Abstract: Various aspects of the present disclosure relate to secure data collection via a messaging framework. An apparatus includes at least one memory and at least one processor that is configured to receive a subscription request from a data consumer function, the subscription request comprising a data tag associated with a data producer function, generate a security key for the data tag, generate a binding for the data tag between the security key, the data consumer function, and the data producer function, and transmit, for use in data transmissions between the data producer function and the data consumer function a service request message to the data producer function, the service request message comprising the data tag and the security key, and a data exposure response message to the data consumer function, the data exposure response message comprising the data tag and the security key.

Abstract: Apparatuses, methods, and systems are disclosed for rerouting message transmissions. One method includes receiving, at a first network device, a registration request message. The method includes delaying, by the first network device, primary authentication, security setup, or a combination thereof based at least partly on a subscription permanent identifier (SUFI) from a second network device and subscription information. The method includes determining, at the first network device, whether to transmit a reroute non-access stratum (NAS) message.

Abstract: Various aspects of the present disclosure relate to key identification for mobile edge computing functions. An apparatus includes at least one memory and at least one processor that is configured to generate a unique key set identifier (“KSI”) associated with a multi-access edge computing (“MEC”) service, derive a key for a network function based on a corresponding root key and the generated KSI, the KSI provided as input to a key derivation function (“KDF”), and transmit an application registration request message to the network function for establishing a secure connection to the network function using the key, the application registration request message comprising the KSI.

Abstract: Apparatuses, methods, and systems are disclosed for provisioning server selection in a cellular network. One method includes communicating, at a network device, with a remote unit via a first network function. The method includes receiving an authentication request from the first network function. The method includes selecting a provisioning server based on a remote unit identity of an onboarding profile, based on a pre-configuration, or a combination thereof. The method includes transmitting a response message to the first network function. The response message includes a provisioning server address.

Abstract: A communication terminal (10) according to the present disclosure includes: a control unit (12) configured to, in a case of a movement from a communication area formed by the 5GS to a communication area formed by the EPS or a movement from a communication area formed by the EPS to a communication area formed by the 5GS, determine whether or not a communication system forming a communication area at a movement destination can satisfy requirements of services; and a communication unit (11) configured to, when it is determined that the communication system forming the communication area at the movement destination can satisfy the requirements of the services, send a connection request message to the communication system forming the communication area at the movement destination.

Abstract: One example system includes a first light detection and ranging (LIDAR) device that scans a first field-of-view defined by a first range of pointing directions associated with the first LIDAR device. The system also includes a second LIDAR device that scans a second FOV defined by a second range of pointing directions associated with the second LIDAR device. The second FOV at least partially overlaps the first FOV. The system also includes a first controller that adjusts a first pointing direction of the first LIDAR device. The system also includes a second controller that adjusts a second pointing direction of the second LIDAR device synchronously with the adjustment of the first pointing direction of the first LIDAR device.

Abstract: Apparatuses, methods, and systems are disclosed for network security based on routing information. One method includes receiving at a first network device, a security request message from an initial access and mobility management function (AMF), an initial security anchor function (SEAF)), or a combination thereof. The security request message includes information indicating a serving network name (SNN), whether routing information is required, a subscription permanent identifier (SUFI), or some combination thereof. The method includes determining, at the first network device, routing information based on the security request message. The method includes transmitting, from the first network device, a security response message to the initial AMF, the initial SEAF, or the combination thereof. The security response message includes the routing information.

Abstract: Apparatuses, methods, and systems are disclosed for handling security aspects for UAS in a 3GPP network. One apparatus contains a transceiver that receives a revocation indication message from a mobile communication network and a processor that deletes UAS-related authorization and security information corresponding to a UAV ID. The transceiver further transmits a revocation acknowledgement message to the mobile communication network.

Abstract: Apparatuses, methods, and systems are disclosed for determining a time to perform an update. One method (900) includes transmitting (902) first information indicating an initial value. The method (900) includes transmitting (904) second information indicating an update interval corresponding to the initial value. The method (900) includes updating (906) an identifier at a time determined based on the initial value and the update interval.

Abstract: This disclosure provides a User Equipment (UE), including: a transmitter configured to transmit at least one Protocol Data Unit (PDU) session identifier (ID), each of which indicates a PDU session that the UE needs to use in a Non Access Stratum (NAS) Service Request message to a Mobility Management Function (MMF) via an access network (AN) node when the UE has user data to send.

Abstract: A session initiation protocol register request message for RLOS can be received at a P-CSCF. The session initiation protocol register request message can include an IP multimedia public user identification for a UE. The session initiation protocol register request message can be forwarded to a Serving Call Session Control Function (S-CSCF). A UE identifier in a 200 OK response can be received in response to forwarding the session initiation protocol register request message at the P-CSCF from the S-CSCF. Signaling can be ciphered using a security key for the UE in response to receiving the 200 OK response.

Abstract: Apparatuses, methods, and systems are disclosed for selecting a data connection based on digital certificate information. One apparatus includes a transceiver and a processor that receives a request to send a data packet and determines a first application identity used by a first application. The processor finds a first policy rule in the apparatus that matches the first application identity and determines whether the first application matches a digital certificate information. Here, the first policy rule contains the digital certificate information. Upon determining that the first application matches the digital certificate information, the processor applies the first policy rule to select a first set of data connection parameters and the transceiver transmits the data packet via a data connection using the first set of data connection parameters.

Abstract: The method proposes to establish at least one session between the User Equipment and the Session Management Function node, and initiate session deactivation for a session indicated by the User Plane Function node, upon detection inactivity of User Plane connection for the session for a period by the User Plane Function node.

Abstract: Provided is an authentication device capable of generating a master key suited to a UE in a 5GS. The authentication device (10) includes a communication unit (11) configured to, in registration processing of user equipment (UE), acquire UE key derivation function (KDF) capabilities indicating a pseudo random function supported by the UE, a selection unit (12) configured to select a pseudo random function used for generation of a master key related to the UE by use of the UE KDF capabilities, and a key generation unit (13) configured to generate a master key related to the UE by use of the selected pseudo random function.

Abstract: Apparatuses, methods, and systems are disclosed for Digital Identifier-based authentication for network access. One apparatus includes a memory coupled to a processor, the memory storing instructions executable by the processor to control the apparatus to receive a first authentication request message containing UE identifier that is based on a Digital Identifier (“DIG-ID”) comprising a verifiably secure identity. The instructions are executable by the processor to control the apparatus to receive subscription information from a service provider identified using the DIG-ID, and to store the subscription information and UE security context containing at least one security key derived using the DIG-ID. The instructions are executable by the processor to control the apparatus to transmit the at least one security key.

Abstract: Apparatuses, methods, and systems are disclosed for security capabilities in an encryption key request. One method includes transmitting an encryption key request comprising security capabilities of a user equipment, wherein the encryption key request is for an application layer key. The method includes, in response to transmitting the encryption key request, receiving an encryption key response comprising a group encryption key.

Abstract: A transceiver can transmit a broadcasted system information message including a restricted operator service access indication from a serving cell of a network. A controller can perform a radio resource control connection establishment procedure to receive an attach request message.

Abstract: Apparatuses, methods, and systems are disclosed for Digital Identifier-based subscription onboarding. One apparatus includes a memory coupled to a processor, the memory storing instructions executable by the processor to control the apparatus to acquire a Digital Identifier (“DIG-ID”) comprising a verifiably secure identity, and to generate a digital signature of the DIG-ID and a timestamp using a private key. The instructions are executable by the processor to control the apparatus to send a first request to a mobile communication network and to receive a response containing an onboarding authentication success indication and a verified DIG-ID, the first request including the DIG-ID, the timestamp and the digital signature. The instructions are executable by the processor to establish a provisioning connection to the mobile communication network and to receive a subscription credential and/or a user subscription profile via the provisioning connection.

Abstract: Apparatuses, methods, and systems are disclosed for correlating a user equipment and an access and mobility management function. One method (900) includes determining (902), at a first network device, a correlation between a user equipment identifier for a user equipment and an access and mobility management function identifier for an access and mobility management function. The method (900) includes storing (904), by the first network device, correlation information indicating the correlation between the user equipment identifier and the access and mobility management function identifier. The method (900) includes receiving (906), at the first network device, a request from a second network device, wherein the request comprises the user equipment identifier. The method (900) includes determining (908), by the first network device, the access and mobility management function identifier using the user equipment identifier in the request.

Abstract: Apparatuses, methods, and systems are disclosed for key-based authentication for a mobile edge computing network. One method (800) includes deriving (805), at a user equipment, a first network key after authentication with a network function of a wireless core network, deriving (810) a second network key based on the first network key, the second network key for a first network function of a mobile edge computing network, sending (815) a registration request message to the first network function of the mobile edge computing network, the registration request message integrity protected with the second network key, receiving (820) a registration response message from the first network function, and, in response to verifying the integrity of the registration response message using the second network key, establishing (825) a secure communication with the first network function of the mobile edge computing network based on the second network key.