Method and system for managing service requests in a network
Patent Information
- Authority / Receiving Office
- EP · EP
- Patent Type
- Applications
- Current Assignee / Owner
- JIO PLATFORMS LTD
- Filing Date
- 2024-09-12
- Publication Date
- 2026-07-01
AI Technical Summary
Current network systems lack support for discovering, subscribing, and accessing token parameters without a target PLMN, especially in home or external networks, limiting their operational scope.
A method and system for managing service requests in a network that involves receiving service requests at a Network Repository Function (NRF), determining attributes, identifying the target PLMN, and forwarding the requests to appropriate target nodes based on PLMN identities.
Enables extended standard access token services for roaming cases, supports new headers for discovery, subscription, and access token services, and handles routing for both home and roaming PLMNs.
Smart Images

Figure IN2024051721_20032025_PF_FP_ABST
Abstract
Description
METHOD AND SYSTEM FOR MANAGING SERVICE REQUESTS IN A NETWORKFIELD OF DISCLOSURE
[0001] Embodiments of the present disclosure generally relate to network performance management systems. More particularly, embodiments of the present disclosure relate to methods and systems for managing service requests in a network.BACKGROUND
[0002] The following description of the related art is intended to provide background information pertaining to the field of the disclosure. This section may include certain aspects of the art that may be related to various features of the present disclosure. However, it should be appreciated that this section is used only to enhance the understanding of the reader with respect to the present disclosure, and not as admissions of the prior art.
[0003] Wireless communication technology has rapidly evolved over the past few decades, with each generation bringing significant improvements and advancements. The first generation of wireless communication technology was based on analog technology and offered only voice services. However, with the advent of the second-generation (2G) technology, digital communication and data services became possible, and text messaging was introduced. 3G technology marked the introduction of high-speed internet access, mobile video calling, and location-based services. The fourth generation (4G) technology revolutionized wireless communication with faster data speeds, better network coverage, and improved security. Currently, the fifth generation (5G) technology is being deployed, promising even faster data speeds, low latency, and the ability to connect multiple devices simultaneously. With each generation, wireless communication technology has become more advanced, sophisticated, and capable of delivering more services to its users.
[0004] The Network Slice Selection Function (NSSF) of the wireless communication networks can be used by the Access and Mobility Management Function (AMF) to assist with the selection of the Network Slice instances that will serve a particular device. As such, the NSSF will determine the Allowed Network Slice Selection Assistance Information (NSSAI) that is supplied to the device. Moreover, the NSSF may be used to allocate an appropriate AMF if the current AMFis not able to support all network slice instances for a given device. The NSSF facilitates AMF in retrieving Network Repository Function (NRF) related information. The provided NRF should be used for retrieving / subscribing network function (NF) / Service-related information for selected Network Slice instances.
[0005] In the currently existing systems, NRF doesn’t provide support for discovery / subscribe / access token parameters when supplied by NF without target PLMN provided, either in home network or external network. Further, the NRF may conventionally screen incoming requests from SEPP based on the presence of a header. Such an NRF may however be deployed only when the SEPP and the NRF are in a common network, or if the SEPP is in the same network as the NRF. Such a deployment further limits the scope of operation of the NRF with respect to other vendor NRF s or external network environments.
[0006] Thus, there exists an imperative need in the art to provide a method and a system for extending standard access token service for roaming cases, which the present disclosure aims to address.OBJECTS OF THE DISCLOSURE
[0007] Some of the objects of the present disclosure, which at least one embodiment disclosed herein satisfies are listed herein below.
[0008] It is an object of the present disclosure to provide a system and a method for managing service requests in a network.
[0009] It is another object of the present disclosure to provide a solution that defines parameters which will identify the header, the header being configurable by the user and not hardcoded.
[0010] It is yet another object of the present disclosure to provide a solution in which the value for identifying the message is received directly from security edge protection proxy (SEPP).
[0011] It is yet another object of the present disclosure to provide a solution that is able to support new headers for Discovery / Subscribe / AccessToken Services.
[0012] It is yet another object of the present disclosure to provide a solution that is able to handle new headers in combination with Target Public Land Mobile Network (PLMN) List.
[0013] It is yet another object of the present disclosure to provide a solution that is able to cater routing for Roaming PLMNs as well as home PLMNs.
[0014] It is yet another object of the present disclosure to provide a solution that is able to provide parameters for identifying header and value which will be used for identifying messages received from SEPP rather than hardcoded values.SUMMARY
[0015] This section is provided to introduce certain aspects of the present disclosure in a simplified form that are further described below in the detailed description. This summary is not intended to identify the key features or the scope of the claimed subject matter.
[0016] An aspect of the present disclosure may relate to a method for managing service requests in a network. The method comprises receiving, by a transceiver unit at a network repository function (NRF), a service request from a network function (NF). Further, the method comprises determining, by a determining unit at the NRF, a set of attributes in the service request. Further, the method comprises determining, by a processing unit at the NRF, based on the set of attributes identifier, an identity of a target public land mobile network (PLMN) relating to the service request, where the identity of the target PLMN is one of a first identity, and a second identity. Further, the method comprises forwarding, by the transceiver unit at the NRF, based on the determined identity of the target PLMN, the service request towards a target network node associated with the target PLMN.
[0017] In an exemplary aspect of the present disclosure, the set of attributes is at least one of hnrf-URI, hnrfURI, and hnrfAccessTokenURI, a Fully Qualified Domain Name (FQDN) format, and internet protocol (IP)v4 address, IPv6 address.
[0018] In an exemplary aspect of the present disclosure, the method further comprises extracting, by an extracting unit at the NRF, from the FQDN, at least one of a Mobile Country Code (MCC) and a Mobile Network Code (MNC) of the target PLMN. The method further comprises determining, by the determining unit at the NRF, based on at least one of the MCC and MNC of the target PLMN, the identity of the target PLMN.
[0019] In an exemplary aspect of the present disclosure, in response to the identity of the target PLMN being the first identity, the method comprises steps of transmitting, by the transceiver unit at the NRF, the service request to an NRF associated with the target PLMN. Further, the transmitted service request is further provided with an authority header set, and wherein the authority header set is based on at least one of the FQDN, a port, and a schema of the service request.
[0020] In an exemplary aspect of the present disclosure, in response to the identity of the target PLMN being the first identity, the method comprises steps of extracting, by the processing unit at the NRF, a uniform resource identifier (URI) from the received service request. Further, the method comprises steps of providing, by the processing unit at the NRF, a header to the service request, wherein the header comprises the URI. Further, the method comprises steps of transmitting, by the transceiver unit at the NRF, the service request to a service control point (SCP) associated with the target PLMN.
[0021] In an exemplary aspect of the present disclosure, in response to the identity of the target PLMN being the second identity, the method comprises steps of transmitting, by the transceiver unit at the NRF, the service request to a security edge protection proxy (SEPP) associated with the target PLMN. Further, the transmitted service request is further provided with application programming interface (API) details obtained from the service request.
[0022] Another aspect of the present disclosure may relate to a system for managing service requests in a network. The system comprises a transceiver unit configured to receive, at a network repository function (NRF), a service request from a network function (NF). Further, the system comprises a determining unit configured to determine, at the NRF, a set of attributes in the service request. Further, the system comprises a processing unit configured to determine, at the NRF, based on the set of attributes, an identity of a target public land mobile network (PLMN) relating to the service request, where the identity of the target PLMN is one of a first identity, and a secondidentity. Further, the transceiver unit is configured to forward, at the NRF, based on the determined identity of the target PLMN, the service request towards a target network node associated with the target PLMN.
[0023] Yet another aspect of the present disclosure may relate to a method for managing service requests in a network. The method comprises receiving, by a transceiver unit at the NRF, a service request from a security edge protection proxy (SEPP). Herein, the service request comprises at least a set of header data indicative of an identity of the SEPP. Further, the identity is one of a first identity, and a second identity. The method further comprises determining, by the processing unit at the NRF, a SEPP identification capability indicative of a capacity of the NRF for determining the identity of the SEPP. Herein, the SEPP identification capability is one of active, and inactive. Thereafter, in response to SEPP identification capability being active, the method comprises determining, by the processing unit at the NRF, based on the set of header attributes, an identity of the SEPP. The method further comprises transmitting, by the transceiver unit at the NRF, the service request to a target node based on the determined identity of the SEPP.
[0024] In an exemplary aspect of the present disclosure, in response to the identity of the SEPP being the first identity, the method comprises transmitting by the transceiver unit at the NRF, the service request back to the SEPP.
[0025] In an exemplary aspect of the present disclosure, in response to the identity of the SEPP being the second identity, the method comprises determining, by the processing unit at the NRF, from the header attributes of the service request, a target public land mobile network (PLMN), and transmitting, by the transceiver unit, at the NRF, the service request to a network node associated with the target PLMN.
[0026] In an exemplary aspect of the present disclosure, the method comprises determining, by the processing unit, at the NRF, from the header attributes, a target network function (NF). Next, the method comprises determining, by the processing unit at the NRF, that a support parameter at the target NF is set to true. Thereafter, the method comprises transmitting, by the transceiver unit, at the NRF, the service request to the target NF via an NRF associated with the target PLMN.
[0027] In an exemplary aspect of the present disclosure, the target NF is a sessions management function (SMF).
[0028] Yet another aspect of the present disclosure may relate to a system for managing service requests in a network. The system comprises a transceiver unit configured to receive, at the NRF, a service request from a security edge protection proxy (SEPP). Herein, the service request comprises at least a set of header data indicative of an identity of the SEPP. Further, the identity is one of a first identity, and a second identity. The system further comprises a processing unit configured to determine, at the NRF, a SEPP identification capability indicative of a capacity of the NRF for determining the identity of the SEPP. Herein, the SEPP identification capability is one of active, and inactive. Furthermore, in response to the flag value being active, the processing unit is configured to determine, at the NRF, based on the set of header attributes, an identity of the SEPP. Further, the transceiver unit is configured to transmit, at the NRF, the service request to a target node based on the determined identity of the SEPP.
[0029] Another aspect of the present disclosure may relate to a non-transitory computer- readable storage medium, storing instructions for managing service requests in a network, the storage medium comprising executable code which, when executed by one or more units of a system, causes: a transceiver unit to receive, at a network repository function (NRF), a service request from a network function (NF); a determining unit to determine, at the NRF, a set of attributes in the service request; a processing unit to determine, at the NRF, based on the set of attributes, an identity of a target public land mobile network (PLMN) relating to the service request, wherein the identity of the target PLMN is one of a first identity, and a second identity; and the transceiver unit to forward, at the NRF, based on the determined identity of the target PLMN, the service request towards a target network node associated with the target PLMN.
[0030] Yet another aspect of the present disclosure may relate to a non-transitory computer- readable storage medium, storing instructions for managing service requests in a network, the storage medium comprising executable code which, when executed by one or more units of a system, causes: a transceiver unit to receive, at a Network Repository Function (NRF), a service request from a security edge protection proxy (SEPP), wherein the service request comprises at least a set of header data indicative of an identity of the SEPP, and wherein the identity is one of a first identity, and a second identity; a processing unit to determine, at the NRF, a SEPP identification capability indicative of a capacity of the NRF for determining the identity of theSEPP, wherein the SEPP identification capability is one of active, and inactive, wherein, in response to the SEPP identification capability being active, further causes: the processing unit to determine, at the NRF, based on the set of header attributes, an identity of the SEPP; and the transceiver unit to transmit, at the NRF, the service request to a target node based on the determined identity of the SEPP.DESCRIPTION OF THE DRAWINGS
[0031] The accompanying drawings, which are incorporated herein, and constitute a part of this disclosure, illustrate exemplary embodiments of the disclosed methods and systems in which like reference numerals refer to the same parts throughout the different drawings. Components in the drawings are not necessarily to scale, emphasis instead being placed upon clearly illustrating the principles of the present disclosure. Also, the embodiments shown in the figures are not to be construed as limiting the disclosure, but the possible variants of the method and system according to the disclosure are illustrated herein to highlight the advantages of the disclosure. It will be appreciated by those skilled in the art that disclosure of such drawings includes disclosure of electrical components or circuitry commonly used to implement such components.
[0032] FIG.l illustrates an exemplary block diagram representation of 5thgeneration core (5GC) network architecture.
[0033] FIG. 2 illustrates an exemplary block diagram of a computing device upon which the features of the present disclosure may be implemented in accordance with exemplary implementation of the present disclosure.
[0034] FIG. 3A illustrates an exemplary block diagram of a system for managing service requests in a network, in accordance with exemplary implementations of the present disclosure.
[0035] FIG. 3B illustrates another exemplary block diagram of a system for managing service requests in a network, in accordance with exemplary implementations of the present disclosure.
[0036] FIG. 4A illustrates a method flow diagram for managing service requests in a network in accordance with exemplary implementations of the present disclosure.
[0037] FIG. 4B illustrates another method flow diagram for managing service requests in a network in accordance with exemplary implementations of the present disclosure.
[0038] FIG. 5A illustrates a flow diagram for managing service requests in a network in accordance with exemplary implementations of the present disclosure.
[0039] FIG. 5B illustrates another flow diagram for managing service requests in a network in accordance with exemplary implementations of the present disclosure.
[0040] FIG. 5C illustrates yet another flow diagram for managing service requests in a network in accordance with exemplary implementations of the present disclosure.
[0041] FIG. 6A illustrates a flow diagram for managing service requests in a network in accordance with exemplary implementations of the present disclosure.
[0042] FIG. 6B illustrates another flow diagram for managing service requests in a network in accordance with exemplary implementations of the present disclosure.
[0043] The foregoing shall be more apparent from the following more detailed description of the disclosure.DETAILED DESCRIPTION
[0044] In the following description, for the purposes of explanation, various specific details are set forth in order to provide a thorough understanding of embodiments of the present disclosure. It will be apparent, however, that embodiments of the present disclosure may be practiced without these specific details. Several features described hereafter may each be used independently of one another or with any combination of other features. An individual feature may not address any of the problems discussed above or might address only some of the problems discussed above.
[0045] The ensuing description provides exemplary embodiments only, and is not intended to limit the scope, applicability, or configuration of the disclosure. Rather, the ensuing description of the exemplary embodiments will provide those skilled in the art with an enabling description forimplementing an exemplary embodiment. It should be understood that various changes may be made in the function and arrangement of elements without departing from the spirit and scope of the disclosure as set forth.
[0046] Specific details are given in the following description to provide a thorough understanding of the embodiments. However, it will be understood by one of ordinary skill in the art that the embodiments may be practiced without these specific details. For example, circuits, systems, processes, and other components may be shown as components in block diagram form in order not to obscure the embodiments in unnecessary detail.
[0047] Also, it is noted that individual embodiments may be described as a process which is depicted as a flowchart, a flow diagram, a data flow diagram, a structure diagram, or a block diagram. Although a flowchart may describe the operations as a sequential process, many of the operations may be performed in parallel or concurrently. In addition, the order of the operations may be re-arranged. A process is terminated when its operations are completed but could have additional steps not included in a figure.
[0048] The word “exemplary” and / or “demonstrative” is used herein to mean serving as an example, instance, or illustration. For the avoidance of doubt, the subject matter disclosed herein is not limited by such examples. In addition, any aspect or design described herein as “exemplary” and / or “demonstrative” is not necessarily to be construed as preferred or advantageous over other aspects or designs, nor is it meant to preclude equivalent exemplary structures and techniques known to those of ordinary skill in the art. Furthermore, to the extent that the terms “includes,” “has,” “contains,” and other similar words are used in either the detailed description or the claims, such terms are intended to be inclusive — in a manner similar to the term “comprising” as an open transition word — without precluding any additional or other elements.
[0049] As used herein, a “processing unit” or “processor” or “operating processor” includes one or more processors, wherein processor refers to any logic circuitry for processing instructions. A processor may be a general-purpose processor, a special purpose processor, a conventional processor, a digital signal processor, a plurality of microprocessors, one or more microprocessors in association with a Digital Signal Processing (DSP) core, a controller, a microcontroller, Application Specific Integrated Circuits, Field Programmable Gate Array circuits, any other type of integrated circuits, etc. The processor may perform signal coding data processing, input / outputprocessing, and / or any other functionality that enables the working of the system according to the present disclosure. More specifically, the processor or processing unit is a hardware processor.
[0050] As used herein, “a user equipment”, “a user device”, “a smart-user-device”, “a smartdevice”, “an electronic device”, “a mobile device”, “a handheld device”, “a wireless communication device”, “a mobile communication device”, “a communication device” may be any electrical, electronic and / or computing device or equipment, capable of implementing the features of the present disclosure. The user equipment / device may include, but is not limited to, a mobile phone, smart phone, laptop, a general-purpose computer, desktop, personal digital assistant, tablet computer, wearable device or any other computing device which is capable of implementing the features of the present disclosure. Also, the user device may contain at least one input means configured to receive an input from unit(s) which are required to implement the features of the present disclosure.
[0051] As used herein, “storage unit” or “memory unit” refers to a machine or computer- readable medium including any mechanism for storing information in a form readable by a computer or similar machine. For example, a computer-readable medium includes read-only memory (“ROM”), random access memory (“RAM”), magnetic disk storage media, optical storage media, flash memory devices or other types of machine-accessible storage media. The storage unit stores at least the data that may be required by one or more units of the system to perform their respective functions.
[0052] As used herein “interface” or “user interface” refers to a shared boundary across which two or more separate components of a system exchange information or data. The interface may also refer to a set of rules or protocols that define communication or interaction of one or more modules or one or more units with each other, which also includes the methods, functions, or procedures that may be called.
[0053] All modules, units, components used herein, unless explicitly excluded herein, may be software modules or hardware processors, the processors being a general-purpose processor, a special purpose processor, a conventional processor, a digital signal processor (DSP), a plurality of microprocessors, one or more microprocessors in association with a DSP core, a controller, a microcontroller, Application Specific Integrated Circuits (ASIC), Field Programmable Gate Array circuits (FPGA), any other type of integrated circuits, etc.
[0054] As used herein the transceiver unit includes at least one receiver and at least one transmitter configured respectively for receiving and transmitting data, signals, information, or a combination thereof between units / components within the system and / or connected with the system.
[0055] As discussed in the background section, the current known solutions have several shortcomings such as those related to providing hardcoded values of parameters for identifying header and value which will be used for identifying messages received from security edge protection proxy (SEPP). The present disclosure aims to overcome the above-mentioned and other existing problems in this field of technology by providing a method and a system of managing service requests in a network that provides parameters for identifying header and value which will be used for identifying messages received from SEPP rather than hardcoded values.
[0056] FIG. 1 illustrates an exemplary block diagram representation of 5thgeneration core (5GC) network architecture, in accordance with exemplary implementation of the present disclosure. As shown in FIG. 1, the 5GC network architecture
[0100] includes a user equipment (UE)
[0102] , a radio access network (RAN)
[0104] , an access and mobility management function (AMF)
[0106] , a Session Management Function (SMF)
[0108] , a Service Communication Proxy (SCP)
[0110] , an Authentication Server Function (AUSF)
[0112] , a Network Slice Specific Authentication and Authorization Function (NSSAAF)
[0114] , a Network Slice Selection Function (NSSF)
[0116] , a Network Exposure Function (NEF)
[0118] , a Network Repository Function (NRF)
[0120] , a Policy Control Function (PCF)
[0122] , a Unified Data Management (UDM)
[0124] , an application function (AF)
[0126] , a User Plane Function (UPF)
[0128] , a data network (DN)
[0130] , wherein all the components are assumed to be connected to each other in a manner as obvious to the person skilled in the art for implementing features of the present disclosure.
[0057] The RAN
[0104] is the part of a mobile telecommunications system that connects user equipment (UE)
[0102] to the core network (CN) and provides access to different types of networks (e.g., 5G network). It consists of radio base stations and the radio access technologies that enable wireless communication.
[0058] The AMF
[0106] is a 5G core network function responsible for managing access and mobility aspects, such as UE registration, connection, and reachability. It also handles mobility management procedures like handovers and paging.
[0059] The SMF
[0108] is a 5G core network function responsible for managing session-related aspects, such as establishing, modifying, and releasing sessions. It coordinates with the User Plane Function (UPF) for data forwarding and handles IP address allocation and QoS enforcement.
[0060] The SCP
[0110] is a network function in the 5G core network that facilitates communication between other network functions by providing a secure and efficient messaging service. It acts as a mediator for service-based interfaces.
[0061] The AUSF
[0112] is a network function in the 5G core responsible for authenticating UEs during registration and providing security services. It generates and verifies authentication vectors and tokens.
[0062] The NSSAAF
[0114] is a network function that provides authentication and authorization services specific to network slices. It ensures that UEs can access only the slices for which they are authorized.
[0063] The NSSF
[0116] is a network function responsible for selecting the appropriate network slice for a UE based on factors such as subscription, requested services, and network policies.
[0064] The NEF
[0118] is a network function that exposes capabilities and services of the 5G network to external applications, enabling integration with third-party services and applications.
[0065] The NRF
[0120] is a network function that acts as a central repository for storing profile of available network functions and services. It facilitates the discovery and dynamic registration of network functions.
[0066] The PCF
[0122] is a network function responsible for policy control decisions, such as QoS, charging, and access control, based on subscriber information and network policies.
[0067] The UDM
[0124] is a network function that centralizes the management of subscriber data, including authentication, authorization, and subscription information.
[0068] The AF
[0126] is a network function that represents external applications interfacing with the 5G core network to access network capabilities and services.
[0069] The UPF
[0128] is a network function responsible for handling user data traffic, including packet routing, forwarding, and QoS enforcement.
[0070] The DN
[0130] refers to a network that provides data services to user equipment (UE) in a telecommunications system. The data services may include but are not limited to Internet services, private data network related services.
[0071] The 5GC network architecture
[0100] also comprises a plurality of interfaces for connecting the network functions with a network entity for performing the network functions. The NSSF
[0116] is connected with the network entity via the interface denoted as (Nnssf) interface in the figure. The NEF
[0118] is connected with the network entity via the interface denoted as (Nnef) interface in the figure. The NRF
[0120] is connected with the network entity via the interface denoted as (Nmf) interface in the figure. The PCF
[0122] is connected with the network entity via the interface denoted as (Npcf) interface in the figure. The UDM
[0124] is connected with the network entity via the interface denoted as (Nudm) interface in the figure. The AF
[0126] is connected with the network entity via the interface denoted as (Naf) interface in the figure. The NSSAAF
[0114] is connected with the network entity via the interface denoted as (Nnssaaf) interface in the figure. The AUSF
[0112] is connected with the network entity via the interface denoted as (Nausf) interface in the figure.
[0072] The AMF
[0106] is connected with the network entity via the interface denoted as (Namf) interface in the figure. The SMF
[0108] is connected with the network entity via the interface denoted as (Nsmf) interface in the figure. The SMF
[0108] is connected with the UPF
[0128] via the interface denoted as (N4) interface in the figure. The UPF
[0128] is connected with the RAN
[0104] via the interface denoted as (N3) interface in the figure. The UPF
[0128] is connected with the DN
[0130] via the interface denoted as (N6) interface in the figure. The RAN
[0104] is connected with the AMF
[0106] via the interface denoted as (N2). The AMF
[0106] is connected with the RAN
[0104] via the interface denoted as (Nl). The UPF
[0128] is connected with other UPF
[0128] via the interface denoted as (N9). The interfaces such as Nnssf, Nnef, Nmf, Npcf, Nudm, Naf, Nnssaaf, Nausf, Namf, NSmf, N9, N6, N4, N3, N2, and Nl can be referred to as a communication channel between one or more functions or modules for enabling exchange of data or information between such functions or modules, and network entities.
[0073] FIG. 2 illustrates an exemplary block diagram of a computing device
[0200] (herein, also referred to as a computer system
[0200] ) upon which one or more features of the present disclosure may be implemented in accordance with an exemplary implementation of the present disclosure. In an implementation, the computing device
[0200] may also implement a method for managing service requests in a network, utilising a system, or one or more sub-systems, provided in the network. In another implementation, the computing device
[0200] itself implements the method for managing service requests in a network, using one or more units configured within the computing device
[0200] , wherein said one or more units are capable of implementing the features as disclosed in the present disclosure.
[0074] The computing device
[0200] may include a bus
[0202] or other communication mechanism(s) for communicating information, and a hardware processor
[0204] coupled with bus
[0202] for processing said information. The hardware processor
[0204] may be, for example, a general-purpose microprocessor. The computing device
[0200] may also include a main memory
[0206] , such as a random-access memory (RAM), or other dynamic storage device, coupled to the bus
[0202] , for storing information and instructions to be executed by the processor
[0204] , The main memory
[0206] also may be used for storing temporary variables or other intermediate information during execution of the instructions to be executed by the processor
[0204] , Such instructions, when stored in a non-transitory storage media accessible to the processor
[0204] , render the computing device
[0200] into a special purpose device that is customized to perform operations according to the instructions. The computing device
[0200] further includes a read only memory (ROM)
[0208] or other static storage device coupled to the bus
[0202] for storing static information and instructions for the processor
[0204] ,
[0075] A storage device
[0210] , such as a magnetic disk, optical disk, or solid-state drive is provided and coupled to the bus
[0202] for storing information and instructions. The computing device
[0200] may be coupled via the bus
[0202] to a display
[0212] , such as a cathode ray tube (CRT), Liquid crystal Display (LCD), Light Emitting Diode (LED) display, Organic LED (OLED)display, etc., for displaying information to a user of the computing device
[0200] , An input device
[0214] , including alphanumeric and other keys, touch screen input means, etc. may be coupled to the bus
[0202] for communicating information and command selections to the processor
[0204] , Another type of user input device may be a cursor controller
[0216] , such as a mouse, a trackball, or cursor direction keys, for communicating direction information and command selections to the processor
[0204] , and for controlling cursor movement on the display
[0212] , The cursor controller
[0216] typically has two degrees of freedom in two axes, a first axis (e.g., x) and a second axis (e.g., y), that allows the cursor controller
[0216] to specify positions in a plane.
[0076] The computing device
[0200] may implement the techniques described herein using customized hard-wired logic, one or more ASICs or FPGAs, firmware, and / or program logic which, in combination with the computing device
[0200] , causes or programs the computing device
[0200] to be a special-purpose device. According to one implementation, the techniques herein are performed by the computing device
[0200] in response to the processor
[0204] executing one or more sequences of one or more instructions contained in the main memory
[0206] , The one or more instructions may be read into the main memory
[0206] from another storage medium, such as the storage device
[0210] , Execution of the one or more sequences of the one or more instructions contained in the main memory
[0206] causes the processor
[0204] to perform the process steps described herein. In alternative implementations of the present disclosure, hard-wired circuitry may be used in place of, or in combination with, software instructions.
[0077] The computing device
[0200] also may include a communication interface
[0218] coupled to the bus
[0202] , The communication interface
[0218] provides two-way data communication coupling to a network link
[0220] that is connected to a local network
[0222] , For example, the communication interface
[0218] may be an integrated services digital network (ISDN) card, cable modem, satellite modem, or a modem to provide a data communication connection to a corresponding type of telecommunication line. In another example, the communication interface
[0218] may be a local area network (LAN) card to provide a data communication connection to a compatible LAN. Wireless links may also be implemented. In any such implementation, the communication interface
[0218] sends and receives electrical, electromagnetic, or optical signals that carry digital data streams representing different types of information.
[0078] The computing device
[0200] can send and receive data, including program code, messages, etc. through the network(s), the network link
[0220] and the communication interface
[0218] , In an example, a server
[0230] might transmit a requested code for an application program through the Internet
[0228] , the ISP
[0226] , the local network
[0222] , the host
[0224] and the communication interface
[0218] , The received code may be executed by the processor
[0204] as it is received, and / or stored in the storage device
[0210] , or other non-volatile storage for later execution.
[0079] Referring to FIG. 3A, an exemplary block diagram of a system [300a] for managing service requests in a network, is shown, in accordance with the exemplary implementations of the present disclosure. The system [300a] comprises at least one transceiver unit
[0302] , at least one determining unit
[0304] , at least one processing unit
[0306] , and at least one extracting unit
[0308] , Also, all of the components / units of the system [300a] are assumed to be connected to each other unless otherwise indicated below. As shown in the figures all units shown within the system [300a] should also be assumed to be connected to each other. Also, in FIG. 3 A only a few units are shown, however, the system [300a] may comprise multiple such units or the system [300a] may comprise any such numbers of said units, as required to implement the features of the present disclosure. Further, in an implementation, the system [300a] may be present in a user device / user equipment
[0102] to implement the features of the present disclosure. The system [300a] may be a part of the user device
[0102] / or may be independent of but in communication with the user device
[0102] (may also referred herein as a UE). In another implementation, the system [300a] may reside in a server or a network entity or NRF
[0310] , In yet another implementation, the system [300a] may reside partly in the server / network entity / NRF and partly in the user device.
[0080] The system [300a] is configured for managing service requests in a network, with the help of the interconnection between the components / units of the system [300a],
[0081] Further, in accordance with the present disclosure, it is to be acknowledged that the functionality described for the various components / units can be implemented interchangeably. While specific embodiments may disclose a particular functionality of these units for clarity, it is recognized that various configurations and combinations thereof are within the scope of the disclosure. The functionality of specific units as disclosed in the disclosure should not be construed as limiting the scope of the present disclosure. Consequently, alternative arrangements and substitutions of units, provided they achieve the intended functionality described herein, are considered to be encompassed within the scope of the present disclosure.
[0082] The system [300a] comprises the transceiver unit
[0302] configured to receive, at a network repository function (NRF)
[0310] , a service request from a network function (NF)
[0330] , The NRF
[0310] is a network entity in a 5G core network (5GC) that is responsible for maintaining and managing one or more information associated with other network functions (NFs) and network services within the network. It is noted that the NRF
[0310] mentioned herein is similar to the NRF
[0120] as disclosed in the FIG. 1.
[0083] In one example, the NRF
[0310] may store and update profiles of all available NF instances within the network. Herein, the mentioned profiles contain details about the network services offered by the NFs
[0330] , In another example, the NRF
[0310] may maintain profiles of other NRFs, Service Control Point (SCP) and Security Edge Protection Proxy (SEPP) instances. Herein, the mentioned profiles allow the NRF
[0310] to manage communication between different PLMNs or with external networks. It is to be noted that the NRF
[0310] is further utilized for managing and maintaining other one or more information associated with the NFs
[0330] and network services that are known to a person skilled in the art.
[0084] Further, the service request mentioned herein may refer to a request for utilizing one or more network services offered by the NRF
[0310] , In one example, the one or more network service offered by the NRF
[0310] may correspond to a NnrfJNFDiscovery service, which allows an NF
[0330] or SCP instance to discover other NFs, SCP instances, or SEPPs and may obtain profiles (which may have similar internet protocol (IP) address) of the other NFs, SCP instances, or SEPPs. Further, the Nnrf NFDiscovery service also supports an inter-public land mobile network (PLMN) discovery, allowing the NFs
[0330] or SCPs to locate other NFs or SCPs instances across different PLMNs, such as a home public land mobile network (HPLMN) of UE.
[0085] In another example, the one or more network service offered by the NRF
[0310] may correspond to a NnrfJNFManagem ent service, which allows the NF
[0330] , SCP, or SEPP instances to register, update, or deregister the profile of said NF
[0330] , SCP, or SEPP instances in the NRF
[0310] , The Nnrf NFManagement service further enables an NRF instance to communicate with another NRF instance within the same PLMN.
[0086] In yet another example, the one or more network services offered by the NRF
[0310] may correspond to a Nnrf AccessToken service, which handles open authorization (OAuth2). In an event, an NF service consumer (such as access and mobility management function (AMF)) mayrequest to access specific network services and additional information regarding the expected NF producer instances, in such event, the NRF
[0310] then issues an access token based on the request, for facilitating secure communication between the NFs instances.
[0087] It is to be noted that the NF service consumer is not limited to the AMF, and other NFs
[0330] in the 5G core network are also able to use NRF services.
[0088] It is further to be noted that the NRF
[0310] may further offer other one or more services that is not mentioned herein and is known to a person skilled in the art.
[0089] Further, the system [300a] comprises the determining unit
[0304] connected at least to the transceiver unit
[0302] , Herein, post receiving the service request from the transceiver unit
[0302] , the determining unit
[0304] is configured to determine, at the NRF
[0310] , a set of attributes in the service request. The set of attributes mentioned herein may refer to one or more parameters that allows the NRF
[0310] to process the service request and further route said service request to the appropriate services. Herein, the set of attributes is at least one of hnrf-URI, hnrfURI, and hnrfAccessTokenURI, in a Fully Qualified Domain Name (FQDN) format having internet protocol (IP)v4 address, IPv6 address.
[0090] In one example, the hnrf-URI attribute may contain an application programming interface uniform resource identifier (API URI) of the NFDiscovery Service of the home NRF. The hnrf-URI attribute is included in the service request if the requester NF has previously received this URI for service discovery. For example, a NSSF (Network Slice Selection Function) in the home PLMN may provide the API URI to be used by the requester NF for service discovery, enabling the requesting NF to discover other NFs based on the URI in the service request.
[0091] In another example, the hnrfURI attribute contains the API URI of the NFManagement Service of the home NRF. Similar to hnrf-URI attribute, the hnrfURI attribute is included in the service request, if the NF Service Consumer (such as the AMF) has received said API URI from the NSSF in the home PLMN. The NFManagement service enables an NF
[0330] to register, update, or deregister their profile in the NRF
[0310] , or enables the NF
[0330] to register themselves in another NRF within the same PLMN.
[0092] In yet another example, the hnrfAccessTokenURI attribute contains the API URI for the Access Token Service of the home NRF. The hnrfAccessTokenURI is included in the service request if the service request involves obtaining an access token for an hSMF (session management function) during a home-routed roaming scenario.
[0093] Further, the FQDN may refer to a domain used to identify specific network functions (e.g., NRFs) within the PLMN, an exemplary FQDN format to represent the NRF may represented as "nrfl.clusterl.net2.nrf.5gc.mnc012.mcc345.3gppnetwork.org". Herein, the nrfl.clusterl.net2 may represent the NRF name, where the mncol2 is a mobile network code (MNC) and mcc345 is a mobile country code (MCC) for specifying the location of said NRF within the network.
[0094] Herein, the MCC is a 3-digit code used to identify the country of origin of the PLMN. Further, the MNC is a 2 or 3-digit code used to identify the specific network operator within a particular country.
[0095] Further, the IPv4 address and IPv6 address are two types of IP addresses used to uniquely identify NFs
[0330] within the network. Herein, the service request may associate with at least one of the IPv4 address and IPv6 address that is dependent on the network configuration. The NRF
[0310] may utilize the mentioned information to identify the corresponding NF
[0330] for further communication.
[0096] It is to be noted that the determining unit
[0304] may firstly check the hnrf-URI attribute, hnrfURI attribute, and hnrfAccessTokenURI attribute. Further, in an event, a target PLMN is absent in the service request, and a URI parameter is present in the service request, then in such event, the determining unit
[0304] extracts the FQDN value from the service request to determine the appropriate network functions or services to transfer the service request, based on the IPv4 or IPv6 address associated with the service request.
[0097] The system [300a] further comprises the extracting unit
[0308] connected at least to the determination unit. Herein the extracting unit
[0308] is configured to extract, at the NRF
[0310] , from the FQDN, at least one of the MCC and the MNC of the target PLMN. As mentioned above, the extraction unit at the NRF
[0310] is responsible for extracting one or more identifiers (such as the MCC and the MNC) from the FQDN in order to identify the target PLMN. The extraction unitmay retrieve the MNC and the MCC codes from the FQDN to correctly route the service request to the appropriate target PLMN.
[0098] The determining unit
[0304] is further configured to determine, at the NRF
[0310] , based on at least one of the MCC and MNC of the target PLMN, the identity of the target PLMN. Further, determining unit
[0304] may utilize the MCC and the MNC codes to identify the target PLMN. The determination unit verifies the extracted MCC and MNC codes with MNC and MCC codes of an existing network that is stored in a database associated with the NRF
[0310] ,
[0099] In an implementation, the extracting unit
[0308] is not able to extract the MNC codes or MCC codes, then in such event, the NRF
[0310] may determine the service request as a local internal message for a vendor or network similar to the PLMN associated with the NRF
[0310] ,
[0100] It may be further noted that the target PLMN may refer to one or more parameters associated with a target network. The one or more parameters may be selected based on required operation. Examples of the one or more parameters include, without limitations, PLMN identifier (plmnld), network identification (nid) (Subscribe) / target-plmn-list (Discovery) / targetplmn, etc.
[0101] Further, the system [300a] comprises the processing unit
[0306] connected at least with the determination unit. Herein the processing unit
[0306] is configured to determine, at the NRF
[0310] , based on the set of attributes, an identity of the target public land mobile network (PLMN) relating to the service request. Further, the processing unit
[0306] may utilize the information determined by the determining unit
[0304] to process the service request based on the identified target PLMN. Further, based on said information, the processing unit
[0306] may identify the identity of the target PLMN.
[0102] Further, the identity of the target PLMN is one of a first identity, and a second identity. In one aspect, if the target PLMN is identified as the first identity, the processing unit
[0306] may recognize that the service request is within the same network such as a home network or a partner network.
[0103] In another aspect, if the target PLMN is identified as the second identity, the processing unit
[0306] may recognize that the target PLMN is an external PLMN (e.g., an external network).
[0104] Further, the transceiver unit
[0302] configured to forward, at the NRF
[0310] , based on the determined identity of the target PLMN, the service request towards a target network node
[0312] associated with the target PLMN.
[0105] Further, in response to the identity of the target PLMN being the first identity, the processing unit
[0306] is configured to extract, at the NRF
[0310] , a uniform resource identifier (URI) from the received service request.
[0106] Herein, the URI of the service request may assist the processing unit
[0306] in identifying a specific resource or network service mentioned in the service request. In one example, the URI may follow a specific format and may contain one or more parameters such as the service name, domain, and protocol (e.g., HTTP / HTTPS).
[0107] Thereafter, the processing unit
[0306] is configured to provide, at the NRF
[0310] , an authority header set to the service request, wherein the header comprises the URI. Post extracting the URI, the processing unit
[0306] further provides the header within the service request. In one example, the authority header set comprises the URI, which contains details of the service being requested and may further assist in easy routing of the service request to the appropriate target network node
[0312] ,
[0108] Herein, the transmitted service request is further provided with an authority header set, and wherein the header set is based on at least one of the FQDN, a port, and a schema of the service request. In another example, the authority header set may include the FQDN (for specifying the domain and service for the service request), a port (define the network port used to connect to the service within the target PLMN), and a schema (define the protocol or structure used in the service request).
[0109] Thereafter, the transceiver unit
[0302] is configured to transmit, at the NRF
[0310] , the service request to a service control point (SCP) associated with the target PLMN. The SCP is a network entity within the PLMN that handles service-related queries and routing. In an implementation, the SCP is used to manage the flow of service requests within the target PLMN. In another implementation, the SCP is responsible for routing service requests based on the URI and other request attributes.
[0110] In an implementation of the present disclosure, in cases where the target PLMN is identified as the first identity, the transceiver unit
[0302] sends the service request to the SCP associated with the target PLMN. Thereafter, the SCP processes and forwards the service request to the appropriate network elements within the PLMN.[OHl] Further, in response to the identity of the target PLMN being the second identity, the transceiver unit
[0302] is configured to transmit, at the NRF
[0310] , the service request to a security edge protection proxy (SEPP)
[0316] associated with the target PLMN.
[0112] Herein, the SEPP
[0316] is a network function to provide secure and controlled communication at the edge of the network, particularly in inter-PLMN scenarios. In one example, the SEPP
[0316] is responsible for encrypting and authenticating communication between PLMNs, in order to ensure secure data exchange between different operators. In another example, the SEPP
[0316] is responsible for protecting the network edge by enforcing security policies and preventing unauthorized access or tampering with service requests. In yet another example, the SEPP
[0316] is responsible for routing the service request securely between the home and target PLMNs, ensuring that sensitive information is protected during transit of the service request.
[0113] In an implementation of the present disclosure, in cases where the target PLMN is identified as the second identity, the service request is forwarded to the SEPP
[0316] associated with that PLMN. This ensures that the communication between the NRF
[0310] in the home PLMN and the target PLMN is secure and protected from external threats.
[0114] Herein, the transmitted service request is further provided with application programming interface (API) details obtained from the service request. Herein, the API details may include one or more information associated with a facilitation of communication between different NFs
[0330] , The API details in the service request may provide one or more information about the specific service or function that the requesting network function wants to access in the target PLMN.
[0115] Referring to FIG. 3B, an exemplary block diagram of a system [300b] for managing service requests in a network, is shown, in accordance with the exemplary implementations of the present disclosure. The system [300b] comprises at least one transceiver unit
[0352] , and at least one at least one processing unit
[0354] , Also, all of the components / units of the system [300b] areassumed to be connected to each other unless otherwise indicated below. As shown in the figures all units shown within the system [300b] should also be assumed to be connected to each other. Also, in FIG. 3B only a few units are shown, however, the system [300b] may comprise multiple such units or the system [300b] may comprise any such numbers of said units, as required to implement the features of the present disclosure. Further, in an implementation, the system [300b] may be present in a user device / user equipment
[0102] to implement the features of the present disclosure. The system [300b] may be a part of the user device
[0102] / or may be independent of but in communication with the user device
[0102] (may also referred herein as a UE). In another implementation, the system [300b] may reside in a server or a network entity. In yet another implementation, the system [300b] may reside partly in the server / network entity and partly in the user device.
[0116] The system [300b] is configured for managing service requests in a network, with the help of the interconnection between the components / units of the system [300b],
[0117] The system [300b] comprises the transceiver unit
[0352] configured to receive, at the Network Repository Function (NRF)
[0358] , a service request from a security edge protection proxy (SEPP)
[0370] , The NRF
[0358] is a network entity in a 5G core network (5GC) that is responsible for maintaining and managing one or more information associated with other network functions (NFs) and network services within the network. It is noted that the NRF
[0358] mentioned herein is similar to the NRF
[0120] as disclosed in the FIG. 1.
[0118] In one example, the NRF
[0358] may store and update profiles of all available NF instances within the network. Herein, the mentioned profiles contain details about the network services offered by the NFs
[0330] , In another example, the NRF
[0358] may maintain profiles of Service Control Point (SCP) and Security Edge Protection Proxy (SEPP) instances. Herein, the mentioned profiles allow the NRF
[0358] to manage communication between different PLMNs or with external networks. It is to be noted that the NRF
[0358] is further utilized for managing and maintaining other one or more information associated with the NFs
[0330] and network services that are known to a person skilled in the art. It is further to be noted that the NRF
[0358] may further offer other one or more services that is not mentioned herein and is known to a person skilled in the art.
[0119] Further, the SEPP
[0370] mentioned herein is a network function to facilitate communication between two public land mobile networks (PLMNs). In one example, the SEPP
[0370] is responsible for encrypting, decrypting, and verifying one or more information that is exchanged between PLMNs specially in roaming scenarios.
[0120] Herein, the service request comprises at least a set of header data indicative of an identity of the SEPP
[0370] , The set of header data may further include a detailed uniform resource locator (URI). In one example, the detailed URI may include a schema (such as HTTP / HTTPS) that may determine the type of protocol used in the service request.
[0121] In another example, the detailed URI may include a hostname or an internet protocol (IP) address of the SEPP
[0370] that is sending the service request. Herein, the hostname may include a fully qualified domain name (FQDN) or an IP address. Further the detailed URI may include a port on which the SEPP
[0370] is communicating with the NRF
[0358] ,
[0122] In yet another example, the detailed URI may include a path of the URI that is used to direct the service request to a specific resource or API endpoint on the NRF
[0358] , Herein, the path of the URI may represent a specific network function (a target network function) or resource that the SEPP
[0370] is trying to reach or request services from.
[0123] In yet another example, the detailed URI may further include additional parameters such as SEPP ID, authentication data and alike, that are utilized by the NRF
[0358] in distinguishing between different SEPPs of a plurality of networks.
[0124] Further, the identity is one of a first identity, and a second identity. Herein, the first identity may imply that the SEPP
[0370] is associated within the same network (same PLMN) of said NRF
[0358] , However, the second identity may imply that the SEPP
[0370] is associated with a different network (different PLMN).
[0125] In an example, the header attribute may include “SeppIdentificationHeader” type of a string. Such a header attribute may have a value “x-plmn-source-nf’. In another example, the header attribute may include “SeppIdentificationHeaderValue” type of a string. Such a header attribute may have a value “sepp”. It may be appreciated that the values provided above (such as,“plmn”) are exemplary, and are not to be construed as limiting. The values of the header attributes may include any identifier that may be indicative of identification of a network.
[0126] Further, the system [300b] comprises the processing unit
[0354] connected at least with the transceiver unit
[0352] , Herein, the processing unit
[0354] is configured to determine, at the NRF
[0358] , a SEPP
[0370] identification capability indicative of a capacity of the NRF
[0358] for determining the identity of the SEPP
[0370] , Further, the SEPP
[0370] identification capability is one of active, and inactive. In an exemplary implementation, the SEPP identification capability is provided at the NRF
[0358] , Further, the SEPP identification capability at the NRF
[0358] may be represented as “SEPPIdentificationOn”. In an exemplary embodiment, when the SEPP identification capability is active, it may be represented at the NRF
[0358] as “SEPPIdentificationOn”.
[0127] In one aspect, in case the processing unit
[0354] may determine the identity of the SEPP
[0370] to be active (or true value), which further implies that the NRF
[0358] is actively engaged in determining the SEPP identity.
[0128] In another aspect, in case the processing unit
[0354] may determine the identity of the SEPP
[0370] to be inactive (or false), which further implies that the NRF
[0358] may lack the ability or may not be required to identify the SEPP identity.
[0129] Further, the processing unit
[0354] is configured to determine, at the NRF
[0358] , based on the set of header attributes, an identity of the SEPP
[0370] , Further, in an event, the identity of the SEPP
[0370] is determined to be active, then in such event, the processing unit
[0354] may perform a cross-verification process by comparing the set of header attributes with a set of prestored information stored in a database associated with the NRF
[0358] ,
[0130] Further, the transceiver unit
[0352] is configured to transmit, at the NRF
[0358] , the service request to a target node based on the determined identity of the SEPP
[0370] , Herein, based on the identity of the SEPP
[0370] determined by the processing unit
[0354] , the transceiver unit
[0352] is configured to transmit the service request based on the one or more processes associated with each type of identity of said SEPP
[0370] ,
[0131] Further, in response to the identity of the SEPP
[0370] being the first identity, the transceiver unit
[0352] is configured to transmit, at the NRF
[0358] , the service request back to the SEPP
[0370] , Herein, in case the SEPP
[0370] is determined to be the first identity, implying that the SEPP
[0370] is associated within the same network (same PLMN) of said NRF
[0358] , Further, in such cases, the NRF
[0358] may not be able to easily differentiate whether a message is coming from an internal entity (a NF associated with a network of said NRF
[0358] ) or from the SEPP
[0370] , which may pose a security risk, especially if the SEPP
[0370] is misconfigured or malicious actors are able to masquerade as legitimate SEPPs. Further, in such cases, the processing unit
[0354] at the NRF
[0358] may process the request as “incorrect service operations” and further send the service request back to the SEPP
[0370] ,
[0132] Further, in response to the identity of the SEPP
[0370] being the second identity, the processing unit
[0354] is configured to determine, at the NRF
[0358] , from the header attributes of the service request, a target public land mobile network (PLMN). Further, based on the set of header attributes present in the service request, the processing unit
[0354] may further identify the target PLMN associated with the service request.
[0133] Further, the transceiver unit
[0352] is configured to transmit, at the NRF
[0358] , the service request to a network node associated with the target PLMN. Post identifying the target PLMN, the transceiver unit
[0352] is configured to transmit the service request to a network node that is associated with this target PLMN and is mentioned in the service request.
[0134] However, prior to transmitting the service request to the target network node
[0356] , the processing unit
[0354] is configured to determine, at the NRF
[0358] , from the header attributes, a target network function (NF). Further, the processing unit
[0354] may further process the set of header attributes to determine the target network node
[0356] that needs to handle the service request. Herein, the target NF is a sessions management function (SMF).
[0135] Further, the processing unit
[0354] is configured to determine, at the NRF
[0358] , that a support parameter at the target NF is set to true. Further, the processing unit
[0354] may verify the support parameter at the target network node
[0356] (i.e, the SMF). Herein, the support parameter may indicate whether the target network node
[0356] (i.e, the SMF) is able to execute one or more services mentioned in the service request. In an exemplary embodiment, the support parameter may be represented as “vsmfSupportlnd”.
[0136] In one example, the support parameter may indicate a true value, implying that the target network node
[0356] (i.e, the SMF) is able to execute one or more services mentioned in the service request.
[0137] In another example, the support parameter may indicate a false value, implying that the target network node
[0356] (i.e, the SMF) is not able to execute one or more services mentioned in the service request.
[0138] In yet another example, the support parameter may indicate no value or an empty value, implying that the target network node
[0356] (i.e, the SMF) may or may not be able to execute one or more services mentioned in the service request.
[0139] Thereafter, the transceiver unit
[0352] is configured to transmit, at the NRF
[0358] , the service request to the target NF via an NRF
[0358] associated with the target PLMN. Post verification of the support parameter the target network node
[0356] (i.e, the SMF). The transceiver unit
[0352] may further transmit the service request to the target network node
[0356] via the NRF
[0358] that is associated with said PLMN. It is to be noted that the transceiver unit
[0352] may send the service request to the target network node
[0356] , only in an event the support parameter may indicate the true value.
[0140] Referring to FIG. 4A, an exemplary method flow diagram [400a] for managing service requests in a network, in accordance with exemplary implementations of the present disclosure is shown. In an implementation the method [400a] is performed by the system [300a], Further, in an implementation, the system [300a] may be present in a server device to implement the features of the present disclosure.
[0141] Also, as shown in FIG. 4A, the method [400a] initially starts at step
[0402] ,
[0142] At step
[0404] , the method [400a] comprises receiving, by the transceiver unit
[0302] at the network repository function (NRF)
[0310] , a service request from the network function (NF)
[0330] ,
[0143] At step
[0406] , the method [400a] comprises determining, by the determining unit
[0304] at the NRF
[0310] , a set of attributes in the service request. Herein, the set of attributes is at least one of hnrf-URI, hnrfURI, and hnrfAccessTokenURI, a Fully Qualified Domain Name (FQDN) format, and internet protocol (IP)v4 address, IPv6 address.
[0144] The method [400a] further explains extracting, by the extracting unit
[0308] at the NRF
[0310] , from the FQDN, at least one of the Mobile Country Code (MCC) and the Mobile Network Code (MNC) of the target PLMN.
[0145] The method [400a] further comprises determining, by the determining unit
[0304] at the NRF
[0310] , based on at least one of the MCC and MNC of the target PLMN, the identity of the target PLMN.
[0146] At step
[0408] , the method [400a] comprises determining, by the processing unit
[0306] at the NRF
[0310] , based on the set of attributes identifier, an identity of the target public land mobile network (PLMN) relating to the service request. Herein, the identity of the target PLMN is one of the first identity, and the second identity.
[0147] At step
[0410] , the method [400a] comprises forwarding, by the transceiver unit
[0302] at the NRF
[0310] , based on the determined identity of the target PLMN, the service request towards the target network node
[0312] associated with the target PLMN.
[0148] The method [400a] further explains that in response to the identity of the target PLMN being the first identity. The method [400a] comprises extracting, by the processing unit
[0306] at the NRF
[0310] , a uniform resource identifier (URI) from the received service request. Further, the method [400a] comprises providing, by the processing unit
[0306] at the NRF
[0310] , the authority header set to the service request. Further, the authority header set comprises the URI. Further, the method [400a] comprises transmitting, by the transceiver unit
[0302] at the NRF
[0310] , the service request to the service control point (SCP) associated with the target PLMN.
[0149] The method [400a] further explains that in response to the identity of the target PLMN being the second identity, the method [400a] comprises transmitting, by the transceiver unit
[0302] at the NRF
[0310] , the service request to a security edge protection proxy (SEPP)
[0316] associatedwith the target PLMN. Herein, the transmitted service request is further provided with application programming interface (API) details obtained from the service request.
[0150] The method [400a] herein terminates at step
[0012] ,
[0151] Referring to FIG. 4B, an exemplary method flow diagram [400b] for managing service requests in a network, in accordance with exemplary implementations of the present disclosure is shown. In an implementation the method [400b] is performed by the system [300b], Further, in an implementation, the system [300b] may be present in a server device to implement the features of the present disclosure.
[0152] Also, as shown in FIG. 4B, the method [400b] initially starts at step
[0452] ,
[0153] At step
[0454] , the method [400b] comprises receiving, by the transceiver unit
[0352] at the NRF
[0358] , a service request from the security edge protection proxy (SEPP)
[0370] , Herein, the service request comprises at least a set of header attributes indicative of an identity of the SEPP
[0370] , Further, the identity is one of a first identity, and a second identity.
[0154] At step
[0456] , the method [400b] comprises determining, by the processing unit
[0354] at the NRF
[0358] , the SEPP
[0370] identification capability indicative of a capacity of the NRF
[0358] for determining the identity of the SEPP
[0370] , Herein, the SEPP
[0370] identification capability is one of active, and inactive.
[0155] At step
[0458] , in response to the SEPP
[0370] identification capability being active, the method [400b] comprise determining, by the processing unit
[0354] at the NRF
[0358] , based on the set of header attributes, the identity of the SEPP
[0370] ,
[0156] At step
[0460] , the method [400b] comprise transmitting, by the transceiver unit
[0352] at the NRF
[0358] , the service request to the target node based on the determined identity of the SEPP
[0370] ,
[0157] The method [400b] further explains that in response to the identity of the SEPP
[0370] being the first identity, the method [400b] comprises transmitting by the transceiver unit
[0352] at the NRF
[0358] , the service request back to the SEPP
[0370] ,
[0158] The method [400b] further explains that in response to the identity of the SEPP
[0370] being the second identity, the method [400b] comprises determining, by the processing unit
[0354] at the NRF
[0358] , from the header attributes of the service request, a target public land mobile network (PLMN). Further, the method [400b] comprises transmitting, by the transceiver unit
[0352] , at the NRF
[0358] , the service request to a network node associated with the target PLMN.
[0159] The method [400b] further explains that prior transmitting the service request to the target network node
[0356] , the method [400b] comprise determining, by the processing unit
[0354] , at the NRF
[0358] , from the header attributes, a target network function (NF). Herein, the target NF is a sessions management function (SMF). Further, the method [400b] comprises determining, by the processing unit
[0354] at the NRF
[0358] , that a support parameter at the target NF is set to true. Further, the method [400b] comprises transmitting, by the transceiver unit
[0352] , at the NRF
[0358] , the service request to the target NF via an NRF
[0358] associated with the target PLMN.
[0160] The method [400b] herein terminates at step
[0462] ,
[0161] Referring to FIG. 5A, a flow diagram [500a] for managing service requests in a network in accordance with exemplary implementations of the present disclosure is shown. In an implementation the flow diagram [500a] is performed by the system [300a],
[0162] At step 502, the Network Function (NF)
[0330] initiates the communication by sending the service request to the Network Repository Function (NRF)
[0310] , The service request contains one or more attributes such as the hnrfURI / hnrf-URI, hnrfAccessTokenURI, and FQDN.
[0163] At step 504, post receiving the service request, the NRF
[0310] further extracts the Mobile Country Code (MCC) and Mobile Network Code (MNC) to identify the target Public Land Mobile Network (PLMN).
[0164] At step 506, The NRF
[0310] may further determine the target PLMN based on the extracted MCC and MCC codes and the set of attributes and accordingly classifies the targetPLMN as the first identity implying that the service request is within the same network such as a home network or a partner network.
[0165] At step 508, post identifying the identity of the target PLMN, the NRF
[0310] may forward the service request to the NRF
[0310] of the target PLMN.
[0166] Referring to FIG. 5B, another flow diagram [500b] for managing service requests in a network in accordance with exemplary implementations of the present disclosure is shown. In an implementation the flow diagram [500b] is performed by the system [300a],
[0167] At step 512, the Network Function (NF)
[0330] initiates the communication by sending the service request to the Network Repository Function (NRF)
[0310] , The service request contains one or more attributes such as the hnrfURI / hnrf-URI, hmfAccessTokenURI, and FQDN.
[0168] At step 514, post receiving the service request, the NRF
[0310] further extracts the Mobile Country Code (MCC) and Mobile Network Code (MNC) and the application programming interface (API) details to identify the target PLMN and the required API for the service request.
[0169] At step 516, The NRF
[0310] may further determine the target PLMN based on the extracted MCC and MCC codes, the set of attributes and the API details and accordingly classifies the target PLMN as the second identity implying that the target PLMN is an external PLMN (e.g., an external network).
[0170] At step 518, post identifying the identity of the target PLMN, the NRF
[0310] may forward the service request to the SEPP
[0316] (Security Edge Protection Proxy) of the target PLMN.
[0171] Referring to FIG. 5C, yet another flow diagram [500c] for managing service requests in a network in accordance with exemplary implementations of the present disclosure is shown. In an implementation the flow diagram [500c] is performed by the system [300a],
[0172] At step 522, the Network Function (NF)
[0330] initiates the communication by sending the service request to the Network Repository Function (NRF)
[0310] , The service request contains one or more attributes such as the hnrfURI / hnrf-URI, hnrfAccessTokenURI, and FQDN.
[0173] At step 524, post receiving the service request, the NRF
[0310] further extracts the Mobile Country Code (MCC) and Mobile Network Code (MNC) and the application programming interface (API) details to identify the target PLMN and the required API for the service request.
[0174] At step 526, The NRF
[0310] may further determine the target PLMN based on the extracted MCC and MCC codes, the set of attributes and the API details and accordingly classifies the target PLMN as the second identity implying that the target PLMN is an external PLMN (e.g., an external network).
[0175] At step 528, post identifying the identity of the target PLMN, the NRF
[0310] may forward the service request along with the API details to the SEPP
[0316] (Security Edge Protection Proxy) of the target PLMN.
[0176] Referring to FIG. 6A, a flow diagram [600a] for managing service requests in a network in accordance with exemplary implementations of the present disclosure is shown. In an implementation the flow diagram [600a] is performed by the system [300b],
[0177] At step 602, the security edge protection proxy (SEPP)
[0370] initiates the communication by sending the service request to the Network Repository Function (NRF)
[0358] , The service request comprises the set of header data which may include detailed uniform resource locator (URI) such as a hostname or an internet protocol (IP) address of the SEPP
[0370] , a path of the URI, SEPP ID, authentication data and similar known to a person skilled in the art.
[0178] At step 604, post receiving the service request, the NRF
[0358] may determine the SEPP
[0370] identification capability indicative of a capacity of the NRF
[0358] for determining the identity of the SEPP
[0370] ,
[0179] At step 606, In case the SEPP
[0370] identification capability is active, then the NRF
[0358] may further determine the identity of the SEPP
[0370] based on the set of header attributes.In case, the SEPP
[0370] identification capability is inactive, then in such case, the NRF
[0358] may halt any further transmission of the service request.
[0180] At step 608, in case, the identity of the SEPP
[0370] being the second identity, then the NRF
[0358] may further send the service request to the network node that is associated with this target PLMN.
[0181] Referring to FIG. 6B, another flow diagram [600b] for managing service requests in a network in accordance with exemplary implementations of the present disclosure is shown. In an implementation the flow diagram [600b] is performed by the system [300b],
[0182] At step 612, the security edge protection proxy (SEPP)
[0370] initiates the communication by sending the service request to the Network Repository Function (NRF)
[0358] , The service request comprises the set of header data which may include detailed uniform resource locator (URI) such as a hostname or an internet protocol (IP) address of the SEPP
[0370] , a path of the URI, SEPP ID, authentication data and similar known to a person skilled in the art.
[0183] At step 614, post receiving the service request, the NRF
[0358] may determine the SEPP
[0370] identification capability indicative of a capacity of the NRF
[0358] for determining the identity of the SEPP
[0370] ,
[0184] At step 616, In case the SEPP
[0370] identification capability is active, then the NRF
[0358] may further determine the identity of the SEPP
[0370] based on the set of header attributes. In case, the SEPP
[0370] identification capability is inactive, then in such case, the NRF
[0358] may halt any further transmission of the service request.
[0185] At step 618, in case, the identity of the SEPP
[0370] being the second identity, then the NRF
[0358] may further transmit the service request back to the SEPP
[0370] ,
[0186] The present disclosure provides a non-transitory computer-readable storage medium, storing instructions for managing service requests in a network, the storage medium comprising executable code which, when executed by one or more units of a system, causes: a transceiver unit
[0302] to receive, at a network repository function (NRF)
[0310] , a service request from a network function (NF)
[0330] ; a determining unit
[0304] to determine, at the NRF
[0310] , a set of attributes inthe service request; a processing unit
[0306] to determine, at the NRF
[0310] , based on the set of attributes, an identity of a target public land mobile network (PLMN) relating to the service request, wherein the identity of the target PLMN is one of a first identity, and a second identity; and the transceiver unit
[0302] to forward, at the NRF
[0310] , based on the determined identity of the target PLMN, the service request towards a target network node
[0312] associated with the target PLMN.
[0187] The present disclosure further provides a non-transitory computer-readable storage medium, storing instructions for managing service requests in a network, the storage medium comprising executable code which, when executed by one or more units of a system, causes: a transceiver unit
[0352] to receive, at a Network Repository Function (NRF)
[0358] , a service request from a security edge protection proxy (SEPP)
[0370] , wherein the service request comprises at least a set of header data indicative of an identity of the SEPP
[0370] , and wherein the identity is one of a first identity, and a second identity; a processing unit
[0354] to determine, at the NRF
[0358] , a SEPP
[0370] identification capability indicative of a capacity of the NRF
[0358] for determining the identity of the SEPP
[0370] , wherein the SEPP
[0370] identification capability is one of active, and inactive, wherein, in response to the SEPP
[0370] identification capability being active, further causes: the processing unit
[0354] to determine, at the NRF
[0358] , based on the set of header attributes, an identity of the SEPP
[0370] ; and the transceiver unit
[0352] to transmit, at the NRF
[0358] , the service request to a target node based on the determined identity of the SEPP
[0370] ,
[0188] As is evident from the above, the present disclosure provides a technically advanced solution for managing service requests in a network. The present solution provides a means for the NRF to identify service requests and determine if a target PLMN of the service request is part of a home network or an external network relative to the NRF. Based on such a determination, the NRF is adapted to accordingly forward the service request to a target node (such as, to another NRF, or to a SEPP). The present solution is further able to provide parameters for identifying header and value which will be used for identifying messages received from SEPP
[0316] rather than hardcoded values.
[0189] While considerable emphasis has been placed herein on the disclosed implementations, it will be appreciated that many implementations can be made and that many changes can be made to the implementations without departing from the principles of the present disclosure. These and other changes in the implementations of the present disclosure will beapparent to those skilled in the art, whereby it is to be understood that the foregoing descriptive matter to be implemented is illustrative and non-limiting.
Claims
We Claim:
1. A method [400a] for managing service requests in a network, the method [400a] comprising: receiving, by a transceiver unit [302] at a network repository function (NRF) [310], a service request from a network function (NF) [330]; determining, by a determining unit [304] at the NRF [310], a set of attributes in the service request; determining, by a processing unit [306] at the NRF [310], based on the set of attributes, an identity of a target public land mobile network (PLMN) relating to the service request, wherein the identity of the target PLMN is one of a first identity, and a second identity; and forwarding, by the transceiver unit [302] at the NRF [310], based on the determined identity of the target PLMN, the service request towards a target network node [312] associated with the target PLMN.
2. The method [400a] as claimed in claim 1, wherein the set of attributes is at least one of hnrf- URI, hnrfURI, and hnrfAccessTokenURI, a Fully Qualified Domain Name (FQDN) format, and internet protocol (IP)v4 address, IPv6 address.
3. The method [400a] as claimed in claim 2, wherein the method [400a] further comprises: extracting, by an extracting unit [308] at the NRF [310], from the FQDN, at least one of a Mobile Country Code (MCC) and a Mobile Network Code (MNC) of the target PLMN; and determining, by the determining unit [304] at the NRF [310], based on the at least one of the MCC and MNC of the target PLMN, the identity of the target PLMN.
4. The method [400a] as claimed in claim 1, wherein, in response to the identity of the target PLMN being the first identity, the method [400a] comprises: transmitting, by the transceiver unit [302] at the NRF [310], the service request to an NRF [310] associated with the target PLMN, wherein the transmitted service request further is further provided with an authority header set, and wherein the authority header set is based on at least one of the FQDN, a port, and a schema of the service request.
5. The method [400a] as claimed in claim 1, wherein, in response to the identity of the target PLMN being the first identity, the method [400a] comprises: extracting, by the processing unit [306] at the NRF [310], a uniform resource identifier (URI) from the received service request; providing, by the processing unit [306] at the NRF [310], a header to the service request, wherein the header comprises the URI; and transmitting, by the transceiver unit [302] at the NRF [310], the service request to a service control point (SCP) associated with the target PLMN.
6. The method [400a] as claimed in claim 1, wherein, in response to the identity of the target PLMN being the second identity, the method [400a] comprises: transmitting, by the transceiver unit [302] at the NRF [310], the service request to a security edge protection proxy (SEPP) [316] associated with the target PLMN, wherein the transmitted service request is further provided with application programming interface (API) details obtained from the service request.
7. A system [300a] for managing service requests in a network, the system [300a] comprising: a transceiver unit [302] configured to receive, at a network repository function (NRF) [310], a service request from a network function (NF) [330]; a determining unit [304] configured to determine, at the NRF [310], a set of attributes in the service request; a processing unit [306] configured to determine, at the NRF [310], based on the set of attributes, an identity of a target public land mobile network (PLMN) relating to the service request, wherein the identity of the target PLMN is one of a first identity, and a second identity; and the transceiver unit [302] configured to forward, at the NRF [310], based on the determined identity of the target PLMN, the service request towards a target network node [312] associated with the target PLMN.
8. The system [300a] as claimed in claim 7, wherein the set of attributes is at least one of hnrf- URI, hnrfURI, and hnrfAccessTokenURI, in in a Fully Qualified Domain Name (FQDN) format having internet protocol (IP)v4 address, IPv6 address.
9. The system [300a] as claimed in claim 8, wherein:an extracting unit [308] is configured to extract, at the NRF [310], from the FQDN, at least one of a Mobile Country Code (MCC) and a Mobile Network Code (MNC) of the target PLMN; and the determining unit [304] is configured to determine, at the NRF [310], based on the at least one of the MCC and MNC of the target PLMN, the identity of the target PLMN.
10. The system [300a] as claimed in claim 7, wherein, in response to the identity of the target PLMN being the first identity, the transceiver unit [302] is configured to transmit, at the NRF [310], the service request to an NRF [310] associated with the target PLMN, wherein the transmitted service request further is further provided with an authority header set, and wherein the header set is based on at least one of the FQDN, a port, and a schema of the service request.
11. The system [300a] as claimed in claim 7, wherein, in response to the identity of the target PLMN being the first identity: the processing unit [306] is configured to: extract, at the NRF [310], a uniform resource identifier (URI) from the received service request; provide, at the NRF [310], a header to the service request, wherein the header comprises the URI; and the transceiver unit [302] is configured to transmit, at the NRF [310], the service request to a service control point (SCP) associated with the target PLMN.
12. The system [300a] as claimed in claim 7, wherein, in response to the identity of the target PLMN being the second identity, the transceiver unit [302] is configured to transmit, at the NRF [310], the service request to a security edge protection proxy (SEPP) [316] associated with the target PLMN, wherein the transmitted service request is further provided with application programming interface (API) details obtained from the service request.
13. A method [400b] for managing service requests in a network, the method [400b] comprising: receiving, by a transceiver unit [352] at a Network Repository Function (NRF) [358], a service request from a security edge protection proxy (SEPP) [370], wherein theservice request comprises at least a set of header data indicative of an identity of the SEPP [370], and wherein the identity is one of a first identity, and a second identity; determining, by the processing unit [354] at the NRF [358], a SEPP [370] identification capability indicative of a capacity of the NRF [358] for determining the identity of the SEPP [370], wherein the SEPP [370] identification capability is one of active, and inactive,- wherein, in response to the flag value being active, the method [400b] comprises: determining, by the processing unit [354] at the NRF [358], based on the set of header attributes, an identity of the SEPP [370]; and transmitting, by the transceiver unit [352] at the NRF [358], the service request to a target node based on the determined identity of the SEPP [370],14. The method [400b] as claimed in claim 13, wherein, in response to the identity of the SEPP [370] being the first identity, the method [400b] comprises: transmitting by the transceiver unit [352] at the NRF [358], the service request back to the SEPP [370],15. The method [400b] as claimed in claim 13, wherein, in response to the identity of the SEPP [370] being the second identity, the method [400b] comprises: determining, by the processing unit [354] attheNRF [358], from the header attributes of the service request, a target public land mobile network (PLMN); and transmitting, by the transceiver unit [352], at the NRF [358], the service request to a network node associated with the target PLMN.
16. The method [400b] as claimed in claim 15, wherein the method [400b] comprises: determining, by the processing unit [354], at the NRF [358], from the header attributes, a target network function (NF); determining, by the processing unit [354] at the NRF [358], that a support parameter at the target NF is set to true; and transmitting, by the transceiver unit [352], at the NRF [358], the service request to the target NF via an NRF [358] associated with the target PLMN.
17. The method [400b] as claimed in claim 16, wherein the target NF is a session management function (SMF).
18. A system [300b] for managing service requests in a network, the system [300b] comprising: a transceiver unit [352] configured to receive, at a Network Repository Function (NRF) [358], a service request from a security edge protection proxy (SEPP) [370], wherein the service request comprises at least a set of header data indicative of an identity of the SEPP [370], and wherein the identity is one of a first identity, and a second identity; a processing unit [354] configured to determine, at the NRF [358], a SEPP [370] identification capability indicative of a capacity of the NRF [358] for determining the identity of the SEPP [370], wherein the SEPP [370] identification capability is one of active, and inactive, wherein, in response to the SEPP [370] identification capability being active: the processing unit [354] is configured to determine, at the NRF [358], based on the set of header attributes, an identity of the SEPP [370]; and the transceiver unit [352] is configured to transmit, at the NRF [358], the service request to a target node based on the determined identity of the SEPP [370],19. The system [300b] as claimed in claim 18, wherein, in response to the identity of the SEPP [370] being the first identity, the transceiver unit [352] is configured to transmit, at the NRF [358], the service request back to the SEPP [370],20. The system [300b] as claimed in claim 18, wherein, in response to the identity of the SEPP [370] being the second identity: the processing unit [354] is configured to determine, at the NRF [358], from the header attributes of the service request, a target public land mobile network (PLMN); and the transceiver unit [352] is configured to transmit, at the NRF [358], the service request to a network node associated with the target PLMN.
21. The system [300b] as claimed in claim 20, wherein: the processing unit [354] is configured to: determine, at the NRF [358], from the header attributes, a target network function (NF);determine, at the NRF [358], that a support parameter at the target NF is set to true; and the transceiver unit [352] is configured to transmit, at the NRF [358], the service request to the target NF via an NRF [358] associated with the target PLMN.
22. The system [300b] as claimed in claim 21, wherein the target NF is a sessions management function (SMF).
23. A non-transitory computer-readable storage medium, storing instructions for managing service requests in a network, the storage medium comprising executable code which, when executed by one or more units of a system, causes:- a transceiver unit [302] to receive, at a network repository function (NRF) [310], a service request from a network function (NF) [330];- a determining unit [304] to determine, at the NRF [310], a set of attributes in the service request;- a processing unit [306] to determine, at the NRF [310], based on the set of attributes, an identity of a target public land mobile network (PLMN) relating to the service request, wherein the identity of the target PLMN is one of a first identity, and a second identity; and- the transceiver unit [302] to forward, at the NRF [310], based on the determined identity of the target PLMN, the service request towards a target network node [312] associated with the target PLMN.
24. A non-transitory computer-readable storage medium, storing instructions for managing service requests in a network, the storage medium comprising executable code which, when executed by one or more units of a system, causes:- a transceiver unit [352] to receive, at a Network Repository Function (NRF) [358], a service request from a security edge protection proxy (SEPP) [370], wherein the service request comprises at least a set of header data indicative of an identity of the SEPP [370], and wherein the identity is one of a first identity, and a second identity;- a processing unit [354] to determine, at the NRF [358], a SEPP [370] identification capability indicative of a capacity of the NRF [358] for determining the identity of the SEPP [370], wherein the SEPP [370] identification capability is one of active, and inactive,wherein, in response to the SEPP [370] identification capability being active, further causes:- the processing unit [354] to determine, attheNRF [358], based on the set of header attributes, an identity of the SEPP [370]; and - the transceiver unit [352] to transmit, at the NRF [358], the service request to a target node based on the determined identity of the SEPP [370],