Search

CN-122029858-A - Cross-domain authorization of services in a communication network environment

CN122029858ACN 122029858 ACN122029858 ACN 122029858ACN-122029858-A

Abstract

Techniques for cross-domain authorization of services in a communication network environment are disclosed. For example, a method includes requesting data or services associated with a communication network via one of a radio access network entity and a core network entity, and performing a cross-domain authorization procedure between the radio access network entity and the core network entity for the data or services.

Inventors

  • S. Kari
  • C. Agarwal

Assignees

  • 诺基亚技术有限公司

Dates

Publication Date
20260512
Application Date
20241011
Priority Date
20231013

Claims (20)

  1. 1. An apparatus, comprising: at least one processor, and At least one memory storing instructions that, when executed by the at least one processor, cause the apparatus at least to: operating as an entity in a core network, the entity being configured to at least one of provide one or more services and facilitate one or more services, and Together with one or more radio access network entities, participate in a cross-domain authorization procedure for the one or more services.
  2. 2. The apparatus of claim 1, wherein participating with the one or more radio access network entities in the cross-domain authorization procedure for the one or more services further comprises sending information to a registration entity in the core network identifying the one or more radio access network entities and which of the one or more services can be consumed by the one or more radio access network entities.
  3. 3. The apparatus of claim 1 or 2, wherein participating with the one or more radio access network entities in the cross-domain authorization procedure for the one or more services further comprises receiving a service request for one of the one or more services from one of the one or more radio access network entities, wherein the service request comprises an access token.
  4. 4. The apparatus of any of claims 1-3, wherein participating with the one or more radio access network entities in the cross-domain authorization procedure for the one or more services further comprises sending a response to the service request in response to authentication of the access token.
  5. 5. The apparatus of claim 3 or 4, wherein the service request is received from an access and mobility management entity associated with the core network and the response is sent to the access and mobility management entity.
  6. 6. The apparatus of any of claims 1-5, wherein at least one of the one or more services comprises an analytics service.
  7. 7. The apparatus of any of claims 1-5, wherein at least one of the one or more services comprises a collaborative model training service.
  8. 8. The apparatus of claim 1, wherein participating with the one or more radio access network entities in the cross-domain authorization procedure for the one or more services further comprises sending a request to a registration entity in the core network to discover access and mobility management entities associated with one of the one or more radio access network entities that support data sought by the core network entity for one of the one or more services.
  9. 9. The apparatus of claim 1 or 8, wherein participating with the one or more radio access network entities in the cross-domain authorization procedure for the one or more services further comprises sending a request for an access token to the registration entity, wherein the request for the access token comprises information specifying the supporting one of the one or more radio access network entities, the data sought, and the access and mobility management entity.
  10. 10. The apparatus of any of claims 1, 8, and 9, wherein participating with the one or more radio access network entities in the cross-domain authorization procedure for the one or more services further comprises receiving an access token from the registration entity, wherein the access token comprises a claim specifying the supporting radio access network entity of the one or more radio access network entities, the data sought, the access and mobility management entities, and the core network entity.
  11. 11. The apparatus of any one of claims 1 and 8-10, wherein participating with the one or more radio access network entities in the cross-domain authorization procedure for the one or more services further comprises sending a service request with the access token to the supporting one of the one or more radio access network entities via the access and mobility management entity.
  12. 12. The apparatus of any of claims 1 and 8-11, wherein participating with the one or more radio access network entities in the cross-domain authorization procedure for the one or more services further comprises receiving a response to the service request via the access and mobility management entity, the response having the data sought from the supporting one of the one or more radio access network entities.
  13. 13. The apparatus of any of claims 1 and 8-12, wherein at least one of the one or more services comprises an analytics service.
  14. 14. The apparatus of any of claims 1 and 8-12, wherein at least one of the one or more services comprises a collaborative model training service.
  15. 15. A method, comprising: The cross-domain authorization procedure is participated with one or more radio access network entities via a core network entity configured to at least one of provide one or more services and facilitate one or more services.
  16. 16. A computer readable non-transitory medium comprising program instructions stored thereon for performing at least the method of claim 15.
  17. 17. An apparatus, comprising: Means for operating as an entity in a core network, the entity configured to at least one of provide one or more services and facilitate the one or more services, and Means for participating in a cross-domain authorization procedure for the one or more services with one or more radio access network entities.
  18. 18. An apparatus, comprising: at least one processor, and At least one memory storing instructions that, when executed by the at least one processor, cause the apparatus at least to: Operate as an entity in a radio access network, the entity being configured to at least one of provide one or more services and facilitate one or more services, and Together with at least one core network entity, participate in a cross-domain authorization procedure for the one or more services.
  19. 19. The apparatus of claim 18, wherein participating with the core network entity in the cross-domain authorization procedure for the one or more services further comprises sending a request associated with one of the one or more services to an access and mobility management entity, wherein the request comprises an indication of data sought by the radio access network entity for the one or more services.
  20. 20. The apparatus of claim 18 or 19, wherein participating with the core network entity in the cross-domain authorization procedure for the one or more services further comprises receiving a response to the request from the access and mobility management entity, the response having the data sought or a link to the data sought, and an access token from the core network.

Description

Cross-domain authorization of services in a communication network environment Technical Field The field relates generally to communication networks and in particular, but not exclusively, to security management in such communication networks. Background This section introduces aspects that may facilitate a better understanding of the inventions. The statements in this section are thus to be read in this light, and not as admissions of what is or is not in the prior art. Fourth generation (4G) wireless mobile telecommunications technology, also known as Long Term Evolution (LTE) technology, is designed to provide high capacity mobile multimedia with high data rates, particularly for human interaction. Next generation or fifth generation (5G) technologies are intended not only for human interaction, but also for machine type communication in so-called internet of things (IoT) networks. While 5G networks are intended to implement large-scale IoT services (e.g., very large numbers of limited capacity devices) and mission critical IoT services (e.g., high reliability is required), improvements over traditional mobile communication services are supported in the form of enhanced mobile broadband (eMBB) services, thereby providing improved wireless internet access for mobile devices. In AN example communication system, user equipment, such as a mobile terminal (subscriber) (5G UE in a 5G network, or more broadly, UE), communicates over AN air interface with a base station or access point of AN access network in the 5G network, referred to as a 5G AN. An access point (e.g., a gNB) is illustratively part of an access network of a communication system. For example, in a 5G network, AN access network known as a 5G AN is described in 5G Technical Specification (TS) 23.501 entitled "technical Specification group services and System aspects," System architecture for 5G systems, "and TS 23.502 entitled" technical Specification group services and System aspects, "procedures for 5G systems (5 GS), the disclosure of which is incorporated herein by reference in its entirety. In general, an access point (e.g., a gNB) provides UEs with access to a core network (CN or 5 GC), which in turn provides UEs with access to other UEs and/or data networks, such as a packet data network (e.g., the internet). TS 23.501 continues to define a 5G service-based architecture (SBA) that models services as Network Functions (NF) that communicate with each other using a representational state transfer application programming interface (Restful API). In addition, TS 33.501 (the disclosure of which is incorporated herein by reference in its entirety) entitled "technical Specification group services and System aspects," Security architecture and procedures for 5G systems, further describes security management details associated with 5G networks. Security management is an important consideration in any communication network environment. However, security management problems associated with data exchanged in a communication network environment can present significant challenges as attempts continue to improve the architecture and protocols associated with 5G networks in order to increase network efficiency and/or subscriber convenience. For example, securely implementing authorization in a communication network environment is a technical challenge. Disclosure of Invention The illustrative embodiments provide techniques for cross-domain authorization of services in a communication network environment. Although not limited thereto, the illustrative embodiments are particularly well suited for use with analysis services, such as training and/or utilizing artificial intelligence/machine learning (AI/ML) models, neural network models, and the like. In one illustrative embodiment, a method includes participating in a cross-domain authorization process with at least one core network entity via a radio access network entity configured to at least one of provide one or more services and facilitate one or more services. In another illustrative embodiment, a method includes participating in a cross-domain authorization procedure for one or more services between at least one radio access network entity and at least one core network entity via an access and mobility management entity associated with the core network. In yet another illustrative embodiment, a method includes participating in a cross-domain authorization procedure with one or more radio access network entities via a core network entity configured to at least one of provide one or more services and facilitate the one or more services. In another illustrative embodiment, a method includes participating in a cross-domain authorization procedure for one or more services between at least one radio access network entity and at least one core network entity via a registration entity associated with the core network. Further illustrative embodiments are provided in the form of a non-transitory computer-readab