Tech-invite3GPPspaceIETFspace
21222324252627282931323334353637384‑5x

Content for  TS 23.256  Word version:  19.0.0

Top   Top   Up   Prev   Next
1…   4…   4.2…   4.2.3…   4.3…   4.4…   4.5…   5…   5.2.3…   5.2.4…   5.2.5…   5.2.5.3…   5.2.5.4…   5.2.7   5.2.8…   5.2.9…   5.3…   5.4…   5.5…   5.12…   5.13…   5.14…   6…   6.2…   6.3…   6.3.4…   A…

 

5.2.3  UUAA At PDN Connection/PDU Session Establishment (UUAA-SM)p. 34

5.2.3.1  Generalp. 34

An UAV uses PDU Sessions or PDN Connections in the UE for connectivity with the USS and for connectivity with a networked UAV-C.
A networked UAV-C is a UE which uses existing procedures for establishing PDU Session or PDN Connection for communication with the USS/UTM, and the procedures described in this clause do not apply to a networked UAV-C.
This clause describes procedure that applies both for 5GS and EPS, where PDU Session refers to 5GS and PDN Connection refers to EPS.
PDU Session(s)/PDN Connection(s) for UAS services shall only be established after a UAV has been authenticated and authorized by the USS. This may happen during UUAA-SM as described in this clause.
A UAV may use either a common or separate PDU Session/PDN connection for connectivity with the USS and a UAV-C.
When the UAV requests establishment of a PDU session/PDN connection, the PDU session/PDN Connection may require UUAA authorization of the UAV, subject to operator policy and regulatory requirements.
If the UAV uses the PDU session/PDN connection for C2 the PDU session is subject to C2 authorization as described in clause 5.2.5.
The PDU Session/PDN Connection is identified by the SMF/SMF+PGW-C as being for USS/C2 communication based on the aerial service indication set in the Session Management Subscription data for the DNN or DNN and S-NSSAI combination.
To subscribe to the PDU Session/PDN Connection Status Event, UAS NF/NEF determines the APN/DNN or DNN and S-NSSAI combination as below:
  • The UAS NF/NEF may receive APN/DNN or DNN and S-NSSAI combination from the USS as specified in clause 4.15.3.2.3 of TS 23.502;
  • The UAS NF/NEF may map the AF-Identifier from the USS into APN/DNN or DNN and S-NSSAI combination based on local configuration as specified in clause 4.15.3.2.3 of TS 23.502; or
  • The UAS NF/NEF may map the External Application Identifier from the USS into the APN/DNN or DNN and S-NSSAI combination based on local configuration.
During the establishment or modification procedure of the PDU Session/PDN connection for C2 communication, the USS shall provide the 3GPP system with following information for enabling basic C2 communication between UAV and UAV-C:
  • Traffic filters;
  • QoS requirements.
The USS can enable/disable C2 communication between UAV and UAV-C necessary for services used during the flight operation at any point in time as described in clause 5.2.9.
UAS NF stores the UAV UEs UUAA context after successful UUAA-SM procedure. The UUAA context may be stored in the UDSF or may be stored locally in the UAS NF depending on deployments. The SMF shall subscribe for notifications from UAS NF which may be used to trigger re-authentication, update authorization data or revoke authorization of the UAV, upon receipt of such request from the USS.
Clause 5.2.3.2 defines the USS UAV Authorization/Authentication (UUAA) procedures at PDU Session Establishment in 5GS and clauses 5.2.3.3 and 5.2.3.4 are for the PDN Connection Establishment for EPS using the interworking functionality.
When the C2 authorization is revoked by the USS, the SMF or SMF+PGW-C shall release the PDU Session/PDN connection for C2 communication (in case separate PDU Sessions/PDN Connections are used), or disable C2 communication for the PDU Session/PDN connection (in case common PDU Session/PDN Connection is used), e.g. by removing the traffic filters for C2 communications and the QoS flow for C2 communication, and informs the UE with a PDU session modification/bearer modification request.
When the UUAA is revoked by the USS, all UAV related PDU Session/PDN connections shall be released.
Up

5.2.3.2  USS UAV Authorization/Authentication (UUAA) during the PDU Session Establishmentp. 35

The USS UAV Authorization/Authentication (UUAA) is triggered by the SMF during the PDU Session Establishment, specified in clause 4.3.2.2 of TS 23.502 and additionally based on the SM subscription data obtained from UDM, and the Service Level Device Identity provided by the UE in the PDU Session establishment request.
Reproduction of 3GPP TS 23.256, Fig. 5.2.3.2-1: UUAA during PDU Session Establishment
Up
The procedure assumes that the UE/UAV has already registered on the AMF.
Step 0.
Steps 1 - 5 as in TS 23.502 Figure 4.3.2.2.1-1.
The UAV includes the Service Level Device Identity (e.g. the CAA-Level UAV ID of the UVA) and may include the Authentication Server Address (i.e. the USS address or the USS address for the corresponding geographical area based on the UAV current location) and optionally Authentication Data (i.e. the UUAA Aviation Payload) in the PDU Session Establishment request.
The SMF determines that it needs to invoke UAS NF/NEF service operation for UUAA Authentication/Authorization of the PDU session establishment request based on that the provided DNN/S-NSSAI combination is dedicated for aerial services (have aerial service indicator set) and that the Service Level Device Identity (CAA-Level-UAV ID) is included in the request. If the provided APN/DNN is dedicated for aerial services but Service Level Device Identity (CAA-Level UAV ID) is not provided, the SMF shall reject the establishment of the PDU Session and steps 1 - 9 are not performed.
The SMF identifies the UAS NF/NEF based on local configuration or by NF discovery procedure using DNN/S-NSSAI and/or UE provided identity e.g. USS address.
Step 1.
The SMF invokes Nnef_Authentication_AuthenticateAuthorize service operation, including the Service Level Device Identity (that contains the CAA-Level UAV ID of the UAV), DNN, S-NSSAI, and may include the Authentication Server Address (i.e. the USS address) and the UUAA Aviation Payload if it was provided by the UE, GPSI, optionally UAV location, PEI if available, and the UE IP Address if available. The UAV location is the User Location Information provided by the AMF (e.g. Cell ID). The UAS NF/NEF selects a USS based on either the Service Level Device Identity (i.e. CAA-Level UAV ID of the UAV) or the pre-configured USS addresses per serving area or the Authentication Server address (i.e. USS address) as described in clause 4.4.2.
SMF also provides a Notification Endpoint to the UAS NF/NEF, so that UAS NF/NEF can include this Notification Endpoint together with UUAA updated parameters, as shown in clause 5.2.4. By providing the Notification Endpoint, the SMF is implicitly subscribed to be notified of re-authentication, update authorization data or revocation of UAV from UAS NF/NEF, if the UUAA result is successful in step 4.
Step 2.
From UAS NF/NEF to USS: Naf_Authentication_AuthenticateAuthorize service operation forwarding the authentication request received information from the SMF. UAS NF may translate the Cell ID received as part of UAV location in the Nnef_Authentication_AuthenticateAuthorize request at step 1 into a corresponding geographic area and/or may further obtain the UE location information using Location Service Procedures as defined in TS 23.273 and include them in the Naf_Authentication_AuthenticateAuthorize message towards the USS e.g. to support geo-caging functionality.
UAS NF/NEF also provides a Notification Endpoint to the USS, so that USS can include this Notification Endpoint together with UUAA updated parameters, as shown in clause 5.2.4. By providing the Notification Endpoint, the UAS NF/NEF is implicitly subscribed to be notified of re-authentication, update authorization data or revocation of UAV from USS, if the UUAA result is successful in step 4.
Step 3.
[Conditional] Multiple round-trip messages as required by the authentication method used by USS. This step is performed if the Naf_Authentication_AuthenticateAuthorize response messages from USS in step 3a does not contain a UUAA result (SUCCESS/FAILURE). Naf_Authentication_AuthenticateAuthorize response messages from USS shall include GPSI and shall include an authentication message based on authentication method used that is forwarded transparently to UE over NAS MM transport messages. The authentication message in step3e may contain UUAA Aviation Payload required by the USS if it was not provided by the UE before.
Step 4.
From USS to UAS NF/NEF: Naf_Authentication_AuthenticateAuthorize response.
The USS sends Naf_Authentication_AuthenticateAuthorize response to the UAS NF/NEF with the Authentication/Authorization result containing the UUAA result (SUCCESS/FAILURE) for the UAS NF and indication whether the UAS service related network resource can be released in the case of UUAA failure for re-authentication or re-authorization, optionally a Service Level Device Identity containing the authorized CAA-Level UAV ID, requested policy information and the UUAA Authorization Payload. The requested policy information from USS may contain a DN Authorization Profile Index and/or a DN authorized Session AMBR. The USS may include a new CAA-Level UAV ID as authorized CAA-Level UAV ID. The USS may send the one or multiple USS addresses and corresponding geographical area for the UAV.
Step 5.
The UAS NF/NEF confirms the successful Authentication/Authorization of the PDU Session. The UAS NF/NEF stores the UUAA result together with the GPSI. UAS NF/NEF forwards the Authentication/Authorization result, a Service Level Device Identity containing the authorized CAA-Level UAV ID and the Authorization Data (i.e. the UUAA Authorization Payload), if received from the USS, to the SMF.
Step 6.
[Conditional] If the authentication/authorization is successful, the USS shall subscribe to the PDU Session Status Event as described in steps 1-5 in Figure 4.15.3.2.3-1 of TS 23.502. This step can be executed in parallel to step 4. The UAS NF/NEF determines the DNN, S-NSSAI to subscribe to the PDU Session Status Event notification as specified in clause 5.2.3.1.
Step 7.
The PDU Session establishment continues with steps 7 to 21 in Figure 4.3.2.2.1-1 of TS 23.502 and completes. In the step 7b in Figure 4.3.2.2.1-1 of TS 23.502, if the SMF receives the DN Authorization Profile Index from the UAS NF/NEF, it sends the DN Authorization Profile Index to retrieve the PDU Session related policy information (described in clause 6.4 of TS 23.503) and the PCC rule(s) (described in clause 6.3 of TS 23.503) from the PCF. If the SMF receives the DN authorized Session AMBR in from the UAS NF/NEF, it sends the DN authorized Session AMBR within the Session AMBR to the PCF to retrieve the authorized Session AMBR (described in clause 6.4 of TS 23.503).
The SMF transfers the Authentication/Authorization result, the Service Level Device Identity containing the authorized CAA-Level UAV ID and the Authorization Data (i.e. the UUAA Authorization Payload) to the UAV if received from the UAS NF, as in steps 11, 12 and 13 in Figure 4.3.2.2.1-1 of TS 23.502.
If the authentication/ authorization result is a failure, the SMF rejects the PDU session establishment with a proper cause value.
Step 8.
[Conditional] If the USS in step 6 subscribed to the PDU Session Status Event the SMF will, as described in steps 6-7 in Figure 4.15.3.2.3-1 of TS 23.502, detect when the PDU Session is established, and send the PDU Session Establishment event report to the UAS NF/NEF by means of Nsmf_EventExposure_Notify message, including GPSI and the UE IP Address. Then, the UAS-NF/NEF forwards the event message to the USS.
If UUAA-SM fails during a Re-authentication and Re-authorization and the USS has indicated that the network resources can be released, SMF may trigger PDU Session release for UAS services with a proper cause value.
If the PDU session is released as per clause 4.3.4 of TS 23.502 then the SMF shall unsubscribe to UAS NF/NEF and then UAS NF/NEF may clear the UUAA-SM context and update USS.
Up

5.2.3.3  USS UAV Authorization/Authentication (UUAA) during default PDN connection at Attachp. 37

In the Figure 5.2.3.3-1 the execution of the UUAA is specified for the scenario where UUAA-SM is performed at Attach.
Reproduction of 3GPP TS 23.256, Fig. 5.2.3.3-1: UUAA during PDN connection establishment at Attach procedure in EPS
Up
Step 0.
Steps 1 - 13 in TS 23.401 Figure 5.3.2.1-1 and steps 1 - 2 in TS 23.502 Figure 4.11.1.5.2-1 or clause 4.11.2.4.1 in TS 23.502.
UE sends Attach Request including the Service Level Device Identity (i.e. the CAA-Level UAV ID of the UAV), and may include the Authentication Server Address (i.e. the USS address or the USS address for the corresponding geographical area based on UAV current location location) and optionally Authentication Data (i.e. the UUAA Aviation Payload), etc. in the PCO to the SMF+PGW-C.
Based on that the Service Level Device Identity (CAA-Level UAV ID) is provided with the request, the SMF+PGW-C retrieves the Session Management Subscription Data from the UDM+HSS using the Nudm_SDM_Get service operation, and based on that the provided APN/DNN is dedicated for aerial services (have aerial service indicator set), it determines to invoke UAS NF/NEF service operation for UUAA Authentication/Authorization. If the provided APN/DNN is dedicated for aerial services but Service Level Device Identity (CAA-Level UAV ID) is not provided, the SMF+PGW-C shall reject the establishment of the PDU Session and steps 1 -9 are not performed.
Step 1.
SMF+PGW-C configures an Access Control List (ACL) in UPF+PGW-U to stop any traffic over the default PDN Connection until the UUAA has been done and successful.
Step 2.
Steps 14 - 22 in Figure 5.3.2.1-1 of TS 23.401 and steps 3 - 6 in Figure 4.11.1.5.2-1 of TS 23.502 or clause 4.11.2.4.1 of TS 23.502.
During the Attach procedure, at step 15 of Figure 5.3.2.1-1 in TS 23.401, the SMF+PGW-C includes, in PCO, an Indication to the UE that "UpLink Data NOT ALLOWED" on the PDN connection. The UE shall not send Uplink data to the network, until it receives an indication further from the network that "UpLink Data ALLOWED".
Step 3.
UUAA is invoked as described in steps 1 and 2 of Figure 5.2.3.2-1.
Step 4.
[Conditional] Multiple round-trip messages as required by the authentication method used by USS. This step is performed if the Naf_Authentication_AuthenticateAuthorize response messages from USS in step 4a does not contain a SUCCESS/FAILURE indication. The PCO including the authentication message from the USS is transferred to the UE by the SMF+PGW-C in Update Bearer Request and Downlink NAS Transport (steps 4b - 4d). The response from the UE is transferred to the SMF+PGW-C in an Uplink NAS Transport and Update Bearer Response (steps 4e - 4g).
Step 5.
UUAA procedure continues as described in steps 4 & 5 of Figure 5.2.3.2-1.
Step 6.
If the authentication/authorization is successful, the USS shall subscribe to the PDN Connection Status Event as described in steps 1-5 in Figure 4.15.3.2.3-1 of TS 23.502. This step can be executed in parallel to step 5. The UAS NF/NEF determines the APN/DNN to subscribe to the PDN Connection Status Event notification as specified in clause 5.2.3.1.
Step 7.
If the UUAA is successful, the SMF+PGW-C contacts the PCF to update the PDN Connection. Then the SMF+PGW-C updates the Access Control List (ACL) and policies in the UPF+PGW-U to allow traffic over the default PDN Connection. If a DN Authorization Profile Index was received from the UAS NF/NEF SMF+PGW-C in previous step, the SMF+PGW C includes that when retrieving the ACL from the PCF. If the SMF receives the DN authorized Session AMBR in from the UAS NF/NEF, it sends the DN authorized Session AMBR within the Session AMBR to the PCF to retrieve the authorized Session AMBR (described in clause 6.4 of TS 23.503).
Step 8.
The SMF+PGW-C updates the UE by invoking the PDN GW initiated bearer modification without QoS update procedure (Figure 5.4.3-1 of TS 23.401) initiated by sending an Update Bearer Request message to the SGW. The PCO includes an indication that "UpLink Data ALLOWED", the UUAA Aviation Payload i.e. the Authentication/Authorization result and the Authorization Data. The UE (for the UAV) confirms the update (see clause 5.4.3 of TS 23.401).
Step 9.
If the USS in step 6 subscribed to the PDN Connection Status Event the SMF+PGW-C will, as described in steps 6-7 in Figure 4.15.3.2.3-1 of TS 23.502, detect when the PDN Connection is established and send the PDN Connection Establishment event report to the UAS NF/NEF by means of Nsmf_EventExposure_Notify message, including GPSI and the UE IP Address. Then, the UAS NF/NEF forwards the event message to the USS.
Up

5.2.3.4  USS UAV Authorization/Authentication (UUAA) using UE requested PDN connectivity procedurep. 39

In the Figure 5.2.3.4-1, the execution of UUAA during the UE requested PDN connectivity procedure is specified for the scenario where UUAA-SM is not performed at Attach.
Reproduction of 3GPP TS 23.256, Fig. 5.2.3.4-1: UUAA during the UE requested PDN connectivity procedure in EPS
Up
Step 0.
Steps 1-2 in Figure 4.11.1.5.4.1-1 of TS 23.502 and steps 1-4 in Figure 5.10.2-1 of TS 23.401.
UE sends a PDN connectivity request including the Service Level Device Identity (i.e. the CAA-Level UAV ID of the UAV), and may include the Authentication Server Address (i.e. the USS address or the USS address for the corresponding geographical area based on UAV current location) and optionally Authentication Data (i.e. the UUAA Aviation Payload), etc. in the PCO to the SMF+PGW-C.
Based on that the Service Level Device Identity (CAA-Level UAV ID) is provided with the request, the SMF+PGW-C retrieves the Session Management Subscription Data from the UDM+HSS using the Nudm_SDM_Get service operation, and based on that the provided APN/DNN is dedicated for aerial services (have aerial service indicator set), it determines to invoke UAS NF/NEF service operation for UUAA Authentication/Authorization. If the provided APN/DNN is dedicated for aerial services but Service Level Device Identity (CAA-Level UAV ID) is not provided, the SMF+PGW-C shall reject the establishment of the PDU Session and steps 1-9 in this clause are not performed.
Step 1.
SMF+PGW-C configures an Access Control List (ACL) in UPF+PGW-U to stop any traffic over the default PDN Connection until the UUAA has been done and successful.
Step 2.
Steps 3-6 in Figure 4.11.1.5.4.1-1 of TS 23.502 and steps 5-12 in Figure 5.10.2-1 of TS 23.401.
During the UE requested PDN connectivity procedure, at step 5 of Figure 5.10.2-1 of TS 23.401, the SMF+PGW-C includes, in PCO, an indication to the UE that "Uplink Data NOT ALLOWED" on the PDN connection. The UE shall not send uplink data to the network, until it receives an indication further from the network that "Uplink Data ALLOWED".
Step 3.
Up

Up   Top   ToC