions (SMF) , an authentication server function (AUSF) , a unified data management (UDM) , one or more user plane functions (UPF) , and/or a network exposure function (NEF) .
  • AMF access management functions
  • SMF session management functions
  • AUSF authentication server function
  • UDM unified data management
  • UPF user plane functions
  • NEF network exposure function
  • FIG. 2 illustrates an example of an apparatus 200.
  • Ths apparatus may be provided for example in a communications device, or a base station (e.g. gNB) or in an AMF.
  • the apparatus may comprise at least one memory.
  • the at least one memory may comprise random access memory (RAM) 211a and at least on read only memory (ROM) 211b.
  • Apparatus used by other embodiments may comprise different memory.
  • the apparatus may comprise at least one processor 212, 213. In this example apparatus, two processors are show.
  • the apparatus may comprise an input/output interface 214.
  • the at least one processor may be coupled to the at least one memory.
  • the at least one processor may be configured to execute an appropriate software code 215.
  • the software code 215 may for example allow the method of some embodiments to be performed.
  • the software code 215 may be stored in the at least one memory, for example ROM 211b.
  • FIG 3 illustrates an example of a terminal 300, such as the terminal illustrated on Figure 1.
  • the terminal 300 may be provided by any device capable of sending and receiving radio signals.
  • Non-limiting examples comprise a user equipment, a mobile station (MS) or mobile device such as a mobile phone or what is known as a ’smart phone’ , a computer provided with a wireless interface card or other wireless interface facility (e.g., USB dongle) , a personal data assistant (PDA) or a tablet provided with wireless communication capabilities, a machine-type communications (MTC) device, an Internet of things (IoT) type communications device or any combinations of these or the like.
  • the terminal 300 may provide, for example, communication of data for carrying communications.
  • the communications may be one or more of voice, electronic mail (email) , text message, multimedia, data, machine data and so on.
  • the terminal 300 may receive signals over an air or radio interface 307 via appropriate apparatus for receiving and may transmit signals via appropriate apparatus for transmitting radio signals.
  • transceiver apparatus is designated schematically by block 306.
  • the transceiver apparatus 306 may be provided for example by means of a radio part and associated antenna arrangement.
  • the antenna arrangement may be arranged internally or externally to the mobile device.
  • the terminal 300 may be provided with at least one processor 301, at least one memory ROM 302a, at least one RAM 302b and other possible components 303 for use in software and hardware aided execution of tasks it is designed to perform, including control of access to and communications with access systems and other communications devices.
  • the at least one processor 301 is coupled to the RAM 302a and the ROM 302b.
  • the at least one processor 301 may be configured to execute an appropriate software code 308.
  • the software code 308 may for example allow to perform one or more of the present aspects.
  • the software code 308 may be stored in the ROM 302b.
  • the processor, storage and other relevant control apparatus can be provided on an appropriate circuit board and/or in chipsets. This feature is denoted by reference 304.
  • the device may optionally have a user interface such as keypad 305, touch sensitive screen or pad, combinations thereof or the like.
  • one or more of a display, a speaker and a microphone may be provided depending on the type of the device.
  • the communications device is referred to as a UE.
  • the communications device can any suitable communications device, some examples of which have already been mentioned.
  • Network slicing is provided in 5G.
  • Network slicing supports different services using the same underlying mobile network infrastructure.
  • One example of network slicing is described in 3GPP TS 38.300.
  • Network slices can differ in their service requirements.
  • the service requirement may be an ultra-reliable low latency communication (URLLC) service requirement or an enhanced mobile broadband (eMBB) service requirement.
  • URLLC ultra-reliable low latency communication
  • eMBB enhanced mobile broadband
  • a network slice is uniquely identified via S-NSSAI (Single-Network Slice Selection Assistance Information) .
  • S-NSSAI Single-Network Slice Selection Assistance Information
  • a UE may be simultaneously connected and served by a given maximum number of S-NSSAIs. In 3GPP TS 38.300, for example, the maximum is eight. For some embodiments, the maximum may be eight. Other embodiments may have a different maximum which may be more or less than eight.
  • Each cell may support tens or even hundreds of S-NSSAIs.
  • a tracking area can have a support up to 1024 network slices.
  • the maximum number of supported slices may be 1024.
  • Other embodiments may have a different maximum which may be more or less than 1024.
  • NPN Non-Public Networks
  • the public network comprises a Public Network Integrated-Non-Public Network (PNI-NPN) 424 represented for example base station (Node) 425.
  • PNI-NPN Public Network Integrated-Non-Public Network
  • the PNI-NPN 424 can be configured as slices, as shown by slice 427 and can communicate 429 with a vehicle-based user equipment 401.
  • FIG. 4a a series of standalone non-public networks (SNPNs) .
  • SNPNs standalone non-public networks
  • a first (industry) SNPN SNPN1 403 comprising its own node or base station 405 and is also organised by slice as shown in slice 407 in communication 409 with the vehicle-based user equipment 401.
  • SNPN2 413 comprising its own node or base station 415 and is also organised by slice as shown in slice 417 in communication 419 with the vehicle-based user equipment 401.
  • NPN Non-Public Network
  • SNPN Standalone Non-Public Network
  • PNINPN Public Network Integrated-Non-Public Network
  • An Open Access Network Slice is defined to be a special standardized network slice which can comprise (or cross) SNPN, PNI-NPN and PLMN, and within which any UE can conditionally use for various services without authentication and credentials.
  • the implementation of “open” registration and onboarding of a UE to an Open Access Network Slice is disclosed in further detail herein. Furthermore, there is described example use cases of a new attach procedure.
  • OANS Open Access Network Slice
  • static OANS static OANS
  • dynamic OANS dynamic OANS
  • Static Open Access Network Slice can be created and configured by a service provider during slicing preparation (design and onboarding) .
  • a service provider during slicing preparation (design and onboarding) .
  • a network slice that is deployed during network deployment.
  • the service provider creates a static OANS throughout tracking areas in network
  • a dynamic open access network slice can be deployed on-demand when needed. For example, an emergency would trigger the deployment of the Open Access Network Slice.
  • a deploy “on-demand’ some management function or business function evaluation SLA/SLS determines or triggers a policy to deploy a OANS at this point in the network in TA.
  • the dynamic OANS is one which is created ‘on the fly’ .
  • the Open Access Network Slice can in some embodiments be defined by a new value in the Slice Service Type (SST) value.
  • SST Slice Service Type
  • a Network Slice is defined by the SST and the Slice Differentiator (SD) .
  • PLMNid the Slice Service Type
  • SD Slice Differentiator
  • the combination of these three numbers (PLMNid, SST and SD) uniquely identifies a network slice.
  • the UE can be configured to request admittance to the Open Access Network Slice through the Single Network Slice Service Assistance Identifier (S-NSSAI) using the new SST value of the Open Access Network Slice.
  • S-NSSAI Single Network Slice Service Assistance Identifier
  • the UE can then in some embodiments be configured to gain access to the system without subscription and authentication restriction by the AMF.
  • the Open Access Network Slice thus, as described herein in further detail, allows the UE to gain access to dedicated fixed endpoints.
  • the intention of the Open Access Network Slice does not allow access to everywhere in the system. Rather the Open Access Network Slice grants access to specific endpoints.
  • This may be, in some embodiments, a special or defined DN endpoint that may require the UE to authenticate.
  • the end point can, in some embodiments, be an endpoint that goes to special emergency services in the case of a public safety, or emergency Open Access Network Slice.
  • FIG. 4c An example open access network slice is shown with respect to Figure 4c.
  • the open access network 501 comprising base stations (or nodes) such as shown in the example network as shown in Figures 4a and 4b (and the base station 525 and its associated slice 523) .
  • the base station 415 there is shown associated with the base station 415 an open access network slice 533 instance which enables a communication 539 between the UE 401 and fixed endpoint 537 and which can be enabled to grant access without authentication or credentials and is controlled by controller 535.
  • Open Access Network Slice can also include the needed management enhancements to configure the network elements in a way that open access network slices can be offered. This also includes configuration of non-functional things like security, availability, and performance considerations, especially to avoid a decrease in performance (side effects) with respect to the normal business of the network.
  • Open Access Network Slices One aspect, with respect to the definition of the Open Access Network Slices, is that of preparation, design/onboarding, and commissioning of slices.
  • the service provider for example, would be required to setup the Open Access Network Slices and their operation.
  • Figure 5 shows the Lifecycle of a Network Slice Instance which is applicable to the open access network slices according to some embodiments.
  • a preparation 550 phase can comprise a design 553 operation which passes to an on-boarding 555 operation.
  • the preparation 550 phase can comprise a network environment preparation 557 operation.
  • the instance can then be instigated with respect to a commissioning 570 phase comprising a creation operation 571.
  • the network slice instance lifecycle 560 comprises an operation 580 phase.
  • the open access network slices are operated during the operation 580 of the lifecycle of a network slice instance (NSI) .
  • NSI network slice instance
  • the operation 580 phase comprises an activation 581 operation. Having been activated there can comprise the operations of Supervision 583, Reporting 587 and Modification 585 of slices which allows the service provider to monitor the operation of an open access network slice instance (s) . Furthermore, the operation 580 phase comprises a de-activation 589 operation.
  • decommissioning phase 590 which can comprise a termination 591 operation.
  • the management layer 601 is configured to generate and pass 651 configuration control information to the 5G core layer 603 (for example an access mobility function –AMF 613) .
  • the management layer or plane is a set of services and operations that handle the control of RAN, Core and transport elements in a network.
  • the M-Plane is thus a communication layer that is specifically used for FCAPS (fault, configuration, accounting, performance and security) , LCM (life cycle management) operations between the RAN, Core and transport elements in a network.
  • the network can be pre-configured using a new SST.
  • the combination of Slice Service Type (SST) and the Slice Differentiator (SD) can therefore uniquely identify the slice.
  • SST Slice Service Type
  • SD Slice Differentiator
  • a UE requests access for an Open Access Network Slice it can be configured to use this identity in the S-NSSAI.
  • the Open Access Network Slice is a special network slice that any UE can use without authentication and credentials.
  • a Static Open Access Network Slice can thus be created and configured by a service provider during slicing preparation (design and onboarding) .
  • this example shows a static slice it is understood that it could also be deployed dynamically.
  • a dynamic open access network slice would be deployed on-demand when needed. For example, an emergency would trigger the deployment of the Open Access Network Slice.
  • the 5G core layer 603 (the AMF 613) is configured for open access network slice operations based on the configuration control information.
  • the 5G core layer 603 (AMF 613) can then be configured to generate 653 information which can then be transmitted 655 to the gNB (as part of the radio access network layer 605) .
  • the information received by the gNB 605 is then caused to enable the gNB to broadcast 657 the information with respect to the open access network slice instance to a UE 607.
  • the information in some embodiments comprises the Public Land Mobile Network Identifier (PLMNID) and Network Identifier (NID) associated with the open access network slice instance.
  • PLMNID Public Land Mobile Network Identifier
  • NID Network Identifier
  • the UE 607 having obtained the broadcast information, is configured to request access to the open access network slice using a slice service type (SST) value in the Single Network Slice Service Assistance Identifier (S-NSSAI) which identifies that the request is with respect to an open access network slice.
  • SST slice service type
  • S-NSSAI Single Network Slice Service Assistance Identifier
  • This request is generated 659 by the UE 607 and then transmitted 661 to the gNB 605.
  • the gNB 605 can then be configured to pass 663 the request to the 5G core 603 (for example to the AMF 613) which is configured to grant access for the UE to the open access network slice.
  • the UE 607 can be configured to generate a request for access to an open access network slice through the new SST value in the S-NSSAI.
  • the UE 607 in some embodiments, should be configured to prioritize the open access network slice last if it has potential to access other slices.
  • the UE requests admittance to the Open Access Network Slice through the Single Network Slice Service Assistance Identifier (S-NSSAI) using the new Open Access Network Slice SST value.
  • S-NSSAI Single Network Slice Service Assistance Identifier
  • the UE will gain access to the system without subscription and authentication restriction by the AMF/AUSF because it is requesting access to an Open Access Network slice in the S-NSSAI.
  • the UE 607 is then configured implement an open access network slice attach 665 to the data network or fixed endpoint 609 via the user plane function (UPF) 623 of the 5G core 603.
  • the UE is onboarded and attached without credentials.
  • the AMF 613 is configured to grant access to the UE 607 because the UE 607 has requested the SST/SD of the Open Access Network Slice.
  • the idea of open access attach onboarding of a UE 607 to an Open Access Network Slice is implemented at the AMF 613.
  • the Open Access Network Slice can be configured in some embodiments to allow the UE 607 to gain access to limited fixed endpoints.
  • the Open Access Network Slice is configured to grant access to specific or defined endpoints.
  • these end points can in some embodiments be a special emergency public safety management center in the case of an emergency use case.
  • the endpoint may be also a visitor management endpoint that is used to grant access to visitors into a SNPN network.
  • the Open Access Network Slice can be configured to not allow access to everywhere (anywhere) in the system.
  • the defined or permitted DN endpoint can be configured to require the UE to authenticate.
  • Figure 7 shows an example design of the SST/SD according to some embodiments.
  • Figure 7 shows an example S-NSSI comprising the SST 703 part (which is shown in this example as an 8-bit value) and a SD 705 part (which is shown in this example as a 24-bit value) .
  • the Open Access Network Slice (OANS) slice/Service Type value is a new value (x) representing a new category of slice similar to the currently defined categories such as eMBB (value 1) or URLLC (value 2) slice.
  • eMBB value 1
  • URLLC value 2
  • the UE is configured to indicate further qualifiers in the SD (slice differentiator) value identifying between the available open access network slices.
  • SD slice differentiator
  • OANS SST value may be any suitable unique identification value and may be defined by standardization activities.
  • one type of Dynamic open access network slice trigger might be when a UE has requested for an open access network slice and none yet exist in the tracking area.
  • the management layer may be configured to deploy on demand a dynamic open access network slice based on the UE request on the incoming S-NSSAI.
  • This dynamic open access network slice trigger may be understood to be analogous to within a retail setting, where someone comes into a store and requires some assistance.
  • the system allocates a store worker temporarily to address the concerns of the patron.
  • the entrant to the network may be an unexpected UE, but it requests an open access network slice, so the AMF accommodates the request and deploys a dynamic open access network slice for the visitor UE.
  • one aspect of the employment of the open access network slices is the operation of controlling or programming of entities within the 5G core network (for example the AMF and UDM) to accommodate the open access network slice instances.
  • entities within the 5G core network for example the AMF and UDM
  • the AMF within the 5G core network is configured to recognize this new SST, and act accordingly.
  • the network design 553 operation as shown in Figure 5 is configured to allow for the AMF to be programmed to recognize and implement OANS operations with respect to receiving requests comprising the SST value.
  • the AMF is configured to, when it receives an access request comprising an SST value for an open access network slice, to allow the UE to have access to the open access network slice even without the proper credentials.
  • This operation differs from the current behaviour employed by the AMF based on the 3GPP standards as presently, the AMF is configured to verify the subscription of the UE when it is contacted.
  • the system can comprise a special AMF that is configured to handles open access network slices.
  • a Globally Unique AMF Identifier (GUAMI) can be specified by the UE which requests for a certain AMF to handle the service attach procedure.
  • GUI Globally Unique AMF Identifier
  • the network can be configured to select an appropriate AMF to service the UE.
  • an open access network slice there is provided a special AMF with an associated GUAMI dedicated for the task.
  • a suitable analogy in this circumstance is a help desk in real life whose purpose is to serve incoming random walk-in patrons.
  • open access network slices are configured to service the other end of the open access network slice.
  • the open access network slice implementations can be configured to specify that the open access network slice causes the data communication to be routed to one or more specified or particular fixed endpoints.
  • the design of such endpoints can be configured and designed by the service provider.
  • the service provider is configured to employ a single open access network slice manager.
  • the service provider can be configured, in some embodiments, to set up an endpoint just for emergency cases and thus setup an open access network slice with an SST/SD just for emergencies.
  • the service providers can be configured to setup a temporary endpoint to manage visitors.
  • the service provider is configured to design a Security Endpoint which would request and implement secondary authentication.
  • An example of a suitable secondary authentication could be a captcha verifying that the user is a human being.
  • the secondary level of authentication could be a two-factor authentication system.
  • the system is configured to openly let in a UE via the open access network slice, where visitors to the event are provided with an event-access code that can be employed at the security endpoint. This security strategy can thus be similar to those employed in broadcast events. In such systems a user is provided with a “public” web address, that in theory anyone could gain access to. However, the user is also provided with a special code just for the event that they enter to gain access to the broadcast video.
  • the UE might be a visitor UE to the network attending an event. The user can thus gain access via the open access network slice and is sent to the security endpoint for further authentication.
  • a further aspect with respect to the employment of open access network slices is that of the deployment of the open access network slice.
  • the deployment can be one of a static deployment or a dynamic deployment.
  • a Static Open Access Network Slice is created and configured by a service provider or enterprise during the slice preparation 550 and commissioning 570 phases.
  • the static open access network slice implementation is part of the network design 553 operation and onboarding 555 operation.
  • a service provider could thus in some embodiments employ a management layer application such as a Service Management Orchestrator or Orchestration (SMO) or network slice/network slice subnet/network function management function (NSMF -Network Slice Management Function, NSSMF -Network Slice Subnet Management Function, NFMF -Network Function Management Function) which would allow the service provider to specify slices in the network.
  • SMO Service Management Orchestrator or Orchestration
  • NSSMF Network Slice Management Function
  • NFMF Network Slice Management Function Management Function
  • a dynamic open access network slice implementation is one which is deployed on-demand when needed. For example, an emergency would trigger the deployment of the Open Access Network Slice.
  • the Nokia SMO/NOM has for example for RAN a RAN slice management rApp that could in some embodiments be used to deploy the Open Access Network Slice by reserving the appropriate SST/SD.
  • the slice management can, in some embodiments, be configured to deploy new slices when necessary.
  • functions that could be employed, in some embodiments, to trigger the deployment of an Open Access Network Slice. These include, for example, in a RAN the RAN performance optimizer, the RAN data enrichment processor, the Cloud data manager, RAN assurance application, and RAN growth manager. In some embodiments any of the above functions might coordinate with the RAN slice manager to deploy a new Open Access Network Slice.
  • the performance of the network, having employed or having the capacity to employ, can also be of concern to the service provider.
  • S-NPN Standalone Non-Public Network
  • a service provider is likely to want to provide priority access to UEs within the S-NPN private network. In some embodiments this can be implemented by the service provider setting an upper bound to the number of UEs that could access an Open Access Network Slice.
  • the service provider could deploy the open access network slice such that in an emergency situation, a visitor event, or a special event use case does not flood the network with UEs all attempting to access the Open Access Network Slice at the same time.
  • a GSMA Slice Parameter in NG. 116 can be employed to throttle the maximum number of UEs that are allowed to access an Open Access Network Slice.
  • Open Access Network Slice Security aspects for the Open Access Network Slice are a further architectural concern.
  • the design and implementation of the system should have the Open Access Network Slice security isolated from other resources for normal Non-public Network (NPN) operation when the Open Access Network Slice is deployed to a private network.
  • NPN Non-public Network
  • 3GPP SA3 there are mechanisms for network slicing authentication & access control.
  • One of the key aspects of an Open Access Network Slice is that in some embodiments a UE access is limited such that it is defined to only go to fixed endpoints. When a UE is on an Open Access Network Slice this end point limitation, by itself, will greatly limit what the UE can do on this kind of special slice.
  • the fixed endpoint embodiments further serve to restrict where the UE can access and potentially the activities or applications or functions it can access. In some embodiments the fixed endpoint can be configured to perform special limited functions to handle the UE. Additional restrictions in some embodiments can be employed to further isolate or restrict the user such that they can only use limited resources and avoid from impacting original business
  • an event visitor Open Access Network Slice can be configured with a single dedicated endpoint which is a visitor manager application whose only purpose is to record that a user or UE registered in a particular location.
  • Another example can be an application server, if a UE attached to this Open Access Network Slice, then the sole purpose of the application server could be to download an application to the UE.Thus, the scope and reach of what the UE is able to do at the fixed endpoint serves to limit the scope of what the user can do, which offers security and isolation from the rest of the network.
  • the UE For an open access network slice system to work, the UE must know to use the open access network slice. As discussed herein this could be implemented by the new SST value that could be selected by the UE.
  • the UE can be configured such that the UE should try other available slices first before attaching to an open access network slice. If there are other available network slices to which the UE has access and is authorized to use the UE should try those slices first.
  • the reason for this prioritization of slices with the open access network slice with a low priority is that the open access network slice would be generally used for special corner case situations. For example, if there is an emergency open access network slice, typical network management would want the UE to try other available network slices or networks before trying the emergency network.
  • the UE is accessing a SNPN private network, it would be preferable that the UE is configured to first attempt to attach to the SNPN network normally. The UE then should only use the SNPN on an open access network slice as an exception. Also, generally the network should be configured to provide business priority to the normal users of the SNPN network before other visitor UEs.
  • FIG. 8 A deployment aspect of an example implementation is shown in Figure 8.
  • the management layer 801 with a suitable management system function (ManagementSystem) 803.
  • ManagementSystem management system function
  • 5G core network 811 Within the 5G core network 811 is an access and mobility function (AMF) 813, session management function (SMF) 815 and user plane function (UPF) 817.
  • AMF access and mobility function
  • SMF session management function
  • UPF user plane function
  • 5G RAN layer 821 Within it an example gNB 823.
  • a device layer 831 with a UE 833.
  • FIG 8 shows the open access network slice (OANS) deployment 851.
  • ManagementSystem function 803 can be configured to receive a request to allocate a slice to an open access network slice (OANS) as shown in Figure 8 by step 861.
  • OFANS open access network slice
  • ManagementSystem function 803 can be configured to allocate resources for the OANS based on service requirement (e.g. open access network slice indicator S-NSSI, coverage area, max number of UEs, time isolation requirement) as shown in Figure 8 by step 863.
  • service requirement e.g. open access network slice indicator S-NSSI, coverage area, max number of UEs, time isolation requirement
  • the ManagementSystem function 803 can be configured to configure the 5G core network functions (for example AMF, SMF, UPF, etc) to support the OANS.
  • this can be in the form of setting the open access network slice indicator, S-NSSAI, QoS, service limit, endpoint, etc. as shown in Figure 8 by step 865.
  • the ManagementSystem function 803 can be configured to configure the RAN layer. For example, this can involve configuring the gNB to support OANS, and involve providing the S-NSSAI, open access network slice indicator etc as shown in Figure 8 by step 867.
  • the call processing or OANS operation aspect of an example implementation is shown in Figure 9.
  • the management layer 801 with a suitable management system function (ManagementSystem) 803.
  • a 5G core network 811 Within the 5G core network 811 is an access and mobility function (AMF) 813, session management function (SMF) 815 and user plane function (UPF) 817.
  • AMF access and mobility function
  • SMF session management function
  • UPF user plane function
  • 5G RAN layer 821 Within it an example gNB 823.
  • a device layer 831 with a UE 833 is shown.
  • FIG. 9 shows the call processing or OANS operation 841.
  • the gNB 823 is configured to broadcast the PLMNId, NAI and other indicators as shown in Figure 9 by step 871.
  • the UE 833 can then be configured to select a PLMN/NPN for network registration as shown in Figure 9 by step 873.
  • the UE 833 can further register (via the gNB 823) to the 5G network with the Open Access Network Slice S-NSSAI as shown in Figure 9 by step 875.
  • the AMF 813 can then be configured to validate the S-NSSAI and admits the registration request (and in some embodiments the admission is based on the max number of UEs having not been reached) as shown in Figure 9 by step 877.
  • the validation can, for example, be determining a match between a request slice/service type value and a defined network slice/service type value for the open access network slice or determining a match between the request slice/service type and slice differentiator value and the defined single network slice selection assistance information value.
  • the AMF 813 is configured to send (via the gNB 823) the registration response to the UE 833 as shown in Figure 9 by step 879.
  • the UE 833 can then be configured (via the gNB 823, AMF 813) to set up a PDU session on the Open Access Network Slice as shown in Figure 9 by step 881.
  • the SMF 815 can then be configured to acknowledge (via the AMF 813, gNB 823) the successful creation of the PDU session towards the UE 833 as shown in Figure 9 by step 883.
  • the UE 833 (via the gNB 823, and the UPF 817) starts a user plane data connection to a dedicated endpoint as shown in Figure 9 by step 885.
  • the advantages associated with the implementation of the embodiments described herein of the Open Access Network Slice are that it allows a device (UE) entry into a network without authentication. This confers the benefit of granting access to a UE when it would otherwise be unable to access a network. There is no other general way that a UE would be able to gain open access to network without this invention.
  • the Open Access Network Slice provides a solution for critical emergency cases where UE initiates an emergency call (911) while in a S/PNI NPN network that is unavailable. This would allow a UE in an area that is experiencing an emergency to access the network during that situation.
  • the Open Access Network Slice can be used to allow open access to normally restricted parts of the network, such as a SNPN system, with limited side effects on the network as a whole.
  • Figure 10 there is shown an example flow diagram where a UE is trying to gain access to a network during an emergency using a network according to some embodiments.
  • the UE 1000 in this example initiates an emergency call as shown in Figure 10 by step 1001.
  • the AMF 1004 has been configured with Emergency Configuration Data as shown in Figure 10 by step 1003.
  • the PLMN 1002 furthermore can be configured to broadcast the network identity as shown in Figure 10 by step 1007.
  • the UE 1000 is then configured to register with the network with its SUPI and NAI as shown in Figure 10 by step 1009.
  • the UE 1000 furthermore generates and sends a service request to the PLMN 1002 as shown in Figure 10 step 1011, furthermore the UE sends no slicing parameters while it is in an emergency state as shown in Figure 10 by step 1013.
  • the subscription verification is allowed as shown in Figure 10 by step 1015 because the AMF 1004 allows for entry during a limited access state.
  • the AMF 100 is configured to send an emergency services support indicator.
  • the PLMN 1002 is configured to establish an Emergency PDU session as shown in Figure 10 by step 1019.
  • the UE does enter limited access state but due to the ground rules for a SNPN private network it would normally not be allowed admittance. With an Open Access Network Slice, it would be allowed admittance to a special emergency center fixed endpoint.
  • a further example application of the embodiments as described herein is in a visitor situation where a UE needs temporary access in a network.
  • the Open Access Network Slice embodiments described herein have the advantage that it allows the UE access to the network when the UE would normally not have another way to have access to the network.
  • the Open Access Network Slice is described herein allows an event designer to allow for a way for an enterprise or network to create special open access slices for a variety of purposes. As discussed herein a second level authentication and authorization could optionally be applied on application level.
  • an industry 4.0 factory may be configured to permit access to a drone or autonomous vehicle which has travelled from another location. The drone or autonomous vehicle can for example require temporary access to the network to complete the delivery process and then will leave.
  • Additional situations wherein the embodiments described herein can be implemented are a special event, or a visitor tourist site, an enterprise hosting an event where ‘foreign’ UEs are desired to be admitted into the network temporarily.
  • a control mechanism to manage the maximum number of guests in specific area can be implemented as described herein to avoid flooding the network (which could degrade the availability of the whole network) .
  • an additional second authentication can be implemented (as also discussed herein) .
  • FIG. 11 The situation is shown with respect to the example in Figure 11.
  • a public network 1101 with nodes (gNB) 1125 and 1123 Furthermore, the example shows a delivery drone 1151 which has a package that the delivery drone 1151 needs to deliver to an industry 4.0 factory 1109.
  • the factory 1109 operates a S-NPN type private network 1107 within which there are nodes (gNB or other suitable access nodes) 1105 and 1115.
  • nodes gNB or other suitable access nodes
  • the drone 1151 is an affiliate of this enterprise, but perhaps the enterprise wishes to only to grant the drone access on the open access slice as it knows that the delivery drone will only need access to the network for a few minutes.
  • the drone is configured to communicate 1139 with a fixed end point 1037 accessed using the open access network slice 1133 based on the configuration information 1135.
  • the Drone UE 1151 may become damaged or have a software issue and does not have the normal credentials to enter the factory in the SNPN network credibly.
  • the delivery drone UE 1151 can be configured to gain access to the Open Access Network Slice which is essentially a “temporary guest network slice” . This would enable data access with respect to the fixed endpoint 1037 in the network 1031 which has been specially setup to handle visitors and damaged drones.
  • the apparatuses may comprise or be coupled to other units or modules etc., such as radio parts or radio heads, used in or for transmission and/or reception. Although the apparatuses have been described as one entity, different modules and memory may be implemented in one or more physical or logical entities.
  • the various embodiments may be implemented in hardware or special purpose circuitry, software, logic or any combination thereof. Some aspects of the disclosure may be implemented in hardware, while other aspects may be implemented in firmware or software which may be executed by a controller, microprocessor or other computing device, although the disclosure is not limited thereto. While various aspects of the disclosure may be illustrated and described as block diagrams, flow charts, or using some other pictorial representation, it is well understood that these blocks, apparatus, systems, techniques or methods described herein may be implemented in, as non-limiting examples, hardware, software, firmware, special purpose circuits or logic, general purpose hardware or controller or other computing devices, or some combination thereof.
  • circuitry may refer to one or more or all of the following:
  • circuitry also covers an implementation of merely a hardware circuit or processor (or multiple processors) or portion of a hardware circuit or processor and its (or their) accompanying software and/or firmware.
  • circuitry also covers, for example and if applicable to the particular claim element, a baseband integrated circuit or processor integrated circuit for a mobile device or a similar integrated circuit in server, a cellular network device, or other computing or network device.
  • the embodiments of this disclosure may be implemented by computer software executable by a data processor of the mobile device, such as in the processor entity, or by hardware, or by a combination of software and hardware.
  • Computer software or program also called program product, including software routines, applets and/or macros, may be stored in any apparatus-readable data storage medium and they comprise program instructions to perform particular tasks.
  • a computer program product may comprise one or more computer-executable components which, when the program is run, are configured to carry out embodiments.
  • the one or more computer-executable components may be at least one software code or portions of it.
  • any blocks of the logic flow as in the Figures may represent program steps, or interconnected logic circuits, blocks and functions, or a combination of program steps and logic circuits, blocks and functions.
  • the software may be stored on such physical media as memory chips, or memory blocks implemented within the processor, magnetic media such as hard disk or floppy disks, and optical media such as for example DVD and the data variants thereof, CD.
  • the physical media is a non-transitory media.
  • the memory may be of any type suitable to the local technical environment and may be implemented using any suitable data storage technology, such as semiconductor-based memory devices, magnetic memory devices and systems, optical memory devices and systems, fixed memory and removable memory.
  • the data processors may be of any type suitable to the local technical environment, and may comprise one or more of general-purpose computers, special purpose computers, microprocessors, digital signal processors (DSPs) , application specific integrated circuits (ASIC) , FPGA, gate level circuits and processors based on multi core processor architecture, as non-limiting examples.
  • Embodiments of the disclosure may be practiced in various components such as integrated circuit modules.
  • the design of integrated circuits is by and large a highly automated process.
  • Complex and powerful software tools are available for converting a logic level design into a semiconductor circuit design ready to be etched and formed on a semiconductor substrate.

Abstract

An apparatus comprising means for providing a network slice with a defined one of: slice/service type value; or a slice/service type and slice differentiator value, the network slice configured to permit a communications device to conditionally access at least one service through the network slice without authentication and credentials.

Description

Method, apparatus, and computer program Field
The present application relates to a method, apparatus, and computer program and in particular but not exclusively a method, apparatus, and computer program relating to an open access network slices.
Background
A communication system can be seen as a facility that enables communication sessions between two or more entities such as communication devices, base stations and/or other nodes by providing carriers between the various entities involved in the communications path.
The communication system may be a wireless communication system. Examples of wireless systems comprise public land mobile networks (PLMN) operating based on radio standards such as those provided by 3GPP, satellite-based communication systems and different wireless local networks, for example wireless local area networks (WLAN) . The wireless systems can typically be divided into cells and are therefore often referred to as cellular systems.
The communication system and associated devices typically operate in accordance with a given standard or specification which sets out what the various entities associated with the system are permitted to do and how that should be achieved. Communication protocols and/or parameters which shall be used for the connection are also typically defined. Examples of standards are the so-called 5G standards.
Slicing is a concept which has been introduced in 5G. A service provider transforms its network into a set of logical networks on top of a shared infrastructure. Each logical network (known as a slice) of the set of logical networks may be designed to serve at least one defined purpose and comprises the required network resources, configured and connected end-to-end (from end user through RAN/core to application) . The slices are assigned to a subscriber for the desired services.
Additionally, within the communication system there can be Public-Networks (PN) which are publicly accessible networks and Non-Public Networks (NPN) which are private networks. Non-Public Networks (NPNs) can be categorized into two different kinds of NPN: a Standalone Non-Public Network (SNPN) which is typically hosted by, for example, a vertical industry owner and Public Network Integrated-Non-Public Network (PNINPN) , which are offered as a “private” branch of a public network.
The growing number of Non-Public Networks are changing the networking landscape in a way that these new networks may attract users which have contracts with big  communications service provider (CSP) network providers. The new networks may offer local services which are open to others than regular users of the NPN.
Summary
According to an aspect, there is provided apparatus comprising means for providing a network slice with a defined one of: slice/service type value; or a slice/service type and slice differentiator value, the network slice configured to permit a communications device to conditionally access at least one service through the network slice without authentication and credentials.
The means may be further for providing at least one default network slice that the communications device does not belong to and through which communication devices attempt to access services.
The means for providing the network slice with the defined slice/service type value or defined slice/service type and slice differentiator value, the network slice configured to permit the communications device to conditionally access at least one service through the network slice without authentication and credentials may be for allocating resources for the network slice, and wherein the means for allocating resources for the network slice may be further for determining one of: a slice/service type value for the network slice; or a slice/service type and slice differentiator value for the network slice.
The means for allocating resources for the network slice may be further for determining at least one of: a coverage area for the network slice; a maximum number of communications devices which can use the network slice; and a temporary grant time period for the network slice; an isolation value requirement setting for the network slice; a service limit for the network slice; and an endpoint for the network slice.
The means for providing the network slice with the defined slice/service type value or the defined slice/service type and slice differentiator value, the network slice configured to permit the communications device to conditionally access at least one service through the network slice without authentication and credentials may be for generating information for configuring at least one core network apparatus to support the network slice, wherein the means for generating information for configuring the at least one core network apparatus to support the network slice may be for determining one of: an open access network slice indicator for the network slice; a slice/service type value for the network slice; or a slice/service type and slice differentiator value for the network slice.
The means for generating information for configuring the at least one core network apparatus to support the network slice may be for determining at least one of: a coverage area for the network slice; a maximum number of communications devices; a quality-of-service requirement for the network slice; a service limit for the network slice; an endpoint for  the network slice; a temporary grant time period for the network slice; and an isolation requirement for the network slice.
The means for providing the network slice with the defined slice/service type value or the defined a slice/service type and slice differentiator value, the network slice configured to permit the communications device to conditionally access at least one service through the network slice without authentication and credentials may be for generating information for configuring at least one radio access network apparatus to support the network slice, wherein the means for generating information for configuring the at least one radio access network apparatus to support the network slice may be for determining one of: an open access network slice indicator for the network slice; a slice/service type value for the network slice; or a slice/service type and slice differentiator value for the network slice.
The means for generating information for configuring the at least one radio access network apparatus to support the network slice may be for determining at least one of: a slice differentiator value for the network slice; a quality-of-service requirement for the network slice; a service limit for the network slice defining a maximum number of communications devices which can use the network slice; and an isolation value requirement for the network slice.
The apparatus may be a Management System function for a Management Plane or M-Plane.
The means for providing the network slice with the defined slice/service type or the defined slice/service type and slice differentiator value, the network slice configured to permit the communications device to conditionally access at least one service through the network slice without authentication and credentials may be for: obtaining information for supporting the network slice, the information may comprise one of: the defined network slice/service type value; or the defined slice/service type and slice differentiator value; and obtaining via at least one radio access network apparatus a request from the communications device to access the network slice, the request may comprise one of: a request slice/service type value; or a request slice/service type and slice differentiator value; validating the request, wherein the validating the request may be for: determining a match between the requested slice/service type value and the defined network slice/service type value; or determining a match between the requested slice/service type and slice differentiator value and the defined single network slice selection assistance information value; and generating a registration response based on the validation.
The means for validating the request may be further for bypassing communicating with at least one unified data management function to validate subscription information associated with the communications device, when there is a match between the requested slice/service type value and the defined network slice/service type value or there is a match  between the requested slice/service type and slice differentiator value and the defined slice/service type and slice differentiator value.
The means for validating the request may be further for the Access and Mobility Management Function bypassing a validation communication with at least one unified data management function for validating subscription information associated with the communications device when there is a match between the requested slice/service type value and the defined network slice/service type value or a match between the requested slice/service type and slice differentiator value and the defined slice/service type and slice differentiator value.
The information may further comprise a maximum number of communications devices which can use the network slice, and wherein the means for validating the request may be for determining a number of current users of the network slice is less than the maximum number of communications devices which can use the network slice.
The apparatus may comprise a radio access network apparatus, and the means for providing the network slice with the defined one of: slice/service type value; or a slice/service type and slice differentiator value may be for: obtaining information for supporting the network slice, the information may comprise one of: an open access network slice indicator for the network slice; the defined slice/service type value; or the defined slice/service type and slice differentiator value; and generating information for enabling the at least one communications device to request access to the network slice, the information comprising at least one network slice selection access information identifier associated with the network slice.
The information may further comprise a quality-of-service requirement for the network slice.
The means may be for transmitting the information for enabling the at least one communications device to request access to the network slice over a signalling plane.
The apparatus may comprise a communication device apparatus, and the means for providing the network slice with the defined one of: slice/service type value; or a slice/service type and slice differentiator value may be for: obtaining information for enabling the communications device apparatus to attempt to access at least one default network slice which the communications device apparatus may or may not belong to and may or may not be permitted to access; obtaining information for enabling the communications device apparatus to access the network slice comprising the defined slice/service type value or the defined slice/service type and slice differentiator value; generating a request to access the network slice, the request comprising one of: the defined slice/service type value or the defined slice/service type and slice differentiator value; obtaining a response for access to the network slice based on the request being validated; requesting and obtaining a protocol  data unit session on the network slice; and requesting and obtaining a user plane data connection to a fixed endpoint.
The communications device apparatus may be further for: generating a default network slice access request for attempting to access the at least one default network slice which the communications device apparatus may or may not belong to and may or may not be permitted to access prior to generating the request to access the network slice; and generating the request to access the network slice when the attempt to access the at least one default network slice fails.
The at least one network slice may be one of: part of a stand-alone non-public network; or public-network integrated non-public network; or part of a public network.
The means for generating a request to access the network slice may be for: determining the at least one service is only accessible at a fixed endpoint through the network slice; and generating the request.
The means, following the obtaining of the user plane data connection to the fixed endpoint, may be further for authenticating the communications device at the determined endpoint so to enable the communications device to execute the service.
The network slice may comprise one of: an open access network slice; a static open access network slice; and a dynamic open access network slice.
According to another aspect, there is provided an apparatus, the apparatus comprising at least one processor and at least one memory including a computer program code, the at least one memory and computer program code configured to, with the at least one processor, cause the apparatus at least to: provide a network slice with a defined one of:slice/service type value; or a slice/service type and slice differentiator value, the network slice configured to permit a communications device to conditionally access at least one service through the network slice without authentication and credentials.
The apparatus may be further caused to provide at least one default network slice that the communications device does not belong to through which communication devices attempt to access services.
The apparatus caused to provide the network slice with the defined slice/service type value or the defined slice/service type and slice differentiator value, the network slice configured to permit the communications device to conditionally access at least one service through the network slice without authentication and credentials may be caused to allocate resources for the network slice, and wherein the apparatus caused to allocate resources for the network slice may be further caused to determine one of: a slice/service type value for the network slice; or a slice/service type and slice differentiator value for the network slice.
The apparatus caused to allocate resources for the network slice may be further caused to determine at least one of: a coverage area for the network slice; a maximum  number of communications devices which can use the network slice; and a temporary grant time period for the network slice; an isolation value requirement setting for the network slice; a service limit for the network slice; and an endpoint for the network slice.
The apparatus caused to provide the network slice with the defined slice/service type or the defined slice/service type and slice differentiator value, the network slice configured to permit the communications device to conditionally access at least one service through the network slice without authentication and credentials may be caused to generate information for configuring at least one core network apparatus to support the network slice, wherein the apparatus caused to generate information for configuring the at least one core network apparatus to support the network slice may be caused to determine one of: an open access network slice indicator for the network slice; a slice/service type value for the network slice; or a slice/service type and slice differentiator value for the network slice.
The apparatus caused to generate information for configuring the at least one core network apparatus to support the network slice may be caused to determine at least one of: a coverage area for the network slice; a maximum number of communications devices; a quality-of-service requirement for the network slice; a service limit for the network slice; an endpoint for the network slice; a temporary grant time period for the network slice; and an isolation requirement for the network slice.
The apparatus caused to provide the network slice with the defined slice/service type or the defined slice/service type and slice differentiator value, the network slice configured to permit the communications device to conditionally access at least one service through the network slice without authentication and credentials may be caused to generate information for configuring at least one radio access network apparatus to support the network slice, wherein the apparatus caused to generate information for configuring the at least one radio access network apparatus to support the network slice may be caused to determine one of: an open access network slice indicator for the network slice; a slice/service type value for the network slice; or a slice/service type and slice differentiator value for the network slice.
The apparatus caused to generate information for configuring the at least one radio access network apparatus to support the network slice may be caused to determine at least one of: a slice differentiator value for the network slice; a quality-of-service requirement for the network slice; a service limit for the network slice defining a maximum number of communications devices which can use the network slice; and an isolation value requirement for the network slice.
The apparatus may be a Management System function for a Management Plane or M-Plane.
The apparatus may be caused to provide the network slice with the defined slice/service type or the defined slice/service type and slice differentiator value, the network  slice configured to permit the communications device to conditionally access at least one service through the network slice without authentication and credentials may be caused to: obtain information for supporting the network slice, the information may comprise one of: the defined network slice/service type value; or the slice/service type and slice differentiator value; and obtain via at least one radio access network apparatus a request from the communications device to access the network slice, the request may comprise one of: a request slice/service type value; or a request slice/service type and slice differentiator value; validating the request, wherein the apparatus caused to validate the request may be caused to: determine a match between the requested slice/service type value and the defined network slice/service type value; or determine a match between the requested slice/service type and slice differentiator value and the defined single network slice selection assistance information value; and generate a registration response based on the validation.
The apparatus caused to validate the request may be further caused to bypass communicating with at least one unified data management function to validate subscription information associated with the communications device, when there is a match between the requested slice/service type value and the defined network slice/service type value or there is a match between the requested slice/service type and slice differentiator value and the defined requested slice/service type and slice differentiator value.
The apparatus caused to validate the request may be further for the Access and Mobility Management Function caused to bypass a validation communication with at least one unified data management function for validating subscription information associated with the communications device when there is a match between the requested slice/service type value and the defined network slice/service type value or a match between the requested slice/service type and slice differentiator value and the defined slice/service type and slice differentiator value.
The information may further comprise a maximum number of communications devices which can use the network slice, and wherein the apparatus caused to validate the request may be caused to determine a number of current users of the network slice is less than the maximum number of communications devices which can use the network slice.
The apparatus may comprise a radio access network apparatus, and the apparatus caused to provide the network slice with the defined one of: slice/service type value; or slice/service type and slice differentiator value may be caused to: obtain information for supporting the network slice, the information may comprise one of: an open access network slice indicator for the network slice; the defined slice/service type value; or the defined slice/service type and slice differentiator value; and generate information for enabling the at least one communications device to request access to the network slice, the information  comprising at least one network slice selection access information identifier associated with the network slice.
The information may further comprise a quality-of-service requirement for the network slice.
The apparatus may be caused to transmit the information for enabling the at least one communications device to request access to the network slice over a signalling plane.
The apparatus may comprise a communication device apparatus, and the apparatus caused to provide the network slice with the defined one of: slice/service type value; or a slice/service type and slice differentiator value may be caused to: obtain information for enabling the communications device apparatus to attempt to access at least one default network slice which the communications device apparatus may or may not belong to and may or may not be permitted to access; obtain information for enabling the communications device apparatus to access the network slice comprising the defined slice/service type value or the defined slice/service type and slice differentiator value; generate a request to access the network slice, the request comprising one of: the defined slice/service type value or the defined slice/service type and slice differentiator value; obtain a response for access to the network slice based on the request being validated; request and obtain a protocol data unit session on the network slice; and request and obtain a user plane data connection to a fixed endpoint.
The communications device apparatus may be further caused to: generate an default network slice access request for attempting to access the at least one default network slice which the communications device apparatus may or may not belong to and may or may not be permitted to access prior to generating the request to access the network slice; and generate the request to access the network slice when the attempt to access the default network slice fails.
The at least one network slice may be one of: part of a stand-alone non-public network; or public-network integrated non-public network; or part of a public network.
The apparatus caused to generate a request to access the network slice may be caused to: determine the at least one service is only accessible at a fixed endpoint through the network slice; and generate the request.
The apparatus, following the obtaining of the user plane data connection to the fixed endpoint, may be further caused to authenticate the communications device at the determined endpoint so to enable the communications device to execute the service.
The network slice may comprise one of: an open access network slice; a static open access network slice; and a dynamic open access network slice.
According to another aspect, there is provided a method comprising: providing a network slice with a defined one of: slice/service type value; or a slice/service type and slice  differentiator value, the network slice configured to permit a communications device to conditionally access at least one service through the network slice without authentication and credentials.
The method may further comprise providing at least one default network slice that the communications device does not belong to and through which communication devices attempt to access services.
Providing the network slice with the defined slice/service type value or defined slice/service type and slice differentiator value, the network slice configured to permit the communications device to conditionally access at least one service through the network slice without authentication and credentials may comprise allocating resources for the network slice, and wherein allocating resources for the network slice may further comprise determining one of: a slice/service type value for the network slice; or a slice/service type and slice differentiator value for the network slice.
Allocating resources for the network slice may further comprise determining at least one of: a coverage area for the network slice; a maximum number of communications devices which can use the network slice; and a temporary grant time period for the network slice; an isolation value requirement setting for the network slice; a service limit for the network slice; and an endpoint for the network slice.
Providing the network slice with the defined slice/service type value or the defined slice/service type and slice differentiator value, the network slice configured to permit the communications device to conditionally access at least one service through the network slice without authentication and credentials may comprise generating information for configuring at least one core network apparatus to support the network slice, wherein generating information for configuring the at least one core network apparatus to support the network slice may comprise determining one of: an open access network slice indicator for the network slice; a slice/service type value for the network slice; or a slice/service type and slice differentiator value for the network slice.
Generating information for configuring the at least one core network apparatus to support the network slice may comprise determining at least one of: a coverage area for the network slice; a maximum number of communications devices; a quality-of-service requirement for the network slice; a service limit for the network slice; an endpoint for the network slice; a temporary grant time period for the network slice; and an isolation requirement for the network slice.
Providing the network slice with the defined slice/service type and/or a slice differentiator value, the network slice configured to permit the communications device to conditionally access at least one service through the network slice without authentication and credentials may comprise generating information for configuring at least one radio  access network apparatus to support the network slice, wherein generating information for configuring the at least one radio access network apparatus to support the network slice may comprise determining one of: an open access network slice indicator for the network slice; a slice/service type value for the network slice; or a slice/service type and slice differentiator value for the network slice.
Generating information for configuring the at least one radio access network apparatus to support the network slice may comprise determining at least one of: a slice differentiator value for the network slice; a quality-of-service requirement for the network slice; a service limit for the network slice defining a maximum number of communications devices which can use the network slice; and an isolation value requirement for the network slice.
The method may be implemented on a Management System function for a Management Plane or M-Plane.
Providing the network slice with the defined slice/service type or the defined slice/service type and slice differentiator value, the network slice configured to permit the communications device to conditionally access at least one service through the network slice without authentication and credentials may comprise: obtaining information for supporting the network slice, the information may comprise one of: the defined network slice/service type value; or the slice/service type and slice differentiator value; and obtaining via at least one radio access network apparatus a request from the communications device to access the network slice, the request may comprise one of: a request slice/service type value; or a request slice/service type and slice differentiator value; validating the request, wherein validating the request may comprise: determining a match between the requested slice/service type value and the defined network slice/service type value; or determining a match between the requested slice/service type and slice differentiator value and the defined single network slice selection assistance information value; and generating a registration response based on the validation.
Validating the request may comprise bypassing communicating with at least one unified data management function to validate subscription information associated with the communications device, when there is a match between the requested slice/service type value and the defined network slice/service type value or there is a match between the requested slice/service type and slice differentiator value and the defined requested slice/service type and slice differentiator value.
Validating the request may be further for an Access and Mobility Management Function bypassing a validation communication with at least one unified data management function for validating subscription information associated with the communications device when there is a match between the requested slice/service type value and the defined  network slice/service type value or a match between the requested slice/service type and slice differentiator value and the defined slice/service type and slice differentiator value.
The information may further comprise a maximum number of communications devices which can use the network slice, and wherein validating the request may comprise determining a number of current users of the network slice is less than the maximum number of communications devices which can use the network slice.
The method may be implemented on a radio access network apparatus, and providing the network slice with the defined one of: slice/service type value; or a slice/service type and slice differentiator value may comprise: obtaining information for supporting the network slice, the information may comprise one of: an open access network slice indicator for the network slice; the defined slice/service type value; or the defined slice/service type and slice differentiator value; and generating information for enabling the at least one communications device to request access to the network slice, the information comprising at least one network slice selection access information identifier associated with the network slice.
The information may further comprise a quality-of-service requirement for the network slice.
The method may further comprise transmitting the information for enabling the at least one communications device to request access to the network slice over a signalling plane.
The method may be implemented on a communication device apparatus, and providing the network slice with the defined one of: slice/service type value; or a slice/service type and slice differentiator value may comprise: obtaining information for enabling the communications device apparatus to attempt to access at least one default network slice which the communications device apparatus may or may not belong to and may or may not be permitted to access; obtaining information for enabling the communications device apparatus to access the network slice comprising the defined slice/service type value or the defined slice/service type and slice differentiator value; generating a request to access the network slice, the request comprising one of: the defined slice/service type value or the defined slice/service type and slice differentiator value; obtaining a response for access to the network slice based on the request being validated; requesting and obtaining a protocol data unit session on the network slice; and requesting and obtaining a user plane data connection to a fixed endpoint.
The method may comprise: generating a default network slice access request for attempting to access the at least one default slice which the communications device apparatus may or may not belong to and may or may not be permitted to access prior to  generating the request to access the network slice; and generating the request to access the network slice when the attempt to access the default network slice fails.
The at least one network slice may be one of: part of a stand-alone non-public network; or public-network integrated non-public network; or part of a public network.
Generating a request to access the network slice may comprise: determining the at least one service is only accessible at a fixed endpoint through the network slice; and generating the request.
The method, following the obtaining of the user plane data connection to the fixed endpoint, may comprise authenticating the communications device at the determined endpoint so to enable the communications device to execute the service.
The network slice may comprise one of: an open access network slice; a static open access network slice; and a dynamic open access network slice.
According to another aspect, there is provided a network entity comprising means for: providing a network slice with a defined one of: slice/service type value; or a slice/service type and slice differentiator value, the network slice configured to permit a communications device to conditionally access at least one service through the network slice without authentication and credentials.
According to another aspect, there is provided a network entity comprising at least one processor and at least one memory including a computer program code, the at least one memory and computer program code configured to, with the at least one processor, cause the network entity at least to: providing a network slice with a defined one of: slice/service type value; or a slice/service type and slice differentiator value, the network slice configured to permit a communications device to conditionally access at least one service through the network slice without authentication and credentials.
According to an aspect, there is provided a computer readable medium comprising program instructions for causing an apparatus to perform at least the method according to any of the preceding aspects.
According to an aspect, there is provided a non-transitory computer readable medium comprising program instructions for causing an apparatus to perform at least the method according to any of the preceding aspects.
In the above, many different embodiments have been described. It should be appreciated that further embodiments may be provided by the combination of any two or more of the embodiments described above.
Description of Figures
Embodiments will now be described, by way of example only, with reference to the accompanying Figures in which:
Figure 1 shows a schematic diagram of an example 5G system as defined by the 3GPP;
Figure 2 shows a schematic diagram of an example communications device;
Figure 3 shows a schematic diagram of an example apparatus;
Figures 4a and 4b show schematic views of example S-NPN and public network architecture and interactions;
Figure 4c show a schematic view of an open access network architecture and interactions according to some embodiments;
Figure 5 shows a schematic view of the lifecycle management of network slicing as defined by the 3GPP which can be applied to the open access network slice according to some embodiments;
Figure 6 schematically shows an example flow of the open access network slice according to some embodiments;
Figure 7 schematically shows an example open network slice slice/service type value extension according to some embodiments;
Figure 8 shows a flowchart of open access network slice flow with respect to deployment operations according to an example embodiment;
Figure 9 shows a flowchart of open access network slice flow with respect to call processing operations according to an example embodiment;
Figure 10 shows a flowchart of open access network slice flow with respect to an emergency use implementation; and
Figure 11 shows a further example of an open access network slice implementation with respect to an industry 4.0 environment.
Detailed description
In the following certain embodiments are explained with reference to mobile communications devices capable of communication via a wireless cellular system and mobile communication systems serving such mobile communications devices. Before explaining in detail the exemplifying embodiments, certain general principles of a wireless communication system, access systems thereof, and mobile communications devices are briefly explained with reference to Figures 1, 2 and 3 to assist in understanding the technology underlying the described examples.
Figure 1 shows a schematic representation of a 5G system (5GS) . The 5GS may be comprised by a terminal or user equipment (UE) , a 5G radio access network (5GRAN) or  next generation radio access network (NG-RAN) , a 5G core network (5GC) , one or more application functions (AF) and one or more data networks (DN) .
The 5G-RAN may comprise one or more base stations. In 5G the base station may be referred to as a gNodeB (gNB) . The RAN may comprise one or more gNodeB (gNB) (or base station) distributed unit functions connected to one or more gNodeB (gNB) (or base station) centralized unit functions.
The 5GC may comprise the following entities: one or more access management functions (AMF) , one or more session management functions (SMF) , an authentication server function (AUSF) , a unified data management (UDM) , one or more user plane functions (UPF) , and/or a network exposure function (NEF) .
Figure 2 illustrates an example of an apparatus 200. Ths apparatus may be provided for example in a communications device, or a base station (e.g. gNB) or in an AMF. The apparatus may comprise at least one memory. By way of example only the at least one memory may comprise random access memory (RAM) 211a and at least on read only memory (ROM) 211b. Apparatus used by other embodiments may comprise different memory.
The apparatus may comprise at least one  processor  212, 213. In this example apparatus, two processors are show.
The apparatus may comprise an input/output interface 214.
The at least one processor may be coupled to the at least one memory. The at least one processor may be configured to execute an appropriate software code 215. The software code 215 may for example allow the method of some embodiments to be performed.
The software code 215 may be stored in the at least one memory, for example ROM 211b.
Figure 3 illustrates an example of a terminal 300, such as the terminal illustrated on Figure 1. The terminal 300 may be provided by any device capable of sending and receiving radio signals. Non-limiting examples comprise a user equipment, a mobile station (MS) or mobile device such as a mobile phone or what is known as a ’smart phone’ , a computer provided with a wireless interface card or other wireless interface facility (e.g., USB dongle) , a personal data assistant (PDA) or a tablet provided with wireless communication capabilities, a machine-type communications (MTC) device, an Internet of things (IoT) type communications device or any combinations of these or the like. The terminal 300 may provide, for example, communication of data for carrying communications. The communications may be one or more of voice, electronic mail (email) , text message, multimedia, data, machine data and so on.
The terminal 300 may receive signals over an air or radio interface 307 via appropriate apparatus for receiving and may transmit signals via appropriate apparatus for transmitting radio signals. In Figure 3 transceiver apparatus is designated schematically by block 306. The transceiver apparatus 306 may be provided for example by means of a radio part and associated antenna arrangement. The antenna arrangement may be arranged internally or externally to the mobile device.
The terminal 300 may be provided with at least one processor 301, at least one memory ROM 302a, at least one RAM 302b and other possible components 303 for use in software and hardware aided execution of tasks it is designed to perform, including control of access to and communications with access systems and other communications devices. The at least one processor 301 is coupled to the RAM 302a and the ROM 302b. The at least one processor 301 may be configured to execute an appropriate software code 308. The software code 308 may for example allow to perform one or more of the present aspects. The software code 308 may be stored in the ROM 302b.
The processor, storage and other relevant control apparatus can be provided on an appropriate circuit board and/or in chipsets. This feature is denoted by reference 304.
The device may optionally have a user interface such as keypad 305, touch sensitive screen or pad, combinations thereof or the like.
Optionally one or more of a display, a speaker and a microphone may be provided depending on the type of the device.
In the following examples, the communications device is referred to as a UE. However, it should be appreciated that the communications device can any suitable communications device, some examples of which have already been mentioned.
Network slicing is provided in 5G. Network slicing supports different services using the same underlying mobile network infrastructure. One example of network slicing is described in 3GPP TS 38.300.
Network slices can differ in their service requirements. For example, the service requirement may be an ultra-reliable low latency communication (URLLC) service requirement or an enhanced mobile broadband (eMBB) service requirement. Network slices can differ in the tenant that provides those services.
A network slice is uniquely identified via S-NSSAI (Single-Network Slice Selection Assistance Information) . A UE may be simultaneously connected and served by a given maximum number of S-NSSAIs. In 3GPP TS 38.300, for example, the maximum is eight. For some embodiments, the maximum may be eight. Other embodiments may have a different maximum which may be more or less than eight.
Each cell may support tens or even hundreds of S-NSSAIs. For example, in 3GPP TS 38.300, a tracking area can have a support up to 1024 network slices. For some  embodiments, the maximum number of supported slices may be 1024. Other embodiments may have a different maximum which may be more or less than 1024.
With respect to Figure 4a is shown an example architecture and interactions between a user and example Non-Public Networks (NPN) .
In this example system there is shown a public network 423. The public network comprises a Public Network Integrated-Non-Public Network (PNI-NPN) 424 represented for example base station (Node) 425. The PNI-NPN 424 can be configured as slices, as shown by slice 427 and can communicate 429 with a vehicle-based user equipment 401.
Furthermore, is shown in Figure 4a a series of standalone non-public networks (SNPNs) . In this example is shown a first (industry) SNPN, SNPN1 403 comprising its own node or base station 405 and is also organised by slice as shown in slice 407 in communication 409 with the vehicle-based user equipment 401. There is also shown a second (enterprise) SNPN, SNPN2 413 comprising its own node or base station 415 and is also organised by slice as shown in slice 417 in communication 419 with the vehicle-based user equipment 401.
Conventional mobile network philosophy binds a user to a dedicated network via their SIM card. Although, in some cases, there is an option to use roaming this requires an upfront, contractual agreements. Once these agreements are in place a UE can be admitted 441 between a PNI-NPN 424 and a  SNPN  403 or 413. However, there is currently no mechanism to provide or allow spontaneous access to a Non-Public Network (NPN) that may offer a dedicated service.
For example, with respect to the example system shown in Figure 4a (but where there are no agreements in place and as such no communication 459 possible between the slice 407 and the vehicle-based user equipment 401) and further demonstrated in Figure 4b, there can be imagined a situation wherein the public network 423 become unavailable. For example, a node 475 is out of service due to an emergency and thus no communication 479 is possible for slice 427 and the vehicle-based user equipment 401.
Thus, a network during an emergency at the border of a Standalone Non-Public Network (SNPN) and Public Network Integrated-Non-Public Network (PNINPN) network where the PNI-NPN 424 system has become unavailable, but the SNPN 403 is still available. The problem is when the UE 401 moves into the still operational SNPN 403 network it would normally be excluded. SNPN 403 operation normally excludes the UE 401 from admittance.
However, it would be desirable to admit the UE 401 into the SNPN 403 system.
This concept, as discussed with respect to the embodiments herein, is the definition and implementation of an Open Access Network Slice. An Open Access Network Slice is defined to be a special standardized network slice which can comprise (or cross) SNPN, PNI-NPN and PLMN, and within which any UE can conditionally use for various services  without authentication and credentials. The implementation of “open” registration and onboarding of a UE to an Open Access Network Slice is disclosed in further detail herein. Furthermore, there is described example use cases of a new attach procedure.
An Open Access Network Slice (OANS) can be implemented in two forms or types of OANS: static OANS or dynamic OANS.
- static Open Access Network Slice -A Static Open Access Network Slice can be created and configured by a service provider during slicing preparation (design and onboarding) . In other words, a network slice that is deployed during network deployment. A priori the service provider creates a static OANS throughout tracking areas in network,
- dynamic Open Access Network Slice –A dynamic open access network slice can be deployed on-demand when needed. For example, an emergency would trigger the deployment of the Open Access Network Slice. In other words, a deploy “on-demand’ some management function or business function evaluation SLA/SLS determines or triggers a policy to deploy a OANS at this point in the network in TA. Thus, the dynamic OANS is one which is created ‘on the fly’ .
The Open Access Network Slice can in some embodiments be defined by a new value in the Slice Service Type (SST) value. For a given operator (defined by a PLMNid value) , a Network Slice is defined by the SST and the Slice Differentiator (SD) . The combination of these three numbers (PLMNid, SST and SD) uniquely identifies a network slice. The UE can be configured to request admittance to the Open Access Network Slice through the Single Network Slice Service Assistance Identifier (S-NSSAI) using the new SST value of the Open Access Network Slice. The UE can then in some embodiments be configured to gain access to the system without subscription and authentication restriction by the AMF.
The Open Access Network Slice thus, as described herein in further detail, allows the UE to gain access to dedicated fixed endpoints. The intention of the Open Access Network Slice does not allow access to everywhere in the system. Rather the Open Access Network Slice grants access to specific endpoints. This may be, in some embodiments, a special or defined DN endpoint that may require the UE to authenticate. Or the end point can, in some embodiments, be an endpoint that goes to special emergency services in the case of a public safety, or emergency Open Access Network Slice.
An example open access network slice is shown with respect to Figure 4c. In this example is shown the open access network 501 comprising base stations (or nodes) such as shown in the example network as shown in Figures 4a and 4b (and the base station 525 and its associated slice 523) . Additionally, in this example, there is shown associated with the base station 415 an open access network slice 533 instance which enables a  communication 539 between the UE 401 and fixed endpoint 537 and which can be enabled to grant access without authentication or credentials and is controlled by controller 535.
The concept of Open Access Network Slice, as discussed in further detail in the embodiments herein, can also include the needed management enhancements to configure the network elements in a way that open access network slices can be offered. This also includes configuration of non-functional things like security, availability, and performance considerations, especially to avoid a decrease in performance (side effects) with respect to the normal business of the network.
One aspect, with respect to the definition of the Open Access Network Slices, is that of preparation, design/onboarding, and commissioning of slices. The service provider, for example, would be required to setup the Open Access Network Slices and their operation.
Figure 5 shows the Lifecycle of a Network Slice Instance which is applicable to the open access network slices according to some embodiments.
The embodiments, as described herein, are reflected in and are relevant to all phases (Preparation 550, Commissioning 570, Operation 580 and Decommissioning 590) of Figure 5.
Thus, for example, a preparation 550 phase can comprise a design 553 operation which passes to an on-boarding 555 operation. Additionally, the preparation 550 phase can comprise a network environment preparation 557 operation.
The instance can then be instigated with respect to a commissioning 570 phase comprising a creation operation 571.
Having been commissioned the network slice instance lifecycle 560 comprises an operation 580 phase. The open access network slices are operated during the operation 580 of the lifecycle of a network slice instance (NSI) .
The operation 580 phase comprises an activation 581 operation. Having been activated there can comprise the operations of Supervision 583, Reporting 587 and Modification 585 of slices which allows the service provider to monitor the operation of an open access network slice instance (s) . Furthermore, the operation 580 phase comprises a de-activation 589 operation.
Having deactivated the open access network slice instance furthermore there is a decommissioning phase 590 which can comprise a termination 591 operation.
As is disclosed in the embodiments herein there are standards related updates necessary for the preparation 550, commissioning 570, activation 581, de-activation 589 or decommissioning 590 of open access network slices and their instances.
With respect to Figure 6 is shown a schematic flow diagram of the configuration and operation of the open access network slice.
For example, the management layer 601 is configured to generate and pass 651 configuration control information to the 5G core layer 603 (for example an access mobility function –AMF 613) . The management layer or plane is a set of services and operations that handle the control of RAN, Core and transport elements in a network. The M-Plane is thus a communication layer that is specifically used for FCAPS (fault, configuration, accounting, performance and security) , LCM (life cycle management) operations between the RAN, Core and transport elements in a network.
In some embodiments, with respect to a Static Open Access Network Slice instance, the network can be pre-configured using a new SST. The combination of Slice Service Type (SST) and the Slice Differentiator (SD) can therefore uniquely identify the slice. When a UE requests access for an Open Access Network Slice it can be configured to use this identity in the S-NSSAI. The Open Access Network Slice is a special network slice that any UE can use without authentication and credentials. A Static Open Access Network Slice can thus be created and configured by a service provider during slicing preparation (design and onboarding) . Although this example shows a static slice it is understood that it could also be deployed dynamically. A dynamic open access network slice would be deployed on-demand when needed. For example, an emergency would trigger the deployment of the Open Access Network Slice.
The 5G core layer 603 (the AMF 613) is configured for open access network slice operations based on the configuration control information.
Having been configured for open access network slice operations, the 5G core layer 603 (AMF 613) can then be configured to generate 653 information which can then be transmitted 655 to the gNB (as part of the radio access network layer 605) .
The information received by the gNB 605 is then caused to enable the gNB to broadcast 657 the information with respect to the open access network slice instance to a UE 607. The information in some embodiments comprises the Public Land Mobile Network Identifier (PLMNID) and Network Identifier (NID) associated with the open access network slice instance.
The UE 607, having obtained the broadcast information, is configured to request access to the open access network slice using a slice service type (SST) value in the Single Network Slice Service Assistance Identifier (S-NSSAI) which identifies that the request is with respect to an open access network slice.
This request is generated 659 by the UE 607 and then transmitted 661 to the gNB 605. The gNB 605 can then be configured to pass 663 the request to the 5G core 603 (for example to the AMF 613) which is configured to grant access for the UE to the open access network slice.
The UE 607 can be configured to generate a request for access to an open access network slice through the new SST value in the S-NSSAI. The UE 607, in some embodiments, should be configured to prioritize the open access network slice last if it has potential to access other slices. The UE requests admittance to the Open Access Network Slice through the Single Network Slice Service Assistance Identifier (S-NSSAI) using the new Open Access Network Slice SST value. Ultimately, the UE will gain access to the system without subscription and authentication restriction by the AMF/AUSF because it is requesting access to an Open Access Network slice in the S-NSSAI.
The UE 607 is then configured implement an open access network slice attach 665 to the data network or fixed endpoint 609 via the user plane function (UPF) 623 of the 5G core 603. The UE is onboarded and attached without credentials. The AMF 613 is configured to grant access to the UE 607 because the UE 607 has requested the SST/SD of the Open Access Network Slice. The idea of open access attach onboarding of a UE 607 to an Open Access Network Slice is implemented at the AMF 613.
After the open access attach, the Open Access Network Slice can be configured in some embodiments to allow the UE 607 to gain access to limited fixed endpoints. In other words, the Open Access Network Slice is configured to grant access to specific or defined endpoints. For example, these end points can in some embodiments be a special emergency public safety management center in the case of an emergency use case. In some further examples the endpoint may be also a visitor management endpoint that is used to grant access to visitors into a SNPN network. In other words, the Open Access Network Slice can be configured to not allow access to everywhere (anywhere) in the system. Furthermore, in some embodiments the defined or permitted DN endpoint can be configured to require the UE to authenticate.
With respect to Figure 7 is shown an example design of the SST/SD according to some embodiments. Figure 7 shows an example S-NSSI comprising the SST 703 part (which is shown in this example as an 8-bit value) and a SD 705 part (which is shown in this example as a 24-bit value) . In this example design the Open Access Network Slice (OANS) slice/Service Type value is a new value (x) representing a new category of slice similar to the currently defined categories such as eMBB (value 1) or URLLC (value 2) slice. Thus, when a UE wishes to request for an open access network slice it can be configured to indicate this in the SST value. In some embodiments where there are provided multiple available open access network slices, then the UE is configured to indicate further qualifiers in the SD (slice differentiator) value identifying between the available open access network slices. Note the example OANS SST value may be any suitable unique identification value and may be defined by standardization activities.
In in some embodiments, one type of Dynamic open access network slice trigger might be when a UE has requested for an open access network slice and none yet exist in the tracking area. In such embodiments the management layer may be configured to deploy on demand a dynamic open access network slice based on the UE request on the incoming S-NSSAI.
This dynamic open access network slice trigger may be understood to be analogous to within a retail setting, where someone comes into a store and requires some assistance. In this example analogy although no one was scheduled to help wandering strangers, the system allocates a store worker temporarily to address the concerns of the patron. Thus, with respect to the example open access network slice embodiments, the entrant to the network may be an unexpected UE, but it requests an open access network slice, so the AMF accommodates the request and deploys a dynamic open access network slice for the visitor UE.
As shown with respect to Figure 6 one aspect of the employment of the open access network slices is the operation of controlling or programming of entities within the 5G core network (for example the AMF and UDM) to accommodate the open access network slice instances.
Thus, in the embodiments as shown herein the AMF within the 5G core network is configured to recognize this new SST, and act accordingly. The network design 553 operation as shown in Figure 5 is configured to allow for the AMF to be programmed to recognize and implement OANS operations with respect to receiving requests comprising the SST value. For example, in some embodiments the AMF is configured to, when it receives an access request comprising an SST value for an open access network slice, to allow the UE to have access to the open access network slice even without the proper credentials.
This operation differs from the current behaviour employed by the AMF based on the 3GPP standards as presently, the AMF is configured to verify the subscription of the UE when it is contacted.
Furthermore, in some embodiments the system can comprise a special AMF that is configured to handles open access network slices. In such embodiments a Globally Unique AMF Identifier (GUAMI) can be specified by the UE which requests for a certain AMF to handle the service attach procedure. In such a way the network can be configured to select an appropriate AMF to service the UE. In the case of an open access network slice, there is provided a special AMF with an associated GUAMI dedicated for the task.
A suitable analogy in this circumstance is a help desk in real life whose purpose is to serve incoming random walk-in patrons.
Additionally, a further aspect with respect to the employment of open access network slices is that of the endpoints or data endpoints (as shown in Figure 6 by data endpoint 609) in the network. These data endpoints are configured to service the other end of the open access network slice.
Furthermore, in some embodiments, the open access network slice implementations can be configured to specify that the open access network slice causes the data communication to be routed to one or more specified or particular fixed endpoints. The design of such endpoints however can be configured and designed by the service provider. For example, in some embodiments, the service provider is configured to employ a single open access network slice manager. Furthermore, the service provider can be configured, in some embodiments, to set up an endpoint just for emergency cases and thus setup an open access network slice with an SST/SD just for emergencies. Further, in some embodiments, there can be employed a dynamic temporary open access network slice that is used during a special event, to handle visitors into a network. In such embodiments the service providers can be configured to setup a temporary endpoint to manage visitors.
In some embodiments the service provider is configured to design a Security Endpoint which would request and implement secondary authentication. An example of a suitable secondary authentication could be a captcha verifying that the user is a human being. In some further embodiments the secondary level of authentication could be a two-factor authentication system. In some embodiments the system is configured to openly let in a UE via the open access network slice, where visitors to the event are provided with an event-access code that can be employed at the security endpoint. This security strategy can thus be similar to those employed in broadcast events. In such systems a user is provided with a “public” web address, that in theory anyone could gain access to. However, the user is also provided with a special code just for the event that they enter to gain access to the broadcast video. In a similar way, for the open access network slice design, the UE might be a visitor UE to the network attending an event. The user can thus gain access via the open access network slice and is sent to the security endpoint for further authentication.
A further aspect with respect to the employment of open access network slices is that of the deployment of the open access network slice. As discussed previously the deployment can be one of a static deployment or a dynamic deployment.
In some embodiments a Static Open Access Network Slice is created and configured by a service provider or enterprise during the slice preparation 550 and commissioning 570 phases.
For example, the static open access network slice implementation is part of the network design 553 operation and onboarding 555 operation. A service provider could thus in some embodiments employ a management layer application such as a Service  Management Orchestrator or Orchestration (SMO) or network slice/network slice subnet/network function management function (NSMF -Network Slice Management Function, NSSMF -Network Slice Subnet Management Function, NFMF -Network Function Management Function) which would allow the service provider to specify slices in the network.
Furthermore, a dynamic open access network slice implementation is one which is deployed on-demand when needed. For example, an emergency would trigger the deployment of the Open Access Network Slice. Here again, the Nokia SMO/NOM has for example for RAN a RAN slice management rApp that could in some embodiments be used to deploy the Open Access Network Slice by reserving the appropriate SST/SD. The slice management can, in some embodiments, be configured to deploy new slices when necessary. Within the SMO/NOM there are a variety of functions that could be employed, in some embodiments, to trigger the deployment of an Open Access Network Slice. These include, for example, in a RAN the RAN performance optimizer, the RAN data enrichment processor, the Cloud data manager, RAN assurance application, and RAN growth manager. In some embodiments any of the above functions might coordinate with the RAN slice manager to deploy a new Open Access Network Slice.
The performance of the network, having employed or having the capacity to employ, can also be of concern to the service provider. For example, for a Standalone Non-Public Network (S-NPN) type network, it is likely there are fewer base stations covering the system compared to a conventional Public Land Mobile Network. Additionally, a service provider is likely to want to provide priority access to UEs within the S-NPN private network. In some embodiments this can be implemented by the service provider setting an upper bound to the number of UEs that could access an Open Access Network Slice.
Furthermore, in some embodiments the service provider could deploy the open access network slice such that in an emergency situation, a visitor event, or a special event use case does not flood the network with UEs all attempting to access the Open Access Network Slice at the same time. In some embodiments a GSMA Slice Parameter in NG. 116 can be employed to throttle the maximum number of UEs that are allowed to access an Open Access Network Slice.
Security aspects for the Open Access Network Slice are a further architectural concern. The design and implementation of the system should have the Open Access Network Slice security isolated from other resources for normal Non-public Network (NPN) operation when the Open Access Network Slice is deployed to a private network. In 3GPP SA3 there are mechanisms for network slicing authentication & access control. One of the key aspects of an Open Access Network Slice is that in some embodiments a UE access is limited such that it is defined to only go to fixed endpoints. When a UE is on an Open Access  Network Slice this end point limitation, by itself, will greatly limit what the UE can do on this kind of special slice. The fixed endpoint embodiments further serve to restrict where the UE can access and potentially the activities or applications or functions it can access. In some embodiments the fixed endpoint can be configured to perform special limited functions to handle the UE. Additional restrictions in some embodiments can be employed to further isolate or restrict the user such that they can only use limited resources and avoid from impacting original business operations or system performance.
For example, if an event visitor Open Access Network Slice is created, it can be configured with a single dedicated endpoint which is a visitor manager application whose only purpose is to record that a user or UE registered in a particular location. Another example can be an application server, if a UE attached to this Open Access Network Slice, then the sole purpose of the application server could be to download an application to the UE.Thus, the scope and reach of what the UE is able to do at the fixed endpoint serves to limit the scope of what the user can do, which offers security and isolation from the rest of the network.
For an open access network slice system to work, the UE must know to use the open access network slice. As discussed herein this could be implemented by the new SST value that could be selected by the UE.
In some embodiments the UE can be configured such that the UE should try other available slices first before attaching to an open access network slice. If there are other available network slices to which the UE has access and is authorized to use the UE should try those slices first.
The reason for this prioritization of slices with the open access network slice with a low priority is that the open access network slice would be generally used for special corner case situations. For example, if there is an emergency open access network slice, typical network management would want the UE to try other available network slices or networks before trying the emergency network.
A further reason is, if the UE is accessing a SNPN private network, it would be preferable that the UE is configured to first attempt to attach to the SNPN network normally. The UE then should only use the SNPN on an open access network slice as an exception. Also, generally the network should be configured to provide business priority to the normal users of the SNPN network before other visitor UEs.
A deployment aspect of an example implementation is shown in Figure 8. In this example is shown the management layer 801 with a suitable management system function (ManagementSystem) 803. Furthermore, is shown a 5G core network 811. Within the 5G core network 811 is an access and mobility function (AMF) 813, session management function (SMF) 815 and user plane function (UPF) 817. Additionally, is shown the 5G RAN  layer 821 and within it an example gNB 823. Finally, is shown a device layer 831 with a UE 833.
Figure 8 shows the open access network slice (OANS) deployment 851.
Initially the ManagementSystem function 803 can be configured to receive a request to allocate a slice to an open access network slice (OANS) as shown in Figure 8 by step 861.
Then the ManagementSystem function 803 can be configured to allocate resources for the OANS based on service requirement (e.g. open access network slice indicator S-NSSI, coverage area, max number of UEs, time isolation requirement) as shown in Figure 8 by step 863.
Following on, the ManagementSystem function 803 can be configured to configure the 5G core network functions (for example AMF, SMF, UPF, etc) to support the OANS. For example, this can be in the form of setting the open access network slice indicator, S-NSSAI, QoS, service limit, endpoint, etc. as shown in Figure 8 by step 865.
Also, the ManagementSystem function 803 can be configured to configure the RAN layer. For example, this can involve configuring the gNB to support OANS, and involve providing the S-NSSAI, open access network slice indicator etc as shown in Figure 8 by step 867.
The call processing or OANS operation aspect of an example implementation is shown in Figure 9. In this example is also shown the management layer 801 with a suitable management system function (ManagementSystem) 803. Furthermore, is shown a 5G core network 811. Within the 5G core network 811 is an access and mobility function (AMF) 813, session management function (SMF) 815 and user plane function (UPF) 817. Additionally, is shown the 5G RAN layer 821 and within it an example gNB 823. Finally, is shown a device layer 831 with a UE 833.
Figure 9 shows the call processing or OANS operation 841.
In some embodiments the gNB 823 is configured to broadcast the PLMNId, NAI and other indicators as shown in Figure 9 by step 871.
The UE 833 can then be configured to select a PLMN/NPN for network registration as shown in Figure 9 by step 873.
The UE 833 can further register (via the gNB 823) to the 5G network with the Open Access Network Slice S-NSSAI as shown in Figure 9 by step 875.
The AMF 813 can then be configured to validate the S-NSSAI and admits the registration request (and in some embodiments the admission is based on the max number of UEs having not been reached) as shown in Figure 9 by step 877. The validation can, for example, be determining a match between a request slice/service type value and a defined network slice/service type value for the open access network slice or determining a match  between the request slice/service type and slice differentiator value and the defined single network slice selection assistance information value.
The AMF 813, in some embodiments, is configured to send (via the gNB 823) the registration response to the UE 833 as shown in Figure 9 by step 879.
The UE 833 can then be configured (via the gNB 823, AMF 813) to set up a PDU session on the Open Access Network Slice as shown in Figure 9 by step 881.
The SMF 815 can then be configured to acknowledge (via the AMF 813, gNB 823) the successful creation of the PDU session towards the UE 833 as shown in Figure 9 by step 883.
Then the UE 833 (via the gNB 823, and the UPF 817) starts a user plane data connection to a dedicated endpoint as shown in Figure 9 by step 885.
An example universal modelling language implementation of the open access network slice, and which can be used to generate the embodiments such as shown with respect to Figures 8 and 9 can be as follows:
Figure PCTCN2021128218-appb-000001
Figure PCTCN2021128218-appb-000002
The advantages associated with the implementation of the embodiments described herein of the Open Access Network Slice are that it allows a device (UE) entry into a network without authentication. This confers the benefit of granting access to a UE when it would otherwise be unable to access a network. There is no other general way that a UE would be able to gain open access to network without this invention.
Thus, for example in an emergency situation, the Open Access Network Slice provides a solution for critical emergency cases where UE initiates an emergency call (911) while in a S/PNI NPN network that is unavailable. This would allow a UE in an area that is experiencing an emergency to access the network during that situation.
Although current standards contain special provisions to try to handle emergency cases the embodiments described herein enable the handling of emergency cases in a more generalized manner.
Thus, in a situation where some elements of a RAN network have become unavailable, the Open Access Network Slice can be used to allow open access to normally restricted parts of the network, such as a SNPN system, with limited side effects on the network as a whole. With respect to Figure 10 there is shown an example flow diagram where a UE is trying to gain access to a network during an emergency using a network according to some embodiments.
The UE 1000 in this example initiates an emergency call as shown in Figure 10 by step 1001.
However, it is experiencing limited access to the system and enters a Limited Access State as shown in Figure 10 by step 1005.
The AMF 1004 has been configured with Emergency Configuration Data as shown in Figure 10 by step 1003.
The PLMN 1002 furthermore can be configured to broadcast the network identity as shown in Figure 10 by step 1007.
The UE 1000 is then configured to register with the network with its SUPI and NAI as shown in Figure 10 by step 1009.
The UE 1000 furthermore generates and sends a service request to the PLMN 1002 as shown in Figure 10 step 1011, furthermore the UE sends no slicing parameters while it is in an emergency state as shown in Figure 10 by step 1013.
The subscription verification is allowed as shown in Figure 10 by step 1015 because the AMF 1004 allows for entry during a limited access state.
The AMF 1004, as shown in Figure 10 by step 1017, is configured to send an emergency services support indicator.
The PLMN 1002 is configured to establish an Emergency PDU session as shown in Figure 10 by step 1019.
Thus, in these embodiments the UE does enter limited access state but due to the ground rules for a SNPN private network it would normally not be allowed admittance. With an Open Access Network Slice, it would be allowed admittance to a special emergency center fixed endpoint.
A further example application of the embodiments as described herein is in a visitor situation where a UE needs temporary access in a network. The Open Access Network Slice embodiments described herein have the advantage that it allows the UE access to the network when the UE would normally not have another way to have access to the network. The Open Access Network Slice is described herein allows an event designer to allow for a  way for an enterprise or network to create special open access slices for a variety of purposes. As discussed herein a second level authentication and authorization could optionally be applied on application level.
For example, there might be a special event that the service provider is hosting, VIP guests, or the enterprise SNPN might wish to setup a guest “lane” in their network. This case would also handle an employee who is visiting from another country to the network. This would be an Open Access Network Slice with a visitor management fixed endpoint to handle guests. For example, an industry 4.0 factory may be configured to permit access to a drone or autonomous vehicle which has travelled from another location. The drone or autonomous vehicle can for example require temporary access to the network to complete the delivery process and then will leave.
Additional situations wherein the embodiments described herein can be implemented are a special event, or a visitor tourist site, an enterprise hosting an event where ‘foreign’ UEs are desired to be admitted into the network temporarily. A control mechanism to manage the maximum number of guests in specific area can be implemented as described herein to avoid flooding the network (which could degrade the availability of the whole network) . Furthermore, in some embodiments an additional second authentication can be implemented (as also discussed herein) .
The situation is shown with respect to the example in Figure 11. In this example there is shown a public network 1101 with nodes (gNB) 1125 and 1123. Furthermore, the example shows a delivery drone 1151 which has a package that the delivery drone 1151 needs to deliver to an industry 4.0 factory 1109. The factory 1109 operates a S-NPN type private network 1107 within which there are nodes (gNB or other suitable access nodes) 1105 and 1115. In this example only UEs that have been programmed to allow access to S-NPN networks will gain access to the network. Other UEs are normally restricted from gaining access. In this situation, the drone 1151 is an affiliate of this enterprise, but perhaps the enterprise wishes to only to grant the drone access on the open access slice as it knows that the delivery drone will only need access to the network for a few minutes. In such a situation the drone is configured to communicate 1139 with a fixed end point 1037 accessed using the open access network slice 1133 based on the configuration information 1135.
In some situations, the Drone UE 1151 may become damaged or have a software issue and does not have the normal credentials to enter the factory in the SNPN network credibly. In either of these two cases, the delivery drone UE 1151 can be configured to gain access to the Open Access Network Slice which is essentially a “temporary guest network slice” . This would enable data access with respect to the fixed endpoint 1037 in the network 1031 which has been specially setup to handle visitors and damaged drones.
The apparatuses may comprise or be coupled to other units or modules etc., such as radio parts or radio heads, used in or for transmission and/or reception. Although the apparatuses have been described as one entity, different modules and memory may be implemented in one or more physical or logical entities.
It is noted that whilst some embodiments have been described in relation to 5G networks, similar principles can be applied in relation to other networks and communication systems. Therefore, although certain embodiments were described above by way of example with reference to certain example architectures for wireless networks, technologies and standards, embodiments may be applied to any other suitable forms of communication systems than those illustrated and described herein.
It is also noted that while the above describes example embodiments, there are several variations and modifications which may be made to the disclosed solution without departing from the scope of the present invention.
In general, the various embodiments may be implemented in hardware or special purpose circuitry, software, logic or any combination thereof. Some aspects of the disclosure may be implemented in hardware, while other aspects may be implemented in firmware or software which may be executed by a controller, microprocessor or other computing device, although the disclosure is not limited thereto. While various aspects of the disclosure may be illustrated and described as block diagrams, flow charts, or using some other pictorial representation, it is well understood that these blocks, apparatus, systems, techniques or methods described herein may be implemented in, as non-limiting examples, hardware, software, firmware, special purpose circuits or logic, general purpose hardware or controller or other computing devices, or some combination thereof.
As used in this application, the term “circuitry” may refer to one or more or all of the following:
(a) hardware-only circuit implementations (such as implementations in only analog and/or digital circuitry) and
(b) combinations of hardware circuits and software, such as (as applicable) :
(i) a combination of analog and/or digital hardware circuit (s) with software/firmware and
(ii) any portions of hardware processor (s) with software (including digital signal processor (s) ) , software, and memory (ies) that work together to cause an apparatus, such as a mobile phone or server, to perform various functions) and
(c) hardware circuit (s) and or processor (s) , such as a microprocessor (s) or a portion of a microprocessor (s) , that requires software (e.g., firmware) for operation, but the software may not be present when it is not needed for operation. ”
This definition of circuitry applies to all uses of this term in this application, including in any claims. As a further example, as used in this application, the term circuitry also covers an implementation of merely a hardware circuit or processor (or multiple processors) or portion of a hardware circuit or processor and its (or their) accompanying software and/or firmware. The term circuitry also covers, for example and if applicable to the particular claim element, a baseband integrated circuit or processor integrated circuit for a mobile device or a similar integrated circuit in server, a cellular network device, or other computing or network device.
The embodiments of this disclosure may be implemented by computer software executable by a data processor of the mobile device, such as in the processor entity, or by hardware, or by a combination of software and hardware. Computer software or program, also called program product, including software routines, applets and/or macros, may be stored in any apparatus-readable data storage medium and they comprise program instructions to perform particular tasks. A computer program product may comprise one or more computer-executable components which, when the program is run, are configured to carry out embodiments. The one or more computer-executable components may be at least one software code or portions of it.
Further in this regard it should be noted that any blocks of the logic flow as in the Figures may represent program steps, or interconnected logic circuits, blocks and functions, or a combination of program steps and logic circuits, blocks and functions. The software may be stored on such physical media as memory chips, or memory blocks implemented within the processor, magnetic media such as hard disk or floppy disks, and optical media such as for example DVD and the data variants thereof, CD. The physical media is a non-transitory media.
The memory may be of any type suitable to the local technical environment and may be implemented using any suitable data storage technology, such as semiconductor-based memory devices, magnetic memory devices and systems, optical memory devices and systems, fixed memory and removable memory. The data processors may be of any type suitable to the local technical environment, and may comprise one or more of general-purpose computers, special purpose computers, microprocessors, digital signal processors (DSPs) , application specific integrated circuits (ASIC) , FPGA, gate level circuits and processors based on multi core processor architecture, as non-limiting examples.
Embodiments of the disclosure may be practiced in various components such as integrated circuit modules. The design of integrated circuits is by and large a highly automated process. Complex and powerful software tools are available for converting a logic level design into a semiconductor circuit design ready to be etched and formed on a semiconductor substrate.
The scope of protection sought for various embodiments of the disclosure is set out by the independent claims. The embodiments and features, if any, described in this specification that do not fall under the scope of the independent claims are to be interpreted as examples useful for understanding various embodiments of the disclosure.
The foregoing description has provided by way of non-limiting examples a full and informative description of the exemplary embodiment of this disclosure. However, various modifications and adaptations may become apparent to those skilled in the relevant arts in view of the foregoing description, when read in conjunction with the accompanying drawings and the appended claims. However, all such and similar modifications of the teachings of this disclosure will still fall within the scope of this invention as defined in the appended claims. Indeed, there is a further embodiment comprising a combination of one or more embodiments with any of the other embodiments previously discussed.
.

Claims (18)

  1. An apparatus comprising means for providing a network slice with a defined one of:
    slice/service type value; or
    a slice/service type and slice differentiator value,
    the network slice configured to permit a communications device to conditionally access at least one service through the network slice without authentication and credentials.
  2. The apparatus as claimed in claim 1, wherein the means is further for providing at least one default network slice that the communications device does not belong to and through which communication devices attempt to access services.
  3. The apparatus as claimed in any of claims 1 or 2, wherein the means for providing the network slice with the defined slice/service type value or defined slice/service type and slice differentiator value, the network slice configured to permit the communications device to conditionally access at least one service through the network slice without authentication and credentials is for allocating resources for the network slice, and wherein the means for allocating resources for the network slice is further for determining one of:
    a slice/service type value for the network slice; or
    a slice/service type and slice differentiator value for the network slice.
  4. The apparatus as claimed in claim 3, wherein the means for allocating resources for the network slice is further for determining at least one of:
    a coverage area for the network slice;
    a maximum number of communications devices which can use the network slice; and
    a temporary grant time period for the network slice;
    an isolation value requirement setting for the network slice;
    a service limit for the network slice; and
    an endpoint for the network slice.
  5. The apparatus as claimed in any of claims 1 to 4, wherein the means for providing the network slice with the defined slice/service type value or the defined slice/service type and slice differentiator value, the network slice configured to permit the communications device to conditionally access at least one service through the network slice without authentication and credentials is for generating information for configuring at least one core network apparatus to support the network slice, wherein the means for generating  information for configuring the at least one core network apparatus to support the network slice is for determining one of:
    an open access network slice indicator for the network slice;
    a slice/service type value for the network slice; or
    a slice/service type and slice differentiator value for the network slice.
  6. The apparatus as claimed in claim 5, wherein the means for generating information for configuring the at least one core network apparatus to support the network slice is for determining at least one of:
    a coverage area for the network slice;
    a maximum number of communications devices;
    a quality-of-service requirement for the network slice;
    a service limit for the network slice;
    an endpoint for the network slice;
    a temporary grant time period for the network slice; and
    an isolation requirement for the network slice.
  7. The apparatus as claimed in any of claims 1 to 6, wherein the means for providing the network slice with the defined slice/service type value or the defined slice/service type and slice differentiator value, the network slice configured to permit the communications device to conditionally access at least one service through the network slice without authentication and credentials is for generating information for configuring at least one radio access network apparatus to support the network slice, wherein the means for generating information for configuring the at least one radio access network apparatus to support the network slice is for determining one of:
    an open access network slice indicator for the network slice;
    a slice/service type value for the network slice; or
    a slice/service type and slice differentiator value for the network slice.
  8. The apparatus as claimed in claim 7, wherein the means for generating information for configuring the at least one radio access network apparatus to support the network slice is for determining at least one of:
    a slice differentiator value for the network slice;
    a quality-of-service requirement for the network slice;
    a service limit for the network slice defining a maximum number of communications devices which can use the network slice; and
    an isolation value requirement for the network slice.
  9. The apparatus as claimed in claim 1, wherein the means for providing the network slice with the defined slice/service type value or the defined slice/service type and slice differentiator value, the network slice configured to permit the communications device to conditionally access at least one service through the network slice without authentication and credentials is for:
    obtaining information for supporting the network slice, the information comprising one of:
    the defined network slice/service type value; or
    the slice/service type and slice differentiator value; and
    obtaining via at least one radio access network apparatus a request from the communications device to access the network slice, the request comprising one of:
    a request slice/service type value; or
    a request slice/service type and slice differentiator value;
    validating the request, wherein the validating the request is for:
    determining a match between the requested slice/service type value and the defined network slice/service type value; or
    determining a match between the requested slice/service type and slice differentiator value and the defined single network slice selection assistance information value; and
    generating a registration response based on the validation.
  10. The apparatus as claimed in claim 9, wherein the means for validating the request is further for bypassing communicating with at least one unified data management function to validate subscription information associated with the communications device, when there is a match between the requested slice/service type value and the defined network slice/service type value or there is a match between the requested slice/service type and slice differentiator value and the defined requested slice/service type and slice differentiator value.
  11. The apparatus as claimed in any of claims 9 or 10, wherein the means for validating the request is further for the Access and Mobility Management Function bypassing a validation communication with at least one unified data management function for validating subscription information associated with the communications device when there is a match between the requested slice/service type value and the defined network slice/service type value or a match between the requested slice/service type and slice differentiator value and the defined slice/service type and slice differentiator value.
  12. The apparatus as claimed in claim 1, wherein the apparatus comprises a radio access network apparatus, and the means for providing the network slice with the defined one of: slice/service type value; or a slice/service type and slice differentiator value is for:
    obtaining information for supporting the network slice, the information comprising one of:
    an open access network slice indicator for the network slice;
    the defined slice/service type value; or
    the defined slice/service type and slice differentiator value; and
    generating information for enabling the at least one communications device to request access to the network slice, the information comprising at least one network access identifier associated with the network slice.
  13. The apparatus as claimed in claim 1, wherein the apparatus comprises a communication device apparatus, and the means for providing the network slice with the defined one of: slice/service type value; or a slice/service type and slice differentiator value is for:
    obtaining information for enabling the communications device apparatus to attempt to access at least one default network slice which the communications device apparatus may or may not belong to and may or may not be permitted to access;
    obtaining information for enabling the communications device apparatus to access the network slice comprising the defined slice/service type value or the defined slice/service type and slice differentiator value;
    generating a request to access the network slice, the request comprising one of: the defined slice/service type value or the defined slice/service type and slice differentiator value;
    obtaining a response for access to the network slice based on the request being validated;
    requesting and obtaining a protocol data unit session on the network slice; and
    requesting and obtaining a user plane data connection to a fixed endpoint.
  14. The apparatus as claimed in claim 13, wherein the communications device apparatus is further for:
    generating a default network slice access request for attempting to access the at least one default network slice which the communications device apparatus may or may not belong to and may or may not be permitted to access prior to generating the request to access the network slice; and
    generating the request to access the network slice when the attempt to access the default network slice fails.
  15. The apparatus as claimed in claim 14, wherein the at least one network slice is one of:
    part of a stand-alone non-public network; or
    public-network integrated non-public network; or
    part of a public network.
  16. The apparatus as claimed in claim 14, wherein the means for generating a request to access the network slice is for:
    determining the at least one service is only accessible at a fixed endpoint through the network slice; and
    generating the request.
  17. A method comprising providing a network slice with a defined one of:
    slice/service type value; or
    a slice/service type and slice differentiator value,
    the network slice configured to permit a communications device to conditionally access at least one service through the network slice without authentication and credentials.
  18. An apparatus comprising at least one processor and at least one memory including a computer program code, the at least one memory and computer program code configured to, with the at least one processor, cause the apparatus at least to:
    provide a network slice with a defined one of:
    slice/service type value; or
    a slice/service type and slice differentiator value,
    the network slice configured to permit a communications device to conditionally access at least one service through the network slice without authentication and credentials.
PCT/CN2021/128218 2021-11-02 2021-11-02 Method, apparatus, and computer program WO2023077273A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/CN2021/128218 WO2023077273A1 (en) 2021-11-02 2021-11-02 Method, apparatus, and computer program

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2021/128218 WO2023077273A1 (en) 2021-11-02 2021-11-02 Method, apparatus, and computer program

Publications (1)

Publication Number Publication Date
WO2023077273A1 true WO2023077273A1 (en) 2023-05-11

Family

ID=86240467

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/128218 WO2023077273A1 (en) 2021-11-02 2021-11-02 Method, apparatus, and computer program

Country Status (1)

Country Link
WO (1) WO2023077273A1 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108012267A (en) * 2016-10-31 2018-05-08 华为技术有限公司 A kind of method for network authorization, relevant device and system
US20200359224A1 (en) * 2019-05-09 2020-11-12 T-Mobile Usa, Inc. 5g cell multi-carrier neutrality network slice support
CN112313999A (en) * 2018-06-18 2021-02-02 诺基亚技术有限公司 Method and apparatus for controlling access to a hosted virtual network using a network identifier

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108012267A (en) * 2016-10-31 2018-05-08 华为技术有限公司 A kind of method for network authorization, relevant device and system
CN112313999A (en) * 2018-06-18 2021-02-02 诺基亚技术有限公司 Method and apparatus for controlling access to a hosted virtual network using a network identifier
US20200359224A1 (en) * 2019-05-09 2020-11-12 T-Mobile Usa, Inc. 5g cell multi-carrier neutrality network slice support

Similar Documents

Publication Publication Date Title
US10505718B1 (en) Systems, devices, and techniques for registering user equipment (UE) in wireless networks using a native blockchain platform
CN107615732B (en) Method for admitting session into virtual network and mobility management function entity
WO2017012402A1 (en) Method of selecting network slice and system utilizing same
US20200296142A1 (en) User Group Establishment Method and Apparatus
US8880688B2 (en) Apparatus and method for providing profile of terminal in communication system
US20200396298A1 (en) Method and apparatus for zero-touch bulk identity assignment, provisioning and network slice orchestration for massive iot (miot) deployments
WO2021203827A1 (en) Communication method and apparatus
US11252654B2 (en) Systems and methods for user-specific slice configuration for an application
WO2018045983A1 (en) Information processing method and device, and network system
CN116325811A (en) Method and device for dynamically triggering instantiation of edge application server
CN113473569B (en) Discovery method of application server and related device
CN115835202A (en) Authentication method and system
CN115701162A (en) Managing mutually exclusive access to network slices
WO2023077273A1 (en) Method, apparatus, and computer program
JP6503420B2 (en) Wireless communication terminal authentication control device, wireless communication terminal authentication control system, wireless communication terminal authentication control method, and program
US20230021843A1 (en) Providing cybersecurity services by a network and automated provisioning thereof
US20220141643A1 (en) Hierarchical Database Architecture for Subscriber Credential Management in Enterprise Networks
WO2019220002A1 (en) Authentication in public land mobile networks comprising tenant slices
CN113015095A (en) Method and system for matching terminal and UPF
CN113383564A (en) Controlling an operation mode of a communication network
US20190253960A1 (en) Intelligent network selection
CN111464324A (en) Secure communication method, device and system
CN117478431B (en) Industrial Internet of things control method based on trusted network
US20230397091A1 (en) Network slicing group
US20230397088A1 (en) Unified access control with network slice grouping

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21962794

Country of ref document: EP

Kind code of ref document: A1