Abstract: Systems, methods, and devices authenticate mobile network cellular cells using asymmetric/public-key cryptography algorithms (e.g., Digital Signature Algorithm (DSA)) through integrity protecting the cellular cells broadcasted messages (e.g., paging and/or system information blocks (SIBs) system information broadcast messages) by message authentication code (MAC).

Abstract: Disclosed herein are user equipment (UE) configured to communicate with a vehicle-to-everything (V2X) control function (CF) and a V2X Key Management Function (KMF). The UE includes processing circuitry configured to select a broadcast service from a plurality of available broadcast services and encode a key request message for transmission to the V2X KMF. The key request message includes a service identification (ID) of the selected broadcast service and identification of V2X security techniques supported by the UE. A key response message received from the V2X KMF in response to the key request message is decoded. The key response message identifies a V2X security technique of the V2X security techniques. The identified V2X security technique is execute to obtain security credentials provisioned by the V2X KMF. Data is encoded for transmission to a second UE during the selected broadcast service, where the encoding is based on the provisioned security credentials.

Abstract: Embodiments of the present disclosure describe methods, apparatuses, storage media, and systems for performing a restricted local operator services (RLOS) authorization procedure. Various embodiments enable a network to authorize a user equipment (UE) with an RLOS access or subscription properly while aiding in minimizing or preventing potential denial-of-service (DoS) attacks. Other embodiments may be described and claimed.

Abstract: Non-pre-provisioned cellular Internet of things (IoT) devices can be added to an existing user's subscription with an operator and a service provider. The procedure can include obtaining a security association between a device and a user's smartphone using the operator's network. The operator and the service provider can verify the device with a certificate authority. In one embodiment, the smartphone reads (302) a URL pointer to the device certification and sends it (304) to the MME. The MME forwards (306) the URL to the HSS. The HSS verifies (312) the certificate and derives security credentials including the Master key K?. The HSS also derives another key K? used to establish security context between the IoT device and the smartphone. The device uses its key deriving function KDF with K? and Rand to generate K?.

Abstract: Embodiments of apparatus and methods for signaling for resource allocation and scheduling in 5G-NR integrated access and backhaul are generally described herein. In some embodiments, User Equipment configured for reporting a channel quality indicator (CQI) index in a channel state information (CSI) reference resource assumes a physical resource block (PRB) bundling size of two PRBs to derive the CQI index.

Abstract: System and techniques for secure wireless association are described herein. A station (STA) may transmit a probe request for the wireless network that includes identification of a certificate. An access point (AP) receiving the probe request may obtain the identified certificate and use the certificate to encrypt a key. The encrypted key may then be included in a beacon by the AP. The STA may then obtain the encrypted key from the beacon, decrypt the key with the certificate, and then use the key to associate to the wireless network via the AP.

Abstract: Non-pre-provisioned cellular Internet of things (IoT) devices can be added to an existing user's subscription with an operator and a service provider. The procedure can include obtaining a security association between a device and a user's smartphone using the operator's network. The operator and the service provider can verify the device with a certificate authority. In one embodiment, the smartphone reads (302) a URL pointer to the device certification and sends it (304) to the MME. The MME forwards (306) the URL to the HSS. The HSS verifies (312) the certificate and derives security credentials including the Master key K?. The HSS also derives another key K? used to establish security context between the IoT device and the smartphone. The device uses its key deriving function KDF with K? and Rand to generate K?.

Abstract: This document discusses, among other things, a Cellular Internet-of-Things (CIoT) network architecture to enable communication between an apparatus of a CIoT User Equipment (UE) and a network through a CIoT enhanced Node B (eNB) according to a lightweight Non-Access Stratum (NAS) protocol. An apparatus of a CIoT eNB can process data for communication between the CIoT UE and the network. The lightweight NAS protocol supports a reduced set of NAS messages for communication between, for example, the CIoT UE and the CIoT eNB, such as using a modified NAS message, or one or more new messages.

Abstract: Embodiments of apparatus and methods for signaling for resource allocation and scheduling in 5G-NR integrated access and backhaul are generally described herein. In some embodiments, User Equipment configured for reporting a channel quality indicator (CQI) index in a channel state information (CSI) reference resource assumes a physical resource block (PRB) bundling size of two PRBs to derive the CQI index.

Abstract: The present disclosure provides systems for updating firmware of a CIoT device. The CIoT device activates, based on one or more activation commands received by the first receiver and the second receiver. The CIoT device connects by the second receiver and the second transmitter, to a device. The CIoT device receives, by the second receiver, from the device, a firmware upgrade file. A CIoT device deactivates the second receiver.

Abstract: This document discusses, among other things, a Cellular Internet-of-Things (CIoT) network architecture to enable communication between an apparatus of a CIoT User Equipment (UE) and a network through a CIoT enhanced Node B (eNB) according to a lightweight Non-Access Stratum (NAS) protocol. An apparatus of a CIoT eNB can process data for communication between the CIoT UE and the network. The lightweight NAS protocol supports a reduced set of NAS messages for communication between, for example, the CIoT UE and the CIoT eNB, such as using a modified NAS message, or one or more new messages.

Abstract: This document discusses, among other things, a Cellular Internet-of-Things (CIoT) network architecture to enable communication between an apparatus of a CIoT User Equipment (UE) and a network through a CIoT enhanced Node B (eNB) according to a lightweight Non-Access Stratum (NAS) protocol. An apparatus of a CIoT eNB can process data for communication between the CIoT UE and the network. The lightweight NAS protocol supports a reduced set of NAS messages for communication between, for example, the CIoT UE and the CIoT eNB, such as using a modified NAS message, or one or more new messages.

Abstract: Systems and methods are provided for security systems and procedures. Certain embodiments herein are directed to privacy protection for a permanent subscriber identifier. Other embodiments are directed to support of extensible authentication protocol (EAP) authentication and authorization by 5G non-access stratum (NAS).

Abstract: This document discusses, among other things, a Cellular Internet-of-Things (CIoT) network architecture to enable communication between an apparatus of a CIoT User Equipment (UE) and a network through a CIoT enhanced Node B (eNB) according to a lightweight Non-Access Stratum (NAS) protocol. An apparatus of a CIoT eNB can process data for communication between the CIoT UE and the network. The lightweight NAS protocol supports a reduced set of NAS messages for communication between, for example, the CIoT UE and the CIoT eNB, such as using a modified NAS message, or one or more new messages.

Abstract: Device to device (D2D) communication can be performed with packet data convergence protocol (PDCP) based encapsulation without internet protocol (IP) addressing. The non-IP D2D PDCP-encapsulated communication can further include two forms of secure data transfer. A first non-IP D2D PDCP-encapsulated communication can be a negotiated non-IP D2D PDCP-encapsulated communication. A second non-IP D2D PDCP-encapsulated communication can be a non-negotiated non-IP D2D communication. The non-negotiated non-IP D2D PDCP-encapsulated communication can include a common key management server (KMS) version and a distributed KMS version. The encapsulated communication can be used with various protocols, including a PC5 protocol (such as the PC5 Signaling Protocol) and wireless access in vehicular environments (WAVE) protocols.

Abstract: Embodiments herein may include systems, apparatuses, methods, and computer-readable media, for a multi-access edge computing (MEC) system. A MEC orchestrator is to receive a request for service that includes a workload from a user agent; and facilitate formation of a SLA for servicing the workload. To facilitate the formation of the SLA includes to obtain, via a decentralized contracting system, bids from a plurality of service providers to respectively service a plurality of functions or tasks of the workload. The MEC orchestrator is also to translate the workload into the plurality of functions or tasks, and schedule servicing of the functions of tasks with the one or more service providers, including one or more edge computing devices, in accordance with the SLA. Other embodiments may be described and/or claimed.

Abstract: System and techniques for secure direct discovery UEs are described herein. A UE may initiate ProSe D2D discovery and create a discovery request that includes an asserted identity in clear text and a message integrity code. The discovery request may then be transmitted in a D2D discovery channel.

Abstract: Embodiments are generally directed to fake gNB/eNB detection using identity-based authentication and encryption. An embodiment of an apparatus of a user equipment (UE) to perform an identity-based authentication and encryption process includes one or more baseband processors to generate a Radio Resource Control (RRC) Verify-Request message to an Evolved Node B (eNB) or Next Generation Node B (gNB) in response to receiving an RRCConnectionRelease message in a Cell Reselection process, the UE being in RRC idle mode, process an RRC Verify-Response message received from the eNB in response to the RRC Verify-Request message, and verify authenticity of the eNB or gNB by verifying the RRC Verify-Response message; and a memory to store the messages for the identity-based authentication and encryption process.

Abstract: User equipment (UE) within dual connectivity (DC) architecture with a Master Node-B (MN) and a Secondary Node-B (SN) includes processing circuitry decoding connection reconfiguration information from the MN. The connection reconfiguration information includes signaling radio bearer type 3 (SRB3) configuration information. The SRB3 configuration information originates from the SN and configures a SRB3, the SRB3 for a radio resource control (RRC) connection between the UE and the SN. An RRC connection reconfiguration request message received from the SN via the SRB3 is decoded. The RRC connection reconfiguration request message includes UE new radio (NR) security capability information of the SN. The processing circuitry further determines whether the UE NR security capability information received from the SN matches UE NR security capability information received by the UE from the MN.

Abstract: Device to device (D2D) communication can be performed with packet data convergence protocol (PDCP) based encapsulation without internet protocol (IP) addressing. The non-IP D2D PDCP-encapsulated communication can further include two forms of secure data transfer. A first non-IP D2D PDCP-encapsulated communication can be a negotiated non-IP D2D PDCP-encapsulated communication. A second non-IP D2D PDCP-encapsulated communication can be a non-negotiated non-IP D2D communication. The non-negotiated non-IP D2D PDCP-encapsulated communication can include a common key management server (KMS) version and a distributed KMS version. The encapsulated communication can be used with various protocols, including a PC5 protocol (such as the PC5 Signaling Protocol) and wireless access in vehicular environments (WAVE) protocols.