Content for  TS 33.503  Word version:  17.2.0

Discoveree UE sends a Discovery Request message containing the RPAUID to the 5G DDNMF in its HPLMN in order to get Discovery Query Filter(s) to monitor a query, the ProSe Response Code to announce and associated security materials. The command indicates that this is for ProSe Response (Model B) operation, i.e. for a Discoveree UE. In addition, the Discoveree UE shall include its PC5 UE security capability that contains the list of supported ciphering algorithms by the UE in the Discovery Request message. For 5G ProSe UE-to-Network Relay discovery, the 5G ProSe UE-to-Network Relay plays the role of the Discoveree UE and sends a Relay Discovery Key Request instead of a Discovery Request. The Relay Discovery Key Request message includes the Relay Service Code (RSC) and the 5G ProSe UE-to-Network Relay's PC5 security capabilities.

The 5G DDNMF may check for the announce authorization with the ProSe Application Server depending on 5G DDNMF configuration. For 5G ProSe UE-to-Network Relay discovery, the 5G DDNMF may check with the UDM whether the UE-to-Network relay is authorized to announce UE-to-Network relay discovery.

The 5G DDNMFs in the HPLMN and VPLMN of the Discoveree UE exchange Announce Auth. Messages. If the Discoveree UE is not roaming, these steps do not take place.

The 5G DDNMF in the HPLMN of the Discoveree UE returns the ProSe Response Code and the Code-Sending Security Parameters, Discovery Query Filter(s), Code-Receiving Security Parameters corresponding to each discovery filter along with the CURRENT_TIME and MAX_OFFSET parameters and the chosen PC5 ciphering algorithm. The Code-Sending Security Parameters provide the necessary information for the Discoveree UE to protect the transmission of the ProSe Response Code and are stored with the ProSe Response Code. The Code-Receiving Security Parameters provide the information needed by the Discoveree UE to undo the protection applied to the ProSe Query Code by the Discoverer UE. The Code-Receiving Security Parameters indicate a Match Report will not be used for MIC checking. The UE stores each Discovery Filter with its associated Code-Receiving Security Parameters. The Discoveree UE takes the same actions with CURRENT_TIME and MAX_OFFSET as described for the Announcing UE in step 4 of clause 6.1.3.1 of the present document. The 5G DDNMF in the HPLMN of the Discoveree UE shall include the chosen PC5 ciphering algorithm in the Discovery Response message. The 5G DDNMF determines the chosen PC5 ciphering algorithm based on the ProSe Response Code and the received PC5 UE security capability in step 1. The UE stores the chosen PC5 ciphering algorithm together with the ProSe Response Code. In addition, the 5G DDNMF in the HPLMN of the Discoveree UE may associate the ProSe Response Code with the PC5 security policies and include the PC5 security policies in the Discovery Response message. For 5G ProSe UE-to-Network Relay discovery, a Relay Discovery Key Response is used instead of the Discovery Response, and the RSC is used instead of ProSe Query Code and ProSe Response Code.

The Discoverer UE sends a Discovery Request message containing the RPAUID and its PC5 UE security capability to the 5G DDNMF in its HPLMN in order to be allowed to discover one or more Restricted ProSe Application User IDs. For 5G ProSe UE-to-Network Relay discovery, the 5G ProSe Remote UE plays the role of the Discoverer UE and sends a Relay Discovery Key Request instead of the Discovery Request. The Relay Discovery Key Request message includes the RSC and the 5G ProSe Remote UE's PC5 security capabilities.

The 5G DDNMF in the HPLMN of the Discoverer UE sends an authorization request to the ProSe Application Server. If the RPAUID is allowed to discover at least one of the Target RPAUIDs contained in the Application Level Container, the ProSe Application Server returns an authorization response. For 5G ProSe UE-to-Network Relay discovery, the 5G DDNMF of the Remote UE may check with the UDM whether the Remote UE is authorized to monitor UE-to-Network relay discovery.

If the Discovery Request is authorized, and the PLMN ID in the Target RPAUID indicates a different PLMN, the 5G DDNMF in the HPLMN of the Discoverer UE contacts the indicated PLMN's 5G DDNMF (i.e. the 5G DDNMF in the HPLMN of the Discoveree UE) by sending a Discovery Request message including the PC5 UE security capability in step 5. For 5G ProSe UE-to-Network Relay Discovery, Relay Discovery Key Request and RSC are used instead of Discovery Request and RPAUID.

The 5G DDNMF in the HPLMN of the Discoveree UE may exchange authorization messages with the ProSe Application Server. For 5G ProSe UE-to-Network Relay discovery, this step is skipped.

If the PC5 UE security capability in step 5 includes the chosen PC5 ciphering algorithm, the 5G DDNMF in the HPLMN of the Discoveree UE responds to the 5G DDNMF in the HPLMN of the Discoverer UE with a Discovery Response message including the ProSe Query Code(s) and their associated Code-Sending Security Parameters, ProSe Response Code and its associated Code-Receiving Security Parameters, an optional Discovery User Integrity Key (DUIK) for the ProSe Response Code, and a chosen PC5 ciphering algorithm. The Code-Receiving Security Parameters provide the information needed by the Discoverer UE to undo the protection applied by the Discoveree UE. The DUIK shall be included as a separate parameter if the Code-Receiving Security Parameters indicate that the Discoverer UE use Match Reports for MIC checking. The 5G DDNMF in the HPLMN of the Discoverer UE stores the ProSe Response Code and the Discovery User Integrity Key (if it received one outside of the Code-Receiving Security Parameters). The Code-Sending Security Parameters provide the information needed by the Discoverer UE to protect the ProSe Query Code. The 5G DDNMF in the HPLMN of the Discoveree UE may send the PC5 security policies associated with the ProSe Response Code to the 5G DDNMF in the HPLMN of the Discoverer UE. For 5G ProSe UE-to-Network Relay discovery, a Relay Discovery Key Response is used instead of the Discovery Response, and the RSC is used instead of ProSe Query Code and ProSe Response Code. For 5G ProSe UE-to-Network Relay discovery, MIC checking is performed only at the Remote UE and the 5G DDNMF of the Remote UE does not need to configure integrity checking for UE-to-Network Relay discovery.

The 5G DDNMFs in the HPLMN and VPLMN of the Discoverer UE exchange Announce Auth. messages. If the Discoverer UE is not roaming, these steps do not take place.

The 5G DDNMF in the HPLMN of the Discoverer UE returns the Discovery Response Filter and the Code-Receiving Security Parameters, the ProSe Query Code, the Code-Sending Security Parameters along with the CURRENT_TIME and MAX_OFFSET parameters and the chosen PC5 ciphering algorithm. The Discoverer UE takes the same actions with CURRENT_TIME and MAX_OFFSET as described for the Monitoring UE in step 9 of clause 6.1.3.1 of the present document. The UE stores the Discovery Response Filter and its Code-Receiving Security Parameters and the ProSe Query Code and its Code-Sending Security Parameters, and the chosen PC5 ciphering algorithm together with the ProSe Response Code. If the 5G DDNMF in the HPLMN of the Discoverer UE receives the PC5 security policies associated with the ProSe Response Code in step 9, the Discoverer UE's 5G DDNMF forwards the PC5 security policies to the Discoverer UE. For 5G ProSe UE-to-Network Relay discovery, a Relay Discovery Key Response is used instead of the Discovery Response, and the RSC is used instead of the ProSe Restricted Code.

The Discoverer UE sends the ProSe Query Code and also listens for a response message if the UTC-based counter provided by the system associated with the discovery slot is within the MAX_OFFSET of the Announcing UE's ProSe clock and if the Validity Timer has not expired. The Discoverer UE forms the discovery message and protects it. The four least significant bits of UTC-based counter are transmitted along with the protected discovery message.

The Discoveree UE listens for a discovery message that satisfies its Discovery Filter if the UTC-based counter associated with that discovery slot is within the MAX_OFFSET of the Discoverer UE's ProSe clock. In order to find such a matching message, it processes the message.

The Discoveree sends the ProSe Response Code associated with the discovered ProSe Query Code. The Discoveree UE forms the discovery message and protects it. The four least significant bits of UTC-based counter are transmitted along with the protected discovery message.

The Discoverer UE listens for a discovery message that satisfies its Discovery Filter. In order to find such a matching message, it processes the message. If the Discoverer UE was not asked to send Match Reports for MIC checking, it stops at this step from a security perspective. Otherwise, it proceeds to step 16.

If the Discoverer UE has either not had the 5G DDNMF check the MIC for the discovered ProSe Response Code previously or the 5G DDNMF has checked a MIC for the ProSe Response Code and the associated Match Report refresh timer (see step 18 for details of this timer) has expired, or as required based on the procedure specified in TS 23.304, then the Discoverer UE sends a Match Report message to the 5G DDNMF in the HPLMN of the Discoverer UE. The Match Report contains the UTC-based counter value with four least significant bits equal to four least significant bits received along with discovery message and nearest to the Monitoring UE's UTC-based counter associated with the discovery slot where it heard the announcement, and other discovery message parameters including the ProSe Response Code and MIC. The 5G DDNMF checks the MIC.

The 5G DDNMF in the HPLMN of the Discoverer UE may exchange an Auth Req/Auth Resp with the ProSe Application Server to ensure that Discoverer UE is authorized to discover the Discoveree UE.

The 5G DDNMF in the HPLMN of the Discoverer UE returns to the Discoverer UE an acknowledgement that the integrity check passed. It also provides the CURRENT_TIME parameter, by which the UE (re)sets its ProSe clock. The 5G DDNMF in the HPLMN of the Discoverer UE include the Match Report refresh timer in the message to the Discoverer UE. The Match Report refresh timer indicates how long the UE will wait before sending a new Match Report for the ProSe Response Code.

The 5G DDNMF in the HPLMN of the Discoverer UE may send a Match Report Info message to the 5G DDNMF in the HPLMN of the Discoveree UE.