Abstract: The present application relates to devices and components including apparatuses, systems, and methods for technologies for packet framing for application data unit transmission in wireless networks.

Abstract: A user equipment (UE) may attempt to access an edge data network. The UE generates a first credential based on a second credential that was generated for a procedure between the UE and a network. The UE then generates an identifier corresponding to the first credential and generates a message authentication code based on the first credential and a count, wherein the count is associated with an identifier of an edge network client running on the UE. The UE then transmits an application registration request, message to a server associated with an edge data network, the application registration request message including the count, the message authentication code, the identifier corresponding to the first credential, and a public land mobile network identifier (PLMN ID) of the network. The UE then receives an authentication accept message or an authentication reject message from the server associated with the edge data network.

Abstract: A network may authenticate a user equipment (UE) to access an edge data network. The network generates a first credential based on a second credential, the second credential generated for a procedure between the UE and a cellular network corresponding to the network component, receives an identifier associated with the first credential from a further network component in response to the UE transmitting an application registration request to a server associated with an edge data network and retrieves the first credential based on the identifier. The network also receives a multi-access edge computing (MEC) authorization parameter, verifies the MEC authorization parameter and transmits an authentication verification response to a second network component.

Abstract: A user equipment (UE) configured to connect to an edge data network. The UE connects to a first edge application server (EAS) of an edge data network (EDN), the connecting comprising performing a first authorization/authentication procedure, receives a message indicating the UE is to connect to a second EAS of the EDN, the message including an indication as to whether the UE is to perform a second authorization/authentication procedure to connect to the second EAS and performs a discovery procedure to locate the second EAS based on at least the indication in the message.

Abstract: The present application relates to devices and components including apparatus, systems, and methods for secured user equipment communications over a user equipment relay. In some embodiments, symmetric or asymmetric encryption may be used for the secured user equipment communications.

Abstract: A system for configuring a UE-AMBR includes a MME to send the UE-AMBR to an eNB covering the serving cell of the UE, the eNB covering the serving cell of the UE establishes a radio access bearer of the UE on at least one secondary cell. The MME sends an AMBR of the UE in the primary eNB covering the serving cell of the UE and an AMBR of the UE in a secondary eNB to the primary eNB. The primary eNB sends the AMBR of the secondary eNB to the corresponding secondary eNB. The technical solutions of the present disclosure can make total rate of all non-GBR services of the UE be not larger than the UE-AMBR when the UE has multiple S1 bearers or one S1 bearer.

Abstract: Techniques discussed herein can facilitate integrated sensing and communication (ISC), where a wireless network is used for both sensing and for wireless communications. One example aspect is sensing function entity configured to receive a sensing service request from an access and mobility function (AMF) entity, where the sensing service request is received by an access and mobility function/sensing function (AMF/SF) interface. The SF entity is further configured to transmit, by the AMF/SF interface, a sensing service response to the AMF entity and subsequently receive sensing data associated with the sensing service response, where the sensing data is received by a base station/sensing function (BS/SF) interface. The SF entity is further configured to process the sensing data, and transmit the sensing response after processing the sensing data.

Abstract: This disclosure relates to techniques, base stations, and user equipment devices (UEs) for performing base station authentication through access stratum signaling transmissions. The UE may operate in idle mode and may receive an authentication message from a base station through the wireless interface while operating in idle mode. The UE may determine whether a signature comprised within the authentication message is valid, and the UE may continue a connection procedure with the base station based on a determination that the signature is valid. If it is determined that the signature is invalid, the UE may designate the base station as a barred base station and may perform cell re-selection. The authentication message may be one of a radio resource control (RRC) connection setup message, a special RRC message, a media access control (MAC) message, or a random access channel (RACH) message comprising a random access response (RAR) message.

Abstract: Disclosed are embodiments for authentication and authorization in a 5G network between an edge enabler client (EEC) of a UE and an edge configuration server (ECS). The embodiment include performing primary authentication with the 5G network to obtain a KAUSF; generating a Kedge and a Kedge ID using the KAUSF and a subscription permanent identifier (SUPI); providing the Kedge and the Kedge ID to the EEC to cause it to compute a MACEEC using the Kedge and an EEC ID; and sending to the ECS an application registration request, the application registration request including the EEC ID, MACEEC, and Kedge ID.

Abstract: MBS key distribution includes processing group information associated with an MB session context received from an AF. At least a portion of the group information comprises a TMGI. A plurality of session join requests received from a plurality of UEs are processed. Each of the plurality of session join requests include the TMGE and are associated with the MB session context. A request associated with the MB session context for transmission to an MB-SMF is encoded. A response associated with the MB session context received from the MB-SMF is processed. The response includes a key derived for each of a portion of the plurality of UEs using a UE ID and the TMGI. A DL NAS message and an N2 message are encoded for the plurality of UEs and a base station, respectively. The DL NAS message and the N2 message include the derived key.

Abstract: Techniques to protect a subscriber identity, by encrypting a subscription permanent identifier (SUPI) to form one-time use subscription concealed identifiers (SUCIs) using a set of one-time ephemeral asymmetric keys, generated by a user equipment (UE), and network provided keys are disclosed. Encryption of the SUPI to form the SUCIs can mitigate snooping by rogue network entities, such as fake base stations. The UE is restricted from providing the unencrypted SUPI over an unauthenticated connection to a network entity. In some instances, the UE uses a trusted symmetric fallback encryption key KFB or trusted asymmetric fallback public key PKFB to verify messages from an unauthenticated network entity and/or to encrypt the SUPI to form a fallback SUCIFB for communication of messages with the unauthenticated network entity.

Abstract: Techniques for identity-based message integrity protection and verification between a user equipment (UE) and a wireless network entity, include use of signatures derived from identity-based keys. To protect against attacks from rogue network entities before activation of a security context with a network entity, the UE verifies integrity of messages by checking a signature using an identity-based public key PKID derived by the UE based on (i) an identity value (ID) of the network entity and (ii) a separate public key PKPKG of a private key generator (PKG) server. The network entity generates signatures for messages using an identity-based private key SKID obtained from the PKG server, which generates the identity-based private key SKID using (i) the ID value of the network entity and (ii) a private key SKPKG that is known only by the PKG server and corresponds to the public key PKPKG.

Abstract: An approach is described for a base station to generate a first message and a second message. The base station transmits the first message and the second message to a user equipment (UE). The first message is associated with a cell supported by the base station and includes a first public land mobile network (PLMN) identity index and a first list of one or more network slices supported by a first PLMN associated with the first PLMN identity index. The second message is associated with one or more neighboring cells, and includes the first PLMN identity index and a second list of one or more network slice data associated the first PLMN as supported by the one or more neighboring cells. In addition, at least one of the one or more network slice data in the second list includes a sub-list of one or more neighboring cell data.

Abstract: Systems, apparatuses, methods, and program products to provision a user plane (UP) security policy at a granularity level that is per data radio bearer (DRB) within a protocol data unit (PDU) session or per quality of service (QoS) flow within one or more DRB of the PDU session.

Abstract: A network component communicating with a user equipment (UE) and a server. The network component receives a first packet from the UE, wherein the first packet indicates to the network component that the network component is to perform operations on behalf of the UE to maintain a persistent connection, receives a second packet from the server and determines whether to transmit a signal to the UE based on the second packet received from the server. A UE having a transceiver and a processor. The UE transmits a first packet to the network component, wherein the first packet indicates to the network component that the network component is to perform operations on behalf of the UE to maintain a persistent connection, identifies an out of service (OOS) event, receives registration information from the network component and registers with the server based on the registration information received from the network component.

Abstract: This disclosure relates to techniques for performing wireless communications including authentication between user equipment and edge computing servers. One or more edge enabler client(s) operating at a user equipment may authenticate with one or more edge computing server(s). The authentication may use generic bootstrapping architecture, among various possibilities.

Abstract: A method for supporting fast recovery of a User Equipment (UE) includes performing, by a serving base station, UE context synchronization for one or more other base stations in a related small cell cluster when a UE accesses the serving base station, performing, by a base station that the UE performs a radio resource control (RRC) connection re-establishment, the RRC connection re-establishment for the UE according to UE context saved in a synchronization process. The present also discloses another method and system for supporting UE fast recovery. By applying the technical solution disclosed by the present disclosure, when the UE moves in a small cell scenario, the UE can be recovered quickly in the case of a failure, so as to avoid the UE returns to an idle mode, avoid data loss, guarantee business continuity, and improve UE experience.

Abstract: A user equipment (UE) includes first and second subscriber identity modules (SIMs), possibly subscribed to different carriers. When the first SIM is in a connected state and the second SIM is in an idle state, the UE may need to periodically tune away a radio from a first frequency used for communication under the first SIM to a second frequency used for idle mode activity under the second SIM. The UE may provide to the network of the first SIM the second SIMs traffic activity pattern and/or serving frequency so that the network may provide coordinated configuration and/or scheduling for the UE device, e.g., in order to make the action of tuning away (and tuning back) the radio more efficient and/or to decrease the network impact of such radio tune aways (e.g., to decrease wasted uplink scheduling and wasted downlink transmissions for the first SIM).

Abstract: Disclosed are embodiments for authentication and authorization in a 5G network between an edge enabler client (EEC) of a UE and an edge configuration server (ECS). The embodiment include performing primary authentication with the 5G network to obtain a KAUSF; generating a Kedge and a Kedge ID using the KAUSF and a subscription permanent identifier (SUPI); providing the Kedge and the Kedge ID to the EEC to cause it to compute a MACEEC using the Kedge and an EEC ID; and sending to the ECS an application registration request, the application registration request including the EEC ID, MACEEC, and Kedge ID.

Abstract: Disclosed are embodiments of a user equipment (UE) configured to communicate in a 5G network and to perform authentication between an edge enabler client (EEC) of the UE and an edge configuration server (ECS) or an edge enabler server (EES) based on an architecture for authentication and key management for applications (AKMA). The techniques include performing primary authentication with the 5G network to obtain a KAUSF; generating a KAKMA and an A-KID; providing to the EEC the KAKMA and an EEC identifier (ID) for the EEC to generate a Kedge, the KAKMA and the EEC ID being used by the EEC to compute a MACEEC; and sending to the ECS or the EES an application registration request, the application registration request including the EEC ID, the MACEEC, and the A-KID.