5.39 Remote provisioning of credentials for NSSAA or secondary authentication/authorization

23.5013GPPRelease 18System architecture for the 5G System (5GS)TS

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

5.39.1 General

The UE’s subscribed network (i.e. HPLMN, or subscribed SNPN) may provide functionalities to provision or update the credentials used for NSSAA or credentials used for secondary authentication/authorization to the UE. The provisioning procedure is supported via User Plane.

For User Plane Remote Provisioning, the UE establishes a PDU Session that is used for remote provisioning, e.g. by using DNN(s)/S-NSSAI(s) which can access the PVS. The AMF selects an SMF used for remote provisioning using the SMF discovery and selection functionality as described in clause 6.3.2. If the SMF is configured with the PVS address(es) and/or PVS FQDN(s), the SMF shall send the PVS address(es) and/or PVS FQDN(s) per DNN/S-NSSAI to the UE via PCO during PDU Session Establishment procedure, based on the UE’s subscribed DNN(s)/S-NSSAI(s) and the UE’s request of PVS information from the network. Alternatively, the UE may be configured with an address of a PVS or the PVS may subscribe for UE Reachability Notification and may use the Application Triggering procedure as specified in TS 23.502 [3] to trigger the UE to initiate the setup of a connection for remote provisioning.

5.39.2 Configuration for the UE

In order to enable UP Remote Provisioning of credentials for NSSAA or secondary authentication/authorization, UE Configuration Data for UP Remote Provisioning are either pre-configured on the UE or provided by the network to the UE. UE Configuration Data for UP Remote Provisioning provided by the network take precedence over corresponding configuration data stored in the UE.

UE Configuration Data for UP Remote Provisioning consist of PVS IP address(es) and/or PVS FQDN(s). The PVS IP address or PVS FQDN may be associated with dedicated DNN(s) and/or S-NSSAI(s).

If the UE does not have any PVS IP address or PVS FQDN after the establishment of a PDU Session used for UP remote provisioning, the UE may construct an FQDN for PVS discovery as defined in TS 23.003 [19].

The UE Configuration Data for UP Remote Provisioning may be stored in the ME.

The UE Configuration Data for UP Remote Provisioning (i.e. PVS IP address(es) or PVS FQDN(s)) associated with dedicated DNN(s) and/or S-NSSAI(s) may be locally configured in the SMF. The UE Configuration Data for UP Remote Provisioning, if available, shall be provided to the UE during the establishment of any PDU Session used for UP Remote Provisioning as part of Protocol Configuration Options (PCO) in the PDU Session Establishment Response, if the UE has requested the PVS information via PCO in the PDU Session Establishment Request.