Abstract: Various solutions for Transmission Control Protocol (TCP) acknowledgement (ACK) rate reduction in mobile communications are described. A processor of an apparatus compresses a plurality of source TCP ACKs into compressed TCP ACKs. The processor then transmits the compressed TCP ACKs in a Packet Data Convergence Protocol (PDCP) data protocol data unit (PDU) to a receiver.

Abstract: Various solutions for protocol data unit (PDU) rate reduction in mobile communications are described. A processor of an apparatus implementable in a user equipment (UE) generates a Packet Data Convergence Protocol (PDCP) data PDU containing a plurality of service data units (SDUs). The apparatus then transfers the PDCP data PDU to a receiver of the apparatus.

Abstract: Examples pertaining to indication of additional security capabilities using non-access stratum (NAS) signaling in 5th Generation (5G) mobile communications are described. A processor of an apparatus (e.g., a user equipment (UE)) transmits an initial NAS message to a communication entity of a 5G mobile network. The processor then receives a message from the communication entity responsive to the transmitting, the message comprising an additional 5G security parameter information element (IE). The processor proceeds to perform a security mode control procedure using information contained in the additional 5G security parameter IE pertaining to at least one 5G security parameter.

Abstract: A method for delivery of inter-system NAS security algorithms is provided to be executed by a User Equipment (UE). The method includes the following steps: sending a first REGISTRATION REQUEST message without information of inter-system capability of the UE to a first mobile communication system; and receiving a SECURITY MODE COMMAND message including NAS security algorithms to be used in a second mobile communication system from the first mobile communication system in response to sending the first REGISTRATION REQUEST message.

Abstract: Examples pertaining to user equipment (UE) key derivation at mobility update in mobile communications are described. An apparatus implemented in a UE conducts a registration with a first Access and Mobility Management Function (AMF) of a network. The apparatus also conducts one other registration with a second AMF of the network over a 3rd Generation Partnership Project (3GPP) access. In response, the apparatus receives a request from the second AMF over the 3GPP access. The apparatus then performs a key derivation to generate a derived key using a keying material from the initial registration with the first AMF to result in the UE and the second AMF sharing a common security context for the 3GPP access and a non-3GPP access.

Abstract: Various examples pertaining to improvement for incorrect key set identifier (KSI) handling in mobile communications are described. An apparatus (e.g., user equipment) receives from a wireless network an authentication challenge after the processor having completed an authentication and key agreement (AKA) procedure with the wireless network. The apparatus detects an error in the authentication challenge and handles the error in the authentication challenge. For example, the apparatus can reject the authentication challenge responsive to detecting the error. Alternatively, the apparatus can accept the authentication challenge.

Abstract: Methods and apparatus are provided for handling of non-integrity reject message in the 5G system. In one novel aspect, the UE upon receiving the reject message via one access without integrity protection, retries one or more other accesses for one or more times before treating the rejection genuine. In one embodiment, the UE attempts the same 5GMM procedure over another access in the same cell/tracking area (TA). The alternative access including other types of 3GPP access and non-3GPP access. Subsequently, the UE can search the service from another cell/TA or another PLMN. In one embodiment, if the UE receives reject cause invalidating the UE with one access without integrity protection, the UE tries the system a few times before treating the reject genuine by tracking an invalidating counter, which is increased by one each time the rejection is received with a cause value invalidating the UE.

Abstract: A User Equipment (UE) communicates with one or both of a first 3GPP core network and a second 3GPP core network over one or both of a 3GPP access and a non-3GPP access. The communication includes: receiving, from the first 3GPP core network, a reject message; and searching for another suitable cell or another suitable Access Point (AP), when the reject message is received over the 3GPP access or the non-3GPP access and the UE is registered with the first 3GPP core network or the second 3GPP core network over the 3GPP access or the non-3GPP access.

Abstract: Examples pertaining to user equipment (UE) key derivation at mobility update in mobile communications are described. An apparatus implemented in a UE conducts a registration with a first Access and Mobility Management Function (AMF) of a network. The apparatus also conducts one other registration with a second AMF of the network over a 3rd Generation Partnership Project (3GPP) access. In response, the apparatus receives a request from the second AMF over the 3GPP access. The apparatus then performs a key derivation to generate a derived key using a keying material from the initial registration with the first AMF to result in the UE and the second AMF sharing a common security context for the 3GPP access and a non-3GPP access.

Abstract: Examples pertaining to user equipment (UE) key derivation at mobility update in mobile communications are described. An apparatus implemented in a UE conducts a registration with a first Access and Mobility Management Function (AMF) of a network. The apparatus also conducts one other registration with a second AMF of the network over a 3rd Generation Partnership Project (3 GPP) access. In response, the apparatus receives a request from the second AMF over the 3 GPP access. The apparatus then performs a key derivation to generate a derived key using a keying material from the initial registration with the first AMF to result in the UE and the second AMF sharing a common security context for the 3 GPP access and a non-3 GPP access.

Abstract: A User Equipment (UE) including a wireless transceiver and a controller is provided. The wireless transceiver performs wireless transmission and reception to and from a service network. The controller transitions the UE from a Radio Resource Control (RRC) idle state to an RRC connected state, and after transitioning the UE from the RRC idle state to the RRC connected state, sends an initial Non-Access Stratum (NAS) message comprising a limited set of Information Elements (IEs) in cleartext, which are required to establish security between the UE and the service network, and a container IE carrying an initial NAS message Protocol Data Unit (PDU) ciphered with NAS security context to the service network via the wireless transceiver.

Abstract: A UE receives a first NAS Security Mode Command message or a NAS Container, which includes an indication to change a common NAS security context that is in use on both accesses, from a 33GP core network over one access, when the UE is in a connected state on both accesses and the UE is using the common NAS security context on both accesses. In response, the UE activates a new NAS security context over the one access. After that, the UE receives a second NAS Security Mode Command message, which includes a KSI associated with the common NAS security context, from the 3GPP core network over the other access, and aligns the common NAS security context in use on the other access with the new NAS security context in use on the one access.

Abstract: A method of non-access stratum (NAS) recovery from NAS container (NASC) failure in 5G New Radio (NR) mobile communication network is proposed. The UE performs NAS layer registration and enters 5GMM connected mode in NAS layer through its serving base station. Later on, the UE performs a handover or inter-system change procedure and receives NASC IE from the network. Upon detecting the NASC verification failure, the UE aborts the handover or the inter-system change procedure and goes to IDLE mode. The UE also takes action to synchronize NAS security contexts with the network by triggering a registration procedure for mobility.

Abstract: A User Equipment (UE) communicates with one or both of a first 3GPP core network and a second 3GPP core network over one or both of a 3GPP access and a non-3GPP access. The communication includes: receiving, from the first 3GPP core network, a reject message; and searching for another suitable cell or another suitable Access Point (AP), when the reject message is received over the 3GPP access or the non-3GPP access and the UE is registered with the first 3GPP core network or the second 3GPP core network over the 3GPP access or the non-3GPP access.

Abstract: Examples pertaining to user equipment (UE) key derivation at mobility update in mobile communications are described. An apparatus implemented in a UE conducts a registration with a first Access and Mobility Management Function (AMF) of a network. The apparatus also conducts one other registration with a second AMF of the network over a 3rd Generation Partnership Project (3 GPP) access. In response, the apparatus receives a request from the second AMF over the 3 GPP access. The apparatus then performs a key derivation to generate a derived key using a keying material from the initial registration with the first AMF to result in the UE and the second AMF sharing a common security context for the 3 GPP access and a non-3 GPP access.

Abstract: Methods and apparatus are provided for handling of non-integrity reject message in the 5G system. In one novel aspect, the UE upon receiving the reject message via one access without integrity protection, retries one or more other accesses for one or more times before treating the rejection genuine. In one embodiment, the UE attempts the same 5GMM procedure over another access in the same cell/tracking area (TA). The alternative access including other types of 3GPP access and non-3GPP access. Subsequently, the UE can search the service from another cell/TA or another PLMN. In one embodiment, if the UE receives reject cause invalidating the UE with one access without integrity protection, the UE tries the system a few times before treating the reject genuine by tracking an invalidating counter, which is increased by one each time the rejection is received with a cause value invalidating the UE.

Abstract: Examples pertaining to indication of additional security capabilities using non-access stratum (NAS) signaling in 5th Generation (5G) mobile communications are described. A processor of an apparatus (e.g., a user equipment (UE)) transmits an initial NAS message to a communication entity of a 5G mobile network. The processor then receives a message from the communication entity responsive to the transmitting, the message comprising an additional 5G security parameter information element (IE). The processor proceeds to perform a security mode control procedure using information contained in the additional 5G security parameter IE pertaining to at least one 5G security parameter.

Abstract: Methods and apparatus are provided for handling of non-integrity reject message in the 5G system. In one novel aspect, the UE upon receiving the reject message via one access without integrity protection, retries one or more other accesses for one or more times before treating the rejection genuine. In one embodiment, the UE attempts the same 5GMM procedure over another access in the same cell/tracking area (TA). The alternative access including other types of 3GPP access and non-3GPP access. Subsequently, the UE can search the service from another cell/TA or another PLMN. In one embodiment, if the UE receives reject cause invalidating the UE with one access without integrity protection, the UE tries the system a few times before treating the reject genuine by tracking an invalidating counter, which is increased by one each time the rejection is received with a cause value invalidating the UE.

Abstract: Methods and apparatus are provided for handling of non-integrity reject message in the 5G system. In one novel aspect, the UE upon receiving the reject message via one access without integrity protection, retries one or more other accesses for one or more times before treating the rejection genuine. In one embodiment, the UE attempts the same 5GMM procedure over another access in the same cell/tracking area (TA). The alternative access including other types of 3GPP access and non-3GPP access. Subsequently, the UE can search the service from another cell/TA or another PLMN. In one embodiment, if the UE receives reject cause invalidating the UE with one access without integrity protection, the UE tries the system a few times before treating the reject genuine by tracking an invalidating counter, which is increased by one each time the rejection is received with a cause value invalidating the UE.

Abstract: Various examples pertaining to improvement for incorrect key set identifier (KSI) handling in mobile communications are described. An apparatus (e.g., user equipment) receives from a wireless network an authentication challenge after the processor having completed an authentication and key agreement (AKA) procedure with the wireless network. The apparatus detects an error in the authentication challenge and handles the error in the authentication challenge. For example, the apparatus can reject the authentication challenge responsive to detecting the error. Alternatively, the apparatus can accept the authentication challenge.