Tech-invite3GPPspecsSIPRFCs
Overview21222324252627282931323334353637384‑5x

Content for  TS 24.501  Word version:  17.0.0

Top   Top   Up   Prev   Next
1…   3…   4…   4.4…   4.4.3…   4.5…   4.5.3…   4.6…   4.7…   4.9…   5…   5.2…   5.3   5.4…   5.5…   5.6…   6…   6.2…   6.3…   6.4…   7…   8…   8.2.9…   8.3…   9…   A…   D…

 

4.5  Unified access controlWord‑p. 56

4.5.1  General

When the UE needs to access the 5GS, the UE not operating as an IAB-node (see TS 23.501) first performs access control checks to determine if the access is allowed. Access control checks shall be performed for the access attempts defined by the following list of events:
  1. the UE is in 5GMM-IDLE mode or 5GMM-IDLE mode with suspend indication over 3GPP access and an event that requires a transition to 5GMM-CONNECTED mode occurs; and
  2. the UE is in 5GMM-CONNECTED mode over 3GPP access or 5GMM-CONNECTED mode with RRC inactive indication and one of the following events occurs:
    1. 5GMM receives an MO-IMS-registration-related-signalling-started indication, an MO-MMTEL-voice-call-started indication, an MO-MMTEL-video-call-started indication or an MO-SMSoIP-attempt-started indication from upper layers;
    2. 5GMM receives a request from upper layers to send a mobile originated SMS over NAS unless the request triggered a service request procedure to transition the UE from 5GMM-IDLE mode or 5GMM-IDLE mode with suspend indication to 5GMM-CONNECTED mode;
    3. 5GMM receives a request from upper layers to send an UL NAS TRANSPORT message for the purpose of PDU session establishment unless the request triggered a service request procedure to transition the UE from 5GMM-IDLE mode or 5GMM-IDLE mode with suspend indication to 5GMM-CONNECTED mode;
    4. 5GMM receives a request from upper layers to send an UL NAS TRANSPORT message for the purpose of PDU session modification unless the request triggered a service request procedure to transition the UE from 5GMM-IDLE mode or 5GMM-IDLE mode with suspend indication to 5GMM-CONNECTED mode;
    5. 5GMM receives a request to re-establish the user-plane resources for an existing PDU session;
    6. 5GMM is notified that an uplink user data packet is to be sent for a PDU session with suspended user-plane resources;
    7. 5GMM receives a request from upper layers to send a mobile originated location request unless the request triggered a service request procedure to transition the UE from 5GMM-IDLE mode or 5GMM-IDLE mode with suspend indication to 5GMM-CONNECTED mode; and
    8. 5GMM receives a request from upper layers to send a mobile originated signalling transaction towards the PCF by sending an UL NAS TRANSPORT message including a UE policy container (see TS 24.587) unless the request triggered a service request procedure to transition the UE from 5GMM-IDLE mode to 5GMM-CONNECTED mode.
When the NAS detects one of the above events, the NAS needs to perform the mapping of the kind of request to one or more access identities and one access category and lower layers will perform access barring checks for that request based on the determined access identities and access category.
To determine the access identities and the access category for a request, the NAS checks the reason for access, types of service requested and profile of the UE including UE configurations, against a set of access identities and access categories defined in TS 22.261, namely:
  1. a set of standardized access identities;
  2. a set of standardized access categories; and
  3. a set of operator-defined access categories, if available.
For the purpose of determining the applicable access identities from the set of standardized access identities defined in TS 22.261, the NAS shall follow the requirements set out in:
  1. subclause 4.5.2 and the rules and actions defined in table 4.5.2.1, if the UE is not operating in SNPN access mode; or
  2. subclause 4.5.2A and the rules and actions defined in table 4.5.2A.1, if the UE is operating in SNPN access mode.
In order to enable access barring checks for access attempts identified by lower layers in 5GMM-CONNECTED mode with RRC inactive indication, the UE provides the applicable access identities to lower layers.
For the purpose of determining the applicable access category from the set of standardized access categories and operator-defined access categories defined in TS 22.261, the NAS shall follow the requirements set out in:
  1. subclause 4.5.2 and the rules and actions defined in table 4.5.2.2, if the UE is not operating in SNPN access mode; or
  2. subclause 4.5.2A and the rules and actions defined in table 4.5.2A.2, if the UE is operating in SNPN access mode.
Up

4.5.2  Determination of the access identities and access category associated with a request for access for UEs not operating in SNPN access modeWord‑p. 57
When the UE needs to initiate an access attempt in one of the events listed in subclause 4.5.1, the UE shall determine one or more access identities from the set of standardized access identities, and one access category from the set of standardized access categories and operator-defined access categories, to be associated with that access attempt.
The set of the access identities applicable for the request is determined by the UE in the following way:
  1. for each of the access identities 1, 2, 11, 12, 13, 14 and 15 in table 4.5.2.1, the UE shall check whether the access identity is applicable in the selected PLMN, if a new PLMN is selected, or otherwise if it is applicable in the RPLMN or equivalent PLMN; and
  2. if none of the above access identities is applicable, then access identity 0 is applicable.
Access Identity number
UE configuration

0
UE is not configured with any parameters from this table
1 (NOTE 1)
UE is configured for multimedia priority service (MPS).
2 (NOTE 2)
UE is configured for mission critical service (MCS).
3-10
Reserved for future use
11 (NOTE 3)
Access Class 11 is configured in the UE.
12 (NOTE 3)
Access Class 12 is configured in the UE.
13 (NOTE 3)
Access Class 13 is configured in the UE.
14 (NOTE 3)
Access Class 14 is configured in the UE.
15 (NOTE 3)
Access Class 15 is configured in the UE.


The UE uses the MPS indicator bit of the 5GS network feature support IE to determine if access identity 1 is valid. Processing of the MPS indicator bit of the 5GS network feature support IE in the REGISTRATION ACCEPT message is described in subclause 5.5.1.2.4 and subclause 5.5.1.3.4. The UE shall not consider access identity 1 to be valid when the UE is not in the country of its HPLMN or in an EHPLMN (if the EHPLMN list is present) prior to receiving the MPS indicator bit of the 5GS network feature support IE in the REGISTRATION ACCEPT message being set to "Access identity 1 valid".
When the UE is in the country of its HPLMN or in an EHPLMN (if the EHPLMN list is present), the contents of the USIM file EFUAC_AIC as specified in TS 31.102 and the rules specified in table 4.5.2.1 are used to determine the applicability of access identity 1. When the UE is in the country of its HPLMN or in an EHPLMN (if the EHPLMN list is present), and the USIM file EFUAC_AIC does not indicate the UE is configured for access identity 1, the UE uses the MPS indicator bit of the 5GS network feature support IE in the REGISTRATION ACCEPT message to determine if access identity 1 is valid. When the UE is in the country of its HPLMN or in an EHPLMN (if the EHPLMN list is present), and the USIM file EFUAC_AIC indicates the UE is configured for access identity 1, the MPS indicator bit of the 5GS network feature support IE is not applicable. When the UE is not in the country of its HPLMN or in an EHPLMN (if the EHPLMN list is present), the contents of the USIM file EFUAC_AIC are not applicable.
The UE uses the MCS indicator bit of the 5GS network feature support IE to determine if access identity 2 is valid. Processing of the MCS indicator bit of the 5GS network feature support IE in the REGISTRATION ACCEPT message is described in subclause 5.5.1.2.4 and subclause 5.5.1.3.4. The UE shall not consider access identity 2 to be valid when the UE is not in the country of its HPLMN or in an EHPLMN (if the EHPLMN list is present) prior to receiving the MCS indicator bit of the 5GS network feature support IE in the REGISTRATION ACCEPT message being set to "Access identity 2 valid".
When the UE is in the country of its HPLMN or in an EHPLMN (if the EHPLMN list is present), the contents of the USIM file EFUAC_AIC as specified in TS 31.102 and the rules specified in table 4.5.2.1 are used to determine the applicability of access identity 2. When the UE is in the country of its HPLMN or in an EHPLMN (if the EHPLMN list is present), and the USIM file EFUAC_AIC does not indicate the UE is configured for access identity 2, the UE uses the MCS indicator bit of the 5GS network feature support IE in the REGISTRATION ACCEPT message to determine if access identity 2 is valid. When the UE is in the country of its HPLMN or in an EHPLMN (if the EHPLMN list is present), and the USIM file EFUAC_AIC indicates the UE is configured for access identity 2, the MCS indicator bit of the 5GS network feature support IE is not applicable. When the UE is not in the country of its HPLMN or in an EHPLMN (if the EHPLMN list is present), the contents of the USIM file EFUAC_AIC are not applicable.
When the UE is in its HPLMN (if the EHPLMN list is not present or is empty) or in an EHPLMN (if the EHPLMN list is present), the contents of the USIM file EFACC as specified in TS 31.102 and the rules specified in table 4.5.2.1 are used to determine the applicability of access classes 11 and 15. When the UE is not in its HPLMN (if the EHPLMN list is not present or is empty) or in an EHPLMN (if the EHPLMN list is present), access classes 11 and 15 are not applicable.
When the UE is in the country of its HPLMN, the contents of the USIM file EFACC as specified in TS 31.102 and the rules specified in table 4.5.2.1 are used to determine the applicability of access classes 12 - 14. When the UE is not in the country of its HPLMN, access classes 12-14 are not applicable.
In order to determine the access category applicable for the access attempt, the NAS shall check the rules in table 4.5.2.2, and use the access category for which there is a match for barring check. If the access attempt matches more than one rule, the access category of the lowest rule number shall be selected. If the access attempt matches more than one operator-defined access category definition, the UE shall select the access category from the operator-defined access category definition with the lowest precedence value (see subclause 4.5.3).
Rule #
Type of access attempt
Requirements to be met
Access Category

1
Response to paging or NOTIFICATION over non-3GPP access;
5GMM connection management procedure initiated for the purpose of transporting an LPP message without an ongoing 5GC-MO-LR procedure;
Access attempt to handover of ongoing MMTEL voice call, MMTEL video call or SMSoIP from non-3GPP access
Access attempt is for MT access, or handover of ongoing MMTEL voice call, MMTEL video call or SMSoIP from non-3GPP access
0 (= MT_acc)
2
Emergency
UE is attempting access for an emergency session (NOTE 1, NOTE 2)
2 (= emergency)
3
Access attempt for operator-defined access category
UE stores operator-defined access category definitions valid in the current PLMN as specified in subclause 4.5.3, and access attempt is matching criteria of an operator-defined access category definition
32-63 (= based on operator classification)
3.1
Access attempt for MO exception data
UE is in NB-N1 mode and allowed to use exception data reporting (see the ExceptionDataReportingAllowed leaf of the NAS configuration MO in TS 24.368 or the USIM file EFNASCONFIG in TS 31.102), and access attempt is for MO data or for MO signalling initiated upon receiving a request from upper layers to transmit user data related to an exceptional event.
10 (= MO exception data)
4
Access attempt for delay tolerant service
(a) UE is configured for NAS signalling low priority or UE supporting S1 mode is configured for EAB (see the "ExtendedAccessBarring" leaf of NAS configuration MO in TS 24.368 or TS 31.102) where "EAB override" does not apply, and
(b): the UE received one of the categories a, b or c as part of the parameters for unified access control in the broadcast system information, and the UE is a member of the broadcasted category in the selected PLMN or RPLMN/equivalent PLMN
(NOTE 3, NOTE 5, NOTE 6, NOTE 7, NOTE 8)
1 (= delay tolerant)
4.1
MO IMS registration related signalling
Access attempt is for MO IMS registration related signalling (e.g. IMS initial registration, re-registration, subscription refresh)
or for NAS signalling connection recovery during ongoing procedure for MO IMS registration related signalling (NOTE 2a)
9 (= MO IMS registration related signalling)
5
MO MMTel voice call
Access attempt is for MO MMTel voice call
or for NAS signalling connection recovery during ongoing MO MMTel voice call (NOTE 2)
4 (= MO MMTel voice)
6
MO MMTel video call
Access attempt is for MO MMTel video call or for NAS signalling connection recovery during ongoing MO MMTel video call (NOTE 2)
5 (= MO MMTel video)
7
MO SMS over NAS or MO SMSoIP
Access attempt is for MO SMS over NAS (NOTE 4) or MO SMS over SMSoIP transfer or for NAS signalling connection recovery during ongoing MO SMS or SMSoIP transfer (NOTE 2)
6 (= MO SMS and SMSoIP)
8
UE NAS initiated 5GMM specific procedures
Access attempt is for MO signalling
3 (= MO_sig)
8.1
Mobile originated location request
Access attempt is for mobile originated location request (NOTE 9)
3 (= MO_sig)
8.2
Mobile originated signalling transaction towards the PCF
Access attempt is for mobile originated signalling transaction towards the PCF (NOTE 10)
3 (= MO_sig)
9
UE NAS initiated 5GMM connection management procedure or 5GMM NAS transport procedure
Access attempt is for MO data
7 (= MO_data)
10
An uplink user data packet is to be sent for a PDU session with suspended user-plane resources
No further requirement is to be met
7 (= MO_data)


Up

4.5.2A  Determination of the access identities and access category associated with a request for access for UEs operating in SNPN access mode |R16|Word‑p. 62
When the UE needs to initiate an access attempt in one of the events listed in subclause 4.5.1, the UE shall determine one or more access identities from the set of standardized access identities, and one access category from the set of standardized access categories and operator-defined access categories, to be associated with that access attempt.
The set of the access identities applicable for the request is determined by the UE in the following way:
  1. for each of the access identities 1, 2, 11, 12, 13, 14 and 15 in table 4.5.2A.1, the UE shall check whether the access identity is applicable in the selected SNPN, if a new SNPN is selected, or otherwise if it is applicable in the RSNPN; and
  2. if none of the above access identities is applicable, then access identity 0 is applicable.
Access Identity number
UE configuration

0
UE is not configured with any parameters from this table
1 (NOTE 1)
UE is configured for multimedia priority service (MPS).
2 (NOTE 2)
UE is configured for mission critical service (MCS).
3-10
Reserved for future use
11 (NOTE 3)
Access Class 11 is configured in the UE.
12 (NOTE 3)
Access Class 12 is configured in the UE.
13 (NOTE 3)
Access Class 13 is configured in the UE.
14 (NOTE 3)
Access Class 14 is configured in the UE.
15 (NOTE 3)
Access Class 15 is configured in the UE.


The contents of the unified access control configuration in the "list of subscriber data" stored in the ME (see TS 23.122) and the rules specified in table 4.5.2A.1 are used to determine the applicability of access identity 1 in the SNPN. When the contents of the unified access control configuration in the "list of subscriber data" stored in the ME (see TS 23.122) do not indicate the UE is configured for access identity 1 for the SNPN, the UE uses the MPS indicator bit of the 5GS network feature support IE in the REGISTRATION ACCEPT message to determine if access identity 1 is valid. The contents of the unified access control configuration in the "list of subscriber data" stored in the ME (see TS 23.122) and the rules specified in table 4.5.2A.1 are used to determine the applicability of access identity 2 in the SNPN. When the contents of the unified access control configuration in the "list of subscriber data" stored in the ME (see TS 23.122) do not indicate the UE is configured for access identity 2 for the SNPN, the UE uses the MCS indicator bit of the 5GS network feature support IE in the REGISTRATION ACCEPT message to determine if access identity 2 is valid. The contents of the unified access control configuration in the "list of subscriber data" stored in the ME (see TS 23.122) and the rules specified in table 4.5.2A.1 are used to determine the applicability of access classes 11 to 15 in the SNPN. In order to determine the access category applicable for the access attempt, the NAS shall check the rules in table 4.5.2A.2, and use the access category for which there is a match for barring check. If the access attempt matches more than one rule, the access category of the lowest rule number shall be selected. If the access attempt matches more than one operator-defined access category definition, the UE shall select the access category from the operator-defined access category definition with the lowest precedence value (see subclause 4.5.3).
Rule #
Type of access attempt
Requirements to be met
Access Category

1
Response to paging or NOTIFICATION over non-3GPP access (NOTE 11);
5GMM connection management procedure initiated for the purpose of transporting an LPP message without an ongoing 5GC-MO-LR procedure;
Access attempt to handover of MMTEL voice call, MMTEL video call or SMSoIP from non-3GPP access
Access attempt is for MT access, or handover of ongoing MMTEL voice call, MMTEL video call or SMSoIP from non-3GPP access
0 (= MT_acc)
2
Emergency
UE is attempting access for an emergency session (NOTE 1, NOTE 2)
2 (= emergency)
3
Access attempt for operator-defined access category
UE stores operator-defined access category definitions valid in the SNPN as specified in subclause 4.5.3, and access attempt is matching criteria of an operator-defined access category definition
32-63 (= based on operator classification)
4
Access attempt for delay tolerant service
(a) UE is configured for NAS signalling low priority, and
(b) the UE received one of the categories a, b or c as part of the parameters for unified access control in the broadcast system information, and the UE is a member of the broadcasted category in the selected SNPN or RSNPN
(NOTE 3, NOTE 5, NOTE 6, NOTE 7, NOTE 8)
1 (= delay tolerant)
4.1
MO IMS registration related signalling
Access attempt is for MO IMS registration related signalling (e.g. IMS initial registration, re-registration, subscription refresh)
or for NAS signalling connection recovery during ongoing procedure for MO IMS registration related signalling (NOTE 2a)
9 (= MO IMS registration related signalling)
5
MO MMTel voice call
Access attempt is for MO MMTel voice call or for NAS signalling connection recovery during ongoing MO MMTel voice call (NOTE 2)
4 (= MO MMTel voice)
6
MO MMTel video call
Access attempt is for MO MMTel video call or for NAS signalling connection recovery during ongoing MO MMTel video call (NOTE 2)
5 (= MO MMTel video)
7
MO SMS over NAS or MO SMSoIP
Access attempt is for MO SMS over NAS (NOTE 4) or MO SMS over SMSoIP transfer or for NAS signalling connection recovery during ongoing MO SMS or SMSoIP transfer (NOTE 2)
6 (= MO SMS and SMSoIP)
8
UE NAS initiated 5GMM specific procedures
Access attempt is for MO signalling
3 (= MO_sig)
8.1
Mobile originated location request
Access attempt is for mobile originated location request (NOTE 9)
3 (= MO_sig)
8.2
Mobile originated signalling transaction towards the PCF
Access attempt is for mobile originated signalling transaction towards the PCF (NOTE 10)
3 (= MO_sig)
9
UE NAS initiated 5GMM connection management procedure or 5GMM NAS transport procedure
Access attempt is for MO data
7 (= MO_data)
10
An uplink user data packet is to be sent for a PDU session with suspended user-plane resources
No further requirement is to be met
7 (= MO_data)


Up


Up   Top   ToC