[go: up one dir, main page]

WO2025112008A1 - Communication sécurisée dans un système d'enregistrement et retransmission de réseau non terrestre - Google Patents

Communication sécurisée dans un système d'enregistrement et retransmission de réseau non terrestre Download PDF

Info

Publication number
WO2025112008A1
WO2025112008A1 PCT/CN2023/135722 CN2023135722W WO2025112008A1 WO 2025112008 A1 WO2025112008 A1 WO 2025112008A1 CN 2023135722 W CN2023135722 W CN 2023135722W WO 2025112008 A1 WO2025112008 A1 WO 2025112008A1
Authority
WO
WIPO (PCT)
Prior art keywords
context
security context
key
security
nas
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
PCT/CN2023/135722
Other languages
English (en)
Inventor
Xiang Xu
Saurabh Khare
Stawros Orkopoulos
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nokia Shanghai Bell Co Ltd
Nokia Solutions and Networks Oy
Nokia Technologies Oy
Original Assignee
Nokia Shanghai Bell Co Ltd
Nokia Solutions and Networks Oy
Nokia Technologies Oy
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nokia Shanghai Bell Co Ltd, Nokia Solutions and Networks Oy, Nokia Technologies Oy filed Critical Nokia Shanghai Bell Co Ltd
Priority to PCT/CN2023/135722 priority Critical patent/WO2025112008A1/fr
Publication of WO2025112008A1 publication Critical patent/WO2025112008A1/fr
Pending legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • H04W12/033Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/047Key management, e.g. using generic bootstrapping architecture [GBA] without using a trusted network node as an anchor
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication

Definitions

  • Various example embodiments of the present disclosure generally relate to the field of telecommunication and in particular, to methods, devices, apparatuses and computer readable storage medium for the secure communication in Non-Terrestrial Network (NTN) Store and Forward (S&F) system, especially for secure communication between user equipment (UE) and a plurality of satellites.
  • NTN Non-Terrestrial Network
  • S&F Store and Forward
  • the Third Generation Partnership Project (3GPP) has initiated a discussion on satellite access and several S&F use cases are defined including both mobile terminated and originated application data.
  • the S&F mainly refer to Non-Geosynchronous Orbit (NGSO) satellite, and assumes the radio access network node (e.g., eNB or gNB) is hosted in the satellite.
  • the satellite and the radio access network node e.g., eNB or gNB
  • the GS includes the NTN Gateway (NTN-GW) , Home Subscriber Server (HSS) or other core network (CN) nodes.
  • NTN-GW NTN Gateway
  • HSS Home Subscriber Server
  • CN core network
  • a first apparatus comprising at least one processor; and at least one memory storing instructions that, when executed by the at least one processor, cause the first apparatus at least to: determine a first context at least indicating information associated with a second apparatus for serving a third apparatus; and transmit the first context to at least one of the third apparatus or the second apparatus for communication protection between the third apparatus and the second apparatus.
  • a second apparatus comprising at least one processor; and at least one memory storing instructions that, when executed by the at least one processor, cause the second apparatus at least to: receive a first context, from a first apparatus or a fourth apparatus, at least indicating information associated with the second apparatus for serving a third apparatus; determine, based on the first context, a second security context and/or at least one second key, the second security context comprising at least one of a second non-access stratum, NAS, security context or a second access stratum, AS, security context, for protecting communication between the second apparatus and the third apparatus; and maintain the second security context for further communication with the third apparatus, after the third apparatus is disconnected.
  • a third apparatus comprises at least one processor; and at least one memory storing instructions that, when executed by the at least one processor, cause the third apparatus at least to: obtain a first security context and/or at least one first key for protecting communication between the third apparatus and the first apparatus, comprising at least one of a first NAS security context or a first AS security context; maintain the first security context and/or the at least one first key for protecting communication with the first apparatus; receive a first context, from a first apparatus by using the first security context and/or the at least one first key for protecting communication between the third apparatus and the first apparatus, at least indicating information associated with a second apparatus for serving the third apparatus; determine, based on the first context, a second security context and/or at least one second key for protecting communication between the second apparatus and the third apparatus, the second security context comprising at least one of a second NAS security context or a second AS security context; and maintain the second security context and/or the at least one second key for communication with
  • a method comprises: determining a first context at least indicating information associated with a second apparatus for serving a third apparatus; and transmitting the first context to at least one of the third apparatus or the second apparatus for communication protection between the third apparatus and the second apparatus.
  • a method comprises: receiving a first context, from a first apparatus or a fourth apparatus, at least indicating information associated with the second apparatus for serving a third apparatus; determining, based on the first context, a second security context and/or at least one second key, the second security context comprising at least one of a second non-access stratum, NAS, security context or a second access stratum, AS, security context, for protecting communication between the second apparatus and the third apparatus; and maintaining the second security context for further communication with the third apparatus, after the third apparatus is disconnected.
  • a method comprises: obtaining a first security context and/or at least one first key for protecting communication between the third apparatus and the first apparatus, comprising at least one of a first NAS security context or a first AS security context; maintaining the first security context and/or the at least one first key for protecting communication with the first apparatus; receiving a first context, from a first apparatus by using the first security context and/or the at least one first key for protecting communication between the third apparatus and the first apparatus, at least indicating information associated with a second apparatus for serving the third apparatus; determining, based on the first context, a second security context and/or at least one second key for protecting communication between the second apparatus and the third apparatus, the second security context comprising at least one of a second NAS security context or a second AS security context; and maintaining the second security context and/or the at least one second key for communication with the second apparatus.
  • a first apparatus comprises means for determining a first context at least indicating information associated with a second apparatus for serving a third apparatus; and means for transmitting the first context to at least one of the third apparatus or the second apparatus for communication protection between the third apparatus and the second apparatus.
  • a second apparatus comprises means for receiving a first context, from a first apparatus or a fourth apparatus, at least indicating information associated with the second apparatus for serving a third apparatus; means for determining, based on the first context, a second security context and/or at least one second key, the second security context comprising at least one of a second non-access stratum, NAS, security context or a second access stratum, AS, security context, for protecting communication between the second apparatus and the third apparatus; and means for maintaining the second security context for further communication with the third apparatus, after the third apparatus is disconnected.
  • a third apparatus comprises means for obtaining a first security context and/or at least one first key for protecting communication between the third apparatus and the first apparatus, comprising at least one of a first NAS security context or a first AS security context; means for maintaining the first security context and/or the at least one first key for protecting communication with the first apparatus; means for receiving a first context, from a first apparatus by using the first security context and/or the at least one first key for protecting communication between the third apparatus and the first apparatus, at least indicating information associated with a second apparatus for serving the third apparatus; means for determining, based on the first context, a second security context and/or at least one second key for protecting communication between the second apparatus and the third apparatus, the second security context comprising at least one of a second NAS security context or a second AS security context; and means for maintaining the second security context and/or the at least one second key for communication with the second apparatus.
  • a computer readable medium comprises instructions stored thereon for causing an apparatus to perform at least the method according to the fourth aspect.
  • a computer readable medium comprises instructions stored thereon for causing an apparatus to perform at least the method according to the fifth aspect.
  • a computer readable medium comprises instructions stored thereon for causing an apparatus to perform at least the method according to the sixth aspect.
  • a system comprising at least one processor and at least one memory storing instructions that, when executed by the at least one processor, cause the system at least to perform: determine a first security context and/or at least one first key for protecting communication between the third apparatus and the system, comprising at least one of a first NAS security context or a first AS security context; maintain the first security context and/or the at least one first key for protecting communication with the third apparatus; determine, or obtain from a fourth apparatus, a first context at least indicating information associated with the system for serving a third apparatus; transmit, by using the first security context and/or the at least one first key for protecting communication between the third apparatus and the system, the first context to the third apparatus for protecting communication between the system and the third apparatus; determine, based on the first context, a second security context and/or at least one second key for protecting communication between the second apparatus and the system, the second security context comprising at least one of a second NAS security context or a second AS security context; and
  • a system comprising means for determining a first security context and/or at least one first key for protecting communication between the third apparatus and the system, comprising at least one of a first NAS security context or a first AS security context; means for maintaining the first security context and/or the at least one first key for protecting communication with the third apparatus; means for determining, or obtaining from a fourth apparatus, a first context at least indicating information associated with the system for serving a third apparatus; means for transmitting, by using the first security context and/or the at least one first key for protecting communication between the third apparatus and the system, the first context to the third apparatus for protecting communication between the system and the third apparatus; means for determining, based on the first context, a second security context and/or at least one second key for protecting communication between the second apparatus and the system, the second security context comprising at least one of a second NAS security context or a second AS security context; and means for maintaining the second security context and/or the at least one second key
  • FIG. 1 illustrates an example communication environment in which example embodiments of the present disclosure can be implemented
  • FIG. 2 illustrates a signaling chart of an example process of the secure communication in NTN S&F system according to some example embodiments of the present disclosure
  • FIG. 7 illustrates a flowchart of a method implemented at a third apparatus according to some example embodiments of the present disclosure
  • FIG. 8 illustrates a simplified block diagram of a device that is suitable for implementing example embodiments of the present disclosure.
  • FIG. 9 illustrates a block diagram of an example computer readable medium in accordance with some example embodiments of the present disclosure.
  • references in the present disclosure to “one embodiment, ” “an embodiment, ” “an example embodiment, ” and the like indicate that the embodiment described may include a particular feature, structure, or characteristic, but it is not necessary that every embodiment includes the particular feature, structure, or characteristic. Moreover, such phrases are not necessarily referring to the same embodiment. Further, when a particular feature, structure, or characteristic is described in connection with an embodiment, it is submitted that it is within the knowledge of one skilled in the art to affect such feature, structure, or characteristic in connection with other embodiments whether or not explicitly described.
  • performing a step “in response to A” does not indicate that the step is performed immediately after “A” occurs and one or more intervening steps may be included.
  • circuitry may refer to one or more or all of the following:
  • circuitry also covers an implementation of merely a hardware circuit or processor (or multiple processors) or portion of a hardware circuit or processor and its (or their) accompanying software and/or firmware.
  • circuitry also covers, for example and if applicable to the particular claim element, a baseband integrated circuit or processor integrated circuit for a mobile device or a similar integrated circuit in server, a cellular network device, or other computing or network device.
  • the term “communication network” refers to a network following any suitable communication standards, such as New Radio (NR) , Long Term Evolution (LTE) , LTE-Advanced (LTE-A) , Wideband Code Division Multiple Access (WCDMA) , High-Speed Packet Access (HSPA) , Narrow Band Internet of Things (NB-IoT) and so on.
  • NR New Radio
  • LTE Long Term Evolution
  • LTE-A LTE-Advanced
  • WCDMA Wideband Code Division Multiple Access
  • HSPA High-Speed Packet Access
  • NB-IoT Narrow Band Internet of Things
  • the communications between a terminal device and a network device in the communication network may be performed according to any suitable generation communication protocols, including, but not limited to, the first generation (1G) , the second generation (2G) , 2.5G, 2.75G, the third generation (3G) , the fourth generation (4G) , 4.5G, the fifth generation (5G) , the sixth generation (6G) communication protocols, and/or any other protocols either currently known or to be developed in the future.
  • Embodiments of the present disclosure may be applied in various communication systems. Given the rapid development in communications, there will of course also be future type communication technologies and systems with which the present disclosure may be embodied. It should not be seen as limiting the scope of the present disclosure to only the aforementioned system.
  • radio access network device or “radio access network node” refers to a device or node implementing an Access Network (AN) function in a wireless communication network via which user equipment accesses a core network and receives services from the core network.
  • AN Access Network
  • radio access network node may include, but be not limited to, a base station (BS) or an access point (AP) , for example, a node B (NodeB or NB) , an evolved NodeB (eNodeB or eNB) , an NR NB (also referred to as a gNB) , an Next Generation Radio Access Network Node (also referred to as an NG-RAN node) , a Remote Radio Unit (RRU) , a radio header (RH) , a remote radio head (RRH) , a relay, an Integrated Access and Backhaul (IAB) node, a low power node such as a femto, a pico, and so forth, depending on the applied terminology and technology.
  • a RAN node for example, a gNB
  • a gNB may include a Centralized Unit (CU) and one or more Distributed Units (DUs) connected to the CU.
  • CU Centralized Unit
  • terminal device refers to any end device that may be capable of wireless communication.
  • a terminal device may also be referred to as a communication device, user equipment (UE) , a Subscriber Station (SS) , a Portable Subscriber Station, a Mobile Station (MS) , or an Access Terminal (AT) .
  • UE user equipment
  • SS Subscriber Station
  • MS Mobile Station
  • AT Access Terminal
  • the terminal device may include, but not limited to, a mobile phone, a cellular phone, a smart phone, voice over IP (VoIP) phones, wireless local loop phones, a tablet, a wearable terminal device, a personal digital assistant (PDA) , portable computers, desktop computer, image capture terminal devices such as digital cameras, gaming terminal devices, music storage and playback appliances, vehicle-mounted wireless terminal devices, wireless endpoints, mobile stations, laptop-embedded equipment (LEE) , laptop-mounted equipment (LME) , USB dongles, smart devices, wireless customer-premises equipment (CPE) , an Internet of Things (IoT) device, a watch or other wearable, a head-mounted display (HMD) , a vehicle, a drone, a medical device and applications (e.g., remote surgery) , an industrial device and applications (e.g., a robot and/or other wireless devices operating in an industrial and/or an automated processing chain contexts) , a consumer electronics device, a device operating on commercial and/
  • core network device refers to any computing device or computing system that includes hardware (e.g., at least one processor and at least one memory) and software implementing one or more network functions of a core network.
  • core network device may include, but be not limited to, an evolved Packet Data Gateway (ePGW) , a trusted wireless local area network (WLAN) access network (TWAN) node, a Home Subscriber Server (HSS) , an Access and Mobility Management Function (AMF) , a Session Management Function (SMF) , a Network Slice Selection Function (NSSF) , an Authentication Server Function (AUSF) , a Serving Gateway (SGW) , a Packet Data Network (PDN) Gateway (PGW) , an Authentication Server Function (AUSF) , a Subscription Identifier De-concealing function (SIDF) , a Unified Data Management (UDM) , a Security Edge Protection Proxy (SEPP)
  • ePGW evolved Packet Data Gateway
  • WLAN trusted
  • a non-terrestrial network (NTN) device is a network device embarked on an airborne or space-borne NTN vehicle.
  • An NTN device can embarked on a Geosynchronous Orbit (GSO) satellite, or a Non-Geosynchronous Orbit (NGSO) satellite, for example, a low earth orbit (LEO) satellite.
  • GSO Geosynchronous Orbit
  • NGSO Non-Geosynchronous Orbit
  • LEO low earth orbit
  • An NTN device may only implement radio access network functionality, or implement both radio access network functionality and core network functionality.
  • the term “satellite” and the “NTN device” have the same meaning.
  • FIG. 1 illustrates an example communication environment 100 in which example embodiments of the present disclosure can be implemented.
  • the communication network 100 may comprise a first apparatus 110 (e.g., an NTN device hosting radio access network device such as a BS, a gNB, or an eNB) and a second apparatus 120 (e.g., a further NTN device hosting radio access radio access network device such as a BS, a gNB, or an eNB) .
  • the first apparatus 110 and/or second apparatus 120 may be hosted in satellites.
  • the communication network 100 may further comprise a third apparatus 130 (e.g., a terminal device such as a UE) , which may communicate with the first apparatus 110 within a coverage of the first apparatus 110, for example, the geographical area of the third apparatus 130 is served by a satellite beam or cell from the first apparatus 110.
  • a third apparatus 130 e.g., a terminal device such as a UE
  • the third apparatus 130 may communicate with the second apparatus 120 within coverage of the second apparatus 120, for example, the geographical area of the third apparatus 130 is served by a satellite beam or cell from the second apparatus 120.
  • the communication network 100 may also comprise a fourth apparatus 140.
  • the fourth apparatus 140 may also be referred to a ground station including at least one core network function/entity in the CN, such as an NTN-GW, a management entity, an AMF, or an AUSF, or an HSS, etc.
  • the terminal device 110 may communicate with the fourth apparatus 140 via the first apparatus 110 or the second apparatus 120.
  • the first apparatus 110 and the second apparatus 120 may also host certain core network functionalities, for example, AMF function, or functionality to authenticate/authorize the terminal device 110.
  • the communication network 100 may refer to an NTN network and the first apparatus 110 and the second apparatus 120 may be implemented in a satellite and moves along with the satellite. More specifically, the satellite is a NGSO satellite.
  • the first apparatus 110 serves a geographical area of the third apparatus 130, but the first apparatus 110 has no connection with the fourth apparatus 140. That is, the UL data of the third apparatus 130 may be buffered at the first apparatus 110.
  • the first apparatus 110 may move out of the geographical area of the third apparatus 130 and have a connection with the fourth apparatus 140. In this case, the first apparatus 110 may forward the buffered UL data of the third apparatus 130 to the fourth apparatus 140.
  • the second apparatus 120 may serve the geographical area of the third apparatus 130, but the second apparatus 120 has no connection with the fourth apparatus 140. That is, the UL data of the third apparatus 130 may be buffered at the second apparatus 120.
  • the second apparatus 120 may move out of the geographical area of the third apparatus 130 and have a connection with the fourth apparatus 140. In this case, the second apparatus 120 may forward the buffered UL data of the third apparatus 130 to the fourth apparatus 140.
  • the second apparatus 120 can connect with the fourth apparatus 140 before it establishes a connection with the third apparatus 130, or after the first apparatus 110 connected with the fourth apparatus 140 (to upload the UE context) .
  • the UL data received from the third apparatus 130 may be first stored in the satellite (e.g., the first apparatus 110 or the second apparatus 120) when it only has a connection with the third apparatus 130, then it may be forwarded to the fourth apparatus 140 when the satellite has a connection with the fourth apparatus 140.
  • the satellite e.g., the first apparatus 110 or the second apparatus 120
  • the communication network 100 may include any suitable number of network devices and terminal devices.
  • first apparatus 110 and the second apparatus 120 operating as a radio access network device or core network device
  • third apparatus 130 operating as a terminal device.
  • operations described in connection with the first apparatus 110 may be implemented at the second apparatus 120, and operations described in connection with the second apparatus 120 may be implemented at the first apparatus 110.
  • a link from the first apparatus 110 or the second apparatus 120 to the third apparatus 130 is referred to as a downlink (DL)
  • a link from the third apparatus 130 to the first apparatus 110 or the second apparatus 120 is referred to as an uplink (UL)
  • the first apparatus 110 or the second apparatus 120 is a transmitting (TX) device (or a transmitter)
  • the third apparatus 130 is a receiving (RX) device (or a receiver)
  • the third apparatus 130 is a TX device (or a transmitter) and the first apparatus 110 or the second apparatus 120 is a RX device (or a receiver) .
  • Communications in the communication environment 100 may be implemented according to any proper communication protocol (s) , comprising, but not limited to, cellular communication protocols of the first generation (1G) , the second generation (2G) , the third generation (3G) , the fourth generation (4G) , the fifth generation (5G) , the sixth generation (6G) , and the like, wireless local network communication protocols such as Institute for Electrical and Electronics Engineers (IEEE) 802.11 and the like, and/or any other protocols currently known or to be developed in the future.
  • s cellular communication protocols of the first generation (1G) , the second generation (2G) , the third generation (3G) , the fourth generation (4G) , the fifth generation (5G) , the sixth generation (6G) , and the like
  • wireless local network communication protocols such as Institute for Electrical and Electronics Engineers (IEEE) 802.11 and the like, and/or any other protocols currently known or to be developed in the future.
  • the communication may utilize any proper wireless communication technology, comprising but not limited to: Code Division Multiple Access (CDMA) , Frequency Division Multiple Access (FDMA) , Time Division Multiple Access (TDMA) , Frequency Division Duplex (FDD) , Time Division Duplex (TDD) , Multiple-Input Multiple-Output (MIMO) , Orthogonal Frequency Division Multiple (OFDM) , Discrete Fourier Transform spread OFDM (DFT-s-OFDM) and/or any other technologies currently known or to be developed in the future.
  • CDMA Code Division Multiple Access
  • FDMA Frequency Division Multiple Access
  • TDMA Time Division Multiple Access
  • FDD Frequency Division Duplex
  • TDD Time Division Duplex
  • MIMO Multiple-Input Multiple-Output
  • OFDM Orthogonal Frequency Division Multiple
  • DFT-s-OFDM Discrete Fourier Transform spread OFDM
  • the NTN device hosts the Access Network (AN) function (e.g., eNB/gNB) and some CN functions (e.g., Mobility Management Entity (MME) /Access and Mobility Management Function (AMF) , authenticate/authorize function) , and other CN network functions (e.g., the HSS, the unified data management (UDM) ) is on the ground station (e.g., the fourth apparatus 140) .
  • MME Mobility Management Entity
  • AMF Access and Mobility Management Function
  • authenticate/authorize function e.g., the HSS, the unified data management (UDM)
  • MME/AMF co-located architecture e.g., MME/AMF co-located architecture.
  • the NTN device e.g., the first apparatus 110 or the second apparatus 120
  • the AN function e.g., NG-eNB/gNB
  • the MME/AMF plus other network functions are on the ground station (e.g., the fourth apparatus 140) .
  • MME/AMF classic architecture This is the so-called MME/AMF classic architecture.
  • CIoT Cellular Internet of Things
  • EPS End-to-End Service
  • 5GS 5G system
  • CP Control Plane
  • UP User Plane
  • the Access Stratum (AS) security is not used.
  • the non-Access Stratum (NAS) security is used to protect the UE data.
  • the BS e.g., eNB
  • the BS just forward the received UL NAS message to the CN node (e.g., MME) , and the CN node may perform the security check.
  • each separate EPS key K ASME has a distinct pair of NAS COUNTs, one NAS COUNT for uplink and one NAS COUNT for downlink, associated with it.
  • the UL (or DL) NAS COUNT is updated after a UL (or DL) NAS transmission.
  • the UL (or DL) NAS COUNT counters may use 24-bit internal representation and are independently maintained by UE and the MME/AMF.
  • the NAS COUNT may be constructed as a NAS sequence number (8 least significant bits) concatenated with a NAS overflow counter (16 most significant bits) .
  • the value of the uplink NAS COUNT is the value that shall be used in the next Mobile Originated (MO) NAS message
  • the value of the downlink NAS COUNT is the largest downlink NAS COUNT used in a successfully integrity checked Mobile Terminated (MT) NAS message.
  • the value of the uplink NAS COUNT is the largest uplink NAS COUNT used in a successfully integrity checked MO NAS message.
  • the value of the downlink NAS COUNT is the value that shall be used in the next MT NAS message.
  • a UE e.g., the third apparatus 130
  • the long interval e.g., 24-hour
  • the UE’s traffic profile e.g., the MO data every 12-hour
  • a satellite e.g., the first apparatus 110 or the second apparatus 120
  • the satellite may visit the geo-area of the NTN-GW and connect with the ground station (e.g., the fourth apparatus 140) .
  • a first satellite may determine a first context at least indicating information with a second satellite for serving a UE.
  • the information may be generated by the first satellite itself or obtained from a CN device on the ground.
  • the first satellite may transmit the first context to the UE and/or the second satellite for communication protection between the UE and the second satellite.
  • the second satellite determine, based on the first context, a security context comprising at least one of a NAS security context or an AS security context, for protecting communication between the second satellite and the UE; and maintain the security context for further communication with the UE, after the UE is disconnected when the second satellite move out of the geographical area of the UE.
  • the UE After the UE obtains the first context, the UE determine, based on the first context, a security context comprising at least one of a NAS security context or an AS security context, for protecting communication between the second satellite and the UE; and maintain a security context and/or key for communication with the first satellite, and another security context and/or key for communication with the second satellite.
  • a security context comprising at least one of a NAS security context or an AS security context
  • FIG. 2 shows a signaling chart 200 for communication according to some example embodiments of the present disclosure.
  • the signaling chart 200 involves the first apparatus 110, the second apparatus 120, the third apparatus 130 and the fourth apparatus 140.
  • FIG. 1 shows the signaling chart 200.
  • the first apparatus 110 may comprise an AN function 211 and a S&F function (SSF) 212.
  • the second apparatus 120 may comprise a AN function 221 and a SSF function 222.
  • the SFF function may be part of the AN function.
  • the fourth apparatus 140 may comprise an NTN-GW 241, a central manager 242 and a GS CN node 243.
  • the SFF 212 on the first apparatus 110 which handles an initial registration of the third apparatus 130 may generate the multiple S&F UE context to be used by other related satellites (e.g., the second apparatus) and the third apparatus 130.
  • the third apparatus 130 may register (205) with the core network (e.g., the GS CN node 243) via the first apparatus 110.
  • the third apparatus 130 and the first apparatus 110 may have at least one common key and a related security context, such as a security context specified in clause 6.3 of 3GPP TS 33.501 V18.3.0 (2023-09) .
  • the security context may comprise for example UL NAS COUNT and DL NAS COUNT, among other information elements.
  • the security context may be established during a normal registration procedure of the third apparatus to the core network.
  • the registration procedure may comprise primary authentication, as specified for example in clause 6.1 of 3GPP TS 33.501 V18.3.0 (2023-09) .
  • the at least one common key may be generated based on the security context, using for example key derivation, such as specified in clause 6.2 of 3GPP TS 33.501 V18.3.0 (2023-09) .
  • the at least one common key may comprise one or more non-access stratum (NAS) keys, and/or one or more access stratums (AS) keys.
  • a NAS key may be a NAS encryption key or a NAS integrity protection key, for example.
  • An AS key may be an AS encryption key or an AS integrity protection key.
  • the security context and/or the at least one common key are used to protect communication between the third apparatus 130 and the first apparatus 110, and hereinafter may also be referred to as a first security context and at least one first key, correspondingly.
  • the third apparatus 130 and the first apparatus 110 may maintain the first security context and/or the at least one first key.
  • the first apparatus 110 for example, the SFF 212 on the first apparatus 110 may determine (210) a S&F UE context (herein after may also be referred to as a first context) indicating information associated with at least one satellite for serving the third apparatus 130.
  • a S&F UE context herein after may also be referred to as a first context
  • the SFF 212 on the first apparatus 110 may determine the related satellites to serve the third apparatus 130, e.g. the first apparatus 110 and the second apparatus 120.
  • the SFF 212 on the first apparatus 110 may generate a S&F UE context. which is to be distributed to the third apparatus 130 and the second apparatus 120 and are further used by the third apparatus 130 and the second apparatus 120 to derive the corresponding keys to protect the communication between the third apparatus 130 and the second apparatus 120.
  • the S&F UE context may be unique per UE and per satellite.
  • the S&F UE context includes the information for at least of the related satellite, e.g., the second apparatus 120.
  • the third apparatus 130 and the second apparatus 120 may use the S&F UE context to derive the related NAS Security context (e.g., a UL NAS COUNT, a DL NAS COUNT, etc) and at least one NAS key (e.g., a NAS integrity key, a NAS encryption key, etc) , which are used to protect the NAS communication between the third apparatus 130 and the second apparatus 120.
  • the related NAS Security context e.g., a UL NAS COUNT, a DL NAS COUNT, etc
  • at least one NAS key e.g., a NAS integrity key, a NAS encryption key, etc
  • the third apparatus 130 and the second apparatus 120 may use the S&F UE context to derive the related AS security context and at least one AS key (e.g., an AS integrity protection key and/or an AS encryption key) , which are used to protect AS communication using Radio Resource Control (RRC) protocol between the third apparatus 130 and the second apparatus 120.
  • RRC Radio Resource Control
  • the S&F UE context may include following information such as an identifier (ID) to identify the second apparatus, an identifier to identify the third apparatus, a key (e.g., Key#2) and a random number, a condition indicating when this S&F UE context is to be activated, a sequence number (SQN) , and/or an ID of the third apparatus.
  • ID an identifier
  • Key#2 an identifier to identify the third apparatus
  • a key e.g., Key#2
  • SQN sequence number
  • the ID to identify the second apparatus may be an ID of a satellite hosting the second apparatus, or an ID of the second apparatus (for example, eNB/gNB) embarked on the satellite, or an ID of the CN node (for example, MME/AMF) embarked on the satellite.
  • an ID of the second apparatus for example, eNB/gNB
  • an ID of the CN node for example, MME/AMF
  • the key (e.g., Key#2) is not sent to the third apparatus 130 because the third apparatus 130 can derive the key based on the common key, the ID of the second apparatus 120, the random number, etc.
  • the condition indicating when this S&F UE context is to be activated may avoid the case that the second apparatus 120 arrives at the location of the third apparatus 130 and starts to communicate with the apparatus 130, before the second apparatus 120 obtains the S&F UE context, for example, from the fourth apparatus 140.
  • the S&F UE context may also include a UL NAS COUNT and a DL NAS COUNT for the case of co-located architecture.
  • the UL NAS COUNT and the DL NAS COUNT may be used when a configuration requires the NAS COUNT used by the third apparatus 130 and the second apparatus 120 start from a non-default value, rather from the default value 0.
  • the default value 0 is used (same as current NAS COUNT starting from 0) .
  • the UL NAS COUNT start value may be set to 0 for the third apparatus 130 communications with the first apparatus 110, and the UL NAS COUNT start value may be set to 7 for the third apparatus 130 communications with the second apparatus 120.
  • the point is third apparatus 130 may maintain a per satellite NAS COUNT value.
  • the S&F UE context may also include a Packet Data Convergence Protocol (PDCP) SN in case of the classic architecture, which may be similar with the NAS COUNT, but for an AS COUNT.
  • PDCP Packet Data Convergence Protocol
  • the first apparatus 110 may provide (215) the third apparatus 130 with the S&F UE context for each satellite other than the first apparatus 110 that the third apparatus 130 can communicate with (e.g., for the second apparatus 120) by using the first security context and at least one first key previously maintained at the first apparatus 110.
  • the third apparatus 130 may determine/derive, based on the S&F UE context, a second security context comprising at least one of a second NAS security context, at least one of a NAS key, a second AS security context, or at least one of an AS key, for protecting communication between the second apparatus 120 and the third apparatus 130 and maintain the determined/derived security context and at least one related key, which may also be referred to as a second security context and at least one second key hereinafter.
  • a second security context comprising at least one of a second NAS security context, at least one of a NAS key, a second AS security context, or at least one of an AS key
  • the information associated with the security context comprising a pair of the ID of the second apparatus and a random value may transmitted to the third apparatus 130 along with the S&F UE context.
  • the third apparatus 130 is able to determine the security context used to protect the communication between the third apparatus 130 and the further satellites (for example, the second apparatus 120) , in addition to the security context used to protect the communication between the third apparatus 130 and the first satellite (i.e., the first apparatus 110) .
  • the third apparatus 130 maintains separate security context for communication with each related satellite. For example, the third apparatus 130 maintains a security context for communication with the first apparatus 110, and another security context for communication with the second apparatus 120.
  • the third apparatus 130 maintains separate security context even after the related satellite stops serving the third apparatus 130, for example, the related satellite moves out of the geographical area of the third apparatus 130, and the third apparatus 130 is disconnected from the related satellite.
  • the maintained security context can be used later by the third apparatus 130 to protect the further communication with the related satellite, for example, when the related satellite re-enters the geographical area of the third apparatus 130 and starts to serve the third apparatus 130.
  • the key (e.g., Key#2) is not sent to the third apparatus 130 because the third apparatus 130 can derive the key based on the common key, the ID of the second apparatus 120 and the random number, etc.
  • the third apparatus 130 maintains separate key for communication with each related satellite. For example, the third apparatus 130 maintains a key for communication with the first apparatus 110, and another key for communication with the second apparatus 120.
  • the third apparatus 130 maintains separate security key even after the related satellite stops serving the third apparatus 130, for example, the related satellite moves out of the geographical area of the third apparatus 130, and the third apparatus 130 is disconnected from the related satellite.
  • the maintained key can be used later by the third apparatus 130 to protect the further communication with the related satellite, for example, when the related satellite re-enters the geographical area of the third apparatus 130 and starts to serve the third apparatus 130.
  • the first apparatus 110 may upload (220) the derived S&F UE context for each related satellite (e.g., for the second apparatus 120) to the fourth apparatus 140, for example, to the central manager 242.
  • the second apparatus 120 may obtain (225) the S&F UE context for the second apparatus 120 from the fourth apparatus 140, for example, from the central manager 242.
  • the SFF 222 on the second apparatus 120 may use the received S&F UE context to derive the related NAS (or AS) keys which are to be used to protect the NAS (or AS) communication between the second apparatus 120 and the third apparatus 130.
  • the second apparatus 120 maintains the S&F UE context and the related NAS (or AS) keys or the security context for further communication with the third apparatus 130.
  • the second apparatus 120 maintains the security context for the third apparatus 130 even after the second apparatus 120 stops serving the third apparatus 130, for example, the second apparatus 120 or the related satellite moves out of the geographical area of the third apparatus 130, and the third apparatus 130 is disconnected from the second apparatus 120.
  • the maintained security context can be used later by the second apparatus 120 to protect the further communication with the third apparatus 130, for example, when the second apparatus 120 or the related satellite re-enters the geographical area of the third apparatus 130 and starts to serve the third apparatus 130.
  • the second apparatus 120 may generate a random number and use this random number and the received S&F UE context to derive the NAS (or AS) keys.
  • the third apparatus 130 may know the second apparatus 120 and use the NAS (or AS) security context related to the second apparatus 120, e.g., NAS COUNT start value is 7, to protect the MO NAS.
  • third apparatus 130 may send (230) 3 MO NAS with UL NAS COUNT, e.g., 7, 8 and 9 to the second apparatus 120.
  • the second apparatus 120 may use the stored NAS security context related to the third apparatus 130, e.g., an NAS key, UL NAS COUNT start value is 7, to check (235) the integrity of the received NAS and decrypt it.
  • the security context is updated in both the second apparatus 120 and the third apparatus 130.
  • the updated security context is related to the communication with the second apparatus 120, and it does not affect the stored other security context related to the communication with other satellite (e.g., the first apparatus 110) .
  • the second apparatus 120 it maintains the updated security context for further communication with the third apparatus 130.
  • the second apparatus 120 maintains the security context for the third apparatus 130, even after the third apparatus 130 is disconnected, for example, when the satellite (i.e., the second apparatus 120) move out and stops serving the third apparatus 130, or after third apparatus 130 setup communication with other satellite (e.g., the first apparatus 110) .
  • the second apparatus 120 maintains the stored S&F UE context and the related NAS (or AS) keys for the third apparatus 130, until the third apparatus 130 will not connect with second apparatus 120 anymore, for example, the third apparatus 130 is de-registered or detached or a timer expired.
  • the second apparatus 120 may forward (240) the MO data to the fourth apparatus 140.
  • the third apparatus 130 may know the first apparatus 110 based on the received S&F UE context. Then the third apparatus 130 may use the received S&F UE context received to derive the NAS (or AS) security context and use the NAS security context related to first apparatus 110, e.g., an NAS key, NAS COUNT start value 0, to protect the MO NAS. As an example, the third apparatus 130 may send (245) 1 MO NAS with UL NAS COUNT 0 to the first apparatus 110.
  • the first apparatus 110 may use the NAS security context related to the third apparatus 130 to check (250) the integrity of the received NAS and decrypt it.
  • the security context is updated in both the first apparatus 110 and the third apparatus 130.
  • the updated security context is related to the communication with the first apparatus 110, and it does not affect the stored other security context related to the communication with other satellite (e.g., the second apparatus 120) .
  • the first apparatus 110 it maintains the updated security context for further communication with the third apparatus 130.
  • the first apparatus 110 maintains the security context for the third apparatus 130, even after the UE is disconnected, for example, when the satellite (i.e., the first apparatus 110) move out the geographical area of the third apparatus 130 and stops serving the third apparatus 130, or after third apparatus 130 setup communication with other satellite (e.g., the second apparatus 120) .
  • the first apparatus 110 maintains the stored S&F UE context and the related NAS (or AS) keys for the third apparatus 130, until the third apparatus 130 will not connect with first apparatus 110 anymore, for example, the third apparatus 130 is de-registered or detached or a timer expired.
  • the first apparatus 110 may forward (255) the MO data to the fourth apparatus 140.
  • the process as described with FIG. 2 explains the case where the first apparatus 110 generates a S&F UE context by itself. It is also possible that the S&F UE context may be generated at the fourth apparatus 140, e.g., the ground station (for example, a CN device on the ground) , which will be described with reference to FIG. 3 as below.
  • the ground station for example, a CN device on the ground
  • FIG. 3 shows a signaling chart 300 for communication according to some example embodiments of the present disclosure.
  • the signaling chart 300 involves the first apparatus 110, the second apparatus 120, the third apparatus 130 and the fourth apparatus 140.
  • FIG. 1 shows the signaling chart 300.
  • the first apparatus 110 may comprise an AN function 311 and a SSF 312.
  • the second apparatus 120 may comprise an AN function 321 and a SFF 322.
  • the SFF function may be part of the AN function.
  • the fourth apparatus 140 may comprise an NTN-GW 341, a central manager 342 and a GS CN node 343.
  • An SFF 344 may be located at the central manager 342.
  • the SFF 312 on the first apparatus 110 which handles an initial registration of the third apparatus 130 may generate the multiple S&F UE context to be used by other related satellites (e.g., the second apparatus) and the third apparatus 130.
  • the fourth apparatus 140 may generate (310) the S&F UE context for at least one satellite that will serve the third apparatus 130.
  • the SFF 344 on the central manager 342 may determine the related satellites to serve the third apparatus 130, e.g. the first apparatus 110 and the second apparatus 120.
  • the fourth apparatus 140 may generate the S&F UE context (hereinafter may also be referred to as a second context) for each related satellite except the first apparatus 110.
  • the S&F UE context (i.e., the second context) generated by the fourth apparatus 140 may have similar content as that in the S&F UE context (i.e., the first context) generated by the first apparatus 110.
  • the content in the S&F UE context (i.e., the first context) generated by the first apparatus 110 has been described with reference to FIG. 2, which is omitted here.
  • the fourth apparatus 140 may send (315) the generated S&F UE context to the first apparatus 110, for example, the SFF 312, except the key.
  • the first apparatus 110 may forward (320) the S&F UE context, e.g., to be used for communication with the second apparatus 120, to the third apparatus 130.
  • the second apparatus 120 may obtain (325) the S&F UE context for the second apparatus 120 from the fourth apparatus 140, for example, from the central manager 342.
  • third apparatus 130 may know it is communicating with the second apparatus 120 and use the NAS (or AS) security context related to the second apparatus 120 to protect the MO NAS.
  • third apparatus 130 may send (330) an MO NAS with UL NAS COUNT, e.g., 7, to the second apparatus 120.
  • the second apparatus 120 may use the stored NAS security context related to the third apparatus 130, e.g., an NAS key, UL NAS COUNT start value is 7, to check (335) the integrity of the received NAS and decrypt it.
  • the stored NAS security context related to the third apparatus 130 e.g., an NAS key, UL NAS COUNT start value is 7, to check (335) the integrity of the received NAS and decrypt it.
  • the second apparatus 120 may forward (340) the MO data to the fourth apparatus 140.
  • the third apparatus 130 may know it is communicating with the first apparatus 110.
  • the third apparatus 130 may use the previously received S&F UE context received to derive the NAS (or AS) security context and use the NAS security context related to first apparatus 110, e.g., an NAS key, NAS COUNT start value 0, to protect the MO NAS.
  • the third apparatus 130 may send (345) 1 MO NAS with UL NAS COUNT 7 to the first apparatus 110.
  • the first apparatus 110 may use the NAS security context related to the third apparatus 130 to check (350) the integrity of the received NAS and decrypt it.
  • the first apparatus 110 may forward (355) the MO data to the fourth apparatus 140.
  • FIG. 4 shows a signaling chart 400 for communication according to some example embodiments of the present disclosure.
  • the signaling chart 400 involves the first apparatus 110, the second apparatus 120, the third apparatus 130 and the fourth apparatus 140.
  • FIG. 1 shows the signaling chart 400.
  • the first apparatus 110 may comprise a gNB 411 and an AMF 412.
  • the second apparatus 120 may comprise a gNB 421 and an AMF 422.
  • the fourth apparatus 140 may comprise an NTN-GW 241, a central manager 242 and a GS CN node 243.
  • the third apparatus 130 may register (405) to the fourth apparatus 140.
  • the AMF 412 at the first apparatus 110 may generate (410) the S&F UE context (i.e., the first context) .
  • the S&F UE context may also comprise information associated with the security context comprises a pair of an identifier of the related satellite (e.g., an ID of the second apparatus 120) and a random value.
  • the AMF 412 at the first apparatus 110 may provide (415) the generate S&F UE context to the third apparatus 130 and provide (420) information associated with the security context to the third apparatus 130 through an NAS secure message.
  • the first apparatus 110 may upload (425) the derived S&F UE context for each related satellite (e.g., for the second apparatus 120) (e.g., K AMF ) along with the pair of an identifier of the related satellite (e.g., an ID of the second apparatus 120) and a random value to the fourth apparatus 140.
  • the related satellite e.g., for the second apparatus 120
  • K AMF e.g., K AMF
  • the second apparatus 120 may obtain (430) the S&F UE context for the second apparatus 120 from the fourth apparatus 140.
  • the obtained S&F UE context for the second apparatus 120 may comprise a NAS key generated by the fourth apparatus 140, e.g., by the central manager 442 based on the pair of an identifier of the second apparatus 120 and a random value.
  • the obtained S&F UE context for the second apparatus 120 comprises the K AMF and the random value.
  • the second apparatus 120 generate the NAS key based on the received K AMF and the random value.
  • the third apparatus 130 may know that it is connected to the first apparatus 110 (e.g., the first apparatus 110 may broadcast its ID to the third apparatus 130) , so the third apparatus 130 may use the NAS (or AS) security context related to the first apparatus 110, e.g., a UL NAS COUNT, to protect the communication between the third apparatus 130 and the first apparatus 110, for example, to protect the MO NAS, and send (435) the protected NAS packet to the first apparatus 110.
  • the NAS or AS
  • the third apparatus 130 may use the NAS (or AS) security context related to the first apparatus 110, e.g., a UL NAS COUNT, to protect the communication between the third apparatus 130 and the first apparatus 110, for example, to protect the MO NAS, and send (435) the protected NAS packet to the first apparatus 110.
  • the first apparatus 110 may use the stored NAS security context related to the third apparatus 130 to check (440) the integrity of the received NAS and decrypt it. After that, when the first apparatus 110 have connection with the fourth apparatus 140, the first apparatus 110 may forward (445) the MO data to the fourth apparatus 140.
  • the third apparatus 130 may know that it is connected to the second apparatus 120 (e.g., the second apparatus 120 may broadcast its ID to the third apparatus 130) , so the third apparatus 130 may use the NAS (or AS) security context, the random value and generate K AMF ' related to the second apparatus 120. Then the third apparatus 130 may generate NAS and/or AS key (s) and use it to protect the communication between the third apparatus 130 and the second apparatus 120, for example, to protect the MO NAS, and send (450) the protected NAS packet to the second apparatus 120, e.g., to the AMF 422.
  • the third apparatus 130 may know that it is connected to the second apparatus 120 (e.g., the second apparatus 120 may broadcast its ID to the third apparatus 130) , so the third apparatus 130 may use the NAS (or AS) security context, the random value and generate K AMF ' related to the second apparatus 120. Then the third apparatus 130 may generate NAS and/or AS key (s) and use it to protect the communication between the third apparatus 130 and the second apparatus 120,
  • the second apparatus 120 or the AMF 422 may use the stored NAS security context related to the third apparatus 130 to generate (455) the K AMF ' and NAS keys and decrypt the NAS packet.
  • the second apparatus 120 may forward (460) the NAS packet to the fourth apparatus 140.
  • K AMF ' K AMF ' from K AMF during mobility for satellite use case may use the following input parameters:
  • the input key may be K AMF available in the Unstructured Data Storage Network Function (UDSF) .
  • UDSF Unstructured Data Storage Network Function
  • “DIRECTION” shall be 0x00 and RAND may be the value received from UDSF.
  • the third apparatus 130 and the second apparatus 120 may use the S&F UE context to derive the NAS security context and AS security context.
  • the third apparatus 130 and the second apparatus 120 may use the S&F UE context to derive the AS security context.
  • the UE may maintain different AS or NAS security context (e.g., NAS key, NAS COUNT) for each related satellite, and each related satellite maintains its own AS or NAS security context for the UE.
  • AS or NAS security context e.g., NAS key, NAS COUNT
  • all related satellites do not need to synchronize the UE context (e.g., using a single NAS key, or a single NAS COUNT) , which is impossible in some S&F deployment.
  • FIG. 5 shows a flowchart of an example method 500 implemented at a first apparatus in accordance with some example embodiments of the present disclosure. For the purpose of discussion, the method 500 will be described from the perspective of the first apparatus 110 in FIG. 1.
  • the first apparatus determines a first context at least indicating information associated with a second apparatus for serving a third apparatus.
  • the first apparatus transmits the first context to at least one of the third apparatus or the second apparatus for communication protection between the third apparatus and the second apparatus.
  • the method 500 further comprises: obtaining a first security context and/or at least one first key for protecting communication between the first apparatus and the third apparatus, the first security context comprising at least one of a first non-access stratum, NAS, security context or a first access stratum, AS, security context; and maintaining the first security context and/or the at least one first key for protecting communication with the third apparatus; wherein the transmitting the first context to the third apparatus comprises using the first security context and/or the at least one first key for protecting communication between the third apparatus and the first apparatus.
  • the obtaining the first security context and/or the at least one first key comprises performing primary authentication with the third apparatus; and the obtaining the at least one first key comprises determining the at least one first key based on the first security context.
  • the determining the at least one first key based on the first security context comprises performing key derivation based on the first security context.
  • the at least one first key comprises at least one of: one or more first NAS keys related to NAS security; or one or more first AS keys related to AS security.
  • the first context comprises at least one of the following: an identifier of the second apparatus, an identifier of the third apparatus, information associated with a second NAS security context, information associated with a second AS security context; a condition indicating when the first context is to be activated, a sequence number, an uplink non-access stratum, NAS, count and a downlink NAS count, or a packet data convergence protocol sequence number.
  • the method 500 further comprises: determine the first context based on at least one of: a traffic profile of the third apparatus; a trajectory information of the second apparatus; an ephemeris information of the second apparatus; or a second context received from a fourth apparatus.
  • the method 500 further comprises: transmitting, to the second apparatus via a fourth apparatus, the first context along with the information associated with the second NAS security context and/or the second AS security context, comprising at least one of: a random value, or a second NAS key related to NAS security, or a second AS key related to AS security for the communication protection between the third apparatus and the second apparatus.
  • the method 500 further comprises: transmitting the third apparatus by using the first security context and/or the at least one first key for protecting communication between the third apparatus and the first apparatus the first context along with the information associated with the second NAS security context and/or the second AS security context, comprising a pair of an identifier of the second apparatus and a random value.
  • the method 500 further comprises: transmitting from an AMF at the first apparatus to the third apparatus, the first context along with the information associated with the second NAS security context or the second AS security context comprising a pair of an identifier of the second apparatus and a random value.
  • the fourth apparatus comprises or is comprised in one of a radio access network device or a core network device.
  • the first apparatus comprises or is comprised in one of a radio access network device or a core network device
  • the second apparatus comprises or is comprised in a radio access network device
  • the third apparatus comprises or is comprised in a terminal device.
  • FIG. 6 shows a flowchart of an example method 600 implemented at a second apparatus in accordance with some example embodiments of the present disclosure. For the purpose of discussion, the method 600 will be described from the perspective of the second apparatus 120 in FIG. 1.
  • the second apparatus 120 receives a first context, from a first apparatus or a fourth apparatus, at least indicating information associated with the second apparatus for serving a third apparatus.
  • the second apparatus 120 determines, based on the first context, a second security context and/or at least one second key, the second security context comprising at least one of a second non-access stratum, NAS, security context or a second access stratum, AS, security context, for protecting communication between the second apparatus and the third apparatus.
  • the second apparatus 120 maintains the second security context for further communication with the third apparatus, after the third apparatus is disconnected.
  • the determining the at least one second key comprises determining the at least one second key based on the second security context.
  • the determining the at least one second key based on the second security context comprises performing key derivation based on the second security context.
  • the at least one second key comprises at least one of: one or more second NAS keys related to NAS security; or one or more second AS keys related to AS security.
  • the first context comprises at least one of the following: an identifier of the second apparatus, an identifier of the third apparatus, information associated with a second NAS security context, information associated with a second AS security context; a condition indicating when the first context is to be activated, a sequence number, an uplink non-access stratum, NAS, counting and a downlink NAS count, or a packet data convergence protocol sequence number.
  • the method 600 further comprises: receiving the first context from the fourth apparatus, wherein the information associated with the second security context comprises at least one of: a random value, or a second NAS key or a second AS key for the communication protection between the third apparatus and the second apparatus.
  • the method 600 further comprises: receiving the first context from an access and mobility management function at the first apparatus, wherein the information associated with the second security context comprise a pair of an identifier of the second apparatus and a random value.
  • the method 600 further comprises: determining, at least based on the information associated with the second security context, a second key for the communication protection between the third apparatus and the second apparatus, wherein the second key comprises a second NAS key related to NAS security or a second AS key related to AS security; performing a security check of the third apparatus during a connection establishment between the third apparatus and the second apparatus at least based on the second key; and in response to a success of the security check, establishing a connection between the third apparatus and the second apparatus.
  • the first apparatus comprises or is comprised in one of a radio access network device or a core network device
  • the second apparatus comprises or is comprised in a radio access network device
  • the third apparatus comprises or is comprised in a terminal device
  • the fourth apparatus comprises or is comprised in one of a radio access network device or a core network device.
  • FIG. 7 shows a flowchart of an example method 700 implemented at a third apparatus in accordance with some example embodiments of the present disclosure. For the purpose of discussion, the method 700 will be described from the perspective of the third apparatus 130 in FIG. 1.
  • the third apparatus 130 obtains a first security context and/or at least one first key for protecting communication between the third apparatus and the first apparatus, comprising at least one of a first NAS security context or a first AS security context.
  • the third apparatus 130 also determines at least one of a first NAS key or a first AS key.
  • the third apparatus 130 maintains the first security context and/or the at least one first key for protecting communication with the first apparatus.
  • the third apparatus 130 receives a first context, from a first apparatus by using the first security context and/or the at least one first key for protecting communication between the third apparatus and the first apparatus, at least indicating information associated with a second apparatus for serving the third apparatus.
  • the third apparatus 130 determines, based on the first context, a second security context and/or at least one second key comprising at least one of a second NAS security context or a second AS security context, and/or at least one of a second NAS key or a second AS key, for protecting communication between the second apparatus and the third apparatus.
  • the third apparatus 130 maintains the second security context and/or the at least one second key for communication with the second apparatus.
  • the obtaining the first security context comprises performing primary authentication with the first apparatus; the obtaining the at least one first key comprises determining the at least one first key based on the first security context; and the obtaining the at least one second key comprises determining the at least one second key based on the second security context.
  • the determining the at least one first key based on the first security context comprises performing key derivation based on the first security context; and wherein the determining the at least one second key based on the second security context comprises performing key derivation based on the second security context.
  • the at least one first key comprises at least one of: one or more first NAS keys related to NAS security; or one or more first AS keys related to AS security; and wherein the at least one second key comprises at least one of: one or more second NAS keys related to NAS security; or one or more second AS keys related to AS security.
  • the method 700 further comprises: in response to the determining the second security context and/or the at least one second key, maintaining both of: the first security context and/or the at least one first key, for protecting communication with the first apparatus; and the second security context and/or the at least one second key, for protecting communication with the second apparatus.
  • the first context comprises at least one of the following: an identifier of the second apparatus, an identifier of the third apparatus, information associated with a second NAS security context, information associated with a second AS security context; a condition indicating when the first context is to be activated, a sequence number, an uplink non-access stratum, NAS, counting and a downlink NAS count, or a packet data convergence protocol sequence number.
  • the method 700 further comprises: obtaining the first context from the first apparatus, wherein the information associated with the security context comprises a random value.
  • the method 700 further comprises: obtaining the first context from the first apparatus, wherein the information associated with the security context comprise a pair of an identifier of the second apparatus and a random value.
  • the method 700 further comprises: determining, at least based on the information associated with the security context, a key related to the NAS security or the AS security for the communication protection between the third apparatus and the second apparatus; and using the key for a security check during a connection establishment between the third apparatus and the second apparatus.
  • the first apparatus comprises or is comprised in one of a radio access network device or a core network device
  • the second apparatus comprises or is comprised in a radio access network device
  • the third apparatus comprises or is comprised in a terminal device.
  • a first apparatus capable of performing any of the method 500 may comprise means for performing the respective operations of the method 500.
  • the means may be implemented in any suitable form.
  • the means may be implemented in a circuitry or software module.
  • the first apparatus may be implemented as or included in the first apparatus 110 in FIG. 1.
  • the first apparatus comprises means for obtaining a first context at least indicating information associated with a second apparatus for serving a third apparatus; and means for transmitting the first context to at least one of the third apparatus or the second apparatus for communication protection between the third apparatus and the second apparatus.
  • the first apparatus further comprises: means for obtaining a first security context and/or at least one first key for protecting communication between the first apparatus and the third apparatus, the first security context comprising at least one of a first non-access stratum, NAS, security context or a first access stratum, AS, security context; and means for maintaining the first security context and/or the at least one first key for protecting communication with the third apparatus; wherein means for transmitting the first context to the third apparatus comprises means for using the first security context and/or the at least one first key for protecting communication between the third apparatus and the first apparatus.
  • the obtaining the first security context and/or the at least one first key comprises performing primary authentication with the third apparatus; and the obtaining the at least one first key comprises determining the at least one first key based on the first security context.
  • the determining the at least one first key based on the first security context comprises performing key derivation based on the first security context.
  • the at least one first key comprises at least one of: one or more first NAS keys related to NAS security; or one or more first AS keys related to AS security.
  • the first context comprises at least one of the following: an identifier of the second apparatus, an identifier of the third apparatus, information associated with a second NAS security context, information associated with a second AS security context; a condition indicating when the first context is to be activated, a sequence number, means for an uplink non-access stratum, NAS, counting and a downlink NAS count, or a packet data convergence protocol sequence number.
  • the first apparatus further comprises: means for determining the first context based on at least one of: a traffic profile of the third apparatus; a trajectory information of the second apparatus; an ephemeris information of the second apparatus; or a second context received from a fourth apparatus.
  • the first apparatus further comprises: means for transmitting, to the second apparatus via a fourth apparatus, the first context along with the information associated with the second NAS security context and/or the second AS security context, comprising at least one of: a random value, or a second NAS key related to NAS security, or a second AS key related to AS security for the communication protection between the third apparatus and the second apparatus.
  • the first apparatus further comprises: means for transmitting the third apparatus by using the first security context and/or the at least one first key for protecting communication between the third apparatus and the first apparatus the first context along with the information associated with the second NAS security context and/or the second AS security context, comprising a pair of an identifier of the second apparatus and a random value.
  • the first apparatus further comprises: means for transmitting from an AMF at the first apparatus to the third apparatus, the first context along with the information associated with the second NAS security context or the second AS security context comprising a pair of an identifier of the second apparatus and a random value.
  • the fourth apparatus comprises or is comprised in one of a radio access network device or a core network device.
  • the first apparatus comprises or is comprised in one of a radio access network device or a core network device
  • the second apparatus comprises or is comprised in a radio access network device
  • the third apparatus comprises or is comprised in a terminal device.
  • the first apparatus further comprises means for performing other operations in some example embodiments of the method 500 or the first apparatus 110.
  • the means comprises at least one processor; and at least one memory storing instructions that, when executed by the at least one processor, cause the performance of the first apparatus.
  • a second apparatus capable of performing any of the method 600 may comprise means for performing the respective operations of the method 600.
  • the means may be implemented in any suitable form.
  • the means may be implemented in a circuitry or software module.
  • the second apparatus may be implemented as or included in the second apparatus 120 in FIG. 1.
  • the second apparatus comprises means for receiving a first context, from a first apparatus or a fourth apparatus, at least indicating information associated with the second apparatus for serving a third apparatus; means for determining, based on the first context, a second security context and/or at least one second key, the second security context comprising at least one of a second non-access stratum, NAS, security context or a second access stratum, AS, security context, for protecting communication between the second apparatus and the third apparatus; and means for maintaining the second security context for further communication with the third apparatus, after the third apparatus is disconnected.
  • means for determining the at least one second key comprises means for determining the at least one second key based on the second security context.
  • means for determining the at least one second key based on the second security context comprises means for performing key derivation based on the second security context.
  • the at least one second key comprises at least one of: one or more second NAS keys related to NAS security; or one or more second AS keys related to AS security.
  • the first context comprises at least one of the following: an identifier of the second apparatus, an identifier of the third apparatus, information associated with a second NAS security context, information associated with a second AS security context; a condition indicating when the first context is to be activated, a sequence number, means for an uplink non-access stratum, NAS, counting and a downlink NAS count, or a packet data convergence protocol sequence number.
  • the second apparatus further comprises: means for receiving the first context from the fourth apparatus, wherein the information associated with the second security context comprises at least one of: a random value, or a second NAS key or a second AS key for the communication protection between the third apparatus and the second apparatus.
  • the second apparatus further comprises: means for receiving the first context from an access and mobility management function at the first apparatus, wherein the information associated with the second security context comprise a pair of an identifier of the second apparatus and a random value.
  • the second apparatus further comprises: means for determining, at least based on the information associated with the second security context, a second key for the communication protection between the third apparatus and the second apparatus, wherein the second key comprises a second NAS key related to NAS security or a second AS key related to AS security; means for performing a security check of the third apparatus during a connection establishment between the third apparatus and the second apparatus at least based on the second key; and means for in response to a success of the security check, establishing a connection between the third apparatus and the second apparatus.
  • the first apparatus comprises or is comprised in one of a radio access network device or a core network device
  • the second apparatus comprises or is comprised in a radio access network device
  • the third apparatus comprises or is comprised in a terminal device
  • the fourth apparatus comprises or is comprised in one of a radio access network device or a core network device.
  • the second apparatus further comprises means for performing other operations in some example embodiments of the method 600 or the second apparatus 120.
  • the means comprises at least one processor; and at least one memory storing instructions that, when executed by the at least one processor, cause the performance of the second apparatus.
  • a third apparatus capable of performing any of the method 700 may comprise means for performing the respective operations of the method 700.
  • the means may be implemented in any suitable form.
  • the means may be implemented in a circuitry or software module.
  • the third apparatus may be implemented as or included in the third apparatus 130 in FIG. 1.
  • the third apparatus comprises means for obtaining a first security context and/or at least one first key for protecting communication between the third apparatus and the first apparatus, comprising at least one of a first NAS security context or a first AS security context; means for maintaining the first security context and/or the at least one first key for protecting communication with the first apparatus; means for receiving a first context, from a first apparatus by using the first security context and/or the at least one first key for protecting communication between the third apparatus and the first apparatus, at least indicating information associated with a second apparatus for serving the third apparatus; means for determining, based on the first context, a second security context and/or at least one second key for protecting communication between the second apparatus and the third apparatus, the second security context comprising at least one of a second NAS security context or a second AS security context; and means for maintaining the second security context and/or the at least one second key for communication with the second apparatus.
  • means for obtaining the first security context comprises means for performing primary authentication with the first apparatus; means for obtaining the at least one first key comprises means for determining the at least one first key based on the first security context; and means for obtaining the at least one second key comprises means for determining the at least one second key based on the second security context.
  • means for determining the at least one first key based on the first security context comprises means for performing key derivation based on the first security context; and wherein means for determining the at least one second key based on the second security context comprises means for performing key derivation based on the second security context.
  • the at least one first key comprises at least one of: one or more first NAS keys related to NAS security; or one or more first AS keys related to AS security; and wherein the at least one second key comprises at least one of: one or more second NAS keys related to NAS security; or one or more second AS keys related to AS security.
  • the third apparatus further comprises: means for, in response to the determining the second security context, maintaining both of: the first security context and/or the at least one first key, for protecting communication with the first apparatus; and the second security context and/or the at least one second key, for protecting communication with the second apparatus.
  • the first context comprises at least one of the following: an identifier of the second apparatus, an identifier of the third apparatus, information associated with a second NAS security context, information associated with a second AS security context; a condition indicating when the first context is to be activated, a sequence number, means for an uplink non-access stratum, NAS, counting and a downlink NAS count, or a packet data convergence protocol sequence number.
  • the third apparatus further comprises: means for obtaining the first context from the first apparatus, wherein the information associated with the security context comprises a random value.
  • the third apparatus further comprises: means for obtaining the first context from the first apparatus, wherein the information associated with the security context comprise a pair of an identifier of the second apparatus and a random value.
  • the third apparatus further comprises: means for determining, at least based on the information associated with the security context, a key related to the NAS security or the AS security for the communication protection between the third apparatus and the second apparatus; and using the key for a security check during a connection establishment between the third apparatus and the second apparatus.
  • the first apparatus comprises or is comprised in one of a radio access network device or a core network device
  • the second apparatus comprises or is comprised in a radio access network device
  • the third apparatus comprises or is comprised in a terminal device.
  • the third apparatus further comprises means for performing other operations in some example embodiments of the method 700 or the third apparatus 130.
  • the means comprises at least one processor; and at least one memory storing instructions that, when executed by the at least one processor, cause the performance of the third apparatus.
  • FIG. 8 is a simplified block diagram of a device 800 that is suitable for implementing example embodiments of the present disclosure.
  • the device 800 may be provided to implement a communication device, for example, the first apparatus 110, the second apparatus 120 or the third apparatus 130 as shown in FIG. 1.
  • the device 800 includes one or more processors 810, one or more memories 820 coupled to the processor 810, and one or more communication modules 840 coupled to the processor 810.
  • the communication module 840 is for bidirectional communications.
  • the communication module 840 has one or more communication interfaces to facilitate communication with one or more other modules or devices.
  • the communication interfaces may represent any interface that is necessary for communication with other network elements.
  • the communication module 840 may include at least one antenna.
  • the processor 810 may be of any type suitable to the local technical network and may include one or more of the following: general purpose computers, special purpose computers, microprocessors, digital signal processors (DSPs) and processors based on multicore processor architecture, as non-limiting examples.
  • the device 800 may have multiple processors, such as an application specific integrated circuit chip that is slaved in time to a clock which synchronizes the main processor.
  • the memory 820 may include one or more non-volatile memories and one or more volatile memories.
  • the non-volatile memories include, but are not limited to, a Read Only Memory (ROM) 824, an electrically programmable read only memory (EPROM) , a flash memory, a hard disk, a compact disc (CD) , a digital video disk (DVD) , an optical disk, a laser disk, and other magnetic storage and/or optical storage.
  • ROM Read Only Memory
  • EPROM electrically programmable read only memory
  • flash memory a hard disk
  • CD compact disc
  • DVD digital video disk
  • optical disk a laser disk
  • RAM random access memory
  • a computer program 830 includes computer executable instructions that are executed by the associated processor 810.
  • the instructions of the program 830 may include instructions for performing operations/acts of some example embodiments of the present disclosure.
  • the program 830 may be stored in the memory, e.g., the ROM 824.
  • the processor 810 may perform any suitable actions and processing by loading the program 830 into the RAM 822.
  • the example embodiments of the present disclosure may be implemented by means of the program 830 so that the device 800 may perform any process of the disclosure as discussed with reference to FIG. 2 to FIG. 7.
  • the example embodiments of the present disclosure may also be implemented by hardware or by a combination of software and hardware.
  • the program 830 may be tangibly contained in a computer readable medium which may be included in the device 800 (such as in the memory 820) or other storage devices that are accessible by the device 800.
  • the device 800 may load the program 830 from the computer readable medium to the RAM 822 for execution.
  • the computer readable medium may include any types of non-transitory storage medium, such as ROM, EPROM, a flash memory, a hard disk, CD, DVD, and the like.
  • the term “non-transitory, ” as used herein, is a limitation of the medium itself (i.e., tangible, not a signal) as opposed to a limitation on data storage persistency (e.g., RAM vs. ROM) .
  • FIG. 9 shows an example of the computer readable medium 900 which may be in form of CD, DVD or other optical storage disk.
  • the computer readable medium 900 has the program 830 stored thereon.
  • various embodiments of the present disclosure may be implemented in hardware or special purpose circuits, software, logic or any combination thereof. Some aspects may be implemented in hardware, and other aspects may be implemented in firmware or software which may be executed by a controller, microprocessor or other computing device. Although various aspects of embodiments of the present disclosure are illustrated and described as block diagrams, flowcharts, or using some other pictorial representations, it is to be understood that the block, apparatus, system, technique or method described herein may be implemented in, as non-limiting examples, hardware, software, firmware, special purpose circuits or logic, general purpose hardware or controller or other computing devices, or some combination thereof.
  • Some example embodiments of the present disclosure also provide at least one computer program product tangibly stored on a computer readable medium, such as a non-transitory computer readable medium.
  • the computer program product includes computer-executable instructions, such as those included in program modules, being executed in a device on a target physical or virtual processor, to carry out any of the methods as described above.
  • program modules include routines, programs, libraries, objects, classes, components, data structures, or the like that perform particular tasks or implement particular abstract data types.
  • the functionality of the program modules may be combined or split between program modules as desired in various embodiments.
  • Machine-executable instructions for program modules may be executed within a local or distributed device. In a distributed device, program modules may be located in both local and remote storage media.
  • Program code for carrying out methods of the present disclosure may be written in any combination of one or more programming languages.
  • the program code may be provided to a processor or controller of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the program code, when executed by the processor or controller, cause the functions/operations specified in the flowcharts and/or block diagrams to be implemented.
  • the program code may execute entirely on a machine, partly on the machine, as a stand-alone software package, partly on the machine and partly on a remote machine or entirely on the remote machine or server.
  • the computer program code or related data may be carried by any suitable carrier to enable the device, apparatus or processor to perform various processes and operations as described above.
  • Examples of the carrier include a signal, computer readable medium, and the like.
  • the computer readable medium may be a computer readable signal medium or a computer readable storage medium.
  • a computer readable medium may include but not limited to an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of the computer readable storage medium would include an electrical connection having one or more wires, a portable computer diskette, a hard disk, a random access memory (RAM) , a read-only memory (ROM) , an erasable programmable read-only memory (EPROM or Flash memory) , an optical fiber, a portable compact disc read-only memory (CD-ROM) , an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Des modes de réalisation donnés à titre d'exemple de la présente divulgation concernent des procédés, des dispositifs, des appareils et un support de stockage lisible par ordinateur pour la communication sécurisée dans un système d'enregistrement et retransmission (S&F) de réseau non terrestre (NTN). Le procédé consiste à : déterminer un premier contexte indiquant au moins des informations associées à un deuxième appareil pour desservir un troisième appareil ; et transmettre le premier contexte au troisième appareil et/ou au deuxième appareil pour une protection de communication entre le troisième appareil et le deuxième appareil.
PCT/CN2023/135722 2023-11-30 2023-11-30 Communication sécurisée dans un système d'enregistrement et retransmission de réseau non terrestre Pending WO2025112008A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/CN2023/135722 WO2025112008A1 (fr) 2023-11-30 2023-11-30 Communication sécurisée dans un système d'enregistrement et retransmission de réseau non terrestre

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2023/135722 WO2025112008A1 (fr) 2023-11-30 2023-11-30 Communication sécurisée dans un système d'enregistrement et retransmission de réseau non terrestre

Publications (1)

Publication Number Publication Date
WO2025112008A1 true WO2025112008A1 (fr) 2025-06-05

Family

ID=95896049

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2023/135722 Pending WO2025112008A1 (fr) 2023-11-30 2023-11-30 Communication sécurisée dans un système d'enregistrement et retransmission de réseau non terrestre

Country Status (1)

Country Link
WO (1) WO2025112008A1 (fr)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010105442A1 (fr) * 2009-03-20 2010-09-23 深圳华为通信技术有限公司 Procédé, appareil et système de génération de paramètres-clés d'évolution
US20220369176A1 (en) * 2021-05-12 2022-11-17 Qualcomm Incorporated Security handling of 5gs to epc reselection
US20230180070A1 (en) * 2021-12-03 2023-06-08 Qualcomm Incorporated Inter-radio access technology handoff procedure

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010105442A1 (fr) * 2009-03-20 2010-09-23 深圳华为通信技术有限公司 Procédé, appareil et système de génération de paramètres-clés d'évolution
US20220369176A1 (en) * 2021-05-12 2022-11-17 Qualcomm Incorporated Security handling of 5gs to epc reselection
US20230180070A1 (en) * 2021-12-03 2023-06-08 Qualcomm Incorporated Inter-radio access technology handoff procedure

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
THALES, HUGHES, SES, INMARSAT, LIGADO, EUTELSAT, TTP, LOCKHEED, NOVAMINT, AIRBUS, LOCKHEED MARTIN, ST ENGINEERING, SATELIOT, CEWIT: "Consideration on RAN1/2/3 led NTN topics for Release 19", 3GPP DRAFT; RWS-230048, 3RD GENERATION PARTNERSHIP PROJECT (3GPP), MOBILE COMPETENCE CENTRE ; 650, ROUTE DES LUCIOLES ; F-06921 SOPHIA-ANTIPOLIS CEDEX ; FRANCE, vol. TSG RAN, no. 20230612 - 20230616, 30 May 2023 (2023-05-30), Mobile Competence Centre ; 650, route des Lucioles ; F-06921 Sophia-Antipolis Cedex ; France, XP052496074 *

Similar Documents

Publication Publication Date Title
US12408038B2 (en) Partial integrity protection in telecommunication systems
US10187860B2 (en) User equipment context handling with user equipment autonomous mobility
US12439246B2 (en) Security communication in prose U2N relay
WO2025112008A1 (fr) Communication sécurisée dans un système d'enregistrement et retransmission de réseau non terrestre
US20250380234A1 (en) Registration enhancement for multi-access
US20240244706A1 (en) Small data transmission
WO2024065209A1 (fr) Transmission de données précoce à destination d'un mobile pour internet des objets
US20240340772A1 (en) Steering of roaming enhancement during registration reject
WO2024098177A1 (fr) Procédure d'authentification pour tranche de réseau
WO2024243880A1 (fr) Valeur de temporisateur de strate de non-accès dynamique dans un réseau non terrestre
WO2025060001A1 (fr) Transfert intercellulaire dans un scénario lorsque à la fois une unité distribuée source et une unité distribuée cible sont co-localisées
US20250056401A1 (en) Mechanism for selecting a non-terrestrial network device
WO2025171589A1 (fr) Mappage de trafic de plan utilisateur
EP4325772B1 (fr) Utilisation d'un jeton d'accès dans une architecture basée sur un service
WO2024227300A1 (fr) Achèvement d'une procédure de strate de non-accès dans une architecture stockage et transmission
WO2025175429A1 (fr) Améliorations apportées à la prise en charge d'un état rrc_inactif
WO2024239213A1 (fr) Découverte de relais de protection pour scénario piloté par réseau de desserte
WO2025129588A1 (fr) Commutation autonome de partie de bande passante
WO2025091440A1 (fr) Notification de rejet
CN118972837A (zh) 用于注册的方法和装置
US20250097875A1 (en) Path switch between relays and security procedures
WO2025175539A1 (fr) Authentification akma avec des informations de dispositif
US20250133393A1 (en) User plane traffic handling for emergency case
KR20250047786A (ko) 비셀룰러 액세스하는 디바이스에 대한 인증
WO2023208472A1 (fr) Dispositifs, procédés, appareil et support lisible par ordinateur pour communications

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 23959919

Country of ref document: EP

Kind code of ref document: A1