Providing an operator-encrypted partial user equipment route selection policy to user equipment

12273,705

17/874549

July 27, 2022

Presented herein are techniques to provide an operator-encrypted application specific user equipment (UE) route selection policy (URSP) to a UE via different network elements and/or distribution techniques. In one example, a method may include obtaining, by a network element, a policy object from a policy function of a mobile network operated by a mobile network operator, wherein the policy object comprises an application specific user equipment route selection policy (URSP) for an application in which the application specific URSP is encrypted by the policy function; and providing, by the network element, the policy object to a user equipment that has at least one session established with the mobile network, wherein the user equipment is to decrypt the application specific URSP to facilitate network communications for the application via the user equipment.

Cisco Technology, Inc. (San Jose, CA, US)

CISCO TECHNOLOGY, INC. (San Jose, CA, US)

1. A method comprising: obtaining, by a network element, a policy object from a policy function of a mobile network operated by a mobile network operator, wherein the policy object comprises an application specific user equipment route selection policy (URSP) for an application in which the application specific URSP is encrypted by the policy function; and providing, by the network element, the policy object to a user equipment that has at least one session established with the mobile network, wherein the user equipment is to decrypt the application specific URSP to facilitate network communications for the application via the user equipment, and wherein the network element is an application function operated by an application service provider or is an application function or a Domain Name System (DNS) server operated by the mobile network operator.

2. The method of claim 1 , wherein the application specific URSP is encrypted by the policy function using a private key of the mobile network operator.

3. The method of claim 1 , wherein the policy object further comprises a public key identifier value and a Public Land Mobile Network (PLMN) identifier for the mobile network.

4. The method of claim 3 , wherein the user equipment is to determine a public key based on the public key identifier value and the PLMN identifier in order to decrypt the application specific URSP using the public key.

5. The method of claim 1 , wherein the user equipment is provided a non-application specific URSP from the mobile network in which the non-application specific URSP is unencrypted.

6. The method of claim 1 , wherein the application specific URSP comprises: a traffic descriptor portion comprising identifying information for the application; and a route selection portion comprising a slice identifier for a network slice that is to be utilized for the application, a data network name that is to be utilized for the application, and a radio access type that is to be utilized for the application.

7. The method of claim 1 , wherein when the network element is the application function operated by the application service provider, the providing includes the policy object and the application being downloaded by the user equipment via an internet portal operated by the application service provider.

8. The method of claim 1 , wherein when the network element is the application function operated by the mobile network operator, the providing includes the policy object being downloaded by the user equipment via the application function.

9. The method of claim 1 , wherein when the network element is the DNS server operated by the mobile network operator, the providing includes an encrypted traffic descriptor portion and an encrypted route selection portion of the application specific URSP being sent to the user equipment via one or more DNS text records following a DNS query from the user equipment that is associated with the application.

10. One or more non-transitory computer readable storage media encoded with instructions that, when executed by a processor, cause the processor to perform operations, comprising: obtaining, by a network element, a policy object from a policy function of a mobile network operated by a mobile network operator, wherein the policy object comprises an application specific user equipment route selection policy (URSP) for an application in which the application specific URSP is encrypted by the policy function; and providing, by the network element, the policy object to a user equipment that has at least one session established with the mobile network, wherein the user equipment is to decrypt the application specific URSP to facilitate network communications for the application via the user equipment, and wherein the network element is an application function operated by an application service provider or is an application function or a Domain Name System (DNS) server operated by the mobile network operator.

11. The media of claim 10 , wherein the application specific URSP is encrypted by the policy function using a private key of the mobile network operator.

12. The media of claim 10 , wherein the policy object further comprises a public key identifier value and a Public Land Mobile Network (PLMN) identifier for the mobile network.

13. The media of claim 12 , wherein the user equipment is to determine a public key based on the public key identifier value and the PLMN identifier in order to decrypt the application specific URSP using the public key.

14. The media of claim 10 , wherein when the network element is the application function operated by the application service provider, the providing includes the policy object and the application being downloaded by the user equipment via an internet portal operated by the application service provider.

15. The media of claim 10 , wherein when the network element is the application function operated by the mobile network operator, the providing includes the policy object being downloaded by the user equipment via the application function.

16. The media of claim 10 , wherein when the network element is the DNS server operated by the mobile network operator, the providing includes an encrypted traffic descriptor portion and an encrypted route selection portion of the application specific URSP being sent to the user equipment via one or more DNS text records following a DNS query from the user equipment that is associated with the application.

17. A network element comprising: at least one memory element for storing data; and at least one processor for executing instructions associated with the data, wherein executing the instructions causes the network element to perform operations, comprising: obtaining a policy object from a policy function of a mobile network operated by a mobile network operator, wherein the policy object comprises an application specific user equipment route selection policy (URSP) for an application in which the application specific URSP is encrypted by the policy function; and providing the policy object to a user equipment that has at least one session established with the mobile network, wherein the user equipment is to decrypt the application specific URSP to facilitate network communications for the application via the user equipment, and wherein the network element is an application function operated by an application service provider or is an application function or a Domain Name System (DNS) server operated by the mobile network operator.

18. The network element of claim 17 , wherein when the network element is the application function operated by the application service provider, the providing includes the policy object and the application being downloaded by the user equipment via an internet portal operated by the application service provider.

19. The network element of claim 17 , wherein when the network element is the application function operated by the mobile network operator, the providing includes the policy object being downloaded by the user equipment via the application function.

20. The network element of claim 17 , wherein when the network element is the DNS server operated by the mobile network operator, the providing includes an encrypted traffic descriptor portion and an encrypted route selection portion of the application specific URSP being sent to the user equipment via one or more DNS text records following a DNS query from the user equipment that is associated with the application.

2021/0385724 December 2021 Wang
2022/0182358 June 2022 Xiong
2023/0136984 May 2023 Lee
2023/0189115 June 2023 Shekhar
2023/0362623 November 2023 Lee
2023/0370944 November 2023 Li
2023/0388909 November 2023 Hedman
2024/0015630 January 2024 Talebi Fard
2020252281 December 2020
WO202025228 December 2020
WO2021057794 April 2021
WO2022026482 February 2022
WO2022048261 March 2022

Cisco, “Cisco Prime Network Registrar—DNS in Mobile Networks,” https://www.cisco.com/c/en/us/products/collateral/cloud-systems-management/prime-network-registrar/white-paper-c11-731488.html, 2014, 14 pages. cited by applicant
Cisco, “DNS-AS, DNS as Authoritative Source,” https://content.cisco.com/chapter.sjs?uri=/searchable/chapter/content/en/us/td/docs/ios-xml/ios/qos_nbar/configuration/xe-16-6/qos-nbar-xe-16-6-book/nbar-dns-as.html.xml, published Aug. 6, 2019, 22 pages. cited by applicant
JT IoT, “eUICC vs eSIM: What is the difference between eSIM and eUICC?,” https://blog.jtiot.com/euicc-and-esim-are-they-the same-thing, published Mar. 5, 2019, 5 pages. cited by applicant
Nick Vs Networking, Telco Network Engineering, “5G Subscriber Identifiers—SUCI & SUPI,” Acronyms and cryptography—a look at Subscriber Identifiers in 5G, https://nickvsnetworking.com/5g-subscriber-identifiers-suci-supi/, published Nov. 28, 2020, 10 pages. cited by applicant
3GPP, “3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; Security architecture and procedures for 5G system,” (Release 17) 3GPP TS 33.501 V17.6.0, published Jun. 2022, 292 pages. cited by applicant
3GPP, “Generation Partnership Project; Technical Specification Group Services and System Aspects; Telecommunication management; Charging management; Charging Data Record (CDR) parameter description,” (Release 17) 3GPP TS 32.298 V17.3.0, published Jun. 2022, 254 pages. cited by applicant
3GPP, “3rd Generation Partnership Project; Technical Specification Group Core Network and Terminals; 5G System; UE Policy Control Service; Stage 3,” (Release 17) 3GPP TS 29.525 V17.7.0, published Jun. 2022, 70 pages. cited by applicant
3GPP, “3rd Generation Partnership Project; Technical Specification Group Core Network and Terminals; 5G System; Network Exposure Function Northbound APIs; Stage 3,” (Release 17) 3GPP TS 29.522 V17.6.0, published Jun. 2022, 447 pages. cited by applicant
3GPP, “3rd Generation Partnership Project; Technical Specification Group Core Network and Terminals; 5G System; Session Management Policy Control Service; Stage 3,” (Release 17) 3GPP TS 29.512 V17.7.0, published Jun. 2022, 255 pages. cited by applicant
3GPP, “3rd Generation Partnership Project; Technical Specification Group Core Network and Terminals; 5G System; Access and Mobility Policy Control Service; Stage 3,” (Release 17) 3GPP TS 29.507 V17.7.0, published Jun. 2022, 71 pages. cited by applicant
3GPP, “3rd Generation Partnership Project; Technical Specification Group Core Network and Terminals; Non-Access-Stratum (NAS) protocol for 5G System (5GS); Stage 3;” (Release 17) 3GPP TS 24.501 V17.7.1, published Jun. 2022, 991 pages. cited by applicant
3GPP, “3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; Policy and charging control framework for the 5G System (5GS); Stage 2,” (Release 17) 3GPP TS 23.503 V17.5.0, published Jun. 2022, 148 pages. cited by applicant
3GPP, “3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; System architecture for the 5G System (5GS); Stage 2,” 3GPP TS 23.501 V17.5.0, published Jun. 2022, 568 pages. cited by applicant

edspgr.12273705