Abstract: Enabling the exchange of connection parameters where a user equipment (UE) lacks a secret shared with the network (e.g. a server), such as key materials, and lacks a valid certificate. In some embodiments, the connection parameters may be exchanged via EAP messages. In certain aspects, and particularly with respect to emergency attach, a simplified protocol is used with limited overhead because the UE does not attempt to authenticate the network, and the network does not attempt to authenticate the UE.

Abstract: Methods of operating a user equipment UE are discussed. An access category may be determined from a plurality of access categories and at least one access identity may be determined from a plurality of access identities to be applied for an access attempt. An establishment cause may be determined for the access attempt based on the access category determined from the plurality of access categories and based on the at least one access identity from the plurality of access identities. A connection request message for the access attempt may be transmitted to a wireless communication network, with the connection request message including the establishment cause determined based on the access category and based on the at least one access identity. Related devices are also discussed.

Abstract: Enabling the exchange of connection parameters where a user equipment (UE) lacks a secret shared with the network (e.g. a server), such as key materials, and lacks a valid certificate. In some embodiments, the connection parameters may be exchanged via EAP messages. In certain aspects, and particularly with respect to emergency attach, a simplified protocol is used with limited overhead because the UE does not attempt to authenticate the network, and the network does not attempt to authenticate the UE.

Abstract: A method of operating a session management network of a telecommunications network is disclosed. The method includes sending to a management network node an accept of a session establishment request of a wireless device; and receiving a message from the management network node, including a session connectivity rejection message sent by a radio access network node serving the wireless device. The session connectivity rejection message indicates a rejection of the acceptance of the session establishment request of the wireless device The method further includes determining that the radio access network did not send the accept of the session establishment request to the wireless device based on the session connectivity rejection message creating a session establishment rejection message; and transmitting the session establishment rejection message toward the wireless device.

Abstract: A node of a wireless communication network (150; 160; 170; 210; 220; 230; 240) receives an indication from a user equipment (10). The indication indicates that a limitation of volume charged packet data services is required for the user equipment (10). Depending on the received indication, the node (150; 160; 170; 210; 220; 230; 240) prevents transmission of packet data associated with the volume charged packet data services and allows transmission of packet data associated with one or more other packet data services.

Abstract: A method implemented in an access and mobility management function, AMF, node that implements at least one congestion control process is provided. A message including a first indication that the message is exempt from the at least one congestion control process is received by a UE. The message is forwarded to the SMF either with the exempt indication or, if this is missing, an indication that the AMF applies a congestion control. The SMF, only when receiving the forwarded message with the additional information inserted by the AMF, carries out a validation of the message of the UE, thus preventing that a UE tags a message to be exempted from congestion control, when it should be not be exempt.

Abstract: According to some embodiments, a method performed by a wireless device comprises: obtaining, from a non-access stratum (NAS) communication layer, an initial NAS protocol data unit (PDU) for potential early data transmission; determining, by an access-stratum (AS) communication layer, whether the initial NAS PDU is intended to be delivered when an associated radio resource control (RRC) connection is resumed successfully; and upon determining that the initial NAS PDU is not intended to be delivered when the associated RRC connection is resumed successfully, transmitting an early data transmission including the initial NAS PDU.

Abstract: The AMF re-allocation procedure for an Initiating AMF that has reroute capability via an Access Network (AN) is optimized in scenarios where a wireless device, such as a User Equipment (UE), already shares a 5G security context with-in a Last Serving AMF that is different from the Initiating AMF, and where the Initiating AMF and the Last Serving AMF can communicate with each other via an interface.

Abstract: Systems and methods are disclosed for supporting remote User Equipment (UE) authentication via a relay UE. In one embodiment, a method performed by a relay UE comprises receiving a first message conveyed by a remote UE and sending a second message to a relay access and mobility function (AMF), wherein the second message comprises a UE-to-Network (U2N) connection mapping identification (ID) that identifies the remote UE. In this manner, the relay UE and relay AMF are able to identify that the second message (e.g., an authentication related message) is for the remote UE. Embodiments of a relay UE and embodiments of a relay AMF and methods of operation thereof are also disclosed.

Abstract: An authentication server (10A) is configured for use in a home network (10H) of a wireless device (12). The authentication server (10A) generates expected integrity protection data for checking an integrity of a set of one or more information fields (22) contained in a transparent container (20) that acknowledges successful reception by the wireless device (12) of device configuration data (14) from the home network (10H). The authentication server (10A) checks, or assists a core network node (16H) in the home network (10H) to check, the integrity of the set of one or more information fields (22) using the expected integrity protection data.

Abstract: A wireless device and an Access and Mobility Management Function (AMF) and methods performed by a wireless device and an AMF, respectively.

Abstract: According to some embodiments, a method for early data transmission performed by a wireless device comprises: obtaining, from a non-access stratum (NAS) communication layer, an initial NAS protocol data unit (PDU) for early data transmission; determining, by a radio resource control (RRC) communication layer, to initiate early data transmission based at least in part on a size of the initial NAS PDU; and transmitting an early data transmission including the initial NAS PDU.

Abstract: The present disclosure provides a method in a terminal device. The method includes: receiving a downlink, DL, packet, the DL packet being Internet Protocol “IP” Security, IPSec, protected; and deriving a reflective Quality of Service, QoS, rule for uplink, UL, direction per IPSec Security Association, SA, based on the DL packet.

Abstract: A method of operating a user equipment (“UE”) to handle an internet protocol multimedia subsystem (“IMS”) emergency call can include sending a session initiation protocol (“SIP”) REGISTER request relating to an emergency registration to a proxy call session control function (“P-CSCF”) of an IMS network. The method can further include, responsive to sending the SIP REGISTER request, receiving a response from the P-CSCF. The method can further include, responsive to receiving the response, performing an action based on the response.

Abstract: A UE having a security context with an Initial AMF is able to accept an unprotected AUTHRQ, under certain circumstances, for a limited time. In one embodiment, a UE considers the security context to be temporary, which invokes rules or exceptions different than a permanent security context, such as the acceptance of an unprotected AUTHRQ from a Target AMF. The network may indicate to the UE the temporary status, or the UE may assume it. Alternatively, the UE may enable exceptions to the defined rules associated with the security context. In one embodiment, the UE receives a plurality of partial registration acceptance messages, each indicating a specific task or aspect of the overall registration has been completed. The UE may mark its security context temporary, or enable exceptions to the rules 10 associated with it, until a partial registration acceptance messages indicates AMF re-allocation is complete or is not required.

Abstract: Systems and methods for enabling User Equipments (UEs) to use a Public Land Mobile Network (PLMN) failing service under disaster conditions and to receive services from alternative PLMNs. In some embodiments, a method performed by a first network node comprises receiving, from a second network node, a first disaster roaming PLMN list. The method also comprises determining that a UE is to be authenticated. The method further comprises providing, to a third network node, a request including the disaster roaming PLMN list, responsive to determining that the UE is to be authenticated. In this way, an interruption of the service at the UE is minimized in case of the disaster conditions.

Abstract: A wireless device and an Access and Mobility Management Function (AMF) and methods performed by a wireless device and an AMF, respectively.

Abstract: Systems and methods for enabling notification of disaster conditions and alternative Public Land Mobile Networks (PLMNs) to network nodes are disclosed. In one embodiment, a method performed by a User Equipment (UE) for responding to a disaster condition in a first PLMN, comprises determining that a first PLMN is not available; determining that a second PLMN is available for disaster roaming; and attempting to register with the second PLMN, responsive to determining that the first PLMN is not available due to the disaster condition and determining that a second PLMN is available for disaster roaming. In this way, a UE is informed of the failure of its currently used PLMN due to a disaster condition and a service may be provided in another PLMN, where the UE under normal conditions may not be allowed to receive a service from the second PLMN.

Abstract: According to certain embodiments, a method by a user equipment (UE) for securing network steering information includes transmitting a registration request to a Visited Public Land Mobile Network (VPLMN). Upon successful authentication b an authentication server function (AUSF), a home network root key is generated. A protected message comprising Network Steering information is received from a first network node. The protected message is protected using a configuration key (Kconf) and a first Message Authentication Code (MAC-1). The configuration key (Kconf) is determined from the home network root key, and the UE verifies the MAC-1. Based on the Kconf and the MAC-1, it is verified that the VPLMN did not alter Network Steering Information. An acknowledgement message, which is protected with a second Message Authentication Code (MAC-2), is transmitted to a Home Public Land Mobile Network (HPLMN).

Abstract: Example embodiments presented herein are directed towards a wireless device and core network node, as well as corresponding methods therein, for managing a data flow between a network access type 1 and a network access type 2. According to some examples, access type 1 may be a 3GPP access and access type 2 may be a non-3GPP access. The wireless device is connectable to both the networks of access types 1 and 2.