Abstract: Disclosed are systems and techniques for wireless communications. For instance, a process may include transmitting a first radio resource control (RRC) message, the first RRC message including a first establishment cause value indicating that an apparatus does not have priority access. The process may also include determining that priority access may be used by the apparatus, transmitting a second RRC message, the second RRC message including a second establishment cause value indicating that the apparatus has priority access, and accessing a wireless network using the priority access.

Abstract: Various aspects of the present disclosure generally relate to wireless communication. In some aspects, a user equipment (UE) may perform a registration procedure with a mobility function of a 5G core network. Accordingly, the UE may derive a main key, associated with a trusted network gateway function, based on the registration procedure. The UE may further determine a root key based on the main key. The UE may derive a first pairwise master key (PMK), associated with a trusted network, from the root key. The UE may communicate with a first access point (AP) for the trusted network. The UE may further derive a second PMK, associated with the second AP, from the first PMK. Numerous other aspects are described.

Abstract: The present disclosure provides techniques that may be applied, for example, for providing network policy information in a secure manner. In some cases, a UE may receive a first message for establishing a secure connection with a network, wherein the first message comprises network policy information, generate a first key based in part on the network policy information, and use the first key to verify the network policy information.

Abstract: One feature pertains to a method that includes establishing a radio communication connection with a first radio access node (RAN) that uses control plane signaling connections to carry user plane data. The method also includes determining that the wireless communication device is experiencing radio link failure (RLF) with the first RAN and that the radio communication connection should be reestablished with a second RAN. A reestablishment request message is transmitted to the second RAN that includes parameters that enable a core network node communicatively coupled to the second RAN to authenticate the wireless communication device and allow or reject reestablishment of the radio communication connection. The parameters include at least a message authentication code (MAC) based in part on one or more bits of a non-access stratum (NAS) COUNT value maintained at the wireless communication device.

Abstract: Certain aspects provide a method for wireless communication. The method generally includes deriving a network specific identifier (NSI) in a network access identifier (NAI) format, the NSI including a network identifier (NID) stored at the UE, generating a subscription concealed identifier (SUCI) based on the NSI for authentication of the UE with a non-public network (NPN), and sending the SUCI to a network entity for the authentication of the UE with the NPN.

Abstract: The present disclosure provides techniques that may be applied, for example, for providing network policy information in a secure manner. In some cases, a UE may receive a first message for establishing a secure connection with a network, wherein the first message comprises network policy information, generate a first key based in part on the network policy information, and use the first key to verify the network policy information.

Abstract: Methods, apparatuses, and computer-readable storage medium for encrypting discovery messages are provided. An example method at a first UE may include obtaining a discovery message that is ciphered based on at least one of a ciphering key, a ciphering algorithm, or a first set of time parameters, where the discovery message is scrambled based on at least one of a scrambling key, a scrambling algorithm, or a second set of time parameters. An example method may also include descrambling the discovery message based on at least one of the scrambling key, the scrambling algorithm, or the second set of time parameters. An example method may also include deciphering the discovery message based on at least one of the ciphering key, the ciphering algorithm, or the first set of time parameters.

Abstract: Various aspects of the present disclosure generally relate to wireless communication. In some aspects, a user equipment (UE) may register to a cellular network associated with a multicast/broadcast multimedia service (MBMS). The UE may transmit, to the cellular network, a request to join the MBMS. The UE may receive, from the cellular network and based at least in part on being registered with the cellular network, a response that indicates an MBMS service key (MSK) and MSK identifier pair. Numerous other aspects are described.

Abstract: Methods, systems, and devices for wireless communications are described. A first parent node of a wireless backhaul network may receive, from a donor node of the wireless backhaul network, a token for a child node of the wireless backhaul network, the token being unique to a first wireless link between the first parent node and the child node. The first parent node may determine that a triggering event has occurred for a second wireless link between the first parent node and a second parent node. The first parent node may transmit, in response to determining that the triggering event has occurred, the token to the child node over the first wireless link to indicate for the child node to select a third parent node of the wireless backhaul network.

Abstract: Embodiments of systems and methods for securing media stream communications involving an Internet Protocol Multimedia Subsystem (IMS) media communication link and a non-IMS media communication link may include establishing a shared key between the UE and a second UE via the IMS media communication link, and using the shared key to protect communications between the UE and the second UE sent via the non-IMS media communication link.

Abstract: In an aspect, the present disclosure includes a method, apparatus, and computer readable medium for wireless communications for configuring of a NAS COUNT value of a mapped EPS security context associated with an intersystem change of a UE from a 5G system to an EPS. The aspect includes generating, by a UE, a mapped EPS security context associated with an intersystem change of the UE from a 5G system to an EPS, wherein the mapped EPS security context comprises security parameters created based a 5G security context used for the 5G system, the security parameters enabling security-related communications between the UE and a network entity; determining an UL NAS COUNT value and the DL NAS COUNT value for the mapped EPS security context; and transmitting, by the UE, a NAS message to the network entity, the NAS message including the UL NAS COUNT value of the mapped EPS security context.

Abstract: In an aspect, a network supporting a number of client devices includes a network device that generates a context for a client device. The client device context may include network state information for the client device that enables the network to communicate with the client device. The client device may obtain, from a network device that serves a first service area of the network, information that includes a first client device context. The client device may enter a second service area of the network served by a second network device. Instead of performing a service area update procedure with the network, the client device may transmit a packet in the different service area with the information that includes the client device context. The client device may receive a service relocation message including information associated with the different network device in response to the transmission.

Abstract: A user device having a security context with a first network based on a first key may establish a security context with a second network. In a method, the user device may generate a key identifier based on the first key and a network identifier of the second network. The user device may forward the key identifier to the second network for forwarding to the first network by the second network to enable the first network to identify the first key at the first network. The user device may receive a key count from the second network. The key count may be associated with a second key forwarded to the second network from the first network. The user device may generate the second key based on the first key and the received key count thereby establishing a security context between the second network and the user device.

Abstract: In embodiment methods for supporting pre-shared key (PSK) renegotiation, a user equipment (UE) may generate a request message including a first bootstrapping transaction identifier (B-TID), a first PSK namespace identifying a first bootstrapping procedure supported by the UE, and a first correlated PSK namespace indicating PSK renegotiation is supported by the UE for the first bootstrapping procedure, and send the request message to a network device. The network device may determine an indication of a PSK renegotiation for the first correlated PSK namespace in response to determining PSK renegotiation is required for the UE, generate a response message including the indication of the PSK renegotiation for the first correlated PSK namespace, and send the response message to the UE. In response, the UE may perform a bootstrapping procedure to obtain a second B-TID and second (i.e., new) session key (Ks).

Abstract: Various aspects of the present disclosure generally relate to wireless communication. In some aspects, a user equipment (UE) may register to a cellular network associated with a multicast/broadcast multimedia service (MBMS). The UE may transmit, to the cellular network, a request to join the MBMS. The UE may receive, from the cellular network and based at least in part on being registered with the cellular network, a response that indicates an MBMS service key (MSK) and MSK identifier pair. Numerous other aspects are described.

Abstract: In an aspect, the present disclosure includes a method, apparatus, and computer readable medium for wireless communications for configuring of a NAS COUNT value of a mapped EPS security context associated with an intersystem change of a UE from a 5G system to an EPS. The aspect includes generating, by a UE, a mapped EPS security context associated with an intersystem change of the UE from a 5G system to an EPS, wherein the mapped EPS security context comprises security parameters created based a 5G security context used for the 5G system, the security parameters enabling security-related communications between the UE and a network entity; determining an UL NAS COUNT value and the DL NAS COUNT value for the mapped EPS security context; and transmitting, by the UE, a NAS message to the network entity, the NAS message including the UL NAS COUNT value of the mapped EPS security context.

Abstract: This disclosure provides methods, devices and systems for using a pseudonym service set identifier (pSSID) for access point (AP) and station (STA) privacy. For example, a pSSID is included by a STA or AP in place of a persistent SSID for over the air communications used for various functions (such as for the STA to determine the SSID of the AP before connecting to the AP). The pSSID is generated using a hash function that is defined at both the AP and the STA. An input to the hash function includes the SSID. Other inputs may include a temporary media access control (MAC) address of the device generating the pSSID, a time value associated with a time when the pSSID is generated, or a location value associated with a position measurement of the device generating the pSSID.

Abstract: In embodiments of systems and methods for synchronous content presentation, a user equipment (UE) may generate a freshness parameter, generate a unique session key based on a first session key and the freshness parameter, and send the freshness parameter to a Network Application Function (NAF) of a network device in a configuration that will enable the NAF to generate the unique session key. The network device may receive the freshness parameter, receive from a Key Server Function (KSF) the first session key, and generate based on the freshness parameter and the first session key the unique session key. The UE and the network device may then conduct secure communications using the unique session key without exchanging the unique session key between the two devices.

Abstract: This disclosure provides methods, devices and systems for using a variable authentication identifier (AID) for access point (AP) privacy. For example, instead of a persistent SSID, an AID is used by a station (STA) to authenticate the AP before connecting to the AP. The AP is associated with a service set, and the STA has stored a secret token associated with the service set. Before connecting to the AP, a broadcasted probe request from the STA includes no identifying information other than the token. The AP generates the AID from the token and provides the AID in a probe response. The STA is able to identify the AP as being associated with a service set and connect to the AP using the token and AID without the token and the AID being used by another device not associated with the service set to identify the AP.

Abstract: Certain aspects provide a method for wireless communication. The method generally includes deriving a network specific identifier (NSI) in a network access identifier (NAI) format, the NSI including a network identifier (NID) stored at the UE, generating a subscription concealed identifier (SUCI) based on the NSI for authentication of the UE with a non-public network (NPN), and sending the SUCI to a network entity for the authentication of the UE with the NPN.