Certain embodiments provide a method of updating a security. The method can include monitoring a bearer that includes first and second radio accesses according to different radio technologies between user equipment and a communications network. One or more properties of the monitored bearer can be determined. An update of a security key utilized for securing communications over at least one of the radio accesses can be triggered in response to determining that the determined properties meet at least one triggering condition capable of indicating a need for the update.

Certain embodiments provide a method of updating a security. The method can include monitoring a bearer that includes first and second radio accesses according to different radio technologies between user equipment and a communications network. One or more properties of the monitored bearer can be determined. An update of a security key utilized for securing communications over at least one of the radio accesses can be triggered in response to determining that the determined properties meet at least one triggering condition capable of indicating a need for the update.

A terminal apparatus is provided. The terminal apparatus includes a receiver configured to receive a first message from a base station apparatus, and a processing unit configured to modify first data radio bearer configuration configured for the terminal apparatus, based on the first message. A first PDCP entity is reconfigured as a packet data convergence protocol (PDCP) entity for the first data radio bearer. A first secrecy key for a source and a second secrecy key for a target are configured for the first PDCP entity as secrecy keys for the first data radio bearer. In a case that the first message includes first information and second information, the second secrecy key for the target of the first PDCP entity is configured based on the second information. In a case that the first message does not include the first information, the first secrecy key for the source is applied to the second secrecy key for the target of the first PDCP entity.

A terminal apparatus is provided. The terminal apparatus includes a receiver configured to receive a first message from a base station apparatus, and a processing unit configured to modify first data radio bearer configuration configured for the terminal apparatus, based on the first message. A first PDCP entity is reconfigured as a packet data convergence protocol (PDCP) entity for the first data radio bearer. A first secrecy key for a source and a second secrecy key for a target are configured for the first PDCP entity as secrecy keys for the first data radio bearer. In a case that the first message includes first information and second information, the second secrecy key for the target of the first PDCP entity is configured based on the second information. In a case that the first message does not include the first information, the first secrecy key for the source is applied to the second secrecy key for the target of the first PDCP entity.

A terminal apparatus for communicating with a base station apparatus is provided. The terminal apparatus includes a receiver configured to receive a first message from the base station apparatus, and a processing unit configured to establish a second packet data convergence protocol (PDCP) entity with a configuration identical to a configuration of a first PDCP entity for a first signaling radio bearer, based on a fact that a first configuration is configured. The first configuration is configured based on the first message.

A terminal apparatus for communicating with a base station apparatus is provided. The terminal apparatus includes a receiver configured to receive a first message from the base station apparatus, and a processing unit configured to establish a second packet data convergence protocol (PDCP) entity with a configuration identical to a configuration of a first PDCP entity for a first signaling radio bearer, based on a fact that a first configuration is configured. The first configuration is configured based on the first message.

The present invention provides a wireless communication method of an access point. The wireless communication method comprises the steps of: establishing a cache table comprising a plurality of reference MAC and corresponding PMKs and reference PMKIDs; receiving an association request from a station; reading a MAC address of the station and a PMKID from the association request; if the MAC address of the station and the PMKID do not match items of the cache table, performing a calculation on the PMKID to obtain an original PMKID; determining if the original PMKID matches any one of the reference PMKIDs within the cache table; and if the original PMKID matches one reference PMKID within the cache table, determining that the reference MAC recorded in the cache table and the MAC address belong to the same station.

The present invention provides a wireless communication method of an access point. The wireless communication method comprises the steps of: establishing a cache table comprising a plurality of reference MAC and corresponding PMKs and reference PMKIDs; receiving an association request from a station; reading a MAC address of the station and a PMKID from the association request; if the MAC address of the station and the PMKID do not match items of the cache table, performing a calculation on the PMKID to obtain an original PMKID; determining if the original PMKID matches any one of the reference PMKIDs within the cache table; and if the original PMKID matches one reference PMKID within the cache table, determining that the reference MAC recorded in the cache table and the MAC address belong to the same station.

Embodiments may include a user equipment (UE) configured to obtain a Mobile Subscriber Identification Number (MSIN) from an International Mobile Subscriber Identity (IMSI) of the UE, encrypt the MSIN to generate a Subscription Concealed Identifier (SUCI) in a Network Access Identifier (NAI) format, and send the SUCI to the non-3GPP access network for authentication of the UE, and a network element of a home 3GPP network configured to receive, by a 5G Non-seamless WLAN Offload (NSWO) Function, an authentication request including the SUCI from the non-3GPP access network, determine, by the 5G NSWO Function, based on the SUCI, that the UE should be authenticated by an authentication function of the home 3GPP network, and provide the authentication request including the SUCI to the authentication function of the home 3GPP network for processing based on the determination that the UE should be authenticated by the authentication function.

Embodiments may include a user equipment (UE) configured to obtain a Mobile Subscriber Identification Number (MSIN) from an International Mobile Subscriber Identity (IMSI) of the UE, encrypt the MSIN to generate a Subscription Concealed Identifier (SUCI) in a Network Access Identifier (NAI) format, and send the SUCI to the non-3GPP access network for authentication of the UE, and a network element of a home 3GPP network configured to receive, by a 5G Non-seamless WLAN Offload (NSWO) Function, an authentication request including the SUCI from the non-3GPP access network, determine, by the 5G NSWO Function, based on the SUCI, that the UE should be authenticated by an authentication function of the home 3GPP network, and provide the authentication request including the SUCI to the authentication function of the home 3GPP network for processing based on the determination that the UE should be authenticated by the authentication function.