APPARATUS AND METHODS FOR IMPROVED RECORDING PROCEDURE IN A MOBILE SYSTEM SUPPORTING NETWORK SLICING
The mobile network entity (AMF) verifies and initiates additional authentication for third parties, using SDM and AUSF to manage secure access to network slices, addressing the challenge of third-party authorization in network slicing.
Patent Information
- Authority / Receiving Office
- BR · BR
- Patent Type
- Patents
- Current Assignee / Owner
- NOKIA TECHNOLOGIES OY
- Filing Date
- 2017-03-21
- Publication Date
- 2026-07-07
AI Technical Summary
Network slicing in mobile communication systems introduces new technical issues, particularly the need for independent authentication and authorization of third-party stakeholders accessing network slices, which existing systems do not adequately address.
Implementing a mobile network entity (AMF) that verifies and initiates additional authentication and authorization for third parties, utilizing a subscriber database (SDM) to store required authentication data, and interacting with a third-party AAA server (AUSF) to ensure secure access to network slices during registration.
Enables secure and efficient authentication and authorization of third-party stakeholders, ensuring proper access to network slices while maintaining network security and resource efficiency.
Smart Images

Figure 00000023_0000 
Figure 00000024_0000 
Figure 00000025_0000
Abstract
Description
APPARATUS AND METHODS FOR IMPROVED RECORDING PROCEDURE IN A MOBILE SYSTEM SUPPORTING NETWORK SLICING
[001] The present invention relates generally to mobile communication networks and systems.
[002] Detailed descriptions of mobile communication networks and systems can be found in the literature, particularly in the Technical Specifications published by standardization bodies, such as 3GPP (3rd Generation Partnership Project).
[003] In general, in a mobile system, a user / User Equipment (UE) has access to services provided by a mobile network. A mobile network generally comprises a Core Network accessed through an Access Network, such as a Radio Access Network.
[004] An example of a mobile system is the Next Generation system, also called the 5G system, currently specified by 3GPP, as in 3GPP TR 23.799, 3GPP TS 23.501 and 3GPP TS 23.502.
[005] A concept used in Next Generation (or 5G) mobile networks is the concept of network slicing. As indicated, for example, in 3GPP TS 23.501, the operator can deploy multiple Network Slicing instances that deliver the same resources, but to different groups of UEs, for example, since they deliver a different committed service and / or because they can be dedicated to a client.
[006] The introduction of network slicing in such networks and systems brings new technical issues that require new solutions. One example of such new technical issues is that network slicing can introduce new stakeholders into the end-to-end system chain that may require independent authentication and / or authorization.
[007] There is a need to address such new technical issues. The Petition 870260027320, dated 03 / 23 / 2026, page 14 / 71 2 / 17 embodiments of the invention in particular address such needs.
[008] These and other objectives are achieved, in one aspect, by a mobile network entity, such as the Access and Mobility Management Function (AMF), which provides record management functions in a mobile network that supports network slicing, said mobile network entity configured to: - verify if authentication and / or authorization involving third parties associated with a network slice is required to access said network slice, in addition to the authentication and / or authorization to access said mobile network, during registration, - initiate said authentication and / or authorization involving said third parties after verifying that said authentication and / or authorization involving said third parties is required.
[009] These and other objectives are achieved, in another aspect, by a mobile network subscriber database, such as SDM, for a mobile network that supports network slicing, said mobile network subscriber database configured to: - to store signature data indicating whether authentication and / or authorization involving third parties associated with a network slice is required to access said network slice, in addition to authentication and / or authorization to access said mobile network.
[010] These and other objectives are achieved, in another aspect, by a User Equipment for a mobile system that supports network slicing, said User Equipment configured to: - to support authentication and / or authorization involving third parties associated with a network slice to access said network slice, in addition to authentication and / or authorization to access said network, if required for said network slice, during Petition 870260027320, dated 03 / 23 / 2026, page 15 / 71 3 / 17 record.
[011] These and other objectives are known, in another aspect, by a mobile network entity, such as AUSF, which provides authentication server functions in a mobile network that supports network slicing, said mobile network entity configured to: - To relay information exchanged between a mobile network entity, such as the Access and Mobility Management Function (AMF), which provides record management functions, and an AAA server called a third-party AAA server associated with the network slice in an authentication and / or authorization procedure performed to access said network slice.
[012] These and other objectives are achieved, in another aspect, by a method for improved registration in a mobile system that supports network slicing, said method including at least one step performed by at least one of the entities thus configured: mobile network entity, such as Access and Mobility Management Function AMF that provides registration management functions, mobile network subscriber database such as SDM, UE User Equipment, mobile network entity such as AUSF, which provides authentication server functions.
[013] Some embodiments of apparatus and / or methods according to the embodiments of the present invention are described now only by way of example and with reference to the accompanying drawings, in which: Figure 1 is intended to illustrate in a simplified way the introduction into a mobile system of an extra level of slice access authentication with an external (third-party) AAA server according to the embodiments of the invention. Figure 2 is intended to illustrate, in a simplified way, an example of the steps in a registration procedure according to the modalities of Petition 870260027320, dated 03 / 23 / 2026, p. 16 / 71 4 / 17 invention, Figure 3 is intended to illustrate, in a simplified way, an example of more detailed steps in a registration procedure according to embodiments of the invention. ABBREVIATIONS AAA Authentication, Authorization, and Counting AMF Access and Mobility Management Function AUSF Authentication Server Function EAP Extensible Authentication Protocol MSISDN Mobile Subscriber ISDN Number NAS Non-Access Stratum NSSAI Network Slice Selection Assistance Information PLMN Public Mobile Terrestrial Network RAN Radio Access Network RRC Radio Resource Control SD Slice Differentiator SDM Subscriber Data Manager SMF Session Management Function S-NSSAI Network Slice Selection Assistance Information Unique SST Type of Service Slice EU User Equipment DESCRIPTION OF VARIOUS ASPECTS AND / OR MODALITIES OF THE INVENTION
[014] The embodiments of the invention will be described herein by way of example for the case of a Next Generation (5G) system. However, the embodiments of the invention are not limited to such an example and apply more generally to mobile systems / networks using network slicing. Petition 870260027320, dated 03 / 23 / 2026, p. 17 / 71 5 / 17
[015] Within the scope of TS 23.501 and TS23.502, it is possible for a UE to be simultaneously attached to more than one network slice, through a single function called AMF. The AMF can be specialized for the set of network slices to which the UE is attached.
[016] A network slice is conceptually like an end-to-end network. It is identified by the S-NSSAI value, which is composed of a Slice Service Type (SST) value and a Slice Differentiator (SD) value. The set of slices that a UE intends to use or is accepted by the network for use is defined by the NSSAI, which is the collection of the S-NSSAIs of the slices that the UE is using. The SD field can be used to associate the slice with third parties acting as a tenant of the operator provided by the network slice. This tenant may have its own AAA database. The embodiments of the invention aim to allow the tenant to authenticate its own subscribers with its own AAA database.
[017] The UE signs off on the network slices it is authorized to use. These are stored as signed to the S-NSSAI in the HSS (now known in 5G as UDM = User Data Manager).
[018] Authorization to access a slice typically occurs during a registration procedure where, after the UE is authenticated and authorized to access the PLMN, subscriber data indicates which slices are permitted for the UE based on stored HSS / UDM data. UE authentication with 3GPP credentials is via a function called AUSF (Authentication Server function). However, this model assumes that the tenant fully trusts the PLMN operator to perform A&A. In many cases, the tenant may wish to apply its own authentication and / or authorization. The embodiments of the invention aim to allow the slice tenant to apply its own authentication and / or authorization. Petition 870260027320, dated 03 / 23 / 2026, p. 18 / 71 6 / 17
[019] Any proposal to use authentication and authorization of access to data networks in the existing system documented in TS 23.401 and TS 29.061 is not suitable as the data network may belong to a party that is not actually the tenant itself, but a client of the tenant. Access to the slice is also authorized at the time registration occurs and SM may not happen at the same time. It also allows the UE to remain fixed without a PDN connection and yet some RAN-level control plane policies may apply while no PDN connection is established. The embodiments of the invention aim to allow authentication and / or authorization steps applied by the tenant to occur during the registration procedure.
[020] An exemplary embodiment of a registration procedure as illustrated in Figure 2 or 3 may be used in a system as illustrated in the exemplary embodiment of Figure 1.
[021] In some modes, the UE can be configured with information to associate a slice authentication method if an extra level of authentication is required to access a certain slice. In some modes, if the UE is configured to do so, an extra level of authentication can be performed after the UE is authenticated for access to the PLMN.
[022] In some modes, subscriber data stored by SDM may include S-NSSAI if the extra level of authentication and / or authorization is required. As illustrated in the example in Figure 1, SDM may store signed slices as S-NSSAI, with an indication of possible extra Authentication and / or Authorization.
[023] In some modes, if the extra level of authentication is required, the UE may be challenged to authenticate the slice by the AMF and the UE may perform the extra level of authentication based on its configuration for the slice. The AMF may Petition 870260027320, dated 03 / 23 / 2026, p. 19 / 71 7 / 17 can be connected directly to the tenant's AAA server or the AUSF can proxy towards it. As illustrated in the example in Figure 1, the AMF can be the UE authenticator for both PLMN access based on 3GPP credentials and also for slice access based on third-party AAA credentials optionally.
[024] In some modes, additionally or exclusively, if the extra level of authorization is required, this may involve forming the third-party database, even while the UE is authenticated with it (for third parties to perform A&A), or by submitting to the third-party AAA server an Identity that the PLMN can use externally (such as the MS_ISDN or external ID defined in TS 23.682) so that the AAA server can verify whether it is allowed to access the slice. In this case, step 4 in Figure 2 (4c, d, e, f in Figure 3) would not involve the UE and would only be between the AMF and the AAA server based on verification of the trusted UE identity with the AAA database. In this case, steps 4c and 4d would only include the MS-ISDN or external ID, and steps 4e and 4f would report a Success or Failure of UE authorization information to the AMF.Third-party AAAs may also report to the AMF in steps 4e and 4f a request to challenge the UE with the provided MS-ISDN or external ID, in which case the procedure would restart from step 4a.
[025] In some modes, the UE can make a registration request indicating the NSSAI, including all the S-NSSAIs of the slices they intend to use (step 1 in Figure 2 or 3). Security procedures for accessing the PLMN (with AMF as the authenticator and AUSF as the authentication server) can be performed (step 2 in Figure 2 or 3). The AMF in step 3 can verify if the UE is signed for each of these S-NSSAIs. If there is no signature for an S-NSSAI, the S-NSSAI is not accepted. However, if there is a signature, additional signature information may exist to require that the Petition 870260027320, dated 03 / 23 / 2026, p. 20 / 71 8 / 17 The UE must be additionally authenticated and / or authorized by third parties. If so, the authentication method, the need to indicate an external UE identity for the third parties (such as MS-ISDN or external UE ID defined in 23682), and the AAA server address where to send the authentication request can be included. Furthermore, for each S-NSSAI for which third-party authentication is required, step 4 in Figure 2 (4a to 4m in Figure 3) can be executed. EAP can be considered to be used as a transport for flexible authentication protocols. The number of messages in the sequence of step 4 may depend on the exact EAP authentication method selected by the third parties, but those in the flow are only an example.
[026] Furthermore, since the UE performs periodic registrations, this step may not be required in periodic registrations. The AMF may report, based on agreement with third parties, periodic registrations by using messages 4.c,d,e,f including only the MSISDN (or external ID) once the MS-ISDN (or external ID) was associated with the authenticated third-party user ID in the initial registration if this was included in steps 4c, 4d. Therefore, this method may also allow the association of the third-party User ID and the operator-authenticated identities, which may create a shortcut for subsequent registrations, and only periodically can third parties re-challenge the UE with new third-party authentication (to save AAA and network resources).
[027] In step 5 (Figure 2 or 3), the AMF may accept the registration including the NSSAI with the accepted S-NSSAIs (based only on signature verification or based on successful third-party authentication)
[028] The embodiments of the invention can also be described in the following manner.
[029] EPS offers packet data services according to a simple paradigm where a single access network serving an UE would provide Petition 870260027320, dated 03 / 23 / 2026, page 21 / 71 9 / 17 Access to a PDN. Network access authentication is based on PLMN authentication (3GPP AKA), which also provided the keys for wireless link encryption. Optionally, if the PDN a UE needs to access is operated by a third party, that third party may require an additional level of authentication, allowing a UE to be denied access even though HSS recordings indicate that the UE has signed up for the PDN APN. This would allow a PDN operator to manage an independent set of credentials for its subscribers and establish or remove a client-server-provider relationship without needing to contact the operator.
[030] As we move towards the 5G system, in addition to the concepts indicated above in the EPS document, which are also provided by the 5G system, there is now the concept of Network Slice.
[031] Through the concept of network slicing, a PLMN operator can provide a certain level of network service / services to third parties in a type of wholesale agreement.
[032] It needs to be discussed whether it is sufficient to use PLMN-level authentication to allow a UE to access a slice that is offered to third parties.
[033] It is almost possible that third parties entering into the SLA with the operator for the Network Slice may possess their own subscriber base, or intend to have their own independent subscriber base based on their own Identity and credentials. Thus, it is desirable to allow third parties to authorize access to the slice through verification of the subscriber database they possess.
[034] This slice tenant that requires the extra level of authentication and authorization, such as the PDN operator in EPS, relies on the PLMN to provide a secure link based on authentication, authorization, and access security to Petition 870260027320, dated 03 / 23 / 2026, p. 22 / 71 10 / 17 PLMN, and that the PLMN operator would allow or deny access to the slice based on the tenant result based on authentication and authorization performed on top of the PLMN access authentication and authorization. Therefore, when the UE is accepted into the tenant slice during the registration procedures, optionally including the extra level of slice access authentication, it is considered that all other procedures reported for the slice's S-NSSAI can be executed. Note that S-NSSAI acceptance occurs at the time of registration; the extra level of authentication needs to be in place at the time of registration.
[035] Embodiments of the invention may include one or more of:
[036] If a UE signs to S-NSSAI that points to a slice that needs third-party authentication, this information is stored in the SDM (Subscriber Data Manager) as a flag indicating that this step is required, and also the IP address of the AAA server that will perform the authentication.
[037] When a UE makes a registration request where S-NSSAI is requested, or where S-NSSAI is assigned to the UE by default by the system as it is marked as default in SDM, then the AMF executes, on top of any specific PLMN authentication and authorization step required, an authentication and authorization step that is performed with the UE and involves the third-party AAA server. The IP address of the AAA server is carried in the Authentication messages to the AUSF, so the AUSF knows where to relay the Authentication request message from the AMF.
[038] Alternatively, if the User ID on the third party can be set to NAI (see RFC 4282 https: / / tools.ietf.org / html / rfc4282), i.e., the user ID is in the form of user@domain, the IP address is not required in Petition 870260027320, dated 03 / 23 / 2026, page 23 / 71 11 / 17 SDM and the correct AAA from the third-party server are derived in the AUSF by resolving the domain portion of the NAI.
[039] The UE is ready to execute these authentication procedures as it is configured for the S-NSSAI related to the Third-Party slice with the credentials and algorithms needed to authenticate itself with the third-party AAA server. It should be noted that the transport protocol considered is EAP and therefore this represents no extra requirement in N2 and N1 signaling since it is already used for 3GPP and non-3GPP access authentication, therefore this extra step is just the reuse of transport from existing authentication procedures.
[040] This proposal can be summarized as illustrated in Figure 2.
[041] It can be observed that step 4 is optional, but must be performed before S-NSSAI related to the slice for which third-party authentication is required can be included in the Accepted NSSAI. If this step is not performed, the UE is unable to execute the Session Management Procedures for the particular slice, as the UE, before executing SM for a slice, must perform a registration with the slice that uses a registration procedure.
[042] Thus, a third-party verification in the subscriber database must be allowed at the time of registration to admit a UE into a slice that these third parties lease from the operator, and, in that case, the necessary changes must be introduced in the 3GPP TS 23.501 and 3GPP TS 23.502 Technical Specifications.
[043] The embodiments of the invention are not intended to replace the Primary Authentication performed by the operator. If this were done, then the security of CN - UE would be at the expense of the third-party network slice and is not acceptable by current PLMNs. Furthermore, this would not allow the coexistence of multiple slices for a single UE as the consideration is that there is a single Point of Petition 870260027320, dated 03 / 23 / 2026, p. 24 / 71 12 / 17 AMF security termination is shared among Network Slices that AMF supports for a UE. Clearly, if security is related to only one slice, it may not be satisfactory for others.
[044] Various aspects and / or embodiments of the invention include (though are not limited to) the following aspects and / or embodiments.
[045] Some aspects are related to a mobile network entity, such as Access and Mobility Management Function (AMF), which provides record management functions in a mobile network that supports network slicing.
[046] Various modalities are provided, including (though not limited to) the following modalities, which may be considered alone or in combination according to various combinations.
[047] In one embodiment, the said mobile network entity is configured to: - verify if authentication and / or authorization involving third parties associated with a network slice is required to access said network slice, in addition to the authentication and / or authorization required to access said mobile network during registration. - initiate said authentication and / or authorization involving said third parties after verifying that said authentication and / or authorization involving said third parties is required.
[048] In one embodiment, the said mobile network entity is configured to: - To carry out said verification based on subscriber data that indicates whether said authentication and / or authorization involving said third parties is required.
[049] In one embodiment, the said mobile network entity is configured to: Petition 870260027320, dated 03 / 23 / 2026, page 25 / 71 13 / 17 - to receive subscriber data from a subscriber data manager indicating whether said authentication and / or authorization involving said third parties is required.
[050] In one embodiment, the said mobile network entity is configured to: - to act as an authenticator in an authentication and / or authorization procedure involving said third parties.
[051] In one embodiment, the said mobile network entity is configured to: - to receive subscriber data from a subscriber data manager that contains address information of an AAA server associated with said third party, referred to as a third-party AAA server.
[052] In one embodiment, the said mobile network entity is configured to: - Interact with an AAA server associated with said third parties, referred to as the third-party AAA server, in an authentication and / or authorization procedure involving said third parties.
[053] In one embodiment, the said mobile network entity is configured to: - Interact with a mobile network entity, such as AUSF, that provides authentication server functions in an authentication and / or authorization procedure involving said third parties.
[054] In one embodiment, the said mobile network entity is configured to: - To send to a mobile network entity, such as AUSF, that provides authentication server functions in an authentication and / or authorization procedure involving said third parties, at least one of: Petition 870260027320, dated 03 / 23 / 2026, page 26 / 71 14 / 17 • Address information of an AAA server associated with said third parties, referred to as a third-party AAA server, • Public user identity information, such as MSISDN. • A User's User ID recorded on a third-party AAA server.
[055] In one embodiment, the said mobile network entity is configured to: - to send to a UE User Equipment an indication that said registration is accepted if said authentication and / or authorization to access said mobile network and said authentication and / or authorization to access said network slice were successfully performed.
[056] In one embodiment, the said mobile network entity is configured to: - Send to a UE User Equipment, in a registration message, NSSAI accepted if said authentication and / or authorization to access said mobile network and said authentication and / or authorization to access said network slice were successfully performed.
[057] Other aspects are related to a mobile network subscriber database, such as SDM, for a mobile network that supports network slicing.
[058] Various modalities are provided, including (though not limited to) the following modalities, which may be considered alone or in combination according to various combinations.
[059] In one embodiment, the said mobile network subscriber database is configured to: - to store subscriber data indicating whether authentication and / or authorization involving third parties associated with a network slice is required for Petition 870260027320, dated 03 / 23 / 2026, page 27 / 71 15 / 17 access said network slice, in addition to authentication and / or authorization to access said mobile network.
[060] In one embodiment, the said mobile network subscriber database is configured to: - To provide said subscriber data to a mobile network entity, such as AMF, which supports registration functions, during registration.
[061] In one modality: - said subscriber data includes address information of an AAA server associated with said third parties, referred to as the third-party AAA server.
[062] Other aspects relate to a User Equipment for a mobile system that supports network slicing.
[063] Various modalities are provided, including (though not limited to) the following modalities, which may be considered alone or in combination according to various combinations.
[064] In one embodiment, said User Equipment is configured to: - To support authentication and / or authorization involving third parties associated with a network slice to access said network slice, in addition to authentication and / or authorization to access said network, if required for said network slicing during registration.
[065] In one embodiment, said User Equipment is configured to: - to store configuration information to perform an authentication and / or authorization procedure involving said third parties to access said network slice.
[066] In one embodiment, said User Equipment is configured Petition 870260027320, dated 03 / 23 / 2026, page 28 / 71 16 / 17 for: - Interact with a mobile network entity such as the Access and Mobility Management Function (AMF) that provides registration management functions in an authentication and / or authorization procedure involving said third parties to access said network slice.
[067] Other aspects are related to a mobile network entity, such as AUSF, which provides authentication server functions in a mobile network that supports network slicing.
[068] Various modalities are provided, including (though not limited to) the following modalities, which may be considered alone or in combination according to various combinations.
[069] In one embodiment, the said mobile network entity is configured to: - To relay information exchanged between a mobile network entity, such as the Access and Mobility Management Function (AMF), which provides record management functions, and a third-party AAA server associated with a network slice in an authentication and / or authorization procedure performed to access said network slice.
[070] In one embodiment, the said information includes at least one of: - address information of said third-party AAA server, - public user identity information, such as MSISDN, - a User ID of a User recorded on the AAA server of said third party.
[071] Other aspects relate to a method for improved logging in a mobile system that supports network slicing, the said method Petition 870260027320, dated 03 / 23 / 2026, page 29 / 71 17 / 17 including at least one step performed by at least one of the entities configured as follows: a mobile network entity, such as Access and Mobility Management Function (AMF), which provides registration management functions; a mobile network subscriber database, such as SDM; a User Equipment Unit (UE); a mobile network entity, such as AUSF, which provides authentication server functions.
[072] A person skilled in the art would readily recognize that the steps of several methods described above can be performed by programmed computers. In the present document, it is intended that some embodiments cover program storage devices, for example, digital data storage media, which are machine-readable or computer-executable and encode machine-executable or computer-executable instruction programs, wherein said instructions perform some or all of the steps of the methods described above. Program storage devices may be, for example, digital memories, magnetic storage media such as magnetic disks and magnetic tapes, hard disks, or optically readable digital data storage media. It is also intended that the embodiments cover computers programmed to perform the steps of the methods described above.
Claims
CLAIMS 1. An apparatus characterized in that it comprises: at least one processor; and at least one memory including instructions; the at least one memory and the instructions configured to, with the at least one processor, cause the apparatus to at least: - perform a registration procedure to register to a network, wherein said registration procedure is performed before performing a session management procedure for a network slice in an instance access to the network slice involving a third-party authentication, authorization and counting server, and - support authentication and / or authorization involving the third-party authentication, authorization and counting server to access the network slice, in addition to authentication and / or authorization to access said network, if required for said network slice, during said registration procedure.
2. Device according to claim 1, characterized in that at least one memory and instructions are configured to, with at least one processor, enable the device to: - interact with a network entity providing record management functions, in an authentication and / or authorization procedure involving said third-party authentication, authorization and counting server.
3. Device, according to claim 1, characterized in that at least one memory and instructions are configured to, with at least one processor, cause the device to perform: - storing configuration information to perform an authentication and / or authorization procedure involving said authentication server, Petition 870260027320, dated 03 / 23 / 2026, page 48 / 71 2 / 5 authorization and counting of third parties.
4. Device, according to claim 1, characterized in that at least one memory and instructions are configured to, with at least one processor, cause the device to perform: - receive an indication that said registration is accepted if said authentication and / or authorization to access said network, and said authentication and / or authorization to access said network slice, have been successfully performed.
5. Device, according to claim 1, characterized in that at least one memory and instructions are configured to, with at least one processor, cause the device to perform: - receive a single network slice selection assistance information accepted if said authentication or authorization to access said network, and said authentication and / or authorization to access said network slice, have been successfully performed.
6. A method characterized in that it comprises: - performing a registration procedure to register to a network, wherein said registration procedure is performed before performing a session management procedure for a network slice in an instance access to the network slice involving a third-party authentication, authorization, and counting server; and - supporting authentication and / or authorization involving the third-party authentication, authorization, and counting server to access the network slice, in addition to authentication and / or authorization to access said network, if required for said network slice, during said registration procedure.
7. Method, according to claim 6, characterized in that it comprises: - interacting with a network entity providing registration management functions, in an authentication and / or authorization procedure involving said third-party authentication, authorization and counting server.
8. Method according to claim 6, characterized in that it comprises: - storing configuration information to perform an authentication and / or authorization procedure involving said third-party authentication, authorization and counting server.
9. Method, according to claim 6, characterized in that it comprises: - receiving an indication that said registration is accepted if said authentication and / or authorization to access said network, and said authentication and / or authorization to access said network slice, have been successfully performed.
10. Method, according to claim 6, characterized in that it comprises: - receiving a single network slice selection assistance information accepted if said authentication and / or authorization to access said network, and said authentication and / or authorization to access said network slice, have been successfully performed.
11. Apparatus, characterized in that it comprises: at least one processor; and at least one memory including instructions; the at least one memory and the instructions configured to, with the at least one processor, cause the apparatus to at least perform: - providing register management functions, wherein said register management functions include a register procedure, and wherein Petition 870260027320, dated 03 / 23 / 2026, p.50 / 71 4 / 5 said registration procedure is performed before performing a session management procedure for a network slice in an instance access to the network slice involving a third-party authentication, authorization, and counting server, - verify whether authentication and / or authorization involving the third-party authentication, authorization, and counting server is required to access the network slice, in addition to authentication and / or authorization to access said network, during a registration procedure, and - initiate said authentication and / or authorization involving said third-party authentication, authorization, and counting server after verifying that said authentication and / or authorization involving said third-party authentication, authorization, and counting server is required.
12. Device, according to claim 11, characterized in that at least one memory and instructions are configured to, with at least one processor, enable the device to: - interact with a user's equipment, in an authentication and / or authorization procedure involving said third-party authentication, authorization and counting server.
13. Device, according to claim 11, characterized in that at least one memory and instructions are configured to, with at least one processor, cause the device to perform: - provide an indication that said record is accepted if said authentication and / or authorization to access said network, and said authentication and / or authorization to access said network slice, have been successfully performed.
14. Device, according to claim 11, characterized in that at least one memory and instructions are configured to, with Petition 870260027320, dated 03 / 23 / 2026, page 51 / 71 5 / 5, at least one processor, cause the device to perform: - provide a single network slice selection assistance information accepted if said authentication and / or authorization to access said network, and said authentication and / or authorization to access said network slice, have been successfully performed.
15. A method characterized in that it comprises: - providing registration management functions, wherein said registration management functions include a registration procedure, and wherein said registration procedure is performed before performing a session management procedure for a network slice in an instance access to the network slice involving a third-party authentication, authorization, and counting server; - verifying whether authentication and / or authorization involving the third-party authentication, authorization, and counting server is required to access the network slice, in addition to authentication and / or authorization to access said network, during a registration procedure; and - initiating said authentication and / or authorization involving said third-party authentication, authorization, and counting server after verifying that said authentication and / or authorization involving said third-party authentication, authorization, and counting server is required.