US-12621665-B2 - Methods and systems for establishing secure communication in wireless communication system

Abstract

The present disclosure relates to a pre-5th-Generation (5G) or 5G communication system to be provided for supporting higher data rates Beyond 4th-Generation (4G) communication system such as Long Term Evolution (LTE). Embodiments herein disclose methods for establishing secure communication in a wireless communication network by an AUSF entity. The method includes receiving a key request message from a remote UE through an AMF entity. Further, the method includes acquiring one of the SUPI of the remote UE and a REAR ID associated with the SUPI of the remote UE. Further, the method includes generating a rear key for remote UE communication via a UE-to-network relay. The REAR key is used for deriving a first ProSe key. Further, the method includes sending a key response message to the remote UE for establishing secure communication.

Inventors

• Rohini RAJENDRAN
• Rajavelsamy Rajadurai
• Nivedya Parambath SASI

Assignees

• SAMSUNG ELECTRONICS CO., LTD.

Dates

Publication Date

20260505

Application Date

20210720

Priority Date

20210716

Claims (15)

1. 1 . A method for establishing secure communication in a wireless communication network, the method comprising: receiving, by an Authentication Server Function entity, a key request message from a remote UE; acquiring, by an Authentication Server Function entity, one of a subscription permanent identifier of the remote UEand a remote access via relay identifier associated with the SUPI of the remote UE; generating, by the AUSF entity, a REAR key for a remote UE communication via a UE-to-network relay; and sending, by the AUSF entity, a key response message to the remote UE for establishing secure communication, wherein the key response message comprises the generated REAR key, the REAR ID and at least one of a relay UE ID and a temporary ID of a relay.
2. 2 . The method of claim 1 , wherein the REAR key is used for deriving a first Proximity Services key.
3. 3 . The method of claim 1 , further comprising: acquiring, by the AUSF entity, the REAR key, a freshness parameter, one of a Fifth Generation-Global Unique Temporary Identifier and a SUPI, and at least one of a relay service code and a service identifier; generating, by the AUSF entity, a second ProSe key for a remote access via the relay based on the REAR key, the 5G-GUTI, the freshness parameter, and at least one of the relay service code and the service identifier, wherein the second ProSe key is used as a root key for ProSe UE-to-network relay communication; and sending, by the AUSF entity, the freshness parameter in a key response message to a relay UE for establishing secure communication.
4. 4 . The method of claim 3 , wherein the freshness parameter comprises at least one of a nonce, a counter and a random number.
5. 5 . The method of claim 3 , wherein the AUSF entity-sends the freshness parameter in the key response message to the relay UE in response to the AUSF entity receiving the key request message from the relay UE, and wherein the AUSF entity-receives the key request message from the remote UE through an Access and Mobility Management Function entity.
6. 6 . The method of claim 2 , wherein deriving the first ProSe key comprises: obtaining a latest K AUSF , a SUPI of a remote UE, a REAR identifier, at least one parameter and one of a relay UE ID bound to a SUPI of relay and a temporary ID of relay; and deriving the first ProSe key based on the K AUSF , the SUPI of the remote UE, the REAR ID, the at least one parameter and one of the Relay UE ID bound to SUPI of relay and the temporary ID of relay.
7. 7 . The method of claim 2 , wherein the first ProSe key is a 256 bits in which first 128 bits MSB of key is the REAR key and second 128 bits is a REAR key identifier, and wherein the REAR key ID is used to identify the REAR key.
8. 8 . The method as claimed in of claim 1 , wherein the REAR identifier is associated with a SUPI of the remote UE and is stored in the UDM entity in a UE subscription data.
9. 9 . The method of claim 1 , wherein at least one of the relay UE ID and the temporary ID of the relay is bound to a UE-to-network relay SUPI.
10. 10 . A method for establishing secure communication in a wireless communication network, the method comprising: sending, by a remote UE, a key request message to an AMF entity, wherein the key request message comprises a ProSe remote access indication and at least one of a 5G-GUTI and a SUCI; receiving, by the AMF entity, the key request message from the remote UE; forwarding, by the AMF entity, the key request message to an AUSF entity; and performing, by the AUSF entity, an action for establishing secure communication based on the key request message, wherein the action comprises at least one of an authentication operation, an authorization operation and a key derivation operation for a ProSe UE-to-Network relay communication.
11. 11 . An Authentication Server Function entity in a wireless communication network, the AUSF entity comprising: memory; a processor; and a secure communication controller, coupled with the memoryand the processor, configured to: receive a key request message from a remote UE, acquire one of a subscription permanent identifier of the remote UE and a remote access via relay identifier associated with the SUPI of the remote UE, generate a REAR key for remote UE communication via a UE-to-network relay, wherein the REAR key is used for deriving a first Proximity Services key, and send a key response message to a remote UE for establishing secure communication, wherein the key response message comprises the generated REAR key, the REAR ID and at least one of a relay UE ID and a temporary ID of a relay.
12. 12 . The AUSF entity of claim 11 , wherein the REAR key is used for deriving a first Proximity Services key.
13. 13 . The AUSF entity of claim 11 , wherein the secure communication controller is configured to: acquire the rear key, a Fifth Generation-Global Unique Temporary Identifier, a freshness parameter, and at least one of a relay service code and a service identifier, generate a second ProSe key for a remote access via the relay based on the REAR key, the 5G-GUTI, the freshness parameter and at least one of the relay service code and the service identifier, wherein the second ProSe key is used as a root key, and send the freshness parameter in a key response message to a relay UE for establishing secure communication.
14. 14 . The AUSF entity of claim 13 , wherein the freshness parameter comprises at least one of a nonce, a counter and a random number.
15. 15 . The AUSF entity of claim 13 , wherein the secure communication controller is configured to send the freshness parameter in the key response message to the relay UE in response to the AUSF entity receiving the key request message from the relay UE, and wherein the AUSF entity receives the key request message from the remote UE through an Access and Mobility Management Function entity.

Description

TECHNICAL FIELD Embodiments disclosed herein relate to Proximity Services (ProSe) and more particularly to providing secure remote access to a UE for ProSe communication. BACKGROUND ART To meet the demand for wireless data traffic having increased since deployment of 4G communication systems, efforts have been made to develop an improved 5G or pre-5G communication system. Therefore, the 5G or pre-5G communication system is also called a ‘Beyond 4G Network’ or a ‘Post LTE System’. The 5G communication system is considered to be implemented in higher frequency (mmWave) bands, e.g., 60 GHz bands, so as to accomplish higher data rates. To decrease propagation loss of the radio waves and increase the transmission distance, the beamforming, massive multiple-input multiple-output (MIMO), Full Dimensional MIMO (FD-MIMO), array antenna, an analog beam forming, large scale antenna techniques are discussed in 5G communication systems. In addition, in 5G communication systems, development for system network improvement is under way based on advanced small cells, cloud Radio Access Networks (RANs), ultra-dense networks, device-to-device (D2D) communication, wireless backhaul, moving network, cooperative communication, Coordinated Multi-Points (CoMP), reception-end interference cancellation and the like. In the 5G system, Hybrid FSK and QAM Modulation (FQAM) and sliding window superposition coding (SWSC) as an advanced coding modulation (ACM), and filter bank multi carrier(FBMC), non-orthogonal multiple access(NOMA), and sparse code multiple access (SCMA) as an advanced access technology have been developed. In technical specifications (TS) 22.261 and TS 22.278, use cases and requirements for Proximity Services (ProSe) are described, including public safety and interactive services. New Radio (NR) PC5 ProSe communication including unicast and groupcast needs to be supported for the case of public safety and interactive service. According to the TS 22.261 and TS 22.278, support for UE-to-Network Relay needs to be studied. In addition, the Rel-16 fifth generation (5G) architectural design (for example, flow-based Quality of Service (QoS) communication over PC5/Uu interface) shall be taken into consideration. The case that a User Equipment (UE) (100) may be able to access to a network (300) via the direct or indirect Uu path (as illustrated in FIG. 1) needs to be considered, where path #1 is direct Uu path that may not exist, as well as path #2 and path #3 are indirect Uu paths via different UE-to-Network Relays (200a and 200b). A user plane architecture has been proposed to adopt necessary function of ProSe function as defined in TS 23.303 into a fifth generation (5G) system architecture. According to TS 23.303, Direct Discovery Name Management Function (DDNMF) and Direct Provisioning Function (DPF) of ProSe Function are required to support ProSe in the 5G system architecture. The DPF is used to provision the UE with necessary parameters in order use 5G ProSe Direct Discovery and 5G Prose Direct Communication, which can be replaced by a Policy Control Function (PCF). The DDNMF is used to provide procedures over a PC3 interface: A. Discovery Request/Response Procedure: to provide identifiers (IDs) and filter for direct discovery.B. Match Report Procedure: to check direct discovery and provide mapping in-formation for direct discovery.C. Announcing Alert Procedure: Support ‘On-demand’ ProSe Direct Discovery in case of ProSe restricted discovery model A. In this model the announcing UE broadcasts discovery messages at pre-defined discovery intervals and the monitoring UEs that are interested in these messages read them and process them.D. Discovery Update Procedure: to update/revoke a previously allocated IDs, filters. The 5GS supports Service-Based Architecture, and DDNMF can be network functions (NF) that is not only able to interact with 5G NFs (e.g., to consume Nudm service operation) but also connects with the UE via user plane connectivity for support procedures over the PC3 interface. FIG. 2 depicts the user plane architecture for ProSe 5G. Where the 5G DDNMF is managed by a mobile network operator (MNO). The 5G DDNMF is able to consume service operation from other NFs in a 5G core (5GC) (for example, Nudm or Npcf). The user plane architecture is same as described in 3GPP TR 23.752. SA2 has proposed solutions for both layer 2 and layer 3 UE-to-network relays. However, there are security solutions which will be adapted for PC5 unicast communication for ProSe from a 5G vehicle to everything (V2X). Currently rel-16 V2X does not support relay communication (both UE-to-network or UE-to-UE relay). Based on V2X security TS 33.536, the Direct Provisioning Function (DPF) defined in TS 23.303 is replaced by the PCF, based on the V2X architecture as defined in TS 23.287, and is not supported by the DDNMF. The architecture reference model as described in clause 2 User Plane based architecture, with the following additional con-sid