5 ProSe service authorisation and authorisation update procedure
24.3343GPPProximity-services (ProSe) User Equipment (UE) to ProSe function protocol aspectsRelease 17Stage 3TS
5.1 Service authorisation and authorisation update for ProSe direct discovery and ProSe direct communication
5.1.1 General
The service authorisation for ProSe direct discovery and ProSe direct communication determines whether the UE is authorised to use ProSe direct discovery (based on E-UTRA or WLAN technology) and ProSe direct communication, in a particular PLMN or when not served by E-UTRAN. In this release of the specification, ProSe direct communication using E-UTRA technology is supported only for Public Safety ProSe-enabled UE. The service authorisation is either:
1) pre-configured in the UE. The pre-configured service authorisation may be stored in the ME, or in the USIM as specified in 3GPP TS 31.102 [17], or in both the ME and the USIM. If both the ME and the USIM contain the same parameters, the values stored in the USIM shall take precedence. The UE shall not use the pre-configured service authorisation if the contents of the USIM indicate that the UE is not authorised to use them (see 3GPP TS 31.102 [17]); or
2) transferred between the UE and the ProSe Function over the PC3 interface with the ProSe Direct Services Provisioning Management Object or the ProSe Public Safety Direct Services Provisioning Management Object as specified in 3GPP TS 24.333 [9].
When using option 2) above, the UE shall request service authorisation to use ProSe direct discovery or ProSe direct communication or both from the ProSe Function of the HPLMN. As specified in 3GPP TS 29.345 [5], the ProSe Function of the HPLMN contacts the ProSe Function of each local PLMN or VPLMN to obtain the service authorisation, merges it with its own service authorisation and sends the merged service authorisation to the UE.
NOTE 1: How the Prose Function in the HPLMN merges the authorisation policy is implementation dependent.
The service authorisation provided by the ProSe Function of the HPLMN for E-UTRA-based ProSe direct discovery for non-public safety use contains a list of PLMNs in which the UE is authorised to use ProSe direct discovery. The service authorisation provided by the ProSe Function of the HPLMN for WLAN-based ProSe direct discovery for non-public safety use contains a list of PLMNs whose ProSe Application IDs the UE is authorised to use to perform WLAN-based ProSe direct discovery.
The service authorisation provided by the ProSe Function of the HPLMN for ProSe direct discovery for public safety use indicates:
– the list of PLMNs in which the UE is authorised to use ProSe direct discovery for public safety use when served by E-UTRAN;
– whether the UE is authorised to perform ProSe direct discovery for public safety use when not served by E-UTRAN, and if so, the required radio parameters to be used for ProSe direct discovery for public safety use when not served by E-UTRAN;
– the group member discovery related parameters; and
– the ProSe UE-to-network relay related parameters.
NOTE 2: The provisioning and use of of radio parameters for ProSe direct discovery for public safety use as described in this clause does not apply to WLAN-based ProSe direct discovery.
The service authorisation provided by the ProSe Function of the HPLMN for ProSe direct communication indicates:
– whether the UE is authorised to perform ProSe direct communication when not served by E-UTRAN, and if so, the required radio parameters to be used for ProSe direct communication when not served by E-UTRAN;
– the ProSe direct communication policy parameters;
– the list of PLMNs in which the UE is authorised to use direct communication when served by E-UTRAN; and
– the usage information reporting configuration.
Alternatively, the ProSe direct communication policy parameters, the group member discovery related parameters and certain ProSe UE-to-network relay related parameters (i.e. items a, c and f in the parameters related to ProSe UE-to-network relaying in subclause 5.1.3) mentioned above can be provided by the third party public safety provider application server, using mechanisms that are out of scope of the present specification. If the UE receives the same parameters associated with the same Application Layer Group ID from the third party public safety provider application server as those which had been previously transferred between the UE and the ProSe Function over the PC3 interface with the ProSe Public Safety Direct Services Provisioning Management Object, the UE shall use the parameters provided by the third party public safety provider application server for ProSe direct communication.
The UE discovers the IP address of the ProSe Functions of the HPLMN as specified in subclause 5.1.2.
Optionally, the operator can configure the UE with configuration parameters for establishment of the PDN connection for reaching the HPLMN ProSe Function. If the UE is configured with the configuration parameters for establishment of the PDN connection for reaching the HPLMN ProSe Function (see 3GPP TS 24.333 [9]):
a) if a PDN connection for reaching the HPLMN ProSe Function is not established yet, the UE shall establish the PDN connection for reaching the HPLMN ProSe Function according to the UE configuration and shall send the HTTP request message via the PDN connection for reaching the HPLMN ProSe Function; and
b) if a PDN connection for reaching the HPLMN ProSe Function is already established either due to other ProSe feature or due to other application, the UE shall send the HTTP request message via the PDN connection for reaching the HPLMN ProSe Function.
After the UE is authorised to use ProSe direct discovery or ProSe direct communication or both, the ProSe Function of the HPLMN shall update the service authorisation:
a) when the ProSe Function of the HPLMN is informed the ProSe related subscription data is updated at the HSS;
b) when the ProSe Function of the HPLMN decides to revoke the authorisation for ProSe direct service;
c) when the ProSe Function of the HPLMN is informed the ProSe Function of the VPLMN or local PLMN decides to revoke the authorisation for ProSe direct service; or
d) when the ProSe Function of the HPLMN decides to update the ProSe Discovery UE ID of the UE before the timer T4018 expires.
The ProSe Function of the HPLMN sends the updated authorisation for ProSe direct service to the UE, e.g. by sending an OMA push message. If the update of service authorisation is triggered to revoke the authorisation for ProSe direct service, the updated authorization for ProSe direct service does not include:
a) the authorization for ProSe direct service (discovery or communication or both) which is to be revoked; and
b) the PLMN ID of the PLMN in which the service authorisation is to be revoked.
If the update of service authorisation is triggered to update the ProSe Discovery UE ID of the UE, the updated authorisation for ProSe direct service includes the new ProSe Discovery UE ID assigned to the UE and the associated validity timer T4015. The UE then sends the new ProSe Discovery UE ID to the ProSe Application Server, using mechanisms that are out of scope of the present specification.
NOTE 3: The ProSe Function of the HPLMN can send the updated authorisation for ProSe direct service to the UE immediately or wait for the next time when the UE communicates with the ProSe Function of the HPLMN based on operator’s policy; in the latter case, the UE is allowed to use ProSe direct services until the next time that it will communicate with the ProSe Function of the HPLMN.
5.1.2 ProSe Function discovery
The IP address of the ProSe function in the HPLMN may be pre-configured in the UE and in this case, the UE may use the pre-configured IP address. Alternatively, the FQDN of the ProSe Function in the HPLMN may be self-constructed by the UE, i.e. derived from the PLMN ID of the HPLMN. The UE may perform DNS lookup as specified in IETF RFC 1035 [10].
5.1.3 Service authorisation from ProSe Function
The UE shall initiate the service authorisation procedure to the ProSe Function of the HPLMN:
a) when the UE receives a request from upper layer to perform open ProSe direct discovery announcing or monitoring, restricted ProSe direct discovery model A announcing or monitoring, restricted ProSe direct discovery model B discoverer operation or discoveree operation, or direct communication and has no valid service authorisation;
b) when the UE is performing open ProSe direct discovery announcing or monitoring, restricted ProSe direct discovery model A announcing or monitoring, restricted ProSe direct discovery model B discoverer operation or discoveree operation, or direct communication and changes its registered PLMN to a PLMN which is not included in the list of PLMNs in which the UE is authorised to perform the corresponding service, and the request from upper layer to perform the corresponding service is still in place in the new registered PLMN;
c) when timer T4005 associated with a valid service authorisation policy expires and the request from upper layer to perform open ProSe direct discovery announcing or monitoring, restricted ProSe direct discovery model A announcing or monitoring, restricted ProSe direct discovery model B discoverer operation or discoveree operation, or direct communication in the corresponding PLMN is still in place; or
d) when timer T4015 associated with a ProSe Discovery UE ID expires and the request from upper layer to perform restricted ProSe direct discovery model A announcing or monitoring, restricted ProSe direct discovery model B discoverer operation or discoveree operation is still in place.
NOTE 1: In order to ensure continuity of ProSe direct discovery service or ProSe direct communication service, the UE can request service authorisation from the ProSe Function of the HPLMN before the timer T4005 associated with a service authorisation policy in a PLMN expires or the timer 4015 associated with a ProSe Discovery UE ID expires.
The UE shall obtain the service authorisation from the ProSe Function of the HPLMN over the PC3 interface by requesting the ProSe Direct Services Provisioning Management Object or the ProSe Public Safety Direct Services Provisioning MO as specified in 3GPP TS 24.333 [9]. The UE waits for an implementation dependent time for an answer from the ProSe Function. If the ProSe Function does not respond within that time, the UE may retry the service authorisation procedure. The number of retries performed by the UE is implementation dependent. Unless the UE receives a response from the ProSe function for service authorisation, the UE shall not consider that the request has been authorised.
The ProSe direct discovery service authorisation from the ProSe Function of the HPLMN may include:
a) the PLMNs in which the UE is authorised to perform open ProSe direct discovery monitoring, and for each PLMN a timer T4005 indicating for how long the monitoring authorisation policy in that PLMN is valid;
b) the PLMNs in which the UE is authorised to perform open ProSe direct discovery announcing , and for each PLMN, it indicates:
1) a timer T4005 indicating for how long the announcing authorisation policy in that PLMN is valid; and
2) the authorised announcing range (short/medium/long).
c) void;
d) void;
e) void;
f) void;
g) the PLMNs in which the UE is authorised to perform restricted ProSe direct discovery model A monitoring, and for each PLMN a timer T4005 indicating for how long the monitoring authorisation policy in that PLMN is valid;
h) the PLMNs in which the UE is authorised to perform restricted ProSe direct discovery model A announcing, and for each PLMN, it indicates:
1) a timer T4005 indicating for how long the announcing authorisation policy in that PLMN is valid; and
2) the authorised announcing range (short/medium/long).
i) the PLMNs in which the UE is authorised to perform restricted ProSe direct discovery model B discoverer operation, and for each PLMN, it indicates:
1) a timer T4005 indicating for how long the discoverer operation authorisation policy in that PLMN is valid; and
2) the authorised discoverer operation range (short/medium/long).
j) the PLMNs in which the UE is authorised to perform restricted ProSe direct discovery model B discoveree operation, and for each PLMN, it indicates:
1) a timer T4005 indicating for how long the discoveree operation authorisation policy in that PLMN is valid; and
2) the authorised discoveree operation range (short/medium/long).
k) the ProSe Discovery UE ID assigned to the UE for restricted ProSe direct discovery with an associated timer T4015 indicating for how long this ProSe Discovery UE ID is valid; and
l) the PLMNs whose ProSe Application IDs the UE is authorised to use to perform WLAN-based ProSe direct discovery.
The ProSe direct discovery for public safety use service authorisation from the ProSe Function of the HPLMN may include:
a) the PLMNs in which the UE is authorised to perform ProSe direct discovery for public safety use announcing, and for each PLMN, it indicates:
1) a timer T4005 indicating for how long the authorisation policy for that operation is valid; and
2) the authorised announcing range (short/medium/long);
b) whether the UE is authorised to perform ProSe direct discovery for public safety use announcing when the UE is not served by E-UTRAN;
c) the PLMNs in which the UE is authorised to perform ProSe direct discovery for public safety use monitoring, and for each PLMN, a timer T4005 indicating for how long the authorisation policy for that operation is valid;
d) whether the UE is authorised to perform ProSe direct discovery for public safety use monitoring when the UE is not served by E-UTRAN;
e) the PLMNs in which the UE is authorised to perform ProSe direct discovery for public safety use discoverer operation, and for each PLMN, it indicates:
1) a timer T4005 indicating for how long the authorisation policy for that operation is valid; and
2) the authorised discoveree operation range (short/medium/long);
f) whether the UE is authorised to perform ProSe direct discovery for public safety use discoverer operation when the UE is not served by E-UTRAN;
g) the PLMNs in which the UE is authorised to perform ProSe direct discovery for public safety use discoveree operation, and for each PLMN, it indicates;
1) a timer T4005 indicating for how long the authorisation policy for that operation is valid; and
2) the authorised discoverer operation range (short/medium/long);
h) whether the UE is authorised to perform ProSe direct discovery for public safety use discoveree operation when the UE is not served by E-UTRAN; and
i) the radio parameters to be used for ProSe direct discovery for public safety use when not served by E-UTRAN and the geographical area(s) in which the UE is allowed to use these radio parameters.
NOTE 2: The provisioning and use of of radio parameters for ProSe direct discovery for public safety use as described in this clause does not apply to WLAN-based ProSe direct discovery.
NOTE 3: The authorised announcing range, authorised discoverer operation range and authorised discoveree operation range as indicated above and in this clause do not apply to WLAN-based ProSe direct discovery. When WLAN-based ProSe direct discovery is used the range is determined by the underlying WLAN technology.
The ProSe direct discovery for public safety use service authorisation from the ProSe Function of the HPLMN may include the following parameters related to ProSe UE-to-network relaying:
a) the User Info ID for the UE-to-network relay discovery;
b) the PLMNs in which the UE is authorised to act as a UE-to-network relay when the UE is served by E-UTRAN, and for each PLMN:
1) whether the relay needs to report the IMEI/IMEISV of the remote UE(s) connected to or disconnected from the relay; and
2) a timer T4005 indicating for how long the authorisation policy for that operation is valid;
c) for each connectivity service provided by a UE-to-network relay:
1) the Relay Service Code identifying the connectivity service;
2) optionally the PDN type to be used for the relayed traffic of the connectivity service. If the PDN type is not provisioned, the IPv4v6 is used for the relayed traffic of the connectivity service;
3) optionally the APN to be used for the relayed traffic of the connectivity service. If the APN is not provisioned, the default APN is used for the relayed traffic of the connectivity service;
4) the ProSe Relay UE ID; and
5) the address of the ProSe Key Management Function that the UE shall use to obtain security contents;
d) whether the UE is authorised to act as a remote UE towards a UE-to-network relay;
e) void;
f) for each connectivity service authorised to be accessed by the remote UE:
1) the Relay Service Code identifying the connectivity service;
2) the IP version(s) to be used for the traffic of the connectivity service;
3) optionally the User Info ID of the UE-to-network relay providing the connectivity service; and
4) the address of the ProSe Key Management Function that the UE shall use to obtain security contents; and
g) mapping rules between the QCI of EPS bearer and the ProSe Per-Packet Priority for downlink unicast traffic relayed over the PC5 interface.
The ProSe direct discovery for public safety use service authorisation from the ProSe Function of the HPLMN may include the following parameters related to group member discovery, for each application layer group:
a) the User Info ID for the group member discovery;
b) the Discovery Group ID identifying the discovery group;
c) the Application Layer Group ID identifying an application layer group that the UE belongs to; and
d) the address of the ProSe Key Management Function that the UE shall use to obtain security contents.
The one-to-many ProSe direct communication service authorisation from the ProSe Function of the HPLMN may include:
a) whether the UE is authorised to perform one-to-many ProSe direct communication when not served by E-UTRAN;
b) the radio parameters to be used for one-to-many ProSe direct communication when not served by E-UTRAN as defined in 3GPP TS 36.331 [12] and the geographical area(s) in which the UE is allowed to use these radio parameters;
c) the PLMNs in which the UE is authorised to perform one-to-many ProSe direct communication when served by E-UTRAN, and for each PLMN a timer T4005 indicating for how long the one-to-many direct communication authorisation policy in that PLMN is valid; and
d) the one-to-many ProSe Direct communication policy parameters, consisting of, for each application layer group:
1) the ProSe Layer-2 Group ID;
2) the ProSe Group IP multicast address;
3) whether the UE should use IPv4 or IPv6 for that group;
4) an IPv4 address to be used by the UE as a source address in case IPv4 is used;
5) the address of the ProSe Key Management Function that the UE shall use to obtain group-related security contents; and
6) the Application Layer Group ID identifying an application layer group that the UE belongs to; and
e) the usage information reporting configuration, including:
1) the address of the server to which the UE shall upload the usage information reports;
2) the collection period;
3) the reporting window;
4) whether or not the UE shall report the Group Parameters in the usage information;
5) whether or not the UE shall report the time stamps of the first transmission/reception during the collection period in the usage information;
6) whether or not the UE shall report the amount of data transmitted during the collection period in the usage information, and whether with location information;
7) whether or not the UE shall report the amount of data received during the collection period in the usage information, and whether with location information;
8) whether or not the UE shall report the time stamps when it went in and out of E-UTRAN coverage during the collection period in the usage information;
9) whether or not the UE shall report the list of locations of the UE when in E-UTRAN coverage during the reporting period in the usage information; and
10) whether or not the UE shall report the radio parameters used for ProSe direct communication (i.e. indicator of which radio resources used and radio frequency used) during the reporting period in the usage information.
The one-to-one ProSe direct communication service authorisation from the ProSe Function of the HPLMN may include:
a) whether the UE is authorised to perform one-to-one ProSe direct communication when not served by E-UTRAN;
b) the radio parameters to be used for one-to-one ProSe direct communication when not served by E-UTRAN as defined in 3GPP TS 36.331 [12] and the geographical area(s) in which the UE is allowed to use these radio parameters;
c) the PLMNs in which the UE is authorised to perform one-to-one ProSe direct communication when served by E-UTRAN, and for each PLMN a timer T4005 indicating for how long the one-to-one direct communication authorisation policy in that PLMN is valid; and
d) the one-to-one ProSe direct communication policy parameters, consisting of:
– the ProSe Per-Packet Priority value for PC5 signalling messages; and
– for each application layer group,
1) the Layer 2 ID used for unicast communication;
2) void;
3) the address of the Key Management Server that the UE shall use to obtain security contents; and
4) the Application Layer Group ID identifying an application layer group that the UE belongs to.
NOTE 4: ProSe communication operation is not applicable to local PLMNs.
The ProSe Function of the HPLMN is allowed to take the serving PLMN of the UE into account when including the authorised PLMNs in the service authorisation to the UE.
The UE shall start the timer(s) T4005 with the values included in this service authorisation. The UE shall consider that an authorisation policy is valid in the associated PLMN until the corresponding the timer T4005 expires or is stopped.