FORM 2
THE PATENTS ACT, 1970 (39 OF 1970)
& THE PATENT RULES, 2003
COMPLETE SPECIFICATION
(See section 10 and rule 13)
“METHOD AND SYSTEM FOR PROVIDING SECURED APPLICATION PROGRAMMING INTERFACE BASED MANUAL AUTHENTICATION OF
NETWORK FUNCTIONS”
We, Jio Platforms Limited, an Indian National, of Office - 101, Saffron, Nr. Centre Point, Panchwati 5 Rasta, Ambawadi, Ahmedabad - 380006, Gujarat, India.
The following specification particularly describes the invention and the manner in which it is to be performed.

METHOD AND SYSTEM FOR PROVIDING SECURED APPLICATION PROGRAMMING INTERFACE BASED MANUAL AUTHENTICATION OF
NETWORK FUNCTIONS
FIELD OF THE DISCLOSURE
[001] The present disclosure relates generally to the field of wireless communication systems. More particularly, the present disclosure relates to methods and systems for providing a secured application programming interface (API) based manual authentication of network functions.
BACKGROUND
[002] The following description of related art is intended to provide background information pertaining to the field of the disclosure. This section may include certain aspects of the art that may be related to various features of the present disclosure. However, it should be appreciated that this section be used only to enhance the understanding of the reader with respect to the present disclosure, and not as admissions of prior art.
[003] Wireless communication technology has rapidly evolved over the past few decades, with each generation bringing significant improvements and advancements. The first generation of wireless communication technology was based on analog technology and offered only voice services. However, with the advent of the second-generation (2G) technology, digital communication and data services became possible, and text messaging was introduced. The third-generation (3G) technology marked the introduction of high¬speed internet access, mobile video calling, and location-based services. The fourth-generation (4G) technology revolutionized wireless communication with faster data speeds, better network coverage, and improved security. Currently, the fifth-generation (5G) technology is being deployed, promising even faster data speeds, low latency, and the ability to connect multiple devices simultaneously. With each generation, wireless communication technology has become more advanced, sophisticated, and capable of delivering more services to its users.

[004] Moreover, the 5G core networks are based on service-based architecture (SBA) that is centered around a network function (NF) services. Each NF can register itself and its supported services to a Network Repository Function (NRF), which is used by other NFs for the discovery of NF instances and their services. The NRF therefore supports a service discovery function and receives NF Discovery Request from a NF instance or a Service Communication Proxy (SCP) and provides the information of the discovered NF instances (be discovered) to the NF instance or the SCP. Further, the NRF supports a Proxy Call Session Control Function (P-CSCF) discovery (specialized case of AF discovery by SMF). Further, the NRF maintain the NF profile of available NF instances and their supported services. Further, the NRF maintains a SCP profile of available SCP instances. Furthermore, the NRF supports a SCP discovery by the SCP instances. Also, the NRF notifies about newly registered/updated/ deregistered NF instances and the SCP instances along with its potential NF services to the subscribed NF service consumer or the SCP. Additionally, the NRF maintains the health status of NFs and SCP. Also, every time the NF undergoes a planned event or is commissioned for the first time, relevant NF details are recorded at the NRF. However, in existing system, upon registration with NRF, various methods are defined by the 3GPP standard which are implemented for enabling an immediate traffic flow at the NF. The traffic flow may include confidential information such as user IDs, tracking areas and other user-related details. However, there exists a risk of manual errors and security breaches, also the manual errors may occur during configurations or restart procedures while security breaches may include methods like rerouting traffic flow to an un-secured server using a dummy server such as dummy Unified Data Management (UDM) server.
[005] In other words, in 5G core Network, whenever a new instance of Network Function (NF) is commissioned, traffic distribution to the newly commissioned instance starts automatically. Sometimes, due to auto-restart or any manual error or environmental issue, the NF registers itself to the NRF, but it is yet not prepared to accept the traffic. In such cases failures will happen and ultimately Key Performance Indicator (KPI) will be degraded, affecting user experience. Also, in case of a security breach where a counterfeit NF has somehow registered itself at the NRF, now in an event where traffic starts immediately, some portion of traffic will land to that counterfeit NF i.e., an unauthorized NF which give increases the risk of a possibility of data theft.

[006] Further, over the period various solutions have been developed to improve the performance of communication devices and to provide security and one or more error checks for authentication of one or more network function profiles. However, there are certain challenges with existing solutions. For instance, a security certificate intended to fortify systems against breaches, may be exploited, leading to security vulnerabilities rather than providing security. Additionally, the existing systems fail to effectively conduct error checks which reduces their ability to identify and rectify potential issues efficiently.
[007] Thus, there exists an imperative need in the art to provide an efficient and effective system and method that can perform the security and error checks and overcome the limitations of the existing technologies.
OBJECTS OF THE DISCLOSURE
[008] Some of the objects of the present disclosure, which at least one embodiment disclosed herein satisfies are listed herein below.
[009] It is an object of the present disclosure to provide an efficient and effective system and method for providing a secure application programming interface (API) based manual authentication of one or more network functions.
[010] It is another object of the present disclosure to provide a solution that receives a successful registration indication of a target network function (NF) server and receives a NF profile of the target NF server based on the successful registration indication.
[011] It is another object of the present disclosure to provide a solution that receives, one of an approval request and a reject request based on a manual authentication of the target NF server, performs one of: an addition procedure and a removal procedure based on one of the approval request and the reject request to route, a network traffic from a first NF server to the target NF server based the receipt of the approval request.

[012] It is another object of the present disclosure to provide a solution that perform the security and error checks and overcome the limitations of the existing technologies.
[013] It is another object of the present disclosure to provide a solution that utilises secured application programming interface (API) to perform manual authentication of network function profile.
[014] It is another object of the present disclosure to provide a solution that receives by an administrator a configuration file comprising authentication related data of Network functions (NFs) at a Service Communication Proxy (SCP) controller in order to facilitate a manual authentication.
[015] It is another object of the present disclosure to overcome the limitations of the existing solutions by taking at service communication proxy (SCP), secured API based manual consent for starting traffic at newly commissioned NF.
[016] It is yet another object of the present disclosure to provide a solution to enable a service communication proxy (SCP) controller or a Proxy to interact with a secure API to further enable manual authentication of network function profile.
SUMMARY OF THE DISCLOSURE
[017] This section is provided to introduce certain aspects of the present disclosure in a simplified form that are further described below in the detailed description. This summary is not intended to identify the key features or the scope of the claimed subject matter.
[018] An aspect of the present disclosure relates to a method for providing an interface-based authentication of one or more network functions. The method comprises receiving, by a transceiver unit at a first network function (NF) server from a Network Repository Function (NRF) server, a successful registration indication of a second network function (NF) server. The method further comprises receiving, by the transceiver unit at the first NF server from the NRF server, a NF profile of the second NF server. The method further comprises receiving, by the transceiver unit at the first NF server via one or more secured

application programming interfaces (APIs), one of an approval request and a reject request based on the manual authentication of the second NF server. The method further comprises performing, by a processing unit at the first NF server, one of: an addition procedure and a removal procedure, wherein the addition procedure is performed in an event the approval request is received, and the removal procedure is performed in an event the reject request is received. The method further comprises facilitating routing, by the processing unit at the first NF server, a network traffic from the first NF server to the second NF server based at least on the receipt of the approval request.
[019] In an exemplary aspect of the present disclosure, the first network function server and is a service communication proxy (SCP) controller.
[020] In an exemplary aspect of the present disclosure, the method further comprises identifying, by an identification unit at the first NF server, the successful registration indication as one of a new registration of the second network function (NF) server and a re-registration of the second network function (NF) server.
[021] In an exemplary aspect of the present disclosure, the addition procedure comprises adding, by the processing unit at the first NF server, a details of the second NF server in a traffic serving NF list, and the removal procedure comprises removing, by the processing unit at the first NF server, the NF profile of the second NF server from a cache memory associated with the first NF server.
[022] In an exemplary aspect of the present disclosure, wherein prior to the receiving, by the transceiver unit at the first NF server from the NRF server, the successful registration indication of the second NF server, the method comprises receiving, by the NRF server from the second NF server, a registration request for registration of the second NF server, in one of a direct mode or indirect mode, wherein the direct mode comprises receiving the registration request by the NRF server from the second NF server directly, and the indirect mode comprises receiving the registration request by the NRF server from the second NF server via the first NF server. The method further comprises sending, by the NRF server to the second NF server, a response indicating the successful registration of the second NF server with the NRF server.

[023] In an exemplary aspect of the present disclosure, wherein receiving, by the transceiver unit at the first NF server, the NF profile of the second NF server, comprises receiving, by the transceiver unit at the first NF server, the NF profile of the second NF server and a status code based on the response indicating the successful registration.
[024] In an exemplary aspect of the present disclosure, wherein in an event of identifying of the successful registration as the new registration of the second NF server, the method comprises storing, by a storage unit at the first NF server the NF profile of the second NF server.
[025] Another aspect of the present disclosure relates to a system for providing an application programming interface (API) based authentication of one or more network functions, the system comprising a first network function (NF) server, the first network function (NF) server further comprises a transceiver unit. The transceiver unit is configured to receive, from a Network Repository Function (NRF) server, a successful registration indication of a second network function (NF) server. The transceiver unit is further configured to receive, from the NRF server, a NF profile of the second NF server. The transceiver unit is further configured to receive, via one or more secured application programming interfaces (APIs), one of an approval request and a reject request based on the manual authentication of the second NF server. The first NF server further comprises a processing unit that is connected to at least the transceiver unit, the processing unit is configured to perform one of: an addition procedure and a removal procedure, wherein the addition procedure is performed in an event the approval request is received, and the removal procedure is performed in an event the reject request is received. The processing unit is further configured to facilitate routing at the first NF server, a network traffic from the first NF server to the second NF server based at least on the receipt of the approval request.
[026] Another aspect of the present disclosure relates to a user equipment, comprising a memory, and a processor coupled to the memory, the processor is configured to receive a registration request associated with a second NF server [204] from a first NF server [202]. The processor is further configured to transmit an authentication request to the first NF

server [202] associated with the registration request. The processor is further configured to receive, an authentication response based on the authentication request. The authentication response is generated based on performance of a manual authentication of the second NF server [204] to generate one of an approval request and a reject request, and wherein one of: an addition procedure and a removal procedure is performed at the first NF server [202], wherein the addition procedure is performed in an event the approval request is generated, and the removal procedure is performed in an event the reject request is generated.
[027] Yet another aspect of the present disclosure may relate to a non-transitory computer readable storage medium storing instruction for providing an interface-based authentication of one or more network functions. The instructions include an executable code which, when executed by one or more units of the system, causes a transceiver unit to receive, from a Network Repository Function (NRF) server, a successful registration indication of a second network function (NF) server, receive, from the NRF server, a NF profile of the second NF server, and receive, via one or more secured application programming interfaces (APIs), one of an approval request and a reject request based on the manual authentication of the second NF server, a processing unit connected to at least the transceiver unit to perform one of: an addition procedure and a removal procedure, wherein the addition procedure is performed in an event the approval request is received, and the removal procedure is performed in an event the reject request is received; and the processing unit route a network traffic from the first NF server to the second NF server based at least on the receipt of the approval request.
BRIEF DESCRIPTION OF DRAWINGS
[028] The accompanying drawings, which are incorporated herein, and constitute a part of this disclosure, illustrate exemplary embodiments of the disclosed methods and systems in which like reference numerals refer to the same parts throughout the different drawings. Components in the drawings are not necessarily to scale, emphasis instead being placed upon clearly illustrating the principles of the present disclosure. Some drawings may indicate the components using block diagrams and may not represent the internal circuitry of each component. It will be appreciated by those skilled in the art that disclosure of such

drawings includes disclosure of electrical components, electronic components or circuitry commonly used to implement such components.
[029] FIG. 1 illustrates an exemplary block diagram [100] representation of 5th
5 generation core (5GC) network architecture.
[030] FIG.2 illustrates an exemplary block diagram of a system [200] for providing an interface-based authentication of one or more network functions, in accordance with exemplary embodiments of the present disclosure.
10
[031] FIG.3 illustrates an exemplary diagram indicating an interconnection between various modules to implement the process of providing an interface-based authentication of one or more network functions, in accordance with exemplary embodiments of the present disclosure.
15
[032] FIG.4 illustrates an exemplary method [400] flow diagram indicating the process for providing an interface-based authentication of one or more network functions, in accordance with exemplary embodiments of the present disclosure.
20 [033] FIG. 5 illustrates an exemplary block diagram of a computing device [1000] upon
which an embodiment of the present disclosure may be implemented.
[034] The foregoing shall be more apparent from the following more detailed description of the disclosure. 25
DETAILED DESCRIPTION
[035] In the following description, for the purposes of explanation, various specific
details are set forth in order to provide a thorough understanding of embodiments of the
30 present disclosure. It will be apparent, however, that embodiments of the present disclosure
may be practiced without these specific details. Several features described hereafter can each be used independently of one another or with any combination of other features. An individual feature may not address any of the problems discussed above or might address
9

only some of the problems discussed above. Some of the problems discussed above might not be fully addressed by any of the features described herein. Example embodiments of the present disclosure are described below, as illustrated in various drawings in which like reference numerals refer to the same parts throughout the different drawings. 5
[036] The ensuing description provides exemplary embodiments only, and is not
intended to limit the scope, applicability, or configuration of the disclosure. Rather, the
ensuing description of the exemplary embodiments will provide those skilled in the art with
an enabling description for implementing an exemplary embodiment. It should be
10 understood that various changes may be made in the function and arrangement of elements
without departing from the spirit and scope of the disclosure as set forth.
[037] It should be noted that the terms "mobile device", "user equipment", "user device", “communication device”, “device” and similar terms are used interchangeably for the
15 purpose of describing the disclosure. These terms are not intended to limit the scope of the
disclosure or imply any specific functionality or limitations on the described embodiments. The use of these terms is solely for convenience and clarity of description. The disclosure is not limited to any particular type of device or equipment, and it should be understood that other equivalent terms or variations thereof may be used interchangeably without
20 departing from the scope of the disclosure as defined herein.
[038] Specific details are given in the following description to provide a thorough understanding of the embodiments. However, it will be understood by one of ordinary skill in the art that the embodiments may be practiced without these specific details. For
25 example, circuits, systems, networks, processes, and other components may be shown as
components in block diagram form in order not to obscure the embodiments in unnecessary detail. In other instances, well-known circuits, processes, algorithms, structures, and techniques may be shown without unnecessary detail in order to avoid obscuring the embodiments.
30
[039] Also, it is noted that individual embodiments may be described as a process which is depicted as a flowchart, a flow diagram, a data flow diagram, a structure diagram, or a block diagram. Although a flowchart may describe the operations as a sequential process,
10

many of the operations can be performed in parallel or concurrently. In addition, the order of the operations may be re-arranged. A process is terminated when its operations are completed but could have additional steps not included in a figure.
5 [040] The word “exemplary” and/or “demonstrative” is used herein to mean serving as
an example, instance, or illustration. For the avoidance of doubt, the subject matter disclosed herein is not limited by such examples. In addition, any aspect or design described herein as “exemplary” and/or “demonstrative” is not necessarily to be construed as preferred or advantageous over other aspects or designs, nor is it meant to preclude
10 equivalent exemplary structures and techniques known to those of ordinary skill in the art.
Furthermore, to the extent that the terms “includes,” “has,” “contains,” and other similar words are used in either the detailed description or the claims, such terms are intended to be inclusive—in a manner similar to the term “comprising” as an open transition word— without precluding any additional or other elements.
15
[041] As used herein, an “electronic device”, or “portable electronic device”, or “user device” or “communication device” or “user equipment” or “device” refers to any electrical, electronic, electromechanical and computing device. The user device is capable of receiving and/or transmitting one or parameters, performing function/s, communicating
20 with other user devices and transmitting data to the other user devices. The user equipment
may have a processor, a display, a memory, a battery and an input-means such as a hard keypad and/or a soft keypad. The user equipment may be capable of operating on any radio access technology including but not limited to IP-enabled communication, Zig Bee, Bluetooth, Bluetooth Low Energy, Near Field Communication, Z-Wave, Wi-Fi, Wi-Fi
25 direct, etc. For instance, the user equipment may include, but not limited to, a mobile phone,
smartphone, virtual reality (VR) devices, augmented reality (AR) devices, laptop, a general-purpose computer, desktop, personal digital assistant, tablet computer, mainframe computer, or any other device as may be obvious to a person skilled in the art for implementation of the features of the present disclosure.
30
[042] Further, the user device may also comprise a “processor” or “processing unit” includes processing unit, wherein processor refers to any logic circuitry for processing instructions. The processor may be a general-purpose processor, a special purpose
11

processor, a conventional processor, a digital signal processor, a plurality of
microprocessors, one or more microprocessors in association with a DSP core, a controller,
a microcontroller, Application Specific Integrated Circuits, Field Programmable Gate
Array circuits, any other type of integrated circuits, etc. The processor may perform signal
5 coding data processing, input/output processing, and/or any other functionality that enables
the working of the system according to the present disclosure. More specifically, the processor is a hardware processor.
[043] One or more modules, units, components (including but not limited to analysis unit,
10 identification unit, alert unit, determination unit and fetching unit) used herein may be
software modules configured via hardware modules/processor, or hardware processors, the
processors being a general-purpose processor, a special purpose processor, a conventional
processor, a digital signal processor, a plurality of microprocessors, one or more
microprocessors in association with a DSP core, a controller, a microcontroller,
15 Application Specific Integrated Circuits, Field Programmable Gate Array circuits, any
other type of integrated circuits, etc.
[044] As portable electronic devices and wireless technologies continue to improve and grow in popularity, the advancing wireless technologies for data transfer are also expected
20 to evolve and replace the older generations of technologies. In the field of wireless data
communications, the dynamic advancement of various generations of cellular technology are also seen. The development, in this respect, has been incremental in the order of second generation (2G), third generation (3G), fourth generation (4G), and now fifth generation (5G), and more such generations are expected to continue in the forthcoming time.
25
[045] Radio Access Technology (RAT) refers to the technology used by mobile devices/ user equipment (UE) to connect to a cellular network. It refers to the specific protocol and standards that govern the way devices communicate with base stations, which are responsible for providing the wireless connection. Further, each RAT has its own set of
30 protocols and standards for communication, which define the frequency bands, modulation
techniques, and other parameters used for transmitting and receiving data. Examples of RATs include GSM (Global System for Mobile Communications), CDMA (Code Division Multiple Access), UMTS (Universal Mobile Telecommunications System), LTE (Long-
12

Term Evolution), and 5G. The choice of RAT depends on a variety of factors, including
the network infrastructure, the available spectrum, and the mobile device's/device's
capabilities. Mobile devices often support multiple RATs, allowing them to connect to
different types of networks and provide optimal performance based on the available
5 network resources.
[046] As used herein, an interface is an interface that acts as a software intermediary through which one or more applications communicates with each other to exchange data, one or more features and one or more functionalities.
10
[047] As used herein, a Service Communication Proxy (SCP) is a decentralized solution and composed of control plane and data plane. The SCP is deployed along side of 5G Network Functions (NF) for providing routing control, resiliency, and observability to the core network. In addition, the SCP is configured for message forwarding and routing to
15 destination NF/NF service, message forwarding and routing to a next hop SCP,
communication security (e.g., authorization of the NF Service Consumer to access the NF Service Producer application programming interface (API)), load balancing, monitoring, overload control and the like.
20 [048] As used herein “Service Communication Proxy Performance AI" is an Artificial
Intelligence module which processes the performance statistics fetched from all SCP Proxies and decide performance degrade event and generate alternate routing path in case required.
25 [049] As discussed in the background section, over the period various solutions have
been developed to improve the performance of communication devices and to provide security and one or more an error checks for authentication of one or more network function profiles. However, there are certain challenges with existing solutions. For instance, a security certificate intended to fortify systems against breaches, may be exploited, leading
30 to security vulnerabilities rather than providing security. Additionally, the existing systems
fail to effectively conduct error checks which reduces their ability to identify and rectify potential issues efficiently.
13

[050] The present disclosure aims to overcome the above-mentioned and other existing
problems in this field of technology by providing a solution that provides an interface to
perform manual authentication of a network function profile. Particularly, a solution to
enable a service communication proxy (SCP) controller to interact with the interface is
5 provided to further enable manual authentication of the network function profile. The
solution as disclosed in the present disclosure lies at the SCP which enables traffic only
after the manual authentication using the secured interface is triggered at the SCP
controller. It is to be noted that the present disclosure discloses a methodology indicating
that the present solution was developed at the SCP for ease of understanding, and the same
10 is not limited thereto. The interface based manual consent can also be implemented at any
other NF.
[051] Hereinafter, exemplary embodiments of the present disclosure will be described with reference to the accompanying drawings.
15
[052] FIG. 1 illustrates an exemplary block diagram representation of 5th generation core (5GC) network architecture, in accordance with exemplary embodiment of the present disclosure. As shown in FIG. 1, the 5GC network architecture [100] includes a user equipment (UE) [102], a radio access network (RAN) [104], an access and mobility
20 management function (AMF) [106], a Session Management Function (SMF) [108], a
Service Communication Proxy (SCP) [110], an Authentication Server Function (AUSF) [112], a Network Slice Specific Authentication and Authorization Function (NSSAAF) [114], a Network Slice Selection Function (NSSF) [116], a Network Exposure Function (NEF) [118], a Network Repository Function (NRF) [120], a Policy Control Function
25 (PCF) [122], a Unified Data Management (UDM) [124], an application function (AF)
[126], a User Plane Function (UPF) [128], a data network (DN) [130], wherein all the components are assumed to be connected to each other in a manner as obvious to the person skilled in the art for implementing features of the present disclosure.
30 [053] The User Equipment (UE) [102] interfaces with the network via the Radio Access
Network (RAN) [104]; the Access and Mobility Management Function (AMF) [106] manages connectivity and mobility, while the Session Management Function (SMF) [108] administers session control; the service communication proxy (SCP) [110] routes and
14

manages communication between network services, enhancing efficiency and security, and
the Authentication Server Function (AUSF) [112] handles user authentication; the Network
Slice Specific Authentication and Authorization Function (NSSAAF) [114] for integrating
the 5G core network with existing 4G LTE networks i.e., to enable Non-Standalone (NSA)
5 5G deployments, the Network Slice Selection Function (NSSF) [116], Network Exposure
Function (NEF) [118], and Network Repository Function (NRF) [120] enable network customization, secure interfacing with external applications, and maintain network function registries respectively; the Policy Control Function (PCF) [122] develops operational policies, and the Unified Data Management (UDM) [124] manages subscriber data; the
10 Application Function (AF) [126] enables application interaction, the User Plane Function
(UPF) [128] processes and forwards user data, and the Data Network (DN) [130] connects to external internet resources; collectively, these components are designed to enhance mobile broadband, ensure low-latency communication, and support massive machine-type communication, solidifying the 5GC as the infrastructure for next-generation mobile
15 networks.
[054] Radio Access Network (RAN) [104] is the part of a mobile telecommunications
system that connects user equipment (UE) [102] to the core network (CN) and provides
access to different types of networks (e.g., 5G network). It consists of radio base stations
20 and the radio access technologies that enable wireless communication.
[055] Access and Mobility Management Function (AMF) [106] is a 5G core network
function responsible for managing access and mobility aspects, such as UE registration,
connection, and reachability. It also handles mobility management procedures like
25 handovers and paging.
[056] Session Management Function (SMF) [108] is a 5G core network function
responsible for managing session-related aspects, such as establishing, modifying, and
releasing sessions. It coordinates with the User Plane Function (UPF) for data forwarding
30 and handles IP address allocation and QoS enforcement.
[057] Service Communication Proxy (SCP) [110] is a network function in the 5G core network that facilitates delegated discovery, message forwarding and routing to destination
15

NF/NF service, message forwarding and routing to a next SCP, communication security (such as authorization of the NF Service Consumer to access the NF Service Producer API, load balancing, monitoring, overload control, etc.) between Network Function (NF) services. 5
[058] Authentication Server Function (AUSF) [112] is a network function in the 5G core responsible for authenticating UEs during registration and providing security services. It generates and verifies authentication vectors and tokens.
10 [059] Network Slice Specific Authentication and Authorization Function (NSSAAF)
[114] is a network function that provides authentication and authorization services specific to network slices. It ensures that UEs can access only the slices for which they are authorized.
15 [060] Network Slice Selection Function (NSSF) [116] is a network function
responsible for selecting the appropriate network slice for a UE based on factors such as subscription, requested services, and network policies.
[061] Network Exposure Function (NEF) [118] is a network function that exposes
20 capabilities and services of the 5G network to external applications, enabling integration
with third-party services and applications.
[062] Network Repository Function (NRF) [120] is a network function that supports a service discovery function and receive NF Discovery Request from NF instance or Service
25 Communication Proxy (SCP) and provides the information of the discovered NF instances
(be discovered) to the NF instance or SCP. Further, the NRF [120] supports a Proxy Call Session Control Function (P-CSCF) discovery (specialized case of AF discovery by SMF). Further, the NRF [120] maintain the NF profile of available NF instances and their supported services. Further, the NRF [120] maintains SCP profile of available SCP
30 instances. Furthermore, the NRF [120] supports SCP discovery by SCP instances. Also,
the NRF notifies about newly registered/updated/ deregistered NF and SCP instances along with its potential NF services to the subscribed NF service consumer or SCP. Additionally, the NRF [120] maintains the health status of NFs and SCP. Further, the NF profile
16

associated with the NRF may include one or more information attributes such as NF
instance ID, NF type, PLMN ID, Network Slice related Identifier(s) e.g. S-NSSAI, NSI ID,
FQDN, IP address of NF, NF capacity information, NF priority information, NF Set ID,
NF Service Set ID of the NF service instance, NF Specific Service authorization
5 information, Names of supported services, Endpoint Address(es) of instance(s) of each
supported service, Identification of stored data/information, or any other attributes that may be known in the art.
[063] Policy Control Function (PCF) [122] is a network function responsible for policy
10 control decisions, such as QoS, charging, and access control, based on subscriber
information and network policies.
[064] Unified Data Management (UDM) [124] is a network function that centralizes
the management of subscriber data, including authentication, authorization, and
15 subscription information.
[065] Application Function (AF) [126] is a network function that represents external applications interfacing with the 5G core network to access network capabilities and services. 20
[066] User Plane Function (UPF) [128] is a network function responsible for handling user data traffic, including packet routing, forwarding, and QoS enforcement.
[067] Data Network (DN) [130] refers to a network that provides data services to user
25 equipment (UE) in a telecommunications system. The data services may include but are
not limited to Internet services, private data network related services.
[068] Referring to FIG.2, an exemplary block diagram of a system [200] for providing
an interface-based authentication of one or more network functions is shown, in accordance
30 with the exemplary embodiments of the present disclosure. The system [200] comprises at
least a first network function (NF) server [202]. The first NF server [202] further comprises at least one transceiver unit [202a], at least one identification unit [202b], and at least one processing unit [202c]. The first network function server [202] is a service communication
17

proxy (SCP) server. Further, the system [200] may be connected via one of a wired or a
wireless connection medium to a second NF server [204] and a Network Repository
Function (NRF) server [206] to implement the solution of the present disclosure. Also, all
of the components/ units of the system [200] are assumed to be connected to each other
5 unless otherwise indicated below. Also, in FIG. 2 only a few units are shown, however, the
system [200] may comprise multiple such units or the system [200] may comprise any such
numbers of said units, as required to implement the features of the present disclosure. For
ease of reference, FIG. 2 depicts units/components of the system [200] by way of
representation of blocks and FIG. 2 do not represent the internal circuitry or connections
10 of each component/unit of the system [200]. It will be appreciated by those skilled in the
art that disclosure of such drawings/block diagrams includes disclosure of electrical components and connections between said electronic components, and electronic components or circuitry commonly used to implement such components.
15 [069] Further, in accordance with the present disclosure, it is to be acknowledged that
the functionality described for the various the components/units can be implemented interchangeably. While specific embodiments may disclose a particular functionality of these units for clarity, it is recognized that various configurations and combinations thereof are within the scope of the disclosure. The functionality of specific units as disclosed in the
20 disclosure should not be construed as limiting the scope of the present disclosure.
Consequently, alternative arrangements and substitutions of units, provided they achieve the intended functionality described herein, are considered to be encompassed within the scope of the present disclosure.
25 [070] Additionally, the identification unit [202b] and the processing unit [202c], are
processors. The processor may be a general-purpose processor, a special purpose processor, a conventional processor, a digital signal processor, a plurality of microprocessors, one or more microprocessors in association with a DSP (digital signal processor) core, a controller, a microcontroller, Application Specific Integrated Circuits, Field Programmable
30 Gate Array circuits, any other type of integrated circuits, etc.
18

[071] Also, the transceiver unit [202a] includes a transmitter having capabilities to transmit data/signals and optionally also a receiver unit having capabilities to receive data/signals.
5 [072] The system [200] is configured to provide the interface (API) based authentication
of the one or more network functions. The one or more network functions refers to one or
more operations which are performed within a network to facilitate communication,
management and security. For example, in 5G technology, the one or more network
functions include but not limited to an Access and Mobility Management Function (AMF),
10 a Session Management Function (SMF) and a user plane function (UPF).
[073] In order to provide the interface-based authentication of the one or more network
function, the transceiver unit [202a] receives from a Network Repository Function (NRF)
server [206], a successful registration indication of a second network function (NF) server
15 [104]. For instance, the first NF sever [202] receives a successful registration indication of
the second NF server [204] in a telecommunication network.
[074] Further, the transceiver unit [202a] is configured to receive, from the NRF server
[206], a NF profile of the second NF server [204]. As depicted in FIG. 2, the second NF
20 server [204] may communicate with the network repository function (NRF) server [206]
for transmission of the NF profile. The NF profile is a comprehensive description of the network function server within a network. The NF profile encompasses a set of details such as identity, capabilities, configurations and other relevant information of one or more NFs.
25 [075] Thereafter, the transceiver unit [202a] is further configured to receive, via one or
more interfaces, one of an approval request and a reject request on the manual authentication of the second NF server [204]. The approval request indicates that the manual authentication of second NF server [204] has been successful, and the reject request indicates that the manual authentication of second NF server [204] has been unsuccessful.
30
[076] The present disclosure encompasses that the second NF server [204] may be a service communication proxy (SCP) controller.
19

[077] The present disclosure encompasses that the identification unit [202b] is
configured to identify the successful registration indication as one of a new registration of
the second network function (NF) server [204] and a re-registration of the second network
function (NF) server [204]. Further the identification is done via one or more identification
5 methods that may be obvious to the person skilled in the art.
[078] Further, the identification unit [202b] may identify the successful registration
indication as one of the new registration of the second network function (NF) server [204]
and the re-registration of the second network function (NF) server [204] based on
10 performing a check in a data storage unit of the SCP controller for the corresponding NF
profile associated with the second network function (NF) server [204].
[079] The present disclosure encompasses that a storage unit [202e] is configured to
store, the NF profile of the second NF server [204] in an even the successful registration is
15 identified as the new registration of the second NF server [204].
[080] The present disclosure encompasses that prior to the receipt of the successful registration indication of the second NF server [204], the NRF server [206] receives from the second NF server [204], a registration request for registration of the second NF server
20 [204], in one of a direct mode or indirect mode, wherein the direct mode comprises receipt
of the registration request by the NRF server [206] from the second NF server [204] directly, and the indirect mode comprises receipt of the registration request by the NRF server [206] from the second NF server [204] via the first NF server [202]. Further, the NRF server [206] send, to the second NF server [204], a response indicating the successful
25 registration of the second NF server [204] with the NRF server [206].
[081] The present disclosure encompasses that to receive the NF profile of the second
NF server [204], the transceiver unit [202a] is further configured to receive the NF profile
of the second NF server [204] and a status code based on the response that is transmitted
30 from the NRF server [206] to the second NF server [204], indicating the successful
registration. The status code may refer to a specific identifier which accompanies the reception of the NF profile of the second NF server [204]. Further the status code may provide an information about the successful registration of the second NF server [204].
20

[082] Further, upon receiving the approval request and the reject request, the processing
unit [202c] which is connected to at least the transceiver unit [202a] performs one of an
addition procedure and a removal procedure, wherein the addition procedure is performed
5 in an event the approval request is received, and the removal procedure is performed in an
event the reject request is received. The addition procedure and the removal procedure may include a plurality of steps which may be obvious to the person skilled in the art.
[083] Further, in the addition procedure, a data related to the NF profile and the NF
10 registration is added in a configuration of the NF profile and transmitted to the first server.
In the removal procedure, the data related to the NF profile and the NF registration that is stored at the first server is deleted from the first server.
[084] The present disclosure encompasses that the processing unit [202c] is further
15 configured to perform the addition procedure by adding a details of the second NF server
[204] in a traffic serving NF list. The processing unit [202c] is further configured to perform the removal procedure by removing the NF profile of the second NF server [204] from a cache memory or a traffic serving NF list associated with the first NF server [202]. Further, the updated traffic serving NF list is shared across one or more SCP instances. 20
[085] Thereafter, upon performing the procedures, the processing unit [202c] is
configured to facilitate routing, the network traffic from the first NF server [202] to the
second NF server [204] based at least on the receipt of the approval request. Further, the
routing is performed by the SCP based on the traffic serving NF list provided by the SCP
25 controller. Further, the routing of network traffic from the first NF server [202] to the
second NF server [204] based at least on the receipt of the approval request is facilitated by the processing unit [202c] via a SCP server.
[086] Referring to FIG. 3 an exemplary diagram indicating an interconnection between
30 various modules to implement the process providing an interface) based authentication of
one or more network functions, in accordance with exemplary embodiments of the present disclosure is shown. The 5G architecture comprise of at least one service communication proxy (SCP) controller [300a], at least one service communication proxy (SCP) [300b], at
21

least one secured traffic control system [300c]. The SCP controller [300a] is a controller
manager registration/deregistration of NFs/SCP [300b]. Further the SCP controller [300a]
provides an administrator access (via Application Programming Interface
(API)/configuration files) to manage one or more operations such as delete, update, add the
5 one or more NF profiles at the SCP instances. The SCP [300b] is a cloud native 5G core
signalling router that helps to efficiently secure, optimize and manage the 5G network by providing routing control, resiliency, security, and observability to a 5G core network. Further, secured traffic control system [300c] is responsible for sending approval request or rejection request by an administrator device.
10
[087] Further, a newly commissioned NF sends a first registration request either to an NRF [300d] directly and/or to the SCP controller [300a]. In addition to this, the NF may sends the first registration request to the NRF [300d] directly or to the SCP controller [300a] and the SCP controller [300a] may forward the first registration request to the NRF.
15 Also, the first registration request is sent when the new NF is established for providing one
or more services.
[088] Thereafter, the NRF [300d] respond to the NF after a successful registration based on the first registration request from the newly commissioned NF. Further upon the
20 successful registration the NRF [300d] notifies the SCP controller [300a] or other NFs with
a NF profile of the newly commissioned NF. Also, in an event the registration request is send via the SCP [300b], the SCP [300b] may get the NF profile and a status code from the response transmitted from the NRF to the NF upon successful registration. The status code conveys an information related to the registration, for example status code 201 is a success
25 code, and a status code 400 is failure code. Thereafter, the SCP [300b] identifies if current
registration of the NF is a new registration or a re-registration. Additionally, upon receiving the NF profile of the newly commissioned NF, the NF profile is stored in a cache memory of the storage unit [202e].
30 [089] Also, when an approve NF request is received via an interface for newly
commissioned NF via the SCP controller [300a], the SCP [300b] adds the newly commissioned NF in a traffic serving NF list and upon which a usual traffic to newly
22

commissioned NF will start. However, when a reject NF request is received, the SCP [300b] removes the NF profile from the cache memory.
[090] As depicted in FIG. 3, a block marked as a 'Registered but not approved NF
5 consumer instance' [300e] signifies unauthorized access, resulting in traffic prohibition.
Conversely, 'Registered and approved consumer instances' [300f] indicate authorized
access, with traffic permitted. Similarly, 'Registered and approved NF producer instance'
[300g] denotes authorized access, with traffic allowed. However, in the case of 'Registered
but not approved NF producer instance' [300h], authorized access is indicated, and traffic
10 is likewise permitted.
[091] ‘Registered but not approved NF consumer instance’ refers to a network function
(NF) consumer instance that has successfully completed the registration process but has
not yet been officially approved for access. It signifies that a registration process is initiated
15 but has not yet received authorization to access one or more network resources or services.
[092] ‘Registered and approved consumer instances’ refers to one or more NF consumer
instances that have both successfully completed the registration process and have been
officially approved for access. This indicates that the NF has undergone the registration
20 procedure and have received authorization to access the network resources or services.
[093] ‘Registered and approved NF producer instance’ refers to a NF producer instance that has successfully completed the registration process and has been approved for access.
25 [094] ‘Registered but not approved NF producer instance’ denotes an NF producer
instance that has completed the registration process but has not yet been officially approved for access.
[095] Referring to FIG. 4 an exemplary method flow diagram [400] for providing a
30 secure application programming interface (API) based on a manual authentication of one
or more network functions is shown, in accordance with exemplary embodiments of the present disclosure is shown. In an implementation the method [400] is performed by the system [200].
23

[096] As shown in FIG.4, the method [400] starts at step [402].
[097] At step [404], the method [400] as disclosed by the present disclosure comprises
5 receiving, by a transceiver unit [202a] at a first network function (NF) server [202] from a
Network Repository Function (NRF) server [206], a successful registration indication of a second network function (NF) server [204]. The first NF server [202] and the second NF server [204] may be service communication proxy (SCP) servers.
10 [098] The present discloses encompasses that the method further comprising identifying,
by an identification unit [202b] at the first NF server [202], the successful registration indication as one of a new registration of the second network function (NF) server [204] and a re-registration of the second network function (NF) server [204].
15 [099] The present disclosure encompasses that prior to the receiving, by the transceiver
unit [202a] at the first NF server [202] from the NRF server [206], the successful registration indication of the second NF server [204], the method comprises receiving, by the NRF server [206] from the second NF server [204], a registration request for registration of the second NF server [204], in one of a direct mode or indirect mode,
20 wherein the direct mode comprises receiving the registration request by the NRF server
[206] from the second NF server [204] directly, and the indirect mode comprises receiving the registration request by the NRF server [206] from the second NF server [204] via the first NF server [202]. The method further comprises sending, by the NRF server [206] to the second NF server [204], a response indicating the successful registration of the second
25 NF server [204] with the NRF server [206].
[100] Further, it is to be noted that in a telecommunication network, a new NF server is
required to register with the NRF server [206] i.e., a central NRF server, before becoming
operational. Before, the NRF server [206] confirms the successful registration of a new NF
30 server, a specific procedure is followed in which the NRF server [206] receives a
registration request from the new NF server, either directly or indirectly through an intermediary NF server. The direct mode involves the NRF server [206] receiving the registration request directly from the new NF server, while the indirect mode involves the
24

NRF server [206] receiving the request via another NF server in the network. Subsequently,
after processing the registration request, the NRF server [206] sends a response back to the
new NF server, indicating whether a registration based on the registration request was
successful or unsuccessful. The successful response from the NRF server [206] serves as
5 confirmation of the new NF server successful registration with the NRF server [206],
allowing it to become part of a network infrastructure and access network resources associated with the network infrastructure.
[101] The present disclosure encompasses that the receiving, by the transceiver unit
10 [202a] at the first NF server [202] from the NRF server [206], a NF profile of the second
NF server [204]. Further, the method [400] further comprises receiving, by the transceiver
unit [202a] at the first NF server [202], the NF profile of the second NF server [204] and a
status code based on the response indicating the successful registration. The status code
may refer to a specific identifier which accompanies the reception of the NF profile of the
15 second NF server [204]. Further the status code may provide an information about the
successful registration.
[102] Further, upon receiving the successful registration indication, the method proceeds to step [406] in which the method [400] as disclosed by the present disclosure comprises
20 receiving, by the transceiver unit [202a] at the first NF server [202] from the NRF server
[206], a NF profile of the second NF server [204]. The NF profile is a comprehensive description of a network function server within a network. The NF profile encompasses a set of details such as identity, capabilities, configurations and other relevant information of a particular NF.
25
[103] The present disclosure encompasses that wherein in an event of identifying of the successful registration as the new registration of the second NF server [204], the method comprises storing, by a storage unit [202e] at the first NF server [202], the NF profile of the second NF server [204].
30
[104] Thereafter, at step [408], the method [400] as disclosed by the present disclosure comprises receiving, by the transceiver unit [202a] at the first NF server [202] via one or more interfaces, one of an approval request and a reject request manual authentication of
25

the second NF server [204]. The approval request indicates that the manual authentication
of the second NF server [204] has been successful, and the reject request indicates that the
manual authentication of the second NF server [204] has been unsuccessful. Further, the
approval request and the reject request are received by the transceiver unit [202a], wherein
5 both the requests i.e., the approval request and the reject request are based on the manual
authentication of the second NF server [204].
[105] Upon receiving the approval request and the reject request, the method proceeds to step [410] and the method [400] as disclosed by the present disclosure comprises
10 performing, by a processing unit [202c] at the first NF server [202], one of: an addition
procedure and a removal procedure, wherein the addition procedure is performed in an event the approval request is received, and the removal procedure is performed in an event the reject request is received. The addition procedure and the removal procedure may include a plurality of steps which may be obvious to the person skilled in the art.
15
[106] The present disclosure encompasses that the addition procedure comprises adding, by the processing unit [202c] at the first NF server [202], a details of the second NF server [204] in a traffic serving NF list, and the removal procedure comprises removing, by the processing unit [202c] at the first NF server [202], the NF profile of the second NF server
20 [204] from a cache memory associated with the first NF server [202].
[107] Thereafter, the method proceeds to step [412], and the method [400] as disclosed
by the present disclosure comprises facilitating routing, by the processing unit [202c] at the
first NF server [202], a network traffic from the first NF server [202] to the second NF
25 server [204] based at least on the receipt of the approval request. Further, the routing of
network traffic from the first NF server [202] to the second NF server [204] based at least on the receipt of the approval request is facilitated by the processing unit [202c] via a SCP server.
30 [108] Thereafter, the method [400] terminates at step [414].
[109] Therefore, the present method [400] enables a manual verification of the Network function (NF) profile parameters before start of actual live traffic post the NF registration
26

to enhance the security and reduction in manual errors. Post registration, immediate traffic distribution to NF is avoided till operator manually enables the traffic.
[110] Further, in a telecommunication organization (in other words), when a new
5 network function (NF) server joins a network, the method [400] is implemented to ensure
secure integration. Firstly, the transceiver unit [202a] at the first NF server [202] receives a successful registration indication from the Network Repository Function (NRF) server [206], confirming the addition of the new NF server. Subsequently, it receives the NF profile of the new server from the NRF server [206]. Through interface, the transceiver unit
10 [202a] then processes approval or rejection requests based on a manual authentication of
the new NF server. If approved, the processing unit [202c] adds the new server to a network’s traffic-serving list; otherwise, it removes it. The processing unit [202c] then directs network traffic accordingly. This method ensures that only an authorized NF servers handle network traffic, enhancing security. Additionally, the system [200] and method
15 [400] of the present disclosure distinguishes between new registrations and re-registrations,
and upon the successful registration, stores the NF profile for future reference, streamlining network management. Additionally, the present disclosure provides technical benefits such as enhanced security that helps to prevent unauthorized access and potential security breaches, precise control over the registration and authentication of NF servers, reduced
20 errors and improved network management.
[111] It is pertinent to note that the method is capable of implementing the features that are obvious to a person skilled in the art in light of the disclosure as disclosed above and the implementation of the method is not limited to the above disclosure.
25
[112] Additionally, the present disclosure encompasses that the present solution may be implemented in any the scenario where a NF is connected to a NRF through either a SCP controller and a SCP, wherein the SCP controller and the SCP further connected to the interface to enhance security and reduction in the manual errors by the manual verification.
30
[113] FIG. 5 illustrates an exemplary block diagram of a computing device [1000] (also referred herein as computing system [1000]) upon which an embodiment of the present disclosure may be implemented. In an implementation, the computing device [1000]
27

implements the method [400] for providing an interface-based authentication of one or
more network functions using the system [200]. In another implementation, the computing
device [1000] itself implements the method [400] for providing the interface-based
authentication of one or more network functions in a telecommunication network using one
5 or more units configured within the computing device [1000], wherein said one or more
units are capable of implementing the features as disclosed in the present disclosure.
[114] The computing device [1000] may include a bus [1002] or other communication mechanism for communicating information, and a hardware processor [1004] coupled with
10 bus [1002] for processing information. The hardware processor [1004] may be, for
example, a general-purpose microprocessor. The computing device [1000] may also include a main memory [1006], such as a random-access memory (RAM), or other dynamic storage device, coupled to the bus [1002] for storing information and instructions to be executed by the processor [1004]. The main memory [1006] also may be used for storing
15 temporary variables or other intermediate information during execution of the instructions
to be executed by the processor [1004]. Such instructions, when stored in non-transitory storage media accessible to the processor [1004], render the computing device [1000] into a special-purpose machine that is customized to perform the operations specified in the instructions. The computing device [1000] further includes a read only memory (ROM)
20 [1008] or other static storage device coupled to the bus [1002] for storing static information
and instructions for the processor [1004].
[115] A storage device [1010], such as a magnetic disk, optical disk, or solid-state drive is provided and coupled to the bus [1002] for storing information and instructions. The
25 computing device [1000] may be coupled via the bus [1002] to a display [1012], such as a
cathode ray tube (CRT), for displaying information to a computer user. An input device [1014], including alphanumeric and other keys, may be coupled to the bus [1002] for communicating information and command selections to the processor [1004]. Another type of user input device may be a cursor controller [1016], such as a mouse, a trackball, or
30 cursor direction keys, for communicating direction information and command selections to
the processor [1004], and for controlling cursor movement on the display [1012]. This input device [1014] typically has two degrees of freedom in two axes, a first axis (e.g., x) and a second axis (e.g., y), that allow the device to specify positions in a plane.
28

[116] The computing device [1000] may implement the techniques described herein
using customized hard-wired logic, one or more ASICs or FPGAs, firmware and/or
program logic which in combination with the computing device [1000] causes or programs
5 the computing device [1000] to be a special-purpose machine. According to one
embodiment, the techniques herein are performed by the computing device [1000] in
response to the processor [1004] executing one or more sequences of one or more
instructions contained in the main memory [1006]. Such instructions may be read into the
main memory [1006] from another storage medium, such as the storage device [1010].
10 Execution of the sequences of instructions contained in the main memory [1006] causes
the processor [1004] to perform the process steps described herein. In alternative embodiments, hard-wired circuitry may be used in place of or in combination with software instructions.
15 [117] The computing device [1000] also may include a communication interface [1018]
coupled to the bus [1002]. The communication interface [1018] provides a two-way data communication coupling to a network link [1020] that is connected to a local network [1022]. For example, the communication interface [1018] may be an integrated services digital network (ISDN) card, cable modem, satellite modem, or a modem to provide a data
20 communication connection to a corresponding type of telephone line. As another example,
the communication interface [1018] may be a local area network (LAN) card to provide a data communication connection to a compatible LAN. Wireless links may also be implemented. In any such implementation, the communication interface [1018] sends and receives electrical, electromagnetic or optical signals that carry digital data streams
25 representing various types of information.
[118] The computing device [1000] can send messages and receive data, including
program code, through the network(s), the network link [1020] and the communication
interface [1018]. In the Internet example, a server [1030] might transmit a requested code
30 for an application program through the Internet [1028], the ISP [1026], the Host [1024],
the local network [1022] and the communication interface [1018]. The received code may be executed by the processor [1004] as it is received, and/or stored in the storage device [1010], or other non-volatile storage for later execution.
29

[119] The present disclosure may relate to a user equipment, comprising a memory, and
a processor coupled to the memory, the processor is configured to receive a registration
request associated with a second NF server [204] from a first NF server [202]. The
5 processor is further configured to transmit an authentication request to the first NF server
[202] associated with the registration request. The processor is further configured to
receive, an authentication response based on the authentication request. The authentication
response is generated based on performance of a manual authentication of the second NF
server [204] to generate one of an approval request and a reject request, and wherein one
10 of: an addition procedure and a removal procedure is performed at the first NF server [202],
wherein the addition procedure is performed in an event the approval request is generated, and the removal procedure is performed in an event the reject request is generated.
[120] The present disclosure may relate to a non-transitory computer readable storage
15 medium storing instruction providing an interface-based authentication of one or more
network functions in a telecommunication network. The instructions include an executable
code which, when executed by one or more units of the system, causes a transceiver unit
[202a] receive, from a Network Repository Function (NRF) server [206], a successful
registration indication of a second network function (NF) server [104], receive, from the
20 NRF server [206], a NF profile of the second NF server [204], and receive, via one or more
interfaces, one of an approval request and a reject request based on the manual
authentication of the second NF server [204], a processing unit [202c] connected to at least
the transceiver unit [202a] to perform one of: an addition procedure and a removal
procedure, wherein the addition procedure is performed in an event the approval request is
25 received, and the removal procedure is performed in an event the reject request is received;
and the processing unit [202c] to route a network traffic from the first NF server [202] to
the second NF server [204] based at least on the receipt of the approval request.
[121] As is evident from the above, the present disclosure provides a technically
30 advanced solution for manual verification of a Network function (NF) profile parameters
before start of an actual live traffic post a NF registration to enhance a security and for reduction in manual errors. Additionally, the solution as disclosed in the present disclosure prevents failures during commissioning phase of the NF. It also prevents from a counterfeit
30

NF (i.e. unauthorized instance of NF which may involve an imitation of an authorized NF
to compromise network security) somehow registering at the NRF leading to a data theft
or a service degradation in a network or both. In this solution, the SCP Controller acts as
two factor authentication of the Network Function, one performed at the NRF and other via
5 a manual authentication. Moreover, the present solution is an enhancement of the 3GPP
standard and fills the gap in its procedures and specifications. The solution is required for a robust functioning of the 5G network.
[122] While considerable emphasis has been placed herein on the disclosed
10 embodiments, it will be appreciated that many embodiments can be made and that many
changes can be made to the embodiments without departing from the principles of the present disclosure. These and other changes in the embodiments of the present disclosure will be apparent to those skilled in the art, whereby it is to be understood that the foregoing descriptive matter to be implemented is illustrative and non-limiting. 15
31

We Claim
1. A method for providing an interface-based authentication of one or more network
functions, the method comprising:
- receiving, by a transceiver unit [202a] at a first network function (NF) server [202] from a Network Repository Function (NRF) server [206], a successful registration indication of a second network function (NF) server [204];
- receiving, by the transceiver unit [202a] at the first NF server [202] from the NRF server [206], a NF profile of the second NF server [204];
- receiving, by the transceiver unit [202a] at the first NF server [202] via one or more interfaces, one of an approval request and a reject request based on a manual authentication of the second NF server [204];
- performing, by a processing unit [202c] at the first NF server [202], one of: an addition procedure and a removal procedure, wherein the addition procedure is performed in an event the approval request is received, and the removal procedure is performed in an event the reject request is received; and
- facilitating routing, by the processing unit [202c] at the first NF server [202], a network traffic from the first NF server [202] to the second NF server [204] based at least on the receipt of the approval request.

2. The method as claimed in claim 1, wherein the first NF server is a service communication proxy (SCP) controller.
3. The method as claimed in claim 1, wherein the method further comprising: identifying, by an identification unit [202b] at the first NF server [202], the successful registration indication as one of a new registration of the second network function (NF) server [204] and a re-registration of the second network function (NF) server [204].
4. The method as claimed in claim 1, wherein the addition procedure comprises adding, by the processing unit [202c] at the first NF server [202], a details of the second NF server [204] in a traffic serving NF list, and the removal procedure comprises removing, by the processing unit [202c] at the first NF server [202], the

NF profile of the second NF server [204] from a cache memory associated with the first NF server [202].
5. The method as claimed in claim 1, wherein prior to the receiving, by the transceiver
unit [202a] at the first NF server [202] from the NRF server [206], the successful
registration indication of the second NF server [204], the method further
comprising:
- receiving, by the NRF server [206] from the second NF server [204], a registration request for registration of the second NF server [204], in one of a direct mode or indirect mode, wherein the direct mode comprises receiving the registration request by the NRF server [206] from the second NF server [204] directly, and the indirect mode comprises receiving the registration request by the NRF server [206] from the second NF server [204] via the first NF server [202], and
- sending, by the NRF server [206] to the second NF server [204], a response indicating the successful registration of the second NF server [204] with the NRF server [206].
6. The method as claimed in claim 1, wherein the receiving, by the transceiver unit
[202a] at the first NF server [202], the NF profile of the second NF server [204],
comprises:
- receiving, by the transceiver unit [202a] at the first NF server [202], the NF
profile of the second NF server [204] and a status code based on the response
indicating the successful registration.
7. The method as claimed in claim 3, wherein in an event of identifying of the
successful registration as the new registration of the second NF server [204], the
method comprises:
- storing, by a storage unit [202e] at the first NF server [202], the NF profile of
the second NF server [204].

8. A system [200] for providing an interface-based authentication of one or more
network functions, the system [200] comprising a first network function (NF)
server [202], the first network function (NF) server [202] further comprises:
- a transceiver unit [202a] configured to:
o receive, from a Network Repository Function (NRF) server [206], a
successful registration indication of a second network function (NF)
server [104], o receive, from the NRF server [206], a NF profile of the second NF
server [204], and o receive, via one or more interface, one of an approval request and a
reject request based on a manual authentication of the second NF
server [204];
- a processing unit [202c] connected to at least the transceiver unit [202a], wherein the processing unit [202c] is configured to:
- perform one of: an addition procedure and a removal procedure, wherein the addition procedure is performed in an event the approval request is received, and the removal procedure is performed in an event the reject request is received; and facilitate routing a network traffic from the first NF server [202] to the second NF server [204] based at least on the receipt of the approval request.

9. The system [200] as claimed in claim 8, wherein the first network function server [202] is a service communication proxy (SCP) controller.
10. The system [200] as clamed in claim 8, further comprising an identification unit [202b] configured to identify, the successful registration indication as one of a new registration of the second network function (NF) server [204] and a re-registration of the second network function (NF) server [204].
11. The system [200] as claimed in claim 8, wherein the processing unit [202c] is further configured to:
- perform the addition procedure by adding a detail of the second NF server
[204] in a traffic serving NF list, and

- perform the removal procedure by removing the NF profile of the second NF
server [204] from a cache memory associated with the first NF server [202].
12. The system [200] as claimed in claim 8, wherein prior to the receipt of the
successful registration indication of the second NF server [204] by the transceiver
unit [202a] at the first NF server [202], the system is further configured to:
- receive, by the NRF server [206] from the second NF server [204], a registration request for registration of the second NF server [204], in one of a direct mode or indirect mode, wherein the direct mode comprises receipt of the registration request by the NRF server [206] from the second NF server [204] directly, and the indirect mode comprises receipt of the registration request by the NRF server [206] from the second NF server [204] via the first NF server [202], and
- send, by the NRF server [206] to the second NF server [204], a response indicating the successful registration of the second NF server [204] with the NRF server [206].

13. The system [200] as claimed in claim 8, wherein to receive the NF profile of the second NF server [204], the transceiver unit [202a] is further configured to receive the NF profile of the second NF server [204] and a status code based on the response indicating the successful registration.
14. The system [200] as claimed in claim 10, further comprising a storage unit [202e] configured to store, the NF profile of the second NF server [204] in an event the successful registration is identified as the new registration of the second NF server [204].
15. A user equipment, comprising:
- a memory, and
- a processor coupled to the memory, the processor is configured to:
receive a registration request associated with a second NF server [204] from a first NF server [202],

transmit an authentication request to the first NF server [202] associated with the registration request, and
receive, an authentication response based on the authentication request. wherein the authentication response is generated based on:
performance of a manual authentication of the second NF server [204] to generate one of an approval request and a reject request, and wherein
one of: an addition procedure and a removal procedure is performed at the first NF server [202], wherein the addition procedure is performed in an event the approval request is generated, and the removal procedure is performed in an event the reject request is generated.