Content for  TR 33.854  Word version:  17.1.0

This solution address key issues #2 and #7. Further, the solution takes into account the following SA2 clause 4.2 of TR 23.754 Architectural Assumptions.

• For networked UAV controllers and non-networked UAV controllers, pairing between the UAV and the UAV controller for the use of UAV3 or UAV5 may be at least authorized, or even authenticated. The pairing authorization/authentication, when performed, is authorized by the USS/UTM, not by the 3GPP system. The 3GPP system enables such authorization process. The result of such authorization/authentication are made known to the MNO in order to enable the USS/UTM to enable the connectivity between the UAV and the UAV controller.

The solution enables UAV and UAV-C pairing authorization to ensure only authorized UAV and UAV-C to establish data connection for C2 communication between them. Further the solution also enables UAV and UAV-C pairing revocation when determined and notified by the USS/UTM.

The authorization of UAV and UAV-C pairing can be performed by the USS/UTM (after a successful primary authentication and during/after a successful UAS authentication) when a UAV initiates a PDU session establishment or when the UAV modifies the existing PDU session to set up C2 connection with the UAV-C for enabling the UAS service as shown in Figure 6.15.2-1. At this step, it is considered that UAV and UAV-C has already performed successful UAS registration with the USS/UTM (and has UAS authorization and security information provided by the USS/UTM). The UAV includes Pairing authorization request information containing UAV-C ID, Auth Token, UAS ID, Security context ID in addition to its CAA-level UAV ID in the PDU session establishment request message (or in PDU session modification request) to SMF along with the UAV operation request and SMF can send the UAV operation Request along with the received Pairing authorization request information to the UFES and the UFES forwards the same to the USS/UTM. UAV operation Request procedure can be based on agreements from SA2 TR 23.754. The USS/UTM on receiving the Pairing authorization request information along with UAV operation request can perform the UAV and UAV-C pairing authorization and session security set up. Pairing authorization can also be referred C2 Association authorization. The solution considers that, the UAV-C information (i.e., a UAV-C ID) with which the UAV can form an UAS can be available in the USS and it can also be prepositioned to the UAV along with the CAA-level UAV ID provisioning (out of 3GPP scope) as a precondition. UAV and UAV-C pairing authorization and session security set up procedure is described as follows. As a precondition, the UAV and UAV-C is registered to the 3GPP network and both UAV and UAV-C has successfully performed UAS Authentication and authorization with the USS/UTM and established a PDU Session with the USS/UTM. Alternatively, the UAV-C may be connected to the USS/UTM over internet.

Optionally Step 7-10 can be skipped and only step 10 is performed if the UAV-C is connected to the USS/UTM over internet. The UAV and UAV-C uses the received session security information to set up a secure connection between UAV and UAV-C for the C2 connection. In case of modifying the existing PDU session during pairing authorization, the steps 1-3 and steps 14-16 will use PDU session modification related message (i.e., PDU session modification request/response message instead of PDU session initiation request/response and PDU session update SM context message instead of PDU session create SM context message accordingly.). The SMF performs the configuration of the PDU Session accordingly to enforce pairing based on the received UAV-C authorization Pairing Authorization Response. Pairing Authorization Revocation:

UAV and UAV-C pairing revocation is shown in Figure 6.15.2-2 and the steps involved in the pairing revocation is described as follows. Pairing Revocation related to UAV-Controller (UAV-C) Change: Applicability to EPS: The UAV/UAV-C (i.e., C2) Pairing authorization and Revocation procedure described in this section can be applicable to EPS, with the adaptation of using MME, SMF+PGW-C, UPF+PGW-U and HSS+UDM respectively. 3GPP NF/UFES can act as a UAS NF or UAS control function in the 3GPP network which can be a standalone network function, or a service offered by the SCEF in the EPS. The message name used in EPS procedure can be aligned with SA2 where required during the normative work. The UAV and UAV-C pairing authorization when connected to EPS is described as follows. The UAV and UAV-C can use the received session security information to set up a secure connection between UAV and UAV-C for the C2 connection. The UAV and UAV-C pairing revocation can be applicable to EPS as described below. The USS/UTM when it determines to revoke UAV/UAV-C pairing (also known as C2 pairing or C2 association), the USS/UTM sends a Pairing Revocation Notification to the UFES with the 3GPP UAV ID (i.e., an external identifier), CAA Level UAV ID and UAV-C ID. The UFES sends the received Pairing Revocation Notification message to the SMF+PGW-C and a PDN connection disconnection and bearer deactivation can be initiated based on TR 23.754 and TS 23.401 accordingly. The Delete Session/bearer Request can be sent by SMF+PGW-C to MME via S-GW with a suitable cause value and a pairing revocation information containing CAA level UAV ID and UAV-C ID based on the received pairing revocation notification. During bearer deactivation, the MME can send to the UAV, a suitable cause value and a pairing revocation information containing CAA level UAV ID and UAV-C ID. The UAV on receiving the pairing revocation information will delete the locally stored pairing authorization information and security information for the UAV and UAV-C pairing and releases all resources corresponding to the PDN connection. The UAV sends in response, a pairing revocation acknowledgement and CAA level UAV ID to the MME. The MME sends a PDN connection Release Acknowledgement (example., in a delete bearer response) to SMF+PGW-C via SGW with the external ID, Pairing Revocation Ack indication and CAA Level UAV ID. The SMF+PGW-C on receiving the Pairing Revocation Ack indication deletes locally stored pairing information (such as pairing authorization information and paired UAV and UAV-C IDs). Further, the SMF+PGW-C sends a Pairing Revocation Acknowledgement to the UFES with the received 3GPP UAV ID, Success Indication, and CAA Level UAV ID. The UFES forwards the received Pairing Revocation Acknowledgement to the USS/UTM with the received Success Indication, 3GPP UAV ID and CAA Level UAV ID. In case of UAV change, an authorization indication, new authorization data with cause as UAV change can be notified by the USS/UTM to the UFES. The PDN connection modification can be triggered by the SMF+PGW-C and the UAV can be notified with an authorization indication, new authorization data with cause as UAV change to allow the UAV to update the pairing authorization information during the PDN connection modification. The UAV updates the pairing information based on the received new authorization data and sends an acknowledgement back to MME. The MME forwards the received acknowledgement to SMF+PGW-C. The SMF+PGW-C can also update the locally stored pairing information if any (such as paired UAV and UAV-C information, authorization status based on new authorization data received) and updates session that are involved by the PDN connection Modification for the new authorized pair of UAV and new UAV-C2 (based on UAV and UAV-C information received from USS/UTM).

AMF in 5GS and SMF+PGW-C in EPS: On receiving a pairing authorization request information, need to verify if the UAV-ID is authorized to request pairing authorization based on the locally stored UAS authentication and authorization results, authorization information (i.e., Auth Token) and UAV-C ID (if available). If there are no UAS authentication results available or if does not match, then triggers UAA before performing pairing authorization. After a successful pairing authorization, receives (from USS/UTM via UFES) and forwards the Authorization Response Information with Success Indication, UAV ID, UAV-C ID, UAS ID, and Session Security Information to the UAV, to allow session security set up between the paired UAV and UAVC. Also stores the UAV ID and UAV-C ID along with the pairing authorization status and UAS ID to enable handling of paired connections later (example. during pairing revocation and UAVC change). UE: On a PDU session establishment related to C2, sends Pairing Authorization Request Information which includes UAS ID, UAV Auth Token, and UAS Security Context Identifier. On a PDU session or PDN connection release related to a pairing revocation requested by the USS/UTM (via UFES), the UAV is notified (via AMF/MME accordingly) with a Pairing Revocation Indication and pairing revocation information to enable UAV to delete any pairing authorization information locally stored. On a PDU session/PDN connection modification related to a UAVC change requested by the USS/UTM (via UFES), the UAV is notified (via AMF and MME accordingly) with a UAVC Change and new authorization information to enable UAV to update any pairing authorization information locally stored.6.16.