Abstract: Systems and methods provide packet data convergence protocol (PDCP) user plane (UP) integrity protection (IP) for a user equipments (UE) and radio access network (RAN) nodes operating in Evolved Universal Terrestrial Radio Access—New Radio dual connectivity (EN-DC). In an attach procedure, a UE may indicate a UE security capability for support of relay node (RN) PDCP UP IP used in LTE. Based on the security capability, a master e Node B (MeNB) security capability, and a secondary g Node B (SgNB) security capability, the MeNB may determine whether to use UP IP between the UE and the MeNB, the UE and the SgNB, and/or in a split bearer between the MeNB and the SgNB.

Abstract: MBS key distribution includes processing group information associated with an MB session context received from an AF. At least a portion of the group information comprises a TMGI. A plurality of session join requests received from a plurality of UEs are processed. Each of the plurality of session join requests include the TMGE and are associated with the MB session context. A request associated with the MB session context for transmission to an MB-SMF is encoded. A response associated with the MB session context received from the MB-SMF is processed. The response includes a key derived for each of a portion of the plurality of UEs using a UE ID and the TMGI. A DL NAS message and an N2 message are encoded for the plurality of UEs and a base station, respectively. The DL NAS message and the N2 message include the derived key.

Abstract: A network receives an indication of user consent from a user equipment (UE) to access UE information for the purposes of edge computing. The network receives an indication of user consent from a UE, the user consent corresponding to a network function acquiring UE information, receives the UE information and performs operations related to establishing a connection between the UE and an edge data network.

Abstract: The present application relates to devices and components including apparatus, systems, and methods for secured user equipment communications over a user equipment relay. In some embodiments, symmetric or asymmetric encryption may be used for the secured user equipment communications.

Abstract: Systems, apparatuses, methods, and program products to provision a user plane (UP) security policy at a granularity level that is per data radio bearer (DRB) within a protocol data unit (PDU) session or per quality of service (QoS) flow within one or more DRB of the PDU session.

Abstract: A user equipment (UE) establishes a first type of connection to a first public land mobile network (PLMN), the first type of connection having a first non-access stratum (NAS) Count pair corresponding to a first NAS security context associated with the first PLMN, establishes a second type of connection to a second PLMN, wherein a previous second type of connection was established with the first PLMN, wherein the previous second type of connection has a second NAS Count pair corresponding to the first NAS security context, wherein the second type of connection has a third NAS Count pair corresponding to a second NAS security context associated with the second PLMN and deregisters the previous second type of connection with the first PLMN to reset the second NAS count pair at the first PLMN.

Abstract: A user equipment (UE) may attempt to access an edge data network. The UE generates a first credential based on a second credential, the second credential generated for a procedure between the UE and a cellular network, generating an identifier corresponding to the first credential, and generates a multi-access edge computing (MEC) authorization parameter. The UE then transmits an application registration request message to a server associated with an edge data network, the application registration request message including an indication of the first credential, the identifier corresponding to the first credential and the first authorization parameter. The UE then receives an authentication accept message or an authentication reject message from the server associated with the edge data network.

Abstract: The exemplary embodiments relate to a user equipment (UE) providing an indication of user consent to a network for access to UE information. The UE may perform operations including transmitting an indication of user consent to a first network. The user consent corresponds to a network function acquiring UE information. The operations also include transmitting the UE information to the first network and establishing a connection with a second network. The network function performs operations related to establishing the connection between the UE and the second network using the UE information.

Abstract: This application sets forth techniques for authenticating a mobile device with a cellular wireless network without electronic Subscriber Identity Module (eSIM) credentials by using an Extensible Authentication Protocol Transport Layer Security (EAP-TLS) procedure. The mobile device authenticates with an Authentication Server Function (AUSF) of the cellular wireless network using an embedded Universal Integrated Circuit Card (eUICC) certificate. Processing circuitry of the mobile wireless device external to the eUICC implements the EAP-TLS procedure and authenticates validity of the AUSF. In some embodiments, the eUICC provides key generation and storage for a session key for communication between the mobile device and the cellular wireless network.

Abstract: Apparatuses, systems, and methods for application function (AF) key generation and AF key renewal. A user equipment device (UE) may communicate with an application function (AF) via a radio access network (RAN) using a first AF key and determine that the first AF key has expired. The UE may derive a second AF key based on at least an Architecture for Authentication and Key Management for Applications (AKMA) anchor key (KAKMA) and a counter parameter and communicate with the AF via the RAN using the second AF key. At least one of the UE, the AF, and/or an AKMA Anchor Function (AAnF) may be configured to monitor expiration of the first AF key based on an associated lifetime of the first AF key. The first and second AF keys may be derived using a key derivation function that includes at least one variable parameter.

Abstract: Apparatuses, systems, and methods for generating and utilizing improved initialization vectors (IVs) when performing encryption and authentication in wireless communications. In some scenarios, a wireless communication device may generate one or more pseudorandom multi-bit values, e.g., using a respective plurality of key derivation functions (KDFs). A first portion of each value may be used as a respective key for encryption or authentication of traffic on the user plane or the control plane. A second portion of each value may be used as a nonce value in a respective IV for use with a respective key for encryption or authentication of traffic on the user plane or the control plane. In some scenarios, the nonce values may instead be generated as part of an additional pseudorandom value (e.g., by executing an additional KDF), from which all of the IVs may be drawn.

Abstract: Techniques to protect subscriber identity in messages communicated between a user equipment (UE) and a cellular wireless network entity by using multiple ephemeral asymmetric keys are disclosed. The UE determines multiple ephemeral UE public and secret key pairs, while the cellular wireless network entity provides a network public key to the UE. The network public key may be updated over time. Multiple encryption keys based on the multiple ephemeral UE secret keys and the public network key are derived and used to encrypt a subscription permanent identifier (SUPI) to generate multiple subscription concealed identifiers (SUCIs). Each SUCI is used only once for messages communicated to a cellular wireless network and discarded after use. New SUCI are generated when the network public key is updated.

Abstract: Techniques for identity-based message integrity protection and verification between a user equipment (UE) and a wireless network entity, include use of signatures derived from identity-based keys. To protect against attacks from rogue network entities before activation of a security context with a network entity, the UE verifies integrity of messages by checking a signature using an identity-based public key PKID derived by the UE based on (i) an identity value (ID) of the network entity and (ii) a separate public key PKPKG of a private key generator (PKG) server. The network entity generates signatures for messages using an identity-based private key SKID obtained from the PKG server, which generates the identity-based private key SKID using (i) the ID value of the network entity and (ii) a private key SKPKG that is known only by the PKG server and corresponds to the public key PKPKG.

Abstract: A vehicle side part structure includes: a side door having a window frame; an outside door handle which is arranged above a lower end rim of the window frame and which is manipulated when the side door is being opened and closed from outside the vehicle; a release switch provided on a press surface of the outside door handle, which is a surface pressed by a user with a finger during an operation of opening the side door, the release switch outputting a release signal upon being manipulated; and a latch actuator which releases latching of the side door by a latch mechanism when the release signal is output.

Abstract: Techniques for identity-based message integrity protection and verification between a user equipment (UE) and a wireless network entity, include use of signatures derived from identity-based keys. To protect against attacks from rogue network entities before activation of a security context with a network entity, the UE verifies integrity of messages by checking a signature using an identity-based public key PKID derived by the UE based on (i) an identity value (ID) of the network entity and (ii) a separate public key PKPKG of a private key generator (PKG) server. The network entity generates signatures for messages using an identity-based private key SKID obtained from the PKG server, which generates the identity-based private key SKID using (i) the ID value of the network entity and (ii) a private key SKPKG that is known only by the PKG server and corresponds to the public key PKPKG.

Abstract: This disclosure relates to techniques, base stations, and user equipment devices (UEs) for performing base station authentication through access stratum signaling transmissions. The UE may operate in idle mode and may receive an authentication message from a base station through the wireless interface while operating in idle mode. The UE may determine whether a signature comprised within the authentication message is valid, and the UE may continue a connection procedure with the base station based on a determination that the signature is valid. If it is determined that the signature is invalid, the UE may designate the base station as a barred base station and may perform cell re-selection. The authentication message may be one of a radio resource control (RRC) connection setup message, a special RRC message, a media access control (MAC) message, or a random access channel (RACH) message comprising a random access response (RAR) message.

Abstract: Techniques to protect a subscriber identity, by encrypting a subscription permanent identifier (SUPI) to form one-time use subscription concealed identifiers (SUCIs) using a set of one-time ephemeral asymmetric keys, generated by a user equipment (UE), and network provided keys are disclosed. Encryption of the SUPI to form the SUCIs can mitigate snooping by rogue network entities, such as fake base stations. The UE is restricted from providing the unencrypted SUPI over an unauthenticated connection to a network entity. In some instances, the UE uses a trusted symmetric fallback encryption key KFB or trusted asymmetric fallback public key PKFB to verify messages from an unauthenticated network entity and/or to encrypt the SUPI to form a fallback SUCIFB for communication of messages with the unauthenticated network entity.

Abstract: Techniques to protect subscriber identity in messages communicated between a user equipment (UE) and a cellular wireless network entity by using multiple ephemeral asymmetric keys are disclosed. The UE determines multiple ephemeral UE public and secret key pairs, while the cellular wireless network entity provides a network public key to the UE. The network public key may be updated over time. Multiple encryption keys based on the multiple ephemeral UE secret keys and the public network key are derived and used to encrypt a subscription permanent identifier (SUPI) to generate multiple subscription concealed identifiers (SUCIs). Each SUCI is used only once for messages communicated to a cellular wireless network and discarded after use. New SUCI are generated when the network public key is updated.

Abstract: This disclosure relates to techniques for a wireless device to perform radio resource control procedures with improved security. The wireless device may establish a radio resource control connection with a cellular base station. A capability enquiry may be received from the cellular base station. The wireless device may determine how much capability information to provide in response to the capability enquiry based at least in part on whether access stratum security has been established, either in the current radio resource connection, or in a previous radio resource connection, between the wireless device and the cellular base station when the capability enquiry is received.

Abstract: A lock pin is arranged so as to be projected from a side wall of a concave region, in which a fuel filler port of a vehicle is arranged, toward the inside of the concave region. In addition, a retainer placed around the lock pin on an inner side of the side wall of the concave region and a protector supported by the retainer so as to be placed in a region close to the lock pin are provided. The protector has a detent pin to prevent the retainer from rotating relative to the lock pin.