WO2022177822A1 - Actualisation de clés d'ancrage dérivées à long terme et gestion d'identité fédérée - Google Patents

Actualisation de clés d'ancrage dérivées à long terme et gestion d'identité fédérée Download PDF

Info

Publication number
WO2022177822A1
WO2022177822A1 PCT/US2022/016135 US2022016135W WO2022177822A1 WO 2022177822 A1 WO2022177822 A1 WO 2022177822A1 US 2022016135 W US2022016135 W US 2022016135W WO 2022177822 A1 WO2022177822 A1 WO 2022177822A1
Authority
WO
WIPO (PCT)
Prior art keywords
reauthentication
kausf
ausf
authentication
message
Prior art date
Application number
PCT/US2022/016135
Other languages
English (en)
Inventor
Abhijeet Kolekar
Original Assignee
Intel Corporation
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Intel Corporation filed Critical Intel Corporation
Priority to CN202280026116.5A priority Critical patent/CN117121524A/zh
Priority to KR1020237031258A priority patent/KR20230159413A/ko
Publication of WO2022177822A1 publication Critical patent/WO2022177822A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0431Key distribution or pre-distribution; Key agreement
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • H04W12/72Subscriber identity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/02Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
    • H04W84/04Large scale networks; Deep hierarchical networks
    • H04W84/042Public Land Mobile systems, e.g. cellular systems
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/02Processing of mobility data, e.g. registration information at HLR [Home Location Register] or VLR [Visitor Location Register]; Transfer of mobility data, e.g. between HLR, VLR or external networks
    • H04W8/08Mobility data transfer
    • H04W8/12Mobility data transfer between location registers or mobility servers

Definitions

  • Various embodiments generally may relate to the field of wireless communications. For example, some embodiments may relate to refreshing long-term derived anchor keys and federated identity management.
  • Various embodiments generally may relate to the field of wireless communications.
  • Figure 1 schematically illustrates an example reauthentication procedure, in accordance with various embodiments.
  • Figure 2 schematically illustrates an alternative example reauthentication procedure, in accordance with various embodiments.
  • Figure 3 depicts an example technique related to refreshing long-term derived anchor keys and federated identity management, in accordance with various embodiments.
  • Figure 4 depicts an alternative example technique related to refreshing long-term derived anchor keys and federated identity management, in accordance with various embodiments.
  • Figure 5 schematically illustrates a wireless network in accordance with various embodiments.
  • Figure 6 schematically illustrates components of a wireless network in accordance with various embodiments.
  • Figure 7 is a block diagram illustrating components, according to some example embodiments, able to read instructions from a machine-readable or computer-readable medium (e.g., a non-transitory machine-readable storage medium) and perform any one or more of the methodologies discussed herein.
  • a machine-readable or computer-readable medium e.g., a non-transitory machine-readable storage medium
  • the third generation partnership project (3GPP) technical specification (TS) 33.501 may describe aspects of user equipement (UE)-triggered primary Authentication.
  • Authentication of the UE for example by an authentication server function (AUSF) of a home public land mobile network (HPLMN) of a UE may produce a key KAUSF that is shared between the UE and the home network (e.g., the HPLMN).
  • AUSF authentication server function
  • HPLMN home public land mobile network
  • KAUSF key that is shared between the UE and the home network (e.g., the HPLMN).
  • 5G fifth generation
  • the KAUSF may be viewed as a long-term derived key, as UEs may be attached to a network for extended times without an additional authentication and key agreement (AKA) run.
  • AKA additional authentication and key agreement
  • a home network that operates in accordance with legacy procedures and specifications may not have a mechanism for triggering the UEs reauthentication to trigger a KAUSF refresh.
  • the legacy home network detects a potential compromise of KAUSF or any other mobility failure or error condition, then the legacy home network may not be able to trigger a KAUSF refresh.
  • the concept of subsequent binding procedures to authentication may rely on a recent UE authentication.
  • Embodiments herein may relate to a mechanism to trigger re-authentication by AUSF. Specifically, embodiments herein may relate to a mechanism for sending a new "Re-authentication required" message, e.g., using a NAusf Reauthentication Request message.
  • the Nausf UEAuthentication Authenticate Request message may contain one or more of: a subscription concealed identifier (SUCI), e.g., as defined in a 3GPP TS such as 3GPP TS 33.501 and a subscription permanent identifier (SUPI), e.g., as defined in 3GPP TS 23.501.
  • SUCI subscription concealed identifier
  • 3GPP TS such as 3GPP TS 33.501
  • SUPI subscription permanent identifier
  • the security anchor function may include the SUPI in the Nausf UEAuthentication Authenticate Request message if the SEAF has a valid 5G global unique temporary identifier (5G-GUTI) and re-authenticates the UE. Otherwise, the SUCI may be included in Nausf UEAuthentication Authenticate Request.
  • 5G-GUTI 5G global unique temporary identifier
  • Specific or example SUPI/SUCI structures may be as described in the 3 GPP stage 3 protocol design. Provided below is a portion of 3GPP Technical Standard (TS) 33.501 with updates in accordance with various embodiments shown in underline.
  • the AUSF provides UE authentication service to the requester NF by Nausf UEAuthentication.
  • Nausf UEAuthentication For AKA based Authentication, this operation can be also used to recover from synchronization failure situations.
  • Clause 14.1.2 describes the Nausf UEAuthentication Authenticate service operation. The services listed here are used in procedures that are described in clause 6 of the present document.
  • Service operation name Nausf UEAuthentication authenticate.
  • 5G AKA Authentication confirmation message with RES* as described in clause 6.1.3.2 or Synchronization Failure indication and related information (e.g.
  • EAP-AKA EAP packet as described in RFC 4187 [21] and RFC 5448
  • 5G AKA authentication vector, as described in clause 6.1.3.2 or
  • EAP-AKA' EAP packet as described in RFC 4187 [21] and RFC 5448
  • Option 1 may relate to an example procedure related to reauthentication by a home network, in accordance with various embodiments. Such a procedure may relate to Figure 1.
  • Option 2 described below, may relate to an alternative example procedure related to reauthentication by a home network, in accordance with various embodiments. Such a procedure may relate to Figure 2. Additions to the potential 3GPP TS language is shown in this section by [brackets] for the purpose of discussion and explanation of this disclosure.
  • the UE is registered in 5GC via an AMF [as may be shown at element 105 of Figure 1]
  • UE performs the primary Authentication with HPLMN AUSF as per [3GPP TS] 33.501.
  • the AMF ID is stored in the UDM as part of the subscription data [as may be shown at element 110 of Figure 1]
  • the AUSF requests the re-authentication and re-authorization for the UE specified by the SUPI in the NAusf Authentication Reauthenticate message for the UE identified by the SUPI in this message.
  • This message is sent to a UDM [as may be shown at element 115 of Figure 1] ⁇
  • UDM retrieves the subscription data to get registered AMF ID and serving network name from its subscription data information and send NUDM SDM Reauthentication Request to Serving AMF [as may be shown at element 120 of Figure 1]
  • the AMF Upon receipt of the NUDM SDM Reauthenti cation Request, the AMF shall initiate a Nausf UEAuthentication Authenticate service operation [as may be shown at element 125 of Figure 1]
  • the UE is registered in 5GC via an AMF [as may be shown at element 205 of Figure 2]
  • UE performs the primary Authentication with HPLMN AUSF as per [3GPP TS] 33.501.
  • the AMF ID is stored in the UDM as part of the subscription data [as may be shown at element 210 of Figure 2]
  • AUSF decides to send a reauthentication request to Serving PLMN, then it gets the registration information for SUPI to retrieve AMF ID to send reauthentication request.
  • AUSF sends Nudm SDM Get request to the UDM [as may be shown at element 215 of Figure 2]
  • UDM retrieves the subscription data to get registered AMF ID and serving network name from its subscription data information and sends NUDM SDM Get Response message to AUSF [as may be shown at element 220 of Figure 2]
  • the AUSF Upon receipt of the NUDM SDM Reauthenti cation Request, the AUSF shall initiate a Nausf UEAuthentication ReAuthenticate service operation with AMF request reauthentication [as may be shown at element 225 of Figure 2]
  • Figure 3 depicts an example technique related to refreshing long-term derived anchor keys and federated identity management, in accordance with various embodiments. Specifically Figure 3 depicts an example technique that may be performed by an AUSF of a HPLMN of a UE in a 5G cellular network. In some embodiments, the technique may include identifying, at 305, that a KAUSF related to the UE is to be refreshed (e.g., based on a compromise of the KAUSF, a mobility failure, an error condition, etc.).
  • the technique may further include transmitting, at 310 based on the identification that the KAUSF is to be refreshed, a reauthentication request (e.g., an NAusf Authentication Reauthenticate message) to a unified data management (UDM) entity of the cellular network.
  • a reauthentication request e.g., an NAusf Authentication Reauthenticate message
  • UDM unified data management
  • the UDM may initiate, based on the reauthentication request, a reauthentication procedure related to the UE.
  • the reauthentication procedure may be related to a refresh of the KAUSF.
  • Figure 4 depicts an alternative example technique related to refreshing long-term derived anchor keys and federated identity management, in accordance with various embodiments.
  • Figure 4 depicts an example technique that may be performed by a UDM entity of a HPLMN of a UE in a 5G cellular network.
  • the technique may include identifying, at 405, a reauthentication request received from an AUSF.
  • the reauthentication request may relate to an identification, by the AUSF, that a KAUSF related to the UE is to be refreshed.
  • the technique may further include initiating, at 410 based on the reauthentication request, a reauthentication procedure related to the UE.
  • the reauthentication procedure may be related to a refresh of the KAUSF.
  • FIGS 5-7 illustrate various systems, devices, and components that may implement aspects of disclosed embodiments.
  • FIG. 5 illustrates a network 500 in accordance with various embodiments.
  • the network 500 may operate in a manner consistent with 3GPP technical specifications for LTE or 5G/NR systems.
  • 3GPP technical specifications for LTE or 5G/NR systems 3GPP technical specifications for LTE or 5G/NR systems.
  • the example embodiments are not limited in this regard and the described embodiments may apply to other networks that benefit from the principles described herein, such as future 3 GPP systems, or the like.
  • the network 500 may include a UE 502, which may include any mobile or non-mobile computing device designed to communicate with a RAN 504 via an over-the-air connection.
  • the UE 502 may be communicatively coupled with the RAN 504 by a Uu interface.
  • the UE 502 may be, but is not limited to, a smartphone, tablet computer, wearable computer device, desktop computer, laptop computer, in-vehicle infotainment, in-car entertainment device, instrument cluster, head-up display device, onboard diagnostic device, dashtop mobile equipment, mobile data terminal, electronic engine management system, electronic/engine control unit, electronic/engine control module, embedded system, sensor, microcontroller, control module, engine management system, networked appliance, machine-type communication device, M2M or D2D device, IoT device, etc.
  • the network 500 may include a plurality of UEs coupled directly with one another via a sidelink interface.
  • the UEs may be M2M/D2D devices that communicate using physical sidelink channels such as, but not limited to, PSBCH, PSDCH, PSSCH, PSCCH, PSFCH, etc.
  • the UE 502 may additionally communicate with an AP 506 via an over-the-air connection.
  • the AP 506 may manage a WLAN connection, which may serve to offload some/all network traffic from the RAN 504.
  • the connection between the UE 502 and the AP 506 may be consistent with any IEEE 802.11 protocol, wherein the AP 506 could be a wireless fidelity (Wi-Fi®) router.
  • the UE 502, RAN 504, and AP 506 may utilize cellular-WLAN aggregation (for example, LWA/LWIP). Cellular-WLAN aggregation may involve the UE 502 being configured by the RAN 504 to utilize both cellular radio resources and WLAN resources.
  • the RAN 504 may include one or more access nodes, for example, AN 508.
  • AN 508 may terminate air-interface protocols for the UE 502 by providing access stratum protocols including RRC, PDCP, RLC, MAC, and LI protocols. In this manner, the AN 508 may enable data/voice connectivity between CN 520 and the UE 502.
  • the AN 508 may be implemented in a discrete device or as one or more software entities running on server computers as part of, for example, a virtual network, which may be referred to as a CRAN or virtual baseband unit pool.
  • the AN 508 be referred to as a BS, gNB, RAN node, eNB, ng-eNB, NodeB, RSU, TRxP, TRP, etc.
  • the AN 508 may be a macrocell base station or a low power base station for providing femtocells, picocells or other like cells having smaller coverage areas, smaller user capacity, or higher bandwidth compared to macrocells.
  • the RAN 504 may be coupled with one another via an X2 interface (if the RAN 504 is an LTE RAN) or an Xn interface (if the RAN 504 is a 5G RAN).
  • the X2/Xn interfaces which may be separated into control/user plane interfaces in some embodiments, may allow the ANs to communicate information related to handovers, data/context transfers, mobility, load management, interference coordination, etc.
  • the ANs of the RAN 504 may each manage one or more cells, cell groups, component carriers, etc. to provide the UE 502 with an air interface for network access.
  • the UE 502 may be simultaneously connected with a plurality of cells provided by the same or different ANs of the RAN 504.
  • the UE 502 and RAN 504 may use carrier aggregation to allow the UE 502 to connect with a plurality of component carriers, each corresponding to a Pcell or Scell.
  • a first AN may be a master node that provides an MCG and a second AN may be secondary node that provides an SCG.
  • the first/second ANs may be any combination of eNB, gNB, ng-eNB, etc.
  • the RAN 504 may provide the air interface over a licensed spectrum or an unlicensed spectrum.
  • the nodes may use LAA, eLAA, and/or feLAA mechanisms based on CA technology with PCells/Scells.
  • the nodes Prior to accessing the unlicensed spectrum, the nodes may perform medium/carrier-sensing operations based on, for example, a listen-before-talk (LBT) protocol.
  • LBT listen-before-talk
  • the UE 502 or AN 508 may be or act as a RSU, which may refer to any transportation infrastructure entity used for V2X communications.
  • An RSU may be implemented in or by a suitable AN or a stationary (or relatively stationary) UE.
  • An RSU implemented in or by: a UE may be referred to as a “UE-type RSU”; an eNB may be referred to as an “eNB-type RSU”; a gNB may be referred to as a “gNB-type RSU”; and the like.
  • an RSU is a computing device coupled with radio frequency circuitry located on a roadside that provides connectivity support to passing vehicle UEs.
  • the RSU may also include internal data storage circuitry to store intersection map geometry, traffic statistics, media, as well as applications/software to sense and control ongoing vehicular and pedestrian traffic.
  • the RSU may provide very low latency communications required for high speed events, such as crash avoidance, traffic warnings, and the like. Additionally or alternatively, the RSU may provide other cellular/WLAN communications services.
  • the components of the RSU may be packaged in a weatherproof enclosure suitable for outdoor installation, and may include a network interface controller to provide a wired connection (e.g., Ethernet) to a traffic signal controller or a backhaul network.
  • the RAN 504 may be an LTE RAN 510 with eNBs, for example, eNB 512.
  • the LTE RAN 510 may provide an LTE air interface with the following characteristics: SCS of 15 kHz; CP-OFDM waveform for DL and SC-FDMA waveform for UL; turbo codes for data and TBCC for control; etc.
  • the LTE air interface may rely on CSI-RS for CSI acquisition and beam management; PDSCH/PDCCH DMRS for PDSCH/PDCCH demodulation; and CRS for cell search and initial acquisition, channel quality measurements, and channel estimation for coherent demodulation/detection at the UE.
  • the LTE air interface may operating on sub-6 GHz bands.
  • the RAN 504 may be an NG-RAN 514 with gNBs, for example, gNB 516, or ng-eNBs, for example, ng-eNB 518.
  • the gNB 516 may connect with 5G-enabled UEs using a 5G NR interface.
  • the gNB 516 may connect with a 5G core through an NG interface, which may include an N2 interface or an N3 interface.
  • the ng-eNB 518 may also connect with the 5G core through an NG interface, but may connect with a UE via an LTE air interface.
  • the gNB 516 and the ng-eNB 518 may connect with each other over an Xn interface.
  • the NG interface may be split into two parts, an NG user plane (NG-U) interface, which carries traffic data between the nodes of the NG-RAN 514 and a UPF 548 (e.g., N3 interface), and an NG control plane (NG-C) interface, which is a signaling interface between the nodes of the NG-RAN514 and an AMF 544 (e.g., N2 interface).
  • NG-U NG user plane
  • N-C NG control plane
  • the NG-RAN 514 may provide a 5G-NR air interface with the following characteristics: variable SCS; CP-OFDM for DL, CP-OFDM and DFT-s-OFDM for UL; polar, repetition, simplex, and Reed-Muller codes for control and LDPC for data.
  • the 5G-NR air interface may rely on CSI-RS, PDSCH/PDCCH DMRS similar to the LTE air interface.
  • the 5G-NR air interface may not use a CRS, but may use PBCH DMRS for PBCH demodulation; PTRS for phase tracking for PDSCH; and tracking reference signal for time tracking.
  • the 5G-NR air interface may operating on FR1 bands that include sub-6 GHz bands or FR2 bands that include bands from 24.25 GHz to 52.6 GHz.
  • the 5G-NR air interface may include an SSB that is an area of a downlink resource grid that includes PSS/SSS/PBCH.
  • the 5G-NR air interface may utilize BWPs for various purposes.
  • BWP can be used for dynamic adaptation of the SCS.
  • the UE 502 can be configured with multiple BWPs where each BWP configuration has a different SCS. When a BWP change is indicated to the UE 502, the SCS of the transmission is changed as well.
  • Another use case example of BWP is related to power saving.
  • multiple BWPs can be configured for the UE 502 with different amount of frequency resources (for example, PRBs) to support data transmission under different traffic loading scenarios.
  • a BWP containing a smaller number of PRBs can be used for data transmission with small traffic load while allowing power saving at the UE 502 and in some cases at the gNB 516.
  • a BWP containing a larger number of PRBs can be used for scenarios with higher traffic load.
  • the RAN 504 is communicatively coupled to CN 520 that includes network elements to provide various functions to support data and telecommunications services to customers/subscribers (for example, users of UE 502).
  • the components of the CN 520 may be implemented in one physical node or separate physical nodes.
  • NFV may be utilized to virtualize any or all of the functions provided by the network elements of the CN 520 onto physical compute/storage resources in servers, switches, etc.
  • a logical instantiation of the CN 520 may be referred to as a network slice, and a logical instantiation of a portion of the CN 520 may be referred to as a network sub-slice.
  • the CN 520 may be an LTE CN 522, which may also be referred to as an EPC.
  • the LTE CN 522 may include MME 524, SGW 526, SGSN 528, HSS 530, PGW 532, and PCRF 534 coupled with one another over interfaces (or “reference points”) as shown. Functions of the elements of the LTE CN 522 may be briefly introduced as follows.
  • the MME 524 may implement mobility management functions to track a current location of the UE 502 to facilitate paging, bearer activation/deactivation, handovers, gateway selection, authentication, etc.
  • the SGW 526 may terminate an SI interface toward the RAN and route data packets between the RAN and the LTE CN 522.
  • the SGW 526 may be a local mobility anchor point for inter-RAN node handovers and also may provide an anchor for inter-3GPP mobility. Other responsibilities may include lawful intercept, charging, and some policy enforcement.
  • the SGSN 528 may track a location of the UE 502 and perform security functions and access control. In addition, the SGSN 528 may perform inter-EPC node signaling for mobility between different RAT networks; PDN and S-GW selection as specified by MME 524; MME selection for handovers; etc.
  • the S3 reference point between the MME 524 and the SGSN 528 may enable user and bearer information exchange for inter-3 GPP access network mobility in idle/active states.
  • the HSS 530 may include a database for network users, including subscription-related information to support the network entities’ handling of communication sessions.
  • the HSS 530 can provide support for routing/roaming, authentication, authorization, naming/addressing resolution, location dependencies, etc.
  • An S6a reference point between the HSS 530 and the MME 524 may enable transfer of subscription and authentication data for authenticating/authorizing user access to the LTE CN 520.
  • the PGW 532 may terminate an SGi interface toward a data network (DN) 536 that may include an application/content server 538.
  • the PGW 532 may route data packets between the LTE CN 522 and the data network 536.
  • the PGW 532 may be coupled with the SGW 526 by an S5 reference point to facilitate user plane tunneling and tunnel management.
  • the PGW 532 may further include a node for policy enforcement and charging data collection (for example, PCEF).
  • the SGi reference point between the PGW 532 and the data network 5 36 may be an operator external public, a private PDN, or an intra-operator packet data network, for example, for provision of IMS services.
  • the PGW 532 may be coupled with a PCRF 534 via a Gx reference point.
  • the PCRF 534 is the policy and charging control element of the LTE CN 522.
  • the PCRF 534 may be communicatively coupled to the app/content server 538 to determine appropriate QoS and charging parameters for service flows.
  • the PCRF 532 may provision associated rules into a PCEF (via Gx reference point) with appropriate TFT and QCI.
  • the CN 520 may be a 5GC 540.
  • the 5GC 540 may include an AUSF 542, AMF 544, SMF 546, UPF 548, NSSF 550, NEF 552, NRF 554, PCF 556, UDM 558, and AF 560 coupled with one another over interfaces (or “reference points”) as shown.
  • Functions of the elements of the 5GC 540 may be briefly introduced as follows.
  • the AUSF 542 may store data for authentication of UE 502 and handle authentication- related functionality.
  • the AUSF 542 may facilitate a common authentication framework for various access types.
  • the AUSF 542 may exhibit an Nausf service-based interface.
  • the AMF 544 may allow other functions of the 5GC 540 to communicate with the UE 502 and the RAN 504 and to subscribe to notifications about mobility events with respect to the UE 502.
  • the AMF 544 may be responsible for registration management (for example, for registering UE 502), connection management, reachability management, mobility management, lawful interception of AMF -related events, and access authentication and authorization.
  • the AMF 544 may provide transport for SM messages between the UE 502 and the SMF 546, and act as a transparent proxy for routing SM messages.
  • AMF 544 may also provide transport for SMS messages between UE 502 and an SMSF.
  • AMF 544 may interact with the AUSF 542 and the UE 502 to perform various security anchor and context management functions.
  • AMF 544 may be a termination point of a RAN CP interface, which may include or be an N2 reference point between the RAN 504 and the AMF 544; and the AMF 544 may be a termination point of NAS (Nl) signaling, and perform NAS ciphering and integrity protection.
  • AMF 544 may also support NAS signaling with the UE 502 over an N3 IWF interface.
  • the SMF 546 may be responsible for SM (for example, session establishment, tunnel management between UPF 548 and AN 508); UE IP address allocation and management (including optional authorization); selection and control of UP function; configuring traffic steering at UPF 548 to route traffic to proper destination; termination of interfaces toward policy control functions; controlling part of policy enforcement, charging, and QoS; lawful intercept (for SM events and interface to LI system); termination of SM parts of NAS messages; downlink data notification; initiating AN specific SM information, sent via AMF 544 over N2 to AN 508; and determining SSC mode of a session.
  • SM may refer to management of a PDU session, and a PDU session or “session” may refer to a PDU connectivity service that provides or enables the exchange of PDUs between the UE 502 and the data network 536.
  • the UPF 548 may act as an anchor point for intra-RAT and inter-RAT mobility, an external PDU session point of interconnect to data network 536, and a branching point to support multi-homed PDU session.
  • the UPF 548 may also perform packet routing and forwarding, perform packet inspection, enforce the user plane part of policy rules, lawfully intercept packets (UP collection), perform traffic usage reporting, perform QoS handling for a user plane (e.g., packet filtering, gating, UL/DL rate enforcement), perform uplink traffic verification (e.g., SDF- to-QoS flow mapping), transport level packet marking in the uplink and downlink, and perform downlink packet buffering and downlink data notification triggering.
  • UPF 548 may include an uplink classifier to support routing traffic flows to a data network.
  • the NSSF 550 may select a set of network slice instances serving the UE 502.
  • the NSSF 550 may also determine allowed NSSAI and the mapping to the subscribed S-NSSAIs, if needed.
  • the NSSF 550 may also determine the AMF set to be used to serve the UE 502, or a list of candidate AMFs based on a suitable configuration and possibly by querying the NRF 554.
  • the selection of a set of network slice instances for the UE 502 may be triggered by the AMF 544 with which the UE 502 is registered by interacting with the NSSF 550, which may lead to a change of AMF.
  • the NSSF 550 may interact with the AMF 544 via an N22 reference point; and may communicate with another NSSF in a visited network via an N31 reference point (not shown). Additionally, the NSSF 550 may exhibit an Nnssf service-based interface.
  • the NEF 552 may securely expose services and capabilities provided by 3 GPP network functions for third party, internal exposure/re-exposure, AFs (e.g., AF 560), edge computing or fog computing systems, etc.
  • the NEF 552 may authenticate, authorize, or throttle the AFs.
  • NEF 552 may also translate information exchanged with the AF 560 and information exchanged with internal network functions. For example, the NEF 552 may translate between an AF-Service-Identifier and an internal 5GC information.
  • NEF 552 may also receive information from other NFs based on exposed capabilities of other NFs. This information may be stored at the NEF 552 as structured data, or at a data storage NF using standardized interfaces. The stored information can then be re-exposed by the NEF 552 to other NFs and AFs, or used for other purposes such as analytics. Additionally, the NEF 552 may exhibit an Nnef service-based interface.
  • the NRF 554 may support service discovery functions, receive NF discovery requests from NF instances, and provide the information of the discovered NF instances to the NF instances. NRF 554 also maintains information of available NF instances and their supported services. As used herein, the terms “instantiate,” “instantiation,” and the like may refer to the creation of an instance, and an “instance” may refer to a concrete occurrence of an object, which may occur, for example, during execution of program code. Additionally, the NRF 554 may exhibit the Nnrf service-based interface.
  • the PCF 556 may provide policy rules to control plane functions to enforce them, and may also support unified policy framework to govern network behavior.
  • the PCF 556 may also implement a front end to access subscription information relevant for policy decisions in a UDR of the UDM 558.
  • the PCF 556 exhibit an Npcf service-based interface.
  • the UDM 558 may handle subscription-related information to support the network entities’ handling of communication sessions, and may store subscription data of UE 502. For example, subscription data may be communicated via an N8 reference point between the UDM 558 and the AMF 544.
  • the UDM 558 may include two parts, an application front end and a UDR.
  • the UDR may store subscription data and policy data for the UDM 558 and the PCF 556, and/or structured data for exposure and application data (including PFDs for application detection, application request information for multiple UEs 502) for the NEF 552.
  • the Nudr service-based interface may be exhibited by the UDR 221 to allow the UDM 558, PCF 556, and NEF 552 to access a particular set of the stored data, as well as to read, update (e.g., add, modify), delete, and subscribe to notification of relevant data changes in the UDR.
  • the UDM may include a UDM- FE, which is in charge of processing credentials, location management, subscription management and so on. Several different front ends may serve the same user in different transactions.
  • the UDM-FE accesses subscription information stored in the UDR and performs authentication credential processing, user identification handling, access authorization, registration/mobility management, and subscription management.
  • the UDM 558 may exhibit the Nudm service-based interface.
  • the AF 560 may provide application influence on traffic routing, provide access to NEF, and interact with the policy framework for policy control.
  • the 5GC 540 may enable edge computing by selecting operator/3 rd party services to be geographically close to a point that the UE 502 is attached to the network. This may reduce latency and load on the network.
  • the 5GC 540 may select a UPF 548 close to the UE 502 and execute traffic steering from the UPF 548 to data network 536 via the N6 interface. This may be based on the UE subscription data, UE location, and information provided by the AF 560. In this way, the AF 560 may influence UPF (re)selection and traffic routing.
  • the network operator may permit AF 560 to interact directly with relevant NFs. Additionally, the AF 560 may exhibit an Naf service-based interface.
  • the data network 536 may represent various network operator services, Internet access, or third party services that may be provided by one or more servers including, for example, application/content server 538.
  • FIG. 6 schematically illustrates a wireless network 600 in accordance with various embodiments.
  • the wireless network 600 may include a UE 602 in wireless communication with an AN 604.
  • the UE 602 and AN 604 may be similar to, and substantially interchangeable with, like-named components described elsewhere herein.
  • the UE 602 may be communicatively coupled with the AN 604 via connection 606.
  • the connection 606 is illustrated as an air interface to enable communicative coupling, and can be consistent with cellular communications protocols such as an LTE protocol or a 5G NR protocol operating at mmWave or sub-6GHz frequencies.
  • the UE 602 may include a host platform 608 coupled with a modem platform 610.
  • the host platform 608 may include application processing circuitry 612, which may be coupled with protocol processing circuitry 614 of the modem platform 610.
  • the application processing circuitry 612 may run various applications for the UE 602 that source/sink application data.
  • the application processing circuitry 612 may further implement one or more layer operations to transmit/receive application data to/from a data network. These layer operations may include transport (for example UDP) and Internet (for example, IP) operations
  • the protocol processing circuitry 614 may implement one or more of layer operations to facilitate transmission or reception of data over the connection 606.
  • the layer operations implemented by the protocol processing circuitry 614 may include, for example, MAC, RLC, PDCP, RRC and NAS operations.
  • the modem platform 610 may further include digital baseband circuitry 616 that may implement one or more layer operations that are “below” layer operations performed by the protocol processing circuitry 614 in a network protocol stack. These operations may include, for example, PHY operations including one or more of HARQ-ACK functions, scrambling/descrambling, encoding/decoding, layer mapping/de-mapping, modulation symbol mapping, received symbol/bit metric determination, multi-antenna port precoding/decoding, which may include one or more of space-time, space-frequency or spatial coding, reference signal generation/detection, preamble sequence generation and/or decoding, synchronization sequence generation/detection, control channel signal blind decoding, and other related functions.
  • PHY operations including one or more of HARQ-ACK functions, scrambling/descrambling, encoding/decoding, layer mapping/de-mapping, modulation symbol mapping, received symbol/bit metric determination, multi-antenna port precoding/decoding, which may
  • the modem platform 610 may further include transmit circuitry 618, receive circuitry 620, RF circuitry 622, and RF front end (RFFE) 624, which may include or connect to one or more antenna panels 626.
  • the transmit circuitry 618 may include a digital -to-analog converter, mixer, intermediate frequency (IF) components, etc.
  • the receive circuitry 620 may include an analog-to-digital converter, mixer, IF components, etc.
  • the RF circuitry 622 may include a low-noise amplifier, a power amplifier, power tracking components, etc.
  • RFFE 624 may include filters (for example, surface/bulk acoustic wave filters), switches, antenna tuners, beamforming components (for example, phase-array antenna components), etc.
  • transmit/receive components may be specific to details of a specific implementation such as, for example, whether communication is TDM or FDM, in mmWave or sub-6 gHz frequencies, etc.
  • the transmit/receive components may be arranged in multiple parallel transmit/receive chains, may be disposed in the same or different chips/modules, etc.
  • the protocol processing circuitry 614 may include one or more instances of control circuitry (not shown) to provide control functions for the transmit/receive components.
  • a UE reception may be established by and via the antenna panels 626, RFFE 624, RF circuitry 622, receive circuitry 620, digital baseband circuitry 616, and protocol processing circuitry 614.
  • the antenna panels 626 may receive a transmission from the AN 604 by receive-beamforming signals received by a plurality of antennas/antenna elements of the one or more antenna panels 626.
  • a UE transmission may be established by and via the protocol processing circuitry 614, digital baseband circuitry 616, transmit circuitry 618, RF circuitry 622, RFFE 624, and antenna panels 626.
  • the transmit components of the UE 604 may apply a spatial filter to the data to be transmitted to form a transmit beam emitted by the antenna elements of the antenna panels 626.
  • the AN 604 may include a host platform 628 coupled with a modem platform 630.
  • the host platform 628 may include application processing circuitry 632 coupled with protocol processing circuitry 634 of the modem platform 630.
  • the modem platform may further include digital baseband circuitry 636, transmit circuitry 638, receive circuitry 640, RF circuitry 642, RFFE circuitry 644, and antenna panels 646.
  • the components of the AN 604 may be similar to and substantially interchangeable with like-named components of the UE 602.
  • the components of the AN 608 may perform various logical functions that include, for example, RNC functions such as radio bearer management, uplink and downlink dynamic radio resource management, and data packet scheduling.
  • Figure 7 is a block diagram illustrating components, according to some example embodiments, able to read instructions from a machine-readable or computer-readable medium (e.g., a non-transitory machine-readable storage medium) and perform any one or more of the methodologies discussed herein.
  • Figure 7 shows a diagrammatic representation of hardware resources 700 including one or more processors (or processor cores) 710, one or more memory/storage devices 720, and one or more communication resources 730, each of which may be communicatively coupled via a bus 740 or other interface circuitry.
  • a hypervisor 702 may be executed to provide an execution environment for one or more network slices/sub-slices to utilize the hardware resources 700.
  • the processors 710 may include, for example, a processor 712 and a processor 714.
  • the processors 710 may be, for example, a central processing unit (CPU), a reduced instruction set computing (RISC) processor, a complex instruction set computing (CISC) processor, a graphics processing unit (GPU), a DSP such as a baseband processor, an ASIC, an FPGA, a radio-frequency integrated circuit (RFIC), another processor (including those discussed herein), or any suitable combination thereof.
  • CPU central processing unit
  • RISC reduced instruction set computing
  • CISC complex instruction set computing
  • GPU graphics processing unit
  • DSP such as a baseband processor, an ASIC, an FPGA, a radio-frequency integrated circuit (RFIC), another processor (including those discussed herein), or any suitable combination thereof.
  • the memory/storage devices 720 may include main memory, disk storage, or any suitable combination thereof.
  • the memory/storage devices 720 may include, but are not limited to, any type of volatile, non-volatile, or semi-volatile memory such as dynamic random access memory (DRAM), static random access memory (SRAM), erasable programmable read-only memory (EPROM), electrically erasable programmable read-only memory (EEPROM), Flash memory, solid-state storage, etc.
  • DRAM dynamic random access memory
  • SRAM static random access memory
  • EPROM erasable programmable read-only memory
  • EEPROM electrically erasable programmable read-only memory
  • Flash memory solid-state storage, etc.
  • the communication resources 730 may include interconnection or network interface controllers, components, or other suitable devices to communicate with one or more peripheral devices 704 or one or more databases 706 or other network elements via a network 708.
  • the communication resources 730 may include wired communication components (e.g., for coupling via USB, Ethernet, etc.), cellular communication components, NFC components, Bluetooth® (or Bluetooth® Low Energy) components, Wi-Fi® components, and other communication components.
  • Instructions 750 may comprise software, a program, an application, an applet, an app, or other executable code for causing at least any of the processors 710 to perform any one or more of the methodologies discussed herein.
  • the instructions 750 may reside, completely or partially, within at least one of the processors 710 (e.g., within the processor’s cache memory), the memory/storage devices 720, or any suitable combination thereof.
  • any portion of the instructions 750 may be transferred to the hardware resources 700 from any combination of the peripheral devices 704 or the databases 706. Accordingly, the memory of processors 710, the memory/storage devices 720, the peripheral devices 704, and the databases 706 are examples of computer-readable and machine-readable media.
  • At least one of the components set forth in one or more of the preceding figures may be configured to perform one or more operations, techniques, processes, and/or methods as set forth in the example section below.
  • the baseband circuitry as described above in connection with one or more of the preceding figures may be configured to operate in accordance with one or more of the examples set forth below.
  • circuitry associated with a UE, base station, network element, etc. as described above in connection with one or more of the preceding figures may be configured to operate in accordance with one or more of the examples set forth below in the example section.
  • Example 1 may include a method to start a HPLMN controlled reauthentication procedure with UE using VPLMN.
  • Example 2 may include the method of example 1 and/or some other example herein, wherein AUSF will decide to send a Reauthentication request to VPLMN AMF.
  • Example 3 may include the method of example 1 and/or some other example herein, where UDM will decide to send reauthentication based on conditions if the UDM received NAU SF Authentication Reauthenticate Request.
  • Example 4 may include the method of which VPMN AMF shall initiate a Nausf UEAuthentication Authenticate service operation authentication procedure on behalf of UE.
  • Example 5 may include the method by which HPLMN network sends a capability bit during primary Authentication or broadcast over SRB indicating the Reauthentication supported.
  • Example 6 may include a method of an AUSF, the method comprising: determining that reauthentication of a UE is needed; and sending, based on the determination, a reauthentication request to an AMF of a VPLMN.
  • Example 7 includes a method to be performed by an authentication server function (AUSF) of a home public land mobile network (HPLMN) of a user equipment (UE) in a fifth generation (5G) cellular network, wherein the method comprises: identifying, by the AUSF, that an AUSF-related key (KAUSF) related to the UE is to be refreshed; and transmitting, by the AUSF based on the identification that the KAUSF is to be refreshed, a reauthentication request to a unified data management (UDM) entity of the cellular network; wherein the UDM is to initiate, based on the reauthentication request, a reauthentication procedure related to the UE, wherein the reauthentication procedure is related to a refresh of the KAUSF.
  • AUSF authentication server function
  • HPLMN home public land mobile network
  • UE user equipment
  • 5G fifth generation
  • Example 8 includes the method of example 7, and/or some other example herein, wherein the reauthentication procedure includes generation of a second KAUSF and authentication of the UE based on the second KAUSF.
  • Example 9 includes the method of example 8, and/or some other example herein, wherein the reauthentication procedure relates to authentication, based on the second KAUSF, of the UE to a visited public land mobile network (VPLMN) to which the UE is registered.
  • VPN visited public land mobile network
  • Example 10 includes the method of any of examples 7-9, and/or some other example herein, wherein the AUSF is to identify that the KAUSFIS to be refreshed based on identification of a compromise of the KAUSF, identification of a mobility failure, or identification of an error condition related to the KAUSF.
  • Example 11 includes the method of any of examples 7-10, and/or some other example herein, wherein the reauthentication request is a NAusf Authentication Reauthenticate message that includes a subscription permanent identifier (SUPI) with an indication of the UE.
  • SUPI subscription permanent identifier
  • Example 12 includes the method of example 11, and/or some other example herein, wherein the UDM is to initiate the reauthentication procedure by providing a reauthentication message to an access and mobility management function (AMF) of a visited public land mobile network (VPLMN) to which the UE is registered.
  • AMF access and mobility management function
  • VPN visited public land mobile network
  • Example 13 includes the method of example 12, and/or some other example herein, wherein the reauthentication message is a Nudm SDM Reauthenti cation message.
  • Example 14 includes the method of any of examples 7-13, and/or some other example herein, wherein the reauthentication request is a Nudm SDM Get request message that includes a subscription permanent identifier (SUPI) with an indication of the UE.
  • SUPI subscription permanent identifier
  • Example 15 includes the method of example 14, and/or some other example herein, wherein the UDM is to initiate the reauthentication procedure by providing a Nudm SDM Get Response to the AUSF, wherein the Nudm SDM Get Response includes an indication of an access and mobility management function (AMF) of a visited public land mobile network (VPLMN) to which the UE is registered.
  • AMF access and mobility management function
  • VPN visited public land mobile network
  • Example 16 includes the method of example 15, and/or some other example herein, further comprising sending, by the AUSF, an NAusf Authentication Reauthenticate message to the VPLMN AMF, wherein the NAusf_Authentication_Reauthenticate message includes the SUPI.
  • Example 17 includes a method to be performed by a unified data management (UDM) entity of a home public land mobile network (HPLMN) of a user equipment (UE) in a fifth generation (5G) cellular network, wherein the method comprises: identifying, by the UDM, a reauthentication request received from an authentication server function (AUSF), wherein the reauthentication request relates to an identification, by the AUSF, that an AUSF -related key (KAUSF) related to the UE is to be refreshed; and initiating, by the UDM based on the reauthentication request, a reauthentication procedure related to the UE, wherein the reauthentication procedure is related to a refresh of the KAUSF.
  • UDM unified data management
  • HPLMN home public land mobile network
  • UE user equipment
  • 5G fifth generation
  • Example 18 includes the method of example 17, and/or some other example herein, wherein the reauthentication procedure includes generation of a second KAUSF and authentication of the UE based on the second KAUSF.
  • Example 19 includes the method of example 18, and/or some other example herein, wherein the reauthentication procedure relates to authentication, based on the second KAUSF, of the UE to a visited public land mobile network (VPLMN) to which the UE is registered.
  • VPN visited public land mobile network
  • Example 20 includes the method of any of examples 17-19, and/or some other example herein, wherein the AUSF is to identify that the KAUSF is to be refreshed based on identification of a compromise of the KAUSF, identification of a mobility failure, or identification of an error condition related to the KAUSF.
  • Example 21 includes the method of any of examples 17-20, and/or some other example herein, wherein the reauthentication request is a NAusf Authentication Reauthenticate message that includes a subscription permanent identifier (SUPI) with an indication of the UE.
  • SUPI subscription permanent identifier
  • Example 22 includes the method of example 21, and/or some other example herein, wherein the UDM is to initiate the reauthentication procedure by providing a reauthentication message to an access and mobility management function (AMF) of a visited public land mobile network (VPLMN) to which the UE is registered.
  • AMF access and mobility management function
  • VPN visited public land mobile network
  • Example 23 includes the method of example 22, and/or some other example herein, wherein the reauthentication message is a Nudm SDM Reauthenti cation message.
  • Example 24 includes the method of any of examples 17-23, and/or some other example herein, wherein the reauthentication request is a Nudm SDM Get request message that includes a subscription permanent identifier (SUPI) with an indication of the UE.
  • SUPI subscription permanent identifier
  • Example 25 includes the method of example 24, and/or some other example herein, wherein the UDM is to initiate the reauthentication procedure by providing a Nudm SDM Get Response to the AUSF, wherein the Nudm SDM Get Response includes an indication of an access and mobility management function (AMF) of a visited public land mobile network (VPLMN) to which the UE is registered.
  • AMF access and mobility management function
  • VPN visited public land mobile network
  • Example 26 includes the method of example 24, and/or some other example herein, further comprising sending, by the AUSF, an NAusf Authentication Reauthenticate message to the VPLMN AMF, wherein the NAusf_Authentication_Reauthenticate message includes the SUPI.
  • Example Z01 may include an apparatus comprising means to perform one or more elements of a method described in or related to any of examples 1-26, or any other method or process described herein.
  • Example Z02 may include one or more non-transitory computer-readable media comprising instructions to cause an electronic device, upon execution of the instructions by one or more processors of the electronic device, to perform one or more elements of a method described in or related to any of examples 1-26, or any other method or process described herein.
  • Example Z03 may include an apparatus comprising logic, modules, or circuitry to perform one or more elements of a method described in or related to any of examples 1-26, or any other method or process described herein.
  • Example Z04 may include a method, technique, or process as described in or related to any of examples 1-26, or portions or parts thereof.
  • Example Z05 may include an apparatus comprising: one or more processors and one or more computer-readable media comprising instructions that, when executed by the one or more processors, cause the one or more processors to perform the method, techniques, or process as described in or related to any of examples 1-26, or portions thereof.
  • Example Z06 may include a signal as described in or related to any of examples 1-26, or portions or parts thereof.
  • Example Z07 may include a datagram, packet, frame, segment, protocol data unit (PDU), or message as described in or related to any of examples 1-26, or portions or parts thereof, or otherwise described in the present disclosure.
  • PDU protocol data unit
  • Example Z08 may include a signal encoded with data as described in or related to any of examples 1-26, or portions or parts thereof, or otherwise described in the present disclosure.
  • Example Z09 may include a signal encoded with a datagram, packet, frame, segment, protocol data unit (PDU), or message as described in or related to any of examples 1-26, or portions or parts thereof, or otherwise described in the present disclosure.
  • PDU protocol data unit
  • Example Z10 may include an electromagnetic signal carrying computer-readable instructions, wherein execution of the computer-readable instructions by one or more processors is to cause the one or more processors to perform the method, techniques, or process as described in or related to any of examples 1-26, or portions thereof.
  • Example Z11 may include a computer program comprising instructions, wherein execution of the program by a processing element is to cause the processing element to carry out the method, techniques, or process as described in or related to any of examples 1-26, or portions thereof.
  • Example Z12 may include a signal in a wireless network as shown and described herein.
  • Example Z13 may include a method of communicating in a wireless network as shown and described herein.
  • Example Z14 may include a system for providing wireless communication as shown and described herein.
  • Example Z15 may include a device for providing wireless communication as shown and described herein. Any of the above-described examples may be combined with any other example (or combination of examples), unless explicitly stated otherwise.
  • the foregoing description of one or more implementations provides illustration and description, but is not intended to be exhaustive or to limit the scope of embodiments to the precise form disclosed. Modifications and variations are possible in light of the above teachings or may be acquired from practice of various embodiments.
  • circuitry refers to, is part of, or includes hardware components such as an electronic circuit, a logic circuit, a processor (shared, dedicated, or group) and/or memory (shared, dedicated, or group), an Application Specific Integrated Circuit (ASIC), a field-programmable device (FPD) (e.g., a field-programmable gate array (FPGA), a programmable logic device (PLD), a complex PLD (CPLD), a high-capacity PLD (HCPLD), a structured ASIC, or a programmable SoC), digital signal processors (DSPs), etc., that are configured to provide the described functionality.
  • FPD field-programmable device
  • FPGA field-programmable gate array
  • PLD programmable logic device
  • CPLD complex PLD
  • HPLD high-capacity PLD
  • DSPs digital signal processors
  • the circuitry may execute one or more software or firmware programs to provide at least some of the described functionality.
  • the term “circuitry” may also refer to a combination of one or more hardware elements (or a combination of circuits used in an electrical or electronic system) with the program code used to carry out the functionality of that program code. In these embodiments, the combination of hardware elements and program code may be referred to as a particular type of circuitry.
  • processor circuitry refers to, is part of, or includes circuitry capable of sequentially and automatically carrying out a sequence of arithmetic or logical operations, or recording, storing, and/or transferring digital data.
  • Processing circuitry may include one or more processing cores to execute instructions and one or more memory structures to store program and data information.
  • processor circuitry may refer to one or more application processors, one or more baseband processors, a physical central processing unit (CPU), a single-core processor, a dual-core processor, a triple-core processor, a quad-core processor, and/or any other device capable of executing or otherwise operating computer- executable instructions, such as program code, software modules, and/or functional processes.
  • Processing circuitry may include more hardware accelerators, which may be microprocessors, programmable processing devices, or the like.
  • the one or more hardware accelerators may include, for example, computer vision (CV) and/or deep learning (DL) accelerators.
  • CV computer vision
  • DL deep learning
  • application circuitry and/or “baseband circuitry” may be considered synonymous to, and may be referred to as, “processor circuitry.”
  • interface circuitry refers to, is part of, or includes circuitry that enables the exchange of information between two or more components or devices.
  • interface circuitry may refer to one or more hardware interfaces, for example, buses, I/O interfaces, peripheral component interfaces, network interface cards, and/or the like.
  • user equipment refers to a device with radio communication capabilities and may describe a remote user of network resources in a communications network.
  • the term “user equipment” or “UE” may be considered synonymous to, and may be referred to as, client, mobile, mobile device, mobile terminal, user terminal, mobile unit, mobile station, mobile user, subscriber, user, remote station, access agent, user agent, receiver, radio equipment, reconfigurable radio equipment, reconfigurable mobile device, etc.
  • the term “user equipment” or “UE” may include any type of wireless/wired device or any computing device including a wireless communications interface.
  • network element refers to physical or virtualized equipment and/or infrastructure used to provide wired or wireless communication network services.
  • network element may be considered synonymous to and/or referred to as a networked computer, networking hardware, network equipment, network node, router, switch, hub, bridge, radio network controller, RAN device, RAN node, gateway, server, virtualized VNF, NFVI, and/or the like.
  • computer system refers to any type interconnected electronic devices, computer devices, or components thereof. Additionally, the term “computer system” and/or “system” may refer to various components of a computer that are communicatively coupled with one another. Furthermore, the term “computer system” and/or “system” may refer to multiple computer devices and/or multiple computing systems that are communicatively coupled with one another and configured to share computing and/or networking resources.
  • appliance refers to a computer device or computer system with program code (e.g., software or firmware) that is specifically designed to provide a specific computing resource.
  • program code e.g., software or firmware
  • a “virtual appliance” is a virtual machine image to be implemented by a hypervisor-equipped device that virtualizes or emulates a computer appliance or otherwise is dedicated to provide a specific computing resource.
  • resource refers to a physical or virtual device, a physical or virtual component within a computing environment, and/or a physical or virtual component within a particular device, such as computer devices, mechanical devices, memory space, processor/CPU time, processor/CPU usage, processor and accelerator loads, hardware time or usage, electrical power, input/output operations, ports or network sockets, channel/link allocation, throughput, memory usage, storage, network, database and applications, workload units, and/or the like.
  • a “hardware resource” may refer to compute, storage, and/or network resources provided by physical hardware element(s).
  • a “virtualized resource” may refer to compute, storage, and/or network resources provided by virtualization infrastructure to an application, device, system, etc.
  • network resource or “communication resource” may refer to resources that are accessible by computer devices/sy stems via a communications network.
  • system resources may refer to any kind of shared entities to provide services, and may include computing and/or network resources. System resources may be considered as a set of coherent functions, network data objects or services, accessible through a server where such system resources reside on a single host or multiple hosts and are clearly identifiable.
  • channel refers to any transmission medium, either tangible or intangible, which is used to communicate data or a data stream.
  • channel may be synonymous with and/or equivalent to “communications channel,” “data communications channel,” “transmission channel,” “data transmission channel,” “access channel,” “data access channel,” “link,” “data link,” “carrier,” “radiofrequency carrier,” and/or any other like term denoting a pathway or medium through which data is communicated.
  • link refers to a connection between two devices through a RAT for the purpose of transmitting and receiving information.
  • instantiate refers to the creation of an instance.
  • An “instance” also refers to a concrete occurrence of an object, which may occur, for example, during execution of program code.
  • Coupled may mean two or more elements are in direct physical or electrical contact with one another, may mean that two or more elements indirectly contact each other but still cooperate or interact with each other, and/or may mean that one or more other elements are coupled or connected between the elements that are said to be coupled with each other.
  • directly coupled may mean that two or more elements are in direct contact with one another.
  • communicatively coupled may mean that two or more elements may be in contact with one another by a means of communication including through a wire or other interconnect connection, through a wireless communication channel or link, and/or the like.
  • information element refers to a structural element containing one or more fields.
  • field refers to individual contents of an information element, or a data element that contains content.
  • SMTC refers to an SSB-based measurement timing configuration configured by SSB-MeasurementTimingConfiguration .
  • SSB refers to an SS/PBCH block.
  • a “Primary Cell” refers to the MCG cell, operating on the primary frequency, in which the UE either performs the initial connection establishment procedure or initiates the connection re-establishment procedure.
  • Primary SCG Cell refers to the SCG cell in which the UE performs random access when performing the Reconfiguration with Sync procedure for DC operation.
  • Secondary Cell refers to a cell providing additional radio resources on top of a Special Cell for a UE configured with C A.
  • Secondary Cell Group refers to the subset of serving cells comprising the PSCell and zero or more secondary cells for a UE configured with DC.
  • the term “Serving Cell” refers to the primary cell for a UE in RRC CONNECTED not configured with CA/DC there is only one serving cell comprising of the primary cell.
  • the term “serving cell” or “serving cells” refers to the set of cells comprising the Special
  • Special Cell refers to the PCell of the MCG or the PSCell of the SCG for DC operation; otherwise, the term “Special Cell” refers to the Pcell.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Divers modes de réalisation de la présente invention concernent des techniques concernant la ré-authentification d'un équipement utilisateur (UE) dans un réseau cellulaire de cinquième génération (5G). Particulièrement, dans certains modes de réalisation, une fonction serveur d'authentification (AUSF) d'un réseau mobile terrestre public domestique (HPLMN) de l'UE peut être configurée de sorte à identifier qu'une clé associée à l'AUSF (KAUSF) associée à l'UE doit être actualisée. Sur la base de cette identification, l'AUSF peut être configurée de sorte à lancer un processus de ré-authentification qui comprend une actualisation de la KAUSF, ou amener une autre entité du réseau cellulaire à lancer un tel processus. D'autres modes de réalisation peuvent être décrits et/ou revendiqués.
PCT/US2022/016135 2021-02-19 2022-02-11 Actualisation de clés d'ancrage dérivées à long terme et gestion d'identité fédérée WO2022177822A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN202280026116.5A CN117121524A (zh) 2021-02-19 2022-02-11 刷新长期衍生锚定密钥和联合身份管理
KR1020237031258A KR20230159413A (ko) 2021-02-19 2022-02-11 장기 파생 앵커 키들 및 연합 아이덴티티 관리의 리프레시

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US202163151587P 2021-02-19 2021-02-19
US63/151,587 2021-02-19

Publications (1)

Publication Number Publication Date
WO2022177822A1 true WO2022177822A1 (fr) 2022-08-25

Family

ID=82931090

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2022/016135 WO2022177822A1 (fr) 2021-02-19 2022-02-11 Actualisation de clés d'ancrage dérivées à long terme et gestion d'identité fédérée

Country Status (3)

Country Link
KR (1) KR20230159413A (fr)
CN (1) CN117121524A (fr)
WO (1) WO2022177822A1 (fr)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3525503A1 (fr) * 2018-02-08 2019-08-14 Nokia Technologies Oy Enregistrement ou authentification d'un équipement utilisateur dans un réseau mobile terrestre public visité
US20200280849A1 (en) * 2017-09-27 2020-09-03 Nec Corporation Communication terminal, core network device, core network node, network node, and key deriving method
US20200344606A1 (en) * 2019-04-24 2020-10-29 Apple Inc. Re-authentication procedure for security key (kausf) generation and steering of roaming (sor) data delivery

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20200280849A1 (en) * 2017-09-27 2020-09-03 Nec Corporation Communication terminal, core network device, core network node, network node, and key deriving method
EP3525503A1 (fr) * 2018-02-08 2019-08-14 Nokia Technologies Oy Enregistrement ou authentification d'un équipement utilisateur dans un réseau mobile terrestre public visité
US20200344606A1 (en) * 2019-04-24 2020-10-29 Apple Inc. Re-authentication procedure for security key (kausf) generation and steering of roaming (sor) data delivery

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
"3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; Study on enhanced support of non-public networks (Release 17)", 3GPP STANDARD; TECHNICAL REPORT; 3GPP TR 23.700-07, 3RD GENERATION PARTNERSHIP PROJECT (3GPP), no. V1.2.0, 27 November 2020 (2020-11-27), pages 1 - 247, XP051961785 *
NTT DOCOMO: "Home network triggered reauthentication", 3GPP DRAFT; S3-210501, 3RD GENERATION PARTNERSHIP PROJECT (3GPP), 11 January 2021 (2021-01-11), XP051968453 *

Also Published As

Publication number Publication date
KR20230159413A (ko) 2023-11-21
CN117121524A (zh) 2023-11-24

Similar Documents

Publication Publication Date Title
US11871436B2 (en) Apparatus for UE measurement delay and granularity for new radio positioning measurement
US11968559B2 (en) Apparatus and method for 5G quality of service indicator management
US11871460B2 (en) Domain name system (DNS)-based discovery of regulatory requirements for non-3GPP inter-working function (N3IWF) selection
US20230141237A1 (en) Techniques for management data analytics (mda) process and service
US11792814B2 (en) Techniques for cancelation of one or more uplink transmissions from a user equipment
WO2022155108A1 (fr) Saut de fréquence inter-intervalles amélioré permettant une couverture de liaison montante dans des systèmes 5g
WO2023091417A1 (fr) Fonctionnement amélioré de signal de référence de sondage (srs) pour systèmes de cinquième génération (5g)
US20230246689A1 (en) Support of simplified multiple input multiple output features for reduced capability user equipment in new radio systems
US11979894B2 (en) Soft resource availability indication for integrated access and backhaul (IAB) operation in paired spectrum
WO2022011527A1 (fr) Configuration et transmission de srs en multi-dci multi-trp et agrégation de porteuses
WO2022154961A1 (fr) Support pour serveur activateur de périphérie et gestion de cycle de vie de serveur de configuration de périphérie
WO2022154962A1 (fr) Atténuation de chevauchements de domaine temporel impliquant un bloc de transport sur des transmissions à fentes multiples
CN114641044A (zh) 用在源基站、目标基站和用户设备中的装置
US11751228B2 (en) Methods and apparatuses for uplink spatial relation info switch
EP4239479A1 (fr) Orchestration de services informatiques et de ressources pour des systèmes de prochaine génération
WO2022177822A1 (fr) Actualisation de clés d'ancrage dérivées à long terme et gestion d'identité fédérée
US20240187172A1 (en) Single trp and multiple trp dynamic switching for single dci based pusch transmissions
EP4207666A1 (fr) Configuration d'occasions de surveillance de pdcch pour capacité de surveillance de pdcch à intervalles multiples
WO2022216859A1 (fr) Configuration d'avance temporelle pour mobilité inter-cellules
EP4278628A1 (fr) Mesures de performance pour fonction d'exposition de réseau sur la fourniture de paramètres de service, la négociation de politique et l'établissement de connexion
WO2022240614A1 (fr) Commutation dynamique trp unique et mult-trp pour des transmissions pusch à base de dci unique
WO2022155505A1 (fr) Techniques de déclenchement d'un signal de référence de sondage (srs) apériodique et flexible
WO2023033813A1 (fr) Transmission de csi-rs (signal de référence d'informations d'état de canal) basée sur un groupe
CN116783873A (zh) 下一代系统的数据管理和后台数据传送策略控制的性能测量
EP4193676A1 (fr) Rapport de défaillance de transfert conditionnel dans la minimisation des tests de conduite (mdt)

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22756735

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 22756735

Country of ref document: EP

Kind code of ref document: A1