WO2024194968A1 - 端末、ネットワークノード装置、及び通信方法 - Google Patents

端末、ネットワークノード装置、及び通信方法 Download PDF

Info

Publication number
WO2024194968A1
WO2024194968A1 PCT/JP2023/010769 JP2023010769W WO2024194968A1 WO 2024194968 A1 WO2024194968 A1 WO 2024194968A1 JP 2023010769 W JP2023010769 W JP 2023010769W WO 2024194968 A1 WO2024194968 A1 WO 2024194968A1
Authority
WO
WIPO (PCT)
Prior art keywords
terminal
network node
security
node device
message
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/JP2023/010769
Other languages
English (en)
French (fr)
Japanese (ja)
Inventor
淳 巳之口
政宏 澤田
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
NTT Docomo Inc
Original Assignee
NTT Docomo Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by NTT Docomo Inc filed Critical NTT Docomo Inc
Priority to CN202380095740.5A priority Critical patent/CN120814265A/zh
Priority to JP2025507942A priority patent/JPWO2024194968A1/ja
Priority to PCT/JP2023/010769 priority patent/WO2024194968A1/ja
Priority to EP23928551.3A priority patent/EP4683367A1/en
Publication of WO2024194968A1 publication Critical patent/WO2024194968A1/ja
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0431Key distribution or pre-distribution; Key agreement
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity
    • H04W12/106Packet or message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/30Security of mobile devices; Security of mobile applications
    • H04W12/35Protecting application or service provisioning, e.g. securing SIM application provisioning

Definitions

  • the present invention relates to a terminal, a network node device, and a communication method in a wireless communication system.
  • 5G Fifth Generation Partnership Project
  • 5G New Radio
  • 5G various wireless technologies are being considered to meet the requirements of achieving a throughput of 10 Gbps or more while keeping latency in wireless sections to 1 ms or less.
  • NR has introduced a network architecture including 5GC (5G Core Network), which corresponds to EPC (Evolved Packet Core), the core network in the network architecture of LTE (Long Term Evolution), and NG-RAN (Next Generation-Radio Access Network), which corresponds to E-UTRAN (Evolved Universal Terrestrial Radio Access Network), the RAN (Radio Access Network) in the network architecture of LTE (for example, non-patent document 1).
  • 5GC 5G Core Network
  • EPC Evolved Packet Core
  • LTE Long Term Evolution
  • NG-RAN Next Generation-Radio Access Network
  • E-UTRAN Evolved Universal Terrestrial Radio Access Network
  • RAN Radio Access Network
  • HPLMN Home Public Land Mobile Network
  • VPLMN Visited PLMN
  • the present invention has been made in consideration of the above points, and aims to provide technology that enables a terminal to communicate securely when roaming, even if the HPLMN does not trust the VPLMN.
  • a receiving unit receives a terminal security capability and a key from a first network node device that handles authentication control or service provision control;
  • a control unit that selects a security algorithm to be used for secure communication between the terminal and the second network node device and derives a confidentiality key and an integrity protection key;
  • a transmitter configured to transmit the security algorithm, the confidentiality key, and the integrity protection key to the second network node device, and to transmit the security algorithm to the terminal.
  • the disclosed technology provides a technology that allows a terminal to communicate securely when roaming, even if the HPLMN does not trust the VPLMN.
  • FIG. 1 is a diagram illustrating an example of a communication system.
  • FIG. 1 is a diagram for explaining an example of a communication system in a roaming environment.
  • FIG. 1 is a diagram illustrating an example of a communication system.
  • FIG. 2 is a diagram illustrating an example of a U-plane protocol stack.
  • FIG. 1 is a diagram showing an image of communication between a terminal 20 and an hUPF 90 using UPFSP.
  • FIG. 11 is a diagram for explaining an initial registration procedure during roaming.
  • FIG. 11 is a diagram for explaining an initial registration procedure during roaming.
  • FIG. 11 is a diagram for explaining an initial registration procedure during roaming.
  • FIG. 11 is a diagram for explaining an initial registration procedure during roaming.
  • FIG. 11 is a diagram for explaining an initial registration procedure during roaming.
  • FIG. 11 is a diagram for explaining an initial registration procedure during roaming.
  • FIG. 11 is a diagram for explaining an initial registration procedure during roaming.
  • FIG. 11 is a diagram for explaining an initial registration procedure during roaming.
  • FIG. 11 is a diagram for explaining an initial registration procedure during roaming.
  • FIG. 11 is a diagram for explaining a mobility registration procedure during roaming.
  • FIG. 11 is a diagram for explaining a mobility registration procedure during roaming.
  • FIG. 11 is a diagram for explaining a mobility registration procedure during roaming.
  • FIG. 11 is a diagram for explaining a procedure for requesting a terminal activation service during roaming.
  • FIG. 11 is a diagram for explaining a procedure for requesting a terminal activation service during roaming.
  • FIG. 11 is a diagram for explaining a procedure for requesting a terminal activation service during roaming.
  • a diagram to explain the case of NEF-based non-IP data transmission A diagram to explain NEF-based non-IP data transmission (terminal originated).
  • FIG. 13 is a diagram for explaining NEF-based non-IP data transmission (terminal termination).
  • FIG. 2 is a diagram illustrating an example of a functional configuration of a network node device 5 according to an embodiment of the present invention.
  • FIG. 2 is a diagram illustrating an example of a functional configuration of a terminal 20 according to an embodiment of the present invention.
  • FIG. 2 is a diagram illustrating an example of a hardware configuration of an apparatus according to an embodiment of the present invention.
  • 1 is a diagram showing an example of a configuration of a vehicle according to an embodiment of the present invention.
  • existing technologies are used as appropriate.
  • the existing technologies are, for example, existing LTE or existing NR (5G), but are not limited to existing LTE or existing NR.
  • a network node device name includes “h” or “H” representing HPLMN, or “v” or “V” representing VPLMN
  • a network node device name with this character (“h”, “H”, “v”, or “V") deleted may be used in place of the network node device name.
  • a network node device name with this character (“h”, “H”, "v”, or “V") replaced with another character may be used in place of the network node device name.
  • Fig. 1 is a diagram for explaining an example of a communication system.
  • the communication system is composed of a UE, which is a terminal 20, and multiple network node devices.
  • a UE which is a terminal 20
  • multiple network node devices it is assumed that one network node device corresponds to each function, but multiple functions may be realized by one network node device, or multiple network node devices may realize one function.
  • the "connection" described below may be a logical connection or a physical connection.
  • the RAN Radio Access Network
  • the RAN is a network node device having a radio access function, which may include a base station, and is connected to a UE, an AMF (Access and Mobility Management Function), and a UPF (User plane function).
  • the AMF is a network node device having functions such as RAN interface termination, NAS (Non-Access Stratum) termination, registration management, connection management, reachability management, and mobility management.
  • the UPF is a network node device having functions such as a PDU (Protocol Data Unit) session point to the outside that interconnects with a DN (Data Network), packet routing and forwarding, and user plane QoS (Quality of Service) handling.
  • the UPF and DN constitute a network slice. In the wireless communication network in an embodiment of the present invention, multiple network slices are constructed.
  • the AMF is connected to the UE, RAN, SMF (Session Management function), NSSF (Network Slice Selection Function), NEF (Network Exposure Function), NRF (Network Repository Function), UDM (Unified Data Management), UDR (Unified Data Repository), AUSF (Authentication Server Function), PCF (Policy Control Function), and AF (Application Function).
  • the AMF, SMF, NSSF, NEF, NRF, UDM, UDR, AUSF, PCF, and AF are network node devices that are interconnected via interfaces based on their respective services: Namf, Nsmf, Nnssf, Nnef, Nnrf, Nudm, Nudr, Nausf, Npcf, and Naf.
  • the SMF is a network node device having functions such as session management, IP (Internet Protocol) address allocation and management for UEs, DHCP (Dynamic Host Configuration Protocol) function, ARP (Address Resolution Protocol) proxy, and roaming function.
  • the NEF is a network node device having a function of notifying other NFs (Network Functions) of capabilities and events.
  • the NSSF is a network node device having functions such as selecting the network slice to which the UE connects, determining the allowed NSSAI (Network Slice Selection Assistance Information), determining the NSSAI to be set, and determining the AMF set to which the UE connects.
  • the PCF is a network node device having a function of controlling network policies.
  • the AF is a network node device having a function of controlling application servers.
  • the NRF is a network node device having a function of discovering NF instances that provide services.
  • the UDM is a network node device that manages subscriber data, authentication data, etc. The UDM also stores (manages) dynamic information according to the connection status of the terminal 20, etc.
  • the UDM is connected to a UDR (User Data Repository) that holds data.
  • FIG. 2 is a diagram for explaining an example of a communication system in a roaming environment. Note that FIG. 2 shows an example of a configuration in a conventional roaming environment. As shown in FIG. 2, the network is composed of a UE, which is a terminal 20, and multiple network node devices.
  • the RAN is a network node device with radio access functions, and is connected to the UE, AMF, and UPF.
  • the AMF is a network node device with functions such as RAN interface termination, NAS termination, registration management, connection management, reachability management, and mobility management.
  • the UPF is a network node device with functions such as a PDU session point to the outside that interconnects with the DN, packet routing and forwarding, and user plane QoS handling.
  • the UPF and DN constitute a network slice. In the wireless communication network in the embodiment of the present invention, multiple network slices are constructed.
  • the AMF is connected to the UE, RAN, SMF, NSSF, NEF, NRF, UDM, AUSF, PCF, AF, and SEPP (Security Edge Protection Proxy).
  • the AMF, SMF, NSSF, NEF, NRF, UDM, AUSF, PCF, and AF are network node devices that are interconnected via interfaces based on their respective services: Namf, Nsmf, Nnssf, Nnef, Nnrf, Nudm, Nausf, Npcf, and Naf.
  • the SMF is a network node device having functions such as session management, UE IP address allocation and management, DHCP function, ARP proxy, and roaming function.
  • the NEF is a network node device having a function of notifying other NFs of capabilities and events.
  • the NSSF is a network node device having functions such as selecting a network slice to which a UE connects, determining an allowed NSSAI, determining an NSSAI to be set, and determining an AMF set to which a UE connects.
  • the PCF is a network node device having a function of performing network policy control.
  • the AF is a network node device having a function of controlling application servers.
  • the NRF is a network node device having a function of discovering NF instances that provide services.
  • the SEPP is a non-transparent proxy that filters control plane messages between PLMNs (Public Land Mobile Networks).
  • the vSEPP shown in Figure 2 is a SEPP in the visited network
  • the UE is in a roaming environment connected to the RAN and AMF in the VPLMN (Visited PLMN).
  • the VPLMN and the HPLMN (Home PLMN) are connected via vSEPP and hSEPP.
  • the UE can communicate with the UDM of the HPLMN, for example, via the AMF of the VPLMN.
  • the first and second embodiments are described below.
  • the second embodiment is based on the first embodiment, with some of the configuration and operation of the first embodiment modified.
  • the technology according to the second embodiment may be implemented independently of the first embodiment.
  • a terminal 20 subscribes to a home operator (HPLMN: Home Public Land Mobile Network), the operator in which the terminal roams is present at the destination is called a Visited PLMN (VPLMN).
  • HPLMN Home Public Land Mobile Network
  • VPLMN Visited PLMN
  • the architecture of mobile communication systems prior to 5GS was based on the assumption that threats (such as eavesdropping and spoofing) were outside the PLMN's cooperation, i.e., that "the HPLMN trusts the VPLMN.”
  • the VPLMN AMF obtains the SUPI (Subscription Permanent Identifier) of the terminal 20 from the HPLMN AUSF, and also obtains the subscriber information of the terminal 20 from the HPLMN UDM. Since NAS security terminates at the VPLMN AMF, the VPLMN AMF can see all messages between the terminal 20 and the HPLMN NF.
  • SUPI Subscribescription Permanent Identifier
  • a situation is assumed in which the terminal 20 roams to a certain PLMN (VPLMN).
  • PLMN PLMN
  • An example of a system configuration (a group of devices included in the system) in this situation is shown in Fig. 3.
  • Fig. 3 is common to the first and second embodiments.
  • the VPLMN includes the terminal 20, RAN 10, vAMF 30, vSMF 40, vUPF 50, and vUDM 60, while the HPLMN includes the hAMF 70, hSMF 80, hUPF 90, AUSF 100, hUDM 110, and NEF 120.
  • the operation of each device will be explained in the sequence described below.
  • a mechanism is introduced that enables messages related to authentication or service provision to be kept confidential and integrity protected between the terminal 20 and the HPLMN, and that processes in the VPLMN anonymously. Specifically, the following mechanisms are introduced for (1) AMF and (2) SMF.
  • AMF The AMF is divided into a vAMF 30 located in the VPLMN and a hAMF located in the HPLMN.
  • the vAMF 30 has the following functions.
  • the VPLMN NF receives a message sent to the HPLMN NF and forwards it to the hAMF70.
  • Process 2 Receives a message from the hAMF70 that the HPLMN NF sends to the VPLMN NF, and delivers it to the VPLMN NF.
  • (1-2) hAMF70 hAMF70 has the following functions.
  • SEAF Security Anchor Function
  • hAMF70 In addition to hAMF70 controlling service provision, hAMF70 also relays messages related to control performed by SMF or SMSF (Short Message Service Function) (in the HPLMN).
  • SMF Short Message Service Function
  • the HPLMN NF receives a message sent to the VPLMN NF and forwards it to the vAMF30.
  • Process 2 Receive a message from vAMF30 that the VPLMN NF sends to the HPLMN NF, and deliver it to the HPLMN NF.
  • vSMF40 has the following functions.
  • the vUPF50 is instructed to set up a data relay path for the PDU session. Note that in the conventional technology, the vSMF40 instructs the hSMF80 instead.
  • Processing is performed on anonymous processing targets. In other words, processing is performed without knowing the SUPI of the processing target. Note that in conventional technology, the vSMF 40 knows the SUPI.
  • hSMF80 hSMF80 has the following functions:
  • the terminal 20 and hUPF 90 each have a new UPFSP (UPF security protocol layer) on top of SDAP (Service Data Adaptation Protocol) in the U-plane protocol stack.
  • UPFSP UPF security protocol layer
  • SDAP Service Data Adaptation Protocol
  • UPFSP integrity protects and encrypts each packet of the QoS flow, except for the 5 tuple, and passes it to SDAP.
  • the 5 tuple consists of source and destination IP addresses, transport protocol type, and source and destination port numbers.
  • UPFSP decrypts the packets received from SDAP, verifies their integrity, and returns them to the QoS flow.
  • Figure 4 shows an example of the U-plane protocol stack of the terminal 20 and the hUPF 90. Note that in the hUPF 90, the protocol layer below the UPFSP does not have to be SDAP.
  • Figure 5 shows an image of confidential and integrity-protected communication using the UPFSP between the terminal 20 and the hUPF 90.
  • the key operations are the following operations 1 to 3.
  • hNAS authentication control or service provision control
  • vNAS mobility control or connection control
  • vNAS mobility control or connection control
  • the vAMF 30 is in the VPLMN, and the vAMF 30 is in the HPLMN.
  • ngKSI key set identifier
  • the hSMF 80 is in the HPLMN
  • the vSMF 40 is in the VPLMN.
  • ⁇ Terminal 20> Regarding the terminal-UPF inter-terminal confidentiality and integrity protection, the key operations of the terminal 20 are the operations described above as the "U-plane viewpoint".
  • step numbers of the subsequent procedures are numbered starting from S1 (step 1) for each set of procedures. For example, the initial registration procedure when roaming starts from S1 and is completed at S59, and then the mobile registration procedure when roaming starts from S1.
  • the terminal 20 decides to send a registration request to the vAMF 30 (TS 23.502, 4.2.2.2.2, step 1) using the initial NAS message protection mechanism (TS 33.501, 6.4.6, step 1).
  • the registration request message is in plain text and contains only the Subscription Concealed Identifier (SUCI), terminal security capabilities, and the Key Set Identifier (ngKSI) in 5G.
  • SUCI Subscription Concealed Identifier
  • ngKSI Key Set Identifier
  • This registration request message will be referred to as the "registration request (initial NAS part)."
  • the terminal 20 transmits an RRC Setup Request (TS 38.331, 5.3.3.1) to the RAN 10.
  • the RAN 10 transmits an RRC Setup to the terminal 20 (TS 38.331, 5.3.3.1).
  • the terminal 20 sends an RRCSetupComplete to the RAN 10 (TS 38.331, 5.3.3.1).
  • the RRCSetupComplete message includes a registration request (initial NAS part).
  • RAN 10 sends an NGAP initial UE message to vAMF 30 (TS 38.413, 8.6.1.2).
  • the NGAP initial UE message includes a registration request (initial NAS part).
  • the vAMF 30 assigns a "vAMF to hAMF UE ID" to the hAMF 70.
  • the ID is an ID assigned by the vAMF 30, and is an ID for the vAMF 30 to identify the terminal 20 in the hAMF 70 via a Service Based Interface (SBI).
  • SBI Service Based Interface
  • the vAMF 30 sends Nhamf_Communication_CreateUEContext to the hAMF 70.
  • the message includes a registration request (initial NAS part) and "vAMF to hAMF UE ID".
  • "Nhamf” is written instead of "Namf” in order to distinguish between the vAMF 30 and the hAMF 70.
  • the hAMF 70 assigns a 5G Global Unique Temporary Identifier (5G-GUTI) to the terminal 20.
  • the hAMF 70 generates terminal context for the 5G-GUTI and the SUCI.
  • the hAMF/SEAF 70 sends a Nausf_UEAuthentication_Authenticate request to the AUSF 100 (TS 33.501, 6.1.2, step 2).
  • AUSF100 sends a Nudm_UEAuthentication_Get request to hUDM110 (TS 33.501, 6.1.2, step 3).
  • hUDM110 sends a Nudm_UEAuthentication_Get response to AUSF100 (TS 33.501, 6.1.3.2.0, step 2).
  • the AUSF 100 sends a Nausf_UEAuthentication_Authenticate response to the hAMF/SEAF 70 (TS 33.501, 6.1.3.2.0, step 5).
  • the hAMF 70 assigns "hAMF to vAMF UE ID" to the vAMF 30. This ID is an ID assigned by the hAMF 70, and is an ID for the hAMF 70 to identify the terminal 20 in the vAMF 30 via the SBI. In S17, the hAMF 70 assigns an arbitrary value to the ngKSI.
  • the hAMF/SEAF 70 sends Nvamf_Communication_HtoV_HN1_MessageTransfer to the vAMF 30 (TS 33.501, 6.1.3.2.0, step 6).
  • the Nvamf_Communication_HtoV_HN1_MessageTransfer contains an hNAS container, "vAMF to hAMF UE ID", and "hAMF to vAMF UE ID”.
  • the hNAS container contains an authentication request.
  • the authentication request contains an ngKSI.
  • the vAMF 30 sends an NGAP DL NAS transport message to the RAN 10.
  • the message includes a vNAS DL NAS transport IE.
  • the IE also includes an hNAS container.
  • RAN 10 sends a DL information transfer message to terminal 20.
  • the message includes a vNAS DL NAS transport IE.
  • the terminal 20 sends a UL information transfer message to the RAN 10.
  • the message includes a vNAS UL NAS transport IE.
  • the IE includes an hNAS container.
  • the hNAS container also includes an authentication response (TS 33.501, 6.1.3.2.0, step 8).
  • RAN 10 sends an NGAP UL NAS Transport to vAMF 30.
  • the message includes a vNAS UL NAS Transport IE.
  • the vAMF 30 sends a Nhamf_Communication_VtoH_HN1_MessageTransfer to the hAMF/SEAF 70 (TS 33.501, 6.1.3.2.0, step 8).
  • the message includes an hNAS container.
  • the hAMF/SEAF70 sends a Nausf_UEAuthentication_Authenticate request to the AUSF100 (TS 33.501, 6.1.3.2.0, step 10).
  • the AUSF 10 sends a Nausf_UEAuthentication_Authenticate response to the hAMF/SEAF 70 (TS 33.501, 6.1.3.2.0, step 12).
  • the message includes SUPI and K SEAF .
  • the hAMF/SEAF 70 binds the terminal context that has been generated earlier for the 5G-GUTI and SUCI to the SUPI of the terminal 20.
  • the terminal context also includes the K -SEAF .
  • the hAMF/SEAF 70 derives the K hAMF from the K SEAF .
  • the hAMF/SEAF 70 erases the K SEAF .
  • the K hAMF may be the K AMF of the existing specification.
  • the hAMF/SEAF 70 derives the K vAMF from the K hAMF .
  • the hAMF/SEAF 70 sends an Nvamf_Communication_CreateVUEContext request to the vAMF 30.
  • the message includes K vAMF , terminal security capabilities, and ngKSI.
  • the vAMF 30 generates K gNB from K vAMF .
  • the vAMF 30 assigns a 5G-VGUTI to the terminal 30.
  • the 5G-VGUTI is a globally unique temporary terminal identifier assigned by the vAMF 30.
  • the vAMF 30 creates a VPLMN terminal context for the 5G-VGUTI.
  • the vAMF 30 holds the 5G-VGUTI, K vAMF , K gNB , terminal security capability, and ngKSI in the VPLMN terminal context.
  • the vAMF 30 sends an NGAP Initial Context Setup request (TS 38.413, 9.2.2.1) to the RAN 10.
  • the message includes K gNB and terminal security capabilities.
  • RAN 10 assigns a C-RNTI to terminal 20.
  • RAN 10 creates a terminal context for the C-RNTI.
  • AS security setting part S37 to S39
  • the AS security setting portion will be described in steps S37 to S39.
  • the RAN 10 sends an AS security mode command (TS 33.501, 6.7.4, step 1b) to the terminal 20.
  • the message includes the selected AS security algorithm.
  • the terminal 20 sends an AS security mode completion signal to the RAN 10 (TS 33.501, 6.7.4, step 2b).
  • the RAN 10 sends an NGAP Initial Context Setup response (TS 38.413, 9.2.2.2) to the vAMF 30.
  • the vAMF 30 sends an NGAP DL NAS transport to the RAN 10.
  • the message includes a vNAS security mode command (TS 33.501, 6.7.2, step 1b).
  • the command includes the terminal security capability and the selected vNAS security algorithm.
  • the RAN 10 sends a DL information transfer message to the terminal 20.
  • the message includes a vNAS security mode command (TS 33.501, 6.7.2, step 1b).
  • the terminal 20 transmits a UL information transfer to the RAN 10.
  • the message includes a vNAS security mode completion (TS 33.501, 6.7.2, step 2b).
  • the RAN 10 sends an NGAP UL NAS transport to the vAMF 30.
  • the message includes vNAS security mode complete (TS 33.501, 6.7.2, step 2b).
  • the vAMF 30 sends Nhamf_Communication_UpdateUEContext to the hAMF/SEAF 70.
  • the message includes an AS/vNAS security completion notification IE. Note that the IE is set so that the AS/vNAS security procedure and the hNAS security procedure do not occur simultaneously.
  • the hAMF/SEAF 70 sends an Nvamf_Communication_HtoV_HN1_MessageTransfer to the vAMF 30.
  • the message includes an hNAS container.
  • the hNAS container includes an hNAS security mode command (TS 33.501, 6.7.2, step 1b).
  • the command includes the terminal security capability and the selected hNAS security algorithm.
  • the vAMF 30 sends an NGAP DL NAS Transport message to the RAN 10.
  • the message includes a vNAS DL NAS Transport IE.
  • the IE includes an hNAS Container.
  • RAN 10 sends a DL information transfer message to terminal 20.
  • the message includes a vNAS DL NAS transport IE.
  • the terminal 20 sends a UL information transfer message to the RAN 10.
  • the message includes a vNAS UL NAS transport IE.
  • the IE includes an hNAS container.
  • the hNAS container includes an hNAS security mode complete message (TS 33.501, 6.7.2, step 2b).
  • the RAN 10 sends an NGAP UL NAS Transport message to the vAMF 30.
  • the message includes a vNAS UL NAS Transport IE.
  • the vAMF 30 sends Nhamf_Communication_VtoH_HN1_MessageTransfer to the hAMF/SEAF 70.
  • the message includes an hNAS container (TS 33.501, 6.7.2, step 2b).
  • the vAMF 30 (after completion of AS/vNAS security) sends Nvudm_UECM_Registration to the vUDM 60 (TS 23.502, 4.2.2.2.2, step 14a).
  • the message includes a terminal identifier
  • the message includes 5G-VGUTI as the terminal identifier.
  • the hAMF 70 (after completion of hNAS security) transmits Nhudm_UECM_Registration to the hUDM 110 (TS 23.502, 4.2.2.2.2, step 14a). If the message includes a terminal identifier, the message includes SUPI as the terminal identifier.
  • hAMF70 sends an Nhudm_SDM_Get request to hUDM110 (TS 23.502, 4.2.2.2.2, step 14a).
  • hUDM110 sends an Nhudm_SDM_Get response to hAMF70 (TS 23.502, 4.2.2.2.2, step 14a).
  • the message includes subscriber information.
  • the hAMF 70 generates a registration response (hNAS part) and encrypts and integrity protects it by hNAS security.
  • the registration response (hNAS part) includes 5G-GUTI and, in addition, content related to service provision such as an authorized NSSAI.
  • the hAMF 70 sends an Nvamf_Communication_HtoV_HN1_MessageTransfer to the vAMF 30.
  • the message includes an hNAS container.
  • the hNAS container includes a registration response (hNAS part).
  • the registration response (vNAS part) includes the 5G-VGUTI and, in addition, contents related to connection control such as a TAI list.
  • the vAMF 30 sends an NGAP DL NAS transport to the RAN 10.
  • the message includes a registration response.
  • the vAMF 30 encrypts and integrity protects the registration response.
  • the registration response includes a registration response (vNAS part) and an hNAS container.
  • RAN 10 sends a DL information transfer message to terminal 20.
  • the message includes a registration response.
  • the terminal 20 decides to send a registration request to the vAMF 30 (TS 23.502, 4.2.2.2.2, step 1) using the initial NAS message protection mechanism (TS 33.501, 6.4.6, step 1).
  • the registration request message is in plain text and contains only 5G-VGUTI, terminal security capability, and ngKSI.
  • this registration request message will be referred to as the "registration request (initial NAS part).”
  • the ngKSI value in this case is the value that hAMF70 previously assigned and vAMF30 stored in the VPLMN terminal context.
  • the terminal 20 transmits an RRC Setup Request to the RAN 10 (TS 38.331, 5.3.3.1).
  • the RAN 10 transmits an RRC Setup to the terminal 20 (TS 38.331, 5.3.3.1).
  • the terminal 20 sends an RRCSetupComplete message to the RAN 10 (TS 38.331, 5.3.3.1).
  • the message includes a registration request (initial NAS part).
  • S6> the RAN 10 selects the vAMF 30 based on the value of the 5G-VGUTI and sends an NGAP initial UE message (TS 38.413, 8.6.1.2) to the vAMF 30.
  • the message includes a registration request (initial NAS part).
  • vAMF30 determines that an authentication procedure is not necessary because the ngKSI value in the registration request (initial NAS part) matches the ngKSI value in the VPLMN terminal context of 5G-VGUTI.
  • the vAMF 30 sends an NGAP Initial Context Setup request (TS 38.413, 9.2.2.1) to the RAN 10.
  • the message includes K gNB and terminal security capabilities.
  • the RAN 10 assigns a C-RNTI to the terminal 20.
  • the RAN 10 creates a terminal context for the C-RNTI.
  • AS security setting part S10 to S12
  • the AS security setting portion will be described in steps S10 to S12.
  • the RAN 10 sends an AS security mode command (TS 33.501, 6.7.4, step 1b) to the terminal 20.
  • the message includes the selected AS security algorithm.
  • the terminal 20 sends an AS security mode completion signal to the RAN 10 (TS 33.501, 6.7.4, step 2b).
  • the RAN 10 sends an NGAP Initial Context Setup response (TS 38.413, 9.2.2.2) to the vAMF 30.
  • vNAS security setting part S13 to S16
  • the vNAS security setting portion will be explained in S13 to S16.
  • the vAMF 30 sends an NGAP DL NAS transport to the RAN 10.
  • the message includes a vNAS security mode command (TS 33.501, 6.7.2, step 1b).
  • the command includes the terminal security capability and the selected vNAS security algorithm.
  • the RAN 10 sends a DL information transfer message to the terminal 20.
  • the message includes a vNAS security mode command (TS 33.501, 6.7.2, step 1b).
  • ⁇ S15, S16> the terminal 20 sends a UL information transfer message to the RAN 10.
  • the message includes vNAS security mode complete (TS 33.501, 6.7.2, step 2b).
  • the RAN 10 sends an NGAP UL NAS transport to the vAMF 30.
  • the message includes vNAS security mode complete (TS 33.501, 6.7.2, step 2b).
  • the registration response (vNAS part) includes the 5G-VGUTI and, in addition, contents related to connection control such as a TAI list.
  • the vAMF 30 sends an NGAP DL NAS transport to the RAN 10.
  • the message includes a registration response.
  • the vAMF 30 also encrypts and integrity protects the registration response.
  • the registration response includes the registration response (vNAS part).
  • RAN 10 sends a DL information transfer message to terminal 20.
  • the message includes a registration response.
  • the terminal 20 generates a PDU session establishment request.
  • the message includes a PDU session ID (assigned by the terminal 20).
  • the terminal 20 encrypts and integrity protects the PDU session establishment request using hNAS security.
  • the terminal 20 sends a UL information transfer message to the RAN 10.
  • the message includes a vNAS UL NAS Transport IE.
  • the vNAS UL NAS Transport IE includes an hNAS container.
  • the hNAS container includes a PDU session establishment request (TS 23.502, 4.3.2.2.1, step 1).
  • the vNAS UL NAS Transport IE also includes a PDU session ID.
  • the RAN 10 sends an NGAP UL NAS Transport message to the vAMF 30.
  • the message includes a vNAS UL NAS Transport IE.
  • vAMF30 stores the PDU session ID in the VPLMN terminal context of 5G-VGUTI.
  • the vAMF 30 sends Nhamf_Communication_VtoH_HN1_MessageTransfer to the hAMF 70.
  • the message includes the hNAS container and the PDU session ID.
  • the hAMF 70 stores the PDU session ID in the terminal context of SUPI and 5G-GUTI.
  • the hAMF 70 decrypts and checks the integrity of the hNAS container.
  • the hAMF 70 derives K hSMF from K hAMF .
  • the hAMF 70 sends a Nhsmf_PDUSession_CreateSMContext request to the hSMF 80.
  • the message includes a PDU session establishment request, hSMF security information, SUPI, and PDU session ID.
  • the hSMF security information includes terminal security capability and K hSMF .
  • the hSMF 80 uses SUPI to send a Nudm_SDM_Get request to the hUDM 110.
  • the hUDM 110 sends a Nhudm_SDM_Get response to the hSMF 80.
  • the message includes session management subscriber information.
  • the hSMF 80 derives K hUPenc and K hUPint from K hSMF .
  • K hUPenc is a confidentiality key
  • K hUPint is an integrity protection key.
  • the hSMF 80 transmits a PFCP session establishment request to the hUPF 90.
  • the message includes UPF security information.
  • the UPF security information includes a selected UPF security algorithm, K hUPenc , and K hUPint .
  • the hUPF 90 transmits a PFCP session establishment response to the hSMF 80.
  • the message includes an inter-SMF container.
  • the inter-SMF container includes a PDU session VSM context creation request IE.
  • the IE includes content equivalent to the PDU session resource establishment request transmission IE (TS 38.413, 9.3.4.1) (which the SMF sends to the RAN in existing specifications).
  • the PDU session VSM context creation request IE also includes a PDU session ID.
  • the Nhamf_Communication_HnMessageTransfer also includes an hNAS container.
  • the hNAS container includes a PDU session establishment authorization (TS 24.501, 8.3.2) and a UPF security mode indication.
  • the UPF security mode indication includes the selected UPF security algorithm.
  • the Nhamf_Communication_HnMessageTransfer includes a PDU session ID.
  • the hAMF 70 sends Nvamf_Communication_HtoV_HN1_MessageTransfer to the vAMF 30.
  • the message includes an inter-SMF container, an hNAS container, and a PDU session ID.
  • the vAMF 30 sends an Nvamf_Communication_HnMessageNotify to the vSMF 40.
  • the message includes an inter-SMF container, an hNAS container, a 5G-VGUTI, and a PDU session ID.
  • the vSMF40 sends a PFCP session establishment request to the vUPF50.
  • the vUPF50 sends a PFCP session establishment response to the vSMF40.
  • the vSMF 40 sends an Nvamf_Communication_N1N2MessageTransfer to the vAMF 30.
  • the message includes a PDU session resource establishment request transmission IE (TS 38.413, 9.3.4.1), an hNAS container, and a PDU session ID.
  • the vAMF 30 sends a PDU session resource establishment request (TS 38.413, 9.2.1.1) to the RAN 10.
  • the message includes a PDU session resource establishment request transmission IE (TS 38.413, 9.3.4.1) and a vNAS DL NAS transport IE.
  • the vNAS DL NAS transport IE also includes an hNAS container.
  • the RAN 10 transmits an RRC reconfiguration message (TS 38.331, 5.3.5.1) to the terminal 20.
  • the message includes a vNAS DL NAS transport IE.
  • the terminal 20 sends an RRC reconfiguration complete to the RAN 10 (TS 38.331, 5.3.5.1).
  • the message includes a vNAS UL NAS transport IE.
  • the IE includes an hNAS container.
  • the hNAS container includes a UPF security mode complete.
  • the RRC reconfiguration complete also includes a PDU session ID.
  • the RAN 10 sends a PDU Session Resource Establishment Response (TS 38.413, 9.2.1.3) to the vAMF 30.
  • the message includes a PDU Session Resource Establishment Response Transport IE (TS 38.413, 9.3.4.2) and a vNAS UL NAS Transport IE.
  • the vAMF 30 sends an Nvsmf_PDUSession_UpdateVSMContext request to the vSMF 40.
  • the message includes a PDU session resource establishment response transmission IE (TS 38.413, 9.3.4.2), an hNAS container, and a PDU session ID.
  • the vSMF 40 sends an Nvamf_Communication_VnMessageTransfer to the vAMF 30.
  • the message includes an inter-SMF container.
  • the inter-SMF container includes a Create PDU Session VSM Context Response IE.
  • the Create PDU Session VSM Context Response IE includes the content equivalent to the PDU Session Resource Establishment Response Transmission IE (TS 38.413, 9.3.4.2).
  • the Create PDU Session VSM Context Response IE also includes a PDU Session ID.
  • the Nvamf_Communication_VnMessageTransfer also includes an hNAS container.
  • the Nvamf_Communication_VnMessageTransfer includes a PDU session ID.
  • the vAMF 30 sends a Nhamf_Communication_VtoH_HN1_MessageTransfer to the hAMF 70.
  • the message includes an inter-SMF container, an hNAS container, and a PDU session ID.
  • hAMF70 sends an Nhsmf_PDUSession_UpdateSMContext request to hSMF80.
  • the message includes the inter-SMF container, the hNAS container, and the PDU session ID.
  • the hSMF80 sends a PFCP session change request to the hUPF90.
  • the hUPF90 sends a PFCP session change response to the hSMF80.
  • ⁇ Nhamf_Communication_VtoH_HN1_MessageTransfer This message is originated at vAMF 30 and destined for hAMF 70, and conveys a signal originating from a VPLMN NF and arriving at a HPLMN NF, or a signaling of an hNAS.
  • ⁇ Nvamf_Communication_HtoV_HN1_MessageTransfer This message is originated at hAMF 70 and destined for vAMF 30, and conveys a signal originating from an HPLMN NF and arriving at a VPLMN NF, or a signaling of hNAS.
  • ⁇ Nhamf_Communication_VnMessageNotify This message originates at hAMF 70, is destined for the HPLMN NF, and carries a signal from the VPLMN NF.
  • ⁇ Nvamf_Communication_HnMessageNotify This message originates in the vAMF 30, is destined for the VPLMN NF, and carries a signal coming from the HPLMN NF.
  • ⁇ Nhamf_Communication_HnMessageTransfer This message is originated in the HPLMN NF and destined for the hAMF, and conveys a signal originating from the HPLMN NF and destined for the VPLMN NF.
  • ⁇ Nvamf_Communication_VnMessageTransfer This message is a message conveying a signal originating from a VPLMN NF and destined for vAMF30 and originating from a VPLMN NF and destined for a HPLMN NF.
  • the terminal 20 decides to send a service request to the vAMF 30 (TS 23.502, 4.2.3.2, step 1) using the initial NAS message protection mechanism (TS 33.501, 6.4.6, step 1).
  • the service request message is in plain text and contains only 5G-VS-TMSI and ngKSI.
  • this message will be referred to as the "service request (initial NAS part)".
  • the value of the ngKSI in this case is the value previously assigned by the hAMF 70 and stored by the vAMF 30 in the VPLMN terminal context.
  • the 5G-VS-TMSI is derived from the 5G-VGUTI just as the 5G-S-TMSI (5G S-Temporary Mobile Subscriber Identity) is derived from the 5G-GUTI.
  • the terminal 20 transmits an RRCSetupRequest to the RAN 10 (TS 38.331, 5.3.3.1).
  • the RAN 10 transmits an RRCSetup to the terminal 20 (TS 38.331, 5.3.3.1).
  • the terminal 20 transmits an RRCSetupComplete to the RAN 10 (TS 38.331, 5.3.3.1).
  • the RRCSetupComplete message includes a service request (initial NAS part).
  • S6> the RAN 10 selects the vAMF 30 based on the value of the 5G-VS-TMSI and sends an NGAP initial UE message (TS 38.413, 8.6.1.2) to the vAMF 30.
  • the message includes a registration request (initial NAS part).
  • vAMF30 determines that an authentication procedure is not necessary because the ngKSI value in the service request (initial NAS part) matches the ngKSI value in the VPLMN terminal context of 5G-VGUTI corresponding to 5G-VS-TMSI.
  • the vAMF 30 sends an NGAP Initial Context Setup request (TS 38.413, 9.2.2.1) to the RAN 10.
  • the message includes K gNB and terminal security capabilities.
  • the RAN 10 assigns a C-RNTI to the terminal 20.
  • the RAN 10 creates a terminal context for the C-RNTI.
  • AS security setting part S10 to S12
  • the AS security setting portion will be described in steps S10 to S12.
  • the RAN 10 transmits an AS security mode command (TS 33.501, 6.7.4, step 1b) to the terminal 20.
  • the message includes a selected AS security algorithm.
  • the terminal 20 sends an AS security mode completion signal to the RAN 10 (TS 33.501, 6.7.4, step 2b).
  • the RAN 10 sends an NGAP Initial Context Setup response (TS 38.413, 9.2.2.2) to the vAMF 30.
  • vNAS security setting part S13 to S16
  • the vNAS security setting portion will be explained in S13 to S16.
  • the vAMF 30 sends an NGAP DL NAS transport to the RAN 10.
  • the message includes a vNAS security mode command (TS 33.501, 6.7.2, step 1b).
  • the command includes the terminal security capability and the selected vNAS security algorithm.
  • the RAN 10 sends a DL information transfer message to the terminal 20.
  • the message includes a vNAS security mode command (TS 33.501, 6.7.2, step 1b).
  • the terminal 20 sends a UL information transfer to the RAN 10.
  • the message includes a vNAS security mode complete (TS 33.501, 6.7.2, step 2b).
  • the vNAS security mode complete includes all information of the service request, i.e., the service request (initial NAS part), the service request (vNAS part).
  • the RAN 10 sends an NGAP UL NAS transport to the vAMF 30.
  • the message includes vNAS security mode complete (TS 33.501, 6.7.2, step 2b).
  • the vAMF 30 transmits an Nvsmf_PDUSession_UpdateVSMContext request to the vSMF 40 (TS 23.502, 4.2.3.2, step 4).
  • the vSMF 40 sends a PFCP session change request to the vUPF 50.
  • the vUPF 50 sends a PFCP session change response to the vSMF 40.
  • the vSMF 40 sends an Nvsmf_PDUSession_UpdateVSMContext response to the vAMF 30 (TS 23.502, 4.2.3.2, step 11).
  • the message includes a PDU session resource establishment request transmission IE (TS 38.413, 9.3.4.1) and vNAS SM information.
  • the vNAS SM information includes a service authorization.
  • the vAMF 30 sends a PDU session resource establishment request (TS 38.413, 9.2.1.1) to the RAN 10 (TS 23.502, 4.2.3.2, step 12).
  • the message includes a PDU session resource establishment request transmission IE (TS 38.413, 9.3.4.1) and a vNAS DL NAS transport IE.
  • the vNAS DL NAS transport IE includes vNAS SM information.
  • the RAN 10 sends an RRC reconfiguration message to the terminal 20 (TS 38.331, 5.3.5.1).
  • the message includes the vNAS DL NAS transport IE.
  • the terminal 20 transmits an RRC reconfiguration completion to the RAN 10 (TS 38.331, 5.3.5.1).
  • the RAN 10 transmits a PDU session resource establishment response (TS 38.413, 9.2.1.3) to the vAMF 30 (TS 23.502, 4.2.3.2, step 14).
  • the message includes a PDU session resource establishment response transmission IE (TS 38.413, 9.3.4.2).
  • the vAMF 30 sends an Nvsmf_PDUSession_UpdateVSMContext request to the vSMF 40 (TS 23.502, 4.2.3.2, step 15).
  • the message includes a PDU session resource establishment response transmission IE (TS 38.413, 9.3.4.2).
  • the vSMF40 sends a PFCP session change request to the vUPF50.
  • the vUPF50 sends a PFCP session change response to the vSMF40.
  • the terminal 20 applies the UL transmission packet to a packet filter and determines the QoS flow through which the UL transmission packet will flow.
  • the terminal 20 passes the UL transmission packet to the UPFSP entity in the terminal.
  • the UPFSP entity in the terminal integrity protects and encrypts the UL transmission packet, except for the 5 tuples, and passes it to the SDAP entity in the terminal. Then, in S4, the terminal 20 transmits the UL packet.
  • the hUPF 90 receives the UL transmission packet, and the SDAP entity in the UPF passes the received packet to the UPFSP entity in the UPF.
  • the UPFSP entity in the UPF decrypts the packet, verifies its integrity, and returns it to the QoS flow. After that, the existing processing is carried out.
  • the hUPF 90 applies the DL transmission packet to a packet filter and determines the QoS flow through which the DL transmission packet will flow.
  • the hUPF90 passes the DL transmission packet to the UPFSP entity in the UPF.
  • the UPFSP entity in the UPF integrity protects and encrypts the UL transmission packet, except for the 5 tuples, and passes it to the SDAP entity in the UPF. Then, in S4, the hUPF90 transmits the DL packet.
  • the terminal 20 receives the DL transmission packet, and the SDAP entity in the terminal passes the received packet to the UPFSP entity in the terminal.
  • the UPFSP entity in the terminal decrypts the packet and verifies its integrity. After that, the existing processing is carried out.
  • the first embodiment described above allows the terminal 20 to communicate safely when roaming, even if the HPLMN does not trust the VPLMN.
  • the second embodiment will be described.
  • a secure roaming architecture was described under the assumption that the HPLMN does not trust the VPLMN. The following describes whether the roaming architecture in the first embodiment operates appropriately when applied to the above (i), (ii), and (iii).
  • the terminal 20 cannot decrypt the DL user small data.
  • the hUPF 90 cannot decrypt the UL user small data.
  • the hSMF 80 when establishing a PDU session, determines whether the PDU session is for "C-plane CIoT 5GS optimized UPF anchor data transmission" or "NEF-based non-IP data transmission" and notifies the terminal 20.
  • the terminal 20 faces the hUPF 90, and in the latter case, faces the hAMF 70 to conceal and protect the integrity of the user small data.
  • the terminal 20 receives an identifier included in the PDU session establishment acceptance message indicating whether the PDU session is for "C-plane CIoT 5GS optimized UPF anchor data transmission" or "NEF-based non-IP data transmission", and when subsequently transmitting and receiving user small data, in the former case, the terminal 20 protects the confidentiality and integrity of the user small data toward the hUPF90, and in the latter case, the terminal 20 protects the confidentiality and integrity of the user small data toward the hAMF70.
  • the communication partner of the confidentiality and integrity protected user small data in the terminal 20 is the hUPF9
  • the communication partner of the confidentiality and integrity protected user small data is the hAMF70.
  • the terminal 20 In S1 of Figure 25, the terminal 20 generates a PDU session establishment request.
  • the message includes a (terminal assigned) PDU session ID.
  • the terminal 20 In S2, the terminal 20 encrypts and integrity protects the PDU session establishment request with hNAS security.
  • the terminal 20 sends a UL information transfer message to the RAN 10.
  • the message includes a vNAS UL NAS Transport IE.
  • the vNAS UL NAS Transport IE includes an hNAS container.
  • the hNAS container includes a PDU session establishment request (TS 23.502, 4.3.2.2.1, step 1).
  • the vNAS UL NAS Transport IE also includes a PDU session ID.
  • the RAN 10 sends an NGAP UL NAS Transport message to the vAMF 30.
  • the message includes a vNAS UL NAS Transport IE.
  • vAMF30 stores the PDU session ID in the VPLMN terminal context of 5G-VGUTI.
  • the vAMF 30 sends Nhamf_Communication_VtoH_HN1_MessageTransfer to the hAMF 70.
  • the message includes the hNAS container and the PDU session ID.
  • the hAMF 70 stores the PDU session ID in the terminal context of SUPI and 5G-GUTI.
  • the hAMF 70 decrypts and checks the integrity of the hNAS container.
  • the hAMF 70 derives K hSMF from K hAMF .
  • the hAMF 70 sends an Nhsmf_PDUSession_CreateSMContext request to the hSMF 80.
  • the message includes a PDU session establishment request, hSMF security information, SUPI, PDU session ID, and C-plane IoT indication.
  • the hSMF security information includes terminal security capability and K hSMF .
  • the hSMF 80 uses SUPI to send a Nudm_SDM_Get request to the hUDM 110.
  • the hUDM 110 sends a Nhudm_SDM_Get response to the hSMF 80.
  • the message includes session management subscriber information.
  • the session management subscriber information may include a NEF identifier for the NIDD.
  • the hSMF80 takes into consideration the NEF identifier for the NIDD, etc., and decides whether to use C-plane CIoT 5GS optimized UPF anchor data transmission or NEF-based non-IP data transmission.
  • C-plane CIoT 5GS optimized UPF anchor data transmission (C-plane CIoT 5GS optimized UPF anchor data transmission) The operation when using C-plane CIoT 5GS optimized UPF anchor data transmission is as follows.
  • the hSMF 80 derives K hUPenc and K hUPint from K hSMF .
  • the hSMF 80 sends a PFCP session establishment request to the hUPF 90.
  • the message includes UPF security information.
  • the UPF security information includes a selected UPF security algorithm, K hUPenc and K hUPint .
  • the hUPF 90 sends a PFCP session establishment response to the hSMF 80.
  • the hSMF 80 sends a Nhamf_Communication_HnMessageTransfer to the hAMF 70.
  • the message includes an inter-SMF container.
  • the inter-SMF container includes a Create PDU Session VSM Context Request IE.
  • the PDU session VSM context creation request IE contains the contents equivalent to the PDU session resource establishment request transmission IE (TS 38.413, 9.3.4.1) (sent by the SMF to the RAN in the existing specifications).
  • the PDU session VSM context creation request IE also contains a PDU session ID.
  • the PDU session VSM context creation request IE also contains a C-plane CIoT indication (UPF anchor indication).
  • the Nhamf_Communication_HnMessageTransfer also includes an hNAS container.
  • the hNAS container includes a PDU session establishment authorization (TS 24.501, 8.3.2) and a UPF security mode indication.
  • the PDU session establishment authorization includes an indication of C-plane only (UPF anchor indication).
  • the UPF security mode indication includes the selected UPF security algorithm.
  • the Nhamf_Communication_HnMessageTransfer also includes a PDU session ID.
  • the hAMF 70 encrypts and integrity protects the hNAS container using hNAS security.
  • the hAMF 70 sends Nvamf_Communication_HtoV_HN1_MessageTransfer to the vAMF 30.
  • the message includes an inter-SMF container, an hNAS container, and a PDU session ID.
  • vAMF30 sends Nvamf_Communication_HnMessageNotify to vSMF40.
  • the message includes an inter-SMF container, an hNAS container, a 5G-VGUTI, and a PDU session ID.
  • the vSMF 40 transmits a PFCP session establishment request to the vUPF 50.
  • the vUPF 50 transmits a PFCP session establishment response to the vSMF 40.
  • the vSMF 40 sends an Nvamf_Communication_N1N2MessageTransfer to the vAMF 30.
  • the message includes the hNAS container and the PDU session ID.
  • the vAMF 30 sends an NGAP DL NAS Transport (TS 38.413, 9.2.5.2) to the RAN 10.
  • the message includes a vNAS DL NAS Transport IE.
  • the vNAS DL NAS Transport IE includes an hNAS container.
  • the RAN 10 sends an RRC reconfiguration message to the terminal 20 (TS 38.331, 5.3.5.1).
  • the message includes the vNAS DL NAS transport IE.
  • the terminal 20 transmits an RRC reconfiguration complete to the RAN 10 (TS 38.331, 5.3.5.1).
  • the message includes a vNAS UL NAS transport IE.
  • the vNAS UL NAS transport IE includes an hNAS container.
  • the hNAS container includes a UPF security mode complete.
  • the RRC reconfiguration complete message also includes a PDU session ID.
  • the RAN 10 sends an NGAP UL NAS Transport (TS 38.413, 9.2.5.3) message to the vAMF 30.
  • the message includes a vNAS UL NAS Transport IE.
  • the vAMF 30 sends an Nvsmf_PDUSession_UpdateVSMContext request to the vSMF 40.
  • the message includes the hNAS container and the PDU session ID.
  • the vSMF 40 sends an Nvamf_Communication_VnMessageTransfer to the vAMF 30.
  • the message includes an inter-SMF container.
  • the inter-SMF container includes a Create PDU Session VSM Context Response IE.
  • the Create PDU Session VSM Context Response IE includes the content equivalent to the PDU Session Resource Establishment Response Transmission IE (TS 38.413, 9.3.4.2).
  • the Create PDU Session VSM Context Response IE includes a PDU Session ID.
  • the Nvamf_Communication_VnMessageTransfer message also includes an hNAS container.
  • the Nvamf_Communication_VnMessageTransfer also includes a PDU session ID.
  • the vAMF 30 sends a Nhamf_Communication_VtoH_HN1_MessageTransfer to the hAMF 70.
  • the message includes an inter-SMF container, an hNAS container, and a PDU session ID.
  • the hAMF 70 sends an Nhsmf_PDUSession_UpdateSMContext request to the hSMF 80.
  • the message includes the inter-SMF container, the hNAS container, and the PDU session ID.
  • the hSMF80 sends a PFCP session change request to the hUPF.
  • the hUPF90 sends a PFCP session change response to the hSMF80.
  • the hSMF 80 transmits a Nnef_SMContext_Create request to the NEF 120 (TS 23.502, 4.25.2, step 2).
  • the NEF 120 transmits a Nnef_SMContext_Create response to the hSMF 80 (TS 23.502, 4.25.2, step 3).
  • the hSMF 80 sends an Nhamf_Communication_HnMessageTransfer to the hAMF 70.
  • the message includes an hNAS container.
  • the hNAS container includes a PDU session establishment grant (TS 24.501, 8.3.2).
  • the PDU session establishment grant includes a C-plane only indication (NEF anchor indication).
  • the Nhamf_Communication_HnMessageTransfer message also includes a PDU session ID.
  • the hAMF 70 encrypts and integrity protects the hNAS container by hNAS security.
  • the hAMF 70 sends Nvamf_Communication_HtoV_HN1_MessageTransfer to the vAMF 30.
  • the message includes the hNAS container and a PDU session ID.
  • the vAMF 30 sends an NGAP DL NAS Transport (TS 38.413, 9.2.5.2) to the RAN 10.
  • the message includes a vNAS DL NAS Transport IE. Including container.
  • RAN 10 sends a DL information transfer message to terminal 20 (TS 38.331, 5.7.1.1).
  • the message includes a vNAS DL NAS transport IE.
  • the terminal 20 understands (assumes) that since only the C plane is displayed (NEF anchor display), it will subsequently process the CIoT user data container as an hNAS container.
  • C-Plane CIoT 5GS Optimized UPF Anchor Data Transmission Regarding the C-plane CIoT 5GS optimized UPF anchor data transmission of this embodiment, in the case of terminal origination, it is the same as TS 23.502, 4.24.1. However, vAMF is used instead of AMF. In the case of terminal termination, it is the same as TS 23.502, 4.24.2. However, vAMF is used instead of AMF.
  • the terminal 20 protects the confidentiality and integrity of the user small data opposite the hUPF 90.
  • the communication partner of the terminal 20 for the confidentiality and integrity protected user small data is the hUPF 90.
  • NEF-based non-IP data transmission - terminal originated NEF-based non-IP data transmission - terminal originated
  • the terminal 20 creates an hNAS container.
  • the hNAS container includes a CIoT user data container.
  • the terminal 20 encrypts and integrity protects the hNAS container using hNAS security.
  • the terminal 20 sends a UL information transfer message to the RAN 10.
  • the message includes a vNAS UL NAS transport IE.
  • the vNAS UL NAS transport IE includes an hNAS container and a PDU session ID.
  • RAN 10 sends an NGAP UL NAS Transport to vAMF 30.
  • the message includes a vNAS UL NAS Transport IE.
  • the vAMF 30 sends Nhamf_Communication_VtoH_HN1_MessageTransfer to the hAMF 70.
  • the message includes the hNAS container and the PDU session ID.
  • the hAMF 70 decrypts and verifies the integrity of the hNAS container.
  • the hAMF 70 sends Nhsmf_PDUSession_SendMOData to the hSMF 80 (TS 23.502, 4.25.4, step 1).
  • the message includes the IoT user data container and the PDU session ID.
  • the hSMF80 sends a Nnef_SMContext_Delivery request to the NEF120 (TS 23.502, 4.25.4, step 3).
  • the message includes a CIoT user data container and a PDU session ID.
  • NEF-based non-IP data transmission - terminal termination Next, a case of terminal termination in NEF-based non-IP data transmission will be described.
  • the NEF 120 sends a Nhsmf_NIDD_Delivery request to the hSMF 80 (TS 23.502, 4.25.5, step 3).
  • the URI of the message includes a PDU session reference number that was previously provided by the SMF to the NEF.
  • the Nhsmf_NIDD_Delivery request message also includes a CIoT user data container.
  • the hSMF 80 sends a Nhamf_Communication_HnMessageTransfer to the hAMF 70.
  • the message includes a CIoT user data container and a PDU session ID.
  • the hAMF 70 creates an hNAS container, which includes a CIoT user data container.
  • the hAMF 70 encrypts and integrity protects the hNAS container using hNAS security.
  • the hAMF 70 sends Nvamf_Communication_HtoV_HN1_MessageTransfer to the vAMF 30.
  • the message includes an hNAS container and a PDU session ID.
  • the vAMF 30 sends an NGAP DL NAS Transport (TS 38.413, 9.2.5.2) to the RAN 10.
  • the message includes a vNAS DL NAS Transport IE.
  • the IE includes an hNAS container and a PDU session ID.
  • the RAN 10 sends a DL information transfer message (TS 38.331, 5.7.1.1) to the terminal 20.
  • the message includes the vNAS DL NAS transport IE.
  • the terminal 20 uses vNAS security to decrypt the vNAS DL NAS transport IE and check the integrity.
  • the terminal 20 uses hNAS security to decrypt the hNAS container and check the integrity.
  • the second embodiment described above enables the terminal 20 to safely transmit small user data even if the HPLMN does not trust the VPLMN.
  • the terminal 20 receives an identifier included in the PDU session establishment acceptance message indicating whether the PDU session is for "C-plane CIoT 5GS optimized UPF anchor data transmission" or "NEF-based non-IP data transmission", and the technology for determining the opposing device (e.g., UPF, AMF) for protecting the confidentiality and integrity of user small data based on the identifier can be applied not only when roaming, but also when not roaming.
  • the technology according to the second embodiment can be applied to user small data transmission methods (e.g., new transmission methods that will appear in the future) other than "C-plane CIoT 5GS optimized UPF anchor data transmission" and "NEF-based non-IP data transmission”.
  • ⁇ Network Node Device 5> 31 is a diagram illustrating an example of a functional configuration of the network node device 5.
  • the network node device 5 may be any one of the network node devices of the RAN 10 (base station 10), the vAMF 30, the vSMF 40, the vUPF 50, the vUDM 60, the hAMF 70, the hSMF 80, the hUPF 90, the AUSF 100, the hUDM 110, and the NEF 120.
  • the network node device 5 has a transmitting unit 115, a receiving unit 125, a setting unit 130, and a control unit 140.
  • the functional configuration shown in FIG. 31 is merely an example.
  • the names of the functional divisions and functional units may be any as long as they can perform the operations related to the embodiment of the present invention.
  • the transmitter 115 has a function of generating information to be transmitted to the terminal 20 or other network node devices, and transmitting the information by wire or wirelessly.
  • the receiver 125 receives various types of information transmitted from the terminal 20 or other network node devices.
  • the setting unit 130 stores various setting information in a storage device and reads it from the storage device as needed.
  • the control unit 140 controls the entire device.
  • the functional units in the control unit 140 related to information transmission may be included in the transmission unit 110, and the functional units in the control unit 140 related to information reception may be included in the reception unit 120.
  • the transmission unit 115 may be called a transmitter, and the reception unit 125 may be called a receiver.
  • Fig. 32 is a diagram showing an example of the functional configuration of the terminal 20.
  • the terminal 20 has a transmitting unit 210, a receiving unit 220, a setting unit 230, and a control unit 240.
  • the functional configuration shown in Fig. 32 is merely an example. As long as the operation related to the embodiment of the present invention can be executed, the names of the functional divisions and the functional units may be any.
  • the transmitting unit 210 and the receiving unit 220 may be collectively referred to as a communication unit.
  • the transmitter 210 creates a transmission signal from the transmission data and transmits the transmission signal wirelessly.
  • the receiver 220 receives various signals wirelessly and obtains higher layer signals from the received physical layer signals.
  • the receiver 220 also has the function of receiving NR-PSS, NR-SSS, NR-PBCH, DL/UL/SL control signals, DCI via PDCCH, data via PDSCH, etc. transmitted from the base station 10.
  • the transmitting unit 210 may transmit a PSCCH (Physical Sidelink Control Channel), a PSSCH (Physical Sidelink Shared Channel), a PSDCH (Physical Sidelink Discovery Channel), a PSBCH (Physical Sidelink Broadcast Channel), or the like to another terminal 20 as D2D communication, and the receiving unit 220 may receive a PSCCH, a PSSCH, a PSDCH, or a PSBCH, or the like, from the other terminal 20.
  • a PSCCH Physical Sidelink Control Channel
  • PSSCH Physical Sidelink Shared Channel
  • PSDCH Physical Sidelink Discovery Channel
  • PSBCH Physical Sidelink Broadcast Channel
  • the setting unit 230 stores various setting information received from the base station 10 or other terminals by the receiving unit 220 in a storage device provided in the setting unit 230, and reads it from the storage device as necessary.
  • the setting unit 230 also stores setting information that is set in advance.
  • the control unit 240 controls the terminal 20.
  • the functional units in the control unit 240 related to signal transmission may be included in the transmission unit 210, and the functional units in the control unit 240 related to signal reception may be included in the reception unit 220.
  • the transmission unit 210 may be called a transmitter, and the reception unit 220 may be called a receiver.
  • This embodiment discloses at least the following Supplementary Notes 1 to 4.
  • ⁇ Appendix 1> a control unit that conceals and protects the integrity of a first message related to authentication control or service provision control from a network node device that handles mobility control or connection control; a transmission unit that includes the first message, which has been subjected to confidentiality and integrity protection, in a second message related to mobility control or access control and transmits the second message to a network.
  • the network node device is an AMF provided in a VPLMN.
  • a control unit that conceals and protects the integrity of messages related to authentication control or service provision control from other network node devices that handle mobility control or connection control; a transmission unit that transmits the message to a terminal via the other network node device.
  • a control unit that receives a message related to mobility control or connection control from a terminal and determines the necessity of re-authentication based on a key set identifier included in the message; A sending unit that transfers the message to another network node device that handles authentication control or service provision control when re-authentication is required.
  • a first message related to authentication control or service provision control is concealed from a network node device that handles mobility control or connection control, and integrity-protected; the first message, which has been subjected to confidentiality and integrity protection, is included in a second message related to mobility control or access control and transmitted to a network.
  • Supplementary Items 1 to 6 provide technology that enables terminals to communicate securely when roaming, even if the HPLMN does not trust the VPLMN.
  • Supplementary Items 2 and 4 clarify the network node equipment provided in the HPLMN/VPLMN.
  • ⁇ Appendix 2> (Additional Note 1) a transmission unit that assigns an identifier associated with a terminal context in another network node device that handles authentication control or service provision control to the other network node device, and transmits a message including the identifier to the other network node device; A control unit that performs mobility control or connection control processing by using the identifier without using a persistent identifier of a terminal. (Additional Note 2) The network node device according to claim 1, wherein the other network node device is provided in an HPLMN, and the network node device is provided in a VPLMN.
  • a receiving unit that receives an instruction from a first network node device that determines establishment of a session based on a request from a terminal; and a control unit that sets a data relay path for a target session using a terminal temporary identifier assigned by a second network node device that performs mobility control or connection control processing based on the instruction, and a session identifier assigned by the terminal, without using a permanent identifier of the terminal.
  • the network node device according to claim 3 wherein the first network node device is provided in an HPLMN, and the second network node device and the network node device are provided in a VPLMN.
  • Supplementary Items 1 to 5 provide technology that enables terminals to communicate securely when roaming, even if the HPLMN does not trust the VPLMN.
  • Supplementary Items 2 and 4 clarify the network node equipment provided in the HPLMN/VPLMN.
  • a receiving unit that receives a terminal security capability and a key from a first network node device that handles authentication control or service provision control;
  • a control unit that selects a security algorithm to be used for secure communication between the terminal and the second network node device and derives a confidentiality key and an integrity protection key; a transmitter that transmits the security algorithm, the confidentiality key, and the integrity protection key to the second network node device, and transmits the security algorithm to the terminal.
  • a control unit that encrypts and integrity protects each packet of the QoS flow, except for predetermined header information, in a security protocol layer in a U-plane protocol stack, and passes the encrypted and integrity protected packets to a protocol layer below the security protocol layer; a transmitter for transmitting each encrypted and integrity protected packet.
  • a protocol layer below the security protocol layer is SDAP, and the control unit decrypts a packet passed from the SDAP in the security protocol layer and verifies integrity of the packet.
  • Supplementary Items 1 to 5 provide technology that enables a terminal to communicate securely when roaming, even if the HPLMN does not trust the VPLMN.
  • Supplementary Item 2 clarifies the network node device.
  • Supplementary Item 4 clarifies the operation during verification.
  • a receiving unit for receiving a session establishment acknowledgement message from a network A terminal comprising: a control unit that determines a communication partner of the confidentiality- and integrity-protected user small data based on an identifier that identifies a user small data transmission method included in the session establishment acceptance message.
  • Supplementary Items 1 to 4 provide technology that enables a terminal to safely transmit small user data.
  • Supplementary Items 2 and 3 allow this technology to be applied to a specific method for transmitting small user data.
  • each functional block may be realized using one device that is physically or logically coupled, or may be realized using two or more devices that are physically or logically separated and directly or indirectly connected (for example, using wires, wirelessly, etc.) and these multiple devices.
  • the functional blocks may be realized by combining the one device or the multiple devices with software.
  • Functions include, but are not limited to, judgement, determination, judgment, calculation, computation, processing, derivation, investigation, search, confirmation, reception, transmission, output, access, resolution, selection, selection, establishment, comparison, assumption, expectation, regarding, broadcasting, notifying, communicating, forwarding, configuring, reconfiguring, allocating, mapping, and assignment.
  • a functional block (component) that performs the transmission function is called a transmitting unit or transmitter.
  • the network node device 5 and terminal 20 in one embodiment of the present disclosure may function as a computer that performs processing of the communication method of the present disclosure.
  • FIG. 33 is a diagram showing an example of a hardware configuration of the network node device 5 and terminal 20 in one embodiment of the present disclosure.
  • the network node device 5 and terminal 20 described above may be physically configured as a computer device including a processor 1001, a storage device 1002, an auxiliary storage device 1003, a communication device 1004, an input device 1005, an output device 1006, a bus 1007, and the like.
  • network node devices other than the authorization device 40 and the user information disclosure device 50 also have the configuration shown in FIG. 33.
  • the term "apparatus” may be interpreted as a circuit, device, unit, etc.
  • the hardware configuration of the network node apparatus 5 and the terminal 20 may be configured to include one or more of the apparatuses shown in the figure, or may be configured to exclude some of the apparatuses.
  • the functions of the network node device 5 and the terminal 20 are realized by loading specific software (programs) onto hardware such as the processor 1001 and the storage device 1002, causing the processor 1001 to perform calculations, control communications by the communication device 1004, and control at least one of the reading and writing of data in the storage device 1002 and the auxiliary storage device 1003.
  • the processor 1001 for example, operates an operating system to control the entire computer.
  • the processor 1001 may be configured as a central processing unit (CPU) including an interface with peripheral devices, a control device, an arithmetic unit, registers, etc.
  • CPU central processing unit
  • control unit 140, control unit 240, etc. may be realized by the processor 1001.
  • the processor 1001 reads out a program (program code), software module, data, etc. from at least one of the auxiliary storage device 1003 and the communication device 1004 to the storage device 1002, and executes various processes according to the program.
  • the program is a program that causes a computer to execute at least a part of the operations described in the above embodiment.
  • the control unit 140 may be realized by a control program stored in the storage device 1002 and operated by the processor 1001.
  • the control unit 240 may be realized by a control program stored in the storage device 1002 and operated by the processor 1001.
  • the above-mentioned various processes have been described as being executed by one processor 1001, they may be executed simultaneously or sequentially by two or more processors 1001.
  • the processor 1001 may be implemented by one or more chips.
  • the program may be transmitted from a network via a telecommunications line.
  • the storage device 1002 is a computer-readable recording medium and may be composed of, for example, at least one of a ROM (Read Only Memory), an EPROM (Erasable Programmable ROM), an EEPROM (Electrically Erasable Programmable ROM), a RAM (Random Access Memory), etc.
  • the storage device 1002 may also be called a register, a cache, a main memory, etc.
  • the storage device 1002 can store executable programs (program codes), software modules, etc. for implementing a communication method relating to one embodiment of the present disclosure.
  • the auxiliary storage device 1003 is a computer-readable recording medium, and may be, for example, at least one of an optical disk such as a CD-ROM (Compact Disc ROM), a hard disk drive, a flexible disk, a magneto-optical disk (e.g., a compact disk, a digital versatile disk, a Blu-ray (registered trademark) disk), a smart card, a flash memory (e.g., a card, a stick, a key drive), a floppy (registered trademark) disk, a magnetic strip, etc.
  • the above-mentioned storage medium may be, for example, a database, a server, or other suitable medium that includes at least one of the storage device 1002 and the auxiliary storage device 1003.
  • the communication device 1004 is hardware (transmitting/receiving device) for communicating between computers via at least one of a wired network and a wireless network, and is also referred to as, for example, a network device, a network controller, a network card, or a communication module.
  • the communication device 1004 may be configured to include a high-frequency switch, a duplexer, a filter, a frequency synthesizer, etc., to realize at least one of, for example, Frequency Division Duplex (FDD) and Time Division Duplex (TDD).
  • FDD Frequency Division Duplex
  • TDD Time Division Duplex
  • the transmitting/receiving antenna, an amplifier unit, a transmitting/receiving unit, a transmission path interface, etc. may be realized by the communication device 1004.
  • the transmitting/receiving unit may be implemented as a transmitting unit or a receiving unit that is physically or logically separated.
  • the input device 1005 is an input device (e.g., a keyboard, a mouse, a microphone, a switch, a button, a sensor, etc.) that accepts input from the outside.
  • the output device 1006 is an output device (e.g., a display, a speaker, an LED lamp, etc.) that performs output to the outside. Note that the input device 1005 and the output device 1006 may be integrated into one structure (e.g., a touch panel).
  • each device such as the processor 1001 and the storage device 1002 is connected by a bus 1007 for communicating information.
  • the bus 1007 may be configured using a single bus, or may be configured using different buses between each device.
  • the network node device 5 and the terminal 20 may be configured to include hardware such as a microprocessor, a digital signal processor (DSP), an application specific integrated circuit (ASIC), a programmable logic device (PLD), a field programmable gate array (FPGA), etc., and some or all of the functional blocks may be realized by the hardware.
  • the processor 1001 may be implemented using at least one of these pieces of hardware.
  • the network node device 5 or the terminal 20 may also be provided in the vehicle 2001.
  • FIG. 34 shows an example of the configuration of the vehicle 2001.
  • the vehicle 2001 includes a drive unit 2002, a steering unit 2003, an accelerator pedal 2004, a brake pedal 2005, a shift lever 2006, front wheels 2007, rear wheels 2008, an axle 2009, an electronic control unit 2010, various sensors 2021-2029, an information service unit 2012, and a communication module 2013.
  • the network node device 5 or the terminal 20 according to each aspect/embodiment described in this disclosure may be applied to a communication device mounted on the vehicle 2001, for example, to the communication module 2013.
  • the drive unit 2002 is composed of, for example, an engine, a motor, or a hybrid of an engine and a motor.
  • the steering unit 2003 includes at least a steering wheel (also called a handlebar), and is configured to steer at least one of the front wheels and the rear wheels based on the operation of the steering wheel operated by the user.
  • the electronic control unit 2010 is composed of a microprocessor 2031, memory (ROM, RAM) 2032, and a communication port (IO port) 2033. Signals are input to the electronic control unit 2010 from various sensors 2021 to 2029 provided in the vehicle 2001.
  • the electronic control unit 2010 may also be called an ECU (Electronic Control Unit).
  • Signals from the various sensors 2021-2029 include a current signal from a current sensor 2021 that senses the motor current, a front and rear wheel rotation speed signal obtained by a rotation speed sensor 2022, a front and rear wheel air pressure signal obtained by an air pressure sensor 2023, a vehicle speed signal obtained by a vehicle speed sensor 2024, an acceleration signal obtained by an acceleration sensor 2025, an accelerator pedal depression amount signal obtained by an accelerator pedal sensor 2029, a brake pedal depression amount signal obtained by a brake pedal sensor 2026, a shift lever operation signal obtained by a shift lever sensor 2027, and a detection signal for detecting obstacles, vehicles, pedestrians, etc. obtained by an object detection sensor 2028.
  • the information service unit 2012 is composed of various devices, such as a car navigation system, an audio system, speakers, a television, and a radio, for providing (outputting) various information such as driving information, traffic information, and entertainment information, and one or more ECUs for controlling these devices.
  • the information service unit 2012 uses information acquired from an external device via the communication module 2013 or the like to provide various multimedia information and multimedia services to the occupants of the vehicle 2001.
  • the information service unit 2012 may include input devices (e.g., a keyboard, a mouse, a microphone, a switch, a button, a sensor, a touch panel, etc.) that accept input from the outside, and may also include output devices (e.g., a display, a speaker, an LED lamp, a touch panel, etc.) that perform output to the outside.
  • input devices e.g., a keyboard, a mouse, a microphone, a switch, a button, a sensor, a touch panel, etc.
  • output devices e.g., a display, a speaker, an LED lamp, a touch panel, etc.
  • the driving assistance system unit 2030 is composed of various devices that provide functions for preventing accidents and reducing the driving burden on the driver, such as a millimeter wave radar, LiDAR (Light Detection and Ranging), a camera, a positioning locator (e.g., GNSS, etc.), map information (e.g., high definition (HD) maps, autonomous vehicle (AV) maps, etc.), a gyro system (e.g., IMU (Inertial Measurement Unit), INS (Inertial Navigation System), etc.), AI (Artificial Intelligence) chip, and an AI processor, as well as one or more ECUs that control these devices.
  • the driving assistance system unit 2030 transmits and receives various information via the communication module 2013 to realize driving assistance functions or autonomous driving functions.
  • the communication module 2013 can communicate with the microprocessor 2031 and components of the vehicle 2001 via the communication port.
  • the communication module 2013 transmits and receives data via the communication port 2033 between the drive unit 2002, steering unit 2003, accelerator pedal 2004, brake pedal 2005, shift lever 2006, front wheels 2007, rear wheels 2008, axle 2009, microprocessor 2031 and memory (ROM, RAM) 2032 in the electronic control unit 2010, and sensors 2021 to 29, which are provided on the vehicle 2001.
  • the communication module 2013 is a communication device that can be controlled by the microprocessor 2031 of the electronic control unit 2010 and can communicate with an external device. For example, it transmits and receives various information to and from the external device via wireless communication.
  • the communication module 2013 may be located either inside or outside the electronic control unit 2010.
  • the external device may be, for example, a base station, a mobile station, etc.
  • the communication module 2013 may transmit at least one of the signals from the various sensors 2021-2028 described above input to the electronic control unit 2010, information obtained based on the signals, and information based on input from the outside (user) obtained via the information service unit 2012 to an external device via wireless communication.
  • the electronic control unit 2010, the various sensors 2021-2028, the information service unit 2012, etc. may be referred to as input units that accept input.
  • the PUSCH transmitted by the communication module 2013 may include information based on the above input.
  • the communication module 2013 receives various information (traffic information, signal information, vehicle distance information, etc.) transmitted from an external device, and displays it on the information service unit 2012 provided in the vehicle 2001.
  • the information service unit 2012 may be called an output unit that outputs information (for example, outputs information to a device such as a display or speaker based on the PDSCH (or data/information decoded from the PDSCH) received by the communication module 2013).
  • the communication module 2013 also stores various information received from an external device in a memory 2032 that can be used by the microprocessor 2031.
  • the microprocessor 2031 may control the drive unit 2002, steering unit 2003, accelerator pedal 2004, brake pedal 2005, shift lever 2006, front wheels 2007, rear wheels 2008, axles 2009, sensors 2021 to 2029, etc. provided in the vehicle 2001.
  • the operations of multiple functional units may be physically performed by one part, or the operations of one functional unit may be physically performed by multiple parts.
  • the order of the processing procedures described in the embodiment may be changed as long as there is no contradiction.
  • the network node device 5 and the terminal 20 have been described using functional block diagrams, but such devices may be realized by hardware, software, or a combination thereof.
  • the software operated by the processor possessed by the base station 10 in accordance with an embodiment of the present invention and the software operated by the processor possessed by the terminal 20 in accordance with an embodiment of the present invention may each be stored in random access memory (RAM), flash memory, read only memory (ROM), EPROM, EEPROM, register, hard disk (HDD), removable disk, CD-ROM, database, server or any other suitable storage medium.
  • the notification of information is not limited to the aspects/embodiments described in the present disclosure and may be performed using other methods.
  • the notification of information may be performed by physical layer signaling (e.g., Downlink Control Information (DCI), Uplink Control Information (UCI)), higher layer signaling (e.g., Radio Resource Control (RRC) signaling, Medium Access Control (MAC) signaling), broadcast information (Master Information Block (MIB), System Information Block (SIB)), other signals, or a combination of these.
  • RRC signaling may be referred to as an RRC message, and may be, for example, an RRC Connection Setup message, an RRC Connection Reconfiguration message, etc.
  • Each aspect/embodiment described in this disclosure is a mobile communication system that is compatible with LTE (Long Term Evolution), LTE-A (LTE-Advanced), SUPER 3G, IMT-Advanced, 4G (4th generation mobile communication system), 5G (5th generation mobile communication system), 6th generation mobile communication system (6G), xth generation mobile communication system (xG) (xG (x is, for example, an integer or decimal number)), FRA (Future Ra).
  • the present invention may be applied to at least one of systems using IEEE 802.11 (Wi-Fi (registered trademark)), IEEE 802.16 (WiMAX (registered trademark)), IEEE 802.20, UWB (Ultra-WideBand), Bluetooth (registered trademark), and other appropriate systems, and next-generation systems that are expanded, modified, created, or defined based on these. It may also be applied to a combination of multiple systems (for example, a combination of at least one of LTE and LTE-A with 5G, etc.).
  • certain operations that are described as being performed by the base station 10 may in some cases be performed by its upper node.
  • various operations performed for communication with a terminal 20 may be performed by at least one of the base station 10 and other network nodes other than the base station 10 (such as, but not limited to, an MME or S-GW).
  • the base station 10 may be a combination of multiple other network nodes (such as an MME and an S-GW).
  • the information or signals described in this disclosure may be output from a higher layer (or a lower layer) to a lower layer (or a higher layer). They may be input and output via multiple network nodes.
  • the input and output information may be stored in a specific location (e.g., memory) or may be managed using a management table.
  • the input and output information may be overwritten, updated, or added to.
  • the output information may be deleted.
  • the input information may be sent to another device.
  • the determination in this disclosure may be based on a value represented by one bit (0 or 1), a Boolean (true or false) value, or a comparison of numerical values (e.g., a comparison with a predetermined value).
  • Software shall be construed broadly to mean instructions, instruction sets, code, code segments, program code, programs, subprograms, software modules, applications, software applications, software packages, routines, subroutines, objects, executable files, threads of execution, procedures, functions, etc., whether referred to as software, firmware, middleware, microcode, hardware description language, or otherwise.
  • Software, instructions, information, etc. may also be transmitted and received via a transmission medium.
  • a transmission medium For example, if the software is transmitted from a website, server, or other remote source using at least one of wired technologies (such as coaxial cable, fiber optic cable, twisted pair, Digital Subscriber Line (DSL)), and/or wireless technologies (such as infrared, microwave), then at least one of these wired and wireless technologies is included within the definition of a transmission medium.
  • wired technologies such as coaxial cable, fiber optic cable, twisted pair, Digital Subscriber Line (DSL)
  • wireless technologies such as infrared, microwave
  • the information, signals, etc. described in this disclosure may be represented using any of a variety of different technologies.
  • the data, instructions, commands, information, signals, bits, symbols, chips, etc. that may be referred to throughout the above description may be represented by voltages, currents, electromagnetic waves, magnetic fields or magnetic particles, optical fields or photons, or any combination thereof.
  • the channel and the symbol may be a signal (signaling).
  • the signal may be a message.
  • the component carrier (CC) may be called a carrier frequency, a cell, a frequency carrier, etc.
  • system and “network” are used interchangeably.
  • a radio resource may be indicated by an index.
  • the names used for the parameters described above are not intended to be limiting in any way. Furthermore, the formulas etc. using these parameters may differ from those explicitly disclosed in this disclosure.
  • the various channels (e.g., PUCCH, PDCCH, etc.) and information elements may be identified by any suitable names, and therefore the various names assigned to these various channels and information elements are not intended to be limiting in any way.
  • base station BS
  • radio base station base station
  • base station fixed station
  • NodeB eNodeB
  • gNodeB gNodeB
  • access point e.g., "transmission point”
  • gNodeB gNodeB
  • a base station may also be referred to by terms such as macrocell, small cell, femtocell, and picocell.
  • a base station can accommodate one or more (e.g., three) cells.
  • a base station accommodates multiple cells, the entire coverage area of the base station can be divided into multiple smaller areas, and each smaller area can also provide communication services by a base station subsystem (e.g., a small indoor base station (RRH: Remote Radio Head)).
  • RRH Remote Radio Head
  • the term "cell” or “sector” refers to a part or the entire coverage area of at least one of the base station and base station subsystems that provide communication services in this coverage.
  • a base station transmitting information to a terminal may be interpreted as the base station instructing the terminal to control or operate based on the information.
  • MS Mobile Station
  • UE User Equipment
  • a mobile station may also be referred to by those skilled in the art as a subscriber station, mobile unit, subscriber unit, wireless unit, remote unit, mobile device, wireless device, wireless communication device, remote device, mobile subscriber station, access terminal, mobile terminal, wireless terminal, remote terminal, handset, user agent, mobile client, client, or some other suitable terminology.
  • At least one of the network node device 5 and the terminal 20 may be called a transmitting device, a receiving device, a communication device, etc. At least one of the network node device 5 and the terminal 20 may be a device mounted on a moving object, the moving object itself, etc.
  • the moving object is an object that can move and may move at any speed. It also naturally includes the case where the moving object is stopped.
  • the moving object includes, but is not limited to, for example, a vehicle, a transport vehicle, an automobile, a motorcycle, a bicycle, a connected car, an excavator, a bulldozer, a wheel loader, a dump truck, a forklift, a train, a bus, a handcart, a rickshaw, a ship and other watercraft, an airplane, a rocket, an artificial satellite, a drone (registered trademark), a multicopter, a quadcopter, a balloon, and objects mounted thereon.
  • the moving object may also be a moving object that travels autonomously based on an operation command.
  • At least one of the base station and the mobile station may also include devices that do not necessarily move during communication operations.
  • at least one of the base station and the mobile station may be an IoT (Internet of Things) device such as a sensor.
  • IoT Internet of Things
  • the base station in the present disclosure may be read as a terminal.
  • each aspect/embodiment of the present disclosure may be applied to a configuration in which communication between a base station and a terminal is replaced with communication between multiple terminals 20 (which may be called, for example, D2D (Device-to-Device) or V2X (Vehicle-to-Everything)).
  • the terminal 20 may be configured to have the functions of the base station 10 described above.
  • terms such as "uplink” and "downlink” may be read as terms corresponding to communication between terminals (for example, "side”).
  • the uplink channel, downlink channel, etc. may be read as a side channel.
  • the terminal in this disclosure may be interpreted as a base station.
  • the base station may be configured to have the functions of the terminal described above.
  • determining may encompass a wide variety of actions.
  • Determining and “determining” may include, for example, judging, calculating, computing, processing, deriving, investigating, looking up, search, inquiry (e.g., searching in a table, database, or other data structure), and considering ascertaining as “judging” or “determining.”
  • determining and “determining” may include receiving (e.g., receiving information), transmitting (e.g., sending information), input, output, accessing (e.g., accessing data in memory), and considering ascertaining as “judging” or “determining.”
  • judgment” and “decision” can include considering resolving, selecting, choosing, establishing, comparing, etc., to have been “judged” or “decided.” In other words, “judgment” and “decision” can include considering some action to have been “judged” or “decided.” Additionally, “judgment (decision)” can be interpreted as “assuming,” “ex
  • connection refers to any direct or indirect connection or coupling between two or more elements, and may include the presence of one or more intermediate elements between two elements that are “connected” or “coupled” to each other.
  • the coupling or connection between elements may be physical, logical, or a combination thereof.
  • “connected” may be read as "access.”
  • two elements may be considered to be “connected” or “coupled” to each other using at least one of one or more wires, cables, and printed electrical connections, as well as electromagnetic energy having wavelengths in the radio frequency range, microwave range, and optical (both visible and invisible) range, as some non-limiting and non-exhaustive examples.
  • the reference signal may also be abbreviated as RS (Reference Signal) or may be called a pilot depending on the applicable standard.
  • the phrase “based on” does not mean “based only on,” unless expressly stated otherwise. In other words, the phrase “based on” means both “based only on” and “based at least on.”
  • any reference to an element using a designation such as "first,” “second,” etc., used in this disclosure does not generally limit the quantity or order of those elements. These designations may be used in this disclosure as a convenient method of distinguishing between two or more elements. Thus, a reference to a first and a second element does not imply that only two elements may be employed or that the first element must precede the second element in some way.
  • a radio frame may be composed of one or more frames in the time domain. Each of the one or more frames in the time domain may be called a subframe. A subframe may further be composed of one or more slots in the time domain. A subframe may have a fixed time length (e.g., 1 ms) that is independent of numerology.
  • Numerology may be a communication parameter that applies to at least one of the transmission and reception of a signal or channel. Numerology may indicate, for example, at least one of the following: subcarrier spacing (SCS), bandwidth, symbol length, cyclic prefix length, transmission time interval (TTI), number of symbols per TTI, radio frame structure, a specific filtering process performed by the transceiver in the frequency domain, a specific windowing process performed by the transceiver in the time domain, etc.
  • SCS subcarrier spacing
  • TTI transmission time interval
  • radio frame structure a specific filtering process performed by the transceiver in the frequency domain
  • a specific windowing process performed by the transceiver in the time domain etc.
  • a slot may consist of one or more symbols in the time domain (such as OFDM (Orthogonal Frequency Division Multiplexing) symbols, SC-FDMA (Single Carrier Frequency Division Multiple Access) symbols, etc.).
  • a slot may be a time unit based on numerology.
  • a slot may include multiple minislots. Each minislot may consist of one or multiple symbols in the time domain. A minislot may also be called a subslot. A minislot may consist of fewer symbols than a slot.
  • a PDSCH (or PUSCH) transmitted in a time unit larger than a minislot may be called PDSCH (or PUSCH) mapping type A.
  • a PDSCH (or PUSCH) transmitted using a minislot may be called PDSCH (or PUSCH) mapping type B.
  • Radio frame, subframe, slot, minislot, and symbol all represent time units for transmitting signals. Radio frame, subframe, slot, minislot, and symbol may each be referred to by a different name that corresponds to the radio frame, subframe, slot, minislot, and symbol.
  • one subframe may be called a transmission time interval (TTI)
  • TTI transmission time interval
  • multiple consecutive subframes may be called a TTI
  • one slot or one minislot may be called a TTI.
  • at least one of the subframe and the TTI may be a subframe (1 ms) in existing LTE, a period shorter than 1 ms (e.g., 1-13 symbols), or a period longer than 1 ms.
  • the unit representing the TTI may be called a slot, minislot, etc., instead of a subframe.
  • one slot may be called a unit time. The unit time may differ for each cell depending on the numerology.
  • TTI refers to, for example, the smallest time unit for scheduling in wireless communication.
  • a base station performs scheduling to allocate wireless resources (such as frequency bandwidth and transmission power that can be used by each terminal 20) to each terminal 20 in TTI units.
  • wireless resources such as frequency bandwidth and transmission power that can be used by each terminal 20
  • TTI is not limited to this.
  • the TTI may be a transmission time unit for a channel-coded data packet (transport block), a code block, a code word, etc., or may be a processing unit for scheduling, link adaptation, etc.
  • the time interval e.g., the number of symbols
  • the time interval in which a transport block, a code block, a code word, etc. is actually mapped may be shorter than the TTI.
  • one or more TTIs may be the minimum time unit of scheduling.
  • the number of slots (minislots) that constitute the minimum time unit of scheduling may be controlled.
  • a TTI having a time length of 1 ms may be called a normal TTI (TTI in LTE Rel. 8-12), normal TTI, long TTI, normal subframe, normal subframe, long subframe, slot, etc.
  • TTI shorter than a normal TTI may be called a shortened TTI, short TTI, partial or fractional TTI, shortened subframe, short subframe, minislot, subslot, slot, etc.
  • a long TTI (e.g., a normal TTI, a subframe, etc.) may be interpreted as a TTI having a time length of more than 1 ms
  • a short TTI e.g., a shortened TTI, etc.
  • TTI length shorter than the TTI length of a long TTI and equal to or greater than 1 ms.
  • a resource block is a resource allocation unit in the time domain and frequency domain, and may include one or more consecutive subcarriers in the frequency domain.
  • the number of subcarriers included in an RB may be the same regardless of the numerology, and may be, for example, 12.
  • the number of subcarriers included in an RB may be determined based on the numerology.
  • the time domain of an RB may include one or more symbols and may be one slot, one minislot, one subframe, or one TTI in length.
  • One TTI, one subframe, etc. may each be composed of one or more resource blocks.
  • one or more RBs may be referred to as a physical resource block (PRB), a sub-carrier group (SCG), a resource element group (REG), a PRB pair, an RB pair, etc.
  • PRB physical resource block
  • SCG sub-carrier group
  • REG resource element group
  • PRB pair an RB pair, etc.
  • a resource block may be composed of one or more resource elements (REs).
  • REs resource elements
  • one RE may be a radio resource area of one subcarrier and one symbol.
  • a Bandwidth Part which may also be referred to as a partial bandwidth, may represent a subset of contiguous common resource blocks (RBs) for a given numerology on a given carrier, where the common RBs may be identified by an index of the RB relative to a common reference point of the carrier.
  • PRBs may be defined in a BWP and numbered within the BWP.
  • the BWP may include a BWP for UL (UL BWP) and a BWP for DL (DL BWP).
  • UL BWP UL BWP
  • DL BWP DL BWP
  • One or more BWPs may be configured for a UE within one carrier.
  • At least one of the configured BWPs may be active, and the UE may not expect to transmit or receive a given signal/channel outside the active BWP.
  • BWP bitmap
  • radio frames, subframes, slots, minislots, and symbols are merely examples.
  • the number of subframes included in a radio frame, the number of slots per subframe or radio frame, the number of minislots included in a slot, the number of symbols and RBs included in a slot or minislot, the number of subcarriers included in an RB, as well as the number of symbols in a TTI, the symbol length, and the cyclic prefix (CP) length can be changed in various ways.
  • a and B are different may mean “A and B are different from each other.”
  • the term may also mean “A and B are each different from C.”
  • Terms such as “separate” and “combined” may also be interpreted in the same way as “different.”
  • notification of specific information is not limited to being done explicitly, but may be done implicitly (e.g., not notifying the specific information).
  • Control unit 210 Transmitter 220 Receiving unit 230 Setting unit 240 Control unit 1001 Processor 1002 Storage unit 1003 Auxiliary storage unit 1004 Communication device 1005 Input device 1006 Output device 2001 Vehicle 2002 Driving unit 2003 Steering unit 2004 Accelerator pedal 2005 Brake pedal 2006 Shift lever 2007 Front wheel 2008 Rear wheel 2009 Axle 2010 Electronic control unit 2012 Information service unit 2013 Communication module 2021 Current sensor 2022 Rotational speed sensor 2023 Air pressure sensor 2024 Vehicle speed sensor 2025 Acceleration sensor 2026 Brake pedal sensor 2027 Shift lever sensor 2028 Object detection sensor 2029 Accelerator pedal sensor 2030 Driving support system unit 2031 Microprocessor 2032 Memory (ROM, RAM) 2033 Communication port (IO port)

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)
PCT/JP2023/010769 2023-03-17 2023-03-17 端末、ネットワークノード装置、及び通信方法 Ceased WO2024194968A1 (ja)

Priority Applications (4)

Application Number Priority Date Filing Date Title
CN202380095740.5A CN120814265A (zh) 2023-03-17 2023-03-17 终端、网络节点装置以及通信方法
JP2025507942A JPWO2024194968A1 (https=) 2023-03-17 2023-03-17
PCT/JP2023/010769 WO2024194968A1 (ja) 2023-03-17 2023-03-17 端末、ネットワークノード装置、及び通信方法
EP23928551.3A EP4683367A1 (en) 2023-03-17 2023-03-17 Terminal, network node device, and communication method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2023/010769 WO2024194968A1 (ja) 2023-03-17 2023-03-17 端末、ネットワークノード装置、及び通信方法

Publications (1)

Publication Number Publication Date
WO2024194968A1 true WO2024194968A1 (ja) 2024-09-26

Family

ID=92841138

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2023/010769 Ceased WO2024194968A1 (ja) 2023-03-17 2023-03-17 端末、ネットワークノード装置、及び通信方法

Country Status (4)

Country Link
EP (1) EP4683367A1 (https=)
JP (1) JPWO2024194968A1 (https=)
CN (1) CN120814265A (https=)
WO (1) WO2024194968A1 (https=)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2007533280A (ja) * 2004-04-19 2007-11-15 エルジー エレクトロニクス インコーポレイティド 改善されたumrlcデータ管理装置及びその方法
WO2022026647A1 (en) * 2020-07-29 2022-02-03 Taehun Kim Configuration release

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2007533280A (ja) * 2004-04-19 2007-11-15 エルジー エレクトロニクス インコーポレイティド 改善されたumrlcデータ管理装置及びその方法
WO2022026647A1 (en) * 2020-07-29 2022-02-03 Taehun Kim Configuration release

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
NEC: "pCR to TR 33.899: Update of Solution #1.31", 3GPP DRAFT; S3-171176, 3RD GENERATION PARTNERSHIP PROJECT (3GPP), MOBILE COMPETENCE CENTRE ; 650, ROUTE DES LUCIOLES ; F-06921 SOPHIA-ANTIPOLIS CEDEX ; FRANCE, vol. SA WG3, no. Ljubljana; 20170515 - 20170519, 9 May 2017 (2017-05-09), Mobile Competence Centre ; 650, route des Lucioles ; F-06921 Sophia-Antipolis Cedex ; France , XP051269152 *
See also references of EP4683367A1 *

Also Published As

Publication number Publication date
EP4683367A1 (en) 2026-01-21
CN120814265A (zh) 2025-10-17
JPWO2024194968A1 (https=) 2024-09-26

Similar Documents

Publication Publication Date Title
JP7758422B2 (ja) ネットワークノード、リソースオーナー装置、システム、及び通信方法
JP7796148B2 (ja) 通信装置、ネットワークノード装置、システム、及び通信方法
WO2024079798A1 (ja) 認可装置、通信システム、及び認可方法
WO2024194968A1 (ja) 端末、ネットワークノード装置、及び通信方法
WO2024194966A1 (ja) 端末、ネットワークノード装置、及び通信方法
WO2024194969A1 (ja) 端末、及び通信方法
WO2024194967A1 (ja) ネットワークノード装置、及び通信方法
EP4668817A1 (en) Approval device, communication system, and communication method
WO2024209652A1 (ja) 端末、及び通信方法
WO2024209653A1 (ja) 端末、ネットワークノード装置、及び通信方法
WO2024095485A1 (ja) 認証セキュリティ装置、端末、通信システム、及び通信方法
WO2025037373A1 (ja) ネットワークノード、端末、及び通信方法
WO2024202067A1 (ja) 端末、ネットワークノード装置、及び通信方法
WO2025037404A1 (ja) ネットワークノード、通信方法及び通信システム
WO2025094300A1 (ja) ネットワークノード、端末、及び通信方法
WO2024202066A1 (ja) 端末、ネットワークノード装置、及び通信方法
WO2025074606A1 (ja) ネットワークノード、基地局、及び通信方法
WO2025150171A1 (ja) ネットワークノード、端末、及び通信方法
WO2025238836A1 (ja) ネットワークノード、端末、及び通信方法
WO2024111070A1 (ja) ネットワークノード装置、通信システム、及び通信方法
WO2025004374A1 (ja) ネットワークノード及び制御方法
WO2025052592A1 (ja) ネットワークノード、端末、及び通信方法
WO2025004346A1 (ja) ネットワークノード及び制御方法
WO2025004342A1 (ja) ネットワークノード及び制御方法
WO2025238835A1 (ja) 端末、ネットワークノード、及び通信方法

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 23928551

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2025507942

Country of ref document: JP

Kind code of ref document: A

WWE Wipo information: entry into national phase

Ref document number: 2025507942

Country of ref document: JP

WWE Wipo information: entry into national phase

Ref document number: 202380095740.5

Country of ref document: CN

WWE Wipo information: entry into national phase

Ref document number: 2023928551

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 202380095740.5

Country of ref document: CN

NENP Non-entry into the national phase

Ref country code: DE

ENP Entry into the national phase

Ref document number: 2023928551

Country of ref document: EP

Effective date: 20251017

ENP Entry into the national phase

Ref document number: 2023928551

Country of ref document: EP

Effective date: 20251017

ENP Entry into the national phase

Ref document number: 2023928551

Country of ref document: EP

Effective date: 20251017

ENP Entry into the national phase

Ref document number: 2023928551

Country of ref document: EP

Effective date: 20251017

ENP Entry into the national phase

Ref document number: 2023928551

Country of ref document: EP

Effective date: 20251017