A network node configured to perform a process that includes receiving a PDU Session Establishment Request message for establishing a PDU session, wherein the PDU Session Establishment Request message was transmitted by a UE and includes a PDU session ID. The process also includes communicating a Session Management (SM) Request comprising the PDU Session Establishment Request to an SMF. The process also includes receiving from the SMF a message that includes: i) the PDU Session ID identifying the PDU session, ii) a PDU Session Establishment Accept message, and iii) a user plane (UP) security policy for the PDU session, wherein the UP security policy for the PDU session indicates: i) whether UP confidentiality protection shall be activated or not for all data radio bearers (DRBs) belonging to the PDU session, and/or ii) whether UP integrity protection shall be activated or not for all data radio bearers (DRBs) belonging to the PDU session.

A network node configured to perform a process that includes receiving a PDU Session Establishment Request message for establishing a PDU session, wherein the PDU Session Establishment Request message was transmitted by a UE and includes a PDU session ID. The process also includes communicating a Session Management (SM) Request comprising the PDU Session Establishment Request to an SMF. The process also includes receiving from the SMF a message that includes: i) the PDU Session ID identifying the PDU session, ii) a PDU Session Establishment Accept message, and iii) a user plane (UP) security policy for the PDU session, wherein the UP security policy for the PDU session indicates: i) whether UP confidentiality protection shall be activated or not for all data radio bearers (DRBs) belonging to the PDU session, and/or ii) whether UP integrity protection shall be activated or not for all data radio bearers (DRBs) belonging to the PDU session.

The present disclosure relates to a global resource locator tag and methods of using the same. A semiconductor chip can include a processor and a micro sized timing device. The semiconductor chip can generate a timing signal. The global resource locator tag can include a blockchain and a memory in logical communication with the processor. The processor can determine a cryptographic hash of a previous block of events in the blockchain. The processor can determine an respective inventory status of nearby labels. The processor can compile a data set with the respective inventory status of each of the nearby labels and the cryptographic hash of the previous block. The processor can record a next event of the events in a next block of the blockchain. The next event can include the data set.

This disclosure describes systems, methods, and devices related to security for multi-link operation. A device may determine a multi-link communication with a first multi-link device comprising two or more links associated with two or more station devices (STAs) included in the first multi-link device. The device may determine a first medium access control (MAC) address associated with a first link of the two or more links. The device may determine a second MAC address associated with a second link of the two or more links. The device may generate one or more pairwise security keys to be used in the multi-link communication on the two or more links. The device may cause to send a frame to the first multi-link device using at least one combination of the one or more pairwise security keys.

This disclosure describes systems, methods, and devices related to security for multi-link operation. A device may determine a multi-link communication with a first multi-link device comprising two or more links associated with two or more station devices (STAs) included in the first multi-link device. The device may determine a first medium access control (MAC) address associated with a first link of the two or more links. The device may determine a second MAC address associated with a second link of the two or more links. The device may generate one or more pairwise security keys to be used in the multi-link communication on the two or more links. The device may cause to send a frame to the first multi-link device using at least one combination of the one or more pairwise security keys.

This disclosure describes systems, methods, and devices related to security for multi-link operation. A device may determine a multi-link communication with a first multi-link device comprising two or more links associated with two or more station devices (STAs) included in the first multi-link device. The device may determine a first medium access control (MAC) address associated with a first link of the two or more links. The device may determine a second MAC address associated with a second link of the two or more links. The device may generate one or more pairwise security keys to be used in the multi-link communication on the two or more links. The device may cause to send a frame to the first multi-link device using at least one combination of the one or more pairwise security keys.

This disclosure describes systems, methods, and devices related to security for multi-link operation. A device may determine a multi-link communication with a first multi-link device comprising two or more links associated with two or more station devices (STAs) included in the first multi-link device. The device may determine a first medium access control (MAC) address associated with a first link of the two or more links. The device may determine a second MAC address associated with a second link of the two or more links. The device may generate one or more pairwise security keys to be used in the multi-link communication on the two or more links. The device may cause to send a frame to the first multi-link device using at least one combination of the one or more pairwise security keys.

Embodiments of this disclosure provide techniques for securely communicating an IMSI over the air from a UE to an SeAN, as well as for securely validating an unencrypted IMSI that the SeAN receives from the home network, during authentication protocols. In particular, the UE may either encrypt the IMSI assigned to the UE using an IMSI encryption key (K.sub.IMSIenc) or compute a hash of the IMSI assigned to the UE using an IMSI integrity key (K.sub.IMSIint), and then send the encrypted IMSI or the hash of the IMSI to the serving network. The encrypted IMSI or hash of the encrypted IMSI may then be used by the SeAN to validate an unencrypted IMSI that was previously received from an HSS in the home network of the UE.

Embodiments of this disclosure provide techniques for securely communicating an IMSI over the air from a UE to an SeAN, as well as for securely validating an unencrypted IMSI that the SeAN receives from the home network, during authentication protocols. In particular, the UE may either encrypt the IMSI assigned to the UE using an IMSI encryption key (K.sub.IMSIenc) or compute a hash of the IMSI assigned to the UE using an IMSI integrity key (K.sub.IMSIint), and then send the encrypted IMSI or the hash of the IMSI to the serving network. The encrypted IMSI or hash of the encrypted IMSI may then be used by the SeAN to validate an unencrypted IMSI that was previously received from an HSS in the home network of the UE.

Handling of UE capability information in a mobile telecommunications network wherein an eNodeB receives information regarding the UE capability information from the UE and stores the information. The eNodeB sends the UE capability information to the EPC, i.e., to an MME, which receives and stores the UE capability information. When the UE transits from idle to active state, does an initial attach, or when a part of the UE capabilities have changed, it sends a message to the eNodeB regarding the update. The eNodeB forwards the message to the MME, which sends a response associated with the previously stored UE capability information to the eNodeB. The eNodeB decides whether the UE capabilities stored in the MME is up-to-date based on the message from the UE and the response from the MME. If the UE holds updated UE capabilities the eNodeB can request updated UE capability information from the UE.