Search

CN-121986509-A - Mismatch avoidance of non-access stratum (NAS) security mode commands and NAS counts

CN121986509ACN 121986509 ACN121986509 ACN 121986509ACN-121986509-A

Abstract

A method includes transmitting, by a core network entity of a core network of a wireless communication system, a non-access stratum (NAS) Security Mode Command (SMC) message to a User Equipment (UE), the NAS SMC message including information about security capabilities of the UE, information for establishing a security context between the UE and the core network, and a first NAS security mode message transaction Identifier (ID), receiving, by the core network entity, a NAS security mode complete message including a second NAS security mode message transaction ID from the UE, and generating, by the core network entity, a security key based on a comparison of the first NAS security mode message transaction ID and the second NAS security mode message transaction ID satisfying a condition, wherein the security key is usable to secure communications between the UE and a device of an access network of the wireless communication system.

Inventors

  • S. Carrey
  • R. Mawuleidi Danasekalan

Assignees

  • 诺基亚技术有限公司

Dates

Publication Date
20260505
Application Date
20240916
Priority Date
20230920

Claims (18)

  1. 1. A method, comprising: Transmitting, by a core network entity of a core network of a wireless communication system, a non-access stratum (NAS) Security Mode Command (SMC) message to a User Equipment (UE), the NAS SMC message including information about security capabilities of the UE, information for establishing a security context between the UE and the core network, and a first NAS security mode message transaction Identifier (ID); receiving, by the core network entity, a NAS security mode complete message from the UE including a second NAS security mode message transaction ID, and A security key is generated by the core network entity based on a comparison of the first NAS security mode message transaction ID and the second NAS security mode message transaction ID satisfying a condition, wherein the security key is usable for securing communications between the UE and a device of an access network of the wireless communication system.
  2. 2. The method of claim 1, wherein generating the security key is further based on a match between the second NAS security mode message transaction ID in the NAS security mode complete message and the first NAS security mode message transaction ID in the NAS SMC message.
  3. 3. The method of claim 1 or claim 2, wherein: the first NAS security mode message transaction ID in the NAS SMC message comprises a first NAS ID specific to the transmission of the NAS SMC message, and The second NAS security mode message transaction ID in the NAS security mode complete message includes a second NAS ID.
  4. 4. The method of claim 1 or claim 2, wherein: The first NAS security mode message transaction ID in the NAS SMC message comprises a first bitmap comprising an indication of a number of retransmissions of the NAS SMC message, and The second NAS security mode message transaction ID in the NAS security mode complete message comprises a second bitmap.
  5. 5. The method of claim 1 or claim 2, wherein: The first NAS security mode message transaction ID in the NAS SMC message corresponds to a NAS downlink message sequence number, and The second NAS security mode message transaction ID in the NAS security mode complete message corresponds to a NAS uplink message sequence number.
  6. 6. The method of any of claims 1-4, wherein sending the NAS SMC message is based on expiration of a retransmission timer.
  7. 7. The method of claim 6, further comprising: the first NAS security mode message transaction ID is generated by the core network entity based on the expiration of the retransmission timer.
  8. 8. The method of any of claims 1 to 7, further comprising: Receiving, by the core network entity, another NAS security mode complete message from the UE including a third NAS security mode message transaction ID, and Based on the comparison of the first NAS security mode message transaction ID and the third NAS security mode message transaction ID failing to satisfy the condition, continuing to monitor NAS security mode complete messages by the core network entity without generating a security key.
  9. 9. The method of claim 8, further comprising: Maintaining, by the core network entity, a retransmission timer based on the comparison of the first NAS security mode message transaction ID and the third NAS security mode message transaction ID failing to satisfy the condition.
  10. 10. The method of any one of claims 1 to 9, further comprising: a registration request message is received by the core network entity from the UE, the registration request message including an indication of whether the UE supports NAS security mode message transaction identification.
  11. 11. A method, comprising: receiving, by a User Equipment (UE), a non-access stratum (NAS) Security Mode Command (SMC) message from a core network entity of a core network of a wireless communication system, the NAS SMC message comprising information about security capabilities of the UE, integrity key information, and a first NAS security mode message transaction Identifier (ID); Generating, by the UE, a second NAS security mode message transaction ID based on the first NAS security mode message transaction ID, and And sending, by the UE, a NAS security mode complete message including the second NAS security mode message transaction ID to the core network entity.
  12. 12. The method of claim 11, wherein the first NAS security mode message transaction ID in the NAS SMC message comprises a NAS ID specific to the transmission of the NAS SMC message.
  13. 13. The method of claim 12, wherein generating the second NAS security mode message transaction ID comprises: setting, by the UE, the second NAS security mode message transaction ID based on the NAS ID in the NAS SMC message.
  14. 14. The method of claim 11, wherein the first NAS security mode message transaction ID in the NAS SMC message comprises an indication of a number of retransmissions associated with the NAS SMC message.
  15. 15. The method of claim 14, wherein generating the second NAS security mode message transaction ID comprises: the second NAS security mode message transaction ID is set by the UE based on the number of retransmissions associated with the NAS SMC message.
  16. 16. The method of any of claims 11 to 15, further comprising: And sending a registration request message to the core network entity by the UE, wherein the registration request message comprises an indication of whether the NAS security mode message transaction identification is supported by the UE.
  17. 17. An apparatus, comprising: at least one processor, and At least one memory storing instructions that, when executed by the processor, cause the apparatus at least to perform the method of any one of claims 1 to 10.
  18. 18. A User Equipment (UE), comprising: at least one processor, and At least one memory storing instructions that, when executed by the processor, cause the UE to perform at least the method of any one of claims 11 to 16.

Description

Mismatch avoidance of non-access stratum (NAS) security mode commands and NAS counts Technical Field Various example embodiments relate generally to wireless networks and, more particularly, to non-access stratum (NAS) Security Mode Command (SMC) procedures. Background Wireless networks offer significant advantages for user mobility. The ability of users to stay connected while in motion not only provides advantages to users, but also provides greater efficiency and productivity for the entire society. As user expectations for aspects such as security are increased, wireless network technology must keep pace with such expectations. There is therefore a continuing interest in improving wireless network technology. Disclosure of Invention As used herein, the term "entity" may refer to an architecture or a device in a communication network, a network device, a network node, a network function, or a different component of any other device (physical or virtual). According to aspects of the disclosure, a method includes transmitting, by a core network entity of a core network of a wireless communication system, a non-access stratum (NAS) Security Mode Command (SMC) message to a User Equipment (UE), the NAS SMC message including information regarding security capabilities of the UE, information for establishing a security context between the UE and the core network, and a first NAS security mode message transaction Identifier (ID), receiving, by the core network entity, a NAS security mode complete message including a second NAS security mode message transaction ID from the UE, and generating, by the core network entity, a security key based on a comparison of the first NAS security mode message transaction ID and the second NAS security mode message transaction ID satisfying a condition, wherein the security key is usable to secure communication between the UE and a device of an access network of the wireless communication system. In one aspect of the method, generating the security key is further based on a match between a second NAS security mode message transaction ID in the NAS security mode complete message and a first NAS security mode message transaction ID in the NAS SMC message. In one aspect of the method, the first NAS security mode message transaction ID in the NAS SMC message comprises a first NAS ID specific to the transmission of the NAS SMC message and the second NAS security mode message transaction ID in the NAS security mode complete message comprises a second NAS ID. In one aspect of the method, the first NAS security mode message transaction ID in the NAS SMC message comprises a first bitmap comprising an indication of a number of retransmissions of the NAS SMC message, and the second NAS security mode message transaction ID in the NAS security mode complete message comprises a second bitmap. In one aspect of the method, a first NAS security mode message transaction ID in the NAS SMC message corresponds to a NAS downlink message sequence number and a second NAS security mode message transaction ID in the NAS security mode complete message corresponds to a NAS uplink message sequence number. In one aspect of the method, sending the NAS SMC message is based on expiration of a retransmission timer. In one aspect of the method, the method further comprises generating, by the core network entity, a first NAS security mode message transaction ID based on expiration of the retransmission timer. In one aspect of the method, the method further includes receiving, by the core network entity, another NAS security mode complete message from the UE that includes the third NAS security mode message transaction ID, and continuing, by the core network entity, monitoring, by the core network entity, the NAS security mode complete message without generating the security key based on the comparison of the first NAS security mode message transaction ID and the third NAS security mode message transaction ID failing to satisfy the condition. In one aspect of the method, the method further comprises maintaining, by the core network entity, a retransmission timer based on the comparison of the first NAS security mode message transaction ID and the third NAS security mode message transaction ID failing to satisfy the condition. In one aspect of the method, the method further comprises receiving, by the core network entity, a registration request message from the UE, the registration request message including an indication of whether the UE supports NAS security mode message transaction identification. According to aspects of the disclosure, a method includes receiving, by a User Equipment (UE), a non-access stratum (NAS) Security Mode Command (SMC) message from a core network entity of a core network of a wireless communication system, the NAS SMC message including information regarding security capabilities of the UE, integrity key information, and a first NAS security mode message transaction Identifier (ID), gener