Patent Application
20220303936
5G new radio (NR) wireless communications support multiple connections by a user equipment (UE) to a public land mobile network (PLMN). For example, a 3GPP connection (e.g., a 5G wireless connection) and a non-3GPP connection (e.g., a WiFi connection) may be established by a single UE. In such a scenario, the same security context in the packet data convergence protocol (PDCP) layer is used to encrypt the communications of both connections. One of the parameters input into the encryption algorithm is the non-access stratum (NAS) count. There is a NAS count for downlink (DL) communications and a NAS count for uplink (communications) on each connection. As such, for a UE having two connections (3GPP and non-3GPP), there are four NAS counts; a pair (DL and UL) of NAS counts for each connection.
Some exemplary embodiments are related to a user equipment (UE) having a transceiver configured to communicate with a plurality of networks and a processor communicatively coupled to the transceiver and configured to perform operations. The operations include establishing a first type of connection to a first public land mobile network (PLMN), the first type of connection having a first non-access stratum (NAS) Count pair corresponding to a first NAS security context associated with the first PLMN, establishing a second type of connection to a second PLMN, wherein a previous second type of connection was established with the first PLMN, wherein the previous second type of connection has a second NAS Count pair corresponding to the first NAS security context, wherein the second type of connection has a third NAS Count pair corresponding to a second NAS security context associated with the second PLMN and deregistering the previous second type of connection with the first PLMN to reset the second NAS count pair at the first PLMN.
Other exemplary embodiments are related to a user equipment (UE) having a transceiver configured to communicate with a plurality of networks and a processor communicatively coupled to the transceiver and configured to perform operations. The operations include establishing a first type of connection to a first public land mobile network (PLMN), wherein the first type of connection has a first non-access stratum (NAS) Count pair corresponding to a NAS security context associated with an access and mobility management function (AMF) of the first PLMN, reestablishing a second type of connection to the first PLMN after previously transitioning the second type of connection to a second PLMN and receiving a second NAS Count pair from an AMF of the first PLMN, wherein the second NAS count pair corresponds to the second type of connection.
Still further exemplary embodiments are related to a user equipment (UE) having a transceiver configured to communicate with a plurality of networks and a processor communicatively coupled to the transceiver and configured to perform operations. The operations include establishing a first type of connection to a first public land mobile network (PLMN), wherein the first type of connection has a first non-access stratum (NAS) Count pair corresponding to a NAS security context associated with the access and mobility management function (AMF) of the first PLMN, reestablishing a second type of connection to the first PLMN after previously transitioning the second type of connection to a second PLMN and determining a new security context for both the first type of connection and the second type of connection.
Additional exemplary embodiments are related to a user equipment (UE) having a transceiver configured to communicate with a plurality of networks and a processor communicatively coupled to the transceiver and configured to perform operations. The operations include establishing a first type of connection to a first public land mobile network (PLMN), wherein the first type of connection has a first non-access stratum (NAS) Count pair corresponding to a first NAS security context associated with the access and mobility management function (AMF) of the first PLMN, establishing a second type of connection to a second PLMN, wherein the second type of connection has a third NAS Count pair corresponding to a second NAS security context associated with the AMF of the second PLMN, wherein a previous second type of connection was with the first PLMN and included a second NAS Count pair corresponding to the first NAS security context and storing the first, second, and third NAS Count pairs.
Further exemplary embodiments are related to a network component implementing an access and mobility management function (AMF) of a core network that includes one or more processors configured to perform operations. The operations include receiving a request from a user equipment (UE) regarding deregistration of a first type of connection or a second type of connection between the UE and a first public land mobile network (PLMN) when the UE has transitioned the second type of connection from the first PLMN to a second PLMN and deregistering one of the first type of connection or second type of connection based on the request.
Some exemplary embodiments are also related to a network component implementing an access and mobility management function (AMF) of a core network including one or more processors configured to perform operations. The operations include receiving from a user equipment (UE) a request to reestablish a second type of connection to a first public land mobile network (PLMN) after the UE had previously transitioned the second type of connection to a second PLMN, and wherein the UE additionally has a first type of connection to the first PLMN and transmitting a NAS security mode command (SMC) including a second non-access stratum (NAS) Count pair to the UE, wherein the second NAS Count pair is associated with a NAS security context corresponding the first and second types of connections with the first PLMN.
The exemplary embodiments may be further understood with reference to the following description and the related appended drawings, wherein like elements are provided with the same reference numerals. The exemplary embodiments describe manners for a user equipment (UE) to handle a multi-connection establishment with one or more public land mobile networks (PLMNs).
The exemplary embodiments are described with regard to a network that includes 5G new radio NR radio access technology (RAT). However, the exemplary embodiments may be implemented in other types of networks using the principles described herein.
The exemplary embodiments are also described with regard to a UE. However, the use of a UE is merely for illustrative purposes. The exemplary embodiments may be utilized with any electronic component that may establish a connection with a network and is configured with the hardware, software, and/or firmware to exchange information and data with the network. Therefore, the UE as described herein is used to represent any electronic component.
As noted above, a UE may establish a 3GPP connection (e.g., a 5G wireless connection) and a non-3GPP connection (e.g., a WiFi connection) with the same PLMN. Although both connections have the same security context and are encrypted using the same access and mobility management function (AMF) key, each connection is encrypted using a non-access stratum (NAS) Count pair, one NAS Count for the uplink (UL) and one NAS Count for the downlink (DL) on that connection.
Presently, the 3GPP standards (e.g., TS 31.102) allow for the storage of only one NAS Count pair per connection type on a universal subscriber identity module (USIM) of the UE. Consider the following scenario with this restriction. When a UE establishes a 3GPP and non-3GPP connection to a first PLMN, the UE stores a first NAS Count pair for the 3GPP connection and a second NAS Count pair for the non-3GPP connection. When the UE switches the non-3GPP connection to a second PLMN, a third NAS Count pair for this connection is established. The 3GPP connection to the first PLMN remains active. If, however, the UE attempts to reestablish the non-3GPP connection with the first PLMN, the AMF of the first PLMN will attempt to activate the security context of the active 3GPP connection on the non-3GPP connection. The UE lost the second NAS Count pair associated with the non-3GPP connection via the first PLMN because it was replaced with the third NAS Count pair associated with the non-3GPP connection via the second PLMN, the reconnection to the first PLMN will fail since the UE does not know if the security context received from the AMF of the first PLMN is valid.
According to some exemplary embodiments, a UE deregisters its non-3GPP connection with the first PLMN when it establishes a non-3GPP connection with a second PLMN. In some cases, the UE deregisters its current non-3GPP connection if that connection has been idle for longer than a predetermined time period. In other scenarios, the UE will communicate with the AMF of the first PLMN to deregister its non-3GPP connection with the first PLMN when the UE moves its non-3GPP connection to a second PLMN.
According to other exemplary embodiments, the AMF of a PLMN transmits to the UE a stored NAS Count pair previously established for a non-3GPP connection when the UE seeks to reestablish the non-3GPP connection with the PLMN. The UE then determines how to handle the received AMF NAS Count pair based on whether or not the UE has a corresponding stored NAS Count pair and, if it does, on whether or not the stored NAS Count pair is the same as the received AMF NAS Count pair.
According to further exemplary embodiments, when the UE seeks to register both types of connections (3GPP and non-3GPP) with a PLMN and only has one NAS Count pair corresponding to one of the connections stored on its USIM, the UE performs a primary authentication with the AMF of the PLMN to derive a new security context for both types of connections. According to further exemplary embodiments, the UE may store multiple NAS security contexts for multiple PLMNs locally or on the USIM.
The UE 110 may be configured to communicate with one or more networks. In the example of the network configuration 100, the networks with which the UE 110 may wirelessly communicate are a 5G New Radio (NR) radio access network (5G NR-RAN) 120, an LTE radio access network (LTE-RAN) 122 and a wireless local access network (WLAN) 124. However, it should be understood that the UE 110 may also communicate with other types of networks and the UE 110 may also communicate with networks over a wired connection. Therefore, the UE 110 may include a 5G NR chipset to communicate with the 5G NR-RAN 120, an LTE chipset to communicate with the LTE-RAN 122 and an ISM chipset to communicate with the WLAN 124.
The 5G NR-RAN 120 and the LTE-RAN 122 may be portions of cellular networks that may be deployed by cellular providers (e.g., Verizon, AT&T, T-Mobile, etc.). These networks 120, 122 may include, for example, cells or base stations (Node Bs, eNodeBs, HeNBs, eNBS, gNBs, gNodeBs, macrocells, microcells, small cells, femtocells, etc.) that are configured to send and receive traffic from UE that are equipped with the appropriate cellular chip set. The WLAN 124 may include any type of wireless local area network (WiFi, Hot Spot, IEEE 802.11x networks, etc.).
The UE 110 may connect to the 5G NR-RAN 120 via the gNB 120A and/or the gNB 120B. During operation, the UE 110 may be within range of a plurality of gNBs. Thus, either simultaneously or alternatively, the UE 110 may connect to the 5G NR-RAN 120 via the gNBs 120A and 120B. Further, the UE 110 may communicate with the eNB 122A of the LTE-RAN 122 to transmit and receive control information used for downlink and/or uplink synchronization with respect to the 5G NR-RAN 120 connection.
Those skilled in the art will understand that any association procedure may be performed for the UE 110 to connect to the 5G NR-RAN 120. For example, as discussed above, the 5G NR-RAN 120 may be associated with a particular cellular provider where the UE 110 and/or the user thereof has a contract and credential information (e.g., stored on a SIM card). Upon detecting the presence of the 5G NR-RAN 120, the UE 110 may transmit the corresponding credential information to associate with the 5G NR-RAN 120. More specifically, the UE 110 may associate with a specific base station (e.g., the gNB 120A of the 5G NR-RAN 120).
In addition to the networks 120, 122 and 124 the network arrangement 100 also includes a cellular core network 130, the Internet 140, an IP Multimedia Subsystem (IMS) 150, and a network services backbone 160. The cellular core network 130 also manages the traffic that flows between the cellular network and the Internet 140. The cellular core network 130 may be considered to be the interconnected set of components that manages the operation and traffic of the cellular network. In this example, the components include an access and mobility management function (AMF) 131. However, an actual cellular core network may include various other components performing any of a variety of different functions.
The AMF 131 performs operations related to mobility management such as, but not limited to, paging, non-access stratum (NAS) management and registration procedure management between the UE 110 and the cellular core network 130. Reference to a single AMF 131 is merely for illustrative purposes, an actual network arrangement may include any appropriate number of AMFs.
As described above, the UE 110 may also establish a non-3GPP connection (e.g., WiFi connection) via the 5G NR-RAN 120. In such scenarios, a non-3GPP access network (e.g., WLAN 124) may be connected to the cellular core network 130. The control-plane functions and the user-plane functions of the cellular core network 130 may then be used for the UE 110 to access functionalities of the non-3GPP connection, e.g., accessing a data network.
The processor 205 may be configured to execute a plurality of engines of the UE 110. For example, the engines may include NAS Count management engine 235. As will be described in more detail below, the NAS Count management engine 235 may perform various operations related to managing registrations of 3GPP and non-3GPP connections to one or more PLMNs.
The above referenced engine being an application (e.g., a program) executed by the processor 205 is only exemplary. The functionality associated with the engine may also be represented as a separate incorporated component of the UE 110 or may be a modular component coupled to the UE 110, e.g., an integrated circuit with or without firmware. For example, the integrated circuit may include input circuitry to receive signals and processing circuitry to process the signals and other information. The engines may also be embodied as one application or separate applications. In addition, in some UE, the functionality described for the processor 205 is split among two or more processors such as a baseband processor and an applications processor. The exemplary embodiments may be implemented in any of these or other configurations of a UE.
The memory arrangement 210 may be a hardware component configured to store data related to operations performed by the UE 110. The display device 215 may be a hardware component configured to show data to a user while the I/O device 220 may be a hardware component that enables the user to enter inputs. The display device 215 and the I/O device 220 may be separate components or integrated together such as a touchscreen. The transceiver 225 may be a hardware component configured to establish a connection with the 5G NR-RAN 120, the LTE-RAN 122, the WLAN 124, etc. Accordingly, the transceiver 225 may operate on a variety of different frequencies or channels (e.g., set of consecutive frequencies).
As illustrated in
As illustrated in
As illustrated in
In some embodiments, the deregistration in 420 is based on a predetermined time period during which the UE 110 has entered an idle mode for the second type of connection (non-3GPP). For example, if the UE 110 has entered an idle mode in the second type of connection 304b, with the first PLMN 302A, the UE 110 will deregister this connection.
In some embodiments, either the UE 110 or the AMF 131 may deregister the second type of connection 304b. In some embodiments, the UE 110 transmits a deregistration request to the AMF 131 of the first PLMN 302A to deregister the second type of connection 304b when the UE 110 establishes a second type of connection 304c with the second PLMN 302B. This deregistration request may be sent over the first type of connection 304a, which is still active when the UE 110 establishes its second type of connection 304c with the second PLMN 320B. In some embodiments, the AMF 131 of the first PLMN 302A may alternatively deregister the UE's second type of connection 304b with the first PLMN 302A in response to an indication sent by the UE 110. In some embodiments, the indication may be sent by the UE 110 over the first type of connection 304a and causes the AMF 131 to initiate the deregistration procedure.
If the UE 110 does not have a stored NAS count pair corresponding to the NAS security context of the first type of connection 304a, then, at 535, the UE 110 either adopts the second NAS Count pair received from the AMF to reestablish the second type of connection 304b or sets the second NAS Count pair to 0 (resets the NAS Count) to reestablish the second type of connection 304b.
If, however, the UE 110 does have a stored NAS count pair corresponding to the NAS security context of the first type of connection 304a, then, at 540, the UE 110 determines if the stored NAS Count pair is equivalent to the second NAS Count pair received from the AMF 131. If the stored NAS Count pair is equivalent to the second NAS Count pair received from the AMF, then, at 545, the UE 110 adopts the second NAS Count pair received from the AMF 131 to reestablish the second type of connection 304b. If, however, the stored NAS Count pair is not equivalent to the second NAS Count pair received from the AMF 131, then, at 550, the UE 110 does one of the following to reestablish the second type of connection 304b: 1) rejects the NAS SMC procedure in which the received NAS Count pair was sent; 2) adopts the second NAS Count pair received from the AMF, or 3) sets the second NAS Count pair to 0 (resets the NAS Count).
Those skilled in the art will understand that the above-described exemplary embodiments may be implemented in any suitable software or hardware configuration or combination thereof. An exemplary hardware platform for implementing the exemplary embodiments may include, for example, an Intel x86 based platform with compatible operating system, a Windows OS, a Mac platform and MAC OS, a mobile device having an operating system such as iOS, Android, etc. In a further example, the exemplary embodiments of the above described method may be embodied as a program containing lines of code stored on a non-transitory computer readable storage medium that, when compiled, may be executed on a processor or microprocessor.
Although this application described various aspects each having different features in various combinations, those skilled in the art will understand that any of the features of one aspect may be combined with the features of the other aspects in any manner not specifically disclaimed or which is not functionally or logically inconsistent with the operation of the device or the stated functions of the disclosed aspects.
It is well understood that the use of personally identifiable information should follow privacy policies and practices that are generally recognized as meeting or exceeding industry or governmental requirements for maintaining the privacy of users. In particular, personally identifiable information data should be managed and handled so as to minimize risks of unintentional or unauthorized access or use, and the nature of authorized use should be clearly indicated to users.
It will be apparent to those skilled in the art that various modifications may be made in the present disclosure, without departing from the spirit or the scope of the disclosure. Thus, it is intended that the present disclosure cover modifications and variations of this disclosure provided they come within the scope of the appended claims and their equivalent.
| Filing Document | Filing Date | Country | Kind |
|---|---|---|---|
| PCT/CN2020/124831 | 10/29/2020 | WO |
