Content for TS 23.256 Word version: 18.2.0

1… 4… 4.2… 4.3… 4.4… 4.5… 5… 5.2.3… 5.2.4… 5.2.5… 5.2.5.3… 5.2.5.4… 5.2.7 5.2.8… 5.2.9… 5.3… 5.4… 5.5… 6… 6.2… 6.3… 6.3.4…

5.2.5 Authorization for C2 over Uu 5.2.5.1 General 5.2.5.2 Procedure for C2 authorization in 5GS 5.2.5.2.1 C2 Authorization request during UUAA-SM procedure in 5GS 5.2.5.2.2 UE initiated PDU Session Modification for C2 Communication 5.2.5.2.3 UE initiated PDU Session Establishment for C2 Communication
...

5.2.5 Authorization for C2 over Uu p. 43

5.2.5.1 General p. 43

Authorization for C2 is required when a UAV establishes a user plane connection for C2 operations, i.e. to deliver messages with information of command and control for UAV operations from a UAV-C or USS to a UAV or to report telemetry data from a UAV to its UAV-C. Two sides of C2 communication, i.e. UAV and UAV-C, belong to the same UAS.

A UAV shall be authorized by the USS to use a PDU Session/PDN connection for C2. Authorization for C2 includes the following:

UAV to UAV-C pairing authorization: Authorization for pairing with a networked UAV-C or a UAV-C that connects to the UAV via Internet connectivity, before the UAV and the UAV-C can exchange C2 communication. One UAV can be paired with only one UAV-C at the any time. One UAV-C may be paired with one or more UAVs at the same time.
Flight Authorization: Authorization for flight when UAV also provides Flight Authorization information.

C2 authorization may be carried out:

During the UUAA procedure (if UUAA is carried out at PDU session/PDN connection establishment) as described in clause 5.2.3 when the UAV requests establishment of PDU Session/PDN connection for connectivity.
During PDU Session Modification/ UE requested bearer resource modification when the UAV requires to use an existing PDU session/PDN connection to exchange C2 communication related messages.
During a new PDU Session/PDN connection establishment, if the UAV requires to use a separate PDU Session/PDN connection for C2 communication.

5.2.5.2 Procedure for C2 authorization in 5GS p. 43

5.2.5.2.1 C2 Authorization request during UUAA-SM procedure in 5GS p. 43

If C2 authorization is requested during the UUAA-SM procedure the procedure described in clause 5.2.3.2 takes place with the following additions:

In Step 0, the UE includes pairing information (if available) in a C2 Aviation Payload. which is forwarded further to the USS;
In step 4, the USS performs C2 authorization taking into account the included pairing information, the Service Level Device Identity/CAA-Level UAV ID and 3GPP UAV ID/GPSI. The USS includes the resulting C2 Authorization result and optionally a C2 authorization payload in the Naf_Authentication_AuthenticateAuthorize response returned to the UAS-NF/NEF and the UAS NF/NEF forwards to the UAV/UE in step 7.
The USS shall:
- in step 4 include a DN Authorization profile Index specifying a predefined set of PCC-rules in the PCF with initial restriction on the type of traffic allowed to pass on the PDU-session. For example, only traffic exchanged with the USS might be allowed to pass.
  Once the authentication is complete, after step 4, the USS subscribes to PDU Session Status Events for the PDU session used for C2 communication, applicable for the GPSI received in step 2.
- when the USS in step 8 receives a PDU Session State Event Report indicating session start and including the PDU Session IP address the USS invokes the USS initiated pairing policy configuration procedure (see Figure 5.2.5.4.1-1) with the received PDU Session IP address and authorized paired UAV-C IP-address as input to request corresponding traffic to be allowed on the PDU session in the UPF.

5.2.5.2.2 UE initiated PDU Session Modification for C2 Communication p. 44

C2 authorization is requested at PDU session Modification:

After UUAA-SM is performed and a common PDU session is used for connectivity to USS and C2 communication to a UAV-C (as configured in the UAV); or
If the UE has already established a PDU session for C2 communication to a UAV-C.

Copy of original 3GPP image for 3GPP TS 23.256, Fig. 5.2.5.2.2-1: PDU Session modification for C2 communication (common PDU session for UAS services)

Figure 5.2.5.2.2-1: PDU Session modification for C2 communication (common PDU session for UAS services)
(⇒ copy of original 3GPP image)

Step 1.

The UE establishes a PDU Session for USS communication as described in clause 5.2.3.

Step 2-3.

When the UAV needs to establish C2 communication the UAV determines that an existing PDU session can be used and initiates a PDU Session Modification procedure. The UE shall include in the request a CAA-Level UAV ID and shall include a C2 Aviation Payload within a UAS container that includes C2 authorization information. The USS may also use its locally configured pairing information for UAV - UAV-C pairing authorization which takes precedence over UAV provided pairing information. The pairing information includes the CAA-level UAV ID of the requesting UE and also includes identification information of UAV-C to pair if available. The UAV may also include other information such as Flight Authorization information.

Step 4.

The SMF determines that authorization is required based on that the DNN/S-NSSAI of the PDU session is dedicated for aerial services (have aerial service indicator set) and that the Service Level Device Identity (CAA-Level UAV ID) is included in the request and Then sends a Nnef_Authentication_AuthenticateAuthorize request to the UAS-NF including the UAS container provided by the UAV in step 2 (including the C2 Aviation Payload), the CAA-Level UAV ID, GPSI, PDU Session IP address, and optionally the UAV location (e.g. Cell ID) provided by the AMF.

Step 5.

The UAS-NF forwards the received authorization request as a Naf_Authentication_AuthenticateAuthorize request to the USS.

Step 6.

Triggered by step 5, the USS performs C2 authorization based on the received information and invokes, in order to forward the C2 authorization result to the UAV/UE, the UAV Re-authorization procedure (see Figure 5.2.4.3-1) including GPSI, CAA-Level UAV-ID (potentially new) and included in the authorization message, the C2 Authorization Result and the C2 Authorization Payload (e.g. containing C2 pairing information and C2 security information).

Step 7.

PDU Session Modification procedure forwards the C2 authorization result to the UAV/UE and completes as in Figure 4.3.3.2-1 of TS 23.502.

Step 8.

The USS invokes, with the received PDU Session IP address and the IP address of the authorized paired UAV-C as input, the USS initiated pairing policy configuration procedure (see Figure 5.2.5.4.2-1) to request corresponding traffic to be allowed on the PDU session in the UPF.

Unless a dedicated QoS is requested for the C2 flows, this procedure does not invoke any interaction with the UE, AMF or RAN.

5.2.5.2.3 UE initiated PDU Session Establishment for C2 Communication p. 45

If C2 authorization is requested during PDU session establishment to a PDU session used specifically for C2 communication to UAV-C the UAV requests C2 authorization as follows.

Copy of original 3GPP image for 3GPP TS 23.256, Fig. 5.2.5.2.3-1: PDU Session establishment for C2 communication (separate PDU Sessions for UAS services)

Figure 5.2.5.2.3-1: PDU Session establishment for C2 communication (separate PDU Sessions for UAS services)
(⇒ copy of original 3GPP image)

Step 0.

The UAV has performed a successful UUAA with the USS (UUAA-SM or UUAA-MM) and the USS has for the corresponding GPSI subscribed for PDU Session Status Event from the NEF.

Step 1.

When the UAV needs to establish C2 communication the UAV determines that a new dedicated PDU session is required for connectivity to UAV-C. The UE initiates PDU Session establishment procedure for a DNN/S-NSSAI dedicated for connectivity to UAV-C. In the PDU Session establishment request CAA-Level UAV ID and a C2 Aviation Payload to be used for C2 authorization shall be included and forwarded to the SMF. The pairing information includes the CAA-Level UAV IDs of the requesting UAV and identification information for the UAV-C to pair may be included in C2 Aviation Payload. The UAV may also include other information such as Flight Authorization information. The USS may also use its locally configured pairing information for UAV - UAV-C pairing authorization which then takes precedence over UAV provided pairing information.

Step 2.

The SMF determines that authorization is required based on that the requested DNN/S-NSSAI combination dedicated for aerial services (have aerial service indicator set), and that the Service Level Device Identity (CAA-Level UAV ID) is included in the request. The SMF then sends a Nnef_Authentication_AuthenticateAuthorize request, which is used to request authorization to pair the UAV with UAV-C, to the UAS NF/NEF that includes the GPSI, CAA-Level UAV ID and C2 Aviation Payload and optionally the UAV location (e.g. Cell ID) if provided by the AMF and the DNN and S-NSSAI of the PDU session.

If the requested DNN/S-NSSAI is dedicated for aerial services but no Service Level Device ID (CAA-Level UAV ID) has been provided with the request, the SMF rejects the PDU session establishment with a cause indicating that USS authorization is required.

The SMF also provides a Notification Endpoint to the UAS NF/NEF. By providing the Notification Endpoint, the SMF is implicitly subscribed to be notified of re-authorization, update authorization data or revocation of C2 connectivity from UAS NF/NEF, if the C2 authorization result is successful in step 5.

Step 3.

The UAS NF/NEF checks that a valid UUAA is stored for the GPSI and forwards the received authorization request as a Naf_Authentication_AuthenticateAuthorize request to the USS. If not, the request is not forwarded to the USS and the PDU session is rejected.

The UAS NF/NEF also provides a Notification Endpoint to the USS. By providing the Notification Endpoint, the UAS NF/NEF is implicitly subscribed to be notified of re-authorization, update authorization data or revocation of C2 connectivity from USS, if the UUAA result is successful in step 5.

Step 4.

The USS performs C2 authorization based on the received information and sends the Naf_Authentication_AuthenticateAuthorize response to the UAS NF/NEF including the Service Level Device Identity (e.g. the CAA-Level UAV-ID) (potentially new), the C2 Authorization Result and the C2 Authorization Payload (e.g. C2 pairing information and C2 security information).

Step 5.

The UAS-NF/NEF forwards the information received from the USS in the Nnef_Authentication_AuthenticateAuthorize response sent to the SMF.

Step 6.

To inform the UE about the C2 Authorization Result the SMF includes the authorization result and, optionally, a new CAA-Level UAV ID if received from the USS, in the PDU Session Accept sent to the UE and let the PDU session establishment procedure continue until finalized.

If a failed C2 Authorization Result is received from the USS, the SMF instead rejects the PDU establishment and include a reason code indicating not authorized.

Step 7.

[Conditional] If the C2 authorization is successful the USS subscribes via the UAS-NF to a PDU Session Status event for the PDU session used for C2 including in the request the GPSI of the UAV. The UAS NF determines DNN, S-NSSAI corresponding to the PDU session used for C2 communication and uses this DNN, S-NSSAI to subscribe to SMF for PDU Session Status event. The SMF detects, as described in step 6-7 of Figure 4.15.3.2.3-1 in TS 23.502, when the PDU Session is established and send the PDU Session Status event report to the UAS NF/NEF by means of Nsmf_EventExposure_Notify message, including GPSI and UE IP Address. The UAS NF/NEF then forwards the event message to the USS.

Step 8.

[Conditional] The USS stores the received UE IP address and invokes, with the received PDU Session IP address and the IP-address of the authorized paired UAV-C as input, the USS initiated pairing policy configuration procedure (see Figure 5.2.5.4.2-1) to request corresponding traffic to be allowed on the PDU session by the UPF.

Unless a dedicated QoS is requested for the C2 flows, this procedure does not invoke any interaction with the UE, AMF or RAN.