X//
`
`=
`
`WIPO
`WORLD
`INTELLECTUAL PROPERTY
`ORGANIZATION
`
`DOCUMENT MADE AVAILABLE UNDER THE
`PATENT COOPERATION TREATY (PCT)
`International application number:
`PCT/JP2020/010735
`
`International filing date:
`
`12 March 2020 (12.03.2020)
`
`Documenttype:
`
`Documentdetails:
`
`Certified copy of priority document
`
`Country/Office:
`Number:
`Filing date:
`
`IN
`201941014041
`08 April 2019 (08.04.2019)
`
`Date of receipt at the International Bureau:
`
`26 March 2020 (26.03.2020)
`
`Remark: Priority document submitted or transmitted to the International Bureau in compliance with Rule
`17.1(a),(b) or (b-bis)
`
`34, chemin des Colombettes
`1211 Geneva 20, Switzerland
`www.wipo.int
`
`APPLE 1005
`
`APPLE 1005
`
`1
`
`

`

`;
`px
`Digital Access Service
`(D
`AS)
`
`WIPO
`WORLD
`INTELLECTUAL PROPERTY
`ORGANIZATION
`
`CERTIFICATE OF AVAILABILITY OF A CERTIFIED PATENT DOCUMENTINA
`DIGITAL LIBRARY
`
`The International Bureau certifies that a copy of the patent application indicated
`below has been available to the WIPO Digital Access Service since the date of
`availability indicated, and that the patent application has been available to the
`indicated Office(s) as of the date specified following the relevant Office code:
`
`Documentdetails: Country/Office:
`
`IN
`
`Filing date: 08 Apr 2019 (08.04.2019)
`
`Application number: 201941014041
`
`Dateof availability of document:
`
`20 Jan 2020 (20.01.2020)
`
`The following Offices can retrieve this document by using the access code:
`AR, AU, BR, CA, CL, CN, DK, EA, EE, EP, ES, Fl, GB, GE, IB, IL, IN,
`JP, KR, MA, NL, NO, NZ, SE, US
`
`Dateof issue ofthis certificate:
`
`26 Mar 2020 (26.03.2020)
`
`34, chemin des Colombettes
`1211 Geneva 20, Switzerland
`
`
`
`2
`
`

`

`On
`aa
`
`INTELLECTUAL
`PROPERTY INDIA
`Yee Sarset| cay -
`freqatiiae svete
`
`GOVERNMENTOF INDIA
`arses wd seal Aare
`MINISTRY OF COMMERCE& INDUSTRY
`ae waters
`
`THE PATENT OFFICE
`
`#
`fare_ Pref
`-
`TO WHOMSOEVERIT MAY CONCERN
`
`(aHeRT &ecTEY Authorised Signata
`
`A wenecarerdt st We xfOferrn, 1970 FF ant 7H3) & aga vera
`CRE, HART Ca cara fag FY HR H garergy ween a ANY rat # fae
`wea HER? & VaaEaRT Ae TAP FRM) & far firafraa Ve & ude
`a age H Beet Searasi(a) AY wer wiatehy sak are werrar BY
`i, the undersigned, being an officer duly authorized to sign and issue the certificate on behalf
`of the Controller Genera! of Patents, Designs and Trademarks in accordance with the
`provisions of Section 73(3) of the Patents Act, 1970, hereby certify that annexed hereto is o
`True Copy of the document(s) asfiled in connection with the following Patent Application:
`
`#) Haat AEAVa) Application Number: 201941014041
`‘@) Wise Frot FP AERA b) Dote of Filing: 08/04/2019
`T) HaRMCT ares) BT ATT:
`C) Nameof the document(s) requested: Priority documents /Pravisional Specification
`
`me WATOTTT Vee HfeerrH, 1970 FY aT 147(1) &Heher Agr ferlecr eifecrat &
`ded srt fear wear #/ This certificate is issued under the powers vested in me U/S 147(1)
`of The Patents Act, 1970.
`
`RaTe/Dated this 20" day ofJanuary 2020
`
`faaze Yee 7 Parsa/ controlerPome’
`
`signs
`
`3
`
`

`

`
`
`
`FORM 1
`THE PATENTS ACT1970 (39 of 1970) and
`The Patents Rules, 2003
`APPLICATION FOR GRANT OF PATENT
`(See section 7, 54 & 135 and sub-rule (1) of rule 20)
`Application No.:
`
`Filing Date :
`Amount of Fee Paid :
`CBR No. :
`Signature :
`1, APPLICANT'S REFERENCE/ IDENTIFICATION NO.(AS
`
`ALLOTTEDBY OFFICE)
`2. TYPE OF APPLICATION [Please tick() at the appropriate category]
`Ordinary(v)
`
`(FOR OFFICE USE
`ONLY)
`
`Addition ()
`
`Addition ()
`
`Addition ()
`3A. APPLICANT(S)
`
`
`
`
`Country of
` Residence
`
`Namiein Full
`
`Nationality
`
`Address of the Applicant
`
`
`
`
` Other than Natural Person
`
`
`
`Small Entity( )|Startup () | Others (/)
`
`
`
`
`4, INVENTOR(S) [Please tick() at the appropriate category]
`
`
`Are all the inventor(s) same as the applicant(s) name above?
`
`No (“ )
`
`If "'No", furnish the details of the inventor(s)
`
`Country of Residence
`
` 2
`
`
`
`
`
`Namein Full
`
`,
`TIWARI, Kundan
`
`TAMURA,
`Toshiyuki
`
`an Indian
`citizen
`
`Address ofthe Inventor
`NECTechnologies India Pvt Ltd, SP
`Infocity, Block-A, 9th Floor Module-2A,
`40, MGRSalai, kandanchavadi,
`Perungudi, Chennai, 600096, India
`NECCorporation, 7-1, Shiba 5-chome,
`Minato-ku, Tokyo 108-8001, Japan
`P
`citizen
`NECCorporation, 7-1, Shiba 5-chome,
`Tapati
`a Dutch
`de Kievit, Sander
`Minato-ku, Tokyo 108-8001, Japan
`citizen
`
`
`5. TITLE OF THE INVENTION
`PROCEDURE TO PROVIDE INTEGRITY PROTECTION TO A UE PARAMETER DURING UE
`CONTIGURATION UPDATE PROCEDURE
`IN/PA-121
`S
`6. AUTHORISED REGISTERED
`
`:
`R R Nair
`Narne
`
`LATENT SCENTS Mobile No.|8939824355
`7. ADDRESS FOR SERVICE OF
`Name
`De Penning & De Penning
`
`4
`
`

`

`sce|120 Velachery Main Road, Guindy,
`Postal Address
`Chennai 600 032
`Telephone No.|9144 - 42213444
`Mobile No
`8939824355
`
`Fax No
`Email ID
`
`9144 - 42213402
`patent@ depenning.com
`A
`DD)
`A
`(yh
`
`ry
`
`)
`
`i
`
`
`
` APPLICANT IN INDIA #3
`
`
`*
`
`
`
`
`
`
`
`
`
`
`
`
`12, DECLARATIONS
`
`(i) Declaration by the inventor(s)
`(In case the applicant is an assignee: the inventor(s) may sign herein below or the applicant may
`upload the assignment or enclose the assignment with this application for patent or send the assigninent by
`post/electronic transmission duly authenticated within the prescribed period).
`We, the above named inventor(s) is/are the true & first inventor(s) for this invention and declare that the
`applicant(s) herein is/are my/our assignee ertegalrepresentative.
`
`Name
`TIWARI, Kundan
`
`Date
`08 April 2019
`
`
`TAMURA,Toshiyuki
`08 April 2019
`
`
`| de Kievit, Sander
`08 April 2019
`
`
`
`5
`
`

`

`
`
`No. of Claims 4andNo.of Pages|||
`
`No. of pages 27
`
`
`
`
`
`(iii) Declaration by the applicant(s)
`We, the applicant(s) hereby declare(s) that:-
`M Lam/Weare in possession of the above mentioned invention.
`@ The provisional / eemptete specification relating to the inventionis filed with this application.
`The Invention as disclosed in the specification uses the biological material from India and the necessary
`permission from the competentauthority shall be submitted by me / us before the grant of patent to me/us
`M There is no lawful groundofobjections tothe grant of the Patent to me/us.
`Ed far / Wearethe true «& first inventor(s).
`M Lam / Weare the assignee erteealrepresentative of true & first inventor(s).
`&) The application or each ofthe applications, particulars of which are given in Para 8 wasthe first
`application in convention country/countries in respect of #¥¥/our invention(s).
`] $/ We claim the priority from the above mentioned application(s) filed in convention country/countries
`andstate that no application for protection in respect ofthe invention had been made in a convention
`country before that date by me/us or by any person from which wederivethetitle.
`My/Our application in India is based on International application under Patent Cooperation Treaty
`(PCT) as mentioned in Paragraph-9.
`&] The application is divided out of my/our application particulars of which is given in Paragraph-10 and
`pray that this application may be treated as deemed to have beenfiled on........undersec. 16 of the Act.
`{] The said invention is an improvement in or modification ofthe invention particulars of which are given
`in Paragraph — 11.
`
`13. FOLLOWING ARE THE ATTACHMENTSWITH THE APPLICATION
`a) Form 2
`
`Item
`Details
`4
`Remarks
`Cormplete/provisional
`Sequence Listing 0
`specification #
`Pages
`No. of Claim(s)
`___No.of Pages 0
`Abstract
`
`No. of Drawing(s)
`No. of Drawings 12 and No. of Pages 12
`# In case of a complete specification, if the applicant desires to adopt the drawings filed with his
`provisional specification as the drawings or part of the drawings for the complete specification under
`rule 13(4), the no. of such pages filed with the provisional specification are required to be mentioned here.
`
`6
`
`

`

`
`
`
`
`taternationalPreliminaryExaminationAuthority HPEA)as-appleable (2 copies)
`
`
`
`
`
`(f)
`(g) Statement and undertaking on Form 3
`(h) Copy of GPA
`
`Total Fee Rs.16000/- is paid by e-filing module.
`
`t/ Wehereby declare that to the best of my/our knowledge, information and beliefthe fact and matters
`stated herein are correct and we request that a patent may be granted to me/us for the said invention.
`
` (b) provisional specification @
`
`Name : R R Nair
`Of De Penning & De Penning
`Agentfor the Applicants
`
`Dated this 08 day of April 2019
`
`Signature :
`
`~Digitally signed~
`
`To,
`The Controller of Patents
`The Patent Office, at Chennai
`
`
`
`7
`
`

`

`FORM2
`
`‘THE PATENTS ACT, 1970
`(39 of 1970)
`THE PATENTS RULES, 2003
`
`PROVISIONAL
`SPECIFICATION
`
`(See section 10; rule 13)
`
`TITLE OF THE INVENTION
`
`“PROCEDURE TO PROVIDE INTEGRITY PROTECTION TO A UE PARAMETER
`DURING UE CONFIGURATION UPDATE PROCEDURE”
`
`APPLICANT
`
`NEC Corporation
`7-1, Shiba 5-chome, Minato-ku, Tokyo 108-8001
`Japan; Nationality: Japan
`
`The following specification
`describes the invention
`
`8
`
`

`

`TESS oF Saignt AHOKoaNon:
`Procedureto provide Integrity protection to a UE parameter during UE configuration update
`procedure.
`
`AHSgyyrac’
`
`This disclosure is related to the procedure to provide integrity protection to a UE parameterduring the
`Steering of Roaming and UE parameter update procedure using Control Plane signaling. More
`specifically the method provides a mechanism to choosea security key to integrity protect a UE
`parameter whenthe UE is registered to more than one PLMN and more than one security key exist in
`the network.
`
`ey
`Y
`3. Sgsearinien of Sroagfeny fo Gs SalveSy Me aiscfesures
`Background
`
`When a UE registers to two different PLMNs which are not equivalent PLMNs via a 3GPP access
`and a non-3GPPaccessthen the UE is registered to two different AMFs belonging to each
`PLMN. In this scenario the UE maintains two independent 5G security contexts (Kame and keys
`lowerin the key hierarchy), one for each serving PLMN. Whena UE is registered to a same
`PLMN or equivalent PLMN via a 3GPP access and anon-3GPPaccessthenthe UE is registered
`to the single AMF and maintains one security context.
`
`When the UDM decidesto update the preferred PLMNlist or RAT to the UE whenthe UE is
`registered to the visited PLMN then the UDMinitiates Steering of Roaming procedureto transfer
`the steering information (preferred list of PLMN or RAT) for PLMNselection. The steering of
`roaming information is integrity protected using the security key Kausr at an AUSF. When the UE
`receives steering information, the UE uses Kausto verify the integrity protection. Similar
`procedure is applied to update the UE parameters using the UDM control plane procedure.
`
`Problem Statement 1:
`
`Whena UE is registered to two different PLMNs which are not equivalent PLMNs via a 3GPP
`access and non-3GPPaccess,then the UE hastwo 5G security contexts (e.g Security Keys)at
`the various network nodes.In this scenario the AUSF has one Kausr, namely the KAUSFresulting
`from the latest authentication. During the registration procedure over one access network if the
`UDMdecidesto send steering information to the UE and sends a message containing steering
`information and requesting AUSFto provide integrity protection to the steering information, the
`AUSFcalculates the MAC-Ifor integrity protection of the message using the Kausr resulting from
`the latest authentication. Then, if the UE receives the message, it is unclear to the UE which Kausr
`the AUSF has usedfor the calculation of the MAC-I for integrity protection of the steering of
`roaming message.
`
`In an another scenarios when the UEsare registered to two different PLMNs which are not
`equivalent and the UDM decides to send steering information to the UE,thenit is not clear at UDM
`among two registered PLMNs which PLMNis chosento send Steering information.
`
`Page | 1
`
`NID form version FY17_v2
`
`PRIVILEGED CONFIDENTIAL
`
`9
`
`9
`
`

`

`Problem Statement 2:
`
`When a UE is registered to two different PLMNs which are not equivalent PLMNs via a 3GPP
`access and non-3GPPaccess, then the UE has two 5G security contexts (e.g Security Keys) at
`the various network nodes. In this scenario when a UDM decides to perform UE parameter update
`procedure to update the UE configuration (e.g. Routing Identity) using control plane signaling then
`itis not clear among two registered PLMNs which PLMN the UDMwill choose to send an updated
`UE configuration.
`
`a Osserfovien of Oisclasure aisy Sowodivenls
`Abbreviations
`
`For the purposesof the present document, the abbreviations given in 3GPP TR 21.905 [1] and the
`following apply. An abbreviation defined in the present document takes precedence overthe definition
`of the same abbreviation, if any, in 3GPP TR 21.905[1].
`
`5GC
`
`5GS
`
`5G-AN
`
`5G-GUTI
`
`5G S-TMS]
`
`5Ql
`
`AF
`
`AMF
`
`AN
`
`AS
`
`AUSF
`
`CM
`
`CP
`
`CSFB
`
`DL
`
`DN
`
`DNAI
`
`DNN
`
`EDT
`
`EPS
`
`5G Core Network
`
`5G System
`
`5G Access Network
`
`5G Globally Unique Temporary Identifier
`
`5G S-Temporary Mobile Subscription Identifier
`
`5G QoS Identifier
`
`Application Function
`
`Access and Mobility Management Function
`
`Access Node
`
`Access Stratum
`
`Authentication Server Function
`
`Connection Management
`
`Control Plane
`
`Circuit Switched (CS) Fallback
`
`Downlink
`
`Data Network
`
`DN Access Identifier
`
`Data Network Name
`
`Early Data Transmission
`
`Evolved Packet System
`
`Page | 2
`
`NID form version FY17_v2
`
`PRIVILEGED CONFIDENTIAL
`
`10
`
`10
`
`

`

`EPC
`
`FOQDN
`
`GFBR
`
`GMLC
`
`GPSI
`
`GUAMI
`
`HR
`
`I-RNTI
`
`LADN
`
`LBO
`
`LMF
`
`LRF
`
`MAC
`
`MFBR
`
`MICO
`
`MME
`
`N3IWF
`
`NAI
`
`NAS
`
`NEF
`
`NF
`
`Evolved Packet Core
`
`Fully Qualified Domain Name
`
`Guaranteed Flow Bit Rate
`
`Gateway Mobile Location Centre
`
`Generic Public Subscription Identifier
`
`Globally Unique AMFIdentifier
`
`Home Routed (roaming)
`
`|-Radio Network Temporary Identifier
`
`Local Area Data Network
`
`Local Break Out (roaming)
`
`Location ManagementFunction
`
`Location Retrieval Function
`
`Medium Access Control
`
`Maximum FlowBit Rate
`
`Mobile Initiated Connection Only
`
`Mobility Management Entity
`
`Non-3GPP Inter Working Function
`
`Network Access Identifier
`
`Non-Access Stratum
`
`Network Exposure Function
`
`Network Function
`
`NG-RAN
`
`Next Generation Radio Access Network
`
`NR
`
`NRF
`
`NSI ID
`
`NSSAI
`
`NSSF
`
`NSSP
`
`PCF
`
`PEl
`
`New Radio
`
`Network Repository Function
`
`Network Slice Instance Identifier
`
`Network Slice Selection Assistance Information
`
`Network Slice Selection Function
`
`Network Slice Selection Policy
`
`Policy Control Function
`
`Permanent EquipmentIdentifier
`
`Page | 3
`
`NID form version FY17_v2
`
`PRIVILEGED CONFIDENTIAL
`
`11
`
`11
`
`

`

`PER
`
`PFD
`
`PLMN
`
`PPD
`
`PPI
`
`PSA
`
`OFI
`
`QoE
`
`(R)AN
`
`RLC
`
`RM
`
`ROQA
`
`RQI
`
`RRC
`
`SA NR
`
`SBA
`
`SBI
`
`SD
`
`SDAP
`
`SEAF
`
`SEPP
`
`SMF
`
`PacketError Rate
`
`Packet Flow Description
`
`Public land mobile network
`
`Paging Policy Differentiation
`
`Paging Policy Indicator
`
`PDU Session Anchor
`
`QoS Flow Identifier
`
`Quality of Experience
`
`(Radio) Access Network
`
`Radio Link Control
`
`Registration Management
`
`Reflective QoS Attribute
`
`Reflective QoS Indication
`
`Radio Resource Control
`
`Standalone New Radio
`
`Service Based Architecture
`
`Service Based Interface
`
`Slice Differentiator
`
`Service Data Adaptation Protocol
`
`Security Anchor Functionality
`
`Security Edge Protection Proxy
`
`Session Management Function
`
`S-NSSAI
`
`Single Network Slice Selection Assistance Information
`
`SSC
`
`SST
`
`SUCI
`
`SUPI
`
`SoR
`
`UDSF
`
`UICC
`
`Session and Service Continuity
`
`Slice/Service Type
`
`Subscription Concealed Identifier
`
`Subscription PermanentIdentifier
`
`Steering of Roaming
`
`Unstructured Data Storage Function
`
`UniversalIntegrated Circuit Card
`
`Page | 4
`
`NID form version FY17_v2
`
`PRIVILEGED CONFIDENTIAL
`
`12
`
`12
`
`

`

`UL
`
`UL CL
`
`USIM
`
`UPF
`
`UDR
`
`URSP
`
`SMS
`
`SMSF
`
`MT
`
`UAC
`
`ODACD
`
`OS
`
`Definitions
`
`Uplink
`
`Uplink Classifier
`
`Universal Subscriber Identity Module
`
`User Plane Function
`
`Unified Data Repository
`
`UE Route Selection Policy
`
`Short Message Service
`
`SMS Function
`
`Mobile Terminated
`
`Unified Access Control
`
`Operator Defined Access Category Definitions
`
`Operating System
`
`For the purposesof the present document, the terms and definitions given in 3GPP TR 21.905[1]
`and the following apply. A term defined in the present document takes precedence over the
`definition of the same term, if any, in 3GPP TR 21.905[1].
`
`List of References
`
`[1] 3GPP TR 21.905: "Vocabulary for 3GPP Specifications". V15.0.0 (2018-03).
`[2] 3GPP TS 23.501: "System Architecture for the 5G System; Stage 2". V15.4.0 (2019-01).
`[3] 3GPP TS 23.502: "Procedures for the 5G System; Stage 2" V15.4.0 (2019-01).
`[4] 3GPP TS 24.501: “Non-Access-Stratum (NAS) protocol Stage 3” V15.2.1 (2019-01).
`[5] 3GPP TS 33.501: "Security architecture and procedures for 5G system" V15.3.1 (2018-12).
`
`Page |5
`
`NID form version FY17_v2
`
`PRIVILEGED CONFIDENTIAL
`
`13
`
`13
`
`

`

`Embodimenis
`
`Exemplary embodiments now will be described with reference to the accompanying drawings. The
`disclosure may, however, be embodied in manydifferent forms and should not be construed as
`limited to the embodiments set forth herein; rather, these embodiments are provided so that this
`disclosure will be thorough and complete, andwill fully convey its scope to thoseskilled in the art. The
`terminology usedin the detailed description of the particular exemplary embodimentsillustrated in the
`accompanying drawingsis not intendedto belimiting. In the drawings, like numbersreferto like
`elements.
`It is to be noted, however,that the reference numerals in claimsillustrate only typical embodiments of
`the present subject matter, and are therefore, not to be consideredfor limiting of its scope, for the
`subject matter may admit to other equally effective embodiments.
`
`The specification may refer to “an”, “one” or “some” embodiment(s) in several locations. This does not
`necessarily imply that each such referenceis to the same embodiment(s), or that the feature only
`applies to a single embodiment. Single features of different embodiments may also be combined to
`provide other embodiments.
`
`As usedherein, the singular forms “a”, “an” and “the” are intendedto include the plural forms aswell,
`unless expressly stated otherwise. It will be further understood that the terms “includes”, “comprises”,
`“including” and/or “comprising” when usedin this specification, specify the presence of stated
`features, integers, steps, operations, elements, and/or components, but do not preclude the presence
`or addition of one or more other features, integers, steps, operations, elements, components, and/or
`groupsthereof. It will be understood that when an elementis referred to as being “connected”or
`“coupled” to another element, it can be directly connected or coupled to the other element or
`intervening elements may be present. Furthermore, “connected”or “coupled” as used herein may
`include operatively connected or coupled. As used herein, the term “and/or” includes any andall
`combinations and arrangements of one or more of the associatedlisted items.
`
`Unless otherwise defined, all terms (including technical and scientific terms) used herein have the
`same meaning as commonly understood by one ofordinaryskill in the art to which this disclosure
`pertains.It will be further understood that terms, such as those defined in commonly used dictionaries,
`should be interpreted as having a meaningthat is consistent with their meaning in the context of the
`relevant art and will not be interpreted in an idealized or overly formal sense unless expressly so
`defined herein.
`
`The figures depict a simplified structure only showing some elements and functional entities, all being
`logical units whose implementation may differ from what is shown. The connections shownare logical
`connections; the actual physical connections may be different. It is apparent to a person skilled in the
`art that the structure may also comprise other functions and structures.
`
`Also, all logical units described and depictedin the figures include the software and/or hardware
`components requiredfor the unit to function. Further, each unit may comprise within itself one or more
`components which are implicitly understood. These components may be operatively coupled to each
`other and be configured to communicate with each other to perform the function of the said unit.
`
`Page | 6
`
`NID form version FY17_v2
`
`PRIVILEGED CONFIDENTIAL
`
`14
`
`14
`
`

`

`First embodiment(Solution 1 to solve problem statement 1):
`
`Indicating PLMN identity or RAT to select a security key to provide integrity protection to SoR
`in SoR transmission procedure during the registration procedure.
`
`The detailed steps to transfer the SoR to a UE whentheUEis registered to two different PLMNsvia
`two different RAT or to a same PLMN via two different 5G-AN.
`
`0. A UE is registered to a first visited PLMN overa first 5G Access Network (5G-AN). During the
`authentication procedure the AUSFstoresthefirst Kausr of the UE andstoresthe first PLMN identity
`andthefirst 5G-AN togetherwith this Kausr. As such, the AUSF keeps not only the Kausr and the UE
`Identifier, such as SUPI, but also the PLMN ID and the related RAT. Upon completion of the
`authentication procedure, the UE also stores the Kausr the PLMN ID and the RAT associated with
`this Kausr in a storage in the UE.
`
`1. The UE initiates a second registration procedure over a second 5G-AN to a second visited PLMN
`by sending Registration Request message. This registration procedure mayinitial registration
`procedure, registration update procedure or periodic registration update procedure.
`
`2. The AMF decidesto initiate authentication procedure. The AMF/SEAF executes authentication
`procedure as described in the embodiment. According to the prior art, the AUSF would overwrite the
`Kausr in storage during the authentication procedure. In this embodiment, the AUSFwill store a
`second Kausr in addition to the first one together with the PLMN ID of the access network and the
`RAT of the access network that was used during the authentication. When the authentication
`completes, the UE also stores a second Kausr and associates the PLMNID of the second access
`network with it, just like the AUSF does. The UE now hasa storageincluding two tuples of Kausr and
`PLMN IDs. This storage can be extended for each further run of authentications to new networks, for
`exampleif the UE attaches to a third access network and a new authentication run is completed.
`
`3. The network executes the Security Mode Control procedure.
`
`3-a. The AMF sends the Nudm_UECM_Registration to the UDM to inform the Radio Access
`Technology (RAT) being used.
`
`4. The AMF sends a message Nudm_SDM_Getto the UDM to get the subscriber data.
`
`5. The UDM decides to send Steering information to the UE via the second PLMN. The UDM sends a
`message Nausf_SoRProtection containing information elementat least one of the parameter SUPI,
`SOR Header, the second PLMNidentity or the selected Radio Access Technology (RAT). The UDM
`may send the second PLMN identity or the RAT of the second PLMN identity or both.
`
`6. When the AUSFreceives the Nausf_SoRProtection message then the AUSFretrieves the Kausr
`related to the UE Identity and the indicated PLMNIdentity or the indicated RATin the
`Nausf_SoRProtection message from storage and selectsit to be used for integrity protection. The
`AUSF usesthe selected Kausr to calculate SoR-MAC-lausf and optionally SoR-MAC-lue according to
`the mechanism specified in TS 33.501, namely:
`SoR-MAC-lausr = KDF (SoR Header, PLMN ID Access Technologylist, Kausr).
`The KDFis a key derivation function, which is a cryptographic one wayfunction such as a HMAC-
`SHA256. Other cryptographic hash functions could also be used. Thefields indicated between the
`brackets indicate the clear text parts and thelast field indicates that a KAUSFis usedasinput keyto
`the KDF.In the case that the SoR mechanism is usedfor different purposes than sending the PLMN
`ID AccessList, the plain text input fields will change, but the input key will remain the same. Also, as
`one skilled in the art will appreciate, it is also possible to use a different input key, for example, a key
`derived from Kausr specifically for the purpose or another key resulting from an earlier authentication
`run.
`
`7. The AUSF sends the Nausf_SoRProtection_Response message containing SoR-MAC-lausf ,
`Counter SoR and optionally SoR-XMAC-lue to the UDM.
`
`Page | 7
`
`NID form version FY17_v2
`
`PRIVILEGED CONFIDENTIAL
`
`15
`
`15
`
`

`

`8. The UDM sends Nudm_SDM_Get_Responsecontaining List, SoR-MAC-| and SoR-Counterto the
`AMF.
`
`9. The AMF sendsRegistration Accept messagecontaining at least one of the parameterList, SoR
`hearder, SoR-MAC-I| and SoR-Counter to the UE.
`
`10. Upon reception of the message,the UE first verifies which 5G-AN or a PLMN wasused to send
`the message. Then, the UE retrieves the Kausr associated with the 5G-AN or the PLMNidentity from
`storage and selects this key to be usedfor verifying the integrity protection applied by the AUSF. The
`UE subsequently verifies the integrity protection by verifying the SoR-MAC-lausr applied to the
`messageandif correct, the UE may return a registration acknowledgement message to the UDM. If
`the UE returns a registration acknowledgement message to the UDM, it will integrity protect the
`messageby calculating the SoR-MAC-luc using the same Kausr as was selectedforthe verification of
`the SoR-MAC-lausr.
`
`The Nausf_SoRProtection and Nausf_SoRProtection_Response messageare further defined in the
`fifth embodiment.
`
`Variant of first embodiment.
`
`The detailed steps of transfer of SoR whenthe UE is registered to a PLMNvia different 5G-AN or toa
`different PLMN via different 5G-AN:
`
`1. A UE is registered to a first PLMN overfirst 5G-AN and to a second PLMN over a second 5G-AN.
`According to the first embodiment, both the UE and the AUSF havekepta storage with at least two
`Kausrs associated with the access network. As such, the AUSF has two Kausesfor this particular UE,
`one for the first PLMN and another for the second PLMN. The UE similarly has two Kausrs, one
`associated with the first PLMN and one associated with the second PLMN.
`
`2. A UDM decidesto notify of the changes of Steering information(list of preferred PLMN/access
`technology combinations). The UDM selects a PLMN from thefirst PLMN and the second PLMN
`when the first PLMN and second PLMN aredifferent and are not equivalent PLMNs or a RATfrom the
`first 5G-AN and the second 5G-AN when the UE the first PLMN and the second PLMN areidentical
`PLMN or equivalent PLMN based on for example the following factors:
`
`i) The UE is in connected state over a PLMN, (e.g. the UDM delivers the SoR via a PLMN wherethe
`UE is in connectedstate).
`
`ii) 5G-AN type (e.g. 3GPP accessis preferred over non-3GPP access).
`
`iii) Congestion in the PLMN (e.g. sends through the PLMN whichis least congestedoris not
`congested).
`
`iv) The PLMNthat the UE latest authenticated to (some UEs may not support the feature of storing
`multiple Kausrs, which meansthat the UDM should decideto usethelatest)
`
`3. Steps 5, 6 and 7 of thefirst embodiment are executed.
`
`4. The UDMinitiates Nudm_SDM_UpdateNotification message to the AMF of the selected PLMN or
`selected RATin step 2.
`
`The UDMincludes a selected RATin the Nudm_SDM_UpdateNotification messageif the UEs are
`registered to the same AMF when the first PLMN and the second PLMN areidentical or equivalent
`PLMNs,
`
`In case of core network sharing when an AMFis shared by multiple PLMN then UDMalsoincludes
`selected PLMN Identity in the Nudm_SDM_UpdateNotification message.
`
`Page | 8
`
`NID form version FY17_v2
`
`PRIVILEGED CONFIDENTIAL
`
`16
`
`16
`
`

`

`5. The AMF delivers the SoR using DL NAS Transport message via the RAT present in the
`Nudm_SDM_UpdateNotification message or via the network corresponding to the PLMNidentity
`present in the Nudm_SDM_UpdateNotification message.
`
`6. The AMF sends the DL NAS Transport message to the UE. Then, Step 10 of the first embodiment
`is executed.
`
`In one example if the UDM acknowledgesthat the UE has two associated AMFs(i.e. two PLMNs) one
`for 3GPP accessand the other one for non-3GPPaccess, the UDM maysend two
`Nudm_UDM_Notification messages containing (SoR information, SoR-Header, SoR-MAC-lausr,
`Countersor to two AMFs.
`
`Page | 9
`
`NID form version FY17_v2
`
`PRIVILEGED CONFIDENTIAL
`
`17
`
`17
`
`

`

`Second Embodiment(Solution 2 to solve problem statement 2)
`
`Selecting a PLMN and corresponding security key to provide integrity protection to UE
`configuration data in UE parameter update procedure using control plane solution.
`
`The detailed UE Parameters Update using control plane procedure are described below:
`
`1. A UE is registered to a first PLMN overa first 5G-AN and to a second PLMN over a second 5G-AN.
`The AUSF has generated and stored two KAUSFsin a key storage, oneforthe first PLMN and
`anotherfor the second PLMN. Similarly, the UE has stored two Kausrs, one associated withthe first
`PLMN and one associated with the second PLMN.
`
`2. A UDM decides to perform the UE parameters Update procedure (UPU) using control plane
`procedure. The UDM selects a PLMNfrom thefirst PLMN and the second PLMN whenthefirst PLMN
`and second PLMN aredifferent and are not equivalent PLMNs or a RATfrom the first 5G-AN and the
`second 5G-AN whenthe UE the first PLMN and the second PLMNareidentical PLMN or equivalent
`PLMN basedonat least oneof the following factors:
`
`i) the UE is in connected state over a PLMN, (e.g. the UE delivers the SoR via a PLMN where the UE
`is in connected state).
`
`ii) 5G-AN type (e.g. 3GPP accessis preferred over non-3GPP access).
`
`iii) Congestion in the PLMN (e.g. sends through the PLMNwhichis least congestedoris not
`congested).
`
`iv) The PLMNthat the UE latest authenticated to (some UEs may not support the feature of storing
`multiple Kausrs, which meansthat the UDM should decideto usethe latest)
`
`3. The UDM sends Nausf_UPUProtection message containing SUPI, UPU data and optionally Ack
`Indication at least one of the selected RAT or the selected PLMN ID to the AUSF.
`
`4. The AUSF selects Kausf corresponding to the RAT or the PLMNsent in the Nausf_UPUProtection
`message according to the description in embodiment 1 or 2. The AUSF usesthe selected Kausf to
`calculate UPU-MAC-lausf, Counterupu or UPU-XMAC-lue. The AUSF sends Nausf_UPUProtection
`Response containging UPU-MAC-lausf or UPU-XMAC-lue or Counterupu.
`
`5. The UDM sends Nudm_SDM_Notification message containing (UPU data, UPU-MAC-lausf,
`Counterupu) to the AMF of the selected PLMN. The UDM alsoincludes the selected RAT as
`described in the step 2 in Nudm_SDM_Notification message. The UDM mayinclude new parameter
`“subscriber data reload required” in Nudm_SDM_Notification message.
`
`In case that the UDM acknowledgesthat the UE has two associated AMFs(i.e. two registered
`PLMNs) one for 3GPP accessand the other one for non-3GPP access, the UDM may send two
`Nudm_UDM_Notification messages to two AMFs.
`
`Alternatively, the UDM indicates the AMF that reloading subscriber data from the UDM is required in
`the Nudm_SDM_Notification message. If the AMF receives the Nudm_SDM_Notification message
`with the parameter“subscriber data reload required”. The AMF sets newflag “subscriber data reload
`required” active and the AMF sends the DL NAStransport messageto the UE with parameter“re-
`registration required” so that the UE can perform tworegistration procedures one for 3GPP access
`and the other one for non-3GPP access. When the AMF receivesthe registration request message
`from the UE and the AMF hasa flag “subscriber data reload required” active, the AMF invokes the
`Nudm_SDM_Getprocedure to the UDMto fetch the latest subscriber data from the UDM eventhe
`AMF has the subscriber data. One the AMF performs the Nudm_SDM_Getprocedure, then the AMF
`sets the flag “subscriber data reload required” inactive.
`
`Page | 10
`
`NID form version FY17_v2
`
`PRIVILEGED CONFIDENTIAL
`
`18
`
`18
`
`

`

`Alternatively, the UDMindicates the AMF that reloading subscriber data from the UDM is required in
`the Nudm_SDM_Notification message.If the AMF receives the Nudm_SDM_Notification message
`with the parameter“subscriber data reload required”. The AMF sends the DL NAStransport message
`to the UE with new parameter“re-registration required for subscriber data reloading” so that the UE
`can perform two registration procedures one for 3GPP accessand the other one for non-3GPP
`access. When the AMFreceivesthe registration request message with the parameter“re-registration
`required for subscriber data reloading” from the UE, the AMF invokes the Nudm_SDM_Getprocedure
`to the UDM tofetch the latest subscriber data from the UDM even the AMF hasthe subscriber data.
`
`In case that the UDM acknowledgesthat the UE has two associated AMFs but new updated UE
`configuration data affects only one AMF, then the UDM maysend only one Nudm_UDM_Notification
`messageto the AMF thatis affected by this update.
`
`6. The AMF delivers the UPU data, UPU-MAC-lausf, Counterupu to the UE in DL NAS Transport
`message via selected PLMN orvia selected RAT.
`
`7. As according to embodiment 1, the UE selects the appropriate key from the storage, i.e. becauseit
`detects which AN was used for sending the SoR messageor becauseit readsafield in the SoR
`messagethat indicates the AN (or other key identifying information). Using the selected key, the UE
`p