Patent Application
20250220431
Examples of several of the various embodiments of the present disclosure are described herein with reference to the drawings.
In the present disclosure, various embodiments are presented as examples of how the disclosed techniques may be implemented and/or how the disclosed techniques may be practiced in environments and scenarios. It will be apparent to persons skilled in the relevant art that various changes in form and detail can be made therein without departing from the scope. In fact, after reading the description, it will be apparent to one skilled in the relevant art how to implement alternative embodiments. The present embodiments should not be limited by any of the described exemplary embodiments. The embodiments of the present disclosure will be described with reference to the accompanying drawings. Limitations, features, and/or elements from the disclosed example embodiments may be combined to create further embodiments within the scope of the disclosure. Any figures which highlight the functionality and advantages, are presented for example purposes only. The disclosed architecture is sufficiently flexible and configurable, such that it may be utilized in ways other than that shown. For example, the actions listed in any flowchart may be re-ordered or only optionally used in some embodiments.
Embodiments may be configured to operate as needed. The disclosed mechanism may be performed when certain criteria are met, for example, in a wireless device, a base station, a radio environment, a network, a combination of the above, and/or the like. Example criteria may be based, at least in part, on for example, wireless device or network node configurations, traffic load, initial system set up, packet sizes, traffic characteristics, a combination of the above, and/or the like. When the one or more criteria are met, various example embodiments may be applied. Therefore, it may be possible to implement example embodiments that selectively implement disclosed protocols.
A base station may communicate with a mix of wireless devices. Wireless devices and/or base stations may support multiple technologies, and/or multiple releases of the same technology. Wireless devices may have one or more specific capabilities. When this disclosure refers to a base station communicating with a plurality of wireless devices, this disclosure may refer to a subset of the total wireless devices in a coverage area. This disclosure may refer to, for example, a plurality of wireless devices of a given LTE or 5G release with a given capability and in a given sector of the base station. The plurality of wireless devices in this disclosure may refer to a selected plurality of wireless devices, and/or a subset of total wireless devices in a coverage area which perform according to disclosed methods, and/or the like. There may be a plurality of base stations or a plurality of wireless devices in a coverage area that may not comply with the disclosed methods, for example, those wireless devices or base stations may perform based on older releases of LTE or 5G technology.
In this disclosure, “a” and “an” and similar phrases refer to a single instance of a particular element, but should not be interpreted to exclude other instances of that element. For example, a bicycle with two wheels may be described as having “a wheel”. Any term that ends with the suffix “(s)” is to be interpreted as “at least one” and/or “one or more.” In this disclosure, the term “may” is to be interpreted as “may, for example.” In other words, the term “may” is indicative that the phrase following the term “may” is an example of one of a multitude of suitable possibilities that may, or may not, be employed by one or more of the various embodiments. The terms “comprises” and “consists of”, as used herein, enumerate one or more components of the element being described. The term “comprises” is interchangeable with “includes” and does not exclude unenumerated components from being included in the element being described. By contrast, “consists of” provides a complete enumeration of the one or more components of the element being described.
The phrases “based on”, “in response to”, “depending on”, “employing”, “using”, and similar phrases indicate the presence and/or influence of a particular factor and/or condition on an event and/or action, but do not exclude unenumerated factors and/or conditions from also being present and/or influencing the event and/or action. For example, if action X is performed “based on” condition Y, this is to be interpreted as the action being performed “based at least on” condition Y. For example, if the performance of action X is performed when conditions Y and Z are both satisfied, then the performing of action X may be described as being “based on Y”.
The term “configured” may relate to the capacity of a device whether the device is in an operational or non-operational state. Configured may refer to specific settings in a device that effect the operational characteristics of the device whether the device is in an operational or non-operational state. In other words, the hardware, software, firmware, registers, memory values, and/or the like may be “configured” within a device, whether the device is in an operational or nonoperational state, to provide the device with specific characteristics. Terms such as “a control message to cause in a device” may mean that a control message has parameters that may be used to configure specific characteristics or may be used to implement certain actions in the device, whether the device is in an operational or non-operational state.
In this disclosure, a parameter may comprise one or more information objects, and an information object may comprise one or more other objects. For example, if parameter J comprises parameter K, and parameter K comprises parameter L, and parameter L comprises parameter M, then J comprises L, and J comprises M. A parameter may be referred to as a field or information element. In an example embodiment, when one or more messages comprise a plurality of parameters, it implies that a parameter in the plurality of parameters is in at least one of the one or more messages, but does not have to be in each of the one or more messages.
This disclosure may refer to possible combinations of enumerated elements. For the sake of brevity and legibility, the present disclosure does not explicitly recite each and every permutation that may be obtained by choosing from a set of optional features. The present disclosure is to be interpreted as explicitly disclosing all such permutations. For example, the seven possible combinations of enumerated elements A, B, C consist of: (1) “A”; (2) “B”; (3) “C”; (4) “A and B”; (5) “A and C”; (6) “B and C”; and (7) “A, B, and C”. For the sake of brevity and legibility, these seven possible combinations may be described using any of the following interchangeable formulations: “at least one of A, B, and C”; “at least one of A, B, or C”; “one or more of A, B, and C”; “one or more of A, B, or C”; “A, B, and/or C”. It will be understood that impossible combinations are excluded. For example, “X and/or not-X” should be interpreted as “X or not-X”. It will be further understood that these formulations may describe alternative phrasings of overlapping and/or synonymous concepts, for example, “identifier, identification, and/or ID number”.
This disclosure may refer to sets and/or subsets. As an example, set X may be a set of elements comprising one or more elements. If every element of X is also an element of Y, then X may be referred to as a subset of Y. In this disclosure, only non-empty sets and subsets are considered. For example, if Y consists of the elements Y1, Y2, and Y3, then the possible subsets of Y are {Y1, Y2, Y3}, {Y1, Y2}, {Y1, Y3}, {Y2, Y3}, {Y1}, {Y2}, and {Y3}.
The wireless device 101 may communicate with DNs 108 via AN 102 and CN 105. In the present disclosure, the term wireless device may refer to and encompass any mobile device or fixed (non-mobile) device for which wireless communication is needed or usable. For example, a wireless device may be a telephone, smart phone, tablet, computer, laptop, sensor, meter, wearable device, Internet of Things (IoT) device, vehicle road side unit (RSU), relay node, automobile, unmanned aerial vehicle, urban air mobility, and/or any combination thereof. The term wireless device encompasses other terminology, including user equipment (UE), user terminal (UT), access terminal (AT), mobile station, handset, wireless transmit and receive unit (WTRU), and/or wireless communication device.
The AN 102 may connect wireless device 101 to CN 105 in any suitable manner. The communication direction from the AN 102 to the wireless device 101 is known as the downlink and the communication direction from the wireless device 101 to AN 102 is known as the uplink. Downlink transmissions may be separated from uplink transmissions using frequency division duplexing (FDD), time-division duplexing (TDD), and/or some combination of the two duplexing techniques. The AN 102 may connect to wireless device 101 through radio communications over an air interface. An access network that at least partially operates over the air interface may be referred to as a radio access network (RAN). The CN 105 may set up one or more end-to-end connection between wireless device 101 and the one or more DNs 108. The CN 105 may authenticate wireless device 101 and provide charging functionality.
In the present disclosure, the term base station may refer to and encompass any element of AN 102 that facilitates communication between wireless device 101 and AN 102. Access networks and base stations have many different names and implementations. The base station may be a terrestrial base station fixed to the earth. The base station may be a mobile base station with a moving coverage area. The base station may be in space, for example, on board a satellite. For example, WiFi and other standards may use the term access point. As another example, the Third-Generation Partnership Project (3GPP) has produced specifications for three generations of mobile networks, each of which uses different terminology. Third Generation (3G) and/or Universal Mobile Telecommunications System (UMTS) standards may use the term Node B. 4G, Long Term Evolution (LTE), and/or Evolved Universal Terrestrial Radio Access (E-UTRA) standards may use the term Evolved Node B (eNB). 5G and/or New Radio (NR) standards may describe AN 102 as a next-generation radio access network (NG-RAN) and may refer to base stations as Next Generation eNB (ng-eNB) and/or Generation Node B (gNB). Future standards (for example, 6G, 7G, 8G) may use new terminology to refer to the elements which implement the methods described in the present disclosure (e.g., wireless devices, base stations, ANs, CNs, and/or components thereof). A base station may be implemented as a repeater or relay node used to extend the coverage area of a donor node. A repeater node may amplify and rebroadcast a radio signal received from a donor node. A relay node may perform the same/similar functions as a repeater node but may decode the radio signal received from the donor node to remove noise before amplifying and rebroadcasting the radio signal.
The AN 102 may include one or more base stations, each having one or more coverage areas. The geographical size and/or extent of a coverage area may be defined in terms of a range at which a receiver of AN 102 can successfully receive transmissions from a transmitter (e.g., wireless device 101) operating within the coverage area (and/or vice-versa). The coverage areas may be referred to as sectors or cells (although in some contexts, the term cell refers to the carrier frequency used in a particular coverage area, rather than the coverage area itself). Base stations with large coverage areas may be referred to as macrocell base stations. Other base stations cover smaller areas, for example, to provide coverage in areas with weak macrocell coverage, or to provide additional coverage in areas with high traffic (sometimes referred to as hotspots). Examples of small cell base stations include, in order of decreasing coverage area, microcell base stations, picocell base stations, and femtocell base stations or home base stations. Together, the coverage areas of the base stations may provide radio coverage to wireless device 101 over a wide geographic area to support wireless device mobility.
A base station may include one or more sets of antennas for communicating with the wireless device 101 over the air interface. Each set of antennas may be separately controlled by the base station. Each set of antennas may have a corresponding coverage area. As an example, a base station may include three sets of antennas to respectively control three coverage areas on three different sides of the base station. The entirety of the base station (and its corresponding antennas) may be deployed at a single location. Alternatively, a controller at a central location may control one or more sets of antennas at one or more distributed locations. The controller may be, for example, a baseband processing unit that is part of a centralized or cloud RAN architecture. The baseband processing unit may be either centralized in a pool of baseband processing units or virtualized. A set of antennas at a distributed location may be referred to as a remote radio head (RRH).
The base stations of the NG-RAN 152 may be connected to the UEs 151 via Uu interfaces. The base stations of the NG-RAN 152 may be connected to each other via Xn interfaces. The base stations of the NG-RAN 152 may be connected to 5G CN 155 via NG interfaces. The Uu interface may include an air interface. The NG and Xn interfaces may include an air interface, or may consist of direct physical connections and/or indirect connections over an underlying transport network (e.g., an internet protocol (IP) transport network).
Each of the Uu, Xn, and NG interfaces may be associated with a protocol stack. The protocol stacks may include a user plane (UP) and a control plane (CP). Generally, user plane data may include data pertaining to users of the UEs 151, for example, internet content downloaded via a web browser application, sensor data uploaded via a tracking application, or email data communicated to or from an email server. Control plane data, by contrast, may comprise signaling and messages that facilitate packaging and routing of user plane data so that it can be exchanged with the DN(s). The NG interface, for example, may be divided into an NG user plane interface (NG-U) and an NG control plane interface (NG-C). The NG-U interface may provide delivery of user plane data between the base stations and the one or more user plane network functions 155B. The NG-C interface may be used for control signaling between the base stations and the one or more control plane network functions 155A. The NG-C interface may provide, for example, NG interface management, UE context management, UE mobility management, transport of NAS messages, paging, PDU session management, and configuration transfer and/or warning message transmission. In some cases, the NG-C interface may support transmission of user data (for example, a small data transmission for an IoT device).
One or more of the base stations of the NG-RAN 152 may be split into a central unit (CU) and one or more distributed units (DUs). A CU may be coupled to one or more DUs via an F1 interface. The CU may handle one or more upper layers in the protocol stack and the DU may handle one or more lower layers in the protocol stack. For example, the CU may handle RRC, PDCP, and SDAP, and the DU may handle RLC, MAC, and PHY. The one or more DUs may be in geographically diverse locations relative to the CU and/or each other. Accordingly, the CU/DU split architecture may permit increased coverage and/or better coordination.
The gNBs 152A and ng-eNBs 152B may provide different user plane and control plane protocol termination towards the UEs 151. For example, the gNB 154A may provide new radio (NR) protocol terminations over a Uu interface associated with a first protocol stack. The ng-eNBs 152B may provide Evolved UMTS Terrestrial Radio Access (E-UTRA) protocol terminations over a Uu interface associated with a second protocol stack.
The 5G-CN 155 may authenticate UEs 151, set up end-to-end connections between UEs 151 and the one or more DNs 158, and provide charging functionality. The 5G-CN 155 may be based on a service-based architecture, in which the NFs making up the 5G-CN 155 offer services to each other and to other elements of the communication network 150 via interfaces. The 5G-CN 155 may include any number of other NFs and any number of instances of each NF.
In the example of
In the example of
As shown in the example illustration of
The NFs depicted in
Each element depicted in
The UPF 305 may serve as a gateway for user plane traffic between AN 302 and DN 308. The UE 301 may connect to UPF 305 via a Uu interface and an N3 interface (also described as NG-U interface). The UPF 305 may connect to DN 308 via an N6 interface. The UPF 305 may connect to one or more other UPFs (not shown) via an N9 interface. The UE 301 may be configured to receive services through a protocol data unit (PDU) session, which is a logical connection between UE 301 and DN 308. The UPF 305 (or a plurality of UPFs if desired) may be selected by SMF 314 to handle a particular PDU session between UE 301 and DN 308. The SMF 314 may control the functions of UPF 305 with respect to the PDU session. The SMF 314 may connect to UPF 305 via an N4 interface. The UPF 305 may handle any number of PDU sessions associated with any number of UEs (via any number of ANs). For purposes of handling the one or more PDU sessions, UPF 305 may be controlled by any number of SMFs via any number of corresponding N4 interfaces.
The AMF 312 depicted in
The AMF 312 may receive, from UE 301, non-access stratum (NAS) messages transmitted in accordance with NAS protocol. NAS messages relate to communications between UE 301 and the core network. Although NAS messages may be relayed to AMF 312 via AN 302, they may be described as communications via the N1 interface. NAS messages may facilitate UE registration and mobility management, for example, by authenticating, identifying, configuring, and/or managing a connection of UE 301. NAS messages may support session management procedures for maintaining user plane connectivity and quality of service (QOS) of a session between UE 301 and DN 309. If the NAS message involves session management, AMF 312 may send the NAS message to SMF 314. NAS messages may be used to transport messages between UE 301 and other components of the core network (e.g., core network components other than AMF 312 and SMF 314). The AMF 312 may act on a particular NAS message itself, or alternatively, forward the NAS message to an appropriate core network function (e.g., SMF 314, etc.)
The SMF 314 depicted in
The PCF 320 may provide, to other NFs, services relating to policy rules. The PCF 320 may use subscription data and information about network conditions to determine policy rules and then provide the policy rules to a particular NF which may be responsible for enforcement of those rules. Policy rules may relate to policy control for access and mobility, and may be enforced by the AMF. Policy rules may relate to session management, and may be enforced by the SMF 314. Policy rules may be, for example, network-specific, wireless device-specific, session-specific, or data flow-specific.
The NRF 330 may provide service discovery. The NRF 330 may belong to a particular PLMN. The NRF 330 may maintain NF profiles relating to other NFs in the communication network 300. The NF profile may include, for example, an address, PLMN, and/or type of the NF, a slice identifier, a list of the one or more services provided by the NF, and the authorization required to access the services.
The NEF 340 depicted in
The UDM 350 may provide data storage for other NFs. The UDM 350 may permit a consolidated view of network information that may be used to ensure that the most relevant information can be made available to different NFs from a single resource. The UDM 350 may store and/or retrieve information from a unified data repository (UDR). For example, UDM 350 may obtain user subscription data relating to UE 301 from the UDR.
The AUSF 360 may support mutual authentication of UE 301 by the core network and authentication of the core network by UE 301. The AUSF 360 may perform key agreement procedures and provide keying material that can be used to improve security.
The NSSF 370 may select one or more network slices to be used by the UE 301. The NSSF 370 may select a slice based on slice selection information. For example, the NSSF 370 may receive Single Network Slice Selection Assistance Information (S-NSSAI) and map the S-NSSAI to a network slice instance identifier (NSI).
The CHF 380 may control billing-related tasks associated with UE 301. For example, UPF 305 may report traffic usage associated with UE 301 to SMF 314. The SMF 314 may collect usage data from UPF 305 and one or more other UPFs. The usage data may indicate how much data is exchanged, what DN the data is exchanged with, a network slice associated with the data, or any other information that may influence billing. The SMF 314 may share the collected usage data with the CHF. The CHF may use the collected usage data to perform billing-related tasks associated with UE 301. The CHF may, depending on the billing status of UE 301, instruct SMF 314 to limit or influence access of UE 301 and/or to provide billing-related notifications to UE 301.
The NWDAF 390 may collect and analyze data from other network functions and offer data analysis services to other network functions. As an example, NWDAF 390 may collect data relating to a load level for a particular network slice instance from UPF 305, AMF 312, and/or SMF 314. Based on the collected data, NWDAF 390 may provide load level data to the PCF 320 and/or NSSF 370, and/or notify the PC220 and/or NSSF 370 if load level for a slice reaches and/or exceeds a load level threshold.
The AF 399 may be outside the core network, but may interact with the core network to provide information relating to the QoS requirements or traffic routing preferences associated with a particular application. The AF 399 may access the core network based on the exposure constraints imposed by the NEF 340. However, an operator of the core network may consider the AF 399 to be a trusted domain that can access the network directly.
The UPFs 405, 406, 407 may perform traffic detection, in which the UPFs identify and/or classify packets. Packet identification may be performed based on packet detection rules (PDR) provided by the SMF 414. A PDR may include packet detection information comprising one or more of: a source interface, a UE IP address, core network (CN) tunnel information (e.g., a CN address of an N3/N9 tunnel corresponding to a PDU session), a network instance identifier, a quality of service flow identifier (QFI), a filter set (for example, an IP packet filter set or an ethernet packet filter set), and/or an application identifier.
In addition to indicating how a particular packet is to be detected, a PDR may further indicate rules for handling the packet upon detection thereof. The rules may include, for example, forwarding action rules (FARs), multi-access rules (MARs), usage reporting rules (URRs), QoS enforcement rules (QERs), etc. For example, the PDR may comprise one or more FAR identifiers, MAR identifiers, URR identifiers, and/or QER identifiers. These identifiers may indicate the rules that are prescribed for the handling of a particular detected packet.
The UPF 405 may perform traffic forwarding in accordance with a FAR. For example, the FAR may indicate that a packet associated with a particular PDR is to be forwarded, duplicated, dropped, and/or buffered. The FAR may indicate a destination interface, for example, “access” for downlink or “core” for uplink. If a packet is to be buffered, the FAR may indicate a buffering action rule (BAR). As an example, UPF 405 may perform data buffering of a certain number downlink packets if a PDU session is deactivated.
The UPF 405 may perform QoS enforcement in accordance with a QER. For example, the QER may indicate a guaranteed bitrate that is authorized and/or a maximum bitrate to be enforced for a packet associated with a particular PDR. The QER may indicate that a particular guaranteed and/or maximum bitrate may be for uplink packets and/or downlink packets. The UPF 405 may mark packets belonging to a particular QoS flow with a corresponding QFI. The marking may enable a recipient of the packet to determine a QoS of the packet.
The UPF 405 may provide usage reports to the SMF 414 in accordance with a URR. The URR may indicate one or more triggering conditions for generation and reporting of the usage report, for example, immediate reporting, periodic reporting, a threshold for incoming uplink traffic, or any other suitable triggering condition. The URR may indicate a method for measuring usage of network resources, for example, data volume, duration, and/or event.
As noted above, the DNs 408, 409 may comprise public DNS (e.g., the Internet), private DNs (e.g., private, internal corporate-owned DNs), and/or intra-operator DNs. Each DN may provide an operator service and/or a third-party service. The service provided by a DN may be the Internet, an IP multimedia subsystem (IMS), an augmented or virtual reality network, an edge computing or mobile edge computing (MEC) network, etc. Each DN may be identified using a data network name (DNN). The UE 401 may be configured to establish a first logical connection with DN 408 (a first PDU session), a second logical connection with DN 409 (a second PDU session), or both simultaneously (first and second PDU sessions).
Each PDU session may be associated with at least one UPF configured to operate as a PDU session anchor (PSA, or “anchor”). The anchor may be a UPF that provides an N6 interface with a DN.
In the example of
As noted above, UPF 406 may be the anchor for the second PDU session between UE 401 and DN 409. Although the anchor for the first and second PDU sessions are associated with different UPFs in
The SMF 414 may allocate, manage, and/or assign an IP address to UE 401, for example, upon establishment of a PDU session. The SMF 414 may maintain an internal pool of IP addresses to be assigned. The SMF 414 may, if necessary, assign an IP address provided by a dynamic host configuration protocol (DHCP) server or an authentication, authorization, and accounting (AAA) server. IP address management may be performed in accordance with a session and service continuity (SSC) mode. In SSC mode 1, an IP address of UE 401 may be maintained (and the same anchor UPF may be used) as the wireless device moves within the network. In SSC mode 2, the IP address of UE 401 changes as UE 401 moves within the network (e.g., the old IP address and UPF may be abandoned and a new IP address and anchor UPF may be established). In SSC mode 3, it may be possible to maintain an old IP address (similar to SSC mode 1) temporarily while establishing a new IP address (similar to SSC mode 2), thus combining features of SSC modes 1 and 2. Applications that are sensitive to IP address changes may operate in accordance with SSC mode 1.
UPF selection may be controlled by SMF 414. For example, upon establishment and/or modification of a PDU session between UE 401 and DN 408, SMF 414 may select UPF 405 as the anchor for the PDU session and/or UPF 407 as an intermediate UPF. Criteria for UPF selection include path efficiency and/or speed between AN 402 and DN 408. The reliability, load status, location, slice support and/or other capabilities of candidate UPFs may also be considered.
The AN 403 may be, for example, a wireless land area network (WLAN) operating in accordance with the IEEE 802.11 standard. The UE 401 may connect to AN 403, via an interface Y1, in whatever manner is prescribed for AN 403. The connection to AN 403 may or may not involve authentication. The UE 401 may obtain an IP address from AN 403. The UE 401 may determine to connect to core network 400B and select untrusted access for that purpose. The AN 403 may communicate with N3IWF 404 via a Y2 interface. After selecting untrusted access, the UE 401 may provide N3IWF 404 with sufficient information to select an AMF. The selected AMF may be, for example, the same AMF that is used by UE 401 for 3GPP access (AMF 412 in the present example). The N3IWF 404 may communicate with AMF 412 via an N2 interface. The UPF 405 may be selected and N3IWF 404 may communicate with UPF 405 via an N3 interface. The UPF 405 may be a PDU session anchor (PSA) and may remain the anchor for the PDU session even as UE 401 shifts between trusted access and untrusted access.
The UE 501 may not be a subscriber of the VPLMN. The AMF 512 may authorize UE 501 to access the network based on, for example, roaming restrictions that apply to UE 501. In order to obtain network services provided by the VPLMN, it may be necessary for the core network of the VPLMN to interact with core network elements of a HPLMN of UE 501, in particular, a PCF 521, an NRF 531, an NEF 541, a UDM 551, and/or an AUSF 561. The VPLMN and HPLMN may communicate using an N32 interface connecting respective security edge protection proxies (SEPPs). In
The VSEPP 590 and the HSEPP 591 communicate via an N32 interface for defined purposes while concealing information about each PLMN from the other. The SEPPs may apply roaming policies based on communications via the N32 interface. The PCF 520 and PCF 521 may communicate via the SEPPs to exchange policy-related signaling. The NRF 530 and NRF 531 may communicate via the SEPPs to enable service discovery of NFs in the respective PLMNs. The VPLMN and HPLMN may independently maintain NEF 540 and NEF 541. The NSSF 570 and NSSF 571 may communicate via the SEPPs to coordinate slice selection for UE 501. The HPLMN may handle all authentication and subscription related signaling. For example, when the UE 501 registers or requests service via the VPLMN, the VPLMN may authenticate UE 501 and/or obtain subscription data of UE 501 by accessing, via the SEPPs, the UDM 551 and AUSF 561 of the HPLMN.
The core network architecture 500 depicted in
Network architecture 600A illustrates an un-sliced physical network corresponding to a single logical network. The network architecture 600A comprises a user plane wherein UEs 601A, 601B, 601C (collectively, UEs 601) have a physical and logical connection to a DN 608 via an AN 602 and a UPF 605. The network architecture 600A comprises a control plane wherein an AMF 612 and a SMF 614 control various aspects of the user plane.
The network architecture 600A may have a specific set of characteristics (e.g., relating to maximum bit rate, reliability, latency, bandwidth usage, power consumption, etc.). This set of characteristics may be affected by the nature of the network elements themselves (e.g., processing power, availability of free memory, proximity to other network elements, etc.) or the management thereof (e.g., optimized to maximize bit rate or reliability, reduce latency or power bandwidth usage, etc.). The characteristics of network architecture 600A may change over time, for example, by upgrading equipment or by modifying procedures to target a particular characteristic. However, at any given time, network architecture 600A will have a single set of characteristics that may or may not be optimized for a particular use case. For example, UEs 601A, 601B, 601C may have different requirements, but network architecture 600A can only be optimized for one of the three.
Network architecture 600B is an example of a sliced physical network divided into multiple logical networks. In
Each network slice may be tailored to network services having different sets of characteristics. For example, slice A may correspond to enhanced mobile broadband (eMBB) service. Mobile broadband may refer to internet access by mobile users, commonly associated with smartphones. Slice B may correspond to ultra-reliable low-latency communication (URLLC), which focuses on reliability and speed. Relative to eMBB, URLLC may improve the feasibility of use cases such as autonomous driving and telesurgery. Slice C may correspond to massive machine type communication (mMTC), which focuses on low-power services delivered to a large number of users. For example, slice C may be optimized for a dense network of battery-powered sensors that provide small amounts of data at regular intervals. Many mMTC use cases would be prohibitively expensive if they operated using an eMBB or URLLC network.
If the service requirements for one of the UEs 601 changes, then the network slice serving that UE can be updated to provide better service. Moreover, the set of network characteristics corresponding to eMBB, URLLC, and mMTC may be varied, such that differentiated species of eMBB, URLLC, and mMTC are provided. Alternatively, network operators may provide entirely new services in response to, for example, customer demand.
In
Network slice selection may be controlled by an AMF, or alternatively, by a separate network slice selection function (NSSF). For example, a network operator may define and implement distinct network slice instances (NSIs). Each NSI may be associated with single network slice selection assistance information (S-NSSAI). The S-NSSAI may include a particular slice/service type (SST) indicator (indicating eMBB, URLLC, mMTC, etc.). as an example, a particular tracking area may be associated with one or more configured S-NSSAIs. UEs may identify one or more requested and/or subscribed S-NSSAIs (e.g., during registration). The network may indicate to the UE one or more allowed and/or rejected S-NSSAIs.
The S-NSSAI may further include a slice differentiator (SD) to distinguish between different tenants of a particular slice and/or service type. For example, a tenant may be a customer (e.g., vehicle manufacture, service provider, etc.) of a network operator that obtains (for example, purchases) guaranteed network resources and/or specific policies for handling its subscribers. The network operator may configure different slices and/or slice types, and use the SD to determine which tenant is associated with a particular slice.
The layers may be associated with an open system interconnection (OSI) model of computer networking functionality. In the OSI model, layer 1 may correspond to the bottom layer, with higher layers on top of the bottom layer. Layer 1 may correspond to a physical layer, which is concerned with the physical infrastructure used for transfer of signals (for example, cables, fiber optics, and/or radio frequency transceivers). In New Radio (NR), layer 1 may comprise a physical layer (PHY). Layer 2 may correspond to a data link layer. Layer 2 may be concerned with packaging of data (into, e.g., data frames) for transfer, between nodes of the network, using the physical infrastructure of layer 1. In NR, layer 2 may comprise a media access control layer (MAC), a radio link control layer (RLC), a packet data convergence layer (PDCP), and a service data application protocol layer (SDAP).
Layer 3 may correspond to a network layer. Layer 3 may be concerned with routing of the data which has been packaged in layer 2. Layer 3 may handle prioritization of data and traffic avoidance. In NR, layer 3 may comprise a radio resource control layer (RRC) and a non-access stratum layer (NAS). Layers 4 through 7 may correspond to a transport layer, a session layer, a presentation layer, and an application layer. The application layer interacts with an end user to provide data associated with an application. In an example, an end user implementing the application may generate data associated with the application and initiate sending of that information to a targeted data network (e.g., the Internet, an application server, etc.). Starting at the application layer, each layer in the OSI model may manipulate and/or repackage the information and deliver it to a lower layer. At the lowest layer, the manipulated and/or repackaged information may be exchanged via physical infrastructure (for example, electrically, optically, and/or electromagnetically). As it approaches the targeted data network, the information will be unpackaged and provided to higher and higher layers, until it once again reaches the application layer in a form that is usable by the targeted data network (e.g., the same form in which it was provided by the end user). To respond to the end user, the data network may perform this procedure in reverse.
The NAS may be concerned with the non-access stratum, in particular, communication between the UE 701 and the core network (e.g., the AMF 712). Lower layers may be concerned with the access stratum, for example, communication between the UE 701 and the gNB 702. Messages sent between the UE 701 and the core network may be referred to as NAS messages. In an example, a NAS message may be relayed by the gNB 702, but the content of the NAS message (e.g., information elements of the NAS message) may not be visible to the gNB 702.
PDCP 761 and PDCP 762 may perform header compression and/or decompression. Header compression may reduce the amount of data transmitted over the physical layer. The PDCP 761 and PDCP 762 may perform ciphering and/or deciphering. Ciphering may reduce unauthorized decoding of data transmitted over the physical layer (e.g., intercepted on an air interface), and protect data integrity (e.g., to ensure control messages originate from intended sources). The PDCP 761 and PDCP 762 may perform retransmissions of undelivered packets, in-sequence delivery and reordering of packets, duplication of packets, and/or identification and removal of duplicate packets. In a dual connectivity scenario, PDCP 761 and PDCP 762 may perform mapping between a split radio bearer and RLC channels.
RLC 751 and RLC 752 may perform segmentation, retransmission through Automatic Repeat Request (ARQ). The RLC 751 and RLC 752 may perform removal of duplicate data units received from MAC 741 and MAC 742, respectively. The RLCs 213 and 223 may provide RLC channels as a service to PDCPs 214 and 224, respectively.
MAC 741 and MAC 742 may perform multiplexing and/or demultiplexing of logical channels. MAC 741 and MAC 742 may map logical channels to transport channels. In an example, UE 701 may, in MAC 741, multiplex data units of one or more logical channels into a transport block. The UE 701 may transmit the transport block to the gNB 702 using PHY 731. The gNB 702 may receive the transport block using PHY 732 and demultiplex data units of the transport blocks back into logical channels. MAC 741 and MAC 742 may perform error correction through Hybrid Automatic Repeat Request (HARQ), logical channel prioritization, and/or padding.
PHY 731 and PHY 732 may perform mapping of transport channels to physical channels. PHY 731 and PHY 732 may perform digital and analog signal processing functions (e.g., coding/decoding and modulation/demodulation) for sending and receiving information (e.g., transmission via an air interface). PHY 731 and PHY 732 may perform multi-antenna mapping.
In the example of
One or more applications associated with UE 801 may generate uplink packets 812A-812E associated with the PDU session 810. In order to work within the QoS model, UE 801 may apply QoS rules 814 to uplink packets 812A-812E. The QoS rules 814 may be associated with PDU session 810 and may be determined and/or provided to the UE 801 when PDU session 810 is established and/or modified. Based on QoS rules 814, UE 801 may classify uplink packets 812A-812E, map each of the uplink packets 812A-812E to a QoS flow, and/or mark uplink packets 812A-812E with a QoS flow indicator (QFI). As a packet travels through the network, and potentially mixes with other packets from other UEs having potentially different priorities, the QFI indicates how the packet should be handled in accordance with the QoS model. In the present illustration, uplink packets 812A, 812B are mapped to QoS flow 816A, uplink packet 812C is mapped to QoS flow 816B, and the remaining packets are mapped to QoS flow 816C.
The QoS flows may be the finest granularity of QoS differentiation in a PDU session. In the figure, three QoS flows 816A-816C are illustrated. However, it will be understood that there may be any number of QoS flows. Some QoS flows may be associated with a guaranteed bit rate (GBR QoS flows) and others may have bit rates that are not guaranteed (non-GBR QoS flows). QoS flows may also be subject to per-UE and per-session aggregate bit rates. One of the QoS flows may be a default QoS flow. The QoS flows may have different priorities. For example, QoS flow 816A may have a higher priority than QoS flow 816B, which may have a higher priority than QoS flow 816C. Different priorities may be reflected by different QoS flow characteristics. For example, QoS flows may be associated with flow bit rates. A particular QoS flow may be associated with a guaranteed flow bit rate (GFBR) and/or a maximum flow bit rate (MFBR). QoS flows may be associated with specific packet delay budgets (PDBs), packet error rates (PERs), and/or maximum packet loss rates. QoS flows may also be subject to per-UE and per-session aggregate bit rates.
In order to work within the QoS model, UE 801 may apply resource mapping rules 818 to the QoS flows 816A-816C. The air interface between UE 801 and AN 802 may be associated with resources 820. In the present illustration, QoS flow 816A is mapped to resource 820A, whereas QoS flows 816B, 816C are mapped to resource 820B. The resource mapping rules 818 may be provided by the AN 802. In order to meet QoS requirements, the resource mapping rules 818 may designate more resources for relatively high-priority QoS flows. With more resources, a high-priority QoS flow such as QoS flow 816A may be more likely to obtain the high flow bit rate, low packet delay budget, or other characteristic associated with QoS rules 814. The resources 820 may comprise, for example, radio bearers. The radio bearers (e.g., data radio bearers) may be established between the UE 801 and the AN 802. The radio bearers in 5G, between the UE 801 and the AN 802, may be distinct from bearers in LTE, for example, Evolved Packet System (EPS) bearers between a UE and a packet data network gateway (PGW), S1 bearers between an eNB and a serving gateway (SGW), and/or an S5/S8 bearer between an SGW and a PGW.
Once a packet associated with a particular QoS flow is received at AN 802 via resource 820A or resource 820B, AN 802 may separate packets into respective QoS flows 856A-856C based on QoS profiles 828. The QoS profiles 828 may be received from an SMF. Each QoS profile may correspond to a QFI, for example, the QFI marked on the uplink packets 812A-812E. Each QoS profile may include QoS parameters such as 5G QoS identifier (5QI) and an allocation and retention priority (ARP). The QoS profile for non-GBR QoS flows may further include additional QoS parameters such as a reflective QoS attribute (RQA). The QoS profile for GBR QoS flows may further include additional QoS parameters such as a guaranteed flow bit rate (GFBR), a maximum flow bit rate (MFBR), and/or a maximum packet loss rate. The 5QI may be a standardized 5QI which have one-to-one mapping to a standardized combination of 5G QoS characteristics per well-known services. The 5QI may be a dynamically assigned 5QI which the standardized 5QI values are not defined. The 5QI may represent 5G QoS characteristics. The 5QI may comprise a resource type, a default priority level, a packet delay budget (PDB), a packet error rate (PER), a maximum data burst volume, and/or an averaging window. The resource type may indicate a non-GBR QoS flow, a GBR QoS flow or a delay-critical GBR QoS flow. The averaging window may represent a duration over which the GFBR and/or MFBR is calculated. ARP may be a priority level comprising pre-emption capability and a pre-emption vulnerability. Based on the ARP, the AN 802 may apply admission control for the QoS flows in a case of resource limitations.
The AN 802 may select one or more N3 tunnels 850 for transmission of the QoS flows 856A-856C. After the packets are divided into QoS flows 856A-856C, the packet may be sent to UPF 805 (e.g., towards a DN) via the selected one or more N3 tunnels 850. The UPF 805 may verify that the QFIs of the uplink packets 812A-812E are aligned with the QoS rules 814 provided to the UE 801. The UPF 805 may measure and/or count packets and/or provide packet metrics to, for example, a PCF.
The figure also illustrates a process for downlink. In particular, one or more applications may generate downlink packets 852A-852E. The UPF 805 may receive downlink packets 852A-852E from one or more DNs and/or one or more other UPFs. As per the QoS model, UPF 805 may apply packet detection rules (PDRs) 854 to downlink packets 852A-852E. Based on PDRs 854, UPF 805 may map packets 852A-852E into QoS flows. In the present illustration, downlink packets 852A, 852B are mapped to QoS flow 856A, downlink packet 852C is mapped to QoS flow 856B, and the remaining packets are mapped to QoS flow 856C.
The QoS flows 856A-856C may be sent to AN 802. The AN 802 may apply resource mapping rules to the QoS flows 856A-856C. In the present illustration, QoS flow 856A is mapped to resource 820A, whereas QoS flows 856B, 856C are mapped to resource 820B. In order to meet QoS requirements, the resource mapping rules may designate more resources to high-priority QoS flows.
In RRC connected 930, it may be possible for the UE to exchange data with the network (for example, the base station). The parameters necessary for exchange of data may be established and known to both the UE and the network. The parameters may be referred to and/or included in an RRC context of the UE (sometimes referred to as a UE context). These parameters may include, for example: one or more AS contexts; one or more radio link configuration parameters; bearer configuration information (e.g., relating to a data radio bearer, signaling radio bearer, logical channel, QoS flow, and/or PDU session); security information; and/or PHY, MAC, RLC, PDCP, and/or SDAP layer configuration information. The base station with which the UE is connected may store the RRC context of the UE.
While in RRC connected 930, mobility of the UE may be managed by the access network, whereas the UE itself may manage mobility while in RRC idle 910 and/or RRC inactive 920. While in RRC connected 930, the UE may manage mobility by measuring signal levels (e.g., reference signal levels) from a serving cell and neighboring cells and reporting these measurements to the base station currently serving the UE. The network may initiate handover based on the reported measurements. The RRC state may transition from RRC connected 930 to RRC idle 910 through a connection release procedure 930 or to RRC inactive 920 through a connection inactivation procedure 932.
In RRC idle 910, an RRC context may not be established for the UE. In RRC idle 910, the UE may not have an RRC connection with a base station. While in RRC idle 910, the UE may be in a sleep state for a majority of the time (e.g., to conserve battery power). The UE may wake up periodically (e.g., once in every discontinuous reception cycle) to monitor for paging messages from the access network. Mobility of the UE may be managed by the UE through a procedure known as cell reselection. The RRC state may transition from RRC idle 910 to RRC connected 930 through a connection establishment procedure 913, which may involve a random access procedure, as discussed in greater detail below.
In RRC inactive 920, the RRC context previously established is maintained in the UE and the base station. This may allow for a fast transition to RRC connected 930 with reduced signaling overhead as compared to the transition from RRC idle 910 to RRC connected 930. The RRC state may transition to RRC connected 930 through a connection resume procedure 923. The RRC state may transition to RRC idle 910 though a connection release procedure 921 that may be the same as or similar to connection release procedure 931.
An RRC state may be associated with a mobility management mechanism. In RRC idle 910 and RRC inactive 920, mobility may be managed by the UE through cell reselection. The purpose of mobility management in RRC idle 910 and/or RRC inactive 920 is to allow the network to be able to notify the UE of an event via a paging message without having to broadcast the paging message over the entire mobile communications network. The mobility management mechanism used in RRC idle 910 and/or RRC inactive 920 may allow the network to track the UE on a cell-group level so that the paging message may be broadcast over the cells of the cell group that the UE currently resides within instead of the entire communication network. Tracking may be based on different granularities of grouping. For example, there may be three levels of cell-grouping granularity: individual cells; cells within a RAN area identified by a RAN area identifier (RAI); and cells within a group of RAN areas, referred to as a tracking area and identified by a tracking area identifier (TAI).
Tracking areas may be used to track the UE at the CN level. The CN may provide the UE with a list of TAIs associated with a UE registration area. If the UE moves, through cell reselection, to a cell associated with a TAI not included in the list of TAIs associated with the UE registration area, the UE may perform a registration update with the CN to allow the CN to update the UE's location and provide the UE with a new the UE registration area.
RAN areas may be used to track the UE at the RAN level. For a UE in RRC inactive 920 state, the UE may be assigned a RAN notification area. A RAN notification area may comprise one or more cell identities, a list of RAIs, and/or a list of TAIs. In an example, a base station may belong to one or more RAN notification areas. In an example, a cell may belong to one or more RAN notification areas. If the UE moves, through cell reselection, to a cell not included in the RAN notification area assigned to the UE, the UE may perform a notification area update with the RAN to update the UE's RAN notification area.
A base station storing an RRC context for a UE or a last serving base station of the UE may be referred to as an anchor base station. An anchor base station may maintain an RRC context for the UE at least during a period of time that the UE stays in a RAN notification area of the anchor base station and/or during a period of time that the UE stays in RRC inactive 920.
In RM deregistered 940, the UE is not registered with the network, and the UE is not reachable by the network. In order to be reachable by the network, the UE must perform an initial registration. As an example, the UE may register with an AMF of the network. If registration is rejected (registration reject 944), then the UE remains in RM deregistered 940. If registration is accepted (registration accept 945), then the UE transitions to RM registered 950. While the UE is RM registered 950, the network may store, keep, and/or maintain a UE context for the UE. The UE context may be referred to as wireless device context. The UE context corresponding to network registration (maintained by the core network) may be different from the RRC context corresponding to RRC state (maintained by an access network, .e.g., a base station). The UE context may comprise a UE identifier and a record of various information relating to the UE, for example, UE capability information, policy information for access and mobility management of the UE, lists of allowed or established slices or PDU sessions, and/or a registration area of the UE (i.e., a list of tracking areas covering the geographical area where the wireless device is likely to be found).
While the UE is RM registered 950, the network may store the UE context of the UE, and if necessary use the UE context to reach the UE. Moreover, some services may not be provided by the network unless the UE is registered. The UE may update its UE context while remaining in RM registered 950 (registration update accept 955). For example, if the UE leaves one tracking area and enters another tracking area, the UE may provide a tracking area identifier to the network. The network may deregister the UE, or the UE may deregister itself (deregistration 954). For example, the network may automatically deregister the wireless device if the wireless device is inactive for a certain amount of time. Upon deregistration, the UE may transition to RM deregistered 940.
In CM idle 960, the UE does not have a non access stratum (NAS) signaling connection with the network. As a result, the UE can not communicate with core network functions. The UE may transition to CM connected 970 by establishing an AN signaling connection (AN signaling connection establishment 967). This transition may be initiated by sending an initial NAS message. The initial NAS message may be a registration request (e.g., if the UE is RM deregistered 940) or a service request (e.g., if the UE is RM registered 950). If the UE is RM registered 950, then the UE may initiate the AN signaling connection establishment by sending a service request, or the network may send a page, thereby triggering the UE to send the service request.
In CM connected 970, the UE can communicate with core network functions using NAS signaling. As an example, the UE may exchange NAS signaling with an AMF for registration management purposes, service request procedures, and/or authentication procedures. As another example, the UE may exchange NAS signaling, with an SMF, to establish and/or modify a PDU session. The network may disconnect the UE, or the UE may disconnect itself (AN signaling connection release 976). For example, if the UE transitions to RM deregistered 940, then the UE may also transition to CM idle 960. When the UE transitions to CM idle 960, the network may deactivate a user plane connection of a PDU session of the UE.
Registration may be initiated by a UE for the purposes of obtaining authorization to receive services, enabling mobility tracking, enabling reachability, or other purposes. The UE may perform an initial registration as a first step toward connection to the network (for example, if the UE is powered on, airplane mode is turned off, etc.). Registration may also be performed periodically to keep the network informed of the UE's presence (for example, while in CM-IDLE state), or in response to a change in UE capability or registration area. Deregistration (not shown in
At 1010, the UE transmits a registration request to an AN. As an example, the UE may have moved from a coverage area of a previous AMF (illustrated as AMF #1) into a coverage area of a new AMF (illustrated as AMF #2). The registration request may be a NAS message. The registration request may include a UE identifier. The AN may select an AMF for registration of the UE. For example, the AN may select a default AMF. For example, the AN may select an AMF that is already mapped to the UE (e.g., a previous AMF). The NAS registration request may include a network slice identifier and the AN may select an AMF based on the requested slice. After the AMF is selected, the AN may send the registration request to the selected AMF.
At 1020, the AMF that receives the registration request (AMF #2) performs a context transfer. The context may be a UE context, for example, an RRC context for the UE. As an example, AMF #2 may send AMF #1 a message requesting a context of the UE. The message may include the UE identifier. The message may be a Namf_Communication_UEContextTransfer message. AMF #1 may send to AMF #2 a message that includes the requested UE context. This message may be a Namf_Communication_UEContextTransfer message. After the UE context is received, the AMF #2 may coordinate authentication of the UE. After authentication is complete, AMF #2 may send to AMF #1 a message indicating that the UE context transfer is complete. This message may be a Namf_Communication_UEContextTransfer Response message.
Authentication may require participation of the UE, an AUSF, a UDM and/or a UDR (not shown). For example, the AMF may request that the AUSF authenticate the UE. For example, the AUSF may execute authentication of the UE. For example, the AUSF may get authentication data from UDM. For example, the AUSF may send a subscription permanent identifier (SUPI) to the AMF based on the authentication being successful. For example, the AUSF may provide an intermediate key to the AMF. The intermediate key may be used to derive an access-specific security key for the UE, enabling the AMF to perform security context management (SCM). The AUSF may obtain subscription data from the UDM. The subscription data may be based on information obtained from the UDM (and/or the UDR). The subscription data may include subscription identifiers, security credentials, access and mobility related subscription data and/or session related data.
At 1030, the new AMF, AMF #2, registers and/or subscribes with the UDM. AMF #2 may perform registration using a UE context management service of the UDM (Nudm_UECM). AMF #2 may obtain subscription information of the UE using a subscriber data management service of the UDM (Nudm_SDM). AMF #2 may further request that the UDM notify AMF #2 if the subscription information of the UE changes. As the new AMF registers and subscribes, the old AMF, AMF #1, may deregister and unsubscribe. After deregistration, AMF #1 is free of responsibility for mobility management of the UE.
At 1040, AMF #2 retrieves access and mobility (AM) policies from the PCF. As an example, the AMF #2 may provide subscription data of the UE to the PCF. The PCF may determine access and mobility policies for the UE based on the subscription data, network operator data, current network conditions, and/or other suitable information. For example, the owner of a first UE may purchase a higher level of service than the owner of a second UE. The PCF may provide the rules associated with the different levels of service. Based on the subscription data of the respective UEs, the network may apply different policies which facilitate different levels of service.
For example, access and mobility policies may relate to service area restrictions, RAT/frequency selection priority (RFSP, where RAT stands for radio access technology), authorization and prioritization of access type (e.g., LTE versus NR), and/or selection of non-3GPP access (e.g., Access Network Discovery and Selection Policy (ANDSP). The service area restrictions may comprise a list of tracking areas where the UE is allowed to be served (or forbidden from being served). The access and mobility policies may include a UE route selection policy (URSP)) that influences routing to an established PDU session or a new PDU session. As noted above, different policies may be obtained and/or enforced based on subscription data of the UE, location of the UE (i.e., location of the AN and/or AMF), or other suitable factors.
At 1050, AMF #2 may update a context of a PDU session. For example, if the UE has an existing PDU session, the AMF #2 may coordinate with an SMF to activate a user plane connection associated with the existing PDU session. The SMF may update and/or release a session management context of the PDU session (Nsmf_PDUSession_UpdateSMContext, Nsmf_PDUSession_ReleaseSMContext).
At 1060, AMF #2 sends a registration accept message to the AN, which forwards the registration accept message to the UE. The registration accept message may include a new UE identifier and/or a new configured slice identifier. The UE may transmit a registration complete message to the AN, which forwards the registration complete message to the AMF #2. The registration complete message may acknowledge receipt of the new UE identifier and/or new configured slice identifier.
At 1070, AMF #2 may obtain UE policy control information from the PCF. The PCF may provide an access network discovery and selection policy (ANDSP) to facilitate non-3GPP access. The PCF may provide a UE route selection policy (URSP) to facilitate mapping of particular data traffic to particular PDU session connectivity parameters. As an example, the URSP may indicate that data traffic associated with a particular application should be mapped to a particular SSC mode, network slice, PDU session type, or preferred access type (3GPP or non-3GPP).
At 1110, a UPF receives data. The data may be downlink data for transmission to a UE. The data may be associated with an existing PDU session between the UE and a DN. The data may be received, for example, from a DN and/or another UPF. The UPF may buffer the received data. In response to the receiving of the data, the UPF may notify an SMF of the received data. The identity of the SMF to be notified may be determined based on the received data. The notification may be, for example, an N4 session report. The notification may indicate that the UPF has received data associated with the UE and/or a particular PDU session associated with the UE. In response to receiving the notification, the SMF may send PDU session information to an AMF. The PDU session information may be sent in an N1N2 message transfer for forwarding to an AN. The PDU session information may include, for example, UPF tunnel endpoint information and/or QoS information.
At 1120, the AMF determines that the UE is in a CM-IDLE state. The determining at 1120 may be in response to the receiving of the PDU session information. Based on the determination that the UE is CM-IDLE, the service request procedure may proceed to 1130 and 1140, as depicted in
At 1130, the AMF pages the UE. The paging at 1130 may be performed based on the UE being CM-IDLE. To perform the paging, the AMF may send a page to the AN. The page may be referred to as a paging or a paging message. The page may be an N2 request message. The AN may be one of a plurality of ANs in a RAN notification area of the UE. The AN may send a page to the UE. The UE may be in a coverage area of the AN and may receive the page.
At 1140, the UE may request service. The UE may transmit a service request to the AMF via the AN. As depicted in
At 1150, the network may authenticate the UE. Authentication may require participation of the UE, an AUSF, and/or a UDM, for example, similar to authentication described elsewhere in the present disclosure. In some cases (for example, if the UE has recently been authenticated), the authentication at 1150 may be skipped.
At 1160, the AMF and SMF may perform a PDU session update. As part of the PDU session update, the SMF may provide the AMF with one or more UPF tunnel endpoint identifiers. In some cases (not shown in
At 1170, the AMF may send PDU session information to the AN. The PDU session information may be included in an N2 request message. Based on the PDU session information, the AN may configure a user plane resource for the UE. To configure the user plane resource, the AN may, for example, perform an RRC reconfiguration of the UE. The AN may acknowledge to the AMF that the PDU session information has been received. The AN may notify the AMF that the user plane resource has been configured, and/or provide information relating to the user plane resource configuration.
In the case of a UE-triggered service request procedure, the UE may receive, at 1170, a NAS service accept message from the AMF via the AN. After the user plane resource is configured, the UE may transmit uplink data (for example, the uplink data that caused the UE to trigger the service request procedure).
At 1180, the AMF may update a session management (SM) context of the PDU session. For example, the AMF may notify the SMF (and/or one or more other associated SMFs) that the user plane resource has been configured, and/or provide information relating to the user plane resource configuration. The AMF may provide the SMF (and/or one or more other associated SMFs) with one or more AN tunnel endpoint identifiers of the AN. After the SM context update is complete, the SMF may send an update SM context response message to the AMF.
Based on the update of the session management context, the SMF may update a PCF for purposes of policy control. For example, if a location of the UE has changed, the SMF may notify the PCF of the UE's a new location.
Based on the update of the session management context, the SMF and UPF may perform a session modification. The session modification may be performed using N4 session modification messages. After the session modification is complete, the UPF may transmit downlink data (for example, the downlink data that caused the UPF to trigger the network-triggered service request procedure) to the UE. The transmitting of the downlink data may be based on the one or more AN tunnel endpoint identifiers of the AN.
At 1210, the UE initiates PDU session establishment. The UE may transmit a PDU session establishment request to an AMF via an AN. The PDU session establishment request may be a NAS message. The PDU session establishment request may indicate: a PDU session ID; a requested PDU session type (new or existing); a requested DN (DNN); a requested network slice (S-NSSAI); a requested SSC mode; and/or any other suitable information. The PDU session ID may be generated by the UE. The PDU session type may be, for example, an Internet Protocol (IP)-based type (e.g., IPv4, IPv6, or dual stack IPv4/IPv6), an Ethernet type, or an unstructured type.
The AMF may select an SMF based on the PDU session establishment request. In some scenarios, the requested PDU session may already be associated with a particular SMF. For example, the AMF may store a UE context of the UE, and the UE context may indicate that the PDU session ID of the requested PDU session is already associated with the particular SMF. In some scenarios, the AMF may select the SMF based on a determination that the SMF is prepared to handle the requested PDU session. For example, the requested PDU session may be associated with a particular DNN and/or S-NSSAI, and the SMF may be selected based on a determination that the SMF can manage a PDU session associated with the particular DNN and/or S-NSSAI.
At 1220, the network manages a context of the PDU session. After selecting the SMF at 1210, the AMF sends a PDU session context request to the SMF. The PDU session context request may include the PDU session establishment request received from the UE at 1210. The PDU session context request may be a Nsmf_PDUSession_CreateSMContext Request and/or a Nsmf_PDUSession_UpdateSMContext Request. The PDU session context request may indicate identifiers of the UE; the requested DN; and/or the requested network slice. Based on the PDU session context request, the SMF may retrieve subscription data from a UDM. The subscription data may be session management subscription data of the UE. The SMF may subscribe for updates to the subscription data, so that the PCF will send new information if the subscription data of the UE changes. After the subscription data of the UE is obtained, the SMF may transmit a PDU session context response to the AMG. The PDU session context response may be a Nsmf_PDUSession_CreateSMContext Response and/or a Nsmf_PDUSession_UpdateSMContext Response. The PDU session context response may include a session management context ID.
At 1230, secondary authorization/authentication may be performed, if necessary. The secondary authorization/authentication may involve the UE, the AMF, the SMF, and the DN. The SMF may access the DN via a Data Network Authentication, Authorization and Accounting (DN AAA) server.
At 1240, the network sets up a data path for uplink data associated with the PDU session. The SMF may select a PCF and establish a session management policy association. Based on the association, the PCF may provide an initial set of policy control and charging rules (PCC rules) for the PDU session. When targeting a particular PDU session, the PCF may indicate, to the SMF, a method for allocating an IP address to the PDU Session, a default charging method for the PDU session, an address of the corresponding charging entity, triggers for requesting new policies, etc. The PCF may also target a service data flow (SDF) comprising one or more PDU sessions. When targeting an SDF, the PCF may indicate, to the SMF, policies for applying QoS requirements, monitoring traffic (e.g., for charging purposes), and/or steering traffic (e.g., by using one or more particular N6 interfaces).
The SMF may determine and/or allocate an IP address for the PDU session. The SMF may select one or more UPFs (a single UPF in the example of
The SMF may send PDU session management information to the AMF. The PDU session management information may be a Namf_Communication_N1N2MessageTransfer message. The PDU session management information may include the PDU session ID. The PDU session management information may be a NAS message. The PDU session management information may include N1 session management information and/or N2 session management information. The N1 session management information may include a PDU session establishment accept message. The PDU session establishment accept message may include tunneling endpoint information of the UPF and quality of service (QOS) information associated with the PDU session.
The AMF may send an N2 request to the AN. The N2 request may include the PDU session establishment accept message. Based on the N2 request, the AN may determine AN resources for the UE. The AN resources may be used by the UE to establish the PDU session, via the AN, with the DN. The AN may determine resources to be used for the PDU session and indicate the determined resources to the UE. The AN may send the PDU session establishment accept message to the UE. For example, the AN may perform an RRC reconfiguration of the UE. After the AN resources are set up, the AN may send an N2 request acknowledge to the AMF. The N2 request acknowledge may include N2 session management information, for example, the PDU session ID and tunneling endpoint information of the AN.
After the data path for uplink data is set up at 1240, the UE may optionally send uplink data associated with the PDU session. As shown in
At 1250, the network may update the PDU session context. The AMF may transmit a PDU session context update request to the SMF. The PDU session context update request may be a Nsmf_PDUSession_UpdateSMContext Request. The PDU session context update request may include the N2 session management information received from the AN. The SMF may acknowledge the PDU session context update. The acknowledgement may be a Nsmf_PDUSession_UpdateSMContext Response. The acknowledgement may include a subscription requesting that the SMF be notified of any UE mobility event. Based on the PDU session context update request, the SMF may send an N4 session message to the UPF. The N4 session message may be an N4 Session Modification Request. The N4 session message may include tunneling endpoint information of the AN. The N4 session message may include forwarding rules associated with the PDU session. In response, the UPF may acknowledge by sending an N4 session modification response.
After the UPF receives the tunneling endpoint information of the AN, the UPF may relay downlink data associated with the PDU session. As shown in
The wireless device 1310 may communicate with base station 1320 over an air interface 1370. The communication direction from wireless device 1310 to base station 1320 over air interface 1370 is known as uplink, and the communication direction from base station 1320 to wireless device 1310 over air interface 1370 is known as downlink. Downlink transmissions may be separated from uplink transmissions using FDD, TDD, and/or some combination of duplexing techniques.
The wireless device 1310 may comprise a processing system 1311 and a memory 1312. The memory 1312 may comprise one or more computer-readable media, for example, one or more non-transitory computer readable media. The memory 1312 may include instructions 1313. The processing system 1311 may process and/or execute instructions 1313. Processing and/or execution of instructions 1313 may cause wireless device 1310 and/or processing system 1311 to perform one or more functions or activities. The memory 1312 may include data (not shown). One of the functions or activities performed by processing system 1311 may be to store data in memory 1312 and/or retrieve previously-stored data from memory 1312. In an example, downlink data received from base station 1320 may be stored in memory 1312, and uplink data for transmission to base station 1320 may be retrieved from memory 1312. As illustrated in
The wireless device 1310 may comprise one or more other elements 1319. The one or more other elements 1319 may comprise software and/or hardware that provide features and/or functionalities, for example, a speaker, a microphone, a keypad, a display, a touchpad, a satellite transceiver, a universal serial bus (USB) port, a hands-free headset, a frequency modulated (FM) radio unit, a media player, an Internet browser, an electronic control unit (e.g., for a motor vehicle), and/or one or more sensors (e.g., an accelerometer, a gyroscope, a temperature sensor, a radar sensor, a lidar sensor, an ultrasonic sensor, a light sensor, a camera, a global positioning sensor (GPS) and/or the like). The wireless device 1310 may receive user input data from and/or provide user output data to the one or more one or more other elements 1319. The one or more other elements 1319 may comprise a power source. The wireless device 1310 may receive power from the power source and may be configured to distribute the power to the other components in wireless device 1310. The power source may comprise one or more sources of power, for example, a battery, a solar cell, a fuel cell, or any combination thereof.
The wireless device 1310 may transmit uplink data to and/or receive downlink data from base station 1320 via air interface 1370. To perform the transmission and/or reception, one or more of the processing system 1311, transmission processing system 1314, and/or reception system 1315 may implement open systems interconnection (OSI) functionality. As an example, transmission processing system 1314 and/or reception system 1315 may perform layer 1 OSI functionality, and processing system 1311 may perform higher layer functionality. The wireless device 1310 may transmit and/or receive data over air interface 1370 using one or more antennas 1316. For scenarios where the one or more antennas 1316 include multiple antennas, the multiple antennas may be used to perform one or more multi-antenna techniques, such as spatial multiplexing (e.g., single-user multiple-input multiple output (MIMO) or multi-user MIMO), transmit/receive diversity, and/or beamforming.
The base station 1320 may comprise a processing system 1321 and a memory 1322. The memory 1322 may comprise one or more computer-readable media, for example, one or more non-transitory computer readable media. The memory 1322 may include instructions 1323. The processing system 1321 may process and/or execute instructions 1323. Processing and/or execution of instructions 1323 may cause base station 1320 and/or processing system 1321 to perform one or more functions or activities. The memory 1322 may include data (not shown). One of the functions or activities performed by processing system 1321 may be to store data in memory 1322 and/or retrieve previously-stored data from memory 1322. The base station 1320 may communicate with wireless device 1310 using a transmission processing system 1324 and a reception processing system 1325. Although not shown in
The base station 1320 may transmit downlink data to and/or receive uplink data from wireless device 1310 via air interface 1370. To perform the transmission and/or reception, one or more of the processing system 1321, transmission processing system 1324, and/or reception system 1325 may implement OSI functionality. As an example, transmission processing system 1324 and/or reception system 1325 may perform layer 1 OSI functionality, and processing system 1321 may perform higher layer functionality. The base station 1320 may transmit and/or receive data over air interface 1370 using one or more antennas 1326. For scenarios where the one or more antennas 1326 include multiple antennas, the multiple antennas may be used to perform one or more multi-antenna techniques, such as spatial multiplexing (e.g., single-user multiple-input multiple output (MIMO) or multi-user MIMO), transmit/receive diversity, and/or beamforming.
The base station 1320 may comprise an interface system 1327. The interface system 1327 may communicate with one or more base stations and/or one or more elements of the core network via an interface 1380. The interface 1380 may be wired and/or wireless and interface system 1327 may include one or more components suitable for communicating via interface 1380. In
The deployment 1330 may comprise any number of portions of any number of instances of one or more network functions (NFs). The deployment 1330 may comprise a processing system 1331 and a memory 1332. The memory 1332 may comprise one or more computer-readable media, for example, one or more non-transitory computer readable media. The memory 1332 may include instructions 1333. The processing system 1331 may process and/or execute instructions 1333. Processing and/or execution of instructions 1333 may cause the deployment 1330 and/or processing system 1331 to perform one or more functions or activities. The memory 1332 may include data (not shown). One of the functions or activities performed by processing system 1331 may be to store data in memory 1332 and/or retrieve previously-stored data from memory 1332. The deployment 1330 may access the interface 1380 using an interface system 1337. The deployment 1330 may comprise one or more other elements 1339 analogous to one or more of the one or more other elements 1319.
One or more of the systems 1311, 1314, 1315, 1321, 1324, 1325, and/or 1331 may comprise one or more controllers and/or one or more processors. The one or more controllers and/or one or more processors may comprise, for example, a general-purpose processor, a digital signal processor (DSP), a microcontroller, an application specific integrated circuit (ASIC), a field programmable gate array (FPGA) and/or other programmable logic device, discrete gate and/or transistor logic, discrete hardware components, an on-board unit, or any combination thereof. One or more of the systems 1311, 1314, 1315, 1321, 1324, 1325, and/or 1331 may perform signal coding/processing, data processing, power control, input/output processing, and/or any other functionality that may enable wireless device 1310, base station 1320, and/or deployment 1330 to operate in a mobile communications system.
Many of the elements described in the disclosed embodiments may be implemented as modules. A module is defined here as an element that performs a defined function and has a defined interface to other elements. The modules described in this disclosure may be implemented in hardware, software in combination with hardware, firmware, wetware (e.g. hardware with a biological element) or a combination thereof, which may be behaviorally equivalent. For example, modules may be implemented as a software routine written in a computer language configured to be executed by a hardware machine (such as C, C++, Fortran, Java, Basic, Matlab or the like) or a modeling/simulation program such as Simulink, Stateflow, GNU Octave, or LabVIEWMathScript. It may be possible to implement modules using physical hardware that incorporates discrete or programmable analog, digital and/or quantum hardware. Examples of programmable hardware comprise computers, microcontrollers, microprocessors, DSPs, ASICS, FPGAs, and complex programmable logic devices (CPLDs). Computers, microcontrollers and microprocessors may be programmed using languages such as assembly, C, C++ or the like. FPGAs, ASICs and CPLDs are often programmed using hardware description languages (HDL) such as VHSIC hardware description language (VHDL) or Verilog that configure connections between internal hardware modules with lesser functionality on a programmable device. The mentioned technologies are often used in combination to achieve the result of a functional module.
The wireless device 1310, base station 1320, and/or deployment 1330 may implement timers and/or counters. A timer/counter may start at an initial value. As used herein, starting may comprise restarting. Once started, the timer/counter may run. Running of the timer/counter may be associated with an occurrence. When the occurrence occurs, the value of the timer/counter may change (for example, increment or decrement). The occurrence may be, for example, an exogenous event (for example, a reception of a signal, a measurement of a condition, etc.), an endogenous event (for example, a transmission of a signal, a calculation, a comparison, a performance of an action or a decision to so perform, etc.), or any combination thereof. In the case of a timer, the occurrence may be the passage of a particular amount of time. However, it will be understood that a timer may be described and/or implemented as a counter that counts the passage of a particular unit of time. A timer/counter may run in a direction of a final value until it reaches the final value. The reaching of the final value may be referred to as expiration of the timer/counter. The final value may be referred to as a threshold. A timer/counter may be paused, wherein the present value of the timer/counter is held, maintained, and/or carried over, even upon the occurrence of one or more occurrences that would otherwise cause the value of the timer/counter to change. The timer/counter may be un-paused or continued, wherein the value that was held, maintained, and/or carried over begins changing again when the one or more occurrence occur. A timer/counter may be set and/or reset. As used herein, setting may comprise resetting. When the timer/counter sets and/or resets, the value of the timer/counter may be set to the initial value. A timer/counter may be started and/or restarted. As used herein, starting may comprise restarting. In some embodiments, when the timer/counter restarts, the value of the timer/counter may be set to the initial value and the timer/counter may begin to run.
As will be discussed in greater detail below, there are many different types of NF and each type of NF may be associated with a different set of functionalities. A plurality of different NFs may be flexibly deployed at different locations (for example, in different physical core network deployments) or in a same location (for example, co-located in a same deployment). A single NF may be flexibly deployed at different locations (implemented using different physical core network deployments) or in a same location. Moreover, physical core network deployments may also implement one or more base stations, application functions (AFs), data networks (DNs), or any portions thereof. NFs may be implemented in many ways, including as network elements on dedicated or shared hardware, as software instances running on dedicated or shared hardware, or as virtualized functions instantiated on a platform (e.g., a cloud-based platform).
For example, deployment 1410 comprises an additional network function, NF 1411A. The NFs 1411, 1411A may consist of multiple instances of the same NF type, co-located at a same physical location within the same deployment 1410. The NFs 1411, 1411A may be implemented independently from one another (e.g., isolated and/or independently controlled). For example, the NFs 1411, 1411A may be associated with different network slices. A processing system and memory associated with the deployment 1410 may perform all of the functionalities associated with the NF 1411 in addition to all of the functionalities associated with the NF 1411A. In an example, NFs 1411, 1411A may be associated with different PLMNs, but deployment 1410, which implements NFs 1411, 1411A, may be owned and/or operated by a single entity.
Elsewhere in
As shown in the figures, different network elements (e.g., NFs) may be located in different physical deployments, or co-located in a single physical deployment. It will be understood that in the present disclosure, the sending and receiving of messages among different network elements is not limited to inter-deployment transmission or intra-deployment transmission, unless explicitly indicated.
In an example, a deployment may be a ‘black box’ that is preconfigured with one or more NFs and preconfigured to communicate, in a prescribed manner, with other ‘black box’ deployments (e.g., via the interface 1490). Additionally or alternatively, a deployment may be configured to operate in accordance with open-source instructions (e.g., software) designed to implement NFs and communicate with other deployments in a transparent manner. The deployment may operate in accordance with open RAN (O-RAN) standards.
In an example, the UE may send a first registration request message to an AMF via a first access type. In an example the first registration request message may be a NAS message. For example, the first registration request message may comprise at least one of an identifier, key set identifier in 5G (ngKSI) and/or the like. For example, the identifier may be at least one of a subscriber concealed identifier (SUCI), a 5G global unique temporary identifier (5G-GUTI), and/or the like. In an example, the first registration request message may be an initial NAS message. In an example, the UE may send the first registration request message via a gNB.
In an example, in response to receiving the first registration request message, the AMF may determine to authenticate the UE (UE authentication). In an example, the determining may be based on if the AMF has any security context available in local storage, based on if the registration request comprises a SUCI, based on an operator policy and/or the like. In an example, the absence of a valid security context in the AMF's local storage may result in the AMF running authentication. For example, a valid security context may refer to a security context currently in use by the AMF and the UE.
In an example, the authentication of the UE may refer to run/perform primary authentication. In an example, the primary authentication may be based on 5G-authentication and key agreement (5G-AKA) or Extensible Authentication Protocol—Authentication and Key Agreement', (EAP-AKA'), for a 5G network and for standalone non-public networks (SNPNs) the primary authentication may additionally be based on key generating extensible authentication protocol (EAP) methods. An example of a key generating EAP method may be extensible authentication protocol—transport layer security (EAP-TLS).
In an example, the AMF may determine to run the authentication. The AMF may send a Nausf_UEAuthentication_Authenticate request message comprising the SUCI or a SUPI and a serving network name (SN-name) to an AUSF. In an example, a security anchor function (SEAF) may send the Nausf_UEAuthentication_Authenticate request message to the AUSF.
In an example, the AUSF may send a Nudm_UEAuthentication get request message to a UDM. In an example, the Nudm_UEAuthentication get request message may comprise the SUCI, the SUPI, the SN-name, and/or the like. In an example, the sending may be in response to (based on) receiving the Nausf_UEAuthentication_Authenticate request message.
In an example, the UDM may receive the Nudm_UEAuthentication get request message from the AUSF. In an example, the UDM may de-conceal the SUCI. For example, de-conceal may refer to gain the SUPI from the SUCI. In an example, the de-concealing may be performed by a UDM service. In an example, the UDM service may be a subscription identifier de-concealing function (SIDF).
In an example, the UDM or an authentication credential repository and processing function (ARPF) may select an authentication method. For example, the authentication method may be 5G-AKA, EAP-AKA', EAP-TLS and/or the like. In an example, the selection of authentication method may be in response to (based on) receiving determining the SUPI.
In an example, the ARPF may generate an authentication vector to be used during the authentication. In an example, the generation of the authentication vector may be in response to selecting an authentication method.
In an example, in response to running a successful primary authentication the AUSF and the UE may establish a key KAUSF. The AUSF and the UE may derive a key K SEAF based on at least the KAUSF. In an example, the AUSF may send the KSEAF to the SEAF. In an example, the SEAF and the UE may derive a KAMF In an example, the SEAF may send the KAMF to the AMF. In an example, a mobile equipment part of the UE may derive the KAUSF, the KSEAF, the KAMF and/or the like.
In an example, the AMF and the UE may create a security context. In an example, the creation of the security context may be in response to the AMF receiving the KAMF from the SEAF. For example, the security context may comprise at least one of a key, NAS connection identifier, NAS COUNT values and/or the like. For example, the key may be at least one of the KAMF, a KNASint, a KNASenc and/or the like. For example, the NAS connection identifier may be a value associated with the first access type. In an example, the access type may comprise (or be associated with) one or more radio access technology (RAT) types. For example, the NAS COUNT values may be at least one of NAS uplink COUNT, NAS downlink COUNT and/or the like.
In an example the security context may refer to a 5G security context, a 5G NAS security context, a full 5G NAS security context, common NAS security context, partial native 5GC NAS security context and/or the like.
In an example, in response to a successful primary authentication, the AMF may determine to perform a NAS security activation for a first access type. In an example, the NAS security activation may refer to a procedure that starts integrity protection and/or encryption over the first access type. For example, the security activation may refer to a NAS security mode command (SMC) procedure. For example, the NAS SMC procedure may be a roundtrip of messages exchanged between the UE and the AMF. For example, the roundtrip of messages may comprise a NAS security mode command message and a NAS security mode command complete message and/or the like. In an example, the NAS COUNT values for the access type may be set to 0 in response to completing an authentication successfully. In an example, the AMF and UE may derive KNASint and KNASenc during the NAS SMC procedure. In an example, the AMF may start the NAS SMC procedure by sending an integrity protected NAS message to the UE. For example, the integrity protected NAS message may comprise at least one of ngKSI, UE security capabilities, request initial NAS message flag, NAS message authentication code (MAC) and/or the like. In an example, the UE may in response to receiving the integrity protected NAS message send an encrypted and integrity protected NAS message to the AMF.
In an example, in response to completing the security activation, the UE and the AMF may have a common NAS security context available to use for integrity protection and encryption of NAS messages.
In an example, the AMF may send a KgNB to the gNB. For example, the KgNB may be a key used to protect traffic at an AS layer.
In an example, the gNB may perform AS security mode command (SMC) procedure with the UE. In an example, in response to completing the AS SMC procedure the gNB and the UE may have a plurality of keys to protect traffic at the AS layer. For example, the keys may be a KRRCint, a KRRCenc and/or the like. For example, the AS SMC procedure may be used by the gNB, a ng-eNB and/or the like.
In an example, the UE may receive a first registration accept message over the first access type. For example, the first registration accept message may comprise at least a 5G-GUTI. In an example, in response to receiving the first registration accept message, the UE may send a second registration request message comprising at least the 5G-GUTI over a second access type e.g., non-3GPP access.
In response to receiving the second registration request message, the AMF may determine to authenticate the UE (perform/run primary authentication). For example, the determining may be based on at least one of, on the AMF not having a valid security context available locally for the UE associated with the 5G-GUTI received in the second registration request, based on operator policy, unsuccessful verification of the integrity of the second registration request message and/or the like.
In an example the AMF may determine to skip authentication for the UE. For example, the determining may be based on the AMF having a valid security context available locally for the UE associated with the 5G-GUTI received in the second registration request, successful verification of the integrity of the second registration request message and/or the like.
In an example, the AMF may in response to receiving the second registration request message, determine a security context. In an example, the determining may be based on the AMF having a valid security context available locally for the UE associated with the 5G-GUTI received in the second registration request message and successful integrity verification of the integrity of the second registration request message. For example, the integrity verification may be based on at least a NAS uplink COUNT value associated with non-3GPP access. In an example, an internet protocol security (IPsec) security association (SA) may be established between the UE and the N3IWF. In an example, the UE may receive a second registration accept message over the second access type.
If the primary authentication is successful and based on 5G-AKA a key KAUSF may be derived by the UE and the network side. If the primary authentication is successful and based on EAP-AKA' the CK and the IK may be replaced with a CK' and an IK'. For example, in EAP-AKA', the key KAUSF may be derived by the UE and the network side based on the CK' and the IK'.
In an example, the network side and the UE may derive a key KSEAF. In an example, the network side may send the key KSEAF to a serving network. For example, the serving network may be a HPLMN or a VPLMN. In an example, the UE and the network side may derive a key KAMF based on the key KSEAF.
In an example, the UE and the network side may derive a key KNASint and a key KNASenc. For example, the key KNASint may be used for integrity protection of NAS messages. For example, the key KNASenc may be used for ciphering of NAS messages. For example, the key KNASenc and the key KNASint may be based on the key KAMF.
In an example, the UE and the network side may derive a key KgNB and/or a key next hop parameter (NH). In an example, the network side may send the key KgNB and/or the key NH to a base station. For example, the key KgNB and the key NH may be based on the key KAMF.
In an example, the UE and the network side may derive keys for protection of data at an access stratum layer. In an example, the UE and the network side may derive a key KRRCint, a key KRRCenc, a key KUPint, a key KUPenc and/or the like. For example, the key KRRCint may be used for integrity protection of RRC traffic. For example, the key KRRCenc may be used for ciphering of RRC traffic. For example, the key KUPint may be used for integrity protection of UP traffic. For example, the key KRRCenc may be used for ciphering of UP data.
In an example the UE and the network side may derive a key KN3IWF. For example, the key KN3IWF may be used to protect traffic over non-3GPP access.
For example, the key KgNB may be used to derive and/or calculate keys for protection of data traffic at the AS layer. For example, the key KRRCint, the key KRRCenc, the key KUPint, the key KUPenc may be derived based on the key KgNB.
In an example, the key KRRCint may be used to integrity protect RRC traffic between a UE (wireless device) and a base station. For example, integrity protection may refer to being able to detect unauthorized modifications of RRC traffic between the base station and the UE.
In an example, the key KRRCenc may be used to cipher traffic between the UE and the base station. For example, cipher may refer to an attacker not being able to read the clear text of RRC messages sent between the UE and the base station.
In an example, the key KUPenc may be used to cipher user plane (UP) traffic between the UE and the base station. For example, cipher may refer to an attacker not being able to read the clear text of UP messages sent between the UE and the base station.
In an example, the key KUPint may be used to integrity protect user plane (UP) traffic between the UE and the base station. For example, integrity protection may refer to being able to detect unauthorized modifications of UP traffic between the base station and the UE.
In an example, the algorithm identifier may identify an integrity algorithm for 5G (NIA) or an encryption algorithm for 5G (NEA). For example, the NIA may be a NIA0, a NIA1, a NIA2 a NIA3 and or the like. For example, the NIA0 may be null integrity protection algorithm and/or the like. For example, the NIA1 may be 128-bit SNOW 3G based algorithm and/or the like. For example, the NIA2 may be 128-bit advanced encryption standard (AES) based algorithm and/or the like. For example, NIA3 may be 128-bit ZUC based algorithm and/or the like.
For example, the NEA may be a NEA0, a NEA1, a NEA2, a NEA3 and/or the like. For example, the NEA0 may be null ciphering protection algorithm and/or the like. For example, the NEA1 may be 128-bit SNOW 3G based algorithm and/or the like. For example, the NEA2 may be 128-bit AES in counter mode based algorithm and/or the like. For example, NEA3 may be 128-bit ZUC based algorithm and/or the like.
In an example, the algorithm type distinguisher may identify an intended use for a key. For example, the intended use may be N-RRC-enc-alg, N-RRC-int-alg, N-UP-enc-alg, N-UP-int-alg and/or the like. In an example the intended use may have a corresponding hexadecimal value. For example, the corresponding hexadecimal value may be used in a key derivation function.
In an example, the key set identifier may be a key set identifier in 5G (ngKSI). For example, the ngKSI may aid in uniquely identifying keys in the AS security context for 3GPP access.
In an example, the NH may be used to derive a new KgNB. For example, the new KgNB may be a KNG-RAN*. For example, the new KgNB may be derived during an RRC state transition, a handover from the base station to a second base station and/or the like.
In an example, the next hop chaining counter parameter (NCC) may be used to identify how many NH-derivations have already been performed from an initial KgNB. For example, the NCC may hold a value. For example, the value may be used to identify how many vertical key derivations have taken place from the initial KgNB. For example, vertical key derivation may refer to deriving a new KgNB based on the NH instead of a currently used KgNB.
In an example, the UE security capabilities may indicate which NR AS algorithms for AS layer the UE supports. For example, if the UE supports evolved universal terrestrial radio access network (E-UTRAN) connected to 5GC, the UE security capabilities may include LTE algorithms for AS level.
In an example, the UP security activation status may indicate which security algorithms are associated with a PDU session.
In an example, the replay protection counters may be used to ensure a message on the AS layer is accepted only once. For example, the replay protection counter may be a PDCP COUNT. For example, the PDCP COUNT may be a 32 bit value. For example, the PDCP COUNT may be specific to a bearer. In an example, the PDCP COUNT may comprise two values, a first value for uplink messages and a second value for downlink messages and/or the like.
In an example, the AS security context for 3GPP access may on a network side hold a user plane (UP) security policy. For example, the UP security policy may indicate which security is to be activated for a PDU session. For example, the UP security policy may indicate that ciphering is required for the PDU session, ciphering is preferred for the PDU session, ciphering is not needed and/or the like. For example, the UP security policy may indicate that integrity protection is required for the PDU session, integrity protection is not needed for the PDU session, integrity protection is preferred for the PDU session, a speed for which integrity protection is supported and/or the like.
In an example, the user plane security policy may provide guidance/information/instructions on how to handle security for a PDU session. For example, handle security may refer to requirements on integrity protection, confidentiality protection, speed of integrity protection and/or the like.
In an example, the user plane security policy may indicate integrity protection is required. For example, required may mean the PDU session is rejected if a base station cannot provide integrity protection. For example, the base station may be unable to provide integrity protection if the base station and a UE (wireless device) associated with the PDU session supports different security processes for integrity protection. For example, security processes may be a first algorithm. For example, the first algorithm for may be based on AES, ZUC, SNOW 3G and/or the like.
In an example, the user plane security policy may indicate integrity protection is preferred. For example, preferred may refer to using integrity protection if the base station and the UE has a matching security process. For example, a matching security process may be that the UE and the base station is capable of using the same security process for integrity protection. For example, the base station may accept the PDU session with or without the matching security process based on receiving the user plane security process indicating preferred.
In an example, the user plane security policy may indicate integrity protection is not needed. For example, not needed may refer to the PDU session being established without integrity protection.
In an example, the user plane security policy may indicate confidentiality is required. For example, required may mean the PDU session is rejected if a base station cannot provide confidentiality protection for the PDU session. For example, confidentiality protection may refer to ciphering, encryption, obfuscation of information and/or the like. For example, the base station may be unable to provide ciphering protection if the base station and the UE associated with the PDU session supports different security processes for confidentiality protection. For example, security processes may be a second algorithm. For example, the second algorithm may be based on AES, ZUC, SNOW 3G and/or the like.
In an example, the user plane security policy may indicate confidentiality protection is preferred. For example, preferred may refer to using confidentiality protection if the base station and the UE has a matching security process. For example, the matching security process may be that the UE and the base station is capable of using the same security process for confidentiality protection. For example, the base station may accept the PDU session with or without the matching security process based on receiving the user plane security process indicating preferred.
In an example, the user plane security policy may indicate confidentiality protection is not needed. For example, not needed may refer to the PDU session being established without confidentiality protection.
In an example, the user plane security policy may indicate a speed for integrity protection in an uplink of the PDU session. For example, the speed may indicate 64 kilo bits per second (kbps). For example, the speed may indicate max UE rate. For example, max UE rate may indicate the UE can perform integrity protection at a UE specific speed. For example, UE specific speed may depend on hardware capabilities of the UE. For example, if the speed indicates 64 kbps, the UE may handle at most 64 kbps of an aggregate data rate of user plane integrity protected data. For example, the aggregate data may refer to a one or several data bearers of the PDU session and/or the like.
In an example, the user plane security policy may indicate a speed for integrity protection in an downlink of the PDU session. For example, the speed may indicate 64 kbps. For example, the speed may indicate max UE rate. For example, max UE rate may indicate the UE can perform integrity protection at a UE specific speed. For example, UE specific speed may depend on hardware capabilities of the UE. For example, if the speed indicates 64 kbps, the UE may handle at most 64 kbps of an aggregate data rate of user plane integrity protected data. For example, the aggregate data may refer to the one or several data bearers of the PDU session and/or the like.
In an example, the user plane security policy may comprise an information element. For example, the information element may be a ifIntegrityProtectionRequiredorPreferred information element. For example, the ifIntegrityProtectionRequiredorPreferred information element may be present if the user plane security policy indicate integrity protection is required or preferred. For example if the user plane security policy indicates integrity protection is not needed, the ifIntegrityProtectionRequiredorPreferred information element may not be part of the user plane security policy and/or the like.
For example, the key may be a KAMF. For example, the uplink NAS COUNT may comprise a padding, a NAS overflow, a NAS SQN and/or the like. For example, the length of the uplink NAS COUNT may specify the length of the uplink NAS COUNT parameter.
For example, the FC value may be a unique value used by the key derivation function when deriving one or a plurality of 256 bit AS key(s).
For example, the access type distinguisher may be a value for distinguishing between different access types. For example, a value of 0×01 may refer to 3GPP access and a value of 0×02 may refer to non-3GPP access. For example, the length of the access type distinguisher may specify the length of the access type distinguisher parameter.
In an example, the derivation/calculation process results in a 256 bit AS key, if the derivation/calculation process used the access type distinguisher referring to 3GPP access the 256 AS key may be a KgNB.
In an example, the derivation/calculation process results in a 256 bit AS key, if the derivation/calculation process used the access type distinguisher referring to non-3GPP access the 256 AS key may be a KN3IWF.
For example, the key may be a KgNB and/or the like.
For example, the algorithm type distinguisher may be a value identifying the purpose of a derived key. For example, the purpose may be ciphering of RRC traffic, integrity protection of RRC traffic, ciphering of UP traffic, integrity protection of UP traffic and/or the like.
For example, the length of the algorithm type distinguisher may be a value specifying the length of the value identifying the purpose of a derived key.
For example, the FC value may be a unique value used by the key derivation function when deriving one or a plurality of 128 bit AS key(s).
For example, the algorithm identity may have an associated value identifying which algorithm a key may be used with. For example, the algorithm identity may refer to NEA0 null ciphering algorithm, 128-NEA1 128-bit SNOW 3G based algorithm, 128-NEA2 128-bit AES based algorithm, 128-NEA3 128-bit ZUC based algorithm, NIA0 null integrity protection algorithm, 128-NIA1 128-bit SNOW 3G based algorithm, 128-NIA2 128-bit AES based algorithm, 128-NIA3 128-bit ZUC based algorithm and/or the like.
For example, the length of the algorithm identity may specify the length of the associated value.
In an example, the derivation/calculation process results in a 128 bit AS key.
In an example, the RAN node may start an integrity protection of RRC traffic. For example, the integrity protection of RRC traffic may be based on a key KRRCint. For example, the key KRRCint may be based on a current KgNB. For example, the current KgNB may mean the KgNB is currently in use by the RAN node and the wireless device.
In an example, the RAN node may send a first RRC message to the wireless device. The first RRC message may comprise selected RRC and UP encryption/ciphering algorithms and integrity algorithms, a first message authentication code—integrity (MAC-I). For example, selected algorithms may be based on a UE security capabilities and/or a list of prioritized algorithms available in the RAN node. For example, the first RRC message may be a AS security mode command (SMC) message. The RAN node may start RRC downlink ciphering after sending the first RRC message.
In an example, the wireless device may receive the first RRC message. In response to receiving the first RRC message, the wireless device may determine/calculate an expected MAC-I based on the first RRC message and the key KRRCint. For example, if the expected MAC-I is identical to the first MAC-I received in the first RRC message the integrity verification may be successful.
In an example, in response to successfully verifying the integrity of the first RRC message, the wireless device may send a second RRC message comprising a second MAC-I, start RRC integrity protection, RRC downlink deciphering and/or the like.
In an example, the RAN node may receive the second RRC message. The RAN node may verify the integrity of the second MAC-I. After successful verification of the integrity of the second RRC message, the RAN node may start RRC uplink deciphering.
In an example, the wireless device may start uplink RRC ciphering after sending the second RRC message. For example, the second RRC message may be a security mode command complete message.
In an example, the wireless device may derive a KgNB, the KRRCint, a KRRCenc in response to receiving the first RRC message.
In an example, a roundtrip of the AS security mode command message and the AS security mode command complete message may refer to a AS security mode command (SMC) procedure.
In an example the wireless may be in RRC_CONNECTED state. The wireless device and a RAN node may share an AS security context. For example, the AS security context may be an AS security context for 3GPP access. The AS security context may comprise one or several parameters and or one or several keys as depicted in
For example, if the RAN node has an unused pair of {a new NCC, NH}, the RAN node includes the new NCC as the NCC in the RRCRelease with suspendconfig message. For example, if the RAN node does not have the unused pair of {the new NCC, NH}, the RAN node may include a current NCC associated with a current KgNB as the NCC in the RRCRelease with suspendconfig message.
In an example, after sending the RRCRelease with suspendconfig message the RAN node may delete current AS keys. For example, current AS keys may be a KRRCenc, a KUPenc (if available), a KUPint (if available). For example, delete may refer to removing from the AS security context. For example, if the NCC in the RRCRelease with suspendconfig message is associated with the unused pair of {the new NCC, NH} the RAN node may delete the current KgNB and save the unused pair of {the new NCC, NH} in the AS context. For example, if the NCC in the RRCRelease with suspendconfig message is associated with the current KgNB, the RAN node may keep the current KgNB and the current NCC in the AS security context.
In an example, the wireless device may in response to receiving the RRCRelease with suspendconfig message verify the integrity of the RRCRelease with suspendconfig message by calculating an expected MAC based on the KRRCint. If the expected MAC is identical to the first MAC-I received in the RRCRelease with suspendconfig message the integrity verification may be successful. For example, the integrity verification may be in the PDCP layer.
In an example, in response to verifying the integrity of the RRCRelease with suspendconfig message, the wireless device may delete keys in the AS security context.
In an example, the NCC received in the RRCRelease with suspendconfig message may be associated with the current KgNB, the wireless device may keep the current KgNB and KRRCint in the AS security context. The remaining keys e.g., KRRCenc, KUPint (if available), KUPenc (if available) is/are removed from the AS security context. The wireless device may store the received NCC and the I-RNTI.
In an example, after the wireless device has removed the remaining keys and stored NCC and I-RNTI, the wireless device may be in RRC_INACTIVE state.
In an example, the wireless device may be in RRC_INACTIVE state and determine to transition to RRC_CONNECTED. For example, the determining may be based on the wireless device having uplink UP data to send and/or the like.
In an example, the wireless device may send a RRCResumeRequest message comprising the I-RNTI and a ResumeMAC-I. For example, the wireless device may calculate/determine the ResumeMAC-I based on a plurality of input parameters. For example, the plurality of input parameters may comprise a key input, a bearer input, a direction input, a count input, a message input and/or the like.
For example, the key input may be the KRRCint. For example, the bearer input may be set to all “1” s. For example, the direction input may be set to “1” s. For example, the count input may be set to all “1”s. For example, the message input may be set to a VarResumeMAC-Input. For example, the VARResumeMAC-Input may be encoded with source physical cell id (source PCI); target cell-id; source cell-radio network temporary identifier (C-RNTI).
In an example, after sending the RRCResumeRequest message the wireless device may derive new keys for protection of subsequent traffic between the wireless device and the RAN node. For example, the wireless device may derive a KNG-RAN*. The wireless device may use the KGN-RAN* to derive a new KRRCint, a new KRRCenc, a new KUPint(optionally), a new KUPint(optionally) and/or the like.
In an example, the RAN node may receive the RRCResumeRequest message from the wireless device. In response to receiving the RRCResumeRequest message, the RAN node may extract the I-RNTI from the RRCResumeRequest message. The RAN node may based on the I-RNTI locate the AS security context.
In an example, the RAN node verifies the integrity of the ResumeMAC-I received in the RRCResumeRequest message by calculating an expected MAC. The RAN node may use the KRRCint located with the I-RNTI received in the RRCResumeRequest message.
In an example, the RAN node may successfully verify the integrity of the ResumeMAC-I if the expected MAC is identical to the ResumeMAC-I.
In an example, after a successful verification of the ResumeMAC-I, the RAN node may derive the KNG-RAN*, the new KRRCint, the new KRRCenc, the new KUPint(optionally), the new KUPint(optionally) and/or the like.
In an example, the RRCResumeRequest message may be received by a new RAN node. In an example, the new RAN node may send a Xn-AP retrieve UE context request message to the RAN node. The RAN node may verify the ResumeMAC-I. The RAN node may after successful verification of the ResumeMAC-I send a Xn-AP retrieve UE context response message to the new RAN node comprising the KNG-RAN*, the new KRRCint, the new KRRCenc, the new KUPint(optionally), the new KUPint(optionally), the AS security context and/or the like.
In an example, the RAN node may send a RRCResume message to the wireless device comprising a second MAC-I. For example, the RRCResume message may be ciphered with the new KRRCenc and integrity protected with the new KRRCint.
In an example, the wireless device may receive the RRCResume message.
In an example, the wireless device may decipher the RRCResume message based on the new KRRCenc. The wireless device may verify the integrity of the RRCResume message by calculating a second expected MAC. For example, the second expected MAC may be based on the new KRRCint. For example, the wireless device may successfully verify the integrity of the second expected MAC is identical to the second MAC-I.
In an example, after successfully verifying the integrity of the RRCResume message the wireless device update the AS security context. For example, update may refer to deleting the KRRCint and saving the new KRRCint, the new KRRCenc, the new KUPint(optionally), the new KUPint(optionally) and/or the like.
In an example, the wireless device may send a RRCResumeComplete message to the RAN node. For example, the RRCResumeComplete message may be integrity protected with the new KRRCint and ciphered with the new KRRCenc. After sending the RRCResumeComplete message the wireless device may send UL data.
In an example, after sending the RRCResumeComplete message the wireless device may be in RRC_CONNECTED state.
In an example, the wireless device may send a first registration request message to an AMF via a RAN node. In an example, the wireless device may be in a RM-DEREGSISTERED state and a CM-IDLE state before sending the first registration request. For example, RM-DEREGISTERED may refer to the wireless device not being registered with a network. For example, CM-IDLE may refer to the wireless device not having a signaling connection to the AMF. After sending the first registration request, the wireless device may be in CM-CONNECTED state. For example, CM-CONNECTED may refer to the wireless device having a signaling connection with the AMF.
In an example the first registration request message may be a NAS message. For example, the first registration request message may comprise at least one of an identifier, key set identifier in 5G (ngKSI) and/or the like. For example, the identifier may be at least one of a subscriber concealed identifier (SUCI), a 5G global unique temporary identifier (5G-GUTI), and/or the like. In an example, the first registration request message may be an initial NAS message.
In an example, in response to receiving the first registration request message, the AMF may determine a primary authentication of the wireless device (UE authentication) is needed.
In an example, the primary authentication of the wireless device may refer to run/perform primary authentication. In an example, the primary authentication may be based on 5G-AKA or EAP-AKA', for a 5G SNPN the primary authentication may additionally be based on key generating EAP methods. An example of a key generating EAP method may be EAP-TLS.
In an example, the AMF may determine to run the primary authentication of the wireless device. For example, the primary authentication of the wireless device may be run as described in
In an example, after the NAS SMC procedure, the AMF may send an NGAP Initial context setup message comprising a KgNB to the RAN node. For example, the KgNB may be based on the KAMF.
In an example, the RAN node may in response to receiving the NGAP initial context setup message decide to active AS security. For example, activate AS security may refer to initiating an AS SMC procedure with the wireless device as described in
In an example, the AMF may send a registration accept message to the wireless device. In response to receiving the registration accept message, the wireless device may transition to RM-registered state. For example, RM registered state may refer to the wireless device being registered with the network.
In an example, the wireless device may determine to send a service request for a PDU session message to an SMF. For example, the determining may be based on the wireless device wanting to connect to an application on the internet, has pending uplink data and/or the like. For example, the service request for a PDU session message may be a PDU session establishment request message.
In an example, the SMF may in response to receiving the service request for a PDU session message determine a user plane security enforcement information. For example, the user plane security enforcement information may be based on a UP security policy. For example, the UP security policy may be part of session management subscription information in a UDM or if the UDM does not hold any relevant information the user plane security enforcement information may be based on a local UP security policy configured in the SMF.
For example, the user plane security enforcement information may indicate if ciphering/encryption is “required”, “preferred”, “not needed” and/or the like for the requested PDU session.
For example, the user plane security enforcement information may indicate if integrity protection is “required”, “preferred”, “not needed” and/or the like for the requested PDU session.
In an example, the SMF may send the user plane security enforcement information to the RAN node via the AMF.
In an example, in response to receiving the user plane security enforcement information from the SMF via the AMF, the RAN node may send an RRC connection reconfiguration message to the wireless device. For example, if integrity protection and ciphering is required for the PDU session, the RAN node may in response to sending the RRC connection reconfiguration message derive/calculate a KUPenc and a KUPint.
In an example, the wireless device may in response to receiving the RRC connection reconfiguration message determine to verify the RRC connection reconfiguration message. For example, verify may refer to deciphering the RRC connection reconfiguration message based on the KRRCenc and/or verify the integrity of the RRC connection reconfiguration message based on the KRRCint and/or the like.
In an example, the wireless device may derive the KUPenc and/or KUPint based on the indications in the RRC connection reconfiguration message.
In an example, in response to successfully verifying the RRC connection reconfiguration message, the wireless device may send a RRC connection Reconfiguration complete message to the RAN node.
In an example, the wireless device may send a registration request to an AMF. For example, the registration request may comprise a subscription identifier. For example, the subscription identifier may be a 5G-GUTI, a SUCI and/or the like.
For example, the wireless device may send the registration request via the first base station.
In an example, the AMF may initiate authentication and key agreement. For example, the AMF/SEAF may initiate authentication and key agreement by triggering a run of primary authentication. For example, the core network and the wireless device may perform the run of primary authentication based on 5G-AKA, EAP-AKA' and/or the like.
In an example, the AMF may perform a NAS SMC procedure with the wireless device. For example, the NAS SMC procedure may take a partial 5G security context into use. For example, take into use may refer to start using keys in the partial 5G security context, derive keys and/or the like.
In an example, the NAS SMC procedure may comprise the AMF sending to the wireless device a NAS security mode command message, the wireless device sending a NAS security mode complete message and/or the like. For example, after completing the NAS SMC procedure the wireless device and the AMF may have keys available in a NAS security context that may be used to integrity protect and/or confidentiality protect NAS messages.
In an example, the AMF may send a next generation application protocol (NGAP) initial context setup message (NGAP initial context setup) to the first base station. For example, the NGAP initial context setup message may comprise a first KgNB, a wireless device 5G security capabilities and/or the like. For example, the wireless device 5G security capability may indicate which algorithms are supported by the wireless device. For example, the algorithms may be security processes providing integrity and/or confidentiality protection for data.
In an example, the first base station may receive the NGAP initial context setup message.
In an example, the first base station may based on a list with supported algorithms find a matching algorithm in the wireless device 5G security capabilities. For example, the first base station may have a first list for integrity protection algorithms, a first list for confidentiality protection algorithms and/or the like. For example, the first list for integrity protection algorithms and the first list for confidentiality protection algorithms may be ordered according to an operator's priority.
In an example, the first base station may select a first integrity protection algorithm and a first confidentiality protection algorithm.
In an example, the first base station may initiate an AS SMC procedure with the wireless device. For example, the AS SMC procedure may be used to activate security for RRC signaling between the first base station and the wireless device. For example, the AS SMC procedure may activate usage of the first integrity protection algorithm and the first confidentiality (ciphering) protection algorithm.
For example, the AS SMC procedure may comprise the base station sending an AS security mode command to the wireless device, the wireless device sending an AS security mode command complete and/or the like.
In an example, the first base station may determine a need to handover the wireless device to the second base station. For example, the first base station may determine to handover the wireless device to the second base station based on a measurement report from the wireless device, workload in the first base station, quality of a radio connection between the wireless device and the first base station and/or the like. For example, the measurement report may indicate quality of the radio connection between the wireless device and the first base station.
For example, workload may refer to usage of processing power of the first base station, a high workload may imply using high amounts of processing power of the first base station. For example, the first base station may handover the wireless device to decrease usage of processing power.
In an example, the first base station may send a handover required message (handover required). For example, the handover required message may comprise a target, currently selected algorithms, a PDU session(s) list and/or the like. For example, currently selected algorithms may be the first integrity protection algorithm and the first confidentiality protection algorithm and/or the like. For example, the target is the base station serving the wireless device after the handover. For example, the target may be the second base station.
In an example, the PDU session(s) list may comprise PDU sessions of the wireless device. For example, the PDU sessions of the wireless device may be moved to the second base station.
In an example, the first base station may send the handover required message to the AMF. For example, the first base station may send the handover required message to the AMF over an N2 interface.
In an example, the AMF may receive the handover required message.
In an example, the AMF may send a first Nsmf_PDUSession_UpdateSMContext Request. For example, the AMF/SEAF may send the first Nsmf_PDUSession_UpdateSMContext Request to an SMF. For example, the first Nsmf_PDUSession_UpdateSMContext Request may comprise the target e.g., the second base station, the PDU session(s) list and/or the like.
In an example, the SMF may receive the first Nsmf_PDUSession_UpdateSMContext Request. For example, the SMF may receive the first Nsmf_PDUSession_UpdateSMContext Request from the AMF.
In an example, the SMF may determine based on local configuration determine if the SMF allows transfer of the PDU session(s) in the PDU session(s) list to the second base station. For example, transfer may refer to sending data of the PDU session(s) in the PDU session(s) list via the second base station.
In an example, the SMF may send a first Nsmf_PDUSession_UpdateSMContext Response. For example, the SMF may send the first Nsmf_PDUSession_UpdateSMContext Response to the AMF. For example, the SMF may send the first Nsmf_PDUSession_UpdateSMContext Response in response to receiving the first Nsmf_PDUSession_UpdateSMContext Request.
In an example, the first Nsmf_PDUSession_UpdateSMContext Response may comprise the PDU session(s) list and a user plane security policy for each PDU session in the PDU session(s) list. For example, the user plane (UP) security policy may indicate security requirements for the PDU session. For example, the user plane security policy may be referred to as a user plane security enforcement information.
In an example, the AMF may send a handover request message (handover request). For example, the AMF may send the handover request message to the target e.g., the second base station.
In an example, the handover request message may comprise the wireless device 5G security capabilities, current selected algorithms, the PDU session(s) list, the UP security policy per the PDU session and/or the like. For example, the PDU session(s) list may be a PDU session resource setup list information element.
In an example, the second base station may receive the handover request message. For example, the second base station may receive the handover request message from the AMF. For example, the handover request message may be an NGAP message. For example, the handover message may be sent over an N2 interface.
In an example, the second base station may have a second list for integrity protection algorithms, a second list for confidentiality (ciphering) protection algorithms and/or the like.
In an example, the second base station may select a second integrity protection algorithm and a second confidentiality algorithm. For example, the second integrity protection algorithm may be the same as the first integrity protection algorithm or a first different algorithm.
For example, the second confidentiality protection algorithm may be the same as the first integrity protection algorithm or a first different algorithm.
In an example, the second base station may determine for each PDU session in the PDU session(s) list if the second base station can manage the PDU session.
For example, a first PDU session of the PDU Session(s) list may be associated with a first UP security policy.
In an example, the second base station may not be able to fulfil requirements of the first UP security policy. For example, the first UP security policy may indicate confidentiality protection is required but the second base station does not support any confidentiality protection algorithms the wireless device also supports. For example, the wireless device 5G security capabilities and the second list for confidentiality protection algorithms may not have a confidentiality protection algorithm in common.
For example, the second base station may add the first PDU session to a PDU session failed to setup resource list. For example, the PDU session failed to setup resource list may comprise a PDU session resource failed to setup item. For example, the PDU session resource failed to setup item may comprise the identity of the first PDU session and a handover resource allocation unsuccessful transfer information element.
In an example, the second base station may be able to fulfil requirements of the first UP security policy. For example, the first UP security policy may indicate confidentiality protection is required and the second base station may support a confidentiality protection algorithm the wireless device also supports. For example, the wireless device 5G security capabilities and the second list for confidentiality protection algorithms may have a confidentiality protection algorithm in common.
For example, the second base station may add the first PDU session to a PDU session resource admitted list. For example, the PDU session resource admitted list may comprise a PDU session resource admitted item. For example, the PDU session resource admitted item may comprise an identity of the first PDU session and a handover request acknowledge transfer information element.
In an example, the second base station may send a handover request acknowledge message (handover request acknowledge). For example, the second base station may send the handover request acknowledge message to the AMF.
In an example, the handover request acknowledge message may comprise the PDU session failed to setup resource list, the PDU session resource admitted list, an N3 tunnel information and/or the like. For example, the handover request acknowledge message may be an NGAP handover request acknowledge message and/or the like.
In an example, the AMF may send a second Nsmf_PDUSession_UpdateSMContext request. For example, the AMF may send the second Nsmf_PDUSession_UpdateSMContext request to the SMF. For example, the second Nsmf_PDUSession_UpdateSMContext request may comprise the PDU session resource admitted list, the PDU session failed to setup resource list, the N3 tunnel information and/or the like.
In an example, the SMF may receive the second Nsmf_PDUSession_UpdateSMContext request. For example, the SMF may receive the second Nsmf_PDUSession_UpdateSMContext request from the AMF.
In an example, the SMF may update the N3 tunnel information for the first PDU session. For example, the AMF may determine the first PDU session based on the identity of the first PDU session. For example, update the N3 tunnel information may imply changing a path for the first PDU session. For example, changing path may imply data of the first PDU session may flow/be sent via the second base station to a UPF instead of via the first base station. For example, the SMF may update the N3 tunnel information based on the first PDU session being in the PDU session resource admitted list.
In an example, the SMF may receive the first PDU session in the PDU session failed to setup resource list. For example, the SMF may release the first PDU session if a cause indicates the second may station was not able to fulfil requirements from the first UP security policy for the first PDU session.
In an example, the SMF may send a second Nsmf_PDUSession_UpdateSMContext response. For example, the SMF may send the second Nsmf_PDUSession_UpdateSMContext response to the AMF. For example, the second Nsmf_PDUSession_UpdateSMContext response may comprise a N2 session information. For example, the N2 session information may contain information on how to handle data of the first PDU session during handover. For example, the N2 session information may comprise configuration for direct data forwarding, indirect data forwarding and/or the like. For example, direct data forwarding may refer to sending data of the first PDU session from the first base station to the second base station. For example, indirect data forwarding may refer to sending data from the first base station to the second base station via the UPF.
In an example, the AMF may send a first handover command message (first handover command). For example, the AMF may send the first handover command message to the first base station. For example, the first handover command message may comprise a PDU Session resource to release list information element. For example, the PDU Session resource to release list information element may comprise the first PDU session. For example, the PDU Session resource to release list information element may comprise the first PDU session based on the second base station not being able to fulfil the first UP security policy.
In an example, the first base station may determine to proceed with the handover or cancel the handover. For example, the first base station may send a handover cancel message to the AMF (not depicted), to cancel the handover.
For example, the first base station may send a second handover command message (second hand over command) to the wireless device. For example, sending the second handover command message to the wireless device may imply proceeding with the handover.
In an example, the wireless device may receive the second handover command message. For example, the wireless device may receive the second handover command message from the first base station.
In an example, the wireless device may send a handover confirm message (handover confirm). For example, the wireless device may send the handover confirm message to the second base station. For example, the wireless device may send the handover confirm message in response to receiving the second handover command message. For example, after sending the handover confirm message the wireless device may consider the handover complete.
In an example, the second base station may send an RRC reconfiguration message to the wireless device. For example, the second base station may send the RRC reconfiguration message in response to receive the handover confirm message.
In an example, the RRC reconfiguration message may be a AS security key update message.
In an example, the wireless device may receive the RRC reconfiguration message from the second base station. In an example, the wireless device may derive new security keys in response to receiving the RRC reconfiguration message.
For example, the new security keys may be a second Kgnb, a KRRCint, a KRRCenc, a KUPint, a KUPenc and/or the like. For example, the wireless device may start using the security keys with the second integrity protection algorithm and/or the second confidentiality protection algorithm selected by the second base station during handover.
In an example, a wireless device and a first base station may have a first RRC connection established. For example, the first RRC connection may be used to send data packets of a first PDU session. For example, the first base station may be a master node.
In an example, the first base station may determine to offload some data of the first PDU session to a second base station. For example, the second base station may be a secondary node (SN). For example, the first PDU session may have a first data radio bearer (DRB and a second DRB. For example, offload some data may refer to moving the second DRB from the first base station to the second base station.
In an example, the first base station may send a SN addition/modification request message to the second base station. For example, the SN addition/modification request message may comprise a KSN a wireless device security capabilities, a UP security policy and/or the like. For example, the wireless device security capabilities may be a UE security capabilities.
In an example, the KSN may be a key used to protect data between the second base station and the wireless device.
In an example, the second base station may receive the SN addition/modification request message.
In an example, the second base station may allocate resources for the second DRB.
In an example, the second base station may select a first integrity algorithm and/or a first ciphering algorithm. For example, the second base station may select the first integrity algorithm based on a local list of supported integrity algorithms. For example, the local list of supported integrity algorithms may be ordered according to an operator's preference. For example, the operator may decide which algorithm has the highest priority to be selected.
In an example, the second base station may select the first integrity protection algorithm from the local list of supported integrity algorithms also present in the wireless device security cap abilities.
In an example, the second base station may select the first ciphering protection algorithm from a local list of supported ciphering algorithms also present in the wireless device security capabilities. For example, the local list of supported ciphering algorithms may be ordered according to the operator's preference. For example, the operator may decide which algorithm has the highest priority to be selected.
In an example, the second base station may derive a plurality of keys for protection of data between the second base station and the wireless device. For example, data may be associated with the second DRB. For example,
In an example, the plurality of keys may be a KRRCint, a KRRCenc, a KUPint, a KUPenc and/or the like. For example, the second base station may derive the plurality of keys in response to receiving the KSN.
In an example, the second base station may consider if the second base station can fulfil the UP security policy. For example, the second base station may not be able to select the first ciphering protection algorithm and the UP security policy may indicate confidentiality protection for the second DRB is required. For example, if the second base station cannot fulfil the UP security policy, moving the second DRB to the second base station may fail.
In an example, the second base station may consider if the second base station can fulfil the UP security policy. For example, the second base station may be able to select the first ciphering protection algorithm and the UP security policy may indicate confidentiality protection for the second DRB is required. For example, if the second base station can fulfil the UP security policy requirement on ciphering and/or integrity protection the second DRB may be moved to the second base station.
In an example, the second base station may send a SN Addition/modification request acknowledge message. For example, the second base station may send the SN Addition/modification request acknowledge message to the first base station. For example, the SN Addition/modification request acknowledge message may comprise the first ciphering (encryption) protection algorithm, the first integrity protection algorithm, an indication of integrity protection status for the second DRB, an indication of encryption for the second DRB and/or the like. For example, the indication may indicate performed, not performed and/or the like.
In an example, the first base station may receive the SN addition/modification request acknowledge message. For example, the first base station may receive the SN addition/modification request acknowledge message from the second base station.
In an example, the first base station may send an RRC connection reconfiguration message. For example, the first base station may send the RRC connection reconfiguration message to the wireless device. For example, the RRC connection reconfiguration message may comprise a secondary node counter, the first integrity protection algorithm, the first ciphering algorithm, the indication of integrity protection for the second DRB, the indication of encryption for the second DRB and/or the like.
In an example, the wireless device may verify the integrity of the RRC connection reconfiguration message. For example, the wireless device may verify the integrity of the message based on the KRRCint.
In an example, the wireless device may derive the plurality of keys e.g., the KRRCint, and/or KRRCenc and/or KUPintand/or KUPenc and/or the like. For example, the wireless device may derive the plurality of keys in response to receiving the RRC connection reconfiguration message.
In an example, the wireless device may start using the plurality of keys in response to verifying the integrity of the RRC connection reconfiguration message.
In an example, the wireless device may send a RRC reconfiguration complete message to the first base station.
In an example, the first base station may send a SN reconfiguration complete message. For example, the first base station may send the SN reconfiguration complete message to the second base station and/or the like. For example, the second base station may activate start using the plurality of keys in response to receiving the SN reconfiguration complete message and/or the like. For example, start using the plurality of keys may imply activating integrity protecting and/or encryption/ciphering.
In an example, the wireless device may initiate a random access procedure towards the second base station. For example, the wireless device may initiate the random access procedure to establish a second RRC connection with the second base station.
In an example, a first base station may determine to handover a wireless device to a second base station. For example, the first base station may determine to handover the wireless device based on load status of the first base station, radio conditions between the wireless device and the first base station and/or the like.
In an example, the first base station may send a handover request message. For example, the first base station may send the handover request message to the second base station. For example, the handover request message may comprise a wireless device 5G security capabilities, a PDU session, a UP security policy and/or the like. For example, the handover request message may be sent over a Xn interface.
In an example, the second base station may select a first integrity algorithm and/or a first ciphering algorithm. For example, the second base station may select the first integrity algorithm based on a local list of supported integrity algorithms. For example, the local list of supported integrity algorithms may be ordered according to an operator's preference. For example, the operator may decide which algorithm has the highest priority to be selected.
In an example, the second base station may select the first integrity protection algorithm from the local list of supported integrity algorithms also present in the wireless device 5G security capabilities.
In an example, the second base station may select the first ciphering protection algorithm from a local list of supported ciphering algorithms also present in the wireless device 5G security capabilities.
In an example, the second base station may send a handover request acknowledge message. For example, the second base station may send the handover request acknowledge message to the first base station. For example, the second base station may send the handover request acknowledge message over the Xn interface.
In an example, the second base station may send the handover request acknowledge message based on selecting the first integrity protection algorithm, selecting the first ciphering protection algorithm, having resources available for the PDU session, can fulfil requirements for integrity and encryption based on the UP security policy and/or the like.
In an example, the second base station may be unable to handle the handover request. For example, the second base station may send a handover preparation failure message. For example, the second base station may send the handover preparation failure message over the Xn interface. For example, the second base station may receive the handover preparation failure message.
In an example, the UE 5G security capabilities IEI may comprise information of which algorithms a wireless device supports for integrity and confidentiality protection.
In an example, the wireless device may support a 5G encryption algorithm 0 (5G-EA0). For example, 5G-EA0 may be null encryption e.g., confidentiality/encryption is disabled.
In an example, the wireless device may support a 5G encryption algorithm 1 (128-5G-EA1). For example, 128-5G-EA1 may be based on SNOW 3G with a 128 bit key length.
In an example, the wireless device may support a 5G encryption algorithm 2 (128-5G-EA2). For example, 128-5G-EA2 may be based on AES with a 128 bit key length.
In an example, the wireless device may support a 5G encryption algorithm 3 (128-5G-EA2). For example, 128-5G-EA3 may be based on ZUC with a 128 bit key length.
In an example, the wireless device may support a 5G integrity algorithm 0 (5G-IA0). For example, 5G-IA0 may be null integrity protection e.g., integrity protection is disabled.
In an example, the wireless device may support a 5G integrity algorithm 1 (128-5G-IA1). For example, 128-5G-IA1 may be based on SNOW 3G with a 128 bit key length.
In an example, the wireless device may support a 5G integrity algorithm 2 (128-5G-IA2). For example, 128-5G-IA2 may be based on AES with a 128 bit key length.
In an example, the wireless device may support a 5G integrity algorithm 3 (128-5G-IA2). For example, 128-5G-IA3 may be based on ZUC with a 128 bit key length.
In an example, the UE 5G security capabilities IEI may indicate support for an algorithm based on a bit in the UE 5G security capabilities IEI. For example, if the bit is 1, the algorithm is supported. For example, if the bit is 0, the algorithm is not supported.
Similar to
In an example, an AMF may send an NGAP initial context setup request message. For example, the NGAP initial context setup request message may comprise a KgNB, a wireless device security capabilities and or the like.
For example, the wireless device security capabilities may indicate support for a first security algorithm and a second security algorithm. For example, the first security algorithm may use a 256 bit key. For example, the second security algorithm may use a 128 bit key.
In an example, the first base station may have a first local list of supported security algorithms. For example, the first base station may have the first security algorithm in the first local list of supported security algorithms.
In an example, the first base station may have the first security algorithm and the second security algorithm in the first local list of supported security algorithms. For example, the first base station may be configured to prioritize the first security algorithm.
In an example, the first base station may select the first security algorithm.
In an example, the first base station and the wireless device may perform a first AS SMC procedure to activate AS security. For example, since the first base station selected the first security algorithm, after the first AS SMC procedure, the wireless device and the first base station may use a keys with 256 bit length. For example, the keys may be a first KRRCint, a first KRRCenc and/or the like.
In an example, the wireless device may be handed over to a second base station.
In an example, an AMF may send a handover request to the second base station. For example, the handover request may comprise the wireless device security capabilities and/or the like.
In an example, the second base station may have a second local list of supported security algorithms. For example, the first base station may have the second security algorithm in the second local list of supported security algorithms.
In an example, the second base station may select the second security algorithm.
In an example, the second base station may initiate a second AS SMC procedure with the wireless device. For example, the second AS SMC procedure may activate AS security based in the second security algorithm.
In an example, after the second AS SMC procedure the keys may be updated. For example, the first KRRCint may be replaced by a second KRRCint, the first KRRCenc may be replaced by a second KRRCenc and/or the like. For example, the second KRRCint and the second KRRCenc may be based on the second security algorithm and hence the keys are 128 bit length.
In an example, not depicted, the second base station may send an RRC reconfiguration message to the wireless device. For example, the RRC reconfiguration message may update the keys.
Handing over the wireless device from the first base station to the second base station may lead to security degradation. For example, a 256 bit key may be considered safer than a 128 bit key. For example, the 256 bit key may provide stronger protection. For example, the 5GS may have a first base station with support for the 256 bit key and the second base station with support for the 128 bit key, e.g., the first base station and the second base station may provide different levels of security. Handovers may lead to uncontrollable degradation of security.
In existing technologies, as shown in
Protection processes with a longer key length (e.g., 256 bits, 512 bits, etc.) may provide stronger protection. For example, longer key lengths may become necessary to mitigate threats from quantum computers.
As the 5GS evolves, there may be a need to enhance the protection processes to support the longer key length. However, as a practical matter, the longer key length can not be implemented all at once. As a result, the uniform key length may be replaced with a varying key length. For example, a wireless device may be handed over from the first base station to a second base station. The first base station may support the longer key length whilst the second base station supports legacy keys of a shorter length. This may lead to security degradation for the wireless device.
In examples of this disclosure, the 5GS may be enhanced to provide protection for the wireless device when the 5GS supports keys of different lengths. For example, an indication of preferred key length of a key derived from a master key may be introduced to aid the 5GS in providing protection for the wireless device. For example, a base station may receive (e.g., from an access and mobility management function (AMF), another base station, or the like), a message (e.g., a configuration request message) indicating a preferred key length of a key. The key may be derived from a master key. The base station may use the preferred key length to determine a protection process. For example, the base station may determine, based on a list of protection processes supported by the base station and the preferred key length of the key derived from the master key, the protection process. The base station may determine a key length of the protection process. The base station may send (e.g., to the AMF or the another base station) a message (e.g., a configuration response message) indicating the key length and/or the protection process. By implementing the aforementioned solution, the solution may aid in alleviating security complications introduced by supporting varying key lengths, may help to keep good security hygiene, reduce potential disruption, and may improve user experience.
In this specification an indication of a preferred key length of a key derived from a master key may aid in giving guidance whilst selecting a protection process. A first base station supporting protection processes with different key lengths may use the indication of the preferred key length of the key derived from the master key to select/determine the protection process. The first base station may have a local list of supported protection processes. The first base station may have the local list of supported protection processes. The local list of supported protection processes may be arranged in a priority order by an operator.
In existing technologies, the local list of supported protection processes comprises security processes with an identical key length of the key derived from the master key e.g., 128 bit.
In existing technologies, the first base station may select the protection process with highest priority in the local list of supported protection processes also available in a wireless device security capabilities (UE security capabilities). Selecting the protection process solely on highest priority basis may overlook retaining a security level. The security level may be retained by retaining a consistent key length of the key derived from the master key.
In a scenario the first base station may have a 128 bit protection process configured on highest priority in the local list of supported protection processes and a 256 bit protection process with lower priority. For example, the wireless security capability may indicate support for the 128 bit protection process and the 256 bit protection process. Without the indication of the preferred key length of the key derived from the master key, the first base station may select the 128 bit protection process based on the priority leading to a lower security level than necessary.
In a scenario the first base station may have the 128 bit protection process configured on highest priority in the local list of supported protection processes and not support the 256 bit protection process. For example, the wireless security capability may indicate support for the 128 bit protection process and the 256 bit protection process. Without the indication of the preferred key length of the key derived from the master key, the first base station may not know the wireless device prefers the 256 bit protection process and cannot take an informed decision. For example, based on the indication of the preferred key length of the key derived from the master key, the first base station may determine to not serve the wireless device.
The indication of the preferred key length of the key derived from the master key may be extended to also indicate a requirement on the preferred key length of the key derived from the master key. For example, the preferred key length of the key derived from the master key may be required, preferred, not needed. For example, required may imply the wireless device accepts the 256 bit protection process, preferred may imply the wireless device has a preference for the 256 bit protection process but may accept the 128 bit protection process based on availability and/or priority configuration of the local list of supported protection processes in the first base station, not needed may imply the wireless device does not use the 256 bit protection process, does not have any preference on using the 256 bit protection process over the 128 bit protection process and/or the like.
The indication of the preferred key length for the key derived from the master key may be used during a handover procedure from the first base station to a second base station to maintain the same level of security, e.g., retain usage of the 256 bit protection process after handover to the second base station. The handover procedure may be a Xn handover, N2 handover, dual connectivity handing over a data radio bearer of a PDU session to the second base station and/or the like.
A user plane security policy may comprise the indication of the preferred key length of the key derived from the master key, the requirement e.g., required, preferred, not needed and/or the like.
The indication of the preferred key length of the key derived from the master key may be interpreted as a presence of support for the 256 bit protection process in the wireless security capabilities.
The master key may be a KgNB, a KSN, a next hop (NH), a KNG-RAN*. The key derived from the master key may be a KRRCint, a KRRCenc, a KUPint, a KUPenc and/or the like.
In this specification a protection process may be used to provide integrity protection and/or confidentiality protection. Integrity protection may be used to verify a message has not been modified. Confidentiality protection (ciphering/encryption) may be used to prevent an unauthorized party to read the message.
The protection process may correspond to a security algorithm. For example, the security algorithm may be based on AES, SNOW 3G, ZUC and/or the like. The protection process may be part of a wireless device security capabilities (UE security capabilities). For example, the wireless device security capabilities may indicate for a wireless device which security processes the wireless device can use.
The protection process may be identified by a protection process identifier. For example, the protection process identifier may be 128-5G-NEA1, 128-5G-NEA2, 128-5G-NEA3, 128-5G-NIA1, 128-5G-NIA2, 128-5G-NIA3, 256-5G-NEA1, 256-5G-NEA2, 256-5G-NEA3, 256-5G-NIA1, 256-5G-NIA2, 256-5G-NIA3 and/or the like.
The protection process may use a 128 bit key, a 256 bit key, a 512 bit key and/or the like.
In this specification a wireless device may refer to a user equipment (UE).
In an example, an AMF may send a configuration request message. For example, the AMF may send the configuration request message to a base station.
In an example, the configuration request message may comprise an indication of a preferred key length of a key derived from a master key. For example, the indication of the preferred key length of the key derived from the master key may be a preference of a wireless device e.g., the wireless device may have the preferred key length of the key derived from the master key.
For example, the master key may be a KgNB For example, the key derived from the master key may be a KRRCint, a KRRCenc, a KUPint, a KUPenc and/or the like.
In an example, the base station may receive the configuration request message. For example, the base station may receive the configuration request message from the AMF.
In an example, the base station may determine a protection process. For example, the base station may use the protection process for protecting a data. For example, the data may refer to control plane and/or user plane data sent between the wireless device and the base station.
For example, protecting may refer to integrity protection and/or encryption/ciphering/confidentiality protection and/or the like.
In an example, the base station may determine the protection process based on a list of supported protection processes. For example, the list of supported protection processes may be local to the base station.
In an example, the base station may have received the list of supported protection processes from an operations and management system. For example, the operations and management system may be operated by an operator. For example, the operator may determine an order of a first protection process and a second protection process present in the list of supported protection processes.
In an example, the operator may determine the second protection process has a higher priority than the first protection process. For example, the first protection process may rely on a 256 bit key. For example, the second protection process may rely on a 128 bit key.
In an example, the indication of the preferred key length of the key derived from the master key may indicate a preference for the 256 bit key. For example, the base station may determine to use the first protection process based on the indication of the preferred key length of the key derived from the master key. For example, the indication of the preferred key length of the key derived from the master key may take precedence over the higher priority second protection process.
In an example, the indication of the preferred key length of the key derived from the master key may be based on the configuration request message comprising a wireless device security capabilities information element. For example, the wireless device security capabilities information element may indicate the wireless device supports the first protection process and/or the second protection process.
In an example, the wireless device security capabilities information element may indicate support for both the first protection process and the second protection. For example, based on inclusion of the first protection process relying on the 256 bit key, the base station may prioritize the first protection process. For example, the base station may have the second protection process in the list of supported protection processes configured with the higher priority. For example, due to the wireless device security capabilities information element comprising the first protection process, the base station may select the first protection process, not allowed to select the second protection process and/or the like.
For example, the base station may not be allowed to select the second protection process based on the wireless device security capabilities information element indicating support for the first protection process based on the 256 bit key whilst the second protection process is based on the 128 bit key.
In an example, the base station may not be allowed to select the second protection process based on the indication of the preferred key length of the key derived from the master key wherein the preferred key length is 256 bits.
In an example, the base station may send a configuration response message. For example, the base station may send the configuration response message to the AMF.
In an example, the configuration response message may comprise an indication of the key length of the determined protection process. For example, the indication of the key length of the determined protection process may indicate the 256 bit key and/or the 128 bit key and/or the like.
In an example, the configuration request message may be a NGAP initial context setup request message. For example, the NGAP initial context setup request message may comprise the indication of the preferred key length of the key derived from the master key.
For example, the AMF may send the NGAP initial context setup request message to the base station. For example, the AMF may send the NGAP initial context setup request message to the base station.
In an example, the NGAP initial context setup request message may carry the indication for the preferred key length of the key derived from the master key in one or several of a UE security capabilities information element, a PDU session resource setup request transfer, a dedicated information element comprising a 256 bit policy for control plane and/or user plane and/or the like.
For example, the PDU session resource setup request transfer may comprise a security indication information element. For example, the security indication information element may comprise the indication of the preferred key length of the key derived from the master key and/or the like. For example, the PDU session resource request transfer may comprise per PDU session the indication for the preferred key length of the key derived from the master key.
In an example, the PDU session resource setup request transfer may originate from an SMF.
In an example, the dedicated information element comprising the 256 bit policy for control plane and/or user plane may be used by the base station to select the first protection process taking precedence over operator configured priority in the list of supported protection processes.
In an example, the configuration request message may be a handover request message. For example, the AMF may send the handover request message to the base station. In an example, the handover request message may comprise the indication for the preferred key length of the key derived from the master key.
For example, the indication for the preferred key length of the key derived from the master key may be carried in a security context information element. For example, the handover request message may comprise the security context information element.
For example, the indication for the preferred key length of the key derived from the master key may indicate a preference for the 256 bit key, the 128 bit key and/or the like.
In an example, the handover request message may comprise a first cause. For example, the first cause may comprise a first cause code.
In an example, the first cause code may indicate a second base station is unable to fulfil the indication for the preferred key length of the key derived from the master key. For example, the second base station may support the second protection process based on the 128 bit key and the indication for the preferred key length of the ley derived from the master key may indicate preference for the 256 bit key.
In an example, the first cause code may indicate the second base station does not have enough resources available to fulfil the indication for the preferred key length of the key derived from the master key.
In an example, the configuration response message may be a NGAP initial context setup response message.
In an example a PDU session resource setup response transfer information element may comprise the indication for the preferred key length of the key derived from the master key. For example, the PDU session resource setup response transfer information element may be carried in the NGAP initial context setup response message, a PDU session resource setup request and/or the like.
In an example a security result information element may comprise the indication for the preferred key length of the key derived from the master key. For example, the security result information element may indicate if integrity protection is performed and if integrity protection is performed in line/in compliance with the indication for the preferred key length of the key derived from the master key.
In an example the security result information element may comprise the indication for the preferred key length of the key derived from the master key. For example, the security result information element may indicate if integrity protection is performed and if integrity protection is not performed in line/in compliance with the indication for the preferred key length of the key derived from the master key.
For example, the security result information element may indicate the key length of the determined protection process e.g., 256 bit and/or 128 bit.
In an example the security result information element may comprise the indication for the preferred key length of the key derived from the master key. For example, the security result information element may indicate if confidentiality protection is performed and if confidentiality protection is not performed in line/in compliance with the indication for the preferred key length of the key derived from the master key.
In an example the security result information element may comprise the indication for the preferred key length of the key derived from the master key. For example, the security result information element may indicate if confidentiality protection is performed and if confidentiality protection is performed in line/in compliance with the indication for the preferred key length of the key derived from the master key.
In an example, an integrity protection result information element may indicate 128 bit or 256 bit e.g., indicating key length of the determined protection process.
In an example, the NGAP initial context setup response, the PDU session resource setup response transfer information element, a PDU session resource setup unsuccessful transfer information element, a PDU session resource setup response and/or the like may comprise the security result information element.
For example, the security result information element may be used in the NGAP initial context setup response message to indicate the key length for control plane protection. For example, the security result information element may be used for a PDU session to indicate the key length for user plane protection.
In an example, the configuration response message may be a handover preparation failure message. For example, the handover preparation failure message may comprise the first cause and/or the like.
In an example, a target to source failure transparent container may comprise the first cause. For example, the target may be the second base station and the source may be the base station.
In an example, the configuration response message may be a handover request acknowledge message. For example, the handover request acknowledge message may comprise the a result of the indication for the preferred key length of the key derived from the master key. For example, the result may indicate the preferred key length was fulfilled/not fulfilled, accepted/not accepted and/or the like.
In an example, the handover request acknowledge message may indicate the result per PDU session. For example, by including the security result information element per PDU session in the handover request acknowledge message and/or the like.
In an example, the base station may be a gNB, an ng-nodeB and/or the like. For example, the ng-nodeB may use protection processes associated with an EPS e.g., 4G system. For example, the protection processes available/supported in the EPS and a 5GS may be the same.
The proposed embodiment may provide information elements enhancing the 5GS to prioritize protection processes with 256 bit keys.
Similar to
In an example, an AMF may send an NGAP initial context setup request message (NGAP initial context setup) to the first base station. For example, the NGAP initial context setup request message may comprise a 256 bit requirement.
For example, the 256 bit requirement may apply to a key length of a protection process. For example, the 256 bit requirement may apply to protection of control plane signaling and/or user plane signaling. For example, the 256 bit requirement may indicate if the key length has to be 256 bit.
In an example, the 256 bit requirement may have a policy. For example, the policy may indicate a strength of the 256 bit requirement. For example, the strength may be a required, a preferred, a not needed and/or the like. For example, the required may imply the 256 requirement is mandatory for the first base station to fulfil. For example, the preferred may imply the 256 bit requirement is on an availability basis. For example, the availability basis may imply the first base station activates a protection process with a 256 bit key if the base station and a wireless device supports the protection process with the 256 bit key.
For example, if the base station supports a protection process with a 128 bit key and the wireless device supports the protection process with the 128 bit key, the first base station may select/activate the protection process with the 128 bit key.
For example, not needed may imply the wireless device does not support the protection process with the 256 bit key. For example, the first base station may not select the protection process with the 256 bit key.
In an example, the 256 bit requirement may apply to control plane signaling. For example, the first base station may select the protection process for user plane signaling without taking the 256 bit requirement into account when determining the protection process for user plane signaling.
In an example, the first base station may select the protection process based on the 256 bit requirement.
In an example, the first base station may activate the protection process with the 256 bit key with an AS SMC procedure.
In an example, the 256 bit requirement may be part of a security indication information element. For example, the security indication information element may indicate a user plane security enforcement. For example, the user plane security enforcement may indicate requirements for integrity protection, confidentiality protection, maximum data rate for integrity protection in uplink and/or downlink and/or the like.
In an example, the NGAP initial context setup request message may comprise the security indication information element.
In an example, the security indication information element may comprise a first parameter for a maximum integrity protected data rate uplink for the protection process with the 128 bit key, a second parameter for a maximum integrity protected data rate uplink for the protection process with the 256 bit key.
In an example, the security indication information element may comprise a third parameter for a maximum integrity protected data rate downlink for the protection process with the 128 bit key, a fourth parameter for a maximum integrity protected data rate downlink for the protection process with the 256 bit key.
In an example, the wireless device may need to use a different amount of processing power to handle integrity protection with the 128 bit key or the 256 bit key.
In an example, the 256 bit requirement may be based on an indication for a preferred key length of a key derived from a master key. For example, the indication for the preferred key length of the key derived from the master key may be based on a wireless device security capabilities information element indicating support for the protection process with the 256 bit key.
In an example, the NGAP initial context setup request message may comprise the wireless device security capabilities information element.
In an example, the first base station may send a handover required message (handover required). For example, the first base station may send the handover required message to the AMF. For example, the handover required message may comprise the 256 bit requirement. For example, the first base station may initiate a handover process. For example, the handover process may move the wireless device from the first base station to a second base station, a third base station and/or the like.
In an example, the AMF may send a first handover request message (first handover request). For example, the AMF may send the first handover request message to the second base station. For example, the first handover request message may comprise the 256 bit requirement.
In an example, the 256 bit requirement in the first handover request message may originate from the handover required message e.g., the first base station, the AMF, an SMF and/or the like.
In an example, the second base station may receive the first handover request message. For example, the second base station may receive the first handover request message from the AMF.
In an example, the second base station may be unable to fulfill the 256 bit requirement. For example, the second base station may support protection processes with 128 bit keys. For example, the 256 bit requirement may require the protection process with the 256 bit key.
In an example, the second base station may send a handover failure message (handover failure). For example, the handover failure message may be an NGAP message. For example, the second base station may send the handover failure message to the AMF. For example, the second base station may send the handover failure message to the AMF in response to not supporting the protection process with the 256 bit key, in response to receiving the first handover request message and/or the like.
In an example, the handover failure message may comprise a first cause. For example, the first cause may comprise a first cause code (cause code 256 bit not supported). For example, the first cause code may indicate the second base station is unable to fulfill the 256 bit requirement. For example, unable to fulfil the 256 bit requirement may imply the second base station does not support the protection process with the 256 bit key, the second base station and the wireless device supports different protection processes with the 256 bit key e.g., the second base station is unable to activate the protection process with the 256 bit key, the second base station has insufficient resources to activate the protection process with the 256 bit key, the second base station supports the protection process with the 128 bit key e.g., 256 bit not supported and/or the like.
In an example, the AMF may receive the handover failure message. For example, the AMF may receive the handover failure message from the second base station.
In an example, the AMF may send a handover preparation failure message (handover preparation failure). For example, the AMF may send the handover preparation failure message to the first base station. For example, the handover preparation failure message may comprise the first cause.
In an example, the first base station may receive the handover preparation failure message. For example, the first base station may receive the handover preparation failure message from the AMF.
In an example, the second base station may attempt to handover the wireless device to an another base station. For example, the first base station may determine the another base station based on the first cause. For example, the first base station may have a local configuration indicating the third base station can fulfil the 256 bit requirement. For example, the first base station may have received the local configuration based on earlier handover attempts e.g., successfully handed over the wireless device wherein the wireless device used the protection process with the 256 bit key with the first base station, provisioned from an operations and management system, from the AMF and/or the like.
In an example, the first base station may send a second handover required message (second handover required) to the AMF.
In an example, the AMF may send a second handover request message (second handover request) to the third base station. For example, the second handover request message may comprise the 256 bit requirement. For example, the AMF may have receive the 256 bit requirement from the second handover required message, from a wireless device context of the wireless device available locally in the AMF and/or the like.
In an example, the third base station may receive the second handover request. For example, the third base station may receive the second handover request from the AMF.
In an example, the third base station is able to fulfill the 256 bit requirement. For example, the third base station may support the protection process with the 256 bit key and/or the like.
In an example, the third base station may send a handover request acknowledging message (handover request acknowledge). For example, the third base station may send the handover request acknowledge message to the AMF.
The proposed embodiment may provide signaling to retain a key length during a handover procedure. For example, the wireless device may use the protection process with the 256 bit key before and after the handover procedure.
In an example a user plane security policy may comprise a 256 bit requirement (256 bit security requirement). For example, the user plane security policy may be referred to as a user plane security enforcement information, a security indication information element and/or the like. For example, the user plane security policy may be associated with a PDU session.
In an example, the user plane security policy may indicate the 256 bit requirement for a usage of a first protection process with a 256 bit key. For example, the 256 bit requirement may be required e.g., the usage of the first protection process requires the 256 bit key. For example, the 256 bit requirement may be preferred e.g., the usage of the first protection process may use the 256 bit key if possible. For example, the determining if possible may be based on matching support in a base station and a wireless device. For example, the wireless device and the base station may support the first protection process with the 256 bit key. For example, the base station may use a 128 bit key if the wireless device and the base station does not support the first protection process with the 256 bit key.
In an example, the 256 bit requirement may indicate not needed. For example, not needed may imply the usage of the first protection process with the 128 bit key.
In an example, the user plane security policy may have a first 256 bit requirement for integrity protection, a second 256 bit requirement for confidentiality protection, a common 256 bit requirement for integrity protection and confidentiality protection and/or the like.
In an example, the 256 bit requirement may be part of a integrity protection field of the user plane security policy, a part of a confidentiality protection field of the user plane security policy, a separate information element in the user plane security policy and/or the like.
In an example, the user plane security policy may comprise a field 256bitTo128bitAllowed. For example, the field 256bitTo128bitAllowed may be referred to as 256bitRequiredorPreferred, 256bitprotection RequiredorPreferred and/or the like.
In an example, the field 256bitTo128bitAllowed may be set to 0/false when the PDU session is not allowed to downgrade from the 256 bit key to the 128 bit key. For example, the field 256bitTo128bitAllowed may be 1/true when the PDU session is allowed to downgrade from the 256 bit key to the 128 bit key. For example, the downgrade may be allowed when the user plane security policy indicates the 256 bit requirement preferred. For example, preferred may use the 256 bit key when possible.
In an example, the user plane security policy may indicate the 256 bit requirement as preferred. For example, the base station may use the first protection process with the 256 bit key. For example, the first base station may set the field 256bitTo128bitAllowed to 0. For example, the PDU session may use the 128 bit key until the 256 bit key has been activated for the PDU session e.g., upgrade is allowed but not downgrade.
In an example, the 256 bit requirement for the PDU session may indicate required. For example, the field 256bitTo128bitAllowed may be set to 0. For example, the base station may not use the 128 bit key for the PDU session.
In an example, the user plane security policy may have a maximum integrity protected data rate downlink field. For example, the maximum integrity protected data rate downlink field may indicate a first speed for integrity protection with the 256 bit key.
In an example, the user plane security policy may have a maximum integrity protected data rate uplink field. For example, the maximum integrity protected data rate uplink field may indicate a second speed for integrity protection with the 256 bit key.
The proposed embodiment may provide information elements to provide guidance considering different key lengths for protection processes associated with the PDU session.
In an example, a wireless device may send a PDU session establishment request message. For example, the PDU session establishment request message may be carried in an uplink NAS transport message (UL NAS transport message).
In an example, the wireless device may send the PDU session establishment request message requesting a PDU session.
In an example, the PDU session establishment request message may comprise an indication for an initial request, a security capabilities and/or the like. For example, the initial request may refer to the PDU session not yet existing e.g., the PDU session is new and/or the like.
In an example, the security capabilities may indicate which security processes are supported by the wireless device.
In an example, the wireless device may send the PDU session establishment request message for the PDU session to an AMF.
In an example, the AMF may receive the PDU session establishment request message. For example, the AMF may receive the PDU session establishment request message from the wireless device.
In an example, the AMF may need to determine an SMF to handle the PDU session establishment request message.
In an example, the security capabilities may indicate the wireless device supports a first protection process using a 256 bit key. For example, the AMF may attempt to locate the SMF that can handle a user plane security policy taking a key length into account. For example, the user plane security policy may be constructed as described in
In an example, the AMF may have received the security capabilities in an earlier message exchange with the wireless device. For example, the AMF may have received the security capabilities in a registration request message.
In an example, the AMF may have the security capabilities available in the AMF's local memory.
For example, the AMF may determine the SMF supporting the user plane security policy taking the key length into account based on the inclusion of the first protection process using the 256 bit key in the security capabilities.
In an example, the AMF may have local configuration available with an address of the SMF.
In an example, the AMF may need to request the address of the SMF from a UDM.
In an example, the AMF may send a first Nudm_SDM_Get request. For example, the first Nudm_SDM_get request may comprise an indication for requesting a network function of a type, a capability to handle the user plane security policy taking the key length into account (256 bit security policy).
For example, the network function of the type may be the SMF.
In an example, the AMF may send the first Nudm_SDM_Get request to the UDM.
In an example, the UDM may receive the first Nudm_SDM_Get request.
In an example, the UDM may send a first Nudm_SDM_get response. For example, the UDM may send the first Nudm_SDM_get response to the AMF. For example, the first Nudm_SDM_get response may comprise the address of the SMF. For example, the SMF may have the capability to handle the user plane security policy taking the key length into account.
In an example, the AMF may send a Nsmf_PDUSession_CreateSMContext request message to the SMF. For example, the Nsmf_PDUSession_CreateSMContext request may comprise a SUPI of the wireless device.
In an example, the SMF may receive the Nsmf_PDUSession_CreateSMContext request message.
In an example, the SMF may retrieve the user plane security policy from the UDM.
In an example, the SMF may send a second Nudm_SDM_Get request to the UDM. For example, the second Nudm_SDM_Get request may comprise the SUPI, a first field requesting the user plane security policy, a second field requesting the user plane security policy with a 256 bit requirement.
For example, the 256 bit requirement may be used to retrieve guidance for requirements on usage of security processes, e.g., if its required/preferred/not needed to use the 256 bit key.
In an example, the UDM may send a second Nudm_SDM_Get response to the SMF. For example, the UDM may send the second Nudm_SDM_Get response to the SMF in response to receiving the second Nudm_SDM_Get request.
In an example, the second Nudm_SDM_Get response may comprise the user plane security policy (256 bit security policy).
In an example, the SMF may select a UPF for the PDU session.
In an example, the SMF may send a Nsmf_PDUsession_CreateSMContext response message to the AMF. For example, the SMF may send the Nsmf_PDUsession_CreateSMContext response in response to receiving the Nsmf_PDUsession_CreateSMContext request message. In an example, the Nsmf_PDUsession_CreateSMContext response message may comprise an session management context identifier (SM context ID). For example, the Nsmf_PDUsession_CreateSMContext response message comprising the SM context ID may indicate the SMF has successfully processed the PDU session establishment request message.
In an example, the SMF may send a Namf_Communication_N1N2MessageTransfer. For example, the Namf_Communication_N1N2MessageTransfer may be sent via the AMF to a base station and the wireless device.
For example, the Namf_Communication_N1N2MessageTransfer may comprise a user plane security enforcement information. For example, the user plane security enforcement information may be based on the user plane security policy. For example, the user plane security enforcement information may comprise the 256 bit requirement (256 bit security policy).
In an example, the AMF may send a PDU resource setup request to the base station. For example, the PDU resource setup request may comprise the user plane security enforcement information with the 256 bit requirement (256 bit security policy), an N1 message and/or the like.
For example, the base station may use the user plane security enforcement information to activate security according to the 256 bit requirement.
For example, the N1 message may indicate the PDU session is accepted e.g., established. In an example, the base station may send the N1 message to the wireless device.
In an example, the base station may send a PDU session resource setup response to the AMF. For example, the PDU session resource setup response may comprise a security result. For example, the security result may indicate a 256 bit security.
For example, the 256 bit security may indicate if integrity protection is performed with the 256 bit key, if ciphering/confidentiality protection is performed with the 256 bit key, if integrity protection is not performed with the 256 bit key, if ciphering/confidentiality protection is not performed using the 256 bit key and/or the like.
In an example, the AMF may send a Nsmf_PDUSession_UpdateSMContext Request. For example, the AMF may send the Nsmf_PDUSession_UpdateSMContext request to the SMF. For example, the Nsmf_PDUSession_UpdateSMContext may comprise the security result.
In an example, the SMF may set a 256bitTo128bitAllowed field of the user plane security policy. For example, the SMF may set the 256bitTo128bitAllowed field in response to receiving the security result. For example, if the security result indicates activation of the 256 bit key, the 256bitTo128bitAllowed field may be set to 0 e.g., downgrade to a 128 bit key is not allowed. For example, if the security result indicates no activation of the 256 bit key e.g., usage of the 128 bit key, the SMF may set the 256bitTo128bitAllowed field to 1 e.g., downgrade/usage of the 128 bit key is allowed and/or the like.
In an example, the SMF may save the user plane security policy, the security result, the 256bitTo128bitAllowed field as part of a session management (SM) context. For example, the SM context may be associated with the PDU session.
The proposed embodiment may provide signaling to transfer information elements for guidance considering different key lengths for protection processes associated with the PDU session.
In an example, a wireless device may have an RRC connection established with a first base station. For example, the RRC connection may be used to carry data of a PDU session. For example, the PDU session may comprise a first DRB and a second DRB.
Similar to
In an example, the first base station may send a secondary node (SN) addition request message (SN addition/modification request message). For example, the SN addition request message may comprise a KSN, a wireless device security capabilities, a UP security policy, an indication of a preferred key length of a key derived from a master key.
For example, the first base station may send the SN addition request message to the second base station.
In an example, the second base station may receive the SN addition request message. For example, the second base station may receive the SN addition request message from the first base station.
In an example, the wireless device security capabilities may indicate support for a first protection process using a first 256 bit key, a second protection process using a first 128 bit key and/or the like.
In an example, the indication of the preferred key length of the key derived from the master key may be based on the inclusion of the first protection process using the first 256 bit key in the wireless device security capabilities, the UP security policy comprising a 256 bit requirement, a field in the SN addition request message. For example, the field may comprise a string value. For example, the string value may be 256 bit required, 256 bit prioritized, 256 bit preferred and/or the like.
In an example, the second base station may perform a capability negotiation. For example, the capability negotiation may refer to the second base station determining a protection process to use.
For example, the second base station may have a local list of supported protection processes with protection processes sorted according to a priority. For example, an operator may determine the priority. For example, the local list of supported protection processes may comprise the first protection process with the first 256 bit key, the second protection process with the first 128 bit key. For example, the second protection process may have higher priority than the first protection process.
In an example, the wireless device security capabilities may indicate support for the first protection process and the second protection process.
For example, based on the local list of supported protection processes, the second base station may determine based on the priority the second protection process with the first 128 bit key.
In an example, the base station may determine the protection process based on the local list of supported protection processes and the indication of the preferred key length of the key derived from the master key. For example, the second base station may determine the first protection process with the first 256 bit key.
In an example, the indication of the preferred key length of the key derived from the master key may apply to user plane and/or control plane. For example, the second base station may setup a signaling bearer with the wireless device.
In an example, the second base station may send a SN addition request acknowledge message to the first base station. For example, the SN addition request acknowledge message may comprise an identifier of the determined protection process, a UP integrity protection and/or encryption indications.
For example, the identifier of the determined protection process may be associated with the first protection process with the first 256 bit key.
For example, the UP integrity protection and/or encryption indication may indicate if integrity protection and/or encryption is performed, not performed, performed according to the indication of the preferred key length of the key derived from the master key and/or the like.
In an example, the first DRB may use the first protection process with the first 256 bit key. For example, the first DRB may be setup between the wireless device and the first base station. For example, the indication of the preferred key length of the key derived from the master key in the SN addition request message may indicate 256 bit. For example, the preferred key length of the key derived from the master key may be set to 256 bit in response to the first DRB using the first protection process with the first 256 bit key, the second DRB using the first protection process with the first 256 bit key prior to offloading the second DRB to the second base station and/or the like.
In an example, the first base station may be a first gNB, a first ng-eNodeB, a first eNodeB and/or the like.
In an example, the second base station may be a second gNB, a second ng-eNodeB, a second eNodeB and/or the like.
In an example, the master key may be the KSN In an example, the key derived from the master key may be a KRRCint, a KRRCenc, a KUPint, a KUPenc and/or the like.
The proposed embodiment may provide signaling for guidance considering different key lengths for protection processes in dual connectivity.
In an example, a wireless device may establish a 3GPP access path with a 5GC via a base station. For example, the 3GPP access path may imply signaling from the wireless device is carried via the base station to the 5GC.
Similar to the
In an example, a SMF may send a Namf_Communication_N1N2MessageTransfer to an AMF. For example, the Namf_Communication_N1N2MessageTransfer may comprise a N1 session management (SM) container.
In an example, the N1 SM container may comprise a PDU session ID, a non-3GPP access path restriction and/or the like.
For example, the non-3GPP access restriction may be used to indicate the PDU session cannot be moved to a non-3GPP access path, the PDU session may not be moved to the non-3GPP access path when the 3GPP access path uses a protection process with a 256 bit key for protection of the PDU session, and/or the like.
For example, a non-3GPP access path may rely on ipsec to provide security. For example, ipsec may rely on a security process with a 128 bit key. For example, the SMF may be unable to verify if a user plane security policy is enforced for the PDU session over the non-3GPP access path. For example, the user plane security policy may apply to the 3GPP access path.
In an example, the non-3GPP access restriction may indicate the wireless device may not attempt to transfer the PDU session from the 3GPP access path to the non-3GPP access path.
In an example, the AMF may receive the Namf_Communication_N1N2MessageTransfer.
In an example, the AMF may send a PDU session resource setup request to the base station. For example, the PDU session resource setup request may comprise the N1 SM container.
In an example, the base station may receive the PDU session resource setup request.
In an example, the base station may send the N1 SM container to the wireless device. For example, the N1 SM container may be sent in a NAS message.
In an example, the wireless device may receive the N1 SM container. For example, the wireless device may based on the non-3GPP access path restriction not attempt to transfer the PDU session from the 3GPP access path to the non-3GPP access path and/or the like.
In an example, the non-3GPP access path restriction may be an information element in the N1 SM container. For example, the information element may comprise of a field. For example, the field may be set to 1/true/active to indicate the non-3GPP access path restriction applies to the PDU session identified by the PDU session ID and/or the like. For example, the non-3GPP access path restriction may apply when the PDU session is protected with the protection process with the 256 bit key over the 3GPP access path.
In an example, the information element may be a payload container information element identifier (IEI). For example, the payload container IEI may comprise a payload container field. For example, the payload container contents field. For example, the payload container contents field may comprise the non-3GPP access path restriction.
For example, the field may be set to 0 to indicate the non-3GPP access path restriction does not apply to the PDU session identified by the PDU session ID and/or the like. For example, the non-3GPP access path restriction may not apply when the PDU session is protected with the protection process with the 128 bit key over the 3GPP access path.
In an example, not depicted, the SMF may receive a second PDU session establishment request. For example, the second PDU session establishment request may comprise the PDU session ID, an indication for non-3GPP access and/or the like. For example, the SMF may reject the second PDU session request. For example, the SMF may reject the second PDU session request based on the non-3GPP access restriction for the PDU session.
The provided embodiment may provide signaling to avoid downgrading security for the PDU session.
In an example, a first base station may determine to handover a wireless device from the first base station to a second base station.
In an example, the first base station may send a handover request message to the second base station. For example, the first base station may send the handover request message over an Xn interface to the second base station.
In an example, the handover request message may comprise an indication of a preferred key length of a key derived from a master key, a PDU session, a UP security policy with 256 bit requirement and/or the like.
For example, the UP security policy with 256 bit requirement may apply to the PDU session. For example, the indication of the preferred key length of the key derived from the master key may indicate a preference for a key length of an integrity protection key, a confidentiality protection key. For example, the integrity protection key and/or the confidentiality key may be used for protection of signaling in control plane and/or user plane.
In an example, the second base station may be able to fulfill a 256 bit requirement in the UP security policy with 256 bit requirement e.g., the second base station supports a first protection process with a 256 bit key and the 256 bit requirements indicates a the 256 bit key is required and/or preferred.
In an example, the second base station may send a handover request acknowledge message to the first base station. For example, the second base station may send the handover request acknowledge message to the first base station based on fulfilling the UP security policy with 256 bit requirement, fulfilling the indication for the preferred key length of the key derived from the master key, and/or the like.
In an example, the second base station may be unable to fulfill the UP security policy with 256 bit requirement. For example, the second base station may support a second protection process with a 128 bit key.
In an example, the second base station may send a handover preparation failure message to the first base station. For example, the second base station may send the handover preparation failure message to the first base station in response to being unable to fulfil the UP security policy with 256 bit requirement, unable to fulfil the indication of the preferred key length of the key derived from the master key and/or the like.
The proposed embodiment may provide means to handle 256 bit security at Xn handover.
In an example, the second base station may receive the handover request message.
In an example, the base station may receive a 256 bit KgNB from an AMF. For example, the base station may receive the 256 bit KgNB in an NGAP initial context setup request message, a NGAP UE context modification request message and/or the like.
In an example, the base station may receive a PDU session resource setup request. For example, the base station may receive the PDU session resource setup request from the AMF.
In an example, the PDU session resource setup request may comprise a PDU setup request transfer. For example, the PDU setup request transfer may originate from an SMF e.g., contents of the PDU setup request transfer may be transparent to the AMF, generated by the SMF and/or the like.
In an example, the PDU setup request transfer may comprise a security indication. For example, the security indication may indicate requirements on integrity and/or confidentiality protection for a PDU session associated with the PDU session resource setup request.
In an example, the security indication may comprise a 256 bit security policy. For example, the 256 bit security policy may apply to integrity protection and/or confidentiality protection of the PDU session.
For example, the 256 bit security policy may indicate required, preferred, not needed.
In an example, the 256 bit security policy may indicate required. For example, the base station may support a first protection process with a 256 bit key. For example, supporting the protection process with the 256 bit key may imply fulfilling the 256 bit security policy indicating required.
In an example, the base station may select the first protection process with the 256 bit key.
In an example, the base station may set a 256bitTo128bitAllowed field to false/0 e.g., the PDU session may not use a 128 bit key. For example, the key may be a KUPint, a KUPenc and/or the like. For example, the 256bitTo128bitAllowed field may be part of the security indication. For example, upon reception of the security information from the AMF, the 256bitTo128bitAllowed field may be empty/undefined/not hold any value.
In an example, the base station may derive the KUPint, and/or the KUPenc with 256bits. For example, the base station may derive the KUPint, and/or the KUPenc with 256bits based on the 256 bit security policy indicating required, the base station selecting the first protection process with the 256 bit key and/or the like.
In an example, the base station may not support the first protection process with the 256 bit key e.g., is unable to fulfil the 256 bit security policy. For example, the base station may reject the PDU session in response to being unable to fulfil the 256 bit security policy.
In an example, the 256 bit security policy may indicate preferred.
For example, the base station may support the first protection process with the 256 bit key. For example, the base station may set the 256bitTo128bitAllowed field to true/1. For example, setting the 256bitTo128bitAllowed field to true/1 may imply the PDU session accepts the 128 bit key when the first protection process with the 256 bit key is not available, the PDU session uses the first protection process with the 256 bit key when available and/or the like.
In an example, the base station may not support the first protection process with the 256 bit key. For example, the base station may support a second protection process with the 128 bit key. For example, the base station may select the second protection process with the 128 bit key if the 256 bit security policy indicates preferred.
In an example, the base station may derive the KUPint, and/or the KUPenc with 256 bits based on supporting the first protection process with the 256 bit key and/or the 256 bit security policy indicating preferred and/or supporting the second protection process with the 128 bit key and/or the second protection process being configured with a higher priority than the first protection process according to an operator and/or the like.
In an example, the base station may derive the KUPint, and/or the KUPenc with 128 bits based on supporting the second protection process with the 128 bit key and/or the 256 bit security policy indicating preferred and/or not supporting the first protection process with the 256 bit key and/or the like.
In an example, the 256 bit security policy may indicate not needed. For example, the base station may select the second protection process with the 128 bit key. For example, not needed may imply not using the 256 bit key. For example, not needed may be used as an indication to a fallback procedure. For example, the fallback procedure may refer to selecting the second protection process with the 128 bit key from a local list of supported protection processes in the base station. For example, the local list of supported protection processes may be prioritized according to an operator's choice. For example, the legacy behavior may not use the 256 bit security policy and/or the like.
In an example, the 256 bit security policy may indicate not needed. For example, the base station may select the protection process based on the legacy behavior. For example, the fallback procedure may refer to selecting the second protection process according to the operator's choice of prioritization in the local list of supported protection processes. For example, the base station may select the first protection process with the 256 bit key if the first protection process has a higher priority than the second protection process with the 128 bit key or vice versa.
In an example, the base station may derive the KUPInt, and/or the KUPenc with 256 bits if the 256 bit security requirement indicates not needed and the first protection process with the 256 bit key has the higher priority over the second protection process with the 128 bit key.
In an example, the base station may derive the KUPint, and/or the KUPenc with 128 bits if the 256 bit security requirement indicates not needed and the first protection process with the 256 bit key has a lower priority than the first protection process with the 256 bit key.
In an example, the base station may send a PDU session resource setup response. For example, the base station may send the PDU session resource setup response to the AMF. For example, the PDU session resource setup response may comprise a security result.
In an example, the security result may comprise an indication for 256 bit security. For example, the indication for 256 bit security may indicate 256 bit, true, 1, active, performed, activated and/or the like. For example, if the base station selects the first protection process with the 256 bit key, the indication for 256 bit may indicate 256 bit and/or the like.
In an example, the indication for 256 bit security may indicate 128 bit, false, 0, not active, not performed, not activated, inactive and/or the like. For example, if the base station selects the second protection process with the 128bit key, the indication for 256 bit may indicate inactive and/or the like.
In an example, the 256bitTo128bitAllowed field may be part of the PDU session resource setup response.
In an example, the base station may receive a configuration request message from an AMF. For example, the configuration request message may be indicating a preferred key length of a key derived from a master key. For example, the configuration request message may comprise an indication for the preferred key length of the key derived from the master key.
For example, the configuration request message may be an NGAP initial context setup request message, a PDU resource setup request message, a handover request, an NGAP UE context modification request message and/or the like.
In an example, the master key may be a KgNB, a KSN, a KNG-RAN* a next hop (NH) and/or the like. In an example, the key derived from the master key may be a KRRCint, a KRRCenc, a KUPint, a KUPenc and/or the like.
For example, the preferred key length of the key derived from the master key may indicate 128 bit, 256 bit, 512 bit and/or the like. For example, the indication for the preferred key length of the key derived from the master key may be based on inclusion of a wireless device security capabilities in the configuration request message, a field in the configuration request message and/or the like.
In an example, the indication for the preferred key length of the key derived from the master key may be based on the wireless security capabilities indicating support for a protection process using a 256 bit key. For example, the wireless security capabilities may comprise an identifier associated with the protection process using the 256 bit key.
In an example, the field may be a 256 bit security information element. For example, the 256 bit security information element may indicate 128 bit, 256 bit, 512 bit and/or the like. For example, the 256 bit information element may indicate a first preferred key length for integrity protection, a second preferred key length for confidentiality protection, a common preferred key length for integrity and confidentiality protection and/or the like.
In an example, the base station may determine a protection process. For example, the base station may select the protection process with a purpose of providing confidentiality and/or integrity protection for signaling between a wireless device and the base station.
In an example, the base station may determine the protection process based on a local list of supported protection processes. For example, the local list of protection processes may be sorted according to a priority of an operator.
For example, the base station may select the protection process with the highest priority in the local list of supported protection processes.
In an example, the base station may select the protection process based on the local list of supported protection processes and/or the indication for the preferred key length of the key derived from the master key.
In an example, the local list of supported protection processes may comprise a first protection process and a second protection process and/or the like. For example, the first protection process may have the highest priority according to the operator and the second protection process may fulfil the preferred key length of the key derived from the master key. For example, the base station may determine the second protection process. For example, the preferred key length of the key derive from the master key may take precedence over the highest priority according to the operator.
In an example, the base station may determine the protection process based on the indication for the preferred key length of the key derived from the master key and/or the local list of supported protection processes and/or the wireless device security capabilities. For example, the base station may determine the first protection process if it is present in the local list of supported protection processes and the wireless device security capabilities and/or the like.
In an example, the base station may send a configuration response message. For example, the base station may send the configuration response message to the AMF. For example, the configuration response message may indicate a first key length of the determined protection process (indicating a key length of the determined protection process).
For example, the configuration response message may be an NGAP initial context setup response message, an NGAP handover request acknowledge message, an NGAP handover failure message, an NGAP PDU session resource setup response and/or the like.
In an example, the first key length of the determined protection process may indicate if the preferred key length of the key derived from the master key could be fulfilled. For example, if the preferred key length of the key derived from the master key and the first key length of the determined protection process are the same, the base station may be fulfilling the preferred key length of the key derived from the master key.
In an example, the first key length of the determined protection process may apply to control plane integrity protection and/or control plane confidentiality protection and/or user plane integrity protection and/or user plane confidentiality protection and/or the like.
In an example, the first key length of the determined protection process may be part of a first information element. For example, the first information element may comprise a first field for control plane integrity protection, a second field for control plane confidentiality protection, a third field for user plane integrity protection, a fourth field for user plane confidentiality protection and/or the like. For example, each field in the first information element may indicate key length.
For example, the configuration response message may comprise the first information element.
In an example, a base station may receive from an AMF, a configuration request message indicating a preferred key length of a key derived from a master key.
For example, the base station may be a gNB, an NG-eNodeB and/or the like. For example, the configuration request message may be an NGAP initial context setup request message, a PDU resource setup request message, a handover request, an NGAP UE context modification request message and/or the like.
In an example, the preferred key length may be 128 bit, 256 bit, 512 bit and/or the like.
In an example, the master key may be a KgNB, a KSN, a NH, a KNG-RAN* and/or the like.
In an example, the key derived from the master key may be a KRRCint, a KRRCenc, a KUPint, a KUPenc and/or the like.
In an example, indicating the preferred key length of the key derived from the master key may refer to an indication for the preferred key length of the key derived from the master key.
In an example, the indication for the preferred key length of the key derive from the master key may be based on inclusion of a 256 bit protection process in a wireless device security capability (user equipment (UE) 5G security capability/wireless device security capabilities). For example, the 256 bit protection process may imply a 256 bit key length. For example, the preferred key length may correspond to a protection process in the wireless device security capability with the longest key length. For example, the wireless device security capability may indicate support for a first protection process with a 128 bit key length and a second protection process with a 256 bit key length. For example, the preferred key length may be 256 bit.
In an example, the configuration request message may comprise an activation rule for the preferred key length of the key. For example, the activation rule may indicate required, preferred, not needed.
In an example, required, preferred, not needed may be referred to as a requirement to activate the preferred key length of the key.
In an example, the preferred key length of the key may be applied to integrity protection activation, confidentiality protection activation, integrity protection of control plane signaling, confidentiality protection of control plane signaling, integrity protection of user plane signaling, confidentiality protection of user plane signaling and/or the like.
In an example, the preferred key length of the key may be part of a user plane security policy.
In an example, the base station may determine a protection process. For example, the base station may determine the protection process based on a list of protection processes supported by the base station and the preferred key length of the key derived from the master key.
In an example, the list of supported protection processes may comprise the first protection process with the 128 bit key and the second protection process with the 256 bit key. For example, an operator may determine a priority in the list of supported protection processes. For example, the operator may determine the priority for the first protection process with the 128 bit key.
In an example, the base station may based on the list of supported protection processes and the preferred key length of the key derived from the master key indicating the preferred key length is 256 bit determine the second protection process with the 256 bit key (protection process). For example, the preferred key length of the key derived from the master key may take precedence over the priority set by the operator.
In an example, the base station may send a configuration response message to the AMF. For example, the configuration response message may indicate a key length of the determined protection process (indicating a key length of the determined protection process).
In an example, the configuration response message may be an NGAP initial context setup response message, an NGAP handover request acknowledge message, an NGAP handover failure message, an NGAP PDU session resource setup response and/or the like.
In an example, indicating the key length of the determined protection process may refer to indicating which key length the determined protection process uses.
In an example, indicating the key length of the determined protection process may refer to indicating if ciphering and/or integrity protection has been activated for user plane and/or control plane and indicating if the preferred key length of the key derived from the master key was fulfilled.
In an example, the configuration response message may comprise an information element. For example, the information element may comprise a first key length for integrity protection of control plane, a second key length for integrity protection of user plane, a third key length for ciphering of control plane, a fourth key length for ciphering of user plane and/or the like.
This application claims the benefit of U.S. Provisional Application No. 63/615,398, filed Dec. 28, 2023, which is hereby incorporated by reference in its entirety.
| Number | Date | Country | |
|---|---|---|---|
| 63615398 | Dec 2023 | US |
