Abstract: Apparatuses, methods, and systems are disclosed for key-based authentication for a mobile edge computing network. One method (800) includes deriving (805), at a user equipment, a first network key after authentication with a network function of a wireless core network, deriving (810) a second network key based on the first network key, the second network key for a first network function of a mobile edge computing network, sending (815) a registration request message to the first network function of the mobile edge computing network, the registration request message integrity protected with the second network key, receiving (820) a registration response message from the first network function, and, in response to verifying the integrity of the registration response message using the second network key, establishing (825) a secure communication with the first network function of the mobile edge computing network based on the second network key.

Abstract: Apparatuses, methods, and systems are disclosed for determining remote unit behavior parameters. One method includes receiving a message including parameters associated with an application in a remote unit. The method includes determining a first set of parameters including a first portion of the parameters, wherein each parameter of the first set of parameters corresponds to a remote unit behavior. The method includes determining a second set of parameters including a second portion of the parameters, wherein each parameter of the second set of parameters corresponds to a service behavior. The method includes associating the second set of parameters with a data network name, a single network slice selection assistance information, or a combination thereof.

Abstract: Apparatuses, methods, and systems are disclosed for dynamic user equipment identifier assignment. One apparatus includes a transceiver that receives, at a user equipment (“UE”) device, an initial identifier for the UE device from a mobile wireless communication network and a processor that generates a plurality of identifiers for the UE device based on the initial identifier where each of the plurality of identifiers is generated based on a previous identifier to form a chain of identifiers, assigns an identifier that was generated last in the chain of identifiers to the UE device, and periodically assigns a different identifier to the UE device from the chain of identifiers, the different identifier comprising an identifier in the chain of identifiers that is used to generate the identifier that is currently assigned to the UE.

Abstract: Apparatuses, methods, and systems are disclosed for a factor for multiple device registrations. One method includes receiving, at a network device from a first device, a first session initiation protocol message including an identity for establishing a data session. The method includes determining a factor based on a first registration performed by a second device and a second registration performed by a third device. The method includes transmitting a second session initiation protocol message including the identity and the factor to the second device. The method includes establishing the data session between the first device and the second device. The identity is: registered for the first registration; registered for the second registration; not registered for the first registration; not registered for the second registration; or some combination thereof.

Abstract: Apparatuses, methods, and systems are disclosed for determining remote unit behavior parameters. One method includes receiving a message including parameters associated with an application in a remote unit. The method includes determining a first set of parameters including a first portion of the parameters, wherein each parameter of the first set of parameters corresponds to a remote unit behavior. The method includes determining a second set of parameters including a second portion of the parameters, wherein each parameter of the second set of parameters corresponds to a service behavior. The method includes associating the second set of parameters with a data network name, a single network slice selection assistance information, or a combination thereof.

Abstract: Apparatuses, methods, and systems are disclosed for securing communications between user equipment devices. One apparatus includes a processor that derives, at a first user equipment (“UE”) device in communication with a mobile wireless communication network, a security key for securing communications between the first UE and a second UE via the mobile wireless communication network, the security key derived based on at least one parameter associated with the first UE and the second UE. The processor establishes a secure communication between the first UE and the second UE via a first network function of the mobile wireless communication network using the derived security key.

Abstract: Apparatuses, methods, and systems are disclosed for UAS authentication and security establishment. One apparatus includes a transceiver that sends, from a first network function of a mobile wireless communication network, an authentication request message from a user equipment (“UE”) to a UAS Service Supplier (“USS”)/UAS Traffic Management (“UTM”), the UE comprising at least one of an unmanned aerial vehicle (“UAV”) and a UAV controller (“UAV-C”). The transceiver receives, at the first network function from the USS/UTM, an authentication response message comprising a UAS identifier and a UAS security context.

Abstract: Apparatuses, methods, and systems are disclosed for indicating the IMS capability for EPS fallback. One apparatus in a mobile communication network includes a processor and a transceiver that transmits to an IMS network entity a first SIP message comprising a request for establishing a data session, where the first SIP message contains a first contact header field. The transceiver receives a second SIP message from the IMS network entity for establishing the data session, where the second SIP message contains an indicator. The processor determines an IMS network capability from a combination of the first contact header field and the indicator.

Abstract: Apparatuses, methods, and systems are disclosed for authorizing and configuring pairing of unmanned aerial system. An apparatus includes a transceiver that receives, at a first network function of a mobile wireless communication network, a first authorization of unmanned aerial vehicle (“UAV”) operations and a second authorization for associating a UAV-controller with the UAV, the first and second authorizations associated with a first identifier. An apparatus includes a processor that creates a 5G local area network (“LAN”) group within the mobile wireless communication for facilitating communications between the UAV and the UAV-controller and associating a second identifier with the 5G LAN group, configures the 5G LAN group based on at least at least one parameter associated with the UAV and updates a third network function with information for the 5G LAN group for establishing a protocol data unit (“PDU”) session between the UAV and the UAV controller.

Abstract: Apparatuses, methods, and systems are disclosed for determining and enforcing service specific network slice security. One apparatus in a mobile communication network includes processor that performs primary authentication with a mobile communication network and a transceiver that receives a SMC message comprising SSI. The processor applies slice security for control plane and user plane traffic related to a network slice according to a Security Requirement Type indicated in the SSI.

Abstract: Apparatuses, methods, and systems are disclosed for network function reallocation with security context. One apparatus includes a processor and a transceiver. The processor is configured to detect, at a first network function of a mobile wireless communication network, that the first network function cannot serve a requested network slice from a user equipment (“UE”) device. The transceiver is configured to send, from the first network function via a second network function, a reroute message to a third network function of the mobile wireless communication network. The reroute message includes an initial non-access stratum (“NAS”) message retrieved during NAS security mode command (“SMC”) procedure with the UE device and a security configuration. The third network function uses the initial NAS message and the security configuration to determine a security context for the UE device and serve the requested network slice from the UE device.

Abstract: Apparatuses, methods, and systems are disclosed for security context control for AMF reallocation based on a slice capability indication. One apparatus includes a network interface-(840) that receives a first authentication request message from a SEAF having a co-located AMF, the first authentication request message comprising an AMF Slice Capabilities IE. Via the network interface-(840) the processor sends a data request message to a UDM and receives a data response message. Here, the data request message contains the received AMF Slice Capabilities IE and the data response message contains a Slice Compatibility Indicator. The processor determines not to send a SEAF key to the SEAF when the Slice Compatibility Indicator indicates AMF slice incompatibility. The network interface sends, to the SEAF, an authentication response message containing an Authentication Result, a User Subscription Identifier, and the Slice Compatibility indicator.

Abstract: Apparatuses, methods, and systems are disclosed for selecting an authentication type in a 5G network. One apparatus includes a processor and a network interface-640 that receives a first message requesting to register a remote unit to the mobile communication network, where the remote unit is connected to a non-3GPP access network and the remote unit does not support the NAS protocol. The processor determines an authentication request type for the remote unit, where the authentication request type is not based on the NAS protocol. The processor creates a NAS registration message on behalf of the remote unit and sends a second message to an access management function in the mobile communication network, where the second message contains the NAS registration message and the determined authentication request type.

Abstract: Apparatuses, methods, and systems are disclosed for security context handling during AMF reallocation. One apparatus in a mobile communication network includes a network interface and a processor that derives a Reroute Security Context and derives a first authentication parameter for authenticating a Target AMF. The network interface receives a Key Request message from a SEAF co-located with the Target AMF following an AMF reallocation during a UE Registration procedure. The processor verifies the Key Request message by determining whether the second authentication parameter matches the first authentication parameter derived for authenticating the Target AMF. The processor derives a new security context for the Target AMF/SEAF in response to successfully verifying the Key Request message. The network interface sends a Key Response message to the Target AMF/SEAF.

Abstract: Apparatuses, methods, and systems are disclosed for supporting authentication with a mobile core network using a concealed identity. One apparatus includes a processor that sends a first authentication message that includes a concealed identifier to a network function to authenticate with a mobile communication network via a non-3GPP access network. The processor receives a second authentication message from the network function in response to the first authentication message. The second authentication message comprises an authentication response based on the concealed identifier. The processor completes authentication with the mobile communication network in response to the authentication response comprising a challenge packet. The processor receives configuration information for accessing the mobile communication network in response to successful authentication with the mobile communication network.

Abstract: Apparatuses, methods, and systems are disclosed for reporting monitored parameter information. One method includes receiving an indication to monitor parameters in an idle mode. The method includes monitoring the parameters in the idle mode. The method includes transmitting a request to a first base station. The method includes, in response to not receiving a correct response from the first base station: performing a cell reselection resulting in selection of a second base station; and transmitting a failure report to the second base station. The failure report includes information corresponding to the parameters monitored in the idle mode.

Abstract: The invention provides for a method of selecting a Dedicated Core Network (DCN) based on assisting indication by mobile terminals, and including the step of configuring the RAN Nodes of the mobile network with the DCN Types of the serving EPC Nodes so that the RAN Nodes can map the DCN selection assisting information from the connecting mobile terminals with the right dedicated EPC Node. This allows for the RAN Node to connect the mobile terminals with EPC Node of the mobile terminal's dedication at initial attach and then keep the mobile terminals on the same DCN. Thus, a re-routing of mobile terminals NAS message from one EPC Node to another EPC node is avoided. The invention also allows for a flexible and dynamic change of the EPC Nodes dedication based on operator's configuration and policy. Additionally, the invention allows for DCN access restriction control by broadcasting of the supported DCN Types by the RAN Node.

Abstract: Apparatuses, methods, and systems are disclosed for selecting a network slice type for media traffic of an IMS session. One apparatus includes a processor and a transceiver that communicates with a mobile communication network (“MCN”) using multiple network connections. The processor receives a first request to establish an IMS session with an IMS network, the first request including multiple media types. Here, the IMS network is reachable via the multiple network connections, each network connection communicating with a different network slice type of the MCN. The processor selects a network connection to be used for communicating media traffic for each media type and transmits a IMS session request to the IMS network using a first network connection. Here, the IMS session request indicates parameters to be used for communicating the media traffic for each media type using the selected network connection.

Abstract: A transceiver can transmit a broadcasted system information message including a restricted operator service access indication from a serving cell of a network. A controller can perform a radio resource control connection establishment procedure to receive an attach request message. The radio resource control connection establishment procedure can be for the restricted operator service access and can include receiving a RRCConnectionSetupComplete message from a mobile equipment to the network.

Abstract: Apparatuses, methods, and systems are disclosed for supporting remote unit reauthentication. One apparatus apparatus includes a processor and a transceiver that sends a first authentication message to a network function in a mobile communication network and receives a second authentication message from the network function in response to the first authentication message. Here, the first authentication message contains an indicator that the apparatus supports EAP Reauthentication Protocol and the second authentication message contains a key management domain name indicating a group of network functions that can share reauthentication security context. The processor derives reauthentication security context in response to successful authentication with the mobile communication network and locally stores the received key management domain name and the derived reauthentication security context for subsequent reauthentication with the mobile communication network.