A.3 Call Flow for MCM for EPC-routed access and/or NSWO

29.2733GPP3GPP EPS AAA interfacesEvolved Packet System (EPS)Release 18TS

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

A.3.1 Successful call flow

Figure Annex A.3-1 describes a successful call flow for MCM, for EPC-routed access and/or Non-seamless WLAN offload.

Figure Annex A.3-1: TWAN Authentication and Authorization Procedure for MCM – successful case

1. A connection is established between the UE and the TWAN, using a specific procedure based on IEEE 802.11 [40].

2. The TWAN sends an EAP Request/Identity to the UE.

3. The UE sends an EAP Response/Identity message to the TWAN.

4. The TWAN forwards the EAP payload received from the UE to the 3GPP AAA Server and also indicates the supported TWAN connection modes in the DER message. For MCM, the TWAN also provides the TWAG’s control plane IPv4 and/or IPv6 addresses to be used by the UE for WLCP if the MCM is selected. The routing path may include one or several 3GPP AAA proxies for roaming case.

5. The 3GPP AAA Server retrieves authentication vectors for the UE from the HSS.

6. The 3GPP AAA Server sends an EAP Request/AKA’-Challenge in which it also indicates to the UE the TWAN connection modes supported by the network (e.g. TSCM, SCM and MCM) and, for MCM, the WLCP transport(s) supported by the TWAN (i.e. IPv4 and/or IPv6), and in which it also requests the UE to provide its Mobile Equipment Identity. The Result-Code AVP in the DEA message is set to DIAMETER_MULTI_ROUND_AUTH. The TWAN-S2a-Connectivity Indicator is not set in the DEA-Flags AVP.

7. The TWAN forwards the EAP payload to the UE.

8. The UE sends the EAP Response/AKA’-Challenge in which it also indicates the requested connection mode. In this example, the UE requests the MCM. The user’s Mobile Equipment Identity is also included, if available and if requested by the 3GPP AAA Server.

9. The TWAN forwards the EAP payload to the 3GPP AAA Server.

10. If the 3GPP AAA Server successfully authentifies the UE, the 3GPP AAA Server downloads the user’s subscription information from the HSS.

11. The 3GPP AAA Server includes the information required for the MCM in the AKA’-Notification as specified in 3GPP TS 24.302[26] (e.g. NSWO authorization, TWAG control plane address) and sends the DEA message to the TWAN. The Result-Code AVP in the DEA message is set to DIAMETER_MULTI_ROUND_AUTH. The TWAN-S2a-Connectivity Indicator is not set in the DEA-Flags AVP.

12. The TWAN forwards the EAP payload to the UE.

13-14. The UE responds with an EAP-RSP/AKA’-Notification message that the TWAN forwardsto the 3GPP AAA Server.

15-16. The 3GPP AAA Server sends an EAP Success message that the TWAN forwards to the UE. The Result-Code AVP in the DEA message is set to DIAMETER_SUCCESS. The DEA message also indicates to the TWAN the selected connected mode (MCM), the user’s subscription information, whether the user is authorized for EPC and/or non-seamless WLAN offload, the WLCP key for WLCP signalling protection, and the user’s Mobile Equipment Identity if it is available.

Dependent on the authorizations received from the 3GPP AAA server, the UE may subsequently initiate the establishement of PDN connections to access the EPC and/or proceeed with non-seamless WLAN offload.

A.3.2 Call flow with IMEI check in VPLMN

Figure Annex A.3-x describes a roaming call flow for MCM, for EPC-routed access and/or Non-seamless WLAN offload, with IMEI check performed in the VPLMN.

Figure Annex A.3-x: TWAN Authentication and Authorization Procedure for MCM, with an IMEI check in the VPLMN

1. to 3. Same as Figure A.3-1.

4. If IMEI check is required by operator policy, the 3GPP AAA Proxy sets the IMEI-Check-Required-In-VPLMN bit in the DER-Flags AVP.

5. to 9. Same as Figure A.3-1.

9A. The 3GPP AAA Server requests the VPLMN to perform the IMEI check by setting the IMEI-Check-Request-In-VPLMN bit in the DEA-Flags AVP and including the Terminal-Information AVP in the DEA message.

9B. The TWAN returns the IMEI-Check-Request-In-VPLMN flag in the DER-Flags AVP and the Terminal-Information AVP to the 3GPP AAA Proxy.

9C. The 3GPP AAA Proxy performs the IMEI check in the VPLMN and forwards the DER to the 3GPP AAA Server, replacing the IMEI-Check-Request-In-VPLMN bit in the DER-Flags AVP by the IMEI-Check-In-VPLMN-Result AVP.

10. to 16. Same as Figure A.3-1 if the IMEI check in VPLMN was successful.

Otherwise the 3GPP AAA Server sends an EAP Failure message that the TWAN forwards to the UE. The Result-Code AVP in the DEA message is set to DIAMETER_ERROR_ILLEGAL_EQUIPMENT.