[go: up one dir, main page]

WO2025112008A1 - Secure communication in non-terrestrial network store and forward system - Google Patents

Secure communication in non-terrestrial network store and forward system Download PDF

Info

Publication number
WO2025112008A1
WO2025112008A1 PCT/CN2023/135722 CN2023135722W WO2025112008A1 WO 2025112008 A1 WO2025112008 A1 WO 2025112008A1 CN 2023135722 W CN2023135722 W CN 2023135722W WO 2025112008 A1 WO2025112008 A1 WO 2025112008A1
Authority
WO
WIPO (PCT)
Prior art keywords
context
security context
key
security
nas
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
PCT/CN2023/135722
Other languages
French (fr)
Inventor
Xiang Xu
Saurabh Khare
Stawros Orkopoulos
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nokia Shanghai Bell Co Ltd
Nokia Solutions and Networks Oy
Nokia Technologies Oy
Original Assignee
Nokia Shanghai Bell Co Ltd
Nokia Solutions and Networks Oy
Nokia Technologies Oy
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nokia Shanghai Bell Co Ltd, Nokia Solutions and Networks Oy, Nokia Technologies Oy filed Critical Nokia Shanghai Bell Co Ltd
Priority to PCT/CN2023/135722 priority Critical patent/WO2025112008A1/en
Publication of WO2025112008A1 publication Critical patent/WO2025112008A1/en
Pending legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • H04W12/033Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/047Key management, e.g. using generic bootstrapping architecture [GBA] without using a trusted network node as an anchor
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication

Definitions

  • Various example embodiments of the present disclosure generally relate to the field of telecommunication and in particular, to methods, devices, apparatuses and computer readable storage medium for the secure communication in Non-Terrestrial Network (NTN) Store and Forward (S&F) system, especially for secure communication between user equipment (UE) and a plurality of satellites.
  • NTN Non-Terrestrial Network
  • S&F Store and Forward
  • the Third Generation Partnership Project (3GPP) has initiated a discussion on satellite access and several S&F use cases are defined including both mobile terminated and originated application data.
  • the S&F mainly refer to Non-Geosynchronous Orbit (NGSO) satellite, and assumes the radio access network node (e.g., eNB or gNB) is hosted in the satellite.
  • the satellite and the radio access network node e.g., eNB or gNB
  • the GS includes the NTN Gateway (NTN-GW) , Home Subscriber Server (HSS) or other core network (CN) nodes.
  • NTN-GW NTN Gateway
  • HSS Home Subscriber Server
  • CN core network
  • a first apparatus comprising at least one processor; and at least one memory storing instructions that, when executed by the at least one processor, cause the first apparatus at least to: determine a first context at least indicating information associated with a second apparatus for serving a third apparatus; and transmit the first context to at least one of the third apparatus or the second apparatus for communication protection between the third apparatus and the second apparatus.
  • a second apparatus comprising at least one processor; and at least one memory storing instructions that, when executed by the at least one processor, cause the second apparatus at least to: receive a first context, from a first apparatus or a fourth apparatus, at least indicating information associated with the second apparatus for serving a third apparatus; determine, based on the first context, a second security context and/or at least one second key, the second security context comprising at least one of a second non-access stratum, NAS, security context or a second access stratum, AS, security context, for protecting communication between the second apparatus and the third apparatus; and maintain the second security context for further communication with the third apparatus, after the third apparatus is disconnected.
  • a third apparatus comprises at least one processor; and at least one memory storing instructions that, when executed by the at least one processor, cause the third apparatus at least to: obtain a first security context and/or at least one first key for protecting communication between the third apparatus and the first apparatus, comprising at least one of a first NAS security context or a first AS security context; maintain the first security context and/or the at least one first key for protecting communication with the first apparatus; receive a first context, from a first apparatus by using the first security context and/or the at least one first key for protecting communication between the third apparatus and the first apparatus, at least indicating information associated with a second apparatus for serving the third apparatus; determine, based on the first context, a second security context and/or at least one second key for protecting communication between the second apparatus and the third apparatus, the second security context comprising at least one of a second NAS security context or a second AS security context; and maintain the second security context and/or the at least one second key for communication with
  • a method comprises: determining a first context at least indicating information associated with a second apparatus for serving a third apparatus; and transmitting the first context to at least one of the third apparatus or the second apparatus for communication protection between the third apparatus and the second apparatus.
  • a method comprises: receiving a first context, from a first apparatus or a fourth apparatus, at least indicating information associated with the second apparatus for serving a third apparatus; determining, based on the first context, a second security context and/or at least one second key, the second security context comprising at least one of a second non-access stratum, NAS, security context or a second access stratum, AS, security context, for protecting communication between the second apparatus and the third apparatus; and maintaining the second security context for further communication with the third apparatus, after the third apparatus is disconnected.
  • a method comprises: obtaining a first security context and/or at least one first key for protecting communication between the third apparatus and the first apparatus, comprising at least one of a first NAS security context or a first AS security context; maintaining the first security context and/or the at least one first key for protecting communication with the first apparatus; receiving a first context, from a first apparatus by using the first security context and/or the at least one first key for protecting communication between the third apparatus and the first apparatus, at least indicating information associated with a second apparatus for serving the third apparatus; determining, based on the first context, a second security context and/or at least one second key for protecting communication between the second apparatus and the third apparatus, the second security context comprising at least one of a second NAS security context or a second AS security context; and maintaining the second security context and/or the at least one second key for communication with the second apparatus.
  • a first apparatus comprises means for determining a first context at least indicating information associated with a second apparatus for serving a third apparatus; and means for transmitting the first context to at least one of the third apparatus or the second apparatus for communication protection between the third apparatus and the second apparatus.
  • a second apparatus comprises means for receiving a first context, from a first apparatus or a fourth apparatus, at least indicating information associated with the second apparatus for serving a third apparatus; means for determining, based on the first context, a second security context and/or at least one second key, the second security context comprising at least one of a second non-access stratum, NAS, security context or a second access stratum, AS, security context, for protecting communication between the second apparatus and the third apparatus; and means for maintaining the second security context for further communication with the third apparatus, after the third apparatus is disconnected.
  • a third apparatus comprises means for obtaining a first security context and/or at least one first key for protecting communication between the third apparatus and the first apparatus, comprising at least one of a first NAS security context or a first AS security context; means for maintaining the first security context and/or the at least one first key for protecting communication with the first apparatus; means for receiving a first context, from a first apparatus by using the first security context and/or the at least one first key for protecting communication between the third apparatus and the first apparatus, at least indicating information associated with a second apparatus for serving the third apparatus; means for determining, based on the first context, a second security context and/or at least one second key for protecting communication between the second apparatus and the third apparatus, the second security context comprising at least one of a second NAS security context or a second AS security context; and means for maintaining the second security context and/or the at least one second key for communication with the second apparatus.
  • a computer readable medium comprises instructions stored thereon for causing an apparatus to perform at least the method according to the fourth aspect.
  • a computer readable medium comprises instructions stored thereon for causing an apparatus to perform at least the method according to the fifth aspect.
  • a computer readable medium comprises instructions stored thereon for causing an apparatus to perform at least the method according to the sixth aspect.
  • a system comprising at least one processor and at least one memory storing instructions that, when executed by the at least one processor, cause the system at least to perform: determine a first security context and/or at least one first key for protecting communication between the third apparatus and the system, comprising at least one of a first NAS security context or a first AS security context; maintain the first security context and/or the at least one first key for protecting communication with the third apparatus; determine, or obtain from a fourth apparatus, a first context at least indicating information associated with the system for serving a third apparatus; transmit, by using the first security context and/or the at least one first key for protecting communication between the third apparatus and the system, the first context to the third apparatus for protecting communication between the system and the third apparatus; determine, based on the first context, a second security context and/or at least one second key for protecting communication between the second apparatus and the system, the second security context comprising at least one of a second NAS security context or a second AS security context; and
  • a system comprising means for determining a first security context and/or at least one first key for protecting communication between the third apparatus and the system, comprising at least one of a first NAS security context or a first AS security context; means for maintaining the first security context and/or the at least one first key for protecting communication with the third apparatus; means for determining, or obtaining from a fourth apparatus, a first context at least indicating information associated with the system for serving a third apparatus; means for transmitting, by using the first security context and/or the at least one first key for protecting communication between the third apparatus and the system, the first context to the third apparatus for protecting communication between the system and the third apparatus; means for determining, based on the first context, a second security context and/or at least one second key for protecting communication between the second apparatus and the system, the second security context comprising at least one of a second NAS security context or a second AS security context; and means for maintaining the second security context and/or the at least one second key
  • FIG. 1 illustrates an example communication environment in which example embodiments of the present disclosure can be implemented
  • FIG. 2 illustrates a signaling chart of an example process of the secure communication in NTN S&F system according to some example embodiments of the present disclosure
  • FIG. 7 illustrates a flowchart of a method implemented at a third apparatus according to some example embodiments of the present disclosure
  • FIG. 8 illustrates a simplified block diagram of a device that is suitable for implementing example embodiments of the present disclosure.
  • FIG. 9 illustrates a block diagram of an example computer readable medium in accordance with some example embodiments of the present disclosure.
  • references in the present disclosure to “one embodiment, ” “an embodiment, ” “an example embodiment, ” and the like indicate that the embodiment described may include a particular feature, structure, or characteristic, but it is not necessary that every embodiment includes the particular feature, structure, or characteristic. Moreover, such phrases are not necessarily referring to the same embodiment. Further, when a particular feature, structure, or characteristic is described in connection with an embodiment, it is submitted that it is within the knowledge of one skilled in the art to affect such feature, structure, or characteristic in connection with other embodiments whether or not explicitly described.
  • performing a step “in response to A” does not indicate that the step is performed immediately after “A” occurs and one or more intervening steps may be included.
  • circuitry may refer to one or more or all of the following:
  • circuitry also covers an implementation of merely a hardware circuit or processor (or multiple processors) or portion of a hardware circuit or processor and its (or their) accompanying software and/or firmware.
  • circuitry also covers, for example and if applicable to the particular claim element, a baseband integrated circuit or processor integrated circuit for a mobile device or a similar integrated circuit in server, a cellular network device, or other computing or network device.
  • the term “communication network” refers to a network following any suitable communication standards, such as New Radio (NR) , Long Term Evolution (LTE) , LTE-Advanced (LTE-A) , Wideband Code Division Multiple Access (WCDMA) , High-Speed Packet Access (HSPA) , Narrow Band Internet of Things (NB-IoT) and so on.
  • NR New Radio
  • LTE Long Term Evolution
  • LTE-A LTE-Advanced
  • WCDMA Wideband Code Division Multiple Access
  • HSPA High-Speed Packet Access
  • NB-IoT Narrow Band Internet of Things
  • the communications between a terminal device and a network device in the communication network may be performed according to any suitable generation communication protocols, including, but not limited to, the first generation (1G) , the second generation (2G) , 2.5G, 2.75G, the third generation (3G) , the fourth generation (4G) , 4.5G, the fifth generation (5G) , the sixth generation (6G) communication protocols, and/or any other protocols either currently known or to be developed in the future.
  • Embodiments of the present disclosure may be applied in various communication systems. Given the rapid development in communications, there will of course also be future type communication technologies and systems with which the present disclosure may be embodied. It should not be seen as limiting the scope of the present disclosure to only the aforementioned system.
  • radio access network device or “radio access network node” refers to a device or node implementing an Access Network (AN) function in a wireless communication network via which user equipment accesses a core network and receives services from the core network.
  • AN Access Network
  • radio access network node may include, but be not limited to, a base station (BS) or an access point (AP) , for example, a node B (NodeB or NB) , an evolved NodeB (eNodeB or eNB) , an NR NB (also referred to as a gNB) , an Next Generation Radio Access Network Node (also referred to as an NG-RAN node) , a Remote Radio Unit (RRU) , a radio header (RH) , a remote radio head (RRH) , a relay, an Integrated Access and Backhaul (IAB) node, a low power node such as a femto, a pico, and so forth, depending on the applied terminology and technology.
  • a RAN node for example, a gNB
  • a gNB may include a Centralized Unit (CU) and one or more Distributed Units (DUs) connected to the CU.
  • CU Centralized Unit
  • terminal device refers to any end device that may be capable of wireless communication.
  • a terminal device may also be referred to as a communication device, user equipment (UE) , a Subscriber Station (SS) , a Portable Subscriber Station, a Mobile Station (MS) , or an Access Terminal (AT) .
  • UE user equipment
  • SS Subscriber Station
  • MS Mobile Station
  • AT Access Terminal
  • the terminal device may include, but not limited to, a mobile phone, a cellular phone, a smart phone, voice over IP (VoIP) phones, wireless local loop phones, a tablet, a wearable terminal device, a personal digital assistant (PDA) , portable computers, desktop computer, image capture terminal devices such as digital cameras, gaming terminal devices, music storage and playback appliances, vehicle-mounted wireless terminal devices, wireless endpoints, mobile stations, laptop-embedded equipment (LEE) , laptop-mounted equipment (LME) , USB dongles, smart devices, wireless customer-premises equipment (CPE) , an Internet of Things (IoT) device, a watch or other wearable, a head-mounted display (HMD) , a vehicle, a drone, a medical device and applications (e.g., remote surgery) , an industrial device and applications (e.g., a robot and/or other wireless devices operating in an industrial and/or an automated processing chain contexts) , a consumer electronics device, a device operating on commercial and/
  • core network device refers to any computing device or computing system that includes hardware (e.g., at least one processor and at least one memory) and software implementing one or more network functions of a core network.
  • core network device may include, but be not limited to, an evolved Packet Data Gateway (ePGW) , a trusted wireless local area network (WLAN) access network (TWAN) node, a Home Subscriber Server (HSS) , an Access and Mobility Management Function (AMF) , a Session Management Function (SMF) , a Network Slice Selection Function (NSSF) , an Authentication Server Function (AUSF) , a Serving Gateway (SGW) , a Packet Data Network (PDN) Gateway (PGW) , an Authentication Server Function (AUSF) , a Subscription Identifier De-concealing function (SIDF) , a Unified Data Management (UDM) , a Security Edge Protection Proxy (SEPP)
  • ePGW evolved Packet Data Gateway
  • WLAN trusted
  • a non-terrestrial network (NTN) device is a network device embarked on an airborne or space-borne NTN vehicle.
  • An NTN device can embarked on a Geosynchronous Orbit (GSO) satellite, or a Non-Geosynchronous Orbit (NGSO) satellite, for example, a low earth orbit (LEO) satellite.
  • GSO Geosynchronous Orbit
  • NGSO Non-Geosynchronous Orbit
  • LEO low earth orbit
  • An NTN device may only implement radio access network functionality, or implement both radio access network functionality and core network functionality.
  • the term “satellite” and the “NTN device” have the same meaning.
  • FIG. 1 illustrates an example communication environment 100 in which example embodiments of the present disclosure can be implemented.
  • the communication network 100 may comprise a first apparatus 110 (e.g., an NTN device hosting radio access network device such as a BS, a gNB, or an eNB) and a second apparatus 120 (e.g., a further NTN device hosting radio access radio access network device such as a BS, a gNB, or an eNB) .
  • the first apparatus 110 and/or second apparatus 120 may be hosted in satellites.
  • the communication network 100 may further comprise a third apparatus 130 (e.g., a terminal device such as a UE) , which may communicate with the first apparatus 110 within a coverage of the first apparatus 110, for example, the geographical area of the third apparatus 130 is served by a satellite beam or cell from the first apparatus 110.
  • a third apparatus 130 e.g., a terminal device such as a UE
  • the third apparatus 130 may communicate with the second apparatus 120 within coverage of the second apparatus 120, for example, the geographical area of the third apparatus 130 is served by a satellite beam or cell from the second apparatus 120.
  • the communication network 100 may also comprise a fourth apparatus 140.
  • the fourth apparatus 140 may also be referred to a ground station including at least one core network function/entity in the CN, such as an NTN-GW, a management entity, an AMF, or an AUSF, or an HSS, etc.
  • the terminal device 110 may communicate with the fourth apparatus 140 via the first apparatus 110 or the second apparatus 120.
  • the first apparatus 110 and the second apparatus 120 may also host certain core network functionalities, for example, AMF function, or functionality to authenticate/authorize the terminal device 110.
  • the communication network 100 may refer to an NTN network and the first apparatus 110 and the second apparatus 120 may be implemented in a satellite and moves along with the satellite. More specifically, the satellite is a NGSO satellite.
  • the first apparatus 110 serves a geographical area of the third apparatus 130, but the first apparatus 110 has no connection with the fourth apparatus 140. That is, the UL data of the third apparatus 130 may be buffered at the first apparatus 110.
  • the first apparatus 110 may move out of the geographical area of the third apparatus 130 and have a connection with the fourth apparatus 140. In this case, the first apparatus 110 may forward the buffered UL data of the third apparatus 130 to the fourth apparatus 140.
  • the second apparatus 120 may serve the geographical area of the third apparatus 130, but the second apparatus 120 has no connection with the fourth apparatus 140. That is, the UL data of the third apparatus 130 may be buffered at the second apparatus 120.
  • the second apparatus 120 may move out of the geographical area of the third apparatus 130 and have a connection with the fourth apparatus 140. In this case, the second apparatus 120 may forward the buffered UL data of the third apparatus 130 to the fourth apparatus 140.
  • the second apparatus 120 can connect with the fourth apparatus 140 before it establishes a connection with the third apparatus 130, or after the first apparatus 110 connected with the fourth apparatus 140 (to upload the UE context) .
  • the UL data received from the third apparatus 130 may be first stored in the satellite (e.g., the first apparatus 110 or the second apparatus 120) when it only has a connection with the third apparatus 130, then it may be forwarded to the fourth apparatus 140 when the satellite has a connection with the fourth apparatus 140.
  • the satellite e.g., the first apparatus 110 or the second apparatus 120
  • the communication network 100 may include any suitable number of network devices and terminal devices.
  • first apparatus 110 and the second apparatus 120 operating as a radio access network device or core network device
  • third apparatus 130 operating as a terminal device.
  • operations described in connection with the first apparatus 110 may be implemented at the second apparatus 120, and operations described in connection with the second apparatus 120 may be implemented at the first apparatus 110.
  • a link from the first apparatus 110 or the second apparatus 120 to the third apparatus 130 is referred to as a downlink (DL)
  • a link from the third apparatus 130 to the first apparatus 110 or the second apparatus 120 is referred to as an uplink (UL)
  • the first apparatus 110 or the second apparatus 120 is a transmitting (TX) device (or a transmitter)
  • the third apparatus 130 is a receiving (RX) device (or a receiver)
  • the third apparatus 130 is a TX device (or a transmitter) and the first apparatus 110 or the second apparatus 120 is a RX device (or a receiver) .
  • Communications in the communication environment 100 may be implemented according to any proper communication protocol (s) , comprising, but not limited to, cellular communication protocols of the first generation (1G) , the second generation (2G) , the third generation (3G) , the fourth generation (4G) , the fifth generation (5G) , the sixth generation (6G) , and the like, wireless local network communication protocols such as Institute for Electrical and Electronics Engineers (IEEE) 802.11 and the like, and/or any other protocols currently known or to be developed in the future.
  • s cellular communication protocols of the first generation (1G) , the second generation (2G) , the third generation (3G) , the fourth generation (4G) , the fifth generation (5G) , the sixth generation (6G) , and the like
  • wireless local network communication protocols such as Institute for Electrical and Electronics Engineers (IEEE) 802.11 and the like, and/or any other protocols currently known or to be developed in the future.
  • the communication may utilize any proper wireless communication technology, comprising but not limited to: Code Division Multiple Access (CDMA) , Frequency Division Multiple Access (FDMA) , Time Division Multiple Access (TDMA) , Frequency Division Duplex (FDD) , Time Division Duplex (TDD) , Multiple-Input Multiple-Output (MIMO) , Orthogonal Frequency Division Multiple (OFDM) , Discrete Fourier Transform spread OFDM (DFT-s-OFDM) and/or any other technologies currently known or to be developed in the future.
  • CDMA Code Division Multiple Access
  • FDMA Frequency Division Multiple Access
  • TDMA Time Division Multiple Access
  • FDD Frequency Division Duplex
  • TDD Time Division Duplex
  • MIMO Multiple-Input Multiple-Output
  • OFDM Orthogonal Frequency Division Multiple
  • DFT-s-OFDM Discrete Fourier Transform spread OFDM
  • the NTN device hosts the Access Network (AN) function (e.g., eNB/gNB) and some CN functions (e.g., Mobility Management Entity (MME) /Access and Mobility Management Function (AMF) , authenticate/authorize function) , and other CN network functions (e.g., the HSS, the unified data management (UDM) ) is on the ground station (e.g., the fourth apparatus 140) .
  • MME Mobility Management Entity
  • AMF Access and Mobility Management Function
  • authenticate/authorize function e.g., the HSS, the unified data management (UDM)
  • MME/AMF co-located architecture e.g., MME/AMF co-located architecture.
  • the NTN device e.g., the first apparatus 110 or the second apparatus 120
  • the AN function e.g., NG-eNB/gNB
  • the MME/AMF plus other network functions are on the ground station (e.g., the fourth apparatus 140) .
  • MME/AMF classic architecture This is the so-called MME/AMF classic architecture.
  • CIoT Cellular Internet of Things
  • EPS End-to-End Service
  • 5GS 5G system
  • CP Control Plane
  • UP User Plane
  • the Access Stratum (AS) security is not used.
  • the non-Access Stratum (NAS) security is used to protect the UE data.
  • the BS e.g., eNB
  • the BS just forward the received UL NAS message to the CN node (e.g., MME) , and the CN node may perform the security check.
  • each separate EPS key K ASME has a distinct pair of NAS COUNTs, one NAS COUNT for uplink and one NAS COUNT for downlink, associated with it.
  • the UL (or DL) NAS COUNT is updated after a UL (or DL) NAS transmission.
  • the UL (or DL) NAS COUNT counters may use 24-bit internal representation and are independently maintained by UE and the MME/AMF.
  • the NAS COUNT may be constructed as a NAS sequence number (8 least significant bits) concatenated with a NAS overflow counter (16 most significant bits) .
  • the value of the uplink NAS COUNT is the value that shall be used in the next Mobile Originated (MO) NAS message
  • the value of the downlink NAS COUNT is the largest downlink NAS COUNT used in a successfully integrity checked Mobile Terminated (MT) NAS message.
  • the value of the uplink NAS COUNT is the largest uplink NAS COUNT used in a successfully integrity checked MO NAS message.
  • the value of the downlink NAS COUNT is the value that shall be used in the next MT NAS message.
  • a UE e.g., the third apparatus 130
  • the long interval e.g., 24-hour
  • the UE’s traffic profile e.g., the MO data every 12-hour
  • a satellite e.g., the first apparatus 110 or the second apparatus 120
  • the satellite may visit the geo-area of the NTN-GW and connect with the ground station (e.g., the fourth apparatus 140) .
  • a first satellite may determine a first context at least indicating information with a second satellite for serving a UE.
  • the information may be generated by the first satellite itself or obtained from a CN device on the ground.
  • the first satellite may transmit the first context to the UE and/or the second satellite for communication protection between the UE and the second satellite.
  • the second satellite determine, based on the first context, a security context comprising at least one of a NAS security context or an AS security context, for protecting communication between the second satellite and the UE; and maintain the security context for further communication with the UE, after the UE is disconnected when the second satellite move out of the geographical area of the UE.
  • the UE After the UE obtains the first context, the UE determine, based on the first context, a security context comprising at least one of a NAS security context or an AS security context, for protecting communication between the second satellite and the UE; and maintain a security context and/or key for communication with the first satellite, and another security context and/or key for communication with the second satellite.
  • a security context comprising at least one of a NAS security context or an AS security context
  • FIG. 2 shows a signaling chart 200 for communication according to some example embodiments of the present disclosure.
  • the signaling chart 200 involves the first apparatus 110, the second apparatus 120, the third apparatus 130 and the fourth apparatus 140.
  • FIG. 1 shows the signaling chart 200.
  • the first apparatus 110 may comprise an AN function 211 and a S&F function (SSF) 212.
  • the second apparatus 120 may comprise a AN function 221 and a SSF function 222.
  • the SFF function may be part of the AN function.
  • the fourth apparatus 140 may comprise an NTN-GW 241, a central manager 242 and a GS CN node 243.
  • the SFF 212 on the first apparatus 110 which handles an initial registration of the third apparatus 130 may generate the multiple S&F UE context to be used by other related satellites (e.g., the second apparatus) and the third apparatus 130.
  • the third apparatus 130 may register (205) with the core network (e.g., the GS CN node 243) via the first apparatus 110.
  • the third apparatus 130 and the first apparatus 110 may have at least one common key and a related security context, such as a security context specified in clause 6.3 of 3GPP TS 33.501 V18.3.0 (2023-09) .
  • the security context may comprise for example UL NAS COUNT and DL NAS COUNT, among other information elements.
  • the security context may be established during a normal registration procedure of the third apparatus to the core network.
  • the registration procedure may comprise primary authentication, as specified for example in clause 6.1 of 3GPP TS 33.501 V18.3.0 (2023-09) .
  • the at least one common key may be generated based on the security context, using for example key derivation, such as specified in clause 6.2 of 3GPP TS 33.501 V18.3.0 (2023-09) .
  • the at least one common key may comprise one or more non-access stratum (NAS) keys, and/or one or more access stratums (AS) keys.
  • a NAS key may be a NAS encryption key or a NAS integrity protection key, for example.
  • An AS key may be an AS encryption key or an AS integrity protection key.
  • the security context and/or the at least one common key are used to protect communication between the third apparatus 130 and the first apparatus 110, and hereinafter may also be referred to as a first security context and at least one first key, correspondingly.
  • the third apparatus 130 and the first apparatus 110 may maintain the first security context and/or the at least one first key.
  • the first apparatus 110 for example, the SFF 212 on the first apparatus 110 may determine (210) a S&F UE context (herein after may also be referred to as a first context) indicating information associated with at least one satellite for serving the third apparatus 130.
  • a S&F UE context herein after may also be referred to as a first context
  • the SFF 212 on the first apparatus 110 may determine the related satellites to serve the third apparatus 130, e.g. the first apparatus 110 and the second apparatus 120.
  • the SFF 212 on the first apparatus 110 may generate a S&F UE context. which is to be distributed to the third apparatus 130 and the second apparatus 120 and are further used by the third apparatus 130 and the second apparatus 120 to derive the corresponding keys to protect the communication between the third apparatus 130 and the second apparatus 120.
  • the S&F UE context may be unique per UE and per satellite.
  • the S&F UE context includes the information for at least of the related satellite, e.g., the second apparatus 120.
  • the third apparatus 130 and the second apparatus 120 may use the S&F UE context to derive the related NAS Security context (e.g., a UL NAS COUNT, a DL NAS COUNT, etc) and at least one NAS key (e.g., a NAS integrity key, a NAS encryption key, etc) , which are used to protect the NAS communication between the third apparatus 130 and the second apparatus 120.
  • the related NAS Security context e.g., a UL NAS COUNT, a DL NAS COUNT, etc
  • at least one NAS key e.g., a NAS integrity key, a NAS encryption key, etc
  • the third apparatus 130 and the second apparatus 120 may use the S&F UE context to derive the related AS security context and at least one AS key (e.g., an AS integrity protection key and/or an AS encryption key) , which are used to protect AS communication using Radio Resource Control (RRC) protocol between the third apparatus 130 and the second apparatus 120.
  • RRC Radio Resource Control
  • the S&F UE context may include following information such as an identifier (ID) to identify the second apparatus, an identifier to identify the third apparatus, a key (e.g., Key#2) and a random number, a condition indicating when this S&F UE context is to be activated, a sequence number (SQN) , and/or an ID of the third apparatus.
  • ID an identifier
  • Key#2 an identifier to identify the third apparatus
  • a key e.g., Key#2
  • SQN sequence number
  • the ID to identify the second apparatus may be an ID of a satellite hosting the second apparatus, or an ID of the second apparatus (for example, eNB/gNB) embarked on the satellite, or an ID of the CN node (for example, MME/AMF) embarked on the satellite.
  • an ID of the second apparatus for example, eNB/gNB
  • an ID of the CN node for example, MME/AMF
  • the key (e.g., Key#2) is not sent to the third apparatus 130 because the third apparatus 130 can derive the key based on the common key, the ID of the second apparatus 120, the random number, etc.
  • the condition indicating when this S&F UE context is to be activated may avoid the case that the second apparatus 120 arrives at the location of the third apparatus 130 and starts to communicate with the apparatus 130, before the second apparatus 120 obtains the S&F UE context, for example, from the fourth apparatus 140.
  • the S&F UE context may also include a UL NAS COUNT and a DL NAS COUNT for the case of co-located architecture.
  • the UL NAS COUNT and the DL NAS COUNT may be used when a configuration requires the NAS COUNT used by the third apparatus 130 and the second apparatus 120 start from a non-default value, rather from the default value 0.
  • the default value 0 is used (same as current NAS COUNT starting from 0) .
  • the UL NAS COUNT start value may be set to 0 for the third apparatus 130 communications with the first apparatus 110, and the UL NAS COUNT start value may be set to 7 for the third apparatus 130 communications with the second apparatus 120.
  • the point is third apparatus 130 may maintain a per satellite NAS COUNT value.
  • the S&F UE context may also include a Packet Data Convergence Protocol (PDCP) SN in case of the classic architecture, which may be similar with the NAS COUNT, but for an AS COUNT.
  • PDCP Packet Data Convergence Protocol
  • the first apparatus 110 may provide (215) the third apparatus 130 with the S&F UE context for each satellite other than the first apparatus 110 that the third apparatus 130 can communicate with (e.g., for the second apparatus 120) by using the first security context and at least one first key previously maintained at the first apparatus 110.
  • the third apparatus 130 may determine/derive, based on the S&F UE context, a second security context comprising at least one of a second NAS security context, at least one of a NAS key, a second AS security context, or at least one of an AS key, for protecting communication between the second apparatus 120 and the third apparatus 130 and maintain the determined/derived security context and at least one related key, which may also be referred to as a second security context and at least one second key hereinafter.
  • a second security context comprising at least one of a second NAS security context, at least one of a NAS key, a second AS security context, or at least one of an AS key
  • the information associated with the security context comprising a pair of the ID of the second apparatus and a random value may transmitted to the third apparatus 130 along with the S&F UE context.
  • the third apparatus 130 is able to determine the security context used to protect the communication between the third apparatus 130 and the further satellites (for example, the second apparatus 120) , in addition to the security context used to protect the communication between the third apparatus 130 and the first satellite (i.e., the first apparatus 110) .
  • the third apparatus 130 maintains separate security context for communication with each related satellite. For example, the third apparatus 130 maintains a security context for communication with the first apparatus 110, and another security context for communication with the second apparatus 120.
  • the third apparatus 130 maintains separate security context even after the related satellite stops serving the third apparatus 130, for example, the related satellite moves out of the geographical area of the third apparatus 130, and the third apparatus 130 is disconnected from the related satellite.
  • the maintained security context can be used later by the third apparatus 130 to protect the further communication with the related satellite, for example, when the related satellite re-enters the geographical area of the third apparatus 130 and starts to serve the third apparatus 130.
  • the key (e.g., Key#2) is not sent to the third apparatus 130 because the third apparatus 130 can derive the key based on the common key, the ID of the second apparatus 120 and the random number, etc.
  • the third apparatus 130 maintains separate key for communication with each related satellite. For example, the third apparatus 130 maintains a key for communication with the first apparatus 110, and another key for communication with the second apparatus 120.
  • the third apparatus 130 maintains separate security key even after the related satellite stops serving the third apparatus 130, for example, the related satellite moves out of the geographical area of the third apparatus 130, and the third apparatus 130 is disconnected from the related satellite.
  • the maintained key can be used later by the third apparatus 130 to protect the further communication with the related satellite, for example, when the related satellite re-enters the geographical area of the third apparatus 130 and starts to serve the third apparatus 130.
  • the first apparatus 110 may upload (220) the derived S&F UE context for each related satellite (e.g., for the second apparatus 120) to the fourth apparatus 140, for example, to the central manager 242.
  • the second apparatus 120 may obtain (225) the S&F UE context for the second apparatus 120 from the fourth apparatus 140, for example, from the central manager 242.
  • the SFF 222 on the second apparatus 120 may use the received S&F UE context to derive the related NAS (or AS) keys which are to be used to protect the NAS (or AS) communication between the second apparatus 120 and the third apparatus 130.
  • the second apparatus 120 maintains the S&F UE context and the related NAS (or AS) keys or the security context for further communication with the third apparatus 130.
  • the second apparatus 120 maintains the security context for the third apparatus 130 even after the second apparatus 120 stops serving the third apparatus 130, for example, the second apparatus 120 or the related satellite moves out of the geographical area of the third apparatus 130, and the third apparatus 130 is disconnected from the second apparatus 120.
  • the maintained security context can be used later by the second apparatus 120 to protect the further communication with the third apparatus 130, for example, when the second apparatus 120 or the related satellite re-enters the geographical area of the third apparatus 130 and starts to serve the third apparatus 130.
  • the second apparatus 120 may generate a random number and use this random number and the received S&F UE context to derive the NAS (or AS) keys.
  • the third apparatus 130 may know the second apparatus 120 and use the NAS (or AS) security context related to the second apparatus 120, e.g., NAS COUNT start value is 7, to protect the MO NAS.
  • third apparatus 130 may send (230) 3 MO NAS with UL NAS COUNT, e.g., 7, 8 and 9 to the second apparatus 120.
  • the second apparatus 120 may use the stored NAS security context related to the third apparatus 130, e.g., an NAS key, UL NAS COUNT start value is 7, to check (235) the integrity of the received NAS and decrypt it.
  • the security context is updated in both the second apparatus 120 and the third apparatus 130.
  • the updated security context is related to the communication with the second apparatus 120, and it does not affect the stored other security context related to the communication with other satellite (e.g., the first apparatus 110) .
  • the second apparatus 120 it maintains the updated security context for further communication with the third apparatus 130.
  • the second apparatus 120 maintains the security context for the third apparatus 130, even after the third apparatus 130 is disconnected, for example, when the satellite (i.e., the second apparatus 120) move out and stops serving the third apparatus 130, or after third apparatus 130 setup communication with other satellite (e.g., the first apparatus 110) .
  • the second apparatus 120 maintains the stored S&F UE context and the related NAS (or AS) keys for the third apparatus 130, until the third apparatus 130 will not connect with second apparatus 120 anymore, for example, the third apparatus 130 is de-registered or detached or a timer expired.
  • the second apparatus 120 may forward (240) the MO data to the fourth apparatus 140.
  • the third apparatus 130 may know the first apparatus 110 based on the received S&F UE context. Then the third apparatus 130 may use the received S&F UE context received to derive the NAS (or AS) security context and use the NAS security context related to first apparatus 110, e.g., an NAS key, NAS COUNT start value 0, to protect the MO NAS. As an example, the third apparatus 130 may send (245) 1 MO NAS with UL NAS COUNT 0 to the first apparatus 110.
  • the first apparatus 110 may use the NAS security context related to the third apparatus 130 to check (250) the integrity of the received NAS and decrypt it.
  • the security context is updated in both the first apparatus 110 and the third apparatus 130.
  • the updated security context is related to the communication with the first apparatus 110, and it does not affect the stored other security context related to the communication with other satellite (e.g., the second apparatus 120) .
  • the first apparatus 110 it maintains the updated security context for further communication with the third apparatus 130.
  • the first apparatus 110 maintains the security context for the third apparatus 130, even after the UE is disconnected, for example, when the satellite (i.e., the first apparatus 110) move out the geographical area of the third apparatus 130 and stops serving the third apparatus 130, or after third apparatus 130 setup communication with other satellite (e.g., the second apparatus 120) .
  • the first apparatus 110 maintains the stored S&F UE context and the related NAS (or AS) keys for the third apparatus 130, until the third apparatus 130 will not connect with first apparatus 110 anymore, for example, the third apparatus 130 is de-registered or detached or a timer expired.
  • the first apparatus 110 may forward (255) the MO data to the fourth apparatus 140.
  • the process as described with FIG. 2 explains the case where the first apparatus 110 generates a S&F UE context by itself. It is also possible that the S&F UE context may be generated at the fourth apparatus 140, e.g., the ground station (for example, a CN device on the ground) , which will be described with reference to FIG. 3 as below.
  • the ground station for example, a CN device on the ground
  • FIG. 3 shows a signaling chart 300 for communication according to some example embodiments of the present disclosure.
  • the signaling chart 300 involves the first apparatus 110, the second apparatus 120, the third apparatus 130 and the fourth apparatus 140.
  • FIG. 1 shows the signaling chart 300.
  • the first apparatus 110 may comprise an AN function 311 and a SSF 312.
  • the second apparatus 120 may comprise an AN function 321 and a SFF 322.
  • the SFF function may be part of the AN function.
  • the fourth apparatus 140 may comprise an NTN-GW 341, a central manager 342 and a GS CN node 343.
  • An SFF 344 may be located at the central manager 342.
  • the SFF 312 on the first apparatus 110 which handles an initial registration of the third apparatus 130 may generate the multiple S&F UE context to be used by other related satellites (e.g., the second apparatus) and the third apparatus 130.
  • the fourth apparatus 140 may generate (310) the S&F UE context for at least one satellite that will serve the third apparatus 130.
  • the SFF 344 on the central manager 342 may determine the related satellites to serve the third apparatus 130, e.g. the first apparatus 110 and the second apparatus 120.
  • the fourth apparatus 140 may generate the S&F UE context (hereinafter may also be referred to as a second context) for each related satellite except the first apparatus 110.
  • the S&F UE context (i.e., the second context) generated by the fourth apparatus 140 may have similar content as that in the S&F UE context (i.e., the first context) generated by the first apparatus 110.
  • the content in the S&F UE context (i.e., the first context) generated by the first apparatus 110 has been described with reference to FIG. 2, which is omitted here.
  • the fourth apparatus 140 may send (315) the generated S&F UE context to the first apparatus 110, for example, the SFF 312, except the key.
  • the first apparatus 110 may forward (320) the S&F UE context, e.g., to be used for communication with the second apparatus 120, to the third apparatus 130.
  • the second apparatus 120 may obtain (325) the S&F UE context for the second apparatus 120 from the fourth apparatus 140, for example, from the central manager 342.
  • third apparatus 130 may know it is communicating with the second apparatus 120 and use the NAS (or AS) security context related to the second apparatus 120 to protect the MO NAS.
  • third apparatus 130 may send (330) an MO NAS with UL NAS COUNT, e.g., 7, to the second apparatus 120.
  • the second apparatus 120 may use the stored NAS security context related to the third apparatus 130, e.g., an NAS key, UL NAS COUNT start value is 7, to check (335) the integrity of the received NAS and decrypt it.
  • the stored NAS security context related to the third apparatus 130 e.g., an NAS key, UL NAS COUNT start value is 7, to check (335) the integrity of the received NAS and decrypt it.
  • the second apparatus 120 may forward (340) the MO data to the fourth apparatus 140.
  • the third apparatus 130 may know it is communicating with the first apparatus 110.
  • the third apparatus 130 may use the previously received S&F UE context received to derive the NAS (or AS) security context and use the NAS security context related to first apparatus 110, e.g., an NAS key, NAS COUNT start value 0, to protect the MO NAS.
  • the third apparatus 130 may send (345) 1 MO NAS with UL NAS COUNT 7 to the first apparatus 110.
  • the first apparatus 110 may use the NAS security context related to the third apparatus 130 to check (350) the integrity of the received NAS and decrypt it.
  • the first apparatus 110 may forward (355) the MO data to the fourth apparatus 140.
  • FIG. 4 shows a signaling chart 400 for communication according to some example embodiments of the present disclosure.
  • the signaling chart 400 involves the first apparatus 110, the second apparatus 120, the third apparatus 130 and the fourth apparatus 140.
  • FIG. 1 shows the signaling chart 400.
  • the first apparatus 110 may comprise a gNB 411 and an AMF 412.
  • the second apparatus 120 may comprise a gNB 421 and an AMF 422.
  • the fourth apparatus 140 may comprise an NTN-GW 241, a central manager 242 and a GS CN node 243.
  • the third apparatus 130 may register (405) to the fourth apparatus 140.
  • the AMF 412 at the first apparatus 110 may generate (410) the S&F UE context (i.e., the first context) .
  • the S&F UE context may also comprise information associated with the security context comprises a pair of an identifier of the related satellite (e.g., an ID of the second apparatus 120) and a random value.
  • the AMF 412 at the first apparatus 110 may provide (415) the generate S&F UE context to the third apparatus 130 and provide (420) information associated with the security context to the third apparatus 130 through an NAS secure message.
  • the first apparatus 110 may upload (425) the derived S&F UE context for each related satellite (e.g., for the second apparatus 120) (e.g., K AMF ) along with the pair of an identifier of the related satellite (e.g., an ID of the second apparatus 120) and a random value to the fourth apparatus 140.
  • the related satellite e.g., for the second apparatus 120
  • K AMF e.g., K AMF
  • the second apparatus 120 may obtain (430) the S&F UE context for the second apparatus 120 from the fourth apparatus 140.
  • the obtained S&F UE context for the second apparatus 120 may comprise a NAS key generated by the fourth apparatus 140, e.g., by the central manager 442 based on the pair of an identifier of the second apparatus 120 and a random value.
  • the obtained S&F UE context for the second apparatus 120 comprises the K AMF and the random value.
  • the second apparatus 120 generate the NAS key based on the received K AMF and the random value.
  • the third apparatus 130 may know that it is connected to the first apparatus 110 (e.g., the first apparatus 110 may broadcast its ID to the third apparatus 130) , so the third apparatus 130 may use the NAS (or AS) security context related to the first apparatus 110, e.g., a UL NAS COUNT, to protect the communication between the third apparatus 130 and the first apparatus 110, for example, to protect the MO NAS, and send (435) the protected NAS packet to the first apparatus 110.
  • the NAS or AS
  • the third apparatus 130 may use the NAS (or AS) security context related to the first apparatus 110, e.g., a UL NAS COUNT, to protect the communication between the third apparatus 130 and the first apparatus 110, for example, to protect the MO NAS, and send (435) the protected NAS packet to the first apparatus 110.
  • the first apparatus 110 may use the stored NAS security context related to the third apparatus 130 to check (440) the integrity of the received NAS and decrypt it. After that, when the first apparatus 110 have connection with the fourth apparatus 140, the first apparatus 110 may forward (445) the MO data to the fourth apparatus 140.
  • the third apparatus 130 may know that it is connected to the second apparatus 120 (e.g., the second apparatus 120 may broadcast its ID to the third apparatus 130) , so the third apparatus 130 may use the NAS (or AS) security context, the random value and generate K AMF ' related to the second apparatus 120. Then the third apparatus 130 may generate NAS and/or AS key (s) and use it to protect the communication between the third apparatus 130 and the second apparatus 120, for example, to protect the MO NAS, and send (450) the protected NAS packet to the second apparatus 120, e.g., to the AMF 422.
  • the third apparatus 130 may know that it is connected to the second apparatus 120 (e.g., the second apparatus 120 may broadcast its ID to the third apparatus 130) , so the third apparatus 130 may use the NAS (or AS) security context, the random value and generate K AMF ' related to the second apparatus 120. Then the third apparatus 130 may generate NAS and/or AS key (s) and use it to protect the communication between the third apparatus 130 and the second apparatus 120,
  • the second apparatus 120 or the AMF 422 may use the stored NAS security context related to the third apparatus 130 to generate (455) the K AMF ' and NAS keys and decrypt the NAS packet.
  • the second apparatus 120 may forward (460) the NAS packet to the fourth apparatus 140.
  • K AMF ' K AMF ' from K AMF during mobility for satellite use case may use the following input parameters:
  • the input key may be K AMF available in the Unstructured Data Storage Network Function (UDSF) .
  • UDSF Unstructured Data Storage Network Function
  • “DIRECTION” shall be 0x00 and RAND may be the value received from UDSF.
  • the third apparatus 130 and the second apparatus 120 may use the S&F UE context to derive the NAS security context and AS security context.
  • the third apparatus 130 and the second apparatus 120 may use the S&F UE context to derive the AS security context.
  • the UE may maintain different AS or NAS security context (e.g., NAS key, NAS COUNT) for each related satellite, and each related satellite maintains its own AS or NAS security context for the UE.
  • AS or NAS security context e.g., NAS key, NAS COUNT
  • all related satellites do not need to synchronize the UE context (e.g., using a single NAS key, or a single NAS COUNT) , which is impossible in some S&F deployment.
  • FIG. 5 shows a flowchart of an example method 500 implemented at a first apparatus in accordance with some example embodiments of the present disclosure. For the purpose of discussion, the method 500 will be described from the perspective of the first apparatus 110 in FIG. 1.
  • the first apparatus determines a first context at least indicating information associated with a second apparatus for serving a third apparatus.
  • the first apparatus transmits the first context to at least one of the third apparatus or the second apparatus for communication protection between the third apparatus and the second apparatus.
  • the method 500 further comprises: obtaining a first security context and/or at least one first key for protecting communication between the first apparatus and the third apparatus, the first security context comprising at least one of a first non-access stratum, NAS, security context or a first access stratum, AS, security context; and maintaining the first security context and/or the at least one first key for protecting communication with the third apparatus; wherein the transmitting the first context to the third apparatus comprises using the first security context and/or the at least one first key for protecting communication between the third apparatus and the first apparatus.
  • the obtaining the first security context and/or the at least one first key comprises performing primary authentication with the third apparatus; and the obtaining the at least one first key comprises determining the at least one first key based on the first security context.
  • the determining the at least one first key based on the first security context comprises performing key derivation based on the first security context.
  • the at least one first key comprises at least one of: one or more first NAS keys related to NAS security; or one or more first AS keys related to AS security.
  • the first context comprises at least one of the following: an identifier of the second apparatus, an identifier of the third apparatus, information associated with a second NAS security context, information associated with a second AS security context; a condition indicating when the first context is to be activated, a sequence number, an uplink non-access stratum, NAS, count and a downlink NAS count, or a packet data convergence protocol sequence number.
  • the method 500 further comprises: determine the first context based on at least one of: a traffic profile of the third apparatus; a trajectory information of the second apparatus; an ephemeris information of the second apparatus; or a second context received from a fourth apparatus.
  • the method 500 further comprises: transmitting, to the second apparatus via a fourth apparatus, the first context along with the information associated with the second NAS security context and/or the second AS security context, comprising at least one of: a random value, or a second NAS key related to NAS security, or a second AS key related to AS security for the communication protection between the third apparatus and the second apparatus.
  • the method 500 further comprises: transmitting the third apparatus by using the first security context and/or the at least one first key for protecting communication between the third apparatus and the first apparatus the first context along with the information associated with the second NAS security context and/or the second AS security context, comprising a pair of an identifier of the second apparatus and a random value.
  • the method 500 further comprises: transmitting from an AMF at the first apparatus to the third apparatus, the first context along with the information associated with the second NAS security context or the second AS security context comprising a pair of an identifier of the second apparatus and a random value.
  • the fourth apparatus comprises or is comprised in one of a radio access network device or a core network device.
  • the first apparatus comprises or is comprised in one of a radio access network device or a core network device
  • the second apparatus comprises or is comprised in a radio access network device
  • the third apparatus comprises or is comprised in a terminal device.
  • FIG. 6 shows a flowchart of an example method 600 implemented at a second apparatus in accordance with some example embodiments of the present disclosure. For the purpose of discussion, the method 600 will be described from the perspective of the second apparatus 120 in FIG. 1.
  • the second apparatus 120 receives a first context, from a first apparatus or a fourth apparatus, at least indicating information associated with the second apparatus for serving a third apparatus.
  • the second apparatus 120 determines, based on the first context, a second security context and/or at least one second key, the second security context comprising at least one of a second non-access stratum, NAS, security context or a second access stratum, AS, security context, for protecting communication between the second apparatus and the third apparatus.
  • the second apparatus 120 maintains the second security context for further communication with the third apparatus, after the third apparatus is disconnected.
  • the determining the at least one second key comprises determining the at least one second key based on the second security context.
  • the determining the at least one second key based on the second security context comprises performing key derivation based on the second security context.
  • the at least one second key comprises at least one of: one or more second NAS keys related to NAS security; or one or more second AS keys related to AS security.
  • the first context comprises at least one of the following: an identifier of the second apparatus, an identifier of the third apparatus, information associated with a second NAS security context, information associated with a second AS security context; a condition indicating when the first context is to be activated, a sequence number, an uplink non-access stratum, NAS, counting and a downlink NAS count, or a packet data convergence protocol sequence number.
  • the method 600 further comprises: receiving the first context from the fourth apparatus, wherein the information associated with the second security context comprises at least one of: a random value, or a second NAS key or a second AS key for the communication protection between the third apparatus and the second apparatus.
  • the method 600 further comprises: receiving the first context from an access and mobility management function at the first apparatus, wherein the information associated with the second security context comprise a pair of an identifier of the second apparatus and a random value.
  • the method 600 further comprises: determining, at least based on the information associated with the second security context, a second key for the communication protection between the third apparatus and the second apparatus, wherein the second key comprises a second NAS key related to NAS security or a second AS key related to AS security; performing a security check of the third apparatus during a connection establishment between the third apparatus and the second apparatus at least based on the second key; and in response to a success of the security check, establishing a connection between the third apparatus and the second apparatus.
  • the first apparatus comprises or is comprised in one of a radio access network device or a core network device
  • the second apparatus comprises or is comprised in a radio access network device
  • the third apparatus comprises or is comprised in a terminal device
  • the fourth apparatus comprises or is comprised in one of a radio access network device or a core network device.
  • FIG. 7 shows a flowchart of an example method 700 implemented at a third apparatus in accordance with some example embodiments of the present disclosure. For the purpose of discussion, the method 700 will be described from the perspective of the third apparatus 130 in FIG. 1.
  • the third apparatus 130 obtains a first security context and/or at least one first key for protecting communication between the third apparatus and the first apparatus, comprising at least one of a first NAS security context or a first AS security context.
  • the third apparatus 130 also determines at least one of a first NAS key or a first AS key.
  • the third apparatus 130 maintains the first security context and/or the at least one first key for protecting communication with the first apparatus.
  • the third apparatus 130 receives a first context, from a first apparatus by using the first security context and/or the at least one first key for protecting communication between the third apparatus and the first apparatus, at least indicating information associated with a second apparatus for serving the third apparatus.
  • the third apparatus 130 determines, based on the first context, a second security context and/or at least one second key comprising at least one of a second NAS security context or a second AS security context, and/or at least one of a second NAS key or a second AS key, for protecting communication between the second apparatus and the third apparatus.
  • the third apparatus 130 maintains the second security context and/or the at least one second key for communication with the second apparatus.
  • the obtaining the first security context comprises performing primary authentication with the first apparatus; the obtaining the at least one first key comprises determining the at least one first key based on the first security context; and the obtaining the at least one second key comprises determining the at least one second key based on the second security context.
  • the determining the at least one first key based on the first security context comprises performing key derivation based on the first security context; and wherein the determining the at least one second key based on the second security context comprises performing key derivation based on the second security context.
  • the at least one first key comprises at least one of: one or more first NAS keys related to NAS security; or one or more first AS keys related to AS security; and wherein the at least one second key comprises at least one of: one or more second NAS keys related to NAS security; or one or more second AS keys related to AS security.
  • the method 700 further comprises: in response to the determining the second security context and/or the at least one second key, maintaining both of: the first security context and/or the at least one first key, for protecting communication with the first apparatus; and the second security context and/or the at least one second key, for protecting communication with the second apparatus.
  • the first context comprises at least one of the following: an identifier of the second apparatus, an identifier of the third apparatus, information associated with a second NAS security context, information associated with a second AS security context; a condition indicating when the first context is to be activated, a sequence number, an uplink non-access stratum, NAS, counting and a downlink NAS count, or a packet data convergence protocol sequence number.
  • the method 700 further comprises: obtaining the first context from the first apparatus, wherein the information associated with the security context comprises a random value.
  • the method 700 further comprises: obtaining the first context from the first apparatus, wherein the information associated with the security context comprise a pair of an identifier of the second apparatus and a random value.
  • the method 700 further comprises: determining, at least based on the information associated with the security context, a key related to the NAS security or the AS security for the communication protection between the third apparatus and the second apparatus; and using the key for a security check during a connection establishment between the third apparatus and the second apparatus.
  • the first apparatus comprises or is comprised in one of a radio access network device or a core network device
  • the second apparatus comprises or is comprised in a radio access network device
  • the third apparatus comprises or is comprised in a terminal device.
  • a first apparatus capable of performing any of the method 500 may comprise means for performing the respective operations of the method 500.
  • the means may be implemented in any suitable form.
  • the means may be implemented in a circuitry or software module.
  • the first apparatus may be implemented as or included in the first apparatus 110 in FIG. 1.
  • the first apparatus comprises means for obtaining a first context at least indicating information associated with a second apparatus for serving a third apparatus; and means for transmitting the first context to at least one of the third apparatus or the second apparatus for communication protection between the third apparatus and the second apparatus.
  • the first apparatus further comprises: means for obtaining a first security context and/or at least one first key for protecting communication between the first apparatus and the third apparatus, the first security context comprising at least one of a first non-access stratum, NAS, security context or a first access stratum, AS, security context; and means for maintaining the first security context and/or the at least one first key for protecting communication with the third apparatus; wherein means for transmitting the first context to the third apparatus comprises means for using the first security context and/or the at least one first key for protecting communication between the third apparatus and the first apparatus.
  • the obtaining the first security context and/or the at least one first key comprises performing primary authentication with the third apparatus; and the obtaining the at least one first key comprises determining the at least one first key based on the first security context.
  • the determining the at least one first key based on the first security context comprises performing key derivation based on the first security context.
  • the at least one first key comprises at least one of: one or more first NAS keys related to NAS security; or one or more first AS keys related to AS security.
  • the first context comprises at least one of the following: an identifier of the second apparatus, an identifier of the third apparatus, information associated with a second NAS security context, information associated with a second AS security context; a condition indicating when the first context is to be activated, a sequence number, means for an uplink non-access stratum, NAS, counting and a downlink NAS count, or a packet data convergence protocol sequence number.
  • the first apparatus further comprises: means for determining the first context based on at least one of: a traffic profile of the third apparatus; a trajectory information of the second apparatus; an ephemeris information of the second apparatus; or a second context received from a fourth apparatus.
  • the first apparatus further comprises: means for transmitting, to the second apparatus via a fourth apparatus, the first context along with the information associated with the second NAS security context and/or the second AS security context, comprising at least one of: a random value, or a second NAS key related to NAS security, or a second AS key related to AS security for the communication protection between the third apparatus and the second apparatus.
  • the first apparatus further comprises: means for transmitting the third apparatus by using the first security context and/or the at least one first key for protecting communication between the third apparatus and the first apparatus the first context along with the information associated with the second NAS security context and/or the second AS security context, comprising a pair of an identifier of the second apparatus and a random value.
  • the first apparatus further comprises: means for transmitting from an AMF at the first apparatus to the third apparatus, the first context along with the information associated with the second NAS security context or the second AS security context comprising a pair of an identifier of the second apparatus and a random value.
  • the fourth apparatus comprises or is comprised in one of a radio access network device or a core network device.
  • the first apparatus comprises or is comprised in one of a radio access network device or a core network device
  • the second apparatus comprises or is comprised in a radio access network device
  • the third apparatus comprises or is comprised in a terminal device.
  • the first apparatus further comprises means for performing other operations in some example embodiments of the method 500 or the first apparatus 110.
  • the means comprises at least one processor; and at least one memory storing instructions that, when executed by the at least one processor, cause the performance of the first apparatus.
  • a second apparatus capable of performing any of the method 600 may comprise means for performing the respective operations of the method 600.
  • the means may be implemented in any suitable form.
  • the means may be implemented in a circuitry or software module.
  • the second apparatus may be implemented as or included in the second apparatus 120 in FIG. 1.
  • the second apparatus comprises means for receiving a first context, from a first apparatus or a fourth apparatus, at least indicating information associated with the second apparatus for serving a third apparatus; means for determining, based on the first context, a second security context and/or at least one second key, the second security context comprising at least one of a second non-access stratum, NAS, security context or a second access stratum, AS, security context, for protecting communication between the second apparatus and the third apparatus; and means for maintaining the second security context for further communication with the third apparatus, after the third apparatus is disconnected.
  • means for determining the at least one second key comprises means for determining the at least one second key based on the second security context.
  • means for determining the at least one second key based on the second security context comprises means for performing key derivation based on the second security context.
  • the at least one second key comprises at least one of: one or more second NAS keys related to NAS security; or one or more second AS keys related to AS security.
  • the first context comprises at least one of the following: an identifier of the second apparatus, an identifier of the third apparatus, information associated with a second NAS security context, information associated with a second AS security context; a condition indicating when the first context is to be activated, a sequence number, means for an uplink non-access stratum, NAS, counting and a downlink NAS count, or a packet data convergence protocol sequence number.
  • the second apparatus further comprises: means for receiving the first context from the fourth apparatus, wherein the information associated with the second security context comprises at least one of: a random value, or a second NAS key or a second AS key for the communication protection between the third apparatus and the second apparatus.
  • the second apparatus further comprises: means for receiving the first context from an access and mobility management function at the first apparatus, wherein the information associated with the second security context comprise a pair of an identifier of the second apparatus and a random value.
  • the second apparatus further comprises: means for determining, at least based on the information associated with the second security context, a second key for the communication protection between the third apparatus and the second apparatus, wherein the second key comprises a second NAS key related to NAS security or a second AS key related to AS security; means for performing a security check of the third apparatus during a connection establishment between the third apparatus and the second apparatus at least based on the second key; and means for in response to a success of the security check, establishing a connection between the third apparatus and the second apparatus.
  • the first apparatus comprises or is comprised in one of a radio access network device or a core network device
  • the second apparatus comprises or is comprised in a radio access network device
  • the third apparatus comprises or is comprised in a terminal device
  • the fourth apparatus comprises or is comprised in one of a radio access network device or a core network device.
  • the second apparatus further comprises means for performing other operations in some example embodiments of the method 600 or the second apparatus 120.
  • the means comprises at least one processor; and at least one memory storing instructions that, when executed by the at least one processor, cause the performance of the second apparatus.
  • a third apparatus capable of performing any of the method 700 may comprise means for performing the respective operations of the method 700.
  • the means may be implemented in any suitable form.
  • the means may be implemented in a circuitry or software module.
  • the third apparatus may be implemented as or included in the third apparatus 130 in FIG. 1.
  • the third apparatus comprises means for obtaining a first security context and/or at least one first key for protecting communication between the third apparatus and the first apparatus, comprising at least one of a first NAS security context or a first AS security context; means for maintaining the first security context and/or the at least one first key for protecting communication with the first apparatus; means for receiving a first context, from a first apparatus by using the first security context and/or the at least one first key for protecting communication between the third apparatus and the first apparatus, at least indicating information associated with a second apparatus for serving the third apparatus; means for determining, based on the first context, a second security context and/or at least one second key for protecting communication between the second apparatus and the third apparatus, the second security context comprising at least one of a second NAS security context or a second AS security context; and means for maintaining the second security context and/or the at least one second key for communication with the second apparatus.
  • means for obtaining the first security context comprises means for performing primary authentication with the first apparatus; means for obtaining the at least one first key comprises means for determining the at least one first key based on the first security context; and means for obtaining the at least one second key comprises means for determining the at least one second key based on the second security context.
  • means for determining the at least one first key based on the first security context comprises means for performing key derivation based on the first security context; and wherein means for determining the at least one second key based on the second security context comprises means for performing key derivation based on the second security context.
  • the at least one first key comprises at least one of: one or more first NAS keys related to NAS security; or one or more first AS keys related to AS security; and wherein the at least one second key comprises at least one of: one or more second NAS keys related to NAS security; or one or more second AS keys related to AS security.
  • the third apparatus further comprises: means for, in response to the determining the second security context, maintaining both of: the first security context and/or the at least one first key, for protecting communication with the first apparatus; and the second security context and/or the at least one second key, for protecting communication with the second apparatus.
  • the first context comprises at least one of the following: an identifier of the second apparatus, an identifier of the third apparatus, information associated with a second NAS security context, information associated with a second AS security context; a condition indicating when the first context is to be activated, a sequence number, means for an uplink non-access stratum, NAS, counting and a downlink NAS count, or a packet data convergence protocol sequence number.
  • the third apparatus further comprises: means for obtaining the first context from the first apparatus, wherein the information associated with the security context comprises a random value.
  • the third apparatus further comprises: means for obtaining the first context from the first apparatus, wherein the information associated with the security context comprise a pair of an identifier of the second apparatus and a random value.
  • the third apparatus further comprises: means for determining, at least based on the information associated with the security context, a key related to the NAS security or the AS security for the communication protection between the third apparatus and the second apparatus; and using the key for a security check during a connection establishment between the third apparatus and the second apparatus.
  • the first apparatus comprises or is comprised in one of a radio access network device or a core network device
  • the second apparatus comprises or is comprised in a radio access network device
  • the third apparatus comprises or is comprised in a terminal device.
  • the third apparatus further comprises means for performing other operations in some example embodiments of the method 700 or the third apparatus 130.
  • the means comprises at least one processor; and at least one memory storing instructions that, when executed by the at least one processor, cause the performance of the third apparatus.
  • FIG. 8 is a simplified block diagram of a device 800 that is suitable for implementing example embodiments of the present disclosure.
  • the device 800 may be provided to implement a communication device, for example, the first apparatus 110, the second apparatus 120 or the third apparatus 130 as shown in FIG. 1.
  • the device 800 includes one or more processors 810, one or more memories 820 coupled to the processor 810, and one or more communication modules 840 coupled to the processor 810.
  • the communication module 840 is for bidirectional communications.
  • the communication module 840 has one or more communication interfaces to facilitate communication with one or more other modules or devices.
  • the communication interfaces may represent any interface that is necessary for communication with other network elements.
  • the communication module 840 may include at least one antenna.
  • the processor 810 may be of any type suitable to the local technical network and may include one or more of the following: general purpose computers, special purpose computers, microprocessors, digital signal processors (DSPs) and processors based on multicore processor architecture, as non-limiting examples.
  • the device 800 may have multiple processors, such as an application specific integrated circuit chip that is slaved in time to a clock which synchronizes the main processor.
  • the memory 820 may include one or more non-volatile memories and one or more volatile memories.
  • the non-volatile memories include, but are not limited to, a Read Only Memory (ROM) 824, an electrically programmable read only memory (EPROM) , a flash memory, a hard disk, a compact disc (CD) , a digital video disk (DVD) , an optical disk, a laser disk, and other magnetic storage and/or optical storage.
  • ROM Read Only Memory
  • EPROM electrically programmable read only memory
  • flash memory a hard disk
  • CD compact disc
  • DVD digital video disk
  • optical disk a laser disk
  • RAM random access memory
  • a computer program 830 includes computer executable instructions that are executed by the associated processor 810.
  • the instructions of the program 830 may include instructions for performing operations/acts of some example embodiments of the present disclosure.
  • the program 830 may be stored in the memory, e.g., the ROM 824.
  • the processor 810 may perform any suitable actions and processing by loading the program 830 into the RAM 822.
  • the example embodiments of the present disclosure may be implemented by means of the program 830 so that the device 800 may perform any process of the disclosure as discussed with reference to FIG. 2 to FIG. 7.
  • the example embodiments of the present disclosure may also be implemented by hardware or by a combination of software and hardware.
  • the program 830 may be tangibly contained in a computer readable medium which may be included in the device 800 (such as in the memory 820) or other storage devices that are accessible by the device 800.
  • the device 800 may load the program 830 from the computer readable medium to the RAM 822 for execution.
  • the computer readable medium may include any types of non-transitory storage medium, such as ROM, EPROM, a flash memory, a hard disk, CD, DVD, and the like.
  • the term “non-transitory, ” as used herein, is a limitation of the medium itself (i.e., tangible, not a signal) as opposed to a limitation on data storage persistency (e.g., RAM vs. ROM) .
  • FIG. 9 shows an example of the computer readable medium 900 which may be in form of CD, DVD or other optical storage disk.
  • the computer readable medium 900 has the program 830 stored thereon.
  • various embodiments of the present disclosure may be implemented in hardware or special purpose circuits, software, logic or any combination thereof. Some aspects may be implemented in hardware, and other aspects may be implemented in firmware or software which may be executed by a controller, microprocessor or other computing device. Although various aspects of embodiments of the present disclosure are illustrated and described as block diagrams, flowcharts, or using some other pictorial representations, it is to be understood that the block, apparatus, system, technique or method described herein may be implemented in, as non-limiting examples, hardware, software, firmware, special purpose circuits or logic, general purpose hardware or controller or other computing devices, or some combination thereof.
  • Some example embodiments of the present disclosure also provide at least one computer program product tangibly stored on a computer readable medium, such as a non-transitory computer readable medium.
  • the computer program product includes computer-executable instructions, such as those included in program modules, being executed in a device on a target physical or virtual processor, to carry out any of the methods as described above.
  • program modules include routines, programs, libraries, objects, classes, components, data structures, or the like that perform particular tasks or implement particular abstract data types.
  • the functionality of the program modules may be combined or split between program modules as desired in various embodiments.
  • Machine-executable instructions for program modules may be executed within a local or distributed device. In a distributed device, program modules may be located in both local and remote storage media.
  • Program code for carrying out methods of the present disclosure may be written in any combination of one or more programming languages.
  • the program code may be provided to a processor or controller of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the program code, when executed by the processor or controller, cause the functions/operations specified in the flowcharts and/or block diagrams to be implemented.
  • the program code may execute entirely on a machine, partly on the machine, as a stand-alone software package, partly on the machine and partly on a remote machine or entirely on the remote machine or server.
  • the computer program code or related data may be carried by any suitable carrier to enable the device, apparatus or processor to perform various processes and operations as described above.
  • Examples of the carrier include a signal, computer readable medium, and the like.
  • the computer readable medium may be a computer readable signal medium or a computer readable storage medium.
  • a computer readable medium may include but not limited to an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of the computer readable storage medium would include an electrical connection having one or more wires, a portable computer diskette, a hard disk, a random access memory (RAM) , a read-only memory (ROM) , an erasable programmable read-only memory (EPROM or Flash memory) , an optical fiber, a portable compact disc read-only memory (CD-ROM) , an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Example embodiments of the present disclosure relate to methods, devices, apparatuses and computer readable storage medium for the secure communication in Non-Terrestrial Network (NTN) Store and Forward (S&F) system. The method comprises: determining a first context at least indicating information associated with a second apparatus for serving a third apparatus; and transmitting the first context to at least one of the third apparatus or the second apparatus for communication protection between the third apparatus and the second apparatus.

Description

SECURE COMMUNICATION IN NON-TERRESTRIAL NETWORK STORE AND FORWARD SYSTEM
FIELDS
Various example embodiments of the present disclosure generally relate to the field of telecommunication and in particular, to methods, devices, apparatuses and computer readable storage medium for the secure communication in Non-Terrestrial Network (NTN) Store and Forward (S&F) system, especially for secure communication between user equipment (UE) and a plurality of satellites.
BACKGROUND
The Third Generation Partnership Project (3GPP) has initiated a discussion on satellite access and several S&F use cases are defined including both mobile terminated and originated application data.
The S&F mainly refer to Non-Geosynchronous Orbit (NGSO) satellite, and assumes the radio access network node (e.g., eNB or gNB) is hosted in the satellite. The satellite and the radio access network node (e.g., eNB or gNB) may not have simultaneous connection with UE and the Ground Station (GS) . The GS includes the NTN Gateway (NTN-GW) , Home Subscriber Server (HSS) or other core network (CN) nodes.
SUMMARY
In a first aspect of the present disclosure, there is provided a first apparatus. The first apparatus comprises at least one processor; and at least one memory storing instructions that, when executed by the at least one processor, cause the first apparatus at least to: determine a first context at least indicating information associated with a second apparatus for serving a third apparatus; and transmit the first context to at least one of the third apparatus or the second apparatus for communication protection between the third apparatus and the second apparatus.
In a second aspect of the present disclosure, there is provided a second apparatus.  The second apparatus comprises at least one processor; and at least one memory storing instructions that, when executed by the at least one processor, cause the second apparatus at least to: receive a first context, from a first apparatus or a fourth apparatus, at least indicating information associated with the second apparatus for serving a third apparatus; determine, based on the first context, a second security context and/or at least one second key, the second security context comprising at least one of a second non-access stratum, NAS, security context or a second access stratum, AS, security context, for protecting communication between the second apparatus and the third apparatus; and maintain the second security context for further communication with the third apparatus, after the third apparatus is disconnected.
In a third aspect of the present disclosure, there is provided a third apparatus. The third apparatus comprises at least one processor; and at least one memory storing instructions that, when executed by the at least one processor, cause the third apparatus at least to: obtain a first security context and/or at least one first key for protecting communication between the third apparatus and the first apparatus, comprising at least one of a first NAS security context or a first AS security context; maintain the first security context and/or the at least one first key for protecting communication with the first apparatus; receive a first context, from a first apparatus by using the first security context and/or the at least one first key for protecting communication between the third apparatus and the first apparatus, at least indicating information associated with a second apparatus for serving the third apparatus; determine, based on the first context, a second security context and/or at least one second key for protecting communication between the second apparatus and the third apparatus, the second security context comprising at least one of a second NAS security context or a second AS security context; and maintain the second security context and/or the at least one second key for communication with the second apparatus.
In a fourth aspect of the present disclosure, there is provided a method. The method comprises: determining a first context at least indicating information associated with a second apparatus for serving a third apparatus; and transmitting the first context to at least one of the third apparatus or the second apparatus for communication protection between the third apparatus and the second apparatus.
In a fifth aspect of the present disclosure, there is provided a method. The method comprises: receiving a first context, from a first apparatus or a fourth apparatus,  at least indicating information associated with the second apparatus for serving a third apparatus; determining, based on the first context, a second security context and/or at least one second key, the second security context comprising at least one of a second non-access stratum, NAS, security context or a second access stratum, AS, security context, for protecting communication between the second apparatus and the third apparatus; and maintaining the second security context for further communication with the third apparatus, after the third apparatus is disconnected.
In a sixth aspect of the present disclosure, there is provided a method. The method comprises: obtaining a first security context and/or at least one first key for protecting communication between the third apparatus and the first apparatus, comprising at least one of a first NAS security context or a first AS security context; maintaining the first security context and/or the at least one first key for protecting communication with the first apparatus; receiving a first context, from a first apparatus by using the first security context and/or the at least one first key for protecting communication between the third apparatus and the first apparatus, at least indicating information associated with a second apparatus for serving the third apparatus; determining, based on the first context, a second security context and/or at least one second key for protecting communication between the second apparatus and the third apparatus, the second security context comprising at least one of a second NAS security context or a second AS security context; and maintaining the second security context and/or the at least one second key for communication with the second apparatus.
In a seventh aspect of the present disclosure, there is provided a first apparatus. The first apparatus comprises means for determining a first context at least indicating information associated with a second apparatus for serving a third apparatus; and means for transmitting the first context to at least one of the third apparatus or the second apparatus for communication protection between the third apparatus and the second apparatus.
In an eighth aspect of the present disclosure, there is provided a second apparatus. The second apparatus comprises means for receiving a first context, from a first apparatus or a fourth apparatus, at least indicating information associated with the second apparatus for serving a third apparatus; means for determining, based on the first context, a second security context and/or at least one second key, the second security context comprising at least one of a second non-access stratum, NAS, security context or a second access stratum,  AS, security context, for protecting communication between the second apparatus and the third apparatus; and means for maintaining the second security context for further communication with the third apparatus, after the third apparatus is disconnected.
In a ninth aspect of the present disclosure, there is provided a third apparatus. The third apparatus comprises means for obtaining a first security context and/or at least one first key for protecting communication between the third apparatus and the first apparatus, comprising at least one of a first NAS security context or a first AS security context; means for maintaining the first security context and/or the at least one first key for protecting communication with the first apparatus; means for receiving a first context, from a first apparatus by using the first security context and/or the at least one first key for protecting communication between the third apparatus and the first apparatus, at least indicating information associated with a second apparatus for serving the third apparatus; means for determining, based on the first context, a second security context and/or at least one second key for protecting communication between the second apparatus and the third apparatus, the second security context comprising at least one of a second NAS security context or a second AS security context; and means for maintaining the second security context and/or the at least one second key for communication with the second apparatus.
In a tenth aspect of the present disclosure, there is provided a computer readable medium. The computer readable medium comprises instructions stored thereon for causing an apparatus to perform at least the method according to the fourth aspect.
In an eleventh aspect of the present disclosure, there is provided a computer readable medium. The computer readable medium comprises instructions stored thereon for causing an apparatus to perform at least the method according to the fifth aspect.
In a twelfth aspect of the present disclosure, there is provided a computer readable medium. The computer readable medium comprises instructions stored thereon for causing an apparatus to perform at least the method according to the sixth aspect.
In a thirteenth aspect of the present disclosure, there is provided a system. The system comprises at least one processor and at least one memory storing instructions that, when executed by the at least one processor, cause the system at least to perform: determine a first security context and/or at least one first key for protecting communication between the third apparatus and the system, comprising at least one of a first NAS security context or a first AS security context; maintain the first security context  and/or the at least one first key for protecting communication with the third apparatus; determine, or obtain from a fourth apparatus, a first context at least indicating information associated with the system for serving a third apparatus; transmit, by using the first security context and/or the at least one first key for protecting communication between the third apparatus and the system, the first context to the third apparatus for protecting communication between the system and the third apparatus; determine, based on the first context, a second security context and/or at least one second key for protecting communication between the second apparatus and the system, the second security context comprising at least one of a second NAS security context or a second AS security context; and maintain the second security context and/or the at least one second key for communication with the third apparatus.
In a fourteenth aspect of the present disclosure, there is provided a system. The system comprises means for determining a first security context and/or at least one first key for protecting communication between the third apparatus and the system, comprising at least one of a first NAS security context or a first AS security context; means for maintaining the first security context and/or the at least one first key for protecting communication with the third apparatus; means for determining, or obtaining from a fourth apparatus, a first context at least indicating information associated with the system for serving a third apparatus; means for transmitting, by using the first security context and/or the at least one first key for protecting communication between the third apparatus and the system, the first context to the third apparatus for protecting communication between the system and the third apparatus; means for determining, based on the first context, a second security context and/or at least one second key for protecting communication between the second apparatus and the system, the second security context comprising at least one of a second NAS security context or a second AS security context; and means for maintaining the second security context and/or the at least one second key for communication with the third apparatus.
It is to be understood that the Summary section is not intended to identify key or essential features of embodiments of the present disclosure, nor is it intended to be used to limit the scope of the present disclosure. Other features of the present disclosure will become easily comprehensible through the following description.
BRIEF DESCRIPTION OF THE DRAWINGS
Some example embodiments will now be described with reference to the accompanying drawings, where:
FIG. 1 illustrates an example communication environment in which example embodiments of the present disclosure can be implemented;
FIG. 2 illustrates a signaling chart of an example process of the secure communication in NTN S&F system according to some example embodiments of the present disclosure;
FIG. 3 illustrates a signaling chart of an example process an example process of the secure communication in NTN S&F system according to some example embodiments of the present disclosure;
FIG. 4 illustrates a signaling chart of an example process an example process of the secure communication in NTN S&F system according to some example embodiments of the present disclosure;
FIG. 5 illustrates a flowchart of a method implemented at a first apparatus according to some example embodiments of the present disclosure;
FIG. 6 illustrates a flowchart of a method implemented at a second apparatus according to some example embodiments of the present disclosure;
FIG. 7 illustrates a flowchart of a method implemented at a third apparatus according to some example embodiments of the present disclosure;
FIG. 8 illustrates a simplified block diagram of a device that is suitable for implementing example embodiments of the present disclosure; and
FIG. 9 illustrates a block diagram of an example computer readable medium in accordance with some example embodiments of the present disclosure.
Throughout the drawings, the same or similar reference numerals represent the same or similar element.
DETAILED DESCRIPTION
Principle of the present disclosure will now be described with reference to some example embodiments. It is to be understood that these embodiments are described only for the purpose of illustration and help those skilled in the art to understand and implement the present disclosure, without suggesting any limitation as to the scope of the disclosure. Embodiments described herein can be implemented in various manners other than the ones described below.
In the following description and claims, unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skills in the art to which this disclosure belongs.
References in the present disclosure to “one embodiment, ” “an embodiment, ” “an example embodiment, ” and the like indicate that the embodiment described may include a particular feature, structure, or characteristic, but it is not necessary that every embodiment includes the particular feature, structure, or characteristic. Moreover, such phrases are not necessarily referring to the same embodiment. Further, when a particular feature, structure, or characteristic is described in connection with an embodiment, it is submitted that it is within the knowledge of one skilled in the art to affect such feature, structure, or characteristic in connection with other embodiments whether or not explicitly described.
It shall be understood that although the terms “first, ” “second, ” …, etc. in front of noun (s) and the like may be used herein to describe various elements, these elements should not be limited by these terms. These terms are only used to distinguish one element from another and they do not limit the order of the noun (s) . For example, a first element could be termed a second element, and similarly, a second element could be termed a first element, without departing from the scope of example embodiments. As used herein, the term “and/or” includes any and all combinations of one or more of the listed terms.
As used herein, “at least one of the following: <a list of two or more elements>” and “at least one of <a list of two or more elements>” and similar wording, where the list of two or more elements are joined by “and” or “or” , mean at least any one of the elements, or at least any two or more of the elements, or at least all the elements.
As used herein, unless stated explicitly, performing a step “in response to A” does not indicate that the step is performed immediately after “A” occurs and one or more intervening steps may be included.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of example embodiments. As used herein, the singular forms “a” , “an” and “the” are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms “comprises” , “comprising” , “has” , “having” , “includes” and/or “including” , when used herein, specify the presence of stated features, elements, and/or components etc., but do not preclude the presence or addition of one or more other features, elements, components and/or combinations thereof.
As used in this application, the term “circuitry” may refer to one or more or all of the following:
(a) hardware-only circuit implementations (such as implementations in only analog and/or digital circuitry) and
(b) combinations of hardware circuits and software, such as (as applicable) :
(i) a combination of analog and/or digital hardware circuit (s) with software/firmware and
(ii) any portions of hardware processor (s) with software (including digital signal processor (s) ) , software, and memory (ies) that work together to cause an apparatus, such as a mobile phone or server, to perform various functions) and
(c) hardware circuit (s) and or processor (s) , such as a microprocessor (s) or a portion of a microprocessor (s) , that requires software (e.g., firmware) for operation, but the software may not be present when it is not needed for operation.
This definition of circuitry applies to all uses of this term in this application, including in any claims. As a further example, as used in this application, the term circuitry also covers an implementation of merely a hardware circuit or processor (or multiple processors) or portion of a hardware circuit or processor and its (or their) accompanying software and/or firmware. The term circuitry also covers, for example and if applicable to the particular claim element, a baseband integrated circuit or processor integrated circuit for a mobile device or a similar integrated circuit in server, a cellular network device, or other computing or network device.
As used herein, the term “communication network” refers to a network following any suitable communication standards, such as New Radio (NR) , Long Term Evolution (LTE) , LTE-Advanced (LTE-A) , Wideband Code Division Multiple Access (WCDMA) , High-Speed Packet Access (HSPA) , Narrow Band Internet of Things (NB-IoT) and so on. Furthermore, the communications between a terminal device and a network device in the communication network may be performed according to any suitable generation communication protocols, including, but not limited to, the first generation (1G) , the second generation (2G) , 2.5G, 2.75G, the third generation (3G) , the fourth generation (4G) , 4.5G, the fifth generation (5G) , the sixth generation (6G) communication protocols, and/or any other protocols either currently known or to be developed in the future. Embodiments of the present disclosure may be applied in various communication systems. Given the rapid development in communications, there will of course also be future type communication technologies and systems with which the present disclosure may be embodied. It should not be seen as limiting the scope of the present disclosure to only the aforementioned system.
As used herein, the term “radio access network device” or “radio access network node” refers to a device or node implementing an Access Network (AN) function in a wireless communication network via which user equipment accesses a core network and receives services from the core network. Examples of the radio access network node may include, but be not limited to, a base station (BS) or an access point (AP) , for example, a node B (NodeB or NB) , an evolved NodeB (eNodeB or eNB) , an NR NB (also referred to as a gNB) , an Next Generation Radio Access Network Node (also referred to as an NG-RAN node) , a Remote Radio Unit (RRU) , a radio header (RH) , a remote radio head (RRH) , a relay, an Integrated Access and Backhaul (IAB) node, a low power node such as a femto, a pico, and so forth, depending on the applied terminology and technology. In some example embodiments, a RAN node (for example, a gNB) may include a Centralized Unit (CU) and one or more Distributed Units (DUs) connected to the CU.
The term “terminal device” refers to any end device that may be capable of wireless communication. By way of example rather than limitation, a terminal device may also be referred to as a communication device, user equipment (UE) , a Subscriber Station (SS) , a Portable Subscriber Station, a Mobile Station (MS) , or an Access Terminal (AT) . The terminal device may include, but not limited to, a mobile phone, a cellular phone, a smart phone, voice over IP (VoIP) phones, wireless local loop phones, a tablet, a wearable  terminal device, a personal digital assistant (PDA) , portable computers, desktop computer, image capture terminal devices such as digital cameras, gaming terminal devices, music storage and playback appliances, vehicle-mounted wireless terminal devices, wireless endpoints, mobile stations, laptop-embedded equipment (LEE) , laptop-mounted equipment (LME) , USB dongles, smart devices, wireless customer-premises equipment (CPE) , an Internet of Things (IoT) device, a watch or other wearable, a head-mounted display (HMD) , a vehicle, a drone, a medical device and applications (e.g., remote surgery) , an industrial device and applications (e.g., a robot and/or other wireless devices operating in an industrial and/or an automated processing chain contexts) , a consumer electronics device, a device operating on commercial and/or industrial wireless networks, and the like. In the following description, the terms “terminal device” , “communication device” , “terminal” , “user equipment” and “UE” may be used interchangeably.
As used herein, the term “core network device” or “core network node” refers to any computing device or computing system that includes hardware (e.g., at least one processor and at least one memory) and software implementing one or more network functions of a core network. Examples of core network device may include, but be not limited to, an evolved Packet Data Gateway (ePGW) , a trusted wireless local area network (WLAN) access network (TWAN) node, a Home Subscriber Server (HSS) , an Access and Mobility Management Function (AMF) , a Session Management Function (SMF) , a Network Slice Selection Function (NSSF) , an Authentication Server Function (AUSF) , a Serving Gateway (SGW) , a Packet Data Network (PDN) Gateway (PGW) , an Authentication Server Function (AUSF) , a Subscription Identifier De-concealing function (SIDF) , a Unified Data Management (UDM) , a Security Edge Protection Proxy (SEPP) , a Network Exposure Function (NEF) , a User Plane Function (UPF) , and/or a Policy Control Function (PCF) . A non-terrestrial network (NTN) device is a network device embarked on an airborne or space-borne NTN vehicle. An NTN device can embarked on a Geosynchronous Orbit (GSO) satellite, or a Non-Geosynchronous Orbit (NGSO) satellite, for example, a low earth orbit (LEO) satellite. An NTN device may only implement radio access network functionality, or implement both radio access network functionality and core network functionality. The term “satellite” and the “NTN device” have the same meaning.
FIG. 1 illustrates an example communication environment 100 in which example embodiments of the present disclosure can be implemented. The communication network  100 may comprise a first apparatus 110 (e.g., an NTN device hosting radio access network device such as a BS, a gNB, or an eNB) and a second apparatus 120 (e.g., a further NTN device hosting radio access radio access network device such as a BS, a gNB, or an eNB) . In some scenario, the first apparatus 110 and/or second apparatus 120 may be hosted in satellites.
The communication network 100 may further comprise a third apparatus 130 (e.g., a terminal device such as a UE) , which may communicate with the first apparatus 110 within a coverage of the first apparatus 110, for example, the geographical area of the third apparatus 130 is served by a satellite beam or cell from the first apparatus 110.
Later, at a different time, the third apparatus 130 may communicate with the second apparatus 120 within coverage of the second apparatus 120, for example, the geographical area of the third apparatus 130 is served by a satellite beam or cell from the second apparatus 120.
Furthermore, the communication network 100 may also comprise a fourth apparatus 140. Hereinafter the fourth apparatus 140 may also be referred to a ground station including at least one core network function/entity in the CN, such as an NTN-GW, a management entity, an AMF, or an AUSF, or an HSS, etc. The terminal device 110 may communicate with the fourth apparatus 140 via the first apparatus 110 or the second apparatus 120. In some other example embodiments, the first apparatus 110 and the second apparatus 120 may also host certain core network functionalities, for example, AMF function, or functionality to authenticate/authorize the terminal device 110.
In some scenarios, the communication network 100 may refer to an NTN network and the first apparatus 110 and the second apparatus 120 may be implemented in a satellite and moves along with the satellite. More specifically, the satellite is a NGSO satellite.
As described above, in the S&F operation, at the first time point, when the first apparatus 110 serves a geographical area of the third apparatus 130, but the first apparatus 110 has no connection with the fourth apparatus 140. That is, the UL data of the third apparatus 130 may be buffered at the first apparatus 110.
Later, at the second time point, the first apparatus 110 may move out of the geographical area of the third apparatus 130 and have a connection with the fourth  apparatus 140. In this case, the first apparatus 110 may forward the buffered UL data of the third apparatus 130 to the fourth apparatus 140.
At the third time point, the second apparatus 120 may serve the geographical area of the third apparatus 130, but the second apparatus 120 has no connection with the fourth apparatus 140. That is, the UL data of the third apparatus 130 may be buffered at the second apparatus 120.
At the fourth time point, the second apparatus 120 may move out of the geographical area of the third apparatus 130 and have a connection with the fourth apparatus 140. In this case, the second apparatus 120 may forward the buffered UL data of the third apparatus 130 to the fourth apparatus 140.
That is, due to the number/location of the NTN-GW and orbit plan of satellites, there is no guarantee that the second apparatus 120 can connect with the fourth apparatus 140 before it establishes a connection with the third apparatus 130, or after the first apparatus 110 connected with the fourth apparatus 140 (to upload the UE context) .
The UL data received from the third apparatus 130 may be first stored in the satellite (e.g., the first apparatus 110 or the second apparatus 120) when it only has a connection with the third apparatus 130, then it may be forwarded to the fourth apparatus 140 when the satellite has a connection with the fourth apparatus 140.
It is to be understood that the number of network devices and terminal devices shown in FIG. 1 is given for the purpose of illustration without suggesting any limitations. The communication network 100 may include any suitable number of network devices and terminal devices.
In the following, for the purpose of illustration, some example embodiments are described with the first apparatus 110 and the second apparatus 120 operating as a radio access network device or core network device, and the third apparatus 130 operating as a terminal device. In some example embodiments, operations described in connection with the first apparatus 110 may be implemented at the second apparatus 120, and operations described in connection with the second apparatus 120 may be implemented at the first apparatus 110.
In some example embodiments, if the third apparatus 130 is a terminal device and the first apparatus 110 and the second apparatus 120 are radio access network devices,  a link from the first apparatus 110 or the second apparatus 120 to the third apparatus 130 is referred to as a downlink (DL) , and a link from the third apparatus 130 to the first apparatus 110 or the second apparatus 120 is referred to as an uplink (UL) . In DL, the first apparatus 110 or the second apparatus 120 is a transmitting (TX) device (or a transmitter) and the third apparatus 130 is a receiving (RX) device (or a receiver) . In UL, the third apparatus 130 is a TX device (or a transmitter) and the first apparatus 110 or the second apparatus 120 is a RX device (or a receiver) .
Communications in the communication environment 100 may be implemented according to any proper communication protocol (s) , comprising, but not limited to, cellular communication protocols of the first generation (1G) , the second generation (2G) , the third generation (3G) , the fourth generation (4G) , the fifth generation (5G) , the sixth generation (6G) , and the like, wireless local network communication protocols such as Institute for Electrical and Electronics Engineers (IEEE) 802.11 and the like, and/or any other protocols currently known or to be developed in the future. Moreover, the communication may utilize any proper wireless communication technology, comprising but not limited to: Code Division Multiple Access (CDMA) , Frequency Division Multiple Access (FDMA) , Time Division Multiple Access (TDMA) , Frequency Division Duplex (FDD) , Time Division Duplex (TDD) , Multiple-Input Multiple-Output (MIMO) , Orthogonal Frequency Division Multiple (OFDM) , Discrete Fourier Transform spread OFDM (DFT-s-OFDM) and/or any other technologies currently known or to be developed in the future.
As an S&F architecture option, the NTN device (e.g., the first apparatus 110 or the second apparatus 120) hosts the Access Network (AN) function (e.g., eNB/gNB) and some CN functions (e.g., Mobility Management Entity (MME) /Access and Mobility Management Function (AMF) , authenticate/authorize function) , and other CN network functions (e.g., the HSS, the unified data management (UDM) ) is on the ground station (e.g., the fourth apparatus 140) . This is the so-called MME/AMF co-located architecture.
As another S&F architecture option, the NTN device (e.g., the first apparatus 110 or the second apparatus 120) only hosts the AN function (e.g., NG-eNB/gNB) and the MME/AMF plus other network functions are on the ground station (e.g., the fourth apparatus 140) . This is the so-called MME/AMF classic architecture.
CIoT (Cellular Internet of Things) End-to-End Service (EPS) /5G system (5GS)  optimization encompasses a set of solutions to support efficient data transmission between IoT devices and IoT applications/service. For example, the Control Plane (CP) CIoT EPS/5GS optimization and the User Plane (UP) CIoT EPS/5GS optimization.
In CP CIoT EPS Optimization, the Access Stratum (AS) security is not used. The non-Access Stratum (NAS) security is used to protect the UE data. Upon the reception of the RRCConnectionSetupComplete including the UL NAS message, or the RRCEarlyDataRequest including the UL NAS message, there is no security check in the BS (e.g., eNB) . The BS just forward the received UL NAS message to the CN node (e.g., MME) , and the CN node may perform the security check.
Furthermore, an EPS key hierarchy has been defined. In this EPS key hierarchy, each separate EPS key KASME has a distinct pair of NAS COUNTs, one NAS COUNT for uplink and one NAS COUNT for downlink, associated with it. The UL (or DL) NAS COUNT is updated after a UL (or DL) NAS transmission.
The UL (or DL) NAS COUNT counters may use 24-bit internal representation and are independently maintained by UE and the MME/AMF. The NAS COUNT may be constructed as a NAS sequence number (8 least significant bits) concatenated with a NAS overflow counter (16 most significant bits) .
In the UE side, the value of the uplink NAS COUNT is the value that shall be used in the next Mobile Originated (MO) NAS message, the value of the downlink NAS COUNT is the largest downlink NAS COUNT used in a successfully integrity checked Mobile Terminated (MT) NAS message.
In the MME/AMF side, the value of the uplink NAS COUNT is the largest uplink NAS COUNT used in a successfully integrity checked MO NAS message. The value of the downlink NAS COUNT is the value that shall be used in the next MT NAS message.
In an S&F operation, a UE (e.g., the third apparatus 130) may need to communicate with more than one satellites, due to the long interval (e.g., 24-hour) between the two passes of the same satellite and the UE’s traffic profile (e.g., the MO data every 12-hour) .
Up to the deployment, a satellite (e.g., the first apparatus 110 or the second apparatus 120) may first visit the UE’s geo-area and serve the UE, then the satellite may visit the geo-area of the NTN-GW and connect with the ground station (e.g., the fourth  apparatus 140) .
It is unclear how to support the secure communication between the UE and a plurality of satellites in the S&F operation. For example, in case of co-located architecture with CP CIOT, it is unclear how the UE can setup multiple NAS security with the plurality of satellites to secure the NAS communication between the UE and the plurality of satellites. In the following, how can the UE and each satellite has the correct NAS security context (e.g., NAS COUNT) for communication between UE and a specific satellite will be further discussed.
The solution of the present disclosure, a first satellite may determine a first context at least indicating information with a second satellite for serving a UE. For example, the information may be generated by the first satellite itself or obtained from a CN device on the ground. Then the first satellite may transmit the first context to the UE and/or the second satellite for communication protection between the UE and the second satellite. After the second satellite obtains the first context, the second satellite determine, based on the first context, a security context comprising at least one of a NAS security context or an AS security context, for protecting communication between the second satellite and the UE; and maintain the security context for further communication with the UE, after the UE is disconnected when the second satellite move out of the geographical area of the UE. After the UE obtains the first context, the UE determine, based on the first context, a security context comprising at least one of a NAS security context or an AS security context, for protecting communication between the second satellite and the UE; and maintain a security context and/or key for communication with the first satellite, and another security context and/or key for communication with the second satellite.
Example embodiments of the present disclosure will be described in detail below with reference to the accompanying drawings.
Reference is now made to FIG. 2, which shows a signaling chart 200 for communication according to some example embodiments of the present disclosure. As shown in FIG. 2, the signaling chart 200 involves the first apparatus 110, the second apparatus 120, the third apparatus 130 and the fourth apparatus 140. For the purpose of discussion, reference is made to FIG. 1 to describe the signaling chart 200.
In the scenario as shown in FIG. 2, the first apparatus 110 may comprise an AN function 211 and a S&F function (SSF) 212. The second apparatus 120 may comprise a  AN function 221 and a SSF function 222. In one example embodiment, the SFF function may be part of the AN function. The fourth apparatus 140 may comprise an NTN-GW 241, a central manager 242 and a GS CN node 243.
In this case, the SFF 212 on the first apparatus 110 which handles an initial registration of the third apparatus 130 may generate the multiple S&F UE context to be used by other related satellites (e.g., the second apparatus) and the third apparatus 130.
As shown in FIG. 2, the third apparatus 130 may register (205) with the core network (e.g., the GS CN node 243) via the first apparatus 110. The third apparatus 130 and the first apparatus 110 may have at least one common key and a related security context, such as a security context specified in clause 6.3 of 3GPP TS 33.501 V18.3.0 (2023-09) . The security context may comprise for example UL NAS COUNT and DL NAS COUNT, among other information elements. The security context may be established during a normal registration procedure of the third apparatus to the core network. The registration procedure may comprise primary authentication, as specified for example in clause 6.1 of 3GPP TS 33.501 V18.3.0 (2023-09) . The at least one common key may be generated based on the security context, using for example key derivation, such as specified in clause 6.2 of 3GPP TS 33.501 V18.3.0 (2023-09) . The at least one common key may comprise one or more non-access stratum (NAS) keys, and/or one or more access stratums (AS) keys. A NAS key may be a NAS encryption key or a NAS integrity protection key, for example. An AS key may be an AS encryption key or an AS integrity protection key. The security context and/or the at least one common key are used to protect communication between the third apparatus 130 and the first apparatus 110, and hereinafter may also be referred to as a first security context and at least one first key, correspondingly. The third apparatus 130 and the first apparatus 110 may maintain the first security context and/or the at least one first key.
The first apparatus 110, for example, the SFF 212 on the first apparatus 110 may determine (210) a S&F UE context (herein after may also be referred to as a first context) indicating information associated with at least one satellite for serving the third apparatus 130.
For example, based on the traffic profile of the third apparatus 130 (e.g., MO data occurs every 12-hour) received from the third apparatus 130 or the fourth apparatus 140, and/or the trajectory/ephemeris of the first apparatus 110 and other satellites (e.g.,  the second apparatus 120) , the SFF 212 on the first apparatus 110 may determine the related satellites to serve the third apparatus 130, e.g. the first apparatus 110 and the second apparatus 120.
For each related satellite other than the first apparatus 110 (e.g., the second apparatus 120) , the SFF 212 on the first apparatus 110 may generate a S&F UE context. which is to be distributed to the third apparatus 130 and the second apparatus 120 and are further used by the third apparatus 130 and the second apparatus 120 to derive the corresponding keys to protect the communication between the third apparatus 130 and the second apparatus 120. The S&F UE context may be unique per UE and per satellite. The S&F UE context includes the information for at least of the related satellite, e.g., the second apparatus 120.
For example, in case of co-located architecture that the NTN device (for example, the first apparatus 110, the second apparatus 120) hosts the AN function and CN function (for example, MME/AMF function) , the third apparatus 130 and the second apparatus 120 may use the S&F UE context to derive the related NAS Security context (e.g., a UL NAS COUNT, a DL NAS COUNT, etc) and at least one NAS key (e.g., a NAS integrity key, a NAS encryption key, etc) , which are used to protect the NAS communication between the third apparatus 130 and the second apparatus 120.
In case of classic architecture that the NTN device (for example, the first apparatus 110, the second apparatus 120) only hosts the AN function, the third apparatus 130 and the second apparatus 120 may use the S&F UE context to derive the related AS security context and at least one AS key (e.g., an AS integrity protection key and/or an AS encryption key) , which are used to protect AS communication using Radio Resource Control (RRC) protocol between the third apparatus 130 and the second apparatus 120.
For example, for each related satellite, the S&F UE context may include following information such as an identifier (ID) to identify the second apparatus, an identifier to identify the third apparatus, a key (e.g., Key#2) and a random number, a condition indicating when this S&F UE context is to be activated, a sequence number (SQN) , and/or an ID of the third apparatus.
For example, the ID to identify the second apparatus may be an ID of a satellite hosting the second apparatus, or an ID of the second apparatus (for example, eNB/gNB) embarked on the satellite, or an ID of the CN node (for example, MME/AMF) embarked  on the satellite.
The key (e.g., Key#2) is not sent to the third apparatus 130 because the third apparatus 130 can derive the key based on the common key, the ID of the second apparatus 120, the random number, etc.
The condition indicating when this S&F UE context is to be activated may avoid the case that the second apparatus 120 arrives at the location of the third apparatus 130 and starts to communicate with the apparatus 130, before the second apparatus 120 obtains the S&F UE context, for example, from the fourth apparatus 140.
Additionally or optionally, the S&F UE context may also include a UL NAS COUNT and a DL NAS COUNT for the case of co-located architecture.
For example, the UL NAS COUNT and the DL NAS COUNT may be used when a configuration requires the NAS COUNT used by the third apparatus 130 and the second apparatus 120 start from a non-default value, rather from the default value 0. When the NAS COUNT is not present, the default value 0 is used (same as current NAS COUNT starting from 0) .
As an example, the UL NAS COUNT start value may be set to 0 for the third apparatus 130 communications with the first apparatus 110, and the UL NAS COUNT start value may be set to 7 for the third apparatus 130 communications with the second apparatus 120. The point is third apparatus 130 may maintain a per satellite NAS COUNT value.
Additionally or optionally, the S&F UE context may also include a Packet Data Convergence Protocol (PDCP) SN in case of the classic architecture, which may be similar with the NAS COUNT, but for an AS COUNT.
When the first apparatus 110 have a connection with the third apparatus 130, the first apparatus 110 may provide (215) the third apparatus 130 with the S&F UE context for each satellite other than the first apparatus 110 that the third apparatus 130 can communicate with (e.g., for the second apparatus 120) by using the first security context and at least one first key previously maintained at the first apparatus 110. The third apparatus 130 then may determine/derive, based on the S&F UE context, a second security context comprising at least one of a second NAS security context, at least one of a NAS key, a second AS security context, or at least one of an AS key, for protecting  communication between the second apparatus 120 and the third apparatus 130 and maintain the determined/derived security context and at least one related key, which may also be referred to as a second security context and at least one second key hereinafter.
Specifically, the information associated with the security context comprising a pair of the ID of the second apparatus and a random value may transmitted to the third apparatus 130 along with the S&F UE context. Based on the received information, the third apparatus 130 is able to determine the security context used to protect the communication between the third apparatus 130 and the further satellites (for example, the second apparatus 120) , in addition to the security context used to protect the communication between the third apparatus 130 and the first satellite (i.e., the first apparatus 110) . The third apparatus 130 maintains separate security context for communication with each related satellite. For example, the third apparatus 130 maintains a security context for communication with the first apparatus 110, and another security context for communication with the second apparatus 120. The third apparatus 130 maintains separate security context even after the related satellite stops serving the third apparatus 130, for example, the related satellite moves out of the geographical area of the third apparatus 130, and the third apparatus 130 is disconnected from the related satellite. The maintained security context can be used later by the third apparatus 130 to protect the further communication with the related satellite, for example, when the related satellite re-enters the geographical area of the third apparatus 130 and starts to serve the third apparatus 130.
As described above, the key (e.g., Key#2) is not sent to the third apparatus 130 because the third apparatus 130 can derive the key based on the common key, the ID of the second apparatus 120 and the random number, etc. The third apparatus 130 maintains separate key for communication with each related satellite. For example, the third apparatus 130 maintains a key for communication with the first apparatus 110, and another key for communication with the second apparatus 120. The third apparatus 130 maintains separate security key even after the related satellite stops serving the third apparatus 130, for example, the related satellite moves out of the geographical area of the third apparatus 130, and the third apparatus 130 is disconnected from the related satellite. The maintained key can be used later by the third apparatus 130 to protect the further communication with the related satellite, for example, when the related satellite re-enters the geographical area of the third apparatus 130 and starts to serve the third apparatus 130.
Later, when the first apparatus 110 have a connection with the fourth apparatus 140, for example, via the NTN-GW 241, the first apparatus 110 may upload (220) the derived S&F UE context for each related satellite (e.g., for the second apparatus 120) to the fourth apparatus 140, for example, to the central manager 242.
Then, after the second apparatus 120 have connection with the fourth apparatus 140, for example, via the NTN-GW 241, the second apparatus 120 may obtain (225) the S&F UE context for the second apparatus 120 from the fourth apparatus 140, for example, from the central manager 242.
The SFF 222 on the second apparatus 120 may use the received S&F UE context to derive the related NAS (or AS) keys which are to be used to protect the NAS (or AS) communication between the second apparatus 120 and the third apparatus 130. The second apparatus 120 maintains the S&F UE context and the related NAS (or AS) keys or the security context for further communication with the third apparatus 130. The second apparatus 120 maintains the security context for the third apparatus 130 even after the second apparatus 120 stops serving the third apparatus 130, for example, the second apparatus 120 or the related satellite moves out of the geographical area of the third apparatus 130, and the third apparatus 130 is disconnected from the second apparatus 120. The maintained security context can be used later by the second apparatus 120 to protect the further communication with the third apparatus 130, for example, when the second apparatus 120 or the related satellite re-enters the geographical area of the third apparatus 130 and starts to serve the third apparatus 130.
Alternatively, the second apparatus 120 may generate a random number and use this random number and the received S&F UE context to derive the NAS (or AS) keys.
Later, when the second apparatus 120 have a connection with the third apparatus 130, the third apparatus 130 may know the second apparatus 120 and use the NAS (or AS) security context related to the second apparatus 120, e.g., NAS COUNT start value is 7, to protect the MO NAS. As an example, third apparatus 130 may send (230) 3 MO NAS with UL NAS COUNT, e.g., 7, 8 and 9 to the second apparatus 120.
Then the second apparatus 120 may use the stored NAS security context related to the third apparatus 130, e.g., an NAS key, UL NAS COUNT start value is 7, to check (235) the integrity of the received NAS and decrypt it. During the communication between the second apparatus 120 and the third apparatus 130, the security context is  updated in both the second apparatus 120 and the third apparatus 130. In the third apparatus 130, the updated security context is related to the communication with the second apparatus 120, and it does not affect the stored other security context related to the communication with other satellite (e.g., the first apparatus 110) . In the second apparatus 120, it maintains the updated security context for further communication with the third apparatus 130. The second apparatus 120 maintains the security context for the third apparatus 130, even after the third apparatus 130 is disconnected, for example, when the satellite (i.e., the second apparatus 120) move out and stops serving the third apparatus 130, or after third apparatus 130 setup communication with other satellite (e.g., the first apparatus 110) . In other words, the second apparatus 120 maintains the stored S&F UE context and the related NAS (or AS) keys for the third apparatus 130, until the third apparatus 130 will not connect with second apparatus 120 anymore, for example, the third apparatus 130 is de-registered or detached or a timer expired.
After that, when the second apparatus 120 have connection with the fourth apparatus 140, the second apparatus 120 may forward (240) the MO data to the fourth apparatus 140.
Later, when the first apparatus 110 have a connection with the third apparatus, the third apparatus 130 may know the first apparatus 110 based on the received S&F UE context. Then the third apparatus 130 may use the received S&F UE context received to derive the NAS (or AS) security context and use the NAS security context related to first apparatus 110, e.g., an NAS key, NAS COUNT start value 0, to protect the MO NAS. As an example, the third apparatus 130 may send (245) 1 MO NAS with UL NAS COUNT 0 to the first apparatus 110.
Then the first apparatus 110 may use the NAS security context related to the third apparatus 130 to check (250) the integrity of the received NAS and decrypt it. During the communication between the first apparatus 110 and the third apparatus 130, the security context is updated in both the first apparatus 110 and the third apparatus 130. In the third apparatus 130, the updated security context is related to the communication with the first apparatus 110, and it does not affect the stored other security context related to the communication with other satellite (e.g., the second apparatus 120) . In the first apparatus 110, it maintains the updated security context for further communication with the third apparatus 130. The first apparatus 110 maintains the security context for the third apparatus 130, even after the UE is disconnected, for example, when the satellite (i.e., the  first apparatus 110) move out the geographical area of the third apparatus 130 and stops serving the third apparatus 130, or after third apparatus 130 setup communication with other satellite (e.g., the second apparatus 120) . In other words, the first apparatus 110 maintains the stored S&F UE context and the related NAS (or AS) keys for the third apparatus 130, until the third apparatus 130 will not connect with first apparatus 110 anymore, for example, the third apparatus 130 is de-registered or detached or a timer expired.
After that, when the first apparatus 110 have connection with the fourth apparatus 140, the first apparatus 110 may forward (255) the MO data to the fourth apparatus 140.
The process as described with FIG. 2 explains the case where the first apparatus 110 generates a S&F UE context by itself. It is also possible that the S&F UE context may be generated at the fourth apparatus 140, e.g., the ground station (for example, a CN device on the ground) , which will be described with reference to FIG. 3 as below.
Reference is now made to FIG. 3, which shows a signaling chart 300 for communication according to some example embodiments of the present disclosure. As shown in FIG. 3, the signaling chart 300 involves the first apparatus 110, the second apparatus 120, the third apparatus 130 and the fourth apparatus 140. For the purpose of discussion, reference is made to FIG. 1 to describe the signaling chart 300.
In the scenario as shown in FIG. 3, the first apparatus 110 may comprise an AN function 311 and a SSF 312. The second apparatus 120 may comprise an AN function 321 and a SFF 322. In one example embodiment, the SFF function may be part of the AN function. The fourth apparatus 140 may comprise an NTN-GW 341, a central manager 342 and a GS CN node 343. An SFF 344 may be located at the central manager 342.
In this case, the SFF 312 on the first apparatus 110 which handles an initial registration of the third apparatus 130 may generate the multiple S&F UE context to be used by other related satellites (e.g., the second apparatus) and the third apparatus 130.
After the third apparatus 130 has been registered (305) at the fourth apparatus 140, the fourth apparatus 140, for example, the SFF 344 on the central manager 342, may generate (310) the S&F UE context for at least one satellite that will serve the third apparatus 130.
For example, based on the traffic profile of the third apparatus 130 (e.g., MO data/NAS occurs every 12-hour) received from the third apparatus 130 or fourth apparatus 140, and/or the trajectory/ephemeris of the first apparatus 110 and other satellites (e.g., the second apparatus 120) , the SFF 344 on the central manager 342 may determine the related satellites to serve the third apparatus 130, e.g. the first apparatus 110 and the second apparatus 120.
As an example, the fourth apparatus 140 may generate the S&F UE context (hereinafter may also be referred to as a second context) for each related satellite except the first apparatus 110. The S&F UE context (i.e., the second context) generated by the fourth apparatus 140 may have similar content as that in the S&F UE context (i.e., the first context) generated by the first apparatus 110. The content in the S&F UE context (i.e., the first context) generated by the first apparatus 110 has been described with reference to FIG. 2, which is omitted here.
When the first apparatus 110 have a connection with the fourth apparatus 140, the fourth apparatus 140, for example, the central manager 342, may send (315) the generated S&F UE context to the first apparatus 110, for example, the SFF 312, except the key.
When the first apparatus 110 have a connection with the third apparatus 130, the first apparatus 110, for example, the SFF 312, may forward (320) the S&F UE context, e.g., to be used for communication with the second apparatus 120, to the third apparatus 130.
The following processes may be similar with the corresponding processes shown in FIG. 2. For example, after the second apparatus 120 have connection with the fourth apparatus 140, for example, with the NTN-GW 341, the second apparatus 120 may obtain (325) the S&F UE context for the second apparatus 120 from the fourth apparatus 140, for example, from the central manager 342.
Later, when the second apparatus 120 have a connection with the third apparatus 130, the third apparatus 130 may know it is communicating with the second apparatus 120 and use the NAS (or AS) security context related to the second apparatus 120 to protect the MO NAS. As an example, third apparatus 130 may send (330) an MO NAS with UL NAS COUNT, e.g., 7, to the second apparatus 120.
Then the second apparatus 120 may use the stored NAS security context related to the third apparatus 130, e.g., an NAS key, UL NAS COUNT start value is 7, to check (335) the integrity of the received NAS and decrypt it.
After that, when the second apparatus 120 have connection with the fourth apparatus 140, the second apparatus 120 may forward (340) the MO data to the fourth apparatus 140.
Later, when the first apparatus 110 have a connection with the third apparatus 130, the third apparatus 130 may know it is communicating with the first apparatus 110.
Then the third apparatus 130 may use the previously received S&F UE context received to derive the NAS (or AS) security context and use the NAS security context related to first apparatus 110, e.g., an NAS key, NAS COUNT start value 0, to protect the MO NAS. As an example, the third apparatus 130 may send (345) 1 MO NAS with UL NAS COUNT 7 to the first apparatus 110.
Then the first apparatus 110, for example, the SFF 312, may use the NAS security context related to the third apparatus 130 to check (350) the integrity of the received NAS and decrypt it.
After that, when the first apparatus 110 have connection with the fourth apparatus 140, the first apparatus 110, for example, the SFF 312, may forward (355) the MO data to the fourth apparatus 140.
As described above, it is also possible that the co-located architecture with AN functionality (for example, gNB functionality) and CN functionality (for example, AMF functionality) may be deployed on the satellite. In this case, the SFF may be implemented as part of the CN functionality (for example, as part of the AMF functionality) . The reference now is made to FIG. 4, which shows a signaling chart 400 for communication according to some example embodiments of the present disclosure. As shown in FIG. 4, the signaling chart 400 involves the first apparatus 110, the second apparatus 120, the third apparatus 130 and the fourth apparatus 140. For the purpose of discussion, reference is made to FIG. 1 to describe the signaling chart 400.
In the scenario as shown in FIG. 4, the first apparatus 110 may comprise a gNB 411 and an AMF 412. The second apparatus 120 may comprise a gNB 421 and an AMF 422. The fourth apparatus 140 may comprise an NTN-GW 241, a central manager 242  and a GS CN node 243.
As shown in FIG. 4, the third apparatus 130 may register (405) to the fourth apparatus 140.
The AMF 412 at the first apparatus 110 may generate (410) the S&F UE context (i.e., the first context) . In this case, in addition to the information associated with at least one related satellite (e.g., the second apparatus 120) that will serve the third apparatus 130, the S&F UE context may also comprise information associated with the security context comprises a pair of an identifier of the related satellite (e.g., an ID of the second apparatus 120) and a random value.
Then the AMF 412 at the first apparatus 110 may provide (415) the generate S&F UE context to the third apparatus 130 and provide (420) information associated with the security context to the third apparatus 130 through an NAS secure message.
Later, when the first apparatus 110 have a connection with the fourth apparatus 140, the first apparatus 110 may upload (425) the derived S&F UE context for each related satellite (e.g., for the second apparatus 120) (e.g., KAMF) along with the pair of an identifier of the related satellite (e.g., an ID of the second apparatus 120) and a random value to the fourth apparatus 140.
Then, after the second apparatus 120 have connection with the fourth apparatus 140, the second apparatus 120 may obtain (430) the S&F UE context for the second apparatus 120 from the fourth apparatus 140. For example, the obtained S&F UE context for the second apparatus 120 may comprise a NAS key generated by the fourth apparatus 140, e.g., by the central manager 442 based on the pair of an identifier of the second apparatus 120 and a random value. It is also possible that the obtained S&F UE context for the second apparatus 120 comprises the KAMF and the random value. Then the second apparatus 120 generate the NAS key based on the received KAMF and the random value.
Later, when the first apparatus 110 have a connection with the third apparatus 130, the third apparatus 130 may know that it is connected to the first apparatus 110 (e.g., the first apparatus 110 may broadcast its ID to the third apparatus 130) , so the third apparatus 130 may use the NAS (or AS) security context related to the first apparatus 110, e.g., a UL NAS COUNT, to protect the communication between the third apparatus 130 and the first apparatus 110, for example, to protect the MO NAS, and send (435) the  protected NAS packet to the first apparatus 110.
Then the first apparatus 110 may use the stored NAS security context related to the third apparatus 130 to check (440) the integrity of the received NAS and decrypt it. After that, when the first apparatus 110 have connection with the fourth apparatus 140, the first apparatus 110 may forward (445) the MO data to the fourth apparatus 140.
When the second apparatus 120 have a connection with the third apparatus 130, the third apparatus 130 may know that it is connected to the second apparatus 120 (e.g., the second apparatus 120 may broadcast its ID to the third apparatus 130) , so the third apparatus 130 may use the NAS (or AS) security context, the random value and generate KAMF' related to the second apparatus 120. Then the third apparatus 130 may generate NAS and/or AS key (s) and use it to protect the communication between the third apparatus 130 and the second apparatus 120, for example, to protect the MO NAS, and send (450) the protected NAS packet to the second apparatus 120, e.g., to the AMF 422.
Then the second apparatus 120 or the AMF 422 may use the stored NAS security context related to the third apparatus 130 to generate (455) the KAMF' and NAS keys and decrypt the NAS packet.
After that, when the second apparatus 120 have connection with the fourth apparatus 140, the second apparatus 120 may forward (460) the NAS packet to the fourth apparatus 140.
An example the derivation from KAMF to KAMF' for the satellite use case may be listed as below.
For example, a derivation of KAMF' from KAMF during mobility for satellite use case may use the following input parameters:
- FC = 0x72
- P0 = DIRECTION
- L0 = length of DIRECTION (i.e., 0x00 0x01)
- P1 = RAND,
- L1 = length of RAND (i.e., 0x00 0x04)
In this case, as an example, the input key may be KAMF available in the Unstructured Data Storage Network Function (UDSF) . When KAMF' is derived in satellite use case, “DIRECTION” shall be 0x00 and RAND may be the value received from UDSF.
Based on the solution of the present disclosure, in case of co-located architecture that AN and CN (for example, MME/AMF) are embarked on the satellite, the third apparatus 130 and the second apparatus 120 may use the S&F UE context to derive the NAS security context and AS security context. In case of classic architecture that only AN are embarked on the satellite, the third apparatus 130 and the second apparatus 120 may use the S&F UE context to derive the AS security context.
In this way, the UE may maintain different AS or NAS security context (e.g., NAS key, NAS COUNT) for each related satellite, and each related satellite maintains its own AS or NAS security context for the UE. Thus, all related satellites do not need to synchronize the UE context (e.g., using a single NAS key, or a single NAS COUNT) , which is impossible in some S&F deployment.
FIG. 5 shows a flowchart of an example method 500 implemented at a first apparatus in accordance with some example embodiments of the present disclosure. For the purpose of discussion, the method 500 will be described from the perspective of the first apparatus 110 in FIG. 1.
At block 510, the first apparatus determines a first context at least indicating information associated with a second apparatus for serving a third apparatus.
At block 520, the first apparatus transmits the first context to at least one of the third apparatus or the second apparatus for communication protection between the third apparatus and the second apparatus.
In some example embodiments, the method 500 further comprises: obtaining a first security context and/or at least one first key for protecting communication between the first apparatus and the third apparatus, the first security context comprising at least one of a first non-access stratum, NAS, security context or a first access stratum, AS, security context; and maintaining the first security context and/or the at least one first key for protecting communication with the third apparatus; wherein the transmitting the first context to the third apparatus comprises using the first security context and/or the at least one first key for protecting communication between the third apparatus and the first apparatus.
In some example embodiments, the obtaining the first security context and/or the at least one first key comprises performing primary authentication with the third  apparatus; and the obtaining the at least one first key comprises determining the at least one first key based on the first security context.
In some example embodiments, the determining the at least one first key based on the first security context comprises performing key derivation based on the first security context.
In some example embodiments, the at least one first key comprises at least one of: one or more first NAS keys related to NAS security; or one or more first AS keys related to AS security.
In some example embodiments, the first context comprises at least one of the following: an identifier of the second apparatus, an identifier of the third apparatus, information associated with a second NAS security context, information associated with a second AS security context; a condition indicating when the first context is to be activated, a sequence number, an uplink non-access stratum, NAS, count and a downlink NAS count, or a packet data convergence protocol sequence number.
In some example embodiments, the method 500 further comprises: determine the first context based on at least one of: a traffic profile of the third apparatus; a trajectory information of the second apparatus; an ephemeris information of the second apparatus; or a second context received from a fourth apparatus.
In some example embodiments, the method 500 further comprises: transmitting, to the second apparatus via a fourth apparatus, the first context along with the information associated with the second NAS security context and/or the second AS security context, comprising at least one of: a random value, or a second NAS key related to NAS security, or a second AS key related to AS security for the communication protection between the third apparatus and the second apparatus.
In some example embodiments, the method 500 further comprises: transmitting the third apparatus by using the first security context and/or the at least one first key for protecting communication between the third apparatus and the first apparatus the first context along with the information associated with the second NAS security context and/or the second AS security context, comprising a pair of an identifier of the second apparatus and a random value.
In some example embodiments, the method 500 further comprises: transmitting  from an AMF at the first apparatus to the third apparatus, the first context along with the information associated with the second NAS security context or the second AS security context comprising a pair of an identifier of the second apparatus and a random value.
In some example embodiments, the fourth apparatus comprises or is comprised in one of a radio access network device or a core network device.
In some example embodiments, the first apparatus comprises or is comprised in one of a radio access network device or a core network device, the second apparatus comprises or is comprised in a radio access network device, and the third apparatus comprises or is comprised in a terminal device.
FIG. 6 shows a flowchart of an example method 600 implemented at a second apparatus in accordance with some example embodiments of the present disclosure. For the purpose of discussion, the method 600 will be described from the perspective of the second apparatus 120 in FIG. 1.
At block 610, the second apparatus 120 receives a first context, from a first apparatus or a fourth apparatus, at least indicating information associated with the second apparatus for serving a third apparatus.
At block 620, the second apparatus 120 determines, based on the first context, a second security context and/or at least one second key, the second security context comprising at least one of a second non-access stratum, NAS, security context or a second access stratum, AS, security context, for protecting communication between the second apparatus and the third apparatus.
At block 630, the second apparatus 120 maintains the second security context for further communication with the third apparatus, after the third apparatus is disconnected.
In some example embodiments, the determining the at least one second key comprises determining the at least one second key based on the second security context.
In some example embodiments, the determining the at least one second key based on the second security context comprises performing key derivation based on the second security context.
In some example embodiments, the at least one second key comprises at least  one of: one or more second NAS keys related to NAS security; or one or more second AS keys related to AS security.
In some example embodiments, the first context comprises at least one of the following: an identifier of the second apparatus, an identifier of the third apparatus, information associated with a second NAS security context, information associated with a second AS security context; a condition indicating when the first context is to be activated, a sequence number, an uplink non-access stratum, NAS, counting and a downlink NAS count, or a packet data convergence protocol sequence number.
In some example embodiments, the method 600 further comprises: receiving the first context from the fourth apparatus, wherein the information associated with the second security context comprises at least one of: a random value, or a second NAS key or a second AS key for the communication protection between the third apparatus and the second apparatus.
In some example embodiments, the method 600 further comprises: receiving the first context from an access and mobility management function at the first apparatus, wherein the information associated with the second security context comprise a pair of an identifier of the second apparatus and a random value.
In some example embodiments, the method 600 further comprises: determining, at least based on the information associated with the second security context, a second key for the communication protection between the third apparatus and the second apparatus, wherein the second key comprises a second NAS key related to NAS security or a second AS key related to AS security; performing a security check of the third apparatus during a connection establishment between the third apparatus and the second apparatus at least based on the second key; and in response to a success of the security check, establishing a connection between the third apparatus and the second apparatus.
In some example embodiments, the first apparatus comprises or is comprised in one of a radio access network device or a core network device, the second apparatus comprises or is comprised in a radio access network device, the third apparatus comprises or is comprised in a terminal device and the fourth apparatus comprises or is comprised in one of a radio access network device or a core network device.
FIG. 7 shows a flowchart of an example method 700 implemented at a third  apparatus in accordance with some example embodiments of the present disclosure. For the purpose of discussion, the method 700 will be described from the perspective of the third apparatus 130 in FIG. 1.
At block 710, the third apparatus 130 obtains a first security context and/or at least one first key for protecting communication between the third apparatus and the first apparatus, comprising at least one of a first NAS security context or a first AS security context. The third apparatus 130 also determines at least one of a first NAS key or a first AS key.
At block 720, the third apparatus 130 maintains the first security context and/or the at least one first key for protecting communication with the first apparatus.
At block 730, the third apparatus 130 receives a first context, from a first apparatus by using the first security context and/or the at least one first key for protecting communication between the third apparatus and the first apparatus, at least indicating information associated with a second apparatus for serving the third apparatus.
At block 740, the third apparatus 130 determines, based on the first context, a second security context and/or at least one second key comprising at least one of a second NAS security context or a second AS security context, and/or at least one of a second NAS key or a second AS key, for protecting communication between the second apparatus and the third apparatus.
At block 750, the third apparatus 130 maintains the second security context and/or the at least one second key for communication with the second apparatus.
In some example embodiments, the obtaining the first security context comprises performing primary authentication with the first apparatus; the obtaining the at least one first key comprises determining the at least one first key based on the first security context; and the obtaining the at least one second key comprises determining the at least one second key based on the second security context.
In some example embodiments, the determining the at least one first key based on the first security context comprises performing key derivation based on the first security context; and wherein the determining the at least one second key based on the second security context comprises performing key derivation based on the second security context.
In some example embodiments, the at least one first key comprises at least one of: one or more first NAS keys related to NAS security; or one or more first AS keys related to AS security; and wherein the at least one second key comprises at least one of: one or more second NAS keys related to NAS security; or one or more second AS keys related to AS security.
In some example embodiments, the method 700 further comprises: in response to the determining the second security context and/or the at least one second key, maintaining both of: the first security context and/or the at least one first key, for protecting communication with the first apparatus; and the second security context and/or the at least one second key, for protecting communication with the second apparatus.
In some example embodiments, the first context comprises at least one of the following: an identifier of the second apparatus, an identifier of the third apparatus, information associated with a second NAS security context, information associated with a second AS security context; a condition indicating when the first context is to be activated, a sequence number, an uplink non-access stratum, NAS, counting and a downlink NAS count, or a packet data convergence protocol sequence number.
In some example embodiments, the method 700 further comprises: obtaining the first context from the first apparatus, wherein the information associated with the security context comprises a random value.
In some example embodiments, the method 700 further comprises: obtaining the first context from the first apparatus, wherein the information associated with the security context comprise a pair of an identifier of the second apparatus and a random value.
In some example embodiments, the method 700 further comprises: determining, at least based on the information associated with the security context, a key related to the NAS security or the AS security for the communication protection between the third apparatus and the second apparatus; and using the key for a security check during a connection establishment between the third apparatus and the second apparatus.
In some example embodiments, the first apparatus comprises or is comprised in one of a radio access network device or a core network device, the second apparatus comprises or is comprised in a radio access network device, and the third apparatus comprises or is comprised in a terminal device.
In some example embodiments, a first apparatus capable of performing any of the method 500 (for example, the first apparatus 110 in FIG. 1) may comprise means for performing the respective operations of the method 500. The means may be implemented in any suitable form. For example, the means may be implemented in a circuitry or software module. The first apparatus may be implemented as or included in the first apparatus 110 in FIG. 1.
In some example embodiments, the first apparatus comprises means for obtaining a first context at least indicating information associated with a second apparatus for serving a third apparatus; and means for transmitting the first context to at least one of the third apparatus or the second apparatus for communication protection between the third apparatus and the second apparatus.
In some example embodiments, the first apparatus further comprises: means for obtaining a first security context and/or at least one first key for protecting communication between the first apparatus and the third apparatus, the first security context comprising at least one of a first non-access stratum, NAS, security context or a first access stratum, AS, security context; and means for maintaining the first security context and/or the at least one first key for protecting communication with the third apparatus; wherein means for transmitting the first context to the third apparatus comprises means for using the first security context and/or the at least one first key for protecting communication between the third apparatus and the first apparatus.
In some example embodiments, the obtaining the first security context and/or the at least one first key comprises performing primary authentication with the third apparatus; and the obtaining the at least one first key comprises determining the at least one first key based on the first security context.
In some example embodiments, the determining the at least one first key based on the first security context comprises performing key derivation based on the first security context.
In some example embodiments, the at least one first key comprises at least one of: one or more first NAS keys related to NAS security; or one or more first AS keys related to AS security.
In some example embodiments, the first context comprises at least one of the  following: an identifier of the second apparatus, an identifier of the third apparatus, information associated with a second NAS security context, information associated with a second AS security context; a condition indicating when the first context is to be activated, a sequence number, means for an uplink non-access stratum, NAS, counting and a downlink NAS count, or a packet data convergence protocol sequence number.
In some example embodiments, the first apparatus further comprises: means for determining the first context based on at least one of: a traffic profile of the third apparatus; a trajectory information of the second apparatus; an ephemeris information of the second apparatus; or a second context received from a fourth apparatus.
In some example embodiments, the first apparatus further comprises: means for transmitting, to the second apparatus via a fourth apparatus, the first context along with the information associated with the second NAS security context and/or the second AS security context, comprising at least one of: a random value, or a second NAS key related to NAS security, or a second AS key related to AS security for the communication protection between the third apparatus and the second apparatus.
In some example embodiments, the first apparatus further comprises: means for transmitting the third apparatus by using the first security context and/or the at least one first key for protecting communication between the third apparatus and the first apparatus the first context along with the information associated with the second NAS security context and/or the second AS security context, comprising a pair of an identifier of the second apparatus and a random value.
In some example embodiments, the first apparatus further comprises: means for transmitting from an AMF at the first apparatus to the third apparatus, the first context along with the information associated with the second NAS security context or the second AS security context comprising a pair of an identifier of the second apparatus and a random value.
In some example embodiments, the fourth apparatus comprises or is comprised in one of a radio access network device or a core network device.
In some example embodiments, the first apparatus comprises or is comprised in one of a radio access network device or a core network device, the second apparatus comprises or is comprised in a radio access network device, and the third apparatus  comprises or is comprised in a terminal device.
In some example embodiments, the first apparatus further comprises means for performing other operations in some example embodiments of the method 500 or the first apparatus 110. In some example embodiments, the means comprises at least one processor; and at least one memory storing instructions that, when executed by the at least one processor, cause the performance of the first apparatus.
In some example embodiments, a second apparatus capable of performing any of the method 600 (for example, the second apparatus 120 in FIG. 1) may comprise means for performing the respective operations of the method 600. The means may be implemented in any suitable form. For example, the means may be implemented in a circuitry or software module. The second apparatus may be implemented as or included in the second apparatus 120 in FIG. 1.
In some example embodiments, the second apparatus comprises means for receiving a first context, from a first apparatus or a fourth apparatus, at least indicating information associated with the second apparatus for serving a third apparatus; means for determining, based on the first context, a second security context and/or at least one second key, the second security context comprising at least one of a second non-access stratum, NAS, security context or a second access stratum, AS, security context, for protecting communication between the second apparatus and the third apparatus; and means for maintaining the second security context for further communication with the third apparatus, after the third apparatus is disconnected.
In some example embodiments, means for determining the at least one second key comprises means for determining the at least one second key based on the second security context.
In some example embodiments, means for determining the at least one second key based on the second security context comprises means for performing key derivation based on the second security context.
In some example embodiments, the at least one second key comprises at least one of: one or more second NAS keys related to NAS security; or one or more second AS keys related to AS security.
In some example embodiments, the first context comprises at least one of the  following: an identifier of the second apparatus, an identifier of the third apparatus, information associated with a second NAS security context, information associated with a second AS security context; a condition indicating when the first context is to be activated, a sequence number, means for an uplink non-access stratum, NAS, counting and a downlink NAS count, or a packet data convergence protocol sequence number.
In some example embodiments, the second apparatus further comprises: means for receiving the first context from the fourth apparatus, wherein the information associated with the second security context comprises at least one of: a random value, or a second NAS key or a second AS key for the communication protection between the third apparatus and the second apparatus.
In some example embodiments, the second apparatus further comprises: means for receiving the first context from an access and mobility management function at the first apparatus, wherein the information associated with the second security context comprise a pair of an identifier of the second apparatus and a random value.
In some example embodiments, the second apparatus further comprises: means for determining, at least based on the information associated with the second security context, a second key for the communication protection between the third apparatus and the second apparatus, wherein the second key comprises a second NAS key related to NAS security or a second AS key related to AS security; means for performing a security check of the third apparatus during a connection establishment between the third apparatus and the second apparatus at least based on the second key; and means for in response to a success of the security check, establishing a connection between the third apparatus and the second apparatus.
In some example embodiments, the first apparatus comprises or is comprised in one of a radio access network device or a core network device, the second apparatus comprises or is comprised in a radio access network device, the third apparatus comprises or is comprised in a terminal device and the fourth apparatus comprises or is comprised in one of a radio access network device or a core network device.
In some example embodiments, the second apparatus further comprises means for performing other operations in some example embodiments of the method 600 or the second apparatus 120. In some example embodiments, the means comprises at least one processor; and at least one memory storing instructions that, when executed by the at least  one processor, cause the performance of the second apparatus.
In some example embodiments, a third apparatus capable of performing any of the method 700 (for example, the third apparatus 130 in FIG. 1) may comprise means for performing the respective operations of the method 700. The means may be implemented in any suitable form. For example, the means may be implemented in a circuitry or software module. The third apparatus may be implemented as or included in the third apparatus 130 in FIG. 1.
In some example embodiments, the third apparatus comprises means for obtaining a first security context and/or at least one first key for protecting communication between the third apparatus and the first apparatus, comprising at least one of a first NAS security context or a first AS security context; means for maintaining the first security context and/or the at least one first key for protecting communication with the first apparatus; means for receiving a first context, from a first apparatus by using the first security context and/or the at least one first key for protecting communication between the third apparatus and the first apparatus, at least indicating information associated with a second apparatus for serving the third apparatus; means for determining, based on the first context, a second security context and/or at least one second key for protecting communication between the second apparatus and the third apparatus, the second security context comprising at least one of a second NAS security context or a second AS security context; and means for maintaining the second security context and/or the at least one second key for communication with the second apparatus.
In some example embodiments, means for obtaining the first security context comprises means for performing primary authentication with the first apparatus; means for obtaining the at least one first key comprises means for determining the at least one first key based on the first security context; and means for obtaining the at least one second key comprises means for determining the at least one second key based on the second security context.
In some example embodiments, means for determining the at least one first key based on the first security context comprises means for performing key derivation based on the first security context; and wherein means for determining the at least one second key based on the second security context comprises means for performing key derivation based on the second security context.
In some example embodiments, the at least one first key comprises at least one of: one or more first NAS keys related to NAS security; or one or more first AS keys related to AS security; and wherein the at least one second key comprises at least one of: one or more second NAS keys related to NAS security; or one or more second AS keys related to AS security.
In some example embodiments, the third apparatus further comprises: means for, in response to the determining the second security context, maintaining both of: the first security context and/or the at least one first key, for protecting communication with the first apparatus; and the second security context and/or the at least one second key, for protecting communication with the second apparatus.
In some example embodiments, the first context comprises at least one of the following: an identifier of the second apparatus, an identifier of the third apparatus, information associated with a second NAS security context, information associated with a second AS security context; a condition indicating when the first context is to be activated, a sequence number, means for an uplink non-access stratum, NAS, counting and a downlink NAS count, or a packet data convergence protocol sequence number.
In some example embodiments, the third apparatus further comprises: means for obtaining the first context from the first apparatus, wherein the information associated with the security context comprises a random value.
In some example embodiments, the third apparatus further comprises: means for obtaining the first context from the first apparatus, wherein the information associated with the security context comprise a pair of an identifier of the second apparatus and a random value.
In some example embodiments, the third apparatus further comprises: means for determining, at least based on the information associated with the security context, a key related to the NAS security or the AS security for the communication protection between the third apparatus and the second apparatus; and using the key for a security check during a connection establishment between the third apparatus and the second apparatus.
In some example embodiments, the first apparatus comprises or is comprised in one of a radio access network device or a core network device, the second apparatus comprises or is comprised in a radio access network device, and the third apparatus  comprises or is comprised in a terminal device.
In some example embodiments, the third apparatus further comprises means for performing other operations in some example embodiments of the method 700 or the third apparatus 130. In some example embodiments, the means comprises at least one processor; and at least one memory storing instructions that, when executed by the at least one processor, cause the performance of the third apparatus.
FIG. 8 is a simplified block diagram of a device 800 that is suitable for implementing example embodiments of the present disclosure. The device 800 may be provided to implement a communication device, for example, the first apparatus 110, the second apparatus 120 or the third apparatus 130 as shown in FIG. 1. As shown, the device 800 includes one or more processors 810, one or more memories 820 coupled to the processor 810, and one or more communication modules 840 coupled to the processor 810.
The communication module 840 is for bidirectional communications. The communication module 840 has one or more communication interfaces to facilitate communication with one or more other modules or devices. The communication interfaces may represent any interface that is necessary for communication with other network elements. In some example embodiments, the communication module 840 may include at least one antenna.
The processor 810 may be of any type suitable to the local technical network and may include one or more of the following: general purpose computers, special purpose computers, microprocessors, digital signal processors (DSPs) and processors based on multicore processor architecture, as non-limiting examples. The device 800 may have multiple processors, such as an application specific integrated circuit chip that is slaved in time to a clock which synchronizes the main processor.
The memory 820 may include one or more non-volatile memories and one or more volatile memories. Examples of the non-volatile memories include, but are not limited to, a Read Only Memory (ROM) 824, an electrically programmable read only memory (EPROM) , a flash memory, a hard disk, a compact disc (CD) , a digital video disk (DVD) , an optical disk, a laser disk, and other magnetic storage and/or optical storage. Examples of the volatile memories include, but are not limited to, a random access memory (RAM) 822 and other volatile memories that will not last in the power-down duration.
A computer program 830 includes computer executable instructions that are executed by the associated processor 810. The instructions of the program 830 may include instructions for performing operations/acts of some example embodiments of the present disclosure. The program 830 may be stored in the memory, e.g., the ROM 824. The processor 810 may perform any suitable actions and processing by loading the program 830 into the RAM 822.
The example embodiments of the present disclosure may be implemented by means of the program 830 so that the device 800 may perform any process of the disclosure as discussed with reference to FIG. 2 to FIG. 7. The example embodiments of the present disclosure may also be implemented by hardware or by a combination of software and hardware.
In some example embodiments, the program 830 may be tangibly contained in a computer readable medium which may be included in the device 800 (such as in the memory 820) or other storage devices that are accessible by the device 800. The device 800 may load the program 830 from the computer readable medium to the RAM 822 for execution. In some example embodiments, the computer readable medium may include any types of non-transitory storage medium, such as ROM, EPROM, a flash memory, a hard disk, CD, DVD, and the like. The term “non-transitory, ” as used herein, is a limitation of the medium itself (i.e., tangible, not a signal) as opposed to a limitation on data storage persistency (e.g., RAM vs. ROM) .
FIG. 9 shows an example of the computer readable medium 900 which may be in form of CD, DVD or other optical storage disk. The computer readable medium 900 has the program 830 stored thereon.
Generally, various embodiments of the present disclosure may be implemented in hardware or special purpose circuits, software, logic or any combination thereof. Some aspects may be implemented in hardware, and other aspects may be implemented in firmware or software which may be executed by a controller, microprocessor or other computing device. Although various aspects of embodiments of the present disclosure are illustrated and described as block diagrams, flowcharts, or using some other pictorial representations, it is to be understood that the block, apparatus, system, technique or method described herein may be implemented in, as non-limiting examples, hardware, software, firmware, special purpose circuits or logic, general purpose hardware or  controller or other computing devices, or some combination thereof.
Some example embodiments of the present disclosure also provide at least one computer program product tangibly stored on a computer readable medium, such as a non-transitory computer readable medium. The computer program product includes computer-executable instructions, such as those included in program modules, being executed in a device on a target physical or virtual processor, to carry out any of the methods as described above. Generally, program modules include routines, programs, libraries, objects, classes, components, data structures, or the like that perform particular tasks or implement particular abstract data types. The functionality of the program modules may be combined or split between program modules as desired in various embodiments. Machine-executable instructions for program modules may be executed within a local or distributed device. In a distributed device, program modules may be located in both local and remote storage media.
Program code for carrying out methods of the present disclosure may be written in any combination of one or more programming languages. The program code may be provided to a processor or controller of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the program code, when executed by the processor or controller, cause the functions/operations specified in the flowcharts and/or block diagrams to be implemented. The program code may execute entirely on a machine, partly on the machine, as a stand-alone software package, partly on the machine and partly on a remote machine or entirely on the remote machine or server.
In the context of the present disclosure, the computer program code or related data may be carried by any suitable carrier to enable the device, apparatus or processor to perform various processes and operations as described above. Examples of the carrier include a signal, computer readable medium, and the like.
The computer readable medium may be a computer readable signal medium or a computer readable storage medium. A computer readable medium may include but not limited to an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of the computer readable storage medium would include an electrical connection having one or more wires, a portable computer diskette, a hard disk, a random access memory (RAM) , a read-only memory (ROM) , an erasable programmable read-only  memory (EPROM or Flash memory) , an optical fiber, a portable compact disc read-only memory (CD-ROM) , an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
Further, although operations are depicted in a particular order, this should not be understood as requiring that such operations be performed in the particular order shown or in sequential order, or that all illustrated operations be performed, to achieve desirable results. In certain circumstances, multitasking and parallel processing may be advantageous. Likewise, although several specific implementation details are contained in the above discussions, these should not be construed as limitations on the scope of the present disclosure, but rather as descriptions of features that may be specific to particular embodiments. Unless explicitly stated, certain features that are described in the context of separate embodiments may also be implemented in combination in a single embodiment. Conversely, unless explicitly stated, various features that are described in the context of a single embodiment may also be implemented in a plurality of embodiments separately or in any suitable sub-combination.
Although the present disclosure has been described in languages specific to structural features and/or methodological acts, it is to be understood that the present disclosure defined in the appended claims is not necessarily limited to the specific features or acts described above. Rather, the specific features and acts described above are disclosed as example forms of implementing the claims.

Claims (40)

  1. A first apparatus comprising:
    at least one processor; and
    at least one memory storing instructions that, when executed by the at least one processor, cause the first apparatus at least to:
    determine a first context at least indicating information associated with a second apparatus for serving a third apparatus; and
    transmit the first context to at least one of the third apparatus or the second apparatus for communication protection between the third apparatus and the second apparatus.
  2. The first apparatus of claim 1, wherein the first apparatus is further caused to:
    obtain a first security context and/or at least one first key for protecting communication between the first apparatus and the third apparatus, the first security context comprising at least one of a first non-access stratum, NAS, security context or a first access stratum, AS, security context; and
    maintain the first security context and/or the at least one first key for protecting communication with the third apparatus; wherein
    the transmitting the first context to the third apparatus comprises using the first security context and/or the at least one first key for protecting communication between the third apparatus and the first apparatus.
  3. The first apparatus of claim 2, wherein
    the obtaining the first security context and/or the at least one first key comprises performing primary authentication with the third apparatus; and
    the obtaining the at least one first key comprises determining the at least one first key based on the first security context.
  4. The first apparatus of claim 3, wherein
    the determining the at least one first key based on the first security context comprises performing key derivation based on the first security context.
  5. The first apparatus of claim 2 or 3, wherein the at least one first key comprises at least one of:
    one or more first NAS keys related to NAS security; or
    one or more first AS keys related to AS security.
  6. The first apparatus of any of claims 2-5, wherein the first context comprises at least one of the following:
    an identifier of the second apparatus;
    an identifier of the third apparatus;
    information associated with a second non-access stratum, NAS, security context;
    information associated with a second access stratum, AS, security context;
    a condition indicating when the first context is to be activated;
    a sequence number;
    an uplink non-access stratum, NAS, count and a downlink NAS count; or
    a packet data convergence protocol sequence number.
  7. The first apparatus of any of claims 1-6, wherein the first apparatus is caused to determine the first context based on at least one of:
    a traffic profile of the third apparatus;
    a trajectory information of the second apparatus;
    an ephemeris information of the second apparatus; or
    a second context received from a fourth apparatus.
  8. The first apparatus of claim 6, wherein the first apparatus is caused to:
    transmit, to the second apparatus via a fourth apparatus, the first context along with the information associated with the second NAS security context and/or the second AS  security context, comprising at least one of:
    a random value; or
    a second NAS key related to NAS security, or a second AS key related to AS security for the communication protection between the third apparatus and the second apparatus.
  9. The first apparatus of claim 6, wherein the first apparatus is caused to:
    transmit to the third apparatus by using the first security context and/or the at least one first key for protecting communication between the third apparatus and the first apparatus the first context along with the information associated with the second NAS security context or the second AS security context, comprising a pair of an identifier of the second apparatus and a random value.
  10. The first apparatus of claim 6, wherein the first apparatus is caused to:
    transmit, from an access and mobility management function at the first apparatus to the third apparatus, the first context along with the information associated with the second NAS security context or the second AS security context, comprising a pair of an identifier of the second apparatus and a random value.
  11. The first apparatus of claim 7 or 8, wherein the fourth apparatus comprises or is comprised in one of a radio access network device or a core network device.
  12. The first apparatus of any of claims 1-11, wherein the first apparatus comprises or is comprised in one of a radio access network device or a core network device, the second apparatus comprises or is comprised in a radio access network device, and the third apparatus comprises or is comprised in a terminal device.
  13. A second apparatus comprising:
    at least one processor; and
    at least one memory storing instructions that, when executed by the at least one  processor, cause the second apparatus at least to:
    receive a first context, from a first apparatus or a fourth apparatus, at least indicating information associated with the second apparatus for serving a third apparatus;
    determine, based on the first context, a second security context and/or at least one second key, the second security context comprising at least one of a second non-access stratum, NAS, security context or a second access stratum, AS, security context, for protecting communication between the second apparatus and the third apparatus; and
    maintain the second security context for further communication with the third apparatus, after the third apparatus is disconnected.
  14. The second apparatus of claim 13, wherein
    the determining the at least one second key comprises determining the at least one second key based on the second security context.
  15. The second apparatus of claim 14, wherein
    the determining the at least one second key based on the second security context comprises performing key derivation based on the second security context.
  16. The second apparatus of any of claims 13-15, wherein
    the at least one second key comprises at least one of:
    one or more second NAS keys related to NAS security; or
    one or more second AS keys related to AS security.
  17. The second apparatus of any of claims 13-16, wherein the first context comprises at least one of the following:
    an identifier of the second apparatus;
    an identifier of the third apparatus;
    information associated with a second non-access stratum, NAS, security context;
    information associated with a second access stratum, AS, security context;
    a condition indicating when the first context is to be activated;
    a sequence number;
    an uplink non-access stratum, NAS, count and a downlink NAS count; or
    a packet data convergence protocol sequence number.
  18. The second apparatus of any of claims 13-17, wherein the second apparatus is caused to:
    receive the first context from the fourth apparatus, wherein the information associated with the second security context comprises at least one of:
    a random value; or
    a second NAS key or a second AS key, for the communication protection between the third apparatus and the second apparatus.
  19. The second apparatus of any of claims 13-17, wherein the second apparatus is caused to:
    receive the first context from an access and mobility management function at the first apparatus, wherein the information associated with the second security context comprises a pair of an identifier of the second apparatus and a random value.
  20. The second apparatus of any of claims 13-19, wherein the second apparatus is caused to:
    determine, at least based on the information associated with the second security context, a second key for the communication protection between the third apparatus and the second apparatus, wherein the second key comprises a second NAS key related to NAS security or a second AS key related to AS security; and
    perform a security check of the third apparatus during a connection establishment between the third apparatus and the second apparatus at least based on the second key; and
    in response to a success of the security check, establish a connection between the  third apparatus and the second apparatus.
  21. The second apparatus of any of claims 13-20, wherein the first apparatus comprises or is comprised in one of a radio access network device or a core network device, the second apparatus comprises or is comprised in a radio access network device, the third apparatus comprises or is comprised in a terminal device and the fourth apparatus comprises or is comprised in one of a radio access network device or a core network device.
  22. A third apparatus comprising:
    at least one processor; and
    at least one memory storing instructions that, when executed by the at least one processor, cause the third apparatus at least to:
    obtain a first security context and/or at least one first key for protecting communication between the third apparatus and the first apparatus, comprising at least one of a first NAS security context or a first AS security context;
    maintain the first security context and/or the at least one first key for protecting communication with the first apparatus;
    receive a first context, from a first apparatus by using the first security context and/or the at least one first key for protecting communication between the third apparatus and the first apparatus, at least indicating information associated with a second apparatus for serving the third apparatus;
    determine, based on the first context, a second security context and/or at least one second key for protecting communication between the second apparatus and the third apparatus, the second security context comprising at least one of a second NAS security context or a second AS security context; and
    maintain the second security context and/or the at least one second key for communication with the second apparatus.
  23. The third apparatus of claim 22, wherein
    the obtaining the first security context comprises performing primary authentication with the first apparatus;
    the obtaining the at least one first key comprises determining the at least one first key based on the first security context; and
    the obtaining the at least one second key comprises determining the at least one second key based on the second security context.
  24. The third apparatus of claim 23, wherein
    the determining the at least one first key based on the first security context comprises performing key derivation based on the first security context; and wherein
    the determining the at least one second key based on the second security context comprises performing key derivation based on the second security context.
  25. The third apparatus of any of claims 22-24, wherein
    the at least one first key comprises at least one of:
    one or more first NAS keys related to NAS security; or
    one or more first AS keys related to AS security; and wherein
    the at least one second key comprises at least one of:
    one or more second NAS keys related to NAS security; or
    one or more second AS keys related to AS security.
  26. The third apparatus of any of claims 22 to 25, wherein the third apparatus is further caused to:
    in response to the determining the second security context and/or the at least one second key, maintain both of:
    the first security context and/or the at least one first key, for protecting communication with the first apparatus; and
    the second security context and/or the at least one second key, for protecting  communication with the second apparatus.
  27. The third apparatus of any of claims 22-26, wherein the first context comprises at least one of the following:
    an identifier of the second apparatus;
    an identifier of the third apparatus;
    information associated with a non-access stratum, NAS, security context;
    information associated with an access stratum, AS, security context;
    a condition indicating when the first context is to be activated;
    a sequence number;
    an uplink non-access stratum, NAS, count and a downlink NAS count; or
    a packet data convergence protocol sequence number.
  28. The third apparatus of claim 27, wherein the third apparatus is caused to:
    obtain the first context from the first apparatus, wherein the information associated with the security context comprises a random value.
  29. The third apparatus of claim 27, wherein the third apparatus is caused to:
    obtain the first context from the first apparatus, wherein the information associated with the security context comprise a pair of an identifier of the second apparatus and a random value.
  30. The third apparatus of any of claims 22 to 29, wherein the third apparatus is caused to:
    determine, at least based on the information associated with the security context, a key related to the NAS security or the AS security for the communication protection between the third apparatus and the second apparatus; and
    using the key for a security check during a connection establishment between the third apparatus and the second apparatus.
  31. The third apparatus of any of claims 22-30, wherein the first apparatus comprises or is comprised in one of a radio access network device or a core network device, the second apparatus comprises or is comprised in a radio access network device, and the third apparatus comprises or is comprised in a terminal device.
  32. A method comprising:
    determining a first context at least indicating information associated with a second apparatus for serving a third apparatus; and
    transmitting the first context to at least one of the third apparatus or the second apparatus for communication protection between the third apparatus and the second apparatus.
  33. A method comprising:
    receiving a first context, from a first apparatus or a fourth apparatus, at least indicating information associated with the second apparatus for serving a third apparatus;
    determining, based on the first context, a second security context and/or at least one second key, the second security context comprising at least one of a second non-access stratum, NAS, security context or a second access stratum, AS, security context, for protecting communication between the second apparatus and the third apparatus; and
    maintaining the second security context for further communication with the third apparatus, after the third apparatus is disconnected.
  34. A method comprising:
    obtaining a first security context and/or at least one first key for protecting communication between the third apparatus and the first apparatus, comprising at least one of a first NAS security context or a first AS security context;
    maintaining the first security context and/or the at least one first key for protecting communication with the first apparatus;
    receiving a first context, from a first apparatus by using the first security context and/or the at least one first key for protecting communication between the third apparatus and the first apparatus, at least indicating information associated with a second apparatus for serving the third apparatus;
    determining, based on the first context, a second security context and/or at least one second key for protecting communication between the second apparatus and the third apparatus, the second security context comprising at least one of a second NAS security context or a second AS security context; and
    maintaining the second security context and/or the at least one second key for communication with the second apparatus.
  35. A first apparatus comprising:
    means for determining a first context at least indicating information associated with a second apparatus for serving a third apparatus; and
    means for transmitting the first context to at least one of the third apparatus or the second apparatus for communication protection between the third apparatus and the second apparatus.
  36. A second apparatus comprising:
    means for receiving a first context, from a first apparatus or a fourth apparatus, at least indicating information associated with the second apparatus for serving a third apparatus;
    means for determining, based on the first context, a second security context and/or at least one second key, the second security context comprising at least one of a second non-access stratum, NAS, security context or a second access stratum, AS, security context, for protecting communication between the second apparatus and the third apparatus; and
    means for maintaining the second security context for further communication with the third apparatus, after the third apparatus is disconnected.
  37. A third apparatus comprising:
    means for obtaining a first security context and/or at least one first key for protecting communication between the third apparatus and the first apparatus, comprising at least one of a first NAS security context or a first AS security context;
    means for maintaining the first security context and/or the at least one first key for protecting communication with the first apparatus;
    means for receiving a first context, from a first apparatus by using the first security context and/or the at least one first key for protecting communication between the third apparatus and the first apparatus, at least indicating information associated with a second apparatus for serving the third apparatus;
    means for determining, based on the first context, a second security context and/or at least one second key comprising at least one of a second NAS security context or a second AS security context, for protecting communication between the second apparatus and the third apparatus; and
    means for maintaining the second security context and/or the at least one second key for communication with the second apparatus.
  38. A computer readable medium comprising program instructions for causing an apparatus at least to perform the method of any of claims 21-23.
  39. A system comprising:
    at least one processor and at least one memory storing instructions that, when executed by the at least one processor, cause the system at least to perform:
    determine a first security context and/or at least one first key for protecting communication between the third apparatus and the system, comprising at least one of a first NAS security context or a first AS security context;
    maintain the first security context and/or the at least one first key for protecting communication with the third apparatus;
    determine, or receive from a fourth apparatus, a first context at least indicating information associated with the system for serving a third apparatus;
    transmit, by using the first security context and/or the at least one first key for protecting communication between the third apparatus and the system, the first context to the third apparatus for protecting communication between the system and the third apparatus;
    determine, based on the first context, a second security context and/or at least one second key for protecting communication between the third apparatus and the system, the second security context comprising at least one of a second NAS security context or a second AS security context; and
    maintain the second security context and/or the at least one second key for protecting communication with the third apparatus.
  40. A system comprising:
    means for determining a first security context and/or at least one first key for protecting communication between the third apparatus and the system, comprising at least one of a first NAS security context or a first AS security context;
    means for maintaining the first security context and/or the at least one first key for protecting communication with the third apparatus;
    means for determining, or receiving from a fourth apparatus, a first context at least indicating information associated with the system for serving a third apparatus;
    means for transmitting, by using the first security context and/or the at least one first key for protecting communication between the third apparatus and the system, the first context to the third apparatus for protecting communication between the system and the third apparatus;
    means for determining, based on the first context, a second security context and/or at least one second key for protecting communication between the third apparatus and the system, the second security context comprising at least one of a second NAS security context or a second AS security context; and
    means for maintaining the second security context and/or the at least one second key for protecting communication with the third apparatus.
PCT/CN2023/135722 2023-11-30 2023-11-30 Secure communication in non-terrestrial network store and forward system Pending WO2025112008A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/CN2023/135722 WO2025112008A1 (en) 2023-11-30 2023-11-30 Secure communication in non-terrestrial network store and forward system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2023/135722 WO2025112008A1 (en) 2023-11-30 2023-11-30 Secure communication in non-terrestrial network store and forward system

Publications (1)

Publication Number Publication Date
WO2025112008A1 true WO2025112008A1 (en) 2025-06-05

Family

ID=95896049

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2023/135722 Pending WO2025112008A1 (en) 2023-11-30 2023-11-30 Secure communication in non-terrestrial network store and forward system

Country Status (1)

Country Link
WO (1) WO2025112008A1 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010105442A1 (en) * 2009-03-20 2010-09-23 深圳华为通信技术有限公司 Method, apparatus and system for generating key evolving parameters
US20220369176A1 (en) * 2021-05-12 2022-11-17 Qualcomm Incorporated Security handling of 5gs to epc reselection
US20230180070A1 (en) * 2021-12-03 2023-06-08 Qualcomm Incorporated Inter-radio access technology handoff procedure

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010105442A1 (en) * 2009-03-20 2010-09-23 深圳华为通信技术有限公司 Method, apparatus and system for generating key evolving parameters
US20220369176A1 (en) * 2021-05-12 2022-11-17 Qualcomm Incorporated Security handling of 5gs to epc reselection
US20230180070A1 (en) * 2021-12-03 2023-06-08 Qualcomm Incorporated Inter-radio access technology handoff procedure

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
THALES, HUGHES, SES, INMARSAT, LIGADO, EUTELSAT, TTP, LOCKHEED, NOVAMINT, AIRBUS, LOCKHEED MARTIN, ST ENGINEERING, SATELIOT, CEWIT: "Consideration on RAN1/2/3 led NTN topics for Release 19", 3GPP DRAFT; RWS-230048, 3RD GENERATION PARTNERSHIP PROJECT (3GPP), MOBILE COMPETENCE CENTRE ; 650, ROUTE DES LUCIOLES ; F-06921 SOPHIA-ANTIPOLIS CEDEX ; FRANCE, vol. TSG RAN, no. 20230612 - 20230616, 30 May 2023 (2023-05-30), Mobile Competence Centre ; 650, route des Lucioles ; F-06921 Sophia-Antipolis Cedex ; France, XP052496074 *

Similar Documents

Publication Publication Date Title
US12408038B2 (en) Partial integrity protection in telecommunication systems
US10187860B2 (en) User equipment context handling with user equipment autonomous mobility
US12439246B2 (en) Security communication in prose U2N relay
WO2025112008A1 (en) Secure communication in non-terrestrial network store and forward system
US20250380234A1 (en) Registration enhancement for multi-access
US20240244706A1 (en) Small data transmission
WO2024065209A1 (en) Mobile terminated early data transmission for internet of things
US20240340772A1 (en) Steering of roaming enhancement during registration reject
WO2024098177A1 (en) Authentication procedure for network slice
WO2024243880A1 (en) Dynamic non-access stratum timer value in non-terrestrial network
WO2025060001A1 (en) Handover in scenario when both source distributed unit and target distributed unit are co-located
US20250056401A1 (en) Mechanism for selecting a non-terrestrial network device
WO2025171589A1 (en) User plane traffic mapping
EP4325772B1 (en) Usage of access token in service based architecture
WO2024227300A1 (en) Completing a non-access-stratum procedure in store &forward architecture
WO2025175429A1 (en) Enhancements to support rrc_inactive state
WO2024239213A1 (en) Protect relay discovery for serving network driven scenario
WO2025129588A1 (en) Autonomous bandwidth part switch
WO2025091440A1 (en) Discard notifying
CN118972837A (en) Method and device for registration
US20250097875A1 (en) Path switch between relays and security procedures
WO2025175539A1 (en) Akma authentication with device information
US20250133393A1 (en) User plane traffic handling for emergency case
KR20250047786A (en) Authentication for non-cellular access devices
WO2023208472A1 (en) Devices, methods, apparatus and computer readable medium for communications

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 23959919

Country of ref document: EP

Kind code of ref document: A1