WO2025123706A1 - Procédés et appareils pour prendre en charge de multiples accès d'un ue à un réseau central - Google Patents

Procédés et appareils pour prendre en charge de multiples accès d'un ue à un réseau central Download PDF

Info

Publication number
WO2025123706A1
WO2025123706A1 PCT/CN2024/109464 CN2024109464W WO2025123706A1 WO 2025123706 A1 WO2025123706 A1 WO 2025123706A1 CN 2024109464 W CN2024109464 W CN 2024109464W WO 2025123706 A1 WO2025123706 A1 WO 2025123706A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
network
3gpp network
ran
amf
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
PCT/CN2024/109464
Other languages
English (en)
Inventor
Congchi ZHANG
Mingzeng Dai
Shuigen Yang
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Lenovo Beijing Ltd
Original Assignee
Lenovo Beijing Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Lenovo Beijing Ltd filed Critical Lenovo Beijing Ltd
Priority to PCT/CN2024/109464 priority Critical patent/WO2025123706A1/fr
Publication of WO2025123706A1 publication Critical patent/WO2025123706A1/fr
Pending legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security

Definitions

  • the present disclosure relates to wireless communications, and more specifically to methods and apparatuses for supporting multiple accesses of a user equipment (UE) to a core network.
  • UE user equipment
  • a wireless communications system may include one or multiple network communication devices, such as base stations (BSs) , which may support wireless communications for one or multiple user communication devices, which may be otherwise known as UE, or other suitable terminology.
  • the wireless communications system may support wireless communications with one or multiple user communication devices by utilizing resources of the wireless communication system (e.g., time resources (e.g., symbols, slots, subframes, frames, or the like) or frequency resources (e.g., subcarriers, carriers, or the like) .
  • the wireless communications system may support wireless communications across various radio access technologies including third generation (3G) radio access technology, fourth generation (4G) radio access technology, fifth generation (5G) radio access technology, among other suitable radio access technologies beyond 5G (e.g., sixth generation (6G) ) .
  • the phrase “based on” shall not be construed as a reference to a closed set of conditions.
  • an example step that is described as “based on condition A” may be based on both a condition A and a condition B without departing from the scope of the present disclosure.
  • the phrase “based on” shall be construed in the same manner as the phrase “based at least in part on. "
  • a "set" may include one or more elements.
  • Some implementations of the methods and apparatuses described herein may include network node in a core network.
  • the network node may include: at least one memory; and at least one processor coupled with the at least one memory and configured to cause the network node to: perform a first access procedure with a UE for access of the UE to the core network via a first 3rd generation partnership project (3GPP) network; perform a first key deriving procedure for deriving first key (s) for access stratum operation in the first 3GPP network based on a root key; perform a second access procedure with the UE for access of the UE to the core network via a second 3GPP network; and perform a second key deriving procedure for deriving second key(s) for access stratum operation in the second 3GPP network based on the root key, wherein the second key (s) is independent of the first key (s) .
  • 3GPP 3rd generation partnership project
  • the network node is an authentication server function (AUSF)
  • the first key (s) comprises a first security anchor function (SEAF) key for a first SEAF associated with the first 3GPP network
  • the second key(s) comprises a second SEAF key for a second SEAF associated with the second 3GPP network
  • the first key deriving procedure comprises deriving the first SEAF key based on an AUSF key and a first access type indicator associated with the first 3GPP network, wherein the AUSF key is based on the root key
  • the second key deriving procedure comprises deriving the second SEAF key based on the AUSF key and a second access type indicator associated with the second 3GPP network.
  • the network node is an SEAF
  • the first key (s) comprises a first access and mobility management function (AMF) key for a first AMF associated with the first 3GPP network
  • the second key (s) comprises a second AMF key for a second AMF associated with the second 3GPP network
  • the first key deriving procedure comprises deriving the first AMF key based on an SEAF key and a first access type indicator associated with the first 3GPP network, wherein the SEAF key is based on the root key
  • the second key deriving procedure comprises deriving the second AMF key based on the SEAF key and a second access type indicator associated with the second 3GPP network.
  • the network node is an AMF
  • the first key (s) comprises a first radio access network (RAN) key for a first RAN node associated with the first 3GPP network
  • the second key (s) comprises a second RAN key for a second RAN node associated with the second 3GPP network
  • the first key deriving procedure comprises deriving the first RAN key based on an AMF key and a first access type indicator associated with the first 3GPP network, wherein the AMF key is based on the root key
  • the second key deriving procedure comprises deriving the second RAN key based on the AMF key and a second access type indicator associated with the second 3GPP network.
  • the network node is an AMF
  • the first key (s) comprises a first next hop (NH) parameter for a first RAN node associated with the first 3GPP network
  • the second key (s) comprises a second NH parameter for a second RAN node associated with the second 3GPP network
  • the first key deriving procedure comprises deriving the first NH parameter based on an AMF key and a first access type indicator associated with the first 3GPP network, wherein the AMF key is based on the root key
  • the second key deriving procedure comprises deriving the second NH parameter based on the AMF key and a second access type indicator associated with the second 3GPP network.
  • the network node is an AMF
  • the first key (s) comprises a first RAN key for a first RAN node associated with the first 3GPP network
  • the second key (s) comprises a second RAN key for a second RAN node associated with the second 3GPP network
  • the at least one processor is further configured to cause the network node to: derive a common RAN key based on an AMF key which is based on the root key; wherein: the first key deriving procedure comprises deriving the first RAN key based on the common RAN key and a first counter value associated with the first 3GPP network; and the second key deriving procedure comprises deriving the second RAN key based on the common RAN key and a second counter value associated with the second 3GPP network.
  • the network node is an AMF
  • the first key (s) comprises a first NH parameter for a first RAN node associated with the first 3GPP network
  • the second key (s) comprises a second NH parameter for a second RAN node associated with the second 3GPP network
  • the at least one processor is further configured to cause the network node to: derive a common NH parameter based on an AMF key which is based on the root key; wherein: the first key deriving procedure comprises deriving the first NH parameter based on the common NH parameter and a first counter value associated with the first 3GPP network; and the second key deriving procedure comprises deriving the second NH parameter based on the common NH parameter and a second counter value associated with the second 3GPP network.
  • the network node is an AMF
  • the first key (s) comprises a first RAN key for a first RAN node associated with the first 3GPP network
  • the second key (s) comprises a second RAN key for a second RAN node associated with the second 3GPP network
  • the at least one processor is further configured to cause the network node to: derive a common RAN key based on an AMF key which is based on the root key; wherein: the first key deriving procedure comprises transmitting the common RAN key and a first counter value associated with the first 3GPP network to a first RAN node associated with the first 3GPP network for the first RAN node to derive the first RAN key; and the second key deriving procedure comprises transmitting the common RAN key and a second counter value associated with the second 3GPP network to a second RAN node associated with the second 3GPP network for the second RAN node to derive the second RAN key.
  • the network node is an AMF
  • the first key (s) comprises a first NH parameter for a first RAN node associated with the first 3GPP network
  • the second key (s) comprises a second NH parameter for a second RAN node associated with the second 3GPP network
  • the at least one processor is further configured to cause the network node to: derive a common NH parameter based on an AMF key which is based on the root key; wherein: the first key deriving procedure comprises transmitting the common NH parameter and a first counter value associated with the first 3GPP network to a first RAN node associated with the first 3GPP network for the first RAN node to derive the first NH parameter; and the second key deriving procedure comprises transmitting the common NH parameter and a second counter value associated with the second 3GPP network to a second RAN node associated with the second 3GPP network for the second RAN node to derive the second NH parameter.
  • the network node is an AMF
  • the at least one processor is further configured to cause the network node to determine whether the first 3GPP network is a primary path or a secondary path for the UE to access the core network based on at least one of: whether the first access procedure is performed before or after the second access procedure; an indication included in an access request associated with the first access procedure; a traffic steering rule configured by a policy control function (PCF) ; an indication provided by the PCF or a peer AMF; or subscription information of the UE stored in a unified data management (UDM) .
  • PCF policy control function
  • UDM unified data management
  • the network node is an AMF
  • the at least one processor is further configured to cause the network node to: transmit, to a RAN node associated with the first 3GPP network, information indicating that the first 3GPP network is a primary path or a secondary path for the UE to access the core network, wherein the information includes at least one of: an indicator indicating that the first 3GPP network is the primary path or the secondary path; or information related to a traffic steering rule between the primary path and the secondary path.
  • Some implementations of the methods and apparatuses described herein may include a UE for wireless communication.
  • the UE may include: at least one memory; and at least one processor coupled with the at least one memory and configured to cause the UE to: perform a first access procedure for access to a core network via a first 3GPP network; derive first key (s) for access stratum operation in the first 3GPP network based on a root key; perform a second access procedure for access to the core network via a second 3GPP network; and derive second key(s) for access stratum operation in the second 3GPP network based on the root key, wherein the second key (s) is independent of the first key (s) .
  • the first key (s) comprises a first SEAF key for a first SEAF associated with the first 3GPP network derived based on an AUSF key and a first access type indicator associated with the first 3GPP network, wherein the AUSF key is based on the root key; and the second key (s) comprises a second SEAF key for a second SEAF associated with the second 3GPP network derived based on the AUSF key and a second access type indicator associated with the second 3GPP network.
  • the first key (s) comprises a first AMF key for a first AMF associated with the first 3GPP network derived based on an SEAF key and a first access type indicator associated with the first 3GPP network, wherein the SEAF key is based on the root key; and the second key (s) comprises a second AMF key for a second AMF associated with the second 3GPP network derived based on the SEAF key and a second access type indicator associated with the second 3GPP network.
  • the first key (s) comprises a first RAN key for a first RAN node associated with the first 3GPP network derived based on an AMF key and a first access type indicator associated with the first 3GPP network, wherein the AMF key is based on the root key; and the second key (s) comprises a second RAN key for a second RAN node associated with the second 3GPP network derived based on the AMF key and a second access type indicator associated with the second 3GPP network.
  • the first key (s) comprises a first NH parameter for a first RAN node associated with the first 3GPP network derived based on an AMF key and a first access type indicator associated with the first 3GPP network, wherein the AMF key is based on the root key; and the second key (s) comprises a second NH parameter for a second RAN node associated with the second 3GPP network derived based on the AMF key and a second access type indicator associated with the second 3GPP network.
  • the at least one processor is further configured to cause the UE to: derive a common RAN key based on an AMF key which is based on the root key; wherein: the first key (s) comprises a first RAN key for a first RAN node associated with the first 3GPP network derived based on the common RAN key and a first counter value associated with the first 3GPP network; and the second key (s) comprises a second RAN key for a second RAN node associated with the second 3GPP network derived based on the common RAN key and a second counter value associated with the second 3GPP network.
  • the at least one processor is further configured to cause the UE to: derive a common NH parameter based on an AMF key which is based on the root key; wherein: the first key (s) comprises a first NH parameter for a first RAN node associated with the first 3GPP network derived based on the common NH parameter and a first counter value associated with the first 3GPP network; and the second key (s) comprises a second NH parameter for a second RAN node associated with the second 3GPP network based on the common NH parameter and a second counter value associated with the second 3GPP network.
  • the processor may include: at least one controller coupled with at least one memory and configured to cause the processor to: perform a first access procedure for access to a core network via a first 3GPP network; derive first key (s) for access stratum operation in the first 3GPP network based on a root key; perform a second access procedure for access to the core network via a second 3GPP network; and derive second key (s) for access stratum operation in the second 3GPP network based on the root key, wherein the second key (s) is independent of the first key (s) .
  • Some implementations of the methods and apparatuses described herein may include a method performed by a UE.
  • the method may include: performing a first access procedure for access to a core network via a first 3GPP network; deriving first key (s) for access stratum operation in the first 3GPP network based on a root key; performing a second access procedure for access to the core network via a second 3GPP network; and deriving second key (s) for access stratum operation in the second 3GPP network based on the root key, wherein the second key (s) is independent of the first key (s) .
  • Some implementations of the methods and apparatuses described herein may include a method performed by a network node in a core network.
  • the method may include: performing a first access procedure with a UE for access of the UE to the core network via a first 3GPP network; performing a first key deriving procedure for deriving first key (s) for access stratum operation in the first 3GPP network based on a root key; performing a second access procedure with the UE for access of the UE to the core network via a second 3GPP network; and performing a second key deriving procedure for deriving second key (s) for access stratum operation in the second 3GPP network based on the root key, wherein the second key (s) is independent of the first key (s) .
  • Figure 1 illustrates an example of a wireless communications system in accordance with aspects of the present disclosure.
  • Figure 2 illustrates an exemplary key hierarchy generation scheme in a 5G system in accordance with aspects of the present disclosure.
  • Figure 3A illustrates an exemplary 5G and 6G dual-access scenario in accordance with aspects of the present disclosure.
  • Figure 3B illustrates an exemplary hybrid core network (CN) in accordance with aspects of the present disclosure.
  • Figure 4A illustrates an exemplary dual-access scenario in accordance with aspects of the present disclosure.
  • Figure 4B illustrates another exemplary dual-access scenario in accordance with aspects of the present disclosure.
  • Figure 5 illustrates yet another exemplary dual-access scenario in accordance with aspects of the present disclosure.
  • Figure 6 illustrates yet another exemplary dual-access scenario in accordance with aspects of the present disclosure.
  • Figure 7 illustrates a flowchart of an exemplary method for establishing 5G and 6G dual-access in accordance with aspects of the present disclosure.
  • Figure 8 illustrates a flowchart of an exemplary method performed by a network node in a CN in accordance with aspects of the present disclosure.
  • Figure 9 illustrates a flowchart of an exemplary method performed by a UE in accordance with aspects of the present disclosure.
  • Figure 10 illustrates an example of a network node in a CN in accordance with aspects of the present disclosure.
  • the one or more NEs 102 may be dispersed throughout a geographic region to form the wireless communications system 100.
  • One or more of the NEs 102 described herein may be or include or may be referred to as a network node, a base station, a network element, a network function, a network entity, a RAN, a NodeB, an eNodeB (eNB) , a next-generation NodeB (gNB) , or other suitable terminology.
  • An NE 102 and a UE 104 may communicate via a communication link, which may be a wireless or wired connection.
  • an NE 102 and a UE 104 may perform wireless communication (e.g., receive signaling, transmit signaling) over a Uu interface.
  • An NE 102 may provide a geographic coverage area for which the NE 102 may support services for one or more UEs 104 within the geographic coverage area.
  • an NE 102 and a UE 104 may support wireless communication of signals related to services (e.g., voice, video, packet data, messaging, broadcast, etc. ) according to one or multiple radio access technologies.
  • an NE 102 may be moveable, for example, a satellite associated with a non-terrestrial network (NTN) .
  • NTN non-terrestrial network
  • different geographic coverage areas associated with the same or different radio access technologies may overlap, but the different geographic coverage areas may be associated with different NEs 102.
  • a UE 104 may be able to support wireless communication directly with other UEs 104 over a communication link.
  • a UE 104 may support wireless communication directly with another UE 104 over a device-to-device (D2D) communication link.
  • D2D device-to-device
  • the communication link may be referred to as a sidelink.
  • a UE 104 may support wireless communication directly with another UE 104 over a PC5 interface.
  • control plane entity may manage non-access stratum (NAS) functions, such as mobility, authentication, and bearer management (e.g., data bearers, signal bearers, etc. ) for the one or more UEs 104 served by the one or more NEs 102 associated with the CN 106.
  • NAS non-access stratum
  • the CN 106 may communicate with a packet data network over one or more backhaul links (e.g., via an S1, N2, N2, or another network interface) .
  • the packet data network may include an application server.
  • one or more UEs 104 may communicate with the application server.
  • a UE 104 may establish a session (e.g., a protocol data unit (PDU) session, or the like) with the CN 106 via an NE 102.
  • the CN 106 may route traffic (e.g., control information, data, and the like) between the UE 104 and the application server using the established session (e.g., the established PDU session) .
  • the PDU session may be an example of a logical connection between the UE 104 and the CN 106 (e.g., one or more network functions of the CN 106) .
  • the NEs 102 and the UEs 104 may support various frame structures (e.g., multiple frame structures) .
  • the NEs 102 and the UEs 104 may support various frame structures based on one or more numerologies.
  • One or more numerologies may be supported in the wireless communications system 100, and a numerology may include a subcarrier spacing and a cyclic prefix.
  • a first subcarrier spacing e.g., 15 kHz
  • a normal cyclic prefix e.g. 15 kHz
  • the first numerology associated with the first subcarrier spacing (e.g., 15 kHz) may utilize one slot per subframe.
  • a time interval of a resource may be organized according to frames (also referred to as radio frames) .
  • Each frame may have a duration, for example, a 10 millisecond (ms) duration.
  • each frame may include multiple subframes.
  • each frame may include 10 subframes, and each subframe may have a duration, for example, a 1 ms duration.
  • each frame may have the same duration.
  • each subframe of a frame may have the same duration.
  • a time interval of a resource may be organized according to slots.
  • a subframe may include a number (e.g., quantity) of slots.
  • the number of slots in each subframe may also depend on the one or more numerologies supported in the wireless communications system 100.
  • Each slot may include a number (e.g., quantity) of symbols (e.g., orthogonal frequency division multiplexing (OFDM) symbols) .
  • the number (e.g., quantity) of slots for a subframe may depend on a numerology.
  • a slot For a normal cyclic prefix, a slot may include 14 symbols.
  • a slot For an extended cyclic prefix (e.g., applicable for 60 kHz subcarrier spacing) , a slot may include 12 symbols.
  • an electromagnetic (EM) spectrum may be split, based on frequency or wavelength, into various classes, frequency bands, frequency channels, etc.
  • the wireless communications system 100 may support one or multiple operating frequency bands, such as frequency range designations FR1 (410 MHz –7.125 GHz) , FR2 (24.25 GHz –52.6 GHz) , FR3 (7.125 GHz –24.25 GHz) , FR4 (52.6 GHz –114.25 GHz) , FR4a or FR4-1 (52.6 GHz –71 GHz) , and FR5 (114.25 GHz –300 GHz) .
  • FR1 410 MHz –7.125 GHz
  • FR2 24.25 GHz –52.6 GHz
  • FR3 7.125 GHz –24.25 GHz
  • FR4 (52.6 GHz –114.25 GHz)
  • FR4a or FR4-1 52.6 GHz –71 GHz
  • FR5 114.25 GHz
  • the NEs 102 and the UEs 104 may perform wireless communications over one or more of the operating frequency bands.
  • FR1 may be used by the NEs 102 and the UEs 104, among other equipment or devices for cellular communications traffic (e.g., control information, data) .
  • FR2 may be used by the NEs 102 and the UEs 104, among other equipment or devices for short-range, high data rate capabilities.
  • FR1 may be associated with one or multiple numerologies (e.g., at least three numerologies) .
  • FR2 may be associated with one or multiple numerologies (e.g., at least 2 numerologies) .
  • Figure 2 illustrates an exemplary key hierarchy generation scheme in a 5G system in accordance with aspects of the present disclosure.
  • Figure 2 is the same as Figure 6.2.1-1 in TS 33.501, and detailed definitions for the elements illustrated in Figure 2 can be found in TS 33.501.
  • the keys related to authentication in the 5G system may include K, CK or IK, wherein CK or IK may be derived from K (referred to as a root key) .
  • K K
  • IK 3rd generation authentication and key agreement
  • the keys CK', IK' are derived from CK, IK as specified in clause 6.1.3.1 in TS 33.501.
  • the key hierarchy may include the following keys: K AUSF , K SEAF , K AMF , K NASint , K NASenc , K N3IWF , K gNB , K RRCint , K RRCenc , K UPint and K UPenc .
  • keys for AUSF in a home public land mobile network may include K AUSF and K SEAF , wherein:
  • K SEAF is an anchor key derived by ME and AUSF from K AUSF .
  • K SEAF is provided by AUSF to the SEAF in a serving network.
  • a key for AMF in the serving network may include K AMF , which is a key derived by ME and SEAF from K SEAF .
  • K AMF is further derived by ME and a source AMF when performing horizontal key derivation.
  • keys for NAS signalling may include K NASint and K NASenc , wherein:
  • K NASint is a key derived by ME and AMF from K AMF , which shall only be used for the protection of NAS signalling with a particular integrity algorithm.
  • K NASenc is a key derived by ME and AMF from K AMF , which shall only be used for the protection of NAS signalling with a particular encryption algorithm.
  • a key for a next generation (NG) RAN may include K gNB (also referred to as K RAN ) , which is a key derived by ME and AMF from K AMF .
  • K gNB is further derived by ME and a source gNB when performing horizontal or vertical key derivation.
  • K gNB is used as K eNB between ME and ng-eNB.
  • keys for user plane (UP) traffic may include K UPenc and K UPint , wherein:
  • K UPenc is a key derived by ME and gNB from K gNB , which shall only be used for the protection of UP traffic between ME and gNB with a particular encryption algorithm.
  • K UPint is a key derived by ME and gNB from K gNB , which shall only be used for the protection of UP traffic between ME and gNB with a particular integrity algorithm.
  • keys for radio resource control (RRC) signalling may include K RRCint and K RRCenc , wherein:
  • K RRCint is a key derived by ME and gNB from K gNB , which shall only be used for the protection of RRC signalling with a particular integrity algorithm.
  • K RRCenc is a key derived by ME and gNB from K gNB , which shall only be used for the protection of RRC signalling with a particular encryption algorithm.
  • intermediate keys may also be derived.
  • the intermediate keys may include NH, which is a key derived by ME and AMF to provide forward security as described in clause A. 10 in TS 33.501.
  • a key for non-3GPP access may include K N3IWF , which is a key derived by ME and AMF from K AMF for the non-3GPP access.
  • K N3IWF is not forwarded between non-3GPP access interworking functions (N3IWFs) .
  • Each of the above keys may be derived by using a generic key derivation function (KDF) as specified in TS 33.220.
  • KDF key derivation function
  • the KDF may generate a key based on the following operations as specified in TS 33.220. It is assumed that n+1 input parameters are used for deriving the key.
  • each input parameter Pi measured in octets may be encoded into a two octet-long string:
  • the number of octets in input parameter Pi is first expressed as a number k in the range of [0, 65535] .
  • Li is then a 16-bit long encoding of the number k, encoded as described in clause B. 2.1 in TS 33.220.
  • String S may be constructed from the n+1 input parameters as follows:
  • FC is used to distinguish between different instances of the algorithm and is either a single octet or consists of two octets of the form FC1
  • FC2 where FC1 0xFF and FC2 is a single octet,
  • P0 ... Pn are the n+1 input parameter encodings
  • L0 ... Ln are the two-octet representations of the length of the corresponding input parameter encodings P0...Pn.
  • the final output i.e., the key
  • the key may be derived based on the string S and an input key (e.g., denoted as KEY) .
  • the derived key may be determined based on the following equation (1) , as specified in TS 33.220:
  • a UE may still connect to the network via a 5G RAN node (or cell) .
  • data aggregation for a UE may be performed at CN and the UE may maintain 5G and 6G dual-access to the CN (hereinafter referred to as 5G and 6G dual-access scenario) .
  • the UE is served by a 5G RAN and a 6G RAN at the same time but separately. That is, there is no access stratum coordination over the Xn-like interface between the 5G RAN and the 6G RAN.
  • one hybrid CN is assumed to serve both the 5G RAN and the 6G RAN at the same time.
  • the 5G RAN and the 6G RAN may both have connection to AMF (s) for the same UE.
  • the user plane data may be aggregated in the CN (e.g., anchor UPF) .
  • some network functions (NFs) in the CN e.g., UDM, AUSF, session management function (SMF) , and UPF
  • NFs network functions
  • UDM network functions
  • AUSF AUSF
  • SMF session management function
  • UPF user plane data
  • UDM network functions
  • AUSF AUSF
  • SMF session management function
  • UPF session management function
  • UPF application function
  • AMF application function
  • the UE may have one universal subscriber identity module (USIM) card, and be registered to the CN only once although the UE may perform multiple access (e.g., registration) procedures with the CN via different RANs.
  • USB universal subscriber identity module
  • the terms “dual-access, " “dual-stack, " and “dual-path” may be used interchangeably.
  • Figure 3A illustrates an exemplary 5G and 6G dual-access scenario in accordance with aspects of the present disclosure.
  • a UE is served by a 5G RAN and a 6G RAN at the same time but separately. That is, there is no access stratum coordination over the Xn-like interface between the 5G RAN and the 6G RAN.
  • One hybrid CN is used to serve both the 5G RAN and 6G RAN at the same time.
  • the hybrid CN may include a UDM, an AUSF, an SMF, and a UPF shared by the 5G RAN and the 6G RAN, a 5G AMF specific for the 5G RAN, and a 6G AMF specific for the 6G RAN.
  • the 5G RAN may connect to the 5G AMF for exchanging control plane data of the UE.
  • the 6G RAN may connect to the 6G AMF for exchanging control plane data of the UE.
  • User plane data of the UE from the 5G RAN and the 6G RAN may be aggregated in the UPF.
  • the SMF may connect to at least the 5G AMF.
  • the SMF may also connect to the 6G AMF (not shown in Figure 3A) .
  • the SMF may also connect to the 6G RAN (not shown in Figure 3A) .
  • Figure 3B illustrates an exemplary hybrid CN in accordance with aspects of the present disclosure.
  • the hybrid CN may include a UDM, an AUSF, an SMF, and a UPF shared by a 5G RAN and a 6G RAN, a 5G AMF specific for the 5G RAN, and a 6G AMF specific for the 6G RAN.
  • the 5G RAN may connect to the 5G AMF for exchanging control plane data of a UE.
  • the 6G RAN may connect to the 6G AMF for exchanging control plane data of a UE.
  • User plane data of the UE from the 5G RAN and the 6G RAN may be aggregated in the UPF.
  • the 5G and 6G dual-access scenario may involve the following issues.
  • the key for the secondary path K SN is determined from the key for the master node K gNB .
  • the operations of 5G RAN and 6G RAN are independent and thus the keys for 5G access and 6G access may be independent.
  • the keys for the 3GPP access path and non-3GPP access path are generated based on the same K AMF with different input values.
  • both accesses are 3GPP accesses, and they may be associated with different AMFs.
  • Another issue in the 5G and 6G dual-access scenario is how to implement secondary path awareness at the RAN node. Even though there is no access stratum coordination between the 5G RAN and the 6G RAN, it is still beneficial for the 5G RAN node or 6G RAN node to be aware if it is configured as a secondary path for a UE to access a CN. In some cases, a UE may use the secondary path only if the primary path has connection problems. In such cases, the RAN node of the secondary path may adopt relaxed radio configurations, e.g., network energy saving (NES) , UE energy saving, or relaxed radio resource management (RRM) measurement. Given this, how to implement secondary path awareness at a RAN node in the 5G and 6G dual-access scenario needs to be solved.
  • NES network energy saving
  • RRM relaxed radio resource management
  • Embodiments of the present disclosure provide solutions for supporting multiple accesses of a UE, which can solve at least one of the aforementioned issues and/or other issue (s) .
  • some embodiments of the present disclosure provide solutions for security key (s) generation in multi-access scenario.
  • Some embodiments of the present disclosure provide solutions for secondary path awareness in multi-access scenario. More details will be described in the following text in combination with the appended drawings.
  • a network node in a core network may perform a first access procedure with a UE for access of the UE to the core network via a first 3GPP network.
  • the network node may perform a first key deriving procedure for deriving first key (s) for access stratum operation in the first 3GPP network based on a root key.
  • the root key may include "K" as illustrated in Figure 2.
  • the derivation of keys is mirrored in both the UE and the network node. Accordingly, during the first access procedure, the UE may also derive the first key (s) for access stratum operation in the first 3GPP network based on the root key.
  • the network node may perform a second access procedure with the UE for access of the UE to the core network via a second 3GPP network.
  • the network node may perform a second key deriving procedure for deriving second key (s) for access stratum operation in the second 3GPP network based on a root key.
  • the UE may have only one USIM card and be registered to the core network only once although two access procedures are performed.
  • the root key for the second 3GPP network is the same as the root key for the first 3GPP network.
  • the second key (s) is independent of the first key (s) .
  • the UE may also derive the second key (s) for access stratum operation in the second 3GPP network based on the root key.
  • the first access procedure or the second access procedure may be a registration procedure
  • an access request sent by the UE to initiate the first access procedure or the second access procedure may be a registration request
  • the core network may be a hybrid core network that may serve the first 3GPP network and the second 3GPP network at the same time.
  • the first 3GPP network and the second 3GPP network may be any two different 3GPP networks.
  • the first 3GPP network may be one of a 5G network and a 6G network
  • the second 3GPP network may be the other of the 5G network and the 6G network.
  • the UE may be served by the first 3GPP network and the second 3GPP network at the same time.
  • the first 3GPP network may be associated with (e.g., include) a first RAN node for serving the UE.
  • the second 3GPP network may be associated with (e.g., include) a second RAN node for serving the UE.
  • Embodiment I and Embodiment II provide solutions for derivation of the first key (s) and the second key (s) , wherein Embodiment I provides solutions for derivation of the first key (s) and the second key (s) in the case that the first 3GPP network and the second 3GPP network are connected to two different AMFs, respectively, and Embodiment II provides solutions for derivation of the first key (s) and the second key (s) in the case that the first 3GPP network and the second 3GPP network are connected to a same AMF.
  • the first 3GPP network is associated with (e.g., connected to) a first AMF and the second 3GPP network is associated with (e.g., connected to) a second AMF different from the first AMF.
  • Embodiment I may further include Embodiment I-1 and Embodiment I-2.
  • the first AMF may be associated with a first SEAF and the second AMF may be associated with a second SEAF different from the first SEAF.
  • the first SEAF may be within the first AMF
  • the second SEAF may be within the second AMF.
  • Figure 4A illustrates an exemplary dual-access scenario for Embodiment I-1.
  • the first 3GPP network (or the first RAN node) is connected to a first AMF associated with a first SEAF
  • the second 3GPP network (or the second RAN node) is connected to a second AMF associated with a second SEAF.
  • Other connections illustrated in Figure 4A are the same as those in Figure 3A.
  • the aforementioned network node in the core network that performs both the first key deriving procedure for deriving the first key (s) and the second key deriving procedure for deriving the second key (s) may be the AUSF.
  • the first key (s) may include a first SEAF key (e.g., denoted as K SEAF1 ) for the first SEAF.
  • K SEAF1 may be derived by the AUSF and the UE based on an AUSF key (e.g., denoted as K AUSF ) and a first access type indicator associated with the first 3GPP network.
  • K AUSF may be derived based on the root key.
  • K AUSF may be derived based on the schemes as described with respect to Figure 2.
  • the first SEAF and the UE may derive a first AMF key (e.g., denoted as K AMF1 ) associated with the first 3GPP network, e.g., according to the schemes as described with respect to Figure 2.
  • K AMF1 the first AMF and the UE may derive a first RAN key (e.g., denoted as K RAN1 ) and a first NH parameter (denoted as NH1) associated with the first 3GPP network, e.g., based on the schemes as described with respect to Figure 2.
  • the derived K RAN1 and NH1 may be used to determine keys for access stratum operation in the first 3GPP network, e.g., keys for encryption/decryption and integration protection/integration checking for UP and control plane (CP) data transmission between the first RAN node and the UE (such as K RRCint , K RRCenc , K UPint and K UPenc ) .
  • keys for access stratum operation in the first 3GPP network e.g., keys for encryption/decryption and integration protection/integration checking for UP and control plane (CP) data transmission between the first RAN node and the UE (such as K RRCint , K RRCenc , K UPint and K UPenc ) .
  • CP UP and control plane
  • the second key (s) may include a second SEAF key (e.g., denoted as K SEAF2 ) for the second SEAF.
  • K SEAF2 may be derived by the AUSF and the UE based on K AUSF (i.e., the same AUSF key as that used for deriving K SEAF1 ) and a second access type indicator associated with the second 3GPP network.
  • the second SEAF and the UE may derive a second AMF key (e.g., denoted as K AMF2 ) associated with the second 3GPP network, e.g., according to the schemes as described with respect to Figure 2.
  • K AMF2 the second AMF and the UE may derive a second RAN key (e.g., denoted as K RAN2 ) and a second NH parameter (denoted as NH2) associated with the second 3GPP network, e.g., based on the schemes as described with respect to Figure 2.
  • the derived K RAN2 and NH2 may be used to determine keys for access stratum operation in the second 3GPP network, e.g., for encryption/decryption and integration protection/integration checking for UP and CP data transmission between the second RAN node and the UE (such as K RRCint , K RRCenc , K UPint and K UPenc ) .
  • an SEAF key e.g., K SEAF1 or K SEAF2
  • the following parameters may be used to form a string S to be input to a KDF (e.g., the KDF as specified in TS 33.220) :
  • the following Table 1 illustrates exemplary access type indicators.
  • the access type indicators for the first 3GPP network and the second 3GPP network may be 0x01 and 0x02, respectively.
  • the SEAF key may be derived based on the string S and K AUSF according to the KDF, e.g., according to aforementioned equation (1) in which KEY is K AUSF .
  • K SEAF1 HMAC-SHA-256 (K AUSF , S) .
  • the first AMF and the second AMF may be associated with a same SEAF.
  • the SEAF may be a standalone network function in the core network.
  • Figure 4B illustrates an exemplary dual-access scenario for Embodiment I-2.
  • Figure 4B is different from Figure 4A in that both the first AMF and the second AMF connect to a same SEAF, which may connect to an UDM or an AUSF. Other connections illustrated in Figure 4B are the same as those in Figure 4A.
  • the AUSF and the UE may derive only one SEAF key (e.g., denoted as K SEAF ) for the SEAF.
  • K SEAF may be derived based on the root key.
  • K AUSF may be derived based on the root key (e.g., the key "K” in Figure 2)
  • K SEAF may be derived based on K AUSF .
  • the aforementioned network node in the core network that performs both the first key deriving procedure for deriving the first key (s) and the second key deriving procedure for deriving the second key (s) may be the SEAF.
  • the first key (s) may include a first AMF key (e.g., denoted as K AMF1 ) for the first AMF.
  • K AMF1 may be derived by the SEAF and the UE based on K SEAF and a first access type indicator associated with the first 3GPP network.
  • the first AMF and the UE may derive a first RAN key (e.g., denoted as K RAN1 ) and a first NH parameter (denoted as NH1) associated with the first 3GPP network, e.g., based on the schemes as described with respect to Figure 2.
  • the derived K RAN1 and NH1 may be used to determine keys for access stratum operation in the first 3GPP network, e.g., keys for encryption/decryption and integration protection/integration checking for UP and CP data transmission between the first RAN node and the UE (such as K RRCint , K RRCenc , K UPint and K UPenc ) .
  • the second key (s) may include a second AMF key (e.g., denoted as K AMF2 ) for the second AMF.
  • K AMF2 may be derived by the SEAF and the UE based on K SEAF (i.e., the same SEAF key as that used for deriving K AMF1 ) and a second access type indicator associated with the second 3GPP network.
  • the second AMF and the UE may derive a second RAN key (e.g., denoted as K RAN2 ) and a second NH parameter (denoted as NH2) associated with the second 3GPP network, e.g., based on the schemes as described with respect to Figure 2.
  • K RAN2 a second RAN key
  • NH2 a second NH parameter
  • the derived K RAN2 and NH2 may be used to determine keys for access stratum operation in the second 3GPP network, e.g., for encryption/decryption and integration protection/integration checking for UP and CP data transmission between the second RAN node and the UE (such as K RRCint , K RRCenc , K UPint and K UPenc ) .
  • an AMF key e.g., K AMF1 or K AMF2
  • the following parameters may be used to form a string S to be input to a KDF (e.g., the KDF as specified in TS 33.220) :
  • IMSI international mobile subscriber identity
  • NAI international mobile subscriber identity
  • GCI global cable identifier
  • GCI global line identifier
  • the access type indicators for the first 3GPP network and the second 3GPP network may be 0x01 and 0x02, respectively
  • the AMF key may be derived based on the string S and K SEAF according to the KDF, e.g., according to aforementioned equation (1) in which KEY is K SEAF .
  • K AMF1 HMAC-SHA-256 (K SEAF , S) .
  • the first 3GPP network and the second 3GPP network are both associated with (e.g., connected to) a same AMF.
  • the AMF may be an enhanced AMF (eAMF) .
  • the AMF may connect to 5G RAN via a next generation application protocol (NG-AP) interface and connect to 6G RAN via a service based interface (SBI) .
  • NG-AP next generation application protocol
  • SBI service based interface
  • Figure 5 illustrates an exemplary dual-access scenario for Embodiment II.
  • the first 3GPP network (or the first RAN node) and the second 3GPP network (or the second RAN node) is connected to an eAMF.
  • the eAMF may be further connected to UDM/AUSF and SMF.
  • the user plane data of the UE from the first 3GPP network and the second 3GPP network may be aggregated in UPF.
  • the SEAF associated with the AMF and the UE may derive only one AMF key (e.g., denoted as K AMF ) for the AMF.
  • K AMF may be derived based on the root key.
  • K AUSF may be derived based on the root key (e.g., the key "K” in Figure 2)
  • K SEAF may be derived based on K AUSF
  • K AMF may be derived based on K SEAF .
  • the aforementioned network node in the core network that performs both the first key deriving procedure for deriving the first key (s) and the second key deriving procedure for deriving the second key (s) may be the AMF.
  • Embodiment II may further include Embodiment II-1, Embodiment II-2, Embodiment II-3, and Embodiment II-4.
  • the first key (s) may include a first RAN key (denoted as K RAN1 ) for the first RAN node.
  • K RAN1 may be derived by the AMF and the UE based on K AMF and a first access type indicator associated with the first 3GPP network.
  • the second key (s) may include a second RAN key (denoted as K RAN2 ) for the second RAN node.
  • K RAN2 may be derived by the AMF and the UE based on K AMF (i.e., the same AMF key as that used for deriving K RAN1 ) and a second access type indicator associated with the second 3GPP network.
  • an RAN key e.g., K RAN1 or K RAN2
  • the following parameters may be used to form a string S to be input to a KDF (e.g., the KDF as specified in TS 33.220) :
  • the following Table 2 illustrates exemplary access type indicators.
  • the access type indicators for the first 3GPP network, non-3GPP network, and the second 3GPP network may be 0x01, 0x02, and 0x03, respectively.
  • the RAN key may be derived based on the string S and K AMF according to the KDF, e.g., according to aforementioned equation (1) in which KEY is K AMF .
  • K RAN1 HMAC-SHA-256 (K AMF , S) .
  • the first key (s) may include a first NH parameter (denoted as NH1) for the first RAN node.
  • NH1 may be derived by the AMF and the UE based on K AMF and a first access type indicator associated with the first 3GPP network.
  • the second key (s) may include a second NH parameter (denoted as NH2) for the second RAN node.
  • NH2 may be derived by the AMF and the UE based on K AMF (i.e., the same AMF key as that used for deriving NH1) and a second access type indicator associated with the second 3GPP network.
  • an NH parameter e.g., NH1 or NH2
  • the following parameters may be used to form a string S to be input to a KDF (e.g., the KDF as specified in TS 33.220) :
  • the access type indicators for the first 3GPP network and the second 3GPP network may be 0x01 and 0x02, respectively.
  • the NH parameter may be derived based on the string S and K AMF according to the KDF, e.g., according to aforementioned equation (1) in which KEY is K AMF .
  • FC 0x6F
  • P0 SYNC-input
  • L0 length of SYNC-input
  • P1 0x01
  • L1 0x00 0x01
  • NH1 HMAC-SHA-256 (K AMF , S) .
  • the first key (s) may include a first RAN key (denoted as K RAN1 ) for the first RAN node
  • the second key (s) may include a second RAN key (denoted as K RAN2 ) for the second RAN node.
  • the AMF may derive a common RAN key (denoted as K RAN* ) based on K AMF .
  • K RAN* may be derived based on K AMF according to the schemes as described with respect to Figure 2.
  • K RAN * and additional input values e.g., counter values
  • K RAN1 and K RAN2 may be derived.
  • the additional input values may be generated or determined by the AMF.
  • K RAN1 and K RAN2 may be derived by the AMF.
  • the first key deriving procedure performed by the AMF may include deriving K RAN1 based on K RAN * and a first counter value associated with the first 3GPP network.
  • the second key deriving procedure performed by the AMF may include deriving K RAN2 based on K RAN* and a second counter value associated with the second 3GPP network.
  • K RAN1 may be derived by the first RAN node and K RAN2 may be derived by the second RAN node.
  • the first key deriving procedure performed by the AMF may include transmitting K RAN * and the first counter value associated with the first 3GPP network to the first RAN node.
  • the first RAN node may derive K RAN1 based on K RAN* and the first counter value.
  • the second key deriving procedure performed by the AMF may include transmitting K RAN* and the second counter value associated with the second 3GPP network to the second RAN node.
  • the second RAN node may derive K RAN2 based on K RAN * and the second counter value.
  • the UE may also derive K RAN * based on K AMF , as the AMF does. Then, the UE may derive K RAN1 based on K RAN * and the first counter value associated with the first 3GPP network, and derive K RAN2 based on K RAN* and the second counter value associated with the second 3GPP network.
  • the first counter value and the second counter value may be generated or determined by the UE, which has the same values as those generated or determined by the AMF.
  • an RAN key e.g., K RAN1 or K RAN2
  • the following parameters may be used to form a string S to be input to a KDF (e.g., the KDF as specified in TS 33.220) :
  • - P0 a counter value as a non-negative integer
  • the RAN key may be derived based on the string S and K RAN *according to the KDF, e.g., according to aforementioned equation (1) in which KEY is K RAN * .
  • the first key (s) may include a first NH parameter (denoted as NH1) for the first RAN node
  • the second key (s) may include a second NH parameter (denoted as NH2) for the second RAN node.
  • the AMF may derive a common NH parameter (denoted as NH*) based on K AMF .
  • NH* may be derived based on K AMF according to the schemes as described with respect to Figure 2.
  • additional input values e.g., counter values
  • NH1 and NH2 may be derived.
  • the additional input values may be generated or determined by the AMF.
  • NH1 and NH2 may be derived by the AMF.
  • the first key deriving procedure performed by the AMF may include deriving NH1 based on NH*and a first counter value associated with the first 3GPP network.
  • the second key deriving procedure performed by the AMF may include deriving NH2 based on NH*and a second counter value associated with the second 3GPP network.
  • NH1 may be derived by the first RAN node and NH2 may be derived by the second RAN node.
  • the first key deriving procedure performed by the AMF may include transmitting NH*and the first counter value associated with the first 3GPP networto the first RAN node.
  • the first RAN node may derive NH1 based on NH*and the first counter value.
  • the second key deriving procedure performed by the AMF may include transmitting NH*and the second counter value associated with the second 3GPP network to the second RAN node.
  • the second RAN node may derive NH2 based on NH*and the second counter value.
  • the UE may also derive NH*based on K AMF , as the AMF does. Then, the UE may derive NH1 based on NH*and the first counter value associated with the first 3GPP network, and derive NH2 based on NH*and the second counter value associated with the second 3GPP network.
  • the first counter value and the second counter value may be generated or determined by the UE, which has the same values as those generated or determined by the AMF.
  • Embodiment II-1 and Embodiment II-2 may be implemented independently or in combination.
  • Embodiment II-3 and Embodiment II-4 may be implemented independently or in combination.
  • the derived K RAN1 and NH1 in Embodiment II may be used to determine keys for access stratum operation in the first 3GPP network, e.g., for encryption/decryption and integration protection/integration checking for UP and CP data transmission between the first RAN node and the UE (such as K RRCint , K RRCenc , K UPint and K UPenc ) .
  • the derived K RAN2 and NH2 in Embodiment II may be used to determine keys for access stratum operation in the second 3GPP network, e.g., for encryption/decryption and integration protection/integration checking for UP and CP data transmission between the second RAN node and the UE (such as K RRCint , K RRCenc , K UPint and K UPenc ) .
  • the first RAN node associated with the first 3GPP network or the second RAN node associated with the second 3GPP network may be informed by the associated AMF with information related to whether it serves the UE or a protocol data unit (PDU) session (e.g., multi-access PDU Session) of the UE as the primary or secondary stack/access/path. If the RAN node is the secondary stack/access/path, then the RAN node may serve the UE with relaxed radio configurations.
  • PDU protocol data unit
  • a RAN node being or serving as a primary (or a secondary) stack, access, or path may mean that a 3GPP network associated with the RAN node is a primary (or a secondary) stack, access, or path, and also means that an access via the 3GPP network to the core network is a primary (or a secondary) access.
  • the AMF may determine whether the first 3GPP network is a primary path or a secondary path for the UE to access the core network based on at least one of:
  • the first 3GPP network is determined as the primary path; if the first access procedure is performed after the second access procedure, then the first 3GPP network is determined as the secondary path;
  • this condition also means that if the UE transmits an access request via the first 3GPP network and the UE has not been registered to the core network before, then the first 3GPP network is considered as a primary path, and if the UE transmits an access request via the first 3GPP network and the UE has been registered to the core network before, then the first 3GPP network is considered as a secondary path;
  • the indication may indicate whether the first 3GPP network is a primary path or a secondary path;
  • an indication provided by the PCF or a peer AMF (e.g., an AMF associated with the second 3GPP network) ;
  • the indication may indicate whether the first 3GPP network is a primary path or a secondary path;
  • the AMF may transmit, to the first RAN node associated with the first 3GPP network, information indicating that the first 3GPP network is the primary path or the secondary path.
  • the information may include at least one of:
  • the content of a traffic steering rule between the primary or secondary may be as follows:
  • the traffic steering rule means: steering UDP traffic with destination IP address 1.2.3.4 to the active access (6G) , if available; if the active access is not available, using the standby access (5G) .
  • the 6G RAN is considered as the primary path while the 5G RAN is considered as the secondary path, which will be used only if the primary path does not work.
  • the 5G RAN may adopt relaxed radio configurations, e.g., configuring the UE with relaxed RRM measurement, or serving the UE with a cell of NES mode, etc.
  • the schemes for determining whether the first 3GPP network is a primary path or a secondary path may also apply for determining whether the second 3GPP network is a primary path or a secondary path. Thus, details are omitted for simplicity.
  • the AMF may also transmit, to the second RAN node associated with the second 3GPP network, information indicating that the second 3GPP network is a primary path or a secondary path.
  • the information may include at least one of:
  • Figure 6 illustrates yet another exemplary dual-access scenario in accordance with aspects of the present disclosure.
  • the connections illustrated in Figure 6 are the same as those in Figure 4B.
  • the second 3GPP network e.g., 6G RAN
  • the first 3GPP network e.g., 5G RAN
  • the first AMF may transmit an indication indicating that the first 3GPP network is a secondary path to the first 3GPP network such that it may adopt relaxed radio configurations.
  • any of the aforementioned methods for determining or indicating the primary path or the secondary path may be implemented separately from or in combination with any the aforementioned methods for generating security key (s) for different accesses.
  • UDM in the present disclosure may be changed to another terminology which supports at least one of the following functionalities:
  • User identification handling e.g., storage and management of subscription permanent identifier (SUPI) for each subscriber in the 5G system
  • SUPI subscription permanent identifier
  • UE's serving NF registration management e.g., storing serving AMF for UE, storing serving SMF for UE's PDU session
  • serving NF registration management e.g., storing serving AMF for UE, storing serving SMF for UE's PDU session
  • MT-SMS Mobile terminated short message service
  • SMS Short message service
  • VN 5G-virtual network
  • AUSF may be changed to another terminology which supports at least one of the following functionalities:
  • AMF may be changed to another terminology which supports at least one of the following functionalities:
  • Packet routing &forwarding e.g. support of uplink classifier to route traffic flows to an instance of a data network, support of branching point to support multi-homed PDU session, support of traffic forwarding within a 5G VN group (UPF local switching, via N6, via N19) ) ;
  • radio bearer control radio admission control
  • connection mobility control dynamic allocation of resources to UEs in both uplink and downlink (scheduling) ;
  • Figure 7 illustrates a flowchart of an exemplary method for establishing 5G and 6G dual-access in accordance with aspects of the present disclosure.
  • a UE may perform a first access procedure for access of the UE to a CN via a first 3GPP network, wherein the first 3GPP network may be a 6G RAN including a 6G RAN node (not shown in Figure 7) .
  • the UE may further perform a second access procedure for access of the UE to the CN via a second 3GPP network, wherein the second 3GPP network may be a 5G RAN including a 5G RAN node (not shown in Figure 7) .
  • the first or second access procedure may be a registration procedure.
  • the 6G RAN may be connected to a 6G AMF associated with a SEAF
  • the 5G RAN may be connected to a 5G AMF associated with a SEAF
  • the UE may initiate a first registration procedure to register to CN via the 6G RAN by sending a registration request message (which is a NAS message) to the 6G AMF.
  • a registration request message (which is a NAS message)
  • the 6G AMF may send an authentication request (e.g., Nausf_UEAuthentication_Authenticate Request message as specified in TS 33.501) to an AUSF, wherein the authentication request may include a subscriber identity (e.g., SUCI or SUPI) and a service network name (SN-name) .
  • an authentication request e.g., Nausf_UEAuthentication_Authenticate Request message as specified in TS 33.501
  • the authentication request may include a subscriber identity (e.g., SUCI or SUPI) and a service network name (SN-name) .
  • the AUSF may transmit, to a UDM, an authentication data request (e.g., Nudm_UEAuthentication_Get Request as specified in TS 33.501) message to request authentication data from the UDM using the subscriber identity and service network name.
  • the authentication data request message may include the subscriber identity and the service network name.
  • the UDM may generate authentication vector (AV) .
  • the UDM may transmit, to the AUSF, an authentication data response (e.g., Nudm_UEAuthentication_Get Response as specified in TS 33.501) .
  • the authentication data response may include the AV, SUPI (if available) , an authentication and key management for applications (AKMA) indication, and a routing indicator.
  • the AUSF may store XRES*value and calculate HXRES*as specified in TS 33.501.
  • the AUSF may derive K SEAF1 for the SEAF associated with the 6G AMF.
  • the AUSF may transmit an authentication response (e.g., Nausf_UEAuthentication_UEAuthentication Response as specified in TS 33.501) message to the 6G AMF.
  • the authentication response message may include serving environment authentication vector (SE AV) as specified in TS 33.501.
  • the 6G AMF (or the SEAF associated with the 6G AMF) may send, to the UE, an authentication request message which at least includes a random number RAND and AUthentication TokeN (AUTN) as specified in TS 33.501.
  • AUTN AUthentication TokeN
  • the UE may calculate its own RES*value based on the received authentication parameters in the authentication request message. Then, in step 710, the UE may send an authentication response message including its calculated RES*value back to the 6G AMF (or the SEAF associated with the 6G AMF) .
  • the 6G AMF may calculates HRES*value and compares it to the previously stored HXRES*value. If they coincide, the 6G AMF (or the SEAF associated with the 6G AMF) may consider the authentication successful from the serving network point of view. Then, in step 712, the 6G AMF (or the SEAF associated with the 6G AMF) may send another authentication request to the AUSF, which includes the RES*value received from the UE.
  • the AUSF may verify RES*value. Then, in step 714, the AUSF may transmit, to the 6G AMF (or the SEAF associated with the 6G AMF) , an authentication response message, which includes the verification result, SUPI (if available) , and the shared security key (K SEAF1 ) .
  • the 6G AMF may derive K RAN1 and NH1 for the 6G RAN, e.g., based on the schemes described in Embodiment I.
  • the 6G AMF may send K RAN1 and NH1 to the 6G RAN (or 6G RAN node) via a UE context setup message.
  • the 6G AMF may send a registration accept message to the UE, which implies that the first registration procedure is fulfilled.
  • the UE may perform random access and connect to the 5G RAN.
  • the UE may initiate a second registration procedure to register to CN via the 5G RAN by sending a registration request message (which is an NAS message) to the 5G AMF.
  • the registration request message may include an indication indicating that the 5G RAN is the secondary path.
  • step 719 for registering the UE to the CN may include steps similar to steps 702 to 714. Thus, details are omitted for simplicity. The difference is that the AUSF may derive K SEAF2 for the SEAF associated with the 5G AMF and transmit K SEAF2 to the 5G AMF (or the SEAF associated with the 5G AMF) .
  • the 5G AMF may derive K RAN2 and NH2 for the 5G RAN, e.g., based on the schemes described in Embodiment I.
  • the 5G AMF may send K RAN1 and NH1 to the 5G RAN (or 5G RAN node) via a UE context setup message.
  • the UE context setup message may further include an indication indicating that the 5G RAN is served as a secondary path. As such, the 5G RAN may serve the UE with relaxed radio configurations.
  • the 5G AMF may send a registration accept message to the UE, which implies that the second registration procedure is fulfilled.
  • Figure 8 illustrates a flowchart of an exemplary method in accordance with aspects of the present disclosure.
  • the operations of the method illustrated in Figure 8 may be performed by a network node in a core network as described herein or other apparatus with the like functions.
  • the network node may execute a set of instructions to control functional elements of the network node to perform the described operations or functions.
  • the method may include steps 802-808.
  • the network node may perform a first access procedure with a UE for access of the UE to the core network via a first 3GPP network.
  • the network node may perform a first key deriving procedure for deriving first key (s) for access stratum operation in the first 3GPP network based on a root key.
  • the network node may perform a second access procedure with the UE for access of the UE to the core network via a second 3GPP network.
  • the network node may perform a second key deriving procedure for deriving second key (s) for access stratum operation in the second 3GPP network based on the root key.
  • the second key (s) is independent of the first key (s) .
  • the network node may be an AUSF
  • the first key (s) may include a first SEAF key for a first SEAF associated with the first 3GPP network
  • the second key (s) may include a second SEAF key for a second SEAF associated with the second 3GPP network.
  • the first key deriving procedure may include deriving the first SEAF key based on an AUSF key and a first access type indicator associated with the first 3GPP network, wherein the AUSF key is based on the root key
  • the second key deriving procedure may include deriving the second SEAF key based on the AUSF key and a second access type indicator associated with the second 3GPP network.
  • the network node may be an SEAF
  • the first key (s) may include a first AMF key for a first AMF associated with the first 3GPP network
  • the second key (s) may include a second AMF key for a second AMF associated with the second 3GPP network
  • the first key deriving procedure may include deriving the first AMF key based on an SEAF key and a first access type indicator associated with the first 3GPP network, wherein the SEAF key is based on the root key
  • the second key deriving procedure may include deriving the second AMF key based on the SEAF key and a second access type indicator associated with the second 3GPP network.
  • the network node may be an AMF
  • the first key (s) may include a first RAN key for a first RAN node associated with the first 3GPP network
  • the second key (s) may include a second RAN key for a second RAN node associated with the second 3GPP network.
  • the first key deriving procedure may include deriving the first RAN key based on an AMF key and a first access type indicator associated with the first 3GPP network, wherein the AMF key is based on the root key
  • the second key deriving procedure may include deriving the second RAN key based on the AMF key and a second access type indicator associated with the second 3GPP network.
  • the network node may be an AMF
  • the first key (s) may include a first NH parameter for a first RAN node associated with the first 3GPP network
  • the second key (s) may include a second NH parameter for a second RAN node associated with the second 3GPP network.
  • the the first key deriving procedure may include deriving the first NH parameter based on an AMF key and a first access type indicator associated with the first 3GPP network, wherein the the AMF key is based on the root key
  • the second key deriving procedure may include deriving the second NH parameter based on the AMF key and a second access type indicator associated with the second 3GPP network.
  • the network node may be an AMF
  • the first key (s) may include a first RAN key for a first RAN node associated with the first 3GPP network
  • the second key (s) may include a second RAN key for a second RAN node associated with the second 3GPP network.
  • the network node may derive a common RAN key based on an AMF key which is based on the root key; the first key deriving procedure may include deriving the first RAN key based on the common RAN key and a first counter value associated with the first 3GPP network; and the second key deriving procedure may include deriving the second RAN key based on the common RAN key and a second counter value associated with the second 3GPP network.
  • the network node may be an AMF
  • the first key (s) may include a first NH parameter for a first RAN node associated with the first 3GPP network
  • the second key (s) may include a second NH parameter for a second RAN node associated with the second 3GPP network.
  • the network node may derive a common NH parameter based on an AMF key which is based on the root key; the first key deriving procedure may include deriving the first NH parameter based on the common NH parameter and a first counter value associated with the first 3GPP network; and the second key deriving procedure may include deriving the second NH parameter based on the common NH parameter and a second counter value associated with the second 3GPP network.
  • the network node may derive a common RAN key based on an AMF key which is based on the root key;
  • the first key deriving procedure may include transmitting the common RAN key and a first counter value associated with the first 3GPP network to a first RAN node associated with the first 3GPP network for the first RAN node to derive the first RAN key;
  • the second key deriving procedure may include transmitting the common RAN key and a second counter value associated with the second 3GPP network to a second RAN node associated with the second 3GPP network for the second RAN node to derive the second RAN key.
  • the network node may derive a common NH parameter based on an AMF key which is based on the root key;
  • the first key deriving procedure comprises transmitting the common NH parameter and a first counter value associated with the first 3GPP network to a first RAN node associated with the first 3GPP network for the first RAN node to derive the first NH parameter;
  • the second key deriving procedure comprises transmitting the common NH parameter and a second counter value associated with the second 3GPP network to a second RAN node associated with the second 3GPP network for the second RAN node to derive the second NH parameter.
  • the network node may be an AMF, and the network node may: transmit, to a RAN node associated with the first 3GPP network, information indicating that the first 3GPP network is a primary path or a secondary path for the UE to access the core network, wherein the information includes at least one of: an indicator indicating that the first 3GPP network is the primary path or the secondary path; or information related to a traffic steering rule between the primary path and the secondary path.
  • the UE may perform a first access procedure for access to a core network via a first 3GPP network.
  • FIG. 10 illustrates an example of a network node 1000 in a core network in accordance with aspects of the present disclosure.
  • the network node 1000 may include at least one processor 1002 and at least one memory 1004. Additionally, the network node 1000 may also include one or more of at least one controller 1006 or at least one transceiver 1008.
  • the processor 1002, the memory 1004, the controller 1006, or the transceiver 1008, or various combinations thereof or various components thereof may be examples of means for performing various aspects of the present disclosure as described herein. These components may be coupled (e.g., operatively, communicatively, functionally, electronically, electrically) via one or more interfaces.
  • the processor 1002, the memory 1004, the controller 1006, or the transceiver 1008, or various combinations or components thereof may be implemented in hardware (e.g., circuitry) .
  • the hardware may include a processor, a digital signal processor (DSP) , an application-specific integrated circuit (ASIC) , or other programmable logic device, or any combination thereof configured as or otherwise supporting a means for performing the functions described in the present disclosure.
  • DSP digital signal processor
  • ASIC application-specific integrated circuit
  • the processor 1002 may include an intelligent hardware device (e.g., a general-purpose processor, a DSP, a CPU, an ASIC, an FPGA, or any combination thereof) .
  • the processor 1002 may be configured to operate the memory 1004.
  • the memory 1004 may be integrated into the processor 1002.
  • the processor 1002 may be configured to execute computer-readable instructions stored in the memory 1004 to cause the network node 1000 to perform various functions of the present disclosure.
  • the memory 1004 may include volatile or non-volatile memory.
  • the memory 1004 may store computer-readable, computer-executable code including instructions when executed by the processor 1002 cause the network node 1000 to perform various functions described herein.
  • the code may be stored in a non-transitory computer-readable medium such as the memory 1004 or another type of memory.
  • Computer-readable media includes both non-transitory computer storage media and communication media including any medium that facilitates transfer of a computer program from one place to another.
  • a non-transitory storage medium may be any available medium that may be accessed by a general-purpose or special-purpose computer.
  • the processor 1002 and the memory 1004 coupled with the processor 1002 may be configured to cause the network node 1000 to perform one or more of the functions described herein (e.g., executing, by the processor 1002, instructions stored in the memory 1004) .
  • the processor 1002 may support wireless communication at the network node 1000 in accordance with examples as disclosed herein.
  • the network node 1000 may be configured to support a means for performing the operations of the methods described in the embodiments of the present disclosure.
  • the processor 1002 may be configured to cause the network node 1000 to: perform a first access procedure with a UE for access of the UE to the core network via a first 3GPP network; perform a first key deriving procedure for deriving first key (s) for access stratum operation in the first 3GPP network based on a root key; perform a second access procedure with the UE for access of the UE to the core network via a second 3GPP network; and perform a second key deriving procedure for deriving second key (s) for access stratum operation in the second 3GPP network based on the root key, wherein the second key (s) is independent of the first key (s) .
  • the controller 1006 may manage input and output signals for the network node 1000.
  • the controller 1006 may also manage peripherals not integrated into the network node 1000.
  • the controller 1006 may utilize an operating system such as or other operating systems.
  • the controller 1006 may be implemented as part of the processor 1002.
  • the network node 1000 may include at least one transceiver 1008. In some other implementations, the network node 1000 may have more than one transceiver 1008.
  • the transceiver 1008 may represent a wireless transceiver.
  • the transceiver 1008 may include one or more receiver chains 1010, one or more transmitter chains 1012, or a combination thereof.
  • a receiver chain 1010 may be configured to receive signals (e.g., control information, data, packets) over a wireless medium.
  • the receiver chain 1010 may include one or more antennas for receive the signal over the air or wireless medium.
  • the receiver chain 1010 may include at least one amplifier (e.g., a low-noise amplifier (LNA) ) configured to amplify the received signal.
  • the receiver chain 1010 may include at least one demodulator configured to demodulate the receive signal and obtain the transmitted data by reversing the modulation technique applied during transmission of the signal.
  • the receiver chain 1010 may include at least one decoder for decoding the demodulated signal to receive the transmitted data.
  • a transmitter chain 1012 may be configured to generate and transmit signals (e.g., control information, data, packets) .
  • the transmitter chain 1012 may include at least one modulator for modulating data onto a carrier signal, preparing the signal for transmission over a wireless medium.
  • the at least one modulator may be configured to support one or more techniques such as amplitude modulation (AM) , frequency modulation (FM) , or digital modulation schemes like phase-shift keying (PSK) or quadrature amplitude modulation (QAM) .
  • the transmitter chain 1012 may also include at least one power amplifier configured to amplify the modulated signal to an appropriate power level suitable for transmission over the wireless medium.
  • the transmitter chain 1012 may also include one or more antennas for transmitting the amplified signal into the air or wireless medium.
  • FIG 11 illustrates an example of a UE 1100 in accordance with aspects of the present disclosure.
  • the UE 1100 may include at least one processor 1102 and at least one memory 1104. Additionally, the UE 1100 may also include one or more of at least one controller 1106 or at least one transceiver 1108.
  • the processor 1102, the memory 1104, the controller 1106, or the transceiver 1108, or various combinations thereof or various components thereof may be examples of means for performing various aspects of the present disclosure as described herein. These components may be coupled (e.g., operatively, communicatively, functionally, electronically, electrically) via one or more interfaces.
  • the processor 1102, the memory 1104, the controller 1106, or the transceiver 1108, or various combinations or components thereof may be implemented in hardware (e.g., circuitry) .
  • the hardware may include a processor, a digital signal processor (DSP) , an application-specific integrated circuit (ASIC) , or other programmable logic device, or any combination thereof configured as or otherwise supporting a means for performing the functions described in the present disclosure.
  • DSP digital signal processor
  • ASIC application-specific integrated circuit
  • the processor 1102 may include an intelligent hardware device (e.g., a general-purpose processor, a DSP, a CPU, an ASIC, an FPGA, or any combination thereof) .
  • the processor 1102 may be configured to operate the memory 1104.
  • the memory 1104 may be integrated into the processor 1102.
  • the processor 1102 may be configured to execute computer-readable instructions stored in the memory 1104 to cause the UE 1100 to perform various functions of the present disclosure.
  • the memory 1104 may include volatile or non-volatile memory.
  • the memory 1104 may store computer-readable, computer-executable code including instructions when executed by the processor 1102 cause the UE 1100 to perform various functions described herein.
  • the code may be stored in a non-transitory computer-readable medium such as the memory 1104 or another type of memory.
  • Computer-readable media includes both non-transitory computer storage media and communication media including any medium that facilitates transfer of a computer program from one place to another.
  • a non-transitory storage medium may be any available medium that may be accessed by a general-purpose or special-purpose computer.
  • the processor 1102 and the memory 1104 coupled with the processor 1102 may be configured to cause the UE 1100 to perform one or more of the functions described herein (e.g., executing, by the processor 1002, instructions stored in the memory 1104) .
  • the processor 1102 may support wireless communication at the UE 1100 in accordance with examples as disclosed herein.
  • the UE 1100 may be configured to support a means for performing the operations of the methods described in the embodiments of the present disclosure.
  • the processor 1102 may be configured to cause the UE 1100 to: perform a first access procedure for access to a core network via a first 3GPP network; derive first key (s) for access stratum operation in the first 3GPP network based on a root key; perform a second access procedure for access to the core network via a second 3GPP network; and derive second key (s) for access stratum operation in the second 3GPP network based on the root key, wherein the second key (s) is independent of the first key (s) .
  • the controller 1106 may manage input and output signals for the UE 1100.
  • the controller 1106 may also manage peripherals not integrated into the UE 1100.
  • the controller 1106 may utilize an operating system such as or other operating systems.
  • the controller 1106 may be implemented as part of the processor 1102.
  • the UE 1100 may include at least one transceiver 1108. In some other implementations, the UE 1100 may have more than one transceiver 1108.
  • the transceiver 1108 may represent a wireless transceiver.
  • the transceiver 1108 may include one or more receiver chains 1110, one or more transmitter chains 1112, or a combination thereof.
  • a receiver chain 1110 may be configured to receive signals (e.g., control information, data, packets) over a wireless medium.
  • the receiver chain 1110 may include one or more antennas for receive the signal over the air or wireless medium.
  • the receiver chain 1110 may include at least one amplifier (e.g., a low-noise amplifier (LNA) ) configured to amplify the received signal.
  • the receiver chain 1110 may include at least one demodulator configured to demodulate the receive signal and obtain the transmitted data by reversing the modulation technique applied during transmission of the signal.
  • the receiver chain 1110 may include at least one decoder for decoding the demodulated signal to receive the transmitted data.
  • a transmitter chain 1112 may be configured to generate and transmit signals (e.g., control information, data, packets) .
  • the transmitter chain 1112 may include at least one modulator for modulating data onto a carrier signal, preparing the signal for transmission over a wireless medium.
  • the at least one modulator may be configured to support one or more techniques such as amplitude modulation (AM) , frequency modulation (FM) , or digital modulation schemes like phase-shift keying (PSK) or quadrature amplitude modulation (QAM) .
  • the transmitter chain1112 may also include at least one power amplifier configured to amplify the modulated signal to an appropriate power level suitable for transmission over the wireless medium.
  • the transmitter chain 1112 may also include one or more antennas for transmitting the amplified signal into the air or wireless medium.
  • FIG. 12 illustrates an example of a processor 1200 in accordance with aspects of the present disclosure.
  • the processor 1200 may be an example of a processor configured to perform various operations in accordance with examples as described herein.
  • the processor 1200 may include at least one controller 1202 configured to perform various operations in accordance with examples as described herein.
  • the processor 1200 may optionally include at least one memory 1204, which may be, for example, a layer 1 (L1) , layer 2 (L2) , or layer 3 (L3) cache. Additionally, or alternatively, the processor 1200 may optionally include one or more arithmetic-logic units (ALUs) 1206.
  • ALUs arithmetic-logic units
  • the processor 1200 may be a processor chipset and include a protocol stack (e.g., a software stack) executed by the processor chipset to perform various operations (e.g., receiving, obtaining, retrieving, transmitting, outputting, forwarding, storing, determining, identifying, accessing, writing, reading) in accordance with examples as described herein.
  • a protocol stack e.g., a software stack
  • operations e.g., receiving, obtaining, retrieving, transmitting, outputting, forwarding, storing, determining, identifying, accessing, writing, reading
  • the processor chipset may include one or more cores, one or more caches (e.g., memory local to or included in the processor chipset (e.g., the processor 1200) or other memory (e.g., random access memory (RAM) , read-only memory (ROM) , dynamic RAM (DRAM) , synchronous dynamic RAM (SDRAM) , static RAM (SRAM) , ferroelectric RAM (FeRAM) , magnetic RAM (MRAM) , resistive RAM (RRAM) , flash memory, phase change memory (PCM) , and others) .
  • RAM random access memory
  • ROM read-only memory
  • DRAM dynamic RAM
  • SDRAM synchronous dynamic RAM
  • SRAM static RAM
  • FeRAM ferroelectric RAM
  • MRAM magnetic RAM
  • RRAM resistive RAM
  • PCM phase change memory
  • the controller 1202 may be configured to manage and coordinate various operations (e.g., signaling, receiving, obtaining, retrieving, transmitting, outputting, forwarding, storing, determining, identifying, accessing, writing, reading) of the processor 1200 to cause the processor 1200 to support various operations in accordance with examples as described herein.
  • the controller 1202 may operate as a control unit of the processor 1200, generating control signals that manage the operation of various components of the processor 1200. These control signals include enabling or disabling functional units, selecting data paths, initiating memory access, and coordinating timing of operations.
  • the controller 1202 may be configured to fetch (e.g., obtain, retrieve, receive) instructions from the memory 1204 and determine subsequent instruction (s) to be executed to cause the processor 1200 to support various operations in accordance with examples as described herein.
  • the controller 1202 may be configured to track memory address of instructions associated with the memory 1204.
  • the controller 1202 may be configured to decode instructions to determine the operation to be performed and the operands involved.
  • the controller 1202 may be configured to interpret the instruction and determine control signals to be output to other components of the processor 1200 to cause the processor 1200 to support various operations in accordance with examples as described herein.
  • the controller 1202 may be configured to manage flow of data within the processor 1200.
  • the controller 1202 may be configured to control transfer of data between registers, ALUs, and other functional units of the processor 1200.
  • the memory 1204 may include one or more caches (e.g., memory local to or included in the processor 1200 or other memory, such RAM, ROM, DRAM, SDRAM, SRAM, MRAM, flash memory, etc. ) .
  • the memory 1204 may reside within or on a processor chipset (e.g., local to the processor 1200) .
  • the memory 1204 may reside external to the processor chipset (e.g., remote to the processor 1200) .
  • the memory 1204 may store computer-readable, computer-executable code including instructions that, when executed by the processor 1200, cause the processor 1200 to perform various functions described herein.
  • the code may be stored in a non-transitory computer-readable medium such as system memory or another type of memory.
  • the controller 1202 and/or the processor 1200 may be configured to execute computer-readable instructions stored in the memory 1204 to cause the processor 1200 to perform various functions.
  • the processor 1200 and/or the controller 1202 may be coupled with or to the memory 1204, the processor 1200, the controller 1202, and the memory 1204 may be configured to perform various functions described herein.
  • the processor 1200 may include multiple processors and the memory 1204 may include multiple memories. One or more of the multiple processors may be coupled with one or more of the multiple memories, which may, individually or collectively, be configured to perform various functions herein.
  • the one or more ALUs 1206 may be configured to support various operations in accordance with examples as described herein.
  • the one or more ALUs 1206 may reside within or on a processor chipset (e.g., the processor 1200) .
  • the one or more ALUs 1206 may reside external to the processor chipset (e.g., the processor 1200) .
  • One or more ALUs 1206 may perform one or more computations such as addition, subtraction, multiplication, and division on data.
  • one or more ALUs 1206 may receive input operands and an operation code, which determines an operation to be executed.
  • One or more ALUs 1206 be configured with a variety of logical and arithmetic circuits, including adders, subtractors, shifters, and logic gates, to process and manipulate the data according to the operation. Additionally, or alternatively, the one or more ALUs 1206 may support logical operations such as AND, OR, exclusive-OR (XOR) , not-OR (NOR) , and not-AND (NAND) , enabling the one or more ALUs 1206 to handle conditional operations, comparisons, and bitwise operations.
  • logical operations such as AND, OR, exclusive-OR (XOR) , not-OR (NOR) , and not-AND (NAND) , enabling the one or more ALUs 1206 to handle conditional operations, comparisons, and bitwise operations.
  • the processor 1200 may support wireless communication in accordance with examples as disclosed herein.
  • the processor 1200 may be configured to or operable to support a means for performing the operations of the methods described in the embodiments of the present disclosure.
  • the controller 1202 may cause the processor 1200 to: perform a first access procedure for access to a core network via a first 3GPP network; derive first key (s) for access stratum operation in the first 3GPP network based on a root key; perform a second access procedure for access to the core network via a second 3GPP network; and derive second key (s) for access stratum operation in the second 3GPP network based on the root key, wherein the second key (s) is independent of the first key (s) .

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Divers aspects de la présente divulgation concernent des procédés et des appareils pour prendre en charge de multiples accès d'un équipement utilisateur (UE) à un réseau central. Selon un mode de réalisation de la présente divulgation, un nœud de réseau dans un réseau central peut comprendre : au moins une mémoire ; et au moins un processeur couplé à la ou aux mémoires et configuré pour amener le nœud de réseau à : effectuer une première procédure d'accès avec un UE pour l'accès de l'UE au réseau central par l'intermédiaire d'un premier réseau de projet de partenariat de troisième génération (3 GPP) ; effectuer une première procédure de déduction de clé pour dériver une ou plusieurs premières clés pour une opération de strate d'accès dans le premier réseau 3 GPP sur la base d'une clé racine ; effectuer une seconde procédure d'accès avec l'UE pour l'accès de l'UE au réseau central par l'intermédiaire d'un second réseau 3 GPP ; et effectuer une seconde procédure de déduction de clé pour dériver une ou plusieurs secondes clés pour une opération de strate d'accès dans le second réseau 3 GPP sur la base de la clé racine, la ou les secondes clés étant indépendantes de la ou des premières clés.
PCT/CN2024/109464 2024-08-02 2024-08-02 Procédés et appareils pour prendre en charge de multiples accès d'un ue à un réseau central Pending WO2025123706A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/CN2024/109464 WO2025123706A1 (fr) 2024-08-02 2024-08-02 Procédés et appareils pour prendre en charge de multiples accès d'un ue à un réseau central

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2024/109464 WO2025123706A1 (fr) 2024-08-02 2024-08-02 Procédés et appareils pour prendre en charge de multiples accès d'un ue à un réseau central

Publications (1)

Publication Number Publication Date
WO2025123706A1 true WO2025123706A1 (fr) 2025-06-19

Family

ID=96056373

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2024/109464 Pending WO2025123706A1 (fr) 2024-08-02 2024-08-02 Procédés et appareils pour prendre en charge de multiples accès d'un ue à un réseau central

Country Status (1)

Country Link
WO (1) WO2025123706A1 (fr)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180041901A1 (en) * 2015-12-03 2018-02-08 Telefonaktiebolaget Lm Ericsson (Publ) Multi-RAT Access Stratum Security
US20220278835A1 (en) * 2020-04-03 2022-09-01 Apple Inc. Application Function Key Derivation and Refresh
US20240155338A1 (en) * 2022-11-05 2024-05-09 Qualcomm Incorporated Key hierarchies in trusted networks with 5g networks
WO2024145946A1 (fr) * 2023-01-06 2024-07-11 Nokia Shanghai Bell Co., Ltd. Appareil, procédé, et programme informatique

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180041901A1 (en) * 2015-12-03 2018-02-08 Telefonaktiebolaget Lm Ericsson (Publ) Multi-RAT Access Stratum Security
US20220278835A1 (en) * 2020-04-03 2022-09-01 Apple Inc. Application Function Key Derivation and Refresh
US20240155338A1 (en) * 2022-11-05 2024-05-09 Qualcomm Incorporated Key hierarchies in trusted networks with 5g networks
WO2024145946A1 (fr) * 2023-01-06 2024-07-11 Nokia Shanghai Bell Co., Ltd. Appareil, procédé, et programme informatique

Similar Documents

Publication Publication Date Title
US20250112780A1 (en) User equipment parameter update header protection
WO2024160413A1 (fr) Réauthentification pour mobilité d'équipement utilisateur dans un réseau de communication sans fil
WO2025114990A1 (fr) Techniques pour empêcher des attaques de dégradation de protection
WO2024245615A1 (fr) Établissement de session de données dans un réseau de communication sans fil
WO2025123706A1 (fr) Procédés et appareils pour prendre en charge de multiples accès d'un ue à un réseau central
WO2024208444A1 (fr) Connexions sécurisées dans un réseau de communication sans fil
WO2024235491A1 (fr) Enregistrement d'équipement utilisateur
AU2023368914A1 (en) Method and apparatus of supporting burst arrival time (bat) reporting
US20250350939A1 (en) Authentication and connection establishment for reduced capability devices
US20250159581A1 (en) Ambient internet of things (iot) device integration
US20250344265A1 (en) Apparatus and Method for Establishing a Direct Communication Connection to a Network Via an Access Point of a Different Network Type
US20250234252A1 (en) Authenticated encryption with associated data (aead) modes during mobility scenarios
US20260128876A1 (en) Synchronizing devices based on a sequence number or key mismatch
US20250233728A1 (en) Authenticated encryption with associated data (aead) modes for non-access stratum (nas) and access stratum (as) security
US20260129438A1 (en) Synchronizing devices based on a temporary id mismatch
WO2026051374A1 (fr) Procédé et appareil de prise en charge de communications sans fil sur la base d'une architecture de réseau d'accès radio (ran) divisée
US20260082216A1 (en) Providing security keys to a serving network of a user equipment
US20250358764A1 (en) Techniques for configuring an access stratum security for a non-terrestrial network
US20250350935A1 (en) Secure transmission of commands to restricted devices
WO2024179019A1 (fr) Procédé et appareil pour une indication de réinitialisation de l2 et une indication de ta mesurée par ue dans un scénario ltm
WO2026060959A1 (fr) Procédé et appareil de prise en charge de l'internet des objets (ido)
WO2025229236A1 (fr) Appareils et procédés pour une communication sécurisée dans un système de communication sans fil
WO2025229235A1 (fr) Appareils et procédés de communication sécurisée dans un système de communication sans fil
WO2026036750A1 (fr) Procédé et appareil de configuration d'équipement utilisateur (ue)
WO2025181699A1 (fr) Communication par stockage et transfert sécurisée par réseau non terrestre

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 24902132

Country of ref document: EP

Kind code of ref document: A1