The solution uses a UAV Flight Enablement Subsystem (UFES) as a single point of contact between the PLMN and USS/UTM in order to limit the impact on the 3GPP system, although it is not strictly necessary for authentication and authorization solution to work. The authentication and authorization procedures are shown when connected in 5G and the authentication/authorization takes place after registration, but similar procedures could be used during registration and during PDU connection establishment with the SMF playing the role of the AMF. The procedure in clause 6.10.2.2 are used to authenticate and authorized UAV so connectivity for UAS services can be enabled.
Figure 6.10.2.2-1 shows how the UAV can be authenticated and authorized by the USS/UTM to access the 3GPP network as a UAV, i.e. it is assumed in these flow that the authentication and authorization will happen.
The UAV sends a Registration Request to the AMF requesting to register as UAV. The UE includes USS/UTM routing information in the Registration Request message.
Based on subscription information and local policies, the AMF requests UAV authentication and authorization from UFES including the USS/UTM routing information. The UFES is selected using the USS/UTM routing information.
The UFES triggers an authentication and authorization request including the CAA-level UAV ID if available from the USS/UTM. The correct USS/UTM is selected using the USS/UTM routing information and a USS/UTM will only be selected if it has been authorized to act as one. The UFES includes the 3GPP UAV ID in the request.
There can be several round trips required for authentication of the UAV by the UTMs depending on the authentication method used by the USS/UTM and UAV. The authentication method and the content of messages used for authentication are out of scope of 3GPP. The content of the messages is carried in containers that are passed along and not processed by the entities between the UAV and USS/UTM.
On a successful authentication and authorization of the UAV, the USS/UTM stores the 3GPP UAV ID with the CAA-level UAV ID. The UTMS/USS informs the UFES that the UAV has been successfully authenticated and authorized by the USS/UTM. The USS/UTM includes authorization information for both the network and the UAV.
The UFES further informs the AMF that the UAV has been successfully authenticated and authorized by the USS/UTM. The UFES passes the received authorization information onto the AMF.
The AMF stores the network authorization information as part of the UE context. The network authorization information further contains the information whether USS/UTM authentication and authorization is required during future registrations and whether to allow UE to establish PDU session(s) dedicated for the UAS service with or without further USS/UTM authentication and authorization.
The AMF triggers a UE Configuration Update (UCU) procedure to inform the UE that the UAV authentication and authorization has been successful. The UCU procedure contains the UAV authorization information. Part of the contents of the UAV authorization information may be passed to the UAV without modification by any entities between USS/UTM and UAV. The UAV uses the UAV authorization information to check if it is authorized by the network to act as a UAV and also to receive any needed aviation information if any, e.g. a CAA-level UAV ID.
This solution addresses key issue #1 during registration to a 5G network. The solution provides a method for the USS/UTM to authenticate and authorize a UAV before the UAV can access UAS services from the 3GPP system. The solution also provides a method of revoking the authorization and only authorized USS/UTMs can provide the authorizations for UAVs.