WO2023215720A1 - Autorisation et authentification de transfert de modèle d'apprentissage automatique - Google Patents

Autorisation et authentification de transfert de modèle d'apprentissage automatique Download PDF

Info

Publication number
WO2023215720A1
WO2023215720A1 PCT/US2023/066453 US2023066453W WO2023215720A1 WO 2023215720 A1 WO2023215720 A1 WO 2023215720A1 US 2023066453 W US2023066453 W US 2023066453W WO 2023215720 A1 WO2023215720 A1 WO 2023215720A1
Authority
WO
WIPO (PCT)
Prior art keywords
model
nwdaf
data
network
analytics
Prior art date
Application number
PCT/US2023/066453
Other languages
English (en)
Inventor
Abhijeet Kolekar
Meghashree Dattatri Kedalagudde
Thomas Luetzenkirchen
Original Assignee
Intel Corporation
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Intel Corporation filed Critical Intel Corporation
Publication of WO2023215720A1 publication Critical patent/WO2023215720A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/16Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks using machine learning or artificial intelligence
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3265Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate chains, trees or paths; Hierarchical trust model
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless

Definitions

  • the present disclosure is generally related to wireless communications technologies, network topologies, artificial intelligence (Al) and machine learning (ML), network and information security technologies, and in particular, to security aspects of potential architecture enhancements related to interactions between the network data analytics function (NWDAF) and other network functions in fifth generation core networks.
  • NWDAF network data analytics function
  • AI/ML models and their algorithms are generally proprietary (e.g., subject to intellectual property rights of the designer, developer, or vendor), it may be desirable to ensure that only the NFs that have been provided with access authorization to the AI/ML models can read and use those models.
  • the ADRF may not be considered a fully trusted entity storing sensitive AI/ML data models, as those models may be exposed at rest in ADRF.
  • a compromised ADRF may expose algorithms and sensitive data to a non-authorized entity that can easily misuse it and/or distribute it further to other entities, leading to additional, and potentially more severe, data security breaches.
  • Figure 1 depicts an example data collection architecture using data collection coordination
  • Figure 2 depicts an example network data analytics exposure architecture using data collection coordination
  • Figure 3 depicts an example data storage architecture for analytics and collected data
  • Figure 4 depicts an example trained ML model provisioning architecture
  • Figures 5 and 6 depict example procedures for secure machine learning (ML) model transfer
  • Figure 7 depicts an example procedure for registration of new logical function called vendor repository function (VRF) to network repository function (NRF)
  • Figure 8 depicts an example procedure for NWDAF containing model training logical function (MTLF) registration with NRF
  • Figure 9 depicts an example of the parameter interoperability support per analytics identity
  • Figures 10 and 11 depict example wireless networks
  • Figure 12 depicts example hardware resources
  • Figures 13, 14, 15, 16, and 17 depict example processes for practicing the various embodiments discussed herein.
  • a 5G system can include an NWDAF (e.g., NWDAF 1062 in Figure 10), which is a network function (NF) capable of collecting data from user equipment (UE) (e.g., UE 1002 in Figure 10), other NFs, Operations, Administration and Maintenance (0AM) entities, application functions (AFs) (e.g., AF 1060 in in Figure 10), data networks (e.g., DN 1036 in Figure 10), cloud computing services, edge compute nodes and/or edge networks, and/or other entities/elements that can be used for analytics.
  • NWDAF network function
  • the 5GS architecture allows an NWDAF 1062 to collect data from any NF (e.g., any NF within a 5G core network (5GC) 1040 in Figure 10) over an Nnf service-based interface associated with the NF(s).
  • the NWDAF 1062 belongs to the same PLMN as the NF that provides the data.
  • the Nnf interface is defined for the NWDAF 1062 to request subscription to data delivery for a particular context, cancel subscription to data delivery, and request a specific report of data for a particular context.
  • the 5GS architecture also allows the NWDAF 1062 to retrieve management data from an 0AM entity by invoking 0AM services.
  • the 5GS architecture also allows the NWDAF 1062 to collect data from any NF or 0AM using the DCCF 1063 (see e.g., Figure 1) with associated Ndccf services (see e.g., clause 8.2 of [TS23288]).
  • the 5GS architecture also allows the NWDAF 1062 and the DCCF 1063 to collect data from an NWDAF 1062 with associated Nnwdaf_DataManagement services (see e.g., Figure 2, and clause 7.4 of [TS23288]).
  • the 5GS architecture allows an MFAF 1065 to fetch data from an NWDAF 1062 with associated Nnwdaf_DataManagement service (see e.g., Figure 2, and clause 7.4 of [TS23288]).
  • An Nnwdaf_AnalyticsSubscription service enables NF service consumers (NFc) to subscribe/unsubscribe for different type of analytics from an NWDAF 1062 (see e.g., clause 7.2 of [TS23288]).
  • An Nnwdaf_AnalyticsInfo service enables the NFc to request and get different type of analytics information from an NWDAF 1062 and/or enables an NWDAF
  • FIG. 1 depicts an example data collection architecture using data collection coordination.
  • the data collection architecture includes an NWDAF 1062, a Data Collection Coordination Function (DCCF) 1063, a messaging framework 1064 that includes a Messaging Framework Adaptor Function (MFAF) 1065, and a network node/NF 150, which can be or include an NRF (e.g., NRF 1052 of Figure 10), UDM (e.g., UDM 1058 of Figure 10), and/or a Binding Support Function (BSF).
  • NRF e.g., NRF 1052 of Figure 10
  • UDM e.g., UDM 1058 of Figure 10
  • BSF Binding Support Function
  • the NWDAF 1062 is communicatively coupled with the MFAF 1065 via an Nnf interface, and communicatively coupled with the DCCF 1063 via an Ndccf interface.
  • the Ndccf interface is defined for the NWDAF 1062 to support subscription request(s) for data delivery from a DCCF 1063, to cancel subscription to data delivery, and to request a specific report of data. If the data is not already being collected, the DCCF 1063 requests the data from the Data Source (e.g., any NF) using Nnf services (e.g., via the Nnf interface).
  • the DCCF 1063 may collect the data and deliver it to the NWDAF 1062 (e.g., via the Ndccf interface), or the DCCF 1063 may rely on the messaging framework 1064 to collect data from the NF and deliver it to the NWDAF 1062 (e.g., via the Nnf interface).
  • the DCCF 1063 is communicatively coupled with the MFAF 1065 via an Nmfaf interface.
  • FIG 2 depicts an example network data analytics exposure architecture using data collection coordination, which includes the same NFs as discussed previously with respect to (w.r.t) Figure 1.
  • the 5GS architecture allows any NF to request network analytics information from NWDAF containing an analytics logical function (AnLF) 1062a (see e.g., Figure 4) via the Nnfdaf interface.
  • NWDAF 1062 belongs to the same PLMN as the NF that consumes the analytics information.
  • the Ndccf interface is defined for any NF to support subscription request(s) to network analytics (e.g., NWDAF 1062), to cancel subscription for network analytics, and to request specific report(s) of network analytics.
  • the DCCF 1063 requests the analytics from the NWDAF 1062 using Nnwdaf services.
  • the DCCF 1063 may collect the analytics and deliver it to the NF, or the DCCF 1063 may rely on a messaging framework 1064 to collect analytics and deliver it to the NF (e.g., via the Nnf interface).
  • FIG. 3 depicts an example data storage architecture for analytics and collected data, which includes an NF, DCCF 1063, MFAF 1065 in the messaging framework 1064, and an Analytics Data Repository Function (ADRF) 1066.
  • the 5GS architecture allows the ADRF 1066 to store and retrieve the collected data and analytics in one or more databases 1067, which may implement any suitable database management system.
  • the ADRF 1066 exposes Nadrf services (e.g., via an Nadrf interface) for storage and retrieval of data by other NFs (e.g., NWDAF 1062, and/or any other NF, such as any of those discussed herein) which access the data using Nadrf services.
  • data may be stored in the ADRF 1066 by a consumer sending the ADRF 1066 an Nadrf DataManagement StorageRequest containing the data or analytics to be stored.
  • the Nadrf DataManagement StorageRequest sent by a service consumer can include the data to be stored, data collection timestamp(s), analytics with timestamp, service operation, analytics specification or data specification, storage handling information, DataSetTag, and/or other suitable information.
  • the ADRF response provides and/or sends an Nadrf DataManagement StorageRequest Response message to the consumer with a result indication.
  • the response can include an indication that data and/or analytics is stored, whether the ADRF 1066 determined that data or analytics is already stored, the storage approach, and/or other suitable information such as any of those discussed herein.
  • a consumer sending an Nadrf DataManagement RetrievalRequest request to the ADRF 1066 to retrieve data or analytics for a storage transaction identifier or a fetch instructions received from the ADRF 1066 in an Nadrf DataManagement RetrievalNotify.
  • the ADRF 1066 determines the availability of the data or analytics in its repository and sends either the data or analytics in a response to the consumer.
  • ML models may be stored in the ADRF 1066 by a consumer sending the ADRF 1066 an Nadrf MLModelManagement StorageRequest containing the ML model or ML model address to be stored.
  • the ADRF response provides a result indication.
  • An ML model may be deleted from the ADRF 1066 by a consumer sending an Nadrf MLModelManagement Delete request.
  • the ADRF response provides a result indication.
  • the DCCF 1063 may determine or identify the ADRF 1066 and interact directly or indirectly with the ADRF 1066 to request or store data.
  • Direct interactions involve the DCCF 1063 requesting to store data in the ADRF 1066 via an Nadrf service, or via an Ndccf_DataManagement_Notify (e.g., when ADRF requested data collection notification via DCCF 1063).
  • the DCCF 1063 retrieves data from the ADRF 1066 via an Nadrf service.
  • Indirect interactions involve the DCCF 1063 requesting that the messaging framework 1064 to store data in the ADRF 1066 via an Nadrf service or via an Nmfaf_3daDataManagement_Configure service.
  • the messaging framework 1064 may contain one or more adaptors that translate between 3GPP defined protocols (e.g., MFAF 1065 and/or some other adaptors).
  • An NFc may specify in requests to the DCCF 1063 that data provided by a data source needs to be stored in the ADRF 1066.
  • the ADRF 1066 stores data received in an Nadrf DataManagement StorageRequest sent directly from an NF, or data received in an Ndccf_DataManagement_Notify, Nmfaf_3caDataManagement_Notify, or
  • Nnwdaf_DataManagement_Notify from the DCCF 1063, MFAF 1065, and/or from the NWDAF 1062.
  • the ADRF 1066 checks if the data consumer is authorized to access ADRF services and provides the requested data using the procedures specified in clause 7.1.4 of [TS23501],
  • FIG 4 depicts an example trained ML model provisioning architecture.
  • the NWDAF 1062 may contain an analytics logical function (AnLF) 1062a and/or a model training logical function (MTLF) 1062b.
  • the NWDAF 1062 can contain only an MTLF 1062b, only an AnLF 1062a, or both logical functions 1062a, 1062b.
  • the 5GS architecture allows an NWDAF containing an AnLF 1062a (also referred to herein as “NWDAF-ANLF 1062a”) to use trained ML model provisioning services from the same or different NWDAF containing an MTLF 1062b (also referred to herein as “NWDAF -MTLF 1062b”).
  • the Nnwdaf interface is used by the NWDAF - AnLF 1062a to request and subscribe to trained ML model provisioning services provided by the NWDAF-MTLF 1062b.
  • the NWDAF 1062 provides an NnwdafJMLModelProvision service enables an NFc to receive a notification when an ML model matching the subscription parameters becomes available in the NWDAF-MTLF 1062b (see e.g., clause 7.5 of [TS23288]).
  • the NWDAF 1062 provides an Nnwdaf MLModellnfo service that enables an NFc to request and get ML Model information from the NWDAF-MTLF 1062b (see e.g., clause 7.6 of [TS23288])
  • the AnLF 1062a is a logical function in the NWDAF 1062 that performs inference, derives analytics information (e.g., derives statistics, inferences, and/or predictions based on analytics consumer requests) and exposes analytics services (e.g., Nnwdaf_AnalyticsSubscription or Nnwdaf AnalyticsInfo). Analytics information are either statistical information of the past events, or predictive information.
  • the MTLF 1062b is a logical function in the NWDAF 1062 that trains AI/ML models and exposes new training services (e.g. providing trained ML model) as defined in clauses 7.5 and 7.6 of [TS23288],
  • each NWDAF 1062 instance may provide a list of supported analytics ID(s) (e.g., possibly per supported service) when registering to the NRF 1054, in addition to other NRF 1054 registration elements of the NF profile.
  • NFs requiring the discovery of an NWDAF 1062 instance that provides support for some specific service(s) for a specific type of analytics may query the NRF 1054 for NWDAF s 1062 supporting the required service(s) and the required analytics ID(s).
  • the consumers e.g., NFs, AFs 1060, and 0AM
  • the interactions between NF(s) and the NWDAF 1062 take place within a PLMN.
  • the NRF 1054 may return one or more candidate NWDAF 1062 instance(s) and each candidate NWDAF 1062 instance (based on its registered profile) supports the analytics ID with a time that is less than or equal to a supported analytics delay.
  • NWDAF 1062 selection S- NSSAI(s); analytics ID(s); supported service(s), possibly with their associated analytics IDs; NWDAF serving area information (e.g., a list of TAIs for which the NWDAF 1062 can provide analytics, trained ML models and/or data, and/or other NWDAF services); NF type of the data source when DCCF 1063 is hosted by an NWDAF 1062; NF set ID of the data source; supported analytics delay of the requested analytics ID(s) (see clause 6.2.6.2 of [TS23501]); and/or for multiple deployed NWDAF 1062 instances, NWDAF capabilities (e.g., analytics aggregation capability, analytics metadata provisioning capability, ML model training capabilities, ML model deployment capabilities, and/or the like)
  • NWDAF 1062 the following additional factors may be considered by the NWDAF 1062: the ML model filter information parameters, such as S-NSSAI(s) and area(
  • the NWDAF 1062 When selecting an NWDAF 1062 that supports federated learning (FL), the following additional factors may be considered by the NWDAF 1062: time period of interest (e.g., time interval [start. . .end], during which the FL will be performed); when selecting FL client: FL capability type as FL client per Analytics ID and/or data available by the FL client; and when selecting FL server: FL capability type as FL server per analytics ID and/or the ML model filter information parameters S-NSSAI(s) and Aol(s) (see e.g., clause 5.2 of [TS23288]) for the trained ML model(s) per analytics ID(s), if available.
  • time period of interest e.g., time interval [start. . .end]
  • FL client FL capability type as FL client per Analytics ID and/or data available by the FL client
  • FL server FL capability type as FL server per analytics ID and/or the ML model filter information parameters S-NSSAI(s) and Aol(s) (see
  • the following solutions provide protection for AI/ML models between the entity which produces the ML model or stores the ML model in ADRF 1066 (e.g., NWDAF-MTLF 1062b, NFp, and/or the like) and the entity which consumes the model (NFc), and the ADRF 1066 authorizes the NFc to retrieve that model.
  • NFcs are authorized to access the models in the ADRF 1066 (or any other NF that may store the ML model, for instance, NWDAF-MTLF 1062b).
  • the solution discussed infra protects AI/ML models between the entity which produces and/or stores the ML model in the ADRF 1066 and the entity that consumes the model (e.g., NFc).
  • an authorization token is used by ADRF 1066 to verify that the NFc is allowed to access the ML model.
  • ML model storage is done using existing procedures in [TS23288], for example, using Nadrf MLModel StorageRequest containing the ML model.
  • the MTLF 1062b trains one or more ML models and provides the ML model(s) to the ADRF 1066 by invoking the Nadrf DataManagement StorageRequest (ML Model) service operation.
  • the Nadrf DataManagement StorageRequest can include the ML model(s) and/or address(es)/reference(s) to locations where the ML model(s) can be obtained.
  • data and/or metadata of each model is also included in the storage request.
  • Examples of such data/metadata include ML model ID per ML model, analytics ID(s) per ML model, vendor ID per ML model, digital certificate or signature (e.g., MAC or SHA256 Signature of the Binary of the application) per ML model, execution environment/requirements per ML model, address/reference (e.g., URL, link, or the like) to retrieve configuration, and secrets, and/or a signing key, certificate to generate authentication credentials per ML model, and/or other information (see e.g., section 1.3.3 infra and/or [TS23288]).
  • the ADRF 1066 stores the ML model and responds according to [TS23288], except that the ADRF 1066 stores the ML model.
  • the ADRF 1066 downloads the ML model(s) based on the ML model address(es) and locally stores the ML model(s).
  • the ADRF 1066 sends an Nadrf DataManagement StorageRequest Response message to the consumer (e.g., the MTLF 1062b) indicating that the ML model(s) has/have been stored.
  • the ML model(s) and/or data may be stored in the ADRF 1066 according to clause 5B.1, [TS23288],
  • the NFc e.g., NWDAF-ANLF 1062a
  • the NRF 1054 contacts the NRF 1054 and requests an access token using existing procedures in 3GPP TS 33.501 vl8.1.0 (2023-03-30) (“[TS33501]”), [TS23288], and/or [TS23502], Access tokens can be used for authorized access to ADRF 1066 and MTLF 1062b.
  • the NRF 1054 may send two tokens, one token for the MTLF 1062b and the other token for the ADRF 1066.
  • the NRF 1054 sends an access token along with MTLF ID using existing procedures per [TS23288], [TS33501], and/or [TS23502], After receiving the access token, the NFc (e.g., NWDAF-ANLF 1062a) generates a unique key pair (e.g., public and private key pair) and create a token-based certificate chain for this public key. If the NRF 1054 sends two tokens, one for the MTLF 1062b and the other for the ADRF 1066, then an ADRF-based token is used to be the certificate chain as described previously. In some examples, the certificate chain can be based on a root of trust already installed in both NFs.
  • a unique key pair e.g., public and private key pair
  • the NFc uses the NnwdafJMLModelProvision service operation for ANLF 1062a to receive an ML model ID based on an analytics ID and ADRF-id to retrieve the ML model.
  • This service operation may include sending the access token to the MTLF 1062b.
  • the MTLF 1062b verifies the access token received in step 3.
  • the MTLF 1062b points to the ML model address stored in ADRF 1066.
  • the ADRF 1066 verifies the unique public key (as specified in step 7) from the token-based certificate chain. If the verification is successful, the ADRF 1066 generates a symmetric encryption key (e.g., 256-bit AES keys and/or the like) to encrypt the stored ML model and send it to the NFc. The ADRF 1066 also wraps the symmetric encryption key along with the encrypted model. Additionally or alternatively, the ADRF 1066 can use the public key to encrypt the ML model. The consumer of the ML model (e.g., NWDAF-ANLF 1062a) uses the symmetric key to decrypt the ML model.
  • NWDAF-ANLF 1062a uses the symmetric key to decrypt the ML model.
  • the NWDAF- MTLF 1062b generates a security context for protecting the ML model information using a logical function or named network function NKGC.
  • the MTLF 1062b may send an ML model encrypted using a symmetric key (e.g., AES key or the like) before the storage.
  • the security context includes, for example, an encryption key K en c, an integrity key Kint, and the corresponding security algorithm(s) for encryption and integrity protection.
  • the NWDAF- MTLF 1062b uses the encryption key K en c and integrity key Kint to protect the ML model and related information.
  • the NKGC stores the security context.
  • the security algorithm(s) in the security context can be used to generate the encryption key K enc and the integrity key Kint for decrypting and verifying the ML model/ML model information stored in the ADRF 1066.
  • the NFc e.g., NWDAF-ANLF 1062a
  • the NRF 1054 contacts the NRF 1054 and requests an access token using existing procedures in [TS33501], [TS23288], and/or [TS23502],
  • the NRF 1054 sends an access token along with MTLF ID using existing procedures per
  • an NWDAF 1062 can add Nnwdaf MLModelProvision Subscribe service operation in "allowedOperationsPerNfType” and/or “allowedOperationsPerNflnstance” for specific NF type and/or specific instance ID of the consumer, and register its NF profile to NRF 1054.
  • an NF service consumer requests an access token for the
  • Nnwdaf_MLModelProvision_Subscribe to retrieve AI/ML models
  • the NRF 1054 grants the access token if Nnwdaf MLModelProvision Subscribe is present in either "allowedOperationsPerNfType", for the NF type of the NF service consumer, or in "allowedOperationsPerNflnstance", for the instance ID of the NF service consumer.
  • MTLF knows the NF instance IDs of the AnLF as per existing procedures in [TS23288] (e.g., through 0 AM).
  • the NFc uses the NnwdafJMLModelProvision service operation for ANLF 1062a to receive an ML model ID based on an analytics ID and ADRF-id to retrieve the ML model.
  • This service operation may include sending the access token to the MTLF 1062b in addition to various other information/parameters as discussed in [TS23288] and/or [TS23502],
  • the MTLF 1062b verifies the access token received in step 3 (e.g., using the integrity key Kint).
  • the MTLF 1062b may send the encryption key used in step 1 to encrypt the ML model, which is stored in the ADRF 1066.
  • the encryption key can be a pre-shared key or derived from an anchor key, such as Authentication and Key Management for Applications (AKMA) key (KAKMA) as discussed in 3GPP TS 33.535 and/or [TS33501], Additionally or alternatively, the MTLF 1062b sends one-time credentials to access the ML model from the ADRF 1066.
  • AKMA Authentication and Key Management for Applications
  • the one-time credentials include one or more of the following: nonce, which is shared in step 1 as part of the metadata; message authentication code (MAC) or hash of a binary or random number shared in step 1 as part of the data; a signing key as a private key of the public part is passed in step 1; and/or the MTLF 1062b uses its signing key to generate the credentials (e.g., a JSON web token (JWT), a certificate, and/or the like).
  • Additional or alternative examples of one-time credentials include one-time passwords (OTPs), such as time-based OTPs (TOTPs) and out-of-band (OOB) OTPs.
  • OTPs time-based OTPs
  • OOB out-of-band
  • One-time credentials can be used to limit the number of accesses from the NFc.
  • the one-time credential may be used as a regular authorization token for accessing the ML model multiple times, (e.g., not only once, as the name suggests).
  • the consumer of the ML model uses the ADRF service procedure to request the ML model. It also sends a one-time credential received in step 6.
  • the ADRF 1066 verifies the one-time credentials (as specified in step 6). If the access token verification is successful, the ADRF 1066 provides the stored model to the consumer NF.
  • the consumer of the ML model e.g., NWDAF-ANLF 1062a
  • authorization of the model retrieval at the NRF 1054 can use OAuth 2.0 token-based authorization.
  • the NRF 1054 uses information provided by the MTLF 1062b.
  • the NF service producer (e.g., NWDAF-MTLF 1062b) may need to be registered in the NRF 1054, indicating the NF service producer information (e.g., interoperability indicator).
  • the NF service consumer (e.g. NWDAF-ANLF 1062a) may need to be registered in the NRF 1054 as OAuth 2.0 client, indicating the NF service consumer information that is used by the NRF 1054 to decide whether the consumer is authorized.
  • the MTLF 1062b performs authorization of the corresponding model retrieval per selected model.
  • the granularity of the authorization at AI/ML model level is performed at the MTLF 1062b.
  • the embodiments herein introduce a new security anchor function for the NWDAF 1062 and also enable model sharing in multi-vendor environments.
  • the impetus for introducing such an anchor function is based on the following threat model for ML model sharing between multiple vendors in the same or multivendor environment.
  • the security anchor function discussed herein also acts as Policy enforcer between different vendors. Additionally or alternatively, the security anchor function discussed herein acts as gateway for each vendor in the following scenarios: trained ML model sharing between NWDAFs 1062 from different vendors including discovery and selection of NWDAF -MTLF 1062b even from different vendors which can provide interoperable trained ML model(s), and also retrieving interoperable trained ML model(s) from it, by an NWDAF-ANLF 1062a.
  • NWDAF -MTLF 1062b NWDAF A
  • NWDAF B NWDAF -MTLF 1062b
  • ML model sharing between multiple NWDAFs containing MTLFs 1062b would be applicable to support different types of AI/ML operations such as distributed learning, transfer learning, FL, and many more. For example, taking transfer learning as an example, training the weights of an ML models from scratch from random initializations may take several weeks and significantly more compute resources. Thus, downloading weights (e.g., ML model file) from another ML model trained on a NWDAF -MTLF 1062b and using that as pre-training and transfer that to a new task in another NWDAF -MTLF 1062b speeds up the progress of the application development using a given ML model and allows for more efficient use of compute, memory, and network resources.
  • weights e.g., ML model file
  • the security anchor function solution relies on deploying a Vendor Repository Function (VRF) (e.g., VRF 762 in Figure 7), which operates as a gateway to each vendor and administers each vendor's ML models/ MTLF 1062b.
  • VRF Vendor Repository Function
  • the following deployment scenarios may be applicable to use of the security anchor function: (1.2.1.1) the VRF is co-located with the NWDAF 1062 or is a standalone NF; and (1.2.1.2) the VRF is a logical function within NRF 1054 and/or co-located with an NRF 1054.
  • This solution also assures that only verified service consumers (e.g., those who have had access to the ML model and/or analytics services) have access to the ML model and/or analytic service.
  • the producer of an ML model and/or analytics service can be prevented from accessing (on their own) an analytics consumer from the same vendor or multivendor.
  • the NWDAF -MTLF 1062b that created the ML model from vendor A is not permitted by the ANLF 1062a of vendor B on its own; however, NWDAF-ANLF 1062a from the same vendor (e.g., vendor B) may be permitted to use the ML model from vendor B.
  • FIG. 7 shows an example procedure for registration of VRF 762 to NRF 1054.
  • each vendor can have its own VRF(s) 762 with a list of NWDAF-MTLFs 1062b that it supports.
  • the VRF 762 instance(s) is/are preconfigured in the NWDAF-MTLFs 1062b which contains the trained ML model to be registered with the VRF 762.
  • the operator deploys an individual VRF 762 for all vendors, and all MTLFs 1062b including all vendors, are registered to the VRF 762.
  • all NWDAF-MTLFs 1062b registers to VRFs 762 using the procedure of Figure 7, which may operate as follows.
  • NWDAF-MTLF 1062b registration with VRF 762 The NWDAF-MTLF 1062b sends Nvrf_NFManagement_NFRegister to VRF 762 to inform the VRF 762 of its NF profile.
  • the Nvrf_NFManagement_NFRegister is applicable for the case where the VRF 762 is a standalone NF, and not for the case where the NWDAF-MTLF 1062b also supports VRF 762 functionality.
  • the Nvrf_NFManagement_NFRegister is applicable for the case where the NWDAF-MTLF 1062b contains VRF 762 functionality. Instead of registering with the NRF 1054, NWDAF-MTLF 1062b registers with the VRF 762.
  • the rest of the procedures and contents are the same as discussed in [TS23502],
  • the vendor ID attribute and/or model ID can also denote the vendor.
  • the NWDAF-VRF 762 (or the VRF 762 in case the VRF 762 is a standalone NF) sends Nnrf_NFManagement_NFRegister to the NRF 1054 to inform the NRF 1054 of its NF profile.
  • the Nnrf_NFManagement_NFRegister includes analytics ID(s) (possibly per service), NWDAF serving area information and supported analytics delay per analytics ID(s) (if available).
  • the Nnrf NFManagement NFRegister includes analytics aggregation capability and/or analytics metadata provisioning capability if such capability is provided by the NWDAF 1062.
  • the list of vendors is provided as part of the MlAnalyticsInfo parameter, as is shown by Table 1.2.1-1.
  • the MlAnalyticsInfo is an Nnrf_NFManagement specific data types that provides ML analytics filter information supported by the NnwdafJMLModelProvision service (see e.g., clause 6.1.6.2.84 in [TS29510]).
  • the MlAnalyticsInfo can be provided in an mlAnalyticsList (e.g., array(MlAnalyticsInfo)), which includes a list of ML analytics filter information per analytics ID(s) supported by the NWDAF 1062, whose status is requested to be monitored.
  • the NFc (e.g., NWDAF-ANLF 1062a) invokes the Nnrf_NfDiscovery_Request service.
  • the Nnrf_NfDiscovery service enables an NFc (e.g., NWDAF-ANLF 1062a) to discover a set of NF instances with specific NF service or a target NF type.
  • the request includes NFc information (e.g., vendor ID and/or the like). Additionally or alternatively, the NFc (e.g., NWDAF-ANLF 1062a) can invoke the Nnrf AccessToken service to obtain an access token for accessing the stored ML models.
  • NFc information e.g., vendor ID and/or the like.
  • the NFc e.g., NWDAF-ANLF 1062a
  • NWDAF-ANLF 1062a can invoke the Nnrf AccessToken service to obtain an access token for accessing the stored ML models.
  • the NRF 1054 provides an Nnrf NFDiscovery Response to return one or more candidates for instances of NWDAF-MTLF 1062b to the NFc (e.g., NWDAF-ANLF 1062a).
  • the one or more candidates for instances of NWDAF-MTLF 1062b may be or include a set of candidate VRF 762 instances or a set of NWDAF-VRF 762 instances.
  • the Nnrf NfDiscovery Response includes, for each candidate instance, analytics ID(s) and possibly ML model filter information for the available trained ML models, if available.
  • NnwdafJMLModelProvision services are used by ANLF 1062a as specified in [TS23502] and/or [TS23288]: 5a.
  • TheNFc e.g., NWDAF-ANLF 1062a
  • TheNFc invokes theNnwdaf_MLModelProvision_Request service operation to subscribe/request a set of trained ML model(s) associated with a set of analytics ID(s).
  • the Nnwdaf MLModelProvision Request is sent to a selected instance from the set of instances obtained at step 4.
  • the Nnwdaf MLModelProvision Request can include analytics information (e.g., analytics ID(s)), ML model interoperability information (e.g., ML model file serialization format, supported hardware (HW) platforms/requirements, software (SW) requirements, and/or the like), ML model filter information, and/or other information discussed herein.
  • analytics information e.g., analytics ID(s)
  • ML model interoperability information e.g., ML model file serialization format, supported hardware (HW) platforms/requirements, software (SW) requirements, and/or the like
  • HW hardware
  • SW software
  • the NWDAF-VRF 762 invokes the Nnwdaf_MLModelProvision_Response service operation with token (e.g., OAuth2 2.0 Access Token and/or the like).
  • token e.g., OAuth2 2.0 Access Token and/or the like.
  • the NWDAF containing VRF 762 notifies the ML model information (or ML model filter (e.g., address/reference (e.g., URL, FQDN, IP address, and/or the like) of ML model file and/or the like) to the NFc (e.g., NWDAF- ANLF 1062a) only if ML model format as requested in the input of Nnwdaf MLModelProvision Request is a match.
  • ML model filter e.g., address/reference (e.g., URL, FQDN, IP address, and/or the like) of ML model file and/or the like
  • the token contains the following information: the vendor ID of the NFc (e.g., NWDAF-ANLF 1062a) and vendor ID of the service producer (e.g., NWDAF-MTLF 1062b), allowing data to be used NF ID (if there exists) and the name of the data, the timeline of the access allowed, and/or any other information related to the contractual agreement between two vendors (e.g., if an NWDAF-ANLF 1062a of vendor A can access vendor B's NWDAF- MTLF 1062b, VRF 762 provides a token to subscribe to vendor B's NWDAF-MTLF 1062b).
  • the rest of the procedure may be similar to that of [TS23502],
  • the NWDAF service consumer subscribes/requests a set of trained ML Model(s) associated with a set of analytics ID(s) by invoking the Nnwdaf MLModelProvision Subscribe (or Nnwdaf MLModelProvision Request) service operation.
  • the Nnwdaf MLModelProvision Subscribe (or Nnwdaf MLModelProvision Request) includes the token obtained at step 7 or some of the information included in the token.
  • the NWDAF service producer e.g., an NWDAF-MTLF 1062b
  • the NWDAF service consumer e.g., NWDAF-MTLF 1062b
  • the NWDAF service consumer e.g., NWDAF-MTLF 1062b
  • ML model information associated with each analytics ID requested by the NWDAF service consumer by invoking Nnwdaf_MLModelProvision_Notify service operation.
  • the Nnwdaf MLModelProvision Notify includes, for each ML model, analytics ID(s), the ML model file address (e.g., URL, FQDN, IP address, and/or the like), notification correlation information, and/or the like). Additional or alternative content of the trained ML model information that can be provided by the NWDAF-MTLF 1062b is specified in clause 6.2A.2 of [TS23288] and/or in section 1.3.3, infra.
  • MTLF 1062b discovery and selection works as follows: the NWDAF service consumer selects a VRF 762 that supports requested analytics information and required analytics capabilities and/or requested ML model information by using the NWDAF discovery principles described previously.
  • the NWDAF-MTLF 1062b includes a set of ML model provisioning services (e.g., Nnwdaf MLModelProvision, Nnwdaf MLModellnfo, and/or the like) as one of the supported services during the registration in VRF 762 when trained ML models are available for one or more analytics ID(s).
  • the NWDAF-MTLF 1062b may provide to the VRF 762 a (list of) Analytics ID(s) corresponding to the trained ML models and possibly the ML model filter information for the trained ML model per analytics ID(s), if available.
  • only the S-NSSAI(s) and Aol(s) from the ML model filter information for the trained ML model per analytics ID(s) are registered into the VRF 762 during the NWDAF-MTLF 1062b registration.
  • VRF 762 registers with the NRF 1054 using the list of trained ML models for one or more analytics ID(s), including the ML model filter information for the trained ML model per analytics ID(s), if available.
  • a consumer e.g., an NWDAF-ANLF 1062a or another NWDAF-MTLF 1062b
  • the NRF 1054 returns one or more candidates for instances of VRFs 762 containing MTLF to the NF consumer, and each candidate for an instance of NWDAF- MTLF 1062b includes the Analytics ID(s) and possibly the ML Model Filter Information for the available trained ML models, if available.
  • the NRF 1054 stores the NF Profile of the VRF 762 instances, including "vendor information" for each NWDAFs 1062 and “analytics metadata provisioning capability" when supported by the NWDAF 1062; and returns the VRF(s) 762 matching the attributes provided in the Nnrf_NFDiscovery_Request, as specified in clause 5.2.7.3 of TS 23.502.
  • the NWDAF service consumer requests or subscribes to receive analytics for one or more analytics IDs; uses the discovery mechanism from NRF 1054 as defined in clause 6.3.13 of [TS23501] to identify VRFs 762 with analytics aggregation capability and other capabilities (e.g., providing data/analytics for specific TAI(s)); and can differentiate and select the preferred VRFs 762 if multiple VRFs 762 are returned in the NWDAF discovery response based on its internal selection criteria (considering the registered NWDAF capabilities and information in NRF 1054 or UDM 1058).
  • the VRF 762 stores the NF Profile of the NWDAF MTLF instances, including "Vendor policy” for vendor NWDAFs and “analytics it supports”; and returns the NWDAF MTLF(s) matching the attributes provided in theNnrf_NFDiscovery_Request, as specified in clause 5.2.7.3 of [TS23502],
  • VRF as logical function/entity within NRF and/or co-located with NRF I.2.I.2.I. MTLF Discovery and Selection
  • the MTLF discovery and selection procedure of Figure 7 may be adapted to operate as follows:
  • the NRF 1054 vis VRF 762 returns one or more candidates for instances of NWDAF - MTLF 1062b to the NFc (or a set of candidate VRF 762 instances or a set of NWDAF - VRF 762 instances).
  • Each candidate instance includes the analytics ID(s), and possibly the ML Model Filter Information for the available trained ML models, if available.
  • the embodiments discussed herein enable ML model sharing between NWDAFs containing MTLFs 1062b, and discover and select an NWDAF-MTLF 1062b by another NWDAF-MTLF 1062b.
  • the solutions described infra are applicable for NWDAFs belonging to the same vendor or different vendors.
  • Figure 8 depicts an example procedure for NWDAF-MTLF registration with an NRF 1054.
  • the procedure of Figure 8 may operate as follows:
  • the NF service producer (e.g., NWDAF-MTLF 1062b) sends an Nnrf_NFManagement_NFRegister to the NRF 1054 to inform the NRF 1054 of its NF profile.
  • the Nnrf_NFManagement_NFRegister service registers the NFc (e.g., NWDAF- MTLF 1062b) in the NRF 1054 by providing the NF profile of the NFc to the NRF 1054 and the NRF 1054 marks the NFc available.
  • the NF profile includes supported ML model file serialization formats for the trained ML model(s) in the ML model filter information and interoperability support per analytics ID.
  • the ML model file serialization format(s) included in the ML model filter information indicates the supported ML model file serialization format(s) for the trained ML model(s) available at the NWDAF-MTLF 1062b for consumption by the service consumer.
  • the consumer of the services provided by NWDAF-MTLF 1062b may be an NWDAF -ANLF 1062a or NWDAF-MTLF 1062b.
  • the consumer NF may belong to the same vendor as NWDAF-MTLF 1062b or a different vendor.
  • the interoperability support per analytics ID parameter indicates whether the NWDAF-MTLF 1062b (in the role of producer) has support for ML model interoperability. An example is shown by Figure 9.
  • the NFc (e.g., NWDAF-MTLF 1062b) sends an Nnrf_NfDiscovery_Request to the NRF 1054 to obtain information about an NF service instance(s) (e.g., the NFp (NWDAF- MTLF 1062b in Figure 8), and if present in NF profile, the endpoint address(es) of the NF service instance(s) to the NFc.
  • the Nnrf NfDiscovery Request can include ML model supported information (e.g., ML model serialization format and/or the like), interoperability support required (see e.g., Figure 9), and/or the like.
  • the NRF 1054 provides an Nnrf NFDiscovery Response to return one or more candidates instances of NWDAF-MTLF 1062b as discussed previously.
  • Figure 9 depicts an example of interoperability support per analytics ID.
  • an NWDAF-MTLF 1062b has support for providing trained ML model for four (4) types of analytics (e.g., Analytics ID 1, Analytics ID 2, Analytics ID 3, and Analytics ID 4).
  • the NRF 1054 determines a set of NWDAF-MTLF 1062b instance(s) matching at least one of the ML model file serialization formats and interoperability support in Nnrf NFDiscovery Request and internal policies of the NRF 1054 and sends the NF profile(s) (including ML model file serialization format(s) and/or other suitable information) of the determined NWDAF-MTLF 1062b instances in the discovery response.
  • An NWDAF-ANLF 1062a may be locally configured with a set of IDs of NWDAFs containing MTLF and the Analytics ID(s) supported by each NWDAF-MTLF 1062b to retrieve trained ML models or may use the NWDAF discovery procedure specified in clause 5.2 of [TS23288] for discovering NWDAFs containing MTLF 1062b.
  • An NWDAF-MTLF 1062b may determine that further training for an existing ML model is needed when it receives the ML model subscription or an ML model request.
  • Various aspects of secure ML model provisioning/sharing between multiple MTLFs 1062b and/or between multiple ML model vendors is discussed supra in sections 1.1 and 1.2.
  • An ML model for analytics subscribe/unsubscribe procedure (see e.g., Figure 6.2A.1-1 of [TS23288]) is used by an NWDAF service consumer (e.g., an NWDAF-ANLF 1062a) to subscribe/unsubscribe at an NWDAF service producer (e.g., an NWDAF-MTLF 1062b) to be notified when ML model information on the related analytics becomes available using the NnwdafJMLModelProvision services as defined in clause 7.5 of [TS23288] (see e.g., in Figure 6.2A.1-1 of [TS23288]).
  • the ML model information is used by the NWDAF-ANLF 1062a to derive analytics.
  • the service is also used by an NWDAF 1062 to modify existing ML model subscription(s).
  • An NWDAF 1062 can be at the same time a consumer of this service provided by other NWDAF(s) 1062 and a provider of this service to other NWDAF(s) 1062.
  • the NWDAF service consumer subscribes to, modifies, or cancels subscription for a set of trained ML model(s) associated with a set of analytics ID(s) by invoking the Nnwdaf_MLModelProvision_Subscribe /
  • Nnwdaf MLModelProvision Unsubscribe service operations The parameters that can be provided by the NWDAF service consumer are listed in clause 6.2A.2 of [TS23288] and/or in section 1.3.3, infra.
  • the service consumer may indicate its support for multiple ML models if available.
  • the NWDAF service producer may determine whether existing trained ML model(s) can be used for the subscription and/or determine whether triggering further training for the existing trained ML models is needed for the subscription. If the NWDAF-MTLF 1062b determines that further training is needed, the NWDAF 1062 may initiate data collection from relevant NFs (e.g., AMF 1044, DCCF 1063, ADRF 1066, and/or the like), UE Application (via AF 1060), and/or 0AM as described in clause 6.2 of [TS23288] to generate the ML model. If the service invocation is for a subscription modification or subscription cancelation, the NWDAF service consumer includes an identifier (e.g., subscription correlation ID) to be modified in the invocation of Nnwdaf MLModelProvi si on Sub scribe.
  • relevant NFs e.g., AMF 1044, DCCF 1063, ADRF 1066, and/or the like
  • UE Application via AF 1060
  • 0AM as described in clause
  • the NWDAF service producer e.g., an NWDAF -MTLF 1062b
  • the NWDAF service consumer notifies the NWDAF service consumer with a set of pair(s) of unique ML model identifier(s) and ML model information associated with each analytics ID requested by the NWDAF service consumer by invoking Nnwdaf MLModelProvision Notify service operation.
  • the content of trained ML model information that can be provided by the NWDAF -MTLF 1062b is specified in clause 6.2A.2 of [TS23288] and/or in section 1.3.3, infra.
  • An ML model request procedure (see e.g., Figure 6.2A.3-1 of [TS23288]) is used by an NWDAF service consumer (e.g., an NWDAF-ANLF 1062a) to request and get ML model information from an NWDAF service producer (e.g., an NWDAF -MTLF 1062b) using Nnwdaf MLModellnfo services as defined in clause 7.6 of [TS23288], The ML model information is used by an NWDAF-ANLF 1062a to derive analytics.
  • An NWDAF 1062 can be at the same time a consumer of this service provided by other NWDAF(s) 1062 and a provider of this service to other NWDAF(s) 1062.
  • the NWDAF service consumer (e.g., NWDAF-ANLF 1062a) requests a (set of) ML Model(s) associated with a set of analytics ID(s) by invoking Nnwdaf MLModellnfo Request service operation.
  • the parameters that can be provided by the N NWDAF service consumer (e.g., NWDAF-ANLF 1062a) are listed in clause 6.2A.2 of [TS23288] and/or in section 1.3.3, infra.
  • the service consumer optionally indicates its support for multiple ML models if available.
  • the NWDAF -MTLF 1062b may: determine whether existing trained ML Model(s) can be used for the request and/or determine whether triggering further training for the existing trained ML models is needed for the request. If the NWDAF-MTLF 1062b determines that further training is needed, this NWDAF 1062 may initiate data collection from relevant NFs (e.g., AMF 1044, DCCF 1063, ADRF 1066, and/or the like), UE Application (via AF 1060), and/or 0AM as described in clause 6.2 of [TS23288] to generate the ML model.
  • relevant NFs e.g., AMF 1044, DCCF 1063, ADRF 1066, and/or the like
  • UE Application via AF 1060
  • 0AM as described in clause 6.2 of [TS23288]
  • the NWDAF-MTLF 1062b responds to the NWDAF service consumer (e.g., an NWDAF- ANLF 1062a) by invoking Nnwdaf MLModellnfo Request response service operation including, for example, a set of pair(s) of unique ML model identifier and the ML model information for each analytics ID that the NWDAF service consumer requests.
  • the content of ML model information that can be provided by the NWDAF-MTLF 1062b is specified in clause 6.2A.2 of [TS23288] and/or in section 1.3.3, infra.
  • the consumers of the ML model provisioning services may provide one or more of the following input parameters.
  • this parameter includes information of the analytics for which the requested ML model is to be used.
  • this parameter can include a list (set) of analytics IDs (e.g., identifies the analytics for which the ML model is used) and NF consumer information (e.g., identifies the vendor of NWDAF-ANLF 1062a).
  • NF consumer information such as Vendor ID is may include any suitable identifier(s)/network address(es) (e.g., including as any of those discussed herein), can be generated using any suitable mechanism (e.g., hash algorithms, random number/string generators, and/or the like), and/or can be implementation-specific.
  • this parameter indicates the context of use of the analytics to select the most relevant ML model ML model.
  • the NWDAF-MTLF 1062b can use the "Use case context" parameter to select a most relevant ML model, when several ML models are available for the requested analytics ID(s).
  • -ML model interoperability information includes vendor-specific information that conveys information for interoperability and/or sharing of ML models.
  • Examples of ML model interoperability information include requested ML model file format, ML model serialization format, model execution environment (e.g., hardware platform requirements, software/runtime environment, and/or the like), hyperparameters, and/or the like.
  • the encoding, format, and value of ML model interoperability information may be vendor specific information that is agreed between vendors for sharing purposes.
  • -ML model filter information enables selection of ML model for which analytics is requested.
  • ML model filter information includes S-NSSAI(s); area(s) of interest (Aol(s)); list/set of ML models (e.g., ML model IDs), TAI(s); cell ID(s); list/set of application IDs, DNNs, and/or DNAI(s); and/or the like.
  • Parameter types in the ML model filter information are the same as parameter types in the analytics filter information discussed in [TS23288], -Target of ML model reporting: indicates the object(s) for which ML model is requested for specific UEs, a group of UE(s), or any or all UE UEs.
  • -Requested representative ratio a minimum percentage of UEs in the group whose data is a non-empty set and can be used in the model training when the Target of ML model reporting is a group of UEs.
  • -ML model target period indicates time interval [start, end] for which ML model for the analytics is requested.
  • the time interval is expressed with actual start time and actual end time (e.g., via UTC time and/or the like).
  • -Inference input data information contains information about various settings that are expected to be used by AnLF 1062a during inferences, such as the input data that are expected to be used and the data sources that are expected to be used as a list of NF instance (or NF set) identifiers.
  • Each of the input data that are expected to be used may be accompanied by metrics that show the granularity with which this data will be used (e.g., a sampling ratio, the maximum number of input values, and/or a maximum time interval between the samples of this input data). This can be a subset of the possible input data specified for a certain analytics type.
  • Multiple ML models filter information are composed by indication of supporting multiple ML models, accuracy level(s) of interest, number of ML model(s), and/or the like.
  • the NWDAF-MTLF 1062b provides to the consumer of the ML model provisioning service operations as described in clause 7.5 and 7.6 of [TS23288], the output information as listed below:
  • -Validity period indicates time period when the provided ML Model Information applies.
  • the validity period is determined by the internal logic of the MTLF 1062b and is a subset of Aol if provided in ML model filter information and of ML Model Target Period, respectively
  • -Spatial validity indicates Area where the provided ML Model Information applies.
  • the spatial validity and Validity period are determined by MTLF internal logic and it is a subset of Aol if provided in ML Model Filter Information and of ML Model Target Period, respectively.
  • -ML model representative ratio indicating the percentage of UEs in the group whose data is used in the ML model training when the Target of ML Model Reporting is a group of UEs.
  • -Training input data information contains information about various settings that have been used by MTLF during training, such as the input data that have been used and the data sources that have been used as a list of NF instance (or NF set) identifiers.
  • the input data that have been used may be accompanied by metrics that show the granularity with which this data has been used (e.g., a sampling ratio, the maximum number of input values, and/or a maximum time interval between the samples of this input data). This can be a subset of the possible input data specified for a certain analytics type.
  • Figure 10 depicts an example network architecture 1000.
  • the network 1000 may operate in a manner consistent with 3GPP technical specifications for LTE or 5G/NR systems.
  • 3GPP technical specifications for LTE or 5G/NR systems 3GPP technical specifications for LTE or 5G/NR systems.
  • the example embodiments are not limited in this regard and the described examples may apply to other networks that benefit from the principles described herein, such as future 3 GPP systems, or the like.
  • the network 1000 includes a UE 1002, which is any mobile or non-mobile computing device designed to communicate with a RAN 1004 via an over-the-air connection.
  • the UE 1002 is communicatively coupled with the RAN 1004 by a Uu interface, which may be applicable to both LTE and NR systems.
  • Examples of the UE 1002 include, but are not limited to, a smartphone, tablet computer, wearable device (e.g., smart watch, fitness tracker, smart glasses, smart clothing/fabrics, head-mounted displays, smart shows, and/or the like), desktop computer, workstation, laptop computer, in-vehicle infotainment system, in-car entertainment system, instrument cluster, head-up display (HUD) device, onboard diagnostic device, dashtop mobile equipment, mobile data terminal, electronic engine management system, electronic/engine control unit, electronic/engine control module, embedded system, sensor, microcontroller, control module, engine management system, networked appliance, machine-type communication device, machine-to-machine (M2M), device-to-device (D2D), machine-type communication (MTC) device, Internet of Things (loT) device, smart appliance, flying drone or unmanned aerial vehicle (UAV), terrestrial drone or autonomous vehicle, robot, electronic signage, single-board computer (SBC) (e.g., Raspberry Pi, iOS, Intel Edison, and the like
  • the network 1000 may include a set of UEs 1002 coupled directly with one another via a device-to-device (D2D), proximity services (ProSe), PC5, and/or sidelink (SL) interface, and/or any other suitable interface such as any of those discussed herein.
  • D2D device-to-device
  • ProSe proximity services
  • SL sidelink
  • UEs 1002 may be M2M, D2D, MTC, and/or loT devices, and/or V2X systems that communicate using physical sidelink channels such as, but not limited to, PSBCH, PSDCH, PSSCH, PSCCH, PSFCH, and the like.
  • the UE 1002 may perform blind decoding attempts of SL channels/links according to the various examples herein.
  • One example implementation is a “CU/DU split” architecture where the NANs 1014 are embodied as a gNB-Central Unit (CU) that is communicatively coupled with one or more gNB- Distributed Units (DUs), where each DU may be communicatively coupled with one or more Radio Units (RUs) (also referred to as RRHs, RRUs, or the like).
  • RUs Radio Units
  • the one or more RUs may be individual RSUs.
  • the CU/DU split may include an ng-eNB-CU and one or more ng-eNB-DUs instead of, or in addition to, the gNB-CU and gNB- DUs, respectively.
  • the NANs 1014 employed as the CU may be implemented in a discrete device or as one or more software entities running on server computers as part of, for example, a virtual network including a virtual Base Band Unit (BBU) or BBU pool, cloud RAN (CRAN), Radio Equipment Controller (REC), Radio Cloud Center (RCC), centralized RAN (C-RAN), virtualized RAN (vRAN), and/or the like (although these terms may refer to different implementation concepts). Any other type of architectures, arrangements, and/or configurations can be used.
  • BBU Base Band Unit
  • CRAN cloud RAN
  • REC Radio Equipment Controller
  • RRCC Radio Cloud Center
  • C-RAN centralized RAN
  • vRAN virtualized RAN
  • the set of NANs 1014 are coupled with one another via respective X2 interfaces if the RAN 1004 is an LTE RAN or Evolved Universal Terrestrial Radio Access Network (E-UTRAN) 1010, or respective Xn interfaces if the RAN 1004 is a NG-RAN 1004.
  • the X2/Xn interfaces which may be separated into control/user plane interfaces in some examples, may allow the ANs to communicate information related to handovers, data/context transfers, mobility, load management, interference coordination, and the like.
  • the RAN 1004 may provide the air interface over a licensed spectrum or an unlicensed spectrum.
  • the nodes may use LAA, eLAA, and/or feLAA mechanisms based on CA technology with PCells/Scells.
  • the nodes Prior to accessing the unlicensed spectrum, the nodes may perform medium/carrier-sensing operations based on, for example, a listen-before-talk (LBT) protocol.
  • LBT listen-before-talk
  • individual UEs 1002 provide radio information to one or more NANs 1014 and/or one or more edge compute nodes (e.g., edge servers/hosts, and the like).
  • the radio information may be in the form of one or more measurement reports, and/or may include, for example, signal strength measurements, signal quality measurements, and/or the like.
  • Each measurement report is tagged with a timestamp and the location of the measurement (e.g., the UEs 1002 current location).
  • the measurements collected by the UEs 1002 and/or included in the measurement reports may include one or more of the following: bandwidth (BW), network or cell load, latency, jitter, round trip time (RTT), number of interrupts, out-of-order delivery of data packets, transmission power, bit error rate, bit error ratio (BER), Block Error Rate (BLER), packet error ratio (PER), packet loss rate, packet reception rate (PRR), data rate, peak data rate, end-to-end (e2e) delay, signal -to-noise ratio (SNR), signal -to-noise and interference ratio (SINR), signal-plus-noise-plus-distortion to noise-plus-distortion (SINAD) ratio, carrier-to- interference plus noise ratio (CINR), Additive White Gaussian Noise (AWGN), energy per bit to noise power density ratio (Eb/NO), energy per chip to interference power density ratio (Ec/10), energy per chip to noise power density ratio (Ec/NO), peak-to-frequency
  • the RSRP, RSSI, and/or RSRQ measurements may include RSRP, RSSI, and/or RSRQ measurements of cell-specific reference signals, channel state information reference signals (CSI-RS), and/or synchronization signals (SS) or SS blocks for 3GPP networks (e g., LTE or 5G/NR), and RSRP, RSSI, RSRQ, RCPI, RSNI, and/or ANPI measurements of various beacon, Fast Initial Link Setup (FILS) discovery frames, or probe response frames for WLAN/WiFi (e.g., [IEEE80211]) networks.
  • CSI-RS channel state information reference signals
  • SS synchronization signals
  • 3GPP networks e g., LTE or 5G/NR
  • measurements may be additionally or alternatively used, such as those discussed in 3GPP TS 36.214 V17.0.0 (2022-03- 31) (“[TS36214]”), 3GPP TS 38.215 vl7.3.0 (2023-03-30) (“[TS382I5]”), 3GPP TS 38.314 V17.2.0 (2023-01-13) (“[TS38314]”), IEEE Standard for Information Technology- Telecommunications and Information Exchange between Systems - Local and Metropolitan Area Networks— Specific Requirements - Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications, IEEE Std 802.11-2020, pp.1-4379 (26 Feb. 2021) (“[IEEE80211]”), and/or the like. Additionally or alternatively, any of the aforementioned measurements (or combination of measurements) may be collected by one or more NANs 1014 and provided to the edge compute node(s).
  • MAC Wireless LAN Medium Access Control
  • PHY Physical Layer
  • the measurements can include one or more of the following measurements: measurements related to Data Radio Bearer (DRB) (e.g., number of DRBs attempted to setup, number of DRBs successfully setup, number of released active DRBs, insession activity time for DRB, number of DRBs attempted to be resumed, number of DRBs successfully resumed, and the like); measurements related to RRC (e.g., mean number of RRC connections, maximum number of RRC connections, mean number of stored inactive RRC connections, maximum number of stored inactive RRC connections, number of attempted, successful, and/or failed RRC connection establishments, and the like); measurements related to UE Context (UECNTX); measurements related to Radio Resource Utilization (RRU) (e.g., DL total PRB usage, UL total PRB usage, distribution of DL total PRB usage, distribution of UL total PRB usage, DL PRB used for data traffic, UL PRB used for data traffic, DL total available PRBs, UL total available PRBs, and the like
  • RRC
  • the radio information may be reported in response to a trigger event and/or on a periodic basis. Additionally or alternatively, individual UEs 1002 report radio information either at a low periodicity or a high periodicity depending on a data transfer that is to take place, and/or other information about the data transfer. Additionally or alternatively, the edge compute node(s) may request the measurements from the NANs 1014 at low or high periodicity, or the NANs 1014 may provide the measurements to the edge compute node(s) at low or high periodicity.
  • the edge compute node(s) may obtain other relevant data from other edge compute node(s), core network functions (NFs), application functions (AFs), and/or other UEs 1002 such as Key Performance Indicators (KPIs), with the measurement reports or separately from the measurement reports.
  • NFs core network functions
  • AFs application functions
  • KPIs Key Performance Indicators
  • one or more RAN nodes, and/or core network NFs may be performed to supplement the obtained observation data such as, for example, substituting values from previous reports and/or historical data, apply an extrapolation filter, and/or the like.
  • acceptable bounds for the observation data may be predetermined or configured. For example, CQI and MCS measurements may be configured to only be within ranges defined by suitable 3GPP standards.
  • a reported data value may not make sense (e.g., the value exceeds an acceptable range/bounds, or the like)
  • such values may be dropped for the current leaming/training episode or epoch.
  • packet delivery delay bounds may be defined or configured, and packets determined to have been received after the packet delivery delay bound may be dropped.
  • the UE 1002 can also perform determine reference signal (RS) measurement and reporting procedures to provide the network with information about the quality of one or more wireless channels and/or the communication media in general, and this information can be used to optimize various aspects of the communication system.
  • RS reference signal
  • the measurement and reporting procedures performed by the UE 1002 can include those discussed in 3GPP TS 38.211 vl7.4.0 (2023-01 -04) (“[TS38211]”), 3GPP TS 38.212 vl7.5.0 (2023-03-30) (“[TS38212]”), 3GPP TS 38.213 V17.5.0 (2023-03-30) (“[TS38213]”), 3GPP TS 38.214 vl7.5.0 (2023-03-30)
  • the physical signals and/or reference signals can include demodulation reference signals (DM-RS), phase-tracking reference signals (PT-RS), positioning reference signal (PRS), channel-state information reference signal (CSI-RS), synchronization signal block (SSB), primary synchronization signal (PSS), secondary synchronization signal (SSS), and sounding reference signal (SRS).
  • DM-RS demodulation reference signals
  • PT-RS phase-tracking reference signals
  • PRS positioning reference signal
  • CSI-RS channel-state information reference signal
  • SSB synchronization signal block
  • PSS primary synchronization signal
  • SSS secondary synchronization signal
  • SRS sounding reference signal
  • any suitable data collection and/or measurement mechanism(s) may be used to collect the observation data.
  • data marking e.g., sequence numbering, and the like
  • packet tracing e.g., signal measurement, data sampling, and/or timestamping techniques
  • the collection of data may be based on occurrence of events that trigger collection of the data. Additionally or alternatively, data collection may take place at the initiation or termination of an event.
  • the data collection can be continuous, discontinuous, and/or have start and stop times.
  • the data collection techniques/mechanisms may be specific to a HW configuration/implementation or non-HW-specific, or may be based on various software parameters (e.g., OS type and version, and the like). Various configurations may be used to define any of the aforementioned data collection parameters.
  • Such configurations may be defined by suitable specifications/standards, such as 3GPP (e.g., [SA6Edge]), ETSI (e.g., [MEC]), 0-RAN (e.g., [0-RAN]), Intel® Smart Edge Open (formerly OpenNESS) (e.g., [ISEO]), IETF (e.g., MAMS [RFC8743]), lEEE/WiFi (e.g., [IEEE80211], and the like), and/or any other like standards such as those discussed herein.
  • 3GPP e.g., [SA6Edge]
  • ETSI e.g., [MEC]
  • 0-RAN e.g., [0-RAN]
  • Intel® Smart Edge Open e.g., [ISEO]
  • IETF e.g., MAMS [RFC8743]
  • lEEE/WiFi e.g., [IEEE80211], and the like
  • the RAN 1004 is an E-UTRAN with one or more eNBs, and provides an LTE air interface (Uu) with the parameters and characteristics at least as discussed in 3GPP TS 36.300 V17.2.0 (2022-09-30) (“[TS36300]”).
  • the RAN 1004 is an next generation (NG)-RAN 1004 with a set of RAN nodes 1014 (including gNBs 1014a and ng-eNBs 1014b). Each gNB 1014a connects with 5G-enabled UEs 1002 using a 5G-NR Uu interface with parameters and characteristics as discussed in [TS38300], among many other 3GPP standards, including any of those discussed herein.
  • the one or more ng-eNBs 1014b connect with a UE 1002 via the 5G Uu and/or LTE Uu interface.
  • the gNBs 1014a and the ng-eNBs 1014b connect with the 5GC 1040 through respective NG interfaces, which include an N2 interface, an N3 interface, and/or other interfaces.
  • the gNBs 1014a and the ng-eNBs 1014b are connected with each other over an Xn interface. Additionally, individual gNBs 1014a are connected to one another via respective Xn interfaces, and individual ng-eNBs 1014b are connected to one another via respective Xn interfaces.
  • the NG interface may be split into two parts, an NG user plane (NG-U) interface, which carries traffic data between the nodes of the NG-RAN 1004 and a UPF 1048 (e.g., N3 interface), and an NG control plane (NG-C) interface, which is a signaling interface between the nodes of the NG-RAN 1004 and an AMF 1044 (e.g., N2 interface).
  • NG-U NG user plane
  • N3 interface e.g., N3 interface
  • N-C NG control plane
  • the NG-RAN 1004 may provide a 5G-NR air interface (which may also be referred to as a Uu interface) with the following characteristics: variable SCS; CP -OFDM for DL, CP-OFDM and DFT-s-OFDM for UL; polar, repetition, simplex, and Reed-Muller codes for control and LDPC for data.
  • the 5G-NR air interface may rely on CSI-RS, PDSCH/PDCCH DMRS similar to the LTE air interface.
  • the 5G-NR air interface may not use a CRS, but may use PBCH DMRS for PBCH demodulation; PTRS for phase tracking for PDSCH; and tracking reference signal for time tracking.
  • the 5G-NR air interface may operating on FR1 bands that include sub-6 GHz bands or FR2 bands that include bands from 24.25 GHz to 52.6 GHz.
  • the 5G-NR air interface may include an SSB that is an area of a DL resource grid that includes PSS/SSS/PBCH.
  • the 5G-NR air interface may utilize BWPs for various purposes.
  • BWP can be used for dynamic adaptation of the SCS.
  • the UE 1002 can be configured with multiple BWPs where each BWP configuration has a different SCS. When a BWP change is indicated to the UE 1002, the SCS of the transmission is changed as well.
  • Another use case example of BWP is related to power saving.
  • multiple BWPs can be configured for the UE 1002 with different amount of frequency resources (e.g., PRBs) to support data transmission under different traffic loading scenarios.
  • a BWP containing a smaller number of PRBs can be used for data transmission with small traffic load while allowing power saving at the UE 1002 and in some cases at the gNB 1014a.
  • a BWP containing a larger number of PRBs can be used for scenarios with higher traffic load.
  • individual gNBs 1014a can include a gNB-CU and a set of gNB- DUs. Additionally or alternatively, gNBs 1014a can include one or more RUs. In these implementations, the gNB-CU may be connected to each gNB-DU via respective Fl interfaces. In case of network sharing with multiple cell ID broadcast(s), each cell identity associated with a subset of PLMNs corresponds to a gNB-DU and the gNB-CU it is connected to, share the same physical layer cell resources. For resiliency, a gNB-DU may be connected to multiple gNB-CUs by appropriate implementation.
  • a gNB-CU can be separated into gNB-CU control plane (gNB-CU-CP) and gNB-CU user plane (gNB-CU-UP) functions.
  • the gNB-CU-CP is connected to a gNB-DU through an Fl control plane interface (Fl-C)
  • the gNB-CU-UP is connected to the gNB-DU through an Fl user plane interface (Fl-U)
  • the gNB-CU-UP is connected to the gNB-CU-CP through an El interface.
  • one gNB-DU is connected to only one gNB-CU-CP
  • one gNB-CU-UP is connected to only one gNB-CU-CP.
  • a gNB-DU and/or a gNB-CU-UP may be connected to multiple gNB-CU-CPs by appropriate implementation.
  • One gNB-DU can be connected to multiple gNB-CU-UPs under the control of the same gNB-CU-CP, and one gNB-CU-UP can be connected to multiple DUs under the control of the same gNB-CU-CP.
  • Data forwarding between gNB-CU-UPs during intra-gNB- CU-CP handover within a gNB may be supported by Xn-U.
  • individual ng-eNBs 1014b can include an ng-eNB-CU and a set of ng-eNB-DUs.
  • the ng-eNB-CU and each ng-eNB-DU are connected to one another via respective W1 interface.
  • An ng-eNB can include an ng-eNB-CU-CP, one or more ng-eNB-CU-UP(s), and one or more ng-eNB-DU(s).
  • An ng-eNB-CU-CP and an ng-eNB-CU-UP is connected via the El interface.
  • An ng-eNB-DU is connected to an ng-eNB-CU-CP via the Wl-C interface, and to an ng-eNB-CU-UP via the Wl-U interface.
  • the general principle described herein w.r.t gNB aspects also applies to ng-eNB aspects and corresponding El and W1 interfaces, if not explicitly specified otherwise.
  • the node hosting user plane part of the PDCP protocol layer (e.g., gNB-CU, gNB-CU-UP, and for EN-DC, MeNB or SgNB depending on the bearer split) performs user inactivity monitoring and further informs its inactivity or (re)activation to the node having control plane connection towards the core network (e.g., over El, X2, or the like).
  • the node hosting the RLC protocol layer (e.g., gNB-DU) may perform user inactivity monitoring and further inform its inactivity or (re)activation to the node hosting the control plane (e.g., gNB-CU or gNB-CU-CP).
  • the NG-RAN 1004 is layered into a Radio Network Layer (RNL) and a Transport Network Layer (TNL).
  • RNL Radio Network Layer
  • TNL Transport Network Layer
  • the NG-RAN 1004 architecture e.g., the NG-RAN logical nodes and interfaces between them
  • the NG-RAN 1004 architecture is part of the RNL.
  • the NG-RAN interface e.g., NG, Xn, Fl, and the like
  • the TNL provides services for user plane transport and/or signaling transport.
  • each NG-RAN node is connected to all AMFs 1044 of AMF sets within an AMF region supporting at least one slice also supported by the NG-RAN node.
  • the AMF Set and the AMF Region are defined in [TS23501],
  • the RAN 1004 is communicatively coupled to CN 1040 that includes network elements and/or network functions (NFs) to provide various functions to support data and telecommunications services to customers/subscribers (e.g., UE 1002).
  • the components of the CN 1040 may be implemented in one physical node or separate physical nodes.
  • NFV may be utilized to virtualize any or all of the functions provided by the network elements of the CN 1040 onto physical compute/storage resources in servers, switches, and the like.
  • a logical instantiation of the CN 1040 may be referred to as a network slice, and a logical instantiation of a portion of the CN 1040 may be referred to as a network sub-slice.
  • the CN 1040 is a 5GC 1040 including an Authentication Server Function (AUSF) 1042, Access and Mobility Management Function (AMF) 1044, Session Management Function (SMF) 1046, User Plane Function (UPF) 1048, Network Slice Selection Function (NSSF) 1050, Network Exposure Function (NEF) 1052, Network Repository Function (NRF) 1054, Policy Control Function (PCF) 1056, Unified Data Management (UDM) 1058, Unified Data Repository (UDR), Application Function (AF) 1060, and Network Data Analytics Function (NWDAF) 1062 coupled with one another over various interfaces as shown.
  • AUSF Authentication Server Function
  • AMF Access and Mobility Management Function
  • SMF Session Management Function
  • UPF User Plane Function
  • NEF Network Exposure Function
  • NRF Network Repository Function
  • PCF Policy Control Function
  • UDM Unified Data Management
  • UDR Unified Data Repository
  • AF Application Function
  • NWDAF Network Data Analytics Function
  • the NWDAF 1062 includes one or more of the following functionalities: support data collection from NFs and AFs 1060; support data collection from 0AM; NWDAF service registration and metadata exposure to NFs and AFs 1060; support analytics information provisioning to NFs and AFs 1060; support machine learning (ML) model training and provisioning to NWDAF(s) 1062 (e.g., those containing analytics logical function). Some or all of the NWDAF functionalities can be supported in a single instance of an NWDAF 1062.
  • the NWDAF 1062 also includes an analytics reporting capability, which comprises means that allow discovery of the type of analytics that can be consumed by an external party and/or the request for consumption of analytics information generated by the NWDAF 1062.
  • the NWDAF 1062 interacts with different entities for different purposes, such as one or more of the following: data collection based on subscription to events provided by AMF 1044, SMF 1046, PCF 1056, UDM 1058, NSACF, AF 1060 (directly or via NEF 1052) and 0AM (not shown); analytics and data collection using the Data Collection Coordination Function (DCCF) (e.g., DCCF 1063 in Figures 1, 2, and 3); retrieval of information from data repositories (e.g.
  • DCCF Data Collection Coordination Function
  • UDR via UDM 1058 for subscriber-related information data collection of location information from LCS system; storage and retrieval of information from an Analytics Data Repository Function (ADRF) (e.g., ADRF 1066 in Figure 4); analytics and data collection from a Messaging Framework Adaptor Function (MFAF) (e.g., MFAF 1065 in Figures 1, 2, and 3); retrieval of information about NFs (e.g. from NRF 1054 for NF -related information); on-demand provision of analytics to consumers, as specified in clause 6 of [TS23288]; and/or provision of bulked data related to analytics ID(s). NWDAF discovery and selection procedures are discussed in clause 6.3.13 in [TS23501] and clause 5.2 of [TS23288],
  • a single instance or multiple instances of NWDAF 1062 may be deployed in a PLMN. If multiple NWDAF 1062 instances are deployed, the architecture supports deploying the NWDAF 1062 as a central NF, as a collection of distributed NFs, or as a combination of both. If multiple NWDAF 1062 instances are deployed, an NWDAF 1062 can act as an aggregate point (e.g., aggregator NWDAF 1062) and collect analytics information from other NWDAFs 1062, which may have different serving areas, to produce the aggregated analytics (e.g., per analytics ID), possibly with analytics generated by itself. When multiple NWDAFs 1062 exist, not all of them need to be able to provide the same type of analytics results.
  • NWDAFs 1062 can be specialized in providing certain types of analytics.
  • An analytics ID information element is used to identify the type of supported analytics that NWDAF 1062 can generate.
  • NWDAF 1062 instance(s) can be collocated with a 5GS NF. Additional aspects of NWDAF 1062 functionality are defined in 3GPP TS 23.288 vl8.1.0 (2023-03-31) (“[TS23288]”).
  • NWDAF 1062 instances may be present in the 5GC 1040, with possible specializations per type of analytics.
  • the capabilities of an NWDAF 1062 instance are described in the NWDAF profile stored in the NRF 1054.
  • the NWDAF architecture allows for arranging multiple NWDAF 1062 instances in a hierarchy/tree with a flexible number of layers/branches. The number and organisation of the hierarchy layers, as well as the capabilities of each NWDAF 1062 instance remain deployment choices and may vary depending on implementation and/or use case.
  • NWDAFs 1062 may provide data collection exposure capability for generating analytics based on the data collected by other NWDAFs 1062, when DCCFs 1063 and/or MFAFs 1065 are not present in the network.
  • the AUSF 1042 stores data for authentication of UE 1002 and handle authentication- related functionality.
  • the AUSF 1042 may facilitate a common authentication framework for various access types.
  • the AMF 1044 allows other functions of the 5GC 1040 to communicate with the UE 1002 and the RAN 1004 and to subscribe to notifications about mobility events w.r.t the UE 1002.
  • the AMF 1044 is also responsible for registration management (e.g., for registering UE 1002), connection management, reachability management, mobility management, lawful interception of AMF-related events, and access authentication and authorization.
  • the AMF 1044 provides transport for SM messages between the UE 1002 and the SMF 1046, and acts as a transparent proxy for routing SM messages.
  • AMF 1044 also provides transport for SMS messages between UE 1002 and an SMSF.
  • AMF 1044 interacts with the AUSF 1042 and the UE 1002 to perform various security anchor and context management functions.
  • AMF 1044 is a termination point of a RAN-CP interface, which includes the N2 reference point between the RAN 1004 and the AMF 1044.
  • the AMF 1044 is also a termination point of NAS (Nl) signaling, and performs NAS ciphering and integrity protection.
  • the AMF 1044 handles N2 signaling from the SMF 1046 and the AMF 1044 for PDU sessions and QoS, encapsulate/de-encapsulate packets for IPSec and N3 tunneling, marks N3 user-plane packets in the UL, and enforces QoS corresponding to N3 packet marking taking into account QoS requirements associated with such marking received over N2.
  • N3IWF may also relay UL and DL control -plane NAS signaling between the UE 1002 and AMF 1044 via an N1 reference point between the UE 1002and the AMF 1044, and relay UL and DL user-plane packets between the UE 1002 and UPF 1048.
  • the N3IWF also provides mechanisms for IPsec tunnel establishment with the UE 1002.
  • the AMF 1044 may exhibit an Namf service-based interface, and may be a termination point for an N14 reference point between two AMFs 1044 and an N17 reference point between the AMF 1044 and a 5G-EIR (not shown by Figure 10).
  • the AMF 1044 may provide support for Network Slice restriction and Network Slice instance restriction based on NWDAF analytics.
  • the SMF 1046 is responsible for SM (e.g., session establishment, tunnel management between UPF 1048 and AN 1008); UE IP address allocation and management (including optional authorization); selection and control of UP function; configuring traffic steering at UPF 1048 to route traffic to proper destination; termination of interfaces toward policy control functions; controlling part of policy enforcement, charging, and QoS; lawful intercept (for SM events and interface to LI system); termination of SM parts of NAS messages; DL data notification; initiating AN specific SM information, sent via AMF 1044 over N2 to AN 1008; and determining SSC mode of a session.
  • SM e.g., session establishment, tunnel management between UPF 1048 and AN 1008
  • UE IP address allocation and management including optional authorization
  • selection and control of UP function configuring traffic steering at UPF 1048 to route traffic to proper destination; termination of interfaces toward policy control functions; controlling part of policy enforcement, charging, and QoS; lawful intercept (for SM events and interface to LI system); termination
  • the SMF 1046 may also include the following functionalities to support edge computing enhancements (see e.g., [TS23548]): selection of EASDF 1061 and provision of its address to the UE as the DNS server for the PDU session; usage of EASDF 1061 services as defined in [TS23548]; and for supporting the application layer architecture defined in [TS23558], provision and updates of ECS address configuration information to the UE.
  • edge computing enhancements see e.g., [TS23548]: selection of EASDF 1061 and provision of its address to the UE as the DNS server for the PDU session; usage of EASDF 1061 services as defined in [TS23548]; and for supporting the application layer architecture defined in [TS23558], provision and updates of ECS address configuration information to the UE.
  • Discovery and selection procedures for EASDFs 1061 is discussed in [TS23501] ⁇ 6.3.23.
  • the UPF 1048 acts as an anchor point for intra-RAT and inter-RAT mobility, an external PDU session point of interconnect to data network 1036, and a branching point to support multihomed PDU session.
  • the UPF 1048 also performs packet routing and forwarding, packet inspection, enforces user plane part of policy rules, lawfully intercept packets (UP collection), performs traffic usage reporting, perform QoS handling for a user plane (e.g., packet filtering, gating, UL/DL rate enforcement), performs UL traffic verification (e.g., SDF-to-QoS flow mapping), transport level packet marking in the UL and DL, and performs DL packet buffering and DL data notification triggering.
  • UPF 1048 may include an UL classifier to support routing traffic flows to a data network.
  • the NSSF 1050 selects a set of network slice instances serving the UE 1002.
  • the NSSF 1050 also determines allowed NSSAI and the mapping to the subscribed S-NSSAIs, if needed.
  • the NSSF 1050 also determines an AMF set to be used to serve the UE 1002, or a list of candidate AMFs 1044 based on a suitable configuration and possibly by querying the NRF 1054.
  • the selection of a set of network slice instances for the UE 1002 may be triggered by the AMF 1044 with which the UE 1002 is registered by interacting with the NSSF 1050; this may lead to a change of AMF 1044.
  • the NSSF 1050 interacts with the AMF 1044 via an N22 reference point; and may communicate with another NSSF in a visited network via an N31 reference point (not shown).
  • the NEF 1052 securely exposes services and capabilities provided by 3 GPP NFs for third party, internal exposure/re-exposure, AFs 1060, edge computing networks/frameworks, and the like.
  • the NEF 1052 may authenticate, authorize, or throttle the AFs 1060.
  • the NEF 1052 stores/retrieves information as structured data using the Nudr interface to a Unified Data Repository (UDR).
  • UDR Unified Data Repository
  • the NEF 1052 also translates information exchanged with the AF 1060 and information exchanged with internal NFs.
  • the NEF 1052 may translate between an AF-Service-Identifier and an internal 5GC information, such as DNN, S-NSSAI, as described in clause 5.6.7 of [TS23501],
  • the NEF 1052 handles masking of network and user sensitive information to external AF's 1060 according to the network policy.
  • the NEF 1052 also receives information from other NFs based on exposed capabilities of other NFs. This information may be stored at the NEF 1052 as structured data, or at a data storage NF using standardized interfaces. The stored information can then be re-exposed by the NEF 1052 to other NFs and AFs, or used for other purposes such as analytics.
  • NWDAF analytics may be securely exposed by the NEF 1052 for external party, as specified in [TS23288], Furthermore, data provided by an external party may be collected by the NWDAF 1062 via the NEF 1052 for analytics generation purpose.
  • the NEF 1052 handles and forwards requests and notifications between the NWDAF 1062 and AF(s) 1060, as specified in [TS23288],
  • the NRF 1054 supports service discovery functions, receives NF discovery requests from NF instances, and provides information of the discovered NF instances to the requesting NF instances.
  • the NRF 1054 also maintains NF profiles of available NF instances and their supported services.
  • the NF profile of NF instance maintained in the NRF 1054 includes the following information: NF instance ID; NF type; PLMN ID in the case of PLMN, PLMN ID + NID in the case of SNPN; Network Slice related Identifier(s) (e.g., S-NSSAI, NSI ID); an NF’s network address(es) (e.g., FQDN, IP address, and/or the like), NF capacity information, NF priority information (e.g., for AMF selection), NF set ID, NF service set ID of the NF service instance; NF specific service authorization information; names of supported services, if applicable; endpoint address(es) of instance(s) of each supported service; identification of stored data/information (e.
  • the NF profile includes: supported analytics ID(s), possibly per service, NWDAF serving area information (e.g., a list of TAIs for which the NWDAF can provide services and/or data), Supported Analytics Delay per Analytics ID (if available), NF types of the NF data sources, NF Set IDs of the NF data sources, if available, analytics aggregation capability (if available), analytics metadata provisioning capability (if available), ML model filter information parameters S-NSSAI(s) and area(s) of interest for the trained ML model(s) per analytics ID(s) (if available), federated learning (FL) capability type (e.g., FL server or FL client, if available), Time interval supporting FL (if available).
  • NWDAF serving area information e.g., a list of TAIs for which the NWDAF can provide services and/or data
  • Supported Analytics Delay per Analytics ID if available
  • NF types of the NF data sources NF Set IDs of the NF data sources, if available
  • the NWDAF's 1062 Serving Area information is common to all its supported analytics IDs.
  • the analytics IDs supported by the NWDAF 1062 may be associated with a supported analytics delay, for example, the analytics report can be generated with a time (including data collection delay and inference delay) in less than or equal to the supported analytics delay.
  • the determination of supported analytics delay, and how the NWDAF 1062 avoid updating its Supported Analytics Delay in NRF frequently may be NWDAF -implementation specific.
  • the PCF 1056 provides policy rules to control plane functions to enforce them, and may also support unified policy framework to govern network behavior.
  • the PCF 1056 may also implement a front end to access subscription information relevant for policy decisions in a UDR 1059 of the UDM 1058.
  • the PCF 1056 exhibit an Npcf service-based interface.
  • the UDM 1058 handles subscription-related information to support the network entities’ handling of communication sessions, and stores subscription data of UE 1002. For example, subscription data may be communicated via an N8 reference point between the UDM 1058 and the AMF 1044.
  • the UDM 1058 may include two parts, an application front end and a UDR.
  • the UDR may store subscription data and policy data for the UDM 1058 and the PCF 1056, and/or structured data for exposure and application data (including PFDs for application detection, application request information for multiple UEs 1002) for the NEF 1052.
  • TheNudr service-based interface may be exhibited by the UDR to allow the UDM 1058, PCF 1056, and NEF 1052 to access a particular set of the stored data, as well as to read, update (e.g., add, modify), delete, and subscribe to notification of relevant data changes in the UDR.
  • the UDM 1058 may include a UDM-FE, which is in charge of processing credentials, location management, subscription management and so on. Several different front ends may serve the same user in different transactions.
  • the UDM-FE accesses subscription information stored in the UDR and performs authentication credential processing, user identification handling, access authorization, registration/mobility management, and subscription management.
  • the UDM 1058 may exhibit the Nudm servicebased interface.
  • EASDF 1061 exhibits an Neasdf servicebased interface, and is connected to the SMF 1046 via an N88 interface.
  • One or multiple EASDF instances may be deployed within a PLMN, and interactions between 5GC NF(s) and the EASDF 1061 take place within a PLMN.
  • the EASDF 1061 includes one or more of the following functionalities: registering to NRF 1054 for EASDF 1061 discovery and selection; handling the DNS messages according to the instruction from the SMF 1046; and/or terminating DNS security, if used.
  • Handling the DNS messages according to the instruction from the SMF 1046 includes one or more of the following functionalities: receiving DNS message handling rules and/or BaselineDNSPattem from the SMF 1046; exchanging DNS messages from/with the UE 1002; forwarding DNS messages to C-DNS or L-DNS for DNS query; adding EDNS client subnet (ECS) option into DNS query for an FQDN; reporting to the SMF 1046 the information related to the received DNS messages; and/or buffering/discarding DNS messages from the UE 1002 or DNS Server.
  • the EASDF has direct user plane connectivity (e.g., without any NAT) with the PSA UPF over N6 for the transmission of DNS signaling exchanged with the UE.
  • the deployment of a NAT between EASDF 1061 and PSA UPF 1048 may or may not be supported. Additional aspects of the EASDF 1061 are discussed in [TS23548],
  • the 5GC 1040 may enable edge computing by selecting operator/3rd party services to be geographically close to a point that the UE 1002 is attached to the network. This may reduce latency and load on the network.
  • the 5GC 1040 may select a UPF 1048 close to the UE 1002 and execute traffic steering from the UPF 1048 to DN 1036 via the N6 interface. This may be based on the UE subscription data, UE location, and information provided by the AF 1060, which allows the AF 1060 to influence UPF (re)selection and traffic routing.
  • the DN 1036 may be an edge DN 1036, which is a (local) DN that supports the architecture for enabling edge applications.
  • the app server 1038 may represent the physical hardware systems/devices providing app server functionality and/or the application software resident in the cloud or at an edge compute node that performs server function(s).
  • the app/content server 1038 provides an edge hosting environment that provides support required for Edge Application Server's execution.
  • the edge compute nodes provide a distributed computing environment for application and service hosting, and also provide storage and processing resources so that data and/or content can be processed in close proximity to subscribers (e.g., users of UEs 1002) for faster response times.
  • the edge compute nodes also support multitenancy runtime and hosting environment s) for applications, including virtual appliance applications that may be delivered as packaged virtual machine (VM) images, middleware application and infrastructure services, content delivery services including content caching, mobile big data analytics, and computational offloading, among others.
  • Computational offloading involves offloading computational tasks, workloads, applications, and/or services to the edge compute nodes from the UEs 1002, CN 1040, DN 1036, and/or server(s) 1038, or vice versa.
  • a device application or client application operating in a UE 1002 may offload application tasks or workloads to one or more edge compute nodes.
  • an edge compute node may offload application tasks or workloads to a set of UEs 1002 (e.g., for distributed machine learning computation and/or the like).
  • the edge compute nodes may include or be part of an edge system that employs one or more edge computing technologies (ECTs) (also referred to as an “edge computing framework” or the like).
  • ECTs edge computing technologies
  • the edge compute nodes may also be referred to as “edge hosts” or “edge servers.”
  • the edge system includes a collection of edge servers and edge management systems (not shown) necessary to run edge computing applications within an operator network or a subset of an operator network.
  • the edge servers are physical computer systems that may include an edge platform and/or virtualization infrastructure, and provide compute, storage, and network resources to edge computing applications.
  • This example implementation may also include NFV and/or other like virtualization technologies such as those discussed in ETSI GRNFV 001 VI.3.1 (2021-03), ETSI GS NFV 002 VI.2.1 (2014-12), ETSI GR NFV 003 VI.6.1 (2021-03), ETSI GS NFV 006 V2.1.1 (2021-01), ETSI GS NFV-INF 001 VI.1.1 (2015-01), ETSI GS NFV-INF 003 VI.1.1 (2014-12), ETSI GS NFV-INF 004 VI.1.1 (2015-01), ETSI GS NFV-MAN 001 vl.1.1 (2014-12), and/or Israel et al., OSM Release FIVE Technical Overview , ETSI OPEN SOURCE MANO, OSM White Paper, 1st ed.
  • the ECT is and/or operates according to the 0-RAN framework.
  • front-end and back-end device vendors and carriers have worked closely to ensure compatibility.
  • the flip-side of such a working model is that it becomes quite difficult to plug-and-play with other devices and this can hamper innovation.
  • O-RAN Open RAN alliance
  • the 0-RAN network architecture is a building block for designing virtualized RAN on programmable hardware with radio access control powered by AI/ML.
  • O-RAN Working Group 2 Non- RT RIC and Al interface WG
  • Non-RT RIC Architecture v02.01 Oct. 2022
  • O-RAN Working Group 3 Near-Real-time RAN Intelligent Controller and E2 Interface Working Group: Near-RT RIC Architecture, v04.00, Release R003 (Mar. 2023);
  • O-RAN Working Group 4 Open Fronthaul Interfaces WG) Control, User and Synchronization Plane Specification, v 11.00, Release R003 (Mar. 2023); O-RAN Fronthaul Working Group 4 Cooperative Transport Interface Transport Control Plane Specification, v03.00 (Oct.
  • the ECT is and/or operates according to the Intel® Smart Edge Open framework (formerly known as OpenNESS) as discussed in Intel® Smart Edge Open Developer Guide, version 21.09 (30 Sep. 2021), available at: https://smart-edge- open.github.io/ (“[ISEO]”), the contents of which is hereby incorporated by reference in its entirety.
  • OpenNESS Intel® Smart Edge Open framework
  • [ISEO] the contents of which is hereby incorporated by reference in its entirety.
  • the ECT operates according to the Multi-Access Management Services (MAMS) framework as discussed in Kanugovi et al., Multi-Access Management Services (MAMS), INTERNET ENGINEERING TASK FORCE (IETF), Request for Comments (RFC) 8743 (Mar. 2020) (“[RFC8743]”), Ford et al., TCP Extensions for Multipath Operation with Multiple Addresses, IETF RFC 8684, (Mar.
  • MAMS Multi-Access Management Services
  • MAMS Multi-Access Management Services
  • IETF INTERNET ENGINEERING TASK FORCE
  • RFC Request for Comments
  • the interfaces of the 5GC 1040 include reference points and service-based interfaces.
  • the reference points include: N1 (between the UE 1002 and the AMF 1044), N2 (between RAN 1014 and AMF 1044), N3 (between RAN 1014 and UPF 1048), N4 (between the SMF 1046 and UPF 1048), N5 (between PCF 1056 and AF 1060), N6 (between UPF 1048 and DN 1036), N7 (between SMF 1046 and PCF 1056), N8 (between UDM 1058 and AMF 1044), N9 (between two UPFs 1048), N10 (between the UDM 1058 and the SMF 1046), Ni l (between the AMF 1044 and the SMF 1046), N12 (between AUSF 1042 and AMF 1044), N13 (between AUSF 1042 and UDM 1058), N14 (between two AMFs 1044; not shown), N15 (between PCF 1056 and AMF 1044 in case of a non-roaming scenario
  • the service-based representation of Figure 10 represents NFs within the control plane that enable other authorized NFs to access their services.
  • the service-based interfaces include: Namf (SBI exhibited by AMF 1044), Nsmf (SBI exhibited by SMF 1046), Nnef (SBI exhibited by NEF 1052), Npcf (SBI exhibited by PCF 1056), Nudm (SBI exhibited by the UDM 1058), Naf (SBI exhibited by AF 1060), Nnrf (SBI exhibited by NRF 1054), Nnssf (SBI exhibited by NSSF 1050), Nausf (SBI exhibited by AUSF 1042).
  • the system 1000 may also include NFs that are not shown such as, for example, UDR, Unstructured Data Storage Function (UDSF), Network Slice Admission Control Function (NSACF), Network Slice-specific and Stand-alone Non-Public Network (SNPN) Authentication and Authorization Function (NSSAAF), UE radio Capability Management Function (UCMF), 5G-Equipment Identity Register (5G-EIR), CHarging Function (CHF), Time Sensitive Networking (TSN) AF 1060, Time Sensitive Communication and Time Synchronization Function (TSCTSF), DCCF (e.g., DCCF 1063 in Figures 1, 2, and 3), Analytics Data Repository Function (ADRF) (e.g., ADRF 1066 in Figure 4), MFAF (e.g., MFAF 1065 in Figures 1, 2, and 3), Non-Seamless WLAN Offload Function (NSWOF), Service Communication Proxy (SCP), Security Edge Protection Proxy (SEPP), Non-3GPP InterWorking Function (N3IWF),
  • NFs
  • FIG 11 schematically illustrates a wireless network 1100.
  • the wireless network 1100 includes a UE 1102 in wireless communication with a NAN 1104.
  • the UE 1102 may be the same or similar to, and substantially interchangeable with any of the of the UEs discussed herein such as, for example, UE 1002, hardware resources 1200, and/or any other UE discussed herein.
  • the AN 1104 may be the same or similar to, and substantially interchangeable with any of the of the ANs (network access nodes (NANs)) discussed herein such as, for example, AP 1006, NANs 1014, RAN 1004, hardware resources 1200, and/or any other AN/NAN discussed herein.
  • NANs network access nodes
  • the UE 1102 may be communicatively coupled with the AN 1104 via connection 1106.
  • the connection YY06 is illustrated as an air interface to enable communicative coupling, and can be consistent with cellular communications protocols such as an LTE protocol or a 5G NR protocol operating at mmWave or sub-6GHz frequencies.
  • the UE 1102 includes a host platform 1108 coupled with a modem platform 1110.
  • the host platform 1108 includes application processing circuitry 1112, which may be coupled with protocol processing circuitry 1114 of the modem platform 1110.
  • the application processing circuitry 1112 may run various applications for the UE 1102 that source/ sink application data.
  • the application processing circuitry 1112 may further implement one or more layer operations to transmit/receive application data to/from a data network. These layer operations includes transport (for example UDP) and Internet (e.g., IP) operations
  • the protocol processing circuitry 1114 may implement one or more of layer operations to facilitate transmission or reception of data over the connection 1106.
  • the layer operations implemented by the protocol processing circuitry 1114 includes, for example, MAC, RLC, PDCP, RRC and NAS operations.
  • the modem platform 1110 may further include digital baseband circuitry 1116 that may implement one or more layer operations that are “below” layer operations performed by the protocol processing circuitry 1114 in a network protocol stack. These operations includes, for example, PHY operations including one or more of HARQ-ACK functions, scrambling/descrambling, encoding/decoding, layer mapping/de-mapping, modulation symbol mapping, received symbol/bit metric determination, multi-antenna port precoding/decoding, which includes one or more of space-time, space-frequency or spatial coding, reference signal generation/detection, preamble sequence generation and/or decoding, synchronization sequence generation/detection, control channel signal blind decoding, and other related functions.
  • PHY operations including one or more of HARQ-ACK functions, scrambling/descrambling, encoding/decoding, layer mapping/de-mapping, modulation symbol mapping, received symbol/bit metric determination, multi-antenna port precoding/decoding, which includes one or
  • the modem platform 1110 may further include transmit circuitry 1118, receive circuitry 1120, RF circuitry 1122, and RF front end (RFFE) 1124, which includes or connect to one or more antenna panels 1126.
  • the transmit circuitry 1118 includes a digital-to-analog converter, mixer, intermediate frequency (IF) components, etc.
  • the receive circuitry 1120 includes an anal og-to-digi tai converter, mixer, IF components, etc.
  • the RF circuitry 1122 includes a low-noise amplifier, a power amplifier, power tracking components, etc.
  • RFFE 1124 includes filters (e.g., surface/bulk acoustic wave filters), switches, antenna tuners, beamforming components (e.g., phase-array antenna components), etc.
  • transmit/receive components may be specific to details of a specific implementation such as, for example, whether communication is TDM or FDM, in mmWave or sub-6 gHz frequencies, etc.
  • the transmit/receive components may be arranged in multiple parallel transmit/receive chains, may be disposed in the same or different chips/modules, etc.
  • the protocol processing circuitry 1114 includes one or more instances of control circuitry (not shown) to provide control functions for the transmit/receive components.
  • a UE reception may be established by and via the antenna panels 1126, RFFE 1124, RF circuitry 1122, receive circuitry 1120, digital baseband circuitry 1116, and protocol processing circuitry 1114.
  • the antenna panels 1126 may receive a transmission from the AN 1104 by receive-beamforming signals received by a set of antennas/antenna elements of the one or more antenna panels 1126.
  • a UE transmission may be established by and via the protocol processing circuitry 1114, digital baseband circuitry 1116, transmit circuitry 1118, RF circuitry 1122, RFFE 1124, and antenna panels 1126.
  • the transmit components of the UE 1104 may apply a spatial filter to the data to be transmitted to form a transmit beam emitted by the antenna elements of the antenna panels 1126.
  • the AN 1104 includes a host platform 1128 coupled with a modem platform 1130.
  • the host platform 1128 includes application processing circuitry 1132 coupled with protocol processing circuitry 1134 of the modem platform 1130.
  • the modem platform may further include digital baseband circuitry 1136, transmit circuitry 1138, receive circuitry 1140, RF circuitry 1142, RFFE circuitry 1144, and antenna panels 1146.
  • the components of the AN 1104 may be similar to and substantially interchangeable with like-named components of the UE 1102.
  • the components of the AN 1108 may perform various logical functions that include, for example, RNC functions such as radio bearer management, UL and DL dynamic radio resource management, and data packet scheduling.
  • Examples of the antenna elements of the antenna panels 1126 and/or the antenna elements of the antenna panels 1146 include planar inverted-F antennas (PIFAs), monopole antennas, dipole antennas, loop antennas, patch antennas, Yagi antennas, parabolic dish antennas, omni-directional antennas, and/or the like.
  • PIFAs planar inverted-F antennas
  • monopole antennas dipole antennas
  • loop antennas loop antennas
  • patch antennas Yagi antennas
  • parabolic dish antennas parabolic dish antennas
  • omni-directional antennas and/or the like.
  • Figure 12 illustrates components capable of reading instructions from a machine-readable or computer-readable medium (e.g., a non-transitory machine-readable storage medium) and perform any one or more of the methodologies discussed herein.
  • Figure 12 shows a diagrammatic representation of hardware resources 1200 including one or more processors (or processor cores) 1210, one or more memory/ storage devices 1220, and one or more communication resources 1230, each of which may be communicatively coupled via a bus 1240 or other interface circuitry.
  • node virtualization e.g., NFV
  • a hypervisor 1202 may be executed to provide an execution environment for one or more network slices/sub -slices to utilize the hardware resources 1200.
  • the processors 1210 may include, for example, a processor 1212 and a processor 1214.
  • the processors 1210 may be, for example, a central processing unit (CPU), a reduced instruction set computing (RISC) processor, a complex instruction set computing (CISC) processor, a graphics processing unit (GPU), a DSP such as a baseband processor, an ASIC, an FPGA, a radio- frequency integrated circuit (RFIC), another processor (including those discussed herein), or any suitable combination thereof.
  • CPU central processing unit
  • RISC reduced instruction set computing
  • CISC complex instruction set computing
  • GPU graphics processing unit
  • DSP such as a baseband processor, an ASIC, an FPGA, a radio- frequency integrated circuit (RFIC), another processor (including those discussed herein), or any suitable combination thereof.
  • the memory/storage devices 1220 may include main memory, disk storage, or any suitable combination thereof.
  • the memory/storage devices 1220 may include, but are not limited to, any type of volatile, non-volatile, or semi-volatile memory such as dynamic random access memory (DRAM), static random access memory (SRAM), erasable programmable read-only memory (EPROM), electrically erasable programmable read-only memory (EEPROM), Flash memory, solid-state storage, etc.
  • DRAM dynamic random access memory
  • SRAM static random access memory
  • EPROM erasable programmable read-only memory
  • EEPROM electrically erasable programmable read-only memory
  • Flash memory solid-state storage, etc.
  • the communication resources 1230 may include interconnection or network interface controllers, components, or other suitable devices to communicate with one or more peripheral devices 1204 or one or more databases 1206 or other network elements via a network 1208.
  • the communication resources 1230 may include wired communication components (e.g., for coupling via USB, Ethernet, etc.), cellular communication components, NFC components, Bluetooth® (or Bluetooth® Low Energy) components, Wi-Fi® components, and other communication components.
  • Instructions 1250 may comprise software, a program, an application, an applet, an app, or other executable code for causing at least any of the processors 1210 to perform any one or more of the methodologies discussed herein.
  • the instructions 1250 may reside, completely or partially, within at least one of the processors 1210 (e.g., within the processor’s cache memory), the memory/storage devices 1220, or any suitable combination thereof.
  • any portion of the instructions 1250 may be transferred to the hardware resources 1200 from any combination of the peripheral devices 1204 or the databases 1206. Accordingly, the memory of processors 1210, the memory/storage devices 1220, the peripheral devices 1204, and the databases 1206 are examples of computer-readable and machine-readable media.
  • Figure 14 shows an example process to be performed by an ADRF 1066.
  • the process of Figure 14 includes identifying an indication of credentials related to access of an AI/ML model that is received from an NFc (1401); and authorizing access to the AI/ML model by the NFc based on the credentials (1402).
  • Figure 15 shows an example process to be performed by an MTLF 1062b.
  • the process of Figure 15 includes identifying that an NFc is to access an AI/ML model (1501); and transmitting authorization credentials related to the AI/ML model to the NFc (1502).
  • Figure 16 shows an example process to be performed by a VRF 762.
  • the process of Figure 16 includes identifying information related to an MTLF 1062b of a vendor (1601); and registering the MTLF 1062b based on the identified information (1602).
  • Figure 17 shows an example process to be performed by an NRF 1054.
  • the process of Figure 17 includes identifying an ML model file attribute included in an NF profile of an NWDAF-MTLF 1062b that indicates a list of ML model file serialization formats supported by the NWDAF-MTLF 1062b (1701); and registering the NWDAF-MTLF 1062b with the NRF 1054 based on the ML model file attribute (1701).
  • Example 1 includes a method to secure AI/ML models between an entity which produces an ML model and/or stores the ML model in Analytical Data Repository (ADRF) (e.g., NWDAF containing MtLF, NFp) and the entity which consumes the model (NFc).
  • ADRF Analytical Data Repository
  • Example 2 includes a method comprising an ADRF providing authorization for the NFc to retrieve that AI/ML model.
  • NF Service consumers shall be authorized to access the AI/ML models in the ADRF (or any other NF that may store the ML model, for instance, NWDAF MtLF).
  • Example 3 includes the method of example 2 and/or some other example(s) herein, wherein in which MTLF provides one-time credentials to access ML model to Consumer NF.
  • Example 4 includes the method of example 3 and/or some other example(s) herein: ADRF verifies the one-time credential to authorize Consumer NFs access to the ML model.
  • Example 5 may include method of examples 2-4 and/or some other example(s) herein: Consumer NF generates a unique public/private key using an Authorization token from NRF.
  • Example 6 includes the method of example 5 and/or some other example(s) herein, wherein in which Consumer NF uses token from NRF as a certificate chain.
  • Example 7 includes the method of examples 5-6 and/or some other example(s) herein, wherein: Consumer NF sends the public key to the ADRF for verification, which verifies using a token-based certificate chain.
  • Example 8 includes the method of examples 1-7 and/or some other example(s) herein, in which MTLF generates a symmetric key and encrypts the Al model before sending it to store in ADRF
  • Example 9 includes the method of examples 1-8 and/or some other example(s) herein, wherein in which ADRF generates a symmetric and encrypts the ML model and sends the encrypted model and key to consumer NF.
  • Example 11 includes the method of example 10 and/or some other example(s) herein, wherein the AI/ML model is stored in the ADRF, and/or another network function such as a network data analytics function (NWDAF) model training logical function (MTLF) if the network.
  • NWDAAF network data analytics function
  • MTLF model training logical function
  • Example 12 includes the method of any of examples 10-11 and/or some other example(s) herein, wherein the credentials are provided by the MTLF.
  • Example 13 includes the method of any of examples 10-12 and/or some other example(s) herein, wherein the credentials are one-time credentials.
  • Example 14 includes the method of any of examples 10-13 and/or some other example(s) herein, wherein the ADRF is to verify the indication of the credentials.
  • Example 15 includes the method of any of examples 10-14 and/or some other example(s) herein, wherein the ADRF is to transmit an indication of verification of the credentials to one or both of the NFc or the MTLF.
  • Example 16 may include a method to be performed by an analytical data repository function (ADRF) of a network, one or more elements of the ADRF, and/or an electronics device that includes or implements one or more elements of the ADRF, wherein the method comprises: identifying, received from a network function consumer (NFc) of the network, an indication of credentials related to access of an artificial intelligence/machine learning (AI/ML) model; and authorizing, based on the credentials, access to the AI/ML model by the NFc.
  • ADRF analytical data repository function
  • NFc network function consumer
  • AI/ML artificial intelligence/machine learning
  • Example 18 includes the method of any of examples 16-17 and/or some other exampl e(s) herein, wherein the credentials are provided by the MTLF to the NFc.
  • Example 19 includes the method of any of examples 16-18 and/or some other exampl e(s) herein, wherein the credentials are one-time credentials.
  • Example 22 includes the method of example 21 and/or some other example(s) herein, wherein the AI/ML model is stored in an analytical data repository function (ADRF) of the network, and/or another network function such as the MTLF.
  • ADRF analytical data repository function
  • Example 23 includes the method of any of examples 21-22 and/or some other example(s) herein, wherein the credentials are one-time credentials.
  • Example 24 includes the method of any of examples 21-23 and/or some other exampl e(s) herein, wherein the ADRF is to verify the indication of the credentials.
  • Example 25 includes the method of any of examples 21-24 and/or some other exampl e(s) herein, wherein the ADRF is to transmit an indication of verification of the credentials to one or both of the NFc or the MTLF.
  • Example 26 includes a method of operating a Vendor Repository Function (VRF) to register an MTLF from same or different vendors.
  • VRF Vendor Repository Function
  • Example 27 includes the method of example 26 and/or some other example(s) herein, wherein the VRF is a logical function and co-located with an NRF.
  • Example 28 includes the method of example 26 and/or some other example(s) herein, wherein the VRF is a new network function separate from an NRF.
  • Example 29 includes the method of example 28 and/or some other example(s) herein, wherein NF state management is handled by the NRF for MTLF, but registration of NF profile is also done with the VRF.
  • Example 30 includes the method of examples 26-29 and/or some other example(s) herein, wherein VRF handles policy and authorization for accessing an MTLF from the same or different vendors.
  • Example 31 includes the method of examples 26-30 and/or some other example(s) herein, wherein the VRF provides an access token to NF consumer (e.g., MTLF) with the scope of the access, validity, and/or the like.
  • NF consumer e.g., MTLF
  • Example 32 includes a method of operating an NWDAF containing MTLF that includes interoperability support per analytics ID parameter indicating whether a service producer NWDAF containing MTLF has support for ML model interoperability in an Nnrf NFManagement NF Register sent to an NRF.
  • Example 33 includes the method of example 32 and/or some other example(s) herein, wherein the NWDAF containing MTLF invokes an Nnrf_NfDiscovery_Request including ML model file serialization format(s) supported for trained ML model(s) in the ML model filter information, and interoperability support.
  • Example 34 includes the method of example 33 and/or some other example(s) herein, wherein the NRF determines a set of NWDAF containing MTLF instance(s) matching at least one of the ML model file serialization formats and interoperability support in Nnrf_NFDi scovery_Request.
  • Example 35 includes a method to be performed by a vendor repository function (VRF), wherein the method comprises: identifying information related to a model training logical function (MTLF) of a vendor; and registering the MTLF.
  • VRF vendor repository function
  • Example 36 includes a method, comprising: identifying a machine learning (ML) model file attribute included in a network function (NF) profile of a network data analytics function (NWDAF) that contains a model training logical function (MTLF) that indicates a list of the supported ML model file serialization formats; and registering with a NF repository function (NRF) based on the ML model file attribute.
  • ML machine learning
  • NWDAF network data analytics function
  • NDF model training logical function
  • Example 37 includes the method of example 36 and/or some other example(s) herein, wherein the method is performed by an NF repository function (NRF).
  • NEF NF repository function
  • Example Z01 may include an apparatus comprising means to perform one or more elements of a method described in or related to any of examples 1-37, or any other method or process described herein.
  • Example Z02 may include one or more non-transitory computer-readable media comprising instructions to cause an electronic device, upon execution of the instructions by one or more processors of the electronic device, to perform one or more elements of a method described in or related to any of examples 1-37, or any other method or process described herein.
  • Example Z04 may include a method, technique, or process as described in or related to any of examples 1-37, or portions or parts thereof.
  • Example Z05 may include an apparatus comprising: one or more processors and one or more computer-readable media comprising instructions that, when executed by the one or more processors, cause the one or more processors to perform the method, techniques, or process as described in or related to any of examples 1-37, or portions thereof.
  • Example Z06 may include a signal as described in or related to any of examples 1-37, or portions or parts thereof.
  • Example Z07 may include a datagram, packet, frame, segment, protocol data unit (PDU), or message as described in or related to any of examples 1-37, or portions or parts thereof, or otherwise described in the present disclosure.
  • PDU protocol data unit
  • Example Z08 may include a signal encoded with data as described in or related to any of examples 1-37, or portions or parts thereof, or otherwise described in the present disclosure.
  • Example Z09 may include a signal encoded with a datagram, packet, frame, segment, protocol data unit (PDU), or message as described in or related to any of examples 1-37, or portions or parts thereof, or otherwise described in the present disclosure.
  • PDU protocol data unit
  • Example Z10 may include an electromagnetic signal carrying computer-readable instructions, wherein execution of the computer-readable instructions by one or more processors is to cause the one or more processors to perform the method, techniques, or process as described in or related to any of examples 1-37, or portions thereof.
  • Example Z13 may include a method of communicating in a wireless network as shown and described herein.
  • Example Z14 may include a system for providing wireless communication as shown and described herein.
  • Example Z15 may include a device for providing wireless communication as shown and described herein.
  • the phrase “A, B, and/or C” means (A), (B), (C), (A and B), (A and C), (B and C), or (A, B and C).
  • the phrase “X(s)” means one or more X or a set of X.
  • the description may use the phrases “in an embodiment,” “In some embodiments,” “in one implementation,” “In some implementations,” “in some examples”, and the like, each of which may refer to one or more of the same or different embodiments, implementations, and/or examples.
  • the terms “comprising,” “including,” “having,” and the like, as used with respect to the present disclosure are synonymous.
  • master or “grandmaster” may be substituted with any of the following terms “main”, “source”, “primary”, “initiator”, “requestor”, “transmitter”, “host”, “maestro”, “controller”, “provider”, “producer”, “client”, “source”, “mix”, “parent”, “chief’, “manager”, “reference” (e.g., as in “reference clock” or the like), and/or the like.
  • slave may be substituted with any of the following terms “receiver”, “secondary”, “subordinate”, “replica”, target”, “responder”, “device”, “performer”, “agent”, “standby”, “consumer”, “peripheral”, “follower”, “server”, “child”, “helper”, “worker”, “node”, and/or the like.
  • Coupled may mean two or more elements are in direct physical or electrical contact with one another, may mean that two or more elements indirectly contact each other but still cooperate or interact with each other, and/or may mean that one or more other elements are coupled or connected between the elements that are said to be coupled with each other.
  • directly coupled may mean that two or more elements are in direct contact with one another.
  • communicatively coupled may mean that two or more elements may be in contact with one another by a means of communication including through a wire or other interconnect connection, through a wireless communication channel or ink, and/or the like.
  • establish or “establishment” at least in some examples refers to (partial or in full) acts, tasks, operations, and the like, related to bringing or the readying the bringing of something into existence either actively or passively (e.g., exposing a device identity or entity identity). Additionally or alternatively, the term “establish” or “establishment” at least in some examples refers to (partial or in full) acts, tasks, operations, and the like, related to initiating, starting, or warming communication or initiating, starting, or warming a relationship between two entities or elements (e.g., establish a session, establish a session, and the like).
  • the term “establish” or “establishment” at least in some examples refers to initiating something to a state of working readiness.
  • the term “established” at least in some examples refers to a state of being operational or ready for use (e.g., full establishment).
  • any definition for the term “establish” or “establishment” defined in any specification or standard can be used for purposes of the present disclosure and such definitions are not disavowed by any of the aforementioned definitions.
  • the term “obtain” at least in some examples refers to (partial or in full) acts, tasks, operations, and the like, of intercepting, movement, copying, retrieval, or acquisition (e.g., from a memory, an interface, or a buffer), on the original packet stream or on a copy (e.g., a new instance) of the packet stream.
  • Other aspects of obtaining or receiving may involving instantiating, enabling, or controlling the ability to obtain or receive a stream of packets (or the following parameters and templates or template values).
  • the term “receipt” at least in some examples refers to any action (or set of actions) involved with receiving or obtaining an object, data, data unit, and the like, and/or the fact of the object, data, data unit, and the like being received.
  • the term “receipt” at least in some examples refers to an object, data, data unit, and the like, being pushed to a device, system, element, and the like (e.g., often referred to as a push model), pulled by a device, system, element, and the like (e.g., often referred to as a pull model), and/or the like.
  • element at least in some examples refers to a unit that is indivisible at a given level of abstraction and has a clearly defined boundary, wherein an element may be any type of entity including, for example, one or more devices, systems, controllers, network elements, modules, engines, components, and so forth, or combinations thereof.
  • entity at least in some examples refers to a distinct element of a component, architecture, platform, device, and/or system. Additionally or alternatively, the term “entity” at least in some examples refers to information transferred as a payload.
  • the term “measurement” at least in some examples refers to the observation and/or quantification of attributes of an object, event, or phenomenon. Additionally or alternatively, the term “measurement” at least in some examples refers to a set of operations having the object of determining a measured value or measurement result, and/or the actual instance or execution of operations leading to a measured value. Additionally or alternatively, the term “measurement” at least in some examples refers to data recorded during testing.
  • the term “metric” at least in some examples refers to a quantity produced in an assessment of a measured value. Additionally or alternatively, the term “metric” at least in some examples refers to data derived from a set of measurements.
  • the term “metric” at least in some examples refers to set of events combined or otherwise grouped into one or more values. Additionally or alternatively, the term “metric” at least in some examples refers to a combination of measures or set of collected data points. Additionally or alternatively, the term “metric” at least in some examples refers to a standard definition of a quantity, produced in an assessment of performance and/or reliability of the network, which has an intended utility and is carefully specified to convey the exact meaning of a measured value.
  • signal at least in some examples refers to an observable change in a quality and/or quantity. Additionally or alternatively, the term “signal” at least in some examples refers to a function that conveys information about of an object, event, or phenomenon. Additionally or alternatively, the term “signal” at least in some examples refers to any time varying voltage, current, or electromagnetic wave that may or may not carry information.
  • digital signal at least in some examples refers to a signal that is constructed from a discrete set of waveforms of a physical quantity so as to represent a sequence of discrete values.
  • ego (as in, e.g., “ego device”) and “subject” (as in, e.g., “data subject”) at least in some examples refers to an entity, element, device, system, and the like, that is under consideration or being considered.
  • subject as in, e.g., “data subject”
  • neighbor and “proximate” at least in some examples refers to an entity, element, device, system, and the like, other than an ego device or subject device.
  • identifier at least in some examples refers to a value, or a set of values, that uniquely identify an identity in a certain scope. Additionally or alternatively, the term “identifier” at least in some examples refers to a sequence of characters that identifies or otherwise indicates the identity of a unique object, element, or entity, or a unique class of objects, elements, or entities. Additionally or alternatively, the term “identifier” at least in some examples refers to a sequence of characters used to identify or refer to an application, program, session, object, element, entity, variable, set of data, and/or the like.
  • sequence of characters mentioned previously at least in some examples refers to one or more names, labels, words, numbers, letters, symbols, and/or any combination thereof.
  • identifier at least in some examples refers to a name, address, label, distinguishing index, and/or attribute. Additionally or alternatively, the term “identifier” at least in some examples refers to an instance of identification.
  • persistent identifier at least in some examples refers to an identifier that is reused by a device or by another device associated with the same person or group of persons for an indefinite period.
  • identity at least in some examples refers to a process of recognizing an identity as distinct from other identities in a particular scope or context, which may involve processing identifiers to reference an identity in an identity database.
  • app identifier refers to an identifier that can be mapped to a specific application, application instance, or application instance.
  • an “application identifier” at least in some examples refers to an identifier that can be mapped to a specific application traffic detection rule.
  • circuitry at least in some examples refers to a circuit or system of multiple circuits configured to perform a particular function in an electronic device.
  • the circuit or system of circuits may be part of, or include one or more hardware components, such as a logic circuit, a processor (shared, dedicated, or group) and/or memory (shared, dedicated, or group), an application-specific integrated circuit (ASIC), field-programmable gate array (FPGA), programmable logic controller (PLC), single-board computer (SBC), system on chip (SoC), system in package (SiP), multi-chip package (MCP), digital signal processor (DSP), and the like, that are configured to provide the described functionality.
  • ASIC application-specific integrated circuit
  • FPGA field-programmable gate array
  • PLC programmable logic controller
  • SBC single-board computer
  • SoC system on chip
  • SiP system in package
  • MCP multi-chip package
  • DSP digital signal processor
  • circuitry may also refer to a combination of one or more hardware elements with the program code used to carry out the functionality of that program code. Some types of circuitry may execute one or more software or firmware programs to provide at least some of the described functionality. Such a combination of hardware elements and program code may be referred to as a particular type of circuitry.
  • processor circuitry at least in some examples refers to, is part of, or includes circuitry capable of sequentially and automatically carrying out a sequence of arithmetic or logical operations, or recording, storing, and/or transferring digital data.
  • processor circuitry at least in some examples refers to one or more application processors, one or more baseband processors, a physical CPU, a single-core processor, a dual-core processor, a triple-core processor, a quad-core processor, and/or any other device capable of executing or otherwise operating computer-executable instructions, such as program code, software modules, and/or functional processes.
  • application circuitry and/or “baseband circuitry” may be considered synonymous to, and may be referred to as, “processor circuitry.”
  • memory and/or “memory circuitry” at least in some examples refers to one or more hardware devices for storing data, including random access memory (RAM), static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), magnetoresistive RAM (MRAM), conductive bridge Random Access Memory (CB-RAM), spin transfer torque (STT)- MRAM, phase change RAM (PRAM), core memory, read-only memory (ROM), programmable ROM (PROM), erasable PROM (EPROM), electrically EPROM (EEPROM), flash memory, nonvolatile RAM (NVRAM), magnetic disk storage mediums, optical storage mediums, flash memory devices or other machine readable mediums for storing data.
  • computer- readable medium includes, but is not limited to, memory, portable or fixed storage devices, optical storage devices, and various other mediums capable of storing, containing or carrying instructions or data.
  • interface circuitry at least in some examples refers to, is part of, or includes circuitry that enables the exchange of information between two or more components or devices.
  • interface circuitry at least in some examples refers to one or more hardware interfaces, for example, buses, I/O interfaces, peripheral component interfaces, network interface cards, and/or the like.
  • infrastructure processing unit or “IPU” at least in some examples refers to an advanced networking device with hardened accelerators and network connectivity (e.g., Ethernet or the like) that accelerates and manages infrastructure functions using tightly coupled, dedicated, programmable cores.
  • an IPU offers full infrastructure offload and provides an extra layer of security by serving as a control point of a host for running infrastructure applications.
  • An IPU is capable of offloading the entire infrastructure stack from the host and can control how the host attaches to this infrastructure. This gives service providers an extra layer of security and control, enforced in hardware by the IPU.
  • the term “device” at least in some examples refers to a physical entity embedded inside, or attached to, another physical entity in its vicinity, with capabilities to convey digital information from or to that physical entity.
  • the term “controller” at least in some examples refers to an element or entity that has the capability to affect a physical entity, such as by changing its state or causing the physical entity to move.
  • the term “scheduler” at least in some examples refers to an entity or element that assigns resources (e.g., processor time, network links, memory space, and/or the like) to perform tasks.
  • network scheduler at least in some examples refers to a node, element, or entity that manages network packets in transmit and/or receive queues of one or more protocol stacks of network access circuitry (e.g., a network interface controller (NIC), baseband processor, and the like).
  • network scheduler at least in some examples can be used interchangeably with the terms “packet scheduler”, “queueing discipline” or “qdisc”, and/or “queueing algorithm”.
  • terminal at least in some examples refers to point at which a conductor from a component, device, or network comes to an end. Additionally or alternatively, the term “terminal” at least in some examples refers to an electrical connector acting as an interface to a conductor and creating a point where external circuits can be connected. In some examples, terminals may include electrical leads, electrical connectors, electrical connectors, solder cups or buckets, and/or the like.
  • compute node or “compute device” at least in some examples refers to an identifiable entity implementing an aspect of computing operations, whether part of a larger system, distributed collection of systems, or a standalone apparatus.
  • a compute node may be referred to as a “computing device”, “computing system”, or the like, whether in operation as a client, server, or intermediate entity.
  • Specific implementations of a compute node may be incorporated into a server, base station, gateway, road side unit, on-premise unit, user equipment, end consuming device, appliance, or the like.
  • the term “node” at least in some examples refers to and/or is interchangeable with the terms “device”, “component”, “sub-system”, and/or the like.
  • computer system at least in some examples refers to any type interconnected electronic devices, computer devices, or components thereof. Additionally, the terms “computer system” and/or “system” at least in some examples refer to various components of a computer that are communicatively coupled with one another. Furthermore, the term “computer system” and/or “system” at least in some examples refer to multiple computer devices and/or multiple computing systems that are communicatively coupled with one another and configured to share computing and/or networking resources.
  • server at least in some examples refers to a computing device or system, including processing hardware and/or process space(s), an associated storage medium such as a memory device or database, and, in some instances, suitable application(s) as is known in the art.
  • server system and “server” may be used interchangeably herein, and these terms at least in some examples refers to one or more computing system(s) that provide access to a pool of physical and/or virtual resources.
  • the various servers discussed herein include computer devices with rack computing architecture component(s), tower computing architecture component(s), blade computing architecture component(s), and/or the like.
  • the servers may represent a cluster of servers, a server farm, a cloud computing service, or other grouping or pool of servers, which may be located in one or more datacenters.
  • the servers may also be connected to, or otherwise associated with, one or more data storage devices (not shown).
  • the servers includes an operating system (OS) that provides executable program instructions for the general administration and operation of the individual server computer devices, and includes a computer- readable medium storing instructions that, when executed by a processor of the servers, may allow the servers to perform their intended functions.
  • OS operating system
  • Suitable implementations for the OS and general functionality of servers are known or commercially available, and are readily implemented by persons having ordinary skill in the art.
  • platform at least in some examples refers to an environment in which instructions, program code, software elements, and the like can be executed or otherwise operate, and examples of such an environment include an architecture (e.g., a motherboard, a computing system, and/or the like), one or more hardware elements (e.g., embedded systems, and the like), a cluster of compute nodes, a set of distributed compute nodes or network, an operating system, a virtual machine (VM), a virtualization container, a software framework, a client application (e.g., web browser or the like) and associated application programming interfaces, a cloud computing service (e.g., platform as a service (PaaS)), or other underlying software executed with instructions, program code, software elements, and the like.
  • an architecture e.g., a motherboard, a computing system, and/or the like
  • hardware elements e.g., embedded systems, and the like
  • VM virtual machine
  • client application e.g., web browser or the like
  • cloud computing service e.
  • architecture at least in some examples refers to a computer architecture or a network architecture.
  • computer architecture at least in some examples refers to a physical and logical design or arrangement of software and/or hardware elements in a computing system or platform including technology standards for interacts therebetween.
  • network architecture at least in some examples refers to a physical and logical design or arrangement of software and/or hardware elements in a network including communication protocols, interfaces, and media transmission.
  • appliance refers to a computer device or computer system with program code (e.g., software or firmware) that is specifically designed to provide a specific computing resource.
  • virtual appliance at least in some examples refers to a virtual machine image to be implemented by a hypervisor- equipped device that virtualizes or emulates a computer appliance or otherwise is dedicated to provide a specific computing resource.
  • security appliance at least in some examples refers to a computer appliance designed to protect computer networks from unwanted traffic and/or malicious attacks.
  • policy appliance at least in some examples refers to technical control and logging mechanisms to enforce or reconcile policy rules (information use rules) and to ensure accountability in information systems.
  • gateway at least in some examples refers to a network appliance that allows data to flow from one network to another network, or a computing system or application configured to perform such tasks.
  • gateways include IP gateways, Intemet-to-Orbit (120) gateways, loT gateways, cloud storage gateways, and/or the like.
  • user equipment at least in some examples refers to a device with radio communication capabilities and may describe a remote user of network resources in a communications network.
  • the term “user equipment” or “UE” may be considered synonymous to, and may be referred to as, client, mobile, mobile device, mobile terminal, user terminal, mobile unit, station, mobile station, mobile user, subscriber, user, remote station, access agent, user agent, receiver, radio equipment, reconfigurable radio equipment, reconfigurable mobile device, and the like.
  • user equipment or “UE” includes any type of wireless/wired device or any computing device including a wireless communications interface.
  • Examples of UEs, client devices, and the like include desktop computers, workstations, laptop computers, mobile data terminals, smartphones, tablet computers, wearable devices, machine-to-machine (M2M) devices, machine-type communication (MTC) devices, Internet of Things (loT) devices, embedded systems, sensors, autonomous vehicles, drones, robots, in-vehicle infotainment systems, instrument clusters, onboard diagnostic devices, dashtop mobile equipment, electronic engine management systems, electronic/engine control units/modules, microcontrollers, control module, server devices, network appliances, head-up display (HUD) devices, helmet-mounted display devices, augmented reality (AR) devices, virtual reality (VR) devices, mixed reality (MR) devices, and/or other like systems or devices.
  • M2M machine-to-machine
  • MTC machine-type communication
  • LoT Internet of Things
  • embedded systems embedded systems
  • sensors autonomous vehicles
  • drones drones
  • robots in-vehicle infotainment systems
  • instrument clusters on
  • station at least in some examples refers to a logical entity that is a singly addressable instance of a medium access control (MAC) and physical layer (PHY) interface to the wireless medium (WM).
  • wireless medium at least in some examples refers to the medium used to implement the transfer of protocol data units (PDUs) between peer physical layer (PHY) entities of a wireless local area network (LAN).
  • PDUs protocol data units
  • network element at least in some examples refers to physical or virtualized equipment and/or infrastructure used to provide wired or wireless communication network services.
  • network element may be considered synonymous to and/or referred to as a networked computer, networking hardware, network equipment, network node, router, switch, hub, bridge, radio network controller, network access node (NAN), base station, access point (AP), RAN device, RAN node, gateway, server, network appliance, network function (NF), virtualized NF (VNF), and/or the like.
  • network controller at least in some examples refers to a functional block that centralizes some or all of the control and management functionality of a network domain and may provide an abstract view of the network domain to other functional blocks via an interface.
  • network access node at least in some examples refers to a network element in a radio access network (RAN) responsible for the transmission and reception of radio signals in one or more cells or coverage areas to or from a UE or station.
  • RAN radio access network
  • a “network access node” or “NAN” can have an integrated antenna or may be connected to an antenna array by feeder cables.
  • a “network access node” or “NAN” includes specialized digital signal processing, network function hardware, and/or compute hardware to operate as a compute node.
  • a “network access node” or “NAN” may be split into multiple functional blocks operating in software for flexibility, cost, and performance.
  • a “network access node” or “NAN” may be a base station (e.g., an evolved Node B (eNB) or a next generation Node B (gNB)), an access point and/or wireless network access point, router, switch, hub, radio unit or remote radio head, Transmission Reception Point (TRxP), a gateway device (e.g., Residential Gateway, Wireline 5G Access Network, Wireline 5G Cable Access Network, Wireline BBF Access Network, and the like), network appliance, and/or some other network access hardware.
  • the term “access point” or “AP” at least in some examples refers to an entity that contains one station (STA) and provides access to the distribution services, via the wireless medium (WM) for associated STAs.
  • An AP comprises a STA and a distribution system access function (DSAF).
  • DSAF distribution system access function
  • cell at least in some examples refers to a radio network object that can be uniquely identified by a UE from an identifier (e.g., cell ID) that is broadcasted over a geographical area from a network access node (NAN). Additionally or alternatively, the term “cell” at least in some examples refers to a geographic area covered by a NAN.
  • serving cell at least in some examples refers to a primary cell (PCell) for a UE in a connected mode or state (e.g., RRC CONNECTED) and not configured with carrier aggregation (CA) and/or dual connectivity (DC).
  • PCell primary cell
  • CA carrier aggregation
  • DC dual connectivity
  • the term “special cell” or “SpCell” at least in some examples refers to a PCell for non-DC operation or refers to a PCell of an MCG or a PSCell of an SCG for DC operation.
  • the term “Master Cell Group” or “MCG” at least in some examples refers to a group of serving cells associated with a “Master Node” comprising a SpCell (PCell) and optionally one or more SCells.
  • the term “Secondary Cell Group” or “SCG” at least in some examples refers to a subset of serving cells comprising a Primary SCell (PSCell) and zero or more SCells for a UE configured with DC.
  • PSCell Primary SCell
  • Primary SCG Cell refers to the SCG cell in which a UE performs random access when performing a reconfiguration with sync procedure for DC operation.
  • the term “handover” at least in some examples refers to the transfer of a user's connection from one radio channel to another (can be the same or different cell). Additionally or alternatively, the term “handover” at least in some examples refers to the process in which a radio access network changes the radio transmitters, radio access mode, and/or radio system used to provide the bearer services, while maintaining a defined bearer service QoS.
  • Master Node or “MN” at least in some examples refers to a NAN that provides control plane connection to a core network.
  • Secondary Node or “SN” at least in some examples refers to a NAN providing resources to the UE in addition to the resources provided by an MN and/or a NAN with no control plane connection to a core network.
  • E-UTEAN NodeB refers to a RAN node providing E-UTRA user plane (e.g., PDCP, RLC, MAC, PHY) and control plane (e.g., RRC) protocol terminations towards a UE, and connected via an SI interface to the Evolved Packet Core (EPC).
  • EPC Evolved Packet Core
  • Two or more eNBs are interconnected with each other (and/or with one or more en-gNBs) by means of an X2 interface.
  • next generation eNB or “ng-eNB” at least in some examples refers to a RAN node providing E-UTRA user plane and control plane protocol terminations towards a UE, and connected via the NG interface to the 5GC.
  • Two or more ng-eNBs are interconnected with each other (and/or with one or more gNBs) by means of an Xn interface.
  • Next Generation NodeB “gNodeB”, or “gNB” at least in some examples refers to a RAN node providing NR user plane and control plane protocol terminations towards a UE, and connected via the NG interface to the 5GC.
  • E-UTRA-NR gNB or “en-gNB” at least in some examples refers to a RAN node providing NR user plane and control plane protocol terminations towards a UE, and acting as a Secondary Node in E-UTRA-NR Dual Connectivity (EN-DC) scenarios (see e.g., 3GPP TS 37.340 V17.0.0 (2022-04-15) (“[TS37340]”)).
  • EN-DC E-UTRA-NR Dual Connectivity
  • Two or more en-gNBs are interconnected with each other (and/or with one or more eNBs) by means of an X2 interface.
  • next Generation RAN node or “NG-RAN node” at least in some examples refers to either a gNB or an ng-eNB.
  • NG-RAN node at least in some examples refers to either a gNB or an ng-eNB.
  • lAB-node at least in some examples refers to a RAN node that supports new radio (NR) access links to user equipment (UEs) and NR backhaul links to parent nodes and child nodes.
  • UEs user equipment
  • lAB-donor at least in some examples refers to a RAN node (e.g., a gNB) that provides network access to UEs via a network of backhaul and access links.
  • Transmission Reception Point at least in some examples refers to an antenna array with one or more antenna elements available to a network located at a specific geographical location for a specific area.
  • Central Unit or “CU” at least in some examples refers to a logical node hosting radio resource control (RRC), Service Data Adaptation Protocol (SDAP), and/or Packet Data Convergence Protocol (PDCP) protocol s/1 ay ers of an NG- RAN node, or RRC and PDCP protocols of the en-gNB that controls the operation of one or more DUs; a CU terminates an Fl interface connected with a DU and may be connected with multiple DUs.
  • RRC radio resource control
  • SDAP Service Data Adaptation Protocol
  • PDCP Packet Data Convergence Protocol
  • the term “Distributed Unit” or “DU” at least in some examples refers to a logical node hosting Backhaul Adaptation Protocol (BAP), Fl application protocol (Fl AP), radio link control (RLC), medium access control (MAC), and physical (PHY) layers of the NG-RAN node or en- gNB, and its operation is partly controlled by a CU; one DU supports one or multiple cells, and one cell is supported by only one DU; and a DU terminates the Fl interface connected with a CU.
  • the term “Radio Unit” or “RU” at least in some examples refers to a logical node hosting PHY layer or Low-PHY layer and radiofrequency (RF) processing based on a lower layer functional split.
  • split architecture at least in some examples refers to an architecture in which an CU, DU, and/or RU are physically separated from one another. Additionally or alternatively, the term “split architecture” at least in some examples refers to a RAN architecture such as those discussed in 3GPP TS 38.401 vl7.4.0 (2023-04-03) (“[TS38401]”), 3GPP TS 38.410 v 17.1.0 (2022-06-23), and 3GPP TS 38.473 vl7.4.1 (2023-04-05) (“[TS38473]”) the contents of each of which are hereby incorporated by reference in their entireties.
  • integrated architecture at least in some examples refers to an architecture in which an RU and DU are implemented on one platform, and/or an architecture in which a DU and a CU are implemented on one platform.
  • the term “Residential Gateway” or “RG” at least in some examples refers to a device providing, for example, voice, data, broadcast video, video on demand, to other devices in customer premises.
  • the term “Wireline 5G Access Network” or “W-5GAN” at least in some examples refers to a wireline AN that connects to a 5GC via N2 and N3 reference points.
  • the W- 5GAN can be either a W-5GBAN or W-5GCAN.
  • the term “Wireline 5G Cable Access Network” or “W-5GCAN” at least in some examples refers to an Access Network defined in/by CableLabs.
  • Wi-BBF Access Network or “W-5GBAN” at least in some examples refers to an Access Network defined in/by the Broadband Forum (BBF).
  • BBF Broadband Forum
  • W-AGF Wireless Advanced Network Gateway Function
  • W-AGF Wireless Advanced Network Gateway Function
  • 5GC 3GPP 5G Core network
  • 5G-RG at least in some examples refers to an RG capable of connecting to a 5GC playing the role of a user equipment with regard to the 5GC; it supports secure element and exchanges N1 signaling with 5GC.
  • the 5G-RG can be either a 5G-BRG or 5G-CRG.
  • SMTC refers to an SSB-based measurement timing configuration configured by SSB-MeasurementTimingConfiguration.
  • SSB refers to an SS/PBCH block.
  • Primary Cell refers to the MCG cell, operating on the primary frequency, in which the UE either performs the initial connection establishment procedure or initiates the connection re-establishment procedure.
  • Primary SCG Cell refers to the SCG cell in which the UE performs random access when performing the Reconfiguration with Sync procedure for DC operation.
  • Secondary Cell refers to a cell providing additional radio resources on top of a Special Cell for a UE configured with CA.
  • Secondary Cell Group refers to the subset of serving cells comprising the PSCell and zero or more secondary cells for a UE configured with DC.
  • the term “Serving Cell” refers to the primary cell for a UE in RRC CONNECTED not configured with CA/DC there is only one serving cell comprising of the primary cell.
  • the term “serving cell” or “serving cells” refers to the set of cells comprising the Special Cell(s) and all secondary cells for a UE in RRC CONNECTED configured with CA.
  • the term “Special Cell” refers to the PCell of the MCG or the PSCell of the SCG for DC operation; otherwise, the term “Special Cell” refers to the Pcell.
  • edge computing at least in some examples refers to an implementation or arrangement of distributed computing elements that move processing activities and resources (e.g., compute, storage, acceleration, and/or network resources) towards the “edge” of the network in an effort to reduce latency and increase throughput for endpoint users (client devices, user equipment, and the like). Additionally or alternatively, term “edge computing” at least in some examples refers to a set of services hosted relatively close to a client/UE’s access point of attachment to a network to achieve relatively efficient service delivery through reduced end-to- end latency and/or load on the transport network. In some examples, edge computing implementations involve the offering of services and/or resources in a cloud-like systems, functions, applications, and subsystems, from one or multiple locations accessible via wireless networks.
  • processing activities and resources e.g., compute, storage, acceleration, and/or network resources
  • edge computing at least in some examples refers to a set of services hosted relatively close to a client/UE’s access point of attachment to a network to achieve relatively efficient service delivery through reduced end
  • edge computing at least in some examples refers to the concept, as described in [TS23501], that enables operator and 3rd party services to be hosted close to a UE's access point of attachment, to achieve an efficient service delivery through the reduced end-to-end latency and load on the transport network.
  • edge compute node or “edge compute device” at least in some examples refers to an identifiable entity implementing an aspect of edge computing operations, whether part of a larger system, distributed collection of systems, or a standalone apparatus.
  • a compute node may be referred to as a “edge node”, “edge device”, “edge system”, whether in operation as a client, server, or intermediate entity.
  • edge compute node at least in some examples refers to a real-world, logical, or virtualized implementation of a compute-capable element in the form of a device, gateway, bridge, system or subsystem, component, whether operating in a server, client, endpoint, or peer mode, and whether located at an “edge” of an network or at a connected location further within the network, however, references to an “edge computing system” generally refer to a distributed architecture, organization, or collection of multiple nodes and devices, and which is organized to accomplish or offer some aspect of services or resources in an edge computing setting.
  • edge computing platform or “edge platform” at least in some examples refers to a collection of functionality that is used to instantiate, execute, or run edge applications on a specific edge compute node (e.g., virtualization infrastructure and/or the like), enable such edge applications to provide and/or consume edge services, and/or otherwise provide one or more edge services.
  • edge application or “edge app” at least in some examples refers to an application that can be instantiated on, or executed by, an edge compute node within an edge computing network, system, or framework, and can potentially provide and/or consume edge computing services.
  • edge service at least in some examples refers to a service provided via an edge compute node and/or edge platform, either by the edge platform itself and/or by an edge application.
  • cloud computing or “cloud” at least in some examples refers to a paradigm for enabling network access to a scalable and elastic pool of shareable computing resources with self- service provisioning and administration on-demand and without active management by users.
  • Cloud computing provides cloud computing services (or cloud services), which are one or more capabilities offered via cloud computing that are invoked using a defined interface (e.g., an API or the like).
  • network function or “NF” at least in some examples refers to a functional block within a network infrastructure that has one or more external interfaces and a defined functional behavior.
  • network instance at least in some examples refers to information identifying a domain; in some examples, a network instance is used by a UPF for traffic detection and routing.
  • network service or “NS” at least in some examples refers to a composition or collection of NF(s) and/or network service(s), defined by its functional and behavioral specification(s).
  • NF service instance at least in some examples refers to an identifiable instance of the NF service.
  • NF instance at least in some examples refers to an identifiable instance of an NF.
  • NF service at least in some examples refers to functionality exposed by an NF through a service-based interface and consumed by other authorized NFs.
  • NF service operation at least in some examples refers to an elementary unit that an NF service is composed of.
  • NF service set at least in some examples refers to a group of interchangeable NF service instances of the same service type within an NF instance; in some examples, the NF service instances in the same NF service set have access to the same context data.
  • NF set at least in some examples refers to a group of interchangeable NF instances of the same type, supporting the same services and the same network slice(s) ; in some examples, the NF instances in the same NF Set may be geographically distributed but have access to the same context data.
  • management function at least in some examples refers to a logical entity playing the roles of a service consumer and/or a service producer.
  • management service at least in some examples refers to a set of offered management capabilities.
  • network function virtualization or “NFV” at least in some examples refers to the principle of separating network functions from the hardware they run on by using virtualization techniques and/or virtualization technologies.
  • virtualized network function or “VNF” at least in some examples refers to an implementation of an NF that can be deployed on a Network Function Virtualization Infrastructure (NFVI).
  • NFVI Network Function Virtualization Infrastructure
  • NFVI Network Functions Virtualization Infrastructure Manager
  • NFVI Network Functions Virtualization Infrastructure Manager
  • VIM Virtualized Infrastructure Manager
  • VMM functional block that is responsible for controlling and managing the NFVI compute, storage and network resources, usually within one operator's infrastructure domain.
  • virtualization container “execution container”, or “container” at least in some examples refers to a partition of a compute node that provides an isolated virtualized computation environment.
  • OS container at least in some examples refers to a virtualization container utilizing a shared Operating System (OS) kernel of its host, where the host providing the shared OS kernel can be a physical compute node or another virtualization container.
  • container at least in some examples refers to a standard unit of software (or a package) including code and its relevant dependencies, and/or an abstraction at the application layer that packages code and dependencies together.
  • container or container image at least in some examples refers to a lightweight, standalone, executable software package that includes everything needed to run an application such as, for example, code, runtime environment, system tools, system libraries, and settings.
  • VM virtual machine
  • hypervisor at least in some examples refers to a software element that partitions the underlying physical resources of a compute node, creates VMs, manages resources for VMs, and isolates individual VMs from each other.
  • Data Network at least in some examples refers to a network hosting data-centric services such as, for example, operator services, the internet, third-party services, or enterprise networks. Additionally or alternatively, a DN at least in some examples refers to service networks that belong to an operator or third party, which are offered as a service to a client or user equipment (UE). DNs are sometimes referred to as “Packet Data Networks” or “PDNs”.
  • Packet Data Networks or “Local Area Data Network” at least in some examples refers to a DN that is accessible by the UE only in specific locations, that provides connectivity to a specific DNN, and whose availability is provided to the UE.
  • protocol at least in some examples refers to a predefined procedure or method of performing one or more operations. Additionally or alternatively, the term “protocol” at least in some examples refers to a common means for unrelated objects to communicate with each other (sometimes also called interfaces).
  • communication protocol at least in some examples refers to a set of standardized rules or instructions implemented by a communication device and/or system to communicate with other devices and/or systems, including instructions for packetizing/depacketizing data, modulating/demodulating signals, implementation of protocols stacks, and/or the like.
  • a “protocol” and/or a “communication protocol” may be represented using a protocol stack, a finite state machine (FSM), and/or any other suitable data structure.
  • standard protocol at least in some examples refers to a protocol whose specification is published and known to the public and is controlled by a standards body.
  • protocol stack or “network stack” at least in some examples refers to an implementation of a protocol suite or protocol family.
  • a protocol stack includes a set of protocol layers, where the lowest protocol deals with low-level interaction with hardware and/or communications interfaces and each higher layer adds additional capabilities.
  • the term “protocol” at least in some examples refers to a formal set of procedures that are adopted to ensure communication between two or more functions within the within the same layer of a hierarchy of functions.
  • application layer at least in some examples refers to an abstraction layer that specifies shared communications protocols and interfaces used by hosts in a communications network. Additionally or alternatively, the term “application layer” at least in some examples refers to an abstraction layer that interacts with software applications that implement a communicating component, and includes identifying communication partners, determining resource availability, and synchronizing communication.
  • Examples of application layer protocols include HTTP, HTTPs, File Transfer Protocol (FTP), Dynamic Host Configuration Protocol (DHCP), Internet Message Access Protocol (IMAP), Lightweight Directory Access Protocol (LDAP), MQTT (MQ Telemetry Transport), Remote Authentication Dial-In User Service (RADIUS), Diameter protocol, Extensible Authentication Protocol (EAP), RDMA over Converged Ethernet version 2 (RoCEv2), Real-time Transport Protocol (RTP), RTP Control Protocol (RTCP), Real Time Streaming Protocol (RTSP), SBMV Protocol, Skinny Client Control Protocol (SCCP), Session Initiation Protocol (SIP), Session Description Protocol (SDP), Simple Mail Transfer Protocol (SMTP), Simple Network Management Protocol (SNMP), Simple Service Discovery Protocol (SSDP), Small Computer System Interface (SCSI), Internet SCSI (iSCSI), iSCSI Extensions for RDMA (iSER), Transport Layer Security (TLS), voice over IP (VoIP), Virtual Private Network (VPN), Extensible Messaging and Presence Protocol
  • session layer at least in some examples refers to an abstraction layer that controls dialogues and/or connections between entities or elements, and may include establishing, managing and terminating the connections between the entities or elements.
  • transport layer at least in some examples refers to a protocol layer that provides end-to-end (e2e) communication services such as, for example, connection-oriented communication, reliability, flow control, and multiplexing.
  • transport layer protocols include datagram congestion control protocol (DCCP), fibre channel protocol (FBC), Generic Routing Encapsulation (GRE), GPRS Tunneling (GTP), Micro Transport Protocol (pTP), Multipath TCP (MPTCP), MultiPath QUIC (MPQUIC), Multipath UDP (MPUDP), Quick UDP Internet Connections (QUIC), Remote Direct Memory Access (RDMA), Resource Reservation Protocol (RSVP), Stream Control Transmission Protocol (SCTP), transmission control protocol (TCP), user datagram protocol (UDP), and/or the like.
  • DCCP datagram congestion control protocol
  • FBC Generic Routing Encapsulation
  • GTP Generic Routing Encapsulation
  • GTP Generic Routing Encapsulation
  • GTP Generic Routing Encapsulation
  • GTP Generic Routing Encapsulation
  • GTP Generic Rou
  • network layer at least in some examples refers to a protocol layer that includes means for transferring network packets from a source to a destination via one or more networks. Additionally or alternatively, the term “network layer” at least in some examples refers to a protocol layer that is responsible for packet forwarding and/or routing through intermediary nodes. Additionally or alternatively, the term “network layer” or “internet layer” at least in some examples refers to a protocol layer that includes interworking methods, protocols, and specifications that are used to transport network packets across a network.
  • link layer or “data link layer” at least in some examples refers to a protocol layer that transfers data between nodes on a network segment across a physical layer.
  • link layer protocols include logical link control (LLC), medium access control (MAC), Ethernet, RDMA over Converged Ethernet version 1 (RoCEvl), and/or the like.
  • RRC layer refers to a protocol layer or sublayer that performs system information handling; paging; establishment, maintenance, and release of RRC connections; security functions; establishment, configuration, maintenance and release of Signalling Radio Bearers (SRBs) and Data Radio Bearers (DRBs); mobility functions/services; QoS management; and some sidelink specific services and functions over the Uu interface (see e.g., 3GPP TS 36.331 vl7.4.0 (2023-03-30) (“ [TS36331 ]”) and/or 3GPP TS 38.331 V17.4.0 (2023-03-30) (“[TS38331]”)).
  • SRBs Signalling Radio Bearers
  • DRBs Data Radio Bearers
  • SDAP layer refers to a protocol layer or sublayer that performs mapping between QoS flows and a data radio bearers (DRBs) and marking QoS flow IDs (QFI) in both DL and UL packets (see e.g., 3GPP TS 37.324 vl7.0.0 (2022-04-13) (“[TS37324]”).
  • DRBs data radio bearers
  • QFI QoS flow IDs
  • Packet Data Convergence Protocol refers to a protocol layer or sublayer that performs transfer user plane or control plane data; maintains PDCP sequence numbers (SNs); header compression and decompression using the Robust Header Compression (ROHC) and/or Ethernet Header Compression (EHC) protocols; ciphering and deciphering; integrity protection and integrity verification; provides timer based SDU discard; routing for split bearers; duplication and duplicate discarding; reordering and inorder delivery; and/or out-of-order delivery (see e.g., 3GPP TS 36.323 vl7.2.0 (2023-01-13) and/or 3GPP TS 38.323 vl7.4.0 (2023-03-28) (“[TS38323]”)).
  • ROHC Robust Header Compression
  • EHC Ethernet Header Compression
  • radio link control layer refers to a protocol layer or sublayer that performs transfer of upper layer PDUs; sequence numbering independent of the one in PDCP; error Correction through ARQ; segmentation and/or re-segmentation of RLC SDUs; reassembly of SDUs; duplicate detection; RLC SDU discarding; RLC re-establishment; and/or protocol error detection (see e.g., 3GPP TS 36.322 V17.0.0 (2022- 04-15) and 3GPP TS 38.322 vl7.2.0 (2023-01-13) (“[TS38322]”)).
  • medium access control protocol refers to a protocol that governs access to the transmission medium in a network, to enable the exchange of data between stations in a network.
  • medium access control layer refers to a protocol layer or sublayer that performs functions to provide frame-based, connectionless-mode (e.g., datagram style) data transfer between stations or devices.
  • the term “physical layer”, “PHY layer”, or “PHY” at least in some examples refers to a protocol layer or sublayer that includes capabilities to transmit and receive modulated signals for communicating in a communications network (see e.g., 3GPP TS 36.201 vl7.0.0 (2022-03-31), and 3GPP TS 38.201 vl7.0.0 (2022-01-05) (“[TS38201]”)
  • the term “access technology” at least in some examples refers to the technology used for the underlying physical connection to a communication network.
  • the term “radio access technology” or “RAT” at least in some examples refers to the technology used for the underlying physical connection to a radio based communication network.
  • the term “radio technology” at least in some examples refers to technology for wireless transmission and/or reception of electromagnetic radiation for information transfer.
  • the term “RAT type” at least in some examples may identify a transmission technology and/or communication protocol used in an access network. Examples of access technologies include wireless access technologies/RATs, wireline, wirelinecable, wireline broadband forum (wireline-BBF), Ethernet (see e.g., IEEE Standard for Ethernet, IEEE Std 802.3-2018 (31 Aug.
  • RATs or RAT types
  • communications protocols include Advanced Mobile Phone System (AMPS) technologies (e.g., Digital AMPS (D-AMPS), Total Access Communication System (TACS) and variants thereof, such as Extended TACS (ETACS), and the like); Global System for Mobile Communications (GSM) technologies (e.g., Circuit Switched Data (CSD), High-Speed CSD (HSCSD), General Packet Radio Service (GPRS), and Enhanced Data Rates for GSM Evolution (EDGE)); Third Generation Partnership Project (3GPP) technologies (e.g., Universal Mobile Telecommunications System (UMTS) and variants thereof (e.g., UMTS Terrestrial Radio Access (UTRA), Wideband Code Division Multiple Access (W-CDMA), Freedom of Multimedia Access (FOMA), Time Division-Code Division Multiple Access (TD-CDMA), Time Division- Synchronous Code Division Multiple Access (TD-SCDMA), and the like), Generic Access Network (GAN) / Unlicensed Mobile Access (UMA), High Speed Packet Access
  • GAN
  • IEEE802 IEEE Standard for Information Technology— Telecommunications and Information Exchange between Systems - Local and Metropolitan Area Networks— Specific Requirements - Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications, IEEE Std 802.11-2020, pp.1-4379 (26 Feb. 2021) (“[IEEE80211]”), IEEE 802.15 technologies (e.g., IEEE Standard for Low-Rate Wireless Networks, IEEE Std 802.15.4-2020, pp.1-800 (23 July 2020) (“[IEEE802154]”) and variants thereof (e.g., ZigBee, WirelessHART, MiWi, ISAlOO.
  • MAC Medium Access Control
  • PHY Physical Layer
  • MAC Wireless LAN Medium Access Control
  • PHY Physical Layer
  • WiMAX Worldwide Interoperability for Microwave Access (WiMAX) (e.g., IEEE Standard for Air Interface for Broadband Wireless Access Systems, IEEE Std 802.16-2017, pp.1-2726 (02 Mar.
  • WiMAX Mobile Broadband Wireless Access
  • MBWA Mobile Broadband Wireless Access
  • iBurst e.g., IEEE 802.20 and variants thereof
  • WiGig Wireless Gigabit Alliance
  • Integrated Digital Enhanced Network and variants thereof (e.g., Wideband Integrated Digital Enhanced Network (WiDEN)); millimeter wave (mmWave) technologies/standards (e.g., wireless systems operating at 10-300 GHz and above 3GPP 5G); short-range and/or wireless personal area network (WPAN) technologies/standards (e.g., IEEE 802.15 technologies (e.g., as mentioned previously); Bluetooth and variants thereof (e.g., Bluetooth 5.3, Bluetooth Low Energy (BLE), and the like), WiFi-direct, Miracast, ANT/ANT+, Z-Wave, Universal Plug and Play (UPnP), low power Wide Area Networks (LPWANs), Long Range Wide Area Network (LoRA or LoRaWANTM), and the like); optical and/or visible light communication (VLC) technologies/standards (e.g., IEEE Standard for Local and metropolitan area networks— Part 15.7: Short-Range Optical Wireless Communications, IEEE Std 802.1
  • Sigfox e.g., cdmaOne (2G), Code Division Multiple Access 2000 (CDMA 2000), and Evolution-Data Optimized or Evolution-Data Only (EV-DO); Push-to-talk (PTT), Mobile Telephone System (MTS) and variants thereof (e.g., Improved MTS (IMTS), Advanced MTS (AMTS), and the like); Personal Digital Cellular (PDC); Personal Handy-phone System (PHS), Cellular Digital Packet Data (CDPD); Cellular Digital Packet Data (CDPD); DataTAC; Digital Enhanced Cordless Telecommunications (DECT) and variants thereof (e.g., DECT Ultra Low Energy (DECT ULE), DECT-2020, DECT-5G, and the like); Ultra High Frequency (UHF) communication; Very High Frequency (VHF) communication; and/or any other suitable RAT or protocol.
  • PTT Push-to-talk
  • MTS Mobile Telephone System
  • IMTS Improved MTS
  • AMTS Advanced MTS
  • PDC Personal Digital Cellular
  • any number of satellite uplink technologies may be used for purposes of the present disclosure including, for example, radios compliant with standards issued by the International Telecommunication Union (ITU), or the ETSI, among others.
  • ITU International Telecommunication Union
  • ETSI European Telecommunication Union
  • channel at least in some examples refers to any transmission medium, either tangible or intangible, which is used to communicate data or a data stream.
  • channel may be synonymous with and/or equivalent to “communications channel,” “data communications channel,” “transmission channel,” “data transmission channel,” “access channel,” “data access channel,” “link,” “data link,” “carrier,” “radiofrequency carrier,” and/or any other like term denoting a pathway or medium through which data is communicated.
  • link at least in some examples refers to a connection between two devices through a RAT for the purpose of transmitting and receiving information.
  • carrier at least in some examples refers to a modulated waveform conveying one or more physical channels (e.g., 5G/NR, E-UTRA, UTRA, and/or GSMZEDGE physical channels).
  • carrier frequency at least in some examples refers to the center frequency of a cell.
  • radio bearer at least in some examples refers to an information transmission path of defined capacity, delay, bit error rate, and/or the like.
  • radio bearer at least in some examples refers to the service provided by Layer 2 (L2) for transfer of user data between user equipment (UE) and a radio access network (RAN).
  • radio access bearer at least in some examples refers to the service that the access stratum provides to the non-access stratum for transfer of user data between a UE and a CN.
  • beamforming and “beam steering” at least in some examples refer to a spatial filtering mechanism used at a transmitter (Tx) to improve the received signal power, signal-to- noise ratio (SNR), or some other signaling metric at an intended receiver (Rx).
  • beamformer at least in some examples refers to a STA that transmits a physical layer PDU (PPDU) using a beamforming steering matrix.
  • beamforming steering matrix at least in some examples refers to a matrix determined using knowledge of the channel between a Tx and an intended Rx that maps from space-time streams to transmit antennas with the goal of improving the signal power, SNR, and/or some other signaling metric at the intended Rx.
  • subframe at least in some examples at least in some examples refers to a time interval during which a signal is signaled. In some implementations, a subframe is equal to 1 millisecond (ms).
  • time slot at least in some examples at least in some examples refers to an integer multiple of consecutive subframes.
  • superframe at least in some examples at least in some examples refers to a time interval comprising two time slots.
  • channel coding at least in some examples refers to processes and/or techniques to add redundancy to messages or packets in order to make those messages or packets more robust against noise, channel interference, limited channel bandwidth, and/or other errors.
  • channel coding can be used interchangeably with the terms “forward error correction” or “FEC”; “error correction coding”, “error correction code”, or “ECC”; and/or “network coding” or “NC”.
  • network coding at least in some examples refers to processes and/or techniques in which transmitted data is encoded and decoded to improve network performance.
  • code rate at least in some examples refers to the proportion of a data stream or flow that is useful or non-redundant (e.g., for a code rate of k/n, for every k bits of useful information, the (en)coder generates a total of n bits of data, of which n - k are redundant).
  • systematic code at least in some examples refers to any error correction code in which the input data is embedded in the encoded output.
  • non-systematic code at least in some examples refers to any error correction code in which the input data is not embedded in the encoded output.
  • network address at least in some examples refers to an identifier for a node or host in a computer network, and may be a unique identifier across a network and/or may be unique to a locally administered portion of the network.
  • Examples of identifiers and/or network addresses can include am application identifier, Bluetooth hardware device address (BD ADDR), a cellular network address (e.g., Access Point Name (APN), AMF name and/or AMF identifier (ID), AF- Service-Identifier, Closed Access Group Identifier (CAG-ID), Edge Application Server (EAS) ID, Data Network Access Identifier (DNAI), Data Network Name (DNN), EPS Bearer Identity (EBI), Equipment Identity Register (EIR) and/or 5G-EIR, Extended Unique Identifier (EUI), Group ID for Network Selection (GIN), Generic Public Subscription Identifier (GPSI), Globally Unique AMF Identifier (GUAMI), Globally Unique Temporary Identifier (GUTI) and/or 5G
  • endpoint address at least in some examples refers to an address used to determine the host/authority part of a target network address (e.g., URI and/or any other network address(es), such as those discussed herein), where the target network address (e.g., URI and/or any other network address(es), such as those discussed herein) is used to access an NF service (e.g., to invoke service operations) of an NF service producer or for notifications to an NF service consumer.
  • NF service e.g., to invoke service operations
  • port in the context of computer networks, at least in some examples refers to a communication endpoint, a virtual data connection between two or more entities, and/or a virtual point where network connections start and end.
  • a “port” at least in some examples is associated with a specific process or service. Additionally or alternatively, the term “port” at least in some examples refers to a particular interface of the specified equipment (apparatus) with an electromagnetic environment (e.g., any connection point on an equipment intended for connection of cables to or from that equipment is considered as a port).
  • delay at least in some examples refers to a time interval between two events. Additionally or alternatively, the term “delay” at least in some examples refers to a time interval between the propagation of a signal and its reception.
  • delay bound at least in some examples refers to a predetermined or configured amount of acceptable delay.
  • per- packet delay bound at least in some examples refers to a predetermined or configured amount of acceptable packet delay where packets that are not processed and/or transmitted within the delay bound are considered to be delivery failures and are discarded or dropped.
  • goodput at least in some examples refers to a number of useful information bits delivered by the network to a certain destination per unit of time.
  • jitter at least in some examples refers to a deviation from a predefined (“true”) periodicity of a presumably periodic signal in relation to a reference clock signal.
  • latency at least in some examples refers to the amount of time it takes to transfer a first/initial data unit in a data burst from one point to another. Additionally or alternatively, the term “latency” at least in some examples refers to the delay experienced by a data unit (e.g., frame) in the course of its propagation between two points in a network, measured from the time that a known reference point in the frame passes the first point to the time that the reference point in the data unit passes the second point.
  • a data unit e.g., frame
  • network delay at least in some examples refers to the delay of an a data unit within a network (e.g., an IP packet within an IP network).
  • packet delay at least in some examples refers to the time it takes to transfer any packet from one point to another. Additionally or alternatively, the term “packet delay” or “per packet delay” at least in some examples refers to the difference between a packet reception time and packet transmission time. Additionally or alternatively, the “packet delay” or “per packet delay” can be measured by subtracting the packet sending time from the packet receiving time where the transmitter and receiver are at least somewhat synchronized.
  • packet drop rate at least in some examples refers to a share of packets that were not sent to the target due to high traffic load or traffic management and should be seen as a part of the packet loss rate.
  • packet loss rate at least in some examples refers to a share of packets that could not be received by the target, including packets dropped, packets lost in transmission and packets received in wrong format.
  • performance indicator at least in some examples refers to performance data aggregated over a group of network functions (NFs), which is derived from performance measurements collected at the NFs that belong to the group, according to the aggregation method identified in a Performance Indicator definition.
  • the term “physical rate” or “PHY rate” at least in some examples refers to a speed at which one or more bits are actually sent over a transmission medium. Additionally or alternatively, the term “physical rate” or “PHY rate” at least in some examples refers to a speed at which data can move across a wireless link between a transmitter and a receiver.
  • processing delay at least in some examples refers to an amount of time taken to process a packet in a network node.
  • the term “propagation delay” at least in some examples refers to amount of time it takes a signal’s header to travel from a sender to a receiver.
  • the term “queuing delay” at least in some examples refers to an amount of time a job waits in a queue until that job can be executed.
  • the term “queuing delay” at least in some examples refers to an amount of time a packet waits in a queue until it can be processed and/or transmitted.
  • the term “throughput” or “network throughput” at least in some examples refers to a rate of production or the rate at which something is processed. Additionally or alternatively, the term “throughput” or “network throughput” at least in some examples refers to a rate of successful message (date) delivery over a communication channel.
  • the term “transmission delay” at least in some examples refers to an amount of time needed (or necessary) to push a packet (or all bits of a packet) into a transmission medium.
  • application or “app” at least in some examples refers to a computer program designed to carry out a specific task other than one relating to the operation of the computer itself. Additionally or alternatively, term “application” or “app” at least in some examples refers to a complete and deployable package, environment to achieve a certain function in an operational environment.
  • process at least in some examples refers to an instance of a computer program that is being executed by one or more threads. In some implementations, a process may be made up of multiple threads of execution that execute instructions concurrently.
  • algorithm at least in some examples refers to an unambiguous specification of how to solve a problem or a class of problems by performing calculations, input/output operations, data processing, automated reasoning tasks, and/or the like.
  • application programming interface or “API” at least in some examples refers to a set of subroutine definitions, communication protocols, and tools for building software. Additionally or alternatively, the term “application programming interface” or “API” at least in some examples refers to a set of clearly defined methods of communication among various components. In some examples, an API may be defined or otherwise used for a web-based system, operating system, database system, computer hardware, software library, and/or the like.
  • instantiate refers to the creation of an instance.
  • instance refers to a concrete occurrence of an object, which may occur, for example, during execution of program code.
  • reference point at least in some examples refers to a conceptual point at the conjunction of two non-overlapping functional groups, elements, or entities.
  • service based interface at least in some examples refers to a representation how a set of services is provided and/or exposed by a particular NF.
  • Use case at least in some examples refers to a description of a system from a user's perspective. Use cases sometimes treat a system as a black box, and the interactions with the system, including system responses, are perceived as from outside the system. Use cases typically avoid technical jargon, preferring instead the language of the end user or domain expert.
  • the term “user” at least in some examples refers to an abstract representation of any entity issuing commands, requests, and/or data to a compute node or system, and/or otherwise consumes or uses services. Additionally or alternatively, the term “user” at least in some examples refers to an entity, not part of the 3GPP System , which uses 3GPP System services (e.g., a person using a 3 GPP system mobile station as a portable telephone).
  • the term “user profile” at least in some examples refers to a set of information to provide a user with a consistent, personalized service environment, irrespective of the user's location or the terminal used (within the limitations of the terminal and the serving network).
  • service consumer or “consumer” at least in some examples refers to an entity that consumes one or more services.
  • service producer or “producer” at least in some examples refers to an entity that offers, serves, or otherwise provides one or more services.
  • service provider or “provider” at least in some examples refers to an organization or entity that provides one or more services to at least one service consumer.
  • service provider and “service producer” may be used interchangeably even though these terms may refer to difference concepts.
  • service providers examples include cloud service provider (CSP), network service provider (NSP), application service provider (ASP) (e.g., Application software service provider in a service-oriented architecture (ASSP)), internet service provider (ISP), telecommunications service provider (TSP), online service provider (OSP), payment service provider (PSP), managed service provider (MSP), storage service providers (SSPs), SAML service provider, and/or the like.
  • CSP cloud service provider
  • NSP network service provider
  • ASP application service provider
  • ISP internet service provider
  • TSP telecommunications service provider
  • OSP online service provider
  • PSP payment service provider
  • MSP managed service provider
  • SSPs storage service providers
  • SAML service provider and/or the like.
  • configuration refers to a machine-readable information object that contains instructions, conditions, parameters, criteria, data, metadata, and/or other information that is/are relevant to a component, device, system, network, service producer, service consumer, and/or other element/entity.
  • datagram at least in some examples at least in some examples refers to a basic transfer unit associated with a packet-switched network; a datagram may be structured to have header and payload sections.
  • datagram at least in some examples may be synonymous with any of the following terms, even though they may refer to different aspects: “data unit”, a “protocol data unit” or “PDU”, a “service data unit” or “SDU”, “frame”, “packet”, a “network packet”, “segment”, “block”, “cell”, “chunk”, “Type Length Value” or “TLV”, and/or the like.
  • packet at least in some examples refers to an information unit identified by a label at layer 3 of the OSI reference model.
  • a “packet” may also be referred to as a “network protocol data unit” or “NPDU”.
  • protocol data unit at least in some examples refers to a unit of data specified in an (N)-protocol layer and includes (N)-protocol control information and possibly (N)-user data.
  • information element refers to a structural element containing one or more fields. Additionally or alternatively, the term “information element” or “IE” at least in some examples refers to a field or set of fields defined in a standard or specification that is used to convey data and/or protocol information.
  • field at least in some examples refers to individual contents of an information element, or a data element that contains content.
  • data frame”, “data field”, or “DF” at least in some examples refers to a data type that contains more than one data element in a predefined order.
  • data element or “DE” at least in some examples refers to a data type that contains one single data.
  • data element at least in some examples refers to an atomic state of a particular object with at least one specific property at a certain point in time, and may include one or more of a data element name or identifier, a data element definition, one or more representation terms, enumerated values or codes (e.g., metadata), and/or a list of synonyms to data elements in other metadata registries.
  • a “data element” at least in some examples refers to a data type that contains one single data. Data elements may store data, which may be referred to as the data element’s content (or “content items”).
  • Content items may include text content, attributes, properties, and/or other elements referred to as “child elements.” Additionally or alternatively, data elements may include zero or more properties and/or zero or more attributes, each of which may be defined as database objects (e.g., fields, records, and the like), object instances, and/or other data elements.
  • An “attribute” at least in some examples refers to a markup construct including a name-value pair that exists within a start tag or empty element tag. Attributes contain data related to its element and/or control the element’s behavior.
  • data set at least in some examples refers to a collection of data; a “data set” or “dataset” may be formed or arranged in any type of data structure.
  • one or more characteristics can define or influence the structure and/or properties of a dataset such as the number and types of attributes and/or variables, and various statistical measures (e.g., standard deviation, kurtosis, and/or the like).
  • data structure at least in some examples refers to a data organization, management, and/or storage format. Additionally or alternatively, the term “data structure” at least in some examples refers to a collection of data values, the relationships among those data values, and/or the functions, operations, tasks, and the like, that can be applied to the data.
  • the term “authorization” at least in some examples refers to a prescription that a particular behavior shall not be prevented.
  • the term “authentication” at least in some embodiments refers to a process of proving or verifying an identity. Additionally or alternatively, the term “authentication” at least in some embodiments refers to a mechanism by which a computer system checks or verifies that a user or entity is really the user or entity being claimed. Examples of the authentication and/or authorization techniques include using API keys, basic access authentication (“Basic Auth”), Open Authorization (OAuth), hash-based message authentication codes (HMAC), Kerberos protocol, OpenlD, WeblD, and/or other authentication and/or authorization techniques.
  • Basic Auth basic access authentication
  • OAuth Open Authorization
  • HMAC hash-based message authentication codes
  • Kerberos protocol OpenlD
  • WeblD WeblD
  • other authentication and/or authorization techniques include using API keys, basic access authentication (“Basic Auth”), Open Authorization (OAuth), hash-based message authentication codes (HMAC
  • the term “consistency check” at least in some examples refers to a test or assessment performed to determine if data has any internal conflicts, conflicts with other data, and/or whether any contradictions exist.
  • a “consistency check” may operate according to a “consistency model”, which at least in some examples refers to a set of operations for performing a consistency check and/or rules or policies used to determine if data is consistent (or predictable) or not.
  • the term “integrity” at least in some examples refers to a mechanism that assures that data has not been altered in an unapproved way. Examples of cryptographic mechanisms that can be used for integrity protection include digital signatures, message authentication codes (MAC), and secure hashes.
  • the term “verification” at least in some examples refers to a process, method, function, or any other means of establishing the correctness of information or data.
  • certificate or “digital certificate” at least in some examples refers to an information object (e.g., an electronic document or other data structure) used to prove the validity of a piece of data such as a public key in a public key infrastructure (PKI) system.
  • PKI public key infrastructure
  • digital certificates include the X.509 format and/or some other suitable format, and may be signed using any suitable cryptographic mechanisms such as Elliptic Curve cryptography Digital Signature Algorithm (ECDSA) or some other suitable algorithm such as any of those discussed herein.
  • EDSA Elliptic Curve cryptography Digital Signature Algorithm
  • the digital certificates discussed herein can include various certificates issued by the an issuer, a verification body, a notified body, certificate authority (CA) (e.g., a root CA or the like), an enrollment authority (EA), an authorization authority (AA), and/or other entity as delineated by relevant Certificate Authority Security Council (CASC) standards, Common Computing Security Standards Forum (CCSF) standards, CA/Browser Forum standards, GSMA standards, ETSI standards, GlobalPlatform standards, and/or some other suitable standard.
  • certificate authority e.g., a root CA or the like
  • EA enrollment authority
  • AA authorization authority
  • CRC Certificate Authority Security Council
  • CCL Common Computing Security Standards Forum
  • GSMA GlobalPlatform standards
  • confidential data at least in some examples refers to any form of information that a person or entity is obligated, by law or contract, to protect from unauthorized access, use, disclosure, modification, or destruction. Additionally or alternatively, “confidential data” at least in some examples refers to any data owned or licensed by a person or entity that is not intentionally shared with the general public or that is classified by the person or entity with a designation that precludes sharing with the general public.
  • public-key cryptography or “asymmetric cryptography” at least in some examples refers to a cryptographic system that use pairs of related keys including, for example, a public key used for generating ciphertext, and a corresponding private key to decrypt the ciphertext to obtain the original message (e.g., plaintext); in some examples, these key pairs are generated with cryptographic algorithms based on one-way functions
  • cryptographic hash function at least in some examples refers to a mathematical algorithm that maps data of arbitrary size (sometimes referred to as a "message”) to a bit array of a fixed size (sometimes referred to as a "hash value”, “hash”, or “message digest”).
  • a cryptographic hash function is usually a one-way function, which is a function that is practically infeasible to invert.
  • the term “cryptographic key” or “key” at least in some examples refers to a piece of information, usually a string of numbers or letters that are stored in a file, which, when processed through a cryptographic algorithm can encode or decode cryptographic data.
  • the term “symmetric-key algorithm” at least in some examples refers to a cryptographic algorithm that uses the same cryptographic key for both the encryption of plaintext and the decryption of ciphertext; the keys may be identical, or there may be a simple transformation to go between the two keys.
  • the term “anchor key” at least in some examples refers to a cryptographic key that is used to generate other keys. In some examples, an “anchor key” is used in key management systems to create and distribute keys to users. In some examples, an “anchor key” is stored in a secure location and is not used directly to encrypt or decrypt data. Examples of anchor keys include, master keys, subkeys, and session keys.
  • encryption at least in some examples refers to a process of encoding information wherein the original representation of information (referred to as “plaintext”) into an alternative form (referred to as “ciphertext”).
  • plaintext the original representation of information
  • ciphertext an alternative form
  • an encryption scheme includes use of a pseudo-random encryption key generated by a cryptographic mechanism or some other algorithm to generate an encryption key, which can be used to encrypt and/or decrypt the plaintext.
  • one-time credential at least in some examples refers to a type of authentication that is only valid for a single use.
  • a one-time credential is used for two-factor authentication (2FA), which is a security measure that requires two different forms of authentication to access an account.
  • 2FA two-factor authentication
  • one-time credentials include time-based onetime passwords (TOTPs) (e.g., a one-time credential generated by a time-based algorithm that is valid for a short period of time (e.g., 30 seconds or the like; in some examples, a TOTP is generated by mobile apps or hardware tokens) and out-of-band (OOB) one-time passwords (OTPs) (e.g., a one-time credential that is sent to a user's phone (via SMS message), email address, or the like; In some examples, an OOB OTP is valid for a single use and can only be used once).
  • TOTPs time-based onetime passwords
  • OOB out-of-band
  • OTPs one-time credential that is sent to a user's phone (via SMS message), email address, or the like
  • OOB OTP is valid for a single use and can only be used once).
  • data breach at least in some examples refers to a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, data (including personal, sensitive, and/or confidential data) transmitted, stored or otherwise processed.
  • information security or “InfoSec” at least in some examples refers to any practice, technique, and technology for protecting information by mitigating information risks and typically involves preventing or reducing the probability of unauthorized/inappropriate access to data, or the unlawful use, disclosure, disruption, deletion, corruption, modification, inspection, recording, or devaluation of information; and the information to be protected may take any form including electronic information, physical or tangible (e.g., computer-readable media storing information, paperwork, and the like), or intangible (e.g., knowledge, intellectual property assets, and the like).
  • artificial intelligence at least in some examples refers to any intelligence demonstrated by machines, in contrast to the natural intelligence displayed by humans and other animals. Additionally or alternatively, the term “artificial intelligence” or “Al” at least in some examples refers to the study of “intelligent agents” and/or any device that perceives its environment and takes actions that maximize its chance of successfully achieving a goal.
  • artificial neural network refers to an ML technique comprising a collection of connected artificial neurons or nodes that (loosely) model neurons in a biological brain that can transmit signals to other arterial neurons or nodes, where connections (or edges) between the artificial neurons or nodes are (loosely) modeled on synapses of a biological brain.
  • the artificial neurons and edges typically have a weight that adjusts as learning proceeds. The weight increases or decreases the strength of the signal at a connection.
  • Neurons may have a threshold such that a signal is sent only if the aggregate signal crosses that threshold.
  • the artificial neurons can be aggregated or grouped into one or more layers where different layers may perform different transformations on their inputs.
  • NNs are usually used for supervised learning, but can be used for unsupervised learning as well.
  • Examples of NNs include deep NN (DNN), feed forward NN (FFN), deep FNN (DFF), convolutional NN (CNN), deep CNN (DCN), deconvolutional NN (DNN), a deep belief NN, a perception NN, recurrent NN (RNN) (e.g., including Long Short Term Memory (LSTM) algorithm, gated recurrent unit (GRU), echo state network (ESN), and the like), spiking NN (SNN), deep stacking network (DSN), Markov chain, perception NN, generative adversarial network (GAN), transformers, stochastic NNs (e.g., Bayesian Network (BN), Bayesian belief network (BBN), a Bayesian NN (BNN), Deep BNN (DBNN), Dynamic BN (
  • matrix at least in some examples refer to a system of postulates, data, and inferences presented as a mathematical description of an entity or state of affairs including governing equations, assumptions, and constraints.
  • statistic model at least in some examples refers to a mathematical model that embodies a set of statistical assumptions concerning the generation of sample data and/or similar data from a population; in some examples, a “statistical model” represents a data-generating process.
  • machine learning at least in some examples refers to the use of computer systems to optimize a performance criterion using example (training) data and/or past experience.
  • ML involves using algorithms to perform specific task(s) without using explicit instructions to perform the specific task(s), and/or relying on patterns, predictions, and/or inferences.
  • ML uses statistics to build ML model(s) (also referred to as “models”) in order to make predictions or decisions based on sample data (e.g., training data).
  • machine learning model or “ML model” at least in some examples refers to an application, program, process, algorithm, and/or function that is capable of making predictions, inferences, or decisions based on an input data set and/or is capable of detecting patterns based on an input data set.
  • a “machine learning model” or “ML model” is trained on a training data to detect patterns and/or make predictions, inferences, and/or decisions.
  • a “machine learning model” or “ML model” is based on a mathematical and/or statistical model.
  • the terms “ML model”, “Al model”, “AI/ML model”, and the like may be used interchangeably.
  • the term “ML model” may be used interchangeably with the terms “AI/ML model” and “model”.
  • machine learning application or “ML application” at least in some examples refers to an application, program, process, algorithm, and/or function that contains some AI/ML model(s) and application-level descriptions. Additionally or alternatively, the term “machine learning application” or “ML application” at least in some examples refers to a complete and deployable application and/or package that includes at least one ML model and/or other data capable of achieving a certain function and/or performing a set of actions or tasks in an operational environment.
  • the terms “ML application”, “Al application”, “AI/ML application”, and the like may be used interchangeably.
  • model parameters / parameters include weights (e.g., in an ANN); constraints; support vectors in a support vector machine (SVM); coefficients in a linear regression and/or logistic regression; word frequency, sentence length, noun or verb distribution per sentence, the number of specific character n-grams per word, lexical diversity, and the like, for natural language processing (NLP) and/or natural language understanding (NLU); and/or the like.
  • NLP natural language processing
  • NLU natural language understanding
  • hyperparameter at least in some examples refers to characteristics, properties, and/or parameters for an ML process that cannot be learnt during a training process. Hyperparameter are usually set before training takes place, and may be used in processes to help estimate model parameters.
  • hyperparameters examples include model size (e.g., in terms of memory space, bytes, number of layers, and the like); training data shuffling (e.g., whether to do so and by how much); number of evaluation instances, iterations, epochs (e.g., a number of iterations or passes over the training data), or episodes; number of passes over training data; regularization; learning rate (e.g., the speed at which the algorithm reaches (converges to) optimal weights); learning rate decay (or weight decay); momentum; number of hidden layers; size of individual hidden layers; weight initialization scheme; dropout and gradient clipping thresholds; the C value and sigma value for SVMs; the k in k-nearest neighbors; number of branches in a decision tree; number of clusters in a clustering algorithm; vector size; word vector size for NLP and NLU; and/or the like.
  • model size e.g., in terms of memory space, bytes, number of layers, and the like
  • any combination of containers, frames, DFs, DEs, IEs, values, actions, and/or features are possible in various examples, including any combination of containers, DFs, DEs, values, actions, and/or features that are strictly required to be followed in order to conform to such standards or any combination of containers, frames, DFs, DEs, IEs, values, actions, and/or features strongly recommended and/or used with or in the presence/ absence of optional elements.
  • inventive subject matter may be referred to herein, individually and/or collectively, merely for convenience and without intending to voluntarily limit the scope of this application to any single aspect or inventive concept if more than one is in fact disclosed.
  • inventive subject matter may be referred to herein, individually and/or collectively, merely for convenience and without intending to voluntarily limit the scope of this application to any single aspect or inventive concept if more than one is in fact disclosed.
  • specific aspects have been illustrated and described herein, it should be appreciated that any arrangement calculated to achieve the same purpose may be substituted for the specific aspects shown.
  • This disclosure is intended to cover any and all adaptations or variations of various aspects. Combinations of the above aspects and other aspects not specifically described herein will be apparent to those of skill in the art upon reviewing the above description.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Artificial Intelligence (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Databases & Information Systems (AREA)
  • Evolutionary Computation (AREA)
  • Medical Informatics (AREA)
  • Software Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

La présente invention concerne les aspects sécuritaires des améliorations de l'architecture pour les interactions entre la fonction d'analyse des données réseau (NWDAF) et d'autres fonctions de réseau dans le cœur de réseau de cinquième génération (5GC). L'invention concerne également des mécanismes d'accès sécurisé aux modèles d'apprentissage machine (ML) pour les consommateurs autorisés de services de modèles ML, y compris des mécanismes de stockage sécurisé par les fournisseurs de services de modèles ML et de récupération par les consommateurs autorisés de services de modèles ML. L'invention concerne également des mécanismes permettant le partage sécurisé des modèles ML de NWDAF fournis par le même fournisseur ou par des fournisseurs.
PCT/US2023/066453 2022-05-02 2023-05-01 Autorisation et authentification de transfert de modèle d'apprentissage automatique WO2023215720A1 (fr)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US202263337376P 2022-05-02 2022-05-02
US63/337,376 2022-05-02
US202263351206P 2022-06-10 2022-06-10
US63/351,206 2022-06-10

Publications (1)

Publication Number Publication Date
WO2023215720A1 true WO2023215720A1 (fr) 2023-11-09

Family

ID=88647134

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2023/066453 WO2023215720A1 (fr) 2022-05-02 2023-05-01 Autorisation et authentification de transfert de modèle d'apprentissage automatique

Country Status (1)

Country Link
WO (1) WO2023215720A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117874826A (zh) * 2024-03-11 2024-04-12 成都数据集团股份有限公司 一种数据库权限管理系统及方法

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20220108214A1 (en) * 2020-08-13 2022-04-07 Electronics And Telecommunications Research Institute Management method of machine learning model for network data analytics function device

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20220108214A1 (en) * 2020-08-13 2022-04-07 Electronics And Telecommunications Research Institute Management method of machine learning model for network data analytics function device

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
"3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; Architecture enhancements for 5G System (5GS) to support network data analytics services (Release 17)", 3GPP STANDARD; 3GPP TS 23.288, 3RD GENERATION PARTNERSHIP PROJECT (3GPP), MOBILE COMPETENCE CENTRE ; 650, ROUTE DES LUCIOLES ; F-06921 SOPHIA-ANTIPOLIS CEDEX ; FRANCE, no. V17.4.0, 23 March 2022 (2022-03-23), Mobile Competence Centre ; 650, route des Lucioles ; F-06921 Sophia-Antipolis Cedex ; France, pages 1 - 205, XP052144750 *
"3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; Study of Enablers for Network Automation for 5G 5G System (5GS); Phase 3 (Release 18)", 3GPP STANDARD; TECHNICAL REPORT; 3GPP TR 23.700-81, 3RD GENERATION PARTNERSHIP PROJECT (3GPP), MOBILE COMPETENCE CENTRE ; 650, ROUTE DES LUCIOLES ; F-06921 SOPHIA-ANTIPOLIS CEDEX ; FRANCE, no. V0.2.1, 20 April 2022 (2022-04-20), Mobile Competence Centre ; 650, route des Lucioles ; F-06921 Sophia-Antipolis Cedex ; France, pages 1 - 85, XP052146048 *
INTEL: "KI 4: Solution –Trained ML models storage and retrieval from ADRF", 3GPP DRAFT; S2-2202232, 3RD GENERATION PARTNERSHIP PROJECT (3GPP), MOBILE COMPETENCE CENTRE ; 650, ROUTE DES LUCIOLES ; F-06921 SOPHIA-ANTIPOLIS CEDEX ; FRANCE, vol. SA WG2, no. Elbonia; 20220406 - 20220412, 29 March 2022 (2022-03-29), Mobile Competence Centre ; 650, route des Lucioles ; F-06921 Sophia-Antipolis Cedex ; France, XP052133077 *
SA WG3: "New SID on security aspects of enablers for Network Automation for 5G - phase 3", 3GPP DRAFT; SP-220199, 3RD GENERATION PARTNERSHIP PROJECT (3GPP), MOBILE COMPETENCE CENTRE ; 650, ROUTE DES LUCIOLES ; F-06921 SOPHIA-ANTIPOLIS CEDEX ; FRANCE, vol. TSG SA, no. Electronic meeting; 20220315 - 20220324, 7 March 2022 (2022-03-07), Mobile Competence Centre ; 650, route des Lucioles ; F-06921 Sophia-Antipolis Cedex ; France, XP052125888 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117874826A (zh) * 2024-03-11 2024-04-12 成都数据集团股份有限公司 一种数据库权限管理系统及方法
CN117874826B (zh) * 2024-03-11 2024-05-24 成都数据集团股份有限公司 一种数据库权限管理系统及方法

Similar Documents

Publication Publication Date Title
NL2033617B1 (en) Resilient radio resource provisioning for network slicing
US20220086218A1 (en) Interoperable framework for secure dual mode edge application programming interface consumption in hybrid edge computing platforms
US20220232423A1 (en) Edge computing over disaggregated radio access network functions
US20220109622A1 (en) Reliability enhancements for multi-access traffic management
CN114173374A (zh) 多接入管理服务分组分类和优先级排定技术
US20220124043A1 (en) Multi-access management service enhancements for quality of service and time sensitive applications
CN115119331A (zh) 用于多接入通信量管理的强化学习
US20230006889A1 (en) Flow-specific network slicing
US20220124588A1 (en) Traffic steering and cross-layer and cross-link mobility management techniques for multi-access management services
CN117897980A (zh) 无线接入网智能应用管理器
WO2022261244A1 (fr) Solutions conformes à la directive sur les équipements radio pour des exigences sur la cybersécurité, la confidentialité et la protection du réseau
WO2023069757A1 (fr) Ingénierie de trafic dans des topologies de matrices avec des services déterministes
CN116134941A (zh) 用于处理上行链路控制信道和上行链路数据信道的重叠的用户设备内优先化
CN114051750A (zh) 用于性能数据流式传输、性能数据文件报告和性能阈值监测的系统和方法
WO2023215720A1 (fr) Autorisation et authentification de transfert de modèle d'apprentissage automatique
US20230388871A1 (en) Mobility features for next generation cellular networks
US20230268982A1 (en) Network controlled repeater
WO2022031553A1 (fr) Plan de données pour mégadonnées et données en tant que service dans des réseaux cellulaires de nouvelle génération
WO2023283102A1 (fr) Planification de ressources radio et planification sensible aux tranches pour le découpage en tranches de réseau d'accès radio intelligent
WO2023215771A1 (fr) Authentification et autorisation pour services localisés
WO2023212705A1 (fr) Améliorations d'informations d'avance temporelle et d'état de canal
US20230422038A1 (en) Cyber attack detection function
US20240155393A1 (en) Measurement reporting efficiency enhancement
US20240196178A1 (en) Data functions and procedures in the non-real time radio access network intelligent controller
US20240162955A1 (en) Beamforming for multiple-input multiple-output (mimo) modes in open radio access network (o-ran) systems

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 23800156

Country of ref document: EP

Kind code of ref document: A1