Patent Application
20250184261
The present disclosure relates to a method for a User Plane Function (UPF) and a UPF.
In SA2 #149e meeting, NPL 2 describes Key Issue: 5GC awareness of URSP enforcement under the Study item on Enhancement of 5G UE Policy. This agreed Key issue includes the following items to be studied.
Whether and how the 5GC can be made aware whether or when the UE enforces a URSP rule to route an application traffic to a PDU Session based on the URSP rule provisioned by 5GC.
Whether there are any actions the 5GS can take after 5GC is aware whether the UE enforces a URSP rule for specific application traffic or not. If any, what action 5GC should take?
In the current 3GPP standard(s), there is no mechanism or procedure for the above Key issue.
This disclosure provides a solution to this key issue. For example, this disclosure provides a mechanism or procedure for this key issue.
In an aspect of the present disclosure, a method for a User Plane Function (UPF) includes receiving, from a core network node, at least one of Users Equipment ID (UE ID), Data Network Name (DNN), Single-Network Slice Selection Assistance Information (S-NSSAI) and information related to UE Route Selection Policy rule (URSP). The method includes checking whether user data for a User Equipment (UE) using a User Equipment (UE) session with the DNN and S-NSSAI matches the information related to UE Route Selection Policy rule (URSP) or not. The method includes sending to the core network node a result of the checking.
In an aspect of the present disclosure, a User Plane Function (UPF) includes a memory and at least one processor configured to access the memory and configured to receive, from a core network node, at least one of Users Equipment ID (UE ID), Data Network Name (DNN), Single-Network Slice Selection Assistance Information (S-NSSAI) and information related to UE Route Selection Policy rule (URSP), check whether user data for a User Equipment (UE) using a User Equipment (UE) session with the DNN and S-NSSAI matches the information related to UE Route Selection Policy rule (URSP) or not, and send to the core network node a result of the check.
For the purposes of the present document, the abbreviations given in NPL 1 and the following apply. An abbreviation defined in the present document takes precedence over the definition of the same abbreviation, if any, in NPL 1.
4G-GUTI 4G Globally Unique Temporary UE Identity
5GC 5G Core Network
5GLAN 5G Local Area Network
5GS 5G System
5G-AN 5G Access Network
5G-AN PDB 5G Access Network Packet Delay Budget
5G-EIR 5G-Equipment Identity Register
5G-GUTI 5G Globally Unique Temporary Identifier
5G-BRG 5G Broadband Residential Gateway
5G-CRG 5G Cable Residential Gateway
5G GM 5G Grand Master
5G-RG 5G Residential Gateway
5G-S-TMSI 5G S-Temporary Mobile Subscription Identifier
5G VN 5G Virtual Network
5QI 5G QoS Identifier
AF Application Function
AMF Access and Mobility Management Function
AMF-G Geographically selected Access and Mobility Management Function
AMF-NG Non-Geographically selected Access and Mobility Management Function
ANDSF Access Network Discovery and Selection Function AS Access Stratum
ATSSS Access Traffic Steering, Switching, Splitting
ATSSS-LL ATSSS Low-Layer
AUSF Authentication Server Function
AUTN Authentication token
BCCH Broadcast Control Channel
BMCABest Master Clock Algorithm
BSF Binding Support Function
CAG Closed Access Group
CAPIF Common API Framework for 3GPP northbound APIs
CHF Charging Function
CN PDB Core Network Packet Delay Budget
CP Control Plane
DAPS Dual Active Protocol Stacks
DL Downlink
DN Data Network
DNAI DN Access Identifier
DNN Data Network Name
DRX Discontinuous Reception
DS-TT Device-side TSN translator
ePDG evolved Packet Data Gateway
EBI EPS Bearer Identity
EPS Evolved Packet System
EUI Extended Unique Identifier
FAR Forwarding Action Rule
FN-BRG Fixed Network Broadband RG
FN-CRG Fixed Network Cable RG
FN-RG Fixed Network RG
FQDN Fully Qualified Domain Name
GFBR Guaranteed Flow Bit Rate
GMLCGateway Mobile Location Centre
GPSI Generic Public Subscription Identifier
GUAMI Globally Unique AMF Identifier
GUTI Globally Unique Temporary UE Identity
HPLMN Home Public Land Mobile Network
HR Home Routed (roaming)
IAB Integrated access and backhaul
IMEI/TAC IMEI Type Allocation Code
IPUPSInter PLMN UP Security
I-SMF Intermediate SMF
I-UPF Intermediate UPF
LADN Local Area Data Network
LBO Local Break Out (roaming)
LMF Location Management Function
LoA Level of Automation
LPP LTE Positioning Protocol
LRF Location Retrieval Function
MCC Mobile country code
MCX Mission Critical Service
MDBV Maximum Data Burst Volume
MFBR Maximum Flow Bit Rate
MICO Mobile Initiated Connection Only
MITM Man In the Middle
MNC Mobile Network Code
MPS Multimedia Priority Service
MPTCP Multi-Path TCP Protocol
N3IWF Non-3GPP InterWorking Function
N3GPP Non-3GPP access
N5CWNon-5G-Capable over WLAN
NAI Network Access Identifier
NAS Non-Access-Stratum
NEF Network Exposure Function
NF Network Function
NGAP Next Generation Application Protocol
NID Network identifier
NPN Non-Public Network
NR New Radio
NRF Network Repository Function
NSI ID Network Slice Instance Identifier
NSSAA Network Slice-Specific Authentication and Authorization
NSSAAF Network Slice-Specific Authentication and Authorization Function
NSSAI Network Slice Selection Assistance Information
NSSF Network Slice Selection Function
NSSP Network Slice Selection Policy
NSSRG Network Slice Simultaneous Registration Group
NW-TT Network-side TSN translator
NWDAF Network Data Analytics Function
PCF Policy Control Function
PCO Protocol Configuration Options
PDB Packet Delay Budget
PDR Packet Detection Rule
PDU Protocol Data Unit
PEI Permanent Equipment Identifier
PER Packet Error Rate
PFD Packet Flow Description
PLMN Public Land Mobile Network
PNI-NPN Public Network Integrated Non-Public Network
PPD Paging Policy Differentiation
PPF Paging Proceed Flag
PPI Paging Policy Indicator
PSA PDU Session Anchor
PTP Precision Time Protocol
QFI QoS Flow Identifier
QoE Quality of Experience
RACS Radio Capabilities Signalling optimisation
(R)AN(Radio) Access Network
RAT Radio Access Technology
RG Residential Gateway
RIM Remote Interference Management
RQA Reflective QoS Attribute
RQI Reflective QoS Indication
RSN Redundancy Sequence Number
SA NR Standalone New Radio
SBA Service Based Architecture
SBI Service Based Interface
SCP Service Communication Proxy
SD Slice Differentiator
SEAF Security Anchor Functionality
SEPP Security Edge Protection Proxy
SMF Session Management Function
SMSF Short Message Service Function
SN Sequence Number
SN name Serving Network Name.
SNPN Stand-alone Non-Public Network
S-NSSAI Single Network Slice Selection Assistance Information
SSC Session and Service Continuity
SSCMSP Session and Service Continuity Mode Selection Policy
SST Slice/Service Type
SUCI Subscription Concealed Identifier
SUPI Subscription Permanent Identifier
SV Software Version
TMSI Temporary Mobile Subscriber Identity
TNAN Trusted Non-3GPP Access Network
TNAP Trusted Non-3GPP Access Point
TNGF Trusted Non-3GPP Gateway Function
TNL Transport Network Layer
TNLA Transport Network Layer Association
TSC Time Sensitive Communication
TSCAI TSC Assistance Information
TSN Time Sensitive Networking
TSN GM TSN Grand Master
TSP Traffic Steering Policy
TT TSN Translator
TWIF Trusted WLAN Interworking Function
UCMF UE radio Capability Management Function
UDM Unified Data Management
UDR Unified Data Repository
UDSF Unstructured Data Storage Function
UE User Equipment
UL Uplink
UL CL Uplink Classifier
UPF User Plane Function
UPSI UE Policy Section Identifier
URLLC Ultra Reliable Low Latency Communication
URRP-AMF UE Reachability Request Parameter for AMF
URSP UE Route Selection Policy
VID VLAN Identifier
VLAN Virtual Local Area Network
VPLMN Visited Public Land Mobile Network
W-5GAN Wireline 5G Access Network
W-5GBAN Wireline BBF Access Network
W-5GCAN Wireline 5G Cable Access Network
W-AGF Wireline Access Gateway Function
For the purposes of the present document, the terms and definitions given in NPL 1 and the following apply. A term defined in the present document takes precedence over the definition of the same term, if any, in NPL 1.
Those skilled in the art will appreciate that elements in the figures are illustrated for simplicity and may not have necessarily been drawn to scale. Furthermore, in terms of the construction of the device, one or more components of the device may have been represented in the figures by conventional symbols, and the figures may show only those specific details that are pertinent to understanding the Aspects of the present disclosure so as not to obscure the figures with details that will be readily apparent to those skilled in the art having the benefit of the description herein.
For the purpose of promoting an understanding of the principles of the disclosure, reference will now be made to the Aspect illustrated in the figures and specific language will be used to describe them. It will nevertheless be understood that no limitation of the scope of the disclosure is thereby intended. Such alterations and further modifications in the illustrated system, and such further applications of the principles of the disclosure as would normally occur to those skilled in the art are to be construed as being within the scope of the present disclosure.
The terms “comprises”, “comprising”, or any other variations thereof, are intended to cover a non-exclusive inclusion, such that a process or method that comprises a list of steps does not include only those steps but may include other steps not expressly listed or inherent to such a process or method. Similarly, one or more devices or entities or sub-systems or elements or structures or components preceded by “comprises . . . a” does not, without more constraints, preclude the existence of other devices, sub-systems, elements, structures, components, additional devices, additional sub-systems, additional elements, additional structures or additional components. Appearances of the phrase “in an Aspect”, “in another Aspect” and similar language throughout this specification may, but not necessarily do, all refer to the same Aspect.
Unless otherwise defined, all technical and scientific terms used herein have the same meaning as commonly understood by those skilled in the art to which this disclosure belongs. The system, methods, and examples provided herein are only illustrative and not intended to be limiting.
In the following specification and the claims, reference will be made to a number of terms, which shall be defined to have the following meanings. The singular forms “a”, “an”, and “the” include plural references unless the context clearly dictates otherwise.
As used herein, information is associated with data and knowledge, as data is meaningful information and represents the values attributed to parameters. Further knowledge signifies understanding of an abstract or concrete concept. Note that this example system is simplified to facilitate description of the disclosed subject matter and is not intended to limit the scope of this disclosure. Other devices, systems, and configurations may be used to implement the Aspects disclosed herein in addition to, or instead of, a system, and all such Aspects are contemplated as within the scope of the present disclosure.
Each of Aspects and elements included in each Aspects described below may be implemented independently or in combination with any other. These Aspects include novel characteristics different from one another. Accordingly, these Aspects contribute to achieving objects or solving problems different from one another and contribute to obtaining advantages different from one another.
An example object of this disclosure is to provide a method and apparatus that can solve the above problem.
For example, the Policy Control Function (PCF) provides to a UE policy for PDU Session selection for example, i.e. UE Route Selection Policy (URSP). For example, this policy is used by the UE to determine how to route outgoing traffic from the Applications in the UE. For example, for the existing PDU Session(s), the UE examines the URSP rule(s) within the UE policy information in order to determine whether the existing PDU Session(s) can be reused.
However, for example, currently there is no solutions in the 3GPP specification(s) (or the 3GPP standard(s)) which can prevent unauthorized application(s) in the UE.
A method of a communication apparatus according to example aspect of this disclosure includes receiving a policy for a user equipment (UE). The method includes receiving information related to an application in the UE from the UE. The method includes checking whether the information is consistent with the policy. The method includes sending a reject message in a case where the information is not consistent with the policy.
A method of a user equipment (UE) according to example aspect of this disclosure includes sending a first message. The first message includes first information related to an application in the UE. The method includes receiving a second message after sending the first message. The second message includes second information. The second information indicates that the application is rejected. The method includes stopping use of the application in a case of receiving the second message.
A method of a communication apparatus according to example aspect of this disclosure includes receiving a policy for a user equipment (UE) and information indicating that checking of data of the UE is needed. The method includes checking whether the data is consistent with the policy after receiving the information. The method includes performing deactivation of communication related to the data in a case where the data is not consistent with the policy.
A method of a communication apparatus according to example aspect of this disclosure includes receiving a policy for a user equipment (UE). The method includes receiving a service request message. The service request message includes an identifier of an application in the UE. The method includes checking whether the identifier is consistent with the policy. The method includes sending an accept message in a case where the identifier is consistent with the policy. The method includes sending a reject message in a case where the identifier is not consistent with the policy.
A method of a user equipment (UE) according to example aspect of this disclosure includes sending a service request message in a case where the UE has an established PDU session. The service request message includes an identifier of an application in the UE. The method includes receiving a first message after sending the service request message. The method includes sending data in a case where the first message is an accept message. The method includes stopping use of the application in a case where the first message is a reject message.
A method of a communication apparatus according to example aspect of this disclosure includes receiving a policy for a user equipment (UE). The method includes sending a request to send an identifier of an application in the UE. The method includes receiving the identifier. The method includes checking whether the identifier is consistent with the policy. The method includes sending a message after checking whether the identifier is consistent with the policy. The message includes at least one of information indicating an application to be allowed and information indicating an application to be not allowed.
A method of a user equipment (UE) according to example aspect of this disclosure includes receiving a request to send an identifier of an application in the UE. The method includes sending the identifier. The method includes receiving a message after sending the identifier. The message includes at least one of information indicating an application to be allowed and information indicating an application to be not allowed. The method includes stopping use of the application to be not allowed after receiving the message.
A communication apparatus according to example aspect of this disclosure includes a memory, and at least one hardware processor coupled to the memory. The at least one hardware processor is configured to receive a policy for a user equipment (UE). The at least one hardware processor is configured to receive information related to an application in the UE from the UE. The at least one hardware processor is configured to check whether the information is consistent with the policy. The at least one hardware processor is configured to send a reject message in a case where the information is not consistent with the policy.
A user equipment (UE) according to example aspect of this disclosure includes a memory, and at least one hardware processor coupled to the memory. The at least one hardware processor is configured to send a first message. The first message includes first information related to an application in the UE. The at least one hardware processor is configured to receive a second message after sending the first message. The second message includes second information. The second information indicates that the application is rejected. The at least one hardware processor is configured to stop use of the application in a case of receiving the second message.
A communication apparatus according to example aspect of this disclosure includes a memory, and at least one hardware processor coupled to the memory. The at least one hardware processor is configured to receive a policy for a user equipment (UE) and information indicating that checking of data of the UE is needed. The at least one hardware processor is configured to check whether the data is consistent with the policy after receiving the information. The at least one hardware processor is configured to perform deactivation of communication related to the data in a case where the data is not consistent with the policy.
A communication apparatus according to example aspect of this disclosure includes a memory, and at least one hardware processor coupled to the memory. The at least one hardware processor is configured to receive a policy for a user equipment (UE). The at least one hardware processor is configured to receive a service request message. The service request message includes an identifier of an application in the UE. The at least one hardware processor is configured to check whether the identifier is consistent with the policy. The at least one hardware processor is configured to send an accept message in a case where the identifier is consistent with the policy. The at least one hardware processor is configured to send a reject message in a case where the identifier is not consistent with the policy.
A user equipment (UE) according to example aspect of this disclosure includes a memory, and at least one hardware processor coupled to the memory. The at least one hardware processor is configured to send a service request message in a case where the UE has an established PDU session. The service request message includes an identifier of an application in the UE. The at least one hardware processor is configured to receive a first message after sending the service request message. The at least one hardware processor is configured to send data in a case where the first message is an accept message. The at least one hardware processor is configured to stop use of the application in a case where the first message is a reject message.
A communication apparatus according to example aspect of this disclosure includes a memory, and at least one hardware processor coupled to the memory. The at least one hardware processor is configured to receive a policy for a user equipment (UE). The at least one hardware processor is configured to send a request to send an identifier of an application in the UE. The at least one hardware processor is configured to receive the identifier. The at least one hardware processor is configured to check whether the identifier is consistent with the policy. The at least one hardware processor is configured to send a message after checking whether the identifier is consistent with the policy. The message includes at least one of information indicating an application to be allowed and information indicating an application to be not allowed.
A user equipment (UE) according to example aspect of this disclosure includes a memory, and at least one hardware processor coupled to the memory. The at least one hardware processor is configured to receive a request to send an identifier of an application in the UE. The at least one hardware processor is configured to send the identifier. The at least one hardware processor is configured to receive a message after sending the identifier. The message includes at least one of information indicating an application to be allowed and information indicating an application to be not allowed. The at least one hardware processor is configured to stop use of the application to be not allowed after receiving the message.
A method of a first apparatus according to example aspect of this this disclosure includes receiving, from a second apparatus, policy information for a communication terminal. The method includes receiving, from the communication terminal, information for an application for the communication terminal. The method includes checking, whether the information for an application for the communication terminal is consistent with the policy information for a communication terminal. The method includes sending, to the communication terminal, information related to rejection in a case where the information for an application for the communication terminal is not consistent with the policy information for a communication terminal.
A method of a third apparatus according to example aspect of this this disclosure includes storing policy information for a communication terminal from a second apparatus. The method includes receiving, from the communication terminal, information for an application for the communication terminal. The method includes checking, whether the information for an application for the communication terminal is consistent with the policy information for a communication terminal. The method includes sending, to a first apparatus, information related to rejection in a case where the information for an application for the communication terminal is not consistent with the policy information for a communication terminal.
A method of a fourth apparatus according to example aspect of this this disclosure includes storing policy information for a communication terminal from a second apparatus. The method includes receiving, from a third apparatus for session management, information for an application for the communication terminal. The method includes receiving, from the third apparatus for session management, information indicates checking data related to a communication terminal is needed. The method includes checking, whether the information for an application for the communication terminal is consistent with the policy information for a communication terminal based on the information indicates checking data related to the communication terminal is needed. The method includes sending information related to rejection in a case where the information for an application for the communication terminal is not consistent with the policy information for a communication terminal.
A method of a communication terminal according to example aspect of this this disclosure includes sending, to a first apparatus, a service request message including information for an application for the communication terminal, wherein the first apparatus storing policy information for a communication terminal from a second apparatus, wherein the first apparatus checking, whether the information for an application for the communication terminal is consistent with the policy information for a communication terminal, wherein the first apparatus sending, to the communication terminal information related to rejection in a case where the information for an application for the communication terminal is not consistent with the policy information for a communication terminal.
A method of a communication terminal according to example aspect of this this disclosure includes sending, to a first apparatus, service request message including information for an application for the communication terminal, wherein the first apparatus storing policy information for a communication terminal from a second apparatus, wherein the first apparatus checking, whether the information for an application for the communication terminal is consistent with the policy information for a communication terminal wherein the first apparatus sending information, to the communication terminal, related to acceptance in a case where the information for an application for the communication terminal is consistent with the policy information for a communication terminal.
A method of a first apparatus according to example aspect of this this disclosure includes storing policy information for a communication terminal from a second apparatus. The method includes receiving, from the communication terminal, service request message including information for an application for the communication terminal. The method includes checking, whether the information for an application for the communication terminal is consistent with the policy information for a communication terminal. The method includes sending, to the communication terminal, information related to rejection in a case where the information for an application for the communication terminal is not consistent with the policy information for a communication terminal.
A method of a first apparatus according to example aspect of this this disclosure includes storing policy information for a communication terminal from a second apparatus. The method includes receiving, from the communication terminal, service request message including information for an application for the communication terminal. The method includes checking, whether the information for an application for the communication terminal is consistent with the policy information for a communication terminal. The method includes sending, to the communication terminal, information related to acceptance in a case where the information for an application for the communication terminal is consistent with the policy information for a communication terminal.
A method of a first apparatus according to example aspect of this this disclosure includes storing policy information for a communication terminal from a second apparatus. The method includes sending, to the communication terminal, a request message for information for an application for the communication terminal. The method includes receiving, from the communication terminal, the information for an application for the communication terminal. The method includes checking, whether the information for an application for the communication terminal is consistent with the policy information for the communication terminal. The method includes sending, to the communication terminal, information related to rejection in a case where the information for an application for the communication terminal is not consistent with the policy information for the communication terminal.
A method of a first apparatus according to example aspect of this this disclosure includes storing policy information for a communication terminal from a second apparatus. The method includes sending, to the communication terminal, a request message for information for an application for the communication terminal. The method includes receiving, from the communication terminal, the information for an application for the communication terminal. The method includes checking, whether the information for an application for the communication terminal is consistent with the policy information for the communication terminal. The method includes sending, to the communication terminal, information related to acceptance in a case where the information for an application for the communication terminal is consistent with the policy information for the communication terminal.
This aspect discloses, for example, a method of network verification of whether a UE applies correctly the URSP rule(s) provisioned by a core network.
A First example of the First Aspect discloses a method where a PCF 73 sends the UE policy to an AMF 70 when the AMF 70 establishes a UE Policy association with the PCF73. Then the AMF 70 checks a requested PDU session from a UE 3 whether the request from the UE 3 is consistent with the latest UE policy provisioned to the UE 3 from the PCF 73.
The detailed processes of the First example of the First Aspect are described below, with reference to
When the AMF 70 checks whether at least one of the App_Id etc. provided by the UE 3 is consistent with the UE policy, the AMF 70 may check the UE policy or the URSP rule(s) corresponding to the PDU Session ID received in step 7.
The reject cause may be referred to as information indicating that an application identified by the App_Id is rejected.
The reject cause may be referred to as information indicating that an application in the UE 3 is rejected.
For example, in a case where the UE 3 receives the reject cause, the UE 3 may stop using an application which is identified by the App_Id sent in step 7.
For example, in a case where the UE 3 receives the reject cause, the UE 3 may stop using an application.
The reject cause may be referred to as information requesting to stop using an application which is identified by the App Id sent in step 7.
The reject cause may be referred to as information requesting to stop using an application in the UE 3.
For example, the AMF 70 may check whether current time matches “Time Window” in “Route Selection Descriptor” defined in the URSP rule(s). If the AMF 70 determines that the current time does not match the “Time Window” (e.g. if the AMF 70 determines that the current time is not in time period or time window defined by the “Time Window”), the AMF 70 may send the DL NAS Transport message including the reject cause which is set to “S-NSSAI out of Time windows” or “DNN out of Time windows”.
When the AMF 70 checks the “Time Window”, the AMF 70 uses, as the current time, a time data provided by the NTP (Network Time Protocol) as defined in NPL 6.
For example, the AMF 70 may check whether a current UE 3's location matches “Location Criteria” in “Route Selection Descriptor” defined in the URSP rule(s). If the AMF 70 determines that the current UE 3's location does not match the “Location Criteria” (e.g. if the AMF 70 determines that the current UE 3's location does not match the location or the area defined by the “Location Criteria” or the current UE 3's location is not included in the location or the area defined by the “Location Criteria”), the AMF 70 may send the DL NAS Transport message including the reject cause which is set to “S-NSSAI out of Location” or “DNN out of Location”.
When the AMF 70 checks a location of the UE 3 (e.g. the UE 3's location), the AMF 70 uses a User Location Information in an INITIAL UE message from a RAN 5 when the UL NAS Transport message is conveyed from the RAN 5 to the AMF 70 according to NPL 7.
For example, the AMF 70 may check whether the S-NSSAI received in step 7 matches S-NSSAI(s). If the AMF 70 determines that the S-NSSAI received in step 7 does not match S-NSSAI(s) in the “Network Slice Selection”, the AMF 70 may send the DL NAS Transport message including the reject cause which is set to “S-NSSAI not allowed” or “Application on the S-NSSAI not allowed”.
For example, the AMF 70 may check whether the DNN received in step 7 matches DNN in the URSP rule(s) (e.g. “DNN Selection” in “Route Selection Descriptor” defined in the URSP rule(s)). If the AMF 70 determines that the DNN received in step 7 does not match DNN in the URSP rule(s), the AMF 70 may send the DL NAS Transport message including the reject cause which is set to “DNN not allowed” or “Application on the DNN not allowed”.
The AMF 70 may check whether at least one of the App_Id, DNN, S-NSSAI, the current time and the current UE 3's location matches corresponding parameters in the URSP rule(s) in the manner as mentioned above. If the AMF 70 determines that the at least one of the App_Id, DNN, S-NSSAI, the current time and the current UE 3's location do not match the corresponding parameters in the URSP rule(s), the AMF 70 may send the DL NAS Transport message including the reject cause as mentioned above.
According to the First example of the First Aspect, for example, the 5GC (e.g. the AMF) can be aware whether or when the UE enforces a URSP rule(s). In addition, according to the First example of the First Aspect, for example, it can provide actions that the 5GS (e.g. the AMF) can take after 5GC is aware whether the UE enforces a URSP rule(s). Further, according to the First example of the First Aspect, for example, it can provide a solution which can prevent unauthorized application(s) in the UE.
For example, a first apparatus corresponding to the AMF 70 receives, from a second apparatus corresponding to the PCF 73, policy information for a communication terminal. The first apparatus receives, from the communication terminal corresponding to the UE 3, information for an application for the communication terminal. The first apparatus checks, whether the information for an application for the communication terminal is consistent with the policy information for a communication terminal. The first apparatus sends, to the communication terminal, information related to rejection in a case where the information for an application for the communication terminal is not consistent with the policy information for a communication terminal.
In step 2, the PCF 73 may send the UE policy to the AMF 70 by an Npcf_UEPolicyControl Create Response message. The UE policy may be the same as the UE policy that the PCF 73 provides to the UE 3 in the UE Policy container during the UE Configuration Update procedure for transparent UE Policy delivery procedure as defined in section 4.2.4.3 in NPL 4.
In step 7, the UL NAS Transport message can be replaced with a Service Request message. In this case, the UL NAS Transport message in step 7 is replaced with the Service Request message.
In addition, the DL NAS Transport message in step 9 is replaced with a Service Reject message.
The Service Request message may include same information as the UL NAS Transport message.
The Service Reject message may include same information as the DL NAS Transport message.
In step 4, instead of including the whole UE Policy in the message to the AMF 70, the PCF 73 may include in the message to the AMF 70 only the UE Policy for UE 3 that are relevant to the PDU Session establishment parameters provided by the UE 3 to the AMF 70 in step 7.
So, the PCF 73 may include in the message to the AMF 70 the S-NSSAI selection policy (e.g. NSSP) for the UE 3, the DNN selection policy (e.g. “DNN Selection” in “Route Selection Descriptor”) for the UE 3, the Time windows parameter for UE 3 which defines time window that service(s) on the S-NSSAI or DNN is allowed (e.g. “Time Window” in “Route Selection Descriptor”) and a Location parameter for UE 3 which defines the location in which service(s) or access on S-NSSAI or DNN is allowed (e.g. “Location Criteria” in “Route Selection Descriptor”). The DNN selection policy may be referred to as DNN selection rule(s). The DNN selection policy may be referred to as the DNN selection rule(s). The Time windows parameter may be referred to as allowed Time Windows parameter. The Location parameter may be referred to as allowed Location. The location parameter may be presented as a Cell Identity or a list of Cell Identities or Tracking Area (TA) Identity or list of TA Identities or Registration Area Identity. The AMF 70 stores or updates these parameters provided by the PCF 73 in the UE Context within the AMF 70. At step 8, the AMF 70 validates whether at least one of the S-NSSAI and DNN provided by the UE 3 for the Application with App_Id parameter in the NAS message to the AMF 70 in step 7 matches at least one of the S-NSSAI selection rule(s), the DNN selection rule(s), the allowed Time Windows and the allowed Location for the Application with App_ID from the UE context in the AMF 70. If at least one of these rules is not matched, the AMF 70 rejects the NAS message from UE 3 with a reject cause as per the description in step 9 in
For example, the PCF 73 may obtain information regarding the PDU session that the UE 3 may establish from other network nodes. For example, the PCF 73 may store information regarding the PDU session that the UE 3 may establish in advance. The information regarding the PDU session that the UE 3 may establish may include the S-NSSAI selection policy (NSSP) for the UE 3, the DNN selection policy for the UE 3, the Time windows parameter for UE 3 which defines time window that service(s) on the S-NSSAT or DNN is allowed and the Location parameter for UE 3 which defines the location in which service(s) or access on S-NSSAI or DNN is allowed. The PCF 73 may determine contents of the message in step 4 on the basis of the information regarding the PDU session that the UE 3 may establish.
A Second example of the First Aspect discloses a method where a PCF 73 sends the UE policy to an SMF 71 via an AMF 70 when a PDU session establishment is requested by a UE 3. Then the SMF 71 checks a requested PDU session from the UE 3 whether the request from the UE 3 is consistent with the UE policy.
The detailed processes of the Second example of the First Aspect are described below, with reference to
When the SMF 71 checks whether at least one of the App_Id etc. provided by the AMF 70 is consistent with the UE policy, the SMF 71 may check the UE policy or the URSP rule(s) corresponding to the PDU Session ID received in step 4.
For example, the SMF 71 may check whether current time matches “Time Window” in “Route Selection Descriptor” defined in the URSP rule(s). If the SMF 71 determines that the current time does not match the “Time Window” (e.g. if the SMF 71 determines that the current time is not in time period or time window defined by the “Time Window”), the SMF 71 may send the DL NAS Transport message including the reject cause which is set to “S-NSSAI out of Time windows” or “DNN out of Time windows”.
When the SMF 71 checks the “Time Windows”, the SMF 71 uses, as the current time, a time data provided by the NTP (Network Time Protocol) as defined in NPL 6.
For example, the SMF 71 may check whether a current UE 3's location matches “Location Criteria” in “Route Selection Descriptor” defined in the URSP rule(s). If the SMF 71 determines that the current UE 3's location does not match the “Location Criteria” (e.g. if the SMF 71 determines that the current UE 3's location does not match the location or the area defined by the “Location Criteria” or the current UE 3's location is not included in the location or the area defined by the “Location Criteria”), the SMF 71 may send the DL NAS Transport message including the reject cause which is set to “S-NSSAI out of Location” or “DNN out of Location”.
When the SMF 71 checks a location of the UE 3 (e.g. the US 3's location), the SMF 71 uses a User Location Information received from the AMF 70 in the Nsmf_PDUSession_CreateSMContext Request message.
The SMF 71 may check whether at least one of the App_Id, DNN, S-NSSAI, the current time and the current UE 3's location matches corresponding parameters in the URSP rule(s) in the same manner as the AMF 70 in the First example of the First Aspect. If the SMF 71 determines that the at least one of the App_Id, DNN, S-NSSAI, the current time and the current UE 3's location do not match the corresponding parameters in the URSP rule(s), the SMF 71 may send the reject cause via the AMF 70 as mentioned above.
For example, a third apparatus corresponding to the SMF 71 stores policy information for a communication terminal from a second apparatus. For example, the communication terminal corresponding to the UE 3. For example, the second apparatus corresponding to the PCF 73. The third apparatus receives, from the communication terminal, information for an application for the communication terminal. The third apparatus checks, whether the information for an application for the communication terminal is consistent with the policy information for the communication terminal. The third apparatus sends, to a first apparatus corresponding to the AMF 70, information related to rejection in a case where the information for an application for the communication terminal is not consistent with the policy information for a communication terminal.
According to the Second example of the First Aspect, for example, the 5GC (e.g. the SMF) can be aware whether or when the UE enforces a URSP rule(s). In addition, according to the Second example of the First Aspect, for example, it can provide actions that the 5GS (e.g. the SMF) can take after 5GC is aware whether the UE enforces a URSP rule(s). Further, according to the Second example of the First Aspect, for example, it can provide a solution which can prevent unauthorized application(s) in the UE.
When the SMF 71 receives the Nsmf_PDUSession_CreateSMContext Request message from the AMF 70 in step 4, the SMF 71 may obtain the UE policy information from the PCF 73 via an Npcf_UEPolicyControl Service provided by the PCF 73. In this case, the following steps take place between the SMF 71 and the PCF 73.
If the Nsmf_PDUSession_CreateSMContext Request message does not include the UE policy, the SMF 71 may send the Npcf_UEPolicyControl_Create message to the PCF 73.
Regardless that the Nsmf_PDUSession_CreateSMContext Request message includes the UE policy, the SMF 71 may send the Npcf_UEPolicyControl_Create message to the PCF 73.
In step 3, the UL NAS Transport message can be replaced with a Service Request message. In this case, the UL NAS Transport message in step 3 is replaced with the Service Request message.
In addition, the DL NAS Transport message in step 7 is replaced with a Service Reject message.
The Service Request message may include same information as the UL NAS Transport message.
The Service Reject message may include same information as the DL NAS Transport message.
A Third example of the First Aspect discloses a method where a PCF 73 sends the UE policy to a UPF 72 via an AMF 70 and a SMF 71 when a PDU session establishment is requested by a UE 3. Then the UPF 72 checks an uplink user data from the UE 3 whether the user data from the UE 3 is consistent with the UE policy.
The detailed processes of the Third example of the First Aspect are described below, with reference to
The requesting the SMF 71 to initiate the CN-initiated selective deactivation of UP connection of an existing PDU Session procedure may be referred to as performing deactivation of communication related to the data of the UE 3.
For example, if the UPF 72 finds that the received uplink user data is consistent with the UE policy, the UPF 72 may process the received uplink user data for communication with the UE 3. For example, if the UPF 72 finds that the received uplink user data is consistent with the UE policy, user data exchange (e.g. exchange of the uplink user data) may not be interrupted or processed appropriately.
The cause parameter may have one value or multiple values from the cause listed below. They may be all SM causes.
For example, the UPF 72 may check whether current time (e.g. the current time when the UPF 72 receives the uplink user data or the checking is performed. Information indicating the current time may be included in the uplink user data) matches “Time Window” in “Route Selection Descriptor” defined in the URSP rule(s). If the UPF 72 determines that the current time does not match the “Time Window” (e.g. if the UPF 72 determines that the current time is not in time period or time window defined by the “Time Window”), the UPF 72 may request the SMF 71 to initiate the CN-initiated selective deactivation of UP connection of an existing PDU Session procedure. In addition, the UPF 72 may send the cause parameter which is set to “Out of Time windows” to the SMF 71 and the SMF 71 may send the cause parameter to the UE 3.
When the UPF 72 checks the “Time Windows”, the UPF 72 may use, as the current time, a time data provided by the NTP (Network Time Protocol) as defined in NPL 6.
For example, the uplink user data may include at least one of information regarding IP address (e.g. destination IP address, IPv6 prefix, port number, protocol ID), and information regarding domain name (e.g. FQDN(s)).
For example, the UPF 72 may check whether the at least one of the information regarding IP address and the information regarding domain name matches the corresponding information in the URSP rule(s). For example, the UPF 72 may check at least one of the following:
In a case where the UPF 72 determines that the destination IP address of the Uplink user data does not match “IP descriptors” in the URSP rule(s), the UPF 72 may request the SMF 71 to initiate the CN-initiated selective deactivation of UP connection of an existing PDU Session procedure. In addition, the UPF 72 may send the cause parameter which is set to “IP descriptors does not match” or “Destination IP address is out of range as defined in the IP descriptors” to the SMF 71, and the SMF 71 may send the cause parameter to the UE 3.
In a case where the UPF 72 determines that the IPv6 prefix of the Uplink user data does not match “IP descriptors” in the URSP rule(s) or that the IPv6 prefix of the Uplink user data is out of range defined by “IP descriptors” in the URSP rule(s), the UPF 72 may request the SMF 71 to initiate the CN-initiated selective deactivation of UP connection of an existing PDU Session procedure. In addition, the UPF 72 may send the cause parameter which is set to “IP descriptors does not match” or “IPv6 prefix is out of range as defined in the IP descriptors” to the SMF 71, and the SMF 71 may send the cause parameter to the UE 3.
In a case where the UPF 72 determines that the port number of the Uplink user data does not match “IP descriptors” in the URSP rule(s) or that the port number of the Uplink user data is out of range defined by “IP descriptors” in the URSP rule(s), the UPF 72 may request the SMF 71 to initiate the CN-initiated selective deactivation of UP connection of an existing PDU Session procedure. In addition, the UPF 72 may send the cause parameter which is set to “IP descriptors does not match” or “Port number is out of range as defined in the IP descriptors” to the SMF 71, and the SMF 71 may send the cause parameter to the UE 3.
In a case where the UPF 72 determines that the Protocol ID of the Uplink user data does not match “IP descriptors” in the URSP rule(s) or that the Protocol ID of the Uplink user data is out of range defined by “IP descriptors” in the URSP rule(s), the UPF 72 may request the SMF 71 to initiate the CN-initiated selective deactivation of UP connection of an existing PDU Session procedure. In addition, the UPF 72 may send the cause parameter which is set to “IP descriptors does not match” or “Protocol ID is out of range as defined in the IP descriptors” to the SMF 71, and the SMF 71 may send the cause parameter to the UE 3.
In a case where the UPF 72 determines that the FQDN of the Uplink user data does not match FQDN(s) defined by “Domain descriptors” in the URSP rule(s), the UPF 72 may request the SMF 71 to initiate the CN-initiated selective deactivation of UP connection of an existing PDU Session procedure. In addition, the UPF 72 may send the cause parameter which is set to “FQDN does not match with the ones defined in the Domain descriptors” to the SMF 71, and the SMF 71 may send the cause parameter to the UE 3.
The UPF 72 may check whether at least one of the App_Id, the current time, the information regarding IP address and the information regarding domain name matches corresponding parameters in the URSP rule(s) in the manner mentioned above. If the UPF 72 determines that the at least one of the App_Id, the current time, the information regarding IP address and the information regarding domain name do not match the corresponding parameters in the URSP rule(s), the UPF 72 may request the SMF 71 to initiate the CN-initiated selective deactivation of UP connection of an existing PDU Session procedure and send the cause parameter as mentioned above.
According to the Third example of the First Aspect, for example, the 5GC (e.g. the UPF) can be aware whether or when the UE enforces a URSP rule(s). In addition, according to the Third example of the First Aspect, for example, it can provide actions that the 5GS (e.g. the UPF) can take after 5GC is aware whether the UE enforces a URSP rule(s). Further, according to the Third example of the First Aspect, for example, it can provide a solution which can prevent from unauthorized application(s) in the UE routing traffic via the existing PDU sessions.
For example, a fourth apparatus corresponding to the UPF 72 stores policy information for a communication terminal from a second apparatus. For example, the communication terminal corresponding to the UE3. For example, the second apparatus corresponding to the PCF 73. The fourth apparatus receives, from a third apparatus, information for an application for the communication terminal. For example, the third apparatus corresponding to the SMF 71. The fourth apparatus receives, from the third apparatus, information indicates checking data related to a communication terminal is needed. The fourth apparatus checks whether the information for an application for the communication terminal is consistent with the policy information for a communication terminal based on the information indicates checking data related to the communication terminal is needed. The fourth apparatus sends information related to rejection in a case the information for an application for the communication terminal is not consistent with the policy information for a communication terminal.
In step 8, the UPF 72 may check the user location whether UE 3 is in an allowed location or not as defined in the URSP rule(s). To make location checking possible at the UPF 72, the RAN 5 populates the Cell ID where the UE 3 is connected in the RAN Container or the NR RAN Container in the GTP-U header whenever the RAN 5 sends the GTP-U data to the UPF 72. The UPF 72 checks the cell ID in the GTP-U whether the received Cell ID is in the range of allowed location or allowed area as defined in the URSP rule(s).
If the UPF 72 finds that the received Cell ID is out of range defined in the URSP rule(s) (e.g. if the UPF 72 determines that the received Cell ID does not match a Cell ID indicated by the URSP rule(s), or if the UPF 72 determines that location indicated by the received Cell ID does not match location or area indicated by the URSP rule(s)), then the UPF 72 requests the SMF 71 to initiate the CN-initiated selective deactivation of UP connection of an existing PDU Session procedure as described in section 4.3.7 in NPL 4. The UPF 72 may indicate a cause value to the SMF 71 asking to set it as the SM cause value
The cause parameter may be indicated below. This may be an SM cause.
The UPF 72 may convert location indicated by the URSP rule(s) to a Cell ID. The UPF 72 may convert the received Cell ID to location information which can be used for the location checking.
The UPF 72 may perform the converting based on local configuration or operator's policy stored in the UPF 72. The UPF 72 may receive information for the converting from another network node. The UPF 72 may store information for the converting in advance.
A Fourth example of the First Aspect discloses a method that a UE 3 sends a Service Request message to an AMF 70 when a NAS layer 362 of the UE 3 receives UPLINK data from new application in the UE 3 even the UE 3 is in CM-CONNECTED and an indicated PDU session by the UE 3 has already been activated.
When the AMF 70 receives the Service Request message from the UE 3 including an application identifier (e.g. App_Id), the AMF 70 checks the application identifier whether it is consistent for use of the PDU session with the UE policy that is downloaded from a PCF 73.
The detailed processes of the Forth example of the First Aspect are described below, with reference to
Note that the NAS layer 362 may be one of functionalities of the COMMUNICATIONS CONTROL MODULE 362 in the general block diagram for the UE.
When the AMF 70 checks whether the App_Id provided by the UE 3 is consistent with the UE policy, the AMF 70 may check the UE policy or the URSP rule(s) corresponding to the PDU Session ID #1.
If it is consistent with the UE policy (for example, if the received application identity (i.e., the received App_Id) matches one of route descriptor rule(s) defined in the NSSP corresponding to the application identity or if the received App_Id matches one of application identities in the URSP rule(s) or if the received App_Id matches one of application identities in “Application descriptors” of the URSP rule(s)), steps 7a and 8a take place, otherwise (for example, if the received application identity (i.e., the received App_Id) does not match any route descriptor rule(s) defined in the NSSP corresponding to the application identity or if the received App_Id does not match any application identities in the URSP rule(s) or if the received App_Id does not match any application identities in “Application descriptors” of the URSP rule(s)), steps 7b and 8b take place.
After the Step 8a, subsequent UPLINK data from the APP236302 is forwarded by NAS layer 362 to the UPF 72 via the RAN using PDU session identified by the PDU session ID #1. Similarly, DOWNLINK data from the UPF 72 via the RAN is forwarded to the APP236302 by the NAS layer 362 if the DOWNLINK data destines to the APP236302.
Upon reception of the message from the NAS layer 362, the APP236302 stops sending UPLINK data to the NAS layer 362 and initiates the inspection program (for example, virus check program). At least one of the discarding the UPLINK data and the stopping sending UPLINK data may be referred to as stopping use of the APP236302.
According to the Fourth example of the First Aspect, for example, the 5GC (e.g. the AMF) can be aware whether or when the UE enforces a URSP rule(s). In addition, according to the Fourth example of the First Aspect, for example, it can provide actions that the 5GS (e.g. the AMF) can take after 5GC is aware whether the UE enforces a URSP rule(s). Further, according to the Fourth example of the First Aspect, for example, it can provide a solution which can prevent from unauthorized application(s) in the UE routing traffic via the existing PDU sessions.
For example, a communication terminal corresponding to UE 3 send, to a first apparatus, a service request message including information for an application for the communication terminal. For example, the first apparatus corresponding to AMF 70. The first apparatus stores policy information for the communication terminal from a second apparatus. For example, the second apparatus corresponding to PCF 73. The first apparatus checks whether the information for an application for the communication terminal is consistent with the policy information for a communication terminal. The first apparatus sends, to the communication terminal, information related to rejection in a case where the information for an application for the communication terminal is not consistent with the policy information for a communication terminal.
For example, a communication terminal corresponding to UE 3 send, to a first apparatus, a service request message including information for an application for the communication terminal. For example, the first apparatus corresponding to AMF 70. The first apparatus stores policy information for the communication terminal from a second apparatus. For example, the second apparatus corresponding to PCF 73. The first apparatus checks whether the information for an application for the communication terminal is consistent with the policy information for a communication terminal. The first apparatus sends, to the communication terminal, information related to acceptance in a case where the information for an application for the communication terminal is consistent with the policy information for a communication terminal.
For example, a first corresponding to the AMF 70 stores policy information for a communication terminal from a second apparatus. For example, the communication terminal corresponding to the UE 3. For example, the second apparatus corresponding to the PCF 73. The first apparatus receives, from the communication terminal, service request message including information for an application for the communication terminal. The first apparatus checks whether the information for an application for the communication terminal is consistent with the policy information for a communication terminal. The first apparatus sends, to the communication terminal, information related to rejection in a case where the information for an application for the communication terminal is not consistent with the policy information for a communication terminal.
For example, a first corresponding to the AMF 70 stores policy information for a communication terminal from a second apparatus. For example, the communication terminal corresponding to the UE 3. For example, the second apparatus corresponding to the PCF 73. The first apparatus receives, from the communication terminal, service request message including information for an application for the communication terminal. The first apparatus checks whether the information for an application for the communication terminal is consistent with the policy information for a communication terminal. The first apparatus sends, to the communication terminal, information related to acceptance in a case where the information for an application for the communication terminal is consistent with the policy information for a communication terminal.
A Fifth example of the First Aspect discloses a method where an AMF 70 sends a first NAS message to a UE 3 requesting a list of associated application identifiers to an indicated PDU session. Once the AMF 70 receives a second NAS message including the list of associated application identifiers to the PDU session, the AMF 70 checks each application whether it is consistent for use of the PDU session with the UE policy that is downloaded from the PCF 73.
The detailed processes of the Fifth example of the First Aspect are described below, with reference to
In this example, the PDU session that is identified by the PDU session ID #1 is used by two applications such as the APP136301 and the APP236302.
For example, the first NAS message can be a DL NAS transport message, an Identity request message, a Notification message, a 5GMM status message or another existing NAS message or new NAS message.
A trigger for the AMF 70 to send the first NAS message can be listed as follows.
For example, the second NAS message can be a UL NAS transport message, an Identity response message, a Notification response message, a 5GMM status message or another existing NAS message or new NAS message.
For example, in a case where the PDU session that is identified by the PDU session ID #1 is used by two applications such as the APP136301 and the APP236302 in the UE 3 and the UE 3 receives the first NAS message including the flag and the PDU session ID #1, the UE 3 may send the second NAS message including the list of App_Id and PDU session ID. In this case, the list may include App_Id of the APP136301, App_Id of the APP236302 and the PDU session ID #1. The list may indicate that the PDU session ID #1 (or the PDU Session identified by the PDU session ID #1) is used by the APP136301 which is identified by App_Id 1 and the APP236302 which is identified by App_Id 2.
When the AMF 70 checks whether the App_Id provided by the UE 3 is consistent with the UE policy, the AMF 70 may check the UE policy or the URSP rule(s) corresponding to the PDU Session ID received in step 5.
If it is not consistent with the UE policy (for example, if the received application identity (i.e., the received App_Id) does not match any route descriptor rule(s) defined in the NSSP corresponding to the application identity or if the received App_Id does not match any application identities in the URSP rule(s) or if the received App_Id does not match any application identities in “Application descriptors” of the URSP rule(s)), steps 7 and 8 take place, otherwise (for example, if the received application identity (i.e., the received App_Id) matches one of route descriptor rule(s) defined in the NSSP corresponding to the application identity or if the received App_Id matches one of application identities in the URSP rule(s) or if the received App_Id matches one of application identities in “Application descriptors” of the URSP rule(s)) the AMF 70 does nothing.
In a case where the AMF 70 receives two or more App_Ids, the AMF 70 may determine whether each of the App_Ids matches the URSP rule(s). In a case where at least one of the App_Ids does not match the URSP rule(s), steps 7 and 8 may take place.
For example, the third NAS message can be a DL NAS transport message, an Identity request message, a Notification message, a 5GMM status message or another existing NAS message or new NAS message.
For example, it assumes a case where the PDU session that is identified by the PDU session ID #1 is used by two applications such as the APP136301 and the APP236302 in the UE 3. In this example, in a case where App_Id 1 of the APP136301 matches the URSP rule(s) and App_Id 2 of the APP236302 does not match the URSP rule(s), the third NAS message may include the list of allowed APP_Id including App_Id 1, the list of not allowed APP_Id including App_Id 2 and the PDU session ID #1. In a case where the App_Id 1 and the App_Id 2 match the URSP rule(s), the third NAS message may include the list of allowed APP_Id including the App_Id 1 and the App_Id 2, and the the PDU session ID #1. In a case where the App_Id 1 and the App_Id 2 do not match the URSP rule(s), the third NAS message may include the list of not allowed APP_Id including the App_Id 1 and the App_Id 2, and the the PDU session ID #1.
In a case where the third NAS message includes the list of not allowed APP_Id, the NAS layer 362 generates a Service close indication message and send the message to an application which is identified by the App_Id included in the list of not allowed APP_Id. The Service close indication message may indicate that the PDU session being used is not appropriate.
For example, in a case where the third NAS message includes the list of not allowed APP_Id which includes App_Id 2 of the APP236302, the NAS layer 362 may send the Service close indication message to the APP236302.
Upon reception of the Service close indication message from the NAS layer 362, the APP236302 stops sending UPLINK data to the NAS layer 362 and initiates the inspection program (for example, virus check program).
If the third NAS message indicates multiple applications to be stopped (e.g. if the list of not allowed APP_Id of the third NAS message includes multiple App_Ids), the NAS layer 362 sends multiple Service close indication messages to applications respectively based on the parameter (e.g. the App_Ids) received in the third NAS message.
The at least one of the generating the Service close indication message, the sending the Service close indication message and the stopping sending UPLINK data may be referred to as stopping use of the APP236302.
In a case where the application does not receive the Service close indication message, the application may continue sending UPLINK data to the NAS layer 362.
In a case where the NAS layer 362 receives the list of allowed APP_Id, the NAS layer 362 may generate a Service continue indication message and send the message to an application that is identified by the App_Id included in the list of allowed APP_Id. The Service continue indication message may indicate that the PDU session being used is appropriate.
Upon reception of the Service continue indication message from the NAS layer 362, the application may continue sending UPLINK data to the NAS layer 362.
According to the Fifth example of the First Aspect, for example, the 5GC (e.g. the AMF) can be aware whether or when the UE enforces a URSP rule(s). In addition, according to the Fifth example of the First Aspect, for example, it can provide actions that the 5GS (e.g. the AMF) can take after 5GC is aware whether the UE enforces a URSP rule(s). Further, according to the Fifth example of the First Aspect, for example, it can provide a solution which can prevent from unauthorized application(s) in the UE routing traffic via the existing PDU sessions.
For example, a first apparatus corresponding to AMF 70 stores policy information for a communication terminal from a second apparatus. For example, the communication terminal corresponding to the UE 3. For example, the second apparatus corresponding to the PCF 72. The first apparatus sends, to the communication terminal, a request message for information for an application for the communication terminal. The first apparatus receives, from the communication terminal, the information for an application for the communication terminal. The first apparatus checks whether the information for an application for the communication terminal is consistent with the policy information for the communication terminal. The first apparatus sends, to the communication terminal, information related to rejection in a case where the information for an application for the communication terminal is not consistent with the policy information for the communication terminal.
For example, a first apparatus corresponding to AMF 70 stores policy information for a communication terminal from a second apparatus. For example, the communication terminal corresponding to the UE 3. For example, the second apparatus corresponding to the PCF 72. The first apparatus sends, to the communication terminal, a request message for information for an application for the communication terminal. The first apparatus receives, from the communication terminal, the information for an application for the communication terminal. The first apparatus checks whether the information for an application for the communication terminal is consistent with the policy information for the communication terminal. The first apparatus sends, to the communication terminal, information related to acceptance in a case where the information for an application for the communication terminal is consistent with the policy information for the communication terminal.
In one example, the steps 4-7 are executed by an SMF 71 or a UPF 72 as well. E.g. the UPF 72 or the SMF 71 may determine whether the data being transmitted over the PDU session (e.g. the App_Id) matches the URSP rule(s) which the UPF 72 or the SMF 71 receives as defined in one of the above Aspects.
The telecommunication system 1 represents a system overview in which an end to end communication is possible. For example, UE 3 (or user equipment, ‘mobile device’ 3) communicates with other UEs 3 or service servers in the data network 20 via respective (R)AN nodes 5 and a core network 7.
The (R)AN node 5 supports any radio accesses including a 5G radio access technology (RAT), an E-UTRA radio access technology, a beyond 5G RAT, a 6G RAT and non-3GPP RAT including wireless local area network (WLAN) technology as defined by the Institute of Electrical and Electronics Engineers (IEEE).
The (R)AN node 5 may split into a Radio Unit (RU), Distributed Unit (DU) and Centralized Unit (CU). In some aspects, each of the units may be connected to each other and structure the (R)AN node 5 by adopting an architecture as defined by the Open RAN (O-RAN) Alliance, where the units above are referred to as O-RU, O-DU and O-CU respectively.
The (R)AN node 5 may be split into control plane function and user plane function. Further, multiple user plane functions can be allocated to support a communication. In some aspects, user traffic may be distributed to multiple user plane functions and user traffic over each user plane functions are aggregated in both the UE 3 and the (R)AN node 5. This split architecture may be called as ‘dual connectivity’ or ‘Multi connectivity’.
The (R)AN node 5 can also support a communication using the satellite access. In some aspects, the (R)AN node 5 may support a satellite access and a terrestrial access.
In addition, the (R)AN node 5 can also be referred as an access node for a non-wireless access. The non-wireless access includes a fixed line access as defined by the Broadband Forum (BBF) and an optical access as defined by the Innovative Optical and Wireless Network (IOWN).
The core network 7 may include logical nodes (or ‘functions’) for supporting a communication in the telecommunication system 1. For example, the core network 7 may be 5G Core Network (5GC) that includes, amongst other functions, control plane functions and user plane functions. Each function in logical nodes can be considered as a network function. The network function may be provided to another node by adapting the Service Based Architecture (SBA).
A Network Function can be deployed as distributed, redundant, stateless, and scalable that provides the services from several locations and several execution instances in each location by adapting the network virtualization technology as defined by the European Telecommunications Standards Institute, Network Functions Virtualization (ETSI NFV).
The core network 7 may support the Non-Public Network (NPN). The NPN may be a Stand-alone Non-Public Network (SNPN) or a Public Network Integrated NPN (PNI-NPN).
As is well known, a UE 3 may enter and leave the areas (i.e. radio cells) served by the (R)AN node 5 as the UE 3 is moving around in the geographical area covered by the telecommunication system 1. In order to keep track of the UE 3 and to facilitate movement between the different (R)AN nodes 5, the core network 7 comprises at least one access and mobility management function (AMF) 70. The AMF 70 is in communication with the (R)AN node 5 coupled to the core network 7. In some core networks, a mobility management entity (MME) or a mobility management node for beyond 5G or a mobility management node for 6G may be used instead of the AMF 70.
The core network 7 also includes, amongst others, a Session Management Function (SMF) 71, a User Plane Function (UPF) 72, a Policy Control Function (PCF) 73, a Authentication Server Function (AUSF) 74, a Unified Data Management (UDM) 75, and a Network Data Analytics Function (NWDAF) 76. When the UE 3 is roaming to a visited Public Land Mobile Network (VPLMN), a home Public Land Mobile Network (HPLMN) of the UE 3 provides the UDM 75 and at least some of the functionalities of the SMF 71, UPF 72, and PCF 73 for the roaming-out UE 3.
The UE 3 and a respective serving (R)AN node 5 are connected via an appropriate air interface (for example the so-called “Uu” interface and/or the like). Neighboring (R)AN node 5 are connected to each other via an appropriate (R)AN node 5 to (R)AN node interface (such as the so-called “Xn” interface and/or the like). Each (R)AN node 5 is also connected to nodes in the core network 7 (such as the so-called core network nodes) via an appropriate interface (such as the so-called “N2”/“N3” interface(s) and/or the like). From the core network 7, connection to a data network 20 is also provided. The data network 20 can be an internet, a public network, an external network, a private network or an internal network of the PLMN. In case that the data network 20 is provided by a PLMN operator or Mobile Virtual Network Operator (MVNO), the IP Multimedia Subsystem (IMS) service may be provided by that data network 20. The UE 3 can be connected to the data network 20 using IPv4, IPv6, IPv4v6, Ethernet or unstructured data type.
The “Uu” interface may include a Control plane of Uu interface and User plane of Uu interface.
The User plane of Uu interface is responsible to convey user traffic between the UE 3 and a serving (R)AN node 5. The User plane of Uu interface may have a layered structure with SDAP, PDCP, RLC and MAC sublayer over the physical connection.
The Control plane of Uu interface is responsible to establish, modify and release a connection between the UE 3 and a serving (R)AN node 5. The Control plane of Uu interface may have a layered structure with RRC, PDCP, RLC and MAC sublayers over the physical connection.
For example, the following messages are communicated over the RRC layer to support AS signaling.
The UE 3 and the AMF 70 are connected via an appropriate interface (for example the so-called N1 interface and/or the like). The N1 interface is responsible to provide a communication between the UE 3 and the AMF 70 to support NAS signaling. The N1 interface may be established over a 3GPP access and over a non-3GPP access. For example, the following messages are communicated over the N1 interface.
The UE 3 may, for example, support the Non-Public Network (NPN), The NPN may be a Stand-alone Non-Public Network (SNPN) or a Public Network Integrated NPN (PNI-NPN).
The UE 3 may, for example, be an item of equipment for production or manufacture and/or an item of energy related machinery (for example equipment or machinery such as: boilers; engines; turbines; solar panels; wind turbines; hydroelectric generators; thermal power generators; nuclear electricity generators; batteries; nuclear systems and/or associated equipment; heavy electrical machinery; pumps including vacuum pumps; compressors; fans; blowers; oil hydraulic equipment; pneumatic equipment; metal working machinery; manipulators; robots and/or their application systems; tools; molds or dies; rolls; conveying equipment; elevating equipment; materials handling equipment; textile machinery; sewing machines; printing and/or related machinery; paper converting machinery; chemical machinery; mining and/or construction machinery and/or related equipment; machinery and/or implements for agriculture, forestry and/or fisheries; safety and/or environment preservation equipment; tractors; precision bearings; chains; gears; power transmission equipment; lubricating equipment; valves; pipe fittings; and/or application systems for any of the previously mentioned equipment or machinery etc.).
The UE 3 may, for example, be an item of transport equipment (for example transport equipment such as: rolling stocks; motor vehicles; motor cycles; bicycles; trains; buses; carts; rickshaws; ships and other watercraft; aircraft; rockets; satellites; drones; balloons etc.).
The UE 3 may, for example, be an item of information and communication equipment (for example information and communication equipment such as: electronic computer and related equipment; communication and related equipment; electronic components etc.).
The UE 3 may, for example, be a refrigerating machine, a refrigerating machine applied product, an item of trade and/or service industry equipment, a vending machine, an automatic service machine, an office machine or equipment, a consumer electronic and electronic appliance (for example a consumer electronic appliance such as: audio equipment; video equipment; a loud speaker; a radio; a television; a microwave oven; a rice cooker; a coffee machine; a dishwasher; a washing machine; a dryer; an electronic fan or related appliance; a cleaner etc.).
The UE 3 may, for example, be an electrical application system or equipment (for example an electrical application system or equipment such as: an x-ray system; a particle accelerator; radio isotope equipment; sonic equipment; electromagnetic application equipment; electronic power application equipment etc.).
The UE 3 may, for example, be an electronic lamp, a luminaire, a measuring instrument, an analyzer, a tester, or a surveying or sensing instrument (for example a surveying or sensing instrument such as: a smoke alarm; a human alarm sensor; a motion sensor; a wireless tag etc.), a watch or clock, a laboratory instrument, optical apparatus, medical equipment and/or system, a weapon, an item of cutlery, a hand tool, or the like.
The UE 3 may, for example, be a wireless-equipped personal digital assistant or related equipment (such as a wireless card or module designed for attachment to or for insertion into another electronic device (for example a personal computer, electrical measuring machine)).
The UE 3 may be a device or a part of a system that provides applications, services, and solutions described below, as to “internet of things (IoT)”, using a variety of wired and/or wireless communication technologies.
Internet of Things devices (or “things”) may be equipped with appropriate electronics, software, sensors, network connectivity, and/or the like, which enable these devices to collect and exchange data with each other and with other communication devices. IoT devices may comprise automated equipment that follow software instructions stored in an internal memory. IoT devices may operate without requiring human supervision or interaction. IoT devices might also remain stationary and/or inactive for a long period of time. IoT devices may be implemented as a part of a (generally) stationary apparatus. IoT devices may also be embedded in non-stationary apparatus (e.g. vehicles) or attached to animals or persons to be monitored/tracked.
It will be appreciated that IoT technology can be implemented on any communication devices that can connect to a communications network for sending/receiving data, regardless of whether such communication devices are controlled by human input or software instructions stored in memory.
It will be appreciated that IoT devices are sometimes also referred to as Machine-Type Communication (MTC) devices or Machine-to-Machine (M2M) communication devices or Narrow Band-IoT UE (NB-IoT UE). It will be appreciated that a UE 3 may support one or more IoT or MTC applications.
The UE 3 may be a smart phone or a wearable device (e.g. smart glasses, a smart watch, a smart ring, or a hearable device).
The UE 3 may be a car, or a connected car, or an autonomous car, or a vehicle device, or a motorcycle or V2X (Vehicle to Everything) communication module (e.g. Vehicle to Vehicle communication module, Vehicle to Infrastructure communication module, Vehicle to People communication module and Vehicle to Network communication module).
The communications control module 552 (using its transceiver control sub-module) is responsible for handling (generating/sending/receiving) signalling between the (R)AN node 5 and other nodes, such as the UE 3, another (R)AN node 5, the AMF 70 and the UPF 72 (e.g. directly or indirectly). The signalling may include, for example, appropriately formatted signalling messages relating to a radio connection and a connection with the core network 7 (for a particular UE 3), and in particular, relating to connection establishment and maintenance (e.g. RRC connection establishment and other RRC messages), NG Application Protocol (NGAP) messages (i.e. messages by N2 reference point) and Xn application protocol (XnAP) messages (i.e. messages by Xn reference point), etc. Such signalling may also include, for example, broadcast information (e.g. Master Information and System information) in a sending case.
The controller 54 is also configured (by software or hardware) to handle related tasks such as, when implemented, UE mobility estimates and/or moving trajectory estimation.
The (R)AN node 5 may support the Non-Public Network (NPN), The NPN may be a Stand-alone Non-Public Network (SNPN) or a Public Network Integrated NPN (PNI-NPN). A Master Node (MN) 501 and a Secondary Node (SN) 502 may have same components to the (R)AN node 5.
The (R)AN node 5 based on O-RAN architecture represents a system overview in which the (R)AN node is split into a Radio Unit (RU) 60, Distributed Unit (DU) 61 and Centralized Unit (CU) 62. In some aspects, each unit may be combined. For example, the RU 60 can be integrated/combined with the DU 61 as an integrated/combined unit, the DU 61 can be integrated/combined with the CU 62 as another integrated/combined unit. Any functionality in the description for a unit (e.g. one of RU 60, DU 61 and CU 62) can be implemented in the integrated/combined unit above. Further, CU 62 can separate into two functional units such as CU Control plane (CP) and CU User plane (UP). The CU CP has a control plane functionality in the (R)AN node 5. The CU UP has a user plane functionality in the (R)AN node 5. Each CU CP is connected to the CU UP via an appropriate interface (such as the so-called “E1” interface and/or the like).
The UE 3 and a respective serving RU 60 are connected via an appropriate air interface (for example the so-called “Uu” interface and/or the like). Each RU 60 is connected to the DU 61 via an appropriate interface (such as the so-called “Front haul”, “Open Front haul”, “F1” interface and/or the like). Each DU 61 is connected to the CU 62 via an appropriate interface (such as the so-called “Mid haul”, “Open Mid haul”, “E2” interface and/or the like). Each CU 62 is also connected to nodes in the core network 7 (such as the so-called core network nodes) via an appropriate interface (such as the so-called “Back haul”, “Open Back haul”, “N2”/“N3” interface(s) and/or the like). In addition, a user plane part of the DU 61 can also be connected to the core network nodes 7 via an appropriate interface (such as the so-called “N3” interface(s) and/or the like).
Depending on functionality split among the RU 60, DU 61 and CU 62, each unit provides some of the functionality that is provided by the (R)AN node 5. For example, the RU 60 may provide functionalities to communicate with a UE 3 over air interface, the DU 61 may provide functionalities to support MAC layer and RLC layer, the CU 62 may provide functionalities to support PDCP layer, SDAP layer and RRC layer.
The communications control module 6052 (using its transceiver control sub-module) is responsible for handling (generating/sending/receiving) signalling between the RU 60 and other nodes or units, such as the UE 3, another RU 60 and DU 61 (e.g. directly or indirectly). The signalling may include, for example, appropriately formatted signalling messages relating to a radio connection and a connection with the RU 60 (for a particular UE 3), and in particular, relating to MAC layer and RLC layer.
The controller 604 is also configured (by software or hardware) to handle related tasks such as, when implemented, UE mobility estimates and/or moving trajectory estimation.
The RU 60 may support the Non-Public Network (NPN), The NPN may be a Stand-alone Non-Public Network (SNPN) or a Public Network Integrated NPN (PNI-NPN).
As described above, the RU 60 can be integrated/combined with the DU 61 as an integrated/combined unit. Any functionality in the description for the RU 60 can be implemented in the integrated/combined unit above.
The DU 61 may support the Non-Public Network (NPN), The NPN may be a Stand-alone Non-Public Network (SNPN) or a Public Network Integrated NPN (PNI-NPN).
As described above, the RU 60 can be integrated/combined with the DU 61 or CU 62 as an integrated/combined unit. Any functionality in the description for DU 61 can be implemented in one of the integrated/combined unit above.
The CU 62 may support the Non-Public Network (NPN), The NPN may be a Stand-alone Non-Public Network (SNPN) or a Public Network Integrated NPN (PNI-NPN).
As described above, the CU 62 can be integrated/combined with the DU 61 as an integrated/combined unit. Any functionality in the description for the CU 62 can be implemented in the integrated/combined unit above.
The AMF 70 may support the Non-Public Network (NPN), The NPN may be a Stand-alone Non-Public Network (SNPN) or a Public Network Integrated NPN (PNI-NPN). An AMF 7001 and an AMF 7002 may have same components to the AMF 70.
The SMF 71 may support the Non-Public Network (NPN), The NPN may be a Stand-alone Non-Public Network (SNPN) or a Public Network Integrated NPN (PNI-NPN).
The UPF 72 may support the Non-Public Network (NPN), The NPN may be a Stand-alone Non-Public Network (SNPN) or a Public Network Integrated NPN (PNI-NPN).
The collocated gNB-CU-UP and UPF or the communication apparatus executing function of a collocated gNB-CU-UP and UPF or the communication apparatus executing function of the gNB-CU-UP and function of the UPF may have same components to the UPF 72.
The PCF 73 may support the Non-Public Network (NPN), The NPN may be a Stand-alone Non-Public Network (SNPN) or a Public Network Integrated NPN (PNI-NPN). A PCF 7301 and a PCF 7302 may have same components to the PCF 73.
The AUSF 74 may support the Non-Public Network (NPN), The NPN may be a Stand-alone Non-Public Network (SNPN) or a Public Network Integrated NPN (PNI-NPN).
The UDM 75 may support the Non-Public Network (NPN), The NPN may be a Stand-alone Non-Public Network (SNPN) or a Public Network Integrated NPN (PNI-NPN).
The whole or part of the example Aspects disclosed above can be described as, but not limited to, the following.
This contribution proposes a solution to Key Issue #2: 5GC awareness of URSP enforcement.
Editor's note: This clause will describe the solution principles and architecture assumptions for corresponding
This solution addresses the bellow requirements from Key Issue #2: 5GC awareness of URSP enforcement.
The solution allows for UE enforcement to follow correctly the URSP rules for traffic matching. It introduces Application identity parameter provisioned to the PCF by the UE during PDU Session Establishment procedure. The PCF performs URSP validity check in order to validate whether the UE correctly enforces the traffic matching rules in the URSP for the Application requiring the service. If the PCF finds out that the URSP rules are not correctly followed by the UE, the PDU Session is rejected with a new cause to indicate that the URSP rules in general or a specific URSP rules are not followed. Also, the PCF may optionally trigger UE Policy Update procedure to refresh the URSP rules in the UE with the latest version of the URSP rules.
Editor's note: This clause describes high-level procedures and information flows for the solution.
FIG. 6.X.2: UE's URSP enforcement validation by the network (See
Editor's note: This clause captures impacts on existing 3GPP nodes and functional elements.
UE, AMF, SMF—new App_ID parameter and a new PDU Session Establishment reject cause.
PCF—new App Id parameter and URSP validity check functionality.
Detailed aspects have been described above. As those skilled in the art will appreciate, a number of modifications and alternatives can be made to the above aspects whilst still benefiting from the disclosures embodied therein. By way of illustration only a number of these alternatives and modifications will now be described.
In the above description, the UE 3 and the network apparatus are described for ease of understanding as having a number of discrete modules (such as the communication control modules). Whilst these modules may be provided in this way for certain applications, for example where an existing system has been modified to implement the disclosure, in other applications, for example in systems designed with the inventive features in mind from the outset, these modules may be built into the overall operating system or code and so these modules may not be discernible as discrete entities. These modules may also be implemented in software, hardware, firmware or a mix of these.
Each controller may comprise any suitable form of processing circuitry including (but not limited to), for example: one or more hardware implemented computer processors; microprocessors; central processing units (CPUs); arithmetic logic units (ALUs); input/output (IO) circuits; internal memories/caches (program and/or data); processing registers; communication buses (e.g. control, data and/or address buses); direct memory access (DMA) functions; hardware or software implemented counters, pointers and/or timers; and/or the like.
In the above aspects, a number of software modules were described. As those skilled in the art will appreciate, the software modules may be provided in compiled or un-compiled form and may be supplied to the UE 3 and the network apparatus as a signal over a computer network, or on a recording medium. Further, the functionality performed by part or all of this software may be performed using one or more dedicated hardware circuits. However, the use of software modules is preferred as it facilitates the updating of the UE 3 and the network apparatus in order to update their functionalities.
In the above aspects, a 3GPP radio communications (radio access) technology is used. However, any other radio communications technology (e.g. WLAN, Wi-Fi, WiMAX, Bluetooth, etc.) and other fix line communications technology (e.g. BBF Access, Cable Access, optical access, etc.) may also be used in accordance with the above aspects.
Items of user equipment might include, for example, communication devices such as mobile telephones, smartphones, user equipment, personal digital assistants, laptop/tablet computers, web browsers, e-book readers and/or the like. Such mobile (or even generally stationary) devices are typically operated by a user, although it is also possible to connect so-called ‘Internet of Things’ (IoT) devices and similar machine-type communication (MTC) devices to the network. For simplicity, the present application refers to mobile devices (or UEs) in the description but it will be appreciated that the technology described can be implemented on any communication devices (mobile and/or generally stationary) that can connect to a communications network for sending/receiving data, regardless of whether such communication devices are controlled by human input or software instructions stored in memory.
Various other modifications will be apparent to those skilled in the art and will not be described in further detail here.
As will be appreciated by one of skill in the art, the present disclosure may be embodied as a method, and system. Accordingly, the present disclosure may take the form of an entirely hardware embodiment, a software embodiment or an embodiment combining software and hardware aspects.
It will be understood that each block of the block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks. A general-purpose processor may be a microprocessor, but in the alternative, the processor may be any conventional processor, controller, microcontroller, or state machine. A processor may also be implemented as a combination of computing devices, e.g., a plurality of microprocessors, one or more microprocessors, or any other such configuration.
The methods or algorithms described in connection with the examples disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in RAM memory, flash memory, ROM memory, EPROM memory, EEPROM memory, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art. A storage medium may be coupled to the processor such that the processor can read information from, and write information to, the storage medium. In the alternative, the storage medium may be integral to the processor. The processor and the storage medium may reside in an ASIC.
The previous description of the disclosed examples is provided to enable any person skilled in the art to make or use the present disclosure. Various modifications to these examples will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other examples without departing from the spirit or scope of the disclosure. Thus, the present disclosure is not intended to be limited to the examples shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
While the disclosure has been particularly shown and described with reference to exemplary Aspects thereof, the disclosure is not limited to these Aspects. It will be understood by those of ordinary skill in the art that various changes in form and details may be made therein without departing from the spirit and scope of the present disclosure as defined by this document. For example, the Aspects above are not limited to 5GS, and the Aspects are also applicable to communication system other than 5GS (e.g., 6G system, 5G beyond system).
The whole or part of the example Aspects disclosed above can be described as, but not limited to, the following supplementary notes.
A method of a communication apparatus, the method comprising:
A method of a user equipment (UE), the method comprising:
sending a first message,
wherein the first message includes first information related to an application in the UE;
receiving a second message after sending the first message,
wherein the second message includes second information, and
wherein the second information indicates that the application is rejected; and
stopping use of the application in a case of receiving the second message.
A method of a communication apparatus, the method comprising:
receiving a policy for a user equipment (UE) and information indicating that checking of data of the UE is needed;
checking whether the data is consistent with the policy after receiving the information; and
performing deactivation of communication related to the data in a case where the data is not consistent with the policy.
A method of a communication apparatus, the method comprising:
receiving a policy for a user equipment (UE);
receiving a service request message,
wherein the service request message includes an identifier of an application in the UE;
checking whether the identifier is consistent with the policy;
sending an accept message in a case where the identifier is consistent with the policy; and
sending a reject message in a case where the identifier is not consistent with the policy.
A method of a user equipment (UE), the method comprising:
sending a service request message in a case where the UE has an established PDU session,
wherein the service request message includes an identifier of an application in the UE;
receiving a first message after sending the service request message;
sending data in a case where the first message is an accept message; and
stopping use of the application in a case where the first message is a reject message.
A method of a communication apparatus, the method comprising:
receiving a policy for a user equipment (UE);
sending a request to send an identifier of an application in the UE;
receiving the identifier;
checking whether the identifier is consistent with the policy; and
sending a message after checking whether the identifier is consistent with the policy,
wherein the message includes at least one of information indicating an application to be allowed and information indicating an application to be not allowed.
A method of a user equipment (UE), the method comprising:
receiving a request to send an identifier of an application in the UE;
sending the identifier;
receiving a message after sending the identifier,
wherein the message includes at least one of information indicating an application to be allowed and information indicating an application to be not allowed; and
stopping use of the application to be not allowed after receiving the message.
A communication apparatus comprising:
means for receiving a policy for a user equipment (UE);
means for receiving information related to an application in the UE from the UE;
means for checking whether the information is consistent with the policy; and
means for sending a reject message in a case where the information is not consistent with the policy.
A user equipment (UE) comprising:
means for sending a first message,
wherein the first message includes first information related to an application in the UE;
means for receiving a second message after sending the first message,
wherein the second message includes second information, and
wherein the second information indicates that the application is rejected; and
means for stopping use of the application in a case of receiving the second message.
A communication apparatus comprising:
means for receiving a policy for a user equipment (UE) and information indicating that checking of data of the UE is needed;
means for checking whether the data is consistent with the policy after receiving the information; and
means for performing deactivation of communication related to the data in a case where the data is not consistent with the policy.
A communication apparatus comprising:
means for receiving a policy for a user equipment (UE);
means for receiving a service request message,
wherein the service request message includes an identifier of an application in the UE;
means for checking whether the identifier is consistent with the policy;
means for sending an accept message in a case where the identifier is consistent with the policy; and
means for sending a reject message in a case where the identifier is not consistent with the policy.
A user equipment (UE) comprising:
means for sending a service request message in a case where the UE has an established PDU session,
wherein the service request message includes an identifier of an application in the UE;
means for receiving a first message after sending the service request message;
means for sending data in a case where the first message is an accept message; and
means for stopping use of the application in a case where the first message is a reject message.
A communication apparatus comprising:
means for receiving a policy for a user equipment (UE);
means for sending a request to send an identifier of an application in the UE;
means for receiving the identifier;
means for checking whether the identifier is consistent with the policy; and
means for sending a message after checking whether the identifier is consistent with the policy,
wherein the message includes at least one of information indicating an application to be allowed and information indicating an application to be not allowed.
A user equipment (UE) comprising:
means for receiving a request to send an identifier of an application in the UE;
means for sending the identifier;
means for receiving a message after sending the identifier,
wherein the message includes at least one of information indicating an application to be allowed and information indicating an application to be not allowed; and
means for stopping use of the application to be not allowed after receiving the message.
A method for a first apparatus comprising:
receiving, from a second apparatus, policy information for a communication terminal;
receiving, from the communication terminal, information for an application for the communication terminal;
checking, whether the information for an application for the communication terminal is consistent with the policy information for a communication terminal; and
sending, to the communication terminal, information related to rejection in a case where the information for an application for the communication terminal is not consistent with the policy information for a communication terminal.
A method for a third apparatus comprising;
storing policy information for a communication terminal from a second apparatus;
receiving, from the communication terminal, information for an application for the communication terminal;
checking, whether the information for an application for the communication terminal is consistent with the policy information for a communication terminal; and
sending, to a first apparatus, information related to rejection in a case where the information for an application for the communication terminal is not consistent with the policy information for a communication terminal.
A method for a fourth apparatus comprising;
storing policy information for a communication terminal from a second apparatus;
receiving, from a third apparatus for session management, information for an application for the communication terminal;
receiving, from the third apparatus for session management, information indicates checking data related to a communication terminal is needed;
checking, whether the information for an application for the communication terminal is consistent with the policy information for a communication terminal (UE) based on the information indicates checking data related to the communication terminal is needed; and
sending information related to rejection in a case where the information for an application for the communication terminal is not consistent with the policy information for a communication terminal.
A method for a communication terminal comprising:
sending, to a first apparatus, a service request message including information for an application for the communication terminal,
wherein the first apparatus stores policy information for a communication terminal from a second apparatus,
wherein the first apparatus checks, whether the information for an application for the communication terminal is consistent with the policy information for a communication terminal, and
wherein the first apparatus sends, to the communication terminal information related to rejection in a case where the information for an application for the communication terminal is not consistent with the policy information for a communication terminal.
A method for a communication terminal comprising:
sending, to a first apparatus, service request message including information for an application for the communication terminal,
wherein the first apparatus stores policy information for a communication terminal from a second apparatus,
wherein the first apparatus checks, whether the information for an application for the communication terminal is consistent with the policy information for a communication terminal, and
wherein the first apparatus sends information, to the communication terminal, related to acceptance in a case where the information for an application for the communication terminal is consistent with the policy information for a communication terminal.
A method for a first apparatus comprising:
storing policy information for a communication terminal from a second apparatus;
receiving, from the communication terminal, service request message including information for an application for the communication terminal;
checking, whether the information for an application for the communication terminal is consistent with the policy information for a communication terminal; and
sending, to the communication terminal, information related to rejection in a case where the information for an application for the communication terminal is not consistent with the policy information for a communication terminal.
A method for a first apparatus comprising:
storing policy information for a communication terminal from a second apparatus;
receiving, from the communication terminal, service request message including information for an application for the communication terminal;
checking, whether the information for an application for the communication terminal is consistent with the policy information for a communication terminal; and
sending, to the communication terminal, information related to acceptance in a case where the information for an application for the communication terminal is consistent with the policy information for a communication terminal.
A method for a first apparatus comprising:
storing policy information for a communication terminal from a second apparatus;
sending, to the communication terminal, a request message for information for an application for the communication terminal;
receiving, from the communication terminal, the information for an application for the communication terminal;
checking, whether the information for an application for the communication terminal is consistent with the policy information for the communication terminal; and
sending, to the communication terminal, information related to rejection in a case where the information for an application for the communication terminal is not consistent with the policy information for the communication terminal.
A method for a first apparatus comprising:
storing policy information for a communication terminal from a second apparatus;
sending, to the communication terminal, a request message for information for an application for the communication terminal;
receiving, from the communication terminal, the information for an application for the communication terminal;
checking, whether the information for an application for the communication terminal is consistent with the policy information
for the communication terminal; and sending, to the communication terminal, information related to acceptance in a case where the information for an application for the communication terminal is consistent with the policy information for the communication terminal.
A method for a User Plane Function (UPF) comprising:
receiving, from a core network node, at least one of Users Equipment ID (UE ID), Data Network Name (DNN), Single-Network Slice Selection Assistance Information (S-NSSAI) and information related to UE Route Selection Policy rule (URSP),
checking whether user data for a User Equipment (UE) using a User Equipment (UE) session with the DNN and S-NSSAI matches the information related to UE Route Selection Policy rule (URSP) or not; and
sending to the core network node a result of the checking.
The method according to supplementary note 1, wherein
the information related to the URSP includes time information and location information.
The method according to supplementary note 1, wherein
the information related to the URSP is used by the UPF to check whether a destination address of the user data matches the descriptors in the URSP rule or not.
The method according to supplementary note 1, wherein the information related to the URSP is used by the UPF to check whether a port number of the user data matches the descriptors in the URSP rule or not.
The method according to supplementary note 1, wherein the information related to the URSP is used by the UPF to check whether a protocol of the user data matches the descriptors in the URSP rule or not.
A User Plane Function (UPF) comprising:
a memory; and
at least one processor configured to access the memory and configured to:
The User Plane Function (UPF) according to supplementary note 6, wherein
the information related to the URSP includes time information and location information.
The User Plane Function (UPF) according to supplementary note 6, wherein
the information related to the URSP is used by the UPF to check whether a destination address of the user data matches the descriptors in the URSP rule or not.
The User Plane Function (UPF) according to supplementary note 6, wherein
the information related to the URSP is used by the UPF to check whether a port number of the user data matches the descriptors in the URSP rule or not.
The User Plane Function (UPF) according to supplementary note 6, wherein
the information related to the URSP is used by the UPF to check whether a protocol of the user data matches the descriptors in the URSP rule or not.
While the invention has been particularly shown and described with reference to example embodiments thereof, the invention is not limited to these embodiments. It will be understood by those of ordinary skill in the art that various changes in form and details may be made therein without departing from the spirit and scope of the present invention as defined by the claims.
This application is based upon and claims the benefit of priority from Indian provisional patent application No. 202211016661, filed on Mar. 24, 2022, the disclosure of which is incorporated herein in its entirety by reference.
| Number | Date | Country | Kind |
|---|---|---|---|
| 202211016661 | Mar 2022 | IN | national |
| Filing Document | Filing Date | Country | Kind |
|---|---|---|---|
| PCT/JP2023/010546 | 3/17/2023 | WO |
