TR 33.926 [ 4], clause 5.3.6.7, Personal Identification Information Violation

Data masking on integration analysis about personal data

TBA.

NWDAF can collect data from UE, NF, OAM, etc. used for analytics. Personal data of the UE's user are involved also. When NWDAF uses such personal data in analytics with other information together, such data correlation operation could bind more personal information with the user's identity. Thus, privacy information about that specific user could be revealed to the person who is allowed to operate data correlation for analytics but not allowed to know the privacy information as the result of data correlation. Therefore, applicable measures (e.g. data masking) shall be applied to mitigate such privacy violation risk.

Verify that no privacy information of operators' users is revealed to the party who is not allowed to have.

The vendor shall provide the documentation describing how to create an account for accessing the analytics results.

Privacy information list (should be specified based on local policy, regulation and others).

1. Review the documentation provided by the vendor describing how to create the account for accessing the analytics results provided by the NWDAF.

2. The tester creates the account, and retrieves the analytics results from the NWDAF using the account.

The tester can create the account, and the account does not reveal subscriber permanent identifier.

Evidence suitable for the interface, e.g. screenshot containing the results.

TR 33.926 [ 4], clause 5.3.6.7, Personal Identification Information Violation

Data masking on integration analysis about personal data

TBA.

Verify that no privacy information of operators' users is revealed to the party who is not allowed to have.

The vendor shall provide the documentation describing how to create an account for accessing the analytics results.

Privacy information list (should be specified based on local policy, regulation and others).

1. Review the documentation provided by the vendor describing how to create the account for accessing the analytics results provided by the NWDAF.

2. The tester creates the account, and retrieves the analytics results from the NWDAF using the account.

TS 33.926 [4], [clause X.Y]{.mark}.

Finding the right NF instance are serving the UE

TS 23.288 [2], clause 6.2.2.1.

To retrieve data related to a specific UE, the NWDAF shall first determine which NF instances are serving this UE as stated in table 4.2.2.1-2 unless the NWDAF has already obtained this information due to recent operations related to this UE.

Table 4.2.2.1-2: NF Services consumed by NWDAF to determine which NF instances are serving a UE

----------------------------------------------------------------------------------------------------------------------------------------------- Type of NF instance (serving the UE) to determine NF to be contacted by NWDAF Service Reference in TS 23.502 [3] ------------------------------------------------------- --------------------------------- ------------------ ---------------------------------- UDM NRF Nnrf_NFDiscovery 5.2.7.3

AMF UDM Nudm_UECM 5.2.3.2

SMF UDM Nudm_UECM 5.2.3.2

BSF NRF Nnrf_NFDiscovery 5.2.7.3

PCF BSF Nbsf_Management 5.2.13.2

NEF NRF Nnrf_NFDiscovery 5.2.7.3 -----------------------------------------------------------------------------------------------------------------------------------------------

"as specified in TS 23.288 [2], clause 6.2.2.1.

Verify that the NWDAF always find a recent NF from operations related to the UE.

Editor's Note: Purpose of test to be clarified.

Test environment with UE, source AMF, and target AMF and UDM. UE, source AMF, target AMF and UDM may be simulated.

The UE is registrated on the source AMF and the UDM, and the NWDAF subscribes analytics A which needs to collect the UE's information on the source AMF.