WO2022178472A1 - Établissement de sécurité d'une liaison pc5 à l'aide d'un contexte de sécurité d'une strate de non-accès - Google Patents

Établissement de sécurité d'une liaison pc5 à l'aide d'un contexte de sécurité d'une strate de non-accès Download PDF

Info

Publication number
WO2022178472A1
WO2022178472A1 PCT/US2022/070260 US2022070260W WO2022178472A1 WO 2022178472 A1 WO2022178472 A1 WO 2022178472A1 US 2022070260 W US2022070260 W US 2022070260W WO 2022178472 A1 WO2022178472 A1 WO 2022178472A1
Authority
WO
WIPO (PCT)
Prior art keywords
relay
key
remote
network node
freshness parameter
Prior art date
Application number
PCT/US2022/070260
Other languages
English (en)
Inventor
Hongil Kim
Soo Bum Lee
Adrian Edward Escott
Anand Palanigounder
Original Assignee
Qualcomm Incorporated
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US17/648,349 external-priority patent/US12058520B2/en
Application filed by Qualcomm Incorporated filed Critical Qualcomm Incorporated
Priority to EP22703870.0A priority Critical patent/EP4295604A1/fr
Priority to CN202280015054.8A priority patent/CN116965073A/zh
Publication of WO2022178472A1 publication Critical patent/WO2022178472A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0431Key distribution or pre-distribution; Key agreement
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/02Terminal devices
    • H04W88/04Terminal devices adapted for relaying to or from another terminal or user

Definitions

  • aspects of the present disclosure generally relate to wireless communication and to techniques and apparatuses for setting up PC5 link security using a non-access stratum security context.
  • Wireless communication systems are widely deployed to provide various telecommunication services such as telephony, video, data, messaging, and broadcasts.
  • Typical wireless communication systems may employ multiple-access technologies capable of supporting communication with multiple users by sharing available system resources (e.g., bandwidth, transmit power, or the like).
  • multiple-access technologies include code division multiple access (CDMA) systems, time division multiple access (TDMA) systems, frequency-division multiple access (FDMA) systems, orthogonal frequency-division multiple access (OFDMA) systems, single-carrier frequency-division multiple access (SC- FDMA) systems, time division synchronous code division multiple access (TD-SCDMA) systems, and Fong Term Evolution (FTE).
  • FTE/FTE- Advanced is a set of enhancements to the Universal Mobile Telecommunications System (UMTS) mobile standard promulgated by the Third Generation Partnership Project (3GPP).
  • UMTS Universal Mobile Telecommunications System
  • a wireless network may include a number of base stations (BSs) that can support communication for a number of user equipment (UEs).
  • UE may communicate with a BS via the downlink and uplink.
  • Downlink (or “forward link”) refers to the communication link from the BS to the UE
  • uplink (or “reverse link”) refers to the communication link from the UE to the BS.
  • a BS may be referred to as a Node B, a gNB, an access point (AP), a radio head, a transmit receive point (TRP), a New Radio (NR) BS, a 5G Node B, or the like.
  • NR which may also be referred to as 5G
  • 5G is a set of enhancements to the LTE mobile standard promulgated by the 3GPP.
  • NR is designed to better support mobile broadband Internet access by improving spectral efficiency, lowering costs, improving services, making use of new spectrum, and better integrating with other open standards using orthogonal frequency division multiplexing (OFDM) with a cyclic prefix (CP) (CP-OFDM) on the downlink (DF), using CP- OFDM and/or SC-FDM (e.g., also known as discrete Fourier transform spread OFDM (DFT-s- OFDM)) on the uplink (UF), as well as supporting beamforming, multiple-input multiple-output (MIMO) antenna technology, and carrier aggregation.
  • OFDM orthogonal frequency division multiplexing
  • CP-OFDM with a cyclic prefix
  • SC-FDM e.g., also known as discrete Fourier transform spread OFDM (DFT-s- OFDM)
  • MIMO multiple-input multiple-output
  • FIG. 1 is a diagram illustrating an example of a wireless network, in accordance with the present disclosure.
  • FIG. 2 is a diagram illustrating an example of a base station in communication with a UE in a wireless network, in accordance with the present disclosure.
  • FIG. 3 is a diagram illustrating an example of sidelink communications, in accordance with the present disclosure.
  • Fig. 4 is a diagram illustrating an example of sidelink communications and access link communications, in accordance with the present disclosure.
  • Fig. 5 is a diagram illustrating an example of a control-plane procedure for a PC5 link, in accordance with the present disclosure.
  • Fig. 6 is a diagram illustrating an example of setting up PC5 link security using a non- access stratum (NAS) security context, in accordance with the present disclosure.
  • NAS non- access stratum
  • Fig. 7 is a diagram illustrating an example of other details for setting up PC5 link security using a NAS security context, in accordance with the present disclosure.
  • Fig. 8 is a diagram illustrating an example process performed, for example, by a UE, in accordance with the present disclosure.
  • Fig. 9 is a diagram illustrating an example process performed, for example, by a network node, in accordance with the present disclosure.
  • FIGs. 10-11 are block diagrams of example apparatuses for wireless communication, in accordance with the present disclosure.
  • a method of wireless communication performed by a user equipment includes transmitting, to a relay UE, a first message comprising a first nonce, a first freshness parameter, an identity of the UE, and authentication information.
  • the authentication information may be used by a network node to authenticate the UE with security context information of the UE that was established during registration of the UE with the network node.
  • the method may include receiving, from the relay UE, a second message comprising a second nonce and a set of key generation parameters and deriving a relay key for security establishment between the UE and the relay UE based at least in part on the first freshness parameter, the set of key generation parameters, and a shared key with the network node.
  • the method may also include deriving a relay session key for security establishment between the UE and the relay UE based at least in part on the relay key, the first nonce, and the second nonce.
  • the method may include verifying the second message based at least in part on the relay session key and transmitting a third message, to the relay UE, that is protected based at least in part on the relay session key.
  • a method of wireless communication performed by a network node includes receiving, from a remote UE via a relay UE, a first freshness parameter, an identity of the remote UE, and authentication information.
  • the authentication information may be used by the network node to authenticate the remote UE based at least in part on security context information of the remote UE, and the security context information may be identified by the identity of the remote UE.
  • the method may include verifying the authentication information based at least in part on the security context information of the remote UE and a shared key with the remote UE and deriving a relay key for security establishment between the remote UE and the relay UE based at least in part on the first freshness parameter and the shared key with the remote UE.
  • the method may also include transmitting an identity of the relay key to the remote UE via the relay UE.
  • a UE for wireless communication includes a memory and one or more processors, coupled to the memory, configured to transmit, to a relay UE, a first message comprising a first nonce, a first freshness parameter, an identity of the UE, and authentication information.
  • the authentication information may be used by a network node to authenticate the UE with security context information of the UE that was established during registration of the UE with the network node.
  • the one or more processors may be configured to receive, from the relay UE, a second message comprising a second nonce and a set of key generation parameters and derive a relay key for security establishment between the UE and the relay UE based at least in part on the first freshness parameter, the set of key generation parameters, and a shared key with the network node.
  • the one or more processors may be configured to derive a relay session key for security establishment between the UE and the relay UE based at least in part on the relay key, the first nonce, and the second nonce.
  • the one or more processors may be configured to verify the second message based at least in part on the relay session key and transmit a third message, to the relay UE, that is protected based at least in part on the relay session key.
  • a network node for wireless communication includes a memory and one or more processors, coupled to the memory, configured to receive, from a remote UE via a relay UE, a first freshness parameter, an identity of the remote UE, and authentication information.
  • the authentication information may be used by the network node to authenticate the remote UE based at least in part on security context information of the remote UE, and the security context information may be identified by the identity of the remote UE.
  • the one or more processors may be configured to verify the authentication information based at least in part on the security context information of the remote UE and a shared key with the remote UE and derive a relay key for security establishment between the remote UE and the relay UE based at least in part on the first freshness parameter and the shared key with the remote UE.
  • the one or more processors may be configured to transmit an identity of the relay key to the remote UE via the relay UE and receive a message, from the remote UE via the relay UE, that is protected based at least in part on the relay key.
  • a non-transitory computer-readable medium storing a set of instructions for wireless communication includes one or more instructions that, when executed by one or more processors of a UE, cause the UE to: transmit, to a relay UE, a first message comprising a first nonce, a first freshness parameter, an identity of the UE, and authentication information, where the authentication information is used by a network node to authenticate the UE with security context information of the UE that was established during registration of the UE with the network node; receive, from the relay UE, a second message comprising a second nonce and a set of key generation parameters; derive a relay key for security establishment between the UE and the relay UE based at least in part on the first freshness parameter, the set of key generation parameters, and a shared key with the network node; derive a relay session key for security establishment between the UE and the relay UE based at least in part on the relay key, the first nonce, and the second nonce; verify
  • a non-transitory computer-readable medium storing a set of instructions for wireless communication includes one or more instructions that, when executed by one or more processors of a network node, cause the network node to receive, from a remote UE via a relay UE, a first freshness parameter, an identity of the remote UE, and authentication information, where the authentication information is used by the network node to authenticate the remote UE based at least in part on security context information of the remote UE, and where the security context information is identified by the identity of the remote UE; verify the authentication information based at least in part on the security context information of the remote UE and a shared key with the remote UE; derive a relay key for security establishment between the remote UE and the relay UE based at least in part on the first freshness parameter and the shared key with the remote UE; transmit an identity of the relay key to the remote UE via the relay UE.
  • an apparatus for wireless communication includes means for transmitting, to a relay UE, a first message comprising a first nonce, a first freshness parameter, an identity of the apparatus, and authentication information, where the authentication information is used by a network node to authenticate the apparatus with security context information of the apparatus that was established during registration of the apparatus with the network node.
  • the apparatus may include means for receiving, from the relay UE, a second message comprising a second nonce and a set of key generation parameters and means for deriving a relay key for security establishment between the apparatus and the relay UE based at least in part on the first freshness parameter, the set of key generation parameters, and a shared key with the network node.
  • the apparatus may include means for deriving a relay session key for security establishment between the apparatus and the relay UE based at least in part on the relay key, the first nonce, and the second nonce, means for verifying the second message based at least in part on the relay session key, and means for transmitting a third message, to the relay UE, that is protected based at least in part on the relay session key.
  • an apparatus for wireless communication includes means for receiving, from a remote UE via a relay UE, a first freshness parameter, an identity of the remote UE, and authentication information, where the authentication information is used by the apparatus to authenticate the remote UE based at least in part on security context information of the remote UE, and where the security context information is identified by the identity of the remote UE.
  • the apparatus may include means for verifying the authentication information based at least in part on the security context information of the remote UE and a shared key with the remote UE, means for deriving a relay key for security establishment between the remote UE and the apparatus based at least in part on the first freshness parameter and the shared key with the remote UE, means for transmitting an identity of the relay key to the remote UE via the relay UE, and means for receiving a message, from the remote UE via the relay UE, that is protected based at least in part on the relay key.
  • aspects generally include a method, apparatus, system, computer program product, non-transitory computer-readable medium, user equipment, base station, wireless communication device, and/or processing system as substantially described herein with reference to and as illustrated by the drawings and specification.
  • aspects are described in the present disclosure by reference to some examples, those skilled in the art will understand that such aspects may be implemented in many different arrangements and scenarios.
  • Techniques described herein may be implemented using different platform types, devices, systems, shapes, sizes, and/or packaging arrangements.
  • some aspects may be implemented via integrated chip embodiments or other non-module- component based devices (e.g., end-user devices, vehicles, communication devices, computing devices, industrial equipment, retail/purchasing devices, medical devices, or artificial intelligence-enabled devices).
  • aspects may be implemented in chip-level components, modular components, non-modular components, non-chip-level components, device-level components, or system-level components.
  • Devices incorporating described aspects and features may include additional components and features for implementation and practice of claimed and described aspects.
  • transmission and reception of wireless signals may include a number of components for analog and digital purposes (e.g., hardware components including antennas, radio frequency (RF) chains, power amplifiers, modulators, buffers, processors, interleavers, adders, or summers). It is intended that aspects described herein may be practiced in a wide variety of devices, components, systems, distributed arrangements, or end-user devices of varying size, shape, and constitution.
  • RF radio frequency
  • Fig. 1 is a diagram illustrating an example of a wireless network 100, in accordance with the present disclosure.
  • the wireless network 100 may be or may include elements of a 5G (NR) network and/or an LTE network, among other examples.
  • the wireless network 100 may include a number of base stations 110 (shown as BS 110a, BS 110b, BS 110c, and BS 1 lOd) and other network entities.
  • a base station (BS) is an entity that communicates with UEs and may also be referred to as an NR BS, a Node B, a gNB, a 5G node B (NB), an access point, a transmit receive point (TRP), or the like.
  • Each BS may provide communication coverage for a particular geographic area.
  • a BS may provide communication coverage for a macro cell, a pico cell, a femto cell, and/or another type of cell.
  • a macro cell may cover a relatively large geographic area (e.g., several kilometers in radius) and may allow unrestricted access by UEs with service subscription.
  • a pico cell may cover a relatively small geographic area and may allow unrestricted access by UEs with service subscription.
  • a femto cell may cover a relatively small geographic area (e.g., a home) and may allow restricted access by UEs having association with the femto cell (e.g., UEs in a closed subscriber group (CSG)).
  • a BS for a macro cell may be referred to as a macro BS.
  • a BS for a pico cell may be referred to as a pico BS.
  • a BS for a femto cell may be referred to as a femto BS or a home BS.
  • a BS 110a may be a macro BS for a macro cell 102a
  • a BS 110b may be a pico BS for a pico cell 102b
  • a BS 110c may be a femto BS for a femto cell 102c.
  • a BS may support one or multiple (e.g., three) cells.
  • the terms “eNB”, “base station”, “NR BS”, “gNB”, “TRP”, “AP”, “node B”, “5G NB”, and “cell” may be used interchangeably herein.
  • a cell may not necessarily be stationary, and the geographic area of the cell may move according to the location of a mobile BS.
  • the BSs may be interconnected to one another and/or to one or more other BSs or network nodes (not shown) in the wireless network 100 through various types of backhaul interfaces, such as a direct physical connection or a virtual network, using any suitable transport network.
  • Wireless network 100 may also include relay stations.
  • a relay station is an entity that can receive a transmission of data from an upstream station (e.g., a BS or a UE) and send a transmission of the data to a downstream station (e.g., a UE or a BS).
  • a relay station may also be a UE that can relay transmissions for other UEs.
  • a relay BS 1 lOd may communicate with macro BS 110a and a UE 120d in order to facilitate communication between BS 110a and UE 120d.
  • a relay BS may also be referred to as a relay station, a relay base station, a relay, or the like.
  • Wireless network 100 may be a heterogeneous network that includes BSs of different types, such as macro BSs, pico BSs, femto BSs, relay BSs, or the like. These different types of BSs may have different transmit power levels, different coverage areas, and different impacts on interference in wireless network 100.
  • macro BSs may have a high transmit power level (e.g., 5 to 40 watts) whereas pico BSs, femto BSs, and relay BSs may have lower transmit power levels (e.g., 0.1 to 2 watts).
  • a network node 130 may couple to a set of BSs and may provide coordination and control for these BSs.
  • Network node 130 may communicate with the BSs via a backhaul.
  • the BSs may also communicate with one another directly or indirectly, via a wireless or wireline backhaul.
  • UEs 120 may be dispersed throughout wireless network 100, and each UE may be stationary or mobile.
  • a UE may also be referred to as an access terminal, a terminal, a mobile station, a subscriber unit, a station, or the like.
  • a UE may be a cellular phone (e.g., a smart phone), a personal digital assistant (PDA), a wireless modem, a wireless communication device, a handheld device, a laptop computer, a cordless phone, a wireless local loop (WLL) station, a tablet, a camera, a gaming device, a netbook, a smartbook, an ultrabook, a medical device or equipment, biometric sensors/devices, wearable devices (smart watches, smart clothing, smart glasses, smart wrist bands, smart jewelry (e.g., smart ring, smart bracelet)), an entertainment device (e.g., a music or video device, or a satellite radio), a vehicular component or sensor, smart meters/sensors, industrial manufacturing equipment, a global positioning system device, or any other suitable device that is configured to communicate via a wireless or wired medium.
  • a cellular phone e.g., a smart phone
  • PDA personal digital assistant
  • WLL wireless local loop
  • MTC and eMTC UEs include, for example, robots, drones, remote devices, sensors, meters, monitors, and/or location tags, that may communicate with abase station, another device (e.g., remote device), or some other entity.
  • a wireless node may provide, for example, connectivity for or to a network (e.g., a wide area network such as Internet or a cellular network) via a wired or wireless communication link.
  • Some UEs may be considered Intemet-of-Things (IoT) devices, and/or may be implemented as NB-IoT (narrowband internet of things) devices. Some UEs may be considered a Customer Premises Equipment (CPE).
  • UE 120 may be included inside a housing that houses components of UE 120, such as processor components and/or memory components.
  • the processor components and the memory components may be coupled together.
  • the processor components e.g., one or more processors
  • the memory components e.g., a memory
  • the processor components e.g., one or more processors
  • the memory components e.g., a memory
  • any number of wireless networks may be deployed in a given geographic area.
  • Each wireless network may support a particular RAT and may operate on one or more frequencies.
  • a RAT may also be referred to as a radio technology, an air interface, or the like.
  • a frequency may also be referred to as a carrier, a frequency channel, or the like.
  • Each frequency may support a single RAT in a given geographic area in order to avoid interference between wireless networks of different RATs.
  • NR or 5G RAT networks may be deployed.
  • two or more UEs 120 may communicate directly using one or more sidelink channels (e.g., without using a base station 110 as an intermediary to communicate with one another).
  • the UEs 120 may communicate using peer-to-peer (P2P) communications, device-to-device (D2D) communications, a vehicle-to-everything (V2X) protocol (e.g., which may include a vehicle-to- vehicle (V2V) protocol or a vehicle-to-infrastructure (V2I) protocol), and/or a mesh network.
  • P2P peer-to-peer
  • D2D device-to-device
  • V2X vehicle-to-everything
  • V2V vehicle-to-everything
  • UE 120 may perform scheduling operations, resource selection operations, and/or other operations described elsewhere herein as being performed by base station 110.
  • Devices of wireless network 100 may communicate using the electromagnetic spectrum, which may be subdivided based on frequency or wavelength into various classes, bands, channels, or the like.
  • devices of wireless network 100 may communicate using an operating band having a first frequency range (FR1), which may span from 410 MHz to 7.125 GHz, and/or may communicate using an operating band having a second frequency range (FR2), which may span from 24.25 GHz to 52.6 GHz.
  • FR1 and FR2 are sometimes referred to as mid-band frequencies.
  • FR1 is often referred to as a “sub-6 GHz” band.
  • FR2 is often referred to as a “millimeter wave” band despite being different from the extremely high frequency (EHF) band (30 GHz - 300 GHz) which is identified by the International Telecommunications Union (ITU) as a “millimeter wave” band.
  • EHF extremely high frequency
  • ITU International Telecommunications Union
  • sub-6 GHz or the like, if used herein, may broadly represent frequencies less than 6 GHz, frequencies within FR1, and/or mid-band frequencies (e.g., greater than 7.125 GHz).
  • millimeter wave may broadly represent frequencies within the EHF band, frequencies within FR2, and/or mid-band frequencies (e.g., less than 24.25 GHz). It is contemplated that the frequencies included in FR1 and FR2 may be modified, and techniques described herein are applicable to those modified frequency ranges.
  • Fig. 1 is provided as an example. Other examples may differ from what is described with regard to Fig. 1.
  • Fig. 2 is a diagram illustrating an example 200 of a base station 110 in communication with a UE 120 in a wireless network 100, in accordance with the present disclosure.
  • Base station 110 may be equipped with T antennas 234a through 234t
  • UE 120 may be equipped with R antennas 252a through 252r, where in general T > 1 and R > 1.
  • a transmit processor 220 may receive data from a data source 212 for one or more UEs, select one or more modulation and coding schemes (MCS) for each UE based at least in part on channel quality indicators (CQIs) received from the UE, process (e.g., encode and modulate) the data for each UE based at least in part on the MCS(s) selected for the UE, and provide data symbols for all UEs. Transmit processor 220 may also process system information (e.g., for semi-static resource partitioning information (SRPI)) and control information (e.g., CQI requests, grants, and/or upper layer signaling) and provide overhead symbols and control symbols.
  • MCS modulation and coding schemes
  • Transmit processor 220 may also generate reference symbols for reference signals (e.g., a cell-specific reference signal (CRS) or a demodulation reference signal (DMRS)) and synchronization signals (e.g., a primary synchronization signal (PSS) or a secondary synchronization signal (SSS)).
  • a transmit (TX) multiple-input multiple -output (MIMO) processor 230 may perform spatial processing (e.g., precoding) on the data symbols, the control symbols, the overhead symbols, and/or the reference symbols, if applicable, and may provide T output symbol streams to T modulators (MODs) 232a through 232t. Each modulator 232 may process a respective output symbol stream (e.g., for OFDM) to obtain an output sample stream.
  • TX transmit
  • MIMO multiple-input multiple -output
  • Each modulator 232 may process a respective output symbol stream (e.g., for OFDM) to obtain an output sample stream.
  • Each modulator 232 may further process (e.g., convert to analog, amplify, filter, and upconvert) the output sample stream to obtain a downlink signal.
  • T downlink signals from modulators 232a through 232t may be transmitted via T antennas 234a through 234t, respectively.
  • antennas 252a through 252r may receive the downlink signals from base station 110 and/or other base stations and may provide received signals to demodulators (DEMODs) 254a through 254r, respectively.
  • Each demodulator 254 may condition (e.g., fdter, amplify, downconvert, and digitize) a received signal to obtain input samples.
  • Each demodulator 254 may further process the input samples (e.g., for OFDM) to obtain received symbols.
  • a MIMO detector 256 may obtain received symbols from all R demodulators 254a through 254r, perform MIMO detection on the received symbols if applicable, and provide detected symbols.
  • a receive processor 258 may process (e.g., demodulate and decode) the detected symbols, provide decoded data for UE 120 to a data sink 260, and provide decoded control information and system information to a controller/processor 280.
  • controller/processor may refer to one or more controllers, one or more processors, or a combination thereof.
  • a channel processor may determine a reference signal received power (RSRP) parameter, a received signal strength indicator (RSSI) parameter, a reference signal received quality (RSRQ) parameter, and/or a channel quality indicator (CQI) parameter, among other examples.
  • RSRP reference signal received power
  • RSSI received signal strength indicator
  • RSRQ reference signal received quality
  • CQI channel quality indicator
  • one or more components of UE 120 may be included in a housing 284.
  • Network node 130 may include communication unit 294, controller/processor 290, and memory 292.
  • Network node 130 may include, for example, one or more devices in a core network, such as an AMF.
  • Network node 130 may communicate with base station 110 via communication unit 294.
  • One or more antennas may include, or may be included within, one or more antenna panels, antenna groups, sets of antenna elements, and/or antenna arrays, among other examples.
  • An antenna panel, an antenna group, a set of antenna elements, and/or an antenna array may include one or more antenna elements.
  • An antenna panel, an antenna group, a set of antenna elements, and/or an antenna array may include a set of coplanar antenna elements and/or a set of non-coplanar antenna elements.
  • An antenna panel, an antenna group, a set of antenna elements, and/or an antenna array may include antenna elements within a single housing and/or antenna elements within multiple housings.
  • An antenna panel, an antenna group, a set of antenna elements, and/or an antenna array may include one or more antenna elements coupled to one or more transmission and/or reception components, such as one or more components of Fig. 2.
  • a transmit processor 264 may receive and process data from a data source 262 and control information (e.g., for reports that include RSRP, RSSI, RSRQ, and/or CQI) from controller/processor 280. Transmit processor 264 may also generate reference symbols for one or more reference signals. The symbols from transmit processor 264 may be precoded by a TX MIMO processor 266 if applicable, further processed by modulators 254a through 254r (e.g., for DFT-s-OFDM or CP-OFDM) and transmitted to base station 110.
  • control information e.g., for reports that include RSRP, RSSI, RSRQ, and/or CQI
  • Transmit processor 264 may also generate reference symbols for one or more reference signals.
  • the symbols from transmit processor 264 may be precoded by a TX MIMO processor 266 if applicable, further processed by modulators 254a through 254r (e.g., for DFT-s-OFDM or CP-OFDM
  • a modulator and a demodulator (e.g., MOD/D EMOD 254) of UE 120 may be included in a modem of UE 120.
  • the UE 120 includes a transceiver.
  • the transceiver may include any combination of antenna(s) 252, modulators and/or demodulators 254, MIMO detector 256, receive processor 258, transmit processor 264, and/or TX MIMO processor 266.
  • the transceiver may be used by a processor (e.g., controller/processor 280) and memory 282 to perform aspects of any of the methods described herein (for example, with reference to Figs. 5-11).
  • the uplink signals from UE 120 and other UEs may be received by antennas 234, processed by demodulators 232, detected by a MIMO detector 236 if applicable, and further processed by a receive processor 238 to obtain decoded data and control information sent by UE 120.
  • Receive processor 238 may provide the decoded data to a data sink 239 and the decoded control information to controller/processor 240.
  • Base station 110 may include communication unit 244 and communicate to network node 130 via communication unit 244.
  • Base station 110 may include a scheduler 246 to schedule UEs 120 for downlink and/or uplink communications.
  • a modulator and a demodulator (e.g., MOD/DEMOD 232) of base station 110 may be included in a modem of the base station 110.
  • base station 110 includes a transceiver.
  • the transceiver may include any combination of antenna(s) 234, modulators and/or demodulators 232, MIMO detector 236, receive processor 238, transmit processor 220, and/or TX MIMO processor 230.
  • the transceiver may be used by a processor (e.g., controller/processor 240) and memory 242 to perform aspects of any of the methods described herein (for example, with reference to Figs. 5-11).
  • Controller/processor 240 of base station 110, controller/processor 280 of UE 120, and/or any other component(s) of Fig. 2 may perform one or more techniques associated with setting up PC5 link security using a non-access stratum (NAS) security context, as described in more detail elsewhere herein.
  • controller/processor 240 of base station 110, controller/processor 280 of UE 120, controller/processor 290 of network node 130, and/or any other component(s) of Fig. 2 may perform or direct operations of, for example, process 800 of Fig. 8, process 900 of Fig. 9, and/or other processes as described herein.
  • Memories 242, 282, and 292 may store data and program codes for base station 110, UE 120, and network node 130, respectively.
  • memory 242 memory 282, and/or memory 292 may include a non-transitory computer-readable medium storing one or more instructions (e.g., code and/or program code) for wireless communication.
  • the one or more instructions when executed (e.g., directly, or after compiling, converting, and/or interpreting) by one or more processors of base station 110, UE 120, and/or the network node 130, may cause the one or more processors, UE 120, network node 130, and/or the base station 110 to perform or direct operations of, for example, process 800 of Fig. 8, process 900 of Fig. 9, and/or other processes as described herein.
  • executing instructions may include running the instructions, converting the instructions, compiling the instructions, and/or interpreting the instructions, among other examples.
  • UE 120 includes means for transmitting, to a relay UE, a first message comprising a first nonce, a first freshness parameter, an identity of the UE, and authentication information, where the authentication information is used by a network node to authenticate the UE with security context information of the UE that was established during registration of the UE with the network node; means for receiving, from the relay UE, a second message comprising a second nonce and a set of key generation parameters; means for deriving a relay key for security establishment between the UE and the relay UE based at least in part on the first freshness parameter, the set of key generation parameters, and a shared key with the network node; means for deriving a relay session key for security establishment between the UE and the relay UE based at least in part on the relay key, the first nonce, and the second nonce; means for verifying the second message based at least in part on the relay session key; and/or means for transmitting a third message, to the relay
  • the means for UE 120 to perform operations described herein may include, for example, one or more of antenna 252, demodulator 254, MIMO detector 256, receive processor 258, transmit processor 264, TX MIMO processor 266, modulator 254, controller/processor 280, or memory 282.
  • a network node includes means for receiving, from a remote UE via a relay UE, a first freshness parameter, an identity of the remote UE, and authentication information, where the authentication information is used by the network node to authenticate the remote UE based at least in part on security context information of the remote UE, and where the security context information is identified by the identity of the remote UE; means for verifying the authentication information based at least in part on the security context information of the remote UE and a shared key with the remote UE; means for deriving a relay key for security establishment between the remote UE and the relay UE based at least in part on the first freshness parameter and the shared key with the remote UE; means for transmitting an identity of the relay key to the remote UE via the relay UE; and/or means for receiving a message, from the remote UE via the relay UE, that is protected based at least in part on the relay key.
  • the means for the network node to perform operations described herein may include, for example, one or more of controller/processor 290, memory 292, or communication unit 294.
  • the network node includes means for transmitting a second freshness parameter based at least in part on whether the first freshness parameter is an uplink NAS count.
  • the network node includes means for transmitting the relay key to the relay UE.
  • Fig. 2 is provided as an example. Other examples may differ from what is described with regard to Fig. 2.
  • FIG. 3 is a diagram illustrating an example 300 of side link communications, in accordance with the present disclosure.
  • a first UE 305-1 may communicate with a second UE 305-2 (and one or more other UEs 305) via one or more sidelink channels 310.
  • UEs 305-1 and 305-2 may communicate using the one or more sidelink channels 310 for P2P communications, D2D communications, V2X communications (e.g., which may include V2V communications, V2I communications, V2P communications), and/or mesh networking.
  • UEs 305 e.g., UE 305-1 and/or UE 305-2
  • one or more sidelink channels 310 may use a PC5 interface and/or may operate in a high frequency band (e.g., the 5.9 GHz band). Additionally, or alternatively, the UEs 305 may synchronize timing of transmission time intervals (e.g., frames, subframes, slots, symbols, and/or the like) using global navigation satellite system timing.
  • transmission time intervals e.g., frames, subframes, slots, symbols, and/or the like
  • one or more sidelink channels 310 may include a physical sidelink control channel (PSCCH) 315, a physical sidelink shared channel (PSSCH) 320, and/or a physical sidelink feedback channel (PSFCH) 325.
  • PSCCH 315 may be used to communicate control information, similar to a physical downlink control channel (PDCCH) and/or a physical uplink control channel (PUCCH) used for cellular communications with a base station 110 via an access link or an access channel.
  • PSSCH 320 may be used to communicate data, similar to a physical downlink shared channel (PDSCH) and/or a physical uplink shared channel (PUSCH) used for cellular communications with base station 110 via an access link or an access channel.
  • PSCCH 315 may carry sidelink control information (SCI) 330, which may indicate various control information used for sidelink communications, such as one or more resources (e.g., time resources, frequency resources, spatial resources) where a transport block (TB) 335 may be carried on PSSCH 320.
  • TB 335 may include data.
  • PSFCH 325 may be used to communicate sidelink feedback 340, such as hybrid automatic repeat request (HARQ) feedback (e.g., acknowledgement or negative acknowledgement (ACK/NACK) information), transmit power control, a scheduling request, and/or the like.
  • HARQ hybrid automatic repeat request
  • ACK/NACK acknowledgement or negative acknowledgement
  • one or more sidelink channels 310 may use resource pools.
  • a scheduling assignment (e.g., included in SCI 330) may be transmitted in sub channels using specific resource blocks (RBs) across time.
  • data transmissions (e.g., on PSSCH 320) associated with a scheduling assignment may occupy adjacent RBs in the same subframe as the scheduling assignment (e.g., using frequency division multiplexing).
  • a scheduling assignment and associated data transmissions are not transmitted on adjacent RBs.
  • a UE 305 may operate using a transmission mode where resource selection and/or scheduling is performed by UE 305 (e.g., rather than a base station 110). In some aspects, UE 305 may perform resource selection and/or scheduling by sensing channel availability for transmissions.
  • UE 305 may measure an RSSI parameter (e.g., a sidelink-RSSI (S-RSSI) parameter) associated with various sidelink channels, may measure an RSRP parameter (e.g., a PSSCH-RSRP parameter) associated with various sidelink channels, may measure an RSRQ parameter (e.g., a PSSCH-RSRQ parameter) associated with various sidelink channels and may select a channel for transmission of a sidelink communication based at least in part on the measurement(s).
  • RSSI parameter e.g., a sidelink-RSSI (S-RSSI) parameter
  • RSRP parameter e.g., a PSSCH-RSRP parameter
  • RSRQ parameter e.g., a PSSCH-RSRQ parameter
  • UE 305 may perform resource selection and/or scheduling using SCI 330 received in PSCCH 315, which may indicate occupied resources, and/or channel parameters. Additionally, or alternatively, UE 305 may perform resource selection and/or scheduling by determining a channel busy rate associated with various sidelink channels, which may be used for rate control (e.g., by indicating a maximum number of resource blocks that UE 305 can use for a particular set of subframes).
  • UE 305 may generate sidelink grants, and may transmit the grants in SCI 330.
  • a sidelink grant may indicate, for example, one or more parameters (e.g., transmission parameters) to be used for an upcoming sidelink transmission, such as one or more resource blocks to be used for the upcoming sidelink transmission on PSSCH 320 (e.g., for TBs 335), one or more subframes to be used for the upcoming sidelink transmission, and/or a modulation and coding scheme to be used for the upcoming sidelink transmission.
  • parameters e.g., transmission parameters
  • a UE 305 may generate a sidelink grant that indicates one or more parameters for semi-persistent scheduling, such as a periodicity of a sidelink transmission. Additionally, or alternatively, the UE 305 may generate a sidelink grant for event-driven scheduling, such as for an on-demand sidelink message.
  • Fig. 3 is provided as an example. Other examples may differ from what is described with respect to Fig. 3.
  • FIG. 4 is a diagram illustrating an example 400 of side link communications and access link communications, in accordance with the present disclosure.
  • a UE 405 and another UE 410 may communicate with one another via a sidelink, as described above in connection with Fig. 3.
  • a base station 110 may communicate with UE 405 via a first access link. Additionally, or alternatively, in some sidelink modes, base station 110 may communicate with UE 410 via a second access link.
  • UE 405 and/or UE 410 may correspond to one or more UEs described elsewhere herein, such as UE 120 of Fig. 1.
  • a direct link between UEs 120 may be referred to as a sidelink
  • a direct link between a base station 110 and a UE 120 may be referred to as an access link.
  • Access link communications may be transmitted on a PC5 via the sidelink, and access link communications may be transmitted via the access link.
  • An access link communication may be either a downlink communication (from a base station 110 to a UE 120) or an uplink communication (from a UE 120 to a base station 110) on a Uu interface.
  • Mode 1 sidelink communication Communication between 405 and 410, with base station 110 allocating resources for sidelink transmissions, may be referred to as Mode 1 sidelink communication.
  • UE 405 may be a relay UE for UE 410 (remote UE).
  • base station 110 may schedule a sidelink resource upon receiving a sidelink buffer status report (SL-BSR) from UE 405.
  • Base station 110 may then transmit a sidelink grant via downlink control information (DCI) to UE 405.
  • DCI downlink control information
  • Fig. 4 is provided as an example. Other examples may differ from what is described with respect to Fig. 4.
  • Fig. 5 is a diagram illustrating an example 500 of a control-plane procedure for a PC5 link, in accordance with the present disclosure.
  • Example 500 is associated with technical report (TR) 33.847 and shows a signal diagram for signaling by a remote UE 502 (e.g., a UE 120 depicted in Figs. 1-2), a relay UE 504 (e.g., a UE 120), a target node 506 (e.g., a network node 130 depicted in Figs.
  • TR technical report
  • an access and mobility management function AMF
  • AMF access and mobility management function
  • a source node 508 e.g., a network node 130, an AMF
  • AUSF authentication server function
  • UDM unified data management
  • the nodes may include a control plane function in a core network, such as a 5G core network (5GC), and may interact with a next-generation radio access network (NG-RAN).
  • a control plane function may handle transport of control information between the UE and the core network.
  • remote UE 502 may be outside of cell coverage of a base station (e.g., gNB) and select to connect to a UE-to-network (U2N) relay UE 504 via a PC5 interface.
  • a base station e.g., gNB
  • U2N UE-to-network
  • remote UE 502 may be within cell coverage, but at an edge of cell coverage with a signal that is too weak for high broadband usage and thus may select to use relay UE 504 for stronger signals.
  • remote UE 502 may select to use PC5 to connect to the gNB via relay UE 504 in order to conserve energy and signaling resources.
  • remote UE 502 may establish some type of message security when trying to access the network. This involves establishing some security for messages between remote UE 502 and relay UE 504.
  • Example 500 shows a possible solution.
  • remote UE 502 may register with source node 508, and as shown by reference number 522, relay UE 504 may register as a relay UE.
  • Remote UE 502 may determine that a relay UE is necessary.
  • remote UE 502 may perform a discovery procedure to find relay UE 504.
  • remote UE 502 may transmit a direct communication request.
  • the request may include an identity of remote UE 502, indicated by a 5G global unique temporary identifier (5G-GUTI), and a next generation key set indicator (ngKSI) that is associated with keys that may be used for message protection.
  • 5G-GUTI 5G global unique temporary identifier
  • ngKSI next generation key set indicator
  • the request may also include NAS security capabilities, and the request may be protected with a NAS key Key NASint -
  • relay UE 504 may transmit a NAS relay authorization request to target node 506.
  • target node 506 may check whether relay UE 504 is authorized as a relay. If so, as shown by reference number 532, target node 506 may transmit a UE context transfer message to source node 508.
  • source node 508 may transmit a UE context transfer response.
  • the target node 506 and the source node 508 may be the same entity.
  • a UE may have security context information (e.g., valid security context upon registration) at the core network. If remote UE 502 has not registered with the network, remote UE 502 may not have any valid security context. In this case, remote UE 502 may perform primary authentication to establish a security key for PC5 communication. However, remote UE 502 may have to perform primary authentication each time remote UE 502 uses the U2N relay service over the PC5 connection. This incurs extra signaling overhead. Instead of performing primary authentication when remote UE 502 is already registered with the network and has a valid security context, remote UE 502 may use the existing security context for the U2N relay service over the PC5.
  • security context information e.g., valid security context upon registration
  • the remote UE may use the 5G-GUTI as an identity of the UE to identify the security context, which may include locating the network entity in the network that holds the security context of the remote UE and the identity of the security context.
  • Remote UE 502 may protect content using the K NASint , which is derived from the existing security context.
  • target node 506 may check a security context of remote UE 502 or UDM 512 to determine if remote UE 502 is able to use relay UE 504.
  • Target node 506 may derive a PC5 root key K reiay from a key shared between remote UE 502 and a source node 508, referred to as KAMF.
  • the shared KAMF may be shared with remote UE 502 during an initial registration, during (idle or connected mode) mobility, and/or during reauthentication.
  • target node 506 may transmit a NAS relay authorization response that includes K reiay , an identity (ID) of K reiay (K reiay ID), and a remote UE ID.
  • the NAS relay authorization response may also include flags indicating whether KAMF changed or if there is a new ngKSI.
  • relay UE 504 may take the K reiay and transmit a direct security mode command that includes the K reiay ID and any change flags.
  • remote UE 502 may derive a new KAMF, derive K reiay from K reiay ID, and/or check integrity protection of Direct Security Mode Command (DSMC) with keys derived from K reiay .
  • remote UE 502 may transmit a direct security mode complete message.
  • relay UE 504 may transmit a direct communication accept message.
  • the security context is transferred from the source node to the target node, and this transfer involves more signaling procedures, such as NAS security mode command (SMC) procedures and 5G-GUTI reallocation.
  • SMC NAS security mode command
  • 5G-GUTI reallocation For example, if the 5G-GUTI is used to locate the remote UE security context information, and if security context information is relocated from the source node to the target node, the 5G-GUTI also has to be reallocated by the target node, and the target node has to indicate the new 5G-GUTI to remote UE 502 via relay UE 504 so that the security context information of remote UE 502 is identified by Target node.
  • This extra signaling overhead consumes time, processing resources, and signaling resources.
  • relay UE 504 may continue to have access to remote UE 502 communications after remote UE 502 is no longer selecting to use relay UE 504.
  • Fig. 5 is provided as an example. Other examples may differ from what is described with regard to Fig. 5.
  • Fig. 6 is a diagram illustrating an example 600 of setting up PC5 link security using a NAS security context, in accordance with the present disclosure.
  • Example 600 shows a signal diagram for signaling by a remote UE 602 (e.g., a UE 120 depicted in Figs. 1-2), a relay UE 604 (e.g., a UE 120), a target node 606 (e.g., a network node 130 depicted in Figs. 1-2) and a source node 608 (e.g., a network node 130).
  • a remote UE 602 e.g., a UE 120 depicted in Figs. 1-2
  • a relay UE 604 e.g., a UE 120
  • target node 606 e.g., a network node 130 depicted in Figs. 1-2
  • a source node 608 e.g., a network node 130.
  • source node 608 may derive a key (e.g., K reiay ) with information to secure a relay session key K reiay-sess for protecting communications between remote UE 602 and relay UE 604.
  • a key e.g., K reiay
  • remote UE 602 and source node 608 may use freshness parameters, such as a random number or a count of NAS procedures (e.g., downlink NAS count, uplink NAS count) as part of verification to prevent message replay attacks.
  • the freshness parameters may also be used for K reiay and K reiay-sess derivation to prevent key reuse attacks.
  • a nonce may be a number (e.g., random number, pseudo-random number, timestamp) that is used to protect private communications by preventing replay attacks.
  • Remote UE 602 may have a first nonce and relay UE 604 may have a second nonce, and the first nonce and the second nonce may be used as freshness parameters to derive K reiay-sess .
  • communications by remote UE 602 and relay UE 604 may be secure, while conserving time, processing resources, and signaling resources by avoiding the overhead of additional NAS procedures.
  • remote UE 602 and relay UE 604 may establish and share a key between them, K reiay - sess -
  • remote UE 602 may have registered with the 5G core network and thus have a security context at the 5G core network.
  • An issue is how to use this security context to establish the K reiay-sess .
  • the existing security context at the source node for remote UE 602 may be leveraged by using an node key K n0de shared between remote UE 602 and source node 608.
  • the K reiay-sess for the PC5 interface between remote UE 602 and relay UE 604 is to be derived based at least in part on the K n0de that is normally established between remote UE 602 and source node 608 as part of setting up the security context during an initial registration, mobility event, or reauthentication for remote UE 602.
  • the security context is used for the PC5 interface without requiring the usual high-overhead NAS procedures that would normally take place between remote UE 602 and source node 608.
  • remote UE 602 may provide information to the network (e.g., source node 608) that is used to derive the K reiay-sess that is shared between the remote UE and the relay UE.
  • the K reiay-sess may be derived based at least in part on a K reiay that is used to provide message security between remote UE 602 and relay UE 604.
  • Source node 608 may derive the K reiay based at least in part on not only the K n0de , but also a key access type and a freshness parameter.
  • the freshness parameter may be a random number, an uplink NAS count, a downlink NAS count, or any combination thereof.
  • the freshness parameter may help to keep the K reiay fresh so as to prevent the K reiay from unauthorized reuse by relay UE 604 after remote UE 602 is no longer using relay UE 604.
  • the K reiay and the K reiay-sess may help to maintain message security between remote UE 602 and relay UE 604.
  • remote UE 602 may transmit authentication information in a NAS container.
  • the NAS container may include information elements for passing information, such as the authentication information, through to source node 608.
  • the authentication information may include an ngKSI, an uplink NAS count, a key access type, and/or a NAS message authentication code (NAS-MAC).
  • remote UE 602 may transmit a first message that includes the authentication information, an identity of remote UE 602 (e.g., 5G-GUTI), and a first freshness parameter (e.g., random number, uplink NAS count, downlink NAS count).
  • Remote UE 602 may transmit a first nonce, which may serve as the freshness parameter.
  • Relay UE 604 may keep track of the first nonce and forward on the other information.
  • Remote UE 602 may contribute the first nonce to derivation of the K rei y -sess and relay UE 604 may contribute a second nonce to the K reiay- sess - In this way, both remote UE 602 and relay UE 604 are able to contribute to the randomness of the Krel ay -sess ⁇
  • relay UE 604 forwards the first message to target node 606.
  • target node 606 forwards information from the first message to source node 608. This may include the identity of remote UE 602 and the authentication information. This may also include the freshness parameter. The identity of remote UE 602, the authentication information, and/or the freshness parameter may be transmitted from target node 606 to source node 608 as (relay) key request information. In some aspects, target node 606 may select the source node based at least in part on a global unique node ID.
  • source node 608 may locate the security context information for remote UE 602 based at least in part on the identity of remote UE 602 (e.g., 5G-GUTI) and verify the authentication information that is received.
  • the authentication information may be received as information elements of a NAS container, which has a NAS container ID.
  • the NAS-MAC in the authentication information or other parameters in the NAS container ID may be used to verify that the authentication information.
  • source node 608 may derive the K reiay from the K node and a freshness parameter from remote UE 602.
  • the freshness parameter may be what helps K r ei ay to be more secure when it comes to derivation of the K reiay-se ss from the K reiay .
  • Source node 608 may also use other authentication information or NAS container information, such as a key access type, to derive the K reiay .
  • source node 608 may transmit the K reiay and a K reiay ID.
  • Source node 608 may also transmit a second freshness parameter, such as another random number or a downlink NAS count, if source node 608 receives a freshness parameter that is not an uplink NAS count.
  • source node 608 may transmit eight least significant bits of the downlink NAS count.
  • target node 606 may forward information to relay UE 604.
  • Relay UE 604 may receive the K reiay , the K reiay ID, the identity of remote UE 602, and an optional second freshness parameter from source node 608. Relay 604 may keep the K reiay , and forward on the K reiay ID and the optional second freshness parameter. Relay UE 604 may derive the K reiay-sess based at least in part on the first nonce, the second nonce, the first freshness parameter, and optionally the second freshness parameter.
  • relay UE 604 may have confidence that the message is from the true remote UE 602, because the K reiay-sess is derived, in part, with the first nonce from remote UE 602.
  • the K reiay as derived with the freshness parameter(s), helps to prevent key reuse attacks and replay attacks.
  • relay UE 604 transmit a second message to remote UE 602 that includes the second nonce of relay UE 604, the K reiay ID, and the optional second freshness parameter from source node 608.
  • remote UE 602 may derive the K reiay using the K reiay ID, from the K n0de , a key access type, and the freshness parameter of remote UE 602.
  • remote UE 602 may then derive K reiay-sess from K reiay , the first nonce and the second nonce.
  • remote UE 602 may verify that the second message is from relay UE 604 based at least in part on the K reiay-sess . As shown by reference number 634, remote UE 602 may then transmit a third message with data or uplink control information to the network, where the third message is protected (e.g., encrypted, integrity protected) based at least in part on the K reiay- sess . Using the K reiay-sess , relay UE 604 may verify the third message. Remote UE may now use the K reiay-sess to protect messages (e.g., data) that are being transmitted towards the network via relay UE 604. By providing security for a PC5 link using a security context of remote UE 602, without transferring the security context, remote UE 602 and relay UE 604 may better secure messages between them.
  • the third message e.g., encrypted, integrity protected
  • Fig. 6 is provided as an example. Other examples may differ from what is described with regard to Fig. 6.
  • Fig. 7 is a diagram illustrating an example 700 of other details for setting up PC5 link security using a NAS security context, in accordance with the present disclosure.
  • Example 700 shows a signal diagram for signaling by a remote UE 702 (e.g., a UE 120 depicted in Figs. 1-2, remote UE 602 depicted in Fig. 6), a relay UE 604 (e.g., a UE 120, remote UE 604 depicted in Fig. 6), a target node 606 (e.g., a network node 130 depicted in Figs. 1-2) and a source node 608 (e.g., a network node 130, source node 608 depicted in Fig. 6).
  • a remote UE 702 e.g., a UE 120 depicted in Figs. 1-2, remote UE 602 depicted in Fig. 6
  • a relay UE 604 e.g., a
  • the procedure shown in example 600 may be performed with specific types of messages, as shown in example 700.
  • the first message may be a direct communication request.
  • the authentication information and other information may be included in a NAS container.
  • the first nonce may be a freshness parameter.
  • the message from relay UE 704 to target node 706 may be a NAS relay authorization request.
  • the information from target node 706 to source node 708 may be included in a relay key request.
  • the information from source node 708 may be included in a relay key response to target node 706.
  • target node 706 may forward information to relay UE 704 in a NAS relay authorization response.
  • relay UE 704 may transmit a second message as a direct security mode command.
  • remote UE 702 may transmit a direct security mode complete message to relay UE 704, and as shown by reference number 724, relay UE 704 may transit a direct communication accept message to remote 702.
  • the direct messages may be part of a key negotiation procedure.
  • Fig. 7 is provided as an example. Other examples may differ from what is described with regard to Fig. 7.
  • Fig. 8 is a diagram illustrating an example process 800 performed, for example, by a UE, in accordance with the present disclosure.
  • Example process 800 is an example where the UE (e.g., a UE 120 depicted in Figs. 1-2, remote UE 602 depicted in Fig. 6, remote UE 702 depicted in Fig. 7) performs operations associated with setting up PC5 link security using a NAS security context.
  • the UE e.g., a UE 120 depicted in Figs. 1-2, remote UE 602 depicted in Fig. 6, remote UE 702 depicted in Fig. 7 performs operations associated with setting up PC5 link security using a NAS security context.
  • process 800 may include transmitting, to a relay UE, a first message comprising a first nonce, a first freshness parameter, an identity of the UE, and authentication information, where the authentication information is used by a network node (e.g., source node) to authenticate the UE with security context information of the UE that was established during registration of the UE with the network node (block 810).
  • a network node e.g., source node
  • the UE e.g., using transmission component 1004 depicted in Fig.
  • a relay UE may transmit, to a relay UE, a first message comprising a first nonce, a first freshness parameter, an identity of the UE, and authentication information, where the authentication information is used by a network node to authenticate the UE with security context information of the UE that was established during registration of the UE with the network node, as described above.
  • process 800 may include receiving, from the relay UE, a second message comprising a second nonce and a set of key generation parameters (block 820).
  • the UE e.g., using reception component 1002 depicted in Fig. 10
  • process 800 may include deriving a relay key for security establishment between the UE and the relay UE based at least in part on the first freshness parameter, the set of key generation parameters, and a shared key with the network node (block 830).
  • the UE e.g., using security component 1008 depicted in Fig.
  • 10) may derive a relay key for security establishment between the UE and the relay UE based at least in part on the first freshness parameter, the set of key generation parameters, and a shared key with the network node, as described above.
  • process 800 may include deriving a relay session key for security establishment between the UE and the relay UE based at least in part on the relay key, the first nonce, and the second nonce (block 840).
  • the UE e.g., using security component 1008 depicted in Fig. 10
  • process 800 may include verifying the second message based at least in part on the relay session key (block 850).
  • the UE e.g., using security component 1008 depicted in Fig. 10
  • process 800 may include transmitting a third message, to the relay UE, that is protected based at least in part on the relay session key (block 860).
  • the UE e.g., using transmission component 1004 depicted in Fig.
  • 10) may transmit a third message, to the relay UE, that is protected based at least in part on the relay session key, as described above.
  • Process 800 may include additional aspects, such as any single aspect or any combination of aspects described below and/or in connection with one or more other processes described elsewhere herein.
  • the set of key generation parameters comprises a relay key identifier, a second freshness parameter, or a combination thereof.
  • the set of key generation parameters is generated by the network node.
  • the second message is encrypted, integrity protected, or both.
  • the first nonce is the first freshness parameter.
  • the first freshness parameter comprises an uplink NAS count or a random number.
  • the identity of the UE is indicated by a 5G-GUTI.
  • the authentication information is included as information elements of a NAS container.
  • the authentication information comprises one or more of a next generation key set identifier, uplink NAS count, key access type, or NAS message authentication code.
  • deriving the relay session key comprises deriving the relay session key further based at least in part on one or more of the first freshness parameter or a second freshness parameter from the network node.
  • process 800 may include additional blocks, fewer blocks, different blocks, or differently arranged blocks than those depicted in Fig. 8. Additionally, or alternatively, two or more of the blocks of process 800 may be performed in parallel.
  • Fig. 9 is a diagram illustrating an example process 900 performed, for example, by a network node, in accordance with the present disclosure.
  • Example process 900 is an example where the network node (e.g., a network node 130 depicted in Figs. 1-2, source node 608 depicted in Fig. 6, source node 708 depicted in Fig. 7) performs operations associated with setting up PC5 link security using a NAS security context.
  • the network node e.g., a network node 130 depicted in Figs. 1-2, source node 608 depicted in Fig. 6, source node 708 depicted in Fig.
  • process 900 may include receiving, from a remote UE via a relay UE, a first freshness parameter, an identity of the remote UE, and authentication information, where the authentication information is used by the network node to authenticate the remote UE based at least in part on security context information of the remote UE (block 910).
  • the network node e.g., using reception component 1102 depicted in Fig. 11
  • the security context information is identified by the identity of the remote UE.
  • receiving the first freshness parameter, the identity of the remote UE, and the authentication information may include receiving the first freshness parameter, the identity of the remote UE, and the authentication information from as (relay) key request information from another network node (e.g., target node).
  • the target node may have received the first freshness parameter, the identity of the remote UE, and the authentication information from the relay UE.
  • process 900 may include verifying the authentication information based at least in part on the security context information of the remote UE and a shared key with the remote UE (block 920).
  • the network node e.g., using security component 1108 depicted in Fig. 11
  • process 900 may include deriving a relay key for security establishment between the remote UE and the network node based at least in part on the first freshness parameter and the shared key with the remote UE (block 930).
  • the network node e.g., using security component 1108 depicted in Fig. 11
  • process 900 may include transmitting an identity of the relay key to the remote UE via the relay UE (block 940).
  • the network node e.g., using transmission component 1104 depicted in Fig. 11
  • Process 900 may include additional aspects, such as any single aspect or any combination of aspects described below and/or in connection with one or more other processes described elsewhere herein.
  • deriving the relay key includes deriving the relay key further based at least in part on a key access type indicated in the authentication information from the remote UE.
  • receiving the authentication information includes receiving the authentication information as information elements of a NAS container.
  • verifying the authentication information includes verifying one or more of a next generation key set identifier, an uplink NAS count, a key access type, or a NAS-MAC with the security context information of the remote UE based at least in part on the identity of the remote UE.
  • the identity of the remote UE is indicated by a 5G-GUTI.
  • process 900 includes transmitting a second freshness parameter based at least in part on whether the first freshness parameter is an uplink NAS count.
  • the second freshness parameter is the uplink NAS count, a downlink NAS count, a random number, or a combination thereof.
  • process 900 includes transmitting the relay key to the relay UE.
  • process 900 may include additional blocks, fewer blocks, different blocks, or differently arranged blocks than those depicted in Fig. 9. Additionally, or alternatively, two or more of the blocks of process 900 may be performed in parallel.
  • Fig. 10 is a block diagram of an example apparatus 1000 for wireless communication.
  • the apparatus 1000 may be a UE, or a UE may include the apparatus 1000.
  • the apparatus 1000 includes a reception component 1002 and a transmission component 1004, which may be in communication with one another (for example, via one or more buses and/or one or more other components).
  • the apparatus 1000 may communicate with another apparatus 1006 (such as a UE, a base station, core network node, or another wireless communication device) using the reception component 1002 and the transmission component 1004.
  • the apparatus 1000 may include a security component 1008, among other examples.
  • the apparatus 1000 may be configured to perform one or more operations described herein in connection with Figs. 1-7. Additionally, or alternatively, the apparatus 1000 may be configured to perform one or more processes described herein, such as process 800 of Fig. 8.
  • the apparatus 1000 and/or one or more components shown in Fig. 10 may include one or more components of the UE described above in connection with Fig. 2. Additionally, or alternatively, one or more components shown in Fig. 10 may be implemented within one or more components described above in connection with Fig. 2. Additionally, or alternatively, one or more components of the set of components may be implemented at least in part as software stored in a memory. For example, a component (or a portion of a component) may be implemented as instructions or code stored in a non-transitory computer-readable medium and executable by a controller or a processor to perform the functions or operations of the component.
  • the reception component 1002 may receive communications, such as reference signals, control information, data communications, or a combination thereof, from the apparatus 1006.
  • the reception component 1002 may provide received communications to one or more other components of the apparatus 1000.
  • the reception component 1002 may perform signal processing on the received communications (such as filtering, amplification, demodulation, analog-to-digital conversion, demultiplexing, deinterleaving, de-mapping, equalization, interference cancellation, or decoding, among other examples), and may provide the processed signals to the one or more other components of the apparatus 1006.
  • the reception component 1002 may include one or more antennas, a demodulator, a MIMO detector, a receive processor, a controller/processor, a memory, or a combination thereof, of the UE described above in connection with Fig. 2.
  • the transmission component 1004 may transmit communications, such as reference signals, control information, data communications, or a combination thereof, to the apparatus 1006.
  • one or more other components of the apparatus 1006 may generate communications and may provide the generated communications to the transmission component 1004 for transmission to the apparatus 1006.
  • the transmission component 1004 may perform signal processing on the generated communications (such as filtering, amplification, modulation, digital-to-analog conversion, multiplexing, interleaving, mapping, or encoding, among other examples), and may transmit the processed signals to the apparatus 1006.
  • the transmission component 1004 may include one or more antennas, a modulator, a transmit MIMO processor, a transmit processor, a controller/processor, a memory, or a combination thereof, of the UE described above in connection with Fig. 2. In some aspects, the transmission component 1004 may be co-located with the reception component 1002 in a transceiver.
  • the transmission component 1004 may transmit, to a relay UE, a first message comprising a first nonce, a first freshness parameter, an identity of the UE, and authentication information, where the authentication information is used by a network node to authenticate the UE with security context information of the UE that was established during registration of the UE with the network node.
  • the reception component 1002 may receive, from the relay UE, a second message comprising a second nonce and a set of key generation parameters.
  • the security component 1008 may derive a relay key for security establishment between the UE and the relay UE based at least in part on the first freshness parameter, the set of key generation parameters, and a shared key with the network node.
  • the security component 1008 may derive a relay session key for security establishment between the UE and the relay UE based at least in part on the relay key, the first nonce, and the second nonce. The security component 1008 may verify the second message based at least in part on the relay session key. The transmission component 1004 may transmit a third message, to the relay UE, that is protected based at least in part on the relay session key.
  • Fig. 10 The number and arrangement of components shown in Fig. 10 are provided as an example. In practice, there may be additional components, fewer components, different components, or differently arranged components than those shown in Fig. 10. Furthermore, two or more components shown in Fig. 10 may be implemented within a single component, or a single component shown in Fig. 10 may be implemented as multiple, distributed components. Additionally, or alternatively, a set of (one or more) components shown in Fig. 10 may perform one or more functions described as being performed by another set of components shown in Fig. 10
  • Fig. 11 is a block diagram of an example apparatus 1100 for wireless communication.
  • the apparatus 1100 may be a network node, or a network node may include the apparatus 1100.
  • the apparatus 1100 includes a reception component 1102 and a transmission component 1104, which may be in communication with one another (for example, via one or more buses and/or one or more other components).
  • the apparatus 1100 may communicate with another apparatus 1106 (such as a UE, a base station, a core network node, or another wireless communication device) using the reception component 1102 and the transmission component 1104.
  • the apparatus 1100 may include a security component 1108, among other examples.
  • the apparatus 1100 may be configured to perform one or more operations described herein in connection with Figs. 1-7. Additionally, or alternatively, the apparatus 1100 may be configured to perform one or more processes described herein, such as process 900 of Fig 9. In some aspects, the apparatus 1100 and/or one or more components shown in Fig. 11 may include one or more components of the network node described above in connection with Fig. 2. Additionally, or alternatively, one or more components shown in Fig.
  • one or more components of the set of components may be implemented at least in part as software stored in a memory.
  • a component (or a portion of a component) may be implemented as instructions or code stored in a non-transitory computer-readable medium and executable by a controller or a processor to perform the functions or operations of the component.
  • the reception component 1102 may receive communications, such as reference signals, control information, data communications, or a combination thereof, from the apparatus 1106.
  • the reception component 1102 may provide received communications to one or more other components of the apparatus 1100.
  • the reception component 1102 may perform signal processing on the received communications (such as fdtering, amplification, demodulation, analog-to-digital conversion, demultiplexing, deinterleaving, de-mapping, equalization, interference cancellation, or decoding, among other examples), and may provide the processed signals to the one or more other components of the apparatus 1106.
  • the reception component 1102 may include one or more antennas, a demodulator, a MIMO detector, a receive processor, a controller/processor, a memory, or a combination thereof, of the network node 130 described above in connection with Fig. 2.
  • the transmission component 1104 may transmit communications, such as reference signals, control information, data communications, or a combination thereof, to the apparatus 1106.
  • one or more other components of the apparatus 1106 may generate communications and may provide the generated communications to the transmission component 1104 for transmission to the apparatus 1106.
  • the transmission component 1104 may perform signal processing on the generated communications (such as filtering, amplification, modulation, digital-to-analog conversion, multiplexing, interleaving, mapping, or encoding, among other examples), and may transmit the processed signals to the apparatus 1106.
  • the transmission component 1104 may include one or more antennas, a modulator, a transmit MIMO processor, a transmit processor, a controller/processor, a memory, or a combination thereof, of the network node described above in connection with Fig. 2. In some aspects, the transmission component 1104 may be co-located with the reception component 1102 in a transceiver.
  • the reception component 1102 may receive, from a remote UE via a relay UE, a first freshness parameter, an identity of the remote UE, and authentication information, where the authentication information is used by the network node to authenticate the remote UE based at least in part on security context information of the remote UE, and where the security context information is identified by the identity of the remote UE.
  • the security component 1108 may verify the authentication information based at least in part on the security context information of the remote UE and a shared key with the remote UE.
  • the security component 1108 may derive a relay key for security establishment between the remote UE and the relay UE based at least in part on the first freshness parameter and the shared key with the remote UE.
  • the transmission component 1104 may transmit an identity of the relay key to the remote UE via the relay UE.
  • the reception component 1102 may receive a message, from the remote UE via the relay UE, that is protected based at least in part on the relay key.
  • the transmission component 1104 may transmit a second freshness parameter based at least in part on whether the first freshness parameter is an uplink NAS count.
  • the transmission component 1104 may transmit the relay key to the relay UE.
  • Fig. 11 The number and arrangement of components shown in Fig. 11 are provided as an example. In practice, there may be additional components, fewer components, different components, or differently arranged components than those shown in Fig. 11. Furthermore, two or more components shown in Fig. 11 may be implemented within a single component, or a single component shown in Fig. 11 may be implemented as multiple, distributed components. Additionally, or alternatively, a set of (one or more) components shown in Fig. 11 may perform one or more functions described as being performed by another set of components shown in Fig. 11
  • the term “component” is intended to be broadly construed as hardware and/or a combination of hardware and software.
  • “Software” shall be construed broadly to mean instructions, instruction sets, code, code segments, program code, programs, subprograms, software modules, applications, software applications, software packages, routines, subroutines, objects, executables, threads of execution, procedures, and/or functions, among other examples, whether referred to as software, firmware, middleware, microcode, hardware description language, or otherwise.
  • a processor is implemented in hardware and/or a combination of hardware and software. It will be apparent that systems and/or methods described herein may be implemented in different forms of hardware and/or a combination of hardware and software.
  • a method of wireless communication performed by a user equipment comprising: transmitting, to a relay UE, a first message comprising a first nonce, a first freshness parameter, an identity of the UE, and authentication information, wherein the authentication information is used by a network node to authenticate the UE with security context information of the UE that was established during registration of the UE with the network node; receiving, from the relay UE, a second message comprising a second nonce and a set of key generation parameters; deriving a relay key for security establishment between the UE and the relay UE based at least in part on the first freshness parameter, the set of key generation parameters, and a shared key with the network node; deriving a relay session key for security establishment between the UE and the relay UE based at least in part on the relay key, the first nonce, and the second nonce; verifying the second message based at least in part on the relay session key; and transmitting a third message, to the
  • Aspect 2 The method of Aspect 1, wherein the set of key generation parameters comprises a relay key identifier, a second freshness parameter, or a combination thereof.
  • Aspect 3 The method of Aspect 1 or 2, wherein the set of key generation parameters is generated by the network node.
  • Aspect 4 The method of any of Aspects 1-3, wherein the second message is encrypted, integrity protected, or both.
  • Aspect 5 The method of any of Aspects 1-4, wherein the first nonce is the first freshness parameter.
  • Aspect 6 The method of any of Aspects 1-4, wherein the first freshness parameter comprises an uplink non-access stratum count or a random number.
  • Aspect 7 The method of any of Aspects 1-6, wherein the identity of the UE is indicated by a 5G global unique temporary identifier.
  • Aspect 8 The method of any of Aspects 1-7, wherein the authentication information is included as information elements of a non-access stratum container.
  • Aspect 9 The method of any of Aspects 1-8, wherein the authentication information comprises one or more of a next generation key set identifier, uplink non-access stratum (NAS) count, key access type, or NAS message authentication code.
  • the authentication information comprises one or more of a next generation key set identifier, uplink non-access stratum (NAS) count, key access type, or NAS message authentication code.
  • NAS uplink non-access stratum
  • Aspect 10 The method of any of Aspects 1-9, wherein deriving the relay session key comprises deriving the relay session key further based at least in part on one or more of the first freshness parameter or a second freshness parameter from the network node.
  • a method of wireless communication performed by a network node comprising: receiving, from a remote user equipment (UE) via a relay UE, a first freshness parameter, an identity of the remote UE, and authentication information, wherein the authentication information is used by the network node to authenticate the remote UE based at least in part on security context information of the remote UE, and wherein the security context information is identified by the identity of the remote UE; verifying the authentication information based at least in part on the security context information of the remote UE and a shared key with the remote UE; deriving a relay key for security establishment between the remote UE and the relay UE based at least in part on the first freshness parameter and the shared key with the remote UE; transmitting an identity of the relay key to the remote UE via the relay UE; and receiving a message, from the remote UE via the relay UE, that is protected based at least in part on the relay key.
  • UE remote user equipment
  • Aspect 12 The method of Aspect 11, wherein deriving the relay key includes deriving the relay key further based at least in part on a key access type indicated in the authentication information from the remote UE.
  • Aspect 13 The method of Aspect 11 or 12, wherein receiving the authentication information includes receiving the authentication information as information elements of a non- access stratum container.
  • Aspect 14 The method of any of Aspects 11-13, wherein verifying the authentication information includes verifying one or more of a next generation key set identifier, an uplink non-access stratum (NAS) count, a key access type, or a NAS message authentication code with the security context information of the remote UE based at least in part on the identity of the remote UE.
  • verifying the authentication information includes verifying one or more of a next generation key set identifier, an uplink non-access stratum (NAS) count, a key access type, or a NAS message authentication code with the security context information of the remote UE based at least in part on the identity of the remote UE.
  • NAS uplink non-access stratum
  • Aspect 15 The method of any of Aspects 11-14, wherein the identity of the remote UE is indicated by a 5G global unique temporary identifier.
  • Aspect 16 The method of any of Aspects 11-15, further comprising transmitting a second freshness parameter based at least in part on whether the first freshness parameter is an uplink non-access stratum (NAS) count.
  • NAS uplink non-access stratum
  • Aspect 17 The method of Aspect 16, wherein the second freshness parameter is the uplink NAS count, a downlink NAS count, a random number, or a combination thereof.
  • Aspect 18 The method of any of Aspects 11-17, further comprising transmitting the relay key to the relay UE.
  • Aspect 19 An apparatus for wireless communication at a device, comprising a processor; memory coupled with the processor; and instructions stored in the memory and executable by the processor to cause the apparatus to perform the method of one or more Aspects of Aspects 1-18.
  • Aspect 20 A device for wireless communication, comprising a memory and one or more processors coupled to the memory, the memory and the one or more processors configured to perform the method of one or more Aspects of Aspects 1-18.
  • Aspect 21 An apparatus for wireless communication, comprising at least one means for performing the method of one or more Aspects of Aspects 1-18.
  • Aspect 22 A non-transitory computer-readable medium storing code for wireless communication, the code comprising instructions executable by a processor to perform the method of one or more Aspects of Aspects 1-18.
  • Aspect 23 A non-transitory computer-readable medium storing a set of instructions for wireless communication, the set of instructions comprising one or more instructions that, when executed by one or more processors of a device, cause the device to perform the method of one or more Aspects of Aspects 1-18.
  • satisfying a threshold may, depending on the context, refer to a value being greater than the threshold, greater than or equal to the threshold, less than the threshold, less than or equal to the threshold, equal to the threshold, not equal to the threshold, or the like.
  • satisfying a threshold may, depending on the context, refer to a value being greater than the threshold, greater than or equal to the threshold, less than the threshold, less than or equal to the threshold, equal to the threshold, not equal to the threshold, or the like.
  • a phrase referring to “at least one of’ a list of items refers to any combination of those items, including single members.
  • “at least one of: a, b, or c” is intended to cover a, b, c, a-b, a-c, b-c, and a-b-c, as well as any combination with multiples of the same element (e.g., a-a, a-a-a, a-a-b, a-a-c, a-b-b, a-c-c, b-b, b-b-b, b-b-c, c-c, and c-c-c or any other ordering of a, b, and c).
  • the terms “has,” “have,” “having,” or the like are intended to be open-ended terms. Further, the phrase “based on” is intended to mean “based, at least in part, on” unless explicitly stated otherwise. Also, as used herein, the term “or” is intended to be inclusive when used in a series and may be used interchangeably with “and/or,” unless explicitly stated otherwise (e.g., if used in combination with “either” or “only one of’).

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Divers aspects de la présente divulgation portent d'une manière générale sur la communication sans fil. Selon certains aspects, un équipement utilisateur (UE) peut transmettre, à un UE relais, un premier message comprenant un premier paramètre d'ancienneté, une identité de l'UE, et des informations d'authentification, les informations d'authentification étant utilisées par un nœud de réseau pour authentifier l'UE avec des informations de contexte de sécurité de l'UE. L'UE peut déduire une clé de relais pour l'établissement de sécurité entre l'UE et l'UE relais sur la base du premier paramètre d'ancienneté, d'un ensemble de paramètres de génération de clés et d'une clé partagée avec le nœud de réseau. L'UE peut déduire une clé de session de relais pour un établissement de sécurité entre l'UE et l'UE relais sur la base de la clé de relais, d'un premier nonce de l'UE et d'un second nonce de l'UE relais. De nombreux autres aspects sont décrits.
PCT/US2022/070260 2021-02-22 2022-01-20 Établissement de sécurité d'une liaison pc5 à l'aide d'un contexte de sécurité d'une strate de non-accès WO2022178472A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
EP22703870.0A EP4295604A1 (fr) 2021-02-22 2022-01-20 Établissement de sécurité d'une liaison pc5 à l'aide d'un contexte de sécurité d'une strate de non-accès
CN202280015054.8A CN116965073A (zh) 2021-02-22 2022-01-20 使用非接入层安全性上下文的pc5链路安全性建立

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US202163152229P 2021-02-22 2021-02-22
US63/152,229 2021-02-22
US17/648,349 US12058520B2 (en) 2021-02-22 2022-01-19 PC5 link security setup using non-access stratum security context
US17/648,349 2022-01-19

Publications (1)

Publication Number Publication Date
WO2022178472A1 true WO2022178472A1 (fr) 2022-08-25

Family

ID=80447230

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2022/070260 WO2022178472A1 (fr) 2021-02-22 2022-01-20 Établissement de sécurité d'une liaison pc5 à l'aide d'un contexte de sécurité d'une strate de non-accès

Country Status (2)

Country Link
EP (1) EP4295604A1 (fr)
WO (1) WO2022178472A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117221884A (zh) * 2023-11-08 2023-12-12 深圳简谱技术有限公司 基站系统信息管理方法及系统

Non-Patent Citations (7)

* Cited by examiner, † Cited by third party
Title
"3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; Security Aspects of Proximity based Services (ProSe) in the 5G System (5GS) (Release 17)", 26 November 2021 (2021-11-26), XP052081781, Retrieved from the Internet <URL:https://ftp.3gpp.org/tsg_sa/WG3_Security/TSGS3_105e/Docs/S3-214511.zip S3-214511 Draft TS 33.503 v0.2.0-cl.docx> [retrieved on 20211126] *
"3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; Study on security aspects of enhancement for proximity based services in the 5G System (5GS) (Release 17)", vol. SA WG3, no. V0.4.0, 8 February 2021 (2021-02-08), pages 1 - 106, XP051999407, Retrieved from the Internet <URL:https://ftp.3gpp.org/Specs/archive/33_series/33.847/33847-040.zip 33847-040.docx> [retrieved on 20210208] *
INTERDIGITAL: "TR 33.847 - cumulative changes", vol. SA WG3, no. e-meeting; 20210927 - 20210930, 17 September 2021 (2021-09-17), XP052060137, Retrieved from the Internet <URL:https://ftp.3gpp.org/tsg_sa/WG3_Security/TSGS3_104-e_ad_hoc/Docs/S3-213303.zip S3-213303 - TR 33.847 - cumulative changes.docx> [retrieved on 20210917] *
INTERDIGITAL: "TR 33.847 Update for solution #10", vol. SA WG3, no. e-meeting; 20210517 - 20210528, 21 May 2021 (2021-05-21), XP052013380, Retrieved from the Internet <URL:https://ftp.3gpp.org/tsg_sa/WG3_Security/TSGS3_103e/Docs/S3-212129.zip S3-212129.docx> [retrieved on 20210521] *
INTERDIGITAL: "TR 33.847 Update for solution #10", vol. SA WG3, no. e-meeting; 20210816 - 20210827, 20 August 2021 (2021-08-20), XP052063709, Retrieved from the Internet <URL:https://ftp.3gpp.org/tsg_sa/WG3_Security/TSGS3_104e/Docs/S3-213059.zip S3-213059.docx> [retrieved on 20210820] *
SAMSUNG ET AL: "Proposal for U2NW relay authentication, authorization and key management", vol. SA WG3, no. e-meeting; 20211108 - 20211119, 22 November 2021 (2021-11-22), XP052082567, Retrieved from the Internet <URL:https://ftp.3gpp.org/tsg_sa/WG3_Security/TSGS3_105e/Docs/S3-214495.zip S3-214495.doc> [retrieved on 20211122] *
SAMSUNG: "pCR for resolving ENs in solution#1", vol. SA WG3, no. e-meeting; 20210301 - 20210305, 22 February 2021 (2021-02-22), XP051980518, Retrieved from the Internet <URL:https://ftp.3gpp.org/tsg_sa/WG3_Security/SGS3_102Bis-e/Docs/S3-211130.zip S3-211130-[ProSe] Resolving ENs in Sol#1.doc> [retrieved on 20210222] *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117221884A (zh) * 2023-11-08 2023-12-12 深圳简谱技术有限公司 基站系统信息管理方法及系统
CN117221884B (zh) * 2023-11-08 2024-02-23 深圳简谱技术有限公司 基站系统信息管理方法及系统

Also Published As

Publication number Publication date
EP4295604A1 (fr) 2023-12-27

Similar Documents

Publication Publication Date Title
US20220360966A1 (en) Secure link establishment
US11546738B2 (en) Always-on short messages
US12058520B2 (en) PC5 link security setup using non-access stratum security context
EP4295604A1 (fr) Établissement de sécurité d&#39;une liaison pc5 à l&#39;aide d&#39;un contexte de sécurité d&#39;une strate de non-accès
CN116965073A (zh) 使用非接入层安全性上下文的pc5链路安全性建立
CN117813851A (zh) 使用秘密密钥的物理信道加密
EP4424051A1 (fr) Télémétrie sécurisée avec dispositifs passifs
US20220140877A1 (en) Techniques for scheduling of channel state information reference signals and feedback during a random access channel operation
US20230089923A1 (en) Physical uplink channel handling based on channel security
CN114503774B (zh) 两步随机接入信道信令
US11985498B2 (en) Secure sidelink communications
US11463922B2 (en) Multi-subscription measurement reporting
CN114642078B (zh) 用于辅用户设备的随机接入
US20240015504A1 (en) Deriving physical layer keys for sidelink secure sidelink communication
US20220085901A1 (en) Inter distributed unit (inter-du) crosslink interference (cli) measurement and reporting
WO2022052075A1 (fr) Réutilisation d&#39;une paire de faisceaux d&#39;émission-réception après une défaillance de faisceau
WO2023158982A1 (fr) Sécurisation de communications à l&#39;aide de clés de sécurité basées au moins en partie sur des paramètres de couche physique
KR20240127346A (ko) 보안 키를 사용한 사이드링크 비연결형 그룹캐스트 통신 기술
WO2022236326A1 (fr) Établissement de liaison sécurisée
WO2023019039A1 (fr) Sécurité de canal de liaison latérale
EP4038926A1 (fr) Numéro absolu de canal radioélectrique pour la génération de clé de sécurité

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22703870

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: 202280015054.8

Country of ref document: CN

WWE Wipo information: entry into national phase

Ref document number: 2022703870

Country of ref document: EP

NENP Non-entry into the national phase

Ref country code: DE

ENP Entry into the national phase

Ref document number: 2022703870

Country of ref document: EP

Effective date: 20230922