Abstract: Disclosed are embodiments of a user equipment (UE) configured to communicate in a 5G network and to perform authentication between an edge enabler client (EEC) of the UE and an edge configuration server (ECS) or an edge enabler server (EES) based on an architecture for authentication and key management for applications (AKMA). The techniques include performing primary authentication with the 5G network to obtain a KAUSF; generating a KAKMA and an A-KID; providing to the EEC the KAKMA and an EEC identifier (ID) for the EEC to generate a Kedge, the KAKMA and the EEC ID being used by the EEC to compute a MACEEC; and sending to the ECS or the EES an application registration request, the application registration request including the EEC ID, the MACEEC, and the A-KID.

Abstract: Apparatuses, systems, and methods for revocation and/or modification of user consent in Edge Computing (MEC). A user equipment device (UE) may determine that user consent needs to be updated. The user consent may be associated with MEC. Additionally, the UE may transmit, via an application layer of the UE, a user consent modification request to an edge application server of a network, e.g., of an edge data network. The user consent modification request may be carried in application data traffic. The user consent modification request may be indicated via an Nnef_ParameterProvision_Update service operation. The user consent modification request is indicated via an Nnef_ParameterProvision_Update service operation.

Abstract: A method for supporting indication of a failure event to a source access system is provided. The method includes notifying, by the source access system, information of a source cell to a target access system, routing, by the target access system, a message to the base station or the base station controller of the source access through a core network by use of the information of the source cell received from the source access system when the target access system needs to transmit a message to the source access system. By use of the method provided by the present disclosure, a problem of mobility robustness optimization (MRO) among different radio access technology (RAT) may be notified to the source access system, so as to avoid impact for a terminal, reduce operator configuration.

Abstract: An example technique for security key derivation in a wireless system includes: sending a radio resource control (RRC) suspend message from a first node, to a first user device, the RRC suspend message including a first next hop (NH) chaining counter (NCC) value; releasing access stratum (AS) resources associated with the first user device; deriving a first node key based on the first NCC value; receiving a first uplink message from the first user device without allocating AS resources to the first user device; and unscrambling the first uplink message based on the first NCC value.

Abstract: An example technique for security key derivation in a wireless system includes: receiving a radio resource control (RRC) suspend message from a first node, the RRC suspend message including a first next hop (NH) chaining counter (NCC) value, entering a RRC inactive state, deriving a first node key based on the first NCC value, generating a first uplink message for transmission in the RRC inactive state based on the first node key, and transmitting the first uplink message to a node while in the RRC inactive state.

Abstract: The present application relates to devices and components including apparatus, systems, and methods for direct discovery or solicitation messages that include indications of types of user equipment-to-network relays.

Abstract: The present application relates to devices and components including apparatus, systems, and methods for security enhancement with respect to reselection of relay user equipment.

Abstract: A UE may receive a first GUTI from a network. The UE may transition to a Connected mode in response to a paging procedure with the network. The UE may take actions to ensure that a second GUTI is obtained from the network. Other aspects are described.

Abstract: A UE may receive a first GUTI from a network. The UE may transition to a Connected mode in response to a paging procedure with the network. The UE may take actions to ensure that a second GUTI is obtained from the network. Other aspects are described.

Abstract: Techniques to protect a subscriber identity, by encrypting a subscription permanent identifier (SUPI) to form one-time use subscription concealed identifiers (SUCIs) using a set of one-time ephemeral asymmetric keys, generated by a user equipment (UE), and network provided keys are disclosed. Encryption of the SUPI to form the SUCIs can mitigate snooping by rogue network entities, such as fake base stations. The UE is restricted from providing the unencrypted SUPI over an unauthenticated connection to a network entity. In some instances, the UE uses a trusted symmetric fallback encryption key KFB or trusted asymmetric fallback public key PKFB to verify messages from an unauthenticated network entity and/or to encrypt the SUPI to form a fallback SUCIFB for communication of messages with the unauthenticated network entity.

Abstract: Techniques discussed herein can facilitate improved security establishment procedures for Vehicle to Everything (V2X) direct connections. Various embodiments are employable at or comprise User Equipment, and can initiate and/or receive V2X security establishment connections wherein a receiving UE can reject the connection based on the initiating UE's capabilities/policy and/or the initiating UE can make the final decision regarding the connection based at least on receiving security policy and capability information from the receiving UE.

Abstract: Embodiments are presented herein of apparatuses, systems, and methods for a user equipment device (UE) and/or cellular network to resume a connection. To resume the connection, the UE may transmit a fully protected connection resume message, e.g., which may include protection for a resume cause field.

Abstract: Apparatuses, systems, and methods for application awareness interworking between cellular systems. A wireless device may be configured to initiate an application during an ongoing procedure serviced by a first operating according to a first radio access technology (RAT), receive, from a first cellular system, an indication to switch to a second cellular system operating according to a second RAT, and delay the switch to the second cellular system until completion of the ongoing procedure. A network function may be configured to detect initiation of an application during an ongoing procedure serviced by a cellular system operating according to a first RAT, the application having associated application preferences, determine that the associated application preferences indicate a switch to a second cellular system operating according to a second RAT, and delay the switch to the second cellular system until completion of the ongoing procedure.

Abstract: A user equipment (UE) includes a first subscriber identification module (SIM) and a second SIM. The UE is configured to establish a first cellular network connection based on, at least, the first SIM and a second cellular network connection based on, at least, the second SIM. The UE sends, by the first SIM, a first registration request to the network, wherein the first registration request comprises an identification indicating the multi-SIM device is a type of multi-SIM device, receives, by the first SIM, a first registration accept message indicating the first registration request has been accepted, wherein the first registration accept message comprises a first temporary identification for the first SIM and sends, by the second SIM, an access network message comprising one of the first temporary identification or a further temporary identification based on, at least, the first temporary identification.

Abstract: Apparatuses, systems, and methods for enhancement of network slicing for a UE. A UE may receive, from an AMF of a network, application related information associated with network slice data routing for data associated with an application. The information may be provided to the network by network slice customers. The UE may, in response to application initiation, determine traffic routing for data associated with the application. Traffic routing may be based on the application related information and a UE configuration associated with user privacy (e.g., user privacy setting) associated with the application. When the user UE configuration is enabled, the data may be routed via a default network slice and when the UE configuration is disabled, the data may be routed via a network slice indicated by the application related information. The UE configuration may be indicated by the application via a Boolean flag and/or via a user interface setting.

Abstract: A network receives an indication of user consent from a user equipment (UE) to access UE information for the purposes of edge computing. The network receives an indication of user consent from a UE, the user consent corresponding to a network function acquiring UE information, receives the UE information and performs operations related to establishing a connection between the UE and an edge data network.

Abstract: MBS key distribution includes processing group information associated with an MB session context received from an AF. At least a portion of the group information comprises a TMGI. A plurality of session join requests received from a plurality of UEs are processed. Each of the plurality of session join requests include the TMGE and are associated with the MB session context. A request associated with the MB session context for transmission to an MB-SMF is encoded. A response associated with the MB session context received from the MB-SMF is processed. The response includes a key derived for each of a portion of the plurality of UEs using a UE ID and the TMGI. A DL NAS message and an N2 message are encoded for the plurality of UEs and a base station, respectively. The DL NAS message and the N2 message include the derived key.

Abstract: Systems and methods provide packet data convergence protocol (PDCP) user plane (UP) integrity protection (IP) for a user equipments (UE) and radio access network (RAN) nodes operating in Evolved Universal Terrestrial Radio Access—New Radio dual connectivity (EN-DC). In an attach procedure, a UE may indicate a UE security capability for support of relay node (RN) PDCP UP IP used in LTE. Based on the security capability, a master e Node B (MeNB) security capability, and a secondary g Node B (SgNB) security capability, the MeNB may determine whether to use UP IP between the UE and the MeNB, the UE and the SgNB, and/or in a split bearer between the MeNB and the SgNB.

Abstract: A network may authenticate a user equipment (UE) to access an edge data network. The network generates a first credential based on a second credential, the second credential generated for a procedure between the UE and a cellular network corresponding to the network component, receives an identifier associated with the first credential from a further network component in response to the UE transmitting an application registration request to a server associated with an edge data network and retrieves the first credential based on the identifier. The network also receives a multi-access edge computing (MEC) authorization parameter, verifies the MEC authorization parameter and transmits an authentication verification response to a second network component.

Abstract: The present application relates to devices and components including apparatus, systems, and methods for secured user equipment communications over a user equipment relay. In some embodiments, symmetric or asymmetric encryption may be used for the secured user equipment communications.