[go: up one dir, main page]

WO2025114991A1 - Techniques pour permettre des restrictions d'accès au réseau héritées - Google Patents

Techniques pour permettre des restrictions d'accès au réseau héritées Download PDF

Info

Publication number
WO2025114991A1
WO2025114991A1 PCT/IB2025/050667 IB2025050667W WO2025114991A1 WO 2025114991 A1 WO2025114991 A1 WO 2025114991A1 IB 2025050667 W IB2025050667 W IB 2025050667W WO 2025114991 A1 WO2025114991 A1 WO 2025114991A1
Authority
WO
WIPO (PCT)
Prior art keywords
network
access restriction
network access
restriction information
processor
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
PCT/IB2025/050667
Other languages
English (en)
Inventor
Sheeba Backia Mary BASKARAN
Andreas Kunz
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Lenovo Singapore Pte Ltd
Original Assignee
Lenovo Singapore Pte Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Lenovo Singapore Pte Ltd filed Critical Lenovo Singapore Pte Ltd
Publication of WO2025114991A1 publication Critical patent/WO2025114991A1/fr
Pending legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W48/00Access restriction; Network selection; Access point selection
    • H04W48/02Access restriction performed under specific conditions

Definitions

  • the present disclosure relates to wireless communications, and more specifically to techniques for enabling legacy network access restrictions.
  • a wireless communications system may include one or multiple network communication devices, such as base stations, which may support wireless communications for one or multiple user communication devices, which may be otherwise known as user equipment (UE), or other suitable terminology.
  • the wireless communications system may support wireless communications with one or multiple user communication devices by utilizing resources of the wireless communication system (e.g., time resources (e.g., symbols, slots, subframes, frames, or the like) or frequency resources (e.g., subcarriers, carriers, or the like).
  • the wireless communications system may support wireless communications across various radio access technologies including third generation (3G) radio access technology, fourth generation (4G) radio access technology, fifth generation (5G) radio access technology, among other suitable radio access technologies beyond 5G (e.g., sixth generation (6G)).
  • the phrase “based on” shall not be construed as a reference to a closed set of conditions. For example, an example step that is described as “based on condition A” may be based on both a condition A and a condition B without departing from the scope of the present disclosure. In other words, as used herein, the phrase “based on” shall be construed in the same manner as the phrase “based at least in part on.” Further, as used herein, including in the claims, a “set may include one or more elements.
  • Some implementations of the method and apparatuses described herein may receive an indication of a network access restriction enforcement capability of a UE, receive a handover request for the UE, determine network access restriction information for the UE, transmit the network access restriction information to a network entity associated with a different network, and transmit a handover command comprising the network access restriction information to a base station associated with the UE for processing the handover request according to the network access restriction information.
  • Some implementations of the method and apparatuses described herein may receive an indication of a network access restriction enforcement capability of a UE from a network entity, receive network access restriction information for the UE from the network entity, and apply at least one network access restriction based on the received indication of the network access restriction enforcement capability of the UE and the received network access restriction information for the UE.
  • Some implementations of the method and apparatuses described herein may receive network access restriction information for a UE, store the network access restriction information, and apply at least one network access restriction based on the received network access restriction information for the UE.
  • Figure 1 illustrates an example of a wireless communications system in accordance with aspects of the present disclosure.
  • Figure 2 A illustrates a first part of an example procedure flow for handover from 5GS to evolved packet core (EPC) over N26 procedure in accordance with aspects of the present disclosure.
  • EPC evolved packet core
  • Figure 2B illustrates a second part of an example procedure flow for handover from 5GS to EPC over N26 procedure in accordance with aspects of the present disclosure.
  • Figure 3A illustrates a first part of an example procedure flow for tracking area update mobility from 5 G to 4G in accordance with aspects of the present disclosure.
  • Figure 3B illustrates a second part of an example procedure flow for tracking area update mobility from 5 G to 4G in accordance with aspects of the present disclosure.
  • FIG. 4A illustrates a first part of an example procedure flow for applying 3G/2G access restriction during 5G Single Radio Voice Call Continuity (SRVCC) from new radio (NR) to Universal Terrestrial Radio Access Network (UTRAN) based on the type of access restriction requirements in accordance with aspects of the present disclosure.
  • SRVCC Single Radio Voice Call Continuity
  • NR new radio
  • UTRAN Universal Terrestrial Radio Access Network
  • Figure 4B illustrates a second part of an example procedure flow for applying 3G/2G access restriction during 5G SRVCC from NR to UTRAN based on the type of access restriction requirements in accordance with aspects of the present disclosure.
  • Figure 4C illustrates a third part of an example procedure flow for applying 3G/2G access restriction during 5G SRVCC from NR to UTRAN based on the type of access restriction requirements in accordance with aspects of the present disclosure.
  • Figure 5 illustrates an example of a UE in accordance with aspects of the present disclosure.
  • Figure 6 illustrates an example of a processor in accordance with aspects of the present disclosure.
  • Figure 7 illustrates an example of a network equipment (NE) in accordance with aspects of the present disclosure.
  • Figure 8 illustrates a flowchart of a method performed by an NE in accordance with aspects of the present disclosure.
  • Figure 9 illustrates a flowchart of a method performed by an NE in accordance with aspects of the present disclosure.
  • Figure 10 illustrates a flowchart of a method performed by an NE in accordance with aspects of the present disclosure.
  • 2G/3G False Base Stations In wireless communications, 2G/3G False Base Stations (FBSs) remain a serious security threat to mobile networks. In these generations, critical security features are missing, for example, mutual authentication, integrity protection, strong security algorithms, etc. If a UE connects to a 2G/3G FBS from 4G or 5G, then it is vulnerable to bidding down attack, e.g., fraudulent SMS or phone call, which could cause significant financial losses for subscribers.
  • a mobile network operator may further allow different cases of handover from 4G to 3G/2G such as: (i) inter-radio access technology (RAT) handover from 4G to 3G, (ii) inter-RAT handover from 4G to 2G; and (iii) Routing Area Update (RAU) procedure when a UE that is registered with a mobility management entity (MME) (4G) selects a UTRAN (3G) or GSM EDGE Radio Access Network (GERAN) (2G).
  • MME mobility management entity
  • GERAN GSM EDGE Radio Access Network
  • the UE When the UE is in an IDLE state in 4G, it may use a RAU procedure (e.g., as specified in 5.3.3.3 or 5.3.3.6 in TS 23.401, incorporated herein by reference) or cell selection once 4G signalling is not available to connect to a 2G/3G base station.
  • a RAU procedure e.g., as specified in 5.3.3.3 or 5.3.3.6 in TS 23.401, incorporated herein by reference
  • cell selection once 4G signalling is not available to connect to a 2G/3G base station.
  • the UE when the UE is in a CONNECTED state in 5G, it may use Single Radio Voice Call Continuity (SRVCC) procedure (as in TS 23.216, incorporated herein by reference) to connect to a 3G base station.
  • SRVCC Single Radio Voice Call Continuity
  • the UE when the UE is in an IDLE or INACTIVE state in 5G, it may use cell selection once 4G and 5G signaling is not available to connect to a 2G/3G base station.
  • inter-RAT handover can occur from 4G to 3G (e.g., security procedure as specified in 9.2. 1 in TS 33.401 (incorporated herein by reference)), (ii) similarly inter-RAT handover from 4G to 2G (e.g., security procedure as specified in 10.3.1 in TS 33.401 (incorporated herein by reference)) can happen and (iii) Routing Area Update procedure takes place when a UE that is registered with an MME (4G) selects a UTRAN (3G) (e.g., as specified in 9.1.1 in TS 33.401 (incorporated herein by reference)) or GERAN (2G) (e.g., as specified in 10.2. 1 in TS 33.401 (incorporated herein by reference)).
  • UTRAN e.g., as specified in 9.1.1 in TS 33.401 (incorporated herein by reference)
  • GERAN (2G e.g., as specified in 10.2. 1 in TS 33.401 (incorporated herein by reference)
  • Another existing solution is directed to a security solution for SRVCC from 5G to 3G, as described in Annex J of TS 33.501 (incorporated herein by reference).
  • the gNB may initiate SRVCC related handover from 5G to 3G for voice continuity, thereby leading to a bidding down attack.
  • 2G/3G cell selection may occur, which causes the UE to connect to a 2G/3G network, resulting in a successful bidding down attack.
  • FIG. 1 illustrates an example of a wireless communications system 100 in accordance with aspects of the present disclosure.
  • the wireless communications system 100 may include one or more NE 102, one or more UE 104, and a core network (CN) 106.
  • the wireless communications system 100 may support various radio access technologies.
  • the wireless communications system 100 may be a 4G network, such as an LTE network or an LTE-Advanced (LTE-A) network.
  • LTE-A LTE-Advanced
  • the wireless communications system 100 may be a NR network, such as a 5G network, a 5G-Advanced (5G-A) network, or a 5G ultrawideband (5G- UWB) network.
  • the wireless communications system 100 may be a combination of a 4G network and a 5G network, or other suitable radio access technology including Institute of Electrical and Electronics Engineers (IEEE) 802. 11 (WiFi), IEEE 802.16 (WiMAX), IEEE 802.20.
  • IEEE Institute of Electrical and Electronics Engineers
  • WiFi WiFi
  • WiMAX IEEE 802.16
  • IEEE 802.20 The wireless communications system 100 may support radio access technologies beyond 5G, for example, 6G. Additionally, the wireless communications system 100 may support technologies, such as time division multiple access (TDMA), frequency division multiple access (FDMA), or code division multiple access (CDMA), etc.
  • TDMA time division multiple access
  • FDMA frequency division multiple access
  • CDMA code division multiple access
  • the one or more NE 102 may be dispersed throughout a geographic region to form the wireless communications system 100.
  • One or more of the NE 102 described herein may be or include or may be referred to as a network node, a base station, a network element, a network function, a network entity, a radio access network (RAN), a NodeB, an eNodeB (eNB), a next-generation NodeB (gNB), or other suitable terminology.
  • An NE 102 and a UE 104 may communicate via a communication link, which may be a wireless or wired connection.
  • an NE 102 and a UE 104 may perform wireless communication (e.g., receive signaling, transmit signaling) over a Uu interface.
  • An NE 102 may provide a geographic coverage area for which the NE 102 may support services for one or more UEs 104 within the geographic coverage area.
  • an NE 102 and a UE 104 may support wireless communication of signals related to services (e.g., voice, video, packet data, messaging, broadcast, etc.) according to one or multiple radio access technologies.
  • an NE 102 may be moveable, for example, a satellite associated with a non-terrestrial network (NTN).
  • NTN non-terrestrial network
  • different geographic coverage areas 112 associated with the same or different radio access technologies may overlap, but the different geographic coverage areas may be associated with different NE 102.
  • the one or more UE 104 may be dispersed throughout a geographic region of the wireless communications system 100.
  • a UE 104 may include or may be referred to as a remote unit, a mobile device, a wireless device, a remote device, a subscriber device, a transmitter device, a receiver device, or some other suitable terminology.
  • the UE 104 may be referred to as a unit, a station, a terminal, or a client, among other examples.
  • the UE 104 may be referred to as an Intemet-of-Things (loT) device, an Intemet-of-Everything (loE) device, or machinetype communication (MTC) device, among other examples.
  • LoT Intemet-of-Things
  • LoE Intemet-of-Everything
  • MTC machinetype communication
  • a UE 104 may be able to support wireless communication directly with other UEs 104 over a communication link.
  • a UE 104 may support wireless communication directly with another UE 104 over a device-to-device (D2D) communication link.
  • D2D device-to-device
  • the communication link 114 may be referred to as a sidelink.
  • a UE 104 may support wireless communication directly with another UE 104 over a PC5 interface.
  • An NE 102 may support communications with the CN 106, or with another NE 102, or both.
  • an NE 102 may interface with other NE 102 or the CN 106 through one or more backhaul links (e.g., SI, N2, N2, or network interface).
  • the NE 102 may communicate with each other directly.
  • the NE 102 may communicate with each other or indirectly (e.g., via the CN 106.
  • one or more NE 102 may include subcomponents, such as an access network entity, which may be an example of an access node controller (ANC).
  • ANC access node controller
  • An ANC may communicate with the one or more UEs 104 through one or more other access network transmission entities, which may be referred to as a radio heads, smart radio heads, or TRPs.
  • the CN 106 may support user authentication, access authorization, tracking, connectivity, and other access, routing, or mobility functions.
  • the CN 106 may be an evolved packet core (EPC), or a 5G core (5GC), which may include a control plane entity that manages access and mobility (e.g., a mobility management entity (MME), an access and mobility management functions (AMF)) and a user plane entity that routes packets or interconnects to external networks (e.g., a serving gateway (S-GW), a Packet Data Network (PDN) gateway (P-GW), or a user plane function (UPF)).
  • EPC evolved packet core
  • 5GC 5G core
  • MME mobility management entity
  • AMF access and mobility management functions
  • S-GW serving gateway
  • PDN gateway Packet Data Network gateway
  • UPF user plane function
  • control plane entity may manage non-access stratum (NAS) functions, such as mobility, authentication, and bearer management (e.g., data bearers, signal bearers, etc.) for the one or more UEs 104 served by the one or more NE 102 associated with the CN 106.
  • NAS non-access stratum
  • the CN 106 may communicate with a packet data network over one or more backhaul links (e.g., via an S I, N2, N2, or another network interface).
  • the packet data network may include an application server.
  • one or more UEs 104 may communicate with the application server.
  • a UE 104 may establish a session (e.g., a protocol data unit (PDU) session, or the like) with the CN 106 via an NE 102.
  • the CN 106 may route traffic (e.g., control information, data, and the like) between the UE 104 and the application server using the established session (e.g., the established PDU session).
  • the PDU session may be an example of a logical connection between the UE 104 and the CN 106 (e.g., one or more network functions of the CN 106).
  • the NEs 102 and the UEs 104 may use resources of the wireless communications system 100 (e.g., time resources (e.g., symbols, slots, subframes, frames, or the like) or frequency resources (e.g., subcarriers, carriers)) to perform various operations (e.g., wireless communications).
  • the NEs 102 and the UEs 104 may support different resource structures.
  • the NEs 102 and the UEs 104 may support different frame structures.
  • the NEs 102 and the UEs 104 may support a single frame structure.
  • the NEs 102 and the UEs 104 may support various frame structures (i.e., multiple frame structures).
  • the NEs 102 and the UEs 104 may support various frame structures based on one or more numero logics.
  • One or more numerologies may be supported in the wireless communications system 100, and a numerology may include a subcarrier spacing and a cyclic prefix.
  • a time interval of a resource may be organized according to frames (also referred to as radio frames).
  • Each frame may have a duration, for example, a 10 millisecond (ms) duration.
  • each frame may include multiple subframes.
  • each frame may include 10 subframes, and each subframe may have a duration, for example, a 1 ms duration.
  • each frame may have the same duration.
  • each subframe of a frame may have the same duration.
  • a time interval of a resource may be organized according to slots.
  • a subframe may include a number (e.g., quantity) of slots.
  • the number of slots in each subframe may also depend on the one or more numerologies supported in the wireless communications system 100.
  • Each slot may include a number (e.g., quantity) of symbols (e.g., OFDM symbols).
  • the number (e.g., quantity) of slots for a subframe may depend on a numerology.
  • a slot may include 14 symbols.
  • a slot may include 12 symbols.
  • an electromagnetic (EM) spectrum may be split, based on frequency or wavelength, into various classes, frequency bands, frequency channels, etc.
  • the wireless communications system 100 may support one or multiple operating frequency bands, such as frequency range designations FR1 (410 MHz - 7.125 GHz), FR2 (24.25 GHz - 52.6 GHz), FR3 (7.125 GHz - 24.25 GHz), FR4 (52.6 GHz - 114.25 GHz), FR4a or FR4-1 (52.6 GHz - 71 GHz), and FR5 (114.25 GHz - 300 GHz).
  • FR1 410 MHz - 7.125 GHz
  • FR2 24.25 GHz - 52.6 GHz
  • FR3 7.125 GHz - 24.25 GHz
  • FR4 (52.6 GHz - 114.25 GHz
  • FR4a or FR4-1 52.6 GHz - 71 GHz
  • FR5 114.25 GHz - 300 GHz
  • the NEs 102 and the UEs 104 may perform wireless communications over one or more of the operating frequency bands.
  • FR1 may be used by the NEs 102 and the UEs 104, among other equipment or devices for cellular communications traffic (e.g., control information, data).
  • FR2 may be used by the NEs 102 and the UEs 104, among other equipment or devices for short-range, high data rate capabilities.
  • FR1 may be associated with one or multiple numerologies (e.g., at least three numerologies).
  • FR2 may be associated with one or multiple numerologies (e.g., at least 2 numerologies).
  • the solutions discussed herein relate to techniques for preventing bidding down attacks.
  • the subject matter disclosed herein describes features to provide the UTRAN (3G) and GERAN (2G) access restriction information from the AMF (in 5G system) to the MME (in 4G system) to avoid any further handover initiation from 4G to UTRAN (i.e., 3G network) and/or GERAN (i.e., 2G network).
  • the embodiments further describe determining, based on the UTRAN and GERAN access restriction information available in 5G and provided to MME in 4G, to make the MME defer from SRVCC handover to 3G for UE and to make the MME perform S 1 handover.
  • 5G NR provides GERAN access/handover restriction to UTRAN (e.g., via E-UTRAN i.e., 4G) to further avoid a handover initiation to GERAN (2G network) during SRVCC from 5G to 3G.
  • a first embodiment is directed to provisioning and enforcing UTRAN and GERAN access, handover, and/or mobility restrictions during 5GS to EPC overN26.
  • the mobile network operator may have decommissioned 2G and 3G networks, and it may not be desirable to allow UE connections in 5G to fall back/handover to a 2G/3G network connection.
  • This embodiment describes how the UTRAN and GERAN access restriction information can be provided from the AMF (in 5G system) to the MME (in 4G LTE system) to prevent any further handover of the UE from E-UTRAN (4G) to UTRAN/GERAN (3G/2G) network, as shown in Figures 2A - 2B.
  • the UTRAN and GERAN access restriction information received at the MME may be stored locally in the MME and in the eNB to further enforce the related access restrictions (e.g., to determine not to initiate/allow handover or relocation from 4G E-UTRAN to a UTRAN or GERAN accordingly).
  • Figures 2A - 2B illustrate an example procedure flow for handover from 5GS to EPC over N26 procedure in accordance with aspects of the present disclosure.
  • the 5GC has a current security context for the UE.
  • the current 5G security context may be a mapped 5G security context resulting from a previous mobility from EPC, or a native 5G security context resulting from a primary authentication with the 5GC.
  • the UE 201 sends an initial NAS message that includes an indication of the UE’s capabilities to support GERAN and UTRAN access restrictions.
  • the UE 201 sends an initial NAS message that includes an information element (IE) that indicates support of network access restriction enforcement capability.
  • the network access restriction enforcement capability(ies) IE may contain information to indicate support of GERAN and UTRAN access restrictions.
  • the initial NAS message to the AMF 207 in la may be an initial registration request message, a mobility registration update request message, or a service request message.
  • the network may initiate and run primary authentication with the UE 201 to perform mutual authentication (e.g., using EAP-AKA’, 5G AKA, or another EAP method) (see messaging 204).
  • the AMF 207 may fetch subscription data from the UDM by sending a Nudm SubscriberDataManagement (SDM) get request or using a Nudm service operation message with subscription permanent identifier (SUPI) and network access restriction enforcement capability (if received in la).
  • SDM Nudm SubscriberDataManagement
  • SUPI subscription permanent identifier
  • the UDM/UDR manages GERAN and UTRAN access restrictions as part of the network access restriction requirements for the UE(s) in the subscription data (e.g., as part of UE access and mobility context).
  • the UDM sends a Nudm SDM Get Response message, which includes the network access restriction information (UTRAN access restricted/not allowed, GERAN access restricted/not allowed) along with the other subscription data.
  • the AMF 207 is configured with the network access restriction information.
  • the AMF 207 locally stores the UE’s support of network access restriction enforcement capability (received in la) along with the network access restriction information (fetched from the UDM or locally configured in the AMF 207), in the UE context.
  • the UE 201 is connected to the network and may consume services.
  • a handover may be initiated by the gNB/ng-eNB 203 (e.g., due to UE mobility or signal weakness) (see block 206).
  • the gNB/ng-eNB 203 sends a Handover Required message to the AMF 207, including the UE’s identity.
  • the source AMF 207 when the source AMF 207 performs a handover procedure to the EPC, after checking the UE’s access rights and security capabilities, the source AMF 207 prepares a UE context including a mapped EPS security context for the target MME 209 and the network access restriction information (UTRAN access restricted, GERAN access restricted). To construct the mapped EPS security context, the source AMF 207 may derive a K’ASME using the KA F key and the current downlink 5G NAS COUNT of the current 5G security context, e.g., as described in clause 8.6.1 in TS 33.501 (incorporated herein by reference) and then increments its stored downlink 5G NAS COUNT value by one.
  • a K’ASME using the KA F key and the current downlink 5G NAS COUNT of the current 5G security context, e.g., as described in clause 8.6.1 in TS 33.501 (incorporated herein by reference) and then increments its stored downlink 5G NAS COUNT value by one.
  • the source AMF 207 selects the EPS NAS algorithms identifiers (e.g., it has stored) to be used in the target MME 209 at interworking handover to EPS, e.g., for encryption and integrity protection.
  • a legacy target MME 209 is expecting to receive the selected EPS NAS algorithms identifiers over N26 from the source AMF 207 as the target MME 209 believes the source AMF 207 is another MME 209.
  • the source AMF 207 has therefore provisioned the EPS NAS security algorithms identifiers to be used at interworking handover to EPS to the UE 201 in the 5G NAS security mode command (SMC) in 5G access, e.g., as described in clause 6.7.2 (incorporated herein by reference).
  • the target MME 209 could re-select different EPS NAS algorithms thought to be used with the UE 201 by running a NAS SMC in the following Tracking Area Update (TAU) procedure.
  • TAU Tracking Area Update
  • the uplink and downlink EPS NAS COUNT associated with the newly derived KAS E' key are set.
  • the eKSI for the newly derived KASME' key may be defined as described in clause 8.6.1 TS 33.501 (incorporated herein by reference).
  • the source AMF 207 may also derive the initial K 6 NB key from the KASME' key and the uplink NAS COUNT, e.g., as specified in Annex A.3 of TS 33.401 (incorporated by reference), using 2 32 -l as the value of the uplink NAS COUNT parameter.
  • the source AMF 207 and the UE 201 uses 2 32 -l as the value of the uplink NAS COUNT for the purpose of deriving K 6 NB and do not set the uplink NAS COUNT to 2 32 -l.
  • the reason for choosing such a value not in the normal NAS COUNT range, e.g., [0, 2 24 -l] may be to avoid any possibility that the value may be used to derive the same K 6 NB again.
  • the source AMF 207 subsequently derives NH two times, e.g., as specified in clause A.4 of TS 33.401 (incorporated herein by reference).
  • the source AMF 207 transfers the UE security context (including new KAS E', eKSI, uplink and downlink EPS NAS COUNT’S, UE EPS security capabilities, UE’s support of network access restriction enforcement capability, and/or selected EPS NAS algorithms identifiers), network access restriction information (UTRAN access restricted, GERAN access restricted) to the target MME 209 in the Forward Relocation Request message.
  • the UE NR security capabilities may be sent by the source AMF 207.
  • the target MME 209 stores the network access restriction information (UTRAN access restricted/not allowed, GERAN access restricted/not allowed) and the UE’s support of network access restriction enforcement capability as part of the UE context (if received from the AMF 207 in 3a).
  • the network access restriction information UTRAN access restricted/not allowed, GERAN access restricted/not allowed
  • the MME 209 based on the received network access restriction information (UTRAN access restricted, GERAN access restricted)and the network access restriction enforcement capability (in 3a), performs an action including not initiating an inter-RAT handover to UTRAN/GERAN, not initiating or forwarding relocation requests related to SRVCC specific handover from 5G/4G to 3G or 2G, and provisioning the network access restriction information (UTRAN access restricted/not allowed, GERAN access restricted/not allowed) to the eNB 205 and the UE 201 to enforce the UTRAN and GERAN access restrictions for the UE 201 at the eNB 205 and the UE 201.
  • the target MME 209 when the target MME 209 receives a Forward Relocation Request message from source AMF 207, then the target MME 209 derives EPS NAS keys (e.g., KNASenc and from the received KASME' key with the received EPS NAS security algorithm identifiers as input, to be used in EPC, e.g., as described in Annex A.7 in TS 33.401 (incorporated herein by reference).
  • EPS NAS keys e.g., KNASenc and from the received KASME' key with the received EPS NAS security algorithm identifiers as input
  • the UE security capabilities may include the UE EPS security capabilities received from the source AMF 207 and/or the UE’s support of network access restriction enforcement.
  • the eNB 205 upon receipt of the SI HANDOVER REQUEST from the target MME 209, stores the network access restriction information (UTRAN access restricted/not allowed, GERAN access restricted/not allowed), and UE’s support of network access restriction enforcement capability (if received in the SI HANDOVER REQUEST), along with the UE context.
  • the network access restriction information UTRAN access restricted/not allowed, GERAN access restricted/not allowed
  • UE support of network access restriction enforcement capability
  • the eNB 205 based on the received network access restriction information (UTRAN access restricted/not allowed, GERAN access restricted/not allowed), and the UE’s support of network access restriction enforcement capability, performs an action including not initiating a inter-RAT handover to UTRAN/GERAN, not initiating SRVCC from 5G/4G to 3G or 2G, and provisioning the network access restriction information (UTRAN access restricted/not allowed, GERAN access restricted/not allowed) to the UE.
  • the target eNB 205 upon receipt of the SI HANDOVER REQUEST from the target MME 209, the target eNB 205 selects AS security algorithms from the UE EPS security capabilities, e.g., as described in clause 7.2.4.2.3 in TS 33.401 (incorporated herein by reference) and computes the KeNB to be used with the UE 201 and proceed, e.g., as described in clause 7.2.8.4.3 in TS 33.401 (incorporated herein by reference). The target eNB 205 then sends the selected AS security algorithms in the target to source transparent container in the SI Handover Request Ack Message to the target MME 209.
  • the target MME 209 shall include the target to source transparent container received from the target eNB 205 in the Forward Relocation Response message sent to the source AMF 207.
  • the source AMF 207 includes the target to source transparent container, network access restriction information (UTRAN access restricted, GERAN access restricted) (if network access restriction information is available for the UE 201), and the 8 least significant bits (LSB) of the downlink NAS COUNT value used in KASME derivation in 2, in the Handover command sent to the source gNB/ng-eNB 203.
  • network access restriction information UTRAN access restricted, GERAN access restricted
  • LSB 8 least significant bits
  • the source gNB/ng-eNB 203 includes the target to source transparent container, network access restriction information (UTRAN access restricted/not allowed, GERAN access restricted/not allowed) and the 8 LSB of the downlink NAS COUNT value in the Handover command sent to the UE 201.
  • the gNB/ng-eNB 203 stores the network access restriction information (UTRAN access restricted, GERAN access restricted), if received from the AMF 207, as part of the UE context, along with 5G-global unique temporary identifier (GUTI), radio network temporary identifier (RNTI), and temporary mobile subscriber identity (TMSI). Further, based on the received network access restriction information, the RAN performs an action including not initiating an inter-RAT handover to UTRAN/GERAN and not initiating SRVCC from 4G to 3G or 2G.
  • GUI 5G-global unique temporary identifier
  • RNTI radio network temporary identifier
  • TMSI temporary mobile subscriber identity
  • the UE 201 upon the reception of the Handover Command message, the UE 201 estimates the downlink NAS COUNT value using the received 8 LSB of the downlink NAS COUNT value and its stored downlink NAS COUNT value. The UE 201 shall ensure that the estimated downlink NAS COUNT value is greater than the stored downlink NAS COUNT value. Then, the UE 201 may derive the mapped EPS security context, e.g., derive KASME' from KAMF e.g., as described in clause 8.6.1 of TS 33.501 (incorporated herein by reference) using the estimated downlink 5G NAS COUNT value. After the derivation, the UE 201 may set the downlink NAS COUNT value in the 5G NAS security context to the received downlink NAS COUNT value.
  • the mapped EPS security context e.g., derive KASME' from KAMF e.g., as described in clause 8.6.1 of TS 33.501 (incorporated herein by reference
  • the eKSI for the newly derived KASME' key is defined, e.g., as described in clause 8.6.1 TS 33.501 (incorporated herein by reference).
  • the UE 201 may also derive the EPS NAS keys (e.g., KNASenc and KNASint) as the MME 209 did in 4a using the EPS NAS security algorithms identifiers stored in the UE 201 and provisioned by the AMF 207 to the UE 201 in 5G NAS SMC in earlier 5G access.
  • the UE 201 may also derive the initial K 6 NB from the KAS E' and the uplink NAS COUNT, e.g., as specified in Annex A.3 of TS 33.401 (incorporated herein by reference) using 2 32 -l as the value of the uplink NAS COUNT parameter.
  • the UE 201 may derive the AS radio resource control (RRC) keys and the AS UP keys based on the IGNB and the received AS EPS security algorithms identifiers selected by the target eNB 205, e.g., as described in Annex A.7 in TS 33.401 (incorporated herein by reference).
  • RRC radio resource control
  • the uplink and downlink EPS NAS COUNT associated with the derived EPS NAS keys may be set to the values, e.g., as described in clause 8.6.1 (incorporated herein by reference).
  • the UE 201 may immediately take into use the newly created mapped EPS security context, both for NAS and AS communication.
  • the UE 201 stores the network access restriction information (UTRAN access restricted/not allowed, GERAN access restricted/not allowed) if received in the handover command and determines not to select UTRAN access (3G) or GERAN access (2G), e.g., even if the 5G signal or 4G signal is not available and the UE 201 waits until the 5G/4G signal is available to prevent a bidding down attack.
  • the UE 201 connects to 4G e g., LTE/E-UTRAN.
  • the UE 201 sends the Handover Complete message to the target eNB 205.
  • the UE 201 may cipher and integrity protect this message using the newly created mapped EPS security context.
  • the target eNB 205 notifies the target MME 209 with a Handover Notify message.
  • the UE 201 after successful completion of the handover procedure, deletes any mapped 5G security context. In further embodiments, after deleting the mapped 5G security context, if the UE 201 has a full non-current native 5G NAS security context, then the UE 201 makes the non-current native 5G NAS security context the current one.
  • a second embodiment is directed to provisioning and enforcing UTRAN and GERAN access, handover, and/or mobility restrictions during Idle mode mobility from 5G to 4G.
  • UTRAN and GERAN access restriction information can be provided from the AMF 307 in the 5G system to the MME 305 in the 4G/LTE system during the tracking area update when the UE 301 is in Idle mode mobility from 5G to 4G system to prevent further handover of the UE 301 from E-UTRAN (4G) to UTRAN/GERAN (3G/2G) network.
  • the UTRAN and GERAN access restriction information received at the MME 305 can be stored locally in MME 305 and in the eNB 303 to further enforce the related access restrictions (e.g., to determine not to initiate/allow handover or relocation from 4G E-UTRAN to an UTRAN or GERAN accordingly).
  • FIGS 3A - 3B illustrate an example procedure flow for TAU e.g., Idle mode mobility from 5G to 4G in accordance with aspects of the present disclosure.
  • the UE 301 performs either TAU or Initial Attach procedure in this scenario.
  • the UE 301 initiates the TAU procedure by sending a TAU Request to the MME 305 with a mapped EPS GUTI derived from the 5G GUTI, its EPS security capabilities, and an indication of the UE’s capabilities to support GERAN and UTRAN access restrictions.
  • the mapped EPS GUTI contains the information of the AMF 307 that has the latest UE context in the 5G network.
  • the UE 301 sends an initial NAS message that includes an information element (IE) that indicates support of network access restriction enforcement capability.
  • the network access restriction enforcement capability(ies) IE may contain information to indicate support of GERAN and UTRAN access restrictions.
  • the UE 301 integrity protects the TAU Request message using the current 5G NAS security context identified by the 5G GUTI used to derive the mapped EPS GUTI. More precisely, the UE 301 shall compute the NAS medium access control (MAC) for the TAU request as it is done for a 5G NAS message over a 3GPP access.
  • the NAS Uplink COUNT for integrity protection of the TAU request shall use the same value as the 5G NAS Uplink COUNT. Consequently, this results in an increase of the stored NAS Uplink COUNT value in the NAS COUNT pair associated with the 3GPP access.
  • the corresponding ngKSI value of the 5G Security context is included in the eKSI parameter of the TAU Request message.
  • the MME 305 upon receipt of the TAU Request, obtains the AMF address from the mapped EPS GUTI value.
  • the MME 305 forwards the complete TAU Request message including the eKSI, NAS-MAC, mapped EPS GUTI, and the UE’s support of network access restriction enforcement capability in the Context Request message.
  • the AMF 307 uses the eKSI value field to identify the 5G NAS security context and use it to verify the TAU Request message as if it was a 5G NAS message received over 3GPP access.
  • the AMF 307 further checks if there is any UTRAN and GERAN network access restriction information available (locally or in the UDM) for the UE in the UE context. If available, the AMF 307 fetches the UTRAN and GERAN access restriction information (e.g., GERAN not allowed/restricted, UTRAN not allowed/restricted).
  • the AMF 307 shall derive a mapped EPS NAS security context, e.g., as described in clause 8.6.1 TS 33.501 (incorporated herein by reference).
  • the AMF 307 shall set the EPS NAS algorithms to the algorithms indicated earlier to the UE 301 in a NAS SMC as described in clause 6.7.2 (incorporated herein by reference).
  • the AMF 307 includes the mapped EPS NAS security context and the UTRAN and GERAN access not allowed indications in the Context Response message and sends it to the MME 305. In one embodiment, the AMF 307 shall never transfer 5G security parameters to an entity outside the 5G system.
  • the UE 301 derives a mapped EPS NAS security context, e.g., as described in clause 8.6.1 TS 33.501 (incorporated herein by reference).
  • the UE 301 shall select the EPS algorithms using the ones received in an earlier NAS SMC from the AMF 307, e.g., as described in clause 6.7.2 TS 33.501 (incorporated herein by reference).
  • the UE 301 shall immediately activate the mapped EPS security context and be ready to use it for the processing of the TAU Accept message in 7.
  • the MME 305 compares the UE security algorithms to its configured list after it receives the Context Response message. If an algorithm change is required, the MME 305 selects the NAS algorithm that has the highest priority from its configured list and is also present in the UE 5G security capabilities and initiates an NAS SMC to the UE 301. Otherwise, 8-10 shall be skipped.
  • the MME 305 stores the network access restriction information (e.g., GERAN not allowed/restricted, UTRAN not allowed/restricted) received in 5 and the UE’s support of network access restriction enforcement capability as part of the UE context (if received from the AMF 307 in 1).
  • the network access restriction information e.g., GERAN not allowed/restricted, UTRAN not allowed/restricted
  • the MME 305 based on the received network access restriction information (e.g., GERAN not allowed/restricted, UTRAN not allowed/restricted), and the network access restriction enforcement capability, performs an action including not initiating an inter-RAT handover to UTRAN/GERAN, not initiating or forwarding relocation requests related to an SRVCC-specific handover from 5G/4G to 3G or 2G, and provisioning the network access restriction information (GERAN not allowed/restricted, UTRAN not allowed/restricted) to the eNB 303, and the UE 301 to enforce the UTRAN and GERAN access restrictions for the UE 301 at the eNB 303 and UE 301.
  • the network access restriction information e.g., GERAN not allowed/restricted, UTRAN not allowed/restricted
  • the MME 305 and the UE 301 perform a NAS SMC to derive new NAS keys with the new algorithms, e.g., as described in Clause 7.2.8. 1.2 ofTS 33.401 (incorporated herein by reference).
  • the MME 305 sends, to the UE 301, the UE’s support of network access restriction enforcement capability (received in 1) and UTRAN and GERAN access/handover restriction information e.g., UTRAN access restricted/not allowed, GERAN access restricted/not allowed indications) (based on UTRAN and GERAN access restriction information received from the AMF 307 in 5 and stored in 7b) in the NAS SMC message.
  • network access restriction enforcement capability received in 1
  • UTRAN and GERAN access/handover restriction information e.g., UTRAN access restricted/not allowed, GERAN access restricted/not allowed indications
  • the UE 301 derives a new NAS key from a selected algorithm in NAS SMC.
  • the UE 301 verifies the NAS SMC message using the NAS keys (for integrity verification).
  • the UE 301 sends the NAS security mode complete message to the MME 305.
  • the UE 301 stores the network access restriction information (UTRAN access restricted/not allowed, GERAN access restricted/not allowed), if received in the NAS SMC message, and determines not to select UTRAN access (3G) or GERAN access (2G), e.g., even if the 5G signal or 4G signal is not available and the UE 201 waits until the 5G/4G signal is available to prevent a bidding down attack.
  • the UE 201 connects to 4G e g., LTE/E-UTRAN.
  • the MME 305 completes the procedure with a TAU Accept message.
  • the MME 305 may send the network access restriction information (UTRAN access restricted/not allowed, GERAN access restricted/not allowed) to the UE 301 in a TAU accept message in 11 instead of in 8.
  • the UE 301 may then store the network access restriction information (UTRAN access restricted/not allowed, GERAN access restricted/not allowed) if it is received in a TAU accept message and determines not to select UTRAN access (3G) or GERAN access (2G), e.g., even if the 5G signal or 4G signal is not available and the UE 201 waits until the 5G/4G signal is available to prevent a bidding down attack.
  • the UE 201 connects to 4G e.g., LTE/E-UTRAN.
  • the MME 305 sends the network access restriction information (UTRAN access restricted/not allowed, GERAN access restricted/not allowed) to the eNB 303, if network access restriction information is available for the UE 301, in an SI message.
  • the network access restriction information (UTRAN access restricted/not allowed, GERAN access restricted/not allowed)
  • the eNB 303 stores the network access restriction information (UTRAN access restricted, GERAN access restricted), if it is received from the MME 305, as part of the UE context along with GUTI, RNTI, and/or TMSI. Further, based on the received network access restriction information, the RAN determines to perform an action including initiating an inter-RAT handover to UTRAN/GERAN and not initiating SRVCC from 4G to 3G or 2G.
  • the network access restriction information UTRAN access restricted, GERAN access restricted
  • the UE 301 after successful completion of the TAU procedure, deletes any mapped 5G security context. After deleting the mapped 5G security context, if the UE 301 has a full non-current native 5G NAS security context, then the UE 301 makes the non-current native 5GNAS security context the current one.
  • a third embodiment is directed to applying UTRAN and/or GERAN access, handover, and/or mobility restrictions during SRVCC from NR considering the type of access (3G and/or 2G) restrictions enforced.
  • the AMF in 5GS can provide UTRAN and/or GERAN access restrictions information to the MME during the 5G SRVCC, to allow the MME to determine and apply either a suitable GERAN access restriction (or) both GERAN and UTRAN access restrictions while enabling an allowed handover (e.g., preventing restricting handover and to establish only allowed handover for the UE).
  • a suitable GERAN access restriction or both GERAN and UTRAN access restrictions
  • an allowed handover e.g., preventing restricting handover and to establish only allowed handover for the UE.
  • the MME determines to continue with SRVCC to 3G e.g., UTRAN, but MME provides the GERAN access restriction information to the UTRAN so that further handover of UE to a GERAN can be prevented in the UTRAN.
  • the second scenario is where 2G and 3G network is decommissioned. If a mobile network operator decommissioned both 2G network and 3G network, then following a relocation request (with UTRAN access restrictions and GERAN access restriction information) received from AMF, the MME determines not to initiate SRVCC to 3G/2G e.g., UTRAN/GERAN to prevent any handover to 3G/2G. Instead, the MME determines to initiate S 1 handover to enable the UE to handover to the 4G network.
  • Figures 4A-4C illustrate an example procedure flow for applying 3G/2G access restriction during 5G SRVCC from NR to E-UTRAN or UTRAN based on the type of access (3G and/or 2G) restriction requirements/enforced in accordance with aspects of the present disclosure.
  • the 5GC has a current security context for the UE.
  • the current 5G security context may be a mapped 5G security context resulting from a previous mobility from EPC, or a native 5G security context resulting from a primary authentication with the 5GC.
  • the UE 401 sends an initial NAS message that includes an indication of the UE’s capabilities to support GERAN and UTRAN access restrictions.
  • the UE 401 sends an initial NAS message that includes an information element (IE) that indicates support of network access restriction enforcement capability.
  • the network access restriction enforcement capability(ies) IE may contain information to indicate support of GERAN and UTRAN access restrictions.
  • the initial NAS message to the AMF 407 in la may be an initial registration request message, a mobility registration update request message, or a service request message.
  • the network may initiate and run primary authentication with the UE 401 to perform mutual authentication (e.g., using EAP-AKA’, 5G AKA, or another EAP method) (see messaging 404).
  • the AMF 407 may fetch subscription data from the UDM by sending a Nudm SubscriberDataManagement (SDM) get request or using a Nudm service operation message with subscription permanent identifier (SUPI) and network access restriction enforcement capability (if received in la).
  • SDM Nudm SubscriberDataManagement
  • SUPI subscription permanent identifier
  • the UDM/UDR manages GERAN and UTRAN access restrictions as part of the network access restriction requirements for the UE(s) in the subscription data (e.g., as part of UE access and mobility context).
  • the UDM sends a Nudm SDM Get Response message, which includes the network access restriction information (UTRAN access restricted/not allowed, GERAN access restricted/not allowed) along with the other subscription data.
  • the AMF 207 is configured with the network access restriction information.
  • the AMF 407 locally stores the UE’s support of network access restriction enforcement capability (received in la) along with the network access restriction information (fetched from the UDM or locally configured in the AMF 407), in the UE context.
  • the UE 401 is connected to the network and may consume services. At a later time, a handover may be initiated by the gNB/eNB 403, 405 (e.g., due to UE mobility or signal weakness).
  • the gNB/eNB 403, 405 sends a Handover Required message to the AMF 407, including the UE’s identity.
  • the AMF 407 derives a new KASME SRVCC key using the KAMF key and the current downlink 5G NAS COUNT of the current 5G security context, e.g., as described in clause A.21 of TS 33.501 (incorporated herein by reference).
  • the AMF 407 increases the downlink 5G NAS COUNT by one.
  • the AMF 407 stores and manages the UE’s support of network access restriction enforcement capability (received in la) along with the network access restriction information (fetched from UDM or locally configured in AMF), in the UE context as described in la. Further, if the AMF 407 has the network access restriction information (GERAN access restrictions and/or UTRAN access restrictions) for the UE 401, the AMF 407 provides the network access restriction information to the MME_SRVCC 409 to prevent subsequent handovers/mobility to the 3G or 2G network as indicated in the network access restriction information.
  • a GERAN access restriction can indicate a GERAN access not allowed/restricted and a UTRAN access restrictions can indicate a UTRAN access not allowed/restricted.
  • the AMF 407 assigns the value of ngKSI to the eKSI (maps ngKSI to eKSI) and transfers the new KASME SRVCC key, UE’s support of network access restriction enforcement capability, network access restriction information e.g., UTRAN access not allowed indication/restricted (if available/configured) and/or GERAN access not allowed indication/restricted (if available/ configured), and the UE security capability to the MME_SRVCC 409 via forward relocation request message.
  • network access restriction information e.g., UTRAN access not allowed indication/restricted (if available/configured) and/or GERAN access not allowed indication/restricted (if available/ configured
  • the MME_SRVCC 409 determines if SRVCC is allowed to the 3G/2G based on the received network access restriction information e.g., UTRAN access not allowed/restricted and/or GERAN access not allowed/re stricted .
  • an operator may have decommissioned the 2G network and so 3b may include an indication that GERAN is not allowed/restricted. If the MME_SRVCC 409 received a GERAN access not allowed indication, then the MME_SRVCC 409 performs SRVCC to 3G e.g., UTRAN, if needed, and performs 4 to 10b.
  • 3G e.g., UTRAN
  • the MME_SRVCC 409 derives the CKSRVCC, IKSRVCC based on the new KASME SRVCC key, e.g., as in clause A. 12 in TS 33.401 (incorporated herein by reference) using a downlink NAS COUNT of zero.
  • the MME_SRVCC assigns the value of eKSI to KSISRVCC (maps eKSI to KSISRVCC) and transfers CKSRVCC, IKSRVCC with KSISRVCC, the UE security capability, UE’s support of network access restriction enforcement capability and the GERAN access not allowed/restricted indication to the mobile switching center (MSC) server 411 in packet switched (PS) to circuit switched (CS) handover (HO) request message.
  • MSC mobile switching center
  • PS packet switched
  • CS circuit switched
  • the MSC server 411 receives the network access restriction information (e.g., GERAN access not allowed/restricted indication) from the MME_SRVCC 409, the MSC server 411 stores the network access restriction information as part of the UE context. Further based on the received network access restriction information, the MSC server 411 performs an action such as not initiating an inter-RAT handover to GERAN and/or not initiating SRVCC related handover to 2G.
  • the network access restriction information e.g., GERAN access not allowed/restricted indication
  • the MSC server 411 sends the PS to CS HO response message to the MME_SRVCC 409.
  • the MME_SRVCC 409 sends the forward relocation response message to the AMF 407.
  • the AMF 407 sends the HO command to the gNB 403, in which the AMF 407 includes the 4 LSBs of the downlink NAS COUNT used to calculate KASME SRVCC, GERAN access restriction information (e.g., GERAN access not allowed/restricted indication).
  • GERAN access restriction information e.g., GERAN access not allowed/restricted indication
  • the gNB 403 sends the HO command to the UE 401, in which the gNB 403 includes the 4 LSB of the downlink NAS COUNT and GERAN access restriction information (e.g., GERAN access not allowed/restricted indication) received from the AMF 407.
  • GERAN access restriction information e.g., GERAN access not allowed/restricted indication
  • the gNB 403/eNB 405 if the gNB 403/eNB 405 receives the network access restriction information (GERAN access not allowed/restricted indication) from the AMF 407, the gNB 403/eNB 405 stores the network access restriction information as part of the UE context along with 5G-GUTI, RNTI, and TMSI. Further, based on the received network access restriction information, the RAN performs an action including not initiating an inter-RAT handover to GERAN and not initiating SRVCC from 5G to 2G.
  • the network access restriction information GERAN access not allowed/restricted indication
  • the UE 401 when the UE 401 receives the message, the UE 401 derives the new KASME SRVCC key, e.g., as described in Annex A.21 of TS 33.501 (incorporated herein by reference) using the KA F key and the downlink 5G NAS COUNT estimated from the 4 LSB received form the AMF 407.
  • the UE 401 derives CKSRVCC, IKSRVCC based on the new KAS E SRVCC key, e.g., as described in the clause A. 12 in TS 33.401 (incorporated herein by reference) using a downlink NAS COUNT of zero.
  • the UE 401 stores the network access restriction information (GERAN access restricted/not allowed) if received in the handover command and determines not to select GERAN access (2G) (e.g., even if the 5G signal or 4G/3G signal is not available and the UE 401 waits until the 5G/4G/3G signal is available to prevent a bidding down attack.
  • 2G GERAN access restricted/not allowed
  • the UE connects to 3G e.g., UTRAN).
  • the MME_SRVCC 409 if the MME_SRVCC 409 received both GERAN access restriction and UTRAN access restrictions in 3a, then the MME_SRVCC 409 initiates SI handover for the UE 401 and does not perform a handover/SRVCC to 3G as well as 2G.
  • 2G and 3G are both decommissioned, 12a to 19 are performed for Case 2 e.g., SI handover.
  • the target MME 409 when the target MME 409 receives a Forward Relocation Request message from source AMF 407 (in 3a), then the target MME 409 initiates SI handover as SRVCC to 3G/2G cannot be allowed as described in 11, and shall derive EPS NAS keys (e.g., from the received KASME' key with the received EPS NAS security algorithm identifiers as input, to be used in EPC, e.g., as described in Annex A.7 in TS 33.401 (incorporated herein by reference).
  • EPS NAS keys e.g., from the received KASME' key with the received EPS NAS security algorithm identifiers as input, to be used in EPC, e.g., as described in Annex A.7 in TS 33.401 (incorporated herein by reference).
  • the UE security capabilities in one embodiment, including the UE EPS security capabilities received from the source AMF 407 and the UE’s support of network access restriction enforcement capability can be sent in this message.
  • the eNB 405 upon receipt of the SI HANDOVER REQUEST from the target MME 409, if the eNB 405 received the UTRAN access not allowed indication, the GERAN access not allowed indication, and the UE’s support of network access restriction enforcement capability in the SI HANDOVER REQUEST, the eNB 405 stores them along with the UE context.
  • the eNB 405 performs an action including not initiating an inter-RAT handover to UTRAN/GERAN, not initiating SRVCC from 5G/4G to 3G or 2G, and provisioning the network access restriction information (UTRAN access restricted/not allowed, GERAN access restricted/not allowed indications) to the UE 401.
  • the target eNB 405 upon receipt of the SI HANDOVER REQUEST from the target MME 409, the target eNB 405 selects AS security algorithms from the UE EPS security capabilities, e.g., as described in clause 7.2.4.2.3 in TS 33.401 (incorporated herein by reference) and computes the KeNB to be used with the UE 401 and proceed, e.g., as described in clause 7.2.8.4.3 in TS 33.401 (incorporated herein by reference). The target eNB 405 sends the selected AS security algorithms in the target to source transparent container in the S 1 Handover Request Ack Message to the target MME 409.
  • the target MME 409 shall include the target to source transparent container received from the target eNB 405 in the Forward Relocation Response message sent to the source AMF 407.
  • the source AMF 407 shall include the target to source transparent container, UTRAN access restricted/not allowed indication, GERAN access restricted/not allowed indication (if network access restriction information is available for the UE 401), and the 8 LSB of the downlink NAS COUNT value used in KASME derivation in 2, in the handover command sent to the source gNB 403/eNB 405.
  • the source gNB 403/eNB 405 shall include the target to source transparent container, UTRAN access restricted/not allowed indication, GERAN access restricted/not allowed indication, and the 8 LSB of the downlink NAS COUNT value in the handover command sent to the UE 401.
  • the source gNB 403/eNB 405 receives the network access restriction information (UTRAN access restricted, GERAN access restricted) from AMF 407, it is stored in the gNB 403/eNB 405 as part of the UE context along with 5G- GUTI, RNTI, and TMSI. Further, based on the received network access restriction information, the RAN determines to perform an action including not initiating an inter- RAT handover to UTRAN/GERAN and not initiating SRVCC from 4G to 3G or 2G.
  • the network access restriction information UTRAN access restricted, GERAN access restricted
  • the UE 401 upon reception of the Handover Command message, estimates the downlink NAS COUNT value using the received 8 LSB of the downlink NAS COUNT value and its stored downlink NAS COUNT value. The UE 401 shall ensure that the estimated downlink NAS COUNT value is greater than the stored downlink NAS COUNT value. Then, the UE 401 shall derive the mapped EPS security context, e.g., derive KASME' from KAMF e.g., as described in clause 8.6.1 of TS 33.501 (incorporated herein by reference) using the estimated downlink 5G NAS COUNT value. After the derivation, the UE 401 shall set the downlink NAS COUNT value in the 5G NAS security context to the received downlink NAS COUNT value.
  • the mapped EPS security context e.g., derive KASME' from KAMF e.g., as described in clause 8.6.1 of TS 33.501 (incorporated herein by reference
  • the eKSI for the newly derived KASME' key is defined, e.g., as described in clause 8.6. 1 of TS 33.501 (incorporated herein by reference).
  • the UE 401 shall also derive the EPS NAS keys (e.g., KNASenc and KNASint) as the MME 409 did in 4a using the EPS NAS security algorithm identifiers stored in the UE 401 and provisioned by the AMF 407 to the UE 401 in 5G NAS SMC in earlier 5G access.
  • the UE 401 shall also derive the initial K 6 NB from the KAS E' and the uplink NAS COUNT, e.g., as specified in Annex A.3 of TS 33.401 (incorporated herein by reference) using 2 32 -l as the value of the uplink NAS COUNT parameter.
  • the UE 401 shall derive the AS RRC keys and the AS UP keys based on the IQNB and the received AS EPS security algorithms identifiers selected by the target eNB 405, e.g., as described in Annex A.7 in TS 33.401 (incorporated herein by reference).
  • the uplink and downlink EPS NAS COUNT associated with the derived EPS NAS keys are set to the values, e.g., as described in clause 8.6.1 (incorporated herein by reference).
  • the UE 401 shall immediately use the newly created mapped EPS security context, both for NAS and AS communication.
  • the UE 401 also stores the network access restriction information (UTRAN access restricted/not allowed, GERAN access restricted/not allowed) if received in the handover command and determines not to select UTRAN access (3G) or GERAN access (2G) (e.g., even if the 5G signal or 4G signal is not available and the UE 401 waits until the 5G/4G signal is available to prevent a bidding down attack.
  • the UE connects to 4G i.e., LTE/E -UTRAN).
  • the UE 401 sends the Handover Complete message to the target eNB 405.
  • the UE 401 shall cipher and integrity protect this message using the newly created mapped EPS security context.
  • the target eNB 405 notifies the target MME 409 with a Handover Notify message.
  • the UE 401 after successful completion of the Handover procedure, the UE 401 shall delete any mapped 5G security context. In further embodiments, after deleting the mapped 5G security context, if the UE 401 has a full non-current native 5G NAS security context, then the UE 401 shall make the non-current native 5G NAS security context the current one.
  • FIG. 5 illustrates an example of a UE 500 in accordance with aspects of the present disclosure.
  • the UE 500 may include a processor 502, a memory 504, a controller 506, and a transceiver 508.
  • the processor 502, the memory 504, the controller 506, or the transceiver 508, or various combinations thereof or various components thereof may be examples of means for performing various aspects of the present disclosure as described herein. These components may be coupled (e.g., operatively, communicatively, functionally, electronically, electrically) via one or more interfaces.
  • the processor 502, the memory 504, the controller 506, or the transceiver 508, or various combinations or components thereof may be implemented in hardware (e.g., circuitry).
  • the hardware may include a processor, a digital signal processor (DSP), an application-specific integrated circuit (ASIC), or other programmable logic device, or any combination thereof configured as or otherwise supporting a means for performing the functions described in the present disclosure.
  • DSP digital signal processor
  • ASIC application-specific integrated circuit
  • the processor 502 may include an intelligent hardware device (e.g., a general- purpose processor, a DSP, a CPU, an ASIC, an FPGA, or any combination thereof). In some implementations, the processor 502 may be configured to operate the memory 504. In some other implementations, the memory 504 may be integrated into the processor 502. The processor 502 may be configured to execute computer-readable instructions stored in the memory 504 to cause the UE 500 to perform various functions of the present disclosure.
  • an intelligent hardware device e.g., a general- purpose processor, a DSP, a CPU, an ASIC, an FPGA, or any combination thereof.
  • the processor 502 may be configured to operate the memory 504. In some other implementations, the memory 504 may be integrated into the processor 502.
  • the processor 502 may be configured to execute computer-readable instructions stored in the memory 504 to cause the UE 500 to perform various functions of the present disclosure.
  • the memory 504 may include volatile or non-volatile memory.
  • the memory 504 may store computer-readable, computer-executable code including instructions when executed by the processor 502 cause the UE 500 to perform various functions described herein.
  • the code may be stored in a non-transitory computer-readable medium such the memory 504 or another type of memory.
  • Computer-readable media includes both non- transitory computer storage media and communication media including any medium that facilitates transfer of a computer program from one place to another.
  • a non-transitory storage medium may be any available medium that may be accessed by a general-purpose or special-purpose computer.
  • the processor 502 and the memory 504 coupled with the processor 502 may be configured to cause the UE 500 to perform one or more of the functions described herein (e.g., executing, by the processor 502, instructions stored in the memory 504).
  • the processor 502 may support wireless communication at the UE 500 in accordance with examples as disclosed herein.
  • the controller 506 may manage input and output signals for the UE 500.
  • the controller 506 may also manage peripherals not integrated into the UE 500.
  • the controller 506 may utilize an operating system such as iOS®, ANDROID®, WINDOWS®, or other operating systems.
  • the controller 506 may be implemented as part of the processor 502.
  • the UE 500 may include at least one transceiver 508. In some other implementations, the UE 500 may have more than one transceiver 508.
  • the transceiver 508 may represent a wireless transceiver.
  • the transceiver 508 may include one or more receiver chains 510, one or more transmitter chains 512, or a combination thereof.
  • a receiver chain 510 may be configured to receive signals (e.g., control information, data, packets) over a wireless medium.
  • the receiver chain 510 may include one or more antennas for receiving the signal over the air or wireless medium.
  • the receiver chain 510 may include at least one amplifier (e.g., a low-noise amplifier (LNA)) configured to amplify the received signal.
  • the receiver chain 510 may include at least one demodulator configured to demodulate the received signal and obtain the transmitted data by reversing the modulation technique applied during transmission of the signal.
  • the receiver chain 510 may include at least one decoder for decoding and processing the demodulated signal to receive the transmitted data.
  • a transmitter chain 512 may be configured to generate and transmit signals (e.g., control information, data, packets).
  • the transmitter chain 512 may include at least one modulator for modulating data onto a carrier signal, preparing the signal for transmission over a wireless medium.
  • the at least one modulator may be configured to support one or more techniques such as amplitude modulation (AM), frequency modulation (FM), or digital modulation schemes like phase-shift keying (PSK) or quadrature amplitude modulation (QAM).
  • the transmitter chain 512 may also include at least one power amplifier configured to amplify the modulated signal to an appropriate power level suitable for transmission over the wireless medium.
  • the transmitter chain 512 may also include one or more antennas for transmitting the amplified signal into the air or wireless medium.
  • FIG. 6 illustrates an example of a processor 600 in accordance with aspects of the present disclosure.
  • the processor 600 may be an example of a processor configured to perform various operations in accordance with examples as described herein.
  • the processor 600 may include a controller 602 configured to perform various operations in accordance with examples as described herein.
  • the processor 600 may optionally include at least one memory 604, which may be, for example, an L1/L2/L3 cache. Additionally, or alternatively, the processor 600 may optionally include one or more arithmetic -logic units (ALUs) 606.
  • ALUs arithmetic -logic units
  • One or more of these components may be in electronic communication or otherwise coupled (e.g., operatively, communicatively, functionally, electronically, electrically) via one or more interfaces (e.g., buses).
  • the processor 600 may be a processor chipset and include a protocol stack (e.g., a software stack) executed by the processor chipset to perform various operations (e.g., receiving, obtaining, retrieving, transmitting, outputting, forwarding, storing, determining, identifying, accessing, writing, reading) in accordance with examples as described herein.
  • a protocol stack e.g., a software stack
  • operations e.g., receiving, obtaining, retrieving, transmitting, outputting, forwarding, storing, determining, identifying, accessing, writing, reading
  • the processor chipset may include one or more cores, one or more caches (e.g., memory local to or included in the processor chipset (e.g., the processor 600) or other memory (e.g., random access memory (RAM), read-only memory (ROM), dynamic RAM (DRAM), synchronous dynamic RAM (SDRAM), static RAM (SRAM), ferroelectric RAM (FeRAM), magnetic RAM (MRAM), resistive RAM (RRAM), flash memory, phase change memory (PCM), and others).
  • RAM random access memory
  • ROM read-only memory
  • DRAM dynamic RAM
  • SDRAM synchronous dynamic RAM
  • SRAM static RAM
  • FeRAM ferroelectric RAM
  • MRAM magnetic RAM
  • RRAM resistive RAM
  • flash memory phase change memory
  • PCM phase change memory
  • the controller 602 may be configured to manage and coordinate various operations (e.g., signaling, receiving, obtaining, retrieving, transmitting, outputting, forwarding, storing, determining, identifying, accessing, writing, reading) of the processor 600 to cause the processor 600 to support various operations in accordance with examples as described herein.
  • the controller 602 may operate as a control unit of the processor 600, generating control signals that manage the operation of various components of the processor 600. These control signals include enabling or disabling functional units, selecting data paths, initiating memory access, and coordinating timing of operations.
  • the controller 602 may be configured to fetch (e.g., obtain, retrieve, receive) instructions from the memory 604 and determine subsequent instruction(s) to be executed to cause the processor 600 to support various operations in accordance with examples as described herein.
  • the controller 602 may be configured to track memory address of instructions associated with the memory 604.
  • the controller 602 may be configured to decode instructions to determine the operation to be performed and the operands involved.
  • the controller 602 may be configured to interpret the instruction and determine control signals to be output to other components of the processor 600 to cause the processor 600 to support various operations in accordance with examples as described herein.
  • the controller 602 may be configured to manage flow of data within the processor 600.
  • the controller 602 may be configured to control transfer of data between registers, arithmetic logic units (ALUs), and other functional units of the processor 600.
  • ALUs arithmetic logic units
  • the memory 604 may include one or more caches (e.g., memory local to or included in the processor 600 or other memory, such RAM, ROM, DRAM, SDRAM, SRAM, MRAM, flash memory, etc. In some implementations, the memory 604 may reside within or on a processor chipset (e.g., local to the processor 600). In some other implementations, the memory 604 may reside external to the processor chipset (e.g., remote to the processor 600). [0155] The memory 604 may store computer-readable, computer-executable code including instructions that, when executed by the processor 600, cause the processor 600 to perform various functions described herein. The code may be stored in a non-transitory computer-readable medium such as system memory or another type of memory.
  • the controller 602 and/or the processor 600 may be configured to execute computer-readable instructions stored in the memory 604 to cause the processor 600 to perform various functions.
  • the processor 600 and/or the controller 602 may be coupled with or to the memory 604, the processor 600, the controller 602, and the memory 604 may be configured to perform various functions described herein.
  • the processor 600 may include multiple processors and the memory 604 may include multiple memories. One or more of the multiple processors may be coupled with one or more of the multiple memories, which may, individually or collectively, be configured to perform various functions herein.
  • the one or more ALUs 606 may be configured to support various operations in accordance with examples as described herein.
  • the one or more ALUs 606 may reside within or on a processor chipset (e.g., the processor 600).
  • the one or more ALUs 606 may reside external to the processor chipset (e.g., the processor 600).
  • One or more ALUs 606 may perform one or more computations such as addition, subtraction, multiplication, and division on data.
  • one or more ALUs 606 may receive input operands and an operation code, which determines an operation to be executed.
  • One or more ALUs 606 be configured with a variety of logical and arithmetic circuits, including adders, subtractors, shifters, and logic gates, to process and manipulate the data according to the operation. Additionally, or alternatively, the one or more ALUs 606 may support logical operations such as AND, OR, exclusive-OR (XOR), not-OR (NOR), and not-AND (NAND), enabling the one or more ALUs 606 to handle conditional operations, comparisons, and bitwise operations.
  • logical operations such as AND, OR, exclusive-OR (XOR), not-OR (NOR), and not-AND (NAND)
  • the processor 600 may support wireless communication in accordance with examples as disclosed herein.
  • the processor 600 may be configured to or operable to support a means to receive an indication of a network access restriction enforcement capability of a UE, receive a handover request for the UE, determine network access restriction information for the UE, transmit the network access restriction information to a network entity associated with a different network, and transmit a handover command comprising the network access restriction information to a base station associated with the UE for processing the handover request according to the network access restriction information.
  • the processor 600 may be configured to or operable to support a means to receive an indication of a network access restriction enforcement capability of a UE from a network entity, receive network access restriction information for the UE from the network entity, and apply at least one network access restriction based on the received indication of the network access restriction enforcement capability of the UE and the received network access restriction information for the UE.
  • the processor 600 may be configured to or operable to support a means to receive network access restriction information for a UE, store the network access restriction information, and apply at least one network access restriction based on the received network access restriction information for the UE.
  • FIG. 7 illustrates an example of a NE 700 in accordance with aspects of the present disclosure.
  • the NE 700 may include a processor 702, a memory 704, a controller 706, and a transceiver 708.
  • the processor 702, the memory 704, the controller 706, orthe transceiver 708, or various combinations thereof or various components thereof may be examples of means for performing various aspects of the present disclosure as described herein. These components may be coupled (e.g., operatively, communicatively, functionally, electronically, electrically) via one or more interfaces.
  • the processor 702, the memory 704, the controller 706, or the transceiver 708, or various combinations or components thereof may be implemented in hardware (e.g., circuitry).
  • the hardware may include a processor, a digital signal processor (DSP), an application-specific integrated circuit (ASIC), or other programmable logic device, or any combination thereof configured as or otherwise supporting a means for performing the functions described in the present disclosure.
  • DSP digital signal processor
  • ASIC application-specific integrated circuit
  • the NE 700 may be configured to support a means to receive an indication of a network access restriction enforcement capability of a UE, receive a handover request for the UE, determine network access restriction information for the UE, transmit the network access restriction information to a network entity associated with a different network, and transmit a handover command comprising the network access restriction information to a base station associated with the UE for processing the handover request according to the network access restriction information.
  • the indication of the network access restriction enforcement capability of the UE indicates whether the UE supports GERAN access restrictions, UTRAN access restrictions, or a combination thereof.
  • the NE 700 may be configured to support a means to send a relocation request comprising the network access restriction information to the network entity.
  • the network access restriction information comprises information determining whether handover for the UE is allowed for access to a GERAN, a UTRAN, or a combination thereof.
  • the network entity comprises an MME of an EPS.
  • the indication of a network access restriction enforcement capability of the UE is received from the network entity as part of a TAU request message associated with the UE.
  • the NE 700 may be configured to support a means to transmit the network access restriction information to a RAN associated with the UE to enforce the network access restriction for the UE at the RAN.
  • the NE 700 may be configured to support a means to transmit the indication of a network access restriction enforcement capability of the UE and the network access restriction information for the UE to an MME.
  • the NE 700 may be configured to support a means to receive an indication of a network access restriction enforcement capability of a UE from a network entity, receive network access restriction information for the UE from the network entity, and apply at least one network access restriction based on the received indication of the network access restriction enforcement capability of the UE and the received network access restriction information for the UE.
  • the indication of the network access restriction enforcement capability of the UE indicates whether the UE supports GERAN access restrictions, UTRAN access restrictions, or a combination thereof.
  • the NE 700 may be configured to support a means to store the network access restriction information for the UE as part of a UE context. [0172] In one embodiment, the NE 700 may be configured to support a means to apply the at least one network access restriction by not initiating inter-RAT handover to GERAN, UTRAN, or a combination thereof.
  • the NE 700 may be configured to support a means to apply the at least one network access restriction by not initiating or forwarding relocation requests related to SRVCC for handover to GERAN, UTRAN, or a combination thereof.
  • the NE 700 may be configured to support a means to transmit the network access restriction information to a RAN associated with the UE to enforce the network access restriction for the UE at the RAN.
  • the NE 700 may be configured to support a means to transmit the network access restriction information to an eNB base station in the RAN in an SI message.
  • the NE 700 may be configured to support a means to indicate to the eNB in an S 1 handover request message that a GERAN and a UTRAN are decommissioned to prevent handover to the GERAN and UTRAN.
  • the NE 700 may be configured to support a means to transmit the network access restriction information to the UE in a secured NAS message.
  • the NE 700 may be configured to support a means to transmit the network access restriction information to the UE in a TAU accept message.
  • the NE 700 may be configured to support a means to transmit the network access restriction information and the indication of a network access restriction enforcement capability of the UE to an eNB.
  • the NE 700 may be configured to support a means to receive network access restriction information for a UE, store the network access restriction information, and apply at least one network access restriction based on the received network access restriction information for the UE.
  • the network access restriction information comprises an indication of whether the UE is allowed to access a GERAN, a UTRAN, or a combination thereof.
  • the NE 700 may be configured to support a means to apply the at least one network access restriction by not initiating inter-RAT handover to GERAN, UTRAN, or a combination thereof.
  • the NE 700 may be configured to support a means to apply the at least one network access restriction by not initiating or forwarding relocation requests related to SRVCC for handover to GERAN, UTRAN, or a combination thereof.
  • the NE 700 may be configured to support a means to receive the network access restriction information in an SI message from an MME of an EPS.
  • the NE is a base station that comprises an eNB or a gNB.
  • the processor 702 may include an intelligent hardware device (e.g., a general- purpose processor, a DSP, a CPU, an ASIC, an FPGA, or any combination thereof). In some implementations, the processor 702 may be configured to operate the memory 704. In some other implementations, the memory 704 may be integrated into the processor 702. The processor 702 may be configured to execute computer-readable instructions stored in the memory 704 to cause the NE 700 to perform various functions of the present disclosure.
  • an intelligent hardware device e.g., a general- purpose processor, a DSP, a CPU, an ASIC, an FPGA, or any combination thereof.
  • the processor 702 may be configured to operate the memory 704. In some other implementations, the memory 704 may be integrated into the processor 702.
  • the processor 702 may be configured to execute computer-readable instructions stored in the memory 704 to cause the NE 700 to perform various functions of the present disclosure.
  • the memory 704 may include volatile or non-volatile memory.
  • the memory 704 may store computer-readable, computer-executable code including instructions when executed by the processor 702 causes the NE 700 to perform various functions described herein.
  • the code may be stored in a non-transitory computer-readable medium such the memory 704 or another type of memory.
  • Computer-readable media includes both non- transitory computer storage media and communication media including any medium that facilitates transfer of a computer program from one place to another.
  • a non-transitory storage medium may be any available medium that may be accessed by a general-purpose or special-purpose computer.
  • the processor 702 and the memory 704 coupled with the processor 702 may be configured to cause the NE 700 to perform one or more of the functions described herein (e.g., executing, by the processor 702, instructions stored in the memory 704).
  • the processor 702 may support wireless communication at the NE 700 in accordance with examples as disclosed herein.
  • the controller 706 may manage input and output signals for the NE 700.
  • the controller 706 may also manage peripherals not integrated into the NE 700.
  • the controller 706 may utilize an operating system such as iOS®, ANDROID®, WINDOWS®, or other operating systems.
  • the controller 706 may be implemented as part of the processor 702.
  • the NE 700 may include at least one transceiver 708. In some other implementations, the NE 700 may have more than one transceiver 708.
  • the transceiver 708 may represent a wireless transceiver.
  • the transceiver 708 may include one or more receiver chains 710, one or more transmitter chains 712, or a combination thereof.
  • a receiver chain 710 may be configured to receive signals (e.g., control information, data, packets) over a wireless medium.
  • the receiver chain 710 may include one or more antennas for receiving the signal over the air or wireless medium.
  • the receiver chain 710 may include at least one amplifier (e.g., a low-noise amplifier (LNA)) configured to amplify the received signal.
  • the receiver chain 710 may include at least one demodulator configured to demodulate the received signal and obtain the transmitted data by reversing the modulation technique applied during transmission of the signal.
  • the receiver chain 710 may include at least one decoder for decoding and processing the demodulated signal to receive the transmitted data.
  • a transmitter chain 712 may be configured to generate and transmit signals (e.g., control information, data, packets).
  • the transmitter chain 712 may include at least one modulator for modulating data onto a carrier signal, preparing the signal for transmission over a wireless medium.
  • the at least one modulator may be configured to support one or more techniques such as amplitude modulation (AM), frequency modulation (FM), or digital modulation schemes like phase-shift keying (PSK) or quadrature amplitude modulation (QAM).
  • the transmitter chain 712 may also include at least one power amplifier configured to amplify the modulated signal to an appropriate power level suitable for transmission over the wireless medium.
  • the transmitter chain 712 may also include one or more antennas for transmitting the amplified signal into the air or wireless medium.
  • Figure 8 illustrates a flowchart of a method in accordance with aspects of the present disclosure.
  • the operations of the method may be implemented by an NE as described herein.
  • the NE may execute a set of instructions to control the function elements of the NE to perform the described functions.
  • the method may receive an indication of a network access restriction enforcement capability of a UE.
  • the operations of 802 may be performed in accordance with examples as described herein. In some implementations, aspects of the operations of 802 may be performed by an NE as described with reference to Figure 7.
  • the method may receive a handover request for the UE.
  • the operations of 804 may be performed in accordance with examples as described herein. In some implementations, aspects of the operations of 804 may be performed by an NE as described with reference to Figure 7.
  • the method may determine network access restriction information for the UE.
  • the operations of 806 may be performed in accordance with examples as described herein. In some implementations, aspects of the operations of 806 may be performed by an NE as described with reference to Figure 7.
  • the method may transmit the network access restriction information to a network entity associated with a different network.
  • the operations of 808 may be performed in accordance with examples as described herein. In some implementations, aspects of the operations of 808 may be performed by an NE as described with reference to Figure 7.
  • the method may transmit a handover command comprising the network access restriction information to a base station associated with the UE for processing the handover request according to the network access restriction information.
  • the operations of 810 may be performed in accordance with examples as described herein. In some implementations, aspects of the operations of 810 may be performed by an NE as described with reference to Figure 7.
  • Figure 9 illustrates a flowchart of a method in accordance with aspects of the present disclosure.
  • the operations of the method may be implemented by an NE as described herein.
  • the NE may execute a set of instructions to control the function elements of the NE to perform the described functions.
  • the method may receive an indication of a network access restriction enforcement capability of a UE from a network entity.
  • the operations of 902 may be performed in accordance with examples as described herein. In some implementations, aspects of the operations of 902 may be performed by an NE as described with reference to Figure 7.
  • the method may receive network access restriction information for the UE from the network entity.
  • the operations of 904 may be performed in accordance with examples as described herein. In some implementations, aspects of the operations of 904 may be performed by an NE as described with reference to Figure 7.
  • the method may apply at least one network access restriction based on the received indication of the network access restriction enforcement capability of the UE and the received network access restriction information for the UE.
  • the operations of 906 may be performed in accordance with examples as described herein. In some implementations, aspects of the operations of 906 may be performed by an NE as described with reference to Figure 7.
  • Figure 10 illustrates a flowchart of a method in accordance with aspects of the present disclosure.
  • the operations of the method may be implemented by a NE as described herein.
  • the NE may execute a set of instructions to control the function elements of the NE to perform the described functions.
  • the method may receive network access restriction information for a UE.
  • the operations of 1002 may be performed in accordance with examples as described herein. In some implementations, aspects of the operations of 1002 may be performed by a NE as described with reference to Figure 7.
  • the method may store the network access restriction information.
  • the operations of 1004 may be performed in accordance with examples as described herein. In some implementations, aspects of the operations of 1004 may be performed by a NE as described with reference to Figure 7.
  • the method may apply at least one network access restriction based on the received network access restriction information for the UE.
  • the operations of 1006 may be performed in accordance with examples as described herein. In some implementations, aspects of the operations of 1006 may be performed by a NE as described with reference to Figure 7. [0207] It should be noted that the method described herein describes A possible implementation, and that the operations and the steps may be rearranged or otherwise modified and that other implementations are possible.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Divers aspects de la présente divulgation concernent des techniques pour empêcher des attaques de dégradation de protection. Une entité de réseau (NE) est configurée pour recevoir une indication d'une capacité d'application de restriction d'accès au réseau d'un UE, recevoir une demande de transfert pour l'UE, déterminer des informations de restriction d'accès au réseau pour l'UE, transmettre les informations de restriction d'accès au réseau à une entité de réseau associée à un réseau différent, et transmettre une instruction de transfert comprenant les informations de restriction d'accès au réseau à une station de base associée à l'UE pour traiter la demande de transfert selon les informations de restriction d'accès au réseau.
PCT/IB2025/050667 2024-01-23 2025-01-22 Techniques pour permettre des restrictions d'accès au réseau héritées Pending WO2025114991A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US202463624226P 2024-01-23 2024-01-23
US63/624,226 2024-01-23

Publications (1)

Publication Number Publication Date
WO2025114991A1 true WO2025114991A1 (fr) 2025-06-05

Family

ID=94598442

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2025/050667 Pending WO2025114991A1 (fr) 2024-01-23 2025-01-22 Techniques pour permettre des restrictions d'accès au réseau héritées

Country Status (1)

Country Link
WO (1) WO2025114991A1 (fr)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020152319A1 (en) * 2001-02-08 2002-10-17 Amin Rajesh B. Accounting management support based on QOS in an IP centric distributed network
JP2011234059A (ja) * 2010-04-26 2011-11-17 Kyocera Corp 通信システム、無線基地局、ネットワーク装置、及び通信制御方法
KR20160061904A (ko) * 2013-02-22 2016-06-01 리바다 네트웍스 엘엘씨 동적 스펙트럼 아비트라지 방법 및 시스템

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020152319A1 (en) * 2001-02-08 2002-10-17 Amin Rajesh B. Accounting management support based on QOS in an IP centric distributed network
JP2011234059A (ja) * 2010-04-26 2011-11-17 Kyocera Corp 通信システム、無線基地局、ネットワーク装置、及び通信制御方法
KR20160061904A (ko) * 2013-02-22 2016-06-01 리바다 네트웍스 엘엘씨 동적 스펙트럼 아비트라지 방법 및 시스템

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
WILLIAM FERGUSON: "NSA Security Guidance for Descriptive Name", vol. 3349, 4 October 2023 (2023-10-04), pages 1 - 915, XP068294916, Retrieved from the Internet <URL:https://ieee-sa.imeetcentral.com/p/aQAAAAAFEeul> [retrieved on 20231009] *

Similar Documents

Publication Publication Date Title
US20250112780A1 (en) User equipment parameter update header protection
WO2024245615A1 (fr) Établissement de session de données dans un réseau de communication sans fil
WO2025114991A1 (fr) Techniques pour permettre des restrictions d&#39;accès au réseau héritées
WO2025114990A1 (fr) Techniques pour empêcher des attaques de dégradation de protection
US20250234252A1 (en) Authenticated encryption with associated data (aead) modes during mobility scenarios
US20250233728A1 (en) Authenticated encryption with associated data (aead) modes for non-access stratum (nas) and access stratum (as) security
WO2025123706A1 (fr) Procédés et appareils pour prendre en charge de multiples accès d&#39;un ue à un réseau central
US20250350935A1 (en) Secure transmission of commands to restricted devices
WO2025107663A1 (fr) Procédés et appareils d&#39;un mécanisme d&#39;optimisation de robustesse de mobilité (mro) pour une procédure ultérieure conditionnelle d&#39;ajout ou de changement de cellule de groupe de cellules secondaires primaires (pscell) (cpac)
WO2024159783A1 (fr) Procédé et appareil de gestion de défaillance, d&#39;ajout de trajet et de commutation de trajet dans un scénario à trajets multiples
WO2025241602A1 (fr) Mobilité intra-rat et inter-rat
WO2024250686A1 (fr) Prédiction d&#39;échec de transfert
WO2025145658A1 (fr) Contrôle d&#39;accès d&#39;une cellule ntn
US20250344265A1 (en) Apparatus and Method for Establishing a Direct Communication Connection to a Network Via an Access Point of a Different Network Type
WO2024179019A1 (fr) Procédé et appareil pour une indication de réinitialisation de l2 et une indication de ta mesurée par ue dans un scénario ltm
WO2025035808A1 (fr) Gestion de connexion pc5 de bout en bout dans un relais u2u
WO2025148426A1 (fr) Procédés et appareils de gestion de communication entre un ue distant et un ue relais à sauts multiples
WO2025035789A1 (fr) Détection et mise à jour de dispositif aiot
WO2024146138A1 (fr) Mise à jour de sécurité pour ltm consécutive
US20250159581A1 (en) Ambient internet of things (iot) device integration
WO2025134097A1 (fr) Sélection d&#39;algorithmes cryptographiques uniformes et de tailles de clé pendant des scénarios de mobilité d&#39;équipement utilisateur (ue)
WO2024098839A1 (fr) Ajout de trajet indirect pour communication u2n
US20250350939A1 (en) Authentication and connection establishment for reduced capability devices
WO2025148422A1 (fr) Procédés et appareils pour prendre en charge une mobilité déclenchée par l1/l2 (ltm) conditionnelle
WO2024094228A1 (fr) Procédure de défaillance de trajet indirect en multi-trajet

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 25704648

Country of ref document: EP

Kind code of ref document: A1