8 5G ProSe UE-to-network relay

24.5543GPPProximity-services (ProSe) in 5G System (5GS) protocol aspectsRelease 17Stage 3TS

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

8.1 Overview

This clause describes the procedures for 5G ProSe UE-to-network relay. The UE is configured with the related information as described in clause 5.2.5.

8.2 Procedures

8.2.1 UE-to-network relay discovery over PC5 interface

8.2.1.1 General

This clause describes the procedures for both layer-3 and layer-2 UE-to-network relay discovery for public safety use and commercial services at a ProSe-enabled UE over the PC5 interface. The purpose of the UE-to-network relay discovery procedure over PC5 interface is to enable a ProSe-enabled UE to detect and identify another ProSe-enabled UE over PC5 interface for UE-to-network relay communication between a UE and 5GC.

NOTE 1: Relaying Multicast/Broadcast Service traffic to a 5G ProSe remote UE by a 5G ProSe UE-to-network relay is not supported in this release of the specification.

A UE-to-network relay supporting multiple relay service codes can advertise the relay service codes using multiple discovery messages, with one relay service code per discovery message.

The following principles for 5G ProSe UE-to-network relay apply when the 5G ProSe UE-to-network relay UE or the 5G ProSe remote UE is in service area restriction as defined in clause 5.3.5 of 3GPP TS 24.501 [11]:

a) in non-allowed area of its serving PLMN, the 5G ProSe layer-3 UE-to-network relay UE is not allowed to perform relay operations (e.g., UE-to-network relay discovery as specified in clause 8.2.1, or accept the 5G ProSe direct link establishment procedure as specified in clause 7.2.2) except for e.g. high priority access as defined in clause 5.3.5 of 3GPP TS 24.501 [11] based on relay service codes as specified in clause 5.2.5;

b) service area restriction is not applicable to the 5G ProSe layer-3 remote UE;

c) in non-allowed area of its serving PLMN, the 5G ProSe layer-2 UE-to-network relay UE is not allowed to perform relay operations (e.g., UE-to-network relay discovery as specified in clause 8.2.1, or accept the 5G ProSe direct link establishment procedure as specified in clause 7.2.2); and

d) in non-allowed area of its serving PLMN, the 5G ProSe layer-2 remote UE follows the same principles of service area restrictions as specified in clause 5.3.5 of 3GPP TS 24.501 [11] for communication with the network via the 5G ProSe layer-2 UE-to-network relay UE, taking into account the TAI in the RRC container received from the 5G ProSe layer-2 UE-to-network relay UE.

NOTE 2: Closed access group information is not specified for 5G ProSe.

NOTE 3: Principles of operation for emergency services (incl. exceptions from mobility restrictions) are not specified in this release of the specification.

The following principles for 5G ProSe UE-to-network relay apply when the relay UE or the 5G ProSe remote UE is in 5GS forbidden tracking areas as defined in clause 5.3.13 of 3GPP TS 24.501 [11]:

a) in a 5GS forbidden tracking area of its serving PLMN, the 5G ProSe UE-to-network relay UE is not allowed to perform relay operations; and

b) in a 5GS forbidden tracking area of its serving PLMN, the 5G ProSe remote UE is not allowed to access the network via the 5G ProSe UE-to-network relay UE, taking into account the TAI in the RRC container received from the 5G ProSe layer-2 UE-to-network relay UE.

To perform UE-to-network relay discovery over PC5 interface, the UE is configured with the related information as described in clause 5.2.5. The following models for UE-to-network relay discovery procedure over PC5 interface as specified in 3GPP TS 23.304 [2] are supported:

a) Model A uses a single discovery protocol message (Announcement); and

b) Model B uses two discovery protocol messages (Solicitation and Response).

NOTE 4: If the UE is authorized to perform both 5G ProSe UE-to-network relay discovery Model A and 5G ProSe UE-to-network relay discovery Model B, it is up to UE implementation to select which model to perform or perform both models simultaneously.

The 5G ProSe UE-to-network relay UE and 5G ProSe layer-3 remote UE may use the PC5 DRX mechanism to perform 5G ProSe UE-to-network relay discovery over PC5 interface when the UE is not served by NG-RAN as specified in clause 5.2.5.

The following procedures are defined for UE-to-network relay discovery procedure over PC5 interface:

a) UE-to-network relay discovery over PC5 interface with Model A:

1) Announcing UE procedure for UE-to-network relay discovery initiation;

2) Announcing UE procedure for UE-to-network relay discovery completion;

3) Monitoring UE procedure for UE-to-network relay discovery initiation;

4) Monitoring UE procedure for UE-to-network relay discovery completion;

5) Announcing UE procedure for UE-to-network relay discovery additional information; and

6) Monitoring UE procedure for UE-to-network relay discovery additional information; and

b) UE-to-network relay discovery over PC5 interface with Model B:

1) Discoverer UE procedure for UE-to-network relay discovery initiation;

2) Discoverer UE procedure for UE-to-network relay discovery completion;

3) Discoveree UE procedure for UE-to-network relay discovery initiation; and

4) Discoveree UE procedure for UE-to-network relay discovery completion.

8.2.1.2 UE-to-network relay discovery over PC5 interface with model A

8.2.1.2.1 General

In this procedure, the 5G ProSe UE-to-network relay UE acts as an "announcing UE" and the 5G ProSe remote UE acts as a "monitoring UE".

8.2.1.2.2 Announcing UE relay discovery for UE-to-network relay discovery

8.2.1.2.2.1 General

The purpose of the announcing UE procedure for UE-to-network relay discovery is:

a) to enable a ProSe-enabled UE to announce availability of a connectivity service provided by a UE-to-network relay of the ProSe-enabled UE to other ProSe-enabled UEs, upon a request from upper layers as defined in 3GPP TS 23.304 [2]; or

b) to enable a ProSe-enabled UE to measure the PROSE PC5 DISCOVERY message signal strength between the ProSe-enabled UE and the 5G ProSe UE-to-network relay UE(s) for relay selection/reselection.

8.2.1.2.2.2 Announcing UE procedure for UE-to-network relay discovery initiation

The UE is authorised to perform the announcing UE procedure for UE-to-network relay discovery if:

a) the UE is authorised to act as a UE-to-network relay in the PLMN indicated by the serving cell as specified in clause 5.2.5, and

1) the UE is served by NG-RAN and the UE is authorised to perform 5G ProSe direct discovery in the PLMN as specified in clause 5; or

2) the UE is authorised to perform 5G ProSe direct discovery when not served by NG-RAN as specified in clause 5 and intends to use the provisioned radio resources for UE-to-network relay discovery;

b) the UE is configured with:

1) the relay service code parameter identifying the connectivity service to be announced as specified in clause 5.2.5 and the indicated security procedure for the relay service code is supported by the UE. For 5G ProSe layer-3 UE-to-network relay UE,

i) the S-NSSAI associated with that relay service code shall belong to the allowed NSSAI of the UE; and

ii) if the UE is camped on a cell whose TAI is in the list of "non-allowed tracking areas" or is camped on a cell whose TAI is not in the list of "allowed tracking areas", then the relay service code shall be associated with high priority access as defined in clause 5.3.5 of 3GPP TS 24.501 [11]; and

2) the User info ID for the UE-to-network relay discovery parameter as specified in clause 5.2.5;

c) for 5G ProSe layer-3 UE-to-network relay UE, the UE is configured with PDU Session parameters which is used for relayed traffic for the associated relay service code, as specified in clause 5.2.5; and

d) the back-off timer T3346 used for NAS mobility management congestion control as specified in clause 5.3.9 of 3GPP TS 24.501 [11] is not running at the UE;

otherwise, the UE is not authorised to perform the announcing UE procedure for UE-to-network relay discovery.

Figure 8.2.1.2.2.2.1 illustrates the interaction of the UEs in the announcing UE procedure for UE-to-network relay discovery.

Figure 8.2.1.2.2.2.1: Announcing UE procedure for UE-to-network relay discovery

When the UE is triggered by an upper layer application to announce availability of a connectivity service provided by a UE-to-network relay, if the UE is authorised to perform the announcing UE procedure for UE-to-network relay discovery, then the UE:

a) if the UE is served by NG-RAN and the UE in 5GMM-IDLE mode needs to request resources for sending PROSE PC5 DISCOVERY messages for relay discovery as specified in 3GPP TS 38.331 [13], shall perform a service request procedure or mobility registration procedure as specified in 3GPP TS 24.501 [11];

b) shall obtain a valid UTC time for the discovery transmission from the lower layers and generate the UTC-based counter corresponding to this UTC time as specified in clause 11.2.5;

c) shall generate a PROSE PC5 DISCOVERY message for UE-to-network relay discovery announcement according to clause 10.2.1. In the PROSE PC5 DISCOVERY message for UE-to-network relay discovery announcement, the UE:

1) shall set the announcer info parameter to the User info ID configured for the UE-to-network relay discovery, as specified in clause 5.2.5;

2) shall set the relay service code parameter to the relay service code configured for the connectivity service to be announced, as specified in clause 5.2.5;

3) shall include the MIC field computed as described in 3GPP TS 33.503 [34], by using the UTC-based counter and the DUIK contained in the <UNR-discovery-security-parameters-accept> element of the PROSE_SECURITY_PARAM_RESPONSE message;

4) shall set the UTC-based counter LSB parameter to the 4 least significant bits of the UTC-based counter;

5) shall set the Resource Status Indicator bit of the status indicator parameter to indicate whether or not the UE has resources available to provide a connectivity service for additional ProSe-enabled UEs;

6) shall set the ProSe direct discovery PC5 message type parameter as specified in table 10.2.1.8;

7) if acting as 5G ProSe layer-2 UE-to-network relay UE, shall set the NCGI parameter to the NCGI of its serving cell; and

8) if acting as 5G ProSe layer-2 UE-to-network relay UE, shall set the RRC container to the RRC container if provided by the lower layers;

d) shall apply the DUIK, DUSK, or DUCK with the associated Encrypted Bitmask, along with the UTC-based counter to the PROSE PC5 DISCOVERY message for whichever security mechanism(s) configured to be applied, e.g., integrity protection, message scrambling or confidentiality protection of one or more above parameters, as specified in 3GPP TS 33.503 [34];

e) shall set the destination layer-2 ID to the default destination layer-2 ID as specified in clause 5.2.5 and self-assign a source layer-2 ID for sending the UE-to-network relay discovery announcement; and

NOTE 1: The UE implementation ensures that the value of the self-assigned source layer-2 ID is different from any other self-assigned source layer-2 ID(s) in use for 5G ProSe direct communication as specified in clause 7.2, is different from any other provisioned destination layer-2 ID(s) as specified in clause 5.2 and is different from any other self-assigned source layer-2 ID in use for a simultaneous 5G ProSe direct discovery procedure over PC5 with a different discovery model as specified in clause 6.2.14.2.2.2, clause 6.2.15.2.2.2 and clause 8.2.1.3.1.2.

f) shall pass the resulting PROSE PC5 DISCOVERY message for UE-to-network relay discovery announcement to the lower layers for transmission over the PC5 interface with the source layer-2 ID, destination layer-2 ID and an indication that the message is for 5G ProSe direct discovery.

The UE shall ensure that it keeps on passing the same PROSE PC5 DISCOVERY message along with the same source layer-2 ID, destination layer-2 ID and an indication that the message is for 5G ProSe direct discovery to the lower layers for transmission until the UE is triggered by an upper layer application to stop announcing availability of a connectivity service provided by a UE-to-network relay, or until the UE stops being authorised to perform the announcing UE procedure for UE-to-network relay discovery. How this is achieved is left up to UE implementation.

NOTE 2: The announcing UE can stop announcing UE procedure for UE-to-network relay discovery for power saving by implementation specific means e.g. an implementation-specific maximum number of 5G ProSe direct links configured in the UE, or an implementation-specific timer expires.

8.2.1.2.2.3 Announcing UE procedure for UE-to-network relay discovery completion

When the announcing UE is triggered by an upper layer application to stop announcing availability in a discovery group, or when the announcing UE stops being authorised to perform the announcing UE procedure for UE-to-network relay discovery, the UE shall instruct the lower layers to stop announcing.

NOTE: The announcing UE can stop announcing UE procedure for UE-to-network relay discovery for power saving by implementation specific means e.g. an implementation-specific maximum number of 5G ProSe direct links configured in the UE, or an implementation-specific timer expires.

When the UE stops announcing, if the UE is in 5GMM-CONNECTED mode, the UE shall trigger the corresponding procedure in lower layers as specified in 3GPP TS 38.331 [13].

8.2.1.2.3 Monitoring UE relay discovery for UE-to-network relay discovery

8.2.1.2.3.1 General

The purpose of the monitoring UE procedure for UE-to-network relay discovery is:

a) to enable a ProSe-enabled UE to become aware of proximity of a connectivity service provided by a UE-to-network relay, upon a request from upper layers as defined in 3GPP TS 23.304 [2]; or

b) to enable a ProSe-enabled UE to perform measurements of signal strength of PROSE PC5 DISCOVERY messages from 5G ProSe UE-to-network relay UE(s) for relay selection/reselection.

8.2.1.2.3.2 Monitoring UE procedure for UE-to-network relay discovery initiation

The UE is authorised to perform the monitoring UE procedure for UE-to-network relay discovery if:

a) the following is true:

1) the UE is not served by NG-RAN, is authorised to perform 5G ProSe direct discovery using monitoring when the UE is not served by NG-RAN and is configured with the radio parameters to be used for 5G ProSe direct discovery when not served by NG-RAN;

2) the UE is served by NG-RAN and is authorised to perform 5G ProSe direct discovery monitoring in at least one PLMN; or

3) the UE is:

i) in 5GMM-IDLE mode, in limited service state as specified in 3GPP TS 23.122 [14] and the reason for the UE being in limited service state is one of the following:

A) the UE is unable to find a suitable cell in the selected PLMN as specified in 3GPP TS 38.304 [15];

B) the UE received a REGISTRATION REJECT message or a SERVICE REJECT message with the 5GMM cause #11 "PLMN not allowed" as specified in 3GPP TS 24.501 [11] ; or

C) the UE received a REGISTRATION REJECT message or a SERVICE REJECT message with the 5GMM cause #7 "5GS services not allowed" as specified in 3GPP TS 24.501 [11]; and

ii) authorised to perform 5G ProSe direct discovery using monitoring when the UE is not served by NG-RAN, and:

A) configured with the radio parameters to be used for 5G ProSe direct discovery when not served by NG-RAN;

b) the UE is configured with the relay service code parameter identifying the connectivity service to be monitored, as specified in clause 5.2.5 and the indicated security procedure for the relay service code is supported by the UE; and

c) for 5G ProSe layer-2 remote UE, the UE is camped on a cell whose TAI is not in the list of "non-allowed tracking areas" or is camped on a cell whose TAI is in the list of "allowed tracking areas",

otherwise, the UE is not authorised to perform the monitoring UE procedure for UE-to-network relay discovery.

Figure 8.2.1.2.3.2.1 illustrates the interaction of the UEs in the monitoring UE procedure for UE-to-network relay discovery.

Figure 8.2.1.2.3.2.1: Monitoring UE procedure for UE-to-network relay discovery

When the UE is triggered by the upper layers to monitor proximity of a connectivity service provided by a UE-to-network relay or when the UE decides to perform 5G ProSe UE-to-network relay reselection as specified in clause 8.2.3, and if the UE is authorised to perform the monitoring UE procedure for UE-to-network relay discovery, then the UE shall instruct the lower layers to start monitoring for PROSE PC5 DISCOVERY messages with the default destination layer-2 ID as specified in clause 5.2.5.

If the traffic descriptor is configured as specified in clause 5.2.5, the 5G ProSe layer-3 remote UE shall determine the monitored RSC by mapping the traffic from the upper layer application with the traffic descriptor as follows:

a) if there are at least one ProSe application traffic descriptor(s) to be used for the relayed traffic as specified in clause 5.2.5 which has not yet been evaluated,

1) if the ProSe application traffic descriptor matches upper layer application information;

the UE shall select the RSC associated with the matched ProSe application traffic descriptor for monitoring. If more than one RSCs are associated with the upper layer application information, it is up to UE implementation to select a RSC in this release of specification;

2) else, the UE shall select the next ProSe application traffic descriptor which has not yet been evaluated and proceed to step 1);

b) else, it is up to UE implementation to select a RSC.

NOTE 1: Selection of relay service code is up to UE implementation if there is no ProSe application traffic descriptor(s) configured in the UE.

Upon reception of a PROSE PC5 DISCOVERY message for UE-to-network relay discovery announcement according to clause 10.2.1, for the target relay service code of the connectivity service which the UE is authorized to monitor, the UE shall use the associated DUSK, if received from the 5G DDNMF or 5G PKMF (if security procedure over user plane for 5G ProSe UE-to-network relay is used) and the UTC-based counter obtained during the monitoring operation to unscramble the PROSE PC5 DISCOVERY message as described in 3GPP TS 33.503 [34]. Then, if a DUCK is received from the 5G DDNMF or 5G PKMF (if security procedure over user plane for 5G ProSe UE-to-network relay is used), the UE shall use the DUCK and the UTC-based counter to decrypt the configured message-specific confidentiality-protected portion, as described in 3GPP TS 33.503 [34]. Finally, if a DUIK is received from the 5G DDNMF or 5G PKMF (if security procedure over user plane for 5G ProSe UE-to-network relay is used), the UE shall use the DUIK and the UTC-based counter to verify the MIC field in the unscrambled PROSE PC5 DISCOVERY message for UE-to-network relay discovery announcement.

NOTE 2: The use of an erroneous UTC-based counter for processing received PROSE PC5 DISCOVERY messages at the ProSe-enabled UE can cause MIC check failure after DUIK is used for integrity check and malformed contents after DUSK is used for unscrambling or DUCK is used for deciphering. How a ProSe-enabled UE ensures the accuracy of the UTC-based counter is left to UE implementation.

NOTE 3: The UE can determine the received PROSE PC5 DISCOVERY message for UE-to-network relay discovery announcement is for 5G ProSe direct discovery based on an indication from the lower layer.

Then if:

a) the relay service code parameter of the PROSE PC5 DISCOVERY message for UE-to-network relay discovery announcement is the same as the relay service code parameter configured as specified in clause 5 for the connectivity service being monitored; and

b) the target announcer info is not provided by upper layers for the connectivity service being monitored, or the announcer info parameter of the PROSE PC5 DISCOVERY message for UE-to-network relay discovery announcement is the same as the target announcer info if the target annoucer info is provided by upper layers for the connectivity service being monitored,

then the UE shall consider that the connectivity service the UE seeks to monitor has been discovered. In addition, the UE can measure the signal strength of the PROSE PC5 DISCOVERY message for UE-to-network relay discovery announcement for relay selection or reselection.

8.2.1.2.3.3 Monitoring UE procedure for UE-to-network relay discovery completion

When the UE is triggered by an upper layer application to stop monitoring proximity of other UEs in a discovery group, or when the UE stops being authorised to perform the monitoring UE procedure for UE-to-network relay discovery, the UE shall instruct the lower layers to stop monitoring.

When the UE stops monitoring, if the UE is in 5GMM-CONNECTED mode, the UE shall trigger the corresponding procedure in lower layers as specified in 3GPP TS 38.331 [13].

8.2.1.2.4 Announcing UE procedure for relay discovery additional information

8.2.1.2.4.1 General

The purpose of the announcing UE procedure for relay discovery additional information is to announce to the 5G ProSe remote UEs additional information about:

a) the NCGI of the cell serving the 5G ProSe layer-3 UE-to-network relay UE; and

b) the TAI of the cell serving the 5G ProSe layer-3 UE-to-network relay UE;

as defined in 3GPP TS 23.304 [2].

8.2.1.2.4.2 Announcing procedure for relay discovery additional information

The 5G ProSe UE-to-network relay UE announces the relay discovery additional information:

a) if the 5G ProSe remote UE requests the 5G ProSe UE-to-network relay UE to announce the NG-RAN Cell Global ID (NCGI) or TAI of the cell serving the 5G ProSe UE-to-network relay UE and as a response the 5G ProSe UE-to-network relay UE acknowledges with the ProSe additional parameters announcement response message, then the 5G ProSe UE-to-network relay UE includes the NCGI or TAI of the serving cell in the PROSE PC5 DISCOVERY message for relay discovery additional information until the timer T5107 expires (see clause 8.2.8).

NOTE 1: 5G ProSe UE-to-network relay UE announces the relay discovery additional information only when it is in NG-RAN coverage.

Figure 8.2.1.2.4.2.1 illustrates the interaction of the 5G ProSe UE-to-network relay UE and the 5G ProSe remote UE in the announcing UE procedure for relay discovery additional information.

Figure 8.2.1.2.4.2.1: Announcing procedure for relay discovery additional information

The 5G ProSe UE-to-network relay UE may start announcing relay discovery additional information if:

a) the 5G ProSe UE-to-network relay UE is currently authorised to perform 5G ProSe direct discovery Model A announcing in the serving PLMN if the UE is served by NG-RAN, and

1) additional parameters announcement for the serving cell of the 5G ProSe UE-to-network relay UE has been requested and responded to 5G ProSe remote UEs, the timer T5107 has not expired (periodic reporting);

2) additional parameters announcement for the serving cell of the 5G ProSe UE-to-network relay UE has been requested and responded to 5G ProSe remote UEs, the timer T5107 has not expired and the 5G ProSe UE-to-network relay UE detects camping on a new serving cell; or

3) additional parameters announcement for the serving cell of the 5G ProSe UE-to-network relay UE has been requested and responded to 5G ProSe remote UEs, the timer T5107 has not expired and the 5G ProSe UE-to-network relay UE detects entering a new tracking area.

When the 5G ProSe UE-to-network relay UE has some additional information to broadcast (i.e., NCGI, TAI), then the 5G ProSe UE-to-network relay UE:

a) shall request the parameters from the lower layers for ProSe direct discovery announcing (see 3GPP TS 38.331 [13]). If the 5G ProSe UE-to-network relay UE in 5GMM-IDLE mode needs to request resources for sending PROSE PC5 DISCOVERY messages as specified in 3GPP TS 38.331 [13], the 5G ProSe UE-to-network relay UE shall perform a service request procedure or mobility registration procedure as specified in 3GPP TS 24.501 [11];

b) shall obtain a valid UTC time for the discovery transmission from the lower layers and generate the UTC-based counter corresponding to this UTC time as specified in clause 11.2.5;

c) shall generate PROSE PC5 DISCOVERY message(s) for relay discovery additional information according to clause 10.2.1. In the PROSE PC5 DISCOVERY message for relay discovery additional information, the 5G ProSe UE-to-network relay UE shall:

1) include the relay service code used for 5G ProSe direct communication which the 5G ProSe remote UE used to request for the relay discovery additional information;

2) set the announcer info parameter to the User info ID parameter, configured in clause 5.2.5;

3) set the NGCI parameter to the NCGI of the cell serving the UE, if the UE acts as 5G ProSe layer-3 UE-to-network relay UE and the NGCI is to be announced;

4) set the Relay TAI parameter to the TAI of the cell serving the UE, if the UE acts as 5G ProSe layer-3 UE-to-network relay UE and the TAI is to be announced;

5) include the MIC field computed as described in 3GPP TS 33.503 [34], by using the UTC-based counter and the DUIK contained in the <UNR-discovery-security-parameters-accept> element of the PROSE_SECURITY_PARAM_RESPONSE message;

6) shall set the UTC-based counter LSB parameter to the 4 least significant bits of the UTC-based counter; and

7) shall set the ProSe direct discovery PC5 message type parameter as specified in table 10.2.1.11;

e) shall set the default destination layer-2 ID as specified in clause 5.2.5 to the destination layer-2 ID and self-assign a source layer-2 ID for sending the UE-to-network relay discovery announcement; and

NOTE 2: The UE implementation ensures that the value of the self-assigned source layer-2 ID is different from any other self-assigned source layer-2 ID(s) in use for 5G ProSe direct communication as specified in clause 7.2, is different from any other provisioned destination layer-2 ID(s) as specified in clause 5.2 and is different from any other self-assigned source layer-2 ID in use for a simultaneous 5G ProSe direct discovery procedure over PC5 with a different discovery model as specified in clause 6.2.14.2.2.2, clause 6.2.15.2.2.2 and clause 8.2.1.3.1.2.

f) shall pass the resulting PROSE PC5 DISCOVERY message for relay discovery additional information along with the source layer-2 ID, destination layer-2 ID and an indication that the message is for 5G ProSe direct discovery to the lower layers for transmission over the PC5 interface.

The 5G ProSe UE-to-network relay UE shall ensure that it keeps on passing the PROSE PC5 DISCOVERY messages periodically to the lower layers for transmission until the corresponding timer (i.e., timer T5107 when the additional information is NCGI or TAI) expires. How this is achieved is left up to UE implementation.

NOTE 3: The announcing UE can stop announcing UE procedure for relay discovery additional information for power saving by implementation specific means e.g. an implementation-specific maximum number of 5G ProSe direct links configured in the UE, or an implementation-specific timer expires.

NOTE 4: The periodicity of sending the PROSE PC5 DISCOVERY messages for relay discovery additional information by the 5G ProSe UE-to-network relay UE is implementation specific and is normally lower than the one related to the additional parameters announcement request refresh timer T5016.

During the announcing operation, if one of the above conditions is no longer met, the 5G ProSe UE-to-network relay UE may instruct the lower layers to stop announcing.

8.2.1.2.5 Monitoring UE procedure for relay discovery additional information

8.2.1.2.5.1 General

The purpose of the monitoring UE procedure for relay discovery additional information is to enable a 5G ProSe remote UE to become aware of the additional information of the 5G ProSe UE-to-network relay UE as described in clause 8.2.1.2.4.1.

8.2.1.2.5.2 Monitoring procedure for relay discovery additional information

The 5G ProSe remote UE monitors relay discovery additional information:

a) until the additional parameters announcement request refresh timer T5016 expires if the 5G ProSe remote UE has requested the 5G ProSe UE-to-network relay UE to announce the NCGI or TAI of the cell serving the 5G ProSe UE-to-network relay UE and received the ProSe additional parameters announcement response message from the 5G ProSe UE-to-network relay UE.

The UE may instruct the lower layers to start monitoring if:

a) a request from upper layers to monitor for relay discovery additional information is still in place and either:

1) the UE is currently authorised to perform 5G ProSe direct discovery Model A monitoring in at least one PLMN if the UE is served by NG-RAN;

2) the UE is currently authorised to perform 5G ProSe direct discovery Model A monitoring if the UE is not served by NG-RAN; or

3) the UE is:

i) in 5GMM-IDLE mode, in limited service state as specified in 3GPP TS 23.122 [14] and the reason for the UE being in limited service state is one of the following:

A) the UE is unable to find a suitable cell in the selected PLMN as specified in 3GPP TS 36.304 [15];

B) the UE received a REGISTRATION REJECT message or a SERVICE REJECT message with the 5GMM cause #11 "PLMN not allowed" as specified in 3GPP TS 24.501 [11]; or

C) the UE received a REGISTRATION REJECT message or a SERVICE REJECT message with the 5GMM cause #7 "5GS services not allowed " as specified in 3GPP TS 24.501 [11]; and

ii) authorised to perform 5G ProSe direct discovery Model A monitoring when the UE is not served by NG-RAN and configured with the radio parameters to be used for 5G ProSe direct discovery when not served by NG-RAN.

If the UE is in 5GMM-CONNECTED mode, the monitoring UE shall also trigger the corresponding procedure in lower layers as specified in 3GPP TS 38.331 [13].

During the monitoring operation, if one of the above conditions is no longer met, the UE may instruct the lower layers to stop monitoring. When the UE stops monitoring, if the UE is in 5GMM-CONNECTED mode, the UE shall trigger the corresponding procedure in lower layers as specified in 3GPP TS 38.331 [13].

Upon reception of a PROSE PC5 DISCOVERY message for relay discovery additional information according to clause 10.2.1, for the target relay service code to be monitored, the UE shall use the associated DUSK, if received from the 5G DDNMF or 5G PKMF (if security procedure over user plane for 5G ProSe UE-to-network relay is used) and the UTC-based counter obtained during the monitoring operation to unscramble the PROSE PC5 DISCOVERY message as described in 3GPP TS 33.503 [34]. Then, if a DUCK is received from the 5G DDNMF or 5G PKMF (if security procedure over user plane for 5G ProSe UE-to-network relay is used), the UE shall use the DUCK and the UTC-based counter to decrypt the configured message-specific confidentiality protected portion, as described in 3GPP TS 33.503 [34]. Finally, if a DUIK is received from the 5G DDNMF or 5G PKMF (if security procedure over user plane for 5G ProSe UE-to-network relay is used), the UE shall use the DUIK and UTC-based counter to verify the MIC field in the unscrambled PROSE PC5 DISCOVERY message for relay discovery additional information.

NOTE 1: The use of an erroneous UTC-based counter for processing received PROSE PC5 DISCOVERY messages at the ProSe-enabled UE can cause MIC check failure after DUIK is used for integrity check and malformed contents after DUSK is used for unscrambling or DUCK is used for deciphering. How a ProSe-enabled UE ensures the accuracy of the UTC-based counter is left to UE implementation.

NOTE 2: The UE can determine the received PROSE PC5 DISCOVERY message for relay discovery additional information is for 5G ProSe direct discovery based on an indication from the lower layer.

Then, if:

a) the relay service code parameter of the PROSE PC5 DISCOVERY message for relay discovery additional information is the same as the relay service code parameter configured as specified in clause 5.2.5 for the connectivity service being monitored; and

b) the announcer info parameter of the PROSE PC5 DISCOVERY message for relay discovery additional information is the same as the target announcer info if the target announcer info is provided by upper layers or same as the User info ID of the 5G ProSe UE-to-network relay UE to which the 5G ProSe additional parameters announcement was requested and acknowledged as specified in clause 8.2.8,

then the UE shall consider that the relay discovery additional information it intends to monitor has been discovered. In addition, the UE can measure the signal strength of the PROSE PC5 DISCOVERY message for relay discovery additional information for relay selection or reselection.

8.2.1.3 UE-to-network relay discovery over PC5 interface with model B

8.2.1.3.1 Discoverer UE procedure for UE-to-network Relay discovery

8.2.1.3.1.1 General

The purpose of the discoverer UE procedure for UE-to-network Relay discovery is:

a) to enable a ProSe-enabled UE to solicit proximity of a connectivity service provided by a UE-to-network Relay, upon a request from upper layers; or

b) to enable a ProSe-enabled UE to measure the PROSE PC5 DISCOVERY message signal strength between the ProSe-enabled UE and the 5G ProSe UE-to-network Relay UE(s) for relay selection/reselection.

In this procedure, the UE sending the PROSE PC5 DISCOVERY message is called the "discoverer UE" and the other UE is called the "discoveree UE".

8.2.1.3.1.2 Discoverer UE procedure for UE-to-network relay discovery initiation

The UE is authorised to perform the discoverer UE procedure for UE-to-network relay discovery if:

a) one of the following is true:

1) the UE is not served by NG-RAN, is authorised to act as a 5G ProSe remote UE towards a 5G ProSe UE-to-network relay UE and is configured with the radio parameters to be used for ProSe UE-to-network relay discovery when not served by NG-RAN;

2) the UE is served by NG-RAN, is authorised to act as a 5G ProSe remote UE towards a 5G ProSe UE-to-network relay UE; or

3) the UE is:

i) in 5GMM-IDLE mode, in limited service state as specified in 3GPP TS 23.122 [14] and the reason for the UE being in limited service state is one of the following:

A) the UE is unable to find a suitable cell in the selected PLMN as specified in 3GPP TS 38.304 [15];

B) the UE received a REGISTRATION REJECT message or a SERVICE REJECT message with the 5GMM cause #11 "PLMN not allowed" as specified in 3GPP TS 24.501 [11]; or

C) the UE received a REGISTRATION REJECT message or a SERVICE REJECT message with the 5GMM cause #7 "5GS services not allowed" as specified in 3GPP TS 24.501 [11]; and

ii) authorised to act as a 5G ProSe remote UE towards a 5G ProSe UE-to-network relay UE when the UE is not served by NG-RAN and configured with the radio parameters to be used for ProSe UE-to-network relay discovery use when not served by NG-RAN;

b) the UE is configured with:

1) the relay service code parameter identifying the connectivity service to be solicited and the indicated security procedure for the relay service code is supported by the UE; and

2) the User info ID for the UE-to-network relay discovery parameter, as specified in clause 5.2.5; and

c) for 5G ProSe layer-2 remote UE, the UE is camped on a cell whose TAI is not in the list of "non-allowed tracking areas" or is camped on a cell whose TAI is in the list of "allowed tracking areas",

otherwise, the UE is not authorised to perform the discoverer UE procedure for UE-to-network relay discovery.

Figure 8.2.1.3.1.2.1 illustrates the interaction of the UEs in the discoverer UE procedure for UE-to-network relay discovery.

Figure 8.2.1.3.1.2.1: Discoverer UE procedure for UE-to-network Relay discovery

For PROSE PC5 DISCOVERY message signal strength measurement, the UE manages a periodic measurement timer T5109, which is used to trigger the periodic PROSE PC5 DISCOVERY message signal strength measurement between the UE and the ProSe UE-to-network relay UE with which the UE has a link established. It is started whenever the UE has established a direct link with a 5G ProSe UE-to-network relay UE and restarted whenever the UE receives the PROSE PC5 DISCOVERY message for UE-to-network relay discovery response from the 5G ProSe UE-to-network relay UE with which the UE has a link established.

When the UE is triggered by the upper layers to solicit proximity of a connectivity service provided by a 5G ProSe UE-to-network relay UE, or when the periodic measurement timer T5109 expires and if the UE is authorised to perform the discoverer UE procedure for UE-to-network relay discovery, then the UE:

b) shall obtain a valid UTC time for the discovery transmission from the lower layers and generate the UTC-based counter corresponding to this UTC time;

c) shall generate a PROSE PC5 DISCOVERY message for UE-to-network relay discovery solicitation. In the PROSE PC5 DISCOVERY message for UE-to-network relay discovery solicitation, the UE:

1) shall set the discoverer info parameter to the configured User info ID for the UE-to-network relay discovery parameter, as specified in clause 5.2.5;

2) shall set the relay service code parameter to the relay service code parameter identifying the connectivity service to be solicited, configured in clause 5.2.5. For the 5G ProSe layer-3 remote UE, if the traffic descriptor is configured as specified in clause 5.2.5, the UE shall determine the RSC as follows:

i) if there are at least one ProSe application traffic descriptor(s) to be used for the relayed traffic as specified in clause 5.2.5 which has not yet been evaluated,

A) if the ProSe application traffic descriptor matches the upper layer application information;

the UE shall select the RSC associated with the matched ProSe application traffic descriptor for solicitation. If more than one RSCs are associated with the upper layer application information, it is up to UE implementation to select a RSC in this release of specification;

B) else, the UE shall select the next ProSe application traffic descriptor which has not yet been evaluated and proceed to step A);

ii) else, it is up to UE implementation to select a RSC.

NOTE 1: Selection of relay service code is up to UE implementation if there is no ProSe application traffic descriptor(s) configured in the UE.

3) shall include the MIC filed computed as described in 3GPP TS 33.503 [34] by using the UTC-based counter and the DUIK contained in the <UNR-discovery-security-parameters-accept> element of the PROSE_SECURITY_PARAM_RESPONSE message;

4) shall set the UTC-based counter LSB parameter to the 4 least significant bits of the UTC-based counter;

5) shall set the ProSe direct discovery PC5 message type parameter as specified in table 10.2.1.9; and

6) may include the target discoveree info parameter set to the user info ID of the targeted discoveree user if the target discoveree info is provided by the application layer;

f) shall pass the resulting PROSE PC5 DISCOVERY message for UE-to-network relay discovery solicitation along with the source layer-2 ID, destination layer-2 ID and an indication that the message is for 5G ProSe direct discovery to the lower layers for transmission over the PC5 interface.

If the PROSE PC5 DISCOVERY message for UE-to-network relay discovery solicitation is used to solicit proximity of a connectivity service provided by a 5G ProSe UE-to-network relay UE, the UE shall ensure that it keeps on passing the PROSE PC5 DISCOVERY message for UE-to-network relay discovery solicitation for transmission until the UE is triggered by an upper layer application to stop soliciting proximity of a connectivity service provided by a 5G ProSe UE-to-network relay UE, or until the UE stops being authorised to perform the discoverer UE procedure for UE-to-network relay discovery. How this is achieved is left up to UE implementation.

NOTE 3: The discoverer UE can stop discoverer UE procedure for UE-to-network relay discovery for power saving by implementation specific means e.g. an implementation-specific maximum number of 5G ProSe direct links configured in the UE, or an implementation-specific timer expires.

If the PROSE PC5 DISCOVERY message for UE-to-network relay discovery solicitation is used to trigger the PROSE PC5 DISCOVERY message signal strength measurement between the UE and the 5G ProSe UE-to-network Relay UE with which the UE has a link established, the UE shall start the retransmission timer T5108. If retransmission timer T5108 expires, the UE shall retransmit the PROSE PC5 DISCOVERY message for UE-to-network relay discovery solicitation and restart timer T5108. If no response is received from the ProSe UE-to-network relay UE with which the UE has a link established after reaching the maximum number of allowed retransmissions, the UE shall trigger relay reselection procedure.

NOTE 4: The maximum number of allowed retransmissions is UE implementation specific.

Upon reception of a PROSE PC5 DISCOVERY message for UE-to-network relay discovery response along with the destination layer-2 ID which the UE is configure to respond for, for the target relay service code of the connectivity service which the UE is authorized to discover, the UE shall use the associated DUSK, if received from the 5G DDNMF or 5G PKMF (if security procedure over user plane for 5G ProSe UE-to-network relay is used) and the UTC-based counter obtained during the reception operation to unscramble the PROSE PC5 DISCOVERY message as described in 3GPP TS 33.503 [34]. Then, if a DUCK is received from the 5G DDNMF or 5G PKMF (if security procedure over user plane for 5G ProSe UE-to-network relay is used), the UE shall use the DUCK and the UTC-based counter to decrypt the configured message-specific confidentiality-protected portion, as described in 3GPP TS 33.503 [34]. Finally, if a DUIK is received from the 5G DDNMF or 5G PKMF (if security procedure over user plane for 5G ProSe UE-to-network relay is used), the UE shall use the DUIK and the UTC-based counter to verify the MIC field in the unscrambled PROSE PC5 DISCOVERY message for UE-to-network relay discovery response.

NOTE 5: The UE can determine the received PROSE PC5 DISCOVERY message for UE-to-network relay discovery response is for 5G ProSe direct discovery based on an indication from the lower layer.

Then if:

a) the relay service code parameter of the PROSE PC5 DISCOVERY message for UE-to-network relay discovery response is the same as the relay service code parameter of the PROSE PC5 DISCOVERY message for UE-to-network relay discovery solicitation; and

b) the target discoveree info is not provided by upper layers for the connectivity service being solicited, or the discoveree info parameter of the PROSE PC5 DISCOVERY message for UE-to-network relay discovery response is the same as the target discoveree info if the target discoveree info is provided by upper layers for the connectivity service being solicited,

then the UE shall consider that the connectivity service the UE seeks to discover has been discovered. In addition, the UE can measure the signal strength of the PROSE PC5 DISCOVERY message for UE-to-network relay discovery response for relay selection or reselection. If the UE has received the PROSE PC5 DISCOVERY message for UE-to-network relay discovery response from the ProSe UE-to-network Relay UE with which the UE has a link established, the UE shall stop the retransmission timer T5108 and start the periodic measurement timer T5109.

8.2.1.3.1.3 Discoverer UE procedure for UE-to-network Relay discovery completion

When the UE is triggered by an upper layer application to stop soliciting for proximity of a connectivity service provided by a UE-to-network Relay, or when the UE stops being authorised to perform the Discoverer UE procedure for UE-to-network Relay discovery, the UE shall instruct the lower layers to stop the discoverer operation.

NOTE: The discoverer UE can stop discoverer UE procedure for UE-to-network relay discovery for power saving by implementation specific means e.g. an implementation-specific maximum number of 5G ProSe direct links configured in the UE, or an implementation-specific timer expires.

When the UE stops discoverer operation, if the UE is in 5GMM-CONNECTED mode, the UE shall trigger the corresponding procedure in lower layers as specified in 3GPP TS 38.331 [13].

8.2.1.3.2 Discoveree UE procedure for UE-to-network Relay discovery

8.2.1.3.2.1 General

The purpose of the discoveree UE procedure for UE-to-network relay discovery is to enable a ProSe-enabled UE with a UE-to-network Relay to respond to solicitation from other ProSe-enabled UEs on proximity of a connectivity service provided by the 5G ProSe UE-to-network relay UE, upon a request from upper layers.

In this procedure, the UE sending the PROSE PC5 DISCOVERY message is called the "discoverer UE" and the other UE is called the "discoveree UE".

8.2.1.3.2.2 Discoveree UE procedure for UE-to-network relay discovery initiation

The UE is authorised to perform the discoveree UE procedure for UE-to-network relay discovery if:

a) the UE is authorised to act as a 5G ProSe UE-to-network relay UE in the PLMN indicated by the serving cell, and

1) the UE is served by NG-RAN; or

2) the UE is not served by NG-RAN and intends to use the provisioned radio resources for UE-to-network relay discovery;

b) the UE is configured with:

1) the relay service code parameter identifying the connectivity service to be responded to as specified in clause 5.2.5 and the indicated security procedure for the relay service code is supported by the UE. For 5G ProSe layer-3 UE-to-network relay UE,

i) the S-NSSAI associated with that relay service code shall belong to the allowed NSSAI of the UE; and

2) the User info ID for the UE-to-network relay discovery parameter, as specified in clause 5.2.5; and

c) the back-off timer T3346 used for NAS mobility management congestion control as specified in clause 5.3.9 of 3GPP TS 24.501 [11] is not running at the UE;

otherwise, the UE is not authorised to perform the discoveree UE procedure for UE-to-network relay discovery.

Figure 8.2.1.3.2.2.1 illustrates the interaction of the UEs in the discoveree UE procedure for UE-to-network relay discovery.

Figure 8.2.1.3.2.2.1: Discoveree UE procedure for UE-to-network Relay discovery

When the UE is triggered by an upper layer application to start responding to solicitation on proximity of a connectivity service provided by the UE-to-network Relay and if the UE is authorised to perform the discoveree UE procedure for UE-to-network Relay discovery, then the UE:

a) if the UE is served by NG-RAN and the UE in 5GMM-IDLE mode needs to request resources for sending PROSE PC5 DISCOVERY messages as specified in 3GPP TS 38.331 [13], shall perform a service request procedure as specified in 3GPP TS 24.501 [11]; and

b) shall instruct the lower layers to start monitoring for PROSE PC5 DISCOVERY messages.

Upon reception of a PROSE PC5 DISCOVERY message for UE-to-network relay discovery solicitation, for the relay service code of the connectivity service which the UE is authorized to respond, the UE shall use the associated DUSK, if received from the 5G DDNMF or 5G PKMF (if security procedure over user plane for 5G ProSe UE-to-network relay is used) and the UTC-based counter obtained during the reception operation to unscramble the PROSE PC5 DISCOVERY message as described in 3GPP TS 33.503 [34]. Then, if a DUCK is received from the 5G DDNMF or 5G PKMF (if security procedure over user plane for 5G ProSe UE-to-network relay is used), the UE shall use the DUCK and the UTC-based counter to decrypt the configured message-specific confidentiality-protected portion, as described in 3GPP TS 33.503 [34]. Finally, if a DUIK is received from the 5G DDNMF or 5G PKMF (if security procedure over user plane for 5G ProSe UE-to-network relay is used), the UE shall use the DUIK and the UTC-based counter to verify the MIC field in the unscrambled PROSE PC5 DISCOVERY message for UE-to-network relay discovery solicitation.

NOTE 1: The UE can determine the received PROSE PC5 DISCOVERY message for 5G ProSe direct discovery announcement is for 5G ProSe direct discovery based on an indication from the lower layer.

Then, if:

a) the relay service code parameter of the received PROSE PC5 DISCOVERY message for UE-to-network relay discovery solicitation is the same as the relay service code parameter configured as specified in clause 5.2.5 for the connectivity service; and

b) the target discoveree info parameter of the received PROSE PC5 DISCOVERY message for UE-to-network relay discovery solicitation is the same as the user info ID for the UE-to-network relay discovery provided by upper layers or same as the configured user info ID for the UE-to-network relay discovery as specified in clause 5.2.5, if the target discoveree info parameter is included in the received PROSE PC5 DISCOVERY message;

then the UE:

a) shall obtain a valid UTC time for the discovery transmission from the lower layers and generate the UTC-based counter corresponding to this UTC time;

b) shall generate a PROSE PC5 DISCOVERY message for UE-to-network relay discovery response. In the PROSE PC5 DISCOVERY message for UE-to-network relay discovery response, the UE:

1) shall set the Discoveree info parameter to the configured User info ID for the UE-to-network Relay discovery parameter, as specified in clause 5.2.5;

2) shall set the relay service code parameter to the relay service code parameter of the PROSE PC5 DISCOVERY message for UE-to-network relay discovery solicitation;

3) shall set the Resource Status Indicator bit of the status indicator parameter to indicate whether or not the UE has resources available to provide a connectivity service for additional ProSe-enabled UEs;

4) shall include the MIC filed computed as described in 3GPP TS 33.503 [34] by using the UTC-based counter and the DUIK contained in the <UNR-discovery-security-parameters-accept> element of the PROSE_SECURITY_PARAM_RESPONSE message;

5) shall set the UTC-based counter LSB parameter to the 4 least significant bits of the UTC-based counter;

6) shall set the ProSe direct discovery PC5 message type parameter as specified in table 10.2.1.10;

7) if acting as 5G ProSe layer-2 UE-to-network relay UE, shall set the NCGI parameter to the NCGI of its serving cell; and

8) if acting as 5G ProSe layer-2 UE-to-network relay UE, shall set the RRC container to the RRC container if provided by the lower layers;

c) shall apply the DUIK, DUSK, or DUCK with the associated Encrypted Bitmask, along with the UTC-based counter to the PROSE PC5 DISCOVERY message for whichever security mechanism(s) configured to be applied, e.g., integrity protection, message scrambling or confidentiality protection of one or more above parameters, as specified in 3GPP TS 33.503 [34];

d) shall set the destination layer-2 ID to the source layer-2 ID from the discoverer UE used in the transportation of the PROSE PC5 DISCOVERY message for UE-to-network relay discovery solicitation and self-assign a source layer-2 ID for sending the UE-to-network relay discovery response message; and

e) shall pass the resulting PROSE PC5 DISCOVERY message for UE-to-network relay discovery response along with the source layer-2 ID, destination layer-2 ID and an indication that the message is for 5G ProSe direct discovery to the lower layers for transmission over the PC5 interface.

NOTE 3: If the UE is processing a PROSE DIRECT LINK ESTABLISHMENT REQUEST message from the same source layer-2 ID of the received PROSE PC5 DISCOVERY message for UE-to-network relay discovery solicitation, it depends on UE implementation to avoid the conflict of destination layer-2 ID (e.g. send a PROSE DIRECT LINK ESTABLISHMENT REJECT message containing PC5 signalling protocol cause value #3 "conflict of layer-2 ID for unicast communication is detected", or ignore the PROSE DIRECT DISCOVERY message for UE-to-network relay discovery solicitation).

8.2.1.3.2.3 Discoveree UE procedure for UE-to-network relay discovery completion

When the UE is triggered by an upper layer application to stop responding to solicitation on proximity of a connectivity service provided by a 5G ProSe UE-to-network relay UE, or when the UE stops being authorised to perform the discoveree UE procedure for UE-to-network relay discovery, the UE shall instruct the lower layers to stop monitoring.

When the UE stops monitoring, if the UE is in 5GMM-CONNECTED mode, the UE shall trigger the corresponding procedure in lower layers as specified in 3GPP TS 38.331 [13].

8.2.1.4 Procedure for UE to use provisioned radio resources for 5G ProSe UE-to-network discovery

When the UE is not served by NG-RAN for 5G ProSe UE-to-network relay discovery and is authorized to use 5G ProSe UE-to-network relay discovery, the UE shall select the corresponding radio parameters to be used for 5G ProSe UE-to-network relay discovery as follows:

a) if the UE can determine itself located in a geographical area and the UE is provisioned with radio parameters for the geographical area, the UE shall select the radio parameters associated with that geographical area; or

b) in all other cases, the UE shall not initiate 5G ProSe UE-to-network relay discovery.

If the UE intends to use "non-operator managed" radio parameters as specified in clause 5.2.5, the UE shall initiate 5G ProSe UE-to-network relay discovery with the selected radio parameters.

If the UE intends to use "operator managed" radio parameters as specified in clause 5.2.5, before initiating 5G ProSe UE-to-network relay discovery, the UE shall check with lower layers whether the selected radio parameters can be used in the current location without causing interference to other cells as specified in 3GPP TS 38.331 [13]; and:

a) if the lower layers indicate that the usage would not cause any interference, the UE shall initiate 5G ProSe UE-to-network relay discovery; or

NOTE: If the lower layers find that there exists a cell operating the provisioned radio resources (i.e., carrier frequency) and the cell belongs to the registered PLMN or a PLMN equivalent to the registered PLMN and the UE is authorized for 5G ProSe UE-to-network relay discovery in this PLMN, the UE can use the radio parameters indicated by the cell as specified in 3GPP TS 38.331 [13].

b) else if the lower layers report that one or more PLMNs operate in the provisioned radio resources (i.e., carrier frequency) then:

1) if the following conditions are met:

i) none of the PLMNs reported by the lower layers is the registered PLMN or equivalent to the registered PLMN;

ii) at least one of the PLMNs reported by the lower layers is in the list of authorized PLMNs for 5G ProSe UE-to-network relay discovery and provides radio resources for 5G ProSe UE-to-network relay discovery as specified in 3GPP TS 38.331 [13]; and

iii) the UE does not have an emergency PDU session;

then the UE shall:

i) if in 5GMM-IDLE mode, perform PLMN selection triggered by 5G ProSe UE-to-network relay discovery as specified in 3GPP TS 23.122 [14]; or

ii) else if in 5GMM-CONNECTED mode, either:

A) perform a De-registration procedure as specified in 3GPP TS 24.501 [11] and then perform PLMN selection triggered by 5G ProSe UE-to-network relay discovery as specified in 3GPP TS 23.122 [14]; or

B) not initiate 5G ProSe direct discovery.

Whether the UE performs i) or ii) above is left up to UE implementation; or

2) else the UE shall not initiate 5G ProSe UE-to-network relay discovery.

If the registration to the selected PLMN is successful, the UE shall proceed with the procedure to initiate 5G ProSe UE-to-network relay discovery as specified in clause 8.2.1.

If the UE is performing 5G ProSe UE-to-network relay discovery using radio parameters associated with a geographical area and moves out of that geographical area, the UE shall stop performing 5G ProSe UE-to-network relay discovery and then if the UE is not served by NG-RAN for 5G ProSe UE-to-network relay discovery, the UE shall select appropriate radio parameters for the new geographical area as specified above.

8.2.2 UE-to-network relay selection procedure

8.2.2.1 General

The purpose of the UE-to-network relay selection procedure is to enable a 5G ProSe remote UE to select a suitable 5G ProSe UE-to-network relay UE to obtain a connectivity service to 5GC.

8.2.2.2 UE-to-network relay selection procedure initiation

The 5G ProSe remote UE shall trigger the UE-to-network relay selection procedure if the following conditions are met:

a) the UE is authorised to act as a 5G ProSe remote UE towards a 5G ProSe UE-to-network relay UE as specified in clause 5.2.5:

1) if the 5G ProSe remote UE is expected to use 5G ProSe layer-3 UE-to-network relay, the indication whether the UE is authorized to use a 5G ProSe layer-3 UE-to-network relay UE shall be set;

2) if the 5G ProSe remote UE is expected to use 5G ProSe layer-2 UE-to-network relay, the subset of the PLMN(s) provided by the 5G ProSe layer-2 UE-to-network relay UE shall be in the list of PLMNs in which the UE is authorized to use a 5G ProSe layer-2 UE-to-network relay UE; and

3) if the 5G ProSe remote UE is expected to use 5G ProSe layer-2 UE-to-network relay, the 5G ProSe remote UE selected PLMN shall be in the list of PLMNs in which the UE is authorized to use a 5G ProSe layer-2 UE-to-network relay UE and in the subset of the PLMN(s) provided by the 5G ProSe layer-2 UE-to-network relay UE;

b) the UE has obtained a list of 5G ProSe UE-to-network relay UE candidate(s) fulfilling ProSe layer criteria with the monitoring procedure for UE-to-network relay discovery as specified in clause 8.2.1.2.2 or the discoverer procedure for UE-to-network relay discovery as specified in clause 8.2.1.3.1; and

c) the UE has obtained a list of 5G ProSe UE-to-network relay UE candidate(s) fulfilling lower layers criteria as specified in 3GPP TS 38.331 [13].

8.2.2.3 UE-to-network relay selection procedure completion

If there exists only one 5G ProSe UE-to-network relay candidate satisfying the conditions in clause 8.2.2.2, then that 5G ProSe UE-to-network relay UE is selected. If there exist more than one 5G ProSe UE-to-network relay candidate satisfying the conditions in clause 8.2.2.2, any relay candidates not satisfying the non-radio related ProSe layer criteria shall be discarded and out of the remaining relay candidates, the relay candidate with the highest ranking of the lower layer criteria shall be selected. The UE may take the value of the resource status indicator bit of the status indicator parameter of the PROSE PC5 DISCOVERY message for UE-to-network relay discovery announcement or PROSE PC5 DISCOVERY message for UE-to-network relay discovery response into account when deciding which 5G ProSe UE-to-network relay to select. It is up to the UE implementation whether the ProSe layer or the lower layers takes the final selection on which 5G ProSe UE-to-network relay UE to select.

8.2.3 UE-to-network relay reselection procedure

8.2.3.1 General

The purpose of the UE-to-network relay reselection procedure is to enable a 5G ProSe remote UE to reselect a 5G ProSe UE-to-network relay UE to obtain a connectivity service to 5GC when the serving 5G ProSe UE-to-network relay UE is no longer suitable.

8.2.3.2 UE-to-network relay reselection procedure initiation

The 5G ProSe remote UE shall trigger the UE-to-network relay reselection procedure if one of the following conditions is met:

a) the UE has received a lower layers indication that the serving 5G ProSe UE-to-network relay UE no longer fulfills the lower layers criteria as specified in 3GPP TS 38.331 [13];

b) the parameters related to 5G ProSe UE-to-network relay in the configuration parameters for 5G ProSe UE-to-network relay as specified in clause 5.2.5 (e.g., relay service code, User info ID, etc.) have been updated and the serving 5G ProSe UE-to-network relay UE no longer fulfills the conditions specified in clause 8.2.1.2.2;

c) the UE has received a PROSE DIRECT LINK ESTABLISHMENT REJECT message from the 5G ProSe UE-to-network relay UE with the PC5 signalling protocol cause value #1 "direct communication to the target UE not allowed";

d) the UE has received a PROSE DIRECT LINK RELEASE REQUEST message from the 5G ProSe UE-to-network relay UE with the PC5 signalling protocol cause value #1 "direct communication to the target UE not allowed";

e) the UE has received a PROSE DIRECT LINK RELEASE REQUEST message from the 5G ProSe UE-to-network relay UE with the PC5 signalling protocol cause value #4 "direct connection is not available anymore";

f) the UE has not received any response from the 5G ProSe UE-to-network relay UE after M consecutive retransmissions of PROSE DIRECT LINK ESTABLISHMENT REQUEST or PROSE DIRECT LINK KEEPALIVE REQUEST messages;

g) the UE has not received any response from the 5G ProSe UE-to-network relay UE after M consecutive retransmissions of PROSE PC5 DISCOVERY message for UE-to-network relay discovery solicitation used to trigger the PROSE PC5 DISCOVERY message signal strength measurement between the UE and the 5G ProSe UE-to-network relay UE with which the UE has a link established;

NOTE: The value of M is implementation specific and is less than or equal to the maximum number of retransmissions allowed for PC5 signalling protocol.

h) the UE has received a PROSE DIRECT LINK ESTABLISHMENT REJECT message from the ProSe UE-to-network relay UE with the cause value #13 "congestion situation";

i) the UE has received a PROSE DIRECT LINK RELEASE REQUEST message from the ProSe UE-to-network relay UE with the cause value #13 "congestion situation"; or

j) the UE has received a PROSE DIRECT LINK ESTABLISHMENT REJECT message from the 5G ProSe UE-to-network relay UE with the cause value #15 "security procedure failure of 5G ProSe UE-to-network relay".

In cases c), d), h), i) and j), the 5G ProSe remote UE shall exclude the 5G ProSe UE-to-network relay UE which sent the message specified in cases c), d), h), i) or j) from the UE-to-network relay reselection process described below (at least for the indicated back-off time period if provided from the ProSe UE-to-network relay UE in cases h) and i)).

To conduct UE-to-network relay reselection process, the UE shall first initiate one of the following procedures or both depending on UE’s configuration parameters for 5G ProSe UE-to-network relay as specified in clause 5.2.5:

a) monitoring procedure for UE-to-network relay discovery as specified in clause 8.2.1.2.2; or

b) discoverer procedure for UE-to-network relay discovery as specified in clause 8.2.1.3.1.

After the execution of the above discovery procedure(s), the 5G ProSe remote UE performs the UE-to-network relay selection procedure as specified in clause 8.2.2.

8.2.4 Procedure for UE to use provisioned radio resources for 5G ProSe UE-to-network relay communication

When the UE is not served by NG-RAN for 5G ProSe UE-to-network relay communication and is authorized to use 5G ProSe UE-to-network relay communication, the UE shall select the corresponding radio parameters to be used for 5G ProSe UE-to-network relay communication as follows:

b) in all other cases, the UE shall not initiate 5G ProSe UE-to-network relay communication.

If the UE intends to use "non-operator managed" radio parameters as specified in clause 5.2.5, the UE shall initiate 5G ProSe UE-to-network relay communication with the selected radio parameters.

If the UE intends to use "operator managed" radio parameters as specified in clause 5.2.5, before initiating 5G ProSe UE-to-network relay communication, the UE shall check with lower layers whether the selected radio parameters can be used in the current location without causing interference to other cells as specified in 3GPP TS 38.331 [13]; and:

a) if the lower layers indicate that the usage would not cause any interference, the UE shall initiate 5G ProSe UE-to-network relay communication; or

NOTE: If the lower layers find that there exists a cell operating the provisioned radio resources (i.e., carrier frequency) and the cell belongs to the registered PLMN or a PLMN equivalent to the registered PLMN and the UE is authorized for 5G ProSe UE-to-network relay communication in this PLMN, the UE can use the radio parameters indicated by the cell as specified in 3GPP TS 38.331 [13].

b) else if the lower layers report that one or more PLMNs operate in the provisioned radio resources (i.e., carrier frequency) then:

1) if the following conditions are met:

i) none of the PLMNs reported by the lower layers is the registered PLMN or equivalent to the registered PLMN;

ii) at least one of the PLMNs reported by the lower layers is in the list of authorized PLMNs for 5G ProSe UE-to-network relay communication and provides radio resources for 5G ProSe UE-to-network communication as specified in 3GPP TS 38.331 [13]; and

iii) the UE does not have an emergency PDU session;

then the UE shall:

i) if in 5GMM-IDLE mode, perform PLMN selection triggered by 5G ProSe UE-to-network discovery as specified in 3GPP TS 23.122 [14]; or

ii) else if in 5GMM-CONNECTED mode, either:

A) perform a De-registration procedure as specified in 3GPP TS 24.501 [11] and then perform PLMN selection triggered by 5G ProSe UE-to-network discovery as specified in 3GPP TS 23.122 [14]; or

B) not initiate 5G ProSe UE-to-network communication.

Whether the UE performs i) or ii) above is left up to UE implementation; or

2) else the UE shall not initiate 5G ProSe UE-to-network relay communication.

If the registration to the selected PLMN is successful, the UE shall proceed with the procedure to initiate 5G ProSe communication over PC5 as specified in clause 7.2.

If the UE is performing 5G ProSe UE-to-network relay communication using radio parameters associated with a geographical area and moves out of that geographical area, the UE shall stop performing 5G ProSe UE-to-network relay communication.

8.2.5 IP address allocation for 5G ProSe remote UE in 5G ProSe layer-3 UE-to-network relay procedure

When one of the two UEs on the direct link acts as a 5G ProSe layer-3 UE-to-network relay UE, the PDU session type is IPv4, IPv6 or IPv4v6 and is used for relaying IP traffic over PC5 reference point, the two UEs shall select the IP version (IPv4 or IPv6) to be used based on the following rules:

a) if the 5G ProSe layer-3 UE-to-network relay UE has indicated "DHCPv4 Server" in the IP address configuration IE, the 5G ProSe remote UE shall initiate the IPv4 address configuration with DHCPv4 procedure acting as a DHCP client, according to IETF RFC 2131 [23] and IETF RFC 4039 [24];

b) if the 5G ProSe layer-3 UE-to-network relay UE has indicated "IPv6 Router" in the IP address configuration IE, the 5G ProSe remote UE shall initiate the IPv6 address configuration with IPv6 stateless address auto-configuration acting as an IPv6 host based on IETF RFC 4862 [25];

NOTE: The 5G ProSe layer-3 UE-to-network relay UE uses IPv6 prefix delegation via DHCPv6 (see clause 8.2.5a) to obtain the IPv6 prefix assigned to the 5G ProSe layer-3 remote UE.

c) if the 5G ProSe layer-3 UE-to-network relay UE has indicated "IPv6 Router" in the IP address configuration IE, the 5G ProSe remote UE may use stateless DHCPv6 for additional parameter configuration, as defined in TS 23.501 [22]; and

d) if the 5G ProSe layer-3 UE-to-network relay UE has indicated "DHCPv4 Server & IPv6 Router" in the IP address configuration IE, the 5G ProSe remote UE shall choose the IP version and initiate the corresponding IP address configuration procedure as a client or host.

8.2.5a IPv6 prefix delegation via DHCPv6 for 5G ProSe layer-3 UE-to-network relay

If the 5G ProSe layer-3 UE-to-network relay UE can indicate "IPv6 Router" or "DHCPv4 Server & IPv6 Router" in the IP address configuration IE, the 5G ProSe layer-3 UE-to-network relay UE requests additional IPv6 prefixes (i.e., prefixes in addition to the /64 default prefix which was allocated via stateless IPv6 address autoconfiguration) from the SMF as specified in 3GPP TS 24.501 [11].

Once the 5G ProSe layer-3 UE-to-network relay UE successfully obtains the network prefix shorter than the default /64 prefix using DHCPv6, the 5G ProSe layer-3 UE-to-network relay UE can assign /64 prefix from the network prefix when the 5G ProSe layer-3 UE-to-network remote UE requests IPv6 prefix via stateless IPv6 address autoconfiguration.

8.2.6 QoS handling for 5G ProSe UE-to-network relay

8.2.6.1 General

This clause describes the QoS handling between a 5G ProSe UE-to-network relay UE and a 5G ProSe remote UE. The purpose of QoS handling for 5G ProSe UE-to-network relay is to meet the end-to-end QoS requirement between 5G ProSe remote UE and the network.

The QoS handling for 5G ProSe UE-to-network relay can be classified with the following three cases according to the type of 5G ProSe UE-to-network relay:

a) QoS handling for 5G ProSe remote UE accessing the network via a 5G ProSe layer-2 UE-to-network relay;

b) QoS handling for 5G ProSe remote UE accessing the network via a 5G ProSe layer-3 UE-to-network relay without N3IWF; and

c) QoS handling for 5G ProSe remote UE accessing the network via a 5G ProSe layer-3 UE-to-network relay with N3IWF.

8.2.6.2 QoS handling for 5G ProSe layer-2 UE-to-network relay

For a 5G ProSe layer-2 remote UE accessing the network via a 5G ProSe layer-2 UE-to-network relay, the end-to-end QoS requirement between 5G ProSe layer-2 remote UE and the network can be met by the existing 5G QoS control between the 5G ProSe layer-2 remote UE and the core network that is serving the 5G ProSe layer-2 remote UE as specified in 3GPP TS 24.501 [11].

8.2.6.3 QoS handling for 5G ProSe layer-3 UE-to-network relay without N3IWF

8.2.6.3.1 General

The QoS handling by a 5G ProSe layer-3 UE-to-network relay without an N3IWF to achieve an end-to-end QoS between the 5G ProSe layer-3 remote UE and the network is described in clause 5.6.2.1 of 3GPP TS 23.304 [2].

For a 5G ProSe layer-3 remote UE accessing the network via a 5G ProSe layer-3 UE-to-network relay without N3IWF, the end-to-end QoS requirement between 5G ProSe layer-3 remote UE and the network can be satisfied by the corresponding QoS control:

a) QoS control between 5G ProSe layer-3 remote UE and 5G ProSe layer-3 UE-to-network relay UE (PC5 QoS control); and

b) QoS control between 5G ProSe layer-3 UE-to-network relay UE and the network (Uu QoS control).

To achieve this, the QoS mapping can be pre-configured as specified in clause 5.2.5 or provided to the 5G ProSe UE-to-network relay UE by the PCF using Prose Policy as specified in clause 5.3.2.

8.2.6.3.2 QoS flows handling initiated by the network

For QoS flows setup initiated by the network, upon reception QoS rules and QoS flow level QoS parameters from the SMF, the 5G ProSe layer-3 UE-to-network relay UE:

a) shall determine the PQI based on the QoS mapping rules configured in clause 5.2.5;

b) shall set the GFBR value for the PC5 GBR QoS flow to the GFBR value from the SMF, if any;

c) shall set the MFBR value for the PC5 GBR QoS flow to the MFBR value from the SMF, if any;

d) shall set the averaging window value for the PC5 GBR QoS flow to the averaging value from the SMF, if any;

e) may derive the packet filter(s) used for PC5 QoS rule(s) from the packet filter(s) used over Uu reference; and

f) may initiate the 5G ProSe direct link modification procedure(s) as defined in clause 7.2.3 to either update the existing PC5 QoS flow or to set up a new PC5 QoS flow. The 5G ProSe layer-3 UE-to-network relay UE may include the PC5 QoS rule(s) when initiating the 5G ProSe direct link modification procedure toward a 5G ProSe layer-3 remote UE for which the IP address associated to the 5G ProSe layer-3 remote UE is included in the packet filter(s) used over Uu.

Alternatively, for dynamic QoS handling of 5G ProSe layer-3 remote UE using reflective QoS mechanism, upon the 5G ProSe layer-3 UE-to-network relay UE receiving a downlink user data packet along with the Reflective QoS Indication (RQI) as specified in 3GPP TS 24.501 [11], the 5G ProSe layer-3 UE-to-network relay UE:

a) creates a derived QoS rule by reflective QoS in the UE as specified in clause 6.2.5.1.4, 3GPP TS 24.501 [11];

b) shall create a new derived PC5 QoS rule or update the existing derived PC5 QoS rule for the PC5 QoS flow based on the derived QoS rule from a);

c) shall determine the corresponding PQI for the PC5 QoS flow based on the QoS mapping rules as specified in clause 5.2.5 and the 5QI value that corresponds to the QFI of the QoS rule from b); and

d) shall perform one of the following:

1) if there is a PC5 QoS flow with the determined PQI, the 5G ProSe layer-3 UE-to-network relay UE shall perform the 5G ProSe direct link modification procedure as specified in clause 7.2.3 to associate the ProSe application on the existing PC5 QoS flow. The 5G ProSe layer-3 UE-to-network relay UE may include the PC5 QoS rule(s) associated with the updated PC5 QoS flow; or

2) if there is no PC5 QoS flow with the determined PQI, the 5G ProSe layer-3 UE-to-network relay UE shall perform the 5G ProSe direct link modification procedure as specified in clause 7.2.3 to add a new PC5 QoS flow with the determined PQI and associate the ProSe application on the new PC5 QoS flow. The 5G ProSe layer-3 UE-to-network relay UE may include the PC5 QoS rule(s) associated with the newly added PC5 QoS flow.

When a derived QoS rule is deleted, the 5G ProSe layer-3 UE-to-network relay UE shall perform the 5G ProSe direct link modification procedure as specified in clause 7.2.3 to associate the ProSe application with a PC5 QoS flow such that the determined PQI maps to the 5QI of the signalled QoS rule.

8.2.6.3.3 PC5 QoS flows handling initiated by the 5G ProSe layer-3 remote UE

For PC5 QoS flows setup or modification initiated by the 5G ProSe layer-3 remote UE, the 5G ProSe layer-3 remote UE shall provide the PC5 QoS flow context as defined in clause 7.2.7 to the 5G ProSe layer-3 UE-to-network relay UE to indicate the end-to-end QoS requirements for the traffic transmission between 5G ProSe layer-3 remote UE and the network, using 5G ProSe direct link establishment procedure as specified in clause 7.2.2 or 5G ProSe direct link modification procedure as specified in clause 7.2.3.

In addition, if the 5G ProSe layer-3 remote UE wants to add new PC5 QoS flow(s) or modify the existing PC5 QoS flow(s) for IP traffic or Ethernet traffic, the 5G ProSe layer-3 remote UE may also provide the PC5 QoS rule(s) for the PC5 QoS flow(s) to be added or modified to the 5G ProSe layer-3 UE-to-network relay UE, using 5G ProSe direct link establishment procedure as specified in clause 7.2.2 or 5G ProSe direct link modification procedure as specified in clause 7.2.3.

Upon reception of the PC5 QoS flow context from the 5G ProSe layer-3 remote UE, the 5G ProSe layer-3 UE-to-network relay UE:

a) shall perform one of the following:

1) if the end-to-end QoS requirements can be supported by an entry in QoS mapping configured in clause 5.2.5, then the 5G ProSe layer-3 UE-to-network relay UE uses the 5QI of the entry for the Uu QoS control and uses the PQI of the entry for the PC5 QoS control; or

2) if the end-to-end QoS requirements cannot be supported by any entry in QoS mapping configured in clause 5.2.5, then the 5G ProSe layer-3 UE-to-network relay UE determines the 5QI for the Uu QoS control and PQI for the PC5 QoS control based on its implementation;

b) optionally, derives the packet filter(s) used over Uu reference point if the 5G ProSe layer-3 UE-to-network relay UE received PC5 QoS rule(s) from 5G ProSe layer-3 remote UE;

c) if a new QoS flow needs to be established or the existing QoS flow(s) needs to be modified, performs UE-requested PDU session modification procedure as specified in clause 6.4.2 in 3GPP TS 24.501 [11] providing:

1) the Requested QoS flow descriptions IE with the 5QI value determined in bullet a); or

2) the Requested QoS rules IE with the packet filter(s) if packet filter(s) are derived in bullet b);

d) shall further update the corresponding PC5 QoS flow with the updated PQI value if the 5G ProSe layer-3 UE-to-network relay UE receives the authorized QoS flow descriptions with a 5QI value which is different from the 5QI value indicated by the 5G ProSe layer-3 UE-to-network relay UE as described in bullet c); and

e) shall provide the 5G ProSe layer-3 remote UE with the PQI determined in bullet a) or the PQI updated in bullet d), the corresponding PC5 QoS parameters and the corresponding ProSe identifier(s) as specified in clause 7.2.2.3 (if 5G ProSe direct link establishment procedure was initiated by the 5G ProSe layer-3 remote UE) or clause 7.2.3.3 (if 5G ProSe direct link modification procedure was initiated by the 5G ProSe layer-3 remote UE).

8.2.6.4 QoS handling for 5G ProSe layer-3 UE-to-network relay with N3IWF

8.2.6.4.1 General

As specified in clause 5.6.2.2 of 3GPP TS 23.304 [2], when the 5G ProSe layer-3 remote UE accesses 5GS via a 5G ProSe layer-3 UE-to-network relay with N3IWF, the N3IWF can use one of the following operations for QoS support in 5G ProSe layer-3 UE-to-network relay UE’s serving PLMN:

a) a static QoS mapping mechanism; or

b) a dynamic QoS signalling based mechanism.

For a), there is no signalling impact to the 5G ProSe layer-3 remote UE and the 5G ProSe layer-3 UE-to-network relay UE.

For b), clause 8.2.6.4.2 specifies the QoS handling with QoS signalling procedure to transport the IPsec traffic in the 5G ProSe layer-3 UE-to-network relay UE’s 5GCN.

8.2.6.4.2 QoS handling with QoS signalling procedure

When the 5G ProSe layer-3 remote UE establishes or handovers a PDU session via the N3IWF as described in clause 4.12.5 of 3GPP TS 23.502 [51], the N3IWF initiates a child SA creation procedure by sending a CREATE_CHILD_SA request message to associate the QoS flow(s) of the PDU session with the child SA of the user plane as specified in clause 7.5 of 3GPP TS 24.502 [26]. In the CREATE_CHILD_SA request message, the 5G_QOS_INFO Notify payload includes the PDU session ID, one or more QFI(s), optionally a DSCP value and optionally Additional QoS Information as defined in clause 9.3.1.1 of 3GPP TS 24.502 [26]. The N3IWF can also initiate the user plane IPsec child SA modification procedure by sending an INFORMATIONAL request message including the 5G_QOS_INFO Notify payload if the child SA associated with the QoS flows of the PDU session needs to be modified as specified in clause 7.6 of 3GPP TS 24.502 [26].

Based on information in the received 5G_QoS_INFO Notify payload, the 5G ProSe layer-3 remote UE determines whether to initiate the 5G ProSe direct link modification procedure to setup or modify the PC5 QoS flows. If the 5G ProSe direct link modification procedure needs to be initiated, the 5G ProSe layer-3 remote UE shall perform the procedure as specified in clause 8.2.6.3.3 with following additions:

a) if the Additional QoS Information is received in the 5G_QoS_INFO Notify payload, the 5G ProSe layer-3 remote UE shall set the PC5 QoS flow descriptions IE based on the Additional QoS Information; and

b) the 5G ProSe layer-3 remote UE shall include the PC5 QoS rules IE with the packet filter containing the N3IWF IP address, the security parameter index of the child SA and the DSCP value if received in the 5G_QoS_INFO Notify payload.

The 5G ProSe layer-3 UE-to-network relay UE determines whether to initiate PDU session modification procedure to request establishment or modification of the QoS flow of the dedicated QoS rules which is associated with the IPsec traffic between the 5G ProSe layer-3 remote UE and the N3IWF. If the PDU session modification procedure needs to be initiated, the 5G ProSe layer-3 UE-to-network relay UE shall perform the procedure as specified in clause 6.4.2 of 3GPP TS 24.501 [11] with following additions:

a) the 5G ProSe layer-3 UE-to-network relay UE sends the packet filter provided in the PC5 QoS rules IE by the 5G ProSe layer-3 remote UE to the SMF.

8.2.7 5G ProSe layer-3 UE-to-network relay with N3IWF support

8.2.7.1 General

As specified in clause 5.4.1.2 of 3GPP TS 23.304 [2], the 5G ProSe layer-3 UE-to-network relay with N3IWF support shall provide the 5G ProSe layer-3 remote UE with the connection which can access to the N3IWF. In this way, the 5G ProSe layer-3 remote UE is able to select the N3IWF and access to the 5GC via the N3IWF.

The layer-3 ProSe UE-to-network relay UE is provisioned with the UE policies for 5G ProSe layer-3 UE-to-network relay including the relay service code which corresponds to use N3IWF access for the relayed traffic as defined in 3GPP TS 24.555 [17].

For UE-to-network relay discovery with model A, the 5G ProSe UE-to-network relay UE shall include the relay service code in the PROSE PC5 DISCOVERY message for UE-to-network relay discovery announcement as specified in clause 8.2.1.2. For UE-to-network relay discovery with model B, the 5G ProSe layer-3 remote UE shall include the relay service code which corresponds to use N3IWF access for the relayed traffic in the PROSE PC5 DISCOVERY message for UE-to-network relay discovery solicitation as specified in clause 8.2.1.3. The relay service code in the PROSE PC5 DISCOVERY message for UE-to-network relay discovery response shall match the relay service code received from the 5G ProSe layer-3 remote UE.

NOTE 1: The UE is allowed to use the 5G ProSe layer-3 UE-to-network relay with N3IWF support if the UE is authorized to be a 5G ProSe layer-3 remote UE as specified in clause 5.2.5 and the non-3GPP access type is preferred in the selected route selection descriptor in the URSP rule as defined in 3GPP TS 24.526 [5].

If the 5G ProSe layer-3 remote UE intends to access 5GC via N3IWF, the 5G ProSe layer-3 remote UE:

a) shall select the relay service code which corresponds to use N3IWF access for the relayed traffic in the received PROSE PC5 DISCOVERY message;

b) shall send the PROSE DIRECT LINK ESTABLISHMENT REQUEST message including the selected relay service code in a) to the 5G ProSe layer-3 UE-to-network relay UE; and

c) shall use either the security procedure over user plane or the security procedure over control plane as specified in 3GPP TS 33.503 [34].

NOTE 2: After using either the security procedure over user plane or the security procedure over control plane as specified in 3GPP TS 33.503 [34], the 5G ProSe layer-3 remote UE performs the security procedures as specified in clause 7.2.1 of 3GPP TS 33.501 [50].

The 5G ProSe layer-3 UE-to-network relay UE establishes the PDU session with corresponding parameters for the requested relay service code as specified in clause 8.2.7.2.

The 5G ProSe layer-3 remote UE performs the N3IWF selection as specified in 8.2.7.3 once the IP address/prefix allocation is completed.

8.2.7.2 5G ProSe layer-3 UE-to-network relay UE establishing PDU session to access N3IWF

The 5G ProSe layer-3 UE-to-network relay UE establishes the PDU session based on the UE policies for 5G ProSe layer-3 UE-to-network relay service codes defined in 3GPP TS 24.555 [17]. The PDU session establishment is triggered upon receipt of the PROSE DIRECT LINK ESTABLISHMENT REQUEST message including the relay service code. The 5G ProSe layer-3 remote UE may change 5G ProSe layer-3 UE-to-network relay(s) while maintaining the PDU session(s) established via 5G ProSe layer-3 UE-to-network relay and N3IWF, when the 5G ProSe layer-3 remote UE and the N3IWF support MOBIKE as specified TS 24.502 [26].

NOTE: If there is an existing PDU session for 5G ProSe layer-3 UE-to-network relay without N3IWF, whether to reuse that existing PDU session or to establish a new PDU session for 5G ProSe layer-3 UE-to-network relay with N3IWF is determined by 5G ProSe layer-3 UE-to-network relay UE as specified in 3GPP TS 23.503[33].

8.2.7.3 N3IWF selection for 5G ProSe layer-3 remote UE

As specified in clause 6.5.1.2.2 of 3GPP TS 23.304 [2], the 5G ProSe layer-3 remote UE selects the N3IWF using following information included in UE policies for 5G ProSe UE-to-network remote UE as defined in clause 5.6.2 of 3GPP TS 24.555 [17]:

a) N3IWF identifier configuration for 5G ProSe layer-3 remote UE; and

b) 5G ProSe layer-3 UE-to-network relay access node selection information.

The 5G ProSe layer-3 remote UE performs the N3IWF selection procedure as specified in clause 7.2.4.3 of 3GPP TS 24.502 [26].

8.2.8 5G ProSe additional parameters announcement procedure

8.2.8.1 General

The purpose of the 5G ProSe additional parameters announcement procedure is for the 5G ProSe layer-3 remote UE to obtain NCGI or TAI of the cell serving the 5G ProSe layer-3 UE-to-network relay UE.

The 5G ProSe remote UE in this procedure shall be a 5G ProSe-enabled UE and is authorised to act as a 5G ProSe layer-3 remote UE towards a 5G ProSe layer-3 UE-to-network relay UE based on the service authorization procedure as specified in clause 5. The 5G ProSe layer-3 UE-to-network relay UE in this procedure shall be a 5G ProSe-enabled UE and is authorised to act as a 5G 5G ProSe layer-3 UE-to-network relay UE based on the service authorization procedure as specified in clause 5.

8.2.8.2 5G ProSe additional parameters announcement procedure initiation by the 5G ProSe layer-3 remote UE

Before initiating the 5G ProSe additional parameters announcement procedure, a direct link has been successfully established between the 5G ProSe layer-3 remote UE and the 5G ProSe layer-3 UE-to-network relay UE.

The 5G ProSe layer-3 remote UE shall initiate a 5G ProSe additional parameters announcement procedure:

a) when the 5G ProSe layer-3 remote UE is triggered by an upper layer application to report NCGI or TAI of the serving cell to the application server, but cannot receive the PROSE PC5 DISCOVERY message for relay discovery additional information from the 5G ProSe layer-3 UE-to-network relay UE, or the NCGI or TAI is not included in the PROSE PC5 DISCOVERY message for relay discovery additional information from the 5G ProSe layer-3 UE-to-network relay UE; or

b) when the additional parameters announcement request refresh timer T5106 expires and the 5G ProSe layer-3 remote UE still needs to obtain NCGI or TAI of the cell serving the 5G ProSe layer-3 UE-to-network relay.

The 5G ProSe layer-3 remote UE shall generate a PROSE ADDITIONAL PARAMETERS ANNOUNCEMENT REQUEST message and pass this message to the lower layers for transmission along with the 5G ProSe layer-3 remote UE’s layer-2 ID (for unicast communication) and the 5G ProSe layer-3 UE-to-network relay UE’s layer-2 ID (for unicast communication).

Figure 8.2.8.2.1: 5G ProSe additional parameters announcement procedure

8.2.8.3 5G ProSe additional parameters announcement procedure accepted by the 5G ProSe layer-3 UE-to-network relay UE

Upon receiving a PROSE ADDITIONAL PARAMETERS ANNOUNCEMENT REQUEST message, the 5G ProSe layer-3 UE-to-network relay UE shall allocate an additional parameters announcement request refresh timer T5106 to the 5G ProSe remote UE and start a timer T5107. The timer T5107 shall be longer than the additional parameters announcement request refresh timer T5106.

Then the 5G ProSe layer-3 UE-to-network relay UE shall respond a PROSE ADDITIONAL PARAMETERS ANNOUNCEMENT RESPONSE message with an additional parameters announcement request refresh timer T5106 IE set to the T5106 timer value assigned by the 5G ProSe layer-3 UE-to-network relay UE. The 5G ProSe layer-3 UE-to-network relay UE shall start announcing the NCGI or TAI of the serving cell by triggering the announcing UE procedure for relay discovery additional information as described in clause 8.2.1.2.4.

8.2.8.4 5G ProSe additional parameters announcement procedure completion by the 5G ProSe layer-3 remote UE

Upon receiving a PROSE ADDITIONAL PARAMETERS ANNOUNCEMENT RESPONSE message, the UE shall start the additional parameters announcement request refresh timer T5106 with the received value.

8.2.8.5 Abnormal cases

8.2.8.5.1 Abnormal cases in the 5G ProSe layer-3 remote UE

If there is no response from the 5G ProSe layer-3 UE-to-network relay UE after the PROSE ADDITIONAL PARAMETERS ANNOUNCEMENT REQUEST message has been successfully delivered, the 5G ProSe layer-3 remote UE shall retransmit the PROSE ADDITIONAL PARAMETERS ANNOUNCEMENT REQUEST message.

NOTE: The timer to trigger retransmission and the maximum number of allowed retransmissions are UE implementation specific.

8.2.9 5G ProSe AA message reliable transport procedure

8.2.9.1 General

The purpose of the 5G ProSe AA message reliable transport procedure is to exchange the EAP message between the 5G ProSe layer-3 remote UE and the 5G ProSe layer-3 UE-to-network relay UE.

The 5G ProSe layer-3 remote UE in this procedure shall be a 5G ProSe-enabled UE and is authorised to act as a 5G ProSe layer-3 remote UE towards a 5G ProSe layer-3 UE-to-network relay UE based on the service authorization procedure as specified in clause 5. The 5G ProSe layer-3 UE-to-network relay UE in this procedure shall be a 5G ProSe-enabled UE and is authorised to act as a 5G layer-3 ProSe UE-to-network relay UE based on the service authorization procedure as specified in clause 5.

In this clause, the 5G ProSe layer-3 UE-to-network relay UE is the initiating UE and the 5G ProSe layer-3 remote UE is the target UE.

8.2.9.2 5G ProSe AA message reliable transport procedure initiation

The UE shall initiate a 5G ProSe AA message reliable transport procedure when the UE receives the EAP message for the target UE from the network.

The UE shall generate a PROSE AA MESSAGE TRANSPORT REQUEST message. In this message, during an EAP based authentication procedure, the initiating UE shall include the EAP message IE set to the received EAP message for the target UE from the network as specified in 3GPP TS 24.501 [11].

NOTE 1: In this release of this specification, the EAP message IE is always included.

The initiating UE shall self-assign a source layer-2 ID and set the destination layer-2 ID to the source layer-2 ID in the PROSE DIRECT LINK ESTABLISHMENT REQUEST message, i.e., the target UE’s layer-2 ID.

NOTE 2: The UE implementation ensures that any value of the self-assigned source layer-2 ID is different from any other self-assigned source layer-2 ID(s) in use for 5G ProSe direct discovery as specified in clause 6.2.14, clause 6.2.15 and clause 8.2.1 and is different from any other provisioned destination layer-2 ID(s) as specified in clause 5.2.

After the PROSE AA MESSAGE TRANSPORT REQUEST message is generated, the initiating UE shall pass this message to the lower layers for transmission along with the initiating UE’s layer-2 ID and the target UE’s layer-2 ID and start timer T5093. The UE shall not send a new PROSE AA MESSAGE TRANSPORT REQUEST message to the same target UE while timer T5093 is running.

Figure 8.2.9.2.1: 5G ProSe AA message reliable transport procedure

8.2.9.3 5G ProSe AA message reliable transport procedure accepted by the target UE

Upon receiving a PROSE AA MESSAGE TRANSPORT REQUEST message, the target UE shall pass the EAP message in the EAP message IE to the upper layer for the external DN authentication.

When the upper layers provide an EAP message responding to the received EAP message, the target UE shall generate a PROSE AA MESSAGE TRANSPORT RESPONSE message including the EAP message IE set to the received EAP message from the upper layers.

After the PROSE AA MESSAGE TRANSPORT RESPONSE message is generated, the target UE shall pass this message to the lower layers for transmission along with the initiating UE’s layer-2 ID and the target UE’s layer-2 ID.

8.2.9.4 5G ProSe AA message reliable transport procedure completion by the initiating UE

Upon receiving a PROSE AA MESSAGE TRANSPORT RESPONSE message, the UE shall stop timer T5093 and shall pass the EAP message in the PROSE AA MESSAGE TRANSPORT RESPONSE message to the lower layer and inform the lower layer to initiate the PDU EAP message reliable transport procedure as specified in 3GPP TS 24.501 [11].

8.2.9.5 Abnormal cases

8.2.9.5.1 Abnormal cases at the initiating UE

a) Timer T5093 expires.

The initiating UE shall retransmit the PROSE AA MESSAGE TRANSPORT REQUEST message and restart timer T5093. After reaching the maximum number of allowed retransmissions, the initiating UE shall abort the 5G ProSe AA message reliable transport procedure and shall abort the ongoing procedure that triggered the initiation of the 5G ProSe AA message reliable transport procedure.

NOTE: The maximum number of allowed retransmissions is UE implementation specific.

b) The need to use this 5G ProSe direct link no longer exists before the 5G ProSe AA message reliable transport procedure is completed.

The initiating UE shall abort the 5G ProSe AA message reliable transport procedure and shall abort the ongoing procedure that triggered the initiation of the 5G ProSe AA message reliable transport procedure.

8.2.10 5G ProSe security procedures over PC8 interface

8.2.10.1 General

8.2.10.1.1 Transport protocol for PC8 messages

The UE and 5G PKMF shall use HTTP 1.1 as specified in IETF RFC 7230 [3] and IETF RFC 7231 [4] as the transport protocol for PC8 messages over the PC8 interface. The PC8 messages described here shall be included in the body of either an HTTP request message or an HTTP response message.

8.2.10.1.2 Handling of UE-initiated procedures

8.2.10.1.2.1 General

The following rules apply for UE-initiated procedures:

a) the UE initiates 5G ProSe transactions with an HTTP request message containing the PC8 request(s);

b) the 5G PKMF responds to the requests with an HTTP response message containing the PC8 response(s) for the PC8 request(s); and

c) HTTP POST methods are used for 5G ProSe procedures over PC8 interface.

The UE may use UE local configuration or URSP, as defined in 3GPP TS 24.526 [5], to establish a PDU session for reaching the HPLMN 5G PKMF:

a) if a PDU session for reaching the HPLMN 5G PKMF is not established yet, the UE shall establish the PDU session for reaching the HPLMN 5G PKMF and shall send the HTTP request message via the PDU session for reaching the HPLMN 5G PKMF; and

b) if a PDU session for reaching the HPLMN 5G PKMF is already established (e.g., either due to other 5G ProSe feature or due to other application), the UE shall send the HTTP request message via the PDU session for reaching the HPLMN 5G PKMF.

8.2.10.1.2.2 5G PKMF discovery

The 5G PKMF address can be pre-configured in the UE, provided by the 5G DDNMF or provided in the ProSeP by the PCF.

The UE shall use the 5G PKMF address in the following order of decreasing precedence:

a) provided in the ProSeP by the PCF;

b) provided by the 5G DDNMF; and

c) pre-configured in the ME.

If the UE is pre-configured with the 5G PKMF address, does not have the 5G PKMF address provided in the ProSeP by the PCF and does not have the 5G PKMF address provided by the 5G DDNMF, the UE may access the 5G PKMF using the pre-configured 5G PKMF address without requesting the 5G DDNMF to provide the 5G PKMF address. In case that the UE cannot access the 5G PKMF using the pre-configured 5G PKMF address, the UE may request the 5G DDNMF to provide the 5G PKMF address.

8.2.10.2 Procedures

8.2.10.2.1 Types of 5G ProSe procedures over PC8 interface

The following procedures are defined:

a) 5G ProSe UE-to-network relay discovery security parameters request procedure;

b) 5G ProSe remote user key request procedure; and

c) Key request procedure.

In the following descriptions of 5G procedures over PC8 interface, the terms "request" and "response" refer to the corresponding PC8 messages, not to the HTTP request or response. The following procedure descriptions use a single PC8 message for illustration purposes.

The 5G ProSe procedures over PC8 interface shall be integrity protected and confidentiality protected using the security procedures using GBA or AKMA, see clause 5.2.5.3 and clause 5.2.5.4 in 3GPP TS 33.503 [34].

NOTE 1: A single HTTP request message can contain multiple PC8 requests and a single HTTP response message can contain multiple PC8 responses.

NOTE 2: The privacy of the UE identity included in the PC8 messages of 5G ProSe procedures over PC8 interface is ensured by the confidentiality protection of those procedures.

8.2.10.2.2 5G ProSe UE-to-network relay discovery security parameters request procedure

8.2.10.2.2.1 General

The purpose of the 5G ProSe UE-to-network relay discovery security parameters request procedure is for the UE:

a) to obtain the 5G ProSe UE-to-network relay discovery security parameters for 5G ProSe remote UE, applicable when the UE acts as a 5G ProSe remote UE and uses the security procedure over user plane as specified in 3GPP TS 33.503 [34]; and

b) to obtain the 5G ProSe UE-to-network relay discovery security parameters for 5G ProSe UE-to-network relay UE, applicable when the UE acts as a 5G ProSe UE-to-network relay UE and uses the security procedure over user plane as specified in 3GPP TS 33.503 [34].

8.2.10.2.2.2 5G ProSe UE-to-network relay discovery security parameters request procedure initiation

The UE shall initiate the 5G ProSe UE-to-network relay discovery security parameters request procedure:

a) if the UE is authorized to act as a 5G ProSe remote UE and uses the security procedure over user plane as specified in 3GPP TS 33.503 [34]:

1) when the UE has no 5G ProSe UE-to-network relay discovery security parameters for 5G ProSe remote UE and the UE is in NG-RAN coverage; or

2) after expiration of timer T5094, when in NG-RAN coverage or when entering NG-RAN coverage; or

b) if the UE is authorized to act as a 5G ProSe UE-to-network relay UE and uses the security procedure over user plane as specified in 3GPP TS 33.503 [34]:

1) when the 5G ProSe UE-to-network relay discovery security parameters for 5G ProSe UE-to-network relay UE and the UE is in NG-RAN coverage; or

2) after expiration of timer T5095, when in NG-RAN coverage or when entering NG-RAN coverage.

The UE shall initiate the 5G ProSe UE-to-network relay discovery security parameters request procedure by sending a PROSE_SECURITY_PARAM_REQUEST message with the <UNR-discovery-security-parameters-request> element. In the <UNR-discovery-security-parameters-request> element, the UE:

a) shall include a new transaction ID;

b) shall indicate whether the UE requests the 5G ProSe UE-to-network relay discovery security parameters for 5G ProSe remote UE, the 5G ProSe UE-to-network relay discovery security parameters for 5G ProSe UE-to-network relay UE or both;

c) shall include the PC5 UE security capabilities indicating ciphering algorithms supported by the UE;

d) if the UE requests the 5G ProSe UE-to-network relay discovery security parameters for 5G ProSe remote UE, may include a list of PLMN identities of the visited PLMNs; and

e) may indicate the requested model indicating the model of the 5G ProSe UE-to-network relay discovery over PC5 interface for which security parameters are requested, set to "model A" or "model B".

NOTE: If the requested model is not included in the PROSE_SECURITY_PARAM_REQUEST message, security parameters are requested for both model A and model B of the 5G ProSe UE-to-network relay discovery over PC5 interface.

Figure 8.2.10.2.2.2.1 illustrates the interaction of the UE and the 5G PKMF in the 5G ProSe UE-to-network relay discovery security parameters request procedure.

Figure 8.2.10.2.2.2.1: 5G ProSe UE-to-network relay discovery security parameters request procedure

8.2.10.2.2.3 5G ProSe UE-to-network relay discovery security parameters request procedure accepted by the 5G PKMF

Upon receiving a PROSE_SECURITY_PARAM_REQUEST message with the <UNR-discovery-security-parameters-request> element, if:

a) the UE requests the 5G ProSe UE-to-network relay discovery security parameters for 5G ProSe remote UE only and the PROSE_SECURITY_PARAM_REQUEST message is received over a TLS tunnel established by a UE authorized to act as a 5G ProSe remote UE;

b) the UE requests the 5G ProSe UE-to-network relay discovery security parameters for 5G ProSe UE-to-network relay UE only and the PROSE_SECURITY_PARAM_REQUEST message is received over a TLS tunnel established by a UE authorized to act as a 5G ProSe UE-to-network relay UE; or

c) the UE requests the 5G ProSe UE-to-network relay discovery security parameters for 5G ProSe remote UE and the 5G ProSe UE-to-network relay discovery security parameters for 5G ProSe UE-to-network relay UE and the PROSE_SECURITY_PARAM_REQUEST message is received over a TLS tunnel established by a UE authorized to act as a 5G ProSe UE-to-network relay UE and authorized to act as a 5G ProSe remote UE;

the 5G PKMF shall send a PROSE_SECURITY_PARAM_RESPONSE message containing a <UNR-discovery-security-parameters-accept> element. In the <UNR-discovery-security-parameters-accept> element, the 5G PKMF:

a) shall include the transaction ID set to the value of the transaction ID received in the PROSE_SECURITY_PARAM_REQUEST message;

b) if the UE requests the 5G ProSe UE-to-network relay discovery security parameters for 5G ProSe remote UE:

1) shall include the 5G ProSe UE-to-network relay discovery security parameters for 5G ProSe remote UE. In the 5G ProSe UE-to-network relay discovery security parameters for 5G ProSe remote UE, the 5G PKMF:

A) shall include the expiration timer of the 5G ProSe UE-to-network relay discovery security parameters for 5G ProSe remote UE; and

B) for each relay service code for which the UE is authorized to act as a 5G ProSe remote UE:

i) if the requested model is not indicated in the PROSE_SECURITY_PARAM_REQUEST message or is set to "model A", may include the code-receiving security parameters for model A containing one or more of DUSK, DUIK and DUCK with associated encrypted bitmask;

ii) if the requested model is not indicated in the PROSE_SECURITY_PARAM_REQUEST message or is set to "model B", may include the code-receiving security parameters for model B containing one or more of DUSK, DUIK and DUCK with associated encrypted bitmask and the code-sending security parameters for model B containing one or more of DUSK, DUIK and DUCK with associated encrypted bitmask; and

iii) shall include the selected ciphering algorithm; and

2) may include the PC5 security policies per relay service code for 5G ProSe remote UE. In the PC5 security policies per relay service code for 5G ProSe remote UE, the 5G PKMF:

A) for each relay service code for which the UE is authorized to act as a 5G ProSe remote UE:

i) shall include the PC5 security policies;

c) if the UE requests the 5G ProSe UE-to-network relay discovery security parameters for 5G ProSe UE-to-network relay UE:

1) shall include the 5G ProSe UE-to-network relay discovery security parameters for 5G ProSe UE-to-network relay UE. In the 5G ProSe UE-to-network relay discovery security parameters for 5G ProSe UE-to-network relay UE, the 5G PKMF:

A) shall include the expiration timer of the 5G ProSe UE-to-network relay discovery security parameters for 5G ProSe UE-to-network relay UE; and

B) for each relay service code for which the UE is authorized to act as a 5G ProSe UE-to-network relay UE:

i) if the requested model is not indicated in the PROSE_SECURITY_PARAM_REQUEST message or is set to "model A", may include the code-sending security parameters for model A containing one or more of DUSK, DUIK and DUCK with associated encrypted bitmask;

iii) shall include the selected ciphering algorithm; and

2) may include the PC5 security policies per relay service code for 5G ProSe UE-to-network relay UE. In the PC5 security policies per relay service code for 5G ProSe UE-to-network relay UE, the 5G PKMF:

A) for each relay service code for which the UE is authorized to act as a 5G ProSe UE-to-network relay UE:

i) shall include the PC5 security policies; and

d) shall include the current time set to the current UTC-based time at the 5G PKMF and the max offset.

If the UE requests the 5G ProSe UE-to-network relay discovery security parameters for 5G ProSe remote UE, the UE identity in the PROSE_SECURITY_PARAM_REQUEST message indicates a UE authorized to act as a 5G ProSe remote UE and the PROSE_SECURITY_PARAM_REQUEST message contains a list of PLMN identities of the visited PLMNs, the 5G PKMF shall include in the 5G ProSe UE-to-network relay discovery security parameters for 5G ProSe remote UE any information received from 5G PKMFs of potential 5G ProSe UE-to-network relay UEs which can serve the UE.

8.2.10.2.2.4 5G ProSe UE-to-network relay discovery security parameters request procedure completion by the UE

Upon receipt of the PROSE_SECURITY_PARAM_RESPONSE message with the <UNR-discovery-security-parameters-accept>, if the transaction ID contained in the <UNR-discovery-security-parameters-accept> element matches the value sent by the UE in a PROSE_SECURITY_PARAM_REQUEST message with the <UNR-discovery-security-parameters-request> element, the UE:

a) if the PROSE_SECURITY_PARAM_RESPONSE message contains the 5G ProSe UE-to-network relay discovery security parameters for 5G ProSe remote UE:

1) shall store the 5G ProSe UE-to-network relay discovery security parameters for 5G ProSe remote UE, shall stop timer T5094, if running and shall start timer T5094 with the value of the expiration timer indicated in the 5G ProSe UE-to-network relay discovery security parameters for 5G ProSe remote UE; and

2) if the PC5 security policies per relay service code for 5G ProSe remote UE are received, shall store the PC5 security policies per relay service code for 5G ProSe remote UE;

b) if the PROSE_SECURITY_PARAM_RESPONSE message contains the 5G ProSe UE-to-network relay discovery security parameters for 5G ProSe UE-to-network relay UE:

1) shall store the 5G ProSe UE-to-network relay discovery security parameters for 5G ProSe UE-to-network relay UE, shall stop timer T5095, if running and shall start timer T5081 with the value of the expiration timer indicated in the 5G ProSe UE-to-network relay discovery security parameters for 5G ProSe UE-to-network relay UE; and

2) if the PC5 security policies per relay service code for 5G ProSe UE-to-network relay UE are received, shall store the PC5 security policies per relay service code for 5G ProSe UE-to-network relay UE; and

c) shall set a ProSe clock (see 3GPP TS 33.503 [34]) to the value of the received current time parameter and store the received max offset.

8.2.10.2.2.5 5G ProSe UE-to-network relay discovery security parameters request procedure not accepted by the 5G PKMF

If the PROSE_SECURITY_PARAM_REQUEST message with the <UNR-discovery-security-parameters-request> element cannot be accepted by the 5G PKMF, the 5G PKMF shall send a PROSE_SECURITY_PARAM_RESPONSE message containing a <UNR-discovery-security-parameters-reject> element. In the <UNR-discovery-security-parameters-reject> element, the 5G PKMF shall include the transaction ID set to the value of the transaction ID received in the PROSE_SECURITY_PARAM_REQUEST message and shall include an appropriate PC8 control protocol cause value.

Upon receipt of the PROSE_SECURITY_PARAM_RESPONSE message with the <UNR-discovery-security-parameters-reject> element, if the transaction ID contained in the <UNR-discovery-security-parameters-reject> element matches the value sent by the UE in a PROSE_SECURITY_PARAM_REQUEST message with the <UNR-discovery-security-parameters-request> element, the UE shall consider the 5G ProSe UE-to-network relay discovery security parameters request procedure as rejected.

8.2.10.2.2.6 Abnormal cases in the UE

The following abnormal cases can be identified:

a) Indication from the transport layer of transmission failure of PROSE_SECURITY_PARAM_REQUEST message (e.g. after TCP retransmission timeout).

The UE shall close the existing secure connection to the 5G PKMF, establish a new secure connection and then restart the 5G ProSe UE-to-network relay discovery security parameters request procedure.

b) No response from the 5G PKMF after the PROSE_SECURITY_PARAM_REQUEST message has been successfully delivered (e.g. TCP ACK has been received for the PROSE_SECURITY_PARAM_REQUEST message)

The UE shall retransmit the PROSE_SECURITY_PARAM_REQUEST message.

NOTE: The timer to trigger retransmission and the maximum number of allowed retransmissions are UE implementation specific.

8.2.10.2.2.7 Abnormal cases in the 5G PKMF

The following abnormal cases can be identified:

a) Indication from the lower layer of transmission failure of PROSE_SECURITY_PARAM_RESPONSE message.

After receiving an indication from lower layer that the PROSE_SECURITY_PARAM_RESPONSE message has not been successfully acknowledged (e.g. TCP ACK is not received), the 5G PKMF shall abort the procedure.

8.2.10.2.3 5G ProSe remote user key request procedure

8.2.10.2.3.1 General

The purpose of the 5G ProSe remote user key request procedure is for the UE authorized to act as a 5G ProSe remote UE to obtain a UP-PRUK and a UP-PRUK ID.

Before initiating this procedure, the 5G ProSe remote UE needs to be authorized to use a 5G ProSe layer-3 UE-to-network relay UE or a 5G ProSe layer-2 UE-to-network relay UE in the registered PLMN or local PLMN based on the configuration parameters as specified in clause 5.2.5.

8.2.10.2.3.2 5G ProSe remote user key request procedure initiation

If the UE is authorized to use a 5G ProSe layer-3 UE-to-network relay UE or a 5G ProSe layer-2 UE-to-network relay UE in the registered PLMN or local PLMN, and needs to be able to obtain a connectivity service from a 5G ProSe UE-to-network relay UE, it shall initiate this procedure.

The UE shall initiate the 5G ProSe remote user key request procedure by sending a PROSE_PRUK_REQUEST message with the <PRUK-request> element. In the <PRUK-request> element, the UE:

a) shall include a new transaction ID not used in any other direct discovery procedures in PC8 interface; and

b) shall include the UP-PRUK ID set to the UP-PRUK ID associated with the UE stored UP-PRUK, if the UE stores UP-PRUK.

Figure 8.2.10.2.3.2.1 illustrates the interaction of the UE and the 5G PKMF in the 5G ProSe remote user key request procedure.

Figure 8.2.10.2.3.2.1: 5G ProSe remote user key request procedure

8.2.10.2.3.3 5G ProSe remote user key request procedure accepted by the 5G PKMF

Upon receiving a PROSE_PRUK_REQUEST message, the 5G PKMF shall check whether the UE is authorized to act as a 5G ProSe remote UE. If authorized, the 5G PKMF shall then send a PROSE_PRUK_RESPONSE message with the <PRUK-accept> element. In the <PRUK-accept> element, the 5G PKMF shall include:

a) the transaction ID set to the value of the transaction ID received in the PROSE_PRUK_REQUEST message from the UE;

b) the UP-PRUK ID set to the value of the UP-PRUK ID associated with the UP-PRUK; and

c) the UP-PRUK set to the value of the allocated UP-PRUK to the UE.

8.2.10.2.3.4 5G ProSe remote user key request procedure completion by the UE

Upon receipt of the PROSE_PRUK_RESPONSE message, if the transaction ID matches the value sent by the UE in a PROSE_PRUK_REQUEST message, the UE shall delete any previously stored UP-PRUK and UP-PRUK ID and store the received UP-PRUK and the associtated UP-PRUK ID.

8.2.10.2.3.5 5G ProSe remote user key request procedure not accepted by the 5G PKMF

If the PROSE_PRUK_REQUEST message cannot be accepted by the 5G PKMF, the 5G PKMF sends a PROSE_PRUK_RESPONSE message containing a <PRUK-reject> element to the UE including an appropriate PC8 control protocol cause value and including the transaction ID set to the value of the transaction ID received in the PC8_PRUK_REQUEST message.

Upon receipt of the PROSE_PRUK_RESPONSE message containing a <PRUK-reject> element, if the transaction ID matches the value sent by the UE in a PROSE_PRUK_REQUEST message, the UE shall consider the 5G ProSe remote user key request procedure as rejected.

If the UE is not authorized for acting as a 5G ProSe remote UE, the 5G PKMF shall send the PROSE_PRUK_RESPONSE message containing a <PRUK-reject> element with PC8 control protocol cause value #1 "UE authorization failure".

8.2.10.2.3.6 Abnormal cases in the UE

The following abnormal cases can be identified:

a) Indication from the transport layer of transmission failure of PROSE_PRUK_REQUEST message (e.g., after TCP retransmission timeout).

The UE shall close the existing secure connection to the 5G PKMF, establish a new secure connection and then restart the UP-PRUK request procedure.

b) No response from the 5G PKMF after the PROSE_PRUK_REQUEST message has been successfully delivered (e.g., TCP ACK has been received for the PROSE_PRUK_REQUEST message).

The UE shall retransmit the PROSE_PRUK_REQUEST message.

NOTE: The timer to trigger retransmission and the maximum number of allowed retransmissions are UE implementation specific.

8.2.10.2.3.7 Abnormal cases in the 5G PKMF

The following abnormal cases can be identified:

a) Indication from the lower layer of transmission failure of PROSE_PRUK_RESPONSE message.

After receiving an indication from lower layer that the PROSE_PRUK_RESPONSE message has not been successfully acknowledged (e.g. TCP ACK is not received), the 5G PKMF shall abort the procedure.

8.2.10.2.4 Key request procedure

8.2.10.2.4.1 General

The purpose of the key request procedure is for a UE acting as a 5G ProSe UE-to-network relay to obtain security parameter needed for establishment of 5G ProSe direct link with a 5G ProSe remote UE.

8.2.10.2.4.2 Key request procedure initiation

The UE shall initiate the key request procedure:

a) when the UE acting as a 5G ProSe UE-to-network relay for a relay service code receives a request to establish a 5G ProSe direct link from a 5G ProSe remote UE; and

b) when a 5G ProSe direct link security mode control procedure is rejected by the 5G ProSe remote UE due to the authentication synchronisation error.

The UE shall initiate the key request procedure by sending a PROSE_KEY_REQUEST message with the <key-request> element. In the <key-request> element, the UE:

a) shall include a new transaction ID;

b) shall include the relay service code for which the 5G ProSe direct link is requested to be established;

c) shall include the SUCI or the UP-PRUK ID of the 5G ProSe remote UE, received from the 5G ProSe remote UE;

d) shall include the K_NRP freshness parameter 1, received from the 5G ProSe remote UE;

e) shall include the PLMN identity of the HPLMN of the 5G ProSe remote UE, if received from the 5G ProSe remote UE; and

f) if the key request procedure is initiated upon a 5G ProSe direct link security mode control procedure being rejected by the 5G ProSe remote UE due to the authentication synchronisation error, shall include the AUTS and the RAND, received from the 5G ProSe remote UE.

Figure 8.2.10.2.4.2.1 illustrates the interaction of the UE and the 5G PKMF in the Key request procedure.

Figure 8.2.10.2.4.2.1: Key request procedure

8.2.10.2.4.3 Key request procedure accepted by the 5G PKMF

Upon receiving a PROSE_KEY_REQUEST message with the <key-request> element, if:

a) the PROSE_KEY_REQUEST message is received over a TLS tunnel established by a UE authorized to act as a 5G ProSe UE-to-network relay for the relay service code indicated in the PROSE_KEY_REQUEST message; and

b) the 5G ProSe remote UE identified by the SUCI, the UP-PRUK ID or the AUTS provided by the 5G ProSe remote UE and the PLMN identity of the HPLMN of the 5G ProSe remote UE, if any, indicated in the PROSE_KEY_REQUEST message is authorized to act as a 5G ProSe remote UE for the relay service code indicated in the PROSE_KEY_REQUEST message;

the 5G PKMF shall send a PROSE_KEY_RESPONSE message containing a <key-accept> element. In the <key-accept> element, the 5G PKMF:

a) shall include the transaction ID set to the value of the transaction ID received in the PROSE_KEY_REQUEST message;

b) shall include the UP-PRUK ID of the 5G ProSe remote UE;

c) shall include the K_NRP;

d) shall include the K_NRP freshness parameter 2; and

e) if the AUTS and the RAND are included in the PROSE_KEY_REQUEST message or a new UP-PRUK is required, then shall include the GBA push information (GPI).

If the 5G ProSe remote UE is served by another 5G PKMF, the 5G PKMF of the 5G ProSe UE-to-network relay requests the 5G PKMF of the 5G ProSe remote UE to check that the 5G ProSe remote UE identified by the SUCI, the UP-PRUK ID or the AUTS provided by the 5G ProSe remote UE and the PLMN identity of the HPLMN of the 5G ProSe remote UE, if any, indicated in the PROSE_KEY_REQUEST message, is authorized to act a 5G ProSe remote UE for the relay service code indicated in the PROSE_KEY_REQUEST message and to provide the UP-PRUK ID of the 5G ProSe remote UE, the K_NRP, the K_NRP freshness parameter 2, and optionally the GBA push information (GPI).

8.2.10.2.4.4 Key request procedure completion by the UE

Upon receipt of the PROSE_KEY_RESPONSE message with the <key-accept> element, if the transaction ID contained in the <key-accept> element matches the value sent by the UE in a PROSE_KEY_REQUEST message with the <key-request> element, the UE shall use the UP-PRUK ID of the 5G ProSe remote UE, the K_NRP, the K_NRP freshness parameter 2 and the GBA push information (GPI), if received, in the 5G ProSe direct link establishment.

8.2.10.2.4.5 Key request procedure not accepted by the 5G PKMF

If the PROSE_KEY_REQUEST message with <key-request> element cannot be accepted by the 5G PKMF, the 5G PKMF shall send a PROSE_KEY_RESPONSE message containing a <key-reject> element. In the <key-reject> element, the 5G PKMF shall include the transaction ID set to the value of the transaction ID received in the PROSE_KEY_REQUEST message and shall include an appropriate PC8 control protocol cause value.

Upon receipt of the PROSE_KEY_RESPONSE message with the <key-reject> element, if the transaction ID contained in the <key-reject> element matches the value sent by the UE in a PROSE_KEY_REQUEST message with the <key-request> element, the UE shall consider the key request procedure as rejected.

8.2.10.2.4.6 Abnormal cases in the UE

The following abnormal cases can be identified:

a) Indication from the transport layer of transmission failure of PROSE_KEY_REQUEST message (e.g., after TCP retransmission timeout)

The UE shall close the existing secure connection to the 5G PKMF, establish a new secure connection and then restart the key request procedure.

b) No response from the 5G PKMF after the PROSE_KEY_REQUEST message has been successfully delivered (e.g. TCP ACK has been received for the PROSE_KEY_REQUEST message)

The UE shall retransmit the PROSE_KEY_REQUEST message.

NOTE: The timer to trigger retransmission and the maximum number of allowed retransmissions are UE implementation specific.

8.2.10.2.4.7 Abnormal cases in the 5G PKMF

The following abnormal cases can be identified:

a) Indication from the lower layer of transmission failure of PROSE_KEY_RESPONSE message

After receiving an indication from lower layer that the PROSE_KEY_RESPONSE message has not been successfully acknowledged (e.g., TCP ACK is not received), the 5G PKMF shall abort the procedure.

8.2.11 UE-to-network relay unicast direct communication over PC5 interface

The direct communication between 5G ProSe remote UE and 5G ProSe UE-to-network relay UE reuses the procedures for unicast mode 5G ProSe direct communication over PC5 described in clause 7.2.

NOTE: Any modifications needed to the procedures defined for unicast mode 5G ProSe direct communication over PC5 to support the direct communication between 5G ProSe remote UE and 5G ProSe UE-to-network relay UE are described within clause 7.2.

8.2.12 5G ProSe security procedures over PC3a interface

8.2.12.1 General

8.2.12.1.1 Transport protocol for PC3a messages

The UE and 5G DDNMF shall use HTTP 1.1 as specified in IETF RFC 7230 [3] and IETF RFC 7231 [4] as the transport protocol for PC3a messages over the PC3a interface. The PC3a messages described here shall be included in the body of either an HTTP request message or an HTTP response message.

8.2.12.1.2 Handling of UE-initiated procedures

8.2.12.1.2.1 General

The following rules apply for UE-initiated procedures:

a) the UE initiates 5G ProSe transactions with an HTTP request message containing the PC3a request(s);

b) the 5G DDNMF responds to the requests with an HTTP response message containing the PC3a response(s) for the PC3a request(s); and

c) HTTP POST methods are used for 5G ProSe procedures over PC3a interface.

The UE may use UE local configuration or URSP, as defined in 3GPP TS 24.526 [5], to establish a PDU session for reaching the HPLMN 5G DDNMF:

a) if a PDU session for reaching the HPLMN 5G DDNMF is not established yet, the UE shall establish the PDU session for reaching the HPLMN 5G DDNMF and shall send the HTTP request message via the PDU session for reaching the HPLMN 5G DDNMF; and

b) if a PDU session for reaching the HPLMN 5G DDNMF is already established (e.g., either due to other 5G ProSe feature or due to other application), the UE shall send the HTTP request message via the PDU session for reaching the HPLMN 5G DDNMF.

8.2.12.1.2.2 5G DDNMF discovery

The 5G DDNMF discovery is the same as described in clause 6.1.2.2.8.2.12.2 Procedures

8.2.12.2.1 Types of 5G ProSe security procedures over PC3a interface

The following procedures are defined:

a) 5G ProSe UE-to-network relay discovery security material request procedure.

In the following descriptions of 5G procedures over PC3a interface, the terms "request" and "response" refer to the corresponding PC3a messages, not to the HTTP request or response. The following procedure descriptions use a single PC3a message for illustration purposes.

The PC3a control protocol procedures for 5G ProSe direct discovery shall be integrity protected and confidentiality protected using the security procedures defined in clause 5.2.3 in 3GPP TS 33.503 [34].

NOTE: A single HTTP request message can contain multiple PC3a control protocol requests and a single HTTP response message can contain multiple PC3a control protocol responses.

When the TLS tunnel between the UE and the 5G DDNMF for transport of PC3a messages is established by the UE according to 3GPP TS 33.503 [34], the 5G DDNMF shall obtain identity of the served UE using the procedures specified in 3GPP TS 33.220 [46] or 3GPP TS 33.535 [47].

8.2.12.2.2 5G ProSe UE-to-network relay discovery security material request procedure

8.2.12.2.2.1 General

The purpose of the 5G ProSe UE-to-network relay discovery security material request procedure is for the UE:

a) to obtain the 5G ProSe UE-to-network relay discovery security material for 5G ProSe remote UE, applicable when the UE acts as a 5G ProSe remote UE and uses the security procedure over control plane as specified in 3GPP TS 33.503 [34]; and

b) to obtain the 5G ProSe UE-to-network relay discovery security material for 5G ProSe UE-to-network relay UE, applicable when the UE acts as a 5G ProSe UE-to-network relay UE and uses the security procedure over control plane as specified in 3GPP TS 33.503 [34].

8.2.12.2.2.2 5G ProSe UE-to-network relay discovery security material request procedure initiation

The UE shall initiate the 5G ProSe UE-to-network relay discovery security material request procedure:

a) if the UE is authorized to act as a 5G ProSe remote UE and uses the security procedure over control plane as specified in 3GPP TS 33.503 [34]:

1) when the UE has no 5G ProSe UE-to-network relay discovery security material for 5G ProSe remote UE and the UE is in NG-RAN coverage; or

2) after expiration of timer T50xy, when in NG-RAN coverage or when entering NG-RAN coverage; or

b) if the UE is authorized to act as a 5G ProSe UE-to-network relay UE and uses the security procedure over control plane as specified in 3GPP TS 33.503 [34]:

1) when the UE has no 5G ProSe UE-to-network relay discovery security material for 5G ProSe UE-to-network relay UE and the UE is in NG-RAN coverage; or

2) after expiration of timer T50yz, when in NG-RAN coverage or when entering NG-RAN coverage.

The UE shall initiate the 5G ProSe UE-to-network relay discovery security material request procedure by sending a PROSE_SECURITY_MATERIAL_REQUEST message with the <UNR-discovery-security-parameters-request> element. In the <UNR-discovery-security-parameters-request> element, the UE:

a) shall include a new transaction ID;

b) shall indicate whether the UE requests the 5G ProSe UE-to-network relay discovery security material for 5G ProSe remote UE, the 5G ProSe UE-to-network relay discovery security material for 5G ProSe UE-to-network relay UE or both;

c) shall include the PC5 UE security capabilities indicating ciphering algorithms supported by the UE;

d) if the UE requests the 5G ProSe UE-to-network relay discovery security material for 5G ProSe remote UE, may include a list of PLMN identities of the visited PLMNs; and

e) may indicate the requested model indicating the model of the 5G ProSe UE-to-network relay discovery over PC5 interface for which security parameters are requested, set to "model A" or "model B".

NOTE: If the requested model is not included in the PROSE_SECURITY_MATERIAL_REQUEST message, security parameters are requested for both model A and model B of the 5G ProSe UE-to-network relay discovery over PC5 interface.

Figure 8.2.12.2.2.2.1 illustrates the interaction of the UE and the 5G DDNMF in the 5G ProSe UE-to-network relay discovery security material request procedure.

Figure 8.2.12.2.2.2.1: 5G ProSe UE-to-network relay discovery security material request procedure

8.2.12.2.2.3 5G ProSe UE-to-network relay discovery security material request procedure accepted by the 5G DDNMF

Upon receiving a PROSE_SECURITY_MATERIAL_REQUEST message with the <UNR-discovery-security-parameters-request> element, if:

a) the UE requests the 5G ProSe UE-to-network relay discovery security material for 5G ProSe remote UE only and the PROSE_SECURITY_MATERIAL_REQUEST message is received over a TLS tunnel established by a UE authorized to act as a 5G ProSe remote UE;

b) the UE requests the 5G ProSe UE-to-network relay discovery security material for 5G ProSe UE-to-network relay UE only and the PROSE_SECURITY_MATERIAL_REQUEST message is received over a TLS tunnel established by a UE authorized to act as a 5G ProSe UE-to-network relay UE; or

c) the UE requests the 5G ProSe UE-to-network relay discovery security material for 5G ProSe remote UE and the 5G ProSe UE-to-network relay discovery security material for 5G ProSe UE-to-network relay UE and the PROSE_SECURITY_MATERIAL_REQUEST message is received over a TLS tunnel established by a UE authorized to act as a 5G ProSe UE-to-network relay UE and authorized to act as a 5G ProSe remote UE;

the 5G DDNMF shall send a PROSE_SECURITY_MATERIAL_RESPONSE message containing a <UNR-discovery-security-parameters-accept> element. In the <UNR-discovery-security-parameters-accept> element, the 5G DDNMF:

a) shall include the transaction ID set to the value of the transaction ID received in the PROSE_SECURITY_MATERIAL_REQUEST message;

b) if the UE requests the 5G ProSe UE-to-network relay discovery security material for 5G ProSe remote UE:

1) shall include the 5G ProSe UE-to-network relay discovery security material for 5G ProSe remote UE. In the 5G ProSe UE-to-network relay discovery security material for 5G ProSe remote UE, the 5G DDNMF:

A) shall include the expiration timer of the 5G ProSe UE-to-network relay discovery security material for 5G ProSe remote UE; and

B) for each relay service code for which the UE is authorized to act as a 5G ProSe remote UE:

i) if the requested model is not indicated in the PROSE_SECURITY_MATERIAL_REQUEST message or is set to "model A", may include the code-receiving security parameters for model A containing one or more of DUSK, DUIK and DUCK with associated encrypted bitmask;

ii) if the requested model is not indicated in the PROSE_SECURITY_MATERIAL_REQUEST message or is set to "model B", may include the code-receiving security parameters for model B containing one or more of DUSK, DUIK and DUCK with associated encrypted bitmask and the code-sending security parameters for model B containing one or more of DUSK, DUIK and DUCK with associated encrypted bitmask; and

iii) shall include the selected ciphering algorithm; and

2) may include the PC5 security policies per relay service code for 5G ProSe remote UE. In the PC5 security policies per relay service code for 5G ProSe remote UE, the 5G DDNMF:

A) for each relay service code for which the UE is authorized to act as a 5G ProSe remote UE:

i) shall include the PC5 security policies;

c) if the UE requests the 5G ProSe UE-to-network relay discovery security material for 5G ProSe UE-to-network relay UE:

1) shall include the 5G ProSe UE-to-network relay discovery security material for 5G ProSe UE-to-network relay UE. In the 5G ProSe UE-to-network relay discovery security material for 5G ProSe UE-to-network relay UE, the 5G DDNMF:

A) shall include the expiration timer of the 5G ProSe UE-to-network relay discovery security material for 5G ProSe UE-to-network relay UE; and

B) for each relay service code for which the UE is authorized to act as a 5G ProSe UE-to-network relay UE:

i) if the requested model is not indicated in the PROSE_SECURITY_MATERIAL_REQUEST message or is set to "model A", may include the code-sending security parameters for model A containing one or more of DUSK, DUIK and DUCK with associated encrypted bitmask;

iii) shall include the selected ciphering algorithm; and

A) for each relay service code for which the UE is authorized to act as a 5G ProSe UE-to-network relay UE:

i) shall include the PC5 security policies; and

d) shall include the current time set to the current UTC-based time at the 5G DDNMF and the max offset.

If the UE requests the 5G ProSe UE-to-network relay discovery security material for 5G ProSe remote UE, the UE identity in the PROSE_SECURITY_MATERIAL_REQUEST message indicates a UE authorized to act as a 5G ProSe remote UE and the PROSE_SECURITY_MATERIAL_REQUEST message contains a list of PLMN identities of the visited PLMNs, the 5G DDNMF shall include in the 5G ProSe UE-to-network relay discovery security material for 5G ProSe remote UE any information received from 5G DDNMFs of potential 5G ProSe UE-to-network relay UEs which can serve the UE.

8.2.12.2.2.4 5G ProSe UE-to-network relay discovery security material request procedure completion by the UE

Upon receipt of the PROSE_SECURITY_MATERIAL_RESPONSE message with the <UNR-discovery-security-parameters-accept>, if the transaction ID contained in the <UNR-discovery-security-parameters-accept> element matches the value sent by the UE in a PROSE_SECURITY_MATERIAL_REQUEST message with the <UNR-discovery-security-parameters-request> element, the UE:

a) if the PROSE_SECURITY_MATERIAL_RESPONSE message contains the 5G ProSe UE-to-network relay discovery security material for 5G ProSe remote UE:

1) shall store the 5G ProSe UE-to-network relay discovery security material for 5G ProSe remote UE, shall stop timer T50xy, if running and shall start timer T50xy with the value of the expiration timer indicated in the 5G ProSe UE-to-network relay discovery security material for 5G ProSe remote UE; and

2) if the PC5 security policies per relay service code for 5G ProSe remote UE are received, shall store the PC5 security policies per relay service code for 5G ProSe remote UE;

b) if the PROSE_SECURITY_MATERIAL_RESPONSE message contains the 5G ProSe UE-to-network relay discovery security material for 5G ProSe UE-to-network relay UE:

1) shall store the 5G ProSe UE-to-network relay discovery security material for 5G ProSe UE-to-network relay UE, shall stop timer T50yz, if running and shall start timer T50yz with the value of the expiration timer indicated in the 5G ProSe UE-to-network relay discovery security material for 5G ProSe UE-to-network relay UE; and

c) shall set a ProSe clock (see 3GPP TS 33.503 [34]) to the value of the received current time parameter and store the received max offset.

8.2.12.2.2.5 5G ProSe UE-to-network relay discovery security material request procedure not accepted by the 5G DDNMF

If the PROSE_SECURITY_MATERIAL_REQUEST message with the <UNR-discovery-security-parameters-request> element cannot be accepted by the 5G DDNMF, the 5G DDNMF shall send a PROSE_SECURITY_MATERIAL_RESPONSE message containing a <UNR-discovery-security-parameters-reject> element. In the <UNR-discovery-security-parameters-reject> element, the 5G DDNMF shall include the transaction ID set to the value of the transaction ID received in the PROSE_SECURITY_MATERIAL_REQUEST message and shall include an appropriate PC3a control protocol cause value.

Upon receipt of the PROSE_SECURITY_MATERIAL_RESPONSE message with the <UNR-discovery-security-parameters-reject> element, if the transaction ID contained in the <UNR-discovery-security-parameters-reject> element matches the value sent by the UE in a PROSE_SECURITY_MATERIAL_REQUEST message with the <UNR-discovery-security-parameters-request> element, the UE shall consider the 5G ProSe UE-to-network relay discovery security material request procedure as rejected.

8.2.12.2.2.6 Abnormal cases in the UE

The following abnormal cases can be identified:

a) Indication from the transport layer of transmission failure of PROSE_SECURITY_MATERIAL_REQUEST message (e.g. after TCP retransmission timeout).

The UE shall close the existing secure connection to the 5G DDNMF, establish a new secure connection and then restart the 5G ProSe UE-to-network relay discovery security material request procedure.

b) No response from the 5G DDNMF after the PROSE_SECURITY_MATERIAL_REQUEST message has been successfully delivered (e.g. TCP ACK has been received for the PROSE_SECURITY_MATERIAL_REQUEST message)

The UE shall retransmit the PROSE_SECURITY_MATERIAL_REQUEST message.

NOTE: The timer to trigger retransmission and the maximum number of allowed retransmissions are UE implementation specific.

8.2.12.2.2.7 Abnormal cases in the 5G DDNMF

The following abnormal cases can be identified:

a) Indication from the lower layer of transmission failure of PROSE_SECURITY_MATERIAL_RESPONSE message.

After receiving an indication from lower layer that the PROSE_SECURITY_MATERIAL_RESPONSE message has not been successfully acknowledged (e.g. TCP ACK is not received), the 5G DDNMF shall abort the procedure.