WO2018182482A1

WO2018182482A1 - A network node, a communications device and methods therein for secure paging

Info

Publication number: WO2018182482A1
Application number: PCT/SE2018/050267
Authority: WO
Inventors: Nicklas Johansson; Vesa Torvinen; Andreas HÖGLUND; John Walter Diachina
Original assignee: Telefonaktiebolaget Lm Ericsson (Publ)
Priority date: 2017-03-31
Filing date: 2018-03-19
Publication date: 2018-10-04

Abstract

A network node (504,506) and a method for enabling secure paging of a communications device (508). The network node (504,506) and the communications device 508 operate in a wireless communications network (500). The network node (504,506) obtains a sequence number that is unique to each communications device specific paging occasion that occurs within a period of time, and generates a Message Authentication Code (MAC) for a paging message to be transmitted in a specific paging occasion using the sequence number. Further, the network node (504,506) transmits the paging message comprising the generated MAC, whereby secure paging of the communications device (508) is enabled.

Description

A NETWORK NODE, A COMMUNICATIONS DEVICE AND METHODS THEREIN FOR SECURE PAGING

TECHNICAL FIELD

Embodiments herein relate to a network node, a communications device and to methods therein. Especially, embodiments herein relate to secure paging.

BACKGROUND

Communication devices such as terminals or wireless devices are also known as e.g. User Equipments (UEs), mobile terminals, wireless terminals and/or mobile stations. Such terminals are enabled to communicate wirelessly in a wireless communication system or a cellular communications network, sometimes also referred to as a cellular radio system or cellular networks. The communication may be performed e.g. between two wireless devices, between a wireless device and a regular telephone and/or between a wireless device and a server via a Radio Access Network (RAN) and possibly one or more core networks, comprised within the wireless communications network.

The above terminals or wireless devices may further be referred to as mobile telephones, cellular telephones, laptops, or tablets with wireless capability, just to mention some further examples. The terminals or wireless devices in the present context may be, for example, portable, pocket-storable, hand-held, computer-comprised, or vehicle- mounted mobile devices, enabled to communicate voice and/or data, via the RAN, with another entity, such as another terminal or a server.

The cellular communications network covers a geographical area which is divided into cell areas, wherein each cell area being served by an access node such as a base station, e.g. a Radio Base Station (RBS), which sometimes may be referred to as e.g. an "eNB", an "eNodeB", a "NodeB", a B node", or a Base Transceiver Station (BTS), depending on the technology and terminology used. The base stations may be of different classes such as e.g. macro eNodeB, home eNodeB or pico base station, based on transmission power and thereby also cell size. A cell is the geographical area where radio coverage is provided by the base station at a base station site. One base station, situated at the base station site, may serve one or several cells. Further, each base station may support one or several communication technologies. The base stations communicate over the air interface operating on radio frequencies with the terminals or wireless devices within range of the base stations. In the context of this disclosure, the expression

Downlink (DL) is used for the transmission path from the base station to the mobile station. The expression Uplink (UL) is used for the transmission path in the opposite direction i.e. from the mobile station to the base station.

A Universal Mobile Telecommunications System (UMTS) is a third generation (3G) telecommunication network, which evolved from the second generation (2G) Global System for Mobile Communications (GSM). The UMTS terrestrial radio access network (UTRAN) is essentially a RAN using Wideband Code Division Multiple Access (WCDMA) and/or High Speed Packet Access (HSPA) for user equipment. In a forum known as the Third Generation Partnership Project (3GPP), telecommunications suppliers propose and agree upon standards for third generation networks, and investigate enhanced data rate and radio capacity. In some RANs, e.g. as in UMTS, several radio network nodes may be connected, e.g., by landlines or microwave, to a controller node, such as a Radio Network Controller (RNC) or a Base Station Controller (BSC), which supervises and coordinates various activities of the plural radio network nodes connected thereto. This type of connection is sometimes referred to as a backhaul connection. The RNCs and BSCs are typically connected to one or more core networks.

Specifications for the Evolved Packet System (EPS), also called a Fourth

Generation (4G) network, have been completed within the 3GPP and this work continues in the coming 3GPP releases, for example to specify a Fifth Generation (5G) network. The EPS comprises the Evolved Universal Terrestrial Radio Access Network (E-UTRAN), also known as the Long Term Evolution (LTE) radio access network, and the Evolved Packet Core (EPC), also known as System Architecture Evolution (SAE) core network. E- UTRAN/LTE is a variant of a 3GPP radio access network wherein the radio network nodes are directly connected to the EPC core network rather than to RNCs. In general, in E-UTRAN/LTE the functions of an RNC are distributed between the radio network nodes, e.g. eNodeBs in LTE, and the core network. As such, the RAN of an EPS has an essentially "flat" architecture comprising radio network nodes connected directly to one or more core networks, i.e. they are not connected to RNCs. To compensate for that, the E- UTRAN specification defines a direct interface between the radio network nodes, this interface being denoted the X2 interface.

In the 3GPP LTE, base stations, which may be referred to as eNodeBs or even eNBs, may be directly connected to one or more core networks. The 3GPP LTE radio access standard has been written in order to support high bitrates and low latency both for uplink and downlink traffic. All data transmission is in LTE controlled by the radio base station.

Multi-antenna techniques may significantly increase the data rates and reliability of a wireless communication system. The performance is in particular improved if both the transmitter and the receiver are equipped with multiple antennas, which results in a Multiple-Input Multiple-Output (MIMO) communication channel. Such systems and/or related techniques are commonly referred to as MIMO systems. General

Currently, within 3GPP there are several initiatives such Enhanced Coverage GSM-lnternet of Things (EC-GSM-loT), Narrow Band loT (NB-loT) and enhanced Mobile Type Communication (eMTC), sometimes also referred to as LTE Cat M 1 , to address the so called Internet of Things market in various deployment scenarios and cost segments. Common for all initiatives are coverage improvements, battery life time improvements as well as reduction of cost. For the EC-GSM-loT, in order to reach a security level similar to the LTE there has also been substantial specification updates to enhance security with e.g. introduction of mutual authentication to prevent spoofing from fake radio network nodes, e.g. fake BTSs, integrity protection of user plane data as well as removal of broken ciphering algorithms.

When it comes to battery life time improvements the key features are Power Saving Mode and extended DRX (eDRX). Power Saving Mode is for mobile originated traffic centric communications devices and allows the communications device to go into a sleep mode between network accesses. Extended DRX is a more generic solution and allows for much better downlink reachability and hence also mobile terminated traffic and it provides an extension of the paging cycles from seconds time scale up to 3 hours thereby allowing the communications device also to go into sleep mode between paging occasions. It has been shown that with these features enabled one can achieve a device battery life time of 10 years.

Paging

If the communications device is addressed in a paging message transmitted from a communications network, the communications device then sends a page response to the communications network, e.g. a core network node, which then allows the core network node to deliver downlink data that e.g. may include a trigger causing the communications device to perform a certain action such as sending of a measurement report - see Figure 1 and Figure 2 where the signalling for the cases of an Extended Coverage GSM Internet of Things (EC-GSM-loT) communications network and a Narrow Band Internet of Things (NB-loT) communications network, respectively, have been illustrated.

Figure 1 is a schematic illustration of signalling flow following a page to a communications device, e.g. a Mobile Station (MS), from a core network node, e.g. a Serving GPRS Support Node (SGSN), of an Extended Coverage GSM Internet of Things (EC-GSM-loT) communications network.

Figure 2 is a schematic illustration of signalling flow following a page to a communications device, e.g. a UE, from a core network node, e.g. a Public Data Network (PDN) Gateway (PGW) or a Service Gateway (SGW), of a Narrow Band Internet of Things (NB-loT) communications network.

For the EC-GSM-loT communications network all of the signalling messages, e.g. Page, Random Access Channel (RACH) and Fixed Uplink Allocation (FUA) of Figure 1 , sent across the radio interface are sent in clear mode, i.e. not ciphered, which implies that a malicious attacker, e.g. a fake base station, may record paging messages sent by a legitimate base station, e.g. a base station comprised in a Base Station Subsystem (BSS), using coverage class specific paging opportunities. The fake base station may then simply replay the recorded paging messages at every subsequent occurrence of that paging opportunity for that communications device, e.g. which will necessarily occur at least once per quarter hyperframe for EC-GSM-loT if the corresponding communications device is using the longest eDRX cycle, with the purpose of causing the communications device to act on the replayed paging messages (e.g. the RACH, FUA, Logical Link Control Physical Data Unit (LLC PDU) and Packet Uplink Ack Nack (PUAN) steps of Figure 1 are performed after a replayed paging message is received) and thereby run down the battery in the communications device.

If the fake base station is able to monitor Non-Access Stratum (NAS) signaling, i.e. the signalling between a communications device and the core network, for a given communications device and subsequently monitors a paging message sent to that communications device it could acquire the information it needs to determine additional instances of paging opportunities applicable to that communications device, i.e. that may occur more frequently than once per the maximum eDRX cycle allowed for the

corresponding radio access technology. In this disclosure the expressions "instances of paging opportunities applicable to the communications device", "communications device specific paging occasions", "device specific paging occasions" and similar are used interchangeably. The fake base station may then send the same replayed paging message using each of these additional paging opportunities and thereby cause the communications device to deplete its battery even faster.

Furthermore, since all of the signalling messages are sent in clear mode without any protection an attacker, e.g. a fake base station, may also assign resources for a large downlink transfer to further make the communications device waste power on a bogus downlink data transfer, i.e. receiving and acknowledging downlink data transmissions that do not contain valid payload. In more detail, a fake base station node targeting a

GPRS/EGPRS/EC-GSM-loT user could apply the following method:

Valid pages sent in cells known to serve high numbers of loT devices may be monitored by a fake base station over some period of time for the purpose of identifying the periodicity and paging subchannel (e.g. the specific set of PCH/EC-PCH blocks comprising a paging opportunity for EC-GSM or PEO operation - see 3GPP TS 44.018 and 3GPP TS 45.002) used by a legitimate base station to page any given device identity, e.g. P-TMSI.

When sending false pages in a cell for which it has previously monitored valid pages, a fake station uses the Base Station Identity Code (BSIC) and Training Sequence Code (TSC) used by the legitimate base station for that cell, thereby causing wireless devices, i.e. communications devices, in that cell to read page messages without ever knowing they are invalid, i.e. without knowing that they were sent by a fake base station.

Upon finding a matching page sent by the fake base station a wireless device responds by sending a page response (as per a subset of the signaling flows in Figure 1 and 2) which results in the device using battery to send the access request (e.g. the RACH signal of Figure 1) and waiting for a subsequent assignment of an uplink resource (e.g. the FUA signal of Figure 1) to be used for sending the page response.

Assuming the case where the legitimate base station receives the access request indicating 'page response' (e.g. the RACH signal of Figure 1) it sends the corresponding wireless device an uplink resource assignment message (e.g. the FUA signal of Figure 1) which results in the device using battery to send the page response (e.g. the LLC PDU signal of Figure 1) using radio resources not available for allocation to other communications devices. In addition, even though the SGSN will realize it has not paged the wireless device (and will therefore simply discard the page response), uplink signalling resources (e.g. on the RACH/EC-RACH) will effectively be wasted by the device sending an access request indicating 'page response', downlink signalling resources, e.g. on an Access Grant Channel (AGCH) or an Enhanced Coverage AGCH (EC-AGCH) will effectively be wasted by the BSS sending the device an uplink packet data resource assignment and packet data resources, e.g. on the uplink PDTCH/EC-PDTCH and downlink PACCH/EC-PACCH, will effectively be wasted by the device sending a page response, i.e. the LLC PDU comprising the page response.

Assuming the case where the fake base station receives the access request indicating 'page response' it may send the corresponding wireless device an uplink resource assignment message which results in the device using battery to send the page response using radio resources that may also have been allocated to other devices by the legitimate base station, i.e. radio resource collision may occur. This results in the reduced probability of successful transmission of information by other communications devices on resources assigned by the legitimate base station (and thereby increased battery consumption for these other devices as well) and therefore also leads to additional transmissions being necessary for these other devices (which results in a corresponding reduction to bandwidth utilization efficiency).

Assuming the case where the fake base station receives the page response (i.e. the LLC PDU of Figure 1) it may send the corresponding wireless device a subsequent downlink resource assignment message (e.g. the Packet Downlink

Assignment signal of Figure 1) which results in the device using battery to receive the downlink radio block(s) and to transmit layer 2 acknowledgements (Packet Downlink Ack/Nacks - PDANs) on the assigned packet data resources. The downlink resource assignment could be for long transfer and in order to deliberately waste as much device battery as possible the fake base station can transmit false data with respect to the RLC data block specific Cyclic Redundancy Check (CRC) and thereby cause the device to send as many uplink PDANs as possible. Thus, incorrect RLC data blocks are deliberately sent to the device causing the device to send as many uplink PDANs as possible.

For a NB-loT communications network, cf. Figure 2, a similar method may be used (i.e. a fake base station sends fake pages or sends both fake pages and fake resource assignments due to receiving a page response) since all of the messages sent on a Signalling Radio Bearer SRBO are sent without any authentication. However, since integrity protection is enabled when the UE switches to a Signalling Radio Bearer SRB1 it is not possible to assign resources for a large DL transfer to further make the devices waste additional battery as per the description in the last bullet above. In general, the lack of security for paging has not so far been a critical problem since most devices are either used by humans and could thus simply be recharged or are used in machines that are connected to power. On the other hand, for loT devices such as water meters or fire and/or burglar alarms with a targeted battery life time of 10 years a paging attack that depletes the batteries could have severe negative impacts such as high costs to replace the batteries or that an alarm is effectively never is sent due to premature battery depletion.

Moreover, paging attacks by a fake base station may also result in resource overload in legitimate base stations (e.g. spikes in RACH/EC-RACH and AGCH/EC- AGCH utilization as well as spikes in PDTCH/EC-PDTCH and PACCH/EC-PACCH demand) thus effectively resulting in a Denial of Service attack on the legitimate base station if the volume of false pages is large enough.

Security

In 3GPP there are in principal two means to ensure that data originates from a trusted node and those are encryption and integrity protection. Typically, however, encryption is used to avoid eavesdropping for user plane data while integrity protection is used to verify authenticity of messages such as control plane signaling or user plane data. When user plane data is encrypted only the intended receiver, e.g. a communications device, may correctly interpret the data and thus only a trusted node may correctly encrypt user plane data intended for a given communications device. When data is integrity protected a so called Message Authentication Code (MAC) is calculated, i.e. generated, and included in the message and only the intended receiver is able to calculate the correct MAC code. In an EC-GSM-loT communications network, integrity protection is used to both protect control plane signalling such as a paging message (wherein the identity of the paged device serves as the paging message), as well as user plane data (if enabled) carried within the context of LLC PDUs, e.g. LLC Ul frames, see 3GPP TS 44.064. The input parameters applicable to the integrity algorithm are the 128- bit integrity key Ki128, the 32-bit INPUT-I, the message (MESSAGE), the 1-bit

DIRECTION and the 32-bit CONSTANT-F.

Figure 3 illustrates an integrity algorithm, sometimes referred to as a GPRS Integrity Algorithm (GIA), to authenticate the integrity of messages [3GPP TS 43.020 v. 14.1.0]. Thus, Figure 3 shows the derivation of a MAC at a sender and/or an expected MAC (XMAC) at a receiver. Based on the shown input parameters i.e. based on the Integrity Key Ki128, the INPUT-I, the MESSAGE, the DIRECTION, and the CONSTANT-F, the sender, e.g. a network node such as a core network node or a radio network node, computes a 32-bit MAC using the integrity algorithm GIA. The message authentication code is then appended to the message when sent. The receiver, e.g. a communications device such as a UE or a MS, computes the expected Message Authentication Code (XMAC) based on the message received in the same way as the sender computed its message authentication code on the message sent and verifies the data integrity of the message by comparing XMAC to the received message authentication code, i.e. MAC. A match between the generated XMAC and the received MAC verifies the data integrity of the message.

It should be understood that the sender may be the communications device and that the receiver may be the network node. However, in the case of a paging procedure, the sender may be the network node and that the receiver may be the communications device

To ensure protection against replay attacks some type of sequence number (e.g. an INPUT-I) is needed for generating the MAC/XMAC wherein changes to the value of the sequence number provide a level of algorithm input variability sufficient to ensure that different values for MAC/XMAC are generated for any two integrity protected paging messages (MESSAGES) sent for the same device .

For the algorithm illustrated in Figure 3 the MESSAGE may consist of a LLC Unnumbered Information (Ul) frame or a paging message. Considering the example of a LLC Ul frame serving as the MESSAGE, the input parameter INPUT-I serves as the sequence number used to protect against replay attacks and is generated as:

INPUT -I = ( ( i-IOV-UI ® SX ) + LFN + OC ) modulo 2³² Where: - i-IOV-UI is a 32 bit random value generated by SGSN core network node

LFN is the LLC Frame Number in the LLC frame header (9 bits) OC is a binary Overflow Counter that is calculated and maintained independently at the sending and receiving sides, e.g. at the sender and the receiver, when the LFN rolls over. The length of OC is 32 bits. - SX is a 32 bit SAPI XOR mask calculated as follows: SX = 2²⁷ x SAPI + 2³¹ ,

wherein SAPI is a Service Access Point Identifier.

For the case of a paging message serving as the MESSAGE, the input parameter INPUT-I (sequence number) used to protect against reply attacks may be the value of the first TDMA frame number used in EC-GSM-loT for sending the paging message over the radio interface. Similarly, for the case of unacknowledged LLC frames serving as the MESSAGE, i.e. LLC Unnumbered Information (Ul) frames, the sequence number (INPUT- I) may in principal be the value of an extended LLC frame number (through LFN and OC) corresponding to the LLC Ul frame and random number i-IOV-UI that together protect against reply attacks. For the case of E-UTRAN/LTE, the value of the System Frame Number (SFN) in which the paging message is sent may serve as the sequence number (INPUT-I) used to protect against reply attacks.

In WO 2013/172750 A1 it has been proposed that paging messages could be secured using hash chains or cryptographically generated identifier sequences.

As mentioned above Figure 3 shows the GIA and Figure 4 illustrates the corresponding EPC Integrity Algorithm (EIA) [3GPP TS 33.401 , Annex B.2.1]. As illustrated, by means of the EIA the sender generates a MAC-I or a NAS-MAC and the receiver generates an XMAC-I or an XNAS-MAC.

Table 1 below demonstrates the corresponding fields in both algorithms, i.e. in the

GPRS/GIA and in the EPC/EIA. As shown in the table, the INPUT-I and the COUNT parameters serve as sequence numbers, and provide replay protection when the sequence number has not been used before. The BEARER and CONSTANT-F are similar parameters making the MAC codes specific to a bearer or frame type. If the integrity key (referred to as 'Ki128' in Figure 3, or 'KEY' in Figure 4) remains the same, the sequence number, direction or frame/bearer type must change when calculating a new MAC/MAC-I. Sometimes in this disclosure the integrity key is referred to as a secret key, or a ciphering key, and it should be understood that the terms may be used interchangeably. Algorithm GPRS/GIA EPC/EIA

Sequence number INPUT-I COUNT

Protected message MESSAGE MESSAGE

Direction DIRECTION DIRECTION

2G frame type or CONSTANT-F BEARER

4G bearer type

Table 1

SUMMARY

An object addressed by embodiments herein is how to improve performance in a wireless communications network.

Therefore, according to embodiments herein, a way of improving the performance in the wireless communications network is provided. According to an aspect of embodiments herein, the object is achieved by a method performed by a network node for enabling secure paging of a communications device. The network node and the communications device operate in a wireless communications network.

The network node obtains a sequence number that is unique to each

communications device specific paging occasion that occurs within a period of time, and generates a Message Authentication Code (MAC) for a paging message to be transmitted in a specific paging occasion using the sequence number.

Further, the network node transmits the paging message comprising the generated MAC, whereby secure paging of the communications device is enabled.

According to another aspect of embodiments herein, the object is achieved by a network node for enabling secure paging of a communications device. The network node and the communications device are configured to operate in a wireless communications network.

The network node is configured to obtain a sequence number that is unique to each communications device specific paging occasion that occurs within a period of time, and to generate a Message Authentication Code (MAC) for a paging message to be transmitted in a specific paging occasion using the sequence number. Further, the network node is configured to transmit the paging message comprising the generated MAC, whereby secure paging of the communications device is enabled. According to another aspect of embodiments herein, the object is achieved by a method performed by a communications device for secure paging. The communications device and a network node operate in a wireless communications network.

The communications device obtains a sequence number that is unique to each communications device specific paging occasion that occurs within a period of time, and generates an eXpected Message Authentication Code (XMAC) for a paging message to be received in a communications device specific paging occasion using the sequence number.

Further, the communications device receives, from the network node, a paging message in the communication device specific paging occasion which paging message comprises a MAC generated by the network node.

When the generated XMAC matches the MAC of the paging message, the communications device processes the paging message.

According to another aspect of embodiments herein, the object is achieved by a communications device for secure paging. The communications device and a network node are configured to operate in a wireless communications network.

The communications device is configured to obtain a sequence number that is unique to each communications device specific paging occasion that occurs within a period of time, and to generate an eXpected Message Authentication Code (XMAC) for a paging message to be received in a communications device specific paging occasion using the sequence number.

Further, the communications device is configured to receive, from the network node, a paging message in the communication device specific paging occasion which paging message comprises a MAC generated by the network node.

Furthermore, the communications device is configured to process the paging message, when the generated XMAC matches the MAC of the paging message.

According to another aspect of embodiments herein, the object is achieved by a computer program, comprising instructions which, when executed on at least one processor, causes the at least one processor to carry out the method performed by the network node, e.g. a first and/or a second network node.

According to another aspect of embodiments herein, the object is achieved by a computer program, comprising instructions which, when executed on at least one processor, causes the at least one processor to carry out the method performed by a communications device, e.g. the communications device.

According to another aspect of embodiments herein, the object is achieved by a carrier comprising the computer program, wherein the carrier is one of an electronic signal, an optical signal, a radio signal or a computer readable storage medium.

The introduction of the sequence number, e.g. the counter, as input into the integrity protection algorithm prevents the possibility of replay attacks and thereby introduces a number of advantages. As previously described, the sequence number, e.g. the counter, is unique to each communications device specific paging occasion that occurs within the time period spanned by each periodic RAU/TAU timer setting applicable to that communications device. Some advantages with some embodiments disclosed herein is that they provide one or more of the following:

- Battery lifetime of the communications device may be extended by ensuring it only responds to paging messages sent by a legitimate network node, e.g. a legitimate base station.

Battery lifetime of the communications device transmitting payload on radio resources assigned by a legitimate network node, e.g. a legitimate radio network node such as a legitimate base station, may be extended by eliminating the possibility of radio resource collision, whereby an illegitimate base station tells another communications device to use the same radio resources assigned by a legitimate base station. Such radio resource collision would otherwise result in two or more communications devices transmitting simultaneously on the same radio resources: Thereby, reducing the probability of successful payload reception by the legitimate base station and increasing battery depletion in the transmitting communications devices due to repeated uplink transmissions.

Ensuring the capacity of the logical channels used for (a) access requests, e.g. RACH/EC-RACH, (b) resource assignment messages, e.g. AGCH/EC-AGCH, (c) uplink payload transmission, e.g. uplink PDTCH/EC-PDTCH, and (d) acknowledgement of uplink payload reception, e.g. downlink PACCH/EC-PACCH, are not degraded due to communications devices acting on invalid pages sent by an illegitimate base station.

- The paging messages may be further enhanced with additional procedures and/or functionality, i.e. other than triggering page responses. For example, such additional procedures and/or functionality may trigger a communications device to perform measurements and send a corresponding measurement report without exposing the procedures and/or functionality to potential malicious attacks aimed at exposing sensitive information available within the communications device. This may be in addition to the battery depletion and logical channel capacity threats.

Ensures the reliability of EC-GSM/eMTC/NB-loT device networks, e.g. such that burglar alarm sensors may not be prematurely drained and thereby disabled by a third party.

BRIEF DESCRIPTION OF DRAWINGS

Examples of embodiments herein will be described in more detail with reference to attached drawings in which:

Figure 1 is a combined flowchart and signalling scheme schematically illustrating the signalling flow following a page from a core network node in an EC-GSM-loT communications network;

Figure 2 is a combined flowchart and signalling scheme schematically illustrating the signalling flow following a page from a core network node in an NB-loT

communications network;

Figure 3 schematically illustrates an GPRS integrity algorithm GIA to authenticate the integrity of messages;

Figure 4 schematically illustrates an EPS integrity algorithm EIA to authenticate the integrity of messages;

Figure 5 schematically illustrates embodiments of a wireless communications network;

Figure 6 is a combined flowchart and signalling scheme schematically illustrating the signalling flow between a communications device, e.g. a MS/UE, and a first network node, e.g. an eSGSN according to some embodiments;

Figure 7 is a flowchart depicting embodiments of a method performed by a network node; Figure 8 is a schematic block diagram illustrating embodiments of a network node; Figure 9 is a flowchart depicting embodiments of a method performed by a communications device; and

Figure 10 is a schematic block diagram illustrating embodiments of a

communications device.

DETAILED DESCRIPTION

As mentioned above, in WO 2013/172750 A1 it has been proposed that paging messages could be secured using hash chains or cryptographically generated identifier sequences. In some embodiments described herein the latter is addressed and a solution for how to ensure that a sequence number, e.g. a counter, used as input into a Hash based Message Authentication algorithm is sufficiently unique to prevent replay attacks is identified.

A drawback with the existing solution is that there is no defined solution for how to realize a sequence number, i.e. the INPUT-I in Figure 3 or the COUNT in Figure 4, that unambiguously may be used by both the network, e.g. the network node such as a core network node or a radio network node, and the communications device such as the mobile station, as input into the authentication and/or encryption algorithms in order to protect the paging messages (i.e. to generate a MAC at the network side for inclusion in a radio interface page message and generate an XMAC at the communications device upon reception of a radio interface page message) and thus prevent replay attacks that target successive paging opportunities used by a given communication device.

There is in addition no procedure that:

- defines how to apply integrity protection to paging messages;

determines how to modify the sequence number, e.g. a counter, used for integrity protected paging messages;

identifies how to negotiate the usage of secure, e.g. integrity protected, paging messages;

- defines which network nodes are actually involved in maintaining

(modifying) the sequence number;

identifies any details related to the configuration of the sequence number or predefined counter or timestamp between the communications device and the network, e.g. the network node;

- how the 2G/LTE integrity algorithm is actually applied. Moreover, another disadvantage with the current paging procedure is that since there is no way to ensure the protection of the paging message, it is not appropriate to enhance the paging message content, e.g. the payload, to support additional functionality to trigger other types of behavior in the communications device, such as to initiate a Multilateration positioning procedure or for a particular application to perform a

measurement and send a corresponding report to the network, e.g. to a network node. This additional functionality, if triggered by a fake network node, e.g. a fake radio network node such as a fake base station, using a non-authentic paging message, would potentially run down the battery even faster than simply responding to a paging message from a fake network node (without additional functionality being triggered).

As an example of such enhancements of the paging message, for enhanced Mobile Type Communication (eMTC) and/or NB-loT there is a direct indication in paging, i.e. information sent in Downlink Control Information (DCI) on Narrowband Physical Downlink Control Channel (NPDCCH) / MTC Physical Downlink Control Channel

(MPDCCH) using a Paging Radio Network Temporary Identifier (P-RNTI). For example, the information element systemlnfoModification indicates to the communications device if it must re-acquire System information (SI). Re-acquiring SI requires long reception time and a false network node indicating repeated change in the SI by the use of this field could increase the rate at which battery drain occurs for all communications devices operating in the cell. In the 3GPP Rel-14 also change of the Single Cell Point to Multipoint (SC-PtM) multicast service for eMTC/NB-loT may be indicated in DCI and would also be vulnerable.

An aim of some embodiments disclosed herein is to overcome or mitigate at least some of the drawbacks with the prior art.

Therefore, and in order to prevent replay attacks for the case where eDRX based periodic paging is used, it is proposed, in some embodiments disclosed herein, to introduce a procedure for MAC/XMAC generation similar to what is shown in Figure 3 and Figure 4. In the procedure a network node and a communications device are aligned when it comes to initiating a sequence number, e.g. a counter, to a specific value at a specific point in time at both the communications device and the network node to thereby generate a current value. Further, the network node and the communications device are aligned in a manner that allows them to modify the current value of the sequence number in an identical manner at one or more pre-determined points in time for a period of time that exceeds the setting of periodic Routing Area Update (RAU)/T racking Area Update (TAU) timers. Thereby an updated current value is generated.

The current value of the sequence number applicable at any given point in time is then used to generate a MAC code comprised in every paging message and thereby ensures that paging message replay attacks are not possible for any given

communications device as long as the time between successive modifications of the sequence number is less than the time between successive paging occasions applicable to that communications device. The time between successive paging occasions applicable to any given communications device is determined based on the eDRX cycle negotiated by that communications device.

In some first embodiments, it is proposed that one part of the input into the integrity protection algorithm, e.g. the 'INPUT-Γ in Figure 3 or the COUNT in Figure 4, comprises a sequence number derived from the control channels used to send paging messages on the radio interface wherein, in addition to this sequence number, a sequence number extension in the form of a frame number overflow counter is also introduced. Moreover, it is proposed that the value of the frame number overflow counter to use is included in either (a) any of the system information messages or (b) in the paging messages sent across the air interface. The reason for including the value of the frame number overflow counter in any of the system information messages or in the paging messages is to inform the communications device about additional information needed for constructing the sequence number value to use in the generation of the XMAC e.g. the frame number overflow counter can be used along with the first TDMA frame number used for sending a paging message to construct a sequence number

corresponding to the paging message. The frame number overflow counter is reset to 0 once the maximum range value applicable to this counter is reached.

Moreover, in order to provide improved uniqueness in the integrity protection algorithms, i.e. in the generation of the MAC or the XMAC, it is furthermore proposed that the communication device is assigned/re-assigned a random number every time the RAU and/or TAU procedure is performed. The random number is used in combination with the sequence number and the overflow counter as input into the integrity protection algorithm. For example, the random number may be included as part of the 'INPUT-Γ in Figure 3 or the COUNT in Figure 4, or as a new input to the MAC code generation algorithm.

Alternatively, it is proposed to introduce a sequence number plus a random number that together serve as an input to the integrity protection algorithm, i.e. in the generation of the MAC or the XMAC: For example, the sequence number plus the random number may be part of the 'INPUT-Γ in Figure 3 or the COUNT in Figure 4. Thereby, the value of the random number is changed at both the communications device and the network, e.g. the network node, every time a successful NAS Request - NAS Response exchange occurs, e.g. every time the periodic RAU/TAU procedure is performed. It is furthermore proposed that the value of the random number to use every time a successful NAS Request - NAS Response exchange occurs is included in the NAS Response message sent by the network, e.g. the network node, to the communications device. Note that although terminology from GSM/EDGE and LTE is used in this disclosure to exemplify the embodiments herein, this should not be seen as limiting the scope of the embodiments herein to only the aforementioned system. Other wireless systems, such as for example a NR network, 5G network, an LTE network, a Wideband Code Division Multiple Access (WCDMA) network, a Global System for Mobile

Communications (GSM) network, any 3GPP cellular network, a Worldwide Interoperability for Microwave Access (WMAX) network, a Wreless Local Area Network (WLAN), a Low Rate Wreless Personal Access Network (LR-WPAN) as defined in e.g. IEEE 802.15.4, a Bluetooth network, a SIGFOX network, a Zigbee network, a Bluetooth Low Energy (BLE) network such as a Bluetooth Smart network, or a Cellular Internet of Things (CloT) network such as an Enhanced Coverage GSM-loT (EC-GSM-loT) network, a Narrow Band loT (NB-loT) network or a network comprising one or more wireless devices configured for Machine Type Communication (MTC) sometimes herein referred to as an eMTC network, may also benefit from exploiting the ideas covered within this disclosure.

Also note that terminology such as network node, gNB, eNodeB and UE should be considering non-limiting and does in particular not imply a certain hierarchical relation between the two; in general "network node" could be considered as device 1 and "UE" device 2, and these two devices communicate with each other over some radio channel.

Further, the description frequently refers to wireless transmissions in the downlink, but embodiments herein are equally applicable in the uplink.

In this disclosure, reference will be made to MAC and XMAC. However, it should be understood that embodiments disclosed herein is equally applicable to the generation of MAC-I, NAS-MAC and to XMAC-I, XNAS-MAC, respectively. Therefore, a reference to MAC should also be understood as a reference to MAC-I or NAS-MAC. In correspondence, a reference to XMAC should be understood as a reference to XMAC-I or XNAS-MAC.

In the following, embodiments herein are illustrated by exemplary embodiments. 5 It should be noted that these embodiments are not mutually exclusive. Components from one embodiment may be tacitly assumed to be present in another embodiment and it will be obvious to a person skilled in the art how those components may be used in the other exemplary embodiments.

Embodiments below will mainly be exemplified with GSM/EDGE as the

10 communications network but generally they are applicable to other existing

communications networks such as NB-loT and eMTC or even to future networks such as a 5G communications network or a Next Radio (NR) communications network. The core network node will be exemplified with a Serving GPRS Support Node (SGSN), but generally it may be another core network node serving the communication device as

15 well. For example, for an eMTC communications network and a NB-loT communications network, the applicable core network node may also be an MME. The radio access network node, sometimes herein referred to as a controller node or a radio network node, is exemplified as a BSS and the communication device will be exemplified with a mobile station or a UE, sometimes also referred to as just the device.

20 It should furthermore be noted that, to anyone skilled in the art, there are several realizations of the embodiments below with principally equivalent functionality where e.g. introduced fields may be longer or shorter or coded in a different way. Some objectives of the embodiments described below are to introduce procedures and the corresponding necessary modified or new messages and/or information elements

25 and/or information fields to introduce protected identifiers used in paging, Downlink Control Information or other messages.

In addition, it should be noted that message names, parameters, information elements and field names may change during the course of the specification work which implies that embodiments described herein still apply as long as the principal function

30 and/or use is the same.

Figure 5 depicts an example of the wireless communications network 500 in which embodiments herein may be implemented. The wireless communications network 35 500 may be a cellular communications network such as a NR network, a 5G network, an LTE network, a WCDMA network, a GSM network, any 3GPP cellular network, or a short range communications network, such as a WLAN, an LR-WPAN, a Bluetooth network, WiMAX network, a SIGFOX network, a Zigbee network, a BLE network such as a

Bluetooth Smart network, or a CloT network such as an EC-GSM-loT network, a NB-loT network or an eMTC network, or a combination of one or more of the aforementioned communications networks just to mention some examples.

A Core Network (CN) 502 may be comprised in the communications network 500. The core network 502 may be an NR core network, a 5G core network, an LTE core network, a WCDMA core network, a GSM core network, any 3GPP cellular core network, or a short range communications core network, such as a WLAN core network, an LR- WPAN core network, a Bluetooth core network, WiMAX core network, a SIGFOX core network, a Zigbee core network, a BLE core network such as a Bluetooth Smart network, or a CloT network such as an EC-GSM-loT core network, a NB-loT core network or an eMTC core network, or a combination of one or more of the aforementioned

communications core networks just to mention some examples.

A first network node, such as a Core Network Node (CNN), 504 may be comprised in or arranged in communication with the core network 502. The first core network node 504 may be a Mobility Management Entity (MME) or a Serving GPRS Support Node (SGSN).

A second network node, such as a Radio Network Node (RNN), 506 is arranged and configured to operate in the communication network 500. The second network node 506 is configured for wireless communication with wireless devices, e.g. communications devices such as a communications device 508, when they are located within a coverage area 506a, e.g. a geographical area served by the second network node 506. It should be understood that the second network node 506 may serve or manage a plurality of coverage areas 506a, even though only one is illustrated in Figure 5 for clarity reasons. The one more coverage areas 506a are sometimes in this disclosure referred to as one or more cells 506a.

The second network node 506 may be a transmission point such as a radio base station, for example an E-UTRA node, a LTE eNB, an eNB, an Node B, or an Home Node B, an Home eNode B, a Base Transceiver Station (BTS) or any other network being capable to serve a communications device in a communications network, such as the communications network 500. The second network node 506 may further be configured to communicate with the first network node 504.

A communications device 508 is operating in the wireless communications network 500. The communications device 508, also sometimes referred to as a wireless communications device, a wireless device, a User Equipment (UE), or a Mobile Station (MS), may be located in the wireless communications network 500. For example, the communications device 508 may be an Internet of Things (loT) device, a user equipment, a mobile terminal or a wireless terminal, a mobile phone, a computer such as e.g. a laptop, a Personal Digital Assistants (PDAs) or a tablet computer, with wireless capability, or any other radio network units capable to communicate over a radio link in a wireless communications network. It should be noted that the term user equipment used in this document also covers other wireless devices such as Machine to Machine (M2M) devices, even though they are not handled by any user. In some embodiments, the communications device 508 is a stationary wireless device. Thus, the communications device 508 is sometimes in this disclosure referred to as a stationary communications device 508. By the expression "stationary wireless device" when used herein is meant that the communications device 508 is not moving. For example, the stationary

communications device 508 is not moving when in use, e.g. during operation.

More specifically the followings are network node, e.g. first and/or second network node, and communication device related embodiments:

The network node embodiments relate to Figure 7 and 8. The communication device embodiments relate to Figure 9 and 10.

A method performed by a network node, such as the first and/or second network node 504,506, for enabling secure paging of a communications device, such as the communications device 508, comprises one or more of the actions below. It should be understood that actions may be combined and that actions may be taken in another suitable order.

Action 701

The network node 504,506 obtains a sequence number, e.g. a counter. The sequence number may be obtained from one or more control channels used to send a paging message over a radio interface to the communications device 508. The sequence number may be a specific sequence number applicable to a given paging occasion and therefore may be known at both the communications device 508 and the network node 504,506. Thus, the communications device 508 and the network node 504,506 are 5 aligned to use the same sequence number. Further, the sequence number is unique to each communications device specific paging occasion that occurs within a period of time.. By providing a sequence number that is unique to each communications device specific paging occasion that occurs within the time period, the possibility of replay attacks is prevented within that period of time. The sequence number may comprise frame number

10 information and a frame number extension, or the sequence number may be maintained on NAS level. The frame number extension may be associated with the radio interface control channel structure.

This action may be performed by an obtaining module, e.g. an obtaining module 803, comprised in the network node, such as the first and/or second network node

15 504,506. The obtaining module 803 may be implemented by or arranged in

communication with a processor 807 of the network node. The processor 807 will be described in more detail below.

Action 702

20 The network node 504,506 generates a MAC using the sequence number. The

MAC is a MAC for a paging message to be transmitted in a specific paging occasion. The reason for transmitting the paging message in the specific paging occasion is that the communications device 508 searches for paging messages in a limited set of paging occasions according to a discontinuous receive cycle it is using for paging reception, and

25 will associate a sequence number that is unique for each instance of these paging

occasions that occurs within the period of time.

In some first embodiments, the network node 504,506 is the radio network node 506 and the sequence number comprises frame number information specific to the paging occasion used for transmitting the paging message. In such embodiments, the radio

30 network node 506 generates the MAC using a secret key, the sequence number and an identifier for the communications device 508. Some first embodiments will be described in more detail below.

In some second embodiments, the network node 504,506 is the radio network node 506 and the sequence number comprises frame number information specific to the 35 paging occasion used for transmitting the paging message. In such embodiments, the radio network node 506 generates the MAC using the secret key, the sequence number and an identifier for the communications device (508), and/or a random number for the communications device 508. Some second embodiments will be described in more detail below.

In some third embodiments, the network node 504,506 is the radio network node

506 and the sequence number comprises frame number information specific to the paging occasion used for transmitting the paging message and a frame number extension. In such embodiments, the radio network node 506 generates the MAC using the secret key, the sequence number and an identifier and/or a random number for the communications device 508. The frame number further comprises the frame number extension. Some third embodiments will be described in more detail below.

In some embodiments, such as in some first to third embodiments, the frame number information comprises a TDMA frame number. In such embodiments, the period of time has a value lower than a total time spanned by a full range of TDMA frame numbers. Further, the network node may set a periodic Routing Area Update (RAU) or Tracking Area Update (TAU) timer to a value that is lower than the total time spanned by the full range of TDMA frame numbers (including any TDMA frame number extension), and assign a new identifier and/or a random number to the communications device 508 at every periodic routing or tracking area update.

Alternatively, in some embodiments such as in some first to third embodiments, the frame number information comprises a SFN, and the period of time has a value lower than a total time spanned by a full range of SFNs (including any SFN extension).

In some sixth and seventh embodiments, the network node 504, 506 is a core network node 504, and the core network node 504 generates the MAC using the sequence number, a secret key, and an identifier and/or a random number for the communications device 508.

In some sixth embodiments, the core network node 504 sets the sequence number to zero upon reception of a RAU or TAU request. Further, the core network node increments the sequence number at predetermined time points. In such embodiments, the transmitted paging message comprises a supplemental parameter indicating whether or not the communications device 508 is to decrement the sequence number before attempting to verify MAC included in the paging message.

In some seventh embodiments, the paging message comprises the sequence number used in generating the MAC.

Some sixth and seventh embodiments will be described in more detail below. This action may be performed by a generating module, e.g. a generating module 804, comprised in the network node, such as the first and/or second network node 504,506. The generating module 804 may be implemented by or arranged in

communication with the processor 807 of the network node.

Action 703

The network node 504,506 transmits, to the communications device 508, a paging message comprising the generated MAC. This action may be performed by a transmitting module, e.g. a transmitting module 802, comprised in the network node, such as the first and/or second network node 504,506. The transmitting module 802 may be implemented by or arranged in communication with the processor 807 of the network node. Thus, the transmitted paging message is a secured paging message and sometimes in this disclosure referred to as a protected paging message, an integrity protected paging message, an authenticated paging message, or similar. It should be understood that those terms are used interchangeably in this disclosure.

The network node, such as the first and/or second network node 504,506, may comprise an interface unit, e.g. an input/output interface 800, to facilitate

communications between the network node and other network nodes or devices, e.g., the communications device 508. The interface may, for example, include a transceiver configured to transmit and receive radio signals over an air interface in accordance with a suitable standard.

The network node, such as the first and/or second network node 504,506, is configured to receive, by means of a receiving module 801 configured to receive, a transmission, e.g. a data packet, a signal or information, from one or more network nodes, one or more communications devices, e.g. the communications device 508. The receiving module 801 may be implemented by or arranged in communication with the processor 807 of the network node.

In some embodiments, the network node is configured to perform, by means of one or more other modules 805 configured to perform one or more further actions described herein. The one or more other modules may be implemented by or arranged in communication with the processor 807 of the network node.

The network node 504,506 may also comprise means for storing data. In some embodiments, the network node comprises a memory 806 configured to store the data. The data may be processed or non-processed data and/or information relating thereto. The memory 806 may comprise one or more memory units. Further, the memory 806 may be a computer data storage or a semiconductor memory such as a computer memory, a read-only memory, a volatile memory or a non-volatile memory. The memory is arranged to be used to store obtained information, data, configurations, and applications etc. to perform the methods herein when being executed in the network node.

Embodiments herein for secure paging may be implemented through one or more processors, such as the processor 807 in the arrangement depicted in Fig. 8, together with computer program code for performing the functions and/or method actions of embodiments herein. The program code mentioned above may also be provided as a computer program product, for instance in the form of a data carrier carrying computer program code for performing the embodiments herein when being loaded into network node. One such carrier may be in the form of an electronic signal, an optical signal, a radio signal or a computer readable storage medium. The computer readable storage medium may be a CD ROM disc or a memory stick.

The computer program code may furthermore be provided as program code stored on a server and downloaded to the network node.

Those skilled in the art will also appreciate that the input/output interface 800, the receiving module 801 , the transmitting module 802, the obtaining module 803, generating module 404, and the one or more other modules 805 above may refer to a combination of analogue and digital circuits, and/or one or more processors configured with software and/or firmware, e.g. stored in the memory 806, that when executed by the one or more processors such as the processors in the network node perform as described above. One or more of these processors, as well as the other digital hardware, may be included in a single Application-Specific Integrated Circuitry (ASIC), or several processors and various digital hardware may be distributed among several separate components, whether individually packaged or assembled into a System-on-a-Chip (SoC).

A method performed by a communications device 508 for secure paging comprises one or more of the actions below. It should be understood that actions may be combined and that actions may be taken in another suitable order.

Action 901

The communications device 508 obtains a sequence number, e.g. a counter. The sequence number may be obtained from one or more control channels used to send a paging message over the radio interface. The sequence number may be a specific sequence number applicable at both the communications device 508 and the network node 504,506. Thus, the communications device 508 and the network node 504,506 are aligned to use the same sequence number. Further, the sequence number is unique to each communications device specific paging occasion that occurs within a period of time. The sequence number may comprise frame number information and a frame number extension, or the sequence number may be maintained on NAS level.

In some embodiments, the communications device 508 obtains the sequence number from one or more control channels, which one or more channels are to be used to receive the paging message over a radio interface.

In some embodiments, the sequence number specific to the paging occasion used for receiving the paging message comprises frame number information and a frame number extension. In such embodiments, the frame number information comprises a TDMA frame number, and the period of time has a value lower than a total time spanned by a full range of TDMA frame numbers.

In some alternative embodiments, the sequence number specific to the paging occasion used for receiving the paging message comprises frame number information and a frame number extension. In such alternative embodiments, the frame number information comprises a SFN and the period of time has a value lower than a total time spanned by a full range of SFNs.

This action may be performed by an obtaining module, e.g. an obtaining module 1003, comprised in the communications device 508. The obtaining module 1003 may be implemented by or arranged in communication with a processor 1007 of the

communications device 508. The processor 1007 will be described in more detail below.

Action 902

The communications device 508 generates an expected MAC (XMAC) for a paging message to be received in a communications device specific paging occasion. The XMAC is generated using the sequence number.

In some embodiments, the communications device 508 generates the XMAC using a secret key, the sequence number and an identifier and/or a random number for the communications device 508.

In some embodiments when the generated XMAC does not match the MAC of the paging message, the communications device 508 generates the XMAC, e.g. regenerates the XMAC, using the secret key, a previous sequence number and the identifier and/or the random number for the communications device 508. The previous sequence number may be the sequence number reduced by one.

In some embodiments, e.g. in some sixth embodiments, when the communications device 508 is in receipt of an indication that the communications device 508 is to decrement the sequence number before attempting to verify the MAC comprised in the paging message, the communications device 508 generates the XMAC using the secret key, the sequence number value reduced by one and the identifier and/or the random number for the communications device 508. Some sixth embodiments will be described in more detail below.

This action may be performed by a generating module, e.g. a generating module

1004, comprised in the communications device 508. The generating module 1004 may be implemented by or arranged in communication with the processor 1007 of the

communications device 508. Action 903

The communications device 508 receives, from the network node 504,506, a paging message in the device specific paging occasion. The paging message comprises a MAC generated by the network node 504,506. As described herein, when the MAC of the paging message matches the generated XMAC, the communications device 508 will process the paging message. In such scenarios, it could also be stated that the paging message received by communications device 508 comprises the generated XMAC.

In some embodiments, e.g. in some seventh embodiments, the received paging message comprises the sequence number used in generating the MAC. In such embodiments, the communications device 508 generates the XMAC after receipt of the paging message comprising the sequence number used when the network node 504,506 generated the MAC. Thus, in such embodiments, Action 903 is performed before Action 902. Some seventh embodiments will be described in more detail below.

This action may be performed by a receiving module, e.g. a receiving module 1001 , comprised in the communications device 508. The receiving module 1001 may be implemented by or arranged in communication with the processor 1007 of the

communications device 508.

Action 904

The communications device 508 processes the paging message when the generated XMAC matches the MAC of the paging message. In other words, when the MAC has been verified, the communications device 508 processes the paging message. This action may be performed by the processor 1007 of the communications device 508.

The communications device 508 may comprise an interface unit, e.g. an

input/output interface 1000, to facilitate communications between the communications device 508 and other network nodes, e.g. the first and/or second network nodes 504,506. The interface may, for example, include a transceiver configured to transmit and receive radio signals over an air interface in accordance with a suitable standard.

The communications device 508 is configured to transmit, by means of a transmitting module 1002 configured to transmit, a transmission, e.g. a data packet, a signal or information, to one or more network nodes, or one or more other

communications devices. The transmitting module 1002 may be implemented by or arranged in communication with the processor 1007 of the communications device 508.

In some embodiments, the communications device 508 is configured to perform, by means of one or more other modules 1005 configured to perform one or more further actions described herein. The one or more other modules may be implemented by or arranged in communication with the processor 1007 of the communications device 508.

The communications device 508 may also comprise means for storing data. In some embodiments, the network node comprises a memory 1006 configured to store the data. The data may be processed or non-processed data and/or information relating thereto. The memory 1006 may comprise one or more memory units. Further, the memory 806 may be a computer data storage or a semiconductor memory such as a computer memory, a read-only memory, a volatile memory or a non-volatile memory. The memory is arranged to be used to store obtained information, data, configurations, and

applications etc. to perform the methods herein when being executed in the

communications device 508.

Embodiments herein for secure paging may be implemented through one or more processors, such as the processor 1007 in the arrangement depicted in Fig. 10, together with computer program code for performing the functions and/or method actions of embodiments herein. The program code mentioned above may also be provided as a computer program product, for instance in the form of a data carrier carrying computer program code for performing the embodiments herein when being loaded into network node. One such carrier may be in the form of an electronic signal, an optical signal, a radio signal or a computer readable storage medium. The computer readable storage medium may be a CD ROM disc or a memory stick. The computer program code may furthermore be provided as program code stored on a server and downloaded to the network node.

Those skilled in the art will also appreciate that the input/output interface 1000, the receiving module 1001 , the transmitting module 1002, the obtaining module 1003, generating module 1004, and the one or more other modules 1005 above may refer to a combination of analogue and digital circuits, and/or one or more processors configured with software and/or firmware, e.g. stored in the memory 1006, that when executed by the one or more processors such as the processors in the network node perform as described above. One or more of these processors, as well as the other digital hardware, may be included in a single Application-Specific Integrated Circuitry (ASIC), or several processors and various digital hardware may be distributed among several separate components, whether individually packaged or assembled into a System-on-a-Chip (SoC).

Some exemplifying embodiments

In this sections, some exemplifying embodiments will be described in more detail.

For example, in some first to third exemplifying embodiments, the second network node 506 maintains the sequence number, e.g. the counter, (including the frame number extension per the third embodiment) and sends out the paging message, and the first network node 504 assigns a freshness parameter, e.g. a random number RAND-P or an identifier P-TMSI of the communications device if reassigned every RAU/TAU, to guarantee uniqueness within the periodic RAU/TAU timer.

In some first to third exemplifying embodiments, the first network node 504 is a core network node, and the second network node 506 is a radio network node.

As a further example, in some sixth to seventh embodiments, the second network node 506 sends out the paging message and the first network node 504 both assigns the freshness parameter, e.g. the random number RAND-P as well as updates the sequence number, e.g. the counter.

In some sixth to seventh exemplifying embodiments, the first network node 504 is a core network node, and the second network node 506 is a radio network node.

Further, for one or more of some first to third exemplifying embodiments and some sixth to seventh embodiments, and for each reading of the paging channel, the communications device 508 calculates an expected MAC (XMAC) wherein the sequence number, e.g. the counter either is frame number information plus a frame number extension, e.g. FNOC, or a counter maintained on NAS level.

Further, some fourth embodiments may be relevant for one or more of some first to third exemplifying embodiments and some sixth to seventh embodiments.

Furthermore, some fifth embodiments may be relevant for one or more of some first to third exemplifying embodiments, and in particular ensures that the necessary information is passed to the second network node 506 from the first network node 504.

Some first exemplifying embodiments

In some first exemplifying embodiments, wherein the second network node 506, e.g. the radio network node such as the base station, performs the MAC code generation, it is proposed to introduce a procedure comprising one or more of the following actions. It should be understood that actions may be performed in another order and that actions may be combined.

Action 1.1. The second network node 506 introduces a sequence number, e.g. a counter, as an input to the integrity protection algorithm. For example, the sequence number corresponds to the INPUT-I in Figure 3 or the COUNT in Figure 4. The sequence number is based on the value of the TDMA frame numbers used for transmissions on the downlink control channel radio interface.

Action 1.2. The first network node 504 sets the periodic RAU/TAU timer to a lower value than the total time spanned by the full range of TDMA frame numbers comprising a hyperframe, i.e. lower than 2715648 TDMA frames.

Action 1.3. The first network node 504 assigns a new device identifier, e.g. P- TMSI/S-TMSI, to the communications device 508 at every periodic RAU/TAU.

Action 1.4. The second network node 506 uses the device identifier as an input, e.g. MESSAGE in Figure 3, to the integrity protection algorithm.

Action 1.5. The second network node 506 generates a MAC code, e.g. at the second network node 506 such as at the BSS, using the current sequence number, e.g. the current counter value and the device identifier currently in use for the

communications device 508 and includes the MAC code in the paging message sent for that communications device 508. For example, the current sequence number, e.g. the current counter value, consists of the first TDMA frame used to send a paging message to a given communications device 508 on the radio interface. As previously described, a secret key is always used in the generation of the MAC. As an example, the TDMA frame number space in GSM/GPRS spans a range from 0 to 2715647 and takes a total time of 3 hours 28 minutes 53.76 seconds before it wraps around. In other words, in order to have a unique sequence number value as input into the integrity protection algorithm the periodic RAU/TAU timer needs to be set to a value lower than 3 hours 28 minutes 53.76 seconds, e.g. 3 hours. Moreover, in order to ensure uniqueness, the Packet Temporary Mobile Subscriber Identity (P-TMSI) is also reassigned at every periodic RAU/TAU. The device identifier together with the current counter value, e.g. the TDMA frame number value of the first TDMA frame used to send a page to the communications device 508, will ensure uniqueness for every page sent to that communications device 508 within every periodic RAU/TAU cycle. In a similar manner the system frame number for NB-loT and eMTC including H-SFN is in the range from 0 to 1048575 which takes a total time of 2 hours and 53 minutes.

Some second exemplifying embodiments

In some second exemplifying embodiments, wherein the second network node

506, e.g. the radio network node such as the base station, performs the MAC code generation, and in order to not have to reassign the device identifier at every RAU/TAU it is proposed to introduce a procedure comprising one or more of the following actions. It should be understood that actions may be performed in another order and that actions may be combined.

Action 2.1. The second network node 506 introduces a sequence number, e.g. a counter, as an input to the integrity protection algorithm, e.g. as the INPUT-I in Figure 3 or the COUNT in Figure 4; that is based on the values of TDMA frame numbers used for transmissions on the downlink control channel radio interface.

Action 2.2. The first network node 504 sets the periodic RAU/TAU timer to a lower value than the total time spanned by the full range of TDMA frame numbers comprising a hyperframe, i.e. lower than 2715648 TDMA frames

Action 2.3. The first network node 504 assigns a Random number, e.g. a RAND- P where P refers to 'paging', to the device, e.g. the communications device 508, at every periodic RAU/TAU. This may be done by the first network node 504.

Action 2.4. The second network node 506 uses the random number RAND-P as an input, e.g. as MESSAGE in Figure 3 or as part of INPUT-I in Figure 3 or COUNT in Figure 4, to the authentication/encryption algorithm.

Action 2.5. The second network node 506 generates a MAC code using the current sequence number value and the random number RAND-P currently in use for the communications device. The generated MAC code is comprised in the paging message sent for that device. As previously mentioned, the current sequence number may be the current counter value, and the current sequence number may e.g. consist of the first TDMA frame used to send a paging message to a given device on the radio interface. As also previously described, a secret key is always used in the generation of the MAC. The second network node 506 may be the BSS.

The random number RAND-P together with the TDMA frame numbers will ensure uniqueness of input parameters used for the integrity protection algorithm for every communications device 508 specific paging occasion that occurs within every periodic RAU/TAU cycle.

Some third exemplifying embodiments

In some third exemplifying embodiments, wherein the second network node 506, e.g. the radio network node such as the base station, performs the MAC code generation, and in order to allow the network, e.g. the first network node 504 such as the core network node, to use longer periodic RAU and TAU timer settings than dictated by the time spanned by the existing full range of TDMA frame numbers it is proposed to introduce a procedure comprising one or more of the following actions. It should be understood that actions may be performed in another order and that actions may be combined.

Action 3.1. The second network node 506 introduces a sequence number, e.g. a counter, on the radio interface as input to the integrity protection algorithm, e.g. as the INPUT-I in Figure 3 or the COUNT in Figure 4, that in addition to using the existing TDMA frame numbers used on the radio interface also uses an extended frame number in the form of an Frame Number Overflow Counter (FNOC). The FNOC is either (a) broadcasted in the existing system information messages or (b) included in at least the paging messages sent on e.g. the Downlink Common Control Channels or on the Physical Downlink Shared Channel.

Action 3.2. The first network node 504 sets the periodic RAU/TAU timer to a lower value than the total time spanned by the full range of TDMA frame numbers determined by a hyperframe and the frame number overflow counter (FNOC)..

Action 3.3. The first network node 504 assigns either a new device identifier, e.g. aP-TMSI and/or an S-TMSI, to the communications device 508 at every periodic

RAU/TAU or assigns the communications device 508 a random number RAND-P at every periodic RAU/TAU. Action 3.4. The second network node 506 uses either the new device identifier or RAND-P as an input, e.g. as MESSAGE in Figure 3, to the authentication/encryption algorithm

Action 3.5. The second network node 506 generates a MAC code, e.g. at the second network node 506 such as at the BSS, using the current sequence number and either the device identifier or the RAND-P currently in use for the communications device 508 or both the device identifier and the RAND-P currently in use for the

communications device 508. The generated MAC code is included in the paging message sent for that communications device 508. As previously mentioned, the current sequence number may be the current counter value, and the current sequence number may e.g. consist of the first TDMA frame used to send a paging message to a given device on the radio interface and supplemented with the current value of the frame number overflow counter. As also previously described, a secret key is always used in the generation of the MAC.

As an example, the frame number space in GSM/GPRS spans a range from 0 to

2715647 and takes a total time of 3 hours 28 minutes 53.76 seconds before it wraps around. With a 4 bit frame number overflow counter the frame numbers would span 16*(3 hours 28 minutes 53.76 seconds) or approximately 55 hours and 44 min. This would thus allow a setting of the periodic RAU/TAU timer to e.g. 48 hours, which is a much more realistic number for stationary M2M devices. It should be noted that the longest possible length of the periodic RAU/TAU timer is 320 hours which would require a 7 bit frame number overflow counter.

Furthermore, for EC-GSM-loT, as the TDMA frame number value identified when synchronizing to a cell, i.e. when reading the EC-SCH, only provides information about the frame numbers within the scope of a quarter hyperframe, the

QUARTER_HYPERFRAME_INDICATOR field [3GPP, TS 44.018 v 14.0.0] also needs to be conveyed to the communications devices, e.g. the communications device 508, in EC operation so they have knowledge of the TDMA frame number within the scope of a full hyperframe. Currently the communications device 508 may read this indicator by monitoring Assignment messages on the AGCH but it would be advantageous to add this field, in addition to the frame number overflow counter, into the paging messages since a communications device 508 waking up for the purpose of performing paging message acquisition/verification would thereby receive all necessary information for the authentication by just reading the EC-SCH and any of the paging messages. Two examples of a new EC PAGING REQUEST Type 2 paging message with a 4 bit frame number overflow counter sent to two EC-GSM-loT communications devices where the communications devices are paged using the calculated MAC is provided below.

< EC Paging Request message Type 2 content > ::=

< Message Type : bit (4) >

< Used DL Coverage Class: bit (2) >

< QUARTER_HYPERFRAME_INDICATOR : bit (2) >

< Frame_Number_Over_Flow_Counter: bit (4) >

{ 0 I 1 < EC Page Extension ; bit (4) > }

{ 0 I 1 < Mobile Identity 1 : < Mobile Identity struct » }

{ 0 I 1 < Mobile Identity 2 : < Mobile Identity struct » } <spare padding> ;

< Mobile Identity struct > ::=

{ 0 < MAC : bit (32) >

I 1 < Number of IMSI Digits : bit (4) >

< IMSI Digits : bit (4 * (val(Number of IMSI Digits) + 1)) > } ;

Table 1 : New EC PAGING REQUEST Type 2 message content

< EC Paging Request message Type 2 content > ::=

< Message Type : bit (4) >

< Used DL Coverage Class: bit (2) >

< QUARTER_HYPERFRAME_INDICATOR : bit (2) >

< Frame_Number_Over_Flow_Counter: bit (4) >

{ 0 I 1 < EC Page Extension ; bit (4) > }

< MAC 1 : bit (32) >

{ 0 I 1 < MAC 2 : bit (32) > }

{ 0 I 1 < Mobile Identity 1 : < Mobile Identity struct » }

{ 0 I 1 < Mobile Identity 2 : < Mobile Identity struct » } <spare padding> ;

< Mobile Identity struct > ::=

{ 0 < P-TMSI : bit (32) >

I 1 < Number of IMSI Digits : bit (4) >

< IMSI Digits : bit (4 * (val(Number of IMSI Digits) + 1)) > } ;

Table 2: New EC PAGING REQUEST Type 2 message content

It should be noted to anyone skilled in the art that there are many realizations of a new EC Paging Request Type 2 message where e.g. fields may change order or even be omitted or added.

In another example, relevant to NB-loT a 4 bit frame number overflow counter and where the communications devices, e.g. the communications device 508, are paged using the calculated MAC is provided below. Extract from 36.331 [3GPP TS 36.331 v 14.1.0] with modifications to include a 4 bit frame number overflow counter (FNOC), a 40 bit MAC field as a Rel-14 extension. Note that there are several possible variations of how to modify the message, one may e.g. construct a completely new message where the MAC replaces the S-TMSI, use MAC field with a different size etc.

Paging-NB

The Paging-NB message is used for the notification of one or more UEs.

Signalling radio bearer: N/A

RLC-SAP: TM

Logical channel: PCCH

Direction: E-UTRAN to UE

Paging-NB message

— ASNlSTART

Paging-NB ::= SEQUENCE {

pagingRecordList-rl3 PagingRecordList-NB-rl3

OPTIONAL, — Need ON

systemlnfoModification-rl3 ENUMERATED {true}

OPTIONAL, — Need ON

systemlnfoModification-eDRX-rl3 ENUMERATED {true}

OPTIONAL, — Need ON

nonCriticalExtension Paging-NB-vl XX-IEs

OPTIONAL

}

Paging-NB-vl4XX-IEs ::= SEQUENCE {

mac BIT STRING (SIZE (40) )

OPTIONAL, — Need ON

frameNumberOverflowCounter BIT STRING (SIZE (4))

OPTIONAL, — Need ON

nonCriticalExtension SEQUENCE { } OPTIONAL

}

PagingRecordList-NB-rl3 ::= SEQUENCE (SIZE ( 1.. maxPageRec ) ) OF PagingRecord-NB-rl3

PagingRecord-NB-rl3 ::= SEQUENCE {

ue-Identity-rl3 PagingUE-Identity,

}

— ASN1STOP Some fourth exemplifying embodiments

In some fourth exemplifying embodiments, the concept of integrity protected paging messages, i.e. paging messages comprising a generated MAC, is used to enhance the paging messages to include instructions to the communications device 508 to perform certain actions such as requesting the communications device 508 to send a measurement report from Sensor A, send a measurement report from sensor B, perform Multilateration positioning etc. In its simplest form the instructions are simply e.g. an 8-bit bitmap which will uniquely be understood by the communications device 508, see Table 4 and Table 3 where an 8-bit Application bitmap has been introduced.

< EC Paging Request message Type 2 content > ::=

< Message Type : bit (4) >

< Used DL Coverage Class: bit (2) >

< QUARTER_HYPERFRAME_INDICATOR : bit (2) >

< Frame_Number_Over_Flow_Counter: bit (4) >

{ 0 I 1 < EC Page Extension ; bit (4) > }

{ 0 I 1 < Application bitmap : bit (8) > }

{ 0 I 1 < Mobile Identity 1 : < Mobile Identity struct » }

{ 0 I 1 < Mobile Identity 2 : < Mobile Identity struct » } <spare

padding> ;

< Mobile Identity struct > ::=

{ 0 < MAC : bit (32) >

I 1 < Number of IMSI Digits : bit (4) >

< IMSI Digits : bit (4 * (val(Number of IMSI Digits) + 1)) > } ;

Table 3: New EC PAGING REQUEST Type 2 message content

< EC Paging Request message Type 2 content > ::=

< Message Type : bit (4) >

< Used DL Coverage Class: bit (2) >

< QUARTER_HYPERFRAME_INDICATOR : bit (2) >

< Over_Flow_Counter: bit (4) >

{ 0 I 1 < EC Page Extension ; bit (4) > }

< MAC 1 : bit (32) >

{ 0 I 1 < MAC 2 : bit (32) > }

{ 0 I 1 < Application bitmap : bit (8) > }

{ 0 I 1 < Mobile Identity 1 : < Mobile Identity struct » }

{ 0 I 1 < Mobile Identity 2 : < Mobile Identity struct » } <spare

padding> ;

< Mobile Identity struct > ::=

{ 0 < P-TMSI : bit (32) >

I 1 < Number of IMSI Digits : bit (4) >

< IMSI Digits : bit (4 * (val(Number of IMSI Digits) + 1)) >

} ;

Table 4: New EC PAGING REQUEST Type 2 message content

It should be noted that the application bit map may be a single bit or any other bit sized field.

In another example, relevant to NB-loT, a single bit application field is added to the paging message to indicate that the communications device 508 is being paged for, e.g., UTDOA positioning, see below.

Extract from 36.331 [3GPP TS 36.331 v 14.1.0] with modifications to include a 4 bit frame number overflow counter (FNOC), a 40 bit MAC field and a single bit UTDOA positioning field as a Rel-14 extension (note that there are several possible variations of how to modify the message, one may e.g. construct a completely new message where the MAC replaces the S-TMSI, use MAC field with a different size etc.). Paging-NB

The Paging-NB message is used for the notification of one or more UEs.

Signalling radio bearer: N/A

RLC-SAP: TM

Logical channel: PCCH

Direction: E-UTRAN to UE

Paging-NB message

— ASNlSTART Paging-NB ::= SEQUENCE {

pagingRecordList-rl3 PagingRecordList-NB-rl3

OPTIONAL, — Need ON

systemlnfoModification-rl3 ENUMERATED {true}

OPTIONAL, — Need ON

systemlnfoModification-eDRX-rl3 ENUMERATED {true}

OPTIONAL, — Need ON

nonCriticalExtension Paging-NB-vl XX-IEs

OPTIONAL

}

Paging-NB-vl4XX-IEs ::= SEQUENCE {

mac BIT STRING (SIZE (40) )

OPTIONAL, — Need ON

frameNumberOverflowCounter BIT STRING (SIZE (4))

OPTIONAL, — Need ON

utdoaPositioning ENUMERATED {true}

OPTIONAL, — Need ON

nonCriticalExtension SEQUENCE { } OPTIONAL }

PagingRecordList-NB-rl3 ::= SEQUENCE (SIZE ( 1.. maxPageRec ) )

OF PagingRecord-NB-rl3

PagingRecord-NB-rl3 ::= SEQUENCE {

ue-Identity-r!3 PagingUE-Identity,

}

— ASN1STOP

A prerequisite to some first to fourth exemplifying embodiments previously described is that the network node that performs the protection of the paging messages, e.g. the calculation, i.e. generation, of the MAC, is the network node that sends out the actual paging messages. Thus, the network node performing the protection of the paging message is the second network node 506 e.g. the radio network node such as the BTS/BSS or eNB. The reason for this is that it is only these network nodes that know the actual timing in each cell, i.e., the actual frame number (including over flow counter). This means that the secret key Kp (used in generating the MAC code) needs to be passed from the first network node 504, e.g. the SGSN/MME, to the second network node 506, e.g. the BTS/eNB. Note that the secret key Kp used by the second network node 506, e.g. BTS/BSS/eNB may be a key explicitly sent by the first network node 504, e.g. the

SGSN/MME, or derived from other keys such as the second network node 506, e.g. the eNB, deriving the Kp directly from AS security key(s) (i.e. from a Cipher Key (CK) and/or Integrity Key (IK)). Some fifth exemplifying embodiments

In some fifth exemplifying embodiments, the paging messages sent from the first network node 504, e.g. the SGSN and/or the MME, to the second network node 506, e.g. the BSC/BSS/eNB, are enhanced to carry also the secret key, e.g. the secret key Kp, to be used in the integrity protection, i.e. in the MAC generation, as well as possibly also the random number RAND-P, see example below in Table 5 where a new

Information Element "Paging Protection Information IE" has been added to the Paging PS PDU content sent from the SGSN to the BSS across the Gb interface.

Information elements Type / Reference Presence Format Lengt h

PDU type PDU type/1 1.3.26 M V 1

IMSI IMSI/1 1.3.14 M TLV 5 -10

DRX Parameters (note 3) DRX Parameters/11.3.1 1 0 TLV 4

BVCI (note 1) BVCI/11.3.6 C TLV 4

Location Area (note 1) Location Area/11.3.17 C (note 2) TLV 7

Routeing Area (note 1) Routeing Area/1 1.3.31 C (note 2) TLV 8

BSS Area Indication (note 1) BSS Area C TLV 3

Indication/1 1.3.3

PFI PFI/1 1.3.42 0 TLV 3

ABQP ABQP/1 1.3.43 0 TLV 13-?

QoS Profile QoS Profile/1 1.3.28 M TLV 5

P-TMSI TMSI/1 1.3.36 0 TLV 6 eDRX Parameters (note 3) eDRX 0 TLV 3

Parameters/11.3.122

Coverage Class Coverage 0 TLV 3

Class/11.3.124

Cell Identifier (note 4) Cell Identifier/11.3.9 0 TLV 10

MS Radio Access Capability MS Radio Access 0 TLV 7-? (note 5) Capability/1 1.3.22

Paging Attempt Information Paging Attempt 0 TLV 3

Information/1 1.3.125

Paging Protection Information Paging Protection 0 TLV 22

Information/11.3. xxx

NOTE 1 : One and only one of the conditional lEs shall be present. No repeated instances of the conditional lEs are permissible (e.g. one and only one

Location Area shall be present).

NOTE 2: When network sharing is supported, the PLMN included in the Location

Area/ Routeing Area elements can be either the Common PLMN or an

Additional PLMN (see 3GPP TS 44.018 [25]).

NOTE 3: If the SGSN has valid eDRX Parameters for a TLLI it shall include the eDRX Parameters IE in which case the DRX Parameters IE shall not be included. For the case where PSM is enabled with eDRX and the Active timer is running the SGSN shall always include the negotiated eDRX value in the eDRX Parameters IE.

NOTE 4: The cell identity for the cell where the Coverage Class was reported by the MS shall be included if available at the SGSN.

NOTE 5: The field shall be present if there is valid MS Radio Access Capability information for the MS known by the SGSN; the field shall not be present otherwise.

Table 5: New Paging PS PDU content 8 7 6 5 4 3 2 1

Octet 1 IEI

Octet 2 Length Indicator

Octet 3-6 RAND-P

Octet 7-22 Kp128

Table 6: Paging Protection Information IE

In Table 6, RAND-P Designates a 32-bit random number assigned to the MS at Routing Area Update, and Kp128 is a Paging integrity protection key.

5 As understood by any person skilled in the art there are many realizations of the

Paging Protection Information Elements where e.g. both the RAND-P and Kp128 may be of other sizes or even omitted (RAND-P) and where Kp may be either the Ciphering Key (CK) the Integrity Key (IK) or both.

10 Some sixth exemplifying embodiments

In some sixth exemplifying embodiments, a solution is considered wherein the first network node 504, e.g. the core network node such as the SGSN and/or the MME, performs MAC Code generation instead of the second network node 506, e.g. the BTS/BSS/eNB/gNB. In such embodiments there is no need for the first network node

15 504 to pass the secret key Kp or any other parameters to the second network node 506, e.g. the BTS/BSS/eNB, along with a paging message. Some elements of some sixth exemplifying embodiments comprise one or more of the following Actions, and subactions. It should be understood that actions and/or subactions may be performed in another order and that actions and/or subactions may be combined.

20 Action 6.1. Paging messages sent over the radio interface, from the second

network node 506, to the communications device 508 include a MAC code generated by the first network node 504, e.g. the SGSN and/or MME, using the following inputs to the integrity protection algorithm:

Kp : a secret paging integrity key, e.g. the Integrity Key K1128 in Figure 3 or the

25 KEY in Figure 4 or a new key Kp derived from K1128.

MSID : the identity of the target device, e.g. the communications device 508, such as the P-TMSI, e.g. the MESSAGE in Figure 3.

RAND-P : a X bit value sent to the target device, e.g. the communications device 508, in a RAU/TAU Accept message, e.g. part of the INPUT-I in Figure 3 or the 30 COUNT in Figure 4, and modified in each subsequent RAU/TAU Accept message. - Sequence Number (SN) : a Y bit value, e.g. also part of the INPUT-I/COUNT in Figures 3 and 4; that is set to zero in the target device upon receiving a Layer 2 Acknowledgement, e.g. a PUAN/EC-PUAN. The layer 2 acknowledgement confirms BTS/BSS/eNB reception of an uplink transmission containing a RAU/TAU Request. The SN is set to zero in the SGSN/MME upon reception of that

RAU/TAU Request. That is, synchronization between the communications device 508 and the first network node 504, e.g. the SGSN and/or the MME, is expected to be realized with an accuracy of a few tenths of a second using this method.

- This approach for managing the value of SN is based on never exposing the value of SN over the radio interface in the interest of potential concerns over a hacker having access to too many of the inputs used by the integrity protection algorithm when generating the MAC code.

It should be noted that if the idenitity of the communications device 508, such as the MSID e.g. P-TMSI, is re-assigned at every RAU/TAU then there is no need to use the random value RAND-P as input into the integrity protection algorithm in order to have uniquness within every periodic RAU/TAU cycle. In other words, depending on the network behavior the need for the RAND-P is optional.

Action 6.2. The value of SN is maintained by the first network node 504, e.g. the SGSN and/or the MME, on a per device basis and is incremented once every Z seconds by both the communications device 508 and the first network node 504, e.g. the SGSN and/or MME. Alternatively the value of SN is maintained by the first network node 504, e.g. SGSN and/or MME, on a per device basis and is incremented every time the ready timer expires by both the communications device 508 and the first network node 504, e.g. the SGSN and/or MME. The term "ready timer" when used herein means a timer used in the communications device 508 and in the first network node 504, e.g. the SGSN and/or the MME, per each identity e.g. pe each P-TMSI, assigned to the communications device 508 to control the cell updating procedure (see 3GPP TS 24.008 v14.3.0).

- A 16 bit SN value is sufficient if the RAU/TAU procedure is performed at least once every -7.5 days and the SN is incremented once every 10 seconds.

- This approach to SN management ensures no paging message replay is possible in the period between two successive RAU/TAU procedures.

By synchronizing the SN in the communications device 508 and the first network node 504, e.g. the SGSN and/or MME, in this way the SGSN/MME does not require knowledge of the radio interface TDMA frame information. Changing the RAND-P during each RAU/TAU procedure ensures no paging message replay is possible if SN is reset to zero after each RAU/TAU Request as per action 6.1.

- The accuracy of the clock maintained in the communications device 508 is

expected to be sufficiently precise such that no substantial timing drift occurs between the communications device 508 and the first network node 504, e.g. the SGSN and/or MME, even though a communications device 508 may spend a large percentage of time in deep sleep wherein power saving enhancements are applied in the interest of battery lifetime.

Action 6.3. Upon detecting the need to page any given communications device

508, the the first network node 504, e.g. the SGSN and/or MME, performs MAC code generation using the device identity e.g. the P-TMSI, the secret key Kp and the current values for the sequence number SN and the random value RAND-P.

- The first network node 504, e.g. the SGSN and/or MME, forwards the MAC code as part of the paging message it sends to the one or more second network nodes

506, e.g. one or more BSS/eNB, serving the applicable paging area. In other words, the SGSN sends a PAGING PS PDU to one or more BSS and includes the MAC code as a supplemental parameter in the PDU.

- The second network nodes 506, e.g. the BSS/eNB, sends one or more radio

interface paging messages where each includes the MAC code.

Upon receiving a radio interface page with a matching P-TMSI the

communications device 508 performs MAC code generation!. e. it generates XMAC of Figure 3, using its P-TMSI, the secret key Kp and the current values for the sequnce number SN and the random value RAND-P. It proceeds with processing the paging request if it detects a MAC Code success. Optionally, upon receiving a radio interface page with a matching MAC code the communications device 508 proceedes with processing the paging reequest message.

- There will be some delay from when the first network node 504, e.g. the SGSN and/or MME, generates the MAC code until the point when the communications device 508 actually receives the radio interface paging message containing the

MAC code.

If the delay is long enough the SN value applied by the communications device 508, while attempting to verify the MAC code in the received paging message, will be greater than the SN value used by the the first network node 504, e.g. the SGSN and/or MME, in generating the MAC code and the communications device 508 will therefore declare a MAC code failure.

In the event of a MAC code failure, i.e. the XMAC generated by the device is not the same as the MAC generated by the network - see Figure 3, the

communications device 508 may retry MAC verfication using the previous SN value in which case a MAC code success will typically result. The previous SN value may be the current SN value decremented by one. The MAC code failure may also be referred to as the MAC generated by the network node 504,506 does not match the XMAC generated by the communications device 508.

- Alternatively, upon sending a paging message to a second network nodes 506, e.g. the BSS/eNB, the the first network node 504, e.g. the SGSN and/or MME, may include a supplemental parameter that indicates the remaining time until the sequence number SN will be incremented again. If this remaining time is exceeded by the second network nodes 506, e.g. the BSS/eNB, before it actually sends the corresponding radio interface paging message it may include a flag in the radio interface paging message that indicates that the remaining time was exceeded. Upon receiving such an indication in a radio interface paging message, the communications device 508 simply decrements the current SN value by one before attempting to verify the MAC code included in the radio interface paging message.

Some seventh exemplifying embodiments

In some seventh exemplifying embodiments, a solution that is similar to that of some sixth exemplifying embodiments is considered except that there is no concern over exposing the value of sequence number SN over the radio interface. In other words, the authentication/encryption algorithm used for generating the MAC code is considered to be so robust that all inputs except for the secret key may be exposed without risk of the algorithm being broken. Elements of some seventh exemplifying embodiments comprise one or more of the following Actions and/or subactions. It should be understood that actions and/or subactions may be performed in another order and that actions and/or subactions may be combined.

Action 7.1. Paging messages sent, from the second network node 506, over the radio interface to a communications device 508 include a MAC code generated by the the first network node 504, e.g. the SGSN and/or MME, using the following inputs to the integrity protection algorithm: Kp : a secret key such as the Integrity Key Ki-128 in Figure 3 or a new key Kp derived from KM 28.

- RAND-P : a X bit value sent to the target device, e.g. the communications device 508, in a RAU/TAU Accept message (e.g. part of INPUT-I in Figure 3 or COUNT in Figure 4) and modified in each subsequent RAU/TAU Accept message.

Sequence Number (SN) : a Y bit value (e.g. also part of INPUT-I in Figure 3) that is set to zero in the first network node 504, e.g. the SGSN and/or MME, upon reception of a RAU/TAU Request.

- It should be noted if the MSID, e.g. the P-TMSI, is re-assigned at every RAU/TAU then there is no need to use the RAND-P as input into the integrity protection algorithm in order to have uniquness within every periodic RAU/TAU cycle. In other words, depending on the network behavior the need for the RAND-P is optional.

Action 7.2. The value of the sequence number SN is maintained by the the first network node 504, e.g. the SGSN and/or MME, on a per device basis and is incremented every time the first network node 504, e.g. the SGSN and/or MME, detects the need to page the corresponding device.

- A 16 bit SN value is sufficient if the RAU/TAU procedure is performed at least once every -7.5 days and SN is incremented by the first network node 504, e.g. the SGSN and/or MME, once every 10 seconds.

- - The current value of the sequence number SN is included in each paging request the first network node 504, e.g. the SGSN and/or MME, sends to a second network nodes 506, e.g. BSS/eNB, and is included in corresponding radio interface paging messages sent to the target device, e.g. the communications device 508,.

- By maintaining the SN value in the first network node 504, e.g. the SGSN and/or MME, the first network node 504, e.g. the SGSN and/or MME, does not require knowledge of the radio interface TDMA frame information.

Changing the RAND-P during each RAU/TAU procedure ensures no paging message replay is possible if the sequence number SN is reset to zero after each RAU/TAU Request as per action 7.1. Action 7.3. Upon detecting the need to page any given device, e.g. the

communications device 508, the SGSN/MME performs MAC code generation using the device identity (e.g. the P-TMSI), the secret paging integrity key Kp and the sequence number SN for the communications device 508 and the RAND-P.

- The first network node 504, e.g. the SGSN and/or MME, forwards the MAC code and current value for SN as part of the paging message it sends to the one or more second network nodes 506, e.g. BSS/eNB, serving the applicable paging area. For example, the SGSN sends a PAGING PS PDU to one or more BSS and includes the MAC code and the current SN value as supplemental parameters in the PDU.

- The second network nodes 506, e.g. the BSS/eNB, sends one or more radio

interface paging messages where each includes the MAC code and the current SN value.

Upon receiving a radio interface page with a matching P-TMSI, the

communications device 508 performs MAC code generation. In other words, the communications device 508t generates the XMAC of Figure 3 using its P-TMSI, a secret key, e.g. the secret paging integrity key Kp, and the current values for COUNT and RAND-P. It proceeds with processing the paging request if it detects a MAC Code success, i.e. when the MAC code of the paging message macthes the generated XMAC. Optionally, upon receiving a radio interface page with a matching MAC code it proceedes with processing the paging reequest message. This relates to Actions 904 previously described.

Some eighth exemplifying embodiments

In some eighth exemplifying embodiments in which eDRX cycles are longer than the configured periodic RAU/TAU timer, the counter e.g. the sequence number may instead be based on the eDRX cycle. For example, a common starting point is provided to the communications device 508 and the second network nodes 506, e.g. the base station, in the eDRX cycle negotiation (possibly also a random number may be provided as an input to the integrity protection algorithm as described above) and the counter is incremented with each eDRX cycle until wrap-around.

Note further that in order for the communications device 508 to be protected against replay attacks it must first verify the MAC and then verify the freshness of the counter e.g. verify the sequence number. This may be added as an extension to the paging message definition, see below where the extension has been introduced as a Rel-14 extension.

Paging message

— ASNlSTART

gmg : : = SEQUENCE {

pagingRecordList PagingRecordList

OPTIONAL, — Need ON

systeminfoModification ENUMERATED {true

OPTIONAL, — Need ON

etws-Indication ENUMERATED {true

OPTIONAL, — Need ON

nonCriticalExtension ging-v890-IEs

OPTIONAL ging-v890-IEs ::= SEQUENCE {

lateNonCriticalExtension OCTET STRING

OPTIONAL,

nonCriticalExtension Paging-v920-IEs

OPTIONAL ging-v920-IEs ::= SEQUENCE {

cmas-Indication-r9 ENUMERATED {true}

OPTIONAL, — Need ON

nonCriticalExtension Paging-vll30-IEs OPTIONAL Paging-vll30-IEs ::= SEQUENCE {

eab-ParamModification-rll ENUMERATED {true}

OPTIONAL, — Need ON

nonCriticalExtension Paging-vl310-IEs OPTIONAL

}

Paging-vl310-IEs ::= SEQUENCE {

redistributionIndication-rl3 ENUMERATED {true}

OPTIONAL, —Need ON

systeminfoModification-eDRX-rl3 ENUMERATED {true}

OPTIONAL, — Need ON

nonCriticalExtension Paging-vl XX-IEs

OPTIONAL Paging-vl4XX-IEs ::= SEQUENCE {

mac BIT STRING (SIZE (40) )

OPTIONAL, —Need ON

nonCriticalExtension SEQUENCE { } OPTIONAL } PagingRecordList ::= SEQUENCE (SIZE ( 1.. maxPageRec ) ) OF PagingRecord

PagingRecord ::= SEQUENCE {

ue-Identity PagingUE-Identity,

cn-Domain ENUMERATED {ps, cs},

}

PagingUE-Identity : : CHOICE {

s-TMSI S-TMSI,

imsi IMSI, }

IMSI : := SEQUENCE (SIZE (6..21)) OF IMSI-Digit IMSI-Digit : : = INTEGER (0..9)

— ASN1STOP Some ninth exemplifying embodiments

In some ninth exemplifying embodiments, a new NAS procedure between the communications device 508, e.g. the MS/UE, and the the first network node 504, e.g. an eSGSN/eMME, is introduced to negotiate the use of secure paging mode, see Figure 6. In Figure 6 the procedure is illustrated between the communications device 508, e.g. the MS/UE, and the first network node 504, e.g. the eSGSN. Note that the eSGSN and the eMME corresponds to nodes enhanced to support negotiation of secure paging, and that the procedures are similar in 2G and 4G. The procedure comprises one or more of the following actions. It should be understood that the intention here is to describe actions needed to support negotiation of the use of secure paging and not to describe all actions in the procedure of Figure 6. It should be understood that actions and/or subactions may be performed in another order and that actions and/or subactions may be combined.

Action 9.1. The communications device 508, e.g. the MS/UE, sends an Attach Request to the first network node 504, e.g. the eSGSN, and includes an indication that it supports secure paging and is requesting secure paging to be activated. For example, the indication may be called "secure_paging". The cipher algorithms and integrity protection algorithms supported by the communications device 508, e.g. the MS, may be included in the MS network capability parameters. The MS network capability

parameters may contain or comprise one set of integrity protection algorithms. Action 9.2. The first network node 504, e.g. the eSGSN, obtains Authentication Vector (AVs) (quintets) from a Home Location Register (HLR) / Home Subscriber Server (HSS) based on IMSI.

Action 9.3. The first network node 504, e.g. the eSGSN, checks for the presence of a non-NULL integrity protection algorithm in the MS network capability parameters. If present, the first network node 504, e.g. the eSGSN, selects one integrity protection algorithm from the MS network capability parameters and derives the paging protection key, e.g. Kp 128;) which may then be used for integrity protection of paging messages.

Action 9.4. The first network node 504, e.g. the eSGSN, sends an Authentication and Ciphering request including the chosen cipher algorithm and integrity protection algorithm and MS network capability parameters to the communications device 508, e.g. the MS. The message may include also the "secure_paging" indication which was sent unprotected in action 9.1. Tthereby acknowledging MS support for secure paging and its request to activate it. The Authentication and Ciphering request is integrity protected by a Message Authentication Code GPRS Mobility Management (MAC-GMM).

Action 9.5. If the MAC-GMM is not present, the communications device 508, e.g. the MS, shall terminate the connection. The communications device 508, e.g. the MS, runs UMTS AKA with the USIM and derives the Ki128 and Kc128 from the CK/IK. The MS communications device 508, e.g. the MS, verifies the message authentication code MAC-GMM, and if the check of the MAC-GMM is successful then the communications device 508, e.g. the MS, checks that the echoed MS network capability parameters and the echoed MS radio access capability parameters are the same as the ones it sent. In particular it checks that the "secure_paging" indication is the same as sent in action 9.1. If the verification of MAC-GMM fails or if in any of the capabilities, e.g. the MS Network capabilities, or the MS RAC or "secure_paging" indication, don't match what was sent in action 9.1 the communications device 508, e.g. the MS, terminates the procedure.

Action 9.6. The communications device 508, e.g. the MS, sends Authentication and Ciphering response to the first network node 504, e.g. the eSGSN. The

communications device 508, e.g. the MS, calculates the MAC-GMM using the integrity key Ki128 and the network selected integrity protection algorithm. The first network node 504, e.g. the eSGSN, receives the Authentication and Ciphering Response message and verifies the MAC-GMM, and checks the user response (RES).

Optionally the HLR/HSS requests activation of secure paging. The request may be sent as a part of subscription profile both in home and visited network. Activation of the feature may be done e.g. by the subscriber using the Service Capability Exposure Function (SCEF).

Action 9.7. The first network node 504, e.g. the eSGSN, sends the protected 10V container to the communications device 508, e.g. the MS/UE, as a part of LLC signalling.

Action 9.8. If ciphering is used, the communications device 508, e.g. the MS, activates it by assigning the ciphering key Kc128 and the network selected ciphering algorithm, and uses it for the subsequent messages.

Action 9.9. If ciphering is used, the first network node 504, e.g. the eSGSN, activates it by assigning the ciphering key Kc128 and the network selected ciphering algorithm, and uses it for the subsequent messages. If the communications device 508, e.g. the MS, indicated support for secure paging then first network node 504, e.g. the eSGSN, decides whether to use secure paging based on either local configuration or on request from the HLR/HSS (see Action 9.6).

The first network node 504, e.g. the eSGSN, derives the secure paging key Kp form CK/IK.

Action 9.10. The Attach Accept message is sent integrity protected with MAC- LLC. If the first network node 504, e.g. the eSGSN, decided to provide secure paging the first network node 504, e.g. the eSGSN, includes an indicator that secure paging is activated. If the first network node 504, e.g. the eSGSN, is responsible for assigning the freshness parameter (e.g. the new device identifier from the first embodiment, or the RAND-P from the second embodiment), then this parameter is sent integrity protected to the communications device 508, e.g. the MS.

Action 9.1 1. The communications device 508, e.g. the MS, verifies the MAC-LLC, and the secure paging mode negotiation is completed. The communications device 508, e.g. the MS, derives the secure paging key Kp form CK/IK. If the communications device 508, e.g. the MS, verifies the MAC-LLC but determines the The first network node 504, e.g. the eSGSN/eMME, has denied its request to activate secure paging then it may choose to perform a Detach wherein it indicates a corresponding cause code (e.g.

secure paging denied by network).

Action 9.12. The first network node 504, e.g. the eSGSN, sends the Paging PS

PDU to the RAN, including the paging key (Kp), and optionally the freshness parameter if agreed between the communications device 508, e.g. the MS, and first network node 504, e.g. the eSGSN (e.g. new device identifier or RAND-P). The negotiation for use of secure paging would work in EPC in a very similar fashion:

- The communications device 508, e.g. the MS/UE, security capabilities are sent to the network in Attach, or TAU request. These messages carry the UE capability of understanding secure paging.

- The UE security capabilities are echoed back to the communications device 508, e.g. the MS/UE, in the NAS Security Mode Command (not in the Authentication and Ciphering Request). This message is integrity protected.

- The policy decision of activating the secure paging is sent to the communications device 508, e.g. the MS/UE, in the Attach/TAU Accept that is integrity protected.

When the word "comprise" or "comprising" is used in this disclosure it shall be interpreted as non-limiting, i.e. meaning "consist at least of".

Modifications and other variants of the described embodiment(s) will come to mind to one skilled in the art having the benefit of teachings presented in the foregoing descriptions and the associated drawings. Therefore, it is to be understood that the embodiment(s) herein is/are not be limited to the specific examples disclosed and that modifications and other variants are intended to be included within the scope of this disclosure. Although specific terms may be employed herein, they are used in a generic and descriptive sense only and not for purposes of limitation.

Claims

1. A method performed by a network node (504,506) for enabling secure paging of a communications device (508), wherein the network node (504,506) and the communications device (508) operate in a wireless communications network (500), and wherein the method comprises:

- obtaining (701) a sequence number that is unique to each communications device (508) specific paging occasion that occurs within a period of time;

- generating (702) a Message Authentication Code, MAC, for a paging message to be transmitted in a specific paging occasion using the sequence number, and

- transmitting (703) the paging message comprising the generated MAC, whereby secure paging of the communications device (508) is enabled.

2. The method of claim 1 , wherein the obtaining (701) of the sequence number comprises:

- obtaining the sequence number from one or more control channels, which one or more channels are to be used to transmit the paging message to the

communications device (508) over a radio interface. 3. The method of claim 1 or 2, wherein the network node (504,506) is a radio network node (506), wherein the sequence number comprises frame number information specific to the paging occasion used for transmitting the paging message, and wherein the generating (702) of the MAC using the sequence number comprises:

- generating the MAC using a secret key, the sequence number and an identifier for the communications device (508).

4. The method of claim 1 or 2, wherein the network node (504,506) is a radio network node (506), wherein the sequence number comprises frame number information specific to the paging occasion used for transmitting the paging message, and wherein the generating (702) of the MAC using the sequence number comprises:

- generating the MAC using a secret key, an identifier for the communications device (508), the sequence number and a random number for the communications device (508).

5. The method of claim 1 or 2, wherein the network node (504,506) is a radio network node (506), wherein the sequence number comprises frame number information specific to the paging occasion used for transmitting the paging message and a frame number extension, and wherein the generating (702) of the MAC using the sequence number comprises:

- generating the MAC using a secret key, the sequence number and an identifier and/or a random number for the communications device (508).

6. The method of any one of claims 3-5, wherein:

- the frame number information comprises a Time Division Multiple Access,

TDMA, frame number, and wherein

- the period of time has a value lower than a total time spanned by a full range of TDMA frame numbers. 7. The method of claim 6, comprising:

- setting a periodic Routing Area Update, RAU, timer to a value that is lower than the total time spanned by the full range of TDMA frame numbers; and

- assigning a new identifier and/or a random number to the communications device (508) at every periodic routing or tracking area update.

8. The method of any one of claims 3-5, wherein:

- the frame number information comprises a System Frame Number, SFN, and wherein the period of time has a value lower than a total time spanned by a full range of SFNs.

9. The method of claim 8, comprising:

- setting a periodic Routing Area Update, RAU, or Tracking Area Update, TAU, timer to a value that is lower than the total time spanned by the full range of SFNs; and

10. The method of claim 1 or 2, wherein the network node (504, 506) is a core network node (504), and wherein the generating (702) of the MAC using the sequence number comprises: - generating the MAC using the sequence number, a secret key, and an identifier and/or a random number for the communications device (508).

1 1. The method of claim 10, comprising:

- setting the sequence number to zero upon reception of a Routing Area

Update, RAU, or Tracking Area Update, TAU, request; and

- incrementing the sequence number at predetermined time points, and wherein the transmitted paging message comprises a supplemental parameter indicating whether or not the communications device (508) is to decrement the sequence number before attempting to verify MAC included in the paging message.

12. The method of claim 10, wherein the paging message comprises the sequence number used in generating the MAC. 13. A method performed by a communications device (508) for secure paging, wherein the communications device (508) and a network node (504,506) operate in a wireless communications network (500), and wherein the method comprises:

- obtaining (901) a sequence number that is unique to each communications device (508) specific paging occasion that occurs within a period of time;

- generating (902) an expected Message Authentication Code, XMAC, for a paging message to be received in a device specific paging occasion, wherein the XMAC is generated using the sequence number;

- receiving (903), from the network node (504,506), a paging message in the device specific paging occasion which paging message comprises a MAC generated by the network node (504,506); and

- when the generated XMAC matches the MAC of the paging message, processing the paging message.

14. The method of claim 13, wherein the obtaining (901) of the sequence number comprises:

- obtaining the sequence number from one or more control channels, which one or more channels are to be used to receive the paging message over a radio interface.

15. The method of claim 13, wherein the received paging message comprises the sequence number used in generating the MAC.

16. The method of any one of claims 13-15, wherein the generating (902) of the XMAC using the sequence number comprises:

- generating the XMAC using a secret key, the sequence number and an identifier and/or a random number for the communications device (508).

17. The method of any one of claims 13-16, wherein the sequence number specific to the paging occasion used for receiving the paging message comprises frame number information and a frame number extension and wherein the frame number information comprises a Time Division Multiple Access, TDMA, frame number, and wherein the period of time has a value lower than a total time spanned by a full range of TDMA frame numbers.

18. The method of any one of claims 13-16, wherein the sequence number specific to the paging occasion used for receiving the paging message comprises frame number information and a frame number extension and wherein the frame number information comprises a System Frame Number, SFN, and wherein the period of time has a value lower than a total time spanned by a full range of SFNs.

19. The method of any one of claim 13-18, comprising:

- when the generated XMAC does not match the MAC of the paging message, generating the XMAC using a secret key, a previous sequence number and an identifier and/or a random number for the communications device (508).

20. The method of any one of claim 13-18, comprising:

- when in receipt of an indication that the communications device (508) is to decrement the sequence number before attempting to verify the MAC included in the paging message, the generating (902) of the XMAC using the sequence number comprises:

- generating the XMAC using a secret key, the sequence number value reduced by one and an identifier and/or a random number for the communications device (508).

21. A network node (504,506) for secure paging of a communications device (508), wherein the network node (504,506) and the communications device (508) are configured to operate in a wireless communications network (500), and wherein the network node (504,506) is configured to:

- obtain a sequence number that is unique to each communications device

(508) specific paging occasion that occurs within a period of time;

- generate a Message Authentication Code, MAC, for a paging message to be transmitted in a specific paging occasion, wherein the XMAC is generated using the sequence number, and

- transmit the paging message comprising the generated MAC.

22. The network node (504,506) of claim 21 , wherein the network node (504,506) is configured to obtain the sequence number by being configured to:

- obtain the sequence number from one or more control channels, which one or more channels are to be used to transmit the paging message to the communications device (508) over a radio interface.

23. The network node (504,506) of claim 21 or 22, wherein the network node (504,506) is a radio network node (506), wherein the sequence number comprises frame number information specific to the paging occasion used for transmitting the paging message, and wherein the network node (504,506) is configured to generate the MAC using the sequence number by being configured to:

- generate the MAC using a secret key, the sequence number and an identifier for the communications device (508).

24. The network node (504,506) of claim 21 or 22, wherein the network node (504,506) is a radio network node (506), wherein the sequence number comprises frame number information specific to the paging occasion used for transmitting the paging message, and wherein the network node (504,506) is configured to generate the MAC using the sequence number by being configured to:

- generate the MAC using a secret key, the sequence number, an identifier for the communications device (508), and a random number for the communications device (508).

25. The network node (504,506) of claim 21 or 22, wherein the network node (504,506) is a radio network node (506), wherein the sequence number comprises frame number information specific to the paging occasion used for transmitting the paging message and a frame number extension, and wherein the network node (504,506) is configured to generate the MAC using the sequence number by being configured to:

- generate the MAC using a secret key, the sequence number and an identifier and/or a random number for the communications device (508).

26. The network node (504,506) of any one of claims 21-25, wherein:

- the frame number information comprises a Time Division Multiple Access,

TDMA, frame number, and wherein

- the period of time has a value lower than a total time spanned by a full range of TDMA frame numbers. 27. The network node (504,506) of claim 26, being configured to:

- set a periodic Routing Area Update, RAU, timer to a value that is lower than the total time spanned by the full range of TDMA frame numbers; and

- assign a new identifier and/or a random number to the communications device (508) at every periodic routing or tracking area update.

28. The network node (504,506) of any one of claims 21-26, wherein:

29. The network node (504,506) of claim 28, being configured to:

- set a periodic Routing Area Update, RAU, or Tracking Area Update, TAU, timer to a value that is lower than the total time spanned by the full range of SFNs; and

30. The network node (504,506) of claim 21 or 22, wherein the network node (504, 506) is a core network node (504), and wherein the network node (504,506) is configured to generate the MAC using the sequence number by being configured to:

- generate the MAC using the sequence number, a secret key, and an identifier and/or a random number for the communications device (508).

31. The network node (504,506) of claim 30, being configured to:

- set the sequence number to zero upon reception of a Routing Area Update, RAU, or Tracking Area Update, TAU, request; and

- increment the sequence number at predetermined time points, and wherein the transmitted paging message comprises a supplemental parameter indicating whether or not the communications device (508) is to decrement the sequence number before attempting to verify MAC included in the paging message.

32. The network node (504,506) of claim 30, wherein the paging message comprises the sequence number used in generating the MAC.

33. A communications device (508) for secure paging, wherein the

communications device (508) and a network node (504,506) are configured to operate in a wireless communications network (500), and wherein the communications device (508) is configured to:

- obtain a sequence number that is unique to each communications device (508) specific paging occasion that occurs within a period of time;

- generate an expected Message Authentication Code, XMAC, for a paging message to be received in a device specific paging occasion using the sequence number;

- receive, from the network node (504,506), a paging message in the device specific paging occasion which paging message comprises a MAC generated by the network node (504,506); and

- process the paging message when the generated XMAC matches the MAC of the paging message.

34. The communications device (508) of claim 33, wherein the communications device (508) is configured to obtain the sequence number by being configured to:

- obtain the sequence number from one or more control channels, which one or more channels are to be used to receive the paging message over a radio interface.

35. The communications device (508) of claim 33, wherein the received paging message comprises the sequence number used in generating the MAC.

36. The communications device (508) of claim 33-35, wherein the communications device (508) is configured to generate the XMAC using the sequence number by being configured to:

- generate the XMAC using a secret key, the sequence number and an identifier and/or a random number for the communications device (508).

37. The communications device (508) of claim 33-36, wherein the sequence number specific to the paging occasion used for receiving the paging message comprises frame number information and a frame number extension and wherein the frame number information comprises a Time Division Multiple Access, TDMA, frame number, and wherein the period of time has a value lower than a total time spanned by a full range of TDMA frame numbers.

38. The communications device (508) of any one of claims 33-36, wherein the sequence number specific to the paging occasion used for receiving the paging message comprises frame number information and a frame number extension and wherein the frame number information comprises a System Frame Number, SFN, and wherein the period of time has a value lower than a total time spanned by a full range of SFNs. 39. The communications device (508) of any one of claims 33-38, being configured to:

- when the generated XMAC does not match the MAC of the paging message, generate the XMAC using a secret key, a previous sequence number and an identifier and/or a random number for the communications device (508).

40. The communications device (508) of any one of claims 33-38, being configured to:

- when in receipt of an indication that the communications device (508) is to decrement the sequence number before attempting to verify the MAC included in the paging message, generate the XMAC using a secret key, the sequence number value reduced by one and an identifier and/or a random number for the communications device (508).

41. A computer program, comprising instructions which, when executed on at least one processor, causes the at least one processor to carry out the method according to any one of claims 1-20.

42. A carrier comprising the computer program of claim 41 , wherein the carrier is one of an electronic signal, an optical signal, a radio signal, or a computer readable storage medium.