TRANSPARENT CONTAINERS

BACKGROUND

[0001] Upcoming generations of wireless communication systems, such as Fifth

Generation (5G) communication systems, are expected to enable applications such as virtual reality, augmented reality, reliable remote operation of machines, factory automation, network-assisted control of traffic and self-driving vehicles, and the cellular "Internet of Things (IoT)" that supports internetworking of physical devices such as appliances, vehicles, buildings, and other items that are embedded with electronics, software, sensors, actuators, and network connectivity that enable the devices to collect and exchange data over the Internet. Future 5G communication systems will therefore be required to support gigabit per second data rates (e.g., to support virtual or augmented reality applications), end-to-end latencies of at most 1 millisecond (ms) (e.g., to support factory automation applications), reliabilities of at least 99.999% (e.g., for automotive traffic control applications such as platooning), and user equipment densities of tens of millions of devices per square kilometer (e.g., to support cellular IoT applications). Communication systems that operate according to the 5G standards are also expected to provide wireless access and fixed (or wired) access on an equal footing, which is referred to herein as fixed-mobile convergence. User equipment will therefore be able to perform hybrid access by connecting to the 5G communication system via concurrent fixed and wireless connections.

BRIEF DESCRIPTION OF THE DRAWINGS

[0002] The present disclosure may be better understood, and its numerous features and advantages made apparent to those skilled in the art by referencing the accompanying drawings. The use of the same reference symbols in different drawings indicates similar or identical items.

[0003] FIG. 1 is a block diagram of a communication system that supports providing subscriber data in transparent containers according to some embodiments. [0004] FIG. 2 is a block diagram of a network function virtualization (NFV) architecture according to some embodiments.

[0005] FIG. 3 is a message flow that depicts messaging exchanged between a user equipment (UE), an access and mobility management function (AMF), an authentication service function (AUSF), and a unified data manager (UDM)according to some embodiments.

[0006] FIG. 4 is a message flow that depicts messaging exchanged between a UE, an AMF, a session management function (SMF), and a UDM according to some

embodiments. DETAILED DESCRIPTION

[0007] User equipment are required to register with a network in order to be authorized to receive services provided by the network, to enable mobility tracking, and to enable reachability. Registration procedures are used when the user equipment initially attaches to the network, as well as during mobility related events and in response to other events. In a Fifth Generation (5G) communication system, user equipment registration involves messages exchanged between an access and mobility management function (AMF), a session management function (SMF), an authentication service function (AUSF), and a unified data manager (UDM). During the registration procedure, the AMF requests subscriber authentication information for the user equipment from AUSF over the N12 interface which communicates with the UDM over the N13 interface. After the authentication is completed, the AMF communicates directly with the UDM over the N8 interface to get the registration information. After the registration is completed, the SMF separately requests subscription information for the user equipment over a second (N10) interface the UDM during a protocol data unit (PDU) session establishment procedure. [0008] Signaling required to register and authenticate user equipment in a 5G

communication system is reduced by establishing a first pair of transparent containers over a first interface (N12) between an AMF and an AUSF and establishing a second pair of transparent containers over a second interface (N13) between the AUSF and a UDM. One container in each of the first and second pairs is reserved for AMF- specific subscriber information and the second container in each of the first and second pairs is reserved for the SMF-specific subscriber information. These containers can be requested by the AMF or pushed by the UDM. Subscriber information for a user equipment is transported from the UDM to the AMF using the first and second transparent container pairs. The AMF decodes the AMF-specific subscriber information received via the first pair of transparent containers during the registration procedure. The AMF subsequently provides the SMF-specific subscriber information to the SMF over a third interface during the PDU session creation procedure. The messages transmitted via the first and second transparent container pairs include messages encoded for transmission over a fourth interface between the AMF and the UDM or a fifth interface between the SMF and the UDM.

[0009] In some embodiments, a third transparent container is established over a third interface (Ni l) between the AMF and the SMF for conveying the subscriber information associated with the user equipment. Using transparent containers to convey subscription information for user equipment from the UDM to the AMF via the AUSF eliminates previously required signaling exchanges over the fourth interface and the fifth interface. In some embodiments, the first or second pairs of transparent containers, the third transparent container, or additional containers are used to deliver other information from UDM to AMF and SMF to reduce the amount of direct signaling with the UDM.

[0010] FIG. 1 is a block diagram of a communication system 100 that supports providing subscriber data in transparent containers according to some embodiments. The communication system 100 provides support for both mobile and fixed access. As used herein, the term "mobile access" refers to accessing a communication system (e.g., the communication system 100) over an air interface. Mobile access can therefore be referred to as wireless access, mobile communication, wireless communication, or other similar terms. The term "fixed access" refers to accessing to a communication system using a device that is physically connected to the communication system, e.g., accessing a communication system such as the communication system 100 via wires, optical fibers, and the like. Fixed access can therefore be referred to as wireline access, wired communication, or other similar terms. In some embodiments, the final leg of a fixed access connection can be provided by a wireless access point such as a Wi-Fi access point. The communication system 100 supports hybrid access that allows devices to concurrently access the communication system 100 using mobile access and fixed access. [0011] The communication system 100 includes a core network 105 that is accessible by either mobile or fixed devices using a common user plane access and a control plane that supports common authentication, authorization, and accounting (AAA) and policy control. As used herein, the phrase "user plane" refers to a portion of a routing architecture that performs routing of packets that arrive on an inbound interface. For example, the user plane can be implemented using routing tables to determine a path from the inbound interface through a forwarding fabric to the proper outgoing interface. The user plane can also be referred to as a data plane or a forwarding plane. As used herein, the phrase "control plane" refers to a portion of the routing architecture that defines a network topology. For example, the control plane can be used to configure the routing tables that are used to forward packets on the user plane. Control plane logic can also be used to establish priority or quality-of- service for the packets or to identify packets that should be discarded.

[0012] The core network 105 includes an access and mobility management function (AMF) 110 that manages access control and mobility for devices in the communication system 100. The core network 105 also includes a session management function (SMF) 115 to set up and manage sessions in the communication system 100 according to network policies. An association between user equipment and the core network 105 can be represented as a protocol data unit (PDU) session that can be managed by the SMF 115. The PDU session supports data connectivity between user equipment and a data network. The core network 105 further includes an authentication service function

(AUSF) 120 that stores subscriber authentication information for the user equipment that are connected to the core network 105. Information stored in the AUSF 120 is therefore used to authenticate user equipment before allowing the user equipment access to the communication system 100. [0013] The core network 105 also includes a unified data manager (UDM) 125 that processes credentials, location management, subscription management, and the like. The UDM 125 stores data including user subscription data, such as subscription identifiers, security credentials, access and mobility related subscription data, and session related subscription data. The core network 105 further includes one or more user plane functions (UPF) 130 that can be deployed in the communication system 100 to provide services to users of the communication system 100. The user plane function 130 can function as an endpoint for service flows that are used to broadcast, multicast, or unicast packets, as discussed herein. The user plane function 130 can therefore store endpoint identifiers for the service flows.

[0014] Entities within the core network 105 are connected by various interfaces. The AMF 110 is connected to the AUSF 120 by an interface 135, to the UDM 125 by an interface 140, and to the SMF 115 by an interface 145. The AUSF 120 is connected to the UDM 125 by an interface 150. The SMF 115 is connected to the UDM 125 by an interface 155. In some embodiments, the interfaces 135, 140, 145, 150, 155 are implemented according to standards such as the Third Generation Partnership Project (3GPP) Fifth Generation (5G) network architecture. For example, the interfaces 135, 140, 145, 150, 155 in a 5G system correspond to the N 12, N8, Ni l, N13, and N10 interfaces, respectively. The communication system 100 defines other interfaces between entities that are disposed interior and exterior to the core network 105. The other interfaces are not indicated by a reference numeral in the interest of clarity.

[0015] Some embodiments of the core network 105 include other functionality such as a policy control function and a network function repository function, which are not shown in FIG. 1 in the interest of clarity. Some embodiments of the core network 105 are implemented using network function virtualization and software defined networking, as discussed herein. For example, different network slices can be used to instantiate different instances of the AMF 110, the SMF 115, the UPF 130, or the UDM 125 for different users or devices. Each protocol data unit (PDU) session is part of one network slice. [0016] The core network 105 provides network access to user equipment 160 via mobile access. For example, the user equipment 160 can access the core network 105 via a base station 165 that is connected to the AMF 110 over a corresponding interface such as an N2 interface. The base station 165 is also connected to the UPF 120 by a corresponding interface such as an N3 interface, which is not shown in FIG. 1 in the interest of clarity. The base station 165 can be implemented as a 5G gigabit NodeB (gNB) in accordance with standards defined by the 3GPP. For another example, the user equipment 160 can access the core network 105 via a base station 170 that is connected to the AMF 110 over a corresponding interface such as an N2 interface. The base station 170 is also connected to the UPF 130 by a corresponding interface such as an N3 interface, which is not shown in FIG. 1 in the interest of clarity. The base station 170 can be implemented as a

Terrestrial Broadcast 5G gNB in accordance with standards defined by the 3GPP.

[0017] The core network 105 also provides network access to the user equipment 160 via fixed access. For example, the user equipment 160 can establish a connection to a residential gateway 175, which has a wired connection to an Ethernet network 180. In the illustrated embodiment, a final leg of the fixed access connection between the user equipment 160 and the core network 105 is implemented using a wireless access technology. For example, a Wi-Fi access point 185 can be used to provide the final leg of the fixed access connection. However, in other cases, the user equipment 160 is connected to the residential gateway 175 using a wired connection. Some embodiments of the wired connection use line termination devices such as a digital subscriber line access multiplexer (DSLAM) or a gigabit passive optical network (GPON).

[0018] An interworking function 190 is disposed between the Ethernet network 180 and the core network 105. The interworking function 190 can also be referred to as a non- 3GPP interworking function (N3IWF). The interworking function 190 is configured to modify or translate messages conveyed from the fixed access user equipment to the core network 105 so that the fixed access user equipment appears to be accessing the core network 105 according to mobile access standards or protocols from the perspective of the core network 105. The interworking function 190 is also configured to modify or translate messages conveyed from the core network 105 to the fixed access user equipment so that the messages received by the fixed access user equipment conform to corresponding fixed access standards or protocols. The interworking function 190 supports interfaces with the AMF 110 and the UPF 130.

[0019] The number of messages that are exchanged over the interfaces 135, 140, 145, 150, 155 during registration of the user equipment 160 with the core network 105 is reduced conveying registration information in transparent containers in the core network 105. In some embodiments, a first pair of transparent containers are transmitted over the interface 135 and a second pair of transparent containers are transmitted over the interface 150. The AMF 110 receives AMF-specific subscriber information and SMF- specific subscriber information via the first and second pairs of transparent containers. The AMF 110 decodes the AMF-specific subscriber information and forwards the SMF- specific subscriber information to the SMF 115 over the interface 145. In some embodiments, an additional transparent container is conveyed over the interface 145 and the additional transparent container is used to carry the SMF-specific subscriber information. Conveying the registration information in the transparent containers eliminates messaging exchanged between the AMF 110 and the UDM 125 over the interface 140 because the UDM 125 has previously provided this information to the AMF 110 via the transparent containers over the interfaces 135, 150. The transparent containers also eliminate messaging exchanged between the SMF 115 and the UDM 125 over the interface 155 during the PDU registration because the registration information is already available to the SMF 115 via the AMF 110.

[0020] FIG. 2 is a block diagram of an NFV architecture 200 according to some embodiments. The NFV architecture 200 is used to implement some embodiments of the communication system 100 shown in FIG. 1. For example, instances of the AMF 110, SMF 115, AUSF 120, and UDM 125 can be instantiated as virtual functions in the NFV architecture 200. The NFV architecture 200 includes hardware resources 201 including computing hardware 202, storage hardware 203, and network hardware 204. The computing hardware 202 is implemented using one or more processors, the storage hardware 203 is implemented using one or more memories, and the network hardware 204 is implemented using one or more transceivers, transmitters, receivers, interfaces, and the like.

[0021] A virtualization layer 205 provides an abstract representation of the hardware resources 201. The abstract representation supported by the virtualization layer 205 can be managed using a virtualized infrastructure manager 210, which is part of the NFV management and orchestration (M&O) module 215. Some embodiments of the manager 210 are configured to collect and forward performance measurements and events that may occur in the NFV architecture 200. For example, performance measurements may be forwarded to an orchestrator (ORCH) 217 implemented in the NFV M&O 215. The hardware resources 201 and the virtualization layer 205 may be used to implement virtual resources 220 including virtual computing resources 221, virtual storage resources 222, and virtual networking resources 223.

[0022] Virtual networking functions (VNF1, VNF2, VNF3) run over the NFV

infrastructure (e.g., the hardware resources 201) and utilize the virtual resources 220. For example, the virtual networking functions (VNF1, VNF2, VNF3) may be implemented using virtual machines supported by the virtual computing resources 221, virtual memory supported by the virtual storage resources 222, or virtual networks supported by the virtual network resources 223. Element management systems (EMS 1, EMS2, EMS3) are responsible for managing the virtual networking functions (VNF1, VNF2, VNF3). For example, the element management systems (EMS 1, EMS2, EMS3) may be responsible for fault and performance management. In some embodiments, each of the virtual networking functions (VNF1, VNF2, VNF3) is controlled by a corresponding VNF manager 225 that exchanges information and coordinates actions with the manager 210 or the orchestrator 217. [0023] The NFV architecture 200 may include an operation support system

(OSSybusiness support system (BSS) 230. The OSS/BSS 230 deals with network management including fault management using the OSS functionality. The OSS/BSS 230 also deals with customer and product management using the BSS functionality. Some embodiments of the NFV architecture 200 use a set of descriptors 235 for storing descriptions of services, virtual network functions, or infrastructure supported by the NFV architecture 200. Information in the descriptors 235 may be updated or modified by the NFV M&O 215.

[0024] The NFV architecture 200 implements network slices that provide control plane functions or user plane functions, such as instances of the AMF 110, SMF 1 15, AUSF 120, and UDM 125 shown in FIG. 1. A network slice is a complete logical network that provides communication services and network capabilities, which can vary from slice to slice. User equipment can concurrently access multiple slices that support multiple service flows between a core network and the user equipment. Some embodiments of user equipment provide Network Slice Selection Assistance Information (NSSAI) parameters to the network to assist in selection of a slice instance for the user equipment. A single NSSAI may lead to the selection of several slices. The NFV architecture 200 can also use device capabilities, subscription information and local operator policies to do the selection. An NSSAI is a collection of smaller components, Single-NSSAIs (S- NSSAI), which each include a Slice Service Type (SST) and possibly a Slice

Differentiator (SD). Slice service type refers to an expected network behavior in terms of features and services (e.g., specialized for broadband or massive IoT), while the slice differentiator can help selecting among several network slice instances of the same type, e.g. to isolate traffic related to different services into different slices. [0025] FIG. 3 is a message flow 300 that depicts messaging exchanged between a user equipment (UE), an AMF, an AUSF, and a UDM according to some embodiments. The message flow 300 is implemented in some embodiments of the communication system 100 shown in FIG. 1.

[0026] The UE initiates a registration procedure to register with the communication system by transmitting a registration request message 305 to the AMF. In response to receiving the registration request message 305, the AMF transmits an information request message 310 to the AUSF to request authentication information for the UE. In some embodiments, the information request message 310 is a 5G-AIR message that optionally contains a request to establish transparent containers between the AMF and the AUSF and between the AUSF and the UDM.

[0027] The AUSF transmits an authentication information request message 315 to the UDM in response to receiving the information request message 310. The authentication information request message 315 include information identifying the user equipment such as an international mobile subscriber identity (EVISI) that is allocated to the UE. The UDM uses the identifying information to locate authentication information such as security keys that are used to authenticate the UE to the communication system.

[0028] The UDM transmits an authentication information response message 320 to the AUSF. The authentication information response message 320 includes authentication information for the UE such as the security keys that are used to authenticate the UE. The authentication information response message 320 also includes transparent containers to carry information between the UDM and the AUSF and between the AUSF and the AMF. Although the transparent containers are transmitted in response to receiving the authentication information request message 315 in the message flow 300, some embodiments of the UDM are configured to transmit the information containers prior to receiving the authentication information request message 315. For example, the UDM can be configured to push transparent containers including AMF- specific information and SMF-specific information to the AUSF. [0029] In the illustrated embodiment, pairs of transparent containers are used to convey information over the interfaces. One of the pairs of the transparent containers on each of the interfaces carries the AMF- specific information and the other one of the pairs of transparent containers carries the SMF-specific information. For example, a first transparent container that is transmitted over the interface between the UDM and the AUSF carries AMF-specific information that is used to register the UE in an information element of the first transparent container. A second transparent container in the pair that is transmitted over the interface between the UDM and the AUSF carries SMF-specific information that is used to establish a PDU session for the UE in an information element of the second transparent container. In some embodiments, the transparent containers include information identifying the container endpoints (e.g., the AMF and the UDM), information identifying the UE associated with the transparent containers, and the like.

[0030] The AUSF transmits an information response message 325 to the AMF in response to receiving the authentication information response message 320. The information response message 325 includes the authentication information received in the authentication information response message 320, as well as the transparent containers that include the AMF-specific information for the UE and the SMF-specific information for the UE. The AUSF does not access or decode the AMF-specific information or the SMF-specific information, i.e., this information is "transparent" to the AUSF when included in the transparent containers.

[0031] The UE is authenticated on the basis of the authentication information received from the UDM in an authentication procedure 330. In a conventional authentication, the AMF would be required to transmit a request for AMF-specific information over an interface between the AMF and the UDM. The conventional information exchange is illustrated as a dotted line box 335 in FIG. 3. The dotted lines of the box 335 indicate that this message exchange does not actually take place in the message flow 300. Instead, since the AMF-specific information has already been conveyed to the AMF in one of the transparent containers over the interfaces between the UDM, the AUSF, and the AMF as described above, the AMF can proceed directly with the authentication procedure 330. For example, the AMF can decode the AMF-specific information that was included in the transparent container and perform the authentication procedure 330 on the basis of the decoded AMF-specific information. Once the authentication procedure 330 is complete and the UE has been authenticated, the AMF transmits a registration response 340 to the UE to confirm that the UE is registered with the communication system. [0032] FIG. 4 is a message flow 400 that depicts messaging exchanged between a user equipment (UE), an AMF, an SMF, and a UDM according to some embodiments. The message flow 400 is implemented in some embodiments of the communication system 100 shown in FIG. 1. The message flow 400 is used to perform a protocol data unit (PDU) session establishment of the UE with the SMF and is therefore performed after the message flow 300 shown in FIG. 3 has been performed to register the UE with the communication system.

[0033] The UE transmits a PDU session establishment request message 405 to begin a procedure for establishing a PDU session with the communication system. The PDU session establishment request message 405 is transmitted to the AMF, which forwards a request message 410 to the SMF. The request message 410 includes the transparent container that holds the SMF-specific information that was provided by the UDM, e.g., during registration of the UE using the message flow 300 shown in FIG. 3.

[0034] In response to receiving the request message 410, the SMF and the UE initiate a PDU session establishment procedure 415 on the basis of the SMF-specific information for the UE. In a conventional PDU session establishment procedure, the SMF is required to request the SMF-specific information from the UDM using messages exchanged over an interface between the SMF and the UDM. The conventional information exchange is illustrated as a dotted line box 420 in FIG. 4. The dotted lines of the box 420 indicate that this message exchange does not actually take place in the message flow 400. Instead, the SMF decodes the SMF-specific information conveyed in the transparent container and then proceeds with the PDU session establishment procedure 415 on the basis of the decoded SMF-specific information without sending any additional messages to the UDM.

[0035] In some embodiments, certain aspects of the techniques described above may implemented by one or more processors of a processing system executing software. The software comprises one or more sets of executable instructions stored or otherwise tangibly embodied on a non-transitory computer readable storage medium. The software can include the instructions and certain data that, when executed by the one or more processors, manipulate the one or more processors to perform one or more aspects of the techniques described above. The non-transitory computer readable storage medium can include, for example, a magnetic or optical disk storage device, solid state storage devices such as Flash memory, a cache, random access memory (RAM) or other non- volatile memory device or devices, and the like. The executable instructions stored on the non- transitory computer readable storage medium may be in source code, assembly language code, object code, or other instruction format that is interpreted or otherwise executable by one or more processors.

[0036] A computer readable storage medium may include any storage medium, or combination of storage media, accessible by a computer system during use to provide instructions and/or data to the computer system. Such storage media can include, but is not limited to, optical media (e.g., compact disc (CD), digital versatile disc (DVD), Blu- Ray disc), magnetic media (e.g., floppy disc, magnetic tape, or magnetic hard drive), volatile memory (e.g., random access memory (RAM) or cache), non-volatile memory (e.g., read-only memory (ROM) or Flash memory), or microelectromechanical systems (MEMS)-based storage media. The computer readable storage medium may be embedded in the computing system (e.g., system RAM or ROM), fixedly attached to the computing system (e.g., a magnetic hard drive), removably attached to the computing system (e.g., an optical disc or Universal Serial Bus (USB)-based Flash memory), or coupled to the computer system via a wired or wireless network (e.g., network accessible storage (NAS)).

[0037] Note that not all of the activities or elements described above in the general description are required, that a portion of a specific activity or device may not be required, and that one or more further activities may be performed, or elements included, in addition to those described. Still further, the order in which activities are listed are not necessarily the order in which they are performed. Also, the concepts have been described with reference to specific embodiments. However, one of ordinary skill in the art appreciates that various modifications and changes can be made without departing from the scope of the present disclosure as set forth in the claims below. Accordingly, the specification and figures are to be regarded in an illustrative rather than a restrictive sense, and all such modifications are intended to be included within the scope of the present disclosure.

[0038] Benefits, other advantages, and solutions to problems have been described above with regard to specific embodiments. However, the benefits, advantages, solutions to problems, and any feature(s) that may cause any benefit, advantage, or solution to occur or become more pronounced are not to be construed as a critical, required, or essential feature of any or all the claims. Moreover, the particular embodiments disclosed above are illustrative only, as the disclosed subject matter may be modified and practiced in different but equivalent manners apparent to those skilled in the art having the benefit of the teachings herein. No limitations are intended to the details of construction or design herein shown, other than as described in the claims below. It is therefore evident that the particular embodiments disclosed above may be altered or modified and all such variations are considered within the scope of the disclosed subject matter. Accordingly, the protection sought herein is as set forth in the claims below.