This application provides a group handover method. The method includes: A first terminal device receives first information from a first network device, where the first information indicates a first resource, the first resource is for carrying fourth information, the fourth information is cell handover information of a plurality of terminal devices, and the first terminal device is one of the plurality of terminal devices; and the first terminal device receives the fourth information on the first resource. This can reduce signaling overheads caused by cell handover of a plurality of users and improve resource utilization.

A wireless network switching method. In the method, a station and a target access device directly generate a message integrity check key by means of a domain key, and verify an integrity code on the basis of the message integrity check key, so as to realize the authentication of two parties; and when the authentication of the opposite party is successful, session keys are generated by means of the domain key and in conjunction with random numbers of the two parties, thereby simplifying a switching process and realizing secure and efficient network switching. Further disclosed are a corresponding station and a corresponding access device.

Various aspects of the present disclosure generally relate to wireless communication. In some aspects, a user equipment (UE) may identify a frequency associated with a synchronization signal block (SSB) associated with a base station. The UE may generate a security key associated with a handover of the UE based at least in part on the frequency associated with the SSB. Numerous other aspects are provided.

A method for advertising a route, applied to a layer 3 network in an open systems interconnection OSI model. The network includes a control plane network element and a user plane network element that are connected to each other, and the method includes: receiving, by the user plane network element, a packet whose source IP address is a first IP address; determining, by the user plane network element, that the first IP address is not authenticated; sending, by the user plane network element, an authentication request that includes the first IP address to the control plane network element; receiving, by the user plane network element, a first session from the control plane network element; and advertising, by the user plane network element, first routing information based on the first session, where a destination address of the first routing information is the first IP address.

The present disclosure relates to a user equipment in a mobile communication system. The UE comprises processing circuitry, which determines whether the UE, being located in a first radio access network notification area, first RNA, is moving to a second radio access network notification area, second RNA, different from the first RNA. The UE is in an inactive state out of an idle state, a connected state and the inactive state the user equipment can be in. The UE further comprises a transmitter, which transmits identification information on the first RNA to a second radio base station of the second RNA, when determining that the UE is moving to the second RNA. The UE further comprises a receiver which receives from the second radio base station UE related context information usable by the UE to exchange uplink and downlink data with the second radio base station.

A message protection method and an apparatus are disclosed. The method includes: When a terminal prepares to hand over from a first-standard system to a second-standard system, the terminal may not have a security context of the second-standard system after handover. Therefore, in the method of the present disclosure, the terminal performs integrity protection on a registration request message and a location update request message by using an integrity key in a security context of the first-standard system before handover. Both the registration request message and the location update request message are messages for triggering handover. Therefore, in the method, security protection is implemented on the message for triggering handover, thereby helping improve communication security.

A network entity may determine whether a network context of a device is stored in the device or in the network based, at least in part, on a preference or capability of the device, as reported by the device during attachment to the network entity. The context may be stored in, and retrieved from, a dedicated context storage function that is independent of the network entity. A context storage function may be partitioned, or separate storage functions used, to automatically group and track access network contexts, core network contexts, or network slice contexts. The context storage function may provide to the device an index, such as a link or other identifier to be used in retrieving the stored context information. The context storage function may further provide a token to secure re-attachment communications among the device, the network entity, and the context storage function.

Certain aspects of the present disclosure provide techniques for managing security keys for enciphering and deciphering packets transmitted in a wireless communications system. According to certain aspects, a method of wireless communication by a user equipment (UE) is provided. The method generally includes obtaining an indication of a key area identifier (ID) of a first cell node, wherein the key area ID identifies a set of cell nodes that are associated with a network node that uses a first key for enciphering or deciphering messages and communicating a first set of messages with the first cell node using the first key for enciphering or deciphering the first set of messages.

The present disclosure relates to a communication method and system for converging a 5th-Generation (5G) communication system for supporting higher data rates beyond a 4th-Generation (4G) system with a technology for Internet of Things (IoT). The present disclosure may be applied to intelligent services based on the 5G communication technology and the IoT-related technology, such as smart home, smart building, smart city, smart car, connected car, health care, digital education, smart retail, security and safety services. Embodiments disclose a method and system for handling a network slice specific authentication and authorization (NSSAA) process in a wireless network system.

In a wireless terminal secondary cell group (SCG) configurations are invalidated upon change of a master key. The wireless terminal comprises processor circuitry and receiver circuitry. The processor circuitry is configured to establish, using a first master key, a first security context on a first radio connection with a master access node. The receiver circuitry is configured to receiver circuitry configured to receive a re-configuration message comprising one or more conditional secondary cell configurations and at least one counter. Each conditional secondary cell configuration may comprise an identity of a candidate primary secondary cell and at least one triggering condition, the candidate primary secondary cell being used for Dual-Connectivity (DC). The at least one counter and the first master key may be used for derivation of a second master key to be used for establishment of a second security context with one of the candidate primary secondary cells. The processor circuitry is further configured to invalidate one or more conditional secondary cell configurations upon a change of the first master key.