[go: up one dir, main page]

WO2024250273A1 - Validation of terminal device - Google Patents

Validation of terminal device Download PDF

Info

Publication number
WO2024250273A1
WO2024250273A1 PCT/CN2023/099365 CN2023099365W WO2024250273A1 WO 2024250273 A1 WO2024250273 A1 WO 2024250273A1 CN 2023099365 W CN2023099365 W CN 2023099365W WO 2024250273 A1 WO2024250273 A1 WO 2024250273A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
network device
terminal device
access network
random number
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
PCT/CN2023/099365
Other languages
French (fr)
Inventor
Xiang Xu
Ping Yuan
Jing PING
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nokia Shanghai Bell Co Ltd
Nokia Solutions and Networks Oy
Nokia Technologies Oy
Original Assignee
Nokia Shanghai Bell Co Ltd
Nokia Solutions and Networks Oy
Nokia Technologies Oy
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nokia Shanghai Bell Co Ltd, Nokia Solutions and Networks Oy, Nokia Technologies Oy filed Critical Nokia Shanghai Bell Co Ltd
Priority to PCT/CN2023/099365 priority Critical patent/WO2024250273A1/en
Publication of WO2024250273A1 publication Critical patent/WO2024250273A1/en
Anticipated expiration legal-status Critical
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/065Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
    • H04L9/0656Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher
    • H04L9/0662Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher with particular pseudorandom sequence generator
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3242Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity
    • H04W12/106Packet or message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/02Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
    • H04W84/04Large scale networks; Deep hierarchical networks
    • H04W84/06Airborne or Satellite Networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless

Definitions

  • Example embodiments of the present disclosure generally relate to the field of telecommunication, and in particular, to a terminal device, an access network device, a core network device, methods, apparatuses, and a computer-readable storage medium for validating a terminal device, especially, for enforcing a size/amount limitation of data allowed to be sent from a terminal device.
  • Non-terrestrial networks have been defined for NR and NB-IoT/eMTC in an early release of communication specification. It is also proposed that store and forward (S&F) operation is used for IoT NTN.
  • S&F is a new feature that will allow a satellite to provide service to IoT NTN device (s) or terminal device (s) even in periods/areas when/where the satellite is not connected to a Gateway on the ground.
  • S&F is an operation mode of a cellular system offering satellite-access where the cellular system can provide some level of service (in storing and forwarding the data) when satellite connectivity is intermittently/temporarily unavailable, e.g. to provide communication service for IoT NTN device (s) or terminal device (s) under satellite coverage without a simultaneous active feeder link connection to the ground segment.
  • the store and forward architecture enables a low-cost deployment consisting of just a few satellites and a few ground stations. This means the connectivity cost per device can be further reduced at the cost of only being able to support delay tolerant data. Considering the limited amount of memory in a satellite, it is proposed that limitations to the size/amount of data that can be sent from the terminal device could be enforced. However, how to, effectively and safely, validate or authenticate a terminal device and for example, further enforce the limitations for terminal device (s) should be paid attention to and be studied.
  • example embodiments of the present disclosure provide a solution for validating a terminal device.
  • a terminal device comprising at least one processor and at least one memory storing instructions that, when executed by the at least one processor, cause the terminal device at least to: receive, when access stratum (AS) security is not used between the terminal device and an access network device, at least one random number from the access network device of a non-terrestrial network (NTN) ; derive at least one key based on a non-access stratum (NAS) key of the terminal device and the at least one random number; transmit, to the access network device, a radio resource control (RRC) message, wherein the RRC message is protected based on the at least one key; and after validating the terminal device based on the RRC message protected based on the at least one key, receive from the access network device a message related to the validating.
  • AS access stratum
  • NTN non-terrestrial network
  • RRC radio resource control
  • an access network device comprises at least one processor and at least one memory storing instructions that, when executed by the at least one processor, cause the access network device at least to: receive, when access stratum (AS) security is not used between a terminal device and the access network device, at least one key and at least one random number from a core network device, wherein the access network device is a non-terrestrial network (NTN) access network device, wherein the at least one key is derived based on a non-access stratum (NAS) key of the terminal device and the at least one random number; transmit the at least one random number to the terminal device; receive, from the terminal device, a radio resource control (RRC) message; validate the RRC message based on the at least one key; and after said validating, transmit to the terminal device a message related to the validating.
  • AS access stratum
  • NTN non-terrestrial network
  • RRC radio resource control
  • a core network device comprises at least one processor and at least one memory storing instructions that, when executed by the at least one processor, cause the core network device at least to: derive, for a terminal device, at least one key based on a non-access stratum (NAS) key of the terminal device and at least one random number; and transmit, when access stratum (AS) security is not used between the terminal device and an access network device associated with the terminal device, the at least one key and the at least one random number to the access network device, wherein the access network device is a non-terrestrial network (NTN) access network device.
  • NTN non-terrestrial network
  • a method comprises: receiving, at a terminal device, when access stratum (AS) security is not used between the terminal device and an access network device, at least one random number from the access network device of a non-terrestrial network (NTN) ; deriving at least one key based on a non-access stratum (NAS) key of the terminal device and the at least one random number; transmitting, to the access network device, a radio resource control (RRC) message, wherein the RRC message is protected based on the at least one key; and after validating the terminal device based on the RRC message protected based on the at least one key, receiving from the access network device a message related to the validating.
  • AS access stratum
  • NTN non-terrestrial network
  • RRC radio resource control
  • a method comprises: receiving, at an access network device, when access stratum (AS) security is not used between a terminal device and the access network device, at least one key and at least one random number from a core network device, wherein the access network device is a non-terrestrial network (NTN) access network device, wherein the at least one key is derived based on a non-access stratum (NAS) key of the terminal device and the at least one random number; transmitting the at least one random number to the terminal device; receiving, from the terminal device, a radio resource control (RRC) message; validating the RRC message based on the at least one key; and after said validating, transmitting to the terminal device a message related to the validating.
  • AS access stratum
  • NTN non-terrestrial network
  • RRC radio resource control
  • a method comprises: deriving, at a core network device, for a terminal device, at least one key based on a non-access stratum (NAS) key of the terminal device and at least one random number; and transmitting, when access stratum (AS) security is not used between the terminal device and an access network device associated with the terminal device, the at least one key and the at least one random number to the access network device, wherein the access network device is a non-terrestrial network (NTN) access network device.
  • NTN non-terrestrial network
  • an apparatus comprising: means for receiving, at a terminal device, when access stratum (AS) security is not used between the terminal device and an access network device, at least one random number from the access network device of a non-terrestrial network (NTN) ; means for deriving at least one key based on a non-access stratum (NAS) key of the terminal device and the at least one random number; means for transmitting, to the access network device, a radio resource control (RRC) message, wherein the RRC message is protected based on the at least one key; and means for, after validating the terminal device based on the RRC message protected based on the at least one key, receiving from the access network device a message related to the validating.
  • AS access stratum
  • NTN non-terrestrial network
  • RRC radio resource control
  • an apparatus comprises: means for receiving, at an access network device, when access stratum (AS) security is not used between a terminal device and the access network device, at least one key and at least one random number from a core network device, wherein the access network device is a non-terrestrial network (NTN) access network device, wherein the at least one key is derived based on a non-access stratum (NAS) key of the terminal device and the at least one random number; means for transmitting the at least one random number to the terminal device; means for receiving, from the terminal device, a radio resource control (RRC) message; means for validating the RRC message based on the at least one key; and means for, after said validating, transmitting to the terminal device a message related to the validating.
  • AS access stratum
  • NTN non-terrestrial network
  • NAS non-access stratum
  • an apparatus comprising: means for deriving, at a core network device, for a terminal device, at least one key based on a non-access stratum (NAS) key of the terminal device and at least one random number; and means for transmitting, when access stratum (AS) security is not used between the terminal device and an access network device associated with the terminal device, the at least one key and the at least one random number to the access network device, wherein the access network device is a non-terrestrial network (NTN) access network device.
  • NTN non-terrestrial network
  • a non-transitory computer-readable storage medium comprising instructions.
  • the instructions when executed by an apparatus, cause the apparatus to perform at least the following: receiving, at a terminal device, when access stratum (AS) security is not used between the terminal device and an access network device, at least one random number from the access network device of a non-terrestrial network (NTN) ; deriving at least one key based on a non-access stratum (NAS) key of the terminal device and the at least one random number; transmitting, to the access network device, a radio resource control (RRC) message, wherein the RRC message is protected based on the at least one key; and after validating the terminal device based on the RRC message protected based on the at least one key, receiving from the access network device a message related to the validating.
  • RRC radio resource control
  • a non-transitory computer-readable storage medium comprising instructions.
  • the instructions when executed by an apparatus, cause the apparatus to perform at least the following: receiving, at an access network device, when access stratum (AS) security is not used between a terminal device and the access network device, at least one key and at least one random number from a core network device, wherein the access network device is a non-terrestrial network (NTN) access network device, wherein the at least one key is derived based on a non-access stratum (NAS) key of the terminal device and the at least one random number; transmitting the at least one random number to the terminal device; receiving, from the terminal device, a radio resource control (RRC) message; validating the RRC message based on the at least one key; and after said validating, transmitting to the terminal device a message related to the validating.
  • AS access stratum
  • NTN non-terrestrial network
  • NAS non-access stratum
  • a non-transitory computer-readable storage medium comprising instructions.
  • the instructions when executed by an apparatus, cause the apparatus to perform at least the following: deriving, at a core network device, for a terminal device, at least one key based on a non-access stratum (NAS) key of the terminal device and at least one random number; and transmitting, when access stratum (AS) security is not used between the terminal device and an access network device associated with the terminal device, the at least one key and the at least one random number to the access network device, wherein the access network device is a non-terrestrial network (NTN) access network device.
  • NTN non-terrestrial network
  • a computer program comprising instructions, which, when executed by an apparatus, cause the apparatus at least to: receive, when access stratum (AS) security is not used between the terminal device and an access network device, at least one random number from the access network device of a non-terrestrial network (NTN) ; derive at least one key based on a non-access stratum (NAS) key of the terminal device and the at least one random number; transmit, to the access network device, a radio resource control (RRC) message, wherein the RRC message is protected based on the at least one key; and after validating the terminal device based on the RRC message protected based on the at least one key, receive from the access network device a message related to the validating.
  • AS access stratum
  • NTN non-terrestrial network
  • RRC radio resource control
  • a computer program comprising instructions, which, when executed by an apparatus, cause the apparatus at least to: receive, when access stratum (AS) security is not used between a terminal device and the access network device, at least one key and at least one random number from a core network device, wherein the access network device is a non-terrestrial network (NTN) access network device, wherein the at least one key is derived based on a non-access stratum (NAS) key of the terminal device and the at least one random number; transmit the at least one random number to the terminal device; receive, from the terminal device, a radio resource control (RRC) message; validate the RRC message based on the at least one key; and after said validating, transmit to the terminal device a message related to the validating.
  • AS access stratum
  • NTN non-terrestrial network
  • RRC radio resource control
  • a computer program comprising instructions, which, when executed by an apparatus, cause the apparatus at least to: derive, for a terminal device, at least one key based on a non-access stratum (NAS) key of the terminal device and at least one random number; and transmit, when access stratum (AS) security is not used between the terminal device and an access network device associated with the terminal device, the at least one key and the at least one random number to the access network device, wherein the access network device is a non-terrestrial network (NTN) access network device.
  • NTN non-terrestrial network
  • a terminal device comprising: receiving circuitry configured to receive, when access stratum (AS) security is not used between the terminal device and an access network device, at least one random number from the access network device of a non-terrestrial network (NTN) ; deriving circuitry configured to derive at least one key based on a non-access stratum (NAS) key of the terminal device and the at least one random number; transmitting circuitry configured to transmit, to the access network device, a radio resource control (RRC) message, wherein the RRC message is protected based on the at least one key; and receiving circuitry configured to, after validating the terminal device based on the RRC message protected based on the at least one key, receive from the access network device a message related to the validating.
  • AS access stratum
  • NTN non-terrestrial network
  • RRC radio resource control
  • an access network device comprises: receiving circuitry configured to receive, when access stratum (AS) security is not used between a terminal device and the access network device, at least one key and at least one random number from a core network device, wherein the access network device is a non-terrestrial network (NTN) access network device, wherein the at least one key is derived based on a non-access stratum (NAS) key of the terminal device and the at least one random number; transmitting circuitry configured to transmit the at least one random number to the terminal device; receiving circuitry configured to receive, from the terminal device, a radio resource control (RRC) message; validating circuitry configured to validate the RRC message based on the at least one key; and transmitting circuitry configured to, after said validating, transmit to the terminal device a message related to the validating.
  • AS access stratum
  • NTN non-terrestrial network
  • NAS non-access stratum
  • a core network device comprising: deriving circuitry configured to derive, for a terminal device, at least one key based on a non-access stratum (NAS) key of the terminal device and at least one random number; and transmitting circuitry configured to transmit, when access stratum (AS) security is not used between the terminal device and an access network device associated with the terminal device, the at least one key and the at least one random number to the access network device, wherein the access network device is a non-terrestrial network (NTN) access network device.
  • NTN non-terrestrial network
  • FIG. 1A illustrates an example of a network environment in which some example embodiments of the present disclosure may be implemented
  • FIG. 1B illustrates an example S&F operation in some example embodiments of the present disclosure
  • FIG. 1C illustrates the RRC connection established for Control Plane CIoT EPS/5GS Optimisations related to some example embodiments of the present disclosure
  • FIG. 1D illustrates MO-EDT (Mobile Originated Early Data Transmission) for Control Plane CIoT EPS Optimisation related to some example embodiments of the present disclosure
  • FIG. 2 illustrates a flowchart illustrating a communication process in accordance with some example embodiments of the present disclosure
  • FIG. 3 illustrates an example signaling flow in accordance with some example embodiments of the present disclosure
  • FIG. 4 illustrates another example signaling flow in accordance with some example embodiments of the present disclosure
  • FIG. 5 illustrates a flowchart of an example method implemented at a terminal device in accordance with some embodiments of the present disclosure
  • FIG. 6 illustrates another flowchart of an example method implemented at an access network device in accordance with some embodiments of the present disclosure
  • FIG. 7 illustrates another flowchart of an example method implemented at a core network device in accordance with some embodiments of the present disclosure
  • FIG. 8 illustrates a simplified block diagram of a device that is suitable for implementing some example embodiments of the present disclosure.
  • FIG. 9 illustrates a block diagram of an example of a computer-readable medium in accordance with some example embodiments of the present disclosure.
  • references in the present disclosure to “one embodiment, ” “an embodiment, ” “an example embodiment, ” and the like indicate that the embodiment described may include a particular feature, structure, or characteristic, but it is not necessary that every embodiment includes the particular feature, structure, or characteristic. Moreover, such phrases are not necessarily referring to the same embodiment. Further, when a particular feature, structure, or characteristic is described in connection with an embodiment, it is submitted that it is within the knowledge of one skilled in the art to affect such feature, structure, or characteristic in connection with other embodiments whether or not explicitly described.
  • first and second etc. may be used herein to describe various elements, these elements should not be limited by these terms. These terms are only used to distinguish one element from another. For example, a first element could be termed a second element, and similarly, a second element could be termed a first element, without departing from the scope of example embodiments.
  • the term “and/or” includes any and all combinations of one or more of the listed terms.
  • circuitry may refer to one or more or all of the following:
  • circuitry also covers an implementation of merely a hardware circuit or processor (or multiple processors) or portion of a hardware circuit or processor and its (or their) accompanying software and/or firmware.
  • circuitry also covers, for example and if applicable to the particular claim element, a baseband integrated circuit or processor integrated circuit for a mobile device or a similar integrated circuit in server, a cellular network device, or other computing or network device.
  • the term “communication network” refers to a network following any suitable communication standards, such as Long Term Evolution (LTE) , LTE-Advanced (LTE-A) , Wideband Code Division Multiple Access (WCDMA) , High-Speed Packet Access (HSPA) , Narrow Band Internet of Things (NB-IoT) and so on.
  • LTE Long Term Evolution
  • LTE-A LTE-Advanced
  • WCDMA Wideband Code Division Multiple Access
  • HSPA High-Speed Packet Access
  • NB-IoT Narrow Band Internet of Things
  • the communications between a terminal device and a network device in the communication network may be performed according to any suitable generation communication protocols, including, but not limited to, the fourth generation (4G) , 4.5G, the fifth generation (5G) communication protocols, sixth generation (6G) communication protocols, and/or any other protocols either currently known or to be developed in the future.
  • 4G fourth generation
  • 5G fifth generation
  • 6G sixth generation
  • Embodiments of the present disclosure may
  • the term “access network device” refers to a node in a communication network via which a terminal device accesses the network and receives services therefrom.
  • the network device may refer to a base station (BS) or an access point (AP) , for example, a node B (NodeB or NB) , an evolved NodeB (eNodeB or eNB) , a NR NB (also referred to as a gNB) , a Remote Radio Unit (RRU) , a radio header (RH) , a remote radio head (RRH) , a relay, a low power node such as a femto, a pico, and so forth, depending on the applied terminology and technology.
  • BS base station
  • AP access point
  • NodeB or NB node B
  • eNodeB or eNB evolved NodeB
  • NR NB also referred to as a gNB
  • RRU Remote Radio Unit
  • RH radio header
  • the term “core network device” or “CN device” refers to a device capable of communicating with the access network device and providing services to the terminal device in a core network.
  • the core network device may include Mobile Switching Centers (MSCs) , Mobility Management Entities (MMEs) , Access and Mobility Management Functions (AMFs) , Operation and Management (O&M) nodes, Operation Support System (OSS) nodes, Self-Organization Network (SON) nodes, positioning nodes, such as Enhanced Serving Mobile Location Centers (E-SMLCs) .
  • the core network device may be any other suitable application or entity in a core network.
  • terminal device refers to any end device that may be capable of wireless communication.
  • a terminal device may also be referred to as a communication device, user equipment (UE) , a Subscriber Station (SS) , a Portable Subscriber Station, a Mobile Station (MS) , or an Access Terminal (AT) .
  • UE user equipment
  • SS Subscriber Station
  • MS Mobile Station
  • AT Access Terminal
  • the terminal device may include, but not limited to, a mobile phone, a cellular phone, a smart phone, voice over IP (VoIP) phones, wireless local loop phones, a tablet, a wearable terminal device, a personal digital assistant (PDA) , portable computers, desktop computer, image capture terminal devices such as digital cameras, gaming terminal devices, music storage and playback appliances, vehicle-mounted wireless terminal devices, wireless endpoints, mobile stations, laptop-embedded equipment (LEE) , laptop-mounted equipment (LME) , USB dongles, smart devices, wireless customer-premises equipment (CPE) , an Internet of Things (loT) device, a watch or other wearable, a head-mounted display (HMD) , a vehicle, a drone, a medical device and applications (for example, remote surgery) , an industrial device and applications (for example, a robot and/or other wireless devices operating in an industrial and/or an automated processing chain contexts) , a consumer electronics device, a device operating on commercial and/or industrial wireless networks
  • NTN non-terrestrial networks
  • gNBs or eNBs When cellular coverage is provided from non-terrestrial base stations, such as gNBs or eNBs is embarked on air-borne or space-borne NTN vehicle, for example, Non-Geosynchronous Orbit (NGSO) vehicle, which includes Low-Earth Orbit (LEO) satellite and Medium Earth Orbit (MEO) satellite or High Altitude Platform Systems (HAPS) , there will be discontinuity of coverage situation for the terminal device depending on the coverage foot-print and number of satellites.
  • NGSO Non-Geosynchronous Orbit
  • LEO Low-Earth Orbit
  • MEO Medium Earth Orbit
  • HAPS High Altitude Platform Systems
  • satellite is used as an example for NTN vehicle.
  • discontinuous connectivity may occur between the base stations and the core network (CN) due to, for example, movement of the satellites.
  • the store-and-forward mode has been proposed to be applied in NTN.
  • data packets can be stored at the access network device, e.g., gNBs or eNBs in the satellites, and forwarded to the terminal device or the core network when corresponding connectivity is available.
  • the access network device e.g., gNBs or eNBs in the satellites
  • the store and forward operation builds on the release 18 concept of discontinuous coverage scenario, where the UE only occasionally and temporarily has coverage from a satellite.
  • the discontinuous coverage scenario is expanded by now also defining that the satellite is not always connected with the core network.
  • the description/proposal below may use eNB/LTE as an example, but it can be equally or similarly applied to gNB/NR and other radio access network nodes.
  • the store and forward architecture enables a low-cost deployment consisting of just a few satellites and a few ground stations. This means the connectivity cost per device can be further reduced at the cost of only being able to support delay tolerant data.
  • the objective was not included in release 18. The main reason for not including it in release 18 was the requirement for an eNB onboard the satellite, which has been postponed.
  • phase 3 the 3GPP SA1 working group has initiated the release 19 study on satellite access (known as phase 3) .
  • the work is documented in TR 22.865 and several store and forward use cases are defined including both mobile terminated and originated application data. Therefore, it is expected that store and forward operation for IoT NTN would return for release 19.
  • Store and forward is a (release 19) topic which should be shaped.
  • FIG. 1A illustrates an example of a network environment 100 in which some example embodiments of the present disclosure may be implemented.
  • the network environment 100 may also be referred to as a communication system 100 (for example, a portion of a communication network) .
  • a communication system 100 for example, a portion of a communication network
  • various aspects of example embodiments will be described in the context of one or more core network devices, access network devices, and terminal devices that communicate with one another. It should be appreciated, however, that the description herein may be applicable to other types of apparatus or other similar apparatuses that are referenced using other terminology.
  • the communication system 100 includes a terminal device 110, an access network device 120, a gateway or NTN gateway 140 and a CN device 130.
  • the gateway 140 is an earth station located at the surface of the earth, providing connectivity to the NTN payload using the feeder link.
  • the gateway 140 is a transport network layer (TNL) node.
  • the NTN payload is a network node, embarked on board a satellite or high altitude platform station, providing connectivity functions, between the service link that is a wireless link between the NTN payload and the terminal device, and the feeder link that is a wireless link between the NTN Gateway and the NTN payload.
  • the NTN payload is the access network device 120.
  • the access network device 120 may be connected with the terminal device 110 and/or the gateway 140 over a wireless network, such as a wireless radio access network (e.g., a 3G wireless access network, a 4G-Long Term Evolution (LTE) network, a 5G-New Radio (e.g., 5G) wireless network, a future 6G wireless network, a future 7G wireless network, etc. ) .
  • a wireless radio access network e.g., a 3G wireless access network, a 4G-Long Term Evolution (LTE) network, a 5G-New Radio (e.g., 5G) wireless network, a future 6G wireless network, a future 7G wireless network, etc.
  • LTE Long Term Evolution
  • 5G-New Radio e.g., 5G wireless network
  • future 6G wireless network e.g., a future 7G wireless network, etc.
  • the gateway 140 and the CN device 130 may connect to each other over a wired and/or wireless network.
  • the access network device 120 may be a radio access network (RAN) device.
  • the access network device 120 may be in a non-terrestrial network (NTN) , and may thus be referred to as a NTN access network device.
  • NTN non-terrestrial network
  • the access network device 120 may be a gNB or eNB embarked on a NTN vehicle such as a low earth orbiting (LEO) satellite, a medium earth orbiting (MEO) satellite, a geostationary earth orbiting (GEO) satellite, a UAS device (e.g., a drone, a blimp, a balloon, etc. ) , a HAPS vehicle, or a manned aerial vehicle (MAV) device, etc.
  • LEO low earth orbiting
  • MEO medium earth orbiting
  • GEO geostationary earth orbiting
  • UAS device e.g., a drone, a blimp, a balloon, etc.
  • HAPS vehicle e.g., a bli
  • NTN vehicles that act as a constellation of NTN vehicles, providing a coordinated coverage area among the plurality of NTN vehicles, e.g., a constellation of satellites, a constellation of UASs, and/or a constellation of satellites and UASs, etc.
  • the terminal device 110 may be an Internet of Things (IoT) device.
  • IoT Internet of Things
  • the NTN has been defined for New Radio, Narrow Band (NB) -IoT, and eMTC devices.
  • the NTN may enable the communication sessions between the terminal device 110 and the core network 140 efficiently due to attributes of IOT data traffic, such as small data transmission (SDT) with few packets, early data transmission (EDT) , preconfigured uplink resources (PUR) and/or non-critical delivery time.
  • SDT small data transmission
  • EDT early data transmission
  • PUR preconfigured uplink resources
  • the access network device 120 may have discontinuous connectivity with the core network device 130 via the gateway 140.
  • the access network device 120 may have connectivity 111 with the terminal device 110 while having no connectivity 112 with the core network device 130.
  • the access network device 120 may receive signaling or data from the terminal device 110 at the location A and store the signaling or data.
  • the access network device 120 may have no connectivity 113 with the terminal device 110 while having connectivity 114 with the core network device 130.
  • the access network device 120 may have both of the connectivity with the terminal device 110 and the connectivity with the core network device 130.
  • the access network device 120 With connectivity to the core network device 130, the access network device 120, at the location B, may transmit the stored signaling or data to the application server via the core network device 130.
  • the access network device 120 having discontinuous connectivity with the core network 140 may be in a public land mobile network (PLMN) instead of the NTN.
  • PLMN public land mobile network
  • FIG. 1B illustrates an example S&F operation 150 in some example embodiments of the present disclosure.
  • the S&F operation 150 will be described with reference to FIG. 1A.
  • the example implementation of the S&F operation 150 is depicted and will be described from perspectives of a terminal device 110 (also called as UE 110) , a first satellite SAT1 with a first access network device eNB1 onboard, a second satellite SAT2 with a second access network device eNB2 onboard, a third satellite SAT3 with a third access network device eNB3 onboard, a first gateway NTN-GW1, a second gateway NTN-GW2 and a CN device 130.
  • the satellites SAT1, SAT2 and SAT3 move relative to the gateways.
  • Each of the eNB1, eNB2 and eNB3 may communicate with the CN device 130 when it is connected to any of the first and second gateways NTN-GW1 and NTN-GW2.
  • the connection between the CN device 130 and each of the eNB1, eNB2 and eNB3 is temporary and discontinuous.
  • Each of the access network devices eNB1, eNB2 and eNB3 may communicate with the UE 110 when its coverage footprint overlaps the location of the UE 110.
  • the connection between the UE 110 and each of the access network devices eNB1, eNB2 and eNB3 is temporary and discontinuous.
  • the CN device 130 communicates with the UE 110 via the gateways NTN-GW1 and NTN-GW2 and the access network devices eNB1, eNB2 and eNB3.
  • eNB1 serves the geographical area of the terminal device 110 and has connection 111-1 with the terminal device 110, but it has no connection with the gateways and the CN device 130.
  • the eNB1 may receive data (e.g., a NAS message) from the terminal device 110 and store the received data.
  • the eNB1 moves out the geographical area of the terminal device 110, and it has connection 114-1 with the first gateway 130-1.
  • the eNB1 may forward, through the first gateway NTN-GW1, the buffered uplink (UL) data of the terminal device 110 to the CN device 130.
  • the eNB2 serves the geographical area of the terminal device 110, but it has no connection with the gateways and the CN device 130.
  • the eNB3 has connection 114-2 with the second gateway NTN-GW2.
  • the CN device 130 may transmit data (if any) , targeting the terminal device 110, to eNB3 through the second gateway NTN-GW2.
  • the eNB3 may store the received data.
  • the eNB3 serves the geographical area of the terminal device 110 and has connection 111-2 with the terminal device 110, but it has no connection with the gateways and the CN device 130.
  • the eNB3 may transmit the stored data to the terminal device 110.
  • the eNB1, eNB2 and eNB3 may not serve the geographical area of the terminal device 110 in each pass around the earth.
  • the eNB1 may serve the geographical area of the terminal device 110 in one pass, but it may not serve the geographical area of the terminal device 110 in the next pass. So it is possible that different eNBs serve the geographical area of the terminal device 110 at different times.
  • the UL data received from the UE is first stored in the Satellite when the satellite only have connection with UE, then it is forwarded to the GW/CN when the satellite has connection with GW/CN.
  • These two connections may occur in different, non-overlapping times.
  • limitations to the size/amount of data that can be sent from the UE could be enforced per connection. This is agreed in SA1 TR22.865, and it is proposed that the 5G system with satellite access supporting store and forward operation shall be able to inform a UE when the maximum system capacity of storage for the UE is reached.
  • CIoT Cellular Internet of Things
  • EPS/5GS optimization encompasses a set of solutions to support efficient data transmission between IoT devices and IoT applications/service, for example, the Control Plane (CP) CIoT EPS/5GS optimization and the User Plane CIoT EPS/5GS optimization.
  • CP Control Plane
  • CIoT EPS/5GS optimization encompasses a set of solutions to support efficient data transmission between IoT devices and IoT applications/service, for example, the Control Plane (CP) CIoT EPS/5GS optimization and the User Plane CIoT EPS/5GS optimization.
  • CP Control Plane
  • CIoT EPS/5GS optimization User Plane CIoT EPS/5GS optimization.
  • a UL NAS signalling message or UL NAS message carrying data can be transmitted in a UL RRC container message (as shown in FIG. 1C) .
  • a downlink (DL) NAS signaling or DL NAS data can be transmitted in a DL RRC container message;
  • DRB Data radio bearer
  • a non-anchor carrier can be configured for all unicast transmissions during RRC connection establishment or re-establishment.
  • FIG. 1C illustrates the RRC connection established for Control Plane CIoT EPS/5GS Optimisations related to some example embodiments of the present disclosure
  • FIG. 1D illustrates MO-EDT for Control Plane CIoT EPS Optimisation related to some example embodiments of the present disclosure.
  • a malicious UE may initiate the attack by sending many UL data/NAS messages using a legitimate UE’s ID (e.g., S-TMSI) . Since there is no security check for the UL data/NAS messages, the eNB simply saves the UL data/NAS messages received from the malicious UE and counts size/amount of data. This will affect the legitimate UE sending any UL data. In the worst case, the eNB may incorrectly consider the memory reserved for a legitimate UE has reached the size limitation, and reject any further UL data from the legitimate UE.
  • S-TMSI legitimate UE’s ID
  • Some embodiments of the present disclosure propose a method to validate the authenticity of a UE before enforcing the limitations to the size/amount of data that can be sent from the UE, hence prevent a malicious UE launching delay of service (DoS) attack by sending many invalid UL data to network in order to block a legitimate UE sending any UL data in an S&F system.
  • DoS delay of service
  • the validation of the authenticity may be advantageous for other purposes as well, e.g. avoiding malicious computer programs being sent to the eNB by the malicious UE.
  • FIG. 2 illustrates a flowchart illustrating a communication process 200 in accordance with some example embodiments of the present disclosure.
  • the communication process 200 will be described with reference to FIGS. 1A-1D. It would be appreciated that although the communication process 200 has been described referring to the network environment 100 of FIG. 1A, this communication process 200 may be likewise applied to other similar communication scenarios.
  • the core network device 130 derives 205, for a terminal device 110, at least one key based on a non-access stratum (NAS) key of the terminal device and at least one random number.
  • the core network (CN) device 130 may derive the at least one key.
  • the core network device 130 may transmit 210, when access stratum (AS) security is not used between the terminal device 110 and an access network device 120 associated with the terminal device 110, the at least one key and the at least one random number 212 to the access network device 120.
  • the access network device 120 is a non-terrestrial network (NTN) access network device.
  • NTN non-terrestrial network
  • the at least one key is derived further based on at least one of the following: a non-terrestrial network (NTN) indicator; a pre-message 5 (MSG5) key; a tracking area code of the terminal device; an identity (ID) corresponding to the location of the terminal device 110; or an identity (ID) of the access network device 120; or an identity of a NTN device that the access network device 120 is embarked on.
  • NTN non-terrestrial network
  • MSG5 pre-message 5
  • the identity (ID) corresponding to the location of the terminal device 110 may be a Mapped Cell ID. Alternatively, it may be any other ID corresponding to the UE’s location.
  • the identity (ID) of a NTN device that the access network device 120 is embarked on may be an ID of the satellite (or HAPS, High Altitude Platform Station) .
  • High Altitude Platform Station airborne vehicle embarking the NTN payload placed at an altitude between 8 and 50km.
  • Non-terrestrial network an NG-RAN consisting of gNBs or an E-UTRAN consisting of eNBs, which provide non-terrestrial NR access or LTE access to UEs by means of an NTN payload embarked on an airborne or space-borne NTN vehicle and an NTN Gateway.
  • the derived key may also be referred to as Knb’ which is different from a legacy KeNB or KgNB.
  • the CN device 130 derives a Knb’ (different from the legacy KeNB or KgNB) from NAS key, with input parameters, e.g. NTN indicator (or can be generalize as pre MSG5 key) , a random number, etc.
  • the key generation may also consider the location of the UE, i.e. the provided Knb’ is per Tracking Area or per geographical area.
  • the geographical area may be identified by a Mapped Cell ID, or an area ID, or any ID that can identify the UE’s location.
  • the key generation may also consider the ID of target eNB/satellite that will serve the UE, i.e. the provided Knb’ is per eNB/Satellite.
  • an access network device 120 for example, an eNB/Satellite
  • the CN device 130 provides the generated key and the random number to the access network device 120 (e.g. eNB) .
  • the access network device 120 e.g. eNB
  • the core network device 130 may use a random number generator to generate the at least one random number.
  • the core network device 130 may use a PRNG (Pseudo Random Number Generator) as described in TS 33.401 to generate the at least one random number.
  • PRNG Pulseudo Random Number Generator
  • the access network device 120 is a first access network device
  • the at least one key is at least one first key
  • the at least one random number is at least one first random number
  • the core network device 130 may further transmit at least one second key and at least one second random number to a second access network device associated with the terminal device 110.
  • the at least one first key and the at least one second key are same or different.
  • the CN device 130 may provide same or different keys to multiple access network devices (for example, eNBs/satellites) that will serve the UE.
  • the at least one key is one derived key (i.e. only one key is derived)
  • the at least one random number comprises multiple random numbers
  • the core network device 130 may derive the one key by deriving, for the terminal device 110, the one key based on the NAS key and a first random number of the multiple random numbers.
  • the CN device 130 may generate one Knb’ , and provide ⁇ Knb’ , multiple random numbers ⁇ to the access network device 120 (e.g. eNB) .
  • the at least one key comprises multiple keys (i.e. multiple keys are derived)
  • the at least one random number comprises multiple random numbers corresponding to the multiple keys respectively
  • the core network device 130 may derive the multiple keys by deriving the multiple keys based on the NAS key and the corresponding multiple random numbers respectively.
  • the CN device 130 may generate multiple Knb’ and each Knb’ is generated with a different random number as input.
  • the CN device 130 provides a list of ⁇ Knb’ , random number ⁇ to the access network device 120 (e.g. eNB) .
  • the access network device 120 receives 215 the at least one key and the at least one random number 212 from the core network device 130.
  • the access network device 120 may save the key and the random number.
  • the access network device 120 transmits 220 the at least one random number 222 to the terminal device 110.
  • the access network device 120 e.g. eNB/satellite
  • the access network device 120 provides the random number, and for example, requests the UE to send a protected RRC message including the UL NAS.
  • the at least one random number may be transmitted to the terminal device 110 via a dedicated RRC message or a broadcast RRC message (for example, a system information block SIB) .
  • the terminal device 110 may derive 230 at least one key based on its NAS key and the at least one random number. That is to say, the terminal device 110 uses the same method as CN device 130 to derive Knb’ .
  • the terminal device 110 transmits 235, to the access network device 120, a radio resource control (RRC) message 238 (e.g. including a NAS message) , and the RRC message is protected based on the at least one key. That is to say, the UE may use the generated key (s) to protect the RRC message (e.g. including the UL NAS) .
  • RRC radio resource control
  • the at least one key is one derived key (i.e. only one key is derived)
  • the at least one random number comprises multiple random numbers.
  • the terminal device 110 may derive the one key based on the NAS key and a first random number of the multiple random numbers.
  • the protection of the RRC message is based on the one key, and the first random number or a second random number of the multiple random numbers.
  • the RRC message may be a first RRC message, and the terminal device may transmit, to the access network device, a second RRC message.
  • the second RRC message is protected based on the one key and a third random number of the multiple random numbers.
  • the CN device 130 generates one Knb’ , and provide ⁇ Knb’ , multiple random numbers ⁇ to the access network device 120 (e.g. eNB) (in the transmission of the at least one key and the at least one random number 212) .
  • the random numbers are further provided to UE (in the transmission of the at least one random number 222) .
  • the UE also generates (230) one Knb’ .
  • a different random number is used to generate the message authentication code (MAC) for each UL data.
  • MAC message authentication code
  • UE e.g. in the transmission of the at least one key and the at least one random number 212) .
  • UE e.g. in the transmission of the at least one random number 222 .
  • the access network device 120 e.g. eNB
  • UE uses one Knb’ and different random number to calculate the MAC for each UL data.
  • the 10 UL data only one Knb’ is derived, and the 10 different UL data share the derived one Knb’ , but are differentiated with the 10 random numbers.
  • the at least one key comprises multiple keys (i.e. multiple keys are derived)
  • the at least one random number comprises multiple random numbers corresponding to the multiple keys respectively.
  • the terminal device 110 may derive the multiple keys based on the NAS key and the corresponding multiple random numbers respectively.
  • the protection of the RRC message is based on a first key of the multiple keys.
  • the RRC message is a first RRC message
  • the terminal device 110 further transmit, to the access network device 120, a second RRC message.
  • the second RRC message is protected based on a second key of the multiple keys.
  • the CN device 130 generates multiple Knb’ and each Knb’ is generated with a different random number as input.
  • the CN device 130 provides a list of ⁇ Knb’ , random number ⁇ to the access network device 120 (e.g. eNB) (in the transmission of the at least one key and the at least one random number 212) .
  • the random numbers are further provided to UE (in the transmission of the at least one random number 222) .
  • the UE also generate multiple Knb’ based on the received random numbers.
  • a different random number is used to generate each Knb’ , which is then used to generate a MAC for a UL data.
  • UE may send 10 UL data in a satellite pass over the UE’s geographical area
  • 10 set of ⁇ Knb’ , random number ⁇ are provided from the CN device 130 to the access network device 120 (e.g. eNB) (e.g. in the transmission of the at least one key and the at least one random number 212)
  • the 10 random numbers are provided to UE (e.g. in the transmission of the at least one random number 222)
  • the access network device 120 e.g. eNB
  • UE When UE connects with the access network device 120 (e.g. eNB) , UE generates a different Knb’ with a different random number as input.
  • the UE calculates the MAC for a specific UL data.
  • 10 different Knb’ are used for 10 different UL data.
  • 10 Knb’ are derived, and the 10 different UL data are differentiated with the 10 derived Knb’ .
  • Knb’ is generated based on one random number, and then the MAC is generated based on another random number.
  • the UE may use a Knb’ generated based one random number, then UE use the Knb’ and another random number to calculate the MAC for each UL data.
  • the 10 different UL data may be differentiated not only with 10 derived Knb’ but also with another 10 random numbers.
  • the terminal device 110 may generate a message authentication code (MAC) based on (i) the at least one key, (ii) an integrity key derived from the at least one key, (iii) a confidentiality protection key derived from the at least one key, or (iv) a random number of the at least one random number, or any combination of the above-mentioned options. Then, the terminal device 110 can include the MAC in the RRC message. That is to say, the UE uses the same method as the CN device 130 to derive Knb’ , and probably generates integrity and/or confidentiality key. The UE uses the generated key (s) to protect the RRC message including the UL NAS. For example, the UE generates a message authentication code (MAC) with an integrity key (or a confidentiality protection key) derived from Knb’ , and includes the MAC in the RRC message.
  • MAC message authentication code
  • the access network device 120 may validate 245 the RRC message based on the at least one key. In some embodiments, if the validation of the RRC message is passed, the access network device 120 may enforce a size/amount limitation of data allowed to be sent from the terminal device. Afterwards, the access network device 120 can store the content of the RRC message. In some embodiments, if the validation of the RRC message is failed, the access network device 120 may discard the received RRC message.
  • the access network device 120 in order to validate the RRC message, can generate a first message authentication code (MAC) based on (i) the at least one key, (ii) an integrity key derived from the at least one key, (iii) a confidentiality protection key derived from the at least one key, (iv) a random number of the at least one random number, or any combination of the above mentioned options.
  • MAC message authentication code
  • the access network device 120 can validate the RRC message by comparing the first MAC to a second MAC included in the received RRC message.
  • the access network device 120 validates the integrity of the message, e.g., validate the MAC included in the RRC message.
  • the access network device 120 may validate the integrity of the message by comparing received MAC and MAC generated locally with Knb’ or derived integrity key (and optional confidentiality protection key) .
  • the access network device 120 e.g. eNB
  • the access network device 120 e.g. eNB
  • the at least one key is one derived key (i.e. only one key is derived)
  • the at least one random number comprises multiple random numbers
  • the one key is derived based on the NAS key and a first random number of the multiple random numbers
  • the validation of the RRC message is based on the one key, and the first random number or a second random number of the multiple random numbers.
  • the received RRC message is a first RRC message
  • the access network device 120 may further receive, from the terminal device 110, a second RRC message including a NAS message; and validate the second RRC message based on the at least one key and a third random number of the multiple random numbers.
  • the at least one key comprises multiple keys (i.e. multiple keys are derived)
  • the at least one random number comprises multiple random numbers corresponding to the multiple keys respectively
  • the multiple keys are derived based on the NAS key and the corresponding multiple random numbers respectively
  • the validation of the RRC message is based on a first key of the multiple keys.
  • the received RRC message is a first RRC message
  • the access network device 120 may further receive, from the terminal device 110, a second RRC message including a NAS message; and validate the second RRC message based on a second key of the multiple keys.
  • the access network device 120 may transmit 250 to the terminal device 110 a message 252 related to the validating (or authentication) . And the terminal device 110 may receive 255 the message.
  • the message 252 related to the validating (or authentication) indicates the result of the validating (or authentication) , e.g. whether the validation has been successful and the UL NAS/data has been stored in the access network device 120 or failed.
  • the message 252 indicates a remaining data size available for the terminal device at the access network device, e.g. an instruction to the terminal device 110 to limit or stop the UL data transmission.
  • the message 252 indicates a combination of the result of the validation (or authentication) and the indication of the remaining data size.
  • the validation comprises the authentication of the terminal device 110.
  • the access network device 120 may send (not shown in FIG. 2) the INITIAL UE MESSAGE including the NAS stored for the terminal device 110 to the CN device 130.
  • the rest procedures may continue as normal CIOT.
  • the access network device 120 (for example, eNB) is able to verify whether an UL NAS is sent from a legitimate UE and then enforce the size limitation.
  • a malicious UE may send UL NAS to the access network device 120 (for example, eNB) , but it is unable to pass the security check in the access network device 120 (for example, eNB) .
  • the proposed solutions may prevent a malicious UE overloading the access network device 120 (for example, eNB) or, generally, prevent the malicious UE sending malicious data to the access network device 120.
  • the solutions provided by some embodiments of the present disclosure have many advantages, for example, DoS attack on legitimate UEs can be addressed. In addition, replay attack can be avoided. Further, existing mechanism is reused in most extent, which may be easier to be accepted in the development of related technologies.
  • FIG. 3 illustrates an example signaling flow in accordance with some example embodiments of the present disclosure.
  • the signaling flow illustrated in FIG. 3 is based on Control Plane CIoT EPS/5GS Optimisations, and it is an example of the communication process 200 illustrated in FIG. 2.
  • UE1 310, eNB (SAT1) 320 and CN 330 illustrated in FIG. 3 are respectively examples of the terminal device 110, the access network 120 and the core network device 130 illustrated in FIG. 2.
  • the UE i.e., UE1 310
  • the example only uses one satellite/eNB as example. It is similar when multiple satellites/eNBs are involved.
  • a satellite has one eNB onboard and in the following a reference to a satellite entails a reference to the onboard eNB, and vice versa.
  • some improvements introduced by example embodiments of the present disclosure are included in steps 302, 303, 305 (including random number) , 306, 307 (including MAC) and 308 illustrated in FIG. 3.
  • CN 330 derives a Knb’ (different from the legacy KeNB or KgNB) from NAS key, with input parameters, e.g. NTN indicator (or can be generalize as pre MSG5 key) , a random number, etc.
  • the key generation may also consider the location of the UE, i.e. the provided Knb’ is per Tracking Area or per geographical area.
  • the geographical area may be identified by a Mapped Cell ID, or an area ID, or any ID that can identify the UE’s location.
  • the key generation may also consider the ID of target eNB/satellite that will serve the UE, i.e. the provided Knb’ is per eNB/Satellite.
  • eNB (SAT1) 320 when eNB (SAT1) 320 has a connection to CN 330, CN 330 sends the key and the random number to a target eNB (i.e. eNB (SAT1) 320in this example) together with UE1 310’s identity (ID) , for example, S-TMSI.
  • eNB (SAT1) 320 may save the received information and use it later, for example, it may generate integrity protection key (or use directly the Knb’ ) and optional confidentiality protection key.
  • CN 330 knows the rough location of UE1 310 during UE1 310’s attach procedure, e.g. eNB (SAT1) 320 determines UE1 310’s location, derives a Mapped Cell ID based on UE1 310’s location, sends the Mapped Cell ID to CN 330 during the Attach procedure.
  • CN 330 may send the information to multiple eNBs, e.g. when the TAI list included in ATTACH ACCEPT message (or the Registration Area in NR REGISTRATION ACCEPT) corresponds to a large area that will be served by multiple eNBs.
  • UE1 310 may send eNB (SAT1) 320 RRCConnectionRequest including UE1 310’s ID (e.g. S-TMSI) .
  • eNB (SAT1) 320 may send RRCConnectionSetup including the random number.
  • UE1 310 may use the same way as in step 302 to derive Knb’ , and probably generates integrity and/or confidentiality key as in step 303, then protects the RRCConnectionSetupComplete with the keys when sending the message, e.g. generate a MAC with the derived key.
  • the solution may reuse the security protection algorithm defined in TS 33.501 for integrity and confidentiality protection.
  • Knb’ and PDCP counter may be included to generate MAC for integrity protection, then replay attack can be addressed, and authenticity of the UE can be ensured. Similar to step 303, the Knb’ may be directly used for integrity key if confidentiality protection is not needed.
  • UE1 310 may send RRCConnectionSetupComplete including the NAS message and the MAC.
  • CN 330 may generate one Knb’ , and provide ⁇ Knb’ , multiple random numbers ⁇ to eNB (SAT1) 320 (step 303) .
  • the random numbers are further provided to UE1 310 (step 304) .
  • UE1 310 also generates one Knb’ in step 305.
  • a different random number is used to generate the MAC for each UL data.
  • 10 random numbers are provided from CN 330 to eNB (SAT1) 320 (e.g.
  • step 303) then they are provided to UE1 310 (e.g. step 305) .
  • UE1 310 may use one Knb’ and a different random number to calculate the MAC for each UL data and transmit the UL data including the MAC to eNB (SAT1) 320.
  • CN 330 may generate multiple Knb’ and each Knb’ is generated with a different random number as input.
  • CN 330 may provide a list of ⁇ Knb’ , random number ⁇ to eNB (SAT1) 320 in step 303.
  • the random numbers are further provided to UE1 310 (step 305) .
  • UE1 310 also generates multiple Knb’ based on received random numbers. A different random number may be used to generate each Knb’ which is then used to generate a MAC for a UL data.
  • UE1 310 may send 10 UL data in a satellite pass over UE 310’s geographical area, 10 set of ⁇ Knb’ , random number ⁇ may be provided from CN 330 to eNB (SAT1) 320 (e.g. step 303) , then the 10 random numbers are provided to UE1 310 (e.g. step 305) .
  • SAT1 320 When UE1 310 connects with eNB (SAT1) 320, UE1 310 may generate a different Knb’ with a different random number as input. UE1 310 then calculates the MAC for a specific UL data.
  • Knb’ is generated based on one random number, and then the MAC is generated based on another random number.
  • UE1 310 may use a Knb’ generated based one random number, then UE use the Knb’ and another random number to calculate the MAC for each UL data.
  • eNB (SAT1) 320 may validate the integrity of the message by comparing received MAC and MAC generated locally with Knb’ or derived integrity key. If the validation is passed, eNB (SAT1) 320 may enforce the size limitation if the limitation is per UE and saves the NAS message. Otherwise, eNB (SAT1) 320 may discard the received NAS message.
  • eNB (SAT1) 320 may send the INITIAL UE MESSAGE including the NAS store for UE1 310 to CN 330. The rest procedures continue as normal CIOT.
  • eNB (SAT1) 320 may transmit to UE1 310 a message related to the validating (or authentication) .
  • the message related to the validating (or authentication) indicates the result of the validating (or authentication) , or a remaining data size available for UE1 310 at eNB (SAT1) 320, or a combination of them.
  • a malicious UE is prevented via the solutions provided by the present disclosure.
  • DoS and replay attack can be addressed.
  • existing mechanism is reused in most extent, which may be easier to be accepted in the development of related technology.
  • confidentiality protection may be achieved.
  • FIG. 4 illustrates another example signaling flow in accordance with some example embodiments of the present disclosure.
  • the signaling flow illustrated in FIG. 4 is based on MO-EDT for Control Plane CIoT EPS Optimisation, and it is another example of the communication process 200 illustrated in FIG. 2.
  • UE1 410, eNB (SAT1) 420 and CN 430 illustrated in FIG. 4 are respectively examples of the terminal device 110, the access network 120 and the core network device 130 illustrated in FIG. 2.
  • the UE i.e. UE1 410
  • the main difference to FIG. 3 is how the random number is provided to UE1 410.
  • some improvements introduced by example embodiments of the present disclosure are included in steps 402, 403, 404 (including random number) , 405, 406 (including MAC) , 407 and 409 illustrated in FIG. 4.
  • eNB (SAT1) 320 sends the random number to UE1 310 via dedicated RRC message (RRCConnectionSetup message at step 305) .
  • RRC message e.g. SIB at step 404 .
  • the random numbers can be the same for all UEs in the same geographical area.
  • steps 402, 403, 405, 406, 407, 408 and 409 in FIG. 4 are respectively similar to steps 302, 303, 306, 307, 308, 309 and 311 in FIG. 3, the description of which is omitted for the purpose of brevity. It is noted that some example embodiments of the present disclosure may be described in context of LTE, but it could also be adopted to NR or other communication networks or systems.
  • FIG. 5 illustrates a flowchart of an example method 500 implemented at a terminal device 110 in accordance with some embodiments of the present disclosure. For the purpose of discussion, the method 500 will be described from the perspective of the terminal device 110 with reference to FIGS. 1A-2.
  • the terminal device 110 receives, when access stratum (AS) security is not used between the terminal device and an access network device, at least one random number from the access network device of a non-terrestrial network (NTN) .
  • the terminal device 110 derives at least one key based on a non-access stratum (NAS) key of the terminal device and the at least one random number.
  • the terminal device 110 transmits, to the access network device, a radio resource control (RRC) message.
  • the RRC message is protected based on the at least one key.
  • the terminal device 110 receives from the access network device a message related to the validating.
  • the at least one key may be one key
  • the at least one random number may comprise multiple random numbers
  • the terminal device 110 may derive the one key by: deriving the one key based on the NAS key and a first random number of the multiple random numbers.
  • the protection of the RRC message is based on the one key, and the first random number or a second random number of the multiple random numbers.
  • the RRC message may be a first RRC message
  • the terminal device 110 may transmit, to the access network device, a second RRC message.
  • the second RRC message is protected based on the one key and a third random number of the multiple random numbers.
  • the at least one key may comprise multiple keys
  • the at least one random number may comprise multiple random numbers corresponding to the multiple keys respectively
  • the terminal device may derive the multiple keys by: deriving the multiple keys based on the NAS key and the corresponding multiple random numbers respectively.
  • the protection of the RRC message is based on a first key of the multiple keys.
  • the RRC message may be a first RRC message
  • the terminal device 110 may further transmit, to the access network device, a second RRC message.
  • the second RRC message is protected based on a second key of the multiple keys.
  • the at least one random number may be received from the access network device via a dedicated Radio Resource Control (RRC) message or a broadcast RRC message (for example, a system information block SIB) .
  • RRC Radio Resource Control
  • SIB system information block
  • the terminal device 110 may protect the RRC message by: generating a message authentication code (MAC) based on at least one of (i) the at least one key, (ii) an integrity key derived from the at least one key, (iii) a confidentiality protection key derived from the at least one key, or (iv) a random number of the at least one random number; and including the MAC in the RRC message.
  • MAC message authentication code
  • the at least one key may be derived further based on at least one of the following: a non-terrestrial network (NTN) indicator; a pre-message 5 (MSG5) key; a tracking area code of the terminal device; an identity (ID) corresponding to the location of the terminal device; an identity (ID) of the access network device; or an identity of a NTN device that the access network device is embarked on.
  • NTN non-terrestrial network
  • MSG5 pre-message 5
  • the message related to the validating may indicate at least one of: the result of the validating; or a remaining data size available for the terminal device at the access network device.
  • FIG. 6 illustrates another flowchart of an example method 600 implemented at an access network device 120 in accordance with some other embodiments of the present disclosure.
  • the method 600 will be described from the perspective of the access network device 120 with reference to FIGS. 1A-2.
  • the access network device 120 receives, when access stratum (AS) security is not used between a terminal device and the access network device, at least one key and at least one random number from a core network device.
  • the access network device is a non-terrestrial network (NTN) access network device.
  • the at least one key is derived based on a non-access stratum (NAS) key of the terminal device and the at least one random number.
  • the access network device 120 transmits the at least one random number to the terminal device.
  • the access network device 120 receives, from the terminal device, a radio resource control (RRC) message.
  • RRC radio resource control
  • the access network device 120 validates the RRC message based on the at least one key.
  • the access network device 120 transmits to the terminal device a message related to the validating.
  • the access network device 120 may validate the RRC message by: generating a first message authentication code (MAC) based on at least one of (i) the at least one key, (ii) an integrity key derived from the at least one key, (iii) a confidentiality protection key derived from the at least one key, or (iv) a random number of the at least one random number; and validating the RRC message by comparing the first MAC to a second MAC included in the received RRC message.
  • MAC message authentication code
  • the access network device 120 may further, based on determining that the validation of the RRC message is passed, enforce a size/amount limitation of data allowed to be sent from the terminal device; and store the content of the RRC message.
  • the access network device 120 may further, based on determining that the validation of the RRC message is failed, discard the received RRC message.
  • the at least one key may be one key
  • the at least one random number may comprise multiple random numbers
  • the one key may be derived based on the NAS key and a first random number of the multiple random numbers
  • the validation of the RRC message may be based on the one key, and the first random number or a second random number of the multiple random numbers.
  • the RRC message may be a first RRC message
  • the access network device may further receive, from the terminal device, a second RRC message; and validate the second RRC message based on the at least one key and a third random number of the multiple random numbers.
  • the at least one key may comprise multiple keys
  • the at least one random number may comprise multiple random numbers corresponding to the multiple keys respectively
  • the multiple keys may be derived based on the NAS key and the corresponding multiple random numbers respectively
  • the validation of the RRC message may be based on a first key of the multiple keys.
  • the RRC message may be a first RRC message
  • the access network device may further receive, from the terminal device, a second RRC message; and validate the second RRC message based on a second key of the multiple keys.
  • the at least one random number may be transmitted to the terminal device via a dedicated Radio Resource Control (RRC) message or a broadcast RRC message (for example, a system information block SIB) .
  • RRC Radio Resource Control
  • SIB system information block
  • the at least one key may be derived further based on at least one of the following: a non-terrestrial network (NTN) indicator; a pre-message 5 (MSG5) key; a tracking area code of the terminal device; an identity (ID) corresponding to the location of the terminal device; an identity (ID) of the access network device; or an identity of a NTN device that the access network device is embarked on.
  • NTN non-terrestrial network
  • MSG5 pre-message 5
  • the message related to the validating may indicate at least one of: the result of the validating; or a remaining data size available for the terminal device at the access network device.
  • FIG. 7 illustrates another flowchart of an example method 700 implemented at a core network device 130 in accordance with some other embodiments of the present disclosure.
  • the method 700 will be described from the perspective of the core network device 130 with reference to FIGS. 1A-2.
  • the core network device 130 derives, for a terminal device 110, at least one key based on a non-access stratum (NAS) key of the terminal device 110 and at least one random number.
  • the core network device 130 transmit, when access stratum (AS) security is not used between the terminal device 110 and an access network device 130 associated with the terminal device 110, the at least one key and the at least one random number to the access network device 120.
  • the access network device 120 is a non-terrestrial network (NTN) access network device.
  • the at least one key may be one key
  • the at least one random number may comprise multiple random numbers
  • the core network device may derive the one key by: deriving, for the terminal device, the one key based on the NAS key and a first random number of the multiple random numbers.
  • the at least one key may comprise multiple keys
  • the at least one random number may comprise multiple random numbers corresponding to the multiple keys respectively
  • the core network device 130 may derive the multiple keys by: deriving the multiple keys based on the NAS key and the corresponding multiple random numbers respectively.
  • the at least one key may be derived further based on at least one of the following: a non-terrestrial network (NTN) indicator; a pre-message 5 (MSG5) key; a tracking area code of the terminal device 110; an identity (ID) corresponding to the location of the terminal device 110; an identity (ID) of the access network device 120; or an identity of a NTN device that the access network device 120 is embarked on.
  • NTN non-terrestrial network
  • MSG5 pre-message 5
  • the access network device 120 may be a first access network device
  • the at least one key may be at least one first key
  • the at least one random number may be at least one first random number
  • the core network device 130 may further transmit at least one second key and at least one second random number to a second access network device associated with the terminal device 110.
  • the at least one first key and the at least one second key may be same or different.
  • an apparatus capable of performing the method 500 may comprise means for performing the respective steps of the method 500.
  • the means may be implemented in any suitable form.
  • the means may be implemented in a circuitry or software module.
  • the apparatus comprises: means for receiving, at a terminal device, when access stratum (AS) security is not used between the terminal device and an access network device, at least one random number from the access network device of a non-terrestrial network (NTN) ; means for deriving at least one key based on a non-access stratum (NAS) key of the terminal device and the at least one random number; means for transmitting, to the access network device, a radio resource control (RRC) message, wherein the RRC message is protected based on the at least one key; and means for, after validating the terminal device based on the RRC message protected based on the at least one key, receiving from the access network device a message related to the validating.
  • AS access stratum
  • NTN non-terrestrial network
  • RRC radio resource control
  • the at least one key is one key
  • the at least one random number comprises multiple random numbers
  • the means for deriving the at least one key comprises: means for deriving the one key based on the NAS key and a first random number of the multiple random numbers, wherein the protection of the RRC message is based on the one key, and the first random number or a second random number of the multiple random numbers.
  • the RRC message is a first RRC message
  • the apparatus further comprises: means for transmitting, to the access network device, a second RRC message, wherein the second RRC message is protected based on the one key and a third random number of the multiple random numbers.
  • the at least one key comprises multiple keys
  • the at least one random number comprises multiple random numbers corresponding to the multiple keys respectively
  • the means for deriving the at least one key comprises: means for deriving the multiple keys based on the NAS key and the corresponding multiple random numbers respectively, wherein the protection of the RRC message is based on a first key of the multiple keys.
  • the RRC message is a first RRC message
  • the apparatus further comprises: means for transmitting, to the access network device, a second RRC message, wherein the second RRC message is protected based on a second key of the multiple keys.
  • the at least one random number is received from the access network device via a dedicated Radio Resource Control (RRC) message or a broadcast RRC message (for example, a system information block SIB) .
  • RRC Radio Resource Control
  • SIB system information block
  • the apparatus further comprises: means for protecting the RRC message by: generating a message authentication code (MAC) based on at least one of (i) the at least one key, (ii) an integrity key derived from the at least one key, (iii) a confidentiality protection key derived from the at least one key, or (iv) a random number of the at least one random number; and including the MAC in the RRC message.
  • MAC message authentication code
  • the at least one key is derived further based on at least one of the following: a non-terrestrial network (NTN) indicator; a pre-message 5 (MSG5) key; a tracking area code of the terminal device; an identity (ID) corresponding to the location of the terminal device; an identity (ID) of the access network device; or an identity of a NTN device that the access network device is embarked on.
  • NTN non-terrestrial network
  • MSG5 pre-message 5
  • the message related to the validating indicates at least one of: the result of the validating; or a remaining data size available for the terminal device at the access network device.
  • the apparatus further comprises means for performing other steps in some embodiments of the method 500.
  • the means comprises at least one processor and at least one memory including computer program code, the at least one memory and computer program code configured to, with the at least one processor, cause the performance of the apparatus.
  • an apparatus capable of performing the method 600 may comprise means for performing the respective steps of the method 600.
  • the means may be implemented in any suitable form.
  • the means may be implemented in a circuitry or software module.
  • the apparatus comprises: means for receiving, at an access network device, when access stratum (AS) security is not used between a terminal device and the access network device, at least one key and at least one random number from a core network device, wherein the access network device is a non-terrestrial network (NTN) access network device, wherein the at least one key is derived based on a non-access stratum (NAS) key of the terminal device and the at least one random number; means for transmitting the at least one random number to the terminal device; means for receiving, from the terminal device, a radio resource control (RRC) message; means for validating the RRC message based on the at least one key; and means for, after said validating, transmitting to the terminal device a message related to the validating.
  • AS access stratum
  • NTN non-terrestrial network
  • NAS non-access stratum
  • the means for validating the RRC message comprises means for validating the RRC message by: generating a first message authentication code (MAC) based on at least one of (i) the at least one key, (ii) an integrity key derived from the at least one key, (iii) a confidentiality protection key derived from the at least one key, or (iv) a random number of the at least one random number; and validating the RRC message by comparing the first MAC to a second MAC included in the received RRC message.
  • MAC message authentication code
  • the apparatus further comprises: means for, based on determining that the validation of the RRC message is passed, enforcing a size/amount limitation of data allowed to be sent from the terminal device; and means for storing the content of the RRC message.
  • the apparatus further comprises means for, based on determining that the validation of the RRC message is failed, discarding the received RRC message.
  • the at least one key is one key
  • the at least one random number comprises multiple random numbers
  • the one key is derived based on the NAS key and a first random number of the multiple random numbers
  • the validation of the RRC message is based on the one key, and the first random number or a second random number of the multiple random numbers.
  • the RRC message is a first RRC message
  • the apparatus further comprises: means for receiving, from the terminal device, a second RRC message; and means for validating the second RRC message based on the at least one key and a third random number of the multiple random numbers.
  • the at least one key comprises multiple keys
  • the at least one random number comprises multiple random numbers corresponding to the multiple keys respectively
  • the multiple keys are derived based on the NAS key and the corresponding multiple random numbers respectively
  • the validation of the RRC message is based on a first key of the multiple keys.
  • the RRC message is a first RRC message
  • the apparatus further comprises: means for receiving, from the terminal device, a second RRC message; and means for validating the second RRC message based on a second key of the multiple keys.
  • the at least one random number is transmitted to the terminal device via a dedicated Radio Resource Control (RRC) message or a broadcast RRC message (for example, a system information block SIB) .
  • RRC Radio Resource Control
  • SIB system information block
  • the at least one key is derived further based on at least one of the following: a non-terrestrial network (NTN) indicator; a pre-message 5 (MSG5) key; a tracking area code of the terminal device; an identity (ID) corresponding to the location of the terminal device; an identity (ID) of the access network device; or an identity of a NTN device that the access network device is embarked on.
  • NTN non-terrestrial network
  • MSG5 pre-message 5
  • the message related to the validating indicates at least one of: the result of the validating; or a remaining data size available for the terminal device at the access network device.
  • the apparatus further comprises means for performing other steps in some embodiments of the method 600.
  • the means comprises at least one processor and at least one memory including computer program code, the at least one memory and computer program code configured to, with the at least one processor, cause the performance of the apparatus.
  • an apparatus capable of performing the method 700 may comprise means for performing the respective steps of the method 700.
  • the means may be implemented in any suitable form.
  • the means may be implemented in a circuitry or software module.
  • the apparatus comprises: means for deriving, at a core network device, for a terminal device, at least one key based on a non-access stratum (NAS) key of the terminal device and at least one random number; and means for transmitting, when access stratum (AS) security is not used between the terminal device and an access network device associated with the terminal device, the at least one key and the at least one random number to the access network device, wherein the access network device is a non-terrestrial network (NTN) access network device.
  • NTN non-terrestrial network
  • the at least one key is one key
  • the at least one random number comprises multiple random numbers
  • the means for deriving the at least one key comprises means for deriving, for the terminal device, the one key based on the NAS key and a first random number of the multiple random numbers.
  • the at least one key comprises multiple keys
  • the at least one random number comprises multiple random numbers corresponding to the multiple keys respectively
  • the means for deriving the at least one key comprises means for deriving the multiple keys based on the NAS key and the corresponding multiple random numbers respectively.
  • the at least one key is derived further based on at least one of the following: a non-terrestrial network (NTN) indicator; a pre-message 5 (MSG5) key; a tracking area code of the terminal device; an identity (ID) corresponding to the location of the terminal device; an identity (ID) of the access network device; or an identity of a NTN device that the access network device is embarked on.
  • NTN non-terrestrial network
  • MSG5 pre-message 5
  • the access network device is a first access network device
  • the at least one key is at least one first key
  • the at least one random number is at least one first random number
  • the apparatus further comprises means for transmitting at least one second key and at least one second random number to a second access network device associated with the terminal device, wherein the at least one first key and the at least one second key are same or different.
  • the apparatus further comprises means for performing other steps in some embodiments of the method 700.
  • the means comprises at least one processor and at least one memory including computer program code, the at least one memory and computer program code configured to, with the at least one processor, cause the performance of the apparatus.
  • FIG. 8 illustrates a simplified block diagram of a device 800 that is suitable for implementing some example embodiments of the present disclosure.
  • the device 800 may be provided to implement a communication device, for example, the terminal device 110, the access network device 120, or the core network device 130 as shown in FIG. 1A.
  • the device 800 includes one or more processors 810, one or more memories 820 coupled to the processor 810, and one or more communication modules 840 coupled to the processor 810.
  • the communication module 840 is for bidirectional communications.
  • the communication module 840 has at least one antenna to facilitate communication.
  • the communication interface may represent any interface that is necessary for communication with other network elements.
  • the processor 810 may be of any type suitable to the local technical network and may include one or more of the following: general purpose computers, special purpose computers, microprocessors, digital signal processors (DSPs) and processors based on multicore processor architecture, as non-limiting examples.
  • the device 800 may have multiple processors, such as an application specific integrated circuit chip that is slaved in time to a clock which synchronizes the main processor.
  • the memory 820 may include one or more non-volatile memories and one or more volatile memories.
  • the non-volatile memories include, but are not limited to, a Read Only Memory (ROM) 824, an electrically programmable read only memory (EPROM) , a flash memory, a hard disk, a compact disc (CD) , a digital video disk (DVD) , and other magnetic storage and/or optical storage.
  • the volatile memories include, but are not limited to, a random access memory (RAM) 822 and other volatile memories that will not last in the power-down duration.
  • a computer program 830 includes computer executable instructions that are executed by the associated processor 810.
  • the program 830 may be stored in the ROM 824.
  • the processor 810 may perform any suitable actions and processing by loading the program 830 into the RAM 822.
  • the embodiments of the present disclosure may be implemented by means of the program 830 so that the device 800 may perform any process of the disclosure as discussed with reference to FIG. 2.
  • the embodiments of the present disclosure may also be implemented by hardware or by a combination of software and hardware.
  • the program 830 may be tangibly contained in a computer-readable medium which may be included in the device 800 (such as in the memory 820) or other storage devices that are accessible by the device 800.
  • the device 800 may load the program 830 from the computer-readable medium to the RAM 822 for execution.
  • the computer-readable medium may include any types of tangible non-volatile storage, such as ROM, EPROM, a flash memory, a hard disk, CD, DVD, and the like.
  • FIG. 9 illustrates a block diagram of an example of a computer-readable medium 900 in accordance with some example embodiments of the present disclosure.
  • the computer-readable medium 900 has the program 830 stored thereon. It is noted that although the computer-readable medium 900 is depicted in form of CD or DVD in FIG. 9, the computer-readable medium 900 may be in any other form suitable for carry or hold the program 830.
  • various embodiments of the present disclosure may be implemented in hardware or special purpose circuits, software, logic or any combination thereof. Some aspects may be implemented in hardware, while other aspects may be implemented in firmware or software which may be executed by a controller, microprocessor or other computing device. While various aspects of embodiments of the present disclosure are illustrated and described as block diagrams, flowcharts, or using some other pictorial representations, it is to be understood that the block, apparatus, system, technique or method described herein may be implemented in, as non-limiting examples, hardware, software, firmware, special purpose circuits or logic, general purpose hardware or controller or other computing devices, or some combination thereof.
  • the present disclosure also provides at least one computer program product tangibly stored on a non-transitory computer-readable storage medium.
  • the computer program product includes computer-executable instructions, such as those included in program modules, being executed in a device on a target real or virtual processor, to carry out the method 500, 600 or 700 as described above with reference to FIG. 5, 6 or 7.
  • program modules include routines, programs, libraries, objects, classes, components, data structures, or the like that perform particular tasks or implement particular abstract data types.
  • the functionality of the program modules may be combined or split between program modules as desired in various embodiments.
  • Machine-executable instructions for program modules may be executed within a local or distributed device. In a distributed device, program modules may be located in both local and remote storage media.
  • Program code for carrying out methods of the present disclosure may be written in any combination of one or more programming languages. These program codes may be provided to a processor or controller of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the program codes, when executed by the processor or controller, cause the functions/operations specified in the flowcharts and/or block diagrams to be implemented.
  • the program code may execute entirely on a machine, partly on the machine, as a stand-alone software package, partly on the machine and partly on a remote machine or entirely on the remote machine or server.
  • the computer program codes or related data may be carried by any suitable carrier to enable the device, apparatus or processor to perform various processes and operations as described above.
  • Examples of the carrier include a signal, computer-readable medium, and the like.
  • the computer-readable medium may be a computer-readable signal medium or a computer-readable storage medium.
  • a computer-readable medium may include but not limited to an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of the computer-readable storage medium would include an electrical connection having one or more wires, a portable computer diskette, a hard disk, a random access memory (RAM) , a read-only memory (ROM) , an erasable programmable read-only memory (EPROM or Flash memory) , an optical fiber, a portable compact disc read-only memory (CD-ROM) , an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
  • non-transitory is a limitation of the medium itself (i.e., tangible, not a signal) as opposed to a limitation on data storage persistency (e.g., RAM vs. ROM) .

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Physics & Mathematics (AREA)
  • Astronomy & Astrophysics (AREA)
  • General Physics & Mathematics (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Example embodiments of the present disclosure relate to validation of a terminal device. In an aspect, a terminal device receives, when access stratum (AS) security is not used between the terminal device and an access network device, at least one random number from the access network device of a non-terrestrial network (NTN). The terminal device derives at least one key based on a non-access stratum (NAS) key of the terminal device and the at least one random number. The terminal device transmits, to the access network device, a radio resource control (RRC) message, wherein the RRC message is protected based on the at least one key. After validating the terminal device based on the RRC message protected based on the at least one key, the terminal device receives from the access network device a message related to the validating.

Description

VALIDATION OF TERMINAL DEVICE FIELD
Example embodiments of the present disclosure generally relate to the field of telecommunication, and in particular, to a terminal device, an access network device, a core network device, methods, apparatuses, and a computer-readable storage medium for validating a terminal device, especially, for enforcing a size/amount limitation of data allowed to be sent from a terminal device.
BACKGROUND
Non-terrestrial networks (NTN) have been defined for NR and NB-IoT/eMTC in an early release of communication specification. It is also proposed that store and forward (S&F) operation is used for IoT NTN. S&F is a new feature that will allow a satellite to provide service to IoT NTN device (s) or terminal device (s) even in periods/areas when/where the satellite is not connected to a Gateway on the ground. S&F is an operation mode of a cellular system offering satellite-access where the cellular system can provide some level of service (in storing and forwarding the data) when satellite connectivity is intermittently/temporarily unavailable, e.g. to provide communication service for IoT NTN device (s) or terminal device (s) under satellite coverage without a simultaneous active feeder link connection to the ground segment.
The store and forward architecture enables a low-cost deployment consisting of just a few satellites and a few ground stations. This means the connectivity cost per device can be further reduced at the cost of only being able to support delay tolerant data. Considering the limited amount of memory in a satellite, it is proposed that limitations to the size/amount of data that can be sent from the terminal device could be enforced. However, how to, effectively and safely, validate or authenticate a terminal device and for example, further enforce the limitations for terminal device (s) should be paid attention to and be studied.
SUMMARY
In general, example embodiments of the present disclosure provide a solution for validating a terminal device.
In a first aspect, there is provided a terminal device. The terminal device comprises at least one processor and at least one memory storing instructions that, when executed by the at least one processor, cause the terminal device at least to: receive, when access stratum (AS) security is not used between the terminal device and an access network device, at least one random number from the access network device of a non-terrestrial network (NTN) ; derive at least one key based on a non-access stratum (NAS) key of the terminal device and the at least one random number; transmit, to the access network device, a radio resource control (RRC) message, wherein the RRC message is protected based on the at least one key; and after validating the terminal device based on the RRC message protected based on the at least one key, receive from the access network device a message related to the validating.
In a second aspect, there is provided an access network device. The access network device comprises at least one processor and at least one memory storing instructions that, when executed by the at least one processor, cause the access network device at least to: receive, when access stratum (AS) security is not used between a terminal device and the access network device, at least one key and at least one random number from a core network device, wherein the access network device is a non-terrestrial network (NTN) access network device, wherein the at least one key is derived based on a non-access stratum (NAS) key of the terminal device and the at least one random number; transmit the at least one random number to the terminal device; receive, from the terminal device, a radio resource control (RRC) message; validate the RRC message based on the at least one key; and after said validating, transmit to the terminal device a message related to the validating.
In a third aspect, there is provided a core network device. The core network device comprises at least one processor and at least one memory storing instructions that, when executed by the at least one processor, cause the core network device at least to: derive, for a terminal device, at least one key based on a non-access stratum (NAS) key of the terminal device and at least one random number; and transmit, when access stratum (AS) security is not used between the terminal device and an access network device associated with the terminal device, the at least one key and the at least one random number to the access network device, wherein the access network device is a non-terrestrial network (NTN) access network device.
In a fourth aspect, there is provided a method. The method comprises: receiving, at a terminal device, when access stratum (AS) security is not used between the terminal device and an access network device, at least one random number from the access network device of a non-terrestrial network (NTN) ; deriving at least one key based on a non-access stratum (NAS) key of the terminal device and the at least one random number; transmitting, to the access network device, a radio resource control (RRC) message, wherein the RRC message is protected based on the at least one key; and after validating the terminal device based on the RRC message protected based on the at least one key, receiving from the access network device a message related to the validating.
In a fifth aspect, there is provided a method. The method comprises: receiving, at an access network device, when access stratum (AS) security is not used between a terminal device and the access network device, at least one key and at least one random number from a core network device, wherein the access network device is a non-terrestrial network (NTN) access network device, wherein the at least one key is derived based on a non-access stratum (NAS) key of the terminal device and the at least one random number; transmitting the at least one random number to the terminal device; receiving, from the terminal device, a radio resource control (RRC) message; validating the RRC message based on the at least one key; and after said validating, transmitting to the terminal device a message related to the validating.
In a sixth aspect, there is provided a method. The method comprises: deriving, at a core network device, for a terminal device, at least one key based on a non-access stratum (NAS) key of the terminal device and at least one random number; and transmitting, when access stratum (AS) security is not used between the terminal device and an access network device associated with the terminal device, the at least one key and the at least one random number to the access network device, wherein the access network device is a non-terrestrial network (NTN) access network device.
In a seventh aspect, there is provided an apparatus. The apparatus comprises: means for receiving, at a terminal device, when access stratum (AS) security is not used between the terminal device and an access network device, at least one random number from the access network device of a non-terrestrial network (NTN) ; means for deriving at least one key based on a non-access stratum (NAS) key of the terminal device and the at least one random number; means for transmitting, to the access network device, a radio resource control (RRC) message, wherein the RRC message is protected based on the at  least one key; and means for, after validating the terminal device based on the RRC message protected based on the at least one key, receiving from the access network device a message related to the validating.
In an eighth aspect, there is provided an apparatus. The apparatus comprises: means for receiving, at an access network device, when access stratum (AS) security is not used between a terminal device and the access network device, at least one key and at least one random number from a core network device, wherein the access network device is a non-terrestrial network (NTN) access network device, wherein the at least one key is derived based on a non-access stratum (NAS) key of the terminal device and the at least one random number; means for transmitting the at least one random number to the terminal device; means for receiving, from the terminal device, a radio resource control (RRC) message; means for validating the RRC message based on the at least one key; and means for, after said validating, transmitting to the terminal device a message related to the validating.
In a ninth aspect, there is provided an apparatus. The apparatus comprises: means for deriving, at a core network device, for a terminal device, at least one key based on a non-access stratum (NAS) key of the terminal device and at least one random number; and means for transmitting, when access stratum (AS) security is not used between the terminal device and an access network device associated with the terminal device, the at least one key and the at least one random number to the access network device, wherein the access network device is a non-terrestrial network (NTN) access network device.
In a tenth aspect, there is provided a non-transitory computer-readable storage medium comprising instructions. The instructions, when executed by an apparatus, cause the apparatus to perform at least the following: receiving, at a terminal device, when access stratum (AS) security is not used between the terminal device and an access network device, at least one random number from the access network device of a non-terrestrial network (NTN) ; deriving at least one key based on a non-access stratum (NAS) key of the terminal device and the at least one random number; transmitting, to the access network device, a radio resource control (RRC) message, wherein the RRC message is protected based on the at least one key; and after validating the terminal device based on the RRC message protected based on the at least one key, receiving from the access network device a message related to the validating.
In an eleventh aspect, there is provided a non-transitory computer-readable storage medium comprising instructions. The instructions, when executed by an apparatus, cause the apparatus to perform at least the following: receiving, at an access network device, when access stratum (AS) security is not used between a terminal device and the access network device, at least one key and at least one random number from a core network device, wherein the access network device is a non-terrestrial network (NTN) access network device, wherein the at least one key is derived based on a non-access stratum (NAS) key of the terminal device and the at least one random number; transmitting the at least one random number to the terminal device; receiving, from the terminal device, a radio resource control (RRC) message; validating the RRC message based on the at least one key; and after said validating, transmitting to the terminal device a message related to the validating.
In a twelfth aspect, there is provided a non-transitory computer-readable storage medium comprising instructions. The instructions, when executed by an apparatus, cause the apparatus to perform at least the following: deriving, at a core network device, for a terminal device, at least one key based on a non-access stratum (NAS) key of the terminal device and at least one random number; and transmitting, when access stratum (AS) security is not used between the terminal device and an access network device associated with the terminal device, the at least one key and the at least one random number to the access network device, wherein the access network device is a non-terrestrial network (NTN) access network device.
In a thirteenth aspect, there is provided a computer program comprising instructions, which, when executed by an apparatus, cause the apparatus at least to: receive, when access stratum (AS) security is not used between the terminal device and an access network device, at least one random number from the access network device of a non-terrestrial network (NTN) ; derive at least one key based on a non-access stratum (NAS) key of the terminal device and the at least one random number; transmit, to the access network device, a radio resource control (RRC) message, wherein the RRC message is protected based on the at least one key; and after validating the terminal device based on the RRC message protected based on the at least one key, receive from the access network device a message related to the validating.
In a fourteenth aspect, there is provided a computer program comprising instructions, which, when executed by an apparatus, cause the apparatus at least to: receive,  when access stratum (AS) security is not used between a terminal device and the access network device, at least one key and at least one random number from a core network device, wherein the access network device is a non-terrestrial network (NTN) access network device, wherein the at least one key is derived based on a non-access stratum (NAS) key of the terminal device and the at least one random number; transmit the at least one random number to the terminal device; receive, from the terminal device, a radio resource control (RRC) message; validate the RRC message based on the at least one key; and after said validating, transmit to the terminal device a message related to the validating.
In a fifteenth aspect, there is provided a computer program comprising instructions, which, when executed by an apparatus, cause the apparatus at least to: derive, for a terminal device, at least one key based on a non-access stratum (NAS) key of the terminal device and at least one random number; and transmit, when access stratum (AS) security is not used between the terminal device and an access network device associated with the terminal device, the at least one key and the at least one random number to the access network device, wherein the access network device is a non-terrestrial network (NTN) access network device.
In a sixteenth aspect, there is provided a terminal device. The terminal device comprises: receiving circuitry configured to receive, when access stratum (AS) security is not used between the terminal device and an access network device, at least one random number from the access network device of a non-terrestrial network (NTN) ; deriving circuitry configured to derive at least one key based on a non-access stratum (NAS) key of the terminal device and the at least one random number; transmitting circuitry configured to transmit, to the access network device, a radio resource control (RRC) message, wherein the RRC message is protected based on the at least one key; and receiving circuitry configured to, after validating the terminal device based on the RRC message protected based on the at least one key, receive from the access network device a message related to the validating.
In a seventeenth aspect, there is provided an access network device. The access network device comprises: receiving circuitry configured to receive, when access stratum (AS) security is not used between a terminal device and the access network device, at least one key and at least one random number from a core network device, wherein the access network device is a non-terrestrial network (NTN) access network device, wherein the at least one key is derived based on a non-access stratum (NAS) key of the terminal device  and the at least one random number; transmitting circuitry configured to transmit the at least one random number to the terminal device; receiving circuitry configured to receive, from the terminal device, a radio resource control (RRC) message; validating circuitry configured to validate the RRC message based on the at least one key; and transmitting circuitry configured to, after said validating, transmit to the terminal device a message related to the validating.
In an eighteenth aspect, there is provided a core network device. The core network device comprises: deriving circuitry configured to derive, for a terminal device, at least one key based on a non-access stratum (NAS) key of the terminal device and at least one random number; and transmitting circuitry configured to transmit, when access stratum (AS) security is not used between the terminal device and an access network device associated with the terminal device, the at least one key and the at least one random number to the access network device, wherein the access network device is a non-terrestrial network (NTN) access network device.
It is to be understood that the summary section is not intended to identify key or essential features of embodiments of the present disclosure, nor is it intended to be used to limit the scope of the present disclosure. Other features of the present disclosure will become easily comprehensible through the following description.
BRIEF DESCRIPTION OF THE DRAWINGS
Some example embodiments will now be described with reference to the accompanying drawings, in which:
FIG. 1A illustrates an example of a network environment in which some example embodiments of the present disclosure may be implemented;
FIG. 1B illustrates an example S&F operation in some example embodiments of the present disclosure;
FIG. 1C illustrates the RRC connection established for Control Plane CIoT EPS/5GS Optimisations related to some example embodiments of the present disclosure;
FIG. 1D illustrates MO-EDT (Mobile Originated Early Data Transmission) for Control Plane CIoT EPS Optimisation related to some example embodiments of the present disclosure;
FIG. 2 illustrates a flowchart illustrating a communication process in accordance with some example embodiments of the present disclosure;
FIG. 3 illustrates an example signaling flow in accordance with some example embodiments of the present disclosure;
FIG. 4 illustrates another example signaling flow in accordance with some example embodiments of the present disclosure;
FIG. 5 illustrates a flowchart of an example method implemented at a terminal device in accordance with some embodiments of the present disclosure;
FIG. 6 illustrates another flowchart of an example method implemented at an access network device in accordance with some embodiments of the present disclosure;
FIG. 7 illustrates another flowchart of an example method implemented at a core network device in accordance with some embodiments of the present disclosure;
FIG. 8 illustrates a simplified block diagram of a device that is suitable for implementing some example embodiments of the present disclosure; and
FIG. 9 illustrates a block diagram of an example of a computer-readable medium in accordance with some example embodiments of the present disclosure.
Throughout the drawings, the same or similar reference numerals represent the same or similar elements.
DETAILED DESCRIPTION
Principles of the present disclosure will now be described with reference to some example embodiments. It is to be understood that these embodiments are described only for the purpose of illustration and help those skilled in the art to understand and implement the present disclosure, without suggesting any limitation as to the scope of the disclosure. The disclosure described herein can be implemented in various manners other than the ones described below.
In the following description and claims, unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skills in the art to which this disclosure belongs.
References in the present disclosure to “one embodiment, ” “an embodiment, ” “an example embodiment, ” and the like indicate that the embodiment described may include a  particular feature, structure, or characteristic, but it is not necessary that every embodiment includes the particular feature, structure, or characteristic. Moreover, such phrases are not necessarily referring to the same embodiment. Further, when a particular feature, structure, or characteristic is described in connection with an embodiment, it is submitted that it is within the knowledge of one skilled in the art to affect such feature, structure, or characteristic in connection with other embodiments whether or not explicitly described.
It shall be understood that although the terms “first” and “second” etc. may be used herein to describe various elements, these elements should not be limited by these terms. These terms are only used to distinguish one element from another. For example, a first element could be termed a second element, and similarly, a second element could be termed a first element, without departing from the scope of example embodiments. As used herein, the term “and/or” includes any and all combinations of one or more of the listed terms.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of example embodiments. As used herein, the singular forms “a” , “an” and “the” are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms “comprises” , “comprising” , “has” , “having” , “includes” and/or “including” , when used herein, specify the presence of stated features, elements, and/or components etc., but do not preclude the presence or addition of one or more other features, elements, components and/or combinations thereof. As used herein, “at least one of the following: <a list of two or more elements>” and “at least one of <a list of two or more elements>” and similar wording, where the list of two or more elements are joined by “and” or “or” , mean at least any one of the elements, or at least any two or more of the elements, or at least all the elements.
As used in this application, the term “circuitry” may refer to one or more or all of the following:
(a) hardware-only circuit implementations (such as implementations in only analog and/or digital circuitry) and
(b) combinations of hardware circuits and software, such as (as applicable) :
(i) a combination of analog and/or digital hardware circuit (s) with software/firmware and
(ii) any portions of hardware processor (s) with software (including digital signal processor (s) ) , software, and memory (ies) that work together to cause an apparatus, such as a mobile phone or server, to perform various functions) and
(c) hardware circuit (s) and or processor (s) , such as a microprocessor (s) or a portion of a microprocessor (s) , that requires software (for example, firmware) for operation, but the software may not be present when it is not needed for operation.
This definition of circuitry applies to all uses of this term in this application, including in any claims. As a further example, as used in this application, the term circuitry also covers an implementation of merely a hardware circuit or processor (or multiple processors) or portion of a hardware circuit or processor and its (or their) accompanying software and/or firmware. The term circuitry also covers, for example and if applicable to the particular claim element, a baseband integrated circuit or processor integrated circuit for a mobile device or a similar integrated circuit in server, a cellular network device, or other computing or network device.
As used herein, the term “communication network” refers to a network following any suitable communication standards, such as Long Term Evolution (LTE) , LTE-Advanced (LTE-A) , Wideband Code Division Multiple Access (WCDMA) , High-Speed Packet Access (HSPA) , Narrow Band Internet of Things (NB-IoT) and so on. Furthermore, the communications between a terminal device and a network device in the communication network may be performed according to any suitable generation communication protocols, including, but not limited to, the fourth generation (4G) , 4.5G, the fifth generation (5G) communication protocols, sixth generation (6G) communication protocols, and/or any other protocols either currently known or to be developed in the future. Embodiments of the present disclosure may be applied in various communication systems. Given the rapid development in communications, there will of course also be future type communication technologies and systems with which the present disclosure may be embodied. It should not be seen as limiting the scope of the present disclosure to only the aforementioned system.
As used herein, the term “access network device” refers to a node in a communication network via which a terminal device accesses the network and receives services therefrom. The network device may refer to a base station (BS) or an access point (AP) , for example, a node B (NodeB or NB) , an evolved NodeB (eNodeB or eNB) , a  NR NB (also referred to as a gNB) , a Remote Radio Unit (RRU) , a radio header (RH) , a remote radio head (RRH) , a relay, a low power node such as a femto, a pico, and so forth, depending on the applied terminology and technology. In the following description, the terms “access network device” and “access network node” may be used interchangeably.
The term “core network device” or “CN device” refers to a device capable of communicating with the access network device and providing services to the terminal device in a core network. Examples of the core network device may include Mobile Switching Centers (MSCs) , Mobility Management Entities (MMEs) , Access and Mobility Management Functions (AMFs) , Operation and Management (O&M) nodes, Operation Support System (OSS) nodes, Self-Organization Network (SON) nodes, positioning nodes, such as Enhanced Serving Mobile Location Centers (E-SMLCs) . In other embodiments, the core network device may be any other suitable application or entity in a core network.
The term “terminal device” refers to any end device that may be capable of wireless communication. By way of example rather than limitation, a terminal device may also be referred to as a communication device, user equipment (UE) , a Subscriber Station (SS) , a Portable Subscriber Station, a Mobile Station (MS) , or an Access Terminal (AT) . The terminal device may include, but not limited to, a mobile phone, a cellular phone, a smart phone, voice over IP (VoIP) phones, wireless local loop phones, a tablet, a wearable terminal device, a personal digital assistant (PDA) , portable computers, desktop computer, image capture terminal devices such as digital cameras, gaming terminal devices, music storage and playback appliances, vehicle-mounted wireless terminal devices, wireless endpoints, mobile stations, laptop-embedded equipment (LEE) , laptop-mounted equipment (LME) , USB dongles, smart devices, wireless customer-premises equipment (CPE) , an Internet of Things (loT) device, a watch or other wearable, a head-mounted display (HMD) , a vehicle, a drone, a medical device and applications (for example, remote surgery) , an industrial device and applications (for example, a robot and/or other wireless devices operating in an industrial and/or an automated processing chain contexts) , a consumer electronics device, a device operating on commercial and/or industrial wireless networks, and the like. In the following description, the terms “terminal device” , “communication device” , “terminal” , “user equipment” and “UE” may be used interchangeably.
The idea of some embodiments of the present disclosure targets non-terrestrial networks (NTN) , which have been defined for NR and NB-IoT/eMTC in release 17. When cellular coverage is provided from non-terrestrial base stations, such as gNBs or  eNBs is embarked on air-borne or space-borne NTN vehicle, for example, Non-Geosynchronous Orbit (NGSO) vehicle, which includes Low-Earth Orbit (LEO) satellite and Medium Earth Orbit (MEO) satellite or High Altitude Platform Systems (HAPS) , there will be discontinuity of coverage situation for the terminal device depending on the coverage foot-print and number of satellites. In the description hereafter, satellite is used as an example for NTN vehicle. Moreover, when the base stations are deployed as the gNBs or eNBs in the satellites, discontinuous connectivity may occur between the base stations and the core network (CN) due to, for example, movement of the satellites.
The store-and-forward mode has been proposed to be applied in NTN. In the store-and-forward mode, data packets can be stored at the access network device, e.g., gNBs or eNBs in the satellites, and forwarded to the terminal device or the core network when corresponding connectivity is available.
In RP-212940, most of the major satellite companies (including Thales, Eutelsat, ESA, Gatehouse, Hughes, Inmarsat, Ligado, Sateliot) submitted a joint proposal, which included a new scenario: store and forward operation for IoT NTN. The proposal defined the corresponding objective as follows:
The store and forward operation builds on the release 18 concept of discontinuous coverage scenario, where the UE only occasionally and temporarily has coverage from a satellite. The discontinuous coverage scenario is expanded by now also defining that the satellite is not always connected with the core network. It should be noted that the  description/proposal below may use eNB/LTE as an example, but it can be equally or similarly applied to gNB/NR and other radio access network nodes.
The store and forward architecture enables a low-cost deployment consisting of just a few satellites and a few ground stations. This means the connectivity cost per device can be further reduced at the cost of only being able to support delay tolerant data. The objective was not included in release 18. The main reason for not including it in release 18 was the requirement for an eNB onboard the satellite, which has been postponed.
However, the 3GPP SA1 working group has initiated the release 19 study on satellite access (known as phase 3) . The work is documented in TR 22.865 and several store and forward use cases are defined including both mobile terminated and originated application data. Therefore, it is expected that store and forward operation for IoT NTN would return for release 19. Store and forward is a (release 19) topic which should be shaped.
Hereinafter, principles and embodiments of the present disclosure will be described in detail below with reference to the accompanying drawings. However, it is to be noted that these embodiments are illustrated as examples and not intended to limit scope of the present application in any way.
Reference is first made to FIG. 1A, which illustrates an example of a network environment 100 in which some example embodiments of the present disclosure may be implemented. In the descriptions of the example embodiments of the present disclosure, the network environment 100 may also be referred to as a communication system 100 (for example, a portion of a communication network) . For illustrative purposes only, various aspects of example embodiments will be described in the context of one or more core network devices, access network devices, and terminal devices that communicate with one another. It should be appreciated, however, that the description herein may be applicable to other types of apparatus or other similar apparatuses that are referenced using other terminology.
The communication system 100 includes a terminal device 110, an access network device 120, a gateway or NTN gateway 140 and a CN device 130. The gateway 140 is an earth station located at the surface of the earth, providing connectivity to the NTN payload using the feeder link. The gateway 140 is a transport network layer (TNL) node. The NTN payload is a network node, embarked on board a satellite or high altitude platform  station, providing connectivity functions, between the service link that is a wireless link between the NTN payload and the terminal device, and the feeder link that is a wireless link between the NTN Gateway and the NTN payload. In the S&F system, the NTN payload is the access network device 120. The access network device 120 may be connected with the terminal device 110 and/or the gateway 140 over a wireless network, such as a wireless radio access network (e.g., a 3G wireless access network, a 4G-Long Term Evolution (LTE) network, a 5G-New Radio (e.g., 5G) wireless network, a future 6G wireless network, a future 7G wireless network, etc. ) . The gateway 140 and the CN device 130 may connect to each other over a wired and/or wireless network. The access network device 120 can provide connection to the CN device 130 through at least one NTN-GW (e.g., the gateway 140) , thereby providing connection between the terminal device 110 and the CN device 130.
In some embodiments, the access network device 120 may be a radio access network (RAN) device. The access network device 120 may be in a non-terrestrial network (NTN) , and may thus be referred to as a NTN access network device. For example, the access network device 120 may be a gNB or eNB embarked on a NTN vehicle such as a low earth orbiting (LEO) satellite, a medium earth orbiting (MEO) satellite, a geostationary earth orbiting (GEO) satellite, a UAS device (e.g., a drone, a blimp, a balloon, etc. ) , a HAPS vehicle, or a manned aerial vehicle (MAV) device, etc. Further, there may be a plurality of NTN vehicles that act as a constellation of NTN vehicles, providing a coordinated coverage area among the plurality of NTN vehicles, e.g., a constellation of satellites, a constellation of UASs, and/or a constellation of satellites and UASs, etc.
In some embodiments, the terminal device 110 (also called as UE) may be an Internet of Things (IoT) device. In release 18, the NTN has been defined for New Radio, Narrow Band (NB) -IoT, and eMTC devices. The NTN may enable the communication sessions between the terminal device 110 and the core network 140 efficiently due to attributes of IOT data traffic, such as small data transmission (SDT) with few packets, early data transmission (EDT) , preconfigured uplink resources (PUR) and/or non-critical delivery time.
As shown in FIG. 1A, the access network device 120 may have discontinuous connectivity with the core network device 130 via the gateway 140. For example, when the access network device 120 is located at location A, the access network device 120 may have connectivity 111 with the terminal device 110 while having no connectivity 112 with  the core network device 130. The access network device 120 may receive signaling or data from the terminal device 110 at the location A and store the signaling or data. As the access network device 120 moves from the location A to location B, the access network device 120 may have no connectivity 113 with the terminal device 110 while having connectivity 114 with the core network device 130. Alternatively, at another location C (not shown in the figure) , the access network device 120 may have both of the connectivity with the terminal device 110 and the connectivity with the core network device 130. With connectivity to the core network device 130, the access network device 120, at the location B, may transmit the stored signaling or data to the application server via the core network device 130.
It is to be appreciated that this particular arrangement of system elements is an example only, and other types and arrangements of additional or alternative elements can be used to implement a communication system in other embodiments. For example, the access network device 120 having discontinuous connectivity with the core network 140 may be in a public land mobile network (PLMN) instead of the NTN.
Reference is now made to FIG. 1B, which illustrates an example S&F operation 150 in some example embodiments of the present disclosure. For the purpose of discussion, the S&F operation 150 will be described with reference to FIG. 1A. The example implementation of the S&F operation 150 is depicted and will be described from perspectives of a terminal device 110 (also called as UE 110) , a first satellite SAT1 with a first access network device eNB1 onboard, a second satellite SAT2 with a second access network device eNB2 onboard, a third satellite SAT3 with a third access network device eNB3 onboard, a first gateway NTN-GW1, a second gateway NTN-GW2 and a CN device 130. More particularly, the satellites SAT1, SAT2 and SAT3 move relative to the gateways. Each of the eNB1, eNB2 and eNB3 may communicate with the CN device 130 when it is connected to any of the first and second gateways NTN-GW1 and NTN-GW2. The connection between the CN device 130 and each of the eNB1, eNB2 and eNB3 is temporary and discontinuous. Each of the access network devices eNB1, eNB2 and eNB3 may communicate with the UE 110 when its coverage footprint overlaps the location of the UE 110. The connection between the UE 110 and each of the access network devices eNB1, eNB2 and eNB3 is temporary and discontinuous. The CN device 130 communicates with the UE 110 via the gateways NTN-GW1 and NTN-GW2 and the access network devices eNB1, eNB2 and eNB3.
In the S&F operation 150, at T1, eNB1 serves the geographical area of the terminal device 110 and has connection 111-1 with the terminal device 110, but it has no connection with the gateways and the CN device 130. The eNB1 may receive data (e.g., a NAS message) from the terminal device 110 and store the received data. At T2, the eNB1 moves out the geographical area of the terminal device 110, and it has connection 114-1 with the first gateway 130-1. The eNB1 may forward, through the first gateway NTN-GW1, the buffered uplink (UL) data of the terminal device 110 to the CN device 130. The eNB2 serves the geographical area of the terminal device 110, but it has no connection with the gateways and the CN device 130. The eNB3 has connection 114-2 with the second gateway NTN-GW2. The CN device 130 may transmit data (if any) , targeting the terminal device 110, to eNB3 through the second gateway NTN-GW2. The eNB3 may store the received data. At T3, the eNB3 serves the geographical area of the terminal device 110 and has connection 111-2 with the terminal device 110, but it has no connection with the gateways and the CN device 130. The eNB3 may transmit the stored data to the terminal device 110.
Due to the fact that the satellites SAT1, SAT2 and SAT3 may be NGSO satellites and may not be able to follow the earth rotation, the eNB1, eNB2 and eNB3 may not serve the geographical area of the terminal device 110 in each pass around the earth. For example, the eNB1 may serve the geographical area of the terminal device 110 in one pass, but it may not serve the geographical area of the terminal device 110 in the next pass. So it is possible that different eNBs serve the geographical area of the terminal device 110 at different times.
Thus, the UL data received from the UE is first stored in the Satellite when the satellite only have connection with UE, then it is forwarded to the GW/CN when the satellite has connection with GW/CN. These two connections may occur in different, non-overlapping times. Considering the large number of IOT UEs and the limited amount of memory in the satellite, limitations to the size/amount of data that can be sent from the UE could be enforced per connection. This is agreed in SA1 TR22.865, and it is proposed that the 5G system with satellite access supporting store and forward operation shall be able to inform a UE when the maximum system capacity of storage for the UE is reached.
CIoT (Cellular Internet of Things) EPS/5GS optimization encompasses a set of solutions to support efficient data transmission between IoT devices and IoT applications/service, for example, the Control Plane (CP) CIoT EPS/5GS optimization and  the User Plane CIoT EPS/5GS optimization.
The general description on CP CIoT solution can be found in TS 36.300, section “7.3a. 2 Control Plane CIoT EPS/5GS optimisation” as below.
The RRC connection established for Control Plane CIoT EPS optimisation, as defined in TS 24.301 [20] , and Control Plane CIoT 5GS Optimisation, as defined in TS 24.501 [91] , are characterized as below:
- A UL NAS signalling message or UL NAS message carrying data can be transmitted in a UL RRC container message (as shown in FIG. 1C) . A downlink (DL) NAS signaling or DL NAS data can be transmitted in a DL RRC container message;
- for NB-IoT:
- RRC connection reconfiguration is not supported;
- Data radio bearer (DRB) is not used;
- AS security is not used;
- A non-anchor carrier can be configured for all unicast transmissions during RRC connection establishment or re-establishment.
- There is no differentiation between the different data types (i.e. IP, non-IP or SMS) in the AS.
FIG. 1C illustrates the RRC connection established for Control Plane CIoT EPS/5GS Optimisations related to some example embodiments of the present disclosure, and FIG. 1D illustrates MO-EDT for Control Plane CIoT EPS Optimisation related to some example embodiments of the present disclosure.
In Control Plane CIoT EPS Optimisation, there is no AS security. Upon the reception of the RRCConnectionSetupComplete including the UL NAS message, or the RRCEarlyDataRequest including the UL NAS message, there is no security check in the eNB. The eNB just forwards the received UL NAS message to the CN (MME or AMF) , and the CN will perform the security check.
Due to the lack of AS security in Control Plane CIoT Optimisation, current standard does not support the eNB to perform any security check on the UL data/NAS received from the UE. A malicious UE may initiate the attack by sending many UL  data/NAS messages using a legitimate UE’s ID (e.g., S-TMSI) . Since there is no security check for the UL data/NAS messages, the eNB simply saves the UL data/NAS messages received from the malicious UE and counts size/amount of data. This will affect the legitimate UE sending any UL data. In the worst case, the eNB may incorrectly consider the memory reserved for a legitimate UE has reached the size limitation, and reject any further UL data from the legitimate UE.
So a method may be needed to avoid a malicious UE sending UL data to affect or prevent a legitimate UE sending any UL data.
Some embodiments of the present disclosure propose a method to validate the authenticity of a UE before enforcing the limitations to the size/amount of data that can be sent from the UE, hence prevent a malicious UE launching delay of service (DoS) attack by sending many invalid UL data to network in order to block a legitimate UE sending any UL data in an S&F system. The validation of the authenticity may be advantageous for other purposes as well, e.g. avoiding malicious computer programs being sent to the eNB by the malicious UE.
FIG. 2 illustrates a flowchart illustrating a communication process 200 in accordance with some example embodiments of the present disclosure. For the purpose of discussion, the communication process 200 will be described with reference to FIGS. 1A-1D. It would be appreciated that although the communication process 200 has been described referring to the network environment 100 of FIG. 1A, this communication process 200 may be likewise applied to other similar communication scenarios.
As shown in FIG. 2, the core network device 130 derives 205, for a terminal device 110, at least one key based on a non-access stratum (NAS) key of the terminal device and at least one random number. In some embodiments, after the terminal device 110 has attached/registered with the network, the core network (CN) device 130 may derive the at least one key. Then, the core network device 130 may transmit 210, when access stratum (AS) security is not used between the terminal device 110 and an access network device 120 associated with the terminal device 110, the at least one key and the at least one random number 212 to the access network device 120. For instance, the access network device 120 is a non-terrestrial network (NTN) access network device.
In some embodiments, the at least one key is derived further based on at least one of the following: a non-terrestrial network (NTN) indicator; a pre-message 5 (MSG5) key; a  tracking area code of the terminal device; an identity (ID) corresponding to the location of the terminal device 110; or an identity (ID) of the access network device 120; or an identity of a NTN device that the access network device 120 is embarked on.
In some embodiments, the identity (ID) corresponding to the location of the terminal device 110 may be a Mapped Cell ID. Alternatively, it may be any other ID corresponding to the UE’s location.
In some embodiments, the identity (ID) of a NTN device that the access network device 120 is embarked on may be an ID of the satellite (or HAPS, High Altitude Platform Station) . These terminologies may be aligned with the definition in TS 38.300 or TS36.300 as follows. High Altitude Platform Station: airborne vehicle embarking the NTN payload placed at an altitude between 8 and 50km. Non-terrestrial network: an NG-RAN consisting of gNBs or an E-UTRAN consisting of eNBs, which provide non-terrestrial NR access or LTE access to UEs by means of an NTN payload embarked on an airborne or space-borne NTN vehicle and an NTN Gateway.
The derived key may also be referred to as Knb’ which is different from a legacy KeNB or KgNB. In other words, after the UE has attached/registered with the network, the CN device 130 derives a Knb’ (different from the legacy KeNB or KgNB) from NAS key, with input parameters, e.g. NTN indicator (or can be generalize as pre MSG5 key) , a random number, etc. The key generation may also consider the location of the UE, i.e. the provided Knb’ is per Tracking Area or per geographical area. The geographical area may be identified by a Mapped Cell ID, or an area ID, or any ID that can identify the UE’s location. The key generation may also consider the ID of target eNB/satellite that will serve the UE, i.e. the provided Knb’ is per eNB/Satellite. When an access network device 120 (for example, an eNB/Satellite) has connection with the CN device 130 in S&F system, the CN device 130 provides the generated key and the random number to the access network device 120 (e.g. eNB) . The access network device 120 (e.g. eNB) save the key, the random number and use it later, for example, it may generate integrity protection key (or use directly the Knb’ ) and optional confidentiality protection key.
In some embodiments, the core network device 130 may use a random number generator to generate the at least one random number. For example, the core network device 130 may use a PRNG (Pseudo Random Number Generator) as described in TS 33.401 to generate the at least one random number.
In some embodiments, the access network device 120 is a first access network device, the at least one key is at least one first key, the at least one random number is at least one first random number, and the core network device 130 may further transmit at least one second key and at least one second random number to a second access network device associated with the terminal device 110. For example, the at least one first key and the at least one second key are same or different. In other words, The CN device 130 may provide same or different keys to multiple access network devices (for example, eNBs/satellites) that will serve the UE.
In some embodiments, the at least one key is one derived key (i.e. only one key is derived) , the at least one random number comprises multiple random numbers, and the core network device 130 may derive the one key by deriving, for the terminal device 110, the one key based on the NAS key and a first random number of the multiple random numbers. In other words, the CN device 130 may generate one Knb’ , and provide {Knb’ , multiple random numbers} to the access network device 120 (e.g. eNB) .
In some embodiments, the at least one key comprises multiple keys (i.e. multiple keys are derived) , the at least one random number comprises multiple random numbers corresponding to the multiple keys respectively, and the core network device 130 may derive the multiple keys by deriving the multiple keys based on the NAS key and the corresponding multiple random numbers respectively. In other words, the CN device 130 may generate multiple Knb’ and each Knb’ is generated with a different random number as input. The CN device 130 provides a list of {Knb’ , random number} to the access network device 120 (e.g. eNB) .
As shown in FIG. 2, the access network device 120 receives 215 the at least one key and the at least one random number 212 from the core network device 130. The access network device 120 may save the key and the random number. When having a connection with the terminal device 110, the access network device 120 transmits 220 the at least one random number 222 to the terminal device 110. Thus, when the access network device 120 (e.g. eNB/satellite) connects with the UE in S&F system, the access network device 120 provides the random number, and for example, requests the UE to send a protected RRC message including the UL NAS. In some embodiments, the at least one random number may be transmitted to the terminal device 110 via a dedicated RRC message or a broadcast RRC message (for example, a system information block SIB) .
After receiving 225 the at least one random number, the terminal device 110 may derive 230 at least one key based on its NAS key and the at least one random number. That is to say, the terminal device 110 uses the same method as CN device 130 to derive Knb’ .
As shown in FIG. 2, the terminal device 110 transmits 235, to the access network device 120, a radio resource control (RRC) message 238 (e.g. including a NAS message) , and the RRC message is protected based on the at least one key. That is to say, the UE may use the generated key (s) to protect the RRC message (e.g. including the UL NAS) .
As mentioned above, in some embodiments, the at least one key is one derived key (i.e. only one key is derived) , the at least one random number comprises multiple random numbers. In this case, in deriving the one key, the terminal device 110 may derive the one key based on the NAS key and a first random number of the multiple random numbers. The protection of the RRC message is based on the one key, and the first random number or a second random number of the multiple random numbers. And in this case, the RRC message may be a first RRC message, and the terminal device may transmit, to the access network device, a second RRC message. The second RRC message is protected based on the one key and a third random number of the multiple random numbers.
That is to say, the CN device 130 generates one Knb’ , and provide {Knb’ , multiple random numbers} to the access network device 120 (e.g. eNB) (in the transmission of the at least one key and the at least one random number 212) . The random numbers are further provided to UE (in the transmission of the at least one random number 222) . Accordingly, the UE also generates (230) one Knb’ . A different random number is used to generate the message authentication code (MAC) for each UL data. In other words, in case UE may send 10 UL data in a satellite pass over the UE’s geographical area, 10 random numbers are provided from the CN device 130 to the access network device 120 (e.g. eNB) (e.g. in the transmission of the at least one key and the at least one random number 212) , then they are provided to UE (e.g. in the transmission of the at least one random number 222) . When UE connects with the access network device 120 (e.g. eNB) , UE uses one Knb’ and different random number to calculate the MAC for each UL data. Thus, in this case, for the 10 UL data, only one Knb’ is derived, and the 10 different UL data share the derived one Knb’ , but are differentiated with the 10 random numbers.
As also mentioned above, in some embodiments, the at least one key comprises multiple keys (i.e. multiple keys are derived) , the at least one random number comprises multiple random numbers corresponding to the multiple keys respectively. In this case, in deriving the multiple keys, the terminal device 110 may derive the multiple keys based on the NAS key and the corresponding multiple random numbers respectively. For example, the protection of the RRC message is based on a first key of the multiple keys. And in this case, the RRC message is a first RRC message, and the terminal device 110 further transmit, to the access network device 120, a second RRC message. The second RRC message is protected based on a second key of the multiple keys.
That is to say, the CN device 130 generates multiple Knb’ and each Knb’ is generated with a different random number as input. The CN device 130 provides a list of {Knb’ , random number} to the access network device 120 (e.g. eNB) (in the transmission of the at least one key and the at least one random number 212) . The random numbers are further provided to UE (in the transmission of the at least one random number 222) . Accordingly, the UE also generate multiple Knb’ based on the received random numbers. A different random number is used to generate each Knb’ , which is then used to generate a MAC for a UL data. In other words, in case UE may send 10 UL data in a satellite pass over the UE’s geographical area, 10 set of {Knb’ , random number} are provided from the CN device 130 to the access network device 120 (e.g. eNB) (e.g. in the transmission of the at least one key and the at least one random number 212) , then the 10 random numbers are provided to UE (e.g. in the transmission of the at least one random number 222) . When UE connects with the access network device 120 (e.g. eNB) , UE generates a different Knb’ with a different random number as input. The UE then calculates the MAC for a specific UL data. Thus, in this case, 10 different Knb’ are used for 10 different UL data. Thus, in this case, for the 10 UL data, 10 Knb’ are derived, and the 10 different UL data are differentiated with the 10 derived Knb’ .
It is also possible that above method may be combined. For example, Knb’ is generated based on one random number, and then the MAC is generated based on another random number. For each UL data, the UE may use a Knb’ generated based one random number, then UE use the Knb’ and another random number to calculate the MAC for each UL data. Thus, in this case, the 10 different UL data may be differentiated not only with 10 derived Knb’ but also with another 10 random numbers.
In some embodiments, in order to protect the RRC message, the terminal device 110 may generate a message authentication code (MAC) based on (i) the at least one key, (ii) an integrity key derived from the at least one key, (iii) a confidentiality protection key derived from the at least one key, or (iv) a random number of the at least one random number, or any combination of the above-mentioned options. Then, the terminal device 110 can include the MAC in the RRC message. That is to say, the UE uses the same method as the CN device 130 to derive Knb’ , and probably generates integrity and/or confidentiality key. The UE uses the generated key (s) to protect the RRC message including the UL NAS. For example, the UE generates a message authentication code (MAC) with an integrity key (or a confidentiality protection key) derived from Knb’ , and includes the MAC in the RRC message.
After receiving 240 the RRC message from the terminal device 110, the access network device 120 may validate 245 the RRC message based on the at least one key. In some embodiments, if the validation of the RRC message is passed, the access network device 120 may enforce a size/amount limitation of data allowed to be sent from the terminal device. Afterwards, the access network device 120 can store the content of the RRC message. In some embodiments, if the validation of the RRC message is failed, the access network device 120 may discard the received RRC message.
In some embodiments, in order to validate the RRC message, the access network device 120 can generate a first message authentication code (MAC) based on (i) the at least one key, (ii) an integrity key derived from the at least one key, (iii) a confidentiality protection key derived from the at least one key, (iv) a random number of the at least one random number, or any combination of the above mentioned options. Next, the access network device 120 can validate the RRC message by comparing the first MAC to a second MAC included in the received RRC message.
As an example, upon the reception of the RRC message including UL NAS from the UE, the access network device 120 (e.g. eNB) validates the integrity of the message, e.g., validate the MAC included in the RRC message. The access network device 120 (e.g. eNB) may validate the integrity of the message by comparing received MAC and MAC generated locally with Knb’ or derived integrity key (and optional confidentiality protection key) . Thus, the access network device 120 (e.g. eNB) may generate integrity protection key (or use directly the Knb’ ) and optional confidentiality protection key for validation. If validation is passed, the access network device 120 (e.g. eNB) may enforce the size  limitation if the limitation is per UE and save the NAS message. Otherwise, the received NAS message can be discarded.
As discussed above, in some embodiments, the at least one key is one derived key (i.e. only one key is derived) , the at least one random number comprises multiple random numbers, the one key is derived based on the NAS key and a first random number of the multiple random numbers, and the validation of the RRC message is based on the one key, and the first random number or a second random number of the multiple random numbers. In this case, the received RRC message is a first RRC message, and the access network device 120 may further receive, from the terminal device 110, a second RRC message including a NAS message; and validate the second RRC message based on the at least one key and a third random number of the multiple random numbers.
As also discussed above, in some embodiments, the at least one key comprises multiple keys (i.e. multiple keys are derived) , the at least one random number comprises multiple random numbers corresponding to the multiple keys respectively, the multiple keys are derived based on the NAS key and the corresponding multiple random numbers respectively, and the validation of the RRC message is based on a first key of the multiple keys. And in this case, the received RRC message is a first RRC message, and the access network device 120 may further receive, from the terminal device 110, a second RRC message including a NAS message; and validate the second RRC message based on a second key of the multiple keys.
Continuing with reference to FIG. 2, after said validating, the access network device 120 may transmit 250 to the terminal device 110 a message 252 related to the validating (or authentication) . And the terminal device 110 may receive 255 the message. In some embodiments, the message 252 related to the validating (or authentication) indicates the result of the validating (or authentication) , e.g. whether the validation has been successful and the UL NAS/data has been stored in the access network device 120 or failed. In another embodiment, the message 252 indicates a remaining data size available for the terminal device at the access network device, e.g. an instruction to the terminal device 110 to limit or stop the UL data transmission. In an embodiment, the message 252 indicates a combination of the result of the validation (or authentication) and the indication of the remaining data size.
In an embodiment, the validation comprises the authentication of the terminal device 110.
In some embodiments, later, when the access network device 120 (for example, eNB) has connection with the core network device 130 (for example, via a NTN-GW) , the access network device 120 may send (not shown in FIG. 2) the INITIAL UE MESSAGE including the NAS stored for the terminal device 110 to the CN device 130. The rest procedures may continue as normal CIOT. Through the above procedure, the access network device 120 (for example, eNB) is able to verify whether an UL NAS is sent from a legitimate UE and then enforce the size limitation. A malicious UE may send UL NAS to the access network device 120 (for example, eNB) , but it is unable to pass the security check in the access network device 120 (for example, eNB) . Thus, the proposed solutions may prevent a malicious UE overloading the access network device 120 (for example, eNB) or, generally, prevent the malicious UE sending malicious data to the access network device 120.
In view of above, the solutions provided by some embodiments of the present disclosure have many advantages, for example, DoS attack on legitimate UEs can be addressed. In addition, replay attack can be avoided. Further, existing mechanism is reused in most extent, which may be easier to be accepted in the development of related technologies.
FIG. 3 illustrates an example signaling flow in accordance with some example embodiments of the present disclosure. The signaling flow illustrated in FIG. 3 is based on Control Plane CIoT EPS/5GS Optimisations, and it is an example of the communication process 200 illustrated in FIG. 2. It should be noted that UE1 310, eNB (SAT1) 320 and CN 330 illustrated in FIG. 3 are respectively examples of the terminal device 110, the access network 120 and the core network device 130 illustrated in FIG. 2. It is assumed that the UE (i.e., UE1 310) has performed Attach procedure at 301 and a NAS key is generated based on current Attach procedure. The example only uses one satellite/eNB as example. It is similar when multiple satellites/eNBs are involved. A satellite has one eNB onboard and in the following a reference to a satellite entails a reference to the onboard eNB, and vice versa. As an example, some improvements introduced by example embodiments of the present disclosure are included in steps 302, 303, 305 (including random number) , 306, 307 (including MAC) and 308 illustrated in FIG. 3.
At step 302, after UE1 310 has completed the NAS Attach procedure (or registered with the network) , CN 330 derives a Knb’ (different from the legacy KeNB or KgNB) from NAS key, with input parameters, e.g. NTN indicator (or can be generalize as pre MSG5 key) , a random number, etc. The key generation may also consider the location of the UE, i.e. the provided Knb’ is per Tracking Area or per geographical area. The geographical area may be identified by a Mapped Cell ID, or an area ID, or any ID that can identify the UE’s location. The key generation may also consider the ID of target eNB/satellite that will serve the UE, i.e. the provided Knb’ is per eNB/Satellite.
At step 303, when eNB (SAT1) 320 has a connection to CN 330, CN 330 sends the key and the random number to a target eNB (i.e. eNB (SAT1) 320in this example) together with UE1 310’s identity (ID) , for example, S-TMSI. eNB (SAT1) 320 may save the received information and use it later, for example, it may generate integrity protection key (or use directly the Knb’ ) and optional confidentiality protection key.
It is assumed that CN 330 knows the rough location of UE1 310 during UE1 310’s attach procedure, e.g. eNB (SAT1) 320 determines UE1 310’s location, derives a Mapped Cell ID based on UE1 310’s location, sends the Mapped Cell ID to CN 330 during the Attach procedure. CN 330 may send the information to multiple eNBs, e.g. when the TAI list included in ATTACH ACCEPT message (or the Registration Area in NR REGISTRATION ACCEPT) corresponds to a large area that will be served by multiple eNBs.
At step 304, later, when UE1 310 connects with eNB (SAT1) 320, UE1 310 may send eNB (SAT1) 320 RRCConnectionRequest including UE1 310’s ID (e.g. S-TMSI) . At step 305, eNB (SAT1) 320 may send RRCConnectionSetup including the random number. At step 306, UE1 310 may use the same way as in step 302 to derive Knb’ , and probably generates integrity and/or confidentiality key as in step 303, then protects the RRCConnectionSetupComplete with the keys when sending the message, e.g. generate a MAC with the derived key.
It is noted that the solution may reuse the security protection algorithm defined in TS 33.501 for integrity and confidentiality protection. For example, Knb’ and PDCP counter may be included to generate MAC for integrity protection, then replay attack can be addressed, and authenticity of the UE can be ensured. Similar to step 303, the Knb’ may be directly used for integrity key if confidentiality protection is not needed.
At step 307: UE1 310 may send RRCConnectionSetupComplete including the NAS message and the MAC. In an example embodiment, CN 330 may generate one Knb’ , and provide {Knb’ , multiple random numbers} to eNB (SAT1) 320 (step 303) . The random numbers are further provided to UE1 310 (step 304) . Accordingly, UE1 310 also generates one Knb’ in step 305. A different random number is used to generate the MAC for each UL data. In other words, in case UE1 310 may send 10 UL data in a satellite pass over UE1 310’s geographical area, 10 random numbers are provided from CN 330 to eNB (SAT1) 320 (e.g. step 303) , then they are provided to UE1 310 (e.g. step 305) . When UE1 310 connects with eNB (SAT1) 320, UE1 310 may use one Knb’ and a different random number to calculate the MAC for each UL data and transmit the UL data including the MAC to eNB (SAT1) 320.
In another example embodiment, CN 330 may generate multiple Knb’ and each Knb’ is generated with a different random number as input. CN 330 may provide a list of {Knb’ , random number} to eNB (SAT1) 320 in step 303. The random numbers are further provided to UE1 310 (step 305) . Accordingly, UE1 310 also generates multiple Knb’ based on received random numbers. A different random number may be used to generate each Knb’ which is then used to generate a MAC for a UL data. In other words, in case UE1 310 may send 10 UL data in a satellite pass over UE 310’s geographical area, 10 set of {Knb’ , random number} may be provided from CN 330 to eNB (SAT1) 320 (e.g. step 303) , then the 10 random numbers are provided to UE1 310 (e.g. step 305) . When UE1 310 connects with eNB (SAT1) 320, UE1 310 may generate a different Knb’ with a different random number as input. UE1 310 then calculates the MAC for a specific UL data.
It is also possible that above method may be combined. For example, Knb’ is generated based on one random number, and then the MAC is generated based on another random number. For each UL, UE1 310 may use a Knb’ generated based one random number, then UE use the Knb’ and another random number to calculate the MAC for each UL data.
At step 308, eNB (SAT1) 320 may validate the integrity of the message by comparing received MAC and MAC generated locally with Knb’ or derived integrity key. If the validation is passed, eNB (SAT1) 320 may enforce the size limitation if the limitation is per UE and saves the NAS message. Otherwise, eNB (SAT1) 320 may discard the received NAS message. At step 309, later, when eNB (SAT1) 320 has a connection with  CN 330 (e.g., via a NTN-GW) , it may send the INITIAL UE MESSAGE including the NAS store for UE1 310 to CN 330. The rest procedures continue as normal CIOT.
At step 311, after said validating, eNB (SAT1) 320 may transmit to UE1 310 a message related to the validating (or authentication) . In some embodiments, the message related to the validating (or authentication) indicates the result of the validating (or authentication) , or a remaining data size available for UE1 310 at eNB (SAT1) 320, or a combination of them.
In view of above, a malicious UE is prevented via the solutions provided by the present disclosure. For example, DoS and replay attack can be addressed. Further, existing mechanism is reused in most extent, which may be easier to be accepted in the development of related technology. In addition, with extending the confidentiality protection may be achieved.
FIG. 4 illustrates another example signaling flow in accordance with some example embodiments of the present disclosure. The signaling flow illustrated in FIG. 4 is based on MO-EDT for Control Plane CIoT EPS Optimisation, and it is another example of the communication process 200 illustrated in FIG. 2. It should be noted that UE1 410, eNB (SAT1) 420 and CN 430 illustrated in FIG. 4 are respectively examples of the terminal device 110, the access network 120 and the core network device 130 illustrated in FIG. 2. It is assumed that the UE (i.e. UE1 410) has performed Attach procedure and a NAS key is generated based on current Attach procedure. In FIG. 4, the main difference to FIG. 3 is how the random number is provided to UE1 410. Also, as an example, some improvements introduced by example embodiments of the present disclosure are included in steps 402, 403, 404 (including random number) , 405, 406 (including MAC) , 407 and 409 illustrated in FIG. 4.
As discussed above, in FIG. 3, eNB (SAT1) 320 sends the random number to UE1 310 via dedicated RRC message (RRCConnectionSetup message at step 305) . This enables different random numbers to be used for each UE. While in FIG. 4, the random number is provided to UE1 410 via a broadcast RRC message (e.g. SIB at step 404) . The random numbers can be the same for all UEs in the same geographical area. In addition, steps 402, 403, 405, 406, 407, 408 and 409 in FIG. 4 are respectively similar to steps 302, 303, 306, 307, 308, 309 and 311 in FIG. 3, the description of which is omitted for the purpose of brevity. It is noted that some example embodiments of the present disclosure  may be described in context of LTE, but it could also be adopted to NR or other communication networks or systems.
FIG. 5 illustrates a flowchart of an example method 500 implemented at a terminal device 110 in accordance with some embodiments of the present disclosure. For the purpose of discussion, the method 500 will be described from the perspective of the terminal device 110 with reference to FIGS. 1A-2.
At block 510, the terminal device 110 receives, when access stratum (AS) security is not used between the terminal device and an access network device, at least one random number from the access network device of a non-terrestrial network (NTN) . At block 520, the terminal device 110 derives at least one key based on a non-access stratum (NAS) key of the terminal device and the at least one random number. At block 530, the terminal device 110 transmits, to the access network device, a radio resource control (RRC) message. The RRC message is protected based on the at least one key. At block 540, after validating the terminal device based on the RRC message protected based on the at least one key, the terminal device 110 receives from the access network device a message related to the validating.
In some embodiments, the at least one key may be one key, the at least one random number may comprise multiple random numbers, and the terminal device 110 may derive the one key by: deriving the one key based on the NAS key and a first random number of the multiple random numbers. The protection of the RRC message is based on the one key, and the first random number or a second random number of the multiple random numbers.
In some embodiments, the RRC message may be a first RRC message, and the terminal device 110 may transmit, to the access network device, a second RRC message. The second RRC message is protected based on the one key and a third random number of the multiple random numbers.
In some embodiments, the at least one key may comprise multiple keys, the at least one random number may comprise multiple random numbers corresponding to the multiple keys respectively, and the terminal device may derive the multiple keys by: deriving the multiple keys based on the NAS key and the corresponding multiple random numbers respectively. The protection of the RRC message is based on a first key of the multiple keys.
In some embodiments, the RRC message may be a first RRC message, and the terminal device 110 may further transmit, to the access network device, a second RRC message. The second RRC message is protected based on a second key of the multiple keys.
In some embodiments, the at least one random number may be received from the access network device via a dedicated Radio Resource Control (RRC) message or a broadcast RRC message (for example, a system information block SIB) .
In some embodiments, the terminal device 110 may protect the RRC message by: generating a message authentication code (MAC) based on at least one of (i) the at least one key, (ii) an integrity key derived from the at least one key, (iii) a confidentiality protection key derived from the at least one key, or (iv) a random number of the at least one random number; and including the MAC in the RRC message.
In some embodiments, the at least one key may be derived further based on at least one of the following: a non-terrestrial network (NTN) indicator; a pre-message 5 (MSG5) key; a tracking area code of the terminal device; an identity (ID) corresponding to the location of the terminal device; an identity (ID) of the access network device; or an identity of a NTN device that the access network device is embarked on.
In some embodiments, the message related to the validating may indicate at least one of: the result of the validating; or a remaining data size available for the terminal device at the access network device.
FIG. 6 illustrates another flowchart of an example method 600 implemented at an access network device 120 in accordance with some other embodiments of the present disclosure. For the purpose of discussion, the method 600 will be described from the perspective of the access network device 120 with reference to FIGS. 1A-2.
At block 610, the access network device 120 receives, when access stratum (AS) security is not used between a terminal device and the access network device, at least one key and at least one random number from a core network device. The access network device is a non-terrestrial network (NTN) access network device. The at least one key is derived based on a non-access stratum (NAS) key of the terminal device and the at least one random number. At block 620, the access network device 120 transmits the at least one random number to the terminal device. At block 630, the access network device 120 receives, from the terminal device, a radio resource control (RRC) message. At block 640,  the access network device 120 validates the RRC message based on the at least one key. At block 650, after said validating, the access network device 120 transmits to the terminal device a message related to the validating.
In some embodiments, the access network device 120 may validate the RRC message by: generating a first message authentication code (MAC) based on at least one of (i) the at least one key, (ii) an integrity key derived from the at least one key, (iii) a confidentiality protection key derived from the at least one key, or (iv) a random number of the at least one random number; and validating the RRC message by comparing the first MAC to a second MAC included in the received RRC message.
In some embodiments, the access network device 120 may further, based on determining that the validation of the RRC message is passed, enforce a size/amount limitation of data allowed to be sent from the terminal device; and store the content of the RRC message.
In some embodiments, the access network device 120 may further, based on determining that the validation of the RRC message is failed, discard the received RRC message.
In some embodiments, the at least one key may be one key, the at least one random number may comprise multiple random numbers, the one key may be derived based on the NAS key and a first random number of the multiple random numbers, and the validation of the RRC message may be based on the one key, and the first random number or a second random number of the multiple random numbers.
In some embodiments, the RRC message may be a first RRC message, and the access network device may further receive, from the terminal device, a second RRC message; and validate the second RRC message based on the at least one key and a third random number of the multiple random numbers.
In some embodiments, the at least one key may comprise multiple keys, the at least one random number may comprise multiple random numbers corresponding to the multiple keys respectively, the multiple keys may be derived based on the NAS key and the corresponding multiple random numbers respectively, and the validation of the RRC message may be based on a first key of the multiple keys.
In some embodiments, the RRC message may be a first RRC message, and the access network device may further receive, from the terminal device, a second RRC message; and validate the second RRC message based on a second key of the multiple keys.
In some embodiments, the at least one random number may be transmitted to the terminal device via a dedicated Radio Resource Control (RRC) message or a broadcast RRC message (for example, a system information block SIB) .
In some embodiments, the at least one key may be derived further based on at least one of the following: a non-terrestrial network (NTN) indicator; a pre-message 5 (MSG5) key; a tracking area code of the terminal device; an identity (ID) corresponding to the location of the terminal device; an identity (ID) of the access network device; or an identity of a NTN device that the access network device is embarked on.
In some embodiments, the message related to the validating may indicate at least one of: the result of the validating; or a remaining data size available for the terminal device at the access network device.
FIG. 7 illustrates another flowchart of an example method 700 implemented at a core network device 130 in accordance with some other embodiments of the present disclosure. For the purpose of discussion, the method 700 will be described from the perspective of the core network device 130 with reference to FIGS. 1A-2.
At block 710, the core network device 130 derives, for a terminal device 110, at least one key based on a non-access stratum (NAS) key of the terminal device 110 and at least one random number. At block 720, the core network device 130 transmit, when access stratum (AS) security is not used between the terminal device 110 and an access network device 130 associated with the terminal device 110, the at least one key and the at least one random number to the access network device 120. The access network device 120 is a non-terrestrial network (NTN) access network device.
In some embodiments, the at least one key may be one key, the at least one random number may comprise multiple random numbers, and the core network device may derive the one key by: deriving, for the terminal device, the one key based on the NAS key and a first random number of the multiple random numbers.
In some embodiments, the at least one key may comprise multiple keys, the at least one random number may comprise multiple random numbers corresponding to the multiple keys respectively, and the core network device 130 may derive the multiple keys by:  deriving the multiple keys based on the NAS key and the corresponding multiple random numbers respectively.
In some embodiments, the at least one key may be derived further based on at least one of the following: a non-terrestrial network (NTN) indicator; a pre-message 5 (MSG5) key; a tracking area code of the terminal device 110; an identity (ID) corresponding to the location of the terminal device 110; an identity (ID) of the access network device 120; or an identity of a NTN device that the access network device 120 is embarked on.
In some embodiments, the access network device 120 may be a first access network device, the at least one key may be at least one first key, the at least one random number may be at least one first random number, and the core network device 130 may further transmit at least one second key and at least one second random number to a second access network device associated with the terminal device 110. The at least one first key and the at least one second key may be same or different.
In some embodiments, an apparatus capable of performing the method 500 (for example, the terminal device 110) may comprise means for performing the respective steps of the method 500. The means may be implemented in any suitable form. For example, the means may be implemented in a circuitry or software module.
In some example embodiments, the apparatus comprises: means for receiving, at a terminal device, when access stratum (AS) security is not used between the terminal device and an access network device, at least one random number from the access network device of a non-terrestrial network (NTN) ; means for deriving at least one key based on a non-access stratum (NAS) key of the terminal device and the at least one random number; means for transmitting, to the access network device, a radio resource control (RRC) message, wherein the RRC message is protected based on the at least one key; and means for, after validating the terminal device based on the RRC message protected based on the at least one key, receiving from the access network device a message related to the validating.
In some embodiments, the at least one key is one key, the at least one random number comprises multiple random numbers, and the means for deriving the at least one key comprises: means for deriving the one key based on the NAS key and a first random number of the multiple random numbers, wherein the protection of the RRC message is  based on the one key, and the first random number or a second random number of the multiple random numbers.
In some embodiments, the RRC message is a first RRC message, and the apparatus further comprises: means for transmitting, to the access network device, a second RRC message, wherein the second RRC message is protected based on the one key and a third random number of the multiple random numbers.
In some embodiments, the at least one key comprises multiple keys, the at least one random number comprises multiple random numbers corresponding to the multiple keys respectively, and the means for deriving the at least one key comprises: means for deriving the multiple keys based on the NAS key and the corresponding multiple random numbers respectively, wherein the protection of the RRC message is based on a first key of the multiple keys.
In some embodiments, the RRC message is a first RRC message, and the apparatus further comprises: means for transmitting, to the access network device, a second RRC message, wherein the second RRC message is protected based on a second key of the multiple keys.
In some embodiments, the at least one random number is received from the access network device via a dedicated Radio Resource Control (RRC) message or a broadcast RRC message (for example, a system information block SIB) .
In some embodiments, the apparatus further comprises: means for protecting the RRC message by: generating a message authentication code (MAC) based on at least one of (i) the at least one key, (ii) an integrity key derived from the at least one key, (iii) a confidentiality protection key derived from the at least one key, or (iv) a random number of the at least one random number; and including the MAC in the RRC message.
In some embodiments, the at least one key is derived further based on at least one of the following: a non-terrestrial network (NTN) indicator; a pre-message 5 (MSG5) key; a tracking area code of the terminal device; an identity (ID) corresponding to the location of the terminal device; an identity (ID) of the access network device; or an identity of a NTN device that the access network device is embarked on.
In some embodiments, the message related to the validating indicates at least one of: the result of the validating; or a remaining data size available for the terminal device at the access network device.
In some embodiments, the apparatus further comprises means for performing other steps in some embodiments of the method 500. In some embodiments, the means comprises at least one processor and at least one memory including computer program code, the at least one memory and computer program code configured to, with the at least one processor, cause the performance of the apparatus.
In some embodiments, an apparatus capable of performing the method 600 (for example, the access network device 120) may comprise means for performing the respective steps of the method 600. The means may be implemented in any suitable form. For example, the means may be implemented in a circuitry or software module.
In some example embodiments, the apparatus comprises: means for receiving, at an access network device, when access stratum (AS) security is not used between a terminal device and the access network device, at least one key and at least one random number from a core network device, wherein the access network device is a non-terrestrial network (NTN) access network device, wherein the at least one key is derived based on a non-access stratum (NAS) key of the terminal device and the at least one random number; means for transmitting the at least one random number to the terminal device; means for receiving, from the terminal device, a radio resource control (RRC) message; means for validating the RRC message based on the at least one key; and means for, after said validating, transmitting to the terminal device a message related to the validating.
In some example embodiments, the means for validating the RRC message comprises means for validating the RRC message by: generating a first message authentication code (MAC) based on at least one of (i) the at least one key, (ii) an integrity key derived from the at least one key, (iii) a confidentiality protection key derived from the at least one key, or (iv) a random number of the at least one random number; and validating the RRC message by comparing the first MAC to a second MAC included in the received RRC message.
In some example embodiments, the apparatus further comprises: means for, based on determining that the validation of the RRC message is passed, enforcing a size/amount limitation of data allowed to be sent from the terminal device; and means for storing the content of the RRC message.
In some example embodiments, the apparatus further comprises means for, based on determining that the validation of the RRC message is failed, discarding the received RRC message.
In some example embodiments, the at least one key is one key, the at least one random number comprises multiple random numbers, the one key is derived based on the NAS key and a first random number of the multiple random numbers, and the validation of the RRC message is based on the one key, and the first random number or a second random number of the multiple random numbers.
In some example embodiments, the RRC message is a first RRC message, and the apparatus further comprises: means for receiving, from the terminal device, a second RRC message; and means for validating the second RRC message based on the at least one key and a third random number of the multiple random numbers.
In some example embodiments, the at least one key comprises multiple keys, the at least one random number comprises multiple random numbers corresponding to the multiple keys respectively, the multiple keys are derived based on the NAS key and the corresponding multiple random numbers respectively, and the validation of the RRC message is based on a first key of the multiple keys.
In some example embodiments, the RRC message is a first RRC message, and the apparatus further comprises: means for receiving, from the terminal device, a second RRC message; and means for validating the second RRC message based on a second key of the multiple keys.
In some example embodiments, the at least one random number is transmitted to the terminal device via a dedicated Radio Resource Control (RRC) message or a broadcast RRC message (for example, a system information block SIB) .
In some example embodiments, the at least one key is derived further based on at least one of the following: a non-terrestrial network (NTN) indicator; a pre-message 5 (MSG5) key; a tracking area code of the terminal device; an identity (ID) corresponding to the location of the terminal device; an identity (ID) of the access network device; or an identity of a NTN device that the access network device is embarked on.
In some example embodiments, the message related to the validating indicates at least one of: the result of the validating; or a remaining data size available for the terminal device at the access network device.
In some embodiments, the apparatus further comprises means for performing other steps in some embodiments of the method 600. In some embodiments, the means comprises at least one processor and at least one memory including computer program code, the at least one memory and computer program code configured to, with the at least one processor, cause the performance of the apparatus.
In some embodiments, an apparatus capable of performing the method 700 (for example, the core network device 130) may comprise means for performing the respective steps of the method 700. The means may be implemented in any suitable form. For example, the means may be implemented in a circuitry or software module.
In some example embodiments, the apparatus comprises: means for deriving, at a core network device, for a terminal device, at least one key based on a non-access stratum (NAS) key of the terminal device and at least one random number; and means for transmitting, when access stratum (AS) security is not used between the terminal device and an access network device associated with the terminal device, the at least one key and the at least one random number to the access network device, wherein the access network device is a non-terrestrial network (NTN) access network device.
In some example embodiments, the at least one key is one key, the at least one random number comprises multiple random numbers, and the means for deriving the at least one key comprises means for deriving, for the terminal device, the one key based on the NAS key and a first random number of the multiple random numbers.
In some example embodiments, the at least one key comprises multiple keys, the at least one random number comprises multiple random numbers corresponding to the multiple keys respectively, and the means for deriving the at least one key comprises means for deriving the multiple keys based on the NAS key and the corresponding multiple random numbers respectively.
In some example embodiments, the at least one key is derived further based on at least one of the following: a non-terrestrial network (NTN) indicator; a pre-message 5 (MSG5) key; a tracking area code of the terminal device; an identity (ID) corresponding to the location of the terminal device; an identity (ID) of the access network device; or an identity of a NTN device that the access network device is embarked on.
In some example embodiments, the access network device is a first access network device, the at least one key is at least one first key, the at least one random number is at  least one first random number, and the apparatus further comprises means for transmitting at least one second key and at least one second random number to a second access network device associated with the terminal device, wherein the at least one first key and the at least one second key are same or different.
In some embodiments, the apparatus further comprises means for performing other steps in some embodiments of the method 700. In some embodiments, the means comprises at least one processor and at least one memory including computer program code, the at least one memory and computer program code configured to, with the at least one processor, cause the performance of the apparatus.
FIG. 8 illustrates a simplified block diagram of a device 800 that is suitable for implementing some example embodiments of the present disclosure. The device 800 may be provided to implement a communication device, for example, the terminal device 110, the access network device 120, or the core network device 130 as shown in FIG. 1A. As shown, the device 800 includes one or more processors 810, one or more memories 820 coupled to the processor 810, and one or more communication modules 840 coupled to the processor 810.
The communication module 840 is for bidirectional communications. The communication module 840 has at least one antenna to facilitate communication. The communication interface may represent any interface that is necessary for communication with other network elements.
The processor 810 may be of any type suitable to the local technical network and may include one or more of the following: general purpose computers, special purpose computers, microprocessors, digital signal processors (DSPs) and processors based on multicore processor architecture, as non-limiting examples. The device 800 may have multiple processors, such as an application specific integrated circuit chip that is slaved in time to a clock which synchronizes the main processor.
The memory 820 may include one or more non-volatile memories and one or more volatile memories. Examples of the non-volatile memories include, but are not limited to, a Read Only Memory (ROM) 824, an electrically programmable read only memory (EPROM) , a flash memory, a hard disk, a compact disc (CD) , a digital video disk (DVD) , and other magnetic storage and/or optical storage. Examples of the volatile memories  include, but are not limited to, a random access memory (RAM) 822 and other volatile memories that will not last in the power-down duration.
A computer program 830 includes computer executable instructions that are executed by the associated processor 810. The program 830 may be stored in the ROM 824. The processor 810 may perform any suitable actions and processing by loading the program 830 into the RAM 822.
The embodiments of the present disclosure may be implemented by means of the program 830 so that the device 800 may perform any process of the disclosure as discussed with reference to FIG. 2. The embodiments of the present disclosure may also be implemented by hardware or by a combination of software and hardware.
In some example embodiments, the program 830 may be tangibly contained in a computer-readable medium which may be included in the device 800 (such as in the memory 820) or other storage devices that are accessible by the device 800. The device 800 may load the program 830 from the computer-readable medium to the RAM 822 for execution. The computer-readable medium may include any types of tangible non-volatile storage, such as ROM, EPROM, a flash memory, a hard disk, CD, DVD, and the like.
FIG. 9 illustrates a block diagram of an example of a computer-readable medium 900 in accordance with some example embodiments of the present disclosure. The computer-readable medium 900 has the program 830 stored thereon. It is noted that although the computer-readable medium 900 is depicted in form of CD or DVD in FIG. 9, the computer-readable medium 900 may be in any other form suitable for carry or hold the program 830.
Generally, various embodiments of the present disclosure may be implemented in hardware or special purpose circuits, software, logic or any combination thereof. Some aspects may be implemented in hardware, while other aspects may be implemented in firmware or software which may be executed by a controller, microprocessor or other computing device. While various aspects of embodiments of the present disclosure are illustrated and described as block diagrams, flowcharts, or using some other pictorial representations, it is to be understood that the block, apparatus, system, technique or method described herein may be implemented in, as non-limiting examples, hardware, software, firmware, special purpose circuits or logic, general purpose hardware or controller or other computing devices, or some combination thereof.
The present disclosure also provides at least one computer program product tangibly stored on a non-transitory computer-readable storage medium. The computer program product includes computer-executable instructions, such as those included in program modules, being executed in a device on a target real or virtual processor, to carry out the method 500, 600 or 700 as described above with reference to FIG. 5, 6 or 7. Generally, program modules include routines, programs, libraries, objects, classes, components, data structures, or the like that perform particular tasks or implement particular abstract data types. The functionality of the program modules may be combined or split between program modules as desired in various embodiments. Machine-executable instructions for program modules may be executed within a local or distributed device. In a distributed device, program modules may be located in both local and remote storage media.
Program code for carrying out methods of the present disclosure may be written in any combination of one or more programming languages. These program codes may be provided to a processor or controller of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the program codes, when executed by the processor or controller, cause the functions/operations specified in the flowcharts and/or block diagrams to be implemented. The program code may execute entirely on a machine, partly on the machine, as a stand-alone software package, partly on the machine and partly on a remote machine or entirely on the remote machine or server.
In the context of the present disclosure, the computer program codes or related data may be carried by any suitable carrier to enable the device, apparatus or processor to perform various processes and operations as described above. Examples of the carrier include a signal, computer-readable medium, and the like.
The computer-readable medium may be a computer-readable signal medium or a computer-readable storage medium. A computer-readable medium may include but not limited to an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of the computer-readable storage medium would include an electrical connection having one or more wires, a portable computer diskette, a hard disk, a random access memory (RAM) , a read-only memory (ROM) , an erasable programmable read-only memory (EPROM or Flash memory) , an optical fiber, a portable compact disc read-only memory (CD-ROM) , an optical storage device, a magnetic storage device, or any suitable  combination of the foregoing. The term “non-transitory, ” as used herein, is a limitation of the medium itself (i.e., tangible, not a signal) as opposed to a limitation on data storage persistency (e.g., RAM vs. ROM) .
Further, while operations are depicted in a particular order, this should not be understood as requiring that such operations be performed in the particular order shown or in sequential order, or that all illustrated operations be performed, to achieve desirable results. In certain circumstances, multitasking and parallel processing may be advantageous. Likewise, while several specific implementation details are contained in the above discussions, these should not be construed as limitations on the scope of the present disclosure, but rather as descriptions of features that may be specific to particular embodiments. Certain features that are described in the context of separate embodiments may also be implemented in combination in a single embodiment. Conversely, various features that are described in the context of a single embodiment may also be implemented in multiple embodiments separately or in any suitable sub-combination.
Although the present disclosure has been described in languages specific to structural features and/or methodological acts, it is to be understood that the present disclosure defined in the appended claims is not necessarily limited to the specific features or acts described above. Rather, the specific features and acts described above are disclosed as example forms of implementing the claims.
List of abbreviations
CN      Core Network
eNB     Evolved Node B
GEO     Geostationary Earth Orbit
LEO     Low-earth Orbit
NTN     Non-terrestrial Network
NTN-GW  NTN Gateway
NW      Network
RRC     Radio Resource Control
SAT     Satellite
UE      User Equipment

Claims (32)

  1. A terminal device comprising:
    at least one processor; and
    at least one memory storing instructions that, when executed by the at least one processor, cause the terminal device at least to:
    receive, when access stratum (AS) security is not used between the terminal device and an access network device, at least one random number from the access network device of a non-terrestrial network (NTN) ;
    derive at least one key based on a non-access stratum (NAS) key of the terminal device and the at least one random number;
    transmit, to the access network device, a radio resource control (RRC) message, wherein the RRC message is protected based on the at least one key; and
    after validating the terminal device based on the RRC message protected based on the at least one key, receive from the access network device a message related to the validating.
  2. The terminal device of claim 1, wherein the at least one key is one key, the at least one random number comprises multiple random numbers, and the terminal device is caused to derive the one key by:
    deriving the one key based on the NAS key and a first random number of the multiple random numbers, wherein the protection of the RRC message is based on the one key, and the first random number or a second random number of the multiple random numbers.
  3. The terminal device of claim 2, wherein the RRC message is a first RRC message, and the terminal device is further caused to:
    transmit, to the access network device, a second RRC message, wherein the second RRC message is protected based on the one key and a third random number of the multiple random numbers.
  4. The terminal device of claim 1, wherein the at least one key comprises multiple keys, the at least one random number comprises multiple random numbers  corresponding to the multiple keys respectively, and the terminal device is caused to derive the multiple keys by:
    deriving the multiple keys based on the NAS key and the corresponding multiple random numbers respectively, wherein the protection of the RRC message is based on a first key of the multiple keys.
  5. The terminal device of claim 4, wherein the RRC message is a first RRC message, and the terminal device is further caused to:
    transmit, to the access network device, a second RRC message, wherein the second RRC message is protected based on a second key of the multiple keys.
  6. The terminal device of any of claims 1-5, wherein the at least one random number is received from the access network device via a dedicated Radio Resource Control (RRC) message or a broadcast RRC message.
  7. The terminal device of any of claims 1-6, wherein the terminal device is caused to protect the RRC message by:
    generating a message authentication code (MAC) based on at least one of (i) the at least one key, (ii) an integrity key derived from the at least one key, (iii) a confidentiality protection key derived from the at least one key, or (iv) a random number of the at least one random number; and
    including the MAC in the RRC message.
  8. The terminal device of any of claims 1-7, wherein the at least one key is derived further based on at least one of the following:
    a non-terrestrial network (NTN) indicator;
    a pre-message 5 (MSG5) key;
    a tracking area code of the terminal device;
    an identity (ID) corresponding to the location of the terminal device;
    an identity (ID) of the access network device; or
    an identity of a NTN device that the access network device is embarked on.
  9. The terminal device of any of claims 1-8, wherein the message related to the validating indicates at least one of:
    the result of the validating; or
    a remaining data size available for the terminal device at the access network device.
  10. An access network device comprising:
    at least one processor; and
    at least one memory storing instructions that, when executed by the at least one processor, cause the access network device at least to:
    receive, when access stratum (AS) security is not used between a terminal device and the access network device, at least one key and at least one random number from a core network device, wherein the access network device is a non-terrestrial network (NTN) access network device, wherein the at least one key is derived based on a non-access stratum (NAS) key of the terminal device and the at least one random number;
    transmit the at least one random number to the terminal device;
    receive, from the terminal device, a radio resource control (RRC) message;
    validate the RRC message based on the at least one key; and
    after said validating, transmit to the terminal device a message related to the validating.
  11. The access network device of claim 10, wherein the access network device is caused to validate the RRC message by:
    generating a first message authentication code (MAC) based on at least one of (i) the at least one key, (ii) an integrity key derived from the at least one key, (iii) a confidentiality protection key derived from the at least one key, or (iv) a random number of the at least one random number; and
    validating the RRC message by comparing the first MAC to a second MAC included in the received RRC message.
  12. The access network device of claim 10 or 11, wherein the access network device is further caused to:
    based on determining that the validation of the RRC message is passed, enforce a size/amount limitation of data allowed to be sent from the terminal device; and
    store the content of the RRC message.
  13. The access network device of any of claims 10-12, wherein the access network device is further caused to:
    based on determining that the validation of the RRC message is failed, discard the received RRC message.
  14. The access network device of claim 10, wherein the at least one key is one key, the at least one random number comprises multiple random numbers, the one key is derived based on the NAS key and a first random number of the multiple random numbers, and the validation of the RRC message is based on the one key, and the first random number or a second random number of the multiple random numbers.
  15. The access network device of claim 14, wherein the RRC message is a first RRC message, and the access network device is further caused to:
    receive, from the terminal device, a second RRC message; and
    validate the second RRC message based on the at least one key and a third random number of the multiple random numbers.
  16. The access network device of claim 10, wherein the at least one key comprises multiple keys, the at least one random number comprises multiple random numbers corresponding to the multiple keys respectively, the multiple keys are derived based on the NAS key and the corresponding multiple random numbers respectively, and the validation of the RRC message is based on a first key of the multiple keys.
  17. The access network device of claim 6, wherein the RRC message is a first RRC message, and the access network device is further caused to:
    receive, from the terminal device, a second RRC message; and
    validate the second RRC message based on a second key of the multiple keys.
  18. The access network device of any of claims 10-17, wherein the at least one random number is transmitted to the terminal device via a dedicated Radio Resource Control (RRC) message or a broadcast RRC message.
  19. The access network device of any of claims 10-18, wherein the at least one key is derived further based on at least one of the following:
    a non-terrestrial network (NTN) indicator;
    a pre-message 5 (MSG5) key;
    a tracking area code of the terminal device;
    an identity (ID) corresponding to the location of the terminal device;
    an identity (ID) of the access network device; or
    an identity of a NTN device that the access network device is embarked on.
  20. The access network device of any of claims 10-19, wherein the message related to the validating indicates at least one of:
    the result of the validating; or
    a remaining data size available for the terminal device at the access network device.
  21. A core network device comprising:
    at least one processor; and
    at least one memory storing instructions that, when executed by the at least one processor, cause the core network device at least to:
    derive, for a terminal device, at least one key based on a non-access stratum (NAS) key of the terminal device and at least one random number; and
    transmit, when access stratum (AS) security is not used between the terminal device and an access network device associated with the terminal device, the at least one key and the at least one random number to the access network device, wherein the access network device is a non-terrestrial network (NTN) access network device.
  22. The core network device of claim 21, wherein the at least one key is one key, the at least one random number comprises multiple random numbers, and the core network device is caused to derive the one key by:
    deriving, for the terminal device, the one key based on the NAS key and a first random number of the multiple random numbers.
  23. The core network device of claim 21, wherein the at least one key comprises multiple keys, the at least one random number comprises multiple random numbers corresponding to the multiple keys respectively, and the core network device is caused to derive the multiple keys by:
    deriving the multiple keys based on the NAS key and the corresponding multiple random numbers respectively.
  24. The core network device of any of claims 21-23, wherein the at least one key is derived further based on at least one of the following:
    a non-terrestrial network (NTN) indicator;
    a pre-message 5 (MSG5) key;
    a tracking area code of the terminal device;
    an identity (ID) corresponding to the location of the terminal device;
    an identity (ID) of the access network device; or
    an identity of a NTN device that the access network device is embarked on.
  25. The core network device of any of claims 21-24, wherein the access network device is a first access network device, the at least one key is at least one first key, the at least one random number is at least one first random number, and the core network device is further caused to:
    transmit at least one second key and at least one second random number to a second access network device associated with the terminal device, wherein the at least one first key and the at least one second key are same or different.
  26. A method comprising:
    receiving, at a terminal device, when access stratum (AS) security is not used between the terminal device and an access network device, at least one random number from the access network device of a non-terrestrial network (NTN) ;
    deriving at least one key based on a non-access stratum (NAS) key of the terminal device and the at least one random number;
    transmitting, to the access network device, a radio resource control (RRC) message, wherein the RRC message is protected based on the at least one key; and
    after validating the terminal device based on the RRC message protected based on the at least one key, receiving from the access network device a message related to the validating.
  27. A method comprising:
    receiving, at an access network device, when access stratum (AS) security is not used between a terminal device and the access network device, at least one key and at least one random number from a core network device, wherein the access network device is a non-terrestrial network (NTN) access network device, wherein the at least one key is derived based on a non-access stratum (NAS) key of the terminal device and the at least one random number;
    transmitting the at least one random number to the terminal device;
    receiving, from the terminal device, a radio resource control (RRC) message;
    validating the RRC message based on the at least one key; and
    after said validating, transmitting to the terminal device a message related to the validating.
  28. A method comprising:
    deriving, at a core network device, for a terminal device, at least one key based on a non-access stratum (NAS) key of the terminal device and at least one random number; and
    transmitting, when access stratum (AS) security is not used between the terminal device and an access network device associated with the terminal device, the at least one key and the at least one random number to the access network device, wherein the access network device is a non-terrestrial network (NTN) access network device.
  29. An apparatus comprising:
    means for receiving, at a terminal device, when access stratum (AS) security is not used between the terminal device and an access network device, at least one random number from the access network device of a non-terrestrial network (NTN) ;
    means for deriving at least one key based on a non-access stratum (NAS) key of the terminal device and the at least one random number;
    means for transmitting, to the access network device, a radio resource control (RRC) message, wherein the RRC message is protected based on the at least one key; and
    means for, after validating the terminal device based on the RRC message protected based on the at least one key, receiving from the access network device a message related to the validating.
  30. An apparatus comprising:
    means for receiving, at an access network device, when access stratum (AS) security is not used between a terminal device and the access network device, at least one key and at least one random number from a core network device, wherein the access network device is a non-terrestrial network (NTN) access network device, wherein the at least one key is derived based on a non-access stratum (NAS) key of the terminal device and the at least one random number;
    means for transmitting the at least one random number to the terminal device;
    means for receiving, from the terminal device, a radio resource control (RRC) message;
    means for validating the RRC message based on the at least one key; and
    means for, after said validating, transmitting to the terminal device a message related to the validating.
  31. An apparatus comprising:
    means for deriving, at a core network device, for a terminal device, at least one key based on a non-access stratum (NAS) key of the terminal device and at least one random number; and
    means for transmitting, when access stratum (AS) security is not used between the terminal device and an access network device associated with the terminal device, the at least one key and the at least one random number to the access network device, wherein the access network device is a non-terrestrial network (NTN) access network device.
  32. A non-transitory computer readable medium comprising program instructions for causing an apparatus to perform at least the method of any of claims 26-28.
PCT/CN2023/099365 2023-06-09 2023-06-09 Validation of terminal device Pending WO2024250273A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/CN2023/099365 WO2024250273A1 (en) 2023-06-09 2023-06-09 Validation of terminal device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2023/099365 WO2024250273A1 (en) 2023-06-09 2023-06-09 Validation of terminal device

Publications (1)

Publication Number Publication Date
WO2024250273A1 true WO2024250273A1 (en) 2024-12-12

Family

ID=93794879

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2023/099365 Pending WO2024250273A1 (en) 2023-06-09 2023-06-09 Validation of terminal device

Country Status (1)

Country Link
WO (1) WO2024250273A1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101094065A (en) * 2006-06-23 2007-12-26 华为技术有限公司 Key distribution method and system in wireless communication network
US20130310006A1 (en) * 2011-01-28 2013-11-21 Huawei Technologies Co., Ltd. Method and device for key generation
WO2014161155A1 (en) * 2013-04-02 2014-10-09 Nokia Corporation Methods and apparatus for securing device-to-device communications
US20160134418A1 (en) * 2013-06-26 2016-05-12 Nokia Technologies Oy Methods and Apparatus for Generating Keys in Device-to-Device Communications

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101094065A (en) * 2006-06-23 2007-12-26 华为技术有限公司 Key distribution method and system in wireless communication network
US20130310006A1 (en) * 2011-01-28 2013-11-21 Huawei Technologies Co., Ltd. Method and device for key generation
WO2014161155A1 (en) * 2013-04-02 2014-10-09 Nokia Corporation Methods and apparatus for securing device-to-device communications
US20160134418A1 (en) * 2013-06-26 2016-05-12 Nokia Technologies Oy Methods and Apparatus for Generating Keys in Device-to-Device Communications

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
NOMOR RESEARCH GMBH, THALES: "Initial Random Access Procedure in Non-Terrestrial Networks (NTN)", 3GPP DRAFT; R2-1818510_RACH, 3RD GENERATION PARTNERSHIP PROJECT (3GPP), MOBILE COMPETENCE CENTRE ; 650, ROUTE DES LUCIOLES ; F-06921 SOPHIA-ANTIPOLIS CEDEX ; FRANCE, vol. RAN WG2, no. Spokane, USA; 20181112 - 20181116, 12 November 2018 (2018-11-12), Mobile Competence Centre ; 650, route des Lucioles ; F-06921 Sophia-Antipolis Cedex ; France , XP051557995 *

Similar Documents

Publication Publication Date Title
US20240334525A1 (en) Access network device, terminal device, and core network device
US20230107526A1 (en) Handover method, terminal device, and network device
WO2023236212A1 (en) Efficient data transmission in store and forward system
WO2023039732A1 (en) Method, device and computer storage medium of communication
US20230337165A1 (en) Timer starting method and apparatus, and terminal and storage medium
US20230069669A1 (en) Methods, devices, and medium for communication
US20250212292A1 (en) Method, apparatus and computer program
US20250219719A1 (en) Communication method and apparatus
CN115915188A (en) Data transmission method and related device
WO2024250273A1 (en) Validation of terminal device
US20240244706A1 (en) Small data transmission
CN116325832B (en) Session management method, terminal device and network device
WO2024243880A1 (en) Dynamic non-access stratum timer value in non-terrestrial network
WO2021243518A1 (en) Initial access of remote device via relay
WO2025030345A1 (en) Mechanism for selecting a non-terrestrial network device
CN116391399A (en) Timing Advance Reporting Method, Receiving Method, Device and Equipment in NTN
WO2024065209A1 (en) Mobile terminated early data transmission for internet of things
WO2025156367A1 (en) Data transmissions with regenerative payload in satellite communications
WO2025260277A1 (en) Method, device, and system for ue registration in wireless networks using satellites
WO2024065527A1 (en) Transmission of application data
WO2025112008A1 (en) Secure communication in non-terrestrial network store and forward system
US20240243804A1 (en) Backhaul link for a high altitude platform
WO2025171559A9 (en) Method and apparatus for generating key during switch of serving network node
WO2024060296A1 (en) Method and apparatus of supporting state transition of network node
WO2025060001A1 (en) Handover in scenario when both source distributed unit and target distributed unit are co-located

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 23940156

Country of ref document: EP

Kind code of ref document: A1