RU2772709C1 - Systems and a method for protecting the security of nas messages - Google Patents

Abstract

FIELD: communication systems.

SUBSTANCE: invention relates to the field of communication systems. The network element of the mobile network performs the NAS procedure in several phases to establish a NAS communication session with the user’s equipment (UE) when there is no NAS security context. For the first phase, the network element receives the initial NAS message from the UE filled with a subset of the NAS protocol information elements (IEs) intended for security-related processing, selects the NAS security algorithm for the NAS security context, and sends a response to the UE that specifies the NAS security algorithm. For the second phase, the network element receives a subsequent NAS message from the UE containing the NAS message container, which contains the initial NAS message filled in by each of the NAS protocol IEs for the NAS procedure, and decrypts the NAS message container of the subsequent NAS message using the NAS security algorithm.

EFFECT: achieving improved protection of NAS messages (a layer without access).

80 cl, 23 dwg

Description

Related Applications

This ordinary patent application claims priority to U.S. Provisional Application No. 62/735,732, filed September 24, 2018, which is incorporated herein by reference in its entirety.

Technical field

This disclosure relates to the field of communication systems and, in particular, to security in networks.

State of the art

Service providers or service providers implement mobile networks to offer multiple voice and data services to end users of mobile phones or other mobile devices/terminals commonly referred to as User Equipment (UE). Some examples of voice services are voice calls, call forwarding, call waiting, and so on. Some examples of data services are Internet access, audio streaming, video streaming, online games, Internet Protocol television (IP-TV), etc. A mobile network is a type of network in which the last link to the end user is wireless. The mobile network typically comprises a core network and one or more Radio Access Networks (RANs) that exchange signaling and data with the UE via an air interface. A typical mobile network is logically divided into a user plane and a control plane. The user plane is the logical plane responsible for carrying user data sent over the specified network, and the control plane is the logical plane responsible for carrying the signaling used to establish communication for the UE. The specifications of the Third Generation Partnership Project (3GPP) divide cellular protocols into two layers: a non-access layer (Non-Access Stratum - NAS) and an access layer (Access Stratum - AS). The AS consists of communication between the UE and the RAN (eg, eNodeB) occurring over a radio frequency (Radio Frequency - RF) channel. The NAS consists of non-radio signaling traffic between the UE and the core network (eg, a Mobility Management Entity (MME) for LTE or an Access and Mobility Management Function (AMF) for the next generation network). 3GPP has implemented security procedures to protect control plane messages (eg, NAS messages) from various attacks. However, it may be useful to identify enhanced security procedures that provide additional security for control plane messages.

The essence of the invention

The embodiments described herein provide improved security for NAS messages. A NAS procedure (eg, UE registration) contains a set of Information Elements (IEs) that carry information. The embodiments described below outline methods for protecting IEs, or a subset of IEs, that are sent in NAS messages. Thus, information carried in IEs is less vulnerable to malicious attacks.

One embodiment comprises a mobile network network element. The network element includes a processor(s) and a storage device containing computer program code executable by the processor. The processor is configured to cause the network element to perform the NAS procedure in multiple phases to establish a NAS session between the network element and the UE. For the first phase of the NAS procedure, the processor is further configured to cause the network element to receive an initial NAS message from the UE, wherein the initial NAS message is populated with a subset of the NAS protocol IEs of the NAS protocol IEs for the NAS procedure that are intended for security-related processing. The processor is further configured to cause the network element to process a subset of the NAS protocol IEs to determine that a NAS security context does not exist for the UE, select a NAS security algorithm for the NAS security context, and send a response to the UE that indicates the NAS security algorithm and security key set identifier. NAS security context. For the second phase of the NAS procedure, the processor is further configured to cause the network element to receive a subsequent NAS message from the UE containing a NAS message container that contains an initial NAS message encrypted based on the NAS security algorithm, and decrypt the NAS message container of the subsequent NAS message, wherein the initial the NAS message contained in the NAS message container of the subsequent NAS message is filled in by each of the NAS protocol IEs for the NAS procedure.

In another embodiment, for the first phase, a subset of the NAS protocol IEs is encrypted in the initial NAS message using the public key of the Home Public Land Mobile Network (HPLMN) for the UE. The processor is further configured to cause the network element to initiate decryption of the NAS protocol subset of IEs.

In another embodiment, the network element comprises an access and mobility management function (AMF) element of a mobile network.

In another embodiment, the processor is further configured to cause the network element to send the subset of the NAS protocol IEs in encrypted form to the Unified Data Management (UDM) element to decrypt the subset of the NAS protocol IEs based on the HPLMN private key.

In another embodiment, the initial NAS message contains a registration request message. A subset of NAS protocol IEs intended for security-related processing consists of a mobile identity for the UE, a UE security capability indicating one or more NAS security algorithms supported by the UE, a registration type, and a security keyset identifier for the NAS security context.

In another embodiment, the response contains a security mode command message that indicates the NAS security algorithm and a security key set identifier, and the subsequent NAS message received from the UE contains a security mode progress message containing a NAS message container that contains an initial NAS message, encrypted using the NAS security algorithm.

In another embodiment, the mobile network contains a fifth generation network (Fifth-Generation - 5G).

Another embodiment comprises a method for performing a NAS procedure for establishing a NAS session between a UE and a mobile network network element. For the first phase of the NAS procedure, the method includes receiving an initial NAS message at the network element from the UE, wherein the initial NAS message is populated with a subset of the NAS protocol IEs of the NAS protocol IEs for the NAS procedure that are intended for security-related processing. Further, for the first phase, the method includes processing a subset of the NAS protocol IEs at the network element to determine that a NAS security context does not exist for the UE, selecting a NAS security algorithm at the network element for the NAS security context, and sending a response from the network element to UE that indicates the NAS security algorithm and the security key set identifier of the NAS security context. For the second phase of the NAS procedure, the method includes receiving a subsequent NAS message at the network element from the UE containing a NAS message container that contains an initial NAS message encrypted based on the NAS security algorithm, and decrypting the NAS message container of the subsequent NAS message at the network element, Here, the initial NAS message contained in the NAS message container of the subsequent NAS message is populated by each of the NAS protocol IEs for the NAS procedure.

In another embodiment, for the first phase, the NAS protocol IEs subset is encrypted in the initial NAS message using the UE's public key HPLMN, and the method further includes initiating decryption of the NAS protocol IEs subset.

In another embodiment, the network element comprises a mobile network AMF, and the act of initiating decryption of the NAS protocol IEs subset includes sending the encrypted NAS protocol IEs subset to the UDM to decrypt the NAS protocol IEs subset based on the HPLMN private key.

In another embodiment, the initial NAS message contains a registration request message, and the subset of NAS protocol IEs intended for security-related processing consists of a mobile identity for the UE, a UE security capability indicating one or more NAS security algorithms supported by the UE, the registration type and security keyring ID for the NAS security context.

In another embodiment, the response contains a security mode command message that indicates the NAS security algorithm and a security key set identifier, and the subsequent NAS message received from the UE contains a security mode progress message containing a NAS message container that contains an initial NAS message, encrypted using the NAS security algorithm.

In another embodiment, for the first phase of the NAS procedure, the method includes the following steps at the UE: identifying a subset of NAS protocol IEs for the NAS procedure that are intended for security-related processing, inserting the subset of NAS protocol IEs in an initial NAS message, sending an initial NAS message from the UE to the network element; and receiving a response from the network element that indicates the NAS security algorithm and a security key set identifier for the NAS security context. For the second phase of the NAS procedure, the method includes the following steps at the UE: inserting the NAS protocol IEs for the NAS procedure into the initial NAS message, inserting the initial NAS message into the NAS message container of the subsequent NAS message, encrypting the NAS message container of the subsequent NAS message using the NAS security algorithm and sending a subsequent NAS message from the UE to the network element.

In another embodiment, for the first phase, the method further includes encrypting at the UE a subset of the NAS protocol IEs in the initial NAS message using the UE's public key HPLMN.

Another embodiment includes a UE that includes a processor(s) and a memory containing computer program code executable by the processor. The processor is configured to cause the UE to initiate a NAS procedure in multiple phases to establish a NAS session between the UE and the mobile network element. For the first phase of the NAS procedure, the processor is further configured to cause the UE to identify, from the NAS protocol IEs for the NAS procedure, a subset of the NAS protocol IEs that are for security-related processing. The processor is further configured to cause the UE to insert a subset of the NAS protocol IEs in the NAS initial message, send the NAS initial message to the network element, and receive a response from the network element that indicates the NAS security algorithm and the security key set identifier for the NAS security context. For the second phase of the NAS procedure, the processor is further configured to cause the UE to insert the NAS protocol IEs for the NAS procedure into the initial NAS message, insert the initial NAS message into the NAS message container of the subsequent NAS message, encrypt the NAS message container of the subsequent NAS message using the NAS security algorithm, and send subsequent NAS message to the NE.

In another embodiment, for the first phase, the processor is further configured to cause the UE to encrypt a subset of the NAS protocol IEs in the initial NAS message using the UE's public key HPLMN.

In another embodiment, the processor is further configured to cause the UE to encrypt a subset of the NAS protocol IEs in the initial NAS message using the public key when the UE has the public key programmed in the UMTS Subscriber Identity Module (USIM) and send the initial message NAS to the NE without encrypting the NAS protocol subset of IEs in the initial NAS message when the UE does not have a public key programmed into the USIM.

In another embodiment, the initial NAS message contains a registration request message, and a subset of NAS protocol IEs intended for security-related processing consists of a mobile identity for the UE, a UE security capability indicating one or more NAS security algorithms supported by the UE, the registration type and security keyring ID for the NAS security context.

In another embodiment, the processor is configured to cause the UE to encrypt the NAS protocol IEs subset in the initial NAS message using the UE's public key HPLMN when the registration type does not indicate an emergency, and send the NAS initial message to the network element without encrypting the NAS protocol IEs subset in the initial NAS message when the log type indicates an emergency.

In another embodiment, the response contains a security mode command message that indicates the NAS security algorithm and security key set identifier, and the subsequent NAS message contains a security mode completion message containing a NAS message container that contains the initial NAS message encrypted based on the security algorithm NAS.

Another embodiment comprises a mobile network network element. The network element includes means for causing the network element to perform a NAS procedure in multiple phases to establish a NAS session between the network element and the UE. For the first phase of the NAS procedure, the network element comprises means for receiving an initial NAS message from the UE, wherein the initial NAS message is populated with a subset of the NAS protocol IEs of the NAS protocol IEs for the NAS procedure that are intended for security-related processing. The network element further comprises means for processing a subset of NAS protocol IEs to determine that a NAS security context does not exist for the UE, means for selecting a NAS security algorithm for the NAS security context, and means for sending a response to the UE that specifies the NAS security algorithm and set identifier. security keys of the NAS security context. For the second phase of the NAS procedure, the network element further comprises means for receiving a subsequent NAS message from the UE, comprising a NAS message container that contains an initial NAS message encrypted based on the NAS security algorithm, and means for decrypting the NAS message container of the subsequent NAS message, wherein the initial the NAS message contained in the NAS message container of the subsequent NAS message is filled in by each of the NAS protocol IEs for the NAS procedure.

The above summary of the invention gives an overview of some aspects of this description of the invention. This summary of the invention is not a detailed overview of the description of the invention. It is intended neither to identify key or critical elements of the specification nor to delineate any scope of specific embodiments of the specification or any scope of the claims. Its sole purpose is to present some of the concepts of the description of the invention in a simplified form as an introduction to the more detailed description below.

Brief description of graphic materials

Some embodiments of the present invention will now be described solely by way of example with reference to the accompanying drawings. The same reference number represents the same element or the same type of element in all drawings.

Fig. 1 illustrates a mobile network in an exemplary embodiment.

Fig. 2 illustrates an Evolved Packet Core (EPC) network.

Fig. 3 illustrates a non-roaming next generation network architecture.

Fig. 4 illustrates the roaming architecture of the next generation network.

Fig. 5 illustrates the radio protocol stack.

Fig. 6 is a block diagram of a UE in an exemplary embodiment.

Fig. 7 is a block diagram of a network element in an exemplary embodiment.

Fig. 8 is a flowchart illustrating a method for performing a NAS procedure at a UE in an exemplary embodiment.

Fig. 9 is a flowchart illustrating a method for performing a NAS procedure in a network element in an exemplary embodiment.

Fig. 10 is a message diagram showing a NAS procedure when a UE does not have a security context in an exemplary embodiment.

11 is a flowchart illustrating a method for performing a NAS procedure at UE 110 in another exemplary embodiment.

Fig. 12 is a flowchart illustrating a method for performing a NAS procedure at a network element in another exemplary embodiment.

Fig. 13 is a message diagram showing a NAS procedure when a UE does not have a security context in an exemplary embodiment.

Fig. 14 is a flowchart illustrating a method for performing a NAS procedure at a UE in another exemplary embodiment.

Fig. 15 is a flowchart illustrating a method for performing a NAS procedure at a network element in another exemplary embodiment.

Fig. 16 is a message diagram showing the NAS registration procedure when the UE has a valid security context in an exemplary embodiment.

Fig. 17 is a message diagram showing a procedure for requesting a NAS service when a UE has a valid security context in an exemplary embodiment.

Fig. 18 is a message diagram showing the NAS de-registration procedure when the UE has a valid security context in an exemplary embodiment.

Fig. 19A-19B are a flowchart illustrating a method for performing a NAS procedure at a UE in an exemplary embodiment.

Fig. 20 is a flowchart illustrating a method for performing a NAS procedure in a network element in an exemplary embodiment.

Fig. 21 is a message diagram showing a NAS registration procedure when a UE has a NAS security context, but the NAS security context is invalid or not found in the exemplary embodiment.

Fig. 22 is a message diagram showing a procedure for requesting a NAS service when a UE has a NAS security context, but the NAS security context is invalid or not found in the exemplary embodiment.

Description of Embodiments

These figures and the following description illustrate specific exemplary embodiments. Thus, it will be appreciated that those skilled in the art will be able to develop various devices that, although not expressly described or shown herein, embody the principles of the embodiments and are included within the scope of the embodiments. In addition, any examples described herein are intended to assist in understanding the principles of the embodiments and should be construed as not limiting such specifically listed examples and conditions. As a result, the concept (ideas) of the invention is not limited to the specific embodiments or examples described below, but by the claims and their equivalents.

Fig. 1 illustrates a mobile network 100 in an exemplary embodiment. The mobile network 100 (also referred to as a cellular network) is a type of network in which the last link is wireless and provides voice and/or data services to a plurality of devices. Mobile network 100 may be a third generation network (Third Generation - 3G), fourth generation (Fourth Generation - 4G) and/or a next generation network (eg, fifth generation (5G)).

Mobile network 100 is illustrated as providing communications services to UE 110 (along with other UEs not shown). UE 110 may be employed for voice services, data services, Machine-to-Machine (M2M) or Machine Type Communication (MTC) services, and/or other services. UE 110 may be an end user device such as a mobile phone (eg, smartphone), a tablet or PDA, a computer with a mobile broadband adapter, and so on.

Mobile network 100 includes one or more radio access networks (RANs) 120 that communicate with UE 110 via air interface 122. RAN 120 may support access to an Evolved-UMTS Terrestrial Radio Access Network (E-UTRAN) , access to a wireless local area network (Wireless Local Area Network - WLAN), fixed access, satellite radio access, new radio access technologies (Radio Access TechnologlEs - RAT), etc. By way of example, RAN 120 may comprise an E-UTRAN or Next Generation RAN (NG-RAN) that contains one or more base stations 124 dispersed over a geographic area. Base station 124 may include an entity that uses radio technology to communicate with UEs in the licensed spectrum and interface the UE with a core network. Base stations 124 in E-UTRAN are referred to as Evolved-NodeBs (eNodeB). Base stations 124 in NG-RAN are referred to as gNodeB (NR base stations) and/or ng-eNodeB (LTE base stations supporting 5G core network). As another example, RAN 120 may contain a WLAN that contains one or more points 125 wireless access (Wireless Access Points - WAP). A WLAN is a network in which a UE can connect to a Local Area Network (LAN) via a wireless (radio) connection. The WAP 125 is a node that uses a radio technology to communicate with a UE in the unlicensed spectrum and provides the UE with access to the core network. One example of a WAP 125 is a Wi-Fi access point that operates on the 2.4GHz or 5GHz radio bands. As used herein, the term "base station" may refer to eNodeB, gNodeB, ng-eNodeB, WAP, etc.

UE 110 have the ability to connect to cell 126 of RAN 120 to access core network 130. Thus, RAN 120 is the air interface between UE 110 and core network 130. Core network 130 is the central part of mobile network 100, which provides various services to clients connected with RAN 120. One example of core network 130 is the Evolved Packet Core (EPC) network proposed by 3GPP for LTE. Another example of a core network 130 is a 5G core network proposed by 3GPP. Core network 130 includes network elements 132, which may include servers, devices, apparatuses, or equipment (including hardware) that provide services to UE 110. Network elements 132 in an EPC network may contain a Mobility Management Entity (MME) Gateway - S-GW), Packet Data Network Gateway - P-GW, etc. The network elements 132 in a 5G network may comprise an Access and Mobility Management Function (AMF), a Session Management Function (SMF), a Policy Control Function (PCF), an Application Function (AF), a Plane user (User Plane Function - UPF), etc.

Fig. 2 illustrates an Evolved Packet Core (EPC) network 200, which is the core network for LTE. The EPC network 200 includes a Mobility Management Entity (MME) 214, a Serving Gateway (S-GW) 215, a Packet Data Network Gateway (P-GW) 216, a Home Subscriber Server (HSS) 217, and a policy function 218 and charging rules (Policy and Charging Rules Function - PCRF), but may contain other elements not shown, such as IP Multimedia Subsystem (IMS) application servers. In the EPC network 200, user data (also referred to as "user plane") and signaling (also referred to as "control plane") are separated. MME 214 handles the control plane in EPC network 200. For example, MME 214 handles signaling related to mobility and security for E-UTRAN access. MME 214 is responsible for tracking and paging UE 110 in idle mode. S-GW 215 and P-GW 216 handle the user plane. S-GW 215 and P-GW 216 transport data traffic between UE 110 and external data networks 240 (DN or Packet Data Network (PDN)). The S-GW 215 is the interconnection point between the radio side and the EPC network 200 and serves the UE 110 by routing incoming and outgoing IP packets. S-GW 215 is also the anchor point for intra-LTE mobility (ie in case of handover between eNodeB) and between LTE and other 3GPP accesses. The P-GW 216 is the interconnection point between the EPC network 200 and the external data networks 240 (ie, the entry or exit point for the data network 240) and routes packets to and from the data network 240 . HSS 217 is a database that stores information related to users and related to subscribers. The PCRF 218 provides a Policy and Charging Control (PCC) solution in the EPC network 200 and is a node or entity in the EPC network 200 that formulates PCC rules for services requested by an end user.

MME 214 is connected to RAN 120 (ie eNodeB) via S1-MME interface, and S-GW 215 is connected to RAN 120 via S1-U interface. MME 214 connects to S-GW 215 via S11 interface, and connects to HSS 217 via S6a interface. The PCRF 218 is connected to the P-GW 216 via a Gx interface, which allows the transfer of policy and charging rules from the PCRF 218 to the Policy and Charging Enforcement Function (PCEF) in the P-GW 216. The PCRF 218 is connected to the S- The GW 215 is connected via the Gxx interface and the S-GW 215 is connected to the P-GW 216 via the S5 interface.

Fig. 3 illustrates a non-roaming next generation network architecture 300. The architecture in Fig. 3 is a reference point representation as further described in 3GPP TS 23.501 (v!5.3.0), which is incorporated herein by reference in its entirety. Architecture 300 consists of network functions (Network Function - NF) for the core network, and the network functions for the control plane are separated from the user plane. The backbone control plane contains an Authentication Server Function (AUSF) function 310, a single data management (UDM) 312, a Network Slice Selection Function (NSSF) 313, an access and mobility management (AMF) function 314, a 316 session management (Session Management Function - SMF), function 318 policy management (PCF) and function 320 applications (AF). The backbone user plane contains one or more user plane functions (UPFs) 324 that communicate with the data network 240 . UE 110 may access the control plane and user plane of the core network via the (R)AN 120.

AUSF 310 is configured to support authentication of UE 110. UDM 312 is configured to store subscription data/information for UE 110. UDM 312 may store three types of user data: subscription, policy, and session-related context (eg, UE location). The AMF 314 is configured to provide UE-based authentication, authorization, mobility management, and so on. The SMF 316 is configured to provide the following functions: session management (SM), Internet Protocol (IP) address allocation and management of the UE, selection and management of the UPF, termination of interfaces to the PCF 318, policy enforcement and quality control part Quality of Service (QoS), police interception, SM termination of NAS message parts, Downlink Data Notification (DNN), roaming function, local enforcement processing for applying QoS for Service Level Agreements Agreement - SLA), billing data collection and billing interface, etc. If UE 110 has multiple sessions, different SMFs may be allocated to each session to manage them individually and possibly provide different functionality for each session. The PCF 318 is configured to support a unified policy framework for managing network behavior and providing policy rules for control plane functions for QoS enforcement, billing, access control, traffic routing, and so on. AF 320 provides packet flow information to PCF 318. PCF 318 is configured to determine mobility and session control policy rules based on said information so that AMF 314 and SMF 316 work properly.

UPF 324 supports various user plane operations and functions such as packet routing and forwarding, traffic processing (e.g., QoS enforcement), Intra-RAT/Inter-RAT mobility anchor point (if applicable), packet inspection, and policy enforcement. , police interception (UP collection), traffic accounting and reporting, etc. The data network 240 is not part of the core network and provides Internet access, operator services, third party services, and so on. For example, the International Telecommunication Union (ITU) has classified 5G mobile network services into three categories: Enhanced Mobile Broadband (EMBB), Ultra-reliable and Low-Latency Communications (uRLLC) and Massive Machine Type Communications (mMTC) or Massive Internet of Things (MIoT). eMBV focuses on high-bandwidth services such as HD video, Virtual Reality (VR) and Augmented Reality (AR). uRLLC focuses on delay-sensitive services such as automated driving and remote control. mMTC and MIoT focus on services that have high connectivity requirements such as smart city and smart agriculture. Communication network 240 may be configured to provide these and other services.

Architecture 300 contains the following reference points. The N1 reference point is implemented between UE 110 and AMF 314. The N2 reference point is implemented between (R)AN 120 and AMF 314. The N3 reference point is implemented between (R)AN 120 and UPF 324. The N4 reference point is implemented between SMF 316 and UPF 324. Reference point N5 is implemented between PCF 318 and AF 320. Reference point N6 is implemented between UPF 324 and data network 240. Reference point N7 implemented between SMF 316 and PCF 318. Reference point N8 implemented between UDM 312 and AMF 314. Reference point N9 implemented between two UPF 324. Reference point N10 implemented between UDM 312 and SMF 316. Reference point N11 implemented between AMF 314 and SMF 316. Reference point N12 is implemented between AMF 314 and AUSF 310. Reference point N13 is implemented between UDM 312 and AUSF 310. Reference point N14 is implemented between two AMFs. Reference point N15 is implemented between PCF 318 and AMF 314 in case of non-roaming scenario. Reference point N22 implemented between NSSF 313 and AMF 314.

Fig. 4 illustrates a next generation network roaming architecture 400. The architecture in Fig. 4 is a local break scenario in the reference point representation, as further described in 3GPP TS 23.501 (vl5.3.0). The roaming scenario shows a Visited Public Land Mobile Network (VPLMN) 402 and a Home PLMN (HPLMN) 404. The HPLMN 404 identifies the PLMN that stores the mobile subscriber profile. The VPLMN is the PLMN on which the mobile subscriber roamed when leaving his HPLMN. Users roaming to other networks will receive subscription information from HPLMN 404. In a local breakthrough scenario, PCF 318 (hPCF), UDM 312 and AUSF 310 are in HPLMN 404 for UE 110. Other network functions containing visited PCF (visited PCF - vPCF) 418 are in VPLMN 402.

Fig. 5 illustrates a radio protocol stack 500, for example, for air interface 122. As described herein, user plane 512 contains a set of protocols used to transfer actual user data over a network, and control plane 514 contains protocols used to manage and establish user connections and channels on the network. For the user plane 512 and the control plane 514, the radio protocol stack 500 comprises a physical (PHY) layer 501, a Medium Access Control (MAC) layer 502, a Radio Link Control (RLC) layer 503, and a layer 504 Packet Data Convergence Protocol (PDCP). The control plane 514 further comprises a Radio Resource Control (RRC) layer 505 and a Non-Access Layer (NAS) layer 506.

The physical layer 501 carries all information from the MAC transport channels over the air interface. Data and signaling messages are carried over physical channels between different layers of the physical layer 501. Physical channels are divided into physical data channels and physical control channels. The physical data channels may include a Physical Downlink Shared Channel (PDSCH), a Physical Broadcast Channel (PBCH), a Physical Multicast Channel (PMCH), a Physical Uplink Shared Channel ( Physical Uplink Shared Channel - PUSCH) and physical random access channel (Physical Random Access Channel - PRACH). The physical control channels may include a Physical Control Format Indicator Channel (PCFICH), a Physical Hybrid ARQ Indicator Channel (PHICH), a Physical Downlink Control Channel (PDCCH), and a Physical Uplink Control Channel. communication line (Physical Uplink Control Channel - PUCCH).

MAC layer 502 is responsible for mapping between logical channels and transport channels, multiplexing MAC service data units (SDU) from one or different logical channels into transport blocks (transport block - TV) that will be delivered to the physical layer over transport channels , demultiplexing MAC SDUs from one or different logical channels from transport blocks delivered from the physical layer over transport channels, reporting scheduling information, error correction with Hybrid Automatic Repeat Request (HARQ), processing priorities between UEs by dynamic scheduling, priority processing between logical channels of the same UE, and logical channel prioritization. Layer 503 RLC is responsible for the transmission of blocks of protocol data (Protocol Data Unit - PDU) of the upper layer, error correction through ARQ and concatenation, segmentation and reassembly of the RLC SDU. The RLC layer 503 is also responsible for RLC PDU data resegmentation, RLC PDU data reordering, duplication detection, RLC SDU reset, RLC reestablishment, and protocol error detection. PDCP layer 504 is responsible for header compression and IP data decompression, data transfer (user plane or control plane), maintenance of PDCP sequence numbers (Sequence Number - SN), sequential delivery of upper layer PDUs during lower layer re-establishment, redundant elimination of lower layer SDUs when restoring lower levels for radio bearers mapped in RLC Acknowledged Mode (AM), encryption and decryption of user plane data and control plane data, integrity protection and control plane data integrity checking, timer-based drop, drop duplicate, etc. d. The RRC layer 505 is responsible for broadcasting NAS-related system information, broadcasting access layer (AS)-related system information, paging, establishing, maintaining, and releasing an RRC connection between UE and RAN, security functions including key management, establishing , configuration, maintenance and release of point-to-point radio channels (Radio Bearer - RB). The NAS layer 506 represents the highest layer of the control plane 514 between the UE and the core network (eg, MME/AMF) and supports UE mobility and session management procedures for establishing and maintaining an IP connection between the UE and the core network.

One of the objectives of networks is to improve the overall security of the system. Of particular concern is protecting the security of NAS messages. In the embodiments described herein, UE 110 and network element 132 are enhanced to provide additional security protection for NAS messages.

Fig. 6 is a block diagram of UE 110 in an exemplary embodiment. The UE 110 includes an air interface component 602, one or more processors 604, a memory 606, a user interface component 608, and a battery 610. The air interface component 602 is a hardware component that represents the local radio resources of the UE 110, such as an RF unit 620 (e.g., transceiver) and one or more antennas 622 used for wireless communication with a base station (eg, base station 124) via radio or "over the air" signals. Processor 604 is the internal circuitry, logic, hardware, software, etc. that provides the functions of UE 110. Processor 604 may be configured to execute software instructions 640 that are loaded into memory 606. Processor 604 may contain a set of one or more processors, or may contain a multiprocessor core, depending on the particular implementation. The storage device 606 is a computer-readable medium for storing data, instructions 640, applications, and so on. and is available to processor 604. Memory 606 is a hardware storage device capable of storing information on a temporary and/or permanent basis. The storage device 606 may include random access memory or any other volatile or non-volatile data storage device. Component 608 user interface is a hardware component for interaction with the end user. For example, the user interface component 608 may include a display 650, a screen, a touch screen, and the like. (for example, liquid crystal display (Liquid Crystal Display - LCD), LED (Light Emitting Diode - LED) display, etc.). The user interface component 608 may include a keyboard or keypad 652, a tracking device (eg, a trackball or trackpad), a speaker, a microphone, and so on. UE 110 also includes a Universal Integrated Circuit Card (UICC) 660, which is a hardware device that provides security and integrity functions to UE 110. UICC 660 may include a Universal Subscriber Identity Module (USIM) 662 ) that stores or indicates one or more public keys for the HPLMN for UE 110 along with other credentials. UE 110 may include various other components not specifically illustrated in FIG. 6.

Processor 604 may implement one or more applications 630. These applications 630 may access downlink (DL) data via RAN 120 and core network 130, and may also generate uplink (UL) data for transmission. to the destination via RAN 120 and core network 130. Processor 604 also implements a NAS controller 634 that is configured to manage NAS procedures, as described in more detail below.

Fig. 7 is a block diagram of network element 132 in an exemplary embodiment. The network element 132 is a server, device, apparatus, equipment (including hardware), system, facility, etc. that provides security and registration for the UE. For example, network element 132 may include MME 214 in an LTE network, next generation AMF element 314, and so on. In this embodiment, network element 132 includes the following subsystems: network interface component 702, security manager 704, and registration manager 706 that run on one or more platforms. Network interface component 702 may include circuitry, logic, hardware, facility, etc., configured to exchange control plane messages or signaling with other network elements and/or UEs (eg, via RAN 120). The network interface component 702 may operate using a variety of protocols (including the NAS protocol) or reference points. The security manager 704 may comprise circuitry, logic, hardware, means, etc., configured to handle authentication and/or security procedures for the UE, e.g., to create a NAS security context, select NAS security algorithm(s) for a security context. NAS, etc. The registration manager 706 may contain circuitry, logic, hardware, means, etc., configured to register for the UE.

One or more subsystems of network element 132 may be implemented on a hardware platform consisting of analog and/or digital circuits. One or more subsystems of network element 132 may be implemented in a processor 730 that executes instructions stored in memory 732. Processor 730 includes an integrated hardware circuit configured to execute the instructions, and memory 732 is a machine-readable, non-volatile storage medium for data, instructions, applications, etc. and available to the 730 processor.

Network element 132 may include various other components not specifically illustrated in FIG. 7.

The NAS procedure may be executed or invoked when a NAS security context already exists between the UE and the access security management entity (eg, AMF, MME, etc.). The goal of NAS security is to securely deliver NAS messages between a UE and an access security control entity in the control plane using NAS security keys. The NAS security keys are generated each time an authentication is performed for the UE. After the NAS security setting is completed, the UE and the access security control entity can share the NAS encryption key and the NAS integrity key, which are used to encrypt and protect the integrity, respectively, of NAS messages before transmission. The NAS procedure can also be executed or invoked when no NAS security context exists. This scenario is described first.

Example 1: No security context

Fig. 8 is a flowchart illustrating a method 800 for performing a NAS procedure at UE 110 in an exemplary embodiment. The steps of method 800 will be described with reference to UE 110 in FIG. 6, but those skilled in the art will appreciate that method 800 may be performed on other networks or architectures. In addition, the steps of the flow charts described herein are not exhaustive and may include other steps not shown, and the steps may be performed in an alternative order.

For this embodiment, it can be assumed that there is no NAS session between UE 110 and network element 132. In addition, it can be assumed that UE 110 is in an unattached mode (eg, idle mode) and transitions to a connected mode. The NAS controller 634 at UE 110 initiates a NAS procedure to establish a NAS session between UE 110 and network element 132 (block 802). For example, the NAS procedure may contain a registration procedure. Each NAS procedure contains a set of mandatory NAS protocol IEs and may also contain a set of optional NAS protocol IEs for information transfer. Thus, the NAS controller 634 can identify the NAS protocol IEs (mandatory and optional) for the NAS procedure.

In this embodiment, the NAS procedure is performed in multiple phases 831-832. For the first phase 831 of the NAS procedure, the NAS controller 634 identifies a subset of the NAS protocol IEs that are intended for security-related processing (block 804). A subset of NAS protocol IEs dedicated to security-related processing refers to IEs used to create or establish a NAS security context for a UE. It may be desirable to provide minimum information in the first phase 831, so a subset of NAS protocol IEs may contain a minimum number of NAS procedure IEs that are used to establish the NAS security context. For the registration procedure, in one example, a subset of NAS protocol IEs may consist of a mobile identity for the UE (e.g., 5G-GUTI or Subscription Concealed IdentiflEsr - SUCI), a UE security capability indicating one or more security algorithms supported by UE, registration type (eg, initial, mobile, periodic, emergency, etc.) and security key set identifier for the UE's NAS security context (eg, ngKSI, eKSI, etc.).

The NAS controller 634 may format or generate an initial NAS message for the NAS procedure, such as an initial registration request. The initial NAS message refers to the first NAS message that is sent after the UE transitions from an unattached mode (eg, idle mode) to a connected mode. The NAS controller 634 includes or inserts a subset of the NAS protocol IEs in the initial NAS message (block 806). In the first phase 831, the initial NAS message is populated with a subset of the NAS protocol IEs, and the IEs that are populated in the initial NAS message are limited to (i.e., consist only or exclusively of) a subset of the NAS protocol IEs that are selected for security-related processing. Since the initial NAS message does not contain all of the required NAS protocol IEs for the NAS procedure, the initial NAS message in the first phase 831 is considered a "partial" message. Other mandatory NAS protocol IEs that are excluded from the subset will be included in another NAS message (as part of the second phase 832). The NAS controller 634 then sends an initial NAS message to the network element 132 (block 810).

Before sending the initial NAS message, NAS controller 634 may optionally encrypt a subset of the NAS protocol IEs in the initial NAS message using the public key HPLMN for UE 110 (optional step 808). Each HPLMN can assign public keys according to an Elliptic Curve Integrated Encryption Scheme (ECIEs). There can be multiple public keys depending on the security scheme. HPLMN public keys are typically provided to USIM 662 by UE 110. Thus, NAS controller 634 may encrypt a subset of NAS protocol IEs identified for first phase 831 in the initial NAS message. The decision as to whether a subset of the NAS protocol IEs should be encrypted using the public key may be based on policy or criteria. For example, the NAS controller 634 may encrypt a subset of the NAS protocol IEs when the registration type does not indicate an emergency (eg, registration type = initial), and may send the initial NAS message without encryption when the registration type indicates an emergency. In another example, NAS controller 634 may encrypt a subset of NAS protocol IEs when UE 110 has the public key programmed into its USIM 662 and may send the initial NAS message without encryption when UE 110 does not have the public key programmed into USIM 662.

Fig. 9 is a flowchart illustrating a method 900 for performing a NAS procedure at a network element 132 in an exemplary embodiment. The steps of method 900 will be described with reference to network element 132 in FIG. 7, but those skilled in the art will appreciate that method 900 may be performed on other networks or architectures.

For the first phase 831, the network interface component 702 of the network element 132 receives an initial NAS message from the UE 110 (block 902). Upon receiving the initial NAS message, the security manager 704 may further process the initial NAS message to determine if the information is encrypted using the HPLMN public key. When the initial NAS message is encrypted, the security manager 704 may initiate decryption of a subset of the NAS protocol IEs in the initial NAS message (optional step 904). In one example, the security manager 704 may be configured to internally decrypt a subset of the NAS protocol IEs. In another example, the security manager 704 may send the subset of NAS protocol IEs to another network element (eg, UDM element 312) to decrypt the subset of NAS protocol IEs.

The security manager 704 processes a subset of the NAS protocol IEs and determines that no NAS security context exists for UE 110 (block 906). Since there is no NAS security context, the security manager 704 may initiate an authentication procedure to authenticate the UE 110 (block 908). An authentication procedure (eg, Authentication and Key Agreement (AKA)) is used to perform mutual authentication between UE 110 and mobile network 100. Although authentication procedures may vary, in general, security manager 704 may send an authentication request to UE 110 along with an token (optional step 910) through the network interface component 702. In response to the authentication request, UE 110 processes the authentication steps at its end and attempts to verify the authentication token (see step 812 in FIG. 8). If successful, UE 110 considers that mobile network 100 has been authenticated. UE 110 computes a response token and sends an authentication response with a response token, which is received by the security manager 704 (optional step 912) via the network interface component 702. The security manager 704 (or other network element) can then determine if the response token is valid (eg, compare the response token with the expected response token). If the response token is valid, then the security manager 704 considers the UE 110 authenticated.

When UE 110 is acknowledged, security manager 704 initiates a NAS security procedure to establish a NAS security context (block 914). For the NAS security procedure, the security manager 704 selects one or more NAS security algorithms for the NAS security context (block 916) and defines one or more NAS security keys (eg, KAMF, KASME, etc.). The NAS security algorithm may comprise a NAS encryption algorithm and an integrity protection algorithm. The security manager 704 then sends a response to the UE that indicates or contains the NAS security algorithm(s) and the security key set identifier selected for the NAS security context (block 918) via the network interface component 702. The response may contain a security mode command that contains the NAS's security algorithm(s), a security keyset identifier (eg, ngKSI, eKSI, etc.), and other information.

In FIG. 8, NAS controller 634 of UE 110 receives a response from network element 132 that indicates the NAS security algorithm(s) and security key set ID (block 814). With the information provided in the response from the network element 132, a NAS security context is established between the UE 110 and the network element 132. Thus, subsequent NAS messages between UE 110 and network element 132 can be secured using the NAS security context.

For the second phase 832 of the NAS procedure, the NAS controller 634 includes or inserts the NAS protocol IEs for the NAS procedure in the initial NAS message (block 816). The initial NAS message is a copy, duplicate, or the same type of initial NAS message that was previously sent to the network element 132 in the first phase 831. At this stage, the initial NAS message contains the entire set of NAS protocol IEs for the NAS procedure (mandatory and optional (optional) ). Since the initial NAS message contains each of the mandatory NAS protocol IEs for the NAS procedure, the initial NAS message in the second phase 832 is considered a "full" NAS message.

NAS controller 634 of UE 110 may format or generate a subsequent NAS message for the NAS procedure. For example, the subsequent NAS message may contain a security mode completion message. The NAS controller 634 includes or inserts the initial NAS message into the NAS message container of the subsequent NAS message (block 818). A NAS message container is an IE type used to encapsulate an open NAS message. The NAS controller 634 encrypts the NAS message container of the subsequent NAS message using the NAS security algorithm(s) (block 820). Thus, the complete initial NAS message is encrypted in the NAS message container of the subsequent NAS message. The NAS controller 634 then sends a subsequent NAS message to the network element 132 (block 822).

In FIG. 9, for the second phase 832, the network interface component 702 receives a subsequent NAS message from the UE 110 (block 920). The security manager 704 decrypts the NAS message container of the subsequent NAS message using the NAS security algorithm(s) (step 922) to access the complete initial NAS message. The security manager 704 or other subsystems of the network element 132 may then process the NAS protocol IEs from the complete NAS initial message to further execute the NAS procedure. For example, registration manager 706 may send a registration confirmation message to UE 110 and receive a registration completed message from UE 110 (optional step 924). One of the technical advantages of this process is that only the NAS protocol IEs that are needed to establish the NAS security context are sent unencrypted or encrypted according to the HPLMN public key in the partial NAS initial message, while the full NAS initial message is encrypted in a subsequent NAS message that provides additional security protection.

Fig. 10 is a message diagram showing a NAS procedure when a UE does not have a security context in an exemplary embodiment. The NAS procedure shown in FIG. 10 is a registration procedure, but similar concepts may apply to other NAS procedures. This example is shown in a 5G network with a network element 132 containing an AMF element 314.

This NAS procedure is again performed in multiple phases. For the first phase, UE 110 generates or formats an initial registration request for the NAS registration procedure. The NAS registration procedure has a set of NAS protocol IEs (mandatory and optional) that are used to transfer information. In this embodiment, UE 110 does not populate the initial registration request with the full set of NAS protocol IEs in the first phase. Instead, UE 110 identifies the NAS protocol IEs that are needed to establish the NAS security context. Thus, UE 110 identifies a subset of NAS protocol IEs that are intended for security-related processing. In this example, a subset of NAS protocol IEs may consist of a 5G Globally Unique Temporary Identity (5G-GUTI), UE security capability, registration type, and ngKSI. UE 110 inserts a subset of NAS protocol IEs in the initial registration request. Because the initial registration request does not contain all of the mandatory NAS protocol IEs for the NAS registration procedure, the initial registration request in the first phase is a "partial" request. UE 110 may also insert other information in the initial registration request, such as the SUCI generated by UE 110. In this example, UE 110 encrypts a subset of the NAS protocol IEs using the HPLMN public key and sends the initial registration request to AMF element 314 (S1). The security scheme and public key identifier used for encryption are the same as the security scheme and public key identifier specified in SUCI. However, as described above, encryption of a subset of the NAS protocol IEs using the HPLMN public key is optional. If the SUCI security scheme is NULL, then the subset of NAS protocol IEs is unencrypted.

In response to receiving the initial registration request, AMF element 314 routes the information to the home UDM UE for decryption based on the PLMN UE ID and the routing ID. Thus, AMF element 314 formats or generates an authentication request (ie, Nausf_UEAuthentication_Authenticate Request) and inserts an encrypted subset of NAS protocol IEs into the authentication request along with other information (eg, SUCI and serving network name). The AMF element 314 then sends an authentication request to the AUSF element 310 (S2). In response to receiving the authentication request, the AUSF element 310 formats or generates an authentication request (ie Nudm_UEAuthentication_Get Request) and inserts an encrypted subset of the NAS protocol IEs into the authentication request along with other information. The AUSF element 310 then sends an authentication request to the UDM element 312 (S3).

In response to the authentication request, the UDM element 312 decrypts the subset of NAS protocol IEs using the private key HPLMN (i.e., applying the information according to the security scheme chosen for SUCI) so that the subset of NAS protocol IEs becomes readable. UDM element 312 also contains functions related to the Authentication Credential Repository and Processing Function (ARPF) function of the Authentication Credential Repository and Processing Function (ARPF), which selects an authentication method and calculates authentication data and key materials (e.g., tokens) for AUSF element 310 (if necessary). ). UDM element 312 formats or generates an authentication response (ie Nudm_UEAuthentication_Get Response) for AUSF element 310 and inserts the decrypted subset of NAS protocol IEs, authentication vector (AV) and other information into the authentication response. UDM element 312 then sends an authentication response to AUSF element 310 (S4). In response to receiving a different authentication response, AUSF element 310 formats or generates an authentication response (ie, Nuasf_UEAuthentication_Authenticate Response) for AMF element 314 and inserts the decrypted subset of NAS protocol IEs, AVs, and other information into the authentication response. AUSF element 310 then sends an authentication response to AMF element 314 (S5).

The AMF element 314 is configured to perform an authentication procedure with the UE 110 using the information provided by the UDM/AUSF. For example, AMF element 314 sends an authentication request to UE 110 along with an authentication token (S6) from the AV, and UE 110 tries to verify the authentication token. If successful, UE 110 computes a response token and sends an authentication response with a response token, which is received by AMF element 314 (S7). The AMF element 314 formats or generates another authentication request (ie Nausf_UEAuthentication_Authenticate Request) and inserts the response token from UE 110 into the authentication request along with other information. The AMF element 314 then sends an authentication request to the AUSF element 310 (S8). AUSF element 310 checks if the response token from UE 110 matches the expected response token and sends an authentication response (ie, Nausf_UEAuthentication_Authenticate Response) to AMF element 314 indicating authentication success/failure.

When UE 110 authenticates to the network, AMF element 314 initiates a NAS security procedure to establish a NAS security context. AMF element 314 selects the NAS security algorithm (or multiple algorithms) for encryption and integrity protection. The AMF element 314 formats or generates a security mode command message and inserts the NAS security policy indicator(s), ngKSI, and other information into the security mode command message. Then, AMF element 314 sends a security mode command message to UE 110 (S10).

For the second phase of the NAS procedure, UE 110 applies ngKSI and the NAS security algorithm to determine the appropriate keys to secure subsequent NAS messages. Thus, a NAS security context is established between the UE 110 and the AMF element 314 . UE 110 includes or inserts NAS protocol IEs for the NAS registration procedure in the initial registration request, which is a copy, duplicate, or the same type of message as the initial registration request previously sent in the first phase. The initial registration request contains all mandatory NAS protocol IEs and any additional NAS protocol IEs that are used to transfer information. Additional NAS protocol IEs may include: Non-current Native NAS Keyring ID, 5G Mobility Management (MM) capability, Network Slice Selection Assistance Information (NSSAI) requested, Last Visited Registered Tracking Area ID ( Tracking Area IdentiflEsr - TAI), UE SI Network Capabilities, Uplink Data Status, PDU Session Status, Mobile Initiated Connection Only (MICO), UE Status, Optional GUTI, Allowed PDU Session Status, UE application setting, requested Discontinuous Reception (DRX), NAS EPS message container, and payload container. Thus, the initial registration request is a "full" request in the second phase, since it contains all the mandatory NAS protocol IEs. The UE 110 formats or generates a security mode execution message and inserts the complete initial registration request into the NAS message container of the security mode execution message. UE 110 encrypts the NAS message container of the security mode execution message by applying the NAS security algorithm of the NAS security context. Thus, the complete initial registration request is encrypted in the NAS message container of the security mode completion message. UE 110 then sends a security mode execution message to AMF element 314 (S11).

The AMF element 314 receives the security mode progress message from UE 110 and decrypts the security mode progress message NAS message container for accessing the NAS protocol IEs from the complete initial registration request. The AMF element 314 then continues the registration procedure, for example by sending a registration confirmation message to UE 110 (S12). UE 110 responds to AMF element 314 with a registration done message (S13), after which UE 110 registers with the network to access services.

Example 2: No security context

In another example of a NAS procedure when no security context exists, FIG. 11 is a flowchart illustrating a method 1100 for performing a NAS procedure at UE 110 in an exemplary embodiment. The NAS controller 634 at UE 110 initiates a NAS procedure to establish a NAS session between UE 110 and network element 132 (block 1102). The NAS controller 634 identifies NAS protocol IEs (mandatory and optional) for the NAS procedure (block 1104). The NAS controller 634 may format or generate a first NAS initial message for the NAS procedure and include or insert NAS protocol IEs in the first NAS initial message (block 1106). At this point, the first initial NAS message contains the entire set of NAS protocol IEs for the NAS procedure (mandatory and optional (optional)). Since the first initial NAS message contains each of the required NAS protocol IEs for the NAS procedure, the first initial NAS message is considered a "complete" NAS message.

The NAS controller 634 also formats or generates a second initial NAS message that is a duplicate of the first initial NAS message (block 1108). A duplicate message refers to a message of the same type for a NAS procedure. For example, if the first NAS initial message is a registration request, then the second NAS initial message is also a registration request. However, the IEs that are populated in the duplicate message may differ from the original message. The NAS controller 634 includes or inserts the first initial NAS message into the NAS message container of the second initial NAS message (block 1110). NAS controller 634 encrypts the NAS message container of the second initial NAS message using the public key HPLMN for UE 110 (block 1112). Thus, the complete first NAS initial message is encrypted in the NAS message container of the second NAS initial message. The NAS controller 634 then sends a second initial NAS message to the network element 132 (block 1114).

Fig. 12 is a flowchart illustrating a method 1200 for performing a NAS procedure at a network element 132 in an exemplary embodiment. Network interface component 702 of network element 132 receives a second initial NAS message from UE 110 (block 1202). When the NAS message container is encrypted, as in this example, the security manager 704 initiates decryption of the NAS message container (step 1204) to access the first initial NAS message. In one example, the security manager 704 may be configured to decrypt the NAS message container. In another example, the security manager 704 may send the NAS message container to another network element (eg, UDM element 312) to decrypt the NAS message container.

After decrypting the NAS message container, the security manager 704 has access to the first initial NAS message. The first initial NAS message is populated with NAS protocol IEs for the NAS procedure. The security manager 704 may process the NAS protocol IEs and determine that no NAS security context exists for UE 110 (block 1206). Since there is no NAS security context, the security manager 704 may initiate an authentication procedure to authenticate UE 110 (block 1208). For the authentication procedure, the security manager 704 may send an authentication request to the UE 110 along with an authentication token (optional step 1210) via the network interface component 702. In response to the authentication request, UE 110 processes the authentication steps at its end and attempts to verify the authentication token (see step 1116 in FIG. 11). If successful, UE 110 considers that mobile network 100 has been authenticated. UE 110 computes a response token and sends an authentication response with a response token, which is received by the security manager 704 (optional step 1212) via the network interface component 702. The security manager 704 (or other network element) can then determine if the response token is valid (eg, compare the response token with the expected response token). If the response token is valid, then the security manager 704 considers the UE 110 authenticated.

When UE 110 is acknowledged, security manager 704 initiates a NAS security procedure to establish a NAS security context (block 1214). For the NAS security procedure, the security manager 704 selects one or more NAS security algorithms for the NAS security context (block 1216) and determines one or more NAS security keys (eg, KAMF, KASME, etc.). The security manager 704 then formats or generates a security mode command and sends a security mode command to the UE 110 that indicates or contains the NAS security algorithm(s) and the security key set identifier selected for the NAS security context (block 1218) via the network interface component 702 .

In FIG. 11, NAS controller 634 of UE 110 receives a security mode command from network element 132 that indicates the NAS security policy(s) (block 1118). Using the information provided in the security mode command, a NAS security context is established between the UE 110 and the network element 132. Thus, subsequent NAS messages between UE 110 and network element 132 can be secured using the NAS security context. Controller 634 of NAS UE 110 may then format or generate a security mode execution message and send a security mode execution message to network element 132 (block 1120). In FIG. 12, the network interface component 702 receives the execution of the security mode from the UE 110 (block 1220). The security manager 704 may decrypt any subsequent NAS messages using the NAS security algorithm(s). One of the technical advantages of this process is that only the NAS protocol IEs that are needed to establish the NAS security context are inserted as unencrypted in the partial NAS initial message, while the full NAS initial message is encrypted into the partial NAS initial message, which provides additional security protection.

Fig. 13 is a message diagram showing a NAS procedure when a UE does not have a security context in an exemplary embodiment. The NAS procedure shown in FIG. 13 is a registration procedure, but similar concepts may apply to other NAS procedures. UE 110 generates or formats a registration request for a NAS registration procedure. In this embodiment, UE 110 populates the registration request with the complete set of NAS protocol IEs. Thus, the registration request is a complete registration request.

UE 110 also generates or formats another registration request that is a duplicate of the complete registration request. The other registration request is of type "initial" and is therefore an initial registration request. Instead of filling in each of the mandatory NAS protocol IEs in the full registration request, UE 110 inserts the full registration request into the initial registration request NAS message container. UE 110 may also insert other information in the initial registration request, such as the SUCI generated by UE 110. In this example, UE 110 encrypts the initial registration request NAS message container using the HPLMN public key and sends the initial registration request to AMF element 314 (S1).

In response to receiving the initial registration request, AMF element 314 routes the information to the home UDM UE for decryption based on the PLMN UE ID and the routing ID. Thus, AMF element 314 formats or generates an authentication request (ie, Nausf_UEAuthentication_Authenticate Request) and inserts an encrypted initial registration request NAS message container into the authentication request along with other information. The AMF element 314 then sends an authentication request to the AUSF element 310 (S2). In response to receiving an authentication request, AUSF element 310 formats or generates an authentication request (ie Nudm_UEAuthentication_Get Request) and inserts an encrypted NAS message container into the authentication request along with other information. The AUSF element 310 then sends an authentication request to the UDM element 312 (S3).

In response to the authentication request, the UDM element 312 decrypts the encrypted NAS message container using the private key HPLMN so that the complete registration request becomes readable. UDM element 312 also selects an authentication method and computes authentication data and key materials (eg, tokens) for AUSF element 310 (if necessary). UDM element 312 formats or generates an authentication response (i.e., Nudm_UEAuthentication_Get Response) for AUSF element 310 and inserts the decrypted NAS message container, authentication vector (AV), and other information into the authentication response. UDM element 312 then sends the authentication response to AUSF element 310 (S4) . In response to receiving an authentication response, AUSF element 310 formats or generates an authentication response (i.e., Nuasf_UEAuthentication_Authenticate Response) for AMF element 314 and inserts the decrypted message container NAS, AV, and other information into the authentication response. AUSF element 310 then sends the authentication response to AMF element 314 (S5).

The AMF element 314 is configured to perform an authentication procedure with the UE 110 using the information provided by the UDM/AUSF. For example, AMF element 314 sends an authentication request to UE 110 along with an authentication token (S6) from the AV, and UE 110 tries to verify the authentication token. If successful, UE 110 computes a response token and sends an authentication response with a response token, which is received by AMF element 314 (S7). The AMF element 314 formats or generates another authentication request (ie Nausf_UEAuthentication_Authenticate Request) and inserts the response token from UE 110 into the authentication request along with other information. The AMF element 314 then sends an authentication request to the AUSF element 310 (S8). AUSF element 310 checks if the response token from UE 110 matches the expected response token and sends an authentication response (ie, Nausf_UEAuthentication_Authenticate Response) to AMF element 314 indicating authentication success/failure.

When UE 110 authenticates to the network, AMF element 314 initiates a NAS security procedure to establish a NAS security context. AMF element 314 selects the NAS security algorithm (or multiple algorithms) for encryption and integrity protection. The AMF element 314 formats or generates a security mode command message and inserts the NAS security policy indicator, ngKSI, and other information into the security mode command message. Then, AMF element 314 sends a security mode command message to UE 110 (S10). UE 110 uses ngKSI and the NAS security algorithm to determine the appropriate keys to secure subsequent NAS messages. Thus, a security context is established between UE 110 and AMF element 314 . UE 110 formats or generates a security mode execution message and sends a security mode execution message to AMF element 314 (S11).

The AMF element 314 continues the registration procedure, for example by sending a registration confirmation message to the HaUE 110 (S12). UE 110 responds to AMF element 314 with a registration done message (S13), after which UE 110 registers with the network to access services.

Example 3: Security context exists - security context is valid

In further examples, the NAS procedure may be executed or invoked when a NAS security context already exists between the UE and the access security management entity (eg, AMF, MME, etc.). The following are examples of the NAS procedure in the presence of a NAS security context.

Fig. 14 is a flowchart illustrating a method 1400 for performing a NAS procedure at UE 110 in an exemplary embodiment. NAS controller 634 at UE 110 initiates a NAS procedure to establish (or re-establish) a NAS session between UE 110 and network element 132 (block 1402). The NAS controller 634 identifies a subset of NAS protocol IEs that are intended for security-related processing (block 1404). The NAS controller 634 formats or generates the first NAS message for the NAS procedure, such as a registration request of type "mobility", "periodic", etc. The NAS controller 634 includes or inserts a subset of the NAS protocol IEs in the first NAS message (block 1406).

The NAS controller 634 also formats or generates a second NAS message that is a duplicate of the first NAS message. The NAS controller 634 includes or inserts the NAS protocol IEs for the NAS procedure in the second NAS message (block 1408). At this point, the second NAS message contains the entire set of NAS protocol IEs for the NAS procedure (mandatory and optional (optional)). Because the second NAS message contains each of the mandatory NAS protocol IEs for the NAS procedure, the second NAS message is considered a "complete" NAS message.

The NAS controller 634 includes or inserts the second NAS message into the NAS message container of the first NAS message (block 1410). The NAS controller 634 encrypts the NAS message container of the first NAS message using the NAS security algorithm of the NAS security context (block 1412). Thus, the complete second NAS message is encrypted in the NAS message container of the first NAS message. The NAS controller 634 then sends the first NAS message to the network element 132 (block 1414).

Fig. 15 is a flowchart illustrating a method 1500 for performing a NAS procedure at a network element 132 in an exemplary embodiment. The network interface component 702 of the network element 132 receives the first NAS message from the UE 110 (block 1502). The security manager 704 processes a subset of the NAS protocol IEs in the first NAS message to identify the NAS security context for UE 110 (block 1504). The security manager 704 then decrypts the NAS message container of the first NAS message using the NAS security context to access the second NAS message contained in the NAS message container (block 1506). When the NAS message container in the first NAS message is decrypted, the security manager 704 has access to the second NAS message in decrypted form. The second NAS message is populated with NAS protocol IEs for the NAS procedure. Thus, the security manager 704 may process the NAS protocol IEs in the second NAS message to continue further processing for the NAS procedure (block 1508). One of the technical advantages of this process is that only the NAS protocol IEs that are needed to identify the NAS security context are sent as unencrypted in the first NAS message, while the complete second NAS message is encrypted in the first NAS message, which provides additional security protection. .

16 is a message diagram showing the NAS registration procedure when the UE has a valid security context in an exemplary embodiment. UE 110 generates or formats the first registration request for the NAS registration procedure. In this embodiment, UE 110 populates the first registration request with a subset of NAS protocol IEs that are for security-related processing. This information is used to indicate the NAS security context to the AMF element 314 . For example, a subset of NAS protocol IEs may contain 5G-GUTI, registration type, and ngKSI. 110, the UE also formats or generates a second registration request that is a duplicate of the first registration request. UE 110 includes or inserts NAS protocol IEs for the NAS registration procedure in the second registration request. At this point, the second registration request contains the entire set of NAS protocol IEs for the NAS registration procedure (mandatory and optional (optional)). Because the second registration request contains each of the required NAS protocol IEs for the NAS registration procedure, the second registration request is considered a "complete" registration request.

UE 110 includes or inserts the second registration request in the first registration request NAS message container and encrypts the first registration request NAS message container using the NAS security algorithm of the NAS security context. Thus, the complete second registration request is encrypted in the NAS message container of the first registration request. UE 110 then sends the first registration request to AMF element 314 (S1).

In response to receiving the first registration request, AMF element 314 identifies or retrieves a NAS security context based on a subset of the NAS protocol IEs included in the first registration request. The AMF element 314 then decrypts the encrypted NAS message container of the first registration request using the NAS security context so that the second registration request becomes readable. Thus, the AMF element 314 may process the entire set of NAS protocol IEs for the NAS registration procedure and continue processing for the NAS registration procedure. For example, AMF element 314 sends a registration confirmation message to UE 110 (S2). UE 110 responds to AMF element 314 with a registration done message (S3), after which UE 110 registers with the network to access services.

Fig. 17 is a message diagram showing a procedure for requesting a NAS service when a UE has a valid security context in an exemplary embodiment. UE 110 generates or formats a first service request for a NAS service request procedure. In this embodiment, UE 110 populates the first service request with a subset of NAS protocol IEs that are for security-related processing, which is used to indicate the NAS security context to AMF element 314. In this example, a subset of NAS protocol IEs may contain 5G-S-TMSI and ngKSI. 110, the UE also formats or generates a second service request that is a duplicate of the first service request. UE 110 includes or inserts NAS protocol IEs for the NAS service request procedure in the second service request. At this point, the second service request contains the entire set of NAS protocol IEs for the NAS service request procedure (mandatory and optional (optional)). Because the second service request contains each of the mandatory NAS protocol IEs for the NAS service request procedure, the second service request is considered a "complete" service request.

UE 110 includes or inserts the second service request in the first service request NAS message container and encrypts the first service request NAS message container using the NAS security algorithm of the NAS security context. Thus, the complete second service request is encrypted in the NAS message container of the first service request. UE 110 then sends the first service request to AMF element 314 (S1).

In response to receiving the first service request, AMF element 314 identifies or retrieves a NAS security context based on a subset of the NAS protocol IEs included in the first service request. The AMF element 314 then decrypts the encrypted NAS message container of the first service request using the NAS security context so that the second service request becomes readable. Thus, the AMF element 314 may process the entire set of NAS protocol IEs for the NAS service request procedure and continue processing for the NAS service request procedure. For example, AMF element 314 sends a service confirmation message to UE 110 (S2).

Fig. 18 is a message diagram showing the NAS de-registration procedure when the UE has a valid security context in an exemplary embodiment. UE 110 generates or formats the first deregistration request for the NAS deregistration procedure. In this embodiment, UE 110 populates the first deregistration request with a subset of NAS protocol IEs that are for security-related processing, which is used to indicate the NAS security context to AMF element 314. In this example, a subset of NAS protocol IEs may contain 5G-S-TMSI and ngKSI. 110, the UE also formats or generates a second deregistration request that is a duplicate of the first deregistration request. UE 110 includes or inserts NAS protocol IEs for the NAS deregistration procedure in the second deregistration request. At this point, the second deregistration request contains the entire set of NAS protocol IEs for the NAS deregistration procedure (mandatory and optional (optional)). Because the second deregistration request contains each of the required NAS protocol IEs for the NAS deregistration procedure, the second deregistration request is considered a "complete" deregistration request.

UE 110 includes or inserts the second deregistration request in the first deregistration request NAS message container and encrypts the first deregistration request NAS message container using the NAS security algorithm of the NAS security context. Thus, the complete second deregistration request is encrypted in the NAS message container of the first deregistration request. UE 110 then sends the first deregistration request to AMF element 314 (S1).

In response to receiving the first deregistration request, AMF element 314 identifies or retrieves a NAS security context based on a subset of the NAS protocol IEs included in the first deregistration request. The AMF element 314 then decrypts the encrypted NAS message container of the first deregistration request using the NAS security context so that the second deregistration request becomes readable. Thus, the AMF element 314 may process the entire set of NAS protocol IEs for the NAS deregistration procedure and continue processing for the NAS deregistration procedure. For example, AMF element 314 sends a deregistration confirmation message to UE 110 (S2).

Example 4: Security context exists - security context is invalid or not found

Fig. 19A-19B are a flowchart illustrating a method 1900 for performing a NAS procedure at UE 110 in an exemplary embodiment. NAS controller 634 at UE 110 initiates a NAS procedure to establish (or re-establish) a NAS session between UE 110 and network element 132 (block 1902). For the first phase 1931 of the NAS procedure, the NAS controller 634 identifies a subset of the NAS protocol IEs that are intended for security-related processing (block 1904). The NAS controller 634 formats or generates the first NAS message for the NAS procedure and includes or inserts a subset of the NAS protocol IEs into the first NAS message (block 1906).

The NAS controller 634 also formats or generates a second NAS message that is a duplicate of the first NAS message. The NAS controller 634 includes or inserts the NAS protocol IEs for the NAS procedure in the second NAS message (block 1908). At this point, the second NAS message contains the entire set of NAS protocol IEs for the NAS procedure (mandatory and optional (optional)). Because the second NAS message contains each of the mandatory NAS protocol IEs for the NAS procedure, the second NAS message is considered a "complete" NAS message.

The NAS controller 634 includes or inserts the second NAS message into the NAS message container of the first NAS message (block 1910). The NAS controller 634 encrypts the NAS message container of the first NAS message using the NAS security algorithm of the NAS security context (block 1912). Thus, the complete second NAS message is encrypted in the NAS message container of the first NAS message. The NAS controller 634 then sends the first NAS message to the network element 132 (block 1914).

Fig. 20 is a flowchart illustrating a method 2000 for performing a NAS procedure at a network element 132 in an exemplary embodiment. For the first phase 1931 of the NAS procedure, the network interface component 702 of the network element 132 receives the first NAS message from the UE 110 (block 2002). The security manager 704 processes a subset of the NAS protocol IEs in the first NAS message and is unable to identify a valid NAS security context for UE 110 (block 2004). For example, even if the NAS security context exists, the security manager 704 may not be able to identify the NAS security context based on the subset of NAS protocol IEs provided in the first NAS message, where the NAS security context identified based on the subset of NAS protocol IEs is invalid, etc. d. Since no valid NAS security context is found, the security manager 704 initiates an authentication procedure to authenticate the UE 110 (block 2006). Even if the authentication procedure could have been performed previously, the security manager 704 performs the authentication procedure again when no valid NAS security context is found. As part of the authentication procedure, the security manager 704 may send an authentication request to the UE 110 along with an authentication token (optional step 2008) via the network interface component 702. In response to the authentication request, UE 110 attempts to verify the authentication token (see step 1916 in FIG. 19A). If successful, UE 110 considers that mobile network 100 has been authenticated. UE 110 computes a response token and sends an authentication response with a response token, which is received by the security manager 704 (optional step 2010) via the network interface component 702. The security manager 704 (or other network element) may then determine if the response token is valid (eg, compare the response token with the expected response token). If the response token is valid, then the security manager 704 considers the UE 110 authenticated.

When UE 110 is acknowledged, security manager 704 initiates a NAS security procedure to establish a new NAS security context (step 2012). For the NAS security procedure, the security manager 704 selects one or more NAS security algorithms for the new NAS security procedure (step 2014) and determines one or more NAS security keys. The security manager 704 then sends a response to the UE 110 that indicates or contains the NAS security algorithm(s) and the security key set identifier selected for the new NAS security context (step 2016) via the network interface component 702. The response may contain a security mode command that contains the NAS's security algorithm(s), security key set identifier (eg, ngKSI, eKSI, etc.) and other information.

In FIG. 19A, NAS controller 634 receives a response from network element 132 that indicates the NAS security algorithm(s) and security key set identifier (block 1918). Using the information provided in the response from the network element 132, a new NAS security context is established between the UE 110 and the network element 132. Thus, subsequent NAS messages between UE 110 and network element 132 can be secured using the new NAS security context.

For the second phase 1932 of the NAS procedure in FIG. 19B, NAS controller 634 of UE 110 may then format or generate a subsequent NAS message for the NAS procedure. For example, the subsequent NAS message may contain a security mode completion message. The NAS controller 634 includes or inserts the second NAS message for the NAS procedure into the NAS message container of the subsequent NAS message (block 1920). As described above, the second NAS message contains the entire set of NAS protocol IEs for the NAS procedure (mandatory and optional (optional)), and is considered a "complete" NAS message. The NAS controller 634 encrypts the NAS message container of the subsequent NAS message using the NAS security algorithm(s) (block 1922) of the new NAS security context. The NAS controller 634 then sends a subsequent NAS message to the network element 132 (block 1924).

In FIG. 20 for the second phase 1932, the network interface component 702 receives a subsequent NAS message from UE 110 (step 2018). The security manager 704 decrypts the NAS message container of the subsequent NAS message using the NAS security algorithm(s) (step 2020) of the new NAS security context to access the complete second NAS message. The security manager 704 or other subsystems of the network element 132 may then process the NAS protocol IEs from the complete second NAS message to provide further processing for the NAS procedure. One of the technical advantages of this process is that only the NAS protocol IEs that are needed to identify the NAS security context are sent as unencrypted in the first NAS message. When a valid NAS security context is not found, a new NAS security context is established and the complete NAS message is encrypted in a subsequent NAS message according to the new NAS security context, providing additional security protection.

Fig. 21 is a message diagram showing a NAS registration procedure when a UE has a NAS security context, but the NAS security context is invalid or not found in the exemplary embodiment. For the first phase of the NAS procedure, UE 110 generates or formats the first registration request for the NAS registration procedure. In this embodiment, UE 110 populates the first registration request with a subset of NAS protocol IEs that are intended for security-related processing. This information is used to indicate the NAS security context to the AMF element 314 . For example, a subset of NAS protocol IEs may contain 5G-GUTI, registration type, and ngKSI. 110, the UE also formats or generates a second registration request that is a duplicate of the first registration request. UE 110 includes or inserts NAS protocol IEs for the NAS registration procedure in the second registration request. At this point, the second registration request contains the entire set of NAS protocol IEs for the NAS registration procedure (mandatory and optional (optional)). Because the second registration request contains each of the mandatory NAS protocol IEs for the NAS registration procedure, the second registration request is considered a "complete" registration request.

UE 110 includes or inserts the second registration request in the first registration request NAS message container and encrypts the first registration request NAS message container using the NAS security algorithm of the NAS security context. Thus, the complete second registration request is encrypted in the NAS message container of the first registration request. UE 110 then sends the first registration request to AMF element 314 (S1).

In response to receiving the first registration request, AMF element 314 attempts to identify or retrieve a NAS security context based on a subset of the NAS protocol IEs included in the first registration request. In this example, AMF element 314 cannot identify a valid NAS security context for UE 110. Thus, AMF element 314 cannot decrypt the first registration request NAS message container. To enable secure communication, AMF element 314 initiates a new authentication procedure to create a new NAS security context. The AMF element 314 formats or generates an authentication request (ie Nausf_UEAuthentication_Authenticate Request) and sends the authentication request to the AUSF element 310 (S2). In response to receiving the authentication request, the AUSF element 310 formats or generates an authentication request (ie Nudm_UEAuthentication_Get Request) and sends the authentication request to the UDM element 312 (S3).

In response to the authentication request, the UDM element 312 unmasks the SUCI and sends an authentication response (ie Nudm_UEAuthentication_Get Response) to the AUSF element 310 (S4). In response to receiving an authentication response, AUSF element 310 formats or generates an authentication response (ie Nuasf_UEAuthentication_Authenticate Response) for AMF element 314 and sends an authentication response to AMF element 314 (S5).

The AMF element 314 is configured to perform an authentication procedure with the UE 110 using the information provided by the UDM/AUSF. For example, AMF element 314 sends an authentication request to UE 110 along with an authentication token (S6), and UE 110 tries to verify the authentication token. If successful, UE 110 computes a response token and sends an authentication response with a response token, which is received by AMF element 314 (S7). The AMF element 314 formats or generates another authentication request (ie Nausf_UEAuthentication_Authenticate Request) and inserts the response token from UE 110 into the authentication request along with other information. The AMF element 314 then sends an authentication request to the AUSF element 310 (S8). AUSF element 310 checks if the response token from UE 110 matches the expected response token and sends an authentication response (ie, Nausf_UEAuthentication_Authenticate Response) to AMF element 314 indicating authentication success/failure.

When UE 110 authenticates to the network, AMF element 314 initiates a NAS security procedure to establish a new NAS security context. AMF element 314 selects the NAS security algorithm (or multiple algorithms) for encryption and integrity protection. The AMF element 314 formats or generates a security mode command message and inserts the NAS security policy indicator, ngKSI, and other information into the security mode command message. Then, AMF element 314 sends a security mode command message to UE 110 (S10).

For the second phase of the NAS procedure, UE 110 applies ngKSI and the NAS security algorithm to determine the appropriate keys to secure subsequent NAS messages. Thus, a new NAS security context is established between UE 110 and AMF element 314 . UE 110 formats or generates a security mode execution message and inserts a second registration request into the NAS message container of the security mode execution message. As described above, the second registration request contains the entire set of NAS protocol IEs for the NAS registration procedure (mandatory and optional (optional)), and is considered a "full" NAS message. UE 110 encrypts the NAS message container of the security mode execution message by applying the NAS security algorithm of the new NAS security context. Thus, the second registration request is encrypted in the NAS message container of the security mode completion message. UE 110 then sends a security mode execution message to AMF element 314 (S11).

The AMF element 314 receives the security mode progress message from UE 110 and decrypts the security mode progress message NAS message container to access the NAS protocol IEs from the second registration request. Then, AMF element 314 continues the NAS registration procedure, for example, by sending a registration confirmation message to UE 110 (S12). UE 110 responds to AMF element 314 with a registration done message (S13), after which UE 110 registers with the network to access services.

Fig. 22 is a message diagram showing a procedure for requesting a NAS service when a UE has a NAS security context, but the NAS security context is invalid or not found in the exemplary embodiment. For the first phase of the NAS procedure, the UE 110 generates or formats the first service request for the NAS service request procedure. In this embodiment, UE 110 populates the first service request with a subset of NAS protocol IEs that are intended for security-related processing. This information is used to indicate the NAS security context to the AMF element 314 . For example, a subset of NAS protocol IEs may contain 5G-S-TMSI and ngKSI. 110, the UE also formats or generates a second service request that is a duplicate of the first service request. UE 110 includes or inserts NAS protocol IEs for the NAS service request procedure in the second service request. At this point, the second service request contains the entire set of NAS protocol IEs for the NAS service request procedure (mandatory and optional (optional)). Because the second service request contains each of the mandatory NAS protocol IEs for the NAS service request procedure, the second service request is considered a "complete" service request.

The UE 110 includes or inserts the second service request into the first service request NAS message container and encrypts the first service request NAS message container using the NAS security algorithm of the NAS security context. Thus, the complete second service request is encrypted in the NAS message container of the first service request. UE 110 then sends the first service request to AMF element 314 (S1).

In response to receiving the first service request, AMF element 314 attempts to identify or retrieve the NAS security context based on a subset of the NAS protocol IEs included in the first service request. In this example, AMF element 314 cannot identify a valid NAS security context for UE 110. Thus, AMF element 314 cannot decrypt the first service request NAS message container. To enable secure communication, AMF element 314 initiates a new authentication procedure to create a new NAS security context. The AMF element 314 formats or generates an authentication request (ie Nausf_UEAuthentication_Authenticate Request) and sends the authentication request to the AUSF element 310 (S2). In response to receiving the authentication request, the AUSF element 310 formats or generates an authentication request (ie Nudm_UEAuthentication_Get Request) and sends the authentication request to the UDM element 312 (S3).

In response to the authentication request, the UDM element 312 unmasks the SUCI and sends an authentication response (ie Nudm_UEAuthentication_Get Response) to the AUSF element 310 (S4). In response to receiving an authentication response, AUSF element 310 formats or generates an authentication response (ie Nuasf_UEAuthentication_Authenticate Response) for AMF element 314 and sends an authentication response to AMF element 314 (S5).

The AMF element 314 is configured to perform an authentication procedure with the UE 110 using the information provided by the UDM/AUSF. For example, AMF element 314 sends an authentication request to UE 110 along with an authentication token (S6), and UE 110 tries to verify the authentication token. If successful, UE 110 computes a response token and sends an authentication response with a response token, which is received by AMF element 314 (S7). The AMF element 314 formats or generates another authentication request (ie Nausf_UEAuthentication_Authenticate Request) and inserts the response token from UE 110 into the authentication request along with other information. The AMF element 314 then sends an authentication request to the AUSF element 310 (S8). AUSF element 310 checks if the response token from UE 110 matches the expected response token and sends an authentication response (ie, Nausf_UEAuthentication_Authenticate Response) to AMF element 314 indicating authentication success/failure.

When UE 110 authenticates to the network, AMF element 314 initiates a NAS security procedure to establish a new NAS security context. AMF element 314 selects the NAS security algorithm (or multiple algorithms) for encryption and integrity protection. The AMF element 314 formats or generates a security mode command message and inserts the NAS security policy indicator, ngKSI, and other information into the security mode command message. Then, AMF element 314 sends a security mode command message to UE 110 (S10).

For the second phase of the NAS procedure, UE 110 applies ngKSI and the NAS security algorithm to determine the appropriate keys to secure subsequent NAS messages. Thus, a new NAS security context is established between UE 110 and AMF element 314 . UE 110 formats or generates a security mode execution message and inserts a second service request into the NAS message container of the security mode execution message. As described above, the second service request contains the entire set of NAS protocol IEs for the NAS service request procedure (mandatory and optional (optional)), and is considered a "complete" NAS message. UE 110 encrypts the NAS message container of the security mode execution message by applying the NAS security algorithm of the new NAS security context. Thus, the second service request is encrypted in the NAS message container of the security mode execution message. UE 110 then sends a security mode execution message to AMF element 314 (SI 1).

The AMF element 314 receives the security mode completion message from UE 110 and decrypts the NAS message container of the security mode completion message to access the NAS protocol IEs from the second service request. Then, AMF element 314 continues the NAS service request procedure, for example, by sending a registration confirmation message to UE 110 (S12). UE 110 responds to AMF element 314 with a registration done message (S13).

Any of the various elements or modules shown in the figures or described herein may be implemented as hardware, software, firmware, or some combination thereof. For example, the element may be implemented as dedicated hardware. Specialized hardware elements may be called "processors", "controllers", or some similar terminology. When provided by a processor, the functions may be provided by a single dedicated processor, a single shared processor, or a collection of individual processors, some of which may be shared. Moreover, the explicit use of the term "processor" or "controller" shall not be construed as referring solely to hardware capable of executing the software, and may implicitly include, without limitation, digital signal processor (DSP) hardware, network processor, application specific integrated circuit (ASIC) or other circuit, field programmable gate array (FPGA), read only memory (ROM) for storing software, random access memory ( random access memory - RAM), non-volatile memory, logic, or some other physical hardware component or module.

In addition, an element may be implemented as instructions executable by a processor or computer to perform the functions of the element. Some examples of instructions are software, program code, and firmware. Instructions are operable when they are executed by the processor to instruct the processor to perform the functions of an element. The instructions may be stored on data storage devices that can be read by the processor. Some examples of storage devices are digital or solid state storage devices, magnetic storage media such as magnetic disks and magnetic tapes, hard drives or optically readable digital storage media.

As used in this application, the term "scheme" may refer to one or more or all of the following:

(a) implementations of circuits only in hardware (eg, implementations only in analog and/or digital circuits);

(b) combinations of hardware circuits and software, such as (if applicable):

(i) a combination of analog and/or digital hardware circuit(s) with software/firmware; and

(ii) any parts of a hardware processor(s) with software (including digital signal processor(s), software, and storage device(s) that work together to cause a device, such as a mobile phone or a server, to perform various functions ;and

(c) hardware(s) circuit(s) and/or processor(s), such as a microprocessor(s) or part of a microprocessor(s), that require software (such as firmware) to operate, but said software may be absent when it is not needed for work.

This definition of "scheme" applies to all uses of the term in this application, including in any claims. As a further example, as used in this application, the term "circuit" also encompasses the implementation of simply a hardware circuit or processor (or multiple processors) or a portion of a hardware circuit or processor and its (or their) associated software and/or firmware. The term "circuitry" also encompasses, for example, and when applicable to a particular claim element, a baseband or processor integrated circuit for a mobile device or a similar integrated circuit in a server, cellular network device, or other computing or network device.

While specific embodiments have been described herein, the scope of the disclosure is not limited to those specific embodiments. The scope of the present disclosure is defined by the following claims and any equivalents thereof.

Claims (321)

1. User Equipment (UE), comprising: at least one processor; and at least one storage device comprising a computer program code, wherein said at least one storage device and said computer program code are configured with said at least one processor to cause said UE to initiate a No Access Layer (NAS) procedure in multiple phases to establish a NAS session between the specified UE and the network element of the mobile network; wherein, in the first phase of said NAS procedure, said at least one storage device and said computer program code are configured with said at least one processor to: compose a first initial NAS message containing a first set of NAS protocol information elements (IEs) that are intended for security-related processing, wherein the first set of NAS protocol IEs contains only those NAS protocol IEs needed to establish a NAS security context; send said first NAS initial message to said network element; and receive, in response to said first NAS initial message, from said network element, a NAS security algorithm and a security keyset identifier associated with a NAS security context for use by said UE, and wherein, in the second phase of said NAS procedure, said at least one storage device and said computer program code are configured with said at least one processor: compose a subsequent NAS message, wherein said subsequent NAS message comprises a second initial NAS message encapsulated in a NAS message container IE, said second initial NAS message specifies the same message type as said first initial NAS message and comprises a first set of NAS protocol IEs and a second set of NAS protocol IEs for said NAS procedure that is different from said first set of NAS protocol IEs; and send the specified subsequent NAS message to the specified network element. 2. The UE of claim 1, wherein in said first phase of said NAS procedure, at least a subset of the NAS protocol IEs in said first set of NAS protocol IEs in said first NAS initial message is decrypted. 3. The UE of claim 1, wherein in said first phase of said NAS procedure, at least a subset of said NAS protocol IEs in said first set of NAS protocol IEs in said first NAS initial message is encrypted using a security key associated with the mobile network or the home network of the specified UE. 4. A UE according to any one of the preceding claims, characterized in that, in said second phase of said NAS procedure, said second initial NAS message is encrypted in said NAS message container using said NAS security algorithm adopted in said first phase. 5. The UE of claim 1, wherein in said second phase of said NAS procedure, said second set of NAS protocol IEs comprises said NAS protocol IEs in said first set of NAS protocol IEs and one or more additional NAS protocol IEs. 6. The UE according to claim 1, characterized in that, in said first phase of said NAS procedure, said at least one storage device and said computer program code are further configured with said at least one processor: identify from said first set of NAS protocol IEs a subset of said NAS protocol IEs that are intended for security-related processing; encrypting said subset of said NAS protocol IEs in said initial NAS message using a public key of a public terrestrial mobile home network (HPLMN) for said UE; and insert the specified subset of the specified NAS protocol IEs into the specified first initial NAS message. 7. The UE according to claim 6, characterized in that said at least one storage device and said computer program code are additionally configured with the help of said at least one processor: encrypting said subset of said NAS protocol IEs in said first NAS initial message using a public key when said UE has said public key programmed in a UMTS Subscriber Identity Module (USIM); and send said initial NAS message to said network element without encrypting said subset of said NAS protocol IEs in said first initial NAS message when said UE does not have said public key programmed into said USIM. 8. UE according to claim 6, characterized in that: said first initial NAS message contains a registration request message; and a specified NAS protocol IE subset intended for security-related processing consists of a mobile identity for a specified UE, a UE security capability indicating one or more NAS security algorithms supported by a specified UE, a registration type, and a security keyset identifier for the NAS security context . 9. The UE according to claim 8, characterized in that said at least one storage device and said computer program code are additionally configured with the help of said at least one processor: encrypting said subset of said NAS protocol IEs in said initial NAS message using a public key of a public terrestrial mobile home network (HPLMN) for said UE when said registration type does not indicate an emergency; and send the specified initial NAS message to the specified network element without encrypting the specified subset of the specified NAS protocol IEs in the specified initial NAS message when the specified registration type indicates an emergency. 10. UE according to claim 1, characterized in that: said response contains a security mode command message that indicates a specified NAS security algorithm and a specified security key set identifier; and said subsequent NAS message contains a security mode execution message containing said NAS message container that contains said initial NAS message encrypted based on said NAS security algorithm. 11. A communication network element of a mobile network, comprising: at least one processor; and at least one storage device comprising a computer program code, wherein said at least one storage device and said computer program code are configured to cause said at least one processor to cause said communication network element to perform a Non-Access Layer (NAS) procedure in multiple phases for establishing a NAS session between a user equipment (UE) and a specified communication network element; wherein, in the first phase of said NAS procedure, said at least one storage device and said computer program code are configured with said at least one processor to: receive from the specified UE a first initial NAS message containing a first set of NAS protocol information elements (IEs) that are intended for security-related processing, wherein the first set of the specified NAS protocol IEs contains only those NAS protocol IEs necessary to establish a security context NAS; compose a response to said first NAS initial message that contains the NAS security algorithm and a security keyset identifier associated with the NAS security context for use by said UE; and send to the specified UE a specified response to the specified first initial NAS message, and wherein, in the second phase of said NAS procedure, said at least one storage device and said computer program code are configured with said at least one processor: receive a subsequent NAS message from said UE, said subsequent NAS message comprising a second initial NAS message encapsulated in an IE of the NAS message container, said second initial NAS message specifying the same message type as said first initial NAS message and containing a first set a NAS protocol IE and a second set of NAS protocol IEs for said NAS procedure that is different from said first set of NAS protocol IEs. 12. The network element of claim 11, wherein in said first phase of said NAS procedure, at least a subset of the NAS protocol IEs in said first set of NAS protocol IEs in said first initial NAS message is decrypted. 13. The network element of claim 11, wherein in said first phase of said NAS procedure, at least a subset of said NAS protocol IEs in said first set of NAS protocol IEs in said first NAS initial message is encrypted using a security key associated with mobile network or home network of the specified UE. 14. The network element according to claim 12 or 13, characterized in that, in said second phase of said NAS procedure, said second initial NAS message is encrypted in said NAS message container using said NAS security algorithm adopted in said first phase. 15. The network element of claim 11, wherein in said second phase of said NAS procedure, said second set of NAS protocol IEs comprises said NAS protocol IEs in said first set of NAS protocol IEs and one or more additional NAS protocol IEs. 16. The network element of claim 11, wherein said first initial NAS message contains at least a subset of said NAS protocol IEs that are intended for security-related processing, wherein said subset of said NAS protocol IEs is encrypted by said UE using the Public Key of the Home Public Land Mobile Communications Network (HPLMN) for the specified UE. 17. The communication network element according to claim 16, characterized in that: said first initial NAS message contains a registration request message; and a specified NAS protocol IE subset intended for security-related processing consists of a mobile identity for a specified UE, a UE security capability indicating one or more NAS security algorithms supported by a specified UE, a registration type, and a security keyset identifier for the NAS security context . 18. The communication network element according to claim 11, characterized in that: said response contains a security mode command message that indicates a specified NAS security algorithm and a specified security key set identifier; and said subsequent NAS message contains a security mode execution message containing said NAS message container that contains said initial NAS message encrypted based on said NAS security algorithm. 19. Method of communication, including: initiating a Non-Access Layer (NAS) procedure in multiple phases to establish a NAS session between a user equipment (UE) and a mobile network network element, wherein, in the first phase of initiating said NAS procedure, said initiating includes: composing a first initial NAS message containing a first set of NAS protocol information elements (IEs) that are intended for security-related processing, wherein the first set of NAS protocol IEs contains only those NAS protocol IEs needed to establish a NAS security context; sending said first NAS initial message to said network element; and receiving, in response to said first NAS initial message, from said network element, a NAS security algorithm and a security key set identifier associated with a NAS security context for use by said UE, and wherein, in the second phase of initiating said NAS procedure, said initiating includes: composing a subsequent NAS message, wherein said subsequent NAS message comprises a second initial NAS message encapsulated in a NAS message container IE, wherein said second initial NAS message specifies the same message type as said first initial NAS message and contains a first set of NAS protocol IEs and a second set of NAS protocol IEs for said NAS procedure that is different from said first set of NAS protocol IEs; and sending said subsequent NAS message to said network element. 20. Method of communication, including: causing the mobile network element to perform a non-access layer (NAS) procedure in multiple phases to establish a NAS session between a user equipment (UE) and a specified network element, wherein the first phase of said NAS procedure includes: receiving from the specified UE a first initial NAS message containing a first set of NAS protocol information elements (IEs) that are intended for security-related processing, wherein the first set of NAS protocol IEs contains only those NAS protocol IEs necessary to establish a NAS security context ; composing a response to said first NAS initial message that contains the NAS security algorithm and a security context key set identifier associated with the NAS security context for use by said UE; and sending, to said UE, said response to said first initial NAS message, and wherein the second phase of said NAS procedure includes: composing a subsequent NAS message, wherein said subsequent NAS message comprises a second initial NAS message encapsulated in a NAS message container IE, wherein said second initial NAS message specifies the same message type as said first initial NAS message and contains a first set of NAS protocol IEs and a second set of NAS protocol IEs for said NAS procedure that is different from said first set of NAS protocol IEs; and sending said subsequent NAS message to said network element. 21. User equipment (UE), containing: at least one processor; and at least one storage device containing computer program code; wherein said at least one storage device and said computer program code are configured, by means of said at least one processor, to cause said UE to initiate and execute a Non-Access Layer (NAS) procedure for establishing a NAS session between said UE and a mobile network network element ; wherein said at least one storage device and said computer program code are configured with said at least one processor to: determine that the NAS security context exists for application by the specified UE; constitute a first initial NAS message, wherein said first initial NAS message contains a first set of NAS protocol information elements (IEs) that are intended for security-related processing, wherein the first set of NAS protocol IEs contains only those NAS protocol IEs necessary to establish NAS security context, decrypting a first set of NAS protocol IEs, wherein said first NAS initial message further comprises a second NAS initial message encapsulated in a NAS message container IE, said second NAS initial message specifying the same message type as said first NAS initial message. the NAS message, and contains a second set of NAS protocol IEs for the specified NAS procedure, which is different from the specified first set of NAS protocol IEs, while the second set of NAS protocol IEs is encrypted; and send the specified first initial NAS message to the specified network element. 22. The UE of claim 21, wherein said second initial NAS message is encrypted in said NAS message container using the NAS security algorithm associated with said NAS security context. 23. The UE of claim 21, wherein said second set of NAS protocol IEs comprises said NAS protocol information elements in said first set of NAS protocol IEs and one or more additional NAS protocol information elements. 24. A communication network element of a mobile network, comprising: at least one processor; and at least one storage device containing a computer program code, wherein the specified at least one storage device and the specified computer program code are configured with the help of the specified at least one processor to cause the specified communication network element to participate in the execution of the non-access layer (NAS) procedure. ) to establish a NAS session between a user equipment (UE) and a specified communication network element; wherein said at least one storage device and said computer program code are configured with said at least one processor to: receive a first initial NAS message from said UE, said first initial NAS message containing a first set of NAS protocol information elements (IEs) that are intended for security-related processing, wherein the first set of NAS protocol IEs contains only those NAS protocol IEs that necessary to establish a NAS security context, wherein a first set of NAS protocol IEs is decrypted, said first NAS initial message further comprising a second NAS initial message encapsulated in a NAS message container IE, said second NAS initial message specifying the same message type as said first NAS initial message, and contains a second set of NAS protocol IEs for said NAS procedure that is different from said first set of NAS protocol IEs, and the second set of NAS protocol IEs is encrypted. 25. The communication network element of claim 24, wherein said second initial NAS message is encrypted in said NAS message container using the NAS security algorithm associated with said NAS security context. 26. The network element of claim 24, wherein said second set of NAS protocol IEs comprises said NAS protocol information elements in said first set of NAS protocol IEs and one or more additional NAS protocol information elements. 27. Method of communication, including: causing a user equipment (UE) to initiate and execute a non-access layer (NAS) procedure to establish a NAS session between said UE and the mobile network network element; whereby said prescription includes: determining that the NAS security context exists for application by the specified UE; composing a first initial NAS message, wherein said first initial NAS message contains a first set of NAS protocol information elements (IEs) that are intended for security-related processing, wherein the first set of NAS protocol IEs contains only those NAS protocol IEs necessary to establish NAS security context, decrypting a first set of NAS protocol IEs, wherein said first NAS initial message further comprises a second NAS initial message encapsulated in a NAS message container IE, said second NAS initial message specifying the same message type as said first NAS initial message. the NAS message, and contains a second set of NAS protocol IEs for the specified NAS procedure, which is different from the specified first set of NAS protocol IEs, while the second set of NAS protocol IEs is encrypted; and sending said first initial NAS message to said network element. 28. Method of communication, including: causing the mobile network element to participate in a non-access layer (NAS) procedure for establishing a NAS session between a user equipment (UE) and said network element; whereby said prescription includes: receiving a first initial NAS message from said UE, said first initial NAS message containing a first set of NAS protocol information elements (IEs) that are intended for security-related processing, wherein the first set of NAS protocol IEs contains only those NAS protocol IEs that necessary to establish a NAS security context, wherein the first set of NAS protocol IEs is decrypted, said first NAS initial message further comprising a second NAS initial message encapsulated in the NAS message container IE, said second NAS initial message specifying the same message type as said first initial NAS message, and contains a second set of NAS protocol IEs for said NAS procedure that is different from said first set of NAS protocol IEs, and the second set of NAS protocol IEs is encrypted. 29. User Equipment (UE), comprising: at least one processor; and at least one storage device comprising a computer program code, wherein said at least one storage device and said computer program code are configured with said at least one processor to cause said UE to initiate a No Access Layer (NAS) procedure in multiple phases to establish a NAS session between the specified UE and the network element of the mobile network; wherein, in the first phase of said NAS procedure, said at least one storage device and said computer program code are configured with said at least one processor to: identify a plurality of NAS protocol information elements (IEs) associated with said NAS procedure; identify, from a plurality of NAS protocol IEs, a first set of NAS protocol IEs containing only those NAS protocol IEs necessary to establish a NAS security context, compose a first NAS initial message containing a first NAS protocol IE set, wherein the first NAS protocol IE set is decrypted in said first NAS initial message; identify, from a plurality of NAS protocol IEs, a second set of NAS protocol IEs different from said first set of NAS protocol IEs; insert, in the specified first initial NAS message, a subsequent NAS message containing the specified first NAS protocol IE set and the specified second NAS protocol IE set, wherein the specified first NAS protocol IE set and the specified second NAS protocol IE set in the specified subsequent NAS message are encrypted with using a public key of the home public communication network of land mobile objects (HPLMN) for the specified UE; send said first NAS initial message to said network element; and receive a response from the specified network element that includes the NAS security algorithm and a security keyset identifier associated with the NAS security context for application by the specified UE, and wherein, in the second phase of said NAS procedure, said at least one storage device and said computer program code are configured with said at least one processor: compose a subsequent NAS message, wherein said subsequent NAS message comprises a second initial NAS message encapsulated in a NAS message container IE, said second initial NAS message specifies the same message type as said first initial NAS message and comprises a second set of NAS protocol IEs for said NAS procedure that is different from said first set of NAS protocol IEs, wherein said second set of NAS protocol IEs contains the NAS protocol IEs in said first set of NAS protocol IEs and one or more additional NAS protocol IEs, wherein said second NAS initial message encrypted in the NAS message container using the NAS security algorithm adopted in said first phase; and send the specified subsequent NAS message to the specified network element. 30. The UE according to claim 29, characterized in that, in said first phase of said NAS procedure, said at least one storage device and said computer program code are further configured with said at least one processor: identify from said first set of NAS protocol IEs a subset of said NAS protocol IEs that are intended for security-related processing; encrypting said subset of said NAS protocol IEs in said initial NAS message using a public key of a public terrestrial mobile home network (HPLMN) for said UE; and insert the specified subset of the specified NAS protocol IEs into the specified first initial NAS message. 31. The UE according to claim 30, characterized in that said at least one storage device and said computer program code are further configured with said at least one processor: encrypting said subset of said NAS protocol IEs in said first NAS initial message using a public key when said UE has said public key programmed into a UMTS Subscriber Identity Module (USIM); and send said initial NAS message to said network element without encrypting said subset of said NAS protocol IEs in said first initial NAS message when said UE does not have said public key programmed into said USIM. 32. UE according to claim 30, characterized in that: said first initial NAS message contains a registration request message; and a specified subset of the NAS protocol IE intended for security-related processing consists of one or more of the following: a mobile identifier for a specified UE, a UE security capability indicating one or more NAS security algorithms supported by a specified UE, a registration type, or a set identifier security keys for the NAS security context. 33. The UE according to claim 32, characterized in that said at least one storage device and said computer program code are further configured with said at least one processor: encrypting said subset of said NAS protocol IEs in said initial NAS message using a public key of a public terrestrial mobile home network (HPLMN) for said UE when said registration type does not indicate an emergency; and send the specified initial NAS message to the specified network element without encrypting the specified subset of the specified NAS protocol IEs in the specified initial NAS message when the specified registration type indicates an emergency. 34. UE according to claim 29, characterized in that: said response contains a security mode command message that indicates a specified NAS security algorithm and a specified security key set identifier; and said subsequent NAS message contains a security mode completion message containing said NAS message container that contains said initial NAS message encrypted based on said NAS security algorithm. 35. A communication network element of a mobile network, comprising: at least one processor; and at least one storage device comprising a computer program code, wherein said at least one storage device and said computer program code are configured to cause said at least one processor to cause said communication network element to perform a Non-Access Layer (NAS) procedure in multiple phases for establishing a NAS session between a user equipment (UE) and a specified communication network element; wherein, in the first phase of said NAS procedure, said at least one storage device and said computer program code are configured with said at least one processor to: receive from the specified UE a first initial NAS message containing a first set of NAS protocol information elements (IEs) that are intended for security-related processing, wherein the first set of NAS protocol IEs is a subset of a set of NAS protocol IEs associated with the NAS procedure to establish a NAS session, wherein the first set of said NAS protocol IEs contains only those NAS protocol IEs necessary to establish the NAS security context, wherein the first set of NAS protocol IEs is decrypted in the first NAS initial message; compose a response to said first NAS initial message that contains the NAS security algorithm and a security keyset identifier associated with the NAS security context for use by said UE; and send to the specified UE a specified response to the specified first initial NAS message, and wherein, in the second phase of said NAS procedure, said at least one storage device and said computer program code are configured with said at least one processor: receive from said UE a subsequent NAS message, said subsequent NAS message comprising a second initial NAS message encapsulated in an IE of the NAS message container, said second initial NAS message specifying the same message type as said first initial NAS message and containing a second set a NAS protocol IE for said NAS protocol IE that is different from said first set of NAS protocol IEs, wherein said second set of NAS protocol IEs contains a NAS protocol IE in said first set of NAS protocol IEs and one or more additional NAS protocol IEs, wherein said the second initial NAS message is encrypted in the NAS message container using the NAS security algorithm adopted in said first phase. 36. The communication network element according to claim 35, characterized in that: said first initial NAS message contains a registration request message; and the specified subset of the NAS protocol IE intended for security-related processing contains one or more of the following: a mobile identifier for the specified UE, a UE security capability indicating one or more NAS security algorithms supported by the specified UE, a registration type, or a keyset identifier security context for the NAS security context. 37. The communication network element according to claim 35, characterized in that: said response contains a security mode command message that indicates a specified NAS security algorithm and a specified security key set identifier; and said subsequent NAS message contains a security mode completion message containing said NAS message container that contains said initial NAS message encrypted based on said NAS security algorithm. 38. Method of communication, including: initiating a Non-Access Layer (NAS) procedure in multiple phases to establish a NAS session between a user equipment (UE) and a mobile network network element, wherein in the first phase of said NAS procedure, said initiation includes: identifying a plurality of NAS protocol information elements (IEs) associated with said NAS procedure; identifying, from a plurality of NAS protocol IEs, a first set of NAS protocol IEs containing only those NAS protocol IEs needed to establish a NAS security context, composing a first NAS initial message containing a first NAS protocol IE set, wherein the first NAS protocol IE set is decrypted in the first NAS initial message; identifying, from a plurality of NAS protocol IEs, a second NAS protocol IE set different from said first NAS protocol IE set; inserting, in said first initial NAS message, a subsequent NAS message comprising said first NAS protocol IE set and said second NAS protocol IE set, wherein said first NAS protocol IE set and said second NAS protocol IE set in said subsequent NAS message are encrypted with using a public key of the home public communication network of land mobile objects (HPLMN) for the specified UE; sending said first NAS initial message to said network element; and receiving a response from the specified network element that includes the NAS security algorithm and a security keyset identifier associated with the NAS security context for application by the specified UE, and wherein in the second phase of said NAS procedure, said initiation includes: composing a subsequent NAS message, said subsequent NAS message comprising a second initial NAS message encapsulated in a NAS message container IE, said second initial NAS message specifying the same message type as said first initial NAS message and comprising a second set of NAS protocol IEs for said NAS procedure that is different from said first set of NAS protocol IEs, wherein said second set of NAS protocol IEs contains the NAS protocol IEs in said first set of NAS protocol IEs and one or more additional NAS protocol IEs, wherein said second NAS initial message encrypted in the NAS message container using the NAS security algorithm adopted in said first phase; and sending said subsequent NAS message to said network element. 39. The communication method of claim 38, wherein in said first phase of said NAS procedure, said method further includes: identifying from said first set of NAS protocol IEs a subset of said NAS protocol IEs that are intended for security-related processing; encrypting said subset of said NAS protocol IEs in said initial NAS message using a public key of a public terrestrial mobile home network (HPLMN) for said UE; and inserting said subset of said NAS protocol IEs into said first NAS initial message. 40. The communication method of claim 39, further comprising: encrypting said subset of said NAS protocol IEs in said first NAS initial message using a public key when said UE has said public key programmed into a UMTS Subscriber Identity Module (USIM); and sending said initial NAS message to said network element without encrypting said subset of said NAS protocol IEs in said first initial NAS message when said UE does not have said public key programmed into said USIM. 41. Communication method according to clause 39, characterized in that: said first initial NAS message contains a registration request message; and the specified subset of the NAS protocol IE intended for security-related processing contains one or more of the following: a mobile identifier for the specified UE, a UE security capability indicating one or more NAS security algorithms supported by the specified UE, a registration type, and a keyset identifier security context for the NAS security context. 42. The communication method of claim 41, further comprising: encrypting said subset of said NAS protocol IEs in said initial NAS message using a public key of a public terrestrial mobile home network (HPLMN) for said UE when said registration type does not indicate an emergency; and sending said initial NAS message to said network element without encrypting said subset of said NAS protocol IEs in said initial NAS message when said registration type indicates an emergency. 43. Communication method according to clause 38, characterized in that: said response contains a security mode command message that indicates a specified NAS security algorithm and a specified security key set identifier; and said subsequent NAS message contains a security mode completion message containing said NAS message container that contains said initial NAS message encrypted based on said NAS security algorithm. 44. Method of communication, including: causing the mobile network element to participate in a non-access layer (NAS) procedure in multiple phases to establish a NAS session between a user equipment (UE) and said network element; wherein, in the first phase of said NAS procedure, said prescription includes: receiving from the specified UE a first initial NAS message containing a first set of NAS protocol information elements (IEs) that are intended for security-related processing, wherein the first set of NAS protocol IEs is a subset of a set of NAS protocol IEs associated with the specified NAS procedure for establishing a NAS session, wherein the first set of NAS protocol IEs contains only those NAS protocol IEs necessary to establish a NAS security context, wherein the first set of NAS protocol IEs is decrypted in said first NAS initial message; composing a response to said first NAS initial message that contains the NAS security algorithm and a security keyset identifier associated with the NAS security context for use by said UE; and sending, to said UE, said response to said first initial NAS message, and wherein, in the second phase of said NAS procedure, said prescription includes: receiving from said UE a subsequent NAS message, said subsequent NAS message comprising a second initial NAS message encapsulated in an IE of the NAS message container, said second initial NAS message specifying the same message type as said first initial NAS message and containing a second set a NAS protocol IE for said NAS protocol that is different from said first set of NAS protocol IEs, wherein said second set of NAS protocol IEs contains a NAS protocol IE in said first set of NAS protocol IEs and one or more additional NAS protocol IEs, wherein said the second initial NAS message is encrypted in the NAS message container using the NAS security algorithm adopted in said first phase. 45. Communication method according to claim 44, characterized in that: said first initial NAS message contains a registration request message; and at least a subset of the NAS protocol IE intended for security-related processing comprises one or more of the following: a mobile identifier for a specified UE, a UE security capability indicating one or more NAS security algorithms supported by a specified UE, a registration type, or an identifier set of security keys for the NAS security context. 46. Communication method according to claim 44, characterized in that: said response contains a security mode command message that indicates a specified NAS security algorithm and a specified security key set identifier; and said subsequent NAS message contains a security mode completion message containing said NAS message container that contains said initial NAS message encrypted based on said NAS security algorithm. 47. User equipment (UE), containing: at least one processor; and at least one storage device containing computer program code, wherein said at least one storage device and said computer program code are configured with said at least one processor to cause said UE to initiate a Non-Access Layer (NAS) procedure to establish a session NAS communication between said UE and a mobile network network element; wherein said at least one storage device and said computer program code are configured with said at least one processor to: determine that the NAS security context exists for application by the specified UE; constitute a first NAS initial message, wherein said first NAS initial message contains a first set of NAS protocol information elements (IEs) that are intended for security-related processing, wherein the first NAS initial message further comprises a second NAS initial message encapsulated in a container IE NAS messages, wherein said second NAS initial message specifies the same message type as said first NAS initial message and contains a second set of NAS protocol IEs for said NAS procedure that is different from said first set of NAS protocol IEs; and send the specified first initial NAS message to the specified network element. 48. The UE of claim 47, wherein said second initial NAS message is encrypted in said NAS message container using the NAS security algorithm associated with said NAS security context. 49. The UE of claim 47, wherein said second set of NAS protocol IEs comprises said NAS protocol information elements in said first set of NAS protocol IEs and one or more additional NAS protocol information elements. 50. A communication network element of a mobile network, comprising: at least one processor; and at least one storage device containing a computer program code, wherein the specified at least one storage device and the specified computer program code are configured with the help of the specified at least one processor to instruct the specified network communication element to take part in the execution of the procedure of the layer without access ( NAS) to establish a NAS session between a user equipment (UE) and a specified communication network element; wherein said at least one storage device and said computer program code are configured with said at least one processor to: receive a first initial NAS message from said UE, wherein said first initial NAS message contains a first set of NAS protocol information elements (IEs) that are intended for security-related processing, wherein the first initial NAS message further comprises a second initial NAS message encapsulated in the NAS message container IE, wherein said second NAS initial message specifies the same message type as said first NAS initial message and contains a second set of NAS protocol IEs for said NAS procedure that is different from said first set of NAS protocol IEs. 51. The communication network element of claim 50, wherein said second initial NAS message is encrypted in said NAS message container using the NAS security algorithm associated with said NAS security context. 52. The network communication element of claim 50, wherein said second set of NAS protocol IEs comprises said NAS protocol information elements in said first set of NAS protocol IEs and one or more additional NAS protocol information elements. 53. Communication method, including: causing a user equipment (UE) to initiate and execute a non-access layer (NAS) procedure to establish a NAS session between said UE and the mobile network network element; whereby said prescription includes: determining that the NAS security context exists for application by the specified UE; composing a first NAS initial message, said first NAS initial message comprising a first set of NAS protocol information elements (IEs) that are intended for security-related processing, said first NAS initial message further comprising a second NAS initial message encapsulated in a container IE NAS messages, wherein said second NAS initial message specifies the same message type as said first NAS initial message and contains a second set of NAS protocol IEs for said NAS procedure that is different from said first set of NAS protocol IEs; and sending said first initial NAS message to said network element. 54. Communication method, including: causing the mobile network element to participate in a non-access layer (NAS) procedure for establishing a NAS session between a user equipment (UE) and said network element; whereby said prescription includes: receiving a first initial NAS message from said UE, said first initial NAS message comprising a first set of NAS protocol information elements (IEs) that are intended for security-related processing, said first initial NAS message further comprising a second initial NAS message encapsulated in A NAS message container IE, wherein said second NAS initial message specifies the same message type as said first NAS initial message and contains a second set of NAS protocol IEs for said NAS procedure that is different from said first set of NAS protocol IEs. 55. User equipment (UE), containing: at least one processor; and at least one storage device containing computer program code, wherein said at least one storage device and said computer program code are configured with said at least one processor to cause said UE to initiate a Non-Access Layer (NAS) procedure to establish a session NAS communication between said UE and a mobile network network element; wherein said at least one storage device and said computer program code are configured with said at least one processor to: compose an initial NAS message containing a first set of NAS protocol information elements (IEs) that are intended for security-related processing, said first set of NAS protocol IEs containing only those NAS protocol IEs necessary to establish a NAS security context, and said first NAS protocol IE set is decrypted in said NAS start message; insert, in the specified initial NAS message, a NAS message IE encapsulating the specified first NAS protocol IE and a second NAS protocol IE different from the specified first NAS protocol IE, wherein the specified first and second NAS protocol IEs are encapsulated in the message IE The NAS are encrypted using an encryption key associated with the mobile network or public terrestrial mobile home communications network (HPLMN) for the specified UE; and send the specified initial NAS message to the specified network element. 56. The UE of claim 55, wherein said initial NAS message contains a registration request message. 57. The UE of claim 56, wherein said first set of NAS protocol IEs for security-related processing comprises one or more of the following: a mobile identifier for said UE, a UE security capability indicating one or more algorithms security of the NAS supported by the specified UE, the registration type or security keyring ID for the NAS security context. 58. The UE according to claim 57, characterized in that said at least one storage device and said computer program code are further configured with said at least one processor: encrypting said first set of NAS protocol IEs in said initial NAS message using the network's public key HPLMN for said UE when said registration type does not indicate an emergency; and send the specified initial NAS message to the specified network element without encrypting the specified first set of the specified NAS protocol IEs in the specified initial NAS message when the specified registration type indicates an emergency. 59. The UE according to claim 55, characterized in that said at least one storage device and said computer program code are further configured with said at least one processor: receive, in response to said NAS initial message, from said network element a response containing a security mode command message that indicates said NAS security algorithm and said security key set identifier; and compose a subsequent NAS message including a security mode completion message comprising a NAS message container that contains a specified initial NAS message encrypted based on a specified NAS security algorithm. 60. A communication network element of a mobile network, comprising: at least one processor; and at least one storage device comprising a computer program code, wherein said at least one storage device and said computer program code are configured with said at least one processor to cause said communication network element to perform a Non-Access Layer (NAS) procedure for establishing a NAS session between a user equipment (UE) and said communication network element; wherein said at least one storage device and said computer program code are configured with said at least one processor to: receive from the specified UE an initial NAS message containing a first set of NAS protocol information elements (IEs) that are intended for security-related processing, wherein the first set of NAS protocol IEs contains only those NAS protocol IEs necessary to establish a NAS security context, said first NAS protocol IE being decrypted in said initial NAS message, said initial NAS message further comprising a NAS message IE encapsulating said first NAS protocol IE and a second NAS protocol IE different from said first NAS protocol IE, wherein said first and second NAS protocol IEs encapsulated in the NAS message IE are encrypted using an encryption key associated with a mobile network or public terrestrial mobile home network (HPLMN) for said UE; compose a response to said NAS initial message that includes the NAS security algorithm and a security keyset identifier associated with the NAS security context for use by said UE; and send to the specified UE a specified response to the initial NAS message. 61. The network element of claim 60, wherein said initial NAS message contains a registration request message. 62. The communication network element of claim 61, wherein the first set of NAS protocol IEs for security-related processing comprises one or more of the following: a mobile identifier for a specified UE, a UE security capability indicating one or more the NAS security algorithms supported by the specified UE, the registration type, or the security keyring ID for the NAS security context. 63. The communication network element according to claim 62, characterized in that: if the specified registration type does not indicate an emergency, the specified first set of NAS protocol IE in the specified initial NAS message is encrypted using the public key of the HPLMN network for the specified UE; and in case the specified registration type indicates an emergency, the specified first set of NAS protocol IE in the specified initial NAS message is decrypted. 64. The network communication element according to claim 60, characterized in that said at least one storage device and said computer program code are configured using said at least one processor: compose, in response to receiving said initial NAS message from said UE, a response containing a security mode command message that indicates the NAS security algorithm and a security key set identifier; send said response containing said security mode command message to said UE; and receive from the specified UE, in response to the security mode command message, a subsequent NAS message containing a security mode execution message containing a NAS message container that contains the specified initial NAS message encrypted based on the specified NAS security algorithm. 65. Method of communication, including: initiating a Non-Access Layer (NAS) procedure for establishing a NAS session between a user equipment (UE) and a mobile network element, said initiation including: composing an initial NAS message containing a first set of NAS protocol information elements (IEs) that are intended for security-related processing, wherein the first set of NAS protocol IEs contains only those NAS protocol IEs necessary to establish a NAS security context, and the specified the first NAS protocol IE set is decrypted in the specified NAS start message; inserting, in said initial NAS message, an NAS message IE encapsulating said first NAS protocol IE and a second NAS protocol IE different from said first NAS protocol IE, wherein said first and second NAS protocol IEs are encapsulated in the message IE The NAS are encrypted using an encryption key associated with the mobile network or public terrestrial mobile home communications network (HPLMN) for the specified UE; and sending the specified initial NAS message to the specified network element. 66. The communication method of claim 65, wherein said initial NAS message contains a registration request message. 67. The communication method of claim 66, wherein said first set of NAS protocol IEs for security-related processing comprises one or more of the following: a mobile identifier for said UE, a UE security capability indicating one or more the NAS security algorithms supported by the specified UE, the registration type, or the security keyring ID for the NAS security context. 68. The communication method of claim 67, further comprising: in the event that said registration type does not indicate an emergency, encrypting said first set of NAS protocol IEs in said initial NAS message using the public key of the HPLMN network for said UE; and in the event that said registration type indicates an emergency, sending said initial NAS message to said network element without encrypting said first set of NAS protocol IEs in said initial NAS message. 69. The communication method of claim 65, further comprising: receiving, in response to said initial NAS message, from said network element a response containing a security mode command message that indicates the NAS security algorithm and a security key set identifier; and composing a subsequent NAS message including a security mode completion message comprising a NAS message container that contains said initial NAS message encrypted based on said NAS security algorithm. 70. Method of communication, including: directing the mobile network element to perform a Non-Access Layer (NAS) procedure to establish a NAS session between a user equipment (UE) and said network element, said directing including: receiving from the specified UE an initial NAS message containing a first set of NAS protocol information elements (IEs) that are intended for security-related processing, wherein the first set of NAS protocol IEs contains only those NAS protocol IEs necessary to establish a NAS security context, said first NAS protocol IE being decrypted in said initial NAS message, said initial NAS message further comprising a NAS message IE encapsulating said first NAS protocol IE and a second NAS protocol IE different from said first NAS protocol IE, wherein said first and second NAS protocol IEs encapsulated in the NAS message IE are encrypted using an encryption key associated with a mobile network or public terrestrial mobile home network (HPLMN) for said UE; composing a response to said NAS initial message that includes the NAS security algorithm and a security keyset identifier associated with the NAS security context for use by said UE; and sending to the specified UE a specified response to the specified initial NAS message. 71. The communication method of claim 70, wherein said initial NAS message contains a registration request message. 72. The communication method of claim 71, wherein said first set of NAS protocol IEs for security-related processing comprises one or more of the following: a mobile identifier for said UE, a UE security capability indicating one or more the NAS security algorithms supported by the specified UE, the registration type, or the security keyring ID for the NAS security context. 73. Communication method according to clause 72, characterized in that: if the specified registration type does not indicate an emergency, the specified first set of NAS protocol IE in the specified initial NAS message is encrypted using the public key of the HPLMN network for the specified UE; and in case the specified registration type indicates an emergency, the specified first set of NAS protocol IE in the specified initial NAS message is decrypted. 74. The communication method of claim 70, further comprising: composing, in response to receiving said initial NAS message from said UE, a response containing a security mode command message that indicates the NAS security algorithm and a security key set identifier; sending said response containing said security mode command message to said UE; and receiving from the specified UE, in response to the security mode command message, a subsequent NAS message containing a security mode execution message containing a NAS message container that contains a specified initial NAS message encrypted based on a specified NAS security algorithm. 75. User equipment (UE), containing: at least one processor; and at least one storage device comprising a computer program code, wherein said at least one storage device and said computer program code are configured with said at least one processor to cause said UE to initiate a No Access Layer (NAS) procedure in multiple phases to establish a NAS session between the specified UE and the network element of the mobile network; wherein, in the first phase of said NAS procedure, said at least one storage device and said computer program code are configured with said at least one processor to: compose a first initial NAS message containing a first set of NAS protocol information elements (IEs) that are intended for security-related processing, said first set of NAS protocol IEs containing only those NAS protocol IEs necessary to establish a NAS security context; send said first NAS initial message to said network element; and receive, in response to said first NAS initial message, from said network element, a NAS security context message indicating whether said network element has detected a valid NAS security context associated with said UE; and wherein, in the second phase of said NAS procedure, said at least one storage device and said computer program code are configured with said at least one processor: in case the specified network element has not found a valid NAS security context associated with the specified UE, receive from the specified network element another NAS security context message containing a different NAS security algorithm, and compose a subsequent NAS message containing a second initial NAS message, which is encapsulated in a NAS message container of a subsequent NAS message and is at least partially encrypted using said different NAS security algorithm associated with said different NAS security context, said second NAS initial message specifying the same message type as said first NAS initial message, and contains said first set of NAS protocol IEs and a second set of NAS protocol IEs for said NAS procedure that is different from said first set of NAS protocol IEs; or if the specified network element has detected a valid NAS security context associated with the specified UE, receive from the specified network element a response message containing the existing NAS security policy associated with the specified existing NAS security context, and compose the specified subsequent NAS message containing the specified second an initial NAS message that is encapsulated in a NAS message container of said subsequent NAS message and at least partially encrypted using said existing NAS security algorithm associated with said existing NAS security context, said second initial NAS message specifying the same message type as and said first NAS initial message, and contains said first set of NAS protocol IEs and said second set of NAS protocol IEs for said NAS procedure, which is different from said first set of NAS protocol IEs; and send the specified subsequent NAS message to the specified network element. 76. A communication network element of a mobile network, comprising: at least one processor; and at least one storage device containing a computer program code, wherein the specified at least one storage device and the specified computer program code are configured with the help of the specified at least one processor to instruct the specified network communication element to take part in the execution of the procedure of the layer without access ( NAS) in multiple phases to establish a NAS session between a user equipment (UE) and a specified communication network element; wherein, in the first phase of said NAS procedure, said at least one storage device and said computer program code are configured with said at least one processor to: receive from said UE a first initial NAS message containing a first set of NAS protocol information elements (IEs) that are intended for security-related processing, said first set of NAS protocol IEs containing only those NAS protocol IEs necessary to establish a security context NAS; determine whether a valid NAS security context associated with the specified UE has been detected; if no valid NAS security context associated with the specified UE was found, set another NAS security context and compose a response message containing another NAS security context message containing a different NAS security algorithm; or if a valid NAS security context associated with the specified UE has been detected, compose a response message containing the existing NAS security policy associated with the specified existing NAS security context; and send to said UE, in response to said first NAS initial message, said response message containing said indication of whether a valid NAS security context and either another NAS security algorithm or an existing NAS security algorithm has been discovered for said UE, and wherein, in the second phase of said NAS procedure, said at least one storage device and said computer program code are configured with said at least one processor: receive from the specified UE a subsequent NAS message containing a second initial NAS message that is encapsulated in the NAS message container of the subsequent NAS message and at least partially encrypted using either a specified different NAS security algorithm associated with a specified different NAS security context or a specified existing algorithm NAS security context associated with a specified existing NAS security context, wherein said second NAS initial message specifies the same message type as specified first NAS initial message and contains specified first NAS protocol IE set and second NAS protocol IE set for specified NAS procedure , which is different from the specified first NAS protocol IE set. 77. Communication method, including: causing a user equipment (UE) to initiate and execute a non-access layer (NAS) procedure in multiple phases to establish a NAS session between the specified UE and the mobile network network element, wherein, in the first phase of said NAS procedure, said prescription includes: composing a first initial NAS message containing a first set of NAS protocol information elements (IEs) that are intended for security-related processing, said first set of NAS protocol IEs containing only those NAS protocol IEs necessary to establish a NAS security context; sending said first initial message to said network element; and receiving, in response to said first NAS initial message, from said network element a NAS security context message indicating whether said network element has discovered a valid NAS security context associated with said UE, and wherein, in the second phase of said NAS procedure, said prescription includes: in case the specified network element has not found a valid NAS security context associated with the specified UE, receiving from the specified network element another NAS security context message containing a different NAS security algorithm, and composing a subsequent NAS message containing a second initial NAS message, which is encapsulated in the NAS message container of said subsequent NAS message and is at least partially encrypted using said different NAS security algorithm associated with said different NAS security context, said second initial NAS message specifying the same message type as said first initial NAS message , and contains the specified first NAS protocol IE and the second NAS protocol IE for the specified NAS procedure, which is different from the specified first NAS protocol IE; or in the event that said network element has detected a valid NAS security context associated with said UE, receiving from said network element a response message containing an existing NAS security policy associated with said existing NAS security context, and composing a subsequent NAS message containing said second initial a NAS message that is encapsulated in a NAS message container of said subsequent NAS message and at least partially encrypted using said existing NAS security algorithm associated with said existing NAS security context, said second initial NAS message specifying the same message type as said first NAS initial message, and contains said first set of NAS protocol IEs and a second set of NAS protocol IEs for said NAS procedure that is different from said first set of NAS protocol IEs; and sending said subsequent NAS message to said network element. 78. Method of communication, including: instructing the network element of the mobile network to participate in the execution of the non-access layer (NAS) procedure in several phases to establish a NAS session between the user equipment (UE) and the specified network element, wherein, in the first phase of said NAS procedure, said prescription includes: receiving from said UE a first initial NAS message containing a first set of NAS protocol information elements (IEs) that are intended for security-related processing, said first set of NAS protocol IEs containing only those NAS protocol IEs necessary to establish a security context NAS; determining whether a valid NAS security context associated with the specified UE has been detected; if no valid NAS security context associated with the specified UE was found, establishing another NAS security context and composing a response message containing another NAS security context message containing a different NAS security algorithm; or in case a valid NAS security context associated with said UE has been detected, composing a response message containing an existing NAS security policy associated with said existing NAS security context; and sending to said UE, in response to said first NAS initial message, said response message containing said indication of whether a valid NAS security context and either another NAS security algorithm or an existing NAS security algorithm has been discovered for said UE, and wherein, in the second phase of said NAS procedure, said prescription includes: receiving from said UE a subsequent NAS message containing a second initial NAS message that is encapsulated in a subsequent NAS message NAS message container and at least partially encrypted using either a specified different NAS security algorithm associated with a specified different NAS security context or a specified existing algorithm NAS security context associated with the specified existing NAS security context, wherein the specified second initial NAS message specifies the same message type as the specified first initial NAS message and contains the specified first set of NAS protocol IEs and the second set of NAS protocol IEs for the specified NAS procedure , which is different from the specified first NAS protocol IE set. 79. User equipment (UE), containing: at least one processor; and at least one storage device comprising a computer program code, wherein said at least one storage device and said computer program code are configured with said at least one processor to cause said UE to initiate and execute a Non-Access Layer (NAS) procedure for establishing a NAS session between said UE and the mobile network network element; wherein said at least one storage device and said computer program code are also configured, by means of said at least one processor, to prescribe to said UE: determine that the NAS security context exists for application by the specified UE; constitute a first initial NAS message, wherein said first initial NAS message comprises a first set of NAS protocol information elements (IEs) that are intended for security-related processing, said first initial NAS message further comprising a second initial NAS message encapsulated in the IE of the NAS message container, wherein said second initial NAS message specifies the same message type as said first initial NAS message and contains a second set of NAS protocol IEs for said NAS procedure that is different from said first set of NAS protocol IEs, wherein said second the initial NAS message is encrypted in the NAS message container using the NAS security algorithm associated with the NAS security context, and wherein said second set of NAS protocol IEs contains the NAS protocol information elements in said first set of NAS protocol IEs and one or more additional information elements of the NAS protocol; and send the specified first initial NAS message to the specified network element. 80. A communication network element of a mobile network, comprising: at least one processor; and at least one storage device containing a computer program code, wherein the specified at least one storage device and the specified computer program code are configured with the help of the specified at least one processor to cause the specified communication network element to participate in the non-access layer (NAS) procedure to establish a NAS session between a user equipment (UE) and a specified mobile network communication element; wherein said at least one storage device and said computer program code are also configured, by means of said at least one processor, to prescribe to said communication network element: receive from said UE a first initial NAS message, said first initial NAS message containing a first set of NAS protocol information elements (IEs) that are intended for security-related processing, said first initial NAS message further comprising a second initial NAS message, encapsulated in a NAS message container IE, wherein said second initial NAS message specifies the same message type as said first initial NAS message and contains a second set of NAS protocol IEs for said NAS procedure that is different from said first set of NAS protocol IEs, when wherein said second NAS initial message is encrypted in the NAS message container using the NAS security algorithm associated with the NAS security context, wherein said second NAS protocol IE set contains NAS protocol information elements in said first NAS protocol IE set and one or more additional information elements of the NAS protocol; and send to the specified UE a response message indicating whether a valid NAS security context exists for the specified UE.

Images