This solution addresses Key Issue#1 "UAS Authentication and Authorization".
This solution is applicable to 5GS and to both UAV and networked UAV-C.
This solution enables an authentication and authorization (A&A) with a USS/UTM during registration after primary authentication successful completion in a procedure similar to Network Slice Specific Authentication and Authorization (NSSAA). An API-based authentication procedure is triggered by AMF following a Registration procedure based on the UE subscription and capabilities information. The procedure for authentication and authorization (A&A) by the USS/UTM is performed using non-3GPP credentials (e.g. CAA-level UAV ID, certificate). The AMF forwards transparently the authentication messages between the UAV and the USS/UTM. The solution proposes an A&A Proxy function to be used for A&A communication with USS/UTM. This A&A Proxy function may be integrated in the UAS-NF as defined in TR 23.754, clause 8.
The USS/UTM may initiate UAV authorization revocation at any time after successful completion of authorization procedure.
UAV is configured with a long-term UAV ID (e.g. serial number, CAA registration id) and credentials used for authentication by USS/UTM. The UAV ID and credentials are obtained by means outside of 3GPP scope
AMF sends in the Registration Accept message a pending UAV A&A indication. UE refrains from establishing PDU Session dedicated to UAS communications until the successful completion of the following A&A steps. The Registration Accept message may include some other configuration information such as allowed UAS communication modes/types (e.g. network assisted, direct). The UE sends a Registration Complete if this is an initial Registration.
AMF triggers an API-based UAV A&A by USS/UTM procedure. UE is authenticated using UAV credentials (e.g. CAA-level UAV ID, certificate). During the procedure, the AMF provides the USS/UTM with a 3GPP UAV ID (e.g. GPSI as External id) and AMF may receive a CAA-level UAV id (e.g. a temporary Session id) from USS/UTM. The AMF stores the CAA-level UAV id in the UE context. The AMF may use the CAA-level UAV id to determine whether to perform UAV A&A as described in step 2. The AMF provides the CAA-level UAV id and to the UE in the following step.
Upon successful UAV A&A by USS/UTM, AMF initiates the UE Configuration Update procedure to deliver authorized UAS Configuration parameters to the UE. The UAS Configuration may include the following parameters to be used for UAS communication setup: the CAA-level UAV ID, S-NSSAI/DNN. The CAA-level UAV ID is used for remote or broadcast Remote ID.
The AMF initiates a UCU procedure to revoke authorization information that was stored in the UE based on procedure 220.127.116.11 or initiate a DeRegistration procedure indicating the cause of deregistration.
This solution is aligned with TR 23.754 conclusions for UAV authentication and authorization by USS/UTM (UUAA) during Registration, including the usage of a generic (API based) procedure using a UAS NF.
This solution fully addresses the requirements of Key Issue #1:
The solution uses a generic (i.e., API based) procedure for UUAA during Registration via a Proxy A&A (UAS NF). The UE includes its CAA-level UAV ID to register for UAS services. After a successful primary authentication, the AMF triggers a UUAA if the UE has a valid Aerial subscription and if there is no UUAA ongoing or a valid result from a successful prior UUAA run. The AMF triggers UUAA after sending a Registration Accept message indicating a pending UUAA. The authentication method and content of authentication message used for UUAA are not in 3GPP scope.
The solution enables the revocation of UAV authorization by the USS/UTM. The revocation request is received by the UAS NF which notifies the AMF. AMF may trigger a PDU Session release for the relevant PDU Sessions (used for communication USS/UTM and/or for C2 communications) and/or a DeRegistration procedure.
Authentication of USS/UTM is handled by the Proxy A&A function by means of provisioned aviation domain certificates. USS/UTM address may be obtained from UE or from a trusted resolution function which provides a USS/UTM address based on a CAA-level UAV ID.
API based procedure introduces a new mechanism compared to existing EAP framework.