Search

EP-4140192-B1 - NETWORK SLICE-SPECIFIC AUTHENTICATION AND AUTHORIZATION

EP4140192B1EP 4140192 B1EP4140192 B1EP 4140192B1EP-4140192-B1

Inventors

  • WAFTA, MAHMOUD
  • KAURA, Ricky Kumar

Dates

Publication Date
20260506
Application Date
20210524

Claims (8)

  1. A method for communication by a user equipment, UE, in a wireless communication system, the method comprising: transmitting, to an access and mobility management function, AMF, a registration request message associated with a registration procedure, the registration request message including a requested network slice selection assistance information, NSSAI, including one or more single-NSSAIs, S-NSSAIs; and receiving, from the AMF, a registration accept message associated with the registration procedure, wherein the registration accept message includes - pending, NSSAI, - allowed NSSAI, if any, and, - if the allowed NSSAI is not included, an "NSSAA to be performed" indicator in a 5GS registration result information element, IE, set to indicate whether network slice-specific authentication and authorization procedure will be performed by a network, wherein, if a registration area of the UE which is received from the AMF during the registration procedure, contains tracking area identifiers, TAIs, belonging to different public land mobile networks, PLMNs, which are equivalent PLMNs, the pending NSSAI is applicable to the equivalent PLMNs in the registration area, characterized in that if the registration area of the UE contains TAIs belonging to different PLMNs which are equivalent PLMNs, for each of the equivalent PLMNs, replacing any stored pending NSSAI with the pending NSSAI received in a registered PLMN.
  2. The method according to claim 1, wherein the pending NSSAI includes one or more S-NSSAIs.
  3. The method according to claim 2, wherein the pending NSSAI is applicable to tracking areas, TAs, of at least one equivalent PLMN that serves the one or more S-NSSAIs in the pending NSSAI.
  4. The method according to claim 1, further comprising storing the received pending NSSAI for a first PLMN to which the UE is registered, wherein the received pending NSSAI is applicable to the first PLMN.
  5. A user equipment, UE, (300) in a wireless communication system, the UE comprising: a transceiver (303, 305); and a processor (301) coupled to the transceiver, wherein the processor is configured to: transmit, to an access and mobility management function, AMF, a registration request message associated with a registration procedure, the registration request message including a requested network slice selection assistance information, NSSAI, including one or more single-NSSAIs, S-NSSAIs; receive, from the AMF, a registration accept message associated with the registration procedure, wherein the registration accept message includes - pending, NSSAI, - allowed NSSAI, if any, and, - if the allowed NSSAI is not included, an "NSSAA to be performed" indicator in a 5GS registration result information element, IE, set to indicate whether network slice-specific authentication and authorization procedure will be performed by a network, wherein, if a registration area of the UE which is received from the AMF during the registration procedure, contains tracking area identifiers, TAIs, belonging to different public land mobile networks, PLMNs, which are equivalent PLMNs, the pending NSSAI is applicable to the equivalent PLMNs in the registration area, characterized in that if the registration area of the UE contains TAIs belonging to different PLMNs which are equivalent PLMNs, for each of the equivalent PLMNs, replace any stored pending NSSAI with the pending NSSAI received in a registered PLMN.
  6. The UE according to claim 5, wherein the pending NSSAI includes one or more S-NSSAIs.
  7. The UE according to claim 6, wherein the pending NSSAI is applicable to tracking areas, TAs, of at least one equivalent PLMN that serves the one or more S-NSSAIs in the pending NSSAI.
  8. The UE according to claim 5, wherein the processor is further configured to: store the received pending NSSAI for a first PLMN to which the UE is registered, wherein the received pending NSSAI is applicable to the first PLMN.

Description

[Technical Field] Certain examples of the present disclosure provide methods, apparatus and systems for performing authentication and authorization in a network. For example, certain examples of the present disclosure provide methods, apparatus and systems for performing NSSAA in 3GPP 5G. [Background Art] Certain examples of the present disclosure provide methods, apparatus and systems for performing authentication and authorization in a network. For example, certain examples of the present disclosure provide methods, apparatus and systems for performing NSSAA in 3GPP 5G. Various acronyms, abbreviations and definitions used in the present disclosure are defined at the end of this description. In 3GPP 5GS, the following are defined (e.g., in 3GPP standard specification). A network slice (NS) is defined as a logical network that provides specific network capabilities and network characteristics. A network slice instance (NSI) is defined as a set of network function instances and the required resources (e.g., compute, storage and networking resources) which form a deployed NS. A network function (NF) is defined as a 3GPP adopted or 3GPP defined processing function in a network, which has defined functional behaviour and 3GPP defined interfaces. A NS may be identified by single network slice selection assistance information (S-NSSAI). Overview of Registration Area and Equivalent PLMNs applied to slicing The AMF assigns a registration area to the UE during the registration procedure as described in the 3GPP standard specification . This consists of a list of tracking area identifiers (TAIs) that can serve the UE in that registration area. and each of these tracking areas consists of one or more cells that cover a geographical area. PLMNs which have equivalent service functionality to other PLMNs are termed equivalent PLMNs. These PLMNs are regarded by the UE as equivalent to each other for PLMN selection and cell selection/re-selection. When the AMF returns a list of TAIs to the UE during the registration procedure, this list may consist of TAIs of PLMNs equivalent to the registered PLMN, as well as TAIs of the registered PLMN. When the UE requests registration to a set of slices, the network provides an allowed NSSAI back to the UE and provides a set of tracking areas that can serve all the slices in the allowed NSSAI for that particular registration area. If there are PLMNs that are equivalent to the registered PLMN, then the tracking areas identifiers of equivalent PLMNs that are able to serve all the slices in the allowed NSSAI are also sent back to the UE. Figures 1a and 1b provide an example of the assignment of TAIs to the rRegistration aArea based upon the set of S-NSSAIs allowed for the UE, where the set of TAIs are made up of TAIs from the registered PLMN and equivalent PLMNs. In the example of Figures 1a and 1b, when the network returns back an aAllowed NSSAI of {S-NSSAI-1, S-NSSAI-2, S-NSSAI-3), then the TAI-list returned is TA#3 (registered PLMN), TA#6 (EPLMN1) and TA#9 (EPLMN2). Furthermore, when the UE registers within the RPLMN and receives the aAllowed NSSAI, this aAllowed NSSAI is stored for the RPLMN and stored separately for each of the EPLMNs. Thus, in the above example the aAllowed NSSAI is stored for the RPLMN and separately for EPLMN1 and EPLMN2. This is stated in the 3GPP standard specification as shown in TABLE 1. [Table 1]If the REGISTRATION ACCEPT message contains the allowed NSSAI, then the UE shall store the included allowed NSSAI together with the PLMN identity of the registered PLMN and the registration area as specified in subclause 4.6.2.2. If the registration area contains TAIs belonging to different PLMNs, which are equivalent PLMNs, the UE shall store the received allowed NSSAI in each of allowed NSSAIs which are associated with each of the PLMNs. The statement above means that the UE can go ahead and use the allowed NSSAI in an equivalent PLMN (ePLMN) directly without requesting explicitly. This can occur when the UE in 5GMM-CONNECTED mode with RRC inactive indication reselects into an ePLMN for which the TAI is already in the UE's registration area. As the TAI is already authorized, the UE need not register and can hence directly transition to connected mode with the service request procedure and subsequently request a PDU session for a slice that is in the UE's allowed NSSAI (which is applicable to this ePLMN). Overview of Network slice-specific authentication and authorization (NSSAA) NSSAA was introduced as part of Rel-16 in 3GPP. The feature enables the network to perform slice-specific authentication and authorization for a set of S-NSSAI(s) to ensure that the user is allowed to access these slices. The procedure is executed after the 5GMM authentication procedure has been completed and also after the registration procedure completes. The high-level description of the feature can be found in the 3GPP standard specification whereas further details can be found in the 3G