Computing service implementation for next generation cellular networks

By employing a multi-connectivity architecture and security mechanisms at RAN nodes, the low latency and security protection issues of computing services in 5G networks are addressed, enabling efficient support for computing services and network slicing authentication, thus meeting the QoS requirements of applications.

CN115769615BActive Publication Date: 2026-07-10INTEL CORP

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
INTEL CORP
Filing Date
2021-07-30
Publication Date
2026-07-10

AI Technical Summary

Technical Problem

Applications based on cloud/edge rendering in existing cloud/edge networks cannot effectively support low-latency application response interactions, and existing solutions cannot meet the QoS requirements of computing services, especially in terms of security protection and network slicing support for computing services in 5G networks.

Method used

Implement compute service support at RAN nodes by using a multi-connection architecture, secure key generation principles, message flow design for RAN Comp SF and Comp CF, and network slice-specific authentication and authorization mechanisms to ensure the security and low latency requirements of compute services.

Benefits of technology

It enables low-latency computing services in 5G networks, meets the QoS requirements of applications, and provides security protection and network slicing support for computing services, ensuring the reliability and efficiency of computing services.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN115769615B_ABST
    Figure CN115769615B_ABST
Patent Text Reader

Abstract

Various embodiments can generally relate to the field of wireless communications. For example, some embodiments can relate to providing solutions for implementing support for compute services in scenarios where a network operator provides both compute services and connectivity services in a 5G network to end users, as well as in scenarios where compute services are provided by an ASP (application service provider), CSP (cloud service provider), or ECSP (edge compute service provider). Other embodiments can be described and / or claimed.
Need to check novelty before this filing date? Find Prior Art

Description

[0001] Cross-reference to related applications

[0002] This application claims priority to U.S. Provisional Patent Application No. 63 / 060,529, filed August 3, 2020; and U.S. Provisional Patent Application No. 63 / 060,543, filed August 3, 2020. Technical Field

[0003] Various embodiments can generally relate to the field of wireless communications. For example, some embodiments may relate to providing solutions for supporting computing services in scenarios where network operators provide both computing and connectivity services in a 5G network to end users, and in scenarios where computing services are provided by an ASP (Application Service Provider), CSP (Cloud Service Provider), or ECSP (Edge Computing Service Provider). Other embodiments may be described and / or claimed. Background Technology

[0004] Currently, cloud / edge rendering-based applications in cloud / edge networks utilize computing services provided by ASPs (Application Service Providers). For example, an ASP is a computing service provider that also uses connectivity services via 5G networks provided by network operators.

[0005] In previous systems, connectivity services for the Public Land Mobile Network (PLMN) or Non-Public Network (NPN) were provided by the network operator, and computing services could be provided by an ASP (ASP), a CSP (Cloud Service Provider), or an ECSP (Edge Service Provider). In the latter two cases, the ASP used the computing services provided by the CSP or ECSP. Attached Figure Description

[0006] The embodiments will be readily understood from the following detailed description taken in conjunction with the accompanying drawings. For ease of description, similar reference numerals denote similar structural elements. The embodiments are shown in the figures of the accompanying drawings by way of example rather than limitation.

[0007] Figure 1 Examples of overall architectures for separating gNB-CU-CP and gNB-CU-UP according to various embodiments are shown.

[0008] Figure 2 Examples of reference RAN architectures supporting RAN computing capabilities according to various embodiments are shown.

[0009] Figure 3 Examples of proposed reference architectures and control / data plane signaling paths according to various embodiments are shown.

[0010] Figure 4Examples of key hierarchy structures of KgNB-cf generated by Kamf according to various embodiments are shown.

[0011] Figure 5 Examples of Comp SF security protection activation for multiple connections with computing services, according to various embodiments, are shown.

[0012] Figure 6 An example of a first option (Option 1) for providing message flow for RAN Comp CF security is shown according to various embodiments.

[0013] Figure 7 Examples of a second option (Option 2) for providing message flow for RAN Comp CF security, according to various embodiments, are shown.

[0014] Figure 8 Examples of the relationship between master authentication and slice-specific authentication and authorization are shown according to various embodiments.

[0015] Figure 9 Examples of network slice-specific authentication and authorization processes according to various embodiments are shown.

[0016] Figure 10 A wireless network according to various embodiments is illustrated schematically.

[0017] Figure 11 The components of a wireless network according to various embodiments are illustrated schematically.

[0018] Figure 12 This is a block diagram illustrating components according to some example embodiments, which are capable of reading instructions from a machine-readable or computer-readable medium (e.g., a non-transitory machine-readable storage medium) and performing any one or more methods discussed herein.

[0019] Figure 13 Examples of procedures for practicing the various embodiments discussed herein are described.

[0020] Figure 14 Another example of a process for practicing various embodiments is described.

[0021] Figure 15 Another example of a process for practicing various embodiments is described. Detailed Implementation

[0022] The following detailed description refers to the accompanying drawings. The same reference numerals may be used to identify the same or similar elements in different drawings. In the following description, specific details, such as particular structures, architectures, interfaces, technologies, etc., are set forth for purposes of explanation and not limitation in order to provide a thorough understanding of various aspects of the various embodiments. However, it will be apparent to those skilled in the art, who benefit from this disclosure, that various aspects of the various embodiments may be practiced in other examples departing from these specific details. In some cases, descriptions of well-known devices, circuits, and methods have been omitted so as not to obscure the description of the various embodiments with unnecessary detail. For the purposes of this document, the phrases “A or B” and “A / B” mean (A), (B), or (A and B).

[0023] The various embodiments described herein provide techniques for implementing security-protected computing services at RAN nodes in next-generation networks. Furthermore, the embodiments provide techniques for supporting network-slicing-based computing services in next-generation cellular networks.

[0024] Implementing secure computing services at RAN nodes in next-generation cellular networks

[0025] Among other things, embodiments of this disclosure can be considered for at least the following two scenarios for computing services:

[0026] Scenario 1: Network operators provide both computing and connectivity services to end users in 5G networks. For example, network operators also act as ASPs in their 5G networks. Applications can be presented to computing functions close to the user in the 5G network, such as enabling computing functions at RAN nodes, also known as RAN computing functions.

[0027] -Scenario 2: Network operators and ASPs have service level agreements (SLAs) for ASPs / CSPs / ECSPs to provide computing services at the RAN computing functions close to their end users in the network operator's 5G network.

[0028] To enable UEs to support computing services on 5G networks, two issues need to be addressed to support the above two scenarios:

[0029] Question 1: What is the RAN architecture for enabling compute services?

[0030] Question 2: How do 5G networks and UEs activate security protections for computing services?

[0031] The embodiments disclosed herein help provide solutions for implementing support for computing services in scenarios 1 and 2 described above, as detailed below.

[0032] Example 1: Multiple Connections for Computing Services

[0033] Example 2: Principles of Security Key Generation

[0034] Example 3: Message Flow for RAN Comp SF Security

[0035] Example 4: Message Flow for RAN Comp CF Security

[0036] ===

[0037] TS 38.401:

[0038] 6.1.2 Separate Overall Architecture of gNB-CU-CP and gNB-CU-UP

[0039] Figure 1 An example illustrating the separate overall architecture of gNB-CU-CP and gNB-CU-UP:

[0040] -gNB can include gNB-CU-CP, multiple gNB-CU-UP, and multiple gNB-DU;

[0041] -gNB-CU-CP connects to gNB-DU via F1-C interface;

[0042] -gNB-CU-UP connects to gNB-DU via the F1-U interface;

[0043] -gNB-CU-UP connects to gNB-CU-CP via an E1 interface;

[0044] - One gNB-DU is connected to only one gNB-CU-CP;

[0045] - One gNB-CU-UP can only be connected to one gNB-CU-CP;

[0046] Note 1: For flexibility, gNB-DU and / or gNB-CU-UP can be connected to multiple gNB-CU-CPs through appropriate implementation.

[0047] - Under the control of the same gNB-CU-CP, one gNB-DU can be connected to multiple gNB-CU-UPs;

[0048] - Under the control of the same gNB-CU-CP, one gNB-CU-UP can be connected to multiple DUs;

[0049] Note 2: The connection between gNB-CU-UP and gNB-DU is established by gNB-CU-CP using the bearer context management function.

[0050] Note 3: gNB-CU-CP selects the appropriate gNB-CU-UP for the service requested by the UE. In the case of multiple CU-UPs, they belong to the same security domain, as defined in TS 33.210.

[0051] Note 4: Xn-U can support data forwarding between gNB-CU-UP during handover within gNB-CU-CP.

[0052] ===

[0053] Use cases and related service requirements for cloud / edge-based interactive games have been addressed in TR 22.842, v.17.2.0, 2019-12-20, where the ASP provides computing services to UEs using 5G connectivity services via 5G networks in cloud or edge data networks. However, existing solutions and use cases may not support applications requiring low latency for responsive interactions between application servers and application clients.

[0054] The embodiments of this disclosure solve these and other problems described below with reference to the embodiments:

[0055] Example 1: Multiple Connections for Computing Services

[0056] Example 2: Principles of Security Key Generation

[0057] Example 3: Message Flow for RAN Comp SF Security

[0058] Example 4: Message Flow for RAN Comp CF Security

[0059] Without these solutions, the packet latency budget required for the application's QoS may never be met. Furthermore, embodiments of this disclosure help provide solutions for allocating new 5G services (e.g., compute services) at RAN nodes and for secure activation of compute services.

[0060] The following assumptions are applied in this disclosure:

[0061] - 5G networks support computing services for the following two use cases:

[0062] Scenario 1: Network operators provide both computing and connectivity services to end users in 5G networks. For example, network operators also act as ASPs in their 5G networks. Applications can be presented to computing functions close to the user in the 5G network, such as enabling computing functions at RAN nodes, also known as RAN computing functions.

[0063] Scenario 2: Network operators and ASPs have a Service Level Agreement (SLA) for ASP / CSP / ECSP to provide computing services at the RAN computing function close to their end users in the network operator's 5G network.

[0064] - 5G networks provide computing service support at RAN nodes located close to the UE.

[0065] -gNB refers to a RAN node, and can also refer to a future generation xNB.

[0066] -5G is for reference only and can refer to any xG in future generations.

[0067] Reference architecture:

[0068] 5G networks support computing services at RAN nodes close to the UE through RAN computing functions (including one or more RAN Comp CFs and RANComp SFs with the following functions):

[0069] -gNB-Comp-CP including the RRC stack:

[0070] Select compute CF for a specific compute session shared by the application.

[0071] Supports C1 interface for interaction with gNB-CMP-CF

[0072] -gNB-CMP-CF (Compute Service Control Function):

[0073] Selecting computational SF for specific applications based on working sets

[0074] Managing computation contexts across multiple computational SFs

[0075] Supports computing task scheduling, control, orchestration, etc.

[0076] Supports C1 interface for interaction with gNB-CU-CP

[0077] Supports C2 interface for interaction with gNB-Comp-SF

[0078] -gNB-Comp-SF (Computing Service Function):

[0079] ο Perform application computation tasks based on working set information. This could be a new feature dedicated to supporting computation services, or a CU-UP instance dedicated to supporting computation services.

[0080] ο

[0081] Figure 2 An example of a reference architecture for RAN nodes is shown in the figure.

[0082] Example 1: Multiple connections for computing services

[0083] like Figure 3 As shown in section (a), it simplifies all items of gNB / RAN functionality, such as CU-CP, CU-UP, DU, Comp CF, and Comp SF, by skipping the gNB. This embodiment is proposed to implement support for the PDCP stack at the Comp SF, which has the following functions:

[0084] - Supports a new interface with DU, denoted as C3, similar to F1-U.

[0085] - Supports a new interface with CU-CP, denoted as C4, similar to E1.

[0086] For UE:

[0087] - Supports DRB (Data Radio Bearer) and CRB (Computation Radio Bearer) for user plane communication data and computation-related data, respectively.

[0088] -Supports RRC connection with CU-CP

[0089] - Supports new compute control messages between the UE and Comp CF, which the Comp CF interacts with the RAN CU CP via a new interface (referred to as C1) by piggybacking the message in the RRC message.

[0090] - Supports multiple connections, including one connection to the primary RAN node for communication-related data services, and one or more connections to the comp SF, which is a secondary RAN node, for computation-related data services.

[0091] exist Figure 3 There can be one or more DUs. The DU connected to the CU-CP can be the same as or different from the DU connected to the Comp-SF.

[0092] Example 1.1: Signaling for the control plane

[0093] Following Example 1, the control plane signaling for computing services piggybacks this message in the RRC message, and transmits it between CU-CP and Comp-CF via the C1 interface, such as... Figure 3 - Part (c) is shown.

[0094] The -C1 interface supports L3 / L4 protocols, such as GTP, HTTP, and SCTP.

[0095] -CU-CP generates an RRC security key for RAN comp CF, used for RRC integrity and cryptographic protection.

[0096] - Support new SRB or CRB-C for RAN-specific calculation of relevant signaling messages between the UE and CU-CP.

[0097] Example 1.2: For user plane data

[0098] Following Example 1, the user plane data path between DU and Comp-SF via the new interface (denoted as C3).

[0099] The C3 interface and protocol are similar to the F1-U interface between CU-UP and DU.

[0100] -CU-CP generates an RRC security key for RAN comp SF, used for RRC integrity and cryptographic protection.

[0101] - Support new SRB or CRB-U for RAN-specific data services between UE and Comp SF.

[0102] Example 1.2.1:

[0103] Continuing with Example 1.2, in which the comp SF or Comp CF supports the RRC stack and provides a second RRC connection to a UE that already has a first RRC connection at a registered RAN node.

[0104] Example 2: Principles of Secure Key Generation

[0105] Following Examples 1.1 and 1.2, the RAN computation function supports security keys and security contexts for RAN Comp CF and RAN Comp SF, based on the following principles:

[0106] - The security key is based on KgNB or KgNB-cf.

[0107] oKgNB is a security key generated by AMF for RAN nodes for communication services.

[0108] oKgNB-cf is a security key generated by AMF for computing services. The key hierarchy is as follows: Figure 4 As shown.

[0109] or

[0110] okgNB-cf is a security key generated by gNB based on KgNB for computing services.

[0111] - For RAN Comp CF security:

[0112] oCU-CP generates a Kcf for RAN Compute CF and sends it to RAN Comp CF.

[0113] o Further derive the integrity and encryption keys.

[0114] - For RAN Comp SF security:

[0115] oCU-CP generates a Ksf for RAN Compute SF and sends it to RAN Comp SF.

[0116] o Further derive the integrity and encryption keys.

[0117] Example 3: Message Flow for RAN Comp SF Security

[0118] Continuing with Example 2, this example provides a message flow for activating security protection for the RAN Computing session at the RAN Computing SF. Communication established between the UE and the RAN Computing SF is protected at the PDCP layer using information stored in the RAN Computing Security Context (e.g., key counters and algorithms).

[0119] The message flow between CU-CP and Comp SF / UE for activating security in the compute SF, such as Figure 5 As shown:

[0120] Step 1: Prerequisites:

[0121] - The UE registers with the network and establishes an RRC connection.

[0122] -CU-CP notification / Select Comp CF for computational unloading.

[0123] -Comp-CF selects Comp-SF based on the application working set for the UE to compute offload requests.

[0124] Steps 2-4, [CU-CP->SF]: CU-CP and RAN Comp SF negotiate the encryption algorithm.

[0125] - Step 2: CU-CP or Comp CF sends a Comp SF add / modify request message including Ksf, UE security capabilities, and compute security policy.

[0126] Step 3: Comp SF selects a security algorithm and generates a security context.

[0127] - Step 4: Comp SF sends a confirmation message including the selected algorithm and instructions to use integrity and encryption protection for the computing service.

[0128] Step 5, [CU-CP->UE]: The CU-CP sends an RRC connection reconfiguration message to the UE. This message includes information related to the RAN computing session, such as the computing key counter, the selected algorithm, and an indication to use integrity and encryption protection for computing services.

[0129] - For both Comp CF and Comp SF, the computed key counters can be the same or different.

[0130] - For the same computed key counter, the security keys of Kcf and Ksf are updated simultaneously.

[0131] - For different computation key counters, the security keys of Kcf and Ksf can be updated respectively based on the corresponding computation security policy.

[0132] When the UE receives an RRC connection reconfiguration message, it derives the encryption key from the Ksf (based on the key counter and the selected algorithm).

[0133] Step 6, [UE→CU-CP or Comp CF]: The UE replies to the CU-CP or Comp CF with an RRC connection reconfiguration complete message.

[0134] Step 7: The CU-CP or Comp CF sends a Comp SF reconfiguration complete message to the Comp SF to confirm the multiple connections established in the UE.

[0135] - When an RRC connection reconfiguration complete message is received, Comp SF derives the encryption key from Ksf (based on a key counter and a selected algorithm).

[0136] Both the UE and Comp SF activate security protections for the encryption and integrity of computation-related data messages.

[0137] Example 4: Message Flow for RAN Comp CF Security

[0138] Figure 6 Examples of activating Comp SF security protection for multiple connections with computing services according to various embodiments are shown. Following embodiment 3, for activating security protection for control plane signaling between the UE and the RAN Comp CF, depending on the deployment of the Comp CF, the following options are available:

[0139] Option 1: Co-location of Comp CF and RAN CU-CP

[0140] Following Example 3, the following modifications can be applied Figure 5 As shown in option 1 Figure 6 As shown.

[0141] The CU-CP generates a Kcf for the RAN Comp CF and sends it to the RAN Comp CF.

[0142] Option 2: Comp CF co-located with one or more Comp SFs managed by Comp CF.

[0143] Following Example 3, in Figure 5 The following needs to be added, as shown in option 2. Figure 7 As shown.

[0144] Step 2: The CU-CP sends the Kcf to the Comp CF, and the computation security policy includes the computation signaling policy. For computation data security, the CU-CP provides a container that includes the Kcf, UE security capabilities, and computation data policy. The Comp CF forwards this container to the Comp SF.

[0145] Step 3: Comp CF selects the algorithm for calculating signaling security; Comp SF selects the algorithm for calculating data security.

[0146] Step 4: The Comp CF replies to the CU-CP with the selected algorithm and information on integrity and encryption from both the Comp CF and the Comp SF.

[0147] Step 5: The CU-CP sends an RRC connection reconfiguration request message to the UE, which includes information on the selected algorithm and instructions for integrity and encryption of the computation signaling and computation data security.

[0148] When the UE receives an RRC connection reconfiguration message, it derives the encryption key from Kcf and Ksf (based on their respective key counters and selected algorithms).

[0149] • Step 6, [UE→CU-CP or Comp CF / Comp SF]: The UE replies to the CU-CP with an RRC connection reconfiguration message.

[0150] Step 7: The CU-CP sends a Comp CF reconfiguration complete message to the Comp CF to confirm the multiple connections established in the UE. The Comp CF forwards the result to the Comp SF.

[0151] - When an RRC connection reconfiguration request message is received, Comp CF and Comp SF derive the encryption key from Kcf and Ksf (based on their respective key counters and selected algorithms).

[0152] UE, Comp CF, and Comp SF activate security protections for the encryption and integrity of computation signaling and computation data messages.

[0153] Supporting network slicing-based computing services in next-generation cellular networks

[0154] As mentioned above, in order to enable computing services for UEs in 5G networks, at least two issues need to be addressed to support the two scenarios described above:

[0155] Question 1: How can 5G networks enable UEs to use computing services on 5G networks?

[0156] - Question 2: How does the 5G network use application authentication UEs that request 5G computing services?

[0157] The embodiments disclosed herein help provide the following solutions for implementing computing services in scenarios 1 and 2 described above.

[0158] Solution 1: Implement compute service support at the RAN node

[0159] Solution 2: Option to implement support for compute service slices

[0160] Solution 3: Subscription information related to computing services

[0161] Solution 4: Authentication and Authorization for Network Slice-Specific or Compute Service Slices

[0162] Solution 5: Computation service slice-specific authentication via RAN computing functionality

[0163] And licensing (a replacement for Solution 4)

[0164] ===

[0165] TS 23.501, v.16.5.1, 2020-08-03

[0166] 5.15.2 Identification and Selection of Network Slices: S-NSSAI and NSSAI

[0167] 5.15.2.1 General Provisions

[0168] S-NSSAI identifies network slices.

[0169] S-NSSAI consists of the following:

[0170] - Slice / Type of Service (SST), which refers to the expected network slice behavior in terms of characteristics and services;

[0171] - Slice Distinguisher (SD), which is optional information that supplements the slice / service type to distinguish multiple network slices of the same slice / service type.

[0172] S-NSSAI can have standard values ​​(e.g., such S-NSSAI consists only of SSTs with normalized SST values, see Clause 5.15.2.2, and without SD) or non-standard values ​​(e.g., such S-NSSAI consists of both SST and SD, or only of SSTs without normalized SST values, and without SD). S-NSSAI with non-standard values ​​identifies a single network slice within the PLMN to which it is associated. S-NSSAI with non-standard values ​​should not be used by the UE in access stratum procedures in any PLMN other than the one to which the S-NSSAI is associated.

[0173] The S-NSSAI in the NSSP of the URSP rule (see Clause 6.6.2 of TS 23.503) and the S-NSSAI of the subscription (see Clause 5.15.3) contains only the HPLMN S-NSSAI value.

[0174] The S-NSSAI in the configured NSSAI, allowed NSSAI (see Clause 5.15.4.1), requested NSSAI (see Clause 5.15.5.2.1), and denied S-NSSAI contains only the value from the service PLMN. The service PLMN can be an HPLMN or a VPLMN.

[0175] The S-NSSAI in the PDU session establishment includes a service PLMN S-NSSAI value, and may also include the corresponding HPLMN S-NSSAI value to which the first value is mapped (see Clause 5.15.5.3).

[0176] The optional mapping from service PLMN S-NSSAI to HPLMN S-NSSAI includes the service PLMN S-NSSAI value and the corresponding mapping HPLMN S-NSSAI value.

[0177] NSSAI is a collection of S-NSSAI.

[0178] -NSSAI can be configured NSSAI, requested NSSAI, or allowed NSSAI.

[0179] - Up to eight S-NSSAIs can be sent in the signaling messages between the UE and the network, including both permitted and requested NSSAIs.

[0180] - The NSSAI request signaled by the UE to the network allows the network to select the Serving AMF, network slice, and network slice instance for the UE, as described in Clause 5.15.5.

[0181] 5.15.2.2 Standardized SST value

[0182] Standardized SST values ​​provide a way to establish global interoperability for slices, enabling PLMNs to more efficiently support roaming use cases for the most commonly used slice / service types.

[0183] The standardized SST is shown in Table 5.15.2.2-1 below.

[0184] Table 5.15.2.2-1 – Standardized SST Values

[0185] Slice / Service Type SST value characteristic eMBB 1 Suitable for processing 5G enhanced mobile broadband slices. URLLC 2 Slices suitable for handling ultra-reliable low-latency communications. MIoT 3 Suitable for handling large-scale IoT slices. V2X 4 Suitable for processing slices of V2X services.

[0186] Note: Not all standardized SST values ​​need to be supported in the PLMN. The service indicated for each SST value in this table can also be supported by other SSTs.

[0187] 5.15.10: Network Slice-Specific Authentication and Authorization

[0188] The serving PLMN should perform network slice-specific authentication and authorization for the S-NSSAIs of its conforming HPLMNs based on subscription information. The UE should indicate in its registration request message within the UE's 5GMM core network capabilities whether it supports this feature. If the UE does not support this feature, the AMF should not trigger the process for the UE, and if the UE requests conformity to these S-NSSAIs for network slice-specific authentication and authorization, they will be rejected for the PLMN.

[0189] If the UE is configured with an S-NSSAI that conforms to network slice-specific authentication and authorization, the UE stores the association between the S-NSSAI and the corresponding credentials used for network slice-specific authentication and authorization.

[0190] Note: Credentials for network slicing-specific authentication and authorization, and how to assign them in the UE, are not specified.

[0191] In order to perform network slice-specific authentication and authorization for S-NSSAI, the AMF invokes the EAP-based network slice-specific authorization process documented in Clause 4.2.9 of TS 23.502 (see also TS 33.501) for S-NSSAI.

[0192] AMF can invoke this procedure for supported UEs at any time, for example, in the following situations:

[0193] a. The UE registers with the AMF, and one of the S-NSSAIs of the HPLMN mapped to the requested NSSAI is requesting network slice-specific authentication and authorization (see Clause 5.15.5.2.1), and once the network slice-specific authentication and authorization for the S-NSSAI is successful, the AMF can add it to the allowed NSSAIs; or

[0194] b. A specific AAAServer in the network slice triggers UE re-authentication and re-authorization for S-NSSAI; or

[0195] Based on operator policies or subscription changes, C.AMF decides to initiate a network slice-specific authentication and authorization process for a previously authorized S-NSSAI.

[0196] In cases of re-authentication and re-authorization (b. and c. above), the following applies:

[0197] - If, for each access type, the S-NSSAI requiring network slice-specific authentication and authorization is included in the allowed NSSAIs, the AMF selects the access type to be used to perform the network slice-specific authentication and authorization process based on network policy.

[0198] If network slice-specific authentication and authorization for some S-NSSAIs in the allowed NSSAIs fails, the AMF should update the allowed NSSAIs for each access type to the UE via the UE configuration update procedure.

[0199] If network slice-specific authentication and authorization fail for all S-NSSAIs among the allowed NSSAIs, the AMF shall execute the network-initiated deregistration process as described in Clause 4.2.2.3.3 of TS 23.502, and shall include in the explicit deregistration request message a list of rejected S-NSSAIs, each with an appropriate rejection reason value.

[0200] After successful or unsuccessful UE network slice-specific authentication and authorization, the UE context in the AMF should retain the UE's authentication and authorization status for the relevant specific S-NSSAI of the HPLMN, while the UE remains RM-REGISTERED in the PLMN, so that the AMF and PLMN do not need to perform network slice-specific authentication and authorization for the UE during each periodic registration update or mobility registration process.

[0201] A network slice-specific AAA server can revoke authorization or challenge a UE's authentication and authorization at any time. When authorization is revoked for an S-NSSAI in a currently allowed NSSAI for an access type, the AMF should provide the UE with a new allowed NSSAI and trigger the release of all PDU sessions associated with the S-NSSAI for that access type.

[0202] The AMF provides the UE's GPSI associated with S-NSSAI to the AAA server, allowing the AAA server to initiate network slice-specific authentication and authorization, or authorization revocation procedures. The UE's current AMF needs to be identified by the system, so the UE's authorization status can be challenged or revoked.

[0203] Network slice-specific authentication and authorization require that SUPI's UE primary authentication and authorization have been successfully completed. If SUPI authorization is revoked, network slice-specific authorization will also be revoked.

[0204] TS-33.501, v.16.3.0, 2020-07-10

[0205] 4.3 Security Entities in the 5G Core Network

[0206] The 5G system architecture introduces the following security entities in the 5G core network:

[0207] AUSF: Authentication Server Function;

[0208] ARPF: Authentication credential repository and processing functionality;

[0209] SIDF: Subscription identifier hiding function;

[0210] SEAF: Safety Anchoring Function.

[0211] Requirements for SEAF

[0212] The Secure Anchor Function (SEAF) provides authentication via the AMF in the service network. SEAF must meet the following requirements:

[0213] SEAF should support master authentication using SUCI.

[0214] Requirements for NSSAAF

[0215] The Network Slice Specific Authentication and Authorization Function (NSSAAF) should handle network slice specific authentication requests from the Service AMF.

[0216] NSSAAF is responsible for sending NSSAA requests to the appropriate AAA-S (AAA server).

[0217] NSSAAF should support network slice-specific re-authentication and re-authorization triggered by AAA-S, as well as slice-specific authorization revocation, and convert any AAA protocol to a service-based format.

[0218] NSSAAF should translate service-based messages from the service AMF into AAA-P (AAA Agent) / AAA-S (AAA Server) AAA protocols.

[0219] 16.2 Authorization for Network Slicing Access

[0220] This clause specifies the relationship between the UE’s primary authentication (as described in Clause 6.1) and the authorization used for network slicing access (as described in TS 23.502).

[0221] - The UE requires authorization from its home / serving PLMN to gain access to the network slice identified by S-NSSAI.

[0222] - An authorized S-NSSAI (e.g., a permitted S-NSSAI) should only be granted to the UE after the UE has successfully completed the master authentication.

[0223] - At the end of the main authentication, the AMF and UE can receive the list of allowed S-NSSAIs that the UE is authorized to access.

[0224] For certain S-NSSAIs, additional network slice-specific authentication and authorization (NSSAA) is required.

[0225] -This clause also specifies references Figure 8 The prerequisites for the NSSAA process described in Clause 16.3 Figure 8 An example of the relationship between primary authentication and slice-specific authentication and authorization is shown.

[0226] ===

[0227] Use cases and related service requirements for interactive games based on cloud / edge rendering have been addressed in TR 22.842, in which the ASP provides computing services to UEs using 5G connectivity services via 5G networks in cloud or edge data networks.

[0228] However, existing solutions and use cases may not support applications that require low latency for response interactions between application servers and application clients.

[0229] The embodiments disclosed herein help to provide the following solutions:

[0230] Solution 1: Implement compute service support at the RAN node

[0231] Solution 2: Option to implement support for compute service slices

[0232] Solution 3: Subscription information related to computing services

[0233] Solution 4: Authentication and Authorization for Network Slice-Specific or Compute Service Slices

[0234] Solution 5: Computation service slice-specific authentication and authorization via RAN computing capabilities (replacement for Solution 4)

[0235] In addition, embodiments of this disclosure help meet the packet latency budget required for application QoS. Furthermore, embodiments of this disclosure help provide solutions for allocating new 5G services (e.g., computing services).

[0236] The following assumptions are applied in this disclosure:

[0237] - 5G networks enable computing service support for the following two use cases:

[0238] Scenario 1: Network operators provide both computing and connectivity services to end users in 5G networks. For example, network operators also act as ASPs in their 5G networks. Applications can be presented to computing functions close to the user in the 5G network, such as enabling computing functions at RAN nodes, also known as RAN computing functions.

[0239] Scenario 2: Network operators and ASPs have a Service Level Agreement (SLA) for ASP / CSP / ECSP to provide computing services at the RAN computing function close to their end users in the network operator's 5G network.

[0240] - 5G networks enable computing service support at RAN nodes close to the UE.

[0241] -gNB refers to a RAN node, and can also refer to a future generation xNB.

[0242] -5G is for reference only and can refer to any xG in the future.

[0243] Reference architecture:

[0244] 5G networks support computing services at RAN nodes close to the UE through RAN computing functions (including one or more RAN Comp CF and RANComp SF with the following functions):

[0245] -Including the gNB-CU-CP with RRC stack:

[0246] o Select comp CF for a specific compute session shared by the application

[0247] o Supports C1 interface for interaction with gNB-Comp-CF

[0248] -gNB-Comp-CF (Compute Service Control Function):

[0249] o Selecting a specific application based on the working set SF

[0250] o Manage compute contexts across multiple Comp SFs

[0251] Supports task scheduling, control, and orchestration.

[0252] o Supports C1 interface for interaction with gNB-CU-CP

[0253] o Supports C2 interface for interaction with gNB-Comp-SF

[0254] -gNB-Comp-SF (Computing Service Function):

[0255] o Perform application computation tasks based on working set information. This could be a new feature dedicated to supporting computation services, or a CU-UP instance dedicated to supporting computation services.

[0256] o

[0257] The reference architecture for RAN nodes is as described above. Figure 1 As shown.

[0258] Solution 2: Use network slicing to support compute services

[0259] For connectivity services provided by network operators, S-NSSAI consists of the following:

[0260] - Slice / Type of Service (SST) refers to the expected network slice behavior in terms of features and services, and can be a normalized value (eMBB, URLLC, MIoT, V2X) or a non-normalized value.

[0261] - Slice Distinguisor (SD) distinguishes multiple network slices of the same slice / service type.

[0262] Based on the reference architecture, compute service slices can be designed with the following options:

[0263] Option 1: Define a new normalized value for SST for computation services in S-NSSAI.

[0264] When instructing SST for computation services in S-NSSAI, for Scenario 1 and Scenario 2, SD can be further defined with the following information:

[0265] - Identification of the network operator or ASP that provides computing services.

[0266] - One or more application IDs

[0267] Option 2: New optional IEs, such as defining the computing service type for RAN computing in S-NSSAI.

[0268] In this option, S-NSSAI is defined with three IEs, including SST, SD, and the Service Type of Compute Services (STCMP), where SST and SD are used for connectivity services provided by 5G network operators.

[0269] To support both Scenario 1 and Scenario 2, STCMP can be configured according to the instructions of computing service providers (including network operators (Scenario 1) or application providers (Scenario 2)).

[0270] Option 3: The new compute service slice is defined as C-NSSAI.

[0271] In this option, C-NSSAI is used for compute services, which is different from S-NSSAI used for connectivity services.

[0272] C-NSSAI is defined as C-SST (service and slice type of compute service) and C-SD (service differentiation for compute services of a specific C-SST).

[0273] -C-SST can be defined based on the type of service provider used for computing services, such as network operators (Scenario 1) or application providers (Scenario 2).

[0274] -C-SD is an optional IE that provides the UE with additional information for calculating service slices. For example, C-SD may include application IDs to be supported in a specific C-SST.

[0275] Solution 2.1:

[0276] Next, for compute service slices, S-NSSAI (Option 1 / Option 2) or C-NSSAI (Option 3) includes an optional IE to indicate the protocol type of compute offloading capabilities, such as PCI-E, Vulkan, RoCE, etc.

[0277] Solution 3: Subscription information related to computing services

[0278] Following Solution 1 and Solution 2, the UE's subscription information includes one or more subscription-based compute service slices, such as S-NSSAI (Option 1 / Option 2 in Solution 2) or C-NSSAI (Option 3 in Solution 2).

[0279] For each subscribed slice of compute service, the subscription information may additionally include:

[0280] - List of subscribed RAN-DNNs and the default RAN-DNN used for RAN computation

[0281] Option 1: Supports scenario 2, defining default RAN-DNN values ​​for RAN computation.

[0282] Option 2: Supports scenario 3, where RAN-DNN values ​​can be used to represent RAN computing services provided by ASP / CSP / ECSP.

[0283] -S-NSSAI is an indication of whether a slice of compute services is marked as the default subscription;

[0284] For example, for CIoT devices, the S-NSSAI used for RAN calculations can be either the default subscribed S-NSSAI or C-NSSAI. CIoT devices do not need to specify S-NSSAI or C-NSSAI in the registration request message.

[0285] - Whether the compute service slice conforms to compute slice-specific authentication and authorization instructions and the associated AAA server address, similar to network slice-specific authentication.

[0286] Solution 3.1:

[0287] Next, in Solution 3, the subscription information can additionally include the protocol type for the compute offloading capabilities of the associated S-NSSAI or C-NSSAI, such as PCI-E, Vulkan, RoCE, etc.

[0288] Solution 4: Authentication and Authorization for Network Slice-Specific or Compute Service Slices

[0289] Next, in Solution 3, as part of the initial registration process, based on the subscription information of the compute service slice, such as S-NSSAI or C-NSSAI, the AMF uses an AAA server (AAA-S) to trigger network slice-specific authentication and authorization. This server may be hosted by an H-PLMN operator or an application service provider (ASP, a third party) and has the following principles for connecting services to network slices as indicated in Clause 16 of TS33.501.

[0290] -AMF performs the role of EAP authenticator and communicates with AAA-S via AUSF.

[0291] -AUSF undertakes any AAA protocol that interoperates with AAA protocols supported by AAA-S.

[0292] - If AAA-S is an ASP (third-party), then the NSSAA function contacts AAA-S via AAA-P. The NSSAA function and AAA-P can co-locate.

[0293] This solution supports both Scenario 1 and Scenario 2 for computing service slices.

[0294] Solution 4.1:

[0295] Following Solution 4, for Scenario 2 where the ASP provides computing services on a 5G network, AAA-S can be provided by the ASP. For its computing service slices .

[0296] -ASP provides AAA-S address information, such as AAA-SID, IP address, and port number, to network operators using computing services in the SLA.

[0297] -Based on the SLA, the NSAA function contacts AAA-S via AAA-P. The NSAA function and AAA-P can co-locate, and AAA-S replies the authentication result to NSAA via AAA-P.

[0298] Solution 4.2: Refer to the SA3 33.501 procedure (AMF triggered) in Clause 16.

[0299] Following Solution 4.2, for compute service slices, compute slice-specific authentication and authorization between the UE and the AAA server (AAA-S) uses a user ID (e.g., denoted as NAI) and credentials that are different from 3GPP subscription credentials (e.g., SUPI and credentials for PLMN access) and occur after the primary authentication.

[0300] Figure 9 Examples of network slice-specific authentication and authorization processes according to various embodiments are shown. The message flow used to calculate slice-specific authentication and authorization is based on the network slice-specific authentication and authorization process shown in Clause 16.3 of TS33.501, with the following additions / differences:

[0301] - For computational slice authentication and authorization, based on the options included in Solution 2, slice information can be S-NSSAI (Solution 2, Option 1, Option 2) or C-NSSAI (Solution 2, Option 3).

[0302] The EAP framework specified in RFC 3748 is used for computation slice-specific authentication and authorization between the UE and the AAA server.

[0303] Solution 5: Computation service slice-specific authentication and authorization via RAN computing capabilities

[0304] This solution provides an alternative to Solution 4 for Scenario 2.

[0305] Based on the UE context containing information about permitted S-NSSAI or C-NSSAI stored in the RAN node, as part of the computing session establishment process, an authentication request is sent to AAA-S provided by ASP / CSP / ECSP via RAN Comp-CF to initiate computing service slice-specific authentication and authorization.

[0306] based on Figure 1 The reference architecture in the document has the following high-level message flow:

[0307] Step 1: Initial Registration Process

[0308] Step 2: When an application requiring computing services is launched, the UE that receives the application request initiates the request by indicating the following information. RAN Computing Session Establishment Process :

[0309] o Calculate service slice information, such as allowed S-NSSAI or C-NSSAI.

[0310] o The user ID that subscribes to computing services provided by ASP / CSP / ECSP, for example, represented as a Network Access Identifier (NAI).

[0311] Step 3: Registered RAN nodes select RAN Comp-CF based on the following information:

[0312] o request S-NSSAI or C-NSSAI

[0313] o Stores RAN network configuration information.

[0314] - Step 4: The RAN Comp-CF initiates a compute service slice-specific authentication and authorization process by sending an authentication request to the AAA-S provided by the ASP / CSP / ECSP.

[0315] Step 5: Based on the authentication response results

[0316] If successful, the RAN Comp-CF selects the RAN Comp-SF and responds with the successful result to the RAN node (e.g., CU-CP).

[0317] If the authentication fails, the RAN Comp-CF will return the authentication result and the reason for rejection to the RAN node (e.g., CU-CP).

[0318] Solution 5.1: Computational Session Establishment Process

[0319] Following Solution 5, the second step can support the computation session establishment process in the following options:

[0320] - Option 1: Use a new or existing RRC message.

[0321] - Option 2: Use the PDU session establishment process for SMF, including compute service indication and PDU session ID.

[0322] Based on the compute service instruction, the SMF initiates a RAN compute session request message to the registered RAN node (e.g., CU-CP).

[0323] When the RAN node receives the result of the RAN Comp session from the RAN Comp-CF, the RAN responds to the SMF and forwards the PDU session establishment response message sent by the SMF to the UE.

[0324] - Option 3: Use the new NAS procedure for AMF.

[0325] Based on the compute service instruction, the AMF initiates a RAN compute session request message to the registered RAN node (e.g., CU-CP).

[0326] When the RAN node receives the result of the RAN Comp session from the RAN Comp-CF, the RAN responds to the AMF and forwards a new NAS response message indicating the result sent by the AMF to the UE.

[0327] Solution 5.2: Compute Service Slicing-Based Option

[0328] Following Solutions 5.1 and 5.2, based on the compute service slice options, the following options provide corresponding methods during the RAN compute session establishment process:

[0329] - For Solution 2, Option 1: The UE indicates an S-NSSAI for computing services in the RAN Computing Session Establishment Request message, wherein one or more S-NSSAIs may also be provided with an indication of association for the S-NSSAI for computing services.

[0330] - For Solution 2, Option 2: The UE indicates in the RAN Computing Session Establishment Request message that there is an S-NSSAI with an optional IE for computing services, wherein one or more S-NSSAIs for connection services may also be provided with an indication of association for S-NSSAIs for computing services.

[0331] - For Solution 2, Option 3: The UE indicates the C-NSSAI for computing services in the RAN Computing Session Establishment Request message, wherein one or more S-NSSAIs may also be provided with an indication of association for the C-NSSAI.

[0332] Connectivity services and compute services are orthogonal services, which can be supported by one-to-one, one-to-many, or many-to-many mappings between connectivity service slices and compute service slices.

[0333] The following are example methods for associating computed slices and joined slices, but are not limited to:

[0334] - Method 1 (Many-to-Many): The RAN node (e.g., CU-CP) selects a RANComp-CF for each S-NSSAI for the connection service. For example, each network slice used for the connection service has a corresponding compute service slice.

[0335] - Method 2 (one-to-many): The RAN node (e.g., CU-CP) selects a RAN Comp-CF for the S-NSSAI to be indicated for all S-NSSAIs of the connection service, and the RAN Comp-CF assigns a RANComp-SF for each network slice of the connection service.

[0336] Solution 5.3:

[0337] Following Solution 5, Step 1, the initial registration process uses SUPI to perform master authentication with the following additional steps to enable computing services to be supported on the 5G network:

[0338] - The UE indicates the configuration / permitted S-NSSAI or C-NSSAI for computing services in the registration request message.

[0339] -AMF provides the RAN node and UE with the allowed S-NSSAI (Solution 2, Option 1 / 2) or C-NSSAI (Solution 2, Option 3).

[0340] - The UE context is created with subscribed computing service information, such as the allowed S-NSSAI list or C-NSSAI list (based on Solution 2 Option 1 / Option 2 or Solution 2 Option 3 respectively).

[0341] Solution 5.4:

[0342] Following Solution 5.3, the UE also provides general computing offloading capabilities to the AMF in the Registration Request NAS message.

[0343] - The AMF verifies the compute offloading capability of the request based on the subscription data. If the subscription is valid, the AMF further checks the S-NSSAI or C-NSSAI subscription requested for the compute service.

[0344] System and Implementation

[0345] Figure 10-11 Various systems, devices, and components are shown that can implement aspects of the disclosed embodiments.

[0346] Figure 10A network 1000 according to various embodiments is illustrated. The network 1000 can operate in a manner conforming to 3GPP technical specifications for LTE or 5G / NR systems. However, the exemplary embodiments are not limited thereto, and the described embodiments can be applied to other networks that benefit from the principles described herein, such as future 3GPP systems, etc.

[0347] Network 1000 may include UE 1002, which may include any mobile or non-mobile computing device designed to communicate with RAN 1004 via an over-the-air connection. UE 1002 may be coupled to RAN 1004 via a Uu interface. UE 1002 may be, but is not limited to, smartphones, tablets, wearable computing devices, desktop computers, laptops, in-vehicle infotainment devices, in-vehicle entertainment devices, instrument clusters, head-mounted displays, in-vehicle diagnostic devices, dashboard mobile devices, mobile data terminals, electronic engine management systems, electronic / engine control units, electronic / engine control modules, embedded systems, sensors, microcontrollers, control modules, engine management systems, networked devices, machine-type communication devices, M2M or D2D devices, IoT devices, etc.

[0348] In some embodiments, network 1000 may include multiple UEs that are directly coupled to each other via sidelink interfaces. The UEs may be M2M / D2D devices that communicate using physical sidelink channels (e.g., but not limited to PSBCH, PSDCH, PSSCH, PSCCH, PSFCH, etc.).

[0349] In some embodiments, UE 1002 may also communicate with AP 1006 via an over-the-air connection. AP 1006 may manage WLAN connections, which may be used to offload some / all network services from RAN 1004. The connection between UE 1002 and AP 1006 may conform to any IEEE 802.11 protocol, wherein AP 1006 may be a Wireless Fibre Channel device. Router. In some embodiments, UE 1002, RAN 1004, and AP 1006 may utilize cellular-WLAN aggregation (e.g., LWA / LWIP). Cellular-WLAN aggregation may involve UE 1002 being configured by RAN 1004 to utilize cellular radio resources and WLAN resources.

[0350] RAN 1004 may include one or more access nodes, such as AN 1008. AN 1008 can terminate the air interface protocol used by UE 1002 by providing access layer protocols, including RRC, PDCP, RLC, MAC, and L1 protocols. In this way, AN 1008 can establish a data / voice connection between CN 1020 and UE 1002. In some embodiments, AN 1008 may be implemented in a discrete device or as one or more software entities running on a server computer as part of, for example, a virtual network (which may be referred to as CRAN or a virtual baseband unit pool). AN 1008 is referred to as BS, gNB, RAN node, eNB, ng-eNB, NodeB, RSU, TRxP, TRP, etc. AN 1008 may be a macrocell base station or a low-power base station used to provide a femtocell, picocell, or other similar cell with a smaller coverage area, smaller user capacity, or higher bandwidth compared to a macrocell.

[0351] In embodiments where RAN 1004 includes multiple ANs, they can be coupled to each other via an X2 interface (if RAN 1004 is an LTE RAN) or an Xn interface (if RAN 1004 is a 5G RAN). The X2 / Xn interface (in some embodiments, it can be separated into a control / user plane interface) allows the ANs to pass information related to handover, data / context transfer, mobility, load management, interference coordination, etc.

[0352] Each AN of RAN 1004 can manage one or more cells, cell groups, component carriers, etc., to provide an air interface for network access to UE 1002. UE 1002 can simultaneously connect to multiple cells provided by the same or different ANs of RAN 1004. For example, UE 1002 and RAN 1004 can use carrier aggregation to allow UE 1002 to connect to multiple component carriers, each component carrier corresponding to a Pcell or Scell. In a dual-connectivity scenario, the first AN can be the primary node providing the MCG, while the second AN can be the secondary node providing the SCG. The first / second AN can be any combination of eNB, gNB, ng-eNB, etc.

[0353] RAN 1004 can provide an air interface on licensed or unlicensed spectrum. For operation in unlicensed spectrum, nodes can use LAA, eLAA, and / or feLAA mechanisms with PCell / Scell ​​based on CA technology. Before accessing unlicensed spectrum, nodes can perform medium / carrier sensing operations based on, for example, a Listen-Before-Speak (LBT) protocol.

[0354] In a V2X scenario, UE 1002 or AN 1008 can be or act as an RSU, where RSU can refer to any traffic infrastructure entity used for V2X communication. An RSU can be implemented in, or by, a suitable AN or a fixed (or relatively fixed) UE. An RSU implemented or by, is referred to as a "UE-type RSU" for a UE; an "eNB-type RSU" for an eNB; a "gNB-type RSU" for a gNB; and so on. In one example, an RSU is a computing device coupled to radio frequency circuitry located at the roadside that provides connectivity support to passing vehicle UEs. An RSU may also include internal data storage circuitry for storing intersection map geometry, traffic statistics, media, and applications / software for sensing and controlling ongoing vehicle and pedestrian traffic. An RSU can provide very low-latency communication required for high-speed events such as collision avoidance, traffic warnings, etc. Additionally or alternatively, an RSU can provide other cellular / WLAN communication services. RSU components can be enclosed in a weatherproof enclosure suitable for outdoor installation and may include a network interface controller for providing a wired connection (e.g., Ethernet) to a traffic signal controller or backhaul network.

[0355] In some embodiments, RAN 1004 may be an LTE RAN 1010 with an eNB (e.g., eNB 1012). LTE RAN 1010 may provide an LTE air interface with the following characteristics: a 15 kHz SCS; CP-OFDM waveforms for DL ​​and SC-FDMA waveforms for UL; Turbo codes for data and TBCC for control; etc. The LTE air interface may rely on CSI-RS for CSI acquisition and beam management; PDSCH / PDCCH DMRS for PDSCH / PDCCH demodulation; and CRS for cell search and initial acquisition, channel quality measurement, and channel estimation for coherent demodulation / detection at the UE. The LTE air interface may operate in the sub-6 GHz band.

[0356] In some embodiments, RAN 1004 may be an NG-RAN 1014 with a gNB (e.g., gNB 1016) or an ng-eNB (e.g., ng-eNB 1018). gNB 1016 can connect to a 5G-enabled UE using a 5G NR interface. gNB 1016 can connect to the 5G core via an NG interface, which may include an N2 interface or an N3 interface. ng-eNB 1018 can also connect to the 5G core via an NG interface, but can connect to the UE via an LTE air interface. gNB 1016 and ng-eNB 1018 can connect to each other via an Xn interface.

[0357] In some embodiments, the NG interface can be divided into two parts: an NG user plane (NG-U) interface, which carries service data between the nodes of NG-RAN1014 and UPF 1048 (e.g., the N3 interface); and an NG control plane (NG-C) interface, which is the signaling interface between the nodes of NG-RAN1014 and AMF 1044 (e.g., the N2 interface).

[0358] NG-RAN 1014 can provide a 5G-NR air interface with the following characteristics: variable SCS; CP-OFDM for DL, CP-OFDM and DFT-s-OFDM for UL; polar codes, repetition codes, simplex codes and Reed-Muller codes for control, and LDPC for data. Similar to the LTE air interface, the 5G-NR air interface can rely on CSI-RS and PDSCH / PDCCH DMRS. The 5G-NR air interface may not use CRS, but can use PBCHDMRS for PBCH demodulation; PTRS for phase tracking of PDSCH; and a tracking reference signal for time tracking. The 5G-NR air interface can operate on the FR1 band, including the sub-6GHz band, or the FR2 band, including the band from 24.25GHz to 52.6GHz. The 5G-NR air interface may include an SSB, which is an area of ​​the downlink resource grid including PSS / SSS / PBCH.

[0359] In some embodiments, the 5G-NR air interface can utilize BWPs for various purposes. For example, BWPs can be used for dynamic SCS adaptation. For instance, UE 1002 can be configured with multiple BWPs, each configured with a different SCS. When a BWP change is indicated to UE 1002, the transmitted SCS also changes. Another example of a BWP use case relates to power saving. Specifically, multiple BWPs with different amounts of frequency resources (e.g., PRBs) can be configured for UE 1002 to support data transmission under different traffic load scenarios. A BWP containing a smaller number of PRBs can be used for data transmission with a lower traffic load, while allowing power saving at UE 1002 and, in some cases, at gNB 1016. A BWP containing a larger number of PRBs can be used for scenarios with a higher traffic load.

[0360] RAN 1004 communications are coupled to CN 1020, which includes network elements to provide various functions to support data and telecommunications services to customers / subscribers (e.g., users of UE 1002). Components of CN 1020 may be implemented in a single physical node or separate physical nodes. In some embodiments, NFV may be used to virtualize any or all of the functions provided by the network elements of CN 1020 onto physical compute / storage resources such as servers, switches, etc. A logical instance of CN 1020 may be referred to as a network slice, while a logical instance of a portion of CN 1020 may be referred to as a network subslice.

[0361] In some embodiments, CN 1020 may be LTE CN 1022 (which may also be referred to as EPC). LTE CN 1022 may include MME 1024, SGW 1026, SGSN 1028, HSS 1030, PGW 1032, and PCRF 1034, which are coupled to each other via an interface (or "reference point") as shown. The functions of the components of LTE CN 1022 can be briefly described below.

[0362] MME 1024 enables mobility management functions to track the current location of UE 1002, facilitating paging, bearer activation / deactivation, handover, gateway selection, authentication, and more.

[0363] The SGW 1026 can terminate the S1 interface toward the RAN and route data packets between the RAN and the LTE CN1022. The SGW 1026 can serve as a local mobility anchor for handover between RAN nodes and can also provide an anchor for inter-3GPP mobility. Other responsibilities may include statutory interception, charging, and some policy enforcement.

[0364] SGSN 1028 can track the location of UE 1002 and perform security functions and access control. Furthermore, SGSN 1028 can perform EPC inter-node signaling for mobility between different RAT networks; PDN and S-GW selection specified by MME 1024; MME selection for handover; etc. The S3 reference point between MME 1024 and SGSN 1028 enables the exchange of user and bearer information for 3GPP indirect network access mobility in idle / active states.

[0365] The HSS 1030 may include a database for network users, including subscription information to support network entities in handling communication sessions. The HSS 1030 can provide support for routing / roaming, authentication, authorization, naming / addressing resolution, location dependencies, etc. The S6a reference point between the HSS 1030 and the MME 1024 enables the transmission of subscription and authentication data for authenticating / authorizing user access to the LTE CN 1020.

[0366] PGW 1032 can terminate the SGi interface toward a data network (DN) 1036, which may include an application / content server 1038. PGW 1032 can route data packets between the LTE CN 1022 and the data network 1036. PGW 1032 may be coupled to SGW 1026 via an S5 reference point to facilitate user plane tunneling and tunnel management. PGW 1032 may also include nodes for policy enforcement and charging data collection (e.g., PCEF). Furthermore, the SGi reference point between PGW 1032 and the data network 1036 can be an external public, private PDN, or an internal packet data network (e.g., for IMS service allocation). PGW 1032 may be coupled to PCRF 1034 via a Gx reference point.

[0367] PCRF 1034 is the policy and charging control element of LTE CN 1022. PCRF 1034 can be communicatively coupled to app / content server 1038 to determine appropriate QoS and charging parameters for service flows. PCRF 1032 can assign associated rules to PCEF with appropriate TFT and QCI (via Gx reference point).

[0368] In some embodiments, CN 1020 may be 5GC 1040. 5GC 1040 may include AUSF 1042, AMF1044, SMF 1046, UPF 1048, NSSF 1050, NEF 1052, NRF 1054, PCF 1056, UDM 1058, and AF1060, which are coupled to each other via an interface (or “reference point”) as shown in the figure. The component functions of 5GC 1040 can be briefly described below.

[0369] The AUSF 1042 can store data for UE 1002 authentication and handle authentication-related functions. The AUSF 1042 facilitates a common authentication framework for various access types. In addition to communicating with other components of the 5GC 1040 via a reference point as shown in the figure, the AUSF 1042 can also demonstrate an interface based on Nausf services.

[0370] AMF 1044 allows other functions of 5GC 1040 to communicate with UE 1002 and RAN 1004 and subscribe to notifications regarding mobility events for UE 1002. AMF 1044 can handle registration management (e.g., for registering UE 1002), connection management, reachability management, mobility management, statutory interception of AMF-related events, and access authentication and authorization. AMF 1044 can provide transport for SM messages between UE 1002 and SMF 1046 and acts as a transparent broker for routing SM messages. AMF 1044 can also provide transport for SMS messages between UE 1002 and SMSF 1046. AMF 1044 can interact with AMF 1042 and UE 1002 to perform various security anchoring and context management functions. Furthermore, AMF 1044 can be the termination point of the RAN CP interface, which may include or be the N2 reference point between RAN 1004 and AMF 1044; AMF 1044 can be the termination point of NAS (N1) signaling and perform NAS encryption and integrity protection. AMF 1044 can also support NAS signaling with UE 1002 via the N3 IWF interface.

[0371] SMF 1046 can be responsible for SM (e.g., session establishment and tunnel management between UPF 1048 and AN 1008); UE IP address allocation and management (including optional authorization); selection and control of UP functions; configuring service control at UPF 1048 to route services to the correct destination; terminating the interface toward policy control functions; controlling policy enforcement, charging, and QoS as a part; statutory interception (for SM events and interfaces to the LI system); terminating the SM portion of NAS messages; downlink data notification; initiating AN-specific SM information sent to AN 1008 via N2 through AMF 1044; and determining the SSC mode of the session. SM can refer to the management of PDU sessions, and PDU sessions or "sessions" can refer to the PDU connectivity service that provides or enables PDU exchange between UE 1002 and data network 1036.

[0372] The UPF 1048 can serve as an anchor point for mobility within and between RATs, an external PDU session point for interconnection to the data network 1036, and a branch point supporting multi-homed PDU sessions. The UPF 1048 can also perform packet routing and forwarding, packet inspection, user plane portion of policy rules, statutory packet interception (UP collection), traffic usage reporting, user plane QoS processing (e.g., packet filtering, gating, UL / DL rate enforcement), uplink traffic authentication (e.g., SDF-to-QoS flow mapping), transport-level packet marking in uplink and downlink, and downlink packet buffering and downlink data notification triggering. The UPF 1048 may include an uplink classifier to support traffic routing to the data network.

[0373] The NSSF 1050 can select a set of network slice instances to serve UE 1002. The NSSF 1050 can also determine the allowed NSSAIs and the mapping to subscribed S-NSSAIs (if needed). The NSSF 1050 can also determine the set of AMFs to use for serving UE 1002, or determine a list of candidate AMFs based on appropriate configuration and possibly by querying the NRF 1054. The selection of a set of network slice instances for UE 1002 can be triggered by the AMF 1044 registered to UE 1002 interacting with the NSSF 1050, which may result in a change of AMF. The NSSF 1050 can interact with AMF 1044 via reference point N22; and can communicate with another NSSF in the visited network via reference point N31 (not shown). Furthermore, the NSSF 1050 can expose an interface based on NNSSF services.

[0374] The NEF 1052 can securely expose 3GPP network functions to services and capabilities provided by third parties, internal open / reopened systems, AFs (e.g., AF1060), edge computing, or fog computing systems. In such embodiments, the NEF 1052 can authenticate, authorize, or restrict AFs. The NEF 1052 can also translate information exchanged with the AF 1060 and information exchanged with internal network functions. For example, the NEF 1052 can translate between AF service identifiers and internal 5GC information. The NEF 1052 can also receive information from other NFs based on the capabilities exposed by other NFs. This information can be stored as structured data at the NEF 1052 or stored at a data storage NF using a standardized interface. The stored information can then be newly exposed by the NEF 1052 to other NFs and AFs, or used for other purposes (e.g., analysis). Furthermore, the NEF 1052 can expose interfaces based on Nnef services.

[0375] NRF 1054 supports service discovery, receiving NF discovery requests from NF instances and providing information about discovered NF instances to those instances. NRF 1054 also maintains information about available NF instances and the services they support. As used herein, terms such as "instantiation" and "instantiation" can refer to the creation of an instance, while "instance" can refer to the actual occurrence of an object, which can happen, for example, during program code execution. Furthermore, NRF 1054 can demonstrate interfaces based on NRF services.

[0376] The PCF 1056 can provide policy rules to control plane functions to enforce them, and can also support a unified policy framework to manage network behavior. The PCF 1056 can also implement a front-end to access subscription information related to policy decisions in the UDR of the UDM 1058. In addition to communicating with functions via reference points as shown in the figure, the PCF 1056 also demonstrates an interface based on Npcf services.

[0377] UDM 1058 can process subscription-related information to support network entities in handling communication sessions and can store subscription data for UE 1002. For example, subscription data can be passed via the N8 reference point between UDM 1058 and AMF 1044. UDM 1058 can include two parts: an application front-end and a UDR. The UDR can store subscription and policy data for UDM 1058 and PCF 1056, and / or structured data (including PFDs for application detection and application request information for multiple UE 1002) for open and application data for NEF 1052. An interface based on the Nudr service can be presented by UDR 221 to allow UDM 1058, PCF 1056, and NEF 1052 to access a specific set of stored data, as well as to read, update (e.g., add, modify), delete, and subscribe to notifications of relevant data changes in the UDR. UDM can include UDM-FE, which is responsible for handling credentials, location management, subscription management, etc. Several different front-ends can serve the same user in different transactions. The UDM-FE accesses subscription information stored in the UDR and performs authentication credential processing, user identity processing, access authorization, registration / mobility management, and subscription management. In addition to communicating with other NFs via reference points as shown in the figure, the UDM 1058 can also demonstrate interfaces based on Nudm services.

[0378] The AF 1060 can provide application impact on service routing, provide access to NEF, and interact with the policy framework for policy control.

[0379] In some embodiments, the 5GC 1040 can enable edge computing by selecting an operator / third-party service to be geographically close to the point where the UE 1002 attaches to the network. This can reduce latency and load on the network. To provide edge computing implementation, the 5GC 1040 can select a UPF 1048 close to the UE 1002 and perform service routing from the UPF 1048 to the data network 1036 via the N6 interface. This can be based on UE subscription data, UE location, and information provided by the AF 1060. In this way, the AF 1060 can influence UPF (re)selection and service routing. Based on operator deployment, when the AF 1060 is considered a trusted entity, the network operator can allow the AF 1060 to interact directly with the relevant NF. Furthermore, the AF 1060 can expose interfaces based on Naf services.

[0380] Data network 1036 may represent various network operator services, Internet access, or third-party services that may be provided by one or more servers (including, for example, application / content server 1038).

[0381] Figure 11 A wireless network 1100 according to various embodiments is illustrated schematically. The wireless network 1100 may include a UE 1102 that communicates wirelessly with an AN 1104. The UE 1102 and the AN 1104 may be similar to and substantially interchangeable with components of similar names described elsewhere herein.

[0382] UE 1102 can be communicatively coupled to AN 1104 via connection 1106. Connection 1106 is shown as the air interface for implementing the communication coupling and can conform to cellular communication protocols, such as LTE or 5G NR protocols operating at mmWave or sub-6GHz frequencies.

[0383] UE 1102 may include a host platform 1108 coupled to modem platform 1110. Host platform 1108 may include application processing circuitry 1112, which may be coupled to protocol processing circuitry 1114 of modem platform 1110. Application processing circuitry 1112 may run various applications for outgoing / incoming application data for UE 1102. Application processing circuitry 1112 may also implement one or more layer operations to send / receive application data to / from a data network. These layer operations may include transport (e.g., UDP) and Internet (e.g., IP) operations.

[0384] Protocol processing circuitry 1114 can implement one or more layer operations to facilitate the transmission or reception of data via connection 1106. The layer operations implemented by protocol processing circuitry 1114 may include, for example, MAC, RLC, PDCP, RRC, and NAS operations.

[0385] The modem platform 1110 may also include digital baseband circuitry 1116, which can implement one or more layer operations that are "lower" layer operations performed by protocol processing circuitry 1114 in the network protocol stack. These operations may include, for example, PHY operations, including one or more of the following: HARQ-ACK function, scrambling / descrambling, encoding / decoding, layer mapping / demapping, modulation symbol mapping, received symbol / bit metric determination, multi-antenna port precoding / decoding (which may include one or more of space-time, space-frequency, or spatial coding), reference signal generation / detection, preamble sequence generation and / or decoding, synchronization sequence generation / detection, blind decoding of control channel signals, and other related functions.

[0386] The modem platform 1110 may also include transmitting circuitry 1118, receiving circuitry 1120, RF circuitry 1122, and an RF front-end (RFFE) 1124, which may include or be connected to one or more antenna panels 1126. In short, transmitting circuitry 1118 may include a digital-to-analog converter, mixer, intermediate frequency (IF) component, etc.; receiving circuitry 1120 may include an analog-to-digital converter, mixer, IF component, etc.; RF circuitry 1122 may include a low-noise amplifier, power amplifier, power point tracking component, etc.; RFFE 1124 may include filters (e.g., surface / bulk acoustic wave filters), switches, antenna tuners, beamforming components (e.g., phased array antenna components), etc. The selection and arrangement of the components (generally referred to as "transmit / receive components") of transmitting circuitry 1118, receiving circuitry 1120, RF circuitry 1122, RFFE 1124, and antenna panel 1126 may be specific to implementation details, such as whether communication is TDM or FDM, at mmWave or sub-6GHz frequencies, etc. In some embodiments, the transmitting / receiving components may be arranged in multiple parallel transmitting / receiving chains, or may be located in the same or different chips / modules, etc.

[0387] In some embodiments, the protocol processing circuit 1114 may include one or more instances of control circuitry (not shown) for providing control functions for the transmitting / receiving components.

[0388] UE reception can be established via antenna panel 1126, RFFE 1124, RF circuit 1122, receiving circuit 1120, digital baseband circuit 1116, and protocol processing circuit 1114. In some embodiments, antenna panel 1126 can receive transmissions from AN 1104 via receive beamforming signals received by a plurality of antennas / antenna elements of one or more antenna panels 1126.

[0389] UE transmission can be established via protocol processing circuitry 1114, digital baseband circuitry 1116, transmission circuitry 1118, RF circuitry 1122, RFFE 1124, and antenna panel 1126. In some embodiments, the transmission components of UE 1104 may apply spatial filtering to the data to be transmitted to form a transmission beam emitted by the antenna elements of antenna panel 1126.

[0390] Similar to UE 1102, AN 1104 may include a host platform 1128 coupled to a modem platform 1130. Host platform 1128 may include application processing circuitry 1132 coupled to protocol processing circuitry 1134 of modem platform 1130. The modem platform may also include digital baseband circuitry 1136, transmitting circuitry 1138, receiving circuitry 1140, RF circuitry 1142, RFFE circuitry 1144, and antenna panel 1146. Components of AN 1104 may be similar to and substantially interchangeable with components of similar names in UE 1102. In addition to performing data transmission / reception as described above, components of AN 1108 may also perform various logical functions, including, for example, RNC functions such as radio bearer management, uplink and downlink dynamic radio resource management, and packet scheduling.

[0391] Figure 12 This is a block diagram illustrating components according to some example embodiments, which are capable of reading instructions from a machine-readable or computer-readable medium (e.g., a non-transitory machine-readable storage medium) and performing any one or more methods discussed herein. Specifically, Figure 12 A graphical representation of hardware resource 1200 is shown, including one or more processors (or processor cores) 1210, one or more memory / storage devices 1220, and one or more communication resources 1230, each of which may be communicatively coupled via bus 1240 or other interface circuitry. For embodiments utilizing node virtualization (e.g., NFV), a hypervisor 1202 may be executed to provide an execution environment for one or more network slices / subslices to utilize hardware resource 1200.

[0392] Processor 1210 may include, for example, processor 1212 and processor 1214. Processor 1210 may be, for example, a central processing unit (CPU), a reduced instruction set computing (RISC) processor, a complex instruction set computing (CISC) processor, a graphics processing unit (GPU), a DSP (e.g., a baseband processor), an ASIC, an FPGA, a radio frequency integrated circuit (RFIC), another processor (including those discussed herein), or any suitable combination thereof.

[0393] The memory / storage device 1220 may include main memory, disk storage, or any suitable combination thereof. The memory / storage device 1220 may include, but is not limited to, any type of volatile, non-volatile, or semi-volatile memory, such as dynamic random access memory (DRAM), static random access memory (SRAM), erasable programmable read-only memory (EPROM), electrically erasable programmable read-only memory (EEPROM), flash memory, solid-state memory, etc.

[0394] Communication resource 1230 may include an interconnect or network interface controller, component, or other suitable device for communicating with one or more peripheral devices 1204 or one or more databases 1206 or other network elements via network 1208. For example, communication resource 1230 may include wired communication components (e.g., for coupling via USB, Ethernet, etc.), cellular communication components, NFC components, etc. (or low power consumption) ) components, Components and other communication components.

[0395] Instructions 1250 may include software, programs, applications, applets, or other executable code for causing at least any processor 1210 to perform any one or more of the methods discussed herein. Instructions 1250 may reside wholly or partially within processor 1210 (e.g., within the processor's cache memory), memory / storage device 1220, or any suitable combination thereof. Furthermore, any portion of instructions 1250 may be transferred from any combination of peripheral device 1204 or database 1206 to hardware resource 1200. Therefore, the memory of processor 1210, memory / storage device 1220, peripheral device 1204, and database 1206 are examples of computer-readable and machine-readable media.

[0396] Example process

[0397] In some embodiments, Figure 10-12 The electronic devices, networks, systems, chips, or components, or portions thereof, or implementations thereof, shown in some of the other accompanying figures herein may be configured to perform one or more processes, techniques, or methods, or portions thereof, as described herein. Figure 13The document describes such a process. For example, process 1300 may include: at 1305, providing a first interface with the Distributed Unit (DU), wherein the first interface has a common protocol for the interface between the Centralized Unit Control Plane (CU-CP) and the DU. The process also includes: at 1310, providing a second interface with the Computational Control Function (Comp-CF). The process further includes: at 1315, supporting the Packet Data Convergence Protocol (PDCP) stack at Comp-SF and CU-UP. The process further includes: at 1320, negotiating an encryption algorithm with the CU-CP via the second interface based on the RRC security key.

[0398] Figure 14 Another such process is illustrated. In this example, process 1400 includes: at 1405, establishing a Radio Resource Control (RRC) connection with the Centralized Unit Control Plane (CU-CP) or Computational Control Function (Comp-CF). The process also includes: at 1410, receiving an RRC message including integrity and encryption information from the CU-CP or Comp-CF. The process further includes: at 1415, activating integrity and encryption protection based on the integrity and encryption information.

[0399] Figure 15 Another such process is illustrated. In this example, process 1500 includes: at 1505, encoding a registration request for transmission to the Access and Mobility Management Function (AMF) to access Single Network Slice Selection Auxiliary Information (S-NSSAI). The process also includes: at 1510, receiving instructions for the subscribed S-NSSAI, wherein the subscribed S-NSSAI includes instructions for: Slice / Type of Service (SST), Slice Distinguisser (SD), and Radio Access Network (RAN) Calculated Type of Service.

[0400] For one or more embodiments, at least one component illustrated in one or more of the preceding figures may be configured to perform one or more operations, techniques, processes, and / or methods as described in the Examples section below. For example, the baseband circuitry described above in conjunction with one or more of the preceding figures may be configured to operate according to one or more examples described below. As another example, the circuitry described above in conjunction with one or more of the preceding figures, associated with a UE, base station, network element, etc., may be configured to operate according to one or more examples described in the Examples section below.

[0401] Example

[0402] Example 1 may include a method for implementing support for the PDCP stack at the Comp SF, which supports a first interface with the DU (denoted as C3, e.g., similar to F1-U) and a second interface with the CU-CP (denoted as C4, e.g., similar to E1).

[0403] Example 2 may include the method of Example 1 or some other examples herein, wherein the Comp SF processes the computation service requested by the UE from registration to the RAN CU-CP and supports multiple connections, including one connection with a first RAN node for communication-related data services and one or more connections with the Comp SF as another RAN node for computation-related data services.

[0404] Example 3 may include the method of Example 2 or some other examples in this document, wherein the UE may receive the control signaling message via a third interface (denoted as C1) from the Comp CF interface with the RAN CU-CP by piggybacking the calculated control signaling message in the RRC.

[0405] Example 4 may include the method of Example 3 or some other examples herein, wherein the UE receives a DRB (Data Radio Bearer) from a first RAN node for communication-related data services and receives a CRB-U (Computation Radio Bearer at User Plane) from a Comp SF for computation-related data services.

[0406] Example 5 may include the methods of Example 3 or Example 4 or some other examples herein, wherein the UE receives CRB-C (Computed Radio Bearer at the Control Plane) from the Comp CF for calculating control signaling messages.

[0407] Example 6 may include the methods of Example 3 or some other examples in this document, wherein the RAN calculates the security keys for CF and RAN CompSF based on KgNB or KgNB-cf.

[0408] Example 7 may include the methods of Example 6 or some other examples in this document, where KgNB is a security key for communication services generated by the AMF of the RAN node.

[0409] Example 8 may include the methods of Example 6 or some other examples in this document, wherein KgNB-cf is a security key for computing services generated by AMF, or kgNB-cf is a security key for computing services generated by gNB based on KgNB.

[0410] Example 9 may include the methods of Example 7 or 8 or some other examples in this document, wherein the RAN CU-CP generates a Kcf for the RAN Comp CF and sends it to the RAN Comp CF.

[0411] Example 10 may include the methods of Example 9 or some other examples in this document, wherein Comp CF generates integrity and encryption keys for calculating the security protection of control signaling messages.

[0412] Example 11 may include the methods of Example 7 or 8 or some other examples in this document, wherein the RAN CU-CP generates a Ksf for the RAN Comp SF and sends it directly or via the RAN Compte CF to the RAN Compute SF.

[0413] Example 12 may include the methods of Example 11 or some other examples in this document, wherein Comp SF generates integrity and encryption keys for security protection of computing-related data services.

[0414] Example 13 may include the methods of Example 2 or some other examples herein, wherein the communication established between the UE and the RAN Comp SF is protected at the PDCP layer using information (e.g., key counters and algorithms) stored in the RAN Computation Security Context.

[0415] Example 14 may include the methods of Example 13 or some other examples herein, wherein the RAN CU-CP and RAN CompSF negotiate an encryption algorithm directly or via Comp CF by sending a Comp SF add / modify request message that includes Ksf, UE security capabilities and compute security policies.

[0416] Example 15 may include the method of Example 14 or some other examples herein, wherein Comp SF selects a security algorithm and generates a security context, and sends a confirmation message to RAN CU-CP including the selected algorithm and an indication to use integrity and cryptographic protection for the computing service.

[0417] Example 16 may include the method of Example 15 or some other examples herein, wherein the CU-CP sends an RRC connection reconfiguration request message to the UE, which includes information related to the RAN computing session (e.g., computing key counter, selected algorithm, and indication of using integrity and encryption protection for computing services).

[0418] Example 17 may include the methods of Example 16 or some other examples in this document, wherein the computed key counters may be the same or different for both Comp CF and CompSF.

[0419] Example 18 may include the methods of Example 17 or some other examples in this document, where the security keys for both Kcf and Ksf are updated simultaneously for the same computed key counter.

[0420] Example 19 may include the methods of Example 17 or some other examples in this document, wherein the security keys of Kcf and Ksf may be updated based on the corresponding computational security policies for different computational key counters.

[0421] Example 20 may include the method of Example 16 or some other examples herein, wherein the UE, upon receiving an RRC connection reconfiguration request message, derives an encryption key from Ksf (based on a key counter and a selected algorithm).

[0422] Example 21 may include the method of Example 20 or some other examples in this document, wherein the UE replies to the CU-CP or Comp CF with an RRC Connection ReConfig response message.

[0423] Example 22 may include the method of Example 21 or some other examples herein, wherein the CU-CP or Comp CF sends a Comp SF reconfiguration complete message to the Comp SF to confirm the multiple connections established in the UE.

[0424] Example 23 may include the method of Example 22 or some other examples in this document, wherein Comp SF derives the encryption key from Ksf (based on a key counter and a selected algorithm) upon receiving an RRC connection reconfiguration request message.

[0425] Example 24 may include the methods of Example 23 or some other examples in this document, wherein both the UE and the Comp SF activate security protections for the encryption and integrity of computation-related data messages.

[0426] Example 25 may include the methods of Example 13 or some other examples herein, wherein the computation control connection established between the UE and the RAN Comp CF is protected by using information (e.g., key counters and algorithms) stored in the RAN computation security context.

[0427] Example 26 may include the methods of Examples 25 and 14 or some other examples herein, wherein the RAN CU-CP and RANComp CF negotiate the encryption algorithm by sending a Comp CF add / modify request message that includes the Kcf, UE security capabilities, and compute security policy.

[0428] Example 27 may include the method of Example 15 or some other examples herein, wherein the Comp CF selects a security algorithm and generates a security context, and sends an acknowledgment message to the RAN CU CP including the selected algorithm and an indication to use integrity and cryptographic protection for the computing service.

[0429] Example 28 may include the methods of Examples 27 and 16 or some other examples herein, wherein the CU-CP sends an RRC connection reconfiguration request message to the UE, which includes information related to the RAN computing session (e.g., computing key counters for Comp CF and / or Comp SF, selected algorithms for computing control signaling and computing data services, and indications of computing services for which integrity and encryption protection are used for computing control signaling and computing data services).

[0430] Example 29 includes a method that includes:

[0431] The first interface with the Distributed Unit (DU) is provided by the Compute Service Function (Comp-SF);

[0432] The Comp-SF provides a second interface with the Computational Control Function (Comp-CF); and

[0433] Comp-SF supports the Packet Data Convergence Protocol (PDCP) stack using the first and second interfaces.

[0434] Example 30 includes the methods of Example 29 or some other examples in this document, wherein the first interface is used to provide a user data plane path between DU and Comp-SF.

[0435] Example 31 includes the methods of Example 29 or some other examples herein, wherein the first interface has a common protocol for the interface between the Centralized Unit Control Plane (CU-CP) and the DU.

[0436] Example 32 includes the method of Example 29 or some other examples herein, wherein the method further includes: receiving a Radio Resource Control (RRC) security key by Comp-SF via a second interface.

[0437] Example 33 includes the methods of Example 32 or some other examples in this document, and also includes: negotiating an encryption algorithm with CU-CP via a second interface by Comp-SF.

[0438] Example 34 includes the methods of Example 33 or some other examples in this paper, and also includes: selecting a security algorithm based on the RRC security key by Comp-SF and generating a security context.

[0439] Example 35 includes the method of Example 34 or some other examples herein, and further includes: sending an acknowledgment message, including an indication of a selected security algorithm, from Comp-SF to CU-CP via a second interface.

[0440] Example 36 includes the methods of Example 29 or some other examples in this document, and also includes: providing the RRC stack and RRC connection to the user equipment (UE) by Comp-SF.

[0441] Example 37 includes methods from Example 29 or some other examples in this article, and also includes:

[0442] The Comp-SF receives the reconfiguration complete message from the CU-CP via the second interface; and

[0443] Upon receiving a reconfiguration complete message, integrity and encryption protection are activated by Comp-SF.

[0444] Example 38 includes a method that includes:

[0445] Establish Radio Resource Control (RRC) connections with the Centralized Unit Control Plane (CU-CP) or Computational Control Function (Comp-CF);

[0446] Receive RRC messages containing integrity and encryption information from CU-CP or Comp-CF; and

[0447] Activate integrity and encryption protection based on integrity and encrypted information.

[0448] Example 39 includes the methods of Example 38 or some other examples in this document, wherein the RRC message includes one or more of the following: an indication to compute a key counter and an indication of a selected security algorithm.

[0449] Example 40 includes the method of Example 39 or some other examples in this paper, wherein the method further includes: deriving an encryption key based on a computed key counter and a selected security algorithm.

[0450] Example 41 includes the methods of Example 39 or some other examples in this document, and also includes sending an RRC connection reconfiguration response message to the CU-CP or Comp-CF.

[0451] Example 42 includes a method of any of Examples 38-41 or some other examples herein, wherein the method is performed by a user equipment (UE) or a portion thereof.

[0452] [Solutions 1 and 2]

[0453] Example A1 may include a method for implementing computing service support at a RAN node close to the UE via RAN computing functions (including one or more RAN Comp CF and RANComp SF), wherein the network operator provides both computing services and connectivity services in the 5G network to the end user. For example, the network operator also acts as an ASP in its 5G network, or the network operator and the ASP have a service level agreement (SLA) for the ASP / CSP / ECSP to provide computing services at the RAN computing function close to its end user in the network operator's 5G network.

[0454] Example A2 may include the approach of [Solution 2 Option 1] Example A1 or some other examples in this document, wherein, for computing services provided by network operators, S-NSSAI consists of a slice / service type (SST) and a slice distinguisher (SD) with new values ​​defined for the computing service, the SD distinguishing multiple network slices of the same slice / service type.

[0455] Example A3 may include the approach of [Solution 2 Option 1] Example A2 or some other examples in this document, wherein the SD may include the following information: the identifier of the network operator or ASP providing the computing service, and one or more application IDs.

[0456] Example A4 may include the approach of [Solution 2 Option 2] Example A1 or some other examples in this document, wherein, for computing services provided by network operators, in addition to SST and SD for connectivity services provided by 5G network operators, a new optional IE is defined in S-NSSAI, the service type of computing services for RAN computing (STCMP).

[0457] Example A5 may include the approach of [Solution 2 Option 3] Example A1 or some other examples in this document, wherein, for computing services provided by network operators, a new computing service slice is defined as C-NSSAI, which is different from S-NSSAI used for connectivity services, and is defined as C-SST (service and slice type for computing services) and C-SD (service differentiation for computing services of a particular C-SST).

[0458] Example A6 may include the approach of [Solution 2 Option 3] Example A5 or some other examples in this document, wherein C-SST can be defined based on the type of service provider used for computing services (e.g., network operator (Scenario 1) or application provider (Scenario 2)), and C-SD is an optional IE that provides additional information (including application ID) to the UE for computing service slicing.

[0459] [Solution 3]: Subscription information related to computing services

[0460] Example A7 may include the methods of Example A3 or A4 or A6 or some other examples in this document, wherein the UE’s subscription information contains one or more slices of compute services for subscription, such as S-NSSAI (Option 1 / Option 2 in Solution 2) or C-NSSAI (Option 3 in Solution 2).

[0461] Example A8 may include the methods of Example A7 or some other examples in this paper, wherein, for each slice of computation service subscribed to, the subscription information additionally includes: a list of RAN-DNNs subscribed to and a default RAN-DNN for RAN computation.

[0462] Example A9 may include the methods of Example A8 or some other examples in this paper, where a default RAN-DNN value is defined for RAN computation.

[0463] Example A10 may include the methods of Example A8 or some other examples in this document, where RAN-DNN values ​​can be used to represent RAN computing services provided by ASP / CSP / ECSP.

[0464] Example A11 may include the methods of Example A7 or some other examples in this document, wherein the subscription information additionally includes an indication of whether S-NSSAI is marked as a slice of compute services for the default subscription.

[0465] Example A12 may include the methods of Example A11 or some other examples in this document, wherein the subscription information additionally includes an indication of whether the compute service slice is subject to compute slice-specific authentication and authorization, and the associated AAA server address, similar to network slice-specific authentication.

[0466] [Solution 4]: Authentication and authorization for network slice-specific or compute service slices

[0467] Example A13 may include the approach of Example A11 or some other examples herein, wherein, based on subscription information for the compute service slice (e.g., S-NSSAI or C-NSSAI), as part of the initial registration process, the AMF triggers network slice-specific authentication and authorization via an AAA server (AAA-S), which may be hosted by an H-PLMN operator or an application service provider (ASP, a third party), having the following principles for connecting services to network slices as indicated in Clause 16 of TS33.501.

[0468] Example A14 may include the methods of Example A12 or some other examples in this document, in which the AMF performs the role of an EAP authenticator and communicates with AAA-S via the AUSF, which assumes any AAA protocol interoperability with the AAA protocols supported by AAA-S.

[0469] Example A15 may include the methods of Example A14 or some other examples in this document, where, if AAA-S is an ASP (third party), the NSSAA function contacts AAA-S via AAA-P. The NSSAA function and AAA-P can co-locate.

[0470] [Solution 4.1]

[0471] Example A16 may include the methods of Example A15 or some other examples in this document, wherein when the ASP provides computing services at a 5G network, the AAA-S may be provided by the ASP for its computing service slice, and the ASP provides the address information of the AAA-S (e.g., AAA-S ID, IP address, and port number, etc.) in the SLA with the network operator for the computing service.

[0472] Example A17 may include the methods of Example A16 or some other examples in this document, wherein, based on the SLA, the NSSAA function contacts AAA-S via AAA-P, wherein the NSSAA function and AAA-P can co-locate, and AAA-S replies the authentication result to NSSAA via AAA-P.

[0473] [Solution 4.2] (AMF Triggered)

[0474] Example A18 may include the methods of Example A17 or some other examples herein, wherein, for compute service slices, compute slice-specific authentication and authorization between the UE and the AAA server (AAA-S) uses a user ID (e.g., denoted as NAI) and credentials that are different from 3GPP subscription credentials (e.g., SUPI and credentials for PLMN access) and occur after the primary authentication.

[0475] Example A19 may include the methods of Example A18 or some other examples in this document, wherein, for compute slice authentication and authorization, slice information may be S-NSSAI (Solution 2, Option 1, Option 2) or C-NSSAI (Solution 2, Option 3), and the EAP framework is used for compute slice-specific authentication and authorization between the UE and the AAA server.

[0476] [Solution 5]: Compute service slice-specific authentication and authorization via RAN compute functionality

[0477] Example A20 may include the method of Example A11 or some other examples herein, wherein, for the ASP providing computing services, as part of the computing session establishment process, an authentication request is sent via the RAN Comp-CF to the AAA-S provided by the ASP / CSP / ECSP based on the UE context containing information about permitted S-NSSAI or C-NSSAI stored at the RAN node to initiate computing service slice-specific authentication and authorization.

[0478] Example A21 may include the method of Example A20 or some other examples herein, wherein when an application requiring computing services is launched, the UE that receives the application request initiates the RAN computing session establishment process by instructing the following information: computing service slice information (e.g., allowed S-NSSAI or C-NSSAI), and the user ID (e.g., represented as a network access identifier (NAI)) of the user subscribing to computing services provided by the ASP / CSP / ECSP.

[0479] Example A22 may include the methods of Example A21 or some other examples in this document, wherein the registered RAN node selects the RAN Comp-CF based on the following information: the requested S-NSSAI or C-NSSAI and the stored RAN network configuration information.

[0480] Example A23 may include the methods of Example A22 or some other examples in this document, wherein the RAN Comp-CF initiates a compute service slice-specific authentication and authorization process by sending an authentication request to the AAA-S provided by the ASP / CSP / ECSP.

[0481] Example A24 may include the approach of Example A23 or some other examples in this document, wherein, based on the result of the authentication response, the RAN Comp-CF selects the RAN Comp-SF and, if authentication is successful, responds with a success result to the RAN node (e.g., CU-CP); otherwise, the RAN Comp-CF returns the authentication result and the reason for rejection to the RAN node (e.g., CU-CP).

[0482] Example X1 includes an apparatus for a Computational Service Function (Comp-SF), comprising:

[0483] Memory for storing Radio Resource Control (RRC) security keys; and

[0484] Processing circuitry, coupled to the memory, is used for:

[0485] Provide a first interface with the distributed unit (DU), wherein the first interface has a common protocol for the interface between the centralized unit control plane (CU-CP) and the DU;

[0486] Provides a second interface with the Computational Control Function (Comp-CF);

[0487] Support the Packet Data Convergence Protocol (PDCP) stack at Comp-SF and CU-UP; and

[0488] Based on the RRC security key, the encryption algorithm is negotiated with CU-CP via the second interface.

[0489] Example X2 includes the apparatus of Example X1 or some other examples herein, wherein the processing circuitry is further configured to: receive an RRC security key via a second interface.

[0490] Example X3 includes the apparatus of Example X1 or some other examples herein, wherein the processing circuitry is further configured to: select a security algorithm based on the RRC security key and generate a security context.

[0491] Example X4 includes the apparatus of Example X3 or some other examples herein, wherein the processing circuitry is further configured to: send an acknowledgment message, including an indication of a selected security algorithm, to the CU-CP via a second interface.

[0492] Example X5 includes the apparatus of Example X1 or some other examples herein, wherein the processing circuitry is further configured to:

[0493] Receive the reconfiguration completion message from CU-CP via the second interface; and

[0494] Upon receiving a reconfiguration complete message, activate integrity and encryption protection.

[0495] Example X6 includes the apparatus of any of Examples X1-X5 or some other examples herein, wherein the processing circuitry is further configured to: provide the user equipment (UE) with an RRC stack and an RRC connection.

[0496] Example X7 includes one or more computer-readable media storing instructions that, when executed by one or more processors, cause the user equipment (UE) to:

[0497] Establish Radio Resource Control (RRC) connections with the Centralized Unit Control Plane (CU-CP) or Computational Control Function (Comp-CF);

[0498] Receive RRC messages containing integrity and encryption information from CU-CP or Comp-CF; and

[0499] Activate integrity and encryption protection based on integrity and encrypted information.

[0500] Example X8 includes one or more computer-readable media, such as Example X7 or some other examples herein, wherein the RRC message includes one or more of the following: an indication to compute a key counter, and an indication of a selected security algorithm.

[0501] Example X9 includes one or more computer-readable media, such as Example X8 or some other examples herein, wherein the memory also stores instructions for enabling the UE to derive an encryption key based on a computed key counter and a selected security algorithm.

[0502] Example X10 includes one or more computer-readable media, such as Example X8 or some other examples herein, wherein the memory also stores instructions for causing the UE to send an RRC connection reconfiguration response message to the CU-CP or Comp-CF.

[0503] Example X11 includes one or more computer-readable media storing instructions that, when executed by one or more processors, cause the user equipment (UE) to:

[0504] The registration request is encoded for transmission to the Access and Mobility Management Function (AMF) to access Single Network Slice Selection Assistance Information (S-NSSAI); and

[0505] Instructions for receiving subscribed S-NSSAI, wherein the subscribed S-NSSAI includes the following instructions: Slice / Service Type (SST), Slice Distinguisor (SD), and Radio Access Network (RAN) Computation Service Type.

[0506] Example X12 includes one or more computer-readable media such as Example X11 or some other examples herein, wherein the SD includes instructions from a network operator or application service provider (ASP) providing computing services, or instructions from one or more application identifiers.

[0507] Example X13 includes one or more computer-readable media of Example X11 or some other examples herein, wherein the subscribed S-NSSAI also includes an indication of the type of service (STCMP) of the computing service.

[0508] Example X14 includes one or more computer-readable media, such as Example X11 or some other examples herein, wherein the UE also receives an indication of Computational Network Slice Selection Assistance Information (C-NSSAI) associated with computing services provided by a network operator.

[0509] Example X15 includes one or more computer-readable media, such as Example X14 or some other examples herein, wherein C-NSSAI includes an indication of compute service and slice type (C-SST) and an indication of compute service differentiation (C-SD) for a particular C-SST.

[0510] Example X16 includes one or more computer-readable media of Example X15 or some other examples in this document, wherein C-SST is associated with the type of service provider of the computing service.

[0511] Example X17 includes one or more computer-readable media of Example X15 or some other examples herein, wherein the C-SD includes an indication of an application identifier.

[0512] Example X18 includes one or more computer-readable media, such as Example X11 or some other examples herein, wherein the subscription information stored by the UE includes indications of one or more slices of computing services for subscription.

[0513] Example X19 includes one or more computer-readable media, such as Example X18 or some other examples herein, wherein the subscription information also includes an indication of a list of subscribed Radio Access Network-Data Network Names (RAN-DNNs).

[0514] Example X20 includes one or more computer-readable media, such as Example X19 or some other examples herein, wherein the RAN-DNN list includes indications of the default RAN-DNN used for RAN computation.

[0515] Example X21 includes one or more computer-readable media, such as Example X19 or some other examples herein, wherein the RAN-DNN list includes indications for RAN-DNN values ​​representing computing services provided by an ASP, cloud service provider (CSP), or edge computing service provider (ECSP).

[0516] Example X22 includes one or more computer-readable media, such as Example X18 or some other examples herein, wherein the subscription information also includes an indication of whether the subscribed S-NSSAI is marked as a slice of computing services subscribed to by default.

[0517] Example X23 includes one or more computer-readable media, such as Example X18 or some other examples herein, wherein the subscription information also includes instructions on whether the subscribed computing service slice is subject to computing slice-specific authentication and authorization.

[0518] Example Z01 may include an apparatus comprising components for performing one or more elements of the method described or associated with any of Examples 1-X23, or any other method or process described herein.

[0519] Example Z02 may include one or more non-transitory computer-readable media, including instructions that, when executed by one or more processors of an electronic device, cause the electronic device to perform one or more elements of the methods described or associated with any of Examples 1-X23, or any other methods or processes described herein.

[0520] Example Z03 may include an apparatus comprising logic, modules, or circuitry for performing one or more elements of the methods described or associated with any of Examples 1-X23, or any other methods or processes described herein.

[0521] Example Z04 may include any of the methods, techniques or processes described or associated with any of Examples 1-X23, or in part or in section thereof.

[0522] Example Z05 may include an apparatus comprising: one or more processors and one or more computer-readable media including instructions that, when executed by the one or more processors, cause the one or more processors to perform any of the methods, techniques or processes described or associated with any of Examples 1-X23, or in part or in section thereof.

[0523] Example Z06 may include any of the signals described or associated with any of Examples 1-X23, or in any part or section thereof.

[0524] Example Z07 may include datagrams, packets, frames, segments, protocol data units (PDUs) or messages as described or associated with any of Examples 1-X23, or in part or in section thereof, or otherwise described in this disclosure.

[0525] Example Z08 may include a signal encoded with data as described in any of Examples 1-X23, or in parts or sections thereof, or related to a threshold, or otherwise described in this disclosure.

[0526] Example Z09 may include signals encoded as datagrams, packets, frames, segments, protocol data units (PDUs) or messages as described or associated with any of Examples 1-X23, or in part or in section thereof, or otherwise described in this disclosure.

[0527] Example Z10 may include an electromagnetic signal carrying computer-readable instructions, wherein one or more processors execute the computer-readable instructions to cause one or more processors to perform any of Examples 1-X23, or parts thereof, the methods, techniques or processes described or associated with them.

[0528] Example Z11 may include a computer program containing instructions, wherein the processing element executes the program to cause the processing element to perform any of Examples 1-X23, or parts thereof, the methods, techniques or processes described or associated with them.

[0529] Example Z12 may include signals from wireless networks as shown and described herein.

[0530] Example Z13 may include methods for communicating in a wireless network as shown and described herein.

[0531] Example Z14 may include a system for providing wireless communications as shown and described herein.

[0532] Example Z15 may include devices for providing wireless communications as shown and described herein.

[0533] Unless otherwise expressly stated, any of the foregoing examples may be combined with any other example (or combination of examples). The foregoing description of one or more implementations provides illustration and description, but is not intended to be exhaustive or to limit the scope of the embodiments to the precise forms disclosed. Modifications and variations are possible in accordance with the foregoing teachings, or may be obtained from practice with various embodiments.

[0534] abbreviation

[0535] Unless used differently herein, the terms, definitions, and abbreviations may be consistent with those defined in 3GPP TR21.905v16.0.0 (2019-06). For the purposes of this document, the following abbreviations may be applied to the examples and embodiments discussed herein.

[0536] 3GPP Third Generation Partner Program

[0537] 4G fourth generation

[0538] 5G (Fifth Generation)

[0539] 5GC 5G Core Network

[0540] ACK confirmation

[0541] AF application functions

[0542] AM Confirmation Mode

[0543] AMBR Aggregated Maximum Bit Rate

[0544] AMF Access and Mobility Management Functions

[0545] AN access network

[0546] ANR Automatic Neighbor Relations

[0547] AP application protocol, antenna port, access point

[0548] API (Application Programming Interface)

[0549] APN (Access Point Name)

[0550] ARP allocation and retention priority

[0551] ARQ Automatic Retransmission Request

[0552] AS Access Layer

[0553] ASN.1 Abstract Syntax Notation 1

[0554] AUSF Authentication Server Functionality

[0555] AWGN Additive White Gaussian Noise

[0556] BAP Backhaul Adaptation Protocol

[0557] BCH Broadcast Channel

[0558] BER (Bit Error Rate)

[0559] BFD Beam Fault Detection

[0560] BLER block error rate

[0561] BPSK (Binary Phase Shift Keying)

[0562] BRAS Broadband Remote Access Server

[0563] BSS Business Support System

[0564] BS base station

[0565] BSR Buffer Status Report

[0566] BW bandwidth

[0567] BWP partial bandwidth

[0568] C-RNTI Cell Radio Network Temporary Identifier

[0569] CA carrier aggregation, authentication authority

[0570] CAPEX (Capital Expenditure)

[0571] CBRA (Contest-Based Random Access)

[0572] CC component carrier, country code, and secret checksum

[0573] CCA Idle Channel Assessment

[0574] CCE Control Channel Element

[0575] CCCH Common Control Channel

[0576] CE coverage enhancement

[0577] CDM Content Delivery Network

[0578] CDMA Code Division Multiple Access

[0579] CFRA (Contentless Random Access)

[0580] CG Community Group

[0581] CI Community Identity

[0582] CID (Cell ID, e.g., location method)

[0583] CIM (Common Information Model)

[0584] CIR Carrier-to-Dry Ratio

[0585] CK key

[0586] CM connection management, conditional enforcement

[0587] CMAS Business Mobile Alarm Service

[0588] CMD command

[0589] CMS Cloud Management System

[0590] CO Conditional Options

[0591] CoMP Coordination Multipoint

[0592] CORESET Control Resource Set

[0593] COTS Commercial Spot

[0594] CP control plane, cyclic prefix, and connection point

[0595] CPD Connection Point Descriptor

[0596] CPE User Premises Equipment

[0597] CPICH Common Pilot Channel

[0598] CQI Channel Quality Indicator

[0599] CPU CSI processing unit, central processing unit

[0600] C / R command / response fields, bits

[0601] CRAN Cloud Wireless Access Network, Cloud RAN

[0602] CRB Public Resource Block

[0603] CRC Cyclic Redundancy Check

[0604] CRI Channel Status Information Resource Indicator, CSI-RS Resource Indicator

[0605] C-RNTI Community RNTI

[0606] CS circuit switching

[0607] CSAR Cloud Service Archive

[0608] CSI Channel State Information

[0609] CSI-IM CSI Interference Measurement

[0610] CSI-RS CSI Reference Signal

[0611] CSI-RSRP CSI Reference Signal Received Power

[0612] CSI-RSRQ CSI reference signal reception quality

[0613] CSI-SINR and CSI signal-to-interference-plus-noise ratio

[0614] CSMA (Carrier Sense Multiple Access)

[0615] CSMA / CA with Conflict Avoidance

[0616] CSS public search space, Cell-specific search space

[0617] CTS Clear Send

[0618] CW coding

[0619] CWS Competition Window Size

[0620] D2D device to device

[0621] DC dual connection, DC

[0622] DCI Downlink Control Information

[0623] DF Deployment Style

[0624] DL downlink

[0625] DMTF Distributed Management Task Group

[0626] DPDK Data Plane Development Kit

[0627] DM-RS Demodulation Reference Signal

[0628] DN Data Network

[0629] DRB data radio bearer

[0630] DRS detects reference signal

[0631] DRX discontinuous reception

[0632] DSL Domain-Specific Language, Digital Subscriber Line

[0633] DSLAM (DSL Access Multiplexer)

[0634] DwPTS Downlink Pilot Time Slot

[0635] E-LAN ​​Ethernet LAN

[0636] E2E end-to-end

[0637] ECCA Extended Idle Channel Assessment, Extended CCA

[0638] ECCE Enhanced Control Channel Element, Enhanced CCE

[0639] ED energy detection

[0640] EDGE enhances data rates as part of GSM evolution.

[0641] EGMF Open Control Management Function

[0642] EGPRS Enhanced GPRS

[0643] EIR Device Identifier Register

[0644] eLAA Enhanced Authorization Assisted Access, Enhanced LAA

[0645] EM Component Manager

[0646] eMBB Enhanced Mobile Broadband

[0647] EMS Component Management System

[0648] eNB evolution Node B, E-UTRAN Node B

[0649] EN-DC E-UTRA-NR Dual Connection

[0650] EPC Evolution Group Core

[0651] EPDCCH (Enhanced PDCCH, Enhanced Physical Downlink Control Channel)

[0652] EPRE per resource energy element

[0653] EPS Evolution Grouping System

[0654] EREG (Enhanced REG, Enhanced Resource Element Group)

[0655] ETSI (European Telecommunications Standards Institute)

[0656] ETWS Earthquake and Tsunami Warning System

[0657] eUICC Embedded UICC, Embedded General-Purpose Integrated Circuit Card

[0658] E-UTRA Evolution UTRA

[0659] E-UTRAN Evolution UTRAN

[0660] EV2X Enhanced V2X

[0661] F1AP F1 Application Protocol

[0662] F1-C F1 Control Plane Interface

[0663] F1-U F1 User Plane Interface

[0664] FACCH (Fast Association Control Channel)

[0665] FACCH / F Fast Association Control Channel / Full Rate

[0666] FACCH / H Fast Association Control Channel / Half Rate

[0667] FACH Forward Access Channel

[0668] FAUSCH Fast Uplink Signaling Channel

[0669] FB function block

[0670] FBI feedback information

[0671] FCC (Federal Communications Commission)

[0672] FCCH Frequency Correction Channel

[0673] FDD (Frequency Division Duplex)

[0674] FDM (Frequency Division Multiplexing)

[0675] FDMA (Frequency Division Multiple Access)

[0676] FE front end

[0677] FEC Forward Error Correction

[0678] Further research on FFS

[0679] FFT (Fast Fourier Transform)

[0680] feLAA further enhances authorized assisted access and further enhances LAA.

[0681] FN Frame Number

[0682] FPGA (Field Programmable Gate Array)

[0683] FR frequency range

[0684] G-RNTI GERAN wireless network temporary identifier

[0685] GERAN GSM EDGE RAN, GSM EDGE radio access network

[0686] GGSN Gateway GPRS Support Nodes

[0687] GLONASS GLObal'naya NAvigatsionnaya Sputnikovaya Sistema (English: Global Navigation Satellite System)

[0688] gNB Next Generation NodeB

[0689] gNB-CU gNB centralized unit, next-generation NodeB centralized unit

[0690] gNB-DU gNB Distributed Unit, Next-Generation NodeB Distributed Unit

[0691] GNSS Global Navigation Satellite System

[0692] GPRS General Packet Radio Service

[0693] GSM Global System for Mobile Communications, Groupe Spécial Mobile

[0694] GTP GPRS Tunneling Protocol

[0695] GTP-U GPRS User Plane Tunneling Protocol

[0696] GTS (related to WUS) sleep entry signal

[0697] GUMMEI is a globally unique MME identifier.

[0698] GUTI Globally Unique Temporary UE Identifier

[0699] HARQ (Hybrid ARQ, Hybrid Automatic Repeat Request)

[0700] HANDO switch

[0701] HFN Super Frame Rate

[0702] HHO hard switch

[0703] HLR Home Location Register

[0704] HN Home Network

[0705] HO switch

[0706] HPLMN Home Public Land Mobile Network

[0707] HSDPA High-Speed ​​Downlink Packet Access

[0708] HSN Frequency Hopping Serial Number

[0709] HSPA High-Speed ​​Packet Access

[0710] HSS Home User Server

[0711] HSUPA High-Speed ​​Uplink Packet Access

[0712] HTTP (Hypertext Transfer Protocol)

[0713] HTTPS (Hypertext Transfer Protocol Secure) is an HTTP / 1.1 protocol over SSL, operating on port 443.

[0714] I-Block Message Block

[0715] ICCID Integrated Circuit Card Identifier

[0716] IAB Integration Access and Backhaul

[0717] ICIC Inter-cell Interference Coordination

[0718] ID identifier

[0719] IDFT (Inverse Discrete Fourier Transform)

[0720] IE Information

[0721] IBE In-band Launch

[0722] IEEE Institute of Electrical and Electronics Engineers

[0723] IEI Element Identifier

[0724] IEIDL Cell Identifier Data Length

[0725] IETF Internet Engineering Task Force

[0726] IF Infrastructure

[0727] IM interference measurement, intermodulation, IP multimedia

[0728] IMC IMS Certificate

[0729] IMEI International Mobile Equipment Identity

[0730] IMGI International Mobility Group logo

[0731] IMPI IP Multimedia Private Identifier

[0732] IMPU IP Multimedia Public Signage

[0733] IMS IP Multimedia Subsystem

[0734] IMSI (International Mobile Subscriber Identity)

[0735] IoT (Internet of Things)

[0736] IP Internet Protocol

[0737] IPsec security, Internet Protocol security

[0738] IP-CAN IP-connection access network

[0739] IP-M IP Multicast

[0740] IPv4 (Internet Protocol Version 4)

[0741] IPv6 (Internet Protocol Version 6)

[0742] IR infrared light

[0743] IS Synchronization

[0744] IRP Integration Reference Point

[0745] ISDN (Integrated Services Digital Network)

[0746] ISIM IM Service Identity Module

[0747] ISO International Organization for Standardization

[0748] ISP (Internet Service Provider)

[0749] IWF Interoperability

[0750] I-WLAN Interconnection WLAN

[0751] Convolutional code constraint length, USIM individual key

[0752] kB (kilobytes)

[0753] kbps

[0754] Kc key

[0755] Ki Personal User Authentication Key

[0756] KPI (Key Performance Indicator)

[0757] KQI (Key Quality Indicators)

[0758] KSI Key Set Identifier

[0759] ksps (kilosymbols per second)

[0760] KVM kernel virtual machine

[0761] L1 Layer 1 (Physical Layer)

[0762] L1-RSRP Layer 1 Reference Signal Received Power

[0763] Layer 2 (Data Link Layer)

[0764] Layer 3 (Network Layer)

[0765] LAA Authorized Assisted Access

[0766] LAN (Local Area Network)

[0767] LBT Listen before you speak

[0768] LCM Lifecycle Management

[0769] LCR Low Chip Rate

[0770] LCS Location Services

[0771] LCID Logical Channel ID

[0772] LI layer indication

[0773] LLC logical link control, lower-layer compatibility

[0774] LPLMN Local PLMN

[0775] LPP LTE positioning protocol

[0776] LSB (Least Significant Bit)

[0777] LTE Long Term Evolution

[0778] LWA LTE-WLAN aggregation

[0779] LWIP integrates LTE / WLAN wireless levels with IPsec tunneling.

[0780] LTE Long Term Evolution

[0781] M2M (Machine to Machine)

[0782] MAC Media Access Control (Protocol Layering Context)

[0783] MAC Message Authentication Code (Security / Encryption Context)

[0784] MAC-A is the MAC used for authentication and key negotiation (TSG T WG3 context).

[0785] MAC-I is the MAC (TSG T WG3 context) used for data integrity of signaling messages.

[0786] MANO Management and Scheduling

[0787] MBMS Multimedia Broadcast and Multicast Services

[0788] MBSFN Multimedia Broadcast Multicast Service Single Frequency Network

[0789] MCC Mobile Country Code

[0790] MCG Main Cell Group

[0791] MCOT maximum channel occupancy time

[0792] MCS modulation and coding scheme

[0793] MDAF Management Data Analysis Function

[0794] MDAS Management Data Analysis Service

[0795] Minimum Drive Testing (MDT)

[0796] ME mobile devices

[0797] MeNB main eNB

[0798] MER (Missing Message Rate)

[0799] MGL Measurement Gap Length

[0800] MGRP measurement gap repetition cycle

[0801] MIB (Master Information Block) and Management Information Base

[0802] MIMO (Multiple Input Multiple Output)

[0803] MLC Mobile Location Center

[0804] MM Mobility Management

[0805] MME (Mobility Management Entity)

[0806] MN master node

[0807] MnS Management Service

[0808] MO (Measurement Object), Mobile Station Caller

[0809] MPBCH MTC Physical Broadcast Channel

[0810] MPDCCH MTC Physical Downlink Control Channel

[0811] MPDSCH MTC Physical Downlink Shared Channel

[0812] MPRACH MTC Physical Random Access Channel

[0813] MPUSCH MTC Physical Uplink Shared Channel

[0814] MPLS (Multiprotocol Label Switching)

[0815] MS Mobile Station

[0816] MSB Most significant bit

[0817] MSC Mobile Switching Center

[0818] MSI minimum system information, MCH scheduling information

[0819] MSID (Mobile Site Identifier)

[0820] MSIN Mobile Site Identifier

[0821] MSISDN Mobile Subscriber ISDN Number

[0822] MT (Mobile Station) - Called Party, Mobile Terminal

[0823] MTC Machine Type Communication

[0824] mMTC (Massively Multi-Type Communication)

[0825] MU-MIMO (Multi-User MIMO)

[0826] MWUS MTC wake-up signal, MTC WUS

[0827] NACK (Negative Acknowledgment)

[0828] NAI Network Access Identifier

[0829] NAS Non-Access Layer, Non-Access Level

[0830] NCT Network Connection Topology

[0831] NC-JT Non-coherent Joint Transmission

[0832] NEC Network Capabilities Open

[0833] NE-DC NR-E-UTRA Dual Connectivity

[0834] NEF Network Open Functions

[0835] NF Network Functions

[0836] NFP Network Forwarding Path

[0837] NFPD Network Forwarding Path Descriptor

[0838] NFV (Network Functions Virtualization)

[0839] NFVI NFV infrastructure

[0840] NFVO NFV orchestrator

[0841] NG Next Generation

[0842] NGEN-DC NG-RAN E-UTRA-NR Dual Connectivity

[0843] NM Network Manager

[0844] NMS Network Management System

[0845] N-PoP network existence points

[0846] NMIB, N-MIB Narrowband MIB

[0847] NPBCH Narrowband Physical Broadcast Channel

[0848] NPDCCH Narrowband Physical Downlink Control Channel

[0849] NPDSCH Narrowband Physical Downlink Shared Channel

[0850] NPRACH Narrowband Physical Random Access Channel

[0851] NPUSCH Narrowband Physical Uplink Shared Channel

[0852] NPSS Narrowband Master Synchronization Signal

[0853] Narrowband secondary synchronization signal (NSSS)

[0854] NR New Air Sockets, Neighborhood Relations

[0855] NRF NF repository functionality

[0856] NRS Narrowband Reference Signal

[0857] NS Network Services

[0858] NSA Non-Standalone Operation Mode

[0859] NSD Network Service Descriptor

[0860] NSR Network Service Records

[0861] NSSAI Network Slice Selection Auxiliary Information

[0862] S-NNSAI Single NSSAI

[0863] NSSF Network Slice Selection Function

[0864] NW Network

[0865] NWUS narrowband wake-up signal, narrowband WUS

[0866] NZP non-zero power

[0867] O&M Operations and Maintenance

[0868] ODU2 Optical Channel Data Unit - Type 2

[0869] OFDM (Orthogonal Frequency Division Multiplexing)

[0870] OFDMA (Orthogonal Frequency Division Multiple Access)

[0871] Out-of-band (OOB)

[0872] OOS out of sync

[0873] OPEX operating expenses

[0874] OSI Other System Information

[0875] OSS Operation Support System

[0876] OTA (Over-the-Air) Download

[0877] PAPR peak-to-average power ratio

[0878] PAR peak-to-average ratio

[0879] PBCH (Physical Broadcast Channel)

[0880] PC power control, personal computers

[0881] PCC main component carrier, main CC

[0882] PCell main cell

[0883] PCI Physical Cell ID, Physical Cell Identifier

[0884] PCEF policy and billing enforcement functions

[0885] PCF policy control function

[0886] PCRF policy control and billing rules functions

[0887] PDCP (Packet Data Convergence Protocol) and its layer

[0888] PDCCH (Physical Downlink Control Channel)

[0889] PDCP (Packet Data Convergence Protocol)

[0890] PDN (Packet Data Network), Public Data Network

[0891] PDSCH (Physical Downlink Shared Channel)

[0892] PDU Protocol Data Unit

[0893] PEI Permanent Device Identifier

[0894] PFD Packet Flow Description

[0895] P-GW PDN Gateway

[0896] PHICH Physical Hybrid ARQ Indicator Channel

[0897] PHY physical layer

[0898] PLMN Public Land Mobile Network

[0899] PIN Personal Identifier

[0900] PM Performance Measurement

[0901] PMI Precoding Matrix Indicator

[0902] PNF (Physical Network Function)

[0903] PNFD Physical Network Function Descriptor

[0904] PNFR Physical Network Function Record

[0905] PTC on Cellular PTT

[0906] PP, PTP point-to-point

[0907] PPP (Point-to-Point Protocol)

[0908] PRACH Physical RACH

[0909] PRB (Physical Resource Block)

[0910] PRG Physical Resource Block Group

[0911] ProSe ProSe proximity service, proximity-based service

[0912] PRS Positioning Reference Signal

[0913] PRR Packet Receive Radio

[0914] PS Grouping Service

[0915] PSBCH Physical Side Link Broadcast Channel

[0916] PSDCH Physical Side Downlink Channel

[0917] PSCCH (Physical Side Link Control Channel)

[0918] PSFCH Physical Side Link Feedback Channel

[0919] PSSCH Physical Side Link Shared Channel

[0920] PSCell main SCell

[0921] PSS Master Synchronization Signal

[0922] PSTN Public Switched Telephone Network

[0923] PT-RS phase tracking reference signal

[0924] PTT (Press and Talk)

[0925] PUCCH (Physical Uplink Control Channel)

[0926] PUSCH Physical Uplink Shared Channel

[0927] QAM Quadrature Amplitude Modulation

[0928] QCI QoS Class Identifier

[0929] QCL Quasi-co-station

[0930] QFI QoS Flow ID, QoS Flow Identifier

[0931] QoS (Quality of Service)

[0932] QPSK Quadrature Phase Shift Keying

[0933] QZSS Quasi-Zenith Satellite System

[0934] RA-RNTI Random Access RNTI

[0935] RAB (Radio Access Bearer), Random Access Burst

[0936] RACH Random Access Channel

[0937] RADIUS Remote Authentication Dial-in User Service

[0938] RAN (Radio Access Network)

[0939] RAND (for authentication) random numbers

[0940] RAR Random Access Response

[0941] RAT wireless access technology

[0942] RAU Routing Area Update

[0943] RB resource blocks, radio bearers

[0944] RBG resource block group

[0945] REG Resource Element Group

[0946] Rel version

[0947] REQ Request

[0948] RF (Radio Frequency)

[0949] RI Rank Indicator

[0950] RIV resource indicator value

[0951] RL wireless link

[0952] RLC (Radio Link Control) and Radio Link Control Layer

[0953] RLC AM RLC Confirmation Mode

[0954] RLC UM RLC Unconfirmed Mode

[0955] RLF wireless link failure

[0956] RLM wireless link monitoring

[0957] RLM-RS is a reference signal used for RLM.

[0958] RM Registration Management

[0959] RMC Reference Measurement Channel

[0960] RMSI (Remaining MSI, Remaining Minimum System Information)

[0961] RN relay node

[0962] RNC wireless network controller

[0963] RNL Wireless Network Layer

[0964] RNTI (Non-Real-Time Identifier for Wireless Networks)

[0965] ROHC Robust Head Compressor

[0966] RRC (Radio Resource Control) and Radio Resource Control Layer

[0967] RRM Wireless Resource Management

[0968] RS reference signal

[0969] RSRP reference signal received power

[0970] RSRQ reference signal reception quality

[0971] RSSI Received Signal Strength Indicator

[0972] RSU roadside unit

[0973] RSTD (Reference Signal Time Difference)

[0974] RTP Real-Time Protocol

[0975] RTS ready to send

[0976] RTT round trip time

[0977] Rx receiver, receiver, receiver

[0978] S1AP S1 Application Protocol

[0979] S1-MME is used for the S1 control plane.

[0980] S1-U is used for the user plane.

[0981] S-GW Service Gateway

[0982] S-RNTI SRNC Wireless Network Temporary Identifier

[0983] S-TMSI SAE Temporary Mobile Station Identifier

[0984] SA Independent Operation Mode

[0985] SAE System Architecture Evolution

[0986] SAP Service Access Point

[0987] SAPD Service Access Point Descriptor

[0988] SAPI Service Access Point Identifier

[0989] SCC secondary component carrier, secondary CC

[0990] SCell Auxiliary Community

[0991] SC-FDMA Single-Carrier Frequency Division Multiple Access

[0992] SCG Auxiliary Community Group

[0993] SCM Security Context Management

[0994] SCS Subcarrier Spacing

[0995] SCTP (Stream Control Transfer Protocol)

[0996] SDAP Service Data Adaptation Protocol, Service Data Adaptation Protocol Layer

[0997] SDL supplements downlink

[0998] SDNF (Structured Data Storage Network) Functionality

[0999] SDP Session Description Protocol

[1000] SDSF structured data storage function

[1001] SDU Service Data Unit

[1002] SEAF Safety Anchoring Function

[1003] SeNB and eNB

[1004] SEPP Secure Edge Protection Agent

[1005] SFI Slot Format Indicator

[1006] SFTD (Spatial Frequency Time Diversity), SFN (Spatial Frequency Number), and Frame Timing Difference

[1007] SFN system frame number or single-frequency network

[1008] SgNB auxiliary gNB

[1009] SGSN service GPRS supported nodes

[1010] S-GW Service Gateway

[1011] SI System Information

[1012] SI-RNTI System Information RNTI

[1013] SIB System Information Block

[1014] SIM User Identity Module

[1015] SIP Session Initiation Protocol

[1016] SiP (System-in-Package)

[1017] SL side link

[1018] SLA (Service Level Agreement)

[1019] SM Session Management

[1020] SMF Session Management Function

[1021] SMS Short Message Service

[1022] SMSF SMS Function

[1023] SMTC Measurement Timing Configuration Based on SSB

[1024] SN (Secondary Node), Serial Number

[1025] SoC (System-on-a-Chip)

[1026] SON Self-Organizing Network

[1027] SpCell Special Cell

[1028] SP-CSI-RNTI Semi-permanent CSI RNTI

[1029] SPS Semi-Permanent Scheduling

[1030] SQN serial number

[1031] SR scheduling request

[1032] SRB Signaling Radio Bearer

[1033] SRS Detection Reference Signal

[1034] SS synchronization signal

[1035] SSB SS block

[1036] SSBRI SSB Resource Instructions

[1037] SSC Session and Service Continuity

[1038] SS-RSRP Reference Signal Received Power Based on Synchronization Signal

[1039] SS-RSRQ Reference Signal Reception Quality Based on Synchronization Signal

[1040] SS-SINR is the signal-to-interference-plus-noise ratio based on the synchronization signal.

[1041] SSS auxiliary synchronization signal

[1042] SSSG Search Space Group

[1043] SSSIF Search Space Set Indicator

[1044] SST slices / service types

[1045] SU-MIMO (Single-User MIMO)

[1046] SUL supplements uplink

[1047] TA tracks the area in advance on a scheduled basis.

[1048] TAC Tracking Area Code

[1049] TAG Timed Advance Group

[1050] TAU tracking area update

[1051] TB transfer block

[1052] TBS (Transfer Block Size)

[1053] TBD (To be determined)

[1054] TCI Transmission Configuration Instructions

[1055] TCP transmission communication protocol

[1056] TDD (Time Division Duplex)

[1057] TDM (Time Division Multiplexing)

[1058] TDMA (Time Division Multiple Access)

[1059] TE terminal equipment

[1060] TEID (Tunnel Endpoint Identifier)

[1061] TFT Business Flow Template

[1062] TMSI Temporary Mobile Subscriber Identity

[1063] TNL Transport Network Layer

[1064] TPC Transmit Power Control

[1065] TPMI Transport Precoding Matrix Indicator

[1066] TR Technical Report

[1067] TRP, TRxP Transmitter / Receiver

[1068] TRS Tracking Reference Signal

[1069] TRx transceiver

[1070] TS Technical Specifications and Standards

[1071] TTI Transmission Time Interval

[1072] Tx Transmitter, Transmitter, and Spreader

[1073] U-RNTI UTRAN Wireless Network Temporary Identifier

[1074] UART Universal Asynchronous Receiver and Transmitter

[1075] UCI uplink control information

[1076] UE User Equipment

[1077] UDM Unified Data Management

[1078] UDP User Datagram Protocol

[1079] UDR Unified Data Repository

[1080] UDSF Unstructured Data Storage Network Function

[1081] UICC General Integrated Circuit Card

[1082] UL uplink

[1083] UM Unconfirmed Mode

[1084] UML (Unified Modeling Language)

[1085] UMTS Universal Mobile Telecommunication System

[1086] UP User Plane

[1087] UPF User Plane Functions

[1088] URI (Uniform Resource Identifier)

[1089] URL Uniform Resource Locator

[1090] URLLC: Ultra-reliable and low-latency

[1091] USB Universal Serial Bus

[1092] USIM Universal User Identity Module

[1093] USS UE-specific search space

[1094] UTRA UMTS Terrestrial Wireless Access

[1095] UTRAN (Universal Terrestrial Radio Access Network)

[1096] UwPTS Uplink Pilot Time Slot

[1097] V2I (Vehicle-to-Infrastructure)

[1098] V2P (Vehicle-to-Pedestrian)

[1099] V2V (Vehicle-to-Vehicle)

[1100] V2X: From Vehicles to Everything

[1101] VIM Virtualization Infrastructure Manager

[1102] VL Virtual Link

[1103] VLAN (Virtual LAN)

[1104] VM virtual machine

[1105] VNF Virtualization Network Function

[1106] VNFFG VNF forwarded image

[1107] VNFFGD VNF Forwarding Graph Descriptor

[1108] VNFM VNF Manager

[1109] VoIP (Voice over IP) and Internet Protocol (VoIP)

[1110] VPLMN surveyed public terrestrial mobile networks

[1111] VPN (Virtual Private Network)

[1112] VRB (Virtual Resource Block)

[1113] WiMAX Global Microwave Access Interoperability

[1114] WLAN (Wireless Local Area Network)

[1115] WMAN Wireless Metropolitan Area Network

[1116] WPAN (Wireless Personal Area Network)

[1117] X2-C X2-Control Plane

[1118] X2-U X2-User Plane

[1119] XML (Extensible Markup Language)

[1120] XRES Expected User Response

[1121] XOR (Exclusive OR)

[1122] ZC Zadoff-Chu

[1123] ZP Zero Power

[1124] the term

[1125] For the purposes of this document, the following terms and definitions apply to the examples and embodiments discussed herein.

[1126] As used herein, the term "circuit" refers to, or includes, hardware components such as electronic circuits, logic circuits, processors (shared, dedicated, or grouped) and / or memories (shared, dedicated, or grouped), application-specific integrated circuits (ASICs), field-programmable devices (FPDs) (e.g., field-programmable gate arrays (FPGAs), programmable logic devices (PLDs), complex PLDs (CPLDs), high-capacity PLDs (HCPLDs), structured ASICs, or programmable SoCs), digital signal processors (DSPs), etc., configured to provide the described functions. In some embodiments, a circuit may execute one or more software or firmware programs to provide at least some of the described functions. The term "circuit" may also refer to a combination of one or more hardware elements and program code (or a combination of circuitry and program code used in an electrical or electronic system) for performing the functions of that program code. In these embodiments, the combination of hardware elements and program code may be referred to as a particular type of circuit.

[1127] As used herein, the term "processor circuitry" refers to, or includes, circuitry capable of sequentially and automatically performing a series of arithmetic or logical operations, or recording, storing, and / or transmitting digital data. Processing circuitry may include one or more processing cores for executing instructions and one or more memory structures for storing program and data information. The term "processor circuitry" may refer to one or more application processors, one or more baseband processors, a physical central processing unit (CPU), a single-core processor, a dual-core processor, a triple-core processor, a quad-core processor, and / or any other device capable of executing or otherwise operating computer-executable instructions (e.g., program code, software modules, and / or functional processes). Processing circuitry may include further hardware accelerators, which may be microprocessors, programmable processing devices, etc. One or more hardware accelerators may include, for example, computer vision (CV) and / or deep learning (DL) accelerators. The terms "application circuitry" and / or "baseband circuitry" may be considered synonyms for "processor circuitry" and may be referred to as "processor circuitry."

[1128] As used in this article, the term "interface circuit" refers to, is part of, or includes, circuitry that enables the exchange of information between two or more components or devices. The term "interface circuit" can also refer to one or more hardware interfaces, such as buses, I / O interfaces, peripheral component interfaces, network interface cards, etc.

[1129] As used herein, the term "User Equipment" or "UE" refers to a device with radio communication capabilities and can describe a remote user of network resources in a communication network. The term "User Equipment" or "UE" can be considered synonymous with and may be referred to as: client, mobile station, mobile device, mobile terminal, user terminal, mobile unit, mobile station, mobile user, subscriber, user, remote station, access agent, user agent, receiver, radio equipment, reconfigurable radio equipment, reconfigurable mobile device, etc. Furthermore, the term "User Equipment" or "UE" can include any type of wireless / wired device or any computing device containing a wireless communication interface.

[1130] As used in this document, the term "network element" refers to physical or virtualized devices and / or infrastructure used to provide wired or wireless communication network services. The term "network element" may be considered synonymous with and / or referred to as: networked computer, network hardware, network device, network node, router, switch, hub, bridge, wireless network controller, RAN device, RAN node, gateway, server, virtualized VNF, NFVI, etc.

[1131] As used herein, the term "computer system" refers to any type of interconnected electronic device, computer device, or component thereof. Furthermore, the terms "computer system" and / or "system" can refer to various components of a computer that are communicatively coupled to each other. Additionally, the terms "computer system" and / or "system" can refer to multiple computer devices and / or multiple computing systems that are communicatively coupled to each other and configured to share computing and / or networking resources.

[1132] As used herein, the terms “appliance,” “computer appliance,” etc., refer to a computer device or computer system having program code (e.g., software or firmware) specifically designed to provide particular computing resources. A “virtual appliance” is a virtual machine image to be implemented by a device equipped with a hypervisor that virtualizes or emulates a computer appliance or otherwise dedicates itself to providing particular computing resources.

[1133] As used herein, the term "resource" refers to physical or virtual devices, physical or virtual components within a computing environment, and / or physical or virtual components within a specific device, such as computer equipment, mechanical equipment, memory space, processor / CPU time, processor / CPU usage, processor and accelerator load, hardware time or usage, power, input / output operations, port or network sockets, channel / link allocation, throughput, memory usage, storage, network, databases and applications, workload units, etc. "Hardware resources" can refer to computing, storage, and / or network resources provided by physical hardware components. "Virtualization resources" can refer to computing, storage, and / or network resources provided by virtualization infrastructure to applications, devices, systems, etc. The terms "network resources" or "communication resources" can refer to resources accessible to computer devices / systems via communication networks. The term "system resources" can refer to any kind of shared entity providing services and can include computing and / or network resources. System resources can be viewed as a coherent set of functions, network data objects, or services accessible through a server, residing on a single host or multiple hosts, and clearly identifiable.

[1134] As used herein, the term "channel" refers to any transmission medium used to transmit data or data streams, whether tangible or intangible. The term "channel" may be synonymous with and / or equivalent to the following terms: "communication channel," "data communication channel," "transmission channel," "data transmission channel," "access channel," "data access channel," "link," "data link," "carrier," "radio frequency carrier," and / or any other similar term indicating the path or medium through which data is transmitted. Furthermore, as used herein, the term "link" refers to a connection between two devices via a RAT for sending and receiving information.

[1135] The terms "instantiation" and "physicalization" used in this article refer to the creation of an instance. "Instance" also refers to the concrete occurrence of an object, which can happen, for example, during the execution of program code.

[1136] This document uses the terms “coupling,” “communicationally coupled,” and their derivatives. The term “coupling” can mean two or more elements in direct physical or electrical contact with each other, can mean two or more elements in indirect contact but still cooperating or interacting with each other, and / or can mean one or more other elements coupled or connected between elements considered to be coupled. The term “direct coupling” can mean two or more elements in direct contact with each other. The term “communicationally coupled” can mean two or more elements can be in contact with each other communicatively, including via wired or other interconnections, via wireless communication channels or links, etc.

[1137] The term "cell" refers to a structured element that contains one or more fields. The term "field" refers to the individual contents of a cell, or the data element that contains those contents.

[1138] The term "SMTC" refers to the SSB-based measurement timing configuration configured by SSB - Measurement Timing Configuration.

[1139] The term "SSB" refers to the SS / PBCH block.

[1140] The term "primary cell" refers to an MCG cell operating on the primary frequency, in which the UE performs the initial connection establishment procedure or initiates a connection re-establishment procedure.

[1141] The term "primary SCG cell" refers to the SCG cell in which the UE performs random access during the synchronization reconfiguration process for DC operation.

[1142] The term "secondary cell" refers to a cell that provides additional radio resources on top of a special cell for a UE configured with CA.

[1143] The term "secondary cell group" refers to a subset of serving cells, including PSCell and zero or more secondary cells, used for a UE configured with a DC.

[1144] The term "serving cell" refers to the primary cell used by a UE that does not have a CA / DC configured in RRC_CONNECTED. There is only one serving cell, which includes the primary cell.

[1145] The term "serving cell" or "multiple serving cells" refers to the set of cells, including the special cell and all secondary cells, used for a UE with CA / configured in RRC_CONNECTED.

[1146] The term “special cell” refers to the PCcell of the MCG or the PSCell of the SCG used for DC operation; otherwise, the term “special cell” refers to the Pcell.

Claims

1. An apparatus for supporting RAN Computing Service Function (RAN-Comp-SF) at a Radio Access Network (RAN) node, comprising: Memory used to store Radio Resource Control (RRC) security keys; and Processing circuitry, coupled to the memory, is used for: Provide a first interface with the RAN Distributed Unit (RAN-DU), wherein the first interface has a common protocol for the interface between the RAN Centralized Unit Control Plane (RAN-CU-CP) and the RAN-DU; Provides a second interface with RAN Computational Control Functions (RAN-Comp-CF); The Packet Data Convergence Protocol (PDCP) stack is supported at the RAN-Comp-SF and RAN Centralized Unit User Plane (RAN-CU-UP); Based on the RRC security key, an encryption algorithm is negotiated with the RAN-CU-CP via the second interface, and an indication for the integrity and encryption protection of the computing service is generated; At least one RRC acknowledgment message is received from the RAN-CU-CP via the second interface; as well as In response to receiving the RRC confirmation message, the integrity and encryption protection are activated.

2. The apparatus according to claim 1, wherein, The processing circuit is also used for: The RRC security key is received via the second interface.

3. The apparatus according to claim 1, wherein, The processing circuit is also used for: A security algorithm is selected based on the RRC security key, and a security context is generated.

4. The apparatus according to claim 3, wherein, The processing circuit is also used for: An acknowledgment message is sent to the CU-CP via the second interface, the acknowledgment message including an indication of the selected security algorithm.

5. The apparatus according to claim 1, wherein, The RRC confirmation message is a reconfiguration completion message.

6. The apparatus according to any one of claims 1-5, wherein, The processing circuit is also used for: Provides RRC stack and RRC connection to user equipment (UE).

7. One or more computer-readable media storing instructions that, when executed by one or more processors, cause a user equipment (UE) to: Establish a Radio Resource Control (RRC) connection with the Radio Access Network (RAN) Centralized Unit Control Plane (RAN-CU-CP); Receive an RRC message from the RAN-CU-CP, the RRC message including an encryption algorithm and an indication for integrity and encryption protection of the computing service generated by the RAN Computing Service Function (RAN-Comp-SF) supporting computing services at RAN nodes, wherein... The RAN-Comp-SF can negotiate the encryption algorithm with the RAN-CU-CP based on the RRC security key; Send an RRC confirmation message to the RAN-CU-CP; and Based on the aforementioned integrity and encryption protection instructions, activate integrity and encryption protection.

8. One or more computer-readable media according to claim 7, wherein, The RRC message includes one or more of the following: an indication to calculate the key counter.

9. One or more computer-readable media according to claim 8, wherein, The memory also stores instructions for enabling the UE to derive an encryption key based on the computed key counter and the encryption algorithm.

10. One or more computer-readable media according to claim 8, wherein, The RRC confirmation message is an RRC connection reconfiguration response message.

11. One or more computer-readable media storing instructions that, when executed by one or more processors, cause a user equipment (UE) to: The registration request is encoded for transmission to the Access and Mobility Management Function (AMF) to access Single Network Slice Selection Auxiliary Information (S-NSSAI), whereby... The registration request includes an indication to support compute services at the Radio Access Network (RAN) node; and an indication to receive a subscribed S-NSSAI, wherein the subscribed S-NSSAI includes the following indications: Slice / Service Type (SST), Slice Distinguisor (SD), and RAN compute service type; Receive an RRC message from the RAN-CU-CP, the RRC message including an encryption algorithm and an indication for the integrity and encryption protection of the computing service generated by the RAN Computing Service Function (RAN-Comp-SF) that supports computing services at RAN nodes, wherein the RAN-Comp-SF may negotiate the encryption algorithm with the RAN-CU-CP based on the RRC security key; Send an RRC confirmation message to the RAN-CU-CP; and Based on the aforementioned integrity and encryption protection instructions, activate integrity and encryption protection.

12. One or more computer-readable media according to claim 11, wherein, The SD includes instructions from a network operator or application service provider (ASP) that provides computing services, or instructions for one or more application identifiers.

13. One or more computer-readable media according to claim 11, wherein, The S-NSSAI subscription also includes an indication of the type of service (STCMP) for the computing service.

14. One or more computer-readable media according to claim 11, wherein, The UE also receives an indication of Computing Network Slice Selection Assistance Information (C-NSSAI) associated with computing services provided by the network operator.

15. One or more computer-readable media according to claim 14, wherein, The C-NSSAI includes an indication of compute service and slice type (C-SST) and an indication of compute service differentiation (C-SD) for C-SST.

16. One or more computer-readable media according to claim 15, wherein, The C-SST is associated with the type of service provider used for the computing service.

17. One or more computer-readable media according to claim 15, wherein, The C-SD includes an indication of the application identifier.

18. One or more computer-readable media according to claim 11, wherein, The subscription information stored by the UE includes indications of one or more computing service slices for the subscription.

19. One or more computer-readable media according to claim 18, wherein, The subscription information also includes an indication of the list of subscribed Radio Access Network-Data Network Names (RAN-DNN).

20. One or more computer-readable media according to claim 19, wherein, The RAN-DNN list includes an indication of the default RAN-DNN used for RAN computation.

21. One or more computer-readable media according to claim 19, wherein, The RAN-DNN list includes indications of RAN-DNN values ​​for computing services provided by ASPs, cloud service providers (CSPs), or edge computing service providers (ECSPs).

22. One or more computer-readable media according to claim 18, wherein, The subscription information also includes an indication of whether the S-NSSAI subscription is marked as a default subscription slice of computing services.

23. One or more computer-readable media according to claim 18, wherein, The subscription information also includes instructions on whether the subscribed computing service slice is subject to computing slice authentication and authorization.