A user-operated communication device stores security association information that is initially used to wirelessly connect the user-operated communication device to a first wireless access point made available by a first private wireless network service provider. Assume that the user-operated communication device roams out of a first wireless coverage region supported by the first wireless access point into wireless range of a second wireless access point operated by a second private wireless network service provider. Instead of performing full authentication to establish a wireless communication link with the second wireless access point, the user-operated communication device requests authentication resumption and utilizes the stored security association information (provided by the first service provider) to more quickly, wirelessly connect the communication device to the second wireless access point. Accordingly, techniques herein support authentication resumption across different service providers' wireless networks.

Presented herein are techniques to facilitate fast roaming between a mobile network operator-public (MNO-public) wireless wide area (WWA) access network and an enterprise private WWA access network. In one example, a method is provided that may include generating, by an authentication node, authentication material for a user equipment (UE) based on the UE being connected to a public WWA access network, wherein the public WWA access network is associated with a mobile network operator, and the authentication node and the UE are associated with an enterprise entity; obtaining, by the authentication node, an indication that the UE is attempting to access a private WWA access network associated with the enterprise entity; and providing, by the authentication node, the authentication material for the UE, wherein the authentication material facilitates connection establishment between the UE and the private WWA access network.

Methods, apparatuses, systems, etc., directed to performing a change of relay are disclosed herein. In an embodiment, a WTRU may transmit a link modification request message to a target WTRU via a first relay WTRU for requesting a change of relay. The WTRU may receive a link modification accept message from the target WTRU via the first relay WTRU, indicating a (e.g., proposed) second relay WTRU (e.g., identifier). The WTRU may transmit a direct communication request message including the second relay WTRU identifier for indicating to the target WTRU acceptance of the proposed second relay WTRU. The WTRU may a receiving a direct communication accept message from the target WTRU via the second relay WTRU, indicating the traffic may be relayed via the second relay WTRU.

The disclosed technology separates session management function signaling from the AMF. In particular, an SMF key is created for each SMF following the AMF generating an SM context request that contains gNB information and UE subscription information. Each PDU session creates a direct connection between the SMF and a local gNB. The gNB communicates with each SMF directly over a new interface (N3-C) for session management that is independent of the N2 interface used by the gNB to communicate with the AMF for mobility management. In this way, each SMF independently handles NAS signaling with the UE, using the SMF key and gNB related session-management signaling over an independent interface with the gNB. This removes the burden of relaying these communications through the AMF, which is then freed up to solely to handle mobility management signaling, resulting in an improved architecture.

Approaches for display of a user input field on a data originating device during a data transfer are disclosed herein. The data originating device can be positioned within a proximity of a data receiving device to initiate a data transfer between the data originating device and the data receiving device. A secure channel may be established between the data originating device and the data receiving device to exchange information related to the user input field in some embodiments.

The disclosed technology separates session management function signaling from the AMF. In particular, an SMF key is created for each SMF following the AMF generating an SM context request that contains gNB information and UE subscription information. Each PDU session creates a direct connection between the SMF and a local gNB. The gNB communicates with each SMF directly over a new interface (N3-C) for session management that is independent of the N2 interface used by the gNB to communicate with the AMF for mobility management. In this way, each SMF independently handles NAS signaling with the UE, using the SMF key and gNB related session-management signaling over an independent interface with the gNB. This removes the burden of relaying these communications through the AMF, which is then freed up to solely to handle mobility management signaling, resulting in an improved architecture.

There is provided mechanisms for configuring use of keys for security protecting packets communicated between a wireless device and a network node. A method is performed by the wireless device. The method comprises exchanging key use information with the network node in conjunction with performing a key change procedure with the network node during which a first key is replaced with a second key. The key use information indicates which of the packets are security protected using which of the first key and the second key.

A method and apparatus for supporting security in a radio resource control (RRC) inactive state in a wireless communication system is provided. A user equipment (UE) receives information on multiple security variables, of which each variable is mapped to each of multiple counter values, respectively. The UE calculates a security parameter and/or updating a UE identifier (ID) based on a security variable among the security variables which is mapped to a corresponding counter value among the multiple counter values, and transmits a radio resource control (RRC) resume request message including the calculated security parameter and/or the updated UE ID. The counter value may be increase whenever a timer expires or an RRC reject message is received as a response to the RRC resume request message.

The present invention provides a method of how the serving base station notifies UE of the encryption information used in the re-establishment process, how the serving base station finds the UE context information and authenticates the UE, in the 5G architecture. By means of the method of the present invention, the message between the RRC message and the base station can be optimized, the UE is correctly authenticated, and the re-establishment failure is avoided.

Technologies for systems, methods and computer-readable storage media for reducing the time to complete authentication during inter-technology handovers by reusing security context between 5G and Wi-Fi. Assuming, that the administrative domain for Wi-Fi and 5G match (and belongs to an enterprise for instance), using an already established security context in one technology to do fast authentication in the other technology during handover. Specifically, if UE is on Wi-Fi and handing over to 5G, use its Wi-Fi security context to do fast security setup in 5G, which includes a corresponding method for use when the UE goes from 5G to Wi-Fi.