Nothing Special   »   [go: up one dir, main page]

WO2024098437A1 - Obtaining of security information for relay discovery - Google Patents

Obtaining of security information for relay discovery Download PDF

Info

Publication number
WO2024098437A1
WO2024098437A1 PCT/CN2022/131580 CN2022131580W WO2024098437A1 WO 2024098437 A1 WO2024098437 A1 WO 2024098437A1 CN 2022131580 W CN2022131580 W CN 2022131580W WO 2024098437 A1 WO2024098437 A1 WO 2024098437A1
Authority
WO
WIPO (PCT)
Prior art keywords
identity
request
hplmn
security information
relay
Prior art date
Application number
PCT/CN2022/131580
Other languages
French (fr)
Inventor
Jing PING
Ling Yu
Mohamed Amin Nassar
Original Assignee
Nokia Shanghai Bell Co., Ltd.
Nokia Solutions And Networks Oy
Nokia Technologies Oy
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nokia Shanghai Bell Co., Ltd., Nokia Solutions And Networks Oy, Nokia Technologies Oy filed Critical Nokia Shanghai Bell Co., Ltd.
Priority to PCT/CN2022/131580 priority Critical patent/WO2024098437A1/en
Publication of WO2024098437A1 publication Critical patent/WO2024098437A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/03Reselecting a link using a direct mode connection
    • H04W36/033Reselecting a link using a direct mode connection in pre-organised networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/005Discovery of network devices, e.g. terminals
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/02Terminal devices
    • H04W88/04Terminal devices adapted for relaying to or from another terminal or user

Definitions

  • Various example embodiments of the present disclosure generally relate to the field of telecommunication and in particular, to devices, methods, apparatus and computer readable storage media for obtaining security information for relay discovery.
  • the Fifth Generation (5G) system support proximity based services (ProSe) feature may comprise 5G ProSe Direct Discovery, 5G ProSe Direct Communication and 5G ProSe UE-to-Network (U2N) Relay.
  • 5G ProSe UE-to-Network Relay feature a remote user equipment (UE) may connect to a UE-to-Network relay via a PC5 interface with 5G ProSe Direct Communication, and communicate with a data network via the UE-to-Network relay and 5G network.
  • the remote UE and the U2N relay may perform a 5G ProSe Direct discovery procedure using security information for relay discovery.
  • example embodiments of the present disclosure provide a solution for obtaining security information for relay discovery.
  • a first network device in a first home public land mobile network comprises at least one processor and at least one memory storing instructions.
  • the instructions When the instructions are executed by the at least one processor, the instructions cause the first network device at least to: receive, from a terminal device served by the first network device, a first request for security information for relay discovery, the first request at least comprising a relay service code (RSC) ; obtain at least one identity based on the first request, each of the at least one identity being for one of at least one group of target relay terminal devices supporting the RSC; obtain at least one set of security information based on the at least one identity and the RSC, each of the at least one set of security information being associated with one of the at least one group of target relay terminal devices; and transmit the at least one set of security information to the terminal device.
  • RSC relay service code
  • a terminal device comprising at least one processor and at least one memory storing instructions.
  • the instructions When the instructions are executed by the at least one processor, the instructions cause the terminal device at least to: transmit, to a network device in a home public land mobile network (HPLMN) , a request for security information for relay discovery, the request at least comprising a relay service code (RSC) ; receive at least one set of security information from the network device, each of the at least one set of security information being associated with one of at least one group of target relay terminal devices supporting the RSC; and perform the relay discovery based on the at least one set of security information.
  • HPLMN home public land mobile network
  • RSC relay service code
  • a first policy control function (PCF) device in a first home public land mobile network (HPLMN) comprises at least one processor and at least one memory storing instructions.
  • the instructions When the instructions are executed by the at least one processor, the instructions cause the first PCF device at least to: receive, from a first network device in the first HPLMN, a second request for at least one identity, each of the at least one identity being for one of at least one group of target relay terminal devices supporting a relay service code (RSC) , the second request at least comprising the RSC; obtain the at least one identity based on the second request; and transmit, to the first network device, a second response to the second request, the second response at least comprising the at least one identity.
  • RSC relay service code
  • a second network device in a second home public land mobile network comprises at least one processor and at least one memory storing instructions.
  • the instructions When the instructions are executed by the at least one processor, the instructions cause the second network device at least to: receive, from a first network device in a first HPLM, a third request for at least one second set of security information for a relay service code (RSC) , the request at least comprising the RSC, the second HPLMN being different from the first HPLMN; obtain the at least one second set of security information based on the third request; and transmit a third response to the first network device, the third response at least comprising the at least one second set of security information.
  • RSC relay service code
  • a second policy control function (PCF) device in a second home public land mobile network (HPLMN) .
  • the second PCF device comprises at least one processor and at least one memory storing instructions.
  • the instructions When the instructions are executed by the at least one processor, the instructions cause the second PCF device at least to:receive a request for at least one identity, each of the at least one identity being for a target relay terminal device supporting a relay service code (RSC) , the request at least comprising the RSC; obtain the at least one identity based on the request; and transmit a response to the request, the response comprising the at least one identity.
  • RSC relay service code
  • an apparatus comprising: means for receiving, at a first network device in a first home public land mobile network (HPLMN) from a terminal device served by the first network device, a first request for security information for relay discovery, the first request at least comprising a relay service code (RSC) ; means for obtaining at least one identity based on the first request, each of the at least one identity being for one of at least one group of target relay terminal devices supporting the RSC; means for obtaining at least one set of security information based on the at least one identity and the RSC, each of the at least one set of security information being associated with one of the at least one group of target relay terminal devices; and means for transmitting the at least one set of security information to the terminal device.
  • HPLMN home public land mobile network
  • RSC relay service code
  • an apparatus comprising: means for transmitting, from a terminal device to a network device in a home public land mobile network (HPLMN) , a request for security information for relay discovery, the request at least comprising a relay service code (RSC) ; means for receiving at least one set of security information from the network device, each of the at least one set of security information being associated with one of at least one group of target relay terminal devices supporting the RSC; and means for performing the relay discovery based on the at least one set of security information.
  • HPLMN home public land mobile network
  • RSC relay service code
  • an apparatus comprising: means for receiving, at a first policy control function (PCF) device in a first home public land mobile network (HPLMN) from a first network device in the first HPLMN, a second request for at least one identity, each of the at least one identity being for one of at least one group of target relay terminal devices supporting a relay service code (RSC) , the second request at least comprising the RSC; means for obtaining the at least one identity based on the second request; and means for transmitting, to the first network device, a second response to the second request, the second response at least comprising the at least one identity.
  • PCF policy control function
  • HPLMN home public land mobile network
  • RSC relay service code
  • an apparatus comprising: means for receiving, at a second network device in a second home public land mobile network (HPLMN) from a first network device in a first HPLM, a third request for at least one second set of security information for a relay service code (RSC) , the request at least comprising the RSC, the second HPLMN being different from the first HPLMN; means for obtaining the at least one second set of security information based on the third request; and means for transmitting a third response to the first network device, the third response at least comprising the at least one second set of security information.
  • HPLMN home public land mobile network
  • RSC relay service code
  • an apparatus comprising: means for receiving, at a second PCF device in a second home public land mobile network (HPLMN) , a request for at least one identity, each of the at least one identity being for a target relay terminal device supporting a relay service code (RSC) , the request at least comprising the RSC; means for obtaining the at least one identity based on the request; and means for transmitting a response to the request, the response comprising the at least one identity.
  • HPLMN home public land mobile network
  • RSC relay service code
  • a method comprises: receiving, at a first network device in a first home public land mobile network (HPLMN) from a terminal device served by the first network device, a first request for security information for relay discovery, the first request at least comprising a relay service code (RSC) ; obtaining at least one identity based on the first request, each of the at least one identity being for one of at least one group of target relay terminal devices supporting the RSC; obtaining at least one set of security information based on the at least one identity and the RSC, each of the at least one set of security information being associated with one of the at least one group of target relay terminal devices; and transmitting the at least one set of security information to the terminal device.
  • HPLMN home public land mobile network
  • RSC relay service code
  • a method comprises: transmitting, from a terminal device to a network device in a home public land mobile network (HPLMN) , a request for security information for relay discovery, the request at least comprising a relay service code (RSC) ; receiving at least one set of security information from the network device, each of the at least one set of security information being associated with one of at least one group of target relay terminal devices supporting the RSC; and performing the relay discovery based on the at least one set of security information.
  • HPLMN home public land mobile network
  • RSC relay service code
  • a method comprises: receiving, at a first policy control function (PCF) device in a first home public land mobile network (HPLMN) from a first network device in the first HPLMN, a second request for at least one identity, each of the at least one identity being for one of at least one group of target relay terminal devices supporting a relay service code (RSC) , the second request at least comprising the RSC; obtaining the at least one identity based on the second request; and transmitting, to the first network device, a second response to the second request, the second response at least comprising the at least one identity.
  • PCF policy control function
  • HPLMN home public land mobile network
  • RSC relay service code
  • a fourteenth aspect there is provided a method.
  • the method comprises: receiving, at a second network device in a second home public land mobile network (HPLMN) from a first network device in a first HPLM, a third request for at least one second set of security information for a relay service code (RSC) , the request at least comprising the RSC, the second HPLMN being different from the first HPLMN; obtaining the at least one second set of security information based on the third request; and transmitting a third response to the first network device, the third response at least comprising the at least one second set of security information.
  • HPLMN home public land mobile network
  • RSC relay service code
  • a method comprises: receiving, at a second PCF device in a second home public land mobile network (HPLMN) , a request for at least one identity, each of the at least one identity being for a target relay terminal device supporting a relay service code (RSC) , the request at least comprising the RSC; obtaining the at least one identity based on the request; and transmitting a response to the request, the response comprising the at least one identity.
  • HPLMN home public land mobile network
  • RSC relay service code
  • a computer readable medium comprises program instructions that, when executed by at least one processor, cause an apparatus to perform at least the method according to any of the eleventh to fifteenth aspects.
  • Fig. 1 illustrates an example communication network in which example embodiments of the present disclosure may be implemented
  • Fig. 2 illustrates a signaling chart illustrating a security procedure for restricted 5G ProSe Direct Discovery Model A
  • Fig. 3 illustrates a signaling chart illustrating a PC5 security establishment procedure for 5G ProSe UE-to-Network relay communication over User Plane;
  • Fig. 4 illustrates a signaling chart illustrating a process for obtaining security information for relay discovery in accordance with some example embodiments of the present disclosure
  • Fig. 5 illustrates a signaling chart illustrating a process for obtaining security information for relay discovery in accordance with some other example embodiments of the present disclosure
  • Fig. 6 illustrates a signaling chart illustrating a process for obtaining security information for relay discovery in accordance with some other example embodiments of the present disclosure
  • Fig. 7 illustrates a signaling chart illustrating an example implementation of a process for obtaining security information for relay discovery in accordance with some example embodiments of the present disclosure
  • Fig. 8 illustrates a signaling chart illustrating an example implementation of a process for obtaining security information for relay discovery in accordance with some other example embodiments of the present disclosure
  • Fig. 9 illustrates a signaling chart illustrating an example implementation of a process for obtaining security information for relay discovery in accordance with some other example embodiments of the present disclosure
  • Fig. 10 illustrates a signaling chart illustrating an example implementation of a process for obtaining security information for relay discovery in accordance with still other example embodiments of the present disclosure
  • Fig. 11 illustrates a signaling chart illustrating an example implementation of a process for obtaining security information for relay discovery in accordance with yet other example embodiments of the present disclosure
  • Fig. 12 illustrates a flowchart of a method implemented at a first network device in accordance with some example embodiments of the present disclosure
  • Fig. 13 illustrates a flowchart of a method implemented at a terminal device in accordance with some example embodiments of the present disclosure
  • Fig. 14 illustrates a flowchart of a method implemented at a first policy control function (PCF) device in accordance with some example embodiments of the present disclosure
  • Fig. 15 illustrates a flowchart of a method implemented at a second network device in accordance with some example embodiments of the present disclosure
  • Fig. 16 illustrates a flowchart of a method implemented at a second PCF device in accordance with some example embodiments of the present disclosure
  • Fig. 17 illustrates a simplified block diagram of an apparatus that is suitable for implementing example embodiments of the present disclosure.
  • Fig. 18 illustrates a block diagram of an example computer readable medium in accordance with some example embodiments of the present disclosure.
  • references in the present disclosure to “one embodiment, ” “an embodiment, ” “an example embodiment, ” and the like indicate that the embodiment described may include a particular feature, structure, or characteristic, but it is not necessary that every embodiment includes the particular feature, structure, or characteristic. Moreover, such phrases are not necessarily referring to the same embodiment. Further, when a particular feature, structure, or characteristic is described in connection with an example embodiment, it is submitted that it is within the knowledge of one skilled in the art to affect such feature, structure, or characteristic in connection with other example embodiments whether or not explicitly described.
  • first and second etc. may be used herein to describe various elements, these elements should not be limited by these terms. These terms are only used to distinguish one element from another. For example, a first element could be termed a second element, and similarly, a second element could be termed a first element, without departing from the scope of example embodiments.
  • the term “and/or” includes any and all combinations of one or more of the listed terms.
  • circuitry may refer to one or more or all of the following:
  • circuitry also covers an implementation of merely a hardware circuit or processor (or multiple processors) or portion of a hardware circuit or processor and its (or their) accompanying software and/or firmware.
  • circuitry also covers, for example and if applicable to the particular claim element, a baseband integrated circuit or processor integrated circuit for a mobile device or a similar integrated circuit in server, a cellular network device, or other computing or network device.
  • the term “communication network” refers to a network following any suitable communication standards, such as fifth generation (5G) systems, Long Term Evolution (LTE) , LTE-Advanced (LTE-A) , Wideband Code Division Multiple Access (WCDMA) , High-Speed Packet Access (HSPA) , Narrow Band Internet of Things (NB-IoT) and so on.
  • 5G fifth generation
  • LTE Long Term Evolution
  • LTE-A LTE-Advanced
  • WCDMA Wideband Code Division Multiple Access
  • HSPA High-Speed Packet Access
  • NB-IoT Narrow Band Internet of Things
  • the communications between a terminal device and a network device in the communication network may be performed according to any suitable generation communication protocols, including, but not limited to, the first generation (1G) , the second generation (2G) , 2.5G, 2.75G, the third generation (3G) , the fourth generation (4G) , 4.5G, the fifth generation (5G) new radio (NR) communication protocols, and/or any other protocols either currently known or to be developed in the future.
  • Example embodiments of the present disclosure may be applied in various communication systems. Given the rapid development in communications, there will of course also be future type communication technologies and systems with which the present disclosure may be embodied. It should not be seen as limiting the scope of the present disclosure to only the aforementioned system.
  • the term “network device” refers to a node in a communication network via which a terminal device accesses the network and receives services therefrom.
  • the network device may refer to a base station (BS) or an access point (AP) , for example, a node B (NodeB or NB) , an evolved NodeB (eNodeB or eNB) , a NR Next Generation NodeB (gNB) , a Remote Radio Unit (RRU) , a radio header (RH) , a remote radio head (RRH) , a relay, a low power node such as a femto, a pico, and so forth, depending on the applied terminology and technology.
  • An RAN split architecture comprises a gNB-CU (Centralized unit, hosting RRC, SDAP and PDCP) controlling a plurality of gNB-DUs (Distributed unit, hosting RLC, MAC and PHY) .
  • gNB-CU Centralized unit, hosting
  • terminal device refers to any end device that may be capable of wireless communication.
  • a terminal device may also be referred to as a communication device, user equipment (UE) , a Subscriber Station (SS) , a Portable Subscriber Station, a Mobile Station (MS) , or an Access Terminal (AT) .
  • UE user equipment
  • SS Subscriber Station
  • MS Mobile Station
  • AT Access Terminal
  • the terminal device may include, but not limited to, a mobile phone, a cellular phone, a smart phone, voice over IP (VoIP) phones, wireless local loop phones, a tablet, a wearable terminal device, a personal digital assistant (PDA) , portable computers, desktop computer, image capture terminal devices such as digital cameras, gaming terminal devices, music storage and playback appliances, vehicle-mounted wireless terminal devices, wireless endpoints, mobile stations, laptop-embedded equipment (LEE) , laptop-mounted equipment (LME) , USB dongles, smart devices, wireless customer-premises equipment (CPE) , an Internet of Things (IoT) device, a watch or other wearable, a head-mounted display (HMD) , a vehicle, a drone, a medical device and applications (e.g., remote surgery) , an industrial device and applications (e.g., a robot and/or other wireless devices operating in an industrial and/or an automated processing chain contexts) , a consumer electronics device, a device operating on commercial and/
  • a user equipment apparatus such as a cell phone or tablet computer or laptop computer or desktop computer or mobile IoT device or fixed IoT device
  • This user equipment apparatus can, for example, be furnished with corresponding capabilities as described in connection with the fixed and/or the wireless network node (s) , as appropriate.
  • the user equipment apparatus may be the user equipment and/or or a control device, such as a chipset or processor, configured to control the user equipment when installed therein. Examples of such functionalities include the bootstrapping server function and/or the home subscriber server, which may be implemented in the user equipment apparatus by providing the user equipment apparatus with software configured to cause the user equipment apparatus to perform from the point of view of these functions/nodes.
  • Fig. 1 shows an example communication environment 100 in which example embodiments of the present disclosure can be implemented.
  • the environment 100 may comprise a first home public land mobile network (HPLMN) 110 and a second HPLMN 120.
  • HPLMN home public land mobile network
  • a first terminal device 112 may use a subscription of the first HPLMN 110.
  • the first terminal device 112 may communicate with a first network device 114 and a first PCF 116 in the first HPLMN 110.
  • the first network device 114 may comprise a 5G direct discovery name management function (DDNMF) device, or a ProSe key management function (PKMF) device.
  • DDNMF 5G direct discovery name management function
  • PKMF ProSe key management function
  • a second terminal device 122 may use a subscription of the second HPLMN 120.
  • the second terminal device 122 may communicate with a second network device 124 and a second PCF 126 in the second HPLMN 120.
  • the second network device 124 may comprise a 5G direct discovery name management function (DDNMF) device, or a ProSe key management function (PKMF) device.
  • DDNMF 5G direct discovery name management function
  • PKMF ProSe key management function
  • the communication environment 100 may include any suitable number or type of the devices adapted for implementing embodiments of the present disclosure.
  • Communications in the communication environment 100 may be implemented according to any proper communication protocol (s) , comprising, but not limited to, cellular communication protocols of the first generation (1G) , the second generation (2G) , the third generation (3G) , the fourth generation (4G) , the fifth generation (5G) or the future sixth generation (6G) wireless local network communication protocols such as Institute for Electrical and Electronics Engineers (IEEE) 802.11 and the like, and/or any other protocols currently known or to be developed in the future.
  • s cellular communication protocols of the first generation (1G) , the second generation (2G) , the third generation (3G) , the fourth generation (4G) , the fifth generation (5G) or the future sixth generation (6G) wireless local network communication protocols such as Institute for Electrical and Electronics Engineers (IEEE) 802.11 and the like, and/or any other protocols currently known or to be developed in the future.
  • IEEE Institute for Electrical and Electronics Engineers
  • the communication may utilize any proper wireless communication technology, comprising but not limited to: Code Division Multiple Access (CDMA) , Frequency Division Multiple Access (FDMA) , Time Division Multiple Access (TDMA) , Frequency Division Duplex (FDD) , Time Division Duplex (TDD) , Multiple-Input Multiple-Output (MIMO) , Orthogonal Frequency Division Multiple (OFDM) , Discrete Fourier Transform spread OFDM (DFT-s-OFDM) and/or any other technologies currently known or to be developed in the future.
  • CDMA Code Division Multiple Access
  • FDMA Frequency Division Multiple Access
  • TDMA Time Division Multiple Access
  • FDD Frequency Division Duplex
  • TDD Time Division Duplex
  • MIMO Multiple-Input Multiple-Output
  • OFDM Orthogonal Frequency Division Multiple
  • DFT-s-OFDM Discrete Fourier Transform spread OFDM
  • the communication environment 100 may support proximity based services (ProSe) feature, such as 5G ProSe, 4G ProSe and so on.
  • ProSe proximity based services
  • 5G ProSe 5G ProSe
  • 4G ProSe 4G ProSe
  • example embodiments of the present disclosure will be described by taking 5G ProSe as example. However, the present disclosure may be appliable to 4G ProSe or any future ProSe.
  • 5G ProSe features may comprise 5G ProSe Direct Discovery, 5G ProSe Direct Communication and 5G ProSe UE-to-Network (U2N) Relay.
  • the first terminal device 112 may connect to the second terminal device 122 via a PC5 interface with 5G ProSe Direct Communication, and communicate with a data network via the second terminal device 122 and 5G network.
  • the first terminal device 112 may be referred to as a remote terminal device or a remote user equipment (UE)
  • the second terminal device 122 may be referred to as a UE-to-Network (U2N) relay.
  • the first terminal device 112 and the second terminal device 122 may perform a 5G ProSe Direct discovery procedure using security information for relay discovery.
  • security information for relay discovery there is a need of obtaining the security information for relay discovery.
  • Fig. 2 illustrates a signaling chart illustrating a security procedure 200 for restricted 5G ProSe Direct Discovery Model A.
  • steps 211-214 relate to an Announcing UE 202.
  • the Announcing UE 202 sends a Discovery Request message containing the Restricted ProSe Application User ID (RPAUID) to the 5G DDNMF 205 in its HPLMN in order to get the ProSe Code to announce and to get the associated security material.
  • the Announcing UE 202 shall include its PC5 UE security capability that contains the list of supported ciphering algorithms by the UE in the Discovery Request message.
  • the 5G ProSe UE-to-Network Relay plays the role as the Announcing UE 202 and sends a Relay Discovery Key Request instead of a Discovery Request.
  • the Relay Discovery Key Request message includes the Relay Service Code (RSC) and the 5G ProSe UE-to-Network Relay's PC5 security capability.
  • RSC Relay Service Code
  • the 5G DDNMF 205 may check for the announce authorization with the ProSe Application Server. For 5G ProSe UE-to-Network Relay discovery, this step is skipped.
  • the 5G DDNMFs 205 in the HPLMN and VPLMN 204 of the Announcing UE 202 exchange Announce Auth.
  • the 5G DDNMF 205 in the HPLMN of the Announcing UE 202 returns the ProSe Restricted Code and the corresponding Code-Sending Security Parameters, along with the CURRENT_TIME and MAX_OFFSET parameters.
  • the Code-Sending Security Parameters provide the necessary information for the Announcing UE 202 to protect the transmission of the ProSe Restricted Code and are stored with the ProSe Restricted Code.
  • the Announcing UE 202 takes the same actions with CURRENT_TIME and MAX_OFFSET.
  • the 5G DDNMF 205 in the HPLMN of the Announcing UE 202 shall include the chosen PC5 ciphering algorithm in the Discovery Response message.
  • the 5G DDNMF 205 determines the chosen PC5 ciphering algorithm based on the ProSe Restricted Code and the received PC5 UE security capability in step 211.
  • the UE stores the chosen PC5 ciphering algorithm together with the ProSe Restricted Code.
  • the 5G DDNMF 205 in the HPLMN of the Announcing UE 202 may associate the ProSe Restricted Code with the PC5 security policies and include the PC5 security policies in the Discovery Response message.
  • a Relay Discovery Key Response is used instead of the Discovery Response, and the RSC is used instead of the ProSe Restricted Code.
  • the response message contains the discovery security materials.
  • 5G DDNMF may get the PC5 security policies in different ways (e.g. from PCF, from ProSe Application Server, or based on local configuration) .
  • Steps 215-220 relate to a Monitoring UE 201.
  • the Monitoring UE 201 sends a Discovery Request message containing the RPAUID and its PC5 UE security capability to the 5G DDNMF 203 in its HPLMN in order to be allowed to monitor for one or more Restricted ProSe Application User IDs.
  • the 5G ProSe Remote UE plays the role of the Monitoring UE 201 and sends a Relay Discovery Key Request instead of the Discovery Request.
  • the Relay Discovery Key Request message includes the RSC and the 5G ProSe Remote UE's PC5 security capability.
  • the 5G DDNMF 203 in the HPLMN of the Monitoring UE 201 sends an authorization request to the ProSe Application Server. If, based on the permission settings, the RPAUID is allowed to discover at least one of the Target RPAUIDs contained in the Application Level Container, the ProSe Application Server returns an authorization response.
  • the 5G DDNMF 203 in the HPLMN of the Monitoring UE 201 contacts the indicated PLMN's 5G DDNMF (i.e. the 5G DDNMF in the HPLMN of the Announcing UE 202) by sending a Discovery key request message including the PC5 UE security capability received in step 215.
  • Relay Discovery Key Request For 5G ProSe UE-to-Network Relay Discovery, Relay Discovery Key Request and RSC are used instead of Discovery Request and RPAUID.
  • the 5G DDNMF 205 in the HPLMN of the Announcing UE 202 may exchange authorization messages with the ProSe Application Server 206.
  • the 5G DDNMF 205 in the HPLMN of the Announcing UE 202 responds to the 5G DDNMF 203 in the HPLMN of the Monitoring UE 201 with a Discovery key response message including the ProSe Restricted Code, the corresponding Code-Receiving Security Parameters, an optional Discovery User Integrity Key (DUIK) , and the chosen PC5 ciphering algorithm (based on the information/keys stored in step 214) .
  • the Code-Receiving Security Parameters provide the information needed by the Monitoring UE 201 to undo the protection applied by the Announcing UE 202.
  • the DUIK shall be included as a separate parameter if the Code-Receiving Security Parameters indicate that the Monitoring UE 201 use Match Reports for MIC checking.
  • the 5G DDNMF 203 in the HPLMN of the Monitoring UE 201 stores the ProSe Restricted Code and the Discovery User Integrity Key (if it received one outside of the Code-Receiving Security Parameters) .
  • a Relay Discovery Key Response is used instead of the Discovery Response, and the RSC is used instead of the ProSe Restricted Code.
  • the response message contains the discovery security materials.
  • the 5G DDNMF 205 in the HPLMN of the Announcing UE 202 may send the PC5 security policies associated with the ProSe Restricted Code to the 5G DDNMF 203 in the HPLMN of the Monitoring UE 201.
  • PC5 ciphering algorithm is associated with the ProSe Restricted Code.
  • the 5G DDNMF 203 in the HPLMN of the Monitoring UE 201 returns the Discovery Filter and the Code-Receiving Security Parameters, along with the CURRENT_TIME and MAX_OFFSET parameters and the chosen PC5 ciphering algorithm.
  • the Monitoring UE 201 takes the same actions with CURRENT_TIME and MAX_OFFSET.
  • the UE stores the Discovery Filter, Code-Receiving Security Parameters, and the chosen PC5 ciphering algorithm together with the ProSe Restricted Code.
  • the Monitoring UE 201 If the 5G DDNMF 203 in the HPLMN of the Monitoring UE 201 receives the PC5 security policies associated with the ProSe Restricted Code in step 219, the Monitoring UE 201's 5G DDNMF forwards the PC5 security policies to the Monitoring UE 201.
  • Steps 11 and 12 occur over PC5.
  • the UE starts announcing, if the UTC-based counter provided by the system associated with the discovery slot is within the MAX_OFFSET of the Announcing UE 202's ProSe clock and if the Validity Timer has not expired.
  • the UE forms the discovery message and protects it.
  • the four least significant bits of UTC-based counter are transmitted along with the protected discovery message.
  • the Monitoring UE 201 listens for a discovery message that satisfies its Discovery Filter if the UTC-based counter associated with that discovery slot is within the MAX_OFFSET of the monitoring UE's ProSe clock. In order to find such a matching message, it processes the message. If the Monitoring UE 201 was not asked to send Match Reports for MIC checking, it stops at this step from a security perspective. Otherwise, it proceeds to step 223.
  • the UE checking the integrity of the discovery message on its own does not prevent the UE from sending a Match Report due to requirements in TS 23.304. If such a Match Report is sent, then there is no security functionality involved.
  • Steps 13-16 relate to a Monitoring UE 201 that has encountered a match.
  • the Monitoring UE 201 sends a Match Report message to the 5G DDNMF 203 in the HPLMN of the Monitoring UE 201.
  • the Match Report contains the UTC-based counter value with four least significant bits equal to four least significant bits received along with discovery message and nearest to the Monitoring UE 201's UTC-based counter associated with the discovery slot where it heard the announcement, and other discovery message parameters including the ProSe Restricted Code and MIC.
  • the 5G DDNMF checks the MIC.
  • the 5G DDNMF 203 in the HPLMN of the Monitoring UE 201 may exchange an Auth Req/Auth Resp with the ProSe Application Server 206 to ensure that Monitoring UE 201 is authorized to discover the Announcing UE 202.
  • the 5G DDNMF 203 in the HPLMN of the Monitoring UE 201 returns to the Monitoring UE 201 an acknowledgement that the integrity check passed. It also provides the CURRENT_TIME parameter, by which the UE (re) sets its ProSe clock.
  • the 5G DDNMF 203 in the HPLMN of the Monitoring UE 201 included the Match Report refresh timer in the message to the Monitoring UE 201.
  • the Match Report refresh timer indicates how long the UE will wait before sending a new Match Report for the ProSe Restricted Code.
  • the 5G DDNMF 203 in the HPLMN of the Monitoring UE 201 may send a Match Report Info message to the 5G DDNMF 205 in the HPLMN of the Announcing UE 202.
  • Fig. 3 illustrates a signaling chart illustrating a PC5 security establishment procedure 300 for 5G ProSe UE-to-Network relay communication over User Plane.
  • the 5G ProSe Remote UE 301 is provisioned with the discovery security materials and Prose Remote User Key (UP-PRUK) when it is in coverage. These security materials are associated with an expiration time, after which they become invalid. If the UE does not have valid discovery security materials, the 5G ProSe Remote UE needs to connect to the 5G PKMF and obtain fresh ones to use the 5G ProSe UE-to-Network Relay services.
  • UP-PRUK Prose Remote User Key
  • the procedure is described for the scenario that the 5G PKMF of the 5G ProSe Remote UE is different from the 5G PKMF of the 5G ProSe UE-to-Network Relay. If both the 5G ProSe Remote UE and the 5G ProSe UE-to-Network Relay are served by a single 5G PKMF, the 5G PKMF takes the role of the 5G PKMF of the 5G ProSe Remote UE and the 5G PKMF of the 5G ProSe UE-to-Network Relay and the inter-5G PKMF message exchanges are not needed.
  • Steps 310a, 310b, 311a, 311b are performed when the 5G ProSe Remote UE 301 is in coverage.
  • the 5G ProSe Remote UE 301 gets the 5G PKMF address from the 5G DDNMF 303 of its HPLMN.
  • the 5G ProSe Remote UE 301 may be provisioned with the 5G PKMF address by PCF. If the 5G ProSe Remote UE 301 is provisioned with the 5G PKMF address, the 5G ProSe Remote UE 301 may access the 5G PKMF directly without requesting it from the 5G DDNMF. In case that the 5G ProSe Remote UE 310 cannot access the 5G PKMF using the provisioned 5G PKMF address, the 5G ProSe Remote UE 301 may request the 5G PMKF address to the 5G DDNMF.
  • the 5G ProSe Remote UE 301 shall establish a secure connection with the 5G PKMF 304 via PC8 reference point.
  • Security for PC8 interface relies on Ua security if GBA specified in TS 33.220 is used (see clause 5.2.3.4) or Ua*security if AKMA specified in TS 33.535 is used (see clause 5.2.5.4) .
  • the 5G PKMF 304 of the 5G ProSe Remote UE 301 shall check whether the 5G ProSe Remote UE 301 is authorized to receive UE-to-Network Relay service, and if the UE is authorized, the 5G PKMF 304 of the 5G ProSe Remote UE 301 provides the discovery security materials to the 5G ProSe Remote UE 301. If the 5G ProSe Remote UE 301 provides a list of visited networks, the 5G PKMF 304 of the 5G ProSe Remote UE 301 shall request the discovery security materials from the 5G PKMFs of the potential 5G ProSe UE-to-Network Relays from which the 5G ProSe Remote UE 301 gets the relay services.
  • the 5G PKMF of the 5G ProSe UE-to-Network Relay may include the PC5 security policies to the 5G ProSe Remote UE 301.
  • the 5G PKMF may be locally configured with the UE's authorization information. Otherwise, the 5G PKMF interacts with the UDM of the UE to retrieve the UE's authorization information.
  • the 5G ProSe Remote UE 301 is provisioned by PCF with a list of the potential visited networks for the 5G ProSe UE-to-Network Relay service (which is identified by RSC) .
  • the 5G ProSe UE-to-Network Relay 302 gets the 5G PKMF address from its HPLMN in the same way as described in step 310a.
  • the 5G ProSe UE-to-Network Relay 302 shall establish a secure connection with the 5G PKMF via PC8 reference point as in step 310b.
  • the 5G PKMF 306 of the 5G ProSe UE-to-Network Relay 302 shall check whether the 5G ProSe UE-to-Network Relay 302 is authorized to provide 5G ProSe UE-to-Network Relay service, and if the UE is authorized, the 5G PKMF 306 of the 5G ProSe UE-to-Network Relay 302 provides the discovery security materials to the 5G ProSe UE-to-Network Relay 302.
  • the 5G PKMF 306 of the 5G ProSe UE-to-Network Relay 302 may include the PC5 security policies to the 5G ProSe UE-to-Network Relay 302.
  • the 5G ProSe Remote UE 301 sends a PRUK Request message to its 5G PKMF.
  • the message indicates that the 5G ProSe Remote UE 301 is requesting a UP-PRUK from the 5G PKMF. If the 5G ProSe Remote UE 301 already has a UP-PRUK from this 5G PKMF, the message shall also contain the UP-PRUK ID of the UP-PRUK.
  • UP-PRUK ID shall take the form of either the NAI format or the 64-bit string. If the UP-PRUK ID is in NAI format, i.e. username@realm, the realm part shall include Home Network Identifier (i.e. HPLMN ID) . The username part shall include the 64-bit string.
  • the 5G PKMF 304 checks whether the 5G ProSe Remote UE 301 is authorized to receive UE-to-Network Relay services. This is done by using the 5G ProSe Remote UE 301's identity associated with the key used to establish the secure connection between the 5G ProSe Remote UE 301 and 5G PKMF in step 310b. If the 5G ProSe Remote UE 301 is authorized to receive the service, the 5G PKMF sends a UP-PRUK and UP-PRUK ID to the 5G ProSe Remote UE 301. If a UP-PRUK and UP-PRUK ID are included, the 5G ProSe Remote UE 301 shall store these and delete any previously stored ones for this 5G PKMF.
  • the discovery procedure is performed between the 5G ProSe Remote UE 301 and the 5G ProSe UE-to-Network Relay 302 using the discovery parameters and discovery security material.
  • Steps 313 -315 secure direct communication between 5G ProSe Remote UE 301 and U2N relay is established.
  • the parameters for 5G ProSe Direct Discovery, 5G ProSe Direct Communication, and 5G ProSe UE-to-Network Relay service may be made available to the UE in following ways:
  • the parameters provided or updated by the ProSe Application Server via PC1 reference point may need to be complemented with configuration data from other sources listed above.
  • the ProSe Application Server can provision the same ProSe parameters via 5GC or directly to the UE via PC1 reference point, and can revoke (e.g. delete) the ProSe parameters via 5GC in order for the provisioning via PC1 reference point to take effect.
  • the PCF in the HPLMN may configure a list of PLMNs where the UE is authorized to use 5G ProSe Direct Discovery.
  • the PCF in the HPLMN may configure a list of PLMNs where the UE is authorised to use 5G ProSe Direct Communication.
  • the PCF in the HPLMN may configure a list of PLMNs where the UE is authorised to act as 5G ProSe UE-to-Network Relay.
  • Authorisation for 5G ProSe Layer-2 UE-to-Network Relay and 5G ProSe Layer-3 UE-to-Network Relay are independent of each other.
  • the PCF in the HPLMN may configure a list of PLMNs where the UE is authorised to access 5GC via 5G ProSe UE-to-Network Relay (i.e. to act as 5G ProSe Remote UE) .
  • 5G ProSe Layer-2 UE-to-Network Relay and via 5G ProSe Layer-3 UE-to-Network Relay are independent of each other.
  • the PCF in the HPLMN merges authorization information from home and other PLMNs and provides the UE with the final authorization information.
  • the PCF in the visited public land mobile network (VPLMN) or HPLMN may revoke the authorization (via H-PCF when roaming) at any time by using the UE Configuration Update procedure for transparent UE Policy delivery procedure defined in clause 4.2.4.3 of TS 23.502.
  • the ProSe Policy/parameters provisioning to UE is controlled by the PCF and may be triggered by UE.
  • the PCF provisions one or more of the following ProSe Policy/parameters:
  • the PCF includes the 5G ProSe Policy/parameters in a Policy Section identified by a Policy Section Identifier (PSI) as specified in clause 6.1.2.2.2 of TS 23.503 [9] .
  • PSI Policy Section Identifier
  • ProSe usage reporting configuration and rules for charging can be (pre) configured in the UE or provided by the PCF.
  • the path selection policy can be (pre) configured in the UE or provided by the PCF as defined in clause 5.11.
  • a path preference for ProSe Services can be provided by ProSe Application Server to UDR, and may be used by PCF for path selection policy generation and update.
  • the DDNMF/PKMF of the remote UE cannot locate or discover DDNMF/PKMF of a potential relay if the remote UE and the potential relay belong to different HPLMNs for the reason as discussed below.
  • a 5G DDNMF in a HPLMN uses a Network Repository Function (NRF) to discovery other 5G DDNMFs in other PLMNs.
  • NRF Network Repository Function
  • the NRF of a source PLMN reaches the NRF in the remote PLMN using target PLMN ID.
  • the 5G DDNMF of the remote UE does not have information of ID of HPLMN of at least one target or potential relay.
  • the DDNMF of the remote UE cannot locate or discover DDNMF of at least one potential relay as it does not know the HPLMN ID of all the potential relays.
  • the security discovery procedure cannot work for U2N relay case if the RSC associated to the discovery is supported/authorized by/to more than one potential U2N relays of at least different HPLMNs
  • the security parameters and cipher algorithm are associated with the RSC. If there are more than one potential U2N relays supporting the RSC, the security parameters and cipher algorithms cannot be distinguished unless all relays share same security parameters and algorithms. As security parameters and cipher algorithms are used to protect discovery message exchanged via PC5 link, it is not secure or even infeasible, to share them between all potential relays, or at least among the relays that belong to different HPLMNs.
  • a first network device in a first HPLMN receives, from a terminal device served by the first network device, a first request for security information for relay discovery.
  • the first request at least comprises a relay service code (RSC) .
  • the first network device obtains at least one identity based on the first request.
  • Each of the at least one identity is for one of at least one group of target relay terminal devices supporting the RSC.
  • the first network device obtains at least one set of security information based on the at least one identity information.
  • Each of the at least one set of security information is associated with one of the at least one group of target relay terminal devices.
  • the first network device transmits the at least one set of security information to the terminal device. In this way, the first network device may discover a target DDNMF and differentiate security information for different groups of target relay terminal devices.
  • Fig. 4 illustrates a signaling chart illustrating a process 400 for obtaining security information for relay discovery in accordance with some example embodiments of the present disclosure.
  • the process 400 will be described with reference to Fig. 1.
  • the process 400 may involve the first terminal device 112 and the first network device 114 in Fig. 1.
  • the process 400 may involve the second terminal device 122 and the second terminal device 124 in Fig. 1.
  • the process 400 will be described by taking the first terminal device 112 and the first network device 114 for example.
  • the first terminal device 112 transmits 410, to the first network device 114, a first request for security information for relay discovery.
  • the first request at least comprises a relay service code (RSC) .
  • RSC relay service code
  • the first network device 114 receives, from the first terminal device 112, the first request for security information for relay discovery.
  • the first network device 114 obtains 420 at least one identity based on the first request.
  • Each of the at least one identity is for one of at least one group of target relay terminal devices supporting the RSC.
  • a target relay terminal device is also referred to as one of the following: a target relay UE, a target relay, a potential relay terminal device, a potential relay UE, or a potential relay.
  • the first network device 114 obtains 430 at least one set of security information based on the at least one identity information.
  • Each of the at least one set of security information is associated with one of the at least one group of target relay terminal devices.
  • the first network device 114 transmits 450 the at least one set of security information to the first terminal device 112.
  • the first terminal device 112 receives the at least one set of security information from the first network device 114.
  • the first terminal device 112 performs 460 the relay discovery based on the at least one set of security information.
  • the first network device 114 may discover a target DDNMF and differentiate security information for different groups of target relay terminal devices.
  • the first network device 114 may obtain a set of security information associated with a relay restricted identity (ID) .
  • the relay restricted ID may be generated based on the RSC and an identity for a group of target relay terminal devices.
  • the first network device 114 may transmit the set of security information in association with the relay restricted ID.
  • the first network device 114 may construct 440 a list of security information for the relay discovery. Each element in the list may be associated with one of the at least one set of security information.
  • each element in the list may be associated with a set of security information and a relay restricted ID associated with the set of security information.
  • Table 1 provides an example of the list.
  • Relay restricted ID #1 A set of security information #1 Relay restricted ID #2 A set of security information #2 Relay restricted ID #3 A set of security information #3
  • each row may present an element of the list of security information for the relay discovery.
  • Each element may be associated with a set of security information for a group of target relay terminal devices and a relay restricted ID.
  • the set of security information #1 is associated with the relay restricted ID #1.
  • each of the at least one set of security information may comprise at least one of the following: security parameters for relay discovery, or PC5 ciphering algorithm, or Discovery User Integrity Key (DUIK) for relay discovery.
  • security parameters for relay discovery or PC5 ciphering algorithm
  • DAIK Discovery User Integrity Key
  • the first PCF device 116 may be configured with an identity of at least one target relay terminal device which belongs to the first HPLMN 110 and supports an RSC.
  • the second PCF device 126 may be configured with an identity of at least one target relay terminal device which belongs to the second HPLMN 120 and supports an RSC.
  • the first network device 114 may obtain the at least one identity from the first PCF device 116 in the first HPLMN 110. This will be described with reference to Fig. 5.
  • Fig. 5 illustrates a signaling chart illustrating a process 500 for obtaining security information for relay discovery in accordance with some example embodiments of the present disclosure.
  • the process 500 will be described with reference to Fig. 1.
  • the process 500 may involve the first network device 114 and the first PCF device 116 in Fig. 1.
  • the first network device 114 transmits 510 a second request for the at least one identity to the first PCF device 116.
  • Each of the at least one identity is for one of at least one group of target relay terminal devices supporting an RSC.
  • the second request at least comprises the RSC.
  • the first PCF device 116 receives, from the first network device 114, the second request for the at least one identity.
  • the first PCF device 116 obtains 520 the at least one identity based on the second request.
  • the first PCF device 116 transmit 530 a second response to the second request to the first network device 114.
  • the second response at least comprises the at least one identity.
  • the first network device 114 receives the second response comprising the at least one identity.
  • the first network device 114 may be configured with an identity of at least one target relay terminal device which belongs to the first HPLMN 110 and supports an RSC.
  • the second network device 124 may be configured with an identity of at least one target relay terminal device which belongs to the second HPLMN 120 and supports an RSC.
  • the first network device 114 may obtain a first identity for the first group of target relay terminal devices locally. In turn, the first network device 114 may obtain a first set of security information associated with the first group of target relay terminal devices locally.
  • the first network device 114 may obtain, from the second network device 124, a second set of security information associated with the second group of target relay terminal devices. This will be described with reference to Fig. 6.
  • Fig. 6 illustrates a signaling chart illustrating a process 600 for obtaining security information for relay discovery in accordance with some example embodiments of the present disclosure.
  • the process 600 will be described with reference to Fig. 1.
  • the process 600 may involve the first network device 114 and the second network device 124 in Fig. 1.
  • the first network device 114 transmits 610, to the second network device 124, a third request for at least one second set of security information for the RSC.
  • the third request at least comprises the RSC.
  • the second network device 124 receives, from the first network device 114, the third request for the at least one second set of security information for the RSC.
  • the second network device 124 obtains 620 the at least one second set of security information based on the third request.
  • Each of the at least one second set of security information is associated with a second group of target relay terminal devices belonging to the second HPLMN 120.
  • the second network device 124 transmit 630, to the first network device 114, a third response to the third request.
  • the third response at least comprises the at least one second set of security information.
  • a remote UE and a U2N relay are taken as an example of the first terminal device 112 and the second terminal device 122, respectively.
  • a DDNMF or PKMF is taken as an example of each of the first network device 114 and the second network device 124.
  • the first HPLMN 110 is configured with a PLMN ID#1
  • the second HPLMN 120 is configured with a PLMN ID#2.
  • Fig. 7 illustrates a signaling chart illustrating a process 700 for obtaining security information for relay discovery in accordance with some example embodiments of the present disclosure.
  • the process 700 may involve the first terminal device 112 (such as a remote UE 112) , the second terminal device 122 (such as a U2N relay 122) , the first network device 114 (such as a DDNMF 114) , the first PCF device 116, the second network device 124 (such as a DDNMF 124) , and the second PCF device 126 in Fig. 1.
  • the first PCF device 116 is configured with an identity of at least one target relay terminal device which belongs to the first HPLMN 110 and supports an RSC.
  • the second PCF device 126 is configured with an identity of at least one target relay terminal device which belongs to the second HPLMN 120 and supports an RSC.
  • each of the at least one group of target relay terminal devices comprises a single target relay terminal device, and an identity for a group of target relay terminal devices comprises a relay identity for discovery.
  • the U2N relay 122 transmits a Discovery Key Request to its DDNMF 124 to get security information for relay discovery to protect PC5 discovery messages.
  • the request may include an RSC and security capabilities of the U2N relay 122.
  • the action at 701 may be considered as an example implementation of the action at 410 in Fig. 4.
  • the DDNMF 124 of the U2N relay 122 generates a relay restricted ID for the U2N relay 122 with a valid timer.
  • the relay restricted ID is associated with the RSC and a relay identity for discovery for the U2N relay 122.
  • the relay identity for discovery is also referred to as “relay ID” for brevity.
  • the relay ID may include HPLMN ID (such as PLMN ID#2) of the U2N relay 122.
  • the DDNMF 124 obtains the security information associated with the relay restricted ID.
  • the DDNMF 124 may generate security parameters and select PC5 ciphering algorithm.
  • the DDNMF 124 transmits a Discovery Key Response to the U2N relay 122.
  • the response includes the RSC, the ProSe restrict code and valid timer, the code specific security parameters and Chosen PC5 ciphering algorithm, CURRENT_TIME, MAX_OFFSET, and optional PC5 security policies.
  • the action at 702 may be considered as an example implementation of the actions at 420, 430, 440 and 450 in Fig. 4.
  • the remote UE 112 transmits a Discovery Key Request to its DDNMF 114 to get security information for relay discovery to protect PC5 discovery messages.
  • the request may include a UE Identity of the remote UE 112, an RSC, and security capability of remote UE 112.
  • the action at 703 may be considered as another example implementation of the action at 410 in Fig. 4.
  • the DDNMF 114 of the remote UE 112 transmits a request to its PCF device 116 to obtain identities for potential relays supporting the RSC for the remote UE 112.
  • the request may include a UE identity of the remote UE 112 and the RSC.
  • the action at 704 may be considered as an example implementation of the action at 510 in Fig. 5.
  • the PCF device 116 of the remote UE 112 obtains IDs of HPLMNs of potential relays locally based on the RSC and local configuration.
  • the PCF device 116 of the remote UE 112 obtains IDs of potential relays locally based on the RSC and local configuration for those potential relays that belong to the same HPLMN of the remote UE 112.
  • the PCF device 116 of the remote UE 112 transmits, to the PCF device 126 of the U2N relay 112, a request for identities for potential relays which belong to the second HPLMN 120.
  • This request is also referred to as “get potential relay request” .
  • the request may include PLMN ID#1 of the first HPLMN 110 of the remote UE 112 and the RSC.
  • the PCF device 116 of the remote UE 112 receives a response to the “get potential relay request” .
  • This response is also referred to as “get potential relay response” .
  • the “get potential relay response” may include the PLMN ID#2 of the second HPLMN 120, the RSC and a list of relay IDs.
  • the actions at 705, 706a, 706b. 1, 706b. 2 may be considered as an example implementation of the action at 520 in Fig. 5.
  • the actions at 706a, 706b. 1, 706b. 2 may be repeated for each HPLMN of potential relays.
  • the PCF device 116 of the remote UE 112 transmits a response to the DDNMF 114 of the remote UE 112.
  • This response is also referred to as “get potential relay response” .
  • the response may include the UE identity of the remote UE 112, the RSC, and a list of relay IDs of the potential relays.
  • the action at 707 may be considered as an example implementation of the action at 530 in Fig. 5.
  • the DDNMF 114 if a potential relay belongs to the same HPLMN of the remote UE 112, the DDNMF 114 generates a relay restricted ID for the potential relay with a valid timer.
  • the relay restricted ID is associated with the RSC and the relay ID for the potential relay.
  • the DDNMF 114 obtains the security information associated with the relay restricted ID. For example, the DDNMF 114 may generate security parameters, DUIK and select PC5 ciphering algorithm associated with the relay restricted ID.
  • the DDNMF 114 of the remote UE 112 transmits a Discovery Key Request to the DDNMF of the HPLMN of the potential relay, so as to obtain security information associated with the RSC.
  • the DDNMF 114 of the remote UE 112 transmits the Discovery Key Request to the DDNMF 124 of the second HPLMN 120.
  • the DDNMF 114 of the remote UE 112 may discover the DDNMF of the potential relay based on the PLMN ID of the HPLMN of the potential relay which may be part of the relay ID of the potential relay.
  • the request may include security capability of the remote UE 112, the RSC, and the relay ID of the potential relay.
  • the action at 708b. 1 may be considered as an example implementation of the action at 610 in Fig. 6.
  • the DDNMF 114 of the remote UE 112 receives a discovery key response from the DDNMF 124 of the U2N relay 122.
  • the response may include a relay restricted ID for the potential relay with a valid timer, security parameters, DUIK, and chosen PC5 ciphering algorithm associated to the relay restricted ID.
  • the relay restricted ID is associated with the RSC and the relay ID.
  • the action at 708b. 2 may be considered as an example implementation of the action at 630 in Fig. 6.
  • the actions at 708a, 708b. 1 and 708b. 2 may be repeated for each potential relay.
  • the DDNMF 114 of the remote UE 112 constructs a list of relay restricted ID with corresponding valid timer, code security parameters, DUIK, and PC5 ciphering algorithms.
  • the action at 709 may be considered as an example implementation of the action at 440 in Fig. 4.
  • the DDNMF of the remote UE 112 transmits a Discovery Key Response to the remote UE 112.
  • the response may include the RSC, optional PC5 security policies, CURRENT_TIME, MAX_OFFSET, a list of (relay restricted ID, valid timer, Code-Rcv-SecParams (i.e., the security parameters) , Chosen PC5 ciphering algorithm) .
  • CURRENT_TIME contains the current UTC-based time at the 5G DDNMF.
  • the UE may obtain UTC time from any sources available, e.g. the RAN via SIB9, NITZ, NTP, GPS, via Ub interface (in GBA) (depending on which is available) .
  • the MAX_OFFSET parameter is used to limit the ability of an attacker to successfully replay discovery messages or obtain correctly MICed discovery message for later use. This is achieved by using MAX_OFFSET as a maximum difference between the UTC-based counter associated with the discovery slot and the ProSe clock held by the UE.
  • the action at 710 may be considered as an example implementation of the action at 450 in Fig. 4.
  • the remote UE 112 and the U2N relay 122 perform the relay discovery over PC5.
  • the discovery messages are protected with the at least one set of security information.
  • Each of the at least one set of security information is associated with the relay restricted ID (which is per relay per RSC) .
  • the action at 711 may be considered as an example implementation of the action at 460 in Fig. 4.
  • the process 700 may be aligned with legacy Evolved Packet System (EPS) /5G direct discovery procedure with extension to support discovery key request for relay discovery. In addition, the process 700 may reduce signaling load from the remote UE 112 to its HPLMN 110.
  • EPS Evolved Packet System
  • Fig. 8 illustrates a signaling chart illustrating a process 800 for obtaining security information for relay discovery in accordance with some example embodiments of the present disclosure.
  • the process 800 may involve the first terminal device 112 (such as the remote UE 112) , the second terminal device 122 (such as the U2N relay 122) , the first network device 114 (such as the DDNMF 114) , the first PCF device 116, the second network device 124 (such as the DDNMF 124) , and the second PCF device 126 in Fig. 1.
  • the process 800 is similar to the process 700 in that the first PCF device 116 is configured with an identity of at least one target relay terminal device which belongs to the first HPLMN 110 and supports an RSC. Similarly, the second PCF device 126 is configured with an identity of at least one target relay terminal device which belongs to the second HPLMN 120 and supports an RSC.
  • each of the at least one group of target relay terminal devices comprises a single target relay terminal device, and an identity for a group of target relay terminal devices comprises a relay identity for discovery.
  • the process 800 is different from the process 700 in that the interaction between PCF devices of different HPLMNs may be avoided and the messages between DDNMF of two HPLMNs may be reduced.
  • actions at 801, 802, 803, 805, 808a, 809, 810 and 811 in the process 800 are similar to the actions at 701, 702, 703, 705, 708a, 709, 710 and 711 in the process 700. Thus, details of these actions are omitted for brevity.
  • Actions at 804, 806, 807, 808b. 1, 808b. 2 and 808b. 3 in the process 800 are different from the actions in the process 700.
  • the DDNMF 114 of the remote UE 112 transmits a request to its PCF device 116 to obtain IDs for HPLMNs supporting an RSC for the remote UE 112.
  • the request may include a UE identity of the remote UE 112 and the RSC. This request is also referred to as “get HPLMNs of potential relays request” .
  • the action at 804 may be considered as another example implementation of the action at 510 in Fig. 5.
  • the PCF device 116 of the remote UE 112 obtains IDs of HPLMNs of potential relays locally based on the RSC and local configuration.
  • the action at 805 may be considered as another example implementation of the action at 530 in Fig. 5.
  • the PCF device 116 of the remote UE 112 transmits a response to the DDNMF 114.
  • This response is also referred to as “get HPLMNs of potential relays response” .
  • the response may include the UE identity of the remote UE 112, the RSC and a list of PLMN IDs.
  • the list of PLMN IDs may comprise at least one of the following: the ID of the first HPLMN 110 (such as PLMN ID#1) , or the ID of the second HPLMN 120 (such as PLMN ID#2)
  • the action at 806 may be considered as another example implementation of the action at 530 in Fig. 5.
  • the list of PLMN IDs may comprise the ID of the first HPLMN 110 (such as PLMN ID#1)
  • the DDNMF 114 of the remote UE 112 obtains IDs of potential relays from the PCF device 116 of the remote UE 112 based on the RSC.
  • the action at 807 may be considered as another example implementation of the actions at 510, 520 and 530 in Fig. 5.
  • the DDNMF 114 of the remote UE 112 transmits a Discovery Key Request to the DDNMF 124 of the HPLMN 120, so as to obtain security information associated with the RSC.
  • the request may include security capability of the remote UE 112 and the RSC. It shall be noted that the request may or may not include the ID of the second HPLMN 120 (such as PLMN ID#2) . This means that security information associated with each of the potential relays in the second HPLMN 120 needs to be obtained.
  • the action at 808b. 1 may be considered as another example implementation of the action at 610 in Fig. 6.
  • the DDNMF 124 of the U2N relay 122 obtains, from the PCF device 126, relay IDs for the potential relays in the second HPLMN 120 based on the RSC. Then, the DDNMF 124 generates a relay restricted ID for each of the potential relays with a valid timer. The relay restricted ID is associated with the RSC and the relay ID for the potential relay. Then, the DDNMF 124 obtains the security information associated with the relay restricted ID.For example, the DDNMF 124 may generate security parameters and select PC5 ciphering algorithm associated with the relay restricted ID. In turn, the DDNMF 124 constructs a list of relay restricted ID with corresponding valid timer, code security parameters and PC5 ciphering algorithms.
  • each element in the list may be associated with a second set of security information and a relay restricted ID associated with the second set of security information.
  • Table 2 provides an example of the list.
  • Relay restricted ID #3 A second set of security information
  • Relay restricted ID #4 A second set of security information #4
  • each row may present an element of the list of security information for the relay discovery.
  • Each element may be associated with a second set of security information for a target relay terminal device and a relay restricted ID.
  • the second set of security information #3 is associated with a first target relay terminal device and the relay restricted ID #3.
  • the Relay restricted ID #3 may be generated based on the RSC and a relay ID of the first target relay terminal device.
  • the DDNMF 114 of the remote UE 112 receives a discovery key response from the DDNMF 124 of the U2N relay 122.
  • the response may include a list of relay restricted ID with corresponding valid timer, code security parameters and PC5 ciphering algorithms.
  • the action at 808b. 3 may be considered as another example implementation of the action at 630 in Fig. 6.
  • Fig. 9 illustrates a signaling chart illustrating a process 900 for obtaining security information for relay discovery in accordance with some example embodiments of the present disclosure.
  • the process 900 will be described with reference to Fig. 1.
  • the process 900 may involve the first terminal device 112 (such as the remote UE 112) , the second terminal device 122 (such as the U2N relay 122) , the first network device 114 (such as the DDNMF 114) , the first PCF device 116, and the second network device 124 (such as the DDNMF 124) in Fig. 1.
  • the process 900 is similar to the process 800 in that the first PCF device 116 is configured with an identity of at least one target relay terminal device which belongs to the first HPLMN 110 and supports an RSC. Similarly, the second PCF device 126 is configured with an identity of at least one target relay terminal device which belongs to the second HPLMN 120 and supports an RSC.
  • each of the at least one group of target relay terminal devices comprises a plurality of target relay terminal devices in one of the first HPLMN 110 or the second HPLMN 120.
  • An identity for a group of target relay terminal devices comprises one of the following: a PLMN identity (ID) of the first HPLMN 110 or the second HPLMN 120 which the plurality of target relay terminal devices belongs to, or a group ID of the plurality of target relay terminal devices.
  • the group ID may include the PLMN ID of the first HPLMN 110 or the second HPLMN 120.
  • actions at 901, 902, 903, 904, 905, 906, 908b. 1, 909, 910 and 911 in the process 900 are similar to the actions at 801, 802, 803, 804, 805, 806, 808b. 1, 809, 810 and 811 in the process 800. Thus, details of these actions are omitted for brevity.
  • Actions at 908a and 908b. 2 in the process 900 are different from the actions in the process 800.
  • the DDNMF 114 of the remote UE 112 if the list of PLMN IDs may comprise the ID of the first HPLMN 110 (such as PLMN ID#1) , the DDNMF 114 of the remote UE 112 generates a relay restricted ID for all the potential relays supporting the RSC in the first HPLMN 110.
  • the relay restricted ID is associated with the RSC and the PLMN ID#1.
  • the DDNMF 114 obtains the security information associated with the relay restricted ID.
  • the DDNMF 114 may generate security parameters and select PC5 ciphering algorithm associated with the relay restricted ID.
  • the DDNMF 114 of the remote UE 112 may generate a valid timer for the relay restricted ID.
  • the DDNMF 114 of the remote UE 112 transmits a Discovery Key Request to the DDNMF 124 of the HPLMN 120, so as to obtain security information associated with the RSC.
  • the request may include security capability of the remote UE 112 and the RSC. It shall be noted that the request may or may not include the ID of the second HPLMN 120 (such as PLMN ID#2) . This means that security information associated with all the potential relays in the second HPLMN 120 needs to be obtained.
  • the action at 908b. 1 may be considered as another example implementation of the action at 610 in Fig. 6.
  • the DDNMF 114 of the remote UE 112 receives a discovery key response from the DDNMF 124 of the U2N relay 122.
  • the response may include the relay restricted ID with corresponding valid timer, code security parameters and PC5 ciphering algorithms.
  • the action at 908b. 2 may be considered as another example implementation of the action at 630 in Fig. 6.
  • the actions at 908b. 1 and 908b. 2 may be repeated for each HPLMN of potential relays associated with the RSC.
  • Fig. 10 illustrates a signaling chart illustrating a process 1000 for obtaining security information for relay discovery in accordance with some example embodiments of the present disclosure.
  • the process 1000 will be described with reference to Fig. 1.
  • the process 1000 may involve the first terminal device 112 (such as the remote UE 112) , the second terminal device 122 (such as the U2N relay 122) , the first network device 114 (such as the DDNMF 114) , and the second network device 124 (such as the DDNMF 124) in Fig. 1.
  • each of the at least one group of target relay terminal devices comprises a single target relay terminal device, and an identity for a group of target relay terminal devices comprises a relay identity for discovery.
  • the process 1000 is different from the process 800 in that the first network device 114 is configured with an identity of at least one target relay terminal device which belongs to the first HPLMN 110 and supports an RSC. Similarly, the second network device 124 is configured with an identity of at least one target relay terminal device which belongs to the second HPLMN 120 and supports an RSC.
  • actions at 1001, 1002, 1003, 1008a, 1008b. 1, 1008b. 4, 1009, 1010 and 1011 in the process 1000 are similar to the actions at 801, 802, 803, 808a, 808b. 1, 808b. 3, 809, 810 and 811 in the process 800. Thus, details of these actions are omitted for brevity.
  • Actions at 1005, 1006, 1008b. 2 and 1008b. 3 in the process 900 are different from the actions in the process 800.
  • the DDNMF 114 of the remote UE 112 obtains IDs of HPLMNs of potential relays locally based on the RSC and local configuration.
  • the DDNMF 114 of the remote UE 112 obtains IDs of potential relays locally based on the RSC and local configuration for those potential relays that belong to the same HPLMN of the remote UE 112.
  • the DDNMF 114 of the remote UE 112 obtains relay IDs for the potential relays in the second HPLMN 120 based on the RSC and local configuration.
  • the DDNMF 124 generates a relay restricted ID for each of the potential relays with a valid timer.
  • the relay restricted ID is associated with the RSC and the relay ID for the potential relay.
  • the DDNMF 124 also obtains the security information associated with the relay restricted ID.
  • the DDNMF 124 may generate security parameters and select PC5 ciphering algorithm associated with the relay restricted ID.
  • the DDNMF 124 constructs a list of relay restricted ID with corresponding valid timer, code security parameters and PC5 ciphering algorithms. An example of the list has been described in Table 2.
  • the actions from 1008b. 1 to 1008b. 4 may be repeated for each PLMN of potential relays associated with the RSC.
  • Fig. 11 illustrates a signaling chart illustrating a process 1100 for obtaining security information for relay discovery in accordance with some example embodiments of the present disclosure.
  • the process 1100 will be described with reference to Fig. 1.
  • the process 1100 may involve the first terminal device 112 (such as the remote UE 112) , the second terminal device 122 (such as the U2N relay 122) , the first network device 114 (such as the DDNMF 114) , and the second network device 124 (such as the DDNMF 124) in Fig. 1.
  • each of the at least one group of target relay terminal devices comprises a plurality of target relay terminal devices in one of the first HPLMN 110 or the second HPLMN 120.
  • An identity for a group of target relay terminal devices comprises one of the following: a PLMN identity (ID) of the first HPLMN 110 or the second HPLMN 120 which the plurality of target relay terminal devices belongs to, or a group ID of the plurality of target relay terminal devices.
  • the group ID may include the PLMN ID of the first HPLMN 110 or the second HPLMN 120.
  • the process 1100 is different from the process 900 in that the first network device 114 is configured with an identity of at least one target relay terminal device which belongs to the first HPLMN 110 and supports an RSC. Similarly, the second network device 124 is configured with an identity of at least one target relay terminal device which belongs to the second HPLMN 120 and supports an RSC.
  • actions at 1101, 1102, 1103, 1108a, 1108b. 1, 1108b. 2, 1109, 1110 and 1111 in the process 1100 are similar to the actions at 901, 902, 903, 908a, 908b. 1, 908b. 2, 909, 910 and 911 in the process 900. Thus, details of these actions are omitted for brevity.
  • An action at 1105 in the process 1100 is different from the actions in the process 900.
  • the DDNMF 114 of the remote UE 112 obtains IDs of HPLMNs of potential relays locally based on the RSC and local configuration.
  • the actions at 1108b. 1 and 1108b. 2 may be repeated for each PLMN of potential relays associated with the RSC.
  • Fig. 12 shows a flowchart of an example method 1200 implemented at a first network device in accordance with some example embodiments of the present disclosure. For the purpose of discussion, the method 1200 will be described from the perspective of the first network device 114 with respect to Fig. 1.
  • the first network device 114 receives, from a terminal device served by the first network device, a first request for security information for relay discovery.
  • the first request at least comprises a relay service code (RSC) .
  • RSC relay service code
  • the first network device 114 obtains at least one identity based on the first request.
  • Each of the at least one identity is for one of at least one group of target relay terminal devices supporting the RSC.
  • the first network device 114 obtain at least one set of security information based on the at least one identity and the RSC. Each of the at least one set of security information is associated with one of the at least one group of target relay terminal devices.
  • the first network device 114 transmits the at least one set of security information to the terminal device.
  • obtaining the at least one identity may comprise: obtaining the at least one identity from a first policy control function (PCF) device in the first HPLMN.
  • PCF policy control function
  • obtaining the at least one identity from the first PCF device may comprise: transmitting a second request for the at least one identity to the first PCF device, the second request at least comprising the RSC; and receiving a second response to the second request from the first PCF device, the second response at least comprising the at least one identity.
  • obtaining the at least one set of security information may comprise: obtaining a set of security information associated with a relay restricted identity, the relay restricted identity being generated based on the RSC and an identity for one of the at least one group of target relay terminal devices.
  • transmitting the at least one set of security information may comprise: transmitting the set of security information in association with the relay restricted identity.
  • obtaining the at least one set of security information may comprise: based on determining that a first group of target relay terminal devices among the at least one group belongs to the first HPLMN, generating a first relay restricted identity based on the RSC and a first identity for the first group of target relay terminal devices, and obtaining a first set of security information associated with the first relay restricted identity.
  • obtaining the at least one set of security information may comprise: based on determining that a second group of target relay terminal devices among the at least one group belongs to a second HPLMN different from the first HPLMN, transmitting, to a second network device in the second HPLMN, a third request for a second set of security information for the RSC, and receiving, from the second network device, a third response to the third request, the third response comprising the second set of security information and a second relay restricted identity, the second relay restricted identity being associated with the RSC and a second identity for the second group.
  • the third request comprises the second identity.
  • obtaining the at least one identity may comprise: obtaining the at least one identity locally.
  • each of the at least one group of target relay terminal devices belongs to the first HPLMN or a second HPLMN, the second HPLMN being different from the first HPLMN.
  • each of the at least one group of target relay terminal devices comprises a single target relay terminal device, and each of the at least one identity comprises a relay identity for discovery.
  • each of the at least one group of target relay terminal devices comprises a plurality of target relay terminal devices
  • each of the at least one identity comprises one of the following: a PLMN identity of the first HPLMN or the second HPLMN which the plurality of target relay terminal devices belongs to, or a group identity of the plurality of target relay terminal devices.
  • Fig. 13 shows a flowchart of an example method 1300 implemented at a terminal device in accordance with some example embodiments of the present disclosure.
  • the method 1300 will be described from the perspective of the first terminal device 112 with respect to Fig. 1.
  • the method 1300 may be implemented at the second terminal device 122.
  • the first terminal device 112 transmits, to a network device in a home public land mobile network (HPLMN) , a request for security information for relay discovery.
  • the request at least comprises a relay service code (RSC) .
  • RSC relay service code
  • the first terminal device 112 receives at least one set of security information from the network device.
  • Each of the at least one set of security information is associated with one of at least one group of target relay terminal devices supporting the RSC.
  • the first terminal device 112 performs the relay discovery based on the at least one set of security information.
  • receiving the at least one set of security information may comprise: receiving a set of security information in association with a relay restricted identity, the relay restricted identity being associated with the RSC and an identity for one of the at least one group of target relay terminal devices.
  • each of the at least one group of target relay terminal devices belongs to a first HPLMN or a second HPLMN, the second HPLMN being different from the first HPLMN.
  • each of the at least one group of target relay terminal devices comprises a single target relay terminal device, and each of the at least one identity comprises a relay identity for discovery.
  • each of the at least one group of target relay terminal devices comprises a plurality of target relay terminal devices
  • each of the at least one identity comprises one of the following: a PLMN identity for the first or second HPLMN which the plurality of target relay terminal devices belongs to, or a group identity for the plurality of target relay terminal devices.
  • Fig. 14 shows a flowchart of an example method 1400 implemented at a first PCF device in accordance with some example embodiments of the present disclosure. For the purpose of discussion, the method 1400 will be described from the perspective of the first PCF device 116 with respect to Fig. 1.
  • the first PCF device 116 receives, from a first network device in the first HPLMN, a second request for at least one identity.
  • Each of the at least one identity is for one of at least one group of target relay terminal devices supporting a relay service code (RSC) , the second request at least comprising the RSC.
  • RSC relay service code
  • the first PCF device 116 obtains the at least one identity based on the second request.
  • the first PCF device 116 transmits, to the first network device, a second response to the second request.
  • the second response at least comprising the at least one identity.
  • each of the at least one group of target relay terminal devices belongs to the first HPLMN or a second HPLMN.
  • the second HPLMN is different from the first HPLMN.
  • each of the at least one group of target relay terminal devices comprises a single target relay terminal device, and each of the at least one identity comprises a relay identity for discovery.
  • obtaining the at least one identity may comprise: based on determining that the at least one group of target relay terminal devices belongs to the first HPLMN, obtaining, based on the second request, a first identity of the first HPLMN locally; and obtaining a relay identity for discovery for each of the at least one group of target relay terminal devices locally.
  • obtaining the at least one identity may comprise: based on determining that the at least one group of target relay terminal devices belongs to the second HPLMN, transmitting, to a second PCF device in the second HPLMN, a fourth request for at least one relay identity for discovery for the at least one group of target relay terminal devices, and receiving, from the second PCF device, a fourth response to the fourth request, the fourth response comprising the at least one relay identity.
  • each of the at least one group of target relay terminal devices comprises a plurality of target relay terminal devices
  • the at least one identity comprises one of the following: a PLMN identity for the first or second HPLMN which the plurality of target relay terminal devices belongs to, or a group identity for the plurality of target relay terminal devices.
  • obtaining the at least one identity may comprise: obtaining the PLMN identity or the group identity based on the second request.
  • Fig. 15 shows a flowchart of an example method 1500 implemented at a second network device in accordance with some example embodiments of the present disclosure. For the purpose of discussion, the method 1500 will be described from the perspective of the second network device 124 with respect to Fig. 1.
  • the second network device 124 receives, from a first network device in a first HPLM, a third request for at least one second set of security information for a relay service code (RSC) ,
  • the request at least comprises the RSC, and the second HPLMN is different from the first HPLMN.
  • RSC relay service code
  • the second network device 124 obtains the at least one second set of security information based on the third request.
  • the second network device 124 transmits a third response to the first network device.
  • the third response at least comprises the at least one second set of security information.
  • each of the at least one second set of security information is associated with a second group of target relay terminal devices belonging to the second HPLMN.
  • the second group of target relay terminal devices comprises a single target relay terminal device, and a second identity for the second group comprises a relay identity for discovery.
  • the second group of target relay terminal devices comprises a plurality of target relay terminal devices
  • a second identity for the second group comprises one of the following: a PLMN identity for the second HPLMN which the plurality of target relay terminal devices belongs to, or a group identity for the plurality of target relay terminal devices.
  • obtaining the at least one second set of security information may comprise: generating a second relay restricted identity based on the RSC and a second identity for the second group, obtaining one of the at least one second set of security information which is associated with the second relay restricted identity.
  • transmitting the at least one second set of security information may comprise: transmitting the one of the at least one second set of security information in association with the second relay restricted identity.
  • the third request comprises a second identity for the second group of target relay terminal devices.
  • Fig. 16 shows a flowchart of an example method 1600 implemented at a second PCF device in accordance with some example embodiments of the present disclosure.
  • the method 1600 will be described from the perspective of the second PCF device 126 with respect to Fig. 1.
  • the second PCF device 126 receives a request for at least one identity, each of the at least one identity being for a target relay terminal device supporting a relay service code (RSC) , the request at least comprising the RSC.
  • RSC relay service code
  • the second PCF device 126 obtains the at least one identity based on the request.
  • the second PCF device 126 transmits a response to the request, the response comprising the at least one identity.
  • receiving the request for at least one identity comprises receiving the request from one of the following: a first network device in a first HPLMN different from the second HPLMN, or a second network device in the second HPLMN.
  • an apparatus capable of performing any of the method 1200 may comprise means for performing the respective operations of the method 1200.
  • the means may be implemented in any suitable form.
  • the means may be implemented in a circuitry or software module.
  • the apparatus may be implemented as or included in the first network device 114.
  • the means may comprise a processor and a memory.
  • the apparatus comprises: means for receiving, at a first network device in a first home public land mobile network (HPLMN) from a terminal device served by the first network device, a first request for security information for relay discovery, the first request at least comprising a relay service code (RSC) ; means for obtaining at least one identity based on the first request, each of the at least one identity being for one of at least one group of target relay terminal devices supporting the RSC; means for obtaining at least one set of security information based on the at least one identity and the RSC, each of the at least one set of security information being associated with one of the at least one group of target relay terminal devices; and means for transmitting the at least one set of security information to the terminal device.
  • HPLMN home public land mobile network
  • RSC relay service code
  • the means for obtaining the at least one identity may comprise: means for obtaining the at least one identity from a first policy control function (PCF) device in the first HPLMN.
  • PCF policy control function
  • the means for obtaining the at least one identity from the first PCF device may comprise: means for transmitting a second request for the at least one identity to the first PCF device, the second request at least comprising the RSC; and means for receiving a second response to the second request from the first PCF device, the second response at least comprising the at least one identity.
  • the means for obtaining the at least one set of security information may comprise: means for obtaining a set of security information associated with a relay restricted identity, the relay restricted identity being generated based on the RSC and an identity for one of the at least one group of target relay terminal devices.
  • the means for transmitting the at least one set of security information may comprise: means for transmitting the set of security information in association with the relay restricted identity.
  • the means for obtaining the at least one set of security information may comprise: based on determining that a first group of target relay terminal devices among the at least one group belongs to the first HPLMN, means for generating a first relay restricted identity based on the RSC and a first identity for the first group of target relay terminal devices, and means for obtaining a first set of security information associated with the first relay restricted identity.
  • the means for obtaining the at least one set of security information may comprise: based on determining that a second group of target relay terminal devices among the at least one group belongs to a second HPLMN different from the first HPLMN, means for transmitting, to a second network device in the second HPLMN, a third request for a second set of security information for the RSC, and means for receiving, from the second network device, a third response to the third request, the third response comprising the second set of security information and a second relay restricted identity, the second relay restricted identity being associated with the RSC and a second identity for the second group.
  • the third request comprises the second identity.
  • the means for obtaining the at least one identity may comprise: means for obtaining the at least one identity locally.
  • each of the at least one group of target relay terminal devices belongs to the first HPLMN or a second HPLMN, the second HPLMN being different from the first HPLMN.
  • each of the at least one group of target relay terminal devices comprises a single target relay terminal device, and each of the at least one identity comprises a relay identity for discovery.
  • each of the at least one group of target relay terminal devices comprises a plurality of target relay terminal devices
  • each of the at least one identity comprises one of the following: a PLMN identity of the first HPLMN or the second HPLMN which the plurality of target relay terminal devices belongs to, or a group identity of the plurality of target relay terminal devices.
  • an apparatus capable of performing any of the method 1300 may comprise means for performing the respective operations of the method 1300.
  • the means may be implemented in any suitable form.
  • the means may be implemented in a circuitry or software module.
  • the apparatus may be implemented as or included in the first terminal device 112.
  • the means may comprise a processor and a memory.
  • the apparatus comprises: means for transmitting, from a terminal device to a network device in a home public land mobile network (HPLMN) , a request for security information for relay discovery, the request at least comprising a relay service code (RSC) ; means for receiving at least one set of security information from the network device, each of the at least one set of security information being associated with one of at least one group of target relay terminal devices supporting the RSC; and means for performing the relay discovery based on the at least one set of security information.
  • HPLMN home public land mobile network
  • RSC relay service code
  • receiving the at least one set of security information may comprise: receiving a set of security information in association with a relay restricted identity, the relay restricted identity being associated with the RSC and an identity for one of the at least one group of target relay terminal devices.
  • each of the at least one group of target relay terminal devices belongs to a first HPLMN or a second HPLMN, the second HPLMN being different from the first HPLMN.
  • each of the at least one group of target relay terminal devices comprises a single target relay terminal device, and each of the at least one identity comprises a relay identity for discovery.
  • each of the at least one group of target relay terminal devices comprises a plurality of target relay terminal devices
  • each of the at least one identity comprises one of the following: a PLMN identity for the first or second HPLMN which the plurality of target relay terminal devices belongs to, or a group identity for the plurality of target relay terminal devices.
  • an apparatus capable of performing any of the method 1400 may comprise means for performing the respective operations of the method 1400.
  • the means may be implemented in any suitable form.
  • the means may be implemented in a circuitry or software module.
  • the apparatus may be implemented as or included in the first PCF device 116.
  • the means may comprise a processor and a memory.
  • the apparatus comprises: means for receiving, at a first policy control function (PCF) device in a first home public land mobile network (HPLMN) from a first network device in the first HPLMN, a second request for at least one identity, each of the at least one identity being for one of at least one group of target relay terminal devices supporting a relay service code (RSC) , the second request at least comprising the RSC; means for obtaining the at least one identity based on the second request; and means for transmitting, to the first network device, a second response to the second request, the second response at least comprising the at least one identity.
  • PCF policy control function
  • HPLMN home public land mobile network
  • RSC relay service code
  • each of the at least one group of target relay terminal devices belongs to the first HPLMN or a second HPLMN.
  • the second HPLMN is different from the first HPLMN.
  • each of the at least one group of target relay terminal devices comprises a single target relay terminal device, and each of the at least one identity comprises a relay identity for discovery.
  • the means for obtaining the at least one identity may comprise: based on determining that the at least one group of target relay terminal devices belongs to the first HPLMN, means for obtaining, based on the second request, a first identity of the first HPLMN locally; and means for obtaining a relay identity for discovery for each of the at least one group of target relay terminal devices locally.
  • the means for obtaining the at least one identity may comprise: based on determining that the at least one group of target relay terminal devices belongs to the second HPLMN, means for transmitting, to a second PCF device in the second HPLMN, a fourth request for at least one relay identity for discovery for the at least one group of target relay terminal devices, and means for receiving, from the second PCF device, a fourth response to the fourth request, the fourth response comprising the at least one relay identity.
  • each of the at least one group of target relay terminal devices comprises a plurality of target relay terminal devices
  • the at least one identity comprises one of the following: a PLMN identity for the first or second HPLMN which the plurality of target relay terminal devices belongs to, or a group identity for the plurality of target relay terminal devices.
  • the means for obtaining the at least one identity may comprise: means for obtaining the PLMN identity or the group identity based on the second request.
  • an apparatus capable of performing any of the method 1500 may comprise means for performing the respective operations of the method 1500.
  • the means may be implemented in any suitable form.
  • the means may be implemented in a circuitry or software module.
  • the apparatus may be implemented as or included in the second network device 124.
  • the means may comprise a processor and a memory.
  • the apparatus comprises: means for receiving, at a second network device in a second home public land mobile network (HPLMN) from a first network device in a first HPLM, a third request for at least one second set of security information for a relay service code (RSC) , the request at least comprising the RSC, the second HPLMN being different from the first HPLMN; means for obtaining the at least one second set of security information based on the third request; and means for transmitting a third response to the first network device, the third response at least comprising the at least one second set of security information.
  • HPLMN home public land mobile network
  • RSC relay service code
  • each of the at least one second set of security information is associated with a second group of target relay terminal devices belonging to the second HPLMN.
  • the second group of target relay terminal devices comprises a single target relay terminal device, and a second identity for the second group comprises a relay identity for discovery.
  • the second group of target relay terminal devices comprises a plurality of target relay terminal devices
  • a second identity for the second group comprises one of the following: a PLMN identity for the second HPLMN which the plurality of target relay terminal devices belongs to, or a group identity for the plurality of target relay terminal devices.
  • the means for obtaining the at least one second set of security information may comprise: means for generating a second relay restricted identity based on the RSC and a second identity for the second group and means for obtaining one of the at least one second set of security information which is associated with the second relay restricted identity.
  • the means for transmitting the at least one second set of security information may comprise: means for transmitting the one of the at least one second set of security information in association with the second relay restricted identity.
  • the third request comprises a second identity for the second group of target relay terminal devices.
  • an apparatus capable of performing any of the method 1600 may comprise means for performing the respective operations of the method 1600.
  • the means may be implemented in any suitable form.
  • the means may be implemented in a circuitry or software module.
  • the apparatus may be implemented as or included in the second PCF device 126.
  • the means may comprise a processor and a memory.
  • the apparatus comprises: means for receiving, at a second PCF device in a second home public land mobile network (HPLMN) , a request for at least one identity, each of the at least one identity being for a target relay terminal device supporting a relay service code (RSC) , the request at least comprising the RSC; means for obtaining the at least one identity based on the request; and means for transmitting a response to the request, the response comprising the at least one identity.
  • HPLMN home public land mobile network
  • RSC relay service code
  • the means for receiving the request for at least one identity comprises means for receiving the request from one of the following: a first network device in a first HPLMN different from the second HPLMN, or a second network device in the second HPLMN.
  • Fig. 17 is a simplified block diagram of a device 1700 that is suitable for implementing embodiments of the present disclosure.
  • the device 1700 may be provided to implement the communication device, for example, the first terminal device 112, the first network device 114, the first PCF device 116, the second terminal device 122, the second network device 124, or the second PCF device 126 as shown in Fig. 1.
  • the device 1700 includes one or more processors 1710, one or more memories 1720 coupled to the processor 1710, and one or more communication modules 1740 coupled to the processor 1710.
  • the communication module 1740 is for bidirectional communications.
  • the communication module 1740 has at least one antenna to facilitate communication.
  • the communication interface may represent any interface that is necessary for communication with other network elements.
  • the processor 1710 may be of any type suitable to the local technical network and may include one or more of the following: general purpose computers, special purpose computers, microprocessors, digital signal processors (DSPs) and processors based on multicore processor architecture, as non-limiting examples.
  • the device 1700 may have multiple processors, such as an application specific integrated circuit chip that is slaved in time to a clock which synchronizes the main processor.
  • the memory 1720 may include one or more non-volatile memories and one or more volatile memories.
  • the non-volatile memories include, but are not limited to, a Read Only Memory (ROM) 1724, an electrically programmable read only memory (EPROM) , a flash memory, a hard disk, a compact disc (CD) , a digital video disk (DVD) , and other magnetic storage and/or optical storage.
  • the volatile memories include, but are not limited to, a random access memory (RAM) 1722 and other volatile memories that will not last in the power-down duration.
  • a computer program 1730 includes computer executable instructions that are executed by the associated processor 1710.
  • the program 1730 may be stored in the ROM 1724.
  • the processor 1710 may perform any suitable actions and processing by loading the program 1730 into the RAM 1722.
  • the embodiments of the present disclosure may be implemented by means of the program 1730 so that the device 1700 may perform any process of the disclosure as discussed with reference to Figs. 1 to 16.
  • the embodiments of the present disclosure may also be implemented by hardware or by a combination of software and hardware.
  • the program 1730 may be tangibly contained in a computer readable medium which may be included in the device 1700 (such as in the memory 1720) or other storage devices that are accessible by the device 1700.
  • the device 1700 may load the program 1730 from the computer readable medium to the RAM 1722 for execution.
  • the computer readable medium may include any types of tangible non-volatile storage, such as ROM, EPROM, a flash memory, a hard disk, CD, DVD, and the like.
  • Fig. 18 shows an example of the computer readable medium 1800 in form of CD or DVD.
  • the computer readable medium has the program 1730 stored thereon.
  • various embodiments of the present disclosure may be implemented in hardware or special purpose circuits, software, logic or any combination thereof. Some aspects may be implemented in hardware, while other aspects may be implemented in firmware or software which may be executed by a controller, microprocessor or other computing device. While various aspects of embodiments of the present disclosure are illustrated and described as block diagrams, flowcharts, or using some other pictorial representations, it is to be understood that the block, apparatus, system, technique or method described herein may be implemented in, as non-limiting examples, hardware, software, firmware, special purpose circuits or logic, general purpose hardware or controller or other computing devices, or some combination thereof.
  • the present disclosure also provides at least one computer program product tangibly stored on a non-transitory computer readable storage medium.
  • the computer program product includes computer-executable instructions, such as those included in program modules, being executed in a device on a target real or virtual processor, to carry out the methods 1200 to 1600 as described above with reference to Figs. 12 to 16.
  • program modules include routines, programs, libraries, objects, classes, components, data structures, or the like that perform particular tasks or implement particular abstract data types.
  • the functionality of the program modules may be combined or split between program modules as desired in various embodiments.
  • Machine-executable instructions for program modules may be executed within a local or distributed device. In a distributed device, program modules may be located in both local and remote storage media.
  • Program code for carrying out methods of the present disclosure may be written in any combination of one or more programming languages. These program codes may be provided to a processor or controller of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the program codes, when executed by the processor or controller, cause the functions/operations specified in the flowcharts and/or block diagrams to be implemented.
  • the program code may execute entirely on a machine, partly on the machine, as a stand-alone software package, partly on the machine and partly on a remote machine or entirely on the remote machine or server.
  • the computer program codes or related data may be carried by any suitable carrier to enable the device, apparatus or processor to perform various processes and operations as described above.
  • Examples of the carrier include a signal, computer readable medium, and the like.
  • the computer readable medium may be a computer readable signal medium or a computer readable storage medium.
  • a computer readable medium may include but not limited to an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of the computer readable storage medium would include an electrical connection having one or more wires, a portable computer diskette, a hard disk, a random access memory (RAM) , a read-only memory (ROM) , an erasable programmable read-only memory (EPROM or Flash memory) , an optical fiber, a portable compact disc read-only memory (CD- ROM) , an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Databases & Information Systems (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Example embodiments of the present disclosure relate to for obtaining security information for relay discovery. A first network device receives, from a terminal device served by the first network device, a first request for security information for relay discovery. The first request at least comprises a relay service code (RSC). The first network device obtains at least one identity based on the first request. Each of the at least one identity is for one of at least one group of target relay terminal devices supporting the RSC. The first network device obtains at least one set of security information based on the at least one identity and the RSC. Each of the at least one set of security information is associated with one of the at least one group of target relay terminal devices. The first network device transmits the at least one set of security information to the terminal device.

Description

OBTAINING OF SECURITY INFORMATION FOR RELAY DISCOVERY FIELD
Various example embodiments of the present disclosure generally relate to the field of telecommunication and in particular, to devices, methods, apparatus and computer readable storage media for obtaining security information for relay discovery.
BACKGROUND
The Fifth Generation (5G) system support proximity based services (ProSe) feature. 5G ProSe features may comprise 5G ProSe Direct Discovery, 5G ProSe Direct Communication and 5G ProSe UE-to-Network (U2N) Relay. In the 5G ProSe UE-to-Network Relay feature, a remote user equipment (UE) may connect to a UE-to-Network relay via a PC5 interface with 5G ProSe Direct Communication, and communicate with a data network via the UE-to-Network relay and 5G network. In order to perform the 5G ProSe Direct Communication between the remote UE and the U2N relay, the remote UE and the U2N relay may perform a 5G ProSe Direct discovery procedure using security information for relay discovery.
SUMMARY
In general, example embodiments of the present disclosure provide a solution for obtaining security information for relay discovery.
In a first aspect, there is provided a first network device in a first home public land mobile network (HPLMN) . The first network device comprises at least one processor and at least one memory storing instructions. When the instructions are executed by the at least one processor, the instructions cause the first network device at least to: receive, from a terminal device served by the first network device, a first request for security information for relay discovery, the first request at least comprising a relay service code (RSC) ; obtain at least one identity based on the first request, each of the at least one identity being for one of at least one group of target relay terminal devices supporting the RSC; obtain at least one set of security information based on the at least one identity and the RSC, each of the at least one set of security information being associated with one of the at least one group of target relay  terminal devices; and transmit the at least one set of security information to the terminal device.
In a second aspect, there is provided a terminal device. The terminal device comprises at least one processor and at least one memory storing instructions. When the instructions are executed by the at least one processor, the instructions cause the terminal device at least to: transmit, to a network device in a home public land mobile network (HPLMN) , a request for security information for relay discovery, the request at least comprising a relay service code (RSC) ; receive at least one set of security information from the network device, each of the at least one set of security information being associated with one of at least one group of target relay terminal devices supporting the RSC; and perform the relay discovery based on the at least one set of security information.
In a third aspect, there is provided a first policy control function (PCF) device in a first home public land mobile network (HPLMN) . The first PCF device comprises at least one processor and at least one memory storing instructions. When the instructions are executed by the at least one processor, the instructions cause the first PCF device at least to: receive, from a first network device in the first HPLMN, a second request for at least one identity, each of the at least one identity being for one of at least one group of target relay terminal devices supporting a relay service code (RSC) , the second request at least comprising the RSC; obtain the at least one identity based on the second request; and transmit, to the first network device, a second response to the second request, the second response at least comprising the at least one identity.
In a fourth aspect, there is provided a second network device in a second home public land mobile network (HPLMN) . The second network device comprises at least one processor and at least one memory storing instructions. When the instructions are executed by the at least one processor, the instructions cause the second network device at least to: receive, from a first network device in a first HPLM, a third request for at least one second set of security information for a relay service code (RSC) , the request at least comprising the RSC, the second HPLMN being different from the first HPLMN; obtain the at least one second set of security information based on the third request; and transmit a third response to the first network device, the third response at least comprising the at least one second set of security information.
In a fifth aspect, there is provided a second policy control function (PCF) device in  a second home public land mobile network (HPLMN) . The second PCF device comprises at least one processor and at least one memory storing instructions. When the instructions are executed by the at least one processor, the instructions cause the second PCF device at least to:receive a request for at least one identity, each of the at least one identity being for a target relay terminal device supporting a relay service code (RSC) , the request at least comprising the RSC; obtain the at least one identity based on the request; and transmit a response to the request, the response comprising the at least one identity.
In a sixth aspect, there is provided an apparatus. The apparatus comprises: means for receiving, at a first network device in a first home public land mobile network (HPLMN) from a terminal device served by the first network device, a first request for security information for relay discovery, the first request at least comprising a relay service code (RSC) ; means for obtaining at least one identity based on the first request, each of the at least one identity being for one of at least one group of target relay terminal devices supporting the RSC; means for obtaining at least one set of security information based on the at least one identity and the RSC, each of the at least one set of security information being associated with one of the at least one group of target relay terminal devices; and means for transmitting the at least one set of security information to the terminal device.
In a seventh aspect, there is provided an apparatus. The apparatus comprises: means for transmitting, from a terminal device to a network device in a home public land mobile network (HPLMN) , a request for security information for relay discovery, the request at least comprising a relay service code (RSC) ; means for receiving at least one set of security information from the network device, each of the at least one set of security information being associated with one of at least one group of target relay terminal devices supporting the RSC; and means for performing the relay discovery based on the at least one set of security information.
In an eighth aspect, there is provided an apparatus. The apparatus comprises: means for receiving, at a first policy control function (PCF) device in a first home public land mobile network (HPLMN) from a first network device in the first HPLMN, a second request for at least one identity, each of the at least one identity being for one of at least one group of target relay terminal devices supporting a relay service code (RSC) , the second request at least comprising the RSC; means for obtaining the at least one identity based on the second request; and means for transmitting, to the first network device, a second response to the second request, the second response at least comprising the at least one identity.
In a ninth aspect, there is provided an apparatus. The apparatus comprises: means for receiving, at a second network device in a second home public land mobile network (HPLMN) from a first network device in a first HPLM, a third request for at least one second set of security information for a relay service code (RSC) , the request at least comprising the RSC, the second HPLMN being different from the first HPLMN; means for obtaining the at least one second set of security information based on the third request; and means for transmitting a third response to the first network device, the third response at least comprising the at least one second set of security information.
In a tenth aspect, there is provided an apparatus. The apparatus comprises: means for receiving, at a second PCF device in a second home public land mobile network (HPLMN) , a request for at least one identity, each of the at least one identity being for a target relay terminal device supporting a relay service code (RSC) , the request at least comprising the RSC; means for obtaining the at least one identity based on the request; and means for transmitting a response to the request, the response comprising the at least one identity.
In an eleventh aspect, there is provided a method. The method comprises: receiving, at a first network device in a first home public land mobile network (HPLMN) from a terminal device served by the first network device, a first request for security information for relay discovery, the first request at least comprising a relay service code (RSC) ; obtaining at least one identity based on the first request, each of the at least one identity being for one of at least one group of target relay terminal devices supporting the RSC; obtaining at least one set of security information based on the at least one identity and the RSC, each of the at least one set of security information being associated with one of the at least one group of target relay terminal devices; and transmitting the at least one set of security information to the terminal device.
In a twelfth aspect, there is provided a method. The method comprises: transmitting, from a terminal device to a network device in a home public land mobile network (HPLMN) , a request for security information for relay discovery, the request at least comprising a relay service code (RSC) ; receiving at least one set of security information from the network device, each of the at least one set of security information being associated with one of at least one group of target relay terminal devices supporting the RSC; and performing the relay discovery based on the at least one set of security information.
In a thirteenth aspect, there is provided a method. The method comprises: receiving,  at a first policy control function (PCF) device in a first home public land mobile network (HPLMN) from a first network device in the first HPLMN, a second request for at least one identity, each of the at least one identity being for one of at least one group of target relay terminal devices supporting a relay service code (RSC) , the second request at least comprising the RSC; obtaining the at least one identity based on the second request; and transmitting, to the first network device, a second response to the second request, the second response at least comprising the at least one identity.
In a fourteenth aspect, there is provided a method. The method comprises: receiving, at a second network device in a second home public land mobile network (HPLMN) from a first network device in a first HPLM, a third request for at least one second set of security information for a relay service code (RSC) , the request at least comprising the RSC, the second HPLMN being different from the first HPLMN; obtaining the at least one second set of security information based on the third request; and transmitting a third response to the first network device, the third response at least comprising the at least one second set of security information.
In a fifteenth aspect, there is provided a method. The method comprises: receiving, at a second PCF device in a second home public land mobile network (HPLMN) , a request for at least one identity, each of the at least one identity being for a target relay terminal device supporting a relay service code (RSC) , the request at least comprising the RSC; obtaining the at least one identity based on the request; and transmitting a response to the request, the response comprising the at least one identity.
In a sixteenth aspect, there is provided a computer readable medium. The computer readable medium comprises program instructions that, when executed by at least one processor, cause an apparatus to perform at least the method according to any of the eleventh to fifteenth aspects.
It is to be understood that the summary section is not intended to identify key or essential features of example embodiments of the present disclosure, nor is it intended to be used to limit the scope of the present disclosure. Other features of the present disclosure will become easily comprehensible through the following description.
BRIEF DESCRIPTION OF THE DRAWINGS
Some example embodiments will now be described with reference to the  accompanying drawings, where:
Fig. 1 illustrates an example communication network in which example embodiments of the present disclosure may be implemented;
Fig. 2 illustrates a signaling chart illustrating a security procedure for restricted 5G ProSe Direct Discovery Model A;
Fig. 3 illustrates a signaling chart illustrating a PC5 security establishment procedure for 5G ProSe UE-to-Network relay communication over User Plane;
Fig. 4 illustrates a signaling chart illustrating a process for obtaining security information for relay discovery in accordance with some example embodiments of the present disclosure;
Fig. 5 illustrates a signaling chart illustrating a process for obtaining security information for relay discovery in accordance with some other example embodiments of the present disclosure;
Fig. 6 illustrates a signaling chart illustrating a process for obtaining security information for relay discovery in accordance with some other example embodiments of the present disclosure;
Fig. 7 illustrates a signaling chart illustrating an example implementation of a process for obtaining security information for relay discovery in accordance with some example embodiments of the present disclosure;
Fig. 8 illustrates a signaling chart illustrating an example implementation of a process for obtaining security information for relay discovery in accordance with some other example embodiments of the present disclosure;
Fig. 9 illustrates a signaling chart illustrating an example implementation of a process for obtaining security information for relay discovery in accordance with some other example embodiments of the present disclosure;
Fig. 10 illustrates a signaling chart illustrating an example implementation of a process for obtaining security information for relay discovery in accordance with still other example embodiments of the present disclosure;
Fig. 11 illustrates a signaling chart illustrating an example implementation of a process for obtaining security information for relay discovery in accordance with yet other example embodiments of the present disclosure;
Fig. 12 illustrates a flowchart of a method implemented at a first network device in accordance with some example embodiments of the present disclosure;
Fig. 13 illustrates a flowchart of a method implemented at a terminal device in accordance with some example embodiments of the present disclosure;
Fig. 14 illustrates a flowchart of a method implemented at a first policy control function (PCF) device in accordance with some example embodiments of the present disclosure;
Fig. 15 illustrates a flowchart of a method implemented at a second network device in accordance with some example embodiments of the present disclosure;
Fig. 16 illustrates a flowchart of a method implemented at a second PCF device in accordance with some example embodiments of the present disclosure;
Fig. 17 illustrates a simplified block diagram of an apparatus that is suitable for implementing example embodiments of the present disclosure; and
Fig. 18 illustrates a block diagram of an example computer readable medium in accordance with some example embodiments of the present disclosure.
Throughout the drawings, the same or similar reference numerals represent the same or similar element.
DETAILED DESCRIPTION
Principle of the present disclosure will now be described with reference to some example embodiments. It is to be understood that these example embodiments are described only for the purpose of illustration and help those skilled in the art to understand and implement the present disclosure, without suggesting any limitation as to the scope of the disclosure. The disclosure described herein can be implemented in various manners other than the ones described below.
In the following description and claims, unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skills in the art to which this disclosure belongs.
References in the present disclosure to “one embodiment, ” “an embodiment, ” “an example embodiment, ” and the like indicate that the embodiment described may include a  particular feature, structure, or characteristic, but it is not necessary that every embodiment includes the particular feature, structure, or characteristic. Moreover, such phrases are not necessarily referring to the same embodiment. Further, when a particular feature, structure, or characteristic is described in connection with an example embodiment, it is submitted that it is within the knowledge of one skilled in the art to affect such feature, structure, or characteristic in connection with other example embodiments whether or not explicitly described.
It shall be understood that although the terms “first” and “second” etc. may be used herein to describe various elements, these elements should not be limited by these terms. These terms are only used to distinguish one element from another. For example, a first element could be termed a second element, and similarly, a second element could be termed a first element, without departing from the scope of example embodiments. As used herein, the term “and/or” includes any and all combinations of one or more of the listed terms.
The terminology used herein is for the purpose of describing particular example embodiments only and is not intended to be limiting of example embodiments. As used herein, the singular forms “a” , “an” and “the” are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms “comprises” , “comprising” , “has” , “having” , “includes” and/or “including” , when used herein, specify the presence of stated features, elements, and/or components etc., but do not preclude the presence or addition of one or more other features, elements, components and/or combinations thereof.
As used in this application, the term “circuitry” may refer to one or more or all of the following:
(a) hardware-only circuit implementations (such as implementations in only analog and/or digital circuitry) and
(b) combinations of hardware circuits and software, such as (as applicable) :
(i) a combination of analog and/or digital hardware circuit (s) with software/firmware and
(ii) any portions of hardware processor (s) with software (including digital signal processor (s) ) , software, and memory (ies) that work together to cause an apparatus, such as a mobile phone or server, to perform various functions) and
(c) hardware circuit (s) and or processor (s) , such as a microprocessor (s) or a portion of a microprocessor (s) , that requires software (e.g., firmware) for operation, but the software may not be present when it is not needed for operation.
This definition of circuitry applies to all uses of this term in this application, including in any claims. As a further example, as used in this application, the term circuitry also covers an implementation of merely a hardware circuit or processor (or multiple processors) or portion of a hardware circuit or processor and its (or their) accompanying software and/or firmware. The term circuitry also covers, for example and if applicable to the particular claim element, a baseband integrated circuit or processor integrated circuit for a mobile device or a similar integrated circuit in server, a cellular network device, or other computing or network device.
As used herein, the term “communication network” refers to a network following any suitable communication standards, such as fifth generation (5G) systems, Long Term Evolution (LTE) , LTE-Advanced (LTE-A) , Wideband Code Division Multiple Access (WCDMA) , High-Speed Packet Access (HSPA) , Narrow Band Internet of Things (NB-IoT) and so on. Furthermore, the communications between a terminal device and a network device in the communication network may be performed according to any suitable generation communication protocols, including, but not limited to, the first generation (1G) , the second generation (2G) , 2.5G, 2.75G, the third generation (3G) , the fourth generation (4G) , 4.5G, the fifth generation (5G) new radio (NR) communication protocols, and/or any other protocols either currently known or to be developed in the future. Example embodiments of the present disclosure may be applied in various communication systems. Given the rapid development in communications, there will of course also be future type communication technologies and systems with which the present disclosure may be embodied. It should not be seen as limiting the scope of the present disclosure to only the aforementioned system.
As used herein, the term “network device” refers to a node in a communication network via which a terminal device accesses the network and receives services therefrom. The network device may refer to a base station (BS) or an access point (AP) , for example, a node B (NodeB or NB) , an evolved NodeB (eNodeB or eNB) , a NR Next Generation NodeB (gNB) , a Remote Radio Unit (RRU) , a radio header (RH) , a remote radio head (RRH) , a relay, a low power node such as a femto, a pico, and so forth, depending on the applied terminology and technology. An RAN split architecture comprises a gNB-CU (Centralized unit, hosting RRC, SDAP and PDCP) controlling a plurality of gNB-DUs (Distributed unit, hosting RLC,  MAC and PHY) .
The term “terminal device” refers to any end device that may be capable of wireless communication. By way of example rather than limitation, a terminal device may also be referred to as a communication device, user equipment (UE) , a Subscriber Station (SS) , a Portable Subscriber Station, a Mobile Station (MS) , or an Access Terminal (AT) . The terminal device may include, but not limited to, a mobile phone, a cellular phone, a smart phone, voice over IP (VoIP) phones, wireless local loop phones, a tablet, a wearable terminal device, a personal digital assistant (PDA) , portable computers, desktop computer, image capture terminal devices such as digital cameras, gaming terminal devices, music storage and playback appliances, vehicle-mounted wireless terminal devices, wireless endpoints, mobile stations, laptop-embedded equipment (LEE) , laptop-mounted equipment (LME) , USB dongles, smart devices, wireless customer-premises equipment (CPE) , an Internet of Things (IoT) device, a watch or other wearable, a head-mounted display (HMD) , a vehicle, a drone, a medical device and applications (e.g., remote surgery) , an industrial device and applications (e.g., a robot and/or other wireless devices operating in an industrial and/or an automated processing chain contexts) , a consumer electronics device, a device operating on commercial and/or industrial wireless networks, and the like. In the following description, the terms “terminal device” , “communication device” , “terminal” , “user equipment” and “UE” may be used interchangeably.
Although functionalities described herein can be performed, in various example embodiments, in a fixed and/or a wireless network node, in other example embodiments, functionalities may be implemented in a user equipment apparatus (such as a cell phone or tablet computer or laptop computer or desktop computer or mobile IoT device or fixed IoT device) . This user equipment apparatus can, for example, be furnished with corresponding capabilities as described in connection with the fixed and/or the wireless network node (s) , as appropriate. The user equipment apparatus may be the user equipment and/or or a control device, such as a chipset or processor, configured to control the user equipment when installed therein. Examples of such functionalities include the bootstrapping server function and/or the home subscriber server, which may be implemented in the user equipment apparatus by providing the user equipment apparatus with software configured to cause the user equipment apparatus to perform from the point of view of these functions/nodes.
Fig. 1 shows an example communication environment 100 in which example embodiments of the present disclosure can be implemented. The environment 100 may  comprise a first home public land mobile network (HPLMN) 110 and a second HPLMN 120.
A first terminal device 112 may use a subscription of the first HPLMN 110. The first terminal device 112 may communicate with a first network device 114 and a first PCF 116 in the first HPLMN 110.
In some example embodiments, the first network device 114 may comprise a 5G direct discovery name management function (DDNMF) device, or a ProSe key management function (PKMF) device.
A second terminal device 122 may use a subscription of the second HPLMN 120. The second terminal device 122 may communicate with a second network device 124 and a second PCF 126 in the second HPLMN 120.
In some example embodiments, the second network device 124 may comprise a 5G direct discovery name management function (DDNMF) device, or a ProSe key management function (PKMF) device.
It is to be understood that the number of the devices is only for ease of understanding without suggesting any limitations. The communication environment 100 may include any suitable number or type of the devices adapted for implementing embodiments of the present disclosure.
Communications in the communication environment 100 may be implemented according to any proper communication protocol (s) , comprising, but not limited to, cellular communication protocols of the first generation (1G) , the second generation (2G) , the third generation (3G) , the fourth generation (4G) , the fifth generation (5G) or the future sixth generation (6G) wireless local network communication protocols such as Institute for Electrical and Electronics Engineers (IEEE) 802.11 and the like, and/or any other protocols currently known or to be developed in the future. Moreover, the communication may utilize any proper wireless communication technology, comprising but not limited to: Code Division Multiple Access (CDMA) , Frequency Division Multiple Access (FDMA) , Time Division Multiple Access (TDMA) , Frequency Division Duplex (FDD) , Time Division Duplex (TDD) , Multiple-Input Multiple-Output (MIMO) , Orthogonal Frequency Division Multiple (OFDM) , Discrete Fourier Transform spread OFDM (DFT-s-OFDM) and/or any other technologies currently known or to be developed in the future.
In some example embodiments, the communication environment 100 may support proximity based services (ProSe) feature, such as 5G ProSe, 4G ProSe and so on. Hereinafter,  example embodiments of the present disclosure will be described by taking 5G ProSe as example. However, the present disclosure may be appliable to 4G ProSe or any future ProSe.
5G ProSe features may comprise 5G ProSe Direct Discovery, 5G ProSe Direct Communication and 5G ProSe UE-to-Network (U2N) Relay.
In the 5G ProSe UE-to-Network Relay feature, the first terminal device 112 may connect to the second terminal device 122 via a PC5 interface with 5G ProSe Direct Communication, and communicate with a data network via the second  terminal device  122 and 5G network. In this regard, the first terminal device 112 may be referred to as a remote terminal device or a remote user equipment (UE) , and the second terminal device 122 may be referred to as a UE-to-Network (U2N) relay.
In order to perform the 5G ProSe Direct Communication between the first terminal device 112 and the second terminal device 122, the first terminal device 112 and the second terminal device 122 may perform a 5G ProSe Direct discovery procedure using security information for relay discovery. Thus, there is a need of obtaining the security information for relay discovery.
Fig. 2 illustrates a signaling chart illustrating a security procedure 200 for restricted 5G ProSe Direct Discovery Model A.
In the procedure 200, steps 211-214 relate to an Announcing UE 202.
At 211, the Announcing UE 202 sends a Discovery Request message containing the Restricted ProSe Application User ID (RPAUID) to the 5G DDNMF 205 in its HPLMN in order to get the ProSe Code to announce and to get the associated security material. In addition, the Announcing UE 202 shall include its PC5 UE security capability that contains the list of supported ciphering algorithms by the UE in the Discovery Request message.
For 5G ProSe UE-to-Network Relay discovery, the 5G ProSe UE-to-Network Relay plays the role as the Announcing UE 202 and sends a Relay Discovery Key Request instead of a Discovery Request. The Relay Discovery Key Request message includes the Relay Service Code (RSC) and the 5G ProSe UE-to-Network Relay's PC5 security capability.
At 212, the 5G DDNMF 205 may check for the announce authorization with the ProSe Application Server. For 5G ProSe UE-to-Network Relay discovery, this step is skipped.
At 213, if the Announcing UE 202 is roaming, the 5G DDNMFs 205 in the HPLMN and VPLMN 204 of the Announcing UE 202 exchange Announce Auth.
At 214, the 5G DDNMF 205 in the HPLMN of the Announcing UE 202 returns the ProSe Restricted Code and the corresponding Code-Sending Security Parameters, along with the CURRENT_TIME and MAX_OFFSET parameters. The Code-Sending Security Parameters provide the necessary information for the Announcing UE 202 to protect the transmission of the ProSe Restricted Code and are stored with the ProSe Restricted Code. The Announcing UE 202 takes the same actions with CURRENT_TIME and MAX_OFFSET. The 5G DDNMF 205 in the HPLMN of the Announcing UE 202 shall include the chosen PC5 ciphering algorithm in the Discovery Response message. The 5G DDNMF 205 determines the chosen PC5 ciphering algorithm based on the ProSe Restricted Code and the received PC5 UE security capability in step 211. The UE stores the chosen PC5 ciphering algorithm together with the ProSe Restricted Code.
In addition, the 5G DDNMF 205 in the HPLMN of the Announcing UE 202 may associate the ProSe Restricted Code with the PC5 security policies and include the PC5 security policies in the Discovery Response message.
For 5G ProSe UE-to-Network Relay discovery, a Relay Discovery Key Response is used instead of the Discovery Response, and the RSC is used instead of the ProSe Restricted Code. The response message contains the discovery security materials.
It shall be noted that 5G DDNMF may get the PC5 security policies in different ways (e.g. from PCF, from ProSe Application Server, or based on local configuration) .
Steps 215-220 relate to a Monitoring UE 201.
At 215, the Monitoring UE 201 sends a Discovery Request message containing the RPAUID and its PC5 UE security capability to the 5G DDNMF 203 in its HPLMN in order to be allowed to monitor for one or more Restricted ProSe Application User IDs.
For 5G ProSe UE-to-Network Relay discovery, the 5G ProSe Remote UE plays the role of the Monitoring UE 201 and sends a Relay Discovery Key Request instead of the Discovery Request. The Relay Discovery Key Request message includes the RSC and the 5G ProSe Remote UE's PC5 security capability.
At 216, the 5G DDNMF 203 in the HPLMN of the Monitoring UE 201 sends an authorization request to the ProSe Application Server. If, based on the permission settings, the RPAUID is allowed to discover at least one of the Target RPAUIDs contained in the Application Level Container, the ProSe Application Server returns an authorization response.
For 5G ProSe UE-to-Network Relay discovery, this step is skipped.
At 217, if the Discovery Request is authorized, and the PLMN ID in the Target RPAUID indicates a different PLMN, the 5G DDNMF 203 in the HPLMN of the Monitoring UE 201 contacts the indicated PLMN's 5G DDNMF (i.e. the 5G DDNMF in the HPLMN of the Announcing UE 202) by sending a Discovery key request message including the PC5 UE security capability received in step 215.
For 5G ProSe UE-to-Network Relay Discovery, Relay Discovery Key Request and RSC are used instead of Discovery Request and RPAUID.
At 218, the 5G DDNMF 205 in the HPLMN of the Announcing UE 202 may exchange authorization messages with the ProSe Application Server 206.
For 5G ProSe UE-to-Network Relay discovery, this step is skipped.
At 219, if the PC5 UE security capability in step 5 includes the chosen PC5 ciphering algorithm, the 5G DDNMF 205 in the HPLMN of the Announcing UE 202 responds to the 5G DDNMF 203 in the HPLMN of the Monitoring UE 201 with a Discovery key response message including the ProSe Restricted Code, the corresponding Code-Receiving Security Parameters, an optional Discovery User Integrity Key (DUIK) , and the chosen PC5 ciphering algorithm (based on the information/keys stored in step 214) . The Code-Receiving Security Parameters provide the information needed by the Monitoring UE 201 to undo the protection applied by the Announcing UE 202. The DUIK shall be included as a separate parameter if the Code-Receiving Security Parameters indicate that the Monitoring UE 201 use Match Reports for MIC checking. The 5G DDNMF 203 in the HPLMN of the Monitoring UE 201 stores the ProSe Restricted Code and the Discovery User Integrity Key (if it received one outside of the Code-Receiving Security Parameters) .
For 5G ProSe UE-to-Network Relay discovery, a Relay Discovery Key Response is used instead of the Discovery Response, and the RSC is used instead of the ProSe Restricted Code. The response message contains the discovery security materials.
The 5G DDNMF 205 in the HPLMN of the Announcing UE 202 may send the PC5 security policies associated with the ProSe Restricted Code to the 5G DDNMF 203 in the HPLMN of the Monitoring UE 201.
It shall be noted that there are two possible configurations for integrity checking, namely, MIC checked by the 5G DDNMF 203 of the Monitoring UE 201, and MIC checked  at the Monitoring UE 201 side. Which configuration to use is decided by the 5G DDNMF, which assigns the monitored ProSe Restricted Code and signals the Monitoring UE 201 in the Code-Receiving Security Parameters.
It shall be noted that the chosen PC5 ciphering algorithm is associated with the ProSe Restricted Code.
At 220, the 5G DDNMF 203 in the HPLMN of the Monitoring UE 201 returns the Discovery Filter and the Code-Receiving Security Parameters, along with the CURRENT_TIME and MAX_OFFSET parameters and the chosen PC5 ciphering algorithm. The Monitoring UE 201 takes the same actions with CURRENT_TIME and MAX_OFFSET. The UE stores the Discovery Filter, Code-Receiving Security Parameters, and the chosen PC5 ciphering algorithm together with the ProSe Restricted Code.
If the 5G DDNMF 203 in the HPLMN of the Monitoring UE 201 receives the PC5 security policies associated with the ProSe Restricted Code in step 219, the Monitoring UE 201's 5G DDNMF forwards the PC5 security policies to the Monitoring UE 201.
Steps 11 and 12 occur over PC5.
At 221, the UE starts announcing, if the UTC-based counter provided by the system associated with the discovery slot is within the MAX_OFFSET of the Announcing UE 202's ProSe clock and if the Validity Timer has not expired. The UE forms the discovery message and protects it. The four least significant bits of UTC-based counter are transmitted along with the protected discovery message.
At 222, the Monitoring UE 201 listens for a discovery message that satisfies its Discovery Filter if the UTC-based counter associated with that discovery slot is within the MAX_OFFSET of the monitoring UE's ProSe clock. In order to find such a matching message, it processes the message. If the Monitoring UE 201 was not asked to send Match Reports for MIC checking, it stops at this step from a security perspective. Otherwise, it proceeds to step 223.
It shall be noted that the UE checking the integrity of the discovery message on its own does not prevent the UE from sending a Match Report due to requirements in TS 23.304. If such a Match Report is sent, then there is no security functionality involved.
Steps 13-16 relate to a Monitoring UE 201 that has encountered a match.
At 223, if the UE has either not had the 5G DDNMF check the MIC for the  discovered ProSe Restricted Code previously or the 5G DDNMF has checked a MIC for the ProSe Restricted Code and the associated Match Report refresh timer (see step 225 for details of this timer) has expired, or as required based on the procedure specified in TS 23.304, then the Monitoring UE 201 sends a Match Report message to the 5G DDNMF 203 in the HPLMN of the Monitoring UE 201. The Match Report contains the UTC-based counter value with four least significant bits equal to four least significant bits received along with discovery message and nearest to the Monitoring UE 201's UTC-based counter associated with the discovery slot where it heard the announcement, and other discovery message parameters including the ProSe Restricted Code and MIC. The 5G DDNMF checks the MIC.
At 224, the 5G DDNMF 203 in the HPLMN of the Monitoring UE 201 may exchange an Auth Req/Auth Resp with the ProSe Application Server 206 to ensure that Monitoring UE 201 is authorized to discover the Announcing UE 202.
For 5G ProSe UE-to-Network Relay discovery, this step is skipped.
At 225, the 5G DDNMF 203 in the HPLMN of the Monitoring UE 201 returns to the Monitoring UE 201 an acknowledgement that the integrity check passed. It also provides the CURRENT_TIME parameter, by which the UE (re) sets its ProSe clock. The 5G DDNMF 203 in the HPLMN of the Monitoring UE 201 included the Match Report refresh timer in the message to the Monitoring UE 201. The Match Report refresh timer indicates how long the UE will wait before sending a new Match Report for the ProSe Restricted Code.
At 226, the 5G DDNMF 203 in the HPLMN of the Monitoring UE 201 may send a Match Report Info message to the 5G DDNMF 205 in the HPLMN of the Announcing UE 202.
Fig. 3 illustrates a signaling chart illustrating a PC5 security establishment procedure 300 for 5G ProSe UE-to-Network relay communication over User Plane.
The 5G ProSe Remote UE 301 is provisioned with the discovery security materials and Prose Remote User Key (UP-PRUK) when it is in coverage. These security materials are associated with an expiration time, after which they become invalid. If the UE does not have valid discovery security materials, the 5G ProSe Remote UE needs to connect to the 5G PKMF and obtain fresh ones to use the 5G ProSe UE-to-Network Relay services.
It shall be noted that the procedure is described for the scenario that the 5G PKMF of the 5G ProSe Remote UE is different from the 5G PKMF of the 5G ProSe UE-to-Network Relay. If both the 5G ProSe Remote UE and the 5G ProSe UE-to-Network Relay are served  by a single 5G PKMF, the 5G PKMF takes the role of the 5G PKMF of the 5G ProSe Remote UE and the 5G PKMF of the 5G ProSe UE-to-Network Relay and the inter-5G PKMF message exchanges are not needed.
Steps  310a, 310b, 311a, 311b are performed when the 5G ProSe Remote UE 301 is in coverage.
At 310a, the 5G ProSe Remote UE 301 gets the 5G PKMF address from the 5G DDNMF 303 of its HPLMN. Alternatively, the 5G ProSe Remote UE 301 may be provisioned with the 5G PKMF address by PCF. If the 5G ProSe Remote UE 301 is provisioned with the 5G PKMF address, the 5G ProSe Remote UE 301 may access the 5G PKMF directly without requesting it from the 5G DDNMF. In case that the 5G ProSe Remote UE 310 cannot access the 5G PKMF using the provisioned 5G PKMF address, the 5G ProSe Remote UE 301 may request the 5G PMKF address to the 5G DDNMF.
At 310b, the 5G ProSe Remote UE 301 shall establish a secure connection with the 5G PKMF 304 via PC8 reference point. Security for PC8 interface relies on Ua security if GBA specified in TS 33.220 is used (see clause 5.2.3.4) or Ua*security if AKMA specified in TS 33.535 is used (see clause 5.2.5.4) . The 5G PKMF 304 of the 5G ProSe Remote UE 301 shall check whether the 5G ProSe Remote UE 301 is authorized to receive UE-to-Network Relay service, and if the UE is authorized, the 5G PKMF 304 of the 5G ProSe Remote UE 301 provides the discovery security materials to the 5G ProSe Remote UE 301. If the 5G ProSe Remote UE 301 provides a list of visited networks, the 5G PKMF 304 of the 5G ProSe Remote UE 301 shall request the discovery security materials from the 5G PKMFs of the potential 5G ProSe UE-to-Network Relays from which the 5G ProSe Remote UE 301 gets the relay services. The 5G PKMF of the 5G ProSe UE-to-Network Relay may include the PC5 security policies to the 5G ProSe Remote UE 301.
It shall be noted that the 5G PKMF may be locally configured with the UE's authorization information. Otherwise, the 5G PKMF interacts with the UDM of the UE to retrieve the UE's authorization information.
It shall be noted that the 5G ProSe Remote UE 301 is provisioned by PCF with a list of the potential visited networks for the 5G ProSe UE-to-Network Relay service (which is identified by RSC) .
At 310c, the 5G ProSe UE-to-Network Relay 302 gets the 5G PKMF address from its HPLMN in the same way as described in step 310a.
At 310d, the 5G ProSe UE-to-Network Relay 302 shall establish a secure connection with the 5G PKMF via PC8 reference point as in step 310b. The 5G PKMF 306 of the 5G ProSe UE-to-Network Relay 302 shall check whether the 5G ProSe UE-to-Network Relay 302 is authorized to provide 5G ProSe UE-to-Network Relay service, and if the UE is authorized, the 5G PKMF 306 of the 5G ProSe UE-to-Network Relay 302 provides the discovery security materials to the 5G ProSe UE-to-Network Relay 302. The 5G PKMF 306 of the 5G ProSe UE-to-Network Relay 302 may include the PC5 security policies to the 5G ProSe UE-to-Network Relay 302.
At 311a, the 5G ProSe Remote UE 301 sends a PRUK Request message to its 5G PKMF. The message indicates that the 5G ProSe Remote UE 301 is requesting a UP-PRUK from the 5G PKMF. If the 5G ProSe Remote UE 301 already has a UP-PRUK from this 5G PKMF, the message shall also contain the UP-PRUK ID of the UP-PRUK.
UP-PRUK ID shall take the form of either the NAI format or the 64-bit string. If the UP-PRUK ID is in NAI format, i.e. username@realm, the realm part shall include Home Network Identifier (i.e. HPLMN ID) . The username part shall include the 64-bit string.
At 311b, the 5G PKMF 304 checks whether the 5G ProSe Remote UE 301 is authorized to receive UE-to-Network Relay services. This is done by using the 5G ProSe Remote UE 301's identity associated with the key used to establish the secure connection between the 5G  ProSe Remote UE  301 and 5G PKMF in step 310b. If the 5G ProSe Remote UE 301 is authorized to receive the service, the 5G PKMF sends a UP-PRUK and UP-PRUK ID to the 5G ProSe Remote UE 301. If a UP-PRUK and UP-PRUK ID are included, the 5G ProSe Remote UE 301 shall store these and delete any previously stored ones for this 5G PKMF.
At 312, the discovery procedure is performed between the 5G ProSe Remote UE 301 and the 5G ProSe UE-to-Network Relay 302 using the discovery parameters and discovery security material.
With Steps 313 -315, secure direct communication between 5G ProSe Remote UE 301 and U2N relay is established.
Hereinafter, authorization and Provisioning for ProSe service will be described.
Generally, in 5GS, the parameters for 5G ProSe Direct Discovery, 5G ProSe Direct Communication, and 5G ProSe UE-to-Network Relay service may be made available to the UE in following ways:
- provisioned in the ME; or
- configured in the UICC; or
- provisioned in the ME and configured in the UICC; or
- provided or updated by the ProSe Application Server via PCF and/or PC1 reference point; or
- provided or updated by the PCF to the UE.
If the same parameters described in clauses 5.1.2.1, 5.1.3.1 and 5.1.4.1 are provided by different sources, the UE shall consider them in the following priority order:
- provided or updated by the PCF (including parameters determined by the PCF itself and parameters provided by the ProSe Application Server to the PCF) ;
- provided or updated by the ProSe Application Server via PC1 reference point;
- configured in the UICC;
- provisioned in the ME.
The parameters provided or updated by the ProSe Application Server via PC1 reference point may need to be complemented with configuration data from other sources listed above.
it shall be noted that the ProSe Application Server can provision the same ProSe parameters via 5GC or directly to the UE via PC1 reference point, and can revoke (e.g. delete) the ProSe parameters via 5GC in order for the provisioning via PC1 reference point to take effect.
The basic principles of service authorization and provisioning for 5G ProSe Direct Discovery, 5G ProSe Direct Communication, and 5G ProSe UE-to-Network Relay service are as follows:
- The PCF in the HPLMN may configure a list of PLMNs where the UE is authorized to use 5G ProSe Direct Discovery.
- The PCF in the HPLMN may configure a list of PLMNs where the UE is authorised to use 5G ProSe Direct Communication.
- The PCF in the HPLMN may configure a list of PLMNs where the UE is authorised to act as 5G ProSe UE-to-Network Relay. Authorisation for 5G ProSe Layer-2 UE-to-Network Relay and 5G ProSe Layer-3 UE-to-Network Relay are  independent of each other.
- The PCF in the HPLMN may configure a list of PLMNs where the UE is authorised to access 5GC via 5G ProSe UE-to-Network Relay (i.e. to act as 5G ProSe Remote UE) . Authorisation to access via 5G ProSe Layer-2 UE-to-Network Relay and via 5G ProSe Layer-3 UE-to-Network Relay are independent of each other.
- The PCF in the HPLMN merges authorization information from home and other PLMNs and provides the UE with the final authorization information.
- The PCF in the visited public land mobile network (VPLMN) or HPLMN may revoke the authorization (via H-PCF when roaming) at any time by using the UE Configuration Update procedure for transparent UE Policy delivery procedure defined in clause 4.2.4.3 of TS 23.502.
- The ProSe Policy/parameters provisioning to UE is controlled by the PCF and may be triggered by UE. The PCF provisions one or more of the following ProSe Policy/parameters:
- ProSe Policy/parameters for 5G ProSe Direct Discovery as specified in clause 5.1.2.1;
- ProSe Policy/parameters for 5G ProSe Direct Communications as specified in clause 5.1.3.1;
- ProSe Policy/parameters for 5G ProSe Layer-2 and/or Layer-3 UE-to-Network Relay as specified in clause 5.1.4.1;
- ProSe Policy/parameters for 5G ProSe Layer-2 and/or Layer-3 Remote UE as specified in clause 5.1.4.1.
- The PCF includes the 5G ProSe Policy/parameters in a Policy Section identified by a Policy Section Identifier (PSI) as specified in clause 6.1.2.2.2 of TS 23.503 [9] .
In addition to the above, ProSe usage reporting configuration and rules for charging can be (pre) configured in the UE or provided by the PCF.
In addition to the above, the path selection policy can be (pre) configured in the UE or provided by the PCF as defined in clause 5.11. A path preference for ProSe Services can be provided by ProSe Application Server to UDR, and may be used by PCF for path selection policy generation and update.
When a 5G ProSe Layer-3 Remote UE is using a 5G ProSe Layer-3 UE-to-Network Relay without involving Non-3GPP access InterWorking Function (N3IWF) , the PCF based provisioning and update of 5G ProSe Policy/parameters to the 5G ProSe Layer-3 Remote UE are not supported.
Based on background information, there are two problems in the security procedure for restricted 5G ProSe Direct Discovery, especially for 5G ProSe UE-to-Network Relay discovery.
On the one hand, the DDNMF/PKMF of the remote UE cannot locate or discover DDNMF/PKMF of a potential relay if the remote UE and the potential relay belong to different HPLMNs for the reason as discussed below.
According to 5G DDNMF Discovery in section 4.3.2.2 of TS 23.304, a 5G DDNMF in a HPLMN uses a Network Repository Function (NRF) to discovery other 5G DDNMFs in other PLMNs. Based on section 6.3.1 of TS 23.501, the NRF of a source PLMN reaches the NRF in the remote PLMN using target PLMN ID. However, the 5G DDNMF of the remote UE does not have information of ID of HPLMN of at least one target or potential relay.
From the description about “Authorization and Provisioning for ProSe service” , only possible VPLMNs or Serving PLMNs of the remote UE are provisioned on the remote UE, and the remote UE may report these PLMNs to its DDNMF in discovery key request as shown at 310b of Fig. 3. However, those PLMNs are possible VPLMNs or Serving PLMNs of the remote UE, which could be definitely different to the HPLMN of the relays. Therefore, there is obvious gap in current specification if the remote UE and relay UE belong to different HPLMNs, and especially the remote UE or the relay UE is in roaming.
Concretely, at 217 of Fig. 2, the DDNMF of the remote UE cannot locate or discover DDNMF of at least one potential relay as it does not know the HPLMN ID of all the potential relays.
On the other hand, the security discovery procedure cannot work for U2N relay case if the RSC associated to the discovery is supported/authorized by/to more than one potential U2N relays of at least different HPLMNs
Based on current discovery procedure, especially at 219 and 220 of Fig. 2, the security parameters and cipher algorithm are associated with the RSC. If there are more than one potential U2N relays supporting the RSC, the security parameters and cipher algorithms cannot be distinguished unless all relays share same security parameters and algorithms. As  security parameters and cipher algorithms are used to protect discovery message exchanged via PC5 link, it is not secure or even infeasible, to share them between all potential relays, or at least among the relays that belong to different HPLMNs.
The present disclosure provides a solution for obtaining security information for relay discovery. According to the solution, a first network device in a first HPLMN receives, from a terminal device served by the first network device, a first request for security information for relay discovery. The first request at least comprises a relay service code (RSC) . The first network device obtains at least one identity based on the first request. Each of the at least one identity is for one of at least one group of target relay terminal devices supporting the RSC. In turn, the first network device obtains at least one set of security information based on the at least one identity information. Each of the at least one set of security information is associated with one of the at least one group of target relay terminal devices. The first network device transmits the at least one set of security information to the terminal device. In this way, the first network device may discover a target DDNMF and differentiate security information for different groups of target relay terminal devices.
Hereinafter, principle of the present disclosure will be described with reference to Figs. 4 to 18.
Fig. 4 illustrates a signaling chart illustrating a process 400 for obtaining security information for relay discovery in accordance with some example embodiments of the present disclosure. For the purpose of discussion, the process 400 will be described with reference to Fig. 1. The process 400 may involve the first terminal device 112 and the first network device 114 in Fig. 1. Alternatively, the process 400 may involve the second terminal device 122 and the second terminal device 124 in Fig. 1. Hereinafter, the process 400 will be described by taking the first terminal device 112 and the first network device 114 for example.
As shown in Fig. 4, the first terminal device 112 transmits 410, to the first network device 114, a first request for security information for relay discovery. The first request at least comprises a relay service code (RSC) .
Accordingly, the first network device 114 receives, from the first terminal device 112, the first request for security information for relay discovery.
The first network device 114 obtains 420 at least one identity based on the first request. Each of the at least one identity is for one of at least one group of target relay terminal devices supporting the RSC. Hereinafter, a target relay terminal device is also referred to as  one of the following: a target relay UE, a target relay, a potential relay terminal device, a potential relay UE, or a potential relay.
In turn, the first network device 114 obtains 430 at least one set of security information based on the at least one identity information. Each of the at least one set of security information is associated with one of the at least one group of target relay terminal devices.
The first network device 114 transmits 450 the at least one set of security information to the first terminal device 112.
Accordingly, the first terminal device 112 receives the at least one set of security information from the first network device 114.
In turn, the first terminal device 112 performs 460 the relay discovery based on the at least one set of security information.
With the process 400, the first network device 114 may discover a target DDNMF and differentiate security information for different groups of target relay terminal devices.
In some example embodiments, the first network device 114 may obtain a set of security information associated with a relay restricted identity (ID) . The relay restricted ID may be generated based on the RSC and an identity for a group of target relay terminal devices. The first network device 114 may transmit the set of security information in association with the relay restricted ID.
In some example embodiments, optionally, before transmitting the at least one set of security information, the first network device 114 may construct 440 a list of security information for the relay discovery. Each element in the list may be associated with one of the at least one set of security information.
In some example embodiments, each element in the list may be associated with a set of security information and a relay restricted ID associated with the set of security information. Table 1 provides an example of the list.
Table 1
Relay restricted ID #1 A set of security information #1
Relay restricted ID #2 A set of security information #2
Relay restricted ID #3 A set of security information #3
In Table 1, each row may present an element of the list of security information for the relay discovery. Each element may be associated with a set of security information for a group of target relay terminal devices and a relay restricted ID. For example, the set of security information #1 is associated with the relay restricted ID #1.
It shall be noted that the number of sets of security information and relay restricted IDs associated with the sets of security information are illustrative. More or less sets of security information and relay restricted IDs may be applied to the present disclosure.
In some example embodiments, each of the at least one set of security information may comprise at least one of the following: security parameters for relay discovery, or PC5 ciphering algorithm, or Discovery User Integrity Key (DUIK) for relay discovery.
In some example embodiments, the first PCF device 116 may be configured with an identity of at least one target relay terminal device which belongs to the first HPLMN 110 and supports an RSC. Similarly, the second PCF device 126 may be configured with an identity of at least one target relay terminal device which belongs to the second HPLMN 120 and supports an RSC. In such example embodiments, the first network device 114 may obtain the at least one identity from the first PCF device 116 in the first HPLMN 110. This will be described with reference to Fig. 5.
Fig. 5 illustrates a signaling chart illustrating a process 500 for obtaining security information for relay discovery in accordance with some example embodiments of the present disclosure. For the purpose of discussion, the process 500 will be described with reference to Fig. 1. The process 500 may involve the first network device 114 and the first PCF device 116 in Fig. 1.
As shown in Fig. 5, the first network device 114 transmits 510 a second request for the at least one identity to the first PCF device 116. Each of the at least one identity is for one of at least one group of target relay terminal devices supporting an RSC. The second request at least comprises the RSC.
Accordingly, the first PCF device 116 receives, from the first network device 114, the second request for the at least one identity.
The first PCF device 116 obtains 520 the at least one identity based on the second request.
In turn, the first PCF device 116 transmit 530 a second response to the second request to the first network device 114. The second response at least comprises the at least one identity.
Accordingly, the first network device 114 receives the second response comprising the at least one identity.
In some example embodiments, the first network device 114 may be configured with an identity of at least one target relay terminal device which belongs to the first HPLMN 110 and supports an RSC. Similarly, the second network device 124 may be configured with an identity of at least one target relay terminal device which belongs to the second HPLMN 120 and supports an RSC.
In such example embodiments, if a first group of target relay terminal devices among the at least one group belongs to the first HPLMN 110, the first network device 114 may obtain a first identity for the first group of target relay terminal devices locally. In turn, the first network device 114 may obtain a first set of security information associated with the first group of target relay terminal devices locally.
In such example embodiments, if a second group of target relay terminal devices among the at least one group belongs to the second HPLMN 120, the first network device 114 may obtain, from the second network device 124, a second set of security information associated with the second group of target relay terminal devices. This will be described with reference to Fig. 6.
Fig. 6 illustrates a signaling chart illustrating a process 600 for obtaining security information for relay discovery in accordance with some example embodiments of the present disclosure. For the purpose of discussion, the process 600 will be described with reference to Fig. 1. The process 600 may involve the first network device 114 and the second network device 124 in Fig. 1.
As shown in Fig. 6, the first network device 114 transmits 610, to the second network device 124, a third request for at least one second set of security information for the RSC. The third request at least comprises the RSC.
Accordingly, the second network device 124 receives, from the first network device 114, the third request for the at least one second set of security information for the RSC.
The second network device 124 obtains 620 the at least one second set of security  information based on the third request. Each of the at least one second set of security information is associated with a second group of target relay terminal devices belonging to the second HPLMN 120.
In turn, the second network device 124 transmit 630, to the first network device 114, a third response to the third request. The third response at least comprises the at least one second set of security information.
Hereinafter, some example implementations of the  processes  400, 500 and 600 will be described with reference to Figs. 7 to 11.
In the example implementations of Figs. 7 to 11, a remote UE and a U2N relay are taken as an example of the first terminal device 112 and the second terminal device 122, respectively. A DDNMF or PKMF is taken as an example of each of the first network device 114 and the second network device 124. In addition, the first HPLMN 110 is configured with a PLMN ID#1, and the second HPLMN 120 is configured with a PLMN ID#2.
Fig. 7 illustrates a signaling chart illustrating a process 700 for obtaining security information for relay discovery in accordance with some example embodiments of the present disclosure. For the purpose of discussion, the process 700 will be described with reference to Fig. 1. The process 700 may involve the first terminal device 112 (such as a remote UE 112) , the second terminal device 122 (such as a U2N relay 122) , the first network device 114 (such as a DDNMF 114) , the first PCF device 116, the second network device 124 (such as a DDNMF 124) , and the second PCF device 126 in Fig. 1.
In the process 700, the first PCF device 116 is configured with an identity of at least one target relay terminal device which belongs to the first HPLMN 110 and supports an RSC. Similarly, the second PCF device 126 is configured with an identity of at least one target relay terminal device which belongs to the second HPLMN 120 and supports an RSC.
In addition, in the process 700, each of the at least one group of target relay terminal devices comprises a single target relay terminal device, and an identity for a group of target relay terminal devices comprises a relay identity for discovery.
As shown in Fig. 7, at 701, the U2N relay 122 transmits a Discovery Key Request to its DDNMF 124 to get security information for relay discovery to protect PC5 discovery messages. The request may include an RSC and security capabilities of the U2N relay 122.
The action at 701 may be considered as an example implementation of the action at  410 in Fig. 4.
At 702. the DDNMF 124 of the U2N relay 122 generates a relay restricted ID for the U2N relay 122 with a valid timer. The relay restricted ID is associated with the RSC and a relay identity for discovery for the U2N relay 122. Hereinafter, the relay identity for discovery is also referred to as “relay ID” for brevity. For example, the relay ID may include HPLMN ID (such as PLMN ID#2) of the U2N relay 122. Then, the DDNMF 124 obtains the security information associated with the relay restricted ID. For example, the DDNMF 124 may generate security parameters and select PC5 ciphering algorithm.
In turn, the DDNMF 124 transmits a Discovery Key Response to the U2N relay 122. The response includes the RSC, the ProSe restrict code and valid timer, the code specific security parameters and Chosen PC5 ciphering algorithm, CURRENT_TIME, MAX_OFFSET, and optional PC5 security policies.
The action at 702 may be considered as an example implementation of the actions at 420, 430, 440 and 450 in Fig. 4.
At 703, the remote UE 112 transmits a Discovery Key Request to its DDNMF 114 to get security information for relay discovery to protect PC5 discovery messages. The request may include a UE Identity of the remote UE 112, an RSC, and security capability of remote UE 112.
The action at 703 may be considered as another example implementation of the action at 410 in Fig. 4.
At 704, the DDNMF 114 of the remote UE 112 transmits a request to its PCF device 116 to obtain identities for potential relays supporting the RSC for the remote UE 112. The request may include a UE identity of the remote UE 112 and the RSC.
The action at 704 may be considered as an example implementation of the action at 510 in Fig. 5.
At 705, the PCF device 116 of the remote UE 112 obtains IDs of HPLMNs of potential relays locally based on the RSC and local configuration.
At 706a, the PCF device 116 of the remote UE 112 obtains IDs of potential relays locally based on the RSC and local configuration for those potential relays that belong to the same HPLMN of the remote UE 112.
At 706b, for those potential relays that belong to a different HPLMN of the remote  UE 112, the PCF device 116 of the remote UE 112 obtains identities of the potential relays from a PCF device of the other PLMN. For example, for those potential relays that belong to the second HPLMN 120, the PCF device 116 of the remote UE 112 obtains identities of the potential relays from the PCF device 126.
At 706b. 1, the PCF device 116 of the remote UE 112 transmits, to the PCF device 126 of the U2N relay 112, a request for identities for potential relays which belong to the second HPLMN 120. This request is also referred to as “get potential relay request” . The request may include PLMN ID#1 of the first HPLMN 110 of the remote UE 112 and the RSC.
At 706b. 2, the PCF device 116 of the remote UE 112 receives a response to the “get potential relay request” . This response is also referred to as “get potential relay response” . The “get potential relay response” may include the PLMN ID#2 of the second HPLMN 120, the RSC and a list of relay IDs.
The actions at 705, 706a, 706b. 1, 706b. 2 may be considered as an example implementation of the action at 520 in Fig. 5.
In some example implementations, the actions at 706a, 706b. 1, 706b. 2 may be repeated for each HPLMN of potential relays.
At 707, the PCF device 116 of the remote UE 112 transmits a response to the DDNMF 114 of the remote UE 112. This response is also referred to as “get potential relay response” . The response may include the UE identity of the remote UE 112, the RSC, and a list of relay IDs of the potential relays.
The action at 707 may be considered as an example implementation of the action at 530 in Fig. 5.
At 708a, if a potential relay belongs to the same HPLMN of the remote UE 112, the DDNMF 114 generates a relay restricted ID for the potential relay with a valid timer. The relay restricted ID is associated with the RSC and the relay ID for the potential relay. Then, the DDNMF 114 obtains the security information associated with the relay restricted ID. For example, the DDNMF 114 may generate security parameters, DUIK and select PC5 ciphering algorithm associated with the relay restricted ID.
At 708b. 1, if a potential relay belongs to a different HPLMN, the DDNMF 114 of the remote UE 112 transmits a Discovery Key Request to the DDNMF of the HPLMN of the potential relay, so as to obtain security information associated with the RSC. For example,  the DDNMF 114 of the remote UE 112 transmits the Discovery Key Request to the DDNMF 124 of the second HPLMN 120. The DDNMF 114 of the remote UE 112 may discover the DDNMF of the potential relay based on the PLMN ID of the HPLMN of the potential relay which may be part of the relay ID of the potential relay. The request may include security capability of the remote UE 112, the RSC, and the relay ID of the potential relay.
The action at 708b. 1 may be considered as an example implementation of the action at 610 in Fig. 6.
At 708b. 2, the DDNMF 114 of the remote UE 112 receives a discovery key response from the DDNMF 124 of the U2N relay 122. The response may include a relay restricted ID for the potential relay with a valid timer, security parameters, DUIK, and chosen PC5 ciphering algorithm associated to the relay restricted ID. The relay restricted ID is associated with the RSC and the relay ID.
The action at 708b. 2 may be considered as an example implementation of the action at 630 in Fig. 6.
In some example implementations, the actions at 708a, 708b. 1 and 708b. 2 may be repeated for each potential relay.
At 709, the DDNMF 114 of the remote UE 112 constructs a list of relay restricted ID with corresponding valid timer, code security parameters, DUIK, and PC5 ciphering algorithms.
The action at 709 may be considered as an example implementation of the action at 440 in Fig. 4.
At 710, the DDNMF of the remote UE 112 transmits a Discovery Key Response to the remote UE 112. The response may include the RSC, optional PC5 security policies, CURRENT_TIME, MAX_OFFSET, a list of (relay restricted ID, valid timer, Code-Rcv-SecParams (i.e., the security parameters) , Chosen PC5 ciphering algorithm) .
CURRENT_TIME contains the current UTC-based time at the 5G DDNMF. The UE may obtain UTC time from any sources available, e.g. the RAN via SIB9, NITZ, NTP, GPS, via Ub interface (in GBA) (depending on which is available) .
The MAX_OFFSET parameter is used to limit the ability of an attacker to successfully replay discovery messages or obtain correctly MICed discovery message for later use. This is achieved by using MAX_OFFSET as a maximum difference between the  UTC-based counter associated with the discovery slot and the ProSe clock held by the UE.
The action at 710 may be considered as an example implementation of the action at 450 in Fig. 4.
At 711, the remote UE 112 and the U2N relay 122 perform the relay discovery over PC5. The discovery messages are protected with the at least one set of security information. Each of the at least one set of security information is associated with the relay restricted ID (which is per relay per RSC) .
The action at 711 may be considered as an example implementation of the action at 460 in Fig. 4.
The process 700 may be aligned with legacy Evolved Packet System (EPS) /5G direct discovery procedure with extension to support discovery key request for relay discovery. In addition, the process 700 may reduce signaling load from the remote UE 112 to its HPLMN 110.
Fig. 8 illustrates a signaling chart illustrating a process 800 for obtaining security information for relay discovery in accordance with some example embodiments of the present disclosure. For the purpose of discussion, the process 800 will be described with reference to Fig. 1. The process 800 may involve the first terminal device 112 (such as the remote UE 112) , the second terminal device 122 (such as the U2N relay 122) , the first network device 114 (such as the DDNMF 114) , the first PCF device 116, the second network device 124 (such as the DDNMF 124) , and the second PCF device 126 in Fig. 1.
The process 800 is similar to the process 700 in that the first PCF device 116 is configured with an identity of at least one target relay terminal device which belongs to the first HPLMN 110 and supports an RSC. Similarly, the second PCF device 126 is configured with an identity of at least one target relay terminal device which belongs to the second HPLMN 120 and supports an RSC.
In addition, the process 800 is similar to the process 700 in that each of the at least one group of target relay terminal devices comprises a single target relay terminal device, and an identity for a group of target relay terminal devices comprises a relay identity for discovery.
The process 800 is different from the process 700 in that the interaction between PCF devices of different HPLMNs may be avoided and the messages between DDNMF of  two HPLMNs may be reduced.
Specifically, actions at 801, 802, 803, 805, 808a, 809, 810 and 811 in the process 800 are similar to the actions at 701, 702, 703, 705, 708a, 709, 710 and 711 in the process 700. Thus, details of these actions are omitted for brevity.
Actions at 804, 806, 807, 808b. 1, 808b. 2 and 808b. 3 in the process 800 are different from the actions in the process 700.
At 804, the DDNMF 114 of the remote UE 112 transmits a request to its PCF device 116 to obtain IDs for HPLMNs supporting an RSC for the remote UE 112. The request may include a UE identity of the remote UE 112 and the RSC. This request is also referred to as “get HPLMNs of potential relays request” .
The action at 804 may be considered as another example implementation of the action at 510 in Fig. 5.
At 805, the PCF device 116 of the remote UE 112 obtains IDs of HPLMNs of potential relays locally based on the RSC and local configuration.
The action at 805 may be considered as another example implementation of the action at 530 in Fig. 5.
At 806, the PCF device 116 of the remote UE 112 transmits a response to the DDNMF 114. This response is also referred to as “get HPLMNs of potential relays response” . The response may include the UE identity of the remote UE 112, the RSC and a list of PLMN IDs. For example, the list of PLMN IDs may comprise at least one of the following: the ID of the first HPLMN 110 (such as PLMN ID#1) , or the ID of the second HPLMN 120 (such as PLMN ID#2)
The action at 806 may be considered as another example implementation of the action at 530 in Fig. 5.
At 807, if the list of PLMN IDs may comprise the ID of the first HPLMN 110 (such as PLMN ID#1) , the DDNMF 114 of the remote UE 112 obtains IDs of potential relays from the PCF device 116 of the remote UE 112 based on the RSC.
The action at 807 may be considered as another example implementation of the actions at 510, 520 and 530 in Fig. 5.
At 808b. 1, if the list of PLMN IDs may comprise the ID of the second HPLMN 120 (such as PLMN ID#2) , the DDNMF 114 of the remote UE 112 transmits a Discovery Key  Request to the DDNMF 124 of the HPLMN 120, so as to obtain security information associated with the RSC. The request may include security capability of the remote UE 112 and the RSC. It shall be noted that the request may or may not include the ID of the second HPLMN 120 (such as PLMN ID#2) . This means that security information associated with each of the potential relays in the second HPLMN 120 needs to be obtained.
The action at 808b. 1 may be considered as another example implementation of the action at 610 in Fig. 6.
At 808b. 2, the DDNMF 124 of the U2N relay 122 obtains, from the PCF device 126, relay IDs for the potential relays in the second HPLMN 120 based on the RSC. Then, the DDNMF 124 generates a relay restricted ID for each of the potential relays with a valid timer. The relay restricted ID is associated with the RSC and the relay ID for the potential relay. Then, the DDNMF 124 obtains the security information associated with the relay restricted ID.For example, the DDNMF 124 may generate security parameters and select PC5 ciphering algorithm associated with the relay restricted ID. In turn, the DDNMF 124 constructs a list of relay restricted ID with corresponding valid timer, code security parameters and PC5 ciphering algorithms.
In some example embodiments, each element in the list may be associated with a second set of security information and a relay restricted ID associated with the second set of security information. Table 2 provides an example of the list.
Table 2
Relay restricted ID #3 A second set of security information #3
Relay restricted ID #4 A second set of security information #4
In Table 2, each row may present an element of the list of security information for the relay discovery. Each element may be associated with a second set of security information for a target relay terminal device and a relay restricted ID. For example, the second set of security information #3 is associated with a first target relay terminal device and the relay restricted ID #3. The Relay restricted ID #3 may be generated based on the RSC and a relay ID of the first target relay terminal device.
It shall be noted that the number of sets of security information and relay restricted IDs associated with the sets of security information are illustrative. More or less sets of security information and relay restricted IDs may be applied to the present disclosure.
At 808b. 3, the DDNMF 114 of the remote UE 112 receives a discovery key response from the DDNMF 124 of the U2N relay 122. The response may include a list of relay restricted ID with corresponding valid timer, code security parameters and PC5 ciphering algorithms.
The action at 808b. 3 may be considered as another example implementation of the action at 630 in Fig. 6.
Fig. 9 illustrates a signaling chart illustrating a process 900 for obtaining security information for relay discovery in accordance with some example embodiments of the present disclosure. For the purpose of discussion, the process 900 will be described with reference to Fig. 1. The process 900 may involve the first terminal device 112 (such as the remote UE 112) , the second terminal device 122 (such as the U2N relay 122) , the first network device 114 (such as the DDNMF 114) , the first PCF device 116, and the second network device 124 (such as the DDNMF 124) in Fig. 1.
The process 900 is similar to the process 800 in that the first PCF device 116 is configured with an identity of at least one target relay terminal device which belongs to the first HPLMN 110 and supports an RSC. Similarly, the second PCF device 126 is configured with an identity of at least one target relay terminal device which belongs to the second HPLMN 120 and supports an RSC.
In addition, the process 900 is different from the process 800 in that each of the at least one group of target relay terminal devices comprises a plurality of target relay terminal devices in one of the first HPLMN 110 or the second HPLMN 120. An identity for a group of target relay terminal devices comprises one of the following: a PLMN identity (ID) of the first HPLMN 110 or the second HPLMN 120 which the plurality of target relay terminal devices belongs to, or a group ID of the plurality of target relay terminal devices. For example, the group ID may include the PLMN ID of the first HPLMN 110 or the second HPLMN 120.
Specifically, actions at 901, 902, 903, 904, 905, 906, 908b. 1, 909, 910 and 911 in the process 900 are similar to the actions at 801, 802, 803, 804, 805, 806, 808b. 1, 809, 810 and 811 in the process 800. Thus, details of these actions are omitted for brevity.
Actions at 908a and 908b. 2 in the process 900 are different from the actions in the process 800.
At 908a, if the list of PLMN IDs may comprise the ID of the first HPLMN 110 (such as PLMN ID#1) , the DDNMF 114 of the remote UE 112 generates a relay restricted ID for  all the potential relays supporting the RSC in the first HPLMN 110. The relay restricted ID is associated with the RSC and the PLMN ID#1. Then, the DDNMF 114 obtains the security information associated with the relay restricted ID. For example, the DDNMF 114 may generate security parameters and select PC5 ciphering algorithm associated with the relay restricted ID. In addition, the DDNMF 114 of the remote UE 112 may generate a valid timer for the relay restricted ID.
At 908b. 1, if the list of PLMN IDs may comprise the ID of the second HPLMN 120 (such as PLMN ID#2) , the DDNMF 114 of the remote UE 112 transmits a Discovery Key Request to the DDNMF 124 of the HPLMN 120, so as to obtain security information associated with the RSC. The request may include security capability of the remote UE 112 and the RSC. It shall be noted that the request may or may not include the ID of the second HPLMN 120 (such as PLMN ID#2) . This means that security information associated with all the potential relays in the second HPLMN 120 needs to be obtained.
The action at 908b. 1 may be considered as another example implementation of the action at 610 in Fig. 6.
At 908b. 2, the DDNMF 114 of the remote UE 112 receives a discovery key response from the DDNMF 124 of the U2N relay 122. The response may include the relay restricted ID with corresponding valid timer, code security parameters and PC5 ciphering algorithms.
The action at 908b. 2 may be considered as another example implementation of the action at 630 in Fig. 6.
In some example implementations, the actions at 908b. 1 and 908b. 2 may be repeated for each HPLMN of potential relays associated with the RSC.
Fig. 10 illustrates a signaling chart illustrating a process 1000 for obtaining security information for relay discovery in accordance with some example embodiments of the present disclosure. For the purpose of discussion, the process 1000 will be described with reference to Fig. 1. The process 1000 may involve the first terminal device 112 (such as the remote UE 112) , the second terminal device 122 (such as the U2N relay 122) , the first network device 114 (such as the DDNMF 114) , and the second network device 124 (such as the DDNMF 124) in Fig. 1.
The process 1000 is similar to the process 800 in that each of the at least one group of target relay terminal devices comprises a single target relay terminal device, and an identity for a group of target relay terminal devices comprises a relay identity for discovery.
The process 1000 is different from the process 800 in that the first network device 114 is configured with an identity of at least one target relay terminal device which belongs to the first HPLMN 110 and supports an RSC. Similarly, the second network device 124 is configured with an identity of at least one target relay terminal device which belongs to the second HPLMN 120 and supports an RSC.
Specifically, actions at 1001, 1002, 1003, 1008a, 1008b. 1, 1008b. 4, 1009, 1010 and 1011 in the process 1000 are similar to the actions at 801, 802, 803, 808a, 808b. 1, 808b. 3, 809, 810 and 811 in the process 800. Thus, details of these actions are omitted for brevity.
Actions at 1005, 1006, 1008b. 2 and 1008b. 3 in the process 900 are different from the actions in the process 800.
At 1005, the DDNMF 114 of the remote UE 112 obtains IDs of HPLMNs of potential relays locally based on the RSC and local configuration.
At 1006, the DDNMF 114 of the remote UE 112 obtains IDs of potential relays locally based on the RSC and local configuration for those potential relays that belong to the same HPLMN of the remote UE 112.
At 1008b. 2, the DDNMF 114 of the remote UE 112 obtains relay IDs for the potential relays in the second HPLMN 120 based on the RSC and local configuration.
At 1008b. 3, the DDNMF 124 generates a relay restricted ID for each of the potential relays with a valid timer. The relay restricted ID is associated with the RSC and the relay ID for the potential relay. The DDNMF 124 also obtains the security information associated with the relay restricted ID. For example, the DDNMF 124 may generate security parameters and select PC5 ciphering algorithm associated with the relay restricted ID. In turn, the DDNMF 124 constructs a list of relay restricted ID with corresponding valid timer, code security parameters and PC5 ciphering algorithms. An example of the list has been described in Table 2.
In some example embodiments, the actions from 1008b. 1 to 1008b. 4 may be repeated for each PLMN of potential relays associated with the RSC.
Fig. 11 illustrates a signaling chart illustrating a process 1100 for obtaining security information for relay discovery in accordance with some example embodiments of the present disclosure. For the purpose of discussion, the process 1100 will be described with reference to Fig. 1. The process 1100 may involve the first terminal device 112 (such as the  remote UE 112) , the second terminal device 122 (such as the U2N relay 122) , the first network device 114 (such as the DDNMF 114) , and the second network device 124 (such as the DDNMF 124) in Fig. 1.
The process 1100 is similar to the process 900 in that each of the at least one group of target relay terminal devices comprises a plurality of target relay terminal devices in one of the first HPLMN 110 or the second HPLMN 120. An identity for a group of target relay terminal devices comprises one of the following: a PLMN identity (ID) of the first HPLMN 110 or the second HPLMN 120 which the plurality of target relay terminal devices belongs to, or a group ID of the plurality of target relay terminal devices. For example, the group ID may include the PLMN ID of the first HPLMN 110 or the second HPLMN 120.
The process 1100 is different from the process 900 in that the first network device 114 is configured with an identity of at least one target relay terminal device which belongs to the first HPLMN 110 and supports an RSC. Similarly, the second network device 124 is configured with an identity of at least one target relay terminal device which belongs to the second HPLMN 120 and supports an RSC.
Specifically, actions at 1101, 1102, 1103, 1108a, 1108b. 1, 1108b. 2, 1109, 1110 and 1111 in the process 1100 are similar to the actions at 901, 902, 903, 908a, 908b. 1, 908b. 2, 909, 910 and 911 in the process 900. Thus, details of these actions are omitted for brevity.
An action at 1105 in the process 1100 is different from the actions in the process 900.
At 1105, the DDNMF 114 of the remote UE 112 obtains IDs of HPLMNs of potential relays locally based on the RSC and local configuration.
In some example embodiments, the actions at 1108b. 1 and 1108b. 2 may be repeated for each PLMN of potential relays associated with the RSC.
Fig. 12 shows a flowchart of an example method 1200 implemented at a first network device in accordance with some example embodiments of the present disclosure. For the purpose of discussion, the method 1200 will be described from the perspective of the first network device 114 with respect to Fig. 1.
At block 1210, the first network device 114 receives, from a terminal device served by the first network device, a first request for security information for relay discovery. The first request at least comprises a relay service code (RSC) .
At block 1220, the first network device 114 obtains at least one identity based on the first request. Each of the at least one identity is for one of at least one group of target relay  terminal devices supporting the RSC.
At block 1230, the first network device 114 obtain at least one set of security information based on the at least one identity and the RSC. Each of the at least one set of security information is associated with one of the at least one group of target relay terminal devices.
At block 1240, the first network device 114 transmits the at least one set of security information to the terminal device.
In some example embodiments, obtaining the at least one identity may comprise: obtaining the at least one identity from a first policy control function (PCF) device in the first HPLMN.
In some example embodiments, obtaining the at least one identity from the first PCF device may comprise: transmitting a second request for the at least one identity to the first PCF device, the second request at least comprising the RSC; and receiving a second response to the second request from the first PCF device, the second response at least comprising the at least one identity.
In some example embodiments, obtaining the at least one set of security information may comprise: obtaining a set of security information associated with a relay restricted identity, the relay restricted identity being generated based on the RSC and an identity for one of the at least one group of target relay terminal devices. In some example embodiments, transmitting the at least one set of security information may comprise: transmitting the set of security information in association with the relay restricted identity.
In some example embodiments, obtaining the at least one set of security information may comprise: based on determining that a first group of target relay terminal devices among the at least one group belongs to the first HPLMN, generating a first relay restricted identity based on the RSC and a first identity for the first group of target relay terminal devices, and obtaining a first set of security information associated with the first relay restricted identity.
In some example embodiments, obtaining the at least one set of security information may comprise: based on determining that a second group of target relay terminal devices among the at least one group belongs to a second HPLMN different from the first HPLMN, transmitting, to a second network device in the second HPLMN, a third request for a second set of security information for the RSC, and receiving, from the second network device, a third response to the third request, the third response comprising the second set of security information and a second relay restricted identity, the second relay restricted identity being associated with the RSC and a second identity for the second group.
In some example embodiments, the third request comprises the second identity.
In some example embodiments, obtaining the at least one identity may comprise: obtaining the at least one identity locally.
In some example embodiments, each of the at least one group of target relay terminal devices belongs to the first HPLMN or a second HPLMN, the second HPLMN being different from the first HPLMN.
In some example embodiments, each of the at least one group of target relay terminal devices comprises a single target relay terminal device, and each of the at least one identity comprises a relay identity for discovery.
In some example embodiments, each of the at least one group of target relay terminal devices comprises a plurality of target relay terminal devices, and each of the at least one identity comprises one of the following: a PLMN identity of the first HPLMN or the second HPLMN which the plurality of target relay terminal devices belongs to, or a group identity of the plurality of target relay terminal devices.
Fig. 13 shows a flowchart of an example method 1300 implemented at a terminal device in accordance with some example embodiments of the present disclosure. For the purpose of discussion, the method 1300 will be described from the perspective of the first terminal device 112 with respect to Fig. 1. Alternatively, the method 1300 may be implemented at the second terminal device 122.
At block 1310, the first terminal device 112 transmits, to a network device in a home public land mobile network (HPLMN) , a request for security information for relay discovery. The request at least comprises a relay service code (RSC) .
At block 1320, the first terminal device 112 receives at least one set of security information from the network device. Each of the at least one set of security information is associated with one of at least one group of target relay terminal devices supporting the RSC.
At block 1330, the first terminal device 112 performs the relay discovery based on the at least one set of security information.
In some example embodiments, receiving the at least one set of security information may comprise: receiving a set of security information in association with a relay restricted identity, the relay restricted identity being associated with the RSC and an identity for one of the at least one group of target relay terminal devices.
In some example embodiments, each of the at least one group of target relay terminal  devices belongs to a first HPLMN or a second HPLMN, the second HPLMN being different from the first HPLMN.
In some example embodiments, each of the at least one group of target relay terminal devices comprises a single target relay terminal device, and each of the at least one identity comprises a relay identity for discovery.
In some example embodiments, each of the at least one group of target relay terminal devices comprises a plurality of target relay terminal devices, and each of the at least one identity comprises one of the following: a PLMN identity for the first or second HPLMN which the plurality of target relay terminal devices belongs to, or a group identity for the plurality of target relay terminal devices.
Fig. 14 shows a flowchart of an example method 1400 implemented at a first PCF device in accordance with some example embodiments of the present disclosure. For the purpose of discussion, the method 1400 will be described from the perspective of the first PCF device 116 with respect to Fig. 1.
At block 1410, the first PCF device 116 receives, from a first network device in the first HPLMN, a second request for at least one identity. Each of the at least one identity is for one of at least one group of target relay terminal devices supporting a relay service code (RSC) , the second request at least comprising the RSC.
At block 1420, the first PCF device 116 obtains the at least one identity based on the second request.
At block 1430, the first PCF device 116 transmits, to the first network device, a second response to the second request. The second response at least comprising the at least one identity.
In some example embodiments, each of the at least one group of target relay terminal devices belongs to the first HPLMN or a second HPLMN. The second HPLMN is different from the first HPLMN.
In some example embodiments, each of the at least one group of target relay terminal devices comprises a single target relay terminal device, and each of the at least one identity comprises a relay identity for discovery.
In some example embodiments, obtaining the at least one identity may comprise: based on determining that the at least one group of target relay terminal devices belongs to the first HPLMN, obtaining, based on the second request, a first identity of the first HPLMN locally; and obtaining a relay identity for discovery for each of the at least one group of target  relay terminal devices locally.
In some example embodiments, obtaining the at least one identity may comprise: based on determining that the at least one group of target relay terminal devices belongs to the second HPLMN, transmitting, to a second PCF device in the second HPLMN, a fourth request for at least one relay identity for discovery for the at least one group of target relay terminal devices, and receiving, from the second PCF device, a fourth response to the fourth request, the fourth response comprising the at least one relay identity.
In some example embodiments, each of the at least one group of target relay terminal devices comprises a plurality of target relay terminal devices, and the at least one identity comprises one of the following: a PLMN identity for the first or second HPLMN which the plurality of target relay terminal devices belongs to, or a group identity for the plurality of target relay terminal devices.
In some example embodiments, obtaining the at least one identity may comprise: obtaining the PLMN identity or the group identity based on the second request.
Fig. 15 shows a flowchart of an example method 1500 implemented at a second network device in accordance with some example embodiments of the present disclosure. For the purpose of discussion, the method 1500 will be described from the perspective of the second network device 124 with respect to Fig. 1.
At block 1510, the second network device 124 receives, from a first network device in a first HPLM, a third request for at least one second set of security information for a relay service code (RSC) , The request at least comprises the RSC, and the second HPLMN is different from the first HPLMN.
At block 1520, the second network device 124 obtains the at least one second set of security information based on the third request.
At block 1530, the second network device 124 transmits a third response to the first network device. The third response at least comprises the at least one second set of security information.
In some example embodiments, each of the at least one second set of security information is associated with a second group of target relay terminal devices belonging to the second HPLMN.
In some example embodiments, the second group of target relay terminal devices comprises a single target relay terminal device, and a second identity for the second group comprises a relay identity for discovery.
In some example embodiments, the second group of target relay terminal devices comprises a plurality of target relay terminal devices, and a second identity for the second group comprises one of the following: a PLMN identity for the second HPLMN which the plurality of target relay terminal devices belongs to, or a group identity for the plurality of target relay terminal devices.
In some example embodiments, obtaining the at least one second set of security information may comprise: generating a second relay restricted identity based on the RSC and a second identity for the second group, obtaining one of the at least one second set of security information which is associated with the second relay restricted identity.
In some example embodiments, transmitting the at least one second set of security information may comprise: transmitting the one of the at least one second set of security information in association with the second relay restricted identity.
In some example embodiments, the third request comprises a second identity for the second group of target relay terminal devices.
Fig. 16 shows a flowchart of an example method 1600 implemented at a second PCF device in accordance with some example embodiments of the present disclosure. For the purpose of discussion, the method 1600 will be described from the perspective of the second PCF device 126 with respect to Fig. 1.
At block 1610, the second PCF device 126 receives a request for at least one identity, each of the at least one identity being for a target relay terminal device supporting a relay service code (RSC) , the request at least comprising the RSC.
At block 1620, the second PCF device 126 obtains the at least one identity based on the request.
At block 1630, the second PCF device 126 transmits a response to the request, the response comprising the at least one identity.
In some example embodiments, receiving the request for at least one identity comprises receiving the request from one of the following: a first network device in a first HPLMN different from the second HPLMN, or a second network device in the second HPLMN.
In some example embodiments, an apparatus capable of performing any of the method 1200 (for example, the first network device 114) may comprise means for performing the respective operations of the method 1200. The means may be implemented in any suitable  form. For example, the means may be implemented in a circuitry or software module. The apparatus may be implemented as or included in the first network device 114. In some example embodiments, the means may comprise a processor and a memory.
In some example embodiments, the apparatus comprises: means for receiving, at a first network device in a first home public land mobile network (HPLMN) from a terminal device served by the first network device, a first request for security information for relay discovery, the first request at least comprising a relay service code (RSC) ; means for obtaining at least one identity based on the first request, each of the at least one identity being for one of at least one group of target relay terminal devices supporting the RSC; means for obtaining at least one set of security information based on the at least one identity and the RSC, each of the at least one set of security information being associated with one of the at least one group of target relay terminal devices; and means for transmitting the at least one set of security information to the terminal device.
In some example embodiments, the means for obtaining the at least one identity may comprise: means for obtaining the at least one identity from a first policy control function (PCF) device in the first HPLMN.
In some example embodiments, the means for obtaining the at least one identity from the first PCF device may comprise: means for transmitting a second request for the at least one identity to the first PCF device, the second request at least comprising the RSC; and means for receiving a second response to the second request from the first PCF device, the second response at least comprising the at least one identity.
In some example embodiments, the means for obtaining the at least one set of security information may comprise: means for obtaining a set of security information associated with a relay restricted identity, the relay restricted identity being generated based on the RSC and an identity for one of the at least one group of target relay terminal devices. In some example embodiments, the means for transmitting the at least one set of security information may comprise: means for transmitting the set of security information in association with the relay restricted identity.
In some example embodiments, the means for obtaining the at least one set of security information may comprise: based on determining that a first group of target relay terminal devices among the at least one group belongs to the first HPLMN, means for generating a first relay restricted identity based on the RSC and a first identity for the first group of target relay terminal devices, and means for obtaining a first set of security  information associated with the first relay restricted identity.
In some example embodiments, the means for obtaining the at least one set of security information may comprise: based on determining that a second group of target relay terminal devices among the at least one group belongs to a second HPLMN different from the first HPLMN, means for transmitting, to a second network device in the second HPLMN, a third request for a second set of security information for the RSC, and means for receiving, from the second network device, a third response to the third request, the third response comprising the second set of security information and a second relay restricted identity, the second relay restricted identity being associated with the RSC and a second identity for the second group.
In some example embodiments, the third request comprises the second identity.
In some example embodiments, the means for obtaining the at least one identity may comprise: means for obtaining the at least one identity locally.
In some example embodiments, each of the at least one group of target relay terminal devices belongs to the first HPLMN or a second HPLMN, the second HPLMN being different from the first HPLMN.
In some example embodiments, each of the at least one group of target relay terminal devices comprises a single target relay terminal device, and each of the at least one identity comprises a relay identity for discovery.
In some example embodiments, each of the at least one group of target relay terminal devices comprises a plurality of target relay terminal devices, and each of the at least one identity comprises one of the following: a PLMN identity of the first HPLMN or the second HPLMN which the plurality of target relay terminal devices belongs to, or a group identity of the plurality of target relay terminal devices.
In some example embodiments, an apparatus capable of performing any of the method 1300 (for example, the first terminal device 112) may comprise means for performing the respective operations of the method 1300. The means may be implemented in any suitable form. For example, the means may be implemented in a circuitry or software module. The apparatus may be implemented as or included in the first terminal device 112. In some example embodiments, the means may comprise a processor and a memory.
In some example embodiments, the apparatus comprises: means for transmitting, from a terminal device to a network device in a home public land mobile network (HPLMN) , a request for security information for relay discovery, the request at least comprising a relay  service code (RSC) ; means for receiving at least one set of security information from the network device, each of the at least one set of security information being associated with one of at least one group of target relay terminal devices supporting the RSC; and means for performing the relay discovery based on the at least one set of security information.
In some example embodiments, receiving the at least one set of security information may comprise: receiving a set of security information in association with a relay restricted identity, the relay restricted identity being associated with the RSC and an identity for one of the at least one group of target relay terminal devices.
In some example embodiments, each of the at least one group of target relay terminal devices belongs to a first HPLMN or a second HPLMN, the second HPLMN being different from the first HPLMN.
In some example embodiments, each of the at least one group of target relay terminal devices comprises a single target relay terminal device, and each of the at least one identity comprises a relay identity for discovery.
In some example embodiments, each of the at least one group of target relay terminal devices comprises a plurality of target relay terminal devices, and each of the at least one identity comprises one of the following: a PLMN identity for the first or second HPLMN which the plurality of target relay terminal devices belongs to, or a group identity for the plurality of target relay terminal devices.
In some example embodiments, an apparatus capable of performing any of the method 1400 (for example, the first PCF device 116) may comprise means for performing the respective operations of the method 1400. The means may be implemented in any suitable form. For example, the means may be implemented in a circuitry or software module. The apparatus may be implemented as or included in the first PCF device 116. In some example embodiments, the means may comprise a processor and a memory.
In some example embodiments, the apparatus comprises: means for receiving, at a first policy control function (PCF) device in a first home public land mobile network (HPLMN) from a first network device in the first HPLMN, a second request for at least one identity, each of the at least one identity being for one of at least one group of target relay terminal devices supporting a relay service code (RSC) , the second request at least comprising the RSC; means for obtaining the at least one identity based on the second request; and means for transmitting, to the first network device, a second response to the second request, the second response at least comprising the at least one identity.
In some example embodiments, each of the at least one group of target relay terminal devices belongs to the first HPLMN or a second HPLMN. The second HPLMN is different from the first HPLMN.
In some example embodiments, each of the at least one group of target relay terminal devices comprises a single target relay terminal device, and each of the at least one identity comprises a relay identity for discovery.
In some example embodiments, the means for obtaining the at least one identity may comprise: based on determining that the at least one group of target relay terminal devices belongs to the first HPLMN, means for obtaining, based on the second request, a first identity of the first HPLMN locally; and means for obtaining a relay identity for discovery for each of the at least one group of target relay terminal devices locally.
In some example embodiments, the means for obtaining the at least one identity may comprise: based on determining that the at least one group of target relay terminal devices belongs to the second HPLMN, means for transmitting, to a second PCF device in the second HPLMN, a fourth request for at least one relay identity for discovery for the at least one group of target relay terminal devices, and means for receiving, from the second PCF device, a fourth response to the fourth request, the fourth response comprising the at least one relay identity.
In some example embodiments, each of the at least one group of target relay terminal devices comprises a plurality of target relay terminal devices, and the at least one identity comprises one of the following: a PLMN identity for the first or second HPLMN which the plurality of target relay terminal devices belongs to, or a group identity for the plurality of target relay terminal devices.
In some example embodiments, the means for obtaining the at least one identity may comprise: means for obtaining the PLMN identity or the group identity based on the second request.
In some example embodiments, an apparatus capable of performing any of the method 1500 (for example, the second network device 124) may comprise means for performing the respective operations of the method 1500. The means may be implemented in any suitable form. For example, the means may be implemented in a circuitry or software module. The apparatus may be implemented as or included in the second network device 124. In some example embodiments, the means may comprise a processor and a memory.
In some example embodiments, the apparatus comprises: means for receiving, at a  second network device in a second home public land mobile network (HPLMN) from a first network device in a first HPLM, a third request for at least one second set of security information for a relay service code (RSC) , the request at least comprising the RSC, the second HPLMN being different from the first HPLMN; means for obtaining the at least one second set of security information based on the third request; and means for transmitting a third response to the first network device, the third response at least comprising the at least one second set of security information.
In some example embodiments, each of the at least one second set of security information is associated with a second group of target relay terminal devices belonging to the second HPLMN.
In some example embodiments, the second group of target relay terminal devices comprises a single target relay terminal device, and a second identity for the second group comprises a relay identity for discovery.
In some example embodiments, the second group of target relay terminal devices comprises a plurality of target relay terminal devices, and a second identity for the second group comprises one of the following: a PLMN identity for the second HPLMN which the plurality of target relay terminal devices belongs to, or a group identity for the plurality of target relay terminal devices.
In some example embodiments, the means for obtaining the at least one second set of security information may comprise: means for generating a second relay restricted identity based on the RSC and a second identity for the second group and means for obtaining one of the at least one second set of security information which is associated with the second relay restricted identity.
In some example embodiments, the means for transmitting the at least one second set of security information may comprise: means for transmitting the one of the at least one second set of security information in association with the second relay restricted identity.
In some example embodiments, the third request comprises a second identity for the second group of target relay terminal devices.
In some example embodiments, an apparatus capable of performing any of the method 1600 (for example, the second PCF device 126) may comprise means for performing the respective operations of the method 1600. The means may be implemented in any suitable form. For example, the means may be implemented in a circuitry or software module. The apparatus may be implemented as or included in the second PCF device 126. In some example  embodiments, the means may comprise a processor and a memory.
In some example embodiments, the apparatus comprises: means for receiving, at a second PCF device in a second home public land mobile network (HPLMN) , a request for at least one identity, each of the at least one identity being for a target relay terminal device supporting a relay service code (RSC) , the request at least comprising the RSC; means for obtaining the at least one identity based on the request; and means for transmitting a response to the request, the response comprising the at least one identity.
In some example embodiments, the means for receiving the request for at least one identity comprises means for receiving the request from one of the following: a first network device in a first HPLMN different from the second HPLMN, or a second network device in the second HPLMN.
It shall be understood that details of example embodiments of the present disclosure which have been described with reference to Figs. 7 to 11 are also applied to the methods 1200 to 1600.
Fig. 17 is a simplified block diagram of a device 1700 that is suitable for implementing embodiments of the present disclosure. The device 1700 may be provided to implement the communication device, for example, the first terminal device 112, the first network device 114, the first PCF device 116, the second terminal device 122, the second network device 124, or the second PCF device 126 as shown in Fig. 1. As shown, the device 1700 includes one or more processors 1710, one or more memories 1720 coupled to the processor 1710, and one or more communication modules 1740 coupled to the processor 1710.
The communication module 1740 is for bidirectional communications. The communication module 1740 has at least one antenna to facilitate communication. The communication interface may represent any interface that is necessary for communication with other network elements.
The processor 1710 may be of any type suitable to the local technical network and may include one or more of the following: general purpose computers, special purpose computers, microprocessors, digital signal processors (DSPs) and processors based on multicore processor architecture, as non-limiting examples. The device 1700 may have multiple processors, such as an application specific integrated circuit chip that is slaved in time to a clock which synchronizes the main processor.
The memory 1720 may include one or more non-volatile memories and one or more volatile memories. Examples of the non-volatile memories include, but are not limited to, a Read Only Memory (ROM) 1724, an electrically programmable read only memory (EPROM) , a flash memory, a hard disk, a compact disc (CD) , a digital video disk (DVD) , and other magnetic storage and/or optical storage. Examples of the volatile memories include, but are not limited to, a random access memory (RAM) 1722 and other volatile memories that will not last in the power-down duration.
computer program 1730 includes computer executable instructions that are executed by the associated processor 1710. The program 1730 may be stored in the ROM 1724. The processor 1710 may perform any suitable actions and processing by loading the program 1730 into the RAM 1722.
The embodiments of the present disclosure may be implemented by means of the program 1730 so that the device 1700 may perform any process of the disclosure as discussed with reference to Figs. 1 to 16. The embodiments of the present disclosure may also be implemented by hardware or by a combination of software and hardware.
In some example embodiments, the program 1730 may be tangibly contained in a computer readable medium which may be included in the device 1700 (such as in the memory 1720) or other storage devices that are accessible by the device 1700. The device 1700 may load the program 1730 from the computer readable medium to the RAM 1722 for execution. The computer readable medium may include any types of tangible non-volatile storage, such as ROM, EPROM, a flash memory, a hard disk, CD, DVD, and the like. Fig. 18 shows an example of the computer readable medium 1800 in form of CD or DVD. The computer readable medium has the program 1730 stored thereon.
Generally, various embodiments of the present disclosure may be implemented in hardware or special purpose circuits, software, logic or any combination thereof. Some aspects may be implemented in hardware, while other aspects may be implemented in firmware or software which may be executed by a controller, microprocessor or other computing device. While various aspects of embodiments of the present disclosure are illustrated and described as block diagrams, flowcharts, or using some other pictorial representations, it is to be understood that the block, apparatus, system, technique or method described herein may be implemented in, as non-limiting examples, hardware, software, firmware, special purpose circuits or logic, general purpose hardware or controller or other  computing devices, or some combination thereof.
The present disclosure also provides at least one computer program product tangibly stored on a non-transitory computer readable storage medium. The computer program product includes computer-executable instructions, such as those included in program modules, being executed in a device on a target real or virtual processor, to carry out the methods 1200 to 1600 as described above with reference to Figs. 12 to 16. Generally, program modules include routines, programs, libraries, objects, classes, components, data structures, or the like that perform particular tasks or implement particular abstract data types. The functionality of the program modules may be combined or split between program modules as desired in various embodiments. Machine-executable instructions for program modules may be executed within a local or distributed device. In a distributed device, program modules may be located in both local and remote storage media.
Program code for carrying out methods of the present disclosure may be written in any combination of one or more programming languages. These program codes may be provided to a processor or controller of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the program codes, when executed by the processor or controller, cause the functions/operations specified in the flowcharts and/or block diagrams to be implemented. The program code may execute entirely on a machine, partly on the machine, as a stand-alone software package, partly on the machine and partly on a remote machine or entirely on the remote machine or server.
In the context of the present disclosure, the computer program codes or related data may be carried by any suitable carrier to enable the device, apparatus or processor to perform various processes and operations as described above. Examples of the carrier include a signal, computer readable medium, and the like.
The computer readable medium may be a computer readable signal medium or a computer readable storage medium. A computer readable medium may include but not limited to an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of the computer readable storage medium would include an electrical connection having one or more wires, a portable computer diskette, a hard disk, a random access memory (RAM) , a read-only memory (ROM) , an erasable programmable read-only memory (EPROM or Flash memory) , an optical fiber, a portable compact disc read-only memory (CD- ROM) , an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
Further, while operations are depicted in a particular order, this should not be understood as requiring that such operations be performed in the particular order shown or in sequential order, or that all illustrated operations be performed, to achieve desirable results. In certain circumstances, multitasking and parallel processing may be advantageous. Likewise, while several specific implementation details are contained in the above discussions, these should not be construed as limitations on the scope of the present disclosure, but rather as descriptions of features that may be specific to particular embodiments. Certain features that are described in the context of separate embodiments may also be implemented in combination in a single embodiment. Conversely, various features that are described in the context of a single embodiment may also be implemented in multiple embodiments separately or in any suitable sub-combination.
Although the present disclosure has been described in languages specific to structural features and/or methodological acts, it is to be understood that the present disclosure defined in the appended claims is not necessarily limited to the specific features or acts described above. Rather, the specific features and acts described above are disclosed as example forms of implementing the claims.

Claims (42)

  1. A first network device, comprising:
    at least one processor; and
    at least one memory storing instructions that, when executed by the at least one processor, cause the first network device in a first home public land mobile network (HPLMN) at least to:
    receive, from a terminal device served by the first network device, a first request for security information for relay discovery, the first request at least comprising a relay service code (RSC) ;
    obtain at least one identity based on the first request, each of the at least one identity being for one of at least one group of target relay terminal devices supporting the RSC;
    obtain at least one set of security information based on the at least one identity and the RSC, each of the at least one set of security information being associated with one of the at least one group of target relay terminal devices; and
    transmit the at least one set of security information to the terminal device.
  2. The first network device of claim 1, wherein the first network device is caused to obtain the at least one identity by:
    obtaining the at least one identity from a first policy control function (PCF) device in the first HPLMN.
  3. The first network device of claim 2, wherein the first network device is caused to obtain the at least one identity from the first PCF device by:
    transmitting a second request for the at least one identity to the first PCF device, the second request at least comprising the RSC; and
    receiving a second response to the second request from the first PCF device, the second response at least comprising the at least one identity.
  4. The first network device of claim 1, wherein:
    the first network device is caused to obtain the at least one set of security information by:
    obtaining a set of security information associated with a relay restricted  identity, the relay restricted identity being generated based on the RSC and an identity for one of the at least one group of target relay terminal devices; and
    the first network device is caused to transmit the at least one set of security information by:
    transmitting the set of security information in association with the relay restricted identity.
  5. The first network device of claim 4, wherein the first network device is caused to obtain the at least one set of security information by:
    based on determining that a first group of target relay terminal devices among the at least one group belongs to the first HPLMN,
    generating a first relay restricted identity based on the RSC and a first identity for the first group of target relay terminal devices, and
    obtaining a first set of security information associated with the first relay restricted identity.
  6. The first network device of claim 4, wherein the first network device is caused to obtain the at least one set of security information by:
    based on determining that a second group of target relay terminal devices among the at least one group belongs to a second HPLMN different from the first HPLMN,
    transmitting, to a second network device in the second HPLMN, a third request for a second set of security information for the RSC, and
    receiving, from the second network device, a third response to the third request, the third response comprising the second set of security information and a second relay restricted identity, the second relay restricted identity being associated with the RSC and a second identity for the second group.
  7. The first network device of claim 6, wherein the third request comprises the second identity.
  8. The first network device of claim 1, wherein the first network device is caused to obtain the at least one identity by:
    obtaining the at least one identity locally.
  9. The first network device of claim 1, wherein each of the at least one group of target relay terminal devices belongs to the first HPLMN or a second HPLMN, the second HPLMN being different from the first HPLMN.
  10. The first network device of claim 9, wherein each of the at least one group of target relay terminal devices comprises a single target relay terminal device, and each of the at least one identity comprises a relay identity for discovery.
  11. The first network device of claim 9, wherein each of the at least one group of target relay terminal devices comprises a plurality of target relay terminal devices, and each of the at least one identity comprises one of the following:
    a PLMN identity of the first HPLMN or the second HPLMN which the plurality of target relay terminal devices belongs to, or
    a group identity of the plurality of target relay terminal devices.
  12. A terminal device, comprising:
    at least one processor; and
    at least one memory storing instructions that, when executed by the at least one processor, cause the terminal device at least to:
    transmit, to a network device in a home public land mobile network (HPLMN) , a request for security information for relay discovery, the request at least comprising a relay service code (RSC) ;
    receive at least one set of security information from the network device, each of the at least one set of security information being associated with one of at least one group of target relay terminal devices supporting the RSC; and
    perform the relay discovery based on the at least one set of security information.
  13. The terminal device of claim 12, wherein the terminal device is caused to receive the at least one set of security information by:
    receiving a set of security information in association with a relay restricted identity, the relay restricted identity being associated with the RSC and an identity for one of the at least one group of target relay terminal devices.
  14. The terminal device of claim 12, wherein each of the at least one group of target relay terminal devices belongs to a first HPLMN or a second HPLMN, the second HPLMN being different from the first HPLMN.
  15. The terminal device of claim 14, wherein each of the at least one group of target relay terminal devices comprises a single target relay terminal device, and each of the at least one identity comprises a relay identity for discovery.
  16. The terminal device of claim 14, wherein each of the at least one group of target relay terminal devices comprises a plurality of target relay terminal devices, and each of the at least one identity comprises one of the following:
    a PLMN identity for the first or second HPLMN which the plurality of target relay terminal devices belongs to, or
    a group identity for the plurality of target relay terminal devices.
  17. A first policy control function (PCF) device, comprising:
    at least one processor; and
    at least one memory storing instructions that, when executed by the at least one processor, cause the first PCF device in a first home public land mobile network (HPLMN) at least to:
    receive, from a first network device in the first HPLMN, a second request for at least one identity, each of the at least one identity being for one of at least one group of target relay terminal devices supporting a relay service code (RSC) , the second request at least comprising the RSC;
    obtain the at least one identity based on the second request; and
    transmit, to the first network device, a second response to the second request, the second response at least comprising the at least one identity.
  18. The first PCF device of claim 17, wherein each of the at least one group of target relay terminal devices belongs to the first HPLMN or a second HPLMN, the second HPLMN being different from the first HPLMN.
  19. The first PCF device of claim 18, wherein each of the at least one group of target relay terminal devices comprises a single target relay terminal device, and each of the at least  one identity comprises a relay identity for discovery.
  20. The first PCF device of claim 19, wherein the first PCF device is caused to obtain the at least one identity by:
    based on determining that the at least one group of target relay terminal devices belongs to the first HPLMN,
    obtaining, based on the second request, a first identity of the first HPLMN locally; and
    obtaining a relay identity for discovery for each of the at least one group of target relay terminal devices locally.
  21. The first PCF device of claim 19, wherein the first PCF device is caused to obtain the at least one identity by:
    based on determining that the at least one group of target relay terminal devices belongs to the second HPLMN,
    transmitting, to a second PCF device in the second HPLMN, a fourth request for at least one relay identity for discovery for the at least one group of target relay terminal devices, and
    receiving, from the second PCF device, a fourth response to the fourth request, the fourth response comprising the at least one relay identity.
  22. The first PCF device of claim 18, wherein each of the at least one group of target relay terminal devices comprises a plurality of target relay terminal devices, and the at least one identity comprises one of the following:
    a PLMN identity for the first or second HPLMN which the plurality of target relay terminal devices belongs to, or
    a group identity for the plurality of target relay terminal devices.
  23. The first PCF device of claim 22, wherein the first PCF device is caused to obtain the at least one identity by:
    obtaining the PLMN identity or the group identity based on the second request.
  24. A second network device, comprising:
    at least one processor; and
    at least one memory storing instructions that, when executed by the at least one processor, cause the second network device in a second home public land mobile network (HPLMN) at least to:
    receive, from a first network device in a first HPLM, a third request for at least one second set of security information for a relay service code (RSC) , the request at least comprising the RSC, the second HPLMN being different from the first HPLMN;
    obtain the at least one second set of security information based on the third request; and
    transmit a third response to the first network device, the third response at least comprising the at least one second set of security information.
  25. The second network device of claim 24, wherein each of the at least one second set of security information is associated with a second group of target relay terminal devices belonging to the second HPLMN.
  26. The second network device of claim 25, wherein the second group of target relay terminal devices comprises a single target relay terminal device, and a second identity for the second group comprises a relay identity for discovery.
  27. The second network device of claim 25, wherein the second group of target relay terminal devices comprises a plurality of target relay terminal devices, and a second identity for the second group comprises one of the following:
    a PLMN identity for the second HPLMN which the plurality of target relay terminal devices belongs to, or
    a group identity for the plurality of target relay terminal devices.
  28. The second network device of claim 25, wherein:
    the second network device is caused to obtain the at least one second set of security information by:
    generating a second relay restricted identity based on the RSC and a second identity for the second group,
    obtaining one of the at least one second set of security information which is associated with the second relay restricted identity; and
    the second network device is caused to transmit the at least one second set of security  information by:
    transmitting the one of the at least one second set of security information in association with the second relay restricted identity.
  29. The second network device of claim 24, wherein the third request comprises a second identity for the second group of target relay terminal devices.
  30. A second policy control function (PCF) device, comprising:
    at least one processor; and
    at least one memory storing instructions that, when executed by the at least one processor, cause the second PCF device in a second home public land mobile network (HPLMN) at least to:
    receive a request for at least one identity, each of the at least one identity being for a target relay terminal device supporting a relay service code (RSC) , the request at least comprising the RSC;
    obtain the at least one identity based on the request; and
    transmit a response to the request, the response comprising the at least one identity.
  31. The second PCF device of claim 30, wherein the second PCF device is caused to receive the request for at least one identity from one of the following:
    a first network device in a first HPLMN different from the second HPLMN, or
    a second network device in the second HPLMN.
  32. An apparatus, comprising:
    means for receiving, at a first network device in a first home public land mobile network (HPLMN) from a terminal device served by the first network device, a first request for security information for relay discovery, the first request at least comprising a relay service code (RSC) ;
    means for obtaining at least one identity based on the first request, each of the at least one identity being for one of at least one group of target relay terminal devices supporting the RSC;
    means for obtaining at least one set of security information based on the at least one identity and the RSC, each of the at least one set of security information being associated  with one of the at least one group of target relay terminal devices; and
    means for transmitting the at least one set of security information to the terminal device.
  33. An apparatus, comprising:
    means for transmitting, from a terminal device to a network device in a home public land mobile network (HPLMN) , a request for security information for relay discovery, the request at least comprising a relay service code (RSC) ;
    means for receiving at least one set of security information from the network device, each of the at least one set of security information being associated with one of at least one group of target relay terminal devices supporting the RSC; and
    means for performing the relay discovery based on the at least one set of security information.
  34. An apparatus, comprising:
    means for receiving, at a first policy control function (PCF) device in a first home public land mobile network (HPLMN) from a first network device in the first HPLMN, a second request for at least one identity, each of the at least one identity being for one of at least one group of target relay terminal devices supporting a relay service code (RSC) , the second request at least comprising the RSC;
    means for obtaining the at least one identity based on the second request; and
    means for transmitting, to the first network device, a second response to the second request, the second response at least comprising the at least one identity.
  35. An apparatus, comprising:
    means for receiving, at a second network device in a second home public land mobile network (HPLMN) from a first network device in a first HPLM, a third request for at least one second set of security information for a relay service code (RSC) , the request at least comprising the RSC, the second HPLMN being different from the first HPLMN;
    means for obtaining the at least one second set of security information based on the third request; and
    means for transmitting a third response to the first network device, the third response at least comprising the at least one second set of security information.
  36. An apparatus, comprising:
    means for receiving, at a second PCF device in a second home public land mobile network (HPLMN) , a request for at least one identity, each of the at least one identity being for a target relay terminal device supporting a relay service code (RSC) , the request at least comprising the RSC;
    means for obtaining the at least one identity based on the request; and
    means for transmitting a response to the request, the response comprising the at least one identity.
  37. A method, comprising:
    receiving, at a first network device in a first home public land mobile network (HPLMN) from a terminal device served by the first network device, a first request for security information for relay discovery, the first request at least comprising a relay service code (RSC) ;
    obtaining at least one identity based on the first request, each of the at least one identity being for one of at least one group of target relay terminal devices supporting the RSC;
    obtaining at least one set of security information based on the at least one identity and the RSC, each of the at least one set of security information being associated with one of the at least one group of target relay terminal devices; and
    transmitting the at least one set of security information to the terminal device.
  38. A method, comprising:
    transmitting, from a terminal device to a network device in a home public land mobile network (HPLMN) , a request for security information for relay discovery, the request at least comprising a relay service code (RSC) ;
    receiving at least one set of security information from the network device, each of the at least one set of security information being associated with one of at least one group of target relay terminal devices supporting the RSC; and
    performing the relay discovery based on the at least one set of security information.
  39. A method, comprising:
    receiving, at a first policy control function (PCF) device in a first home public land mobile network (HPLMN) from a first network device in the first HPLMN, a second request  for at least one identity, each of the at least one identity being for one of at least one group of target relay terminal devices supporting a relay service code (RSC) , the second request at least comprising the RSC;
    obtaining the at least one identity based on the second request; and
    transmitting, to the first network device, a second response to the second request, the second response at least comprising the at least one identity.
  40. A method, comprising:
    receiving, at a second network device in a second home public land mobile network (HPLMN) from a first network device in a first HPLM, a third request for at least one second set of security information for a relay service code (RSC) , the request at least comprising the RSC, the second HPLMN being different from the first HPLMN;
    obtaining the at least one second set of security information based on the third request; and
    transmitting a third response to the first network device, the third response at least comprising the at least one second set of security information.
  41. A method, comprising:
    receiving, at a second PCF device in a second home public land mobile network (HPLMN) , a request for at least one identity, each of the at least one identity being for a target relay terminal device supporting a relay service code (RSC) , the request at least comprising the RSC;
    obtaining the at least one identity based on the request; and
    transmitting a response to the request, the response comprising the at least one identity.
  42. A computer readable medium comprising program instructions for causing an apparatus to perform at least the method of any of claims 37 to 41.
PCT/CN2022/131580 2022-11-13 2022-11-13 Obtaining of security information for relay discovery WO2024098437A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/CN2022/131580 WO2024098437A1 (en) 2022-11-13 2022-11-13 Obtaining of security information for relay discovery

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2022/131580 WO2024098437A1 (en) 2022-11-13 2022-11-13 Obtaining of security information for relay discovery

Publications (1)

Publication Number Publication Date
WO2024098437A1 true WO2024098437A1 (en) 2024-05-16

Family

ID=91031758

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2022/131580 WO2024098437A1 (en) 2022-11-13 2022-11-13 Obtaining of security information for relay discovery

Country Status (1)

Country Link
WO (1) WO2024098437A1 (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2021139906A1 (en) * 2020-01-07 2021-07-15 Telefonaktiebolaget Lm Ericsson (Publ) Path selection for sidelink communications in nr network
CN113518319A (en) * 2020-04-09 2021-10-19 华为技术有限公司 Service processing method, device and system for proximity service
CN114916018A (en) * 2021-02-10 2022-08-16 华为技术有限公司 Communication method and communication device
CN115152254A (en) * 2022-04-02 2022-10-04 北京小米移动软件有限公司 Relay communication method, device, communication device and storage medium
CN115190478A (en) * 2022-08-29 2022-10-14 中国电信股份有限公司 Key processing method, system and storage medium

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2021139906A1 (en) * 2020-01-07 2021-07-15 Telefonaktiebolaget Lm Ericsson (Publ) Path selection for sidelink communications in nr network
CN113518319A (en) * 2020-04-09 2021-10-19 华为技术有限公司 Service processing method, device and system for proximity service
CN114916018A (en) * 2021-02-10 2022-08-16 华为技术有限公司 Communication method and communication device
CN115152254A (en) * 2022-04-02 2022-10-04 北京小米移动软件有限公司 Relay communication method, device, communication device and storage medium
CN115190478A (en) * 2022-08-29 2022-10-14 中国电信股份有限公司 Key processing method, system and storage medium

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
ALCATEL-LUCENT, ALCATEL-LUCENT SHANGHAI BELL: "eMBMS Broadcast relay support in ProSe UE-to-Network relays.", 3GPP DRAFT; S2-144547- WAS S2-144111_EMBMS RELAY, 3RD GENERATION PARTNERSHIP PROJECT (3GPP), MOBILE COMPETENCE CENTRE ; 650, ROUTE DES LUCIOLES ; F-06921 SOPHIA-ANTIPOLIS CEDEX ; FRANCE, vol. SA WG2, no. San Francisco, USA; 20141117 - 20141121, 19 November 2014 (2014-11-19), Mobile Competence Centre ; 650, route des Lucioles ; F-06921 Sophia-Antipolis Cedex ; France , XP050903631 *

Similar Documents

Publication Publication Date Title
US20220167256A1 (en) MLD Privacy and Operation Enhancements
US11877147B2 (en) Methods, device and computer-readable medium for protecting MAC addresses
US20180359633A1 (en) Neighbor Awareness Networking Device Pairing
US12200653B2 (en) Communication method, communication apparatus, and communication system
US12075320B2 (en) Method and apparatus for parameter configuration
CN113841366B (en) Communication method and device
US20230362199A1 (en) Mechanism for dynamic authorization
WO2019003106A1 (en) Refreshing a security context for a mobile device
US20240224338A1 (en) Method and apparatus for transreceiving signal, and communication system
JP2016532401A (en) System and method for fast initial link setup security optimization for PSK and SAE security modes
US20220353682A1 (en) NAN Trusted Device Cluster
US10904763B2 (en) Network access method and device
WO2024098437A1 (en) Obtaining of security information for relay discovery
US20220279432A1 (en) Communication Method, Communications Apparatus, and Communications System
US12081984B2 (en) Increasing efficiency of communication between a mobile device and a satellite associated with a wireless telecommunication network
KR102644416B1 (en) Multi-USIM interruption and optimized resume
WO2024239213A1 (en) Protect relay discovery for serving network driven scenario
US20240314551A1 (en) Security communication in prose u2n relay
WO2024168792A1 (en) Sidelink positioning security
WO2024145842A1 (en) User plane traffic handling for emergency case
US20240284353A1 (en) Timing related status update
US20240340772A1 (en) Steering of roaming enhancement during registration reject
WO2023151083A1 (en) Ssid association with address information
US20240389125A1 (en) Sidelink communication method, device, storage medium, and computer program product
WO2024207932A1 (en) Paging method and apparatus

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22964904

Country of ref document: EP

Kind code of ref document: A1