Handling of multiple authentication procedures in 5G

By using timestamps or counters to track the latest KAUSF key in AUSF nodes and UEs, the problem of key synchronization in 5G systems is solved, ensuring the integrity and reliability of information transmission and reducing signaling overhead.

CN116233838BActive Publication Date: 2026-07-14TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)
Filing Date
2020-04-20
Publication Date
2026-07-14

AI Technical Summary

Technical Problem

In 5G systems, when a UE registers for access through both 3GPP and non-3GPP channels, the KAUSF keys on the home PLMN side and the UE side may become out of sync, leading to information transmission failures and deadlocks. Existing technologies cannot effectively synchronize and manage these keys.

Method used

By maintaining a KAUSF key in the AUSF node of the home PLMN and the UE, and using a timestamp or counter to track the latest key, the system ensures that the latest key is used for integrity protection during message transmission, thus avoiding the problem of key synchronization.

Benefits of technology

It achieves integrity protection for information transmission between the UE and the home PLMN, avoids transmission failures and deadlocks caused by key asynchrony, and reduces signaling overhead.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN116233838B_ABST
    Figure CN116233838B_ABST
Patent Text Reader

Abstract

A method of a home PLMN AUSF configured to communicate with electronic devices over an interface is provided. A first authentication request is received from a first PLMN that is authenticating an electronic device. A first security key is obtained for integrity protection of messages communicated from the home PLMN to the electronic device. A second authentication request is received from a second PLMN that is authenticating the electronic device. A second security key is obtained for integrity protection of messages communicated from the home PLMN to the electronic device. A message protection request is received. It is determined which of the first security key and the second security key is a latest security key. A message associated with the message protection request is protected using the latest security key.
Need to check novelty before this filing date? Find Prior Art

Description

[0001] This application is a divisional application of the patent application filed on April 20, 2020, with application number 202080031704.9 and invention title "Processing of Multiple Authentication Processes in 5G". Technical Field

[0002] This disclosure generally relates to communications, and more specifically, to communication methods and related devices and nodes that support communications. Background Technology

[0003] The 3GPP Security Standardization Working Group SA3 has finalized the security specifications for 5G systems in TS 33.501[1]. 5G systems include many new features that require the introduction of additional security mechanisms. For example, 5G systems seamlessly integrate non-3GPP access (e.g., WLAN) with 3GPP access (new radio and LTE). More precisely, in 5G, UEs can run the usual service access procedures independently of the underlying access.

[0004] The 5G system includes an access network (AN) and a core network (CN). The AN is the network that allows the UE to access the CN, such as a base station of a next-generation node B (gNB) or a next-generation evolved node B (ng-eNB) in 5G. The CN contains all network functions (NFs), which ensure various functions such as session management, connection management, billing, authentication, etc. From TS23.501[2] Figure 1 It provides a high-level overview of 5G architecture for non-roaming scenarios.

[0005] The communication link between the UE and the network (AN and CN) can be grouped into two different layers. The UE can communicate with the CN through the Non-Access Stratum (NAS) and with the AN through the Access Stratum (AS). All NAS communication is conducted via the NAS protocol ( Figure 1 The N1 interface (in the UE) occurs between the UE and the Access and Connection Management Function (AMF) in the CN. Communication at these layers is protected by the NAS protocol (for NAS) and the Packet Data Convergence Protocol (PDCP) protocol (for AS).

[0006] More details about 5G security can be found in TS 33.501[1]. Generally, the security mechanisms of these protocols rely on multiple different security keys. In the 5G security specification, these keys are organized in a hierarchical structure. At the top level, there is a long-term key portion of the authentication credentials, which is stored in the SIM card on the UE side and in the Unified Data Management / Authentication Credentials Storehouse and Processing Function (UDM / ARPF) on the Home Public Land Mobile Network (PLMN) side.

[0007] Successful primary authentication between the UE and the AUSF in the home PLMN can lead to K AUSF Key establishment, K AUSF The key is the second-level key in the hierarchy. This key is not intended to leave the home PLMN and is used for new features introduced in 5G systems, such as providing parameters from the home PLMN to the UE. More precisely, K AUSF The key can be used for integrity protection of messages transmitted from the home PLMN to the UE. As described in TS 33.501[1], such new features include Roaming Guided Routing (SoR) and UDM parameter transmission procedures.

[0008] K AUSF It can be used to export another key (K) sent to the service PLMN. SEAF Service PLMN key (K) SEAF These low-level keys can then be used to derive subsequent NAS and AS protection keys. These low-level keys, along with other security parameters (e.g., encryption algorithms, UE security capabilities, counter values ​​for replay protection in different protocols, etc.), constitute the 5G security context defined in TS33.501[1]. AUSF It is not part of the 5G security context because the 5G security context resides within the serving network. Summary of the Invention

[0009] According to some embodiments of the concept of the present invention, a mechanism can be provided to determine which security key to use in a message sent from the home PLMN to an electronic device.

[0010] According to some embodiments of the present invention, a method for operating the Authentication Server Function (AUSF) of a home PLMN is provided. The method includes receiving a first authentication request from a first PLMN authenticating an electronic device. The method further includes obtaining a first security key for integrity protection of messages transmitted from the home PLMN to the electronic device. The method also includes receiving a second authentication request from a second PLMN authenticating the electronic device. The method includes obtaining a second security key for integrity protection of the messages transmitted from the home PLMN to the electronic device. The method includes receiving a message protection request. The method further includes determining which of the first and second security keys is the most recent security key. The method includes using the most recent security key to protect the message associated with the message protection request.

[0011] The invention provides authentication server functionality (AUSF), computer programs, and computer program products for communication systems that perform operations similar to those described in the embodiments of the present invention.

[0012] One advantage it can provide is that it can be used for processes like SoR and UPU. AUSF The key is synchronized between the home PLMN and the electronic device. This advantage protects the integrity of information transmitted from the home PLMN to the electronic device. Another advantage is that no additional signaling overhead is required between the electronic device and the network.

[0013] According to other embodiments of the present invention, a method is provided in an electronic device configured to communicate with a home PLMN and a visited PLMN via a wireless air interface. The method includes sending a first registration request to a first PLMN to register the electronic device. The method further includes generating and storing a first security key for integrity protection of messages transmitted from the home PLMN to the electronic device. The method also includes sending a second registration request to a second PLMN authenticating the electronic device. The method further includes generating and storing a second security key for integrity protection of the messages transmitted from the home PLMN to the electronic device. The method also includes receiving a protected message from the home PLMN. The method further includes determining which of the first and second security keys is the most recent security key. The method includes using the most recent security key to determine the content of the message received from the home PLMN.

[0014] Electronic devices, computer programs, and computer program products that perform operations similar to those described in the embodiments of the present invention are provided. Attached Figure Description

[0015] The accompanying drawings, included to provide a further understanding of this disclosure and incorporated in and constituting a part of this application, illustrate specific, non-limiting embodiments of the inventive concept. In the drawings:

[0016] Figure 1 This is a block diagram showing an overview of the 5G architecture for non-roaming scenarios;

[0017] Figure 2 This is a block diagram illustrating a Local Offloading (LBO) architecture for a 5G core network with non-3GPP access.

[0018] Figure 3 This is a flowchart illustrating a management example of multiple KAUSFs for protecting messages transmitted from an HPLMN to an electronic device (e.g., a UE) according to some embodiments of this disclosure;

[0019] Figure 4 This is a block diagram illustrating some embodiments of an electronic device according to the concept of the present invention;

[0020] Figure 5 This is a block diagram illustrating core network nodes (e.g., AMF nodes, etc.) according to some embodiments of the concept of the present invention;

[0021] Figure 6 This is a block diagram showing PLMN nodes (e.g., AUSF nodes);

[0022] Figure 7 This is a flowchart illustrating the operation of an AUSF node according to some embodiments of the concept of the present invention;

[0023] Figure 8 This is a flowchart illustrating the operation of an electronic device according to some embodiments of the concept of the present invention;

[0024] Figure 9-11 This is a flowchart illustrating the operation of AUSF nodes and / or electronic devices according to some embodiments of the concept of the present invention;

[0025] Figure 12 This is a block diagram of a wireless network according to some embodiments;

[0026] Figure 13 This is a block diagram of a user equipment according to some embodiments;

[0027] Figure 14 This is a block diagram of a virtualized environment according to some embodiments;

[0028] Figure 15 This is a block diagram of a telecommunications network connected to a host computer via an intermediate network, according to some embodiments;

[0029] Figure 16 This is a block diagram of a host computer that communicates with a user equipment via a base station through a partially wireless connection, according to some embodiments.

[0030] Figure 17 It is a block diagram of a method implemented in a communication system including a host computer, a base station and a user equipment according to some embodiments;

[0031] Figure 18 It is a block diagram of a method implemented in a communication system including a host computer, a base station and a user equipment according to some embodiments;

[0032] Figure 19 This is a block diagram of a method implemented in a communication system including a host computer, a base station, and a user equipment, according to some embodiments; and

[0033] Figure 20 This is a block diagram of a method implemented in a communication system including a host computer, a base station, and a user equipment, according to some embodiments. Detailed Implementation

[0034] The concept of the invention will now be described more fully with reference to the accompanying drawings, in which examples of embodiments of the concept of the invention are shown. However, the concept of the invention can be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure is exhaustive and complete, and fully conveys the scope of the concept of the invention to those skilled in the art. It should also be noted that these embodiments are not mutually exclusive. Components from one embodiment may be assumed to be present / used in another embodiment.

[0035] The following description provides various embodiments of the disclosed subject matter. These embodiments are provided as illustrative examples and are not to be construed as limiting the scope of the disclosed subject matter. For example, specific details of the described embodiments may be modified, omitted, or expanded without departing from the scope of the described subject matter.

[0036] In TS 33.501[1], there exists a way to utilize K AUSF Two characteristics of the key.

[0037] The first of these two features is the Roaming Guided Routing (SoR) security mechanism described in Clause 6.14 of TS 33.501[1]. The SoR mechanism is used to transmit information about the preferred PLMN list from the UDM in the home PLMN to the UE. This information is included in an integrity-protected message, where K AUSF The key can be used to calculate the Message Authentication Code (MAC), as described in Appendix A.17 of TS 33.501[1].

[0038] The second of the two features is a UE parameter update (UPU) via the UDM control procedure security mechanism specified in Clause 6.15 of TS 33.501[1]. This control procedure is used to transmit UE parameter updates from the UDM in the home PLMN to the UE. The UPU update can be included in an integrity-protected message, where K AUSF Used to calculate MAC (see Appendix A.19 of TS 33.501[1].

[0039] In a 5G system, a UE can be registered to the network simultaneously via 3GPP access and non-3GPP access. In this case, the UE can establish and maintain two parallel NAS connections and run any NAS procedures in parallel to independently and in parallel request resources and access services through each access. The UE can also be registered to two different PLMNs simultaneously, each PLMN through a specific type of access, such as from TS 23.501[2]. Figure 2 As shown.

[0040] exist Figure 2 In this scenario, the UE is registered to the visited PLMN via 3GPP access (in Figure 2 Designated as VPLMN1), and registered to different visited PLMNs via non-3GPP access (in Figure 2 The UE is designated as VPLMN2. Therefore, the UE can communicate in parallel with two different visited PLMNs. To protect the communication, the UE may need to maintain and use two different 5G security contexts in parallel, each associated with a specific PLMN, as described in Clause 6.3.2 of TS 33.501[1]. These two 5G security contexts are generated from two different independent master authentication processes involving the HPLMN, each process being used to access the specific VPLMN corresponding to the access. Each process will typically be performed during the initial registration to each VPLMN.

[0041] One potential problem is that these master authentications may result in two different Ks on the HPLMN side and the UE side. AUSF Key. It may be unclear whether there are two different keys. AUSF Which of the keys will be used for services such as SoR or UDM parameter updates? If the UE and AUSF K AUSF If the keys are not synchronized, the UE and AUSF may use different keys for procedures such as SoR and SoS. AUSF The key is at risk, causing integrity checks to fail. Therefore, the HPLMN information may not be transmitted. The UE will not know whether the failure is due to entity tampering with the information or due to the use of an incorrect key. AUSF This failure can also lead to a deadlock because if the UE does not receive an acknowledgment message due to an integrity check failure, AUSF will simply try to retransmit the message, which will only result in the same failure.

[0042] Figure 4 This is a block diagram illustrating an electronic device 400 (also referred to as a terminal, mobile terminal, mobile communication terminal, wireless communication device, wireless terminal, wireless device, wired device, user equipment UE, user equipment node / terminal / device, etc.) configured to provide communication according to an embodiment of the concept of the present invention. The electronic device 400 can be a wired device or a wireless device. (When the electronic device 400 is a wireless device, it can provide wireless functionality, for example, as described below for...) Figure 12 (As discussed in the wireless device 4110.) As shown in the figure, when the electronic device 400 is a wireless electronic device, the wireless electronic device may include an antenna 409 (e.g., corresponding to...) Figure 12 Antenna 4111) and transceiver circuit 407 (also referred to as transceiver, for example, corresponding to Figure 12The transceiver circuit 407 includes an interface 4114), and is configured to provide access to a radio access network via a base station (e.g., corresponding to a base station). Figure 12 The network node 4160) provides uplink and downlink radio communication transmitters and receivers. Electronic device 400 may also include processing circuitry 403 (also referred to as a processor, for example, corresponding to...) coupled to the transceiver circuitry. Figure 12 The processing circuit 4120) and the memory circuit 405 (also referred to as memory, for example, corresponding to the processing circuit) coupled to the processing circuit. Figure 12 The device-readable medium 4130. The memory circuitry 405 may include computer-readable program code that, when executed by the processing circuitry 403, causes the processing circuitry to perform operations according to embodiments disclosed herein. According to other embodiments, the processing circuitry 403 may be defined to include memory so that a separate memory circuitry is not required. The electronic device 400 may also include a network interface 401 coupled to the processing circuitry 4033 and configured to provide communication with a base station, and may include other interfaces (e.g., a user interface) coupled to the processing circuitry 4033 for communication therewith, and / or the electronic device may be contained within a vehicle.

[0043] As discussed herein, the operation of electronic device 400 can be performed by processing circuitry 403 and / or transceiver circuitry 407. For example, when electronic device 400 is a wireless device, processing circuitry 403 can control transceiver circuitry 407 to send communications to a radio access network node (also known as a base station) via transceiver circuitry 407 on a radio interface and / or receive communications from a RAN node via transceiver circuitry 401 on a radio interface. Furthermore, modules can be stored in memory circuitry 405, and these modules can provide instructions such that when the instructions of the modules are executed by processing circuitry 403, processing circuitry 403 performs corresponding operations (e.g., the operations discussed below with respect to example embodiments relating to electronic devices).

[0044] Figure 5This is a block diagram illustrating units of an AMF configured to provide communication according to an embodiment of the concept of the present invention. As shown, the AMF may include at least one network interface circuit 507 (also referred to as a network interface) configured to provide communication with nodes (e.g., with SMFs, ANs, and / or core network nodes). The AMF may also include at least one processor circuit 503 (also referred to as a processor) coupled to a transceiver and at least one memory circuit 505 (also referred to as a memory) coupled to the processor. The memory circuit 505 may include computer-readable program code that, when executed by the processor 503, causes the processor 503 to perform operations according to embodiments disclosed herein. According to other embodiments, the processor 503 may be defined to include memory so that a separate memory circuit is not required.

[0045] As discussed herein, the operation of the AMF can be performed by processor 503 and / or network interface 507. Modules can be stored in memory 505, and these modules can provide instructions such that when the instructions of the modules are executed by processor 503, processor 503 performs corresponding operations (e.g., the operations discussed below with reference to example embodiments).

[0046] According to some other embodiments, the network node can be implemented as a core network (CN) node without a transceiver. In such an embodiment, the network node can initiate transmissions to an electronic device that is a wireless electronic device, such that the transmission to the wireless electronic device is provided through a network node including a transceiver (e.g., through a base station or RAN node). According to an embodiment where the network node is an RAN node including a transceiver, initiating a transmission can include sending via the transceiver.

[0047] Figure 6 This is a block diagram illustrating the elements of a Public Land Mobile Network (PLMN) node (e.g., AUSSF node 600) configured to provide cellular communication according to an embodiment of the concept of the present invention. As shown, the AUSSF node 600 may include network interface circuitry 607 (also referred to as a network interface) configured to provide communication with other nodes in the core network and / or radio access network (RAN). The AUSF node may also include processing circuitry 603 (also referred to as a processor) coupled to the network interface circuitry and memory circuitry 605 (also referred to as a memory) coupled to the processing circuitry. The memory circuitry 605 may include computer-readable program code that, when executed by the processing circuitry 603, causes the processing circuitry to perform operations according to embodiments disclosed herein. According to other embodiments, the processing circuitry 603 may be defined to include memory, thereby eliminating the need for a separate memory circuitry.

[0048] As discussed herein, the operation of AUSF node 600 can be performed by processing circuitry 603 and / or network interface circuitry 607. For example, processing circuitry 603 can control network interface circuitry 607 to send communications to or / or receive communications from one or more other network nodes via network interface circuitry 607. Furthermore, modules can be stored in memory 605, and these modules can provide instructions such that when the instructions of the modules are executed by processing circuitry 603, processing circuitry 603 performs corresponding operations (e.g., the operations discussed below with respect to example embodiments involving core network nodes).

[0049] In this set of embodiments, the electronic device 400 and the AUSF 600 in the home PLMN maintain and use a K AUSF The key is used regardless of whether the electronic device 600 is registered via one or both access methods and to which PLMNs it is registered to (e.g., visited PLMN1 and / or visited PLMN2). In one embodiment of these embodiments, the AUSF 600 and the electronic device 400 may use only the latest key generated from the most recent (e.g., most recent) successful master authentication run. AUSF ,like Figure 3 As shown.

[0050] Go to Figure 3 In operation 1a, electronic device 400 registers with the AMF 5001 of the first visited PLMN 1 via an access type (e.g., 3GPP or non-3GPP). In operation 1b, the registration results in primary authentication with the AMF 600 of the home PLMN. The AMF 600 of the home PLMN and electronic device 400 establish the first K... AUSF Key. For example, AUSF 600 and electronic device 400 can generate the first key as specified in Clause 6.1.3 of TS 33.501. AUSF Key. The AUSF 600 and electronic device 400 store K in operations 2a and 2b respectively. AUSF Key.

[0051] In operation 3a, electronic device 400 registers with AMF 6001 of the second visited PLMN2 via an access type (e.g., non-3GPP or 3GPP). In operation 3b, the registration results in primary authentication with AMF 600 of the home PLMN. AMF 600 of the home PLMN and electronic device 400 establish a second K... AUSF Key. For example, AUSF 600 and Electronic Device 400 can generate a second key as specified in Clause 6.1.3 of TS33.501. AUSF Key. The AUSF 600 and electronic device 400 store K in operations 2a and 2b respectively.AUSF Key and tracking the latest K AUSF The key is as follows: Figure 7-11 As described in [the text].

[0052] At a certain point in time, the UDM 300 in the home PLMN can decide to use the SoR feature to transmit a new or updated PLMN preferred list to the electronic device 400. The UDM 300 can send a message protection request (e.g., a SoR protection request or a UPU protection request) to the AUSF 600 in the home PLMN. The AUSF 600 determines the latest K in operation 6. AUSF Key and use the latest K AUSF A key is used to protect the message associated with the message protection request. In operation 7, the AUSF 600 sends a protection message response to the UDM 300.

[0053] In operation 8, UDM 300 sends a protection message response (e.g., a protected SoR message, a protected UPU message, etc.) to electronic device 400. Electronic device 400 uses the latest stored K in operation 9. AUSF The key is used to determine the content of the protected message response.

[0054] Reference will now be made to some embodiments based on the concepts of the present invention. Figure 7 The flowchart will be used to discuss the AUSF node 600 (using... Figure 6 The structure of the module (implementation) allows for various operations. For example, a module can be stored in... Figure 6 The memory 605 contains these modules, and these modules can provide instructions such that when the instructions of the modules are executed by the corresponding AUSF node processing circuit 603, the processing circuit 603 performs the corresponding operation of the flowchart.

[0055] In operation 700, processing circuit 603 may receive a first registration and authentication request for electronic device 400 from the first PLMN via network interface 607. Processing circuit 603 may authenticate electronic device 400 based on the SUPI (User Permanent Identifier) ​​of electronic device 400 in the first registration and authentication request.

[0056] In operation 702, the processing circuit can generate the first security key (i.e., K). AUSF (Key). In operation 704, processing circuitry 603 may store the first security key. Operations 702 and 704 may include generating a first timestamp indicating when the first security key was generated and associating the first timestamp with the first security key. In other embodiments, a counter may be incremented when the first security key is generated, and the value of the counter may be associated with the first security key.

[0057] In operation 706, processing circuit 603 may receive a second registration and authentication request for electronic device 400 from the second PLMN via network interface 607. Processing circuit 603 may authenticate electronic device 400 based on the SUPI of electronic device 400 in the second registration and authentication request.

[0058] The processing circuit can generate a second security key (i.e., K) in operation 708. AUSF (Second security key). In operation 710, processing circuitry 603 may store the second security key. Operations 708 and 710 may include generating a second timestamp indicating when the second security key was generated and associating the second timestamp with the second security key. In other embodiments, a counter may be incremented when the second security key is generated, and the value of the counter may be associated with the second security key.

[0059] As previously described, the UDM 300 in the home PLMN can decide to use the SoR feature to transmit a new or updated PLMN preferred list to the electronic device 400. The UDM 300 can send message protection requests (such as SoR protection requests or UPU protection requests) to the AUSF node 600. In operation 712, the processing circuit 603 can receive message protection requests via the network interface 607.

[0060] In operation 714, processing circuitry 603 can determine which of the first and second security keys is the most recent security key. There are different methods for tracking and determining which of the first and second security keys is the most recent.

[0061] Go to Figure 9 In one embodiment, a timestamp is used to determine which of the first and second security keys is the most recent security key. As described above, the timestamp can be generated when the security key is generated and / or stored. In operation 900, processing circuitry 603 can obtain a first timestamp associated with the first security key. In operation 902, processing circuitry 603 can obtain a second timestamp associated with the second security key.

[0062] In operation 904, processing circuit 603 can determine whether the time of the first timestamp is later than the time of the second timestamp. In response to determining in operation 904 that the time of the first timestamp is later than the time of the second timestamp, processing circuit 603 can determine in operation 906 that the first security key is the latest security key. In response to determining in operation 904 that the time of the second timestamp is later than the time of the first timestamp, processing circuit 603 can determine in operation 908 that the second security key is the latest security key.

[0063] Go to Figure 10In another embodiment, a counter can be used to determine which of the first and second security keys is the most recent security key. As described above, the value of the counter can be incremented as the security key is generated and / or stored. In operation 1000, processing circuitry 603 can obtain the value of the counter associated with the first security key. In operation 1002, processing circuitry 603 can obtain the value of the counter associated with the second security key.

[0064] In operation 1004, processing circuit 603 can determine whether the value of the counter associated with the first security key is higher than the value of the counter associated with the second security key. In response to determining in operation 1004 that the value of the counter associated with the first security key is higher than the value of the counter associated with the second security key, processing circuit 603 can determine in operation 1006 that the first security key is the latest security key. In response to determining in operation 1004 that the value of the counter associated with the first security key is not higher than the value of the counter associated with the second security key, processing circuit 603 can determine in operation 1008 that the second security key is the latest security key.

[0065] Go to Figure 11 In another embodiment, the AUSF node 600 can discard "old" security keys (e.g., delete stored security keys) when a new security key is generated and stored. In operation 1100, the processing circuitry can determine which of the first and second security keys is the stored security key, i.e., which is the latest security key. In other words, the processing circuitry 603 can determine in operation 1100 whether the first security key is the latest security key. In response to the first security key being the stored security key in operation 1100, the processing circuitry 603 can determine in operation 1102 that the first security key is the latest security key and delete the second security key (if the second security key was not previously deleted). In response to the first security key not being the stored security key in operation 1100 (i.e., the second security key is the stored security key), the processing circuitry 603 can determine in operation 1104 that the second security key is the latest security key and delete the first security key (if the first security key was not previously deleted).

[0066] Return to Figure 7 In operation 716, processing circuit 603 can use the latest security key to protect the message in the message protection request.

[0067] Some embodiments of AUSF nodes and related methods, from Figure 7 Various operations in the flowchart can be optional. For example, when an AUSF node discards the "old" security key when a new security key is generated, Figure 7The operation in box 714 can be optional.

[0068] There may be a situation where electronic device 400 is registered in two different VPLMNs simultaneously (see, for example). Figure 2 According to TS 33.501[1], the interviewed PLMN can trigger a new re-authentication process at any time, resulting in the establishment of a new security key. Figure 2 In the scenario shown, if respondents PLMN1 and PLMN2 trigger the main authentication process at close or overlapping time intervals, a race condition and K exist. AUSF The risk of asynchrony. Solutions to such scenarios can be implementation-specific, as the AUSF node 600 controls two processes (SoR and Master Authentication), and therefore some processes can be paused, for example, to reduce the K-level difference between the electronic device 400 and the home PLMN. AUSF Risk of key mismatch.

[0069] In yet another embodiment, different AUSF instances can be used in the HPLMN to run primary authentication for different access types. Therefore, where AUSF node 600 discards the "old" security key when a new security key is generated, the second K is generated in the second primary authentication in the second AUSF instance. AUSF When obtaining the key, it may be required to delete the first key generated in the first primary authentication in the first AUSF instance. AUSF Key. In these cases, the UDM receives confirmation from the second AUSF instance that the second AUSF instance has completed successful master authentication of the electronic device via the Nudm_UEAuthenticate_ResultConfirmation service operation. The UDM can send a deletion message to the first AUSF instance. AUSF The indication of the key. This requires the use of a new service operation, such as Nudm_UEAuthenticate_Notification, between the UDM and the first AUSF. Alternatively, if the AUSF implementation is completely stateless, each AUSF will manage a single UE context for the electronic device 400, where a single key will be stored. AUSF Key.

[0070] Reference will now be made to some embodiments based on the concepts of the present invention. Figure 8 The flowchart is used to discuss electronic device 400 (using Figure 4 The operation is implemented using the block diagram structure. For example, modules can be stored in... Figure 4 The memory 405 contains these modules, and these modules can provide instructions such that when the instructions of the modules are executed by the corresponding electronic device processing circuit 403, the processing circuit 403 performs the corresponding operation of the flowchart.

[0071] In operation 800, the processing circuit 403 may send a first registration and authentication request for the registration and authentication electronic device 400 to the first PLMN via network interface 401 (or via transceiver 407 in the case of a wireless device).

[0072] Processing circuit 403 can generate the first security key (i.e., K) in operation 802. AUSF (Key). In operation 804, processing circuitry 403 may store the first security key. Operations 802 and 804 may include generating a first timestamp indicating when the first security key was generated and associating the first timestamp with the first security key. In other embodiments, a counter may be incremented when the first security key is generated, and the value of the counter may be associated with the first security key.

[0073] In operation 806, the processing circuit 403 may send a second registration and authentication request for the registration and authentication electronic device 400 to the second PLMN via network interface 401 (or via transceiver 407 in the case of a wireless device).

[0074] Processing circuit 403 can generate a second security key (i.e., K) in operation 808. AUSF (Second security key). In operation 810, processing circuitry 403 may store the second security key. Operations 808 and 810 may include generating a second timestamp indicating when the second security key was generated and associating the second timestamp with the second security key. In other embodiments, a counter may be incremented when the second security key is generated, and the value of the counter may be associated with the second security key.

[0075] In operation 812, the processing circuit 403 can receive the protected message via network interface 401 (or, in the case of a wireless device, via transceiver 407).

[0076] In operation 814, processing circuitry 403 can determine which of the first and second security keys is the most recent security key. There are different methods for tracking and determining which of the first and second security keys is the most recent security key.

[0077] Go to Figure 9 In one embodiment, a timestamp is used to determine which of the first and second security keys is the most recent security key. As described above, the timestamp can be generated when the security key is generated and / or stored. In operation 900, processing circuitry 403 can obtain a first timestamp associated with the first security key. In operation 902, processing circuitry 403 can obtain a second timestamp associated with the second security key.

[0078] In operation 904, processing circuit 403 can determine whether the time of the first timestamp is later than the time of the second timestamp. In response to determining in operation 904 that the time of the first timestamp is later than the time of the second timestamp, processing circuit 403 can determine in operation 906 that the first security key is the latest security key. In response to determining in operation 904 that the time of the second timestamp is later than the time of the first timestamp, processing circuit 403 can determine in operation 908 that the second security key is the latest security key.

[0079] Go to Figure 10 In another embodiment, a counter can be used to determine which of the first and second security keys is the most recent security key. As described above, the value of the counter can be incremented as the security key is generated and / or stored. In operation 1000, processing circuitry 403 can obtain the value of the counter associated with the first security key. In operation 1002, processing circuitry 403 can obtain the value of the counter associated with the second security key.

[0080] In operation 1004, processing circuit 403 may determine whether the value of the counter associated with the first security key is higher than the value of the counter associated with the second security key. In response to determining in operation 1004 that the value of the counter associated with the first security key is higher than the value of the counter associated with the second security key, processing circuit 403 may determine in operation 1006 that the first security key is the latest security key. In response to determining in operation 1004 that the value of the counter associated with the first security key is not higher than the value of the counter associated with the second security key, processing circuit 403 may determine in operation 1008 that the second security key is the latest security key.

[0081] Go to Figure 11 In another embodiment, processing circuitry 403 may discard "old" security keys (e.g., delete stored "old" security keys) when a new security key is generated and stored. In operation 1100, processing circuitry 403 may determine which of the first and second security keys is the stored security key, i.e., which is the latest security key. In other words, processing circuitry 403 may determine in operation 1100 whether the first security key is the latest security key. In response to the first security key being the stored security key in operation 1100, processing circuitry 403 may determine in operation 1102 that the first security key is the latest security key and delete the second security key (if the second security key was not previously deleted). In response to the first security key not being the stored security key in operation 1100 (i.e., the second security key is the stored security key), processing circuitry 403 may determine in operation 1104 that the second security key is the latest security key and delete the first security key (if the first security key was not previously deleted).

[0082] Return to Figure 8 In operation 816, processing circuitry 403 can use the latest security key to determine the content of protected messages received from the home PLMN. Protected messages can be UDM parameter update messages, roaming guidance messages, etc.

[0083] Some embodiments of electronic devices and related methods, from Figure 8 Various operations in the flowchart can be optional. For example, in an embodiment where the "old" security key is discarded when a new security key is generated, Figure 8 The operation of box 814 can be optional.

[0084] The following discusses example implementations.

[0085] 1. A method for configuring the Authentication Server Function (AUSF) of a Home Public Land Mobile Network (PLMN) to communicate with electronic devices via an interface, the method comprising:

[0086] Receive (700) first registration and authentication request from the first PLMN that is certifying the electronic device;

[0087] Generate (702) a first security key for integrity protection of messages transmitted from the home PLMN to the electronic device;

[0088] Store (704) the first security key;

[0089] Receive (706) a second registration and authentication request from the second PLMN that is certifying the electronic device;

[0090] Obtain (708) a second security key for integrity protection of messages transmitted from the home PLMN to the electronic device;

[0091] Store (710) the second security key;

[0092] Receive (712) message protection request;

[0093] Determine (714) which of the first and second security keys is the latest security key; and

[0094] Use the latest security key (716) to protect the message associated with the message protection request.

[0095] 2. The method according to Embodiment 1 further includes:

[0096] Generate a first timestamp indicating the time when the first security key was generated, and associate the first timestamp with the first security key;

[0097] Generate a second timestamp indicating the time when the second security key was generated, and associate the second timestamp with the second security key.

[0098] 3. According to the method described in Embodiment 2, determining which of the first security key and the second security key is the latest security key includes:

[0099] Obtain (900) first timestamp;

[0100] Obtain the second timestamp (902);

[0101] In response to the first time of the first timestamp being later than the second time of the second timestamp (904), it is determined (906) that the first security key is the latest security key; and

[0102] In response to the fact that the second time of the second timestamp is later than the first time of the first timestamp (904), it is determined (908) that the second security key is the latest security key.

[0103] 4. The method according to Embodiment 1 further includes:

[0104] Increment the counter when the first security key is generated, and associate the value of the counter with the first security key;

[0105] When the second security key is generated, the counter is incremented, and the value of the counter is associated with the second security key.

[0106] 5. According to the method described in Embodiment 4, determining which of the first security key and the second security key is the latest security key includes:

[0107] Obtain the value of the counter (1000) associated with the first security key;

[0108] Obtain the value of the counter associated with the second security key (1002);

[0109] In response to the fact that the value of the counter associated with the first security key is higher than the value of the counter associated with the second security key (1004), it is determined (1006) that the first security key is the latest security key; and

[0110] In response to the fact that the value of the counter associated with the second security key is higher than the value of the counter associated with the first security key (1004), it is determined (1008) that the second security key is the latest security key.

[0111] 6. The method according to any one of embodiments 1-5 further includes:

[0112] In response to the first security key being the latest security key (1100), delete (1102) the second security key; and

[0113] In response that the second security key is the latest security key (1100), delete (1104) the first security key.

[0114] 7. The method according to Embodiment 6, wherein the first PLMN is a first access type, the second PLMN is a second access type, wherein the first security key is generated by a first instance of AUSF associated with the first access type, the second security key is generated by a second instance of AUSF associated with the second access type, and wherein deleting the second security key includes:

[0115] Send a second instruction to the second instance of AUSF to delete the second security key; and

[0116] Deleting the first security key includes:

[0117] Send the first instruction to delete the first security key to the first instance of AUSF.

[0118] 8. The method according to any one of embodiments 1-7, wherein the message protection request is a message protection request for one of the roaming guidance SoR messages or UE parameter update messages.

[0119] 9. An Authentication Server Function (AUSF) for a communication system, the communication system including a Home Public Land Mobile Network (PLMN) configured to communicate with electronic devices via an interface, the AUSF comprising:

[0120] At least one processor (603) is configured to perform operations including:

[0121] Receive (700) first registration and authentication request from the first PLMN that is certifying the electronic device;

[0122] Generate (702) a first security key for the integrity protection of messages transmitted from the home public land mobile network (PLMN) to electronic devices;

[0123] Store (704) the first security key;

[0124] Receive (706) a second registration and authentication request from the second PLMN that is certifying the electronic device;

[0125] Obtain (708) a second security key for integrity protection of messages transmitted from the home PLMN to the electronic device;

[0126] Store (710) the second security key;

[0127] Receive (712) message protection request;

[0128] Determine (714) which of the first and second security keys is the latest security key; and

[0129] Use the latest security key (716) to protect the message associated with the message protection request.

[0130] 10. The AUSF according to embodiment 9, wherein at least one processor (603) is configured to perform further operations, including:

[0131] A first timestamp is generated when the first security key is generated, and the first timestamp is associated with the first security key;

[0132] A second timestamp is generated when the second security key is generated, and the second timestamp is associated with the second security key.

[0133] 11. According to the AUSF of Embodiment 10, determining which of the first security key and the second security key is the latest security key includes:

[0134] Obtain (900) the first timestamp indicating the first time the first security key was generated;

[0135] Obtain (902) a second timestamp indicating the second time when the second security key was generated;

[0136] The response occurs later than the second time (904), and it is determined (906) that the first security key is the latest security key; and

[0137] The response time is later than the first time (904), and it is determined (908) that the second security key is the latest security key.

[0138] 12. According to the AUSF of Embodiment 9, at least one processor (603) is configured to perform further operations, including:

[0139] Increment the counter when the first security key is generated, and associate the value of the counter with the first security key;

[0140] When the second security key is generated, the counter is incremented, and the value of the counter is associated with the second security key.

[0141] 13. According to the AUSF of Embodiment 12, determining which of the first security key and the second security key is the latest security key includes:

[0142] Obtain the value of the counter (1000) associated with the first security key;

[0143] Obtain the value of the counter associated with the second security key (1002);

[0144] In response to the fact that the value of the counter associated with the first security key is higher than the value of the counter associated with the second security key (1004), it is determined (1006) that the first security key is the latest security key; and

[0145] In response to the fact that the value of the counter associated with the second security key is higher than the value of the counter associated with the first security key (1004), it is determined (1006) that the second security key is the latest security key.

[0146] 14. The AUSF according to any one of embodiments 9-13, wherein at least one processor (603) is configured to perform further operations, including:

[0147] In response to the first security key being the latest security key (1100), delete (1102) the second security key; and

[0148] In response to the fact that the second security key is the latest security key (1100), the first security key (1102) is deleted.

[0149] 15. An AUSF node (600) configured to operate in a Home Public Land Mobile Network (PLMN) in a communication network, wherein the AUSF node is adapted to perform according to any one of embodiments 1-8.

[0150] 16. A computer program including program code to be executed by processing circuitry (603) of an Authentication Server Functional Node (600) of a Home Public Land Mobile Network configured to operate in a communication network, wherein execution of the program code causes the AUSF node (600) to perform the operation according to any one of embodiments 1-8.

[0151] 17. A computer program product including a non-transitory storage medium comprising program code to be executed by processing circuitry (603) of an authentication server function AUSF node (600) configured to operate in a communication network, wherein execution of the program code causes the AUSF node (600) to perform the operation according to any one of embodiments 1-8.

[0152] 18. A method in an electronic device (400) configured to communicate with a Home Public Land Mobile Network (PLMN) and a Visiting PLMN via a wireless air interface, the method comprising:

[0153] Send (800) authentication electronic device (400) first registration and authentication request to the first PLMN;

[0154] Generate (802) a first security key for integrity protection of messages transmitted from the home PLMN to the electronic device (400);

[0155] Store (804) the first security key;

[0156] Send (806) a second registration and authentication request to the second PLMN that is authenticating the electronic device (400);

[0157] Generate (808) a second security key for integrity protection of messages transmitted from the home PLMN to the electronic device (400);

[0158] Store (810) the second security key;

[0159] Receive the protected message (812) from the home PLMN;

[0160] Determine (814) which of the first and second security keys is the latest security key; and

[0161] Use the latest security key (816) to determine the content of messages received from the home PLMN.

[0162] 19. The method according to embodiment 18, wherein the protected message includes either a UDM parameter update message or a roaming guidance message.

[0163] 20. The method according to any one of Examples 18-19 further includes:

[0164] Generate a first timestamp indicating the time when the first security key was generated, and associate the first timestamp with the first security key;

[0165] Generate a second timestamp indicating the time when the second security key was generated, and associate the second timestamp with the second security key.

[0166] 21. The method according to embodiment 20, wherein determining which of the first security key and the second security key is the latest security key includes:

[0167] Obtain (900) first timestamp;

[0168] Obtain the second timestamp (902);

[0169] In response to the first time of the first timestamp being later than the second time of the second timestamp (904), it is determined (906) that the first security key is the latest security key; and

[0170] In response to the fact that the second time of the second timestamp is later than the first time of the first timestamp (904), it is determined (908) that the second security key is the latest security key.

[0171] 22. The method according to any one of Examples 18-19 further includes:

[0172] Increment the counter when the first security key is generated, and associate the value of the counter with the first security key;

[0173] When the second security key is generated, the counter is incremented, and the value of the counter is associated with the second security key.

[0174] 23. The method according to embodiment 22, wherein determining which of the first security key and the second security key is the latest security key includes:

[0175] Obtain the value of the counter (1000) associated with the first security key;

[0176] Obtain the value of the counter associated with the second security key (1002);

[0177] In response to the fact that the value of the counter associated with the first security key is higher than the value of the counter associated with the second security key (1004), it is determined (1006) that the first security key is the latest security key; and

[0178] In response to the fact that the value of the counter associated with the second security key is higher than the value of the counter associated with the first security key (1004), it is determined (1008) that the second security key is the latest security key.

[0179] 24. The method according to any one of Examples 18-23 further includes:

[0180] In response to the first security key being the latest security key (1100), delete (1102) the second security key; and

[0181] In response to the fact that the second security key is the latest security key (1100), the first security key (1102) is deleted.

[0182] 25. An electronic device (400) configured to communicate via an interface with a home public land mobile network (PLMN) and a visited PLMN, the electronic device (400) comprising:

[0183] At least one processor (403) is configured to perform operations including:

[0184] Send a (800) first registration and authentication request for the certified electronic device to the first PLMN;

[0185] Generate (802) a complete message for transmission from the home PLMN to the electronic device.

[0186] The first security key for sexual protection;

[0187] Store (804) the first security key;

[0188] Send (806) Second Registration and Authentication to the second PLMN that is certifying the electronic device.

[0189] ask;

[0190] Generate (808) a complete message for transmission from the home PLMN to the electronic device.

[0191] A second security key for sexual protection;

[0192] Store (810) the second security key;

[0193] Receive the protected message (812) from the home PLMN;

[0194] Determine (814) which of the first and second security keys is the latest security key; and

[0195] Use the latest security key (816) to determine the content of messages received from the home PLMN.

[0196] 26. The electronic device (400) according to embodiment 25, wherein the protected message includes one of a UDM parameter update message or a roaming guidance message.

[0197] 27. The electronic device (400) according to any one of embodiments 25-26, wherein at least one processor (403) performs further operations, including:

[0198] Generate a first timestamp indicating the time when the first security key was generated, and associate the first timestamp with the first security key;

[0199] Generate a second timestamp indicating the time when the second security key was generated, and associate the second timestamp with the second security key.

[0200] 28. The electronic device (400) according to embodiment 27, wherein determining which of the first security key and the second security key is the latest security key includes:

[0201] Obtain (900) first timestamp;

[0202] Obtain the second timestamp (902);

[0203] In response to the first time of the first timestamp being later than the second time of the second timestamp (904), it is determined (906) that the first security key is the latest security key; and

[0204] In response to the fact that the second time of the second timestamp is later than the first time of the first timestamp (904), it is determined (908) that the second security key is the latest security key.

[0205] 29. In the electronic device (400) according to any one of embodiments 25-26, at least one processor (403) performs further operations, including:

[0206] Increment the counter when the first security key is generated, and associate the value of the counter with the first security key;

[0207] When the second security key is generated, the counter is incremented, and the value of the counter is associated with the second security key.

[0208] 30. The electronic device (400) according to embodiment 29, wherein determining which of the first security key and the second security key is the latest security key includes:

[0209] Obtain the value of the counter (1000) associated with the first security key;

[0210] Obtain the value of the counter associated with the second security key (1002);

[0211] In response to the fact that the value of the counter associated with the first security key is higher than the value of the counter associated with the second security key (1004), it is determined (1006) that the first security key is the latest security key; and

[0212] In response to the fact that the value of the counter associated with the second security key is higher than the value of the counter associated with the first security key (1004), it is determined (1008) that the second security key is the latest security key.

[0213] 31. The electronic device (400) according to any one of embodiments 25-30, wherein at least one processor (403) performs further operations, including:

[0214] In response to the first security key being the latest security key (1100), delete (1102) the second security key; and

[0215] In response to the fact that the second security key is the latest security key (1100), the first security key (1102) is deleted.

[0216] 32. An electronic device (400) configured to operate in a communication network, wherein the electronic device is adapted to perform according to any one of embodiments 18-23.

[0217] 33. A computer program including program code to be executed by a processing circuit (403) of an electronic device (400) configured to operate in a communication network, wherein execution of the program code causes the electronic device (400) to perform any one of embodiments 18-23.

[0218] 34. A computer program product including a non-transitory storage medium comprising program code to be executed by a processing circuitry (403) of an electronic device (400) configured to operate in a communication network, wherein execution of the program code causes the electronic device (400) to perform any one of embodiments 18-23.

[0219] Additional notes are provided below.

[0220] Generally, unless a different meaning is clearly given and / or a different meaning is implied in the context of the use of the term, all terms used herein shall be interpreted according to their ordinary meaning in the relevant art. Unless expressly stated otherwise, all references to "a / an / element, device, component, part, step, etc." shall be explicitly interpreted as referring to at least one instance of that element, device, component, part, step, etc. Unless explicitly described as a step following or preceding another step and / or implicitly implied that a step must follow or precede another step, the steps of any method disclosed herein need not be performed in the exact order disclosed. Where appropriate, any feature of any embodiment disclosed herein may be applied to any other embodiment. Similarly, any advantage of any embodiment may be applied to any other embodiment, and vice versa. Other objects, features, and advantages of the appended embodiments will become apparent from the following description.

[0221] Some embodiments contemplated herein will now be described more fully with reference to the accompanying drawings. However, other embodiments are included within the scope of the subject matter disclosed herein, and the disclosed subject matter should not be construed as being limited to the embodiments set forth herein; rather, these embodiments are provided as examples to convey the scope of the subject matter to those skilled in the art.

[0222] Figure 12 A wireless network according to some embodiments is shown.

[0223] While the subjects described herein can be implemented in any suitable type of system using any appropriate components, the embodiments disclosed herein are relative to wireless networks (such as...). Figure 12The example wireless network shown is described below. For simplicity, Figure 12 The wireless network depicted only includes network 4106, network nodes 4160 and 4160b, and WD 4110, 4110b, and 4110c (also referred to as mobile terminals). In practice, the wireless network may further include any additional units suitable for supporting communication between wireless devices or between a wireless device and another communication device (such as a landline telephone, service provider, or any other network node or terminal device). Among the components shown, network node 4160 and wireless device (WD) 4110 are depicted in additional detail. The wireless network may provide communication and other types of services to one or more wireless devices to facilitate access to and / or use of services provided by or via the wireless network.

[0224] Wireless networks can include or be connected to any type of communications, telecommunications, data, cellular and / or radio network or other similar system. In some embodiments, a wireless network may be configured to operate according to a specific standard or other type of predefined rules or procedures. Thus, specific embodiments of a wireless network may implement: communication standards such as Global System for Mobile Communications (GSM), Universal Mobile Telecommunications System (UMTS), Long Term Evolution (LTE) and / or other suitable 2G, 3G, 4G, or 5G standards; wireless local area network (WLAN) standards such as the IEEE 802.11 standard; and / or any other suitable wireless communication standards such as Global Microwave Access Interoperability (WiMax), Bluetooth, Z-Wave, and / or ZigBee standards.

[0225] Network 4106 may include one or more backhaul networks, core networks, IP networks, public switched telephone networks (PSTN), packet data networks, optical networks, wide area networks (WAN), local area networks (LAN), wireless local area networks (WLAN), wired networks, wireless networks, metropolitan area networks, and other networks that enable communication between devices.

[0226] Network node 4160 and WD 4110 include various components described in more detail below. These components work together to provide network node and / or wireless device functionality, such as providing wireless connectivity in a wireless network. In various embodiments, the wireless network may include any number of wired or wireless networks, network nodes, base stations, controllers, wireless devices, relay stations, and / or any other components or systems that can facilitate or participate in the communication of data and / or signals (whether via wired or wireless connections).

[0227] As used herein, a network node refers to a device that is capable of, configured, positioned, and / or operable to communicate directly or indirectly with wireless devices and / or with other network nodes or devices in a wireless network to enable and / or provide wireless access to the wireless devices and / or perform other functions (e.g., management) in the wireless network. Examples of network nodes include, but are not limited to, access points (APs) (e.g., radio access points) and base stations (BSs) (e.g., radio base stations, Node Bs, evolved Node Bs (eNBs), and NR Node Bs (gNBs)). Base stations can be classified based on the coverage they provide (or, in other words, their transmit power levels), and can then be referred to as femtocells, picocells, microcells, or macrocells. A base station can be a relay node or a relay donor node that controls a relay. A network node can also include one or more (or all) portions of a distributed radio base station (e.g., centralized digital units and / or remote radio units (RRUs) (sometimes also referred to as remote radio heads (RRHs)). Such remote radio units may or may not be integrated with an antenna as an antenna-integrated radio. A portion of a distributed radio base station can also be referred to as a node in a distributed antenna system (DAS). Other examples of network nodes include MSR devices such as multi-standard radio MSR BS, network controllers such as radio network controllers (RNC) or base station controllers (BSC), base transceiver stations (BTS), transport points, transport nodes, multi-cell / multicast coordination entities (MCE), core network nodes (e.g., MSC, MME), O&M nodes, OSS nodes, SON nodes, location nodes (e.g., E-SMLC), and / or MDTs. As another example, a network node can be a virtual network node, as described in more detail below. However, more generally, a network node can represent any suitable device (or group of devices) capable of, configured, deployed, and / or operable to enable and / or provide access to a wireless network for wireless devices or to provide some service to wireless devices already connected to the wireless network.

[0228] exist Figure 12 In this network node 4160, processing circuitry 4170, device-readable medium 4180, interface 4190, auxiliary equipment 4184, power supply 4186, power supply circuitry 4187, and antenna 4162 are included. Although in Figure 12The network node 4160 shown in the example wireless network can represent a device including a combination of the hardware components shown, but other embodiments may include network nodes with different combinations of components. It should be understood that a network node includes any suitable combination of hardware and / or software required to perform the tasks, features, functions, and methods disclosed herein. Furthermore, although the components of network node 4160 are depicted as a single box located within a larger box or nested within multiple boxes, in practice, a network node may include multiple different physical components constituting a single illustrated component (e.g., device-readable medium 4180 may include multiple separate hard disk drives and multiple RAM modules).

[0229] Similarly, network node 4160 may include multiple physically separate components (e.g., node B components and RNC components, or BTS components and BSC components, etc.), each of which may have its own corresponding components. In some cases where network node 4160 includes multiple separate components (e.g., BTS and BSC components), one or more separate components may be shared among multiple network nodes. For example, a single RNC may control multiple node Bs. In such scenarios, in some cases, each unique node B and RNC pair may be considered a single, separate network node. In some embodiments, network node 4160 may be configured to support multiple radio access technologies (RATs). In such embodiments, some components may be duplicated (e.g., separate device-readable media 4180 for different RATs), while some components may be reused (e.g., the same antenna 4162 may be shared by RATs). Network node 4160 may also include multiple sets of various example components for different wireless technologies (e.g., GSM, WCDMA, LTE, NR, Wi-Fi, or Bluetooth wireless technologies) integrated into network node 4160. These wireless technologies can be integrated into the same or different chips or chipsets, as well as other components within network node 4160.

[0230] Processing circuitry 4170 is configured to perform any determination, calculation, or similar operation (e.g., a specific acquisition operation) described herein as being provided by a network node. These operations performed by processing circuitry 4170 may include, for example, processing information acquired by processing circuitry 4170 by converting acquired information into other information, comparing the acquired or converted information with information stored in the network node, and / or performing one or more operations based on the acquired or converted information; and making a determination as a result of said processing.

[0231] Processing circuitry 4170 may include a combination of one or more of a microprocessor, controller, central processing unit, digital signal processor, application-specific integrated circuit, field-programmable gate array, or any other suitable computing device, resource, or combination of hardware, software, and / or coded logic operable to provide the functionality of network node 4160, either alone or in combination with other network node 4160 components (e.g., device-readable medium 4180). For example, processing circuitry 4170 may execute instructions stored in device-readable medium 4180 or in memory within processing circuitry 4170. Such functionality may include providing any of the various wireless features, functions, or benefits discussed herein. In some embodiments, processing circuitry 4170 may include a system-on-a-chip (SoC).

[0232] In some embodiments, the processing circuitry 4170 may include one or more of a radio frequency (RF) transceiver circuitry 4172 and a baseband processing circuitry 4174. In some embodiments, the RF transceiver circuitry 4172 and the baseband processing circuitry 4174 may be on separate chips (or chipsets), boards, or units (e.g., radio units and digital units). In alternative embodiments, some or all of the RF transceiver circuitry 4172 and the baseband processing circuitry 4174 may be on the same chip or chipset, board, or unit.

[0233] In certain embodiments, some or all of the functions described herein as being provided by a network node, base station, eNB, or other such network device can be executed by processing circuitry 4170 by executing instructions stored on device-readable medium 4180 or memory within processing circuitry 4170. In alternative embodiments, some or all of the functions can be provided by processing circuitry 4170 without requiring, for example, hard-wiring execution of instructions stored on separate or separate device-readable media. In any of these embodiments, processing circuitry 4170 can be configured to perform the described functions regardless of whether instructions stored on device-readable storage media are executed. The benefits provided by such functions are not limited to processing circuitry 4170 or other components of network node 4160, but are enjoyed by network node 4160 as a whole and / or generally by end users and wireless networks.

[0234] Device-readable medium 4180 may include any form of volatile or non-volatile computer-readable storage, including but not limited to permanent storage devices, solid-state storage, remotely mounted memory, magnetic media, optical media, random access memory (RAM), read-only memory (ROM), mass storage media (e.g., hard disk), removable storage media (e.g., flash drives, optical discs (CDs), or digital video discs (DVDs)), and / or any other volatile or non-volatile, non-transitory device-readable and / or computer-executable storage device that stores information, data, and / or instructions that can be used by processing circuitry 4170. Device-readable medium 4180 may store any suitable instructions, data, or information, including computer programs, software, applications (including one or more of logic, rules, code, tables, etc.), and / or other instructions that can be executed by processing circuitry 4170 and utilized by network node 4160. Device-readable medium 4180 may be used to store any calculations performed by processing circuitry 4170 and / or any data received via interface 4190. In some embodiments, processing circuitry 4170 and device-readable medium 4180 may be considered integrated.

[0235] Interface 4190 is used in wired or wireless communication of signaling and / or data between network node 4160, network 4106, and / or WD 4110. As shown, interface 4190 includes a port / terminal 4194 for sending and receiving data to and from network 4106, for example, via a wired connection. Interface 4190 also includes radio front-end circuitry 4192 that may be coupled to antenna 4162 or, in a particular embodiment, is part of antenna 4162. Radio front-end circuitry 4192 includes a filter 4198 and an amplifier 4196. Radio front-end circuitry 4192 may be connected to antenna 4162 and processing circuitry 4170. Radio front-end circuitry 4192 may be configured to modulate signals transmitted between antenna 4162 and processing circuitry 4170. Radio front-end circuitry 4192 may receive digital data that will be transmitted to other network nodes or WD via a wireless connection. The radio front-end circuit 4192 can use a combination of filter 4198 and / or amplifier 4196 to convert digital data into radio signals with appropriate channel and bandwidth parameters. The radio signals can then be transmitted via antenna 4162. Similarly, when receiving data, antenna 4162 can collect radio signals, which are then converted into digital data by the radio front-end circuit 4192. The digital data can be passed to processing circuitry 4170. In other embodiments, the interface may include different components and / or different combinations of components.

[0236] In certain alternative embodiments, network node 4160 may not include a separate radio front-end circuitry 4192. Instead, processing circuitry 4170 may include radio front-end circuitry and may be connected to antenna 4162 without a separate radio front-end circuitry 4192. Similarly, in some embodiments, all or part of RF transceiver circuitry 4172 may be considered part of interface 4190. In other embodiments, interface 4190 may include one or more ports or terminals 4194, radio front-end circuitry 4192, and RF transceiver circuitry 4172 as part of a radio unit (not shown), and interface 4190 may communicate with baseband processing circuitry 4174, which is part of a digital unit (not shown).

[0237] Antenna 4162 may include one or more antennas or antenna arrays configured to transmit and / or receive wireless signals. Antenna 4162 may be coupled to radio front-end circuitry 4190 and may be any type of antenna capable of wirelessly transmitting and receiving data and / or signals. In some embodiments, antenna 4162 may include one or more omnidirectional, sector, or planar antennas operable to transmit / receive radio signals between, for example, 2 GHz and 66 GHz. Omnidirectional antennas can be used to transmit / receive radio signals in any direction, sector antennas can be used to transmit / receive radio signals from devices within a specific area, and planar antennas can be line-of-sight antennas used to transmit / receive radio signals in a relatively straight line. In some cases, the use of more than one antenna may be referred to as MIMO. In certain embodiments, antenna 4162 may be detachable from network node 4160 and can be connected to network node 4160 via an interface or port.

[0238] Antenna 4162, interface 4190, and / or processing circuitry 4170 may be configured to perform any receive operation and / or specific acquisition operation described herein as being performed by a network node. Any information, data, and / or signals can be received from a wireless device, another network node, and / or any other network device. Similarly, antenna 4162, interface 4190, and / or processing circuitry 4170 may be configured to perform any transmit operation described herein as being performed by a network node. Any information, data, and / or signals can be transmitted to a wireless device, another network node, and / or any other network device.

[0239] Power supply circuitry 4187 may include or be coupled to power management circuitry and is configured to provide power to the components of network node 4160 for performing the functions described herein. Power supply circuitry 4187 may receive power from power source 4186. Power source 4186 and / or power supply circuitry 4187 may be configured to provide power to the respective components of network node 4160 in a manner suitable for each component (e.g., at the voltage and current levels required by each respective component). Power source 4186 may be included in or outside of power supply circuitry 4187 and / or network node 4160. For example, network node 4160 may be connected to an external power source (e.g., a power outlet) via input circuitry or an interface (e.g., a cable), whereby the external power source provides power to power supply circuitry 4187. As yet another example, power source 4186 may include a power source in the form of a battery or battery pack connected to or integrated into power supply circuitry 4187. The battery can provide backup power if the external power source fails. Other types of power sources, such as photovoltaic devices, may also be used.

[0240] Alternative embodiments of network node 4160 may include Figure 12 Additional components beyond those shown may be responsible for providing specific aspects of the functionality of the network node, including any of the functions described herein and / or any functions necessary to support the topics described herein. For example, network node 4160 may include a user interface device to allow information to be input into and output from network node 4160. This can allow users to perform diagnostic, maintenance, repair, and other management functions on network node 4160.

[0241] As used herein, a wireless device (WD) means a device capable of, configured, positioned, and / or operable to wirelessly communicate with network nodes and / or other wireless devices. Unless otherwise stated, the term WD may be used interchangeably with User Equipment (UE) herein. Wireless communication may involve sending and / or receiving wireless signals using electromagnetic waves, radio waves, infrared waves, and / or other types of signals suitable for transmitting information over the air. In some embodiments, a WD may be configured to send and / or receive information without direct human interaction. For example, a WD may be designed to send information to a network according to a predetermined schedule when triggered by an internal or external event or in response to a request from the network. Examples of WDs include, but are not limited to, smartphones, mobile phones, cellular phones, Voice over IP (VoIP) phones, wireless local loop phones, desktop computers, personal digital assistants (PDAs), wireless cameras, game consoles or devices, music storage devices, playback devices, wearable terminal devices, wireless endpoints, mobile stations, tablets, laptops, laptop built-in equipment (LEE), laptop installed equipment (LME), smart devices, wireless customer premises equipment (CPE), in-vehicle wireless terminal equipment, etc. A WD can support device-to-device (D2D) communication, for example, by implementing 3GPP standards for secondary link communication, vehicle-to-vehicle (V2V), vehicle-to-infrastructure (V2I), and vehicle-to-everything (V2X), and in this case, it can be referred to as a D2D communication device. As another specific example, in the Internet of Things (IoT) scenario, a WD can represent a machine or other device that performs monitoring and / or measurement and sends the results of such monitoring and / or measurement to another WD and / or network node. In this case, the WD can be a machine-to-machine (M2M) device, which can be referred to as an MTC device in the 3GPP context. As a specific example, a WD can be a UE that implements the 3GPP Narrowband Internet of Things (NB-IoT) standard. Specific examples of such machines or devices are sensors, metering devices such as power meters, industrial machinery, or household or personal appliances (e.g., refrigerators, televisions, etc.), personal wearable devices (e.g., watches, fitness trackers, etc.). In other cases, a WD can represent a vehicle or other device capable of monitoring and / or reporting its operational status or other functions associated with its operation. As described above, a WD can represent a wirelessly connected endpoint, in which case the device can be referred to as a wireless terminal. Furthermore, as mentioned above, the WD can be mobile, in which case it can also be referred to as a mobile device or mobile terminal.

[0242] As shown in the figure, wireless device 4110 includes an antenna 4111, an interface 4114, processing circuitry 4120, a device-readable medium 4130, a user interface device 4132, auxiliary devices 4134, a power supply 4136, and a power supply circuit 4137. WD 4110 may include one or more of the components shown for different wireless technologies supported by WD 4110 (e.g., GSM, WCDMA, LTE, NR, Wi-Fi, WiMAX, or Bluetooth wireless technologies, to name a few). These wireless technologies may be integrated into the same or different chips or chipsets as other components in WD 4110.

[0243] Antenna 4111 may include one or more antennas or antenna arrays configured to transmit and / or receive wireless signals and is connected to interface 4114. In certain alternative embodiments, antenna 4111 may be detached from WD 4110 and may be connected to WD 4110 via an interface or port. Antenna 4111, interface 4114, and / or processing circuitry 4120 may be configured to perform any receive or transmit operations described herein as performed by a WD. Any information, data, and / or signals may be received from a network node and / or another WD. In some embodiments, radio front-end circuitry and / or antenna 4111 may be considered as an interface.

[0244] As shown in the figure, interface 4114 includes radio front-end circuitry 4112 and antenna 4111. Radio front-end circuitry 4112 includes one or more filters 4118 and amplifiers 4116. Radio front-end circuitry 4114 is connected to antenna 4111 and processing circuitry 4120 and is configured to modulate the signal transmitted between antenna 4111 and processing circuitry 4120. Radio front-end circuitry 4112 may be coupled to antenna 4111 or be part of antenna 4111. In some embodiments, WD 4110 may not include separate radio front-end circuitry 4112; instead, processing circuitry 4120 may include radio front-end circuitry and may be connected to antenna 4111. Similarly, in some embodiments, part or all of RF transceiver circuitry 4122 may be considered part of interface 4114. Radio front-end circuitry 4112 can receive digital data transmitted to other network nodes or WD via a wireless connection. Radio front-end circuitry 4112 may use a combination of filters 4118 and / or amplifiers 4116 to convert digital data into radio signals with appropriate channel and bandwidth parameters. Radio signals can then be transmitted via antenna 4111. Similarly, when receiving data, antenna 4111 can collect radio signals, which are then converted into digital data by radio front-end circuitry 4112. The digital data can then be passed to processing circuitry 4120. In other embodiments, the interface may include different components and / or different combinations of components.

[0245] Processing circuitry 4120 may include a combination of one or more of a microprocessor, controller, central processing unit, digital signal processor, application-specific integrated circuit, field-programmable gate array, or any other suitable computing device, resource, or combination of hardware, software, and / or coded logic operable to provide WD4110 functionality, alone or in combination with other WD4110 components (e.g., device-readable medium 4130). Such functionality may include providing any of the various wireless features or benefits discussed herein. For example, processing circuitry 4120 may execute instructions stored in device-readable medium 4130 or in memory within processing circuitry 4120 to provide the functionality disclosed herein.

[0246] As shown in the figure, the processing circuit 4120 includes one or more of the following: RF transceiver circuit 4122, baseband processing circuit 4124, and application processing circuit 4126. In other embodiments, the processing circuit may include different components and / or different combinations of components. In some embodiments, the processing circuit 4120 of WD 4110 may include a System-on-a-Chip (SOC). In some embodiments, the RF transceiver circuit 4122, baseband processing circuit 4124, and application processing circuit 4126 may be on a separate chip or chipset. In alternative embodiments, a portion or all of the baseband processing circuit 4124 and application processing circuit 4126 may be integrated into a single chip or chipset, while the RF transceiver circuit 4122 may be on a separate chip or chipset. In other alternative embodiments, a portion or all of the RF transceiver circuit 4122 and baseband processing circuit 4124 may be on the same chip or chipset, while the application processing circuit 4126 may be on a separate chip or chipset. In other alternative embodiments, some or all of the RF transceiver circuitry 4122, baseband processing circuitry 4124, and application processing circuitry 4126 may be integrated into the same chip or chipset. In some embodiments, the RF transceiver circuitry 4122 may be part of interface 4114. The RF transceiver circuitry 4122 may modulate the RF signal used for processing circuitry 4120.

[0247] In certain embodiments, some or all of the functions described herein as being performed by WD can be provided by processing circuitry 4120 that executes instructions stored on device-readable medium 4130 (which in certain embodiments may be computer-readable storage medium). In alternative embodiments, some or all of the functions can be provided by processing circuitry 4120 without requiring, for example, hard-wired execution of instructions stored on separate or separate device-readable media. In any of these particular embodiments, processing circuitry 4120 can be configured to perform the described functions regardless of whether instructions stored on device-readable storage media are executed. The benefits provided by such functionality are not limited to processing circuitry 4120 or other components of WD 4110, but are enjoyed by WD 4110 as a whole and / or generally by end users and wireless networks.

[0248] Processing circuitry 4120 may be configured to perform any determination, calculation, or similar operation (e.g., a specific acquisition operation) described herein as being performed by WD. These operations performed by processing circuitry 4120 may include, for example, processing information acquired by processing circuitry 4120 by converting acquired information into other information, comparing the acquired or converted information with information stored by WD 4110, and / or performing one or more operations based on the acquired or converted information; and making a determination as a result of said processing.

[0249] Device-readable medium 4130 is operable to store computer programs, software, applications (including one or more of logic, rules, code, tables, etc.) and / or other instructions executable by processing circuitry 4120. Device-readable medium 4130 may include computer memory (e.g., random access memory (RAM) or read-only memory (ROM), mass storage media (e.g., hard disk), removable storage media (e.g., optical disc (CD) or digital video disk (DVD))) and / or any other volatile or non-volatile, non-transitory device-readable and / or computer-executable storage device that stores information, data, and / or instructions usable by processing circuitry 4120. In some embodiments, processing circuitry 4120 and device-readable medium 4130 may be considered integrated.

[0250] User interface device 4132 can provide components that allow a human user to interact with WD 4110. This interaction can take many forms, such as visual, auditory, tactile, etc. User interface device 4132 can be operable to produce outputs to the user and allow the user to provide inputs to WD 4110. The type of interaction can vary depending on the type of user interface device 4132 installed in WD 4110. For example, if WD 4110 is a smartphone, the interaction can be via a touchscreen; if WD 4110 is a smart meter, the interaction can be via a screen providing usage information (e.g., gallons used) or a speaker providing audible alarms (e.g., if smoke is detected). User interface device 4132 can include input interfaces, devices, and circuitry, as well as output interfaces, devices, and circuitry. User interface device 4132 is configured to allow information to be input to WD 4110 and is connected to processing circuitry 4120 to allow processing circuitry 4120 to process the input information. User interface device 4132 can include, for example, a microphone, proximity sensor or other sensor, keys / buttons, a touch display, one or more cameras, a USB port, or other input circuitry. User interface device 4132 is also configured to allow information output from WD 4110, and to allow processing circuitry 4120 to output information from WD 4110. User interface device 4132 may include, for example, a speaker, display, vibration circuitry, USB port, headphone jack, or other output circuitry. Using one or more input and output interfaces, devices, and circuitry of user interface device 4132, WD 4110 can communicate with end users and / or wireless networks, allowing them to benefit from the functionality described herein.

[0251] The auxiliary device 4134 is operable to provide additional specific functions that might not normally be performed by the WD. This may include dedicated sensors for measurements for various purposes, interfaces for other types of communication such as wired communication, etc. The inclusion and type of components of the auxiliary device 4134 may vary depending on the embodiment and / or scenario.

[0252] In some embodiments, power supply 4136 may take the form of a battery or battery pack. Other types of power sources may also be used, such as an external power source (e.g., a power outlet), a photovoltaic device, or a battery. WD 4110 may also include power circuitry 4137 for delivering power from power supply 4136 to various parts of WD 4110 that require power from power supply 4136 to perform any function described or indicated herein. In certain embodiments, power circuitry 4137 may include power management circuitry. Power circuitry 4137 may additionally or alternatively be operable to receive power from an external power source. In this case, WD 4110 may be connected to an external power source (e.g., a power outlet) via input circuitry or an interface (e.g., a power cord). In certain embodiments, power circuitry 4137 may also be operable to deliver power from an external power source to power supply 4136. This may be used, for example, to charge power supply 4136. Power circuitry 4137 may perform any formatting, conversion, or other modifications to the power from power supply 4136 to suit the appropriate components of WD 4110 to which power is supplied.

[0253] Figure 13 A user device according to some embodiments is shown.

[0254] Figure 13 An embodiment of a UE according to the various aspects described herein is illustrated. As used herein, a user equipment or UE may not necessarily have a user in the sense of a human user who owns and / or operates the associated device. Rather, a UE may refer to a device intended for sale to or operated by a human user but which may not or initially may not be associated with a particular human user (e.g., a smart sprinkler controller). Alternatively, a UE may refer to a device not intended for sale to or operated by an end user but which may be associated with or operated for the benefit of a user (e.g., a smart power meter). UE4200 can be any UE identified by the 3rd Generation Partnership Project (3GPP), including NB-IoT UEs, Machine-Type Communication (MTC) UEs, and / or Enhanced MTC (eMTC) UEs. Figure 13 As shown, UE 4200 is an example of a WD configured to communicate according to one or more communication standards (such as 3GPP's GSM, UMTS, LTE, and / or 5G standards) issued by the 3rd Generation Partnership Project (3GPP). As previously stated, the terms WD and UE are used interchangeably. Therefore, although... Figure 13 This is for UE, but the components discussed in this article also apply to WD, and vice versa.

[0255] exist Figure 13In this embodiment, UE 4200 includes processing circuitry 4201, which is operatively coupled to an input / output interface 4205, a radio frequency (RF) interface 4209, a network connectivity interface 4211, a memory 4215 (including random access memory (RAM) 4217, read-only memory (ROM) 4219, and storage medium 4221, etc.), a communication subsystem 4231, a power supply 4233, and / or any other component or any combination thereof. Storage medium 4221 includes an operating system 4223, application programs 4225, and data 4227. In other embodiments, storage medium 4221 may include other similar types of information. A particular UE may utilize... Figure 13 All components shown, or only a subset of these components, can be used. The level of integration between components can vary from one UE to another. Furthermore, a particular UE may contain multiple instances of components, such as multiple processors, memories, transceivers, transmitters, receivers, etc.

[0256] exist Figure 13 In this embodiment, processing circuitry 4201 can be configured to process computer instructions and data. Processing circuitry 4201 can be configured to implement any sequential state machine operable to execute machine instructions stored as a machine-readable computer program in memory, such as one or more hardware-implemented state machines (e.g., discrete logic, FPGA, ASIC, etc.); programmable logic and appropriate firmware; one or more stored programs, a general-purpose processor (e.g., a microprocessor or digital signal processor (DSP)) and appropriate software; or any combination thereof. For example, processing circuitry 4201 may include two central processing units (CPUs). Data may be information in a form suitable for computer use.

[0257] In the depicted embodiments, the input / output interface 4205 may be configured to provide a communication interface to an input device, an output device, or both input and output devices. The UE 4200 may be configured to use an output device via the input / output interface 4205. The output device may use an interface port of the same type as the input device. For example, a USB port may be used to provide input to or output from the UE 4200. The output device may be a speaker, sound card, video card, display, monitor, printer, actuator, transmitter, smart card, another output device, or any combination thereof. The UE 4200 may be configured to use an input device via the input / output interface 4205 to allow a user to capture information into the UE 4200. The input device may include a touch-sensitive or presence-sensitive display, a camera (e.g., a digital camera, digital camcorder, webcam, etc.), a microphone, a sensor, a mouse, a trackball, a steering wheel, a trackpad, a scroll wheel, a smart card, etc. A presence-sensitive display may include a capacitive or resistive touch sensor to sense input from the user. Sensors can be, for example, accelerometers, gyroscopes, tilt sensors, force sensors, magnetometers, optical sensors, proximity sensors, another similar sensor, or any combination thereof. For example, input devices can be accelerometers, magnetometers, digital cameras, microphones, and optical sensors.

[0258] exist Figure 13 In this configuration, RF interface 4209 can be configured to provide a communication interface to RF components such as transmitters, receivers, and antennas. Network connectivity interface 4211 can be configured to provide a communication interface to network 4243a. Network 4243a may include wired and / or wireless networks, such as local area networks (LANs), wide area networks (WANs), computer networks, wireless networks, telecommunications networks, another similar network, or any combination thereof. For example, network 4243a may include a Wi-Fi network. Network connectivity interface 4211 can be configured to include receiver and transmitter interfaces for communicating with one or more other devices over the communication network according to one or more communication protocols (e.g., Ethernet, TCP / IP, SONET, ATM, or Ethernet, etc.). Network connectivity interface 4211 can implement receiver and transmitter functions suitable for communication network links (e.g., optical, electrical, etc.). Transmitter and receiver functions may share circuit components, software, or firmware, or alternatively, may be implemented separately.

[0259] RAM 4217 may be configured to be connected to processing circuitry 4201 via bus 4202 to provide storage or caching of data or computer instructions during the execution of software programs such as operating systems, applications, and device drivers. ROM 4219 may be configured to provide computer instructions or data to processing circuitry 4201. For example, ROM 4219 may be configured to store immutable low-level system code or data for basic system functions such as basic input and output (I / O), booting, and receiving keystrokes stored in non-volatile memory from a keyboard. Storage medium 4221 may be configured to include memory such as RAM, ROM, programmable read-only memory (PROM), erasable programmable read-only memory (EPROM), electrically erasable programmable read-only memory (EEPROM), disk, optical disk, floppy disk, hard disk, removable cassette tape, or flash memory drive. In one example, storage medium 4221 may be configured to include operating system 4223, application program 4225 such as a web browser application, widget or gadget engine, or another application, and data file 4227. Storage medium 4221 can store any one or a combination of various operating systems for use by UE 4200.

[0260] Storage medium 4221 can be configured to include multiple physical drive units, such as a redundant array of independent disks (RAID), a floppy disk drive, flash memory, a USB flash drive, an external hard disk drive, a thumb drive, a pen drive, a key drive, a high-density digital versatile optical disc (HD-DVD) drive, an internal hard disk drive, a Blu-ray disc drive, a holographic digital data storage (HDDS) disc drive, an external mini dual in-line memory module (DIMM), synchronous dynamic random access memory (SDRAM), external micro DIMM SDRAM, smart card memory (e.g., a user identity module or a removable user identity (SIM / RUIM) module), other memory, or any combination thereof. Storage medium 4221 can allow UE 4200 to access computer-executable instructions, applications, etc., stored on a transient or non-transient storage medium to offload or upload data. Articles of manufacture utilizing communication systems can be tangibly embodied in storage medium 4221, which may include device-readable media.

[0261] exist Figure 13In this embodiment, processing circuitry 4201 can be configured to communicate with network 4243b using communication subsystem 4231. Networks 4243a and 4243b can be the same network or different networks. Communication subsystem 4231 can be configured to include one or more transceivers for communicating with network 4243b. For example, communication subsystem 4231 can be configured to include one or more remote transceivers for communicating with one or more remote transceivers of another device (e.g., another WD, UE, or radio access network (RAN) base station) capable of wireless communication according to one or more communication protocols (e.g., IEEE 802.11, CDMA, WCDMA, GSM, LTE, UTRAN, WiMax, etc.). Each transceiver can include transmitter 4233 and / or receiver 4235 to implement transmitter or receiver functions (e.g., frequency allocation, etc.) suitable for the RAN link, respectively. Furthermore, the transmitter 4233 and receiver 4235 of each transceiver can share circuit components, software, or firmware, or alternatively can be implemented separately.

[0262] In the illustrated embodiment, the communication functions of the communication subsystem 4231 may include data communication, voice communication, multimedia communication, short-range communication such as Bluetooth, near-field communication, location-based communication such as using a Global Positioning System to determine location (GPS), another similar communication function, or any combination thereof. For example, the communication subsystem 4231 may include cellular communication, Wi-Fi communication, Bluetooth communication, and GPS communication. The network 4243b may include wired and / or wireless networks, such as a local area network (LAN), a wide area network (WAN), a computer network, a wireless network, a telecommunications network, another similar network, or any combination thereof. For example, the network 4243b may be a cellular network, a Wi-Fi network, and / or a near-field network. The power supply 4213 may be configured to provide alternating current (AC) or direct current (DC) power to the components of the UE 4200.

[0263] The features, benefits, and / or functions described herein may be implemented in one of the components of UE 4200 or may be partitioned among multiple components of UE 4200. Furthermore, the features, benefits, and / or functions described herein may be implemented in any combination of hardware, software, or firmware. In one example, the communication subsystem 4231 may be configured to include any of the components described herein. Additionally, the processing circuitry 4201 may be configured to communicate with any such component on bus 4202. In another example, any such component may be represented by program instructions stored in memory that perform the corresponding functions described herein when executed by the processing circuitry 4201. In another example, the functionality of any such component may be partitioned between the processing circuitry 4201 and the communication subsystem 4231. In yet another example, the non-computationally intensive functions of any such component may be implemented in software or firmware, while the computationally intensive functions may be implemented in hardware.

[0264] Figure 14 A virtualized environment according to some embodiments is shown.

[0265] Figure 14 This is a schematic block diagram illustrating a virtualization environment 4300 in which functionality implemented by some embodiments can be virtualized. In the current context, virtualization means creating virtual versions of devices or equipment, which may include virtualized hardware platforms, storage devices, and networking resources. As used herein, virtualization can be applied to nodes (e.g., virtualized base stations or virtualized radio access nodes) or devices (e.g., UEs, wireless devices, or any other type of communication equipment) or components thereof, and relates to an implementation in which at least a portion of functionality is implemented as one or more virtual components (e.g., via one or more applications, components, functions, virtual machines, or containers executed on one or more physical processing nodes in one or more networks).

[0266] In some embodiments, some or all of the functions described herein may be implemented as virtual components executed by one or more virtual machines implemented in one or more virtual environments 4300 hosted by one or more hardware nodes 4330. Furthermore, in embodiments where the virtual node is not a radio access node or does not require radio connectivity (e.g., a core network node), the network node may be fully virtualized.

[0267] These functionalities can be implemented by one or more applications 4320 (which may alternatively be referred to as software instances, virtual devices, network functions, virtual nodes, virtual network functions, etc.) operable to provide certain features, functions, and / or benefits of some embodiments disclosed herein. Application 4320 runs in a virtualization environment 4300, which provides hardware 4330 including processing circuitry 4360 and memory 4390. Memory 4390 contains instructions 4395 executable by processing circuitry 4360, thereby enabling application 4320 to operate to provide one or more features, benefits, and / or functions disclosed herein.

[0268] The virtualization environment 4300 includes general-purpose or special-purpose network hardware devices 4330, which include one or more processors or processing circuits 4360. The processors or processing circuits 4360 may be commercial off-the-shelf (COTS) processors, application-specific integrated circuits (ASICs), or any other type of processing circuitry including digital or analog hardware components or a special-purpose processor. Each hardware device may include a memory 4390-1, which may be a non-persistent memory for temporarily storing instructions 4395 or software executable by the processing circuits 4360. Each hardware device may include one or more network interface controllers (NICs) 4370 (also referred to as network interface cards), which include a physical network interface 4380. Each hardware device may also include a non-transitory, persistent machine-readable storage medium 4390-2 in which software 4395 and / or instructions executable by the processing circuits 4360 are stored. Software 4395 may include any type of software including software for instantiating one or more virtualization layers 4350 (also known as a hypervisor), software for executing virtual machine 4340, and software that allows it to perform functions, features, and / or benefits related to some of the embodiments described herein.

[0269] Virtual machine 4340 includes virtual processing, virtual memory, virtual network or interface, and virtual storage device, and can be run by a corresponding virtualization layer 4350 or hypervisor. Different embodiments of instances of virtual device 4320 can be implemented on one or more virtual machines 4340, and can be implemented in different ways.

[0270] During operation, the processing circuitry 4360 executes software 4395 to instantiate the system hypervisor or virtualization layer 4350, which may sometimes be referred to as the virtual machine monitor (VMM). The virtualization layer 4350 can present a virtual operating platform that appears to be networked hardware to the virtual machine 4340.

[0271] like Figure 14As shown, hardware 4330 can be a standalone network node with general or specific components. Hardware 4330 may include antenna 43225 and may implement some functions via virtualization. Alternatively, hardware 4330 may be part of a larger hardware cluster (such as in a data center or customer premises equipment (CPE)) where many hardware nodes work together and are managed by management and orchestration (MANO) 43100, which, among other things, oversees the lifecycle management of application 4320.

[0272] In some contexts, hardware virtualization is referred to as Network Functions Virtualization (NFV). NFV can be used to integrate many types of network devices onto industry-standard, high-capacity server hardware, physical switches, and physical storage devices that can be located in data centers and customer premises.

[0273] In the context of NFV, virtual machine 4340 can be a software implementation of a physical machine, which runs programs as if they were executed on a physical non-virtual machine. Each virtual machine 4340, along with the portion of hardware 4330 that executes that virtual machine (hardware dedicated to that virtual machine and / or hardware shared by that virtual machine with other virtual machines 4340), forms a separate virtual network element (VNE).

[0274] Still within the context of NFV, a Virtual Network Function (VNF) is responsible for handling specific network functions running in one or more virtual machines 4340 on top of the hardware networking infrastructure 4330, and corresponds to... Figure 14 Application 4320.

[0275] In some embodiments, one or more radio units 43200, including one or more transmitters 43220 and one or more receivers 43210, may be coupled to one or more antennas 43225. The radio unit 43200 may communicate directly with the hardware node 4330 via one or more suitable network interfaces, and may be used in combination with virtual components to provide a radio-capable virtual node, such as a radio access node or base station.

[0276] In some embodiments, a control system 43230 may be used to implement some signaling, which may alternatively be used for communication between hardware node 4330 and radio unit 43200.

[0277] Figure 15 A telecommunications network connected to a host computer via an intermediate network is shown according to some embodiments.

[0278] refer to Figure 15According to an embodiment, the communication system includes a telecommunications network 4410, such as a 3GPP-type cellular network, comprising an access network 4411, such as a radio access network, and a core network 4414. The access network 4411 includes multiple base stations 4412a, 4412b, 4412c (e.g., NB, eNB, gNB) or other types of wireless access points, each defining a corresponding coverage area 4413a, 4413b, 4413c. Each base station 4412a, 4412b, 4412c can be connected to the core network 4414 via a wired or wireless connection 4415. A first UE 4491 located in coverage area 4413c is configured to wirelessly connect to or be paged by the corresponding base station 4412c. A second UE 4492 located in coverage area 4413a can wirelessly connect to the corresponding base station 4412a. Although multiple UEs 4491 and 4492 are shown in this example, the disclosed embodiments are equally applicable to situations where a single UE is in the coverage area or a single UE is connected to the corresponding base station 4412.

[0279] Telecommunication network 4410 is itself connected to host computer 4430, which may be embodied in the hardware and / or software of a standalone server, a cloud-implemented server, a distributed server, or as processing resources in a server farm. Host computer 4430 may be under the ownership or control of a service provider, or may be operated by or on behalf of the service provider. Connections 4421 and 4422 between telecommunication network 4410 and host computer 4430 may extend directly from core network 4414 to host computer 4430, or via optional intermediate network 4420. Intermediate network 4420 may be one of public, private, or hosted networks, or a combination of more than one; intermediate network 4420 (if any) may be a backbone network or the Internet; in particular, intermediate network 4420 may include two or more subnetworks (not shown).

[0280] Overall, Figure 15The communication system enables connectivity between connected UEs 4491 and 4492 and host computer 4430. This connectivity can be described as an over-the-top (OTT) connection 4450. Host computer 4430 and connected UEs 4491 and 4492 are configured to transmit data and / or signaling via OTT connection 4450 using access network 4411, core network 4414, any intermediate network 4420, and possibly other infrastructure (not shown) as intermediaries. OTT connection 4450 can be transparent in the sense that the participating communication devices traversed by OTT connection 4450 are unaware of the routes of uplink and downlink communications. For example, it may not be necessary to inform base station 4412 of past routes of incoming downlink communications originating from host computer 4430 that are to be forwarded (e.g., transferred) to connected UE 4491. Similarly, base station 4412 does not need to know the future routes of outgoing uplink communications from UE 4491 to host computer 4430.

[0281] Figure 16 A host computer is shown communicating with a user equipment via a base station over a partial wireless connection, according to some embodiments.

[0282] Now refer to Figure 16 Example implementations of the UE, base station, and host computer discussed in the preceding paragraphs according to embodiments are described below. In communication system 4500, host computer 4510 includes hardware 4515, which includes a communication interface 4516 configured to establish and maintain wired or wireless connections with different communication devices of communication system 4500. Host computer 4510 also includes processing circuitry 4518, which may have storage and / or processing capabilities. In particular, processing circuitry 4518 may include one or more programmable processors, application-specific integrated circuits, field-programmable gate arrays, or combinations thereof (not shown) adapted to execute instructions. Host computer 4510 also includes software 4511, which is stored in or accessible by host computer 4510 and executable by processing circuitry 4518. Software 4511 includes host application 4512. Host application 4512 is operable to provide services to remote users of UE 4530, such as those connected to UE 4530 via OTT connection 4550 terminated at UE 4530 and host computer 4510. In providing services to remote users, host application 4512 can provide user data sent using OTT connection 4550.

[0283] The communication system 4500 also includes a base station 4520 installed in the telecommunications system, and the base station 4520 includes hardware 4525 that enables it to communicate with the host computer 4510 and the UE 4530. Hardware 4525 may include a communication interface 4526 for establishing and maintaining wired or wireless connections with different communication devices of the communication system 4500, and for establishing and maintaining connections with areas within the coverage area served by the base station 4520. Figure 16 The UE 4530 (not shown) has at least a radio interface 4527 for a wireless connection 4570. A communication interface 4526 can be configured to facilitate a connection 4560 with a host computer 4510. The connection 4560 can be direct, or it can be connected via the core network of a telecommunications system (…). Figure 16 (Not shown) and / or via one or more intermediate networks outside the telecommunications system. In the illustrated embodiment, the hardware 4525 of the base station 4520 also includes processing circuitry 4528, which may include one or more programmable processors, application-specific integrated circuits, field-programmable gate arrays, or combinations thereof (not shown) adapted to execute instructions. The base station 4520 also has software 4521 stored internally or accessible via an external connection.

[0284] The communication system 4500 also includes the previously mentioned UE 4530. The hardware 4535 of the UE 4530 may include a radio interface 4537 configured to establish and maintain a radio connection 4570 with a base station serving the coverage area where the UE 4530 is currently located. The hardware 4535 of the UE 4530 also includes processing circuitry 4538, which may include one or more programmable processors, application-specific integrated circuits, field-programmable gate arrays, or combinations thereof (not shown) suitable for executing instructions. The UE 4530 also includes software 4531 stored in or accessible by the UE 4530 and executable by the processing circuitry 4538. The software 4531 includes a client application 4532. The client application 4532 is operable to provide services to human or non-human users via the UE 4530 with the support of a host computer 4510. In host computer 4510, the executing host application 4512 can communicate with the executing client application 4532 via an OTT connection 4550 terminated between UE 4530 and host computer 4510. In providing services to a user, client application 4532 can receive request data from host application 4512 and provide user data in response to the request data. OTT connection 4550 can transmit both request data and user data. Client application 4532 can interact with the user to generate user data provided by the user.

[0285] Notice, Figure 16The host computer 4510, base station 4520, and UE 4530 shown can be respectively connected to Figure 15 The host computer 4430, base stations 4412a, 4412b, and 44412c, and UEs 4491 and 4492 are similar to or identical to each other. That is to say, the internal working principles of these entities can be as follows: Figure 16 As shown, and independently, the surrounding network topology can be Figure 15 The surrounding network topology.

[0286] exist Figure 16 The OTT connection 4550 has been abstractly depicted to illustrate communication between host computer 4510 and UE 4530 via base station 4520, without explicitly referencing any intermediate devices or the precise routing of messages via these devices. The network infrastructure can determine the routing, and can be configured to hide the routing from UE 4530 or the service provider operating host computer 4510, or both. When the OTT connection 4550 is active, the network infrastructure can further make decisions, dynamically changing the routing accordingly (e.g., based on load balancing considerations or network reconfiguration).

[0287] The radio connection 4570 between UE 4530 and base station 4520 is based on the teachings of embodiments described throughout this disclosure. One or more of the various embodiments can improve the performance of OTT services provided to UE 4530 using OTT connection 4550 (where radio connection 4570 forms the final segment). More precisely, the teachings of these embodiments can improve random access speed and / or reduce random access failure rate, thereby providing benefits such as faster and / or more reliable random access.

[0288] Measurement procedures may be provided for the purpose of monitoring data rates, latency, and other factors improved thereon in one or more embodiments. Optional network functions may also be available for reconfiguring the OTT connection 4550 between the host computer 4510 and the UE 4530 in response to changes in measurement results. The measurement procedures and / or network functions for reconfiguring the OTT connection 4550 may be implemented in the software 4511 and hardware 4515 of the host computer 4510, or in the software 4531 and hardware 4535 of the UE 4530, or both. In embodiments, sensors (not shown) may be deployed in or associated with communication devices through which the OTT connection 4550 passes; the sensors may participate in the measurement procedures by providing values ​​of the monitored quantities as exemplified above, or by providing values ​​of other physical quantities from which the software 4511, 4531 can calculate or estimate the monitored quantities. Reconfiguration of the OTT connection 4550 may include message formats, retransmission settings, preferred routing, etc. Reconfiguration does not need to affect the base station 4520, and it may be unknown or imperceptible to the base station 4520. Such processes and functions are known and practiced in the art. In a particular embodiment, the measurement may involve proprietary UE signaling, which facilitates the host computer 4510 to measure throughput, propagation time, latency, etc. Measurements can be made because software 4511 and 4531 cause the use of OTT connection 4550 to send messages, particularly empty or "dummy" messages, during their monitoring of propagation time, errors, etc.

[0289] Figure 17 Methods implemented in a communication system including a host computer, a base station, and a user equipment, according to some embodiments, are illustrated.

[0290] Figure 17 This is a flowchart illustrating a method implemented in a communication system according to one embodiment. The communication system includes a host computer, a base station, and a UE, which may be referenced... Figure 15 and Figure 16 The host computer, base station, and UE are described. To simplify this disclosure, this section includes only descriptions of... Figure 17 Referring to the accompanying drawings. In step 4610, the host computer provides user data. In sub-step 4611 of step 4610 (which may be optional), the host computer provides user data by executing a host application. In step 4620, the host computer initiates a transmission carrying user data to the UE. In step 4630 (which may be optional), in accordance with the teachings of the embodiments described throughout this disclosure, the base station sends the user data carried in the host computer-initiated transmission to the UE. In step 4640 (which may also be optional), the UE executes a client application associated with the host application executed by the host computer.

[0291] Figure 18 Methods implemented in a communication system including a host computer, a base station, and a user equipment, according to some embodiments, are illustrated.

[0292] Figure 18 This is a flowchart illustrating a method implemented in a communication system according to one embodiment. The communication system includes a host computer, a base station, and a UE, which may be referenced... Figure 15 and Figure 16 The host computer, base station, and UE are described. To simplify this disclosure, this section includes only descriptions of... Figure 18 Refer to the accompanying drawings. In step 4710 of the method, the host computer provides user data. In an optional sub-step (not shown), the host computer provides user data by executing a host application. In step 4720, the host computer initiates a transmission carrying user data to the UE. Based on the teachings of the embodiments described throughout this disclosure, this transmission can be performed via a base station. In step 4730 (which may be optional), the UE receives the user data carried in the transmission.

[0293] Figure 19 Methods implemented in a communication system including a host computer, a base station, and a user equipment, according to some embodiments, are illustrated.

[0294] Figure 19 This is a flowchart illustrating a method implemented in a communication system according to one embodiment. The communication system includes a host computer, a base station, and a UE, which may be referenced... Figure 15 and Figure 16 The host computer, base station, and UE are described. To simplify this disclosure, this section includes only descriptions of... Figure 19 Referring to the accompanying drawings. In step 4810 (which may be optional), the UE receives input data provided by the host computer. Additionally or alternatively, in step 4820, the UE provides user data. In sub-step 4821 of step 4820 (which may be optional), the UE provides user data by executing a client application. In sub-step 4811 of step 4810 (which may be optional), the UE executes a client application that provides user data in response to the received input data provided by the host computer. When providing user data, the executed client application may further consider user input received from the user. Regardless of the specific manner in which user data is provided, the UE initiates the transmission of user data to the host computer in sub-step 4830 (which may be optional). In step 4840 of the method, the host computer receives user data sent from the UE, in accordance with the teachings of the embodiments described throughout this disclosure.

[0295] Figure 20 Methods implemented in a communication system including a host computer, a base station, and a user equipment, according to some embodiments, are illustrated.

[0296] Figure 20 This is a flowchart illustrating a method implemented in a communication system according to one embodiment. The communication system includes a host computer, a base station, and a UE, which may be referenced... Figure 15 and Figure 16 The host computer, base station, and UE are described. To simplify this disclosure, this section includes only descriptions of... Figure 20 Refer to the accompanying drawings. In step 4910 (which may be optional), the base station receives user data from the UE according to the teachings of the embodiments described throughout this disclosure. In step 4920 (which may be optional), the base station initiates a transmission of the received user data to the host computer. In step 4930 (which may be optional), the host computer receives the user data carried in the transmission initiated by the base station.

[0297] Any suitable steps, methods, features, functions, or benefits disclosed herein can be performed by one or more functional units or modules of one or more virtual devices. Each virtual device may include multiple such functional units. These functional units may be implemented via processing circuitry, which may include one or more microprocessors or microcontrollers and other digital hardware, including digital signal processors (DSPs), application-specific digital logic, etc. The processing circuitry may be configured to execute program code stored in memory, which may include one or more types of memory, such as read-only memory (ROM), random access memory (RAM), cache memory, flash memory devices, optical storage devices, etc. The program code stored in the memory includes program instructions for executing one or more telecommunications and / or data communication protocols and instructions for executing one or more technologies described herein. In some implementations, the processing circuitry may be used to cause corresponding functional units to perform corresponding functions according to one or more embodiments of this disclosure.

[0298] The term “unit” may have its conventional meaning in the field of electronic devices, electrical equipment and / or electronic equipment, and may include, for example, electrical and / or electronic circuits, devices, modules, processors, memories, logic solid-state and / or discrete devices, computer programs or instructions for performing the corresponding tasks, processes, calculations, outputs and / or display functions as described herein.

[0299] Other definitions and examples are discussed below.

[0300] When a unit is referred to as “connected to,” “coupled to,” “responding to,” or a variation thereof to another unit, it may be directly connected to, coupled to, or responding to another unit, or there may be intermediate units present. In contrast, when a unit is referred to as “directly connected to,” “directly coupled to,” or “directly responding to,” or a variation thereof to another unit, there are no intermediate units present. The same numbering throughout this document refers to the same unit. Furthermore, as used herein, “coupled,” “connected,” “responding,” or variations thereof may include wireless coupling, connection, or response. As used herein, the singular forms “a,” “an,” and “the” are intended to also include the plural forms unless the context explicitly indicates otherwise. For the sake of brevity and / or clarity, well-known functions or structures may not be described in detail. The term “and / or” includes any and all combinations of one or more of the listed associated items.

[0301] It will be understood that although the terms first, second, third, etc., may be used herein to describe various units / operations, these units / operations should not be limited by these terms. These terms are used only to distinguish one unit / operation from another. Therefore, a first unit / operation in some embodiments may be referred to as a second unit / operation in other embodiments without departing from the teachings of the inventive concept. The same reference numerals or reference indicators throughout this specification denote the same or similar units.

[0302] As used herein, the terms “comprising,” “including,” “having,” or variations thereof are open-ended and include one or more of the stated features, integers, units, steps, components, or functions, but do not exclude the presence or addition of one or more other features, integers, units, steps, components, functions, or combinations thereof. Furthermore, as used herein, the general abbreviation “for example,” derived from the Latin phrase “exempli gratia,” may be used to introduce or specify one or more general examples of previously mentioned items, and is not intended as a limitation on such items. The general abbreviation “i.e.,” derived from the Latin phrase “id est,” may be used to specify specific items from a more general description.

[0303] This document describes exemplary embodiments with reference to block diagrams and / or flowcharts of computer-implemented methods, apparatus (systems and / or devices), and / or computer program products. It will be understood that the blocks of the block diagrams and / or flowcharts, and combinations of blocks in the block diagrams and / or flowcharts, can be implemented by computer program instructions that execute via one or more computer circuits. These computer program instructions can be provided to processor circuitry of general-purpose computer circuitry, special-purpose computer circuitry, and / or other programmable data processing circuitry to produce a machine such that, when executed via a processor of a computer and / or other programmable data processing apparatus, these instructions, transform and control transistors, values ​​stored in memory cells, and other hardware components within such circuitry to implement the functions / operations specified in one or more blocks of the block diagrams and / or flowcharts, thereby producing means (functions) and / or structures that implement the functions / operations specified in the blocks of the block diagrams and / or flowcharts.

[0304] These computer program instructions can also be stored in a tangible computer-readable medium that enables a computer or other programmable data processing apparatus to operate in a particular manner, such that the instructions stored in the computer-readable medium produce an article of manufacture comprising instructions that implement the functions / operations specified in one or more blocks of a block diagram and / or flowchart. Therefore, embodiments of the present invention concept can be embodied in hardware and / or software (including firmware, resident software, microcode, etc.) that runs on a processor such as a digital signal processor, and the hardware and / or software can be collectively referred to as a “circuit,” a “module,” or a variation thereof.

[0305] It should also be noted that in some alternative implementations, the functions / operations marked in the boxes may occur in a different order than those marked in the flowchart. For example, two consecutive boxes may actually be executed substantially in parallel, and they may sometimes be executed in reverse order, depending on the functions / operations involved. Furthermore, the function of a given box in a flowchart and / or block diagram may be divided into multiple boxes, and / or the functions of two or more boxes in a flowchart and / or block diagram may be at least partially integrated. Finally, other boxes may be added / inserted between the shown boxes, and / or boxes / operations may be omitted without departing from the scope of the inventive concept. Additionally, although some diagrams include arrows on the communication path to indicate the main direction of communication, it will be understood that communication may occur in the opposite direction to the arrows shown.

[0306] Many changes and modifications can be made to the embodiments without substantially departing from the principles of the inventive concept. All such changes and modifications are intended to be included within the scope of the inventive concept herein. Therefore, the subject matter disclosed above is to be considered illustrative rather than restrictive, and the examples of embodiments are intended to cover all such modifications, enhancements, and other embodiments falling within the spirit and scope of the inventive concept. Thus, to the fullest extent permitted by law, the scope of the inventive concept will be determined by the broadest permissible interpretation of this disclosure (including examples of embodiments and their equivalents) and should not be limited or restricted by the detailed description above.

[0307] The following provides an explanation of the various abbreviations / acronyms used in this disclosure.

[0308] Abbreviation Explanation

[0309] 3GPP Third Generation Partnership Project

[0310] 5G fifth-generation wireless system

[0311] NG Next Generation

[0312] IoT (Internet of Things)

[0313] AKA Authentication and Key Negotiation

[0314] AMF Access and Mobility Management Functions

[0315] AN access network

[0316] AS Access Layer

[0317] AUSF Authentication Server Functionality

[0318] CN Core Network

[0319] CP control plane

[0320] eNB Evolutionary Node B

[0321] gNB Next Generation Node B

[0322] HPLMN belongs to the public land mobile network.

[0323] LTE Long Term Evolution (4th Generation Wireless System)

[0324] MAC Message Authentication Code

[0325] NAS Network Access Layer

[0326] NF Network Functions

[0327] ng-eNB Next Generation Evolution Node B

[0328] PDCP Packet Data Convergence Protocol

[0329] PLMN Public Land Mobile Network

[0330] QoS (Quality of Service)

[0331] RAN (Radio Access Network)

[0332] (R)AN Both 3GPP and non-3GPP access networks

[0333] SA2 3GPP Architecture Working Group

[0334] SA3 3GPP Security Group

[0335] SEAF Safety Anchor Function

[0336] SIM User Identity Module

[0337] SoR Roaming Guide

[0338] UDM Unified Data Management

[0339] UE (User Equipment) or End User Equipment

[0340] UP User Interface

[0341] The following are references to the above-mentioned public information.

[0342] Reference [1]: 3GPP TS 33.501V15.0.0 (March 2018).

[0343] Reference [2]: 3GPP TS 23.501V15.1.0 (March 2018), Technical Specification Group Services and Systems; System Architecture of 5G Systems; Phase 2 (Version 15)

Claims

1. A method for configuring the Authentication Server Function (AUSF) of a Home Public Land Mobile Network (PLMN) to communicate with electronic devices via an interface, the method comprising: Receive the first authentication request from the first PLMN that is authenticating the electronic device; Obtain a first security key for integrity protection of messages transmitted from the home PLMN to the electronic device, wherein the first security key is obtained in response to successful authentication based on the first authentication request; Receive a second authentication request from the second PLMN that is authenticating the electronic device; Obtain a second security key for integrity protection of the message transmitted from the home PLMN to the electronic device, wherein the second security key is obtained in response to successful authentication based on the second authentication request; Receive message protection request; Determine which of the first and second security keys is the latest security key; and Use the latest security key to protect the message associated with the message protection request.

2. The method according to claim 1, further comprising: Generate a first timestamp indicating the first time the first security key was obtained, and associate the first timestamp with the first security key; as well as Generate a second timestamp indicating the second time when the second security key was obtained, and associate the second timestamp with the second security key.

3. The method according to claim 2, wherein, Determining which of the first and second security keys is the latest security key includes: Obtain the first timestamp; Obtain the second timestamp; In response to the first time of the first timestamp being later than the second time of the second timestamp, it is determined that the first security key is the latest security key; and In response to the second time of the second timestamp being later than the first time of the first timestamp, it is determined that the second security key is the latest security key.

4. The method according to claim 1, further comprising: When the first security key is obtained, the counter is incremented, and the value of the counter is associated with the first security key; as well as When the second security key is obtained, the counter is incremented, and the value of the counter is associated with the second security key.

5. The method according to claim 4, wherein, Determining which of the first and second security keys is the latest security key includes: Obtain the value of the counter associated with the first security key; Obtain the value of the counter associated with the second security key; In response to the value of the counter associated with the first security key being higher than the value of the counter associated with the second security key, it is determined that the first security key is the latest security key; and In response to the fact that the value of the counter associated with the second security key is higher than the value of the counter associated with the first security key, it is determined that the second security key is the latest security key.

6. The method according to claim 1, further comprising: In response to the first security key being the latest security key, the second security key is deleted; as well as In response to the second security key being the latest security key, the first security key is deleted.

7. The method according to claim 6, wherein, The first PLMN is a first access type, and the second PLMN is a second access type. The first security key is generated by a first instance of the AUSF associated with the first access type, and the second security key is generated by a second instance of the AUSF associated with the second access type. Deleting the second security key includes: Send a second instruction to the second instance of the AUSF to delete the second security key; and Deleting the first security key includes: Send a first instruction to the first instance of the AUSF to delete the first security key.

8. The method according to claim 6, wherein, Deleting the second security key includes deleting the second security key in response to the first security key being stored, and deleting the first security key includes deleting the first security key in response to the second security key being stored.

9. The method according to claim 1, wherein, The message protection request is a message protection request used in either the roaming guidance SoR message or the UE parameter update message.

10. An Authentication Server Function (AUSF) for a communication system, the communication system including a Home Public Land Mobile Network (PLMN) configured to communicate with electronic devices via an interface, the AUSF comprising: At least one processor is configured to perform operations including: Receive the first authentication request from the first PLMN that is authenticating the electronic device; Obtain a first security key for integrity protection of messages transmitted from the Home Public Land Mobile Network (PLMN) to the electronic device, wherein the first security key is obtained in response to successful authentication based on the first authentication request; Receive a second authentication request from the second PLMN that is authenticating the electronic device; Obtain a second security key for integrity protection of the message transmitted from the home PLMN to the electronic device, wherein the second security key is obtained in response to successful authentication based on the second authentication request; Receive message protection request; Determine which of the first and second security keys is the latest security key; and Use the latest security key to protect the message associated with the message protection request.

11. The AUSF according to claim 10, wherein, The at least one processor is configured to perform further operations, the further operations including: A first timestamp is generated upon obtaining the first security key, and the first timestamp is associated with the first security key; and A second timestamp is generated when the second security key is obtained, and the second timestamp is associated with the second security key.

12. The AUSF according to claim 10, wherein, Determining which of the first and second security keys is the latest security key includes: Receive the first timestamp of the first time at which the first security key is obtained; Obtain a second timestamp indicating the second time when the second security key was obtained; In response to the first time being later than the second time, it is determined that the first security key is the latest security key; and In response to the second time being later than the first time, it is determined that the second security key is the latest security key.

13. The AUSF according to claim 10, wherein, The at least one processor is configured to perform further operations, the further operations including: Increment a counter upon obtaining the first security key, and associate the value of the counter with the first security key; and When the second security key is obtained, the counter is incremented, and the value of the counter is associated with the second security key.

14. The AUSF according to claim 13, wherein, Determining which of the first and second security keys is the latest security key includes: Obtain the value of the counter associated with the first security key; Obtain the value of the counter associated with the second security key; In response to the value of the counter associated with the first security key being higher than the value of the counter associated with the second security key, it is determined that the first security key is the latest security key; and In response to the fact that the value of the counter associated with the second security key is higher than the value of the counter associated with the first security key, it is determined that the second security key is the latest security key.

15. A method in an electronic device configured to communicate with a Home Public Land Mobile Network (PLMN) and a Visiting PLMN via a wireless air interface, the method comprising: Send a first authentication request to the first PLMN to authenticate the electronic device; Upon successful authentication based on the first authentication request, a first security key is generated for integrity protection of messages transmitted from the home PLMN to the electronic device; Send a second authentication request to the second PLMN that is authenticating the electronic device; Upon successful authentication based on the second authentication request, a second security key is generated for the integrity protection of the message transmitted from the home PLMN to the electronic device; Receive protected messages from the home PLMN; Determine which of the first security key and the second security key is the latest security key; as well as The latest security key is used to determine the content of messages received from the home PLMN.

16. The method according to claim 15, wherein, The protected message includes either a UDM parameter update message or a roaming guidance message.

17. The method of claim 15, further comprising: Generate a first timestamp indicating the time when the first security key was generated, and associate the first timestamp with the first security key; as well as A second timestamp indicating the time when the second security key was generated is generated, and the second timestamp is associated with the second security key.

18. The method according to claim 17, wherein, Determining which of the first and second security keys is the latest security key includes: Obtain the first timestamp; Obtain the second timestamp; In response to the first time of the first timestamp being later than the second time of the second timestamp, it is determined that the first security key is the latest security key; and In response to the second time of the second timestamp being later than the first time of the first timestamp, it is determined that the second security key is the latest security key.

19. The method of claim 15, further comprising: A counter is incremented when the first security key is generated, and the value of the counter is associated with the first security key; as well as The counter is incremented when the second security key is generated, and the value of the counter is associated with the second security key.

20. The method according to claim 19, wherein, Determining which of the first and second security keys is the latest security key includes: Obtain the value of the counter associated with the first security key; Obtain the value of the counter associated with the second security key; In response to the value of the counter associated with the first security key being higher than the value of the counter associated with the second security key, it is determined that the first security key is the latest security key; and In response to the fact that the value of the counter associated with the second security key is higher than the value of the counter associated with the first security key, it is determined that the second security key is the latest security key.

21. An electronic device configured to communicate with a Home Public Land Mobile Network (PLMN) and a Visiting PLMN via a wireless air interface, the electronic device comprising: At least one processor is configured to perform operations including: Send a first authentication request to the first PLMN to authenticate the electronic device; Upon successful authentication based on the first authentication request, a first security key is generated for integrity protection of messages transmitted from the home PLMN to the electronic device; Send a second authentication request to the second PLMN that is authenticating the electronic device; Upon successful authentication based on the second authentication request, a second security key is generated for the integrity protection of the message transmitted from the home PLMN to the electronic device; Receive protected messages from the home PLMN; Determine which of the first and second security keys is the latest security key; and The latest security key is used to determine the content of messages received from the home PLMN.

22. The electronic device according to claim 21, wherein, The protected message includes either a UDM parameter update message or a roaming guidance message.

23. The electronic device according to claim 21, wherein, The at least one processor is configured to perform further operations, the further operations including: Generate a first timestamp indicating the time when the first security key was generated, and associate the first timestamp with the first security key; and A second timestamp indicating the time when the second security key was generated is generated, and the second timestamp is associated with the second security key.

24. The electronic device according to claim 23, wherein, Determining which of the first and second security keys is the latest security key includes: Obtain the first timestamp; Obtain the second timestamp; In response to the first time of the first timestamp being later than the second time of the second timestamp, it is determined that the first security key is the latest security key; and In response to the second time of the second timestamp being later than the first time of the first timestamp, it is determined that the second security key is the latest security key.

25. The electronic device according to claim 21, wherein, The at least one processor is configured to perform further operations, the further operations including: A counter is incremented when the first security key is generated, and the value of the counter is associated with the first security key; and The counter is incremented when the second security key is generated, and the value of the counter is associated with the second security key.

26. The electronic device according to claim 25, wherein, Determining which of the first and second security keys is the latest security key includes: Obtain the value of the counter associated with the first security key; Obtain the value of the counter associated with the second security key; In response to the value of the counter associated with the first security key being higher than the value of the counter associated with the second security key, it is determined that the first security key is the latest security key; and In response to the fact that the value of the counter associated with the second security key is higher than the value of the counter associated with the first security key, it is determined that the second security key is the latest security key.