Protecting transmission of capability information in wireless communication networks

By using non-access stratum security to generate tokens to protect the transmission of device capability information in wireless communication networks, the problem of easy tampering of device capability information caused by insufficient access stratum security is solved, and effective protection and adaptive transmission of device capability information are achieved without activating access stratum security.

CN115087971BActive Publication Date: 2026-07-14TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)
Filing Date
2021-02-12
Publication Date
2026-07-14

AI Technical Summary

Technical Problem

In existing wireless communication networks, device capability information is vulnerable to attacks when access layer security is not activated or is insufficient. Furthermore, existing protection methods rely on access layer security, which makes device capability information susceptible to tampering or affects network optimization.

Method used

By leveraging non-access stratum level security and multi-protocol layer protection capabilities for information transmission, tokens are generated and bound to capability information to ensure that the transmitted device capability information matches the request, even when access stratum security is not activated.

Benefits of technology

It enables secure transmission of device capability information even when access layer security is insufficient, prevents tampering, and improves the optimization efficiency and security of wireless communication networks.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN115087971B_ABST
    Figure CN115087971B_ABST
Patent Text Reader

Abstract

A wireless device (14) receives a capability query (24) on an access stratum (18), the capability query (24) requesting the wireless device (14) to send capability information (22) indicating one or more capabilities of the wireless device (14). After receiving the capability query (24), the wireless device (14) generates and sends a token (26) using one or more input parameters (28). The one or more input parameters (28) include at least some of the capability query (24) and / or at least some of the capability information (22). In some embodiments, the token (26) is generated or sent based on a non-access stratum security context (30) at the wireless device (14). The wireless device (14) also sends the capability information (22) on the access stratum (18).
Need to check novelty before this filing date? Find Prior Art

Description

[0001] Related applications

[0002] This application claims the benefit of U.S. Provisional Application Serial No. 62 / 976,897, filed on February 14, 2020, the entire contents of which are incorporated herein by reference. Technical Field

[0003] This application generally relates to wireless communication networks, and more specifically to protecting capability information transmission within such networks. Background Technology

[0004] A wireless device's ability to notify the wireless communication network when attached to a network and / or at other times enables the device and network to communicate using parameters within the device's capabilities. Based on which layer of the protocol hierarchy the capability relates to, device capabilities can be classified into two categories: Access Layer (AS) level capabilities are the access technology-related parts of the capability information, such as the device's power level and supported frequency bands. AS capabilities are used by the radio access network. AS capabilities can therefore also be appropriately referred to as radio access capabilities. Non-Access Layer (NAS) level capabilities are access-independent capabilities, such as supported security algorithms. NAS capabilities are used by the core network.

[0005] Several known methods exist for protecting capability information communication on the AS (Autonomous System) from security and / or privacy threats when wireless devices provide capability information to the network. However, these known methods rely on security measures that need to be activated on the AS at some point in time (before or after the transmission of capability information on the AS). Therefore, these known methods for protecting capability information transmission prove insufficient when AS security is not activated or supported. For example, some wireless devices may lack support for AS security, making their capability information vulnerable to tampering by attackers.

[0006] Other known methods (such as those described in 3GPP TR33.861 v1.5.0) only protect static capability information, requiring the acquisition of wireless device battery consumption and / or latency capability information, thus jeopardizing early optimization in the radio access network. Summary of the Invention

[0007] Some embodiments described herein protect the transmission of capability information from the wireless device to the network by utilizing Non-Access Stratum (NAS) level security and / or multiple protocol layers, for example, even without relying on Access Stratum (AS) level security. Furthermore, some embodiments protect the transmission of this capability information by adaptively providing different capability information to the network based on what capability information the network requests—that is, what is referred to herein as futureproofness. Alternatively or additionally, some embodiments herein protect the transmission of capability information by binding capability information requests with capability information responses to ensure to the network that the provided capability information actually corresponds to the capability information requested by the network.

[0008] More specifically, some embodiments herein include a method performed by a wireless device. The method includes: receiving a capability query at an access stratum, the capability query requesting the wireless device to send capability information indicating one or more capabilities of the wireless device. The method further includes: generating a token using one or more input parameters and sending the token after receiving the capability query. In some embodiments, the one or more input parameters include at least a portion of the capability query. Additionally or alternatively, in some embodiments, the one or more input parameters include at least some of the capability information. In any case, in some embodiments, the token is generated or sent based on a non-access stratum security context at the wireless device. The method further includes: sending the capability information at an access stratum after receiving the capability query.

[0009] In some embodiments, one or more input parameters include at least some part of the capability query.

[0010] In some embodiments, one or more input parameters include at least some of the capability information.

[0011] In some embodiments, one or more input parameters include a key in or derived from a non-access stratum security context. Additionally or alternatively, one or more input parameters include a count value included in the non-access stratum security context.

[0012] In some embodiments, generating a token includes: calculating the token as a hash of at least some of the capability information or a hash of a key.

[0013] In some embodiments, capability queries are received at an access stratum without access stratum security. Alternatively or additionally, capability information is sent at an access stratum without access stratum security.

[0014] In some embodiments, sending capability information includes sending a response to a capability query. In some embodiments, the response includes capability information and a token.

[0015] In some embodiments, sending a token includes sending a token to a radio network device at the access layer.

[0016] In some embodiments, sending a token includes sending a token to a core network device in a non-access stratum message.

[0017] In some embodiments, the capability information includes access layer capability information or radio capability information.

[0018] In some embodiments, the wireless device lacks support for access layer security. Additionally or alternatively, the wireless device only supports control plane cellular IoT optimization features.

[0019] Other embodiments herein include a method performed by a network device. The method includes receiving from a radio network device at least a portion of a capability query that the radio network device has sent to a wireless device requesting the wireless device to send capability information indicating one or more capabilities of the wireless device. Alternatively or additionally, the method includes receiving from the radio network device at least some of the capability information that the radio network device has received from the wireless device in response to the capability query. In any case, the method further includes generating a token by the network device using one or more input parameters. In some embodiments, the one or more input parameters include at least a portion of the capability query. Additionally or alternatively, the one or more input parameters include at least some of the capability information received from the radio network device. The method further includes performing or assisting the radio network device in verifying whether the token generated by the network device matches or corresponds to a token generated by the wireless device (e.g., a token generated by the wireless device after the wireless device receives the capability query).

[0020] In some embodiments, the method further includes: receiving a token generated by the wireless device after the network device receives capability information from the wireless device. In one or more of these embodiments, receiving the token generated by the wireless device includes: receiving the token generated by the wireless device from the radio network device. In one or more of these embodiments, receiving the token generated by the wireless device includes: receiving the token generated by the wireless device from the wireless device. In one or more of these embodiments, the token generated by the wireless device is received in a non-access stratum message. In one or more of these embodiments, the token generated by the wireless device is received at the non-access stratum after security activation at the non-access stratum.

[0021] In some embodiments, generating a token by a network device includes generating the token by the network device based on the non-access stratum security context at the network device.

[0022] In some embodiments, one or more input parameters include a key in or derived from a non-access stratum security context. Additionally or alternatively, one or more input parameters include a count value included in the non-access stratum security context.

[0023] In some embodiments, generating a token includes: calculating the token as a hash of at least some of the capability information or a hash of a key.

[0024] In some embodiments, one or more input parameters include at least some of the capability information.

[0025] In some embodiments, one or more input parameters include at least some part of the capability query.

[0026] In some embodiments, the capability information includes access layer capability information or radio capability information.

[0027] In some embodiments, the wireless device lacks support for access layer security. Additionally or alternatively, the wireless device only supports control plane cellular IoT optimization features.

[0028] In some embodiments, the method further includes assisting the radio network device in authentication. In some embodiments, assisting the radio network device includes sending a token generated by the network device to the radio network device.

[0029] Other embodiments herein include a method performed by a radio network device. The method includes: sending a capability query to the radio device at an access layer, the capability query requesting the radio device to send capability information indicating one or more capabilities of the radio device. The method further includes: sending at least a portion of the capability query to the network device.

[0030] In some embodiments, the method further includes receiving capability information from a wireless device at the access layer after sending a capability query. In one or more such embodiments, the method may further include sending at least some of the received capability information to a network device.

[0031] In some embodiments, the method further includes: receiving a notification from a network device indicating whether the network device has verified that the capability query and / or capability information has been securely transmitted. Additionally or alternatively, the notification indicates whether a token generated by the network device matches or corresponds to a token generated by a wireless device, or indicates that a token generated by the network device matches or corresponds to a token generated by a wireless device.

[0032] In some embodiments, the capability information includes access layer capability information or radio capability information.

[0033] In some embodiments, the wireless device lacks support for access layer security. Additionally or alternatively, the wireless device only supports control plane cellular IoT optimization features.

[0034] In some embodiments, the method further includes: after sending a capability query to the wireless device, receiving a token from the wireless device and sending the received token to the network device.

[0035] Other embodiments described herein include a wireless device comprising communication circuitry and processing circuitry. The processing circuitry is configured to: receive a capability query at an access stratum requesting the wireless device to send capability information indicating one or more capabilities of the wireless device. The processing circuitry is further configured to: upon receiving the capability query, generate a token using one or more input parameters and send the token. In some embodiments, the one or more input parameters include at least a portion of the capability query. Additionally or alternatively, the one or more input parameters include at least some of the capability information. In some embodiments, the token is generated or sent based on a non-access stratum security context at the wireless device. The processing circuitry is also configured to: upon receiving the capability query, send the capability information at an access stratum.

[0036] In some embodiments, the processing circuitry is configured to perform the steps described above for a wireless device.

[0037] Other embodiments described herein include a network device comprising communication circuitry and processing circuitry. The processing circuitry is configured to: receive from a radio network device at least a portion of a capability query that the radio network device has sent to a wireless device requesting the wireless device to send capability information indicating one or more capabilities of the wireless device, and / or (ii) at least some of the capability information that the radio network device has received from the wireless device in response to the capability query. The processing circuitry is further configured to: generate a token by the network device using one or more input parameters. In some embodiments, the one or more input parameters include at least a portion of the capability query. Additionally or alternatively, the one or more input parameters include at least some of the capability information received from the radio network device. The processing circuitry is further configured to: perform or assist the radio network device in verifying whether the token generated by the network device matches or corresponds to a token generated by the wireless device (e.g., a token generated by the wireless device after the wireless device receives the capability query).

[0038] In some embodiments, the processing circuitry is configured to perform the steps described above for the network device.

[0039] Other embodiments herein include a radio network device comprising communication circuitry and processing circuitry. The processing circuitry is configured to: send a capability query to a radio device at the access layer, the capability query requesting the radio device to send capability information indicating one or more capabilities of the radio device; and, after sending the capability query, receive capability information from the radio device at the access layer. The processing circuitry is further configured to: send at least some of the received capability information and / or at least a portion of the capability query to the network device.

[0040] In some embodiments, the processing circuitry is configured to perform the steps described above for radio network devices.

[0041] Other embodiments herein include a computer program comprising instructions that, when executed by at least one processor of a wireless device, cause the wireless device to perform the steps described above for the wireless device. Other embodiments herein include a computer program comprising instructions that, when executed by at least one processor of a network device, cause the network device to perform the steps described above for the network device. Other embodiments herein include a computer program comprising instructions that, when executed by at least one processor of a radio network device, cause the radio network device to perform the steps described above for the radio network device. In one or more of these embodiments, the carrier including the above-described computer program is one of an electrical signal, an optical signal, a radio signal, or a computer-readable storage medium.

[0042] Other embodiments herein include a method performed by a wireless device. The method includes: receiving a request at a first protocol layer of the wireless device. In some embodiments, the request is a capability query requesting the wireless device to send capability information indicating one or more capabilities of the wireless device. The method further includes: sending a response to the request from a second protocol layer of the wireless device. In some embodiments, the response includes capability information.

[0043] In some embodiments, the request is received at the first protocol layer without security at the first protocol layer. In this case, the response is sent from the second protocol layer with security at the second protocol layer.

[0044] In some embodiments, sending the response includes: generating a first protocol layer message, encapsulating the first protocol layer message in the response, and sending the response from a second protocol layer.

[0045] In some embodiments, the wireless device lacks support for security at the first protocol layer. Additionally or alternatively, the wireless device only supports control plane cellular IoT optimization features.

[0046] In some embodiments, the first protocol layer is an access layer, corresponds to an access layer, or is included in an access layer. Additionally or alternatively, the second protocol layer is a non-access layer, corresponds to a non-access layer, or is included in a non-access layer.

[0047] In some embodiments, the capability information includes access layer capability information or radio capability information.

[0048] Other embodiments herein include a method performed by a radio network device. The method includes: sending a request to the wireless device. In some embodiments, the request is a capability query requesting the wireless device to send capability information indicating one or more capabilities of the wireless device. The method further includes: receiving a response to the request from the wireless device. In some embodiments, the response includes capability information.

[0049] In some embodiments, the request is sent from the first protocol layer of the radio network device without security at the first protocol layer. In some embodiments, the response is received from the network device at a protected interface with the network device.

[0050] In some embodiments, the request is sent at the access layer.

[0051] In some embodiments, the wireless device lacks support for security at the access layer. Additionally or alternatively, the wireless device only supports control plane cellular IoT optimization features.

[0052] In some embodiments, the capability information includes access layer capability information or radio capability information.

[0053] Other embodiments herein include a method performed by a network device. The method includes: receiving from a wireless device a response to a request sent by a radio network device to the wireless device. In some embodiments, the request is a capability query requesting the wireless device to send capability information indicating one or more capabilities of the wireless device. The method further includes: sending a response to the radio network device. In this case, the response includes the capability information.

[0054] In some embodiments, the request is sent from the first protocol layer of the radio network device to the wireless device without security at the first protocol layer. In some embodiments, the response is sent from the network device over a protected interface with the radio network device.

[0055] In some embodiments, the request is sent from a radio network device to a wireless device at the access layer.

[0056] In some embodiments, the wireless device lacks support for security at the access layer. Additionally or alternatively, the wireless device only supports control plane cellular IoT optimization features.

[0057] In some embodiments, the capability information includes access layer capability information or radio capability information.

[0058] Other embodiments described herein include a wireless device comprising communication circuitry and processing circuitry. The processing circuitry is configured to receive a request at a first protocol layer of the wireless device. In some embodiments, the request is a capability query requesting the wireless device to send capability information indicating one or more capabilities of the wireless device. The processing circuitry is also configured to send a response to the request from a second protocol layer of the wireless device. In some embodiments, the response includes capability information.

[0059] In some embodiments, the processing circuitry is configured to perform the steps described above for a wireless device.

[0060] Other embodiments herein include a radio network device comprising communication circuitry and processing circuitry. The processing circuitry is configured to send a request to a wireless device. In some embodiments, the request is a capability query requesting the wireless device to send capability information indicating one or more capabilities of the wireless device. The processing circuitry is also configured to receive a response from the wireless device to the request, wherein the response includes the capability information.

[0061] In some embodiments, the processing circuitry is configured to perform the steps described above for radio network devices.

[0062] Other embodiments described herein include a network device comprising communication circuitry and processing circuitry. The processing circuitry is configured to receive from a wireless device a response to a request sent from a radio network device to the wireless device. In some embodiments, the request is a capability query requesting the wireless device to send capability information indicating one or more capabilities of the wireless device. The processing circuitry is further configured to send the response to the radio network device, wherein the response includes the capability information.

[0063] In some embodiments, the processing circuitry is configured to perform the steps described above for the network device.

[0064] Other embodiments herein include a computer program comprising instructions that, when executed by at least one processor of a wireless device, cause the wireless device to perform the steps described above for the wireless device. Other embodiments herein include a computer program comprising instructions that, when executed by at least one processor of a radio network device, cause the network device to perform the steps described above for the radio network device. Other embodiments herein include a computer program comprising instructions that, when executed by at least one processor of a network device, cause the network device to perform the steps described above for the network device. In one or more of these embodiments, the carrier including the above-described computer program is one of an electrical signal, an optical signal, a radio signal, or a computer-readable storage medium.

[0065] Of course, the present invention is not limited to the features and advantages described above. In fact, those skilled in the art will recognize other features and advantages by reading the following detailed description and referring to the accompanying drawings. Attached Figure Description

[0066] Figure 1 This is a block diagram of a wireless communication network according to some embodiments.

[0067] Figure 2 This is a logic flowchart of a method performed by a wireless device according to some embodiments.

[0068] Figure 3 This is a logic flowchart of a method performed by a radio network device according to some embodiments.

[0069] Figure 4 This is a logical flowchart of a method performed by a network device according to some embodiments.

[0070] Figure 5 This is a block diagram of a wireless communication network according to other embodiments.

[0071] Figure 6 This is a logic flowchart of a method performed by a wireless device according to other embodiments.

[0072] Figure 7 This is a logic flowchart of a method performed by a radio network device according to other embodiments.

[0073] Figure 8 This is a logical flowchart of a method performed by a network device according to other embodiments.

[0074] Figure 9 This is a block diagram of a wireless device according to some embodiments.

[0075] Figure 10 This is a block diagram of a network device according to some embodiments.

[0076] Figure 11 This is a block diagram of a 5G network according to some embodiments.

[0077] Figure 12 This is a call flowchart for the initial attachment and capability acquisition process according to some embodiments.

[0078] Figure 13 This is a flowchart illustrating the process by which an AMF provides UE capabilities to a gNB, according to some embodiments.

[0079] Figure 14 This is a flowchart illustrating the process of transmitting data to protect the capabilities of a UE, according to some embodiments.

[0080] Figure 15 This is a flowchart illustrating the process of transmitting data to protect UE capabilities according to other embodiments.

[0081] Figure 16 This is a call flowchart of a transmission process for protecting UE capabilities according to yet another embodiment.

[0082] Figure 17 This is a flowchart illustrating the process of transmitting data to protect UE capabilities according to other embodiments.

[0083] Figure 18 This is a flowchart illustrating the process of transmitting data to protect UE capabilities according to other embodiments.

[0084] Figure 19 This is a flowchart illustrating the process of transmitting data to protect UE capabilities according to other embodiments.

[0085] Figure 20 This is a flowchart illustrating the process of transmitting data to protect UE capabilities according to other embodiments.

[0086] Figure 21 This is a flowchart illustrating the process of transmitting data to protect UE capabilities according to other embodiments.

[0087] Figure 22 This is a flowchart illustrating the process of transmitting data to protect UE capabilities according to other embodiments.

[0088] Figure 23A and Figure 23B This is a flowchart illustrating the process of transmitting data to protect the capabilities of a UE, according to some embodiments.

[0089] Figure 24 This is a block diagram of a wireless communication network according to some embodiments.

[0090] Figure 25This is a block diagram of a user device according to some embodiments.

[0091] Figure 26 This is a block diagram of a virtualized environment according to some embodiments.

[0092] Figure 27 This is a block diagram of a communication network having a host computer according to some embodiments.

[0093] Figure 28 This is a block diagram of a host computer according to some embodiments.

[0094] Figure 29 This is a flowchart illustrating a method implemented in a communication system according to one embodiment.

[0095] Figure 30 This is a flowchart illustrating a method implemented in a communication system according to one embodiment.

[0096] Figure 31 This is a flowchart illustrating a method implemented in a communication system according to one embodiment.

[0097] Figure 32 This is a flowchart illustrating a method implemented in a communication system according to one embodiment. Detailed Implementation

[0098] Figure 1 A wireless communication network 10 (e.g., a 5G network) according to some embodiments is illustrated. Network 10 includes a core network (CN) 10A and a radio access network (RAN) 10B. RAN 10B includes radio network equipment 12 for providing radio access to a wireless communication device 14 (also simply referred to as a wireless device), one of which is shown. Through this radio access, the wireless device 14 connects to CN 10A, which in turn can provide the wireless device 14 with access to one or more external networks (e.g., the Internet). CN 10A may, for example, include network equipment 16, which may implement, for example, Access and Mobility Functions (AMF).

[0099] From a protocol architecture perspective, network 10 is divided into an access layer (AS) 18 and a non-access layer (NAS) 20. AS 18 contains protocols that handle activities between wireless device 14 and RAN 10B, such as for transmitting data over a radio connection and managing radio resources. NAS 20 contains protocols that handle activities between wireless device 14 and CN 10A (or more specifically, network device 16 within CN 10A), such as for establishing communication sessions and maintaining continuous communication when wireless device 14 is moving. Network 10 is also divided into a user plane (UP) and a control plane (CP). The control plane contains protocols responsible for managing transport bearers, while the user plane contains protocols responsible for transmitting user services.

[0100] Figure 1 The diagram illustrates so-called capability information 22 sent by wireless device 14, indicating one or more capabilities of wireless device 14. Wireless device 14 may do so in response to a capability query 24 (e.g., from radio network device 12) requesting wireless device 14 to send capability information 22. In some embodiments, capability information 22 constitutes radio access capability information, which is any type of information indicating the radio access capabilities of wireless device 14. Information 22 may explicitly indicate these capabilities, for example, using explicit parameter values, using multiple segments of capability information, using (manufacturer-specific) identifiers (e.g., capability IDs) encoded or mapped to a set of capabilities, using compressed information, etc. Regardless of the particular manner in which capabilities are indicated, radio access capabilities of wireless device 14 as used herein refer to the wireless device's ability to communicate with RAN 10B via radio access. These radio access capabilities may also be referred to as AS capabilities. Radio access capabilities are therefore distinguished from the wireless device 14's capabilities relative to communicating with CN 10A and / or on NAS.

[0101] In any case, the radio access capabilities indicated by capability information 22 may include, for example, the frequency band supported by radio device 14, the discontinuous reception period length supported by radio device 14, feature group indicator information indicating support for different types of measurement reports, etc. Alternatively or additionally, radio access capabilities may include one or more of the following: support for delay budget reporting, support for RRC_inactive state, support for uplink (UL) transmission via the primary cell group (MCG) path or secondary cell group (SCG) path for segmented signaling radio bearers (SRB), support for uplink (UL) transmission via both the MCG path and the SCG path for segmented data radio bearers (DRB), support for direct SRB between the serving network (SN) and radio device 14, support for Evolved Universal Terrestrial Radio Access (EUTRA) Vehicle-to-Everything (V2X), support for Internet Protocol (IP) Multimedia Subsystem (IMS) Voice New Radio (NR) Packet Data Convergence Protocol (PDCP) for MCG bearers in NR, and support for various PDCP parameters / features (e.g., P...). Supports DCP replication, out-of-order delivery, maximum header compression context session count), Radio Link Control (RLC) parameters / features (e.g., supported RLC sequence number length), Media Access Control (MAC) parameters / features (e.g., support for long discontinuous receive period length, support for authorization configuration for each cell group, support for skipping uplink transmissions used for uplink authorization), and Physical Layer parameters / features (e.g., supported frequency bands, supported frequency band combinations, support for beam mapping, support for extended cyclic prefix (CP), support for Sound Reference Signal (SRS) antenna port switching, supported frequency separation levels, supported Physical Downlink Control Channel (PDCCH) search space monitoring timing, supported Physical Downlink Shared Channel (PDSCH) mapping type, supported PDCCH blind decoding capability, and supported PUCCH format).

[0102] In any case, in some embodiments, such as Figure 1As shown, wireless device 14 transmits capability information 22 to radio network device 12 on or via AS 18 (e.g., via one or more Radio Resource Control (RRC) messages transmitted over the air). Wireless device 14 can do this even if security on AS 18 is not yet activated; for example, activating security on AS 18 may refer to using a security key to activate or apply integrity protection and / or confidentiality protection on AS 18. In fact, wireless device 14 may even lack support for activating security on AS 18 in some embodiments. Wireless device 14 may, for example, only support control plane cellular IoT optimization functions. Then, in these and other cases, capability query 24 and / or capability information 22 can be transmitted on AS 18 without activating AS security.

[0103] Nevertheless, some embodiments herein protect the transmission of capability information 22 from wireless device 14 by utilizing NAS-level security, for example, even without relying on AS-level security. Furthermore, some embodiments protect the transmission of this capability information by adaptively providing different capability information based on what capability information is requested by the wireless device, i.e., what is referred to herein as future-oriented. Alternatively or additionally, some embodiments herein protect the transmission of capability information 22 by binding capability query 24 with capability information 22 sent as a response, ensuring that the provided capability information 22 actually corresponds to the requested capability information.

[0104] More specifically, in this respect, the wireless device 14 shown generates a token 26, also referred to as a security token, to ensure the transmission of capability information 22. The wireless device 14 can generate this token 26 using one or more input parameters 28. As shown, the one or more input parameters 28 may include at least some of the capability information 22 that the wireless device 14 has or will send. It is noteworthy that in some embodiments, the wireless device 14 generates the token only after receiving the capability query 24. Generating the token 26 in this manner means that the token 26 depends on or otherwise accurately takes into account the capability information 22 sent in the request and / or response, for example, such that the token 26 may differ or vary depending on the capability information 22 sent and / or requested. The wireless device 14 can generate the token 26, for example, by calculating the token 26 as a hash of at least some of the capability information 22. In these and other cases, the wireless device 14 can use cryptographic hash functions, key derivation functions, integrity algorithms, encryption algorithms, etc., to generate the token 26.

[0105] Alternatively or additionally, input parameter 28 may include at least a portion of capability query 24. Generating token 26 in this manner means that token 26 depends on or otherwise takes into account the exact capability query 24 sent to wireless device 14, for example, to bind capability information 22 to a specific capability query 24. Wireless device 14 may generate token 26, for example, by calculating token 26 as a hash on at least a portion of capability query 24.

[0106] In some embodiments, the wireless device 14 utilizes the NAS security context 30 to generate or send the token 26. The wireless device 14 may generate or send the token 26, for example, using at least some information in or derived from the NAS security context 30. This information in or derived from the NAS security context 30 may include, for example, one or more keys, counter values, freshness parameters, integrity algorithms, encryption algorithms, etc.

[0107] Specifically, when the wireless device 14 generates token 26 using NAS security context 30, the input parameters 28 used to generate token 26 may include at least some information in or derived from NAS security context 30. For example, in one embodiment, input parameters 28 include keys in or derived from NAS security context 30. The wireless device 14 may, for example, calculate token 26 as a hash of an encryption key on at least some of the capability information 28 and / or at least a portion of the capability query 24, wherein the hash of the encryption key is encrypted using one or more keys derived from or derived from NAS security context 30. Alternatively or additionally, the wireless device 14 may generate token 26 based on an integrity algorithm or encryption algorithm identified by NAS security context 30.

[0108] In an embodiment where wireless device 14 generates token 26 based on NAS security context 30, wireless device 14 may, for example, send token 26 to radio network device 12 on AS 18. Wireless device 26 may, for example, include token 26 along with capability information 22 in its response to capability query 24, or include token 26 in association with capability information 22. Radio network device 12 may then forward token 26 to network device 16 (e.g., implementing AMF).

[0109] In contrast, in other embodiments where wireless device 14 sends token 26 based on NAS security context 30, wireless device 14 may send token 26 to network device 16 in a NAS message, for example, via a NAS connection between wireless device 14 and network device 16. In practice, in this case, the NAS connection itself may be established based on NAS security context 30.

[0110] In any case, as shown in some embodiments, radio network device 12 will send authentication assistance information 32 to network device 16. Authentication assistance information 32 may include token 26 (e.g., if radio network device 12 receives token 26 from wireless device 14), at least some of capability information 22 received from wireless device 14, and / or at least a portion of capability query 24.

[0111] As shown in the figure, network device 16 itself generates token 34 using one or more input parameters 36. Input parameters 26 may similarly include at least some of the capability information 22 that the wireless device 14 has or will send, and / or at least a portion of the capability query 24, as indicated in the authentication assistance information 32.

[0112] After generating token 34, network device 16 performs or assists radio network device 12 in verifying whether the token 34 generated by network device 16 matches or corresponds to the token 26 generated by radio device 14 after radio device 14 receives capability query 24. In embodiments where network device 16 performs this verification itself, such as... Figure 1 As shown, network device 16 can receive token 26 generated by wireless device 14 on NAS 20 from wireless device 14 itself or from radio network device 12, and then compare tokens 26, 34 to determine if they match (or otherwise correspond to each other). Network device 16 can send a notification (not shown) to radio network device 16 indicating the result of this verification, for example, for radio network device 16 to use in determining how to process capability information 22 received from wireless device 14. In contrast, in an embodiment where network device 16 assists radio network device 16 in performing this verification, network device 16 can send token 34 generated by network device 16 to radio network device 12, allowing radio network device 12 to compare tokens 26, 34 to determine if they match (or otherwise correspond to each other). In either case, verifying that tokens 26, 34 do match or correspond to each other means or supports the conclusion that capability information 22 was securely transmitted from wireless device 14 to radio network device 12 on AS 18, for example, even if security has not yet been activated on AS 18.

[0113] In view of the above modifications and changes, Figure 2A method performed by a wireless device 14 according to a particular embodiment is depicted. The method includes: receiving a capability query 24 on an access layer 18, the capability query 24 requesting the wireless device 14 to send capability information 22 indicating one or more capabilities of the wireless device 14 (block 200). The method may further include: after receiving the capability query 24, generating a token 26 using one or more input parameters 28, sending the token 26, and sending the capability information 22 on the access layer 18 (block 210). In some embodiments, the one or more input parameters 28 include at least some portions of the capability query 24 and / or at least some of the capability information 22. Alternatively or additionally, in some embodiments, the token 26 is generated or sent based on a non-access layer security context 30 at the wireless device 14.

[0114] In some embodiments, one or more input parameters 28 include at least some portions of the capability query 24.

[0115] In some embodiments, one or more input parameters 28 include at least some of the capability information 22.

[0116] In some embodiments, one or more input parameters 28 include a key in or derived from the non-access stratum security context 30. Additionally or alternatively, in some embodiments, one or more input parameters 28 include a count value included in the non-access stratum security context 30.

[0117] In some embodiments, generating token 26 includes calculating token 26 as a hash of at least some of the capability information 22 or a hash of the encryption key.

[0118] In some embodiments, capability queries 24 are received at the access layer without access layer security. Additionally or alternatively, capability information 22 is transmitted at the access layer without access layer security.

[0119] In some embodiments, sending capability information 22 includes sending a response to capability query 24. In some embodiments, the response includes capability information 22 and a token 26.

[0120] In some embodiments, sending token 26 includes sending token 26 to radio network device 12 on access layer 18.

[0121] In some embodiments, sending token 26 includes sending token 26 to the core network device in a non-access stratum message.

[0122] In some embodiments, capability information 22 includes access layer capability information or radio capability information.

[0123] In some embodiments, wireless device 14 lacks support for access layer security. Additionally or alternatively, wireless device 14 only supports control plane cellular IoT optimization features.

[0124] Figure 3 A method performed by a radio network device 12 according to another specific embodiment is depicted. The method includes: sending a capability query 24 to a wireless device 14 on an access layer 18, the capability query 24 requesting the wireless device 14 to send capability information 22 indicating one or more capabilities of the wireless device 14 (block 300). In some embodiments, the method further includes: sending at least some portions of the capability query 24 to a network device 16 (block 320B).

[0125] In some of the embodiments shown, the method may further include receiving capability information 22 from the wireless device 14 at the access layer 18 after sending capability query 24 (block 310). In one or more such embodiments, the method may further include sending at least some of the received capability information 22 to the network device 16 (block 320A).

[0126] Typically, the method may then include sending at least some of the received capability information 22 and / or at least some portions of the capability query 24 to the network device 16.

[0127] In some embodiments, the method further includes: receiving a notification from network device 16 indicating whether network device 16 has verified that capability query 24 and / or capability information 22 has been securely transmitted. Additionally or alternatively, the notification indicates whether a token 34 generated by network device 12 matches or corresponds to a token 26 generated by wireless device 14, or indicates that a token 34 generated by network device 12 matches or corresponds to a token 26 generated by wireless device 14.

[0128] In some embodiments, capability information 22 includes access layer capability information or radio capability information.

[0129] In some embodiments, wireless device 14 lacks support for access layer security. Additionally or alternatively, wireless device 14 only supports control plane cellular IoT optimization features.

[0130] In some embodiments, the method further includes: after sending a capability query 24 to the wireless device 14, receiving a token 26 from the wireless device 14 and sending the received token 26 to the network device 16.

[0131] Figure 4A method performed by network device 16 according to other specific embodiments is depicted. The method includes: receiving from radio network device 12 at least some portions of a capability query 24 sent by radio network device 24 to wireless device 14 requesting wireless device 14 to send capability information 22 indicating one or more capabilities of wireless device 14, and / or at least some of the capability information 22 received by radio network device 12 from wireless device 14 in response to the capability query 24 (box 400). The method may further include: generating a token 34 by network device 16 using one or more input parameters 36, wherein the one or more input parameters 36 include at least some portions of the capability query 24 received from radio network device 12 and / or at least some of the capability information 22 (box 410). In some embodiments, the method further includes: performing or assisting radio network device 12 in verifying whether the token 34 generated by network device 16 matches or corresponds to a token 26 generated by wireless device 14 (e.g., a token 26 generated by wireless device 14 after wireless device 14 receives the capability query 24) (box 420).

[0132] In some embodiments, the method further includes: receiving a token 26 generated by the wireless device 14 after the network device 16 receives capability information 22 from the wireless device 14. In one or more of these embodiments, receiving the token 26 generated by the wireless device 14 includes: receiving the token 26 generated by the wireless device 14 from the radio network device 12. In one or more of these embodiments, receiving the token 26 generated by the wireless device 14 includes: receiving the token 26 generated by the wireless device 14 from the wireless device 14. In one or more of these embodiments, the token 26 generated by the wireless device 14 is received in a non-access stratum message. In one or more of these embodiments, the token 26 generated by the wireless device 14 is received on the non-access stratum 20 after security activation on the non-access stratum 20.

[0133] In some embodiments, generating token 34 by network device 16 includes generating token 34 by network device 16 based on non-access stratum security context 30 at network device 16.

[0134] In some embodiments, one or more input parameters 36 include a key in or derived from the non-access stratum security context 30. Additionally or alternatively, one or more input parameters 36 include a count value included in the non-access stratum security context 30.

[0135] In some embodiments, generating token 34 includes: calculating token 34 as a hash of at least some of the capability information 22 or a hash of the encryption key.

[0136] In some embodiments, one or more input parameters 36 include at least some of the capability information 22.

[0137] In some embodiments, one or more input parameters 36 include at least a portion of the capability query 24.

[0138] In some embodiments, capability information 22 includes access layer capability information or radio capability information.

[0139] In some embodiments, wireless device 14 lacks support for access layer security. Additionally or alternatively, wireless device 14 only supports control plane cellular IoT optimization features.

[0140] In some embodiments, the method further includes assisting the radio network device 12 in performing authentication. In some embodiments, assisting the radio network device 12 includes sending a token 34 generated by the network device 16 to the radio network device 12.

[0141] Figure 5 Other embodiments described herein are used to protect the transmission of capability information 22 from wireless device 14 by utilizing NAS-level security and / or multiple protocol layers (e.g., even without relying on AS-level security). As shown, wireless device 14 receives capability query 24 from radio network device 12, for example, on AS 18. However, wireless device 14 sends capability information 22 to network device 16, for example, on NAS 20. Network device 16 then forwards capability information 22 to radio network device 12. This can be operated to securely transmit capability information 22 by utilizing the activation of security on NAS 20, even when AS-level security is not activated.

[0142] Usually, then, Figure 5 Examples of embodiments are illustrated in which wireless device 14 receives a request (e.g., capability query 24) at a first protocol layer of wireless device 14 (e.g., the protocol layer of AS 18), but sends a response (e.g., capability information 22) from a second protocol layer of wireless device 14 (e.g., the protocol layer of NAS 20).

[0143] Figure 6 A method performed by a wireless device 14 according to another specific embodiment is depicted. The method includes: receiving a request at a first protocol layer of the wireless device 14 (block 600). The request may, for example, be a capability query 24 requesting the wireless device 14 to send capability information 22 indicating one or more capabilities of the wireless device 14. In any case, the method further includes: sending a response to the request from a second protocol layer of the wireless device 14 (block 610). For example, in the case that the request is capability query 24, the response may include the requested capability information 22.

[0144] In some embodiments, a request is received at the first protocol layer without security at the first protocol layer. In this case, the response is sent from the second protocol layer with security at the second protocol layer.

[0145] In some embodiments, sending the response includes: generating a first protocol layer message, encapsulating the first protocol layer message in the response, and sending the response from a second protocol layer.

[0146] In some embodiments, wireless device 14 lacks support for security at the first protocol layer. Additionally or alternatively, wireless device 14 only supports control plane cellular IoT optimization features.

[0147] In some embodiments, the first protocol layer is access layer 18, corresponds to access layer 18, or is included in access layer 18. Additionally or alternatively, the second protocol layer is non-access layer 20, corresponds to non-access layer 20, or is included in non-access layer 20.

[0148] In some embodiments, capability information 22 includes access layer capability information or radio capability information.

[0149] Figure 7 A method performed by radio network device 12 according to another specific embodiment is depicted. The method includes: sending a request to wireless device 14 (block 700). The request may, for example, be a capability query 24 requesting wireless device 14 to send capability information indicating one or more capabilities of wireless device 14. In any case, the method also includes: receiving a response from network device 16 to the request from wireless device 14 (block 710). For example, in the case of a capability query 24, the response may include the requested capability information.

[0150] In some embodiments, the request is sent from the first protocol layer of the radio network device 12 without security at the first protocol layer. In some embodiments, a response is received from the network device 16 at a protected interface with the network device 16.

[0151] In some embodiments, the request is sent at access layer 18.

[0152] In some embodiments, wireless device 14 lacks support for security on access layer 18. Additionally or alternatively, wireless device 14 only supports control plane cellular IoT optimization features.

[0153] In some embodiments, capability information 22 includes access layer capability information or radio capability information.

[0154] Figure 8A method performed by network device 16 according to another specific embodiment is depicted. The method includes: receiving from wireless device 14 a response to a request sent by radio network device 12 to wireless device 14 (block 800). The request may, for example, be a capability query 24 requesting wireless device 14 to send capability information indicating one or more capabilities of wireless device 14. In any case, the method also includes: sending the response to radio network device 12 (block 810). For example, in the case that the request is capability query 24, the response may include the requested capability information.

[0155] In some embodiments, the request is sent from the first protocol layer of the radio network device 12 to the wireless device 14 without security at the first protocol layer. In some embodiments, the response is sent from the network device 16 on the protected interface with the radio network device 12.

[0156] In some embodiments, the request is sent from wireless device 14 of radio network device 12 on access layer 18.

[0157] In some embodiments, wireless device 14 lacks support for security on access layer 18. Additionally or alternatively, wireless device 14 only supports control plane cellular IoT optimization features.

[0158] In some embodiments, capability information 22 includes access layer capability information or radio capability information.

[0159] The embodiments described herein also include corresponding apparatus. For example, the embodiments described herein include a wireless device 14 configured to perform any of the steps of any of the embodiments described above with respect to the wireless device 14.

[0160] The embodiment also includes a wireless device 14, which includes processing circuitry and a power supply circuitry. The processing circuitry is configured to perform any of the steps described above with respect to any embodiment of the wireless device 14. The power supply circuitry is configured to supply power to the wireless device 14.

[0161] The embodiments also include a wireless device 14, which includes processing circuitry. The processing circuitry is configured to perform any of the steps described above with respect to any embodiment of the wireless device 14. In some embodiments, the wireless device 14 also includes communication circuitry.

[0162] The embodiments also include a wireless device 14, which includes processing circuitry and a memory. The memory contains instructions executable by the processing circuitry, thereby configuring the wireless device 14 to perform any of the steps described above for any of the embodiments of the wireless device 14.

[0163] Furthermore, the embodiments include a user equipment (UE). The UE includes an antenna configured to transmit and receive wireless signals. The UE also includes radio front-end circuitry connected to the antenna and processing circuitry, configured to modulate signals transmitted between the antenna and processing circuitry. The processing circuitry is configured to perform any of the steps described above for any embodiment of the wireless device 14. In some embodiments, the UE also includes an input interface connected to the processing circuitry and configured to allow information to be input into the UE for processing by the processing circuitry. The UE may include an output interface connected to the processing circuitry and configured to output information already processed by the processing circuitry from the UE. The UE may include a battery connected to the processing circuitry and configured to power the UE.

[0164] The embodiments herein also include a radio network device 12, which is configured to perform any of the steps of any of the embodiments described above with respect to the radio network device 12.

[0165] The embodiment also includes a radio network device 12, which includes processing circuitry and power supply circuitry. The processing circuitry is configured to perform any step of any embodiment described above with respect to the radio network device 12. The power supply circuitry is configured to supply power to the radio network device 12.

[0166] The embodiments also include a radio network device 12, which includes processing circuitry. The processing circuitry is configured to perform any steps of any embodiment described above for the radio network device 12. In some embodiments, the radio network device 12 also includes communication circuitry.

[0167] The embodiments also include a radio network device 12, which includes processing circuitry and a memory. The memory contains instructions executable by the processing circuitry, thereby configuring the radio network device 12 to perform any steps of any of the embodiments described above for the radio network device 12.

[0168] The embodiments herein additionally include network device 16, which is configured to perform any of the steps of any of the embodiments described above for network device 16.

[0169] The embodiment also includes a network device 16, which includes processing circuitry and power supply circuitry. The processing circuitry is configured to perform any of the steps described above with respect to any embodiment of the network device 16. The power supply circuitry is configured to supply power to the network device 16.

[0170] The embodiments also include a network device 16, which includes processing circuitry. The processing circuitry is configured to perform any of the steps described above with respect to any embodiment of the network device 16. In some embodiments, the network device 16 also includes communication circuitry.

[0171] The embodiments also include a network device 16, which includes processing circuitry and a memory. The memory contains instructions executable by the processing circuitry, thereby configuring the network device 16 to perform any of the steps described above for any of the embodiments for the network device 16.

[0172] More specifically, the above-described apparatus can perform the methods and any other processing described herein by implementing any functional means, modules, units, or circuits. In one embodiment, for example, the apparatus includes a corresponding circuit or circuit system configured to perform the steps shown in the method drawings. In this regard, the circuit or circuit system may include circuitry dedicated to performing certain functional processing and / or one or more microprocessors combined with memory. For example, the circuitry may include one or more microprocessors or microcontrollers and other digital hardware, which may include digital signal processors (DSPs), application-specific digital logic, etc. The processing circuitry may be configured to execute program code stored in memory, which may include one or more types of memory, such as read-only memory (ROM), random access memory, cache memory, flash memory devices, optical storage devices, etc. In several embodiments, the program code stored in the memory may include program instructions for executing one or more telecommunications and / or data communication protocols and instructions for executing one or more techniques described herein. In embodiments employing memory, the memory stores program code that, when executed by one or more processors, performs the techniques described herein.

[0173] Figure 9 For example, a wireless device 900 (e.g., wireless device 14) implemented according to one or more embodiments is shown. As shown, the wireless device 900 includes processing circuitry 910 and communication circuitry 920. The communication circuitry 920 (e.g., radio circuitry) is configured to send information to and / or receive information from one or more other nodes, for example, via any communication technology. Such communication may occur via one or more antennas located inside or outside the wireless device 900. The processing circuitry 910 is configured to perform the above (e.g., in...) by executing instructions stored in memory 930, for example. Figure 2 The processing described in (and / or 6). In this respect, the processing circuit 910 may implement certain functional devices, units or modules.

[0174] Figure 10A network device 1000 (e.g., radio network device 12 or network device 16) implemented according to one or more embodiments is illustrated. As shown, the network device 1000 includes processing circuitry 1010 and communication circuitry 1020. Communication circuitry 1020 is configured to, for example, send information to one or more other nodes and / or receive information from one or more other nodes via any communication technology. Processing circuitry 1010 is configured to perform the above (e.g., in...) by executing instructions stored in memory 1030. Figure 3 , Figure 4 , Figure 7 or Figure 8 The processing described in the middle. In this respect, the processing circuit 1010 can implement certain functional devices, units or modules.

[0175] Those skilled in the art will also understand that the embodiments herein also include corresponding computer programs.

[0176] The computer program includes instructions that, when executed on at least one processor of the device, cause the device to perform any of the corresponding processes described above. In this respect, the computer program may include one or more code modules corresponding to the aforementioned device or unit.

[0177] The embodiments also include a carrier containing such a computer program. The carrier may include one of electrical signals, optical signals, radio signals, or computer-readable storage media.

[0178] In this regard, embodiments herein also include a computer program product stored on a non-transitory computer-readable (storage or recording) medium, the computer program product including instructions that, when executed by a processor of the device, cause the device to perform as described above.

[0179] The embodiments also include a computer program product comprising a program code portion that, when executed by a computing device, performs the steps of any of the embodiments herein. The computer program product may be stored on a computer-readable recording medium.

[0180] Additional embodiments will now be described. For illustrative purposes, at least some of these embodiments may be described as applicable to certain contexts and / or wireless network types, but these embodiments are equally applicable to other contexts and / or wireless network types not explicitly described. In some of the embodiments below, Figure 1 and Figure 5 The wireless device 14 in the example is exemplified as a user equipment (UE). Figure 1 and Figure 5 The radio network device 12 in the example is exemplified as an eNB or gNB, and Figure 1 and Figure 5Network device 16 is exemplified as implementing Access and Mobility Functions (AMF). Furthermore, in some embodiments, Figure 1 and Figure 5 The capability information in the document is illustrated by examples of UE capabilities (caps), AS capabilities, NAS capabilities, radio capabilities, and / or security capabilities.

[0181] Note that some embodiments in this document are described in 5G terminology, where the radio and core belong to a 5G mobile network. Those skilled in the art will understand that the teachings also apply to 4G, where the radio and core belong to a 4G mobile network. The teachings may also be applied to similar setups in future versions of 5G or next-generation mobile networks such as 6G.

[0182] Figure 11 This image shows a simplified version of a 5G network. The 5G network architecture is described in 3GPP TS 23.501 v16.3.0.

[0183] exist Figure 11 In this architecture, the UE (User Equipment) is a mobile device used by a user to wirelessly access the network. The radio access network function, or base station (called gNB (Next Generation Node B supporting New Radio, NR)), is responsible for providing radio communication to the UE and connecting the UE to the core network. A core network function called AMF (Access and Mobility Management Function) handles UE mobility among other responsibilities. Another core network function, called SMF (Session Management Function), handles UE session and service orientation among other responsibilities. The UE interacts with the gNB over the air using a radio interface. The gNB then interacts with the AMF using an interface called N2. The interface between the AMF and SMF is called N11. The gNBs interact with each other using the Xn interface. Similarly, the AMFs interact with each other using the N14 interface. Not shown in the diagram, the base station in the 5G radio access network can also be a so-called ng-eNB (which supports E-UTRA). The gNB and ng-eNB are collectively referred to as NG-RAN in the 5G architecture. Note that the N2 interface is also called the NG interface.

[0184] The logical aspect between the UE and the AMF is referred to as NAS (Non-Access Stratum), and the logical aspect between the UE and the gNB is referred to as AS (Access Stratum). Accordingly, the security of communications (control plane and user plane, if applicable) is referred to as NAS security and AS security, respectively. When a security state is established between the UE and the AMF, both the UE and the AMF store relevant security data, such as NAS security keys, security key identifiers, security capabilities, various counters, etc. This security state between the UE and the AMF, including security data, is called the NAS security context. Similarly, the AS security context refers to the security state between the UE and the gNB, including security data. The AS security context is derived from the NAS security context.

[0185] UE capabilities

[0186] To allow for a wide range of UE implementations, different UE capabilities are specified in 4G and 5G. UE capabilities are sent by the UE to the network when a connection is established, and the network uses them to select the configurations supported by the UE.

[0187] Typically, UE capabilities can be categorized into two types based on which layer of the protocol hierarchy a given capability relates to. Access Layer (AS) level capabilities are the access technology-related part of capability information, such as the UE power class and supported frequency bands. AS capabilities are used by the radio access network (i.e., eNB, ng-eNB, gNB), and therefore they are sometimes referred to as radio capabilities. Non-Access Layer (NAS) level capabilities are capabilities that are not directly related to the access layer / are not solely related to the access layer, such as supported security algorithms. NAS capabilities are used by the core network (i.e., evolved packet core EPC or 5G core 5GC).

[0188] Without loss of generality, the embodiments described herein will be explained with reference to AS capabilities. Unless otherwise specified, the term UE capability refers to AS capability. However, those skilled in the art will understand that the teachings herein apply to both AS capabilities and NAS capabilities, as well as to radio capabilities and security capabilities.

[0189] Those skilled in the art should also understand that the teachings herein are not intended to limit applicability to EPS or 5GS only.

[0190] To date, RRC signaling has been used to transmit UE capabilities from the UE to the radio access node. To avoid requiring the UE to send AS capabilities on the radio interface every time it transitions to connected mode (i.e., when a UE-specific context is created in the radio access network), the radio access node stores AS capabilities in the core network (i.e., the Mobility Management Entity / AMF) when the UE is in idle mode. Upon subsequent transitions to connected mode, the access node can obtain AS capabilities from the core network instead of requesting them from the UE again.

[0191] When a UE first attaches to the network, it typically acquires AS capabilities from the UE. Since the core network does not store any valid UE capability information in this situation, the core network (i.e., the MME / AMF) will not provide UE capabilities to the radio access node when establishing the initial UE context after RRC connection setup. This causes the radio access node to acquire UE capabilities from the UE using the UE capability transmission procedure and upload them to the core network. For the NR case, for example, as an example context for some embodiments herein, Figure 12 The diagram shows the initial attachments and capability acquisitions specified so far.

[0192] like Figure 12 As shown, for example, if uplink synchronization is required, the UE can perform random access to the gNB (steps 1 to 2). Then, after the UE establishes an RRC connection with the gNB (steps 3 to 4), the UE sends an RRC setup complete message to the gNB, including a NAS registration request (step 5). In response to receiving the NAS registration request, the gNB sends the NAS registration request to the AMF within the initial UE message (step 6). In this example, the AMF responds with NAS registration acceptance within the initial context setup request message (step 7). Since the AMF's response in this example does not include the UE's UE capabilities, the gNB obtains the UE capabilities from the UE (steps 8 to 9) and then sends these UE capabilities to the AMF (step 10) for subsequent acquisition if needed. Registration is performed via the Security Mode Command (SMC) procedure (steps 11 to 12) and RRC reconfiguration (steps 13 to 14), and then NAS registration is completed (steps 15 to 17).

[0193] The next time the UE connects to the network (for example, for a service request), the UE capabilities are stored in the core network (AMF) and will be provided to the radio access node as part of the initial UE context establishment. This is in the NR case. Figure 13 As shown, except for the AMF providing UE capabilities to the gNB in ​​response to the initial UE message (step 7), the steps are the same as... Figure 12 The steps are similar.

[0194] In both LTE and NR, the network can request the UE to provide its capabilities for a specific RAT (Radio Access Technology) in a UE Capability Query message. Upon response, the UE includes its capabilities for each indicated RAT in a RAT-specific capability container within the UE Capability Information message. For NR, the network can also request the UE to provide NR capabilities for a limited set of frequency band combinations only, reducing the size of the capability information that needs to be transmitted.

[0195] Traditionally, UE capabilities have been considered static information, meaning in principle they can be acquired once and stored in the core network for future use. However, in recent years, UE vendors have demanded the ability to dynamically change UE capabilities based on the scenario and environment in which the UE operates. Therefore, in later versions of NR and LTE, the UE can indicate to the core network that it has updated its UE capabilities during the tracking area update process, which will cause the core network to trigger a new acquisition of the UE capabilities.

[0196] Even if the UE capability is transmitted before AS security is activated, and even if AS security is never activated, some embodiments herein protect the transmission of the UE capability in this context. That is, even if the UE capability is sent from the UE to the network via the air interface without confidentiality and integrity protection, some embodiments can still prevent attackers from manipulating the UE capability and attempting to adversely affect the communication between the UE and the network.

[0197] Therefore, even in cases where the UE lacks support for AS security, such as when the UE only supports data transmission at the NAS layer, as referred to in the Control Plane (CP) Cellular Internet of Things (CIoT) Evolution Packet System (EPS) optimization in 3GPP TS 23.401 v16.5.0 and the CP CIoT 5GS optimization in 3GPP TS 23.501 v16.3.0, some embodiments are still applicable to protecting the UE's capabilities. This will be referred to herein as the CP CIoT optimization. The CP CIoT optimization is based on reducing the total number of control plane messages when processing short data transactions by encapsulating user data or Short Message Service (SMS) messages in the NAS layer to transmit user data or SMS messages via the MME or AMF. To reduce the complexity of the UE and network implementation, this CP CIoT optimization does not use security at the AS layer (i.e., on the Uu interface between the (eNB / ng-eNB or) gNB and the UE). For more details, see 3GPP TS 38.300 v15.0.0.

[0198] Alternatively or additionally, some embodiments have the advantage that they are future-oriented, allowing the network to indicate what UE capabilities it wants in the future, rather than the UE always reporting static UE capabilities. For example, some embodiments provide this future-oriented approach by having the UE calculate the security token only after receiving a UE capability query.

[0199] Some embodiments also allow the binding of capability information requests and responses, which assures the network that the UE capability from the UE actually corresponds to the capability information the network intends to receive. The network can then intelligently handle unexpected UE capabilities.

[0200] It should also be noted that even though signaling optimizations are applied to radio capabilities, as specified in, for example, 3GPP TR 23.743, some of the embodiments described herein can also be applied. Such optimizations may include, for example, segmentation of UE capabilities, compression of UE capabilities, and the assignment of short IDs to UE capabilities, referred to as UE capability IDs. These enhancements can optimize radio capability signaling because many frequency band combinations and radio parameters cause UE capabilities in NR to tend to become very large, for example, even greater than 65kB in some cases.

[0201] More specifically, some of the embodiments described herein can be grouped into the following solutions:

[0202] Solution A: UE obtains capability query. In addition to UE capabilities, the UE also calculates a security token and sends it to the NG-RAN. The NG-RAN transmits the UE capabilities, security token, and necessary information to the AMF. The AMF verifies the security token.

[0203] Solution B: The UE and NG-RAN perform a capability transmission process. The NG-RAN sends the UE's capabilities and necessary information to the AMF, and the UE calculates a security token and sends it to the AMF. The AMF verifies the security token.

[0204] Solution C: NG-RAN performs UE capability queries at the RRC / AS layer. The UE responds at the NAS layer.

[0205] Solution D: NG-RAN performs UE capability queries via AMF.

[0206] Now consider a more detailed description of the solutions described above, focusing primarily on 5G nodes and features. The same applies to 4G nodes and features.

[0207] Figure 14Solution A, according to some embodiments, is illustrated. As shown, the UE calculates the security token only after receiving a capability query from the NG-RAN. In this example, the UE can therefore calculate the security token using the actual UE capabilities to be sent to the network and at least a portion of the capability query message. The UE can also use a NAS-based security key to calculate the security token. The UE accordingly sends a capability response to the NG-RAN, which includes the UE capabilities and the security token in the response. The NG-RAN then sends at least a portion of the capability query message (which has been sent to the UE) along with the received UE capabilities and the received security token to the AMF. The AMF also uses the received UE capabilities and at least a portion of the received capability query message to calculate the security token. The AMF can also use a NAS-based security key to calculate the security token. The AMF can then verify whether the security token calculated by the AMF matches a security token received by the AMF from the NG-RAN (such as one provided by the UE). Depending on whether the security tokens match, the AMF can optionally send a notification to the NG-RAN indicating the verification result. For example, the notification from the AMF can contain an OK or No OK indication.

[0208] The solution gains a future-proof approach by incorporating capability queries into the calculation of security tokens. In the future, when UEs that only support CP CIoT optimization assemble their capabilities differently based on capability queries, the security token will then be correctly calculated at the UE and verified at the network.

[0209] Furthermore, using at least a portion of the capability query message to compute the security token provides what is known as a binding of request / response messages. To understand the security benefits of this binding, consider what would happen without it. If the response from the UE depends on a query from the network, an attacker could potentially tamper with the query from the network. Note that the query message is unprotected because there is no AS security. The UE then assembles its capabilities and computes the security token. The UE sends the response to the network. Now, security token verification is successful at the network. However, these UE capabilities are not the UE capabilities initially requested by the network. The network (RAN or core network) will not know whether the UE actually responded based on the query. This can lead to unintended or suboptimal configurations on the network side. It can also cause the network to need to re-query the UE capabilities, meaning wasted latency and resources such as computation, signaling, etc. Now, with binding, if the UE uses different inputs for the query message, the network will detect a security token mismatch.

[0210] It can be calculated using any of the several possible methods. Figure 14The security token is shown in the figure. In some embodiments, one approach is to use a cryptographic hash function, such as SHA-256, SHA-512, MD5, etc. Another approach in other embodiments is to use a cryptographic hash function and compute a hash of the encryption key, such as HMAC-SHA256, HMAC-SHA3, etc. Yet another approach is to use a variant of a Key Derivation Function (KDF) commonly used in 3GPP security (e.g., the Key Derivation Function in TS 33.401v16.1.0 or TS 33.501 v16.1.0) to compute the security token. Another possible approach is to use one of the integrity algorithms defined in TS 33.401 v16.1.0 or TS 33.501 v16.1.0, which uses an underlying algorithm, such as one based on SNOW 3G, one based on Advanced Encryption Standard (AES) in Ciphertext-based Message Authentication Code (CMAC) mode, or one based on ZUC (Word-Oriented Stream Cipher).

[0211] In some embodiments, NG-RAN may use the received UE capabilities after NG-RAN receives UE capabilities from UE, or after NG-RAN receives a successful authentication notification from AMF.

[0212] Note that NG-RAN provides the AMF with the necessary information required for the AMF to calculate the security token, such as... Figure 14 As shown. Note that on the UE side, the security token calculation can also use a hash from the capability query message or some other derivation (e.g., length, etc.) as input. In this case, NG-RAN will provide this hash or other derivation to the AMF.

[0213] In some embodiments, security token calculation / verification also uses additional inputs such as a freshness parameter (e.g., current time, random number, or random number) and a counter (to prevent replay attacks). In one such embodiment, NG-RAN facilitates this by ensuring that both the UE and AMF have the same values ​​for these additional inputs.

[0214] Note that if the UE capability is static and pre-assembled, the step of assembling the UE capability at the UE can be skipped.

[0215] Figure 15 A simplified variant of Solution A is shown, where HASH represents a security token and no request / response binding is used.

[0216] Solution B works as follows Figure 16 As shown.

[0217] The details of Solution A also apply to Solution B. One significant difference is that Solution A provides the security token during the UE capability transmission process (capability query and capability response) itself, while Solution B provides the security token after the UE capability transmission process. Another difference is that the UE sends the security token to the AMF instead of the NG-RAN. The UE can compute the security token, as explained earlier regarding Solution A. However, in Solution B, the security token will be transmitted within a protected NAS message. Therefore, using a hash with an encryption key is not absolutely necessary. A cryptographic hash function without an encryption key is sufficient.

[0218] Figure 17 A simplified variant of Solution B is shown, where HASH represents a security token and no request / response binding is used.

[0219] Note that Solutions A and B illustrate the points. Figure 1 as well as Figures 2 to 4 The embodiment shown.

[0220] Solution C works as follows Figure 18 As shown, the gNB triggers a capability information request on the RRC, and the UE provides a response on the NAS.

[0221] This solution segments the capability transmission process between the AS (RRC) layer and the NAS layer. In this solution, information transmission at the NAS protocol layer is secure, while transmission at the AS protocol layer is insecure. The advantage of this solution is that requests can be sent over an insecure connection (in the example embodiment, the AS / RRC protocol layer), but responses including the requested information can be sent over a secure connection (in the example embodiment, the NAS protocol layer). This means that the solution can support functionality that requires protocol layer attributes that are unavailable at the requesting protocol layer but supported at another protocol layer. Further details are provided below.

[0222] The current protocol architecture restricts communication, more specifically, limiting the possibility of responding to a request message on, for example, a specific protocol layer (e.g., RRC) at the same protocol layer. This imposes limitations on the functionality that can be introduced into systems built on this principle. A functional example of this limitation is the capability transfer process. The lack of security in the AS layer does not benefit from the presence of security in the NAS layer. Now, this solution introduces a new protocol architecture principle that enables responses to requests on protocol layer x at protocol layer y. In the example illustrating the solution, this means that a request for UE radio capability information sent by the gNB to the UE at the RRC layer is responded to by the UE at the NAS layer with security measures enabled (i.e., with so-called NAS security enabled, see 3GPP TS 23.501 v16.3.0). For security aspects related to AS and NAS, see also 3GPP TS 33.501 v15.6.0.

[0223] In other words, the solution works as follows. The network handling the access layer (e.g., NG-RAN in 5G, which could be a gNB or ng-eNG) sends a request to the UE at the RRC protocol layer, requesting the UE to respond to the network with UE radio capability information. This request for capability information can be a pre-defined capability query message, as described in the RRC specification (e.g., TS 38.331 or 36.331). It can also be a new message. In either case, the NG-RAN provides an indication of the type / part of the capability it is requesting from the UE.

[0224] In response to a capability query message sent from an NG-RAN node to the UE at the RRC layer, the UE will assemble the requested capability information or use statically pre-assembled capability information and respond to the network. However, instead of sending the response at the RRC layer, the response will be sent at the NAS layer (Non-Access Layer). Therefore, the response will be received in the AMF. Although the information is transmitted via NG-RAN or tunneled, it is intended for use by the AMF. When the UE encrypts the information for the AMF, only the AMF, not the NG-RAN, has the security key required to decrypt the information. The AMF can then store information relevant to the UE context and can also forward the information to the NG-RAN node via the interface between the AMF and the NG-RAN node (often referred to as the N2 or NG interface). The NG-RAN node can therefore receive the requested capability information, but this capability information will be received on a different interface than the one requested.

[0225] In some embodiments, the concept of binding described above is also used in this solution, for example, by the UE sending at least some portions of the RRC UE capability query message or the hash on the RRC UE capability query message to the AMF when sending UE capability information.

[0226] Note that solution C provides an example. Figure 5 as well as Figures 6 to 8 The embodiment shown.

[0227] Solution D works as follows: Figure 19 As shown. In this scenario, the gNB initiates a request for capability information but sends a trigger to the AMF, which forwards or creates the request to be sent at the NAS protocol layer. The UE responds on the NAS, and the gNB obtains the capability information from the AMF on the NG.

[0228] In Solution D, the NG-RAN node requests capability information via the AMF. If the AMF does not possess any capability information as requested for a particular UE, it requests the information from the UE at the NAS protocol layer (i.e., the N1 interface between the UE and the AMF). The request on the NAS can be constructed in such a way that the AMF simply forwards the request for capability information originating from the NG-RAN node, or alternatively, the AMF itself can construct the request for the UE. In the former case, the AMF can "transparently" forward the request from the NG-RAN node to the UE, or it can construct the request "based on" the "information" of the request from the NG-RAN node. In this solution, the UE will directly respond to the AMF's request at the NAS protocol layer, and the AMF will then forward the response to the NG-RAN node on the NG interface.

[0229] The triggers for Solutions C and D can be at least one of the following: (i) the gNB initiates a request to the UE when it receives an RRC message (such as RRCSetupRequest, RRCSetupComplete, etc.) from the UE; (ii) for Solution C or Solution D, the gNB initiates a request to the UE after detecting that the initial context setup request message from the AMF does not include appropriate capability information when it receives the initial context setup request message from the AMF; (iii) for Solution D, the AMF initiates the procedure after receiving the initial UE message + capability query indication from the gNB.

[0230] For example, the trigger for solution C can be as follows: Figure 20 As shown. In this case, the solution is triggered by receiving an initial context setup request that does not contain the required capability information. As another example, the trigger for solution D could be as follows: Figure 21As shown, the acquisition of signaling sequences and capability information, along with the initial UE message, is triggered and transmitted from the gNB to the AMF. In this case, the AMF triggers a capability query upon receiving the initial UE message.

[0231] Other triggers are also possible. For example, the AMF can perform the NAS procedure before the transmission of the initial context setup request message and even when no capability information is available, without any prior instruction from the gNB. In this case, the AMF will be pre-configured with the requested content and does not require a specific gNB to indicate what information should be requested for each UE request. This means that the AMF ensures that the context setup request message includes capability information before sending it from the AMF. This is in Figure 22 As shown in the image.

[0232] Here, in Figure 22 In this context, the AMF detects a lack of capability information and its request before sending the Initial Context Setup Request message. Typically, request / query messages can be pre-configured and are valid for the relevant gNB / cell.

[0233] exist Figure 23A and Figure 23B An example of Solution C is illustrated in the registration process shown (see 3GPP TS 23.502 v16.3.0), during which UE radio capability information is transmitted from the UE to the network.

[0234] Steps 1 through 9a are identical to those described in 3GPP TS 23.502 v16.3.0.

[0235] 9b. If the NAS security context does not exist, a NAS security initiation is performed as described in TS 33.501. If the UE does not have a NAS security context in step 1, the UE includes the full registration request message as defined in TS 24.501.

[0236] The AMF determines whether the registration request needs to be rerouted, as described in Clause 4.2.2.2.3, where the initial AMF refers to that AMF.

[0237] Note here that step 9b introduces security at the NAS layer.

[0238] It is worth noting that, according to some embodiments, after step 9b, i.e., once NAS security has been set, NG-RAN can request UE radio access capability information at the RRC layer and instruct the UE to provide a response at the NAS layer.

[0239] 9c. If the 5G-AN has requested the UE context, the AMF initiates the NG Application Protocol (NGAP) procedure to provide the 5G-AN with the security context as specified in TS 38.413.

[0240] 9d. The 5G-AN stores the security context and confirms it with the AMF. The 5G-AN uses the security context to protect messages exchanged with the UE, as described in TS 33.501.

[0241] Note that steps 9c and 9d, which introduce security in 5G-AN, are not applicable when using CP CIoT optimization.

[0242] Steps 10 through 21 are identical to those described in 3GPP TS 23.502 v16.3.0.

[0243] It is worth noting that in the NGAP message, the AMF indicates to the NG-RAN that NAS security is enabled. Alternatively, once NAS security is successfully enabled, this indication can be provided in any NGAP message after step 9; that is, it can be a new, independent message on the NGAP.

[0244] 21b. [Optional] New AMF executes UE policy association establishment.

[0245] It is worth noting that the UE includes UE radio capability information as a new information element. The AMF stores this information and provides it to the NG-RAN in relevant processes, such as when requested by the NG-RAN or when a new NGAP message is sent to the NG-RAN. Alternatively, any UE may include its UE radio access capability information in any possible NAS message after receiving a request from the NG-RAN and when NAS security has been successfully enabled.

[0246] Step 22 and thereafter are the same as those described in 3GPP TS 23.502 v16.3.0.

[0247] While the subjects described herein can be implemented using any suitable components in any suitable type of system, the embodiments disclosed herein pertain to wireless networks (e.g., Figure 24 The example wireless network shown is described below. For simplicity, Figure 24The wireless network depicted only includes network 2406, network nodes 2460 and 2460b, and WD 2410, 2410b, and 2410c. In practice, the wireless network may also include any additional elements suitable for supporting communication between wireless devices or between a wireless device and another communication device (e.g., a landline telephone, a service provider, or any other network node or terminal device). Among the components shown, network node 2460 and wireless device (WD) 2410 are depicted in additional detail. The wireless network can provide communication and other types of services to one or more wireless devices to facilitate access to and / or use of services provided by or via the wireless network.

[0248] Wireless networks can include any type of communications, telecommunications, data, cellular and / or radio networks or other similar systems, and / or interface with any type of communications, telecommunications, data, cellular and / or radio networks or other similar systems. In some embodiments, wireless networks can be configured to operate according to specific standards or other types of predefined rules or procedures. Therefore, specific embodiments of wireless communication networks can implement communication standards such as Global System for Mobile Communications (GSM), Universal Mobile Telecommunications System (UMTS), Long Term Evolution (LTE), Narrowband Internet of Things (NB-IoT) and / or other suitable 2G, 3G, 4G or 5G standards; wireless local area network (WLAN) standards such as the IEEE 802.11 standard; and / or any other suitable wireless communication standards such as Global Microwave Access Interoperability (WiMax), Bluetooth, Z-Wave and / or ZigBee standards.

[0249] Network 2406 may include one or more backhaul networks, core networks, IP networks, public switched telephone networks (PSTN), packet data networks, optical networks, wide area networks (WAN), local area networks (LAN), wireless local area networks (WLAN), wired networks, wireless networks, metropolitan area networks, and other networks to enable communication between devices.

[0250] Network node 2460 and WD 2410 include various components described in more detail below. These components work together to provide network node and / or wireless device functionality, such as providing wireless connectivity in a wireless network. In different embodiments, the wireless network may include any number of wired or wireless networks, network nodes, base stations, controllers, wireless devices, relay stations, and / or any other components or systems that can facilitate or participate in the communication of data and / or signals (whether via a wired or wireless connection).

[0251] As used herein, a network node refers to a device that is capable of, configured, positioned, and / or operable to communicate directly or indirectly with wireless devices and / or with other network nodes or devices in a wireless network to enable and / or provide wireless access to the wireless devices and / or perform other functions (e.g., management) in the wireless network. Examples of network nodes include, but are not limited to, access points (APs) (e.g., radio access points) and base stations (BSs) (e.g., radio base stations, NodeBs, evolved NodeBs (eNBs), and NR NodeBs (gNBs)). Base stations can be classified based on the amount of coverage they provide (or, in other words, based on their transmit power levels), and thus they may also be referred to as femtocells, picocells, microcells, or macrocells. A base station can be a relay node or a relay host node that controls a relay. A network node may also include one or more (or all) portions of a distributed radio base station, such as a centralized digital unit and / or a remote radio unit (RRU) (sometimes referred to as a remote radio headend (RRH)). Such a remote radio unit may or may not be integrated with an antenna as an antenna-integrated radio. A portion of a distributed radio base station may also be referred to as a node in a distributed antenna system (DAS). Further examples of network nodes include multi-standard radio (MSR) equipment (such as an MSR BS), network controllers (such as a radio network controller (RNC) or base station controller (BSC)), base transceiver stations (BTS), transport points, transport nodes, multi-cell / multicast coordination entities (MCEs), core network nodes (e.g., MSC, MME), O&M nodes, OSS nodes, SON nodes, location nodes (e.g., E-SMLC), and / or MDTs. As another example, a network node can be a virtual network node, as described in more detail below. However, more generally, a network node can represent any suitable device (or group of devices) that is capable of, configured, arranged, and / or operable to enable and / or provide access to a wireless network for wireless devices, or to provide some service to wireless devices already connected to the wireless network.

[0252] exist Figure 24 In the network node 2460, processing circuitry 2470, device-readable medium 2480, interface 2490, auxiliary equipment 2484, power supply 2486, power supply circuitry 2487, and antenna 2462 are included. Although Figure 24The network node 2460 shown in the example wireless network can represent a device including a combination of the illustrated hardware components, but other embodiments may include network nodes with different combinations of components. It should be understood that a network node includes any suitable combination of hardware and / or software required to perform the tasks, features, functions, and methods disclosed herein. Furthermore, although the components of network node 2460 are depicted as a single box within a larger box or nested within multiple boxes, in practice, a network node may include multiple different physical components constituting a single illustrated component (e.g., device-readable medium 2480 may include multiple separate hard disk drives and multiple RAM modules).

[0253] Similarly, network node 2460 may consist of multiple physically separate components (e.g., NodeB components and RNC components, or BTS components and BSC components, etc.), each of which may have its own respective components. In some scenarios where network node 2460 includes multiple separate components (e.g., BTS and BSC components), one or more of these separate components may be shared among several network nodes. For example, a single RNC may control multiple NodeBs. In such a scenario, each unique NodeB and RNC pair may be considered a single, separate network node in some instances. In some embodiments, network node 2460 may be configured to support multiple Radio Access Technologies (RATs). In such embodiments, some components may be duplicated (e.g., separate device-readable media 2480 for different RATs), and some components may be reused (e.g., the same antenna 2462 may be shared by the RATs). Network node 2460 may also include multiple sets of various illustrated components for integrating different wireless technologies (e.g., GSM, WCDMA, LTE, NR, WiFi, or Bluetooth wireless technologies) into network node 2460. These wireless technologies can be integrated into the same or different chips or chipsets and other components within network node 2460.

[0254] Processing circuitry 2470 is configured to perform any determination, calculation, or similar operation (e.g., certain acquisition operations) described herein as being provided by a network node. These operations performed by processing circuitry 2470 may include processing information acquired by processing circuitry 2470 by, for example, converting the acquired information into other information, comparing the acquired or converted information with information stored in the network node, and / or performing one or more operations based on the acquired or converted information, and making a determination based on the result of said processing.

[0255] Processing circuitry 2470 may include a combination of one or more of the following: a microprocessor, controller, central processing unit, digital signal processor, application-specific integrated circuit, field-programmable gate array, or any other suitable computing device, resource, or combination of hardware, software, and / or coding logic, operable to provide network node 2460 functionality, either alone or in combination with other network node 2460 components (e.g., device-readable medium 2480). For example, processing circuitry 2470 may execute instructions stored in device-readable medium 2480 or in memory within processing circuitry 2470. Such functionality may include providing any of the various wireless features, functions, or benefits discussed herein. In some embodiments, processing circuitry 2470 may include a system-on-a-chip (SoC).

[0256] In some embodiments, the processing circuitry 2470 may include one or more of a radio frequency (RF) transceiver circuitry 2472 and a baseband processing circuitry 2474. In some embodiments, the RF transceiver circuitry 2472 and the baseband processing circuitry 2474 may be located on separate chips (or chipsets), boards, or units (e.g., radio units and digital units). In alternative embodiments, some or all of the RF transceiver circuitry 2472 and the baseband processing circuitry 2474 may be on the same chip or chipset, board, or unit.

[0257] In some embodiments, some or all of the functions described herein as being provided by a network node, base station, eNB, or other such network device may be performed by processing circuitry 2470, which executes instructions stored on device-readable medium 2480 or memory within processing circuitry 2470. In alternative embodiments, some or all of the functions may be provided by processing circuitry 2470, for example, in a hard-wired manner, without executing instructions stored on separate or discrete device-readable media. In any of these embodiments, processing circuitry 2470 may be configured to perform the described functions regardless of whether instructions stored on device-readable storage media are executed. The benefits provided by such functions are not limited to processing circuitry 2470 or other components of network node 2460, but are enjoyed as a whole by network node 2460 and / or generally by end users and the wireless network.

[0258] Device-readable medium 2480 may include any form of volatile or non-volatile computer-readable storage, including but not limited to permanent storage devices, solid-state storage, remotely mounted storage, magnetic media, optical media, random access memory (RAM), read-only memory (ROM), mass storage media (e.g., hard disk), removable storage media (e.g., flash drives, CDs, or DVDs)) and / or any other volatile or non-volatile, non-transitory device-readable and / or computer-executable storage device that stores information, data, and / or instructions usable by processing circuitry 2470. Device-readable medium 2480 may store any suitable instructions, data, or information, including computer programs, software, applications including one or more of logic, rules, codes, tables, etc., and / or other instructions executable by processing circuitry 2470 and usable by network node 2460. Device-readable medium 2480 may be used to store any calculations performed by processing circuitry 2470 and / or any data received via interface 2490. In some embodiments, the processing circuitry 2470 and the device-readable medium 2480 may be considered as integrated.

[0259] Interface 2490 is used for wired or wireless communication of signaling and / or data between network node 2460, network 2406, and / or WD 2410. As shown, interface 2490 includes a port / terminal 2494 for sending and receiving data to and from network 2406, for example, via a wired connection. Interface 2490 also includes radio front-end circuitry 2492, which may be coupled to antenna 2462, or is part of antenna 2462 in some embodiments. Radio front-end circuitry 2492 includes filter 2498 and amplifier 2496. Radio front-end circuitry 2492 may be connected to antenna 2462 and processing circuitry 2470. Radio front-end circuitry 2492 may be configured to modulate the signals used for communication between antenna 2462 and processing circuitry 2470. Radio front-end circuitry 2492 may receive digital data that will be transmitted wirelessly to other network nodes or WD. The radio front-end circuit 2492 can use a combination of filter 2498 and / or amplifier 2496 to convert digital data into radio signals with suitable channel and bandwidth parameters. The radio signals can then be transmitted via antenna 2462. Similarly, when receiving data, antenna 2462 can collect radio signals, which are then converted into digital data by the radio front-end circuit 2492. The digital data can be passed to processing circuitry 2470. In other embodiments, the interface may include different components and / or different combinations of components.

[0260] In some alternative embodiments, network node 2460 may not include a separate radio front-end circuitry 2492. Instead, processing circuitry 2470 may include radio front-end circuitry and may be connected to antenna 2462 without requiring a separate radio front-end circuitry 2492. Similarly, in some embodiments, all or some of the RF transceiver circuitry 2472 may be considered part of interface 2490. In other embodiments, interface 2490 may include one or more ports or terminals 2494, radio front-end circuitry 2492, and RF transceiver circuitry 2472 (as part of a radio unit (not shown),) and interface 2490 may communicate with baseband processing circuitry 2474 (which is part of a digital unit (not shown)).

[0261] Antenna 2462 may include one or more antennas or antenna arrays configured to transmit and / or receive wireless signals. Antenna 2462 may be coupled to radio front-end circuitry 2490 and may be any type of antenna capable of wirelessly transmitting and receiving data and / or signals. In some embodiments, antenna 2462 may include one or more omnidirectional, sector, or planar antennas operable to transmit / receive radio signals between, for example, 2 GHz and 66 GHz. Omnidirectional antennas can be used to transmit / receive radio signals in any direction, sector antennas can be used to transmit / receive radio signals to / from devices within a specific area, and planar antennas can be line-of-sight antennas used to transmit / receive radio signals in a relatively straight line. In some cases, the use of more than one antenna may be referred to as MIMO. In some embodiments, antenna 2462 may be detachable from network node 2460 and may be connected to network node 2460 via an interface or port.

[0262] Antenna 2462, interface 2490, and / or processing circuitry 2470 can be configured to perform any receive operation and / or certain acquire operation described herein as being performed by a network node. Any information, data, and / or signals can be received from a wireless device, another network node, and / or any other network device. Similarly, antenna 2462, interface 2490, and / or processing circuitry 2470 can be configured to perform any transmit operation described herein as being performed by a network node. Any information, data, and / or signals can be transmitted to a wireless device, another network node, and / or any other network device.

[0263] Power supply circuit 2487 may include or be coupled to power management circuitry and is configured to provide power to the components of network node 2460 to perform the functions described herein. Power supply circuit 2487 may receive power from power source 2486. Power source 2486 and / or power supply circuit 2487 may be configured to provide power to various components of network node 2460 in a manner suitable for the individual components (e.g., at the voltage and current levels required by each respective component). Power source 2486 may be included in or outside power supply circuit 2487 and / or network node 2460. For example, network node 2460 may be connected to an external power source (e.g., a power outlet) via input circuitry or an interface such as a cable, thereby supplying power to power supply circuit 2487. As another example, power source 2486 may include a power source in the form of a battery or battery pack, which is connected to or integrated into power supply circuit 2487. The battery can provide backup power if the external power source fails. Other types of power sources, such as photovoltaic devices, may also be used.

[0264] Alternative embodiments of network node 2460 may include more than Figure 24 Additional components of the components shown may be responsible for providing certain aspects of the functionality of the network node (including any of the functions described herein and / or any functionality required to support the subject matter described herein). For example, network node 2460 may include a user interface device to allow information to be input into and output from network node 2460. This can allow users to perform diagnostic, maintenance, repair, and other management functions on network node 2460.

[0265] As used herein, a wireless device (WD) means a device capable of, configured to, arranged to, and / or operable to communicate wirelessly with network nodes and / or other wireless devices. Unless otherwise stated, the term WD may be used interchangeably with User Equipment (UE) herein. Wireless transmission may include sending and / or receiving wireless signals using electromagnetic waves, radio waves, infrared waves, and / or other types of signals suitable for transmitting information over the air. In some embodiments, a WD may be configured to send and / or receive information without direct human interaction. For example, a WD may be designed to send information to a network in a predetermined schedule when triggered by an internal or external event or in response to a request from the network. Examples of WDs include, but are not limited to, smartphones, mobile phones, cellular phones, Voice over IP (VoIP) phones, wireless local loop phones, desktop computers, personal digital assistants (PDAs), wireless cameras, game consoles or devices, music storage devices, playback devices, wearable terminal devices, wireless endpoints, mobile stations, tablet computers, portable computers, portable embedded devices (LEEs), portable installed devices (LMEs), smart devices, wireless customer premises equipment (CPEs), in-vehicle wireless terminal equipment, etc. A WD can, for example, support device-to-device (D2D) communication, vehicle-to-vehicle (V2V) communication, vehicle-to-infrastructure (V2I) communication, and vehicle-to-anything (V2X) communication by implementing 3GPP standards for secondary link communication, and in this case, it can be referred to as a D2D communication device. As another specific example, in the Internet of Things (IoT) scenario, a WD can represent a machine or other device that performs monitoring and / or measurement and sends the results of such monitoring and / or measurement to another WD and / or network node. In this case, the WD can be a machine-to-machine (M2M) device, which can be referred to as an MTC device in the 3GPP context. As a specific example, a WD can be a UE that implements the 3GPP Narrowband Internet of Things (NB-IoT) standard. Specific examples of such machines or devices are sensors, metering devices (e.g., electricity meters), industrial machines, or household or personal devices (e.g., refrigerators, televisions, etc.), personal wearable devices (e.g., watches, fitness trackers, etc.). In other scenarios, a WD can represent a vehicle or other device capable of monitoring and / or reporting its operational status or other functions associated with its operation. As mentioned above, WD can represent a wireless connection endpoint, in which case the device can be called a wireless terminal. Furthermore, as mentioned above, WD can also be mobile, in which case it can be called a mobile device or mobile terminal.

[0266] As shown in the figure, the wireless device 2410 includes an antenna 2411, an interface 2414, processing circuitry 2420, a device-readable medium 2430, a user interface device 2432, an auxiliary device 2434, a power supply 2436, and a power supply circuit 2437. The WD 2410 may include one or more of the components shown for various wireless technologies supported by the WD 2410 (e.g., GSM, WCDMA, LTE, NR, WiFi, WiMAX, NB-IoT, or Bluetooth wireless technologies, to name just a few). These wireless technologies may be integrated into a chip or chipset that is the same as or different from other components within the WD 2410.

[0267] Antenna 2411 may include one or more antennas or antenna arrays configured to transmit and / or receive wireless signals and is connected to interface 2414. In some alternative embodiments, antenna 2411 may be separate from WD 2410 and may be connected to WD 2410 via an interface or port. Antenna 2411, interface 2414, and / or processing circuitry 2420 may be configured to perform any receive or transmit operation described herein as being performed by a WD. Any information, data, and / or signals may be received from a network node and / or another WD. In some embodiments, radio front-end circuitry and / or antenna 2411 may be considered as an interface.

[0268] As shown in the figure, interface 2414 includes radio front-end circuitry 2412 and antenna 2411. Radio front-end circuitry 2412 includes one or more filters 2418 and amplifiers 2416. Radio front-end circuitry 2414 is connected to antenna 2411 and processing circuitry 2420 and is configured to modulate signals transmitted between antenna 2411 and processing circuitry 2420. Radio front-end circuitry 2412 may be coupled to antenna 2411 or be part of antenna 2411. In some embodiments, WD 2410 may not include separate radio front-end circuitry 2412; instead, processing circuitry 2420 may include radio front-end circuitry and may be connected to antenna 2411. Similarly, in some embodiments, some or all of RF transceiver circuitry 2422 may be considered part of interface 2414. Radio front-end circuitry 2412 can receive digital data that will be transmitted wirelessly to other network nodes or WD. The radio front-end circuit 2412 can use a combination of filter 2418 and / or amplifier 2416 to convert digital data into radio signals with suitable channel and bandwidth parameters. The radio signals can then be transmitted via antenna 2411. Similarly, when receiving data, antenna 2411 can collect radio signals, which are then converted into digital data by the radio front-end circuit 2412. The digital data can be passed to processing circuitry 2420. In other embodiments, the interface may include different components and / or different combinations of components.

[0269] Processing circuitry 2420 may include a combination of one or more of the following: a microprocessor, controller, central processing unit, digital signal processor, application-specific integrated circuit, field-programmable gate array, or any other suitable computing device, resource, or combination of hardware, software, and / or coding logic, operable to provide WD 2410 functionality, either alone or in combination with other WD2410 components (e.g., device-readable medium 2430). Such functionality may include providing any of the various wireless features or benefits discussed herein. For example, processing circuitry 2420 may execute instructions stored in device-readable medium 2430 or in memory within processing circuitry 2420 to provide the functionality disclosed herein.

[0270] As shown in the figure, the processing circuit 2420 includes one or more of the following: RF transceiver circuit 2422, baseband processing circuit 2424, and application processing circuit 2426. In other embodiments, the processing circuit may include different components and / or different combinations of components. In some embodiments, the processing circuit 2420 of WD 2410 may include a System-on-a-Chip (SOC). In some embodiments, the RF transceiver circuit 2422, baseband processing circuit 2424, and application processing circuit 2426 may be on a separate chip or chipset. In an alternative embodiment, a portion or all of the baseband processing circuit 2424 and application processing circuit 2426 may be combined into a single chip or chipset, and the RF transceiver circuit 2422 may be on a separate chip or chipset. In another alternative embodiment, a portion or all of the RF transceiver circuit 2422 and baseband processing circuit 2424 may be on the same chip or chipset, and the application processing circuit 2426 may be on a separate chip or chipset. In other alternative embodiments, some or all of the RF transceiver circuitry 2422, baseband processing circuitry 2424, and application processing circuitry 2426 may be combined in the same chip or chipset. In some embodiments, the RF transceiver circuitry 2422 may be part of interface 2414. The RF transceiver circuitry 2422 may modulate the RF signal used for processing circuitry 2420.

[0271] In some embodiments, some or all of the functions described herein as being performed by WD may be provided by processing circuitry 2420, which executes instructions stored on device-readable medium 2430, which in some embodiments may be computer-readable storage medium. In alternative embodiments, some or all of the functions may be provided by processing circuitry 2420, for example, in a hard-wired manner, without executing instructions stored on separate or discrete device-readable storage media. In any of these particular embodiments, processing circuitry 2420 may be configured to perform the described functions regardless of whether instructions stored on device-readable storage media are executed. The benefits provided by such functions are not limited to processing circuitry 2420 or other components of WD 2410, but are enjoyed as a whole by WD 2410 and / or generally by end users and wireless networks.

[0272] Processing circuitry 2420 can be configured to perform any determination, calculation, or similar operation (e.g., certain acquisition operations) described herein as being performed by WD. These operations performed by processing circuitry 2420 may include processing information acquired by processing circuitry 2420 by, for example, converting the acquired information into other information, comparing the acquired or converted information with information stored by WD 2410, and / or performing one or more operations based on the acquired or converted information, and making a determination based on the result of said processing.

[0273] Device-readable medium 2430 is operable to store computer programs, software, applications including one or more of logic, rules, code, tables, etc., and / or other instructions executable by processing circuitry 2420. Device-readable medium 2430 may include computer memory (e.g., random access memory (RAM) or read-only memory (ROM)), mass storage media (e.g., hard disk), removable storage media (e.g., CD or DVD), and / or any other volatile or non-volatile, non-transitory device-readable and / or computer-executable memory device storing information, data, and / or instructions usable by processing circuitry 2420. In some embodiments, processing circuitry 2420 and device-readable medium 2430 may be considered integrated.

[0274] User interface device 2432 can provide components that allow a human user to interact with WD 2410. This interaction can take many forms, such as visual, auditory, tactile, etc. User interface device 2432 is operable to produce outputs to the user and allow the user to provide inputs to WD 2410. The type of interaction can vary depending on the type of user interface device 2432 installed in WD 2410. For example, if WD 2410 is a smartphone, the interaction can be via a touchscreen; if WD 2410 is a smart meter, the interaction can be via a screen providing usage (e.g., the number of gallons used) or a speaker providing audible alarms (e.g., if smoke is detected). User interface device 2432 may include input interfaces, devices, and circuitry, as well as output interfaces, devices, and circuitry. User interface device 2432 is configured to allow information to be input into WD 2410 and is connected to processing circuitry 2420 to allow processing circuitry 2420 to process the input information. User interface device 2432 may include, for example, a microphone, proximity or other sensors, buttons / buttons, a touch display, one or more cameras, a USB port, or other input circuitry. User interface device 2432 is also configured to allow information output from WD 2410 and to allow processing circuitry 2420 to output information from WD 2410. User interface device 2432 may include, for example, a speaker, display, vibration circuitry, a USB port, a headphone jack, or other output circuitry. By using one or more input and output interfaces, devices, and circuitry of user interface device 2432, WD 2410 can communicate with end users and / or wireless networks and allow them to benefit from the functionality described herein.

[0275] The auxiliary device 2434 is operable to provide more specific functions that may not typically be performed by the WD. This may include dedicated sensors for measurements for various purposes, interfaces for other types of communication such as wired communication, etc. The components included and the types of the auxiliary device 2434 may vary depending on the embodiment and / or scenario.

[0276] In some embodiments, power supply 2436 may be in the form of a battery or battery pack. Other types of power sources may also be used, such as an external power source (e.g., a power outlet), a photovoltaic device, or a battery cell. WD 2410 may also include power circuitry 2437 for supplying power from power supply 2436 to various parts of WD 2410 that require power from power supply 2436 to perform any function described or indicated herein. In some embodiments, power circuitry 2437 may include power management circuitry. Power circuitry 2437 may additionally or alternatively be operable to receive power from an external power source; in this case, WD 2410 may be connected to an external power source (e.g., a power outlet) via input circuitry or an interface such as a power cable. In some embodiments, power circuitry 2437 may also be operable to supply power from an external power source to power supply 2436. For example, this may be used for charging power supply 2436. Power circuitry 2437 may perform any formatting, conversion, or other modifications on the power from power supply 2436 to suit the power supply for the various components of the WD 2410 being powered.

[0277] Figure 25 An embodiment of a UE according to the various aspects described herein is illustrated. As used herein, "User Equipment" or "UE" may not necessarily have the meaning of a "user" in the sense of a human user who owns and / or operates the associated equipment. Alternatively, a UE may refer to a device intended to be sold to or operated by a human user but may not or initially be associated with a particular human user (e.g., a smart sprinkler controller). Alternatively, a UE may refer to a device not intended to be sold to or operated by an end user but may be associated with or operated for the benefit of a user (e.g., a smart meter). UE 25200 can be any UE identified by the 3rd Generation Partnership Project (3GPP), including NB-IoT UEs, Machine Type Communication (MTC) UEs, and / or Enhanced MTC (eMTC) UEs. Figure 25 As shown, UE 2500 is an example of a WD configured for communication according to one or more communication standards (such as 3GPP's GSM, UMTS, LTE, and / or 5G standards) published under the 3rd Generation Partnership Project (3GPP). As previously stated, the terms WD and UE are used interchangeably. Therefore, although... Figure 25 This is for UE, but the components discussed in this article also apply to WD, and vice versa.

[0278] exist Figure 25In this embodiment, UE 2500 includes processing circuitry 2501 operatively coupled to an input / output interface 2505, a radio frequency (RF) interface 2509, a network connectivity interface 2511, a memory 2515 including random access memory (RAM) 2517, read-only memory (ROM) 2519, and storage medium 2521, a communication subsystem 2531, a power supply 2533, and / or any other component, or any combination thereof. Storage medium 2521 includes an operating system 2523, application programs 2525, and data 2527. In other embodiments, storage medium 2521 may include other similar types of information. Some UEs may use... Figure 25 This refers to all components shown, or only a subset of those components. The level of integration between components can vary from one UE to another. Furthermore, some UEs may contain multiple instances of components, such as multiple processors, memories, transceivers, transmitters, receivers, etc.

[0279] exist Figure 25 In this embodiment, processing circuitry 2501 can be configured to process computer instructions and data. Processing circuitry 2501 can be configured to implement any sequential state machine operable to execute machine instructions stored as a machine-readable computer program in memory. The state machine can be, for example, one or more hardware-implemented state machines (e.g., implemented with discrete logic, FPGA, ASIC, etc.); programmable logic together with appropriate firmware; one or more stored programs, a general-purpose processor (e.g., a microprocessor or digital signal processor (DSP)) together with suitable software; or any combination of the above. For example, processing circuitry 2501 may include two central processing units (CPUs). Data can be information in a form suitable for use by a computer.

[0280] In the depicted embodiments, the input / output interface 2505 can be configured to provide a communication interface to an input device, an output device, or both input and output devices. The UE 2500 can be configured to use an output device via the input / output interface 2505. The output device can use an interface port of the same type as the input device. For example, a USB port can be used to provide input to and output from the UE 2500. The output device can be a speaker, sound card, video card, display, monitor, printer, actuator, transmitter, smart card, another output device, or any combination thereof. The UE 2500 can be configured to use an input device via the input / output interface 2505 to allow a user to capture information into the UE 2500. The input device can include a touch-sensitive or presence-sensitive display, a camera (e.g., a digital camera, digital camcorder, webcam, etc.), a microphone, a sensor, a mouse, a trackball, a steering wheel, a touchpad, a scroll wheel, a smart card, etc. A presence-sensitive display can include a capacitive or resistive touch sensor to sense input from the user. Sensors can be, for example, accelerometers, gyroscopes, tilt sensors, force sensors, magnetometers, optical sensors, proximity sensors, other similar sensors, or any combination thereof. For example, input devices can be accelerometers, magnetometers, digital cameras, microphones, and optical sensors.

[0281] exist Figure 25 In this configuration, RF interface 2509 can be configured to provide a communication interface to RF components such as transmitters, receivers, and antennas. Network connectivity interface 2511 can be configured to provide a communication interface to network 2543a. Network 2543a may include wired and / or wireless networks, such as local area networks (LANs), wide area networks (WANs), computer networks, wireless networks, telecommunications networks, another similar network, or any combination thereof. For example, network 2543a may include a Wi-Fi network. Network connectivity interface 2511 can be configured to include receiver and transmitter interfaces for communicating with one or more other devices over the communication network according to one or more communication protocols (e.g., Ethernet, TCP / IP, SONET, ATM, etc.). Network connectivity interface 2511 can implement receiver and transmitter functions suitable for communication network links (e.g., optical, electrical, etc.). Transmitter and receiver functions may share circuit components, software, or firmware, or alternatively, may be implemented separately.

[0282] RAM 2517 can be configured to interface with processing circuitry 2501 via bus 2502 to provide storage or cache of data or computer instructions during the execution of software programs such as operating systems, applications, and device drivers. ROM 2519 can be configured to provide computer instructions or data to processing circuitry 2501. For example, ROM 2519 can be configured to store invariant low-level system code or data for basic system functions stored in non-volatile memory, such as basic input and output (I / O), startup, or reception of keystrokes from a keyboard. Storage medium 2521 can be configured to include memory such as RAM, ROM, programmable read-only memory (PROM), erasable programmable read-only memory (EPROM), electrically erasable programmable read-only memory (EEPROM), disk, optical disk, floppy disk, hard disk, removable tape cassette, or flash drive. In one example, storage medium 2521 can be configured to include operating system 2523, application 2525 such as a web browser application, widget or gadget engine or another application, and data file 2527. Storage medium 2521 can store any one or a combination of various operating systems for use by UE 2500.

[0283] Storage medium 2521 can be configured to include multiple physical drive units, such as a redundant array of independent disks (RAID), a floppy disk drive, flash memory, a USB flash drive, an external hard disk drive, a thumb disk drive, a pen disk drive, a key disk drive, a high-density digital multifunction disc (HD-DVD) drive, an internal hard disk drive, a Blu-ray disc drive, a holographic digital data storage (HDDS) disc drive, an external mini dual in-line memory module (DIMM), synchronous dynamic random access memory (SDRAM), external micro DIMM SDRAM, smart card memory such as a user identity module or a removable user identity (SIM / RUIM) module, other memory, or any combination thereof. Storage medium 2521 can allow UE 2500 to access computer-executable instructions, applications, etc., stored on a transient or non-transient storage medium to unload or upload data. Articles such as those utilizing a communication system can be tangibly embodied in storage medium 2521, which may include a device-readable medium.

[0284] exist Figure 25In this configuration, processing circuitry 2501 can be configured to communicate with network 2543b using communication subsystem 2531. Networks 2543a and 2543b can be one or more of the same networks or one or more different networks. Communication subsystem 2531 can be configured to include one or more transceivers for communicating with network 2543b. For example, communication subsystem 2531 can be configured to include one or more remote transceivers for communicating with another device (e.g., another WD, UE) or a base station of a radio access network (RAN) capable of wireless communication according to one or more communication protocols (e.g., IEEE 802.25, CDMA, WCDMA, GSM, LTE, UTRAN, WiMax, etc.). Each transceiver can include transmitter 2533 and / or receiver 2535 to implement transmitter or receiver functions suitable for the RAN link (e.g., frequency allocation, etc.). Furthermore, the transmitter 2533 and receiver 2535 of each transceiver can share circuit components, software, or firmware, or alternatively, they can be implemented separately.

[0285] In the illustrated embodiment, the communication functions of the communication subsystem 2531 may include data communication, voice communication, multimedia communication, short-range communication such as Bluetooth, near-field communication, location-based communication (such as the use of a Global Positioning System (GPS) for determining location), another similar communication function, or any combination thereof. For example, the communication subsystem 2531 may include cellular communication, Wi-Fi communication, Bluetooth communication, and GPS communication. The network 2543b may include wired and / or wireless networks, such as a local area network (LAN), a wide area network (WAN), a computer network, a wireless network, a telecommunications network, another similar network, or any combination thereof. For example, the network 2543b may be a cellular network, a Wi-Fi network, and / or a near-field network. The power supply 2513 may be configured to provide alternating current (AC) or direct current (DC) power to the components of the UE 2500.

[0286] The features, benefits, and / or functions described herein may be implemented in one of the components of UE 2500 or partitioned among multiple components of UE 2500. Furthermore, the features, benefits, and / or functions described herein may be implemented in any combination of hardware, software, or firmware. In one example, communication subsystem 2531 may be configured to include any of the components described herein. Additionally, processing circuitry 2501 may be configured to communicate with any such component via bus 2502. In another example, any such component may be represented by program instructions stored in memory, which, when executed by processing circuitry 2501, perform the corresponding functions described herein. In yet another example, the functionality of any such component may be partitioned between processing circuitry 2501 and communication subsystem 2531. In yet another example, the non-computationally intensive functions of any such component may be implemented in software or firmware, and the computationally intensive functions may be implemented in hardware.

[0287] Figure 26 This is a schematic block diagram illustrating a virtualized environment 2600, in which functionality implemented by some embodiments can be virtualized. In this context, virtualization means creating virtual versions of devices or equipment, which may include virtualized hardware platforms, storage devices, and network resources. As used herein, virtualization can be applied to nodes (e.g., virtualized base stations or virtualized radio access nodes) or devices (e.g., UEs, wireless devices, or any other type of communication equipment) or components thereof, and relates to an implementation in which at least a portion of functionality is implemented as one or more virtual components (e.g., through one or more applications, components, functions, virtual machines, or containers executed on one or more physical processing nodes in one or more networks).

[0288] In some embodiments, some or all of the functions described herein may be implemented as virtual components executed by one or more virtual machines implemented in one or more virtual environments 2600 hosted on one or more hardware nodes 2630. Furthermore, in embodiments where the virtual node is not a radio access node or does not require a radio connection (e.g., a core network node), the network node may be fully virtualized in this case.

[0289] These functionalities can be implemented by one or more applications 2620 (which may alternatively be referred to as software instances, virtual devices, network functions, virtual nodes, virtual network functions, etc.), one or more applications 2620 being operable to implement some of the features, functions, and / or benefits of some embodiments disclosed herein. Applications 2620 run in a virtualization environment 2600, which provides hardware 2630 including processing circuitry 2660 and memory 2690. Memory 2690 contains instructions 2695 executable by processing circuitry 2660, thereby enabling application 2620 to operate to provide one or more of the features, benefits, and / or functions disclosed herein.

[0290] The virtualization environment 2600 includes general-purpose or special-purpose network hardware devices 2630, which include one or more processors or processing circuitry 2660, which may be commercial off-the-shelf (COTS) processors, application-specific integrated circuits (ASICs), or any other type of processing circuitry including digital or analog hardware components or special-purpose processors. Each hardware device may include memory 2690-1, which may be non-permanent memory for temporarily storing instructions 2695 or software executable by the processing circuitry 2660. Each hardware device may include one or more network interface controllers (NICs) 2670, also referred to as network interface cards, which include physical network interfaces 2680. Each hardware device may also include non-transitory, permanent machine-readable storage media 2690-2 in which software 2695 and / or instructions executable by the processing circuitry 2660 are stored. Software 2695 may include any type of software, including software for instantiating one or more virtualization layers 2650 (also referred to as hypervisors), software for executing virtual machines 2640, and software that allows them to perform the functions, features, and / or benefits described in relation to some embodiments described herein.

[0291] Virtual machine 2640 includes virtual processing, virtual memory, virtual networking or interface, and virtual storage, and can be run by a corresponding virtualization layer 2650 or hypervisor. Different embodiments of instances of virtual device 2620 can be implemented on one or more of virtual machines 2640, and the implementation can be made in different ways.

[0292] During operation, the processing circuitry 2660 executes software 2695 to instantiate a hypervisor or virtualization layer 2650, which may sometimes be referred to as a virtual machine monitor (VMM). The virtualization layer 2650 can present a virtual operating platform, which appears to the virtual machine 2640 as networked hardware.

[0293] like Figure 26As shown, hardware 2630 can be a standalone network node with general or specific components. Hardware 2630 may include antenna 26225 and may implement some functions through virtualization. Alternatively, hardware 2630 may be part of a larger hardware cluster (e.g., in a data center or customer premises equipment (CPE)) where many hardware nodes work together and are managed by management and coordination (MANO) 26100, which oversees the lifecycle management of application 2620, and so on.

[0294] In some contexts, hardware virtualization is referred to as Network Functions Virtualization (NFV). NFV can be used to unify numerous network device types onto industry-standard high-capacity server hardware, physical switches, and physical storage that can reside in data centers and customer premises.

[0295] In the context of NFV, virtual machine 2640 can be a software implementation of a physical machine, and its programs run as if they were running on a physical, non-virtualized machine. Each virtual machine 2640, along with the portion of hardware 2630 that executes that virtual machine (which can be hardware dedicated to that virtual machine and / or hardware shared by that virtual machine and other virtual machines in virtual machine 2640), forms a separate virtual network element (VNE).

[0296] Still within the context of NFV, a Virtual Network Function (VNF) is responsible for handling specific network functions running in one or more virtual machines 2640 on top of the hardware network infrastructure 2630, and corresponds to... Figure 26 Application 2620 in the text.

[0297] In some embodiments, each of the one or more radio units 26200, including one or more transmitters 26220 and one or more receivers 26210, may be coupled to one or more antennas 26225. The radio unit 26200 may communicate directly with the hardware node 2630 via one or more suitable network interfaces and may be used in conjunction with virtual components to provide a radio-capable virtual node, such as a radio access node or base station.

[0298] In some embodiments, the control system 26230 may be used to implement some signaling, and the control system 26230 may be used alternatively for communication between the hardware node 2630 and the radio unit 26200.

[0299] Figure 27 A telecommunications network connected to a host computer via an intermediate network, according to some embodiments, is illustrated. Specifically, refer to... Figure 27According to an embodiment, the communication system includes a telecommunications network 2710 (e.g., a 3GPP-type cellular network), which includes an access network 2711 (e.g., a radio access network) and a core network 2714. The access network 2711 includes multiple base stations 2712a, 2712b, and 2712c (e.g., NB, eNB, gNB, or other types of wireless access points), each defining a corresponding coverage area 2713a, 2713b, or 2713c. Each base station 2712a, 2712b, or 2712c can be connected to the core network 2714 via a wired or wireless connection 2715. A first UE 2791 located in coverage area 2713c is configured to wirelessly connect to or be paged by the corresponding base station 2712c. A second UE 2792 located in coverage area 2713a can wirelessly connect to the corresponding base station 2712a. Although multiple UEs 2791 and 2792 are shown in this example, the disclosed embodiments are equally applicable to situations where a single UE is in the coverage area or a single UE is connected to the corresponding base station 2712.

[0300] Telecommunication network 2710 is connected to host computer 2730, which may be implemented as a standalone server, a cloud-based server, a distributed server, or as a processing resource in a server cluster. Host computer 2730 may be owned or controlled by a service provider, or may be operated by or on behalf of the service provider. Connections 2721 and 2722 between telecommunications network 2710 and host computer 2730 may extend directly from core network 2714 to host computer 2730, or may be made via optional intermediate network 2720. Intermediate network 2720 may be one or more of public, private, or bearer networks; intermediate network 2720 (if present) may be a backbone network or the Internet; specifically, intermediate network 2720 may include two or more subnetworks (not shown).

[0301] Figure 27The communication system as a whole realizes the connection between the connected UEs 2791 and 2792 and the host computer 2730. This connection can be described as an over-the-top (OTT) connection 2750. The host computer 2730 and the connected UEs 2791 and 2792 are configured to transmit data and / or signaling via the OTT connection 2750 using the access network 2711, core network 2714, any intermediate network 2720, and possibly other infrastructure (not shown) as intermediaries. The OTT connection 2750 can be transparent in the sense that the participating communication devices traversing the OTT connection 2750 are unaware of the routing of uplink and downlink communications. For example, it may not be necessary to notify the base station 2712 of the past routes of input downlink communications with data originating from the host computer 2730 to be forwarded (e.g., handed over) to the connected UE 2791. Similarly, base station 2712 does not need to be aware of future routes for uplink communication originating from UE 2791 to host computer 2730.

[0302] Reference Figure 28 This section describes example implementations of the UE, base station, and host computer discussed in the preceding paragraphs according to embodiments. Figure 28 A host computer is illustrated that communicates with a user equipment via a base station through a partially wireless connection according to some embodiments. In the communication system 2800, the host computer 2810 includes hardware 2815, which includes a communication interface 2816 configured to establish and maintain wired or wireless connections with interfaces of different communication devices of the communication system 2800. The host computer 2810 also includes processing circuitry 2818, which may have storage and / or processing capabilities. Specifically, the processing circuitry 2818 may include one or more programmable processors, application-specific integrated circuits, field-programmable gate arrays, or combinations thereof (not shown) suitable for executing instructions. The host computer 2810 also includes software 2811, which is stored in or accessible by the host computer 2810 and executable by the processing circuitry 2818. The software 2811 includes a host application 2812. Host application 2812 is operable to provide services to a remote user (e.g., UE 2830), which is connected via an OTT connection 2850 terminated at both UE 2830 and host computer 2810. When providing services to the remote user, host application 2812 can provide user data transmitted using OTT connection 2850.

[0303] The communication system 2800 also includes a base station 2820 provided in the telecommunications system. The base station 2820 includes hardware 2825 enabling it to communicate with a host computer 2810 and a UE 2830. Hardware 2825 may include: a communication interface 2826 for establishing and maintaining wired or wireless connections with different communication devices of the communication system 2800; and a radio interface 2827 for establishing and maintaining connections with at least the coverage area served by the base station 2820. Figure 28 The wireless connection 2870 of UE2830 (not shown in the diagram) is provided. Communication interface 2826 can be configured to facilitate connection 2860 to host computer 2810. Connection 2860 can be direct, or it can be via the core network of the telecommunications system (…). Figure 28 (Not shown) and / or via one or more intermediate networks outside the telecommunications system. In the illustrated embodiment, the hardware 2825 of base station 2820 also includes processing circuitry 2828, which may include one or more programmable processors, application-specific integrated circuits, field-programmable gate arrays, or combinations thereof (not shown) suitable for executing instructions. Base station 2820 also has software 2821 stored internally or accessible via an external connection.

[0304] The communication system 2800 also includes the previously mentioned UE 2830. Its hardware 2835 may include a radio interface 2837 configured to establish and maintain a wireless connection 2870 with a base station serving the coverage area currently occupied by the UE 2830. The hardware 2835 of the UE 2830 also includes processing circuitry 2838, which may include one or more programmable processors, application-specific integrated circuits, field-programmable gate arrays, or combinations thereof (not shown) suitable for executing instructions. The UE 2830 also includes software 2831, which is stored in or accessible by the UE 2830 and executable by the processing circuitry 2838. The software 2831 includes a client application 2832. The client application 2832 is operable to provide services to human or non-human users via the UE 2830 with the support of a host computer 2810. In host computer 2810, host application 2812 can communicate with client application 2832 via OTT connection 2850 terminated at UE 2830 and host computer 2810. When providing services to a user, client application 2832 can receive request data from host application 2812 and provide user data in response to the request data. OTT connection 2850 can transmit both request data and user data. Client application 2832 can interact with the user to generate the user data it provides.

[0305] Notice, Figure 28The host computer 2810, base station 2820, and UE 2830 shown can be respectively connected to... Figure 27 The host computer 2730, base stations 2712a, 2712b, and 2712c, and UEs 2791 and 2792 are similar to or identical to each other. That is to say, the internal workings of these entities can be as follows: Figure 28 As shown, and independently, the surrounding network topology can be Figure 27 The network topology.

[0306] exist Figure 28 The OTT connection 2850 has been abstractly depicted to illustrate communication between the host computer 2810 and the UE 2830 via the base station 2820, without explicitly mentioning any intermediate devices or the precise routing of messages via these devices. The network infrastructure can determine this route, which can be configured to be hidden from the UE 2830, the service provider operating the host computer 2810, or both. During OTT connection 2850 activity, the network infrastructure can also make decisions to dynamically change the route (e.g., based on load balancing considerations or network reconfiguration).

[0307] The wireless connection 2870 between UE 2830 and base station 2820 is based on the teachings of the embodiments described throughout this disclosure. One or more embodiments in various embodiments improve the performance of OTT services provided to UE 2830 using OTT connection 2850, wherein wireless connection 2870 forms the final segment of OTT connection 2850.

[0308] For the purpose of monitoring data rates, latency, and other factors improved in one or more embodiments, a measurement process may be provided. Optional network functions may also be available for reconfiguring the OTT connection 2850 between the host computer 2810 and the UE 2830 in response to changes in measurement results. The measurement process and / or network functions for reconfiguring the OTT connection 2850 may be implemented using software 2811 and hardware 2815 of the host computer 2810, or software 2831 and hardware 2835 of the UE 2830, or both. In embodiments, sensors (not shown) may be deployed in or associated with communication equipment through which the OTT connection 2850 traverses; the sensors may participate in the measurement process by providing values ​​of the monitored quantities illustrated above or by providing values ​​of other physical quantities that the software 2811, 2831 can use to calculate or estimate the monitored quantities. Reconfiguration of the OTT connection 2850 may include message formatting, retransmission settings, preferred routing, etc.; this reconfiguration does not need to affect the base station 2820, and it may be unknown or imperceptible to the base station 2820. Such processes and functions may be known and practiced in the art. In a particular embodiment, measurement may involve proprietary UE signaling that facilitates the host computer 2810 to measure throughput, propagation time, latency, etc. This measurement may be implemented as follows: software 2811 and 2831 enable the use of the OTT connection 2850 to send messages (specifically, empty messages or "fake" messages) while monitoring propagation time, errors, etc.

[0309] Figure 29 This is a flowchart illustrating a method implemented in a communication system according to one embodiment. The communication system includes a host computer, a base station, and a UE, which may be a reference... Figure 27 and Figure 28 The host computer, base station, and UE are described. For the sake of brevity, this section will only include descriptions of... Figure 29 The diagram is referenced. In step 2910, the host computer provides user data. In sub-step 2911 of step 2910 (which may be optional), the host computer provides user data by executing a host application. In step 2920, the host computer initiates a transmission carrying user data to the UE. In step 2930 (which may be optional), in accordance with the teachings of the embodiments described throughout this disclosure, the base station sends the user data carried in the transmission initiated by the host computer to the UE. In step 2940 (which may also be optional), the UE executes a client application associated with the host application executed by the host computer.

[0310] Figure 30This is a flowchart illustrating a method implemented in a communication system according to one embodiment. The communication system includes a host computer, a base station, and a UE, which may be a reference... Figure 27 and Figure 28 The host computer, base station, and UE are described. For the sake of brevity, this section will only include descriptions of... Figure 30 The diagram is referenced. In step 3010 of the method, the host computer provides user data. In an optional sub-step (not shown), the host computer provides user data by executing a host application. In step 3020, the host computer initiates a transmission carrying user data to the UE. According to the teachings of the embodiments described throughout this disclosure, this transmission may be via a base station. In step 3030 (which may be optional), the UE receives the user data carried in the transmission.

[0311] Figure 31 This is a flowchart illustrating a method implemented in a communication system according to one embodiment. The communication system includes a host computer, a base station, and a UE, which may be a reference... Figure 27 and Figure 28 The host computer, base station, and UE are described. For the sake of brevity, this section will only include descriptions of... Figure 31 The diagram references [the relevant information]. In step 3110 (which may be optional), the UE receives input data provided by the host computer. Additionally or alternatively, in step 3120, the UE provides user data. In sub-step 3121 of step 3120 (which may be optional), the UE provides user data by executing a client application. In sub-step 3111 of step 3110 (which may be optional), the UE executes a client application that provides user data in response to the received input data provided by the host computer. When providing user data, the executed client application may also consider user input received from the user. Regardless of the specific manner in which user data is provided, the UE initiates the transmission of user data to the host computer in sub-step 3130 (which may be optional). In step 3140 of the method, the host computer receives user data sent from the UE, in accordance with the teachings of the embodiments described throughout this disclosure.

[0312] Figure 32 This is a flowchart illustrating a method implemented in a communication system according to one embodiment. The communication system includes a host computer, a base station, and a UE, which may be a reference... Figure 27 and Figure 28 The host computer, base station, and UE are described. For the sake of brevity, this section will only include descriptions of... Figure 32The diagram is referenced. In step 3210 (which may be optional), the base station receives user data from the UE in accordance with the teachings of the embodiments described throughout this disclosure. In step 3220 (which may be optional), the base station initiates a transmission of the received user data to the host computer. In step 3230 (which may be optional), the host computer receives the user data carried in the transmission initiated by the base station.

[0313] Any suitable steps, methods, features, functions, or benefits disclosed herein can be performed by one or more functional units or modules of one or more virtual devices. Each virtual device may include multiple such functional units. These functional units may be implemented by processing circuitry, which may include one or more microprocessors or microcontrollers and other digital hardware (including digital signal processors (DSPs), application-specific digital logic, etc.). The processing circuitry may be configured to execute program code stored in memory, which may include one or more types of memory, such as read-only memory (ROM), random access memory (RAM), cache memory, flash memory devices, optical storage devices, etc. The program code stored in memory includes program instructions for executing one or more telecommunications and / or data communication protocols and instructions for executing one or more techniques described herein. In some implementations, the processing circuitry may be used to cause corresponding functional units to perform corresponding functions according to one or an embodiment of this disclosure.

[0314] Therefore, in view of the foregoing, embodiments herein generally include a communication system comprising a host computer. The host computer may include processing circuitry configured to provide user data. The host computer may also include a communication interface configured to forward user data to a cellular network for transmission to a user equipment (UE). The cellular network may include a base station having a radio interface and processing circuitry configured to perform any of the steps described above with respect to any embodiment of the base station.

[0315] In some embodiments, the communication system further includes a base station.

[0316] In some embodiments, the communication system further includes a UE, wherein the UE is configured to communicate with a base station.

[0317] In some embodiments, the host computer's processing circuitry is configured to execute a host application, thereby providing user data. In this case, the UE includes processing circuitry configured to execute a client application associated with the host application.

[0318] Embodiments herein also include a method implemented in a communication system comprising a host computer, a base station, and a user equipment (UE). The method includes providing user data at the host computer. The method may further include initiating a transmission carrying the user data to the UE via a cellular network, including the base station, at the host computer. The base station performs any of the steps described above with respect to any embodiment of the base station.

[0319] In some embodiments, the method further includes: transmitting user data at a base station.

[0320] In some embodiments, user data is provided at a host computer by executing a host application. In this case, the method further includes executing a client application associated with the host application at the UE.

[0321] The embodiments described herein also include a user equipment (UE) configured to communicate with a base station. The UE includes a radio interface and processing circuitry configured to perform any of the embodiments described above for the UE.

[0322] Embodiments herein also include a communication system comprising a host computer. The host computer includes: processing circuitry configured to provide user data; and a communication interface configured to forward the user data to a cellular network for transmission to a user equipment (UE). The UE includes a radio interface and processing circuitry. Components of the UE are configured to perform any steps of any of the embodiments described above with respect to the UE.

[0323] In some embodiments, the cellular network further includes a base station configured to communicate with the UE.

[0324] In some embodiments, the processing circuitry of the host computer is configured to execute a host application to provide user data. The processing circuitry of the UE is configured to execute a client application associated with the host application.

[0325] The embodiments also include a method implemented in a communication system including a host computer, a base station, and a user equipment (UE). The method includes: providing user data at the host computer; and initiating a transmission carrying the user data to the UE via a cellular network including the base station. The UE performs any step of any of the embodiments described above with respect to the UE.

[0326] In some embodiments, the method further includes: receiving user data from a base station at the UE.

[0327] Embodiments herein also include a communication system comprising a host computer. The host computer includes a communication interface configured to receive user data originating from transmissions from a user equipment (UE) to a base station. The UE includes a radio interface and processing circuitry. The processing circuitry of the UE is configured to perform any steps of any of the embodiments described above with respect to the UE.

[0328] In some embodiments, the communication system further includes a UE.

[0329] In some embodiments, the communication system further includes a base station. In this case, the base station includes: a radio interface configured to communicate with the UE; and a communication interface configured to forward user data carried in transmissions from the UE to the base station to a host computer.

[0330] In some embodiments, the processing circuitry of the host computer is configured to execute a host application. The processing circuitry of the UE is configured to execute a client application associated with the host application, thereby providing user data.

[0331] In some embodiments, the host computer's processing circuitry is configured to execute a host application to provide requested data. The UE's processing circuitry is also configured to execute a client application associated with the host application to provide user data in response to the requested data.

[0332] Embodiments herein also include a method implemented in a communication system comprising a host computer, a base station, and a user equipment (UE). The method includes: at the host computer, receiving user data transmitted from the UE to the base station. The UE performs any step of any of the embodiments described above for that UE.

[0333] In some embodiments, the method further includes: providing user data to the base station at the UE.

[0334] In some embodiments, the method further includes: at the UE, executing a client application to provide user data to be sent. The method may also include: at the host computer, executing a host application associated with the client application.

[0335] In some embodiments, the method further includes: executing a client application at the UE; and receiving input data for the client application at the UE. The input data is provided at the host computer by executing a host application associated with the client application. The user data to be sent is provided by the client application in response to the input data.

[0336] The embodiments also include a communication system comprising a host computer. The host computer includes a communication interface configured to receive user data originating from transmissions from a user equipment (UE) to a base station. The base station includes a radio interface and processing circuitry. The processing circuitry of the base station is configured to perform any steps of any of the embodiments described above with respect to the base station.

[0337] In some embodiments, the communication system further includes a base station.

[0338] In some embodiments, the communication system further includes a UE. The UE is configured to communicate with a base station.

[0339] In some embodiments, the host computer's processing circuitry is configured to execute a host application. The UE is also configured to execute a client application associated with the host application, thereby providing user data to be received by the host computer.

[0340] Furthermore, embodiments include a method implemented in a communication system comprising a host computer, a base station, and a user equipment (UE). The method includes: at the host computer, receiving user data from the base station, the user data originating from transmissions already received by the base station from the UE. The UE performs any step of any of the embodiments described above with respect to the UE.

[0341] In some embodiments, the method further includes: receiving user data from the UE at the base station.

[0342] In some embodiments, the method further includes: at the base station, initiating the transmission of received user data to a host computer.

[0343] Generally, unless explicitly stated and / or implied from the context, all terms used herein shall be interpreted according to their common meaning in the relevant art. Unless otherwise expressly stated, all references to “an element, device, component, apparatus, step, etc.” shall be openly interpreted as referring to at least one instance of an element, device, component, apparatus, step, etc. Unless it is explicitly stated that a step must be described as occurring after or before another step and / or implicitly that a step must occur after or before another step, the steps of any method disclosed herein need not be performed in the exact order disclosed. Where appropriate, any feature of any embodiment disclosed herein may be applied to any other embodiment. Similarly, any advantage of any embodiment may be applied to any other embodiment, and vice versa. Further objects, features, and advantages of the appended embodiments will become apparent from the description.

[0344] The term "unit" may have a conventional meaning in the field of electronic products, electrical equipment and / or electronic devices, and may include, for example, electrical and / or electronic circuits, devices, modules, processors, memories, logic solid-state and / or discrete devices, computer programs or instructions for performing various tasks, processes, calculations, outputs and / or display functions (such as those described herein).

[0345] Some embodiments contemplated herein are described more fully with reference to the accompanying drawings. However, other embodiments are included within the scope of the subject matter disclosed herein. The disclosed subject matter should not be construed as limited to the embodiments set forth herein; rather, these embodiments are provided by way of example only to convey the scope of the subject matter to those skilled in the art.

[0346] Example embodiments of the technologies and devices described herein include, but are not limited to, the following listed examples:

[0347] Group A Examples

[0348] A1. A method performed by a wireless device, the method comprising:

[0349] Receive a capability query at the access layer, the capability query requesting the wireless device to send capability information indicating one or more capabilities of the wireless device; and

[0350] After receiving the capability query:

[0351] A token is generated and sent using one or more input parameters, wherein the one or more input parameters include at least a portion of the capability query and / or at least some of the capability information, and wherein the token is generated or sent based on the non-access stratum security context at the wireless device; and

[0352] The capability information is transmitted at the access layer;

[0353] A2. The method according to embodiment A1, wherein the token is generated based on the non-access stratum security context at the wireless device.

[0354] A3. The method according to any one of embodiments A1 to A2, wherein the one or more input parameters include at least some information in or derived from the non-access stratum security context.

[0355] A4. The method according to any one of embodiments A1 to A3, wherein the one or more input parameters include a key in or derived from the non-access stratum security context.

[0356] A5. The method according to any one of embodiments A1 to A4, wherein the one or more input parameters include at least one of any one or more of the following:

[0357] The count values ​​included in the non-access stratum security context; and

[0358] Freshness parameter.

[0359] A6. The method according to any one of embodiments A1 to A5, wherein generating the token includes: generating the token based on an integrity algorithm or encryption algorithm identified by the non-access stratum security context.

[0360] A7. The method according to any one of embodiments A1 to A6, wherein generating a token includes: generating a token using a cryptographic hash function, a key derivation function, an integrity algorithm, or an encryption algorithm.

[0361] A8. The method according to any one of embodiments A1 to A7, wherein generating the token includes: calculating the token as a hash or hash of a key on at least some of the capability information.

[0362] A9. The method according to any one of embodiments A1 to A8, wherein the one or more input parameters include at least some of the capability information.

[0363] A10. The method according to any one of embodiments A1 to A9, wherein the one or more input parameters include at least a portion of the capability query.

[0364] A11. The method according to any one of embodiments A1 to A10, wherein the capability query is received on an access layer without access layer security, and / or the capability information is sent on an access layer without access layer security.

[0365] A12. The method according to any one of embodiments A1 to A11, wherein sending the capability information includes: sending a response to the capability query, wherein the response includes the capability information and the token.

[0366] A13. The method according to any one of embodiments A1 to A11, wherein sending the token includes: sending the token to a radio network device at the access layer.

[0367] A14. The method according to any one of embodiments A1 to A11, wherein sending the token includes: sending the token to the core network device in a non-access stratum message.

[0368] A15. The method according to any one of embodiments A1 to A14, wherein the capability information includes access layer capability information or radio capability information.

[0369] A16. The method according to any one of embodiments A1 to A14, wherein the capability information includes non-access stratum capability information or security capability information.

[0370] A17. The method according to any one of embodiments A1 to A16, wherein the wireless device lacks support for access layer security.

[0371] A18. The method according to any one of embodiments A1 to A17, wherein the wireless device only supports control plane cellular IoT optimization functions.

[0372] AA1. A method performed by a wireless device, the method comprising:

[0373] Receive the request at the first protocol layer of the wireless device; and

[0374] A response to the request is sent from the second protocol layer of the wireless device.

[0375] AA2. The method according to embodiment AA1, wherein the request is received at the first protocol layer without the security of the first protocol layer.

[0376] AA3. The method according to any one of embodiments AA1 to AA2, wherein the response is sent from the second protocol layer with security at the second protocol layer.

[0377] AA4. The method according to any one of embodiments AA1 to AA3, wherein sending the response includes: sending the response after activating security on the second protocol layer.

[0378] AA5. The method according to any one of embodiments AA1 to AA4, wherein sending the response includes:

[0379] Generate first protocol layer messages;

[0380] Encapsulate the first protocol layer message in the response; and

[0381] The response is sent from the second protocol layer.

[0382] AA6. The method according to any one of embodiments AA1 to AA6, wherein the wireless device lacks support for security at the first protocol layer.

[0383] AA7. The method according to any one of embodiments AA1 to AA6, wherein the wireless device only supports control plane cellular IoT optimization functions.

[0384] AA8. The method according to any one of the embodiments AA1 to AA7, wherein the first protocol layer is an access layer, corresponds to an access layer, or is included in an access layer.

[0385] AA9. The method according to any one of the embodiments AA1 to AA8, wherein the second protocol layer is a non-access layer, corresponds to a non-access layer, or is included in a non-access layer.

[0386] AA10. The method according to any one of embodiments AA1 to AA9, wherein the request is a capability query requesting the wireless device to send capability information indicating one or more capabilities of the wireless device, and wherein the response includes the capability information.

[0387] AA11. The method according to embodiment AA10, wherein the capability information is directly included in the response.

[0388] AA12. The method according to any one of embodiments AA10 to AA11, wherein the capability information includes access layer capability information or radio capability information.

[0389] AA13. The method according to any one of the embodiments AA10 to AA11, wherein the capability information includes non-access stratum capability information or security capability information.

[0390] AA. The method according to any of the foregoing embodiments further includes:

[0391] Provide user data; and

[0392] User data is forwarded to the host computer via transmission to the base station.

[0393] Group B Implementation Examples

[0394] B1. A method performed by a radio network device, the method comprising:

[0395] A capability query is sent to the wireless device at the access layer, the capability query requesting the wireless device to send capability information indicating one or more capabilities of the wireless device;

[0396] After sending the capability query, the capability information is received from the wireless device at the access layer; and

[0397] Send at least some of the received capability information and / or at least some part of the capability query to the network device.

[0398] B2. The method according to embodiment B1 further includes: receiving a notification from the network device, the notification instructing the network device whether to verify that the capability query and / or the capability information has been securely transmitted.

[0399] B3. The method according to any one of embodiments B1 to B2 further includes: receiving a notification from the network device, the notification indicating whether a token generated by the network device matches or corresponds to a token generated by the wireless device, or indicating that a token generated by the network device matches or corresponds to a token generated by the wireless device.

[0400] B4. The method according to embodiment B3, wherein the token generated by the network device is generated based on at least some of the received capability information and / or at least some of the capability query.

[0401] B5. The method according to any one of embodiments B3 to B4, wherein the token generated by the network device and the token generated by the wireless device are both generated or sent based on a non-access stratum security context established between the wireless device and the network device.

[0402] B6. The method according to any one of embodiments B1 to B5, wherein the capability information includes access layer capability information or radio capability information.

[0403] B7. The method according to any one of embodiments B1 to B6, wherein the capability information includes non-access stratum capability information or security capability information.

[0404] B8. The method according to any one of embodiments B1 to B7, wherein the wireless device lacks support for access layer security.

[0405] B9. The method according to any one of embodiments B1 to B8, wherein the wireless device only supports control plane cellular IoT optimization functions.

[0406] B10. The method according to any one of embodiments B1 to B9 further includes: after sending the capability query to the wireless device:

[0407] Receive a token from the wireless device; and

[0408] Send the received token to the network device.

[0409] BB1. A method performed by a network device, the method comprising:

[0410] The radio network device receives at least a portion of a capability query that it has sent to a wireless device to request the wireless device to send capability information indicating one or more capabilities of the wireless device, and / or, in response to the capability query, at least some of the capability information that the radio network device has received from the wireless device.

[0411] The network device generates a token using one or more input parameters, wherein the one or more input parameters include at least a portion of the capability query received from the radio network device and / or at least some of the capability information; and

[0412] Perform or assist the radio network device in verifying whether the token generated by the network device matches or corresponds to the token generated by the wireless device after the wireless device receives the capability query.

[0413] BB2. The method according to embodiment BB1, further comprising: after the network device receives the capability information from the wireless device, receiving a token generated by the wireless device.

[0414] BB3. The method according to embodiment BB2, wherein receiving the token generated by the wireless device includes: receiving the token generated by the wireless device from the radio network device.

[0415] BB4. The method according to embodiment BB2, wherein receiving the token generated by the wireless device includes: receiving the token generated by the wireless device from the wireless device.

[0416] BB5. The method according to embodiment BB4, wherein the token generated by the wireless device is received in a non-access stratum message.

[0417] BB6. The method according to any one of embodiments BB4 to BB5, wherein the token generated by the wireless device is received on the non-access stratum after security activation on the non-access stratum.

[0418] BB7. The method according to any one of embodiments BB1 to BB6, wherein generating a token by the network device includes: generating the token by the network device based on a non-access stratum security context at the network device.

[0419] BB8. The method according to embodiment BB7, wherein the one or more input parameters include at least some information in or derived from the non-access stratum security context.

[0420] BB9. The method according to any one of embodiments BB7 to BB8, wherein the one or more input parameters include a key in or derived from the non-access stratum security context.

[0421] BB10. The method according to any one of embodiments BB7 to BB9, wherein the one or more input parameters include at least one of any one or more of the following:

[0422] The count values ​​included in the non-access stratum security context; and

[0423] Freshness parameter.

[0424] BB11. The method according to any one of embodiments BB7 to BB10, wherein generating the token includes: generating the token based on an integrity algorithm or encryption algorithm identified by the non-access stratum security context.

[0425] BB12. The method according to any one of embodiments BB1 to BB11, wherein generating the token includes: generating the token using a cryptographic hash function, a key derivation function, an integrity algorithm, or an encryption algorithm.

[0426] BB13. The method according to any one of embodiments BB1 to BB12, wherein generating the token includes: calculating the token as a hash or hash of a key on at least some of the capability information.

[0427] BB14. The method according to any one of embodiments BB1 to BB13, wherein the one or more input parameters include at least some of the capability information.

[0428] BB15. The method according to any one of embodiments BB1 to BB14, wherein the one or more input parameters include at least some portion of the capability query.

[0429] BB16. The method according to any one of embodiments BB1 to BB15, wherein the capability query is transmitted on an access layer without access layer security, and / or the capability information is transmitted on an access layer without access layer security.

[0430] BB17. The method according to any one of embodiments BB1 to BB16, wherein the capability information includes access layer capability information or radio capability information.

[0431] BB18. The method according to any one of the embodiments BB1 to BB16, wherein the capability information includes non-access stratum capability information or security capability information.

[0432] BB19. The method according to any one of embodiments BB1 to BB18, wherein the wireless device lacks support for access layer security.

[0433] BB20. The method according to any one of embodiments BB1 to BB19, wherein the wireless device only supports control plane cellular IoT optimization functions.

[0434] BB21. The method according to any one of embodiments BB1 to BB20 includes performing the verification.

[0435] BB22. The method according to embodiment BB21 further includes: after performing the verification, sending a notification to the radio network device based on the verification.

[0436] BB23. The method according to any one of embodiments BB1 to BB20 includes: assisting the radio network device in performing the verification.

[0437] BB24. The method according to any one of embodiments BB1 to BB23, wherein the assistance includes: sending a token generated by the network device to the radio network device.

[0438] BBB1. A method performed by a radio network device, the method comprising:

[0439] Send a request to the wireless device; and

[0440] Receive a response to the request from the wireless device from the network device.

[0441] BBB2. The method according to embodiment BBB1, wherein the request is sent from the first protocol layer of the radio network device without security at the first protocol layer.

[0442] BBB3. The method according to any one of embodiments BBB1 to BBB2, wherein the response is received from the network device on a protected interface with the network device.

[0443] BBB4. The method according to any one of the embodiments BBB1 to BBB3, wherein the request is sent at the access layer.

[0444] BBB5. The method according to any one of embodiments BBB1 to BBB4, wherein the response is received on the NB control plane interface.

[0445] BBB6. The method according to any one of the embodiments BBB1 to BBB5, wherein the wireless device lacks support for security at the access layer.

[0446] BBB7. The method according to any one of the embodiments BBB1 to BBB6, wherein the wireless device only supports control plane cellular IoT optimization functions.

[0447] BBB8. The method according to any one of embodiments BBB1 to BBB7, wherein the request is a capability query requesting the wireless device to send capability information indicating one or more capabilities of the wireless device, and wherein the response includes the capability information.

[0448] BBB9. The method according to embodiment BBB8, wherein the capability information is directly included in the response.

[0449] BBB10. The method according to any one of the embodiments BBB8 to BBB9, wherein the capability information includes access layer capability information or radio capability information.

[0450] BBB11. The method according to any one of the embodiments BBB9 to BBB10, wherein the capability information includes non-access stratum capability information or security capability information.

[0451] BBB12. The method according to any one of embodiments BBB1 to BBB11, wherein the radio network device initiates the request.

[0452] BBBB1. A method performed by a network device, the method comprising:

[0453] Receive from the wireless device a response to a request sent from the radio network device to the wireless device; and

[0454] The response is sent to the radio network device.

[0455] BBBB2. The method according to embodiment BBBB1, wherein the request is sent from the first protocol layer of the radio network device to the wireless device without security at the first protocol layer.

[0456] BBBB3. The method according to any one of the embodiments BBBB1 to BBBB2, wherein the response is sent from the network device on a protected interface with the radio network device.

[0457] BBBB4. The method according to any one of the embodiments BBBB1 to BBBB3, wherein the request is sent from the radio network device to the wireless device at the access layer.

[0458] BBBB5. The method according to any one of the embodiments BBBB1 to BBBB4, wherein the response is sent to the radio network device on the NB control plane interface.

[0459] BBBB6. The method according to any one of the embodiments BBBB1 to BBBB5, wherein the wireless device lacks support for security at the access layer.

[0460] BBBB7. The method according to any one of the embodiments BBBB1 to BBBB6, wherein the wireless device only supports control plane cellular IoT optimization functions.

[0461] BBBB8. The method according to any one of the embodiments BBBB1 to BBBB7, wherein the request is a capability query requesting the wireless device to send capability information indicating one or more capabilities of the wireless device, and wherein the response includes the capability information.

[0462] BBBB9. The method according to embodiment BBBB8, wherein the capability information is directly included in the response.

[0463] BBBB10. The method according to any one of the embodiments BBBB8 to BBBB9, wherein the capability information includes access layer capability information or radio capability information.

[0464] BBBB11. The method according to any one of the embodiments BBBB9 to BBBB10, wherein the capability information includes non-access stratum capability information or security capability information.

[0465] BBBB12. The method according to any one of the embodiments BBBB1 to BBBB11, wherein the radio network device initiates the request.

[0466] BB. The method according to any of the foregoing embodiments further includes:

[0467] Obtaining user data; and

[0468] Forward user data to host computers or wireless devices.

[0469] Group C Implementation Examples

[0470] C1. A wireless device configured to perform any step of any embodiment in Group A embodiments.

[0471] C2. A wireless device including processing circuitry configured to perform any step of any embodiment in Group A embodiments.

[0472] C3. A wireless device, comprising:

[0473] Communication circuits; and

[0474] The processing circuitry is configured to perform any step of any embodiment in Group A.

[0475] C4. A wireless device comprising:

[0476] The processing circuitry is configured to perform any step of any embodiment in Group A embodiments; and

[0477] The power supply circuit is configured to supply power to the wireless device.

[0478] C5. A wireless device, comprising:

[0479] The processing circuitry and memory contain instructions executable by the processing circuitry, thereby configuring the wireless device to perform any step of any embodiment in the Group A embodiments.

[0480] C6. A user equipment (UE), comprising:

[0481] The antenna is configured to transmit and receive wireless signals;

[0482] A radio front-end circuit, connected to the antenna and processing circuitry, and configured to modulate the signal transmitted between the antenna and processing circuitry;

[0483] The processing circuitry is configured to perform any step of any embodiment in Group A embodiments;

[0484] An input interface is connected to the processing circuitry and configured to allow information to be input into the UE for processing by the processing circuitry.

[0485] The output interface is connected to the processing circuitry and configured to output information that has already been processed by the processing circuitry from the UE; and

[0486] The battery is connected to the processing circuitry and configured to power the UE.

[0487] C7. A computer program comprising instructions that, when executed by at least one processor of a wireless device, cause the wireless device to perform the steps of any of the embodiments in Group A.

[0488] C8. A carrier comprising the computer program of embodiment C7, wherein the carrier is one of an electrical signal, an optical signal, a radio signal, or a computer-readable storage medium.

[0489] C9. A network device configured to perform any step of any embodiment in the Group B embodiments.

[0490] C10. A network device including processing circuitry configured to perform any step of any embodiment in the Group B embodiments.

[0491] C11. A network device, comprising:

[0492] Communication circuits; and

[0493] The processing circuitry is configured to perform any step of any embodiment in the Group B embodiments.

[0494] C12. A network device, comprising:

[0495] The processing circuitry is configured to perform any step of any embodiment in the Group B embodiments;

[0496] The power supply circuit is configured to supply power to network devices.

[0497] C13. A network device, comprising:

[0498] The processing circuitry and memory contain instructions executable by the processing circuitry, thereby configuring the network device to perform any step of any embodiment in the Group B embodiments.

[0499] C14. The network device according to any one of embodiments C9 to C13, wherein the network device is a base station.

[0500] C15. A computer program comprising instructions that, when executed by at least one processor of a network device, cause the network device to perform the steps of any of the embodiments in Group B.

[0501] C16. The computer program according to embodiment C14, wherein the network device is a base station.

[0502] C17. A carrier comprising a computer program according to any of the embodiments of Examples C15 to C16, wherein the carrier is one of an electrical signal, an optical signal, a radio signal, or a computer-readable storage medium.

[0503] Group D Implementation Examples

[0504] D1. A communication system including a host computer, the host computer comprising:

[0505] Processing circuitry is configured to provide user data; and

[0506] The communication interface is configured to forward user data to the cellular network for transmission to the user equipment (UE).

[0507] The cellular network includes a base station with a radio interface and processing circuitry, the processing circuitry of which is configured to perform any step of any embodiment in the Group B embodiments.

[0508] D1. The communication system according to the previous embodiment further includes a base station.

[0509] D3. The communication system according to the first two embodiments further includes the UE, wherein the UE is configured to communicate with the base station.

[0510] D4. The communication system according to the first three embodiments, wherein:

[0511] The host computer's processing circuitry is configured to execute host applications, thereby providing user data; and

[0512] The UE includes processing circuitry configured to execute a client application associated with the host application.

[0513] D5. A method implemented in a communication system including a host computer, a base station, and a user equipment (UE), the method comprising:

[0514] At the host computer, user data is provided; and

[0515] At the host computer, a transmission carrying user data is initiated to the UE via a cellular network including a base station, wherein the base station performs any step of any embodiment in the Group B embodiments.

[0516] D6. The method according to the previous embodiment further includes: transmitting user data at the base station.

[0517] D7. The method according to the preceding two embodiments, wherein user data is provided at the host computer by executing a host application, the method further includes: executing a client application associated with the host application at the UE.

[0518] D8. A user equipment (UE) configured to communicate with a base station, the UE including a radio interface and processing circuitry configured to perform any of the preceding three embodiments.

[0519] D9. A communication system including a host computer, the host computer comprising:

[0520] Processing circuitry is configured to provide user data; and

[0521] The communication interface is configured to forward user data to the cellular network for transmission to the user equipment (UE).

[0522] The UE includes a radio interface and processing circuitry, and the components of the UE are configured to perform any step of any embodiment in the Group A embodiments.

[0523] D10. The communication system according to the previous embodiment, wherein the cellular network further includes a base station configured to communicate with the UE.

[0524] D11. The communication system according to the first two embodiments, wherein:

[0525] The host computer's processing circuitry is configured to execute host applications, thereby providing user data; and

[0526] The UE's processing circuitry is configured to execute client applications associated with the host application.

[0527] D12. A method implemented in a communication system including a host computer, a base station, and a user equipment (UE), the method comprising:

[0528] At the host computer, user data is provided; and

[0529] At the host computer, a transmission carrying user data is initiated to the UE via a cellular network including a base station, wherein the UE performs any step of any embodiment in any of the Group A embodiments.

[0530] D13. The method according to the previous embodiment further includes: receiving user data from the base station at the UE.

[0531] D14. A communication system including a host computer, the host computer comprising:

[0532] The communication interface is configured to receive user data, which is transmitted from the user equipment (UE) to the base station.

[0533] The UE includes a radio interface and processing circuitry, the processing circuitry of which is configured to perform any step of any embodiment in Group A embodiments.

[0534] D15. The communication system according to the previous embodiment further includes the UE.

[0535] D16. The communication system according to the preceding two embodiments further includes a base station, wherein the base station includes: a radio interface configured to communicate with the UE; and a communication interface configured to forward user data carried in transmissions from the UE to the base station to a host computer.

[0536] D17. The communication system according to the first three embodiments, wherein:

[0537] The host computer's processing circuitry is configured to execute host applications; and

[0538] The UE's processing circuitry is configured to execute a client application associated with the host application, thereby providing the user data.

[0539] D18. The communication system according to the first four embodiments, wherein:

[0540] The host computer's processing circuitry is configured to execute host applications, thereby providing requested data; and

[0541] The UE's processing circuitry is configured to execute a client application associated with the host application, thereby providing the user data in response to the requested data.

[0542] D19. A method implemented in a communication system including a host computer, a base station, and a user equipment (UE), the method comprising:

[0543] At the host computer, user data transmitted from the UE to the base station is received, wherein the UE performs any step of any embodiment in any of the Group A embodiments.

[0544] D20. The method according to the previous embodiment further includes: providing user data to the base station at the UE.

[0545] D21. The method according to the preceding two embodiments further includes:

[0546] At the UE, the client application is executed, thereby providing the user data to be sent; and

[0547] At the host computer, the host application associated with the client application is executed.

[0548] D22. The method according to the first three embodiments further includes:

[0549] At the UE (User Equipment) level, execute the client application; and

[0550] At the UE, input data for the client application is received, the input data being provided at the host computer by executing a host application associated with the client application.

[0551] The user data to be sent is provided by the client application in response to the input data.

[0552] D23. A communication system comprising a host computer including a communication interface configured to receive user data originating from a user equipment (UE) transmitted to a base station, wherein the base station includes a radio interface and processing circuitry configured to perform any step of any embodiment in the Group B embodiments.

[0553] D24. The communication system according to the previous embodiment further includes a base station.

[0554] D25. The communication system according to the first two embodiments further includes a UE, wherein the UE is configured to communicate with a base station.

[0555] D26. The communication system according to the first three embodiments, wherein:

[0556] The host computer's processing circuitry is configured to execute host applications;

[0557] The UE is configured to execute a client application associated with the host application, thereby providing the user data to be received by the host computer.

[0558] D27. A method implemented in a communication system including a host computer, a base station, and a user equipment (UE), the method comprising:

[0559] At the host computer, user data transmitted from the base station that has already been received from the UE by the base station is received from the base station, wherein the UE performs any step of any embodiment in any of the Group A embodiments.

[0560] D28. The method according to the preceding embodiment further includes: receiving user data from the UE at the base station.

[0561] D29. The method according to the preceding two embodiments further includes: at the base station, initiating the transmission of the received user data to the host computer.

Claims

1. A method performed by a wireless device (14), the method comprising: A capability query (24) is received on the access layer (18), the capability query (24) requests the wireless device (14) to send capability information (22) indicating one or more capabilities of the wireless device (14), the capability query (24) is received on the access layer (18) and does not have access layer security, and the capabilities of the wireless device (14) are access layer capabilities; as well as After receiving the capability query (24): A token (26) is generated and sent using one or more input parameters (28), wherein the one or more input parameters (28) include at least some portion of the capability query (24) and some of the capability information (22) that the wireless device (14) already has or will send, wherein the token (26) is generated or sent based on the non-access stratum security context (30) at the wireless device (14); and The capability information (22) is sent on the access layer (18) without activating security on the access layer, wherein activating security on the access layer (18) includes: not using a security key for activating or applying integrity protection on the access layer (18) and not having confidentiality protection on the access layer (18).

2. The method according to claim 1, wherein, The one or more input parameters (28) include at least some part of the capability query (24).

3. The method according to claim 1, wherein, The one or more input parameters (28) include at least some of the capability information (22).

4. The method according to claim 1, wherein, The one or more input parameters (28) include: The key in or derived from the non-access stratum security context (30); and / or The count value included in the non-access stratum security context (30).

5. The method according to claim 1, wherein, Generating the token (26) includes: calculating the token (26) as a hash or hash of a key on at least some of the capability information (22).

6. The method according to claim 1, wherein, Sending the capability information (22) includes sending a response to the capability query (24), wherein the response includes the capability information (22) and the token (26).

7. The method according to claim 1, wherein, Sending the token (26) includes sending the token (26) to the radio network device (12) on the access layer (18).

8. The method according to claim 1, wherein, Sending the token (26) includes sending the token (26) to the core network device in a non-access stratum message.

9. The method according to claim 1, wherein, The capability information (22) includes access layer capability information or radio capability information.

10. The method according to claim 1, wherein, The wireless device (14) lacks support for access layer security and / or only supports control plane cellular IoT optimization functions.

11. A method performed by a network device (16), the method comprising: The radio network device (12) receives at least a portion of a capability query (24) sent by the radio network device (12) to the wireless device (14) requesting the wireless device (14) to send capability information (22) indicating one or more capabilities of the wireless device (14), and in response to the capability query (24), at least some of the capability information (22) that the radio network device (12) has received from the wireless device (14); the request is sent from the radio network device (12) to the wireless device (14) at a first protocol layer of the radio network device (12) without security at the first protocol layer, and the wireless device (14) sends the capability information at the access layer without activating security at the access layer (18), wherein the lack of activation of security at the access layer (18) includes: not using a security key for activating or applying integrity protection at the access layer (18), and not having confidentiality protection at the access layer (18), and the capability of the wireless device (14) is an access layer capability; The network device (16) generates a token (34) using one or more input parameters (28), wherein the one or more input parameters (28) include at least a portion of the capability query (24) received from the radio network device (12) and at least some of the capability information (22) that the radio device (14) already has or will send; and Perform or assist the radio network device (12) in verifying whether the token (34) generated by the network device (16) matches or corresponds to the token (26) generated by the wireless device (14).

12. The method of claim 11, further comprising: After the network device (16) receives the capability information (22) from the wireless device (14), it receives the token (26) generated by the wireless device (14).

13. The method according to claim 12, wherein, Receiving the token (26) generated by the wireless device (14) includes receiving the token (26) generated by the wireless device (14) from the radio network device (12).

14. The method according to claim 12, wherein, Receiving the token (26) generated by the wireless device (14) includes receiving the token (26) generated by the wireless device (14) from the wireless device (14).

15. The method according to claim 14, wherein, The token (26) generated by the wireless device (14) is received in a non-access stratum message.

16. The method of claim 14, wherein, The token (26) generated by the wireless device (14) is received on the non-access layer after security activation on the non-access layer.

17. The method according to claim 11, wherein, Generating the token (34) by the network device (16) includes generating the token (34) by the network device (16) based on the non-access stratum security context (30) at the network device (16).

18. The method according to claim 17, wherein, The one or more input parameters (28) include: The key in or derived from the non-access stratum security context (30); and / or The count value included in the non-access stratum security context (30).

19. The method according to claim 11, wherein, Generating the token (34) includes: calculating the token (34) as a hash or hash of a key on at least some of the capability information (22).

20. The method according to claim 11, wherein, The one or more input parameters (28) include at least some of the capability information (22).

21. The method according to claim 11, wherein, The one or more input parameters (28) include at least some part of the capability query (24).

22. The method according to claim 11, wherein, The capability information (22) includes access layer capability information or radio capability information.

23. The method according to claim 11, wherein, The wireless device (14) lacks support for access layer security and / or only supports control plane cellular IoT optimization functions.

24. The method of claim 11, comprising: Assisting the radio network device (12) in performing the authentication, wherein the assistance includes sending the token (34) generated by the network device (16) to the radio network device (12).

25. A method performed by a radio network device (12), the method comprising: A capability query (24) is sent to a wireless device (14) at the access layer (18). The capability query (24) requests the wireless device (14) to send capability information (22) indicating one or more capabilities of the wireless device (14). The capability query (24) is received at the access layer (18) and does not have access layer security. The capabilities of the wireless device (14) are access layer capabilities. The request is sent from the radio network device (12) to the wireless device (14) at the first protocol layer of the radio network device (12) without security at the first protocol layer. The wireless device (14) sends the capability information at the access layer without activating security at the access layer. Activating security at the access layer (18) includes: not using a security key for activating or applying integrity protection at the access layer (18), and not having confidentiality protection at the access layer (18). Send at least a portion of the capability query (24) to the network device (16).

26. The method of claim 25, further comprising: After sending the capability query (24), the capability information (22) is received from the wireless device (14) at the access layer (18). as well as Send at least some of the received capability information (22) to the network device (16).

27. The method of claim 25, further comprising receiving a notification from the network device (16), the notification indicating: Whether the network device (16) verifies that the capability query (24) and / or the capability information (22) are securely transmitted; and / or Whether the token (34) generated by the network device (16) matches or corresponds to the token (26) generated by the wireless device (14), or whether the token (34) generated by the network device (16) matches or corresponds to the token (26) generated by the wireless device (14).

28. The method according to claim 25, wherein, The capability information (22) includes access layer capability information or radio capability information.

29. The method according to claim 25, wherein, The wireless device (14) lacks support for access layer security and / or only supports control plane cellular IoT optimization functions.

30. The method of claim 25, further comprising: After sending the capability query (24) to the wireless device (14): Receive a token (26) from the wireless device (14); as well as Send the received token (26) to the network device (16).

31. A wireless device (14), comprising: Communication circuit (920); as well as The processing circuit (910) is configured to perform the method according to any one of claims 1 to 10.

32. A network device (16), comprising: Communication circuit (1020); as well as The processing circuit (1010) is configured to perform the method according to any one of claims 11 to 24.

33. A radio network device (12), comprising: Communication circuit (1020); as well as The processing circuit (1010) is configured to perform the method according to any one of claims 25 to 30.

34. A computer program product comprising instructions that, when executed by at least one processor of a wireless device (14), cause the wireless device (14) to perform the method according to any one of claims 1 to 10.

35. A computer program product comprising instructions that, when executed by at least one processor of a network device (16), cause the network device (16) to perform the method according to any one of claims 11 to 24.

36. A computer program product comprising instructions that, when executed by at least one processor of a radio network device (12), cause the radio network device (12) to perform the method according to any one of claims 25 to 30.

37. A computer-readable storage medium comprising a computer program that, when executed by at least one processor, performs the method according to any one of claims 1 to 30.