Modular non-access stratum (NAS) handover
The solution for modular NAS handovers in 5G and 6G networks addresses the challenge of key management by allowing target NFs to acquire parent keys from a SKMF, enhancing security and flexibility in managing multiple NAS connections during handovers.
Patent Information
- Authority / Receiving Office
- WO · WO
- Patent Type
- Applications
- Current Assignee / Owner
- NOKIA TECHNOLOGIES OY
- Filing Date
- 2025-12-11
- Publication Date
- 2026-06-25
AI Technical Summary
Existing telecommunications systems face challenges in efficiently managing handovers in modular non-access stratum (NAS) architectures, particularly in 5G and 6G networks, where multiple NAS connections need to be relocated, and the source network function (NF) may not have complete knowledge of the keys used by the target NF, leading to suboptimal security context establishment.
The proposed solution involves acquiring parent keys for new NAS security contexts at the target NF by requesting them directly from a security key management function (SKMF) or deriving them from existing keys, allowing the target NF to establish secure connections independently, without relying on the source NF for key information.
This approach enhances security and flexibility in NAS handovers by enabling independent key management at the target NF, supporting multiple NAS connections and facilitating easier market adoption of new functions and UE types with tailored support for various use cases.
Smart Images

Figure IB2025062736_25062026_PF_FP_ABST
Abstract
Description
MODULAR NON-ACCESS STRATUM (NAS) HANDOVERTECHNOLOGICAL FIELD
[0001] The present disclosure relates generally to telecommunications and, in particular, to a modular non-access stratum (NAS) in a telecommunications system.BACKGROUND
[0002] A telecommunications system can be seen as a facility that enables communication sessions between two or more entities such as user terminals, base stations and / or other nodes by providing carriers between the various entities involved in the communications path. A telecommunications system can be provided for example by means of a communication network and one or more compatible communication devices. The communication sessions may comprise, for example, communication of data for carrying communications such as voice, video, electronic mail (email), text message, multimedia and / or content data and so on. Non-limiting examples of services provided comprise two-way or multi-way calls, data communication or multimedia services and access to a data network system, such as the Internet.
[0003] In a wireless telecommunications system, at least a part of a communication session between at least two stations occurs over a wireless link. Examples of wireless telecommunications systems comprise public land mobile networks (PLMN), satellite based communication systems and different wireless local networks, for example wireless local area networks (WLAN). Some wireless systems can be divided into cells, and are therefore often referred to as cellular systems.
[0004] A user can access the telecommunications system by means of an appropriate communication device or terminal. A communication device of a user may be referred to as user equipment (UE) or user device. A communication device is provided with an appropriate signal receiving and transmitting apparatus for enabling communications, for example enabling access to a communication network or communications directly with other users. The communication device may access a carrier provided by a station, for example a base station of a cell, and transmit and / or receive communications on the carrier.
[0005] The telecommunications system and associated devices typically operate in accordance with a given standard or specification which sets out what the various entities associated with the communication system are permitted to do and how operations should be achieved. Communication protocols and / or parameters which shall be used for connection of the various entities are also typically defined. One example of a telecommunications system is the Universal Mobile Telecommunications System (UMTS). Other examples of telecommunications systems are Long-Term Evolution (LTE), LTE Advanced and the so-called 5G or New Radio (NR) networks. NR is being standardized by the 3rd Generation Partnership Project (3GPP).BRIEF SUMMARY
[0006] Example implementations of the present disclosure are directed to telecommunications and, in particular, to a modular non-access stratum (NAS) in a telecommunications system. The present disclosure includes, without limitation, the following example implementations.
[0007] Some example implementations provide an apparatus comprising: at least one processor; and at least one memory storing instructions of a user equipment (UE), the instructions when executed by the at least one processor causing the apparatus to perform operations, the operations comprising: receiving a handover command to handover the UE from a source network function (NF) to a target NF, wherein the UE includes non-access stratum (NAS) modules associated with respective NAS connections terminated at respective NFs, and wherein the handover command includes a NAS container for a NAS module of the NAS modules that is associated with a NAS connection terminated at the source NF; routing the NAS container to the NAS module, wherein the NAS container includes information for the NAS connection and information for a new NAS connection to be associated with the NAS module and terminated at the target NF; and creating, at the NAS module, a new NAS security context for the new NAS connection based on the information for the NAS connection and the information for the new NAS connection in the NAS container.
[0008] Some example implementations provide a method performed by a user equipment (UE), the method comprising: receiving a handover command to handover the UE from a source network function (NF) to a target NF, wherein the UE includes non-access stratum (NAS) modules associated with respective NAS connections terminated at respective NFs, and wherein the handover command includes a NAS container for a NAS module of the NAS modules that is associated with a NAS connection terminated at the source NF; routing the NAS container to the NAS module, wherein the NAS container includes information for the NAS connection and information for a new NAS connection to be associated with the NAS module and terminated at the target NF; and creating, at the NAS module, a new NAS security context for the new NAS connection based on the information for the NAS connection and the information for the new NAS connection in the NAS container.
[0009] Some example implementations provide an apparatus comprising: at least one processor; and at least one memory storing instructions of a target network function (NF), the instructions when executed by the at least one processor causing the apparatus to perform operations, the operations comprising: receiving a request to create a user equipment (UE) context in association with a handover of a UE from a source NF to the target NF, wherein the UE includes non-access stratum (NAS) modules associated with respective NAS connections terminated at respective NFs, and the NAS modules include a NAS module associated with a NAS connection terminated at the source NF; creating a new NAS security context for a new NAS connection to be associated with the NAS module and terminated at the target NF; generating a NAS container including information that indicates a NAS type of the NAS module, and information for theNAS connection and information for the new NAS connection; and sending the NAS container toward the UE for the UE to route the NAS container to the NAS module based on the information that indicates the NAS type, and for the NAS module to create, at the new NAS security context and based on the information for the NAS connection and the information for the new NAS connection, the new NAS security context.
[0010] Some example implementations provide a method performed by a target network function (NF), the method comprising: receiving a request to create a user equipment (UE) context in association with a handover of a UE from a source NF to the target NF, wherein the UE includes non-access stratum (NAS) modules associated with respective NAS connections terminated at respective NFs, and the NAS modules include a NAS module associated with a NAS connection terminated at the source NF; creating a new NAS security context for a new NAS connection to be associated with the NAS module and terminated at the target NF; generating a NAS container including information that indicates a NAS type of the NAS module, and information for the NAS connection and information for the new NAS connection; and sending the NAS container toward the UE for the UE to route the NAS container to the NAS module based on the information that indicates the NAS type, and for the NAS module to create, at the new NAS security context and based on the information for the NAS connection and the information for the new NAS connection, the new NAS security context.
[0011] Some example implementations provide an apparatus comprising: at least one processor; and at least one memory storing instructions of a user equipment (UE), the instructions when executed by the at least one processor causing the apparatus to perform operations, the operations comprising: performing a non-access stratum (NAS) security mode procedure with a source network function (NF) to create a NAS connection that is for the UE and that is terminated at the source NF, wherein the UE includes a NAS module associated with the NAS connection; receiving, from the source NF, information that indicates a NAS correlation identifier that identifies the NAS connection terminated at the source NF; receiving a security mode command to trigger a NAS security mode procedure with the target NF in association with a handover of the UE from the source NF to the target NF, the security mode command including the information that indicates the NAS correlation identifier; and creating, based on the information that indicates the NAS correlation identifier, a new NAS security context for a new NAS connection to be associated with the NAS module and terminated at the target NF.
[0012] Some example implementations provide a method performed by a user equipment (UE), the method comprising: performing a non-access stratum (NAS) security mode procedure with a source network function (NF) to create a NAS connection that is for the UE and that is terminated at the source NF, wherein the UE includes a NAS module associated with the NAS connection; receiving, from the source NF, information that indicates a NAS correlation identifier that identifies the NAS connection terminated at the source NF; receiving a security mode command to trigger a NAS security mode procedure with thetarget NF in association with a handover of the UE from the source NF to the target NF, the security mode command including the information that indicates the NAS correlation identifier; and creating, based on the information that indicates the NAS correlation identifier, a new NAS security context for a new NAS connection to be associated with the NAS module and terminated at the target NF.
[0013] Some example implementations provide an apparatus comprising: at least one processor; and at least one memory storing instructions of a source network function (NF), the instructions when executed by the at least one processor causing the apparatus to perform operations, the operations comprising: performing a non-access stratum (NAS) security mode procedure with a user equipment (UE) to create a NAS connection that is for the UE and that is terminated at the source NF, wherein the UE includes a NAS module associated with the NAS connection; sending, to the UE, information that indicates a NAS correlation identifier that identifies the NAS connection terminated at the source NF; selecting a target NF for a handover of the UE from the source NF to the target NF; and sending a request to transfer a NF context to the target NF in association with the handover, the request to transfer the NF context including: the information that indicates the NAS correlation identifier, and information that indicates a parent key for a new NAS connection to be to be associated with the NAS module and terminated at the target NF.
[0014] Some example implementations provide a method performed by a source network function (NF), the method comprising: performing a non-access stratum (NAS) security mode procedure with a user equipment (UE) to create a NAS connection that is for the UE and that is terminated at the source NF, wherein the UE includes a NAS module associated with the NAS connection; sending, to the UE, information that indicates a NAS correlation identifier that identifies the NAS connection terminated at the source NF; selecting a target NF for a handover of the UE from the source NF to the target NF; and sending a request to transfer a NF context to the target NF in association with the handover, the request to transfer the NF context including: the information that indicates the NAS correlation identifier, and information that indicates a parent key for a new NAS connection to be to be associated with the NAS module and terminated at the target NF.
[0015] Some example implementations provide an apparatus comprising: at least one processor; and at least one memory storing instructions of a target network function (NF), the instructions when executed by the at least one processor causing the apparatus to perform operations, the operations comprising: receiving a request to transfer a NF context transfer request in association with a handover of a user equipment (UE) from a source NF to the target NF, wherein the UE includes a NAS module associated with a NAS connection terminated at the source NF, and the request to transfer the NF context includes information that indicates a NAS correlation identifier that identifies the NAS connection terminated at the source NF; creating a new NAS security context for a new NAS connection to be associated with the NAS module and terminated at the target NF; and sending, toward the UE, a security mode command to trigger a NAS security procedure with the target NF in association with the handover, the security mode commandincluding the information that indicates the NAS correlation identifier for the UE to create the new NAS security context based on the information that indicates the NAS correlation identifier.
[0016] Some example implementations provide a method performed by a target network function (NF), the method comprising: receiving a request to transfer a NF context transfer request in association with a handover of a user equipment (UE) from a source NF to the target NF, wherein the UE includes a NAS module associated with a NAS connection terminated at the source NF, and the request to transfer the NF context includes information that indicates a NAS correlation identifier that identifies the NAS connection terminated at the source NF; creating a new NAS security context for a new NAS connection to be associated with the NAS module and terminated at the target NF; and sending, toward the UE, a security mode command to trigger a NAS security procedure with the target NF in association with the handover, the security mode command including the information that indicates the NAS correlation identifier for the UE to create the new NAS security context based on the information that indicates the NAS correlation identifier.
[0017] These and other features, aspects, and advantages of the present disclosure will be apparent from a reading of the following detailed description together with the accompanying figures, which are briefly described below. The present disclosure includes any combination of two, three, four or more features or elements set forth in this disclosure, regardless of whether such features or elements are expressly combined or otherwise recited in a specific example implementation described herein. The present disclosure is intended to be read holistically such that any separable features or elements of the disclosure, in any of its aspects and example implementations, should be viewed as combinable unless the context of the disclosure clearly dictates otherwise.
[0018] It will therefore be appreciated that this Brief Summary is provided merely for purposes of summarizing some example implementations so as to provide a basic understanding of some aspects of the disclosure. Accordingly, it will be appreciated that the above described example implementations are merely examples and should not be construed to narrow the scope or spirit of the disclosure in any way. Other example implementations, aspects and advantages will become apparent from the following detailed description taken in conjunction with the accompanying figures which illustrate, by way of example, the principles of some described example implementations.BRIEF DESCRIPTION OF THE FIGURE(S)
[0019] Having thus described example implementations of the disclosure in general terms, reference will now be made to the accompanying figures, which are not necessarily drawn to scale, and wherein:
[0020] FIG. 1 illustrates a telecommunications system that includes one or more public land mobile networks (PLMNs) coupled to one or more external data networks, according to some example implementations of the present disclosure;
[0021] FIG. 2 illustrates a deployment of a PLMN, according to some example implementations;
[0022] FIG. 3 illustrates a modular network access stratum (NAS) architecture, according to some example implementations;
[0023] FIG. 4 is a signaling chart of a procedure for N2 handover in which a network function (NF) is relocated, according to some example implementations;
[0024] FIG. 5 is a signaling chart of procedures for N2 handover in which multiple NFs are relocated, according to some example implementations;
[0025] FIGS. 6 and 7 are signaling charts of procedures for N2 handover in which a source NF is relocated to a target NF, according to various example implementations;
[0026] FIGS. 8A, 8B, 8C and 8D are flowcharts illustrating various steps in a method 700 performed by a user equipment (UE), according to various example implementations;
[0027] FIGS. 9A and 9B are flowcharts illustrating various steps in a method performed by a target network function (NF), according to various example implementations;
[0028] FIGS. 10A and 10B are flowcharts illustrating various steps in a method performed by a UE, according to various example implementations;
[0029] FIG. 11 is a flowchart illustrating various steps in a method performed by a source NF, according to various example implementations;
[0030] FIG. 12 is a flowchart illustrating various steps in a method performed by a target NF, according to various example implementations; and
[0031] FIG. 13 illustrates an apparatus according to some example implementations.DETAILED DESCRIPTION
[0032] Some implementations of the present disclosure will now be described more fully hereinafter with reference to the accompanying figures, in which some, but not all implementations of the disclosure are shown. Indeed, various implementations of the disclosure may be embodied in many different forms and should not be construed as limited to the implementations set forth herein; rather, these example implementations are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art. Like reference numerals refer to like elements throughout.
[0033] Unless specified otherwise or clear from context, references to first, second or the like should not be construed to imply a particular order. A feature described as being above another feature (unless specified otherwise or clear from context) may instead be below, and vice versa; and similarly, features described as being to the left of another feature else may instead be to the right, and vice versa. Also, while reference may be made herein to quantitative measures, values, geometric relationships or the like, unless otherwisestated, any one or more if not all of these may be absolute or approximate to account for acceptable variations that may occur, such as those due to engineering tolerances or the like.
[0034] As used herein, unless specified otherwise or clear from context, the "or” of a set of operands is the "inclusive or” and thereby true if and only if one or more of the operands is true, as opposed to the "exclusive or” which is false when all of the operands are true. Thus, for example, "[A] or [B]” is true if [A] is true, or if [B] is true, or if both [A] and [B] are true. Further, the articles "a” and "an” mean "one or more,” unless specified otherwise or clear from context to be directed to a singular form. Furthermore, it should be understood that unless otherwise specified, the terms "data,” "content,” "digital content,” "information,” and similar terms may be at times used interchangeably. The term "network” may refer to a group of interconnected computers including clients and servers; and within a network, these computers may be interconnected directly or indirectly by various means including via one or more switches, routers, gateways, access points or the like.
[0035] The present disclosure discusses systems and architectures that, while specific terms may be used, are broadly applicable across various technologies. For instance, while the present disclosure may reference technologies from 3GPP such as Global System for Mobile Communications (GSM), UMTS, LTE, LTE Advanced, 5G NR, 5G Advanced, and 6G (Sixth Generation of wireless mobile network), the present disclosure is equally relevant to non-3GPP technologies like IEEE 802, Bluetooth, and Bluetooth Low Energy. Example implementations of the present disclosure described herein also mention public land mobile networks (PLMNs) and mobile network operators (MNOs), but example implementations are similarly applicable to standalone non-public networks (SNPNs) and the private entities operating these networks. Furthermore, although some examples and figures focus on radio access networks (RANs) and 3GPP access, example implementations are applicable to any type of network access. This includes not only 5G or 6G 3GPP access but also non-3GPP access, such as wireline access, untrusted non-3GPP access, and trusted non-3GPP access using wireless access gateway function (W-AGF), non-3GPP interworking function (N3IWF), or trusted non-3GPP gateway function (TNGF) to connect to a 5G or 6G core network.
[0036] Further, as used in this application, the term "circuitry” may refer to one or more or all of the following: (a) hardware-only circuit implementations (such as implementations in only analog and / or digital circuitry); (b) combinations of hardware circuits and software, such as (as applicable): (I) a combination of analog and / or digital hardware circuit(s) with software / firmware and (II) any portions of hardware processor(s) with software (including digital signal processor(s)), software, and memory(ies) that work together to cause an apparatus, such as a mobile phone or server, to perform various functions); or (c) hardware circuit(s) and / or processor(s), such as a microprocessor(s) or a portion of a microprocessor(s), that requires software (e.g., firmware) for operation, but the software may not be present when it is not needed for operation.
[0037] The above definition of circuitry applies to all uses of this term in this application, including in any claims. As a further example, as used in this application, the term circuitry also covers an implementation of merely a hardware circuit or processor (or multiple processors) or portion of a hardware circuit or processor and its (or their) accompanying software and / or firmware. The term circuitry also covers, for example and if applicable to the particular claim element, a baseband integrated circuit or processor integrated circuit for a mobile device or a similar integrated circuit in server, a cellular network device, or other computing or network device.
[0038] FIG. 1 illustrates a telecommunications system 100 according to various example implementations of the present disclosure. The telecommunications system generally includes one or more telecommunications networks. As shown, for example, the system includes one or morePLMNs 102 coupled to one or more other external data networks 104 - notably including a wide area network (WAN) such as the Internet. As will be appreciated, a PLMN may be deployed in a number of different manners. Some deployments of 4G LTE and 5G NR in particular are considered standalone (SA) deployments. Other deployments combine 4G LTE and 5G technologies, and are referred to as non-standalone (NSA) deployments.
[0039] Each of the PLMNs 102 includes a core network (CN) 106 backbone, such as the Evolved Packet Core (EPC) of 4G LTE, the 5G core network (5GC) (at times referred to as the NGC) of 5G NR, and the 6G core network (6GC) of 6G; and each of the core networks and the Internet are coupled to one or more RANs 108, air interfaces or the like that implement one or more radio access technologies (RATs).Examples of these RANs include the evolved UMTS terrestrial radio access network (E-UTRAN) of 4G LTE, the next generation (NG) radio access network (NG-RAN) of 5G NR, and the 6G RAN. As used herein, a "network device” refers to any suitable device at a network side of a telecommunications network. Examples of suitable network devices are described in greater detail below.
[0040] Examples of RATs include 3GPP radio access technologies such as GSM, CDMA2000 1xEV-DO (HRPD), CDMA2000 1x (1xRTT), UTRA, E-UTRA, 5G NR, 5G Advanced, and 6G. Other examples of RATs include IEEE 802 technologies such as IEEE 802.11 (Wi-Fi), IEEE 802.15 (including 802.15.1 (WPAN / Bluetooth), 802.15.4 (Zigbee) and 802.15.6 (WBAN)), Bluetooth, Bluetooth Low Energy (BLE), ultra wideband (UWB), and the like. Generally, a RAT may refer to any 2G, 3G, 4G, 5G, 6G or higher generation RAT and their different versions, as well as to any other RAT that may be arranged to interwork with such a mobile communication technology to provide access to the CN 106 of a MNO.
[0041] The telecommunications system 100 also includes one or more radio units that may be varyingly known as user equipment (UE) 110, terminal device, terminal equipment, mobile station or the like. The UE is generally a device configured to communicate with a network device or a further UE in a telecommunications network. The UE may be a portable computer (e.g., laptop, notebook, tablet computer), mobile phone (e.g., cell phone, smartphone), wearable computer (e.g., smartwatch), or the like.In other examples, the UE may be an Internet of things (loT) device, an industrial loT (lloT device), a vehicle equipped with a vehicle-to-everything (V2X) communication technology, or the like. In some examples, as referenced by 3GPP, the UE may be a narrowband loT (NB-loT) device, an enhanced machine-type communication (eMTC) device, a reduced capability (RedCap) device, an ambient loT device, or the like.
[0042] In operation, these UEs 110 may connect to one or more of the RANs 108 according to their particular RATs to thereby access a particular CN 106 of a PLMN 102, or to access one or more of the external data networks 104 (e.g., the Internet). The external data network may provide Internet access, operator services, 3rd party services, etc. For example, the International Telecommunication Union (ITU) has classified 5G mobile network services into three categories: enhanced mobile broadband (eMBB), ultra-reliable and low-latency communications (URLLC), and massive machine type communications (mMTC) or massive internet of things (MIoT).
[0043] In various examples, a RAN 108 may be configured as one or more macrocells, microcells, picocells, femtocells or the like. The RAN may generally include one or more RAN nodes that interact with UEs 110. In various examples, a RAN node may be referred to as a base station (BS), access point (AP), base transceiver station (BTS), Node B (NB), evolved NB (eNB), macro BS, NB (MNB) or eNB (MeNB), home BS, NB (HNB) or eNB (HeNB), next generation NB (gNB), enhanced gNB (en-gNB), next generation eNB (ng-eNB), 6G NB (6g NB), or the like. The term 'gNB' in 5G NR may correspond to the eNB in 4G LTE. Also, a NG-RAN node may refer to a gNB or a ng-eNB. And unless otherwise specified, a gNB in 5G NR or a 6gNB in 6G may at times be more generally referred to as a gNB or a (6)gNB.
[0044] The RAN 108 may include some type of network controlling / governing entity responsible for control of the RAN nodes. The network controlling / governing entity and RAN node may be separate or integrated into a single apparatus. The network controlling / governing entity may include processing circuity configured to carry out various management functions, etc. The processing circuity may be associated with a memory, computer-readable storage medium or database for maintaining information required in the management functions.
[0045] FIG. 2 illustrates a deployment of a PLMN 102, such as a 5G NR deployment or a 6G deployment. As shown, the RAN 108 (e.g., NG-RAN, 6G RAN) includes one or more gNBs 202 (RAN nodes) configured to connect one or more UEs 110 to the RAN to thereby access the CN 106 (e.g., 5GC, 6GC). In some deployments, operations of a gNB or other a RAN node may be distributed or functionally split into components including one or more remote radio head (RRHs) or radio units (RUs), and a baseband unit (BBU); and in some architectures, the BBU may be split into a central / centralized unit (CU) (central node) and a distributed unit (DU) (distributed node). The CU may be, for example, a server, host or node. In some architectures, the RRH / RU and DU may be collocated. It is also possible that node operations may be distributed among a plurality of servers, hosts or nodes.
[0046] It should also be understood that the distribution of work between core network operations and RAN node operations may vary depending on implementation. A 5G network architecture may be based on a so-called CU-DU split. One gNB-CU (a CU) may control one or more gNB-DUs (DUs). The gNB-CU may control a plurality of spatially separated gNB-DUs, acting at least as transmit / receive (Tx / Rx) nodes. In some example implementations, however, the gNB-DUs may include, for example, a radio link control (RLC), medium access control (MAC) layer and a physical (PHY) layer, whereas the gNB-CU may include the layers above the RLC layer, such as a packet data convergence protocol (PDCP) layer, a radio resource control (RRC), and an internet protocol (IP) layer. Other functional splits are also possible. It is considered that skilled person is familiar with the OSI (Open System Interconnection) model and the functionalities within each layer.
[0047] In some example implementations, the server or CU may generate a virtual network through which the server communicates with the radio node. In general, virtual networking may involve a process of combining hardware and software network resources and network functionality into a single, softwarebased administrative entity, a virtual network. Such virtual network may provide flexible distribution of operations between the server and the radio head / node. In practice, any digital signal processing task may be performed in either the CU or the DU, and the boundary where the responsibility is shifted between the CU and the DU may be selected according to implementation.
[0048] The CN 106 may include a number of network functions (NFs) divided between the control plane (CP) and the user plane (UP). In particular, the CN may include, for example, NFs for mobility management (MM) 204 (at times referred to as a MM NF) and session management (SM) 206 (at times referred to as a SM NF), as well as a user plane function (UPF) 208. The MM may be, for example, an access and mobility management function (AMF) in the 5GC, or a 6G MM in the 6GC. Similarly, the SM may be, for example, a session management function (SMF) in the 5GC, or a 6G SM in the 6GC. Other examples of suitable NFs 210 include a network exposure function (NEF), a policy and charging function (PCF), a network repository function (NRF), a network slice selection function (NSSF), a unified data management (UDM), a network data analytics function (NWDAF), or the like. As also shown, another example security key management function (SKMF) 212. As described, NFx or XX NF may be used to refer to a core network NF, such as an MM, SM, UPF, or any of a number of other NFs.
[0049] In 3GPP, communication between the UE 110, RAN 108 and CN 108 is guided by protocols organized in layers of a radio protocol stack, and these protocols include a non-access stratum (NAS) protocol at the NAS layer of the radio protocol stack. The NAS layer operates between the UE and the CN, and the NAS layer at each includes a NAS module that performs one or more functions within the NAS layer. The NAS protocol is monolithic ("one size fits all” approach). UEs must support all basic NAS modules. The consequence is a single protocol supported by the UE with a single NAS security termination in the CN.
[0050] As an enhancement, a modular and distributed NAS with distributed security termination may enable high-degree of orthogonality in the UE and CN. Synergies with modular 6G RRC design may therefore be more easily possible with the modular and distributed NAS. An independent design of NAS modules, such as MM and SM NAS modules, may lead to high flexibility when introducing new functions and allowing independent testing of NAS modules. This independent design may also support easier market take off. Optimal and tailored support of future use cases may also be allowed for a variety of different UE types, such as UEs for enterprise, loT, ambient loT(AloT), public safety, timing, positioning, sensing, high-end devices with extended reality (XR) I artificial intelligence (Al) capabilities, and the like.
[0051] FIG. 3 illustrates a modular NAS architecture 300, according to some example implementations. As shown, a UE 110 includes a number of NAS modules associated with NAS connections 302 terminated corresponding NAS modules at respective NFs, such as the MM 204, SM 206 and NFx 210. These NAS connections may have terminating end points 304 at the UE NAS modules and terminating end points 306 at the corresponding NAS modules at the respective NFs.
[0052] The NAS protocol in the modular NAS architecture 300 may therefore have distributed security termination of NAS connections in respective NFs. The NAS protocol may enable UE 110 to any-NF bidirectional direct communication transparent to the MM 204 (and its NAS module), which may in some implementations be purely responsible for relaying. In some examples, the UE may have an independent UE temporary identifier (ID) for each of the NAS terminations. There may also be one unique parent key per NAS connection, one authentication per UE. Additionally, there may be independent security associations, enabled by independent assigned key set identifiers (aKSI) and parent keys.
[0053] A SM 206 or other NFx 210 (e.g., NWDAF) that receives key material from a parent node (e.g., MM 204, SKMF 212) for NAS protection creates a separate NAS security for its NAS connection with the UE 110. Currently, when a handover or relocation of the SM / NFx is performed, the target SM / NFx may acquire new keys from the parent node for NAS protection, but this is not optimal as it requires an additional lookup for every relocation. The issue has also not been addressed for a modular NAS architecture, as network termination for a monolithic NAS has always been at the MM.
[0054] In 5GS N2 handovers, a target NF may rely on the keys provided by the source NF to establish a secure NAS connection with the UE 110. This means that the source NF has knowledge of the keys used by the target NF. Furthermore, in 5GS there is only one NAS connection per access type to be relocated, namely, a MM NAS connection. With modular NAS, on the other hand, a UE may have multiple NAS connections terminated across different NFs (e.g., MM 204, SM 206, NFx 210) in the network. An N2 handover in the case of a modular NAS may therefore result in multiple NAS connections being relocated to new target NFs.
[0055] In view of the foregoing, example implementations of the present disclosure provide solutions for modular NAS handover in which the parent key(s) for new NAS security context(s) for NAS connection(s)terminated at target NF(s) may be acquired in a number of different manners; and in some examples, the source NF(s) may have less knowledge of the parent key(s), and keys derived from the parent key(s). As described in greater detail below, in some examples, the target NF(s) may determine aKSI(s) and parent key(s) for the new NAS security context(s). In some more particular examples, the target NF(s) may request a new aKSI and new parent key(s) from the SKMF 212. In some other examples, the currently active aKSI may be identified or otherwise used, and the parent key(s) for the new NAS security context(s) may be horizontally derived by the source NF(s) based on parent key(s) for the NAS connection(s) terminated at the source NF(s). In some other examples, the target NF(s) may use the currently active aKSI and the parent key(s) for the NAS connection(s) terminated at the source NF(s).
[0056] In yet some other example implementations, the modular NAS architecture may be enhanced to address NF handover or relocation scenarios. In some of these other example implementations, the target NF(s) may receive the parent key(s) for new NAS security context(s) from the source NF(s) which may derive the parent key(s), or the target NF(s) may request the parent key(s) from the SKMF 212. In these examples, the source NF may signal information to the UE 110 to enable the UE to generate its own parent key(s), or the source NF may provide the information to the target NF(s) to signal to the UE to enable the UE to generate its own parent key(s).
[0057] According to some example implementations, instead of target NF(s) relying on key(s) from the source NF(s), the target NF(s) may request new key(s) directly from the SKMF 212. The target NF(s) may then use the new key(s) to establish secure NAS connection(s) with the UE 110. The source NF(s) may therefore have no knowledge of the key(s) used by the target NF(s), target RAN 108 and UE 110.
[0058] To illustrate some of these examples, FIG. 4 is a signaling chart 400 of a procedure for N2 handover in which a source MM NF (S-MM) 204A is relocated, according to some example implementations. In this scenario, a single MM NAS connection may be relocated. A target MM NF (T-MM) 204B may request a new NAS parent key and aKSI (assigned key set identifier) from the SKMF 212. The T-MM may derive new NAS keys, and provide the new aKSI along with other information to the UE 110 in a NAS container. The T-MM may also derive access stratum (AS) keys, provide the AS keys to a target RAN (T-RAN) 108B, and provide one or more related parameters to the UE. The UE may use the information and parameter(s) received from the T-MM to derive new NAS and AS keys, and create new NAS / AS security context.
[0059] In the illustrated scenario, a UE 110 includes UE NAS modules associated with respective NAS connections terminated at respective NFs, including a NAS connection terminated at the S-MM 204A. As shown in FIG. 4, a source RAN (S-RAN) 108A may at step 401 send a handover (HO) required message to the S-MM 204A. The S-MM 204A may at step 402 discover / select a T-MM 204B, and send a create UE context message to the T-MM that includes currently active aKSI (e.g., aKSI-Smm) and latest downlink (DL) NAS count (e.g., Smm DL NAS count) for the NAS connection terminated at the S-MM.
[0060] The T-MM 204B may at step 403 request a NAS parent key (Kp) and aKSI from the SKMF 212 for a new NAS security context for a new NAS connection with the UE 110 to be associated with the UE NAS module and terminated at the T-MM. The SKMF may at step 404 assign a new NAS parent key (e.g., Kp-Tmm) and aKSI (e.g., aKSI-Tmm), and send the new NAS parent key and aKSI to the T-MM. The T-MM may use Kp-Tmm and appropriate algorithms for the new NAS connection to derive NAS keys for the new NAS security context. The algorithms may include integrity and encryption algorithms selected by T-MM from those supported by the UE NAS module (e.g., MM) which may be indicated in UE capabilities to the network. The NAS keys may include a NAS integrity key and a NAS encryption key.
[0061] The T-MM 204B may create a NAS container (NASC) (e.g., NASCmm) including information for the NAS connection terminated at S-MM 204A, and the new NAS connection to be associated with the UE NAS module and terminated at the T-MM. In this regard, the NASC may include information that indicates, for example, a NAS type, as well as the aKSI-Smm, aKSI-Tmm and Smm DL NAS count. The NAS type identifies the NAS type identifies the UE NAS module (MM) to which NASC will be forwarded. The aKSI-Smm enables identification of the active NAS security context within the UE NAS module (MM). The aKSI-Tmm may be used as a NAS security context identifier within T-MM and the UE NAS module (MM). The aKSI-Tmm and may be used by the UE NAS module (MM) to identify and / or derive a new parent key (e.g., Kp-Tmm) which results in the same key as the parent key provided by the SKMF 212 to the T-MM. The Smm DL NAS count is the latest DL NAS count for the NAS security context identified by aKSI-Smm between the S-MM 204A and the UE NAS module (MM).
[0062] NASCmm may also include information that indicates integrity and encryption algorithm identifiers (e.g., T-MM NAS algorithm IDs) that identify the integrity and encryption algorithms used by the T-MM 204B to derive the NAS keys (integrity, encryption). The change NAS key indicator may indicate to the UE NAS module (MM) that a new NAS parent key is to be derived based on the received aKSI, which in this example is aKSI-Tmm).
[0063] To integrity protect NASCmm, the T-MM 204B may calculate a NAS MAC using the NAS integrity key (derived from Kp-Tmm and T-MM NAS algorithm IDs) and a NAS count 232-1, and include the NASMAC. T-MM may set the T-MM's UL / DL NAS counts to 0 (zero). The T-MM may also use Kp-Tmm and ULNAS count 232-1to derive new AS keys, including a next hop (NH) key (equivalent to the RAN node key K-gNB I K-6gNB in some scenarios), and associate NH with an NH chaining counter (NCC) = 0.
[0064] The T-MM 204B may at step 405 send a HO request to the T-RAN 108B that includes one or more NASCs (including NASCmm), NH / NCC and a new security context identifier (NSCI) for the new NAS security context. As explained below, in some examples in which T-MM receives NASCs from other NF(s) also being relocated, the T-MM may aggregate the NASCs together with its own NASCmm in the HO request to the T-RAN. T-MM increments T-MM's DL NAS count by 1 when NASCmm is sent to the T-RAN.
[0065] Upon receipt of the NASC(s) and NH / NCC, the T-RAN 108B may store and use NH / NCC to further derive AS keys based on T-RAN's current cel l / frequency information. The T-RAN may at step 406 send a HO command to the UE 110 (via other nodes, e.g., S-MM 204A, S-RAN 108A) containing the NASC(s), NCC, and a key set change indicator (KeySetChangelndicator) which may be mapped from the NSCI.
[0066] The UE 110 may use the NAS type information in the NASCmm to forward the NASCmm to the UE NAS module (MM) to be associated with the new NAS connection and terminated at the T-MM 204B. The UE NAS module (MM) may then use the information in the NASC to create the new NAS security context at the UE NAS module (MM) for the new NAS connection. More particularly, for example, the UE NAS module (MM) may use aKSI-Smm to identify the currently active NAS security context in the UE NAS module (MM), and use the Smm DL NAS count in the NASCmm to perform a replay protection procedure in which the Smm DL NAS count is checked against the UE NAS module (MM) NAS count record to ensure replay protection. In this regard, the replay protection procedure is a procedure designed to prevent a malicious actor from intercepting and resending a message.
[0067] The UE NAS module (MM) in the UE 110 may use the change NAS key indicator to indicate that a new parent key needs to be derived, and use aKSI-Tmm to identify or derive the new parent key (Kp-Tmm).
[0068] The UE NAS module (MM) in the UE 110 may use Kp-Tmm and T-MM NAS algorithm IDs to derive the NAS keys, including the NAS integrity key and the NAS encryption key. The UE NAS module (MM) may then use the NAS integrity key to perform an integrity check to verify integrity of the NASCmm using the NAS MAC in the NASCmm. If the integrity check passes, the UE NAS module (MM) may create the new NAS security context (identified by aKSI-Tmm) to hold the Kp-Tmm, T-MM NAS algorithm IDs, NAS keys, and UL / DL NAS counts = 0. This NAS security context may be marked as the new active NAS security context in the UE NAS module (MM).
[0069] The UE NAS module (MM) in the UE 110 may also use Kp-Tmm and UL NAS count 232-1to derivethe new AS keys including NH, and associate NH with NCC = 0. The UE NAS module (MM) may store the NH / NCC in its new NAS security context. In some examples, based on the key set change indicator, the UE AS may request current NH / NCC values from the UE NAS module (MM), and the UE AS may use the NH / NCC values to further derive AS keys based on the UE AS's current cell / frequency information.
[0070] As also shown in FIG. 4, to complete the handover, the UE 110 may at step 407 send a HO confirm message to the T-RAN 108B, and the T-RAN may at step 408 send a HO notify message to the T-MM 204B.
[0071] As indicated above, in some examples, multiple NFs that terminate respective NAS connections associated with UE NAS modules may be relocated. The same or similar principles as described above may also apply in these examples, except that only the MM 204 and UE NAS module (MM) generate / manage AS-related keying material (NH / NCC). In some modular NAS architectures, the T-MM 204B may be responsible for coordinating with other NF(s) that terminate NAS connection(s) to berelocated. In some examples, when packet data unit (PDU) sessions are established, PDU session IDs for the PDU sessions, and SM NF ID of the SM 206 associated with the PDU sessions, may be stored in the RAN, which is the S-RAN 108A for the N2 handover procedure. The S-RAN may then provide information that indicates the PDU session ID and associated SM NF ID as required, such as during the N2 handover procedure. This may avoid the need for the MM, namely S-MM 204A in the N2 handover, to store a mapping between PDU session IDs and SM NF IDs.
[0072] As described further below, in some examples, each target NF (e.g., SM, XX) may request a new NAS parent key (Kp) and aKSI from the SKMF 212. Each target NF may derive new NAS keys, and provide the new aKSI along with other information in a NASC sent toward the UE 110. The T-MM may aggregate the NASC(s) received from other target NF(s), including its own NASCmm, and provide the NASCs to the T-RAN 108B, which in turn provides the NASCs to the UE 110 in the HO command. The UE uses the NAS type information in each NASC to forward the NASC to the correct UE NAS module.
[0073] FIG. 5 is a signaling chart 500 of procedures for N2 handover in which a MM 204 and a SM 206 are relocated, according to some example implementations. Although shown and described in for the case in which an SM is relocated, it should be understood that the signaling chart and procedures apply equally to relocation of at least one other NFx 210.
[0074] As shown in FIG. 5, a S-RAN 108A may at step 501 send a HO required message to the S-MM 204A, and the S-MM may at step 502 discover / select a T-MM 204B, and send a create UE context message to the T-MM, similar to steps 401, 402 in FIG. 4. In addition, the S-RAN may provide a PDU session ID / SM NF ID mapping to S-MM, and the S-MM may provide the PDU session ID / SM NF ID mapping to the T-MM. The T-MM may at steps 503, 504 request a NAS parent key (Kp) and aKSI from the SKMF 212 for a new NAS security context for a new NAS connection with the UE 110 to be associated with the UE NAS module (MM) and terminated at the T-MM, similar to steps 403, 404.
[0075] The T-MM 204B may at step 505 use received information (PDU session ID / SM NF ID) to contact a S-SM 206A. The S-SM may use a subscription permanent identifier (SUPI) or other UE identifier to identify a UE-specific context, and the S-SM may use the UE-specific context to discover / select a T-SM 206B. The S-SM may at step 506 send an update UE context to the T-SM that includes currently active aKSI (e.g., aKSI-Ssm) and latest DL NAS count (e.g., Ssm DL NAS count) for the NAS connection terminated at the S-SM. The T-MS may at steps 507, 508 request a NAS parent key (Kp) and aKSI from the SKMF 212 for a new NAS security context for a new NAS connection with the UE 110 to be associated with the UE NAS module (SM) and terminated at the T-SM, also similar to steps 403, 404.
[0076] The T-SM 206B may create a NASC (e.g., NASCsm) including information for the NAS connection terminated at S-SM 206A, and the new NAS connection to be associated with the UE NAS module (SM) and terminated at the T-SM, such as in a manner similar to that described above for T-MM 204B. The T-SM may at step 509 send a create UE context acknowledgement to the S-SM that includes the NASCsm, andthe S-SM may at step 510 send an update SM context acknowledgement to the T-MM that includes the NASCsm.
[0077] The T-MM 204B may create a NASC (e.g., NASCmm) including information for the NAS connection terminated at S-MM 204A, and the new NAS connection to be associated with the UE NAS module and terminated at the T-MM, such as in a manner similar to that described above. In addition, T-MM may aggregate NASCsm and NASCmm. The T-MM may then at step 511 send a HO request to the T-RAN 108B that includes the NASCs (NASCsm, NASCmm) and NH / NCC, similar to step 405.
[0078] Upon receipt of the NASCs (NASCsm, NASCmm) and NH / NCC, the T-RAN 108B may store and use NH / NCC to further derive AS keys based on T-RAN's current cell / frequency information. The T-RAN may at step 512 send a HO command to the UE 110 (via other nodes, e.g., S-MM 204A, S-RAN 108A) containing the NASCs, NCC, and a key set change indicator, similar to step 406.
[0079] The UE 110 may forward the NASCs (NASCsm, NASCmm) to the correct NAS modules (SM, MM) based on the NAS type information in the NASCs. Each UE NAS module may then use the information in a respective NASC to perform an integrity check and create the new NAS security context at the UE NAS module for a respective new NAS connection. That is, the UE NAS module (SM) may use the information in the NASCsm to perform an integrity check and create the new NAS security context at the UE NAS module (SM) for the new NAS connection terminated at T-SM 206B. The UE NAS module (MM) may use the information in the NASCmm to perform an integrity check and create the new NAS security context at the UE NAS module (MM) for the new NAS connection terminated at T-MM 204B. Each new NAS security context may be marked as the new active NAS security context in the respective UE NAS module (MM, SM). The UE NAS module (MM) may also provide the UE AS layer with a new NH based on Kp-Tmm. In the case of N2 handover failure, the previously current NAS security contexts may be reused.
[0080] As also shown in FIG. 5, to complete the handover, the UE 110 may at step 513 send a HO confirm message to the T-RAN 108B, and the T-RAN may at step 514 send a HO notify message to the T-MM 204B, similar to steps 407, 408. The T-MM may further send a HO notify message to the T-SM 206B.
[0081] Again, although shown and described in for the case in which a MM 204 and an SM 206 are relocated, it should be understood that the signaling chart 500 and procedures shown in FIG. 5 apply equally to relocation of at least one other NFx 210. In some of these examples, steps 505-510 may be triggered in parallel and repeated for the at least one other NFx. For example, step 505 described above may include a step 505a toward the S-SM 206A, as well as a corresponding step 505b toward another source NF (S-NFx). Likewise, step 506 may include a step 506a toward the T-SM 206B, as well as a step 506b toward another target NF (T-NFx). This may also be the case for steps 507, 508, 509 and 510.
[0082] According to some other example implementations, a source NF (e.g., S-MM 204A, S-SM 206A) may horizontally derive a new NAS parent key (Kp-Sxx*) for a new NAS security context for a new NAS connection with the UE 110 to be associated with the UE NAS module and terminated at the target NF(e.g., T-MM 204B, 206B). The new NAS parent key may be derived based on a parent key (Kp-Sxx) for the active NAS security context for the NAS connection associated with the UE NAS module and terminated at the source NF. The source NF may then provide the currently active aKSI-Sxx (e.g., aKSI-Smm, aKSI-Ssm) and Kp-Sxx* to the target NF in connection with the handover, such as at step 402 in FIG. 4, or at steps 502, 506 in FIG. 5.
[0083] In some of these examples, the target NF (e.g., T-MM 204B, 206B) may use the new, horizontally-derived NAS parent key (Kp-Sxx*), and not query the SKMF 212 for keys (at steps 403, 404 in FIG. 4, and steps 503, 504 and 507, 508 in FIG. 5). The currently active aKSI-Sxx may also be reused, instead of a new aKSI (e.g., aKSI-Tmm, aKSI-Tsm). The target NF may therefore create the NASC including information similar to before, but without the new aKSI. The target NF may send the NASC(s) to the T-RAN 108B as before, and set its local DL NAS count = 1 (at step 405 in FIG. 4, and step 511 in FIG. 5). The T-MM 204B in particular may store and provide the NH / NCC pair received from the S-MM 204A to the T-RAN with a NSCI set.
[0084] Upon receipt of the NASC(s) and NH / NCC, as before, the T-RAN 108B may store and use NH / NCC to further derive AS keys based on T-RAN's current cell / frequency information. The T-RAN may send a HO command to the UE 110 (via other nodes, e.g., S-MM 204A, S-RAN 108A) containing the NASC(s), NCC, and a key set change indicator (KeySetChangelndicator) which may be mapped from the NSCI (at step 406 in FIG. 4, and step 512 in FIG. 5).
[0085] The UE 110 may use the NAS type information in the NASC(s) to forward the NASC(s) to the correct UE NAS module(s) to be associated with the new NAS connection(s) and terminated at the target NF(s) (e.g., T-MM 204B, T-SM 206B). Each UE NAS module may then use the information in a correct one of the NASC(s) to create the new NAS security context at the UE NAS module for one of the new NAS connections, similar to before. In these example implementations, however, aKSI-Sxx may point to a parent key (Kp-Sxx) for a corresponding one of the NAS connections terminated at one of the source NFs, and the UE NAS module may use the Kp-Sxx and Sxx DL NAS count to itself horizontally derive the new parent key (Kp-Sxx*). The UE NAS module may assign aKSI-Sxx as the identifier of Kp-Sxx*.
[0086] Each UE NAS module may use Kp-Sxx* and target NF NAS algorithm IDs to derive the NAS keys, including the NAS integrity key and the NAS encryption key. The UE NAS module may then use the NAS integrity key to perform an integrity check to verify integrity of the NASC using a NAS MAC in the NASC. If the integrity check passes, the UE NAS module may create the new NAS security context (identified by aKSI-Sxx) to hold the Kp-Sxx*, target NF NAS algorithm IDs, NAS keys, and UL / DL NAS counts = 0. This NAS security context may be marked as the new active NAS security context in the UE NAS module.
[0087] For the UE NAS module (MM) in particular, the UE NAS module (MM) may also use Kp-Sxx* and UL NAS count 232-1to derivethe new AS keys including NH, and associate NH with NCC = 0. The UE NAS module (MM) may store the NH / NCC in its new NAS security context. In some examples, based onthe key set change indicator, the UE AS may request current NH / NCC values from the UE NAS module (MM), and the UE AS may use the NH / NCC values to further derive AS keys based on the UE AS's current cell / frequency information.
[0088] In some examples, after successful N2 handover, each target NF may inform the SKMF 212 that the target NF is in possession of a respective aKSI-Sxx. This may enable the SKMF to keep track of which NF(s) the SKMF may need to contact with update(s), such as a new authentication and key agreement (AKA) run.
[0089] According to some other example implementations, the source NF (e.g., S-MM 204A, S-SM 206A) may provide the target NF (e.g., T-MM 204B, T-SM 206B) with Kp-Sxx instead of a Kp-Sxx*. More particularly, the source NF may provide the target NF with the currently active aKSI-Sxx (e.g., aKSI-Smm, aKSI-Ssm), Kp-Sxx and UL / DL NAS counts to the target NF in connection with the handover, such as at step 402 in FIG. 4, or at steps 502, 506 in FIG. 5.
[0090] The target NF (e.g., T-MM 204B, 206B) may use the NAS parent key Kp-Sxx, and not query the SKMF 212 for keys (at steps 403, 404 in FIG. 4, and steps 503, 504 and 507, 508 in FIG. 5). The currently active aKSI-Sxx may also be reused, instead of a new aKSI (e.g., aKSI-Tmm, aKSI-Tsm). The target NF may create the NASC including information similar to before, but without the new aKSI and a key set change indicator. The target NF may send the NASC(s) to the T-RAN 108B as before, and set its local DL NAS count = 1 (at step 405 in FIG. 4, and step 511 in FIG. 5). The T-MM 204B in particular may store and provide the NH / NCC pair received from the S-MM 204A to the T-RAN with a NSCI set.
[0091] The T-RAN 108B may send a HO command to the UE 110 (via other nodes, e.g., S-MM 204A, S-RAN 108A) containing the NASC(s), NCC, but without a key set change indicator (KeySetChangelndicator) (at step 406 in FIG. 4, and step 512 in FIG. 5).
[0092] The UE 110 may use the NAS type information in the NASC(s) to forward the NASC(s) to the correct UE NAS module(s) to be associated with the new NAS connection(s) and terminated at the target NF(s) (e.g., T-MM 204B, T-SM 206B). Each UE NAS module may then use the information in a correct one of the NASC(s) to create the new NAS security context at the UE NAS module for one of the new NAS connections, similar to before. In these example implementations, however, aKSI-Sxx may point to a parent key (Kp-Sxx) for a corresponding one of the NAS connections terminated at one of the source NFs, and the UE NAS module may use the Kp-Sxx without horizontally deriving a new parent key (Kp-Sxx*). The NAS counts may remain unchanged, and not reset to zero.
[0093] Each UE NAS module may use Kp-Sxx and target NF NAS algorithm IDs to derive the NAS keys, including the NAS integrity key and the NAS encryption key. The UE NAS module may then use the NAS integrity key to perform an integrity check to verify integrity of the NASC using a NAS MAC in the NASC. If the integrity check passes, the UE NAS module may create the new NAS security context (identified by aKSI-Sxx) to hold the Kp-Sxx, target NF NAS algorithm IDs, NAS keys, and current UL / DL NAS counts.This NAS security context may be marked as the new active NAS security context in the UE NAS module. The above assumes the target NF NAS algorithms are different from the source NF NAS algorithms. In examples in which the NAS algorithms are the same, the target NF may not send a NASC to the UE 110.
[0094] In some examples, after successful N2 handover, each target NF may inform the SKMF 212 that the target NF is in possession of a respective aKSI-Sxx. This may enable the SKMF to keep track of which NF(s) the SKMF may need to contact with update(s), such as a new authentication and key agreement (AKA) run.
[0095] FIG. 6 is a signaling chart 600 of a procedure for N2 handover in which a source NF (S-NF) 612A (e.g., MM, SM) is relocated to a target NF (T-NF) 612B of the same type, according to some example implementations. As shown, after registration and primary authentication is completed, the S-NF may at step 601 fetch a parent key (KNF) from the SKMF 212. The S-NF 612A and a UE 110 may at step 602 perform a NAS security mode procedure to create a secure NAS connection using KNF. A NAS containerfrom S-NF may protected with NAS encryption and integrity keys derived from KNF. In this regard, the NAS security mode procedure is a procedure performed to establish and activate a NAS security context between the S-NF and the UE.
[0096] The UE 110 may move and change its location, which may trigger a handover and context transfer of the UE 110 from the S-NF 612A to a T-NF 612B. For this, the S-NF may at step 603 select the T-NF for the given UE's session. In some examples, the S-NF may decide to relocate and select the T-NF without UE mobility, such as due to its own internal logic (e.g., load balancing, offloading, etc.).
[0097] The S-NF 612A may at step 604 use the service based interface (SBI) service, either using a dedicated application programming interface (API) or extending existing APIs to transfer the NAS security context to the T-NF 612B. In some examples, the S-NF may request to transfer a NF context to the T-NF in association with the handover, and the NF context may include the NAS security context. For the NAS security context, the request may include the new parent key (KNF1) for a new NAS connection to beassociated with the UE 110 and terminated at the T-NF. The new parent key may be identified or derived in a number of different manners, such as those described above. The request may also include UE capability information, and information that indicates a NAS correlation ID (e.g., NAS correlation ID =X1).
[0098] The NAS correlation ID may be formatted in a number of different manners, including one or more parameters such as mobile country code (MCC), mobile network code (MNC), network identifier (NID) NF set ID, NF instance ID, universally unique identifier (UUID), globally unique temporary identifier (GUTI), 6G-GUTI, or the like. More specific examples of the format of the NAS correlation ID include the below three options:Option 1: < MCC, MNC, [NID]>< NF Set ID>< NF Instance ID>< UUIDV4>.Option 2: < UUID v4>Option 3: NFx_6G-GUTIIn some examples, it may be assumed that the NF-S 612A does not reallocate the same UUID or MME temporary mobile subscriber identity (M-TMSI) within the 6G-GUTI to any other UE 110 for given duration agreed between S-NF and T-NF 612B. After this duration, the T-NF may perform a new NAS security mode command (SMC) procedure with its own parent key and aKSI.
[0099] Regardless of the format of the NAS correlation ID, the T-NF 612B may at step 605 send an acknowledgement to the S-NF 612A if the T-NF accepts to use the new parent key. The T-NF may otherwise at step 604A decide to acquire a different parent key, and send a negative response to S-NF. In this case, the T-NF may then at steps 604B, 604C request the new parent key from the SKMF 212.
[0100] if the S-NF 612A receives an acknowledgement from the T-NF 612B in step 605, the S-NF may at step 606 send a NAS message to the UE 110 with key generation information, and the NAS correlation ID, The key generation information may include an indication a key generation option, which in some examples may be indicated by a random or constant value for the key generation option. Additional information regarding examples of key generation options is provided beiow. The NAS message may be protected with NAS encryption and integrity keys used by S-NF. To this point, new parent key KNF1has not been used.
[0101] The UE 110 may at step 607 use the information received from the S-NF 612A to derive the new parent key (KNF1) for the new NAS connection, such as in any of the manners described above. Although shown as occurring after the UE receives the NAS message from the S-NF, in some examples the UE may instead derive the new parent key when the UE later (at step 606) receives the NAS correlation ID from the T-MM 612. In this regard, the T-NF may at step 608 send a SMC to trigger a NAS SMC procedure with the NAS correlation ID and other NAS container parameters, such as information that indicates integrity and encryption algorithm identifiers (e.g., NAS algorithm IDs) that identify the integrity and encryption algorithms used by the T-NF. in some examples, the T-NF may protect the NAS SMC with new key parent KNF1(integrity keys). This message may be sent without being ciphered.
[0102] The UE 110 may use the NAS correlation ID to identify the NAS connection associated with the UE and terminated at S-NF 612A, or more particularly identify the NAS security context for the NAS connection. The UE may at step 609 use the NAS count available in the NAS connection identified by NAS correlation ID, and use the KNF1integrity keys derived from to verify integrity protection for the SMC. The UE may create the security context for the new NAS connection, and then at step 610 respond to the SMC with a SMC response that indicates success or failure of the SMC procedure. The SMC response may include other NAS container parameters with integrity protection and ciphering of KNF1keys. The T-NF 612B may validate the ciphered and integrity protection message; and if successful, confirm the UE has a valid key and protection is successful. Subsequent NAS messages between the T-NF and UE, then, may be protected using NAS keys (integrity, encryption) derived from KNF1.
[0103] Although only one S-NF 612A is shown in FIG. 6, the procedure may be extended to scenarios in which there are multiple S-NFs and only one of the S-NF (shown) transfers its NF context to the T-NF612B, in these scenarios, each S-NF may at a respective step 601 fetch a respective parent key (KNF) from the SKMF 212. Likewise, each S-NF and the UE 110 may at a respective step 602 perform a NAS security mode procedure to create a secure NAS connection using the respective KNF. The remaining steps of the procedure may be similar, with one of the S-NFs at step 603 selecting the T-NF for handover. The other S- NF(s) may not be handed over and use their same respective parent key(s) before and after handover of the one S-NF to the T-NF.
[0104] FIG. 7 is a signaling chart 700 of a procedure for N2 handover in which a S-NF) 612A (e.g., MM, SM) is relocated to a T-NF 612B of the same type, according to some other example implementations. This procedure is similar to the N2 handover procedure shown in FIG. 6 and described above, but without extra NAS signaling. The steps of the procedures are similar, with differences between the procedures described below. Again, the S-NF 612A and the UE 110 may at step 702 perform a NAS security mode procedure to create a secure NAS connection using KNF, and a NAS container from S-NF may protected with NAS encryption and integrity keys derived from KNF. The S-NF may also at step 702 send information that indicates the NAS correlation ID to the UE.
[0105] The S-NF 612A may at step 704 use the SBI service, either using a dedicated API or extending existing APIs to transfer the NAS security context to the T-NF 612B, similar to step 604. In some examples, the S-NF may request to transfer a MF context to the T-NF in association with the handover, and the request may include the new parent key (KNF-S), UE capability information, and information that indicates the NAS correlation ID (e.g., NAS correlation ID =X1), The request may also include a random or constant value for a key generation option.
[0106] The T-NF 612B may at step 605 send an acknowledgement to the S-NF 612A if the T-NF accepts to use the new parent key, or the T-NF may otherwise at steps 604A, 604B, 604C decide to acquire a different parent key, and request the new parent key from the SKMF 212.
[0107] The T-NF 612B may at step 708 send a SMC to trigger a NAS SMC procedure with the NAS correlation ID, the random / constant value, and other NAS container parameters, such as information that indicates integrity and encryption algorithm identifiers (e.g., NAS algorithm IDs), in some examples, the T-NF may protect the NAS SMC with new key parent KNF1(integrity keys). This message may be sent without being ciphered, In some examples, the T-NF may instead send the SMC to the UE via the S-NF 612A, which may ensure the messages and keys are protected using existing security between the S-NF and UE.
[0108] The UE 110 may use the NAS correlation ID to identify the NAS connection associated with the UE and terminated at S-NF 612A, or more particularly identify the NAS security context for the NAS connection. The UE may at step 709 use the NAS count available in the NAS connection identified by NAS correlation ID, generate the KNFI integrity keys using the constant / random value, and use the integrity keys KNF1to verify the integrity protection for the SMC. And similar to before, the UE may create the securitycontext for the new NAS connection, and then at step 610 respond to the SMC with a SMC response that indicates success or failure of the SMC procedure.
[0109] As indicated above, in some examples, a key generation option may be signaled to the UE 110 by the T-NF 612B. These key generation options may include a first key generation option, a second key generation option, and a third key generation option, in the first key generation option, derivation of a new parent key KNF1' from an existing parent key KNFin mobility may use the following input parameters:FC = OxFFP1 = COUNTL1 = length of COUNT (i.e.., 0x00 0x04)In the second key generation option, derivation of a new parent key KNF’ / KFX from an existing parent KNF in mobility may use the following input parameters:FC = OxFFP1 = RANDL1 = length of RAND (i.e.., 0x00 0x04)In the third key generation option, a new parent key KNF1' from an existing parent key KNFduring NF relocation may use the following input parameters:FC = OxFFP1 = directionL1 = length of direction (i.e.., 0x00 0x04)P2 = COUNTL2 = length of COUNT (i.e.., 0x00 0x04)In the first key generation option, the second key generation option and the third key generation option, the input key KEY may be KNF.
[0110] FIGS. 8A - 8D are flowcharts illustrating various steps in a method 800 performed by a user equipment (UE), according to various example implementations. The method includes receiving a handover command to handover the UE from a source network function (NF) to a target NF, as shown at block 802 of FIG. 8A. The UE includes non-access stratum (NAS) modules associated with respective NAS connections terminated at respective NFs, and the handover command includes a NAS container for a NAS module of the NAS modules that is associated with a NAS connection terminated at the source NF. The method includes routing the NAS container to the NAS module, In some of these examples, the NAS container includes information for the NAS connection and information for a new NAS connection to be associated with the NAS module and terminated at the target NF, as shown at block 804. And the method includes creating, at the NAS module, a new NAS security context for the new NAS connection based on the information for the NAS connection and the information for the new NAS connection in the NAS container, as shown at block 806.
[0111] In some examples, the NAS container includes a NAS type of the NAS module, and the NAS container is routed to the NAS module at block 804 based on the NAS type.
[0112] In some examples, the information for the NAS connection in the NAS container includes information that indicates the assigned key set identifier and information that indicates a downlink NAS count for the NAS connection. In some of these examples, the method 800 further includes identifying, based on the assigned key set identifier, a NAS security context for the NAS connection terminated at the source NF, as shown at block 808 of FIG. 8B. The method also includes performing a replay protection procedure based on the downlink NAS count, as shown at block 810.
[0113] In some examples, the information for the NAS connection in the NAS container includes information that indicates an assigned key set identifier, and the information for the new NAS connection includes information that indicates integrity and encryption algorithm identifiers for the new NAS connection. In some of these examples, creating the new NAS security context at block 806 includes determining a parent key for the new NAS security context based on the assigned key set identifier, as shown at block 812 of FIG. 8C. Also in some of these examples, creating the enw NAS security context includes deriving NAS keys for the new NAS security context based on the parent key and algorithms identified by the integrity and encryption algorithm identifiers, as shown at block 814.
[0114] In some examples, the method 800 further includes deriving access stratum (AS) keys based on the parent key for the new NAS connection.
[0115] In some examples, the assigned key set identifier for the new NAS connection is a new assigned key set identifier requested by the target NF from a security key management function, and the information for the new NAS connection in the NAS container further includes a change key indicator. In some of these examples, the change key indicator indicates to derive the parent key for the new NAS security context, and the determining the parent key for the new NAS security context at block 812 comprises deriving the parent key for the new NAS security context based on the new assigned key set identifier.
[0116] In some examples, the assigned key set identifier for the new NAS connection is a key set identifier for the NAS connection terminated at the source NF, and the information for the new NAS connection in the NAS container further includes a change key indicator.
[0117] In some examples, the assigned key set identifier for the NAS connection terminated at the source NF identifies a parent key for the NAS connection terminated at the source NF. In some of these examples, the change key indicator indicates to derive the parent key for the new NAS security context, and the determining the parent key for the new NAS security context at block 812 comprises horizontally deriving the parent key for the new NAS security context based on the parent key for the NAS connection terminated at the source NF.
[0118] In some examples, the assigned key set identifier for the new NAS connection is a key set identifier for the NAS connection terminated at the source NF, and the parent key for the new NAS security context is identified by the assigned key set identifier for the NAS connection.
[0119] In some examples, the source NF and the target NF are mobility management (MM) network functions.
[0120] In some examples, the NAS modules further include an other NAS module associated with an other NAS connection terminated at an other source NF, and the handover command is further a handover command to handover the UE from the other source NF to an other target NF. In some of these examples, the method 800 further includes receiving an other NAS container for the other NAS module, as shown at block 816 of FIG. 8D. The method includes routing the other NAS container to the other NAS module, wherein the other NAS container includes information for the other NAS connection and information for an other new NAS connection to be associated with the other NAS module and terminated at the other target NF, as shown at block 818. And the method includes creating, at the other NAS module, an other new NAS security context for the other new NAS connection based on the information for the other NAS connection and the information for the other new NAS connection in the other NAS container, as shown at block 820.
[0121] FIGS. 9A and 9B are flowcharts illustrating various steps in a method 900 performed by a target network function (NF), according to various example implementations. The method includes receiving a request to create a user equipment (UE) context in association with a handover of a UE from a source NF to the target NF, as shown at block 902 of FIG. 9A The UE includes non-access stratum (NAS) modules associated with respective NAS connections terminated at respective NFs, and the NAS modules include a NAS module associated with a NAS connection terminated at the source NF. The method includes creating a new NAS security context for a new NAS connection to be associated with the NAS module and terminated at the target NF, as shown at block 904. The method includes generating a NAS container including information that indicates a NAS type of the NAS module, and information for the NAS connection and information for the new NAS connection, as shown at block 906. And the method includes sending the NAS container toward the UE for the UE to route the NAS container to the NAS module based on the information that indicates the NAS type, and for the NAS module to create, at the new NAS security context and based on the information for the NAS connection and the information for the new NAS connection, the new NAS security context, as shown at block 908.
[0122] In some examples, the request to create the UE context includes an assigned key set identifier and a downlink NAS count for the NAS connection terminated at the source NF. In some of these examples, the information for the NAS connection in the NAS container includes information that indicates the assigned key set identifier and information that indicates the downlink NAS count for the NAS connection.
[0123] In some examples, creating the new NAS security context at block 904 comprises determining an assigned key set identifier for the new NAS connection. In some of these examples, the information for thenew NAS connection in the NAS container includes information that indicates the assigned key set identifier for the new NAS connection, and information that indicates integrity and encryption algorithm identifiers for the new NAS connection.
[0124] In some examples, the assigned key set identifier for the new NAS connection is a new assigned key set identifier, and creating the new NAS security context by the target NF at block 904 comprises requesting, from a security management function, the new assigned key set identifier and a parent key for the new NAS connection. In some of these examples, the information for the new NAS connection in the NAS container includes the new assigned key set identifier and a change key indicator.
[0125] In some examples, the method 900 further includes deriving access stratum (AS)-related keying material based on the parent key for the new NAS connection. In some of these examples, sending the NAS container at block 908 comprises sending the NAS container and the AS-related keying material to a target radio access network (RAN) for the target RAN to store the AS-related keying material and forward the NAS container to the UE.
[0126] In some examples, the assigned key set identifier for the new NAS connection is an assigned key set identifier for the NAS connection terminated at the source NF. In some of these examples, creating the new NAS security context by the target NF at block 904 comprises identifying, from the request to create the UE context, the assigned key set identifier and a parent key for the new NAS security context horizontally derived by the source NF based on a parent key for the NAS connection. Also in some of these examples, the information for the new NAS connection in the NAS container includes the assigned key set identifier and a change key indicator.
[0127] In some examples, the request to create the UE context further includes (AS)-related keying material derived by the source NF based on the parent key for the new NAS connection. In some of these examples, sending the NAS container at block 908 comprises sending the NAS container and the AS-related keying material to a target radio access network (RAN) for the target RAN to store the AS-related keying material and forward the NAS container to the UE.
[0128] In some examples, the assigned key set identifier for the new NAS connection is an assigned key set identifier for the NAS connection terminated at the source NF. In some of these examples, creating the new NAS security context by the target NF at block 904 comprises identifying the assigned key set identifier from the request to create the UE context. Also in some of these examples, the information for the new NAS connection in the NAS container includes the assigned key set identifier.
[0129] In some examples, creating the new NAS security context by the target NF at block 904 further comprises identifying a parent key for the NAS connection terminated at the source NF, and using the parent key for the NAS connection terminated at the source NF as a parent key for the new NAS security context.
[0130] In some examples, the source NF is a source mobility management (MM) NF, and the target NF is a target MM NF.
[0131] In some examples, the NAS modules further include an other NAS module associated with an other NAS connection terminated at an other source NF. In some of these examples, the method 900 further includes identifying the other source NF for a handover of the UE from the other source NF to an other target NF, as shown at block 910 of FIG. 9B. Also in some of these examples, the method includes receiving from the other source NF an other NAS container that includes information indicating a NAS type of the other NAS module, and information for the other NAS connection and information for an other new NAS connection to be established with the other NAS module and terminated at the other target NF, as shown at block 912. And the method includes aggregating the NAS container and the other NAS container to send toward the UE for the UE to route the NAS container to the NAS module, and for the UE to route the other NAS container to the other NAS module for the other NAS module to create an other new NAS security context at the other NAS module for the other new NAS connection, as shown at block 914.
[0132] In some examples, the method 900 further includes receiving, from the source MM NF, information that indicates the other source NF. In some of these examples, the other source NF is identified from the information that indicates the other source NF.
[0133] In some examples, the method 900 further includes sending to the other source NF a request to update a NF context in association with the handover of the UE from the other source NF to the other target NF. In some of these examples, receiving the other NAS container comprises receiving from the other source NF an acknowledgement of the request to update the NF context, and the acknowledgement includes the other NAS container.
[0134] FIGS. 10A and 10B are flowcharts illustrating various steps in a method 1000 performed by a user equipment (UE), according to various example implementations. The method includes performing a non-access stratum (NAS) security mode procedure with a source network function (NF) to create a NAS connection that is for the UE and that is terminated at the source NF, as shown at block 1002 of FIG. 10A. The UE includes a NAS module associated with the NAS connection. The method includes receiving, from the source NF, information that indicates a NAS correlation identifier that identifies the NAS connection terminated at the source NF, as shown at block 1004. The method includes receiving a security mode command to trigger a NAS security mode procedure with the target NF in association with a handover of the UE from the source NF to the target NF, the security mode command including the information that indicates the NAS correlation identifier, as shown at block 1006. And the method includes creating, based on the information that indicates the NAS correlation identifier, a new NAS security context for a new NAS connection to be associated with the NAS module and terminated at the target NF, as shown at block 1008.
[0135] In some examples, creating the new NAS security context at block 1008 comprises deriving a parent key for the new NAS security context based on the information that indicates the NAS correlation identifier.
[0136] In some examples, the information that indicates the NAS correlation identifier is received from the source NF with information that indicates a random or constant value. In some of these examples, the parent key for the new NAS security context is derived based on the information that indicates the NAS correlation identifier and the information that indicates the random or constant value.
[0137] In some examples, the information that indicates the NAS correlation identifier and the information that indicates the random or constant value are received from the source NF in a NAS message.
[0138] In some examples, the security mode command further includes information that indicates a random or constant value. In some of these examples, the parent key for the new NAS security context is derived based on the information that indicates the NAS correlation identifier and the information that indicates the random or constant value.
[0139] In some examples, the security mode command is integrity protected, and the method 1000 further includes deriving one or more integrity keys based on the parent key, as shown at block 1010 of FIG. 10B. In some of these examples, the method also includes verifying integrity of the security mode command using the one or more integrity keys, and a downlink NAS count for the NAS connection identified by the NAS correlation identifier, as shown at block 1012.
[0140] FIGS. 11 is a flowchart illustrating various steps in a method 1100 performed by a source network function (NF), according to various example implementations. The method includes performing a non-access stratum (NAS) security mode procedure with a user equipment (UE) to create a NAS connection that is for the UE and that is terminated at the source NF, as shown at block 1102. The UE includes a NAS module associated with the NAS connection. The method includes sending, to the UE, information that indicates a NAS correlation identifier that identifies the NAS connection terminated at the source NF, as shown at block 1104. The method includes selecting a target NF for a handover of the UE from the source NF to the target NF, as shown at block 1106. And the method includes sending at block 1108 a request to transfer a NF context to the target NF in association with the handover, the request to transfer the NF context including the information that indicates the NAS correlation identifier, and information that indicates a parent key for a new NAS connection to be to be associated with the NAS module and terminated at the target NF.
[0141] In some examples, the information that indicates the NAS correlation identifier is sent to the UE together with information that indicates a random or constant value to be used by the UE to derive the parent key for the new NAS connection based on the information that indicates the NAS correlation identifier and the information that indicates the random or constant value.
[0142] In some examples, the method 1100 further includes receiving an acknowledgement from the target NF that indicates the target NF accepts the parent key for the new NAS connection. In some of these examples, the information that indicates the NAS correlation identifier and the information that indicates the random or constant value are sent to the UE in a NAS message triggered by the acknowledgement.
[0143] In some examples, the information that indicates the NAS correlation identifier is sent to the UE during the NAS security mode procedure.
[0144] FIG. 12 is a flowchart illustrating various steps in a method 1200 performed by a target network function (NF), according to various example implementations. The method includes receiving a request to transfer a NF context transfer request in association with a handover of a user equipment (UE) from a source NF to the target NF, as shown at block 1202. The UE includes a NAS module associated with a NAS connection terminated at the source NF, and the request to transfer the NF context includes information that indicates a NAS correlation identifier that identifies the NAS connection terminated at the source NF. The method includes creating a new NAS security context for a new NAS connection to be associated with the NAS module and terminated at the target NF, as shown at block 1204. And the method includes sending, toward the UE, a security mode command to trigger a NAS security procedure with the target NF in association with the handover, the security mode command including the information that indicates the NAS correlation identifier for the UE to create the new NAS security context based on the information that indicates the NAS correlation identifier, as shown at block 1206.
[0145] In some examples, the request to transfer the NF context further includes information that indicates a parent key for the new NAS connection. In some of these examples, the method 1200 further includes making a determination whether to accept the parent key or request a new parent key, and In some of these examples, the new NAS security context is created based on the determination.
[0146] In some examples, the determination is to request a new parent key, and the method 1200 further includes requesting the new parent key from a security key management function.
[0147] In some examples, the determination is to accept the parent key, and the method 1200 further includes sending an acknowledgement to the source NF that indicates the target NF accepts the parent key for the new NAS connection.
[0148] in some examples, the request to transfer the NF context further includes information that indicates a random or constant value. In some of these examples, the security mode command further includes the information that indicates the random or constant value to be used by the UE to derive a parent key for the new NAS connection based on the information that indicates the NAS correlation identifier and the information that indicates the random or constant value.
[0149] According to example implementations of the present disclosure, a telecommunications system 100 or PLMN 102, and its components such as a UE 110, ON 106, RAN 108, RAN node 202, MM 204, SM 206, UPF 208, NFx 210 and / or SKMF 212, may be implemented by various means. Means for implementing thesystem and its components may include hardware, firmware, software, or combinations thereof. In some examples, one or more apparatuses may be configured to function as or otherwise implement the system and its components shown and described herein. In examples involving more than one apparatus, the respective apparatuses may be connected to or otherwise in communication with one another in a number of different manners, such as directly or indirectly via a wired or wireless network or the like.
[0150] According to some example implementations, at least some of the method 800 described with respect to FIGS. 8A - 8D may be carried out by an apparatus comprising means for performing functions corresponding steps of the method. Similarly, at least some of the method 900 described with respect to FIGS, 9A and 9B may be carried out by an apparatus comprising means for performing functions corresponding steps of the method. At least some of the method 1000 described with respect to FIGS. 10A and 10B may be carried out by an apparatus comprising means for performing functions corresponding steps of the method. And at least some of the methods 1100, 1200 described with respect to FIGS. 11 and 12 may be carried out by respective apparatuses comprising means for performing functions corresponding steps of the method. Examples of a suitable apparatus may include a user equipment, user device, user terminal or the like. Other examples of a suitable apparatus may include a network function (e.g., MM, SM, etc.) or any suitable apparatus, such as a server, host or node.
[0151] FIG. 13 illustrates an apparatus 1300 in which means for performing various functions includes hardware, alone or under direction of one or more computer programs from a computer-readable storage medium or other memory, such as computer memory, according to some example implementations of the present disclosure. The apparatus may include one or more of each of a number of components such as, for example, processing circuitry 1302 connected to computer-readable storage medium or other memory 1304.
[0152] The processing circuitry 1302 may be composed of one or more processors alone or in combination with one or more computer-readable storage media. The processing circuitry is generally any piece of computer hardware that is capable of processing information such as, for example, data, computer programs and / or other suitable electronic information. The processing circuitry is composed of a collection of electronic circuits some of which may be packaged as an integrated circuit or multiple interconnected integrated circuits (an integrated circuit at times more commonly referred to as a "chip”). The processing circuitry may be configured to execute computer programs, which may be stored onboard the processing circuitry or otherwise stored in the memory 1304 (of the same or another apparatus).
[0153] The processing circuitry 1302 may be a number of processors, a multi-core processor or some other type of processor, depending on the particular implementation. Further, the processing circuitry may be implemented using a number of heterogeneous processor systems in which a main processor is present with one or more secondary processors on a single chip. As another illustrative example, the processing circuitry may be a symmetric multi-processor system containing multiple processors of the same type. Inyet another example, the processing circuitry may be embodied as or otherwise include one or more ASICs, FPGAs or the like. Thus, although the processing circuitry may be capable of executing a computer program to perform one or more functions, the processing circuitry of various examples may be capable of performing one or more functions without the aid of a computer program. In either instance, the processing circuitry may be appropriately programmed to perform functions or operations according to example implementations of the present disclosure.
[0154] The memory 1304 is generally any piece of computer hardware that is capable of storing information such as, for example, data, computer programs, instructions 1306 (e.g., computer-readable program code) and / or other suitable information either on a temporary basis and / or a permanent basis. The memory may include volatile and / or non-volatile memory, and may be fixed or removable. Examples of suitable memory include recording media, random access memory (RAM), read-only memory (ROM), a hard drive, a flash memory, a thumb drive, a removable computer diskette, an optical disk or some combination thereof.
[0155] The memory 1304 is a non-transitory device capable of storing information. One example of a suitable memory is a computer-readable storage medium, which is distinguishable from a computer-readable transmission medium capable of carrying information from one location to another. Examples of suitable computer-readable transmission media comprise electronic carrier signals, telecommunications signals, or some combination thereof. As used herein, the term "non-transitory” is a limitation of the medium itself (i.e., tangible, not a signal) as opposed to a limitation on data storage persistency (e.g., RAM versus ROM). A computer-readable medium as described herein generally refers to a computer-readable storage medium or computer-readable transmission medium. A computer-readable medium is any entity or device capable in which information, such as one or more computer programs or portions thereof, may be stored and carried.
[0156] In addition to the memory 1304 (e.g., computer-readable storage medium), the processing circuitry 1302 may also be connected to one or more interfaces for displaying, transmitting and / or receiving information. The interfaces may include a communications interface 1308 and / or one or more user interfaces. The communications interface may be configured to transmit and / or receive information, such as to and / or from other apparatus(es), network(s) or the like. The communications interface may be configured to transmit and / or receive information by physical (wired) and / or wireless communications links. Examples of suitable communication interfaces include a network interface controller (NIC), wireless NIC (WNIC) or the like.
[0157] The user interfaces may include a display 1310 and / or one or more user input interfaces 1312. The display may be configured to present or otherwise display information to a user, suitable examples of which include a liquid crystal display (LCD), light-emitting diode (LED) display, organic LED (OLED) display, active-matrix OLED (AMOLED) or the like. The user input interfaces may be wired or wireless, and may beconfigured to receive information from a user into the apparatus, such as for processing, storage and / or display. Suitable examples of user input interfaces include a microphone, image or video capture device, keyboard or keypad, joystick, touch-sensitive surface (separate from or integrated into a touchscreen), biometric sensor or the like. The user interfaces may further include one or more interfaces for communicating with peripherals such as printers, scanners or the like.
[0158] Execution of the instructions 1306 by the processing circuitry 1302, or storage of the instructions in the memory 1304, supports combinations of operations for implementing example implementations of the present disclosure. In this manner, an apparatus 1300 may comprise at least one processing circuitry and at least one memory coupled to the at least one processing circuitry, where the at least one processing circuitry is configured to execute instructions stored in the at least one memory. It will also be understood that one or more functions, and combinations of functions, may be implemented by special purpose hardware-based computer systems and / or processing circuitry which perform the specified functions, or combinations of special purpose hardware and program code instructions.
[0159] Some example implementations of the present disclosure may also be carried out in the form of a computer process defined by one or more computer programs or portions thereof. Example implementations of the present disclosure may be carried out by executing at least one portion of a computer program comprising instructions. The computer program may be in source code form, object code form, or in some intermediate form. The computer program may be stored in a computer-readable medium that is readable by a computer, processing circuitry or other suitable apparatus. As indicated above, for example, the computer program may be stored in a memory, such as a computer-readable storage medium. Additionally or alternatively, for example, the computer program may be stored in a computer-readable transmission medium. The coding of software for carrying out example implementations of the present disclosure is well within the scope of a person of ordinary skill in the art.
[0160] As will be appreciated, any suitable instructions may be loaded onto a computer, a processing circuitry or other programmable apparatus from a memory or a computer-readable medium (e.g., computer-readable storage medium, computer-readable transmission medium) to produce a particular machine, such that the particular machine becomes a means for implementing the functions specified herein. The instructions may also be stored in a computer-readable medium that can direct a computer, a processing circuitry or other programmable apparatus to function in a particular manner to thereby generate a particular machine or particular article of manufacture. In some examples, the instructions stored in the computer-readable medium may produce an article of manufacture, where the article of manufacture becomes a means for implementing functions described herein. The instructions may be retrieved from a computer-readable medium and loaded into a computer, processing circuitry or other programmable apparatus to configure the computer, processing circuitry or other programmable apparatus to execute operations to be performed on or by the computer, processing circuitry or other programmable apparatus.
[0161] Retrieval, loading and execution of instructions comprising program code instructions may be performed sequentially such that one instruction is retrieved, loaded and executed at a time. In some example implementations, retrieval, loading and / or execution may be performed in parallel such that multiple instructions are retrieved, loaded, and / or executed together. Execution of the program code instructions may produce a computer-implemented process such that the instructions executed by the computer, processing circuitry or other programmable apparatus provide operations for implementing functions described herein.
[0162] As explained above and reiterated below, the present disclosure includes, without limitation, the following example implementations.
[0163] Clause 1. A method performed by a user equipment (UE), the method comprising: receiving a handover command to handover the UE from a source network function (NF) to a target NF, wherein the UE includes non-access stratum (NAS) modules associated with respective NAS connections terminated at respective NFs, and wherein the handover command includes a NAS container for a NAS module of the NAS modules that is associated with a NAS connection terminated at the source NF; routing the NAS container to the NAS module, wherein the NAS container includes information for the NAS connection and information for a new NAS connection to be associated with the NAS module and terminated at the target NF; and creating, at the NAS module, a new NAS security context for the new NAS connection based on the information for the NAS connection and the information for the new NAS connection in the NAS container,
[0164] Clause 2. The method of clause 1, wherein the NAS container includes a NAS type of the NAS module, and the NAS container is routed to the NAS module based on the NAS type.
[0165] Clause 3. The method of clause 1 or clause 2, wherein the information for the NAS connection in the NAS container includes information that indicates the assigned key set identifier and information that indicates a downlink NAS count for the NAS connection, and wherein the method further comprises: identifying, based on the assigned key set identifier, a NAS security context for the NAS connection terminated at the source NF; and performing a replay protection procedure based on the downlink NAS count.
[0166] Clause 4. The method of any of clauses 1 to 3, wherein the information for the NAS connection in the NAS container includes information that indicates an assigned key set identifier, and the information for the new NAS connection includes information that indicates integrity and encryption algorithm identifiers for the new NAS connection, and wherein creating the new NAS security context comprises: determining a parent key for the new NAS security context based on the assigned key set identifier; and deriving NAS keys for the new NAS security context based on the parent key and algorithms identified by the integrity and encryption algorithm identifiers.
[0167] Clause 5. The method of any of clauses 1 to 4 further comprising deriving access stratum (AS) keys based on the parent key for the new NAS connection.
[0168] Clause 6. The method of clause 5. wherein the assigned key set identifier for the new NAS connection is a new assigned key set identifier requested by the target NF from a security key management function, and the information for the new NAS connection in the NAS container further includes a change key indicator, and wherein the change key indicator indicates to derive the parent key for the new NAS security context, and the determining the parent key for the new NA S security context comprises deriving the parent key for the new NAS security context based on the new assigned key set identifier.
[0169] Clause 7. The method of clause 5 or clause 6, wherein the assigned key set identifier for the new NAS connection is a key set identifier for the NAS connection terminated at the source NF, and the information for the new NAS connection in the NAS container further includes a change key indicator.
[0170] Clause 8. The method of clause 7, wherein the assigned key set identifier for the NAS connection terminated at the source NF identifies a parent key for the NAS connection terminated at the source NF, and wherein the change key indicator indicates to derive the parent key for the new NAS security context, and the determining the parent key for the new NAS security context comprises horizontally deriving the parent key for the new NAS security context based on the parent key for the NAS connection terminated at the source NF.
[0171] Clause 9. The method of any of clauses 5 to 8, wherein the assigned key set identifier for the new NAS connection is a key set identifier for the NAS connection terminated at the source NF, and wherein the parent key for the new NAS security context is identified by the assigned key set identifier for the NAS connection,
[0172] Clause 10. The method of any of clauses 1 to 9, wherein the source NF and the target NF are mobility management (MM) network functions.
[0173] Clause 11, The method of clause 10, wherein the NAS modules further include an other NAS module associated with an other NAS connection terminated at an other source NF, and the handover command is further a handover command to handover the UE from the other source NF to an other target NF, and wherein the method further comprises: receiving an other NAS container for the other NAS module; routing the other NAS container to the other NAS module, wherein the other NAS container includes information for the other NAS connection and information for an other new NAS connection to be associated with the other NAS module and terminated at the other target NF; and creating, at the other NAS module, an other new NAS security context for the other new NAS connection based on the information for the other NAS connection and the information for the other new NAS connection in the other NAS container.
[0174] Clause 12, An apparatus comprising: at least one memory configured to store instructions: and at least one processing circuitry configured to access the at least one memory, and execute the instructions to cause the apparatus to perform the method of any of clauses 1 to 11.
[0175] Clause 13. An apparatus comprising means for performing the method of any of clauses 1 to 11.
[0176] Clause 14. A computer-readable medium comprising instructions that, in response to execution by at least one processing circuitry, causes an apparatus to perform the method of any of clauses 1 to 11.
[0177] Clause 15, A computer-readable storage medium comprising instructions that, in response to execution by at least one processing circuitry, causes an apparatus to perform the method of any of clauses 1 to i 1.
[0178] Clause 16. A computer program comprising instructions that, in response to execution by at least one processing circuitry, causes an apparatus to perform the method of any of clauses 1 to 11.
[0179] Clause 17. A method performed by a target network function (NF), the method comprising: receiving a request to create a user equipment (UE) context in association with a handover of a UE from a source NF to the target NF, wherein the UE includes non-access stratum (NAS) modules associated with respective NAS connections terminated at respective NFs, and the NAS modules include a NAS module associated with a NAS connection terminated at the source NF; creating a new NAS security context for a new NAS connection to be associated with the NAS module and terminated at the target NF; generating a NAS container including information that indicates a NAS type of the NAS module, and information for the NAS connection and information for the new NAS connection; and sending the NAS container toward the UE for the UE to route the NAS container to the NAS module based on the information that indicates the NAS type, and for the NAS module to create, at the new NAS security context and based on the information for the NAS connection and the information for the new NAS connection, the new NAS security context.
[0180] Clause 18. The method of clause 17, wherein the request to create the UE context includes an assigned key set identifier and a downlink NAS count for the NAS connection terminated at the source NF, and wherein the information for the NAS connection in the NAS container includes information that indicates the assigned key set identifier and information that indicates the downlink NAS count for the NAS connection.
[0181] Clause 19. The method of clause 17 or clause 18, wherein creating the new NAS security context comprises determining an assigned key set identifier for the new NAS connection, and wherein the information for the new NAS connection in the NAS container includes information that indicates the assigned key set identifier for the new NAS connection, and information that indicates integrity and encryption algorithm identifiers for the new NAS connection.
[0182] Clause 20. The method of clause 19, wherein the assigned key set identifier for the new NAS connection is a new assigned key set identifier, and the creating the new NAS security context by the target NF comprises requesting, from a security management function, the new assigned key set identifier and aparent key for the new NAS connection, and wherein the information for the new NAS connection in the NAS container includes the new assigned key set identifier and a change key indicator.
[0183] Clause 21. The method of clause 20, wherein the method further comprises deriving access stratum (AS)-reiated keying material based on the parent key for the new NAS connection, and wherein sending the NAS container comprises sending the NAS container and the AS-reiated keying material to a target radio access network (RAN) for the target RAN to store the AS-related keying material and forward the NAS container to the UE.
[0184] Clause 22. The method of any of clauses 19 to 21, wherein the assigned key set identifier for the new NAS connection is an assigned key set identifier for the NAS connection terminated at the source NF, and creating the new NAS security context by the target NF comprises identifying, from the request to create the UE context, the assigned key set identifier and a parent key for the new NAS security context horizontally derived by the source NF based on a parent key for the NAS connection, and wherein the information for the new NAS connection in the NAS container includes the assigned key set identifier and a change key indicator.
[0185] Clause 23. The method of clause 22, wherein the request to create the UE context further includes (AS)-related keying material derived by the source NF based on the parent key for the new NAS connection, and wherein sending the NAS container comprises sending the NAS container and the AS- related keying material to a target radio access network (RAN) for the target RAN to store the AS-related keying material and forward the NAS container to the UE.
[0186] Clause 24. The method of any of clauses 19 to 23, wherein the assigned key set identifier for the new NAS connection is an assigned key set identifier for the NAS connection terminated at the source NF, and creating the new NAS security context by the target NF comprises identifying the assigned key set identifier from the request to create the UE context, and wherein the information for the new NAS connection in the NAS container includes the assigned key set identifier.
[0187] Clause 25, The method of clause 24, wherein creating the new NAS security context by the target NF further comprises: identifying a parent key for the NAS connection terminated at the source NF: and using the parent key for the NAS connection terminated at the source NF as a parent key for the new NAS security context.
[0188] Clause 26. The method of any of clauses 17 to 25, wherein the source NF is a source mobility management (MM) NF, and the target NF is a target MM NF.
[0189] Clause 27, The method of clause 26, wherein the NAS modules further include an other NA S module associated with an other NAS connection terminated at an other source NF, and wherein the method further comprises: identifying the other source NF for a handover of the UE from the other source NF to an other target NF: receiving from the other source NF an other NAS container that includes information indicating a NAS type of the other NAS module, and information for the other NAS connectionand information for an other new NAS connection to be established with the other NAS module and terminated at the other target NF; and aggregating the NAS container and the other NA S container to send toward the UE for the UE to route the NAS container to the NAS module, and for the UE to route the other NAS container to the other NAS module for the other NAS module to create an other new NAS security context at the other NAS module for the other new NAS connection.
[0190] Clause 28. The method of clause 27, wherein the method further comprises receiving, from the source MM Nr. information that indicates the other source NF, and wherein the other source NF is identified from the information that indicates the other source NF.
[0191] Clause 29. The method of clause 27 or clause 28, wherein the method further comprises sending to the other source NF a request to update a NF context in association with the handover of the UE from the other source NF to the other target NF, and wherein receiving the other NAS container comprises receiving from the other source NF an acknowledgement of the request to update the NF context, wherein the acknowledgement includes the other NAS container.
[0192] Clause 30. An apparatus comprising: at least one memory configured to store instructions; and at least one processing circuitry configured to access the at least one memory, and execute the instructions to cause the apparatus to perform the method of any of clauses 17 to 29.
[0193] Clause 31. An apparatus comprising means for performing the method of any of clauses 17 to 29.
[0194] Clause 32. A computer-readable medium comprising instructions that, in response to execution by at least one processing circuitry, causes an apparatus to perform the method of any of clauses 17 to 29.
[0195] Clause 33. A computer-readable storage medium comprising instructions that, in response to execution by at least one processing circuitry, causes an apparatus to perform the method of any of clauses 17 to 29.
[0196] Clause 34. A computer program comprising instructions that, in response to execution by at least one processing circuitry, causes an apparatus to perform the method of any of clauses 17 to 29.
[0197] Clause 35, A method performed by a user equipment (UE), the method comprising: performing a non-access stratum (NAS) security mode procedure with a source network function (NF) to create a NAS connection that is for the UE and that is terminated at the source NF, wherein the UE includes a NAS module associated with the NAS connection; receiving, from the source NF, information that indicates a NAS correlation identifier that identifies the NAS connection terminated at the source NF; receiving a security mode command to trigger a NAS security mode procedure with the target NF in association with a handover of the UE from the source NF to the target NF, the security mode command including the information that indicates the NAS correlation identifier; and creating, based on the information that indicates the NAS correlation identifier, a new NAS security context for a new NAS connection to be associated with the NAS module and terminated at the target NF.
[0198] Clause 36, The method of clause 35, wherein creating the new NAS security context comprises deriving a parent key for the new NAS security context based on the information that indicates the NAS correlation identifier.
[0199] Clause 37. The method of clause 36, wherein the information that indicates the NAS correlation identifier is received from the source NF with information that indicates a random or constant value, and wherein the parent key for the new NAS security context is derived based on the information that indicates the NAS correlation identifier and the information that indicates the random or constant value.
[0200] Clause 38. The method of clause 37, wherein the information that indicates the NAS correlation identifier and the information that indicates the random or constant value are received from the source NF in a NAS message.
[0201] Clause 39. The method of any of clauses 36 to 38, wherein the security mode command further includes information that indicates a random or constant value, and wherein the parent key for the new NAS security context is derived based on the information that indicates the NAS correlation identifier and the information that indicates the random or constant value.
[0202] Clause 40. The method of any of clauses 36 to 39, wherein the security mode command is integrity protected, and wherein the method further comprises: deriving one or more integrity keys based on the parent key; and verifying integrity of the security mode command using: the one or more integrity keys, and a downlink NAS count for the NAS connection identified by the NAS correlation identifier.
[0203] Clause 41, An apparatus comprising: at least one memory configured to store instructions; and at least one processing circuitry configured to access the at least one memory, and execute the instructions to cause the apparatus to perform the method of any of clauses 33 to 40.
[0204] Clause 42. An apparatus comprising means for performing the method of any of clauses 33 to 40.
[0205] Clause 43. A computer-readable medium comprising instructions that, in response to execution by at least one processing circuitry, causes an apparatus to perform the method of any of clauses 33 to 40.
[0206] Clause 44, A computer-readable storage medium comprising instructions that, in response to execution by at least one processing circuitry, causes an apparatus to perform the method of any of clauses 33 to 40.
[0207] Clause 45. A computer program comprising instructions that, in response to execution by at least one processing circuitry, causes an apparatus to perform the method of any of clauses 33 to 40.
[0208] Clause 46. A method performed by a source network function (NF), the method comprising: performing a non-access stratum (NAS) security mode procedure with a user equipment (UE) to create a NAS connection that is for the UE and that is terminated at the source NF, wherein the UE includes a NAS module associated with the NAS connection; sending, to the UE, information that indicates a NAS correlation identifier that identifies the NAS connection terminated at the source NF; selecting a target NF for a handover of the UE from the source NF to the target NF; and sending a request to transfer a NFcontext to the target NF in association with the handover, the request to transfer the NF context including: the information that indicates the NAS correlation identifier, and information that indicates a parent key for a new NAS connection to be to be associated with the NAS module and terminated at the target NF.
[0209] Clause 47. The method of clause 46, wherein the information that indicates the NAS correlation identifier is sent to the UE together with information that indicates a random or constant value to be used by the UE to derive the parent key for the new NAS connection based on the information that indicates the NAS correlation identifier and the information that indicates the random or constant value.
[0210] Clause 48. The method of clause 47, wherein the method further comprises receiving an acknowledgement from the target NF that indicates the target NF accepts the parent key for the new NAS connection, and wherein the information that indicates the NAS correlation identifier and the information that indicates the random or constant value are sent to the UE in a NAS message triggered by the acknowledgement.
[0211] Clause 49, The method of any of clauses 46 to 48, wherein the information that indicates the NAS correlation identifier is sent to the UE during the NAS security mode procedure.
[0212] Clause 50. An apparatus comprising: at least one memory configured to store instructions; and at least one processing circuitry configured to access the at least one memory, and execute the instructions to cause the apparatus to perform the method of any of clauses 46 to 49.
[0213] Clause 51. An apparatus comprising means for performing the method of any of clauses 46 to 49.
[0214] Clause 52, A computer-readable medium comprising instructions that, in response to execution by at least one processing circuitry, causes an apparatus to perform the method of any of clauses 46 to 49.
[0215] Clause 53. A computer-readable storage medium comprising instructions that, in response to execution by at least one processing circuitry, causes an apparatus to perform the method of any of clauses 46 to 49.
[0216] Clause 54. A computer program comprising instructions that, in response to execution by at least one processing circuitry, causes an apparatus to perform the method of any of clauses 46 to 49.
[0217] Clause 55. A method performed by a target network function (NF), the method comprising: receiving a request to transfer a NF context transfer request in association with a handover of a user equipment (UE) from a source NF to the target NF, wherein the UE includes a NAS module associated with a NAS connection terminated at the source NF, and the request to transfer the NF context includes information that indicates a NAS correlation identifier that identifies the NAS connection terminated at the source NF; creating a new NAS security context for a new NAS connection to be associated with the NAS module and terminated at the target NF; and sending, toward the UE, a security mode command to trigger a NAS security procedure with the target NF in association with the handover, the security mode command including the information that indicates the NAS correlation identifier for the UE to create the new NAS security context based on the information that indicates the NAS correlation identifier.
[0218] Clause 56, The method of clause 55, wherein the request to transfer the NF context further includes information that indicates a parent key for the new NAS connection, wherein the method further comprises making a determination whether to accept the parent key or request a new parent key. and wherein the new NAS security context is created based on the determination.
[0219] Clause 57. The method of clause 56, wherein the determination is to request a new parent key, and the method further comprises requesting the new parent key from a security key management function.
[0220] Clause 58, The method of clause 56 or clause 57, wherein the determination is to accept the parent key, and the method further comprises sending an acknowledgement to the source NF that indicates the target NF accepts the parent key for the new NAS connection.
[0221] Clause 59. The method of any of clauses 55 to 58, wherein the request to transfer the NF context further includes information that indicates a random or constant value, and wherein the security mode command further includes the information that indicates the random or constant value to be used by the UE to derive a parent key for the new NAS connection based on the information that indicates the NAS correlation identifier and the information that indicates the random or constant value.
[0222] Clause 60. An apparatus comprising: at least one memory configured to store instructions; and at least one processing circuitry configured to access the at least one memory, and execute the instructions to cause the apparatus to perform the method of any of clauses 50 to 59.
[0223] Clause 61. An apparatus comprising means for performing the method of any of clauses 50 to 59.
[0224] Clause 62, A computer-readable medium comprising instructions that, in response to execution by at least one processing circuitry, causes an apparatus to perform the method of any of clauses 50 to 59.
[0225] Clause 63. A computer-readable storage medium comprising instructions that, in response to execution by at ieast one processing circuitry, causes an apparatus to perform the method of any of clauses 50 to 59.
[0226] Clause 64. A computer program comprising instructions that, in response to execution by at least one processing circuitry, causes an apparatus to perform the method of any of clauses 50 to 59.
[0227] Many modifications and other implementations of the disclosure set forth herein will come to mind to one skilled in the art to which the disclosure pertains having the benefit of the teachings presented in the foregoing description and the associated figures. Therefore, it is to be understood that the disclosure is not to be limited to the specific implementations disclosed and that modifications and other implementations are intended to be included within the scope of the appended claims. Moreover, although the foregoing description and the associated figures describe example implementations in the context of certain example combinations of elements and / or functions, it should be appreciated that different combinations of elements and / or functions may be provided by alternative implementations without departing from the scope of the appended claims. In this regard, for example, different combinations of elements and / or functions than those explicitly described above are also contemplated as may be set forth in some of the appendedclaims. Although specific terms are employed herein, they are used in a generic and descriptive sense only and not for purposes of limitation.
Claims
WHAT IS CLAIMED IS:
1. A user equipment (UE) comprising:at least one processor; andat least one memory storing instructions which, when executed by the at least one processor, cause the UE to perform operations, the operations comprising:performing a non-access stratum (NAS) security mode procedure with a source network function (NF) to create a NAS connection that is for the UE and that is terminated at the source NF, wherein the UE includes a NAS module associated with the NAS connection;receiving, from the source NF, information that indicates a NAS correlation identifier that identifies the NAS connection terminated at the source NF;receiving a security mode command to trigger a NAS security mode procedure with the target NF in association with a handover of the UE from the source NF to the target NF, the security mode command including the information that indicates the NAS correlation identifier; andcreating, based on the information that indicates the NAS correlation identifier, a new NAS security context for a new NAS connection to be associated with the NAS module and terminated at the target NF.
2. The UE of claim 1, wherein creating the new NAS security context comprises deriving a parent key for the new NAS security context based on the information that indicates the NAS correlation identifier.
3. The UE of claim 2, wherein the information that indicates the NAS correlation identifier is received from the source NF with information that indicates a random or constant value, and wherein the parent key for the new NAS security context is derived based on the information that indicates the NAS correlation identifier and the information that indicates the random or constant value.
4. The UE of claim 3, wherein the information that indicates the NAS correlation identifier and the information that indicates the random or constant value are received from the source NF in a NAS message.
5. The UE of any of claims 2 to 4, wherein the security mode command further includes information that indicates a random or constant value, andwherein the parent key for the new NAS security context is derived based on the information that indicates the NAS correlation identifier and the information that indicates the random or constant value.
6. The UE of any of claims 2 to 5, wherein the security mode command is integrity protected, and wherein the operations further comprise:deriving one or more integrity keys based on the parent key; andverifying integrity of the security mode command using:the one or more integrity keys, anda downlink NAS count for the NAS connection identified by the NAS correlation identifier.
7. A source network function (NF) configured to perform operations, the operations comprising:performing a non-access stratum (NAS) security mode procedure with a user equipment (UE) to create a NAS connection that is for the UE and that is terminated at the source NF, wherein the UE includes a NAS module associated with the NAS connection;sending, to the UE, information that indicates a NAS correlation identifier that identifies the NAS connection terminated at the source NF;selecting a target NF for a handover of the UE from the source NF to the target NF; and sending a request to transfer a NF context to the target NF in association with the handover, the request to transfer the NF context including:the information that indicates the NAS correlation identifier, andinformation that indicates a parent key for a new NAS connection to be to be associated with the NAS module and terminated at the target NF.
8. The source NF of claim 7, wherein the information that indicates the NAS correlation identifier is sent to the UE together with information that indicates a random or constant value to be used by the UE to derive the parent key for the new NAS connection based on the information that indicates the NAS correlation identifier and the information that indicates the random or constant value.
9. The source NF of claim 8, wherein the operations further comprise receiving an acknowledgement from the target NF that indicates the target NF accepts the parent key for the new NAS connection, andwherein the information that indicates the NAS correlation identifier and the information that indicates the random or constant value are sent to the UE in a NAS message triggered by the acknowledgement.
10. The source NF of any of claims 7 to 9, wherein the information that indicates the NAS correlation identifier is sent to the UE during the NAS security mode procedure.
11. A target network function (NF configured to perform operations, the operations comprising: receiving a request to transfer a NF context transfer request in association with a handover of a user equipment (UE) from a source NF to the target NF, wherein the UE includes a NAS module associated with a NAS connection terminated at the source NF, and the request to transfer the NF context includes information that indicates a NAS correlation identifier that identifies the NAS connection terminated at the source NF;creating a new NAS security context for a new NAS connection to be associated with the NAS module and terminated at the target NF; andsending, toward the UE, a security mode command to trigger a NAS security procedure with the target NF in association with the handover, the security mode command including the information that indicates the NAS correlation identifier for the UE to create the new NAS security context based on the information that indicates the NAS correlation identifier.
12. The target NF of claim 11, wherein the request to transfer the NF context further includes information that indicates a parent key for the new NAS connection,wherein the operations further comprise making a determination whether to accept the parent key or request a new parent key, and wherein the new NAS security context is created based on the determination.
13. The target NF of claim 12, wherein the determination is to request a new parent key, and the operations further comprise requesting the new parent key from a security key management function.
14. The target NF of claim 12 or claim 13, wherein the determination is to accept the parent key, and the operations further comprise sending an acknowledgement to the source NF that indicates the target NF accepts the parent key for the new NAS connection.
15. The target NF of any of claims 11 to 14, wherein the request to transfer the NF context further includes information that indicates a random or constant value, andwherein the security mode command further includes the information that indicates the random or constant value to be used by the UE to derive a parent key for the new NAS connection based on the information that indicates the NAS correlation identifier and the information that indicates the random or constant value.