Search

EP-4740528-A1 - A METHOD AND A SYSTEM FOR USER EQUIPMENT RECOVERY POST INTEGRITY VALIDATION FAILURE

EP4740528A1EP 4740528 A1EP4740528 A1EP 4740528A1EP-4740528-A1

Abstract

The present disclosure relates to a method and a system for immediate user equipment recovery post integrity validation failure The disclosure encompasses that when integrity validation fails at user device (UE) [103], the UE [103] sends 5GMM status message and AMF [106] stores 5GMM status message in user context; in an event UE [103] re-transmits Mobility Request/Periodic Request, then AMF [106] invokes re-authentication procedure and reset the security data at the UE [103] and the AMF [106] or in an event UE [103] re-transmits Service Request, then AMF [106] sends service reject signal to UE [103] and then UE [103] initiates Initial Registration, as prescribed in 5G standard. This way UE [103] is no longer needed to cycle through a predefined number of attempts for Mobility Request/Periodic Request/Service Request before re-registering itself to AMF [106].

Inventors

  • BISHT, BIRENDRA
  • BHATNAGAR, AAYUSH
  • Singh, Harbinder Pal
  • MISHRA, SOMYA
  • SHARMA, Smridhi
  • KUMAR, AMIT
  • Bhatt, Naresh

Assignees

  • Jio Platforms Limited

Dates

Publication Date
20260513
Application Date
20240614

Claims (14)

  1. 1. A method [300] for user equipment recovery post integrity validation failure, the method comprising: receiving at an access and mobility management function (AMF) module [106], by a first transceiver unit [105] from a user device [103], a trigger procedure for initiating an initial context setup (ICS) request, wherein the initial context setup request is one of a periodic request, a service request, and a mobility request; sending, by the first transceiver unit [ 105] at the AMF module [ 106] to a second transceiver unit [107] at a connected network, the ICS request with one of a registration accept non-access stratum (NAS) message, and a service accept NAS message, wherein the connected network is a wireless communication network with which the user device [103] is connected; calculating at the AMF module [106], by an analysis unit [109], a first media access control (MAC) number based on at least one of a downlink sequence number stored at a storage unit [111], a downlink overflow count value stored at the storage unit [111] and a set of integrity keys stored at the storage unit [i n]; - transmitting at the AMF module [106], by the first transceiver unit [105] to the user device [103], the first MAC number for matching with a second MAC number, wherein o the second MAC number is calculated based on at least one of a downlink sequence number stored at the user device [103], a downlink overflow count stored at the user device [103], and a set of integrity keys stored at the user device [103]; receiving at the AMF module [106], by the first transceiver unit [105] from the user device [103], a fifth generation mobility management (5GMM) status message in an event of mismatch between the first MAC number and the second MAC number; storing at the AMF module [106], by the storage unit [111], the 5GMM status message in a user context associated with the user device [103]; receiving at the AMF module [106], by the first transceiver unit [105] from the user device [103], the trigger procedure for reinitiating the ICS request; and initiating at the AMF module [106], by a loading unit [113], one of: a performance of an authentication procedure, and a service reject procedure, wherein the performance of the authentication procedure is initiated in an event the user device [103] re-transmits one of the mobility request and the periodic request, and the service reject procedure is initiated in an event the user device [103] re-transmits the service request, the service reject procedure comprising sending, by the first transceiver unit [ 105] , a service reject indication to the user device [103] with a cause message.
  2. 2. The method [300] as claimed in claim 1, wherein the performance of the authentication procedure comprises: calculating at the AMF module [ 106] , by the analysis unit [ 109] , the first media access control (MAC) number based on at least one of the downlink sequence number stored at the storage unit [111] and associated with the reinitiated ICS request, the downlink overflow count value stored at the storage unit [111] and associated with the reinitiated ICS request, and the set of integrity keys stored at the storage unit [111] and associated with the reinitiated ICS request; - transmitting at the AMF module [106], by the first transceiver unit [105] to the user device [103], the first MAC number for matching with the second MAC number, wherein the second MAC number is calculated based on at least one of the downlink sequence number stored at the user device [103], the downlink overflow count stored at the user device [103], and the set of integrity keys stored at the user device [103]; and receiving at the AMF module [106], by the first transceiver unit [105] from the user device [103], a status message, wherein the status message is based on a result of the matching between the first MAC number and the second MAC number, wherein the result is one of a success match result and a mismatch result.
  3. 3. The method [300] as claimed in claim 2, wherein the performance of the authentication procedure further comprises resetting at the AMF module [106], by the loading unit [113], a security data, using security mode command (SMC) message.
  4. 4. The method [300] as claimed in claim 3, wherein the security data comprises an uplink sequence number associated with the reinitiated ICS request, the downlink sequence number associated with the reinitiated ICS request, an uplink overflow count associated with the reinitiated ICS request, the downlink overflow count associated with the reinitiated ICS request, the set of integrity keys associated with the reinitiated ICS request, and a cipher key associated with the reinitiated ICS request.
  5. 5. The method [300] as claimed in claim 1, wherein the storing at the AMF module [106], by the storage unit [111], the 5GMM status message in a user context associated with the user device [103] further comprises storing a cause detail related to the 5GMM status message.
  6. 6. The method [300] as claimed in claim 1, wherein the trigger procedure for initiating the ICS request is related to one of a periodic request, a service request, and a mobility request.
  7. 7. A system [100] for user equipment recovery post integrity validation failure, the system [100] comprising: o a first transceiver unit [105] configured to : receive, from a user device [103], a trigger procedure for initiating an initial context setup (ICS) request, wherein the initial context setup request is one of a periodic request, a service request, and a mobility request, and send, to a second transceiver unit [107] at a connected network, the ICS request with one of a registration accept non-access stratum (NAS) message, and a service accept NAS message, wherein the connected network is a wireless communication network with which the user device [103] is connected; o an analysis unit [109] connected to at least the first transceiver unit [105], wherein the analysis unit [109] is configured to calculate, a first media access control (MAC) number based on at least one of a downlink sequence number stored at a storage unit [111] connected to the analysis unit [109], a downlink overflow count value stored at the storage unit [111] and a set of integrity keys stored at the storage unit [111], wherein the first transceiver unit [105] is further configured to: transmit, to the user device [103], the first MAC number for matching with a second MAC number, wherein the second MAC number is calculated based on at least one of a downlink sequence number stored at the user device [103], a downlink overflow count stored at the user device [103], and a set of integrity keys stored at the user device [103], and receive, from the user device [103], a fifth generation mobility management (5GMM) status message in an event of mismatch between the first MAC number and the second MAC number, - wherein the storage unit [111] connected to at least the analysis unit [109] is configured to store, the 5GMM status message in a user context associated with the user device [103], - wherein the first transceiver unit [ 105] is further configured to receive, from the user device [103], the trigger procedure for reinitiating the ICS request; and o a loading unit [113] connected to the storage unit [111], wherein the loading unit [113] is configured to initiate, one of: a performance of an authentication procedure, and a service reject procedure, wherein the performance of the authentication procedure is initiated in an event the user device [103] retransmits one of the mobility request and the periodic request, and the service reject procedure is initiated in an event the user device [103] re-transmits the service request, the service reject procedure comprises the loading unit [113] further configured to send, by the first transceiver unit [105], a service reject indication to the user device [103] with a cause message.
  8. 8. The system [100] as claimed in claim 7, wherein for the performance of the authentication procedure comprises: - the analysis unit [109] is configured to calculate, the first media access control (MAC) number based on at least one of the downlink sequence number stored at the storage unit [111] and associated with the reinitiated ICS request, the downlink overflow count value stored at the storage unit [111] and associated with the reinitiated ICS request, and the set of integrity keys stored at the storage unit [111] and associated with the reinitiated ICS request, and - the first transceiver unit [105] is further configured to: transmit, to the user device [103], the first MAC number for matching with the second MAC number, wherein the second MAC number is calculated based on at least one of the downlink sequence number stored at the user device [103], the downlink overflow count stored at the user device [103], and the set of integrity keys stored at the user device [103], and receive, from the user device [103], a status message, wherein the status message is based on a result of the matching between the first MAC number and the second MAC number, wherein the result is one of a success match result and a mismatch result.
  9. 9. The system [100] as claimed in claim 8, wherein for the performance of the authentication procedure, the loading unit [113] is further configured to: reset a security data, using security mode command (SMC) message.
  10. 10. The system [100] as claimed in claim 9, wherein the security data comprises an uplink sequence number associated with the reinitiated ICS request, the downlink sequence number associated with the reinitiated ICS request, an uplink overflow count associated with the reinitiated ICS request, the downlink overflow count associated with the reinitiated ICS request, the set of integrity keys associated with the reinitiated ICS request, and a cipher key associated with the reinitiated ICS request.
  11. 11. The system [100] as claimed in claim 7, wherein the storage unit [111] while storing the 5GMM status message in a user context associated with the user device [103], is further configured to store a cause detail related to the 5GMM status message.
  12. 12. The system [100] as claimed in claim 7, wherein the trigger procedure for initiating the ICS request is related to one of a periodic request, a service request, and a mobility request.
  13. 13. The system [100] as claimed in claim 7, wherein the system [100] is configured at an access and mobility management function (AMF) module [106],
  14. 14. A non-transitory computer readable storage medium for user equipment recovery post integrity validation failure, the storage medium comprises executable code which, when executed by one or more units of a system [100] causes: o a first transceiver unit [ 105] to : receive, from a user device [103], a trigger procedure for initiating an initial context setup (ICS) request, wherein the initial context setup request is one of a periodic request, a service request, and a mobility request, and send, to a second transceiver unit [107] at a connected network, the ICS request with one of a registration accept non-access stratum (NAS) message, and a service accept NAS message, wherein the connected network is a wireless communication network with which the user device [103] is connected; o an analysis unit [109] to calculate, a first media access control (MAC) number based on at least one of a downlink sequence number stored at a storage unit [111] connected to the analysis unit [109], a downlink overflow count value stored at the storage unit [111] and a set of integrity keys stored at the storage unit [111]; o the first transceiver unit [105] to: transmit, to the user device [103], the first MAC number for matching with a second MAC number, wherein the second MAC number is calculated based on at least one of a downlink sequence number stored at the user device [103], a downlink overflow count stored at the user device [103], and a set of integrity keys stored at the user device [103], and receive, from the user device [103], a fifth generation mobility management (5GMM) status message in an event of mismatch between the first MAC number and the second MAC number, - wherein the storage unit [111] connected to at least the analysis unit [109] is configured to store, the 5GMM status message in a user context associated with the user device [103], - wherein the first transceiver unit [ 105] is further configured to receive, from the user device [103], the trigger procedure for reinitiating the ICS request; and o a loading unit [113] to initiate, one of: a performance of an authentication procedure, and a service reject procedure, wherein the performance of the authentication procedure is initiated in an event the user device [103] retransmits one of the mobility request and the periodic request, and the service reject procedure is initiated in an event the user device [103] re-transmits the service request, the service reject procedure comprises the loading unit [113] further configured to send, by the first transceiver unit [105], a service reject indication to the user device [103] with a cause message.

Description

A METHOD AND A SYSTEM FOR USER EQUIPMENT RECOVERY POST INTEGRITY VAEIDATION FAIEURE FIEED OF THE DISCEOSURE [0001] The present disclosure relates generally to the field of wireless communication systems. More particularly, the present disclosure relates to a method and a system for user equipment recovery post integrity validation failure. BACKGROUND [0002] The following description of related art is intended to provide background information pertaining to the field of the disclosure. This section may include certain aspects of the art that may be related to various features of the present disclosure. However, it should be appreciated that this section be used only to enhance the understanding of the reader with respect to the present disclosure, and not as admissions of prior art. [0003] Wireless communication technology has rapidly evolved over the past few decades, with each generation bringing significant improvements and advancements. The first generation of wireless communication technology was based on analog technology and offered only voice services. However, with the advent of the second-generation (2G) technology, digital communication and data services became possible, and text messaging was introduced. Further, the third-generation (3G) technology marked the introduction of high-speed internet access, mobile video calling, and location-based services. The fourth-generation (4G) technology revolutionized wireless communication with faster data speeds, better network coverage, and improved security. Currently, the fifth-generation (5G) technology is being deployed, promising even faster data speeds, low latency, and the ability to connect multiple devices simultaneously. With each generation, wireless communication technology has become more advanced, sophisticated, and capable of delivering more services to its users. [0004] In a communication network (typically in wireless networks such as 5G), the handling of a downlink sequence number (DL SN) mismatch plays an important role. The DL SN refers to a unique identifier assigned to each packet transmitted from the base station (eNodeB or gNB) to the user equipment/ user device (UE). The handling of the downlink sequence number ensures reliability and integrity of data transmission in the wireless communication network by detecting mismatch between the sequence numbers of received downlink packets which may occur due to packet loss, corruption, out of order delivery. This enables the network operators to retransmit and recover missing or corrupted packets from the transceivers. The handling also helps in resynchronization of the sequence number with the transmitting end to align subsequent packet reception correctly. An example of the prevalent handling for downlink sequence number mismatch (integrity validation failure at UE end) in conventional network is illustrated in Fig. 2. The downlink sequence number mismatch (or integrity validation failure at UE end) refers to a situation when the UE detects that the integrity protection of received data packets are compromised. For addressing the mismatch, the UE generally follows predefined procedures that may involve retransmission request, failure notification, and taking appropriate security measures. The method [200] for handling downlink sequence number mismatch conventionally in a network starts at step [202], At step [204], a user equipment (UE) initiates a mobility request (MR)/a Periodic request (PR)/a Service request (SR) to an access and mobility management function (AMF). It is to be noted that the AMF manages a control plane of the 5G network, which is responsible for signaling and network management. The AMF ensures that one or more signaling messages are transmitted correctly between one or more network functions and that one or more network resources are managed efficiently. Further, the mobility request (MR) is a request which is sent by the UE when it needs to handover (i.e., transfer an ongoing call or data session for ensuring continuous connectivity) its connection from one cell/ network node (eNodeB or gNB) to another. The MR request is triggered when the UE detects that the quality of the current connection is degrading, or in scenarios where the UE ends up finding a better-serving cell/ node having stronger signal strength and improved performance. Basis the MR, the network decides whether to perform the handover in order to maintain seamless connectivity for the UE. The periodic request (PR) is often sent by the UE at regular intervals to inform the network about its presence and readiness to receive services. The PR in the network keeps track of active UEs within its coverage area and optimizes resource allocation. The PR is often sent when the UE is not actively transmitting data thereby ensuring continuous monitoring and management of network resources. The service request (SR) is sent by the UE when it needs to establish a new connection or request specific services from t