OA19349A - Security context handling in 5G during connected mode - Google Patents
Security context handling in 5G during connected mode Download PDFInfo
- Publication number
- OA19349A OA19349A OA1201900262 OA19349A OA 19349 A OA19349 A OA 19349A OA 1201900262 OA1201900262 OA 1201900262 OA 19349 A OA19349 A OA 19349A
- Authority
- OA
- OAPI
- Prior art keywords
- key
- access stratum
- handover
- new
- user equipment
- Prior art date
Links
- 238000004891 communication Methods 0.000 claims description 49
- 230000004044 response Effects 0.000 claims description 19
- 230000003068 static Effects 0.000 claims description 7
- 238000000034 method Methods 0.000 description 38
- 238000004590 computer program Methods 0.000 description 15
- 230000003287 optical Effects 0.000 description 6
- 235000019796 monopotassium phosphate Nutrition 0.000 description 4
- 239000000969 carrier Substances 0.000 description 3
- 239000004065 semiconductor Substances 0.000 description 3
- 230000000694 effects Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000000051 modifying Effects 0.000 description 2
- 230000011664 signaling Effects 0.000 description 2
- 230000001702 transmitter Effects 0.000 description 2
- 239000000463 material Substances 0.000 description 1
- WCUXLLCKKVVCTQ-UHFFFAOYSA-M potassium chloride Chemical compound [Cl-].[K+] WCUXLLCKKVVCTQ-UHFFFAOYSA-M 0.000 description 1
Abstract
The present disclosure relates to methods and apparatus for flexible, security context management during AMF changes. One aspect of the disclosure is a mechanism for achieving backward security during AMF changes. Instead of passing the current NAS key to the target AMF, the source AMF derives a new NAS key, provides the new NAS key to the target AMF, and sends a key change indication to the UE, either directly or through some other network node. The UE can then derive the new NAS key from the old NAS key. In some embodiments, the AMF may provide a key generation parameter to the UE to use in deriving the new NAS key. In other embodiments, the target AMF may change one or more security algorithms.
Description
Referring now to the drawings, an exemplary embodiment of the disclosure will be described in the context of a 5G wireless communication network. Those skilled in the art will appreciate that the methods and apparatus herein described are not limited to use in 5G networks, but may also be used in wireless communication networks operating according to other standards.
Figure 1 illustrâtes a wireless communication network 10 according to one exemplary embodiment. The wireless communication network 10 comprises a radio access network (RAN) 20 and a core network 30. The RAN 20 comprises one or more base stations 25 providing radio access to UEs 70 operating within the wireless communication network 10. The base stations 25 are also referred to as gNodeBs (gNBs). The core network 30 provides a connection between the RAN 20 and other packet data networks 80.
In one exemplary embodiment, the core network 30 comprises an authentication server function (AUSF) 35, access and mobility management function (AMF) 40, session management function (SMF) 45, policy control function (PCF) 50, unified data management (UDM) function 55, and user plane function (UPF) 60. These components of the wireless communication network 10 comprise logical entities that résidé in one or more core network nodes. The functions of the logical entities may be implemented by one or more processors, hardware, firmware, or a combination thereof. The functions may résidé in a single core network node, or may be distributed among two or more core network nodes.
The AMF 40, among other things, performs mobility management functions similar to the MME in LTE. The AMF and MME are referred to herein generically as mobility management functions. In the exemplary embodiment shown in Figure 1, the AMF 40 is the termination point for non-access stratum (NAS) security. The AMF 40 shares a key, denoted the core network key (Kcn), with the UE 70 that is used to dérivé the NAS lower level protocol keys for integrity and confidentiality protection. The KCN is generally équivalent to the base key named Kasme in the Evolved Packet System (EPS). The Kcn key is generally équivalent to the KAmf key used in the 5G spécifications. It is always the case that following authentication, a new Kcn is taken into use. How the Kcn key is established after authentication is not a material aspect of the présent disclosure. The methods and apparatus described herein do not dépend on the particular method used for computing Kcn after authentication. That is, the security context handling methods work regardless of whether the Kcn is derived from a higher level key or is established directly by the authentication procedure similar to the establishment of Kasme in EPS.
Once a UE 70 is authenticated, the UE 70 may move between cells within the network. When a UE 70 moves between cells while in a connected mode, a handover is executed. When a UE 70 in idle mode moves between cells, a location update procedure may be executed. The AMF 40 keeps track of the location of the UE 70 in its domain. Typically, the core network 30 will hâve multiple AMFs 40, each providing mobility management services in a respective domain. When a UE 70 moves between cells supervised by different AMFs 40, the security context needs to be transferred from the source AMF 40 to the target AMF 40.
In LTE Systems, the security context is transferred unaltered from a source mobility management entity (MME) to the target MME during an inter-MME handover or location update. Following a AMF change, a NAS security mode command (SMC) procedure may be performed, which takes new NAS and access stratum (AS) keys into use. Génération of NAS and AS keys may be necessary, for example, when an algorithm change is needed at the NAS level. Generally, changing the algorithm used at the NAS protocol layer does not hâve any effect on the AS keys. However, changing the main NAS context key renders the current AS keys outdated.
One aspect of the disclosure is a mechanism for achieving backward security during AMF changes. Instead of passing the current NAS key to the target AMF 40, the source AMF 40 dérivés a new NAS key, provides the new NAS key to the target AMF 40, and sends a KCI to the UE 70. The UE 70 can then dérivé the new NAS key from the old NAS key. In some embodiments, the source AMF 40 may provide a key génération parameter to the UE 70 to use in deriving the new NAS key. In other embodiments, the target AMF 40 may change one or more security algorithms.
Figure 2 illustrâtes an exemplary procedure for transferring a security context during a handover where the AMF changes. At step 1, the source base station 25 (e.g., source gNB) décidés to initiate an N2-based handover due, for example, to no Xn connectivity to the target base station 25 (e.g. target gNB). The Xn interface is the 5G équivalent of the X2 interface in EPS. At step 2, the source base station 25 sends a handover required message (or 5G équivalent of handover required message) to the source AMF 40. This is the AMF 40 currently serving the UE 70, with which it shares a full NAS security context based on a non-access stratum key referred to herin as the Kcn key. The Kcn key was established possibly following a previous authentication or AMF 40 change procedure. At step 3, the source AMF 40 selects the target AMF 40 and décidés to dérivé a new Kcn key in order to shield itself and all the previous sessions from the target AMF 40. The decision to dérivé a new key may be based on an operator spécifie security policy.
As an example a new KCN key could be taken into use when an AMF set changes. It is generaly assumed that a horizontal key dérivation is not needed when an AMF set does not change. The current reasoning behind these two assumptions is that 5G security context is stored in the Unstructured Data Storage network function (UDSF) within an AMF set. So, when a UE is assigned a different AMF within the same AMF set, then horizontal dérivation of KCN is not necessary. But when a UE is assigned a different AMF in a different AMF set, then the UDSF is different and a horizontal dérivation of KCN is necessary. These assumptions, however, may not hold true for all possible network deployments. First, the UDSF is an optional network function. Further, there is no reason to restrict the network architecture to deployments where there is a shared storage only within an AMF set. Some network deployments could hâve secure storage across multiple AMF sets. In this case, it is not necessary to mandate horizontal dérivation of Kcn when the AMF set changes. Similarly, some network deployments could use multiple secure storage within a single AMF set. In this case, horizontal key dérivation may be désirable even when the UE 70 does not change AMF sets. Therefore, decision to perform horizontal dérivation of KCN when changing between AMF should be done according to network policy, rather than mandating/restricting based on AMF set. For example, the network operator may hâve a policy that a new KCN is required when the UE 70 changes from a source AMF 40 to a target AMF 40 that do not share the same secure storage.
Retuming to Figure 2, the source AMF 40, at step 4, sends a forward relocation request message (or 5G équivalent) including the new KCN key along with any relevant security parameters, such as the UE capabilities. The target AMF 40 uses this Kcn key to set up a new security context and dérivé a new AS key. At step 5, the target AMF 40 sends a handover request (or 5G équivalent) to the target base station 25. The handover request includes the new AS key and ail relevant security parameters, such as the UE capabilities. This establishes the UE 70 security context at the target base station 25. At step 6, the target base station 25 acknowledges the handover request. Responsive to the acknowledgement, the target AMF 40 sends, at step 7, a forward relocation response mesasge (or 5G équivalent) including a transparent container to the source AMF 40. This container is forwarded ail the way down to the UE 70 in steps 8 and 9.
At steps 8 and 9, the source AMF 40 sends a handover command message to the UE 70 via the source base station 25, which forwards the handover command to the UE 70. The handover command includes the relevant information from the forward relocation response message and a KCI indicating that a new Kcn has been derived. The KCI may comprise an explicit key change indicator flag set to a vlaue indicating that the KCN key has been changed. Responsive to the KCI, the UE 70 establishes a new security context and dérivés a new Kcn. The UE 70 uses the new Kcn key to dérivé a new AS key for communicating with the target base station 25.
Figure 3 illustrâtes an exemplary procedure for transferring a security context when a UE 70 in idle mode changes AMFs 40. In EPS, location update during idle mode is indicated by the UE 70 in a Tracking Area Update (TAU) request. In 5G, it is expected that the UE 70 will use a registration request of type “mobility registration” as specified in TS 23.502, § 4.1.1.2.
At step 1, the UE 70 sends a registration request (Registration type = mobility registration, other parameters) to the new AMF 40 (i.e. the target AMF). Those skilled in the art will appreciate that other messages may be sent to initiate a location update. The registration request message includes ail the necessary information to enable the new AMF 40 to identify the old AMF 40 (i.e. the source AMF), which is currently holding the UE 70 security context. At step 2, the new AMF 40 sends, responsive to the registration request message, a context request message to the old AMF 40 to request the security context for the UE 70. At step 3, old AMF 40 décidés to dérivé a new Kcn key in order to shield itself and ail the previous sessions from the target AMF 40. The decision may be based on an operator spécifie security policy.
At step 4, the old AMF 40 sends a context request response message to the new AMF 40. The context request response message contains the necessary UE 70 security context information including the new Kcn key. The context request response message further includes a KCI indicating that the NAS key, KCN, has been changed. The old Kcn key is not sent to the new AMF 40. The new AMF 40 uses the new Kcn key to establish a new security context and activâtes the new security context by performing a NAS SMC procedure or similar procedure 10 with the UE 70 as specified in TS 33.401, § 7.2.4.4. At step 5, the UE 70 is informed of a key change via a KCI in the first downlink message of the NAS SMC procedure, or other message sent during the NAS SMC procedure.
The NAS security context based on the KCN key is shared between the UE 70 and the AMF 40 currently serving it. The security context includes security parameters similar to those in LTE Systems, such as the NAS counters, key set identifier, etc. In one exemplary embodiment, a horizontal key dérivation mechanism is used to generate a new Kcn key during AMF 40 change. The dérivation of the new KCN could be solely based on the previous KCN. From a security perspective, there is no benefit from an additional input in the key dérivation step.
Figure 4 illustrâtes a first key dérivation procedure. In this embodiment, it is assumed that the key dérivation function (KDF) dérivés the new Kcn key based solely on the old KCN key. This key chaining from AMF 40 to AMF 40 may continue on until a new authentication is performed. It may be left to the operator's policy how to configure the AMF 40 in respect to which security mechanism is selected during an AMF 40 change. For example, depending on an operator's security requirements, the operator can décidé whether to perform reauthentication at the target AMF 40, or whether a key change is needed at the source AMF 40.
Figure 5 illustrâtes another key dérivation procedure. This embodiment may be useful in scénarios where an AMF 40 needs to préparé keys in advance for more than one potential target AMF 40. In this case, an additional key dérivation parameter (KDP) is needed for cryptographie séparation, so that different KCN keys are prepared for different potential target AMFs 40. Depending on the parameter type, the UE 70 might need to be provided with the chosen KDP in addition to the KCL In some embodiments, the KDP may also serve as an implicit KCI so that a separate KCI is not required. For example, where the KDP comprises a nonce generated by the source AMF 40, the nonce needs to be provided to the UE 70. Other potential KDPs include a timestamp, a version number, and a freshness parameter. During a handover in connected mode, the KDP could be sent from the source AMF 40 to the UE 70 via the source base station 25 in a handover command. Alternatively, the KDP may be sent to the UE 70 via the target AMF 40 in a transparent NAS container. During a registration or location update procedure, the KDP could be sent from the target AMF 40 in a NAS SMC. However, in scénarios where the KDP is otherwise available to the UE 70, such as an AMF public identifierlike parameter, it may not be necessary to provide the UE 70 with the KDP parameter. More generally, any static information, such as a static network configuration parameter or static UE configuration parameter, known to the UE 70 and Source AMF 40 may be used as a KDP.
Figure 6 illustrâtes a handover procedure where a KDP is used to dérivé the new Kcn key. This procedure is generally the same as the procedure shown in Figure 2. For the sake of brevity, steps that are unchanged are not described. At step 3, the source AMF 40 selects the target AMF 40 and décidés to dérivé a new Kcn key in order to shield itself and ail the previous sessions from the target AMF 40. In this embodiment, the source AMF 40 generates a KDP 11 (e.g., version number) and uses the KDP to dérivé the new Kcn key. At step 4, the source AMF 40 sends a forward relocation request message (or 5G équivalent) including the new Kcn key along with any relevant security parameters, such as the UE capabilities. The target AMF 40 uses this Kcn key to set up a new security context and dérivé a new AS key. The source AMF 40 does not provde the KDP to the new AMF 40. Instead, at step 8, the source AMF 40 sends a handover command to the source base station 25, wherein the handover command includes the KDP in addtion to or in place of the KCI. As noted above, the KDP may serve as an implicit KCI. Responsive to the KCI and/or KDP, the UE 70 establishes a new security context and dérivés a new Kcn using the KDP. The UE 70 may use the new Kcn key to dérivé a new AS key for communicaitng with the target base station 25.
In LTE Systems, a NAS algorithm change at the target AMF 40 can only take effect through a NAS SMC procedure. Since the UE 70 capabilities are sent with other UE 70 context information to the target AMF 40, it is possible for the target AMF 40 to indicate which new NAS algorithms hâve been selected. Figure 7 illustrâtes an exemplary handover procedure where the target AMF 40 selects one or more new NAS security algorithms (e.g., cryptographie algorithms). Steps 1 - 4 are the same as described in Figure 2. At step 5, the target AMF 40 selects one or more new NAS security algorithms. Steps 6 and 7 are the same as steps 5 and 6 in Figure 2. At step 8, the target AMF 40 includes an indication of the new security algorithms in the transparent container to the source information element of the forward relocation response message sent to the source AMF 40. This container is forwarded ail the way down to the UE 70 in steps 9 and 10. The security algorithm indication may be included with the KCI in the handover command, or in a separate message. As a conséquence, the UE 70 has ail the necessary parameters to activate the NAS security context with the target AMF 40 without the need of a NAS SMC procedure. This mechanism works regardless how the Kcn key is derived.
Figure 8 illustrâtes an exemplary procedure for transferring a security context when a UE 70 in idle mode changes AMFs 40. This procedure is similar to the procedure shown in Figure 3. In EPS, location update during idle mode is indicated by the UE 70 in a Tracking Area Update (TAU) request. In 5G, it is expected that the UE 70 will use a registration request of type “mobility registration” as specifïed in TS 23.502, § 4.1.1.2.
At step 1, the UE 70 sends a registration request (Registration type = mobility registration, other parameters) to the new AMF 40 (i.e. target AMF). Those skilled in the art will appreciate that other messages may be sent to initiate a location update. The registration request message includes ail the necessary information to enable the new AMF 40 to identify the old AMF 40 (i.e. source AMF), which is currently holding the UE 70 security context. At step 2, the new AMF 40 sends, responsive to the registration request message, a context request message to the old AMF 40 to request the security context for the UE 70. At step 3, old AMF 40 décidés to dérivé a new Kcn key in order to shield itself and ail the previous sessions from the target AMF 40. The decision may be based on an operator spécifie security policy.
In one embodiment denoted Alternative 1, the old AMF 40 sends, at step 4A, a context request response message to the new AMF 40. The context request response message contains the necessary UE 70 security context information including the new Kcn key. The context request response message further includes a KCI indicating that the NAS key, Kcn, has been changed and a KDP used to dérivé the new Kcn key. The old Kcn key is not sent to the new AMF 40. The new AMF 40 uses the new KCN key to establish a new security context and activâtes the new security context by performing a NASSMC procedure or similar procedure with the UE 70 as specified in TS 33.401, § 7.2.4.4. At step 5A, the KO and KDP (e.g. a freshness parameter or nonce) is sent to the UE 70 in the first downlink message of the NAS SMC procedure, or other downlink message in the NAS SMC procedure. The KCI indicates to the UE 70 that the Kcn key has been changed. The KDP is a security parameter that is used by the UE 70 to dérivé the new Kcn key. In this embodiment, the KCI and KDP are separate parameters.
In another embodiment denoted Alternative 2, the old AMF 40 sends, at step 4B, a context request response message to the new AMF 40. The context request response message contains the necessary UE 70 security context information including the new Kcn key. The context request response message further includes a KDP implicitly indicating that the NAS key, Kcn, has been changed. The old Kcn key is not sent to the new AMF 40. The new AMF 40 uses the new Kcn key to establish a new security context and activâtes the new security context by performing a NAS SMC or similar procedure with the UE 70 as specified in TS 33.401, § 7.2.4.4. At step 5B, the new AMF 40 sends the KDP (e.g. a freshness parameter or nonce) to the UE 70 in the first downlink message of the NAS SMC procedure, or some other downlink message in the NAS SMC procedure. The KDP functions as a key change indication to indicate to the UE 70 that the NAS key has been changed. The UE 70 uses the KDP and its old Kcn key to dérivé the new Kcn key.
Figure 9 illustrâtes an exemplary method 100 implemented during a handover by a source base station 25 in an access network of a wireless communication network 10. The source base station 25 sends a first handover message to a source AMF 40 in a core network 30 of the wireless communication network 10 to initiate a handover of a UE 70 (block 105). Subsequently, the source base station 25 receives, responsive to the first handover message, a second handover message from the source AMF 40 (block 110). The second handover message includes a KCI indicating that a non-access stratum key (e.g. KCN) has been changed. The source base station 25 forwards the second handover message with the KCI to the UE 70 (block 115).
In some embodiments ofthe method 100, the KCI comprises a key change indicator flag set to a value indicating that the non-access stratum key has been changed. In other embodiments, the KCI comprises a security parameter implicitly indicating that the non-access stratum key has been changed. The security parameter comprises one of a nonce, timestamp, freshness parameter and version number.
Some embodiments of the method 100 further comprise receiving, from the source AMF 40, a KDP needed by the UE 70 to generate a new non-access stratum key, and forwarding the KDP to the UE 70. In some examples, the KDP is received with the KCI in the second handover message. The KDP comprises, for example, one of a nonce, timestamp, freshness parameter and version number. In some embodiments, the key dérivation serves as an implicit KCI.
Some embodiments of the method 100 further comprise receiving, from the source AMF 40, a security algorithm parameter indicating at least one security algorithm to be used by the UE 70, and forwarding the security algorithm parameter to the UE 70. In one example, the security algorithm parameter is received with the KCI in the second handover message.
In one embodiment of the method 100, the first handover message comprises a handover required message indicating a need for a handover of the UE 70.
In one embodiment of the method 100, the second handover message comprises a handover command including a KCI.
In one embodiment of the method 100, the non-access stratum key comprises a core network key (Kcn).
Figure 10 is an exemplary base station 120 configured to perform the method 100 shown in Figure 9. The base station 120 comprises a sending unit 125, a receiving unit 130 and a forwarding unit 135. The sending unit 125 is configured to send a first handover message to a source AMF 40 in a core network 30 of the wireless communication network 10 to initiate a handover of a UE 70. The receiving unit 130 is configured to receive, responsive to the first handover message, a second handover message from the source AMF 40. The forwarding unit 135 is configured to forward the second handover message with the KCI to the UE 70. The KCI indicates a change of the non-access stratum key (e.g. KCn)· The sending unit 125, receiving unit 130 and forwarding unit 135 may comprise hardware circuits, microprocessors, and/or software configured to perform the method shown in Figure 9. In some embodiments, the sending unit 125, receiving unit 130 and forwarding unit 135 are implemented by a single microprocessor. In other embodiments, the sending unit 125, receiving unit 130 and forwarding unit 135 may be implemented by two or more microprocessors.
Figure 11 illustrâtes an exemplary method 150 implemented during a handover by a source AMF 40 in a core network 30 of a wireless communication network 10. The source AMF 40 receives, from the source base station 25, a first handover message indicating that a handover of the UE 70 is needed (block 155). The source AMF generates a new non-access stratum key (e.g. KCn) (block 160), and sends the new non-access stratum key to a target AMF 40 in the core network 30 of the wireless communication network 10 (block 165). The source AMF 40 also sends a KCI to the UE 70 in a second handover message (block 170). The KCI indicates a change of the non-access stratum key.
In some embodiments of the method 150, generating the new non-access stratum key comprises generating the new non-access stratum key from a previous non-access stratum key. In other embodiments, generating the new non-access stratum key comprises generating the new non-access stratum key from a previous non-access stratum key and the KDP. In some embodiments, the source AMF sends the KDP to the UE 70 along with the KCI in the second handover message.
Some embodiments of the method 150 further comprise selecting the target AMF 40, and generating the new non-access stratum key depending on the sélection of the target AMF 40.
Some embodiments of the method 150 further comprise generating two or more nonaccess stratum keys, each for different target AMFs 40. In one example, the two or more nonaccess stratum keys are generated using different KDPs.
Some embodiments of the method 150 further comprise sending one or more security parameters to the target AMF 40. In one example, the one or more security parameters are transmitted to the target AMF 40 in the second handover message. In one example, the one or more security parameters include UE capability information.
Some embodiments of the method 150 further comprise receiving, from the target AMF 40, a security algorithm parameter indicating at least one security algorithm, and forwarding the security algorithm parameter to the UE 70. In another example, the security algorithm parameter is received from the target AMF 40 in a forward relocation response message.
In one embodiment of the method 150, the first handover message comprises a handover required message indicating a need for a handover of the UE 70.
In one embodiment of the method 150, the second handover message comprises a handover command including the KCI.
In one embodiment of the method 150, the new non-access stratum key is sent to the target AMF (40) in a forward relocation request message.
In one embodiment of the method 150, the non-access stratum key comprises a core network key (Kcn).
Figure 12 is an exemplary source AMF 175 configured to perform the method 150 shown in Figure 11. The source AMF 175 comprises a receiving unit 180, a key generating unit 185, a first sending unit 190 and second sending unit 195. The receiving unit 180 is configured to receive, from a source base station 25, a first handover message indicating that a handover of the UE 70 is needed. The key generating unit 185 is configured to generate a new nonaccess stratum key (e.g. KCN) as herein described. The first sending unit 190 is configured to send the new non-access stratum key to a target AMF 40 in the core network 30 of the wireless communication network 10. The second sending unit 195 is configured to send a KCI to the UE 70 in a second handover message. The KCI indicates a change of the non-access stratum key. The receiving unit 180, a key generating unit 185, first sending unit 190 and second sending 15 unit 195 may comprise hardware circuits, microprocessors, and/or software configured to perform the method shown in Figure 11. In some embodiments, the receiving unit 180, key generating unit 185, first sending unit 190 and second sending unit 195 are implemented by a single microprocessor. In other embodiments, the receiving unit 180, key generating unit 185, first sending unit 190 and second sending unit 195 may be implemented by two or more microprocessors.
Figure 13 illustrâtes an exemplary method 200 implemented during a handover by a target AMF 40 in a core network 30 of a wireless communication network 10. The target AMF 40 receives, from the source AMF 40, a new non-access stratum key (e.g. KCN) (block 205). The target AMF establishes a new security context including a new access stratum key derived from the new non-access stratum key (block 210), and sends the new access stratum key to a target base station 25 (block 215).
Some embodiments of method 200 further comprise receiving one or more security parameters from the source mobility management function. In one example, the one or more security parameters include UE capability information. In one embodiment, the security parameters are received with the new non-access stratum key.
In some embodiments of method 200, establishing the new security context comprises selecting one or more security algorithme. In one example, at least one of the security algorithme ie eelected baeed on the UE capability information.
Some embodimente of method 200 further compriee eending to the eource mobility management function, a eecurity algorithm parameter indicating at leaet one eecurity algorithm for the new eecurity context.
In some embodimente of method 200, the new non-acceee etratum key ie received from the eource mobility management function in a forward relocation requeet meeeage.
In some embodimente of method 200, the new acceee etratum key ie eent to the target base station in a handover request.
In some embodiments of method 200, the security algorithm parameter is sent to the source mobility management function in a forward relocation response message.
In some embodiments of method 200, the non-access strum key comprises a core network key (KCN).
Figure 14 is an exemplary target AMF 220 configured to perform the method 200 shown in Figure 13. The target AMF 220 comprises a receiving unit 225, a security unit 230 and a sending unit 235. The receiving unit 225 is configured to receive, from a source AMF 40, a new non-access stratum key (e.g. KCn)· The security unit 230 is configured to establish a new security context including a new access stratum key derived from the new non-access stratum key, The sending unit 235 is configured to send the new access stratum key to a target base station 25. The receiving unit 225, security unit 230 and sending unit 235 may comprise hardware circuits, microprocessors, and/or software configured to perform the method shown in 16
Figure 13. In some embodiments, the receiving unit 225, security unit 230 and sending unit 235 are implemented by a single microprocessor. In other embodiments, the receiving unit 225, security unit 230 and sending unit 235 may be implemented by two or more microprocessors.
Figure 15 illustrâtes an exemplary method 250 implemented by a UE 70 in a wireless communication network 10 during a handover. The UE 70 receives a handover message including a KCI from a source base station 25 in the domain of a source AMF 40 of the wireless communication network 10 (block 255). The KCI indicates to the UE 70 that a non-access stratum key (e.g. KCN) has been changed. The UE 70 performs a handover from the source base station 25 to a target base station 25 in a domain of a target AMF 40 (block 260). The UE 70 establishes, responsive to the KCI, a new security context with the target AMF 40 (block 265). The new security context includes a new non-access stratum key. The UE 70 may optionally communicate with the target AMF 40 using the new non-access stratum key (block 270).
In some embodiments ofthe method 250, the KCI comprises a key change indicator flag set to a value indicating that the non-access stratum key has been changed. In other embodiments, the KCI comprises a security parameter implicitly indicating that the non-access stratum key has been changed. The security parameter comprises a KDP used to generate the new non-access stratum key.
Some embodiments of the method 250 further comprise generating the new non-access stratum key using the KDP. In one example, the KDP comprises one of a nonce, timestamp, freshness parameter, version number and static information known to the UE 70 and the source AMF. In some embodiments, the KDP is received with the KCI in the second handover message. In some embodiments, the KDP serves as an implicit KCI.
Some embodiments of the method 250 further comprise generating a new access stratum key from the new non-access stratum key, and communicating with a target base station 25 using the new access stratum key.
Some embodiments of the method 250 further comprise receiving a security algorithm parameter from the source base station 25 identifying one or more security algorithms used in the new security context. In one example, the security algorithm parameter is received in the handover message along with the KCI.
In some embodiments of the method 250, the handover message comprises a handover command.
In some embodiments of the method 250, the non-access stratum key comprises a core network key (Kcn).
Figure 16 is an exemplary UE 275 configured to perform the method 250 shown in Figure 15. The UE 275 comprises a receiving unit 280, a handover unit 285 and a security unit 290. The receiving unit 280 is configured to receive a handover message including a KCI from a source base station 25 in the domain of a source AMF 40 of the wireless communication 17 network 10. The KCI indicates to the UE 70 that a non-access stratum key (e.g. KCN) has been changed. The handover unit 285 is configured to perform a handover from the source base station 25 to a target base station 25 in a domain of a target AMF 40. The security unit 290 is configured to establish, responsive to the KCI, a new security context with the target AMF 40. The UE 275 may also optionally include and a communication unit 295 configured to communicate with the target AMF 40 using the new non-access stratum key. The receiving unit 280, handover unit 285, security unit 290 and communication unit 290 may comprise hardware circuits, microprocessors, and/or software configured to perform the method shown in Figure 15. In some embodiments, the receiving unit 280, handover unit 285, security unit 290 and communication unit 290 are implemented by a single microprocessor. In other embodiments, the receiving unit 280, handover unit 285, security unit 290 and communication unit 290 may be implemented by two or more microprocessors.
Figure 17 illustrâtes an exemplary method 300 implemented by a source AMF 40 in a core network 30 of the communication network 10 when a UE 70 in idle mode changes AMFs 40. The source AMF 40 receives a request for a security context for the UE 70 from a target AMF 40 (block 305). The source AMF 40 generates a new non-access stratum key (e.g. KCN) (block 310), and sends, responsive to the request, the new non-access stratum key and a KCI to the target AMF 40 (block 315). The KCI indicates a change of the non-access stratum key.
In some embodiments of the method 300, generating a new non-access stratum key comprises generating the new non-access stratum key from the old non-access stratum key. In other embodiments, generating a KDP, and generating the new non-access stratum key from an old non-access stratum key and the KDP.
In some embodiments of the method 300, the key change indication comprises a key change indicator flag set to a value indicating that the non-access stratum key has been changed. In other embodiments, the KCI comprises a security parameter implicitly indicating that the non-access stratum key has been changed. The security parameter may comprise, for example, a KDP used to generate the new non-access stratum key.
Some embodiments of the method 300 further comprise sending, responsive to the request, a KDP used to generate the new non-access stratum key. The KDP comprises one of a nonce, timestamp, freshness parameter and version number.
Some embodiments of the method 300 further comprise selecting the target AMF 40, and generating a new non-access stratum key depending on the sélection of the target AMF 40.
In some embodiments of the method 300, generating a new non-access stratum key comprises generating two or more non-access stratum keys, each for a different target AMF 40. In one example, the two or more non-access stratum keys are generated using different KDPs.
Some embodiments of the method 300 further comprise sending one or more security parameters with the new non-access stratum key to the target AMF 40. In one example, the one or more security parameters include UE capability information.
In some embodiments of the method 300, the request for a security context is received from the target AMF 40 in a context request message.
In some embodiments ofthe method 300, the new non-access stratum key is sent to the target AMF 40 in a context request response message.
In some embodiments ofthe method 300, the non-access stratum key comprises a core network key (KCN).
Figure 18 is an exemplary source AMF 320 configured to perform the method 300 shown in Figure 17. The source AMF 320 comprises a receiving unit 325, a key generating unit unit 330 and a sending unit 335. The receiving unit 325 is configured receive a request for a security context for the UE 70 from a target AMF 40. The key generating unit 330 is configured to generate a new non-access stratum key (e.g. Kcn). The sending unit 235 is configured to send, responsive to the request, the new non-access stratum key and a KCI to the target AMF 40. The receiving unit 325, a key generating unit 330 and a sending unit 335 may comprise hardware circuits, microprocessors, and/or software configured to perform the method shown in Figure 17. In some embodiments, the receiving unit 325, key generating unit 330 and sending unit 335 are implemented by a single microprocessor. In other embodiments, the receiving unit 325, key generating unit 330 and sending unit 335 may be implemented by two or more microprocessors.
Figure 19 illustrâtes an exemplary method 350 implemented by a target AMF 40 in a core network 30 of a wireless communication network 10 when a UE 70 in idle mode changes AMFs 40. The target AMF 40 receives, from the UE 70, a registration message or other control message indicating an AMF change (block 355). The target AMF 40 requests a security context from a source AMF 40 in the wireless communication network (block 360). Responsive to the request, the target AMF 40 receives a new non-access stratum key (e.g. KCN) and a KCI indicating the non-access stratum key has been changed (block 365). The target AMF 40 sends the KCI to the UE 70 (block 370) and optionally establishes a new security context for the UE 70 including the new non-access stratum key (block 375).
Some embodiments of the method 350 further comprise establishing a new security context including the new non-access stratum key.
Some embodiments of the method 350 further comprise receiving one or more security parameters from the source AMF 40. In example, the one or more security parameters include UE capability information. In another example, the security parameters are received along with the KCI.
In some embodiments of the method 350, the key change indication comprises a key change indicator flag set to a value indicating that the non-access stratum key has been changed. In other embodiments, the key change indication comprises a security parameter implicitly indicating that the non-access stratum key has been changed. The security parameter may comprise, for example, a KDP used to generate the new non-access stratum key.
Some embodiments of the method 350 further comprise receiving, responsive to the request, a KDP used to generate the new non-access stratum key. In one example KDP comprises one of a nonce, timestamp, freshness parameter and version number. In some embodiments, the target AMF 40 sends the KDP to the UE 70 along with the KCI in a NAS SMC message.
In some embodiments of the method 350, establishing a new security context comprises, in part, selecting one or more security algorithms. In one example, at least one of the security algorithms is selected based on UE capability information.
Some embodiments of the method 350 further comprise sending the UE 70 a security algorithm parameter indicating at least one security algorithm for the new security context.
In some embodiments ofthe method 350, the KCI is received from a source AMF 70 in a context request response message.
In some embodiments of the method 350, the KCI is sent to the uE 70 in a security establishment message.
In some embodiments ofthe method 350, the non-access stratum key comprises a core network key (KCN).
Figure 20 is an exemplary target AMF 380 configured to perform the method 350 shown in Figure 19. The base station 380 comprises a first receiving unit 382, a requesting unit 384, a second receiving unit 386, and a sending unit 388. The first receiving unit 382 is configured to receive, from the UE 70, a registration message or other control message indicating an AMF change. The requesting unit 384 is configured to request, responsive to the registration message, a security context from a source AMF 40 in the wireless communication network. The second receiving unit 386 is configured to receive, from the source AMF 40 responsive to the security context request, a new non-access stratum key and a KCI indicating that the nonaccess stratum key (e.g. KCn) has been changed. The sending unit 388 is configured to send the KCI to the UE 70. The base station 380 may also optionally include a security unit 390 configured to establish a new security context for the UE 70 including the new non-access stratum key. The first receiving unit 382, requesting unit 384, second receiving unit 386, sending unit 388 and security unit 390 may comprise hardware circuits, microprocessors, and/or software configured to perform the method shown in Figure 19. In some embodiments, the first receiving unit 382, requesting unit 384, second receiving unit 386, sending unit 388 and security unit 390 are implemented by a single microprocessor. In other embodiments, the first receiving unit 382, requesting unit 384, second receiving unit 386, sending unit 388 and security unit 390 may be implemented by two or more microprocessors.
Figure 21 illustrâtes an exemplary method 400 implemented by an idle mode UE 70 in a wireless communication network 10 when the UE 70 changes AMFs 40. The UE 70 sends a registration message or other control message to a target AMF 40 in the wireless communication network (block 405). The UE 70 receives, responsive to the registration 20 message or other control message, a KCI indicating that a non-access stratum key (e.g. KCN) has been changed (block 410). Responsive to the KCI, the UE 70 generates a new non-access stratum key (block 415). After generating the new non-access stratum key, the UE 70 may optionally establish a new security context with the target AMF 40 (block 420), where the new security context includes the new non-access stratum key and thereafter communicate with the target AMF 40 using the new non-access stratum key (block 425).
Some embodiments of the method 350 further comprise establishing, a new security context with the target AMF 40, the new security context including the new non-access stratum key, and communicating with the target AMF 40 using the new non-access stratum key.
In some embodiments ofthe method 400, the KCI comprises a key change indicator flag set to a value indicating that the non-access stratum key has been changed. In other embodiments, the KCI comprises a security parameter implicitly indicating that the non-access stratum key has been changed. In one example, the security parameter comprises one of a nonce, timestamp, freshness parameter and version number.
Some embodiments of the method 400 further comprise receiving a KDP from the target AMF 40, and generating the new non-access stratum key using the KDP. In on example, the KDP comprises one of a nonce, timestamp, freshness parameter and version number. In another example, the KDP is received with the KCI. In some embodiments, the KDP serves as an implicit KCI.
In some embodiments of the method 400, generating the new non-access stratum key comprises generating the new non-access stratum key from the previous non-access stratum key. In other embodiments of the method 400, generating the new non-access stratum key comprises generating the new non-access stratum key from the previous non-access stratum key and a KDP. The various embodiments, the KDP comprises at least one of a nonce, timestamp, freshness parameter and version number. In other embodiments, the KDP comprises static information that is known to the UE 70 and the source AMF 40
Some embodiments of the method 400 further comprise receiving a security algorithm parameter from the target AMF 40 identifying one or more security algorithms used in the new security context. In one example, the security algorithm parameter is received with the KCI.
In some embodiments ofthe method 400, the new non-access stratum key is received in a security establishment message.
In some embodiments of the method 400, the non-access stratum key comprises a core network key (KCN).
Figure 22 is an exemplary UE 430 configured to perform the method 400 shown in Figure 21. The UE 430 comprises a sending unit 435, a receiving unit 440 and a key generating unit 445. The sending unit 435 is configured to send a registration message or other control message to a target AMF 40 in the wireless communication network. The receiving unit 440 is configured to receive, responsive to the registration message or other control message, a 21
KO indicating that a non-access stratum key has been changed. The key generating unit 445 is configured to generate, responsive to the KO, a new non-access stratum key. The UE 430 may also optionally include security unit 450 configured to establish a new security context with the target AMF 40, and a communication unit 350 configured to communicate with the target AMF 40 using the new non-access stratum key. The sending unit 435, receiving unit 440, key generating unit 445, security unit 450 and communication unit 455 may comprise hardware circuits, microprocessors, and/or software configured to perform the method shown in Figure 9. In some embodiments, the sending unit 435, receiving unit 440, key generating unit 445, security unit 450 and communication unit 455 are implemented by a single microprocessor. In other embodiments, the sending unit 435, receiving unit 440, key generating unit 445, security unit 450 and communication unit 455 may be implemented by two or more microprocessors.
Figure 23 illustrâtes the main functional components of base station 500 configured to implement the security context handling methods as herein described. The base station 500 comprises a processing circuit 510, a memory 530, and an interface circuit 540.
The interface circuit 540 includes a radio frequency (RF) interface circuit 545 coupled to one or more antennas 550. The RF interface circuit 550 comprises the radio frequency (RF) components needed for communicating with the UEs 70 over a wireless communication channel. Typically, the RF components include a transmitter and receiver adapted for communications according to the 5G standards or other Radio Access Technology (RAT). The interface circuit 540 further includes a network interface circuit 555 for communicating with core network nodes in the wireless communication network 10.
The processing circuit 510 processes the signais transmitted to or received by the base station 500. Such processing includes coding and modulation of transmitted signais, and the démodulation and decoding of received signais. The processing circuit 510 may comprise one or more microprocessors, hardware, firmware, or a combination thereof. The processing circuit 510 includes a mobility unit 515 for performing handover-related functions. The mobility unit 515 comprises the processing circuitry dedicated to mobility-related functions. The mobility unit 515 is configured to perform the methods and procedures as herein described, including the methods shown in Figures 2, 6, 7, and 9.
Memory 530 comprises both volatile and non-volatile memory for storing computer program code and data needed by the processing circuit 510 for operation. Memory 530 may comprise any tangible, non-transitory computer-readable storage medium for storing data including electronic, magnetic, optical, electromagnetic, or semiconductor data storage. Memory 530 stores a computer program 535 comprising exécutable instructions that configure the processing circuit 510 to implement the methods and procedures described herein including method 100 according to Figures 2, 6, 7, and 9. In general, computer program instructions and configuration information are stored in a non-volatile memory, such as a read only memory (ROM), erasable programmable read only memory (EPROM) or flash memory. Temporary data 22 generated during operation may be stored in a volatile memory, such as a random access memory (RAM). In some embodiments, computer program 535 for configuring the processing circuit 510 as herein described may be stored in a removable memory, such as a portable compact dise, portable digital video dise, or other removable media. The computer program 535 may also be embodied in a carrier such as an electronic signal, optical signal, radio signal, or computer readable storage medium.
Figure 24 illustrâtes the main functional components of a core network node 600 in the wireless communication network 10 configured to implement the security context handling procedure as herein described. The core network node 600 may be used to implement core network functions, such as the source AMF 40 and target AMF 40 as herein described. Those skilled in the art will appreciate that a core network function, such as the AMF 40, may be implemented by a single core network node, or may be distributed among two or more core network nodes.
The core network node 600 comprises a processing circuit 610, a memory 630, and an interface circuit 640. The interface circuit 640 includes a network interface circuit 645 to enable communication with other core network nodes and with base stations 25 in the RAN.
The processing circuit 610 Controls the operation of the core network node 600. The processing circuit 610 may comprise one or more microprocessors, hardware, firmware, or a combination thereof. The processing circuit 610 may include a NAS security unit 615 to handle NAS-related security functions and a mobility management unit 620 to handle mobility management functions. Generally, the NAS security unit 615 is responsible for deriving security keys, establishing a security context, and other related security functions. The mobility management unit 620 is responsible for handling mobility management functions and related signaling. As described previously, the NAS security unit 615 may provide the mobility management unit 620 with information, such as NAS keys, KDPs, and other security parameters to be sent to the UE 70. In some embodiments, the NAS security unit 615 and the mobility management unit 620 may résidé in the same core network node. In other embodiments, they may résidé in different core network nodes. In one exemplary embodiment, the NAS security unit 615 and the mobility management unit 620 are configured to perform the methods and procedures as herein described, including the methods shown in Figures 2, 3, 6-8, 11, 13, 17, and 19.
Memory 630 comprises both volatile and non-volatile memory for storing computer program code and data needed by the processing circuit 610 for operation. Memory 630 may comprise any tangible, non-transitory computer-readable storage medium for storing data including electronic, magnetic, optical, electromagnetic, or semiconductor data storage. Memory 630 stores a computer program 635 comprising exécutable instructions that configure the processing circuit 610 to implement the methods and procedures described herein including methods according to Figures 2, 3, 6-8, 11, 13, 17, and 19. In general, computer program 23 instructions and configuration information are stored in a non-volatile memory, such as a read only memory (ROM), erasable programmable read only memory (EPROM) or flash memory. Temporary data generated during operation may be stored in a volatile memory, such as a random access memory (RAM). In some embodiments, a computer program 635 for configuring the processing circuit 610 as herein described may be stored in a removable memory, such as a portable compact dise, portable digital video dise, or other removable media. The computer program 635 may also be embodied in a carrier such as an electronic signal, optical signal, radio signal, or computer readable storage medium.
Figure 25 illustrâtes the main functional components of UE 700 configured to implement the security context handling methods as herein described. The UE 700 comprises a processing circuit 710, a memory 730, and an interface circuit 740.
The interface circuit 740 includes a radio frequency (RF) interface circuit 745 coupled to one or more antennas 750. The RF interface circuit 745 comprises the radio frequency (RF) components needed for communicating with the UEs 70 over a wireless communication channel. Typically, the RF components include a transmitter and receiver adapted for communications according to the 5G standards or other Radio Access Technology (RAT).
The processing circuit 710 processes the signais transmitted to or received by the UE 700. Such processing includes coding and modulation of transmitted signais, and the démodulation and decoding of received signais. The processing circuit 710 may comprise one or more microprocessors, hardware, firmware, or a combination thereof. The processing circuit 710 may include a NAS security unit 715 to handle NAS-related security functions and a mobility management unit 720 to handle mobility management functions. Generally, the NAS security unit 715 is responsible for deriving security keys, establishing a security context, and other security functions as herein described. The mobility management unit 720 is responsible for handling mobility management functions and related signaling. In one exemplary embodiment, the NAS security unit 715 and the mobility management unit 720 are configured to perform the methods and procedures as herein described, including the methods shown in Figures 2, 3, 6-8, 15 and 21.
Memory 730 comprises both volatile and non-volatile memory for storing computer program code and data needed by the processing circuit 710 for operation. Memory 730 may comprise any tangible, non-transitory computer-readable storage medium for storing data including electronic, magnetic, optical, electromagnetic, or semiconductor data storage. Memory 730 stores a computer program 735 comprising exécutable instructions that configure the processing circuit 710 to implement the methods and procedures described herein including method 100 according to Figures 2, 3, 6-8, 15 and 21. In general, computer program instructions and configuration information are stored in a non-volatile memory, such as a read only memory (ROM), erasable programmable read only memory (EPROM) or flash memory. Temporary data generated during operation may be stored in a volatile memory, such as a 24 random access memory (RAM). In some embodiments, computer program 735 for configuring the processing circuit 710 as herein described may be stored in a removable memory, such as a portable compact dise, portable digital video dise, or other removable media. The computer program 735 may also be embodied in a carrier such as an electronic signal, optical signal, 5 radio signal, or computer readable storage medium.
Claims (36)
1. A method for transferring a security context during a handover of a user equipment, the method implemented by one or more core network nodes in a core network of a wireless communication network, wherein the one or more core network nodes provide a source Access and Mobility Management Function, the method comprising:
receiving, from a source base station in an access network of the wireless communication network, a first handover message indicating that a handover of the user equipment is needed;
deriving new non-access stratum key responsive to deciding that an operator spécifie policy is met;
sending, responsive to the handover message, the new non-access stratum key to a target Access and Mobility Management Function in the core network of the wireless communication network; and sending, in a second handover message, a key change indicator flag to the user equipment, the key change indicator flag set to a value indicating a change of the non-access stratum key.
2. The method of claim 1 wherein generating the new non-access stratum key comprises generating the new non-access stratum key from a previous non-access stratum key and a key dérivation parameter.
3. The method of claim 2 further comprising sending the key dérivation parameter to the user equipment.
4. The method of claim 1-3 further comprising sending one or more security parameters to the target Access and Mobility Management Function.
5. The method of claim 4 wherein the one or more security parameters include user equipment capability information.
6. The method of claim 5 wherein the one or more security parameters are transmitted to the target Access and Mobility Management Function in the second handover message.
7. The method of any one ofthe claims 1-6 wherein the first handover message is a handover required message indicating a need for a handover ofthe user equipment.
8. The method of any one of the claims 1 - 7 wherein the second handover message is a handover command.
2^
9. The method of any one of the claims 1-8 wherein the new non-access stratum key is sent to the target Access and Mobility Management Function in a forward relocation request message.
10. The method of any one of claims 1-9 wherein the non-access stratum key is a core network key (Kcn).
11. A core network node in a core network of a wireless communication network, said core network node providing a source Access and Mobility Management Function, said core network nodes comprising:
an interface circuit for communicating with a source base station and a target Access and Mobility management Function; and a processing circuit configured to:
receive, from a source base station in an access network of the wireless communication network, a first handover message indicating that a handover of a user equipment is needed;
décidé that an operator spécifie policy is met for dérivation of a new non-access stratum key;
deriving the new non-access stratum key responsive to deciding that the operator spécifie policy is met;
send, responsive to the handover message, the new non-access stratum key to the target Access and Mobility Management Function in the core network of the wireless communication network; and send, in a second handover message, a key change indicator flag to the user equipment, the key change indicator flag set to a value indicating a change of the non-access stratum key.
12. The core network node of claim 11 wherein the processing circuit is further configured to generate the new non-access stratum key by generating the new non-access stratum key from a previous non-access stratum key and a key dérivation parameter.
13. The core network node of claim 12 wherein the processing circuit is further configured to send the key dérivation parameter to the user equipment.
14. The core network node of any one of claims 11-13 wherein the processing circuit is further configured to send one or more security parameters to the target Access and Mobility management Function.
15. The core network node of claim 14 wherein the one or more security parameters include user equipment capability information.
16. The core network node of any one of claims 11-15 wherein the processing circuit is further configured to:
receive, from the target Access and Mobility management Function, a NAS security algorithm indication indicating at least one NAS security algorithm to be used by the user equipment; and forward the NAS security algorithm indication to the user equipment.
17. The core network node of claim 16 wherein the processing circuit is configured to receive the NAS security algorithm indication from the target Access and Mobility management Function in a forward relocation response message.
18. The core network node of claim 16 or 17 wherein the processing circuit is further configured to forward the NAS security algorithm parameter to the user equipment in the second handover message.
19. The core network node of any one of the claims 11 - 18 wherein the first handover message is a handover required message indicating a need for a handover of the user equipment.
20. The core network node of any one of the claims 11-19 wherein the second handover message is a handover command.
21. The core network node of any one of the claims 11-20 wherein the processing circuit is configured to send the new non-access stratum key to the target Access and Mobility management Function in a forward relocation request message.
22. The core network node of any one of claims 11-21 wherein the non-access stratum key is a core network key (Kcn).
23. A method for establishing a new security context during a handover implemented by a user equipment in a wireless communication network, the method comprising:
receiving a handover message from a source base station connected to a source Access and Mobility management Function of the wireless communication network, said handover message including a key change indicator flag set to a
2g value indicating that a non-access stratum key has been changed based on an operator spécifie policy;
deriving a new non-access stratum key in response to the réception of the key change indicator flag;
performing a handover from the source base station to a target base station connected to a target Access and Mobility management Function of the wireless communication network; and establishing, the new security context with the target Access and Mobility management Function, said new security context including the new non-access stratum key.
24. The method of claim 23 further comprising generating the new non-access stratum key using a previous non-access stratum key and a key dérivation parameter.
25. The method of claim 24 wherein the key dérivation parameter comprises one of a nonce, timestamp, freshness parameter, version number, and static information.
26. The method of claim 24 or 25 wherein the key dérivation parameter is received with the key change indicator flag in the handover message.
27. The method of any one of claims 23-26 wherein the handover message is a handover command.
28. The method of any one of claims 23--27 wherein the non-access stratum key is a core network key (Kcn).
29. A user equipment for handover implemented by a user equipment in a wireless communication network, the user equipment comprising:
an interface circuit for communicating with one or more base stations in an access network of a wireless communication network; and a processing circuit configured to:
receive a handover message from a source base station connected to a source Access and Mobility management Function of the wireless communication network, said handover message including a key change indicator flag set to a value indicating that a non-access stratum key has been changed based on an operator spécifie policy;
dérivé a new non-access stratum key in response to the réception of the key change indicator flag;
perform a handover from the source base station to a target base station connected to a target Access and Mobility management Function of the wireless communication network; and establish a new security context with the target Access and Mobility management Function, said new security context including the new non-access stratum key.
30. The user equipment of claim 29 wherein the processing circuit is further configured to generate the new non-access stratum key using a previous non-access stratum key and a key dérivation parameter.
31. The user equipment of claim 30 wherein the key dérivation parameter comprises one of a nonce, timestamp, freshness parameter, version number, and static information.
32. The user equipment of claim 30 or 31 wherein the processing circuit is further configured to receive the key dérivation parameter with the key change indicator flag in the second handover message.
33. The user equipment of any one of claims 29-32 wherein the handover message comprises a handover command.
34. The user equipment of any one of claims 29-33 wherein the non-access stratum key is a core network key (Kcn).
35. The user equipment according to any one of claims 29-34, wherein the processing circuit is further configured to:
receive, from the source Access and Mobility Management Function, a NAS security algorithm indication indicating at least one NAS security algorithm to be used by the user equipment.
36. The user equipment according to claim 35, wherein the handover message is a handover command and includes the NAS security algorithm indication.
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US62/452,267 | 2017-01-30 |
Publications (1)
Publication Number | Publication Date |
---|---|
OA19349A true OA19349A (en) | 2020-06-29 |
Family
ID=
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11924630B2 (en) | Security context handling in 5G during idle mode | |
WO2016073229A1 (en) | Apparatuses and methods for wireless communication | |
EP3751780A1 (en) | Handover processing method and apparatus | |
US11751160B2 (en) | Method and apparatus for mobility registration | |
CN113170369B (en) | Method and apparatus for security context handling during intersystem changes | |
OA19349A (en) | Security context handling in 5G during connected mode | |
CN113810903A (en) | Communication method and device |