• 专利附录
  • 专利说明
  • 权利要求
  • 类似技术
  • 同族专利
  • 引用文献
  • 法律状态
  • 优先权
    • 专利摘要:
    embodiments of the invention include a mobile network entity, such as amf mobility and access management function, which provides record management functions on a mobile network that supports network slicing, said mobile network entity configured to: - verify that authentication and / or authorization involving third parties associated with a network slice is required to access said network slice in addition to authentication and / or authorization to access said mobile network, during registration, - initiate said authentication and / or authorization which involves said third parties after verification that said authentication and / or authorization involving said third parties is required.
    公开号:BR112019019747A2
    申请号:R112019019747
    申请日:2017-03-21
    公开日:2020-04-14
    发明作者:Casati Alessio
    申请人:Nokia Technologies Oy;
    IPC主号:
    专利说明:

    IMPROVED REGISTRATION PROCEDURE ON A MOBILE SYSTEM SUPPORTING NETWORK SLIPS [001] The present invention relates, in general, to mobile communication networks and systems.
    [002] Detailed descriptions of mobile communication networks and systems can be found in the literature, such as, in particular, in the Technical Specifications published by standardization entities, such as, for example, 3GPP (3 S Generation Partnership Project).
    [003] In general, in a mobile system, a user / User Equipment (UE) has access to services provided by a mobile network. A mobile network generally comprises a Core Network accessed through an Access Network, such as a Radio Access Network.
    [004] An example of a mobile system is the Next Generation system (Next Gen), also called the 5G system, currently being specified by 3GPP, as in 3GPP TR 23.799, 3GPP TS 23.501 and 3GPP TS 23.502.
    [005] A concept used in Next Generation mobile networks (or 5G) is the concept of network slicing. As indicated, for example, in 3GPP TS 23.501, the operator can deploy multiple instances of Network Slicing that deliver the same resources, but for different groups of UEs, for example, since they deliver a different and / or due compromised service they can be dedicated to a customer.
    [006] The introduction of network slicing in such networks and systems raises new technical issues that require new solutions. An example of such new technical issues is that network slicing can introduce new stakeholders to the end-to-end system chain that may require independent authentication and / or authorization.
    [007] There is a need to address such new technical issues. At
    Petition 870190094629, of 9/20/2019, p. 44/74
    2/17 embodiments of the invention in particular address such needs.
    [008] These and other objectives are achieved, in one aspect, by a mobile network entity, such as AMF Mobility and Access Management Function, which provides record management functions on a mobile network that supports network slicing, said mobile network entity configured to:
    - verify whether authentication and / or authorization involving third parties associated with a network slice is required to access said network slice in addition to authentication and / or authorization to access said mobile network, during registration,
    - initiate said authentication and / or authorization involving said third parties after verifying that said authentication and / or authorization involving said third parties is required.
    [009] These and other objectives are achieved, in another aspect, by a mobile network subscriber database, such as SDM, for a mobile network that supports network slicing, said configured mobile network subscriber database for:
    - store signature data indicating whether authentication and / or authorization involving third parties associated with a network slice is required to access said network slice, in addition to authentication and / or authorization to access said mobile network.
    [010] These and other objectives are achieved, in another aspect, by a User Equipment for a mobile system that supports network slicing, said User Equipment configured to:
    - support authentication and / or authorization involving third parties associated with a network slice to access said network slice, in addition to authentication and / or authorization to access said network, if required for said network slice, during
    Petition 870190094629, of 9/20/2019, p. 45/74
    3/17 record.
    [Oil] These and other objectives are known, in another aspect, by a mobile network entity, such as AUSF, which provides authentication server functions on a mobile network that supports network slicing, said mobile network entity configured for :
    - relay information exchanged between a mobile network entity, such as AMF Mobility and Access Management Role, which provides record management functions, and an AAA server called a third-party AAA server associated with a third party associated with the network slice in an authentication and / or authorization procedure performed to access said network slice.
    [012] These and other objectives are achieved, in another aspect, by a method for improved registration in a mobile system that supports network slicing, said method including at least one step performed by at least one of the entities thus configured: entity mobile network, such as AMF Mobility and Access Management Function that provides record management functions, mobile network subscriber database like SDM, EU User Equipment, mobile network entity like AUSF, which provides server functions authentication.
    [013] Some types of apparatus and / or methods according to the modalities of the present invention are now described by way of example only and with reference to the accompanying drawings, in which:
    - Figure 1 is intended to illustrate in a simplified way the introduction in a mobile system an extra level of slice access authentication with an external AAA server (third parties) according to the modalities of the invention,
    - Figure 2 is intended to illustrate in a simplified way an example of steps in a registration procedure according to the modalities of the
    Petition 870190094629, of 9/20/2019, p. 46/74
    4/17 invention,
    - Figure 3 is intended to illustrate in a simplified way an example of more detailed steps of a registration procedure according to the modalities of the invention.
    ABBREVIATIONS
    AAA Authentication, Authorization and Counting AMF Access and Mobility Management Role AUSF Authentication Server Role AND AP Extensible Authentication Protocol MSISDN Mobile Subscriber ISDN Number NAS Non-Access Stratum NSSAI Network Slice Selection Assistance Information PLMN Public Mobile Terrestrial Network RAN Radio Access Network RRC Radio Resource Control SD Slice Differentiator SDM Subscriber Data Manager SMF Session Management Role S-NSSAI Network Slice Selection Assistance Information
    Only
    SST Slice Service Type HUH User Equipment
    DESCRIPTION OF VARIOUS ASPECTS AND / OR MODALITIES OF THE INVENTION [014] In the following, the modalities of the invention will be described by way of example for the case of Next Generation (5G) system. However, the modalities of the invention are not limited to such an example and apply, more generally, to mobile systems / networks with the use of network slicing.
    Petition 870190094629, of 9/20/2019, p. 47/74
    5/17 [015] In the scope of TS 23.501 and TS23.502, it is possible for a UE to be fixed simultaneously to more than one network slice, through a single function called AMF. MFA can be specialized for the set of network slices to which the UE is attached.
    [016] A network slice is conceptually like an end-to-end network. It is identified by the value of S-NSSAI which is composed of a Slice Service type (SST) value and a Slice Differentiator (SD) value. The set of slices that an UE intends to use or is accepted by the network for use is defined by the NSSAI which is the collection of the S-NSSAIs of the slices that the UE is using. The SD field can be used to associate the slice with third parties who act as a tenant (tenant) for the operator provided by the Network Slice. That tenant can have his own AAA database. The modalities of the invention aim to allow the tenant to authenticate their own subscribers with their own AAA database.
    [017] The UE signs the network slices that it is authorized to use. These are stored as signed to the S-NSSAI in the HSS (now known in 5G as UDM = User Data manager).
    [018] Authorization to access a slice is normally occurring during a registration procedure in which, after the UE is authenticated and authorized to access the PLMN, the subscriber data that indicates which slices are allowed for the UE based on the stored data of HSS / UDM. UE authentication with 3GPP credentials is through a function called AUSF (Authentication Server function). However, this model considers that the tenant completely relies on the PLMN operator to perform A&A. In many cases, the tenant may wish to apply their Authentication and / or authorization. The modalities of the invention aim to allow the slice tenant to apply its own authentication and / or authorization.
    Petition 870190094629, of 9/20/2019, p. 48/74
    6/17 [019] Any proposal to use authentication and authorization to access data networks in the existing system documented in TS 23.401 and TS 29.061 is not adequate as the data network can belong to a party which is not really the tenant itself, but a customer of the tenant. Access to the slice is also authorized at the time the registration occurs and SM may not happen at the same time. The UE is also allowed to remain fixed without a PDN connection and some RAN level control plan policies may apply while no PDN connection is established. The modalities of the invention aim to allow authentication and / or authorization steps applied by the tenant to occur during the registration procedure.
    [020] An exemplary registration procedure as shown in Figure 2 or 3 can be used in a system as illustrated in the example of Figure 1.
    [021] In some embodiments, the UE can be configured with information to associate a slice authentication method if an extra level of authentication is required to access a certain slice. In some embodiments, if the UE is configured to do so, an extra level of authentication can be performed after the UE is authenticated for access to the PLMN.
    [022] In some modalities, subscriber data stored by SDM may include by S-NSSAI if the extra level of authentication and / or authorization is required. As shown in the example in Figure 1, the SDM can store slices signed as S-NSSAI, with the indication of possible Authentication and / or Extra Authorization.
    [023] In some embodiments, if the extra level of authentication is required, the UE can be challenged to authenticate the slice by the AMF and the UE can perform the extra level of authentication based on its configuration for the slice. MFA can
    Petition 870190094629, of 9/20/2019, p. 49/74
    7/17 be connected directly to the tenant's AAA server or the AUSF can proxy towards the tenant. As illustrated in the example in Figure 1, the MFA can be authenticator of the UE both for access to PLMN based on 3GPP credentials and also for slice access based on the third party AAA credential.
    [024] In some modalities, additionally or exclusively, if the extra level of authorization is required, this may come to form the third party database, even while the UE is authenticated with the same (so that the third parties perform A&A), or by submitting to the third-party AAA server an Identity that PLMN can use externally (such as the MS ISDN or external ID defined in TS 23.682) so that the AAA server can verify whether the slice is allowed to be accessed. In that case, step 4 in Figure 2 (4c, d, e, f in Figure 3) would not involve the UE and would only be between the AMF and the AAA server based on the UE identity verification entrusted with the database of AAA. In that case, steps 4c and 4d would only include the MS-ISDN or external ID, and steps 4e and 4f would report a Success or Failure of UE authorization information to the AMF. Third party AAA's may also report in steps 4e and 4f to the AMF a request to challenge the UE with the MS-ISDN or external ID provided, in which case the procedure would restart from step 4a.
    [025] In some modalities, the UE can make a registration request indicating the NSSAIs including all the S-NSSAIs of the slices they intend to use (step 1 in Figure 2 or 3). Security procedures for accessing PLMN (with AMF as an authenticator and AUSF as an authentication server) can be performed (step 2 of Figure 2 or 3). The AMF in step 3 can verify that the UE is signed for each of these S-NSSAIs. If there is no subscription to an S-NSSAI, S-NSSAI is not accepted. However, if there is a subscription, additional subscription information may exist to require the
    Petition 870190094629, of 9/20/2019, p. 50/74
    8/17
    EU is additionally authenticated and / or authorized by third parties. If so, the authentication method, the need to indicate an external EU identity to third parties (such as MS-ISDN or external EU ID defined in 23.682) and the AAA server address where to send the authentication request can be included. In addition, for each S-NSSAI for which third party authentication is required, step 4 in Figure 2 (4a to 4m in Figure 3) can be performed. EAP can be considered to be used as a transport for flexible authentication protocols. The number of messages following step 4 may depend on the exact EAP authentication method selected by the third party, but those in the flow are just an example.
    [026] Furthermore, since the UE performs periodic records, this step may not be required in the periodic records. The AMF may report, based on the agreement with third parties, periodic records for use of messages 4.c, d, e, f including only MSISDN (or external ID) since MS-ISDN (or external ID) has been associated to the third party user ID authenticated in the initial registration if this was included in step 4c, 4d. Therefore, this method can also allow the association of the third party's User ID and the authenticated identities by the operator that can create shortcuts to subsequent registrations and only periodically can the third parties challenge the UE again with the new authentication of the third parties (to save AAA and resources network).
    [027] In step 5 (Figure 2 or 3), the MFA can accept registration including NSSAIs with accepted S-NSSAIs (based only on signature verification or based on successful third party authentication) [028] The modalities of the invention can also be described as follows.
    [029] EPS offers packet data services according to a simple paradigm in which a single access network serving a UE would provide
    Petition 870190094629, of 9/20/2019, p. 51/74
    9/17 access to a PDN. Access network authentication is based on PLMN (3GPP AKA) authentication, which also provided the keys for wireless link encryption. Optionally, if the PDN a UE needs to access is operated by a third party, those third parties may require an additional level of authentication, allowing a UE to be denied access even though the HSS recordings indicate that the UE has been signed for PDN APN. This would allow a PDN operator to manage an independent set of credentials for its subscribers and establish or remove a customer server and customer server relationship without the need to contact the operator.
    [030] As you progress to the 5G system, in addition to the concepts indicated above in the document for EPS, which are still provided by the 5G system, you now have the concept of Network Slice.
    [031] Through the concept of network slicing, a PLMN operator can provide a certain level of network service / services to third parties in a type of wholesale agreement.
    [032] It needs to be discussed whether it is sufficient to use PLMN level authentication to allow a UE to access a slice that is offered to third parties.
    [033] It is almost possible that third parties entering the SLA with the operator for the Network Slice may have their own subscriber base, or intend to have their own independent subscriber base based on their own Identity and credentials. Thus, it is desirable to allow third parties to authorize access to the slice by checking the subscriber database that they have.
    [034] This slice tenant that requires the extra level of authentication and authorization, like the EPS PDN operator, trusts PLMN to provide a secure link based on authentication, authorization and security of access to the Internet.
    Petition 870190094629, of 9/20/2019, p. 52/74
    10/17
    PLMN, and that the PLMN operator would allow or deny access to the slice based on the tenant result based on authentication and authorization performed on top of the PLMN authentication and authorization. Therefore, when the UE is accepted into the tenanted slice during registration procedures, optionally including the extra level of slice access authentication, there is a consideration that all other procedures reported for the slice's S-NSSAI may be executed. It is observed that the acceptance of S-NSSAI occurs at the time of Registration, the extra level of authentication needs to be at the time of registration.
    [035] Modalities of the invention may include one or more of:
    [036] If a UE signs for S-NSSAI that point to a slice that needs third party authentication, that information is stored in the SDM (Subscriber Data Manager) as a flag indicating that this step is necessary, and also, the IP address of the AAA server that will perform the authentication.
    [037] When a UE makes a registration request in which S-NSSAIs are requested, or where S-NSSAIs are assigned to the UE by default by the system as it is marked as a standard in SDM, then the AMF performs on top of any specific PLMN authentication and authorization steps required, an authentication and authorization step that is performed with the UE and involves the third party's AAA server. The IP address of the AAA server is loaded into Authentication messages for AUSF, so AUSF knows where to relay the Authentication request message from the AMF.
    [038] Alternatively, if the User ID in the third party can be set to NAI (see RFC 4282 https://tools.ietf.org/html/rfc4282), that is, the user ID is in the form of user @ domain , the IP Address is not required in
    Petition 870190094629, of 20/09/2019, p. 53/74
    11/17
    SDM and the correct AAA of the third party server are derived in the AUSF by resolution of the domain part of the NAI.
    [039] The UE is ready to perform these authentication procedures as it is configured for the S-NSSAI related to the Third Party slice with the necessary credentials and algorithms to authenticate itself with the third party's AAA server. It should be noted that the transport protocol considered is EAP and, therefore, this represents no extra requirements for N2 and NI signaling since it is already used for 3GPP and 3GPP access authentication, so this extra step is just the reuse of the transport of existing authentication procedures.
    [040] Such a proposal can be summarized as illustrated in Figure 2.
    [041] It can be noted that step 4 is optional, but must be performed before S-NSSAI related to the slice for which third party authentication is required can be included in the Accepted NSSAI. If this step is not performed, the UE is unable to perform the Session Management Procedures for the particular slice, as the UE, before executing SM for a slice, must perform a registration with the slice using a registration procedure.
    [042] Thus, a third party verification in the subscriber database must be allowed at the time of registration to admit a UE in a slice that these third parties rent from the operator, in which case, the necessary changes must be introduced in the Technical Specifications 3GPP TS 23.501 and 3GPP TS 23.502.
    [043] The modalities of the invention are not intended to replace the Primary Authentication performed by the operator. If this was done, then CN - UE security would be one of the third party 's Network Slice and is not acceptable by current PLMNs. Furthermore, this would not allow multiple slices to coexist for a single EU as the consideration that there is a single
    Petition 870190094629, of 9/20/2019, p. 54/74
    12/17 AMF security termination and is shared among Network Slices that the AMF supports for a UE. Clearly, if security is related to just one slice, it may not be satisfactory for others.
    [044] Various aspects and / or modalities of the invention include (although are not limited to) the following aspects and / or modalities.
    [045] Some aspects are related to a mobile network entity, such as AMF Mobility and Access Management Role, which provides record management functions on a mobile network that supports network slicing.
    [046] Various modalities are provided, including (although not limited to) the following modalities, which can be considered alone or in combination according to various combinations.
    [047] In one embodiment, the said mobile network entity is configured to:
    - verify whether authentication and / or authorization involving third parties associated with a network slice is required to access said network slice in addition to authentication and / or authorization to access said mobile network during registration,
    - initiate said authentication and / or authorization involving said third parties after verifying that said authentication and / or authorization involving said third parties is required.
    [048] In one embodiment, the said mobile network entity is configured to:
    - perform said verification based on subscriber data that indicate whether said authentication and / or authorization involving said third parties is required.
    [049] In one embodiment, the said mobile network entity is configured to:
    Petition 870190094629, of 9/20/2019, p. 55/74
    13/17
    - receiving subscriber data manager from subscriber data indicating whether said authentication and / or authorization involving said third parties is required.
    [050] In one mode, the said mobile network entity is configured to:
    - act as an authenticator in an authentication and / or authorization procedure that involves said third parties.
    [051] In one embodiment, the said mobile network entity is configured to:
    - receiving from a subscriber data manager, subscriber data containing address information from an AAA server associated with said third parties, called a third party AAA server.
    [052] In one embodiment, the said mobile network entity is configured to:
    - interact with an AAA server associated with said third parties, called a third-party AAA server in an authentication and / or authorization procedure that involves said third parties.
    [053] In one embodiment, the said mobile network entity is configured to:
    - interact with a mobile network entity, such as AUSF, which provides authentication server functions in an authentication and / or authorization procedure involving said third parties.
    [054] In one embodiment, the said mobile network entity is configured to:
    - send to a mobile network entity, such as AUSF that provides authentication server functions in an authentication and / or authorization procedure that involves said third parties, at least one of:
    Petition 870190094629, of 20/09/2019, p. 56/74
    14/17 • AAA server address information associated with said third party, called a third party AAA server, • public user identity information, such as MSISDN.
    • A user's User ID recorded on a third-party AAA server.
    [055] In one embodiment, the said mobile network entity is configured to:
    - send to an EU User Equipment an indication that said registration is accepted if said authentication and / or authorization to access said mobile network and said authentication and / or authorization to access said network slice have been carried out successfully.
    [056] In one embodiment, the said mobile network entity is configured to:
    - send to an EU User Equipment, in a registration message, NSSAI accepted if said authentication and / or authorization to access said mobile network and said authentication and / or authorization to access said network slice were successfully performed .
    [057] Other aspects are related to a mobile network subscriber database, such as SDM, for a mobile network that supports network slicing.
    [058] Several modalities are provided, including (although not limited to) the following modalities, which can be considered alone or in combination according to various combinations.
    [059] In one embodiment, said mobile network subscriber database is configured to:
    - store subscriber data that indicates whether authentication and / or authorization involving third parties associated with a network slice is required for
    Petition 870190094629, of 20/09/2019, p. 57/74
    15/17 access said network slice, in addition to authentication and / or authorization to access said mobile network.
    [060] In one embodiment, said mobile network subscriber database is configured to:
    - providing said subscriber data to a mobile network entity, such as AMF that supports registration functions, during registration.
    [061] In one mode:
    - said subscriber data includes address information of an AAA server associated with said third party, called a third party AAA server.
    [062] Other aspects are related to a User Equipment for a mobile system that supports network slicing.
    [063] Various modalities are provided, including (although not limited to) the following modalities, which can be considered alone or in combination according to various combinations.
    [064] In one mode, said User Equipment is configured to:
    - support authentication and / or authorization involving third parties associated with a network slice to access said network slice, in addition to authentication and / or authorization to access said network, if required for said network slicing during registration.
    [065] In one mode, said User Equipment is configured to:
    - store configuration information to carry out an authentication and / or authorization procedure that involves said third parties to access said network slice.
    [066] In one mode, this User Equipment is configured
    Petition 870190094629, of 20/09/2019, p. 58/74
    16/17 to:
    - interact with a mobile network entity such as AMF Mobility and Access Management Function that provides record management functions in an authentication and / or authorization procedure that involves said third parties to access said network slice.
    [067] Other aspects are related to a mobile network entity, such as AUSF, which provides authentication server functions on a mobile network that supports network slicing.
    [068] Several modalities are provided, including (although not limited to) the following modalities, which can be considered alone or in combination according to various combinations.
    [069] In one embodiment, the said mobile network entity is configured to:
    - relay information exchanged between a mobile network entity, such as AMF Mobility and Access Management Role, which provides record management functions, and an AAA server called a third-party AAA server associated with third parties associated with a network slice in an authentication and / or authorization procedure performed to access said network slice.
    [070] In one embodiment, said information includes at least one of:
    - third party AAA server address information,
    - public user identity information, such as MSISDN,
    - a User ID of a User recorded on the AAA server of said third parties.
    [071] Other aspects are related to a method for improved registration in a mobile system that supports network slicing, the said method
    Petition 870190094629, of 20/09/2019, p. 59/74
    17/17 including at least one step performed by at least one of the entities thus configured: a mobile network entity, such as AMF Mobility and Access Management Function, which provides record management functions, a network subscriber database mobile, such as SDM, an EU User Equipment, a mobile network entity, such as AUSF, which provides authentication server functions.
    [072] A person skilled in the art would readily recognize that the steps of the various methods described above can be performed by programmed computers. In this document, it is intended that some modalities cover program storage devices, for example, digital data storage media, which are machine-readable or computer-encoded and encode instruction programs executable by machine or executable by computer, where said instructions perform some or all of the steps of said methods described above. Program storage devices can be, for example, digital memories, magnetic storage media, such as magnetic disks and magnetic tapes, hard disk or optically readable digital data storage media. It is also intended that the modalities cover computers programmed to perform the said steps of the methods described above.
    权利要求:
    Claims (15)
    [1]
    1. Device characterized by the fact that it comprises:
    at least one processor; and at least one memory including computer program code;
    at least one memory and the computer program code configured to, with at least one processor, make the device at least:
    - perform a registration procedure to register with a network,
    - support authentication and / or authorization involving third party authentication authorization and counting server to access a network slice, in addition to authentication and / or authorization to access said network, if required for said network slice, during said procedure from register.
    [2]
    2. Apparatus, according to claim 1, characterized by the fact that at least one memory and the computer program code are configured to, with at least one processor, make the apparatus perform:
    - interact with a network entity providing record management functions, in an authentication and / or authorization procedure involving said third party authentication authorization and counting server.
    [3]
    3. Apparatus according to claim 1 or 2, characterized by the fact that at least one memory and the computer program code are configured to, with at least one processor, make the apparatus perform:
    - store configuration information to carry out an authentication and / or authorization procedure involving said third party authentication authorization and counting server.
    Petition 870200032704, of 11/03/2020, p. 10/14
    2/5
    [4]
    4. Apparatus according to any one of claims 1 to 3, characterized by the fact that at least one memory and the computer program code are configured to, with at least one processor, cause the apparatus to perform:
    - receive an indication that said registration is accepted if said authentication and / or authorization to access said network, and said authentication and / or authorization to access said network slice, have been successfully performed.
    [5]
    Apparatus according to any one of claims 1 to 4, characterized by the fact that at least one memory and the computer program code are configured to, with at least one processor, cause the apparatus to perform:
    - receiving a single network slice selection assistance information accepted if said authentication or authorization to access said network, and said authentication and / or authorization to access said network slice, have been successfully performed.
    [6]
    6. Method characterized by the fact that it comprises:
    - perform a registration procedure to register to a network,
    - support authentication and / or authorization involving a third party authentication authorization and counting server to access a network slice, in addition to authentication and / or authorization to access said network, if required for said network slice, during the said registration procedure.
    [7]
    7. Method, according to claim 6, characterized by the fact that it comprises:
    - interact with a network entity providing record management functions, in an authentication and / or authorization procedure involving said third party authentication authorization and counting server.
    Petition 870200032704, of 11/03/2020, p. 11/14
    3/5
    [8]
    8. Method according to claim 6 or 7, characterized by the fact that:
    - store configuration information to carry out an authentication and / or authorization procedure involving said third party authentication authorization and counting server.
    [9]
    9. Method according to any one of claims 6 to 8, characterized by the fact that it comprises:
    - receive an indication that said registration is accepted if said authentication and / or authorization to access said network, and said authentication and / or authorization to access said network slice, have been carried out successfully.
    [10]
    10. Method according to any one of claims 6 to 9, characterized by the fact that:
    - receiving a single network slice selection assistance information accepted if said authentication and / or authorization to access said network, and said authentication and / or authorization to access said network slice, have been successfully performed.
    [11]
    11. Device, characterized by the fact that it comprises:
    at least one processor; and at least one memory including computer program code;
    at least one memory and the computer program code configured to, with at least one processor, make the device at least perform:
    - provide record management functions,
    - verify whether authentication and / or authorization involving a third party authentication authorization and counting server are required to access the network slice, in addition to authentication and / or authorization to access said network,
    Petition 870200032704, of 11/03/2020, p. 12/14
    4/5 during the registration procedure,
    - initiate said authentication and / or authorization involving said third party authentication authorization and counting server after verifying that said authentication and / or authorization involving said third party authentication authorization and counting server are required.
    [12]
    12. Apparatus according to claim 11, characterized by the fact that at least one memory and the computer program code are configured to, with at least one processor, make the apparatus perform:
    - interact with a user's equipment, in an authentication and / or authorization procedure involving said third party authentication authorization and counting server.
    [13]
    13. Apparatus according to claim 11 or 12, characterized by the fact that at least one memory and the computer program code are configured to, with at least one processor, cause the apparatus to perform:
    - provide an indication that said registration is accepted if said authentication and / or authorization to access said network, and said authentication and / or authorization to access said network slice, have been carried out successfully.
    [14]
    Apparatus according to any one of claims 11 to 13, characterized by the fact that at least one memory and the computer program code are configured to, with at least one processor, cause the apparatus to perform:
    - provide a single network slice selection assistance information accepted if said authentication and / or authorization to access said network, and said authentication and / or authorization to access said network slice, have been
    Petition 870200032704, of 11/03/2020, p. 13/14
    5/5 successfully completed.
    [15]
    15. Invention of product, process, system, medium, kit and / or use characterized by the fact that it comprises one or more elements defined by the present application.
    类似技术:
    公开号 | 公开日 | 专利标题
    BR112019019747A2|2020-04-14|improved registration procedure on a mobile system supporting network slicing
    BRPI0807096B1|2020-06-23|METHOD UNDERSTANDING INITIATION OF A SESSION OF A SUBSCRIBER AND APPLIANCE TERMINAL
    US20210153010A1|2021-05-20|Privacy key and message authentication code
    BR112012032233B1|2021-03-02|methods and devices to facilitate synchronization of security settings
    BRPI0520722B1|2018-12-26|method for automatically providing a communication terminal with service access credentials for accessing an online service, system for automatically providing a communication terminal adapted for use on a communications network, service access credentials for accessing a service online, online service provider, and communication terminal.
    US10425448B2|2019-09-24|End-to-end data protection
    US20180302394A1|2018-10-18|Non-SIM Access to Cellular Networks
    BR112020014278A2|2020-12-08|METHOD AND APPARATUS FOR MULTIPLE RECORDS
    WO2019183794A1|2019-10-03|Subscriber identity privacy protection and network key management
    JP6628295B2|2020-01-08|Support of emergency services via WLAN access to 3GPP evolved packet core for unauthenticated users
    US20220060468A1|2022-02-24|Systems and methods for secure automated network attachment
    WO2013152740A1|2013-10-17|Authentication method, device and system for user equipment
    US10880291B2|2020-12-29|Mobile identity for single sign-on | in enterprise networks
    BR112019022792A2|2020-05-19|key generation method, user equipment, device, computer-readable storage media and communication system
    US11019491B2|2021-05-25|Apparatus and method for providing mobile edge computing services in wireless communication system
    JP5165725B2|2013-03-21|Method and apparatus for authenticating a mobile device
    BR112020020332A2|2021-01-05|MANAGEMENT OF UNIFIED SIGNATURE IDENTIFIER IN COMMUNICATION SYSTEMS
    US20200137056A1|2020-04-30|Client device re-authentication
    BR102020010985A2|2020-12-08|METHOD, DEVICE AND SYSTEM FOR SECURE CONNECTION IN WIRELESS COMMUNICATION NETWORKS, NON-TRANSITIONAL DIGITAL STORAGE MEDIA
    Thagadur Prakash2017|Enhancements to Secure Bootstrapping of Smart Appliances
    BR112021003548A2|2021-05-18|method for updating a first secret data in a credential holder including a subscriber identity module, credential holder, and server
    BR112012031924B1|2021-09-21|METHOD AND EQUIPMENT TO LINK SUBSCRIBER AUTHENTICATION AND DEVICE AUTHENTICATION IN COMMUNICATION SYSTEMS
    同族专利:
    公开号 | 公开日
    RU2734693C1|2020-10-22|
    PH12019502099A1|2020-03-16|
    US20200100173A1|2020-03-26|
    JP2020510377A|2020-04-02|
    US11223947B2|2022-01-11|
    WO2018171863A1|2018-09-27|
    AU2017405089A1|2019-10-10|
    KR102200113B1|2021-01-08|
    KR20190117697A|2019-10-16|
    SG11201908469UA|2019-10-30|
    CN110476447A|2019-11-19|
    CA3057401A1|2018-09-27|
    EP3603146A1|2020-02-05|
    引用文献:
    公开号 | 申请日 | 公开日 | 申请人 | 专利标题
    GB0111290D0|2001-05-09|2001-06-27|Nokia Corp|Registration in a communication system|
    FR2961565B1|2010-06-18|2012-09-07|Snecma|AERODYNAMIC COUPLING BETWEEN TWO ANNULAR ROWS OF AUBES FIXED IN A TURBOMACHINE|
    US9942762B2|2014-03-28|2018-04-10|Qualcomm Incorporated|Provisioning credentials in wireless communications|
    US10863476B2|2014-07-02|2020-12-08|Apple Inc.|Apparatuses, systems, and methods for paging enhancements for low complexity user equipment|
    CN106375987B|2015-07-22|2021-08-20|中兴通讯股份有限公司|Network slice selection method and system|
    US10425830B2|2015-09-07|2019-09-24|Electronics And Telecommunications Research Institute|Mobile communication network system and method for composing network component configurations|
    KR20170030058A|2015-09-07|2017-03-16|한국전자통신연구원|Mobile communication network system and method for composing network component configurations|
    CN108141756A|2015-09-29|2018-06-08|瑞典爱立信有限公司|Facilitate network slice management|
    US10142994B2|2016-04-18|2018-11-27|Electronics And Telecommunications Research Institute|Communication method and apparatus using network slicing|
    WO2018137873A1|2017-01-27|2018-08-02|Telefonaktiebolaget Lm Ericsson |Secondary authentication of a user equipment|
    CN109104394B|2017-06-20|2022-01-21|华为技术有限公司|Session processing method and device|
    WO2020035732A1|2018-08-13|2020-02-20|Lenovo Pte. Ltd.|Network slice authentication|US10820185B2|2017-05-08|2020-10-27|Qualcomm Incorporated|Mobility between areas with heterogeneous network slices|
    US10264506B2|2017-05-13|2019-04-16|Qualcomm Incorporated|Enable a network-trigger change of network slices|
    JP2022511327A|2018-09-18|2022-01-31|オッポ広東移動通信有限公司|Methods and equipment for network slice authentication|
    CN111225420A|2018-11-27|2020-06-02|华为技术有限公司|User access control method, information sending method and device|
    KR20210114981A|2019-01-11|2021-09-24|아이디에이씨 홀딩스, 인크.|Methods and apparatuses for slice specific authentication|
    WO2021028193A1|2019-08-09|2021-02-18|Telefonaktiebolaget Lm Ericsson |Slice selection subscription data enhancement|
    WO2021041143A1|2019-08-23|2021-03-04|Idac Holdings, Inc.|Authentication and authorization to access a network by an unmanned aerial vehicle|
    WO2021056142A1|2019-09-23|2021-04-01|Oppo广东移动通信有限公司|Wireless communication method and device|
    WO2021155494A1|2020-02-04|2021-08-12|Qualcomm Incorporated|Certificate based application descriptors for network slice selection|
    WO2021167200A1|2020-02-20|2021-08-26|엘지전자 주식회사|Operating method for ausf and udm for authentication and authorization for each network slice|
    WO2021167370A2|2020-02-21|2021-08-26|유동호|Platform system for controlling vertical service of mobile communication network, and method for controlling same|
    CN113498060A|2020-04-07|2021-10-12|大唐移动通信设备有限公司|Method, device, equipment and storage medium for controlling network slice authentication|
    CN113573298A|2020-04-10|2021-10-29|华为技术有限公司|Communication method and device|
    CN113746649A|2020-05-14|2021-12-03|华为技术有限公司|Network slice control method and communication device|
    法律状态:
    2021-10-19| B350| Update of information on the portal [chapter 15.35 patent gazette]|
    优先权:
    申请号 | 申请日 | 专利标题
    PCT/EP2017/056625|WO2018171863A1|2017-03-21|2017-03-21|Enhanced registration procedure in a mobile system supporting network slicing|
    [返回顶部]