Methods, systems, and devices for wireless communications are described. A user equipment (UE) associated with an unmanned aerial vehicle (UAV) in a cellular terrestrial network may establish a connection with a unified data management (UDM) entity for communications with an unmanned aerial system service supplier (USS). The UE, or an access and mobility management function (AMF), may receive a security configuration from the UDM entity in a non-access stratum transport message. The security configuration may include one or more security credentials that enable communications between the UE and the USS. The AMF may transmit an acknowledgement message indicating the UE successfully received the indication of the security configuration. The UDM may transmit a message to the USS based on receiving the acknowledgment message. The UE may transmit a registration request to the USS. The UE and the USS may communicate according to the security credentials of the security configuration.

The method includes a gateway device sending a first authentication request and a second authentication request to a first device. The gateway device obtains a third authentication request from the first device, where the third authentication request is used by the gateway device to verify the first device based on the first identification code and third authentication information. The gateway device sends a fourth authentication request to the first authentication server. The gateway device obtains first confirmation information, second confirmation information, third confirmation information, and fourth confirmation information, and establishes a communication connection between the first device and the gateway device based on all the confirmation information.

The method includes a gateway device sending a first authentication request and a second authentication request to a first device. The gateway device obtains a third authentication request from the first device, where the third authentication request is used by the gateway device to verify the first device based on the first identification code and third authentication information. The gateway device sends a fourth authentication request to the first authentication server. The gateway device obtains first confirmation information, second confirmation information, third confirmation information, and fourth confirmation information, and establishes a communication connection between the first device and the gateway device based on all the confirmation information.

An example technique for security key derivation in a wireless system includes: sending a radio resource control (RRC) suspend message from a first node, to a first user device, the RRC suspend message including a first next hop (NH) chaining counter (NCC) value; releasing access stratum (AS) resources associated with the first user device; deriving a first node key based on the first NCC value; receiving a first uplink message from the first user device without allocating AS resources to the first user device; and unscrambling the first uplink message based on the first NCC value.

An example technique for security key derivation in a wireless system includes: sending a radio resource control (RRC) suspend message from a first node, to a first user device, the RRC suspend message including a first next hop (NH) chaining counter (NCC) value; releasing access stratum (AS) resources associated with the first user device; deriving a first node key based on the first NCC value; receiving a first uplink message from the first user device without allocating AS resources to the first user device; and unscrambling the first uplink message based on the first NCC value.

A method and apparatus provides for receiving a first connection reconfiguration message to configure at least one split bearer with a first logicalchannelidentity, terminated in the second cell group. A first security key for communication with the first cell group and a second security key for communication with the second cell group are applied. A second connection reconfiguration message is received, the second connection reconfiguration message including a counter having a count value for deriving a third security key for communication with the second cell group, wherein the third security key that was derived for communication with the second cell group is based on the count value of the received counter. The third security key is applied for communication with the second cell group, while continuing to use the first security key and the first MAC entity for communication with the first cell group, where continuing to use the first MAC entity includes not resetting the first MAC entity.

A method and apparatus provides for receiving a first connection reconfiguration message to configure at least one split bearer with a first logicalchannelidentity, terminated in the second cell group. A first security key for communication with the first cell group and a second security key for communication with the second cell group are applied. A second connection reconfiguration message is received, the second connection reconfiguration message including a counter having a count value for deriving a third security key for communication with the second cell group, wherein the third security key that was derived for communication with the second cell group is based on the count value of the received counter. The third security key is applied for communication with the second cell group, while continuing to use the first security key and the first MAC entity for communication with the first cell group, where continuing to use the first MAC entity includes not resetting the first MAC entity.

A system and method for establishing trust between management entities with different authentication mechanisms in a computing system utilizes a token exchange service to acquire a second security token used in a second management entity in exchange for a first security token used in a first management entity. In an embodiment, an endpoint is set at the first management entity as an authentication endpoint for the second management entity, which is used to authenticate a request with the second security token that is sent from the first management entity to the second management entity. After authentication, the request is processed at the second management entity and a response is transmitted to the first management entity.

According to some embodiments, a method performed by a network node capable of operating as an authentication server function (AUSF) comprises generating an anchor key (K.sub.AKMA) and a K.sub.AKMA key identifier (K.sub.AKMA ID) associated with a wireless device and transmitting, to at least one authentication and key management for applications (AKMA) anchor function (AAnF) instance, key material associated with the wireless device.

The disclosure relates to a 5G or 6G communication system for supporting a higher data transmission rate. An operation method of an access and mobility management function (AMF) in a wireless communication network according to the disclosure includes: receiving, from a base station, a registration request message including a parameter indicating that a terminal supports control plane-based remote provisioning; determining the control plane-based remote provisioning, based on the parameter; and determining an authentication server function (AUSF) for onboarding of the terminal, based on the control plane-based remote provisioning.