GB2639980A

GB2639980A - Security algorithm management in communication network environment

Info

Publication number: GB2639980A
Application number: GB2404633.6A
Authority: GB
Inventors: Orkopoulos Stawros; Mavureddi Dhanasekaran Ranganathan; P Nair Suresh
Original assignee: Nokia Technologies Oy
Current assignee: Nokia Technologies Oy
Priority date: 2024-04-01
Filing date: 2024-04-01
Publication date: 2025-10-08
Also published as: GB202404633D0; WO2025210504A1

Abstract

The PDCP sublayer is responsible for ciphering and integrity protection for radio resource control (RRC) messages and data-plane Protocol Data Units (PDUs). The invention provides means for applying ciphering security algorithms and integrity protection as part of PDCP. A security mode may allow selecting either 256-bit or legacy 128-bit security algorithm key length, and/or further allow a message authentication code (MAC) reserve (MR) bit field settable to indicate a MAC of a selectable length such as 32 or 64 bit MAC-I.

Description

SECURITY ALGORITHM MANAGEMENT IN COMMUNICATION NETWORK ENVIRONMENT

Field

The field relates generally to communication networks, and more particularly, but not exclusively, to security management in such communication networks.

Background

This section introduces aspects that may be helpful in facilitating a better understanding of the inventions. Accordingly, the statements of this section are to be read in this light and are not to be understood as admissions about what is in the prior art or what is not in the prior art.

Fourth generation (4G) wireless mobile telecommunications technology, also known as Long Term Evolution (LTE) technology, was designed to provide high-capacity mobile multimedia with high data rates particularly for human interaction. Next generation or fifth generation (SG) technology is intended to be used not only for human interaction, but also for machine type communications in so-called Internet of Things (loT) networks.

While 5G networks are intended to enable massive IoT services (e.g., very large numbers of limited capacity devices) and mission-critical IoT services (e.g., requiring high reliability), improvements over legacy mobile communication services are supported in the form of enhanced mobile broadband (eMBB) services providing improved wireless Internet access for mobile devices.

In an example communication system, user equipment (5G UE in a 5G network or, more broadly, a UE) such as a mobile terminal (subscriber) communicates over an air interface with a base station or access point of an access network referred to as a 5G AN in a 5G network. The access point (e.g., gNB) is illustratively part of an access network of the communication system.

For example, in a 5G network, the access network referred to as a 5G AN is described in 5G Technical Specification (TS) 23.501, entitled "Technical Specification Group Services and System Aspects; System Architecture for the 5G System," and TS 23.502, entitled "Technical Specification Group Services and System Aspects; Procedures for the SG System (5GS)," the disclosures of which are incorporated by reference herein in their entireties. In general, the access point (e.g., gNB) provides access for the UE to a core network (CN or 5GC), which then provides access for the UE to other UEs and/or a data network such as a packet data network (e.g., Internet).

TS 23.501 goes on to define a 5G Service-Based Architecture (SBA) which models services as network functions (NFs) that communicate with each other using representational state transfer application programming interfaces (Restful APIs).

Furthermore, 5G Technical Specification (TS) 33.501, entitled "Technical Specification Group Services and System Aspects; Security Architecture and Procedures for the 5G System," the disclosure of which is incorporated by reference herein in its entirety, further describes security management details associated with a 5G network.

Security management is an important consideration in any communication system.

However, due to continuing attempts to improve the architectures and protocols associated with a 50 network in order to increase network efficiency and/or subscriber convenience, security management issues associated with user equipment can present a significant challenge. For example, implementing newer security algorithms in existing devices and networks is a technical challenge.

Summary

Illustrative embodiments provide techniques for security algorithm management in a communication network environment.

In one illustrative embodiment, from a data transmitting entity perspective, a method includes receiving, at the data transmitting entity associated with a communication network, one or more data packets for transmission to a data receiving entity associated with the communication network. The method includes applying, at the data transmitting entity, one or more security algorithms to the one or more data packets, wherein the application of the one or more security algorithms further includes applying ciphering to the one or more data packets and applying integrity protection to the one or more data packets in response to the ciphering. The method includes transmitting, from the data transmitting entity, the one or more data packets to the data receiving entity, in response to the application of the one or more security algorithms to the one or more data packets.

In another illustrative embodiment, from a data receiving entity perspective, a method includes receiving, at the data receiving entity associated with a communication network, one or more data packets from a data transmitting entity associated with the communication network. The method includes applying, at the data receiving entity, one or more security algorithms to the one or more data packets, wherein the application of the one or more security algorithms further includes applying integrity verification to the one or more data packets and applying deciphering to the one or more data packets in response to the integrity verification.

Further illustrative embodiments are provided in the form of a non-transitory computer-readable storage medium having embodied therein executable program code that when executed by a processor causes the processor to perform the above steps. Still further illustrative embodiments include an apparatus with a processor and a memory configured to perform the above steps.

Advantageously, illustrative embodiments provide techniques for enabling management among security algorithms in the context of data packet security such as, but not limited to, ciphering and integrity protection functions useable in accordance with a Packet Data Convergence Protocol (PDCP). For example, in one or more illustrative embodiments, at a data transmitting entity, ciphering is performed before integrity protection, and at a data receiving entity, integrity verification is performed before deciphering. Still other illustrative embodiments enable selection of extended length message authentication codes (e.g., 32 bits, 64 bits, and larger).

These and other features and advantages of embodiments described herein will become more apparent from the accompanying drawings and the following detailed description.

Brief Description of the Drawings

FIG. 1 illustrates a communication system with which one or more illustrative embodiments may be implemented.

FIG. 2 illustrates user equipment and network nodes with which one or more illustrative 25 embodiments may be implemented.

FIG. 3 illustrates a procedure for security algorithm management according to an illustrative embodiment.

FIG. 4 illustrates a procedure for security algorithm management according to another illustrative embodiment.

FIGS. 5-11 illustrate data packet formats associated with security algorithm management according to one or more illustrative embodiments.

FIG. 12 illustrates a message authentication code field associated with security algorithm management according to one or more illustrative embodiments.

Detailed Description

Embodiments will be illustrated herein in conjunction with example communication systems and associated techniques for security management in communication systems. It should be understood, however, that the scope of the claims is not limited to particular types of communication systems and/or processes disclosed. Embodiments can be implemented in a wide variety of other types of communication systems, using alternative processes and operations. For example, although illustrated in the context of wireless cellular systems utilizing the 3rd Generation Partnership Project (3GPP) system elements such as a 3GPP next generation system (50), the disclosed embodiments can be adapted in a straightforward manner to a variety of other types of communication systems such as 6G communication systems.

In accordance with illustrative embodiments implemented in a 5G communication system environment, one or more 3GPP technical specifications (TS) and technical reports (TR) may provide further explanation of network elements/functions and/or operations that may interact with parts of the inventive solutions, e.g., the above-referenced 3GPP TS 23.501, TS 23.502, and TS 33.501.

Other 3GPP TS/TR documents may provide other details that one of ordinary skill in the art will realize, for example, TS 24.501 entitled "Technical Specification Group Core Network and Terminals; Non-Access-Stratum (NAS) Protocol for 5G System (5GS); Stage 3," TS 38.323 entitled "Technical Specification Group Radio Access Network; NR; Packet Data Convergence Protocol (PDCP) specification," TS 38.331 entitled, "Technical Specification Group Radio Access Network; NR; Radio Resource Control (RRC) Protocol Specification," TS 35.215 entitled, "Technical Specification Group Services and System Aspects; Specification of the 3GPP confidentiality and Integrity Algorithms UEA2 & U1A2; Document 1: UEA2 and UIA2 specifications," TS 35.221 entitled, "Technical Specification Group Services and System Aspects; Specification of the 3GPP confidentiality and integrity Algorithms EEA3 & EIA3; Document 1: EEA3 and EIA3 specifications," and TR 33.841 "Technical Specification Group Services and Systems Aspects; Security aspects; Study on the Support of 256-bit Algorithms for 5G," the disclosures of which are incorporated by reference herein in their entireties.

Note that 3GPP TS/TR documents are non-limiting examples of communication network standards (e.g., specifications, procedures, reports, requirements, recommendations, and the like). However, while well-suited for 5G-related 3GPP standards, embodiments are not necessarily intended to be limited to any particular standards.

It is to be understood that the term 50 network, and the like (e.g., 5G system, 50 communication system, 5G environment, 5G communication environment etc.), in some illustrative embodiments, may be understood to comprise all or part of an access network and all or part of a core network. However, the term 50 network, and the like, may also occasionally be used interchangeably herein with the term 5GC network, and the like, without any loss of generality, since one of ordinary skill in the art understands any distinctions.

Prior to describing illustrative embodiments, a general description of certain main components of a 50 network will be described below in the context of FIGS. 1 and 2.

FIG. 1 shows a communication system 100 within which illustrative embodiments are implemented. It is to be understood that the elements shown in communication system 100 are intended to represent some main functions provided within the system, e.g., control plane functions, user plane functions, etc. As such, the blocks shown in FIG. 1 reference specific elements in SG networks that provide some of these main functions. However, other network elements may be used to implement some or all of the main functions represented. Also, it is to be understood that not all functions of a 50 network are depicted in FIG. 1. Rather, at least some functions that facilitate an explanation of illustrative embodiments are represented.

Subsequent figures may depict some additional elements/functions (i.e., network entities). Accordingly, as shown, communication system 100 comprises user equipment (UE) 102 that communicates via an air interface 103 with an access point 104. It is to be understood that UE 102 may use one or more other types of access points (e.g., access functions, networks, 25 etc.) to communicate with the 5GC network other than a gNB. By way of example only, the access point 104 may be any 50 access network (gNB), an untrusted non-3GPP access network that uses an Non-3GPP Interworking Function (N3IWF), a trusted non-3GPP network that uses a Trusted Non-3GPP Gateway Function (TNGF) or wireline access that uses a Wireline Access Gateway Function (W-AGF) or may correspond to a legacy access point (e.g., eNB).

Furthermore, access point 104 may be a wireless local area network (W LAN) access point as will be further explained in illustrative embodiments described herein.

The UE 102 may be a mobile station, and such a mobile station may comprise, by way of example, a mobile telephone, a computer, an IoT device, or any other type of communication device. The term "user equipment" as used herein is therefore intended to be construed broadly, so as to encompass a variety of different types of mobile stations, subscriber stations or, more generally, communication devices, including examples such as a combination of a data card inserted in a laptop or other equipment such as a smart phone. Such communication devices are also intended to encompass devices commonly referred to as access terminals. In one illustrative embodiment, UE 102 is comprised of a Universal Integrated Circuit Card (UICC) part and a Mobile Equipment (ME) part. The UICC is the user-dependent part of the UE and contains at least one Universal Subscriber Identity Module (USIM) and appropriate application software. The USIM securely stores a permanent subscription identifier and its related key, which are used to uniquely identify and authenticate subscribers to access networks. The ME is the user-independent part of the UE and contains terminal equipment (TE) functions and various mobile termination (MT) functions. Alternative illustrative embodiments may not use UICC-based authentication, e.g., a Non-Public (Private) Network (NPN).

Note that, in one example, the permanent subscription identifier is an International Mobile Subscriber Identity (IMSI) unique to the UE. In one embodiment, the IMSI is a fixed 15-digit length and consists of a 3-digit Mobile Country Code (MCC), a 3-digit Mobile Network Code (MNC), and a 9-digit Mobile Station Identification Number (MSIN). In a 5G communication system, an IMSI is referred to as a Subscription Permanent Identifier (SUPI). In the case of an IMSI as a SUPI, the MSIN provides the subscriber identity. Thus, only the MSIN portion of the IMSI typically needs to be encrypted. The MNC and MCC portions of the IMSI provide routing information, used by the serving network to route to the correct home network. When the MSIN of a SUPI is encrypted, it is referred to as Subscription Concealed Identifier (SUCI). Another example of a SUPI uses a Network Access Identifier (NA]). NAI is typically used for IoT communication.

The access point 104 is illustratively part of a radio access network or RAN of the communication system 100. Such a radio access network may comprise, for example, a 5G System having a plurality of base stations. Components of a radio access network may, more generally, be considered "radio access entities." Further, the access point 104 in this illustrative embodiment is operatively coupled to an Access and Mobility Management Function (AMF/SEAF) 106. In a 5G network, the AMF/SEA_F supports, inter alia, mobility management (MM) and security anchor (SEAF) functions.

AMF/SEAF 106 in this illustrative embodiment is operatively coupled to (e.g., uses the services of) other network functions 108. As shown, some of these other network functions 108 include, but are not limited to, an Authentication Server Function (AUSF) and a Unified Data Management (UDM) function. These listed network function examples are typically implemented in the home network of the UE subscriber, further explained below. Note that, in a 5GC network, the 4G function of the HS S (home subscriber server) is split into the AUSF, UDM, and a Unified Data Repository (UDR, not expressly shown) functions. Typically, AUSF authenticates UEs and provides any needed cryptographic keys, while UDR stores the user data and UDM manages the user data.

Other network functions 108 may include network functions that can act as service producers (NFp) and/or service consumers (NFc). Note that any network function can be a service producer for one service and a service consumer for another service. Further, when the service being provided includes data, the data-providing NFp is referred to as a data producer, while the data-requesting NFc is referred to as a data consumer. A data producer may also be an NF that generates data by modifying or otherwise processing data produced by another NF.

Note that NFs may, more generally, be considered "network entities." Note that a UE, such as UE 102, is typically subscribed to what is referred to as a Home Public Land Mobile Network (ITPLMN) in which some or all of the functions 106 and 108 reside. Alternatively the UE, such as UE 102, may receive services from an NPN where these functions may reside. The HPLMN is also referred to as the Home Environment (HE). If the UE is roaming (not in the HPLMN), it is typically connected with a Visited Public Land Mobile Network (VPLMN) also referred to as a visited network, while the network that is currently serving the UE is also referred to as a serving network. In the roaming case, some of the network functions 106 and 108 can reside in the VPLMN, in which case, functions in the VPLMN communicate with functions in the HPLMN as needed. However, in a non-roaming scenario, access and mobility management functions 106 and the other network functions 108 reside in the same communication network, i.e. HPLMN. Embodiments described herein, unless otherwise specified, are not necessarily limited by which functions reside in which PLMN (i.e., HPLMN or VPLMN).

The access point 104 is also operatively coupled (via one or more of functions 106 and/or 108) to a Session Management Function (SMF) 110, which is operatively coupled to a User Plane Function (UPF) 112. UPF 112 is operatively coupled to a Packet Data Network, e.g., Internet 114. Note that the thicker solid lines in this figure denote a user plane (UP) of the communication network, as compared to the thinner solid lines that denote a control plane (CP) of the communication network. It is to be appreciated that network (e.g., Internet) 114 in FIG. 1 may additionally or alternatively represent other network infrastructures including, but not limited to, cloud computing infrastructure and/or edge computing infrastructure. Further typical operations and functions of such network elements are not described here since they are not the focus of the illustrative embodiments and may be found in appropriate 3GPP 5G documentation. Note that functions shown in 106, 108, 110 and 112 are examples of network functions (NF s).

It is to be appreciated that this particular arrangement of system elements is an example only, and other types and arrangements of additional or alternative elements can be used to implement a communication system in other embodiments. For example, in other embodiments, the communication system 100 may comprise other elements/functions not expressly shown herein.

Accordingly, the FIG. 1 arrangement is just one example configuration of a wireless cellular system, and numerous alternative configurations of system elements may be used. For example, although only single elements/functions are shown in the FIG. 1 embodiment, this is for simplicity and clarity of description only. A given alternative embodiment may of course include larger numbers of such system elements, as well as additional or alternative elements of a type commonly associated with conventional system implementations.

It is also to be noted that while FIG. 1 illustrates system elements as singular functional blocks, the various subnetworks that make up the 5G network arc partitioned into so-called network slices. Network slices (network partitions) are logical networks that provide specific network capabilities and network characteristics that can support a corresponding service type, optionally using network function virtualization (NFV) on a common physical infrastructure.

With NFV, network slices are instantiated as needed for a given service, e.g., eMBB service, massive IoT service, and mission-critical IoT service. A network slice or function is thus instantiated when an instance of that network slice or function is created. In some embodiments, this involves installing or otherwise running the network slice or function on one or more host devices of the underlying physical infrastructure. UE 102 is configured to access one or more of these services via access point 104.

Also shown in FIG. 1 is user equipment 122 operatively coupled to user equipment 102 via a sidelink 123. Sidelink 123 is a proximity-based cellular connection directly between two sets of user equipment, e.g., user equipment 102 and user equipment 122. More particularly, sidelink 123 enables direct communication between user equipment 102 and user equipment 122 without the participation of access point 104 in the transmission and reception of data traffic.

FIG. 2 is a block diagram illustrating computing architectures for various participants in methodologies according to illustrative embodiments. More particularly, system 200 is shown comprising user equipment (UE) 202 and a plurality of network nodes 204-1, . . . . , 204-N. For example, in illustrative embodiments and with reference back to FIG. 1, UE 202 can represent UE 102 or UE 122, while network nodes 204-1, . . . , 204-N can represent access point 104 and functions 106 and 108 (i.e., network entities), as well as access point 104 (i.e., radio access entity). It is to be appreciated that the UE 202 and network nodes 204-1, . . . . , 204-N are configured to interact to provide security management and other techniques described herein.

The user equipment 202 comprises a processor 212 coupled to a memory 216 and interface circuitry 210. The processor 212 of the user equipment 202 includes a security management processing module 214 that may be implemented at least in part in the form of software executed by the processor. The security management processing module 214 performs security management described in conjunction with subsequent figures and otherwise herein. The memory 216 of the user equipment 202 includes a security management storage module 218 that stores data generated or otherwise used during security management operations.

Each of the network nodes (individually or collectively referred to herein as 204) comprises a processor 222 (222-1, . . . , 222-N) coupled to a memory 226 (226-1, . . . , 226-N) and interface circuitry 220 (220-1, . , 220-N). Each processor 222 of each network node 204 includes a security management processing module 224 (224-1, . . . , 224-N) that may be implemented at least in part in the form of software executed by the processor 222. The security management processing module 224 performs security management operations described in conjunction with subsequent figures and otherwise herein. Each memory 226 of each network node 204 includes a security management storage module 228 (228-1, , 228-N) that stores data generated or otherwise used during security management operations.

The processors 212 and 222 may comprise, for example, microprocessors such as central processing units (CPUs), application-specific integrated circuits (ASICs), digital signal processors (DSPs) or other types of processing devices, as well as portions or combinations of such elements.

The memories 216 and 226 may be used to store one or more software programs that are executed by the respective processors 212 and 222 to implement at least a portion of the functionality described herein. For example, security management operations and other functionality as described in conjunction with subsequent figures and otherwise herein may be implemented in a straightforward manner using software code executed by processors 212 and 222.

A given one of the memories 216 and 226 may therefore be viewed as an example of what is more generally referred to herein as a computer program product or still more generally as a processor-readable storage medium that has executable program code embodied therein. Other examples of processor-readable storage media may include disks or other types of magnetic or optical media, in any combination. Illustrative embodiments can include articles of manufacture comprising such computer program products or other processor-readable storage media.

Further, the memories 216 and 226 may more particularly comprise, for example, electronic random-access memory (RAM) such as static RAM (SRAM), dynamic RAM (DRAM) or other types of volatile or non-volatile electronic memory. The latter may include, for example, non-volatile memories such as flash memory, magnetic RAM (MRAM), phase-change RAM (PC-RAM) or ferroelectric RAM (FRAM). The term memory" as used herein is intended to be broadly construed, and may additionally or alternatively encompass, for example, a read-only memory (ROM), a disk-based memory, or other type of storage device, as well as portions or combinations of such devices.

The interface circuitries 210 and 220 illustratively comprise transceivers or other communication hardware or firmware that allows the associated system elements to communicate with one another in the manner described herein.

It is apparent from FIG. 2 that user equipment 202 and plurality of network nodes 204 are configured for communication with each other as security management participants via their respective interface circuitries 210 and 220. This communication involves each participant sending data to and/or receiving data from one or more of the other participants.

The term "data" as used herein is intended to be construed broadly, so as to encompass any type of information that may be sent between participants including, but not limited to, identity data, key pairs, key indicators, tokens, secrets, security management messages, registration request/response messages and data, request/response messages, authentication request/response messages and data, metadata, control data, audio, video, multimedia, consent data, other messages, etc. It is to be appreciated that the particular arrangement of components shown in FIG. 2 is an example only, and numerous alternative configurations may be used in other embodiments. For example, any given network element/function and/or access point can be configured to incorporate additional or alternative components and to support other communication protocols.

Other system elements such as access point 104, SMF 110, and UPF 112 may each be configured to include components such as a processor, memory and network interface. These elements need not be implemented on separate stand-alone processing platforms, but could instead, for example, represent different functional portions of a single common processing platform.

More generally, FIG. 2 can be considered to represent processing devices configured to provide respective security management functionalities and operatively coupled to one another in a communication system.

As mentioned above, the 3GPP TS 23.501 defines the 5GC network architecture as service-based, e.g., Service-Based Architecture (SBA). It is realized herein that in deploying different NFs, there can be many situations where an NF may need to interact with an entity external to the SBA-based 5GC network (e.g., including the corresponding PLMN(s), e.g., HPLMN and VPLMN). Thus, the term "internal" as used herein illustratively refers to operations and/or communications within the SBA-based 5GC network (e.g., SBA-based interfaces) and the term "external" illustratively refers to operations and/or communications outside the SBA-based 5GC network (non-SBA interfaces).

Given the above general description of some features of a 5GC network, problems with existing security approaches in the context of security algorithm management, and solutions proposed in accordance with illustrative embodiments, will now be described herein below.

It is realized herein that communication networks should be adapted for Access Stratum (AS) and Non-Access Stratum (NAS) procedures with respect to enhanced key length security algorithms. By way of example, it is realized herein that existing AS and NAS procedures should be extended to support 256-bit algorithms in a seamless manner. However, it is further realized herein that current 128-bit algorithms should still be supported while the roll-out of 256-bit algorithms is completed on the network side as well as on the UE side. The global roll-out, though, may take several years to complete. During the roll-out phase, both key length algorithms should co-exist. However, it is realized herein that there are a number of technical challenges associated with the transition to 256-bit algorithms.

By way of example only, one technical challenge is the negotiation of the security algorithms between the UE and the 5GC. For example, in such a security algorithm selection scenario, it would be desirable to prevent bidding-down (downgrade) attacks where a malicious actor attempts to force a device to use a lower version (less secure) protocol, algorithm, and the like, in order to more easily exploit security vulnerabilities in the lower version. Further, it would be desirable to determine which key length should be selected if the bit length of the long-term secret is only 128-bit.

Another technical challenge is the security risks related to selection of algorithms with different key sizes between the UE and the different security end points in the network. Specifically, it may be desirable to ensure the same level of protection (i.e., cryptographic key length) for AS and NAS security. It may also be desirable to enable a process in handover scenarios where the source and the target may not unanimously support 256-bit security algorithms (applicable to both AS and NAS security). Similarly, it may be desirable to enable a process in 5G Non-Standalone (NSA) deployments and interworking scenarios.

As the above technical challenges demonstrate, adding support for 256-bit algorithms to the SG system requires clarifying the interplay of the enhanced security algorithms with the legacy security algorithms to prevent security vulnerabilities.

Illustrative embodiments address the above and other technical challenges associated with security algorithm selection by providing security algorithm management techniques that enable support for longer key length algorithms, e.g., 256-bit algorithms, while continuing to support shorter, legacy key length algorithms, e.g., 128-bit algorithms. Security algorithm management techniques described herein also enable support for enhanced message authentication code (MAC) functionalities.

In some embodiments, security algorithm management techniques are described from the perspective of a Packet Data Convergence Protocol (PDCP). PDCP for 5G systems is specified by the above-referenced TS 38.323 and is located in the Radio Protocol Stack in the 5G air interface on top of the Radio Link Control (RLC) layer. PDCP provides its services to the Radio Resource Control (RRC) and user plane upper layers, e.g., Internet Protocol (IP) at the UE or to the relay at the base station. The following services are provided by PDCP to upper layers: (i) transfer of user plane data; (ii) transfer of control plane data; (iii) data compression; (iv) ciphering; and (v) integrity protection.

More particularly, as will be further explained below in the context of FIGS. 3 and 4, illustrative embodiments provide two different orders of ciphering and integrity protection. For a legacy path (e.g., 128-bit algorithm selection), the payload is first integrity then cipher protected, while for a combined algorithm path (e.g., 256-bit algorithm selection), the payload is first ciphered then integrity protected. In some embodiments, the combined algorithm path is also referred to as the Authenticated Encryption with Associated Data (AEAD) path. AEAD can encrypt and integrity protect plaintext in a combined operation and can further integrity protect additional (associated) data. In some examples, AEAD can be implemented in accordance with Advanced Encryption Standard (AES) 256 (AES-256), which is a security algorithm that uses a 256-bit key. It is realized herein that the PDCP layer should support both paths to ensure backward compatibility. Also, as will be further explained below in the context of FIGS. 5-12, illustrative embodiments provide security algorithm management procedures that support multiple MAC sizes including 32-bit, 64-bit, and 128-bit MAC sizes.

Referring now to FIG. 3, a procedure 300 for security algorithm management according to an illustrative embodiment is depicted. More particularly, procedure 300 illustrates a functional view of a PDCP layer including a PDCP transmitting entity 310 and a PDCP receiving entity 320 connected via a radio interface 330. For example, in some embodiments, the PDCP transmitting entity 310 can be a UE while the PDCP receiving entity 320 can be a gNB or other type of RAN node. In other embodiments, the PDCP transmitting entity 310 can be the gNB (RAN node) while the PDCP receiving entity 320 can be the UE. Still further, in other embodiments, the PDCP transmitting entity 310 can be a first UE while the PDCP receiving entity 320 can be a second UE (e.g., coupled via a sidelink). Thus, each UE and each network node can be configured as both a PDCP transmitting entity 310 and a PDCP receiving entity 320.

In the non-limiting example of FIG. 3, it is assumed the UE is the PDCP transmitting entity 310 with uplink data being processed in accordance with PDCP being transmitted to the RAN node acting as the PDCP receiving entity 320 in this instance. Also, while one PDCP transmitting entity 310 and one PDCP receiving entity 320 is shown in FIG. 3, it is to be appreciated that, in the PDCP layer, several PDCP entities may be defined for a UE as well as for the RAN node. Each PDCP entity is carrying the data of one radio bearer (RB). A PDCP entity is associated either to the control plane or the user plane depending on the radio bearer for which the PDCP entity is carrying data.

Accordingly, as shown in FIG. 3, the PDCP transmitting entity 310 includes: a transmission buffer module 311 that, inter alia, performs sequence numbering; a header or uplink data compression module 312, a security algorithm management module 314 which applies one or more selected security algorithms as will be further described below; a module 316 for adding the PDCP header; and a routing/duplication module 318. As further shown, the PDCP receiving entity 320 includes: a module 322 for removing the PDCP header; a security algorithm management module 324 which applies one or more selected security algorithms as will be further described below; a reception buffer module 326 that, inter alia, reorders packets and discards duplicate packets; and a header or uplink data decompression module 328.

Modules 311, 312, 316, 318, 322, 326, and 328 may be implemented, in some embodiments, consistent with the radio interface protocol architecture defined in the above-referenced TS 38.300. Similarly, the legacy path portions of modules 314 and 324 may be implemented, in some embodiments, consistent with the radio interface protocol architecture defined in TS 38.300 entitled "Technical Specification Group Radio Access Network; NR; NR and NG-RAN Overall Description; Stage 200," the disclosure of which is incorporated by reference herein in its entirety. The focus of the present disclosure is on security algorithm management with respect to the combined algorithm paths of modules 314 and 324 as will be further described in detail below.

As shown in PDCP transmitting entity 310 for the combined algorithm path in module 314, the packets associated to the PDCP service data unit (SDU) are first ciphered and then integrity protected (e.g., using a MAC procedure). This means the integrity protection is for the ciphered text and not for the plaintext (as in the legacy path) at transmitter side. Similarly at receiver side, i.e., the combine algorithm path of module 324, the received packet is first integrity protection verified and then deciphered. For split bearers (e.g., FIG. 3 architecture) and dual active protocol stack (DAPS) bearers (e.g., FIG. 4 architecture described below), routing is performed in the PDCP transmitting entity 310.

Note that protocol data units (PDUs) are packets exchanged between peer entities in the same layer. SDUs, as mentioned above, are packets handed to a lower layer by an upper layer. Thus, for example, a PDU can be an SDU with an additional header or trailer that carries information needed by that layer's protocol.

A PDCP entity associated with data radio bearer (DRB) can be configured by upper layers as described in the above-referenced TS 38.331 to use header compression or uplink data compression (UDC). A PDCP entity associated with multicast radio bearer (MRB) can be configured by upper layers as described in the above-referenced TS 38.331 to use header compression. In some embodiments, the robust header compression protocol (ROHC), the Ethernet header compression protocol (EHC) and UDC are supported. Each header compression protocol is independently configured for a DRB/MRB.

In some embodiments, the selection between the legacy algorithm or the combined (e.g., AEAD) algorithm is negotiated and finalized during the 5G security mode command (SMC) procedure between the UE and the RAN node (e.g., gNB). Accordingly, the PDCP layer uses the same algorithm (e.g., legacy or AEAD) for downlink and uplink of data from the PDCP transmitting entity 310 to the PDCP receiving entity 320 and vice versa. For the Uu interface communication and the NR (5G New Radio) sidelink communication, the AEAD or the legacy algorithm (ciphering and integrity protection) is configured by upper layers in PDCP after the SMC procedure. Thus, the PDCP transmitting entity 310 to the PDCP receiving entity 320 are configured to select between the legacy algorithm and the combined (e.g., AEAD) algorithm consistent with the one or more security algorithms selected during the SMC procedure.

Referring now to FIG. 4, a procedure 400 for security algorithm management according to another illustrative embodiment is depicted. More particularly, procedure 400 illustrates a functional view of a PDCP layer associated with a DAPS bearer. The PDCP layer in procedure 400 is identical to the PDCP layer in procedure 300 with the exception that each PDCP entity in procedure 400 is configured for two radio bearer channels (e.g., DAPS-configured). Each of the radio bearer channels of each PDCP entity has both a legacy path and a combined algorithm path identical to the legacy path and the combined algorithm path explained above in procedure 300.

Accordingly, as shown in FIG. 4, procedure 400 illustrates a functional view of a PDCP layer including a PDCP transmitting entity 410 and a PDCP receiving entity 420 connected via a radio interface 430. The PDCP transmitting entity 410 includes: a transmission buffer module 411 that, inter alia, performs sequence numbering; a pair of header compression modules 4121 and 412-2 (one for each of the two DAPS radio bearer channels), a security algorithm management module 414 which applies one or more selected security algorithms as will be further described below; a module 416 for adding the PDCP header; and a routing module 418.

As further shown, the PDCP receiving entity 420 includes: a module 422 for removing the PDCP header; a security algorithm management module 424 which applies one or more selected security algorithms as will be further described below; a reception buffer module 426 that, inter alia, reorders packets and discards duplicate packets; and a pair of header decompression modules 428-1 and 428-2 (one for each of the two DAPS radio bearer channels). Modules 411, 412-1, 412-2, 416, 418, 422, 426, 428-1, and 428-2 may be implemented, in some embodiments, consistent with the radio interface protocol architecture defined in the above-referenced TS 38.300. Similarly, the two legacy path portions in each of modules 414 and 424 may be implemented, in some embodiments, consistent with the radio interface protocol architecture defined in the above-referenced TS 38.300.

The two combined algorithm path portions in each of modules 414 and 424 operate identical as explained above with respect to modules 314 and 324 in procedure 300. That is, the packets associated to the PDCP SDU are first ciphered and then integrity protected (e.g., using a MAC procedure). This means the integrity protection is for the ciphered text and not for the plaintext (as in the legacy paths) at transmitter side. Similarly at receiver side, i.e., the combine algorithm paths of module 424, the received packet is first integrity protection verified and then deciphered.

As in procedure 300 of FIG. 3, the PDCP entities in procedure 400 select between security algorithm paths (e.g legacy and AEAD), in some embodiments, based on the SMC 30 procedure.

Further details of ciphering and deciphering, and integrity protection and verification, with respect to procedures 300 and 400 of FIGS. 3 and 4, respectively, will now be described.

It is to be understood that, in some embodiments, a ciphering function includes both ciphering and deciphering and is performed in a PDCP entity (e.g., PDCP entities 310, 320, 410, 420), when configured. For the legacy (standalone) security algorithms in use, the data unit that is ciphered is the MAC-1 (see the above-referenced TS 38.323), while for the combined algorithms in use the data unit will be first encrypted and thereafter the ciphertext will be integrity protected (e.g., Encrypt-then-MAC). This includes the data part of the PDCP Data PDU except the Service Data Adaption Protocol (SDAP) header and the SDAP Control PDU when included in the PDCP SDU. The ciphering function is not applicable to PDCP Control PDUs.

For downlink and uplink, in some embodiments, the ciphering algorithm and key to be used by the PDCP entity are configured by upper layers as described in the above-referenced TS 38.331 and the ciphering method is applied as specified in the above-referenced TS 33.501. In some embodiments, the ciphering function is activated/suspended/resumed by upper layers. When security is activated and not suspended, the ciphering function is applied to all PDCP Data PDUs indicated by upper layers for the downlink and the uplink, respectively.

For DAPS bearers, in some embodiments, the PDCP entity performs the ciphering or deciphering for the PDCP SDU using the ciphering algorithm and key either configured for the source cell or configured for the target cell, based on to/from which cell the PDCP SDU is transmitted/received.

For downlink and uplink ciphering and deciphering, in some embodiments, the parameters that are used by the PDCP entity for ciphering are defined in the above-referenced TS 33.501 and are input to the ciphering algorithm. The inputs to the ciphering function include the COUNT value, and DIRECTION (direction of the transmission). The parameters used by the PDCP entity which are provided by upper layers include: (i) BEARER (e.g., defined as the radio bearer identifier in the above-referenced TS 33.501, and uses the value RB identity -1 as in the above-referenced TS 38.331); and (ii) KEY (e.g., the ciphering keys for the control plane and for the user plane are KRRCenc and KUPenc, respectively).

For NR sidelink communication (e.g., UE-UE direct communication), in some embodiments, the ciphering algorithm and key to be used by the PDCP entity are configured by upper layers as specified in TS 24.587 entitled "Technical Specification Group Core Network and Terminals; Vehicle-to-Everything (V2X) Services in 5G System (5GS); Stage 3," the disclosure of which is incorporated by reference herein in its entirety, and the ciphering method is applied as specified in TS 33.536 entitled "Technical Specification Group Services and System Aspects; Security Aspects of 3GPP Support for Advanced Vehicle-to-Everything (V2X) Services" the disclosure of which is incorporated by reference herein in its entirety.

In some embodiments, for NR sidelink communication, the ciphering function is activated for sidelink SRBs (except for SL-SRBO) and/or sidelink DRBs for a PC5 unicast link by upper layers, as specified in the above-referenced TS 38.331. SRB refers to a signaling radio bearer (channel) carrying control plane data. When security is activated for sidelink SRBs, the ciphering function is applied to all PDCP Data PDUs (except for carrying Direct Security Mode Command message as specified in the above-referenced TS 33.536) for the sidelink SRBs which belong to the PC5 unicast link. When security is activated for sidelink DRBs, the ciphering function is applied to all PDCP Data PDUs for the sidelink DRBs which belong to the PC5 unicast link.

In some embodiments, for NR sidelink communication, the ciphering and deciphering function as specified in the above-referenced TS 33.536 is applied with KEY (NRPEK), COUNT, BEARER (LSB 5 bits of LCID as specified in TS 38.321 entitled "Technical Specification Group Radio Access Network; NR; Medium Access Control (MAC) Protocol Specification," the disclosure of which is incorporated by reference herein in its entirety) and DIRECTION (which value is set as specified in the above-referenced TS 33.536) as input.

In some embodiments, ciphering and deciphering are not applied to MRBs and sidelink SRB4.

In some embodiments, the integrity protection function includes both integrity protection and integrity verification and is performed in the PDCP entity (e.g., PDCP entities 310, 320, 410, 420), when configured. For the legacy (standalone) algorithms in use, the data unit that is integrity protected is the PDU header and the data part of the PDU before ciphering, while for the combined algorithms in use, the data unit is first encrypted and thereafter the ciphertext is integrity protected (e.g., Encrypt-then-MAC). In some embodiments, the following integrity protection criteria are implemented: integrity protection is always applied to PDCP Data PDUs of SRBs; integrity protection is applied to sidelink SRB1, SRB2 and SRB3; integrity protection is applied to PDCP Data PDUs of DRBs (including sidelink DRBs for unicast) for which integrity protection is configured; and integrity protection is not applicable to PDCP Control PDUs.

For downlink and uplink, in some embodiments, the integrity protection algorithm and key to be used by the PDCP entity are configured by upper layers as described in the above-referenced TS 38.331 and the integrity protection method is applied as specified in the above-referenced TS 33.501 for NR and in TS 33.401 entitled, "Technical Specification Group Services and System Aspects; 3GPP System Architecture Evolution (SAE); Security Architecture," the disclosure of which is incorporated by reference herein in its entirety, for EUTRA/EPC.

In some embodiments, the integrity protection function is activated/suspended/resumed by upper layers. When security is activated and not suspended, the integrity protection function is applied to all PDUs including and subsequent to the PDU indicated by upper layers for the downlink and the uplink, respectively.

In some embodiments, since the RRC message which activates the integrity protection function is itself integrity protected with the configuration included in this RRC message, this message is decoded first by RRC before the integrity protection verification is performed for 15 the PDU in which the message was received.

In some embodiments, as the PC5-S message which activates the integrity protection function is itself integrity protected with the configuration included in this PC5-S message, this message is decoded first by upper layer before the integrity protection verification is performed for the PDU in which the message was received.

For DAPS bearers, in some embodiments, the PDCP entity shall perform the integrity protection or verification for the PDCP SDU using the integrity protection algorithm and key either configured for the source cell or configured for the target cell, based on to/from which cell the PDCP SDU is transmitted/received.

For downlink and uplink integrity protection and verification, in some embodiments, the parameters that are used by the PDCP entity for integrity protection are defined in the above-referenced TS 33.501 or TS 33.401 and are input to the integrity protection algorithm. The inputs to the integrity protection function include the COUNT value, and DIRECTION (direction of the transmission). The parameters used by the PDCP entity which are provided by upper layers include: (i) BEARER (defined as the radio bearer identifier in the above-referenced TS 33.501 or TS 33.401, and using the value RB identity -1 as in the above-referenced TS 38.331); and (ii) KEY (the integrity protection keys for the control plane and for the user plane are KRRCint and KUPint, respectively).

In some embodiments, for NR sidelink communication, the integrity protection algorithm and key to be used by the PDCP entity are configured by upper layers as described in the above-referenced TS 24.587 and the integrity protection method is applied as specified in the above-referenced TS 33.536.

In some embodiments, for NR sidelink communication, the integrity protection function is activated for sidelink SRBs and/or sidelink DRBs for a PC5 unicast link by upper layers, as specified in the above-referenced TS 38.331. When security is activated for sidelink SRBs, the integrity protection function is applied to all PDUs including and subsequent to the PDU for the sidelink SRBs which belong to the PC5 unicast link. When security is activated for sidelink DRBs, the integrity protection function is applied to all PDUs including and subsequent to the PDU for the sidelink DRBs which belong to the PC5 unicast link.

In some embodiments, for the SLRB that needs integrity protection and verification, the parameters that are used by the PDCP entity for integrity protection are defined in the above-referenced TS 33.536 and are input to the integrity protection algorithm. The inputs to the integrity protection function include the KEY (NRPIK), COUNT, BEARER (LSB 5 bits of LCID as specified in the above-referenced TS 38.321) and DIRECTION (which value is set as specified in the above-referenced TS 33.536).

At transmission, in some embodiments, the UE computes the value of the MAC-I field and at reception, verifies the integrity of the PDCP Data PDU by calculating the X-MAC (computed MAC-I) based on the input parameters as specified above. If the calculated X-MAC corresponds to the received MAC-I, integrity protection is verified successfully.

In some embodiments, integrity protection and verification are not applied to MRBs and sidelink SRB4.

Referring now to FIGS. 5-11, data packet formats associated with security algorithm management according to one or more illustrative embodiments are respectively depicted, as will be further described below.

Data packet format 500 in FIG. 5 shows the format of the PDCP Data PDU with a 12-bit PDCP sequence number (SN) and a 64-bit MAC-I. Format 500 is applicable for signal data bearers (SRBs).

Note that the MAC Reserved (MR) bit field, as used in the various packet data formats herein, is settable to indicate to the UE whether to use a 32-bit MAC-I or a 64-bit MAC-I. Data packet format 600 in FIG. 6 shows the format of the PDCP Data PDU with a 12-bit PDCP SN. Format 600 is applicable for UM DRBs, AM DRBs, UM MRBs and AM MRBs. 5 UM and AM refer data transfer modes including Unacknowledged Mode and Acknowledged Mode, respectively (Transparent Mode or TM is the third data transfer mode).

Data packet format 700 in FIG. 7 shows the format of the PDCP Data PDU with an 18-bit PDCP SN. Format 700 is also applicable for UM DRBs, AM DRBs, UM MRBs and AM MRBs.

Data packet format 800 in FIG. 8 shows the format of the PDCP Data PDU with a 12-bit PDCP SN. Format 800 is applicable for sidelink DRBs for groupcast and broadcast, for the sidelink SRBO, and for the sidelink SRB4. In some embodiments, there is no control PDU for SLRBs for groupcast and broadcast. Thus, there is no D/C field in the PDCP Data PDU format for SLRBs for groupcast and broadcast. The SDU type is only applicable for sidelink DRB.

Data packet format 900 in FIG. 9 shows the format of the PDCP Data PDU with a 12-bit PDCP SN. Format 900 is applicable for sidelink SRB1, SRB2 and SRB3 for unicast.

Data packet format 1000 in FIG. 10 shows the format of the PDCP Data PDU with a 12-bit PDCP SN. Format 1000 is applicable for sidelink DRBs for unicast.

Data packet format 1100 in FIG. 11 shows the format of the PDCP Data PDU with an 18-bit PDCP SN. Format 1100 is applicable for sidelink DRBs for unicast.

Note that the MAC-I fields in the data packet formats above carry a message authentication code calculated as specified in the above-referenced TS 38.323. In some embodiments, for SRBs for the Uu interface, the MAC-I field is always present. If integrity protection is not configured, the MAC-I field is still present but is padded with padding bits set to 0. For 256-bit support, the MAC-I field length is configurable to 32 bits or 64 bits. For sidelink SRBI, SRB2 and SRB3, the MAC-I field is present only when the sidelink SRBI, SRB2 and SRB3 arc configured with integrity protection. For DRBs (including sidelink DRBs for unicast), the MAC-I field is present only when the DRB is configured with integrity protection.

FIG. 12 illustrates a message authentication code field 1200 associated with security algorithm management according to one or more illustrative embodiments. Field 1200 provides indication in an MR bit field (MAC-I Reserved) of whether a 32-bit MAC-I, a 64-bit MAC-I, or larger (e.g., 128-bit MAC-I) is to be used. The MR bit could be either 1 bit or 2 bits depending upon the MAC-I support extensions. For example, if the MAC-I is either 32 bit or 64 bit, then only one bit can be used to represent the same. In case of extensions of larger MAC-I, then for example, 2 bits can be used for MR.

As explained in detail herein, illustrative embodiments provide for security algorithm management functionalities implemented within user equipment (e.g UE) and one or more radio access entities (e.g., a RAN node such as a gNB).

As such, from a PDCP transmitting entity perspective, an apparatus may comprise at least one processor, and at least one memory storing instructions that, when executed by the at least one processor, cause the apparatus at least to: receive one or more data packets for transmission to a data receiving entity associated with a communication network; select one or more security algorithms to be applied to the one or more data packets, wherein the selection is made between one or more first security algorithms configured with a first key length and one or more second security algorithms configured with a second key length; apply the selected one or more security algorithms to the one or more data packets; and transmit the one or more data packets to the data receiving entity, in response to the application of the selected one or more security algorithms to the one or more data packets.

In some embodiments, the selected one or more security algorithms may comprise integrity protection and ciphering. The integrity protection may utilize a message authentication code of a selectable length. The one or more first security algorithms configured with a first key length may apply integrity protection and ciphering in a first order, and the one or more second security algorithms configured with a second key length apply integrity protection and ciphering in a second order which is the reverse of the first order. The first key length may comprise a 128-bit key length and the second key length may comprise a 256-bit key length. The apparatus and the data receiving entity may operate in a packet data convergence protocol layer of the communication network. The selection may be based on a security mode command procedure. The apparatus may be part of user equipment or part of a radio access network node.

Further, a method may comprise: receiving, at a data transmitting entity associated with a communication network, one or more data packets for transmission to a data receiving entity associated with the communication network; selecting, at the data transmitting entity, one or more security algorithms to be applied to the one or more data packets, wherein the selection is made between one or more first security algorithms configured with a first key length and one or more second security algorithms configured with a second key length; applying, at the data transmitting entity, the selected one or more security algorithms to the one or more data packets; and transmitting, from the data transmitting entity, the one or more data packets to the data receiving entity, in response to the application of the selected one or more security algorithms to the one or more data packets.

In another embodiment, a non-transitory computer-readable storage medium having embodied therein executable program code that when executed by a processor causes the processor to perform the above-mentioned method.

From a PDCP transmitting entity perspective, an apparatus may comprise at least one processor, and at least one memory storing instructions that, when executed by the at least one processor, cause the apparatus at least to: receive one or more data packets from a data transmitting entity associated with a communication network; select one or more security algorithms to be applied to the one or more data packets, wherein the selection is made between one or more first security algorithms configured with a first key length and one or more second security algorithms configured with a second key length, and wherein the selection corresponds to one or more security algorithms applied at the data transmitting entity; and apply the selected one or more security algorithms to the one or more data packets.

In some embodiments, the selected one or more security algorithms comprises integrity verification and deciphering. The integrity verification may utilize a message authentication code of a selectable length. The one or more first security algorithms configured with a first key length may apply integrity verification and deciphering in a first order, and the one or more second security algorithms configured with a second key length may apply integrity verification and deciphering in a second order which is the reverse of the first order. The first key length may comprise a 128-bit key length and the second key length may comprise a 256-bit key length. The apparatus and the data transmitting entity may operate in a packet data convergence protocol layer of the communication network. The selection may be bascd on a security mode command procedure. The apparatus may be part of user equipment or part of a radio access network node.

Further, a method may comprise: receiving, at a data receiving entity associated with a communication network, one or more data packets from a data transmitting entity associated with the communication network; selecting, at the data receiving entity, one or more security algorithms to be applied to the one or more data packets, wherein the selection is made between one or more first security algorithms configured with a first key length and one or more second security algorithms configured with a second key length, and wherein the selection corresponds to one or more security algorithms applied at the data transmitting entity; and applying, at a data receiving entity, the selected one or more security algorithms to the one or more data packets.

In yet additional embodiments, from a PDCP transmitting entity perspective, an apparatus may comprise at least one processor, and at least one memory storing instructions that, when executed by the at least one processor, cause the apparatus at least to: receive one or more data packets for transmission to a data receiving entity associated with a communication network; apply one or more security algorithms to the one or more data packets, wherein the application of the one or more security algorithms further comprises applying ciphering to the one or more data packets and applying integrity protection to the one or more data packets in response to the ciphering; and transmit the one or more data packets to the data receiving entity, in response to the application of the one or more security algorithms to the one or more data packets.

In some embodiments, the integrity protection may utilize a message authentication code of a selectable length. The one or more security algorithms may be configured with a key length of 256 bits. The apparatus and the data receiving entity may operate in a packet data convergence protocol layer of the communication network. The apparatus may be part of user equipment or part of a radio access network node.

Further, a method may comprise: receiving, at a data transmitting entity associated with a communication network, one or more data packets for transmission to a data receiving entity associated with the communication network; applying, at the data transmitting entity, one or more security algorithms to the one or more data packets, wherein the application of the one or more security algorithms further comprises applying ciphering to the one or more data packets and applying integrity protection to the one or more data packets in response to the ciphering; and transmitting, from the data transmitting entity, the one or more data packets to the data receiving entity, in response to the application of the one or more security algorithms to the one or more data packets.

Still further, from a PDCP receiving entity perspective, an apparatus may comprise at least one processor, and at least one memory storing instructions that, when executed by the at least one processor, cause the apparatus at least to: receive one or more data packets from a data transmitting entity associated with a communication network; and apply one or more security algorithms to the one or more data packets, wherein the application of the one or more security algorithms further comprises applying integrity verification to the one or more data packets and applying deciphering to the one or more data packets in response to the integrity verification.

In some embodiments, the integrity verification may utilize a message authentication code of a selectable length. The one or more security algorithms may be configured with a key length of 256 bits. The apparatus and the data transmitting entity may operate in a packet data convergence protocol layer of the communication network. The apparatus may be part of user equipment or part of a radio access network node.

Still further, a method may comprise: receiving, at a data receiving entity associated with a communication network, one or more data packets from a data transmitting entity associated with the communication network; and applying, at the data receiving entity, one or more security algorithms to the one or more data packets, wherein the application of the one or more security algorithms further comprises applying integrity verification to the one or more data packets and applying deciphering to the one or more data packets in response to the integrity verification.

As used herein, it is to be understood that the term "communication network" in some embodiments can comprise two or more separate communication networks. Further, the particular processing operations and other system functionality described in conjunction with the diagrams described herein are presented by way of illustrative example only and should not be construed as limiting the scope of the disclosure in any way. Alternative embodiments can use other types of processing operations and messaging protocols. For example, the ordering of the steps may be varied in other embodiments, or certain steps may be performed at least in part concurrently with one another rather than serially. Also, one or more of the steps may be repeated periodically, or multiple instances of the methods can be performed in parallel with one another.

It should again be emphasized that the various embodiments described herein are presented by way of illustrative example only and should not be construed as limiting the scope of the claims. For example, alternative embodiments can utilize different communication system configurations, user equipment configurations, base station configurations, provisioning and usage processes, messaging protocols and message formats than those described above in the context of the illustrative embodiments. These and numerous other alternative embodiments within the scope of the appended claims will be readily apparent to those skilled in the art.

Claims

Claims What is claimed is: 1. An apparatus comprising: means for receiving one or more data packets for transmission to a data receiving entity associated with a communication network; means for applying one or more security algorithms to the one or more data packets, wherein the application of the one or more security algorithms further comprises applying ciphering to the one or more data packets and applying integrity protection to the one or more data packets in response to the ciphering; and means for transmitting the one or more data packets to the data receiving entity, in response to the application of the one or more security algorithms to the one or more data packets.
2. The apparatus of claim 1, wherein the integrity protection utilizes a message authentication code of a selectable length.
3. The apparatus of claim 1, wherein the one or more security algorithms are configured with a key length of 256 bits.
4. The apparatus of claim 1, wherein the apparatus and the data receiving entity operate in a packet data convergence protocol layer of the communication network.
5. The apparatus of claim I wherein the apparatus is part of user equipment or part of a radio access network node. 25
6. A method comprising: receiving, at a data transmitting entity associated with a communication network, one or more data packets for transmission to a data receiving entity associated with the communication network; applying, at the data transmitting entity, one or more security algorithms to the one or more data packets, wherein the application of the one or more security algorithms further comprises applying ciphering to the one or more data packets and applying integrity protection to the one or more data packets in response to the ciphering; and transmitting, from the data transmitting entity, the one or more data packets to the data receiving entity, in response to the application of the one or more security algorithms to the one or more data packets.
7. An apparatus comprising: means for receiving one or more data packets from a data transmitting entity associated with a communication network; and means for applying one or more security algorithms to the one or more data packets, wherein the application of the one or more security algorithms further comprises applying integrity verification to the one or more data packets and applying deciphering to the one or more data packets in response to the integrity verification.
8. The apparatus of claim 7, wherein the integrity verification utilizes a message authentication code of a selectable length.
9. The apparatus of claim 7, wherein the one or more security algorithms are configured with a key length of 256 bits.
10. The apparatus of claim 7, wherein the apparatus and the data transmitting entity operate in a packet data convergence protocol layer of the communication network.
11. The apparatus of claim 7, wherein the apparatus is part of user equipment or part of a radio access network node.
12. A method comprising: receiving, at a data receiving entity associated with a communication network, one or more data packets from a data transmitting entity associated with the communication network; 30 and applying, at the data receiving entity, one or more security algorithms to the one or more data packets, wherein the application of the one or more security algorithms further comprises applying integrity verification to the one or more data packets and applying deciphering to the one or more data packets in response to the integrity verification.