WO2023150721A1 - Architecture de sécurité basée sur la sécurité de couche de transport mutuelle (mtls) de sixième génération (6g) entre un équipement d'utilisateur (ue) et un réseau 6g - Google Patents

Architecture de sécurité basée sur la sécurité de couche de transport mutuelle (mtls) de sixième génération (6g) entre un équipement d'utilisateur (ue) et un réseau 6g Download PDF

Info

Publication number
WO2023150721A1
WO2023150721A1 PCT/US2023/061993 US2023061993W WO2023150721A1 WO 2023150721 A1 WO2023150721 A1 WO 2023150721A1 US 2023061993 W US2023061993 W US 2023061993W WO 2023150721 A1 WO2023150721 A1 WO 2023150721A1
Authority
WO
WIPO (PCT)
Prior art keywords
socf
network
authentication
csf
service
Prior art date
Application number
PCT/US2023/061993
Other languages
English (en)
Inventor
Abhijeet Kolekar
Zongrui DING
Qian Li
Puneet Jain
Alexandre Saso STOJANOVSKI
Thomas Luetzenkirchen
Sudeep Palat
Ching-Yu Liao
Sangeetha L. Bangolae
Meghashree Dattatri Kedalagudde
Original Assignee
Intel Corporation
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Intel Corporation filed Critical Intel Corporation
Publication of WO2023150721A1 publication Critical patent/WO2023150721A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/0806Configuration setting for initial configuration or provisioning, e.g. plug-and-play
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/50Network service management, e.g. ensuring proper service fulfilment according to agreements
    • H04L41/5041Network service management, e.g. ensuring proper service fulfilment according to agreements characterised by the time relationship between creation and deployment of a service
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/166Implementing security features at a particular protocol layer at the transport layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • H04L9/3273Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response for mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • H04W12/084Access security using delegated authorisation, e.g. open authorisation [OAuth] protocol
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0894Policy-based network configuration management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0895Configuration of virtualised networks or elements, e.g. virtualised network function or OpenFlow elements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • H04L43/0852Delays
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • H04L43/0876Network utilisation, e.g. volume of load or congestion level

Definitions

  • Various embodiments generally may relate to the field of wireless communications. For example, some embodiments may relate to security between a user equipment (UE) and an element of a sixth generation (6G) cellular network.
  • UE user equipment
  • 6G sixth generation
  • Various embodiments generally may relate to the field of wireless communications.
  • Figure 1 illustrates an example of an application offloading use case, in accordance with various embodiments.
  • FIG. 2 illustrates an example of a fifth generation (5G) edge computing architecture, in accordance with various embodiments.
  • Figure 3 illustrates an example mapping of a possible 6G architecture to a 5G edge architecture, in accordance with various embodiments.
  • Figure 4 illustrates an example architecture for communication between a UE and an element of a cellular network, in accordance with various embodiments.
  • FIG. 5 depicts an example 6G compute and communication architecture, in accordance with various embodiments.
  • FIG. 6 depicts an example authentication and authorization framework for mutual transport layer security (mTLS) between a UE and a cellular network, in accordance with various embodiments.
  • mTLS mutual transport layer security
  • Figure 7 depicts an example technique related to selection of security method(s) to be used in or between a UE and compute control function (Comp CF), in accordance with various embodiments.
  • Figure 8 depicts an example technique related to authentication and protection using transport layer security pre-shared key (TLS-PSK), in accordance with various embodiments.
  • TLS-PSK transport layer security pre-shared key
  • Figure 9 depicts an example of authentication and protection using certificate-based mutual authentication, in accordance with various embodiments.
  • Figure 10 depicts an example of authentication and protection using access tokens, in accordance with various embodiments.
  • Figure 11 schematically illustrates a wireless network in accordance with various embodiments.
  • Figure 12 schematically illustrates components of a wireless network in accordance with various embodiments.
  • Figure 13 is a block diagram illustrating components, according to some example embodiments, able to read instructions from a machine-readable or computer-readable medium (e.g., a non-transitory machine-readable storage medium) and perform any one or more of the methodologies discussed herein.
  • a machine-readable or computer-readable medium e.g., a non-transitory machine-readable storage medium
  • Figure 14 provides a high-level view of an Open RAN (0-RAN) architecture, in accordance with various embodiments.
  • Figure 15 shows an O-RAN logical architecture corresponding to the 0-RAN architecture of Figure 14, in accordance with various embodiments.
  • Figure 16 illustrates a network in accordance with various embodiments.
  • Figure 17 depicts an example procedure for practicing the various embodiments discussed herein.
  • Figure 18 depicts an alternative example procedure for practicing the various embodiments discussed herein.
  • Figure 19 depicts an alternative example procedure for practicing the various embodiments discussed herein.
  • Modem cloud computing has become extremely popular to provide computing/storage capability to customers who can focus more on software (SW) development and data management without needing to address the underlying infrastructure.
  • Edge computing may extend this capability closer to the customers to optimize performance metrics such as latency.
  • the 5G architecture design may consider these scenarios and develop a set of edge computing enablers and anchor points (e.g., Uplink Classifier (UL CL)), multi-homed protocol data unit (PDU) session with branching point (BP) to offload data traffic (and computing tasks) to different data networks.
  • UL CL Uplink Classifier
  • PDU multi-homed protocol data unit
  • BP branching point
  • This computing offloading may also be considered a key use case in Multi-access Edge Computing (MEC), as it exploits edge computation capabilities by enabling the usage of low-end terminals for huge tasks also provides benefits in terms of energy consumption at the terminal side.
  • MEC Multi-access Edge Computing
  • computation offloading may be performed at the application level above the operating system (OS) and modeled
  • This MEC use case may be used for especially computation-hungry applications such as graphical rendering (highspeed browser, artificial reality, 3D game, etc.), intermediate data- processing (sensor data cleansing, video anall3ing, etc.), and value-added services (translation, log analytics, etc.).
  • Computation offloading may be considered to be an enabler in beyond 5G (B5G) systems toward 6G, where MEC and its evolutions may be beneficial.
  • Augmented computing across a user equipment (UE) and a radio access network (RAN) or dynamic workload offloading allows a compute task to be dynamically offloaded and executed on the network computing infrastructure with low latency and better computing scaling.
  • UE user equipment
  • RAN radio access network
  • VNFs virtualized network functions
  • CNFs containerized network functions
  • the legacy 5G architecture may be designed for data communication at the application level, and may not consider these considerations; therefore, the network may still not address these computing scenarios that are needed for the evolution toward 6G mobile networks.
  • FIG. 3 An example 6G architecture, with mapping to a 5G architecture, is shown above in figure 3. It will be noted that the 6G architecture described herein may work within the Operator trust domain while the legacy 5G architecture may have different trust domains. Interfaces for the 6G network may be different than 5G interfaces and reference points.
  • Figure 4 illustrates an example architecture for communication between a UE and an element of a cellular network, in accordance with various embodiments.
  • a client service function (CSF) at the UE side may enable the UE to request dynamic workload migration to the RAN/core network (CN) to offload a compute task.
  • Computing CSF may generate and manage the information related to dynamic workload migration such as identifiers, description, and status of the computing task, metadata for the requirements of a compute task, metadata about how to handle the compute task at the network.
  • a service orchestration and chaining function (SOCF) in the RAN or CN may interact with Comp CSF at the UE side.
  • Other RAN/CN functions may accept a compute task to be offloaded based on RAN/CN compute resource status, channel conditions, compute rules.
  • Policies may be used to select a Comp service function (SF) to handle the compute task generate and manage computing context information in a centralized unit (CU) and/or distributed unit (DU) for appropriate routing to generate and manage computing context information in Comp SF to handle the compute task.
  • CU centralized unit
  • DU distributed unit
  • a Comp SF in the RAN may interact with Comp CF, and other RAN functions may report a compute task's status generates charging-related information for offloading a compute task.
  • a Comp CSF at the UE side may enable the UE to request dynamic workload migration to the RAN to offload a compute task.
  • Comp CSF may also generate and manage the information related to dynamic workload migration such as identifiers, description and status of the compute task, metadata for the requirements of a compute task, and/or metadata about how to handle the compute task at the network.
  • a Comp CF in the RAN may interact with the Comp CSF at the UE side and/or other RAN functions to accept a compute task to be offloaded to the RAN based on information such as RAN compute resource status, channel conditions, compute rules and policies, select a Comp SF to handle the compute task, generate and manage computing context information in CU and DU for appropriate routing, generate and manage computing context information in Comp SF to handle the compute task, etc.
  • a Comp SF in the RAN/CN may interact with Comp CF and/or other RAN functions to report a compute task's status to generate charging-related information for offloading a compute task.
  • a 6G architecture (for example as depicted in Figure 5) may be mapped as follows:
  • - Edge enabler server may further split and evolve to SOCF and Comp CF for orchestration and chaining.
  • - Edge configuration server ECS
  • SOEF service orchestration exposure function
  • SOCF may act as service frontend for 6G.
  • NAS non-access stratum
  • HTTP hypertext transfer protocol
  • security for such an architecture may be as follows:
  • Orchestration/Offload is per subscriber and per application, i.e., per subscription permanent identifier (SUPI);
  • AID Application identifier
  • NAS Based Protocol Anchor Key used for protecting NAS security can be used to further derive additional/al ternative keys.
  • HTTP protocol if the HTTP message is between UE and SOCF without going through the access and mobility management function (AMF), a security mechanism is needed because NAS-level security can't be reused.
  • AMF access and mobility management function
  • HTTP-like protocol between UE/ Application layer and SOCF, one or more of the following may exist:
  • malicious 6G CSF may receive a list of 6G COMP SF/SOCF configuration information.
  • the received information may reveal Service/application provider topology (e.g., uniform resource identifier (URI), fully qualified domain name (FQDN), internet protocol (IP) address, local area data network LADN service information, application server functionality, application programming interface (API) type, and protocols).
  • URI uniform resource identifier
  • FQDN fully qualified domain name
  • IP internet protocol
  • LADN service information e.g., local area data network LADN service information
  • API application programming interface
  • 6G SOCF may hide the topology and provisioning information between the trust domain of each application. Without such access control and hidden topology, a malicious application client may access other 6G Comp CF/SOCF and Application servers.
  • 6G SOCF may provide mutual authentication with 6G CSF.
  • SOCF may determine whether 6G CSF is authorized to access services offered by 6G SOCF.
  • Embodiments herein relate to use of mutual transport layer security (mTLS) as one of the options to mutually authenticate UE and SOCF.
  • Embodiments may also relate to options for negotiating security protocols between UE and Comp CF/SOCF.
  • mTLS may be used to provide integrity protection, replay protection, and confidentiality protection.
  • Mutual authentication based on client and server certificates may occur between the 6G SOCF and the 6G CSF, using transport layer security (TLS). Certificate-based authentication may follow the profiles given in 3GPP TS 33.310, subclauses 6.1.3a and 6.1.4a.
  • Security profiles for TLS implementation and usage may follow the provisions given in TS 33.310, Annex E.
  • Embodiments may include two or more options for authentication, authorization, and accounting (AAA) servers. Also, embodiments may relate to negotiating the type of protocol used for securing the transport.
  • AAA authentication, authorization, and accounting
  • Embodiments described herein may be applied between UE and Network functions, e.g., in distributed NAS case where LIE performs point-to-point connection to an NF (e.g., AMF, SMF, UPF), each instance may have separate security contexts using procedures described herein.
  • NF e.g., AMF, SMF, UPF
  • the procedure may include one or more of the following elements, as depicted, for example, in Figure 6. It will be noted that this technique is intended as an example techniques, and other embodiments or techniques may include one or more additional or alternative elements:
  • Element 0 UE pre-configuration: The 6G SOCF provides 6G COMP CF/SOCF configuration information of a mobile network operator (MNO). If a non-MNO entity deploys the 6G SOCF, the 6G SOCF endpoint address may be configured with the 6G CSF. A 6G CSF is aware of multiple 6G SOCF endpoint addresses and may perform the service provisioning procedure per 6G SOCF multiple times.
  • MNO mobile network operator
  • Element 1 Primary Authentication: The UE may perform primary authentication with the network.
  • Elements 2a, 2b HTTP/PDU session: As a result of UE initiating the service provisioning procedure with the 6G SOCF, the UE may establish an HTTP session.
  • Option 1 AMF through SMF may continue the HTTP session, and 6G SOCF may act as AAA Server.
  • the AMF may select a network slice-specific authentication and authorization function (NSSAAF), which may act as an AAA Server.
  • NSSAAF network slice-specific authentication and authorization function
  • Element 3 After successful UE-requested HTTP service Session Establishment and authentication/authorization by an option 1 option 2 AAA server, the device discovers and connects with the 6G COMP CF/SOCF.
  • the 6G CSF may send an Initial Provisioning request with Access Token Request message to the 6G SOCF as per the OAuth 2.0 specification.
  • the 6G SOCF may verify the Access Token Request message per OAuth 2.0 specification. If the 6G SOCF successfully verifies the Access Token Request message, the 6G SOCF may generate an access token specific to the 6G CSF and returns it in an Initial Provisioning Response (Access Token Response) message.
  • the 6G CSF may authenticate it to the 6G COMP CF/SOCF by establishing a TLS session with the 6G COMP CF/SOCF based on the Server (6G COMP CF/SOCF) side certificate authentication or certificatebased mutual authentication) as indicated by 6G SOCF.
  • 6G SOCF may provide 6G CSF's root CA certificate during the registration response (as specified in the following clauses) to the 6G COMP CF/SOCF to validate the 6G CSF's certificate.
  • TLS may provide integrity protection, replay protection, and confidentiality protection. It may be desirable to protect and provide the access token to an authentic 6G COMP CF/SOCF.
  • the UE initiates the 6G CSF registration procedure with the 6G COMP CF/SOCF, including the access token obtained from the 6G SOCF.
  • the authorization check for the 6G CSF registration request is performed by verifying the access token issued by the 6G SOCF to the UE.
  • the 6G COMP CF/SOCF obtains the access token validation service from the 6G SOCF.
  • 6G CSF may request a service with an access token obtained.
  • the 6G COMP CF/SOCF validates the access token.
  • the 6G COMP CF/SOCF may verify the integrity of the access token by verifying the 6G SOCF signature. If validation of the access token is successful, the 6G COMP CF/SOCF verifies the 6G CSF's Service request against the authorization claims in the access token, ensuring that the 6G CSF has access permission for the requested service.
  • Example techniques may include the following:
  • the 6G CSF and the 6G SOCF may negotiate a security technique used by the 6G CSF and the 6G COMP CF/SOCF authentication and protection. After successful mutual authentication between 6G CSF and 6G SOCF, based on the 6G COMP CF/SOCF capabilities, the 6G SOCF may choose the security method and sends the chosen security methods along with the information required for authentication of the 6G CSF at the 6G COMP CF/SOCF to the 6G CSF. The information may include the validity time of the credentials. An example of such a technique is depicted in figure 7.
  • the 6G CSF and the 6G SOCF may negotiate a security method used by the 6G CSF and the 6G COMP CF/SOCF for authentication and protection.
  • the 6G SOCF may choose the security method and send the chosen security methods along with the information required for authentication of the 6G CSF at the 6G COMP CF/SOCF to the 6G CSF.
  • the information may include the validity time of the credentials. 1.
  • Mutual authentication based on client and server certificates established using TLS between the 6G CSF and the 6G SOCF. The client certificate that was provided to the 6G CSF as the result of successful onboarding is used
  • the 6G CSF may send security capability information to the 6G SOCF in the Security Method Request message, indicating the list of security methods that the 6G CSF supports for each 6G COMP CF/SOCF.
  • the 6G SOCF select a security method for each requested 6G COMP CF/SOCF, taking into account the information from the 6G CSF in step 2, access scenarios, and 6G COMP CF/SOCF capabilities.
  • the 6G SOCF sends a security method response message to the 6G CSF, indicating the selected security method for each 6G COMP CF/SOCF and any security information related to the security method.
  • the 6G CSF use this communication method with the 6G COMP CF/SOCF.
  • 6G UE/Application layer may be used to provide integrity protection, replay protection, and confidentiality protection.
  • the support of TLS may be optional to use based on the domain administrator's policy to protect interfaces within the trusted domain.
  • the 6G SOCF Based on the selected security method by the 6G SOCF, one or more of the following techniques or procedures of Section 3.1, Authentication and Authorization, below, may be used by the 6G CSF and the 6G COMP CF/SOCF for authentication and protection.
  • the 6G CSF and the 6G COMP CF/SOCF may follow this sub-clause's procedure to establish a dedicated secure session using a TLS connection based on Pre-Shared Key (PSK).
  • PSK Pre-Shared Key
  • Authentication between 6G CSF and 6G SOCF can bootstrap a Pre-Shared key to authenticate a TLS connection between the application client and 6G CompSF. It is assumed that both the 6G CSF and the 6G SOCF are pre-provisioned with certificates.
  • the TLS profile as specified in Annex E of TS 33.310, be used.
  • Figure 8 depicts an example message flow between the 6G CSF, the 6G SOCF, and the 6G COMP CF/SOCF to establish a secure using a pre-shared key for authentication.
  • the message flow may include the following (although other message flows may include additional or alternative elements in other embodiments): 1. Authentication and the secure session is established as described, for example, with respect to Figure 6.
  • the 6G SOCF provides the validity timer value for the key COMPCFPSK.
  • the 6G CSF and the 6G SOCF derive the key COMPCFPSK based on pre-provisioned certificates.
  • the Key COMPCFPSK may bind to a 6G COMP CF/SOCF.
  • the 6G CSF and the 6G SOCF start the validity timer for the key COMPCFPSK.
  • the 6G CSF sends Authentication Initiation Request to the 6G COMP CF/SOCF, including the 6G SOCF assigned 6G CSF ID.
  • elements 1 and 2 may be skipped if the 6G CSF already possesses a valid key COMPCFPSK. In this case, the 6G CSF may begin the procedure in element 3.
  • the 6G COMP CF/SOCF requests for security information from the 6G SOCF to perform authentication and secure interface establishment with the 6G CSF if the 6G COMP CF/SOCF does not have a valid key.
  • the 6G SOCF provides the security information related to the chosen method (TLS-PSK: COMPCFPSK) to the 6G COMP CF/SOCF.
  • the 6G SOCF provides the remaining validity timer value for the key COMPCFPSK.
  • the 6G COMP CF/SOCF After fetching the relevant security information (COMPCFPSK) for the authentication, the 6G COMP CF/SOCF sends the Authentication Initiation Response message to 6G CSF to initiate the TLS session establishment.
  • the 6G COMP CF/SOCF starts the validity timer based on the value received from the 6G SOCF in step 4.
  • the 6G CSF and the 6G COMP CF/SOCF perform mutual authentication using the key COMPCFPSK and establish a TLS session between 6G CSF and 6G COMP CF.
  • the 6G CSF and the 6G COMP CF/SOCF may follow this subclause's procedure to establish dedicated secure sessions between the UE application layer and 6G COMP CF using TLS based on certificate-based mutual authentication.
  • both 6G CSF and 6G COMP CF/SOCF are pre-provisioned with certificates.
  • Figure 9 provides an example message flow between the 6G CSF, the 6G SOCF, and the 6G COMP CF/SOCF related to this security method, although it will be noted that, in other embodiments, the message flow of Figure 9 may include more, fewer, or different elements than are depicted in the example embodiment.
  • 6G CSF ID can be a permanent identifier e.g. UUID unique to per UE. If CSF is virtualized, this ID can be dynamic; in this case, a temporary dynamic ID may be bound to the UE identifier.
  • the 6G COMP CF/SOCF requests security information from the 6G SOCF to perform authentication and secure interface establishment with the 6G CSF.
  • the 6G SOCF provides the security information related to the chosen security method (TLS-PKI) to the 6G COMP CF/SOCF.
  • 6G SOCF may return 6G CSF's root CA certificate for the 6G COMP CF/SOCF to validate the 6G CSF's certificate.
  • 6G COMP CF/SOCF After fetching the relevant security information for the authentication, 6G COMP CF/SOCF sends Authentication Initiation Response message to 6G CSF to initiate the TLS session establishment procedure.
  • the 6G COMP CF/SOCF may authorize the 6G CSF's service API invocation request based on authorization information obtained from 6G SOCF.
  • This technique relates to establishment of the secure channel between UE/ Application Layer and CompCF and between UE CSF and SOCF and uses the OAuth 2.0 token-based mechanism to authorize 6G CSF's service requests to the 6G COMP CF/SOCF.
  • Figure 10 depicts an example security information flow between the 6G CSF, the 6G SOCF, and the 6G COMP CF/SOCF.
  • the 6G CSF, the 6G SOCF, and the 6G COMP CF/SOCF are pre-provisioned with the appropriate credentials and related information to establish a secure session.
  • the 6G SOCF performs the Authorization and token protocol endpoints; the 6G CSF performs the functions of the resource owner, client, and redirection endpoints functionalities, while the 6G COMP CF/SOCF perform the resource server functions.
  • the 6G CSF (Client endpoint) registers confidentially with an authorization grant type of client credentials.
  • Authentication and secure session establishment are performed as specified in subclause 1.1.
  • the 6G CSF After successfully establishing the TLS session, as described in subclause 1.1 of the present document, the 6G CSF sends an Access Token Request message to the 6G SOCF as per the OAuth 2.0 specification. 3. The 6G SOCF verify the Access Token Request message per OAuth 2.0 specification.
  • the 6G SOCF If the 6G SOCF successfully verifies the Access Token Request message, the 6G SOCF generates an access token specific to the 6G CSF and returns it in an Access Token Response message.
  • Elements 1 to 4 may be skipped if the 6G CSF already possesses a valid OAuth access token. In this case, the 6G CSF may begin the procedure in element 5.
  • the 6G CSF may include the 6G SOCF assigned 6G CSF ID and the Onboard Secret token in the OAuth access token request message for the 6G SOCF to validate the access token request.
  • the 6G CSF authenticates to the 6G COMP CF/SOCF by establishing a TLS session with the 6G COMP CF/SOCF based on the authentication and authorization method (i.e., Server (6G COMP CF/SOCF) side certificate authentication or certificate-based mutual authentication) as indicated by 6G SOCF.
  • the following procedure performs before the establishment of the TLS session.
  • the 6G CSF sends Authentication Initiation Request to the 6G COMP CF/SOCF, including 6G CSF ID.
  • the 6G COMP CF/SOCF requests security information from the 6G SOCF to establish authentication and a secure interface with the 6G CSF.
  • the 6G SOCF provides the security information related to the chosen security method (TLS with OAuth token) to the 6G COMP CF/SOCF.
  • the 6G SOCF may return 6G CSF's root CA certificate for the 6G COMP CF/SOCF to validate the 6G CSF's certificate.
  • the 6G COMP CF/SOCF After fetching the relevant security information for the authentication, the 6G COMP CF/SOCF sends an Authentication Initiation Response message to 6G CSF to initiate the TLS session establishment procedure.
  • the 6G CSF initiates other procedures like registration, discovery, deregistration with the 6G COMP CF/SOCF.
  • the access token is sent along with these methods.
  • the 6G COMP CF/SOCF validates the access token.
  • the 6G COMP CF/SOCF verifies the integrity of the access token by verifying the 6G SOCF signature. If validation of the access token is successful, the 6G COMP CF/SOCF verifies the 6G CSF's Service request against the authorization claims in the access token, ensuring that the 6G CSF has access permission for the requested service.
  • FIGS 11-16 illustrate various systems, devices, and components that may implement aspects of disclosed embodiments.
  • FIG 11 illustrates a network 1100 in accordance with various embodiments.
  • the network 1100 may operate in a manner consistent with 3GPP technical specifications for LTE or 5G/NR systems.
  • 3GPP technical specifications for LTE or 5G/NR systems 3GPP technical specifications for LTE or 5G/NR systems.
  • the example embodiments are not limited in this regard and the described embodiments may apply to other networks that benefit from the principles described herein, such as future 3 GPP systems, or the like.
  • the network 1100 may include a UE 1102, which may include any mobile or non-mobile computing device designed to communicate with a RAN 1104 via an over-the-air connection.
  • the UE 1102 may be communicatively coupled with the RAN 1104 by a Uu interface.
  • the UE 1102 may be, but is not limited to, a smartphone, tablet computer, wearable computer device, desktop computer, laptop computer, in-vehicle infotainment, in-car entertainment device, instrument cluster, head-up display device, onboard diagnostic device, dashtop mobile equipment, mobile data terminal, electronic engine management system, electronic/engine control unit, electronic/engine control module, embedded system, sensor, microcontroller, control module, engine management system, networked appliance, machine-type communication device, M2M or D2D device, loT device, etc.
  • the network 1100 may include a plurality of UEs coupled directly with one another via a sidelink interface.
  • the UEs may be M2M/D2D devices that communicate using physical sidelink channels such as, but not limited to, PSBCH, PSDCH, PSSCH, PSCCH, PSFCH, etc.
  • the UE 1102 may additionally communicate with an AP 1106 via an over-the-air connection.
  • the AP 1106 may manage a WLAN connection, which may serve to offload some/all network traffic from the RAN 1104.
  • the connection between the UE 1102 and the AP 1106 may be consistent with any IEEE 802.11 protocol, wherein the AP 1106 could be a wireless fidelity (Wi-Fi®) router.
  • the UE 1102, RAN 1104, and AP 1106 may utilize cellular- WLAN aggregation (for example, LWA/LWIP).
  • Cellular- WLAN aggregation may involve the UE 1102 being configured by the RAN 1104 to utilize both cellular radio resources and WLAN resources.
  • the RAN 1104 may include one or more access nodes, for example, AN 1108.
  • AN 1108 may terminate air-interface protocols for the UE 1102 by providing access stratum protocols including RRC, PDCP, RLC, MAC, and LI protocols. In this manner, the AN 1108 may enable data/voice connectivity between CN 1120 and the UE 1102.
  • the AN 1108 may be implemented in a discrete device or as one or more software entities running on server computers as part of, for example, a virtual network, which may be referred to as a CRAN or virtual baseband unit pool.
  • the AN 1108 be referred to as a BS, gNB, RAN node, eNB, ng-eNB, NodeB, RSU, TRxP, TRP, etc.
  • the AN 1108 may be a macrocell base station or a low power base station for providing femtocells, picocells or other like cells having smaller coverage areas, smaller user capacity, or higher bandwidth compared to macrocells.
  • the RAN 1104 may be coupled with one another via an X2 interface (if the RAN 1104 is an LTE RAN) or an Xn interface (if the RAN 1104 is a 5G RAN).
  • the X2/Xn interfaces which may be separated into control/user plane interfaces in some embodiments, may allow the ANs to communicate information related to handovers, data/context transfers, mobility, load management, interference coordination, etc.
  • the ANs of the RAN 1104 may each manage one or more cells, cell groups, component carriers, etc. to provide the UE 1102 with an air interface for network access.
  • the UE 1102 may be simultaneously connected with a plurality of cells provided by the same or different ANs of the RAN 1104.
  • the UE 1102 and RAN 1104 may use carrier aggregation to allow the UE 1102 to connect with a plurality of component carriers, each corresponding to a Pcell or Scell.
  • a first AN may be a master node that provides an MCG and a second AN may be secondary node that provides an SCG.
  • the first/second ANs may be any combination of eNB, gNB, ng-eNB, etc.
  • the RAN 1104 may provide the air interface over a licensed spectrum or an unlicensed spectrum.
  • the nodes may use LAA, eLAA, and/or feLAA mechanisms based on CA technology with PCells/Scells.
  • the nodes Prior to accessing the unlicensed spectrum, the nodes may perform medium/carrier-sensing operations based on, for example, a listen-before-talk (LBT) protocol.
  • LBT listen-before-talk
  • the UE 1102 or AN 1108 may be or act as a RSU, which may refer to any transportation infrastructure entity used for V2X communications.
  • An RSU may be implemented in or by a suitable AN or a stationary (or relatively stationary) UE.
  • An RSU implemented in or by: a UE may be referred to as a “UE-type RSU”; an eNB may be referred to as an “eNB-type RSU”; a gNB may be referred to as a “gNB-type RSU”; and the like.
  • an RSU is a computing device coupled with radio frequency circuitry located on a roadside that provides connectivity support to passing vehicle UEs.
  • the RSU may also include internal data storage circuitry to store intersection map geometry, traffic statistics, media, as well as applications/software to sense and control ongoing vehicular and pedestrian traffic.
  • the RSU may provide very low latency communications required for high speed events, such as crash avoidance, traffic warnings, and the like. Additionally or alternatively, the RSU may provide other cellular/WLAN communications services.
  • the components of the RSU may be packaged in a weatherproof enclosure suitable for outdoor installation, and may include a network interface controller to provide a wired connection (e.g., Ethernet) to a traffic signal controller or a backhaul network.
  • the RAN 1104 may be an LTE RAN 1110 with eNBs, for example, eNB 1112.
  • the LTE RAN 1110 may provide an LTE air interface with the following characteristics: SCS of 15 kHz; CP-OFDM waveform for DL and SC-FDMA waveform for UL; turbo codes for data and TBCC for control; etc.
  • the LTE air interface may rely on CSLRS for CSI acquisition and beam management; PDSCH/PDCCH DMRS for PDSCH/PDCCH demodulation; and CRS for cell search and initial acquisition, channel quality measurements, and channel estimation for coherent demodulation/detection at the UE.
  • the LTE air interface may operating on sub-6 GHz bands.
  • the RAN 1104 may be an NG-RAN 1114 with gNBs, for example, gNB 1116, or ng-eNBs, for example, ng-eNB 1118.
  • the gNB 1116 may connect with 5G-enabled UEs using a 5G NR interface.
  • the gNB 1116 may connect with a 5G core through an NG interface, which may include an N2 interface or an N3 interface.
  • the ng-eNB 1118 may also connect with the 5G core through an NG interface, but may connect with a UE via an LTE air interface.
  • the gNB 1116 and the ng-eNB 1118 may connect with each other over an Xn interface.
  • the NG interface may be split into two parts, an NG user plane (NG-U) interface, which carries traffic data between the nodes of the NG-RAN 1114 and a UPF 1148 (e.g., N3 interface), and an NG control plane (NG-C) interface, which is a signaling interface between the nodes of the NG-RAN1114 and an AMF 1144 (e.g., N2 interface).
  • NG-U NG user plane
  • N-C NG control plane
  • the NG-RAN 1114 may provide a 5G-NR air interface with the following characteristics: variable SCS; CP-OFDM for DL, CP-OFDM and DFT-s-OFDM for UL; polar, repetition, simplex, and Reed-Muller codes for control and LDPC for data.
  • the 5G-NR air interface may rely on CSLRS, PDSCH/PDCCH DMRS similar to the LTE air interface.
  • the 5G-NR air interface may not use a CRS, but may use PBCH DMRS for PBCH demodulation; PTRS for phase tracking for PDSCH; and tracking reference signal for time tracking.
  • the 5G-NR air interface may operating on FR1 bands that include sub-6 GHz bands or FR2 bands that include bands from 24.25 GHz to 52.6 GHz.
  • the 5G-NR air interface may include an SSB that is an area of a downlink resource grid that includes PSS/SSS/PBCH.
  • the 5G-NR air interface may utilize BWPs for various purposes.
  • BWP can be used for dynamic adaptation of the SCS.
  • the UE 1102 can be configured with multiple BWPs where each BWP configuration has a different SCS. When a BWP change is indicated to the UE 1102, the SCS of the transmission is changed as well.
  • Another use case example of BWP is related to power saving.
  • multiple BWPs can be configured for the UE 1102 with different amount of frequency resources (for example, PRBs) to support data transmission under different traffic loading scenarios.
  • a BWP containing a smaller number of PRBs can be used for data transmission with small traffic load while allowing power saving at the UE 1102 and in some cases at the gNB 1116.
  • a BWP containing a larger number of PRBs can be used for scenarios with higher traffic load.
  • the RAN 1104 is communicatively coupled to CN 1120 that includes network elements to provide various functions to support data and telecommunications services to customers/subscribers (for example, users of UE 1102).
  • the components of the CN 1120 may be implemented in one physical node or separate physical nodes.
  • NFV may be utilized to virtualize any or all of the functions provided by the network elements of the CN 1120 onto physical compute/storage resources in servers, switches, etc.
  • a logical instantiation of the CN 1120 may be referred to as a network slice, and a logical instantiation of a portion of the CN 1120 may be referred to as a network sub-slice.
  • the CN 1120 may be an LTE CN 1122, which may also be referred to as an EPC.
  • the LTE CN 1122 may include MME 1124, SGW 1126, SGSN 1128, HSS 1130, PGW 1132, and PCRF 1134 coupled with one another over interfaces (or “reference points”) as shown. Functions of the elements of the LTE CN 1122 may be briefly introduced as follows.
  • the MME 1124 may implement mobility management functions to track a current location of the UE 1102 to facilitate paging, bearer activation/deactivation, handovers, gateway selection, authentication, etc.
  • the SGW 1126 may terminate an SI interface toward the RAN and route data packets between the RAN and the LTE CN 1122.
  • the SGW 1126 may be a local mobility anchor point for inter-RAN node handovers and also may provide an anchor for inter-3 GPP mobility. Other responsibilities may include lawful intercept, charging, and some policy enforcement.
  • the SGSN 1128 may track a location of the UE 1102 and perform security functions and access control. In addition, the SGSN 1128 may perform inter-EPC node signaling for mobility between different RAT networks; PDN and S-GW selection as specified by MME 1124; MME selection for handovers; etc.
  • the S3 reference point between the MME 1124 and the SGSN 1128 may enable user and bearer information exchange for inter-3 GPP access network mobility in idle/active states.
  • the HSS 1130 may include a database for network users, including subscription-related information to support the network entities’ handling of communication sessions.
  • the HSS 1130 can provide support for routing/roaming, authentication, authorization, naming/addressing resolution, location dependencies, etc.
  • An S6a reference point between the HSS 1130 and the MME 1124 may enable transfer of subscription and authentication data for authenticating/authorizing user access to the LTE CN 1120.
  • the PGW 1132 may terminate an SGi interface toward a data network (DN) 1136 that may include an application/content server 1138.
  • the PGW 1132 may route data packets between the LTE CN 1122 and the data network 1136.
  • the PGW 1132 may be coupled with the SGW 1126 by an S5 reference point to facilitate user plane tunneling and tunnel management.
  • the PGW 1132 may further include a node for policy enforcement and charging data collection (for example, PCEF).
  • the SGi reference point between the PGW 1132 and the data network 11 36 may be an operator external public, a private PDN, or an intra-operator packet data network, for example, for provision of IMS services.
  • the PGW 1132 may be coupled with a PCRF 1134 via a Gx reference point.
  • the PCRF 1134 is the policy and charging control element of the LTE CN 1122.
  • the PCRF 1134 may be communicatively coupled to the app/content server 1138 to determine appropriate QoS and charging parameters for service flows.
  • the PCRF 1132 may provision associated rules into a PCEF (via Gx reference point) with appropriate TFT and QCI.
  • the CN 1120 may be a 5GC 1140.
  • the 5GC 1140 may include an AUSF 1142, AMF 1144, SMF 1146, UPF 1148, NSSF 1150, NEF 1152, NRF 1154, PCF 1156, UDM 1158, and AF 1160 coupled with one another over interfaces (or “reference points”) as shown.
  • Functions of the elements of the 5GC 1140 may be briefly introduced as follows.
  • the AUSF 1142 may store data for authentication of UE 1102 and handle authentication- related functionality.
  • the AUSF 1142 may facilitate a common authentication framework for various access types.
  • the AUSF 1142 may exhibit an Nausf service-based interface.
  • the AMF 1144 may allow other functions of the 5GC 1140 to communicate with the UE 1102 and the RAN 1104 and to subscribe to notifications about mobility events with respect to the UE 1102.
  • the AMF 1144 may be responsible for registration management (for example, for registering UE 1102), connection management, reachability management, mobility management, lawful interception of AMF -related events, and access authentication and authorization.
  • the AMF 1144 may provide transport for SM messages between the UE 1102 and the SMF 1146, and act as a transparent proxy for routing SM messages.
  • AMF 1144 may also provide transport for SMS messages between UE 1102 and an SMSF.
  • AMF 1144 may interact with the AUSF 1142 and the UE 1102 to perform various security anchor and context management functions.
  • AMF 1144 may be a termination point of a RAN CP interface, which may include or be an N2 reference point between the RAN 1104 and the AMF 1144; and the AMF 1144 may be a termination point of NAS (Nl) signaling, and perform NAS ciphering and integrity protection.
  • AMF 1144 may also support NAS signaling with the UE 1102 over an N3 IWF interface.
  • the SMF 1146 may be responsible for SM (for example, session establishment, tunnel management between UPF 1148 and AN 1108); UE IP address allocation and management (including optional authorization); selection and control of UP function; configuring traffic steering at UPF 1148 to route traffic to proper destination; termination of interfaces toward policy control functions; controlling part of policy enforcement, charging, and QoS; lawful intercept (for SM events and interface to LI system); termination of SM parts of NAS messages; downlink data notification; initiating AN specific SM information, sent via AMF 1144 over N2 to AN 1108; and determining SSC mode of a session.
  • SM may refer to management of a PDU session, and a PDU session or “session” may refer to a PDU connectivity service that provides or enables the exchange of PDUs between the UE 1102 and the data network 1136.
  • the UPF 1148 may act as an anchor point for intra-RAT and inter-RAT mobility, an external PDU session point of interconnect to data network 1136, and a branching point to support multi-homed PDU session.
  • the UPF 1148 may also perform packet routing and forwarding, perform packet inspection, enforce the user plane part of policy rules, lawfully intercept packets (UP collection), perform traffic usage reporting, perform QoS handling for a user plane (e.g., packet filtering, gating, UL/DL rate enforcement), perform uplink traffic verification (e.g., SDF- to-QoS flow mapping), transport level packet marking in the uplink and downlink, and perform downlink packet buffering and downlink data notification triggering.
  • UPF 1148 may include an uplink classifier to support routing traffic flows to a data network.
  • the NSSF 1150 may select a set of network slice instances serving the UE 1102.
  • the NSSF 1150 may also determine allowed NSSAI and the mapping to the subscribed S-NSSAIs, if needed.
  • the NSSF 1150 may also determine the AMF set to be used to serve the UE 1102, or a list of candidate AMFs based on a suitable configuration and possibly by querying the NRF 1154.
  • the selection of a set of network slice instances for the UE 1102 may be triggered by the AMF 1144 with which the UE 1102 is registered by interacting with the NSSF 1150, which may lead to a change of AMF.
  • the NSSF 1150 may interact with the AMF 1144 via an N22 reference point; and may communicate with another NSSF in a visited network via an N31 reference point (not shown). Additionally, the NSSF 1150 may exhibit an Nnssf service-based interface.
  • the NEF 1152 may securely expose services and capabilities provided by 3GPP network functions for third party, internal exposure/re-exposure, AFs (e.g., AF 1160), edge computing or fog computing systems, etc.
  • the NEF 1152 may authenticate, authorize, or throttle the AFs.
  • NEF 1152 may also translate information exchanged with the AF 1160 and information exchanged with internal network functions. For example, the NEF 1152 may translate between an AF-Service-Identifier and an internal 5GC information.
  • NEF 1152 may also receive information from other NFs based on exposed capabilities of other NFs. This information may be stored at the NEF 1152 as structured data, or at a data storage NF using standardized interfaces. The stored information can then be re-exposed by the NEF 1152 to other NFs and AFs, or used for other purposes such as analytics. Additionally, the NEF 1152 may exhibit an Nnef servicebased interface.
  • the NRF 1154 may support service discovery functions, receive NF discovery requests from NF instances, and provide the information of the discovered NF instances to the NF instances. NRF 1154 also maintains information of available NF instances and their supported services. As used herein, the terms “instantiate,” “instantiation,” and the like may refer to the creation of an instance, and an “instance” may refer to a concrete occurrence of an object, which may occur, for example, during execution of program code. Additionally, the NRF 1154 may exhibit the Nnrf service-based interface.
  • the PCF 1156 may provide policy rules to control plane functions to enforce them, and may also support unified policy framework to govern network behavior.
  • the PCF 1156 may also implement a front end to access subscription information relevant for policy decisions in a UDR of the UDM 1158.
  • the PCF 1156 exhibit an Npcf service-based interface.
  • the UDM 1158 may handle subscription-related information to support the network entities’ handling of communication sessions, and may store subscription data of UE 1102. For example, subscription data may be communicated via an N8 reference point between the UDM 1158 and the AMF 1144.
  • the UDM 1158 may include two parts, an application front end and a UDR.
  • the UDR may store subscription data and policy data for the UDM 1158 and the PCF 1156, and/or structured data for exposure and application data (including PFDs for application detection, application request information for multiple UEs 1102) for the NEF 1152.
  • the Nudr service-based interface may be exhibited by the UDR 221 to allow the UDM 1158, PCF 1156, and NEF 1152 to access a particular set of the stored data, as well as to read, update (e.g., add, modify), delete, and subscribe to notification of relevant data changes in the UDR.
  • the UDM may include a UDM- FE, which is in charge of processing credentials, location management, subscription management and so on. Several different front ends may serve the same user in different transactions.
  • the UDM-FE accesses subscription information stored in the UDR and performs authentication credential processing, user identification handling, access authorization, registration/mobility management, and subscription management.
  • the UDM 1158 may exhibit the Nudm service-based interface.
  • the AF 1160 may provide application influence on traffic routing, provide access to NEF, and interact with the policy framework for policy control.
  • the 5GC 1140 may enable edge computing by selecting operator/3 rd party services to be geographically close to a point that the UE 1102 is attached to the network. This may reduce latency and load on the network.
  • the 5GC 1140 may select a UPF 1148 close to the UE 1102 and execute traffic steering from the UPF 1148 to data network 1136 via the N6 interface. This may be based on the UE subscription data, UE location, and information provided by the AF 1160. In this way, the AF 1160 may influence UPF (re)selection and traffic routing.
  • the network operator may permit AF 1160 to interact directly with relevant NFs. Additionally, the AF 1160 may exhibit an Naf service-based interface.
  • the data network 1136 may represent various network operator services, Internet access, or third party services that may be provided by one or more servers including, for example, application/content server 1138.
  • FIG 12 schematically illustrates a wireless network 1200 in accordance with various embodiments.
  • the wireless network 1200 may include a UE 1202 in wireless communication with an AN 1204.
  • the UE 1202 and AN 1204 may be similar to, and substantially interchangeable with, like-named components described elsewhere herein.
  • the UE 1202 may be communicatively coupled with the AN 1204 via connection 1206.
  • connection 1206 is illustrated as an air interface to enable communicative coupling, and can be consistent with cellular communications protocols such as an LTE protocol or a 5G NR. protocol operating at mmWave or sub-6GHz frequencies.
  • cellular communications protocols such as an LTE protocol or a 5G NR. protocol operating at mmWave or sub-6GHz frequencies.
  • the UE 1202 may include a host platform 1208 coupled with a modem platform 1210.
  • the host platform 1208 may include application processing circuitry 1212, which may be coupled with protocol processing circuitry 1214 of the modem platform 1210.
  • the application processing circuitry 1212 may run various applications for the UE 1202 that source/sink application data.
  • the application processing circuitry 1212 may further implement one or more layer operations to transmit/receive application data to/from a data network. These layer operations may include transport (for example UDP) and Internet (for example, IP) operations
  • the protocol processing circuitry 1214 may implement one or more of layer operations to facilitate transmission or reception of data over the connection 1206.
  • the layer operations implemented by the protocol processing circuitry 1214 may include, for example, MAC, RLC, PDCP, RRC and NAS operations.
  • the modem platform 1210 may further include digital baseband circuitry 1216 that may implement one or more layer operations that are “below” layer operations performed by the protocol processing circuitry 1214 in a network protocol stack. These operations may include, for example, PHY operations including one or more of HARQ-ACK functions, scrambling/descrambling, encoding/decoding, layer mapping/de-mapping, modulation symbol mapping, received symbol/bit metric determination, multi-antenna port precoding/decoding, which may include one or more of space-time, space-frequency or spatial coding, reference signal generation/detection, preamble sequence generation and/or decoding, synchronization sequence generation/detection, control channel signal blind decoding, and other related functions.
  • PHY operations including one or more of HARQ-ACK functions, scrambling/descrambling, encoding/decoding, layer mapping/de-mapping, modulation symbol mapping, received symbol/bit metric determination, multi-antenna port precoding/decoding, which may
  • the modem platform 1210 may further include transmit circuitry 1218, receive circuitry 1220, RF circuitry 1222, and RF front end (RFFE) 1224, which may include or connect to one or more antenna panels 1226.
  • the transmit circuitry 1218 may include a digital-to-analog converter, mixer, intermediate frequency (IF) components, etc.
  • the receive circuitry 1220 may include an analog-to-digital converter, mixer, IF components, etc.
  • the RF circuitry 1222 may include a low-noise amplifier, a power amplifier, power tracking components, etc.
  • RFFE 1224 may include filters (for example, surface/bulk acoustic wave filters), switches, antenna tuners, beamforming components (for example, phase-array antenna components), etc.
  • transmit/receive components may be specific to details of a specific implementation such as, for example, whether communication is TDM or FDM, in mmWave or sub-6 gHz frequencies, etc.
  • the transmit/receive components may be arranged in multiple parallel transmit/receive chains, may be disposed in the same or different chips/modules, etc.
  • the protocol processing circuitry 1214 may include one or more instances of control circuitry (not shown) to provide control functions for the transmit/receive components.
  • a UE reception may be established by and via the antenna panels 1226, RFFE 1224, RF circuitry 1222, receive circuitry 1220, digital baseband circuitry 1216, and protocol processing circuitry 1214.
  • the antenna panels 1226 may receive a transmission from the AN 1204 by receive-beamforming signals received by a plurality of antennas/antenna elements of the one or more antenna panels 1226.
  • a UE transmission may be established by and via the protocol processing circuitry 1214, digital baseband circuitry 1216, transmit circuitry 1218, RF circuitry 1222, RFFE 1224, and antenna panels 1226.
  • the transmit components of the UE 1204 may apply a spatial filter to the data to be transmitted to form a transmit beam emitted by the antenna elements of the antenna panels 1226.
  • the AN 1204 may include a host platform 1228 coupled with a modem platform 1230.
  • the host platform 1228 may include application processing circuitry 1232 coupled with protocol processing circuitry 1234 of the modem platform 1230.
  • the modem platform may further include digital baseband circuitry 1236, transmit circuitry 1238, receive circuitry 1240, RF circuitry 1242, RFFE circuitry 1244, and antenna panels 1246.
  • the components of the AN 1204 may be similar to and substantially interchangeable with like- named components of the UE 1202.
  • the components of the AN 1208 may perform various logical functions that include, for example, RNC functions such as radio bearer management, uplink and downlink dynamic radio resource management, and data packet scheduling.
  • Figure 13 is a block diagram illustrating components, according to some example embodiments, able to read instructions from a machine-readable or computer-readable medium (e.g., a non-transitory machine-readable storage medium) and perform any one or more of the methodologies discussed herein.
  • Figure 13 shows a diagrammatic representation of hardware resources 1300 including one or more processors (or processor cores) 1310, one or more memory/storage devices 1320, and one or more communication resources 1330, each of which may be communicatively coupled via a bus 1340 or other interface circuitry.
  • a hypervisor 1302 may be executed to provide an execution environment for one or more network slices/sub-slices to utilize the hardware resources 1300.
  • the processors 1310 may include, for example, a processor 1312 and a processor 1314.
  • the processors 1310 may be, for example, a central processing unit (CPU), a reduced instruction set computing (RISC) processor, a complex instruction set computing (CISC) processor, a graphics processing unit (GPU), a DSP such as a baseband processor, an ASIC, an FPGA, a radiofrequency integrated circuit (RFIC), another processor (including those discussed herein), or any suitable combination thereof.
  • CPU central processing unit
  • RISC reduced instruction set computing
  • CISC complex instruction set computing
  • GPU graphics processing unit
  • DSP such as a baseband processor, an ASIC, an FPGA, a radiofrequency integrated circuit (RFIC), another processor (including those discussed herein), or any suitable combination thereof.
  • the memory/storage devices 1320 may include main memory, disk storage, or any suitable combination thereof.
  • the memory/storage devices 1320 may include, but are not limited to, any type of volatile, non-volatile, or semi-volatile memory such as dynamic random access memory (DRAM), static random access memory (SRAM), erasable programmable read-only memory (EPROM), electrically erasable programmable read-only memory (EEPROM), Flash memory, solid-state storage, etc.
  • DRAM dynamic random access memory
  • SRAM static random access memory
  • EPROM erasable programmable read-only memory
  • EEPROM electrically erasable programmable read-only memory
  • Flash memory solid-state storage, etc.
  • the communication resources 1330 may include interconnection or network interface controllers, components, or other suitable devices to communicate with one or more peripheral devices 1304 or one or more databases 1306 or other network elements via a network 1308.
  • the communication resources 1330 may include wired communication components (e.g., for coupling via USB, Ethernet, etc.), cellular communication components, NFC components, Bluetooth® (or Bluetooth® Low Energy) components, Wi-Fi® components, and other communication components.
  • Instructions 1350 may comprise software, a program, an application, an applet, an app, or other executable code for causing at least any of the processors 1310 to perform any one or more of the methodologies discussed herein.
  • the instructions 1350 may reside, completely or partially, within at least one of the processors 1310 (e.g., within the processor’s cache memory), the memory/storage devices 1320, or any suitable combination thereof.
  • any portion of the instructions 1350 may be transferred to the hardware resources 1300 from any combination of the peripheral devices 1304 or the databases 1306. Accordingly, the memory of processors 1310, the memory/storage devices 1320, the peripheral devices 1304, and the databases 1306 are examples of computer-readable and machine-readable media.
  • FIG 14 provides a high-level view of an Open RAN (O-RAN) architecture 1400.
  • the O-RAN architecture 1400 may include elements similar to those previously described.
  • the O-RAN architecture 1400 includes four O-RAN defined interfaces - namely, the Al interface, the 01 interface, the 02 interface, and the Open Fronthaul Management (M)-plane interface - which connect the Service Management and Orchestration (SMO) framework 1402 to O-RAN network functions (NFs) 1404 and the O-Cloud 1406.
  • SMO 1402 (described in [013]) also connects with an external system 1410, which provides enrighment data to the SMO 1402.
  • FIG 14 also illustrates that the Al interface terminates at an O-RAN Non-Real Time (RT) RAN Intelligent Controller (RIC) 1412 in or at the SMO 1402 and at the O-RAN Near-RT RIC 1414 in or at the O-RAN NFs 1404.
  • the O-RAN NFs 1404 can be VNFs such as VMs or containers, sitting above the O-Cloud 1406 and/or Physical Network Functions (PNFs) utilizing customized hardware. All O-RAN NFs 1404 are expected to support the 01 interface when interfacing the SMO framework 1402.
  • the O-RAN NFs 1404 connect to the NG-Core 1408 via the NG interface (which is a 3GPP defined interface).
  • the Open Fronthaul M-plane interface between the SMO 1402 and the O-RAN Radio Unit (0-RU) 1416 supports the 0-RU 1416 management in the O-RAN hybrid model as specified in [016],
  • the Open Fronthaul M-plane interface is an optional interface to the SMO 1402 that is included for backward compatibility purposes as per [016], and is intended for management of the 0-RU 1416 in hybrid mode only.
  • the management architecture of flat mode [012] and its relation to the 01 interface for the 0-RU 1416 is for future study.
  • the 0-RU 1416 termination of the 01 interface towards the SMO 1402 as specified in [012],
  • Figure 15 shows an O-RAN logical architecture 1500 corresponding to the O-RAN architecture 1400 of Figure 14.
  • the SMO 1502 corresponds to the SMO 1402
  • O- Cloud 1506 corresponds to the O-Cloud 1406
  • the non-RT RIC 1512 corresponds to the non-RT RIC 1412
  • the near-RT RIC 1514 corresponds to the near-RT RIC 1414
  • the 0-RU 1516 corresponds to the O-RU 1416 of Figure 14, respectively.
  • the O-RAN logical architecture 1500 includes a radio portion and a management portion.
  • the management portion/side of the architectures 1500 includes the SMO Framework 1502 containing the non-RT RIC 1512, and may include the O-Cloud 1506.
  • the O-Cloud 1506 is a cloud computing platform including a collection of physical infrastructure nodes to host the relevant O-RAN functions (e.g., the near-RT RIC 1514, O-CU-CP 1521, O-CU-UP 1522, and the 0-DU 1515), supporting software components (e.g., OSs, VMMs, container runtime engines, ML engines, etc.), and appropriate management and orchestration functions.
  • the radio portion/side of the logical architecture 1500 includes the near-RT RIC 1514, the O-RAN Distributed Unit (0-DU) 1515, the O-RU 1516, the O-RAN Central Unit - Control Plane (O-CU-CP) 1521, and the O-RAN Central Unit - User Plane (O-CU-UP) 1522 functions.
  • the radio portion/side of the logical architecture 1500 may also include the O-e/gNB 1510.
  • the 0-DU 1515 is a logical node hosting RLC, MAC, and higher PHY layer entities/elements (High-PHY layers) based on a lower layer functional split.
  • the O-RU 1516 is a logical node hosting lower PHY layer entities/elements (Low-PHY layer) (e.g., FFT/iFFT, PRACH extraction, etc.) and RF processing elements based on a lower layer functional split. Virtualization of O-RU 1516 is FFS.
  • the O-CU-CP 1521 is a logical node hosting the RRC and the control plane (CP) part of the PDCP protocol.
  • the O O-CU-UP 1522 is a a logical node hosting the user plane part of the PDCP protocol and the SDAP protocol.
  • An E2 interface terminates at a plurality of E2 nodes.
  • the E2 nodes are logical nodes/entities that terminate the E2 interface.
  • the E2 nodes include the O-CU- CP 1521, O-CU-UP 1522, O-DU 1515, or any combination of elements as defined in [015],
  • the E2 nodes include the O-e/gNB 1510.
  • the E2 interface also connects the O-e/gNB 1510 to the Near-RT RIC 1514.
  • the protocols over E2 interface are based exclusively on Control Plane (CP) protocols.
  • CP Control Plane
  • the E2 functions are grouped into the following categories: (a) near-RT RIC 1514 services (REPORT, INSERT, CONTROL and POLICY, as described in [015]); and (b) near-RT RIC 1514 support functions, which include E2 Interface Management (E2 Setup, E2 Reset, Reporting of General Error Situations, etc.) and Near- RT RIC Service Update (e.g., capability exchange related to the list of E2 Node functions exposed over E2).
  • E2 Interface Management E2 Setup, E2 Reset, Reporting of General Error Situations, etc.
  • Near- RT RIC Service Update e.g., capability exchange related to the list of E2 Node functions exposed over E2.
  • Figure 15 shows the Uu interface between a UE 1501 and O-e/gNB 1510 as well as between the UE 1501 and O-RAN components.
  • the Uu interface is a 3GPP defined interface (see e.g., sections 5.2 and 5.3 of [007]), which includes a complete protocol stack from LI to L3 and terminates in the NG-RAN or E-UTRAN.
  • the O-e/gNB 1510 is an LTE eNB [004], a 5G gNB or ng-eNB [006] that supports the E2 interface.
  • the O-e/gNB 1510 may be the same or similar as eNB 1112, gNB 1116, ng-eNB 1118, RAN 1608, RAN ZZY10, or some other base station, RAN, or nodeB discussed previously.
  • the a UE 1501 may correspond to UEs 1102, 1202, 1602, UE ZZY05, or some other UE discussed with respect to other Figures herein, and/or the like.
  • the O-e/gNB 1510 supports 0-DU 1515 and 0-RU 1516 functions with an Open Fronthaul interface between them.
  • the Open Fronthaul (OF) interface(s) is/are between 0-DU 1515 and 0-RU 1516 functions [016] [017],
  • the OF interface(s) includes the Control User Synchronization (CUS) Plane and Management (M) Plane.
  • CUS Control User Synchronization
  • M Management
  • Figures 14 and 15 also show that the 0-RU 1516 terminates the OF M-Plane interface towards the 0-DU 1515 and optionally towards the SMO 1502 as specified in [016],
  • the 0-RU 1516 terminates the OF CUS-Plane interface towards the 0-DU 1515 and the SMO 1502.
  • the Fl-c interface connects the O-CU-CP 1521 with the 0-DU 1515.
  • the Fl-c interface is between the gNB-CU-CP and gNB-DU nodes [007] [OlO], However, for purposes of 0-RAN, the Fl-c interface is adopted between the O-CU-CP 1521 with the 0-DU 1515 functions while reusing the principles and protocol stack defined by 3GPP and the definition of interoperability profile specifications.
  • the Fl-u interface connects the O-CU-UP 1522 with the 0-DU 1515.
  • the Fl-u interface is between the gNB-CU-UP and gNB-DU nodes [007] [OlO], However, for purposes of 0-RAN, the Fl-u interface is adopted between the O-CU-UP 1522 with the 0-DU 1515 functions while reusing the principles and protocol stack defined by 3GPP and the definition of interoperability profile specifications.
  • the NG-c interface is defined by 3GPP as an interface between the gNB-CU-CP and the AMF in the 5GC [006], The NG-c is also referred as the N2 interface (see [006]).
  • the NG-u interface is defined by 3GPP, as an interface between the gNB-CU-UP and the UPF in the 5GC [006], The NG-u interface is referred as the N3 interface (see [006]).
  • NG-c and NG- u protocol stacks defined by 3 GPP are reused and may be adapted for 0-RAN purposes.
  • the X2-c interface is defined in 3GPP for transmitting control plane information between eNBs or between eNB and en-gNB in EN-DC.
  • the X2-u interface is defined in 3GPP for transmitting user plane information between eNBs or between eNB and en-gNB in EN-DC (see e.g., [005], [006]).
  • X2-c and X2-u protocol stacks defined by 3GPP are reused and may be adapted for 0-RAN purposes
  • the Xn-c interface is defined in 3GPP for transmitting control plane information between gNBs, ng-eNBs, or between an ng-eNB and gNB.
  • the Xn-u interface is defined in 3GPP for transmitting user plane information between gNBs, ng-eNBs, or between ng-eNB and gNB (see e.g., [006], [008]).
  • Xn-c and Xn-u protocol stacks defined by 3GPP are reused and may be adapted for 0-RAN purposes
  • the El interface is defined by 3GPP as being an interface between the gNB-CU-CP (e.g., gNB-CU-CP 3728) and gNB-CU-UP (see e.g., [007], [009]).
  • gNB-CU-CP e.g., gNB-CU-CP 3728
  • gNB-CU-UP see e.g., [007], [009].
  • El protocol stacks defined by 3GPP are reused and adapted as being an interface between the O-CU-CP 1521 and the 0-CU-UP 1522 functions.
  • the 0-RAN Non-Real Time (RT) RAN Intelligent Controller (RIC) 1512 is a logical function within the SMO framework 1402, 1502 that enables non-real-time control and optimization of RAN elements and resources; Al/machine learning (ML) workfl ow(s) including model training, inferences, and updates; and policy -based guidance of applications/features in the Near-RT RIC 1514.
  • RT Non-Real Time
  • RIC RAN Intelligent Controller
  • the 0-RAN near-RT RIC 1514 is a logical function that enables near-real-time control and optimization of RAN elements and resources via fine-grained data collection and actions over the E2 interface.
  • the near-RT RIC 1514 may include one or more AI/ML workflows including model training, inferences, and updates.
  • the non-RT RIC 1512 can be an ML training host to host the training of one or more ML models. ML training can be performed offline using data collected from the RIC, 0-DU 1515 and 0-RU 1516.
  • non-RT RIC 1512 is part of the SMO 1502
  • the ML training host and/or ML model host/actor can be part of the non-RT RIC 1512 and/or the near-RT RIC 1514.
  • the ML training host and ML model host/actor can be part of the non-RT RIC 1512 and/or the near-RT RIC 1514.
  • the ML training host and ML model host/actor may be co-located as part of the non-RT RIC 1512 and/or the near-RT RIC 1514.
  • the non-RT RIC 1512 may request or trigger ML model training in the training hosts regardless of where the model is deployed and executed. ML models may be trained and not currently deployed.
  • the non-RT RIC 1512 provides a query-able catalog for an ML designer/developer to publish/install trained ML models (e.g., executable software components).
  • the non-RT RIC 1512 may provide discovery mechanism if a particular ML model can be executed in a target ML inference host (MF), and what number and type of ML models can be executed in the MF.
  • MF target ML inference host
  • the non-RT RIC 1512 there may be three types of ML catalogs made disoverable by the non-RT RIC 1512: a design-time catalog (e.g., residing outside the non-RT RIC 1512 and hosted by some other ML platform(s)), a training/deployment-time catalog (e.g., residing inside the non-RT RIC 1512), and a run-time catalog (e.g., residing inside the non-RT RIC 1512).
  • the non-RT RIC 1512 supports necessary capabilities for ML model inference in support of ML assisted solutions running in the non-RT RIC 1512 or some other ML inference host. These capabilities enable executable software to be installed such as VMs, containers, etc.
  • the non-RT RIC 1512 may also include and/or operate one or more ML engines, which are packaged software executable libraries that provide methods, routines, data types, etc., used to run ML models.
  • the non-RT RIC 1512 may also implement policies to switch and activate ML model instances under different operating conditions.
  • the non-RT RIC 1512 is be able to access feedback data (e.g., FM and PM statistics) over the 01 interface on ML model performance and perform necessary evaluations. If the ML model fails during runtime, an alarm can be generated as feedback to the non-RT RIC 1512. How well the ML model is performing in terms of prediction accuracy or other operating statistics it produces can also be sent to the non-RT RIC 1512 over 01.
  • the non-RT RIC 1512 can also scale ML model instances running in a target MF over the 01 interface by observing resource utilization in MF.
  • the environment where the ML model instance is running (e.g., the MF) monitors resource utilization of the running ML model.
  • the scaling mechanism may include a scaling factor such as an number, percentage, and/or other like data used to scale up/down the number of ML instances.
  • ML model instances running in the target ML inference hosts may be automatically scaled by observing resource utilization in the MF. For example, the Kubemetes® (K8s) runtime environment typically provides an auto-scaling feature.
  • the Al interface is between the non-RT RIC 1512 (within or outside the SMO 1502) and the near-RT RIC 1514.
  • the Al interface supports three types of services as defined in [014], including a Policy Management Service, an Enrichment Information Service, and ML Model Management Service.
  • Al policies have the following characteristics compared to persistent configuration [014]: Al policies are not critical to traffic; Al policies have temporary validity; Al policies may handle individual UE or dynamically defined groups of UEs; Al policies act within and take precedence over the configuration; and Al policies are non-persistent, i.e., do not survive a restart of the near-RT RIC.
  • O-RAN Alliance Working Group 1 O-RAN Operations and Maintenance Interface Specification, version 2.0 (Dec 2019) (“0-RAN-WG1.01-Interface-v02.00”).
  • O-RAN Alliance Working Group 2, O-RAN Al interface: General Aspects and Principles Specification, version 1.0 (Oct 2019) (“ORAN-WG2.Al.GA&P-v01.00”).
  • O-RAN Alliance Working Group 3, Near-Real-time RAN Intelligent Controller Architecture & E2 General Aspects and Principles (“ORAN-WG3.E2GAP.0-v0.1”).
  • O-RAN Alliance Working Group 4 O-RAN Fronthaul Management Plane Specification, version 2.0 (July 2019) (“ORAN-WG4.MP.0-v02.00.00”).
  • O-RAN Alliance Working Group 4 O-RAN Fronthaul Control, User and Synchronization Plane Specification, version 2.0 (July 2019) (“ORAN-WG4.CUS.0-v02.00”).
  • Figure 16 illustrates a network 1600 in accordance with various embodiments.
  • the network 1600 may include one or more elements similar to those described above such as a SOCF 1620, a SOEF 1618, a Comp CF 1624, a Comp SF 1636, etc.
  • the network 1600 may operate in a matter consistent with 3GPP technical specifications or technical reports for 6G systems.
  • the network 1600 may operate concurrently with network 1100.
  • the network 1600 may share one or more frequency or bandwidth resources with network 1100.
  • a UE e.g., UE 1602
  • UE 1602 may be configured to operate in both network 1600 and network 1100.
  • Such configuration may be based on a UE including circuitry configured for communication with frequency and bandwidth resources of both networks 1100 and 1600.
  • a UE including circuitry configured for communication with frequency and bandwidth resources of both networks 1100 and 1600.
  • several elements of network 1600 may share one or more characteristics with elements of network 1100. For the sake of brevity and clarity, such elements may not be repeated in the description of network 1600.
  • the network 1600 may include a UE 1602, which may include any mobile or non-mobile computing device designed to communicate with a RAN 1608 via an over-the-air connection.
  • the UE 1602 may be similar to, for example, UE 1102.
  • the UE 1602 may be, but is not limited to, a smartphone, tablet computer, wearable computer device, desktop computer, laptop computer, in- vehicle infotainment, in-car entertainment device, instrument cluster, head-up display device, onboard diagnostic device, dashtop mobile equipment, mobile data terminal, electronic engine management system, electronic/engine control unit, electronic/engine control module, embedded system, sensor, microcontroller, control module, engine management system, networked appliance, machine-type communication device, M2M or D2D device, loT device, etc.
  • the network 1600 may include a plurality of UEs coupled directly with one another via a sidelink interface.
  • the UEs may be M2M/D2D devices that communicate using physical sidelink channels such as, but not limited to, PSBCH, PSDCH, PSSCH, PSCCH, PSFCH, etc.
  • the UE 1602 may be communicatively coupled with an AP such as AP 1106 as described with respect to Figure 11.
  • the RAN 1608 may include one or more ANss such as AN 1108 as described with respect to Figure 11.
  • the RAN 1608 and/or the AN of the RAN 1608 may be referred to as a base station (BS), a RAN node, or using some other term or name.
  • the UE 1602 and the RAN 1608 may be configured to communicate via an air interface that may be referred to as a sixth generation (6G) air interface.
  • the 6G air interface may include one or more features such as communication in a terahertz (THz) or sub-THz bandwidth, or joint communication and sensing.
  • THz terahertz
  • sub-THz bandwidth may refer to a system that allows for wireless communication as well as radar-based sensing via various types of multiplexing.
  • THz or sub-THz bandwidths may refer to communication in the 80 GHz and above frequency ranges. Such frequency ranges may additionally or alternatively be referred to as “millimeter wave” or “mmWave” frequency ranges.
  • the RAN 1608 may allow for communication between the UE 1602 and a 6G core network (CN) 1610. Specifically, the RAN 1608 may facilitate the transmission and reception of data between the UE 1602 and the 6G CN 1610.
  • the 6G CN 1610 may include various functions such as NSSF 1150, NEF 1152, NRF 1154, PCF 1156, UDM 1158, AF 1160, SMF 1146, and AUSF 1142.
  • the 6G CN 1610 may additional include UPF 1148 and DN 1136 as shown in Figure 16.
  • the RAN 1608 may include various additional functions that are in addition to, or alternative to, functions of a legacy cellular network such as a 4G or 5G network.
  • Two such functions may include a Compute Control Function (Comp CF) 1624 and a Compute Service Function (Comp SF) 1636.
  • the Comp CF 1624 and the Comp SF 1636 may be parts or functions of the Computing Service Plane.
  • Comp CF 1624 may be a control plane function that provides functionalities such as management of the Comp SF 1636, computing task context generation and management (e.g., create, read, modify, delete), interaction with the underlaying computing infrastructure for computing resource management, etc..
  • Comp SF 1636 may be a user plane function that serves as the gateway to interface computing service users (such as UE 1602) and computing nodes behind a Comp SF instance. Some functionalities of the Comp SF 1636 may include: parse computing service data received from users to compute tasks executable by computing nodes; hold service mesh ingress gateway or service API gateway; service and charging policies enforcement; performance monitoring and telemetry collection, etc. In some embodiments, a Comp SF 1636 instance may serve as the user plane gateway for a cluster of computing nodes. A Comp CF 1624 instance may control one or more Comp SF 1636 instances.
  • Two other such functions may include a Communication Control Function (Comm CF) 1628 and a Communication Service Function (Comm SF) 1638, which may be parts of the Communication Service Plane.
  • the Comm CF 1628 may be the control plane function for managing the Comm SF 1638, communication sessions creation/configuration/releasing, and managing communication session context.
  • the Comm SF 1638 may be a user plane function for data transport.
  • Comm CF 1628 and Comm SF 1638 may be considered as upgrades of SMF 1146 and UPF 1148, which were described with respect to a 5G system in Figure 11.
  • the upgrades provided by the Comm CF 1628 and the Comm SF 1638 may enable service-aware transport. For legacy (e.g., 4G or 5G) data transport, SMF 1146 and UPF 1148 may still be used.
  • Data CF 1622 may be a control plane function and provides functionalities such as Data SF 1632 management, Data service creation/configuration/releasing, Data service context management, etc.
  • Data SF 1632 may be a user plane function and serve as the gateway between data service users (such as UE 1602 and the various functions of the 6G CN 1610) and data service endpoints behind the gateway. Specific functionalities may include include: parse data service user data and forward to corresponding data service endpoints, generate charging data, report data service status.
  • SOCF 1620 may discover, orchestrate and chain up communi cation/computing/data services provided by functions in the network.
  • SOCF 1620 may interact with one or more of Comp CF 1624, Comm CF 1628, and Data CF 1622 to identify Comp SF 1636, Comm SF 1638, and Data SF 1632 instances, configure service resources, and generate the service chain, which could contain multiple Comp SF 1636, Comm SF 1638, and Data SF 1632 instances and their associated computing endpoints. Workload processing and data movement may then be conducted within the generated service chain.
  • the SOCF 1620 may also responsible for maintaining, updating, and releasing a created service chain.
  • SRF 1614 may act as a registry for system services provided in the user plane such as services provided by service endpoints behind Comp SF 1636 and Data SF 1632 gateways and services provided by the UE 1602.
  • the SRF 1614 may be considered a counterpart of NRF 1154, which may act as the registry for network functions.
  • Other such functions may include an evolved service communication proxy (eSCP) and service infrastructure control function (SICF) 1626, which may provide service communication infrastructure for control plane services and user plane services.
  • eSCP evolved service communication proxy
  • SIF service infrastructure control function
  • the eSCP may be related to the service communication proxy (SCP) of 5G with user plane service communication proxy capabilities being added.
  • the eSCP is therefore expressed in two parts: eCSP-C 1612 and eSCP- U 1634, for control plane service communication proxy and user plane service communication proxy, respectively.
  • the SICF 1626 may control and configure eCSP instances in terms of service traffic routing policies, access rules, load balancing configurations, performance monitoring, etc.
  • the AMF 1644 may be similar to 1144, but with additional functionality. Specifically, the AMF 1644 may include potential functional repartition, such as move the message forwarding functionality from the AMF 1644 to the RAN 1608.
  • SOEF service orchestration exposure function
  • the SOEF may be configured to expose service orchestration and chaining services to external users such as applications.
  • the UE 1602 may include an additional function that is referred to as a computing client service function (comp CSF) 1604.
  • the comp CSF 1604 may have both the control plane functionalities and user plane functionalities, and may interact with corresponding network side functions such as SOCF 1620, Comp CF 1624, Comp SF 1636, Data CF 1622, and/or Data SF 1632 for service discovery, request/response, compute task workload exchange, etc.
  • the Comp CSF 1604 may also work with network side functions to decide on whether a computing task should be run on the UE 1602, the RAN 1608, and/or an element of the 6G CN 1610.
  • the UE 1602 and/or the Comp CSF 1604 may include a service mesh proxy 1606.
  • the service mesh proxy 1606 may act as a proxy for service-to-service communication in the user plane. Capabilities of the service mesh proxy 1606 may include one or more of addressing, security, load balancing, etc.
  • the electronic device(s), network(s), system(s), chip(s) or component(s), or portions or implementations thereof, of Figures 11-13, or some other figure herein may be configured to perform one or more processes, techniques, or methods as described herein, or portions thereof.
  • One such process is depicted in Figure 17.
  • the process may include identifying, at 1701 in a sixth generation (6G) cellular network, that a first element of the 6G cellular network is to be authenticated with a second element of the 6G cellular network; identifying, at 1702, one or more credentials related to interface authentication; and authenticating, at 1703, the first element with the second element based on the one or more credentials.
  • 6G sixth generation
  • the process of Figure 18 may be performed by one or more processors that implement a client service function (CSF), for example processors of a user equipment (UE).
  • CSF client service function
  • UE user equipment
  • the process may include identifying, at 1801, an authentication parameter; and establishing, at 1802 based on the authentication parameter, a transport layer security (TLS) session with a service orchestration and chaining function (SOCF).
  • TLS transport layer security
  • SOCF service orchestration and chaining function
  • the process of Figure 19 may be performed by one or more processors that implement a service orchestration and chaining function (SOCF).
  • SOCF service orchestration and chaining function
  • the process may include identifying, at 1901, an authentication parameter; and establishing, at 1902 based on the authentication parameter, a transport layer security (TLS) session with a client service function (CSF) of a user equipment (UE).
  • TLS transport layer security
  • CSF client service function
  • UE user equipment
  • At least one of the components set forth in one or more of the preceding figures may be configured to perform one or more operations, techniques, processes, and/or methods as set forth in the example section below.
  • the baseband circuitry as described above in connection with one or more of the preceding figures may be configured to operate in accordance with one or more of the examples set forth below.
  • circuitry associated with a UE, base station, network element, etc. as described above in connection with one or more of the preceding figures may be configured to operate in accordance with one or more of the examples set forth below in the example section.
  • Example 1 may include the method to authenticate the UE with 6G SOCF using mTLS and 6G CSF with 6G COMP CF/SOCF by using credentials used for interface authentication.
  • Example 2 may include the method to authenticate the 6G CSF with 6G COMP CF/SOCF by using credentials used for interface authentication.
  • Example 3 may include the method to secure interface between CSF, SOCF, and between UE, CompCF with confidentiality integrity.
  • Example 4 may include the methods for authentication and protection between 6G CSF and the 6G COMP CF/SOCF
  • Example 5 may include the method of example 3 or some other example herein, wherein The OAuth 2.0 token-based mechanism to authorize 6G CSF's service requests to the 6G COMP CF/SOCF.
  • Example 6 may include the method of example 3 or some other example herein, wherein Establish dedicated secure sessions between 6G UE and CompCF using TLS based on certificate-based mutual authentication.
  • Method 3 The 6G CSF and the 6G COMP CF/SOCF establish a dedicated secure session using a TLS connection based on Pre-Shared Key (PSK).
  • PSK Pre-Shared Key
  • Example 7 may include a method comprising: identifying, in a sixth generation (6G) cellular network, that a first element of the 6G cellular network is to be authenticated with a second element of the 6G cellular network; identifying one or more credentials related to interface authentication; and authenticating the first element with the second element based on the one or more credentials.
  • 6G sixth generation
  • Example 8 may include the method of example 7, and/or some other example herein, wherein the first element is a user equipment (UE) and the second element is an SOCF.
  • UE user equipment
  • Example 9 may include the method of example 8, and/or some other example herein, wherein the authenticating is based on mTLS.
  • Example 10 may include the method of example 7, and/or some other example herein, wherein the first element is a CSF.
  • Example 11 may include the method of example 10, and/or some other example herein, wherein the second element includes a COMP CF.
  • Example 12 may include the method of example 10, and/or some other example herein, wherein the second element includes a SOCF.
  • Example 13 may include a computing device comprising: one or more processors to implement a client service function (CSF); and one or more non-transitory computer-readable media comprising instructions that, upon execution of the instructions by the one or more processors, are to cause the CSF to: identify an authentication parameter; and establish, based on the authentication parameter, a transport layer security (TLS) session with a service orchestration and chaining function (SOCF).
  • CSF client service function
  • TLS transport layer security
  • SOCF service orchestration and chaining function
  • Example 14 may include the computing device of example 13, and/or some other example herein, wherein the authentication parameter includes a client certificate and a server certificate.
  • Example 15 may include the computing device of example 14, and/or some other example herein, wherein establishment of the TLS session includes mutual TLS (mTLS) authentication between the UE and the SOCF based on the client certificate and the server certificate.
  • mTLS mutual TLS
  • Example 16 may include the computing device of example 13, and/or some other example herein, wherein the authentication parameter is a pre-shared key (PSK).
  • PSK pre-shared key
  • Example 17 may include the computing device of any of examples 13-16, and/or some other example herein, wherein the instructions are further to establish, prior to establishment of the TLS session with the SOCF, a hypertext transport protocol (HTTP) session with an authentication, authorization, and accounting (AAA) server.
  • Example 18 may include the computing device of example 17, and/or some other example herein, wherein the AAA server is the SOCF.
  • Example 19 may include the computing device of example 17, and/or some other example herein, wherein the AAA server is a network slice-specific authentication and authorization function (NSSAAF).
  • NSSAAF network slice-specific authentication and authorization function
  • Example 20 may include the computing device of any of examples 13-19, and/or some other example herein, wherein the computing device is a user equipment (UE).
  • UE user equipment
  • Example 21 may include a computing device comprising: one or more processors to implement a service orchestration and chaining function (SOCF); and one or more non- transitory computer-readable media comprising instructions that, upon execution of the instructions by the one or more processors, are to cause the SOCF to: identify an authentication parameter; and establish, based on the authentication parameter, a transport layer security (TLS) session with a client service function (CSF) of a user equipment (UE).
  • SOCF service orchestration and chaining function
  • TLS transport layer security
  • CSF client service function
  • Example 22 may include the computing device of example 21, and/or some other example herein, wherein the authentication parameter includes a client certificate and a server certificate.
  • Example 23 may include the computing device of example 22, and/or some other example herein, wherein establishment of the TLS session includes mutual TLS (mTLS) authentication between the UE and the SOCF based on the client certificate and the server certificate.
  • mTLS mutual TLS
  • Example 24 may include the computing device of example 21, and/or some other example herein, wherein the authentication parameter is a pre-shared key (PSK).
  • PSK pre-shared key
  • Example 25 may include the computing device of any of examples 21-24, and/or some other example herein, wherein the instructions are further to establish, prior to establishment of the TLS session with the UE, a hypertext transport protocol (HTTP) session with the UE.
  • HTTP hypertext transport protocol
  • Example 26 may include the computing device of example 25, and/or some other example herein, wherein the SOCF is to serve as an authentication, authorization, and accounting (AAA) server for the HTTP session.
  • AAA authentication, authorization, and accounting
  • Example 27 may include one or more non-transitory computer-readable media (NTCRM) comprising instructions that, upon execution of the instructions by the one or more processors, are to cause a sixth generation (6G) client service function (CSF) of a user equipment (UE) to: identify an authentication parameter; and establish, based on the authentication parameter, a transport layer security (TLS) session with a service orchestration and chaining function (SOCF).
  • NTCRM non-transitory computer-readable media
  • CSF sixth generation client service function
  • UE user equipment
  • TLS transport layer security
  • SOCF service orchestration and chaining function
  • Example 28 may include the NTCRM of example 27, and/or some other example herein, wherein the authentication parameter includes a client certificate and a server certificate.
  • Example 29 may include the NTCRM of example 28, and/or some other example herein, wherein establishment of the TLS session includes mutual TLS (mTLS) authentication between the UE and the SOCF based on the client certificate and the server certificate.
  • mTLS mutual TLS
  • Example 30 may include the NTCRM of example 27, and/or some other example herein, wherein the authentication parameter is a pre-shared key (PSK).
  • PSK pre-shared key
  • Example 31 may include the NTCRM of any of examples 27-30, wherein the instructions are further to establish, prior to establishment of the TLS session with the SOCF, a hypertext transport protocol (HTTP) session with an authentication, authorization, and accounting (AAA) server.
  • HTTP hypertext transport protocol
  • AAA authentication, authorization, and accounting
  • Example 32 may include the NTCRM of example 31, and/or some other example herein, wherein the AAA server is the SOCF.
  • Example Z01 may include an apparatus comprising means to perform one or more elements of a method described in or related to any of examples 1-32, or any other method or process described herein.
  • Example Z02 may include one or more non-transitory computer-readable media comprising instructions to cause an electronic device, upon execution of the instructions by one or more processors of the electronic device, to perform one or more elements of a method described in or related to any of examples 1-32, or any other method or process described herein.
  • Example Z03 may include an apparatus comprising logic, modules, or circuitry to perform one or more elements of a method described in or related to any of examples 1-32, or any other method or process described herein.
  • Example Z04 may include a method, technique, or process as described in or related to any of examples 1-32, or portions or parts thereof.
  • Example Z05 may include an apparatus comprising: one or more processors and one or more computer-readable media comprising instructions that, when executed by the one or more processors, cause the one or more processors to perform the method, techniques, or process as described in or related to any of examples 1-32, or portions thereof.
  • Example Z06 may include a signal as described in or related to any of examples 1-32, or portions or parts thereof.
  • Example Z07 may include a datagram, packet, frame, segment, protocol data unit (PDU), or message as described in or related to any of examples 1-32, or portions or parts thereof, or otherwise described in the present disclosure.
  • Example Z08 may include a signal encoded with data as described in or related to any of examples 1-32, or portions or parts thereof, or otherwise described in the present disclosure.
  • PDU protocol data unit
  • Example Z09 may include a signal encoded with a datagram, packet, frame, segment, protocol data unit (PDU), or message as described in or related to any of examples 1-32, or portions or parts thereof, or otherwise described in the present disclosure.
  • PDU protocol data unit
  • Example Z10 may include an electromagnetic signal carrying computer-readable instructions, wherein execution of the computer-readable instructions by one or more processors is to cause the one or more processors to perform the method, techniques, or process as described in or related to any of examples 1-32, or portions thereof.
  • Example Z11 may include a computer program comprising instructions, wherein execution of the program by a processing element is to cause the processing element to carry out the method, techniques, or process as described in or related to any of examples 1-32, or portions thereof.
  • Example Z12 may include a signal in a wireless network as shown and described herein.
  • Example Z13 may include a method of communicating in a wireless network as shown and described herein.
  • Example Z14 may include a system for providing wireless communication as shown and described herein.
  • Example Z15 may include a device for providing wireless communication as shown and described herein.
  • Gateway Function Premise Information CHF Charging Equipment CSI-IM CSI
  • CID Cell-ID (e g., 55 CQI Channel 90 CSI-RS CSI positioning method) Quality Indicator Reference Signal
  • CIM Common CPU CSI processing CSI-RSRP CSI Information Model unit, Central reference signal
  • CIR Carrier to Processing Unit received power Interference Ratio 60
  • C/R 95 CSI-RSRQ CSI CK
  • Cipher Key Command/Resp reference signal CM Connection onse field bit received quality Management
  • DM-RS DM-RS 65 Element, 100 Function
  • EMS Element 45 UTRA 80 FDD Frequency Management System E-UTRAN Evolved Division Duplex eNB evolved NodeB, UTRAN FDM Frequency E-UTRAN Node B EV2X Enhanced V2X Division EN-DC E- F1AP Fl Application Multiplex UTRA-NR Dual 50 Protocol 85 FDMA Frequency Connectivity Fl-C Fl Control Division Multiple
  • EPRE Energy per 60 Channel/Full 95 feLAA further resource element rate enhanced Licensed EPS Evolved Packet FACCH/H Fast Assisted System Associated Control Access, further
  • EREG enhanced REG Channel/Half enhanced LAA enhanced resource 65 rate 100 FN Frame Number element groups FACH Forward Access FPGA Field- ETSI European Channel Programmable Gate
  • GSM EDGE GSM Global System Speed Downlink RAN, GSM EDGE for Mobile Packet Access
  • GGSN Gateway GPRS Mobile HSPA High Speed Support Node GTP GPRS Packet Access GLONASS Tunneling Protocol HSS Home
  • GUMMEI Globally HTTPS Hyper gNB Next Unique MME Text Transfer Protocol Generation NodeB Identifier Secure (https is gNB-CU gNB- GUTI Globally http/ 1.1 over centralized unit, Next 60 Unique Temporary 95 SSL, i.e. port 443)
  • Ll-RSRP Layer 1 LSB Least 75 and Orchestration reference signal Significant Bit MBMS received power
  • LTE Long Term Multimedia L2 Layer 2 (data Evolution Broadcast and link layer) 45
  • L3 Layer 3 aggregation 80 Service (network layer) LWIP LTE/WLAN MBSFN LAA Licensed Radio Level Multimedia Assisted Access Integration with Broadcast
  • N-PoP Network Point 60 Signal Frequency Division of Presence NR New Radio, 95 Multiplexing
  • PCC Primary Unit RACH Component Carrier, PEI Permanent PRB Physical Primary CC 55 Equipment resource block
  • PCell Primary Cell Description group PCI Physical Cell P-GW PDN Gateway ProSe Proximity ID, Physical Cell 60 PHICH Physical Services, Identity hybrid-ARQ indicator 95 Proximity-
  • Protocol 65 SCC Secondary Description Protocol
  • circuitry refers to, is part of, or includes hardware components such as an electronic circuit, a logic circuit, a processor (shared, dedicated, or group) and/or memory (shared, dedicated, or group), an Application Specific Integrated Circuit (ASIC), a field-programmable device (FPD) (e.g., a field-programmable gate array (FPGA), a programmable logic device (PLD), a complex PLD (CPLD), a high-capacity PLD (HCPLD), a structured ASIC, or a programmable SoC), digital signal processors (DSPs), etc., that are configured to provide the described functionality.
  • FPD field-programmable device
  • FPGA field-programmable gate array
  • PLD programmable logic device
  • CPLD complex PLD
  • HPLD high-capacity PLD
  • DSPs digital signal processors
  • the circuitry may execute one or more software or firmware programs to provide at least some of the described functionality.
  • the term “circuitry” may also refer to a combination of one or more hardware elements (or a combination of circuits used in an electrical or electronic system) with the program code used to carry out the functionality of that program code. In these embodiments, the combination of hardware elements and program code may be referred to as a particular type of circuitry.
  • processor circuitry refers to, is part of, or includes circuitry capable of sequentially and automatically carrying out a sequence of arithmetic or logical operations, or recording, storing, and/or transferring digital data.
  • Processing circuitry may include one or more processing cores to execute instructions and one or more memory structures to store program and data information.
  • processor circuitry may refer to one or more application processors, one or more baseband processors, a physical central processing unit (CPU), a single-core processor, a dual-core processor, a triple-core processor, a quad-core processor, and/or any other device capable of executing or otherwise operating computerexecutable instructions, such as program code, software modules, and/or functional processes.
  • Processing circuitry may include more hardware accelerators, which may be microprocessors, programmable processing devices, or the like.
  • the one or more hardware accelerators may include, for example, computer vision (CV) and/or deep learning (DL) accelerators.
  • CV computer vision
  • DL deep learning
  • application circuitry and/or “baseband circuitry” may be considered synonymous to, and may be referred to as, “processor circuitry.”
  • interface circuitry refers to, is part of, or includes circuitry that enables the exchange of information between two or more components or devices.
  • interface circuitry may refer to one or more hardware interfaces, for example, buses, VO interfaces, peripheral component interfaces, network interface cards, and/or the like.
  • user equipment or “UE” as used herein refers to a device with radio communication capabilities and may describe a remote user of network resources in a communications network.
  • user equipment or “UE” may be considered synonymous to, and may be referred to as, client, mobile, mobile device, mobile terminal, user terminal, mobile unit, mobile station, mobile user, subscriber, user, remote station, access agent, user agent, receiver, radio equipment, reconfigurable radio equipment, reconfigurable mobile device, etc.
  • user equipment or “UE” may include any type of wireless/wired device or any computing device including a wireless communications interface.
  • network element refers to physical or virtualized equipment and/or infrastructure used to provide wired or wireless communication network services.
  • network element may be considered synonymous to and/or referred to as a networked computer, networking hardware, network equipment, network node, router, switch, hub, bridge, radio network controller, RAN device, RAN node, gateway, server, virtualized VNF, NFVI, and/or the like.
  • computer system refers to any type interconnected electronic devices, computer devices, or components thereof. Additionally, the term “computer system” and/or “system” may refer to various components of a computer that are communicatively coupled with one another. Furthermore, the term “computer system” and/or “system” may refer to multiple computer devices and/or multiple computing systems that are communicatively coupled with one another and configured to share computing and/or networking resources.
  • appliance refers to a computer device or computer system with program code (e.g., software or firmware) that is specifically designed to provide a specific computing resource.
  • program code e.g., software or firmware
  • a “virtual appliance” is a virtual machine image to be implemented by a hypervisor-equipped device that virtualizes or emulates a computer appliance or otherwise is dedicated to provide a specific computing resource.
  • resource refers to a physical or virtual device, a physical or virtual component within a computing environment, and/or a physical or virtual component within a particular device, such as computer devices, mechanical devices, memory space, processor/CPU time, processor/CPU usage, processor and accelerator loads, hardware time or usage, electrical power, input/output operations, ports or network sockets, channel/link allocation, throughput, memory usage, storage, network, database and applications, workload units, and/or the like.
  • a “hardware resource” may refer to compute, storage, and/or network resources provided by physical hardware element(s).
  • a “virtualized resource” may refer to compute, storage, and/or network resources provided by virtualization infrastructure to an application, device, system, etc.
  • network resource or “communication resource” may refer to resources that are accessible by computer devices/ systems via a communications network.
  • system resources may refer to any kind of shared entities to provide services, and may include computing and/or network resources. System resources may be considered as a set of coherent functions, network data objects or services, accessible through a server where such system resources reside on a single host or multiple hosts and are clearly identifiable.
  • channel refers to any transmission medium, either tangible or intangible, which is used to communicate data or a data stream.
  • channel may be synonymous with and/or equivalent to “communications channel,” “data communications channel,” “transmission channel,” “data transmission channel,” “access channel,” “data access channel,” “link,” “data link,” “carrier,” “radiofrequency carrier,” and/or any other like term denoting a pathway or medium through which data is communicated.
  • link refers to a connection between two devices through a RAT for the purpose of transmitting and receiving information.
  • instantiate refers to the creation of an instance.
  • An “instance” also refers to a concrete occurrence of an object, which may occur, for example, during execution of program code.
  • Coupled may mean two or more elements are in direct physical or electrical contact with one another, may mean that two or more elements indirectly contact each other but still cooperate or interact with each other, and/or may mean that one or more other elements are coupled or connected between the elements that are said to be coupled with each other.
  • directly coupled may mean that two or more elements are in direct contact with one another.
  • communicatively coupled may mean that two or more elements may be in contact with one another by a means of communication including through a wire or other interconnect connection, through a wireless communication channel or link, and/or the like.
  • information element refers to a structural element containing one or more fields.
  • field refers to individual contents of an information element, or a data element that contains content.
  • SMTC refers to an S SB-based measurement timing configuration configured by SSB-MeasurementTimingConfiguration .
  • SSB refers to an SS/PBCH block.
  • Primary Cell refers to the MCG cell, operating on the primary frequency, in which the UE either performs the initial connection establishment procedure or initiates the connection re-establishment procedure.
  • Primary SCG Cell refers to the SCG cell in which the UE performs random access when performing the Reconfiguration with Sync procedure for DC operation.
  • Secondary Cell refers to a cell providing additional radio resources on top of a Special Cell for a UE configured with CA.
  • Secondary Cell Group refers to the subset of serving cells comprising the PSCell and zero or more secondary cells for a UE configured with DC.
  • Secondary Cell refers to the primary cell for a UE in RRC CONNECTED not configured with CA/DC there is only one serving cell comprising of the primary cell.
  • serving cell refers to the set of cells comprising the Special Cell(s) and all secondary cells for a UE in RRC CONNECTED configured with CA/.
  • Special Cell refers to the PCell of the MCG or the PSCell of the SCG for DC operation; otherwise, the term “Special Cell” refers to the Pcell.

Abstract

Divers modes de réalisation de la présente invention concernent des techniques associées à l'authentification et à la sécurité. En particulier, dans des modes de réalisation, un équipement d'utilisateur (UE), ou une fonction de service client (CSF) de celui-ci peut identifier un paramètre d'authentification. L'UE peut ensuite établir, sur la base du paramètre d'authentification, une session de sécurité de couche de transport (TLS) avec une fonction d'orchestration et de chaînage de service (SOCF). D'autres modes de réalisation peuvent être décrits et/ou revendiqués.
PCT/US2023/061993 2022-02-04 2023-02-03 Architecture de sécurité basée sur la sécurité de couche de transport mutuelle (mtls) de sixième génération (6g) entre un équipement d'utilisateur (ue) et un réseau 6g WO2023150721A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US202263306907P 2022-02-04 2022-02-04
US63/306,907 2022-02-04

Publications (1)

Publication Number Publication Date
WO2023150721A1 true WO2023150721A1 (fr) 2023-08-10

Family

ID=87553038

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2023/061993 WO2023150721A1 (fr) 2022-02-04 2023-02-03 Architecture de sécurité basée sur la sécurité de couche de transport mutuelle (mtls) de sixième génération (6g) entre un équipement d'utilisateur (ue) et un réseau 6g

Country Status (1)

Country Link
WO (1) WO2023150721A1 (fr)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180091420A1 (en) * 2016-09-26 2018-03-29 Juniper Networks, Inc. Distributing service function chain data and service function instance data in a network
US20180367621A1 (en) * 2017-06-19 2018-12-20 Cisco Technology, Inc. Secure service chaining
US20210297493A1 (en) * 2014-09-19 2021-09-23 Convida Wireless, Llc Systems and methods for service layer session migration and sharing
US20220029988A1 (en) * 2020-07-27 2022-01-27 Twistlock, Ltd. System and method for zero trust network security

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20210297493A1 (en) * 2014-09-19 2021-09-23 Convida Wireless, Llc Systems and methods for service layer session migration and sharing
US20180091420A1 (en) * 2016-09-26 2018-03-29 Juniper Networks, Inc. Distributing service function chain data and service function instance data in a network
US20180367621A1 (en) * 2017-06-19 2018-12-20 Cisco Technology, Inc. Secure service chaining
US20220029988A1 (en) * 2020-07-27 2022-01-27 Twistlock, Ltd. System and method for zero trust network security

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"3 Generation Partnership Project; Technical Specification Group Services and System Aspects; Security architecture and procedures for 5G system (Release 17)", 3GPP STANDARD; TECHNICAL SPECIFICATION; 3GPP TS 33.501, 3RD GENERATION PARTNERSHIP PROJECT (3GPP), vol. SA WG3, no. V17.4.2, 26 January 2022 (2022-01-26), pages 1 - 287, XP052118633 *

Similar Documents

Publication Publication Date Title
WO2022027014A1 (fr) Coordination de réseau auto-organisateur et économie d'énergie assistées par analyse de données de gestion
WO2022109184A1 (fr) Politiques de chaînage de fonctions service pour des systèmes 5g
US20230269057A1 (en) Unified transmission configuration indicator (tci) framework for multi-transmission-reception point (trp) operation
US20230171168A1 (en) Supporting multiple application function sessions with required group quality of service (qos) provided by machine learning model provider application function
US20230163984A1 (en) User equipment (ue) route selection policy (usrp) ue in an evolved packet system (eps)
US20240007314A1 (en) Converged charging for edge enabling resource usage and application context transfer
WO2023044025A1 (fr) Utilisation d'un canal d'accès aléatoire physique (prach) pour identifier de multiples caractéristiques et combinaisons de caractéristiques
WO2022240750A1 (fr) Configuration de relations spatiales et de commande de puissance pour des transmissions en liaison montante
WO2022169716A1 (fr) Systèmes et procédés d'indication de formation de faisceau
WO2022031556A1 (fr) Activation de service informatique pour des réseaux cellulaires de prochaine génération
WO2022031555A1 (fr) Services de délestage de calcul dans des systèmes 6g
WO2022035514A1 (fr) Période de mesure de positionnement d'équipement utilisateur pour de nouveaux systèmes radio
EP4201004A1 (fr) Identification d'un ue à l'aide de son adresse ip source
US20230189347A1 (en) Multiple physical random access channel (prach) transmissions for coverage enhancement
US20230422038A1 (en) Cyber attack detection function
US20240022616A1 (en) Webrtc signaling and data channel in fifth generation (5g) media streaming
WO2023150721A1 (fr) Architecture de sécurité basée sur la sécurité de couche de transport mutuelle (mtls) de sixième génération (6g) entre un équipement d'utilisateur (ue) et un réseau 6g
WO2023192832A1 (fr) Chaînage de fonctions de service dans un système cellulaire sans fil avec exposition de service à des tiers
WO2023141094A1 (fr) Indication d'état d'intervalle de mesure préconfiguré à un équipement utilisateur (ue)
WO2023158726A1 (fr) Techniques pour une mesure de signal de référence de positionnement avec un intervalle de mesure
WO2023154691A1 (fr) Communication de microservice et déchargement informatique par l'intermédiaire d'un maillage de service
WO2023114411A1 (fr) Gestion de configuration et de collision pour transmission en liaison montante simultanée à l'aide de multiples panneaux d'antenne
WO2023173075A1 (fr) Mises à jour d'apprentissage pour des fonctions d'analyse de données de réseau (nwdafs)
WO2022170213A1 (fr) Architecture de communication et de système informatique centrée sur les données
WO2024064534A1 (fr) Commande et politique de formation de faisceau sans grille de faisceaux (gob) sur l'interface e2

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 23750469

Country of ref document: EP

Kind code of ref document: A1