The UAV USS authentication and authorization (UUAA) is the procedure to ensure that the UAV can be authenticated and authorized by a USS before the connectivity for UAS services is enabled. This clause specifies the relationship between authentication and UUAA. An UAV is allowed to perform UUAA with the USS/UTM only after the UAV (UE) has completed successfully authentication with EPC. The SMF+PGW-C triggers the UUAA procedure if the UAV has an Aerial UE subscription and the UAV requests access to UAS services by providing the CAA-Level UAV ID of the UAV when attaching to the network.
The UUAA is performed between the UAV and the USS. The UAV is authenticated based on the CAA-Level UAV ID and credentials associated to the CAA-Level UAV ID. The authentication messages are included in a transparent container and conveyed between the UAV and the USS via a 3GPP UAS NF.
On successful completion of a UUAA, the USS sends UAS security information (if determined by the USS) in the UUAA Authorization Payload to the UAV. The contents of that security information are out of scope of the 3GPP specifications.
The UUAA procedure is described in the clause 22.214.171.124.
The SMF+PGW-C sends a message Nnef_Auth_Req to the UAS NF, including the GPSI and the CAA-Level UAV ID, and the Aviation Payload if provided by the UE for USS to authenticate the UAV. The SMF+PGW-C may include other information in the request as in TS 23.256.
The UAS NF resolves the USS address based on CAA-Level UAV ID or uses the provided USS address. Only authorized USS shall be used in order to ensure only legitimate entities can provide authorization for UAVs. The UAS NF sends an Authentication Request to the USS. The Authentication Request shall include the GPSI, the CAA-Level UAV ID, a UAS NF Routing information (e.g., a FQDN or IP address) which uniquely identifies the UAS NF located in the 3GPP network that handles the UAV related messages exchanges with the corresponding external USS/UTM and the transparent container. Other information may also be included in this message as in TS 23.256.
The USS sends the UAS NF an Authentication Response message. The Authentication Response shall include the GPSI, the UUAA result (success/failure), the authorized CAA-level UAV ID, and a UUAA Authorization Payload that contains UAS security information if the USS has such information to send.
The UAS NF stores the GPSI, USS Identifier (and the binding with the GPSI) and the CAA-level UAV ID (and the binding with the GPSI).
The UAS NF sends the SMF+PGW-C an Authentication Response message, including the GPSI, the UUAA result (success/failure), the authorized CAA-level UAV ID, and the UUAA Authorization Payload received in step 5.
The SMF+PGW-C sends to the UE the UUAA result (success/failure) and the UUAA Authorization Payload received in step 5. The message(s) used in step 7 and any further actions the SMF+PGW-C takes are given in TS 23.256.
The SMF+PGW-C stores the results, together with the GPSI and the CAA-level UAV ID.
The USS sends a re-authentication request for the UAV to UAS-NF that includes GPSI, CAA-Level UAV ID, and an Authentication message. It may contain the PDU Session IP address if available. The USS shall use the UAS NF Routing information received during the previous successful UUAA related to GPSI for sending the re-authentication request.
The UAS NF retrieves the UAV UE's context. The UE's context contains identity mapping between the GPSI and the USS identifier that performed UAA. The UAS-NF verifies the USS re-authentication request by checking whether the GPSI and the USS identifier of the USS requesting the re-authentication match the stored mapping of GPSI and USS identifier. The UAS-NF shall only continue the re-authentication procedures if match.
The UAS NF retrieves the UAV UE's context. The UE's context contains identity mapping between the GPSI and the USS identifier that performed UUAA. The UAS-NF verifies the USS revocation request by checking whether the GPSI and the USS identifier of the USS requesting the revocation match the stored mapping of GPSI and USS identifier. The UAS-NF shall only continue the revocation procedures if they match.
The UAS NF sends to the target SMF+PGW-C, the UUAA revocation message for the UE identified by the GPSI. The target SMF+PGW-C shall respond to the UAS NF to indicate the revocation has been successful.
The target SMF+PGW-C on receiving UUAA revocation notification message, determines to send UUAA revocation indication to the UE. The target SMF+PGW-C informs the UE that UUAA is revoked and takes actions as described in TS 23.256 and the SMF+PGW-C shall delete the UUAA context being revoked.