5G-ACIA White Paper

Industrial 5G Devices –
Architecture and Capabilities

5G Alliance for Connected Industries and Automation

White Paper 5G-ACIA Report – Industrial 5G Devices – Architecture and Capabilities

2
 White Paper 5G-ACIA Report – Industrial 5G Devices – Architecture and Capabilities

Table of Contents
1. Executive Summary 5

2. Introduction 6

3. Industrial 5G Devices 7
3.1 Types of Industrial 5G Devices 7
3.1.1 Low-Latency Sensors/Actuators 8
3.1.2 Low-Power Sensors/Actuators 8
3.1.3 2D/3D Sensors 8
3.1.4 HMI and xR 8
3.1.5 PLCs and Controllers 9
3.1.6 Gateways 9
3.1.7 TSN Ports 10
3.2 Characteristics of Industrial 5G Devices 11
3.2.1 Time Characteristics 11
3.2.2 Data Characteristics 12
3.2.3 Power Characteristics 13
3.2.4 Time Synchronization 13
3.2.5 Positioning 13
3.2.6 Communication Themes 14
3.3 Examples of Industrial 5G Devices 14
3.3.1 5G IP67 Sensor 16
3.3.2 5G Smart Sensor 16
3.3.3 5G IIoT Level Sensor 18
3.3.4 5G Dual-Channel Adapter 18
3.3.5 5G Remote I/O for Process Control 19
3.3.6 5G Process Control via Mobile Panel 19
3.3.7 Mobile App for 5G Industrial Devices for Augmented Field Applications 20
3.3.8 5G Drone Operation 20
3.3.9 5G Ethernet Bridge 21
3.3.10 5G Wireless Router 21
3.3.11 5G Industrial Gateway 22
3.3.12 5G Mobile Tracker 22
3.3.13 5G Valve Terminal 23
3.3.14 5G Controller (Remote I/O) 24

4. Logical Reference Architecture for Industrial 5G Devices 25

4.1 Top-Level Logical Architecture 25
4.2 Practical Logical Architecture 26
4.2.1 Logical Architecture for Supporting Applications Inside a
5G Industrial Device 27
4.2.2 Logical Architecture for Supporting Applications or Networking
Using IP or Ethernet with Traditional Non-Time-Aware QoS 28
4.2.3 Logical Architecture for Supporting Applications Using IP and Ethernet
with QoS and Precision Time Protocol over a 5G Radio Link 29
4.2.4 Logical Architecture for Supporting Applications Using Ethernet with IEEE TSN 31

3
White Paper 5G-ACIA Report – Industrial 5G Devices – Architecture and Capabilities

4.3 Device Authentication 32

4.3.1 Introduction 32
4.3.2 Primary Authentication for PNI-NPNs 32
4.3.3 Primary Authentication of SNPNs 32
4.3.4 NSSAA and Secondary Authentication 34
4.3.5 Summary 34

5. Industrial 5G Device Physical Reference Architecture 35

5.1 Explosion Protection for Devices in Hazardous Areas 35
5.1.1 Introduction 35
5.1.2 Classification of Zones 35
5.1.3 Types of Explosion Protection for Industrial Devices 35
5.2 Physical Implementation for Storing Credentials 37
5.2.1 Removable Secure Element 38
5.2.2 Embedded Secure Element Without Key Management Interface 38
5.2.3 Embedded Secure Element with Key Management Interface 38
5.2.4 Provisioning of Cellular Credentials 38
5.3 Chipset Versus Module 39
5.4 Radio Module Form Factor Standards 39
5.5 Standalone Versus Integrated Application Processor 39
5.6 Interface Between Application Processor and Radio Module 40
5.6.1 Data Interface 40
5.6.2 Time Synchronization Interface 40
5.7 Generic Block Diagrams for Industrial 5G Devices and Interface Options 40
5.7.1 Low-Power and Low-Latency Sensors/Actuators, 2D- and 3D-Sensor
Industrial 5G Devices 41
5.7.2 HMI and xR Devices 41
5.7.3 Gateways and PLCs/Controllers 42
5.7.4 TSN Port Industrial 5G Devices 43

6. Conclusions 45

7. Definitions of Acronyms and Key Terms 46

8. References 49

4
 White Paper 5G-ACIA Report – Industrial 5G Devices – Architecture and Capabilities

1. Executive Summary
This white paper provides an overview of the kinds of About 5G-ACIA
devices that can be needed in order for 5G to benefit
the manufacturing industry and related sectors. As 5G The 5G Alliance for Connected Industries and Automation
systems are implemented in factories and other settings, (5G-ACIA) was established to serve as the main global
attention is increasingly shifting to designing devices forum for addressing, discussing, and evaluating relevant
that will let them work on the shop floor. A whole new technical, regulatory, and business aspects of 5G for the
generation of 5G-compatible devices is now being industrial domain. It embraces the entire ecosystem and all
developed. This paper provides an introduction and practical relevant stakeholders, which include but aren’t limited to
guide to this field for everyone who is directly or indirectly the operational technology industry (industrial automation
involved in it, whether they are academics, manufacturers, companies, engineering companies, production system
factory owners or operators, designers, or engineers. Its manufacturers, end users, etc.), the information and
main purpose is to provide an easy-to-read overview of the communication technology industry (chip manufacturers,
various categories of devices and solutions that are now network infrastructure vendors, mobile network operators,
appearing, while going into greater technical detail on key etc.), universities, government agencies, research facilities,
technical topics and design issues. and industry associations. 5G-ACIA’s overarching goal is
to promote the best possible use of industrial 5G while
The main types of 5G devices are presented and described maximizing the usefulness of 5G technology and 5G
and a number of real-world examples discussed while networks in the industrial domain. This includes ensuring
describing the most important technical issues, challenges, that ongoing 5G standardization and regulatory activities
and solutions involved in each case. On a more theoretical adequately consider relevant interests and requirements and
level, reference architectures are then presented for the that new developments in 5G are effectively communicated
most common types of industrial 5G devices, including to and understood by manufacturers.
generic block diagrams.

Finally, various aspects of the physical architecture of such

devices are discussed, covering challenges such as explosion
protection, storage of credentials, the pros and cons of
chipset versus module solutions, radio module form factor
standards, a comparison of standalone and integrated
application processors, and implementation of interfaces.

5
White Paper 5G-ACIA Report – Industrial 5G Devices – Architecture and Capabilities

2. Introduction
The fifth-generation standard for broadband cellular networks
(5G) enables reliable, low-latency, high-bandwidth data
transmission, making it a key technology for the future of
industrial communications. The introduction of 5G to factories
and a wide range of other industrial facilities is also creating a
need for industrial devices that support the 5G standard.

How should an industrial 5G device be designed? This white

paper provides chip manufacturers, module vendors, and
device manufacturers with guidance on the available choices.

Chapter 3 describes various kinds of industrial 5G devices,

mainly from an operational technology (OT) perspective. It also
contains a large collection of example industrial 5G devices
gathered from 5G-ACIA members. Chapters 4 and 5 describe
the logical and physical architecture of industrial 5G devices.

This white paper makes it clear that the field of industrial

5G devices draws on a wide range of engineering disciplines
including operational technology (OT) and information and
communication technology (ICT). It also integrates aspects of
mechanical design, product safety, and cybersecurity.

6
 White Paper 5G-ACIA Report – Industrial 5G Devices – Architecture and Capabilities

3. Industrial 5G Devices
Industrial 5G devices come in a wide variety of types and 3.1 Types of Industrial 5G Devices
shapes and can be deployed for diverse use cases as described
in [4] and [8]. Section 3.1 provides an overview of different This section presents seven different types of industrial 5G
industrial 5G device types, section 3.2 describes some of their devices:
characteristics, and section 3.3 presents various example
applications. • Low-latency sensors/actuators
• Low-power sensors/actuators
The following discussion includes references and links to • 2D/3D sensors
example use cases and related requirements. For the sake • HMI and xR
of conciseness, it only goes into detail on a relatively small • PLCs and controllers
number of use cases for applications that include motion • Gateways
control, portable tools in assembly areas, remote augmented • TSN ports
reality, and process automation. The numerical values and
ranges given in section 3.2 for industrial devices in certain use These industrial 5G devices are described from an operational
cases are only examples. technology perspective. Their types are indicated when
discussing their logical and physical architectures.
Figure 1: An industrial 5G device as part of a machine
The gateway industrial 5G device discussed in 3.1.6 involves
transparent information transfer between different
communication technologies on various protocol levels.
It integrates industrial protocol gateway, IP routing, and
Ethernet bridging functionality. The TSN port industrial 5G
device (forming part of a distributed TSN bridge within the 5G
system) is separately described in 3.1.7 since it has a different
architecture.

The industrial 5G device types discussed here are illustrated

by a large collection of examples in section 3.3.

Industrial 5G devices can be either standalone or integrated

into something else. Figure 1 shows an industrial 5G device
integrated in a machine. This approach makes it possible to
depict an industrial 5G device while showing only the functions
that are most relevant from a communication perspective.

7
White Paper 5G-ACIA Report – Industrial 5G Devices – Architecture and Capabilities

3.1.1 Low-Latency Sensors/Actuators 3.1.3 2D/3D Sensors

Figure 2: Low-latency sensor and actuator Figure 4: 2D/3D sensor

Low-latency sensors and actuators are normally wired, but 2D/3D sensors capture two- and/or three-dimensional data
in 5G they can also be connected via a radio interface to a from an industrial manufacturing facility or process. They
PLC and/or controller in the cellular network. In this case, have a radio interface to the cellular network and can include
real-time communication and high reliability are essential. cameras and LIDARS, for example, and deliver 2D and/or 3D
images at defined frame rates.
These devices are commonly deployed in mobile robot use
cases, many of which involve low-latency communication. 2D/3D sensors are typically used to collect production data
This statement also applies to interactions with stationary that are then analyzed by an AI-based system. One applica-
peripherals and cooperation with other robots. tion is data collection for quality assurance and another is
fine-grained positioning.

3.1.2 Low-Power Sensors/Actuators

3.1.4 HMI and xR
Figure 3: Low-power sensor and actuator
Figure 5: HMI and xR

A low-power sensor or actuator has a radio interface to In the context of industrial 5G, HMI or extended reality (xR)
the cellular network. These devices are typically used for can be used to provide a user interface to a manufacturing
monitoring condition, productivity, or production quality. facility or process. This involves a radio interface to the cellu-
They can be battery-powered and may spend much of the lar network as well as communication media that can include
time in sleep mode. Since they are typically expected to video screens, loudspeakers, cameras, and/or microphones.
operate for several years without recharging, it’s essential Their purpose is typically to provide visual information to an
for them to be energy-efficient. operator for interacting with an industrial facility or process.

8
 White Paper 5G-ACIA Report – Industrial 5G Devices – Architecture and Capabilities

3.1.5 PLCs and Controllers 3.1.6 Gateways

Figure 6: PLC Figure 7: Gateway

A PLC/controller (PLC stands for “programmable logic A gateway has a radio interface to a cellular network and a
controller”) has a radio interface to the cellular network, standardized wired (or wireless) interface to an industrial
another interface to one or more local industrial networks, network. Its purpose is to relay information between the two.
and/or various I/O interfaces. It is basically an industrial
computer that is used to control one or more processes. Common industrial network interfaces include industrial Eth-
ernet and fieldbus interfaces.
A 5G radio interface is typically connected to one or more of
the following: A gateway can operate in different protocol layers; figure 8
shows some examples.
• A supervisory system
• Another PLC or other controller In the context of industrial 5G, HMI or extended reality (xR)
• Devices in the control loop can be used to provide a user interface to a manufacturing fa-
cility or process. This involves a radio interface to the cellular
When a 5G radio interface is used to communicate with de- network as well as communication media, which can include
vices in the control loop, another PLC, or some other type of video screens, loudspeakers, cameras, and/or microphones.
controller, communication is time-critical. Outside of control Their purpose is typically to provide visual information to an
loops, the timing requirements are less strict. operator for interacting with an industrial facility or process.

9
White Paper 5G-ACIA Report – Industrial 5G Devices – Architecture and Capabilities

Figure 8: Examples of gateway functionality in different protocol layers

A 5G gateway can be preferrable to sensors and actuators installations such as production/ process modules, and in chal-
with integrated 5G when retrofitting, in certain kinds of lenging environmental conditions such as hazardous areas.

3.1.7 TSN Ports

Figure 9: A TSN port as part of a logical TSN bridge

An industrial 5G device can serve as a port in a distributed This is explained in greater detail in chapter 4.
5GS Ethernet bridge anchored to a 5G user plane function
(UPF). A 5GS Ethernet bridge can be configured to support These devices can be employed, for instance, in mobile robots
features and management interfaces that comply with the that need to interact with one another, collaborative robots
IEEE time-sensitive networking (TSN) standards and the (cobots) that grasp and hand over parts, and cooperative
generalized precision time protocol (gPTP, IEEE 802.1AS) for driving scenarios. In all of these cases, it’s essential to
integration in TSN- and gPTP-capable Ethernet networks. synchronize the actions of multiple actors.

10
 White Paper 5G-ACIA Report – Industrial 5G Devices – Architecture and Capabilities

3.2 Characteristics of Industrial 5G 3GPP 5G uses the terms “transfer interval” and “periodic
Devices deterministic communication” to describe these patterns. The
transfer interval is the time difference between two consecu-
tive transfers of application data from an application to a 3GPP
system via a service interface [8].
3.2.1 Time Characteristics
Figure 10 illustrates typical transfer intervals. Periodic deter-
The factory automation protocols used for communication be- ministic communication (cyclical traffic) predominates in PLC/
tween a PLC and multiple devices follow a deterministic cyclic controller, low-latency sensor/actuator, and TSN port industrial
(or periodic) transmission pattern in which all of the sensors 5G devices. There can also be aperiodic traffic such as alarms
are read and all of the actuators are set during each cycle. and firmware upgrades, which aren’t included in the figure.

Figure 10: Examples of gateway functionality in different protocol layers

In addition to conventional devices deployed for factory The transfer time interval depends on the use case. To
automation, other devices are used to support Industrial IoT illustrate this, the interval for a mobile robot moving between
and Industry 4.0 in industrial installations. They include low- two points depends on its navigation mode [7]:
power sensors and actuators, 2D and 3D sensors, and HMI
and xR devices. These devices typically exchange information • For infrastructure, track-guided navigation involves a
at regular time intervals much longer than those for factory transfer time of around 500 ms.
automation devices. • Sensor/camera-based navigation involves a transfer
time in the range of 10 to 100 ms.
Gateways can be used with both conventional factory • Cooperative driving requires a very short transfer time
automation devices and the devices mentioned in the of around 5 ms.
previous paragraph.
The relationship between the transfer time interval and
The latency requirements are largely determined by the cycle the required maximum network latency is different for low-
times and transfer intervals of the relevant factory automation power sensors and actuators, 2D and 3D sensors, and HMI
protocols and use cases. The maximum permissible latency and xR devices. For example, a 4k camera with a frame rate
must be shorter than the transfer interval [8]. In isochronous of 60 frames per second delivers data every 17 ms, but it is
use cases, the network latency may not exceed 20% to 50% often acceptable for the network to have a greater latency
of the cycle time or transfer interval [2]. than this.

11
White Paper 5G-ACIA Report – Industrial 5G Devices – Architecture and Capabilities

3.2.2 Data Characteristics sensors and actuators output multiple values, however,
and protocol data are also communicated. The minimum
Table 1 shows typical message sizes for various industrial frame size in Ethernet is 64 bytes, which is also the
5G devices. minimum message size as shown in table 1. The maximum
message size is assumed to be 1522 bytes, corresponding
The smallest sensor or actuator data unit is a single bit, the to the largest Ethernet frame size with VLAN tagging. The
value of which can indicate an input or an output. Analog required data rates can be calculated from the transfer
values are commonly expressed as 16- or 32-bit values. Many intervals given in section 3.2.1.

Table 1: Typical data parameters of industrial 5G devices

Message size Streams Bitrate

Low-latency sensors/ 64 to 1522 bytes 1 ≤ 200 kbit/s to 2 Mbit/s

actuators

Low-power sensors/ 64 bytes or more 1 A few kbit/s to 2 Mbit/s

actuators

PLCs and controllers 64 to 1522 bytes ≥1 Up to line speed (100 Mbit/s, 1 Gbit/s)

Gateways 64 to 1522 bytes ≥1 Up to line speed (100 Mbit/s, 1 Gbit/s)

TSN ports 64 to 1522 bytes ≥1 Up to line speed (100 Mbit/s, 1 Gbit/s)

The bitrates given in table 1 correspond to the transmission • Interactions with stationary peripherals (grasping of
speeds of active industrial 5G devices. unsorted piles) and a burst of 50 messages: a packet
size of 1500 bytes and a data rate of around 400 Mbit/s
The data characteristics for PLCs and other controllers, TSN
ports, and gateway industrial devices depend on the under- The data volumes generated by a 2D sensor depend on its
lying use cases. With mobile robots, for example, different resolution, the frame rate, the color depth, and any applied
aspects can play a role depending on the functionality compression. For example, a 4k video with 60 frames per
involved [7]. second and 24 bits per pixel has an uncompressed bitrate of
11.9 Gbps. A video stream can be compressed using a generic
When the robots are moving between two points, the traffic or application-specific algorithm.
models differ depending on the type of navigation used:
Say that a 4k video camera is used to monitor product quality
• Infrastructure- or track-guided navigation: a packet in a production process. Instead of sending all of the video
size of around 250 bytes and a data rate of 50 to frames to a central server, an application-specific algorithm
250 kbit/s can be used to select only those frames that actually show
• Sensor- or camera-based navigation: a packet size of each new product captured. This can dramatically reduce the
around 1500 byte and a data rate of 60 Mbit/s data stream.
• Cooperative driving: a packet size of around 250 bytes
and a data rate of 125 kbit/s

12
 White Paper 5G-ACIA Report – Industrial 5G Devices – Architecture and Capabilities

3D sensors generate even more data than 2D sensors. Both 2D 3.2.4 Time Synchronization
and 3D sensor data can be compressed using either generic or
application-specific algorithms. Both types are generally also All industrial 5G devices need to be synchronized with
transmitted in the uplink direction. different time domains. These include working clock domains
and global clock domains. There is also a 5G clock domain,
The traffic characteristics of HMI and xR devices vary greatly which is needed for 5G radio communication.
depending on the use case. At the high end, video is streamed
to a device at a bitrate that is generally between one and A working clock domain is needed for synchronizing sensors
25 Mbit/s. HMI and xR devices mainly transmit data in the and actuators that are part of a control loop. Examples are
downlink direction. robot collaboration and cooperative driving, in which time
synchronization is paramount. Time synchronization can be
In automated processing plants, traffic is deterministic and explicit using protocols such as PTP (IEEE 1588) or gPTP (IEEE
periodic. Section 3.3.5 presents an example of remote I/O for 802.1AS), or else implicit with read and write commands
process control. received from the PLC.

A global time domain is needed for sequences of events, time

stamping of data, and time stamping of diagnostic events.
3.2.3 Power Characteristics It is usually shared across an industrial facility and aligned
with UTC.
One of the main reasons to deploy private industrial 5G
networks is to make factories more flexible. More of the When industrial 5G devices aren’t actively communicating
machines and devices used become wireless and battery- with the infrastructure, the clock domains are maintained
operated as a result. by local clocks. These clocks gradually lose accuracy and need
to be resynchronized, however. It’s also possible to imagine
HMI and xR devices are normally battery-operated. A industrial 5G devices that aren’t synchronized with either a
typical use case is when a worker uses one or more devices working clock or a global clock. An example is a tank sensor
throughout a shift. At the end of the shift, they are placed in that sets off an alarm when the level in the tank drops too
chargers. This presupposes that the battery of each HMI or far.
xR device has sufficient capacity to operate during an entire
shift, which typically lasts about 10 hours including breaks. In order for PTP or gPTP over 5G radio to work, 3GPP-defined
The same considerations apply to portable tools. device-side time-sensitive translator (DS-TT) functionality
must be implemented in the industrial 5G devices. See
Low-power sensors and actuators are also usually battery- chapter 4 for a more detailed discussion.
operated. The main reason for taking this approach is to
reduce the cost of wiring. Batteries can be either rechargeable
or disposable. In some cases, an entire device is discarded
along with its battery. 3.2.5 Positioning
Most other industrial 5G devices are typically powered by the One of the main uses of industrial 5G is for enabling the
machine they are installed on. For example, a gateway could mobility of machines, materials, and people, among other
be mounted on an AGV. In this case, the gateway is powered things, in production and processing facilities. Mobility
by the AGV’s battery. The same considerations apply to introduces a need for positioning.
mobile robots.
Some HMI and xR devices involve position-dependent
application behaviors. Other industrial 5G devices may also

13
White Paper 5G-ACIA Report – Industrial 5G Devices – Architecture and Capabilities

require positioning; a gateway on an AGV, for example, can a small form factor, and potentially low costs. The second
provide positioning information to help it navigate. situation involves very high throughput (high bandwidth),
low latency, and high reliability. And the third raises the
Another example is low-power sensors and actuators used to bar even further with traffic-related properties that include
track materials in a factory. The device’s position is reported ultra-low latency and ultra-high reliability to satisfy even the
every time it changes. most stringent requirements of time-sensitive applications.

Here are some examples of positioning requirements for the Communication modules and intra-device communication
analyzed use cases [6],[7]: technologies are designed and tailored to deliver the
properties that are typically associated with one of
• When a robot is moving between two points, an these themes. This is necessary, since the scenarios are
accuracy of 0.3 m or better with 99.99% availability is characterized by mutually exclusive characteristics that
adequate. However, it needs to reach its destination can’t all be provided by a single module. Ultimately,
with an accuracy of ± 5 cm (this is supported by a however, it is a product-specific decision whether or not
centering station). a communication module and the corresponding building
• When a robot is interacting with other peripherals, it blocks for devices should be optimized to meet the
may need to achieve single-millimeter precision. needs of a particular scenario or designed to cover some of
• In the case of mobile tools, which have to be the requirements of multiple scenarios.
individually configured depending on their positions in
the production line, a vertical and horizontal accuracy of
better than 20 cm is required.
3.3 Examples of Industrial 5G
Devices
3.2.6 Communication Themes Here we present a selection of hypothetical industrial 5G
devices. They have been submitted by 5G-ACIA member
The 5G industrial devices presented and described in the companies to illustrate the possibilities going forward. None
preceding sections require very diverse communication of them is available in the market at this time, and there is no
capabilities. Communication modules (see figure 38) and guarantee that they will ever actually be developed and built.
technologies linking different parts of the same device
must also meet the needs of the application using it. It’s A number of other use cases are presented in the 5G-ACIA
therefore safe to assume that no single implementation can white paper “5G for Automation in Industry” [4].
provide the entire range of communication parameters for all
applications; aspects such as power consumption, size, Table 2 below maps use cases and example industrial
and complexity can vary. On the other hand, implementing devices. It includes the use case of “portable tools”, which
specialized modules for each profile would result in are used throughout an assembly area to assist workers in
market fragmentation and make it impossible to benefit from performing specific tasks. Examples include power
economies of scale. Analyzing the communication screwdrivers, riveting tools, and staple guns.
requirements of various use cases and the corresponding Depending on the activity performed, they need to be
devices, three major themes emerge. configured, identified, localized, and monitored.

The first is characterized by energy-efficient (battery-driven)

communication and low throughput (up to a few Mbit/s; this
is specified for industrial wireless sensors by 3GPP 22.104 [8]),
low overall active duty with extended periods of inactivity,
no essential time-sensitive data deliveries, and tolerance
for temporary data loss. Devices designed for this type of
situation are generally optimized for low power consumption,

14
 White Paper 5G-ACIA Report – Industrial 5G Devices – Architecture and Capabilities

Table 2: Example industrial 5G devices and their potential use cases

Motion control

Control-to-control

panels
Mobile control

Mobile robots

sensor networks
Massive wireless

maintenance
Remote access and

Augmented reality

control
Closed-loop process

Process monitoring

management
Plant asset

Portable tools

Portable tools
IP67 sensor X X

5G smart
X X X
sensor

5G IIoT
X
level sensor

5G second
X X
channel adapter

5G remote I/O
for process X X X
control

Process control
via mobile X X
panel

Mobile app for

5G industrial
devices for X
augmented field
applications

5G drone
X
operation

5G Ethernet
X X X X X X X
bridge

5G wireless
X X X X
router

5G industrial
X
gateway

5G mobile
X X X
tracker

5G valve
X X X X
terminal

5G controller
X X X X
(remote I/O)

15
White Paper 5G-ACIA Report – Industrial 5G Devices – Architecture and Capabilities

3.3.1 5G IP67 Sensor or even entirely lack them. Their power supply is often
physically connected. Their main task is to reliably sense
Figure 11: Example 5G sensor with integrated antennas and communicate a technical process in real time, either
(source: Weidmueller). periodically or in response to defined events. They must
therefore meet exacting QoS requirements. They are purpose-
optimized, cost-sensitive solutions that contain only a small
number of PCB components and low-level interfaces such as
SPI and UART.

3.3.2 5G Smart Sensor

In many production applications, 5G communication lets
smart sensors operate wirelessly without sacrificing
reliability, availability, or low latency for short response times.
Smart sensors typically have an embedded microcontroller
or FPGA-based computing system for signal processing etc.
IP67 sensors are single-purpose devices surrounded by a While running on battery power, smart sensors can be used
robust enclosure for use in harsh industrial environments for machine-integrated monitoring of dynamic machining
with varying humidity, temperature, vibrations, and other processes such as five-axis milling (see figure 12).
conditions. Some are also filled with epoxy resin or another
insulating liquid compound to protect their internal
electronics, and they have minimal external interfaces

Figure 12: Use of a 5G smart sensor to measure acceleration in 5-axis milling (source: Fraunhofer IPT)

5-axis
milling machine

Piezo accelerometer

BLiSK

Prototype sensor
electronics
with 5G UE

16
 White Paper 5G-ACIA Report – Industrial 5G Devices – Architecture and Capabilities

A smart sensor consists of a sensing probe that converts a measurements. For 5G communication, the smart sensor
physical quantity into an electrical signal, an A/D converter can be equipped with an interface such as USB or Ethernet,
that samples the electrical signal to obtain quantified values, linked to a 5G cellular bridge, or provided with an appropriate
and a processing unit such as a microcontroller unit (MCU) or compact 5G communication module that is directly integrated
FPGA for signal processing and generation of data packets. in its PCB (once these become available).
Figure 13 shows a prototype 5G smart sensor for acceleration

Figure 13: Smart sensor with an accelerometer, a PCB with a sensor driver and processing unit, and an Ethernet interface
(source: Fraunhofer IPT)

Smart Sensor
MMF Sensor board
KS95B10

Analog Ethernet

5G
transceiver
Sensor driver, sampling,
data preprocessing

This smart sensor runs on battery power and can be integrated sensor integration concept. The sensor data can be used to
in a robust IP-grade housing (as shown in Figure 13) to allow trigger adjustments to the machining parameters in case any
safe operation in environments with coolants. The embedded process anomalies are detected.
system can be optionally used to handle different protocols
such as UDP, MQTT, OPC/UA, etc. depending on the overall

17
White Paper 5G-ACIA Report – Industrial 5G Devices – Architecture and Capabilities

3.3.3 5G IIoT Level Sensor 3.3.4 5G Dual-Channel Adapter

A 5G level sensor is an example of a compact, fully integrated This adapter connects field devices with a legacy
device for use in process industries and factories with both communication protocol to a wireless 5G network. It will
nonpublic standalone and public networks. Its principal primarily be used for brownfield installations in the process
task is measuring the levels of liquids or solids in mobile or industry to enable access to additional data for diagnosing
fixed containers. Additional parameters, such as ambient the health of smart sensors or actuators. The adapter
temperature and locations, can also be detected and supports dual-channel communication (also called second
communicated. The device and its antenna are inside a tightly communication channel in the process industry), which
fitting enclosure (IP66/68), which restricts the possibilities enables IT/OT communications independently of (wired)
for on-site commissioning and configuration. Its size is on communication for control purposes.
the order of 10x10x5 cm. The device is battery-powered.
The data rate is normally low (ranging from one transfer The device is powered by a battery or field device and
per minute down to a few per day) but may be higher (one regularly transmits data at a low or moderate rate. In case
transfer per second) when filling or emptying the container. there is an alarm, low-latency transmission is required. It is
Wireless updating of the software is also possible. designed for use in harsh environments (IP66/68) including
explosive atmospheres. Due to its small size of only a few
Figure 14: Mobile IIoT level sensor (source: Endress+Hauser) centimeters across and its tight enclosure, the device
doesn’t include any control elements. Its antenna will
preferably also be internal. It will be able to connect to both
nonpublic standalone networks and public networks.

Figure 15: Field device adapter for dual-channel communi-

cation (source: Endress+Hauser)

18
 White Paper 5G-ACIA Report – Industrial 5G Devices – Architecture and Capabilities

3.3.5 5G Remote I/O for Process Control bytes per device. Reliable communication is critical for this
use case; if it is lost, the entire plant can stop functioning.
This is a modular system for linking field devices (sensors and The requirements in terms of the spacing and reliability of
actuators) to a plant. The devices transfer data via the I/O messaging can be relaxed for process monitoring purposes.
to and/or from upper-layer entities such as controllers, HMIs, The 5G remote I/O can also carry noncritical data for device
asset management servers, etc. Reliable wireless connec- management operations such as diagnostics and software
tions may later replace the cables currently used to connect updates as required by the operator.
an I/O and upper-layer entities.
A 5G remote I/O is required for operating reliably and safely
A 5G remote I/O is required for periodic bidirectional in harsh environments (e.g. across a temperature range from
deterministic communication with a controller for closed- -40º to 70ºC and relative humidity between 5% and 95%),
loop control, with a cycle time that is typically longer than including zone 2 hazardous areas. It is stationary and receives
100 ms. The size of the messages depends on the number its power supply from an external source via a cable.
of devices connected to the I/O but can amount to several

Figure 16: 5G remote I/O installed in plant field (source: Yokogawa)

3.3.6 5G Process Control via Mobile Figure 17: Process view using a mobile panel (source: ABB)
Panel
A battery-operated mobile panel gives a plant’s operators
and workers instant access to the production environment,
letting them monitor and control the status and setpoints of
processes from any location within the plant. Operator mobil-
ity within a facility can be provided by using 5G for connectiv-
ity between the mobile panel device and distributed control
system.

The device displays information from the distributed control

system and lets users take action while on the shop floor to
concurrently supervise multiple automated processes. It al-
lows them to “see what it sees”, thus reducing the time need-
ed to optimize a process or correct a problem.

19
White Paper 5G-ACIA Report – Industrial 5G Devices – Architecture and Capabilities

3.3.7 Mobile App for 5G Industrial

Devices for Augmented Field It also includes other features to support field workers, such
Applications as voice synthesis, remote assistance, and an industrial
chatbot.
Figure 18: Smart glasses for process monitoring (source:
Endress+Hauser) This opens up the possibility of remotely executing process
control actions over the 5G network (for example, opening
or closing valves). It therefore requires a time-synchronized
network in which packets are received on time and in the
right sequence. Data transmitted over the 5G network will
need to be timestamped on the device and network levels.

3.3.8 5G Drone Operation

Many of the unmanned aerial vehicles (commonly known as
drones) in use today are controlled by a human operator via
a point-to-point link over a private wireless network or ISM
This mobile 5G device with an app supports augmented band.
field applications to improve how work is done to a greater
extent than what is possible with conventional paper-based 5G-enabled drones can significantly improve the user
approaches. The operator gets an up-to-date view of scheduled experience by using a public or private (nonpublic) 5G network
tasks and step-by-step support for executing procedures. for monitoring large and distant areas with high-performance
The solution eliminates confusion about which is the latest communication. Such a drone is equipped with sensors (e.g.
version and facilitates updating, copying, and distribution an IR sensor) for fast, efficient monitoring, surveillance, and
of it to relevant personnel. It also provides the operator with inspection of areas such as industrial sites. The captured
knowledge management tools, including easy access to sensor data is continuously relayed to the user for further
additional information (pictures and manuals). Operators can analysis.
use a built-in camera to take pictures of the steps involved in
procedures or read QR codes to ensure that work is executed For such a 5G-enabled drone to operate reliably, the following
using the correct equipment. This enables operators to acquire would be required:
greater competency while performing tasks.
• A control system characterized by high availability and
Industrial 5G devices such as tablets, mobile phones, edge security and low latency. Real-time positioning and
gateways, and smart glasses can significantly improve the time synchronization capabilities are also a must.
end user experience with augmented reality (AR) features. • The data captured by sensors installed on the drone has
to be sent to the user over the network, which requires
5G-enabled mobile field workers using an augmented field a high uplink throughput.
procedure need the mobile app to integrate control system
data and context- and situation-awareness functions. This 5G-enabled drones will be battery-powered and have an
way they can receive field information in real time, appropriate IP rating for outdoor operation. Figure 19 shows
automatically capture values, and directly interact with any an example.
control system to execute procedures in a synchronized
manner. This improves the efficiency of work and
reduces the need for control room and field operators
to constantly communicate with one another by
radio. The solution provides relevant instructions
while helping to ensure that work is done correctly.

20
 White Paper 5G-ACIA Report – Industrial 5G Devices – Architecture and Capabilities

Figure 19: Drone operations via 5G (source: ABB)

3.3.9 5G Ethernet Bridge 3.3.10 5G Wireless Router

Figure 20: 5G Ethernet bridge in a typical cable replacement Figure 21: A mobile machine and a 5G wireless router
use case (source: HMS Networks) (source: HMS Networks)

Here a 5G wireless router doubles as a LAN switch for con-

nected devices. A typical use case is mobile machine connec-
A 5G Ethernet bridge can be used to link Ethernet devices to tivity as illustrated in figure 21. The mobile machine is used
a 5G network. This is typically done to replace cables with a in conjunction with a traffic management system and other
wireless solution as illustrated in figure 20. In this use case, IT functions. The mobile machine can optionally also use a
an industrial Ethernet protocol is bridged via the 5G network. safety protocol.
It is also possible to use this kind of device for normal IP traf-
fic. This requirements for the device to communicate with the
router are high reliability, low latency, and accurate time
The prerequisites for this to work are high reliability, low la- synchronization. It is IP30-rated and equipped with exter-
tency, and accurate time synchronization. The device has IP65 nal antennas. The required throughput is typically less than
ingress protection and internal antennas. The required data one Mbit/s except when used for 2D or 3D sensors, in which
throughput is typically less than one Mbit/s. One exception case an uplink speed of several hundred Mbit/s is needed.
is when the device is used for 2D or 3D sensors; in this case,
an uplink speed of several hundred Mbit/s is required. The The device is often powered by a battery on the mobile ma-
device is often powered by a battery in a mobile machine, in chine and the mobility of the device will be determined by the
which case its mobility is limited to that of the machine. mobility of the mobile machine.

21
White Paper 5G-ACIA Report – [NAME]

3.3.11 5G Industrial Gateway with its environment. This limits the efficiency of indoor
industrial vehicles and rules out the possibility of automating
Figure 22: Indoor industrial vehicles and outdoor automa- machines that are used outdoors. However, a new solution
tion (source: SICK AG) integrates detection and identification systems in the
active vehicle, reliable wireless communication with other
machines, infrastructure-based environmental monitoring
with various sensor technologies, and continuous reporting
of environmental data that can also be used to update
maps and optimize routes.

A 5G industrial gateway can carry both cyclical data (for

safety-related applications, at approx. 100 kbit/s with a
cycle time of less than 100 ms) and noncyclical data (for
example, transferring data for map updates in bursts at a
speed greater than five Mbit/s ). In special cases, sensors
or cameras may send raw data from machine to machine
or to an edge computer. Time synchronization is needed for
these scenarios.

Especially outdoors, sidelink communication between

devices can be crucial for compensating for coverage gaps
in 5G system antennas.

A modular 5G industrial gateway can be used for indoor Ubiquitous positioning with roughly 0.5-meter accuracy
industrial vehicles and mobile outdoor automation for (using GNSS or 5GS) that could be refined further using
machine to machine, machine to infrastructure, and other positioning techniques at loading/unloading.
machine to fleet manager communication.
Powered by the vehicle (if its engine is running and/or it
Currently, tasks such as localization, personal safety, has a large battery), so energy consumption isn’t a critical
collision protection, and load handling are mainly solved factor. When the machine isn’t operating, it can go into a
locally on each vehicle with only minimal communication low-power mode for tracking purposes.

3.3.12 5G Mobile Tracker

Figure 23: Uses for mobile indoor and outdoor trackers (source: SICK AG)

22
 White Paper 5G-ACIA Report – [NAME]

This application involves a battery-powered tracker 3.3.13 5G Valve Terminal

containing a 5G communication module, along with
integrated sensors for condition monitoring and tracking the Figure 24: 5G valve terminal (source: Festo SE & Co KG)
locations of transported goods, objects in ports or airports,
non-power tools, and waste/fill level management. The
use case scenarios for devices of this kind pose different
requirements with regard to the form factor and IP class.
The security and authentication methods used should be
suitable for low-complexity IoT devices. The device will
typically send data to an (edge) cloud.

Use cases involving location and mobile tracking must

consider variables such as international reach, regulations,
density requirements, and consistency across indoor and
outdoor environments.

The device sends a small volume of data (at a rate of

around 100 kbit/s) in a burst lasting several seconds. This
can be triggered by an event or the elapse of a defined time A valve terminal is mainly used to operate multiple channels
interval. It is not intended for continuous monitoring, for in pneumatically controlled systems without the need for
instance of an engine’s vibrations. A deep sleep mode can a switch cabinet. Its modular mechanical design integrates
be used to save energy, but its range of possible uses is multiple pneumatic valves and a controller for decentralized
limited by the lack of a way to wake it up again remotely. control tasks.

There is a need for an indoor and outdoor (low-energy) An integrated microcontroller provides processing capabilities
positioning capability with an accuracy of between five and as part of the integrated control unit. Interfaces for sensors
100 meters using 5GS, GNSS, or another wireless technology and diagnostic data enhance the terminal’s functionality.
such as Wi-Fi or BLE. The actually required accuracy will
depend on the use case and situation. Legacy fieldbuses and industrial Ethernet are established
technologies for communicating with higher-order PLCs.
Low power is critical for enabling long recharging and/or 5G URLLC will replace these wired connections and deliver
battery replacement cycles, for example 13 months apart additional benefits for flexible production plants.
with batteries being replaced within the scope of yearly
maintenance. Typical use cases with challenging timing requirements
include robotic front ends, potentially also in moving
applications.

23
White Paper 5G-ACIA Report – Industrial 5G Devices – Architecture and Capabilities

3.3.14 5G Controller (Remote I/O)

Figure 25: Shown here is the WAGO PFC200 4G controller; a
5G device could be similar to it (source: WAGO GmbH & Co. KG)

A 5G controller resembling this one could be used to pre-

process data from sensor and actuators or provide access to
these peripherals as a remote I/O in a wireless network. Com-
mon digital or analog sensor and actuators, which don’t need
to have IP-based communication, could be directly wired to
I/O modules for flexible connection to the controller. The
typical use cases include controlling flexible machine parts
in a control-to-control loop, collecting data for energy data
management at large production sites, and controlling appli-
cations installed on an AGV.

Depending on the use case, this device requires low laten-

cy and high reliability. High data rates aren’t necessary; one
Mbit/s is normally sufficient. Faster data rates are useful for
software updates but don’t need to exceed 10 Mbit/s. This
device is intended for installation and use inside a box and
therefore doesn’t need to be designed to withstand harsh
environments on its own. It doesn’t include a battery but can
be used on a mobile machine because of its low power con-
sumption. The 5G controller has no internal antennas and can
be used with both public and nonpublic standalone networks.

24
 White Paper 5G-ACIA Report – Industrial 5G Devices – Architecture and Capabilities

4. Logical Reference Architecture for Industrial

5G Devices
To shed light on how the various components of a device They also include EAP-based authentication, which is relevant
implementation interface with one another, this chapter for devices operating in nonpublic 5G networks.
presents reference architectures in the form of generic block
diagrams for the most common types of industrial 5G devices. This section starts by looking at the top-level functional
There are many ways to do this, depending on which of a architecture and then goes on to describe each top-level
device’s physical resources meet the requirements of which function in enough detail to ascertain the interfacing
logical functions. We start with a generalized, undifferentiated requirements for the implementation-level block diagram
logical architecture. architecture.

An industrial 5G device’s logical architecture depicts what it

does without considering the actual hardware components
used to implement it. It shows the device’s main functions 4.1 Top-Level Logical Architecture
from both the ICT and the OT perspectives and how they are
supposed to interact with one another. Once this has been done, An industrial 5G device is a managed connectivity device
it is easier to progress to a block diagram for implementing the whose main purpose is to provide 5G connectivity for one or
detailed architecture. more applications or other devices serving an OT operation.
The applications can be integrated in the device itself or
The architecture integrates functions that aren’t always connected to it via a local network. Figure 26 shows a top-
present in mainstream 5G devices but are important for level logical architecture derived from this functional basis.
industrial devices. They include Ethernet bridging, IEEE This architecture includes all top-level functions that would
Time Sensitive Networking (TSN), and capabilities related to be needed in at least one type of industrial 5G device (not all
Precision Time Protocol (PTP), all of which are important for of them would be needed in every type).
devices operating in industrial Ethernet- or IP-based networks.

Figure 26: Top-level logical architecture

25
White Paper 5G-ACIA Report – Industrial 5G Devices – Architecture and Capabilities

The top-level architecture focuses on communication an OT application residing inside the device relies on external
capabilities and contains the following elements: peripherals such as sensors and actuators, one or more
external point-to-point interfaces are needed to support this,
5G network termination as shown at the top left. If some of the applications need
This comprises all 3GPP-defined device-side functions for to be reached via a local OT network, a networking interface
connecting to a 5G network and operating as part of it. This (shown on the bottom left) is also required.
function makes an industrial device 5G-enabled and is a
requirement for all types of devices.

Local network termination 4.2 Practical Logical Architecture

This is required in order for an industrial 5G device to connect
to a local network (provided that it also has a local network It’s important to present the architectural details down
interface). to the level at which the blocks and interfaces of the
implementation architecture come into view. It makes little
Device management sense to break them down any further than this, since
This function is included in the top-level functional they are either likely to be implemented inside a single
architecture, based on the assumption that there will be a component or it is clear that the functions concerned will
need to manage the industrial 5G device’s 5G- and OT-related only be implemented on the device’s OT or 5G side without
functions. For the sake of simplicity, a set of management any other interfaces. There are many types of OT functions
functions is depicted in the top-level architecture as a single and applications, for example, but it would exceed the scope
generalized function. of this white paper to cover all of them. Here it’s enough to
highlight the different kinds of communication requirements
Applications that can apply in a 5G context and provide a few examples
These comprise all higher-layer functions residing inside the of different types of industrial 5G devices.
industrial 5G device that aren’t covered by any of the other
top-level functions. Besides measurement and automation As already discussed, one important architectural aspect is
functions, these applications also include functions for the whether a device integrates the application that serves its OT
sensors and actuators that are integrated in the device and/ functions and whether or not it is able to connect to a local
or interface functions for peripheral sensors and actuators. network. Also important is the extent to which applications
HMI with xR devices may also include communication media require support for QoS and time synchronization.
for interacting with humans (such as video screens, cameras,
loudspeakers, and microphones). Considering these aspects and the industrial devices
introduced in chapter 3, four different logical architectures
The blue lines in the middle of the diagram connect the 5G enter into consideration. These are introduced here and
termination with either or both of the OT functions supporting described in greater detail in the following sections:
the application within the device or local network termination,
and convey both payload data and associated control signals. • The first kind of logical architecture (section 4.2.1)
The dashed red arrows leading from the common and shared involves a type of device that directly hosts all required
functions to all other functions represent control signaling OT applications. It isn’t connected to any local networks
paths. on the device side and therefore doesn’t need to include
a local network termination function.
While defining the device’s logical architecture, the main • The second kind (section 4.2.2) is enhanced by local
focus is on understanding its internal composition and network termination capabilities. It involves devices
interconnections. However, external interfaces can also be that can serve as either an IP host or router or an
important for an industrial 5G device’s overall functionality. Ethernet end station, bridge, or application-layer
As a minimum, every type of industrial 5G device must have gateway. They are appropriate for applications or
a 5G radio interface, and may also optionally have a local networking scenarios that only require conventional
configuration interface as shown at the top of the figure. If IP and Ethernet quality of service (DiffServ, Ethernet

26
 White Paper 5G-ACIA Report – Industrial 5G Devices – Architecture and Capabilities

traffic classes) and don’t rely on support from either Including a detailed list of PTP- or TSN-related features and
IEEE TSN traffic scheduling or shaping functions or profiles would exceed the scope of this white paper, which
accurate PTP time synchronization over a 5G radio link. takes an architectural perspective.
In practice, this means that the device doesn’t need
to include any device-side time-sensitive networking Another consideration for detailed work is that, while the logical
translator (DS-TT) functionality as defined in 3GPP functions are independent of the actual implementation, it
releases 16 and 17. is helpful to acknowledge the implementation technologies
• The third kind (section 4.2.3) refers to a device that that are clearly going to be used in any case, like Ethernet-
additionally supports accurate (g)PTP-based time based technologies on the device-side local network. Ethernet
synchronization (according to IEEE 1588 and/or IEEE PHY is therefore included in the logical architecture schemes
802.1AS) over 5G radio. For this purpose, the device shown below for that interface. Please note that while some
needs to implement a subset of DS-TT functionality local peripheral interfaces will also use Ethernet-based
that is relevant to (g)PTP as defined in 3GPP release technologies, it can’t be assumed that this will generally be
17. It doesn’t necessarily need to include full IEEE TSN- the case, so no technology label is applied to that interface.
capable DS-TT as defined in 3GPP release 16. If the device
has (g)PTP specific DS-TT capabilities, it may operate
either as part of the 5GS bridge or as a standalone
Ethernet bridge or IP router, depending on the 5G 4.2.1 Logical Architecture for
network capabilities and overall network setup. This Supporting Applications Inside
device architecture and these capabilities are suitable a 5G Industrial Device
for deployment scenarios in which conventional IP or
Ethernet QoS with accurate PTP time synchronization In the logical architecture shown in figure 27, OT applications –
is adequate and neither IEEE TSN traffic shaping nor like those serving sensors or actuators – are either embedded
scheduling is used. in the device itself or, as shown in the figure, connected as
• The fourth (section 4.2.4) occurs in devices that also local peripherals. This is an architecture that doesn’t connect
need to be able to operate as part of a 5GS bridge to a local network on the device side and therefore doesn’t
that supports the IEEE TSN-compliant centralized need a local network termination function.
configuration model with IEEE TSN functionality that
was introduced in 3GPP Release 16 and augmented The device can have an application layer gateway function
in Release 17. This requires the device to include DS- between its Ethernet or IP connectivity on the 5G network
TT that specifically supports the IEEE 802.1AS PTP side and use any protocol or technology to link to local
profile used in IEEE TSN and the LLDP protocol used for peripherals. See figure 8 c) and d) for examples.
Ethernet topology discovery.

Figure 27: Logical architecture for supporting applications inside a 5G industrial device

27
White Paper 5G-ACIA Report – Industrial 5G Devices – Architecture and Capabilities

The top-level “5G network termination” function discussed 4.2.4) describe different versions of these capabilities for the
above mainly maps to the UE shown in figure 27, which local network termination function used to connect a device
consists of a mobile equipment (ME), a mobile termination to a local network. They can also be used for applications
(MT), and a universal subscriber identity module (USIM). The inside a device.
last of these also hosts 3GPP-based AKA authentication
functions. The USIM is a logical function hosted on the It is assumed here that all of the logical elements shown for
universal integrated circuit card (UICC). For visualizing the the logical architectures described in section 4.2 need to be
internal interfaces of an industrial 5G device, it’s enough to managed, either separately or together with other functions.
keep in mind that all of the connections to the UE terminate The logical architecture includes a device management
at the ME. function that can be contacted via a local or remote
management interface and is able to execute management
Extensible authentication protocol (EAP) authentication, actions for all of the device’s functions. This calls for
which is hosted by the extensible authentication protocol logical links to all of the depicted functions. For remote
identity function (EIF), can be used for connecting to management, the device management function can present
nonpublic networks. It’s connected to the ME for control itself as an Ethernet or IP-based application inside the device
signaling (indicated by a gray line). EIF is needed to apply for sending and receiving remote management commands,
authentication methods other than EAP authentication which are treated as payload traffic in the local or 5G network.
and key agreement (EAP-AKA) when no suitable USIM is For simplicity’s sake, these connections have been omitted
available. This function isn’t covered by the 3GPP standards. from the figure.
EIF is functionally similar to USIM in the sense that it can
also be used to store subscription information and security
credentials and also terminates the EAP protocol. The
possibility has already been discussed that it can also be 4.2.2 Logical Architecture for
necessary to connect the EIF to the application hosting the Supporting Applications
OT-related functions in the device. This control signaling or Networking Using IP or
functionality is therefore included in the figure as an option. Ethernet with Traditional
Since EIF is used with OT networks, it’s important to enable Non-Time-Aware QoS
flexible OT-defined deployment and provisioning options for
it. Depending on the network’s requirements, either USIM or Figure 28 shows the logical architecture for cases that require
EIF can be used as the primary authentication instance. The support for QoS but not for TSC/TSN. 5G connectivity is used
industrial 5G device can support both. to support Ethernet or IP traffic. Both are shown here: traffic
to and from the application integrated in the device, and
This logical architecture has a “5G clock” interface between traffic routed to the device’s Ethernet port, shown by the blue
the 5G communication module (ME) and the applications. line in the middle. This line only represents traffic that the 5G
The ME can be synchronized with 5G time (typically traceable system recognizes as user payload traffic; there is no direct
to UTC), and the interface lets 5G time be distributed to interface for control signaling between these elements.
local applications as well. This is a basic time management
capability that lets applications use 5G time for timestamping
events (such as a measurement made by a peripheral) and
also comes into play when a global time domain is needed
for subsequent processing of measurements (for example, to
determine the order in which events have taken place).

Depending on the needs of applications and the network or

other end stations to which a device is connected, it may be
necessary to provide IP and Ethernet protocol functionality
with more advanced time management capabilities and
support for QoS. The following sections (4.2.2, 4.2.3, and

28
 White Paper 5G-ACIA Report – Industrial 5G Devices – Architecture and Capabilities

Figure 28: Logical architecture for applications using IP or Ethernet with QoS support

This logical architecture contains the same functions as the 4.2.3 Logical Architecture for
logical architecture that supports applications inside the 5G Supporting Applications Using
industrial device (see section 4.2.1) while adding functions IP and Ethernet with QoS and
related to local network termination. This enables the device Precision Time Protocol over
to execute an Ethernet bridge function as shown in figure 8 a 5G Radio Link
a), an IP router as shown in figure 8 b), or an application-layer
gateway (implemented as an application within the device) Time synchronization is important for many industrial
between IP- and/or Ethernet-based application protocols. applications. 3GPP has defined a set of functions for
The Ethernet network bridge and IP router can support supporting IEEE TSN; it is applicable to applications that have
QoS via mechanisms such as DiffServ or Ethernet priority been specifically designed for TSN. 3GPP has specified that
code points (PCP) while mapping them to 5G QoS on the 5G these functions must reside in a device-side time-sensitive
network side. networking translator (DS-TT). However, many network
deployments and use cases don’t require the full set of TSN
The 5G network termination (UE), application, EAP identity traffic scheduling or shaping-related features; support for
function (EIF), 5G clock interface, and device management accurate PTP time synchronization is sufficient in conjunction
are identical to those already described in section 4.2.1. with conventional IP and Ethernet QoS mechanisms. For
these purposes, 3GPP Release 17 will include the possibility
In the context of this logical architecture, 5G time could of having a DS-TT with only PTP-specific capabilities.
also be distributed to the local network connected to the 5G
industrial device by NTP, PTP, or some other method. However, To sum up, the DS-TT is needed to deduce exactly how much
this kind of logical architecture isn’t suited for accurately time a PTP (sync) message has spent inside the 5G system
distributing external time domains via PTP over 5G radio, (called the residence time), in other words between the DS-
which introduces jitter. Synchronization to and distribution TT and the network-side TSN translator (NW-TT), which
of an external working clock signal via PTP requires the acts similarly to the DS-TT in the 5G core network user plane
capabilities provided by the 3GPP device-side time-sensitive function (UPF). 3GPP Release 16 requires the PTP grand
networking translator (DS-TT) function, which is the central master clock to be on the UPF/NW-TT side of the 5GS, with
element of the corresponding logical architecture described PTP sync messages only being delivered to devices/DS-TTs
in section 4.2.3. in the downlink direction. Release 17 also allows PTP GM on
the device/DS-TT side with delivery of sync messages in the
downlink direction and, via the UPF, to other devices/DS-TTs.

29
White Paper 5G-ACIA Report – Industrial 5G Devices – Architecture and Capabilities

It is possible to determine the residence time between NW- (industrial) Ethernet network when (g)PTP support is
TT and any DS-TT or between two DS-TTs because NW-TT required. Support for gPTP profiles is specified in 3GPP
and all DS-TTs are synchronized with 5G time. The time- Release 16, while the other type of PTP support is specified
sensitive networking translator on the egress side, which is in Release 17.
either a DS-TT or a NW-TT depending on the direction, inserts
the residence time value into the PTP packet headers as a 2) The device is connected to the 5G network using an
correction term. The NW-TT and DS-TT operations for PTP Ethernet or IP PDU session and, along with UPF/NW-TT
are necessary when time synchronization accuracy on the and possibly other devices, modeled as a PTP instance
order of microseconds is required, owing to the variable delay that can work as a IEEE Std 802.1AS time-aware system
introduced by 5G radio. (for Ethernet only) or as an IEEE Std 1588 boundary clock
or transparent clock. Operation of PTP instances can be
Generally speaking, a device with DS-TT that supports (g)PTP managed by any application function using the 3GPP NEF
but not TSN traffic scheduling capabilities can be used in two time synchronization API. This deployment scenario with
types of network deployment scenarios: 5G-managed PTP operation is specified in 3GPP Release 17.

1) The device is connected to the 5G network using an The DS-TT is managed via management containers carried in
Ethernet PDU session and acts as a port in a 5GS bridge the 5G control plane, so the DS-TT also needs the ability to
formed by 5G UPF/NW-TT and other devices. The bridge send and receive them. This is shown in the figure as a special
can operate as an IEEE 802.1AS (gPTP profile) time- “management containers” interface.
aware system or as an IEEE 1588 (PTP) boundary clock or
transparent clock. The port, including its (g)PTP operation, This logical architecture version is shown in figure 29 below.
is managed by a special 3GPP-specified TSN application
function. The 5GS bridge as a whole, modeled as a PTP
instance, may operate and be managed as part of an

Figure 29: Logical architecture for supporting applications via IP and Ethernet with QoS and PTP time synchronization

30
 White Paper 5G-ACIA Report – Industrial 5G Devices – Architecture and Capabilities

The 5G network termination (UE), the application, the EAP 4.2.4 Logical Architecture for
identity function (EIF), and device management are the same Supporting Applications Using
as those described for the first logical architecture version in Ethernet with IEEE TSN
section 4.2.1. This version also has other capabilities, since it
incorporates functions related to time-sensitive networking. Figure 30 shows a logical architecture version containing the
functions described above as well as all of the other functions
A time management function has been introduced for that support TSN, in particular the time-aware shaper (IEEE
interlinking multiple clocks running in the device, in case a 802.1Qbv). This lets an industrial 5G device act as a port for
simple point-to-point interface isn’t sufficient. The time TSN-capable 5GS bridges as defined in 3GPP Releases 16 and
management function is also a basic feature of functions 17. A 5G industrial device acting as a standalone Ethernet
that are needed to manage different time domains within a bridge is unable to support TSN traffic shaping or scheduling
device, and a connection to the application is therefore also features over 5G radio on its own due to the delay variability
included here as an option. of the radio; it has to join the distributed 5GS bridge for this
purpose.
The DS-TT can also optionally include support for the IEEE
link layer discovery protocol (LLDP). LLDP (IEEE 802.1AB) is Where PTP is concerned, TSN requires support for the IEEE
used for topology discovery for Ethernet. It is mandatory 802.1AS profile of PTP, for which the DS-TT functionality is
for TSN-capable bridges, but can also be used in non-TSN- described in detail in 3GPP Release 16. This logical architecture
specific Ethernet deployments. may be considered to be the most advanced version.

Figure 30: Logical architecture for applications using Ethernet with IEEE TSN

From the 5G network termination perspective, this version interfaces to the centralized network controller (CNC) for
differs mainly in its ability to control user plane payload time-sensitive networking, which is ultimately what provides
traffic while interfacing the local network with time-sensitive the DS-TT scheduling and shaping configurations.
network (TSN) scheduling. For this purpose, it integrates
a DS-TT function defined by 3GPP that includes egress The 5GS bridge and TSN both require the 5G core network
scheduling and ingress policing. The DS-TT scheduling and to support TSN/TSC capabilities as defined in 3GPP Release
policing parameters are configured by the time-sensitive 16 and enhanced in Release 17. The network also needs to
networking function via the same management containers deploy the time-sensitive networking function for bridge
that are used for PTP management. This function exposes management.
management of the entire 5GS bridge via standardized IEEE

31
White Paper 5G-ACIA Report – Industrial 5G Devices – Architecture and Capabilities

4.3 Device Authentication in order to attach to the PLMN network that is providing the
resources for the PNI-NPN.

Since an ordinary (IMSI-based) operator USIM is involved,

4.3.1 Introduction its deployment is bound to UICCs (or eUICCs), and mobile
operator procedures are applied to distribute and manage it.
Mutual authentication between a 5G network and 5G device
is based on the conventional USIM model known from In the case of PLMNs (including PNI-NPNs), it’s mandatory
previous cellular generations. Summing up, the USIM holds to deploy a USIM (universal subscriber identity module) on a
the device’s permanent 5G-specific identity (referred to as dedicated secure element called a UICC (universal integrated
the SUPI in the context of 5G), a long-term secret key shared circuit card). In the context of remote provisioning, there is no
by the USIM and network, and a cryptographic algorithm that such thing as a USIM permanently coupled with a UICC. For
permits mutual proof of possession of this long-term key. previous cellular generations, GSMA had already introduced
The USIM also stores the subscriber profile, which includes the possibility of dynamically deploying USIM profiles (a text
but is not limited to network-specific cellular parameters that description of the entire content of a USIM) as embedded
define how the device behaves toward a given network (a list universal integrated circuit cards or eUICCs. The main
of preferred networks is one example). difference between an eUICC and a UICC (which also exists
in soldered form) is the possibility of storing USIM profiles
Authentication is executed between USIM and the network in the eUICC.
during initial network registration (in other words, when a
cellular device attempts to connect to the network). This is The geometry of a USIM deployment is clearly relevant
referred to as primary authentication. to the physical layout of an industrial device, and it has
an even greater impact on how industry verticals use key
3GPP defines two types of industrial networks that take management and distribution procedures.
different approaches to device authentication and the
Universal Subscriber Identity Model (USIM); they are Physically distributing and inserting removable cards
described in the following two sections. In the first approach, could work well in a limited number of entry scenarios,
private networks piggyback onto the infrastructure of a public but isn’t an economically viable option for complex, large-
mobile network (the PNI-NPN scenario), while in the second scale deployments. Capabilities for electronically deploying
private networks don’t rely on the functions of a public land (“provisioning”) USIM profiles in a device are essential,
mobile network or PLMN (the SNPN scenario). however.

Besides primary authentication, 5G includes the concepts of One option for SNPNs is to adopt eUICCs and the GSMA’s
slice-specific authentication and authorization, which take remote SIM provisioning framework. However, although
place completely independently of a USIM. They are covered administrative issues related to certification requirements
in section 4.3.4 below. could definitely be resolved, it is unclear whether this
approach could provide optimal synergies between existing
key and identity management approaches at OT companies
and management of 5G-specific identities and credentials.
4.3.2 Primary Authentication for
PNI-NPNs The next section therefore goes into detail on how primary
authentication can be executed with SNPNs without having
In network deployments that take the public network to rely on USIMs and UICCs.
interface nonpublic network (PNI-NPN) approach, one or
more slices or cells (constituting “closed access groups”) of
the public network are dedicated to a specific OT network. The
device must use a USIM issued by the public mobile operator

32
 White Paper 5G-ACIA Report – Industrial 5G Devices – Architecture and Capabilities

4.3.3 Primary Authentication of SNPNs This command can’t currently be used for EAP-TLS. 3GPP
would have to define new commands and storage capabilities
Since a SNPN doesn’t rely on network functions provided for a private key and certify the USIM in order for it to be
by a PLMN, the corresponding 3GPP specification [TS used in combination with an USIM. It should also be noted
33.501] allows for the use of new primary authentication that SUPIs of the new NSI type can so far only be used in
methods (apart from USIM-based ones). The choice of (EAP) combination with AKA protocols, although 3GPP has specified
authentication methods is left to the private network owner, a dedicated non-IMSI variant of the USIM in Release 16.
for example the OT operator. How identities and credentials
for these new methods are stored and processed in a device is Migrating the EAP client of mobile equipment to a new
beyond the scope of the 3GPP specifications. This paves the authentication client while adding generic EAP support
way for industrial devices without UICCs or eUICCs. may provide benefits by making it possible to introduce
new EAP variants without modifying the equipment. In the
Both aspects are discussed in greater detail below. context of this white paper, the term EAP identity function
(EIF) is proposed for designating such an EAP-enabled
New EAP Methods authentication client (replacing the USIM), despite the fact
Up to Release 15, the only available authentication method that no formal specifications exist for it.
was the AKA (authentication and key agreement) protocol,
which uses symmetric keys shared by the USIM and network. Primary Authentication Without UICC
Two variants of AKA exist within 5G: 5G AKA and EAP-AKA’. One property of the EIF is that (as opposed to USIMs),
5G AKA has evolved from the EPS-AKA protocol used for 3GPP doesn’t define any requirements (such as use of an
previous cellular generations, while EAP-AKA’ is an adaptation UICC) related to its deployment. The industrial 5G device’s
of the AKA protocol used with the extensible authentication manufacturer may therefore implement the EIF in accordance
protocol (EAP). with the requirements of a particular industrial use case, for
instance as an application running on a host CPU.
3GPP has added the EAP framework to enable new
authentication methods that could be especially helpful In the case of a Wi-Fi or 802.1X network, there are numerous
for industry verticals in private networking scenarios. One options for deploying the EAP client (used by a WPA
example, which is expected to be relevant to industrial supplicant) on the host. However, it should be kept in mind
deployments, is the EAP-TLS protocol; it uses private that the USIM or EIF doesn’t only handle authentication but
public key cryptography instead of shared symmetric keys. also stores the subscriber profile. Simply replacing the USIM
In addition to specifying in detail the implementation of with a WPA supplicant would therefore be insufficient in the
EAP-TLS for 5G authentication, Release 16 has introduced case of cellular networks. The full functionality of the EIF is
a new type of permanent identifier as an alternative to the needed, specifically for providing access to the subscriber
conventional IMSI-based SUPI consisting only of decimal profile and terminating EAP sessions while being deployed as
digits. A SUPI of this new network-specific identifier (NSI) part of the OT domain. However, an existing WPA supplicant
type has the form <username>@<realm>. could be part of the EIF implementation and provide the
required EAP client functionality.
While the EAP framework and new SUPI type were important
steps toward authentication schemes optimized for verticals, The fact that the EIF forms part of the OT domain also means
3GPP has left open how EAP should be implemented in that methods defined and executed within the OT domain
devices. are used to provision the EIF in the device.

In the current USIM architecture, the EAP protocol is It should be noted that deploying the EIF outside an UICC in
terminated by the mobile equipment, in other words outside the operational domain doesn’t necessarily lower the security
the USIM. During authentication, the USIM is invoked for a bar. The EIF could integrate the industrial device’s secure
cryptographic operation that uses a single command and is element (using, for instance, the Generic Trust Anchor API) to
the same for both EAP-AKA’ and 5G AKA. provide a high level of security.

33
White Paper 5G-ACIA Report – Industrial 5G Devices – Architecture and Capabilities

4.3.4 NSSAA and Secondary 4.3.5 Summary

Authentication
In the PNI-NPN model, if the OT takes advantage of user-
3GPP has also foreseen that 5G networks will be operated plane services and slices provided by PLMN, for example,
in environments with multiple stakeholders and that it’s mandatory to use the USIM application for primary
authentication and authorization decisions may not authentication on UICC or eUICC (including the iUICC form
necessarily be made by a single entity in the network. This factor). This can’t be avoided unless an agreement between
is the reason for introducing the concepts of network slice the PLMN and the OT allows for an alternative mechanism.
specific authentication and authorization (NSSAA) and
secondary authentication (also known as data network (DN) Regarding the SNPN scenario, which is based on a standalone
authentication or protocol data unit (PDU) authentication). 5G network deployed and managed by OT, authentication for
They are applicable to both SNPN and PNI-NPN deployment accessing the network may also use USIMs. Besides adopting
models. the existing SIM ecosystem, vertical industries could benefit
from replacing the USIM with an authentication client that
In the case of NSSAA, in order for a device to access a certain supports EAP-based authentication for non-AKA credentials.
logical partition of the 5G network (known as a slice) it may These could be deployed as part of the OT domain of an
need to perform authentication and authorization via an industrial device, in other words independently of a UICC or
additional authentication, authorization and accounting eUICC (including the iUICC form factor).
(AAA) server that could be outside of the 5G system and
operated by the OT company. NSSAA doesn’t replace primary Due to the USIM’s strong legacy and major role in cellular
authentication; it is optionally executed in addition to it. networks, an approach combining storage functionality for
subscriber profiles (traditionally provided by the USIM) with
Access to certain LAN or data center resources (which are EAP client functionality to create a new function called EIF
grouped into a DN) also requires secondary authentication can only be implemented if there is strong support and the
and authorization by the DN owner’s AAA server. However, remaining architectural and technical issues are resolved.
these don’t replace primary authentication either, being
optionally executed in addition to it instead. They use
the EAP framework. Arbitrary EAP methods can be used
between the device and a AAA server. 3GPP doesn’t define
any requirements for the EAP method or specify how
identities and credentials for these new authentication types
should be processed or handled on an industrial device. If
these additional authentication methods are required, an
authentication client needs to be deployed as part of the
industrial device’s OT domain.

Neither NSSAA nor secondary authentication is related to

authentication or security procedures on the level of the
industrial network protocol. Summing up, an industrial
device could support up to four levels of authentication using
different identities and credentials and key management
approaches operated by different entities.

34
 White Paper 5G-ACIA Report – Industrial 5G Devices – Architecture and Capabilities

5. Industrial 5G Device Physical Reference

Architecture
In this section, we discuss various aspects of the physical ATEX directives and the EN 60079 standards in Europe, are
architecture of industrial 5G devices. based on the IEC 60079 standards.

First we address several defining aspects of this architecture: Hazardous areas with explosive atmospheres are assigned
to three types of zones depending on how often explosive
• The need for explosion protection for devices in conditions occur and how long they last. IEC 60079 also
hazardous areas stipulates the kinds of explosion protection that devices used
• Options for implementing storage of credentials in each zone must have (see 5.1.3) in order to minimize the
• The ability to use either a chipset or a module risks.
• The existing radio module form factor standards
• Selection of a standalone application processor or one • Zone 0: An explosive atmosphere is present
that is integrated with the radio chipset continuously, for long periods, or frequently (for
• Selection of an interface between the application example, inside a tank of flammable liquid).
processor and radio module • Zone 1: An explosive atmosphere is likely to occur
occasionally during normal operation (for example,
Then we present reference architecture diagrams for the device around relief valves that release flammable gas during
types introduced in section 3.1. normal operation).
• Zone 2: An explosive atmosphere is unlikely to occur
during normal operation, and if it does occur will quickly
dissipate (for example, parts of a plant’s premises
5.1 Explosion Protection for Devices to which flammable gas may occasionally drift).
in Hazardous Areas
All of the device types presented in section 3.1 can be installed
or used in zone 1, zone 2, or non-hazardous areas depending
on the use cases, configuration, and the plant’s policy, while
5.1.1 Introduction typically only sensors and actuators can be used in zone 0
areas.
Flammable gases and vapors can occur in processing plants of
the petroleum and chemical industries, among others. An area
that has or may have such an explosive atmosphere is called
a hazardous area. Special precautions must be taken when 5.1.3 Types of Explosion Protection
installing and operating devices in areas of this type to prevent for Industrial Devices
them from causing fires or explosions.
This section introduces some of the explosion protection
types defined by the IEC 60079 series of standards and
describes the requirements that 5G communication modules
5.1.2 Classification of Zones would potentially have to meet for each level of explosion
protection.
The IEC 60079 [9] series of international standards establishes
various requirements for the development, installation, Protection by Flameproof Enclosure (Ex d)
operation, etc. of devices in hazardous areas. The requirements An enclosure is considered to be flameproof (Ex d) if it is able
of most regional regulations on electrical devices, including the to resist an internal explosion and prevent it from spreading
to a surrounding explosive atmosphere. The requirements are

35
White Paper 5G-ACIA Report – Industrial 5G Devices – Architecture and Capabilities

specified in IEC 60079-1. “Ex d” protection is usually provided Figure 32: An industrial 5G device architecture with
for electrical equipment in zone 1 and 2 areas to prevent it enhanced protection (Ex e)
from igniting an explosive atmosphere.

Figure 31: An example configuration of an industrial 5G

device architecture protected by a flameproof enclosure

No surfaces of any internal parts, including 5G communication

modules, should reach a temperature high enough to ignite
an explosive atmosphere. IEC 60079 defines three groups
of gases on the basis of their minimum ignition energies
(IIA, IIB, and IIC) and six temperature classes based on the
Internal electronic components, including 5G communication autoignition temperature of gases (T1 to T6), which must be
modules, could be vulnerable but a flameproof enclosure taken into account when designing equipment for increased
prevents the gas atmosphere surrounding them from safety protection.
igniting. If an internal explosion does occur, however, the
electrical equipment inside the enclosure may be damaged Protection by Intrinsic Safety (Ex i)
by it. Protection by intrinsic safety or Ex i limits the electrical
and thermal energy within equipment to a level below that
Protection by Increased Safety (Ex e) at which ignition could be caused by sparking or heating,
Increased safety or Ex e is an explosion protection concept also under fault conditions. An apparatus called an intrinsic
that provides increased security against the risk of excessive safety barrier limits the flow of energy supplied to the
temperatures and/or electrical arcs and sparks arising from electrical equipment. The electrical equipment also restricts
electrical equipment in hazardous areas. IEC 60079-7 details internal accumulation of energy. This protects areas with an
the requirements for achieving this, such as impregnating explosive atmosphere and qualifies the electrical equipment
coils, providing clearance between bare conductive parts, and as “intrinsically safe”. The requirements are specified by IEC
so on. They make it possible to install and use equipment 60079-11. Equipment that qualifies for the highest level of
containing electronic circuits (like industrial 5G devices) under protection defined by IEC 60079-11 (“Ex ia”) may operate in
zone 2 conditions. zone 0 conditions.

36
 White Paper 5G-ACIA Report – Industrial 5G Devices – Architecture and Capabilities

Figure 33: An industrial 5G device architecture with A 5G communication module designed for intrinsic safety
protection by intrinsic safety (Ex i) must run on a limited energy supply. The energy stored
in electronic circuits (like capacitors and inductors) of the
equipment must also be limited. These constraints prevent
the equipment from having enough energy to release an
ignition spark in case a fault condition as defined by IEC
60079-11 occurs.

5.2 Physical Implementation for To simplify the following description, here the concept of
Storing Credentials a “trust anchor” holding a device’s initial credentials is
introduced. It is also used to derive or securely download
Management of credentials is an important aspect of additional credentials.
industrial 5G network security. As shown in figure 34,
credentials can be stored in different ways. It’s also possible It is possible to have two trust anchors, one for cellular
to combine several methods in the same industrial 5G device. authentication and another for application layer
authentication. Alternatively, the same trust anchor can be
In this section, we describe the physical process of storing used for both cellular and application layer authentication.
credentials in industrial 5G devices. How secure elements
are connected inside an industrial 5G device is explained in Please refer to section 4.3 for a full description of the various
chapter 4 from a logical perspective and further below in this authentication methods supported by the 5G system.
section from a physical perspective.

Figure 34: Physical implementation options for storing credentials

37
White Paper 5G-ACIA Report – Industrial 5G Devices – Architecture and Capabilities

5.2.1 Removable Secure Element 5.2.3 Embedded Secure Element with

Key Management Interface
The trust anchor can be stored in a removable secure element.
The secure element holding the trust anchor is then inserted Finally, it’s possible to have an embedded secure element
into the industrial 5G device as shown in figure 34a. with a key management interface. This is shown in figure 34c.
In this case, there is no need to load any credentials before
A typical example of this is the UICC used to store the supplying the industrial 5G device to the final customer.
USIM application and possibly also other applications. The
credentials are programmed into the UICC before the UICC is Depending on the provisioning protocol, the key management
inserted into the device. interface ensures the integrity and/or confidentiality of data
arriving via the interface. This is commonly implemented as
a local wired or short-range interface with optical, acoustic,
near-field, or short-range wireless communication.
5.2.2 Embedded Secure Element
Without Key Management An example of this is a secure element used to store
Interface certificates for EAP authentication. The certificate is loaded
using the simple certificate enrollment protocol (SCEP).
It’s also possible to integrate a secure element into an Initially, a shared secret key is loaded via the key management
industrial 5G device. This is shown in figure 34b. In this case, interface. Then the certificate can be securely loaded via
the industrial 5G device lacks a key management interface. It a wireless or wired interface into the secure element, also
is therefore necessary to program the trust anchor into the using SCEP.
secure element before it is provided to the final customer.

A good example of this is the embedded or integrated

UICC that supports GSMA’s embedded SIM (eSIM) remote 5.2.4 Provisioning of Cellular
provisioning architecture. Credentials
Provisioning of cellular credentials is generally accomplished
in one of two different ways, as illustrated in figure 35.

Figure 35: Provisioning of cellular credentials

In figure 35a, USIM credentials are generated and then Alternatively, credentials can be provisioned based on
transferred to both an UICC and a 5GS. For public networks, the GSMA’s remote SIM provisioning framework. This is
UICCs are normally programmed at a central location and then shown in figure 35b. First an embedded identity document
physically transported to subscribers. For private networks, (EID) is stored on the eSIM. The EID allows secure remote
UICCs are normally programmed on site using a credentials downloading of USIM credentials from a 5GS. The secure
generator.

38
 White Paper 5G-ACIA Report – Industrial 5G Devices – Architecture and Capabilities

remote download is based on a public key infrastructure to that provide important processing resources (CPU, memory,
which all participating 5GS and credentials generators belong. I/Os) and can be used to implement core industrial device
functionality beyond wireless cellular communications. For
Both provisioning methods can be used for all three all of these reasons, the expectation is that the market will
implementation options shown in figure 34 generally opt for the 5G module approach.

Finally, it’s possible to use EAP-based cellular authentication.

One example is EAP-TLS, which was introduced in 3GPP
Release 15. EAP provides many different provisioning options, 5.4 Radio Module Form Factor
but credentials are usually provisioned via a key management Standards
interface on the device and/or using an automated credential
management protocol. With regard to 5G module form factors and physical
connections, two main categories of modules are available in
the market: modules for soldering onto a printed circuit board
(PCB) (like Land Grid Array (LGA) form factors) and pluggable
5.3 Chipset Versus Module modules (generally with an M.2 interface). The solderable
modules typically include extra pins, making it possible to
Manufacturers have two main choices for implementing access more functionality of the 5G modem or use additional
a 5G industrial device: a standard 5G modem chipset or a I/Os instead of a pluggable form factor with dedicated pins.
communication module containing one. On the other hand, no widely accepted specific form factor
standard exists. This means that there is no guarantee that
Choosing a 5G modem chipset makes it possible to develop different 5G modules will be interchangeable. Pluggable form
a design that’s optimized for a particular product. Fewer factors, with M.2 being a prominent format, have fewer pins
materials are also required, and there’s no need to wait but extensively standardized electrical properties. This lets 5G
for modules to become available in the market before industrial device manufacturers upgrade their 5G industrial
initiating product development. The downside is that it takes devices more easily later on without having to completely
considerable expertise and experience to design and build redesign them. Both form factor categories are technically
a well-shielded and smoothly operating terminal (called UE feasible. At the end of the day, it’s up to 5G industrial
in 3GPP terms). One critical aspect is radio frequency (RF) device manufacturers to decide which option meets their
design, and another is meeting certification requirements. If requirements better.
the chipset is poorly designed, the 5G modem’s performance,
interoperability, and electromagnetic compatibility (EMC) will
be compromised. This can result in unreliable connections,
lower data throughput, increased latencies, and EMC 5.5 Standalone Versus Integrated
certification challenges. Owing to these challenges, a chipset Application Processor
mainly makes sense for high-volume products.
Other architectural choices that 5G industrial device
5G communication modules are a recommended way of manufacturers must make include whether or not to integrate
mastering these challenges. The module vendor takes an application processor in the 5G module and if so, which
care of RF calibration during production. The industrial 5G other capabilities such as additional I/Os should be included.
device manufacturer doesn’t need to focus as much on RF If the 5G module includes an adequately performing internal
design, since this is already largely covered by the module processor for executing customer-specific applications, its
manufacturer. The interfaces provided by the module can functionality can be expanded. Tasks normally assumed by
simply be taken advantage of. What’s more, it’s possible to dedicated external hardware, such as control applications
buy precertified 5G modules, thus greatly speeding up the (PLC, DCS, or motion or robot controllers), artificial intelligence
certification process. In addition to these benefits, when algorithms, or visualization, can also be carried out by the
integrating readily available 5G modules into a 5G industrial internal application processor.
device it’s possible to take advantage of ready-made modules

39
White Paper 5G-ACIA Report – Industrial 5G Devices – Architecture and Capabilities

This won’t necessarily impact its communication USB provides greater speed than UART-based serial
performance. Both architectural approaches – with or interfaces. USB 3.1 can support up to 10 Gbit/s. The mobile
without a processor – involve tradeoffs. For example: broadband interface model (MBIM) interface was published
by the USB Implementers Forums to enable broadband data
• Using a module with an integrated application processor connectivity via USB for cellular devices.
may result in a smaller, more compact BOM and
• designing the PCB is simpler, but PCIe is an alternative to USB that makes it possible to scale
• the 5G industrial device manufacturer will have fewer up the speed even further. It also gives vendors greater
hardware resources available and more limited choices for flexibility for implementing higher-layer protocols.
integrating the OT application software in the 5G module.
The interfaces just described are primarily intended for
Which approach is better depends on the specific use case. configuration and data transfer. They are less suited for time
synchronization between the application processor and radio
Due to the mentioned advantages of using a 5G module.
communication module, going forward it is expected to
be the most common model. The architectural choices for
industrial 5G devices shown in section 5.7 therefore assume
that this approach is taken. For simplicity’s sake, several of 5.6.2 Time Synchronization Interface
the components that a real industrial device would have are
left out here (such as mechanical plugs, a power source, a A dedicated hardware interface is commonly used for time
housing and so on). Although the architectures shown in the synchronization with GNSS receivers and other applications.
following examples lack an integrated application processor, Called 1pps or PPS, it generates a pulse that accurately
it could be feasibly be included in all of them. repeats at regular time intervals. The timing information for
each pulse arrives via a data interface. Consequently, there
are actually two interfaces in play: a low-level interface that
generates a pulse every second with microsecond accuracy
5.6 Interface Between Application without indicating which second it is and a high-level
Processor and Radio Module interface that indicates the second of the day.

If a standalone application processor is chosen, there must A 5G system supports both global time domain and working
be an interface to the radio module. This interface needs to clock domain synchronization. The use of a pulsed time
support both data transfer and time synchronization. reference signal together with higher-layer messaging via a
digital interface is an effective way to synchronize an industrial
5G device with a TSN grand master or 5G system clock.

5.6.1 Data Interface A similar interface can be used for time synchronization
between a physical layer network interface and a radio
The data interface can be implemented as multiple physical module or application processor. Here the purpose is accurate
interfaces. Common options include: synchronization of transmitted and received data frames.

• UART serial interface

• Universal serial bus (USB)
• Peripheral component interconnect express (PCIe) 5.7 Generic Block Diagrams for
Industrial 5G Devices and
UART-based serial interfaces used to be extensively used in Interface Options
modems. Due to their limited throughput, however, today
they are mainly found in applications where this isn’t an It is useful to categorize the available architectures for
issue. industrial devices based on their use cases. This approach

40
 White Paper 5G-ACIA Report – Industrial 5G Devices – Architecture and Capabilities

lets them be grouped according to their characteristics (such A 5G communication module typically has the following
as power, interfaces, processing capabilities, and so on) for interfaces:
defining the properties of 5G communication modules. The
scheme presented in section 3.1 is the basis for doing this. • Configuration interface (e.g. USB, UART)
• Host interface (e.g. USB, UART)
• Power supply
• Integrated antenna or antenna connector
5.7.1 Industrial 5G Devices with • Time synchronization interface
Low-Power and Low-Latency • With an internal application processor, optionally
Sensors/Actuators and 2D/3D digital interface(s) (SPI, I2C, UART etc.) for connecting
Sensors I/O-protocol-specific transceiver(s) (such as IO-Link)
or direct connection to analog or digital I/Os (such as
An industrial device of any of these types normally comprises GPIO, ADC, PWM) for directly connecting analog or
a 5G communication module, interfaces for on-board or digital sensors/actuators.
off-board connection of physical sensors/actuators or I/O • Optional support for an (e/i)UICC/EAP identity function
transceivers, and optionally an application processor.

Figure 36: Example 5G device architecture with sensor/actuator low-power industrial temperature sensor,
5G communication module, and external application processor

An architecture with integrated application processor and 5G 5.7.2 HMI and xR Devices
communication module can accommodate devices with fewer
and more compact components while minimizing power HMI and xR industrial devices typically contain – among other
consumption. Conversely, an external processor solution components – a 5G communication module and an internal
permits partial reuse of existing software and layouts, thus application processor plus optional sensor/actuator hardware
potentially accelerating integration. and integrated audio/visual components and/or interfaces to
external A/V components. The processor (possibly including
accelerators for xR processing) needs to be adequate for
supporting visualization and xR applications.

41
White Paper 5G-ACIA Report – Industrial 5G Devices – Architecture and Capabilities

Figure 37: HMI/xR industrial 5G device architecture incorporating a 5G communication module with external application
processor

The 5G communication module in industrial devices of the 5.7.3 Gateways and PLCs/Controllers
HMI and xR category typically has the following interfaces:
5G industrial devices of these types typically comprise of –
• Configuration interface (e.g. USB, UART) among other components – a 5G communication module plus
• Host interface (e.g. USB, UART) I/O hardware for attaching the local fieldbus.
• Power supply
• Integrated antenna or antenna connector The 5G communication module has the following interfaces:
• Time synchronization interface
• Optionally, in case of module-internal applications • Configuration interface (USB, UART)
processor: digital interface(s) (SPI, I2C, UART etc.) for • Host interface (USB, UART)
connecting an I/O-protocol-specific transceiver (such as • Power supply
IO-Link) or directly linking to analog or digital I/Os (such • Integrated antenna or an antenna connector
as GPIO, ADC, PWM) for directly connecting analog or • Time synchronization interface
digital sensors/actuators. • Optionally, in the case of an internal application
• Optional support for an (e/i)UICC/EAP identity function processor: a digital interface (such as PCIe, SPI, I2C,
UART, etc.) for connecting to a local fieldbus (such
as controllers or transceivers for Profibus, ModBus
RTU, CAN bus, etc) and optionally GPIO for directly
connecting digital sensors
• Optional support for an (e/i)UICC/EAP identity function

42
 White Paper 5G-ACIA Report – Industrial 5G Devices – Architecture and Capabilities

The application processor delivers enough performance application processor and the other with an external
to act as a proxy between the connected or preexisting application processor.
fieldbuses and a higher-level control system (such as a PLC)
that is reachable via the 5G system. In some categories, two Figure 38 shows an example physical architecture for these
architectural choices are possible: one with an integrated device types.

The 5G communication module must support the following

5.7.4 TSN Port Industrial 5G Devices interfaces:

The main role of devices that fall into the industrial 5G device • Configuration/host interface (e.g. USB, UART)
category of TSN ports is to act as gateways between one or • Power supply
more local industrial Ethernet segment(s) and superordinate • Ethernet port(s) (MAC, PHY, or logical via a PCIe attachment)
control system(s). They therefore typically comprise – among • Integrated antenna or antenna connector
other components – a 5G communication module plus I/O • UICC (e/i) /EAP identity function support
hardware for connecting the local Ethernet segment.

Figure 38: Gateway and PLC/controller industrial 5G device architecture involving a 5G communication module with
external applications processor

43
White Paper 5G-ACIA Report – Industrial 5G Devices – Architecture and Capabilities

Figure 39: A TSN port industrial 5G device architecture with 5G communication module

44
 White Paper 5G-ACIA Report – Industrial 5G Devices – Architecture and Capabilities

6. Conclusions
In this white paper, we have discussed the architectural choic- The GSMA has standardized remote SIM provisioning (RSP).
es for industrial 5G devices. They depend on several criteria, From a technical perspective, the remote SIM provisioning
including: standards may meet the need for provisioning operator cre-
dentials in a private network setting. However, the ecosys-
• The type of industrial 5G device tem for the remote SIM provisioning standards has been op-
• Authentication based on USIM or EAP and how the timized for public operators.
credentials are stored in the industrial 5G device.
• The latency, throughput, and time synchronization The GSMA remote SIM provisioning (RSP) specifications let
needed for the industrial 5G device public operators remotely provision subscription profiles. It
• The environmental characteristics of the industrial 5G would be beneficial to adopt the remote SIM provisioning
device. This includes protection from water, dust, vibra- ecosystem to also meet the needs of private networks.
tion, and extreme temperatures as well as classifica-
tion for operation in hazardous areas.
• Power characteristics and whether the industrial 5G
device will be battery-powered or plugged into the grid

We have introduced a functional entity called an EAP identity

function (EIF). The EIF holds the credentials needed for EAP
authentication plus other relevant information that is other-
wise stored in the USIM.

45
White Paper 5G-ACIA Report – Industrial 5G Devices – Architecture and Capabilities

7. Definitions of Acronyms and Key Terms

3GPP corresponding public key certificate issued within a public
The 3rd Generation Partnership Project (3GPP) is an key infrastructure operated by the GSMA. During remote
umbrella term for a consortium embracing a number of provisioning of SIM profiles to an eUICC, the EID is used to
standards organizations worldwide that are collaborating ensure that the profile is correctly deployed.
to develop globally accepted specifications for mobile
telecommunications. As its name implies, it was originally EIF
created to establish specifications for the third generation EAP identity function. A new functional element of the
(3G) of mobile communication systems. It has continued 5G security architecture, introduced in this white paper,
working on subsequent generations, including the Fifth that has not yet been standardized. The EIF is similar to a
Generation (5G), which is considered in this white paper. USIM, with the main differences being that it consists of
EAP client functionality and there are no requirements for
5G-ACIA its deployment. In other words, the EIF can be deployed
The 5G Alliance for Connected Industries and Automation is independently of a UICC and optimized to meet the needs of
the globally leading organization for shaping and promoting an industry vertical.
industrial 5G.
eSIM
5G network termination Embedded-SIM. This conceptual term was introduced by
Any 3GPP-defined device-side function involved in connecting the GSMA to describe the ability to provision a device with a
to the 5G network and operating as part of the 5G system. USIM in electronic form by deploying a SIM profile (which can
be received from a provisioning server) in a secure element
5G radio interface called an eUICC. An eUICC can hold and execute multiple
A radio interface specified by 3GPP Release 15 or later, SIM profiles and switch between them. It is therefore the
including 5GNR and E-UTRAN. functional equivalent of several UICC cards, each of which has
a USIM. The term eSIM is also often used to refer to an eUICC
AAA or, informally, to describe a UICC card with a soldered form
Authentication, authorization, and accounting. factor, independently of its eUICC capabilities.[5]

DS-TT eUICC
Device-side TSN translator. Embedded UICC. There are two competing definitions of this
term:
EAP
The extensible authentication protocol, defined in RFC 3748. (1) ETSI 103.465 defines it as an UICC that isn’t readily
accessible or replaceable, isn’t intended to be removed or
EAP-AKA replaced in the terminal, and enables secure changing of
Extensible authentication protocol – authentication and key subscriptions. Here the focus is on its permanent physical
agreement, defined in RFC 4187. integration in a device.

EAP-AKA’ (2) In the context of eSIM, a secure element’s main

Extensible authentication protocol – authentication and key characteristics are that it can be uniquely identified by an EID
agreement, defined in RFC 5448. and provisioned with multiple SIM profiles (using remote SIM
provisioning (RSP) capabilities defined by GSMA). An eUICC
EID is thus the functional equivalent of multiple UICCs, each of
eUICC identifier. It uniquely identifies an eUICC and which has a USIM. These characteristics are independent of
is cryptographically protected by a private key and a

46
 White Paper 5G-ACIA Report – Industrial 5G Devices – Architecture and Capabilities

the form factor. It can even be deployed on a removable card Latency

(or on a soldered card or integrated into a system on a chip). The time it takes a message to travel from a sender to a
receiver.
A UICC with a soldered form factor is sometimes also referred
to as an eUICC, independently of whether it can change or LGA
provision subscriptions. Land grid array: a type of surface-mount packaging for
integrated circuits.
gPTP
Generalized precision time protocol. Defined in the IEEE Local network termination
802.1AD series standards, it is related to PTP. One major One or more functions for connecting a device to a local
difference is that gPTP only supports Ethernet transfer, while network.
PTP also supports higher-layer protocols.
Logical architecture
(g)PTP A structural design that includes as many details as possible
Here this refers to either PTP, gPTP, or both. without limiting the architecture to a particular technology
or environment.
GSMA
The GSM Association represents the interests of mobile Non-real-time
network operators worldwide. A non-real-time system has functional requirements but no
requirements to perform tasks within a specific period of
Industrial 5G device time.
An industrial device with a 3GPP-standardized 5G radio
interface. NW-TT
Network-side TSN translator.
Industrial 5G device type
A type of industrial 5G device from an operational technology OT
perspective. Operational technology: the technology needed to operate
an industrial network. Common OT devices include sensors,
iUICC actuators, and controllers.
Integrated UICC. This term refers to a secure element that
isn’t deployed as a discretionary element but instead Physical architecture
integrated into another element such as a CPU or a system A structural design that provides enough detail to implement
on a chip. There is no consistent definition of the functional an architecture with a particular technology.
capabilities of an iUICC.
PLC
One possible interpretation of an iUICC is as a generic secure Programmable logical controller: an industrial controller used
element able to host several secure applications, one of which to control industrial machines or processes.
could be a eUICC application. In this context, however, the
more informal term iSSP (integrated smart secure platform) PTP
as standardized by ETSI SCP is replacing it. The precision time protocol defined by the IEEE 1588 series
standards.
Sometimes the term iUICC is informally used to refer to
a eUICC with an integrated form factor and other times to Real-time
refer to an UICC with an integrated form factor. To prevent A real-time system is characterized by the need to meet
misunderstandings, it should therefore only be used in a deadlines. In a hard real-time system, the data provided
known and well-defined context. have no value if the deadline is exceeded. In a soft real-time
system, data still have some value even if the deadline is
exceeded.

47
White Paper 5G-ACIA Report – Industrial 5G Devices – Architecture and Capabilities

Routing This is called a time-aware scheduler. The original

When routing is used in the context of the Internet Protocol, Ethernet standards didn’t consider absolute time
it is the process of sending packets from a host on one for scheduling frames in queues, only relative time.
network to a host on another network. When routing is used
in the context of industrial protocols, it refers to the routing Time-sensitive
a higher-layer protocol across multiple industrial networks, As used in the IEEE Ethernet standards, this attribute
possibly via different physical layers. describes a network that supports real-time traffic. In
this white paper we have used the term more broadly to
SCEP also include communication in which timely delivery of
Simple certificate enrollment protocol, defined in RFC 8894. information is important.

Secure element Time synchronization

A tamper-resistant dedicated platform consisting of Temporal synchronization of two or more clocks with one
hardware and software that is capable of securely hosting another.
applications and their confidential and cryptographic data
and providing a secure application execution environment Trust anchor
[3]. Note that the secure element can have different form This holds a device’s initial credentials and is also used to
factors such as smart card, dedicated chip, or integrated in derive or securely download additional credentials.
other components.
TSN
SIM Time-sensitive networking.
Subscriber identity module. An informal term that is typically
used for a USIM deployed on a UICC. The term SIM card is UICC
ordinarily (but not exclusively) used if the UICC has the form Universal integrated circuit card. Defined in 3GPP TS 31.101,
factor of a removable card. it is used in USIM applications. It may exist with any of
various form factors including removable or soldered cards,
SIM profile or integrated in another component such as a system on a
The entire content of a specific USIM in a serialized file format chip (SoC) or CPU.
(including personalized data like SUPI or subscriber individual
key). The SIM profile is used within the scope of remote SIM USIM
provisioning to provide the content of a USIM to a device and Universal subscriber identity module. A logical element of
deploy the content to a eUICC. The format and content of SIM the 3GPP architecture that is defined by TS 31.102. It stores
profiles are defined by the Trusted Connectivity Alliance. and provides access to all parameters comprising a subscriber
profile. A USIM also provides security functions that are used
Tagged data by the mobile terminal for mutual authentication with the 5G
Tagged data is data with relevant metadata. For example, network. 3GPP requires a USIM application to be deployed on
a temperature could be expressed as a 16-bit integer. every UICC.
The metadata specify that the unit is Kelvin, Celsius, or
Fahrenheit and indicate the offset and scaling factor, and
may also include information on the source.

Time-aware
This term is used in IEEE Ethernet standards to
describe a scheduler that considers absolute time (or
the time of day) when scheduling frames in a queue.

48
 White Paper 5G-ACIA Report – Industrial 5G Devices – Architecture and Capabilities

8. References
[1] 5G-ACIA White Paper “Integration of 5G with Time- [7] Eike Lyczkowski, Andreas Wanjek, Christian Sauer,
Sensitive Networking for Industrial Communications”, Wolfgang Kiess: “Wireless Communication in Industrial
published in February 2021. Applications”, 2019 24th IEEE International Conference on
Emerging Technologies and Factory Automation (ETFA),
[2] “Use Cases IEC/IEEE 60802”, v1.3, https://www.ieee802. September 2019, pp. 1392–1395.
org/1/files/public/docs2018/60802-industrial-use-cas
es-0918-v13.pdf. [8] 3GPP Technical Specification 22.104, “Service
requirements for cyber-physical control applications in
[3] ETSI TS 103 465 V15.0.0 (2019-05) “Smart Cards; Smart vertical domains”, v17.3.0, July 2020.
Secure Platform (SSP); Requirements Specification”.
[9] International Electrotechnical Commission (IEC) standard
[4] 5G-ACIA White Paper “5G for Automation in Industry”, “IEC 60079 Series Explosive Atmosphere Standards”.
published in July 2019. Up to part 35.

[5] GSMA “eSIM White Paper: The what and how of remote
SIM provisioning”, published in March 2018.

[6] 3GPP Technical Specification 22.261, “Service

requirements for the 5G system”, v 16.14.1.

49
 White Paper 5G-ACIA Report – Industrial 5G Devices – Architecture and Capabilities

5G-ACIA White Paper

Industrial 5G Devices – Architecture and Capabilities

Contact
5G Alliance for Connected Industries and
Automation (5G-ACIA), a Working Party of ZVEI
Lyoner Strasse 9
60528 Frankfurt am Main
Germany

Phone: +49 69 6302-424

Fax: +49 69 6302-319
Email: [email protected]
5g-acia.org

Published by
ZVEI e. V.
5G Alliance for Connected Industries and
Automation (5G-ACIA), a Working Party of ZVEI
zvei.org
5g-acia.org

March 2022

© ZVEI
This work, including all of its parts, is protected by copyright.
Any use outside the strict limits of copyright law without the
consent of the publisher is prohibited. This applies in particular
to reproduction, translation, microfilming, storage, and
processing in electronic systems. Although ZVEI has taken the
greatest possible care in preparing this document, it accepts
no liability for the content.

50
White Paper 5G-ACIA Report – Industrial 5G Devices – Architecture and Capabilities

As of February 2022

51
 White Paper 5G-ACIA Report – Industrial 5G Devices – Architecture and Capabilities

52
5g-acia.org