6 V2X communication

24.5873GPPProtocol aspectsRelease 16Stage 3TSVehicle-to-Everything (V2X) services in 5G System (5GS)

6.1 V2X communication over PC5

6.1.1 General

This clause describes the procedures at the UE, and between UEs, for V2X communication over PC5.

The UE shall support requirements for securing V2X communication over PC5.

Both IP based and non-IP based V2X communication over PC5 are supported. For IP based V2X communication, only IPv6 is used. IPv4 is not supported in this release of the present document.

V2X communication over NR-PC5 supports broadcast mode, groupcast mode, and unicast mode. If upper layer of the UE indicates the mode of communication, the UE shall set the mode of communication based on the request of the upper layer. Otherwise, the UE shall set the mode of communication based on the mapping rules between the V2X service identifier and the default mode of communication defined in clause 5.2.3.

NOTE: Further details about whether broadcast, unicast or groupcast can be used over PC5 are described in 3GPP TS 23.287 [3] clause 5.2.1.

6.1.2 Unicast mode communication over NR based PC5

6.1.2.1 Overview

This clause describes the PC5 signalling protocol procedures between two UEs for unicast mode of V2X communication. The following PC5 signalling protocol procedures are defined:

a) PC5 unicast link establishment;

b) PC5 unicast link modification;

c) PC5 unicast link release;

d) PC5 unicast link identifier update;

e) PC5 unicast link authentication;

f) PC5 unicast link security mode control;

g) PC5 unicast link keep-alive; and

h) PC5 unicast link re-keying procedure.

6.1.2.2 PC5 unicast link establishment procedure

6.1.2.2.1 General

Depending on the type of the PC5 unicast link establishment procedure (i.e. UE oriented Layer-2 link establishment or V2X Service oriented Layer-2 link establishment in 3GPP TS 23.287[3]), the PC5 unicast link establishment procedure is used to establish a PC5 unicast link between two UEs or to establish multiple PC5 unicast links. The UE sending the request message is called the "initiating UE" and the other UE is called the "target UE". If the request message does not indicate the specific target UE (i.e. target user info is not included in the request message), and multiple target UEs are interested in the V2X service(s) indicated in the request message, then the initiating UE shall handle corresponding response messages received from those target UEs. The maximum number of NR PC5 unicast links established in a UE at a time shall not exceed an implementation-specific maximum number of established NR PC5 unicast links.

NOTE: The recommended maximum number of established NR PC5 unicasts link is 8.

6.1.2.2.2 PC5 unicast link establishment procedure initiation by initiating UE

The initiating UE shall meet the following pre-conditions before initiating this procedure:

a) a request from upper layers to transmit the packet for V2X service over PC5;

b) the communication mode is unicast mode (e.g. pre-configured as specified in clause 5.2.3 or indicated by upper layers);

c) the link layer identifier for the initiating UE (i.e. layer-2 ID used for unicast communication) is available (e.g. pre-configured or self-assigned) and is not being used by other existing PC5 unicast links within the initiating UE;

d) the link layer identifier for the destination UE (i.e. the unicast layer-2 ID of the target UE or the broadcast layer-2 ID) is available to the initiating UE (e.g. pre-configured, obtained as specified in clause 5.2.3 or known via prior V2X communication);

NOTE 1: In the case where different V2X services are mapped to distinct default destination layer-2 IDs, when the initiating UE intends to establish a single unicast link that can be used for more than one V2X service identifiers, the UE can select any of the default destination layer-2 ID for unicast initial signalling.

e) the initiating UE is either authorised for V2X communication over PC5 in NR-PC5 in the serving PLMN, or has a valid authorization for V2X communication over PC5 in NR-PC5 when not served by E-UTRA and not served by NR. The UE considers that it is not served by E-UTRA and not served by NR if the following conditions are met:

1) not served by NR and not served by E-UTRA for V2X communication over PC5;

2) in limited service state as specified in 3GPP TS 23.122 [2], if the reason for the UE being in limited service state is one of the following;

i) the UE is unable to find a suitable cell in the selected PLMN as specified in 3GPP TS 38.304 [9];

ii) the UE received a REGISTRATION REJECT message or a SERVICE REJECT message with the 5GMM cause #11 "PLMN not allowed" as specified in 3GPP TS 24.501 [6]; or

iii) the UE received a REGISTRATION REJECT message or a SERVICE REJECT message with the 5GMM cause #7 "5GS services not allowed" as specified in 3GPP TS 24.501 [6]; or

3) in limited service state as specified in 3GPP TS 23.122 [2] for reasons other than i), ii) or iii) above, and located in a geographical area for which the UE is provisioned with "non-operator managed" radio parameters as specified in clause 5.2.3;

f) there is no existing PC5 unicast link for the pair of peer application layer IDs, or there is an existing PC5 unicast link for the pair of peer application layer IDs and:

1) the network layer protocol of the existing PC5 unicast link is not identical to the network layer protocol required by the upper layer in the initiating UE for this V2X service; or

2) the security policy (either signalling security policy or user plane security policy) corresponding to the V2X service identifier is not compatible with the security policy of the existing PC5 unicast link; and

g) the number of established PC5 unicast links is less than the implementation-specific maximum number of established NR PC5 unicast links allowed in the UE at a time.

After receiving the service data or request from the upper layers, the initiating UE shall derive the PC5 QoS parameters and assign the PQFI(s) for the PC5 QoS flows(s) to be established as specified in clause 6.1.2.12.

In order to initiate the PC5 unicast link establishment procedure, the initiating UE shall create a DIRECT LINK ESTABLISHMENT REQUEST message. The initiating UE:

a) shall include the source user info set to the initiating UE’s application layer ID received from upper layers;

b) shall include the V2X service identifier(s) received from upper layer;

c) shall include the target user info set to the target UE’s application layer ID if received from upper layers or if the destination layer-2 ID is the unicast layer-2 ID of target UE;

d) shall include the Key establishment information container if the UE PC5 unicast signalling integrity protection policy is set to "signalling integrity protection required" or "signalling integrity protection preferred", and may include the Key establishment information container if the UE PC5 unicast signalling integrity protection policy is set to "signalling integrity protection not needed";

NOTE 2: The Key establishment information container is provided by upper layers.

e) shall include a Nonce_1 set to the 128-bit nonce value generated by the initiating UE for the purpose of session key establishment over this PC5 unicast link if the UE PC5 unicast signalling integrity protection policy is set to "signalling integrity protection required" or "signalling integrity protection preferred";

f) shall include its UE security capabilities indicating the list of algorithms that the initiating UE supports for the security establishment of this PC5 unicast link;

g) shall include the 8 MSBs of KNRP-sess ID chosen by the initiating UE as specified in 3GPP TS 33.536 [20] if the UE PC5 unicast signalling integrity protection policy is set to "signalling integrity protection required" or "signalling integrity protection preferred";

h) may include a KNRP ID if the initiating UE has an existing KNRP for the target UE; and

i) shall include its UE PC5 unicast signalling security policy. In the case where the different V2X services are mapped to the different PC5 unicast signalling security policies, when the initiating UE intends to establish a single unicast link that can be used for more than one V2X service, each of the signalling security polices of those V2X services shall be compatible, e.g. "signalling integrity protection not needed" and "signalling integrity protection required" are not compatible.

After the DIRECT LINK ESTABLISHMENT REQUEST message is generated, the initiating UE shall pass this message to the lower layers for transmission along with the initiating UE’s layer-2 ID for unicast communication and the destination layer-2 ID, and start timer T5000. The UE shall not send a new DIRECT LINK ESTABLISHMENT REQUEST message to the same target UE identified by the same application layer ID while timer T5000 is running. If the target user info IE is not included in the DIRECT LINK ESTABLISHMENT REQUEST message (i.e. V2X service oriented PC5 unicast link establishment procedure), the initiating UE shall handle multiple DIRECT LINK ESTABLISHMENT ACCEPT messages, if any, received from different target UEs for the establishment of multiple PC5 unicast links before the expiry of timer T5000.

NOTE 3: In order to ensure successful PC5 unicast link establishment, T5000 should be set to a value larger than the sum of T5006 and T5007.

Figure 6.1.2.2.2: UE oriented PC5 unicast link establishment procedure

Initiating UE

Target UEs

Start T5000

DIRECT LINK ESTABLISHMENT REQUEST

DIRECT LINK ESTABLISHMENT ACCEPT

T5000 expires

DIRECT LINK ESTABLISHMENT ACCEPT

Figure 6.1.2.2.3: V2X service oriented PC5 unicast link establishment procedure

6.1.2.2.3 PC5 unicast link establishment procedure accepted by the target UE

Upon receipt of a DIRECT LINK ESTABLISHMENT REQUEST message, if the target UE accepts this request, the target UE shall uniquely assign a PC5 link identifier, create a PC5 unicast link context and assign a layer-2 ID for this PC5 unicast link. The newly assigned layer-2 ID replaces the target layer-2 ID as received on the DIRECT LINK ESTABLISHMENT REQUEST message. Then the target UE shall store this assigned layer-2 ID and the source layer-2 ID used in the transport of this message provided by the lower layers in the PC5 unicast link context. The target UE may initiate PC5 unicast link authentication procedure as specified in clause 6.1.2.6 and shall initiate PC5 unicast link security mode control procedure as specified in clause 6.1.2.7.

NOTE: The target UE may reuse the target UE’s layer-2 ID used in the transport of the DIRECT LINK ESTABLISHMENT REQUEST message provided by the lower layers in case that the target UE’s layer-2 ID has been used in previous PC5 unicast link with the same peer.

If:

a) the target user info IE is included in the DIRECT LINK ESTABLISHMENT REQUEST message and this IE includes the target UE’s application layer ID; or

b) the target user info IE is not included in the DIRECT LINK ESTABLISHMENT REQUEST message and the target UE is interested in the V2X service(s) identified by the V2X service identifier IE in the DIRECT LINK ESTABLISHMENT REQUEST message;

then the target UE shall either:

a) identify an existing KNRP based on the KNRP ID included in the DIRECT LINK ESTABLISHMENT REQUEST message; or

b) if KNRP ID is not included in the DIRECT LINK ESTABLISHMENT REQUEST message, the target UE does not have an existing KNRP for the KNRP ID included in DIRECT LINK ESTABLISHMENT REQUEST message or the target UE wishes to derive a new KNRP, derive a new KNRP. This may require performing one or more PC5 unicast link authentication procedures as specified in clause 6.1.2.6.

NOTE: How many times the PC5 unicast link authentication procedure needs to be performed to derive a new KNRP depends on the authentication method used.

After an existing KNRP was identified or a new KNRP was derived, the target UE shall initiate a PC5 unicast link security mode control procedure as specified in clause 6.1.2.7.

Upon successful completion of the PC5 unicast link security mode control procedure, in order to determine whether the DIRECT LINK ESTABLISHMENT REQUEST message can be accepted or not, in case of IP communication, the target UE checks whether there is at least one common IP address configuration option supported by both the initiating UE and the target UE.

If the target UE accepts the PC5 unicast link establishment procedure, the target UE shall create a DIRECT LINK ESTABLISHMENT ACCEPT message. The target UE:

a) shall include the source user info set to the target UE’s application layer ID received from upper layers;

b) shall include PQFI(s), the corresponding PC5 QoS parameters and the V2X service identifier(s) that the target UE accepts;

c) shall include an IP address configuration IE set to one of the following values if IP communication is used:

1) "IPv6 router" if IPv6 address allocation mechanism is supported by the target UE, i.e. acting as an IPv6 router; or

2) "IPv6 address allocation not supported" if IPv6 address allocation mechanism is not supported by the target UE;

d) shall include a link local IPv6 address IE formed locally based on IETF RFC 4862 [16] if IP address configuration IE is set to "IPv6 address allocation not supported" and the received DIRECT LINK ESTABLISHMENT REQUEST message included a link local IPv6 address IE; and

e) shall include the configuration of UE PC5 unicast user plane security protection based on the agreed user plane security policy, as specified in 3GPP TS 33.536 [20].

After the DIRECT LINK ESTABLISHMENT ACCEPT message is generated, the target UE shall pass this message to the lower layers for transmission along with the initiating UE’s layer-2 ID for unicast communication and the target UE’s layer-2 ID for unicast communication, and shall start timer T5011 if at least one of V2X service identifiers for the PC5 unicast links satisfies the privacy requirements as specified in clause 5.2.3.

After sending the DIRECT LINK ESTABLISHMENT ACCEPT message, the target UE shall provide the following information along with the layer-2 IDs to the lower layer, which enables the lower layer to handle the coming PC5 signalling or traffic data:

a) the PC5 link identifier self-assigned for this PC5 unicast link;

b) PQFI(s) and its corresponding PC5 QoS parameters; and

c) an indication of activation of the PC5 unicast user plane security protection for the PC5 unicast link, if applicable.

If the target UE accepts the PC5 unicast link establishment request, then the target UE may perform the PC5 QoS flow establishment over PC5 unicast link as specified in clause 6.1.2.12.

6.1.2.2.4 PC5 unicast link establishment procedure completion by the initiating UE

If the Target user info IE is included in the DIRECT LINK ESTABLISHMENT REQUEST message, upon receipt of the DIRECT LINK ESTABLISHMENT ACCEPT message, the initiating UE shall stop timer T5000. If the Target user info IE is not included in the DIRECT LINK ESTABLISHMENT REQUEST message the initiating UE may keep the timer T5000 running and continue to handle multiple response messages (i.e. the DIRECT LINK ESTABLISHMENT ACCEPT message) from multiple target UEs.

For each of the DIRECT LINK ESTABLISHMENT ACCEPT message received, the initiating UE shall uniquely assign a PC5 link identifier and create a PC5 unicast link context for each of the PC5 unicast link(s). Then the initiating UE shall store the source layer-2 ID and the destination layer-2 ID used in the transport of this message provided by the lower layers in the PC5 unicast link context(s) to complete the establishment of the PC5 unicast link with the target UE(s). From this time onward the initiating UE shall use the established link(s) for V2X communication over PC5 and additional PC5 signalling messages to the target UE(s).

After receiving the DIRECT LINK ESTABLISHMENT ACCEPT message, the initiating UE shall delete the old security context it has for the target UE and shall provide the following information along with the layer-2 IDs to the lower layer, which enables the lower layer to handle the coming PC5 signalling or traffic data:

a) the PC5 link identifier self-assigned for this PC5 unicast link;

b) PQFI(s) and its corresponding PC5 QoS parameters; and

c) an indication of activation of the PC5 unicast user plane security protection for the PC5 unicast link, if applicable.

The initiating UE shall start timer T5011 if at least one of V2X service identifiers for the PC5 unicast links satisfies the privacy requirements as specified in clause 5.2.3.

In addition, the initiating UE may perform the PC5 QoS flow establishment over PC5 unicast link as specified in clause 6.1.2.12.

Upon expiry of the timer T5000, if the DIRECT_LINK_ESTABLISHMENT REQUEST message did not include the Target User Info IE, and the initiating UE received at least one DIRECT LINK ESTABLISHMENT ACCEPT message, it is up to the UE implementation to consider the PC5 unicast link establishment procedure as complete or to restart the timer T5000.

6.1.2.2.5 PC5 unicast link establishment procedure not accepted by the target UE

If the DIRECT LINK ESTABLISHMENT REQUEST message cannot be accepted, the target UE shall send a DIRECT LINK ESTABLISHMENT REJECT message. The DIRECT LINK ESTABLISHMENT REJECT message contains a PC5 signalling protocol cause IE set to one of the following cause values:

#1 direct communication to the target UE not allowed;

#3 conflict of layer-2 ID for unicast communication is detected;

#5 lack of resources for PC5 unicast link; or

#111 protocol error, unspecified.

If the target UE is not allowed to accept the DIRECT LINK ESTABLISHMENT REQUEST message .e.g. based on operator policy or configuration parameters for V2X communication over PC5 as specified in clause 5.2.3, the target UE shall send a DIRECT LINK ESTABLISHMENT REJECT message containing PC5 signalling protocol cause value #1 "direct communication to the target UE not allowed".

For a received DIRECT LINK ESTABLISHMENT REQUEST message from a layer-2 ID (for unicast communication), if the target UE already has an existing link established to a UE using this layer-2 ID or is currently processing a DIRECT LINK ESTABLISHMENT REQUEST message from the same layer-2 ID, and with one of following parameters different from the existing link or the link for which the link establishment is in progress:

a) the source user info;

b) type of data (e.g. IP or non-IP); or

c) security policy,

the target UE shall send a DIRECT LINK ESTABLISHMENT REJECT message containing PC5 signalling protocol cause value #3 "conflict of layer-2 ID for unicast communication is detected".

NOTE: The type of data (e.g. IP or non-IP) is indicated by the optional IP address configuration IE included in the corresponding DIRECT LINK SECURITY MODE COMPLETE message, i.e the type of data for the requested link is IP type if this IE is included, and the type of data for the requested link is non-IP if this IE is not included.

If the PC5 unicast link establishment fails due to the congestion problems, the implementation-specific maximum number of established NR PC5 unicast links has been reached, or other temporary lower layer problems causing resource constraints, the target UE shall send a DIRECT LINK ESTABLISHMENT REJECT message containing PC5 signalling protocol cause value #5 "lack of resources for PC5 unicast link". If the PC5 unicast link establishment fails due to other reasons, the target UE shall send a DIRECT LINK ESTABLISHMENT REJECT message containing PC5 signalling protocol cause value #111 "protocol error, unspecified".

After sending the DIRECT LINK ESTABLISHMENT REJECT message, the target UE shall provide the following information along with the initiating UE’s layer-2 ID for unicast communication and the target UE’s layer-2 ID for unicast communication to the lower layer:

a) an indication of deactivation of the PC5 unicast security protection and deletion of security context for the PC5 unicast link, if applicable.

Upon receipt of the DIRECT LINK ESTABLISHMENT REJECT message, the initiating UE shall stop timer T5000 and abort the PC5 unicast link establishment procedure, if the Target user info is included in the DIRECT LINK ESTABLISHMENT REQUEST message. If the PC5 signalling protocol cause value in the DIRECT LINK ESTABLISHMENT REJECT message is #1 "direct communication to the target UE not allowed" or #5 "lack of resources for PC5 unicast link", then the UE shall not attempt to start the PC5 unicast link establishment procedure with the same target UE at least for a time period T.

NOTE: The length of time period T is UE implementation specific and can be different for the case when the UE receives PC5 signalling protocol cause value #1 "direct communication to the target UE not allowed" or when the UE receives PC5 signalling protocol cause value #5 "lack of resources for PC5 unicast link".

After receiving the DIRECT LINK ESTABLISHMENT REJECT message, the initiating UE shall provide the following information along with the initiating UE’s layer-2 ID for unicast communication and the target UE’s layer-2 ID for unicast communication to the lower layer:

a) an indication of deactivation of the PC5 unicast security protection and deletion of security context for the PC5 unicast link, if applicable.

6.1.2.2.6 Abnormal cases

6.1.2.2.6.1 Abnormal cases at the initiating UE

If timer T5000 expires and the Target user info IE is included in the DIRECT LINK ESTABLISHMENT REQUEST message, the initiating UE shall retransmit the DIRECT LINK ESTABLISHMENT REQUEST message and restart timer T5000. After reaching the maximum number of allowed retransmissions, the initiating UE shall abort the PC5 unicast link establishment procedure and may notify the upper layer that the target UE is unreachable.

Upon expiry of the timer T5000, if the DIRECT_LINK_ESTABLISHMENT REQUEST message did not include the Target User Info IE and the initiating UE did not receive any DIRECT LINK ESTABLISHMENT ACCEPT message, the initiating UE may retransmit the DIRECT LINK ESTABLISHMENT REQUEST message and restart timer T5000. If the DIRECT_LINK_ESTABLISHMENT REQUEST message did not include the Target User Info IE and the initiating UE did not receive any DIRECT LINK ESTABLISHMENT ACCEPT message, then after reaching the maximum number of allowed retransmissions, the initiating UE shall abort the PC5 unicast link establishment procedure and may notify the upper layer that no target UE is available.

NOTE: The maximum number of allowed retransmissions is UE implementation specific.

If the need to establish a link no longer exists before the procedure is completed, the initiating UE shall abort the procedure.

When the initiating UE aborts the PC5 unicast link establishment procedure, the initiating UE shall provide the following information along with the initiating UE’s layer-2 ID for unicast communication and the target UE’s layer-2 ID for unicast communication to the lower layer:

a) an indication of deactivation of the PC5 unicast signalling security protection for the PC5 unicast link, if applicable.

6.1.2.2.6.2 Abnormal cases at the target UE

For a received DIRECT LINK ESTABLISHMENT REQUEST message from a source layer-2 ID (for unicast communication), if the target UE already has an existing link established to the UE known to use the same source layer-2 ID, the same source user info, the same type of data (IP or non-IP) and the same security policy, the UE shall process the new request. However, the target UE shall only delete the existing link context after the new link establishment procedure succeeds.

NOTE: The type of data (e.g. IP or non-IP) is indicated by the optional IP address configuration IE included in the corresponding DIRECT LINK SECURITY MODE COMPLETE message, i.e the type of data for the requested link is IP type if this IE is included, and the type of data for the requested link is non-IP if this IE is not included.

6.1.2.3 PC5 unicast link modification procedure

6.1.2.3.1 General

The purpose of the PC5 unicast link modification procedure is to modify the existing PC5 unicast link to:

a) add new PC5 QoS flow(s) to the existing PC5 unicast link;

b) modify existing PC5 QoS flow(s) for updating PC5 QoS parameters of the existing PC5 QoS flow(s);

c) modify existing PC5 QoS flow(s) for associating new V2X service(s) with the existing PC5 QoS flow(s);

d) modify existing PC5 QoS flow(s) for removing the associated V2X service(s) from the existing PC5 QoS flow(s); or

e) remove existing PC5 QoS flow(s) from the existing PC5 unicast link.

In this procedure, the UE sending the DIRECT LINK MODIFICATION REQUEST message is called the "initiating UE" and the other UE is called the "target UE".

6.1.2.3.2 PC5 unicast link modification procedure initiated by initiating UE

The initiating UE shall meet the following pre-conditions before initiating this procedure for adding a new V2X service to the existing PC5 unicast link:

a) there is a PC5 unicast link between the initiating UE and the target UE; and

b) the pair of application layer IDs and the network layer protocol of this PC5 unicast link are identical to those required by the application layer in the initiating UE for this V2X service.

c) the security policy corresponding to the V2X service identifier (e.g. ITS-AID of the new V2X service) is aligned with the security policy of the existing PC5 unicast link.

After receiving the service data or request from the upper layers, the initiating UE shall perform the PC5 QoS flow match as apecified in clause 6.1.2.13. If there is no matched PC5 QoS flow, the initiating UE shall derive the PC5 QoS parameters and assign the PQFI(s) for the PC5 QoS flows(s) to be established as specified in clause 6.1.2.12.

If the PC5 unicast link modification procedure is to add new PC5 QoS flow(s) to the existing PC5 unicast link, the initiating UE shall create a DIRECT LINK MODIFICATION REQUEST message. In this message, initiating UE:

a) shall include the PQFI(s) and the corresponding PC5 QoS parameters, including the V2X service identifier(s); and

b) shall include the link modification operation code set to "add new PC5 QoS flow(s) to the existing PC5 unicast link ".

If the PC5 unicast link modification procedure is to modify the PC5 QoS parameters for existing PC5 QoS flow(s) in the existing PC5 unicast link, the initiating UE shall create a DIRECT LINK MODIFICATION REQUEST message. In this message, the initiating UE:

a) shall include the PQFI(s) and the corresponding PC5 QoS parameters, including the V2X service identifier(s); and

b) shall include the link modification operation code set to "modify PC5 QoS parameters of the existing PC5 QoS flow(s)".

If the PC5 unicast link modification procedure is to associate new V2X service(s) with existing PC5 QoS flow(s), the initiating UE shall create a DIRECT LINK MODIFICATION REQUEST message. In this message, the initiating UE:

a) shall include the PQFI(s) and the corresponding PC5 QoS parameters, including the V2X service identifier(s); and

b) shall include the link modification operation code set to "associate new V2X service(s) with existing PC5 QoS flow(s)".

If the PC5 unicast link modification procedure is to remove the associated V2X service(s) from existing PC5 QoS flow(s), the initiating UE shall create a DIRECT LINK MODIFICATION REQUEST message. In this message, the initiating UE:

a) shall include the PQFI(s) and the corresponding PC5 QoS parameters including the V2X service identifier(s); and

b) shall include the link modification operation code set to "remove V2X service(s) from existing PC5 QoS flow(s)".

If the PC5 unicast link modification procedure is to remove any PC5 QoS flow(s) from the existing PC5 unicast link, the initiating UE shall create a DIRECT LINK MODIFICATION REQUEST message. In this message, the initiating UE:

a) shall include the PQFI(s); and

b) shall include the link modification operation code set to "remove existing PC5 QoS flow(s) from the existing PC5 unicast link".

After the DIRECT LINK MODIFICATION REQUEST message is generated, the initiating UE shall pass this message to the lower layers for transmission along with the initiating UE’s layer-2 ID for unicast communication and the target UE’s layer-2 ID for unicast communication, and start timer T5001. The UE shall not send a new DIRECT LINK MODIFICATION REQUEST message to the same target UE while timer T5001 is running.

Figure 6.1.2.3.2: PC5 unicast link modification procedure

6.1.2.3.3 PC5 unicast link modification procedure accepted by the target UE

If the DIRECT LINK MODIFICATION REQUEST message is accepted, the target UE shall respond with the DIRECT LINK MODIFICATION ACCEPT message.

If the DIRECT LINK MODIFICATION REQUEST message is to add a new V2X service, add new PC5 QoS flow(s) or modify any existing PC5 QoS flow(s) in the PC5 unicast link, the target UE shall include in the DIRECT LINK MODIFICATION ACCEPT message:

a) the PQFI(s), the corresponding PC5 QoS parameters and the V2X service identifier(s) that the target UE accepts.

If the DIRECT LINK MODIFICATION REQUEST message is to remove an existing V2X service from the PC5 unicast link, the target UE shall delete the V2X service identifier received in the DIRECT LINK MODIFICATION REQUEST message and the corresponding PQFI(s) and PC5 QoS parameters from the profile associated with the PC5 unicast link.

If the DIRECT LINK MODIFICATION REQUEST message is to remove existing PC5 QoS flow(s) from the PC5 unicast link, the target UE shall delete the PQFI(s) and the corresponding PC5 QoS parameters from the profile associated with the PC5 unicast link.

If the DIRECT LINK MODIFICATION REQUEST message is to add a new V2X service, add new PC5 QoS flow(s) or modify any existing PC5 QoS flow(s) in the PC5 unicast link, after sending the DIRECT LINK MODIFICATION ACCEPT message, the target UE shall provide the added or modified PQFI(s) and corresponding PC5 QoS parameters along with PC5 link identifier to the lower layer.

If the DIRECT LINK MODIFICATION REQUEST message is to remove an existing V2X service or to remove the existing PC5 QoS flow(s) from the PC5 unicast link, after sending the DIRECT LINK MODIFICATION ACCEPT message, the target UE shall provide the removed PQFI(s) along with the PC5 link identifier to the lower layer.

If the target UE accepts the PC5 unicast link modification request, then the target UE may perform the PC5 QoS flow establishment over PC5 unicast link as specified in clause 6.1.2.12 and perform the PC5 QoS flow match over PC5 unicast link as specified in clause 6.1.2.13.

6.1.2.3.4 PC5 unicast link modification procedure completion by the initiating UE

Upon receipt of the DIRECT LINK MODIFICATION ACCEPT message, the initiating UE shall stop timer T5001.

Upon receipt of the DIRECT LINK MODIFICATION ACCEPT message, if the DIRECT LINK MODIFICATION REQUEST message is to add a new V2X service, add new PC5 QoS flow(s) or modify any existing PC5 QoS flow(s) in the PC5 unicast link, the initiating UE shall provide the added or modified PQFI(s) and corresponding PC5 QoS parameters along with PC5 link identifier to the lower layer.

Upon receipt of the DIRECT LINK MODIFICATION ACCEPT message, if the DIRECT LINK MODIFICATION REQUEST message is to remove an existing V2X service or to remove the existing PC5 QoS flow(s) from the PC5 unicast link, the initiating UE shall provide the removed PQFI(s) along with the PC5 link identifier to the lower layer.

In addition, the initiating UE may perform the PC5 QoS flow establishment over PC5 unicast link as specified in clause 6.1.2.12.

6.1.2.3.5 PC5 unicast link modification procedure not accepted by the target UE

If the PC5 unicast link modification request cannot be accepted, the target UE shall send a DIRECT LINK MODIFICATION REJECT message. The DIRECT LINK MODIFICATION REJECT message contains a PC5 signalling protocol cause IE set to one of the following cause values:

#5 lack of resources for PC5 unicast link;

#11 required service not allowed;

#12 security policy not aligned; or

#111 protocol error, unspecified.

If the target UE is not allowed to accept this request, .e.g. because the V2X service to be added is not allowed per the operator policy or configuration parameters for V2X communication over PC5 as specified in clause 5.2.3, the target UE shall send a DIRECT LINK MODIFICATION REJECT message with PC5 signalling protocol cause value #11 "required service not allowed".

If the PC5 unicast link modification fails due to the congestion problems or other temporary lower layer problems causing resource constraints, the target UE shall send a DIRECT LINK MODIFICATION REJECT message with PC5 signalling protocol cause value #5 "lack of resources for PC5 unicast link".

If the link modification operation code is set to "associate new V2X service(s) with existing PC5 QoS flow(s)", and the security policy corresponding to the V2X service identifier(s) (e.g. ITS-AID of the new V2X service) is not aligned with the security policy applied to the existing PC5 unicast link, then the target UE shall send a DIRECT LINK MODIFICATION REJECT message with PC5 signalling protocol cause value #12 "security policy not aligned".

For other reasons causing the failure of link modification, the target UE shall send a DIRECT LINK MODIFICATION REJECT message with PC5 signalling protocol cause value #111 "protocol error, unspecified".

Upon receipt of the DIRECT LINK MODIFICATION REJECT message, the initiating UE shall stop timer T5001 and abort the PC5 unicast link modification procedure. If the PC5 signalling protocol cause value in the DIRECT LINK MODIFICATION REJECT message is #11 "required service not allowed" or #5 "lack of resources for PC5 unicast link" or #12 "security policy not aligned", then the initiating UE shall not attempt to start PC5 unicast link modification with the same target UE to add the same V2X service, or to add or modify the same PC5 QoS flow(s) at least for a time period T.

NOTE: The length of time period T is UE implementation specific and can be different for the case when the UE receives PC5 signalling protocol cause value #11 "required service not allowed" or when the UE receives PC5 signalling protocol cause value #5 "lack of resources for PC5 unicast link" or when the UE receives PC5 signalling protocol cause value #12 "security policy not aligned",. The length of time period T is not less than 30 minutes.

6.1.2.3.6 Abnormal cases at the initiating UE

The following abnormal cases can be identified:

a) If timer T5001 expires, the initiating UE shall retransmit the DIRECT LINK MODIFICATION REQUEST message and restart timer T5001. After reaching the maximum number of allowed retransmissions, the initiating UE shall abort the PC5 unicast link modification procedure and may notify the upper layer that the target UE is unreachable.

NOTE 1: The maximum number of allowed retransmissions is UE implementation specific.

NOTE 2: After reaching the maximum number of allowed retransmissions, whether the initiating UE releases this PC5 unicast link depends on its implementation.

b) For the same PC5 unicast link, if the initiating UE receives a DIRECT LINK RELEASE message after the initiation of UE-requested PC5 unicast link modification procedure, the initiating UE shall stop the timer T5001 and abort the PC5 unicast link modification procedure and proceed with the PC5 unicast link release procedure.

c) For the same PC5 unicast link, if the initiating UE receives a DIRECT LINK MODIFICATION REQUEST message during the PC5 unicast link modification procedure, the initiating UE shall stop the timer T5001 and abort the PC5 unicast link modification procedure. Following handling is implementation dependent, e.g., the initiating UE waits for an implementation dependent time for initiating a new PC5 unicast link modification procedure, if still needed.

NOTE 3: The implementation dependent timer value needs to be set to avoid further collisions (e.g. random timer value).

6.1.2.4 PC5 unicast link release procedure

6.1.2.4.1 General

The PC5 unicast link release procedure is used to release a PC5 unicast link between two UEs. The link can be released from either end point. The UE sending the DIRECT LINK RELEASE REQUEST message is called the "initiating UE" and the other UE is called the "target UE".

If the UE receives an indication of radio link failure from the lower layer, the UE shall release the PC5 unicast link locally and may delete the KNRP ID associated with this link after an implementation specific time.

6.1.2.4.2 PC5 unicast link release procedure initiation by initiating UE

The initiating UE shall initiate the procedure if a request from upper layers to release a PC5 unicast link with the target UE which uses a known layer-2 ID (for unicast communication) is received and there is an existing PC5 unicast link between these two UEs.

The initiating UE may initiate the procedure if the target UE has been non-responsive, e.g. no response in the PC5 unicast link modification procedure, PC5 unicast link identifier update procedure, PC5 unicast link re-keying procedure or PC5 unicast link keep-alive procedure.

The initiating UE may initiate the procedure to release an established PC5 unicast link if the UE has reached the maximum number of established PC5 unicast links and there is a need to establish a new PC5 unicast link. In this case, which PC5 unicast link is to be released is up to UE implementation.

The initiating UE may initiate the procedure to release an established PC5 unicast link upon expiry of the timer T5005.

In order to initiate the PC5 unicast link release procedure, the initiating UE shall create a DIRECT LINK RELEASE REQUEST message with a PC5 signalling protocol cause IE indicating one of the following cause values:

#1 direct communication with the target UE not allowed;

#2 direct communication to the target UE no longer needed;

#4 direct connection is not available anymore;

#5 lack of resources for PC5 unicast link; or

#111 protocol error, unspecified.

The initiating UE shall include the new MSB of KNRP ID in the DIRECT LINK RELEASE REQUEST message.

After the DIRECT LINK RELEASE REQUEST message is generated, the initiating UE shall pass this message to the lower layers for transmission along with the initiating UE’s layer-2 ID for unicast communication and the target UE’s layer-2 ID for unicast communication, and shall stop T5011 if running. The initiating UE shall start timer T5002.

Figure 6.1.2.4.2.1: PC5 unicast link release procedure

6.1.2.4.3 PC5 unicast link release procedure accepted by the target UE

Upon receiving a DIRECT LINK RELEASE REQUEST message, the target UE shall stop all running timers for this PC5 unicast link and abort any other ongoing PC5 signalling protocol procedures on this PC5 unicast link. The target UE shall respond with a DIRECT LINK RELEASE ACCEPT message. The target UE shall include the new LSB of KNRP ID in the DIRECT LINK RELEASE ACCEPT message. After the message is sent, the target UE shall release the PC5 unicast link by performing the following behaviors:

a) inform the lower layer along with the PC5 link identifier that the PC5 unicast link has been released; and

b) delete the PC5 unicast link context of the PC5 unicast link after an implementation specific time.

The target UE shall form the new KNRP ID from the new MSB of KNRP ID received in the DIRECT LINK RELEASE REQUEST message and the new LSB of KNRP ID included in the DIRECT LINK RELEASE ACCEPT message. The target UE shall replace the existing KNRP ID with the new KNRP ID. The target UE may include the new KNRP ID in DIRECT LINK ESTABLISHMENT REQUEST message with the initiating UE as specified in clause 6.1.2.2.2.

6.1.2.4.4 PC5 unicast link release procedure completion by the initiating UE

Upon receipt of the DIRECT LINK RELEASE ACCEPT message, the initiating UE shall stop timer T5002 and shall release the PC5 unicast link by performing the following behaviors:

a) inform the lower layer along with the PC5 link identifier that the PC5 unicast link has been released; and

b) delete the PC5 unicast link context of the PC5 unicast link after an implementation specific time.

The initiating UE shall form the new KNRP ID from the MSB of KNRP ID included in the DIRECT LINK RELEASE REQUEST message and the LSB of KNRP ID received in the DIRECT LINK RELEASE ACCEPT message. The initiating UE shall replace the existing KNRP ID with the new KNRP ID. The initiating UE may include the new KNRP ID in DIRECT LINK ESTABLISHMENT REQUEST message with the target UE as specified in clause 6.1.2.2.2.

6.1.2.4.5 Abnormal cases

6.1.2.4.5.1 Abnormal cases at the initiating UE

If retransmission timer T5002 expires and the PC5 signalling protocol cause included in the PC5 signalling protocol cause IE in the DIRECT LINK RELEASE REQUEST message was #4 "direct connection is not available anymore", the initiating UE shall release the PC5 unicast link locally and delete the KNRP ID associated with this link. From this time onward the initiating UE shall no longer send or receive any messages via this link.

If retransmission timer T5002 expires and the PC5 signalling protocol cause included in the PC5 signalling protocol cause IE in the DIRECT LINK RELEASE REQUEST message was not #4 "direct connection is not available anymore", the initiating UE shall initiate the transmission of the DIRECT LINK RELEASE REQUEST message again and restart timer T5002.

If no response is received from the target UE after reaching the maximum number of allowed retransmissions, the initiating UE shall release the PC5 unicast link locally and delete the KNRP ID associated with this link. From this time onward the initiating UE shall no longer send or receive any messages via this link.

NOTE: The maximum number of allowed retransmissions is UE implementation specific.

6.1.2.5 PC5 unicast link identifier update procedure

6.1.2.5.1 General

The PC5 unicast link identifier update procedure is used to update and exchange the new identifiers (e.g. application layer ID, layer-2 ID, security information and IP address/prefix) between two UEs for a PC5 unicast link before using the new identifiers. The UE sending the DIRECT LINK IDENTIFIER UPDATE REQUEST message is called the "initiating UE" and the other UE is called the "target UE".

6.1.2.5.2 PC5 unicast link identifier update procedure initiation by initiating UE

The initiating UE shall initiate the procedure if:

a) the initiating UE receives a request from upper layers to change the application layer ID and there is an existing PC5 unicast link associated with this application layer ID; or

b) the privacy timer (see clause 5.2.3) of the initiating UE’s layer-2 ID expires for an existing PC5 unicast link.

If the PC5 unicast link identifier update procedure is triggered by a change of the initiating UE’s application layer ID, the initiating UE shall create a DIRECT LINK IDENTIFIER UPDATE REQUEST message. In this message, the initiating UE

a) shall include the initiating UE’s new application layer ID received from upper layer;

b) shall include the initiating UE’s new layer-2 ID assigned by itself;

c) shall include the new MSB of KNRP-sess ID, or set to all zeros if the selected integrity protection algorithm is the null integrity protection algorithm; and

d) shall include the new IP address/prefix if IP communication is used.

If the PC5 unicast link identifier update procedure is triggered by the expiry of the initiating UE’s privacy timer T5011 as specified in clause 5.2.3, the initiating UE shall create a DIRECT LINK IDENTIFIER UPDATE REQUEST message. In this message, the initiating UE

a) shall include the initiating UE’s new layer-2 ID assigned by itself;

b) shall include the new MSB of KNRP-sess ID;

c) may include the initiating UE’s new application layer ID if received from upper layer; and

d) shall include the new IP address/prefix if IP communication is used and changed.

After the DIRECT LINK IDENTIFIER UPDATE REQUEST message is generated, the initiating UE shall pass this message to the lower layers for transmission along with the initiating UE’s old layer-2 ID for unicast communication and the target UE’s layer-2 ID for unicast communication, and start timer T5009. The UE shall not send a new DIRECT LINK IDENTIFIER UPDATE REQUEST message to the same target UE while timer T5009 is running.

Figure 6.1.2.5.2.1: PC5 unicast link identifier update procedure

6.1.2.5.3 PC5 unicast link identifier update procedure accepted by the target UE

Upon receipt of a DIRECT LINK IDENTIFIER UPDATE REQUEST message, if the target UE determines:

a) the PC5 unicast link associated with this request message is still valid; and

b) the timer T5010 for the PC5 unicast link identified by this request message is not running,

then the target UE accepts this request, and responds with a DIRECT LINK IDENTIFIER UPDATE ACCEPT message.

The target UE shall create the DIRECT LINK IDENTIFIER UPDATE ACCEPT message. In this message, the target UE:

a) shall include the target UE’s new layer-2 ID assigned by itself;

b) shall include the new LSB of KNRP-sess ID;

c) shall include the initiating UE’s new MSB of KNRP-sess ID;

d) shall include the initiating UE’s new layer-2 ID;

e) shall include the target UE’s new application layer ID if received from upper layer;

f) shall include the initiating UE’s new IP address/prefix if received from the initiating UE and IP communication is used;

g) shall include the initiating UE’s new application layer ID if received from the initiating UE; and

h) shall include the target UE’s new IP address/prefix if IP communication is used and changed.

After the DIRECT LINK IDENTIFIER UPDATE ACCEPT message is generated, the target UE shall pass this message to the lower layers for transmission along with the initiating UE’s old layer-2 ID for unicast communication and the target UE’s old layer-2 ID for unicast communication, and start timer T5010. The UE shall not send a new DIRECT LINK IDENTIFIER UPDATE ACCEPT message to the same initiating UE while timer T5010 is running.

Before target UE receives the traffic using the new layer-2 IDs, the target UE shall continue to receive the traffic with the old layer-2 IDs (i.e. initiating UE’s old layer-2 ID and target UE’s old layer-2 ID) from initiating UE.

Before target UE receives the DIRECT LINK IDENTIFIER UPDATE ACK message from initiating UE, the target UE shall keep sending traffic to the initiating UE using the old layer-2 IDs (i.e. initiating UE’s old layer-2 ID for unicast communication and target UE’s old layer-2 ID for unicast communication).

6.1.2.5.4 PC5 unicast link identifier update procedure acknowledged by the initiating UE

Upon receipt of the DIRECT LINK IDENTIFIER UPDATE ACCEPT message, the initiating UE shall stop timer T5009 and respond with a DIRECT LINK IDENTIFIER UPDATE ACK message. In this message, the initiating UE:

a) shall include the target UE’s new layer-2 ID;

b) shall include the target UE’s new LSB of KNRP-sess ID;

c) shall include the target UE’s new application layer ID, if received; and

d) shall include the target UE’s new IP address/prefix, if received.

After the DIRECT LINK IDENTIFIER UPDATE ACK message is generated, the initiating UE shall pass this message to the lower layers for transmission along with the initiating UE’s old layer-2 ID for unicast communication and the target UE’s old layer-2 ID for unicast communication and shall stop timer T5011 if running and start a timer T5011 as configured if at least one of V2X service identifiers for the PC5 unicast link satisfying the privacy requirements as specified in clause 5.2.3.

Upon sending the DIRECT LINK IDENTIFIER UPDATE ACK message, the initiating UE shall update the associated PC5 unicast link context with the new identifiers and pass the new layer-2 IDs (i.e. initiating UE’s new layer-2 ID for unicast communication and target UE’s new layer-2 ID for unicast communication if changed) along with the PC5 link identifier down to the lower layer. Then the initiating UE shall use the new layer-2 IDs (i.e. initiating UE’s new layer-2 ID for unicast communication and target UE’s new layer-2 ID for unicast communication if changed) to transmit the PC5 signalling message and PC5 user plane data.

The initiating UE shall continue to receive traffic with the old layer-2 IDs (i.e. initiating UE’s old layer-2 ID for unicast communication and target UE’s old layer-2 ID for unicast communication) from the target UE until it receives traffic with the new layer-2 IDs (i.e. initiating UE’s new layer-2 ID and target UE’s new layer-2 ID if changed) from the target UE.

6.1.2.5.5 PC5 unicast link identifier update procedure completion by the target UE

Upon receipt of the DIRECT LINK IDENTIFIER UPDATE ACK message, the target UE shall update the associated PC5 unicast link context with the new identifiers, pass the new layer-2 IDs (i.e. initiating UE’s new layer-2 ID and target UE’s new layer-2 ID if changed) down to the lower layer, stop timer T5010 and timer T5011 if running and start a timer T5011 as configured if at least one of V2X service identifiers for the PC5 unicast link satisfying the privacy requirements as specified in clause 5.2.3. Then the target UE shall use the new layer-2 IDs (i.e. initiating UE’s new layer-2 ID for unicast communication and target UE’s new layer-2 ID for unicast communication if changed) to transmit the PC5 signalling message and PC5 user plane data.

6.1.2.5.6 PC5 unicast link identifier update procedure not accepted by the target UE

If the DIRECT LINK IDENTIFIER UPDATE REQUEST message cannot be accepted, the target UE shall send a DIRECT LINK IDENTIFIER UPDATE REJECT message. The DIRECT LINK IDENTIFIER UPDATE REJECT message contains a PC5 signalling protocol cause IE set to one of the following cause values:

#3 conflict of layer-2 ID for unicast communication is detected; or

#111 protocol error, unspecified.

For a received DIRECT LINK IDENTIFIER UPDATE REQUEST message from a layer-2 ID (for unicast communication), if the target UE already has an existing link using this layer-2 ID or is currently processing a DIRECT LINK IDENTIFIER UPDATE REQUEST message from the same layer-2 ID, but with user info different from the user info IE included in this new incoming message, the target UE shall send a DIRECT LINK IDENTIFIER UPDATE REJECT message with PC5 signalling protocol cause value #3 "conflict of layer-2 ID for unicast communication is detected".

NOTE: After receiving the DIRECT LINK IDENTIFIER UPDATE REJECT message, whether the initiating UE initiates the PC5 unicast link release procedure or initiates another PC5 unicast link identifier update procedure with a new layer-2 ID depends on UE implementation.

For other reasons causing the failure of link identifier update, the target UE shall send a DIRECT LINK IDENTIFIER UPDATE REJECT message with PC5 signalling protocol cause value #111 "protocol error, unspecified".

Upon receipt of the DIRECT LINK IDENTIFIER UPDATE REJECT message, the initiating UE shall stop timer T5009 and abort this PC5 unicast link identifier update procedure.

6.1.2.5.7 Abnormal cases

6.1.2.5.7.1 Abnormal cases at the initiating UE

The following abnormal cases can be identified:

a) If timer T5009 expires, the initiating UE shall retransmit the DIRECT LINK IDENTIFIER UPDATE REQUEST message and restart timer T5009. After reaching the maximum number of allowed retransmissions, the initiating UE shall abort the PC5 unicast link identifier update procedure and may notify the upper layer that the target UE is unreachable.

NOTE 1: The maximum number of allowed retransmissions is UE implementation specific.

NOTE 2: After reaching the maximum number of allowed retransmissions, whether the initiating UE releases this PC5 unicast link depends on its implementation.

b) For the same PC5 unicast link, if the initiating UE receives a DIRECT LINK IDENTIFIER UPDATE REQUEST message during the PC5 unicast link identifier update procedure, the initiating UE shall stop the timer T5009 and abort the PC5 unicast link identifier update procedure. Following handling is implementation dependent, e.g., the initiating UE waits for an implementation dependent time for initiating a new PC5 unicast link identifier update procedure, if still needed.

NOTE 3: The implementation dependent timer value needs to be set to avoid further collisions (e.g. random timer value).

c) For the same PC5 unicast link, if the initiating UE receives a DIRECT LINK REKEYING REQUEST message after initiating the PC5 unicast link identifier update procedure, the initiating UE shall ignore the DIRECT LINK REKEYING REQUEST message and proceed with the PC5 unicast link identifier update procedure.

d) For the same PC5 unicast link, if the initiating UE receives a DIRECT LINK RELEASE REQUEST message after the initiation of PC5 unicast link identifier update procedure, the initiating UE shall stop the timer T5009 and abort the PC5 unicast link identifier update procedure and proceed with the PC5 unicast link release procedure.

6.1.2.5.7.2 Abnormal cases at the target UE

The following abnormal cases can be identified:

a) If timer T5010 expires, the target UE shall retransmit the DIRECT LINK IDENTIFIER UPDATE ACCEPT message and restart timer T5010. After reaching the maximum number of allowed retransmissions, the target UE shall abort the PC5 unicast link identifier update procedure and may notify the upper layer that the initiating UE is unreachable.

NOTE 1: The maximum number of allowed retransmissions is UE implementation specific.

NOTE 2: After reaching the maximum number of allowed retransmissions, whether the target UE releases this PC5 unicast link depends on its implementation.

b) If DIRECT LINK IDENTIFIER UPDATE REQUEST is received when the timer T5010 is running, the target UE shall stop the timer T5010 and abort the ongoing PC5 unicast link identifier update procedure. The target UE shall handle the new DIRECT LINK IDENTIFIER UPDATE REQUEST as specified in clause 6.1.2.5.3.

6.1.2.6 PC5 unicast link authentication procedure

6.1.2.6.1 General

The PC5 unicast link authentication procedure is used to perform mutual authentication of UEs establishing a PC5 unicast link and to derive a new KNRP shared between two UEs during a PC5 unicast link establishment procedure or a PC5 unicast link re-keying procedure. After successful completion of the PC5 unicast link authentication procedure, the new KNRP is used for security establishment during the PC5 unicast link security mode control procedure as specified in clause 6.1.2.7. The UE sending the DIRECT LINK AUTHENTICATION REQUEST message is called the "initiating UE" and the other UE is called the "target UE".

6.1.2.6.2 PC5 unicast link authentication procedure initiation by the initiating UE

The initiating UE shall meet one of the following pre-conditions if signalling integrity protection is activated based on the decision of the initiating UE, before initiating the PC5 unicast link authentication procedure:

a) the target UE has initiated a PC5 unicast link establishment procedure toward the initiating UE by sending a DIRECT LINK ESTABLISHMENT REQUEST message and:

1) the DIRECT LINK ESTABLISHMENT REQUEST message:

i) includes a target user info IE which includes the application layer ID of the initiating UE; or

ii) does not include a target user info IE and the initiating UE is interested in the V2X service identified by the V2X service identifier in the DIRECT LINK ESTABLISHMENT REQUEST message; and

2) the KNRP ID is not included in the DIRECT LINK ESTABLISHMENT REQUEST message or the initiating UE does not have an existing KNRP for the KNRP ID included in DIRECT LINK ESTABLISHMENT REQUEST message or the initiating UE derives a new KNRP; or

b) the target UE has initiated a PC5 unicast link re-keying procedure toward the initiating UE by sending a DIRECT LINK REKEYING REQUEST message and the DIRECT LINK REKEYING REQUEST message includes a Re-authentication indication.

In order to initiate the PC5 unicast link authentication procedure, the initiating UE shall create a DIRECT LINK AUTHENTICATION REQUEST message. In this message, the initiating UE:

a) shall include the key establishment information container IE.

NOTE: The Key establishment information container is provided by upper layers.

After the DIRECT LINK AUTHENTICATION REQUEST message is generated, the initiating UE shall pass this message to the lower layers for transmission along with the initiating UE’s layer-2 ID for unicast communication and the target UE’s layer-2 ID for unicast communication.

The initiating UE shall start timer T5006. The UE shall not send a new DIRECT LINK AUTHENTICATION REQUEST message to the same target UE while timer T5006 is running.

Figure 6.1.2.6.2: PC5 unicast link authentication procedure

6.1.2.6.3 PC5 unicast link authentication procedure accepted by the target UE

Upon receipt of a DIRECT LINK AUTHENTICATION REQUEST message, if a new assigned initiating UE’s layer-2 ID is included, the target UE shall replace the original initiating UE’s layer-2 ID with the new assigned initiating UE’s layer-2 ID for unicast communication. If the target UE determines that the DIRECT LINK AUTHENTICATION REQUEST message can be accepted, the target UE shall create a DIRECT LINK AUTHENTICATION RESPONSE message. The target UE shall check if the number of established PC5 unicast links is less than the implementation-specific maximum number of established NR PC5 unicast links allowed in the UE at a time. In this message, the target UE:

a) shall include the Key establishment information container IE.

NOTE: The key establishment information container is provided by upper layers.

After the DIRECT LINK AUTHENTICATION RESPONSE message is generated, the target UE shall pass this message to the lower layers for transmission along with the target UE’s layer-2 ID for unicast communication and the initiating UE’s layer-2 ID for unicast communication.

6.1.2.6.4 PC5 unicast link authentication procedure completion by the initiating UE

Upon receiving a DIRECT LINK AUTHENTICATION RESPONSE message, if the initiating UE determines that the DIRECT LINK AUTHENTICATION RESPONSE message can be accepted, the initiating UE shall stop timer T5006.

NOTE: When the initiating UE derives the new KNRP during the PC5 unicast link authentication procedure depends on the authentication method in use.

6.1.2.6.5 PC5 unicast link authentication procedure not accepted by the target UE

If the DIRECT LINK AUTHENTICATION REQUEST message cannot be accepted, the target UE shall create a DIRECT LINK AUTHENTICATION REJECT message. In this message, the target UE shall include a PC5 signaling protocol cause IE indicating one of the following cause values:

#6: authentication failure;

#5: lack of resources for PC5 unicast link.

If this PC5 unicast link authentication procedure is triggered during the PC5 unicast link establishment procedure and the implementation-specific maximum number of established NR PC5 unicast links has been reached, then the target UE shall send a DIRECT LINK AUTHENTICATION REJECT message containing PC5 signalling protocol cause value #5 "lack of resources for PC5 unicast link".

After the DIRECT LINK AUTHENTICATION REJECT message is generated, the target UE shall pass this message to the lower layers for transmission along with the initiating UE’s layer-2 ID for unicast communication and the target UE’s layer-2 ID for unicast communication.

The target UE shall abort the ongoing procedure that triggered the initiation of the PC5 unicast link authentication procedure if the ongoing procedure is the PC5 unicast link establishment procedure and the Target user info is included in the DIRECT LINK ESTABLISHMENT REQUEST message.

Upon receipt of the DIRECT LINK AUTHENTICATION REJECT message, the initiating UE shall stop timer T5006 and abort the ongoing procedure that triggered the initiation of the PC5 unicast link authentication procedure.

6.1.2.6.5A PC5 unicast link authentication procedure not accepted by the initiating UE

If the DIRECT LINK AUTHENTICATION RESPONSE message cannot be accepted, the initiating UE shall stop timer T5006 and create a DIRECT LINK AUTHENTICATION FAILURE message. In this message, the initiating UE may include the Key establishment information container IE if provided by upper layers.

After the DIRECT LINK AUTHENTICATION FAILURE message is generated, the initiating UE shall pass this message to the lower layers for transmission along with the initiating UE’s layer-2 ID for unicast communication and the target UE’s layer-2 ID for unicast communication.

The initiating UE shall abort the ongoing procedure that triggered the initiation of the PC5 unicast link authentication procedure.

Upon receipt of the DIRECT LINK AUTHENTICATION FAILURE message and if the PC5 unicast link authentication procedure was initiated due to a PC5 unicast link establishment procedure that includes a Target user info in the DIRECT LINK ESTABLISHMENT REQUEST message, the target UE shall abort the ongoing procedure that triggered the initiation of the PC5 unicast link authentication procedure and shall indicate to upper layers that authentication has failed.

6.1.2.6.6 Abnormal cases

6.1.2.6.6.1 Abnormal cases at the initiating UE

a) Timer T5006 expires.

The initiating UE shall retransmit the DIRECT LINK AUTHENTICATION REQUEST message and restart timer T5006. After reaching the maximum number of allowed retransmissions, the initiating UE shall abort the PC5 unicast link authentication procedure and shall abort the ongoing procedure that triggered the initiation of the PC5 unicast link authentication procedure.

NOTE: The maximum number of allowed retransmissions is UE implementation specific.

b) The need to use this PC5 unicast link no longer exists before the PC5 unicast link authentication procedure is completed.

The initiating UE shall abort the procedure and shall abort the ongoing procedure that triggered the initiation of the PC5 unicast link authentication procedure.

6.1.2.7 PC5 unicast link security mode control procedure

6.1.2.7.1 General

The PC5 unicast link security mode control procedure is used to establish security between two UEs during a PC5 unicast link establishment procedure or a PC5 unicast link re-keying procedure.. After successful completion of the PC5 unicast link security mode control procedure, the selected security algorithms and keys are used to integrity protect and cipher all PC5 signalling messages exchanged over this PC5 unicast link between the UEs and the security context can be used to protect all PC5 user plane data exchanged over this PC5 unicast link between the UEs. The UE sending the DIRECT LINK SECURITY MODE COMMAND message is called the "initiating UE" and the other UE is called the "target UE".

6.1.2.7.2 PC5 unicast link security mode control procedure initiation by the initiating UE

The initiating UE shall meet the following pre-conditions before initiating the PC5 unicast link security mode control procedure:

a) the target UE has initiated a PC5 unicast link establishment procedure toward the initiating UE by sending a DIRECT LINK ESTABLISHMENT REQUEST message and:

1) the DIRECT LINK ESTABLISHMENT REQUEST message:

i) includes a target user info IE which includes the application layer ID of the initiating UE; or

ii) does not include a target user info IE and the initiating UE is interested in the V2X service identified by the V2X service identifier in the DIRECT LINK ESTABLISHMENT REQUEST message; and

2) the initiating UE:

i) has either identified an existing KNRP based on the KNRP ID included in the DIRECT LINK ESTABLISHMENT REQUEST message or derived a new KNRP; or

ii) has decided not to activate security protection based on its UE PC5 unicast signalling security policy and the target UE’s PC5 unicast signalling security policy; or

b) the target UE has initiated a PC5 unicast link re-keying procedure toward the initiating UE by sending a DIRECT LINK REKEYING REQUEST message and:

1) if the target UE has included a Re-authentication indication in the DIRECT LINK REKEYING REQUEST message, the initiating UE has derived a new KNRP.

If a new KNRP has been derived by the initiating UE, the initiating UE shall generate the 16 MSBs of KNRP ID to ensure that the resultant KNRP ID will be unique in the initiating UE.

The initiating UE shall select security algorithms in accordance with its UE PC5 unicast signalling security policy and the target UE’s PC5 unicast signalling security policy. If the PC5 unicast link security mode control procedure was triggered during a PC5 unicast link establishment procedure, the initiating UE shall not select the null integrity protection algorithm if the initiating UE or the target UE’s PC5 unicast signalling integrity protection policy is set to "signalling integrity protection required". If the PC5 unicast link security mode control procedure was triggered during a PC5 unicast link re-keying procedure, the initiating UE:

a) shall not select the null integrity protection algorithm if the integrity protection algorithm currently in use for the PC5 unicast link is different from the null integrity protection algorithm;

b) shall not select the null ciphering protection algorithm if the ciphering protection algorithm currently in use for the PC5 unicast link is different from the null ciphering protection algorithm;

c) shall select the null integrity protection algorithm if the integrity protection algorithm currently in use is the null integrity protection algorithm; and

d) shall select the null ciphering protection algorithm if the ciphering protection algorithm currently in use is the null ciphering protection algorithm.

Then the initiating UE shall:

a) generate a 128-bit Nonce_2 value;

b) derive KNRP-sess from KNRP, Nonce_2 and Nonce_1 received in the DIRECT LINK ESTABLISHMENT REQUEST message as specified in 3GPP TS 33.536 [20];

c) derive the NR PC5 encryption key NRPEK and the NR PC5 integrity key NRPIK from KNRP-sess and the selected security algorithms as specified in 3GPP TS 33.536 [20], and

d) create a DIRECT LINK SECURITY MODE COMMAND message. In this message, the initiating UE:

1) shall include the key establishment information container IE if a new KNRP has been derived at the initiating UE and the authentication method used to generate KNRP requires sending information to complete the authentication procedure;

NOTE: The key establishment information container is provided by upper layers.

2) shall include the MSBs of KNRP ID IE if a new KNRP has been derived at the initiating UE;

3) shall include a Nonce_2 IE set to the 128-bit nonce value generated by the initiating UE for the purpose of session key establishment over this PC5 unicast link if the selected integrity protection algorithms is not the null integrity protection algorithm;

4) shall include the selected security algorithms;

5) shall include the UE security capabilities received from the target UE in the DIRECT LINK ESTABLISHMENT REQUEST message or DIRECT LINK REKEYING REQUEST message;

6) shall include the UE PC5 unicast signalling security policy received from the target UE in the DIRECT LINK ESTABLISHMENT REQUEST message; and

7) shall include the 8 LSBs of KNRP-sess ID chosen by the initiating UE as specified in 3GPP TS 33.536 [20] if the selected integrity protection algorithms is not the null integrity protection algorithm.

If the security protection of this PC5 unicast link is activated, the initiating UE shall form the KNRP-sess ID from the 8 MSBs of KNRP-sess ID received in the DIRECT LINK ESTABLISHMENT REQUEST message or DIRECT LINK REKEYING REQUEST message and the 8 LSBs of KNRP-sess ID included in the DIRECT LINK SECURITY MODE COMMAND message.

After the DIRECT LINK SECURITY MODE COMMAND message is generated, the initiating UE shall pass this message to the lower layers for transmission along with the initiating UE’s layer-2 ID for unicast communication and the target UE’s layer-2 ID for unicast communication, NRPIK, NRPEK if applicable, KNRP-sess ID, the selected security algorithm as specified in TS 33.536 [20]; an indication of activation of the PC5 unicast signalling security protection for the PC5 unicast link with the new security context, if applicable, and start timer T5007. The initiating UE shall not send a new DIRECT LINK SECURITY MODE COMMAND message to the same target UE while timer T5007 is running.

NOTE: The DIRECT LINK SECURITY MODE COMMAND message is integrity protected (and not ciphered) at the lower layer using the new security context.

If the PC5 unicast link security mode control procedure was triggered during a PC5 unicast link re-keying procedure, the initiating UE shall provide to the lower layers an indication of activation of the PC5 unicast user plane security protection for the PC5 unicast link with the new security context, if applicable, along with the initiating UE’s layer-2 ID for unicast communication and the target UE’s layer-2 ID for unicast communication.

Figure 6.1.2.7.2: PC5 unicast link security mode control procedure

6.1.2.7.3 PC5 unicast link security mode control procedure accepted by the target UE

Upon receipt of a DIRECT LINK SECURITY MODE COMMAND message, if a new assigned initiating UE’s layer-2 ID is included and if the authentication procedure has not been executed, the target UE shall replace the original initiating UE’s layer-2 ID with the new assigned initiating UE’s layer-2 ID for unicast communication. The target UE shall check the selected security algorithms IE included in the DIRECT LINK SECURITY MODE COMMAND message. If "null integrity algorithm" is included in the selected security algorithms IE, the PC5 unicast link is unsecured. If "null ciphering algorithm" and an integrity algorithm other than "null integrity algorithm" are included in the selected algorithms IE, the signalling ciphering protection is not activated. If the target UE’s PC5 unicast signalling integrity protection policy is set to "signalling integrity protection required", the target UE shall check the selected security algorithms IE in the DIRECT LINK SECURITY MODE COMMAND message does not include the null integrity protection algorithm. If the selected integrity protection algorithm is not the null integrity protection algorithm, the target UE shall:

a) derive KNRP-sess from KNRP, Nonce_1 and Nonce_2 received in the DIRECT LINK SECURITY MODE COMMAND message as specified in 3GPP TS 33.536 [20]; and

b) derive NRPIK from KNRP-sess and the selected integrity algorithm as specified in 3GPP TS 33.536 [20].

If the KNRP-sess is derived and the selected ciphering protection algorithm is not the null ciphering protection algorithm, then the target UE shall derive NRPEK from KNRP-sess and the selected ciphering algorithm as specified in 3GPP TS 33.536 [20].

The target UE shall determine whether or not the DIRECT LINK SECURITY MODE COMMAND message can be accepted by:

a) checking that the selected security algorithms in the DIRECT LINK SECURITY MODE COMMAND message does not include the null integrity protection algorithm if the target UE’s PC5 unicast signalling integrity protection policy is set to "signalling integrity protection required";

b) asking the lower layers to check the integrity of the DIRECT LINK SECURITY MODE COMMAND message using NRPIK and the selected integrity protection algorithm, if the selected integrity protection algorithm is not the null integrity protection algorithm;

c) checking that the received UE security capabilities have not been altered compared to the values that the target UE sent to the initiating UE in the DIRECT LINK ESTABLISHMENT REQUEST message or DIRECT LINK REKEYING REQUEST message;

d) if the PC5 unicast link security mode control procedure was triggered during a PC5 unicast link establishment procedure,

1) checking that the received UE PC5 unicast signalling security policy has not been altered compared to the values that the target UE sent to the initiating UE in the DIRECT LINK ESTABLISHMENT REQUEST message; and

2) checking that the 8 LSBs of KNRP-sess ID included in the DIRECT LINK SECURITY MODE COMMAND message are not set to the same value as those received from another UE in response to the target UE’s DIRECT LINK ESTABLISHMENT REQUEST message; and

e) if the PC5 unicast link security mode control procedure was triggered during a PC5 unicast link re-keying procedure and the integrity protection algorithm currently in use for the PC5 unicast link is different from the null integrity protection algorithm, checking that the selected security algorithms in the DIRECT LINK SECURITY MODE COMMAND message do not include the null integrity protection algorithm.

If the target UE did not include a KNRP ID in the DIRECT LINK ESTABLISHMENT REQUEST message, the target UE included a Re-authentication indication in the DIRECT LINK REKEYING REQUEST message or the initiating UE has chosen to derive a new KNRP, the target UE shall derive KNRP as specified in 3GPP TS 33.536 [20]. The target UE shall choose the 16 LSBs of KNRP ID to ensure that the resultant KNRP ID will be unique in the target UE. The target UE shall form KNRP ID from the received MSBs of KNRP ID and its chosen LSBs of KNRP ID and shall store the complete KNRP ID with KNRP.

If the target UE accepts the DIRECT LINK SECURITY MODE COMMAND message, the target UE shall create a DIRECT LINK SECURITY MODE COMPLETE message. In this message, the target UE:

a) shall include the PQFI and the corresponding PC5 QoS parameters;

b) if IP communication is used and the PC5 unicast link security mode control procedure was triggered during a PC5 unicast link establishment procedure, shall include an IP address configuration IE set to one of the following values:

1) "IPv6 router" if IPv6 address allocation mechanism is supported by the target UE, i.e. acting as an IPv6 router; or

2) "IPv6 address allocation not supported" if IPv6 address allocation mechanism is not supported by the target UE;

c) if IP communication is used, the IP address configuration IE is set to "IPv6 address allocation not supported" and the PC5 unicast link security mode control procedure was triggered during a PC5 unicast link establishment procedure, shall include a link local IPv6 address IE formed locally based on IETF RFC 4862 [6];

d) if a new KNRP was derived, shall include the 16 LSBs of KNRP ID; and

e) if the PC5 unicast link security mode control procedure was triggered during a PC5 unicast link establishment procedure, shall include its UE PC5 unicast user plane security policy for this PC5 unicast link. In the case where the different V2X services are mapped to the different PC5 unicast user plane security policies, when more than one V2X service identifier is included in the DIRECT LINK ESTABLISHMENT REQUEST message, each of the user plane security polices of those V2X services shall be compatible, e.g. "user plane integrity protection not needed" and " user plane integrity protection required" are not compatible.

If the selected integrity protection algorithm is not the null integrity protection algorithm, the target UE shall form the KNRP-sess ID from the 8 MSBs of KNRP-sess ID it had sent in the DIRECT LINK ESTABLISHMENT REQUEST message or DIRECT LINK REKEYING REQUEST message and the 8 LSBs of KNRP-sess ID received in the DIRECT LINK SECURITY MODE COMMAND message.

After the DIRECT LINK SECURITY MODE COMPLETE message is generated, the target UE shall pass this message to the lower layers for transmission along with the target UE’s layer-2 ID for unicast communication and the initiating UE’s layer-2 ID for unicast communication, NRPIK, NRPEK if applicable, KNRP-sess ID, the selected security algorithm as specified in TS 33.536 [20] , and an indication of activation of the PC5 unicast signalling security protection for the PC5 unicast link with the new security context, if applicable.

NOTE: The DIRECT LINK SECURITY MODE COMPLETE message and further PC5 unicast signalling messages are integrity protected and ciphered (if applicable) at the lower layer using the new security context.

If the PC5 unicast link security mode control procedure was triggered during a PC5 unicast link re-keying procedure, the target UE shall provide to the lower layers an indication of activation of the PC5 unicast user plane security protection for the PC5 unicast link with the new security context, if applicable, along with the initiating UE’s layer-2 ID for unicast communication and the target UE’s layer-2 ID for unicast communication.

6.1.2.7.4 PC5 unicast link security mode control procedure completion by the initiating UE

Upon receiving a DIRECT LINK SECURITY MODE COMPLETE message, the initiating UE shall stop timer T5007. If the selected integrity protection algorithm is not the null integrity protection algorithm, the UE checks the integrity of the DIRECT LINK SECURITY MODE COMPLETE message. If the integrity check passes, the initiating UE shall then continue the procedure which triggered the PC5 unicast link security mode control procedure. If the selected integrity protection algorithm is the null integrity protection algorithm, the UE continues the procedure without checking the integrity protection.

After receiving the DIRECT LINK SECURITY MODE COMPLETE message, the initiating UE shall delete the old security context it has for the target UE.

6.1.2.7.5 PC5 unicast link security mode control procedure not accepted by the target UE

If the DIRECT LINK SECURITY MODE COMMAND message cannot be accepted, the target UE shall send a DIRECT LINK SECURITY MODE REJECT message, and the target UE shall abort the ongoing procedure that triggered the initiation of the PC5 unicast link security mode control procedure unless the ongoing procedure is a PC5 unicast link establishment procedure and the Target user info is not included in the DIRECT LINK ESTABLISHMENT REQUEST message. The DIRECT LINK SECURITY MODE REJECT message contains a PC5 signalling protocol cause IE indicating one of the following cause values:

#6: authentication failure;

#7: integrity failure;

#8: UE security capabilities mismatch;

#9: LSBs of KNRP-sess ID conflict;

#10: UE PC5 unicast signalling security policy mismatch;

#5 lack of resources for PC5 unicast link; or

#111: protocol error, unspecified.

If this PC5 unicast link security mode control procedure is triggered during the PC5 unicast link establishment procedure and the implementation-specific maximum number of established NR PC5 unicast links has been reached, then the target UE shall send a DIRECT LINK SECURITY MODE REJECT message containing PC5 signalling protocol cause value #5 "lack of resources for PC5 unicast link".

If the DIRECT LINK SECURITY MODE COMMAND message cannot be accepted because the PC5 unicast link security mode control procedure was triggered during a PC5 unicast link establishment procedure, that the selected security algorithms in the DIRECT LINK SECURITY MODE COMMAND message included the null integrity protection algorithm and the target UE’s PC5 unicast signalling integrity protection policy is set to "signalling integrity protection required", the target UE shall include PC5 signalling protocol cause #10 "UE PC5 unicast signalling security policy mismatch" in the SECURITY MODE REJECT message.

If the DIRECT LINK SECURITY MODE COMMAND message cannot be accepted because the PC5 unicast link security mode control procedure was triggered during a PC5 unicast link re-keying procedure, the integrity protection algorithm currently in use for the PC5 unicast link is different from the null integrity protection algorithm and the selected security algorithms in the DIRECT LINK SECURITY MODE COMMAND message include the null integrity protection algorithm, the target UE, the target UE shall include PC5 signalling protocol cause #10 "UE PC5 unicast signalling security policy mismatch" in the SECURITY MODE REJECT message.

After the DIRECT LINK SECURITY MODE REJECT message is generated, the target UE shall pass this message to the lower layers for transmission along with the initiating UE’s layer-2 ID for unicast communication and the target UE’s layer-2 ID for unicast communication.

Upon receipt of the DIRECT LINK SECURITY MODE REJECT message, the initiating UE shall stop timer T5007, provide an indication to the lower layer of deactivation of the PC5 unicast security protection and deletion of security context for the PC5 unicast link, if applicable and:

a) if the PC5 signalling protocol cause IE in the DIRECT LINK SECURITY MODE REJECT message is set to #9 "LSBs of KNRP-sess ID conflict", retransmit the DIRECT LINK SECURITY MODE COMMAND message with a different value for the 8 LSBs of KNRP-sess ID; or

b) if the PC5 signalling protocol cause IE is set to the value other than #9 "LSBs of KNRP-sess ID conflict", abort the ongoing procedure that triggered the initiation of the PC5 unicast link security mode control procedure.

6.1.2.7.6 Abnormal cases

6.1.2.7.6.1 Abnormal cases at the initiating UE

a) Timer T5007 expires.

The initiating UE shall retransmit the DIRECT LINK SECURITY MODE COMMAND message and restart timer T5007. After reaching the maximum number of allowed retransmissions, the initiating UE shall abort the PC5 unicast link security mode control procedure, shall provide an indication to the lower layer of deactivation of the PC5 unicast security protection and deletion of security context for the PC5 unicast link, if applicable, and shall abort the ongoing procedure that triggered the initiation of the PC5 unicast link security mode control procedure.

NOTE: The maximum number of allowed retransmissions is UE implementation specific.

b) The need to use this PC5 unicast link no longer exists before the PC5 unicast link security mode control procedure is completed.

The initiating UE shall abort the procedure, shall provide an indication to the lower layer of deactivation of the PC5 unicast security protection and deletion of security context for the PC5 unicast link, if applicable, and shall abort the ongoing procedure that triggered the initiation of the PC5 unicast link security mode control procedure.

6.1.2.8 PC5 unicast link keep-alive procedure

6.1.2.8.1 General

The PC5 unicast link keep-alive procedure is used to maintain a PC5 unicast link between two UEs, i.e., check that the link between the two UEs is still viable. The UE sending the DIRECT LINK KEEPALIVE REQUEST message is called the "initiating UE" and the other UE is called the "target UE".

The PC5 unicast link keep-alive procedure can be initiated by only one UE or both UEs in the established PC5 unicast link.

NOTE: Whether the PC5 unicast link keep-alive procedure is initiated by only one UE or both UEs in the established PC5 unicast link is UE implementation specific.

6.1.2.8.2 PC5 unicast link keep-alive procedure initiation by the initiating UE

The initiating UE shall meet the following pre-condition before initiating the PC5 unicast link keep-alive procedure:

a) there is a PC5 unicast link between the initiating UE and the target UE.

The initiating UE shall manage a keep-alive timer T5003 and a keep-alive counter for the PC5 unicast link keep-alive procedure. Timer T5003 is used to trigger the periodic initiation of the PC5 unicast link keep-alive procedure. The UE shall start or restart timer T5003 whenever the UE receives a PC5 signalling message or PC5 user plane data from the target UE over this PC5 unicast link. The UE shall set the keep-alive counter to an initial value of zero after PC5 unicast link establishment.

The initiating UE shall initiate the PC5 unicast link keep-alive procedure when:

a) timer T5003 for this link expires;

b) optionally, a request from the lower layers to check the viability of the PC5 unicast link is received; or

NOTE 1: Whether the lower layers can request the initiation of the PC5 unicast link keep-alive procedure, and what the triggers for the lower layers are to request the initiation of the PC5 unicast link keep-alive procedure, are UE implementation specific.

c) optionally, a request from the upper layers to check the viability of the PC5 unicast link is received.

NOTE 2: Whether the upper layers can request the initiation of the PC5 unicast link keep-alive procedure, and what the triggers for the upper layers are to request the initiation of the PC5 unicast link keep-alive procedure, are UE implementation specific.

In order to initiate the PC5 unicast link keep-alive procedure, the initiating UE shall stop timer T5003, if running, and shall create a DIRECT LINK KEEPALIVE REQUEST message. In this message, the initiating UE:

a) shall include the keep-alive counter for the PC5 unicast link; and

b) may include a maximum inactivity period to indicate the maximum inactivity period of the initiating UE over this PC5 unicast link.

NOTE 3: The value chosen for the maximum inactivity period of the initiating UE is UE implementation specific with the objective to minimize the number of keep-alive procedures as much as possible. It is desirable to have the maximum inactivity period value to be slightly higher than the value of keep-alive timer T5003.

After the DIRECT LINK KEEPALIVE REQUEST message is generated, the initiating UE shall pass this message to the lower layers for transmission along with the initiating UE’s layer-2 ID for unicast communication and the target UE’s layer-2 ID for unicast communication, and start timer T5004. The UE shall not send a new DIRECT LINK KEEPALIVE REQUEST message to the same target UE while timer T5004 is running.

Figure 6.1.2.8.2: PC5 unicast link keep-alive procedure

6.1.2.8.3 PC5 unicast link keep-alive procedure accepted by the target UE

Upon receipt of a DIRECT LINK KEEPALIVE REQUEST message, the target UE shall create a DIRECT LINK KEEPALIVE RESPONSE message. In this message, the target UE:

a) shall include the keep-alive counter set to the same value as that received in the DIRECT LINK KEEPALIVE REQUEST message.

After the DIRECT LINK KEEPALIVE RESPONSE message is generated, the target UE shall pass this message to the lower layers for transmission along with the target UE’s layer-2 ID for unicast communication and the initiating UE’s layer-2 ID for unicast communication.

If a maximum inactivity period is included in the DIRECT LINK KEEPALIVE REQUEST message, the target UE shall stop T5005, if running, and start T5005 with its value set to the maximum inactivity period. The target UE shall restart T5005 whenever the target UE receives a PC5 signalling message or PC5 user plane data from the initiating UE over this PC5 unicast link.

6.1.2.8.4 PC5 unicast link keep-alive procedure completion by the initiating UE

Upon receipt of a DIRECT LINK KEEPALIVE RESPONSE message, the initiating UE shall stop timer T5004, start timer T5003 and increment the keep-alive counter for the PC5 unicast link.

6.1.2.8.5 Abnormal cases

6.1.2.8.5.1 Abnormal cases at the initiating UE

a) Timer T5004 expires.

The initiating UE shall retransmit the DIRECT LINK KEEPALIVE REQUEST message with the last used value of the keep-alive counter and restart timer T5004. After reaching the maximum number of allowed retransmissions, the initiating UE shall abort the PC5 unicast link keep-alive procedure and locally release the PC5 unicast link.

NOTE: The maximum number of allowed retransmissions is UE implementation specific.

b) The need to use this PC5 unicast link no longer exists before the PC5 unicast link keep-alive procedure is completed.

The initiating UE shall abort the PC5 unicast link keep-alive procedure and initiate a PC5 unicast link release procedure.

c) The initiating UE receives a DIRECT LINK KEEPALIVE RESPONSE message with a keep-alive counter value different from the value which the initiating UE had included in the last sent DIRECT LINK KEEPALIVE REQUEST message.

The initiating UE shall discard the DIRECT LINK KEEPALIVE RESPONSE message.

d) The initiating UE receives a PC5 signalling message other than a DIRECT LINK KEEPALIVE RESPONSE message or PC5 user plane data from the target UE over this PC5 unicast link while timer T5004 is running.

The initiating UE shall stop timer T5004, abort the PC5 unicast link keep-alive procedure, start timer T5003 and increment the keep-alive counter for the PC5 unicast link.

e) The initiating UE receives a DIRECT LINK KEEPALIVE RESPONSE message when T5004 is not running.

The initiating UE shall discard the DIRECT LINK KEEPALIVE RESPONSE message.

6.1.2.8.5.2 Abnormal cases at the target UE

a) Timer T5005 expires.

The target UE shall:

1) initiate a PC5 unicast link keep-alive procedure to check the link; or

2) initiate the PC5 unicast link release procedure.

Whether the UE chooses 1) or 2) is left to UE implementation.

b) The target UE receives a DIRECT LINK KEEPALIVE REQUEST message with a keep-alive counter value lower than the value which the target UE had included in the last sent DIRECT LINK KEEPALIVE RESPONSE message.

The target UE shall discard the DIRECT LINK KEEPALIVE REQUEST message.

c) The target UE receives a DIRECT LINK KEEPALIVE REQUEST message if there is a pending PC5 signaling message or PC5 user plane data to be sent to the initiating UE over this PC5 unicast link.

The target UE:

1) shall pass this PC5 signalling message to the lower layers for transmission along with the target UE’s layer-2 ID for unicast communication and the initiating UE’s layer-2 ID for unicast communication, or perform the data transmission over PC5 unicast link as specified in clause 6.1.2.9; and

2) shall consider transmission of this PC5 signalling message or PC5 user plane data to be an implicit DIRECT LINK KEEPALIVE RESPONSE message and skip generating a DIRECT LINK KEEPALIVE RESPONSE message. If a maximum inactivity period is included in the DIRECT LINK KEEPALIVE REQUEST message, the target UE shall stop T5005, if running, and start T5005 with its value set to the maximum inactivity period.

6.1.2.9 Data transmission over PC5 unicast link

6.1.2.9.1 Transmission

When receiving user data from upper layers to be sent over PC5 unicast link to a specific UE, the transmitting UE shall determine the PC5 unicast link context corresponding to the application layer ID, and then shall tag each outgoing protocol data unit with the following information before passing it to the lower layers for transmission:

a) a layer-3 protocol data unit type (see 3GPP TS 38.323 [10]) set to:

1) IP packet, if the V2X message contains IP data; or

2) non-IP packet, if the V2X message contains non-IP data;

b) the PC5 link identifier associated with the PC5 unicast link context;

c) optionally, the source layer-2 ID set to the source layer-2 ID associated with the PC5 unicast link context;

d) optionally, the destination layer-2 ID set to the destination layer-2 ID associated with the PC5 unicast link context; and

e) the PQFI set to the value corresponding to the V2X service identifier and the optional V2X application requirements according to the mapping rules specified in clause 5.2.3.

6.1.2.9.2 Procedure for UE to use provisioned radio resources for V2X communication over PC5

The procedures described for using NR-PC5 in clause 6.1.3.2.3 apply.

6.1.2.10 PC5 unicast link re-keying procedure

6.1.2.10.1 General

The purpose of the PC5 unicast link re-keying procedure is to derive a new KNRP-sess and, optionally, a new KNRP for an existing PC5 unicast link. The UE sending the DIRECT LINK REKEYING REQUEST message is called the "initiating UE" and the other UE is called the "target UE".

NOTE: There is no benefit in performing the PC5 unicast link re-keying procedure when using the null integrity protection algorithm, hence it is recommended not to trigger it when using the null integrity protection algorithm.

6.1.2.10.2 PC5 unicast link re-keying procedure initiation by the initiating UE

The initiating UE shall meet the following pre-condition before initiating the PC5 unicast link re-keying procedure:

a) there is a PC5 unicast link between the initiating UE and the target UE; and

1) if the session key KNRP-sess used to protect PC5 unicast link needs to be refreshed and neither timer T5007 nor T5008 are running;

2) if the UE wants to refresh KNRP and neither timer T5007 nor T5008 are running; or

3) if the lower layers indicate that a PC5 unicast link re-keying procedure needs to be performed.

In order to initiate the PC5 unicast link re-keying procedure, the initiating UE shall create a DIRECT LINK REKEYING REQUEST message. In this message, the initiating UE:

a) shall include the Key establishment information container IE if the null integrity protection algorithm is not in use;

NOTE 1: The key establishment information container is provided by upper layers.

b) shall include a Nonce_1 IE set to the 128-bit nonce value generated by the initiating UE for the purpose of session key refresh over this PC5 unicast link if the null integrity protection algorithm is not in use;

c) shall include its UE security capabilities indicating the list of algorithms that the initiating UE supports for the re-keying of this PC5 unicast link;

d) shall include the 8 MSBs of KNRP-sess ID chosen by the initiating UE as specified in 3GPP TS 33.536 [20] if the null integrity protection algorithm is not in use; and

e) may include a Re-authentication indication if the initiating UE wants to derive a new KNRP.

After the DIRECT LINK REKEYING REQUEST message is generated, the initiating UE shall pass this message to the lower layers for transmission along with the initiating UE’s layer-2 ID for unicast communication and the target UE’s layer-2 ID for unicast communication, and start timer T5008. The UE shall not send a new DIRECT LINK REKEYING REQUEST message to the same target UE while timer T5008 is running.

NOTE 2: In order to ensure successful PC5 unicast link re-keying, T5008 should be set to a value larger than the sum of T5006 and T5007.

Figure 6.1.2.10.2: PC5 unicast link re-keying procedure

6.1.2.10.3 PC5 unicast link re-keying procedure accepted by the target UE

Upon receipt of a DIRECT LINK REKEYING REQUEST message, if the DIRECT LINK REKEYING REQUEST message includes a Re-authentication indication, the target UE shall derive a new KNRP. This may require performing one or more PC5 unicast link authentication procedures as specified in clause 6.1.2.6.

NOTE: How many times the PC5 unicast link authentication procedure needs to be performed to derive a new KNRP depends on the authentication method used.

Then the target UE shall initiate a PC5 unicast link security mode control procedure as specified in in clause 6.1.2.7.

Upon successful completion of the PC5 unicast link security mode control procedure, the target UE shall create a DIRECT LINK REKEYING RESPONSE message.

After the DIRECT LINK REKEYING RESPONSE message is generated, the target UE shall pass this message to the lower layers for transmission along with the initiating UE’s layer-2 ID for unicast communication and the target UE’s layer-2 ID for unicast communication.

6.1.2.10.4 PC5 unicast link re-keying procedure completion by the initiating UE

Upon receipt of the DIRECT LINK REKEYING RESPONSE message, the initiating UE shall stop timer T5008 and check the integrity of the DIRECT LINK REKEYING RESPONSE message using the new NRPIK.

After receiving the DIRECT LINK REKEYING RESPONSE message, the initiating UE shall delete the old security context it has for the target UE.

6.1.2.10.5 Abnormal cases at the initiating UE

The following abnormal cases can be identified:

a) Timer T5008 expires.

The initiating UE shall retransmit the DIRECT LINK REKEYING REQUEST message and restart timer T5008. After reaching the maximum number of allowed retransmissions, the initiating UE shall abort the PC5 unicast link re-keying procedure, shall provide an indication of deactivation of the PC5 unicast security protection and deletion of security context for the PC5 unicast link to the lower layer, if applicable, along with the initiating UE’s layer-2 ID for unicast communication and the target UE’s layer-2 ID for unicast communication and may initiate the PC5 unicast link release procedure.

NOTE: The maximum number of allowed retransmissions is UE implementation specific.

b) The need to use this PC5 unicast link no longer exists before the PC5 unicast link re-keying procedure is completed.

The initiating UE shall abort the procedure and shall provide an indication of deactivation of the PC5 unicast security protection and deletion of security context for the PC5 unicast link to the lower layer, if applicable, along with the initiating UE’s layer-2 ID for unicast communication and the target UE’s layer-2 ID for unicast communication.

c) For the same PC5 unicast link, if the initiating UE receives a DIRECT LINK IDENTIFIER UPDATE REQUEST message after initiating the PC5 unicast link re-keying procedure, the initiating UE shall stop the timer T5008, abort the PC5 unicast link re-keying procedure and proceed with the PC5 unicast link identifier update procedure.

6.1.2.11 PC5 unicast security

6.1.2.11.1 Overview

This clause describes the principles for the handling of PC5 unicast security contexts in the UE and the procedures used for the security protection of PC5 signalling messages exchanged between UEs over a PC5 unicast link. Based on the security policies of UEs, security protection for a PC5 unicast link involves integrity protection and ciphering of the PC5 signalling messages, and integrity protection and ciphering of PC5 user plane data. The use of integrity protection and ciphering over a PC5 unicast link is optional (see 3GPP TS 33.536 [20]).

The signalling procedures for the control of PC5 unicast security are part of the PC5 signalling protocol and are described in detail in clause 6.1.2.

NOTE: It is recommended to set the UE PC5 unicast signalling integrity protection policy to "signalling integrity protection required" in order to guarantee security protection over PC5. In this clause, for the ease of description, it is assumed that integrity protection and ciphering are used, unless explicitly indicated otherwise. Operation of a PC5 unicast link without integrity protection or ciphering is achieved by configuring the UE so that it always selects the "null integrity protection algorithm", 5G-IA0, or the "null ciphering algorithm", 5G-EA0.

6.1.2.11.2 Handling of PC5 unicast security contexts

6.1.2.11.2.1 General

The security parameters for authentication, integrity protection and ciphering are tied together in a PC5 unicast security context and identified by a KNRP-sess identifier (KNRP-sess ID). The relationship between the security parameters is defined in 3GPP TS 33.536 [20]. The KNRP-sess ID is self-assigned by the UEs.

Before security can be activated, the UEs establishing a PC5 unicast link need to establish a PC5 unicast security context. The PC5 unicast security context is created as the result of a PC5 unicast link authentication procedure and PC5 unicast link security mode control procedure between the UEs.

The PC5 unicast security context is taken into use by the UEs when one of the UEs initiates a PC5 unicast link security mode control procedure.

The creation of a security context also results in the establishment of a key KNRP and its identifier KNRP ID at the UEs.

The PC5 unicast security context can be created using KNRP when a new PC5 unicast link is established without executing a new PC5 unicast link authentication procedure (see clause 6.1.2.11.2.2). For this purpose, the DIRECT LINK ESTABLISHMENT REQUEST message contains a KNRP ID indicating the PC5 unicast security context.

6.1.2.11.2.2 Establishment of secure exchange of PC5 signalling messages

Secure exchange of PC5 signalling messages over a PC5 unicast link is established during the PC5 unicast link establishment procedure by initiating a PC5 unicast link security mode control procedure. After successful completion of the PC5 unicast link security mode control procedure, all PC5 signalling messages exchanged between the UEs are sent integrity protected using the PC5 unicast security algorithms, and except for the DIRECT LINK SECURITY MODE COMMAND message, all PC5 signalling messages exchanged between the UEs are sent ciphered using the PC5 unicast security algorithms. The security exchange of PC5 signalling messages is maintained for the lifetime of the PC5 unicast link.

6.1.2.11.2.3 Change of security keys

When one of the UEs using the PC5 unicast link initiates a PC5 unicast link re-keying procedure to create a new PC5 unicast security context, the PC5 signalling messages exchanged during the PC5 unicast link authentication procedure, if any, are integrity protected and ciphered using the old PC5 unicast security context, i.e. the PC5 unicast security context that was in use before the start of the PC5 unicast link re-keying procedure.

Both UEs shall continue to use the old PC5 unicast security context until the UE which has received the DIRECT LINK REKEYING REQUEST message initiates a PC5 unicast link security mode control procedure. The UE shall send the DIRECT LINK SECURITY MODE COMMAND message integrity protected with the new PC5 unicast security context, but unciphered. When the peer UE responds with a DIRECT LINK SECURITY MODE COMPLETE message, it shall send the message integrity protected and ciphered with the new PC5 unicast security context.

6.1.2.11.3 Checking of PC5 signalling messages in the UE

If the signalling integrity protection is not activated for PC5 unicast link, all PC5 signalling messages are processed by the UE without integrity protection.

If the signalling integrity protection is activated for PC5 unicast link, except the messages listed below, no PC5 signalling messages that is not integrity protected shall be processed by the UE:

a) DIRECT LINK ESTABLISHMENT REQUEST message;

b) DIRECT LINK ESTABLISHMENT REJECT message;

c) DIRECT LINK AUTHENTICATION REQUEST message;

d) DIRECT LINK AUTHENTICATION RESPONSE message;

e) DIRECT LINK AUTHENTICATION REJECT message;

f) DIRECT LINK SECURITY MODE REJECT message; and

g) DIRECT LINK AUTHENTICATION FAILURE message.

NOTE: These messages are accepted by the receiving UE without integrity protection, as in certain situations they are sent by the peer UE before security can be activated.

Once the secure exchange of PC5 signalling messages has been established, the receiving UE shall not process any PC5 signalling message that does not successfully pass the integrity check. The DIRECT LINK SECURITY MODE COMMAND message shall be processed as specified in clause 6.1.2.7.3. If any PC5 signalling message is received as not integrity protected and not ciphered even though the secure exchange of PC5 signalling messages has been established, then the receiving UE shall discard this message.

6.1.2.12 PC5 QoS flow establishment over PC5 unicast link

In order to establish a PC5 QoS flow establishment over PC5 unicast link, the UE shall derive the PC5 QoS parameters based on the V2X application requirements provided by the upper layers (if available) and the V2X service identifier (e.g. PSID or ITS-AID) according to the PC5 QoS mapping rules defined in clause 5.2.3. The UE shall create the PC5 QoS flow(s) based on the derived PC5 QoS parameters. For each PC5 QoS flow to be created, the UE shall perform the following operations:

a) self-assign a PQFI;

b) create a PC5 QoS flow context, which contains:

1) the PQFI;

2) the V2X service identifier(s); and

3) the derived PC5 QoS parameters;

c) create a new PC5 QoS rule which contains:

1) a PC5 QoS rule identifier;

2) the PQFI;

3) a set of packet filters; and

4) a precedence value; and

d) pass the following parameters to the lower layers:

1) the PQFI;

2) the PC5 QoS parameters;

3) the PC5 link identifier; and

4) optionally, the source and destination layer-2 IDs.

Two types of packet filters are supported for V2X communication over PC5, i.e. the IP packet filter set and the V2X packet filter set. A PC5 QoS Rule contains either the IP packet filter set or the V2X packet filter set.

The IP packet filter set is defined as content of the packet filter contents field specified in 3GPP TS 24.501 [6] figure 9.11.4.13.4 and table 9.11.4.13.1.

The V2X packet filter set shall support packet filters based on at least any combination of:

a) V2X Service identifie (e.g. PSID or ITS-AID);

b) the source layer-2 ID and the destination layer-2 ID; and

c) application layer ID (e.g. Station ID).

The UE shall also pass the one or more V2X frequencies associated with the V2X service identifier and the communication mode which is set to unicast mode for the V2X service identifier to the lower layers, if:

a) the UE is configured with V2X service identifier to V2X frequency mapping rules for V2X communication over PC5 as specified in clause 5.2.3; and

b) there is one or more V2X frequencies associated with the V2X service identifier in the current geographical area.

6.1.2.13 PC5 QoS flow match over PC5 unicast link

When service data or request from the upper layers is received, the UE determines if there is any existing PC5 QoS flow(s) matching the service data or request, i.e. based on the PC5 QoS rules for the existing PC5 QoS flow(s).

If there is no PC5 QoS rules for the existing PC5 QoS flow(s) matching the service data or request, the UE shall derive the PC5 QoS parameters based on the V2X application requirements provided by the upper layers (if available) and the V2X service identifier (e.g. PSID or ITS-AID) according to the PC5 QoS mapping rules defined in clause 5.2.3 and shall perform the following:

a) if there is no existing PC5 QoS flow that fulfils the derived PC5 QoS parameters, then the UE shall create a new PC5 QoS flow as specified in clause 6.1.2.12;

b) if there is an existing PC5 QoS flow that fulfils the derived PC5 QoS parameters, then the UE shall update the PC5 packet filter set in the PC5 QoS rule of this PC5 QoS flow, e.g. add the new packet filter in the PC5 QoS rule of this existing PC5 QoS flow; and

c) the UE shall use the new PC5 QoS flow created as described in bullet a) or the existing PC5 QoS flow with the updated PC5 QoS rules as described in bullet b) to perform the transmission of V2X communication over PC5 as specified in clause 6.1.2.9.

If there is a PC5 QoS rule for the existing PC5 QoS flow matching the service data or request, the UE shall use this existing PC5 QoS flow to perform transmission of V2X communication over PC5 as specified in clause 6.1.2.9.

6.1.3 Broadcast mode communication over PC5

6.1.3.1 Overview

This clause describes the V2X communication over PC5 reference point in broadcast mode operation. The UE is configured with the related information as described in clause 5.2.3.

6.1.3.2 Transmission of broadcast mode V2X communication over PC5

6.1.3.2.1 Initiation

6.1.3.2.1.1 Requirements for V2X communication over PC5

When the upper layers request the UE to send a V2X message of a V2X service identified by a V2X service identifier using V2X communication over PC5, the request from the upper layers includes:

a) the V2X message;

b) the V2X service identifier of the V2X service for the V2X message;

c) the type of data in the V2X message (i.e. IP or non-IP);

d) if the V2X message contains non-IP data, the V2X message family (see clause 9.2) of data in the V2X message;

e) optionally the communication mode which is set to broadcast mode; and

f) optionally the V2X application requirements (e.g. priority requirement, reliability requirement, delay requirement).

Upon a request from upper layers to send a V2X message of a V2X service identified by a V2X service identifier using V2X communication over PC5, if:

a) the UE is configured with V2X service identifier to V2X frequency mapping rules for V2X communication over PC5 as specified in clause 5.2.3; and

b) there is one or more V2X frequencies associated with the V2X service identifier of the V2X service for the V2X message in the current geographical area,

then the UE passes the one or more V2X frequencies associated with the V2X service identifier of the V2X service and the communication mode which is set to broadcast mode for the V2X message to the lower layers.

Then, if any of the following conditions are met:

a) the following conditions are met:

1) the UE is served by NR or served by E-UTRA for NR-PC5 V2X communication;

2) the UE intends to use the radio resources (i.e. carrier frequency) provided by a serving cell;

3) the registered PLMN is in the list of PLMNs in which the UE is authorized to use V2X communication over PC5 when the UE is served by NR or served by E-UTRA for V2X communication over PC5 as specified in clause 5.2.3; and

4) the V2X service identifier of the V2X service is included in the list of V2X services authorized for V2X communication over PC5 as specified in clause 5.2.3 or the UE is configured with a default destination layer-2 ID for V2X communication over PC5 as specified in clause 5.2.3;

b) the following conditions are met:

1) the UE is:

i) not served by NR and not served by E-UTRA for V2X communication over PC5;

ii) in limited service state as specified in 3GPP TS 23.122 [2], if the reason for the UE being in limited service state is one of the following:

A) the UE is unable to find a suitable cell in the selected PLMN as specified in 3GPP TS 38.304 [9];

B) the UE received a REGISTRATION REJECT message or a SERVICE REJECT message with the 5GMM cause #11 "PLMN not allowed" as specified in 3GPP TS 24.501 [6]; or

C) the UE received a REGISTRATION REJECT message or a SERVICE REJECT message with the 5GMM cause #7 "5GS services not allowed" as specified in 3GPP TS 24.501 [6]; or

iii) in limited service state as specified in 3GPP TS 23.122 [2] for reasons other than A), B) or C) above, and located in a geographical area for which the UE is provisioned with "non-operator managed" radio parameters as specified in clause 5.2.3;

2) the UE is authorized to use V2X communication over PC5 when the UE is not served by NR and not served by E-UTRA for V2X communication as specified in clause 5.2.3; and

3) the V2X service identifier of the V2X service is included in the list of V2X services authorized for V2X communication over PC5 as specified in clause 5.2.3 or the UE is configured with a default destination layer-2 ID for V2X communication over PC5 as specified in clause 5.2.3;

then the UE shall proceed as specified in clause 6.1.3.2.1.2, else the UE shall not perform transmission of V2X communication over PC5.

6.1.3.2.1.2 PC5 QoS flow match and establishment

When determining if any existing PC5 QoS flow match the request from upper layers, UE shall proceeds as follows:

a) according to the PC5 QoS mapping rules specified in clause 5.2.3, the UE shall use the PC5 QoS parameters corresponding to the V2X service identifier and optionally V2X application requirements;

b) according to the V2X service identifier to destination layer-2 ID for broadcast mapping rules specified in clause 5.2.3, the UE shall use the destination layer-2 ID corresponding to the V2X service identifier;

c) if there is no existing context for the destination layer-2 ID, then:

1) build a new context for the destination layer-2 ID;

2) self-assign a new source layer-2 ID; and

3) pass the source layer-2 ID and the destination layer-2 ID to lower layers.

d) if in the context for the destination layer-2 ID, there is no PC5 QoS rule for the existing PC5 QoS flow(s) matching the service data or request, the UE shall derive the PC5 QoS parameters based on the V2X application requirements provided by the upper layers (if available) and the V2X service identifier (e.g. PSID or ITS-AID) according to the PC5 QoS mapping rules defined in clause 5.2.3 and shall perform the following::

1) if there is no existing PC5 QoS flow that fulfils the derived PC5 QoS parameters, then the UE shall create a new PC5 QoS flow by performing the following operations:

i) self-assign a new PQFI;

ii) create a new PC5 QoS flow context which contains:

– the PQFI;

– the V2X service identifier(s); and;

– the derived PC5 QoS parameters;

iii) create a new PC5 QoS rule which contains:

– a PC5 QoS rule identifier;

– the PQFI;

– a set of packet filters; and

– a precedence value; and

iv) pass the following parameters to the lower layers:

– the PQFI;

– the PC5 QoS parameters; and

– the source layer-2 ID and the destination layer-2 ID;

2) if there is an existing PC5 QoS flow that fulfils the derived PC5 QoS parameters, then the UE shall update the PC5 packet filter set in the PC5 QoS rule of this PC5 QoS flow, e.g. add the new packet filter in the PC5 QoS rule of this existing PC5 QoS flow; and

3) the UE shall use the new PC5 QoS flow created as described in bullet 1) or the existing PC5 QoS flow with the updated PC5 QoS rules as described in bullet 2) to perform the transmission of V2X communication over PC5 as specified in clause 6.1.3.2.2; and

e) if in the context for the destination layer-2 ID, there is a PC5 QoS rule for the existing PC5 QoS flow matching the service data or request, the UE shall use this existing PC5 QoS flow to perform transmission of V2X communication over PC5 as specified in clause 6.1.3.2.2.

Two types of packet filters are supported for V2X communication over PC5, i.e. the IP packet filter set and the V2X packet filter set. A PC5 QoS Rule contains either the IP packet filter set or the V2X packet filter set.

The IP packet filter set is defined as content of the packet filter contents field specified in 3GPP TS 24.501 [6] figure 9.11.4.13.4 and table 9.11.4.13.1.

The V2X packet filter set shall support packet filters based on at least any combination of:

– V2X service identifier (e.g. PSID or ITS-AID);

– the source layer-2 ID and the destination layer-2 ID; and

– Application Layer ID (e.g. Station ID);

6.1.3.2.2 Transmission

The UE shall include the V2X message in a protocol data unit with the following parameters:

a) a layer-3 protocol data unit type (see 3GPP TS 38.323 [10]) set to:

1) IP packet, if the V2X message contains IP data; or

2) non-IP packet, if the V2X message contains non-IP data;

b) the source layer-2 ID set to the layer-2 ID self-assigned by the UE for V2X communication over PC5;

c) the destination layer-2 ID set to:

1) the destination layer-2 ID associated with the V2X service identifier of the V2X service in this list of V2X services authorized for V2X communication over PC5 as specified in clause 5.2.3, if the V2X service identifier of the V2X service is included in the list of V2X services authorized for V2X communication over PC5 as specified in clause 5.2.3; or

2) the default destination layer-2 ID configured to the UE for V2X communication over PC5 as specified in clause 5.2.3, if the V2X service identifier of the V2X service is not included in the list of V2X services authorized for V2X communication over PC5 and the UE is configured with a default destination layer-2 ID for V2X communication over PC5;

d) if the V2X message contains non-IP data, an indication to set the non-IP type field of the non-IP type PDU to the value corresponding to the V2X message family (see clause 9.2 and clause 9.3) used by the V2X service as indicated by upper layers;

e) if the V2X message contains IP data, the source IP address set to the source IP address self-assigned by the UE for V2X communication over PC5;

f) the PQFI set to the value corresponding to the PC5 QoS Rules as specified in clause 6.1.3.2.1;

g) if E-UTRA-PC5 is used for V2X communication over PC5, the UE is configured with V2X service identifier to Tx Profile mapping rules for V2X communication over PC5 as specified in clause 5.2.3, the Tx Profile associated with the V2X service identifier as specified in clause 5.2.3.

then UE shall request radio resources for V2X communication over PC5 as specified in 3GPP TS 38.300 [8], and pass the V2X message on the PC5 QoS Flow identified by the PQFI to lower layers for transmission. The PC5 QoS Rules corresponding to the PQFIs map V2X messages with the same V2X service identifier and with the same PC5 QoS parameters to the same PC5 QoS Flow, and apply PQFI to V2X messages;

If the UE is camped on a serving cell indicating that V2X communication over PC5 is supported by the network, but not broadcasting any carrier frequencies and radio resources for V2X communication over PC5 as specified in 3GPP TS 38.331 [11], the UE shall request radio resources for V2X communication over PC5 as specified in 3GPP TS 24.501 [6].

If the UE has an emergency PDN connection, the UE shall send an indication to the lower layers to prioritize transmission over the emergency PDN connection as compared to transmission of V2X communication over PC5.

6.1.3.2.3 Procedure for UE to use provisioned radio resources for V2X communication over PC5

When the UE is not served by NR and not served by E-UTRA for V2X communication and is authorized to use V2X communication over PC5, the UE shall identify the RAT to be used for V2X communication over PC5 according to the list of RATs in which the UE is authorized to use V2X communication over PC5. If both E-UTRA-PC5 and NR-PC5 for V2X are authorized to the UE for V2X communication over PC5, the UE selects a RAT used for V2X communication over PC5 according to local policy. After identifying E-UTRA-PC5 to be used for V2X communication over PC5, the UE performs the procedure defined in clause 6.1.2.3 of 3GPP TS 24. 386  [5]. After identifying NR-PC5 to be used for V2X communication over PC5, the UE shall select the corresponding radio parameters to be used for V2X communication over PC5 as follows:

a) if the UE can determine itself located in a geographical area, and the UE is provisioned with radio parameters for the geographical area, the UE shall select the radio parameters associated with that geographical area; or

b) in all other cases, the UE shall not initiate V2X communication over PC5.

It is out of scope of the present specification to define how the UE can locate itself in a specific geographical area. When the UE is in coverage of a 3GPP RAT it can for example use information derived from the serving PLMN. When the UE is not in coverage of a 3GPP RAT it can use other techniques, e.g. global navigation satellite system (GNSS). The UE shall not consider user provided location as a valid input to locate itself in a specific geographical area.

If the UE intends to use "non-operator managed" radio parameters as specified in clause 5.2.3, the UE shall initiate V2X communication over PC5 with the selected radio parameters.

If the UE intends to use "operator managed" radio parameters as specified in clause 5.2.3, before initiating V2X communication over PC5, the UE shall check with lower layers whether the selected radio parameters can be used in the current location without causing interference to other cells as specified in 3GPP TS 38.331 [11], and:

a) if the lower layers indicate that the usage would not cause any interference, the UE shall initiate V2X communication over PC5; or

NOTE: If the lower layers find that there exists a cell operating the provisioned radio resources (i.e., carrier frequency), and the cell belongs to the registered PLMN or a PLMN equivalent to the registered PLMN, and the UE is authorized for V2X communication over PC5 in this PLMN, the UE can use the radio parameters indicated by the cell as specified in 3GPP TS 38.331 [11].

b) else if the lower layers report that one or more PLMNs operate in the provisioned radio resources (i.e. carrier frequency) then:

1) if the following conditions are met:

i) none of the PLMNs reported by the lower layers is the registered PLMN or equivalent to the registered PLMN;

ii) at least one of the PLMNs reported by the lower layers is in the list of authorized PLMNs for V2X communication over PC5 and provides radio resources for V2X communication over PC5 as specified in 3GPP TS 38.331 [11]; and

iii) the UE does not have an emergency PDU session;

then the UE shall:

i) if in 5GMM-IDLE mode, perform PLMN selection triggered by V2X communication over PC5 as specified in 3GPP TS 23.122 [2]; or

ii) else if in 5GMM-CONNECTED mode, either:

A) perform a Deregistration procedure as specified in 3GPP TS 24.501 [6] and then perform PLMN selection triggered by V2X communication over PC5 as specified in 3GPP TS 23.122 [2]; or

B) not initiate V2X communication over PC5.

Whether the UE performs i) or ii) above is left up to UE implementation; or

2) else the UE shall not initiate V2X communication over PC5.

If the registration to the selected PLMN is successful, the UE shall proceed with the procedure to initiate V2X communication over PC5 as specified in clause 6.1.3.2.1.

If the UE is performing V2X communication over PC5 using radio parameters associated with a geographical area and moves out of that geographical area, the UE shall stop performing V2X communication over PC5 and then:

a) if the UE is not served by NR and not served by E-UTRA for V2X communication over PC5 or the UE intends to use radio resources for V2X communication over PC5 other than those operated by the serving cell, the UE shall select appropriate radio parameters for the new geographical area as specified above; or

b) if the UE is served by NR or served by E-UTRA for V2X communication over PC5 and intends to use radio resources for V2X communication over PC5 operated by the serving cell, the UE shall proceed with the procedure to initiate V2X communication over PC5 when served by NR or served by E-UTRA for V2X communication over PC5.

6.1.3.2.4 Privacy of V2X transmission over PC5

Upon initiating transmission of V2X communication over PC5, if:

a) the V2X service identifier of a V2X service requesting transmission of V2X communication over PC5 is in the list of of V2X services which require privacy for V2X communication over PC5 as specified in clause 5.2.3; and

b) the UE is located in a geographical area in which this V2X service requires privacy for V2X communication over PC5 as specified in clause 5.2.3, or the UE is not provisioned any geographical areas in which this V2X services requires privacy for V2X communication over PC5,

then the UE shall proceed as follows:

a) if timer T5020 is not running, start timer T5020 and set its timer value as the privacy timer value as specified in clause 5.2.3;

b) upon:

1) getting an indication from upper layers that the application layer identifier has been changed; or

2) timer T5020 expiry,

then:

1) change the value of the source layer-2 ID self-assigned by the UE for the V2X communication over PC5;

2) if the V2X message contains IP data, change the value of the source IP address self-assigned by the UE for V2X communication over PC5;

3) provide an indication to upper layers that the source layer-2 ID and/or the source IP address are changed;

4) pass the changed source layer-2 ID and destination layer-2 ID, along with the corresponding PQFI down to the lower layer;

5) restart timer T5020; and

6) upon stopping transmission of the V2X communication over PC5, stop timer T5020.

6.1.3.3 Reception of broadcast mode V2X communication over PC5

The UE may be configured by upper layers with one or more destination layer-2 ID(s) for reception of V2X messages over PC5. For each received protocol data unit over PC5, the receiving UE shall check if the destination layer-2 ID of the received protocol data unit matches one of the configured destination Layer-2 IDs. If yes, the UE shall then check whether the protocol data unit type as defined 3GPP TS 38.323 [10] provided by the lower layers for the received packet is set to IP packet or non-IP packet, and pass the protocol data unit to the corresponding upper layer entity.

6.1.4 Groupcast mode communication over PC5

6.1.4.1 Overview

This clause describes the V2X communication over PC5 reference point in groupcast mode operation. The UE is configured with the related information as described in clause 5.2.3.

6.1.4.2 Transmission of groupcast mode V2X communication over PC5

6.1.4.2.1 Initiation

6.1.4.2.1.1 Requirements for V2X communication over PC5

The requirements for groupcast mode V2X communication over PC5 is the same as described in clause 6.1.3.2.1.1, with the following additions:

a) When the upper layers request the UE to send a V2X message of a V2X service identified by a V2X service identifier using V2X communication over PC5, then the request from the upper layers may include:

1) the group identifier information (i.e. an application-layer V2X group identifier);

2) the group size and the member IDs;

3) the range requirement; or

4) the communication mode which is set to groupcast mode.

6.1.4.2.1.2 PC5 QoS flow match and establishment

The PC5 QoS flow match and establishment for groupcast mode V2X communication over PC5 is the same as described in clause 6.1.3.2.1.2, with the following modifications:

a) The UE shall determine the destination layer-2 ID as:

1) if no group identifier information is provided, then according to the mapping rules specified in clause 5.2.3, the UE shall use the destination layer-2 ID corresponding to the V2X service identifier;

2) if group identifier information is provided and there is a context for the group identifier information, then UE shall use the destination layer-2 ID in the context for the group identifier information; and

3) if group identifier information is provided and there is no context for the group identifier information, then the UE shall:

i) use the group identifier as the input to the SHA-256 hashing algorithm as specified in ISO/IEC 10118-3:2018 [23]; and

ii) use the 24 least significant bits of the 256 bits of the output as destination layer-2 ID; and

NOTE: SHA-256 hashing algorithm is pre-configured in the ME.

b) If there is no existing context for the destination layer-2 ID and optional group identifier, the UE shall proceed as:

1) to establish a new context for the destination layer-2 ID and optional group identifier;

2) self-assign a new source layer-2 ID; and

3) to pass the source/destination layer-2 IDs, optional group size and optional member IDs to lower layers.

6.1.4.2.2 Transmission

The transmission of groupcast mode V2X communication over PC5 is same as described in clause 6.1.3.2.2, with the following additions:

a) If group identifier is provided, then the destination layer-2 ID shall be set to the destination layer-2 ID in the context for the group identifier as specified in clause 6.1.4.2.1.2.

6.1.4.2.3 Procedure for UE to use provisioned radio resources for V2X communication over PC5

The procedures described for using NR-PC5 in clause 6.1.3.2.3 apply.

6.1.4.2.4 Privacy of V2X transmission over PC5

The procedures described in clause 6.1.3.2.4 apply with using the privacy timer T5030 for groupcast.

6.1.4.3 Reception of groupcast mode V2X communication over PC5

The reception of groupcast mode V2X communication over PC5 is the same as described in clause 6.1.3.3, with the following additions:

a) Besides the configured destination layer-2 ID(s) for reception of V2X messages over PC5, the UE shall also derive the destination layer-2 ID(s) based on group identifier(s) if provided by upper layers as specified in clause 6.1.4.2.1.

6.2 V2X communication over Uu

6.2.1 General

This clause describes the procedures at the UE and the V2X application server, for V2X communication over Uu.

There are no additional security or privacy procedures of V2X communication over Uu beyond those specified in 3GPP TS 33.501 [21] for Uu connectivity with 5GCN.

Both IP based and non-IP based V2X communication over Uu are supported.

V2X messages carried over Uu are sent or received over unicast only in this release of the specification. Furthermore, V2X messages are carried over Uu using user data over user plane. For this, the UE first performs the UE-requested PDU session establishment procedure to establish user-plane resouces as specified in 3GPP TS 24.501 [6].

Procedures for V2X communication over Uu for V2X services not identified by a V2X service identifier are out of scope of the present version of the present specification.

NOTE: The upper layers are responsible for re-assembly of V2X messages and that is out of scope of 3GPP.

6.2.2 Transmission of V2X communication over Uu from UE to V2X application server

The upper layers can request the UE to send a V2X message of a V2X service identified by a V2X service identifier using V2X communication over Uu. The request from the upper layers includes:

a) the V2X message;

b) the V2X service identifier of the V2X service for the V2X message;

c) the type of data in the V2X message (IP or non-IP); and

d) if the V2X message contains non-IP data, the V2X message family (see clause 9.2) of data in the V2X message.

Upon a request from upper layers to send a V2X message of a V2X service identified by a V2X service identifier using V2X communication over Uu:

a) if the registered PLMN of the UE is not in the list of PLMNs in which the UE is configured to use V2X communication over Uu as specified in clause 5.2.4, the UE shall determine that the transmission of V2X communication over Uu from UE to V2X application server is not configured and shall not continue with the rest of the steps; and

b) if the V2X service identifier is included in the list of V2X service identifier to PDU session parameters mapping rules specified in clause 5.2.4;

then:

1) the UE shall determine the mapping rule in the list of V2X service identifier to PDU session parameters mapping rules specified in clause 5.2.4, such that the mapping rule contains the V2X service identifier provided by upper layers;

2) the UE shall consider the PDU session type, the SSC mode (if indicated in determined mapping rule), an S-NSSAI (if indicated in determined mapping rule) and a DNN (if indicated in determined mapping rule) indicated in the determined mapping rule as the UE local configuration and request information of the PDU session via which to send a PDU according to 3GPP TS 24.526 [22]. The UE shall use the transport layer protocol, if indicated in the determined mapping rule, to transport the V2X message;

3) if the PDU session is of "IPv4", "IPv6" or "IPv4v6" PDU session type:

i) if the V2X service identifier is included in the list of V2X service identifier to V2X application server address mapping rules as specified in clause 5.2.4, then:

A) the UE shall discover the V2X application server address for uplink transport as described in clause 6.2.6. If the V2X application server address cannot be discovered, the UE shall determine that the transmission of V2X communication over Uu from UE to V2X application server is not possible and shall not continue with the rest of the steps;

B) if UDP is to be used for the determined V2X application server address, the UE shall generate a UDP message as described in IETF RFC 768 [14]. In the UDP message, the UE shall include the V2X message provided by upper layers in the data octets field. The UE shall send the UDP message to the determined V2X application server address; and

C) if TCP is to be used for the determined V2X application server address:

1) if a TCP connection with the determined V2X application server address is not established yet, the UE shall establish a TCP connection with the determined V2X application server address; and

2) the UE shall generate one or more TCP message(s) as described in IETF RFC 793 [25]. In the one or more TCP message(s), the UE shall include the V2X message provided by upper layers in the data octets filed. The UE shall send the one or more TCP message(s) to the determined V2X application server address via the TCP connection; and

4) if the PDU session is of "Unstructured" PDU session type and the type of data in the V2X message is non-IP, the UE shall generate a UDP message as described in IETF RFC 768 [14]. In the UDP message, the UE shall encapsulate the V2X message provided by upper layers in the data octets field. The UE shall send the UDP message to the determined V2X application server address.

6.2.3 Reception of V2X communication over Uu from UE to V2X application server

If the V2X application server is configured with one or more UDP ports for uplink transport or one or more TCP ports for bidirectional transport, of V2X message(s) of V2X service(s) identified by V2X service identifier(s) using the V2X communication over Uu as specified in clause 6.2.7:

1) if the V2X application server is configured with a UDP port for uplink transport, the V2X application server shall extract a V2X message of the V2X service from a UDP message received on a local IP address and a UDP port; and

2) if the V2X application server is configured with a TCP port for bidirectional transport, the V2X application server shall listen for incoming TCP connection(s) on a local IP address and the TCP port, shall accept the incoming TCP connection(s), shall receive one or more TCP message(s)via the accepted TCP connection(s) and shall extract a V2X message of the V2X service from the received one or more TCP message(s).

If the V2X application server is configured to handle data of "Unstructured" PDU Session type for transport of V2X message(s) of V2X service(s) identified by V2X service identifier(s) using V2X communication over Uu as specified in clause 6.2.7, the V2X application server shall receive one or more UDP message(s) as data of a point-to-point tunnel established over N6 and shall extract a V2X message and a V2X message family (if the V2X message is non-IP based) from the received UDP message.

6.2.4 Transmission of V2X communication over Uu from V2X application server to UE

The V2X application server shall be configured with UDP port(s), TCP port(s) or any combination of them for transport of the V2X communication over Uu to the UE.

If the V2X application server supports V2X messages of IP type of data and of non-IP type of data, then the V2X application server shall be configured with different UDP ports or TCP ports for V2X messages of different types of data.

If the V2X application server supports V2X messages of several V2X message families, then the V2X application server shall be configured with different UDP ports or TCP ports for V2X messages of different V2X message families.

If the V2X application server determines to use UDP for transmission of the V2X message identified by a V2X service identifier, the V2X application server shall generate a UDP message. If the V2X message is of "Unstructured" PDU Session type, then the V2X application server shall encapsulate the V2X message into IP type data. In the UDP message, the V2X application server:

a) shall set data octets field to the V2X message if the V2X message is of IP type;

a) shall set data octets field to the encapsulated IP type data if the V2X message is of "Unstructured" PDU Session type; and

c) shall set the destination IP address and the destination UDP port to the UE’s IP address and the configured UDP port associated the type of data of the V2X message and the V2X message family of the data of the V2X message (in case of non-IP).

The V2X application server sends the UDP message as the user plane data to the UE.

If the V2X application server determines to use TCP for transmission of the V2X message identified by a V2X service identifier, the V2X application server establishes a TCP connection with the UE if no TCP connection exists, then the V2X application server shall generate one or more TCP message(s). In the one or more TCP message(s), the V2X application server:

a) shall set data octets field to the V2X message; and

b) shall set the destination IP address and the destination TCP port to the UE’s IP address and the configured TCP port associated the type of data of the V2X message and the V2X message family of the data of the V2X message (in case of non-IP).

The V2X application server sends the one or more TCP message(s) as the user plane data to the UE.

6.2.5 Reception of V2X communication over Uu from V2X application server to UE

The upper layers can request the UE to receive a V2X message of a V2X service identified by a V2X service identifier using V2X communication over Uu. The request from the upper layers includes:

a) the V2X service identifier of the V2X service for the V2X message to be received;

b) the type of data in the V2X message to be received (IP or non-IP); and

c) if the V2X message to be received contains non-IP data, the V2X message family (see clause 9.2) of data in the V2X message to be received.

Upon a request from upper layers to receive a V2X message of a V2X service identified by a V2X service identifier using V2X communication over Uu:

a) if the registered PLMN of the UE is not in the list of PLMNs in which the UE is configured to use V2X communication over Uu as specified in clause 5.2.4, the UE shall determine that the transmission of V2X communication over Uu from V2X application server to UE is not configured and shall not continue with the rest of the steps; and

b) if the V2X service identifier is included in the list of V2X service identifier to PDU session parameters mapping rules specified in clause 5.2.4;

then:

1) the UE shall determine the mapping rule in the list of V2X service identifier to PDU session parameters mapping rules specified in clause 5.2.4, such that the mapping rule contains the V2X service identifier provided by upper layers;

2) the UE shall establish a PDU session with the PDU session type, the SSC mode (if indicated in determined mapping rule), an S-NSSAI (if indicated in determined mapping rule) and a DNN (if indicated in determined mapping rule) indicated in the determined mapping rule, if such PDU session does not exist yet. The UE shall use the transport layer protocol, if indicated in the determined mapping rule, to receive the V2X message;

3) if the PDU session is of "IPv4", "IPv6" or "IPv4v6" PDU session type:

i) if the V2X service identifier is included in the list of V2X service identifier to V2X application server address mapping rules as specified in clause 5.2.4, then:

A) the UE shall discover the V2X application server address for downlink transport as described in clause 6.2.6. If the V2X application server address cannot be discovered, the UE shall determine that the transmission of V2X communication over Uu from V2X application server to UE is not possible and shall not continue with the rest of the steps. If the V2X service identifier is not included in the list of V2X service identifier to V2X application server address mapping rules as specified in clause 5.2.4, the UE shall continue with the rest of the steps; and

B) if UDP is to be used for the determined V2X application server address:

1) the UE shall select the UDP port for downlink transport based on configuration parameters for V2X communication as defined in clause 5.2.4; and

2) the UE shall listen for UDP packets over the determined UDP port, and provide the UDP packets to the upper layers if received; and

C) if TCP is to be used for the determined V2X application server address:

1) if a TCP connection with the determined V2X application server address is not established yet, the UE shall establish a TCP connection with the determined V2X application server address; and

2) the UE shall listen for TCP packets over the established TCP connection, and provide the TCP packets to the upper layers if received; and

4) if the PDU session is of "Unstructured" PDU session type and the type of data in the V2X message is non-IP, the UE shall proceed as UDP is to be used for the determined V2X application server address with the exeption that the V2X message is encapsulated as IP type data packets.

6.2.6 V2X application server discovery

Before initiating V2X communication over Uu, the UE needs to discover the V2X application server to which the V2X messages shall be sent or received.

To discover the V2X application server address for uplink transport, the UE shall proceed as follows, in priority order:

a) if the V2X service of the V2X message is identified by a V2X service identifier and this V2X service identifier is associated with a V2X application server IP address and a UDP port for uplink transport or a TCP port for bidirectional transport in the list of V2X service identifier to V2X application server address mapping rules for the serving PLMN and the geographical area in which the UE is located as specified in clause 5.2.4, the UE shall use this IP address and the UDP or TCP port for V2X communication over Uu;

b) else if the V2X service of the V2X message is identified by a V2X service identifier and this V2X service identifier is associated with a V2X application server FQDN and a UDP port for uplink transport or a TCP port for bidirectional transport in the list of V2X service identifier to V2X application server address mapping rules for the serving PLMN and the geographical area in which the UE is located as specified in clause 5.2.4, the UE shall perform DNS lookup as specified in IETF RFC 1035 [19], then use the resulting IP address and the UDP or TCP port for V2X communication over Uu;

c) else if the V2X service of the V2X message is identified by a V2X service identifier and this V2X service identifier is associated with a V2X application server IP address and a UDP port for uplink transport or a TCP port for bidirectional transport in the list of V2X service identifier to V2X application server address mapping rules for the serving PLMN as specified in clause 5.2.4, the UE shall use this IP address and the UDP or TCP port for V2X communication over Uu;

d) else if the V2X service of the V2X message is identified by a V2X service identifier and this V2X service identifier is associated with a V2X application server FQDN and a UDP port for uplink transport or a TCP port for bidirectional transport in the list of V2X service identifier to V2X application server address mapping rules for the serving PLMN as specified inclause 5.2.4, the UE shall perform DNS lookup as specified in IETF RFC 1035 [19], then use the resulting IP address and the UDP or TCP port for V2X communication over Uu;

e) else if the V2X service of the V2X message is identified by a V2X service identifier, the V2X message contains IP data, and the default V2X application server address applicable for the serving PLMN, the geographical area in which the UE is located and the IP type of data as specified in clause 5.2.4 is configured and contains an IP address and a UDP port for uplink transport or a TCP port for bidirectional transport, then the UE shall use the IP address and the UDP or TCP port for V2X communication over Uu;

f) else if the V2X service of the V2X message is identified by a V2X service identifier, the V2X message contains IP data, and the default V2X application server address applicable for the serving PLMN, the geographical area in which the UE is located and the IP type of data as specified in clause 5.2.4 is configured and contains an FQDN and a UDP port for uplink transport or a TCP port for bidirectional transport, then the UE shall perform DNS lookup of the FQDN as specified in IETF RFC 1035 [19], and shall use the resulting IP address and the UDP or TCP port for V2X communication over Uu;

g) else if the V2X service of the V2X message is identified by a V2X service identifier, the V2X message contains IP data, and the default V2X application server address applicable for the serving PLMN and the IP type of data as specified in clause 5.2.4 is configured and contains an IP address and a UDP port for uplink transport or a TCP port for bidirectional transport, then the UE shall use the IP address and the UDP or TCP port for V2X communication over Uu;

h) else if the V2X service of the V2X message is identified by a V2X service identifier, the V2X message contains IP data, and the default V2X application server address applicable for the serving PLMN and the IP type of data as specified in clause 5.2.4 is configured and contains an FQDN and a UDP port for uplink transport or a TCP port for bidirectional transport, then the UE shall perform DNS lookup of the FQDN as specified in IETF RFC 1035 [19], and shall use the resulting IP address and the UDP or TCP port for V2X communication over Uu;

i) else if the V2X service of the V2X message is identified by a V2X service identifier, the V2X message contains non-IP data, and the default V2X application server address applicable for the serving PLMN, the geographical area in which the UE is located and the V2X message family of the non-IP data as specified in clause 5.2.4 is configured and contains an IP address and a UDP port for uplink transport or a TCP port for bidirectional transport, then the UE shall use the IP address and the UDP or TCP port for V2X communication over Uu;

j) else if the V2X service of the V2X message is identified by a V2X service identifier, the V2X message contains non-IP data, and the default V2X application server address applicable for the serving PLMN, the geographical area in which the UE is located and the V2X message family of the non-IP data as specified in clause 5.2.4 is configured and contains an FQDN and a UDP port for uplink transport or a TCP port for bidirectional transport, then the UE shall perform DNS lookup of the FQDN as specified in IETF RFC 1035 [19], and shall use the resulting IP address and the UDP or TCP port for V2X communication over Uu;

k) else if the V2X service of the V2X message is identified by a V2X service identifier, the V2X message contains non-IP data, and the default V2X application server address applicable for the serving PLMN and the V2X message family of the non-IP data as specified in clause 5.2.4 is configured and contains an IP address and a UDP port for uplink transport or a TCP port for bidirectional transport, then the UE shall use the IP address and the UDP or TCP port for V2X communication over Uu;

l) else if the V2X service of the V2X message is identified by a V2X service identifier, the V2X message contains non-IP data, and the default V2X application server address applicable for the serving PLMN and the V2X message family of the non-IP data as specified in clause 5.2.4 is configured and contains an FQDN and a UDP port for uplink transport or a TCP port for bidirectional transport, then the UE shall perform DNS lookup of the FQDN as specified in IETF RFC 1035 [19], and shall use the resulting IP address and the UDP or TCP port for V2X communication over Uu;

m) else if the V2X service of the V2X message is not identified by a V2X service identifier and the UE is configured with a V2X application server IP address for the serving PLMN and the geographical area in which the UE is located as specified in clause 5.2.4, the UE shall use this IP address for V2X communication over Uu;

n) else if the V2X service of the V2X message is not identified by a V2X service identifier and the UE is configured with a V2X application server FQDN for the serving PLMN and the geographical area in which the UE is located as specified in clause 5.2.4, the UE shall perform DNS lookup as specified in IETF RFC 1035 [19], then use the resulting IP address for V2X communication over Uu;

o) else if the V2X service of the V2X message is not identified by a V2X service identifier and the UE is configured with a V2X application server IP address for the serving PLMN as specified in clause 5.2.4, the UE shall use this IP address for V2X communication over Uu; and

p) else if the V2X service of the V2X message is not identified by a V2X service identifier and the UE is configured with a V2X application server FQDN for the serving PLMN as specified in clause 5.2.4, the UE shall perform DNS lookup as specified in IETF RFC 1035 [19], then use the resulting IP address for V2X communication over Uu.

NOTE: It is out of scope of the present specification to define how the UE can locate itself in a specific geographical area. When the UE is in coverage of a 3GPP RAT it can for example use information derived from the serving PLMN. When the UE is not in coverage of a 3GPP RAT it can use other techniques.

To discover the V2X application server address for downlink transport, the UE shall proceed as follows, in priority order:

a) if the V2X service of the V2X message is identified by a V2X service identifier and this V2X service identifier is associated with a V2X application server IP address and a UDP port for downlink transport or a TCP port for bidirectional transport in the list of V2X service identifier to V2X application server address mapping rules for the serving PLMN and the geographical area in which the UE is located as specified in clause 5.2.4, the UE shall use this IP address and the UDP or TCP port for V2X communication over Uu;

b) else if the V2X service of the V2X message is identified by a V2X service identifier and this V2X service identifier is associated with a V2X application server FQDN and a UDP port for downlink transport or a TCP port for bidirectional transport in the list of V2X service identifier to V2X application server address mapping rules for the serving PLMN and the geographical area in which the UE is located as specified in clause 5.2.4, the UE shall perform DNS lookup as specified in IETF RFC 1035 [19], then use the resulting IP address and the UDP or TCP port for V2X communication over Uu;

c) else if the V2X service of the V2X message is identified by a V2X service identifier and this V2X service identifier is associated with a V2X application server IP address and a UDP port for downlink transport or a TCP port for bidirectional transport in the list of V2X service identifier to V2X application server address mapping rules for the serving PLMN as specified in clause 5.2.4, the UE shall use this IP address and the UDP or TCP port for V2X communication over Uu;

d) else if the V2X service of the V2X message is identified by a V2X service identifier and this V2X service identifier is associated with a V2X application server FQDN and a UDP port for downlink transport or a TCP port for bidirectional transport in the list of V2X service identifier to V2X application server address mapping rules for the serving PLMN as specified in clause 5.2.4, the UE shall perform DNS lookup as specified in IETF RFC 1035 [19], then use the resulting IP address and the UDP or TCP port for V2X communication over Uu;

e) else if the V2X service of the V2X message is identified by a V2X service identifier, the V2X message contains IP data, and the default V2X application server address applicable for the serving PLMN, the geographical area in which the UE is located and the IP type of data as specified in clause 5.2.4 is configured and contains an IP address and a UDP port for downlink transport or a TCP port for bidirectional transport, then the UE shall use the IP address and the UDP or TCP port for V2X communication over Uu;

f) else if the V2X service of the V2X message is identified by a V2X service identifier, the V2X message contains IP data, and the default V2X application server address applicable for the serving PLMN, the geographical area in which the UE is located and the IP type of data as specified in clause 5.2.4 is configured and contains an FQDN and a UDP port for downlink transport or a TCP port for bidirectional transport, then the UE shall perform DNS lookup of the FQDN as specified in IETF RFC 1035 [19], and shall use the resulting IP address and the UDP or TCP port for V2X communication over Uu;

g) else if the V2X service of the V2X message is identified by a V2X service identifier, the V2X message contains IP data, and the default V2X application server address applicable for the the serving PLMN and the IP type of data as specified in clause 5.2.4 is configured and contains an IP address and a UDP port for downlink transport or a TCP port for bidirectional transport, then the UE shall use the IP address and the UDP or TCP port for V2X communication over Uu;

h) else if the V2X service of the V2X message is identified by a V2X service identifier, the V2X message contains IP data, and the default V2X application server address applicable for the serving PLMN and the IP type of data as specified in clause 5.2.4 is configured and contains an FQDN and a UDP port for downlink transport or a TCP port for bidirectional transport, then the UE shall perform DNS lookup of the FQDN as specified in IETF RFC 1035 [19], and shall use the resulting IP address and the UDP or TCP port for V2X communication over Uu;

i) else if the V2X service of the V2X message is identified by a V2X service identifier, the V2X message contains non-IP data, and the default V2X application server address applicable for the serving PLMN, the geographical area in which the UE is located and the V2X message family of the non-IP data as specified in clause 5.2.4 is configured and contains an IP address and a UDP port for downlink transport or a TCP port for bidirectional transport, then the UE shall use the IP address and the UDP or TCP port for V2X communication over Uu;

j) else if the V2X service of the V2X message is identified by a V2X service identifier, the V2X message contains non-IP data, and the default V2X application server address applicable for the serving PLMN, the geographical area in which the UE is located and the V2X message family of the non-IP data as specified in clause 5.2.4 is configured and contains an FQDN and a UDP port for downlink transport or a TCP port for bidirectional transport, then the UE shall perform DNS lookup of the FQDN as specified in IETF RFC 1035 [19], and shall use the resulting IP address and the UDP or TCP port for V2X communication over Uu;

k) else if the V2X service of the V2X message is identified by a V2X service identifier, the V2X message contains non-IP data, and the default V2X application server address applicable for the serving PLMN and the V2X message family of the non-IP data as specified in clause 5.2.4 is configured and contains an IP address and a UDP port for downlink transport or a TCP port for bidirectional transport, then the UE shall use the IP address and the UDP or TCP port for V2X communication over Uu; and

l) else if the V2X service of the V2X message is identified by a V2X service identifier, the V2X message contains non-IP data, and the default V2X application server address applicable for the serving PLMN and the V2X message family of the non-IP data as specified in clause 5.2.4 is configured and contains an FQDN and a UDP port for downlink transport or a TCP port for bidirectional transport, then the UE shall perform DNS lookup of the FQDN as specified in IETF RFC 1035 [19], and shall use the resulting IP address and the UDP or TCP port for V2X communication over Uu.

If multiple V2X application servers are discovered, the V2X application server to be used is selected by the V2X application layer.

The UE shall perform V2X application server discovery again when the UE changes its registered PLMN.

If the V2X application server used by the UE is associated with a particular geographical area, the UE shall perform V2X application server discovery again when the UE moves out of that geographical area.

6.2.7 V2X application server configuration

For transport of V2X message(s) of V2X service(s) identified by V2X service identifier(s) using V2X communication over Uu, the V2X application server shall be configured:

a) with one or more UDP ports for uplink transport;

b) with one or more UDP ports for downlink transport;

c) with one or more TCP ports for bidirectional transport;

d) to handle data of "Unstructured" PDU Session type; or

e) any combination of the above.

If the V2X application server is configured with one or more UDP ports for uplink transport of V2X message(s) of a V2X service(s) identified by V2X service identifier(s) using V2X communication over Uu:

1) if the V2X application server supports V2X messages of IP type of data and of non-IP type of data, then the V2X application server shall be configured with different UDP ports for V2X messages of different types of data; and

2) if the V2X application server supports V2X messages of several V2X message families, then the V2X application server shall be configured with different UDP ports for V2X messages of different V2X message families.