WO2023277581A1 - Procédé, ue et appareil de réseau pour fournir une politique de sécurité du plan utilisateur (up) granulaire dans un réseau sans fil - Google Patents

Procédé, ue et appareil de réseau pour fournir une politique de sécurité du plan utilisateur (up) granulaire dans un réseau sans fil Download PDF

Info

Publication number
WO2023277581A1
WO2023277581A1 PCT/KR2022/009340 KR2022009340W WO2023277581A1 WO 2023277581 A1 WO2023277581 A1 WO 2023277581A1 KR 2022009340 W KR2022009340 W KR 2022009340W WO 2023277581 A1 WO2023277581 A1 WO 2023277581A1
Authority
WO
WIPO (PCT)
Prior art keywords
drb
security policy
drbs
ciphering
protection
Prior art date
Application number
PCT/KR2022/009340
Other languages
English (en)
Inventor
Rajavelsamy Rajadurai
Nivedya Parambath Sasi
Rajendran ROHINI
Original Assignee
Samsung Electronics Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Samsung Electronics Co., Ltd. filed Critical Samsung Electronics Co., Ltd.
Publication of WO2023277581A1 publication Critical patent/WO2023277581A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • H04W12/033Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity
    • H04W12/106Packet or message integrity

Definitions

  • the present disclosure generally relates to user plane security policy. More particularly, the present disclosure relates to a method, a User Equipment (UE) and a network apparatus for provisioning granular user plane (UP) security policy in a wireless network to support emerging verticals and requirements to enhance the system performance, while providing more flexibility.
  • UE User Equipment
  • UP granular user plane
  • 5G mobile communication technologies define broad frequency bands such that high transmission rates and new services are possible, and can be implemented not only in “Sub 6GHz” bands such as 3.5GHz, but also in “Above 6GHz” bands referred to as mmWave including 28GHz and 39GHz.
  • 6G mobile communication technologies referred to as Beyond 5G systems
  • terahertz bands for example, 95GHz to 3THz bands
  • IIoT Industrial Internet of Things
  • IAB Integrated Access and Backhaul
  • DAPS Dual Active Protocol Stack
  • 5G baseline architecture for example, service based architecture or service based interface
  • NFV Network Functions Virtualization
  • SDN Software-Defined Networking
  • MEC Mobile Edge Computing
  • multi-antenna transmission technologies such as Full Dimensional MIMO (FD-MIMO), array antennas and large-scale antennas, metamaterial-based lenses and antennas for improving coverage of terahertz band signals, high-dimensional space multiplexing technology using OAM (Orbital Angular Momentum), and RIS (Reconfigurable Intelligent Surface), but also full-duplex technology for increasing frequency efficiency of 6G mobile communication technologies and improving system networks, AI-based communication technology for implementing system optimization by utilizing satellites and AI (Artificial Intelligence) from the design stage and internalizing end-to-end AI support functions, and next-generation distributed computing technology for implementing services at levels of complexity exceeding the limit of UE operation capability by utilizing ultra-high-performance communication and computing resources.
  • FD-MIMO Full Dimensional MIMO
  • OAM Organic Angular Momentum
  • RIS Reconfigurable Intelligent Surface
  • the embodiment herein is to provide a method for provisioning granular UP security policy in a wireless network.
  • the method includes detecting, by the network apparatus in the wireless network, the UP security policy for at least one UE in the wireless network.
  • the UP security policy includes an UP integrity protection and UP ciphering protection.
  • the method includes creating, by the network apparatus, a UP security policy for each Data Radio Bearer (DRB) carrying one or more Quality of service (QoS) flows with different QoS flow Identifier (QFI) in a Packet Data Convergence Protocol (PDCP) instant.
  • DRB Data Radio Bearer
  • QoS Quality of service
  • QFI QoS flow Identifier
  • the method includes detecting, by the network apparatus that the UP integrity protection is activated or deactivated for each DRB from the plurality of DRBs carrying the one or more QoS flows with the different QFI in the PDCP instant. Further, the method includes starting, by the network apparatus, an uplink UP integrity verification and a downlink UP integrity protection, if the UP integrity protection is activated. Further, the method includes detecting, by the network apparatus that UP ciphering protection is activated or deactivated for each DRB from the plurality of DRBs carrying the one or more QoS flows with the different QFI in the PDCP instant.
  • the method includes starting an uplink UP deciphering and starting a downlink UP ciphering, the UP ciphering protection is activated. Further, the method includes receiving, by the network apparatus, a RRC connection reconfiguration complete message from the at least one UE.
  • creating, by the network apparatus, the RRC connection reconfiguration message comprises one of binding the QoS flow to each DRB from the plurality of DRBs and all the QoS flows with a particular QFI supporting the same UP security policy to each DRB from the plurality of DRBs, creating the plurality of DRBs and mapping the one or more QoS flows to a single DRB of the plurality of DRBs when the UP security policy are same for a traffic class or type over the DRB and the DRB is capable to fulfil the requirements of the QoS flows, and creating the plurality of DRBs and mapping the one or more QoS flows to the plurality of DRBs when the UP security policy are different for a traffic class or type over the DRB even though a single DRB from the plurality of DRBs is capable to fulfil the requirements of the QoS flows.
  • the embodiment herein is to provide a method for provisioning granular (UP) security policy in a wireless network.
  • the method includes detecting, by a UE in the wireless network, that the UP security policy is activated or deactivated for the UE.
  • the UP security policy includes an UP integrity protection and UP ciphering activation or deactivation indication.
  • the method includes receiving, by the UE, a RRC connection reconfiguration message from a network apparatus in the wireless network, wherein the RRC connection reconfiguration message comprises an UP integrity protection indication and an UP ciphering protection indication for each DRB from a plurality of DRBs carrying one or more QoS flows with a different QFI in a PDCP instant.
  • the method includes verifying, by the UE, a RRC connection reconfiguration integrity based on the UP integrity protection indication and the UP ciphering protection indication for each DRB from the plurality of DRBs carrying the one or more QoS flows with the different QFI in the PDCP instant. Further, the method includes sending, by the UE, a RRC connection reconfiguration complete message to the network apparatus.
  • verifying, by the UE, a RRC connection reconfiguration integrity based on the UP integrity protection indication and the UP ciphering protection indication for each DRB from the plurality of DRBs carrying the one or more QoS flows with the different QFI in the PDCP instant includes detecting, by the UE, that the UP integrity protection is activated or deactivated for each DRB from the plurality of DRBs carrying the one or more QoS flows with the different QFI in the PDCP instant, starting, by the UE, an uplink UP integrity verification and starting a downlink UP integrity protection, if the UP integrity protection is activated, detecting, by the UE, that UP ciphering protection is activated for each DRB from the plurality of DRBs carrying the one or more QoS flows with the different QFI in the PDCP instant, and starting, by the UE, an uplink UP deciphering and starting a downlink UP ciphering, if the UP ciphering protection is
  • the embodiment herein is to provide a network apparatus for provisioning granular UP security policy in a wireless network.
  • the network apparatus includes an UP security policy controller communicatively coupled to a memory and a processor.
  • the UP security policy controller is configured to detect the UP security policy is activated or deactivated for at least one UE in the wireless network.
  • the UP security policy includes an UP integrity protection and UP ciphering protection. Further, the UP security policy controller is configured to create a UP security policy for each DRB carrying one or more QoS flows with different QFI in a PDCP instant.
  • the UP security policy comprises an UP integrity protection indication and an UP ciphering protection indication for each DRB from a plurality of DRBs carrying the one or more QoS Flows with the different QFI in the PDCP instant.
  • the UP security policy controller is configured to send the created UP security protection indication in RRC connection reconfiguration message to the at least one UE.
  • the embodiment herein is to provide a UE for provisioning granular UP security policy in a wireless network.
  • the UE includes a UP security policy controller communicatively coupled to a memory and a processor.
  • the UP security policy controller is configured to detect that the UP security policy is activated or deactivated for the UE in the wireless network.
  • the UP security policy comprises an UP integrity protection and UP ciphering protection. Further, the UP security policy controller is configured to receive a RRC connection reconfiguration message from a network apparatus in the wireless network.
  • the RRC connection reconfiguration message comprises an UP integrity protection indication and an UP ciphering protection indication for each DRB from the plurality of DRBs carrying the one or more QoS Flows with the different QFI in the PDCP instant.
  • the UP security policy controller is configured to verify a RRC connection reconfiguration integrity based on the UP integrity protection indication and the UP ciphering protection indication for each DRB from the plurality of DRBs carrying the one or more QoS Flows with the different QFI in the PDCP instant. Further, the UP security policy controller is configured to send a RRC connection reconfiguration complete message to the network apparatus.
  • the embodiment herein is to provide a method for provisioning granular UP security policy in a wireless network.
  • the method includes detecting, by the network apparatus in the wireless network, the UP security policy is activated for at least one UE in the wireless network.
  • the UP security policy includes an UP integrity protection and UP ciphering protection.
  • the method includes creating, by the network apparatus, a UP security policy for one or more QoS flows in a DRB in a Packet Data Convergence Protocol (PDCP) instant.
  • the UP security policy includes an UP integrity protection indication and an UP ciphering protection indication for the one or more QoS flows in the DRB in the PDCP instant.
  • the method includes sending, by the network apparatus, the created UP security protection indication in RRC connection reconfiguration message to the at least one UE.
  • the method includes detecting, by the network apparatus, that the UP integrity protection is activated for the one or more QoS flows in the DRB in the PDCP instant. Further, the method includes starting, by the network apparatus, an uplink UP integrity verification and starting a downlink UP integrity protection. Further, the method includes detecting, by the network apparatus that UP ciphering protection is activated for the one or more QoS flows in the DRB in the PDCP instant. Further, the method includes starting an uplink UP deciphering and starting a downlink UP ciphering. Further, the method includes receiving, by the network apparatus, a RRC connection reconfiguration complete message from the at least one UE.
  • creating, by the network apparatus, the RRC connection reconfiguration message comprises binding the one or more QoS flow to the DRB and all the QoS flows with a particular QFI supports the same UP security policy to the DRB.
  • the embodiment herein is to provide a method for provisioning granular UP security policy in a wireless network.
  • the method includes detecting, by a UE in the wireless network, that the UP security policy is activated or deactivated for at least one UE in the wireless network.
  • the UP security policy includes an UP integrity protection and UP ciphering protection.
  • the method includes receiving, by the UE, a RRC connection reconfiguration message from a network apparatus in the wireless network, wherein the RRC connection reconfiguration message comprises an UP integrity protection indication and an UP ciphering protection indication for one or more QoS flows in a DRB in a PDCP instant.
  • the method includes verifying, by the UE, a RRC connection reconfiguration integrity based on the UP integrity protection indication and the UP ciphering protection indication for the one or more QoS flows in the DRB carrying in the PDCP instant. Further, the method includes sending, by the UE, a RRC connection reconfiguration complete message to the network apparatus.
  • verifying, by the UE, a RRC connection reconfiguration integrity based on the UP integrity protection indication and the UP ciphering protection indication for the one or more QoS flows in the DRB carrying in the PDCP instant comprises detecting, by the UE, that the UP integrity protection is activated for the one or more QoS flows in the DRB in the PDCP instant, starting, by the UE, an uplink UP integrity verification and starting a downlink UP integrity protection, detecting, by the UE, that UP ciphering protection is activated for the one or more QoS flows in the DRB in the PDCP instant, and starting, by the UE, an uplink UP deciphering and starting a downlink UP ciphering.
  • the embodiment herein is to provide a network apparatus for provisioning granular UP security policy in a wireless network.
  • the network apparatus includes an UP security policy controller communicatively coupled to a memory and a processor.
  • the UP security policy controller is configured to detect the UP security policy is activated for at least one UE in the wireless network, wherein the UP security policy comprises an UP integrity protection and UP ciphering activation.
  • the UP security policy controller is configured to create a UP security policy for each DRB carrying one or more QoS flows with different QoS flow Identifier (QFI) in a Packet Data Convergence Protocol (PDCP) instant, wherein the UP security policy comprises an UP integrity protection indication and an UP ciphering protection indication for one or more QoS flows in a DRB in a PDCP instant.
  • the UP security policy controller is configured to send the created UP security protection indication in RRC connection reconfiguration message to the at least one UE.
  • the embodiment herein is to provide a UE for provisioning granular UP security policy in a wireless network.
  • the UE includes a UP security policy controller communicatively coupled to a memory and a processor.
  • the UP security policy controller is configured to detect that the UP security policy is activated for at least one UE in the wireless network, wherein the UP security policy comprises an UP integrity protection and UP ciphering protection.
  • the UP security policy controller is configured to receive a RRC connection reconfiguration message from a network apparatus in the wireless network, wherein the RRC connection reconfiguration message comprises an UP integrity protection indication and an UP ciphering protection indication for one or more QoS flows in a DRB in the PDCP instant.
  • the UP security policy controller is configured to verify a RRC connection reconfiguration integrity based on the UP integrity protection indication and the UP ciphering protection indication for the one or more QoS flows in the DRB.
  • the UP security policy controller is configured to send a RRC connection reconfiguration complete message to the network apparatus.
  • the embodiments herein is to provide a method, a UE and a network apparatus for provisioning granular UP security policy in a wireless network to support emerging verticals and requirements to enhance the system performance, while providing more flexibility.
  • the proposed method can be used to support different user plane security policies within the PDU session (based on a particular traffic type or class).
  • the proposed method can be used to enable to support and define a separate UP security policy per DRB (based on a particular traffic type or class) for user plane protection, and to support and define a separate UP security policy per QoS Flow or Quality of Service (QoS) Flow Identifier (QFI) for User Plane protection.
  • QoS Quality of Service
  • QFI Quality of Service
  • the proposed method can be used to map the QoS flows and DRBs or traffic type or class based on the newly defined UP security policy.
  • FIG.1A shows an existing user plane security activation mechanism according to clause 6.6.2 in TS 33.501;
  • FIG. 1B shows a conventional User Plane (UP) security policy enforcement
  • FIG.1C shows illustration of UP security policy enforcement for all the DRBs of the PDU session
  • FIG.2A shows an illustrative example to support separate or different security policy based on traffic type for each PDCP instant for the user plane security, according to the embodiments as disclosed herein;
  • FIG.2B shows an exemplary UP security policy enforcement per DRB, according to the embodiments as disclosed herein;
  • FIG.3A shows an illustrative example to support separate or different security policy per QoS flow in a 5GS, according to the embodiments as disclosed herein;
  • FIG.3B shows an illustrative example of UP security policy enforcement per QoS Flow (or) QFI based in accordance with some embodiments of the present disclosure
  • FIG.3C shows a UP security activation mechanism per QoS flow, according to the embodiments as disclosed herein;
  • FIG. 4 shows various hardware components of an UE, according to the embodiments as disclosed herein;
  • FIG. 5 shows various hardware components of a network apparatus, according to the embodiments as disclosed herein;
  • FIG. 6 and FIG. 7 are flow charts illustrating a method, implemented by the network apparatus, for provisioning the granular UP security policy in a wireless network, according to the embodiments as disclosed herein;
  • FIG. 8 and FIG. 9 are flow charts illustrating a method, implemented by the UE, for provisioning the granular UP security policy in a wireless network, according to the embodiments as disclosed herein.
  • a Session Management Function (SMF) 400 managing an entire lifecycle of the PDU session.
  • the SMF (400) determines, at the PDU session establishment, a User Plane (UP) security enforcement information for a user plane of the PDU session based on subscriber information from a Unified Data Management (UDM), UP security policy locally configured per Data Network Name (DNN) and/or slice in the SMF (400) and/or the maximum supported data rate per UE for User plane (UP) integrity or User plane confidentiality for all Data Radio Bearers (DRBs) belonging to the PDU session.
  • the local security configuration in the SMF (400) has been considered sufficient for globally applicable and static policies.
  • the UP security policy is used to activate UP confidentiality and/or UP integrity protection for all DRBs belonging to the PDU session.
  • the ng-eNB/gNB activates UP confidentiality and/or UP integrity protection for all DRBs belonging to the PDU session, according to the received UP security policy enforcement, using RRC signalling as shown in FIG.1B.
  • there might be some traffic in the PDU session which may not require protection (for example, real time streaming traffic) same as the other (for example, Domain Name System (DNS) and/or Session Initiation Protocol (SIP) messages).
  • DNS Domain Name System
  • SIP Session Initiation Protocol
  • the streaming video traffic may not need the same protection (as to achieve the required Quality of Service (QoS) parameters (like, throughput)) as traffic which carries user personal information (like, User ID included in a SIP messages) as illustrated in FIG. 1C.
  • QoS Quality of Service
  • FIG.1C shows illustration of UP security policy enforcement for all the DRBs of the PDU session in the current state-of-the-art.
  • the RRC security is activated, i.e., RRC ciphering and RRC integrity protection are activated.
  • the network apparatus sends the RRC Connection Reconfiguration including the UP integrity indication, UP ciphering indication for each DRB to the UE (100).
  • the network apparatus starts the uplink UP integrity verification and downlink UP integrity protection.
  • the network apparatus starts the uplink UP deciphering and downlink UP ciphering.
  • the UE (100) verifies the RRC connection reconfiguration integrity.
  • the UE (100) If successful, for each DRB, if UP integrity is activated, the UE (100) starts the uplink UP integrity protection and downlink UP integrity verification; for each DRB, if UP ciphering is activated, the UE (100) starts the uplink UP ciphering and downlink UP deciphering.
  • the UE (100) sends the RRC connection reconfiguration complete.
  • the UE (100) sends the RRC connection reconfiguration complete to the network apparatus (200).
  • UP protection is a home network operator-dependent policy, thus optional for the network to enable for a PDU session. If the home network operator sets the policy to disable/not needed (as shown in FIG.1C), the UP protection for some reason (service-dependent policy, e.g. online Gaming, etc.), which may lead to the information (like DNS) that needs protection may be transmitted without protection over the air.
  • service-dependent policy e.g. online Gaming, etc.
  • the home network operator sets the policy to enable/required, then the UP protection may be activated for the entire PDU session creating heavy burden and unnecessary usage of resources to protect all the DRBs of the PDU session, which may degrade the Quality of Experience (QoE) for the subscribers as security computation on QoS sensitive traffic that does not need protection introduces performance degradation.
  • QoE Quality of Experience
  • circuits may, for example, be embodied in one or more semiconductor chips, or on substrate supports such as printed circuit boards and the like.
  • circuits constituting a block may be implemented by dedicated hardware, or by a processor (e.g., one or more programmed microprocessors and associated circuitry), or by a combination of dedicated hardware to perform some functions of the block and a processor to perform other functions of the block.
  • a processor e.g., one or more programmed microprocessors and associated circuitry
  • Each block of the embodiments may be physically separated into two or more interacting and discrete blocks without departing from the scope of the disclosure.
  • the blocks of the embodiments may be physically combined into more complex blocks without departing from the scope of the disclosure.
  • the proposed method can be used to support different user plane security policies within the PDU session (based on a particular traffic type or class).
  • the proposed method can be used to enable to support and define a separate UP security policy per DRB (based on a particular traffic type or class) for user plane protection, and to support and define a separate UP security policy per QoS Flow or Quality of Service (QoS) Flow Identifier (QFI) for User Plane protection.
  • QoS Quality of Service
  • QFI Quality of Service
  • the proposed method can be used to map the QoS flows and DRBs or traffic type or class based on the newly defined UP security policy.
  • the proposed method provides a user plane security policy per DRB and a user plane security policy enforcement.
  • the User Plane (UP) security policy is supported and defined on per DRB basis.
  • UP Security Policy may be indicated separately and the security policy may be different for each traffic type/class carrying one or more than one Quality of Service (QoS) Flows with different QoS Flow Identifier (QFI).
  • QoS Quality of Service
  • QFI QoS Flow Identifier
  • the Session Management Function (SMF) determines at Protocol Data Unit (PDU) session establishment a UP security enforcement information for each traffic type of a PDU session based on subscriber information from Unified Data Management (UDM), UP security policy locally configured per DNN and/or slice in the SMF (400) and/or the maximum supported data rate per UE and/or type of the packet.
  • UDM Unified Data Management
  • the UP security policy is used to activate UP confidentiality and/or UP integrity for each DRB carrying one or more than one QoS Flows with different QoS Flow Identifier (QFI) belonging to a particular PDCP instant or PDU session belonging to the PDU session.
  • QFI QoS Flow Identifier
  • Protocol Domain Name Server (DNS), Internet Control Message Protocol (ICMP), Session Initiation Protocol (SIP): UP confidentiality and UP integrity protection REQUIRED
  • FIGS. 2a through 9 where similar reference characters denote corresponding features consistently throughout the figures, there are shown preferred embodiments.
  • FIG.2A shows an illustrative example to support separate or different security policy per traffic type for each PDCP instant in 5G system for the user plane security, in accordance with some embodiments of the present disclosure.
  • the traffic type or class is defined as the UP signalling traffic which requires user plane protection and non-signalling traffic which may not need protection.
  • SMF 400
  • a Packet Filter Set is used to identify one or more packet traffic type flow and this information is further used for setting the UP security policy based on the traffic type.
  • the gNB may bind the QoS Flow to Data Radio Bearers and all the QoS Flows with particular QFI supports same UP Security Policy.
  • the gNB creates DRB and maps multiple QoS flows to a single DRB (if such a DRB can be configured to fulfil the requirements of the QoS flows), only if the security policies are also same for the traffic class/type over the DRB. If the security policies are different, then the gNB creates multiple DRBs as to apply different security protection even though the QoS requirements can be achieved by a DRB.
  • the SMF (400) may provide the UP security policy per traffic type as part of QoS Flow profile which is controlled by the SMF (400) and this profile is preconfigured, or established via the PDU Session Establishment procedure (Refer TS 23.502, clause 4.3.2), or the PDU Session Modification procedure (Refer TS 23.502 clause 4.3.3).
  • the SMF (400) may perform the binding of Policy and Charging Control (PCC) rules to QoS Flows based on the QoS and service requirements (as defined in TS 23.503). Thereafter, the SMF (400) may assign the QFI for a new QoS Flow and derives its QoS profile, corresponding UPF (600) instructions and QoS Rule(s) from the PCC rule(s) bound to the QoS Flow and other information provided by the Policy Charging Function (PCF). In some embodiments, the SMF (400) may also determine the UP security policy based on the DRB carrying one or more than one QoS Flows with different QoS Flow Identifier (QFI).
  • PCC Policy and Charging Control
  • the SMF (400) may provide the UP security policy information for the DRB to the (R) AN along with other parameter QFI, QoS profile, QoS rules and the like.
  • a QoS profile containing the UP Security policy is provided by the SMF (400) to the Access Node (AN) via the Access and Mobility Management Function (AMF) (300) over the N2 reference point or preconfigured in the AN.
  • the UP security policy may be a part of default QoS rules associated with the traffic type.
  • the UP security policy definition may include:
  • FIG.2B shows an exemplary UP security policy enforcement per DRB in accordance with some embodiments of the present disclosure.
  • the UP security policy may be determined based on per traffic type/class and traffic class/type having 1:1 mapping with the DRBs. Establishment of the DRB for a particular traffic type is upto the AN (500).
  • FIG.2C shows an exemplary UP security activation mechanism per DRB in accordance with some embodiments of the present disclosure.
  • AS UP integrity protection and ciphering activation is done as part of the DRB addition procedure using RRC Connection Reconfiguration procedure as described in TS 33.501.
  • the SMF (400) sends the UP security policy to the gNB/ng-eNB as defined in TS 33.501.
  • the network apparatus (200) indicates that, this RRC Connection Reconfiguration procedure which is used to add DRBs shall be performed only after RRC security has been activated as part of the AS security mode command procedure defined in Clause 6.7.4 of TS 33.501.
  • the gNB/ng-eNB shall send the RRC Connection Reconfiguration message to the UE (100) for UP security activation containing indications for the activation of UP integrity protection and/or ciphering for each DRB carrying one or more than one QoS Flows with different QoS Flow Identifier (QFI) in a PDCP instant according to the security policy.
  • QFI QoS Flow Identifier
  • At 1c indicates that, if UP integrity protection is activated for a DRB (QoS Flow) in the PDCP instant as indicated in the RRC Connection Reconfiguration message, and if the gNB/ng-eNB does not have KUPint, the gNB/ng-eNB shall generate KUPint and UP integrity protection for such DRBs shall start at the gNB/ng-eNB.
  • DRB QoS Flow
  • the gNB/ng-eNB shall generate KUPenc and UP ciphering for such DRBs shall start at the gNB/ng-eNB.
  • the UE (100) shall verify the RRC Connection Reconfiguration message. If successful:
  • UP integrity protection is activated for a DRB (QoS Flow) in a PDCP instant as indicated in the RRC Connection Reconfiguration message, and if the UE (100) does not have KUPint, the UE (100) shall generate KUPint and UP integrity protection for such DRBs shall start at the UE (100).
  • UP ciphering is activated for a DRB (QoS Flow) in a PDCP instant as indicated in the RRC Connection Reconfiguration message, and if the UE (100) does not have KUPenc, the UE (100) shall generate KUPenc and UP ciphering for such DRBs shall start at the UE (100).
  • At 2b indicates that, if the UE (100) successfully verifies integrity of the RRC Connection Reconfiguration message, the UE (100) shall send the RRC Connection Reconfiguration Complete message to the gNB/ng-eNB.
  • the gNB/ng-eNB and the UE (100) should not integrity protect the traffic of such DRB and should not put MAC-I into PDCP packet. If UP ciphering is not activated for a DRB (QoS Flow), the gNB/ng-eNB and the UE (100) should not cipher the traffic of such DRBs.
  • the method provides a user plane security policy per Quality of Service (QoS) flow and a new method of user plane security policy enforcement.
  • QoS Quality of Service
  • the UP security policy is supported and defined on per QoS flow based.
  • User Plane Security Policy may be indicated separately and the security policy may be different for each QoS Flow with different QoS Flow Identifier (QFI) carried by a Data Radio Bearer.
  • the SMF (400) determines at PDU session establishment the UP security enforcement information for a QoS Flow based on, but not limited to, subscriber information from UDM, UP security policy locally configured per DNN and/or slice in the SMF (400) and/or the maximum supported data rate per UE (100) and/or type of the packet.
  • the SMF (400) provide UP security policies for a PDU session to the ng-eNB/gNB during the PDU session establishment procedure as specified in TS 23.502.
  • the UP security policy indicates whether UP confidentiality and/or UP integrity protection should be activated or not for QoS flows (QFIs) belonging to that PDU session.
  • the UP security policy may be used to activate UP confidentiality and/or UP integrity for DRBs belonging to the PDU session.
  • the UP security policy of matching QFIs may be mapped to the DRB and security policy is based to that associated DRB.
  • the SMF (400) associates the QoS flow and its security policy with QoS profile, QoS rules and Packet Detection Rules (PDRs).
  • the SMF (400) assigns a QFI for each QoS flow (where QoS flow associate with a security policy) and an identifier to each QoS rule.
  • PDRs part of Service Data Flow (SDF) Template passed to User Plane Function, are derived from the PCC rule.
  • SMF (400) sends QoS profile to RAN via the AMF (300) over N2, QoS rules to the UE (100) via AMF (300) over N1, and PDRs to the UPF (600) over N4.
  • the Radio Access Network (RAN) or Access Network (AN) decides how to map QoS flows and its security policies to radio bearers. This is a flexible design, since gNB can choose to map multiple QoS flows to a single DRB and enforce/activate the associated security policy for the DRB, if such a DRB can be configured to fulfil the requirements of those QoS flows and also security policies.
  • FIG.3A shows an illustrative example to support separate or different security policy per QoS flow in 5GS.
  • DRB-1 is carrying two QoS Flows with QFI-1 and QFI-2 and DRB-2 is carrying a QoS Flow with QFI-3.
  • the SMF (400) may provide the UP security policy per QoS Flow based with different QFI as part of QoS Flow profile which is controlled by the SMF (400) and this profile is preconfigured, or established via the PDU Session Establishment procedure (Refer TS 23.502, clause 4.3.2), or the PDU Session Modification procedure (Refer TS 23.502 clause 4.3.3).
  • the SMF (400) performs the binding of the PCC rules to QoS Flows based on the QoS and service requirements (as defined in TS 23.503).
  • the SMF (400) may assign the QFI for a new QoS Flow and may derive its QoS profile, corresponding UPF (600) instructions and QoS Rule(s) from the PCC rule(s) bound to the QoS Flow and other information provided by the PCF.
  • the SMF (400) may also determine the UP security policy based on the QoS Flow and QFI.
  • the SMF (400) When required or applicable, the SMF (400) provides the UP security policy information for each QoS Flows to the (R)AN along with other parameter QFI, QoS profile, QoS rules and the like.
  • a QoS profile containing the UP security policy for each QoS Flow with different QFI may be provided by the SMF (400) to the AN (500) via the AMF (300) over the N2 reference point or preconfigured in the AN.
  • the UP security policy may be a part of default QoS rules associated with the QoS Flow.
  • FIG.3B shows an illustrative example of UP security policy enforcement per QoS Flow (or) QFI based in accordance with some embodiments of the present disclosure.
  • the UP security policy may be determined based on the type of the packets. All packets of same type can be mapped to a single DRB or more than one DRB. Establishment of the DRB for a particular QoS Flow is upto the AN.
  • “Required” may indicate UP confidentiality and/or UP integrity protection “Required” i.e., activated per QoS Flow based.
  • “Not Needed” may indicate UP confidentiality and/or UP integrity protection “Not needed” i.e., not activated per QoS Flow based.
  • “Preferred” may indicate activation or deactivation of UP confidentiality and/or UP integrity protection per QoS flow based on the gNB resource or capability.
  • the gNB adopts the UP security policy for new DRB or QoS Flow based on the UP security policy of already existing QoS Flow.
  • the present disclosure may perform AS UP integrity protection and ciphering activation as part of the DRB addition procedure using RRC Connection Reconfiguration procedure as described in TS 33.501.
  • the SMF (400) sends the UP security policy to the gNB/ng-eNB as defined in TS 33.501.
  • FIG.3C shows a UP security activation mechanism per QoS flow in accordance with some embodiments of the present disclosure. As shown in FIG.3C.
  • the gNB/ng-eNB shall send the RRC Connection Reconfiguration message to the UE (100) for UP security activation containing indications for the activation of UP integrity protection and ciphering for each QoS Flow in a DRB according to the security policy.
  • At 1c indicates that, if UP integrity protection is activated for each QoS Flow in the DRB as indicated in the RRC Connection Reconfiguration message, and if the gNB/ng-eNB does not have KUPint, the gNB/ng-eNB shall generate KUPint and UP integrity protection for such DRBs shall start at the gNB/ng-eNB.
  • the gNB/ng-eNB shall generate KUPenc and UP ciphering for such DRBs shall start at the gNB/ng-eNB.
  • UP integrity protection is activated for each QoS Flow in a DRB as indicated in the RRC Connection Reconfiguration message, and if the UE (100) does not have KUPint, the UE (100) shall generate KUPint and UP integrity protection for such DRBs shall start at the UE (100).
  • UP ciphering is activated for each QoS Flow in a DRB as indicated in the RRC Connection Reconfiguration message, and if the UE (100) does not have KUPenc, the UE (100) shall generate KUPenc and UP ciphering for such DRBs shall start at the UE (100).
  • At 2b indicates that, if the UE (100) successfully verifies integrity of the RRC Connection Reconfiguration message, the UE (100) shall send the RRC Connection Reconfiguration Complete message to the gNB/ng-eNB.
  • the gNB/ng-eNB and the UE (100) should not integrity protect the traffic or QoS Flow and should not put MAC-I into PDCP packet. If UP ciphering is not activated for a QoS Flow in a DRB, the gNB/ng-eNB and the UE (100) should not cipher the traffic or QoS Flow.
  • the User Plane (UP) security policy is supported and defined on per SDF and/or Traffic Flow Template (TFT) basis.
  • the SMF (400) associates a security policy with SDF/TFT and QoS profile.
  • SMF (400) sends uplink TFT with security policy to the UE (100) and the QoS profile with its security policy to the gNB.
  • the Radio Access Network (RAN) or Access Network (AN) decides how to map QoS flows and its security policies to radio bearers.
  • gNB can choose to map multiple QoS flows and enforcing/activation of the associated security policy to a single DRB, if such a DRB can be configured to fulfil the requirements of those QoS flows and also security policies.
  • FIG. 4 shows various hardware components of the UE (100), according to the embodiments as disclosed herein.
  • the UE (100) can be, for example, but not limited to a cellular phone, a smart phone, a Personal Digital Assistant (PDA), a tablet computer, a laptop computer, an Internet of Things (IoT), embedded systems, edge devices, or the like.
  • the UE (100) includes a processor (110), a communicator (120), a memory (130), and a UP security policy controller (140).
  • the processor (110) is coupled with the communicator (120), the memory (130), and the UP security policy controller (140).
  • the UP security policy controller (140) detects that the UP security policy is activated or deactivated for the UE (100) in the wireless network (1000).
  • the UP security policy includes the UP integrity protection and the UP ciphering protection.
  • the UP security policy controller (140) receives the RRC connection reconfiguration message from the network apparatus (200).
  • the RRC connection reconfiguration message includes the UP integrity protection indication and the UP ciphering protection indication for each DRB from the plurality of DRBs carrying the one or more QoS Flows with the different QFI in the PDCP instant.
  • the UP security policy controller (140) verifies the RRC connection reconfiguration integrity based on the UP integrity protection indication and the UP ciphering protection indication for each DRB from the plurality of DRBs carrying the one or more QoS Flows with the different QFI in the PDCP instant.
  • the UP security policy controller (140) detects that the UP integrity protection is activated for each DRB from the plurality of DRBs carrying the one or more QoS flows with the different QFI in the PDCP instant. Further, the UP security policy controller (140) starts an uplink UP integrity verification and the downlink UP integrity protection.
  • the UP security policy controller (140) detects that the UP ciphering protection is activated for each DRB from the plurality of DRBs carrying the one or more QoS flows with the different QFI in the PDCP instant. Further, the UP security policy controller (140) starts the uplink UP deciphering and the downlink UP ciphering.
  • the UP security policy controller (140) sends the RRC connection reconfiguration complete message to the network apparatus (200).
  • the UP security policy controller (140) detects that the UP security policy is activated for the UE (100) in the wireless network (1000).
  • the UP security policy includes the UP integrity protection and the UP ciphering protection.
  • the UP security policy controller (140) receives the RRC connection reconfiguration message from the network apparatus (200).
  • the RRC connection reconfiguration message includes the UP integrity protection indication and the UP ciphering protection indication for one or more QoS flows in the DRB in the PDCP instant.
  • the UP security policy controller (140) verifies the RRC connection reconfiguration integrity based on the UP integrity protection indication and the UP ciphering protection indication for the one or more QoS flows in the DRB.
  • the UP security policy controller (140) detect that the UP integrity protection is activated for the one or more QoS flows in the DRB. Further, the UP security policy controller (140) starts an uplink UP integrity verification and a downlink UP integrity protection. Further, the UP security policy controller (140) detects that that UP ciphering protection is activated for the one or more QoS flows in the DRB and starts the uplink UP deciphering and a downlink UP ciphering.
  • the UP security policy controller (140) sends a RRC connection reconfiguration complete message to the network apparatus (200).
  • the UP security policy controller (140) is physically implemented by analog and/or digital circuits such as logic gates, integrated circuits, microprocessors, microcontrollers, memory circuits, passive electronic components, active electronic components, optical components, hardwired circuits and the like, and may optionally be driven by firmware.
  • the processor (110) is configured to execute instructions stored in the memory (130) and to perform various processes.
  • the communicator (120) is configured for communicating internally between internal hardware components and with external devices via one or more networks.
  • the memory (130) also stores instructions to be executed by the processor (110).
  • the memory (130) may include non-volatile storage elements. Examples of such non-volatile storage elements may include magnetic hard discs, optical discs, floppy discs, flash memories, or forms of electrically programmable memories (EPROM) or electrically erasable and programmable (EEPROM) memories.
  • EPROM electrically programmable memories
  • EEPROM electrically erasable and programmable
  • the memory (130) may, in some examples, be considered a non-transitory storage medium.
  • non-transitory may indicate that the storage medium is not embodied in a carrier wave or a propagated signal. However, the term “non-transitory” should not be interpreted that the memory (130) is non-movable. In certain examples, a non-transitory storage medium may store data that can, over time, change (e.g., in Random Access Memory (RAM) or cache).
  • RAM Random Access Memory
  • FIG. 4 shows various hardware components of the UE (100) but it is to be understood that other embodiments are not limited thereon. In other embodiments, the UE (100) may include less or more number of components. Further, the labels or names of the components are used only for illustrative purpose and does not limit the scope of the invention. One or more components can be combined together to perform same or substantially similar function in the UE (100).
  • FIG. 5 shows various hardware components of the network apparatus (200), according to the embodiments as disclosed herein.
  • the network apparatus (200) includes a processor (210), a communicator (220), a memory (230), and a UP security policy controller (240).
  • the processor (210) is coupled with the communicator (220), the memory (230), and the UP security policy controller (240).
  • the UP security policy controller (240) detects that the UP security policy is activated or deactivated for the UE (100).
  • the UP security policy includes the UP integrity protection and UP ciphering protection.
  • the UP security policy controller (240) creates the UP security policy for each DRB carrying one or more QoS flows with different QFI in the PDCP instant.
  • the UP security policy includes the UP integrity protection indication and the UP ciphering protection indication for each DRB from the plurality of DRBs carrying the one or more QoS Flows with the different QFI in the PDCP instant.
  • the UP security policy controller (240) sends the created UP security protection indication in the RRC connection reconfiguration message to the UE (100).
  • the RRC connection reconfiguration message includes one of bind the QoS flow to each of the DRB and all the QoS flows with a particular QFI supports the same UP security policy, create a plurality of DRBs and map the one or more QoS flows to a single DRB of the plurality of DRBs when the UP security policy are same for a traffic class or type over the DRB and the DRB is capable to fulfil the requirements of the QoS flows, and create a plurality of DRBs and map the one or more QoS flows to the plurality of DRBs when the UP security policy are different for a traffic class or type over the DRB even though a single DRB from the plurality of DRBs is capable to fulfil the requirements of the QoS flows.
  • the UP security policy controller (240) detects that the UP integrity protection is activated or deactivated for each DRB from the plurality of DRBs carrying the one or more QoS flows with the different QFI in the PDCP instant. Further, the UP security policy controller (240) starts an uplink UP integrity verification and a downlink UP integrity protection, if UP integrity protection is activated. Further, the UP security policy controller (240) detects that UP ciphering protection is activated or deactivated for each DRB from the plurality of DRBs carrying the one or more QoS flows with the different QFI in the PDCP instant.
  • the UP security policy controller (240) starts an uplink UP deciphering and a downlink UP ciphering, if UP ciphering protection is activated. Further, the UP security policy controller (240) receives a RRC connection reconfiguration complete message from the at least one UE (100).
  • the UP security policy controller (240) detects that the UP security policy is activated for at least one UE (100) in the wireless network (1000).
  • the UP security policy comprises the UP integrity protection and the UP ciphering activation.
  • the UP security policy controller (240) creates the UP security policy for each DRB carrying one or more QoS flows with different QFI in the PDCP instant, where the UP security policy comprises the UP integrity protection indication and an UP ciphering protection indication for one or more QoS flows in a DRB in a PDCP instant. Further, the UP security policy controller (240) sends the created UP security protection indication in RRC connection reconfiguration message to the at least one UE (100).
  • the UP security policy controller (240) detects that the UP integrity protection is activated for the one or more QoS flows in the DRB in the PDCP instant. Further, the UP security policy controller (240) starts an uplink UP integrity verification and a downlink UP integrity protection. Further, the UP security policy controller (240) detects that UP ciphering protection is activated for the one or more QoS flows in the DRB in the PDCP instant. Further, the UP security policy controller (240) starts an uplink UP deciphering and a downlink UP ciphering and receives a RRC connection reconfiguration complete message from the at least one UE (100).
  • the UP security policy controller (240) is physically implemented by analog and/or digital circuits such as logic gates, integrated circuits, microprocessors, microcontrollers, memory circuits, passive electronic components, active electronic components, optical components, hardwired circuits and the like, and may optionally be driven by firmware.
  • the processor (210) is configured to execute instructions stored in the memory (230) and to perform various processes.
  • the communicator (220) is configured for communicating internally between internal hardware components and with external devices via one or more networks.
  • the memory (230) also stores instructions to be executed by the processor (210).
  • the memory (230) may include non-volatile storage elements. Examples of such non-volatile storage elements may include magnetic hard discs, optical discs, floppy discs, flash memories, or forms of electrically programmable memories (EPROM) or electrically erasable and programmable (EEPROM) memories.
  • EPROM electrically programmable memories
  • EEPROM electrically erasable and programmable
  • the memory (230) may, in some examples, be considered a non-transitory storage medium.
  • non-transitory may indicate that the storage medium is not embodied in a carrier wave or a propagated signal. However, the term “non-transitory” should not be interpreted that the memory (230) is non-movable.
  • a non-transitory storage medium may store data that can, over time, change (e.g., in Random Access Memory (RAM) or cache).
  • RAM Random Access Memory
  • FIG. 5 shows various hardware components of the network apparatus (200) but it is to be understood that other embodiments are not limited thereon.
  • the network apparatus (200) may include less or more number of components.
  • the labels or names of the components are used only for illustrative purpose and does not limit the scope of the invention.
  • One or more components can be combined together to perform same or substantially similar function in the network apparatus (200).
  • FIG. 6 and FIG. 7 are flow charts (S600 and S700) illustrating a method, implemented by the network apparatus (200), for provisioning the granular UP security policy in the wireless network (1000), according to the embodiments as disclosed herein.
  • the operations (S602-S616) are performed by the UP security policy controller (240).
  • the method includes detecting the UP security policy for the UE (100).
  • the UP security policy includes the UP integrity protection and the UP ciphering protection.
  • the method includes creating the UP security policy for each DRB carrying one or more QoS flows with different QFI in the PDCP instant.
  • the method includes sending the created UP security protection indication in the RRC connection reconfiguration message to the at least one UE (100).
  • the method includes detecting that the UP integrity protection is activated or deactivated for each DRB from the plurality of DRBs carrying the one or more QoS flows with the different QFI in the PDCP instant.
  • the method includes starting the uplink UP integrity verification and the downlink UP integrity protection, if the UP integrity protection is activated.
  • the method includes detecting that the UP ciphering protection is activated or deactivated for each DRB from the plurality of DRBs carrying the one or more QoS flows with the different QFI in the PDCP instant.
  • the method includes starting the uplink UP deciphering and the downlink UP ciphering, if the UP ciphering protection is activated.
  • the method includes receiving the RRC connection reconfiguration complete message from the at least one UE (100).
  • the operations (S702-S716) are performed by the UP security policy controller (240).
  • the method includes detecting that the UP security policy is activated for at least one UE (100) in the wireless network (1000).
  • the method includes creating the UP security policy for one or more QoS flows in the DRB in a PDCP instant.
  • the method includes sending the created UP security protection indication in the RRC connection reconfiguration message to the at least one UE (100).
  • the method includes detecting that the UP integrity protection is activated for the one or more QoS flows in the DRB in the PDCP instant.
  • the method includes starting the uplink UP integrity verification and starting a downlink UP integrity protection.
  • the method includes detecting that the UP ciphering protection is activated for the one or more QoS flows in the DRB in the PDCP instant.
  • the method includes starting the uplink UP deciphering and starting the downlink UP ciphering.
  • the method includes receiving the RRC connection reconfiguration complete message from the at least one UE (100)
  • FIG. 8 and FIG. 9 are flow charts (S800 and S900) illustrating a method, implemented by the UE (100), for provisioning the granular UP security policy in the wireless network (1000), according to the embodiments as disclosed herein.
  • the operations (S802-S814) are performed by the UP security policy controller (140).
  • the method includes detecting that the UP security policy is activated or deactivated for the UE (100).
  • the method includes receiving the RRC connection reconfiguration message from the network apparatus (200) in the wireless network (1000).
  • the RRC connection reconfiguration message includes the UP integrity protection indication and the UP ciphering protection indication for each DRB from the plurality of DRBs carrying one or more QoS flows with the different QFI in the PDCP instant.
  • the method includes detecting that the UP integrity protection is activated or deactivated for each DRB from the plurality of DRBs carrying the one or more QoS flows with the different QFI in the PDCP instant.
  • the method includes starting the uplink UP integrity verification and starting a downlink UP integrity protection, if the UP integrity protection is activated.
  • the method includes detecting that the UP ciphering protection is activated for each DRB from the plurality of DRBs carrying the one or more QoS flows with the different QFI in the PDCP instant.
  • the method includes starting the uplink UP deciphering and starting a downlink UP ciphering, if the UP ciphering protection is activated.
  • the method includes sending the RRC connection reconfiguration complete message to the network apparatus (200).
  • the operations (S902-S914) are performed by the UP security policy controller (140).
  • the method includes detecting that the UP security policy is activated or deactivated for at least one UE (100) in the wireless network (1000).
  • the UP security policy includes the UP integrity protection and the UP ciphering protection.
  • the method includes receiving the RRC connection reconfiguration message from the network apparatus (200) in the wireless network (1000).
  • the RRC connection reconfiguration message includes the UP integrity protection indication and the UP ciphering protection indication for one or more QoS flows in the DRB in the PDCP instant.
  • the method includes detecting that the UP integrity protection is activated for the one or more QoS flows in the DRB in the PDCP instant.
  • the method includes starting the uplink UP integrity verification and starting the downlink UP integrity protection.
  • the method includes detecting that UP ciphering protection is activated for the one or more QoS flows in the DRB in the PDCP instant.
  • the method includes starting the uplink UP deciphering and starting the downlink UP ciphering.
  • the method includes sending the RRC connection reconfiguration complete message to the network apparatus (200).

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

La présente invention concerne un système de communication 5 G ou 6G permettant de prendre en charge un débit de transmission de données plus élevé.
PCT/KR2022/009340 2021-06-29 2022-06-29 Procédé, ue et appareil de réseau pour fournir une politique de sécurité du plan utilisateur (up) granulaire dans un réseau sans fil WO2023277581A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
IN202141029273 2021-06-29
IN202141029273 2022-06-23

Publications (1)

Publication Number Publication Date
WO2023277581A1 true WO2023277581A1 (fr) 2023-01-05

Family

ID=84706504

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2022/009340 WO2023277581A1 (fr) 2021-06-29 2022-06-29 Procédé, ue et appareil de réseau pour fournir une politique de sécurité du plan utilisateur (up) granulaire dans un réseau sans fil

Country Status (1)

Country Link
WO (1) WO2023277581A1 (fr)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20210037425A1 (en) * 2018-02-15 2021-02-04 Telefonaktiebolaget Lm Ericsson (Publ) Methods providing qfi harmonization between ran and 5gc and related wireless terminals, base stations, and core network nodes

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20210037425A1 (en) * 2018-02-15 2021-02-04 Telefonaktiebolaget Lm Ericsson (Publ) Methods providing qfi harmonization between ran and 5gc and related wireless terminals, base stations, and core network nodes

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
ANONYMOUS: "3 Generation Partnership Project; Technical Specification Group Services and System Aspects; Security architecture and procedures for 5G system (Release 17)", 3GPP STANDARD; TECHNICAL SPECIFICATION; 3GPP TS 33.501, vol. SA WG3, no. V17.1.0, 6 April 2021 (2021-04-06), pages 1 - 256, XP052000595 *
ANONYMOUS: "3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; Study on key issues and potential solutions for integrity protection of the User Plane (UP); (Release 17)", 3GPP STANDARD; TECHNICAL SPECIFICATION; 3GPP TR 33.853, no. V17.0.0, 25 June 2021 (2021-06-25), pages 1 - 66, XP052029792 *
APPLE: "New solution on enabling UP IP for capability limited UE", 3GPP DRAFT; S3-201008, vol. SA WG3, 1 May 2020 (2020-05-01), pages 1 - 3, XP051879698 *
HUAWEI, HISILICON: "Modification on the Key issue #3 for UP IP", 3GPP DRAFT; S3-201207, vol. SA WG3, 1 May 2020 (2020-05-01), pages 1 - 2, XP051879844 *

Similar Documents

Publication Publication Date Title
WO2023277581A1 (fr) Procédé, ue et appareil de réseau pour fournir une politique de sécurité du plan utilisateur (up) granulaire dans un réseau sans fil
WO2024035135A1 (fr) Procédé et appareil de gestion de session de service informatique périphérique dans un système de communication sans fil
WO2023191421A1 (fr) Dispositif et procédé pour le traitement de données d'application dans un système de communication sans fil
WO2023014096A1 (fr) Procédé et dispositif pour l'application d'une politique de sécurité de plan utilisateur pour une session d'unité de données de protocole (pdu) dans un système de communication sans fil
WO2024072044A1 (fr) Procédé et appareil de service multimodalité dans un système de communication sans fil
WO2023214753A1 (fr) Procédé et dispositif dpour actionner un terminal dans un système de communication sans fil
WO2023136590A1 (fr) Application d'un groupe d'enregistrement simultané de tranche de réseau (nssrg) dans un système par paquets évolué (eps) dans un système de communication sans fil
WO2023075511A1 (fr) Procédé et appareil pour vérifier la conformité avec une politique de sélection d'itinéraire d'équipement utilisateur
WO2024106960A1 (fr) Procédé et appareil d'utilisation de ressources radio pendant une session d'urgence dans un système de communication
WO2023121172A1 (fr) Procédé et dispositif d'enregistrement basé sur le plan de commande et de provisionnement à distance dans un système de communication
WO2023075354A1 (fr) Procédé et dispositif de prise en charge de tranche de réseau alternative dans un système de communication sans fil
WO2023055002A1 (fr) Procédés et appareil pour déterminer un plmn en condition de catastrophe
WO2023191424A1 (fr) Procédé pour fournir une fonction de réseau pour un équipement utilisateur itinérant
WO2024101895A1 (fr) Procédé et dispositif d'autorisation basés sur une upf dans un système de communication sans fil
WO2023085707A1 (fr) Procédé et appareil de transmission de données en fonction de la qualité de service dans un système de communication sans fil
WO2023075374A1 (fr) Procédé et dispositif d'exemption de limitations de débit binaire de tranche de réseau dans un système de communication sans fil
WO2024072071A1 (fr) Restriction de cellules candidates à des fins de mobilité
WO2023113341A1 (fr) Procédé et appareil pour établir une sécurité de bout en bout dans un système de communication sans fil
WO2023153806A1 (fr) Procédé et appareil pour déterminer un ue relais pour un ue contraint
WO2023075494A1 (fr) Procédé et dispositif pour améliorer la sécurité dans une couche dans un système de communication mobile de nouvelle génération
WO2023008892A1 (fr) Procédé et appareil de sélection d'une smf correcte pour l'intégration d'un ue snpn
WO2022235081A1 (fr) Contrôle d'admission de tranche de réseau sur la base de la disponibilité d'un quota au niveau d'un appareil à fonction nsacf dans un réseau sans fil
WO2023085720A1 (fr) Procédé et dispositif de prise en charge de serveur d'application de bord dans un système de communication sans fil prenant en charge un calcul de bord
WO2024072069A1 (fr) Commutation de configuration de cellule dans des communications sans fil
WO2024029937A1 (fr) Cadre d'authentification et d'autorisation d'équipements utilisateurs pour des services localisés

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22833636

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE