4 Architecture model and concepts
23.2563GPPRelease 17Stage 2Support of Uncrewed Aerial Systems (UAS) connectivity, identification and trackingTS
4.1 General concept
The architecture enhancements for UAVs introduce the following functionality:
– Authentication and authorization of a UAV with the USS during 5GS registration (optional).
– Authentication and authorization of a UAV with the USS during PDU session establishment and PDN connection establishment.
– Support for USS authorization of C2 Communication.
– A reference model for UAV tracking, supporting three UAV tracking modes: UAV location reporting mode, UAV presence monitoring mode, and list of Aerial UEs in a geographic area. The 3GPP system supports geofencing (for in-flight UAV) and geocaging (for UAV on the ground intending to fly) functionality in USS by providing enablers such as location services, event notification to a subscribing USS, etc.
NOTE: Geofencing/geocaging mechanisms are an air traffic control functionality performed by the USS and are out of scope of this specification. The 3GPP system provides enablers to support geofencing/geocaging functionality in USS, e.g. location services, enablement of C2 connectivity, event notification to a subscribing USS, etc. However, no specific geofencing/geocaging mechanisms are defined in 3GPP.
4.2 Architectural reference model
4.2.1 General
This specification covers UAV functionality provided by 5GC connected to NG-RAN and EPC connected to LTE.
The following functionality is defined for UAV support in the 3GPP system:
– An UAV is authenticated and authorized by USS via a USS UAV Authentication & Authorization (UUAA) with the support of the 3GPP system before connectivity for UAS services is enabled.
– Depending on 3GPP network operator and/or regulatory requirements, the UUAA is performed:
– In 5GS: either as a separate procedure during the 5GS registration procedure (optional and based on specific PLMN policies, USS requirements, and geographic regulatory requirements), or when the UAV requests user plane resources for UAV operation (i.e. PDU session establishment). The UAV shall support UUAA during Registration and PDU session establishment procedure. The network shall support UUAA during PDU session establishment.
– In EPS: during the attach procedure and the corresponding PDN connection establishment. The network shall support UUAA during PDN connection establishment. The UAV shall support UUAA during PDN connection establishment procedure.
– A UAV that is provisioned with a CAA-Level UAV ID shall provide the CAA-Level UAV ID in 5GS in both Registration and in PDU Session establishment. In EPC, a UAV that is provisioned with a CAA-Level UAV ID provides the CAA-Level UAV ID in PDN Connection establishment in SM-PCO. The CN determine whether UUAA is executed at 5GS registration or at PDU session/PDN Connection establishment, based on local policies.
– If UUAA is not performed during the Registration procedure in 5GS, the UUAA is performed at PDU session establishment when the UAV requests user plane resources for UAV operation and the UAV provides its CAA Level ID during PDU session (PDN connection) establishment.
– The UAV flight authorization and UAV-UAVC pairing authorization is performed at PDU session/PDN connection establishment/modification procedures.
– The 3GPP system supports USS authorization of pairing between a UAV and a networked UAVC or a UAVC that connects to the UAV via Internet connectivity during either the establishment of the PDN connection/PDU session for C2 communication or a modification of a PDN connection/PDU session either dedicated to C2 communication or common to USS communication and C2 communication. Modifications of the pairing or re-authorization take place via modification of the established PDN connection/PDU session. During such procedures, the USS provides to the 3GPP system information (e.g. QoS requirement, data flow descriptors, etc.) that enable traffic between the UAV and the UAVC.
NOTE 1: How the USS is made aware of the UAVC is outside the scope of 3GPP in this Release.
– For EPC, the PDN connections used by UAV are served by SMF+PGW-C regardless of whether the UAV support 5G NAS or whether their subscription allows access to 5GC. The APN(s) used by the UAV for contacting USS or for C2 communication always resolves to a SMF+PWG-C.
The following architectural assumptions apply:
– It is assumed that the UAV trying to access UAS services using 3GPP connectivity is already registered with a USS and has been assigned a CAA-Level-UAV ID. The procedure for UAV registration and assignment of CAA-Level-UAV ID is out of scope of 3GPP. The USS assigns to the UAV a CAA-Level UAV ID, or is made aware of the assigned CAA-Level UAV ID.
– A UAV is associated with an Aerial subscription in the UDM. The Aerial subscription contains aerial UE indication in the Access and Mobility Subscription data (to be used similarly to aerial UE indication defined in EPS), an aerial service indication in the Session Management Subscription data for each DNN dedicated for UAS services (C2 and UUAA-SM) which indicates that corresponding authentication/authorization has to be done using API based mechanism.
– An UAV is identified by USS using a CAA-level UAV ID, and identified by the 3GPP System using a 3GPP UAV ID assigned by the MNO:
– It is assumed that an aerial subscription associated to a UAV includes at least one GPSI to be used as 3GPP UAV ID.
– A UAV is registered with the USS either before connecting with the 3GPP system or using plain internet connectivity via the 3GPP system. Before registering for UAS services with the 3GPP system, the UAV shall be provisioned with a CAA-Level UAV Identity.
– In roaming scenarios, it is assumed that access to USS is in the VPLMN, thus packet data connectivity for UAV-USS communication is in local breakout, and the UAS NF function is located in the VPLMN.
– In this Release, the UAV uses 3GPP access (i.e. LTE & NR) for 3GPP UAV related operations.
– Activation of RAN aerial features for UAV accessing via E-UTRA reuses the existing mechanism defined in TS 36.300 [7].
NOTE 2: In this Release, an UAV is served by single USS for the duration of the connectivity between the USS and the UAV.
– One or more USS(s) may be present in a specific region and may manage UAVs over one or more 3GPP networks.
– The 3GPP Network subscription for the UAV is not assumed to contain any information about the USS.
– The USS address, if known to the UAV, is configured in the UAV via mechanisms outside the scope of 3GPP.
4.2.2 Logical UAV Reference Architecture
Figure 4.2.2-1: Logical 5GS and EPS architecture for UAV
NOTE 1: Provisioning of UAS services over EPC is based on the use of an SMF+PGW-C node.
Figure 4.2.2-2: Non-roaming architecture for interworking between 5GS and EPC/E-UTRAN
Figure 4.2.2-3: Local breakout roaming architecture for interworking between 5GS and EPC/E-UTRAN
NOTE 2: Transferring the UUAA context from AMF to MME when the UE moves from 5GS to EPS and the UUAA was performed at 5GS registration is not supported on the N26 interface.
NOTE 3: No new UAV-specific functionality is defined for T6a.
4.2.3 5GS Non-roaming Reference Architecture
Figure 4.2.3-1: 5G System non-roaming architecture for UAV
4.2.4 5GS Roaming Reference Architecture
Figure 4.2.4-2: Roaming 5G System architecture for UAV – local breakout scenario in service-based interface representation
4.2.5 Service-based interfaces
The 5G System Architecture for UAVs contains the service-based interfaces defined in TS 23.501 [2].
4.2.6 Reference points
The 5G System Architecture for UAV contains the reference points defined in TS 23.501 [2].
4.3 Functional entities
4.3.1 General
In addition to the 5GS functional entities defined in TS 23.501 [2] and the EPS functional entities defined in TS 23.401 [6], the following functional entities are defined for UAS.
4.3.2 UAS NF
The UAS Network Function is supported by the NEF or SCEF+NEF and used for external exposure of services to the USS. The UAS-NF makes use of existing NEF/SCEF exposure services for UAV authentication/authorization, for UAV flight authorization, for UAV-UAVC pairing authorization, and related re-authentication/re-authorization and revocation; for location reporting, presence monitoring, obtaining list of Aerial UEs in a geographic area and control of QoS/traffic filtering for C2 communication.
The UAS NF may coordinate with the USS to assist CAA-Level UAV ID assignment.
A dedicated NEF may be deployed to provide only the UAS NF functionality, i.e. to support the UAS specific features/APIs and the NEF features/APIs that are specified for capability exposure towards the USS.
For external exposure of services related to specific UAV(s), the UAS NF resides in the VPLMN, in order to interface with country specific USS(es).
When CAPIF is supported by the UAS NF, the UAS NF supports the CAPIF API provider domain functions as specified in TS 23.222 [4].
To support re-authentication/re-authorization and revocation request by USS, the UAS NF stores information as to whether the re-authentication/re-authorization and revocation is towards an AMF or SMF/SMF+PGW-C and the address of the serving AMF or SMF/SMF+PGW-C.
UAS NF stores the result of UUAA-MM procedures and the result of UUAA-SM procedures.
4.3.3 UAV
The UAV is a 3GPP UE supporting the UE functionality defined in TS 23.401 [6] and in TS 23.501 [2].
In addition:
– a UAV that is configured for UAS services is provisioned with a single CAA-Level UAV ID;
– a UAV that is configured for UAS services (i.e. is provisioned with a CAA-Level UAV ID) registers to the 3GPP system for UAS services (i.e. to take advantage of aerial features, connectivity with USS and for C2 connectivity) and provides the CAA-Level UAV ID and a UUAA Aviation Payload to 5GS or EPS. A UAV that has not performed a registration with aviation authorities shall not attempt to request for UAS services.
NOTE: A UAV that is configured for UAS services but does not have an aerial subscription is not allowed by the network to register for UAS services.
4.3.4 AMF
In addition to the functionality defined in TS 23.501 [2], the AMF:
– may trigger the UUAA-MM procedure for a UE requiring UAV authentication and authorization by a USS when registering with 5GS when the UE has Aerial UE subscription information and based on local operator policy, or when the USS that authenticated the UAV triggers a re-authentication, or when AMF itself determines to re-authentication the UAV after the initial registration.
4.3.5 SMF
In addition to the functionality defined in TS 23.501 [2], the SMF:
– triggers the UUAA-SM procedure for a UE requiring UAV authentication and authorization by a USS when requesting user plane resources for UAV operation, or when the USS/UTM that authenticated the UAV triggers a re-authentication;
– may trigger the authorization of pairing between a UAV and a networked UAVC or a UAVC that connects to the UAV via Internet connectivity during the establishment/modification of the PDN connection/PDU session for C2 communication.
4.3.6 SMF+PGW-C
The SMF+PGW-C implements the functions of the SMF described in clause 4.3.5.
4.4 High level function
4.4.1 Service Operations
4.4.1.1 NEF Services
4.4.1.1.1 General
In addition to those defined in TS 23.501 [2] clause 7.2.8 and TS 23.502 [3] clause 5.2.6, the following table illustrates additional NEF services to support UAS.
Table 4.4.2.1.1-1: NF Services provided by NEF
|
Service Name |
Service Operations |
Operation Semantics |
Example Consumer(s) |
|---|---|---|---|
|
Nnef_Authentication |
AuthenticateAuthorize |
Request/Response |
AMF, SMF |
|
Notification |
Subscribe/Notify |
AMF, SMF |
4.4.1.1.2 Nnef_Authentication service
4.4.1.1.2.1 General
Service Description: This service enables the consumer to either authenticate and authorise, or just authorize, the Service Level Device Identity. In case of UAS, the service is used to authenticate and/or authorize the UAV identified by a CAA-Level UAV ID.
When creating an authentication session, the AMF/SMF implicitly subscribes to NEF about notification related with the authentication/authorization (e.g. re-authenticate, update authorization data or revoke the UUAA authorization). This implicit subscription is implicitly released by UAS NF/NEF when the corresponding authentication association is removed (e.g. in the case of re-authentication failure and USS indicating to release network resource, or in the case of authorization revocation).
4.4.1.1.2.2 Nnef_Authentication_AuthenticateAuthorize service operation
Service operation name: Nnef_Authentication_AuthenticateAuthorize
Description: Provides the authentication and authorization result of the Service Level device Identity.
Input, Required: Service Level Device Identity (i.e. CAA-Level UAV ID) for authentication, GPSI, NF Type.
Input, Conditional Required: Notification endpoint (required for initial authentication request), DNN, S-NSSAI (in case the consumer NF is SMF).
Input, Optional: Authorization Server Address (i.e. USS Address), PEI, UE IP address (in case the consumer NF is SMF), authentication/authorization container provided by UE, UAV location.
Output, Required: None.
Output, Conditional Required: Success/Failure indication [Not required when PDU Session Modification for C2 Communication], Authorization Data container, Indication whether the PDU sessions associated with the "DNN(s) subject to aerial services" can be released [Required for re-authentication failure].
Output, Optional: None.
4.4.1.1.2.3 Nnef_Authentication_Notification service operation
Service operation name: Nnef_Authentication_Notification
Description: Re-authenticate, update authorization data or revoke the UUAA authorization of a UAV.
NOTE: This notification corresponds to an implicit subscription by Nnef_Authentication_AuthenticateAuthorize service operation.
Input, Required: Notification Correlation Information, Service Level Device Identity, 3GPP UAV ID, Notify reason (revoke, re-authentication, or authorization data update).
Input, Conditional Required: Authorization Data container (if the Notify reason is authorization data update).
Input, Optional: None.
Output, Required: Acknowledge indication.
Output, Optional: None.
4.4.1.2 AF Services
4.4.1.2.1 General
In addition to the AF services defined in TS 23.501 [2] clause 7.2.19 and TS 23.502 [3] clause 5.2.19, the following table shows the AF services to support UAS.
Table 4.4.1.2.1-1: NF Services provided by AF
|
Service Name |
Service Operations |
Operation Semantics |
Example Consumer(s) |
|---|---|---|---|
|
Naf_Authentication |
AuthenticateAuthorize |
Request/Response |
UAS NF/NEF |
|
Notification |
Subscribe/Notify |
UAS NF/NEF |
4.4.1.2.2 Naf_Authentication service
4.4.1.2.2.1 General
Service Description: This service enables the consumer to authenticate and authorize the Service Level Device Identity. In case of UAS, the service is used to authenticate and authorize the UAV identified by a CAA-Level UAV ID.
When creating an authentication session, the UAS NF/NEF implicitly subscribes to USS about notification related with the authentication/authorization (e.g. re-authenticate, update authorization data or revoke the UUAA authorization). This implicit subscription is implicitly released by USS when the corresponding authentication session is removed (e.g. in the case of re-authentication failure and USS indicating to release network resource, or in the case of authorization revocation).
4.4.1.2.2.2 Naf_Authentication_AuthenticateAuthorize service operation
Service operation name: Naf_Authentication_AuthenticateAuthorize
Description: Provides the Authentication and Authorization result of the Service Level Device Identity (i.e. CAA-Level UAV ID for UAS).
Input, Required: Service Level Device Identity for authentication, GPSI.
Input, Optional: Notification endpoint (required for initial authentication request), PEI, UE IP address, authentication container provided by UE, UAV location.
Output, Required: None.
Output, Conditional Required: Success/Failure indication and GPSI [Not required when PDU Session Modification for C2 Communication], Authorization Data container, Indication whether the UAS service related network resource can be released [Required for re-authentication failure]
Output, Optional: None.
4.4.1.2.2.3 Naf_Authentication_Notification service operation
Service operation name: Naf_Authentication_Notification
Description: Re-authenticate, update authorization data or revoke the UUAA authorization of a UAV.
NOTE: This notification corresponds to an implicit subscription by Naf_Authentication_AuthenticateAuthorize service operation.
Input, Required: Notification Correlation Information, Service Level Device Identity, GPSI, Notify reason (revoke, re-authentication, or authorization data update).
Input, Conditional Required: Authorization Data container (if the Notify reason is authorization data update).
Input, Optional: PDU Session IP address.
Output, Required: Acknowledge indication.
Output, Optional: None.
4.4.1.3 AMF Services
AMF services related to UAS are defined in TS 23.502 [3] clause 5.2.2.
In addition, when SMF invokes Namf_Communication_N1N2MessageTransfer service operation, it may provide the UUAA result to the UAV.
4.4.1.4 SMF Services
SMF services related to UAS are defined in TS 23.502 [3] clause 5.2.8.
4.4.1.5 UDM Services
UDM services related to UAS are defined in TS 23.502 [3] clause 5.2.3.
4.4.1.6 LMF Services
LMF services related to UAS are defined in TS 23.273 [8] clause 8.3.
4.4.1.7 GMLC Services
GMLC services related to UAS are defined in TS 23.273 [8] clause 8.4.
4.4.1.8 UDR Services
UDR services related to UAS are defined in TS 23.502 [3] clause 5.2.12.
4.4.1.9 PCF Services
PCF services related to UAS are defined in TS 23.502 [3] clause 5.2.5.
4.4.2 USS Discovery
There may be multiple USS(es) serving UASs in a country, and no direct association is expected between the 3GPP network serving a UAS and the USS providing services to the UAS. How the association between a UAV and a USS is realized, is outside the scope of 3GPP and is not related to the UAV subscription with the mobile operator.
In order to enable the interaction between the 3GPP network and the USS serving a UAS, the 3GPP network needs to discover the correct USS serving a specific UAV. This is required either during 5GS registration (when the UUAA is performed during 5GS registration), or during PDU session/PDN connection establishment.
It is assumed that mechanisms for resolution of CAA Level UAV ID to the USS serving the corresponding UAV, defined outside 3GPP, and available to entities outside the 3GPP system (e.g. the TPAE), are used in the 3GPP system to discover the USS for the UAV.
Optionally, the UAV may also provide to the 3GPP system, in addition to the CAA-level UAV ID, the USS address or USS FQDN in order to discover the USS for the UAV.
When the UAV provides the USS Address separately from the CAA-Level UAV ID in UUAA-MM or UUAA-SM, the USS Address shall be used to discover the USS. The USS address, when available, is used by the UAS NF in addition to CAA-Level UAV ID to discover a specific USS.
NOTE: A USS, of which the address is provided by the UE, is assumed accessible to any UAS NF/NEF in the 3GPP network.
4.4.3 CAA-Level UAV ID Assignment
The format of the CAA-Level UAV ID is defined outside 3GPP, however how such identity is used to enable a TPAE to query about UAV information is defined with respect to the 3GPP functionality.
In this release, the assignment of a CAA-level UAV ID for Remote Identification functionality applies solely to the UAV. No CAA-level UAV ID is assigned to and used by a UAVC.
Various formats of CAA-level UAV ID must be supported by the UAV to support various geo-specific regulations. At least Serial Number Identification, a CAA-Issued Registration Identifier (aka Session ID), and USS Issued UUID shall be supported.
In the case of Session ID, though the actual format of the CAA-Level UAV ID is defined outside 3GPP and is not decided by 3GPP, it is assumed that the CAA-Level UAV ID used for Remote Identification contains at least the following information:
– an identity unique to the UAV, which may preferably have temporary validity: this identifies uniquely the UAV with the entity that allocates the CAA-level UAV ID.
NOTE 1: Whether privacy or confidentiality requirements will apply to the unique UAV temporary identity depends on regulations in various regions.
– CAA-level UAV ID Routing Information, used by an entity attempting to retrieve the UAV data (e.g. TPAE) to identify and address the appropriate UAS NF/NEF where to send the query. This is also used in USS discovery.
Two types of CAA-level UAV ID assignment are supported:
1. USS-assigned CAA-Level UAV ID: the identity is assigned completely at USS level.
2. 3GPP-assisted CAA-Level UAV ID assignment:
– The allocation to the UAV of a CAA-Level UAV ID by the USS is done in collaboration with the UAS NF, for the use by the UAV for UUAA, and for the use for Remote Identification.
– The USS interacts with the UAS NF to allocates the UAV identities to be used for Remote Identification (i.e. the CAA-Level UAV ID). When the UAV registers with the USS before registering to a 3GPP system for UAS services, the UAV operator provides information about the serving PLMN to the USS. In order to allocate a CAA-Level UAV ID, the USS interacts with a UAS NF if 3GPP Assisted CAA-Level UAV ID Assignment is desired. The 3GPP network selects a UAS NF to respond to the USS, and the UAS NF provides to the USS the CAA-Level Routing Information to enable a resolver of the CAA-level UAV ID to resolve to the UAS NF.
– The USS delegates to the UAS NF the role of "resolver" of the CAA-Level UAV ID and return to an entity (e.g. the TPAE) querying information about the UAV based on the CAA-Level UAV ID the UAV data that the UAS NF retrieves from the USS.
Editor’s note: The details of mechanisms of exposure of UAS-NF to entities beyond USS outside the 3GPP system is FFS.
– It is assumed that the mapping between USS assigned CAA-level UAV ID and the associated 3GPP UAV ID is known by the UAS NF after the UAV is authorized by the USS via a successful UUAA. If UAS NF receives a remote identification and tracking query from a TPAE with the USS-assigned CAA-Level UAV ID, the UAS NF uses the mapped 3GPP UAV ID to coordinate with different 3GPP functions to collect the UAV remote identification and tracking information. In addition, the UAS NF can retrieve aviation-level information (e.g. pilot information, USS operator, etc.) from the USS to provide it to the querying party (e.g. TPAE).
NOTE 2: It is assumed that the UAV is not aware of which assignment mechanisms is used for the CAA-Level UAV ID.
4.5 Identifiers
4.5.1 General
The UAV is associated with the following identifiers in the 3GPP system.
4.5.2 CAA-Level UAV Identity
A UAV is assigned a CAA-level UAV Identity by functions in the aviation domain (e.g. USS). This assigned identity is used for Remote Identification and Tracking and to identify the UAV.
The UAV provides the CAA-level UAV Identity to the 3GPP system during UUAA procedures.
The CAA-level UAV Identity is used by the UAV as UAV identity in Remote Identification.
The aviation domain may allocate a new CAA-level UAV Identity for the UAV at any time. The new CAA-level UAV Identity may be provided to the UAV and 3GPP system during UAS related procedures.
NOTE: It is assumed that mechanisms are available to ensure privacy and protection (e.g. anti-spoofing) of the CAA-assigned UAV Identity when it is used for Remote Identification. Security solutions to provide such privacy are outside the scope of this specification.
4.5.3 3GPP UAV ID
A 3GPP UAV ID is associated to the UAV by the 3GPP system in the subscription information and is used by the 3GPP system to identify the UAV. GPSI in the format of External Identifier is used as the 3GPP UAV ID.
The USS stores the association of the CAA-level UAV ID (provided by the UAV or a new one allocated by the aviation domain) to the 3GPP UAV ID (which is provided during the UUAA procedure).