KR20240016155A - Method and apparatus for provisioning keys to check the authenticity of base station in a wireless communication system - Google Patents

Abstract

This disclosure relates to 5G or 6G communication systems to support higher data rates. In a wireless communication system, a method performed by a terminal, the method comprising: receiving system information including information related to a public key of the base station and signature information of the base station from a base station, the base station determining whether a public key corresponding to information related to the public key of the terminal is stored in the terminal; if a public key corresponding to information related to the public key of the base station is stored, verifying the signature of the base station, And it may include performing a connection procedure with the base station or searching for another base station based on the verification result.

Description

In a wireless communication system, a method and device for provisioning a key for base station verification {METHOD AND APPARATUS FOR PROVISIONING KEYS TO CHECK THE AUTHENTICITY OF BASE STATION IN A WIRELESS COMMUNICATION SYSTEM}

The present disclosure relates to a method and device for provisioning a key for base station verification in a wireless communication system.

Specifically, the present disclosure relates to a method and device in which a base station signs and broadcasts System Information in a wireless communication system, and a terminal is provisioned with a key to verify it.

5G mobile communication technology defines a wide frequency band to enable fast transmission speeds and new services, and includes sub-6 GHz ('Sub 6GHz') bands such as 3.5 gigahertz (3.5 GHz) as well as millimeter wave (mm) bands such as 28 GHz and 39 GHz. It is also possible to implement it in the ultra-high frequency band ('Above 6GHz') called Wave. In addition, in the case of 6G mobile communication technology, which is called the system of Beyond 5G, Terra is working to achieve a transmission speed that is 50 times faster than 5G mobile communication technology and an ultra-low delay time that is reduced to one-tenth. Implementation in Terahertz (THz) bands (e.g., 3 terahertz bands at 95 GHz) is being considered.

In the early days of 5G mobile communication technology, there were concerns about ultra-wideband services (enhanced Mobile BroadBand, eMBB), ultra-reliable low-latency communications (URLLC), and massive machine-type communications (mMTC). With the goal of satisfying service support and performance requirements, efficient use of ultra-high frequency resources, including beamforming and massive array multiple input/output (Massive MIMO) to alleviate radio wave path loss in ultra-high frequency bands and increase radio transmission distance. Various numerology support (multiple subcarrier interval operation, etc.) and dynamic operation of slot format, initial access technology to support multi-beam transmission and broadband, definition and operation of BWP (Band-Width Part), large capacity New channel coding methods such as LDPC (Low Density Parity Check) codes for data transmission and Polar Code for highly reliable transmission of control information, L2 pre-processing, and dedicated services specialized for specific services. Standardization of network slicing, etc., which provides networks, has been carried out.

Currently, discussions are underway to improve and enhance the initial 5G mobile communication technology, considering the services that 5G mobile communication technology was intended to support, based on the vehicle's own location and status information. V2X (Vehicle-to-Everything) to help autonomous vehicles make driving decisions and increase user convenience, and NR-U (New Radio Unlicensed), which aims to operate a system that meets various regulatory requirements in unlicensed bands. ), NR terminal low power consumption technology (UE Power Saving), Non-Terrestrial Network (NTN), which is direct terminal-satellite communication to secure coverage in areas where communication with the terrestrial network is impossible, positioning, etc. Physical layer standardization for technology is in progress.

In addition, IAB (IAB) provides a node for expanding the network service area by integrating intelligent factories (Industrial Internet of Things, IIoT) to support new services through linkage and convergence with other industries, and wireless backhaul links and access links. Integrated Access and Backhaul, Mobility Enhancement including Conditional Handover and DAPS (Dual Active Protocol Stack) handover, and 2-step Random Access (2-step RACH for simplification of random access procedures) Standardization in the field of wireless interface architecture/protocol for technologies such as NR) is also in progress, and 5G baseline for incorporating Network Functions Virtualization (NFV) and Software-Defined Networking (SDN) technology Standardization in the field of system architecture/services for architecture (e.g., Service based Architecture, Service based Interface) and Mobile Edge Computing (MEC), which provides services based on the location of the terminal, is also in progress.

When this 5G mobile communication system is commercialized, an explosive increase in connected devices will be connected to the communication network. Accordingly, it is expected that strengthening the functions and performance of the 5G mobile communication system and integrated operation of connected devices will be necessary. To this end, eXtended Reality (XR) and Artificial Intelligence are designed to efficiently support Augmented Reality (AR), Virtual Reality (VR), and Mixed Reality (MR). , AI) and machine learning (ML), new research will be conducted on 5G performance improvement and complexity reduction, AI service support, metaverse service support, and drone communication.

In addition, the development of these 5G mobile communication systems includes new waveforms, full dimensional MIMO (FD-MIMO), and array antennas to ensure coverage in the terahertz band of 6G mobile communication technology. , multi-antenna transmission technology such as Large Scale Antenna, metamaterial-based lens and antenna to improve coverage of terahertz band signals, high-dimensional spatial multiplexing technology using OAM (Orbital Angular Momentum), RIS ( In addition to Reconfigurable Intelligent Surface technology, Full Duplex technology, satellite, and AI (Artificial Intelligence) to improve the frequency efficiency of 6G mobile communication technology and system network are utilized from the design stage and end-to-end. -to-End) Development of AI-based communication technology that realizes system optimization by internalizing AI support functions, and next-generation distributed computing technology that realizes services of complexity beyond the limits of terminal computing capabilities by utilizing ultra-high-performance communication and computing resources. It could be the basis for .

As described above, with the development of wireless communication systems, open source tools and hacking techniques that can easily create fake base stations and mobile communication terminals have also appeared. As these technologies advance, it has become easier for attackers to use fake base stations to launch denial of service (DoS) attacks on users and telecommunication providers. Accordingly, there is a need for a method to prevent DoS attacks from attacks by fake base stations.

Based on the above-described discussion, the present disclosure seeks to provide an apparatus and method that can provide smooth efficiency in transmitting and receiving signals for base station verification in a wireless communication system.

According to various embodiments of the present disclosure, in a method performed by a terminal in a wireless communication system, the method includes system information including information related to the public key of the base station and signature information of the base station from a base station ( system information), determining whether a public key corresponding to information related to the public key of the base station is stored in the terminal, if a public key corresponding to information related to the public key of the base station is stored , verifying the signature of the base station, and performing a connection procedure with the base station based on the verification result or searching for another base station.

According to various embodiments of the present disclosure, in a method performed by an access and mobility management function (AMF) in a wireless communication system, the method includes information about a list of public keys held by the terminal from a terminal, or Receiving a registration request message including an indicator indicating that a public key corresponding to information related to the public key of the base station is not stored, performing a cipher and integrity protection algorithm based on the registration request message. It may include identifying and transmitting a non-access stratum (NAS) command message to the terminal based on the registration request message and the identified encryption and integrity algorithm.

According to various embodiments of the present disclosure, in a wireless communication system, a terminal includes at least one transceiver; and at least one processor functionally coupled to the at least one transceiver, wherein the at least one processor includes information related to the public key of the base station and signature information of the base station from a base station. Receiving information (system information), determining whether a public key corresponding to information related to the public key of the base station is stored in the terminal, and if a public key corresponding to information related to the public key of the base station is stored , verifying the signature of the base station, and performing a connection procedure with the base station or searching for another base station based on the verification result.

According to various embodiments of the present disclosure, in a wireless communication system, an access and mobility management function (AMF) includes at least one transceiver and at least one processor functionally coupled to the at least one transceiver. (processor), wherein the at least one processor sends an indicator indicating that the public key corresponding to the information related to the public key of the base station or the information related to the list of public keys held by the terminal is not stored. Receive a registration request message including, identify a cipher and integrity protection algorithm based on the registration request message, and send the terminal to the terminal based on the registration request message and the identified encryption and integrity algorithm. Can be configured to send non-access stratum (NAS) command messages.

Various embodiments of the present disclosure can provide devices and methods that can effectively provide services in a wireless communication system.

The effects that can be obtained from the present disclosure are not limited to the effects mentioned in the various embodiments, and other effects not mentioned will be clearly understood by those skilled in the art from the description below. It could be.

FIG. 1A illustrates a communication network including core network entities in a wireless communication system according to various embodiments of the present disclosure.
FIG. 1B illustrates a wireless environment including a core network in a wireless communication system according to various embodiments of the present disclosure.
FIG. 2A shows an example of the functional structure of a terminal according to embodiments of the present disclosure.
FIG. 2B shows an example of the functional structure of a base station according to embodiments of the present disclosure.
FIG. 2C shows an example of the functional structure of a core network object according to embodiments of the present disclosure.
Figure 3 shows an example of a signal flow for a terminal to receive a public key to verify a base station according to embodiments of the present disclosure.
Figure 4 shows an example of a signal flow for a terminal to receive a public key to verify a base station according to embodiments of the present disclosure.
Figure 5 shows a specific operation flow of a terminal for receiving a public key to verify a base station according to embodiments of the present disclosure.
Figure 6 illustrates the operational flow of a terminal for receiving a public key to verify a base station according to embodiments of the present disclosure.
Figure 7 shows the operation flow of AMF for provisioning a public key to verify a base station to a terminal according to embodiments of the present disclosure.

Terms used in this disclosure are merely used to describe specific embodiments and may not be intended to limit the scope of other embodiments. Singular expressions may include plural expressions, unless the context clearly indicates otherwise. Terms used herein, including technical or scientific terms, may have the same meaning as generally understood by a person of ordinary skill in the technical field described in this disclosure. Among the terms used in this disclosure, terms defined in general dictionaries may be interpreted to have the same or similar meaning as the meaning they have in the context of related technology, and unless clearly defined in this disclosure, have an ideal or excessively formal meaning. It is not interpreted as In some cases, even terms defined in the present disclosure cannot be interpreted to exclude embodiments of the present disclosure.

In various embodiments of the present disclosure described below, a hardware approach method is explained as an example. However, since various embodiments of the present disclosure include technology using both hardware and software, the various embodiments of the present disclosure do not exclude software-based approaches.

3GPP, which is in charge of cellular mobile communication standards, has named a new core network structure as 5G core (5GC) and is standardizing it in order to evolve from the existing 4G LTE system to a 5G system. 5GC supports the following differentiated functions compared to the evolved packet core (EPC), the existing network core for 4G.

First, in 5GC, the network slice function is introduced. As a requirement for 5G, 5GC must support various types of terminal types and services (e.g. eMBB, URLLC, or mMTC services). Various types of services each have different requirements for the core network. For example, eMBB service requires high data rate, and URLLC service requires high stability and low delay. One of the technologies proposed to satisfy these various service requirements is network slicing.

Network slicing is a method of creating multiple logical networks by virtualizing one physical network, and each network slice instance (NSI) can have different characteristics. Therefore, each NSI can satisfy various service requirements by having a network function (NF) suitable for its characteristics. If an NSI that matches the characteristics of the service required for each terminal is allocated, multiple 5G services can be supported efficiently.

Second, 5GC can facilitate network virtualization paradigm support through separation of mobility management function and session management function. In 4G LTE (long term evolution), services are provided through signaling exchange with a single core device called a mobility management entity (MME), which is responsible for registration, authentication, mobility management, and session management functions for all terminals. I was able to. However, in 5G, as the number of terminals increases explosively and the mobility and traffic/session characteristics that must be supported according to the type of each terminal are subdivided, if all functions are supported by a single device such as MME, it is necessary to add entities for each required function. Scalability is bound to decline. Therefore, various functions are being developed based on a structure that separates the mobility management function and session management function to improve scalability in terms of signaling load and functional/implementation complexity of the core equipment responsible for the control plane.

Meanwhile, with the development of open source tools and hacking technologies that can easily create fake base stations and mobile communication terminals, it has become easier for attackers to use fake base stations to carry out DoS (denial of service) attacks on users and communication service providers. Accordingly, there is a need for a method to prevent DoS attacks from attacks by fake base stations. For example, there may be an attack on System Information (SI) (hereinafter, System Information may include a System Information message or a System Information Block) among the messages broadcasted by the base station. A fake base station can modify the SI message and broadcast it. If a terminal uses an SI message sent by a fake base station, the terminal may camp on the fake base station rather than the base station that requires connection. A fake base station can relay messages between a terminal and a base station that requires access to the terminal. A fake base station can identify the information contained in the message if the message is not encrypted, and if it is encrypted, it may drop the packet in the middle, preventing the user from receiving the desired service.

System Information (SI) is a message broadcast to all UEs, and previously, protection for System Information was not strongly required. However, as attacks using fake base stations become easier due to the development of open source tools and hacking technology, fake base stations are SI transmitted by the base station that the terminal needs to connect to (hereinafter, used interchangeably with the term 'real base station'). It may be possible to attack a terminal by using a message to camp the terminal at a fake base station. Therefore, there is an emerging need to protect system information so that the terminal can determine whether the system information is truly sent by the base station. Application of security technology to protect integrity and prevent retransmission is required to prevent fake base stations from modifying and using system information. Additionally, for this purpose, research is being conducted on asymmetric key-based signature techniques. Asymmetric key-based signature techniques may include certificate-based asymmetric key signature techniques and ID-based asymmetric key signature techniques. According to various embodiments of the present disclosure, when using an asymmetric key-based signature technique, a method and device are provided for provisioning a public key to the terminal for the terminal to verify System Information signed by the base station. do.

According to various embodiments of the present disclosure, a 'fake base station' is a base station that the terminal does not want to connect to, unlike a 'real base station' that the terminal needs to connect to, and is an aggressor base station, a false base station, or It may be referred to by various similar or equivalent expressions, including fake base station, etc. Additionally, a 'genuine base station' is a base station that a terminal needs to connect to, and may be referred to by various similar or equivalent expressions, including victim base station, real base station, etc. According to various embodiments of the present disclosure, the operations described below may mainly refer to operations between a terminal and a real base station. In such cases, the 'base station' refers to the 'real base station' to which the terminal needs to connect. It can mean.

Hereinafter, various embodiments will be described in detail with the accompanying drawings. Additionally, in describing the embodiments of the present disclosure, if it is determined that a detailed description of a related known function or configuration may unnecessarily obscure the gist of the embodiments, the detailed description will be omitted. Additionally, the terms described below are terms defined in consideration of functions in the embodiments, and may vary depending on the intention or custom of the user or operator. Therefore, the definition should be made based on the contents throughout this specification.

For the same reason, some components are exaggerated, omitted, or schematically shown in the accompanying drawings. Additionally, the size of each component does not entirely reflect its actual size. In each drawing, identical or corresponding components are assigned the same reference numbers.

The advantages and features of the present disclosure and methods for achieving them will become clear by referring to the embodiments described in detail below along with the accompanying drawings. However, the present disclosure is not limited to the embodiments disclosed below and may be implemented in various different forms. The present embodiments are merely provided to ensure that the present disclosure is complete and to those skilled in the art to which the present disclosure pertains. It is provided to fully inform the person of the scope of the disclosure, and the disclosure is defined only by the scope of the claims. Like reference numerals refer to like elements throughout the specification.

At this time, it will be understood that each block of the processing flow diagram diagrams and combinations of the flow diagram diagrams can be performed by computer program instructions. These computer program instructions can be mounted on a processor of a general-purpose computer, special-purpose computer, or other programmable data processing equipment, so that the instructions performed through the processor of the computer or other programmable data processing equipment are described in the flow chart block(s). Creates the means to perform functions. These computer program instructions may also be stored in computer-usable or computer-readable memory that can be directed to a computer or other programmable data processing equipment to implement a function in a particular manner, so that the computer-usable or computer-readable memory It is also possible to produce manufactured items containing instruction means that perform the functions described in the flowchart block(s). Computer program instructions can also be mounted on a computer or other programmable data processing equipment, so that a series of operational steps are performed on the computer or other programmable data processing equipment to create a process that is executed by the computer, thereby generating a process that is executed by the computer or other programmable data processing equipment. Instructions that perform processing equipment may also provide steps for executing the functions described in the flow diagram block(s).

Additionally, each block may represent a module, segment, or portion of code that includes one or more executable instructions for executing specified logical function(s). Additionally, it should be noted that in some alternative execution examples it is possible for the functions mentioned in the blocks to occur out of order. For example, it is possible for two blocks shown in succession to be performed substantially at the same time, or it is possible for the blocks to be performed in reverse order depending on the corresponding function.

At this time, the term '~unit' used in various embodiments of the present disclosure refers to software or hardware components such as FPGA or ASIC, and the '~unit' may perform certain roles. However, '~part' is not limited to software or hardware. The '~ part' may be configured to reside in an addressable storage medium and may be configured to reproduce on one or more processors. Therefore, as an example, '~ part' refers to components such as software components, object-oriented software components, class components, and task components, processes, functions, properties, and procedures. , subroutines, segments of program code, drivers, firmware, microcode, circuitry, data, databases, data structures, tables, arrays, and variables. The functions provided within the components and 'parts' may be combined into a smaller number of components and 'parts' or may be further separated into additional components and 'parts'. In addition, the components and 'parts' may be implemented to regenerate one or more CPUs within the device or secure multimedia card.

Hereinafter, the base station is the entity that performs resource allocation for the terminal, and includes eNode B (eNB), Node B, base station (BS), radio access network (RAN), access network (AN), RAN node, NR NB, gNB, It may be at least one of a wireless access unit, a base station controller, or a node on a network. A terminal may include a user equipment (UE), a mobile station (MS), a cellular phone, a smartphone, a computer, or a multimedia system capable of performing communication functions. In addition, various embodiments of the present disclosure will be described below using a system based on LTE, LTE-A, or NR as an example, but the various embodiments of the present disclosure can also be applied to other communication systems with similar technical background or channel type. may be applied. Additionally, the various embodiments of the present disclosure may be applied to other communication systems through some modifications without significantly departing from the scope at the discretion of a person with skilled technical knowledge.

Terms used in the following description to identify a connection node, terms referring to network entities, terms referring to messages, terms referring to interfaces between network objects, and various identification information. Referring terms, etc. are exemplified for convenience of explanation. Accordingly, the present disclosure is not limited to the terms described below, and other terms referring to objects having equivalent technical meaning may be used.

In addition, the present disclosure describes various embodiments using terms used in some communication standards (eg, ^3rd Generation Partnership Project (3GPP)), but this is only an example for explanation. Various embodiments of the present disclosure can be easily modified and applied to other communication systems. Hereinafter, some terms used in the core network of the present disclosure are defined in advance.

AMF Access and Mobility Management Function

CN Core Network

CNF Containerized Network Function

DNN Data Network Name

PCF Policy Control Function

HSS Home Subscriber Server

SMF Session Management Function

UDM User Data Management

UPF User Plane Function

CNF Containerized Network Function

VNFs Virtual Network Function

FIG. 1A illustrates a communication network including core network entities in a wireless communication system according to various embodiments of the present disclosure. The 5G mobile communication network may include a 5G user equipment (UE) 110, a 5G radio access network (RAN) 120, and a 5G core network.

The 5G core network includes an access and mobility management function (AMF) 150 that provides UE mobility management function, a session management function (SMF) 160 that provides a session management function, and a user plane (UPF) that performs a data transmission role. function) (170), PCF (policy control function) (180) that provides policy control functions, UDM (unified data management) (153) that provides data management functions such as subscriber data and policy control data, or various network functions (network) It may be configured to include network functions such as UDR (unified data repository) that stores data of functions).

Referring to FIG. 1A, a user equipment (UE) 110 may communicate through a wireless channel formed with a base station (eg, eNB, gNB), that is, an access network. In some embodiments, the terminal 110 is a device used by a user and may be a device configured to provide a user interface (UI). As an example, the UE 110 may be a terminal mounted on a vehicle for driving. In some other embodiments, the terminal 110 may be a device that performs machine type communication (MTC) that operates without user involvement, or may be an autonomous vehicle. In addition to electronic devices, UE includes 'terminal', 'vehicle terminal', 'user equipment (UE)', 'mobile station', 'subscriber station', ' It may be referred to as a 'remote terminal', 'wireless terminal', or 'user device' or other terms having equivalent technical meaning. As a terminal, in addition to the UE, customer-premises equipment (CPE) or a dongle type terminal may be used. Customer premises devices, like UEs, can be connected to NG-RAN nodes while providing the network to other communication devices (e.g. laptops).

Referring to FIG. 1A, the AMF 150 provides functions for access and mobility management on a per terminal 110 basis, and each terminal 110 can be basically connected to one AMF 150. Specifically, the AMF 150 provides signaling between core network nodes for mobility between 3GPP access networks, an interface (N2 interface) between radio access networks (e.g., 5G RAN) 120, and NAS signaling with the terminal 110. , identification of the SMF 160, and delivery provisioning of a session management (SM) message between the terminal 110 and the SMF 160. Some or all of the functions of AMF 150 may be supported within a single instance of AMF 150.

Referring to FIG. 1A, the SMF 160 provides a session management function, and when the terminal 110 has multiple sessions, each session can be managed by a different SMF 160. Specifically, SMF 160 is responsible for session management (e.g., establishing, modifying, and tearing down sessions, including maintaining tunnels between UPF 170 and access network nodes), selecting and controlling user plane (UP) functions. , Traffic steering settings to route traffic to the appropriate destination in the UPF 170, termination of the SM portion of the NAS message, downlink data notification (DDN), AN initiator of specific SM information ( For example, at least one of the following functions may be performed: delivery to the access network through the N2 interface via the AMF 150). Some or all of the functions of the SMF 160 may be supported within a single instance of the SMF 160.

In the 3GPP system, conceptual links connecting NFs in the 5G system may be referred to as reference points. A reference point may also be referred to as an interface. The following illustrates reference points (hereinafter used interchangeably with interfaces) included in the 5G system architecture expressed across various embodiments of the present disclosure.

- N1: Reference point between UE (110) and AMF (150)

- N2: Reference point between (R)AN (120) and AMF (150)

- N3: Reference point between (R)AN (120) and UPF (170)

- N4: Reference point between SMF (160) and UPF (170)

- N5: Reference point between PCF (180) and AF (130)

- N6: Reference point between UPF (170) and DN (140)

- N7: Reference point between SMF (160) and PCF (180)

- N8: Reference point between UDM (153) and AMF (150)

- N9: Reference point between two core UPFs (170)

- N10: Reference point between UDM (153) and SMF (160)

- N11: Reference point between AMF (150) and SMF (160)

- N12: Reference point between AMF (150) and authentication server function (AUSF) (151)

- N13: Reference point between UDM (153) and authentication server function (151)

- N14: Reference point between two AMF (150)

- N15: Reference point between PCF (180) and AMF (150) for non-roaming scenarios, reference point between PCF (180) and AMF (150) in visited network for roaming scenarios.

FIG. 1B illustrates a wireless environment including a core network in a wireless communication system according to various embodiments of the present disclosure. Referring to FIG. 1B, the wireless communication system includes a radio access network (RAN) 120 and a core network (CN).

The wireless access network 120 is a network directly connected to a user device, for example, the terminal 110, and is an infrastructure that provides wireless access to the terminal 110. The wireless access network 120 includes a set of a plurality of base stations including a base station 125, and the plurality of base stations can communicate through interfaces formed between them. At least some of the interfaces between the plurality of base stations may be wired or wireless. The base station 125 may have a structure divided into a central unit (CU) and a distributed unit (DU). In this case, one CU can control multiple DUs. In addition to the base station, the base station 125 includes 'access point (AP)', 'gNB (next generation node B)', '5G node (5 ^th generation node)', and 'wireless point'. ', 'transmission/reception point (TRP)', or other terms with equivalent technical meaning. The terminal 110 connects to the wireless access network 120 and communicates with the base station 125 through a wireless channel. In addition to the terminal, the terminal 110 includes 'user equipment (UE)', 'mobile station', 'subscriber station', 'remote terminal', and 'wireless terminal'. It may be referred to as ‘wireless terminal’, ‘user device’, or other terms with equivalent technical meaning.

The core network is a network that manages the entire system, controls the wireless access network 120, and processes data and control signals for the terminal 110 transmitted and received through the wireless access network 120. The core network includes control of the user plane and control plane, processing of mobility, management of subscriber information, billing, and communication with other types of systems (e.g., long term evolution (LTE) system). It performs various functions such as interlocking. In order to perform the various functions described above, the core network may include a number of functionally separated entities with different NFs (network functions). For example, the core network 200 includes an access and mobility management function (AMF) 150, a session management function (SMF) 160, a user plane function (UPF) 170, and a policy and charging function (PCF) ( 180), network repository function (NRF) 159, unified data management (UDM) 153, network exposure function (NEF) 155, and unified data repository (UDR) 157.

The terminal 110 is connected to the wireless access network 120 and accesses the AMF 150, which performs the mobility management function of the core network. The AMF 150 is a function or device that is responsible for both access to the wireless access network 120 and mobility management of the terminal 110. SMF 160 is an NF that manages sessions. AMF 150 is connected to SMF 160, and AMF 150 routes session-related messages for terminal 110 to SMF 160. The SMF 160 connects to the UPF 170, allocates user plane resources to be provided to the terminal 110, and establishes a tunnel to transmit data between the base station 125 and the UPF 170. The PCF 180 controls information related to policy and charging for sessions used by the terminal 110.

The NRF (159) stores information about NFs installed in the mobile communication service provider network and performs the function of informing of the stored information. NRF 159 can be connected to all NFs. When each NF starts operating in the operator network, it registers with the NRF 159 to notify the NRF 159 that the corresponding NF is operating within the network. The UDM 153 is an NF that performs a similar role to the home subscriber server (HSS) of a 4G network, and stores the subscription information of the terminal 110 or the context that the terminal 110 uses within the network.

The NEF (155) serves to connect the ^3rd party server and the NF within the 5G mobile communication system. It also performs a role of providing data to the UDR 157, updating, or obtaining data. The UDR (157) has the function of storing subscription information of the terminal 120, storing policy information, storing data exposed to the outside, or storing information necessary for a ^3rd party application. Perform. Additionally, the UDR 157 also serves to provide stored data to other NFs.

FIG. 2A shows an example of the functional structure of a terminal according to embodiments of the present disclosure. The configuration illustrated in FIG. 2A can be understood as the configuration of the terminal 110. Hereinafter used ‘…’ wealth', '… Terms such as 'unit' refer to a unit that processes at least one function or operation, and may be implemented as hardware, software, or a combination of hardware and software.

Referring to FIG. 2A, the terminal includes a communication unit 205, a storage unit 210, and a control unit 215.

The communication unit 205 performs functions for transmitting and receiving signals through a wireless channel. For example, the communication unit 205 performs a conversion function between baseband signals and bit strings according to the physical layer specifications of the system. For example, when transmitting data, the communication unit 205 generates complex symbols by encoding and modulating the transmission bit string. Additionally, when receiving data, the communication unit 205 restores the received bit stream by demodulating and decoding the baseband signal. Additionally, the communication unit 205 upconverts the baseband signal into an RF band signal and transmits it through an antenna, and downconverts the RF band signal received through the antenna into a baseband signal. For example, the communication unit 205 may include a transmission filter, a reception filter, an amplifier, a mixer, an oscillator, a DAC, an ADC, etc.

Additionally, the communication unit 205 may include multiple transmission and reception paths. Furthermore, the communication unit 205 may include at least one antenna array comprised of multiple antenna elements. In terms of hardware, the communication unit 205 may be composed of digital circuits and analog circuits (eg, radio frequency integrated circuit (RFIC)). Here, the digital circuit and analog circuit can be implemented in one package. Additionally, the communication unit 205 may include multiple RF chains. Furthermore, the communication unit 205 can perform beamforming.

The communication unit 205 transmits and receives signals as described above. Accordingly, all or part of the communication unit 205 may be referred to as a 'transmitting unit', a 'receiving unit', or a 'transmitting/receiving unit'. Additionally, in the following description, transmission and reception performed through a wireless channel are used to mean that the processing as described above is performed by the communication unit 205.

The storage unit 210 stores data such as basic programs, application programs, and setting information for operation of the terminal. The storage unit 210 may be comprised of volatile memory, non-volatile memory, or a combination of volatile memory and non-volatile memory. And, the storage unit 210 provides stored data according to the request of the control unit 215.

The control unit 215 controls the overall operations of the terminal. For example, the control unit 215 transmits and receives signals through the communication unit 205. Additionally, the control unit 215 writes and reads data into the storage unit 210. Additionally, the control unit 215 can perform protocol stack functions required by communication standards. To this end, the control unit 215 may include at least one processor or microprocessor, or may be part of a processor. Additionally, a portion of the communication unit 205 and the control unit 215 may be referred to as a communication processor (CP). According to various embodiments, the control unit 215 may control synchronization using a wireless communication network. For example, the control unit 215 may control the terminal to perform operations according to various embodiments described later.

According to various embodiments of the present disclosure, a terminal may be comprised of a mobile equipment (ME) and a universal mobile telecommunications service (UMTS) subscriber identity module (USIM). ME may include a mobile terminal (MT) and terminal equipment (TE). MT may be the part where the wireless access protocol operates, and TE may be the part where the control function operates. For example, in the case of a wireless communication terminal (e.g., a mobile phone), the MT and TE may be integrated, and in the case of a laptop, the MT and TE may be separated. In the present disclosure, the ME and the USIM can be expressed as distinct entities depending on the operation of each component, but are not limited to this, and the present disclosure can express the ME and the USIM as a terminal (e.g., UE), or the ME can be expressed as a terminal. Of course, various embodiments can be described.

FIG. 2B shows an example of the functional structure of a base station according to embodiments of the present disclosure. The configuration illustrated in FIG. 2B may be understood as the configuration of the base station 120. Hereinafter used ‘…’ wealth', '… Terms such as 'unit' refer to a unit that processes at least one function or operation, and may be implemented as hardware, software, or a combination of hardware and software.

Referring to Figure 2b, the base station includes a wireless communication unit 235, a backhaul communication unit 220, a storage unit 225, and a control unit 230.

The wireless communication unit 235 performs functions for transmitting and receiving signals through a wireless channel. For example, the wireless communication unit 235 performs a conversion function between baseband signals and bit strings according to the physical layer specifications of the system. For example, when transmitting data, the wireless communication unit 235 generates complex symbols by encoding and modulating the transmission bit string. Additionally, when receiving data, the wireless communication unit 235 restores the received bit stream by demodulating and decoding the baseband signal.

Additionally, the wireless communication unit 235 upconverts the baseband signal into a radio frequency (RF) band signal and transmits it through an antenna, and downconverts the RF band signal received through the antenna into a baseband signal. To this end, the wireless communication unit 235 may include a transmission filter, a reception filter, an amplifier, a mixer, an oscillator, a digital to analog convertor (DAC), an analog to digital convertor (ADC), etc. Additionally, the wireless communication unit 235 may include multiple transmission and reception paths. Furthermore, the wireless communication unit 235 may include at least one antenna array composed of multiple antenna elements.

In terms of hardware, the wireless communication unit 235 may be composed of a digital unit and an analog unit, and the analog unit includes a number of sub-units depending on operating power, operating frequency, etc. It can be composed of: A digital unit may be implemented with at least one processor (eg, digital signal processor (DSP)).

The wireless communication unit 235 transmits and receives signals as described above. Accordingly, all or part of the wireless communication unit 235 may be referred to as a 'transmitter', 'receiver', or 'transceiver'. Additionally, in the following description, transmission and reception performed through a wireless channel are used to mean that the processing as described above is performed by the wireless communication unit 235.

The backhaul communication unit 220 provides an interface for communicating with other nodes in the network. That is, the backhaul communication unit 220 converts a bit string transmitted from the base station to another node, for example, another access node, another base station, upper node, core network, etc., into a physical signal, and converts the physical signal received from the other node into a physical signal. Convert to bit string.

The storage unit 225 stores data such as basic programs, application programs, and setting information for operation of the base station. The storage unit 225 may be comprised of volatile memory, non-volatile memory, or a combination of volatile memory and non-volatile memory. And, the storage unit 225 provides stored data according to the request of the control unit 230.

The control unit 230 controls the overall operations of the base station. For example, the control unit 230 transmits and receives signals through the wireless communication unit 235 or the backhaul communication unit 220. Additionally, the control unit 230 records and reads data from the storage unit 225. Additionally, the control unit 230 can perform protocol stack functions required by communication standards. According to another implementation example, the protocol stack may be included in the wireless communication unit 235. For this purpose, the control unit 230 may include at least one processor. According to various embodiments, the control unit 230 may control synchronization using a wireless communication network. For example, the control unit 230 may control the base station to perform operations according to various embodiments described later.

FIG. 2C shows an example of the functional structure of a core network object according to embodiments of the present disclosure. Shows the configuration of a core network object in a wireless communication system according to various embodiments of the present disclosure. The configuration illustrated in FIG. 2C may be understood as a configuration of a device having at least one function among network entities including the AMF 150 of FIG. 1. Hereinafter used ‘…’ wealth', '… Terms such as 'unit' refer to a unit that processes at least one function or operation, and may be implemented as hardware, software, or a combination of hardware and software.

Referring to FIG. 2C, the core network object includes a communication unit 240, a storage unit 245, and a control unit 250.

The communication unit 240 provides an interface for communicating with other devices in the network. That is, the communication unit 240 converts a bit string transmitted from a core network object to another device into a physical signal, and converts a physical signal received from another device into a bit string. That is, the communication unit 240 can transmit and receive signals. Accordingly, the communication unit 240 may be referred to as a modem, a transmitter, a receiver, or a transceiver. At this time, the communication unit 240 allows the core network object to communicate with other devices or systems through a backhaul connection (eg, wired backhaul or wireless backhaul) or a network.

The storage unit 245 stores data such as basic programs, applications, and setting information for the operation of core network objects. The storage unit 245 may be comprised of volatile memory, non-volatile memory, or a combination of volatile memory and non-volatile memory. And, the storage unit 245 provides stored data according to the request of the control unit 250.

The control unit 250 controls overall operations of core network objects. For example, the control unit 250 transmits and receives signals through the communication unit 240. Additionally, the control unit 250 writes and reads data into the storage unit 245. For this purpose, the control unit 250 may include at least one processor. According to various embodiments of the present disclosure, the control unit 250 may control to perform synchronization using a wireless communication network. For example, the control unit 250 may control the core network object to perform operations according to various embodiments described later.

Terms used in the following description to identify a connection node, a term referring to network entities, a term referring to messages, a term referring to an interface between network objects, and a term referring to various types of identification information. The following are examples for convenience of explanation. Accordingly, the present disclosure is not limited to the terms described below, and other terms referring to objects having equivalent technical meaning may be used.

For convenience of explanation below, this disclosure uses terms and names defined in the 5GS (5G system) and NR (new radio) standards, which are the most recent standards defined by the 3GPP organization among currently existing communication standards. However, the present disclosure is not limited by the above terms and names, and can be equally applied to wireless communication networks complying with other standards. In particular, the present disclosure can be applied to 3GPP 5th generation mobile communication standards (eg, 5GS and NR).

According to various embodiments of the present disclosure, a base station may have a private key to be used to sign a System Information (SI) message. The terminal may have a public key that can verify the value signed in the SI message using the base station's private key. One method of provisioning a public key to a terminal may be for a telecommunications service provider to provision and sell the public key to a USIM. Or, the terminal receives a NAS (non-access stratum) Security Mode Command or AS (access stratum) Security Mode Command message that provides integrity protection for the first time after a mutual authentication process with the core network. The terminal can receive a public key that can verify the value signed by the base station to which it wishes to connect. Alternatively, after the registration process of the terminal is completed, the network may update the public key to the terminal through a UE parameters update (UPU) or steering of roaming (SoR) process as needed.

The terminal may store the public key to be used for signature verification in USIM or ME. If the public key can be stored in USIM, the terminal (e.g. ME) can perform the process of receiving the public key from USIM using the interface with USIM if the system information sent by the base station includes a signature. . Alternatively, the terminal can deliver an SI message to USIM, and USIM can perform a process of verifying the received message.

The storage format of the public key for signature verification can be stored in the NVM (non-volatile memory) of the USIM or ME by mapping the PLMN ID to the ID or index of the corresponding public key (e.g., PLMNID+PKID |may be in PK format). The terminal can identify the PLMN (Public Land Mobile Network) ID (identity) and PK (public key) ID in the System Information transmitted by the base station. The terminal can verify the signature of the System Information by identifying the public key that can verify the signature in the corresponding PLMN in the USIM or ME's NVM, and based on this, the authenticity of the base station to be connected can be determined.

According to various embodiments of the present disclosure, when the base station broadcasts System Information, it may also send a PKID indicating a public key that can verify the value signed by the base station.

According to various embodiments of the present disclosure, the terminal uses the public key of each base station to be used to verify that not only the base station currently camping on but also other base stations have signed the System Information, and NAS Security Mode Command/AS Security Mode during the registration process. It can be received as a protected message through UPU (UE parameters update)/SoR (steering of roaming) after the command or registration process.

According to various embodiments of the present disclosure, the terminal can store the key provisioned from the network during or after the registration process in the NVM of the USIM or ME, and the real base station sends the system using the stored key. The signature included in the information can be verified.

As described above, a fake base station can steal or forge the System Information of a genuine base station that the terminal needs to connect to. Various methods may be required to solve these problems.

According to one embodiment, the base station may transmit or broadcast System Information including information related to the base station, and the terminal may receive System Information from the base station. Information related to the base station included in the System Information may include at least one of a PCI (physical cell ID), a timestamp, and the base station's signature value for the System Information. Of course, according to one embodiment, it is not limited to the above example.

According to an embodiment of the present disclosure, a terminal that has received System Information including PCI from a base station can verify the signature of the base station that transmitted the SI message based on the PCI value of the real base station requiring connection. Alternatively, the terminal can identify whether the received System Information is transmitted by a base station requiring a connection or is System Information recycled by a fake base station based on information about the received timestamp.

According to various embodiments of the present disclosure, an asymmetric key-based method may be used. Unlike the symmetric key method that uses one shared key, the asymmetric key-based method may include a public key and a private key. Asymmetric key-based methods may include certificate-based digital signature methods and ID-based signature methods.

More specifically, in the certificate-based digital signature method, the base station can sign using the private key of a pair of private key and public key, and the terminal can use the base station's public key (e.g. included in the certificate). You can verify the signature. According to one embodiment, the terminal may already have the public key of the root CA (certificate authority) that issued the certificate to the base station. In the ID-based signature method, the terminal can verify the signature using the ID and KMS (key management service) public key. According to one embodiment, the asymmetric key-based method may assume that the terminal has a public key (root CA's public key or KMS public key) in advance. Accordingly, according to various embodiments of the present disclosure, a method and apparatus for transmitting and receiving signals based on enhanced base station security by individually and adaptively provisioning a public key to a terminal are disclosed.

Figure 3 shows an example of a signal flow for a terminal to receive provisioning of a public key to verify a base station according to embodiments of the present disclosure.

Referring to FIG. 3, operations including a provisioning step for a terminal that does not have a public key for signature verification as well as a step for a terminal that already has a public key for signature verification to receive an update on the public key from the network are shown.

Various embodiments of the present disclosure may be implemented including at least one of the steps shown in FIG. 3. For example, with reference to FIG. 3, some or all of the operations of steps 305 to 312, which may be considered part of the terminal registration process, may be omitted or may be omitted according to various embodiments of the present disclosure. Of course, it can be replaced with other movements. Various embodiments of the present disclosure may include a combination of all, some, or some of the operations of FIG. 3 or may include a combination of some of the operations shown in FIG. 4 . In addition, of course, terms (e.g., information, parameters) according to various embodiments of the present disclosure are not limited to the terms themselves, but may be replaced with terms having equivalent or similar meanings.

For the procedure shown in Figure 3, one or more of the following settings may be performed in advance.

- 1st preset

The first operator's server may have a public key that can be used for signature verification in the second operator's network with which it is in a contractual relationship (e.g., roaming contract).

- 2nd preset

AMF is a public key for signature verification for gNBs that may be associated with it, or public key(s) for other base stations within a Home Public Land Mobile Network (HPLMN) or public key(s) for base stations in a Visited PLMN (VPLMN). You may have at least one. Alternatively, the gNB may have the above-mentioned information. Alternatively, during the registration process, AMF may receive a public key list including at least one of the above-mentioned public keys from UDM.

Referring to FIG. 3, in step 301, the terminal may perform an Initial Attach process.

In step 302, the base station may broadcast System Information including a signature. If the System Information transmitted by the base station includes a signature, the System Information contains a PK indicator indicating the public key against which the signature will be verified (e.g., a certificate containing the base station's public key or a public key indicating the public key against which the signature will be verified). ID of the key). According to one embodiment, the base station may use values such as PCI (physical cell ID) and Timestamp as additional inputs to create a signature. Additionally, System Information transmitted by the base station may include at least one of a PLMN ID or Cell ID related to the base station.

According to one embodiment, a terminal that has received System Information including PCI from a base station can verify the signature of the base station that transmitted the System Information based on the PCI value of the real base station that requires connection. Alternatively, the terminal can identify whether the received System Information is transmitted by a base station requiring a connection or is System Information recycled by a fake base station based on information about the received timestamp.

In step 303, the terminal can perform an operation based on the received System Information. If the System information is a message related to a disaster text and the System information including the disaster text does not contain signature information, the terminal can identify that it is an unverified disaster text (for example, the terminal may Information such as “This is an emergency disaster text message” can be given). According to one embodiment, regardless of whether the terminal has a public key for base station verification, if a variable value (e.g., time stamp) included in the system information is not acceptable to the terminal ( For example, if the variable value is an old time value determined by the terminal, the terminal stops the above-described operation, exits the base station (or cell of the base station) that transmitted the above-mentioned system information, and enters another cell. You can select . According to one embodiment, the terminal can verify the signature. More specifically, according to one embodiment, the terminal can verify System Information signed by the base station based on the private key based on the public key of the base station that the terminal knows. According to one embodiment, an asymmetric key method is used, so the public key and private key may be different. According to one embodiment, the terminal may identify that verification has been completed based on the public key corresponding to the private key that the base station based on for signing.

According to one embodiment, if the System Information received by the terminal in step 302 does not include a signature, the terminal may proceed to step 304 without performing additional operations.

According to one embodiment, if a signature is included in the System Information and the USIM of the terminal supports a public key storage function to be used for signature verification, the ME (mobile equipment) responds to the information about the public key included in the System Information Receive or identify a public key (the corresponding CA certificate in the case of a certificate containing the public key of the base station, or the public key matching the corresponding ID in the case of an ID of a public key indicating the public key to be signed and verified) from the USIM. You can.

According to one embodiment, if the System Information includes a signature, but the USIM of the terminal does not have a public key storage function to be used for signature verification, the ME stores information about the public key included in the System Information and the corresponding public key. can be identified in the ME's memory.

According to one embodiment, when the terminal identifies the public key within the memory of the USIM or ME, the signature included in System Information can be verified. According to one embodiment, if verification is successful, the terminal may proceed to step 304. According to one embodiment, if verification fails, the terminal may identify that an attacker base station (eg, a fake base station) exists. According to one embodiment, if verification fails, the terminal may search for another cell and attempt to attach. According to one embodiment, when the terminal determines that the base station that transmitted system information to the terminal is an attacker base station, the terminal stops the connection procedure (e.g., cell connection procedure) with the base station that transmitted the system information, and stops the connection procedure (e.g., cell connection procedure) with the base station that transmitted system information to the terminal. base station) can be searched. If the terminal determines that the base station that transmitted system information to the terminal is a real base station, it can continue the connection procedure with the base station that transmitted the system information.

According to one embodiment, if the terminal does not find the public key in the memory of the USIM or ME, it may proceed to step 304.

In step 304, the terminal and the base station may perform RRC connection setup. An initial connection process may be performed to establish an RRC connection between the terminal and the base station.

According to various embodiments of the present disclosure, through steps 301 to 303 of FIG. 3, the terminal may verify or fail to verify the signature of the base station, and for additional verification process accordingly, the terminal may verify the signature of the base station through steps 301 to 303 of FIG. Some of the steps or some of the steps in Figure 4 may be performed.

In step 305, the terminal may transmit a registration request message to the AMF through the base station. According to one embodiment, the registration request message transmitted by the terminal may include information about encryption and integrity protection algorithms supported by the terminal. According to one embodiment, the registration request message transmitted by the terminal may include at least one of a list of public keys to be used for signature verification that the terminal currently possesses. According to one embodiment, the registration request message transmitted by the terminal is, if there is no public key to verify the value signed by the base station to which the terminal needs to connect, an indicator indicating such information or an indicator that the terminal currently possesses. It may contain at least one of the list of public keys to be used for signature verification. The list of public keys may include, for example, the public key itself, or it may include information representing the public key (e.g., PLMNID+PKID). According to one embodiment, if an attacker base station (e.g., a fake base station) exists, the fake base station may receive a registration request message transmitted by the terminal, modify information included in the message, and transmit it to the AMF.

In step 306, the terminal and the network (including, for example, a base station or core network objects) may perform mutual authentication.

In step 307, the AMF may not modify the indicator or public key list included in the message received from the terminal. AMF may transmit a NAS (non-access stratum) Security Mode Command message containing a list of indicators or public keys received from the terminal. AMF can identify encryption and integrity protection algorithms related to transmission and reception of NAS messages to and from the terminal. AMF can identify encryption and integrity protection algorithms related to sending and receiving NAS messages based on information about encryption and integrity protection algorithms supported by the terminal received from the terminal. AMF can generate encryption keys or integrity protection keys for NAS based on identified algorithms and K_amf, etc. Using the generated integrity protection key for the NAS, AMF can transmit the NAS Security Mode Command message with integrity protection. The NAS Security Mode Command message may be the first integrity-protected message among NAS messages. According to one embodiment, an integrity-protected message may not be arbitrarily modified by other objects (eg, an attacker base station) until it is received by the terminal. The NAS message may include at least one of an encryption algorithm or an integrity protection algorithm selected by the AMF.

In step 308, the terminal may compare the indicator or public key list included in the integrity-protected message received from the AMF with the indicator or public key list transmitted by the terminal to the AMF in step 305. If, as a result of the comparison, it is identified that the indicator or public key list transmitted by the terminal is different from the indicator or public key list received by the terminal, the terminal can identify that a MitM (man in the middle) attack occurred in the middle of transmission and reception with the core network. You can. According to one embodiment, if it is determined that the indicator or public key list transmitted by the terminal is different from the indicator or public key list received by the terminal, the terminal may identify that an attacker base station (eg, a fake base station) exists. According to one embodiment, if it is identified that the indicator or public key list transmitted by the terminal is different from the indicator or public key list received by the terminal, the terminal may find another cell and attempt to attach.

In step 309, if the information received in step 307 is the same as the information transmitted by the terminal in step 305, the terminal can inform the AMF that there is no tampering in the message by sending a NAS Security Mode Complete message. there is. According to one embodiment, the terminal may generate an encryption key and an integrity protection key for the NAS based on the encryption algorithm and integrity protection algorithm received from the AMF in step 307. The terminal can encrypt and transmit subsequent NAS messages, including the NAS Security Mode Complete message, based on the generated keys with encryption and integrity protection.

In step 310, when the AMF receives NAS Security Mode Complete from the terminal, the AMF can confirm that the information received in step 305 has not been tampered with. According to one embodiment, the AMF may identify information on a public key to be used for signature verification currently owned by the terminal based on the information received in step 305. According to one embodiment, if there is information that needs to be updated among the public keys owned by the terminal, the AMF may transmit this to the base station. According to one embodiment, cases in which an update is necessary may include cases where some of the public keys owned by the terminal have been revoked or the public key of a specific PLMN has been added/removed due to a new contractual relationship.

In step 311, the base station may update the public key to the terminal in an integrity-protected access stratum (AS) Security Mode Command message using the public key information received from the AMF. According to one embodiment, the base station may transmit a message containing an updated public key to the terminal. According to one embodiment, the message transmitted to the terminal may include at least one of a public key for the base station that received public key information from the AMF, a public key for other base stations in the HPLMN, or a public key for base stations in VPLMNs. .

In step 312, if the public key(s) are included in the AS Security Mode Command message received by the terminal from the base station, the terminal stores the public key(s) in the USIM or ME's NVM ( It can be stored in non-volatile memory. According to one embodiment, the AS Security Mode Command may be the first integrity-protected message among AS messages.

In step 313, the terminal may transmit an AS Security Mode Command message to the base station. According to one embodiment, the AS Security Mode Complete message may be the first AS message to be encrypted and integrity protected. According to one embodiment, an integrity-protected message may not be arbitrarily modified by other objects (eg, an attacker base station) until it is received by the terminal.

At step 314, the AMF knows which public key(s) the terminal has (e.g., a list of public keys received from the terminal at step 305 and a list of public keys delivered by the AMF to the base station at step 310). By combining the information, the list of public keys currently held by the terminal can be known) can transmit SUPI (Subscription Permanent Identifier), an identifier representing the terminal, and the list of public keys held by the terminal to the UDM.

In step 315, if the UDM that has received the public key list owned by the UE identifies that an update is necessary based on the received public key list, performs a UE parameters update (UPU) or steering of roaming (SoR) process. Thus, it is possible to decide whether to update the public key for signature verification in the terminal.

At step 316, the UDM determines, based on the received public key list, that the UE requires an update to the public key list (e.g., a new public key has been added for a newly deployed base station in the HPLMN or another operator (Including cases where public key information to be used in the network of the relevant operator has been added due to a new contractual relationship with the terminal or a specific public key is no longer needed due to reasons such as revocation of the public key owned by the terminal, etc.), UPU/SoR You can update your terminal through this process.

According to one embodiment, the update process of the terminal through the UPU/SoR process may be performed by at least one of the terminal, the base station, or network objects. According to one embodiment, the process of updating the list of public keys (including at least one of the public key of the base station, the public key of other base stations in HPLMN, or the public keys of base stations of VPLMNs) in the terminal is performed by using the UPU process to update the public key. This may include updating the terminal or public key information related to the VPLMN using the SoR process.

In step 317, the terminal that has received the public key update information for signature verification through the UPU/SoR process is based on the public key required for signature verification of the base station and an indicator indicating the public key (including the case in the PLMNID+PKID format). Thus, the public key information can be updated in the NVM of USIM or ME, and the updated content can be saved.

According to various embodiments of the present disclosure, some of the steps shown in FIG. 3 may be performed again based on the terminal's updated public key or public key list.

Figure 4 shows an example of a signal flow for a terminal to receive a public key to verify a base station according to embodiments of the present disclosure.

Referring to FIG. 4, operations including not only providing a public key for signature verification to a terminal that does not have it, but also receiving an update on the public key from the network for a terminal that already has a public key for signature verification are shown. . Various embodiments of the present disclosure may be implemented including at least one of the steps shown in FIG. 4. For example, with reference to FIG. 4, some or all of the operations of steps 405 to 409, which may be considered part of the terminal registration process, may be omitted or may be omitted according to various embodiments of the present disclosure. Of course, it can be replaced with other movements. Various embodiments of the present disclosure may include a combination of all, some, or some of the operations of FIG. 4 or may include a combination of some of the operations shown in FIG. 3 . In addition, of course, terms (e.g., information, parameters) according to various embodiments of the present disclosure are not limited to the terms themselves, but may be replaced with terms having equivalent or similar meanings.

For the procedure shown in Figure 4, one or more of the following settings may be performed in advance.

- 1st preset

The first operator's server may have a public key that can be used for signature verification in the second operator's network with which it is in a contractual relationship (e.g., roaming contract).

- 2nd preset

The AMF may have at least one of a public key for signature verification for a gNB that may be associated with it or a public key(s) for other base stations in the HPLMN or a public key for base stations in the VPLMN(s). Alternatively, during the registration process, AMF may receive a public key list including at least one of the above-mentioned public keys from UDM.

Referring to FIG. 4, in step 401, the terminal may perform an Initial Attach process.

At step 402, the base station may broadcast System Information including the signature. If the System Information transmitted by the base station includes a signature, the System Information contains a PK indicator indicating the public key against which the signature will be verified (e.g., a certificate containing the base station's public key or a public key indicating the public key against which the signature will be verified). ID of the key). The base station can also use values such as PCI and Timestamp as additional inputs to create a signature. Additionally, System Information transmitted by the base station may include a PLMN ID related to the base station.

According to one embodiment, a terminal that has received System Information including PCI from a base station can verify the signature of the base station that transmitted the System Information based on the PCI value of the real base station that requires connection. Alternatively, the terminal can identify whether the received System Information is transmitted by a base station requiring a connection or is System Information recycled by a fake base station based on information about the received timestamp.

In step 403, the terminal can perform an operation based on the received System Information. If the System information is a message related to a disaster text and the System information including the disaster text does not contain signature information, the terminal can identify that it is an unverified disaster text (for example, the terminal may Information such as “This is an emergency disaster text message” can be given). According to one embodiment, regardless of whether the terminal has a public key for base station verification, if a variable value (e.g., time stamp) included in the system information is not acceptable to the terminal ( For example, if the changeable value is an old time value that the terminal determines), the terminal stops the above-described operation, exits the base station (or cell of the base station) that transmitted the above-mentioned system information, and moves to another location. You can select cells. According to one embodiment, the terminal can verify the signature. More specifically, according to one embodiment, the terminal can verify System Information signed by the base station based on the private key based on the public key of the base station that the terminal knows. According to one embodiment, an asymmetric key method is used, so the public key and private key may be different. According to one embodiment, the terminal may identify that verification has been completed based on the public key corresponding to the private key that the base station based on for signing.

According to one embodiment, if the System Information received by the terminal in step 402 does not include a signature, the terminal may proceed to step 404 without performing additional operations.

According to one embodiment, if the System Information includes a signature and the USIM of the terminal supports a public key storage function to be used for signature verification, the ME responds to the information about the public key included in the System Information (the base station's public key It is possible to receive or identify a public key (a corresponding CA certificate in the case of a certificate containing a key, or a public key matching the corresponding ID in the case of an ID of a public key indicating a public key to be signed and verified) from the USIM.

According to one embodiment, if the System Information includes a signature, but the USIM of the terminal does not have a public key storage function to be used for signature verification, the ME stores information about the public key included in the System Information and the corresponding public key. can be identified in the ME's memory.

According to one embodiment, when the terminal identifies the public key within the memory of the USIM or ME, the signature included in System Information can be verified. According to one embodiment, if verification is successful, the terminal may proceed to step 404. According to one embodiment, if verification fails, the terminal may identify that an attacker base station (eg, a fake base station) exists. According to one embodiment, if verification fails, the terminal may find another cell and attempt to attach. According to one embodiment, when the terminal determines that the base station that transmitted system information to the terminal is an attacker base station, the terminal stops the connection procedure (e.g., cell connection procedure) with the base station that transmitted the system information, and stops the connection procedure (e.g., cell connection procedure) with the base station that transmitted system information to the terminal. base station) can be searched. If the terminal determines that the base station that transmitted system information to the terminal is a real base station, it can continue the connection procedure with the base station that transmitted the system information.

According to one embodiment, if the terminal does not find the public key in the memory of the USIM or ME, it may proceed to step 404.

In step 404, the terminal and the base station may perform RRC connection setup. An initial connection process may be performed to establish an RRC connection between the terminal and the base station.

According to various embodiments of the present disclosure, through steps 401 to 403 of FIG. 4, the terminal may verify or fail to verify the signature of the base station, and for further verification process accordingly, the terminal may verify the signature of the base station through steps 401 to 403 of FIG. Some of the steps or some of the steps in Figure 4 may be performed.

In step 405, the terminal may transmit a registration request message to the AMF through the base station. According to one embodiment, the registration request message transmitted by the terminal may include information about encryption and integrity protection algorithms supported by the terminal. According to one embodiment, the registration request message transmitted by the terminal may include at least one of a list of public keys to be used for signature verification that the terminal currently possesses. According to one embodiment, the registration request message transmitted by the terminal includes an indicator indicating such information or a signature that the terminal currently has if there is no public key to verify the value signed by the base station to which the terminal needs to connect. It may contain at least one of the list of public keys to be used for verification. The list of public keys may include, for example, the public key itself, or it may include information representing the public key (e.g., PLMNID+PKID). According to one embodiment, if an attacker base station (e.g., a fake base station) exists, the fake base station may receive a registration request message transmitted by the terminal, modify information included in the message, and transmit it to the AMF.

In step 406, the terminal and the network (eg, including a base station or core network objects) may perform mutual authentication.

In step 407, the AMF may not modify the indicator or public key list included in the message received from the terminal. AMF can transmit a NAS Security Mode Command message containing a list of indicators or public keys received from the terminal. AMF can identify encryption and integrity protection algorithms related to transmission and reception of NAS messages to and from the terminal. AMF can identify encryption and integrity protection algorithms related to sending and receiving NAS messages based on information about encryption and integrity protection algorithms supported by the terminal received from the terminal. AMF can generate encryption keys and integrity protection keys for NAS based on the identified algorithm and K_amf, etc. Using the generated integrity protection key for the NAS, AMF can transmit the NAS Security Mode Command message with integrity protection. The NAS Security Mode Command message may be the first integrity-protected message among NAS messages. According to one embodiment, an integrity-protected message may not be arbitrarily modified by other objects (eg, an attacker base station) until it is received by the terminal. The NAS message may include at least one of an encryption algorithm or an integrity protection algorithm selected by the AMF. According to one embodiment, the AMF may identify the received public key list and transmit an additional public key list if the terminal needs to update the public key list. The public key list additionally transmitted by the AMF may include at least one of a public key for the base station on which the terminal is currently camping, a public key for other base stations in the HPLMN, or a public key for base stations in the VPLMN.

In step 408, when the terminal receives the public key(s) from the AMF, the terminal may store the received public key in the NVM of the USIM or ME. According to one embodiment, the terminal may compare the indicator or public key list included in the integrity-protected message received from the AMF with the indicator or public key list transmitted by the terminal to the AMF in step 405. If, as a result of the comparison, it is identified that the indicator or public key list transmitted by the terminal is different from the indicator or public key list received by the terminal, the terminal can identify that a MitM (Man in the Middle) attack occurred in the middle of transmission and reception with the core network. You can. According to one embodiment, if it is determined that the indicator or public key list transmitted by the terminal is different from the indicator or public key list received by the terminal, the terminal may identify that an attacker base station (eg, a fake base station) exists. According to one embodiment, if it is identified that the indicator or public key list transmitted by the terminal is different from the indicator or public key list received by the terminal, the terminal may find another cell and attempt to attach.

In step 409, the terminal may transmit to the AMF a NAS Security Mode Complete message containing a list of public keys for signature verification owned by the terminal. The terminal may generate an encryption key and an integrity protection key for the NAS based on the encryption algorithm and integrity protection algorithm received from the AMF in step 407. The terminal can encrypt and transmit subsequent NAS messages, including the NAS Security Mode Complete message, based on the generated keys with encryption and integrity protection.

At step 410, AMF may forward the received public key list along with SUPI to UDM.

In step 411, if the UDM that has received the public key list owned by the UE identifies that an update is necessary based on the received public key list, performs a UE parameters update (UPU) or steering of roaming (SoR) process. Thus, it is possible to decide whether to update the public key for signature verification in the terminal.

At step 412, the UDM determines, based on the public key list received at step 410, that an update to the public key list is needed (e.g., a new public key has been added for a newly deployed base station in the HPLMN). Or, due to a new contractual relationship with another business operator, public key information to be used in the network of that business operator has been added, or a specific public key is no longer needed due to reasons such as revocation of a public key owned by the terminal, etc.) The public key list can be updated to the terminal through the UPU/SoR process. According to one embodiment, the update process of the terminal through the UPU/SoR process may be performed by at least one of the terminal, the base station, or network objects. According to one embodiment, the process of updating the list of public keys (including at least one of the public key of the base station, the public key of other base stations of HPLMN, or the public keys of base stations of VPLMNs) in the terminal is performed by using a UPU process to update the public key. This may include updating the terminal or public key information related to the VPLMN using the SoR process.

In step 413, the terminal that has received the public key update information for signature verification through the UPU/SoR process is based on the public key required for signature verification of the base station and an indicator indicating the public key (including the case in the PLMNID+PKID format). Thus, the public key information can be updated in the NVM of USIM or ME, and the updated content can be saved.

According to various embodiments of the present disclosure, some of the steps shown in FIG. 4 may be performed again based on the terminal's updated public key or public key list.

Figure 5 shows a specific operation flow of a terminal for receiving a public key to verify a base station according to embodiments of the present disclosure. According to various embodiments of the present disclosure, a terminal may be comprised of a mobile equipment (ME) and a universal mobile telecommunications service (UMTS) subscriber identity module (USIM). ME may include a mobile terminal (MT) and terminal equipment (TE). MT may be the part where the wireless access protocol operates, and TE may be the part where the control function operates. For example, in the case of a wireless communication terminal (e.g., a mobile phone), the MT and TE may be integrated, and in the case of a laptop, the MT and TE may be separated. In the present disclosure, the ME and the USIM can be expressed as distinct entities depending on the operation of each component, but are not limited to this, and the present disclosure can express the ME and the USIM as a terminal (e.g., UE), or the ME can be expressed as a terminal. Of course, various embodiments can be described.

Referring to FIG. 5, in step 510, the terminal may receive System Information from the base station. Although not shown in FIG. 6, the terminal may perform an initial connection (e.g., initial attach) operation with the base station. According to one embodiment, the terminal may receive System Information including the signature of the base station that the base station broadcasts. If the System Information transmitted by the base station includes a signature, the System Information contains a PK indicator indicating the public key against which the signature will be verified (e.g., a certificate containing the base station's public key or a public key indicating the public key against which the signature will be verified). ID of the key). According to one embodiment, the base station may use values such as PCI (physical cell ID) and Timestamp as additional inputs to create a signature. Additionally, System Information transmitted by the base station may include at least one of a PLMN ID or Cell ID related to the base station.

According to one embodiment, a terminal that has received System Information including PCI from a base station can verify the signature of the base station that transmitted the System Information based on the PCI value of the real base station that requires connection. Alternatively, the terminal can identify whether the received System Information is transmitted by a base station requiring a connection or is System Information recycled by a fake base station based on information about the received timestamp.

In step 520, the terminal can identify whether the public key corresponding to the public key of the base station is stored.

According to one embodiment, if the System Information includes a signature and the USIM of the terminal supports a public key storage function to be used for signature verification, the ME responds to the information about the public key included in the System Information (the base station's public key It is possible to receive or identify a public key (a corresponding CA certificate in the case of a certificate containing a key, or a public key matching the corresponding ID in the case of an ID of a public key indicating a public key to be signed and verified) from the USIM.

According to one embodiment, if the System Information includes a signature, but the USIM of the terminal does not have a public key storage function to be used for signature verification, the ME stores information about the public key included in the System Information and the corresponding public key. can be identified in the ME's memory.

According to one embodiment, when the terminal identifies that a public key corresponding to the public key of the base station is stored, the terminal may proceed to step 530.

According to one embodiment, when the terminal identifies that the public key corresponding to the public key of the base station is not stored, the terminal may proceed to step 540.

Although not shown in FIG. 5, according to one embodiment, if the System Information received by the terminal does not include a signature, the terminal may proceed to step 540 without performing additional operations.

In step 530, the terminal can verify the signature of the base station based on the received System Information. According to one embodiment, the terminal can verify the signature. More specifically, according to one embodiment, the terminal can verify System Information signed by the base station based on the private key based on the public key of the base station that the terminal knows. According to one embodiment, an asymmetric key method is used, so the public key and private key may be different. According to one embodiment, the terminal may identify that verification has been completed based on the public key corresponding to the private key that the base station based on for signing.

According to one embodiment, when the terminal identifies the public key within the memory of the USIM or ME, the signature included in System Information can be verified. According to one embodiment, if verification is successful, the terminal may proceed to step 540. According to one embodiment, if verification fails, the terminal may identify that an attacker base station (eg, a fake base station) exists. According to one embodiment, if verification fails, the terminal may proceed to step 570. According to one embodiment, if verification fails, the terminal may search for another cell and attempt to attach.

According to various embodiments of the present disclosure, although not shown in FIG. 5, the terminal may perform an initial access process to establish an RRC connection with the base station.

In step 540, the terminal may transmit a registration request message to the AMF.

According to one embodiment, the registration request message transmitted by the terminal may include information about encryption and integrity protection algorithms supported by the terminal. According to one embodiment, the registration request message transmitted by the terminal may include at least one of a list of public keys to be used for signature verification that the terminal currently possesses. According to one embodiment, the registration request message transmitted by the terminal is, if there is no public key to verify the value signed by the base station to which the terminal needs to connect, an indicator indicating such information or an indicator that the terminal currently possesses. It may contain at least one of the list of public keys to be used for signature verification. The list of public keys may include, for example, the public key itself, or it may include information representing the public key (e.g., PLMNID+PKID). According to one embodiment, if an attacker base station (e.g., a fake base station) exists, the fake base station may receive a registration request message transmitted by the terminal, modify information included in the message, and transmit it to the AMF.

According to various embodiments of the present disclosure, although not shown in FIG. 5, a terminal may perform a mutual authentication process with a network (eg, including a base station or core network objects).

In step 550, the terminal may receive a NAS Security Mode Command message from AMF. According to one embodiment, the terminal may receive a non-access stratum (NAS) Security Mode Command message from the AMF including a list of indicators or public keys sent to the AMF. AMF can identify encryption and integrity protection algorithms related to transmission and reception of NAS messages to and from the terminal. AMF can identify encryption and integrity protection algorithms related to sending and receiving NAS messages based on information about encryption and integrity protection algorithms supported by the terminal received from the terminal. AMF can generate encryption keys or integrity protection keys for NAS based on identified algorithms and K_amf, etc. Using the generated integrity protection key for the NAS, AMF can transmit the NAS Security Mode Command message with integrity protection. The NAS Security Mode Command message may be the first integrity-protected message among NAS messages. According to one embodiment, an integrity-protected message may not be arbitrarily modified by other objects (eg, an attacker base station) until it is received by the terminal. The NAS message may include at least one of an encryption algorithm or an integrity protection algorithm selected by the AMF.

According to one embodiment, the AMF identifies the received public key list and, if the terminal needs to update the public key list, may additionally transmit the public key list to the terminal. The public key list additionally transmitted by the AMF may include at least one of a public key for the base station on which the terminal is currently camping, a public key for other base stations in the HPLMN, or a public key for base stations in the VPLMN.

In step 560, the terminal can verify the signature of the base station based on comparison of the received NAS Security Mode Command message and the registration request message. According to one embodiment, the terminal may identify that an attacker base station (e.g., a fake base station) exists based on comparison of the received NAS Security Mode Command message and the registration request message. According to one embodiment, when the terminal receives the public key(s) from the AMF, the terminal may store the received public key in the NVM of the USIM or ME.

According to one embodiment, the terminal may compare the indicator or public key list included in the integrity-protected message received from the AMF with the indicator or public key list transmitted by the terminal to the AMF in step 540. If, as a result of the comparison, it is identified that the indicator or public key list transmitted by the terminal is different from the indicator or public key list received by the terminal, the terminal can identify that a MitM (man in the middle) attack occurred in the middle of transmission and reception with the core network. You can. According to one embodiment, if it is determined that the indicator or public key list transmitted by the terminal is different from the indicator or public key list received by the terminal, the terminal may identify that an attacker base station (eg, a fake base station) exists. According to one embodiment, if it is determined that the indicator or public key list transmitted by the terminal is different from the indicator or public key list received by the terminal, the terminal may proceed to step 570. According to one embodiment, if it is identified that the indicator or public key list transmitted by the terminal is different from the indicator or public key list received by the terminal, the terminal may find another cell and attempt to attach.

According to various embodiments of the present disclosure, although not shown in FIG. 5, the terminal may further perform a series of processes to update the public key list. According to various embodiments of the present disclosure, the terminal may further perform all, some, or a combination of some of the operations described below.

According to one embodiment, if the information received in step 550 is the same as the information transmitted by the terminal in step 540, the terminal may inform the AMF that there is no tampering in the message by sending a NAS Security Mode Complete message. there is. According to one embodiment, the terminal may generate an encryption key and an integrity protection key for the NAS based on the encryption algorithm and integrity protection algorithm received from the AMF in step 550. The terminal can encrypt and transmit subsequent NAS messages, including the NAS Security Mode Complete message, based on the generated keys with encryption and integrity protection.

Although not shown in FIG. 5, according to one embodiment, the base station may update the public key to the terminal in an integrity-protected access stratum (AS) Security Mode Command message using public key information received from the AMF. According to one embodiment, the terminal may receive a message containing an updated public key from the base station. According to one embodiment, the message received by the terminal may include at least one of a public key for the base station that received public key information from the AMF, a public key for other base stations in the HPLMN, or a public key for base stations in VPLMNs. .

According to one embodiment, if the public key(s) are included in the AS Security Mode Command message received by the terminal from the base station, the terminal stores the public key(s) in the USIM or ME's NVM ( It can be stored in non-volatile memory. According to one embodiment, the AS Security Mode Command may be the first integrity-protected message among AS messages.

According to one embodiment, the terminal may transmit an AS Security Mode Command message to the base station. According to one embodiment, the AS Security Mode Complete message may be the first AS message to be encrypted and integrity protected. According to one embodiment, an integrity-protected message may not be arbitrarily modified by other objects (eg, an attacker base station) until it is received by the terminal.

According to one embodiment, the UDM determines, based on the public key list received from the AMF, that an update to the public key list is necessary (e.g., a new public key has been added for a newly deployed base station in the HPLMN or another operator (Including cases where public key information to be used in the network of the relevant business operator has been added due to a new contractual relationship with the terminal or a specific public key is no longer needed due to reasons such as revocation of the public key owned by the terminal, etc.), UPU/SoR Through this process, the public key list can be updated on the terminal. According to one embodiment, the process of updating the list of public keys (including at least one of the public key of the base station, the public key of other base stations of HPLMN, or the public keys of base stations of VPLMNs) in the terminal is performed by using a UPU process to update the public key. This may include updating the terminal or public key information related to the VPLMN using the SoR process.

According to one embodiment, the terminal that has received the public key update information for signature verification through the UPU/SoR process is based on the public key required for signature verification of the base station and an indicator indicating the public key (including the case in the PLMNID+PKID format). Thus, the public key information can be updated in the NVM of USIM or ME, and the updated content can be saved.

In step 570, the terminal can find another cell and attempt to attach.

According to one embodiment, some of the steps shown in FIG. 5 may be performed again based on the terminal's updated public key or public key list.

According to various embodiments of the present disclosure, operations of the terminal may not be limited to the operations described in FIG. 5. According to one embodiment, the terminal may perform all, some, or a combination of some of the operations in FIG. 5. According to one embodiment, the terminal may perform all, some, or a combination of some of the operations of FIGS. 3 to 5.

Figure 6 illustrates the operational flow of a terminal for receiving a public key to verify a base station according to embodiments of the present disclosure. According to various embodiments of the present disclosure, a terminal may be comprised of a mobile equipment (ME) and a universal mobile telecommunications service (UMTS) subscriber identity module (USIM). ME may include a mobile terminal (MT) and terminal equipment (TE). MT may be the part where the wireless access protocol operates, and TE may be the part where the control function operates. For example, in the case of a wireless communication terminal (e.g., a mobile phone), the MT and TE may be integrated, and in the case of a laptop, the MT and TE may be separated. In the present disclosure, the ME and the USIM can be expressed as distinct entities depending on the operation of each component, but are not limited to this, and the present disclosure can express the ME and the USIM as a terminal (e.g., UE), or the ME can be expressed as a terminal. Of course, various embodiments can be described.

Referring to FIG. 6, in step 610, the terminal may receive System Information from the base station. Although not shown in FIG. 6, the terminal may perform an initial connection (e.g., initial attach) operation with the base station. According to one embodiment, the terminal may receive System Information including the signature of the base station that the base station broadcasts. If the System Information transmitted by the base station includes a signature, the System Information contains a PK indicator indicating the public key against which the signature will be verified (e.g., a certificate containing the base station's public key or a public key indicating the public key against which the signature will be verified). ID of the key). According to one embodiment, the base station may use values such as PCI (physical cell ID) and Timestamp as additional inputs to create a signature. Additionally, System Information transmitted by the base station may include at least one of a PLMN ID or Cell ID related to the base station.

According to one embodiment, a terminal that has received System Information including PCI from a base station can verify the signature of the base station that transmitted the System Information based on the PCI value of the real base station that requires connection. Alternatively, the terminal can identify whether the received System Information is transmitted by a base station requiring a connection or is System Information recycled by a fake base station based on information about the received timestamp.

In step 620, the terminal may perform signature verification based on System Information. More specifically, the terminal can perform operations based on the received System Information.

According to one embodiment, the terminal can verify the signature. More specifically, according to one embodiment, the terminal can verify System Information signed by the base station based on the private key based on the public key of the base station that the terminal knows. According to one embodiment, an asymmetric key method is used, so the public key and private key may be different. According to one embodiment, the terminal may identify that verification has been completed based on the public key corresponding to the private key that the base station based on for signing.

According to one embodiment, if the System Information received by the terminal does not include a signature, the terminal can proceed to the next step without performing additional operations.

According to one embodiment, if the System Information includes a signature and the USIM of the terminal supports a public key storage function to be used for signature verification, the ME responds to the information about the public key included in the System Information (the base station's public key It is possible to receive or identify a public key (a corresponding CA certificate in the case of a certificate containing a key, or a public key matching the corresponding ID in the case of an ID of a public key indicating a public key to be signed and verified) from the USIM.

According to one embodiment, if the System Information includes a signature, but the USIM of the terminal does not have a public key storage function to be used for signature verification, the ME stores information about the public key included in the System Information and the corresponding public key. can be identified in the ME's memory.

According to one embodiment, when the terminal identifies the public key within the memory of the USIM or ME, the signature included in System Information can be verified. According to one embodiment, if verification is successful, the terminal may proceed to the next step. According to one embodiment, if verification fails, the terminal may identify that an attacker base station (eg, a fake base station) exists. According to one embodiment, if verification fails, the terminal may search for another cell and attempt to attach. According to one embodiment, when the terminal determines that the base station that transmitted system information to the terminal is an attacker base station, the terminal stops the connection procedure (e.g., cell connection procedure) with the base station that transmitted the system information, and stops the connection procedure (e.g., cell connection procedure) with the base station that transmitted system information to the terminal. base station) can be searched. If the terminal determines that the base station that transmitted system information to the terminal is a real base station, it can continue the connection procedure with the base station that transmitted the system information.

According to one embodiment, if the terminal does not find the public key in the memory of the USIM or ME, it can proceed to the next step.

According to various embodiments of the present disclosure, although not shown in FIG. 6, the terminal may perform an initial access process to establish an RRC connection with the base station.

In step 630, the terminal may transmit a registration request message to the AMF.

According to one embodiment, the registration request message transmitted by the terminal may include information about encryption and integrity protection algorithms supported by the terminal. According to one embodiment, the registration request message transmitted by the terminal may include at least one of a list of public keys to be used for signature verification that the terminal currently possesses. According to one embodiment, the registration request message transmitted by the terminal is, if there is no public key to verify the value signed by the base station to which the terminal needs to connect, an indicator indicating such information or an indicator that the terminal currently possesses. It may contain at least one of the list of public keys to be used for signature verification. The list of public keys may include, for example, the public key itself, or it may include information representing the public key (e.g., PLMNID+PKID). According to one embodiment, if an attacker base station (e.g., a fake base station) exists, the fake base station may receive a registration request message transmitted by the terminal, modify information included in the message, and transmit it to the AMF.

According to various embodiments of the present disclosure, although not shown in FIG. 6, a terminal may perform a mutual authentication process with a network (eg, including a base station or core network objects).

In step 640, the terminal may receive a NAS Security Mode Command message from AMF. According to one embodiment, the terminal may receive a non-access stratum (NAS) Security Mode Command message from the AMF including a list of indicators or public keys sent to the AMF. AMF can identify encryption and integrity protection algorithms related to transmission and reception of NAS messages to and from the terminal. AMF can identify encryption and integrity protection algorithms related to sending and receiving NAS messages based on information about encryption and integrity protection algorithms supported by the terminal received from the terminal. AMF can generate encryption keys or integrity protection keys for NAS based on identified algorithms and K_amf, etc. Using the generated integrity protection key for the NAS, AMF can transmit the NAS Security Mode Command message with integrity protection. The NAS Security Mode Command message may be the first integrity-protected message among NAS messages. According to one embodiment, an integrity-protected message may not be arbitrarily modified by other objects (eg, an attacker base station) until it is received by the terminal. The NAS message may include at least one of an encryption algorithm or an integrity protection algorithm selected by the AMF.

According to one embodiment, the AMF identifies the received public key list and, if the terminal needs to update the public key list, may additionally transmit the public key list to the terminal. The public key list additionally transmitted by the AMF may include at least one of a public key for the base station on which the terminal is currently camping, a public key for other base stations in the HPLMN, or a public key for base stations in the VPLMN.

In step 650, the terminal can verify the signature of the base station based on comparison of the received NAS Security Mode Command message and the registration request message. According to one embodiment, the terminal may identify that an attacker base station (e.g., a fake base station) exists based on comparison of the received NAS Security Mode Command message and the registration request message. According to one embodiment, when the terminal receives the public key(s) from the AMF, the terminal may store the received public key in the NVM of the USIM or ME.

According to one embodiment, the terminal may compare the indicator or public key list included in the integrity-protected message received from the AMF with the indicator or public key list transmitted by the terminal to the AMF in step 630. If, as a result of the comparison, it is identified that the indicator or public key list transmitted by the terminal is different from the indicator or public key list received by the terminal, the terminal can identify that a MitM (man in the middle) attack occurred in the middle of transmission and reception with the core network. You can. According to one embodiment, if it is determined that the indicator or public key list transmitted by the terminal is different from the indicator or public key list received by the terminal, the terminal may identify that an attacker base station (eg, a fake base station) exists. According to one embodiment, if it is identified that the indicator or public key list transmitted by the terminal is different from the indicator or public key list received by the terminal, the terminal may find another cell and attempt to attach.

According to various embodiments of the present disclosure, although not shown in FIG. 6, the terminal may further perform a series of processes to update the public key list. According to various embodiments of the present disclosure, the terminal may further perform all, some, or a combination of some of the operations described below.

According to one embodiment, if the information received in step 640 is the same as the information transmitted by the terminal in step 630, the terminal may inform the AMF that there is no tampering in the message by sending a NAS Security Mode Complete message. there is. According to one embodiment, the terminal may generate an encryption key and an integrity protection key for the NAS based on the encryption algorithm and integrity protection algorithm received from the AMF in step 640. The terminal can encrypt and transmit subsequent NAS messages, including the NAS Security Mode Complete message, based on the generated keys with encryption and integrity protection.

According to one embodiment, the base station may update the public key to the terminal in an integrity-protected access stratum (AS) Security Mode Command message using public key information received from the AMF. According to one embodiment, the terminal may receive a message containing an updated public key from the base station. According to one embodiment, the message received by the terminal may include at least one of a public key for the base station that received public key information from the AMF, a public key for other base stations in the HPLMN, or a public key for base stations in VPLMNs. .

According to one embodiment, if the public key(s) are included in the AS Security Mode Command message received by the terminal from the base station, the terminal stores the public key(s) in the USIM or ME's NVM ( It can be stored in non-volatile memory. According to one embodiment, the AS Security Mode Command may be the first integrity-protected message among AS messages.

According to one embodiment, the terminal may transmit an AS Security Mode Command message to the base station. According to one embodiment, the AS Security Mode Complete message may be the first AS message to be encrypted and integrity protected. According to one embodiment, an integrity-protected message may not be arbitrarily modified by other objects (eg, an attacker base station) until it is received by the terminal.

According to one embodiment, the UDM determines, based on the public key list received from the AMF, that an update to the public key list is necessary (e.g., a new public key has been added for a newly deployed base station in the HPLMN or another operator (Including cases where public key information to be used in the network of the relevant business operator has been added due to a new contractual relationship with the terminal or a specific public key is no longer needed due to reasons such as revocation of the public key owned by the terminal, etc.), UPU/SoR Through this process, the public key list can be updated on the terminal. According to one embodiment, the process of updating the list of public keys (including at least one of the public key of the base station, the public key of other base stations of HPLMN, or the public keys of base stations of VPLMNs) in the terminal is performed by using a UPU process to update the public key. This may include updating the terminal or public key information related to the VPLMN using the SoR process.

According to one embodiment, the terminal that has received the public key update information for signature verification through the UPU/SoR process is based on the public key required for signature verification of the base station and an indicator indicating the public key (including the case in the PLMNID+PKID format). Thus, the public key information can be updated in the NVM of USIM or ME, and the updated content can be saved.

According to various embodiments of the present disclosure, some of the steps shown in FIG. 6 may be performed again based on the terminal's updated public key or public key list.

According to various embodiments of the present disclosure, operations of the terminal may not be limited to the operations described in FIG. 6. According to one embodiment, the terminal may perform all, some, or a combination of some of the operations in FIG. 6. According to one embodiment, the terminal may perform all, some, or a combination of some of the operations of FIGS. 3 to 6.

Figure 7 shows the operation flow of AMF for providing a public key to verify a base station to a terminal according to embodiments of the present disclosure.

Referring to FIG. 7, in step 710, the AMF may receive a registration request message from the terminal. According to one embodiment, the AMF may receive a registration request message from the terminal through the base station. According to one embodiment, the registration request message transmitted by the terminal may include information about encryption and integrity protection algorithms supported by the terminal. According to one embodiment, the registration request message received from the terminal may include at least one of a list of public keys to be used for signature verification that the terminal currently has. According to one embodiment, the registration request message received from the terminal, if there is no public key to verify the value signed by the base station to which the terminal needs to connect, an indicator indicating such information or an indicator that the terminal currently has. It may contain at least one of the list of public keys to be used for signature verification. The list of public keys may include, for example, the public key itself, or it may include information representing the public key (e.g., PLMNID+PKID). According to one embodiment, if an attacker base station (e.g., a fake base station) exists, the fake base station may receive a registration request message transmitted by the terminal, modify information included in the message, and transmit it to the AMF.

According to various embodiments of the present disclosure, although not shown in FIG. 7, the AMF may perform a mutual authentication process with a terminal or a network (eg, including a base station or core network objects).

In step 720, the AMF may identify an encryption or integrity protection algorithm based on the registration request message received from the terminal.

According to one embodiment, the AMF may identify encryption and integrity protection algorithms related to transmission and reception of NAS messages performed with the terminal. AMF can identify encryption and integrity protection algorithms related to sending and receiving NAS messages based on information about encryption and integrity protection algorithms supported by the terminal received from the terminal. According to one embodiment, AMF may generate an encryption key or integrity protection key for the NAS based on the identified algorithm, K_amf, etc. Using the generated integrity protection key for the NAS, AMF can transmit the NAS Security Mode Command message to the terminal with integrity protection.

In step 730, the AMF may transmit a NAS Security Mode Command message to the terminal based on the identified encryption or integrity protection algorithm.

According to one embodiment, AMF may not modify the indicator or public key list included in the message received from the terminal. AMF may transmit to the terminal a NAS (non-access stratum) Security Mode Command message containing a list of indicators or public keys received from the terminal.

According to one embodiment, the AMF may transmit the NAS Security Mode Command message to the terminal with integrity protection using the integrity protection key for the NAS generated in step 720. The NAS Security Mode Command message may be the first integrity-protected message among NAS messages. According to one embodiment, an integrity-protected message may not be arbitrarily modified by other objects (eg, an attacker base station) until it is received by the terminal. The NAS message may include at least one of an encryption algorithm or an integrity protection algorithm selected by the AMF.

According to one embodiment, the AMF may identify the received public key list and transmit an additional public key list if the terminal needs to update the public key list. The public key list additionally transmitted by the AMF may include at least one of a public key for the base station on which the terminal is currently camping, a public key for other base stations in the HPLMN, or a public key for base stations in the VPLMN.

At step 740, AMF may receive a NAS Security Mode Complete message.

According to one embodiment, the AMF may receive a NAS Security Mode Complete message from the terminal including a list of public keys for signature verification owned by the terminal.

According to one embodiment, if the information received from the AMF is the same as the information transmitted by the terminal to the AMF, the terminal may inform the AMF that there is no tampering in the message by transmitting a NAS Security Mode Complete message.

According to one embodiment, the terminal may generate an encryption key and an integrity protection key for the NAS based on an encryption algorithm and an integrity protection algorithm received from the AMF. AMF can receive subsequent NAS messages, including the NAS Security Mode Complete message, based on encryption and integrity protection, based on keys generated by the terminal.

According to various embodiments of the present disclosure, although not shown in FIG. 7, the AMF may further perform a series of operations related to UE and AS signaling. According to one embodiment, when the AMF receives NAS Security Mode Complete from the terminal, the AMF can confirm that the information received from the terminal has not been tampered with. According to one embodiment, the AMF may identify information on a public key to be used for signature verification currently owned by the terminal based on information received from the terminal. According to one embodiment, if there is information that needs to be updated among the public keys owned by the terminal, the AMF may transmit this to the base station. According to one embodiment, cases in which an update is necessary may include cases where some of the public keys owned by the terminal have been revoked or the public key of a specific PLMN has been added/removed due to a new contractual relationship.

In step 750, the AMF may transmit the terminal's public key list to the UDM based on the NAS Security Mode Complete message received from the terminal. According to one embodiment, the AMF (e.g., the public key list received from the terminal and the public key list information transmitted by the AMF to the base station are combined to determine which public key(s) the terminal currently has). (may know the key list) can transmit SUPI (subscription permanent identifier), which is an identifier representing the terminal, and a list of public keys held by the terminal to the UDM.

According to various embodiments of the present disclosure, operations of the AMF may not be limited to the operations described in FIG. 7. According to one embodiment, the terminal may perform all, some, or a combination of some of the operations in FIG. 7. According to one embodiment, the terminal may perform all, some, or a combination of some of the operations of FIGS. 3 to 7.

It should be noted that the configuration diagrams, illustrative diagrams of control/data signal transmission and reception methods, and illustrative operation procedure diagrams illustrated in FIGS. 1A to 7 are not intended to limit the scope of the embodiments of the present disclosure. That is, all components, entities, or operational steps depicted in FIGS. 1A to 7 should not be construed as being essential elements for carrying out the disclosure, and the inclusion of only some elements does not impair the essence of the disclosure. It can be implemented in .

According to various embodiments of the present disclosure, in a method performed by a terminal in a wireless communication system, the method includes system information including information related to the public key of the base station and signature information of the base station from a base station ( system information), determining whether a public key corresponding to information related to the public key of the base station is stored in the terminal, if a public key corresponding to information related to the public key of the base station is stored , verifying the signature of the base station, and performing a connection procedure with the base station based on the verification result or searching for another base station.

According to one embodiment, the method further includes establishing a radio resource control (RRC) connection with the base station without performing the verification when the signature information of the base station is not included in the system information. How to.

According to one embodiment, when the public key corresponding to the information related to the public key of the base station is not stored, the method provides information about the list of public keys held by the terminal to an access and mobility management function (AMF). Transmitting a registration request message including an indicator indicating that the information or the public key corresponding to the information related to the public key of the base station is not stored, and public keys held by the terminal included in the registration request message. Based on the list, it may further include receiving a non-access stratum (NAS) command message with encryption and integrity protection from the AMF.

According to one embodiment, the method includes comparing information included in the registration request message and information included in the NAS command message, and based on the comparison result, a cell of a base station different from the base station. It may further include a search step.

According to one embodiment, the NAS command message includes information about a list of public keys that need to be updated to the terminal.

According to one embodiment, the method includes receiving an access stratum (AS) command message from the base station including a list of public keys to be updated to the terminal, and storing the list of public keys to be updated to the terminal. It may further include the step of transmitting an AS complete message to the base station based on a result of storing the list of public keys.

According to one embodiment, the method includes a list of public keys to be updated from a unified data manager (UDM) based on the registration request message and a user equipment (UE) parameters update (UPU)/steering of roaming (SoR) process. It may further include receiving information about.

According to various embodiments of the present disclosure, in a method performed by an access and mobility management function (AMF) in a wireless communication system, the method includes information about a list of public keys held by the terminal from a terminal, or Receiving a registration request message including an indicator indicating that a public key corresponding to information related to the public key of the base station is not stored, performing a cipher and integrity protection algorithm based on the registration request message. It may include identifying and transmitting a non-access stratum (NAS) command message to the terminal based on the registration request message and the identified encryption and integrity algorithm.

According to one embodiment, the method includes sending a list of public keys to be updated to the terminal, and receiving a NAS complete message from the terminal indicating that there is no tampering with the NAS command message. More may be included.

According to one embodiment, the method may further include a method of transmitting a message containing information about a list of public keys held by the terminal to a unified data manager (UDM) based on the NAS completion message, The message sent to the UDM may include information about a subscription permanent identifier (SUPI) necessary to identify the terminal.

According to various embodiments of the present disclosure, in a wireless communication system, a terminal includes at least one transceiver; and at least one processor functionally coupled to the at least one transceiver, wherein the at least one processor includes information related to the public key of the base station and signature information of the base station from a base station. Receiving information (system information), determining whether a public key corresponding to information related to the public key of the base station is stored in the terminal, and if a public key corresponding to information related to the public key of the base station is stored , verifying the signature of the base station, and performing a connection procedure with the base station or searching for another base station based on the verification result.

According to one embodiment, the at least one processor is further configured to establish a radio resource control (RRC) connection with the base station without performing the verification when the signature information of the base station is not included in the system information. It can be configured.

According to one embodiment, when the public key corresponding to the information related to the public key of the base station is not stored, the at least one processor sends an access and mobility management function (AMF) to the public key of the terminal. Transmitting a registration request message including an indicator indicating that a public key corresponding to information related to the list or information related to the public key of the base station is not stored, and a public key held by the terminal included in the registration request message. Based on the list of keys, it may be further configured to receive a non-access stratum (NAS) command message with encryption and integrity protection from the AMF.

According to one embodiment, the at least one processor compares information included in the registration request message with information included in the NAS command message, and based on the comparison result, stores a cell of a base station different from the base station ( It can be further configured to search (cell).

According to one embodiment, the NAS command message may include information about a list of public keys that need to be updated to the terminal.

According to one embodiment, the at least one processor receives an access stratum (AS) command message from the base station, including a list of public keys to be updated to the terminal, and a list of public keys to be updated to the terminal. and may be further configured to transmit, to the base station, an AS complete message based on a result of storing the list of public keys.

According to one embodiment, information about a list of public keys to be updated from a unified data manager (UDM) based on the registration request message and a user equipment (UE) parameters update (UPU)/steering of roaming (SoR) process is provided. It may be further configured to receive.

According to various embodiments of the present disclosure, in a wireless communication system, an access and mobility management function (AMF) includes at least one transceiver and at least one processor functionally coupled to the at least one transceiver. (processor), wherein the at least one processor sends an indicator indicating that the public key corresponding to the information related to the public key of the base station or the information related to the list of public keys held by the terminal is not stored. Receive a registration request message including, identify a cipher and integrity protection algorithm based on the registration request message, and send the terminal to the terminal based on the registration request message and the identified encryption and integrity algorithm. Can be configured to send non-access stratum (NAS) command messages.

According to one embodiment, the at least one processor transmits to the terminal a list of public keys that need to be updated, and receives a NAS complete message from the terminal indicating that there is no tampering with the NAS command message. It can be configured further.

According to one embodiment, the at least one processor may be further configured to transmit a message containing information about a list of public keys held by the terminal to a unified data manager (UDM) based on the NAS complete message. , the message transmitted to the UDM may include information about SUPI (subscription permanent identifier) necessary to identify the terminal.

The operations of the above-described embodiments can be realized by providing a memory device storing the corresponding program code in any component part of the device. That is, the control unit in the device can execute the operations described above by reading and executing the program code stored in the memory device by a processor or CPU (Central Processing Unit).

The various components, modules, etc. of the entity or terminal device described in the present disclosure include hardware circuits, such as complementary metal oxide semiconductor-based logic circuits, firmware, and , may be operated using software and/or hardware circuitry, such as a combination of hardware and firmware and/or software embedded in a machine-readable medium. As an example, various electrical structures and methods may be implemented using electrical circuits such as transistors, logic gates, and application-specific semiconductors.

Methods according to embodiments described in the claims or specification of the present disclosure may be implemented in the form of hardware, software, or a combination of hardware and software.

When implemented as software, a computer-readable storage medium that stores one or more programs (software modules) may be provided. One or more programs stored in a computer-readable storage medium are configured to be executable by one or more processors in an electronic device (configured for execution). One or more programs include instructions that cause the electronic device to execute methods according to embodiments described in the claims or specification of the present disclosure.

These programs (software modules, software) may include random access memory, non-volatile memory, including flash memory, read only memory (ROM), and electrically erasable programmable ROM. (electrically erasable programmable read only memory, EEPROM), magnetic disc storage device, compact disc-ROM (CD-ROM), digital versatile discs (DVDs), or other types of disk storage. It can be stored in an optical storage device or magnetic cassette. Alternatively, it may be stored in a memory consisting of a combination of some or all of these. Additionally, multiple configuration memories may be included.

In addition, the program may be distributed through a communication network such as the Internet, an intranet, a local area network (LAN), a wide area network (WAN), or a storage area network (SAN), or a combination thereof. It may be stored on an attachable storage device that is accessible. This storage device can be connected to a device performing an embodiment of the present disclosure through an external port. Additionally, a separate storage device on a communications network may be connected to the device performing embodiments of the present disclosure.

In the specific embodiments of the present disclosure described above, elements included in the disclosure are expressed in singular or plural numbers depending on the specific embodiment presented. However, singular or plural expressions are selected to suit the presented situation for convenience of explanation, and the present disclosure is not limited to singular or plural components, and even components expressed in plural may be composed of singular or singular. Even expressed components may be composed of plural elements.

Meanwhile, in the detailed description of the present disclosure, specific embodiments have been described, but of course, various modifications are possible without departing from the scope of the present disclosure. Therefore, the scope of the present disclosure should not be limited to the described embodiments, but should be determined not only by the scope of the patent claims described later, but also by the scope of the claims and their equivalents.

Claims (20)

In a wireless communication system, in a method performed by a terminal, the method includes:
Receiving system information including information related to the public key of the base station and signature information of the base station from a base station;
determining whether a public key corresponding to information related to the public key of the base station is stored in the terminal;
verifying the signature of the base station when a public key corresponding to information related to the public key of the base station is stored; and
A method comprising performing a connection procedure with the base station or searching for another base station based on the verification result.
The method of claim 1, wherein the method comprises:
If signature information of the base station is not included in the system information, the method further includes establishing a radio resource control (RRC) connection with the base station without performing the verification.
The method of claim 1, wherein when a public key corresponding to information related to the public key of the base station is not stored, the method further comprises:
A registration request message containing an indicator indicating that the public key corresponding to the information related to the public key of the base station or the information related to the public key of the base station is not stored to the access and mobility management function (AMF). transmitting; and
Further comprising receiving a non-access stratum (NAS) command message with encryption and integrity protection from the AMF based on the list of public keys held by the terminal included in the registration request message. How to.
The method of claim 3, wherein the method:
Comparing information included in the registration request message and information included in the NAS command message; and
Based on the comparison result, the method further includes searching for cells of a base station different from the base station.
In claim 3,
The NAS command message includes information about a list of public keys that need to be updated to the terminal.
The method of claim 3, wherein the method:
Receiving an access stratum (AS) command message from the base station including a list of public keys to be updated to the terminal;
storing a list of public keys to be updated in the terminal; and
The method further includes transmitting an AS complete message to the base station based on a result of storing the list of public keys.
The method of claim 1, wherein the method comprises:
It further includes receiving information about a list of public keys to be updated from a unified data manager (UDM) based on the registration request message and the UPU (user equipment (UE) parameters update)/SoR (steering of roaming) process. How to.
In a method performed by an access and mobility management function (AMF) in a wireless communication system, the method includes:
Receiving a registration request message from a terminal including information about a list of public keys held by the terminal or an indicator indicating that a public key corresponding to information related to a public key of a base station is not stored;
identifying an encryption and integrity protection algorithm based on the registration request message; and
A method comprising transmitting a non-access stratum (NAS) command message to the terminal based on the registration request message and the identified encryption and integrity algorithm.
The method of claim 8, wherein the method:
transmitting to the terminal a list of public keys to be updated; and
The method further comprising receiving a NAS complete message from the terminal indicating that there is no modification in the NAS command message.
The method of claim 9, wherein the method:
It further includes a method of transmitting a message containing information about a public key list held by the terminal to a unified data manager (UDM) based on the NAS completion message,
A method in which the message sent to the UDM includes information about a subscription permanent identifier (SUPI) necessary to identify the terminal.
In a wireless communication system, the terminal,
At least one transceiver; and
Comprising at least one processor functionally coupled to the at least one transceiver,
The at least one processor,
Receiving system information including information related to the public key of the base station and signature information of the base station from a base station,
Determine whether a public key corresponding to information related to the public key of the base station is stored in the terminal,
If a public key corresponding to information related to the public key of the base station is stored, verify the signature of the base station, and
A device configured to perform a connection procedure with the base station or search for another base station based on the verification result.
The method of claim 11, wherein the at least one processor:
If the signature information of the base station is not included in the system information, the device is further configured to establish a radio resource control (RRC) connection with the base station without performing the verification.
The method of claim 11, wherein when the public key corresponding to the information related to the public key of the base station is not stored, the at least one processor:
A registration request message containing an indicator indicating that the public key corresponding to the information related to the public key of the base station or the information related to the public key of the base station is not stored to the access and mobility management function (AMF). send, and
A device further configured to receive a cipher and integrity protected NAS (non-access stratum) command message from the AMF based on the list of public keys held by the terminal included in the registration request message. .
The method of claim 13, wherein the at least one processor:
Compare the information included in the registration request message with the information included in the NAS command message, and
Based on the comparison result, the device is further configured to search for cells of the base station and other base stations.
In claim 13,
The NAS command message includes information about a list of public keys that need to be updated to the terminal.
The method of claim 13, wherein the at least one processor:
Receiving an access stratum (AS) command message from the base station containing a list of public keys to be updated to the terminal,
storing a list of public keys that need to be updated in the terminal, and
The device is further configured to transmit, to the base station, an AS complete message based on a result of storing the list of public keys.
The method of claim 11, wherein the at least one processor:
The device is further configured to receive information about a list of public keys to be updated from a unified data manager (UDM) based on the registration request message and a user equipment (UE) parameters update (UPU)/steering of roaming (SoR) process. .
In a wireless communication system, AMF (access and mobility management function) is,
At least one transceiver; and
Comprising at least one processor functionally coupled to the at least one transceiver,
The at least one processor,
Receiving a registration request message from a terminal including information about a list of public keys held by the terminal or an indicator indicating that a public key corresponding to information related to the public key of the base station is not stored,
Identify encryption and integrity protection algorithms based on the registration request message, and
A device configured to transmit a non-access stratum (NAS) command message to the terminal based on the registration request message and the identified encryption and integrity algorithm.
The method of claim 18, wherein the at least one processor:
Sending to the terminal a list of public keys that need to be updated to the terminal, and
The device further configured to receive a NAS complete message from the terminal indicating that there is no modification in the NAS command message.
The method of claim 19, wherein the at least one processor:
Further configured to transmit a message containing information about the public key list held by the terminal to a unified data manager (UDM) based on the NAS completion message,
A device in which a message transmitted to the UDM includes information about a subscription permanent identifier (SUPI) necessary to identify the terminal.

Images