WO2025165641A1 - Methods and devices for efficiently establishing security algorithm(s) used by a user equipment - Google Patents

Methods and devices for efficiently establishing security algorithm(s) used by a user equipment

Info

Publication number
WO2025165641A1
WO2025165641A1 PCT/US2025/012737 US2025012737W WO2025165641A1 WO 2025165641 A1 WO2025165641 A1 WO 2025165641A1 US 2025012737 W US2025012737 W US 2025012737W WO 2025165641 A1 WO2025165641 A1 WO 2025165641A1
Authority
WO
WIPO (PCT)
Prior art keywords
plmn
message
security
network
security algorithm
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
PCT/US2025/012737
Other languages
French (fr)
Inventor
Chien-Chun Huang-Fu
Chih-Hsiang Wu
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Google LLC
Original Assignee
Google LLC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Google LLC filed Critical Google LLC
Publication of WO2025165641A1 publication Critical patent/WO2025165641A1/en
Pending legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • H04L63/205Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity

Definitions

  • This document describes methods and devices (e g., user equipment, UE, and network entity, NE) operating in wireless communication systems, such as (but not limited to) the ones described in 3 rd Generation Partnership Project (3GPP) technical specifications, known as the Fifth Generation (5G) or Long Term Evolution (LTE) communication systems. More particularly, the methods and devices employ techniques for efficiently establishing security algorithm(s) used by a UE for encryption and integrity protection of user and signaling data.
  • 3GPP 3 rd Generation Partnership Project
  • LTE Long Term Evolution
  • the Packet Data Convergence Protocol (PDCP) sublayer of the radio protocol stack provides services such as transfer of userplane data, ciphering, integrity protection, etc.
  • the PDCP layer defined for the Evolved Universal Terrestrial Radio Access (EUTRA) radio interface (see 3GPP technical specification, TS, 36.323) and New Radio (NR) (see 3GPP TS 38.323) provides sequencing of protocol data units (PDUs) transmitted in the uplink direction (from a user device, also known as a user equipment (UE), to a base station) as well as in the downlink direction (from the base station to the UE).
  • EUTRA Evolved Universal Terrestrial Radio Access
  • NR New Radio
  • the PDCP sublayer provides signaling radio bearers (SRBs) and data radio bearers (DRBs) to the Radio Resource Control (RRC) sublayer.
  • SRBs signaling radio bearers
  • DRBs data radio bearers
  • RRC Radio Resource Control
  • the UE and a base station can use SRBs to exchange RRC messages as well as non-access stratum (NAS) messages and can use DRBs to transport data on a user plane.
  • NAS non-access stratum
  • the PDCP ciphering function is configured to perform data encryption and decryption.
  • 128-bit ciphering algorithms operate as illustrated in Fig. 1 .
  • Both sender 101 and receiver 111 (which each may be a UE or a network entity, such as, a base station) use a ciphering algorithm to generate an output KEYSTREAM block using a 128-bit cipher KEY, a 32-bit COUNT, a 5-bit BEARER identity, the 1 -bit DIRECTION of the transmission (which is 0 for uplink and 1 for downlink), and the LENGTH of the keystream as input parameters.
  • the sender 101 then uses the KEYSTREAM block to encrypt the PLAINTEXT block thereby generating the output CIPHERTEXT block.
  • the receiver 111 uses the KEYSTREAM block, which it generates in the same manner as the sender, to decrypt the CIPHERTEXT block thereby regenerating the output PLAINTEXT block.
  • the sender 101 and the receiver 111 use the same ciphering algorithm that may be a null ciphering algorithm known as (EEA0 in LTE and NEA0 in 5G), a 128-bit SNOW 3G based algorithm (known as 128-EEA1 in LTE and 128-NEA1 in 5G), a 128-bit AES based algorithm (known as 128-EEA2 in LTE and 128-NEA2 in 5G) and, optionally, a 128-bit ZUC based algorithm (known as 128- EEA3 in LTE and 128-NEA3 in 5G).
  • a null ciphering algorithm known as (EEA0 in LTE and NEA0 in 5G)
  • 128-bit SNOW 3G based algorithm known as 1
  • the PDCP integrity protection function is configured to perform data integrity protection and data integrity verification.
  • 128-bit integrity algorithms operate as illustrated in Fig. 2.
  • the sender 201 and the receiver 211 use the same integrity algorithm to generate a 32-bit message authentication code MAC-I/NAS-MAC and XMAC-I/XNAS-MAC (here X stands for “expected”), respectively, based on a 128- bit integrity KEY, a 32-bit COUNT, a 5-bit BEARER identity, and a 1 -bit DIRECTION of the transmission, and the MESSAGE itself.
  • the integrity algorithm may be a null algorithm known as (EIA0 in LTE and NIA0 in 5G), a 128-bit SNOW 3G based algorithm (known as 128-EIA1 in LTE and 128-NIA1 in 5G), a 128-bit AES based algorithm (known as 128-EIA2 in LTE and 128-NIA2 in 5G) and, optionally, a 128-bit ZUC based algorithm (known as 128-EIA3 in LTE and 128-NIA3 in 5G).
  • the sender 201 appends the 32-bit message authentication code MAC-I/NAS-MAC to the message.
  • the receiver 211 verifies integrity by comparing XMAC-I/XNAS-MAC with the MAC-I/NAS-MAC appended to the message.
  • the sender 201 applies the data integrity protection before data ciphering, and the receiver 211 deciphers verifies data integrity deciphering a received message.
  • Fig. 3 is a signal diagram illustrating the conventional approach to establishing a security algorithm and the problems (issues) created by this approach.
  • the term “security algorithm” refers to either the ciphering algorithm, the integrity algorithm, or both.
  • a core network device or a radio access network, RAN, device such as, a base station (BS) of a public land mobile network (PLMN) (the BS being represented by a box labeled “PLMN 311” in Fig. 3) initiates establishing the security context (e.g., algorithm(s)) by sending 312, to the UE 301 , a security mode command (SMC) message specifying a network-selected security algorithm.
  • the security algorithm is related to NAS layer communications (i.e.
  • a security mode control procedure thus initiated activates NAS security or modifies the NAS layer security context.
  • the security algorithm is related to access stratum (AS) layer communications (i.e., between the UE and the RAN, e.g., a base station)
  • the security mode control procedure activates AS security upon establishing a radio resource control (RRC) connection.
  • RRC radio resource control
  • the UE 301 then assesses whether the network-selected security algorithm is appropriate.
  • the UE 301 may detect 314 that the network-selected security algorithm is not appropriate (e.g., the UE requires a higher level security algorithm than the level of the received 312 network-selected security algorithm). If the security algorithm is related to NAS layer communications, the UE 301 rejects the network-selected security algorithm by sending 316, to the PLMN 311 , a reject (SMR) message including a generic code (e.g., #24). If the security algorithm is related to AS layer communications, the UE 301 rejects the security mode command by sending a security mode failure message to the PLMN 311 .
  • SMR reject
  • a first issue 317 observed in the conventional approach is that the NE sometimes repeats sending 312A the SMC indicating the same security algorithm that was rejected.
  • the UE 301 then repeats 318 rejecting the security mode 318 (e.g., as in 314 and 316) thereby failing the security mode control procedure (i.e., failing to activate security).
  • the UE 301 is therefore unable to complete the corresponding registration procedure or service request procedure. In this situation, the UE wastes energy and communication resources because the network’s algorithm selection does not yield a different algorithm (one that may fulfill the UE’s desired security level).
  • the (repeated) failure(s) of the security mode control procedure causes deregistration 320.
  • the PLMN 311 initiates deregistration but the UE 301 may also initiate the deregistration.
  • the deregistered UE 301 may reselect 322 the same PLMN 311 and again fail the security mode control procedure because the PLMN 311 selects the same already-rejected security algorithm.
  • a second issue 319 is that, in the conventional approach, the PLMN selection strategy doesn’t take into consideration prior registration failures related to establishing a security algorithm, thereby wasting energy and communication resources by re-iterating the UE’s attempt to attach to the same network, yielding the same failure due to the security algorithm rejection.
  • a UE is configured to provide, to the network, an indication for a UE-preferred security algorithm in a message rejecting a network-selected security algorithm.
  • a UE avoids reselecting a PLMN, that has selected a security algorithm rejected by the UE, by storing that PLMN’s ID in a forbidden PLMN list.
  • the network-selected security algorithm (and a corresponding UE-preferred security algorithm) may be an encryption (ciphering) algorithm and/or a data integrity algorithm.
  • N predetermined number of failures to activate security with a PLMN due to rejecting the network-selected security algorithm
  • the UE may add a PLMN’s ID to the forbidden PLMN list.
  • the UE includes a modem configured to communicate with the network and an application processor (AP) configured to support AP to/from modem message exchange for enhancing security algorithm negotiation.
  • the AP may provide, to the modem, information regarding preferred or non-preferred security algorithm(s), to enable the modem to decide whether the network-selected security algorithm is adequate.
  • the modem informs the AP about the network-selected security algorithm, and the AP then determines whether the network-selected security algorithm is adequate.
  • the AP prompts the modem to initiate de-registration and then to request a new registration.
  • the AP prompts the modem to modify or release a PDU session while specifying the UE-preferred security algorithm.
  • a network entity such as, a base station or a device executing a network core function in a PLMN, receives, from a UE, an indication for a UE-preferred security algorithm, and responds with an SMC directing the UE to use the UE-preferred security algorithm for activating security.
  • Fig. 1 illustrates using a ciphering algorithm.
  • Fig. 2 illustrates using a data integrity algorithm.
  • Fig. 3 is a signal diagram illustrating the problems with the conventional approach.
  • FIG. 4 schematically illustrates a wireless communication system in which techniques according to various embodiments are implemented.
  • Fig. 5 illustrates the communication protocol stack.
  • Fig. 6 is a signal diagram illustrating a security activation technique according to an embodiment.
  • Fig. 7 is a signal diagram illustrating a security activation technique with UE-requested deactivation according to an embodiment.
  • Fig. 8 is a signal diagram illustrating a security activation technique with NE-requested deactivation according to an embodiment.
  • Fig. 9 is a block diagram of a UE including a modem and an application processor (AP) configured to implement various techniques according to an embodiment.
  • AP application processor
  • Fig. 10 is a signal diagram illustrating a security activation method employing a UE having a modem and an AP, according to an embodiment.
  • FIG. 11 is a signal diagram illustrating another security activation method employing a UE having a modem and an AP, according to an embodiment.
  • Fig. 12 is a signal diagram illustrating the manner of handling security activation failures by a UE having a modem and an AP, according to an embodiment.
  • Fig. 13 is a signal diagram illustrating another security activation method employing a UE having a modem and an AP, according to an embodiment.
  • FIG. 1 is a flow diagram of a UE method according to an embodiment.
  • Fig. 17 is a flow diagram of an NE method according to another embodiment.
  • a UE and a PLMN device may cooperatively operate to solve the above-identified problems related to establishing security algorithms.
  • the security algorithms may be associated with NAS or AS communications, 3GPP access or non-3GPP access, ciphering, or integrity protection.
  • the term “security algorithm” as used below represents any of these security algorithms.
  • FIG. 4 provides a brief description of a wireless communication system that supports the later-described embodiments.
  • Fig. 4 illustrates a wireless communication system 400 includes a UE 402, a base station (BS) 404, a BS 406, a core network (ON) 410, and a CN 409.
  • the BS 404 operates in a RAN 405 connected to the CN 410.
  • the CN 410 may be an evolved packet core (EPC) 411 , a fifth generation (5G) core (5GC) 460, a sixth generation (6G) core or another wireless network core.
  • the BS 406 similarly operates in a RAN 403 connected to the CN 409.
  • the RAN 405 and the CN 410 belong to a PLMN 408, while the RAN 403 and the CN 409 belong to a PLMN 407.
  • the BS 404 covers a cell 424, and the BS 406 covers a cell 426. If the BS 404 is a gNB, then the cell 424 is an NR cell. If the BS 404 is an ng-eNB or an eNB, then the cell 424 is an evolved universal terrestrial radio access (E-UTRA) cell.
  • E-UTRA evolved universal terrestrial radio access
  • the cell 426 is an NR cell
  • the cell 426 is an E-UTRA cell
  • the cells 424 and 426 may be in the same Radio Access Network Notification Areas (RNA) or different RNAs.
  • RNA Radio Access Network Notification Areas
  • Each of the RANs 405 and 403 may include any number of BSs, and each of the BSs covers one or more cells.
  • the UE 402 includes a 5G NR (or simply, “NR”) and/or an E-UTRA air interface to communicate with the BSs 404 and 406.
  • the BS 404 connects to the CN 410 via an interface, such as, an S1 or an NG interface as defined in 3GPP technical specifications.
  • the BS 404 and other BSs in RAN 405 may be interconnected via an interface X2 or Xn interface as defined in 3GPP technical specifications.
  • the BS 406 connects to the CN 409 via an S1 or NG interface and may be interconnected with other BSs of RAN 403 via an X2 or an Xn interface.
  • the EPC 411 may include a Serving Gateway (SGW) 412, a Mobility Management Entity (MME) 414, and a Packet Data Network Gateway (PGW) 416.
  • SGW Serving Gateway
  • MME Mobility Management Entity
  • PGW Packet Data Network Gateway
  • the SGW 412 in general is configured to transfer user-plane packets related to audio calls, video calls, Internet traffic, etc.
  • the MME 414 is configured to manage authentication, registration, paging, and other related functions.
  • the PGW 416 provides connectivity from the UE to one or more external packet data networks, e.g., an Internet network and/or an Internet Protocol (IP) Multimedia Subsystem (IMS) network.
  • IP Internet Protocol
  • IMS Internet Multimedia Subsystem
  • the EPC 411 may include other MME, SGW and/or PGW nodes not shown in Fig. 4.
  • the 5GC 460 includes a User Plane Function (UPF) 462, an Access and Mobility Management Function (AMF) 464, and a Session Management Function (SMF) 466.
  • the UPF 462 is configured to transfer user-plane packets related to audio calls, video calls, Internet traffic, etc.
  • the AMF 464 is configured to manage authentication, registration, paging, and other related functions, and the SMF 466 is configured to manage PDU sessions.
  • the 5GC 460 may include other AMF, SMF, and/or UPF instances not shown in Fig. 4, as well as other core network nodes.
  • the CN 409 has similar components to the above-discussed components of the CN 410.
  • the cells 424 and 426 may partially overlap, so that the UE 402 can select, reselect, or hand over from one of the cells 424 and 426 to the other.
  • the BS 404 and the BS 406 may support an X2 or an Xn interface.
  • the CN 410 is able to connect to plural BSs supporting NR cells and/or EUTRA cells.
  • the BS 404 is equipped with processing hardware 430 that includes one or more general-purpose processors (e.g., CPUs or special-purpose processing units), such as, processor 432 and a non-transitory computer-readable memory (CRM) storing instructions that the one or more general-purpose processors execute.
  • the processor 432 is configured to process data that the BS 404 transmits in the downlink direction, or data that the BS 404 receives in the uplink direction.
  • the processing hardware 430 also includes a transceiver 434 configured to transmit data in the downlink direction and to receive data in the uplink direction.
  • the CRM (not shown) stores executable codes for the processor 432 in cooperation with the transceiver 434 to perform methods according to embodiments described in this section.
  • the BS 406 includes components (not shown) similar to the BS 404’s components 430, 432, and 434, respectively.
  • the UE 402 is equipped with processing hardware 440 that can include one or more general-purpose processors (e.g., CPUs or special-purpose processing units), and non-transitory CRM (not shown) storing machine-readable instructions executable on the one or more general-purpose processors, and/or special-purpose processing units.
  • the processing hardware 440 includes the processor 442 configured to prepare data that the UE 402 transmits in the uplink direction, or to process data that the UE 402 has received in the downlink direction.
  • the processing hardware 440 also includes a transceiver 444 configured to transmit data in the uplink direction and to receive data in the downlink direction.
  • the processing hardware 440 further includes a protocol controller 446 configured to perform communication functions of protocol layers (e.g., the communication functions including mobility management functions, session management functions, and/or radio resource control functions).
  • Fig. 5 exemplarily illustrates, in a simplified manner, a protocol stack 500 according to which the UE 402 can communicate with an eNB/ng-eNB or a gNB (e.g., one or more of the base stations 404, 406) and the CN 410.
  • the protocol stack 500 includes a physical (PHY) layer 502 that provides transport channels to a media access control (MAC) layer 504, which in turn provides logical channels to a radio link control (RLC) layer 506.
  • the RLC layer 506, provides RLC channels to a PDCP sublayer 508.
  • the PDCP sublayer 508 then provides data transfer services to a radio resource control (RRC) sublayer 510, an Internet Protocol (IP) layer and/or a Service Data Adaptation Protocol (SDAP) sublayer (not shown in Fig. 5).
  • RRC radio resource control
  • IP Internet Protocol
  • SDAP Service Data Adaptation Protocol
  • the PDCP sublayer 508 receives packets (e.g., from the RRC sublayer 510, the SDAP sublayer, or the IP layer, layered directly or indirectly over the PDCP layer 508) that can be referred to as service data units (SDUs), and output packets (e.g., to the RLC layer 506) that can be referred to as protocol data units (PDlls).
  • SDUs service data units
  • PDlls protocol data units
  • the PHY layer 502, MAC sublayer 504, RLC sublayer 506, PDCP sublayer 508, RRC sublayer 510 are EUTRA layers or sublayers. In other implementations, the PHY layer 502, MAC sublayer 504, RLC sublayer 506, PDCP sublayer 508, RRC sublayer 510 are NR layers or sublayers.
  • the RRC sublayer 510 provides data transfer services to a NAS layer 512, which includes a mobility management (MM) sublayer and/or a session management (SM) sublayer.
  • the MM sublayer is an EPS MM (EMM) sublayer.
  • the MM sublayer is a 5G MM (5GMM) sublayer.
  • the SM sublayer is an EPS SM (ESM) sublayer.
  • the SM sublayer is a 5G SM (5GSM) sublayer.
  • the PDCP sublayer 508 provides SRBs to the RRC sublayer 510 to exchange RRC messages or NAS messages (e.g., MM messages and/or SM messages), for example.
  • the PDCP sublayer 508 can provide DRBs to support user plane data exchange.
  • User plane data exchanged on the PDCP sublayer 508 can be SDAP PDUs, Internet Protocol (IP) packets or Ethernet packets.
  • IP Internet Protocol
  • Figs. 6-8 are signal diagrams illustrating scenarios in which a UE (e.g., 402 in Fig. 4) and a PLMN device (e.g., BS 404, another RAN 405 device, or a wireless device of the CN 410 in Fig. 4, the PLMN device being labeled simply “PLMN 408” in these figures) operate using security activation techniques according to various embodiments.
  • Similar events in Figs. 6-8 are similarly labeled (for example, events 702, 712, and 714 in Fig. 7 are similar to events 602, 612, and 614 in Fig. 6).
  • Fig. 6 is a signal diagram 600 illustrating a security activation technique according to an embodiment.
  • the UE 402 communicates with a PLMN 408 (which may be, as already mentioned above, BS 404, a device of the CN 410 and/or the RAN 405).
  • a PLMN 408 which may be, as already mentioned above, BS 404, a device of the CN 410 and/or the RAN 405
  • the UE 402 is connected 602 (i.e. the UE 402 is in a connected state) to the PLMN.
  • the connected state may be an ECM-CONNECTED state or EMM- CONNECTED state with an MME (e.g., MME 414) in the CN 410 (e.g., EPC 411 ).
  • MME e.g., MME 414
  • the connected state may be a 5GCM-CONNECTED state or 5GMM-CONNECTED state with an AMF 464 of the 5GC 460.
  • the connected state is an RRC_CONNECTED state.
  • the UE 402 is camped on a cell 424 of PLMN 408 shown in Fig. 4.
  • the UE 402 receives 612 an SMC message from the PLMN 408.
  • the SMC message indicates a network-selected security algorithm (which may be a ciphering algorithm and/or a data integrity algorithm) to be applied for communications between the UE and the PLMN over the NAS layer control plane and/or AS layer control/user plane protocols.
  • the UE 402 determines 614 whether the network-selected security algorithm is preferred (i.e. adequate from the UE’s perspective). The UE 402 may determine that the network-selected security algorithm is not preferred because the network-selected security algorithm is less secure than the UE-preferred security algorithm(s). If the network-selected security algorithm is not preferred, the UE 402 sends 615 a security mode reject message to the PLMN 408, the message including an indication of a UE-preferred security algorithm.
  • the PLMN 408 Upon receiving 615 the security mode reject message, the PLMN 408 then selects 617 the UE preferred security algorithm(s), and then sends 613 another SMC message indicating the UE-preferred security algorithm(s). The UE 402 then sends 619 a security mode complete message to signal that the security mode control procedure has been completed thereby activating one or more security protections using the UE- preferred security algorithm(s). After activating the security protection(s), the UE 402 communicates 620 with the PLMN 408 using the UE-preferred security algorithm(s).
  • the security protection(s) include integrity protection/integrity check and the UE-preferred security algorithm (s) include a first algorithm used for integrity protection/integrity check.
  • the security protection(s) include encryption/decryption and the UE preferred security algorithm (s) include a second algorithm used for encrypting/decrypting.
  • the network 408 when receiving 615 the indication about the UE- preferred security algorithm(s), stores this information for the next time when the PLMN 408 initiates activating or reactivating security protection for communication with the UE 402. In other implementations, when receiving 615 the indication about the UE-preferred security algorithm(s), the PLMN 408 forwards this information to a server (e.g., Home Subscriber Server) for storing. Later, when the UE 402 connects again to the PLMN, the PLMN 408 may retrieve the information from the server. The PLMN 408 then transmits 613 an SMC message indicating the UE- preferred security algorithm(s) to the UE 402 and avoids another security mode rejection.
  • a server e.g., Home Subscriber Server
  • the UE 402 applies the UE- preferred security algorithm(s) to UL NAS messages and/or DL NAS messages later exchanged between the UE 402 and the CN 410.
  • the security mode reject message is a UL RRC message (e.g., a SecurityModeFailure message)
  • the UE 402 applies the UE-preferred security algorithm(s) to UL RRC messages and/or DL RRC messages exchanged between the UE 402 and the RAN 405 (i.e. , the UE 402 applies the UE-preferred security algorithm(s) to UL data and/or DL data exchanged via a DRB between the UE 402 and the RAN 405).
  • Fig. 7 is a signal diagram 700 illustrating a scenario similar to the one illustrated in Fig. 6. Because the events 702, 712, and 714 are similar to the events 602, 612, and 614 in Fig. 6, their description is omitted. The differences between Figs.
  • a security mode reject message including a generic cause code (without indicating the UE-preferred security algorithm as in 615).
  • the generic cause code does not inform the PLMN 408 about the reason for the UE 402 rejecting the network-selected algorithm.
  • the generic cause code may be a code specified in 3GPP technical specification 24.301 or 24.501.
  • Events 712, 714, and 716 are symbolically grouped in a dashed line box labeled 750 as these events correspond to a security activation failure.
  • the PLMN 408 is not aware of the UE- preferred security algorithm(s), and therefore the PLMN 408 might keep indicating the same security algorithm in subsequent attempts to activate security with the UE as described with reference to FIG. 3 issue 317.
  • N failures of the security activation procedure 754 N being an integer larger than 0
  • the UE 402 may determine 718 to enter an idle state.
  • the UE 402 then transitions to the idle state from the connected state.
  • the UE 402 performs a local release to enter the idle state in response to the determination 718, without transmitting an indication to the PLMN 408 to request or indicate UE’s transition to the idle state.
  • the UE 402 refrains from transmitting UL messages and waits to receive a connection release message (e.g., an RRCConnectionRelease message or an RRCRelease message as defined in the 3GPP technical specifications) from the network to transition to the idle state.
  • the UE 402 transitions to the idle state upon receiving a connection release message from the network.
  • the UE 402 starts a timer while waiting to receive a connection release message, and if the timer expires before receiving a connection release message, the UE 402 enters the idle state even if the connection release message has not yet been received.
  • the UE 402 initiates a deregistration procedure by sending 721 a deregistration request to the PLMN 408.
  • the PLMN 408 transmits 723 a deregistration accept message.
  • the UE 402 enters the idle state as described above.
  • the deregistration request message and deregistration accept message are a Detach Request message and a Detach Accept message, respectively, as such messages are described in the 3GPP technical specifications.
  • the deregistration request message and deregistration accept message are a Deregistration Request message and a Deregistration Accept message, respectively, as such messages are described in the 3GPP technical specifications.
  • the UE 402 After (e.g., in response to) performing the N failures of the security activation procedure 754, the UE 402 stores 727 a PLMN ID of the PLMN 408 in a forbidden PLMN list, and may then search 729 for a suitable cell on a different PLMN (e.g., PLMN 407 in Fig. 4).
  • the UE 402 may initiate a new PLMN selection procedure to perform the cell search, the new PLMN selection procedure taking into consideration the forbidden PLMN list.
  • the UE 402 may keep the PLMN ID in the forbidden PLMN list for a predefined time interval and may also maintain information on the security algorithm(s), which is selected by the network but not adequate from the UE perspective.
  • the UE 402 may store the forbidden PLMN list in a non-volatile memory in the UE, a Universal Subscriber Identity Module (USIM), or an embedded USIM (profile).
  • USIM Universal Subscriber Identity Module
  • profile an embedded USIM
  • the forbidden PLMN list may be associated with a Subscriber Permanent Identifier (SUPI), the UE 402 using the forbidden PLMN list when a SUPI from the USIM matches the associated SUPI.
  • SUPI Subscriber Permanent Identifier
  • the UE 402 may remove the PLMN ID from the forbidden PLMN list after the predefined time interval, and may then (i.e.
  • the UE 402 may remove the forbidden PLMN list from the UE memory or the USIM and/or replace the forbidden PLMN list (i.e., a first forbidden PLMN list) with a second forbidden PLMN list pre-stored in the UE or the USIM.
  • the second forbidden PLMN list does not include the PLMN ID of the PLMN 408.
  • the UE 402 may perform a PLMN selection to select the PLMN 408 or access a cell of the PLMN 408.
  • the UE 402 may change its preferred security algorithm (s) and then find a previously-rejected network-selected security algorithm(s) as being adequate. In such cases, the UE 402 removes the PLMN ID from the forbidden PLMN list and may then select the PLMN.
  • Fig. 8 is a signal diagram 800 illustrating a scenario similar to the ones illustrated in Figs. 6. and 7.
  • Events 802 and 855 in Fig. 8 are similar to events 702, and 750, 754 (although M and N may be different integer numbers) in Fig. 7, and, therefore, their description is not repeated.
  • the PLMN 804 determines 856 to reject the UE following the M (with M an integer M>1 and potentially different from N) failures 855 of the security activation procedures.
  • the deregistration procedure is triggered by the PLMN 408 by sending 858 a deregistration request message to the UE 402.
  • the UE 402 may transmit a deregistration accept message (not shown) to the PLMN 408.
  • the PLMN 408 may transmit 858 a registration reject message to the UE 402 to reject the UE’s attempt to register to the PLMN 408, instead of a deregistration request message.
  • Events 827 and 829 are similar to 727 and 729 and therefore their description is omitted.
  • Fig. 9 is a block diagram of a UE 902 (which may operate similarly to UE 402 in Figs. 4-8) including a modem 960 and an AP 970 according to an embodiment.
  • the modem 960 is hardware configured to intermediate communication between the PLMN 408 and other UE components such as the AP 970.
  • the modem 960 includes an interface controller 964 enabling the modem to communicate with the AP 970, a security controller 962 that may be configured and programmed for making security-related decisions as discussed below, a protocol controller 946 configured to enable the modem 960 to communicate with a PLMN device, and a processor 942 configured to correlate and coordinate all these modem components.
  • the AP 970 includes an interface controller 974 enabling the AP to communicate with the modem 960, a security controller 972 that may be configured and programmed for making security-related decisions as discussed below, and a processor 943 configured to correlate and coordinate all of these AP components.
  • Fig. 10 is a signal diagram 1000 illustrating a security activation method according to an embodiment.
  • the UE 902 is initially in a connected state 1002.
  • the AP 970 sends 1080, to the modem 960, an AP-to-modem message including one or more preferred or un-preferred security algorithms.
  • This security algorithm information may be associated with NAS or AS communications, 3GPP access or non-3GPP access, ciphering, or integrity protection.
  • the modem 960 may store the preferred or unpreferred security algorithm(s) information in a non-volatile memory in the UE or USIM, which can be reused after power cycle or USIM replacement.
  • a failure of the security activation procedure 1050 occurs when the UE 902 responds to a security mode command specifying a network-selected security algorithm received from PLMN 408, by sending a security mode reject message to the PLMN 408.
  • the modem 960 which has determined that the security-selected security algorithm is not adequate using the information received from the AP 970, may then send 1082 a modem-to-AP message informing the AP 970 about the failure of the security activation procedure.
  • the modem-to-AP message may specify one or more of whether the network-selected security algorithm is related to NAS or AS communications, 3GPP access or non-3GPP access, and ciphering or integrity protection.
  • the AP 970 may then send 1084 another AP-to-modem message (similar to the AP-to-modem message sent at 1080), to update the information that the modem 970 is going to use for the later security activation procedure 1051 (as reflected in FIG. 6 elements 613, 619).
  • Fig. 11 is a signal diagram 1100 illustrating another security activation method employing a UE having a modem and an AP, according to an embodiment.
  • event 1180 and event 1102 are similar to events 1080 and 1002 in the scenario illustrated in Fig. 10 discussed above.
  • the AP 970 (not modem 960 as in scenario 1000) determines 1188 whether the network-selected security algorithm (conveyed 1112 via SMC) is adequate.
  • the modem 960 indicates 1186 the network-selected security algorithm to the AP 970 via a modem-to-AP message. If the AP 970 determines 1188 that the network-selected security algorithm is adequate, then 1189 follows.
  • the modem 960 upon receiving 1190 an AP-to- modem message, the modem 960 sends 1119 a security mode complete message indicating that the security activation procedure was successful.
  • the AP 970 determines 1188 that the network-selected security algorithm is not adequate then 1191 follows, upon receiving 1192 an AP-to-modem message, the modem 960 sends 1115 a security mode reject message indicating that the security activation procedure has failed.
  • the AP-to-modem message sent 1192 by the AP 970, and the security mode reject message may indicate the UE preferred algorithm.
  • Fig. 12 is a signal diagram 1200 illustrating a manner of handling security activation procedure failures by a UE 902 having a modem 960 and an AP 970, according to an embodiment.
  • Events 1280 and 1284 are similar to 1080 and 1084 in the scenario in Fig. 10.
  • the UE 902 evaluates 1293 currently used security algorithms. If a currently used security algorithm related to NAS or AS communications is no longer adequate, the UE 902 may trigger a deregistration procedure 1295 to the PLMN 408 followed by a registration procedure 1297. Steps 1295 and 1297 may be triggered by AP-to-modem messages 1294 and 1296, respectively, if the AP 970 evaluates the currently used security.
  • Fig. 13 illustrates a scenario 1300 similar to scenario 1200 (i.e. , events 1380, 1384, and 1393 are the same as 1280, 1284, and 1293) except that here the UE detects during evaluation 1393 the presence of a currently used security algorithm of the AS layer data radio bearer not preferred by the UE 902. The UE 902 then initiates 1397, a PDU session modification procedure to remove the corresponding QoS flows, or a PDU session release procedure to release the entire PDU session. As in scenario 1200 if the AP evaluates the currently-used algorithms, then the AP sends 1397 an AP- to-modem message to trigger release of the QoS flow or PDU session. Both the AP-to- modem message and the PDU session modification or release message may indicate the UE-preferred algorithm.
  • Fig. 14 is a flow diagram of a method 1400 performed by a UE (such as 402 or 902) according to an embodiment.
  • the method 1400 includes receiving 1412, from an NE (such as BS 404, or a device of CN 410) of a PLMN (e.g., 408), a first message for initiating a first security mode activation based on a network-selected security algorithm.
  • the method 1400 further includes transmitting 1415, a rejection of the first security activation, and specifying a UE-preferred security algorithm.
  • the method 1400 may further include receiving 1413, from the NE, a third message initiating a second security mode activation based on the UE-preferred security algorithm and establishing 1419 a communication session with the NE using the UE-preferred security algorithm.
  • Fig. 15 is a flow diagram of a method 1500 performed by a UE (e.g., 402 or 902) according to another embodiment.
  • the method 1500 includes step 1512 which is similar to step 1412, but is followed by transmitting 1516, to the NE, a second message indicating a rejection of the first security mode activation. Unlike in step 1415, the second message does not indicate the UE-preferred security algorithm.
  • the steps 1512 and 1516 may be repeated, the number of repetitions being counted by counter N initialized before the very first security mode activation attempt.
  • the method 1500 may (i.e., optionally) include transmitting 1521 , to the NE, a deregistration request, and storing 1527 the PLMN ID of the PLMN to which the NE pertains in a forbidden PLMN list. Note that the deregistration may be initiated by the NE.
  • the method 1500 may also search 1529 for a suitable cell on a PLMN whose ID is not in the forbidden PLMN list.
  • Fig. 16 is a flow diagram of a method 1600 performed by an NE (e g., BS 404, or a CN device of CN 410) according to an embodiment.
  • the method 1600 includes transmitting 1612, to a UE, a first message for initiating a first security mode activation based on a network-selected security algorithm.
  • the method 1600 then includes receiving 1615, from the UE, a second message indicating a rejection of the first security mode activation and specifying a UE-preferred security algorithm.
  • the method 1600 may further include transmitting 1613, to the UE, a third message initiating a second security mode activation based on the UE-preferred security algorithm, and establishing 1619 a communication session with the UE using the UE-preferred security algorithm.
  • Fig. 17 is a flow diagram of a method 1700 performed by a NE (such as BS 404 or a CN device of CN 410) according to another embodiment.
  • the method 1700 includes transmitting 1712, to a UE, a first message for initiating a security mode activation based on a network-selected security algorithm.
  • the method 1700 further includes receiving 1716, from the UE, a second message indicating a rejection of the security mode activation.
  • the method includes transmitting 1758, to the UE, a deregistration request of a registration reject.
  • a UE in which the techniques of this disclosure can be implemented can be any suitable device capable of wireless communications such as a smartphone, a tablet computer, a laptop computer, a mobile gaming console, a point-of-sale (POS) terminal, a health monitoring device, a drone, a camera, a mediastreaming dongle or another personal media device, a wearable device such as a smartwatch, a wireless hotspot, a femtocell, or a broadband router.
  • the user device in some cases may be embedded in an electronic system such as the head unit of a vehicle or an advanced driver assistance system (ADAS).
  • ADAS advanced driver assistance system
  • the user device can operate as an internet-of-things (loT) device or a mobile-internet device (MID).
  • the user device can include one or more general- purpose processors, a computer-readable memory, a user interface, one or more network interfaces, one or more sensors, etc.
  • Modules may can be software modules (e.g., code, or machine-readable instructions stored on non-transitory machine-readable medium) or hardware modules.
  • a hardware module is a tangible unit capable of performing certain operations and may be configured or arranged in a certain manner.
  • a hardware module can comprise dedicated circuitry or logic that is permanently configured (e.g., as a special-purpose processor, such as a field programmable gate array (FPGA) or an application-specific integrated circuit (ASIC), a digital signal processor (DSP), etc.) to perform certain operations.
  • FPGA field programmable gate array
  • ASIC application-specific integrated circuit
  • DSP digital signal processor
  • a hardware module may also comprise programmable logic or circuitry (e.g., as encompassed within a general-purpose processor or other programmable processor) that is temporarily configured by software to perform certain operations.
  • programmable logic or circuitry e.g., as encompassed within a general-purpose processor or other programmable processor
  • the decision to implement a hardware module in dedicated and permanently configured circuitry, or in temporarily configured circuitry (e.g., configured by software) may be driven by cost and time considerations.
  • the techniques can be provided as part of the operating system, a library used by multiple applications, a particular software application, etc.
  • the software can be executed by one or more general-purpose processors or one or more special-purpose processors.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

A user equipment (402, 902) and a device (404, 410) pertaining to a network decrease frequency of security activation failures. The UE receives (612) a message for activating security mode indicating a network-selected security algorithm. Upon determining that the network-selected algorithm in not adequate (614), the UE transmits (615) a security mode reject message indicating a UE-preferred security algorithm. The NE is thus enabled to use the UE-preferred security algorithm for a renewed security mode activation leading to a successful security mode activation.

Description

METHODS AND DEVICES FOR EFFICIENTLY ESTABLISHING SECURITY ALGORITHM(S) USED BY A USER EQUIPMENT
FIELD OF THE DISCLOSURE
[0001] This document describes methods and devices (e g., user equipment, UE, and network entity, NE) operating in wireless communication systems, such as (but not limited to) the ones described in 3rd Generation Partnership Project (3GPP) technical specifications, known as the Fifth Generation (5G) or Long Term Evolution (LTE) communication systems. More particularly, the methods and devices employ techniques for efficiently establishing security algorithm(s) used by a UE for encryption and integrity protection of user and signaling data.
BACKGROUND
[0002] This background section is provided for the purpose of generally presenting the context and the technical problems. Work of the presently named inventors, to the extent it is described in this background section, as well as aspects of the description that may not otherwise qualify as prior art at the time of filing, are neither expressly nor impliedly admitted as prior art.
[0003] In telecommunication systems, the Packet Data Convergence Protocol (PDCP) sublayer of the radio protocol stack provides services such as transfer of userplane data, ciphering, integrity protection, etc. For example, the PDCP layer defined for the Evolved Universal Terrestrial Radio Access (EUTRA) radio interface (see 3GPP technical specification, TS, 36.323) and New Radio (NR) (see 3GPP TS 38.323) provides sequencing of protocol data units (PDUs) transmitted in the uplink direction (from a user device, also known as a user equipment (UE), to a base station) as well as in the downlink direction (from the base station to the UE). Further, the PDCP sublayer provides signaling radio bearers (SRBs) and data radio bearers (DRBs) to the Radio Resource Control (RRC) sublayer. The UE and a base station can use SRBs to exchange RRC messages as well as non-access stratum (NAS) messages and can use DRBs to transport data on a user plane. [0004] The PDCP ciphering function is configured to perform data encryption and decryption. Currently-used 128-bit ciphering algorithms operate as illustrated in Fig. 1 . Both sender 101 and receiver 111 (which each may be a UE or a network entity, such as, a base station) use a ciphering algorithm to generate an output KEYSTREAM block using a 128-bit cipher KEY, a 32-bit COUNT, a 5-bit BEARER identity, the 1 -bit DIRECTION of the transmission (which is 0 for uplink and 1 for downlink), and the LENGTH of the keystream as input parameters. The sender 101 then uses the KEYSTREAM block to encrypt the PLAINTEXT block thereby generating the output CIPHERTEXT block. The receiver 111 uses the KEYSTREAM block, which it generates in the same manner as the sender, to decrypt the CIPHERTEXT block thereby regenerating the output PLAINTEXT block. The sender 101 and the receiver 111 use the same ciphering algorithm that may be a null ciphering algorithm known as (EEA0 in LTE and NEA0 in 5G), a 128-bit SNOW 3G based algorithm (known as 128-EEA1 in LTE and 128-NEA1 in 5G), a 128-bit AES based algorithm (known as 128-EEA2 in LTE and 128-NEA2 in 5G) and, optionally, a 128-bit ZUC based algorithm (known as 128- EEA3 in LTE and 128-NEA3 in 5G).
[0005] The PDCP integrity protection function is configured to perform data integrity protection and data integrity verification. Currently-used 128-bit integrity algorithms operate as illustrated in Fig. 2. The sender 201 and the receiver 211 use the same integrity algorithm to generate a 32-bit message authentication code MAC-I/NAS-MAC and XMAC-I/XNAS-MAC (here X stands for “expected”), respectively, based on a 128- bit integrity KEY, a 32-bit COUNT, a 5-bit BEARER identity, and a 1 -bit DIRECTION of the transmission, and the MESSAGE itself. The integrity algorithm may be a null algorithm known as (EIA0 in LTE and NIA0 in 5G), a 128-bit SNOW 3G based algorithm (known as 128-EIA1 in LTE and 128-NIA1 in 5G), a 128-bit AES based algorithm (known as 128-EIA2 in LTE and 128-NIA2 in 5G) and, optionally, a 128-bit ZUC based algorithm (known as 128-EIA3 in LTE and 128-NIA3 in 5G). The sender 201 appends the 32-bit message authentication code MAC-I/NAS-MAC to the message. The receiver 211 verifies integrity by comparing XMAC-I/XNAS-MAC with the MAC-I/NAS-MAC appended to the message. The sender 201 applies the data integrity protection before data ciphering, and the receiver 211 deciphers verifies data integrity deciphering a received message.
[0006] Fig. 3 is a signal diagram illustrating the conventional approach to establishing a security algorithm and the problems (issues) created by this approach. The term “security algorithm” refers to either the ciphering algorithm, the integrity algorithm, or both. A core network device or a radio access network, RAN, device, such as, a base station (BS) of a public land mobile network (PLMN) (the BS being represented by a box labeled “PLMN 311” in Fig. 3) initiates establishing the security context (e.g., algorithm(s)) by sending 312, to the UE 301 , a security mode command (SMC) message specifying a network-selected security algorithm. If the security algorithm is related to NAS layer communications (i.e. , between the UE and core network nodes), a security mode control procedure thus initiated activates NAS security or modifies the NAS layer security context. If the security algorithm is related to access stratum (AS) layer communications (i.e., between the UE and the RAN, e.g., a base station), the security mode control procedure activates AS security upon establishing a radio resource control (RRC) connection.
[0007] The UE 301 then assesses whether the network-selected security algorithm is appropriate. The UE 301 may detect 314 that the network-selected security algorithm is not appropriate (e.g., the UE requires a higher level security algorithm than the level of the received 312 network-selected security algorithm). If the security algorithm is related to NAS layer communications, the UE 301 rejects the network-selected security algorithm by sending 316, to the PLMN 311 , a reject (SMR) message including a generic code (e.g., #24). If the security algorithm is related to AS layer communications, the UE 301 rejects the security mode command by sending a security mode failure message to the PLMN 311 .
[0008] Because the network does not know that the SMR was based on the security level required by the UE, a first issue 317 observed in the conventional approach is that the NE sometimes repeats sending 312A the SMC indicating the same security algorithm that was rejected. The UE 301 then repeats 318 rejecting the security mode 318 (e.g., as in 314 and 316) thereby failing the security mode control procedure (i.e., failing to activate security). The UE 301 is therefore unable to complete the corresponding registration procedure or service request procedure. In this situation, the UE wastes energy and communication resources because the network’s algorithm selection does not yield a different algorithm (one that may fulfill the UE’s desired security level).
[0009] The (repeated) failure(s) of the security mode control procedure causes deregistration 320. In Fig. 3, the PLMN 311 initiates deregistration but the UE 301 may also initiate the deregistration. The deregistered UE 301 may reselect 322 the same PLMN 311 and again fail the security mode control procedure because the PLMN 311 selects the same already-rejected security algorithm. A second issue 319 is that, in the conventional approach, the PLMN selection strategy doesn’t take into consideration prior registration failures related to establishing a security algorithm, thereby wasting energy and communication resources by re-iterating the UE’s attempt to attach to the same network, yielding the same failure due to the security algorithm rejection.
SUMMARY
[0010] According to some embodiments, a UE is configured to provide, to the network, an indication for a UE-preferred security algorithm in a message rejecting a network-selected security algorithm. Alternatively, or additionally, a UE avoids reselecting a PLMN, that has selected a security algorithm rejected by the UE, by storing that PLMN’s ID in a forbidden PLMN list. The network-selected security algorithm (and a corresponding UE-preferred security algorithm) may be an encryption (ciphering) algorithm and/or a data integrity algorithm. After a predetermined number N (N>1) of failures to activate security with a PLMN due to rejecting the network-selected security algorithm, the UE may add a PLMN’s ID to the forbidden PLMN list.
[0011] In some embodiments, the UE includes a modem configured to communicate with the network and an application processor (AP) configured to support AP to/from modem message exchange for enhancing security algorithm negotiation. The AP may provide, to the modem, information regarding preferred or non-preferred security algorithm(s), to enable the modem to decide whether the network-selected security algorithm is adequate. Alternatively, the modem informs the AP about the network-selected security algorithm, and the AP then determines whether the network-selected security algorithm is adequate. In one embodiment, the AP prompts the modem to initiate de-registration and then to request a new registration. In another embodiment, the AP prompts the modem to modify or release a PDU session while specifying the UE-preferred security algorithm.
[0012] According to some embodiments, a network entity (NE) such as, a base station or a device executing a network core function in a PLMN, receives, from a UE, an indication for a UE-preferred security algorithm, and responds with an SMC directing the UE to use the UE-preferred security algorithm for activating security. Alternatively, or additionally, the NE may request deregistration of the UE after M (M >= 1 ) failures to activate security.
BRIEF DESCRIPTION OF THE DRAWINGS
[0013] The accompanying drawings, which are incorporated in and constitute a part of the specification, illustrate one or more embodiments and, together with the description, explain these embodiments.
[0014] Fig. 1 illustrates using a ciphering algorithm.
[0015] Fig. 2 illustrates using a data integrity algorithm.
[0016] Fig. 3 is a signal diagram illustrating the problems with the conventional approach.
[0017] Fig. 4 schematically illustrates a wireless communication system in which techniques according to various embodiments are implemented.
[0018] Fig. 5 illustrates the communication protocol stack.
[0019] Fig. 6 is a signal diagram illustrating a security activation technique according to an embodiment.
[0020] Fig. 7 is a signal diagram illustrating a security activation technique with UE-requested deactivation according to an embodiment.
[0021] Fig. 8 is a signal diagram illustrating a security activation technique with NE-requested deactivation according to an embodiment.
[0022] Fig. 9 is a block diagram of a UE including a modem and an application processor (AP) configured to implement various techniques according to an embodiment.
[0023] Fig. 10 is a signal diagram illustrating a security activation method employing a UE having a modem and an AP, according to an embodiment.
[0024] Fig. 11 is a signal diagram illustrating another security activation method employing a UE having a modem and an AP, according to an embodiment.
[0025] Fig. 12 is a signal diagram illustrating the manner of handling security activation failures by a UE having a modem and an AP, according to an embodiment. [0026] Fig. 13 is a signal diagram illustrating another security activation method employing a UE having a modem and an AP, according to an embodiment.
[0027] Fig. 1 is a flow diagram of a UE method according to an embodiment.
[0028] Fig. 15 is a flow diagram of a UE method according to another embodiment. [0029] Fig. 16 is a flow diagram of an NE method according to an embodiment.
[0030] Fig. 17 is a flow diagram of an NE method according to another embodiment.
DETAILED DESCRIPTION OF THE DRAWINGS
[0031] Methods and devices described in this section embody techniques for efficiently establishing security algorithm(s) for a UE’s communication with the PLMN. The embodiment descriptions in this section refer to the accompanying drawings. The same reference numbers in different drawings identify the same or similar elements. The detailed descriptions do not preclude other embodiments within the scope of the appended claims. The embodiments are not limited to the described configurations but may be extended to other arrangements.
[0032] Reference throughout this section to “one embodiment” or “an embodiment” means that a particular feature, structure, or characteristic described in connection with an embodiment is included in at least one embodiment. Thus, the appearances of the phrases “in one embodiment” or “in an embodiment” in various places throughout the specification are not necessarily all referring to the same embodiment. Further, the particular features, structures, or characteristics may be combined in any suitable manner in one or more embodiments.
[0033] As discussed in more detail below, a UE and a PLMN device (i.e., a core network node or a RAN element, such as, a base station) may cooperatively operate to solve the above-identified problems related to establishing security algorithms. The security algorithms may be associated with NAS or AS communications, 3GPP access or non-3GPP access, ciphering, or integrity protection. To simplify the description, the term “security algorithm” as used below represents any of these security algorithms.
[0034] Before describing the techniques for efficiently establishing security algorithm(s), Fig. 4 provides a brief description of a wireless communication system that supports the later-described embodiments.
[0035] Fig. 4 illustrates a wireless communication system 400 includes a UE 402, a base station (BS) 404, a BS 406, a core network (ON) 410, and a CN 409. The BS 404 operates in a RAN 405 connected to the CN 410. The CN 410 may be an evolved packet core (EPC) 411 , a fifth generation (5G) core (5GC) 460, a sixth generation (6G) core or another wireless network core. The BS 406 similarly operates in a RAN 403 connected to the CN 409. The RAN 405 and the CN 410 belong to a PLMN 408, while the RAN 403 and the CN 409 belong to a PLMN 407.
[0036] The BS 404 covers a cell 424, and the BS 406 covers a cell 426. If the BS 404 is a gNB, then the cell 424 is an NR cell. If the BS 404 is an ng-eNB or an eNB, then the cell 424 is an evolved universal terrestrial radio access (E-UTRA) cell.
Similarly, if the BS 406 is a gNB, then the cell 426 is an NR cell, and if the BS 406 is an ng-eNB or an eNB, then the cell 426 is an E-UTRA cell. The cells 424 and 426 may be in the same Radio Access Network Notification Areas (RNA) or different RNAs. Each of the RANs 405 and 403 may include any number of BSs, and each of the BSs covers one or more cells. The UE 402 includes a 5G NR (or simply, “NR”) and/or an E-UTRA air interface to communicate with the BSs 404 and 406. The BS 404 connects to the CN 410 via an interface, such as, an S1 or an NG interface as defined in 3GPP technical specifications. The BS 404 and other BSs in RAN 405 may be interconnected via an interface X2 or Xn interface as defined in 3GPP technical specifications.
Similarly, the BS 406 connects to the CN 409 via an S1 or NG interface and may be interconnected with other BSs of RAN 403 via an X2 or an Xn interface.
[0037] Among other components, the EPC 411 may include a Serving Gateway (SGW) 412, a Mobility Management Entity (MME) 414, and a Packet Data Network Gateway (PGW) 416. The SGW 412 in general is configured to transfer user-plane packets related to audio calls, video calls, Internet traffic, etc., and the MME 414 is configured to manage authentication, registration, paging, and other related functions. The PGW 416 provides connectivity from the UE to one or more external packet data networks, e.g., an Internet network and/or an Internet Protocol (IP) Multimedia Subsystem (IMS) network. The EPC 411 may include other MME, SGW and/or PGW nodes not shown in Fig. 4.
[0038] The 5GC 460 includes a User Plane Function (UPF) 462, an Access and Mobility Management Function (AMF) 464, and a Session Management Function (SMF) 466. The UPF 462 is configured to transfer user-plane packets related to audio calls, video calls, Internet traffic, etc. The AMF 464 is configured to manage authentication, registration, paging, and other related functions, and the SMF 466 is configured to manage PDU sessions. The 5GC 460 may include other AMF, SMF, and/or UPF instances not shown in Fig. 4, as well as other core network nodes. The CN 409 has similar components to the above-discussed components of the CN 410.
[0039] As illustrated in Fig. 4, the cells 424 and 426 may partially overlap, so that the UE 402 can select, reselect, or hand over from one of the cells 424 and 426 to the other. To directly exchange messages or information, the BS 404 and the BS 406 may support an X2 or an Xn interface. In general, the CN 410 is able to connect to plural BSs supporting NR cells and/or EUTRA cells.
[0040] The BS 404 is equipped with processing hardware 430 that includes one or more general-purpose processors (e.g., CPUs or special-purpose processing units), such as, processor 432 and a non-transitory computer-readable memory (CRM) storing instructions that the one or more general-purpose processors execute. The processor 432 is configured to process data that the BS 404 transmits in the downlink direction, or data that the BS 404 receives in the uplink direction. The processing hardware 430 also includes a transceiver 434 configured to transmit data in the downlink direction and to receive data in the uplink direction. The CRM (not shown) stores executable codes for the processor 432 in cooperation with the transceiver 434 to perform methods according to embodiments described in this section. The BS 406 includes components (not shown) similar to the BS 404’s components 430, 432, and 434, respectively.
[0041] The UE 402 is equipped with processing hardware 440 that can include one or more general-purpose processors (e.g., CPUs or special-purpose processing units), and non-transitory CRM (not shown) storing machine-readable instructions executable on the one or more general-purpose processors, and/or special-purpose processing units. As schematically illustrated in Fig. 4, the processing hardware 440 includes the processor 442 configured to prepare data that the UE 402 transmits in the uplink direction, or to process data that the UE 402 has received in the downlink direction. The processing hardware 440 also includes a transceiver 444 configured to transmit data in the uplink direction and to receive data in the downlink direction. The processing hardware 440 further includes a protocol controller 446 configured to perform communication functions of protocol layers (e.g., the communication functions including mobility management functions, session management functions, and/or radio resource control functions).
[0042] Fig. 5 exemplarily illustrates, in a simplified manner, a protocol stack 500 according to which the UE 402 can communicate with an eNB/ng-eNB or a gNB (e.g., one or more of the base stations 404, 406) and the CN 410. The protocol stack 500 includes a physical (PHY) layer 502 that provides transport channels to a media access control (MAC) layer 504, which in turn provides logical channels to a radio link control (RLC) layer 506. The RLC layer 506, in turn, provides RLC channels to a PDCP sublayer 508. The PDCP sublayer 508 then provides data transfer services to a radio resource control (RRC) sublayer 510, an Internet Protocol (IP) layer and/or a Service Data Adaptation Protocol (SDAP) sublayer (not shown in Fig. 5). The PDCP sublayer 508 receives packets (e.g., from the RRC sublayer 510, the SDAP sublayer, or the IP layer, layered directly or indirectly over the PDCP layer 508) that can be referred to as service data units (SDUs), and output packets (e.g., to the RLC layer 506) that can be referred to as protocol data units (PDlls). Except where the difference between SDUs and PDUs is relevant, this disclosure for simplicity refers to both SDUs and PDUs as “packets”. In some implementations, the PHY layer 502, MAC sublayer 504, RLC sublayer 506, PDCP sublayer 508, RRC sublayer 510 are EUTRA layers or sublayers. In other implementations, the PHY layer 502, MAC sublayer 504, RLC sublayer 506, PDCP sublayer 508, RRC sublayer 510 are NR layers or sublayers.
[0043] The RRC sublayer 510 provides data transfer services to a NAS layer 512, which includes a mobility management (MM) sublayer and/or a session management (SM) sublayer. In some implementations, the MM sublayer is an EPS MM (EMM) sublayer. In other implementations, the MM sublayer is a 5G MM (5GMM) sublayer. In some implementations, the SM sublayer is an EPS SM (ESM) sublayer. In other implementations, the SM sublayer is a 5G SM (5GSM) sublayer.
[0044] On a control plane, the PDCP sublayer 508 provides SRBs to the RRC sublayer 510 to exchange RRC messages or NAS messages (e.g., MM messages and/or SM messages), for example. On a user plane, the PDCP sublayer 508 can provide DRBs to support user plane data exchange. User plane data exchanged on the PDCP sublayer 508 can be SDAP PDUs, Internet Protocol (IP) packets or Ethernet packets.
[0045] Figs. 6-8 are signal diagrams illustrating scenarios in which a UE (e.g., 402 in Fig. 4) and a PLMN device (e.g., BS 404, another RAN 405 device, or a wireless device of the CN 410 in Fig. 4, the PLMN device being labeled simply “PLMN 408” in these figures) operate using security activation techniques according to various embodiments. Time flows from top to bottom of these signal diagrams, an event (i.e. , action, a state, or a communication) illustrated higher occurring earlier than another event below. Similar events in Figs. 6-8 are similarly labeled (for example, events 702, 712, and 714 in Fig. 7 are similar to events 602, 612, and 614 in Fig. 6).
[0046] Fig. 6 is a signal diagram 600 illustrating a security activation technique according to an embodiment. The UE 402 communicates with a PLMN 408 (which may be, as already mentioned above, BS 404, a device of the CN 410 and/or the RAN 405). Initially, the UE 402 is connected 602 (i.e. the UE 402 is in a connected state) to the PLMN. The connected state may be an ECM-CONNECTED state or EMM- CONNECTED state with an MME (e.g., MME 414) in the CN 410 (e.g., EPC 411 ). The connected state may be a 5GCM-CONNECTED state or 5GMM-CONNECTED state with an AMF 464 of the 5GC 460. Alternatively, the connected state is an RRC_CONNECTED state. Thus, the UE 402 is camped on a cell 424 of PLMN 408 shown in Fig. 4.
[0047] The UE 402 (in the connected state) receives 612 an SMC message from the PLMN 408. The SMC message indicates a network-selected security algorithm (which may be a ciphering algorithm and/or a data integrity algorithm) to be applied for communications between the UE and the PLMN over the NAS layer control plane and/or AS layer control/user plane protocols. The UE 402 then determines 614 whether the network-selected security algorithm is preferred (i.e. adequate from the UE’s perspective). The UE 402 may determine that the network-selected security algorithm is not preferred because the network-selected security algorithm is less secure than the UE-preferred security algorithm(s). If the network-selected security algorithm is not preferred, the UE 402 sends 615 a security mode reject message to the PLMN 408, the message including an indication of a UE-preferred security algorithm.
[0048] Upon receiving 615 the security mode reject message, the PLMN 408 then selects 617 the UE preferred security algorithm(s), and then sends 613 another SMC message indicating the UE-preferred security algorithm(s). The UE 402 then sends 619 a security mode complete message to signal that the security mode control procedure has been completed thereby activating one or more security protections using the UE- preferred security algorithm(s). After activating the security protection(s), the UE 402 communicates 620 with the PLMN 408 using the UE-preferred security algorithm(s). In some implementations, the security protection(s) include integrity protection/integrity check and the UE-preferred security algorithm (s) include a first algorithm used for integrity protection/integrity check. In other implementations, the security protection(s) include encryption/decryption and the UE preferred security algorithm (s) include a second algorithm used for encrypting/decrypting.
[0049] In some implementations, when receiving 615 the indication about the UE- preferred security algorithm(s), the network 408 stores this information for the next time when the PLMN 408 initiates activating or reactivating security protection for communication with the UE 402. In other implementations, when receiving 615 the indication about the UE-preferred security algorithm(s), the PLMN 408 forwards this information to a server (e.g., Home Subscriber Server) for storing. Later, when the UE 402 connects again to the PLMN, the PLMN 408 may retrieve the information from the server. The PLMN 408 then transmits 613 an SMC message indicating the UE- preferred security algorithm(s) to the UE 402 and avoids another security mode rejection.
[0050] In some embodiments, if the security mode reject message is a UL NAS message (i.e. , Security Mode Reject message), then the UE 402 applies the UE- preferred security algorithm(s) to UL NAS messages and/or DL NAS messages later exchanged between the UE 402 and the CN 410. In other embodiments, if the security mode reject message is a UL RRC message (e.g., a SecurityModeFailure message), then the UE 402 applies the UE-preferred security algorithm(s) to UL RRC messages and/or DL RRC messages exchanged between the UE 402 and the RAN 405 (i.e. , the UE 402 applies the UE-preferred security algorithm(s) to UL data and/or DL data exchanged via a DRB between the UE 402 and the RAN 405).
[0051] Fig. 7 is a signal diagram 700 illustrating a scenario similar to the one illustrated in Fig. 6. Because the events 702, 712, and 714 are similar to the events 602, 612, and 614 in Fig. 6, their description is omitted. The differences between Figs.
6 and 7 are described below. Unlike the scenario in Fig. 6, after event 714 the UE sends 716, to PLMN 408, a security mode reject message including a generic cause code (without indicating the UE-preferred security algorithm as in 615). The generic cause code does not inform the PLMN 408 about the reason for the UE 402 rejecting the network-selected algorithm. The generic cause code may be a code specified in 3GPP technical specification 24.301 or 24.501. Events 712, 714, and 716 are symbolically grouped in a dashed line box labeled 750 as these events correspond to a security activation failure. In this scenario, the PLMN 408 is not aware of the UE- preferred security algorithm(s), and therefore the PLMN 408 might keep indicating the same security algorithm in subsequent attempts to activate security with the UE as described with reference to FIG. 3 issue 317. The repeated attempts to use a security algorithm that the UE considers inadequate cause repeated failures of the security activation. After N failures of the security activation procedure 754 (N being an integer larger than 0), the UE 402 may determine 718 to enter an idle state.
[0052] The UE 402 then transitions to the idle state from the connected state. In some implementations, the UE 402 performs a local release to enter the idle state in response to the determination 718, without transmitting an indication to the PLMN 408 to request or indicate UE’s transition to the idle state. In other implementations, after the N failures of the security activation, the UE 402 refrains from transmitting UL messages and waits to receive a connection release message (e.g., an RRCConnectionRelease message or an RRCRelease message as defined in the 3GPP technical specifications) from the network to transition to the idle state. The UE 402 transitions to the idle state upon receiving a connection release message from the network. In an embodiment, the UE 402 starts a timer while waiting to receive a connection release message, and if the timer expires before receiving a connection release message, the UE 402 enters the idle state even if the connection release message has not yet been received.
[0053] In the scenario illustrated in Fig. 7, after the N failures of the security activation procedure 754, the UE 402 initiates a deregistration procedure by sending 721 a deregistration request to the PLMN 408. In response, the PLMN 408 transmits 723 a deregistration accept message. After receiving the deregistration accept message, the UE 402 enters the idle state as described above. In some implementations, the deregistration request message and deregistration accept message are a Detach Request message and a Detach Accept message, respectively, as such messages are described in the 3GPP technical specifications. In other implementations, the deregistration request message and deregistration accept message are a Deregistration Request message and a Deregistration Accept message, respectively, as such messages are described in the 3GPP technical specifications.
[0054] After (e.g., in response to) performing the N failures of the security activation procedure 754, the UE 402 stores 727 a PLMN ID of the PLMN 408 in a forbidden PLMN list, and may then search 729 for a suitable cell on a different PLMN (e.g., PLMN 407 in Fig. 4). The UE 402 may initiate a new PLMN selection procedure to perform the cell search, the new PLMN selection procedure taking into consideration the forbidden PLMN list. In some implementations, the UE 402 may keep the PLMN ID in the forbidden PLMN list for a predefined time interval and may also maintain information on the security algorithm(s), which is selected by the network but not adequate from the UE perspective.
[0055] The UE 402 may store the forbidden PLMN list in a non-volatile memory in the UE, a Universal Subscriber Identity Module (USIM), or an embedded USIM (profile). To simplify the following description, “USIM” is used to represents “USIM or embedded USIM (profile)”. The forbidden PLMN list may be associated with a Subscriber Permanent Identifier (SUPI), the UE 402 using the forbidden PLMN list when a SUPI from the USIM matches the associated SUPI. [0056] The UE 402 may remove the PLMN ID from the forbidden PLMN list after the predefined time interval, and may then (i.e. , upon removing the PLMN ID from the list or when the predefined time interval elapses) perform a PLMN selection during which the UE may select the PLMN 408 or access a cell of the PLMN 408. Alternatively, or additionally, after a power cycle (i.e., turning the UE OFF and then back ON), the UE 402 may remove the forbidden PLMN list from the UE memory or the USIM and/or replace the forbidden PLMN list (i.e., a first forbidden PLMN list) with a second forbidden PLMN list pre-stored in the UE or the USIM. The second forbidden PLMN list does not include the PLMN ID of the PLMN 408. After or in response to the power cycle, removing the first forbidden PLMN list or replacing the first forbidden PLMN list with the second forbidden PLMN list, the UE 402 may perform a PLMN selection to select the PLMN 408 or access a cell of the PLMN 408.
[0057] The UE 402 may change its preferred security algorithm (s) and then find a previously-rejected network-selected security algorithm(s) as being adequate. In such cases, the UE 402 removes the PLMN ID from the forbidden PLMN list and may then select the PLMN.
[0058] Fig. 8 is a signal diagram 800 illustrating a scenario similar to the ones illustrated in Figs. 6. and 7. Events 802 and 855 in Fig. 8 are similar to events 702, and 750, 754 (although M and N may be different integer numbers) in Fig. 7, and, therefore, their description is not repeated. In the scenario illustrated in Fig. 8, the PLMN 804 determines 856 to reject the UE following the M (with M an integer M>1 and potentially different from N) failures 855 of the security activation procedures. Unlike in the scenario illustrated in Fig. 7, in this scenario, the deregistration procedure is triggered by the PLMN 408 by sending 858 a deregistration request message to the UE 402. Upon receiving the network’s deregistration message, the UE 402 may transmit a deregistration accept message (not shown) to the PLMN 408. After receiving 858 the deregistration request message or transmitting the deregistration accept message, the UE 402 transitions to the idle state 825 from the connected state 802 described above. If the failures of the security activation procedure were part of a registration procedure (i.e., after receiving a registration request message), the PLMN 408 may transmit 858 a registration reject message to the UE 402 to reject the UE’s attempt to register to the PLMN 408, instead of a deregistration request message. Events 827 and 829 are similar to 727 and 729 and therefore their description is omitted.
[0059] Fig. 9 is a block diagram of a UE 902 (which may operate similarly to UE 402 in Figs. 4-8) including a modem 960 and an AP 970 according to an embodiment. The modem 960 is hardware configured to intermediate communication between the PLMN 408 and other UE components such as the AP 970. The modem 960 includes an interface controller 964 enabling the modem to communicate with the AP 970, a security controller 962 that may be configured and programmed for making security-related decisions as discussed below, a protocol controller 946 configured to enable the modem 960 to communicate with a PLMN device, and a processor 942 configured to correlate and coordinate all these modem components. The AP 970 includes an interface controller 974 enabling the AP to communicate with the modem 960, a security controller 972 that may be configured and programmed for making security-related decisions as discussed below, and a processor 943 configured to correlate and coordinate all of these AP components.
[0060] Fig. 10 is a signal diagram 1000 illustrating a security activation method according to an embodiment. The UE 902 is initially in a connected state 1002. The AP 970 sends 1080, to the modem 960, an AP-to-modem message including one or more preferred or un-preferred security algorithms. This security algorithm information may be associated with NAS or AS communications, 3GPP access or non-3GPP access, ciphering, or integrity protection. The modem 960 may store the preferred or unpreferred security algorithm(s) information in a non-volatile memory in the UE or USIM, which can be reused after power cycle or USIM replacement.
[0061] A failure of the security activation procedure 1050 (similar to 750) occurs when the UE 902 responds to a security mode command specifying a network-selected security algorithm received from PLMN 408, by sending a security mode reject message to the PLMN 408. The modem 960, which has determined that the security-selected security algorithm is not adequate using the information received from the AP 970, may then send 1082 a modem-to-AP message informing the AP 970 about the failure of the security activation procedure. The modem-to-AP message may specify one or more of whether the network-selected security algorithm is related to NAS or AS communications, 3GPP access or non-3GPP access, and ciphering or integrity protection. Upon later changing the preferred security algorithms, the AP 970 may then send 1084 another AP-to-modem message (similar to the AP-to-modem message sent at 1080), to update the information that the modem 970 is going to use for the later security activation procedure 1051 (as reflected in FIG. 6 elements 613, 619).
[0062] Fig. 11 is a signal diagram 1100 illustrating another security activation method employing a UE having a modem and an AP, according to an embodiment. Optional (as suggested by the dashed line) event 1180 and event 1102 are similar to events 1080 and 1002 in the scenario illustrated in Fig. 10 discussed above. Here, the AP 970 (not modem 960 as in scenario 1000) determines 1188 whether the network-selected security algorithm (conveyed 1112 via SMC) is adequate. The modem 960 indicates 1186 the network-selected security algorithm to the AP 970 via a modem-to-AP message. If the AP 970 determines 1188 that the network-selected security algorithm is adequate, then 1189 follows. As part of event 1189, upon receiving 1190 an AP-to- modem message, the modem 960 sends 1119 a security mode complete message indicating that the security activation procedure was successful. Alternatively, if the AP 970 determines 1188 that the network-selected security algorithm is not adequate then 1191 follows, upon receiving 1192 an AP-to-modem message, the modem 960 sends 1115 a security mode reject message indicating that the security activation procedure has failed. The AP-to-modem message sent 1192 by the AP 970, and the security mode reject message may indicate the UE preferred algorithm.
[0063] Fig. 12 is a signal diagram 1200 illustrating a manner of handling security activation procedure failures by a UE 902 having a modem 960 and an AP 970, according to an embodiment. Events 1280 and 1284 are similar to 1080 and 1084 in the scenario in Fig. 10. In view of the updated UE algorithm preference, the UE 902 (either AP 970 or modem 960) evaluates 1293 currently used security algorithms. If a currently used security algorithm related to NAS or AS communications is no longer adequate, the UE 902 may trigger a deregistration procedure 1295 to the PLMN 408 followed by a registration procedure 1297. Steps 1295 and 1297 may be triggered by AP-to-modem messages 1294 and 1296, respectively, if the AP 970 evaluates the currently used security.
[0064] Fig. 13 illustrates a scenario 1300 similar to scenario 1200 (i.e. , events 1380, 1384, and 1393 are the same as 1280, 1284, and 1293) except that here the UE detects during evaluation 1393 the presence of a currently used security algorithm of the AS layer data radio bearer not preferred by the UE 902. The UE 902 then initiates 1397, a PDU session modification procedure to remove the corresponding QoS flows, or a PDU session release procedure to release the entire PDU session. As in scenario 1200 if the AP evaluates the currently-used algorithms, then the AP sends 1397 an AP- to-modem message to trigger release of the QoS flow or PDU session. Both the AP-to- modem message and the PDU session modification or release message may indicate the UE-preferred algorithm.
[0065] Fig. 14 is a flow diagram of a method 1400 performed by a UE (such as 402 or 902) according to an embodiment. The method 1400 includes receiving 1412, from an NE (such as BS 404, or a device of CN 410) of a PLMN (e.g., 408), a first message for initiating a first security mode activation based on a network-selected security algorithm. The method 1400 further includes transmitting 1415, a rejection of the first security activation, and specifying a UE-preferred security algorithm. The method 1400 may further include receiving 1413, from the NE, a third message initiating a second security mode activation based on the UE-preferred security algorithm and establishing 1419 a communication session with the NE using the UE-preferred security algorithm. [0066] Fig. 15 is a flow diagram of a method 1500 performed by a UE (e.g., 402 or 902) according to another embodiment. The method 1500 includes step 1512 which is similar to step 1412, but is followed by transmitting 1516, to the NE, a second message indicating a rejection of the first security mode activation. Unlike in step 1415, the second message does not indicate the UE-preferred security algorithm. Therefore, the steps 1512 and 1516 may be repeated, the number of repetitions being counted by counter N initialized before the very first security mode activation attempt. After a predetermined number of failures (i.e., the “YES” branch of 1557), the method 1500 may (i.e., optionally) include transmitting 1521 , to the NE, a deregistration request, and storing 1527 the PLMN ID of the PLMN to which the NE pertains in a forbidden PLMN list. Note that the deregistration may be initiated by the NE. The method 1500 may also search 1529 for a suitable cell on a PLMN whose ID is not in the forbidden PLMN list.
[0067] Fig. 16 is a flow diagram of a method 1600 performed by an NE (e g., BS 404, or a CN device of CN 410) according to an embodiment. The method 1600 includes transmitting 1612, to a UE, a first message for initiating a first security mode activation based on a network-selected security algorithm. The method 1600 then includes receiving 1615, from the UE, a second message indicating a rejection of the first security mode activation and specifying a UE-preferred security algorithm. The method 1600 may further include transmitting 1613, to the UE, a third message initiating a second security mode activation based on the UE-preferred security algorithm, and establishing 1619 a communication session with the UE using the UE-preferred security algorithm.
[0068] Fig. 17 is a flow diagram of a method 1700 performed by a NE (such as BS 404 or a CN device of CN 410) according to another embodiment. The method 1700 includes transmitting 1712, to a UE, a first message for initiating a security mode activation based on a network-selected security algorithm. The method 1700 further includes receiving 1716, from the UE, a second message indicating a rejection of the security mode activation. After a predetermined number of security mode activation failure (i.e., repeated steps 1712 and 1716), the method includes transmitting 1758, to the UE, a deregistration request of a registration reject.
[0069] Generally speaking, description for one of the above figures can apply to another of the above figures. Examples, implementations, and methods described above can be combined if there is no conflict. An event or block described above can be optional or omitted. For example, an event or block with dashed lines in the figures can be optional. In some implementations, “message” is used and can be replaced by “information element (IE)”, and vice versa. In some implementations, “IE” is used and can be replaced by “field”, and vice versa. In some implementations, “configuration” can be replaced by “configurations” or “configuration parameters”, and vice versa. In some implementations, “capability” can be replaced by “capabilities”.
[0070] A UE (e.g., UE 402 or UE 902) in which the techniques of this disclosure can be implemented can be any suitable device capable of wireless communications such as a smartphone, a tablet computer, a laptop computer, a mobile gaming console, a point-of-sale (POS) terminal, a health monitoring device, a drone, a camera, a mediastreaming dongle or another personal media device, a wearable device such as a smartwatch, a wireless hotspot, a femtocell, or a broadband router. Further, the user device in some cases may be embedded in an electronic system such as the head unit of a vehicle or an advanced driver assistance system (ADAS). Still further, the user device can operate as an internet-of-things (loT) device or a mobile-internet device (MID). Depending on the type, the user device can include one or more general- purpose processors, a computer-readable memory, a user interface, one or more network interfaces, one or more sensors, etc.
[0071] Certain embodiments are described in this disclosure as including logic or a number of components or modules. Modules may can be software modules (e.g., code, or machine-readable instructions stored on non-transitory machine-readable medium) or hardware modules. A hardware module is a tangible unit capable of performing certain operations and may be configured or arranged in a certain manner. A hardware module can comprise dedicated circuitry or logic that is permanently configured (e.g., as a special-purpose processor, such as a field programmable gate array (FPGA) or an application-specific integrated circuit (ASIC), a digital signal processor (DSP), etc.) to perform certain operations. A hardware module may also comprise programmable logic or circuitry (e.g., as encompassed within a general-purpose processor or other programmable processor) that is temporarily configured by software to perform certain operations. The decision to implement a hardware module in dedicated and permanently configured circuitry, or in temporarily configured circuitry (e.g., configured by software) may be driven by cost and time considerations.
[0072] When implemented in software, the techniques can be provided as part of the operating system, a library used by multiple applications, a particular software application, etc. The software can be executed by one or more general-purpose processors or one or more special-purpose processors.

Claims

WHAT IS CLAIMED IS:
1 . A wireless communication method (1100) performed by user equipment (402), UE, connected to a public land mobile network (208), PLMN, the method comprising: receiving (1112, 1186), by an application processor, AP, (970) of the UE from a network entity, NE, of the PLMN via a modem (960) of the UE, a first message indicating a network-selected security algorithm; determining (1188), by the AP, whether the network-selected security algorithm is adequate; and when the AP determines that network-selected security algorithm is not adequate, transmitting (1192, 1191), by the AP via the modem to the NE, a second message indicating a rejection of the network-selected security algorithm and including a UE-preferred algorithm.
2. The wireless communication method of claim 1 , wherein the network- selected security algorithm is an encryption algorithm as defined in 3GPP specifications.
3. The wireless communication method of claim 1 , wherein the network- selected security algorithm is a data integrity algorithm as defined in 3GPP specifications.
4. The wireless communication method of any of claims 1 to 3, further comprising: receiving, from the NE, a third message initiating a second security mode activation based on the UE-preferred security algorithm; and establishing a communication session with the NE using the UE-preferred security algorithm.
5. A wireless communication method (1500) performed by user equipment (402, 902), UE, connected to a public land mobile network (408), PLMN, the method comprising: receiving (1512), from a network entity (404, 410), NE, of the PLMN, a first message for initiating a security mode activation based on an NE-selected security algorithm; transmitting (1516), to the NE, a second message indicating a rejection of the security mode activation; and after repeating the receiving of the first message and the transmitting of the second message a first predetermined number of times, storing (1527) a PLMN ID of the PLMN in a forbidden PLMN list.
6. The wireless communication method of claim 5, further comprising: initiating de-registration from the PLMN after the repeating.
7. The wireless communication method of any of claims 5 or 6, further comprising: refraining from initiating a connection to any PLMN with a PLMN ID stored in a forbidden PLMN list.
8. The wireless communication method of any of claims 5 to 7, wherein the UE includes a modem configured to communicate with the NE and an application processor, AP, and the method comprises: exchanging communications between the modem and the AP to prepare the transmitting of the second message, and determining by the AP that the network-selected security algorithm is inadequate.
9. The wireless communication method of claim 8, wherein the exchanging of the communications includes at least one of: transmitting a modem-to-AP message indicating the NE-selected security algorithm; and transmitting an AP-to-modem message that indicates a UE-preferred security algorithm or a priority of security algorithm.
10. The wireless communication method of claim 8, wherein the exchanging of the communications includes transmitting, by the AP, a first connection-update AP-to- modem message for requesting deregistration of the UE from the PLMN, and a second connection-update AP-to-modem message for requesting a renewed registration of the UE to the PLMN.
11 . The wireless communication method claim 8, wherein the exchanging of the communications includes: transmitting, by the AP to the modem, a security-modifying AP-to-modem message requesting release of a specific flow of a packet data unit, PDU, session of the UE with the PLMN, wherein the modem then transmits, to the NE, a PDU session modification request or a session release request for releasing the specific flow and specifying a UE- preferred security algorithm.
12. A user equipment (402) comprising a transceiver (444) and a processor (442) configured to cooperate for performing any one of methods recited in claims 1-11.
13. A wireless communication method (1600) performed by a network entity, NE, (408) of a public land mobile network, PLMN, the method comprising: transmitting (1612), to a UE, a first message for initiating a security mode activation based on a network-selected security algorithm; receiving (1615), from the UE, a second message indicating rejection of the security mode activation and specifying a UE-preferred security algorithm; and transmitting (1613), to the UE, a third message for initiating the security mode activation based on the UE-preferred security algorithm.
14. A wireless communication method (1700) performed by a network entity, NE, (408) of a public land mobile network, PLMN, the method comprising: after repeatedly transmitting (1712), to a UE, a first message for initiating a security mode activation based on a network-selected security algorithm and receiving (1715) in response to the first message, from the UE, a second message indicating rejection of the security mode activation, transmitting (1758), to the UE, a deregistration request or a registration reject message.
15. A network entity (408) comprising a transceiver (434) and a processor (432) configured to cooperate for performing any one of methods recited in claims 13 and 14.
PCT/US2025/012737 2024-01-29 2025-01-23 Methods and devices for efficiently establishing security algorithm(s) used by a user equipment Pending WO2025165641A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US202463626298P 2024-01-29 2024-01-29
US63/626,298 2024-01-29

Publications (1)

Publication Number Publication Date
WO2025165641A1 true WO2025165641A1 (en) 2025-08-07

Family

ID=94733844

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2025/012737 Pending WO2025165641A1 (en) 2024-01-29 2025-01-23 Methods and devices for efficiently establishing security algorithm(s) used by a user equipment

Country Status (1)

Country Link
WO (1) WO2025165641A1 (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180083972A1 (en) * 2016-09-20 2018-03-22 Lg Electronics Inc. Method and apparatus for security configuration in wireless communication system
US20190357116A1 (en) * 2018-05-21 2019-11-21 Mediatek Inc. Enhanced Handling on Forbidden PLMN List

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180083972A1 (en) * 2016-09-20 2018-03-22 Lg Electronics Inc. Method and apparatus for security configuration in wireless communication system
US20190357116A1 (en) * 2018-05-21 2019-11-21 Mediatek Inc. Enhanced Handling on Forbidden PLMN List

Similar Documents

Publication Publication Date Title
US20240365282A1 (en) Managing Paging for a User Device
US20250081280A1 (en) Managing measurement in small data transmission
US20240340995A1 (en) Communicating early and non-early data between a user device and a core network
US20240406846A1 (en) Managing ue measurements in an idle or inactive state
US20240172176A1 (en) Managing downlink early data transmission
WO2023154401A1 (en) Managing radio configurations for small data transmission
US20240306248A1 (en) Managing an early data communication configuration
US20250089119A1 (en) Managing access control in small data transmission
US20250048366A1 (en) Managing small data communication
US20250126674A1 (en) Managing Radio Functions in the Inactive State
EP4233478B1 (en) Early data communication in an inactive state
US20230413372A1 (en) Early data communication with preconfigured resources
WO2023154445A1 (en) Managing radio configurations for a user equipment
WO2025165641A1 (en) Methods and devices for efficiently establishing security algorithm(s) used by a user equipment
US20240114586A1 (en) Handling communication errors during early data communication
US20240155726A1 (en) Managing data communication in a distributed base station
US20250097829A1 (en) Managing system information communication in small data transmission
US20240147568A1 (en) Managing early data communication
US20240244700A1 (en) Early Data Communication on Bandwidth Parts
US20240188164A1 (en) Managing radio connections during early data commuinication via a distributed base station
CN118743304A (en) Managing measurements in small data transmissions
EP4466903A1 (en) Managing a configured grant configuration for a user equipment

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 25707539

Country of ref document: EP

Kind code of ref document: A1