[go: up one dir, main page]

WO2023208472A1 - Devices, methods, apparatus and computer readable medium for communications - Google Patents

Devices, methods, apparatus and computer readable medium for communications Download PDF

Info

Publication number
WO2023208472A1
WO2023208472A1 PCT/EP2023/056870 EP2023056870W WO2023208472A1 WO 2023208472 A1 WO2023208472 A1 WO 2023208472A1 EP 2023056870 W EP2023056870 W EP 2023056870W WO 2023208472 A1 WO2023208472 A1 WO 2023208472A1
Authority
WO
WIPO (PCT)
Prior art keywords
information
key
voice fallback
integrity
paging
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/EP2023/056870
Other languages
French (fr)
Inventor
Suresh Nair
Rakshesh PRAVINCHANDRA BHATT
Ranganathan MAVUREDDI DHANASEKARAN
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nokia Technologies Oy
Original Assignee
Nokia Technologies Oy
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nokia Technologies Oy filed Critical Nokia Technologies Oy
Priority to CN202380037054.2A priority Critical patent/CN119096571A/en
Publication of WO2023208472A1 publication Critical patent/WO2023208472A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity
    • H04W12/106Packet or message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/121Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
    • H04W12/122Counter-measures against attacks; Protection against rogue devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/0005Control or signalling for completing the hand-off
    • H04W36/0011Control or signalling for completing the hand-off for data sessions of end-to-end connection
    • H04W36/0033Control or signalling for completing the hand-off for data sessions of end-to-end connection with transfer of context information
    • H04W36/0038Control or signalling for completing the hand-off for data sessions of end-to-end connection with transfer of context information of security context information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/0005Control or signalling for completing the hand-off
    • H04W36/0011Control or signalling for completing the hand-off for data sessions of end-to-end connection
    • H04W36/0022Control or signalling for completing the hand-off for data sessions of end-to-end connection for transferring data sessions between adjacent core network technologies

Definitions

  • Implementations of the present disclosure generally relate to the field of telecommunication, and in particular, to devices, methods, apparatus and computer readable media for communications.
  • a terminal device may perform a handover or redirection from a first cell to a second cell.
  • the handover or redirection may be referred to as the handover or redirection triggered by a voice fallback.
  • RAT Radio Access Technology
  • a network device may include voice fallback information in a message associated with the handover or redirection, which may cause security issues.
  • example implementations of the present disclosure provide devices, methods, apparatus and computer readable media for communications.
  • a first device comprises at least one processor and at least one memory including computer program codes.
  • the at least one memory and the computer program codes are configured to, with the at least one processor, cause the first device to: generate an integrity protection key and a cipher key based on a paging key and Non-Access Stratum (NAS) algorithm information; receive, from a second device, a message comprising voice fallback information, the voice fallback information being integrity protected by the integrity protection key and encrypted by the cipher key; decrypt the voice fallback information with the cipher key; and in response to a failure of verifying integrity of the voice fallback information with the integrity protection key, discard the message.
  • NAS Non-Access Stratum
  • a second device comprises at least one processor and at least one memory including computer program codes.
  • the at least one memory and the computer program codes are configured to, with the at least one processor, cause the second device to: receive a paging request from a third device, the paging request comprising a paging key, Non-Access Stratum (NAS) algorithm information and a voice service type indication; generate voice fallback information based on the voice service type indication; generate an integrity protection key and a cipher key based on the paging key and the NAS algorithm information; generate encrypted and integrity protected voice fallback information by integrity protecting the voice fallback information with the integrity protection key and by encrypting the voice fallback information with the cipher key; and transmit, to a first device, a message comprising the encrypted and integrity protected voice fallback information.
  • NAS Non-Access Stratum
  • a method implemented at a first device comprises: generating, at a first device, an integrity protection key and a cipher key based on a paging key and Non-Access Stratum (NAS) algorithm information; receiving, in an idle mode, from a second device, a message comprising voice fallback information, the voice fallback information being integrity protected by the integrity protection key and encrypted by the cipher key; decrypting the voice fallback information with the cipher key; and in response to a failure of verifying integrity of the voice fallback information with the integrity protection key, discarding the message.
  • NAS Non-Access Stratum
  • a method implemented at a second device comprises: receiving a paging request at a second device from a third device, the paging request comprising a paging key, Non-Access Stratum (NAS) algorithm information and a voice service type indication; generating voice fallback information based on the voice service type indication; generating an integrity protection key and a cipher key based on the paging key and the NAS algorithm information; generating encrypted and integrity protected voice fallback information by integrity protecting the voice fallback information with the integrity protection key and by encrypting the voice fallback information with the cipher key; and transmitting, to a first device, a message comprising the encrypted and integrity protected voice fallback information.
  • NAS Non-Access Stratum
  • the first apparatus comprises: means for generating, at the first apparatus, an integrity protection key and a cipher key based on a paging key and Non-Access Stratum (NAS) algorithm information; means for receiving, in an idle mode, from a second apparatus, a message comprising voice fallback information, the voice fallback information being integrity protected by the integrity protection key and encrypted by the cipher key; means for decrypting the voice fallback information with the cipher key; and means discarding the message for in response to a failure of verifying integrity of the voice fallback information with the integrity protection key.
  • NAS Non-Access Stratum
  • a second apparatus comprises: means for receiving a paging request from a third device, the paging request comprising a paging key, Non-Access Stratum (NAS) algorithm information and a voice service type indication; means for generating voice fallback information based on the voice service type indication; means for generating an integrity protection key and a cipher key based on the paging key and the NAS algorithm information; means for generating encrypted and integrity protected voice fallback information by integrity protecting the voice fallback information with the integrity protection key and by encrypting the voice fallback information with the cipher key; and means for transmitting, to a first apparatus, a message comprising the encrypted and integrity protected voice fallback information.
  • NAS Non-Access Stratum
  • a non-transitory computer readable medium comprises program instructions for causing an apparatus to perform the method according to the third aspect.
  • non-transitory computer readable medium comprises program instructions for causing an apparatus to perform the method according to the fourth aspect.
  • FIG. 1 illustrates an example communication environment in which implementations of the present disclosure can be implemented
  • Fig. 2 illustrates a signaling chart illustrating a process for voice fallback security enhancement in accordance with some example implementations of the present disclosure
  • Fig. 3 illustrates an example of key derivation for paging in accordance with some implementations of the present disclosure
  • FIG. 4 illustrates an example of MAC-I generation for paging in accordance with some implementations of the present disclosure
  • Fig. 5 illustrates an example of a procedure for cipher voice fallback information in accordance with some implementations of the present disclosure
  • FIG. 6 illustrates a flowchart of an example method in accordance with some implementations of the present disclosure
  • FIG. 7 illustrates a flowchart of another example method in accordance with some implementations of the present disclosure
  • FIG. 8 illustrates a simplified block diagram of an apparatus that is suitable for implementing embodiments of the present disclosure.
  • FIG. 9 illustrates a block diagram of an example computer readable medium in accordance with some example embodiments of the present disclosure.
  • references in the present disclosure to “one embodiment,” “an embodiment,” “an example embodiment,” and the like indicate that the embodiment described may include a particular feature, structure, or characteristic, but it is not necessary that every embodiment includes the particular feature, structure, or characteristic. Moreover, such phrases are not necessarily referring to the same embodiment. Further, when a particular feature, structure, or characteristic is described in connection with an embodiment, it is submitted that it is within the knowledge of one skilled in the art to affect such feature, structure, or characteristic in connection with other implementations whether or not explicitly described. [0028] It shall be understood that although the terms “first” and “second” etc. may be used herein to describe various elements, these elements should not be limited by these terms. These terms are only used to distinguish one element from another.
  • first element could be termed a second element, and similarly, a second element could be termed a first element, without departing from the scope of example implementations.
  • second element could be termed a first element, without departing from the scope of example implementations.
  • the term “and/or” includes any and all combinations of one or more of the listed terms.
  • circuitry may refer to one or more or all of the following:
  • circuit(s) and or processor(s) such as a microprocessor(s) or a portion of a microprocessor(s), that requires software (e.g., firmware) for operation, but the software may not be present when it is not needed for operation.
  • software e.g., firmware
  • circuitry also covers an implementation of merely a hardware circuit or processor (or multiple processors) or portion of a hardware circuit or processor and its (or their) accompanying software and/or firmware.
  • circuitry also covers, for example and if applicable to the particular claim element, a baseband integrated circuit or processor integrated circuit for a mobile device or a similar integrated circuit in server, a cellular network device, or other computing or network device.
  • the term “communication network” refers to a network following any suitable communication standards, such as Long Term Evolution (LTE), LTE- Advanced (LTE-A), Wideband Code Division Multiple Access (WCDMA), High-Speed Packet Access (HSPA), Narrow Band Internet of Things (NB-IoT) and so on.
  • LTE Long Term Evolution
  • LTE-A LTE- Advanced
  • WCDMA Wideband Code Division Multiple Access
  • HSPA High-Speed Packet Access
  • NB-IoT Narrow Band Internet of Things
  • the communications between a terminal device and a network device in the communication network may be performed according to any suitable generation communication protocols, including, but not limited to, the first generation (1G), the second generation (2G), 2.5G, 2.75G, the third generation (3G), the fourth generation (4G), 4.5G, the future fifth generation (5G) communication protocols, and/or any other protocols either currently known or to be developed in the future.
  • Implementations of the present disclosure may be applied in various communication systems. Given the rapid development in communications, there will of course also be future type communication technologies and systems with which the present disclosure may be embodied. It should not be seen as limiting the scope of the present disclosure to only the aforementioned system.
  • the term “network device” refers to a node in a communication network via which a terminal device accesses the network and receives services therefrom.
  • the network device may refer to a base station (BS) or an access point (AP), for example, a node B (NodeB or NB), an evolved NodeB (eNodeB or eNB), a NR Next Generation NodeB (gNB), a Remote Radio Unit (RRU), a radio header (RH), a remote radio head (RRH), Integrated Access and Backhaul (IAB) node, a relay, a low power node such as a femto, a pico, and so forth, depending on the applied terminology and technology.
  • the network device is allowed to be defined as part of a gNB such as for example in CU/DU split in which case the network device is defined to be either a gNB-CU or a gNB-DU.
  • terminal device refers to any end device that may be capable of wireless communication.
  • a terminal device may also be referred to as a communication device, user equipment (UE), a Subscriber Station (SS), a Portable Subscriber Station, a Mobile Station (MS), or an Access Terminal (AT).
  • UE user equipment
  • SS Subscriber Station
  • MS Mobile Station
  • AT Access Terminal
  • the terminal device may include, but not limited to, a mobile phone, a cellular phone, a smart phone, voice over IP (VoIP) phones, wireless local loop phones, a tablet, a wearable terminal device, a personal digital assistant (PDA), portable computers, desktop computer, image capture terminal devices such as digital cameras, gaming terminal devices, music storage and playback appliances, vehicle-mounted wireless terminal devices, wireless endpoints, mobile stations, laptop-embedded equipment (LEE), laptop-mounted equipment (LME), USB dongles, smart devices, wireless customer-premises equipment (CPE), an Internet of Things (loT) device, a watch or other wearable, a head-mounted display (HMD), a vehicle, a drone, a medical device and applications (e.g., remote surgery), an industrial device and applications (e.g., a robot and/or other wireless devices operating in an industrial and/or an automated processing chain contexts), a consumer electronics device, a device operating on commercial and/or industrial wireless networks, and the like.
  • the terminal device
  • Fig. 1 illustrates a schematic diagram of an example communication environment 100 in which implementations of the present disclosure can be implemented.
  • the communication environment 100 may include a first device 110, a second device 120, a third device 130, a fourth device 140 and a fifth device 150 which may communicate with each other.
  • the first device 110 is illustrated as a terminal device
  • the second device 120 and the fourth device 140 are illustrated as access network devices serving the terminal device.
  • serving areas of the second device 120 and the fourth device 140 are called as a cell 122 and a cell 142, respectively.
  • the communication environment 100 may include any suitable number of network devices and terminal devices adapted for implementing embodiments of the present disclosure. Although not shown, it would be appreciated that one or more terminal devices may be served by the second device 120 and the fourth device 140.
  • Communications in the communication environment 100 may be implemented according to any proper communication protocol(s), comprising, but not limited to, cellular communication protocols of the first generation (1G), the second generation (2G), the third generation (3G), the fourth generation (4G) and the fifth generation (5G) and on the like, wireless local network communication protocols such as Institute for Electrical and Electronics Engineers (IEEE) 802.11 and the like, and/or any other protocols currently known or to be developed in the future.
  • cellular communication protocols of the first generation (1G), the second generation (2G), the third generation (3G), the fourth generation (4G) and the fifth generation (5G) and on the like wireless local network communication protocols such as Institute for Electrical and Electronics Engineers (IEEE) 802.11 and the like, and/or any other protocols currently known or to be developed in the future.
  • IEEE Institute for Electrical and Electronics Engineers
  • the communication may utilize any proper wireless communication technology, comprising but not limited to: Code Division Multiple Access (CDMA), Frequency Division Multiple Access (FDMA), Time Division Multiple Access (TDMA), Frequency Division Duplex (FDD), Time Division Duplex (TDD), Multiple-Input Multiple-Output (MIMO), Orthogonal Frequency Division Multiple (OFDM), Discrete Fourier Transform spread OFDM (DFT-s-OFDM) and/or any other technologies currently known or to be developed in the future.
  • CDMA Code Division Multiple Access
  • FDMA Frequency Division Multiple Access
  • TDMA Time Division Multiple Access
  • FDD Frequency Division Duplex
  • TDD Time Division Duplex
  • MIMO Multiple-Input Multiple-Output
  • OFDM Orthogonal Frequency Division Multiple
  • DFT-s-OFDM Discrete Fourier Transform spread OFDM
  • the second device 120 may use a first Radio Access Technology (RAT), and the fourth device 140 may use a second RAT different from the first RAT.
  • the first RAT may be a 5G RAT and the second RAT may be one of 2G, 3G, and 4G RATs.
  • the second device 120 and the third device 130 may be implemented in a Next Generation (NG) or 5G communication system.
  • the second device 120 may be implemented as an access network device in Next Generation Radio Access Network (NG-RAN), and the third device 130 may be implemented as a core network device in 5G core (5GC) network.
  • NG-RAN Next Generation Radio Access Network
  • 5GC 5G core
  • the second device 120 may be implemented as a gNB
  • the third device 130 may be implemented as an access and mobility management funtion (AMF) device.
  • AMF access and mobility management funtion
  • the fourth device 140 and the fifth device 150 may be implemented in an Evolved Packet System (EPS).
  • EPS Evolved Packet System
  • the fourth device 140 may be implemented as an access network device in an Evolved Universal Terrestrial Radio Access Network (EUTRAN)
  • EUTRAN Evolved Universal Terrestrial Radio Access Network
  • EPC Evolved Packet Core
  • the first RAT being a 5G RAT and the second RAT being a 4G RAT as an example
  • the first RAT and the second RAT may also be other RATs, as long as they are different from each other.
  • the first RAT may be a 5G RAT and the second RAT may be 2G or 3G.
  • the first device 110 may perform a handover or redirection of the first device 110 from the cell 122 to the cell 142 for a voice service.
  • the handover or redirection may be referred to as a voice fallback.
  • the cell 142 is the one in an EPS
  • the handover or redirection is also referred to as EPS fallback.
  • the voice fallback will be described by taking the EPS fallback for example.
  • other types of voice fallback than the EPS fallback may be also used with the present disclosure.
  • a network device may include a voiceFallbacklndication in MobilityFromNRCommand or RRCRelease message to indicate the handover or redirection is triggered by EPS fallback.
  • voiceFallbacklndication is as below:
  • a terminal device may first try to select an E-UTRA cell instead of initiating RRC reestablishment as legacy;
  • the terminal device may set the establishmentcause to mo-VoiceCall.
  • the above enhancements may reduce the voice call setup delay in case of handover failure and eliminate the handover/E-UTRA RRC setup failure due to target admission control on non- voice service.
  • Release 17 supports voice service indication in a paging message.
  • MUSIM multiple user subscriber identity module
  • AS Access Stratum
  • Release 17 also supports paging triggered fast EPS fallback. Assuming a gNB would eventually trigger EPS fallback for a MT-Call of an IDLE/INACTIVE terminal device, i.e. by paging the terminal device to CONNECTED mode and performing a subsequent handover/redirection, if it may see the paging is for voice service it may already make the decision of EPS fallback taking into account the network configuration (N26 availability, VoNR preferred or not, NR/E-UTRA coverage) and UE (paging) capability, thus the EPS fallback indication may be included in the paging message.
  • the solutions include two aspects, i.e., enhancements for mobile terminated (MT) case, and enhancements for mobile originated (MO) case.
  • MT mobile terminated
  • MO mobile originated
  • the EPS fallback indication is included in paging message.
  • the gNB may decide to perform EPS fallback for the UE and indicate EPS fallback in Uu paging message.
  • the EPS fallback indication is included in system information block (SIB).
  • SIB system information block
  • the detailed indication could be voice over new radio (VoNR) support indication or E-UTRA frequency information.
  • VoIP voice over new radio
  • E-UTRA E-UTRA frequency information.
  • the EPS fallback indication in SIB as proposed in the above alternative 2 may be applied to MO case. That is, when idle/inactive UE initiates an MO call, if EPS fallback is indicated in SIB, UE goes directly to E-UTRA for connection establishment.
  • Example implementations of the present disclosure provide a solution for voice fallback security enhancement so as to solve the above problems and one or more of other potential problems.
  • the first device generates an integrity protection key and a cipher key based on a paging key and Non-Access Stratum (NAS) algorithm information.
  • the first device decrypts voice fallback information in a message received from a second device with the cipher key and verifies integrity of the voice fallback information with the integrity protection key. If verification of the integrity of the voice fallback information fails, the first device discards the message. In this way, security of the voice fallback information is ensured.
  • NAS Non-Access Stratum
  • Fig. 2 illustrates a signaling chart illustrating a process for voice fallback security enhancement according to some example implementations of the present disclosure.
  • the process 200 may involve the first device 110, the second device 120 and the third device 130 as illustrated in Fig. 1. Although the process 200 has been described in the communication environment 100 of Fig. 1, this process may be likewise applied to other communication scenarios.
  • the first device 110 generates 215 an integrity protection key and a cipher key based on a paging key and Non-Access Stratum (NAS) algorithm information.
  • the integrity protection key may be represented by Kpcnint
  • the cipher key may be represented by KpcHenc
  • the paging key may be represented by KPCH.
  • the first device 110 may generate the integrity protection key and the cipher key during a NAS security context establishment.
  • the NAS security context establishment may be performed after primary authentication 210 of the first device 110 with the third device 130 is considered as successful.
  • the first device 110 may transmit a registration request to the third device 130.
  • the registration request may comprise capability information about the first device 110.
  • the capability information may indicate whether the first device 110 supports the paging key derivation in the first device 110.
  • the third device 130 could use the proposed procedure for the first device 110 which supports the paging key derivation. For older release terminal devices like Release 15 or Release 16, where such a paging key derivation is not supported, the third device 130 will not send a paging message in a secured way.
  • the third device 130 generates 220 the integrity protection key and the cipher key based on the paging key and NAS algorithm information.
  • the first device 110 or the third device 130 may generate the paging key based on a first key for access and mobility management (AMF) and at least of the following:
  • AMF access and mobility management
  • Fig. 3 illustrates an example of key derivation for paging in accordance with some implementations of the present disclosure.
  • the first key represented by KAMF
  • the first predetermined value a string “PCH” associated with a paging channel
  • a length of the string (0x00 0x03)
  • 5G-Temporary Mobile Subscriber Identity TMSI
  • KDF key derivation function
  • the first predetermined value may be in range of 0x69- 0x79, 0x7B-0x7D and 0x83-0x84.
  • the first device 110 or the third device 130 Upon generating the paging key KPCH, the first device 110 or the third device 130 generates the integrity protection key and the cipher key based on the paging key KPCH and NAS algorithm information.
  • the NAS algorithm information may comprise at least of the following:
  • the second predetermined value may in range of 0x69- 0x79, 0x7B-0x7D and 0x83-0x84.
  • the algorithm type distinguisher may be N-NAS-enc-alg
  • the length of the algorithm type distinguisher may be 0x00 0x01
  • the length of the NAS algorithm may be 0x00 0x01.
  • the first device 110 may receive the NAS algorithm information from the second device 120. In some implementations, the first device 110 may receive the NAS algorithm information from the second device 120 in a security mode command procedure. For example, the first device 110 may receive the NAS algorithm information from the second device 120 in a paging message or system information block (SIB) message.
  • SIB system information block
  • the NAS algorithm information may be pre-configured at the first device 110.
  • the third device 130 upon generating the paging key, transmits 225 a paging request to the second device 120.
  • the paging request comprises the paging key, the NAS algorithm information and a voice service type indication. Accordingly, the second device 120 receives the paging request from the third device 130.
  • the second device 120 may determine whether a first NAS algorithm indicated by the NAS algorithm identity is unavailable for the second device 120. If the first NAS algorithm indicated by the NAS algorithm identity is unavailable for the second device 120, the second device 120 may transmit, to the third device 130, an indication of a second NAS algorithm which is available for the second device 120. In other words, it is possible that the second device 120 does not support the NAS algorithm identity indicated by the third device 130. In this case, the second device 120 may reject the paging request and the third device 130 could select another NAS algorithm which the first device 110 supports (received in initial capability information about the first device 110) for the second device 120.
  • the first device 110, the second device 120 and the third device 130 may be anyways expected to support all or minimum set of the algorithms. This will optimize the delay in delivery of paging messages.
  • the second device 120 may decide to perform voice fallback for the first device 110. Accordingly, the second device 120 generates 230 voice fallback information based on the voice service type indication in the paging request. [0076] In turn, the second device 120 generates 235 the integrity protection key and the cipher key based on the paging key and the NAS algorithm information.
  • the second device 120 generates 240 encrypted and integrity protected voice fallback information by integrity protecting the voice fallback information with the integrity protection key and by encrypting the voice fallback information with the cipher key.
  • the encrypted and integrity protected voice fallback information may comprise integrity protected voice fallback information and encrypted voice fallback information.
  • the second device 120 may generate a message authentication code for integrity (MAC-I) based on at least one of the following:
  • the second device 120 may determine the MAC-I as integrity protected voice fallback information.
  • Fig. 4 illustrates an example of MAC-I generation for paging in accordance with some implementations of the present disclosure.
  • the integrity protection key KpcHim the first count value (represented by COUNT), the voice fallback information (represented by MESSAGE), the direction of transmission of the voice fallback information (represented by DIRECTION), and the bearer identity (represented by BEARER) assigned for a paging channel are used as input to an integrity NAS algorithm (NIA).
  • NIA integrity NAS algorithm
  • the integrity protection key KpcHim may be of 128-bit
  • the first count value “COUNT” may be equal to 1
  • the direction of transmission of the voice fallback information “DIRECTION” may be 1 for downlink (DL) and 0 for uplink (UL)
  • the bearer identity “BEARER” may be of 5-bit.
  • the second device 120 may generate a key stream block based on at least one of the following:
  • the second device 120 may generate a paging block based on the voice fallback information and generate the encrypted voice fallback information based on the keystream block and the paging block.
  • Fig. 5 illustrates an example of a procedure for cipher the voice fallback information in accordance with some implementations of the present disclosure.
  • the second device 120 use the cipher key Kpcuenc, the second count value (represented by COUNT), the bearer identity (represented by BEARER) assigned for the paging channel, the direction of transmission of the voice fallback information (represented by DIRECTION), and the required length of the keystream block (represented by LENGTH) as input to a cipher NAS algorithm (NEA) to generate a key stream block 510.
  • NDA cipher NAS algorithm
  • the cipher key Kpcuenc may be of 128-bit
  • the second count value “COUNT” may be equal to 1
  • the direction of transmission of the voice fallback information “DIRECTION” may be 1 for downlink (DL) and 0 for uplink (UL)
  • the bearer identity “BEARER” may be of 5-bit.
  • the second device 120 may generate a paging block 520 in plaintext based on the voice fallback information.
  • the second device 120 may generate a ciphertext block 530 based on the keystream block 510 and the paging block 520 in plaintext. For example, the second device 120 may use a bit per bit binary addition of the key stream block 510 and the paging block 520 in plaintext to generate the ciphertext block 530. Then, the second device 120 may determine the ciphertext block 530 as the encrypted voice fallback information.
  • the first device 110 may use the cipher key Kpcuenc, the second count value (represented by COUNT), the bearer identity (represented by BEARER) assigned for the paging channel, the direction of transmission of the voice fallback information (represented by DIRECTION), and the required length of the keystream block (represented by LENGTH) as input to an NEA to generate a keystream block 540.
  • the second count value represented by COUNT
  • the bearer identity represented by BEARER
  • DIRECTION the direction of transmission of the voice fallback information
  • LENGTH required length of the keystream block
  • the first device 110 may recover the paging block 520 in plaintext based on the ciphertext block 530 and the keystream block 540. For example, the first device 110 may use a bit per bit binary addition of the ciphertext block 530 and the keystream block 540 to recover the paging block 520.
  • the second device 120 upon generating the encrypted and integrity protected voice fallback information, transmits 245, to the first device 110 in an idle mode, a message comprising the encrypted and integrity protected voice fallback information.
  • the encrypted and integrity protected voice fallback information may comprise the MAC-I and the ciphertext block 530.
  • the second device 120 may transmit a paging indication in a paging indicator channel (PICH) and transmit the encrypted voice fallback information in a Uu paging message in a paging channel.
  • PICH paging indicator channel
  • the second device 120 may include the encrypted voice fallback information as a paging payload in the Uu paging message.
  • the second device 120 may transmit the encrypted voice fallback information in a SIB message and transmit a voice service type in a Uu paging message.
  • the first device 110 receives, from the second device 120, the message comprising the encrypted and integrity protected voice fallback information.
  • the first device 110 Upon receiving the message, the first device 110 decrypts 250 the voice fallback information with the cipher key.
  • the first device 110 verifies 255 integrity of the voice fallback information with the integrity protection key.
  • the first device 110 may generate X-MAC based at least on the integrity protection key. For example, the first device 110 may generate X-MAC in a similar manner to the example of Fig. 4. If the X-MAC does not correspond to the MAC-I received from the second device 120, verification of the integrity protection fails. In this case, the first device 110 discards 260 the message. As a result, the first device 110 abandons the redirection for the voice call and continues to stay in the idle mode.
  • the first device 110 may select a cell for a voice call based on the voice fallback information.
  • the voice fallback information may comprise parameters necessary to select a target cell where the first device 110 is being re-directed to connect for the voice call.
  • the voice fallback information is EPS fallback information
  • the first device 110 may select a target cell in E-UTRAN.
  • the first device 110 may select a target cell provided by the fourth device 140.
  • the first device 110 may perform RRC Connection setup with the fourth device 140.
  • the first device 110 may perform tracking area update (TAU) and voice call setup with the fifth device 150.
  • Fig. 6 shows a flowchart of an example method 600 implemented at a first device in accordance with some example embodiments of the present disclosure. For the purpose of discussion, the method 600 will be described from the perspective of the first device 110 with reference to Fig. 1.
  • the first device 110 generates an integrity protection key and a cipher key based on a paging key and NAS algorithm information.
  • the first device 110 receives, in an idle mode, from a second device, a message comprising voice fallback information.
  • the voice fallback information is integrity protected by the integrity protection key and encrypted by the cipher key.
  • the first device 110 decrypts the voice fallback information with the cipher key.
  • the first device 110 discards the message in response to a failure of verifying integrity of the voice fallback information with the integrity protection key.
  • the method 600 further comprises: generating the paging key based on a first key for access and mobility management and at least of the following: a first predetermined value, a string associated with a paging channel, a length of the string, or an identity of the first device.
  • the NAS algorithm information comprises at least of the following: a second predetermined value, an algorithm type distinguisher, a length of the algorithm type distinguisher, a NAS algorithm identity, or a length of the NAS algorithm identity.
  • the method 600 further comprises: receiving the NAS algorithm information from the second device.
  • the method 600 further comprises: in response to a success of verifying the integrity of the voice fallback information with the integrity protection key, selecting a target cell for a voice call based on the voice fallback information.
  • Fig. 7 shows a flowchart of an example method 700 implemented at a second device in accordance with some example embodiments of the present disclosure. For the purpose of discussion, the method 700 will be described from the perspective of the second device 120 with reference to Fig. 1.
  • the second device 120 receives a paging request from a third device, the paging request comprising a paging key, NAS algorithm information and a voice service type indication.
  • the second device 120 generates voice fallback information based on the voice service type indication.
  • the second device 120 generates an integrity protection key and a cipher key based on the paging key and the NAS algorithm information.
  • the second device 120 generates encrypted and integrity protected voice fallback information by integrity protecting the voice fallback information with the integrity protection key and by encrypting the voice fallback information with the cipher key. [00115] At block 750, the second device 120 transmits, to a first device, a message comprising the encrypted and integrity protected voice fallback information.
  • the NAS algorithm information comprises at least of the following: a second predetermined value, an algorithm type distinguisher, a length of the algorithm type distinguisher, a NAS algorithm identity, or a length of the NAS algorithm identity.
  • the method 700 further comprises: in accordance with a determination that a first NAS algorithm indicated by the NAS algorithm identity is unavailable for the second device, transmitting, to the third device, an indication of a second NAS algorithm which is available for the second device.
  • the method 700 further comprises: transmitting the NAS algorithm information to the first device.
  • generating the encrypted and integrity protected voice fallback information comprises: generating a message authentication code for integrity (MAC-I) based on at least one of the following: the integrity protection key, a first count value, the voice fallback information, a direction of transmission of the voice fallback information, or a bearer identity assigned for a paging channel; and determining the MAC-I as integrity protected voice fallback information.
  • MAC-I message authentication code for integrity
  • generating the encrypted and integrity protected voice fallback information comprises: generating a keystream block based on at least one of the following: the cipher key, a second count value, a bearer identity assigned for a paging channel, a direction of transmission of the voice fallback information, or a required length of the key stream block; generating a paging block based on the voice fallback information; and generating encrypted voice fallback information based on the keystream block and the paging block.
  • an apparatus capable of performing any of the method 600 may comprise means for performing the respective steps of the method 600.
  • the means may be implemented in any suitable form.
  • the means may be implemented in a circuitry or software module.
  • the first apparatus comprises: means for generating, at the first apparatus, an integrity protection key and a cipher key based on a paging key and NAS algorithm information; means for receiving, in an idle mode, from a second apparatus, a message comprising voice fallback information, the voice fallback information being integrity protected by the integrity protection key and encrypted by the cipher key; means for decrypting the voice fallback information with the cipher key; and means for discarding the message in response to a failure of verifying integrity of the voice fallback information with the integrity protection key.
  • the first apparatus further comprises: means for generating the paging key based on a first key for access and mobility management and at least of the following: a first predetermined value, a string associated with a paging channel, a length of the string, or an identity of the first device.
  • the NAS algorithm information comprises at least of the following: a second predetermined value, an algorithm type distinguisher, a length of the algorithm type distinguisher, a NAS algorithm identity, or a length of the NAS algorithm identity.
  • the first apparatus further comprises: means for receiving the NAS algorithm information from the second device.
  • the first apparatus further comprises: means for selecting, based on the voice fallback information, a target cell for a voice call in response to a success of verifying the integrity of the voice fallback information with the integrity protection key.
  • an apparatus capable of performing any of the method 700 may comprise means for performing the respective steps of the method 700.
  • the means may be implemented in any suitable form.
  • the means may be implemented in a circuitry or software module.
  • the second apparatus comprises: means for receiving a paging request from a third device, the paging request comprising a paging key, Non-Access Stratum (NAS) algorithm information and a voice service type indication; means for generating voice fallback information based on the voice service type indication; means for generating an integrity protection key and a cipher key based on the paging key and the NAS algorithm information; means for generating encrypted and integrity protected voice fallback information by integrity protecting the voice fallback information with the integrity protection key and by encrypting the voice fallback information with the cipher key; and means for transmitting, to a first apparatus, a message comprising the encrypted and integrity protected voice fallback information.
  • NAS Non-Access Stratum
  • the NAS algorithm information comprises at least of the following: a second predetermined value, an algorithm type distinguisher, a length of the algorithm type distinguisher, a NAS algorithm identity, or a length of the NAS algorithm identity.
  • the second apparatus further comprises: in accordance with a determination that a first NAS algorithm indicated by the NAS algorithm identity is unavailable for the second device, means for transmitting, to the third device, an indication of a second NAS algorithm which is available for the second device.
  • the second apparatus further comprises: means for transmitting the NAS algorithm information to the first device.
  • means for generating the encrypted and integrity protected voice fallback information comprises: means for generating a message authentication code for integrity (MAC-I) based on at least one of the following: the integrity protection key, a first count value, the voice fallback information, a direction of transmission of the voice fallback information, or a bearer identity assigned for a paging channel; and determining the MAC-I as integrity protected voice fallback information.
  • MAC-I message authentication code for integrity
  • means for generating the encrypted and integrity protected voice fallback information comprises: means for generating a keystream block based on at least one of the following: the cipher key, a second count value, a bearer identity assigned for a paging channel, a direction of transmission of the voice fallback information, or a required length of the key stream block; means for generating a paging block based on the voice fallback information; and means for generating encrypted voice fallback information based on the keystream block and the paging block.
  • Fig. 8 is a simplified block diagram of a device 800 that is suitable for implementing embodiments of the present disclosure.
  • the device 800 may be provided to implement the communication device, for example, the first device 110 or the second device 120 as shown in Fig. 1.
  • the device 800 includes one or more processors 810, one or more memories 820 coupled to the processor 810, and one or more communication modules 840 coupled to the processor 810.
  • the communication module 840 is for bidirectional communications.
  • the communication module 840 has at least one antenna to facilitate communication.
  • the communication interface may represent any interface that is necessary for communication with other network elements.
  • the processor 810 may be of any type suitable to the local technical network and may include one or more of the following: general purpose computers, special purpose computers, microprocessors, digital signal processors (DSPs) and processors based on multicore processor architecture, as non-limiting examples.
  • the device 800 may have multiple processors, such as an application specific integrated circuit chip that is slaved in time to a clock which synchronizes the main processor.
  • the memory 820 may include one or more non-volatile memories and one or more volatile memories.
  • the non-volatile memories include, but are not limited to, a Read Only Memory (ROM) 824, an electrically programmable read only memory (EPROM), a flash memory, a hard disk, a compact disc (CD), a digital video disk (DVD), and other magnetic storage and/or optical storage.
  • ROM Read Only Memory
  • EPROM electrically programmable read only memory
  • flash memory a hard disk
  • CD compact disc
  • DVD digital video disk
  • RAM random access memory
  • a computer program 830 includes computer executable instructions that are executed by the associated processor 810.
  • the program 830 may be stored in the ROM 824.
  • the processor 810 may perform any suitable actions and processing by loading the program 830 into the RAM 822.
  • the embodiments of the present disclosure may be implemented by means of the program 830 so that the device 800 may perform any process of the disclosure as discussed with reference to Figs. 1 to 7.
  • the embodiments of the present disclosure may also be implemented by hardware or by a combination of software and hardware.
  • the program 830 may be tangibly contained in a computer readable medium which may be included in the device 800 (such as in the memory 820) or other storage devices that are accessible by the device 800.
  • the device 800 may load the program 830 from the computer readable medium to the RAM 822 for execution.
  • the computer readable medium may include any types of tangible non-volatile storage, such as ROM, EPROM, a flash memory, a hard disk, CD, DVD, and the like.
  • Fig. 9 shows an example of the computer readable medium 900 in form of CD or DVD.
  • the computer readable medium has the program 830 stored thereon.
  • various embodiments of the present disclosure may be implemented in hardware or special purpose circuits, software, logic or any combination thereof. Some aspects may be implemented in hardware, while other aspects may be implemented in firmware or software which may be executed by a controller, microprocessor or other computing device. While various aspects of embodiments of the present disclosure are illustrated and described as block diagrams, flowcharts, or using some other pictorial representations, it is to be understood that the block, apparatus, system, technique or method described herein may be implemented in, as non-limiting examples, hardware, software, firmware, special purpose circuits or logic, general purpose hardware or controller or other computing devices, or some combination thereof.
  • the present disclosure also provides at least one computer program product tangibly stored on a non-transitory computer readable storage medium.
  • the computer program product includes computer-executable instructions, such as those included in program modules, being executed in a device on a target real or virtual processor, to carry out the methods 600 and 700 as described above with reference to Figs. 6 and 7.
  • program modules include routines, programs, libraries, objects, classes, components, data structures, or the like that perform particular tasks or implement particular abstract data types.
  • the functionality of the program modules may be combined or split between program modules as desired in various embodiments.
  • Machine-executable instructions for program modules may be executed within a local or distributed device. In a distributed device, program modules may be located in both local and remote storage media.
  • Program code for carrying out methods of the present disclosure may be written in any combination of one or more programming languages. These program codes may be provided to a processor or controller of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the program codes, when executed by the processor or controller, cause the functions/operations specified in the flowcharts and/or block diagrams to be implemented.
  • the program code may execute entirely on a machine, partly on the machine, as a stand-alone software package, partly on the machine and partly on a remote machine or entirely on the remote machine or server.
  • the computer program codes or related data may be carried by any suitable carrier to enable the device, apparatus or processor to perform various processes and operations as described above.
  • Examples of the carrier include a signal, computer readable medium, and the like.
  • the computer readable medium may be a computer readable signal medium or a computer readable storage medium.
  • a computer readable medium may include but not limited to an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of the computer readable storage medium would include an electrical connection having one or more wires, a portable computer diskette, a hard disk, a random access memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or Flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Embodiments of the present disclosure relate to method, device and computer readable media for communications. A first device generates an integrity protection key and a cipher key based on a paging key and Non-Access Stratum (NAS) algorithm information. The first device receives, from a second device, a message comprising voice fallback information. The voice fallback information is integrity protected by the integrity protection key and encrypted by the cipher key. The first device decrypts the voice fallback information with the cipher key. In response to a failure of verifying integrity of the voice fallback information with the integrity protection key, the first device discards the message.

Description

DEVICES, METHODS, APPARATUS AND COMPUTER READABLE MEDIUM FOR COMMUNICATIONS
TECHNICAL FIELD
[0001] Implementations of the present disclosure generally relate to the field of telecommunication, and in particular, to devices, methods, apparatus and computer readable media for communications.
BACKGROUND
[0002] A terminal device may perform a handover or redirection from a first cell to a second cell. In case where the first cell does not support a voice service of the terminal device and the first cell employs a more advanced Radio Access Technology (RAT) than the second cell, the handover or redirection may be referred to as the handover or redirection triggered by a voice fallback.
[0003] In order to improve voice fallback performance, a network device may include voice fallback information in a message associated with the handover or redirection, which may cause security issues.
SUMMARY
[0004] In general, example implementations of the present disclosure provide devices, methods, apparatus and computer readable media for communications.
[0005] In a first aspect, there is provided a first device. The first device comprises at least one processor and at least one memory including computer program codes. The at least one memory and the computer program codes are configured to, with the at least one processor, cause the first device to: generate an integrity protection key and a cipher key based on a paging key and Non-Access Stratum (NAS) algorithm information; receive, from a second device, a message comprising voice fallback information, the voice fallback information being integrity protected by the integrity protection key and encrypted by the cipher key; decrypt the voice fallback information with the cipher key; and in response to a failure of verifying integrity of the voice fallback information with the integrity protection key, discard the message.
[0006] In a second aspect, there is provided a second device. The second device comprises at least one processor and at least one memory including computer program codes. The at least one memory and the computer program codes are configured to, with the at least one processor, cause the second device to: receive a paging request from a third device, the paging request comprising a paging key, Non-Access Stratum (NAS) algorithm information and a voice service type indication; generate voice fallback information based on the voice service type indication; generate an integrity protection key and a cipher key based on the paging key and the NAS algorithm information; generate encrypted and integrity protected voice fallback information by integrity protecting the voice fallback information with the integrity protection key and by encrypting the voice fallback information with the cipher key; and transmit, to a first device, a message comprising the encrypted and integrity protected voice fallback information.
[0007] In a third aspect, there is provided a method implemented at a first device. The method comprises: generating, at a first device, an integrity protection key and a cipher key based on a paging key and Non-Access Stratum (NAS) algorithm information; receiving, in an idle mode, from a second device, a message comprising voice fallback information, the voice fallback information being integrity protected by the integrity protection key and encrypted by the cipher key; decrypting the voice fallback information with the cipher key; and in response to a failure of verifying integrity of the voice fallback information with the integrity protection key, discarding the message.
[0008] In a fourth aspect, there is provided a method implemented at a second device. The method comprises: receiving a paging request at a second device from a third device, the paging request comprising a paging key, Non-Access Stratum (NAS) algorithm information and a voice service type indication; generating voice fallback information based on the voice service type indication; generating an integrity protection key and a cipher key based on the paging key and the NAS algorithm information; generating encrypted and integrity protected voice fallback information by integrity protecting the voice fallback information with the integrity protection key and by encrypting the voice fallback information with the cipher key; and transmitting, to a first device, a message comprising the encrypted and integrity protected voice fallback information.
[0009] In a fifth aspect, there is provided a first apparatus. The first apparatus comprises: means for generating, at the first apparatus, an integrity protection key and a cipher key based on a paging key and Non-Access Stratum (NAS) algorithm information; means for receiving, in an idle mode, from a second apparatus, a message comprising voice fallback information, the voice fallback information being integrity protected by the integrity protection key and encrypted by the cipher key; means for decrypting the voice fallback information with the cipher key; and means discarding the message for in response to a failure of verifying integrity of the voice fallback information with the integrity protection key.
[0010] In a sixth aspect, there is provided a second apparatus. The second apparatus comprises: means for receiving a paging request from a third device, the paging request comprising a paging key, Non-Access Stratum (NAS) algorithm information and a voice service type indication; means for generating voice fallback information based on the voice service type indication; means for generating an integrity protection key and a cipher key based on the paging key and the NAS algorithm information; means for generating encrypted and integrity protected voice fallback information by integrity protecting the voice fallback information with the integrity protection key and by encrypting the voice fallback information with the cipher key; and means for transmitting, to a first apparatus, a message comprising the encrypted and integrity protected voice fallback information.
[0011] In a seventh aspect, there is provided a non-transitory computer readable medium. The non-transitory computer readable medium comprises program instructions for causing an apparatus to perform the method according to the third aspect.
[0012] In an eighth aspect, there is provided a non-transitory computer readable medium. The non-transitory computer readable medium comprises program instructions for causing an apparatus to perform the method according to the fourth aspect.
[0013] It is to be understood that the summary section is not intended to identify key or essential features of implementations of the present disclosure, nor is it intended to be used to limit the scope of the present disclosure. Other features of the present disclosure will become easily comprehensible through the following description.
BRIEF DESCRIPTION OF THE DRAWINGS
[0014] Through the more detailed description of some implementations of the present disclosure in the accompanying drawings, the above and other objects, features and advantages of the present disclosure will become more apparent, wherein:
[0015] Fig. 1 illustrates an example communication environment in which implementations of the present disclosure can be implemented;
[0016] Fig. 2 illustrates a signaling chart illustrating a process for voice fallback security enhancement in accordance with some example implementations of the present disclosure; [0017] Fig. 3 illustrates an example of key derivation for paging in accordance with some implementations of the present disclosure;
[0018] Fig. 4 illustrates an example of MAC-I generation for paging in accordance with some implementations of the present disclosure;
[0019] Fig. 5 illustrates an example of a procedure for cipher voice fallback information in accordance with some implementations of the present disclosure;
[0020] Fig. 6 illustrates a flowchart of an example method in accordance with some implementations of the present disclosure;
[0021] Fig. 7 illustrates a flowchart of another example method in accordance with some implementations of the present disclosure;
[0022] Fig. 8 illustrates a simplified block diagram of an apparatus that is suitable for implementing embodiments of the present disclosure; and
[0023] Fig. 9 illustrates a block diagram of an example computer readable medium in accordance with some example embodiments of the present disclosure.
[0024] Throughout the drawings, the same or similar reference numerals represent the same or similar element.
DETAILED DESCRIPTION
[0025] Principle of the present disclosure will now be described with reference to some example implementations. It is to be understood that these implementations are described only for the purpose of illustration and help those skilled in the art to understand and implement the present disclosure, without suggesting any limitation as to the scope of the disclosure. The disclosure described herein can be implemented in various manners other than the ones described below.
[0026] In the following description and claims, unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skills in the art to which this disclosure belongs.
[0027] References in the present disclosure to “one embodiment,” “an embodiment,” “an example embodiment,” and the like indicate that the embodiment described may include a particular feature, structure, or characteristic, but it is not necessary that every embodiment includes the particular feature, structure, or characteristic. Moreover, such phrases are not necessarily referring to the same embodiment. Further, when a particular feature, structure, or characteristic is described in connection with an embodiment, it is submitted that it is within the knowledge of one skilled in the art to affect such feature, structure, or characteristic in connection with other implementations whether or not explicitly described. [0028] It shall be understood that although the terms “first” and “second” etc. may be used herein to describe various elements, these elements should not be limited by these terms. These terms are only used to distinguish one element from another. For example, a first element could be termed a second element, and similarly, a second element could be termed a first element, without departing from the scope of example implementations. As used herein, the term “and/or” includes any and all combinations of one or more of the listed terms.
[0029] The terminology used herein is for the purpose of describing particular implementations only and is not intended to be limiting of example implementations. As used herein, the singular forms “a”, “an” and “the” are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms “comprises”, “comprising”, “has”, “having”, “includes” and/or “including”, when used herein, specify the presence of stated features, elements, and/or components etc., but do not preclude the presence or addition of one or more other features, elements, components and/ or combinations thereof.
[0030] As used in this application, the term “circuitry” may refer to one or more or all of the following:
(a) hardware-only circuit implementations (such as implementations in only analog and/or digital circuitry) and
(b) combinations of hardware circuits and software, such as (as applicable):
(i) a combination of analog and/or digital hardware circuit(s) with software/firmware and
(ii) any portions of hardware processor(s) with software (including digital signal processor(s)), software, and memory(ies) that work together to cause an apparatus, such as a mobile phone or server, to perform various functions) and
(c) hardware circuit(s) and or processor(s), such as a microprocessor(s) or a portion of a microprocessor(s), that requires software (e.g., firmware) for operation, but the software may not be present when it is not needed for operation.
[0031] This definition of circuitry applies to all uses of this term in this application, including in any claims. As a further example, as used in this application, the term circuitry also covers an implementation of merely a hardware circuit or processor (or multiple processors) or portion of a hardware circuit or processor and its (or their) accompanying software and/or firmware. The term circuitry also covers, for example and if applicable to the particular claim element, a baseband integrated circuit or processor integrated circuit for a mobile device or a similar integrated circuit in server, a cellular network device, or other computing or network device.
[0032] As used herein, the term “communication network” refers to a network following any suitable communication standards, such as Long Term Evolution (LTE), LTE- Advanced (LTE-A), Wideband Code Division Multiple Access (WCDMA), High-Speed Packet Access (HSPA), Narrow Band Internet of Things (NB-IoT) and so on. Furthermore, the communications between a terminal device and a network device in the communication network may be performed according to any suitable generation communication protocols, including, but not limited to, the first generation (1G), the second generation (2G), 2.5G, 2.75G, the third generation (3G), the fourth generation (4G), 4.5G, the future fifth generation (5G) communication protocols, and/or any other protocols either currently known or to be developed in the future. Implementations of the present disclosure may be applied in various communication systems. Given the rapid development in communications, there will of course also be future type communication technologies and systems with which the present disclosure may be embodied. It should not be seen as limiting the scope of the present disclosure to only the aforementioned system.
[0033] As used herein, the term “network device” refers to a node in a communication network via which a terminal device accesses the network and receives services therefrom. The network device may refer to a base station (BS) or an access point (AP), for example, a node B (NodeB or NB), an evolved NodeB (eNodeB or eNB), a NR Next Generation NodeB (gNB), a Remote Radio Unit (RRU), a radio header (RH), a remote radio head (RRH), Integrated Access and Backhaul (IAB) node, a relay, a low power node such as a femto, a pico, and so forth, depending on the applied terminology and technology. The network device is allowed to be defined as part of a gNB such as for example in CU/DU split in which case the network device is defined to be either a gNB-CU or a gNB-DU.
[0034] The term “terminal device” refers to any end device that may be capable of wireless communication. By way of example rather than limitation, a terminal device may also be referred to as a communication device, user equipment (UE), a Subscriber Station (SS), a Portable Subscriber Station, a Mobile Station (MS), or an Access Terminal (AT). The terminal device may include, but not limited to, a mobile phone, a cellular phone, a smart phone, voice over IP (VoIP) phones, wireless local loop phones, a tablet, a wearable terminal device, a personal digital assistant (PDA), portable computers, desktop computer, image capture terminal devices such as digital cameras, gaming terminal devices, music storage and playback appliances, vehicle-mounted wireless terminal devices, wireless endpoints, mobile stations, laptop-embedded equipment (LEE), laptop-mounted equipment (LME), USB dongles, smart devices, wireless customer-premises equipment (CPE), an Internet of Things (loT) device, a watch or other wearable, a head-mounted display (HMD), a vehicle, a drone, a medical device and applications (e.g., remote surgery), an industrial device and applications (e.g., a robot and/or other wireless devices operating in an industrial and/or an automated processing chain contexts), a consumer electronics device, a device operating on commercial and/or industrial wireless networks, and the like. In the following description, the terms “terminal device”, “communication device”, “terminal”, “user equipment” and “UE” may be used interchangeably.
[0035] Fig. 1 illustrates a schematic diagram of an example communication environment 100 in which implementations of the present disclosure can be implemented. As shown in Fig. 1, the communication environment 100 may include a first device 110, a second device 120, a third device 130, a fourth device 140 and a fifth device 150 which may communicate with each other.
[0036] In this example, the first device 110 is illustrated as a terminal device, and the second device 120 and the fourth device 140 are illustrated as access network devices serving the terminal device. Thus, serving areas of the second device 120 and the fourth device 140 are called as a cell 122 and a cell 142, respectively.
[0037] It is to be understood that the number of network devices and terminal devices is only for the purpose of illustration without suggesting any limitations. The communication environment 100 may include any suitable number of network devices and terminal devices adapted for implementing embodiments of the present disclosure. Although not shown, it would be appreciated that one or more terminal devices may be served by the second device 120 and the fourth device 140.
[0038] Communications in the communication environment 100 may be implemented according to any proper communication protocol(s), comprising, but not limited to, cellular communication protocols of the first generation (1G), the second generation (2G), the third generation (3G), the fourth generation (4G) and the fifth generation (5G) and on the like, wireless local network communication protocols such as Institute for Electrical and Electronics Engineers (IEEE) 802.11 and the like, and/or any other protocols currently known or to be developed in the future. Moreover, the communication may utilize any proper wireless communication technology, comprising but not limited to: Code Division Multiple Access (CDMA), Frequency Division Multiple Access (FDMA), Time Division Multiple Access (TDMA), Frequency Division Duplex (FDD), Time Division Duplex (TDD), Multiple-Input Multiple-Output (MIMO), Orthogonal Frequency Division Multiple (OFDM), Discrete Fourier Transform spread OFDM (DFT-s-OFDM) and/or any other technologies currently known or to be developed in the future.
[0039] In some implementations, the second device 120 may use a first Radio Access Technology (RAT), and the fourth device 140 may use a second RAT different from the first RAT. In some implementations, the first RAT may be a 5G RAT and the second RAT may be one of 2G, 3G, and 4G RATs.
[0040] In such implementations, the second device 120 and the third device 130 may be implemented in a Next Generation (NG) or 5G communication system. For example, the second device 120 may be implemented as an access network device in Next Generation Radio Access Network (NG-RAN), and the third device 130 may be implemented as a core network device in 5G core (5GC) network. For example, the second device 120 may be implemented as a gNB, and the third device 130 may be implemented as an access and mobility management funtion (AMF) device.
[0041] In such implementations, the fourth device 140 and the fifth device 150 may be implemented in an Evolved Packet System (EPS). For example, the fourth device 140 may be implemented as an access network device in an Evolved Universal Terrestrial Radio Access Network (EUTRAN), and the fifth device 150 may be implemented as a core network device in an Evolved Packet Core (EPC).
[0042] Although a possible implementation of the present disclosure will be described below by taking the first RAT being a 5G RAT and the second RAT being a 4G RAT as an example, in other possible implementations, the first RAT and the second RAT may also be other RATs, as long as they are different from each other. For example, in another possible implementation, the first RAT may be a 5G RAT and the second RAT may be 2G or 3G.
[0043] In some implementations, the first device 110 may perform a handover or redirection of the first device 110 from the cell 122 to the cell 142 for a voice service. In case where the cell 122 does not support a voice service of the first device 110 and the cell 122 employs a more advanced RAT than the cell 142, the handover or redirection may be referred to as a voice fallback. In implementations where the cell 142 is the one in an EPS, the handover or redirection is also referred to as EPS fallback. Hereinafter, the voice fallback will be described by taking the EPS fallback for example. However, other types of voice fallback than the EPS fallback may be also used with the present disclosure.
[0044] In Release 16, to improve EPS fallback performance, a network device may include a voiceFallbacklndication in MobilityFromNRCommand or RRCRelease message to indicate the handover or redirection is triggered by EPS fallback. In details, the usage of the voiceFallbacklndication is as below:
• In case of NR-to-EUTRA handover, upon handover failure, a terminal device may first try to select an E-UTRA cell instead of initiating RRC reestablishment as legacy;
• In case of redirection, the terminal device may set the establishmentcause to mo-VoiceCall.
[0045] The above enhancements may reduce the voice call setup delay in case of handover failure and eliminate the handover/E-UTRA RRC setup failure due to target admission control on non- voice service.
[0046] Release 17 supports voice service indication in a paging message. As part of multiple user subscriber identity module (MUSIM) topic, it was agreed to add a voice service indication in a paging message from 5GC to gNB, so that gNB may include the voice service indication in Access Stratum (AS) paging message. The similar mechanism applies to INACTIVE terminal device as well. The potential usage of the indication is to let the terminal device prioritize the voice service.
[0047] Release 17 also supports paging triggered fast EPS fallback. Assuming a gNB would eventually trigger EPS fallback for a MT-Call of an IDLE/INACTIVE terminal device, i.e. by paging the terminal device to CONNECTED mode and performing a subsequent handover/redirection, if it may see the paging is for voice service it may already make the decision of EPS fallback taking into account the network configuration (N26 availability, VoNR preferred or not, NR/E-UTRA coverage) and UE (paging) capability, thus the EPS fallback indication may be included in the paging message.
[0048] The Third Generation Partnership Project (3 GPP) Radio Access Network Group 2 (RAN2) is discussing solutions to reduce EPS fallback latency for IDLE/INACTIVE UE. The motivation is that some operators and vendors feel the current EPS fallback procedure is relative long which has negative impact on UE experience of voice service, thus prefer to reduce the latency.
[0049] However, considering legacy EPS fallback procedure involves both of core network and RAN, there are concerns that the candidate solutions discussed in RAN2 may create impact on upper layer signaling or core network procedures which is not RAN2’s intention for current release.
[0050] The solutions include two aspects, i.e., enhancements for mobile terminated (MT) case, and enhancements for mobile originated (MO) case. The brief introduction is as below. [0051] For MT case, when the network device indicates EPS fallback for voice service, the idle/inactive UE goes directly to E-UTRAfor connection establishment upon paging in NR. There are two candidate alternatives for the EPS fallback indication.
[0052] In alternative 1, the EPS fallback indication is included in paging message. Upon gNB receiving paging indicating voice service type from a core network (as same as agreed for MUSIM), the gNB may decide to perform EPS fallback for the UE and indicate EPS fallback in Uu paging message.
[0053] In alternative 2, the EPS fallback indication is included in system information block (SIB). The detailed indication could be voice over new radio (VoNR) support indication or E-UTRA frequency information. When EPS fallback is indicated in SIB and voice service type is indicated in Uu paging message, the idle/inactive UE may assume network triggering EPS fallback for it.
[0054] For MO case, the EPS fallback indication in SIB as proposed in the above alternative 2 may be applied to MO case. That is, when idle/inactive UE initiates an MO call, if EPS fallback is indicated in SIB, UE goes directly to E-UTRA for connection establishment.
[0055] However, there are security issues with the proposed solutions in alternative 1 and alternative 2. Since the UE is in idle mode, traditionally there is no security protection for the paging messages transmitted by base stations. Hence, a false base station put up by an attacker can mimic paging messages and employ either the solution in alternative 1 or alternative 2 to redirect the UE to connect to a false or desired base station and hijack the call. This is a serious security gap for the solutions in alternative 1 and alternative 2 which need to be addressed.
[0056] Example implementations of the present disclosure provide a solution for voice fallback security enhancement so as to solve the above problems and one or more of other potential problems. According to the solution, the first device generates an integrity protection key and a cipher key based on a paging key and Non-Access Stratum (NAS) algorithm information. The first device decrypts voice fallback information in a message received from a second device with the cipher key and verifies integrity of the voice fallback information with the integrity protection key. If verification of the integrity of the voice fallback information fails, the first device discards the message. In this way, security of the voice fallback information is ensured. Hereinafter, principle of the present disclosure will be described with reference to Figs. 2 to 9.
[0057] Fig. 2 illustrates a signaling chart illustrating a process for voice fallback security enhancement according to some example implementations of the present disclosure. The process 200 may involve the first device 110, the second device 120 and the third device 130 as illustrated in Fig. 1. Although the process 200 has been described in the communication environment 100 of Fig. 1, this process may be likewise applied to other communication scenarios.
[0058] As shown in Fig. 2, the first device 110 generates 215 an integrity protection key and a cipher key based on a paging key and Non-Access Stratum (NAS) algorithm information. Hereinafter, the integrity protection key may be represented by Kpcnint, the cipher key may be represented by KpcHenc, and the paging key may be represented by KPCH. [0059] In some implementations, the first device 110 may generate the integrity protection key and the cipher key during a NAS security context establishment.
[0060] In some implementations, the NAS security context establishment may be performed after primary authentication 210 of the first device 110 with the third device 130 is considered as successful. In order for the primary authentication of the first device 110, the first device 110 may transmit a registration request to the third device 130. The registration request may comprise capability information about the first device 110. The capability information may indicate whether the first device 110 supports the paging key derivation in the first device 110. The third device 130 could use the proposed procedure for the first device 110 which supports the paging key derivation. For older release terminal devices like Release 15 or Release 16, where such a paging key derivation is not supported, the third device 130 will not send a paging message in a secured way.
[0061] Similarly, the third device 130 generates 220 the integrity protection key and the cipher key based on the paging key and NAS algorithm information.
[0062] In some implementations, the first device 110 or the third device 130 may generate the paging key based on a first key for access and mobility management (AMF) and at least of the following:
• a first predetermined value,
• a string associated with a paging channel,
• a length of the string, or
• an identity of the first device 110.
[0063] Fig. 3 illustrates an example of key derivation for paging in accordance with some implementations of the present disclosure. As shown in Fig. 3, the first key (represented by KAMF), the first predetermined value, a string “PCH” associated with a paging channel, a length of the string (0x00 0x03) and 5G-Temporary Mobile Subscriber Identity (TMSI) of the first device 110 are used as input to a key derivation function (KDF) to generate the paging key KPCH.
[0064] In some implementations, the first predetermined value may be in range of 0x69- 0x79, 0x7B-0x7D and 0x83-0x84.
[0065] Upon generating the paging key KPCH, the first device 110 or the third device 130 generates the integrity protection key and the cipher key based on the paging key KPCH and NAS algorithm information.
[0066] In some implementations, the NAS algorithm information may comprise at least of the following:
• a second predetermined value,
• an algorithm type distinguisher,
• a length of the algorithm type distinguisher,
• a NAS algorithm identity, or
• a length of the NAS algorithm identity (ID).
[0067] In some implementations, the second predetermined value may in range of 0x69- 0x79, 0x7B-0x7D and 0x83-0x84.
[0068] Just by way of example, without suggesting any limitation to the scope of the present disclosure, the algorithm type distinguisher may be N-NAS-enc-alg, the length of the algorithm type distinguisher may be 0x00 0x01, and the length of the NAS algorithm may be 0x00 0x01.
[0069] It will be noted that as 5G-TMSI is changing quite often (i.e., after every successful paging procedure), the paging key KPCH, the derived integrity protection key KpcHint and the cipher key KpcHenc will be quite fresh every time.
[0070] In some implementations, the first device 110 may receive the NAS algorithm information from the second device 120. In some implementations, the first device 110 may receive the NAS algorithm information from the second device 120 in a security mode command procedure. For example, the first device 110 may receive the NAS algorithm information from the second device 120 in a paging message or system information block (SIB) message.
[0071] In some implementations, the NAS algorithm information may be pre-configured at the first device 110.
[0072] Referring back to Fig. 2, upon generating the paging key, the third device 130 transmits 225 a paging request to the second device 120. The paging request comprises the paging key, the NAS algorithm information and a voice service type indication. Accordingly, the second device 120 receives the paging request from the third device 130.
[0073] In some implementations, the second device 120 may determine whether a first NAS algorithm indicated by the NAS algorithm identity is unavailable for the second device 120. If the first NAS algorithm indicated by the NAS algorithm identity is unavailable for the second device 120, the second device 120 may transmit, to the third device 130, an indication of a second NAS algorithm which is available for the second device 120. In other words, it is possible that the second device 120 does not support the NAS algorithm identity indicated by the third device 130. In this case, the second device 120 may reject the paging request and the third device 130 could select another NAS algorithm which the first device 110 supports (received in initial capability information about the first device 110) for the second device 120.
[0074] In some implementations, the first device 110, the second device 120 and the third device 130 may be anyways expected to support all or minimum set of the algorithms. This will optimize the delay in delivery of paging messages.
[0075] Upon receiving the paging request, the second device 120 may decide to perform voice fallback for the first device 110. Accordingly, the second device 120 generates 230 voice fallback information based on the voice service type indication in the paging request. [0076] In turn, the second device 120 generates 235 the integrity protection key and the cipher key based on the paging key and the NAS algorithm information.
[0077] Further, the second device 120 generates 240 encrypted and integrity protected voice fallback information by integrity protecting the voice fallback information with the integrity protection key and by encrypting the voice fallback information with the cipher key. [0078] In some implementations, the encrypted and integrity protected voice fallback information may comprise integrity protected voice fallback information and encrypted voice fallback information.
[0079] In some implementations, the second device 120 may generate a message authentication code for integrity (MAC-I) based on at least one of the following:
• the integrity protection key,
• a first count value,
• the voice fallback information,
• a direction of transmission of the voice fallback information, or
• a bearer identity assigned for a paging channel.
[0080] In such implementations, the second device 120 may determine the MAC-I as integrity protected voice fallback information.
[0081] Fig. 4 illustrates an example of MAC-I generation for paging in accordance with some implementations of the present disclosure. As shown in Fig. 4, the integrity protection key KpcHim, the first count value (represented by COUNT), the voice fallback information (represented by MESSAGE), the direction of transmission of the voice fallback information (represented by DIRECTION), and the bearer identity (represented by BEARER) assigned for a paging channel are used as input to an integrity NAS algorithm (NIA).
[0082] Just by way of example, without suggesting any limitation to the scope of the present disclosure, the integrity protection key KpcHimmay be of 128-bit, the first count value “COUNT” may be equal to 1, the direction of transmission of the voice fallback information “DIRECTION” may be 1 for downlink (DL) and 0 for uplink (UL), and the bearer identity “BEARER” may be of 5-bit.
[0083] In some implementations, the second device 120 may generate a key stream block based on at least one of the following:
• the cipher key,
• a second count value,
• a bearer identity assigned for a paging channel,
• a direction of transmission of the voice fallback information, or
• a required length of the key stream block.
[0084] In such implementations, the second device 120 may generate a paging block based on the voice fallback information and generate the encrypted voice fallback information based on the keystream block and the paging block.
[0085] Fig. 5 illustrates an example of a procedure for cipher the voice fallback information in accordance with some implementations of the present disclosure. As shown in Fig. 5, the second device 120 use the cipher key Kpcuenc, the second count value (represented by COUNT), the bearer identity (represented by BEARER) assigned for the paging channel, the direction of transmission of the voice fallback information (represented by DIRECTION), and the required length of the keystream block (represented by LENGTH) as input to a cipher NAS algorithm (NEA) to generate a key stream block 510.
[0086] Just by way of example, without suggesting any limitation to the scope of the present disclosure, the cipher key Kpcuenc may be of 128-bit, the second count value “COUNT” may be equal to 1, the direction of transmission of the voice fallback information “DIRECTION” may be 1 for downlink (DL) and 0 for uplink (UL), and the bearer identity “BEARER” may be of 5-bit.
[0087] In addition, the second device 120 may generate a paging block 520 in plaintext based on the voice fallback information.
[0088] In turn, the second device 120 may generate a ciphertext block 530 based on the keystream block 510 and the paging block 520 in plaintext. For example, the second device 120 may use a bit per bit binary addition of the key stream block 510 and the paging block 520 in plaintext to generate the ciphertext block 530. Then, the second device 120 may determine the ciphertext block 530 as the encrypted voice fallback information.
[0089] In the same manner, the first device 110 may use the cipher key Kpcuenc, the second count value (represented by COUNT), the bearer identity (represented by BEARER) assigned for the paging channel, the direction of transmission of the voice fallback information (represented by DIRECTION), and the required length of the keystream block (represented by LENGTH) as input to an NEA to generate a keystream block 540.
[0090] Further, the first device 110 may recover the paging block 520 in plaintext based on the ciphertext block 530 and the keystream block 540. For example, the first device 110 may use a bit per bit binary addition of the ciphertext block 530 and the keystream block 540 to recover the paging block 520.
[0091] Referring back to Fig. 2, upon generating the encrypted and integrity protected voice fallback information, the second device 120 transmits 245, to the first device 110 in an idle mode, a message comprising the encrypted and integrity protected voice fallback information.
[0092] In some implementations, the encrypted and integrity protected voice fallback information may comprise the MAC-I and the ciphertext block 530. [0093] In some implementations, the second device 120 may transmit a paging indication in a paging indicator channel (PICH) and transmit the encrypted voice fallback information in a Uu paging message in a paging channel. For example, the second device 120 may include the encrypted voice fallback information as a paging payload in the Uu paging message.
[0094] Alternatively, the second device 120 may transmit the encrypted voice fallback information in a SIB message and transmit a voice service type in a Uu paging message.
[0095] Accordingly, the first device 110 receives, from the second device 120, the message comprising the encrypted and integrity protected voice fallback information.
[0096] Upon receiving the message, the first device 110 decrypts 250 the voice fallback information with the cipher key.
[0097] In addition, the first device 110 verifies 255 integrity of the voice fallback information with the integrity protection key.
[0098] In some implementations, in order to verify the integrity of the voice fallback information, the first device 110 may generate X-MAC based at least on the integrity protection key. For example, the first device 110 may generate X-MAC in a similar manner to the example of Fig. 4. If the X-MAC does not correspond to the MAC-I received from the second device 120, verification of the integrity protection fails. In this case, the first device 110 discards 260 the message. As a result, the first device 110 abandons the redirection for the voice call and continues to stay in the idle mode.
[0099] On the other hand, if the X-MAC corresponds to the received MAC-I, the integrity protection is verified successfully. In this case, the first device 110 may select a cell for a voice call based on the voice fallback information.
[00100] In some implementations, the voice fallback information may comprise parameters necessary to select a target cell where the first device 110 is being re-directed to connect for the voice call. In implementations where the voice fallback information is EPS fallback information, the first device 110 may select a target cell in E-UTRAN. For example, the first device 110 may select a target cell provided by the fourth device 140. Then, the first device 110 may perform RRC Connection setup with the fourth device 140. In turn, the first device 110 may perform tracking area update (TAU) and voice call setup with the fifth device 150. [00101] Fig. 6 shows a flowchart of an example method 600 implemented at a first device in accordance with some example embodiments of the present disclosure. For the purpose of discussion, the method 600 will be described from the perspective of the first device 110 with reference to Fig. 1.
[00102] At block 610, the first device 110 generates an integrity protection key and a cipher key based on a paging key and NAS algorithm information.
[00103] At block 620, the first device 110 receives, in an idle mode, from a second device, a message comprising voice fallback information. The voice fallback information is integrity protected by the integrity protection key and encrypted by the cipher key.
[00104] At block 630, the first device 110 decrypts the voice fallback information with the cipher key.
[00105] At block 640, the first device 110 discards the message in response to a failure of verifying integrity of the voice fallback information with the integrity protection key.
[00106] In some implementations, the method 600 further comprises: generating the paging key based on a first key for access and mobility management and at least of the following: a first predetermined value, a string associated with a paging channel, a length of the string, or an identity of the first device.
[00107] In some implementations, the NAS algorithm information comprises at least of the following: a second predetermined value, an algorithm type distinguisher, a length of the algorithm type distinguisher, a NAS algorithm identity, or a length of the NAS algorithm identity.
[00108] In some implementations, the method 600 further comprises: receiving the NAS algorithm information from the second device.
[00109] In some implementations, the method 600 further comprises: in response to a success of verifying the integrity of the voice fallback information with the integrity protection key, selecting a target cell for a voice call based on the voice fallback information. [00110] Fig. 7 shows a flowchart of an example method 700 implemented at a second device in accordance with some example embodiments of the present disclosure. For the purpose of discussion, the method 700 will be described from the perspective of the second device 120 with reference to Fig. 1.
[00111] At block 710, the second device 120 receives a paging request from a third device, the paging request comprising a paging key, NAS algorithm information and a voice service type indication.
[00112] At block 720, the second device 120 generates voice fallback information based on the voice service type indication.
[00113] At block 730, the second device 120 generates an integrity protection key and a cipher key based on the paging key and the NAS algorithm information.
[00114] At block 740, the second device 120 generates encrypted and integrity protected voice fallback information by integrity protecting the voice fallback information with the integrity protection key and by encrypting the voice fallback information with the cipher key. [00115] At block 750, the second device 120 transmits, to a first device, a message comprising the encrypted and integrity protected voice fallback information.
[00116] In some implementations, the NAS algorithm information comprises at least of the following: a second predetermined value, an algorithm type distinguisher, a length of the algorithm type distinguisher, a NAS algorithm identity, or a length of the NAS algorithm identity.
[00117] In some implementations, the method 700 further comprises: in accordance with a determination that a first NAS algorithm indicated by the NAS algorithm identity is unavailable for the second device, transmitting, to the third device, an indication of a second NAS algorithm which is available for the second device.
[00118] In some implementations, the method 700 further comprises: transmitting the NAS algorithm information to the first device.
[00119] In some implementations, generating the encrypted and integrity protected voice fallback information comprises: generating a message authentication code for integrity (MAC-I) based on at least one of the following: the integrity protection key, a first count value, the voice fallback information, a direction of transmission of the voice fallback information, or a bearer identity assigned for a paging channel; and determining the MAC-I as integrity protected voice fallback information.
[00120] In some implementations, generating the encrypted and integrity protected voice fallback information comprises: generating a keystream block based on at least one of the following: the cipher key, a second count value, a bearer identity assigned for a paging channel, a direction of transmission of the voice fallback information, or a required length of the key stream block; generating a paging block based on the voice fallback information; and generating encrypted voice fallback information based on the keystream block and the paging block.
[00121] The example implementations of the present disclosure which have been described with reference to Figs. 1 to 5 may be also applied to the methods 600 and 700. Thus, the details of the example implementations are omitted.
[00122] In some example embodiments, an apparatus capable of performing any of the method 600 (for example, a first apparatus) may comprise means for performing the respective steps of the method 600. The means may be implemented in any suitable form. For example, the means may be implemented in a circuitry or software module.
[00123] In some example embodiments, the first apparatus comprises: means for generating, at the first apparatus, an integrity protection key and a cipher key based on a paging key and NAS algorithm information; means for receiving, in an idle mode, from a second apparatus, a message comprising voice fallback information, the voice fallback information being integrity protected by the integrity protection key and encrypted by the cipher key; means for decrypting the voice fallback information with the cipher key; and means for discarding the message in response to a failure of verifying integrity of the voice fallback information with the integrity protection key.
[00124] In some implementations, the first apparatus further comprises: means for generating the paging key based on a first key for access and mobility management and at least of the following: a first predetermined value, a string associated with a paging channel, a length of the string, or an identity of the first device.
[00125] In some implementations, the NAS algorithm information comprises at least of the following: a second predetermined value, an algorithm type distinguisher, a length of the algorithm type distinguisher, a NAS algorithm identity, or a length of the NAS algorithm identity.
[00126] In some implementations, the first apparatus further comprises: means for receiving the NAS algorithm information from the second device.
[00127] In some implementations, the first apparatus further comprises: means for selecting, based on the voice fallback information, a target cell for a voice call in response to a success of verifying the integrity of the voice fallback information with the integrity protection key.
[00128] In some example embodiments, an apparatus capable of performing any of the method 700 (for example, a second apparatus) may comprise means for performing the respective steps of the method 700. The means may be implemented in any suitable form. For example, the means may be implemented in a circuitry or software module.
[00129] In some example embodiments, the second apparatus comprises: means for receiving a paging request from a third device, the paging request comprising a paging key, Non-Access Stratum (NAS) algorithm information and a voice service type indication; means for generating voice fallback information based on the voice service type indication; means for generating an integrity protection key and a cipher key based on the paging key and the NAS algorithm information; means for generating encrypted and integrity protected voice fallback information by integrity protecting the voice fallback information with the integrity protection key and by encrypting the voice fallback information with the cipher key; and means for transmitting, to a first apparatus, a message comprising the encrypted and integrity protected voice fallback information.
[00130] In some implementations, the NAS algorithm information comprises at least of the following: a second predetermined value, an algorithm type distinguisher, a length of the algorithm type distinguisher, a NAS algorithm identity, or a length of the NAS algorithm identity.
[00131] In some implementations, the second apparatus further comprises: in accordance with a determination that a first NAS algorithm indicated by the NAS algorithm identity is unavailable for the second device, means for transmitting, to the third device, an indication of a second NAS algorithm which is available for the second device.
[00132] In some implementations, the second apparatus further comprises: means for transmitting the NAS algorithm information to the first device.
[00133] In some implementations, means for generating the encrypted and integrity protected voice fallback information comprises: means for generating a message authentication code for integrity (MAC-I) based on at least one of the following: the integrity protection key, a first count value, the voice fallback information, a direction of transmission of the voice fallback information, or a bearer identity assigned for a paging channel; and determining the MAC-I as integrity protected voice fallback information.
[00134] In some implementations, means for generating the encrypted and integrity protected voice fallback information comprises: means for generating a keystream block based on at least one of the following: the cipher key, a second count value, a bearer identity assigned for a paging channel, a direction of transmission of the voice fallback information, or a required length of the key stream block; means for generating a paging block based on the voice fallback information; and means for generating encrypted voice fallback information based on the keystream block and the paging block.
[00135] Fig. 8 is a simplified block diagram of a device 800 that is suitable for implementing embodiments of the present disclosure. The device 800 may be provided to implement the communication device, for example, the first device 110 or the second device 120 as shown in Fig. 1. As shown, the device 800 includes one or more processors 810, one or more memories 820 coupled to the processor 810, and one or more communication modules 840 coupled to the processor 810.
[00136] The communication module 840 is for bidirectional communications. The communication module 840 has at least one antenna to facilitate communication. The communication interface may represent any interface that is necessary for communication with other network elements.
[00137] The processor 810 may be of any type suitable to the local technical network and may include one or more of the following: general purpose computers, special purpose computers, microprocessors, digital signal processors (DSPs) and processors based on multicore processor architecture, as non-limiting examples. The device 800 may have multiple processors, such as an application specific integrated circuit chip that is slaved in time to a clock which synchronizes the main processor.
[00138] The memory 820 may include one or more non-volatile memories and one or more volatile memories. Examples of the non-volatile memories include, but are not limited to, a Read Only Memory (ROM) 824, an electrically programmable read only memory (EPROM), a flash memory, a hard disk, a compact disc (CD), a digital video disk (DVD), and other magnetic storage and/or optical storage. Examples of the volatile memories include, but are not limited to, a random access memory (RAM) 822 and other volatile memories that will not last in the power-down duration.
[00139] A computer program 830 includes computer executable instructions that are executed by the associated processor 810. The program 830 may be stored in the ROM 824. The processor 810 may perform any suitable actions and processing by loading the program 830 into the RAM 822.
[00140] The embodiments of the present disclosure may be implemented by means of the program 830 so that the device 800 may perform any process of the disclosure as discussed with reference to Figs. 1 to 7. The embodiments of the present disclosure may also be implemented by hardware or by a combination of software and hardware.
[00141] In some example embodiments, the program 830 may be tangibly contained in a computer readable medium which may be included in the device 800 (such as in the memory 820) or other storage devices that are accessible by the device 800. The device 800 may load the program 830 from the computer readable medium to the RAM 822 for execution. The computer readable medium may include any types of tangible non-volatile storage, such as ROM, EPROM, a flash memory, a hard disk, CD, DVD, and the like. Fig. 9 shows an example of the computer readable medium 900 in form of CD or DVD. The computer readable medium has the program 830 stored thereon.
[00142] Generally, various embodiments of the present disclosure may be implemented in hardware or special purpose circuits, software, logic or any combination thereof. Some aspects may be implemented in hardware, while other aspects may be implemented in firmware or software which may be executed by a controller, microprocessor or other computing device. While various aspects of embodiments of the present disclosure are illustrated and described as block diagrams, flowcharts, or using some other pictorial representations, it is to be understood that the block, apparatus, system, technique or method described herein may be implemented in, as non-limiting examples, hardware, software, firmware, special purpose circuits or logic, general purpose hardware or controller or other computing devices, or some combination thereof.
[00143] The present disclosure also provides at least one computer program product tangibly stored on a non-transitory computer readable storage medium. The computer program product includes computer-executable instructions, such as those included in program modules, being executed in a device on a target real or virtual processor, to carry out the methods 600 and 700 as described above with reference to Figs. 6 and 7. Generally, program modules include routines, programs, libraries, objects, classes, components, data structures, or the like that perform particular tasks or implement particular abstract data types. The functionality of the program modules may be combined or split between program modules as desired in various embodiments. Machine-executable instructions for program modules may be executed within a local or distributed device. In a distributed device, program modules may be located in both local and remote storage media.
[00144] Program code for carrying out methods of the present disclosure may be written in any combination of one or more programming languages. These program codes may be provided to a processor or controller of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the program codes, when executed by the processor or controller, cause the functions/operations specified in the flowcharts and/or block diagrams to be implemented. The program code may execute entirely on a machine, partly on the machine, as a stand-alone software package, partly on the machine and partly on a remote machine or entirely on the remote machine or server.
[00145] In the context of the present disclosure, the computer program codes or related data may be carried by any suitable carrier to enable the device, apparatus or processor to perform various processes and operations as described above. Examples of the carrier include a signal, computer readable medium, and the like.
[00146] The computer readable medium may be a computer readable signal medium or a computer readable storage medium. A computer readable medium may include but not limited to an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of the computer readable storage medium would include an electrical connection having one or more wires, a portable computer diskette, a hard disk, a random access memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or Flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
[00147] Further, while operations are depicted in a particular order, this should not be understood as requiring that such operations be performed in the particular order shown or in sequential order, or that all illustrated operations be performed, to achieve desirable results. In certain circumstances, multitasking and parallel processing may be advantageous. Likewise, while several specific implementation details are contained in the above discussions, these should not be construed as limitations on the scope of the present disclosure, but rather as descriptions of features that may be specific to particular embodiments. Certain features that are described in the context of separate embodiments may also be implemented in combination in a single embodiment. Conversely, various features that are described in the context of a single embodiment may also be implemented in multiple embodiments separately or in any suitable sub-combination.
[00148] Although the present disclosure has been described in languages specific to structural features and/or methodological acts, it is to be understood that the present disclosure defined in the appended claims is not necessarily limited to the specific features or acts described above. Rather, the specific features and acts described above are disclosed as example forms of implementing the claims.

Claims

WHAT IS CLAIMED IS:
1. A first device, comprising: at least one processor; and at least one memory including computer program code; wherein the at least one memory and the computer program code are configured to, with the at least one processor, cause the first device in an idle mode to: generate an integrity protection key and a cipher key based on a paging key and Non-Access Stratum (NAS) algorithm information; receive, from a second device, a message comprising voice fallback information, the voice fallback information being integrity protected by the integrity protection key and encrypted by the cipher key; decrypt the voice fallback information with the cipher key; and in response to a failure of verifying integrity of the voice fallback information with the integrity protection key, discard the message.
2. The first device of claim 1, wherein the first device is further caused to: generate the paging key based on a first key for access and mobility management and at least of the following: a first predetermined value, a string associated with a paging channel, a length of the string, or an identity of the first device.
3. The first device of claim 1, wherein the NAS algorithm information comprises at least of the following: a second predetermined value, an algorithm type distinguisher, a length of the algorithm type distinguisher, a NAS algorithm identity, or a length of the NAS algorithm identity.
4. The first device of claim 1, wherein the first device is further caused to: receive the NAS algorithm information from the second device.
5. The first device of claim 1, wherein the first device is further caused to: in response to a success of verifying the integrity of the voice fallback information with the integrity protection key, select a target cell for a voice call based on the voice fallback information.
6. A second device, comprising: at least one processor; and at least one memory including computer program code; wherein the at least one memory and the computer program code are configured to, with the at least one processor, cause the second device: receive a paging request from a third device, the paging request comprising a paging key, Non-Access Stratum (NAS) algorithm information and a voice service type indication; generate voice fallback information based on the voice service type indication; generate an integrity protection key and a cipher key based on the paging key and the NAS algorithm information; generate encrypted and integrity protected voice fallback information by integrity protecting the voice fallback information with the integrity protection key and by encrypting the voice fallback information with the cipher key; and transmit, to a first device, a message comprising the encrypted and integrity protected voice fallback information.
7. The second device of claim 6, wherein the NAS algorithm information comprises at least of the following: a second predetermined value, an algorithm type distinguisher, a length of the algorithm type distinguisher, a NAS algorithm identity, or a length of the NAS algorithm identity.
8. The second device of claim 7, wherein the second device is further caused to: in accordance with a determination that a first NAS algorithm indicated by the NAS algorithm identity is unavailable for the second device, transmit, to the third device, an indication of a second NAS algorithm which is available for the second device.
9. The second device of claim 6, wherein the second device is further caused to: transmit the NAS algorithm information to the first device.
10. The second device of claim 6, wherein the second device is caused to generate encrypted and integrity protected voice fallback information by: generating a message authentication code for integrity (MAC-I) based on at least one of the following: the integrity protection key, a first count value, the voice fallback information, a direction of transmission of the voice fallback information, or a bearer identity assigned for a paging channel; and determining the MAC-I as integrity protected voice fallback information.
11. The second device of claim 6, wherein the second device is caused to generate encrypted and integrity protected voice fallback information by: generating a key stream block based on at least one of the following: the cipher key, a second count value, a bearer identity assigned for a paging channel, a direction of transmission of the voice fallback information, or a required length of the key stream block; generating a paging block based on the voice fallback information; and generating encrypted voice fallback information based on the keystream block and the paging block.
12. A method, comprising: generating, at a first device, an integrity protection key and a cipher key based on a paging key and Non-Access Stratum (NAS) algorithm information; receiving, in an idle mode, from a second device, a message comprising voice fallback information, the voice fallback information being integrity protected by the integrity protection key and encrypted by the cipher key; decrypting the voice fallback information with the cipher key; and in response to a failure of verifying integrity of the voice fallback information with the integrity protection key, discarding the message.
13. The method of claim 12, further comprising: generating the paging key based on a first key for access and mobility management and at least of the following: a first predetermined value, a string associated with a paging channel, a length of the string, or an identity of the first device.
14. The method of claim 12, wherein the NAS algorithm information comprises at least of the following: a second predetermined value, an algorithm type distinguisher, a length of the algorithm type distinguisher, a NAS algorithm identity, or a length of the NAS algorithm identity.
15. The method of claim 12, further comprising: receiving the NAS algorithm information from the second device.
16. The method of claim 12, further comprising: in response to a success of verifying the integrity of the voice fallback information with the integrity protection key, selecting a target cell for a voice call based on the voice fallback information.
17. A method, comprising: receiving a paging request at a second device from a third device, the paging request comprising a paging key, Non-Access Stratum (NAS) algorithm information and a voice service type indication; generating voice fallback information based on the voice service type indication; generating an integrity protection key and a cipher key based on the paging key and the NAS algorithm information; generating encrypted and integrity protected voice fallback information by integrity protecting the voice fallback information with the integrity protection key and by encrypting the voice fallback information with the cipher key; and transmitting, to a first device, a message comprising the encrypted and integrity protected voice fallback information.
18. The method of claim 17, wherein the NAS algorithm information comprises at least of the following: a second predetermined value, an algorithm type distinguisher, a length of the algorithm type distinguisher, a NAS algorithm identity, or a length of the NAS algorithm identity.
19. The method of claim 18, further comprising: in accordance with a determination that a first NAS algorithm indicated by the NAS algorithm identity is unavailable for the second device, transmit, to the third device, an indication of a second NAS algorithm which is available for the second device.
20. The method of claim 17, further comprising: transmitting the NAS algorithm information to the first device.
21. The method of claim 17, wherein generating the encrypted and integrity protected voice fallback information comprises: generating a message authentication code for integrity (MAC-I) based on at least one of the following: the integrity protection key, a first count value, the voice fallback information, a direction of transmission of the voice fallback information, or a bearer identity assigned for a paging channel; and determining the MAC-I as integrity protected voice fallback information.
22. The method of claim 17, wherein generating the encrypted and integrity protected voice fallback information comprises: generating a key stream block based on at least one of the following: the cipher key, a second count value, a bearer identity assigned for a paging channel, a direction of transmission of the voice fallback information, or a required length of the key stream block; generating a paging block based on the voice fallback information; and generating encrypted voice fallback information based on the keystream block and the paging block.
23. A first apparatus, comprising: means for generating, at the first apparatus, an integrity protection key and a cipher key based on a paging key and Non-Access Stratum (NAS) algorithm information; means for receiving, in an idle mode, from a second apparatus, a message comprising voice fallback information, the voice fallback information being integrity protected by the integrity protection key and encrypted by the cipher key; means for decrypting the voice fallback information with the cipher key; and means discarding the message for in response to a failure of verifying integrity of the voice fallback information with the integrity protection key.
24. A second apparatus, comprising: means for receiving a paging request from a third device, the paging request comprising a paging key, Non-Access Stratum (NAS) algorithm information and a voice service type indication; means for generating voice fallback information based on the voice service type indication; means for generating an integrity protection key and a cipher key based on the paging key and the NAS algorithm information; means for generating encrypted and integrity protected voice fallback information by integrity protecting the voice fallback information with the integrity protection key and by encrypting the voice fallback information with the cipher key; and means for transmitting, to a first apparatus, a message comprising the encrypted and integrity protected voice fallback information.
25. A computer readable medium comprising program instructions for causing an apparatus to perform at least the method of any of claims 12-16.
26. A computer readable medium comprising program instructions for causing an apparatus to perform at least the method of any of claims 17-22.
PCT/EP2023/056870 2022-04-29 2023-03-17 Devices, methods, apparatus and computer readable medium for communications Ceased WO2023208472A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202380037054.2A CN119096571A (en) 2022-04-29 2023-03-17 Device, method, apparatus and computer-readable medium for communication

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
IN202241025183 2022-04-29
IN202241025183 2022-04-29

Publications (1)

Publication Number Publication Date
WO2023208472A1 true WO2023208472A1 (en) 2023-11-02

Family

ID=85772090

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2023/056870 Ceased WO2023208472A1 (en) 2022-04-29 2023-03-17 Devices, methods, apparatus and computer readable medium for communications

Country Status (2)

Country Link
CN (1) CN119096571A (en)
WO (1) WO2023208472A1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180227809A1 (en) * 2017-02-05 2018-08-09 Alcatel-Lucent Usa Inc. System and method for secure cell redirection in wireless networks
WO2020084595A1 (en) * 2018-10-25 2020-04-30 Telefonaktiebolaget Lm Ericsson (Publ) Methods and nodes for performing a handover at resume
WO2021051250A1 (en) * 2019-09-16 2021-03-25 华为技术有限公司 Data transmission method and device
US20210092706A1 (en) * 2019-09-25 2021-03-25 Qualcomm Incorporated Secure paging for service prioritization

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180227809A1 (en) * 2017-02-05 2018-08-09 Alcatel-Lucent Usa Inc. System and method for secure cell redirection in wireless networks
WO2020084595A1 (en) * 2018-10-25 2020-04-30 Telefonaktiebolaget Lm Ericsson (Publ) Methods and nodes for performing a handover at resume
WO2021051250A1 (en) * 2019-09-16 2021-03-25 华为技术有限公司 Data transmission method and device
US20210092706A1 (en) * 2019-09-25 2021-03-25 Qualcomm Incorporated Secure paging for service prioritization

Also Published As

Publication number Publication date
CN119096571A (en) 2024-12-06

Similar Documents

Publication Publication Date Title
US11818578B2 (en) Security context obtaining method and apparatus, and communications system
US12408038B2 (en) Partial integrity protection in telecommunication systems
CN112654046B (en) Method and apparatus for registration
US12439246B2 (en) Security communication in prose U2N relay
US20250193750A1 (en) Service data transmission method, terminal, network node and storage medium
WO2023208472A1 (en) Devices, methods, apparatus and computer readable medium for communications
WO2022266848A1 (en) Data handling during sdt
US20250133393A1 (en) User plane traffic handling for emergency case
EP4364519A1 (en) Small data transmission
CN118972837A (en) Method and device for registration
WO2025112008A1 (en) Secure communication in non-terrestrial network store and forward system
US20250097875A1 (en) Path switch between relays and security procedures
US20230345251A1 (en) Method, device and computer readable medium for communications
WO2024031384A1 (en) Intra-du or inter-du mobility based on pre-configuration
WO2024065209A1 (en) Mobile terminated early data transmission for internet of things
WO2025236291A1 (en) Protection for discovery messasge
WO2024152356A1 (en) Methods and apparatuses for small data transmission
WO2024227299A1 (en) Qoe continuity during intra-5gc inter-rat handover process
WO2024077470A1 (en) Handover enhancements
WO2021203318A1 (en) Methods, devices, and computer readable medium for communication

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 23713073

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: 202380037054.2

Country of ref document: CN

WWE Wipo information: entry into national phase

Ref document number: 202447092137

Country of ref document: IN

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 23713073

Country of ref document: EP

Kind code of ref document: A1