Method and apparatus for base station structure and protocol stack for SBI-based n2 interface in wireless communication system

The proposed solution addresses the challenges of improving the security and efficiency of data transmission between base stations and core networks, particularly in the terahertz band, where path loss and atmospheric absorption phenomena are minimized, ensuring robust and efficient data transmission.

WO2026127471A1PCT designated stage Publication Date: 2026-06-18SAMSUNG ELECTRONICS CO LTD

Patent Information

Authority / Receiving Office
WO · WO
Patent Type
Applications
Current Assignee / Owner
SAMSUNG ELECTRONICS CO LTD
Filing Date
2025-11-28
Publication Date
2026-06-18

AI Technical Summary

Technical Problem

Existing wireless communication systems face challenges in ensuring secure and efficient data transmission between base stations and core networks, particularly in the terahertz band of 6G communication systems, where path loss and atmospheric absorption are more severe, necessitating improved technologies for signal coverage and network optimization.

Method used

A base station structure and protocol stack method for an SBI-based N2 interface that supports enhanced data transmission and security key generation and distribution, utilizing a centralized control unit and distributed unit structure, which includes a centralized control unit and a distributed unit, to facilitate secure and efficient data transmission.

Benefits of technology

Enhances data transmission security and distribution, ensuring secure and efficient data transmission between base stations and core networks, particularly in the terahertz band, where path loss and atmospheric absorption phenomena are minimized, ensuring robust and efficient data transmission.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure KR2025020098_18062026_PF_FP_ABST
    Figure KR2025020098_18062026_PF_FP_ABST
Patent Text Reader

Abstract

The present disclosure relates to a 5G or 6G communication system for supporting a data transmission rate higher than that of a 4G communication system such as LTE. According to one embodiment of the present disclosure, a method and an apparatus for a base station structure and a protocol stack for an SBI-based N2 interface in a wireless communication system may be provided. A method performed by a first interface, according to one embodiment of the present disclosure, may comprise the steps of: receiving, from a second network entity that performs a function for mutual authentication between a user equipment and a network, first information for generating a base key used to derive at least one security key; providing, to the user equipment through a base station, the first information and second information for generating a non-access stratum (NAS) key; receiving, from the second network entity, the base key generated on the basis of the first information; obtaining a plurality of NAS keys corresponding to a plurality of network entities on the basis of the base key; and transmitting each of the plurality of NAS keys to each of the corresponding plurality of network entities.
Need to check novelty before this filing date? Find Prior Art

Description

Base station structure and protocol stack method and apparatus for an SBI-based N2 interface in a wireless communication system

[0001] The present disclosure relates to operations between a base station and a core network in a wireless communication system. More specifically, the present disclosure relates to a base station structure and protocol stack method and apparatus for an SBI-based N2 interface in a wireless communication system.

[0002] Looking back at the evolution of wireless communication through successive generations, technologies have been developed primarily for human-oriented services, such as voice, multimedia, and data. Following the commercialization of 5G (5th Generation) communication systems, connected devices, which have been increasing explosively, are expected to be connected to communication networks. Examples of networked objects include vehicles, robots, drones, home appliances, displays, smart sensors installed in various infrastructures, construction machinery, and factory equipment. Mobile devices are expected to evolve into various form factors, such as augmented reality glasses, virtual reality headsets, and holographic devices. In the 6G (6th Generation) era, efforts are underway to develop improved 6G communication systems to connect hundreds of billions of devices and objects to provide diverse services. For this reason, 6G communication systems are being referred to as "beyond 5G" systems.

[0003] In the 6G communication system predicted to be realized around 2030, the maximum transmission speed is tera (i.e., 1,000 gigabit) bps (bit per second), and the wireless latency is 100 microseconds (μsec). In other words, compared to the 5G communication system, the transmission speed in the 6G communication system is 50 times faster, and the wireless latency is reduced to one-tenth.

[0004] To achieve such high data transmission speeds and ultra-low latency, 6G communication systems are being considered for implementation in the terahertz (THz) band (e.g., the 95 gigahertz (GHz) to 3 terahertz (3THz) band). Due to more severe path loss and atmospheric absorption phenomena compared to the millimeter wave (mmWave) band introduced in 5G, the importance of technologies capable of guaranteeing signal reach, or coverage, is expected to increase in the terahertz band. As key technologies to ensure coverage, new waveforms, beamforming, and multi-antenna transmission technologies such as massive Multiple-Input and Multiple-Output (MIMO), Full Dimensional MIMO (FD-MIMO), array antennas, and large-scale antennas, which are superior in terms of coverage compared to RF (Radio Frequency) devices, antennas, and OFDM (Orthogonal Frequency Division Multiplexing), must be developed. In addition, new technologies such as metamaterial-based lenses and antennas, high-dimensional spatial multiplexing technology using Orbital Angular Momentum (OAM), and Reconfigurable Intelligent Surface (RIS) are being discussed to improve the coverage of terahertz band signals.

[0005] In addition, to improve frequency efficiency and system network, development is underway in 6G communication systems for full duplex technology, in which uplink and downlink simultaneously utilize the same frequency resources at the same time; network technology that integrates satellites and HAPS (High-Altitude Platform Stations); network structure innovation technology that supports mobile base stations and enables network operation optimization and automation; dynamic spectrum sharing technology through collision avoidance based on spectrum usage prediction; AI-based communication technology that utilizes AI (Artificial Intelligence) from the design stage and internalizes end-to-end AI support functions to realize system optimization; and next-generation distributed computing technology that realizes services of complexity exceeding the limits of terminal computing capabilities by utilizing ultra-high performance communication and computing resources (Mobile Edge Computing (MEC), cloud, etc.). In addition, attempts are continuing to further strengthen connectivity between devices, further optimize networks, promote the softwareization of network entities, and increase the openness of wireless communication through the design of new protocols to be used in 6G communication systems, the implementation of hardware-based security environments, the development of mechanisms for the safe utilization of data, and the development of technologies regarding privacy maintenance methods.

[0006] Due to the research and development of such 6G communication systems, it is expected that a new dimension of hyper-connected experience will become possible through the hyper-connectivity of 6G communication systems, which encompasses not only connections between objects but also connections between people and objects. Specifically, it is projected that 6G communication systems will enable the provision of services such as truly immersive eXtended Reality (XR), high-fidelity mobile holograms, and digital replicas. Furthermore, services such as remote surgery, industrial automation, and emergency response, which are provided through 6G communication systems with enhanced security and reliability, will be applied in various fields including industry, healthcare, automotive, and home appliances.

[0007] The present disclosure may provide a base station structure, a protocol stack, a method, and an apparatus for an SBI-based N2 interface in a wireless communication system. Additionally, the present disclosure may provide a base station structure and a protocol stack for an interface to support an enhanced interface for transmitting control data between a base station and a core network.

[0008] The technical problems to be solved in this disclosure are not limited to those mentioned above, and other technical problems not mentioned will be clearly understood by those skilled in the art to which this disclosure belongs from the description below.

[0009] According to one embodiment of the present disclosure, a method performed by a first network entity that performs a function related to a security key in a wireless communication system may include: receiving first information for generating a base key used to derive at least one security key from a second network entity that performs a function for mutual authentication of a terminal (user equipment) and a network; providing the terminal through a base station the first information and second information for generating a non-access stratum (NAS) key; receiving the base key generated based on the first information from the second network entity; obtaining a plurality of NAS keys corresponding to a plurality of network entities based on the base key; and transmitting each of the plurality of NAS keys to each of the corresponding network entities.

[0010] According to one embodiment of the present disclosure, a method performed by a terminal (user equipment) in a wireless communication system may include the steps of receiving from a base station, first information for generating a base key used to derive at least one security key and second information for generating a non-access stratum (NAS) key, the step of generating the base key based on the first information, and the step of obtaining a plurality of NAS keys corresponding to a plurality of network entities based on the base key.

[0011] According to one embodiment of the present disclosure, a first network entity performing a function related to a security key in a wireless communication system may include at least one processor and at least one memory that is communicationally coupled to the at least one processor and stores instructions. The above commands may be executed individually or in any combination by the at least one processor, so that the first network entity receives first information for generating a base key used to derive at least one security key from a second network entity that performs a function for mutual authentication of a terminal (user equipment) and a network, and provides the terminal with the first information and second information for generating a NAS (non-access stratum) key through a base station, receives the base key generated based on the first information from the second network entity, obtains a plurality of NAS keys corresponding to a plurality of network entities based on the base key, and transmits each of the plurality of NAS keys to each of the corresponding plurality of network entities.

[0012] According to one embodiment of the present disclosure, a user equipment in a wireless communication system may include at least one transceiver, at least one processor communicatively coupled to the at least one transceiver, and at least one memory communicatively coupled to the at least one processor for storing instructions. The instructions may be executed individually or in any combination by the at least one processor so that the user equipment receives from a base station first information for generating a base key used to derive at least one security key and second information for generating a non-access stratum (NAS) key, generates the base key based on the first information, and obtains a plurality of NAS keys corresponding to a plurality of network entities based on the base key.

[0013] One embodiment of the present disclosure may provide an apparatus and a method capable of effectively providing services in a wireless communication system.

[0014] The effects obtainable from the present disclosure are not limited to those mentioned above, and other unmentioned effects will be clearly understood by those skilled in the art to which the present disclosure belongs from the description below.

[0015] FIG. 1 illustrates the structure of a wireless communication system according to one embodiment of the present disclosure.

[0016] FIG. 2 illustrates the deployment of a RAN and 5GC to which O-RAN (Open RAN) is applied according to one embodiment of the present disclosure.

[0017] FIG. 3 illustrates an N2 interface and protocol stack between a base station and an access and mobility management function (AMF) entity according to one embodiment of the present disclosure.

[0018] FIG. 4 illustrates a TNL association for transmission and reception between a base station and an AMF according to one embodiment of the present disclosure.

[0019] FIG. 5 illustrates the structure of a base station including a central unit (CU) and a distributed unit (DU) according to one embodiment of the present disclosure.

[0020] FIG. 6 illustrates the structure of a CU-CP (control plane), CU-UP (user plane), and DU of a base station according to one embodiment of the present disclosure.

[0021] FIG. 7 illustrates a conceptual diagram showing the core network and the deployment of the RAN when an O-RAN according to one embodiment of the present disclosure is applied.

[0022] FIG. 8 illustrates a conceptual diagram showing the deployment of a core network and a RAN when using a structure that combines gNB-CU-CP and AMF according to one embodiment of the present disclosure.

[0023] FIG. 9 illustrates the architecture of a network system when using a structure that combines gNB-CU-CP and AMF according to one embodiment of the present disclosure.

[0024] FIG. 10 illustrates a protocol stack for a structure in which gNB-CU-CP and AMF are merged according to one embodiment of the present disclosure.

[0025] FIG. 11 illustrates a network structure in which network entities within a base station and a core network are connected through a service-based interface (SBI) according to one embodiment of the present disclosure.

[0026] FIG. 12 illustrates the structure of terminals, base stations, and some network entities in a network structure applying an SBI-based N2 interface according to one embodiment of the present disclosure.

[0027] FIG. 13 illustrates a schematic diagram showing the process of transmitting a NAS message in a structure to which an SBI-based N2 interface is applied according to one embodiment of the present disclosure.

[0028] FIG. 14 illustrates the protocol stacks of terminals, base stations, and network entities in a structure in which an SBI-based N2 interface is applied according to one embodiment of the present disclosure.

[0029] FIG. 15 illustrates an overview of how a security key is generated and used when a NAS termination point device according to one embodiment of the present disclosure is a terminal and an AMF.

[0030] FIG. 16 illustrates a key hierarchy structure in the case where a NAS terminal device according to one embodiment of the present disclosure is a terminal and an AMF.

[0031] FIG. 17 illustrates an overview of how a security key is generated and used in the case of a Distributed NAS structure based on an SBI-based N2 interface according to one embodiment of the present disclosure.

[0032] FIG. 18 illustrates a key hierarchy in the case of a Distributed NAS structure based on an SBI-based N2 interface according to one embodiment of the present disclosure.

[0033] FIG. 19 illustrates an overview of a mutual authentication and key generation procedure between a terminal and a network according to one embodiment of the present disclosure.

[0034] FIG. 20 illustrates a signaling procedure for mutual authentication and key generation procedures between a terminal and a network according to one embodiment of the present disclosure.

[0035] FIG. 21 illustrates a signaling procedure for generating an AS key according to one embodiment of the present disclosure.

[0036] FIG. 22 illustrates a signaling procedure for generating a NAS key according to one embodiment of the present disclosure.

[0037] FIG. 23 illustrates the process of generating a NAS key corresponding to an AMF entity according to one embodiment of the present disclosure.

[0038] FIG. 24 illustrates the process of generating a NAS key corresponding to a session management function (SMF) entity according to one embodiment of the present disclosure.

[0039] FIG. 25 illustrates the process of generating a NAS key corresponding to a policy control function (PCF) entity according to one embodiment of the present disclosure.

[0040] FIG. 26 illustrates the process of generating a NAS key corresponding to an SMSF (short message service function) entity according to one embodiment of the present disclosure.

[0041] FIG. 27 illustrates the process of generating a NAS key corresponding to a location management function (LMF) entity according to one embodiment of the present disclosure.

[0042] FIG. 28 illustrates the process of generating a NAS key in a terminal (user equipment) according to one embodiment of the present disclosure.

[0043] FIG. 29 illustrates a flowchart of an operation performed by a first network entity according to one embodiment of the present disclosure.

[0044] FIG. 30 illustrates a flowchart of an operation performed by a terminal according to one embodiment of the present disclosure.

[0045] FIG. 31 is a block diagram of a terminal or user equipment according to one embodiment of the present disclosure.

[0046] FIG. 32 is a block diagram of a base station according to one embodiment of the present disclosure.

[0047] FIG. 33 is a block diagram of a network entity performing network functions according to one embodiment of the present disclosure.

[0048] Hereinafter, embodiments of the present disclosure will be described in detail with reference to the attached drawings.

[0049] In describing the embodiments, technical details that are well known in the art to which this disclosure belongs and are not directly related to this disclosure are omitted. This is intended to convey the essence of this disclosure more clearly without obscuring it by omitting unnecessary explanations.

[0050] For the same reason, some components in the attached drawings have been exaggerated, omitted, or schematically depicted. Additionally, the size of each component does not entirely reflect its actual dimensions. Identical or corresponding components in each drawing have been assigned the same or different reference numbers.

[0051] The advantages and features of the present disclosure, and the methods for achieving them, will become clear by referring to the embodiments described below in detail together with the accompanying drawings. However, the present disclosure is not limited to the embodiments disclosed below but may be implemented in various different forms. These embodiments are provided merely to ensure that the disclosure is complete and to fully inform those skilled in the art of the scope of the disclosure, and the present disclosure is defined only by the scope of the claims. Throughout the specification, the same reference numerals refer to the same components. Furthermore, in describing the present disclosure, if it is determined that a detailed description of a related function or configuration might unnecessarily obscure the essence of the present disclosure, such detailed description is omitted. Additionally, the terms described below are defined considering their functions in the present disclosure, and these may vary depending on the intentions or conventions of the user or operator. Therefore, their definitions should be based on the content throughout the specification.

[0052] In the present disclosure, it will be understood that each block of the process flow diagrams and combinations of the flow diagrams may be performed based on computer program instructions. Since these computer program instructions may be optionally loaded into at least one processor of a general-purpose computer, a computer for special purposes, or other programmable data processing equipment, the instructions performed through any one or any combination of at least one processor of the computer or other programmable data processing equipment create means for performing the functions described in the flow diagram block(s). Since these computer program instructions may also be stored in computer-available or computer-readable memory that can be directed toward the computer or other programmable data processing equipment to implement the functions in a specific manner, the instructions stored in computer-available or computer-readable memory may also produce a manufactured item containing means of instruction for performing the functions described in the flow diagram block(s). Since computer program instructions can be loaded onto a computer or other programmable data processing equipment, instructions that perform a series of operation steps on the computer or other programmable data processing equipment to create a process executed by the computer can also provide steps for executing the functions described in the flowchart block(s).

[0053] Additionally, each block may represent a module, segment, or part of code containing one or more executable instructions for executing a specified logical function(s). It should also be noted that in some alternative execution examples, the functions mentioned in the blocks may occur out of order. For example, two blocks (or functions) described in succession may actually be executed substantially simultaneously, or the blocks may sometimes be executed in reverse order according to the corresponding function.

[0054] As used in the embodiments of the present disclosure, the term “part” refers to a software or hardware component, such as a field programmable gate array (FPGA) or an application-specific integrated circuit (ASIC), and the “part” performs certain roles. However, the term including “part” is not limited to software or hardware. The “part” may be configured to reside in an addressable storage medium or may be configured to run on one or more processors. Thus, by example, the “part” includes components such as software components, object-oriented software components, class components, and task components, as well as processes, functions, attributes, procedures, subroutines, segments of program code, drivers, firmware, microcode, circuits, data, databases, data structures, tables, arrays, and variables. The functions provided within the components and “parts” may be combined into a smaller number of components and “parts” or further separated into additional components and “parts.” In addition, the components and 'parts' may be implemented to utilize one or more CPUs (central processing units) within the device or secure multimedia card. Also, in the embodiments, 'parts' may include one or more processors.

[0055] As stated above, it should be noted that the blocks of each flowchart and combinations of flowcharts described in this disclosure may be executed by one or more computer programs including instructions. The entirety of one or more computer programs may be stored in a single memory device, or one or more computer programs may be divided into different parts and stored across multiple memory devices.

[0056] Additionally, any / any function or operation described in this disclosure may be processed by a single processor or a combination of processors. The single processor or combination of processors is a circuitry that performs processing and may include an application processor (AP, e.g., a central processing unit (CPU)), a communication processor (CP, e.g., a modem), a graphics processing unit (GPU), a neural network processing unit (NPU) (e.g., an artificial intelligence (AI) chip), a Wi-Fi chip, a Bluetooth® chip, a global positioning system (GPS) chip, a near-field communication (NFC) chip, a connectivity chip, a sensor controller, a touch controller, a fingerprint sensor controller, a display driver integrated circuit (IC), an audio codec (CODEC) chip, a universal serial bus (USB) controller, a camera controller, an image processing IC, a microprocessor unit (MPU), a system-on-chip (SoC), an IC, or similar circuitry.

[0057] Additionally, it should be noted that various embodiments in the claims and description of the present disclosure may be implemented in the form of hardware, software, or a combination of hardware and software.

[0058] Such software may be stored on a non-transitory computer-readable storage medium. A non-transitory computer-readable storage medium stores one or more computer programs (software modules), and said one or more computer programs include computer-executable instructions that operate an electronic device to perform a method according to the present disclosure when executed alone or collectively by one or more processors of an electronic device.

[0059] The software may be stored in a transient or non-transient storage device, for example, in the form of read-only memory (ROM) (whether or not it is erasable or rewritable), or random access memory (RAM), memory chips, devices, or integrated circuits (ICs). Additionally, the software may be stored in the form of an optically or magnetically readable medium, for example, a compact disc (CD), a digital multifunction disc (DVD), a magnetic disc, or a magnetic tape. It should be understood that the storage device and the storage medium are examples of non-transient machine-readable storage media suitable for storing programs for implementing various embodiments of the present disclosure. Accordingly, various embodiments of the present disclosure may provide a program containing code for implementing a device or method according to any one of the claims of this specification, and a non-transient machine-readable storage medium storing such program.

[0060] In the following disclosure, determining the priority between A and B may be referred to in various ways, such as selecting the one with the higher priority according to a predetermined priority rule and performing the corresponding action, or omitting or dropping the action for the one with the lower priority.

[0061] Hereinafter, 'A or B' as described in the present disclosure may be understood as 'A and / or B', which may be understood as including 'A', or 'B', or 'A and B'.

[0062] Additionally, 'at least one of A, B, and C' described in the present disclosure may be understood to include 'A', or 'B', or 'C', or 'any combination of A, B, and C'.

[0063] Additionally, 'at least one of A, B, or C' described in the present disclosure may be understood to include 'A', or 'B', or 'C', or 'any combination of A, B, and C'.

[0064] Additionally, 'A / B' as described in the present disclosure may be understood as 'A and / or B', which may be understood as including 'A', or 'B', or 'A and B'.

[0065] Additionally, 'A, B' described in the present disclosure may be understood as 'A and / or B', which may be understood as including 'A', or 'B', or 'A and B'.

[0066] Additionally, 'A and B' described in the present disclosure may be understood as 'A and / or B', which may be understood as including 'A', or 'B', or 'A and B'.

[0067] Furthermore, the phrase "when conditions A and B are satisfied" as described in the present disclosure is not necessarily limited to cases where both conditions A and B are satisfied, but may be understood to include cases where either condition A or condition B is satisfied individually, cases where both conditions A and B are satisfied, or cases where one or more additional conditions are satisfied together.

[0068] Furthermore, throughout this specification, ordinal terms (and similar modifiers) such as 'first', 'second', 'third', etc. are used solely for the purpose of distinguishing various instances, occurrences, configurations, messages, stages, or aspects of elements, operations, or information, as described below. Unless clearly required otherwise by the context, the use of such ordinal terms does not require that the elements, operations, or information distinguished by such terms be structurally different, numerically distinct, or essentially different. For example, 'first signal' and 'second signal' may represent instances of the same signal transmitted at different times, signals containing the same core information even with some variations, or signals having different content or characteristics depending on the specific context. Similarly, 'first value' and 'second value' may represent the same magnitude measured or applied in different situations, or may represent different magnitudes. Such interpretation must be determined based on the specific technical context, function, and relationship described in the relevant parts of the specification and claims.

[0069] Furthermore, although terms such as "first," "second," etc., as used in this disclosure are used for various elements such as information, objects, actions, and sequences, they are not intended to limit such elements to a specific order. These terms may be understood merely as distinguishing one element from another. For example, a first element may be referred to as a second element, and likewise, a second element may be referred to as a first element.

[0070] Additionally, the terms 'first' and 'second' described in this disclosure may be understood to refer to identical or different elements. For example, if an element is information, the first information and the second information may both be information, and depending on the case, they may be the same information or different information.

[0071] Furthermore, the expressions 'if' and 'in case that' described in this disclosure or claims may be interpreted, depending on the context, as meaning 'when or upon,' 'in response to,' 'based on,' or 'according to,' and these expressions may be used interchangeably. In addition, other expressions having substantially the same meaning may be used as substitutes, provided that they do not impair the technical features of this disclosure.

[0072] Additionally, the term "not perform" as used in this disclosure or claims may be understood, depending on the context, to mean to omit or skip the corresponding step. Such a term may be replaced with other terms having the same or substantially similar meaning.

[0073] Additionally, the phrase "transmitting a message containing A and B" as described in this specification may be interpreted to include not only (i) cases where A and B are transmitted as a single message, but also (ii) cases where A and B are transmitted individually through multiple messages (e.g., transmitting a first message containing A and a second message containing B). This interpretation may also apply to cases where messages containing two or more items, such as A, B, and C, are transmitted together or individually.

[0074] In addition, 'transmitting a message containing A and transmitting a message containing B' can also be interpreted as transmitting a single message containing A and B.

[0075] In the specific embodiments of the present disclosure described below, terms or components included in the disclosure will be expressed in the singular or plural form according to the specific embodiments presented. However, the singular or plural expression is selected to suit the circumstances presented for convenience of explanation, and the present disclosure is not limited to singular or plural components; even if a component is expressed in the plural form, it may be composed in the singular form, and even if a component is expressed in the singular form, it may be composed in the plural form.

[0076] The drawings or flowcharts described below illustrate exemplary methods that may be implemented in accordance with the principles of the present disclosure, and various modifications may be made to the methods illustrated in the flowcharts of the present disclosure. For example, although illustrated as a series of steps, the various steps of each drawing or flowchart may overlap, occur in parallel, occur in a different order, or occur multiple times. In other examples, any step may be omitted or replaced with another step.

[0077] The methods and devices proposed in the embodiments of the present disclosure below are not limited to each embodiment and may be utilized as a combination of all or part of the embodiments proposed in the disclosure. Accordingly, the embodiments of the present disclosure may be applied with some modifications within the scope that does not deviate significantly from the scope of the present disclosure, at the judgment of a person skilled in the art.

[0078] In this case, any wording mentioned in different embodiments may be used interchangeably, combined, or substituted if the concepts correspond. For example, regarding the same or corresponding concepts, even if the expression 'A' is used in one embodiment and the expression 'B' is used in another embodiment, they may be understood by interchangeably, substituted, or combined.

[0079] Terms used in the following description to identify connection nodes, terms referring to network entities, terms referring to messages, terms referring to interfaces between network entities, terms referring to various identification information, etc., are examples provided for the convenience of explanation. Accordingly, the present disclosure is not limited to the terms described below, and other terms referring to objects having equivalent technical meanings may be used. Furthermore, where appropriate, such terms may be replaced with terms defined in the 3GPP (3rd generation partnership project) Technical Specifications (TS).

[0080] Hereinafter, the base station, as the entity performing resource allocation for terminals, may be at least one of gNode B, eNode B, Node B, BS (base station), wireless access unit, base station controller, or a node on a network. Additionally, the base station of the present disclosure may include a structure split into a central unit (CU) and a distributed unit (DU). In such a structure, the CU is responsible for the upper layer of the control and user plane, and the DU is responsible for wireless resource processing of the lower layer. The embodiments of the present disclosure can be equally applied to a 5G base station structure in which functions are separated into the CU and DU as described above.

[0081] The terminal may include a UE (user equipment), MS (mobile station), cellular phone, smartphone, computer, or a multimedia system capable of performing communication functions.

[0082] In the present disclosure, a downlink (DL) refers to a wireless transmission path of a signal transmitted by a base station to a terminal, and an uplink (UL) refers to a wireless transmission path of a signal transmitted by a terminal to a base station.

[0083] In addition, while a 5th generation mobile communication system (5G, new radio, NR) and a 6th generation mobile communication system (6G) may be described below as examples, embodiments of the present disclosure may also be applied to other communication systems having similar technical backgrounds or channel types. For example, new advanced mobile communication systems developed after 5G and 6G may be included therein. Furthermore, the present disclosure may be applied to other communication systems (e.g., Wi-Fi systems) with some modifications made in the judgment of a person with skilled technical knowledge, without significantly departing from the scope of the present disclosure.

[0084] In the following description, the terms "physical channel" and "signal" may be used interchangeably with "data" or "control signal." For example, PDSCH (physical downlink shared channel) is a term referring to a physical channel through which data is transmitted, but PDSCH may also be used to refer to data. That is, in this disclosure, the expression "transmits a physical channel" may be interpreted as equivalent to the expression "transmits data or a signal through a physical channel."

[0085] In describing the present disclosure below, the term "upper layer signaling" may be a signaling corresponding to at least one or a combination of at least one of MIB (master information block), SIB (system information block), SIB M (M=1, 2, ...), RRC (radio resource control), MAC (medium access control), CE (control element), NAS (non-access stratum) signaling, or application layer messages. The RRC signaling may also be referred to as L3 signaling (layer 3 signaling).

[0086] Additionally, L1 signaling may be a signaling method corresponding to at least one or a combination of at least one of the following: a physical layer channel or signaling of a PDCCH (physical downlink control channel), a DCI (downlink control information), a UE-specific DCI, a group common DCI, a common DCI, a scheduling DCI (e.g., a DCI used for the purpose of scheduling downlink or uplink data), a non-scheduling DCI (e.g., a DCI not used for the purpose of scheduling downlink or uplink data), a PUCCH (physical uplink control channel), or an UCI (uplink control information). The above L1 signaling may also be referred to as physical layer signaling.

[0087] Hereinafter, the expression in the present disclosure or claims that information can be configured from a base station may mean that, depending on the context, a terminal receives said information from a base station through physical layer signaling or upper layer signaling, and such expression may be replaced with other terms having the same or substantially similar meaning.

[0088] The operating principle of the present disclosure will be explained in detail below with reference to the attached drawings.

[0089] Wireless communication systems are evolving from providing early voice-oriented services to broadband wireless communication systems that provide high-speed, high-quality packet data services, such as communication standards like 3GPP’s HSPA (High Speed ​​Packet Access), LTE (or E-UTRA (Evolved Universal Terrestrial Radio Access)), LTE-Advanced (LTE-A), LTE-Pro, 3GPP2’s HRPD (High Rate Packet Data), UMB (Ultra Mobile Broadband), and IEEE’s 802.16e.

[0090] As a representative example of a broadband wireless communication system, the LTE system uses the Orthogonal Frequency Division Multiplexing (OFDM) method for the downlink and the Single Carrier Frequency Division Multiple Access (SC-FDMA) method for the uplink. The uplink refers to a wireless link through which a terminal (User Equipment (UE) or Mobile Station (MS)) transmits data or control signals to a base station (eNode B, gNode B, or base station (BS)), and the downlink refers to a wireless link through which a base station transmits data or control signals to a terminal. The aforementioned multiple access method can distinguish the data or control information of each user by allocating and operating time-frequency resources to be sent, including data or control information for each user, so that they do not overlap (i.e., so that orthogonality is established).

[0091] As a future communication system following LTE, that is, a 5G communication system, it supports services that simultaneously satisfy various requirements so as to freely reflect the diverse needs of users and service providers. The 5G communication system supports enhanced Mobile Broadband (eMBB), massive Machine Type Communication (mmTC), and Ultra-Reliable Low Latency Communication (URLLC).

[0092] eMBB was developed with the goal of providing data transmission speeds that are superior to those supported by existing LTE, LTE-A, or LTE-Pro. For example, in a 5G communication system, eMBB can provide a peak data rate of 20 Gbps in the downlink and 10 Gbps in the uplink from the perspective of a single base station. Furthermore, while providing these peak data rates, the 5G communication system also offers an increased user-perceived data rate. To meet these requirements, improvements in various transmission and reception technologies are needed, including enhanced Multi-Input Multi-Output (MIMO) transmission technology. Additionally, while LTE transmits signals using a maximum bandwidth of 20 MHz in the 2 GHz band, the 5G communication system can satisfy the data transmission speeds required by using a frequency bandwidth wider than 20 MHz in frequency bands of 3–6 GHz or above 6 GHz.

[0093] Simultaneously, 5G communication systems can support Massive Machine Type Communications (mmTC) services to support application services such as the Internet of Things (IoT). To efficiently provide IoT, mMTC features support for a large number of terminal connections within a cell, improved terminal coverage, extended battery life, and reduced terminal costs. Since IoT provides communication functions attached to various sensors and devices, it can support a large number of terminals within a cell (e.g., 1,000,000 terminals / km²). Furthermore, due to the nature of the service, terminals supporting mMTC are likely to be located in dead zones not covered by cells, such as building basements, thus requiring wider coverage compared to other services provided by 5G communication systems. Terminals supporting mMTC must consist of low-cost devices, and because it is difficult to frequently replace terminal batteries, they support a very long battery life of 10 to 15 years.

[0094] Finally, URLLC is a mission-critical cellular-based wireless communication service. For instance, it is a technology proposed for services such as remote control of robots or machinery, industrial automation, unmanned aerial vehicles, remote health care, and emergency alerts. Therefore, the communication provided by URLLC must offer very low latency and very high reliability. For instance, services supporting URLLC must satisfy an air interface latency of less than 0.5 milliseconds and simultaneously require a packet error rate of 10^-5 or less. Consequently, for services supporting URLLC, 5G systems must provide a Transmission Time Interval (TTI) smaller than other services, and design considerations may be required to allocate wide resources in the frequency band to ensure the reliability of the communication link.

[0095] The three 5G services, namely eMBB, URLLC, and mMTC, can be multiplexed and transmitted within a single system. In this case, different transmission and reception techniques and parameters may be used between the services to satisfy the different requirements of each service. Of course, 5G is not limited to the three services mentioned above.

[0096] Among the 5G communication system services listed above, some technologies and services are currently provided in the 5G communication system, but some technologies require further improvement. The 6G communication system expands the technologies and services supported by the existing 5G communication system and completes incomplete technologies, while also including new technologies such as AI, ISAC (Integrated Sensing and Communication), and NTN (Non-terrestrial Networks).

[0097] In developing the technology and services of 6G communication systems, the following four aspects are fundamentally considered: sustainability, connecting the unconnected, ubiquitous intelligence, security, and resilience. To prevent environmental destruction caused by indiscriminate resource waste, low-power and resource-efficient systems must be considered; satellites and all other wired and wireless networks must be connected to ensure constant network connectivity anywhere in the world; AI must be utilized in all areas, including networks, equipment, and terminals, to ensure that intelligence is present everywhere; and finally, in anticipation of the upcoming era of quantum computing, greater attention must be paid to the security and stability of the system to prevent attacks on existing security systems using quantum computing in the future.

[0098] In the present disclosure, network technology may refer to standard specifications defined by the International Telecommunication Union (ITU) or 3GPP (e.g., TS 23.501, TS 23.502, TS 23.503, etc.), and the components included in the network structure of FIG. 1 may each refer to a physical entity, or to software that performs an individual function, or to hardware combined with software. Reference numerals denoted by Nx, such as N1, N2, N3, ... in the drawings, represent known interfaces between network functions (NFs) in a 5G Core Network (CN), and since a detailed description can be found in standard specifications (e.g., TS 23.501), a detailed description is omitted.

[0099] Current 5G mobile communication technology defines wide frequency bands to enable fast transmission speeds and new services, and can be implemented not only in sub-6GHz bands such as 3.5 gigahertz (3.5GHz) but also in ultra-high frequency bands known as millimeter wave (mmWave), such as 28GHz and 39GHz, such as 'Above 6GHz'. Currently, discussions on 6G mobile communication are in full swing at various telecommunications standards organizations. For 6G mobile communication technology, which is referred to as a system beyond 5G, implementation in the terahertz (THX) band (e.g., the 3 terahertz band at 95GHz) is being considered to achieve transmission speeds 50 times faster and ultra-low latency reduced to one-tenth compared to 5G mobile communication technology.

[0100] 6G mobile communication technology considers the expansion of services proposed in existing 5G mobile communication technology and the addition of new technologies. It aims to support Massive Communication through expanded services for Massive Machine-Type Communications (mMTC), including Immersive Communication, which is an extension of the existing Enhanced Mobile Broadband (eMBB); Hyper Reliable & Low-Latency Communication (HRLLC), which is an extension of Ultra-Reliable Low-Latency Communications (URLLC); and Massive Communication. Additionally, it considers new services that were not discussed in 5G mobile communication. Ubiquitous Connectivity, which provides communication services anywhere in the world using satellite-based Non-terrestrial Networks (NTN); AI and Communication, which provides AI functions as services to consumers as well as improving network performance and resource efficiency using AI; and Integrated Sensing and Communication, which provides wireless sensing services such as distance measurement and object detection using wireless, are being discussed as new services in 6G mobile communication that were not provided in 5G mobile communication.In order to provide the above services, not only are efforts being made to further perfect the technologies applied in 5G mobile communication (beamforming and Massive MIMO to mitigate path loss and increase transmission distance of radio waves in the ultra-high frequency band, support for various numerologies for efficient utilization of ultra-high frequency resources (such as operation of multiple subcarrier spacings) and dynamic operation of slot formats, initial access technology to support multi-beam transmission and broadband, definition and operation of Band-Width Part (BWP), new channel coding methods such as Low Density Parity Check (LDPC) codes for large-capacity data transmission and Polar Code for reliable transmission of control information, L2 pre-processing, and Network Slicing to provide a dedicated network specialized for specific services), but new technologies are also being continuously discussed. As an example of such technology, an Evolved-SBA (E-SBA) network structure is also being discussed, which extends the Service-based Architecture (SBA) applied in the existing 5G Core Network (5G CN) to change the N2 interface, where the Point-to-Point (P2P) interface was applied in the existing 5G CN, into a Service-based Interface (SBI).

[0101] In 5G mobile communication, various use cases for supporting new services (Vertical Service) through linkage and convergence with other industries, and various technologies to support them, were discussed. Standardization in the field of wireless interface architecture / protocols is also underway for technologies such as Industrial Internet of Things (IIoT), Integrated Access and Backhaul (IAB) which provides nodes for expanding network service areas by integrating wireless backhaul links and access links, Mobility Enhancement including Conditional Handover and Dual Active Protocol Stack (DAPS) Handover, and 2-step Random Access (2-step RACH for NR) which simplifies random access procedures. Additionally, standardization in the field of system architecture / services has been carried out for 5G baseline architectures (e.g., Service based Architecture, Service based Interface) for the integration of Network Functions Virtualization (NFV) and Software-Defined Networking (SDN) technologies, and Mobile Edge Computing (MEC), which provides services based on the location of the terminal.

[0102] The 6G mobile communication system aims to improve and expand the performance of the existing 5G mobile communication system. Once this 6G mobile communication system is commercialized, connected devices, which are increasing explosively, will be connected to the communication network. Consequently, it is expected that there will be a need to enhance the functionality and performance of the 6G mobile communication system and to integrate the operation of connected devices. Based on this, new services such as 6G performance improvement and complexity reduction utilizing Extended Reality (XR), Artificial Intelligence (AI), and Machine Learning (ML) to efficiently support Augmented Reality (AR), Virtual Reality (VR), and Mixed Reality (MR), as well as support for AI services, metaverse services, and drone communication, will become a reality.

[0103] To transmit higher-capacity data faster than 5G, 6G mobile communication employs multi-antenna transmission technologies such as new waveforms to guarantee coverage in the terahertz band, Full Dimensional MIMO (FD-MIMO), array antennas, and large-scale antennas; metamaterial-based lenses and antennas; high-dimensional spatial multiplexing technology using Orbital Angular Momentum (OAM); and Reconfigurable Intelligent Surface (RIS) technology to improve terahertz band signal coverage; as well as full-duplex technology for enhancing frequency efficiency and system networks; AI-based communication technologies that realize system optimization by utilizing satellites and AI from the design stage and internalizing end-to-end AI support functions; and next-generation distributed communication that realizes services of complexity exceeding the limits of terminal computing capabilities by utilizing ultra-high-performance communication and computing resources. It is expected that various technologies will be applied across various layers, such as computing technology.

[0104] According to one embodiment of the present disclosure, a base station structure and protocol stack method and apparatus for an SBI-based N2 interface in a wireless communication system may be provided.

[0105] According to one embodiment of the present disclosure, a method and apparatus for implementing a structure of a base station and a communication protocol stack for an interface to support an enhanced interface for transmitting control data between a base station and a core network may be provided.

[0106] According to one embodiment of the present disclosure, the structure of the RAN and 6GC (6G core) when applying an SBI-based N2 interface to 6G (6th generation) and a security key-related procedure for supporting distributed NAS termination points based on the SBI-based N2 interface may be provided.

[0107] FIG. 1 illustrates the structure of a wireless communication system according to one embodiment of the present disclosure. Referring to FIG. 1, the structure of the wireless communication system of FIG. 1 may include, but is not limited to, the structure of a 5G (5th generation) wireless communication system. The wireless communication system may include at least one of network entities (NE) or network functions (NF) described below. The terms and names used in the present disclosure are not limited to 5G wireless communication systems but may be applied equally to other wireless communication systems (e.g., 6G wireless communication systems).

[0108] According to one embodiment of the present disclosure, a (R)AN ((Radio) Access Network) may operate as a subject that performs radio resource allocation for terminals. In the present disclosure, the RAN may include at least one of an eNode B, Node B, BS (Base Station), NG-RAN (Next Generation Radio Access Network), 5G-AN (5G Access Network), 5G NR (5G New Radio), a radio access unit, a base station controller, or a node on the network.

[0109] According to one embodiment of the present disclosure, a terminal or user equipment (UE) may include a Next Generation UE (NG UE), a Mobile Station (MS), a cellular phone, a smartphone, a computer, an Internet of Things (IoT) device, or a multimedia system capable of performing communication functions.

[0110] In addition, various embodiments of the present disclosure are described below with reference to configurations of 5G systems. However, embodiments of the present disclosure may also be applied to other communication systems having a similar technical background. Furthermore, embodiments of the present disclosure may be applied to other communication systems with some modifications made at the discretion of a person with skilled technical knowledge, provided that they do not deviate significantly from the scope of the present disclosure.

[0111] As wireless communication systems evolve from 4G systems to 5G systems, they define a new core network (CN), called the Next Generation Core (NG Core) or 5G Core Network (5GC). The new core network can virtualize all existing network entities (NE) to create network functions (NF). According to one embodiment of the present disclosure, a network function may refer to a network entity, a network component, or a network resource.

[0112] According to one embodiment of the present disclosure, 5GC may include one or more NFs illustrated in FIG. 1. Of course, NFs are not limited to the example illustrated in FIG. 1, and 5GC may include a greater number of NFs than the NFs illustrated in FIG. 1 or a smaller number of NFs.

[0113] According to one embodiment of the present disclosure, an Access and Mobility Management Function (AMF) may be a network function that manages the access and mobility of a terminal (UE). For example, the AMF may perform network functions such as registration, connection, reachability, mobility management, access verification, authentication, and the generation of mobility events.

[0114] According to one embodiment of the present disclosure, a Session Management Function (SMF) may be a network function that manages a Packet Data Network (PDN) connection provided to a User Terminal (UE). A PDN connection may be referred to as a Protocol Data Unit (PDU) Session. For example, the SMF may perform network functions such as session management functions through the establishment, modification, and release of sessions and the maintenance of a tunnel between a User Plane Function (UPF) and a RAN required for these functions, selection and control of a User Plane (UP), control of traffic processing in the UPF, or control of billing data collection.

[0115] According to one embodiment of the present disclosure, a Policy Control Function (PCF) may refer to a network function that applies a mobile carrier's service policy, billing policy, and policy for a PDU Session to a terminal.

[0116] According to one embodiment of the present disclosure, Unified Data Management (UDM) may refer to a network function that stores information about a subscriber. For example, UDM may perform functions such as generating authentication information for 3GPP security, processing a User ID, managing a list of network functions that support a UE, or managing subscription information.

[0117] According to one embodiment of the present disclosure, a Network Exposure Function (NEF) may mean a function that provides information about a terminal to a server located outside the 5G network. Additionally, the NEF may provide a function that provides information necessary for services to the 5G network and stores it in a Unified Data Repository (UDR).

[0118] According to one embodiment of the present disclosure, a User Plane Function (UPF) may refer to a function that performs the role of a gateway for transmitting user data (e.g., PDU) to a Data Network (DN). For example, the UPF may perform the role of processing data so that data transmitted by a terminal can be transmitted to an external network or data received from an external network can be transmitted to the terminal. For example, the UPF may perform network functions such as acting as an anchor between Radio Access Technologies (RATs), packet routing and forwarding, packet inspection, application of user plane policies, generation of traffic usage reports, or buffering.

[0119] According to one embodiment of the present disclosure, a Network Repository Function (NRF) can perform the function of storing profiles of NFs and discovering NFs.

[0120] According to one embodiment of the present disclosure, the Authentication Server Function (AUSF) can perform terminal authentication in a 3GPP access network and a non-3GPP access network.

[0121] According to one embodiment of the present disclosure, the Network Slice Selection Function (NSSF) can perform the function of selecting a Network Slice Instance provided to a terminal.

[0122] According to one embodiment of the present disclosure, a Network Data Analytics Function (NWDAF) can collect data from multiple NF(s) for the purpose of efficient operation of a 5GC network. In one embodiment, the collected data can be analyzed using a Machine Learning (ML) model, and the results of the analysis can be provided back to the NFs to help each NF provide efficient network services.

[0123] According to one embodiment of the present disclosure, an application function (AF) can communicate with a carrier network so that an external server (application server) can use network services provided by the carrier network. Depending on the deploying entity, the AF may be classified into an internal AF and an external AF. An internal AF deployed by a network operator can communicate directly with NFs within the carrier network. An AF deployed by a third-party service provider may need to pass through an NEF to communicate with NFs within the carrier network.

[0124] According to one embodiment of the present disclosure, a data network (DN) may refer to a data network in which a terminal transmits and receives data in order to use a network operator's service or an external service (3rd party service).

[0125] According to one embodiment of the present disclosure, a network slice admission control function (NSACF) can limit the number of PDU sessions of registered terminals in each slice. Additionally, the NSACF can perform a function of managing resources through this.

[0126] According to one embodiment of the present disclosure, a network slice-specific authentication and authorization function (NSSAAF) can generate a slice authentication context for a terminal. Additionally, the NSSAAF can perform slice-specific authentication and authorization procedures.

[0127] According to one embodiment of the present disclosure, an edge application server discovery function (EASDF) can create a domain name system (DNS) context for a PDU session and can perform the function of storing a UE IP (internet protocol) address or DNS message processing rules, etc., in the context.

[0128] According to one embodiment of the present disclosure, a service communication proxy (SCP) can perform indirect communication functions such as searching for a service or responding to a call.

[0129] According to one embodiment of the present disclosure, the terminal may include an IoT device. The IoT device may include a device that does not use battery power or operates with very little power. The IoT device may be referred to as an ambient IoT device (or ambient IoT, AIoT).

[0130] According to one embodiment of the present disclosure, a wireless communication system may include a conceptual link connecting NFs within a 5G system as defined by the 3GPP system. For example, the wireless communication system may include a reference point as defined by 3GPP. For example, the reference point may be defined as follows.

[0131] - N1: Reference point between UE and AMF

[0132] - N2: Reference point between (R)AN and AMF

[0133] - N3: Reference point between (R)AN and UPF

[0134] - N4: Reference point between SMF and UPF

[0135] - N6: Reference point between UPF and DN

[0136] - N9: Reference point between 2 core UPFs

[0137] According to one embodiment of the present disclosure, a wireless communication system may include the following service-based interfaces defined by the 3GPP system.

[0138] - Nnssf: Service-based interface by NSSF

[0139] - Nnssaaf: Service-based interface based on NSSAAF (Network Slice-Specific Authentication and Authorization Function)

[0140] - Nnef: Service-based interface by NEF

[0141] - Nausf: Service-based interface by AUSF

[0142] - Nnrf: Service-based interface by NRF

[0143] - Namf: Service-based interface by AMF

[0144] - Npcf: Service-based interface by PCF

[0145] - Nsmf: Service-based interface by SMF

[0146] - Nupf: Service-based interface by UPF

[0147] - Nudm: Service-based interface by UDM

[0148] - Naf: Service-based interface by AF

[0149] - Nasaf: Service-based interface by AUSF

[0150] - Neasdf: Service-based interface by EASDF (Edge Application Server Discovery Function)

[0151] - Nnwdaf: Service-based interface by NWDAF

[0152] The present disclosure may provide an N2 interface based on a service-based interface (SBI) connecting a (R)AN (radio access network) and a 6GC (6G Core) in a 6GS (6th generation system). Additionally, the present disclosure may provide a base station structure and a protocol stack of an interface for an N2 interface based on an SIB.

[0153] The present disclosure may provide a key generation procedure to provide security as the SBI-based N2 interface supports connections with other NAS (Non-Access Stratum) NFs as well as connections with existing AMFs.

[0154] FIG. 2 illustrates the deployment of a RAN and 5GC to which O-RAN (Open RAN) is applied according to one embodiment of the present disclosure.

[0155] According to one embodiment of the present disclosure, a RAN (radio access network) may be composed of a CU (central unit) (210), a DU (distributed unit) (220), and an AAU (active antenna unit) (230). The AAU (230) may include a RF (radio frequency) antenna. Additionally, the AAU (230) is implemented in hardware (H / W) and can perform direct wireless communication with a user terminal.

[0156] According to one embodiment of the present disclosure, the AAU (230) may include a radio frequency (RF) layer and a PHY-LOW layer as a communication protocol stack for wireless communication with a user terminal. Since areas where the wireless communication of the AAU (230) does not reach become communication dead zones, the AAU (230) must be densely deployed in the area to be covered. A large number of AAU (230) devices may be required to cover a very wide area without communication dead zones.

[0157] According to one embodiment of the present disclosure, the DU (220) may be connected to the AAU (230) and the fronthaul (240). A standardized interface called eCPRI (enhanced Common Public Radio Interface) may be used to the fronthaul (240) in the O-RAN. The DU (220) may include a communication protocol stack composed of a PHY-HIGH layer for processing radio signaling data received from the AAU (230), a MAC (multiple access control) layer for multiplexing and scheduling data, and an RLC (radio link control) layer for acknowledging transmitted and received data.

[0158] According to one embodiment of the present disclosure, the CU (210) may be connected to the DU (220) and the midhaul (250). The CU (210) may include a communication protocol stack composed of a packet data convergence protocol (PDCP) layer responsible for IP header compression, user data transmission, and sequence numbers for the radio bearer, and a radio resource control (RRC) layer responsible for control of radio resources. Additionally, the CU (210) may be connected to a core network (CN). For example, the CU (210) may be connected to the CN via a backhaul (260). The CU (210) may include a communication protocol stack for an N2 interface, which is a backhaul interface.

[0159] According to one embodiment of the present disclosure, in the case of an AAU (230) including an antenna which is hardware, it may not be possible to implement it in software. On the other hand, DU (220) and CU (210), excluding the AAU (230), can be implemented in software using a virtual network function (VNF), which is an IT technology.

[0160] According to one embodiment of the present disclosure, in implementing the DU (220) and CU (210) as dedicated hardware equipment, the DU (220) and CU (210) equipment can be virtualized into software using VNF technology and implemented on cloud equipment to reduce costs.

[0161] FIG. 3 illustrates an N2 interface and protocol stack between a base station and an access and mobility management function (AMF) entity according to one embodiment of the present disclosure.

[0162] According to one embodiment of the present disclosure, the N2 interface may be used as an interface connecting the (R)AN (310) and the 5GC. For example, the N2 interface may be used to transmit and receive control signals between the CU equipment of the (R)AN and the AMF (320) entity of the 5GC.

[0163] According to one embodiment of the present disclosure, the N2 interface may be a Point-to-Point (P2P) based interface that connects only two devices (the CU of the RAN (310) and the AMF (320) entity). Devices using a P2P based interface may have a relatively large functional dependency between them. As a result, it may not be easy to add new functions to devices using a P2P based interface or to upgrade devices using a P2P based interface. Additionally, changes to the interface itself may be required to add new functions to devices using a P2P based interface or to upgrade devices using a P2P based interface.

[0164] According to one embodiment of the present disclosure, a communication protocol stack constituting an N2 interface may be composed of a physical layer (L1), a link layer (L2), an Internet Protocol (IP) layer, a Stream Control Transmission Protocol (SCTP) layer, and an NG Application Protocol (NG-AP) layer. The L1 layer and the L2 layer may be separated into a radio network layer (RNL), and the IP layer and the SCTP layer may be separated into a Transport Network Layer (TNL).

[0165] FIG. 4 illustrates a TNL association for transmission and reception between a base station and an AMF according to one embodiment of the present disclosure.

[0166] The CU (401), CN (402), RAN (410), and Backhaul (430) of FIG. 4 can correspond to the CU (210), CN (200), RAN (410), and Backhaul (260) of FIG. 2, respectively.

[0167] Referring to FIG. 4, the creation of TNL associations (450) between the RAN (410) and the AMF (420) may be required so that the RAN (410) and the AMF (420) transmit or receive control data through the N2 interface (440). The procedure for establishing the TNL associations may be initiated by the RAN (410) equipment. Since the TNL associations (450) are established based on the IP layer and the SCTP layer, the RAN (410) equipment may need to know the IP address and port number of the AMF (420) equipment in order to establish the TNL associations (450). That is, according to one embodiment of the present disclosure, it can be assumed that the RAN (410) knows the IP address and port number of the AMF (420) entities for which the establishment of the TNL associations (450) is required.

[0168] According to one embodiment of the present disclosure, the SCTP protocol may be a protocol based on TCP (Transmission Control Protocol) that includes additional functions for mobile communication networks. The SCTP protocol is a protocol with very limited usage, used only in wireless communication systems. The SCTP protocol may include a multi-homing function to increase the stability of the connection. The multi-homing function allows two SCTP connections (460) to be established using two IP addresses if the transmitting node and the receiving node have two IP addresses. In this case, there is only one SCTP connection (460) actually used for communication, and the other SCTP connection may be a backup SCTP connection that can be used for data communication when the currently used SCTP connection can no longer be used due to a defect in the physical communication line or an abnormality in equipment such as a router in the communication path. This method may be useful when the communication line is faulty and the stability of the communication equipment is relatively low, but if the frequency of such problems is very low, the usefulness of using a backup SCTP protocol may be relatively reduced. In addition, from the perspective of the network operator, the redundancy of communication lines and equipment is implemented to increase network stability, so the possibility of a problem occurring in the SCTP connection (460) in use due to a failure of the communication line and / or communication equipment can be very low.

[0169] According to one embodiment of the present disclosure, a plurality of TNL connections (250) may be created between the RAN (410) and the AMF (220), and at least some of the created TNL connections (250) may be used to transmit control signals or control data unrelated to the terminal. On the other hand, at least some of the other connections may be used to transmit control signals or control data related to the terminal. In particular, to transmit control data related to the terminal, a binding procedure with specific TNL associations through a procedure called NGAP UE-TNLA binding may be required.

[0170] In the present disclosure, a base station may be referred to as a base station device, (R)AN, or (R)AN device. Additionally, network entities (NE) may be used interchangeably with terms referring to corresponding network functions (NF).

[0171] FIG. 5 illustrates the structure of a base station including a central unit (CU) and a distributed unit (DU) according to one embodiment of the present disclosure.

[0172] According to one embodiment of the present disclosure, a gNB (501) can be logically divided into a CU (510), a DU (520), and an AAU. The CU (510) is connected to the 5GC (500) via an NG interface (530) to transmit and receive control signals between the RAN and the 5GC. The CU (510) is also connected to the CU of another gNB (502) via an Xn C interface (540) to transmit and receive control signals. For example, when a terminal hands over to another gNB (502), the gNB (501) can transmit and receive related control signals with the other gNB (502). The CU (510) is connected to the DU (520) via an F1 interface (550) to transmit and receive wireless-related control signals.

[0173] FIG. 6 illustrates the structure of a CU-CP (control plane), CU-UP (user plane), and DU of a base station according to one embodiment of the present disclosure.

[0174] According to one embodiment of the present disclosure, CUs within a gNB (600) can be logically separated according to a control plane (CP) and a user plane (UP). For example, a configuration responsible for the CP within a CU may be referred to as gNB-CU-CP (610). A configuration responsible for the UP within a CU may be referred to as gNB-CU-UP (620-1). One gNB-CU-CP (610) may be connected to a plurality of gNB-CU-UPs (620-N). One gNB-CU-CP (610) may be connected to a plurality of gNB-DUs (601, 602). One gNB-CU-UP (620-1) may be connected to one gNB-CU-CP (610) and to a plurality of gNB-DUs (601, 602). One gNB-DU (601) can be connected to one gNB-CU-CP (610) and to multiple gNB-CU-UP (620-N). The gNB-CU-CP (610) and the gNB-CU-UP (620-N) can be connected via an E1 interface. The gNB-CU-CP (610) and the gNB-DU (601, 602) can be connected via an F1-C interface. The gNB-CU-UP (620-N) can be connected via an F1-U interface to the gNB-DU (601, 602).

[0175] FIG. 7 illustrates a conceptual diagram showing the core network and the deployment of the RAN when an O-RAN according to one embodiment of the present disclosure is applied.

[0176] According to one embodiment of the present disclosure, the AAU (740) can perform direct wireless communication with a terminal using an antenna. Accordingly, the AAU (740) should be deployed to support sufficient communication capacity and eliminate communication blind spots, taking into account the wireless transmission range and the number of users within the area. Accordingly, the AAU (740) can be deployed in the largest number among wireless equipment.

[0177] According to one embodiment of the present disclosure, the DU (710) can process wireless-related control signals and user data transmitted from the AAU (740). The DU (710) can perform functions such as scheduling wireless resources, encryption of wireless signals, or ordering of data in relation to QoS, but the functions of the DU (710) are not limited to the examples described above.

[0178] According to one embodiment of the present disclosure, the CU (730) can process wireless-related control signals and user data transmitted from the DU (710). In particular, the CU (730) can transmit NAS signals or NAS messages transmitted by the terminal to the 5GC to the AMF entity (750) using the N2 interface. The CU (730) can manage wireless resources and transmit and receive control signals and user data between the RAN and the 5GC.

[0179] According to one embodiment of the present disclosure, the deployment of a RAN can vary greatly depending on the region and equipment. Generally, the number of AAUs (740) handled by a single CU (730) can range from as few as a few hundred to as many as a few thousand. That is, the scalability of the CU can be significantly increased compared to before the application of C-RAN (Cloud RAN) and O-RAN.

[0180] The present disclosure can provide a method for solving the problems of the conventional P2P-based N2 interface as described above.

[0181] The present disclosure can provide the structure of RAN and 6GC when applying an SBI-based N2 interface to 6GC.

[0182] The present disclosure may provide security key-related procedures for supporting distributed NAS termination points due to an SBI-based N2 interface.

[0183] FIG. 8 illustrates a conceptual diagram showing the deployment of a core network and a RAN when using a structure that combines gNB-CU-CP and AMF according to one embodiment of the present disclosure.

[0184] As described above with reference to Fig. 7, when RAN equipment is logically divided, the scalability of the CU can be significantly increased compared to when the RAN equipment was not logically divided and was implemented as a single hardware device containing a single antenna. In this case, a handover may occur whenever a terminal moves from one cell to a neighboring or adjacent cell. The terminal handover can be handled by a mobility management device, such as an AMF entity. Additionally, if the terminal moves out of the range of the area supported by the AMF that manages the base stations, more complex procedures, such as AMF relocation, may be required. To avoid such signaling overhead, a hierarchical structure in which a single AMF manages multiple base stations may be utilized. In a RAN where O-RAN or C-RAN is applied, a single CU can manage a large number of AAU devices. Therefore, when a terminal moves from a specific cell to an adjacent cell, the terminal's mobility management can be handled at the DU or CU stage. Due to this, the usefulness of the hierarchical structure between base stations and AMFs introduced due to scalability may be relatively low.

[0185] According to one embodiment of the present disclosure, a method and apparatus for merging gNB-CU-CP and AMF may be provided. A structure merging gNB-CU-CP and AMF can be implemented by replacing the existing N2 interface between gNB-CU-CP and AMF with internal signaling within the device merging gNB-CU-CP and AMF. When using a structure merging gNB-CU-CP and AMF, the time, cost, and effort required to standardize the existing N2 interface can be significantly reduced. Furthermore, when using a structure merging gNB-CU-CP and AMF, most of the functions provided by the existing N2 interface can be converted to internal signaling.

[0186] FIG. 9 illustrates the architecture of a network system when using a structure that combines gNB-CU-CP and AMF according to one embodiment of the present disclosure.

[0187] According to one embodiment of the present disclosure, when merging gNB-CU-CP and AMF, gNB-CU-CP, which is responsible for functions related to CP in gNB-CU, and gNB-CU-UP, which is responsible for functions related to UP, may be functionally separated. In this case, E1, which is an interface between gNB-CU-CP and gNB-CU-UP, and / or F1-C, which is an interface between gNB-CU-CP and gNB-DU, may be changed to a new interface. That is, as gNB-CU-CP and AMF are merged, the E1 interface and / or the F1-C interface may be changed.

[0188] According to one embodiment of the present disclosure, in a structure in which gNB-CU-CP and AMF are merged, the protocol stack of the wireless interface of gNB-CU-CP may be changed. The change in the protocol stack of the wireless interface of gNB-CU-CP may cause a change in the aforementioned interfaces.

[0189] According to one embodiment of the present disclosure, optimization can be performed by merging gNB-CU-CP and AMF.

[0190] According to one embodiment of the present disclosure, in a structure in which gNB-CU-CP and AMF are merged, the existing N2 interface between the RAN and AMF may be removed or replaced. For example, in a structure in which gNB-CU-CP and AMF are merged as described above, the existing N2 interface may be replaced by the internal signaling of the new device.

[0191] In other words, the existing signaling through the N2 interface between gNB-CU-CP and AMF can be changed to internal signaling depending on the implementation of the merged entity (an entity formed by merging gNB-CU-CP and AMF), and the interface between the integrated entity and SMF, UPF, and gNB can also be changed to correspond to the integrated entity.

[0192] FIG. 10 illustrates a protocol stack for a structure in which gNB-CU-CP and AMF are merged according to one embodiment of the present disclosure.

[0193] According to one embodiment of the present disclosure, in a structure in which gNB-CU-CP and AMF are merged, the device in which gNB-CU-CP and AMF are merged may include a dual protocol stack. The dual protocol stack may include two protocol stacks. For example, the dual protocol stack may include a protocol stack in the direction of the wireless network and a protocol stack in the direction of the core network. The dual protocol stack may include a protocol including PDCP and RRC in the direction toward gNB-DU in the device in which gNB-CU-CP and AMF are merged. Additionally, the dual protocol stack may include an SBI protocol stack in the direction toward the core network (e.g., 6GC). Here, the SBI protocol stack may include the SBI protocol from the existing 5GC. For example, the SBI protocol stack may include a protocol stack including TCP / TLS and HTTP / 2.

[0194] Referring to FIG. 10, an SBI protocol stack according to one embodiment of the present disclosure may include a protocol stack including UDP / QUIC and HTTP / 3. For example, an SBI protocol stack may include a protocol stack composed of L1 / L2, IP, UDP, QUIC, HTTP / 3, and APP layers, but is not limited thereto.

[0195] According to one embodiment of the present disclosure, in a structure in which gNB-CU-CP and AMF are merged, a device and a network in which gNB-CU-CP and AMF are merged can be connected through an SBI interface composed of the aforementioned SBI protocol stack. As a result, the problems of the aforementioned existing P2P-based N2 interface can be resolved.

[0196] FIG. 11 illustrates a network structure in which network entities within a base station and a core network are connected through a service-based interface (SBI) according to one embodiment of the present disclosure.

[0197] Referring to FIG. 11, unlike the structure in which gNB-CU-CP and AMF are merged as described in FIG. 8 to 10, a structure may be provided in which the existing gNB-CU-CP and AMF are separated, while the existing P2P-based N2 interface connecting the RAN and AMF is changed to an SBI-based interface. For example, the RAN may be connected to network entities within the core network through the SBI interface.

[0198] In the present disclosure, the interface connecting the RAN and network entities may be referred to as Nng-ran, but is not limited thereto.

[0199] According to one embodiment of the present disclosure, by changing the existing P2P-based N2 interface connecting the RAN and AMF to an SBI-based interface, the RAN can transmit and receive control data with network entities within the core network through the SBI interface. For example, unlike the existing method of transmitting and receiving control data with the network via the AMF or through the AMF, in the structure of FIG. 11, the RAN can transmit and receive control data with all network functions (NFs) or network entities within the core network, in addition to the AMF, through the SBI interface. For example, the RAN can transmit NAS messages to network entities and / or receive NAS messages from network entities. A method for the RAN to transmit and receive control data with network entities will be described in more detail with reference to FIGs. 12 through 14.

[0200] In one embodiment, the AMF can function as a terminal for NAS signals. In this case, all NAS control signals, such as NAS messages of the SM (session management) type, UE Policy type, SMS (short message service) type, or LCS (location services) type, in addition to NAS of the MM (mobility management) type, can be transmitted from the RAN to the AMF. The AMF can transmit the NAS control signals received from the RAN to NFs corresponding to the NAS message types.

[0201] In the existing 5GC, if the RAN does not include an SBI interface, the RAN may be required to transmit requests for the aforementioned functions to the AMF in order for the RAN to search for, select, or request NF services from NFs within the core network. That is, since the AMF acts as an intermediary in all operations between the RAN and network entities within the core network, including the aforementioned operations of the RAN, unnecessary overhead may occur for the AMF. Furthermore, since all NAS control signals between the RAN and network entities are transmitted and received through the AMF, the AMF may experience excessive congestion. If a problem occurs with the AMF, the terminal and network entities within the core network cannot transmit or receive control signals, which may paralyze the entire network system.

[0202] Furthermore, since conventional N2 interfaces are Point-to-Point (P2P) based interfaces, they may retain all the disadvantages of existing P2P-based interfaces. For example, since every NF pair in a network has a different P2P interface, the complexity of the network can increase relatively. In addition, because the protocol stack constituting each interface also differs for each P2P interface, relatively large amounts of time, cost, and human resources may be consumed to implement or maintain all P2P interfaces.

[0203] In addition, the dependency between two NFs connected via a P2P-based interface can be relatively very large. For example, if you want to add a new feature to one of the two NFs connected via a P2P-based interface or update an existing feature, modification of the other NF may be required. Alternatively, modification of the interface connecting the two NFs itself may also be required. In other words, adding a new feature or updating an existing feature to an NF connected via a P2P-based interface may require a relatively large amount of time.

[0204] In addition, P2P-based interfaces of mobile communication networks may include relatively more protocols used only in mobile communication networks than protocols generally widely used in the IT (information and technology) field. For example, P2P-based interfaces may include protocols such as SCTP (stream control transmission protocol) or GTP (general packet radio service (GPRS) tunneling protocol).

[0205] Furthermore, as mentioned above, since the dependency between NFs connected through P2P-based interfaces is very high, P2P-based interfaces may not be suitable for cloud-based network system structures. In cloud-based network system structures, each network function is independent of one another, and open-source APIs provided by the cloud can primarily provide communication protocols widely used in IT technology. For example, in a cloud-based network system structure, communication protocols such as TCP / IP or HTTP can be provided.

[0206] Recently, discussions are underway to more fully utilize the IT technologies of 5GS, which significantly reduced the CAPEX / OPEX of network operators for 6GS. For example, technologies such as SDN (Software-Defined Network) or NFV (Network Function Virtualization) can be adopted in 6GS. In other words, recent discussions are aiming for a Cloud-native 6GS. According to one embodiment of the present disclosure, an interface suitable for Cloud-native can be provided. For example, in one embodiment of the present disclosure, an SBI-based N2 interface may be provided.

[0207] FIG. 12 illustrates the structure of terminals, base stations, and some network entities in a network structure applying an SBI-based N2 interface according to one embodiment of the present disclosure.

[0208] The network structure of Fig. 12 can be understood as a structure for explaining the connection relationships of UE, NG-RAN, and some network entities among network structures applying an SBI-based N2 interface with reference to Fig. 11.

[0209] According to one embodiment of the present disclosure, the RAN may use an SBI-based N2 interface instead of a conventional P2P-based N2 interface. As a result, the RAN can perform direct communication with all NFs within the core network. For example, referring to FIG. 12, the RAN can perform direct communication with the AMF, SMF, LMF, PCF, and SMSF. Of course, as described above with reference to FIG. 11, the RAN may also perform direct communication with other network entities within the core network in addition to the aforementioned network entities. The RAN can transmit NAS messages directly to each corresponding network entity without passing through the AMF to transmit NAS messages sent by the terminal. This will be explained in more detail with reference to FIGs. 13 and 14.

[0210] FIG. 13 illustrates a schematic diagram showing the process of transmitting a NAS message in a structure to which an SBI-based N2 interface is applied according to one embodiment of the present disclosure.

[0211] Referring to Fig. 13, the RAN can be communicated with network functions or network entities within the core network through a common SBI.

[0212] According to one embodiment of the present disclosure, as described above, the RAN can transmit and receive control signals through the SBI with network functions such as SMF, SMSF, PCF, or LMF. Of course, the network functions or network entities to which the RAN is connected through the SBI are not limited to the example shown in FIG. 13 and can transmit and receive control signals through the SBI with other network functions or network entities within the core network.

[0213] According to one embodiment of the present disclosure, a RAN can directly transmit and receive NAS messages with other network functions or other network entities without passing through an AMF. The RAN can transmit and receive NAS messages of all other types, not just MM-type NAS messages. For example, the RAN can transmit and receive SM-type NAS messages with an SMF entity. For example, the RAN can transmit and receive SMS-type NAS messages with an SMSF entity. For example, the RAN can transmit and receive UE Policy-type NAS messages with a PCF entity. For example, the RAN can transmit and receive LCS-type NAS messages with an LMF entity. Of course, the control signals or NAS messages transmitted and received by the RAN through the SBI are not limited to the examples illustrated in FIG. 13.

[0214] FIG. 14 illustrates the protocol stacks of terminals, base stations, and network entities in a structure in which an SBI-based N2 interface is applied according to one embodiment of the present disclosure.

[0215] Referring to FIG. 14, the protocol stack constituting the N2 interface between the base station and the AMF may include an SBI protocol stack. Additionally, NFs responsible for NAS messages within the core network may each include a NAS protocol stack for direct transmission and reception of NAS messages with the terminal.

[0216] According to one embodiment of the present disclosure, an SBI-based N2 interface may be implemented using an existing communication protocol stack. For example, an SBI-based N2 interface may be implemented using a communication protocol stack including HTTP / 2 and TCP / IP, but is not limited thereto. For example, an SBI-based N2 interface may be implemented using a communication protocol stack including HTTP / 3 and QUIC as described above. When using an SBI-based N2 interface, all NFs may be operated independently.

[0217] FIG. 15 illustrates an overview of how a security key is generated and used when a NAS termination point device according to one embodiment of the present disclosure is a terminal and an AMF.

[0218] Referring to FIG. 15, a conventional NAS termination point device may include a terminal (user equipment, UE) and an AMF entity.

[0219] In the present disclosure, the operation of obtaining a key different from a specific key from a specific key may include the operation of deriving or deriving a key. Accordingly, in the present disclosure, derivation of a key, derivation of a key, and obtaining a key may be used interchangeably.

[0220] In one embodiment, when the NAS termination point device is a terminal and an AMF, the terminal and the network may perform procedures to check mutual authentication and service usage rights. For example, the terminal and the network may perform 5G-AKA (5G Authentication and Key Agreement) or EAP-AKA' (Extensible Authentication Protocol-AKA'). Accordingly, when the NAS termination point device is a terminal and an AMF, the terminal and the AMF may generate a NAS key and an AS key. The NAS key may include a key for encryption and / or integrity verification of NAS messages transmitted and received by the terminal and the AMF, which are the NAS termination points. The AS key may include a key for encryption and / or integrity verification of RRC signaling between the terminal and the base station or data in the user plane (UP).

[0221] In one embodiment, when the NAS end device is a terminal and an AMF, an AMF key for generating a NAS key based on a SEAF key may be derived. That is, keys for encryption and / or integrity verification of a NAS message may be derived from an AMF key derived based on a SEAF key.

[0222] In one embodiment, the AMF can derive a base station key (or gNB key) for generating AS keys between the terminal and the base station based on the AMF key. Keys for encryption and / or integrity checks for RRC signaling or UP data can be derived from the base station key derived based on the AMF key.

[0223] In the present disclosure, the SEAF key is K SEAF Or it can be referred to as K_SEAF. The AMF key is K AMF Or it can be referred to as K_AMF. The base station key is K gNBAlternatively, it may be referred to as K_gNB. Additionally, the key mentioned in this disclosure may be referred to in the same manner as described above.

[0224] FIG. 16 illustrates a key hierarchy structure in the case where a NAS terminal device according to one embodiment of the present disclosure is a terminal and an AMF.

[0225] The key layer structure of Fig. 16 may be related to a 5G-AKA (5G Authentication and Key Agreement) or EAP-AKA' (Extensible Authentication Protocol-AKA') procedure that includes a mutual authentication procedure between a terminal and a network.

[0226] Referring to FIG. 16, a mutual authentication procedure between a terminal and a network can be initiated based on a root key. In this disclosure, the root key may be referred to as K. The terminal and the network may store the root key. For example, it may be stored in a universal subscriber identity module (USIM) installed in the terminal and in a unified data management (UDM) entity within a home network (HN). An authentication credential repository and processing function (ARPF) that performs the function of storing and processing authentication credentials of the UDM may store and manage the root key K corresponding to the subscriber.

[0227] ARPF can generate a cipher key (CK) and an integrity key (IK) based on a root key K corresponding to the subscriber. In addition, the USIM within the terminal can also independently generate a CK and an IK based on K.

[0228] ARPF can obtain an authentication server function (AUSF) key (K_AUSF) based on the generated CK and IK. For example, ARPF can derive or derive K_AUSF from the CK, IK, and service network identifier (SN-name). Additionally, the terminal can obtain K_AUSF in the same manner. The K_AUSF obtained by ARPF can be transmitted to the AUSF.

[0229] AUSF is based on K_AUSF and the SEAF key (K_SEAF or K SEAF It can generate ). For example, AUSF can derive a SEAF key based on K_AUSF and the subscription permanent identifier (SUPI). The terminal can also derive K_SEAF based on K_AUSF in the same way.

[0230] SEAF can obtain K_AMF based on K_SEAF. The terminal can likewise obtain K_AMF based on K_SEAF. As described above with reference to FIG. 15, K_AMF can be used to obtain a NAS key or an AS key. AMF can receive K_AMF from SEAF.

[0231] The AMF can obtain a NAS key based on K_AMF. For example, as described above with reference to FIG. 15, the AMF is K AMF K for checking the integrity of NAS messages from NASint K for encryption of and / or NAS messages NASenc It can derive.

[0232] In addition, AMF is a base station key (K) for deriving the AS key based on K_AMF. gNB ) can be obtained. The base station obtains K from the AMF.gNB It can receive. The base station is K gNB AS keys can be generated based on. For example, the base station can generate an RRC integrity key (K) for verifying the integrity of RRC signaling. RRCint ), RRC encryption key (K) for encryption of RRC signaling RRCenc ), UP integrity key (K) for checking the integrity of user plane (UP) data UPint ), or UP encryption key (K) for encrypting UP data UPenc Can generate at least one of ).

[0233] Likewise, the terminal may independently perform the aforementioned procedure in which the AMF generates the NAS key and / or the aforementioned procedure in which the base station acquires the AS key.

[0234] FIG. 17 illustrates an overview of how a security key is generated and used in a Distributed NAS structure based on an SBI-based N2 interface according to one embodiment of the present disclosure. FIG. 18 illustrates a key hierarchy in a Distributed NAS structure based on an SBI-based N2 interface according to one embodiment of the present disclosure.

[0235] FIG. 17 can be understood as a structure in which NAS keys and AS keys are generated and used in a network system structure in which the aforementioned SBI-based N2 interface is applied with reference to FIG. 11 to 14. Likewise, FIG. 18 can be understood as a hierarchical structure of security keys generated according to a mutual authentication procedure between a terminal and a network in a network system structure in which the aforementioned SBI-based N2 interface is applied with reference to FIG. 11 to 14.

[0236] Referring to FIG. 17, in a network system structure including an SBI-based N2 interface according to one embodiment of the present disclosure, NAS end devices may exist in multiple pairs, such as a terminal and an AMF, a terminal and an SMF, a terminal and a PCF, a terminal and an SMSF, and / or a terminal and an LMF. Of course, in a network system including an SBI-based N2 interface according to one embodiment of the present disclosure, NAS end devices are not limited to the examples described above. For example, in addition to the examples described above, new NFs and terminals defined in 6GS may be included in the NAS end devices.

[0237] Referring to FIG. 18, in a network system structure to which an SBI-based N2 interface according to one embodiment of the present disclosure is applied, a NAS key and / or an AS key may be generated according to a mutual authentication procedure between a terminal and a network. According to one embodiment of the present disclosure, the mutual authentication procedure between the terminal and the network and the verification of the terminal's service usage rights may refer to at least some of the procedures of the aforementioned 5G-AKA (5G Authentication and Key Agreement) or EAP-AKA' (Extensible Authentication Protocol-AKA'). Accordingly, the present disclosure may describe various embodiments based on 5G-AKA, but is not limited thereto. That is, the procedures according to the various embodiments described in the present disclosure may likewise be applied to the mutual authentication or authorization verification procedures between the terminal and the network that will be newly defined in 6GS.

[0238] According to one embodiment of the present disclosure, a terminal and a network may perform a procedure based on the aforementioned root key with reference to FIG. 16 for mutual authentication and verification of the terminal's service usage rights. For example, the terminal may generate a CK and an IK based on a root key K stored in a USIM, and the network may generate a root key K based on a root key K stored in a UDM. Additionally, the UDM and USIM may derive an AUSF key (K) from the root key K through a key derivation procedure. AUSF Can generate ). K AUSF It is transmitted from the UDM or ARPF to the AUSF, and at the terminal, it can be transmitted from the USIM to the ME (mobile equipment). K AUSF is K within AUSF and ME SEAF It can be used to derive or derive. In a network, K SEAF It can be transmitted to SEAF. SEAF is one of the network functions and can be referenced as a sub-function of AMF. That is, SEAF can be included within an AMF entity.

[0239] The SEAF of the AMF and the ME of the terminal are K SEAF Based on this, NAS keys corresponding to multiple network entities within the core network can be obtained. For example, the SEAF and the terminal are K SEAF K, a key used to derive keys for integrity checking and / or encryption of NAS messages. AMF, K SMF, K PCF, K SMSF, and / or K LMF ...can be obtained. Or, according to one embodiment of the present disclosure, the SEAF and the ME of the terminal are K SEAF K, the common NAS key of all NFs from NAS Acquire, and the common NAS key K NASYou can also obtain NAS keys corresponding to multiple network entities from it.

[0240] According to one embodiment of the present disclosure, a plurality of NFs (or a plurality of network entities) and a terminal (or ME of the terminal) have keys derived from a SEAF (e.g., K AMF, K SMF, K PCF, K SMSF, K LMF A key for checking the integrity and / or encrypting NAS messages can be generated based on ). For example, multiple NFs (or multiple network entities) and a terminal (or the terminal's ME) K AMF, K SMF, K PCF, K SMSF, and / or K LMF Based on K NAS_MM_int , K NAS_MM_enc, K NAS_SM_int , K NAS_SM_enc, K NAS_PCF_int , K NAS_PCF_enc, K NAS_SMSF_int , K NAS_SMSF_enc, K NAS_LMF_int , and / or K NAS_LMF_enc It can generate.

[0241] In addition, the AMF's SEAF and the terminal's ME are K SEAF Based on, the AS key K N3IWF and / or K gNB ...can be obtained. For example, the SEAF and the terminal can derive K for deriving sub-AS keys for RRC signaling or integrity checking and / or encryption of UP data. gNB ...can be obtained. Of course, the method of generating an AS key in the present disclosure is not limited to the examples described above. For example, according to one embodiment of the present disclosure, the AMF and the ME of the terminal are K AMF K, the AS key from N3IWF Wow K gNB It can also be derived.

[0242] According to one embodiment of the present disclosure, a base station (or Gnb) and a terminal (or ME of the terminal) are K gNB Based on this, a key for integrity verification and / or encryption of RRC (Radio Resource Control) control messages, which are AS control messages, can be generated. For example, the base station (or Gnb) and the terminal (or the terminal's ME) K gNB Based on K RRCint , or K RRCenc At least one of can be generated. In addition, the base station (or gNB) and the terminal (or the terminal's ME) K gNB Based on this, a key for verifying the integrity of user data in the AS and / or for encryption can be generated. For example, the base station (or Gnb) and the terminal (or the terminal's ME) K gNB Based on K UPint , or K UPenc You can generate at least one of them.

[0243] FIG. 19 illustrates an overview of a mutual authentication and key generation procedure between a terminal and a network according to one embodiment of the present disclosure.

[0244] Referring to FIG. 19, the operation of a terminal, a base station, and a network (or network entity) according to one embodiment of the present disclosure may include a step 1910 of generating a basic key used to generate an AS security key or a NAS security key and a mutual authentication procedure between the terminal and the network, a step 1920 of generating an AS security key, and a step 1930 of generating a NAS security key.

[0245] In step 1910, a mutual authentication procedure between the terminal and the network may be performed. The mutual authentication procedure between the terminal and the network may include at least some of the aforementioned 5G-AKA or EAP-AKA procedures. Additionally, in step 1910, a procedure for generating a primary key used to generate an AS security key and / or a NAS security key may be performed. The primary key used to generate the AS security key and / or the NAS security key, the aforementioned AUSF key (K AUSF ) or SEAF key(K SEAF It may include ). For example, the SEAF key (K mentioned above in step 1910. SEAF An operation to generate ) may be performed. Step 1910 may be performed by at least some of a terminal, UDM (or ARPF), AUSF, SEAF, or base station, but is not limited thereto. Specific operations performed in step 1910 will be described in more detail with reference to FIG. 20.

[0246] In step 1920, a procedure for generating an AS security key may be performed. For example, in step 1920, with reference to FIGS. 17 and 18, the aforementioned base station key (K gNB An operation to generate ) and an operation to generate a subordinate AS key based on the base station key may be performed. Step 1920 may be performed by at least some of the terminal, SEAF, or base station, but is not limited thereto. Specific operations for generating the AS security key in Step 1920 will be described in more detail with reference to FIG. 21. A procedure for generating the NAS security key may be performed in Step 1930. For example, in Step 1930, the aforementioned SEAF key (K SEAFAn operation to generate multiple NAS keys corresponding to multiple network entities based on ) may be performed. For example, in step 1930, multiple NFs (or multiple network entities) and a terminal (or the terminal's ME) K AMF, K SMF, K PCF, K SMSF, and / or K LMF Based on K NAS_MM_int , K NAS_MM_enc, K NAS_SM_int , K NAS_SM_enc, K NAS_PCF_int , K NAS_PCF_enc, K NAS_SMSF_int , K NAS_SMSF_enc, K NAS_LMF_int , and / or K NAS_LMF_enc An operation to generate the can be performed. The specific operation to generate the NAS security key in step 1930 will be explained in more detail with reference to FIG. 22.

[0247] Hereinafter, a signaling procedure for mutual authentication and key generation between a terminal and a network according to an embodiment of the present disclosure is described with reference to FIGS. 20 to 22. In FIGS. 20 to 22, network function (NF) and network entity may be used interchangeably.

[0248] FIG. 20 illustrates a signaling procedure for mutual authentication and key generation between a terminal and a network according to one embodiment of the present disclosure. FIG. 20 may be included in step 1910 of FIG. 19.

[0249] In Step 1, the Unified Data Management (UDM) or the Acknowledgment Credential Repository and Processing Function (ARPF) may receive an authentication credential acquisition request message. For example, the UDM or ARPF may receive a Nudm_Authenticate_Get Request message. Upon receiving the authentication request message, the UDM or ARPF may generate a 5G Home Environment Authentication Vector (5G HE AV). The 5G HE AV contains a Random Challenge (RAND), an Authentication Token (AUTH), an Expected Response Star (XRES), and K AUSF It may include at least one of the following. RAND is a random number transmitted to the terminal in the AKA procedure and may be used for authentication synchronization between the terminal and the network. AUTN may be a token transmitted by the home network for the authentication of the terminal in the AKA procedure. For example, AUTN may include, but is not limited to, information for the terminal to authenticate the network, such as a MAC (message authentication code) or a sequence number. UDM or ARPF is K AUSF Generate and calculate XRES* (extended expected response) to RAND, AUTH, XRES*, and K AUSF It is possible to generate 5G HE AV composed of

[0250] In Step 2, the UDM may send an authentication acquisition response message to the AUSF (Authentication Server Function) in response to the authentication acquisition request message (Nudm_Authenticate_Get Request). For example, the UDM may send a Nudm_UEAuthentication_Get Response message to the AUSF. The Nudm_UEAuthentication_Get Response message may include the 5G HE AV value generated in Step 1 and an indicator indicating that the 5G HE AV value should be 5G AKA.

[0251] According to one embodiment of the present disclosure, if the Nudm_Authenticate_Get Request received by the UDM in step 1 includes SUCI (subscription concealed identifier) ​​as the ID of the terminal, the Nudm_UEAuthentication_Get Response message may include a SUPI value obtained by deconcealing SUCI based on SIDF (subscriber identity de-concealing function).

[0252] If the user has signed up for AKMA (Authentication and Key Management for Applications), the UDM Nudm_UEAuthentication_Get Response message may further include an AKMA indication and a routing indicator to indicate support for the AKMA function.

[0253] In step 3, AUSF can store the XRES* value received from UDM. Additionally, AUSF can temporarily store SUCI or SUPI, which is the terminal ID, along with the XRES* value received from UDM.

[0254] In step 4, the AUSF can generate a 5G AV from the 5G HE AV. According to one embodiment of the present disclosure, the AUSF receives an XRES* value from a UDM or ARPF, and K AUSF You can calculate HXRES* based on the key.

[0255] According to one embodiment of the present disclosure, AUSF is K AUSF Based on K SEAF The key can be obtained. For example, AUSF obtains the XRES* value received from UDM or ARPF, and K AUSF K based on the key SEAF Keys can be derived or derived. Based on 5G HE AV, AUSF changes the XRES* value to HXRES* and K AUSF Key K SEAF You can obtain 5G AV changed to a key.

[0256] In Step 5, the AUSF may transmit a terminal authentication request message to the SEAF (security anchor function). For example, the terminal authentication request message may include a Nausf_UEAuthentication_UEAuthentication Response message. Based on the 5G AV mentioned above in Step 4, the AUSF K SEAF A terminal authentication request message can be transmitted that includes a 5G SE AV (5G Serving Environment Authentication Vector) value consisting of RAND, AUTN, and HXRES* values, after removing the key.

[0257] In step 6, the SEAF can transmit an authentication request message to the base station. The SEAF can transmit a NAS message for the authentication request to the base station to deliver the authentication request message to the terminal (user equipment, UE). For example, the SEAF can use the RAN's NF service to deliver the NAS message Authentication Request to the terminal. For example, the SEAF can use the Communication DL NAS Message Transfer service provided by the RAN to deliver the NAS message for the authentication request to the terminal over the down link (DL).

[0258] According to one embodiment of the present disclosure, SEAF may transmit an Nng-ran_Communication_DLNASMessageTransfer message to RAN that includes a NAS message Authentication Request message. The NAS message Authentication Request message may include RAND and AUTN values.

[0259] According to one embodiment of the present disclosure, a NAS message Authentication Request message may include information for distinguishing a plurality of NAS keys. For example, the NAS message Authentication Request message may include information for distinguishing a plurality of NAS keys later between the terminal and the AMF K AMF ngKSI (NAS Key Set Identifier)-AMF value to distinguish between key and partial native security context values, terminal and SMF are K SMFngKSI (NAS Key Set Identifier)-SMF value as an ID that distinguishes the key and partial native security context value, and the terminal and PCF are K PCF The ngKSI (NAS Key Set Identifier)-PCF value as an ID that distinguishes the key and the partial native security context value, and the terminal and SMSF are K SMSF ngKSI (NAS Key Set Identifier)-SMSF value as an ID that can distinguish the key and partial native security context value, and / or the terminal and LMF are K LMF You can additionally include the ngKSI(NAS Key Set Identifier)-LMF value as an ID that can distinguish between the key and the partial native security context value.

[0260] Additionally, according to one embodiment of the present disclosure, a NAS message Authentication Request message may include information subsequently used by a terminal and a plurality of network entities to derive a plurality of NAS keys identically. For example, the NAS message Authentication Request message may include an ABBA(Anti-Bidding down Between Architectures)-AMF value for generating identical keys between the terminal and the AMF, an ABBA(Anti-Bidding down Between Architectures)-SMF value for generating identical keys between the terminal and the SMF, an ABBA(Anti-Bidding down Between Architectures)-PCF value for generating identical keys between the terminal and the PCF, an ABBA(Anti-Bidding down Between Architectures)-SMSF value for generating identical keys between the terminal and the SMSF, and / or an ABBA(Anti-Bidding down Between Architectures)-LMF value for generating identical keys between the terminal and the LMF.

[0261] In step 6-1, the base station (or RAN) may transmit an authentication request message received from SEAF to the terminal. For example, the base station (or RAN) may transmit a NAS message Authentication Request message to the terminal using the Uu interface. To do this, the base station may use a DLInformationTransfer message, which is a radio resource control (RRC) message.

[0262] According to one embodiment of the present disclosure, a mobile entity (ME) that receives an authentication request message from a base station or a RAN can transmit a RAND value and an AUTH value included in the authentication request message to a UMTS subscriber identity module (USIM).

[0263] In step 7, the terminal can calculate a RES* (response star) for an authentication response. The terminal calculates the RES* based on RAND and AUTN, and the RES* may include an authentication response value to be transmitted to the network. The USIM, having received the RAND value and AUTH value from the ME, can calculate the RES* value. The USIM can transmit the RES*, IK (integrity key), and CK (cipher key) to the ME.

[0264] According to one embodiment of the present disclosure, the ME can calculate the RES* value using the RES value received from the USIM. Additionally, the ME can calculate K using the CK||IK value including CK and IK. AUSF The key can be derived.

[0265] In step 8, the terminal may send an authentication response message to the RAN. The authentication response message may include the RES* value calculated in step 7.

[0266] According to one embodiment of the present disclosure, a terminal may use a ULInformationTransfer message, which is a radio resource control (RRC) message, to transmit an authentication response message to a RAN using a Uu interface.

[0267] In step 8-1, the RAN can send a NAS message Authentication Response message to the SEAF based on the authentication response message received from the terminal.

[0268] According to one embodiment of the present disclosure, a RAN may use a Communication UL NAS Message Transfer service, which is an NF service of the RAN, to transmit a NAS message received from a terminal to a specific NF in a CN (core network). The Communication UL NAS Message Transfer service may include an NF service of the RAN for transmitting a NAS message received from a terminal to an uplink (UL).

[0269] According to one embodiment of the present disclosure, the RAN may transmit an Nng-ran_Communication_ULNASMessageTransfer message to the SEAF, which includes an authentication response message received from the terminal.

[0270] In Step 9, SEAF can determine whether authentication for the terminal has been successful. For example, SEAF can calculate the HRES* value using the received RES* value and compare the HRES* value with the HXRES* value. If the two compared values ​​are identical, SEAF can determine that authentication for the terminal has been successful in the serving network.

[0271] In step 10, SEAF may send a terminal authentication request message to AUSF. For example, SEAF may send a Nausf_UEAuthentication_Authenticate Request message to AUSF. The Nausf_UEAuthentication_Authenticate Request message may include a RES* value received from the terminal.

[0272] In Step 11, the AUSF can verify the RES* value. If the AUSF receives a RES* value from the SEAF indicating successful authentication of the terminal, the AUSF can verify whether the 5G AV value has expired. If the 5G AV value has expired, the AUSF may determine that terminal authentication has failed from the home network perspective, even if it has received the RES* value.

[0273] According to one embodiment of the present disclosure, when authentication of a terminal is successful from the perspective of both a serving network and a home network, the AUSF, according to the policy of the home network, K AUSF It can store the received RES* value and the stored XRES* value. The AUSF can compare the received RES* value with the stored XRES* value. If the received RES* value and the stored XRES* value are the same, the AUSF can identify that the terminal's authentication has been successful from the perspective of the home network. The AUSF can transmit the terminal's authentication result to the UDM.

[0274] In step 12, the AUSF may send a terminal authentication response message to the SEAF. For example, the AUSF may send a Nausf_UEAuthentication_Authenticate Response message to the SEAF. The Nausf_UEAuthentication_Authenticate Response message may include information regarding a result indicating whether the authentication of the terminal from the perspective of the home network was successful. If the authentication of the terminal is successful, the AUSF sends K to the SEAF SEAF A Nausf_UEAuthentication_Authenticate Response message containing a key can be transmitted. Additionally, if AUSF receives SUCI from SEAF as the terminal ID, AUSF can transmit a Nausf_UEAuthentication_Authenticate Response message containing the terminal's SUPI to SEAF.

[0275] In step 12-1, the terminal is K AUSF K based on the key SEAF It can obtain. For example, the terminal's ME is K AUSF From K SEAF It can be derived. In one embodiment, step 12-1 may be included in the aforementioned step 7.

[0276] FIG. 21 illustrates a signaling procedure for generating an AS key according to one embodiment of the present disclosure. FIG. 21 may be included in step 1920 of FIG. 19.

[0277] In Step 13, the SEAF uses the base station key (K) to generate the AS (Access Stratum) key. gNB ) can be obtained. According to one embodiment of the present disclosure, SEAF is K SEAF From K gNB...can be derived. Alternatively, SEAF, similar to the procedures under the existing 5G-AKA or EAP-AKA, K AMF From K gNB It can derive.

[0278] According to one embodiment of the present disclosure, in step 13, the terminal K in the same way as SEAF gNB It can obtain. For example, the terminal, K SEAF From K gNB It can derive.

[0279] In step 14, the SEAF may send an ASKeyTransfer message to the base station or the RAN. For example, the SEAF may send an Nseaf_Security_ASKeyTransfer message to the base station or the RAN.

[0280] According to one embodiment of the present disclosure, the Nseaf_Security_ASKeyTransfer message may include the KgNB obtained in step 13. The Nseaf_Security_ASKeyTransfer message may include information for generating an AS IK, an AS CK, an UP IK, and / or an UP CK from the KgNB key. For example, the Nseaf_Security_ASKeyTransfer message may further include a Next Hop Chaining Count (NCC) value and a Short Round Robin Key Derivation (NH) index value.

[0281] According to one embodiment of the present disclosure, if K in step 13 gNB Key K AMF In the case of deriving from a key, at step 14, SEAF uses the Namf_Security_ASKeyTransfer message to K to RAN. gNB You can transmit the key.

[0282] In step 15, the base station or RAN may obtain at least one of a key for checking the integrity of RRC signaling, a key for encrypting RRC signaling, a key for checking the integrity of user plane data, or a key for encrypting user plane data. For example, the base station or RAN may obtain a K received from a SEAF or AMF. gNB K, a key used to check the integrity of RRC control signaling messages based on the key RRCint , K, the key for encrypting RRC control signaling messages RRCenc , K, a key for checking the integrity of user data UPint , or K, which is the key for encrypting user data UPenc At least one of can be generated. A base station or RAN generates K to derive the aforementioned key. gNB In addition to the key, NCC and NH values ​​may be used, but are not limited thereto.

[0283] According to one embodiment of the present disclosure, in step 15, the terminal can independently obtain a key for integrity checking and encryption of the aforementioned AS control signaling or user plane data in a manner similar to that of a base station or RAN. As a result, the terminal and the base station can each store the same AS key.

[0284] In step 16, the RAN may send an AS key transfer response message to the SEAF. For example, the RAN may send the response message to the SEAF using the Nseaf_Security_ASKeyTransfer message. According to one embodiment of the present disclosure, the Nseaf_Security_ASKeyTransfer message may include information indicating whether the generation of the AS key was successful.

[0285] According to one embodiment of the present disclosure, in a procedure for generating an AS key, if K in step 13 gNB Key KAMF When derived from a key, the aforementioned response message may be transmitted to the AMF. For example, in this case, the base station or RAN may transmit the response message to the AMF using the Namf_Security_ASKeyTransfer message.

[0286] FIG. 22 illustrates a signaling procedure for generating a NAS key according to one embodiment of the present disclosure. FIG. 22 may be included in step 1930 of FIG. 19.

[0287] In Step 17, SEAF can generate multiple NAS keys corresponding to multiple network entities. For example, SEAF can generate multiple NAS keys corresponding to multiple network entities based on a specified primary key. The specified primary key is the SEAF key (K SEAF It may include, but is not limited to) . Here, multiple network entities may refer to network entities corresponding to the type of NAS message. For example, multiple network entities may include, but are not limited to, AMF, SMF, PCF, SMSF, and LMF. For example, multiple network entities may further include new network entities defined in 6GS.

[0288] According to one embodiment of the present disclosure, a plurality of NAS keys corresponding to a plurality of network entities may be used for generating or deriving a key for integrity verification and encryption of a NAS message transmitted between a plurality of network entities and a terminal. In the present disclosure, a NAS key corresponding to an AMF entity is an AMF key (K AMF ), the NAS key corresponding to the SMF entity is the SMF key(K SMF ), the NAS key corresponding to the PCF is the PCF key (K PCF ), the NAS key corresponding to the SMSF entity is the SMSF key(K SMSF), the NAS key corresponding to the LMF entity is the LMF key(K LMF They can be referred to as ) respectively. K AMF It can be used to derive a key for integrity verification or encryption of an MM-type NAS message, which is a NAS message transmitted between an AMF entity and a terminal. SMF It can be used to derive a key for integrity verification or encryption of SM-type NAS messages transmitted between an SMF entity and a terminal. PCF It can be used to derive a key for integrity verification or encryption of UE Policy type NAS messages transmitted between a PCF entity and a terminal. SMSF It can be used to derive a key for integrity verification or encryption of SMS-type NAS messages transmitted between an SMSF entity and a terminal. LMF It can be used to derive a key for integrity verification or encryption of LCS type NAS messages transmitted between an LMF entity and a terminal.

[0289] According to one embodiment of the present disclosure, SEAF gives K to AMF AMF The key can be transferred internally. Alternatively, SEAF can send the Nseaf_Security_NASKeyTransfer message to AMF.

[0290] According to one embodiment of the present disclosure, an AMF may obtain a key for integrity checking and / or encryption of an MM-type NAS message. For example, the AMF may obtain an AMF NAS integrity key (K) for integrity checking of an MM-type NAS message. AMF-NASint AMF NAS encryption key (K) for encrypting ) and MM type NAS messages AMF-NASenc K that received ) from SEAF AMF It can be derived from the key.

[0291] According to one embodiment of the present disclosure, in step 17, the terminal can generate multiple NAS keys corresponding to multiple network entities in a manner similar to SEAF. That is, the terminal can generate multiple NAS keys corresponding to multiple network entities independently of SEAF. For example, the terminal can generate multiple NAS keys corresponding to multiple network entities based on a designated primary key. The designated primary key is a SEAF key (K SEAF It may include, but is not limited to. In addition, the terminal may obtain a key for integrity verification and / or encryption of an MM type NAS message in a manner similar to SEAF.

[0292] In Step 18-1, SEAF tells SMF, K SMF Keys can be transferred. For example, SEAF transfers the K to SMF using the Nseaf_Security_NASKeyTransfer message. SMF You can transmit the key.

[0293] In Step 18-2, SEAF, PCF, K PCF Keys can be transferred. For example, SEAF transfers the K to PCF using the Nseaf_Security_NASKeyTransfer message. PCF You can transmit the key.

[0294] In step 18-3, SEAF, to LMF, K LMF Keys can be transferred. For example, SEAF transfers the K to LMF using the Nseaf_Security_NASKeyTransfer message. LMF You can transmit the key.

[0295] In Step 18-4, SEAF, SMSF, K SMSF Keys can be transferred. For example, SEAF transfers the K to SMSF using the Nseaf_Security_NASKeyTransfer message. SMSFYou can transmit the key.

[0296] In Step 19-1, SMF is K, the key for checking the integrity of the SM type NAS message. SMF-NASint The key, or K, which is the key for encrypting SM-type NAS messages. SMF-NASenc At least one of the keys can be obtained. For example, SMF receives K from SEAF SMF K from the key SMF-NASint Key and K SMF-NASenc The key can be derived.

[0297] According to one embodiment of the present disclosure, a terminal can also obtain at least one of the keys for integrity verification and / or encryption of an SM-type NAS message, in the same manner as the method by which the aforementioned SEAF obtains at least one of the keys for integrity verification and / or encryption of an SM-type NAS message. That is, the terminal obtains a key identical to the key generated by the SEAF, independently of the SEAF. SMF-NASint Key and K SMF-NASenc The key can be derived.

[0298] In Step 19-2, PCF is K, the key for checking the integrity of NAS messages of the UE Policy type. PCF-NASint Key, or K, which is the key for encrypting NAS messages of the UE Policy type. PCF-NASenc At least one of the keys can be obtained. For example, PCF is the K received from SEAF. PCF K from the key PCF-NASint Key and K PCF-NASenc A key can be derived. According to one embodiment of the present disclosure, a terminal can also obtain at least one of the keys for integrity verification and / or encryption of a NAS message of UE Policy type, in the same manner as the method by which the aforementioned SEAF obtains at least one of the keys for integrity verification and / or encryption of a NAS message of UE Policy type. That is, the terminal obtains a key identical to the key generated by the SEAF, independently of the SEAF. PCF-NASint Key and KPCF-NASenc The key can be derived.

[0299] In step 19-3, LMF is K, the key for checking the integrity of an LCS type NAS message. LMF-NASint The key, or K, which is the key for encrypting LCS-type NAS messages. LMF-NASenc At least one of the keys can be obtained. For example, LMF is the K received from SEAF LMF K from the key LMF-NASint Key and K LMF-NASenc A key can be derived. According to one embodiment of the present disclosure, a terminal can also obtain at least one of the keys for integrity verification and / or encryption of an LCS-type NAS message, in the same manner as the method by which the aforementioned SEAF obtains at least one of the keys for integrity verification and / or encryption of an LCS-type NAS message. That is, the terminal obtains a key identical to the key generated by the SEAF, independently of the SEAF. LMF-NASint Key and K LMF-NASenc The key can be derived.

[0300] In step 19-4, SMSF is K, a key for verifying the integrity of an SMS-type NAS message. SMSF-NASint Key, or K, which is the key for encrypting SMS-type NAS messages SMSF-NASenc At least one of the keys can be obtained. For example, SMSF receives K from SEAF SMSF K from the key SMSF-NASint Key and K SMSF-NASenc A key can be derived. According to one embodiment of the present disclosure, a terminal can also obtain at least one of the keys for integrity verification and / or encryption of an SMS-type NAS message, in the same manner as the method by which the aforementioned SEAF obtains at least one of the keys for integrity verification and / or encryption of an SMS-type NAS message. That is, the terminal obtains a key identical to the key generated by the SEAF, independently of the SEAF. SMSF-NASint Key and K SMSF-NASenc The key can be derived.

[0301] In the present disclosure, a key for checking the integrity of a NAS message and / or for encryption may be referred to as a key relating to a NAS message.

[0302] In steps 20-1 through 20-4, multiple network entities may transmit information to SEAF regarding the result of generating a key for a NAS message. For example, multiple network entities may transmit to SEAF a response indicating whether the generation of a key for the aforementioned NAS message was successful using an Nseaf_Security_NASKeyTransfer message.

[0303] In step 20-1, SMF sends K to SEAF using the Nseaf_Security_NASKeyTransfer message SMF-NASint Key and K SMSF-NASenc Information regarding the key generation result can be transmitted.

[0304] In step 20-2, PCF sends K to SEAF using the Nseaf_Security_NASKeyTransfer message PCF-NASint Key and K PCF-NASenc Information regarding the key generation result can be transmitted.

[0305] In step 20-3, LMF sends K to SEAF using the Nseaf_Security_NASKeyTransfer message LMF-NASint Key and K LMF-NASenc Information regarding the key generation result can be transmitted.

[0306] In step 20-4, SMSF sends K to SEAF using the Nseaf_Security_NASKeyTransfer message SMSF-NASint Key and K SMSF-NASenc Information regarding the key generation result can be transmitted.

[0307] According to one embodiment of the present disclosure, in the procedure of FIG. 22, the SEAF does not generate a plurality of NAS keys corresponding to a plurality of network entities for integrity checking and encryption of NAS control messages, and K SEAF Common K derived from the key NAS It is also possible to derive only a single key. In this case, SEAF provides K to each of the multiple network entities. NAS Keys can be transmitted. Multiple network entities receive the K from SEAF. NAS From the key, you can generate keys for each network entity and the corresponding NAS message.

[0308] FIG. 23 illustrates a process for generating a NAS key corresponding to an AMF entity according to one embodiment of the present disclosure. Referring to FIG. 23, K, which is a key for verifying the integrity of an MM-type NAS message, AMF-NASint and K, the key for encrypting MM type NAS messages AMF-NASenc The key is K received from SEAF AMF It can be derived from the key.

[0309] According to one embodiment of the present disclosure, SEAF includes the terminal's SUPI value, ABBA-AMF value, and K in the Key Distribution Function (KDF). SEAF Enter a key to get K as the output value of the KDF AMF The key can be derived.

[0310] According to one embodiment of the present disclosure, the AMF receives K from the SEAF AMF K based on the key AMF-NASint Key and / or K AMF-NASenc The key can be derived. For example, AMF has K in KDF AMF Input the key, an algorithm type distinguisher value for distinguishing or identifying the type of key to be derived, and an algorithm identifier value to K AMF-NASintKey and / or K AMF-NASenc The key can be derived.

[0311] According to one embodiment of the present disclosure, the Algorithm Type Distinguisher value is K, which is a key for checking the integrity of a NAS message of type MM. AMF-NASint It can be set as a value for deriving a key. For example, the Algorithm Type Distinguisher value can be set to an N-NAS-int-alg value. Additionally, the Algorithm Type Distinguisher value is K, which is the key for encrypting NAS messages of type MM. AMF-NASenc It can be set as a value for deriving the key. For example, the Algorithm Type Distinguisher value can be set to N-NAS-enc-alg. Additionally, the Algorithm Identifier value can be set to Alg-ID, which is the ID of the corresponding algorithm.

[0312] FIG. 24 illustrates a process for generating a NAS key corresponding to an SMF entity according to an embodiment of the present disclosure. Referring to FIG. 24, K, which is a key for checking the integrity of an SM-type NAS message, SMF-NASint and K, the key for encrypting SM type NAS messages SMF-NASenc The key is K received from SEAF SMF It can be derived from the key.

[0313] According to one embodiment of the present disclosure, SEAF includes the terminal's SUPI value, ABBA-SMF value, and K in the Key Derivation Function (KDF). SEAF Enter a key to get K as the output value of the KDF SMF The key can be derived.

[0314] According to one embodiment of the present disclosure, the SMF is K received from the SEAF SMF K based on the key SMF-NASint Key and / or K SMF-NASencThe key can be derived. For example, SMF is K in KDF SMF Input the key, an algorithm type distinguisher value for distinguishing or identifying the type of key to be derived, and an algorithm identifier value to K SMF-NASint Key and / or K SMF-NASenc The key can be derived.

[0315] According to one embodiment of the present disclosure, the Algorithm Type Distinguisher value is K, which is a key for checking the integrity of an SM type NAS message. SMF-NASint It can be set as a value for deriving a key. For example, the Algorithm Type Distinguisher value can be set to an N-NAS-int-alg value. Additionally, the Algorithm Type Distinguisher value is K, which is the key for encrypting an SM type NAS message. SMF-NASenc It can be set as a value for deriving the key. For example, the Algorithm Type Distinguisher value can be set to N-NAS-enc-alg. Additionally, the Algorithm Identifier value can be set to Alg-ID, which is the ID of the corresponding algorithm.

[0316] FIG. 25 illustrates a process for generating a NAS key corresponding to a PCF entity according to one embodiment of the present disclosure. Referring to FIG. 25, K, which is a key for checking the integrity of a NAS message of UE Policy type, PCF-NASint and K, the key for encrypting NAS messages of UE Policy type PCF-NASenc The key is K received from SEAF PCF It can be derived from the key.

[0317] According to one embodiment of the present disclosure, SEAF inputs the terminal's SUPI value, ABBA-PCF value, and KSEAF key into a Key Derivation Function (KDF) and K as the output value of the KDF. PCF The key can be derived.

[0318] According to one embodiment of the present disclosure, PCF receives K from SEAF PCF K based on the key PCF-NASint Key and / or K PCF-NASenc The key can be derived. For example, PCF is K in KDF PCF By inputting an algorithm type distinguisher value and an algorithm identifier value to distinguish or identify the key and the type of key to be derived, K PCF-NASint Key and / or K PCF-NASenc The key can be derived.

[0319] According to one embodiment of the present disclosure, the Algorithm Type Distinguisher value is K, which is a key for checking the integrity of a NAS message of UE Policy type. PCF-NASint It can be set as a value for deriving a key. For example, the Algorithm Type Distinguisher value can be set to the N-NAS-int-alg value. Additionally, the Algorithm Type Distinguisher value is K, which is the key for encrypting NAS messages of the UE Policy type. PCF-NASenc It can be set as a value for deriving the key. For example, the Algorithm Type Distinguisher value can be set to N-NAS-enc-alg. Additionally, the Algorithm Identifier value can be set to Alg-ID, which is the ID of the corresponding algorithm.

[0320] FIG. 26 illustrates a process for generating a NAS key corresponding to an SMSF entity according to one embodiment of the present disclosure. Referring to FIG. 26, K, a key for verifying the integrity of an SMS-type NAS message, SMSF-NASint and K, the key for encrypting SMS-type NAS messages SMSF-NASenc The key is K received from SEAF SMSF It can be derived from the key.

[0321] According to one embodiment of the present disclosure, SEAF includes the terminal's SUPI value, ABBA-SMS value, and K in the Key Derivation Function (KDF). SEAF Enter a key to get K as the output value of the KDF SMSF The key can be derived.

[0322] According to one embodiment of the present disclosure, the SMSF receives K from the SEAF SMSF K based on the key SMSF-NASint Key and / or K SMSF-NASenc Keys can be derived. For example, the SMSF has K in the KDF. SMSF By inputting an algorithm type distinguisher value and an algorithm identifier value to distinguish or identify the key and the type of key to be derived, K SMSF-NASint Key and / or K SMSF-NASenc The key can be derived.

[0323] According to one embodiment of the present disclosure, the Algorithm Type Distinguisher value is K, which is a key for checking the integrity of an SMS type NAS message. SMSF-NASint It can be set as a value for deriving a key. For example, the Algorithm Type Distinguisher value can be set to an N-NAS-int-alg value. Additionally, the Algorithm Type Distinguisher value is K, which is the key for encrypting SMS-type NAS messages. SMSF-NASencIt can be set as a value for deriving the key. For example, the Algorithm Type Distinguisher value can be set to N-NAS-enc-alg. Additionally, the Algorithm Identifier value can be set to Alg-ID, which is the ID of the corresponding algorithm.

[0324] FIG. 27 illustrates a process for generating a NAS key corresponding to an LMF entity according to one embodiment of the present disclosure. Referring to FIG. 27, K, a key for checking the integrity of an LCS type NAS message, LMF-NASint and K, the key for encrypting LCS type NAS messages LMF-NASenc The key is K received from SEAF LMF It can be derived from the key.

[0325] According to one embodiment of the present disclosure, SEAF includes the terminal's SUPI value, ABBA-LMF value, and K in the Key Derivation Function (KDF). SEAF Enter a key to get K as the output value of the KDF LMF The key can be derived.

[0326] According to one embodiment of the present disclosure, LMF is K received from SEAF LMF K based on the key LMF-NASint Key and / or K LMF-NASenc Keys can be derived. For example, LMF has K in KDF LMF By inputting an algorithm type distinguisher value and an algorithm identifier value to distinguish or identify the key and the type of key to be derived, K LMF-NASint Key and / or K LMF-NASenc The key can be derived.

[0327] According to one embodiment of the present disclosure, the Algorithm Type Distinguisher value is K, which is a key for checking the integrity of an LCS type NAS message. LMF-NASintIt can be set as a value for deriving a key. For example, the Algorithm Type Distinguisher value can be set to an N-NAS-int-alg value. Additionally, the Algorithm Type Distinguisher value is K, which is the key for encrypting NAS messages of the LCS type. LMF-NASenc It can be set as a value for deriving the key. For example, the Algorithm Type Distinguisher value can be set to N-NAS-enc-alg. Additionally, the Algorithm Identifier value can be set to Alg-ID, which is the ID of the corresponding algorithm.

[0328] FIG. 28 illustrates the process of generating a NAS key in a terminal (user equipment) according to one embodiment of the present disclosure.

[0329] Referring to FIG. 28, the terminal can obtain a NAS key corresponding to a plurality of network entities and a key for integrity checking and / or encryption of a NAS message corresponding to a plurality of network entities.

[0330] For example, as mentioned above, the terminal is, K AMF , K SMF , K PCF , K SMSF , or K LMF At least one of these can be derived. Additionally, the terminal has K, a key for verifying the integrity of the NAS message. AMF-NASint, K SMF-NASint , K PCF-NASint, K SMSF-NASint , or K LMF-NASint respectively K AMF , K SMF , K PCF , K SMSF , or K LMF It can be derived from the key. In addition, the terminal uses K, which is the key for encrypting NAS messages. AMF-NASenc, K SMF-NASenc , K PCF-NASenc, K SMSF-NASenc , or KLMF-NASenc Each key K AMF , K SMF , K PCF , K SMSF , or K LMF It can be derived from the key.

[0331] According to one embodiment of the present disclosure, a terminal has at least one of an ABBA-AMF, ABBA-SMF, ABBA-PCF, ABBA-SMSF, or ABBA-LMF value received from a SEAF, a SUPI value of the terminal, and K SEAF Input the key value into the KDF (Key Distribution Function) to K AMF , K SMF , K PCF , K SMSF , or K LMF The key can be derived.

[0332] According to one embodiment of the present disclosure, the terminal is K AMF K based on the key AMF-NASint Key and / or K AMF-NASenc The key can be derived. For example, the terminal has K in the KDF. AMF Input the key, the Algorithm Type Distinguisher value for the type of key to be derived, and the Algorithm Identifier value to derive K AMF-NASint Key and / or K AMF-NASenc The key can be derived.

[0333] According to one embodiment of the present disclosure, the Algorithm Type Distinguisher value is K, which is a key for checking the integrity of a NAS message of type MM. AMF-NASint It can be set as a value for deriving a key. For example, the Algorithm Type Distinguisher value can be set to an N-NAS-int-alg value. Additionally, the Algorithm Type Distinguisher value is K, which is the key for encrypting NAS messages of type MM. AMF-NASencIt can be set as a value for deriving the key. For example, the Algorithm Type Distinguisher value can be set to N-NAS-enc-alg. Additionally, the Algorithm Identifier value can be set to Alg-ID, which is the ID of the corresponding algorithm.

[0334] According to one embodiment of the present disclosure, the terminal is K SMF K based on the key SMF-NASint Key and / or K SMF-NASenc The key can be derived. For example, the terminal has K in the KDF. SMF Input the key, an algorithm type distinguisher value for distinguishing or identifying the type of key to be derived, and an algorithm identifier value to K SMF-NASint Key and / or K SMF-NASenc The key can be derived.

[0335] According to one embodiment of the present disclosure, the Algorithm Type Distinguisher value is K, which is a key for checking the integrity of an SM type NAS message. SMF-NASint It can be set as a value for deriving a key. For example, the Algorithm Type Distinguisher value can be set to an N-NAS-int-alg value. Additionally, the Algorithm Type Distinguisher value is K, which is the key for encrypting an SM type NAS message. SMF-NASenc It can be set as a value for deriving a key. For example, the Algorithm Type Distinguisher value can be set as an N-NAS-enc-alg value. Additionally, the Algorithm Identifier value can be set as an Alg-ID, which is the ID of the corresponding algorithm. According to one embodiment of the present disclosure, the terminal K PCF K based on the key PCF-NASint Key and / or K PCF-NASencThe key can be derived. For example, the terminal has K in the KDF. PCF By inputting an algorithm type distinguisher value and an algorithm identifier value to distinguish or identify the key and the type of key to be derived, K PCF-NASint Key and / or K PCF-NASenc The key can be derived.

[0336] According to one embodiment of the present disclosure, the Algorithm Type Distinguisher value is K, which is a key for checking the integrity of a NAS message of UE Policy type. PCF-NASint It can be set as a value for deriving a key. For example, the Algorithm Type Distinguisher value can be set to the N-NAS-int-alg value. Additionally, the Algorithm Type Distinguisher value is K, which is the key for encrypting NAS messages of the UE Policy type. PCF-NASenc It can be set as a value for deriving the key. For example, the Algorithm Type Distinguisher value can be set to N-NAS-enc-alg. Additionally, the Algorithm Identifier value can be set to Alg-ID, which is the ID of the corresponding algorithm.

[0337] According to one embodiment of the present disclosure, the terminal is K SMSF K based on the key SMSF-NASint Key and / or K SMSF-NASenc The key can be derived. For example, the terminal has K in the KDF. SMSF Input the key, the Algorithm Type Distinguisher value for the type of key to be derived, and the Algorithm Identifier value to derive K SMSF-NASint Key and / or K SMSF-NASenc The key can be derived.

[0338] According to one embodiment of the present disclosure, the Algorithm Type Distinguisher value is K, which is a key for checking the integrity of an SMS type NAS message. SMSF-NASint It can be set as a value for deriving a key. For example, the Algorithm Type Distinguisher value can be set to an N-NAS-int-alg value. Additionally, the Algorithm Type Distinguisher value is K, which is the key for encrypting SMS-type NAS messages. SMSF-NASenc It can be set as a value for deriving the key. For example, the Algorithm Type Distinguisher value can be set to N-NAS-enc-alg. Additionally, the Algorithm Identifier value can be set to Alg-ID, which is the ID of the corresponding algorithm.

[0339] According to one embodiment of the present disclosure, the terminal is K LMF K based on the key LMF-NASint Key and / or K LMF-NASenc The key can be derived. For example, the terminal has K in the KDF. LMF Input the key, the Algorithm Type Distinguisher value for the type of key to be derived, and the Algorithm Identifier value to derive K LMF-NASint Key and / or K LMF-NASenc The key can be derived.

[0340] According to one embodiment of the present disclosure, the Algorithm Type Distinguisher value is K, which is a key for checking the integrity of an LCS type NAS message. LMF-NASint It can be set as a value for deriving a key. For example, the Algorithm Type Distinguisher value can be set to an N-NAS-int-alg value. Additionally, the Algorithm Type Distinguisher value is K, which is the key for encrypting NAS messages of the LCS type. LMF-NASencIt can be set as a value for deriving the key. For example, the Algorithm Type Distinguisher value can be set to N-NAS-enc-alg. Additionally, the Algorithm Identifier value can be set to Alg-ID, which is the ID of the corresponding algorithm.

[0341] FIG. 29 illustrates a flowchart of an operation performed by a first network entity according to one embodiment of the present disclosure.

[0342] The first network entity of FIGS. 29 to 30 may correspond to a network entity including a SEAF according to various embodiments of the present disclosure described above. For example, the first network entity may include an AMF, but is not limited thereto. For example, the first network entity may be a network entity corresponding to a SEAF. Additionally, the second network entity of FIGS. 29 to 30 may include a network entity that performs a function for mutual authentication between a terminal and a network. For example, the second network entity may include the aforementioned AUSF entity, but is not limited thereto.

[0343] In step 2910, the first network entity may receive first information for generating a primary key from the second network entity. According to one embodiment of the present disclosure, the first network entity may receive first information for generating a primary key used to derive at least one security key from the second network entity.

[0344] According to one embodiment of the present disclosure, the primary key is a SEAF key (K SEAFIt may include ). Here, 'at least one security key' may include at least one of the aforementioned NAS key or AS key. Additionally, the first information may include a random challenge (RAND) and an authentication token (AUTH) for mutual authentication between the terminal and the network. The RAND and AUTH are the aforementioned SEAF key (K SEAF AUSF key(K) to derive ) AUSF It can be used to generate ).

[0345] In step 2920, the first network entity may provide the terminal with the first information and the second information for generating a NAS (non-access stratum) key through a base station.

[0346] According to one embodiment of the present disclosure, the second information may include information for generating a non-access stratum (NAS) key. For example, the second information may include a plurality of parameters for generating a plurality of NAS keys corresponding to a plurality of network entities and identification information for distinguishing the plurality of NAS keys, but is not limited thereto. For example, the second information may include information used by a terminal and a plurality of network entities to derive a plurality of NAS keys identically, and information for distinguishing the plurality of NAS keys. The information used by a terminal and a plurality of network entities to derive a plurality of NAS keys identically may include at least one of the aforementioned ABBA-AMF, ABBA-SMF, ABBA-PCF, ABBA-SMSF, or ABBA-LMF, but is not limited thereto. The information for distinguishing the plurality of NAS keys may include at least one of the aforementioned KSI-AMF, KSI-SMF, KSI-PCF, KSI-SMSF, or KSI-LMF, but is not limited thereto.

[0347] According to one embodiment of the present disclosure, a plurality of parameters for generating a plurality of NAS keys may be composed of a list. For example, the second information may include a list of ABBA including at least two of ABBA-AMF, ABBA-SMF, ABBA-PCF, ABBA-SMSF, or ABBA-LMF. Additionally, for example, the second information may include a list of KSI including at least two of KSI-AMF, KSI-SMF, KSI-PCF, KSI-SMSF, or KSI-LMF.

[0348] In step 2930, the first network entity may receive a primary key generated based on the first information from the second network entity. As previously mentioned, the primary key is a SEAF key (K SEAF It may include ). For example, the first network entity may include an AUSF key (K from the second network entity. AUSF Can receive a SEAF key derived from ).

[0349] In step 2940, the first network entity can acquire multiple NAS keys corresponding to multiple network entities based on the primary key.

[0350] According to one embodiment of the present disclosure, the first network entity is K SEAF From this, multiple NAS keys corresponding to multiple network entities that transmit and receive NAS messages with a terminal can be derived. For example, the first network entity is K SEAF From K AMF, K SMF, K PCF, K SMSF, and K LMF It can derive.

[0351] In step 2950, ​​the first network entity may transmit to each of the plurality of network entities a NAS key corresponding to each of the plurality of network entities among the plurality of NAS keys. For example, the first network entity transmits K to the AMF entity. AMF Send and , To the SMF Entity K SMF Send and , K to PCF entity PCF Send and , To the SMSF entity K SMSF Send and , and K to LMF entities LMF It can transmit.

[0352] According to one embodiment of the present disclosure, a plurality of NAS keys transmitted to a plurality of network entities may be used to derive at least one of a NAS integrity key for checking the integrity of a NAS message or a NAS encryption key for encrypting a NAS message. For example, K AMF is K NAS_AMF_int and / or K NAS_AMF_enc It can be used to derive. For example, K SMF Is K NAS_SMF_int and / or K NAS_SMF_enc It can be used to derive. For example, K PCF is K NAS_PCF_int and / or K NAS_PCF_enc It can be used to derive. For example, K SMSF is K NAS_SMSF_int and / or K NAS_SMSF_enc It can be used to derive. For example , K LMF is K NAS_LMF_int and / or K NAS_LMF_enc It can be used to derive.

[0353] FIG. 30 illustrates a flowchart of an operation performed by a terminal according to one embodiment of the present disclosure.

[0354] In step 3010, the terminal may receive from the base station first information for generating a primary key and second information for generating a NAS key. In step 3010, the primary key may correspond to the primary key described above with reference to step 2910 of FIG. 29. For example, the primary key is the aforementioned SEAF key (K SEAF It may include ). Additionally, in step 3010, the first information and the second information may correspond to the first information of step 2910 of FIG. 29 and the second information of step 2920, respectively. For example, the first information may include information for generating a primary key used to derive at least one security key. For example, the second information may include information for generating a non-access stratum (NAS) key.

[0355] According to one embodiment of the present disclosure, the terminal may be provided with first information and second information from SEAF. For example, the terminal may receive from a base station an authentication request included in a downlink NAS message transmitted from SEAF to the base station.

[0356] In step 3020, the terminal can generate a primary key based on the first information. For example, the terminal can generate an AUSF key (K AUSF A SEAF key can be derived from ). That is, the terminal can independently derive a SEAF key, just like an AUSF entity.

[0357] In step 3030, the terminal can obtain multiple NAS keys corresponding to multiple network entities based on the primary key.

[0358] According to one embodiment of the present disclosure, a terminal has a plurality of NAS keys corresponding to a plurality of network entities that transmit and receive NAS messages with the terminal. SEAF It can be derived from. For example, the terminal is K SEAF From K AMF, K SMF, K PCF, K SMSF, and K LMF It can derive.

[0359] According to one embodiment of the present disclosure, a plurality of NAS keys transmitted to a plurality of network entities may be used to derive at least one of a NAS integrity key for checking the integrity of a NAS message or a NAS encryption key for encrypting a NAS message. For example, K AMF is K NAS_AMF_int and / or K NAS_AMF_enc It can be used to derive. For example, K SMF Is K NAS_SMF_int and / or K NAS_SMF_enc It can be used to derive. For example, K PCF is K NAS_PCF_int and / or K NAS_PCF_enc It can be used to derive. For example, K SMSF is K NAS_SMSF_int and / or K NAS_SMSF_enc It can be used to derive. For example , K LMF is K NAS_LMF_int and / or K NAS_LMF_enc It can be used to derive. That is, the terminal can independently obtain a key for integrity verification and / or encryption of a NAS message in the same way as multiple network entities.

[0360] FIG. 31 is a block diagram of a terminal or user equipment (3100) according to one embodiment of the present disclosure.

[0361] The terminal (3100) is an electronic device capable of wireless communication and may include user equipment (UE), mobile phones, smartphones, tablets, Internet of Things (IoT) devices having various form factors, and can perform wireless communication with a base station through a wireless channel.

[0362] Referring to FIG. 31, the terminal (3100) may include at least one transceiver (3101) (hereinafter, transceiver), at least one processor (3102) (hereinafter, processor), and at least one memory (3103) (hereinafter, memory). According to at least one or a combination thereof of methods corresponding to embodiments of the present disclosure, the transceiver (3101), processor (3102), and memory (3103) of the terminal (3100) may be operated. However, the components of the terminal (3100) are not limited to the examples of components shown in FIG. 31. In other embodiments, the terminal (3100) may include additional components in addition to the aforementioned components, or some components may be omitted. Also, in some embodiments, any combination of the transceiver (3101), processor (3102), or memory (3103) may be integrated into a single component.

[0363] The transceiver (3101) may be a basic communication circuit or communication circuitry that enables the terminal (3100) to perform wireless communication with a node or entity of a network. For example, the transceiver (3101) may enable the terminal (3100) to transmit and receive signals to and from a base station via cellular wireless communication, or to transmit and receive signals to and from another terminal via cellular wireless communication. For example, the transceiver (3101) may be 3G (3rd generation), 4G (4th generation), LTE (long-term evolution), 5G (5th generation), NR (new radio), 6G (6th It can support at least one of various cellular wireless communication technologies including generation), and the various cellular wireless communication technologies supported by the transceiver (3101) may include all subsequent evolved generations of wireless communication.

[0364] According to one embodiment, the terminal (3100) may include a plurality of transceivers, and for example, when supporting EN-DC (E-UTRA (evolved-universal terrestrial radio access) - NR dual connectivity), it may include a first transceiver supporting 4G LTE wireless communication and a second transceiver supporting 5G NR wireless communication. According to another embodiment, when the terminal (3100) supports NR-DC (NR Dual Connectivity), the terminal (3100) may include a plurality of transceivers supporting 5G NR wireless communication. According to another embodiment, if the terminal (3100) supports short-range wireless communication, the terminal (3100) may separately include a transceiver that supports at least one of a group of wireless communication protocol standards such as those defined by Bluetooth®, wireless LAN or WLAN (wireless local area network) network (including, but not limited to, 802.11ah, 802.11ad, 802.11ay, 802.11ax, 802.11az, 802.11ba and 802.11be).

[0365] According to one embodiment, the transceiver (3101) may include various circuit structures used to transmit and receive signals to and from a base station via a wireless channel. The signals may include control information and data. For example, the transceiver (3101) may be configured to include a radio frequency (RF) transmitter that up-converts and amplifies the frequency of a transmitted signal, and an RF receiver that low-noise amplifies a received signal and down-converts the frequency. The transceiver (3101) may output the signal received via the wireless channel to a processor (3102) and transmit the signal output from the processor (3102) via the wireless channel.

[0366] The processor (3102) can control the overall operation of the terminal (3100) according to an embodiment of the present disclosure. The processor (3102) may be implemented as one or more IC (integrated circuit (or circuitry)) chips and may perform various data processing operations. The processor (3102) may include at least one electrical circuit and may execute instructions (or programs, code, data, etc.) stored in memory (3103) individually, collectively, or in any combination. Additionally, the processor (3102) may include a single-core processor or a multi-core processor, and in a specific implementation, may be composed of a processor assembly including a plurality of processing circuits.

[0367] The processor (3102) is electrically, operatively, or communicatively coupled to the transceiver (3101) so as to control the transceiver (3101).

[0368] The processor (3102) may include at least one processor (or, processing circuitry), and at least one processor may perform the following operations individually, collectively, or in any combination. For example, the processor (3102) may include a communication processor (CP) that controls communication operations and an application processor (AP) that controls the execution of an upper layer (e.g., an application layer). In a specific embodiment, at least one part of the processor (3102) may be included in one chip, and another part of the processor (3102) may be included in a separate chip. Alternatively, at least one processor may be included in other components, e.g., a transceiver (3101) or a memory (3103).

[0369] The processor (3102) may perform, cause, or control the operation of a terminal to perform at least one or a combination of the methods according to the embodiments of the present disclosure. For example, the processor (3102) may control the operation of a terminal to process a downlink signal received from a base station or to generate an uplink signal and transmit it to a base station. To this end, the processor (3102) may control other components of the terminal (3100) to perform various operations by executing computer programs, code, or instructions stored in memory (3103).

[0370] Memory (3103) is a hardware storage device capable of storing information temporarily or permanently and may include one or more storage media. For example, memory (3103) may include a memory assembly comprising one or more storage media. For example, the one or more storage media may include a hard drive, flash memory, permanent memory such as ROM (read-only memory), semipermanent memory such as RAM (random access memory), cache memory, or any combination thereof.

[0371] The memory (3103) can be electrically, operatively, or communically coupled with the processor (3102) and can be accessed by the processor (3102).

[0372] A computer program, code, or instruction that can be executed by a processor (3102) may be stored in the memory (3103). According to one embodiment, the computer program, code, or instruction that can be executed by the processor (3102) may be stored in a single memory device or may be separated and distributed across two or more memory devices. The processor (3102) may perform various functions according to the embodiments of the present disclosure by executing the instruction stored in the memory (3103).

[0373] According to one embodiment of the present disclosure, the operation of the terminal (3100) may be caused to be performed based on at least one processor (or processing circuit) configured to perform the features of the present disclosure individually, collectively, or in any combination based on the execution of instructions (or computer program or code) stored in memory (3103), based on processing circuitry not configured to execute instructions, and / or based on components of a processing circuitry not configured to execute instructions.

[0374] FIG. 32 is a block diagram of a base station (3200) according to one embodiment of the present disclosure.

[0375] The base station (3200) can perform wireless communication with at least one terminal within the area of ​​the base station (3200) through a wireless channel.

[0376] Referring to FIG. 32, a base station (3200) may include at least one transceiver (3201) (hereinafter, transceiver), at least one processor (3202) (hereinafter, processor), and at least one memory (3203) (hereinafter, memory). According to at least one or a combination thereof of methods corresponding to embodiments of the present disclosure, the transceiver (3201), processor (3202), and memory (3203) of the base station (3200) may be operated. However, the components of the base station (3200) are not limited to the examples of components shown in FIG. 32. In other embodiments, the base station (3200) may include additional components in addition to the aforementioned components, or some components may be omitted. Also, in some embodiments, any combination of the transceiver (3201), processor (3202), or memory (3203) may be integrated into a single component.

[0377] The transceiver (3201) may be a communication circuit or communication circuitry that enables the base station (3200) to perform wireless communication with a node or entity of the network. For example, the transceiver (3201) may enable the base station (3200) to transmit and receive signals with a terminal (X00) via cellular wireless communication or to transmit and receive signals with another network entity via wireless communication. For example, the transceiver (3201) may be 3G (3rd generation), 4G (4th generation) LTE (long-term evolution), 5G (5th generation) NR (new radio), 6G (6th generation) Various cellular wireless communication technologies, including (generation), etc., can be supported, and the various cellular wireless communication technologies supported by the transceiver (3201) may include all subsequent evolved generations of wireless communication. According to one embodiment, the transceiver (3201) may include various circuit structures used to transmit and receive signals to and from a terminal through a wireless channel. The signals may include control information and data. For example, the transceiver (3201) may be configured to include an RF (radio frequency) transmitter that up-converts and amplifies the frequency of a transmitted signal, and an RF receiver that low-noise amplifies a received signal and down-converts the frequency. The transceiver (3201) may output the signal received through the wireless channel to a processor (3202) and transmit the signal output from the processor (3202) through the wireless channel.

[0378] Meanwhile, according to one embodiment of the present disclosure, a base station (3200) may communicate with an entity or node of a network via wired or wireless communication. For example, the base station (3200) may communicate via wired or wireless communication with an entity or node of an adjacent base station or core network via a backhaul network. Although not shown in the drawings, when the base station (3200) performs wired communication, the base station (3200) may include a separate network interface for wired communication in addition to the transceiver (3201). The network interface may be referred to as network interface circuitry, communication interface circuitry, etc.

[0379] According to one embodiment of the present disclosure, a base station (1400) may further include at least one network interface for transmitting and receiving signals with network entities that perform network functions of a core network. For example, the base station (1400) may include the aforementioned service-based interface (SBI). The network interface may operate using various protocols (e.g., the Non-Access Stratum (NAS) protocol). Depending on the convenience of description and technical implementation, the network interface may be referred to as a communication circuitry, a network interface circuitry, or a communication interface circuitry.

[0380] The processor (3202) can control the overall operation of the base station (3200) according to an embodiment of the present disclosure. The processor (3202) may be implemented as one or more IC (integrated circuit or circuitry) chips and may perform various data processing operations. The processor (3202) may include at least one electrical circuit and may execute instructions (or programs, code, data, etc.) stored in memory (3203) individually, collectively, or in any combination. Additionally, the processor (3202) may include a single-core processor or a multi-core processor, and in a specific implementation, may be composed of a processor assembly including a plurality of processing circuits.

[0381] The processor (3202) is electrically, operatively, or communicatively coupled to the transceiver (3201) so as to control the transceiver (3201).

[0382] The processor (3202) may include at least one processor (or processor circuitry), and at least one processor may perform the following operations individually, collectively, or in any combination. In a particular embodiment, at least one part of the processor (3202) may be included in one chip, and another part of the processor (3202) may be included in a separate chip. Alternatively, at least one processor may be included in other components, such as a transceiver (3201) or memory (3203).

[0383] The processor (3202) may perform, cause, or control the operation of a base station to execute at least one or a combination of methods according to embodiments of the present disclosure. For example, the processor (3202) may control the operation of a base station to generate a downlink signal and transmit it to a terminal, or to process an uplink signal received from a terminal. Alternatively, the base station may transmit and receive signals with an adjacent base station, transmit a signal received from a terminal to an upper node of the network, or receive a signal from an upper node of the network and transmit it to a terminal. To this end, the processor (3202) may control other components of the base station (3200) to perform various operations by executing computer programs, codes, and instructions stored in memory (3203).

[0384] Memory (3203) is a hardware storage device capable of storing information temporarily or permanently and may include one or more storage media. For example, memory (3203) may include a memory assembly comprising one or more storage media. For example, the one or more storage media may include a hard drive, flash memory, permanent memory such as ROM (read-only memory), semi-permanent memory such as RAM (random access memory), cache memory, or any combination thereof.

[0385] The memory (3203) may be electrically, operatively, or communically coupled with the processor (3202) and may be accessed by the processor (3202).

[0386] A computer program, code, or instruction that can be executed by a processor (3202) may be stored in the memory (3203). According to one embodiment, the computer program, code, or instruction that can be executed by the processor (3202) may be stored in a single memory device or may be separated and distributed among two or more memory devices. The processor (3202) may perform various functions according to the embodiments of the present disclosure by executing the instruction stored in the memory (3203).

[0387] According to one embodiment of the present disclosure, the operation of a base station (3200) may be caused to be performed based on at least one processor (or processing circuit) configured to perform the features of the present disclosure individually, collectively, or in any combination based on the execution of instructions (or computer program or code) stored in memory (3203), based on processing circuitry not configured to execute instructions, and / or based on components of a processing circuitry not configured to execute instructions.

[0388] A terminal or a base station can perform various communication procedures related to the control plane or user plane by interacting with network entities based on communication through a wireless channel. For example, a terminal can communicate with network entities such as an access and mobility management function (AMF) or a session management function (SMF) through a base station. Alternatively, the base station can perform at least one communication procedure by directly transmitting and receiving signals or relaying them with network entities. The structure of the above-mentioned network entities will be explained in more detail through the drawings below.

[0389] FIG. 33 is a block diagram of a network entity (3300) that performs network functions according to one embodiment of the present disclosure.

[0390] A network entity (3300) may include one or more network functions (NF) that constitute a core network (e.g., 5G (5th generation) core, 5GC) in a communication system, or entities (devices, devices, nodes, or servers, etc.) that perform part of a network function. In this case, multiple NFs may be implemented within a single network entity, or a single NF may be distributed and implemented across multiple network entities. Additionally, when an NF is implemented within a network entity, the NF may be implemented in the form of software, and in such cases, a program for running the NF may be loaded into the memory of the network entity (3300).

[0391] A single NF can be implemented as one or more instances and can operate by being distributed across the same network entity or multiple network entities. Here, the instance is a software unit that logically executes a specific network function and may be separate from physical hardware resources. Additionally, one or more NFs may be implemented as a single network slice to operate in order to satisfy the specifications required by a specific service.

[0392] The above NF may include any one of an access and mobility management function (AMF), a session management function (SMF), a local session management function (L-SMF), a user plane function (UPF), a local user plane function (L-UPF), a policy control function (PCF), unified data management (UDM), a unified data repository (UDR), a network exposure function (NEF), a network repository function (NRF), an application function (AF), a network slice selection function (NSSF), a network data analytics function (NWDAF), a network slice admission control function (NSACF), an authentication server function (AUSF), or a data network (DN).

[0393] Referring to FIG. 33, a network entity (3300) may include at least one network interface (3301), at least one processor (3302) (hereinafter referred to as processor), and at least one memory (3303) (hereinafter referred to as memory). As described above, the NF may be implemented in the form of a physical device such as the network entity (3300), or may be implemented and executed in the form of a virtualized instance. When the NF is implemented in the form of an instance, it may not necessarily include physical components as illustrated in FIG. 33. In such cases, the instance may be composed of one or more logical functional units and may be logically represented.

[0394] According to at least one or a combination thereof of the methods corresponding to the embodiments of the present disclosure, the network interface (3301), processor (3302), and memory (3303) of the network entity (3300) may be operated. However, the components of the network entity (3300) are not limited to the examples of components shown in FIG. 33. In other embodiments, the network entity (3300) may include additional components in addition to the aforementioned components, or some components may be omitted. Also, in one embodiment, the network interface (3301), processor (3302), or memory (3303) may be implemented as a single component.

[0395] The network interface (3301) is a collective term for the transmitting and receiving parts of a network entity and may be a communication circuit for transmitting and receiving signals with a terminal (user equipment, UE), a base station, or other network entities. In this case, the communication circuit may include both a communication circuit for wireless communication and a communication circuit for wired communication. For example, the network interface (3301) may include circuits, logic, hardware, etc. configured to exchange control plane messages or user plane messages with a terminal, a base station, or other core network entities via wireless or wired communication. The network interface (3301) may operate using various protocols (e.g., NAS (Non-Access Stratum) protocol). Depending on the convenience of explanation and technical implementation, the network interface (3301) may be referred to as a communication circuitry, a network interface circuitry, or a communication interface circuitry.

[0396] The processor (3302) may control the overall operation of the network entity (3300) according to an embodiment of the present disclosure. In one embodiment, the processor (3302) may be implemented as one or more IC (integrated circuit or circuitry) chips and may execute various data processing operations. The processor (3302) may include at least one electrical circuit and may execute instructions (or programs, code, data, etc.) stored in memory (3303) individually, collectively, or in any combination. Additionally, the processor (3302) may include a single-core processor or a multi-core processor, and in a specific implementation, may be composed of a processor assembly including a plurality of processing circuits. Additionally, it should be noted that the processor (3302) may not necessarily be composed of physical hardware when the network function (3300) is implemented in an instance form according to another embodiment.

[0397] According to one embodiment, the processor (3302) is electrically, operatively, or communicatively coupled to the network interface (3301) so as to control the network interface (3301).

[0398] The processor (3302) may include at least one processor (or processor circuitry), and at least one processor may perform the following operations individually, collectively, or in any combination. In a specific embodiment, at least one part of the processor (3302) may be included in one chip, and another part of the processor (3302) may be included in a separate chip. Alternatively, at least one processor may be included in other components, such as a network interface (3301) or memory (3303).

[0399] The processor (3302) may perform or control the operation of a network entity (3300) to perform at least one or a combination thereof of the methods according to the embodiments of the present disclosure. For example, the processor (3302) may control the operation of the network entity (3300) to exchange control plane messages or user plane messages with terminals, base stations, or other core network entities via wireless or wired communication using various protocols (e.g., NAS protocols). To this end, the processor (3302) may control other components of the network entity (3300) to perform various operations by executing computer programs, code, or instructions stored in memory (3303).

[0400] Memory (3303) is a hardware storage device capable of storing information temporarily or permanently and may include one or more storage media. For example, memory (3303) may include a memory assembly comprising one or more storage media. For example, the one or more storage media may include a hard drive, flash memory, permanent memory such as ROM (read-only memory), semipermanent memory such as RAM (random access memory), cache memory, or any combination thereof.

[0401] According to one embodiment, the memory (3303) may be electrically, operatively, or communically coupled with the processor (3302) and may be accessed by the processor (3302).

[0402] A computer program, code, or instruction that can be executed by a processor (3302) may be stored in the memory (3303). According to one embodiment, the computer program, code, or instruction that can be executed by the processor (3302) may be stored in a single memory or separated and distributed across two or more memories. The processor (3302) may perform various functions according to the embodiments of the present disclosure by executing the instruction stored in the memory (3303).

[0403] According to one embodiment of the present disclosure, the operation of a network entity (3300) may be caused to be performed based on at least one processor (or processing circuit) configured to perform the features of the present disclosure individually, collectively, or in any combination based on the execution of instructions (or computer program or code) stored in memory (3303), based on a processing circuitry not configured to execute instructions, and / or based on a component of a processing circuitry not configured to execute instructions.

[0404] Meanwhile, although specific embodiments have been described in the detailed description of the present disclosure, it is understood that various modifications are possible within the scope of the present disclosure. Therefore, the scope of the present disclosure should not be limited to the described embodiments, but should be defined by the claims set forth below as well as equivalents thereof.

Claims

A method performed by a first network entity that performs a function related to a security key in a wireless communication system, wherein the method comprises: A step of receiving first information for generating a base key used to derive at least one security key from a second network entity that performs a function for mutual authentication of a terminal (user equipment) and a network; A step of providing the terminal with first information and second information for generating a NAS (non-access stratum) key through a base station; A step of receiving the primary key generated based on the first information from the second network entity; A step of obtaining a plurality of NAS keys corresponding to a plurality of network entities based on the above primary key; and A method comprising the step of transmitting each of the plurality of NAS keys to each of the corresponding plurality of network entities. In Article 1, The above base station is configured to transmit and receive NAS messages with the plurality of network entities through a service-based interface (SBI), and A method in which the plurality of NAS keys are used to derive at least one of a NAS integrity key for checking the integrity of the NAS message or a NAS encryption key for encrypting the NAS message. In Article 1, The first network entity is a security anchor function (SEAF) or an access and mobility management function (AMF) entity including the SEAF, and The above second network entity includes an AUSF (authentication server function) entity, and The above primary key is a SEAF key (K SEAF A method including ). In Paragraph 3, The first information above includes a random challenge (RAND) and an authentication token (AUTH) for mutual authentication between the terminal and the network, and The above RAND and the above AUTH are the above SEAF key (K SEAF AUSF key(K) to derive ) AUSF A method used to generate ). A method according to claim 1, wherein the second information comprises a plurality of parameters for generating a plurality of NAS keys corresponding to the plurality of network entities and identification information for distinguishing the plurality of NAS keys. A method according to claim 5, wherein the plurality of parameters are composed of a list. In claim 1, the method is: A step of deriving an AS (access stratum) key based on the above primary key; and A method further comprising the step of transmitting the derived AS key to the base station. In Article 7, The above AS key is an RRC encryption key (K) used for encrypting signals at the RRC (radio resource control) layer. RRCenc ), RRC integrity key (K) used to check the integrity of the signal in the above RRC layer RRCint ), user plane encryption key (K) used for encrypting user plane data UPenc ), or a user plane integrity key (K) used to check the integrity of the above user plane data UPint A method used to derive at least one of ). In a method performed by a terminal (user equipment) in a wireless communication system, the method is: A step of receiving from a base station first information for generating a base key used to derive at least one security key and second information for generating a non-access stratum (NAS) key; A step of generating the primary key based on the first information above; and A method comprising the step of obtaining multiple NAS keys corresponding to multiple network entities based on the above primary key. In Article 9, The above base station is configured to transmit and receive NAS messages with the plurality of network entities through a service-based interface (SBI), and A method in which the plurality of NAS keys are used to derive at least one of a NAS integrity key for checking the integrity of the NAS message or a NAS encryption key for encrypting the NAS message. In Article 9, The above first information and the above second information are provided from a first network entity that performs functions related to a security key, and A method in which the first information is provided to the first network entity from a second network that performs a function for mutual authentication between the terminal and the core network. In Article 11, The first network entity is a security anchor function (SEAF) or an access and mobility management function (AMF) entity including the SEAF, and The above second network entity includes an AUSF (authentication server function) entity, and the primary key is a SEAF key (K SEAF A method including ). In Article 12, The first information above includes a random challenge (RAND) and an authentication token (AUTH) for authentication between the terminal and the core network, and The above RAND and the above AUTH are the above SEAF key (K SEAF AUSF key(K) to derive ) AUSF A method used to generate ). In a first network entity that performs functions related to a security key in a wireless communication system: At least one processor; and It includes at least one memory that is communicationally coupled to the above at least one processor and stores instructions, and The above instructions are executed individually or in any combination by the above at least one processor, so that the first network entity: Receiving first information for generating a base key used to derive at least one security key from a second network entity that performs a function for mutual authentication between a terminal (user equipment) and a network, and The above terminal is provided with first information and second information for generating a NAS (non-access stratum) key through a base station, and From the second network entity, the primary key generated based on the first information is received, and Based on the above primary key, obtain multiple NAS keys corresponding to multiple network entities, and A first network entity that transmits each of the above plurality of NAS keys to each of the corresponding plurality of network entities. In a wireless communication system, regarding the terminal (user equipment): At least one transceiver; At least one processor communicatively coupled to the above at least one transceiver; and It includes at least one memory that is communicationally coupled to the above at least one processor and stores instructions, and The above instructions are executed individually or in any combination by the above at least one processor, so that the terminal: Receiving from a base station first information for generating a base key used to derive at least one security key and second information for generating a NAS (non-access stratum) key, Generate the primary key based on the above first information, and A terminal that obtains multiple NAS keys corresponding to multiple network entities based on the above primary key.