The UE sends a Registration request message and, if configured with one, it shall provide a CAA-level UAV ID of the UAV and optionally a USS address when registering for UAS services.

If primary authentication is required (e.g. if this is an initial Registration), AMF invokes it as described in step 9 in Figure 4.2.2.2.2-1 of TS 23.502. Subsequently AMF retrieves UE subscription data from UDM as described in step 14 in Figure 4.2.2.2.2-1 of TS 23.502 - (not shown in the Figure).

AMF shall determine whether UUAA-MM is required for the UAV. The AMF decides that UUAA is required if:

1. the UE has a valid Aerial UE subscription information;
2. UUAA is to be performed during Registration according to local operator policy;
3. there is no successful UUAA result from a previous UUAA-MM procedure;
4. the UE has provided a CAA-Level UAV ID.

AMF shall not perform UUAA-MM for non-3GPP access and shall ensure that the UE is not allowed to access any aerial services in non-3GPP access by rejecting PDU session establishment requests for aerial services (identified by DNN/S-NSSAI).

If AMF determines in step 3 that a UUAA-MM is to be performed, AMF shall include a pending UUAA-MM indication in the Registration Accept message. The AMF stores in the UE context that a UUAA is pending. The UE shall wait for completion of the UUAA-MM procedure without attempting to register for UAS services or to establish user plane connectivity to USS or UAV-C. If AMF determines that UUAA is not to be performed during this Registration procedure, UUAA may be triggered during PDU Session Establishment later on. If UAS services become enabled or disabled (e.g. because the aerial subscription becomes a part of the UE subscription data retrieved from UDM as described in clause 5.2.3.3.1 of TS 23.502) then AMF may trigger a UE Configuration Update procedure as described in clauses 4.5.1 and 4.2.4.2 of TS 23.502 to notify the UE. The UE may initiate a mobility registration update procedure to get the UAS services after completion of the UE Configuration Update procedure. If UUAA is configured in the AMF to be performed during 5GS registration and the UE has provided a CAA-Level UAV ID in the registration request in step 1, but the UE does not have an aerial subscription in the UE subscription data retrieved from the UDM in step 2, then the AMF rejects the registration with an indication informing no aerial subscription. This information indicates to the UAV of the reason for the rejection for aerial services and ensures that the UE is not allowed to access any aerial service. If UUAA is configured in the AMF to be performed during 5GS registration, the UE did not provide a CAA-Level UAV ID in the registration request in step 1, but UE has aerial subscription in the UE subscription data retrieved from UDM in step 2, then the AMF accepts the registration and ensures that the UE is not allowed to access any aerial service by storing in the UE context that 'UUAA-MM has FAILED' and further rejecting PDU session establishment requests for aerial services (identified by DNN/S-NSSAI). At a later point in time, if the UE wants to use the aerial services by providing the CAA Level UAV ID later on via UUAA-MM procedure, then the UE shall first perform Mobility Registration Update as explained in clause 4.2.2.2.2 of TS 23.502.

If UE indicates its support for Network Slice-Specific Authentication and Authorization (NSSAA) procedure in the UE MM Core Network Capability and if the UE includes Requested S-NSSAI in Registration Request which is subject to NSSAA, however, the Requested S-NSSAI has not been successfully authenticated, the NSSAA procedure is executed as described in clause 4.2.2.2.2 of TS 23.502.

If required based on step 3 determination and if the S-NSSAI that is associated with the UAS services is part of the Allowed NSSAI, UUAA-MM procedure (see clause 5.2.2.2) is executed at this step. Once the UUAA-MM procedure is successfully completed for the UAV, the AMF stores a successful UUAA result and updates the UE context indicating that UUAA is no longer pending and the authorized CAA-Level UAV ID if provided by the USS. The USS may provide a new CAA-Level UAV ID as the authorized CAA-Level UAV ID. The AMF shall trigger a UE Configuration Update procedure (see clause 4.2.4.2 of TS 23.502) to deliver the UUAA result, the UUAA Authorization Payload containing UAV configuration and the authorized CAA-Level UAV ID if received from the USS to the UE. If UUAA fails, based on local network policy, the AMF may decide to de-register the UE with an appropriate cause value in the De-Registration Request message, or keep the UE-registered with a failure UUAA result in UE context as described in step 7 of clause 5.2.2.2 and ensures that the UE is not allowed to access any aerial service based on the DNN/S-NSSAI value. If the UE is de-registered, the UE may re-attempt to re-register without including the CAA-level UAV ID.

For a UE that requires UUAA or when triggered by re-authentication by USS, the AMF triggers a UUAA-MM procedure. If the UE does not have an Aerial subscription in the UE subscription data retrieved from the UDM, the AMF shall not trigger a UUAA-MM procedure.

AMF to UAS NF/NEF: The AMF invokes Nnef_Authentication_AuthenticateAuthorize Request message. For initial authentication, this shall include the GPSI and the CAA-Level UAV ID and may include USS address (e.g. FQDN), UUAA Aviation Payload if it was provided by the UE. For re-authentication triggered by AMF, this may not include the CAA-Level UAV ID. UAS NF resolves the USS address based on CAA-Level UAV ID or considers the pre-configured USS addresses per serving area based on the current location of the UAV or uses the provided USS address, as described in clause 4.4.2. In addition, the AMF may also include the User Location Information (e.g. Cell ID). The UAS NF should store the serving AMF ID. The AMF identifies the UAS NF/NEF based on local configuration or by NF discovery procedure using DNN/S-NSSAI and/or UE provided identity e.g. USS address. The AMF also provides a Notification Endpoint to the UAS NF/NEF, so that UAS NF/NEF can include this Notification Endpoint together with UUAA updated parameters, as shown in clause 5.2.4. By providing the Notification Endpoint, the AMF is implicitly subscribed to be notified of re-authentication, update authorization data or revocation of UAV from UAS NF/NEF, if the UUAA result is successful in step 5.

UAS NF/NEF to USS: Naf_Authentication_AuthenticateAuthorize Request message, shall include the GPSI and CAA-Level UAV ID and optionally UAV location obtained from AMF in step 2 e.g. to support geo-caging functionality. UAS NF/NEF may translate the Cell ID received as UAV location from AMF in step 2 into a corresponding geographic area and/or may further obtain the UE location information using Location Service Procedures as defined in TS 23.273. The UAS NF/NEF also provides a Notification Endpoint to the USS, so that USS can include this Notification Endpoint together with UUAA updated parameters, as shown in clause 5.2.4. By providing the Notification Endpoint, the UAS NF/NEF is implicitly subscribed to be notified of re-authentication, update authorization data or revocation of UAV from USS, if the UUAA result is successful in step 5.

[Conditional] Multiple round-trip messages as required by the authentication method used by USS. Naf_Authentication_AuthenticateAuthorize Response messages from USS shall include GPSI and shall include an authentication message based on authentication method used that is forwarded transparently to UE over NAS MM transport messages. The authentication message in step 4d may contain UUAA Aviation Payload required by the USS if it was not provided by the UE before.

USS to UAS NF/NEF: (final) Naf_Authentication_AuthenticateAuthorize Response message, shall include: GPSI, a UUAA result (success/failure) for the UAV and the UAS NF, may include an authorized/new CAA-Level UAV ID for the UAV and a UUAA Authorization Payload to the UAV (e.g. security info to be used to secure communications with USS) and a final authentication message (e.g. indicating success or failure and if the UUAA is for re-authentication, indicating whether the UAS service related network resource can be released in case of UUAA failure) based on authentication method used that is forwarded transparently to UE over NAS MM transport messages. The USS may send in the Naf_Authentication_AuthenticateAuthorize Response message the information about relevant USSs (i.e. a list of USS addresses, information about geographical area each of the USSs serve); the USS includes that information also inside the UUAA Authorization Payload for the UAV consumption.

UAS NF/NEF to AMF: (final) Nnef_Authentication_AuthenticateAuthorize Response message, forwards information received from USS in step 5. If UUAA for re-authentication failed and UAS NF/NEF received indication that the UAS service related network resource can be released in step 5, the UAS NF/NEF includes an indication that the PDU sessions associated with the "DNN(s) subject to aerial services" can be released.

[Conditional] UAS NF/NEF to AMF: If UUAA-MM succeeded and UAS NF/NEF has not subscribed to AMF for the Mobility Event Exposure before, UAS NF/NEF subscribes to AMF for the mobility event notification by sending Namf_EventExposure_Subscribe request with the mobility events as described in TS 23.502, Table 5.2.2.3.1-1 with Event ID = Reachability Filter.

[Conditional] UAS NF/NEF to AMF: If UUAA-MM failed and UAS NF/NEF has subscribed to AMF for the Mobility Event Exposure earlier, UAS NF/NEF unsubscribes to AMF for the mobility event notification by sending Namf_EventExposure_Unsubscribe request with Subscription Correlation ID.

[Conditional] AMF to UAS NF/NEF: The AMF acknowledges the subscription request from 7a by sending Namf_EventExposure_Subscribe response with Subscription Correlation ID.

[Conditional] AMF to UAS NF/NEF: The AMF acknowledges the un-subscription request from 7b by sending Namf_EventExposure_Unsubscribe response.

AMF to UE: (final) NAS MM transport message forwarding authentication message from USS including authentication/authorization result (success/failure) and the UUAA Authorization Payload.

[Conditional] if UUAA-MM succeeded, AMF triggers a UE Configuration Update procedure to deliver to the UAV authorization information from USS, as described in clause 5.2.2.1.

[Conditional] If UUAA-MM fails during a Re-authentication and Re-authorization and there are PDU session(s) established using UAS services and the USS has indicated that the network resources can be released, AMF may trigger these PDU Sessions release. AMF identifies the relevant PDU session(s) for UAS services based on the DNN/S-NSSAI value of the PDU session. [Conditional] if UUAA-MM fails, based on network policy the AMF may trigger Network-initiated Deregistration procedure described (as specified in clause 4.2.2.3.3 of TS 23.502) and it shall include in the explicit De-Registration Request the appropriate rejection cause value.