WO2019148339A1 - Techniques and apparatuses for selective trust of an area update reject message - Google Patents

Techniques and apparatuses for selective trust of an area update reject message Download PDF

Info

Publication number
WO2019148339A1
WO2019148339A1 PCT/CN2018/074660 CN2018074660W WO2019148339A1 WO 2019148339 A1 WO2019148339 A1 WO 2019148339A1 CN 2018074660 W CN2018074660 W CN 2018074660W WO 2019148339 A1 WO2019148339 A1 WO 2019148339A1
Authority
WO
WIPO (PCT)
Prior art keywords
base station
frequency
barring
cell
area identifier
Prior art date
Application number
PCT/CN2018/074660
Other languages
French (fr)
Inventor
Xuepan GUAN
Shiau-He Tsai
Jiming Guo
Nitin Pant
Original Assignee
Qualcomm Incorporated
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Qualcomm Incorporated filed Critical Qualcomm Incorporated
Priority to PCT/CN2018/074660 priority Critical patent/WO2019148339A1/en
Publication of WO2019148339A1 publication Critical patent/WO2019148339A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W60/00Affiliation to network, e.g. registration; Terminating affiliation with the network, e.g. de-registration
    • H04W60/04Affiliation to network, e.g. registration; Terminating affiliation with the network, e.g. de-registration using triggered events
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W48/00Access restriction; Network selection; Access point selection
    • H04W48/08Access restriction or access information delivery, e.g. discovery data delivery
    • H04W48/14Access restriction or access information delivery, e.g. discovery data delivery using user query or user detection

Definitions

  • aspects of the present disclosure generally relate to wireless communication, and more particularly to techniques and apparatuses for selective trust of an area update reject message.
  • Wireless communication systems are widely deployed to provide various telecommunication services such as telephony, video, data, messaging, and broadcasts.
  • Typical wireless communication systems may employ multiple-access technologies capable of supporting communication with multiple users by sharing available system resources (e.g., bandwidth, transmit power, and/or the like) .
  • multiple-access technologies include code division multiple access (CDMA) systems, time division multiple access (TDMA) systems, frequency-division multiple access (FDMA) systems, orthogonal frequency-division multiple access (OFDMA) systems, single-carrier frequency-division multiple access (SC-FDMA) systems, time division synchronous code division multiple access (TD-SCDMA) systems, and Long Term Evolution (LTE) .
  • LTE/LTE-Advanced is a set of enhancements to the Universal Mobile Telecommunications System (UMTS) mobile standard promulgated by the Third Generation Partnership Project (3GPP) .
  • UMTS Universal Mobile Telecommunications System
  • a wireless communication network may include a number of base stations (BSs) that can support communication for a number of user equipment (UEs) .
  • a user equipment (UE) may communicate with a base station (BS) via the downlink and uplink.
  • the downlink (or forward link) refers to the communication link from the BS to the UE
  • the uplink (or reverse link) refers to the communication link from the UE to the BS.
  • a BS may be referred to as a Node B, a gNB, an access point (AP) , a radio head, a transmit receive point (TRP) , a new radio (NR) BS, a 5G Node B, and/or the like.
  • New radio which may also be referred to as 5G, is a set of enhancements to the LTE mobile standard promulgated by the Third Generation Partnership Project (3GPP) .
  • NR is designed to better support mobile broadband Internet access by improving spectral efficiency, lowering costs, improving services, making use of new spectrum, and better integrating with other open standards using orthogonal frequency division multiplexing (OFDM) with a cyclic prefix (CP) (CP-OFDM) on the downlink (DL) , using CP-OFDM and/or SC-FDM (e.g., also known as discrete Fourier transform spread OFDM (DFT-s-OFDM) ) on the uplink (UL) , as well as supporting beamforming, multiple-input multiple-output (MIMO) antenna technology, and carrier aggregation.
  • OFDM orthogonal frequency division multiplexing
  • SC-FDM e.g., also known as discrete Fourier transform spread OFDM (DFT-s-OFDM)
  • DFT-s-OFDM discrete Fourier transform spread OFDM
  • MIMO multiple-input multiple-output
  • a method of wireless communication performed by a user equipment may include receiving a reject message associated with an area update or attach procedure, wherein the reject message identifies at least one of a frequency or an area identifier; and selectively barring a cell associated with a base station from which the reject message is received, or barring at least one of the frequency or the area identifier, based at least in part on whether a security context is activated with regard to the base station.
  • a user equipment for wireless communication may include memory and one or more processors operatively coupled to the memory.
  • the memory and the one or more processors may be configured to receive a reject message associated with an area update or attach procedure, wherein the reject message identifies at least one of a frequency or an area identifier; and selectively bar a cell associated with a base station from which the reject message is received, or bar at least one of the frequency or the area identifier, based at least in part on whether a security context is activated with regard to the base station.
  • a non-transitory computer-readable medium may store one or more instructions for wireless communication.
  • the one or more instructions when executed by one or more processors of a user equipment, may cause the one or more processors to receive a reject message associated with an area update or attach procedure, wherein the reject message identifies at least one of a frequency or an area identifier; and selectively bar a cell associated with a base station from which the reject message is received, or bar at least one of the frequency or the area identifier, based at least in part on whether a security context is activated with regard to the base station.
  • an apparatus for wireless communication may include means for receiving a reject message associated with an area update or attach procedure, wherein the reject message identifies at least one of a frequency or an area identifier; and means for selectively barring a cell associated with a base station from which the reject message is received, or barring at least one of the frequency or the area identifier, based at least in part on whether a security context is activated with regard to the base station.
  • Fig. 1 is a block diagram conceptually illustrating an example of a wireless communication network, in accordance with various aspects of the present disclosure.
  • Fig. 2 is a block diagram conceptually illustrating an example of a base station in communication with a user equipment (UE) in a wireless communication network, in accordance with various aspects of the present disclosure.
  • UE user equipment
  • Figs. 3A and 3B are diagrams illustrating examples of performing cell reselection based at least in part on whether an area update reject message is trusted, in accordance with various aspects of the present disclosure.
  • Fig. 4 is a diagram illustrating an example process performed, for example, by a user equipment (UE) , in accordance with various aspects of the present disclosure.
  • UE user equipment
  • aspects may be described herein using terminology commonly associated with 3G and/or 4G wireless technologies, aspects of the present disclosure can be applied in other generation-based communication systems, such as 5G and later, including NR technologies.
  • Fig. 1 is a diagram illustrating a network 100 in which aspects of the present disclosure may be practiced.
  • the network 100 may be an LTE network or some other wireless network, such as a 5G or NR network.
  • Wireless network 100 may include a number of BSs 110 (shown as BS 110a, BS 110b, BS 110c, and BS 110d) and other network entities.
  • a BS is an entity that communicates with user equipment (UEs) and may also be referred to as a base station, a NR BS, a Node B, a gNB, a 5G node B (NB) , an access point, a transmit receive point (TRP) , and/or the like.
  • Each BS may provide communication coverage for a particular geographic area.
  • the term “cell” can refer to a coverage area of a BS and/or a BS subsystem serving this coverage area, depending on the context in which the term is used.
  • a BS may provide communication coverage for a macro cell, a pico cell, a femto cell, and/or another type of cell.
  • a macro cell may cover a relatively large geographic area (e.g., several kilometers in radius) and may allow unrestricted access by UEs with service subscription.
  • a pico cell may cover a relatively small geographic area and may allow unrestricted access by UEs with service subscription.
  • a femto cell may cover a relatively small geographic area (e.g., a home) and may allow restricted access by UEs having association with the femto cell (e.g., UEs in a closed subscriber group (CSG) ) .
  • a BS for a macro cell may be referred to as a macro BS.
  • a BS for a pico cell may be referred to as a pico BS.
  • a BS for a femto cell may be referred to as a femto BS or a home BS.
  • a BS 110a may be a macro BS for a macro cell 102a
  • a BS 110b may be a pico BS for a pico cell 102b
  • a BS 110c may be a femto BS for a femto cell 102c.
  • a BS may support one or multiple (e.g., three) cells.
  • eNB base station
  • NR BS NR BS
  • gNB gNode B
  • AP AP
  • node B node B
  • 5G NB 5G NB
  • cell may be used interchangeably herein.
  • a cell may not necessarily be stationary, and the geographic area of the cell may move according to the location of a mobile BS.
  • the BSs may be interconnected to one another and/or to one or more other BSs or network nodes (not shown) in the access network 100 through various types of backhaul interfaces such as a direct physical connection, a virtual network, and/or the like using any suitable transport network.
  • Wireless network 100 may also include relay stations.
  • a relay station is an entity that can receive a transmission of data from an upstream station (e.g., a BS or a UE) and send a transmission of the data to a downstream station (e.g., a UE or a BS) .
  • a relay station may also be a UE that can relay transmissions for other UEs.
  • a relay station 110d may communicate with macro BS 110a and a UE 120d in order to facilitate communication between BS 110a and UE 120d.
  • a relay station may also be referred to as a relay BS, a relay base station, a relay, and/or the like.
  • Wireless network 100 may be a heterogeneous network that includes BSs of different types, e.g., macro BSs, pico BSs, femto BSs, relay BSs, and/or the like. These different types of BSs may have different transmit power levels, different coverage areas, and different impact on interference in wireless network 100.
  • macro BSs may have a high transmit power level (e.g., 5 to 40 Watts) whereas pico BSs, femto BSs, and relay BSs may have lower transmit power levels (e.g., 0.1 to 2 Watts) .
  • a network controller 130 may couple to a set of BSs and may provide coordination and control for these BSs.
  • Network controller 130 may communicate with the BSs via a backhaul.
  • the BSs may also communicate with one another, e.g., directly or indirectly via a wireless or wireline backhaul.
  • UEs 120 may be dispersed throughout wireless network 100, and each UE may be stationary or mobile.
  • a UE may also be referred to as an access terminal, a terminal, a mobile station, a subscriber unit, a station, and/or the like.
  • a UE may be a cellular phone (e.g., a smart phone) , a personal digital assistant (PDA) , a wireless modem, a wireless communication device, a handheld device, a laptop computer, a cordless phone, a wireless local loop (WLL) station, a tablet, a camera, a gaming device, a netbook, a smartbook, an ultrabook, medical device or equipment, biometric sensors/devices, wearable devices (smart watches, smart clothing, smart glasses, smart wrist bands, smart jewelry (e.g., smart ring, smart bracelet) ) , an entertainment device (e.g., a music or video device, or a satellite radio) , a vehicular component or sensor, smart meters/sensors, industrial manufacturing equipment, a global positioning system device, or any other suitable device that is configured to communicate via a wireless or wired medium.
  • PDA personal digital assistant
  • WLL wireless local loop
  • MTC and eMTC UEs include, for example, robots, drones, remote devices, such as sensors, meters, monitors, location tags, and/or the like, that may communicate with a base station, another device (e.g., remote device) , or some other entity.
  • a wireless node may provide, for example, connectivity for or to a network (e.g., a wide area network such as Internet or a cellular network) via a wired or wireless communication link.
  • Some UEs may be considered Internet-of-Things (IoT) devices, and/or may be implemented as may be implemented as NB-IoT (narrowband internet of things) devices. Some UEs may be considered a Customer Premises Equipment (CPE) .
  • UE 120 may be included inside a housing that houses components of UE 120, such as processor components, memory components, and/or the like.
  • any number of wireless networks may be deployed in a given geographic area.
  • Each wireless network may support a particular RAT and may operate on one or more frequencies.
  • a RAT may also be referred to as a radio technology, an air interface, and/or the like.
  • a frequency may also be referred to as a carrier, a frequency channel, and/or the like.
  • Each frequency may support a single RAT in a given geographic area in order to avoid interference between wireless networks of different RATs.
  • NR or 5G RAT networks may be deployed.
  • two or more UEs 120 may communicate directly using one or more sidelink channels (e.g., without using a BS 110 as an intermediary to communicate with one another) .
  • the UEs 120 may communicate using peer-to-peer (P2P) communications, device-to-device (D2D) communications, a vehicle-to-everything (V2X) protocol (e.g., which may include a vehicle-to-vehicle (V2V) protocol, a vehicle-to-infrastructure (V2I) protocol, and/or the like) , a mesh network, and/or the like.
  • V2X vehicle-to-everything
  • the UE 120 may perform scheduling operations, resource selection operations, and/or other operations described elsewhere herein as being performed by the BS 110.
  • Fig. 1 is provided merely as an example. Other examples are possible and may differ from what was described with regard to Fig. 1.
  • Fig. 2 shows a block diagram of a design 200 of BS 110 and UE 120, which may be one of the base stations and one of the UEs in Fig. 1.
  • BS 110 may be equipped with T antennas 234a through 234t
  • UE 120 may be equipped with R antennas 252a through 252r, where in general T ⁇ 1 and R ⁇ 1.
  • a transmit processor 220 may receive data from a data source 212 for one or more UEs, select one or more modulation and coding schemes (MCS) for each UE based at least in part on channel quality indicators (CQIs) received from the UE, process (e.g., encode and modulate) the data for each UE based at least in part on the MCS (s) selected for the UE, and provide data symbols for all UEs. Transmit processor 220 may also process system information (e.g., for semi-static resource partitioning information (SRPI) and/or the like) and control information (e.g., CQI requests, grants, upper layer signaling, and/or the like) and provide overhead symbols and control symbols.
  • MCS modulation and coding schemes
  • Transmit processor 220 may also generate reference symbols for reference signals (e.g., the cell-specific reference signal (CRS) ) and synchronization signals (e.g., the primary synchronization signal (PSS) and secondary synchronization signal (SSS) ) .
  • a transmit (TX) multiple-input multiple-output (MIMO) processor 230 may perform spatial processing (e.g., precoding) on the data symbols, the control symbols, the overhead symbols, and/or the reference symbols, if applicable, and may provide T output symbol streams to T modulators (MODs) 232a through 232t. Each modulator 232 may process a respective output symbol stream (e.g., for OFDM and/or the like) to obtain an output sample stream.
  • TX transmit
  • MIMO multiple-input multiple-output
  • Each modulator 232 may process a respective output symbol stream (e.g., for OFDM and/or the like) to obtain an output sample stream.
  • Each modulator 232 may further process (e.g., convert to analog, amplify, filter, and upconvert) the output sample stream to obtain a downlink signal.
  • T downlink signals from modulators 232a through 232t may be transmitted via T antennas 234a through 234t, respectively.
  • the synchronization signals can be generated with location encoding to convey additional information.
  • antennas 252a through 252r may receive the downlink signals from BS 110 and/or other base stations and may provide received signals to demodulators (DEMODs) 254a through 254r, respectively.
  • Each demodulator 254 may condition (e.g., filter, amplify, downconvert, and digitize) a received signal to obtain input samples.
  • Each demodulator 254 may further process the input samples (e.g., for OFDM and/or the like) to obtain received symbols.
  • a MIMO detector 256 may obtain received symbols from all R demodulators 254a through 254r, perform MIMO detection on the received symbols if applicable, and provide detected symbols.
  • a receive processor 258 may process (e.g., demodulate and decode) the detected symbols, provide decoded data for UE 120 to a data sink 260, and provide decoded control information and system information to a controller/processor 280.
  • a channel processor may determine reference signal received power (RSRP) , received signal strength indicator (RSSI) , reference signal received quality (RSRQ) , channel quality indicator (CQI) , and/or the like.
  • a transmit processor 264 may receive and process data from a data source 262 and control information (e.g., for reports comprising RSRP, RSSI, RSRQ, CQI, and/or the like) from controller/processor 280. Transmit processor 264 may also generate reference symbols for one or more reference signals. The symbols from transmit processor 264 may be precoded by a TX MIMO processor 266 if applicable, further processed by modulators 254a through 254r (e.g., for DFT-s-OFDM, CP-OFDM, and/or the like) , and transmitted to BS 110.
  • modulators 254a through 254r e.g., for DFT-s-OFDM, CP-OFDM, and/or the like
  • the uplink signals from UE 120 and other UEs may be received by antennas 234, processed by demodulators 232, detected by a MIMO detector 236 if applicable, and further processed by a receive processor 238 to obtain decoded data and control information sent by UE 120.
  • Receive processor 238 may provide the decoded data to a data sink 239 and the decoded control information to controller/processor 240.
  • BS 110 may include communication unit 244 and communicate to network controller 130 via communication unit 244.
  • Network controller 130 may include communication unit 294, controller/processor 290, and memory 292.
  • one or more components of UE 120 may be included in a housing. Controller/processor 240 of BS 110, controller/processor 280 of UE 120, and/or any other component (s) of Fig. 2 may perform one or more techniques associated with selective trust of an area update reject message, as described in more detail elsewhere herein. For example, controller/processor 240 of BS 110, controller/processor 280 of UE 120, and/or any other component (s) of Fig. 2 may perform or direct operations of, for example, process 400 of Fig. 4 and/or other processes as described herein.
  • Memories 242 and 282 may store data and program codes for BS 110 and UE 120, respectively.
  • a scheduler 246 may schedule UEs for data transmission on the downlink and/or uplink.
  • UE 120 may include means for receiving a reject message associated with an area update or attach procedure; means for selectively barring a cell associated with a base station from which the reject message is received, or barring at least one of the frequency or the area identifier, based at least in part on whether a security context is activated with regard to the base station; means for selecting a different cell on which to camp after barring the cell associated with the base station; means for selecting a particular cell associated with another frequency or another area identifier on which to camp after barring the at least one of the frequency or the area identifier; means for storing information identifying the cell as not to be trusted based at least in part on the security context not being activated with regard to the base station; means for receiving a release message from the base station; means for entering an idle state; and/or the like.
  • such means may include one or more components of UE 120 described in connection with Fig. 2.
  • Fig. 2 is provided merely as an example. Other examples are possible and may differ from what was described with regard to Fig. 2.
  • a UE may camp on a cell associated with (e.g., provided by) a base station, and may perform a registration procedure, such as a location area update (LAU) , a routing area update (RAU) , a tracking area update (TAU) , an attach procedure, and/or the like.
  • the base station may accept registration of the UE, or may reject registration of the UE.
  • the base station may transmit a reject message to the UE identifying a frequency or area identifier of the cell (e.g., a location area identifier (LAI) , a routing area identifier (RAI) , a tracking area identifier (TAI) , etc. ) .
  • the UE may add the frequency or area identifier to a list (e.g., a forbidden list) and may detach or decamp from the cell.
  • the UE may scan for a new target cell, and may again identify the cell.
  • the UE may scan a system information block of the cell, may determine that the cell is associated with the frequency or area identifier, and may not attempt to attach to the cell.
  • a UE may add a frequency or area identifier to a list, scan a cell associated with the frequency or area identifier, and subsequently determine not to attach to the cell.
  • not all reject messages should be trusted. For example, if a UE has not activated a security context with a particular base station, the UE may not know whether the reject message is authentic, or whether the reject message should be trusted.
  • Some techniques and apparatuses described herein determine whether a reject message of a base station should be trusted based at least in part on whether a security context has been activated with regard to the base station.
  • the UE may add a frequency or area identifier identified by the reject message to a list (e.g., a forbidden list) based at least in part on an assumption that the base station that transmitted the reject message should be trusted because of the security context being activated.
  • the UE may add a frequency or cell identifier of a cell of the base station to the list (e.g., the forbidden list) on the assumption that the reject message may be malicious or misdirected.
  • the UE may automatically select a different cell (e.g., when the security context is not active) or a cell associated with a different frequency or area identifier (e.g., when the security context is active) , which saves resources that would otherwise be used to rescan an original cell to which the UE was connected.
  • a different cell e.g., when the security context is not active
  • a cell associated with a different frequency or area identifier e.g., when the security context is active
  • security of the TAU/LAU/RAU procedure is improved and UE and/or base station resources, associated with scanning and identifying a forbidden cell, are conserved.
  • security of the UE may be improved in the case wherein an untrusted cell or base station is added to the forbidden list.
  • Figs. 3A and 3B are diagrams illustrating examples 300 of performing cell reselection based at least in part on whether an area update reject message is trusted, in accordance with various aspects of the present disclosure.
  • the UE 120 and the BS 110 may be associated with an not active security context.
  • the UE 120 and the BS 110 may have exchanged keys (e.g., a cipher key, an integrity key, etc. ) that may be used to sign and/or encrypt communications of the UE 120 and the BS 110.
  • keys e.g., a cipher key, an integrity key, etc.
  • communications between the UE 120 and the BS 110 may be more trustworthy than when the UE 120 and the BS 110 are not associated with an active security context.
  • the UE 120 may camp on a cell associated with (e.g., provided by) the BS 110.
  • the UE 120 may initiate an area update or attach procedure.
  • the area update or attach procedure may include a TAU procedure, a LAU procedure, a RAU procedure, an attach procedure, and/or the like.
  • the UE 120 may initiate the area update or attach procedure based at least in part on detecting a new area (e.g., a new tracking area, a new location area, a new routing area) , based at least in part on camping on the cell associated with BS 110, and/or the like.
  • the UE 120 may provide an area update or attach request.
  • the area update or attach request may include a TAU request, a LAU request, a RAU request, an attach request, and/or the like.
  • the area update or attach request may identify an area identifier or cell.
  • the UE 120 may provide information identifying the area identifier or cell for which the UE 120 is to perform the area update or attach procedure. Additionally, or alternatively, the UE 120 may provide information identifying a selected network for which the UE 120 is to perform the area update or attach procedure.
  • the BS 110 may determine that the area update or attach request is to be rejected. For example, the BS 110 may determine that the area update or attach request is to be rejected based at least in part on load balancing, a number of UEs connected to the cell and/or the BS 110, a security condition, and/or the like.
  • the BS 110 may provide information indicating that a TAI or LAI identified by the area update or attach request is to be added to a list (e.g., a forbidden list) associated with the UE 120. In some aspects, the BS 110 may provide information indicating that a frequency associated with the cell is to be added to the list. As shown by reference number 314, the BS 110 may provide an instruction to the UE 120 to release the connection between the UE 120 and the BS 110. For example, the BS 110 may provide a release message, such as a radio resource control (RRC) release message, and/or the like. The UE 120 may release the connection with the cell associated with the BS 110 based at least in part on the release message.
  • RRC radio resource control
  • the UE 120 may bar the cell associated with BS 110 based at least in part on the security context being not active. For example, the UE 120 may add a frequency or cell identifier associated with the cell to a list (e.g., a forbidden list, etc. ) .
  • the security context is not active, the UE 120 may not be able to ascertain whether the reject message provided by the BS 110 (e.g., identifying the TAI or LAI) is to be trusted or is genuine. Therefore, the UE 120 may bar the cell associated with the BS 110. Thus, security of the UE 120 may be improved.
  • the UE 120 may select a different cell on which to camp. For example, after releasing the connection with the BS 110, the UE 120 may identify a different cell (e.g., a cell that is not barred) and may camp on the different cell. In this way, the UE 120 may determine that a cell associated with the BS 110 is not to be trusted based at least in part on receiving a reject message for an area update or attach procedure without having established a security context, and may bar the cell associated with the BS 110. Thus, security of the UE 120 is improved.
  • a different cell e.g., a cell that is not barred
  • Fig. 3B shows an example call flow for a scenario wherein the security context between the UE 120 and the BS 110 has been activated, as shown by reference number 320.
  • the UE 120 may camp on a cell associated with the BS 110.
  • the UE 120 may initiate an area update or attach procedure with the BS 110.
  • the UE 120 may provide an area update or attach request, as described in more detail herein.
  • the BS 110 may determine to reject the area update or attach request.
  • the BS 110 may provide a reject message indicating that the UE 120 is to add a TAI or LAI associated with the target network to a list (e.g., a forbidden list) .
  • the BS 110 may provide a release message to cause the UE 120 to release the connection with the BS 110.
  • the UE 120 may bar the frequency or area identifier identified by the reject message based at least in part on the security context being active. For example, the UE 120 may verify a cipher or integrity value of the reject message, and may determine that the reject message is authentic based at least in part on the cipher or integrity value being verified successfully. Accordingly, the UE 120 may trust the reject message.
  • the UE 120 may add a TAI or LAI associated with the target network to information stored by or associated with the UE 120. For example, the UE 120 may store information identifying the TAI or LAI. Additionally, or alternatively, the UE 120 may add information identifying a target network of the area update or attach procedure to the information. In this way, the UE 120 determines that the reject message is to be trusted based at least in part on the security context being active, and adds a TAI or LAI associated with the security update to the list (e.g., the forbidden list) accordingly.
  • the list e.g., the forbidden list
  • the UE 120 may select a cell associated with a different frequency or area identifier on which to camp. For example, the UE 120 may select a selected cell (provided by the BS 110 or a different BS) that is associated with a different TAI, a different LAI, a different target network, and/or the like. The UE 120 may camp on the selected cell, and/or may perform an area update or attach procedure with regard to the selected cell. In this way, the UE 120 selectively bars a frequency or area identifier identified by a reject message, or a cell via which the reject message is provided, based at least in part on whether a BS 110 associated with the cell is associated with an active security context. Thus, security of the UE 120 is improved.
  • Figs. 3A and 3B are provided as examples. Other examples are possible and may differ from what was described with respect to Figs. 3A and 3B.
  • Fig. 4 is a diagram illustrating an example process 400 performed, for example, by a UE, in accordance with various aspects of the present disclosure.
  • Example process 400 is an example where a UE (e.g., UE 120) performs selective barring of a frequency or area identifier identified by a reject message, or a cell via which the reject message is provided, based at least in part on whether a BS 110 associated with the cell is associated with an active security context.
  • a UE e.g., UE 120
  • process 400 may include receiving a reject message associated with an area update or attach procedure, wherein the reject message identifies at least one of a frequency or an area identifier (block 410) .
  • the UE may receive (e.g., using antenna 252, DEMOD 254, MIMO detector 256, receive processor 258, controller/processor 280, and/or the like) a reject message from a BS (e.g., BS 110 and/or the like) .
  • the reject message may be associated with an area update or attach procedure initiated by the UE.
  • the reject message may identify at least one of a frequency or area identifier.
  • the reject message may identify a TAI, a LAI, a target network identifier, and/or the like, that the UE is to bar or add to a list (e.g., a forbidden list) .
  • process 400 may include selectively barring a cell associated with a base station from which the reject message is received, or barring at least one of the frequency or the area identifier, based at least in part on whether a security context is activated with regard to the base station (block 420) .
  • the UE may selectively bar (e.g., using controller/processor 280 and/or the like) a cell associated with the base station from which the reject message is received or at least one of the frequency or the area identifier based at least in part on whether a security context is active with regard to the base station.
  • the security context is active, the UE may bar the at least one of the frequency or the area identifier.
  • the security context is not active, the UE may bar the cell associated with the base station from which the reject message is received.
  • Process 400 may include additional aspects, such as any single aspect or any combination of aspects described below.
  • the cell is barred when the security context is not activated. In some aspects, the UE may select a different cell on which to camp after barring the cell associated with the base station. In some aspects, at least one of the frequency or the area identifier is barred when the security context is activated. In some aspects, the UE may select a particular cell associated with another frequency or another area identifier on which to camp after barring the at least one of the frequency or the area identifier. In some aspects, the area update or attach procedure includes at least one of: a tracking area update, a routing area update, or a location area update.
  • barring the cell further comprises storing information identifying the cell as not to be trusted based at least in part on the security context not being activated with regard to the base station.
  • the UE may receive a release message from the base station.
  • selectively barring the cell associated with the base station or barring the at least one of the frequency or the area identifier includes selectively barring the cell associated with the base station or barring the at least one of the frequency or the area identifier after receiving the release message.
  • the UE may enter an idle state.
  • selectively barring the cell associated with the base station or barring the at least one of the frequency or the area identifier comprises selectively barring the cell associated with the base station or barring the at least one of the frequency or the area identifier after entering the idle state.
  • process 400 may include additional blocks, fewer blocks, different blocks, or differently arranged blocks than those depicted in Fig. 4. Additionally, or alternatively, two or more of the blocks of process 400 may be performed in parallel.
  • the term component is intended to be broadly construed as hardware, firmware, or a combination of hardware and software.
  • a processor is implemented in hardware, firmware, or a combination of hardware and software.
  • satisfying a threshold may refer to a value being greater than the threshold, greater than or equal to the threshold, less than the threshold, less than or equal to the threshold, equal to the threshold, not equal to the threshold, and/or the like.
  • “at least one of: a, b, or c” is intended to cover a, b, c, a-b, a-c, b-c, and a-b-c, as well as any combination with multiples of the same element (e.g., a-a, a-a-a, a-a-b, a-a-c, a-b-b, a-c-c, b-b, b-b-b, b-b-c, c-c, and c-c-c or any other ordering of a, b, and c) .

Abstract

Various aspects of the present disclosure generally relate to wireless communication. In some aspects, a user equipment may receive a reject message associated with an area update or attach procedure, wherein the reject message identifies at least one of a frequency or an area identifier; and selectively bar a cell associated with a base station from which the reject message is received, or bar at least one of the frequency or the area identifier, based at least in part on whether a security context is activated with regard to the base station. Numerous other aspects are provided.

Description

TECHNIQUES AND APPARATUSES FOR SELECTIVE TRUST OF AN AREA UPDATE REJECT MESSAGE
FIELD OF THE DISCLOSURE
Aspects of the present disclosure generally relate to wireless communication, and more particularly to techniques and apparatuses for selective trust of an area update reject message.
BACKGROUND
Wireless communication systems are widely deployed to provide various telecommunication services such as telephony, video, data, messaging, and broadcasts. Typical wireless communication systems may employ multiple-access technologies capable of supporting communication with multiple users by sharing available system resources (e.g., bandwidth, transmit power, and/or the like) . Examples of such multiple-access technologies include code division multiple access (CDMA) systems, time division multiple access (TDMA) systems, frequency-division multiple access (FDMA) systems, orthogonal frequency-division multiple access (OFDMA) systems, single-carrier frequency-division multiple access (SC-FDMA) systems, time division synchronous code division multiple access (TD-SCDMA) systems, and Long Term Evolution (LTE) . LTE/LTE-Advanced is a set of enhancements to the Universal Mobile Telecommunications System (UMTS) mobile standard promulgated by the Third Generation Partnership Project (3GPP) .
A wireless communication network may include a number of base stations (BSs) that can support communication for a number of user equipment (UEs) . A user equipment (UE) may communicate with a base station (BS) via the downlink and uplink. The downlink (or forward link) refers to the communication link from the BS to the UE,  and the uplink (or reverse link) refers to the communication link from the UE to the BS. As will be described in more detail herein, a BS may be referred to as a Node B, a gNB, an access point (AP) , a radio head, a transmit receive point (TRP) , a new radio (NR) BS, a 5G Node B, and/or the like.
The above multiple access technologies have been adopted in various telecommunication standards to provide a common protocol that enables different user equipment to communicate on a municipal, national, regional, and even global level. New radio (NR) , which may also be referred to as 5G, is a set of enhancements to the LTE mobile standard promulgated by the Third Generation Partnership Project (3GPP) . NR is designed to better support mobile broadband Internet access by improving spectral efficiency, lowering costs, improving services, making use of new spectrum, and better integrating with other open standards using orthogonal frequency division multiplexing (OFDM) with a cyclic prefix (CP) (CP-OFDM) on the downlink (DL) , using CP-OFDM and/or SC-FDM (e.g., also known as discrete Fourier transform spread OFDM (DFT-s-OFDM) ) on the uplink (UL) , as well as supporting beamforming, multiple-input multiple-output (MIMO) antenna technology, and carrier aggregation. However, as the demand for mobile broadband access continues to increase, there exists a need for further improvements in LTE and NR technologies. Preferably, these improvements should be applicable to other multiple access technologies and the telecommunication standards that employ these technologies.
SUMMARY
In some aspects, a method of wireless communication performed by a user equipment (UE) may include receiving a reject message associated with an area update or attach procedure, wherein the reject message identifies at least one of a frequency or  an area identifier; and selectively barring a cell associated with a base station from which the reject message is received, or barring at least one of the frequency or the area identifier, based at least in part on whether a security context is activated with regard to the base station.
In some aspects, a user equipment for wireless communication may include memory and one or more processors operatively coupled to the memory. The memory and the one or more processors may be configured to receive a reject message associated with an area update or attach procedure, wherein the reject message identifies at least one of a frequency or an area identifier; and selectively bar a cell associated with a base station from which the reject message is received, or bar at least one of the frequency or the area identifier, based at least in part on whether a security context is activated with regard to the base station.
In some aspects, a non-transitory computer-readable medium may store one or more instructions for wireless communication. The one or more instructions, when executed by one or more processors of a user equipment, may cause the one or more processors to receive a reject message associated with an area update or attach procedure, wherein the reject message identifies at least one of a frequency or an area identifier; and selectively bar a cell associated with a base station from which the reject message is received, or bar at least one of the frequency or the area identifier, based at least in part on whether a security context is activated with regard to the base station.
In some aspects, an apparatus for wireless communication may include means for receiving a reject message associated with an area update or attach procedure, wherein the reject message identifies at least one of a frequency or an area identifier; and means for selectively barring a cell associated with a base station from which the reject message is received, or barring at least one of the frequency or the area identifier,  based at least in part on whether a security context is activated with regard to the base station.
Aspects generally include a method, apparatus, system, computer program product, non-transitory computer-readable medium, user equipment, wireless communication device, and processing system as substantially described herein with reference to and as illustrated by the accompanying drawings and specification.
The foregoing has outlined rather broadly the features and technical advantages of examples according to the disclosure in order that the detailed description that follows may be better understood. Additional features and advantages will be described hereinafter. The conception and specific examples disclosed may be readily utilized as a basis for modifying or designing other structures for carrying out the same purposes of the present disclosure. Such equivalent constructions do not depart from the scope of the appended claims. Characteristics of the concepts disclosed herein, both their organization and method of operation, together with associated advantages will be better understood from the following description when considered in connection with the accompanying figures. Each of the figures is provided for the purpose of illustration and description, and not as a definition of the limits of the claims.
BRIEF DESCRIPTION OF THE DRAWINGS
So that the manner in which the above-recited features of the present disclosure can be understood in detail, a more particular description, briefly summarized above, may be had by reference to aspects, some of which are illustrated in the appended drawings. It is to be noted, however, that the appended drawings illustrate only certain typical aspects of this disclosure and are therefore not to be considered limiting of its scope, for the description may admit to other equally effective aspects.  The same reference numbers in different drawings may identify the same or similar elements.
Fig. 1 is a block diagram conceptually illustrating an example of a wireless communication network, in accordance with various aspects of the present disclosure.
Fig. 2 is a block diagram conceptually illustrating an example of a base station in communication with a user equipment (UE) in a wireless communication network, in accordance with various aspects of the present disclosure.
Figs. 3A and 3B are diagrams illustrating examples of performing cell reselection based at least in part on whether an area update reject message is trusted, in accordance with various aspects of the present disclosure.
Fig. 4 is a diagram illustrating an example process performed, for example, by a user equipment (UE) , in accordance with various aspects of the present disclosure.
DETAILED DESCRIPTION
Various aspects of the disclosure are described more fully hereinafter with reference to the accompanying drawings. This disclosure may, however, be embodied in many different forms and should not be construed as limited to any specific structure or function presented throughout this disclosure. Rather, these aspects are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art. Based on the teachings herein one skilled in the art should appreciate that the scope of the disclosure is intended to cover any aspect of the disclosure disclosed herein, whether implemented independently of or combined with any other aspect of the disclosure. For example, an apparatus may be implemented or a method may be practiced using any number of the aspects set forth herein. In addition, the scope of the disclosure is intended to cover such an apparatus or method  which is practiced using other structure, functionality, or structure and functionality in addition to or other than the various aspects of the disclosure set forth herein. It should be understood that any aspect of the disclosure disclosed herein may be embodied by one or more elements of a claim.
Several aspects of telecommunication systems will now be presented with reference to various apparatuses and techniques. These apparatuses and techniques will be described in the following detailed description and illustrated in the accompanying drawings by various blocks, modules, components, circuits, steps, processes, algorithms, and/or the like (collectively referred to as “elements” ) . These elements may be implemented using hardware, software, or combinations thereof. Whether such elements are implemented as hardware or software depends upon the particular application and design constraints imposed on the overall system.
It is noted that while aspects may be described herein using terminology commonly associated with 3G and/or 4G wireless technologies, aspects of the present disclosure can be applied in other generation-based communication systems, such as 5G and later, including NR technologies.
Fig. 1 is a diagram illustrating a network 100 in which aspects of the present disclosure may be practiced. The network 100 may be an LTE network or some other wireless network, such as a 5G or NR network. Wireless network 100 may include a number of BSs 110 (shown as BS 110a, BS 110b, BS 110c, and BS 110d) and other network entities. A BS is an entity that communicates with user equipment (UEs) and may also be referred to as a base station, a NR BS, a Node B, a gNB, a 5G node B (NB) , an access point, a transmit receive point (TRP) , and/or the like. Each BS may provide communication coverage for a particular geographic area. In 3GPP, the term “cell” can  refer to a coverage area of a BS and/or a BS subsystem serving this coverage area, depending on the context in which the term is used.
A BS may provide communication coverage for a macro cell, a pico cell, a femto cell, and/or another type of cell. A macro cell may cover a relatively large geographic area (e.g., several kilometers in radius) and may allow unrestricted access by UEs with service subscription. A pico cell may cover a relatively small geographic area and may allow unrestricted access by UEs with service subscription. A femto cell may cover a relatively small geographic area (e.g., a home) and may allow restricted access by UEs having association with the femto cell (e.g., UEs in a closed subscriber group (CSG) ) . A BS for a macro cell may be referred to as a macro BS. A BS for a pico cell may be referred to as a pico BS. A BS for a femto cell may be referred to as a femto BS or a home BS. In the example shown in Fig. 1, a BS 110a may be a macro BS for a macro cell 102a, a BS 110b may be a pico BS for a pico cell 102b, and a BS 110c may be a femto BS for a femto cell 102c. A BS may support one or multiple (e.g., three) cells. The terms “eNB” , “base station” , “NR BS” , “gNB” , “TRP” , “AP” , “node B” , “5G NB” , and “cell” may be used interchangeably herein.
In some aspects, a cell may not necessarily be stationary, and the geographic area of the cell may move according to the location of a mobile BS. In some aspects, the BSs may be interconnected to one another and/or to one or more other BSs or network nodes (not shown) in the access network 100 through various types of backhaul interfaces such as a direct physical connection, a virtual network, and/or the like using any suitable transport network.
Wireless network 100 may also include relay stations. A relay station is an entity that can receive a transmission of data from an upstream station (e.g., a BS or a UE) and send a transmission of the data to a downstream station (e.g., a UE or a BS) . A  relay station may also be a UE that can relay transmissions for other UEs. In the example shown in Fig. 1, a relay station 110d may communicate with macro BS 110a and a UE 120d in order to facilitate communication between BS 110a and UE 120d. A relay station may also be referred to as a relay BS, a relay base station, a relay, and/or the like.
Wireless network 100 may be a heterogeneous network that includes BSs of different types, e.g., macro BSs, pico BSs, femto BSs, relay BSs, and/or the like. These different types of BSs may have different transmit power levels, different coverage areas, and different impact on interference in wireless network 100. For example, macro BSs may have a high transmit power level (e.g., 5 to 40 Watts) whereas pico BSs, femto BSs, and relay BSs may have lower transmit power levels (e.g., 0.1 to 2 Watts) .
network controller 130 may couple to a set of BSs and may provide coordination and control for these BSs. Network controller 130 may communicate with the BSs via a backhaul. The BSs may also communicate with one another, e.g., directly or indirectly via a wireless or wireline backhaul.
UEs 120 (e.g., 120a, 120b, 120c) may be dispersed throughout wireless network 100, and each UE may be stationary or mobile. A UE may also be referred to as an access terminal, a terminal, a mobile station, a subscriber unit, a station, and/or the like. A UE may be a cellular phone (e.g., a smart phone) , a personal digital assistant (PDA) , a wireless modem, a wireless communication device, a handheld device, a laptop computer, a cordless phone, a wireless local loop (WLL) station, a tablet, a camera, a gaming device, a netbook, a smartbook, an ultrabook, medical device or equipment, biometric sensors/devices, wearable devices (smart watches, smart clothing, smart glasses, smart wrist bands, smart jewelry (e.g., smart ring, smart bracelet) ) , an entertainment device (e.g., a music or video device, or a satellite radio) , a vehicular  component or sensor, smart meters/sensors, industrial manufacturing equipment, a global positioning system device, or any other suitable device that is configured to communicate via a wireless or wired medium.
Some UEs may be considered machine-type communication (MTC) or evolved or enhanced machine-type communication (eMTC) UEs. MTC and eMTC UEs include, for example, robots, drones, remote devices, such as sensors, meters, monitors, location tags, and/or the like, that may communicate with a base station, another device (e.g., remote device) , or some other entity. A wireless node may provide, for example, connectivity for or to a network (e.g., a wide area network such as Internet or a cellular network) via a wired or wireless communication link. Some UEs may be considered Internet-of-Things (IoT) devices, and/or may be implemented as may be implemented as NB-IoT (narrowband internet of things) devices. Some UEs may be considered a Customer Premises Equipment (CPE) . UE 120 may be included inside a housing that houses components of UE 120, such as processor components, memory components, and/or the like.
In general, any number of wireless networks may be deployed in a given geographic area. Each wireless network may support a particular RAT and may operate on one or more frequencies. A RAT may also be referred to as a radio technology, an air interface, and/or the like. A frequency may also be referred to as a carrier, a frequency channel, and/or the like. Each frequency may support a single RAT in a given geographic area in order to avoid interference between wireless networks of different RATs. In some cases, NR or 5G RAT networks may be deployed.
In some aspects, two or more UEs 120 (e.g., shown as UE 120a and UE 120e) may communicate directly using one or more sidelink channels (e.g., without using a BS 110 as an intermediary to communicate with one another) . For example, the UEs  120 may communicate using peer-to-peer (P2P) communications, device-to-device (D2D) communications, a vehicle-to-everything (V2X) protocol (e.g., which may include a vehicle-to-vehicle (V2V) protocol, a vehicle-to-infrastructure (V2I) protocol, and/or the like) , a mesh network, and/or the like. In this case, the UE 120 may perform scheduling operations, resource selection operations, and/or other operations described elsewhere herein as being performed by the BS 110.
As indicated above, Fig. 1 is provided merely as an example. Other examples are possible and may differ from what was described with regard to Fig. 1.
Fig. 2 shows a block diagram of a design 200 of BS 110 and UE 120, which may be one of the base stations and one of the UEs in Fig. 1. BS 110 may be equipped with T antennas 234a through 234t, and UE 120 may be equipped with R antennas 252a through 252r, where in general T ≥ 1 and R ≥ 1.
At BS 110, a transmit processor 220 may receive data from a data source 212 for one or more UEs, select one or more modulation and coding schemes (MCS) for each UE based at least in part on channel quality indicators (CQIs) received from the UE, process (e.g., encode and modulate) the data for each UE based at least in part on the MCS (s) selected for the UE, and provide data symbols for all UEs. Transmit processor 220 may also process system information (e.g., for semi-static resource partitioning information (SRPI) and/or the like) and control information (e.g., CQI requests, grants, upper layer signaling, and/or the like) and provide overhead symbols and control symbols. Transmit processor 220 may also generate reference symbols for reference signals (e.g., the cell-specific reference signal (CRS) ) and synchronization signals (e.g., the primary synchronization signal (PSS) and secondary synchronization signal (SSS) ) . A transmit (TX) multiple-input multiple-output (MIMO) processor 230 may perform spatial processing (e.g., precoding) on the data symbols, the control  symbols, the overhead symbols, and/or the reference symbols, if applicable, and may provide T output symbol streams to T modulators (MODs) 232a through 232t. Each modulator 232 may process a respective output symbol stream (e.g., for OFDM and/or the like) to obtain an output sample stream. Each modulator 232 may further process (e.g., convert to analog, amplify, filter, and upconvert) the output sample stream to obtain a downlink signal. T downlink signals from modulators 232a through 232t may be transmitted via T antennas 234a through 234t, respectively. According to various aspects described in more detail below, the synchronization signals can be generated with location encoding to convey additional information.
At UE 120, antennas 252a through 252r may receive the downlink signals from BS 110 and/or other base stations and may provide received signals to demodulators (DEMODs) 254a through 254r, respectively. Each demodulator 254 may condition (e.g., filter, amplify, downconvert, and digitize) a received signal to obtain input samples. Each demodulator 254 may further process the input samples (e.g., for OFDM and/or the like) to obtain received symbols. A MIMO detector 256 may obtain received symbols from all R demodulators 254a through 254r, perform MIMO detection on the received symbols if applicable, and provide detected symbols. A receive processor 258 may process (e.g., demodulate and decode) the detected symbols, provide decoded data for UE 120 to a data sink 260, and provide decoded control information and system information to a controller/processor 280. A channel processor may determine reference signal received power (RSRP) , received signal strength indicator (RSSI) , reference signal received quality (RSRQ) , channel quality indicator (CQI) , and/or the like.
On the uplink, at UE 120, a transmit processor 264 may receive and process data from a data source 262 and control information (e.g., for reports comprising RSRP,  RSSI, RSRQ, CQI, and/or the like) from controller/processor 280. Transmit processor 264 may also generate reference symbols for one or more reference signals. The symbols from transmit processor 264 may be precoded by a TX MIMO processor 266 if applicable, further processed by modulators 254a through 254r (e.g., for DFT-s-OFDM, CP-OFDM, and/or the like) , and transmitted to BS 110. At BS 110, the uplink signals from UE 120 and other UEs may be received by antennas 234, processed by demodulators 232, detected by a MIMO detector 236 if applicable, and further processed by a receive processor 238 to obtain decoded data and control information sent by UE 120. Receive processor 238 may provide the decoded data to a data sink 239 and the decoded control information to controller/processor 240. BS 110 may include communication unit 244 and communicate to network controller 130 via communication unit 244. Network controller 130 may include communication unit 294, controller/processor 290, and memory 292.
In some aspects, one or more components of UE 120 may be included in a housing. Controller/processor 240 of BS 110, controller/processor 280 of UE 120, and/or any other component (s) of Fig. 2 may perform one or more techniques associated with selective trust of an area update reject message, as described in more detail elsewhere herein. For example, controller/processor 240 of BS 110, controller/processor 280 of UE 120, and/or any other component (s) of Fig. 2 may perform or direct operations of, for example, process 400 of Fig. 4 and/or other processes as described herein.  Memories  242 and 282 may store data and program codes for BS 110 and UE 120, respectively. A scheduler 246 may schedule UEs for data transmission on the downlink and/or uplink.
In some aspects, UE 120 may include means for receiving a reject message associated with an area update or attach procedure; means for selectively barring a cell  associated with a base station from which the reject message is received, or barring at least one of the frequency or the area identifier, based at least in part on whether a security context is activated with regard to the base station; means for selecting a different cell on which to camp after barring the cell associated with the base station; means for selecting a particular cell associated with another frequency or another area identifier on which to camp after barring the at least one of the frequency or the area identifier; means for storing information identifying the cell as not to be trusted based at least in part on the security context not being activated with regard to the base station; means for receiving a release message from the base station; means for entering an idle state; and/or the like. In some aspects, such means may include one or more components of UE 120 described in connection with Fig. 2.
As indicated above, Fig. 2 is provided merely as an example. Other examples are possible and may differ from what was described with regard to Fig. 2.
A UE may camp on a cell associated with (e.g., provided by) a base station, and may perform a registration procedure, such as a location area update (LAU) , a routing area update (RAU) , a tracking area update (TAU) , an attach procedure, and/or the like. The base station may accept registration of the UE, or may reject registration of the UE. In a case wherein the base station rejects registration of the UE (e.g., based at least in part on load balancing concerns, security concerns, and/or the like) , the base station may transmit a reject message to the UE identifying a frequency or area identifier of the cell (e.g., a location area identifier (LAI) , a routing area identifier (RAI) , a tracking area identifier (TAI) , etc. ) . The UE may add the frequency or area identifier to a list (e.g., a forbidden list) and may detach or decamp from the cell. In some cases, the UE may scan for a new target cell, and may again identify the cell. The UE may  scan a system information block of the cell, may determine that the cell is associated with the frequency or area identifier, and may not attempt to attach to the cell.
However, it may be inefficient for a UE to add a frequency or area identifier to a list, scan a cell associated with the frequency or area identifier, and subsequently determine not to attach to the cell. Furthermore, in some cases, not all reject messages should be trusted. For example, if a UE has not activated a security context with a particular base station, the UE may not know whether the reject message is authentic, or whether the reject message should be trusted.
Some techniques and apparatuses described herein determine whether a reject message of a base station should be trusted based at least in part on whether a security context has been activated with regard to the base station. When the security context has been activated, the UE may add a frequency or area identifier identified by the reject message to a list (e.g., a forbidden list) based at least in part on an assumption that the base station that transmitted the reject message should be trusted because of the security context being activated. When the security context has not been activated, the UE may add a frequency or cell identifier of a cell of the base station to the list (e.g., the forbidden list) on the assumption that the reject message may be malicious or misdirected. Furthermore, the UE may automatically select a different cell (e.g., when the security context is not active) or a cell associated with a different frequency or area identifier (e.g., when the security context is active) , which saves resources that would otherwise be used to rescan an original cell to which the UE was connected. In this way, security of the TAU/LAU/RAU procedure is improved and UE and/or base station resources, associated with scanning and identifying a forbidden cell, are conserved. Furthermore, security of the UE may be improved in the case wherein an untrusted cell or base station is added to the forbidden list.
Figs. 3A and 3B are diagrams illustrating examples 300 of performing cell reselection based at least in part on whether an area update reject message is trusted, in accordance with various aspects of the present disclosure. As shown in Fig. 3A, and by reference number 302, the UE 120 and the BS 110 may be associated with an not active security context. When the UE 120 and the BS 110 are associated with an active security context, the UE 120 and the BS 110 may have exchanged keys (e.g., a cipher key, an integrity key, etc. ) that may be used to sign and/or encrypt communications of the UE 120 and the BS 110. In other words, when the UE 120 and the BS 110 are associated with an active security context, communications between the UE 120 and the BS 110 may be more trustworthy than when the UE 120 and the BS 110 are not associated with an active security context.
As shown in Fig. 3A, and by reference number 304, the UE 120 may camp on a cell associated with (e.g., provided by) the BS 110. As shown by reference number 306, the UE 120 may initiate an area update or attach procedure. For example, the area update or attach procedure may include a TAU procedure, a LAU procedure, a RAU procedure, an attach procedure, and/or the like. In some aspects, the UE 120 may initiate the area update or attach procedure based at least in part on detecting a new area (e.g., a new tracking area, a new location area, a new routing area) , based at least in part on camping on the cell associated with BS 110, and/or the like.
As shown by reference number 308, the UE 120 may provide an area update or attach request. For example, and as shown, the area update or attach request may include a TAU request, a LAU request, a RAU request, an attach request, and/or the like. In some aspects, the area update or attach request may identify an area identifier or cell. For example, the UE 120 may provide information identifying the area identifier or cell for which the UE 120 is to perform the area update or attach procedure. Additionally,  or alternatively, the UE 120 may provide information identifying a selected network for which the UE 120 is to perform the area update or attach procedure.
As shown by reference number 310, the BS 110 may determine that the area update or attach request is to be rejected. For example, the BS 110 may determine that the area update or attach request is to be rejected based at least in part on load balancing, a number of UEs connected to the cell and/or the BS 110, a security condition, and/or the like.
As shown by reference number 312, the BS 110 may provide information indicating that a TAI or LAI identified by the area update or attach request is to be added to a list (e.g., a forbidden list) associated with the UE 120. In some aspects, the BS 110 may provide information indicating that a frequency associated with the cell is to be added to the list. As shown by reference number 314, the BS 110 may provide an instruction to the UE 120 to release the connection between the UE 120 and the BS 110. For example, the BS 110 may provide a release message, such as a radio resource control (RRC) release message, and/or the like. The UE 120 may release the connection with the cell associated with the BS 110 based at least in part on the release message.
As shown by reference number 316, the UE 120 may bar the cell associated with BS 110 based at least in part on the security context being not active. For example, the UE 120 may add a frequency or cell identifier associated with the cell to a list (e.g., a forbidden list, etc. ) . When the security context is not active, the UE 120 may not be able to ascertain whether the reject message provided by the BS 110 (e.g., identifying the TAI or LAI) is to be trusted or is genuine. Therefore, the UE 120 may bar the cell associated with the BS 110. Thus, security of the UE 120 may be improved.
As shown by reference number 318, the UE 120 may select a different cell on which to camp. For example, after releasing the connection with the BS 110, the UE  120 may identify a different cell (e.g., a cell that is not barred) and may camp on the different cell. In this way, the UE 120 may determine that a cell associated with the BS 110 is not to be trusted based at least in part on receiving a reject message for an area update or attach procedure without having established a security context, and may bar the cell associated with the BS 110. Thus, security of the UE 120 is improved.
Fig. 3B shows an example call flow for a scenario wherein the security context between the UE 120 and the BS 110 has been activated, as shown by reference number 320. As shown by reference number 322, the UE 120 may camp on a cell associated with the BS 110. As shown by reference number 324, the UE 120 may initiate an area update or attach procedure with the BS 110. As shown by reference number 326, the UE 120 may provide an area update or attach request, as described in more detail herein. As shown by reference number 328, the BS 110 may determine to reject the area update or attach request. As shown by reference number 330, the BS 110 may provide a reject message indicating that the UE 120 is to add a TAI or LAI associated with the target network to a list (e.g., a forbidden list) . As shown by reference number 332, the BS 110 may provide a release message to cause the UE 120 to release the connection with the BS 110.
As shown by reference number 334, the UE 120 may bar the frequency or area identifier identified by the reject message based at least in part on the security context being active. For example, the UE 120 may verify a cipher or integrity value of the reject message, and may determine that the reject message is authentic based at least in part on the cipher or integrity value being verified successfully. Accordingly, the UE 120 may trust the reject message. In some aspects, the UE 120 may add a TAI or LAI associated with the target network to information stored by or associated with the UE 120. For example, the UE 120 may store information identifying the TAI or LAI.  Additionally, or alternatively, the UE 120 may add information identifying a target network of the area update or attach procedure to the information. In this way, the UE 120 determines that the reject message is to be trusted based at least in part on the security context being active, and adds a TAI or LAI associated with the security update to the list (e.g., the forbidden list) accordingly.
As shown by reference number 336, the UE 120 may select a cell associated with a different frequency or area identifier on which to camp. For example, the UE 120 may select a selected cell (provided by the BS 110 or a different BS) that is associated with a different TAI, a different LAI, a different target network, and/or the like. The UE 120 may camp on the selected cell, and/or may perform an area update or attach procedure with regard to the selected cell. In this way, the UE 120 selectively bars a frequency or area identifier identified by a reject message, or a cell via which the reject message is provided, based at least in part on whether a BS 110 associated with the cell is associated with an active security context. Thus, security of the UE 120 is improved.
As indicated above, Figs. 3A and 3B are provided as examples. Other examples are possible and may differ from what was described with respect to Figs. 3A and 3B.
Fig. 4 is a diagram illustrating an example process 400 performed, for example, by a UE, in accordance with various aspects of the present disclosure. Example process 400 is an example where a UE (e.g., UE 120) performs selective barring of a frequency or area identifier identified by a reject message, or a cell via which the reject message is provided, based at least in part on whether a BS 110 associated with the cell is associated with an active security context.
As shown in Fig. 4, in some aspects, process 400 may include receiving a reject message associated with an area update or attach procedure, wherein the reject message identifies at least one of a frequency or an area identifier (block 410) . For example, the UE may receive (e.g., using antenna 252, DEMOD 254, MIMO detector 256, receive processor 258, controller/processor 280, and/or the like) a reject message from a BS (e.g., BS 110 and/or the like) . The reject message may be associated with an area update or attach procedure initiated by the UE. The reject message may identify at least one of a frequency or area identifier. For example, the reject message may identify a TAI, a LAI, a target network identifier, and/or the like, that the UE is to bar or add to a list (e.g., a forbidden list) .
As shown in Fig. 4, in some aspects, process 400 may include selectively barring a cell associated with a base station from which the reject message is received, or barring at least one of the frequency or the area identifier, based at least in part on whether a security context is activated with regard to the base station (block 420) . For example, the UE may selectively bar (e.g., using controller/processor 280 and/or the like) a cell associated with the base station from which the reject message is received or at least one of the frequency or the area identifier based at least in part on whether a security context is active with regard to the base station. When the security context is active, the UE may bar the at least one of the frequency or the area identifier. When the security context is not active, the UE may bar the cell associated with the base station from which the reject message is received.
Process 400 may include additional aspects, such as any single aspect or any combination of aspects described below.
In some aspects, the cell is barred when the security context is not activated. In some aspects, the UE may select a different cell on which to camp after barring the  cell associated with the base station. In some aspects, at least one of the frequency or the area identifier is barred when the security context is activated. In some aspects, the UE may select a particular cell associated with another frequency or another area identifier on which to camp after barring the at least one of the frequency or the area identifier. In some aspects, the area update or attach procedure includes at least one of: a tracking area update, a routing area update, or a location area update.
In some aspects, barring the cell further comprises storing information identifying the cell as not to be trusted based at least in part on the security context not being activated with regard to the base station. In some aspects, the UE may receive a release message from the base station. In some aspects, selectively barring the cell associated with the base station or barring the at least one of the frequency or the area identifier includes selectively barring the cell associated with the base station or barring the at least one of the frequency or the area identifier after receiving the release message. In some aspects, the UE may enter an idle state. In some aspects, selectively barring the cell associated with the base station or barring the at least one of the frequency or the area identifier comprises selectively barring the cell associated with the base station or barring the at least one of the frequency or the area identifier after entering the idle state.
Although Fig. 4 shows example blocks of process 400, in some aspects, process 400 may include additional blocks, fewer blocks, different blocks, or differently arranged blocks than those depicted in Fig. 4. Additionally, or alternatively, two or more of the blocks of process 400 may be performed in parallel.
The foregoing disclosure provides illustration and description, but is not intended to be exhaustive or to limit the aspects to the precise form disclosed. Modifications and variations are possible in light of the above disclosure or may be acquired from practice of the aspects.
As used herein, the term component is intended to be broadly construed as hardware, firmware, or a combination of hardware and software. As used herein, a processor is implemented in hardware, firmware, or a combination of hardware and software.
Some aspects are described herein in connection with thresholds. As used herein, satisfying a threshold may refer to a value being greater than the threshold, greater than or equal to the threshold, less than the threshold, less than or equal to the threshold, equal to the threshold, not equal to the threshold, and/or the like.
It will be apparent that systems and/or methods, described herein, may be implemented in different forms of hardware, firmware, or a combination of hardware and software. The actual specialized control hardware or software code used to implement these systems and/or methods is not limiting of the aspects. Thus, the operation and behavior of the systems and/or methods were described herein without reference to specific software code-it being understood that software and hardware can be designed to implement the systems and/or methods based, at least in part, on the description herein.
Even though particular combinations of features are recited in the claims and/or disclosed in the specification, these combinations are not intended to limit the disclosure of possible aspects. In fact, many of these features may be combined in ways not specifically recited in the claims and/or disclosed in the specification. Although each dependent claim listed below may directly depend on only one claim, the disclosure of possible aspects includes each dependent claim in combination with every other claim in the claim set. A phrase referring to “at least one of” a list of items refers to any combination of those items, including single members. As an example, “at least one of: a, b, or c” is intended to cover a, b, c, a-b, a-c, b-c, and a-b-c, as well as any  combination with multiples of the same element (e.g., a-a, a-a-a, a-a-b, a-a-c, a-b-b, a-c-c, b-b, b-b-b, b-b-c, c-c, and c-c-c or any other ordering of a, b, and c) .
No element, act, or instruction used herein should be construed as critical or essential unless explicitly described as such. Also, as used herein, the articles “a” and “an” are intended to include one or more items, and may be used interchangeably with “one or more. ” Furthermore, as used herein, the terms “set” and “group” are intended to include one or more items (e.g., related items, unrelated items, a combination of related and unrelated items, and/or the like) , and may be used interchangeably with “one or more. ” Where only one item is intended, the term “one” or similar language is used. Also, as used herein, the terms “has, ” “have, ” “having, ” and/or the like are intended to be open-ended terms. Further, the phrase “based on” is intended to mean “based, at least in part, on” unless explicitly stated otherwise.

Claims (36)

  1. A method of wireless communication performed by a user equipment (UE) , comprising:
    receiving a reject message associated with an area update or attach procedure, wherein the reject message identifies at least one of a frequency or an area identifier; and
    selectively barring a cell associated with a base station from which the reject message is received, or barring at least one of the frequency or the area identifier, based at least in part on whether a security context is activated with regard to the base station.
  2. The method of claim 1, wherein the cell is barred when the security context is not activated.
  3. The method of claim 1, further comprising:
    selecting a different cell on which to camp after barring the cell associated with the base station.
  4. The method of claim 1, wherein at least one of the frequency or the area identifier is barred when the security context is activated.
  5. The method of claim 1, further comprising:
    selecting a particular cell associated with another frequency or another area identifier on which to camp after barring the at least one of the frequency or the area identifier.
  6. The method of claim 1, wherein the area update or attach procedure includes at least one of:
    a tracking area update,
    a routing area update, or
    a location area update.
  7. The method of claim 1, wherein barring the cell further comprises:
    storing information identifying the cell as not to be trusted based at least in part on the security context not being activated with regard to the base station.
  8. The method of claim 1, further comprising:
    receiving a release message from the base station;
    wherein selectively barring the cell associated with the base station or barring the at least one of the frequency or the area identifier comprises:
    selectively barring the cell associated with the base station or barring the at least one of the frequency or the area identifier after receiving the release message.
  9. The method of claim 1, further comprising:
    entering an idle state;
    wherein selectively barring the cell associated with the base station or barring the at least one of the frequency or the area identifier comprises:
    selectively barring the cell associated with the base station or barring the at least one of the frequency or the area identifier after entering the idle state.
  10. A user equipment (UE) for wireless communication, comprising:
    a memory; and
    at least one processor communicatively coupled to the memory, the memory and the at least one processor to:
    receive a reject message associated with an area update or attach procedure, wherein the reject message identifies at least one of a frequency or an area identifier; and
    selectively bar a cell associated with a base station from which the reject message is received, or bar at least one of the frequency or the area identifier, based at least in part on whether a security context is activated with regard to the base station.
  11. The UE of claim 10, wherein the cell is barred when the security context is not activated.
  12. The UE of claim 10, wherein the at least one processor is further to:
    select a different cell on which to camp after barring the cell associated with the base station.
  13. The UE of claim 10, wherein at least one of the frequency or the area identifier is barred when the security context is activated.
  14. The UE of claim 10, wherein the at least one processor is further to:
    select a particular cell associated with another frequency or another area identifier on which to camp after barring the at least one of the frequency or the area identifier.
  15. The UE of claim 10, wherein the area update or attach procedure includes at least one of:
    a tracking area update,
    a routing area update, or
    a location area update.
  16. The UE of claim 10, wherein the at least one processor, when barring the cell, is further to:
    store information identifying the cell as not to be trusted based at least in part on the security context not being activated with regard to the base station.
  17. The UE of claim 10, wherein the at least one processor is further to:
    receive a release message from the base station;
    wherein the at least one processor, when selectively barring the cell associated with the base station or barring the at least one of the frequency or the area identifier, is to:
    selectively bar the cell associated with the base station or bar the at least one of the frequency or the area identifier after receiving the release message.
  18. The UE of claim 10, wherein the at least one processor is further to:
    enter an idle state;
    wherein the at least one processor, when selectively barring the cell associated with the base station or barring the at least one of the frequency or the area identifier, is to:
    selectively bar the cell associated with the base station or bar the at least one of the frequency or the area identifier after entering the idle state.
  19. A non-transitory computer-readable medium storing instructions, the instructions comprising:
    one or more instructions that, when executed by one or more processors of a user equipment (UE) , cause the one or more processors to:
    receive a reject message associated with an area update or attach procedure, wherein the reject message identifies at least one of a frequency or an area identifier; and
    selectively bar a cell associated with a base station from which the reject message is received, or bar at least one of the frequency or the area identifier, based at least in part on whether a security context is activated with regard to the base station.
  20. The non-transitory computer-readable medium of claim 19, wherein the cell is barred when the security context is not activated.
  21. The non-transitory computer-readable medium of claim 19, wherein the one or more instructions, when executed by the one or more processors, cause the one or more processors to:
    select a different cell on which to camp after barring the cell associated with the base station.
  22. The non-transitory computer-readable medium of claim 19, wherein at least one of the frequency or the area identifier is barred when the security context is activated.
  23. The non-transitory computer-readable medium of claim 19, wherein the one or more instructions, when executed by the one or more processors, cause the one or more processors to:
    select a particular cell associated with another frequency or another area identifier on which to camp after barring the at least one of the frequency or the area identifier.
  24. The non-transitory computer-readable medium of claim 19, wherein the area update or attach procedure includes at least one of:
    a tracking area update,
    a routing area update, or
    a location area update.
  25. The non-transitory computer-readable medium of claim 19, wherein the one or more instructions, that cause the one or more processors to bar the cell, further cause the one or more processors to:
    store information identifying the cell as not to be trusted based at least in part on the security context not being activated with regard to the base station.
  26. The non-transitory computer-readable medium of claim 19, wherein the one or more instructions, when executed by the one or more processors, cause the one or more processors to:
    receive a release message from the base station;
    wherein the one or more instructions, that cause the one or more processors to selectively bar the cell associated with the base station or bar the at least one of the frequency or the area identifier, further cause the one or more processors to:
    selectively bar the cell associated with the base station or bar the at least one of the frequency or the area identifier after receiving the release message.
  27. The non-transitory computer-readable medium of claim 19, wherein the one or more instructions, when executed by the one or more processors, cause the one or more processors to:
    enter an idle state;
    wherein the one or more instructions, that cause the one or more processors to selectively bar the cell associated with the base station or bar the at least one of the frequency or the area identifier, further cause the one or more processors to:
    selectively bar the cell associated with the base station or bar the at least one of the frequency or the area identifier after entering the idle state.
  28. An apparatus for wireless communication, comprising:
    means for receiving a reject message associated with an area update or attach procedure, wherein the reject message identifies at least one of a frequency or an area identifier; and
    means for selectively barring a cell associated with a base station from which the reject message is received, or barring at least one of the frequency or the area identifier, based at least in part on whether a security context is activated with regard to the base station.
  29. The apparatus of claim 28, wherein the cell is barred when the security context is not activated.
  30. The apparatus of claim 28, further comprising:
    means for selecting a different cell on which to camp after barring the cell associated with the base station.
  31. The apparatus of claim 28, wherein at least one of the frequency or the area identifier is barred when the security context is activated.
  32. The apparatus of claim 28, further comprising:
    means for selecting a particular cell associated with another frequency or another area identifier on which to camp after barring the at least one of the frequency or the area identifier.
  33. The apparatus of claim 28, wherein the area update or attach procedure includes at least one of:
    a tracking area update,
    a routing area update, or
    a location area update.
  34. The apparatus of claim 28, wherein the means for barring the cell further comprises:
    means for storing information identifying the cell as not to be trusted based at least in part on the security context not being activated with regard to the base station.
  35. The apparatus of claim 28, further comprising:
    means for receiving a release message from the base station;
    wherein the means for selectively barring the cell associated with the base station or barring the at least one of the frequency or the area identifier comprises:
    means for selectively barring the cell associated with the base station or barring the at least one of the frequency or the area identifier after receiving the release message.
  36. The apparatus of claim 28, further comprising:
    means for entering an idle state;
    wherein the means for selectively barring the cell associated with the base station or barring the at least one of the frequency or the area identifier comprises:
    means for selectively barring the cell associated with the base station or barring the at least one of the frequency or the area identifier after entering the idle state.
PCT/CN2018/074660 2018-01-31 2018-01-31 Techniques and apparatuses for selective trust of an area update reject message WO2019148339A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/CN2018/074660 WO2019148339A1 (en) 2018-01-31 2018-01-31 Techniques and apparatuses for selective trust of an area update reject message

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2018/074660 WO2019148339A1 (en) 2018-01-31 2018-01-31 Techniques and apparatuses for selective trust of an area update reject message

Publications (1)

Publication Number Publication Date
WO2019148339A1 true WO2019148339A1 (en) 2019-08-08

Family

ID=67479124

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/074660 WO2019148339A1 (en) 2018-01-31 2018-01-31 Techniques and apparatuses for selective trust of an area update reject message

Country Status (1)

Country Link
WO (1) WO2019148339A1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9125137B2 (en) * 2012-07-26 2015-09-01 Lg Electronics Inc. Method and terminal for applying an extended access barring
EP3113547A1 (en) * 2015-07-03 2017-01-04 Samsung Electronics Co., Ltd. Method of and apparatus for network access in wireless communication system supporting isolated e-utran operation for public safety
CN106792625A (en) * 2017-02-03 2017-05-31 广东欧珀移动通信有限公司 Small region search method, device and mobile terminal
CN106817715A (en) * 2015-11-27 2017-06-09 中国联合网络通信集团有限公司 Control terminal carries out the method and device of failure handling

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9125137B2 (en) * 2012-07-26 2015-09-01 Lg Electronics Inc. Method and terminal for applying an extended access barring
EP3113547A1 (en) * 2015-07-03 2017-01-04 Samsung Electronics Co., Ltd. Method of and apparatus for network access in wireless communication system supporting isolated e-utran operation for public safety
CN106817715A (en) * 2015-11-27 2017-06-09 中国联合网络通信集团有限公司 Control terminal carries out the method and device of failure handling
CN106792625A (en) * 2017-02-03 2017-05-31 广东欧珀移动通信有限公司 Small region search method, device and mobile terminal

Similar Documents

Publication Publication Date Title
EP3718344B1 (en) Techniques and apparatuses for providing system information updates in a system using bandwidth parts
EP4038973A1 (en) Standalone non-public network access
WO2021073289A1 (en) Enhanced physical uplink control channel spatial relation information in mac ce
WO2021016787A1 (en) Techniques for cell selection for dual-connectivity
WO2021016909A1 (en) Techniques for using a first subscription of a user equipment to perform idle mode operations for a second subscription of the user equipment
WO2021155571A1 (en) Uplink transmission configuration indication state signaling
US11071152B2 (en) Access barring and radio resource control connection in new radio to long-term evolution voice fallback
WO2021237547A1 (en) Attach request for disabling new radio with dual subscriber identity modules
WO2021212398A1 (en) Mobile terminated (mt) paging procedure for ip multimedia subsystem (ims) calls
WO2021226982A1 (en) Measurement report offset increase for avoiding ping-pong between long term evolution cells in non-stand-alone mode
WO2021051219A1 (en) Techniques for prioritizing manually search public land mobile network
WO2021154450A1 (en) Techniques for indicating beams for user equipment beam reporting
EP4059270A1 (en) Always-on short messages
WO2019148339A1 (en) Techniques and apparatuses for selective trust of an area update reject message
WO2022051976A1 (en) Cell selection, cell reselection, and public land mobile network (plmn) selection for shared network deployment
WO2021212395A1 (en) Restoration of data connectivity after data call failure in non-standalone network
US11924837B2 (en) Techniques for physical uplink control channel beam failure recovery reselection
WO2021212299A1 (en) Data service with dual subscriber identity modules
WO2021223202A1 (en) Restoration of data service with dual subscriber identity modules
US10667194B2 (en) Threshold-based system information on demand
WO2021243689A1 (en) Recovery from radio link failure
WO2021212452A1 (en) Restoration of data connectivity upon bearer removal after handover
WO2021237641A1 (en) Resolution of secondary cell group releases for dual subscriber identity modules
WO2021232330A1 (en) Restoration of new radio data service for dual subscriber identity modules
WO2021237683A1 (en) Resolution of radio link failure due to user equipment capability

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18904461

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18904461

Country of ref document: EP

Kind code of ref document: A1