WO2024102847A1 - Authentification et gestion de clé pour rafraîchissement de clé d'application (kaf) d'applications (akma) - Google Patents
Authentification et gestion de clé pour rafraîchissement de clé d'application (kaf) d'applications (akma) Download PDFInfo
- Publication number
- WO2024102847A1 WO2024102847A1 PCT/US2023/079143 US2023079143W WO2024102847A1 WO 2024102847 A1 WO2024102847 A1 WO 2024102847A1 US 2023079143 W US2023079143 W US 2023079143W WO 2024102847 A1 WO2024102847 A1 WO 2024102847A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- key
- identifier
- enhanced
- count value
- key identifier
- Prior art date
Links
- 238000000034 method Methods 0.000 claims abstract description 153
- 238000004891 communication Methods 0.000 claims abstract description 109
- 230000006870 function Effects 0.000 claims description 163
- 230000015654 memory Effects 0.000 claims description 64
- 230000008569 process Effects 0.000 abstract description 45
- 239000002609 medium Substances 0.000 description 53
- 230000004044 response Effects 0.000 description 27
- 238000010586 diagram Methods 0.000 description 23
- 230000005540 biological transmission Effects 0.000 description 22
- 238000012546 transfer Methods 0.000 description 21
- 238000003860 storage Methods 0.000 description 16
- 238000001228 spectrum Methods 0.000 description 15
- 239000000969 carrier Substances 0.000 description 14
- 230000003287 optical effect Effects 0.000 description 12
- 238000012545 processing Methods 0.000 description 11
- 238000007726 management method Methods 0.000 description 10
- 238000005516 engineering process Methods 0.000 description 9
- 230000011664 signaling Effects 0.000 description 9
- 238000013461 design Methods 0.000 description 8
- 230000005291 magnetic effect Effects 0.000 description 8
- 230000003190 augmentative effect Effects 0.000 description 6
- 230000001413 cellular effect Effects 0.000 description 6
- 238000013500 data storage Methods 0.000 description 5
- 238000009795 derivation Methods 0.000 description 5
- 230000008901 benefit Effects 0.000 description 4
- 238000004590 computer program Methods 0.000 description 4
- 230000007246 mechanism Effects 0.000 description 4
- 101100194706 Mus musculus Arhgap32 gene Proteins 0.000 description 3
- 101100194707 Xenopus laevis arhgap32 gene Proteins 0.000 description 3
- 230000002776 aggregation Effects 0.000 description 3
- 238000004220 aggregation Methods 0.000 description 3
- 230000007774 longterm Effects 0.000 description 3
- 238000005259 measurement Methods 0.000 description 3
- 230000009471 action Effects 0.000 description 2
- 238000013473 artificial intelligence Methods 0.000 description 2
- 239000000872 buffer Substances 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 238000006243 chemical reaction Methods 0.000 description 2
- 239000011521 glass Substances 0.000 description 2
- 238000005457 optimization Methods 0.000 description 2
- 239000002245 particle Substances 0.000 description 2
- 230000032258 transport Effects 0.000 description 2
- 239000004606 Fillers/Extenders Substances 0.000 description 1
- 101000741965 Homo sapiens Inactive tyrosine-protein kinase PRAG1 Proteins 0.000 description 1
- 102100038659 Inactive tyrosine-protein kinase PRAG1 Human genes 0.000 description 1
- 241000700159 Rattus Species 0.000 description 1
- 230000006978 adaptation Effects 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 210000001520 comb Anatomy 0.000 description 1
- 230000006835 compression Effects 0.000 description 1
- 238000007906 compression Methods 0.000 description 1
- 239000000470 constituent Substances 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000012937 correction Methods 0.000 description 1
- 125000004122 cyclic group Chemical group 0.000 description 1
- 238000013480 data collection Methods 0.000 description 1
- 238000013523 data management Methods 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000009826 distribution Methods 0.000 description 1
- 230000009977 dual effect Effects 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 239000011159 matrix material Substances 0.000 description 1
- 239000000203 mixture Substances 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 230000001537 neural effect Effects 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 239000005022 packaging material Substances 0.000 description 1
- 238000004806 packaging method and process Methods 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000000644 propagated effect Effects 0.000 description 1
- 230000001902 propagating effect Effects 0.000 description 1
- 230000009131 signaling function Effects 0.000 description 1
- 239000004984 smart glass Substances 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000000638 solvent extraction Methods 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
- 238000012549 training Methods 0.000 description 1
- 239000006163 transport media Substances 0.000 description 1
- 238000012384 transportation and delivery Methods 0.000 description 1
- 239000013598 vector Substances 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/041—Key generation or derivation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/10—Integrity
- H04W12/108—Source integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/60—Context-dependent security
- H04W12/69—Identity-dependent
- H04W12/75—Temporary identity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/168—Implementing security features at a particular protocol layer above the transport layer
Definitions
- the present disclosure generally relates to wireless communications.
- aspects of the present disclosure relate to systems and techniques for providing enhanced privacy by refreshing authentication and key management for applications (AKMA) application keys (KAF).
- AKMA authentication and key management for applications
- KAF application keys
- Wireless communications systems are deployed to provide various telecommunications and data services, including telephony, video, data, messaging, and broadcasts.
- Broadband wireless communications systems have developed through various generations, including a first- generation analog wireless phone service (1G), a second-generation (2G) digital wireless phone service (including interim 2.5G networks), a third-generation (3G) high speed data, Internet- capable wireless device, and a fourth-generation (4G) service (e.g., Long-Term Evolution (LTE), WiMax).
- Examples of wireless communications systems include code division multiple access (CDMA) systems, time division multiple access (TDMA) systems, frequency division multiple access (FDMA) systems, orthogonal frequency division multiple access (OFDMA) systems, Global System for Mobile communication (GSM) systems, etc.
- Other wireless communications technologies include 802.11 Wi-Fi, Bluetooth, among others.
- a fifth-generation (5G) mobile standard calls for higher data transfer speeds, greater number of connections, and better coverage, among other improvements.
- the 5G standard also referred to as “New Radio” or “NR”), according to Next Generation Mobile Networks Alliance, is designed to provide data rates of several tens of megabits per second to each of tens of thousands of users, with 1 gigabit per second to tens of workers on an office floor. Several hundreds of thousands of simultaneous connections should be supported in order to support large sensor deployments.
- AKMA authentication for a wireless device may provide an application key KAF that may be used by applications that interact with the network.
- KAF remains fixed until a new primary authentication has been run. It may be useful to obtain a new KAF more often than provided for by primary authentication.
- an apparatus for wireless communications includes at least one memory and at least one processor (e.g., implemented in circuitry) coupled to the at least one memory.
- the at least one processor is configured to: generate an anchor key based on a key from an authentication server function; associate a count value with the anchor key; generate an enhanced key identifier based on the count value; and transmit the enhanced key identifier to a remote application.
- an apparatus for wireless communications comprising: at least one memory comprising instructions; and at least one processor coupled to the at least one memory and configured to: receive an anchor key and key identifier associated with a user device from an authentication server function; receive a first request for an application key from a remote application, the first request including a first key identifier; determine that the first key identifier is a first enhanced key identifier, wherein the first enhanced key identifier includes a count value; generate a first enhanced application key based on the count value associated with the first enhanced key identifier; and transmit the first enhanced application key and an indication that the user device is using an enhanced key identifier to the remote application.
- an apparatus for wireless communications comprising: at least one memory comprising instructions; and at least one processor coupled to the at least one memory and configured to: receive a first key identifier from a user device; transmit the first key identifier to an authentication server function; receive, from the authentication server function, a first enhanced application key and an indication that the user device is using an enhanced key identifier; transmit, to the user device, a response, the response including a request for an updated key identifier; receiving a second key identifier from the user device; transmit the second key identifier to an authentication server function; receive, from the authentication server function, a second enhanced application key; and communicate with the user device based on the second enhanced application key.
- a method for wireless communications comprising: generating an anchor key based on a key from an authentication server function; associating a count value with the anchor key; generating an enhanced key identifier based on the count value; and transmitting the enhanced key identifier to a remote application.
- a method for wireless communications comprising: receiving an anchor key and key identifier associated with a user device from an authentication server function; receiving a first request for an application key from a remote application, the first request including a first key identifier; determining that the first key identifier is a first enhanced key identifier, wherein the first enhanced key identifier includes a count value; generating a first enhanced application key based on the count value associated with the first enhanced key identifier; and transmitting the first enhanced application key and an indication that the user device is using an enhanced key identifier to the remote application.
- a method for wireless communications comprising: receiving a first key identifier from a user device; transmitting the first key identifier to an authentication server function; receiving, from the authentication server function, a first enhanced application key and an indication that the user device is using an enhanced key identifier; transmitting, to the user device, a response, the response including a request for an updated key identifier; receiving a second key identifier from the user device; transmitting the second key identifier to an authentication server function; receiving, from the authentication server function, a second enhanced application key; and communicating with the user device based on the second enhanced application key.
- a non-transitory computer-readable medium having stored thereon instructions that, when executed by at least one processor, cause the at least one processor to: generate an anchor key based on a key from an authentication server function; associate a count value with the anchor key; generate an enhanced key identifier based on the count value; and transmit the enhanced key identifier to a remote application.
- a non-transitory computer-readable medium having stored thereon instructions that, when executed by at least one processor, cause the at least one processor to: receive an anchor key and key identifier associated with a user device from an authentication server function; receive a first request for an application key from a remote application, the first request including a first key identifier; determine that the first key identifier is a first enhanced key identifier, wherein the first enhanced key identifier includes a count value; generate a first enhanced application key based on the count value associated with the first enhanced key identifier; and transmit the first enhanced application key and an indication that the user device is using an enhanced key identifier to the remote application.
- a non-transitory computer-readable medium having stored thereon instructions that, when executed by at least one processor, cause the at least one processor to: at least one memory comprising instructions; and at least one processor coupled to the at least one memory and configured to: receive a first key identifier from a user device; transmit the first key identifier to an authentication server function; receive, from the authentication server function, a first enhanced application key and an indication that the user device is using an enhanced key identifier; transmit, to the user device, a response, the response including a request for an updated key identifier; receiving a second key identifier from the user device; transmit the second key identifier to an authentication server function; receive, from the authentication server function, a second enhanced application key; and communicate with the user device based on the second enhanced application key.
- an apparatus for wireless communications comprising: means for generating an anchor key based on a key from an authentication server function; means for associating a count value with the anchor key; means for generating an enhanced key identifier based on the count value; and means for transmitting the enhanced key identifier to a remote application.
- an apparatus for wireless communications comprising: means for receiving an anchor key and key identifier associated with a user device from an authentication server function; means for receiving a first request for an application key from a remote application, the first request including a first key identifier; means for determining that the first key identifier is a first enhanced key identifier, wherein the first enhanced key identifier includes a count value; means for generating a first enhanced application key based on the count value associated with the first enhanced key identifier; and means for transmitting the first enhanced application key and an indication that the user device is using an enhanced key identifier to the remote application
- an apparatus for wireless communications comprising: means for receiving a first key identifier from a user device; means for transmitting the first key identifier to an authentication server function; means for receiving, from the authentication server function, a first enhanced application key and an indication that the user device is using an enhanced key identifier; means for transmitting, to the user device, a response, the response including a request for an updated key identifier; means for receiving a second key identifier from the user device; means for transmitting the second key identifier to an authentication server function; means for receiving, from the authentication server function, a second enhanced application key; and means for communicating with the user device based on the second enhanced application key.
- an apparatus for wireless communications includes at least one memory comprising instructions; and at least one processor coupled to the at least one memory.
- the at least one process may: generate an anchor key based on an authentication server function key; associate a count value with the anchor key; generate a temporary device identifier based on the authentication server function key; generate an enhanced key identifier based on the count value, wherein the enhanced key identifier includes a portion of the temporary device identifier, wherein the portion of the temporary device identifier is less in size than an entire temporary device identifier; and transmit the enhanced key identifier to a remote application.
- method for wireless communications includes generating an anchor key based on an authentication server function key; associating a count value with the anchor key; generating a temporary device identifier based on the authentication server function key; generating an enhanced key identifier based on the count value, wherein the enhanced key identifier includes a portion of the temporary device identifier, wherein the portion of the temporary device identifier is less in size than an entire temporary device identifier; and transmitting the enhanced key identifier to a remote application.
- a non-transitory computer-readable medium has stored thereon instructions that, when executed by at least one processor, cause the at least one processor to: generate an anchor key based on an authentication server function key; associate a count value with the anchor key; generate a temporary device identifier based on the authentication server function key; generate an enhanced key identifier based on the count value, wherein the enhanced key identifier includes a portion of the temporary device identifier, wherein the portion of the temporary device identifier is less in size than an entire temporary device identifier; and transmit the enhanced key identifier to a remote application.
- an apparatus for wireless communications includes means for generating an anchor key based on an authentication server function key; means for associating a count value with the anchor key; means for generating a temporary device identifier based on the authentication server function key; means for generating an enhanced key identifier based on the count value, wherein the enhanced key identifier includes a portion of the temporary device identifier, wherein the portion of the temporary device identifier is less in size than an entire temporary device identifier; and means for transmitting the enhanced key identifier to a remote application.
- one or more of the apparatuses described herein is, is a part of, or includes a mobile device (e.g., a mobile telephone or so-called “smart phone”, a tablet computer, or other type of mobile device), a wearable device, an extended reality device (e.g., a virtual reality (VR) device, an augmented reality (AR) device, or a mixed reality (MR) device), a personal computer, a laptop computer, a video server, a television (e.g., a network-connected television), a vehicle (or a computing device or system of a vehicle), or other device.
- the apparatus includes at least one camera for capturing one or more images or video frames.
- the apparatus can include a camera (e.g., an RGB camera) or multiple cameras for capturing one or more images and/or one or more videos including video frames.
- the apparatus includes a display for displaying one or more images, videos, notifications, or other displayable data.
- the apparatus includes a transmitter configured to transmit one or more video frame and/or syntax data over a transmission medium to at least one device.
- the processor includes a neural processing unit (NPU), a central processing unit (CPU), a graphics processing unit (GPU), or other processing device or component.
- aspects are described in the present disclosure by illustration to some examples, those skilled in the art will understand that such aspects may be implemented in many different arrangements and scenarios.
- Techniques described herein may be implemented using different platform types, devices, systems, shapes, sizes, and/or packaging arrangements.
- some aspects may be implemented via integrated chip embodiments or other non-modulecomponent based devices (e.g., end-user devices, vehicles, communication devices, computing devices, industrial equipment, retail/purchasing devices, medical devices, and/or artificial intelligence devices).
- Aspects may be implemented in chip-level components, modular components, non-modular components, non-chip-level components, device-level components, and/or system-level components.
- Devices incorporating described aspects and features may include additional components and features for implementation and practice of claimed and described aspects.
- transmission and reception of wireless signals may include one or more components for analog and digital purposes (e.g., hardware components including antennas, radio frequency (RF) chains, power amplifiers, modulators, buffers, processors, interleavers, adders, and/or summers).
- RF radio frequency
- aspects described herein may be practiced in a wide variety of devices, components, systems, distributed arrangements, and/or end-user devices of varying size, shape, and constitution.
- FIG. 1 is a block diagram illustrating an example of a wireless communication network, in accordance with some examples
- FIG. 2 is a diagram illustrating a design of a base station and a User Equipment (UE) device that enable transmission and processing of signals exchanged between the UE and the base station, in accordance with some examples;
- UE User Equipment
- FIG. 3 is a diagram illustrating an example of a disaggregated base station, in accordance with some examples
- FIG. 4 is a block diagram illustrating components of a user equipment, in accordance with some examples.
- FIGs. 5A-5D depict various example aspects of data structures for a wireless communication network, in accordance with some examples
- FIG. 6 illustrates an example primary authentication and key derivation procedure, in accordance with aspects of the present disclosure
- FIG. 7 illustrates an example procedure for obtaining a KAF based on an AKMA key identifier (A-KID), in accordance with aspects of the present disclosure
- FIG. 8 is a flow diagram of a process for AKMA application key refresh, in accordance with aspects of the present disclosure
- FIG. 9 is a flow diagram of a process for AKMA application key refresh, in accordance with aspects of the present disclosure.
- FIG. 10 is a flow diagram of a process for AKMA application key refresh, in accordance with aspects of the present disclosure.
- FIG. 11 is a diagram illustrating an example of a computing system, according to aspects of the disclosure.
- a wireless device such as user equipment (UE) may access an application function (AF) of the wireless network.
- the AF may include services of the wireless network such as a video streaming services, vehicle-to-everything (V2X) services, extended reality (XR) services, network applications, etc.
- a UE may be authenticated with a wireless network through a primary authentication procedure. As a part of the primary authentication process, certain authentication keys may be generated, for example, by a UE and an authentication server function (AUSF) of the wireless network.
- AUSF authentication server function
- An example of an authentication key can be an anchor key (e.g., an authentication and key management for applications (AKMA) anchor key (KAKMA) or other type of anchor key).
- the anchor key e.g., KAKMA or other anchor key
- KAKMA or other anchor key may be a root cryptographic key from which other keys may be derived.
- other keys may be derived from the anchor keys.
- keys that may be derived from the anchor key may include an application key, which may be associated with a key identifier used to identify the application key and/or a temporary device identifier.
- An application key may be a cryptographic key that may be used for communications with an AF.
- An AKMA Application Key is one example of an application key
- an AKMA key identifier (A-KID) (which may be used to identify the KAF)
- an AKMA temporary UE identifier is an example of a temporary device identifier.
- a KAF (as an example of an application key)
- an A-KID (as an example of a key identifier)
- an AKMA temporary UE identifier (as an example of a temporary device identifier)
- the A- KID may include the A-TID and a home network identifier.
- the AUSF may transmit the derived keys to the AF.
- the application key e.g., the KAF
- the application key may then be used between the UE and the AF.
- the application key e.g., the KAF
- the KAF may be a cryptographic key that may be used for communications between the UE and the AF.
- a certain application key e.g., the KAF
- system and techniques are described herein for application key refresh (e.g., AKMA Application Key (KAF) refresh) using an enhanced key identifier (e.g., an enhanced A-KID).
- KAF Application Key
- an application server function may generate an application key refresh (e.g., a KAF refresh), and in some cases, the anchor key (KAKMA) and key identifier (e.g., A-KID) may be enhanced to include a count value. This count value may be used to refresh an enhanced application key (e.g., an enhanced KAF).
- the count value in some cases, may be updated (e.g., incremented) and the application key (e.g., KAF) refreshed.
- the enhanced key identifier e.g., A-KID
- A-TID which identifies the application key (e.g., the KAF)
- A-TID a shortened portion of the temporary device identifier
- an A-TID for a non-enhanced A-KID may be 256 bits long, while the shortened portion of the A-TID may be 128 bits long.
- the count value included in the key identifier may be encrypted.
- the count value may be encrypted based on a first function.
- the encrypted count value may be determined by XORing the count value with the output of a first function.
- the first function may be a key derivation function (KDF) with parameters that may include a key (e g., K enc ) derived from the anchor key (e g., the KAKMA), an identifier of the application function being accessed, and/or a message authentication code (MAC).
- KDF key derivation function
- the MAC may be a relatively short authentication and/or integrity check value/message that helps verify the sender and/or integrity of a message and the MAC may be updated anytime key including the MAC is updated.
- the MAC may be generated based on a second function, which may also be a KDF with a set of parameters.
- the parameters for the second function may include a key (e.g., Kmac) derived from the anchor key (e.g., the KAKMA), the temporary device identifier (e.g., A-TID), and/or an identifier of the application function being accessed.
- the AF may request that the application key (e.g., the KAF) be refreshed as needed, such as at a beginning of a communication session.
- an indication to refresh the key identifier may be received, for example, from a remote application such as the AF.
- the count value of the enhanced application key e.g., the KAF
- the enhanced application key e.g., the enhanced KAF
- the key identifier e.g., A-KID
- the refreshed key identifier (e.g., refreshed A-KID) may be transmitted to the remote application.
- the application key e.g., the KAF
- the application key may be refreshed without having to update the anchor key (e.g., the KAKMA), such as via a primary authentication process.
- Wireless networks are deployed to provide various communication services, such as voice, video, packet data, messaging, broadcast, and the like.
- a wireless network may support both access links for communication between wireless devices.
- An access link may refer to any communication link between a client device (e.g., a user equipment (UE), a station (ST A), or other client device) and a base station (e.g., a 3GPP gNodeB (gNB) for 5G/NR, a 3GPP eNodeB (eNB) for LTE, a Wi-Fi access point (AP), or other base station) or a component of a disaggregated base station (e.g., a central unit, a distributed unit, and/or a radio unit).
- a client device e.g., a user equipment (UE), a station (ST A), or other client device
- a base station e.g., a 3GPP gNodeB (gNB) for 5G/NR, a 3GPP e
- an access link between a UE and a 3GPP gNB may be over a Uu interface.
- an access link may support uplink signaling, downlink signaling, connection procedures, etc.
- wireless communications networks may be implemented using one or more modulation schemes.
- a wireless communication network may be implemented using a quadrature amplitude modulation (QAM) scheme such as 16QAM, 32QAM, 64QAM, etc.
- QAM quadrature amplitude modulation
- a UE may be any wireless communication device (e.g., a mobile phone, router, tablet computer, laptop computer, and/or tracking device, etc.), wearable (e.g., smartwatch, smart-glasses, wearable ring, and/or an extended reality (XR) device such as a virtual reality (VR) headset, an augmented reality (AR) headset or glasses, or a mixed reality (MR) headset), vehicle (e.g., automobile, motorcycle, bicycle, etc.), and/or Internet of Things (loT) device, etc., used by a user to communicate over a wireless communications network.
- XR extended reality
- VR virtual reality
- AR augmented reality
- MR mixed reality
- vehicle e.g., automobile, motorcycle, bicycle, etc.
- LoT Internet of Things
- a UE may be mobile or may (e.g., at certain times) be stationary, and may communicate with a radio access network (RAN).
- RAN radio access network
- the term “UE” may be referred to interchangeably as an “access terminal” or “AT,” a “client device,” a “wireless device,” a “subscriber device,” a “subscriber terminal,” a “subscriber station,” a “user terminal” or “UT,” a “mobile device,” a “mobile terminal,” a “mobile station,” or variations thereof.
- AT access terminal
- client device a “wireless device”
- subscriber device a “subscriber terminal”
- a “subscriber station” a “user terminal” or “UT”
- UEs may communicate with a core network via a RAN, and through the core network the UEs may be connected with external networks such as the Internet and with other UEs.
- WLAN wireless local area network
- a network entity may be implemented in an aggregated or monolithic base station architecture, or alternatively, in a disaggregated base station architecture, and may include one or more of a central unit (CU), a distributed unit (DU), a radio unit (RU), a Near-Real Time (Near- RT) RAN Intelligent Controller (RIC), or a Non-Real Time (Non-RT) RIC.
- CU central unit
- DU distributed unit
- RU radio unit
- RIC Near-Real Time
- Non-RT Non-Real Time
- a base station may operate according to one of several RATs in communication with UEs depending on the network in which it is deployed, and may be alternatively referred to as an access point (AP), a network node, a NodeB (NB), an evolved NodeB (eNB), a next generation eNB (ng-eNB), a New Radio (NR) Node B (also referred to as a gNB or gNodeB), etc.
- AP access point
- NB NodeB
- eNB evolved NodeB
- ng-eNB next generation eNB
- NR New Radio
- a base station may be used primarily to support wireless access by UEs, including supporting data, voice, and/or signaling connections for the supported UEs.
- a base station may provide edge node signaling functions while in other systems it may provide additional control and/or network management functions.
- a communication link through which UEs may send signals to a base station is called an uplink (UL) channel (e.g., a reverse traffic channel, a reverse control channel, an access channel, etc.).
- a communication link through which the base station may send signals to UEs is called a downlink (DL) or forward link channel (e.g., a paging channel, a control channel, a broadcast channel, or a forward traffic channel, etc.).
- DL downlink
- forward link channel e.g., a paging channel, a control channel, a broadcast channel, or a forward traffic channel, etc.
- TCH traffic channel
- network entity or “base station” (e.g., with an aggregated/monolithic base station architecture or disaggregated base station architecture) may refer to a single physical transmit receive point (TRP) or to multiple physical TRPs that may or may not be co-located.
- TRP transmit receive point
- the physical TRP may be an antenna of the base station corresponding to a cell (or several cell sectors) of the base station.
- the physical TRPs may be an array of antennas (e.g., as in a multiple-input multiple-output (MIMO) system or where the base station employs beamforming) of the base station.
- the physical TRPs may be a distributed antenna system (DAS) (a network of spatially separated antennas connected to a common source via a transport medium) or a remote radio head (RRH) (a remote base station connected to a serving base station).
- DAS distributed antenna system
- RRH remote radio head
- the non-co-located physical TRPs may be the serving base station receiving the measurement report from the UE and a neighbor base station whose reference radio frequency (RF) signals (or simply “reference signals”) the UE is measuring.
- RF radio frequency
- a network entity or base station may not support wireless access by UEs (e.g., may not support data, voice, and/or signaling connections for UEs), but may instead transmit reference signals to UEs to be measured by the UEs, and/or may receive and measure signals transmitted by the UEs.
- a base station may be referred to as a positioning beacon (e.g., when transmitting signals to UEs) and/or as a location measurement unit (e.g., when receiving and measuring signals from UEs).
- An RF signal comprises an electromagnetic wave of a given frequency that transports information through the space between a transmitter and a receiver.
- a transmitter may transmit a single “RF signal” or multiple “RF signals” to a receiver.
- the receiver may receive multiple “RF signals” corresponding to each transmitted RF signal due to the propagation characteristics of RF signals through multipath channels.
- the same transmitted RF signal on different paths between the transmitter and receiver may be referred to as a “multipath” RF signal.
- an RF signal may also be referred to as a “wireless signal” or simply a “signal” where it is clear from the context that the term “signal” refers to a wireless signal or an RF signal.
- FIG. 1 illustrates an example of a wireless communications system 100.
- the wireless communications system 100 (which may also be referred to as a wireless wide area network (WWAN)) may include various base stations 102 and various UEs 104.
- the base stations 102 may also be referred to as “network entities” or “network nodes.”
- One or more of the base stations 102 may be implemented in an aggregated or monolithic base station architecture.
- one or more of the base stations 102 may be implemented in a disaggregated base station architecture, and may include one or more of a central unit (CU), a distributed unit (DU), a radio unit (RU), a Near-Real Time (Near-RT) RAN Intelligent Controller (RIC), or a Non-Real Time (Non-RT) RIC.
- the base stations 102 may include macro cell base stations (high power cellular base stations) and/or small cell base stations (low power cellular base stations).
- the macro cell base station may include eNBs and/or ng-eNBs where the wireless communications system 100 corresponds to a long term evolution (LTE) network, or gNBs where the wireless communications system 100 corresponds to a NR network, or a combination of both, and the small cell base stations may include femtocells, picocells, microcells, etc.
- LTE long term evolution
- gNBs where the wireless communications system 100 corresponds to a NR network
- the small cell base stations may include femtocells, picocells, microcells, etc.
- the base stations 102 may collectively form a RAN and interface with a core network 170 (e.g., an evolved packet core (EPC) or a 5G core (5GC)) through backhaul links 122, and through the core network 170 to one or more location servers 172 (which may be part of core network 170 or may be external to core network 170).
- a core network 170 e.g., an evolved packet core (EPC) or a 5G core (5GC)
- EPC evolved packet core
- 5GC 5G core
- the base stations 102 may perform functions that relate to one or more of transferring user data, radio channel ciphering and deciphering, integrity protection, header compression, mobility control functions (e.g., handover, dual connectivity), inter-cell interference coordination, connection setup and release, load balancing, distribution for non-access stratum (NAS) messages, NAS node selection, synchronization, RAN sharing, multimedia broadcast multicast service (MBMS), subscriber and equipment trace, RAN information management (RIM), paging, positioning, and delivery of warning messages.
- the base stations 102 may communicate with each other directly or indirectly (e.g., through the EPC or 5GC) over backhaul links 134, which may be wired and/or wireless.
- the base stations 102 may wirelessly communicate with the UEs 104. Each of the base stations 102 may provide communication coverage for a respective geographic coverage area 110. In an aspect, one or more cells may be supported by a base station 102 in each coverage area 110.
- a “cell” is a logical communication entity used for communication with a base station (e.g., over some frequency resource, referred to as a carrier frequency, component carrier, carrier, band, or the like), and may be associated with an identifier (e.g., a physical cell identifier (PCI), a virtual cell identifier (VCI), a cell global identifier (CGI)) for distinguishing cells operating via the same or a different carrier frequency.
- PCI physical cell identifier
- VCI virtual cell identifier
- CGI cell global identifier
- different cells may be configured according to different protocol types (e.g., machine-type communication (MTC), narrowband loT (NB-IoT), enhanced mobile broadband (eMBB), or others) that may provide access for different types of UEs.
- MTC machine-type communication
- NB-IoT narrowband loT
- eMBB enhanced mobile broadband
- a cell may refer to either or both of the logical communication entity and the base station that supports it, depending on the context.
- TRP is typically the physical transmission point of a cell
- the terms “cell” and “TRP” may be used interchangeably.
- the term “cell” may also refer to a geographic coverage area of a base station (e.g., a sector), insofar as a carrier frequency may be detected and used for communication within some portion of geographic coverage areas 110.
- While neighboring macro cell base station 102 geographic coverage areas 110 may partially overlap (e.g., in a handover region), some of the geographic coverage areas 110 may be substantially overlapped by a larger geographic coverage area 110.
- a small cell base station 102' may have a coverage area 110' that substantially overlaps with the coverage area 110 of one or more macro cell base stations 102.
- a network that includes both small cell and macro cell base stations may be known as a heterogeneous network.
- a heterogeneous network may also include home eNBs (HeNBs), which may provide service to a restricted group known as a closed subscriber group (CSG).
- HeNBs home eNBs
- CSG closed subscriber group
- the communication links 120 between the base stations 102 and the UEs 104 may include uplink (also referred to as reverse link) transmissions from a UE 104 to a base station 102 and/or downlink (also referred to as forward link) transmissions from a base station 102 to a UE 104.
- the communication links 120 may use MIMO antenna technology, including spatial multiplexing, beamforming, and/or transmit diversity.
- the communication links 120 may be through one or more carrier frequencies. Allocation of carriers may be asymmetric with respect to downlink and uplink (e.g., more or less carriers may be allocated for downlink than for uplink).
- the wireless communications system 100 may further include a WLAN AP 150 in communication with WLAN stations (STAs) 152 via communication links 154 in an unlicensed frequency spectrum (e.g., 5 Gigahertz (GHz)).
- the WLAN STAs 152 and/or the WLAN AP 150 may perform a clear channel assessment (CCA) or listen before talk (LBT) procedure prior to communicating in order to determine whether the channel is available.
- the wireless communications system 100 may include devices (e.g., UEs, etc.) that communicate with one or more UEs 104, base stations 102, APs 150, etc. utilizing the ultra-wideband (UWB) spectrum.
- the UWB spectrum may range from 3.1 to 10.5 GHz.
- the small cell base station 102' may operate in a licensed and/or an unlicensed frequency spectrum. When operating in an unlicensed frequency spectrum, the small cell base station 102' may employ LTE or NR technology and use the same 5 GHz unlicensed frequency spectrum as used by the WLAN AP 150. The small cell base station 102', employing LTE and/or 5G in an unlicensed frequency spectrum, may boost coverage to and/or increase capacity of the access network.
- NR in unlicensed spectrum may be referred to as NR-U.
- LTE in an unlicensed spectrum may be referred to as LTE-U, licensed assisted access (LAA), or MulteFire.
- the wireless communications system 100 may further include a millimeter wave (mmW) base station 180 that may operate in mmW frequencies and/or near mmW frequencies in communication with a UE 182.
- the mmW base station 180 may be implemented in an aggregated or monolithic base station architecture, or alternatively, in a disaggregated base station architecture (e.g., including one or more of a CU, a DU, a RU, a Near-RT RIC, or a Non-RT RIC).
- Extremely high frequency (EHF) is part of the RF in the electromagnetic spectrum. EHF has a range of 30 GHz to 300 GHz and a wavelength between 1 millimeter and 10 millimeters.
- Radio waves in this band may be referred to as a millimeter wave.
- Near mmW may extend down to a frequency of 3 GHz with a wavelength of 100 millimeters.
- the super high frequency (SHF) band extends between 3 GHz and 30 GHz, also referred to as centimeter wave. Communications using the mmW and/or near mmW radio frequency band have high path loss and a relatively short range.
- the mmW base station 180 and the UE 182 may utilize beamforming (transmit and/or receive) over an mmW communication link 184 to compensate for the extremely high path loss and short range.
- one or more base stations 102 may also transmit using mmW or near mmW and beamforming. Accordingly, it will be appreciated that the foregoing illustrations are merely examples and should not be construed to limit the various aspects disclosed herein.
- the frequency spectrum in which wireless network nodes or entities is divided into multiple frequency ranges, FR1 (from 450 to 6000 Megahertz (MHz)), FR2 (from 24250 to 52600 MHz), FR3 (above 52600 MHz), and FR4 (between FR1 and FR2).
- FR1 from 450 to 6000 Megahertz (MHz)
- FR2 from 24250 to 52600 MHz
- FR3 above 52600 MHz
- FR4 between FR1 and FR2
- the anchor carrier is the carrier operating on the primary frequency (e.g., FR1) utilized by a UE 104/182 and the cell in which the UE 104/182 either performs the initial radio resource control (RRC) connection establishment procedure or initiates the RRC connection re-establishment procedure.
- RRC radio resource control
- the primary carrier carries all common and UE-specific control channels and may be a carrier in a licensed frequency (however, this is not always the case).
- a secondary carrier is a carrier operating on a second frequency (e.g., FR2) that may be configured once the RRC connection is established between the UE 104 and the anchor carrier and that may be used to provide additional radio resources.
- the secondary carrier may be a carrier in an unlicensed frequency.
- the secondary carrier may contain only necessary signaling information and signals, for example, those that are UE- specific may not be present in the secondary carrier, since both primary uplink and downlink carriers are typically UE-specific. This means that different UEs 104/182 in a cell may have different downlink primary carriers. The same is true for the uplink primary carriers.
- the network is able to change the primary carrier of any UE 104/182 at any time. This is done, for example, to balance the load on different carriers.
- a “serving cell” (whether a PCell or an SCell) corresponds to a carrier frequency and/or component carrier over which some base station is communicating, the term “cell,” “serving cell,” “component carrier,” “carrier frequency,” and the like may be used interchangeably.
- one of the frequencies utilized by the macro cell base stations 102 may be an anchor carrier (or “PCell”) and other frequencies utilized by the macro cell base stations 102 and/or the mmW base station 180 may be secondary carriers (“SCells”).
- the base stations 102 and/or the UEs 104 may use spectrum up to Y MHz (e.g., 5, 10, 15, 20, 100 MHz) bandwidth per carrier up to a total of Yx MHz (x component carriers) for transmission in each direction.
- the component carriers may or may not be adjacent to each other on the frequency spectrum.
- Allocation of carriers may be asymmetric with respect to the downlink and uplink (e.g., more or less carriers may be allocated for downlink than for uplink).
- the simultaneous transmission and/or reception of multiple carriers enables the UE 104/182 to significantly increase its data transmission and/or reception rates. For example, two 20 MHz aggregated carriers in a multi-carrier system would theoretically lead to a two-fold increase in data rate (i.e., 40 MHz), compared to that attained by a single 20 MHz carrier.
- a base station 102 and/or a UE 104 may be equipped with multiple receivers and/or transmitters.
- a UE 104 may have two receivers, “Receiver 1” and “Receiver 2,” where “Receiver 1” is a multi -band receiver that may be tuned to band (i.e., carrier frequency) ‘X’ or band ‘Y,’ and “Receiver 2” is a one-band receiver tuneable to band ‘Z’ only.
- band ‘X’ would be referred to as the PCell or the active carrier frequency, and “Receiver 1” would need to tune from band ‘X’ to band ‘Y’ (an SCell) in order to measure band ‘Y’ (and vice versa).
- the wireless communications system 100 may further include a UE 164 that may communicate with a macro cell base station 102 over a communication link 120 and/or the mmW base station 180 over an mmW communication link 184.
- the macro cell base station 102 may support a PCell and one or more SCells for the UE 164 and the mmW base station 180 may support one or more SCells for the UE 164.
- the wireless communications system 100 may further include one or more UEs, such as UE 190, that connects indirectly to one or more communication networks via one or more device- to-device (D2D) peer-to-peer (P2P) links (referred to as “sidelinks”).
- D2D device- to-device
- P2P peer-to-peer
- UE 190 has a D2D P2P link 192 with one of the UEs 104 connected to one of the base stations 102 (e.g., through which UE 190 may indirectly obtain cellular connectivity) and a D2D P2P link 194 with WLAN STA 152 connected to the WLAN AP 150 (through which UE 190 may indirectly obtain WLAN-based Internet connectivity).
- the D2D P2P links 192 and 194 may be supported with any well-known D2D RAT, such as LTE Direct (LTE-D), Wi-Fi Direct (Wi-Fi- D), Bluetooth®, and so on.
- FIG. 2 shows a block diagram of a design of a base station 102 and a UE 104 that enable transmission and processing of signals exchanged between the UE and the base station, in accordance with some aspects of the present disclosure.
- Design 200 includes components of a base station 102 and a UE 104, which may be one of the base stations 102 and one of the UEs 104 in FIG. 1.
- Base station 102 may be equipped with T antennas 234a through 234t
- UE 104 may be equipped with R antennas 252a through 252r, where in general T>1 and R>1.
- a transmit processor 220 may receive data from a data source 212 for one or more UEs, select one or more modulation and coding schemes (MCS) for each UE based at least in part on channel quality indicators (CQIs) received from the UE, process (e.g., encode and modulate) the data for each UE based at least in part on the MCS(s) selected for the UE, and provide data symbols for all UEs. Transmit processor 220 may also process system information (e.g., for semi-static resource partitioning information (SRPI) and/or the like) and control information (e.g., CQI requests, grants, upper layer signaling, and/or the like) and provide overhead symbols and control symbols.
- MCS modulation and coding schemes
- CQIs channel quality indicators
- Transmit processor 220 may also process system information (e.g., for semi-static resource partitioning information (SRPI) and/or the like) and control information (e.g., CQI requests, grants, upper layer signal
- Transmit processor 220 may also generate reference symbols for reference signals (e.g., the cell-specific reference signal (CRS)) and synchronization signals (e.g., the primary synchronization signal (PSS) and secondary synchronization signal (SSS)).
- a transmit (TX) multiple-input multiple-output (MIMO) processor 230 may perform spatial processing (e.g., precoding) on the data symbols, the control symbols, the overhead symbols, and/or the reference symbols, if applicable, and may provide T output symbol streams to T modulators (MODs) 232a through 232t.
- the modulators 232a through 232t are shown as a combined modulator-demodulator (MOD-DEMOD). In some cases, the modulators and demodulators may be separate components.
- Each modulator of the modulators 232a to 232t may process a respective output symbol stream, e.g., for an orthogonal frequency-division multiplexing (OFDM) scheme and/or the like, to obtain an output sample stream.
- Each modulator of the modulators 232a to 232t may further process (e.g., convert to analog, amplify, filter, and upconvert) the output sample stream to obtain a downlink signal.
- T downlink signals may be transmitted from modulators 232a to 232t via T antennas 234a through 234t, respectively.
- the synchronization signals may be generated with location encoding to convey additional information.
- antennas 252a through 252r may receive the downlink signals from base station 102 and/or other base stations and may provide received signals to demodulators (DEMODs) 254a through 254r, respectively.
- the demodulators 254a through 254r are shown as a combined modulator-demodulator (MOD-DEMOD). In some cases, the modulators and demodulators may be separate components.
- Each demodulator of the demodulators 254a through 254r may condition (e.g., filter, amplify, downconvert, and digitize) a received signal to obtain input samples.
- Each demodulator of the demodulators 254a through 254r may further process the input samples (e.g., for OFDM and/or the like) to obtain received symbols.
- a MIMO detector 256 may obtain received symbols from all R demodulators 254a through 254r, perform MIMO detection on the received symbols if applicable, and provide detected symbols.
- a receive processor 258 may process (e.g., demodulate and decode) the detected symbols, provide decoded data for UE 104 to a data sink 260, and provide decoded control information and system information to a controller/processor 280.
- a channel processor may determine reference signal received power (RSRP), received signal strength indicator (RS SI), reference signal received quality (RSRQ), channel quality indicator (CQI), and/or the like.
- a transmit processor 264 may receive and process data from a data source 262 and control information (e.g., for reports comprising RSRP, RSSI, RSRQ, CQI, and/or the like) from controller/processor 280. Transmit processor 264 may also generate reference symbols for one or more reference signals (e.g., based at least in part on a beta value or a set of beta values associated with the one or more reference signals).
- the symbols from transmit processor 264 may be precoded by a TX-MIMO processor 266 if application, further processed by modulators 254a through 254r (e g., for DFT-s-OFDM, CP-OFDM, and/or the like), and transmitted to base station 102.
- modulators 254a through 254r e g., for DFT-s-OFDM, CP-OFDM, and/or the like
- the uplink signals from UE 104 and other UEs may be received by antennas 234a through 234t, processed by demodulators 232a through 232t, detected by a MIMO detector 236 if applicable, and further processed by a receive processor 238 to obtain decoded data and control information sent by UE 104.
- Receive processor 238 may provide the decoded data to a data sink 239 and the decoded control information to controller (processor) 240.
- Base station 102 may include communication unit 244 and communicate to a network controller 231 via communication unit 244.
- Network controller 231 may include communication unit 294, controller/processor 290, and memory 292.
- one or more components of UE 104 may be included in a housing. Controller 240 of base station 102, controller/processor 280 of UE 104, and/or any other component(s) of FIG. 2 may perform one or more techniques associated with implicit UCI beta value determination for NR.
- Memories 242 and 282 may store data and program codes for the base station 102 and the UE 104, respectively.
- a scheduler 246 may schedule UEs for data transmission on the downlink, uplink, and/or sidelink.
- deployment of communication systems may be arranged in multiple manners with various components or constituent parts.
- a network node, a network entity, a mobility element of a network, a radio access network (RAN) node, a core network node, a network element, or a network equipment, such as a base station (BS), or one or more units (or one or more components) performing base station functionality may be implemented in an aggregated or disaggregated architecture.
- a BS such as a Node B (NB), evolved NB (eNB), NR BS, 5G NB, access point (AP), a transmit receive point (TRP), or a cell, etc.
- NB Node B
- eNB evolved NB
- NR BS 5G NB
- AP access point
- TRP transmit receive point
- a cell etc.
- An aggregated base station may be configured to utilize a radio protocol stack that is physically or logically integrated within a single RAN node.
- a disaggregated base station may be configured to utilize a protocol stack that is physically or logically distributed among two or more units (such as one or more central or centralized units (CUs), one or more distributed units (DUs), or one or more radio units (RUs)).
- a CU may be implemented within a RAN node, and one or more DUs may be co-located with the CU, or alternatively, may be geographically or virtually distributed throughout one or multiple other RAN nodes.
- the DUs may be implemented to communicate with one or more RUs.
- Each of the CU, DU and RU also may be implemented as virtual units, i.e., a virtual central unit (VCU), a virtual distributed unit (VDU), or a virtual radio unit (VRU).
- VCU virtual central unit
- VDU virtual distributed unit
- VRU virtual radio unit
- Base station-type operation or network design may consider aggregation characteristics of base station functionality.
- disaggregated base stations may be utilized in an integrated access backhaul (IAB) network, an open radio access network (0-RAN (such as the network configuration sponsored by the O-RAN Alliance)), or a virtualized radio access network (vRAN, also known as a cloud radio access network (C-RAN)).
- IAB integrated access backhaul
- 0-RAN open radio access network
- vRAN also known as a cloud radio access network
- Disaggregation may include distributing functionality across two or more units at various physical locations, as well as distributing functionality for at least one unit virtually, which may enable flexibility in network design.
- the various units of the disaggregated base station, or disaggregated RAN architecture may be configured for wired or wireless communication with at least one other unit.
- FIG. 3 shows a diagram illustrating an example disaggregated base station 300 architecture.
- the disaggregated base station 300 architecture may include one or more central units (CUs) 310 that may communicate directly with a core network 320 via a backhaul link, or indirectly with the core network 320 through one or more disaggregated base station units (such as a Near-Real Time (Near-RT) RAN Intelligent Controller (RIC) 325 via an E2 link, or a NonReal Time (Non-RT) RIC 315 associated with a Service Management and Orchestration (SMO) Framework 305, or both).
- a CU 310 may communicate with one or more distributed units (DUs) 330 via respective midhaul links, such as an Fl interface.
- DUs distributed units
- the DUs 330 may communicate with one or more radio units (RUs) 340 via respective fronthaul links.
- the RUs 340 may communicate with respective UEs 104 via one or more radio frequency (RF) access links.
- the UE 104 may be simultaneously served by multiple RUs 340.
- Each of the units e.g., the CUs 310, the DUs 330, the RUs 340, as well as the Near-RT RICs 325, the Non-RT RICs 315 and the SMO Framework 305, may include one or more interfaces or be coupled to one or more interfaces configured to receive or transmit signals, data, or information (collectively, signals) via a wired or wireless transmission medium.
- Each of the units, or an associated processor or controller providing instructions to the communication interfaces of the units may be configured to communicate with one or more of the other units via the transmission medium.
- the units may include a wired interface configured to receive or transmit signals over a wired transmission medium to one or more of the other units.
- the units may include a wireless interface, which may include a receiver, a transmitter or transceiver (such as a radio frequency (RF) transceiver), configured to receive or transmit signals, or both, over a wireless transmission medium to one or more of the other units.
- RF radio frequency
- the CU 310 may host one or more higher layer control functions. Such control functions may include radio resource control (RRC), packet data convergence protocol (PDCP), service data adaptation protocol (SDAP), or the like. Each control function may be implemented with an interface configured to communicate signals with other control functions hosted by the CU 310.
- the CU 310 may be configured to handle user plane functionality (i.e., Central Unit - User Plane (CU-UP)), control plane functionality (i.e., Central Unit - Control Plane (CU-CP)), or a combination thereof.
- the CU 310 may be logically split into one or more CU-UP units and one or more CU-CP units.
- the CU-UP unit may communicate bidirectionally with the CU-CP unit via an interface, such as the El interface when implemented in an 0-RAN configuration.
- the CU 310 may be implemented to communicate with the DU 330, as necessary, for network control and signaling.
- the DU 330 may correspond to a logical unit that includes one or more base station functions to control the operation of one or more RUs 340.
- the DU 330 may host one or more of a radio link control (RLC) layer, a medium access control layer, and one or more high physical (PHY) layers (such as modules for forward error correction (FEC) encoding and decoding, scrambling, modulation and demodulation, or the like) depending, at least in part, on a functional split, such as those defined by the 3rd Generation Partnership Project (3GPP).
- the DU 330 may further host one or more low PHY layers. Each layer (or module) may be implemented with an interface configured to communicate signals with other layers (and modules) hosted by the DU 330, or with the control functions hosted by the CU 310.
- Lower-layer functionality may be implemented by one or more RUs 340.
- an RU 340 controlled by a DU 330, may correspond to a logical node that hosts RF processing functions, or low-PHY layer functions (such as performing fast Fourier transform (FFF), inverse FFT (iFFF), digital beamforming, physical random access channel (PRACH) extraction and filtering, or the like), or both, based at least in part on the functional split, such as a lower layer functional split.
- the RU(s) 340 may be implemented to handle over the air (OTA) communication with one or more UEs 104.
- OTA over the air
- real-time and non-real-time aspects of control and user plane communication with the RU(s) 340 may be controlled by the corresponding DU 330.
- this configuration may enable the DU(s) 330 and the CU 310 to be implemented in a cloud-based RAN architecture, such as a vRAN architecture.
- the SMO Framework 305 may be configured to support RAN deployment and provisioning of non-virtualized and virtualized network elements.
- the SMO Framework 305 may be configured to support the deployment of dedicated physical resources for RAN coverage requirements which may be managed via an operations and maintenance interface (such as an 01 interface).
- the SMO Framework 305 may be configured to interact with a cloud computing platform (such as an open cloud (O-Cloud) 390) to perform network element life cycle management (such as to instantiate virtualized network elements) via a cloud computing platform interface (such as an 02 interface).
- a cloud computing platform such as an open cloud (O-Cloud) 390
- network element life cycle management such as to instantiate virtualized network elements
- a cloud computing platform interface such as an 02 interface
- Such virtualized network elements may include, but are not limited to, CUs 310, DUs 330, RUs 340 and Near-RT RICs 325.
- the SMO Framework 305 may communicate with a hardware aspect of a 4G RAN, such as an open eNB (O-eNB) 311, via an 01 interface. Additionally, in some implementations, the SMO Framework 305 may communicate directly with one or more RUs 340 via an 01 interface.
- the SMO Framework 305 also may include a Non-RT RIC 315 configured to support functionality of the SMO Framework 305.
- the Non-RT RIC 315 may be configured to include a logical function that enables non- real-time control and optimization of RAN elements and resources, Artificial Intelligence/Machine Learning (AI/ML) workflows including model training and updates, or policy -based guidance of applications/features in the Near-RT RIC 325.
- the Non-RT RIC 315 may be coupled to or communicate with (such as via an Al interface) the Near-RT RIC 325.
- the Near-RT RIC 325 may be configured to include a logical function that enables near-real-time control and optimization of RAN elements and resources via data collection and actions over an interface (such as via an E2 interface) connecting one or more CUs 310, one or more DUs 330, or both, as well as an O-eNB, with the Near-RT RIC 325.
- the Non-RT RIC 315 may receive parameters or external enrichment information from external servers. Such information may be utilized by the Near-RT RIC 325 and may be received at the SMO Framework 305 or the Non-RT RIC 315 from non-network data sources or from network functions.
- the Non-RT RIC 315 or the Near-RT RIC 325 may be configured to tune RAN behavior or performance.
- the Non-RT RIC 315 may monitor long-term trends and patterns for performance and employ AI/ML models to perform corrective actions through the SMO Framework 305 (such as reconfiguration via 01) or via creation of RAN management policies (such as Al policies).
- FIG. 4 illustrates an example of a computing system 470 of a wireless device 407.
- the wireless device 407 may include a client device such as a UE (e.g., UE 104, UE 152, UE 190) or other type of device (e.g., a station (STA) configured to communication using a Wi-Fi interface) that may be used by an end-user.
- a client device such as a UE (e.g., UE 104, UE 152, UE 190) or other type of device (e.g., a station (STA) configured to communication using a Wi-Fi interface) that may be used by an end-user.
- STA station
- the wireless device 407 may include a mobile phone, router, tablet computer, laptop computer, tracking device, wearable device (e.g., a smart watch, glasses, an extended reality (XR) device such as a virtual reality (VR), augmented reality (AR) or mixed reality (MR) device, etc.), Internet of Things (loT) device, access point, and/or another device that is configured to communicate over a wireless communications network.
- the computing system 470 includes software and hardware components that may be electrically or communicatively coupled via a bus 489 (or may otherwise be in communication, as appropriate).
- the computing system 470 includes one or more processors 484.
- the one or more processors 484 may include one or more CPUs, ASICs, FPGAs, APs, GPUs, VPUs, NSPs, microcontrollers, dedicated hardware, any combination thereof, and/or other processing device or system.
- the bus 489 may be used by the one or more processors 484 to communicate between cores and/or with the one or more memory devices 486.
- the computing system 470 may also include one or more memory devices 486, one or more digital signal processors (DSPs) 482, one or more subscriber identity modules (SIMs) 474, one or more modems 476, one or more wireless transceivers 478, one or more antennas 487, one or more input devices 472 (e.g., a camera, a mouse, a keyboard, a touch sensitive screen, a touch pad, a keypad, a microphone, and/or the like), and one or more output devices 480 (e.g., a display, a speaker, a printer, and/or the like).
- DSPs digital signal processors
- SIMs subscriber identity modules
- modems 476 one or more modems 476
- wireless transceivers 478 one or more antennas 487
- input devices 472 e.g., a camera, a mouse, a keyboard, a touch sensitive screen, a touch pad, a keypad, a microphone, and/or the like
- computing system 470 may include one or more radio frequency (RF) interfaces configured to transmit and/or receive RF signals.
- an RF interface may include components such as modem(s) 476, wireless transceiver(s) 478, and/or antennas 487.
- the one or more wireless transceivers 478 may transmit and receive wireless signals (e.g., signal 488) via antenna 487 from one or more other devices, such as other wireless devices, network devices (e.g., base stations such as eNBs and/or gNBs, Wi-Fi access points (APs) such as routers, range extenders or the like, etc.), cloud networks, and/or the like.
- APs Wi-Fi access points
- the computing system 470 may include multiple antennas or an antenna array that may facilitate simultaneous transmit and receive functionality.
- Antenna 487 may be an omnidirectional antenna such that radio frequency (RF) signals may be received from and transmitted in all directions.
- the wireless signal 488 may be transmitted via a wireless network.
- the wireless network may be any wireless network, such as a cellular or telecommunications network (e.g., 3G, 4G, 5G, etc.), wireless local area network (e.g., a Wi-Fi network), a BluetoothTM network, and/or other network.
- the wireless signal 488 may be transmitted directly to other wireless devices using sidelink communications (e.g., using a PC5 interface, using aDSRC interface, etc.).
- Wireless transceivers 478 may be configured to transmit RF signals for performing sidelink communications via antenna 487 in accordance with one or more transmit power parameters that may be associated with one or more regulation modes.
- Wireless transceivers 478 may also be configured to receive sidelink communication signals having different signal parameters from other wireless devices.
- the one or more wireless transceivers 478 may include an RF front end including one or more components, such as an amplifier, a mixer (also referred to as a signal multiplier) for signal down conversion, a frequency synthesizer (also referred to as an oscillator) that provides signals to the mixer, a baseband filter, an analog-to-digital converter (ADC), one or more power amplifiers, among other components.
- the RF front-end may generally handle selection and conversion of the wireless signals 488 into a baseband or intermediate frequency and may convert the RF signals to the digital domain.
- the computing system 470 may include a coding-decoding device (or CODEC) configured to encode and/or decode data transmitted and/or received using the one or more wireless transceivers 478.
- the computing system 470 may include an encryption-decryption device or component configured to encrypt and/or decrypt data (e.g., according to the AES and/or DES standard) transmitted and/or received by the one or more wireless transceivers 478.
- the one or more SIMs 474 may each securely store an international mobile subscriber identity (IMSI) number and related key assigned to the user of the wireless device 407.
- IMSI and key may be used to identify and authenticate the subscriber when accessing a network provided by a network service provider or operator associated with the one or more SIMs 474.
- the one or more modems 476 may modulate one or more signals to encode information for transmission using the one or more wireless transceivers 478.
- the one or more modems 476 may also demodulate signals received by the one or more wireless transceivers 478 in order to decode the transmitted information.
- the one or more modems 476 may include a Wi-Fi modem, a 4G (or LTE) modem, a 5G (or NR) modem, and/or other types of modems.
- the one or more modems 476 and the one or more wireless transceivers 478 may be used for communicating data for the one or more SIMs 474.
- the computing system 470 may also include (and/or be in communication with) one or more non-transitory machine-readable storage media or storage devices (e.g., one or more memory devices 486), which may include, without limitation, local and/or network accessible storage, a disk drive, a drive array, an optical storage device, a solid-state storage device such as a RAM and/or a ROM, which may be programmable, flash-updateable and/or the like.
- Such storage devices may be configured to implement any appropriate data storage, including without limitation, various file systems, database structures, and/or the like.
- functions may be stored as one or more computer-program products (e.g., instructions or code) in memory device(s) 486 and executed by the one or more processor(s) 484 and/or the one or more DSPs 482.
- the computing system 470 may also include software elements (e.g., located within the one or more memory devices 486), including, for example, an operating system, device drivers, executable libraries, and/or other code, such as one or more application programs, which may comprise computer programs implementing the functions provided by various embodiments, and/or may be designed to implement methods and/or configure systems, as described herein.
- FIGs. 5A-5D depict various example aspects of data structures for a wireless communication system, such as wireless communication system 100 of FIG. 1.
- FIGs. 5A-5D depict aspects of data structures for a wireless communication network, such as wireless communication network 100 of FIG. 1.
- FIG. 5A is a diagram 500 illustrating an example of a first subframe within a 5G (e.g., 5G NR) frame structure
- FIG. 5B is a diagram 530 illustrating an example of DL channels within a 5G subframe
- FIG. 5C is a diagram 550 illustrating an example of a second subframe within a 5G frame structure
- FIG. 5D is a diagram 580 illustrating an example of UL channels within a 5G subframe.
- the 5G frame structure may be frequency division duplex (FDD), in which for a particular set of subcarriers (carrier system bandwidth), subframes within the set of subcarriers are dedicated for either DL or UL.
- 5G frame structures may also be time division duplex (TDD), in which for a particular set of subcarriers (carrier system bandwidth), subframes within the set of subcarriers are dedicated for both DL and UL.
- FDD frequency division duplex
- TDD time division duplex
- the 5G frame structure is assumed to be TDD, with subframe 4 being configured with slot format 28 (with mostly DL), where D is DL, U is UL, and X is flexible for use between DL/UL, and subframe 3 being configured with slot format 34 (with mostly UL). While subframes 3, 4 are shown with slot formats 34, 28, respectively, any particular subframe may be configured with any of the various available slot formats 0-61. Slot formats 0, 1 are all DL, UL, respectively. Other slot formats 2-61 include a mix of DL, UL, and flexible symbols.
- UEs are configured with the slot format (dynamically through DL control information (DCI), or semi-statically/statically through radio resource control (RRC) signaling) through a received slot format indicator (SFI).
- DCI DL control information
- RRC radio resource control
- SFI received slot format indicator
- a frame (10 ms) may be divided into 10 equally sized subframes (1 ms). Each subframe may include one or more time slots. Subframes may also include mini-slots, which may include 7, 4, or 2 symbols. In some examples, each slot may include 7 or 14 symbols, depending on the slot configuration.
- each slot may include 14 symbols, and for slot configuration 1, each slot may include 7 symbols.
- the symbols on DL may be cyclic prefix (CP) OFDM (CP-OFDM) symbols.
- the symbols on UL may be CP-OFDM symbols (for high throughput scenarios) or discrete Fourier transform (DFT) spread OFDM (DFT-s-OFDM) symbols (also referred to as single carrier frequency-division multiple access (SC-FDMA) symbols) (for power limited scenarios; limited to a single stream transmission).
- CP cyclic prefix
- DFT-s-OFDM discrete Fourier transform
- SC-FDMA single carrier frequency-division multiple access
- the number of slots within a subframe is based on the slot configuration and the numerology.
- different numerologies (p) 0 to 5 allow for 1, 2, 4, 8, 16, and 32 slots, respectively, per subframe.
- different numerologies 0 to 2 allow for 2, 4, and 8 slots, respectively, per subframe.
- the subcarrier spacing and symbol length/duration are a function of the numerology.
- the subcarrier spacing may be equal to 2 R x 15 kHz, where p is the numerology 0 to 5.
- the symbol length/duration is inversely related to the subcarrier spacing.
- the slot duration is 0.25 ms
- the subcarrier spacing is 60 kHz
- the symbol duration is approximately 16.67 ps.
- a resource grid may be used to represent the frame structure.
- Each time slot includes a resource block (RB) (also referred to as physical RBs (PRBs)) that extends 12 consecutive subcarriers.
- RB resource block
- PRBs physical RBs
- the resource grid is divided into multiple resource elements (REs). The number of bits carried by each RE depends on the modulation scheme.
- the RS may include demodulation RS (DM-RS) (indicated as Rx for one particular configuration, where lOOx is the port number, but other DM-RS configurations are possible) and channel state information reference signals (CSI-RS) for channel estimation at the UE.
- DM-RS demodulation RS
- CSI-RS channel state information reference signals
- the RS may also include beam measurement RS (BRS), beam refinement RS (BRRS), and phase tracking RS (PT-RS).
- BRS beam measurement RS
- BRRS beam refinement RS
- PT-RS phase tracking RS
- a primary synchronization signal may be within symbol 2 of particular subframes ofaframe.
- ThePSS is used by aUE (e.g., UE 104, UE 152, UE 190) to determine subframe/symbol timing and a physical layer identity.
- a secondary synchronization signal may be within symbol 4 of particular subframes of a frame.
- the SSS is used by a UE to determine a physical layer cell identity group number and radio frame timing.
- the UE can determine a physical cell identifier (PCI). Based on the PCI, the UE can determine the locations of the aforementioned DM-RS.
- the physical broadcast channel (PBCH) which carries a master information block (MIB), may be logically grouped with the PSS and SSS to form a synchronization signal (SS)/PBCH block.
- the MIB provides a number of RBs in the system bandwidth and a system frame number (SFN).
- the physical downlink shared channel (PDSCH) carries user data, broadcast system information not transmitted through the PBCH such as system information blocks (SIBs), and paging messages.
- SIBs system information blocks
- some of the REs carry DM-RS (indicated as R for one particular configuration, but other DM-RS configurations are possible) for channel estimation at the base station.
- the UE may transmit DM-RS for the physical uplink control channel (PUCCH) and DM- RS for the physical uplink shared channel (PUSCH).
- the PUSCH DM-RS may be transmitted in the first one or two symbols of the PUSCH.
- the PUCCH DM-RS may be transmitted in different configurations depending on whether short or long PUCCHs are transmitted and depending on the particular PUCCH format used.
- the UE may transmit sounding reference signals (SRS).
- the SRS may be transmitted in the last symbol of a subframe.
- the SRS may have a comb structure, and a UE may transmit SRS on one of the combs.
- the SRS may be used by a base station for channel quality estimation to enable frequency-dependent scheduling on the UL.
- FIG. 5D illustrates an example of various UL channels within a subframe of a frame.
- the PUCCH may be located as indicated in one configuration.
- the PUCCH carries uplink control information (UCI), such as scheduling requests, a channel quality indicator (CQI), a precoding matrix indicator (PMI), a rank indicator (RI), and HARQ ACK/NACK feedback.
- the PUSCH carries data, and may additionally be used to carry a buffer status report (BSR), a power headroom report (PHR), and/or UCI.
- BSR buffer status report
- PHR power headroom report
- certain wireless systems may include authentication systems.
- certain cellular wireless systems such as 5G system, may include a 5G-authentication and key management (AKA) procedure, among other procedures.
- the 5G-AKA procedure may be the procedure by which a UE and a network mutually authenticate and derive cryptographic keys to protect data.
- additional cryptographic keys may be derived based on an authentication procedure.
- FIG. 6 illustrates an example 600 primary authentication and key derivation procedure, in accordance with aspects of the present disclosure.
- the UE 602 may transmit (not shown) a temporary identifier such as a 5G NR global unique identifier (5G-GUTI) or encrypted permanent identifier to the network.
- a temporary identifier such as a 5G NR global unique identifier (5G-GUTI) or encrypted permanent identifier to the network.
- 5G-GUTI 5G NR global unique identifier
- the transmission may be performed through a NAS signaling message.
- a UE 602 may perform a primary authentication procedure 612 with an access and mobility management function (AMF) 604 and an authentication server function (AUSF) 606.
- AMF access and mobility management function
- AUSF authentication server function
- the AUSF 606 may interact with a unified data management UDM 608 to obtain authentication information such as subscription credentials (e.g., AKA Authentication vectors) and the authentication method using the Nudm_UEAuthentication_Get Request service operation.
- the UDM 608 may indicate that an AKMA anchor key (KAKMA) should be generated for the UE 602.
- the KAKMA may be used to generate an AKMA Application Function Key (KAF).
- KAF Application Function Key
- a routing indicator (RID) may also be included in the response 614.
- the AUSF 606 may generate 616 the KAKMA and an AKMA key identifier (A-KID) from an authentication server function key KAUSF of the AUSF 606.
- the authentication server function key KAUSF may be a cryptographic key shared by the AUSF 606 and the UE 602 that may be used to derive a particular KAKMA.
- an A-TID, or AKMA temporary UE identifier (e.g., temporary device identifier), may also be derived from the key KAUSF of the AUSF 606.
- the A- TID may be included as a part of the A-KID along with a home network identifier for the UE.
- KAUSF may be derived at the UE 602 and the UE 602 may also generate 618 the KAKMA and the A-KID from KAUSF.
- the A-KID may be a unique identifier that may be used to identify a particular KAKMA.
- the AUSF 606 may select an AKMA anchor function (AAnF) 610 and send an anchor key registration request 620 including the generated A-KID and KAKMA to the AAnF 610.
- the AAnF 610 may store the information sent by the AUSF 606 and send an anchor key registration response 622 back to the AUSF 606.
- FIG. 7 illustrates an example 700 procedure for obtaining a KAF based on an A-KID, in accordance with aspects of the present disclosure.
- the UE 602 may initiate communication with an application function (AF) 704 (e.g., a remote application executing on a server connected to the network, such as the core network 170 of FIG. 1) by sending the AF 704 an application session establishment request message 706, the application session establishment request message 706 including the A-KID.
- AF application function
- the AF 704 may send message 708 (e.g., aNaanf_AKMA_ApplicationKey_Get request) to the AAnF 610 with the A-KID to request the KAF for the UE 602.
- the AF 704 also includes its identity (AF_ID) in the request.
- the AAnF 610 may derive 710 KAF from the KAKMA if the AAnF 610 does not already have KAF.
- the AAnF 610 may then send response 712 (e.g., Naanf_AKMA_ApplicationKey_Get response) to the AF 704 with a SUPI, KAF and the KAF expiration time.
- the AF 704 may then send an Application Session Establishment Response 714 including a KAF to the UE.
- the UE and the AF 704 may then use the KAF to communicate securely via encrypted protocols, such as via a transport layer security (TLS) tunnel or digest authentication.
- TLS transport layer security
- KAF may be derived from KAKMA based on a predefined key derivation function (KDF) based on a set of parameters.
- KDF key derivation function
- KDF key derivation function
- the parameters may include FC, which may be equal to 0x82, P0, which may be equal to an AF identifier (AF_ID), and L0, which may be equal to a length of AF ID.
- AF ID may be constructed based on a fully qualified domain name of the AF 704 and a specified Ua* security protocol identifier (e.g., an alphanumeric identifier for a security protocol being used).
- the input key to the KDF may be KAKMA.
- the KDF may be a predefined function that can generate a set of numbers (e.g., a key) based on an input set of parameters and different parameter values and number of parameters in the set of parameters can be used to define the output of the KDF.
- the KAF may have a fixed value (e.g., the value of KAF remains the same until a new primary authentication procedure is run).
- the primary authentication procedure may not be run for a substantial amount of time (e.g., multiple hours or days) and it may be helpful to refresh the KAF to increase communication security between the UE 602 and the AF 704.
- the KAF may be used to establish a TLS connection with an application server on the network and it may be desirable to have a different KAF for each session.
- the user may use a first KAF for that session. If the session expires (e.g., times out, user logs out, etc.), and the user access the application server again, the user may use a different second KAF for a second session.
- KAKMA may be modified to include an associated count value.
- the count value may be a number value associated with a KAKMA.
- the count value may be initially set to zero when a KAKMA is initially generated by the UE 602.
- the count value may be increased (e.g., by the UE 602) each time an A- KID, KAF pair is calculated from KAKMA.
- the AAnF 610 may hold the highest count value received and the AAnF 610 may check a newly received KAKMA count value is higher than a stored count value to ensure that the key is fresh (e.g., the latest).
- the AAnF 610 may save the last few KAKMA count value received to address, for example, race conditions.
- the UE 602 may be provisioned to use enhanced procedures for generating KAF.
- the UE 602 may include a universal subscriber identity module (USIM) and mobile equipment (ME).
- USIM universal subscriber identity module
- ME mobile equipment
- the UE 602 may obtain an indication from the USIM or from a memory on the ME to use enhanced A-KIDs along with a KAKMA with an associated count value.
- this indication may be provided if the AUSF 606 and AAnF 610 of the network also support enhanced procedures for generating KAF and support using enhanced A-KIDs and a KAKMA with an associated count value.
- the procedure for generating KAF may also be enhanced to allow the KAF to be refreshed.
- a UE 602 which supports the enhanced procedure for generating KAF may transmit the enhanced A-KID to the AF 704 as a part of the application session establishment request message 706.
- the UE 602 may generate a normal A-KID during a primary authentication (e.g., primary authentication procedure 612 of FIG. 6) and key derivation procedure (e.g., generating 618 the KAKMA and the A-KID from KAUSF, as shown in FIG. 6).
- the UE 602 may then determine to use an enhanced A-KID, for example, based on an indication from the USIM or from a memory on the ME to use enhanced A-KIDs.
- the UE 602 may generate an enhanced A-KID and KAF prior to transmission to the AF 704 in the application session establishment request message 706. For example, the UE 602 may increment the KAKMA count value, add the incremented count values to the KAF generation to generate an enhanced KAF, generate the enhanced A-KID, and transmit the enhanced KAF and enhanced A- KID to the AF 704 in the application session establishment request message 706.
- the UE 602 may determine to use an enhanced A-KID and directly generate an enhanced A-KID without previously generating a normal A-KID.
- the UE 602 may generate and transmit the enhanced A-KID in substantially the same manner as described above and below.
- the enhanced A-KID may include a count (e.g., freshness parameter)
- the A-KID may be used to derive a fresh KAF.
- the A-KID may be enhanced by including a parameter, such as a freshness parameter (e.g., count value), that may be used to derive a new (e.g., refresh) the enhanced KAF.
- a normal A-KID may include a 256 bit long A-TID derived from a KAKMA.
- an enhanced A-KID may be formed from a shortened A-TID.
- the enhanced A-TID may also include an encrypted count and/or a message authentication code (MAC).
- the shortened A-TID may be a first 128 bits of the A-TID.
- the encrypted count value may be 32 bits long and may be an encrypted version of the count value.
- the count value may be encrypted to avoid an eavesdropper being able to easily determine the count value.
- the encrypted count value may be determined by XORing the count value with the output of a first function.
- the first function may be a KDF function with a set of parameters.
- the set of parameters for the first function may include a key Kenc, the MAC, and/or the AF identifier (AF_ID).
- the set of parameters for the first function may also include the A-TID (e.g., either a normal A-KID, or an enhanced A-KID).
- the Kenc may be a key derived from KAKMA.
- key Kenc may be statically derived (e.g., with a fixed set of parameters) using the KDF function from KAKMA.
- the MAC may be 96 bits long.
- the MAC may be determined based on a second function.
- the second function may be a KDF function with a set of parameters.
- the set of parameters for the second function may include a Kmac, the A-TID, and/or the AF ID.
- the Kmac may also be statically derived using the KDF function.
- the fixed set of parameters for deriving the Kenc and Kmac may include different parameter values and/or a number of parameters. Including the count value in the MAC allows the MAC to be updated as the count value is updated.
- an enhanced KAF may be derived from the KAKMA along with the count value.
- the set of parameters for the KDF function used to generate the enhanced KAF may include parameters related to the count value.
- the set of parameters may include a Pl parameter set to the count value and a LI parameter set to a length of the count value.
- the AF 704 may send the enhanced A-KID to the AAnF 610, as shown, in message 708.
- the AAnF 610 may have previously received a normal A-KID for the LIE 602 from the AUSF 606 in the anchor key registration request 620.
- the AAnF 610 may match a portion of the enhanced A-KID from AF 704 to stored normal A-KIDs and determine that an enhanced A- KID is being used.
- the AAnF 610 may determine that an enhanced A-KID is being used if a first 128 bits of the enhanced A-KID match those of a stored A-KID.
- the AAnF 610 may check that the received KAKMA count value is higher than a stored count value to ensure that the key is fresh (e.g., the latest). In some cases, the AAnF 610 may XOR the encrypted count value that is part of the enhanced A-KID with the output of the first function in order to get the count value included in the enhanced A-KID. In some cases, the AAnF may also check the MAC value included in the enhanced A-KID.
- the AAnF 610 may use the count value in the enhanced A-KID to derive 710 a new enhanced KAF value.
- the AAnF 610 may transmit the new enhanced KAF value along with an indication to the AF 704 in response 712 that an enhanced A-KID is being used by the UE.
- the indication that the UE is using the enhanced A-KID may be discarded or ignored by the legacy AF 704, while still using the new enhanced KAF value. If the AF 704 supports using enhanced A-KIDs, the AF 704 may, at any point, request a new enhanced A-KID from UE 602.
- the AF 704 may request a new A-KID in the Application Session Establishment Response 714.
- the UE 602 in response to the request for a new enhanced A-KID, may increment the count associated with KAKMA, generate a new enhanced KAF, and generate a new enhanced A-KID.
- the UE 602 may send a new application session establishment request message 706 based on the new A-KID.
- the AF 704 may then send the new enhanced A-KID to the AAnF 610 in message 708, and the AAnF 610 may, in response 712, send back to the AF 704 a new enhanced KAF based on the new A-KID.
- the AF 704 may then respond back to the UE 602 with a new the Application Session Establishment Response 714.
- the AF 704 may establish an application session with the UE 602 using the new enhanced KAF.
- FIG. 8 is a flow diagram of a process 800 for AKMA application key refresh, in accordance with aspects of the present disclosure.
- the process 800 may be performed by a computing device (or apparatus) or a component (e.g., a chipset, codec, etc.) of the computing device.
- the computing device may be a mobile device (e.g., a mobile phone), a network-connected wearable such as a watch, an extended reality (XR) device such as a virtual reality (VR) device or augmented reality (AR) device, a vehicle or component or system of a vehicle, network component, or other type of computing device.
- the operations of the process 800 may be implemented as software components that are executed and run on one or more processors.
- the computing device may include an indication, such as a configuration, that the UE may use an enhanced privacy technique, such as techniques discussed in accordance with aspects of the present disclosure.
- the computing device may generate an anchor key based on a key from an authentication server function.
- the computing device may determine to use the enhanced key identifier (e.g., enhanced A-KID) based on an indication stored in at least one of the memory or a universal subscriber identity module.
- enhanced key identifier e.g., enhanced A-KID
- the computing device (or component thereof) may associate a count value with the anchor key.
- the computing device (or component thereof) may generate a temporary device identifier based on the authentication server function key.
- the computing device may generate an enhanced key identifier based on the count value, wherein the enhanced key identifier includes a portion of the temporary device identifier, wherein the portion of the temporary device identifier is less in size than an entire temporary device identifier.
- the enhanced key identifier includes an encrypted count value.
- the computing device (or component thereof) may generate the encrypted count value based on the count value and results from a first function.
- the results from the first function are based on a first key derived from the anchor key.
- the enhanced key identifier is further generated based on a message authentication code.
- the message authentication code is further generated based on at least one of the portion of the temporary device identifier or an identifier of a remote application. In some cases, the message authentication code is generated based on a second key derived from the anchor key. In some cases, the computing device (or component thereof) may determine to use the enhanced key identifier based on an indication stored in at least one of the memory or a universal subscriber identity module. In some examples, the portion of the temporary device identifier comprises a first 128 bits of the temporary device identifier.
- the computing device may transmit the enhanced key identifier to a remote application.
- the computing device may receive an indication, from the remote application, to refresh the enhanced key identifier; increment the count value based on the received indication; generate a refreshed enhanced key identifier based on the incremented count value; and transmit the refreshed enhanced key identifier to the remote application.
- the computing device may generate an application key for use with the remote application based on the anchor key and the count value.
- FIG. 9 is a flow diagram of a process 900 for AKMA application key refresh, in accordance with aspects of the present disclosure.
- the process 900 may be performed by a computing device (or apparatus) or a component (e.g., a chipset, codec, etc.) of the computing device.
- the computing device may be a mobile device (e.g., a mobile phone), a network-connected wearable such as a watch, an extended reality (XR) device such as a virtual reality (VR) device or augmented reality (AR) device, a vehicle or component or system of a vehicle, network component, or other type of computing device.
- the operations of the process 900 may be implemented as software components that are executed and run on one or more processors.
- the computing device may include an indication, such as a configuration, that the UE may use an enhanced privacy technique, such as techniques discussed in accordance with aspects of the present disclosure.
- the computing device may receive an anchor key and key identifier associated with a user device from an authentication server function.
- the computing device may receive a first request for an application key from a remote application, the first request including a first key identifier.
- the computing device may determine that the first key identifier is a first enhanced key identifier, wherein the first enhanced key identifier includes a count value.
- the count value associated with the first enhanced key identifier comprises an encrypted count value.
- the computing device may generate a first enhanced application key based on the count value associated with the first enhanced key identifier.
- the anchor key is associated with an initial count value.
- the computing device (or component thereof) may decrypt the encrypted count value based on the initial count value and results from a first function.
- the results from the first function are based on a first key derived from the anchor key.
- the enhanced key identifier is further generated based on a message authentication code.
- the message authentication code is generated based on a second key derived from the anchor key.
- the computing device may transmit the first enhanced application key and an indication that the user device is using an enhanced key identifier to the remote application.
- the computing device may receive a second request for an application key from a remote application, the second request including a second key identifier; determine that the second key identifier is a second enhanced key identifier; generate a second enhanced application key based on the count value associated with the second enhanced key identifier; and transmit the second enhanced application key to the remote application.
- FIG. 10 is a flow diagram of a process 1000 for AKMA application key refresh, in accordance with aspects of the present disclosure.
- the process 1000 may be performed by a computing device (or apparatus) or a component (e.g., a chipset, codec, etc.) of the computing device.
- the computing device may be a mobile device (e.g., a mobile phone), a network-connected wearable such as a watch, an extended reality (XR) device such as a virtual reality (VR) device or augmented reality (AR) device, a vehicle or component or system of a vehicle, network component, or other type of computing device.
- the operations of the process 1000 may be implemented as software components that are executed and run on one or more processors.
- the computing device may include an indication, such as a configuration, that the UE may use an enhanced privacy technique, such as techniques discussed in accordance with aspects of the present disclosure.
- the computing device may receive a first key identifier from a user device.
- the computing device may transmit the first key identifier to an authentication server function.
- the computing device may receive, from the authentication server function, a first enhanced application key and an indication that the user device is using an enhanced key identifier.
- the computing device may transmit, to the user device, a response, the response including a request for an updated key identifier.
- the computing device may receive a second key identifier from the user device.
- the computing device may transmit the second key identifier to an authentication server function.
- the computing device may receive, from the authentication server function, a second enhanced application key.
- the computing device may and communicate with the user device based on the second enhanced application key.
- the processes described herein may be performed by a computing device or apparatus (e.g., a UE or a base station).
- a computing device or apparatus e.g., a UE or a base station
- the process 800, process 900, and/or process 1000 may be performed by the UE 104, base stations 102, and/or component of the core network 170 of FIG. 1.
- the process 800 process 800, process 900, and/or process 1000 may be performed by a computing device with the computing system 1100 shown in FIG. 11.
- FIG. 11 is a diagram illustrating an example of a system for implementing certain aspects of the present technology. In particular, FIG.
- connection 1105 illustrates an example of computing system 1100, which may be for example any computing device making up internal computing system, a remote computing system, a camera, or any component thereof in which the components of the system are in communication with each other using connection 1105.
- Connection 1105 may be a physical connection using a bus, or a direct connection into processor 1110, such as in a chipset architecture.
- Connection 1105 may also be a virtual connection, networked connection, or logical connection.
- computing system 1100 is a distributed system in which the functions described in this disclosure may be distributed within a datacenter, multiple data centers, a peer network, etc.
- one or more of the described system components represents many such components each performing some or all of the function for which the component is described.
- the components may be physical or virtual devices.
- Example system 1100 includes at least one processing unit (CPU or processor) 1110 and connection 1105 that communicatively couples various system components including system memory 1115, such as read-only memory (ROM) 1120 and random access memory (RAM) 1125 to processor 1110.
- system memory 1115 such as read-only memory (ROM) 1120 and random access memory (RAM) 1125 to processor 1110.
- Computing system 1100 may include a cache 1112 of high-speed memory connected directly with, in close proximity to, or integrated as part of processor 1110.
- Processor 1110 may include any general purpose processor and a hardware service or software service, such as services 1132, 1134, and 1136 stored in storage device 1130, configured to control processor 1110 as well as a special-purpose processor where software instructions are incorporated into the actual processor design.
- Processor 1110 may essentially be a completely self- contained computing system, containing multiple cores or processors, a bus, memory controller, cache, etc.
- a multi-core processor may be symmetric or asymmetric.
- computing system 1100 includes an input device 1145, which may represent any number of input mechanisms, such as a microphone for speech, a touch- sensitive screen for gesture or graphical input, keyboard, mouse, motion input, speech, etc.
- Computing system 1100 may also include output device 1135, which may be one or more of a number of output mechanisms.
- output device 1135 may be one or more of a number of output mechanisms.
- multimodal systems may enable a user to provide multiple types of input/output to communicate with computing system 1100.
- Computing system 1 100 may include communications interface 1140, which may generally govern and manage the user input and system output.
- the communication interface may perform or facilitate receipt and/or transmission wired or wireless communications using wired and/or wireless transceivers, including those making use of an audio jack/plug, a microphone jack/plug, a universal serial bus (USB) port/plug, an AppleTMLightningTM port/plug, an Ethernet port/plug, a fiber optic port/plug, a proprietary wired port/plug, 3G, 4G, 5G and/or other cellular data network wireless signal transfer, a BluetoothTM wireless signal transfer, a BluetoothTM low energy (BLE) wireless signal transfer, an IBEACONTM wireless signal transfer, a radio-frequency identification (RFID) wireless signal transfer, near-field communications (NFC) wireless signal transfer, dedicated short range communication (DSRC) wireless signal transfer, 802.11 Wi-Fi wireless signal transfer, wireless local area network (WLAN) signal transfer, Visible Light Communication (VLC), Worldwide Interoperability for Microwave Access (WiMAX), Infrared (IR) communication wireless signal transfer, Public Switched
- the communications interface 1140 may also include one or more Global Navigation Satellite System (GNSS) receivers or transceivers that are used to determine a location of the computing system 1100 based on receipt of one or more signals from one or more satellites associated with one or more GNSS systems.
- GNSS systems include, but are not limited to, the US-based Global Positioning System (GPS), the Russia-based Global Navigation Satellite System (GLONASS), the China-based BeiDou Navigation Satellite System (BDS), and the Europe-based Galileo GNSS.
- GPS Global Positioning System
- GLONASS Russia-based Global Navigation Satellite System
- BDS BeiDou Navigation Satellite System
- Galileo GNSS Europe-based Galileo GNSS
- Storage device 1130 may be a non-volatile and/or non-transitoiy and/or computer- readable memory device and may be a hard disk or other types of computer readable media which may store data that are accessible by a computer, such as magnetic cassettes, flash memory cards, solid state memory devices, digital versatile disks, cartridges, a floppy disk, a flexible disk, a hard disk, magnetic tape, a magnetic strip/stripe, any other magnetic storage medium, flash memory, memristor memory, any other solid-state memory, a compact disc read only memory (CD-ROM) optical disc, a rewritable compact disc (CD) optical disc, digital video disk (DVD) optical disc, a blu-ray disc (BDD) optical disc, a holographic optical disk, another optical medium, a secure digital (SD) card, a micro secure digital (microSD) card, a Memory Stick® card, a smartcard chip, a EMV chip, a subscriber identity module (SIM) card,
- SD
- the storage device 1130 may include software services, servers, services, etc., that when the code that defines such software is executed by the processor 1110, it causes the system to perform a function.
- a hardware service that performs a particular function may include the software component stored in a computer-readable medium in connection with the necessary hardware components, such as processor 1110, connection 1105, output device 1135, etc., to carry out the function.
- computer-readable medium includes, but is not limited to, portable or non-portable storage devices, optical storage devices, and various other mediums capable of storing, containing, or carrying instruction(s) and/or data.
- a computer-readable medium may include a non-transitoiy medium in which data may be stored and that does not include carrier waves and/or transitory electronic signals propagating wirelessly or over wired connections.
- Examples of a non-transitory medium may include, but are not limited to, a magnetic disk or tape, optical storage media such as compact disk (CD) or digital versatile disk (DVD), flash memory, memory or memory devices.
- a computer-readable medium may have stored thereon code and/or machine-executable instructions that may represent a procedure, a function, a subprogram, a program, a routine, a subroutine, a module, a software package, a class, or any combination of instructions, data structures, or program statements.
- a code segment may be coupled to another code segment or a hardware circuit by passing and/or receiving information, data, arguments, parameters, or memory contents.
- Information, arguments, parameters, data, etc. may be passed, forwarded, or transmitted via any suitable means including memory sharing, message passing, token passing, network transmission, or the like.
- the present technology may be presented as including individual functional blocks comprising devices, device components, steps or routines in a method embodied in software, or combinations of hardware and software. Additional components may be used other than those shown in the figures and/or described herein.
- circuits, systems, networks, processes, and other components may be shown as components in block diagram form in order not to obscure the embodiments in unnecessary detail.
- well-known circuits, processes, algorithms, structures, and techniques may be shown without unnecessary detail in order to avoid obscuring the embodiments.
- Individual embodiments may be described above as a process or method which is depicted as a flowchart, a flow diagram, a data flow diagram, a structure diagram, or a block diagram. Although a flowchart may describe the operations as a sequential process, many of the operations may be performed in parallel or concurrently. In addition, the order of the operations may be re-arranged. A process is terminated when its operations are completed but could have additional steps not included in a figure. A process may correspond to a method, a function, a procedure, a subroutine, a subprogram, etc. When a process corresponds to a function, its termination may correspond to a return of the function to the calling function or the main function.
- Processes and methods according to the above-described examples may be implemented using computer-executable instructions that are stored or otherwise available from computer- readable media. Such instructions may include, for example, instructions and data which cause or otherwise configure a general purpose computer, special purpose computer, or a processing device to perform a certain function or group of functions. Portions of computer resources used may be accessible over a network.
- the computer executable instructions may be, for example, binaries, intermediate format instructions such as assembly language, firmware, source code. Examples of computer-readable media that may be used to store instructions, information used, and/or information created during methods according to described examples include magnetic or optical disks, flash memory, USB devices provided with non-volatile memory, networked storage devices, and so on.
- the computer-readable storage devices, mediums, and memories may include a cable or wireless signal containing a bitstream and the like.
- non-transitory computer-readable storage media expressly exclude media such as energy, carrier signals, electromagnetic waves, and signals per se.
- the various illustrative logical blocks, modules, and circuits described in connection with the aspects disclosed herein may be implemented or performed using hardware, software, firmware, middleware, microcode, hardware description languages, or any combination thereof, and may take any of a variety of form factors.
- the program code or code segments to perform the necessary tasks may be stored in a computer-readable or machine-readable medium.
- a processor(s) may perform the necessary tasks. Examples of form factors include laptops, smart phones, mobile phones, tablet devices or other small form factor personal computers, personal digital assistants, rackmount devices, standalone devices, and so on.
- Functionality described herein also may be embodied in peripherals or add-in cards. Such functionality may also be implemented on a circuit board among different chips or different processes executing in a single device, by way of further example.
- the instructions, media for conveying such instructions, computing resources for executing them, and other structures for supporting such computing resources are example means for providing the functions described in the disclosure.
- the techniques described herein may also be implemented in electronic hardware, computer software, firmware, or any combination thereof. Such techniques may be implemented in any of a variety of devices such as general purposes computers, wireless communication device handsets, or integrated circuit devices having multiple uses including application in wireless communication device handsets and other devices. Any features described as modules or components may be implemented together in an integrated logic device or separately as discrete but interoperable logic devices. If implemented in software, the techniques may be realized at least in part by a computer-readable data storage medium comprising program code including instructions that, when executed, performs one or more of the methods, algorithms, and/or operations described above. The computer-readable data storage medium may form part of a computer program product, which may include packaging materials.
- the computer-readable medium may comprise memory or data storage media, such as random access memory (RAM) such as synchronous dynamic random access memory (SDRAM), read-only memory (ROM), non- volatile random access memory (NVRAM), electrically erasable programmable read-only memory (EEPROM), FLASH memory, magnetic or optical data storage media, and the like.
- RAM random access memory
- SDRAM synchronous dynamic random access memory
- ROM read-only memory
- NVRAM non- volatile random access memory
- EEPROM electrically erasable programmable read-only memory
- FLASH memory magnetic or optical data storage media, and the like.
- the techniques additionally, or alternatively, may be realized at least in part by a computer-readable communication medium that carries or communicates program code in the form of instructions or data structures and that may be accessed, read, and/or executed by a computer, such as propagated signals or waves.
- the program code may be executed by a processor, which may include one or more processors, such as one or more digital signal processors (DSPs), general purpose microprocessors, an application specific integrated circuits (ASICs), field programmable logic arrays (FPGAs), or other equivalent integrated or discrete logic circuitry.
- DSPs digital signal processors
- ASICs application specific integrated circuits
- FPGAs field programmable logic arrays
- a general-purpose processor may be a microprocessor; but in the alternative, the processor may be any conventional processor, controller, microcontroller, or state machine.
- a processor may also be implemented as a combination of computing devices, e.g., a combination of a DSP and a microprocessor, a plurality of microprocessors, one or more microprocessors in conjunction with a DSP core, or any other such configuration. Accordingly, the term “processor,” as used herein may refer to any of the foregoing structure, any combination of the foregoing structure, or any other structure or apparatus suitable for implementation of the techniques described herein.
- Such configuration may be accomplished, for example, by designing electronic circuits or other hardware to perform the operation, by programming programmable electronic circuits (e.g., microprocessors, or other suitable electronic circuits) to perform the operation, or any combination thereof.
- programmable electronic circuits e.g., microprocessors, or other suitable electronic circuits
- Coupled to or “communicatively coupled to” refers to any component that is physically connected to another component either directly or indirectly, and/or any component that is in communication with another component (e.g., connected to the other component over a wired or wireless connection, and/or other suitable communication interface) either directly or indirectly.
- Claim language or other language reciting “at least one of’ a set and/or “one or more” of a set indicates that one member of the set or multiple members of the set (in any combination) satisfy the claim.
- claim language reciting “at least one of A and B” or “at least one of A or B” means A, B, or A and B.
- claim language reciting “at least one of A, B, and C” or “at least one of A, B, or C” means A, B, C, or A and B, or A and C, or B and C, A and B and C, or any duplicate information or data (e.g., A and A, B and B, C and C, A and A and B, and so on), or any other ordering, duplication, or combination of A, B, and C.
- the language “at least one of’ a set and/or “one or more” of a set does not limit the set to the items listed in the set.
- claim language reciting “at least one of A and B” or “at least one of A or B” may mean A, B, or A and B, and may additionally include items not listed in the set of A and B.
- Illustrative aspects of the disclosure include:
- An apparatus for wireless communications comprising: at least one memory comprising instructions; and at least one processor coupled to the at least one memory and configured to: generate an anchor key based on a key from an authentication server function; associate a count value with the anchor key; generate an enhanced key identifier based on the count value; and transmit the enhanced key identifier to a remote application.
- Aspect 2 The apparatus of aspect 1, wherein the at least one processor is further configured to: receive an indication, from the remote application, to refresh the enhanced key identifier; increment the count value; generate a refreshed enhanced key identifier based on the incremented count value; and transmit the refreshed enhanced key identifier to the remote application.
- Aspect 3 The apparatus of any of aspects 1-2, wherein the enhanced key identifier is generated based on an encrypted count value.
- Aspect 4 The apparatus of aspect 3, wherein the at least one processor is further configured to generate the encrypted count value based on the count value and results from a first function.
- Aspect 5. The apparatus of aspect 4, wherein the results from the first function are based on a first key derived from the anchor key.
- Aspect 6 The apparatus of aspect 3, wherein the enhanced key identifier is further generated based on a message authentication code.
- Aspect 7 The apparatus of aspect 6, wherein the message authentication code is generated based on a second key derived from the anchor key.
- Aspect 8 The apparatus of any of aspects 1-7, wherein the at least one processor is configured to determine to use the enhanced key identifier based on an indication stored in at least one of the memory or a universal subscriber identity module.
- Aspect 9 The apparatus of any of aspects 1-8, wherein the at least one processor is further configured to generate an application key for use with the remote application based on the anchor key and the count value.
- An apparatus for wireless communications comprising: at least one memory comprising instructions; and at least one processor coupled to the at least one memory and configured to: receive an anchor key and key identifier associated with a user device from an authentication server function; receive a first request for an application key from a remote application, the first request including a first key identifier; determine that the first key identifier is a first enhanced key identifier, wherein the first enhanced key identifier includes a count value; generate a first enhanced application key based on the count value associated with the first enhanced key identifier; and transmit the first enhanced application key and an indication that the user device is using an enhanced key identifier to the remote application.
- Aspect 11 The apparatus of aspect 10, wherein the at least one processor is further configured to: receive a second request for an application key from a remote application, the second request including a second key identifier; determine that the second key identifier is a second enhanced key identifier; generate a second enhanced application key based on the count value associated with the second enhanced key identifier; and transmit the second enhanced application key to the remote application.
- Aspect 12 The apparatus of any of aspects 10-12, wherein the count value associated with the first enhanced key identifier comprises an encrypted count value.
- Aspect 13 The apparatus of aspect 12, wherein the anchor key is associated with an initial count value, and wherein the at least one processor is further configured to decrypt the encrypted count value based on the initial count value and results from a first function.
- Aspect 14 The apparatus of aspect 13, wherein the results from the first function are based on a first key derived from the anchor key.
- Aspect 15 The apparatus of aspect 12, wherein the enhanced key identifier is further generated based on a message authentication code.
- Aspect 16 The apparatus of aspect 15, wherein the message authentication code is generated based on a second key derived from the anchor key.
- Aspect 17 The apparatus of any of aspects 10-17, wherein the at least one processor is further configured to generate the first enhanced application key for use with the remote application based on the anchor key.
- An apparatus for wireless communications comprising: at least one memory comprising instructions; and at least one processor coupled to the at least one memory and configured to: receive a first key identifier from a user device; transmit the first key identifier to an authentication server function; receive, from the authentication server function, a first enhanced application key and an indication that the user device is using an enhanced key identifier; transmit, to the user device, a response, the response including a request for an updated key identifier; receive a second key identifier from the user device; transmit the second key identifier to an authentication server function; receive, from the authentication server function, a second enhanced application key; and communicate with the user device based on the second enhanced application key.
- a method for wireless communications comprising: generating an anchor key based on a key from an authentication server function; associating a count value with the anchor key; generating an enhanced key identifier based on the count value; and transmitting the enhanced key identifier to a remote application.
- Aspect 20 The method of aspect 19, further comprising: receiving an indication, from the remote application, to refresh the enhanced key identifier; incrementing the count value; generating a refreshed enhanced key identifier based on the incremented count value; and transmitting the refreshed enhanced key identifier to the remote application.
- Aspect 21 The method of any of aspects 19-21, wherein the enhanced key identifier is generated based on an encrypted count value.
- Aspect 22 The method of aspect 21, further comprising generating the encrypted count value based on the count value and results from a first function.
- Aspect 23 The method of aspect 22, wherein the results from the first function are based on a first key derived from the anchor key.
- Aspect 24 The method of aspect 21, wherein the enhanced key identifier is further generated based on a message authentication code.
- Aspect 25 The method of aspect 24, wherein the message authentication code is generated based on a second key derived from the anchor key.
- Aspect 26 The method of any of aspects 19-26, further comprising using the enhanced key identifier based on an indication stored in at least one of a memory or a universal subscriber identity module.
- Aspect 27 The method of any of aspects 19-26, further comprising generating an application key for use with the remote application based on the anchor key and the count value.
- a method for wireless communications comprising: receiving an anchor key and key identifier associated with a user device from an authentication server function; receiving a first request for an application key from a remote application, the first request including a first key identifier; determining that the first key identifier is a first enhanced key identifier, wherein the first enhanced key identifier includes a count value; generating a first enhanced application key based on the count value associated with the first enhanced key identifier; and transmitting the first enhanced application key and an indication that the user device is using an enhanced key identifier to the remote application.
- the method of aspect 28, further comprising: receiving a second request for an application key from a remote application, the second request including a second key identifier; determining that the second key identifier is a second enhanced key identifier; generating a second enhanced application key based on the count value associated with the second enhanced key identifier; and transmitting the second enhanced application key to the remote application.
- Aspect 30 The method of any of aspects 28-29, wherein the count value associated with the first enhanced key identifier comprises an encrypted count value.
- Aspect 31 The method of aspect 30, wherein the anchor key is associated with an initial count value, and further comprising decrypting the encrypted count value based on the initial count value and results from a first function.
- Aspect 32 The method of aspect 31, wherein the results from the first function are based on a first key derived from the anchor key.
- Aspect 33 The method of aspect 30, wherein the enhanced key identifier is further generated based on a message authentication code.
- Aspect 34 The method of aspect 33, wherein the message authentication code is generated based on a second key derived from the anchor key.
- Aspect 35 The method of any of aspects 28-34, further comprising generating the first enhanced application key for use with the remote application based on the anchor key and the count value.
- a method for wireless communications comprising: receiving a first key identifier from a user device; transmitting the first key identifier to an authentication server function; receiving, from the authentication server function, a first enhanced application key and an indication that the user device is using an enhanced key identifier; transmitting, to the user device, a response, the response including a request for an updated key identifier; receiving a second key identifier from the user device; transmitting the second key identifier to an authentication server function; receiving, from the authentication server function, a second enhanced application key; and communicating with the user device based on the second enhanced application key.
- a non-transitory computer-readable medium having stored thereon instructions that, when executed by at least one processor, cause the at least one processor to: generate an anchor key based on a key from an authentication server function; associate a count value with the anchor key; generate an enhanced key identifier based on the count value; and transmit the enhanced key identifier to a remote application.
- Aspect 38 The non-transitory computer-readable medium of aspect 37, wherein the instructions further cause the at least one processor to: receive an indication, from the remote application, to refresh the enhanced key identifier; increment the count value; generate a refreshed enhanced key identifier based on the incremented count value; and transmit the refreshed enhanced key identifier to the remote application.
- Aspect 39 The non-transitory computer-readable medium of any of aspects 37-38, wherein the enhanced key identifier is generated based on an encrypted count value.
- Aspect 40 The non-transitory computer-readable medium of aspect 39, wherein the instructions further cause the at least one processor to generate the encrypted count value based on the count value and results from a first function.
- Aspect 41 The non-transitory computer-readable medium of aspect 40, wherein the results from the first function are based on a first key derived from the anchor key.
- Aspect 42 The non-transitory computer-readable medium of aspect 39, wherein the enhanced key identifier is further generated based on a message authentication code.
- Aspect 43 The non-transitory computer-readable medium of aspect 42, wherein the message authentication code is generated based on a second key derived from the anchor key.
- Aspect 44 The non-transitory computer-readable medium of any of aspects 37-43, wherein the instructions further cause the at least one processor to determine to use the enhanced key identifier based on an indication stored in at least one of a memory or a universal subscriber identity module.
- Aspect 45 The non-transitory computer-readable medium of any of aspects 37-44, wherein the instructions further cause the at least one processor to generate an application key for use with the remote application based on the anchor key and the count value. [0203] Aspect 46.
- a non-transitory computer-readable medium having stored thereon instructions that, when executed by at least one processor, cause the at least one processor to: receive an anchor key and key identifier associated with a user device from an authentication server function; receive a first request for an application key from a remote application, the first request including a first key identifier; determine that the first key identifier is a first enhanced key identifier, wherein the first enhanced key identifier includes a count value; generate a first enhanced application key based on the count value associated with the first enhanced key identifier; and transmit the first enhanced application key and an indication that the user device is using an enhanced key identifier to the remote application.
- Aspect 47 The non-transitory computer-readable medium of aspect 46, wherein the instructions further cause the at least one processor to: receive a second request for an application key from a remote application, the second request including a second key identifier; determine that the second key identifier is a second enhanced key identifier; generate a second enhanced application key based on the count value associated with the second enhanced key identifier; and transmit the second enhanced application key to the remote application.
- Aspect 48 The non-transitory computer-readable medium of any of aspects 46-47, wherein the count value associated with the first enhanced key identifier comprises an encrypted count value.
- Aspect 49 The non-transitory computer-readable medium of aspect 48, wherein the anchor key is associated with an initial count value, and wherein the instructions further cause the at least one processor to decrypt the encrypted count value based on the initial count value and results from a first function.
- Aspect 50 The non-transitory computer-readable medium of aspect 49, wherein the results from the first function are based on a first key derived from the anchor key.
- Aspect 51 The non-transitory computer-readable medium of aspect 48, wherein the enhanced key identifier is further generated based on a message authentication code.
- Aspect 52 The non-transitory computer-readable medium of aspect 51, wherein the message authentication code is generated based on a second key derived from the anchor key.
- Aspect 53 The non-transitory computer-readable medium of any of aspects 46-52, wherein the instructions further cause the at least one processor to generate the first enhanced application key for use with the remote application based on the anchor key and the count value.
- a non-transitory computer-readable medium having stored thereon instructions that, when executed by at least one processor, cause the at least one processor to: at least one memory comprising instructions; and at least one processor coupled to the at least one memory and configured to: receive a first key identifier from a user device; transmit the first key identifier to an authentication server function; receive, from the authentication server function, a first enhanced application key and an indication that the user device is using an enhanced key identifier; transmit, to the user device, a response, the response including a request for an updated key identifier; receive a second key identifier from the user device; transmit the second key identifier to an authentication server function; receive, from the authentication server function, a second enhanced application key; and communicate with the user device based on the second enhanced application key.
- Aspect 55 An apparatus comprising means for performing a method according to any of Aspects 18 to 36.
- An apparatus for wireless communications comprising: at least one memory comprising instructions; and at least one processor coupled to the at least one memory and configured to: generate an anchor key based on an authentication server function key; associate a count value with the anchor key; generate a temporary device identifier based on the authentication server function key; generate an enhanced key identifier based on the count value, wherein the enhanced key identifier includes a portion of the temporary device identifier, wherein the portion of the temporary device identifier is less in size than an entire temporary device identifier; and transmit the enhanced key identifier to a remote application.
- Aspect 62 The apparatus of Aspect 61, wherein the enhanced key identifier includes an encrypted count value.
- Aspect 63 The apparatus of Aspect 62, wherein the at least one processor is further configured to generate the encrypted count value based on the count value and results from a first function.
- Aspect 64 The apparatus of Aspect 63, wherein the results from the first function are based on a first key derived from the anchor key.
- Aspect 65 The apparatus of Aspect 64, wherein the enhanced key identifier is further generated based on a message authentication code.
- Aspect 66 The apparatus of Aspect 65, wherein the message authentication code is generated based on a second key derived from the anchor key.
- Aspect 67 The apparatus of Aspect 66, wherein the message authentication code is further generated based on at least one of the portion of the temporary device identifier or an identifier of a remote application.
- Aspect 68 The apparatus of any of Aspects 61-67, wherein the portion of the temporary device identifier comprises a first 128 bits of the temporary device identifier.
- Aspect 69 The apparatus of any of Aspects 61-68, wherein the at least one processor is further configured to: receive an indication, from the remote application, to refresh the enhanced key identifier; increment the count value based on the received indication; generate a refreshed enhanced key identifier based on the incremented count value; and transmit the refreshed enhanced key identifier to the remote application.
- Aspect 70 The apparatus of any of Aspects 61 -69, wherein the at least one processor is configured to determine to use the enhanced key identifier based on an indication stored in at least one of the memory or a universal subscriber identity module.
- Aspect 71 The apparatus of any of Aspects 61-70, wherein the at least one processor is further configured to generate an application key for use with the remote application based on the anchor key and the count value.
- a method for wireless communications comprising: generating an anchor key based on an authentication server function key; associating a count value with the anchor key; generating a temporary device identifier based on the authentication server function key; generating an enhanced key identifier based on the count value, wherein the enhanced key identifier includes a portion of the temporary device identifier, wherein the portion of the temporary device identifier is less in size than an entire temporary device identifier; and transmitting the enhanced key identifier to a remote application.
- Aspect 73 The method of Aspect 72, wherein the enhanced key identifier includes an encrypted count value.
- Aspect 74 The method of Aspect 73, further comprising generating the encrypted count value based on the count value and results from a first function.
- Aspect 75 The method of Aspect 74, wherein the results from the first function are based on a first key derived from the anchor key.
- Aspect 76 The method of Aspect 75, wherein the enhanced key identifier is further generated based on a message authentication code.
- Aspect 77 The method of Aspect 76, wherein the message authentication code is generated based on a second key derived from the anchor key.
- Aspect 78 The method of Aspect 77, wherein the message authentication code is further generated based on at least one of the portion of the temporary device identifier or an identifier of a remote application.
- Aspect 79 The method of any of Aspects 72-77, wherein the portion of the temporary device identifier comprises a first 128 bits of the temporary device identifier.
- Aspect 80 The method of any of Aspects 72-79, further comprising: receiving an indication, from the remote application, to refresh the enhanced key identifier; incrementing the count value based on the received indication; generating a refreshed enhanced key identifier based on the incremented count value; and transmitting the refreshed enhanced key identifier to the remote application.
- Aspect 81 The method of any of Aspects 72-80, further comprising determining to use the enhanced key identifier based on an indication stored in a memory or a universal subscriber identity module.
- Aspect 82 The method of any of Aspects 72-81, further comprising generating an application key for use with the remote application based on the anchor key and the count value.
- a non-transitory computer-readable medium having stored thereon instructions that, when executed by at least one processor, cause the at least one processor to: generate an anchor key based on an authentication server function key; associate a count value with the anchor key; generate a temporary device identifier based on the authentication server function key; generate an enhanced key identifier based on the count value, wherein the enhanced key identifier includes a portion of the temporary device identifier, wherein the portion of the temporary device identifier is less in size than an entire temporary device identifier; and transmit the enhanced key identifier to a remote application.
- Aspect 84 The non-transitory computer-readable medium of Aspect 83, wherein the enhanced key identifier includes an encrypted count value.
- Aspect 85 The non-transitory computer-readable medium of Aspect 84, wherein the at least one processor is further configured to generate the encrypted count value based on the count value and results from a first function.
- Aspect 86 The non-transitory computer-readable medium of Aspect 85, wherein the results from the first function are based on a first key derived from the anchor key.
- Aspect 87 The non-transitory computer-readable medium of Aspect 86, wherein the enhanced key identifier is further generated based on a message authentication code.
- Aspect 88 The non-transitory computer-readable medium of Aspect 87, wherein the message authentication code is generated based on a second key derived from the anchor key.
- Aspect 89 The non-transitory computer-readable medium of Aspect 88, wherein the message authentication code is further generated based on at least one of the portion of the temporary device identifier or an identifier of a remote application.
- Aspect 90 The non-transitory computer-readable medium of any of Aspects 83-89, wherein the portion of the temporary device identifier comprises a first 128 bits of the temporary device identifier.
- Aspect 91 The non-transitory computer-readable medium of any of Aspects 83-90, wherein the at least one processor is further configured to: receive an indication, from the remote application, to refresh the enhanced key identifier; increment the count value based on the received indication; generate a refreshed enhanced key identifier based on the incremented count value; and transmit the refreshed enhanced key identifier to the remote application.
- Aspect 92 The non-transitory computer-readable medium of any of Aspects 83-91 , wherein the at least one processor is configured to determine to use the enhanced key identifier based on an indication stored in a memory or a universal subscriber identity module.
- Aspect 93 The non-transitory computer-readable medium of any of Aspects 83-92, wherein the at least one processor is further configured to generate an application key for use with the remote application based on the anchor key and the count value.
- Aspect 94 An apparatus comprising means for performing a method according to any of Aspects 72-82.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
Des systèmes et des techniques destinés aux communications sans fil sont décrits. Par exemple, un processus peut consister à générer une clé d'ancrage sur la base d'une clé de fonction de serveur d'authentification ; à associer une valeur de comptage à la clé d'ancrage ; à générer un identifiant de dispositif temporaire sur la base de la clé de fonction de serveur d'authentification ; à générer un identifiant de clé amélioré sur la base de la valeur de comptage, l'identifiant de clé amélioré comprenant une partie de l'identifiant de dispositif temporaire, la partie de l'identifiant de dispositif temporaire étant inférieure en taille à un identifiant de dispositif temporaire complet ; et à transmettre l'identifiant de clé amélioré à une application distante.
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US202263383216P | 2022-11-10 | 2022-11-10 | |
US63/383,216 | 2022-11-10 | ||
US18/504,042 | 2023-11-07 | ||
US18/504,042 US20240163110A1 (en) | 2022-11-10 | 2023-11-07 | Authentication and key management for applications (akma) application key (kaf) refresh |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2024102847A1 true WO2024102847A1 (fr) | 2024-05-16 |
Family
ID=89168334
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2023/079143 WO2024102847A1 (fr) | 2022-11-10 | 2023-11-08 | Authentification et gestion de clé pour rafraîchissement de clé d'application (kaf) d'applications (akma) |
Country Status (1)
Country | Link |
---|---|
WO (1) | WO2024102847A1 (fr) |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2021167399A1 (fr) * | 2020-02-19 | 2021-08-26 | Samsung Electronics Co., Ltd. | Appareil et procédé de génération de clés spécifiques à une application au moyen d'une clé dérivée d'une authentification d'accès au réseau |
-
2023
- 2023-11-08 WO PCT/US2023/079143 patent/WO2024102847A1/fr unknown
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2021167399A1 (fr) * | 2020-02-19 | 2021-08-26 | Samsung Electronics Co., Ltd. | Appareil et procédé de génération de clés spécifiques à une application au moyen d'une clé dérivée d'une authentification d'accès au réseau |
Non-Patent Citations (5)
Title |
---|
CHINA MOBILE: "Clean up of TR 33.835", vol. SA WG3, no. e-meeting; 20200511 - 20200515, 12 June 2020 (2020-06-12), XP052432809, Retrieved from the Internet <URL:https://ftp.3gpp.org/tsg_sa/TSG_SA/TSGS_88E_Electronic/Docs/SP-200375.zip 33835_CR0001_(Rel-16)_33835_CR0001_FS_AKMA_(16)_S3-201143 clean up of TR 33.835.docx> [retrieved on 20200612] * |
OPPO: "New solution: Security procedure of KAF refresh", vol. SA WG3, no. e-meeting; 20220516 - 20220520, 9 May 2022 (2022-05-09), XP052195225, Retrieved from the Internet <URL:https://ftp.3gpp.org/tsg_sa/WG3_Security/TSGS3_107e/Docs/S3-220900.zip S3-220900 New solution Security procedure of KAF refresh-Counter.docx> [retrieved on 20220509] * |
QUALCOMM INCORPORATED: "pCR : AKMA Temporary UE Identifier", vol. SA WG3, no. e-meeting; 20200414 - 20200417, 3 April 2020 (2020-04-03), XP052470813, Retrieved from the Internet <URL:https://ftp.3gpp.org/tsg_sa/WG3_Security/TSGS3_98Bis_e/Docs/S3-200770.zip S3-200770.doc> [retrieved on 20200403] * |
SAMSUNG: "AKMA and Application Key Derivation", vol. SA WG3, no. e-meeting; 20200302 - 20200306, 21 February 2020 (2020-02-21), XP052470991, Retrieved from the Internet <URL:https://ftp.3gpp.org/tsg_sa/WG3_Security/TSGS3_98e/Docs/S3-200171.zip S3-200171-AKMAkeyderivation.doc> [retrieved on 20200221] * |
ZTE: "pCR to TS 33.535: Define the A-TID format", vol. SA WG3, no. e-meeting; 20200511 - 20200515, 1 May 2020 (2020-05-01), XP052471458, Retrieved from the Internet <URL:https://ftp.3gpp.org/tsg_sa/WG3_Security/TSGS3_99e/Docs/S3-200971.zip S3-200971.doc> [retrieved on 20200501] * |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20230319750A1 (en) | Signal synchronization for over-the-air aggregation in a federated learning framework | |
WO2024054827A1 (fr) | Rapport mixte de signal de référence de liaison descendante et d'informations de rétroaction | |
WO2023192742A1 (fr) | Maintien du temps d'occupation de canal dans une communication en liaison latérale | |
EP4338401A1 (fr) | Gestion d'interrogations d'un système de noms de domaine pour un service d'application en périphérie | |
US20240163110A1 (en) | Authentication and key management for applications (akma) application key (kaf) refresh | |
US20240171978A1 (en) | User equipment (ue) parameters update header integrity protection in wireless systems | |
US20240155412A1 (en) | Enhanced privacy for priority access in wireless systems | |
WO2024102847A1 (fr) | Authentification et gestion de clé pour rafraîchissement de clé d'application (kaf) d'applications (akma) | |
US20240014910A1 (en) | Idle mode throughput projection using physical layer measurements | |
WO2023225945A1 (fr) | Mise en forme probabiliste de constellation pour agrégation de créneaux | |
US20240276257A1 (en) | Enhanced beam failure detection for candidate cells | |
US20240089071A1 (en) | Sub-band frequency division duplex feature set capability indication | |
WO2023212907A1 (fr) | Signalisation de couche 1 (l1) et de couche (l2) de changements de cellule et/ou de faisceau | |
US20240171676A1 (en) | Selective recording of multiuser calls | |
US20240205788A1 (en) | Multipath signaling for physical layer security | |
WO2024097421A1 (fr) | Confidentialité améliorée pour accès prioritaire dans des systèmes sans fil | |
US11903011B2 (en) | Adjusting base station transmit power based on user equipment signal measurements | |
WO2024215450A1 (fr) | Procédé et appareil de preuve de couverture | |
WO2024064635A1 (fr) | Bloc de signal de synchronisation de liaison latérale pour améliorer la couverture dans un spectre sans licence | |
US11824271B1 (en) | Transmit and receive antenna array configuration for radio frequency beamforming | |
US20230361476A1 (en) | Radio frequency beamforming device with cylindrical lens | |
US20240276241A1 (en) | Functionality based two-sided machine learning operations | |
US20240161012A1 (en) | Fine-tuning of machine learning models across multiple network devices | |
WO2024207411A1 (fr) | Gestion de capacité dynamique de caractéristiques d'intelligence artificielle (ia)/d'apprentissage automatique, d'identifiants de modèle et/ou d'informations d'assistance | |
US20230297875A1 (en) | Federated learning in a disaggregated radio access network |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 23821826 Country of ref document: EP Kind code of ref document: A1 |