Abstract: The present application relates to devices and components including apparatuses, systems, and methods for sensing-assisted beamforming for security.

Abstract: Techniques discussed herein can facilitate integrated sensing and communication (ISC), where a wireless network is used for both sensing and for wireless communications. One example aspect is sensing function entity configured to receive a sensing service request from an access and mobility function (AMF) entity, where the sensing service request is received by an access and mobility function/sensing function (AMF/SF) interface. The SF entity is further configured to transmit, by the AMF/SF interface, a sensing service response to the AMF entity and subsequently receive sensing data associated with the sensing service response, where the sensing data is received by a base station/sensing function (BS/SF) interface. The SF entity is further configured to process the sensing data, and transmit the sensing response after processing the sensing data.

Abstract: This disclosure relates to techniques for utilizing an authentication proxy in authentication and key management for applications in a wireless communication system. An authentication proxy in a cellular network may receive a request to establish an application session from a wireless device. Authentication of the wireless device may be performed with an authentication anchor function associated with the cellular network to obtain an authentication result. The authentication proxy may provide an indication of the authentication result to an application server associated with the application session.

Abstract: A network application server including communication circuitry and at least one processor is disclosed. The at least one processor is configured to receive, from a number of user equipments (UEs) and via the communication circuitry, a number of requests to receive service data from a number of application providers; determine an amount of service data exchanged between an application provider and a set of UEs of the number of UEs requesting service data over one or more network slices; generate first billing information corresponding to the application provider based on criteria including the amount of service data exchanged with the application provider over the one or more network slices; and generate second billing information corresponding to each UE of the set of UEs based on data usage by each UE of the set of the UEs, independent of characteristics of the one or more network slices.

Abstract: An edge enabler server of an edge data network is configured to receive a verification request comprising an edge enabler client identification (EEC ID), wherein the EEC ID uniquely identifies an edge enabler client (EEC), determine whether the EEC ID is an authorized EEC ID and provide a verification response based on whether the EEC ID is authorized.

Abstract: A user equipment (UE) is configured to transmit a request to an edge configuration server (ECS) comprising a list of authentication mechanisms supported by the UE, wherein the ECS is configured to select one authentication mechanism from the list of authentication mechanisms and receive a response to the request from the ECS, wherein response comprises an indication of the selected authentication mechanism.

Abstract: The present application relates to devices and components including apparatus, systems, and methods for security enhancement with respect to reselection of relay user equipment.

Abstract: The present application relates to devices and components including apparatus, systems, and methods for supporting voice services during roaming.

Abstract: An edge enabler server of an edge data network is configured to receive a verification request comprising an edge enabler client identification (EEC ID), wherein the EEC ID uniquely identifies an edge enabler client (EEC), determine whether the EEC ID is an authorized BEC ID and provide a verification response based on whether the EEC ID is authorized.

Abstract: A user equipment (UE) may attempt to access an edge data network. The UE generates a first credential based on a second credential that was generated for a procedure between the UE and a network. The UE then generates an identifier corresponding to the first credential and generates a message authentication code based on the first credential and a count, wherein the count is associated with an identifier of an edge network client running on the UE. The UE then transmits an application registration request, message to a server associated with an edge data network, the application registration request message including the count, the message authentication code, the identifier corresponding to the first credential, and a public land mobile network identifier (PLMN ID) of the network. The UE then receives an authentication accept message or an authentication reject message from the server associated with the edge data network.

Abstract: A user equipment (UE) is configured to join a multicast broadcast service (MBS) session. The UE sends, to a network function, a protocol data unit (PDU) modification request comprising a request to join a multicast broadcast service (MBS) session, generates a first key (KMBS-UE), receives a PDU session modification complete message comprising an encrypted second key (KMBS) and a key identification (KID) corresponding to the KMBS and decrypts the Kiss using the KMBS-UE.

Abstract: A user equipment (UE) may attempt to access an edge data network. The UE generates a first credential based on a second credential that was generated for a procedure between the UE and a network. The UE then generates an identifier corresponding to the first credential and generates a message authentication code based on the first credential and a count, wherein the count is associated with an identifier of an edge network client running on the UE. The UE then transmits an application registration request, message to a server associated with an edge data network, the application registration request message including the count, the message authentication code, the identifier corresponding to the first credential, and a public land mobile network identifier (PLMN ID) of the network. The UE then receives an authentication accept message or an authentication reject message from the server associated with the edge data network.

Abstract: Techniques discussed herein can facilitate integrated sensing and communication (ISC), where a wireless network is used for both sensing and for wireless communications. One example aspect is sensing function entity configured to receive a sensing service request from an access and mobility function (AMF) entity, where the sensing service request is received by an access and mobility function/sensing function (AMF/SF) interface. The SF entity is further configured to transmit, by the AMF/SF interface, a sensing service response to the AMF entity and subsequently receive sensing data associated with the sensing service response, where the sensing data is received by a base station/sensing function (BS/SF) interface. The SF entity is further configured to process the sensing data, and transmit the sensing response after processing the sensing data.

Abstract: Techniques for identity-based message integrity protection and verification between a user equipment (UE) and a wireless network entity, include use of signatures derived from identity-based keys. To protect against attacks from rogue network entities before activation of a security context with a network entity, the UE verifies integrity of messages by checking a signature using an identity-based public key PKID derived by the UE based on (i) an identity value (ID) of the network entity and (ii) a separate public key PKPKG of a private key generator (PKG) server. The network entity generates signatures for messages using an identity-based private key SKID obtained from the PKG server, which generates the identity-based private key SKID using (i) the ID value of the network entity and (ii) a private key SKPKG that is known only by the PKG server and corresponds to the public key PKPKG.

Abstract: The present application relates to devices and components including apparatus, systems, and methods for security enhancement with respect to reselection of relay user equipment.

Abstract: Techniques for identity-based message integrity protection and verification between a user equipment (UE) and a wireless network entity, include use of signatures derived from identity-based keys. To protect against attacks from rogue network entities before activation of a security context with a network entity, the UE verifies integrity of messages by checking a signature using an identity-based public key PKID derived by the UE based on (i) an identity value (ID) of the network entity and (ii) a separate public key PKPKG of a private key generator (PKG) server. The network entity generates signatures for messages using an identity-based private key SKID obtained from the PKG server, which generates the identity-based private key SKID using (i) the ID value of the network entity and (ii) a private key SKPKG that is known only by the PKG server and corresponds to the public key PKPKG.

Abstract: Techniques for identity-based message integrity protection and verification between a user equipment (UE) and a wireless network entity, include use of signatures derived from identity-based keys. To protect against attacks from rogue network entities before activation of a security context with a network entity, the UE verifies integrity of messages by checking a signature using an identity-based public key PKID derived by the UE based on (i) an identity value (ID) of the network entity and (ii) a separate public key PKPKG of a private key generator (PKG) server. The network entity generates signatures for messages using an identity-based private key SKID obtained from the PKG server, which generates the identity-based private key SKID using (i) the ID value of the network entity and (ii) a private key SKPKG that is known only by the PKG server and corresponds to the public key PKPKG.

Abstract: This disclosure relates to techniques for a wireless device to perform radio resource control procedures with improved security. The wireless device may establish a radio resource control connection with a cellular base station. A capability enquiry may be received from the cellular base station. The wireless device may determine how much capability information to provide in response to the capability enquiry based at least in part on whether access stratum security has been established, either in the current radio resource connection, or in a previous radio resource connection, between the wireless device and the cellular base station when the capability enquiry is received.

Abstract: Techniques for identity-based message integrity protection and verification between a user equipment (UE) and a wireless network entity, include use of signatures derived from identity-based keys. To protect against attacks from rogue network entities before activation of a security context with a network entity, the UE verifies integrity of messages by checking a signature using an identity-based public key PKID derived by the UE based on (i) an identity value (ID) of the network entity and (ii) a separate public key PKPKG of a private key generator (PKG) server. The network entity generates signatures for messages using an identity-based private key SKID obtained from the PKG server, which generates the identity-based private key SKID using (i) the ID value of the network entity and (ii) a private key SKPKG that is known only by the PKG server and corresponds to the public key PKPKG.