Enterprises today use a variety of technologies to provide constant connectivity within an office or campus. For example, computers may have a fixed connection to the enterprise intranet to access local printers and copiers. WLAN may be used to provide intranet access from conference rooms or hallways as employees move about a building. Cellular access may be used to provide intranet access as employees move between buildings on a campus. While 5G is designed to manage movement between access technologies, and even simultaneous connections to different access technologies as efficiently as possible, some challenges yet remain. Different access technologies are subject to different QoS constraints, which can impact service quality when a UE moves from one to another. Fixed access is subject to physical constraints that are not conducive to today's mobile workplace. Service continuity is a goal rather than a requirement when moving between 3GPP and non-3GPP access technologies. Several technological advances have come together to make a 5G PVN feasible and practical. The emerging MIoT market is introducing office equipment that supports multiple access technology. For example, most new printers and scanners support at least a wireless access and optionally a wired access. As more IoT enabled office equipment is developed and deployed, the potential benefits of a 5G PVN are readily accessible. 3GPP 5G enhancements such as support for exclusive networks and network slicing enable scalable use by a range of customers, from home offices to large multi-building office campus' and everything in between. A large business may deploy a exclusive network. A smaller business may opt for a dedicated network slice. A home office may use a 5G PVN home network. Other enhancements such as increased support for use of both licensed and unlicensed spectrum provide an attractive environment both large scale and localized radio connectivity. Furthermore, 3GPP's 5G technology offers many security enhancements beyond what is currently available from other wireless technologies.

A mid-size enterprise decides to replace their existing wired and wireless LANs in the office with a 5G PVN using NR radio in unlicensed spectrum. The enterprise wants to be able to control and manage the equipment that is able to access the 5G PVN, e.g., printers, scanners, company database, phones, computers, to allow only specified equipment to have access and block access from non-company equipment (e.g., a visitor's phone). While in the office, employees will be able to use their cell phones and computers to communicate with other office equipment such printers, scanners, and video conference displays as well as to access company files and databases that are only available to employees.

[PR 5.1.3-1] [PR 5.1.3-2] [PR 5.1.3-3] [PR 5.1.3-4] [PR 5.1.3-5] [PR 5.1.3-6] [PR 5.1.3-7]

[PR 5.1.4-1] [PR 5.1.4-1]

Many enterprises are turning to a "bring your own device" (BYOD) operation mode to provide access to enterprise networks for an increasingly mobile workforce. As the employees incorporate IoT into their tool set (e.g., smart watches, tablets), a number of challenges arise as different employees may subscribe to different service providers, indeed an individual may have multiple devices with subscriptions to different service providers. The enterprise needs a flexible solution to provide intranet access to all the devices used by its employees. This solution must provide the same accessibility and security as if all devices were under a single corporate subscription. An enterprise 5G PVN can provide this service. By hosting a multi-operator 5G PVN, the enterprise can provide mobile broadband services to all devices (e.g., smartphone, tablet, smartwatch) used in the work place, while also providing a secure intranet for access to all enterprise systems (e.g., printers, databases, software tools). Additionally, this support can be provided by the 5G PVN without the need for multiple operators to provide concurrent coverage while minimizing interference.

An enterprise with a 5G PVN wants to increase the ability of its mobile employees to remain connected and productive as they work within the corporate campus. Employees are encouraged to bring their own devices: laptops, tablets, smartphones, whatever helps them be the most productive. Even though each employee makes his or her own decision on service providers for the primary subscription for these devices, the 5G PVN needs to be able to provide service for all the devices. Some devices may have a 3GPP subscription, some may not. The 5G PVN will need to ensure that all devices are authorized and authenticated before providing access to avoid giving access to enterprise information to unintended devices. The 5G PVN will need to provide a consistent QoE for all devices, to ensure employee productivity is maintained.

[PR 5.2.3-1] [PR 5.2.3-2] [PR 5.2.3-3]

[PR 5.2.4-1] [PR 5.2.4-2]

This use cases describes the case that a restricted set of UEs to communicate privately amongst each other even if these UEs are subscribers to different MNOs.

Charlie is subscriber to 3GPP MNO A. The MNO A provides the communication services that enable the equipment such as printer and smartphone could communicate privately amongst each other. David is a relative of Charlie but is a subscriber of 3GPP MNO B. David comes to Charlie's home.

David wishes to communicate with Charlie's printer in Charlie's home and some other equipments of Charlie's home. The MNO authorize David the use of the communication services inside Charlie's home.

David can communicate privately with Charlie's printer or other equipment of Charlie's home.

None identified.

[PR 5.2.6-1]

MNO-X is providing fixed-mobile converged Internet access through a 5G network. Depending on the situation, different network architectures may be used to provide Internet access. Examples are:

• Fibre-To-The-Home (FTTH) where the residential gateway is seen as a UE. Indirect communication with the residential gateway as relay may be used to connect other UEs in the house.
• Fibre-To-The-Home (FTTH) where one or more 5G small cells (femto cells) are connected to the residential gateway.
• Outdoor to indoor coverage from small cells e.g. at streetlights. Indirect communication via relay UEs may be used to improve coverage in the house.

Which connection scenario works best depends on local conditions (e.g. type of houses, available cable networks, et cetera). As the residential home owners have little or no choice in what scenario MNO-X deploys for their residential area, MNO-X wants to harmonise its service offering over all the scenarios. The user experience should not depend on the connectivity scenario.

MNO-X provides fixed mobile converged internet access using a 5GCN. The connectivity scenario depends on local conditions.

User A wants to be able to:

• access the Internet using any of his normal devices (e.g. mobile phone, tablet), regardless of whether at home or mobile
• communicate with devices within the home, e.g. send documents to a printer wirelessly, stream music from a phone to a wireless HiFi device, control the heating/airco with a phone, remotely switch on/off devices, get alarms from smoke/fire/intrusion detectors.

This is made possible by the 3GPP private data communication service, which works independently from the connectivity scenario.

None

None identified.

[PR 5.4.6-1] [PR 5.4.6-2]

OfficeSpace is a company that provides office space for rent. OfficeSpace owns the building, and rents out fully furnished and equipped office space to SMEs. Next to providing toilets, reception services, coffee and lunch facilities, office rental companies also have to ensure that their customers can use IT facilities and have excellent (mobile) Internet access. OfficeSpace has decided to fully rely on mobile communication for the internal Internet access and IT services (printers, beamers, et cetera). All devices are connected via PLMN communication. All servers et cetera are in the cloud. This saves greatly on the amount of cabling needed in the office. Furthermore, it provides the flexibility needed with the ever changing tenants. OfficeSpace's customers may use any of the mobile networks. And with the addition of visitors it is clear that OfficeSpace needs to ensure there is coverage for all mobile users, regardless of subscription. Because of the high frequencies needed to provide sufficient capacity for an in office mobile network, indoor small cell base stations are used to cover the office floors and various meeting rooms. Because installing a separate indoor infrastructure for each of the mobile operators would be too costly, OfficeSpace together with the mobile operators has implemented a shared radio access network. Implementing a shared radio access network implies that there is only one set of indoor base stations (plus the required connectivity of these base stations) for all operators.

All the tenants of OfficeSpace are subscribers of a private data communication service from their favourite mobile network operator. Upon request, OfficeSpace has registered available beamers, printers, TV screens et cetera to the private data communication service from the tenant(s) that is/are using these devices. OfficeSpace may use any mobile network operators to connect these devices.

Employees from the OfficeSpace tenants and visitors can use mobile Internet services or cloud based services on all their devices as if in the public mobile network. Employees from the OfficeSpace tenants can also use their handset, tablets, or laptops to connect to the devices such as printers, beamers, TV screens that have been assigned to them by OfficeSpace. OfficeSpace can use the indoor mobile infrastructure to connect building automation sensors and actuators (e.g. temperature sensors, climate control, security sensors).

None

None identified.

[PR 5.5.6-1] [PR 5.5.6-2]

Oil&Gas is a company that owns the rights to exploit oil and gas field. The size of a typical field where they are pumping up oil or natural gas would be several thousands of square kilometres. Throughout this area Oil&Gas would deploy an infrastructure of pumps, pipelines, valves, compressors, et cetera. Often this equipment is deployed in rural/remote areas, where there is limited availability of electricity and cable infrastructure. Oil&Gas has equipped their entire infrastructure with sensors and actuators which are connected via a mobile network. Using a mobile network allows Oil&Gas to more flexibly deploy its infrastructure. The different sensors and actuators communicate using typical industrial data communication protocols as if they are connected to the same Local Area Network. The difference is that the "Local" Area Network, now spans a very large area. When including oil and gas transport pipelines, the network may even span multiple countries; a pressure sensor in one country communicates with a valve in another country on the other side of the pipeline.

Oil&Gas subscribes to a private data communication service from their favourite mobile network operator. All sensors and actuators are configured to be part of one or more private network groups.

All sensors and actuators can communicate with other sensors and actuators on their private network group.

None

None identified.

[PR 5.6.6-1] [PR 5.6.6-1]

Joe is a service engineer for farming equipment. He services various kinds of equipment for his customers the farmers. As technology evolves, farming equipment is increasingly becoming smart. This implies that servicing equipment generally implies hooking up his computer to the equipment to see what may be wrong. A great benefit of mobile communication is that he can now also remotely connect to the equipment, regardless of where he or the farm equipment is located.

Farmer X has equipped all his farm equipment with 3GPP private data communication. Farmer X has provisioned a private group of other UEs that are allowed to remotely contact his farm equipment. For UE1 (his harvester) he has indicated that communication from other UEs in the private group is always allowed. For UE2 (his tractor), he has indicated that data communication can only be established if additionally he specifically authorises the specific data communication establishment request. Farmer X has provisioned the private data communication service with information on how to obtain authorization (i.e. which UEs to contact for authorization). UE-A, the laptop used by service engineer Joe, is provisioned to be part of the private group.

When UE-A wants to establish private data communication with UE1, it sends a request to the 3GPP network for an on-demand private data communication connection to UE1. UE-A can also indicate what type of data communication it wants (e.g. IP, Ethernet or other). The 3GPP network checks whether UE-A and UE1 are in the same private group and are authorised to communicate with each other. After positive authorization, the 3GPP network establishes the desired end-to-end private data communication connection and ensures that data transfer is enabled (e.g. configuration of firewalls). The 3GPP network ensures that no other UEs or network entities can send data packets to UE1 or UE-A via the established private data communication connection. UE-A then wants to establish private data communication with UE2. For this additional authorization from Farmer X is needed. UEA sends a request to the 3GPP network for an on-demand private data communication connection to UE2 and indicates what type of data communication it wants (e.g. IP, Ethernet or other). The 3GPP network checks whether UE-A and UE2 are in the same private group and are authorised to communicate with each other. The 3GPP network then sends an authorization request to the UEs that Farmer X has provisioned for authorization (e.g. his phone and his tablet). Upon receiving the authorization, the 3GPP network establishes the desired end-to-end private data communication connection and ensures that data transfer is enabled (e.g. configuration of firewalls). After performing remote diagnostics, service engineer Joe terminates the private data communication connections from his laptop to the farm equipment.

With the on-demand private data communication connection no longer present, there is no data communication between the UEs. Any data that the farm equipment may generate (e.g. keep alive messages, diagnostics messages, service discovery messages) are no longer sent to Joe's laptop. This way Joe saves a lot of battery power on his laptop and avoids overloading his mobile data connection. For Farmer X the benefit is that he can keep control of who is accessing his equipment at what time.

ProSe communication offers similar communication between two UEs. However, here data communication takes place via the network, potentially over large distance. Support for interconnection between operators is needed. It should be possible that UE-A has a subscription from a different operator than UE1 or UE2. Roaming needs to be supported.

[PR 5.7.6-1] [PR 5.7.6-2] [PR 5.7.6-3] [PR 5.7.6-4] [PR 5.7.6-5]

In this use case a residential 5G PVN is initially formed with two devices. The two devices are physically located in the home and they connect to the 3GPP network via two separate UEs (UE1 and UE2). The home owner wants to add sensors to the residential 5G PVN in order to be able to securely control the sensors using the home computer which is already connected to the 5G PVN.

A residential 5G PVN is established with two devices: a printer connected to the 3GPP network via UE1 and a home computer connected to the 3GPP network via UE2. Both devices in the 5G PVN communicate securely.

The home owner purchases a set of sensors to be installed in the residence. The home owner installs the sensors in the house and the sensors are connected to UE3 via WLAN. UE3's subscription allows for UE3 to receive 5G PVN services from the 3GPP network. UE3 registers with the 3GPP network. The 3GPP network receives a request to add UE3 to the residential 5G PVN.

The 3GPP network adds UE3 to the residential 5G PVN. The sensors can communicate securely with the other devices in the residential 5G PVN via UE3.

[PR 5.8.5-1] [PR 5.8.5-2]

This use case describes the addition of new equipment into an existing 3GPP private group communications with automatic private group update, i.e. as soon as equipment is added in the company.

Bob hires a new employee and gives to him a new mobile/smartphone D and a new computer E on a desktop of the office building. A 3GPP private group communications is already enabled for the communication between equipment A, B and C of the company. Bob configures the private group information to add smartphone D and the laptop E and to identify which 3GPP private group communications they are part of.

The smartphone D and the laptop E initiate communication via the 3GPP network to the 3GPP private group communications management function of the 3GPP MNO to join a specific 3GPP private group communication of the company. The MNO's management function checks D and E are allowed to join the 3GPP private group communications. The MNO's management function adds D and E into the member group of this 3GPP private group communications. The MNO correctly configure the network such that the private group communications between D and E, and with other UEs (e.g., A, B and C) within the same private group communications is enabled.

The new smartphone D and new laptop E can communicate with A, B and C that are in the same private group communications. Equipment outside of this private group communications cannot interfere with the communication between A, B, C, D, and E.

None identified.

[PR 5.9.6-1] [PR 5.9.6-2] [PR 5.9.6-3] [PR 5.9.6-4]