Downlink routing of non-access stratum (NAS) modules in a modular nas

The modular NAS architecture optimizes routing of NAS messages by using UE RRC, UE NAS routing, or UE MM NAS modules based on NAS type information, addressing inefficiencies in existing systems and enhancing system flexibility and compatibility.

WO2026133024A1PCT designated stage Publication Date: 2026-06-25NOKIA TECHNOLOGIES OY

Patent Information

Authority / Receiving Office
WO · WO
Patent Type
Applications
Current Assignee / Owner
NOKIA TECHNOLOGIES OY
Filing Date
2025-12-11
Publication Date
2026-06-25

Smart Images

  • Figure IB2025062763_25062026_PF_FP_ABST
    Figure IB2025062763_25062026_PF_FP_ABST
Patent Text Reader

Abstract

A method performed by a user equipment (UE) is provided. The method includes receiving a non-access stratum (NAS) container for the UE. The UE includes UE NAS modules associated with NAS connections terminated at respective network functions in a serving network. The NAS container contains payload information that is ciphered and integrity protected, and routing information that is integrity protected only, and the routing information indicates a NAS type of a respective UE NAS module of the UE NAS modules. The method includes reading the routing information that indicates the NAS type to determine the respective UE NAS module, and routing the NAS container to the respective UE NAS module. The NAS container is routed to a UE mobility management (MM) NAS module to process or further route the NAS container to the respective UE NAS module when the respective UE NAS module is another UE NAS module.
Need to check novelty before this filing date? Find Prior Art

Description

DOWNLINK ROUTING OF NON-ACCESS STRATUM (NAS) MODULES IN A MODULAR NAS TECHNOLOGICAL FIELD

[0001] The present disclosure relates generally to telecommunications and, in particular, to a modular non-access stratum (NAS) in a telecommunications system.BACKGROUND

[0002] A telecommunications system can be seen as a facility that enables communication sessions between two or more entities such as user terminals, base stations and / or other nodes by providing carriers between the various entities involved in the communications path. A telecommunications system can be provided for example by means of a communication network and one or more compatible communication devices. The communication sessions may comprise, for example, communication of data for carrying communications such as voice, video, electronic mail (email), text message, multimedia and / or content data and so on. Non-limiting examples of services provided comprise two-way or multi-way calls, data communication or multimedia services and access to a data network system, such as the Internet.

[0003] In a wireless telecommunications system, at least a part of a communication session between at least two stations occurs over a wireless link. Examples of wireless telecommunications systems comprise public land mobile networks (PLMN), satellite based communication systems and different wireless local networks, for example wireless local area networks (WLAN). Some wireless systems can be divided into cells, and are therefore often referred to as cellular systems.

[0004] A user can access the telecommunications system by means of an appropriate communication device or terminal. A communication device of a user may be referred to as user equipment (UE) or user device. A communication device is provided with an appropriate signal receiving and transmitting apparatus for enabling communications, for example enabling access to a communication network or communications directly with other users. The communication device may access a carrier provided by a station, for example a base station of a cell, and transmit and / or receive communications on the carrier.

[0005] The telecommunications system and associated devices typically operate in accordance with a given standard or specification which sets out what the various entities associated with the communication system are permitted to do and how operations should be achieved. Communication protocols and / or parameters which shall be used for connection of the various entities are also typically defined. One example of a telecommunications system is the Universal Mobile Telecommunications System (UMTS). Other examples of telecommunications systems are Long-Term Evolution (LTE), LTE Advanced and the so-called 5G or New Radio (NR) networks. NR is being standardized by the 3rd Generation Partnership Project (3GPP).BRIEF SUMMARY

[0006] Example implementations of the present disclosure are directed to telecommunications and, in particular, to a modular non-access stratum (NAS) in a telecommunications system. The present disclosure includes, without limitation, the following example implementations.

[0007] Some example implementations provide an apparatus comprising: at least one processor; and at least one memory storing instructions of a user equipment (UE), the instructions when executed by the at least one processor causing the apparatus to perform operations, the operations comprising: receiving a non-access stratum (NAS) container, wherein the UE includes UE NAS modules associated with NAS connections terminated at respective network functions in a serving network, and the NAS container is received with associated information indicates a NAS type of a respective UE NAS module of the UE NAS modules; reading the associated information that indicates the NAS type to determine the respective UE NAS module; and routing the NAS container to the respective UE NAS module based on the associated information.

[0008] Some example implementations provide a method performed by a user equipment (UE), the method comprising: receiving a non-access stratum (NAS) container, wherein the UE includes UE NAS modules associated with NAS connections terminated at respective network functions in a serving network, and the NAS container is received with associated information indicates a NAS type of a respective UE NAS module of the UE NAS modules; reading the associated information that indicates the NAS type to determine the respective UE NAS module; and routing the NAS container to the respective UE NAS module based on the associated information.

[0009] Some example implementations provide an apparatus comprising: at least one processor; and at least one memory storing instructions, the instructions when executed by the at least one processor causing the apparatus to perform operations, the operations comprising: receiving or generating a non-access stratum (NAS) container for a user equipment (UE), wherein the UE includes UE NAS modules associated with NAS connections terminated at respective network functions in a serving network, and the NAS container contains routing information that indicates a NAS type of a respective UE NAS module of the UE NAS modules; generating associated information from the routing information that indicates the NAS type of the respective UE NAS module; and sending the NAS container with the associated information that indicates the NAS type toward the UE for the UE to route the NAS container to the respective UE NAS module based on the associated information.

[0010] Some example implementations provide a method comprising: receiving or generating a non-access stratum (NAS) container for a user equipment (UE), wherein the UE includes UE NAS modules associated with NAS connections terminated at respective network functions in a serving network, and the NAS container contains routing information that indicates a NAS type of a respective UE NAS module of the UE NAS modules; generating associated information from the routing information that indicates theNAS type of the respective UE NAS module; and sending the NAS container with the associated information that indicates the NAS type toward the UE for the UE to route the NAS container to the respective UE NAS module based on the associated information.

[0011] Some example implementations provide an apparatus comprising: at least one processor; and at least one memory storing instructions of a user equipment (UE), the instructions when executed by the at least one processor causing the apparatus to perform operations, the operations comprising: receiving a non-access stratum (NAS) container for the UE at a UE NAS routing layer, wherein the UE includes UE NAS modules associated with NAS connections terminated at respective network functions in a serving network, wherein the NAS container contains payload information that is ciphered and integrity protected, and routing information that is integrity protected only, and wherein the routing information indicates a NAS type of a respective UE NAS module of the UE NAS modules; reading the routing information that indicates the NAS type to determine the respective UE NAS module; and routing the NAS container to the respective UE NAS module based on the routing information.

[0012] Some example implementations provide a method performed by a user equipment (UE), the method comprising: receiving a non-access stratum (NAS) container for the UE at a UE NAS routing layer, wherein the UE includes UE NAS modules associated with NAS connections terminated at respective network functions in a serving network, wherein the NAS container contains payload information that is ciphered and integrity protected, and routing information that is integrity protected only, and wherein the routing information indicates a NAS type of a respective UE NAS module of the UE NAS modules; reading the routing information that indicates the NAS type to determine the respective UE NAS module; and routing the NAS container to the respective UE NAS module based on the routing information.

[0013] Some example implementations provide an apparatus comprising: at least one processor; and at least one memory storing instructions, the instructions when executed by the at least one processor causing the apparatus to perform operations, the operations comprising: receiving or generating a non-access stratum (NAS) container for a user equipment (UE), wherein the UE includes UE NAS modules associated with NAS connections terminated at respective network functions in a serving network, wherein the NAS container contains payload information that is ciphered and integrity protected, and routing information that is integrity protected only, and wherein the routing information indicates a NAS type of a respective UE NAS module of the UE NAS modules; and sending the NAS container toward the UE for a UE NAS routing layer to route the NAS container to the respective UE NAS module based on the routing information that indicates the NAS type of the respective UE NAS module.

[0014] Some example implementations provide a method comprising: receiving or generating a non-access stratum (NAS) container for a user equipment (UE), wherein the UE includes UE NAS modules associated with NAS connections terminated at respective network functions in a serving network, wherein the NAS container contains payload information that is ciphered and integrity protected, and routinginformation that is integrity protected only, and wherein the routing information that indicates a NAS type of a respective UE NAS module of the UE NAS modules; and sending the NAS container toward the UE for a UE NAS routing layer to route the NAS container to the respective UE NAS module based on the routing information that indicates the NAS type of the respective UE NAS module.

[0015] Some example implementations provide an apparatus comprising: at least one processor; and at least one memory storing instructions of a user equipment (UE), the instructions when executed by the at least one processor causing the apparatus to perform operations, the operations comprising: receiving a non-access stratum (NAS) container for the UE, wherein the UE includes UE NAS modules associated with NAS connections terminated at respective network functions in a serving network, wherein the NAS container contains payload information that is ciphered and integrity protected, and routing information that is integrity protected only, and wherein the routing information indicates a NAS type of a respective UE NAS module of the UE NAS modules; reading the routing information that indicates the NAS type to determine the respective UE NAS module; and routing the NAS container to the respective UE NAS module, wherein the NAS container is routed to a UE mobility management (MM) NAS module to process when the respective UE NAS module is the UE MM NAS module, or for the UE MM NAS module to further route the NAS container to the respective UE NAS module when the respective UE NAS module is another UE NAS module.

[0016] Some example implementations provide a method performed by a user equipment (UE), the method comprising: receiving a non-access stratum (NAS) container for the UE, wherein the UE includes UE NAS modules associated with NAS connections terminated at respective network functions in a serving network, wherein the NAS container contains payload information that is ciphered and integrity protected, and routing information that is integrity protected only, and wherein the routing information indicates a NAS type of a respective UE NAS module of the UE NAS modules; reading the routing information that indicates the NAS type to determine the respective UE NAS module; and routing the NAS container to the respective UE NAS module, wherein the NAS container is routed to a UE mobility management (MM) NAS module to process when the respective UE NAS module is the UE MM NAS module, or for the UE MM NAS module to further route the NAS container to the respective UE NAS module when the respective UE NAS module is another UE NAS module.

[0017] Some example implementations provide an apparatus comprising: at least one processor; and at least one memory storing instructions, the instructions when executed by the at least one processor causing the apparatus to perform operations, the operations comprising: receiving or generating a non-access stratum (NAS) container for a user equipment (UE), wherein the UE includes UE NAS modules associated with NAS connections terminated at respective network functions in a serving network, wherein the NAS container contains payload information that is ciphered and integrity protected, and routing information that is integrity protected only, and wherein the routing information indicates a NAS type of arespective UE NAS module of the UE NAS modules; and sending the NAS container toward the UE for the UE to route the NAS container to the respective UE NAS module based on the routing information that indicates the NAS type of the respective UE NAS module, wherein the NAS container is sent toward the UE for a UE mobility management (MM) NAS module to process when the respective UE NAS module is the UE MM NAS module, or for the UE MM NAS module to route the NAS container to the respective UE NAS module when the respective UE NAS module is another UE NAS module.

[0018] Some example implementations provide a method comprising: receiving or generating a non-access stratum (NAS) container for a user equipment (UE), wherein the UE includes UE NAS modules associated with NAS connections terminated at respective network functions in a serving network, wherein the NAS container contains payload information that is ciphered and integrity protected, and routing information that is integrity protected only, and wherein the routing information indicates a NAS type of a respective UE NAS module of the UE NAS modules; and sending the NAS container toward the UE for the UE to route the NAS container to the respective UE NAS module based on the routing information that indicates the NAS type of the respective UE NAS module, wherein the NAS container is sent toward the UE for a UE mobility management (MM) NAS module to process when the respective UE NAS module is the UE MM NAS module, or for the UE MM NAS module to route the NAS container to the respective UE NAS module when the respective UE NAS module is another UE NAS module.

[0019] These and other features, aspects, and advantages of the present disclosure will be apparent from a reading of the following detailed description together with the accompanying figures, which are briefly described below. The present disclosure includes any combination of two, three, four or more features or elements set forth in this disclosure, regardless of whether such features or elements are expressly combined or otherwise recited in a specific example implementation described herein. The present disclosure is intended to be read holistically such that any separable features or elements of the disclosure, in any of its aspects and example implementations, should be viewed as combinable unless the context of the disclosure clearly dictates otherwise.

[0020] It will therefore be appreciated that this Brief Summary is provided merely for purposes of summarizing some example implementations so as to provide a basic understanding of some aspects of the disclosure. Accordingly, it will be appreciated that the above described example implementations are merely examples and should not be construed to narrow the scope or spirit of the disclosure in any way. Other example implementations, aspects and advantages will become apparent from the following detailed description taken in conjunction with the accompanying figures which illustrate, by way of example, the principles of some described example implementations.BRIEF DESCRIPTION OF THE FIGURE(S)

[0021] Having thus described example implementations of the disclosure in general terms, reference will now be made to the accompanying figures, which are not necessarily drawn to scale, and wherein:

[0022] FIG. 1 illustrates a telecommunications system that includes one or more public land mobile networks (PLMNs) coupled to one or more external data networks, according to some example implementations of the present disclosure;

[0023] FIG. 2 illustrates a deployment of a PLMN, according to some example implementations;

[0024] FIG. 3 illustrates a modular network access stratum (NAS) architecture, according to some example implementations;

[0025] FIG. 4 illustrates a first solution for a modular NAS architecture in which downlink NAS containers may be routed from a user equipment (UE) radio resource control (RRC) layer directly to a respective UE NAS module in a NAS layer, according to some example implementations;

[0026] FIG. 5 illustrates a second solution for a modular NAS architecture in which downlink NAS containers may be routed via a NAS routing layer, according to some example implementations;

[0027] FIG. 6 illustrates a third solution for a modular NAS architecture in which downlink NAS containers may be routed via a UE mobility management (MM) NAS module, according to some example implementations;

[0028] FIG. 7 is a signaling chart of a procedure for routing a downlink NAS container from the UE RRC layer directly to a respective UE NAS module, according to the first solution of some example implementations;

[0029] FIG. 8 is a signaling chart of a procedure for routing a downlink NAS container via a NAS routing layer, according to the second solution of some example implementations;

[0030] FIG. 9 is a signaling chart of a procedure for routing a downlink NAS container via a UE MM NAS module, according to the third solution of some example implementations;

[0031] FIGS. 10, 11, 12, 13, 14 and 15 are flowcharts illustrating various steps in methods according to various example implementations; and

[0032] FIG. 16 illustrates an apparatus according to some example implementations.DETAILED DESCRIPTION

[0033] Some implementations of the present disclosure will now be described more fully hereinafter with reference to the accompanying figures, in which some, but not all implementations of the disclosure are shown. Indeed, various implementations of the disclosure may be embodied in many different forms and should not be construed as limited to the implementations set forth herein; rather, these example implementations are provided so that this disclosure will be thorough and complete, and will fully conveythe scope of the disclosure to those skilled in the art. Like reference numerals refer to like elements throughout.

[0034] Unless specified otherwise or clear from context, references to first, second or the like should not be construed to imply a particular order. A feature described as being above another feature (unless specified otherwise or clear from context) may instead be below, and vice versa; and similarly, features described as being to the left of another feature else may instead be to the right, and vice versa. Also, while reference may be made herein to quantitative measures, values, geometric relationships or the like, unless otherwise stated, any one or more if not all of these may be absolute or approximate to account for acceptable variations that may occur, such as those due to engineering tolerances or the like.

[0035] As used herein, unless specified otherwise or clear from context, the "or” of a set of operands is the "inclusive or” and thereby true if and only if one or more of the operands is true, as opposed to the "exclusive or” which is false when all of the operands are true. Thus, for example, "[A] or [B]” is true if [A] is true, or if [B] is true, or if both [A] and [B] are true. Further, the articles "a” and "an” mean "one or more,” unless specified otherwise or clear from context to be directed to a singular form. Furthermore, it should be understood that unless otherwise specified, the terms "data,” "content,” "digital content,” "information,” and similar terms may be at times used interchangeably. The term "network” may refer to a group of interconnected computers including clients and servers; and within a network, these computers may be interconnected directly or indirectly by various means including via one or more switches, routers, gateways, access points or the like.

[0036] The present disclosure discusses systems and architectures that, while specific terms may be used, are broadly applicable across various technologies. For instance, while the present disclosure may reference technologies from 3GPP such as Global System for Mobile Communications (GSM), UMTS, LTE, LTE Advanced, 5G NR, 5G Advanced, and 6G, the present disclosure is equally relevant to non-3GPP technologies like IEEE 802, Bluetooth, and Bluetooth Low Energy. Example implementations of the present disclosure described herein also mention public land mobile networks (PLMNs) and mobile network operators (MNOs), but example implementations are similarly applicable to standalone non-public networks (SNPNs) and the private entities operating these networks. Furthermore, although some examples and figures focus on radio access networks (RANs) and 3GPP access, example implementations are applicable to any type of network access. This includes not only 5G or 6G 3GPP access but also non-3GPP access, such as wireline access, untrusted non-3GPP access, and trusted non-3GPP access using wireless access gateway function (W-AGF), non-3GPP interworking function (N3IWF), or trusted non-3GPP gateway function (TNGF) to connect to a 5G or 6G core network.

[0037] Further, as used in this application, the term "circuitry” may refer to one or more or all of the following: (a) hardware-only circuit implementations (such as implementations in only analog and / or digital circuitry); (b) combinations of hardware circuits and software, such as (as applicable): (i) a combination ofanalog and / or digital hardware circuit(s) with software / firmware and (ii) any portions of hardware processor(s) with software (including digital signal processor(s)), software, and memory(ies) that work together to cause an apparatus, such as a mobile phone or server, to perform various functions); or (c) hardware circuit(s) and / or processor(s), such as a microprocessor(s) or a portion of a microprocessor(s), that requires software (e.g., firmware) for operation, but the software may not be present when it is not needed for operation.

[0038] The above definition of circuitry applies to all uses of this term in this application, including in any claims. As a further example, as used in this application, the term circuitry also covers an implementation of merely a hardware circuit or processor (or multiple processors) or portion of a hardware circuit or processor and its (or their) accompanying software and / or firmware. The term circuitry also covers, for example and if applicable to the particular claim element, a baseband integrated circuit or processor integrated circuit for a mobile device or a similar integrated circuit in server, a cellular network device, or other computing or network device.

[0039] FIG. 1 illustrates a telecommunications system 100 according to various example implementations of the present disclosure. The telecommunications system generally includes one or more telecommunications networks. As shown, for example, the system includes one or morePLMNs 102 coupled to one or more other external data networks 104 - notably including a wide area network (WAN) such as the Internet. As will be appreciated, a PLMN may be deployed in a number of different manners. Some deployments of 4G LTE and 5G NR in particular are considered standalone (SA) deployments. Other deployments combine 4G LTE and 5G technologies, and are referred to as non-standalone (NSA) deployments.

[0040] Each of the PLMNs 102 includes a core network (CN) 106 backbone, such as the Evolved Packet Core (EPC) of 4G LTE, the 5G core network (5GC) (at times referred to as the NGC) of 5G NR, and the 6G core network (6GC) of 6G; and each of the core networks and the Internet are coupled to one or more RANs 108, air interfaces or the like that implement one or more radio access technologies (RATs).Examples of these RANs include the evolved UMTS terrestrial radio access network (E-UTRAN) of 4G LTE, the next generation (NG) radio access network (NG-RAN) of 5G NR, and the 6G RAN. As used herein, a "network device” refers to any suitable device at a network side of a telecommunications network. Examples of suitable network devices are described in greater detail below.

[0041] Examples of RATs include 3GPP radio access technologies such as GSM, CDMA2000 1xEV-DO (HRPD), CDMA2000 1x (1xRTT), UTRA, E-UTRA, 5G NR, 5G Advanced, and 6G. Other examples of RATs include IEEE 802 technologies such as IEEE 802.11 (Wi-Fi), IEEE 802.15 (including 802.15.1 (WPAN / Bluetooth), 802.15.4 (Zigbee) and 802.15.6 (WBAN)), Bluetooth, Bluetooth Low Energy (BLE), ultra wideband (UWB), and the like. Generally, a RAT may refer to any 2G, 3G, 4G, 5G, 6G or higher generationRAT and their different versions, as well as to any other RAT that may be arranged to interwork with such a mobile communication technology to provide access to the CN 106 of a MNO.

[0042] The telecommunications system 100 also includes one or more radio units that may be varyingly known as user equipment (UE) 110, terminal device, terminal equipment, mobile station or the like. The UE is generally a device configured to communicate with a network device or a further UE in a telecommunications network. The UE may be a portable computer (e.g., laptop, notebook, tablet computer), mobile phone (e.g., cell phone, smartphone), wearable computer (e.g., smartwatch), or the like. In other examples, the UE may be an Internet of things (loT) device, an industrial loT (lloT device), a vehicle equipped with a vehicle-to-everything (V2X) communication technology, or the like. In some examples, as referenced by 3GPP, the UE may be a narrowband loT (NB-loT) device, an enhanced machine-type communication (eMTC) device, a reduced capability (RedCap) device, an ambient loT device, or the like.

[0043] In operation, these UEs 110 may connect to one or more of the RANs 108 according to their particular RATs to thereby access a particular CN 106 of a PLMN 102, or to access one or more of the external data networks 104 (e.g., the Internet). The external data network may provide Internet access, operator services, 3rd party services, etc. For example, the International Telecommunication Union (ITU) has classified 5G mobile network services into three categories: enhanced mobile broadband (eMBB), ultra-reliable and low-latency communications (URLLC), and massive machine type communications (mMTC) or massive internet of things (MIoT).

[0044] In various examples, a RAN 108 may be configured as one or more macrocells, microcells, picocells, femtocells or the like. The RAN may generally include one or more RAN nodes that interact with UEs 110. In various examples, a RAN node may be referred to as a base station (BS), access point (AP), base transceiver station (BTS), Node B (NB), evolved NB (eNB), macro BS, NB (MNB) or eNB (MeNB), home BS, NB (HNB) or eNB (HeNB), next generation NB (gNB), enhanced gNB (en-gNB), next generation eNB (ng-eNB), 6G NB (6g NB), or the like. The term 'gNB' in 5G NR may correspond to the eNB in 4G LTE. Also, a NG-RAN node may refer to a gNB or a ng-eNB. And unless otherwise specified, a gNB in 5G NR or a 6gNB in 6G may at times be more generally referred to as a gNB or a (6)gNB.

[0045] The RAN 108 may include some type of network controlling / governing entity responsible for control of the RAN nodes. The network controlling / governing entity and RAN node may be separate or integrated into a single apparatus. The network controlling / governing entity may include processing circuity configured to carry out various management functions, etc. The processing circuity may be associated with a memory, computer-readable storage medium or database for maintaining information required in the management functions.

[0046] FIG. 2 illustrates a deployment of a PLMN 102, such as a 5G NR deployment or a 6G deployment. As shown, the RAN 108 (e.g., NG-RAN, 6G RAN) includes one or more gNBs 202 (RAN nodes) configuredto connect one or more UEs 110 to the RAN to thereby access the CN 106 (e.g., 5GC, 6GC). In some deployments, operations of a gNB or other a RAN node may be distributed or functionally split into components including one or more remote radio head (RRHs) or radio units (RUs), and a baseband unit (BBU); and in some architectures, the BBU may be split into a central / centralized unit (CU) (central node) and a distributed unit (DU) (distributed node). The CU may be, for example, a server, host or node. In some architectures, the RRH / RU and DU may be collocated. It is also possible that node operations may be distributed among a plurality of servers, hosts or nodes.

[0047] It should also be understood that the distribution of work between core network operations and RAN node operations may vary depending on implementation. A 5G network architecture may be based on a so-called CU-DU split. One gNB-CU (a CU) may control one or more gNB-DUs (DUs). The gNB-CU may control a plurality of spatially separated gNB-DUs, acting at least as transmit / receive (Tx / Rx) nodes. In some example implementations, however, the gNB-DUs may include, for example, a radio link control (RLC), medium access control (MAC) layer and a physical (PHY) layer, whereas the gNB-CU may include the layers above the RLC layer, such as a packet data convergence protocol (PDCP) layer, a radio resource control (RRC), and an internet protocol (IP) layer. Other functional splits are also possible. It is considered that skilled person is familiar with the OSI model and the functionalities within each layer.

[0048] In some example implementations, the server or CU may generate a virtual network through which the server communicates with the radio node. In general, virtual networking may involve a process of combining hardware and software network resources and network functionality into a single, softwarebased administrative entity, a virtual network. Such virtual network may provide flexible distribution of operations between the server and the radio head / node. In practice, any digital signal processing task may be performed in either the CU or the DU, and the boundary where the responsibility is shifted between the CU and the DU may be selected according to implementation.

[0049] The CN 106 may include a number of network functions (NFs) divided between the control plane (CP) and the user plane (UP). In particular, the CN may include, for example, NFs for mobility management (MM) 204 (at times referred to as a MM NF) and session management (SM) 206 (at times referred to as a SM NF), as well as a user plane function (UPF) 208. The MM may be, for example, an access and mobility management function (AMF) in the 5GC, or a 6G MM in the 6GC. Similarly, the SM may be, for example, a session management function (SMF) in the 5GC, or a 6G SM in the 6GC. Another example is a NF for location management (LM) 210 (at times referred to as a LM NF). The LM may be, for example, a location management function (LMF) in the 5GC, or a 6G LM in the 6GC. Other examples of suitable NFs 212 include a network exposure function (NEF), a policy and charging function (PCF), a network repository function (NRF), a network slice selection function (NSSF), a unified data management (UDM), a network data analytics function (NWDAF), or the like. As described, NFx or XX NF may be used to refer to a core network NF, such as an MM, SM, UPF, LM, or any of a number of other NFs.

[0050] In 3GPP, communication between the UE 110, RAN 108 and CN 108 is guided by protocols organized in layers of a radio protocol stack, and these protocols include a non-access stratum (NAS) protocol at the NAS layer of the radio protocol stack. The NAS layer operates between the UE and the CN, and the NAS layer at each includes a NAS module that performs one or more functions within the NAS layer. The NAS protocol is monolithic ("one size fits all” approach). UEs must support all basic NAS modules. The consequence is a single protocol supported by the UE with a single NAS security termination in the CN.

[0051] As an enhancement, a modular and distributed NAS with distributed security termination may a enables high-degree of orthogonality in the UE and CN. Synergies with modular 6G RRC design may therefore be more easily possible with the modular and distributed NAS. An independent design of NAS modules, such as MM and SM NAS modules, may lead to high flexibility when introducing new functions and allowing independent testing of NAS modules. This independent design may also support easier market take off. Optimal and tailored support of future use cases may also be allowed for a variety of different UE types, such as UEs for enterprise, loT, ambient loT, public safety, timing, positioning, sensing, high-end devices with extended reality (XR) I artificial intelligence (Al) capabilities, and the like.

[0052] FIG. 3 illustrates a modular NAS architecture 300, according to some example implementations. As shown, a UE 110 includes a number of NAS modules (at times referred to as UE NAS modules) associated with NAS connections 302 terminated corresponding NAS modules at respective NFs, such as the MM 204, SM 206 and NFx 212. These NAS connections may have terminating end points 304 at the UE NAS modules and terminating end points 306 at the corresponding NAS modules at the respective NFs. The modular NAS architecture may have various architecture options for routing NAS messages. In an option A, the MM 204 may act as a relay for NAS messages between the UE and the respective NFs at which the NAS connections are terminated; and in an option B, a dedicated NF may act as a relay of the NAS messages. In an option C, the RAN 108 may interact directly with the respective NFs at which the NAS connections are terminated using the service based interface (SBI) framework.

[0053] The modular NAS architecture 300 assumes the UE NAS modules are independent, which implies for a downlink (DL) NAS message, the UE 110 needs to be able to route a NAS message, such as a NAS container, to the correct UE NAS module. However, there is currently no means by which the UE may forward a NAS message to the correct UE NAS module.

[0054] In view of the foregoing, example implementations of the present disclosure provide solutions for the various modular NAS architecture options A, B, C to ensure that downlink NAS containers or other NAS messages are appropriately routed to the correct the UE NAS modules in an optimized manner. According to some example implementations, the UE RRC layer may route a NAS container to the correct NAS module within the UE. In some other example implementations, the UE RRC layer may forward the NAS container to a UE NAS routing layer which routes the NAS container to the correct UE NAS module. And insome other example implementations, UE RRC layer may forward a NAS container to a UE MM NAS module which may either process the NAS container (i.e., a MM NAS container) and / or forward the NAS container to the correct UE NAS module.

[0055] According to some example implementations, a NF (e.g., MM 204, SM 206, NFx 212) terminating a NAS connection 302 with a UE NAS module of a UE 110 may provide routing information that indicates a NAS type (e.g., MM, SM, XX) of the UE NAS module, such as a NAS type information element (IE). In some examples, the routing information may also identify the NF, such as by a NF instance identifier (ID). An NF may generate and send a NAS container including the routing information to the MM (or dedicated NF) which may relay the NAS container towards the RAN 108 (e.g., RAN RRC layer) which may forward the NAS container to the UE for the UE to route the NAS container to the UE NAS module based on the routing information. The MM may also generate and relay NAS containers generated by the MM itself.

[0056] In various examples, the RAN 108 may include the NAS type IE directly in the UE RRC layer or simply forward the NAS container (including the NAS type IE within the NAS container) to the UE RRC layer. The UE RRC layer may in some examples forward the NAS container to the correct NAS module based on NAS type IE. The UE RRC layer may in other examples forward the NAS container to the UE NAS routing layer to forward to the correct NAS module based on the NAS type information. And in yet other examples, the UE RRC layer may forward the NAS container to the UE MM NAS module to forward to the correct NAS module based on the NAS type information.

[0057] FIGS. 4, 5 and 6 illustrate respective solutions for a modular NAS architecture in which downlink NAS containers (or other NAS messages) may be routed to the correct NAS module. FIG. 4 illustrates a first solution 400 in which downlink NAS containers may be routed from a UE RRC layer directly to a respective UE NAS module in a NAS layer, according to some example implementations. As shown and described in greater detail below with reference to FIG. 7, in this first solution, the RAN 108 (RAN RRC layer 402) may include the NAS type IE as an RRC IE (associating the NAS type IE to the given NAS container), and the UE RRC layer 404 may directly use the RRC IE for routing the NAS container towards the appropriate UE NAS module 406 within the UE 110.

[0058] FIG. 5 illustrates a second solution 500 in which downlink NAS containers may be routed via a NAS routing layer, according to some example implementations. As shown and described in greater detail below with reference to FIG. 8, in this second solution, the RAN 108 (RAN RRC layer 402) may simply forward the received NAS containers to the UE RRC layer 404 which may forward the NAS containers to the UE NAS routing layer 502. The UE NAS routing layer may determine the appropriate UE NAS module 406 for each NAS container based on the NAS type IE within the NAS container, and forward the NAS container to the appropriate UE NAS module.

[0059] FIG. 6 illustrates a third solution 600 for a modular NAS architecture in which downlink NAS containers or other NAS messages may be routed via a UE MM NAS module, according to some exampleimplementations. As shown and described in greater detail below with reference to FIG. 9, in this third solution, the RAN 108 (RAN RRC layer 402) may simply forward the received NAS containers to the UE RRC layer 404 which may forward the NAS containers to the UE MM NAS module 406A. The UE MM NAS module may determine the appropriate UE NAS module 406 for each NAS container based on the NAS type IE within the NAS container, and either process the NAS container itself (if the NAS type IE corresponds to MM) or simply forward the NAS container to the appropriate UE NAS module if the NAS type IE does not correspond to MM NAS module.

[0060] FIG. 7 is a signaling chart 700 of a procedure for routing a downlink NAS container from the UE RRC layer 404 directly to a respective UE NAS module 406, according to the first solution of some example implementations. As shown, a MM 204 may construct an MM NAS container that includes routing information (Rmm) and MM data. The MM data may be ciphered or otherwise encrypted, and the (Rmm + MM data) may be integrity protected. The Rmm may be integrity protected only, and present in clear text. In this context and as used herein, integrity protected only means being integrity protected but not also ciphered or otherwise encrypted. The Rmm may include various information as required, such as NAS type information (NAS type = MM), as well as a MM security context identifier, etc. The MM 204 may at step 701 send the SM NAS container and the NAS type information (NAS type=SM) from the Rmm to the RAN 108.

[0061] The RAN 108 may populate the MM NAS container into an RRC message that includes the NAS type information (NAS type = MM) populated into an RRC IE (NAS Type). The RAN may at step 702 send the RRC message to the UE RRC layer 404 of the UE 110. In cases in which the RAN receives multiple NAS containers, the order of the NAS type information in the RRC IE (NAS type) may in some examples correspond to the order of the NAS containers in the RRC message.

[0062] The UE RRC layer 404 may use the information in the RRC IE (NAS type) to determine which UE NAS module to forward the corresponding NAS container from the RRC message. In this example, the UE RRC layer may at step 703 forward the MM NAS container in the RRC message to the UE MM NAS module 406A based on the NAS type information (NAS Type = MM) in the RRC IE (NAS type). The UE MM NAS module may read the Rmm to determine the associated security context identifier and perform a security check of the MM NAS container. The MM NAS container may decrypt the content and also check integrity of the MM NAS container.

[0063] As also shown, a SM 206 may construct an SM NAS container that includes routing information (Rsm) and SM data. The SM data may be ciphered or otherwise encrypted, and the (Rsm + SM data) may be integrity protected but Rsm is present in clear text (integrity protected only). The Rsm may include various information as required, such as NAS type information (NAS type = SM), as well as a SM security context identifier, etc. The SM may at step 704 send the NAS container to the MM 204.

[0064] The MM 204 may obtain the NAS type information (NAS type=SM) from Rsm. The MM may at step 705 send the SM NAS container and the NAS type information (NAS type=SM) obtained from the Rsm to the RAN 108.

[0065] The RAN 108 may include the received SM NAS container and the NAS type information (NAS type = SM) populated into an RRC IE (NAS Type) within a RRC message. The RAN may at step 706 send the RRC message to the UE RRC layer 404 of the UE 110. In cases in which the RAN receives multiple NAS containers, the order of the NAS type information in the RRC IE (NAS type) may in some examples correspond to the order of the NAS containers in the RRC message.

[0066] The UE RRC layer 404 may use the information in the RRC IE (NAS type) to determine which UE NAS module to forward the corresponding NAS container from the RRC message. In this example, the UE RRC layer may at step 707 forward the SM NAS container in the RRC message to the UE SM NAS module 406B based on the NAS type information (NAS Type = SM) in the RRC IE (NAS type). The UE SM NAS module may read the Rsm to determine the associated security context identifier and perform a security check of the SM NAS container. In addition, the UE SM NAS module may look into the aKSI to determine the correct SM instance context, which the UE SM NAS module may use to locate the corresponding security context, decrypt the content and also check integrity of the SM NAS container.

[0067] FIG. 8 is a signaling chart 800 of a procedure for routing a downlink NAS container via a NAS routing layer, according to the second solution of some example implementations. As shown, the MM 204 may construct an MM NAS container, such as in the same or similar manner as described above with reference to FIG. 7. The MM NAS container may include routing information (Rmm) and MM data. The MM data may be ciphered or otherwise encrypted, and the (Rmm + MM data) may be integrity protected only (i.e., Rmm in the clear). The Rmm may include various information as required, such as NAS type information (NAS type = MM), as well as a MM security context identifier, etc.

[0068] As shown at step 801, the MM 204 may send the NAS container to the RAN 108. The RAN may populate the MM NAS container into an RRC message, and send the RRC message to the UE RRC layer 404. And the UE RRC layer may simply forward the MM NAS container (and all NAS containers as is) to the UE NAS routing layer 502.

[0069] The UE NAS routing layer 502 may read the NAS type information (NAS type = MM) from the Rmm, and the UE NAS routing layer may at step 802 forward the MM NAS container to the UE MM NAS module 406A. The UE MM NAS module may read the Rmm to determine the associated security context identifier and perform a security check of the MM NAS container. The MM NAS container may decrypt the content and also check integrity of the MM NAS container.

[0070] As also shown, the SM 206 may construct an SM NAS container, such as in the same or similar manner as described above with reference to FIG. 7. The SM NAS container may include routing information (Rsm) and SM data. The SM data may be ciphered or otherwise encrypted, and the (Rsm + SMdata) may be integrity protected and ensure Rsm is in the clear text. The Rsm may include various information as required, such as NAS type information (NAS type = SM), as well as a SM security context identifier, etc.

[0071] As shown at step 803, the SM 206 may send the SM NAS container to the MM 204, and the MM may transparently forward the SM NAS container to the RAN 108. The RAN may populate the SM NAS container into an RRC message, and send the RRC message to the UE RRC layer 404. And the UE RRC layer may send the SM NAS container (and all NAS containers by default) to the UE NAS routing layer 502.

[0072] The UE NAS routing layer 502 may read the NAS type information (NAS type = SM) from the Rsm, and the UE NAS routing layer may at step 804 forward the SM NAS container to the UE SM NAS module 406B. The UE SM NAS module may read the Rsm to determine the associated security context identifier and perform a security check of the SM NAS container. In addition, the UE SM NAS module may look into the aKSI to determine the correct SM instance context, which the UE SM NAS module may use to locate the corresponding security context, decrypt the content and also check integrity of the SM NAS container.

[0073] Also shown at steps 805, 806 is the construction and routing of a LM NAS container from the LM 210 to the UE, at which the LM NAS container may be routed by the UE NAS routing layer 502 to the UE LM NAS module 406C. These steps may be performed similar to steps 803, 804 for the SM NAS container.

[0074] FIG. 9 is a signaling chart 900 of a procedure for routing a downlink NAS container via the UE MM NAS 406A module, according to the third solution of some example implementations. As shown, the MM 204 may construct an MM NAS container that includes routing information (Rmm) and MM data. The MM may protect the MM NAS container with MM keys (encryption, integrity). As shown at step 901, the MM 204 may send the NAS container to the RAN 108. The RAN may populate the MM NAS container into an RRC message, and send the RRC message to the UE RRC layer 404. And the UE RRC layer may send the MM NAS container (and all NAS containers by default) to the UE MM NAS module 406A.

[0075] The UE MM NAS module 406A may decrypt the MM NAS container. The UE MM NAS module may read the Rmm to determine the associated security context identifier and perform a security check of the MM NAS container. The MM NAS container may decrypt the content and also check integrity of the MM NAS container.

[0076] As also shown, again, the SM 206 may construct an SM NAS container, such as in the same or similar manner as described above with reference to FIG. 7. The SM NAS container may include routing information (Rsm) and SM data. The SM data may be ciphered and the (Rsm + SM data) may be integrity protected, with Rsm being integrity protected only (i.e., Rsm in the clear). The Rsm may include various information as required, such as NAS type information (NAS type = SM), as well as a SM security context identifier, etc.

[0077] As shown at step 902, the SM 206 may send the SM NAS container to the MM 204, and the MM may create a MM NAS container including the Rsm (and perhaps also Rmm) and protect the MM NAScontainer with the MM keys. The MM may send both the SM NAS Container and MM NAS container to the RAN 108. The RAN may populate the MM NAS container and the SM NAS container into an RRC message, and send the RRC message to the UE RRC layer 404. And the UE RRC layer may send the MM NAS container and the SM NAS container to the UE MM NAS module 406A.

[0078] The UE MM NAS module 406A may decrypt the MM NAS container and read the NAS type information (NAS Type = SM) from the Rsm. The UE MM NAS module may then at step 903 forward the SM NAS container to the UE SM NAS module 406B. The UE SM NAS module may read the Rsm to determine the associated security context identifier and perform a security check of the SM NAS container. In addition, the UE SM NAS module may look into the aKSI to determine the correct SM instance context, which the UE SM NAS module may use to locate the corresponding security context, decrypt the content and also check integrity of the SM NAS container.

[0079] Also shown at steps 904, 905 is the construction and routing of a LM NAS container from the LM 210 to the UE, at which the LM NAS container may be routed by the UE MM NAS module 406A to the UE LM NAS module 406C. These steps may be performed similar to steps 902, 903 for the SM NAS container.

[0080] In some example implementations of one or more of the solutions described above, a UE NAS module 406 may supports multiple parallel entities. This may be the case, for example for a UE SM NAS module 406B that has multiple active PDU sessions terminated across different SMs 206. In some of these examples, the UE NAS module (e.g., UE SM NAS module) may have multiple different security contexts and identifiers (e.g. aKSI-1, aKSI-2, etc). In this case, the routing information for a NAS container for the UE NAS module may also include a specific security context identifier, aKSI to identify the appropriate UE SM context amongst the UE SM modules within the UE.

[0081] FIG. 10 is a flowchart illustrating various steps in a method 1000 performed by a user equipment (UE), according to various example implementations. The method includes receiving a non-access stratum (NAS) container, as shown at block 1002. The UE includes UE NAS modules associated with NAS connections terminated at respective network functions in a serving network, and the NAS container is received with associated information indicates a NAS type of a respective UE NAS module of the UE NAS modules. The method includes reading the associated information that indicates the NAS type to determine the respective UE NAS module, as shown at block 1004. And the method includes routing the NAS container to the respective UE NAS module based on the associated information, as shown at block 1006.

[0082] In some examples, the NAS container and the associated information that indicates the NAS type of the respective UE NAS module are received at block 1002 at a UE radio resource control (RRC) layer, and the associated information that indicates the NAS type is RRC information. In some of these examples, the NAS container is routed to the respective UE NAS module at block 1006 by the UE RRC layer based on the associated information available in the RRC layer that indicates the NAS type.

[0083] In some examples, the NAS container is received at block 1002 from a mobility management (MM) network function.

[0084] In some examples, the respective UE NAS module is associated with one of the NAS connections terminated at a corresponding NAS network function of the respective network functions. In some of these examples, the NAS container is from the corresponding NAS network function.

[0085] In some examples, the NAS container contains payload information that is ciphered and integrity protected, and routing information that is integrity protected only. In some of these examples, the routing information indicates the NAS type of the respective UE NAS module.

[0086] In some examples, the routing information also includes information that identifies a NAS security context for one of the NAS connections associated with the respective UE NAS module and terminated at a corresponding NAS network function of the respective network functions. In some of these examples, the method further includes performing a security check of the NAS container based on the information that identifies the NAS security context for the one of the NAS connections.

[0087] In some examples, the respective UE NAS module is a UE session management (SM) NAS module, and the corresponding NAS network function is a corresponding SM network function. In some of these examples, the information that identifies the NAS security context identifies a NAS security context for the one of the NAS connections associated with the UE SM NAS module and terminated at the corresponding SM network function.

[0088] FIG. 11 is a flowchart illustrating various steps in a method 1100 according to various example implementations. The method includes receiving or generating a non-access stratum (NAS) container for a user equipment (UE), as shown at block 1102. The UE includes UE NAS modules associated with NAS connections terminated at respective network functions in a serving network, and the NAS container contains routing information that indicates a NAS type of a respective UE NAS module of the UE NAS modules. The method includes generating associated information from the routing information that indicates the NAS type of the respective UE NAS module, as shown at block 1104. And the method includes sending the NAS container with the associated information that indicates the NAS type toward the UE for the UE to route the NAS container to the respective UE NAS module based on the associated information, as shown at block 1106.

[0089] In some examples, the NAS container further contains payload information that is ciphered and integrity protected, and In some of these examples, the routing information is integrity protected only.

[0090] In some examples, the NAS container and the associated information that indicates the NAS type of the respective UE NAS module are sent to a radio access network (RAN) at block 1106. In some of these examples, the NAS container and the associated information that indicates the NAS type are sent at block 1106 for the RAN RRC layer to forward the NAS container and the associated information to a UE RRC layer for the UE RRC layer to route to the respective UE NAS module, and In some of these examples, theassociated information that indicates the NAS type is forwarded by the RAN RRC layer as RRC information.

[0091] In some examples, the method is performed at a mobility management (MM) network function.

[0092] In some examples, the respective UE NAS module is associated with one of the NAS connections terminated at a corresponding NAS network function of the respective network functions. In some of these examples, the NAS container is received from or generated by the corresponding NAS network function at block 1102.

[0093] In some examples, the routing information also includes information that identifies a NAS security context for the one of the NAS connections associated with the respective UE NAS module and terminated at the corresponding NAS network function.

[0094] In some examples, the respective UE NAS module is a UE session management (SM) NAS module, and the corresponding NAS network function is a corresponding SM network function. In some of these examples, the information that identifies the NAS security context identifies a NAS security context for the one of the NAS connections associated with the UE SM NAS module and terminated at the corresponding SM network function.

[0095] FIG. 12 is a flowchart illustrating various steps in a method 1200 performed by a user equipment (UE), according to various example implementations. The method includes receiving a non-access stratum (NAS) container for the UE at a UE NAS routing layer, as shown at block 1202. The UE includes UE NAS modules associated with NAS connections terminated at respective network functions in a serving network, and the NAS container contains payload information that is ciphered and integrity protected, and routing information that is integrity protected only. The routing information indicates a NAS type of a respective UE NAS module of the UE NAS modules. The method includes reading the routing information that indicates the NAS type to determine the respective UE NAS module, as shown at block 1204. And the method includes routing the NAS container to the respective UE NAS module based on the routing information, as shown at block 1206.

[0096] In some examples, the NAS container is received at block 1202 from a mobility management (MM) network function.

[0097] In some examples, the respective UE NAS module is associated with one of the NAS connections terminated at a corresponding NAS network function of the respective network functions. In some of these examples, the NAS container is from the corresponding NAS network function.

[0098] In some examples, the routing information also includes information that identifies a NAS security context for the one of the NAS connections associated with the respective UE NAS module and terminated at the corresponding NAS network function. In some of these examples, the method 1200 further includes performing a security check of the NAS container based on the information that identifies the NAS security context for the one of the NAS connections.

[0099] In some examples, the respective UE NAS module is a UE session management (SM) NAS module, and the corresponding NAS network function is a corresponding SM network function. In some of these examples, the information that identifies the NAS security context identifies a NAS security context for the one of the NAS connections associated with the UE SM NAS module and terminated at the corresponding SM network function.

[0100] FIG. 13 is a flowchart illustrating various steps in a method 1300 according to various example implementations. The method includes receiving or generating a non-access stratum (NAS) container for a user equipment (UE), as shown at block 1302. The UE includes UE NAS modules associated with NAS connections terminated at respective network functions in a serving network. The NAS container contains payload information that is ciphered and integrity protected, and routing information that is integrity protected only, and the routing information indicates a NAS type of a respective UE NAS module of the UE NAS modules. The method also includes sending the NAS container toward the UE for a UE NAS routing layer to route the NAS container to the respective UE NAS module based on the routing information that indicates the NAS type of the respective UE NAS module, as shown at block 1304.

[0101] in some examples, the method 1300 is performed at a mobility management (MM) network function.

[0102] in some examples, the respective UE NAS module is associated with one of the NAS connections terminated at a corresponding NAS network function of the respective network functions, in some of these examples, the NAS container is received from or generated by the corresponding NAS network function at block 1302.

[0103] in some examples, the routing information also includes information that identifies a NAS security context for the one of the NAS connections associated with the respective UE NAS module and terminated at the corresponding NAS network function.

[0104] In some examples, the respective UE NAS module is a UE session management (SM) NAS module, and the corresponding NAS network function is a corresponding SM network function, in some of these examples, the information that identifies the NAS security context identifies a NAS security context for the one of the NAS connections associated with the UE SM NAS module and terminated at the corresponding SM network function.

[0105] FIG. 14 is a flowchart illustrating various steps in a method 1400 performed by a user equipment (UE), according to various example implementations. The method includes receiving a non-access stratum (NAS) container for the UE, as shown at block 1402. The UE includes UE NAS modules associated with NAS connections terminated at respective network functions in a serving network. The NAS container contains payload information that is ciphered and integrity protected, and routing information that is integrity protected only, and the routing information indicates a NAS type of a respective UE NAS module of the UE NAS modules. The method includes reading the routing information that indicates the NAS type to determine the respective UE NAS module, as shown at block 1404. And the method includes routing theNAS container to the respective UE NAS module, as shown at block 1406. The NAS container is routed to a UE mobility management (MM) NAS module to process when the respective UE NAS module is the UE MM NAS module, or for the UE MM NAS module to further route the NAS container to the respective UE NAS module when the respective UE NAS module is another UE NAS module,

[0106] In some examples, the NAS container is received at block 1402 from a MM network function.

[0107] In some examples, the respective UE NAS module is associated with one of the NAS connections terminated at a corresponding NAS network function of the respective network functions, in some of these examples, the NAS container is from the corresponding NAS network function.

[0108] In some examples, the routing information also includes information that identifies a NAS security context for the one of the NAS connections associated with the respective UE NAS module and terminated at the corresponding NAS network function, in some of these examples, the method further includes performing a security check of the NAS container based on the information that identifies the NAS security context for the one of the NAS connections.

[0199] In some examples, the respective UE NAS module is a UE session management (SM) NAS module, and the corresponding NAS network function is a corresponding SM network function, in some of these examples, the information that identifies the NAS security context identifies a NAS security context for the one of the NAS connections associated with the UE SM NAS module and terminated at the corresponding SM network function.

[0110] FIG. 15 is a flowchart illustrating various steps in a method 1500 according to various example implementations. The method includes receiving or generating a non-access stratum (NAS) container for a user equipment (UE), as shown at block 1502. The UE includes UE NAS modules associated with NAS connections terminated at respective network functions in a serving network. The NAS container contains payload information that is ciphered and integrity protected, and routing information that is integrity protected only, and the routing information indicates a NAS type of a respective UE NAS module of the UE NAS modules. The method also includes sending the NAS container toward the UE for the UE to route the NAS container to the respective UE NAS module based on the routing information that indicates the NAS type of the respective UE NAS module, as shown at block 1504. The NAS container is sent toward the UE for a UE mobility management (MM) NAS module to process when the respective UE NAS module is the UE MM NAS module, or for the UE MM NAS module to route the NAS container to the respective UE NAS module when the respective UE NAS module is another UE NAS module.

[0111] In some examples, the method 1500 is performed at a mobility management (MM) network function.

[0112] In some examples, the respective UE NAS module is associated with one of the NAS connections terminated at a corresponding NAS network function of the respective network functions, In some of these examples, the NAS container is received from or generated by the corresponding NAS network function at block 1502.

[0113] In some examples, the routing information also includes information that identifies a NAS security context for the one of the NAS connections associated with the respective UE NA S module and terminated at the corresponding NAS network function.

[0114] in some examples, the respective UE NAS module is a UE session management (SM) NAS module, and the corresponding NAS network function is a corresponding SM network function. In some of these examples, the information that identifies the NAS security context identifies a NAS security context for the one of the NAS connections associated with the UE SM NAS module and terminated at the corresponding SM network function.

[0115] According to example implementations of the present disclosure, a telecommunications system 100 or PLMN 102, and its components such as a UE 110, ON 106, RAN 106, RAN node 202, MM 204, SM 206, UPF 208, LM 210 and / or NFx 212, may be implemented by various means. Means for implementing the system and its components may include hardware, firmware, software, or combinations thereof. In some examples, one or more apparatuses may be configured to function as or otherwise implement the system and its components shown and described herein, in exampies involving more than one apparatus, the respective apparatuses may be connected to or otherwise in communication with one another in a number of different manners, such as directly or indirectly via a wired or wireiess network or the like.

[0116] According to some example implementations, at least some of the methods 1000 and 1 00 described with respect to FIG. 10 and FIG. 11 may be carried out by respective apparatuses comprising means for performing functions corresponding steps of the methods. Similarly, at least, some of the methods 1200 and 1300 described with respect to FIG. 12 and FIG. 13 may be carried out by respective apparatuses comprising means for performing functions corresponding steps of the methods. At least some of the methods 1400 and 1500 described with respect to FIG, 14 and FIG. 15 may be carried out by respective apparatuses comprising means for performing functions corresponding steps of the methods. Examples of a suitable apparatus may include a user equipment, user device, user terminal or the like. Other examples of a suitable apparatus may include a network function (e.g., MM, SM, etc.) or any suitable apparatus, such as a server, host or node.

[0117] FIG. 16 illustrates an apparatus 1600 in which means for performing various functions includes hardware, alone or under direction of one or more computer programs from a computer-readable storage medium or other memory, such as computer memory, according to some example implementations of the present disclosure. The apparatus may include one or more of each of a number of components such as, for example, processing circuitry 1602 connected to computer-readable storage medium or other memory 1604.

[0118] The processing circuitry 1602 may be composed of one or more processors alone or in combination with one or more computer-readable storage media. The processing circuitry is generally any piece of computer hardware that is capable of processing information such as, for example, data, computerprograms and / or other suitable electronic information. The processing circuitry is composed of a collection of electronic circuits some of which may be packaged as an integrated circuit or multiple interconnected integrated circuits (an integrated circuit at times more commonly referred to as a “chip”). The processing circuitry may be configured to execute computer programs, which may be stored onboard the processing circuitry or otherwise stored in the memory 1604 (of the same or another apparatus).

[0119] The processing circuitry 1602 may be a number of processors, a multi-core processor or some other type of processor, depending on the particular implementation. Further, the processing circuitry may be implemented using a number of heterogeneous processor systems in which a main processor is present with one or more secondary processors on a single chip. As another illustrative example, the processing circuitry may be a symmetric multi-processor system containing multiple processors of the same type. In yet another example, the processing circuitry may be embodied as or otherwise include one or more ASICs, FPGAs or the like. Thus, although the processing circuitry may be capable of executing a computer program to perform one or more functions, the processing circuitry of various examples may be capable of performing one or more functions without the aid of a computer program. In either instance, the processing circuitry may be appropriately programmed to perform functions or operations according to example implementations of the present disclosure.

[0120] The memory 1604 is generally any piece of computer hardware that is capable of storing information such as, for example, data, computer programs, instructions 1606 (e.g., computer-readable program code) and / or other suitable information either on a temporary basis and / or a permanent basis. The memory may include volatile and / or non-volatile memory, and may be fixed or removable. Examples of suitable memory include recording media, random access memory (RAM), read-only memory (ROM), a hard drive, a flash memory, a thumb drive, a removable computer diskette, an optical disk or some combination thereof.

[0121] The memory 1604 is a non-transitory device capable of storing information. One example of a suitable memory is a computer-readable storage medium, which is distinguishable from a computer-readable transmission medium capable of carrying information from one location to another. Examples of suitable computer-readable transmission media comprise electronic carrier signals, telecommunications signals, or some combination thereof. As used herein, the term “non-transitory” is a limitation of the medium itself (i.e., tangible, not a signal) as opposed to a limitation on data storage persistency (e.g., RAM versus ROM). A computer-readable medium as described herein generally refers to a computer-readable storage medium or computer-readable transmission medium. A computer-readable medium is any entity or device capable in which information, such as one or more computer programs or portions thereof, may be stored and carried.

[0122] In addition to the memory 1604 (e.g., computer-readable storage medium), the processing circuitry 1602 may also be connected to one or more interfaces for displaying, transmitting and / or receivinginformation, The interfaces may include a communications interface 1608 and / or one or more user interfaces. The communications interface may be configured to transmit and / or receive information, such as to and / or from other apparatus(es), network(s) or the like. The communications interface may be configured to transmit and / or receive information by physical (wired) and / or wireless communications links. Examples of suitable communication interfaces include a network interface controller (NIC), wireless MIC (WNIC) or the like.

[0123] The user interfaces may include a display 1610 and / or one or more user input interfaces 1612. The display may be configured to present or otherwise display information to a user, suitable examples of which include a liquid crystal display (LCD), light-emitting diode (LED) display, organic LED (OLED) display, active-matrix OLED (AMOLED) or the like. The user input interfaces may be wired or wireless, and may be configured to receive information from a user into the apparatus, such as for processing, storage and / or display. Suitable examples of user input interfaces include a microphone, image or video capture device, keyboard or keypad, joystick, touch-sensitive surface (separate from or integrated into a touchscreen), biometric sensor or the like. The user interfaces may further include one or more interfaces for communicating with peripherals such as printers, scanners or the like.

[0124] Execution of the instructions 1606 by the processing circuitry 1602, or storage of the instructions in the memory 1604, supports combinations of operations for implementing example implementations of the present disclosure. In this manner, an apparatus 1600 may comprise at least one processing circuitry and at least one memory coupled to the at least one processing circuitry, where the at least one processing circuitry is configured to execute instructions stored in the at least one memory, it will also be understood that one or more functions, and combinations of functions, may be implemented by special purpose hardware-based computer systems and / or processing circuitry which perform the specified functions, or combinations of special purpose hardware and program code instructions.

[0125] Some example implementations of the present disclosure may also be carried out in the form of a computer process defined by one or more computer programs or portions thereof. Example implementations of the present disclosure may be carried out by executing at least one portion of a computer program comprising instructions. The computer program may be in source code form, object code form, or in some intermediate form. The computer program may be stored in a computer-readable medium that is readable by a computer, processing circuitry or other suitable apparatus. As indicated above, for example, the computer program may be stored in a memory, such as a computer-readable storage medium. Additionally or alternatively, for example, the computer program may be stored in a computer-readable transmission medium. The coding of software for carrying out example implementations of the present disclosure is well within the scope of a person of ordinary skill in the art.

[0126] As will be appreciated, any suitable instructions may be loaded onto a computer, a processing circuitry or other programmable apparatus from a memory or a computer-readable medium (e.g., computer-readable storage medium, computer-readable transmission medium) to produce a particular machine, such that the particular machine becomes a means for implementing the functions specified herein. The instructions may also be stored in a computer-readable medium that can direct a computer, a processing circuitry or other programmable apparatus to function in a particular manner to thereby generate a particular machine or particular article of manufacture. In some examples, the instructions stored in the computer-readable medium may produce an article of manufacture, where the article of manufacture becomes a means for implementing functions described herein, The instructions may be retrieved from a computer-readable medium and loaded into a computer, processing circuitry or other programmable apparatus to configure the computer, processing circuitry or other programmable apparatus to execute operations to be performed on or by the computer, processing circuitry or other programmable apparatus,

[0127] Retrieval, loading and execution of instructions comprising program code instructions may be performed sequentially such that one instruction is retrieved, loaded and executed at a time. In some example implementations, retrieval, loading and / or execution may be performed in parallel such that multiple instructions are retrieved, loaded, and / or executed together. Execution of the program code instructions may produce a computer-implemented process such that the instructions executed by the computer, processing circuitry or other programmable apparatus provide operations for implementing functions described herein.

[0128] As explained above and reiterated below, the present disclosure includes, without limitation, the following example implementations,

[0129] Clause 1. A method performed by a user equipment (UE), the method comprising: receiving a non- access stratum (NAS) container, wherein the UE includes UE NAS modules associated with NAS connections terminated at respective network functions in a serving network, and the NAS container is received with associated information indicates a MAS type of a respective UE NAS module of the UE NAS modules: reading the associated information that indicates the NAS type to determine the respective UE NAS module: and routing the NAS container to the respective UE NAS module based on the associated information.

[0130] Clause 2. The method of clause 1, wherein the NAS container and the associated information that indicates the NAS type of the respective UE NAS module are received at a UE radio resource control (RRC) layer, and the associated information that indicates the NAS type is RRC information, and wherein the NAS container is routed to the respective UE NAS module by the UE RRC layer based on the associated information available in the RRC layer that indicates the NAS type.

[0131] Clause 3. The method of clause 1 or ciause 2, wherein the NAS container is received from a mobility management (MM) network function.

[0132] Clause 4. The method of any of clauses 1 to 3, wherein the respective UE NAS module is associated with one of the NAS connections terminated at a corresponding NAS network function of therespective network functions, end wherein the NAS container is from the corresponding NAS network function.

[0133] Clause 5. The method of any of clauses 1 to 4, wherein the NAS container contains payload information that is ciphered and integrity protected, and routing information that is integrity protected only, and wherein the routing information indicates the NAS type of the respective UE NAS module.

[0134] Clause 6. The method of clause 5, wherein the routing information also includes information that identifies a NAS security context for one of the NAS connections associated with the respective UE NAS module and terminated at a corresponding NAS network function of the respective network functions, and wherein the method further comprises performing a security check of the NAS container based on the information that identifies the NAS security context for the one of the NAS connections.

[0135] Clause 7. The method of clause 6, wherein the respective UE NAS module is a UE session management (SM) NAS module, and the corresponding NAS network function is a corresponding SM network function, and wherein the information that identifies the NAS security context identifies a NAS security context for the one of the NAS connections associated with the UE SM NAS module and terminated at the corresponding SM network function,

[0136] Clause 8. An apparatus comprising: at least one memory configured to store instructions: and at least one processing circuitry configured to access the at least one memory, and execute the instructions to cause the apparatus to perform the method of any of clauses 1 to 7.

[0137] Clause 9. An apparatus comprising means for performing the method of any of clauses 1 to 7.

[0138] Clause 10. A computer-readable medium comprising instructions that, in response to execution by at least one processing circuitry, causes an apparatus to perform the method of any of clauses 1 to 7.

[0139] Clause 11. A computer-readable storage medium comprising instructions that, in response to execution by at ieast one processing circuitry, causes an apparatus to perform the method of any of clauses 1 to 7.

[0140] Clause 12, A computer program comprising instructions that, in response to execution by at least one processing circuitry, causes an apparatus to perform the method of any of clauses 1 to 7.

[0141] Clause 13. A method comprising: receiving or generating a non-access stratum (NAS) container for a user equipment (UE), wherein the UE includes UE NAS modules associated with NAS connections terminated at respective network functions in a serving network, and the NAS container contains routing information that indicates a NAS type of a respective UE NAS module of the UE NAS modules; generating associated information from the routing information that indicates the NAS type of the respective UE NAS module: and sending the NAS container with the associated information that indicates the NAS type toward the UE for the UE to route the NAS container to the respective UE NAS module based on the associated information.

[0142] Clause 14, The method of clause 13, wherein the NAS container further contains payload information that is ciphered and integrity protected, and wherein the routing information is integrity protected only.

[0143] Clause 15. The method of clause 13 or clause 14, wherein the NAS container and the associated information that indicates the NAS type of the respective UE NAS module are sent to a radio access network (RAN), and wherein the NAS container and the associated information that indicates the NAS type are sent for the RAN RRC layer to forward the NAS container and the associated information to a UE RRC layer for the UE RRC layer to route to the respective UE NAS module, and wherein the associated information that indicates the NAS type is forwarded by the RAN RRC layer as RRC information.

[0144] Clause 16. The method of any of clauses 13 to 15, wherein the method is performed at a mobility management (MM) network function.

[0145] Clause 17. The method of any of clauses 13 to 16, wherein the respective UE NAS module is associated with one of the NAS connections terminated at a corresponding NAS network function of the respective network functions, and wherein the NAS container is received from or generated by the corresponding NAS network function.

[0146] Clause 18. The method of clause 17, wherein the routing information also includes information that identifies a NAS security context for the one of the NAS connections associated with the respective UE NAS module and terminated at the corresponding NAS network function.

[0147] Clause 19, The method of clause 18, wherein the respective UE NAS module is a UE session management (SM) NAS module, and the corresponding NAS network function is a corresponding SM network function, and wherein the information that identifies the NAS security context identifies a NAS security context for the one of the NAS connections associated with the UE SM NAS module and terminated at the corresponding SM network function.

[0148] Clause 20. An apparatus comprising: at least one memory configured to store instructions: and at least one processing circuitry configured to access the at least one memory, and execute the instructions to cause the apparatus to perform the method of any of clauses 13 to 19.

[0149] Clause 21. An apparatus comprising means for performing the method of any of clauses 13 to 19.

[0150] Clause 22. A computer-readable medium comprising instructions that, in response to execution by at least one processing circuitry, causes an apparatus to perform the method of any of clauses 13 to 19.

[0151] Clause 23. A computer-readable storage medium comprising instructions that, in response to execution by at least one processing circuitry, causes an apparatus to perform the method of any of clauses 13 to 19.

[0152] Clause 24. A computer program comprising instructions that, in response to execution by at least one processing circuitry, causes an apparatus to perform the method of any of clauses 13 to 19.

[0153] Clause 25, A method performed by a user equipment (UE), the method comprising: receiving a non-access stratum (NAS) container for the UE at a UE NAS routing layer, wherein the UE includes UE NAS modules associated with NAS connections terminated at respective network functions in a serving network, wherein the NAS container contains payload information that is ciphered and integrity protected, and routing information that is integrity protected only, and wherein the routing information indicates a NAS type of a respective UE NAS module of the UE NAS modules; reading the routing information that indicates the NAS type to determine the respective UE NAS module; and routing the NAS container to the respective UE MAS module based on the routing information.

[0154] Clause 26. The method of clause 25, wherein the NAS container is received from a mobility management (MM) network function,

[0155] Clause 27. The method of clause 25 or clause 26, wherein the respective UE NAS module is associated with one of the MAS connections terminated at a corresponding NAS network function of the respective network functions, and wherein the NAS container is from the corresponding NAS network function.

[0156] Clause 28. The method of clause 27, wherein the routing information also includes information that identifies a NAS security context for the one of the NAS connections associated with the respective UE NAS module and terminated at the corresponding NAS network function, and wherein the method further comprises performing a security check of the NAS container based on the information that identifies the NA S security context for the one of the NAS connections.

[0157] Clause 29. The method of clause 28, wherein the respective UE MAS module is a UE session management (SM) NAS module, and the corresponding NAS network function is a corresponding SM network function, and wherein the information that identifies the NAS security context identifies a NAS security context for the one of the MAS connections associated with the UE SM NAS module and terminated at the corresponding SM network function.

[0158] Clause 30, An apparatus comprising: at least one memory configured to store instructions; and at least one processing circuitry configured to access the at least one memory, and execute the instructions to cause the apparatus to perform the method of any of clauses 25 to 29.

[0159] Clause 31. An apparatus comprising means for performing the method of any of clauses 25 to 29.

[0160] Clause 32. A computer-readable medium comprising instructions that, in response to execution by at least one processing circuitry, causes an apparatus to perform the method of any of clauses 25 to 29.

[0161] Clause 33, A computer-readable storage medium comprising instructions that, in response to execution by at least one processing circuitry, causes an apparatus to perform the method of any of clauses 25 to 29.

[0162] Clause 34. A computer program comprising instructions that, in response to execution by at least one processing circuitry, causes an apparatus to perform the method of any of clauses 25 to 29.

[0163] Clause 35, A method comprising: receiving or generating a non-access stratum (NAS) container for a user equipment (UE), wherein the UE includes UE NAS modules associated with NAS connections terminated at respective network functions in a serving network, wherein the NAS container contains payload information that is ciphered and integrity protected, and routing information that is integrity protected only, and wherein the routing information that indicates a NAS type of a respective UE NAS module of the UE NAS modules; and sending the NAS container toward the UE for a UE NAS routing layer to route the NAS container to the respective UE NAS module based on the routing information that indicates the NAS type of the respective UE NAS module.

[0164] Clause 36. The method of clause 35, wherein the method is performed at a mobility management (MM) network function.

[0165] Clause 37. The method of clause 35 or clause 36, wherein the respective UE NAS module is associated with one of the MAS connections terminated at a corresponding NAS network function of the respective network functions, and wherein the NAS container is received from or generated by the corresponding NAS network function.

[0166] Clause 38. The method of clause 37, wherein the routing information also includes information that identifies a NAS security context for the one of the NAS connections associated with the respective UE NAS module and terminated at the corresponding NAS network function.

[0167] Clause 39. The method of clause 38, wherein the respective UE NAS module is a UE session management (SM) NAS module, and the corresponding NAS network function is a corresponding SM network function, and wherein the information that identifies the NAS security context identifies a NAS security context for the one of the NAS connections associated with the UE SM NAS module and terminated at the corresponding SM network function.

[0168] Clause 40. An apparatus comprising: at least one memory configured to store instructions: and at least one processing circuitry configured to access the at least one memory', and execute the instructions to cause the apparatus to perform the method of any of clauses 35 to 39.

[0169] Clause 41. An apparatus comprising means for performing the method of any of clauses 35 to 39.

[0170] Clause 42. A computer-readable medium comprising instructions that, in response to execution by at least one processing circuitry, causes an apparatus to perform the method of any of clauses 35 to 39.

[0171] Clause 43. A computer-readable storage medium comprising instructions that, in response to execution by at least one processing circuitry', causes an apparatus to perform the method of any of clauses 35 to 39.

[0172] Clause 44. A computer program comprising instructions that, in response to execution by at least one processing circuitry, causes an apparatus to perform the method of any of clauses 35 to 39.

[0173] Clause 45. A method performed by a user equipment (UE), the method comprising: receiving a non- access stratum (NAS) container for the UE, wherein the UE includes UE NAS modules associated withNAS connections terminated at respective network functions in a serving network, wherein the NAS container contains payload information that is ciphered and integrity protected, and routing information that is integrity protected only, and wherein the routing information indicates a NAS type of a respective UE NAS module of the UE NAS modules; reading the routing information that indicates the NAS type to determine the respective UE NAS module; and routing the NAS container to the respective UE NAS module, wherein the NAS container is routed to a UE mobility management (MM) NAS module to process when the respective UE NAS module is the UE MM NAS module, or for the UE MM NAS module to further route the NAS container to the respective UE NAS module when the respective UE NAS module is another UE NAS module.

[0174] Clause 46. The method of clause 45, wherein the NAS container is received from a MM network function.

[0175] Clause 47. The method of clause 45 or clause 46, wherein the respective UE NAS module is associated with one of the NAS connections terminated at a corresponding NAS network function of the respective network functions, and wherein the NAS container is from the corresponding MAS network function.

[0176] Clause 48. The method of clause 47, wherein the routing information also includes information that identifies a NAS security context for the one of the NAS connections associated with the respective UE NAS module and terminated at the corresponding NAS network function, and wherein the method further comprises performing a security check of the NAS container based on the information that identifies the MAS security context for the one of the NAS connections.

[0177] Clause 49. The method of clause 48, wherein the respective UE NAS module is a UE session management (SM) NAS module, and the corresponding NAS network function is a corresponding SM network function, and wherein the information that identifies the MAS security context identifies a NAS security context for the one of the NAS connections associated with the UE SM NAS module and terminated at the corresponding SM network function.

[0178] Clause 50. An apparatus comprising: at least one memory configured to store instructions; and at least one processing circuitry configured to access the at least one memory, and execute the instructions to cause the apparatus to perform the method of any of clauses 45 to 49.

[0179] Clause 51. An apparatus comprising means for performing the method of any of clauses 45 to 49.

[0180] Clause 52. A computer-readable medium comprising instructions that, in response to execution by at least one processing circuitry, causes an apparatus to perform the method of any of clauses 45 to 49.

[0181] Clause 53. A computer-readable storage medium comprising instructions that, in response to execution by at least one processing circuitry, causes an apparatus to perform the method of any of clauses 45 to 49],

[0182] Clause 54, A computer program comprising instructions that, in response to execution by at least one processing circuitry, causes an apparatus to perform the method of any of clauses 45 to 49.

[0183] Clause 55. A method comprising: receiving or generating a non-access stratum (NAS) container for a user equipment (UE), wherein the UE includes UE NAS modules associated with NAS connections terminated at respective network functions in a serving network, wherein the NAS container contains payload information that is ciphered and integrity protected, and routing information that is integrity protected only, and wherein the routing information indicates a NAS type of a respective UE NAS module of the UE NAS modules; and sending the NAS container toward the UE for the UE to route the NAS container to the respective UE NAS module based on the routing information that indicates the NAS type of the respective UE NAS module, wherein the NAS container is sent toward the UE for a UE mobility management (MM) NAS module to process when the respective UE NAS module is the UE MM NAS module, or for the UE MM NAS module to route the NAS container to the respective UE NAS module when the respective UE NAS module is another UE NAS module.

[0184] Clause 56. The method of clause 55, wherein the method is performed at a mobility management (MM) network function.

[0185] Clause 57. The method of clause 55 or clause 56, wherein the respective UE NAS module is associated with one of the NAS connections terminated at a corresponding NAS network function of the respective network functions, and wherein the NAS container is received from or generated by the corresponding NAS network function.

[0186] Clause 58. The method of clause 57, wherein the routing information also includes information that identifies a NAS security context for the one of the NAS connections associated with the respective UE NAS module and terminated at the corresponding NAS network function.

[0187] Clause 59. The method of clause 58, wherein the respective UE NAS module is a UE session management (SM) NAS module, and the corresponding NAS network function is a corresponding SM network function, and wherein the information that identifies the NAS security context identifies a NAS security context for the one of the NAS connections associated with the UE SM NAS module and terminated at the corresponding SM network function.

[0188] Clause 60. An apparatus comprising: at least one memory configured to store instructions: and at least one processing circuitry configured to access the at least one memory, and execute the instructions to cause the apparatus to perform the method of any of clauses 55 to 59.

[0189] Clause 61, An apparatus comprising means for performing the method of any of clauses 55 to 59.

[0190] Clause 62. A computer-readable medium comprising instructions that, in response to execution by at least one processing circuitry, causes an apparatus to perform the method of any of clauses 55 to 59.

[0191] Clause 63, A computer-readable storage medium comprising instructions that, in response to execution by at least one processing circuitry, causes an apparatus to perform the method of any of clauses 55 to 59.

[0192] Clause 64. A computer program comprising instructions that, in response to execution by at least one processing circuitry, causes an apparatus to perform the method of any of clauses 55 to 59.

[0193] Many modifications and other implementations of the disclosure set forth herein will come to mind to one skilled in the art to which the disclosure pertains having the benefit of the teachings presented in the foregoing description and the associated figures. Therefore, it is to be understood that the disclosure is not to be limited to the specific implementations disclosed and that modifications and other implementations are intended to be included within the scope of the appended claims. Moreover, although the foregoing description and the associated figures describe example implementations in the context of certain example combinations of elements and / or functions, it should be appreciated that different combinations of elements and / or functions may be provided by alternative implementations without departing from the scope of the appended claims, in this regard, for example, different combinations of elements and / or functions than those explicitly described above are also contemplated as may be set forth in some of the appended claims. Although specific terms are employed herein, they are used in a generic and descriptive sense only and not for purposes of limitation.

Claims

WHAT IS CLAIMED IS:

1. A user equipment (UE) comprising:at least one processor; andat least one memory storing instructions which,) when executed by the at least one processor, cause the UE to perform operations, the operations comprising:receiving a non-access stratum (NAS) container for the UE, wherein the UE includes UE NAS modules associated with NAS connections terminated at respective network functions in a serving network, wherein the NAS container contains payload information that is ciphered and integrity protected, and routing information that is integrity protected only, and wherein the routing information indicates a NAS type of a respective UE NAS module of the UE NAS modules;reading the routing information that indicates the NAS type to determine the respective UE NAS module; androuting the NAS container to the respective UE NAS module, wherein the NAS container is routed to a UE mobility management (MM) NAS module to process when the respective UE NAS module is the UE MM NAS module, or for the UE MM NAS module to further route the NAS container to the respective UE NAS module when the respective UE NAS module is another UE NAS module.

2. The UE of claim 1, wherein the NAS container is received from a MM network function.

3. The UE of claim 1, wherein the respective UE NAS module is associated with one of the NAS connections terminated at a corresponding NAS network function of the respective network functions, andwherein the NAS container is from the corresponding NAS network function.

4. The UE of claim 3, wherein the routing information also includes information that identifies a NAS security context for the one of the NAS connections associated with the respective UE NAS module and terminated at the corresponding NAS network function, andwherein the operations further comprise performing a security check of the NAS container based on the information that identifies the NAS security context for the one of the NAS connections.

5. The UE of claim 4, wherein the respective UE NAS module is a UE session management (SM) NAS module, and the corresponding NAS network function is a corresponding SM network function, andwherein the information that identifies the NAS security context identifies a NAS security context for the one of the NAS connections associated with the UE SM NAS module and terminated at the corresponding SM network function.

6. A method performed by a user equipment (UE), the method comprising:receiving a non-access stratum (NAS) container for the UE, wherein the UE includes UE NAS modules associated with NAS connections terminated at respective network functions in a serving network, wherein the NAS container contains payload information that is ciphered and integrity protected, and routing information that is integrity protected only, and wherein the routing information indicates a NAS type of a respective UE NAS module of the UE NAS modules;reading the routing information that indicates the NAS type to determine the respective UE NAS module; androuting the NAS container to the respective UE NAS module, wherein the NAS container is routed to a UE mobility management (MM) NAS module to process when the respective UE NAS module is the UE MM NAS module, or for the UE MM NAS module to further route the NAS container to the respective UE NAS module when the respective UE NAS module is another UE NAS module.

7. The method of claim 6, wherein the NAS container is received from a MM network function.

8. The method of claim 6, wherein the respective UE NAS module is associated with one of the NAS connections terminated at a corresponding NAS network function of the respective network functions, andwherein the NAS container is from the corresponding NAS network function.

9. The method of claim 8, wherein the routing information also includes information that identifies a NAS security context for the one of the NAS connections associated with the respective UE NAS module and terminated at the corresponding NAS network function, andwherein the method further comprises performing a security check of the NAS container based on the information that identifies the NAS security context for the one of the NAS connections.

10. The method of claim 9, wherein the respective UE NAS module is a UE session management (SM) NAS module, and the corresponding NAS network function is a corresponding SM network function, andwherein the information that identifies the NAS security context identifies a NAS security context for the one of the NAS connections associated with the UE SM NAS module and terminated at the corresponding SM network function.

11. An apparatus comprising:at least one processor; andat least one memory storing instructions, the instructions when executed by the at least one processor causing the apparatus to perform operations, the operations comprising:receiving or generating a non-access stratum (NAS) container for a user equipment (UE), wherein the UE includes UE NAS modules associated with NAS connections terminated at respective network functions in a serving network, wherein the NAS container contains payload information that is ciphered and integrity protected, and routing information that is integrity protected only, and wherein the routing information indicates a NAS type of a respective UE NAS module of the UE NAS modules; and sending the NAS container toward the UE for the UE to route the NAS container to the respective UE NAS module based on the routing information that indicates the NAS type of the respective UE NAS module, wherein the NAS container is sent toward the UE for a UE mobility management (MM) NAS module to process when the respective UE NAS module is the UE MM NAS module, or for the UE MM NAS module to route the NAS container to the respective UE NAS module when the respective UE NAS module is another UE NAS module.

12. The apparatus of claim 11, wherein the instructions are instructions of a mobility management (MM) network function.

13. The apparatus of claim 11, wherein the respective UE NAS module is associated with one of the NAS connections terminated at a corresponding NAS network function of the respective network functions, andwherein the NAS container is received from or generated by the corresponding NAS network function.

14. The apparatus of claim 13, wherein the routing information also includes information that identifies a NAS security context for the one of the NAS connections associated with the respective UE NAS module and terminated at the corresponding NAS network function.

15. The apparatus of claim 14, wherein the respective UE NAS module is a UE session management (SM) NAS module, and the corresponding NAS network function is a corresponding SM network function, andwherein the information that identifies the NAS security context identifies a NAS security context for the one of the NAS connections associated with the UE SM NAS module and terminated at the corresponding SM network function.

16. A method comprising:receiving or generating a non-access stratum (NAS) container for a user equipment (UE), wherein the UE includes UE NAS modules associated with NAS connections terminated at respective network functions in a serving network, wherein the NAS container contains payload information that is ciphered and integrity protected, and routing information that is integrity protected only, and wherein the routing information indicates a NAS type of a respective UE NAS module of the UE NAS modules; and sending the NAS container toward the UE for the UE to route the NAS container to the respective UE NAS module based on the routing information that indicates the NAS type of the respective UE NAS module, wherein the NAS container is sent toward the UE for a UE mobility management (MM) NAS module to process when the respective UE NAS module is the UE MM NAS module, or for the UE MM NAS module to route the NAS container to the respective UE NAS module when the respective UE NAS module is another UE NAS module.

17. The method of claim 16, wherein the method is performed at a mobility management (MM) network function.

18. The method of claim 16, wherein the respective UE NAS module is associated with one of the NAS connections terminated at a corresponding NAS network function of the respective network functions, andwherein the NAS container is received from or generated by the corresponding NAS network function.

19. The method of claim 18, wherein the routing information also includes information that identifies a NAS security context for the one of the NAS connections associated with the respective UE NAS module and terminated at the corresponding NAS network function.

20. The method of claim 19, wherein the respective UE NAS module is a UE session management (SM) NAS module, and the corresponding NAS network function is a corresponding SM network function, andwherein the information that identifies the NAS security context identifies a NAS security context for the one of the NAS connections associated with the UE SM NAS module and terminated at the corresponding SM network function.