UAV Authentication and Authorization (UAA) is recommended for the normative work based on the following solutions and principles:

• UAA is performed in 5G systems or EPS.
• UAA is performed between UAV and USS/UTM after Primary Authentication.
• Revocation of UAV is initiated by USS/UTM using the 3GPP UAV ID.
• UAA is performed either optionally during registration (5G solutions #1, #3, #7, #10 as basis) or during PDU session establishment (5G solution #5 as basis).
• USS/UTM is authorized to perform UAV authorization revocation, it is verified by UAS-NF (5G solutions #16 as basis).
• For EPS: solution #13 is chosen as the basis for normative work, with similar principles above.
• In UAA, CAA Level UAV ID is used to identify UAV.
• Specific authentication methods for UAA are out of scope of 3GPP, the messages used for UAA exchanged between UAV and USS/UTM are included in transparent containers.
• Security related application layer information can be transported between UAV and USS/UTM in transparent containers (the content is out of scope of 3GPP).

Pairing Authorization for UAV and UAVC is recommended for the normative work based on the following solutions and principles:

• Pairing authorization is performed after successful UAA between UAV and USS/UTM.
• Pairing authorization is performed during PDU session establishment/modification procedure (5G solution #5, #11, #14, #15 as bases) and enforced in the 3GPP network based on connectivity information received from USS.
• Both SMF and authorized USS/UTM may trigger pairing authorization. Authorized USS/UTM may trigger updating and revocation of pairing authorization using 3GPP UAV ID (sol#15 as base for UAV-C change).
• For EPS: solution #13 is chosen as the basis for normative work, with similar principles as for 5GS above.
• During pairing authorization procedure, CAA Level UAV ID is used to identify UAV.
• The messages used for pairing authorization that are exchanged between UAV and USS/UTM are included in transparent containers and the content is out of scope of 3GPP.

For Key Issue #3 on TPAE (Third Party Authorized Entity) authentication and authorization, it is concluded that there is no normative work for Rel-17, as TPAE authentication and authorization is not in scope of Rel-17.

For key issue #4 on Location information veracity and location tracking authorization: Solution #6, solution #8 and solution#12 are chosen as basis for normative work, based on the following key common principles:

• The UAS NF (aka UFES) receives location request from USS/UTM which may include a 3GPP UAV ID. If authorized, UAS NF provides USS/UTM with UAV location information including the 3GPP UAV ID (GPSI).
• To obtain UAV location information, the UAS NF uses location services (LCS) as supported by AMF/MME or GMLC. The Network-Assisted Positioning Procedure between the LMF and NG-RAN is selected for location information veracity.
• The UAS NF ensures that the USS/UTM is authorized to track the location of a given UAV before sending the UAV location information to USS/UTM. A USS/UTM is authorized to receive the location information of a group of UAVs in a particular geographic area or of an individual UAV if it has authorized the UAV(s) for service. Furthermore, a USS/UTM can be authorized to receive the data about all UAVs in a particular geographic area.

It is concluded that there is no normative work for KI#5 in Rel-17, as the CAA level UAV identity in Rel-17 is determined by the USS/UTM and not in the scope of 3GPP in Rel-17.

The following is recommended for normative work:

• The transport of non-C2 UAS security information in a transparent container between USS/UTM and UAV during UUAA procedures is enabled.
• The content of security information (e.g. key material to help establish security between UAV and USS/UTM) is not in 3GPP scope.

The following is recommended for normative work:

• The transport of security information in a transparent container between USS/UTM and UAV during PDU or PDN Session establishment/modification procedure is enabled.
• The content of security information (e.g. key material to help establish security for C2 Communications) is not in 3GPP scope.