Abstract: Apparatuses, methods, and systems are disclosed for integrity protection for a packet data unit. One method includes determining a first portion of a packet data unit, wherein the packet data unit includes the first portion and a second portion. The method includes applying an integrity protection function to the first portion of the packet data unit to result in an integrity protection indicator without applying the integrity protection function to the second portion of the packet data unit. The method includes transmitting the packet data unit with the integrity protection indicator.

Abstract: Apparatuses, methods, and systems are disclosed for selecting a transport layer protocol for SIP messaging. One apparatus includes a processor and a transceiver that receives a SIP message from a remote unit, the SIP message comprising a first request to initiate a session for an IMS MMTEL. The processor determines that the SIP message is communicated using TCP as a transport layer protocol and forwards the first request to a network entity, wherein the first request is sent using UDP as the transport layer protocol.

Abstract: Apparatuses, methods, and systems are disclosed for network slice authentication. One apparatus includes a processor that provides an application layer and a non-access stratum (“NAS”) layer and a transceiver for communicating with a mobile communication network. The processor receives, at an application at the application layer, network slice authentication information for a subscribed service and stores the network slice authentication information at an application module. The processor associates the network slice authentication information with single network slice selection assistance information (“S-NSSAI”) and registers the application with the NAS layer, said registration pointing to the associated S-NSSAI. Additionally, the transceiver that exchanges, via the NAS layer, authentication messages with an authentication, authorization, and accounting (“AAA”) server for network slice authentication information.

Abstract: Apparatuses, methods, and systems are disclosed for indicating radio capability changes in an inactive state. One method includes detecting a trigger to change radio capabilities of a UE in an inactive state; transmitting a first message comprising information indicating to change the radio capabilities of the UE, wherein the first message comprises a first access stratum message; receiving a second message, wherein the second message comprises information corresponding to an action, and the second message comprises a second access stratum message; receiving a third message comprising information requesting the radio capabilities of the UE; transmitting a fourth message comprising the radio capabilities of the UE; and receiving a fifth message comprising information for configuring a radio resource control of the UE and activating data radio bearers of the UE, wherein the fifth message is determined based on the radio capabilities of the UE.

Abstract: This disclosure provides a User Equipment (UE) (3), including a receiver (31) and a controller (34). The receiver (31) is configured to receive a control plane data back-off timer included in a Service Accept message from a network. The controller (34) is configured to consider a current data transfer via a control plane as successful based on the Service Accept message and not to initiate data transfer via Control Plane Cellular Internet of Things (CIoT) Evolved Packet System (EPS) Optimization while the control plane data back-off timer is running.

Abstract: Apparatuses, methods, and systems are disclosed for selective security protection of user plane traffic. One apparatus includes a transceiver that sends a UE security capability to a mobile communication network and receives an indication of data protection policy. The apparatus includes a processor that applies a security protection to a subset of user plane traffic with the mobile communication network according to the data protection policy. In such embodiments, a portion of the user plane traffic is communicated without the security protection.

Abstract: Embodiments of this disclosure enable the I-CSCF and S-CSCF to detect inbound roaming UEs to network supporting Service Domain Centralization in IMS, so that the S-CSCF is able to select the appropriate database entity and can understand the CS authentication vector.

Abstract: Provided is an authentication device capable of generating a master key suited to a UE in a 5GS. The authentication device (10) includes a communication unit (11) configured to, in registration processing of user equipment (UE), acquire UE key derivation function (KDF) capabilities indicating a pseudo random function supported by the UE, a selection unit (12) configured to select a pseudo random function used for generation of a master key related to the UE by use of the UE KDF capabilities, and a key generation unit (13) configured to generate a master key related to the UE by use of the selected pseudo random function.

Abstract: This invention provides a network node for IP Multimedia Subsystem (IMS) Centralized Services (ICS), comprising: a memory storing instructions; and at least one processor configured to process the instructions to: receive an Update Location Request with an IMSI (International Mobility Subscriber Identity) and an MSRN (Mobile Station Routing Number) from a MSC (Mobile Switching Centre) Server, retrieve a subscription profile and service settings from a HSS (Home Subscriber Server), map the subscription profile with service settings into a CS (Circuit-Switched) profile with CS settings, and send an Insert Subscriber Data message including the mapped CS profile and CS settings, to the MSC Server.

Abstract: An object is to provide a communication terminal capable of using a newly-generated network slice or service. A communication terminal (10) according to the present disclosure includes a communication unit (11) configured to receive a parameter related to SM-NSSAI (Session Management-Network Slice Selection Assistance Information) from a core network When subscriber information of the communication terminal itself managed in the core network or a location of the communication terminal itself is changed, and a control unit (12) configured to update NSSAI by using the parameter related to the SM-NSSAI, the NSSAI being managed to select a network slice.

Abstract: The present disclosure aims to provide a communication system capable of achieving advanced security in a 5G communication system. The communication system according to the present disclosure includes: a communication terminal (10); an Access and Mobility Management (AMF) entity (20) configured to execute Mobility Management (MM) processing regarding the communication terminal (10); and a Session Management Function (SMF) entity (30) configured to execute Session Management (SM) processing regarding the communication terminal (10), in which the communication terminal (10) sends an MM message used in the MM processing, a first security key having been applied to the MM message, between the communication terminal and the AMF entity (20), and sends an SM message used in the SM processing, a second security key having been applied to the SM message, between the communication terminal and the SMF entity (30) via the AMF entity (20).

Abstract: Apparatuses, methods, and systems are disclosed for establishing an IP multimedia subsystem session. One method includes receiving, at a first network entity from a user device, a first session initiation protocol message comprising a session description protocol, wherein the first session initiation protocol message is used to establish an internet protocol multimedia subsystem session for an application. The method includes transmitting, from the first network entity to a second network entity, a first message comprising an internet protocol address and an identifier for the application. The method includes receiving, at the first network entity from the second network entity, a status of a radio access technology of the user device, wherein the status of the radio access technology of the user device is received by the second network entity from a third network entity.

Abstract: To provide a communication system capable of conducting necessary security procedures when handover is made in NextGen System, a communication system according to the present invention includes a base station (10) configured to form a communication area where a communication terminal (20) is located, and a base station (12) configured to form a communication area to which the communication terminal (20) makes handover, wherein the base station (10) receives a first message containing UE Security Capabilities and related to the handover from the communication terminal (20), and the base station (12) receives a second message containing the UE Security Capabilities, performs handover check of the communication terminal (20) based on the UE Security Capabilities, and sends a third message corresponding to the second message based on a result of the handover check.

Abstract: The present disclosure aims to provide a communication system configured to execute a security procedure that is necessary to apply an Attach Procedure to a NextGen System. The communication system according to the present disclosure includes: a communication terminal (10) configured to transmit an Attach Request message including Network Slice Selection Assistance Information (NSSAI) and User Equipment (UE) Security Capabilities; and a network apparatus (20) that is arranged in a mobile network (30) and receives an Attach Request message, in which the network apparatus (20) determines whether to allow the communication terminal (10) to be connected to a core network indicated by the NSSAI among a plurality of core networks partitioned by network slicing using the NSSAI and the UE Security Capabilities.

Abstract: A method, performed by a multi-cell/multicast coordination entity (MCE) in a communication system in which a plurality of member user equipments (UEs) can engage in group communication, includes obtaining information about a supported multimedia broadcast/multicast service (MBMS) mechanism of a member UE of the plurality of member UEs. The obtained information is used to select a multimedia broadcast/multicast service (MBMS) mechanism for a base station (eNB). The selected MBMS mechanism is notified to an application server.

Abstract: To provide a communication system capable of providing a high level of security when implementing dual connectivity using different communication technologies, a communication system according to the present invention is a communication system including a base station (20) that communicates with a communication terminal (30) by using a second communication, the communication terminal (30) having information about terminal capability to access the base station (20), and a base station (10) that communicates with the communication terminal (30) by using a first communication technology and includes a receiving unit configured to receive the information about the terminal capability and information about access right to the base station (20) granted to the communication terminal (30), and a sending unit configured to send, to the base station (20), a message requesting connection to the communication terminal (30) based on the information about the terminal capability and the information about the access right.

Abstract: A purpose of the present disclosure is to provide a communication system that are capable of maintaining a high security level in each divided network in the case of applying network slicing to a core network. A communication system according to the present disclosure includes a subscriber-information management apparatus (10) configured to manage subscriber information of a communication terminal; and a security apparatus (20) configured to manage identification information of the communication terminal in association with security information used in at least one network slice system usable by the communication terminal. The subscriber-information management apparatus (10) acquires, using the identification information of the communication terminal and identification information of a network slice system used by the communication terminal, security information used in the network slice system used by the communication terminal from the security apparatus (20).

Abstract: In order for making MTC more efficient and/or secure, a base station forming a communication system connects a UE to a core network. A node serves as an entering point to the core network for a service provider, and transmits traffic between the service provider and the UE. The node establishes, as a connection to the base station, a first connection for directly transceiving messages between the node and the base station. Alternatively, the node establishes a second connection for transparently transceiving the messages through a different node that is placed within the core network and has established a different secure connection to the base station.

Abstract: A communication system is disclosed in which a base station receives, from a communication device, NAS signalling for establishing a connection via the base station. The base station forwards the NAS signalling to a default MME for setting up the connection to the default MME. The default MME sends, responsive to the base station forwarding the NAS said signalling, a message identifying an MME group to which the NAS signalling should be rerouted. The base station selects an MME based on the message identifying the MME group, and forwards the NAS signalling to the selected MME, and includes information indicating that the NAS signalling shall not be rerouted.

Abstract: The method proposes to establish at least one session between the User Equipment and the Session Management Function node, and initiate session deactivation for a session indicated by the User Plane Function node, upon detection inactivity of User Plane connection for the session for a period by the User Plane Function node.