User Equipment Authentication and Authorization Procedure for Edge Data Network

What is claimed: 1 . A user equipment (UE), comprising: a transceiver configured to communicate with a network; and a processor communicatively coupled to the transceiver and configured to perform operations comprising: generating a first credential based on a second credential, the second credential generated for a procedure between the UE and a cellular network; generating an identifier corresponding to the first credential; generating a message authentication code based on the first credential and a count, wherein the count is associated with an identifier of an edge network client running on the UE; transmitting an application registration request message to a server associated with an edge data network, the application registration request message including the count, the message authentication code, the identifier corresponding to the first credential, and a public land mobile network identifier (PLMN ID) of the network; and receiving an authentication accept message or an authentication reject message from the server associated with the edge data network. 2 . The UE of claim 1 , wherein the second credential is generated for a primary authentication procedure including an authentication server function (AUSF), and wherein the second credential is K AUSF . 3 . The UE of claim 1 , wherein the first credential is further based on an identifier associated with the UE or other shared information between the UE and the cellular network. 4 . The UE of claim 3 , wherein the identifier associated with the UE is one of a subscription permanent identifier (SUPT) or a generic public subscription identifier (GPSI). 5 . The UE of claim 1 , wherein the operations further comprise: generating a mapping relationship between the count and the identifier associated with the edge network client. 6 . The UE of claim 5 , wherein the UE stores a plurality of identifiers associated with the edge network client, and wherein the count is a corresponding plurality of counts, and wherein the operations further comprise: generating a mapping relationship between the plurality of counts and the plurality of identifiers associated with the edge network client. 7 . The UE of claim 6 , wherein the operations further comprise: generating a new count for each of the plurality of counts that has been utilized a predetermined number of times; and updating the mapping relationship between the plurality of counts and the plurality of identifiers associated with the edge network client to include the new count. 8 . The UE of claim 1 , wherein the server associated with the edge data network is an edge configuration server (ECS). 9 . A network component, implementing a unified data management (UDM) of a core network, comprising: one or more processors configured to perform operations comprising: receiving an identifier corresponding to a user equipment (UE), a first credential, and an identifier corresponding to the first credential from an authentication server function (AUSF); receiving a mapping relationship between the identifier corresponding to the UE and the first credential and the identifier corresponding to the first credential from the AUSF; receiving an authentication verification message including a count, a message authentication code, and the identifier corresponding to the first credential from a network exposure function (NEF); determining the first credential based on the identifier corresponding to the first credential received from the NEF; verifying the message authentication code using the first credential and the count; and transmitting an authentication accept message or an authentication reject message to the NEF based on the verification of the message authentication code. 10 . The network component of claim 9 , wherein the first credential is based on a K AUSF credential and the identifier associated with the UE. 11 . The network component of claim 10 , wherein the identifier associated with the UE is one of a subscription permanent identifier (SUPT) or a generic public subscription identifier (GPSI). 12 . The network component of claim 9 , wherein the message authentication code is based on the first credential and the count. 13 . The network component of claim 9 , wherein verifying the message authentication code comprises: retrieving the first credential received from the AUSF; generating a second message authentication code based on the first credential and the count, wherein the second message authentication code is independent of the MAC EEC received from the NEF; and comparing the second message authentication code to the message authentication code received from the NEF. 14 . The network component of claim 9 , wherein the count corresponds to an identifier associated with an edge network client running on the UE. 15 . A network component implementing a network exposure function (NEF) of a core network, comprising: one or more processors configured to perform operations comprising: generating a mapping relationship between an identifier associated with an edge network client running on a user equipment (UE) and an identifier associated with the UE; receiving an application registration request message from the UE, the application registration request message including the edge network client identifier, a message authentication code, and an identifier corresponding to a first credential; mapping the edge network client identifier received from the UE to the identifier associated with the UE based on the mapping relationship; transmitting a first authentication verification message to a server associated with an edge data network, the first authentication verification message including the identifier associated with the UE, the message authentication code, and the identifier corresponding to the first credential; receiving a second authentication verification message from the server, the second authentication verification message including a second identifier associated with the UE, a second message authentication code, and a second identifier corresponding to the first credential; mapping the second identifier associated with the UE to the EEC ID based on the mapping relationship; and transmitting an authentication verification request message to an authentication server function (AUSF), the authentication verification request message including the edge network client identifier, the second message authentication code, and the second identifier corresponding to the first credential. 16 . The network component of claim 15 , wherein if AUSF determines that the second message authentication code received from the server and the message authentication code received from the UE are the same, the operations further comprise: receiving an authentication success message from the AUSF; and forwarding the authentication success message to the server. 17 . The network component of claim 15 , wherein the first credential is based on a second credential and the identifier associated with the UE, wherein the second credential is for a primary authentication procedure. 18 . The network component of claim 17 , wherein the identifier associated with the UE is one of a subscription permanent identifier (SUFI) or a generic public subscription identifier (GPSI). 19 . The network component of claim 15 , wherein the server associated with the edge data network is an edge configuration server (ECS).