Content for TR 23.700-07 Word version: 17.0.0

1 Scope p. 13

3GPP Rel-16 added 5GS support for Non-Public Networks based on stage 1 service requirements in TS 22.261. The scope of this Technical Report is to study further enhancements to the 5GS to fulfil the not yet supported stage 1 service requirements for Non-Public Networks in TS 22.261 and requirements described in e.g. TS 22.263.

The following aspects are in scope of the study:

Study enhancements to enable support for SNPN along with subscription / credentials owned by an entity separate from the SNPN.
Study how to support UE onboarding and provisioning for non-public networks.
Study enhancements to the 5GS for NPN to support service requirements for production of audio-visual content and services e.g. for service continuity.
Study the possibility for customizations or optimizations of 5GS when used for NPN considering different deployment scenarios, e.g. when the NPN is deployed and managed with the support of PLMN, when the NPN is deployed for different coverage and device density.
Study the need for additional exposure capabilities due to support for NPN.
Study support for SNPN and PLMN sharing the same NG-RAN, if anything missing from Rel-16.
Study support for voice/IMS emergency services for SNPN.

2 References p. 13

The following documents contain provisions which, through reference in this text, constitute provisions of the present document.

References are either specific (identified by date of publication, edition number, version number, etc.) or non-specific.
For a specific reference, subsequent revisions do not apply.
For a non-specific reference, the latest version applies. In the case of a reference to a 3GPP document (including a GSM document), a non-specific reference implicitly refers to the latest version of that document in the same Release as the present document.

[1]

TR 21.905: "Vocabulary for 3GPP Specifications".

[2]

TS 22.261: "Service requirements for next generation new services and markets".

[3]

TS 22.263: " Service requirements for Video, Imaging and Audio for Professional Applications (VIAPA)".

[4]

TS 23.501: "System Architecture for the 5G System; Stage 2".

[5]

TS 23.122: "Non-Access-Stratum (NAS) functions related to Mobile Station in idle mode".

[6]

TS 23.502: "Procedures for the 5G System; Stage 2".

[7]

TS 33.501: "Security architecture and procedures for 5G system".

[8]

TS 24.501: "Non-Access-Stratum (NAS) protocol for 5G System (5GS); Stage 3".

[9]

Internet Assigned Numbers Authority (IANA): "Private Enterprise Numbers"; https://www.iana.org/assignments/enterprise-numbers/enterprise-numbers (retrieved March 26, 2020).

[10]

TS 24.502: "Access to the 3GPP 5G System (5GS) via non-3GPP access networks; Stage 3".

[11]

TS 24.229: "IP multimedia call control protocol based on Session Initiation Protocol (SIP) and Session Description Protocol (SDP); Stage 3".

[12]

TS 33.203: "3G Security; Access Security for IP-based services".

[13]

TS 23.632: "User Data Interworking, Coexistence and Migration; stage 2".

[14]

TS 23.503: "Policy and charging control framework for the 5G System (5GS); Stage 2".

[15]

TS 23.003: "Numbering, addressing and identification".

[16]

TS 23.228: "IP Multimedia Subsystem (IMS); Stage 2".

[17]

TS 22.228: "Service requirements for the Internet Protocol (IP) multimedia core network subsystem (IMS); Stage 1".

[18]

TS 22.101: "Service aspects; Service principles".

[19]

TS 23.167: "IP Multimedia Subsystem (IMS) emergency sessions".

[20]

SP-191038: "IMS emergency support for SNPN" (IESNPN).

[21]

TS 33.210: "Network Domain Security (NDS); IP network layer security".

[22]

GSMA SGP.01: "Embedded SIM Remote Provisioning Architecture", Version 4.0.

[23]

GSMA SGP.02: "Remote Provisioning Architecture for Embedded UICC Technical Specification", Version 4.0.

[24]

GSMA SGP.21: "eSIM Architecture Specification", Version 2.2.

[25]

GSMA SGP.22: "eSIM Technical Specification", Version 2.2.1.

[26]

TS 31.115: "Secured packet structure for (Universal) Subscriber Identity Module (U)SIM Toolkit applications.

[27]

TS 31.111: "Universal Subscriber Identity Module (USIM), Application Toolkit (USAT)".

[28]

TR 23.716: "Study on the Wireless and Wireline Convergence for the 5G system architecture".

[29]

TS 23.287: "Architecture enhancements for 5G System (5GS) to support Vehicle-to-Everything (V2X) services".

[30]

TS 24.587: "Vehicle-to-Everything (V2X) services in 5G System (5GS); Stage 3".

[31]

TS 29.244: "Interface between the Control Plane and the User Plane Nodes; Stage 3".

[32]

IETF draft: "Remote Attestation Procedures Architecture" (draft-ietf-rats-architecture-04).

[33]

IETF draft: "The Entity Attestation Token (EAT)" (draft-ietf-rats-eat-03).

[34]

MulteFire Alliance (MFA), Architecture for Neutral Host Network Access Mode Stage 2 (Release 1.1), MFA TS MF.202, https://www.multefire.org/, Release 1.1.

[35]

TS 33.310: "Network Domain Security (NDS); Authentication Framework (AF)".

[36]

TS 23.973: "User data interworking, coexistence and migration".

[37]

TS 29.544: "5G System; Secured Packet Application Function (SP-AF) services; Stage 3".

[38]

TS 29.561: "5G System; Interworking between 5G Network and external Data Networks; Stage 3".

[39]

TS 23.558: "Architecture for enabling Edge Applications (EA)".

[40]

TS 23.288: "Architecture enhancements for 5G System (5GS) to support network data analytics services".

3 Definitions of terms and abbreviations p. 15

3.1 Terms p. 15

For the purposes of the present document, the terms given in TR 21.905 and the following apply. A term defined in the present document takes precedence over the definition of the same term, if any, in TR 21.905.

Default UE credentials:

Information that the UE have before the actual onboarding procedure to make it uniquely identifiable and verifiably secure.

Default Credential Server (DCS):

The server that can authenticate a UE with default UE credentials or provide means to another entity to do it.

NPN:

Non-Public Network as defined in TS 23.501. The terminology NPN refers to both SNPN and PNI-NPN in this TR unless otherwise stated.

NPN credentials:

Information that the UE uses for authentication to access a NPN. NPN credentials may be 3GPP credentials or non-3GPP credentials.

ON Group:

A group of Onboarding Networks.

ON Group ID:

Identifying an ON Group.

Onboarding Network (ON):

The network providing initial registration and/or access to the UE for UE Onboarding.

Onboarding SUCI:

A SUCI created from the Onboarding SUPI and used for onboarding purposes.

Onboarding SUPI:

A SUPI that is based on the Unique UE Identifier and/or the Default UE Credentials and is used for onboarding purposes.

Overlay network:

When UE is accessing SNPN service via PLMN, SNPN is the overlay network. When UE is accessing PLMN services via SNPN, PLMN is the overlay network.

Provisioning Server:

The server that provisions the authenticated/authorized UE with the subscription data and optionally other configuration information.

Remote provisioning:

Provisioning of information, to a UE and within the network, required for the UE to get authorized access and connectivity to an NPN.

Subscription Owner (SO):

The entity that stores and as result of the UE Onboarding procedures provide the subscription data and optionally other configuration information via the PS to the UE.

Support for Onboarding Indication:

Indicating that the network supports/allows UE Onboarding.

UE Onboarding:

Enabling 3GPP connectivity for UE to realize remote provisioning.

Underlay network:

When UE is accessing SNPN service via PLMN, PLMN is the underlay network. When UE is accessing PLMN services via SNPN, SNPN is the underlay network.

Unique UE identifier:

Identifying the UE in the network and the DCS and is assigned and configured by the DCS.

3.2 Abbreviations p. 16

For the purposes of the present document, the abbreviations given in TR 21.905 and the following apply. An abbreviation defined in the present document takes precedence over the definition of the same abbreviation, if any, in TR 21.905.

DCS

Default Credential Server

IMC

IMS Credentials

Onboarding Network

Provisioning Server

Subscription Owner

4 Architectural Assumptions and Requirements p. 16

4.1 Architectural Requirements p. 16

Solutions shall build on the 5G System architectural principles as in TS 23.501, including flexibility and modularity for newly introduced functionalities.

5 Key Issues p. 16

5.1 Key Issue #1: Enhancements to Support SNPN along with credentials owned by an entity separate from the SNPN p. 16

5.1.1 Description p. 16

One area that needs further study is enhancements to the 5GS in order to enable support for SNPN along with subscriptions or credentials owned by an entity separate from the SNPN.

Studying 5GS enhancements specifically oriented towards support of SNPN with credentials owned by an entity separate from the SNPN is necessary to enable some of the main use cases for Non-Public Networks, such as wireless connectivity for industry, large residential buildings, campuses, malls, and merged SNPNs, which all contain several specialized and stringent requirements. Many of the relevant use cases may in turn potentially have an impact on the architecture.

This key issue aims at addressing the following points for SNPN along with subscription owned by an entity separate from the SNPN:

How to identify the separate entity providing the subscription;
Network selection enhancements, including UEs with multiple subscriptions;
- E.g. how does the UE discover and select an SNPN which provides authentication in an external entity;
Architecture enhancements needed to support multiple separate entities, e.g.:
- What are the interfaces exposed and/or used by SNPN and the separate entity;
- What is the architecture and solution for a UE accessing a separate entity via SNPN access network;
How to exchange authentication signalling between the SNPN and the separate entity, including:
- Authentication by the PLMN, based on PLMN identities and credentials, for access to the SNPN;
- Authentication via SNPN to separate entity based on non-3GPP identities (e.g. non-IMSI) and credentials;
Mobility scenarios, including service continuity, for:
- UE moving from SNPN#1 with separate entity#1 to SNPN#2 with separate entity#1 available; and
- UE moving between SNPN#1 (where separate entity=PLMN) and PLMN.
NOTE:
Security aspects should be defined by SA WG3.

5.2 Key Issue #2: NPN support for Video, Imaging and Audio for Professional Applications (VIAPA) p. 17

5.2.1 Description p. 17

The TS 22.263 captures the service requirements for "Video, Imaging and Audio for Professional Applications (VIAPA)".

This key issue aims at addressing the following aspects:

Study whether there are support for service continuity (assuming PSA may reside in either PLMN or in the NPN) between PLMN and NPN (SNPN or PNI-NPN) with overlapping radio coverage areas;
Study means to enable a UE to receive data services from one network (e.g. NPN), and paging as well as data services from another network (e.g. PLMN) simultaneously.

5.3 Key Issue #3: Support of IMS voice and emergency services for SNPN p. 17

5.3.1 Description p. 17

3GPP Rel-16 includes IMS voice and emergency services support for Public network integrated Non-Public Networks, while for SNPNs the following was captured in TS 23.501:

"Emergency services are not supported in SNPN access mode.

This key issue aims at addressing the following points for SNPN:

Study the architectural impacts for support of IMS voice and emergency services offered by SNPN;
Study whether basic IMS functionality for SNPN via 3GPP access requires any specification changes to enable non-IMSI based IMPI usage over 3GPP access;
Study whether and how SNPN selection is impacted when taking into account IMS voice support.

5.4 Key issue #4: UE Onboarding and remote provisioning p. 17

5.4.1 Description p. 17

The Key Issue is aiming to study the architecture and solutions to support UE onboarding and provisioning for the NPN. This key issue includes some common aspects such as:

Means for a UE, that is verifiably secure and uniquely identifiable to 5GS, for onboarding and remote provisioning;
Support of exposure via APIs to support UE onboarding and remote provisioning, if required.

But also specific aspects for component 1 (UE onboarding i.e. to enable 3GPP connectivity):

How does the UE discover and select the onboarding SNPN before UE NPN credentials and other information to enable UE to get 3GPP connectivity are provisioned.

NOTE 1:
Provisioning of PLMN credentials is not in scope of this KI. A UE accessing a PLMN is assumed to have provisioned 3GPP credentials.
How and whether the onboarding SNPN authenticates the UE, and establishes a secure 3GPP connectivity, before the UE's NPN credentials and other information to enable SNPN access are provisioned.
How to establish a secure connectivity between the UE and the network entity for provisioning the NPN credentials and other information to enable SNPN access, i.e. how to enable ciphering and integrity protection of the connection and the authentication of UE at the Provisioning Server.
How does the 5G system provides and updates in the network the subscription of an authorized UE in order to allow the UE to request connectivity to a desired SNPN.
Architecture including which NFs are involved, and which scenario(s) the solution is addressing, including:
- Which network entity performs UE's subscription provisioning and where is the network entity located.
- If the network entity performing UE subscription provisioning is external to the SNPN, what is the service-based interface exposed by the SNPN towards that network entity for UE onboarding and provisioning.

And for component 2 (remote provisioning of credentials to allow access to NPN services):

SNPN case: provisioning of NPN credentials (i.e. for primary authentication) and other information to enable SNPN access.
PNI-NPN case: provisioning of NPN credentials for access to specific slice(s) and/or PDU Sessions offering NPN services, i.e. for Network Slice Specific Authentication and Authorization and/or secondary authentication for PDU Sessions
Means to remotely provision the required new or updated information to the UE for enabling the UE to access the NPN using 5GS, including e.g.:
- Triggers and procedures used to initiate the provisioning procedure.
- How the network entity provisions the NPN credentials to the UE.

The associated solutions need to consider the following UE characteristics:

Before the UE onboarding process there should be information in the UE for it to be "uniquely identifiable and verifiably secure".

NOTE 2:
This does not mean the UE is required to support the frequency bands the PLMN deploys for public network.
A TE might not have an interface that can be used to provision the MT.

NOTE 3:
This key issue covers devices with and without a UICC.

NOTE 4:
Security aspects should be discussed and confirmed by SA WG3.

NOTE 5:
For the provisioning of IMSI accompanied by AKA credentials it is assumed that protocol for provisioning in USIM outside 3GPP scope is used, e.g. as specified in GSMA RSP.

NOTE 6:
The separation in two components 1 and 2 is done for readability.

NOTE 7:
Existing Provisioning server (e.g. CA (Certificate Authority)) in IT architecture provides N3GPP credential to the terminal device using protocol out of scope of 3GPP e.g. CMPv2 protocol (Certificate Management Protocol version 2).

5.5 Key Issue #5: Support for equivalent SNPNs p. 19

5.5.1 Description p. 19

This key issue is to enable a UE access multiple SNPNs and the ability to support optimized access control and service continuity between SNPNs. This is to enable support for equivalent SNPN (similar to equivalent PLMN) and/or equivalent home SNPN (similar to equivalent HPLMN). Impact to 5G System due to the following scenarios are in the scope:

Individual SNPNs with their own PLMN ID and NID identification but they are all equivalent. This implies that the UE with subscription for one of the SNPN has access to its equivalent SNPN(s). This also implies that the UE treat individual SNPNs with equal priority for network selection.

It has the following objectives for study:

Enabling an authorized UE to be able to efficiently access and move between equivalent SNPNs; and
Enabling an authorized UE to be able to efficiently select equivalent SNPNs during network selection.

5.6 Key Issue #6: Support of non-3GPP access for SNPN services p. 19

5.6.1 Description p. 19

One area that needs further study is enhancements to the 5GS in order to enable support for direct connection of non-3GPP access networks to the SNPN's 5GC. There are already non-3GPP access technologies which are in use in enterprises and campuses and it is foreseen that such non-3GPP access technologies will continue to evolve. The integration of these existing assets in the SNPN would add flexibility to the SNPN operators.

This key issue aims at addressing the following points for SNPN:

How to provide direct access to SNPN services via non-3GPP access networks:
- Support of trusted non-3GPP access network (TNAN);
- Support of untrusted non-3GPP access network; and
- Whether and how Wireline 5G Access Network can be used to connect to SNPN.