A base station security communicates with a UE operating as an SN in dual connectivity of the UE with a first MN and the SN. The base station communicates with the UE over a radio interface using a first security key (802). The base station then receives, from a second MN, a first message including data for obtaining a second security key for communicating with the UE (804) and suspends application of the second security key to downlink traffic to the UE until a second message is received (806). In response to receiving the second message, base station communicates with the UE over the radio interface using the second security key (808).

The present disclosure relates to a communication method and system for converging a 5th-Generation (5G) communication system for supporting higher data rates beyond a 4th-Generation (4G) system with a technology for Internet of Things (IoT). The present disclosure may be applied to intelligent services based on the 5G communication technology and the IoT-related technology, such as smart home, smart building, smart city, smart car, connected car, health care, digital education, smart retail, security and safety services. Embodiments disclose a method and system for handling a network slice specific authentication and authorization (NSSAA) process in a wireless network system.

In a wireless communication network implementing network slicing (NS), an Initial Access and Mobility Management Function (AMF) for a user equipment (UE) in one NS is able to re-allocate a UE to a Target AMF in a different NS, despite not being able to directly communicate with the Target AMF due to NS security restrictions. In a first embodiment, the Initial AMF transfers the UE context—including its security context—to a Default AMF. The Default AMF has the capability to communicate with network functions in different NSes. The Default AMF transfers the UE context to the Target AMF. In a second embodiment, a security key Kamf′ is horizontally derived in a manner that avoids NS security conflicts. The derived key is transferred to the UE and Target AMF, which establish a security context. In a third embodiment, the Initial AMF allocates a Token, and transfers it, along with the UE security context (directly or via RAN) to the Default AMF. The Default AMF then transfers the security context to the Target AMF.

Embodiments of this application disclose a communication method and a communications apparatus, to resolve a problem that a terminal cannot quickly resume a communication connection to a secondary node. The method includes: receiving, by a first master node, a first message from a terminal, where the first message is used to request state transition of the terminal from a third mode to a connected mode; determining, by the first master node, a secondary node that serves the terminal; obtaining, by the first master node, a first security parameter, where the first security parameter is used to derive a security key used for communication between the terminal and the secondary node that serves the terminal; obtaining, by the first master node, SCG configuration information; and sending, by the first master node, a second message to the terminal, where the second message includes the first security parameter and the SCG configuration information.

Systems, devices, and techniques described herein relate to use of an optimized security mode command (SMC) procedure for securing communications. When connecting to a different cellular network (e.g., from a 5.sup.th generation (5G) Radio Access Network (RAN)) to a different cellular network (e.g., a 4.sup.th generation (4G) RAN), a User Equipment (UE) performs the SMC procedure without processing subsequent commands until a period of time has elapsed. Instead of allowing the UE to process subsequent commands received close in time to receiving the SMC, the subsequent commands may be delayed/suspended so that the UE has time to perform the SMC procedure and establish secure communications with the 4G LTE network. According to some examples, the delay is set to a period of time (e.g., 1 ms, 10 ms, or some other value) such that the subsequent command does not interfere with performing the SMC procedure.

Provided is a method for determining access permission for a beamforming computing device communicating with a beamforming transceiver. The method includes obtaining, at an inter-zone sensor, location information from the beamforming computing device, wherein the inter-zone sensor is configured to monitor a location of the beamforming computing device; determining, by the inter-zone sensor, the location for the beamforming computing device based on the location information as the beamforming computing device nears a boundary between a first access zone and a second access zone; providing, by the inter-zone sensor, the location to a central control system; obtaining, by the inter-zone sensor, a command by the central control system that instructs the inter-zone sensor to communicate access instructions to a beamforming transceiver in the second access zone; and providing the access instructions to the beamforming transceiver.

Methods, systems, and computer readable media are presented for retrieving security keys in gateways. In one example embodiment, a method is presented. The method of retrieving security keys from a User Equipment (UE) in gateways includes retrieving, by a HetNet Gateway (HNG) as the HNG virtualizes an eNodeB towards n Mobility Management Entity (MME) through a first message and a second message exchange, a fresh Next Hop, Next Hop Chaining Count {NH, NCC} pair from the MME; and mocking, by the HNG, an X2 handover towards the MME by sending a third message with required Information Elements filled when a fourth message from the eNodeB reaches the HNG.

A wireless device in a radio resource control, RRC, idle or an RRC inactive state communicates via a first cell of a first base station. Based on a communication failure of the first cell, the wireless device in the RRC idle state or RRC inactive state transmits an RRC request message to a second base station. The RRC request message comprises a cell radio network temporary identifier, C-RNTI, of the first cell.

Embodiments of the present disclosure provide methods and apparatuses for handover. A method at a first access and mobility management entity comprises obtaining at least one authentication and authorization status for a terminal device for at least one network slice of a network. The method further comprises sending the at least one authentication and authorization status for the terminal device for at least one network slice of the network to a second access and mobility management entity during a handover procedure.

A wireless terminal comprises processor circuitry and receiver circuitry. The receiver circuitry is configured to receive a configuration message comprising one or more conditional handover configurations. Each of the one or more conditional handover configurations may comprise at least one identity of a candidate target cell, and at least one triggering condition. The processor circuitry is configured to establish, using a first key set, a first security context with a first wireless access node; to perform a handover to a target cell; to determine validity of the conditional handover configurations, based on whether or not the handover to the target cell is configured with a security configuration, and to use the security configuration to derive a second key set for establishing a second security context with a second wireless access node that serves the target cell.