Tech-invite3GPPspaceIETFspace
21222324252627282931323334353637384‑5x

Content for  TS 24.501  Word version:  19.0.0

Top   Top   Up   Prev   Next
1…   3…   4…   4.4…   4.4.3…   4.5…   4.5.3…   4.6…   4.7…   4.9…   4.15…   5…   5.2…   5.3…   5.3.2…   5.3.7…   5.3.19…   5.4…   5.4.1.3…   5.4.2…   5.4.4…   5.4.5…   5.4.6…   5.5…   5.5.1.2.4   5.5.1.2.5…   5.5.1.3…   5.5.1.3.4   5.5.1.3.5…   5.5.2…   5.6…   5.6.2…   6…   6.1.4…   6.2…   6.3…   6.3.2…   6.3.3…   6.4…   6.4.1.4…   6.4.2…   6.5…   7…   8…   8.2.9…   8.3…   9…   9.11.2…   9.11.2.10…   9.11.3…   9.11.3.4…   9.11.3.8…   9.11.3.14…   9.11.3.18C…   9.11.3.29…   9.11.3.33…   9.11.3.39…   9.11.3.45…   9.11.3.50…   9.11.3.53A…   9.11.3.68…   9.11.3.75…   9.11.4…   9.11.4.10…   9.11.4.13…   9.11.4.16…   9.11.4.30…   9.12   10…   A…   B…   C…   D…   D.6…   D.6.3…   D.6.8   D.7…

 

4.4.3  Handling of NAS COUNT and NAS sequence numberp. 62

4.4.3.1  Generalp. 62

Each 5G NAS security context shall be associated with two separate counters NAS COUNT per access type in the same PLMN: one related to uplink NAS messages and one related to downlink NAS messages. If the 5G NAS security context is used for access via both 3GPP and non-3GPP access in the same PLMN, there are two NAS COUNT counter pairs associated with the 5G NAS security context. The NAS COUNT counters use 24-bit internal representation and are independently maintained by UE and AMF. The NAS COUNT shall be constructed as a NAS sequence number (8 least significant bits) concatenated with a NAS overflow counter (16 most significant bits).
When NAS COUNT is input to NAS ciphering or NAS integrity algorithms it shall be considered to be a 32-bit entity which shall be constructed by padding the 24-bit internal representation with 8 zeros in the most significant bits.
The value of the uplink NAS COUNT that is stored or read out of the USIM or non-volatile memory as described in Annex C, is the value that shall be used in the next NAS message.
The value of the downlink NAS COUNT that is stored or read out of the USIM or non-volatile memory as described in Annex C, is the largest downlink NAS COUNT used in a successfully integrity checked NAS message.
The value of the uplink NAS COUNT stored in the AMF is the largest uplink NAS COUNT used in a successfully integrity checked NAS message.
The value of the downlink NAS COUNT stored in the AMF is the value that shall be used in the next NAS message.
The NAS sequence number part of the NAS COUNT shall be exchanged between the UE and the AMF as part of the NAS signalling. After each new or retransmitted outbound SECURITY PROTECTED 5GS NAS MESSAGE message, the sender shall increase the NAS COUNT number by one, except for the initial NAS messages if the lower layers indicated the failure to establish the RRC connection (see TS 38.331). Specifically, on the sender side, the NAS sequence number shall be increased by one, and if the result is zero (due to wrap around), the stored NAS overflow counter shall also be incremented by one (see subclause 4.4.3.5). If, through implementation-dependent means, the receiver determines that the NAS message is a replay of an earlier NAS message, then the receiver handles the received NAS message as described in subclause 4.4.3.2. Otherwise, in order to determine the estimated NAS COUNT value to be used for integrity verification of a received NAS message:
  • The sequence number part of the estimated NAS COUNT value shall be equal to the sequence number in the received NAS message; and
  • If the receiver can guarantee that this NAS message was not previously accepted, then the receiver may select the estimated NAS overflow counter so that the estimated NAS COUNT value is lower than the stored NAS COUNT value; otherwise, the receiver selects the estimated NAS overflow counter so that the estimated NAS COUNT value is higher than the stored NAS COUNT value.
During the inter-system change from S1 mode to N1 mode in 5GMM-CONNECTED mode, when a mapped 5G NAS security context is derived and taken into use, the AMF shall set both the uplink and downlink NAS COUNT counters of this 5G NAS security context to zero. The UE shall set both the uplink and downlink NAS COUNT counters of this 5G NAS security context to zero.
During the inter-system change from S1 mode to N1 mode in 5GMM-CONNECTED mode, the AMF shall increment the downlink NAS COUNT by one after it has created an S1 mode to N1 mode NAS transparent container (see subclause 9.11.2.9).
During the inter-system change from N1 mode to S1 mode in 5GMM-CONNECTED mode, the AMF shall increment the downlink NAS COUNT by one after it has created an N1 mode to S1 mode NAS transparent container (see subclause 9.11.2.7).
During N1 mode to N1 mode handover:
  1. if the new 5G NAS security context is created with the same KAMF, the AMF shall signal the 8 least significant bits of the current downlink NAS COUNT value in an Intra N1 mode NAS transparent container (see subclause 9.11.2.6). The AMF shall then increment the downlink NAS COUNT by one; or
  2. if the new 5G NAS security context is created with a new KAMF, the AMF shall signal the 8 least significant bits of the current downlink NAS COUNT value in an Intra N1 mode NAS transparent container (see subclause 9.11.2.6) and shall then set both the uplink and downlink NAS COUNT counters of this 5G NAS security context to zero. The AMF shall then increment the downlink NAS COUNT by one. The UE shall also set both the uplink and downlink NAS COUNT counters to zero.
Up

4.4.3.2  Replay protectionp. 63

Replay protection shall be supported for received NAS messages both in the AMF and the UE. However, since the realization of replay protection does not affect the interoperability between nodes, no specific mechanism is required for implementation.
Replay protection assures that one and the same NAS message is not accepted twice by the receiver. Specifically, for a given 5G NAS security context, a given NAS COUNT value shall be accepted at most one time and only if message integrity verifies correctly.
Replay protection is not applicable when 5G-IA0 is used.
Up

4.4.3.3  Integrity protection and verificationp. 63

The sender shall use its locally stored NAS COUNT as input to the integrity protection algorithm.
The receiver shall use the NAS sequence number included in the received message and an estimate for the NAS overflow counter as defined in subclause 4.4.3.1 to form the NAS COUNT input to the integrity verification algorithm.
The algorithm to calculate the integrity protection information is specified in TS 33.501, and in case of the:
  1. SECURITY PROTECTED 5GS NAS MESSAGE message, the integrity protection shall include octet 7 to n, i.e. the Sequence number IE and the NAS message IE.
  2. Intra N1 mode NAS transparent container IE and S1 mode to N1 mode NAS transparent container IE, the integrity protection shall include all octets of the value part of the IE starting from octet 7.
In addition to the data that is to be integrity protected, the BEARER ID, DIRECTION bit, NAS COUNT and 5G NAS integrity key are input to the integrity protection algorithm. These parameters are described in TS 33.501.
After successful integrity protection validation, the receiver shall update its corresponding locally stored NAS COUNT with the value of the estimated NAS COUNT for this NAS message.
Integrity verification is not applicable when 5G-IA0 is used.
Up

4.4.3.4  Ciphering and decipheringp. 64

The sender shall use its locally stored NAS COUNT as input to the ciphering algorithm.
The receiver shall use the NAS sequence number included in the received message and an estimate for the NAS overflow counter as defined in subclause 4.4.3.1 to form the NAS COUNT input to the deciphering algorithm.
The input parameters to the NAS ciphering algorithm are the BEARER ID, DIRECTION bit, NAS COUNT, NAS encryption key and the length of the key stream to be generated by the encryption algorithm.
When applying initial NAS message protection to the REGISTRATION REQUEST, DEREGISTRATION REQUEST or SERVICE REQUEST message as described in subclause 4.4.6, the length of the key stream is set to the length of the entire plain NAS message that is included in the NAS message container IE, i.e. the value part of the NAS message container IE, that is to be ciphered.
When applying initial NAS message protection to the CONTROL PLANE SERVICE REQUEST message as described in subclause 4.4.6, the length of the key stream is set to the length of:
  1. the value part of the CIoT small data container IE that is to be ciphered; or
  2. the value part of the NAS message container IE that is to be ciphered.
Up

4.4.3.5  NAS COUNT wrap aroundp. 64

If, when increasing the NAS COUNT as specified above, the AMF detects that either its downlink NAS COUNT or the UE's uplink NAS COUNT is "close" to wrap around, (close to 224), the AMF shall take the following actions:
  • If there is no non-current native 5G NAS security context with sufficiently low NAS COUNT values, the AMF shall initiate a new primary authentication and key agreement procedure with the UE, leading to a new established 5G NAS security context and the NAS COUNT being reset to 0 in both the UE and the AMF when the new 5G NAS security context is activated;
  • Otherwise, the AMF can activate a non-current native 5G NAS security context with sufficiently low NAS COUNT values or initiate a new primary authentication and key agreement procedure as specified above.
If for some reason a new KAMF has not been established using primary authentication and key agreement procedure before the NAS COUNT wraps around, the node (AMF or UE) in need of sending a NAS message shall instead release the NAS signalling connection. Prior to sending the next uplink NAS message, the UE shall delete the ngKSI indicating the current 5G NAS security context.
When the 5G-IA0 is used as the NAS integrity algorithm, the UE and the AMF shall allow NAS COUNT wrap around. If NAS COUNT wrap around occurs, the following requirements apply:
  1. the UE and the AMF shall continue to use the current 5G NAS security context;
  2. the AMF shall not initiate the primary authentication and key agreement procedure;
  3. the AMF shall not release the NAS signalling connection; and
  4. the UE shall not perform a local release of the NAS signalling connection.
Up

4.4.4  Integrity protection of NAS signalling messagesp. 65

4.4.4.1  Generalp. 65

For the UE, integrity protected signalling is mandatory for the 5GMM NAS messages once a valid 5G NAS security context exists and has been taken into use. For the network, integrity protected signalling is mandatory for the 5GMM NAS messages once a secure exchange of 5GS NAS messages has been established for the NAS signalling connection. Integrity protection of all NAS signalling messages is the responsibility of the NAS. It is the network which activates integrity protection.
The use of "null integrity protection algorithm" 5G-IA0 (see subclause 9.11.3.34) in the current 5G NAS security context is only allowed:
  1. for an unauthenticated UE for which establishment of emergency services is allowed;
  2. for a W-AGF acting on behalf of an FN-RG;
  3. for a W-AGF acting on behalf of an N5GC device; and
  4. for a 5G-RG acting on behalf of an AUN3 device.
For setting the security header type in outbound NAS messages, the UE and the AMF shall apply the same rules irrespective of whether the "null integrity protection algorithm" or any other integrity protection algorithm is indicated in the 5G NAS security context.
If the "null integrity protection algorithm"5G-IA0 has been selected as an integrity protection algorithm, the receiver shall regard the NAS messages with the security header indicating integrity protection as integrity protected.
Details of the integrity protection and verification of NAS signalling messages are specified in TS 33.501.
When a NAS message needs to be sent both ciphered and integrity protected, the NAS message is first ciphered and then the ciphered NAS message and the NAS sequence number are integrity protected by calculating the MAC.
When a NAS message needs to be sent only integrity protected and unciphered, the unciphered NAS message and the NAS sequence number are integrity protected by calculating the MAC.
When a 5GSM message is piggybacked in a 5GMM message, there is only one Sequence number IE and one Message authentication code IE for the 5GMM message piggybacking the 5GSM message.
Up

4.4.4.2  Integrity checking of NAS signalling messages in the UEp. 65

Except the messages listed below, no NAS signalling messages shall be processed by the receiving 5GMM entity in the UE or forwarded to the 5GSM entity, unless the network has established secure exchange of 5GS NAS messages for the NAS signalling connection:
  1. IDENTITY REQUEST (if requested identification parameter is SUCI);
  2. AUTHENTICATION REQUEST;
  3. AUTHENTICATION RESULT;
  4. AUTHENTICATION REJECT;
  5. REGISTRATION REJECT (if the 5GMM cause is not #76, #78, #81 or #82);
  6. DEREGISTRATION ACCEPT (for non switch off); and
  7. SERVICE REJECT (if the 5GMM cause is not #76 or #78).
Integrity protection is never applied directly to 5GSM messages, but to the 5GMM message in which the 5GSM message is included.
Once the secure exchange of NAS messages has been established, the receiving 5GMM entity in the UE shall not process any NAS signalling messages unless they have been successfully integrity checked by the NAS. If NAS signalling messages, having not successfully passed the integrity check, are received, then the NAS in the UE shall discard that message. The processing of the SECURITY MODE COMMAND message that has not successfully passed the integrity check is specified in subclause 5.4.2.5. If any NAS signalling message is received as not integrity protected even though the secure exchange of NAS messages has been established by the network, then the NAS shall discard this message.
Up

4.4.4.3  Integrity checking of NAS signalling messages in the AMFp. 66

Except the messages listed below, no NAS signalling messages shall be processed by the receiving 5GMM entity in the AMF or forwarded to the 5GSM entity, unless the secure exchange of NAS messages has been established for the NAS signalling connection:
  1. REGISTRATION REQUEST;
  2. IDENTITY RESPONSE (if requested identification parameter is SUCI);
  3. AUTHENTICATION RESPONSE;
  4. AUTHENTICATION FAILURE;
  5. SECURITY MODE REJECT;
  6. DEREGISTRATION REQUEST; and
  7. DEREGISTRATION ACCEPT;
Integrity protection is never applied directly to 5GSM messages, but to the 5GMM message in which the 5GSM message is included.
Once a current 5G NAS security context exists, until the secure exchange of NAS messages has been established for the NAS signalling connection, the receiving 5GMM entity in the AMF shall process the following NAS signalling messages, even if the MAC included in the message fails the integrity check or cannot be verified, as the 5G NAS security context is not available in the network:
  1. REGISTRATION REQUEST;
  2. IDENTITY RESPONSE (if requested identification parameter is SUCI);
  3. AUTHENTICATION RESPONSE;
  4. AUTHENTICATION FAILURE;
  5. SECURITY MODE REJECT;
  6. DEREGISTRATION REQUEST;
  7. DEREGISTRATION ACCEPT;
  8. SERVICE REQUEST; and
  9. CONTROL PLANE SERVICE REQUEST;
If a REGISTRATION REQUEST message for initial registration fails the integrity check and it is not a registration request for emergency services, the AMF shall authenticate the subscriber before processing the registration request any further. Additionally, the AMF shall initiate a security mode control procedure, and include the Additional 5G security information IE with the RINMR bit set to "Retransmission of the initial NAS message requested" in the SECURITY MODE COMMAND message as specified in subclause 5.4.2.2. If authentication procedure is not successful the AMF shall maintain, if any, the 5GMM-context and 5G NAS security context unchanged.For the case when the registration procedure is for emergency services see subclause 5.5.1.2.3 and subclause 5.4.1.3.5.
If a REGISTRATION REQUEST message for mobility and periodic registration update fails the integrity check and the UE provided EPS NAS message container IE which was successfully verified by the source MME, the AMF may create a mapped 5G NAS security context and initiate a security mode control procedure to take the new mapped 5G NAS security context into use; otherwise if the UE has only a non-emergency PDU session established, the AMF shall initiate a primary authentication and key agreement procedure to create a new native 5G NAS security context. Additionally, the AMF shall initiate a security mode control procedure, and include the Additional 5G security information IE with the RINMR bit set to "Retransmission of the initial NAS message requested" in the SECURITY MODE COMMAND message as specified in subclause 5.4.2.2. If authentication procedure is not successful the AMF shall maintain, if any, the 5GMM-context and 5G NAS security context unchanged. For the case when the UE has an emergency PDU session see subclause 5.5.1.3.3 and subclause 5.4.1.3.5.
If a DEREGISTRATION REQUEST message fails the integrity check, the AMF shall proceed as follows:
  • If it is not a deregistration request due to switch off, and the AMF can initiate an authentication procedure, the AMF should authenticate the subscriber before processing the deregistration request any further.
  • If it is a deregistration request due to switch off, or the AMF does not initiate an authentication procedure for any other reason, the AMF may ignore the deregistration request and remain in state 5GMM-REGISTERED.
If a SERVICE REQUEST or CONTROL PLANE SERVICE REQUEST message fails the integrity check and the UE has only non-emergency PDU sessions established, the AMF shall send the SERVICE REJECT message with 5GMM cause #9 "UE identity cannot be derived by the network" and keep the 5GMM-context and 5G NAS security context unchanged. For the case when the UE has an emergency PDU session and integrity check fails, the AMF may skip the authentication procedure even if no 5G NAS security context is available and proceed directly to the execution of the security mode control procedure as specified in subclause 5.4.2. Additionally, the AMF shall include the Additional 5G security information IE with the RINMR bit set to "Retransmission of the initial NAS message requested" in the SECURITY MODE COMMAND message as specified in subclause 5.4.2.2. After successful completion of the service request procedure, the network shall perform a local release of all non-emergency PDU sessions. The emergency PDU session shall not be released.
Once the secure exchange of NAS messages has been established for the NAS signalling connection, the receiving 5GMM entity in the AMF shall not process any NAS signalling messages unless they have been successfully integrity checked by the NAS. If any NAS signalling message, having not successfully passed the integrity check, is received, then the NAS in the AMF shall discard that message. If any NAS signalling message is received, as not integrity protected even though the secure exchange of NAS messages has been established, then the NAS shall discard this message.
Up

4.4.5  Ciphering of NAS signalling messagesp. 68

The use of ciphering in a network is an operator option subject to AMF configuration. When operation of the network without ciphering is configured, the AMF shall indicate the use of "null ciphering algorithm" 5G-EA0 (see subclause 9.11.3.34) in the current 5G NAS security context for all UEs. For setting the security header type in outbound NAS messages, the UE and the AMF shall apply the same rules irrespective of whether the "null ciphering algorithm" or any other ciphering algorithm is indicated in the 5G NAS security context.
When the UE establishes a new N1 NAS signalling connection, it shall apply security protection to the initial NAS message as described in subclause 4.4.6.
The UE shall start the ciphering and deciphering of NAS messages when the secure exchange of NAS messages has been established for an N1 NAS signalling connection. From this time onward, unless explicitly defined, the UE shall send all NAS messages ciphered until the N1 NAS signalling connection is released, or the UE performs inter-system change to S1 mode.
The AMF shall start ciphering and deciphering of NAS messages as described in subclause 4.4.2.5. From this time onward, except for the SECURITY MODE COMMAND message, the AMF shall send all NAS messages ciphered until the N1 NAS signalling connection is released, or the UE performs inter-system change to S1 mode.
Ciphering is never applied directly to 5GSM messages, but to the 5GMM message in which the 5GSM message is included.
Once the encryption of NAS messages has been started between the AMF and the UE, the receiver shall discard the unciphered NAS messages which shall have been ciphered according to the rules described in this specification.
If the "null ciphering algorithm" 5G-EA0 has been selected as a ciphering algorithm, the NAS messages with the security header indicating ciphering are regarded as ciphered.
Details of ciphering and deciphering of NAS signalling messages are specified in TS 33.501.
Up

4.4.6  Protection of initial NAS signalling messagesp. 68

The 5GS supports protection of initial NAS messages as specified in TS 33.501. The protection of initial NAS messages applies to the REGISTRATION REQUEST, DEREGISTRATION REQUEST, SERVICE REQUEST and CONTROL PLANE SERVICE REQUEST message, and is achieved as follows:
  1. If the UE does not have a valid 5G NAS security context, the UE sends a REGISTRATION REQUEST message including cleartext IEs only. After activating a 5G NAS security context resulting from a security mode control procedure:
    1. if the UE needs to send non-cleartext IEs, the UE shall include the entire REGISTRATION REQUEST message (i.e. containing both cleartext IEs and non-cleartext IEs) in the NAS message container IE and shall include the NAS message container IE in the SECURITY MODE COMPLETE message; or
    2. if the UE does not need to send non-cleartext IEs, the UE shall include the entire REGISTRATION REQUEST message (i.e. containing cleartext IEs only) in the NAS message container IE and shall include the NAS message container IE in the SECURITY MODE COMPLETE message.
  2. If the UE has a valid 5G NAS security context and:
    1. the UE needs to send non-cleartext IEs in a REGISTRATION REQUEST, DEREGISTRATION REQUEST, or SERVICE REQUEST message, the UE includes the entire REGISTRATION REQUEST, DEREGISTRATION REQUEST or SERVICE REQUEST message (i.e. containing both cleartext IEs and non-cleartext IEs) in the NAS message container IE and shall cipher the value part of the NAS message container IE. The UE shall then send a REGISTRATION REQUEST, DEREGISTRATION REQUEST, or SERVICE REQUEST message containing the cleartext IEs and the NAS message container IE;
    2. the UE needs to send non-cleartext IEs in a CONTROL PLANE SERVICE REQUEST message:
      1. if CIoT small data container IE is the only non-cleartext IE to be sent, the UE shall cipher the value part of the CIoT small data container IE. The UE shall then send a CONTROL PLANE SERVICE REQUEST message containing the cleartext IEs and the CIoT small data container IE;
      2. otherwise, the UE includes non-cleartext IEs in the NAS message container IE and shall cipher the value part of the NAS message container IE. The UE shall then send a CONTROL PLANE SERVICE REQUEST message containing the cleartext IEs and the NAS message container IE;
    3. the UE does not need to send non-cleartext IEs in a REGISTRATION REQUEST, DEREGISTRATION REQUEST, or SERVICE REQUEST message, the UE sends the REGISTRATION REQUEST, DEREGISTRATION REQUEST, or SERVICE REQUEST message without including the NAS message container IE; or
    4. the UE does not need to send non-cleartext IEs in a CONTROL PLANE SERVICE REQUEST message, the UE sends the CONTROL PLANE SERVICE REQUEST message without including the NAS message container IE and the CIoT small data container IE.
When the initial NAS message is a REGISTRATION REQUEST message, the cleartext IEs are:
  • Extended protocol discriminator;
  • Security header type;
  • Spare half octet;
  • Registration request message identity;
  • 5GS registration type;
  • ngKSI;
  • 5GS mobile identity;
  • UE security capability;
  • Additional GUTI;
  • UE status;
  • EPS NAS message container;
  • NID; and
  • UE determined PLMN with disaster condition.
When the initial NAS message is a DEREGISTRATION REQUEST message, the cleartext IEs are:
  • Extended protocol discriminator;
  • Security header type;
  • Spare half octet;
  • De-registration request message identity;
  • De-registration type;
  • ngKSI; and
  • 5GS mobile identity.
When the initial NAS message is a SERVICE REQUEST message, the cleartext IEs are:
  • Extended protocol discriminator;
  • Security header type;
  • Spare half octet;
  • ngKSI;
  • Service request message identity;
  • Service type; and
  • 5G-S-TMSI.
When the initial NAS message is a CONTROL PLANE SERVICE REQUEST message, the cleartext IEs are:
  • Extended protocol discriminator;
  • Security header type;
  • Spare half octet;
  • ngKSI;
  • Control plane service request message identity; and
  • Control plane service type.
When the UE sends a REGISTRATION REQUEST, DEREGISTRATION REQUEST, SERVICE REQUEST or CONTROL PLANE SERVICE REQUEST message that includes a NAS message container IE, the UE shall set the security header type of the initial NAS message to "integrity protected".
When the AMF receives an integrity protected initial NAS message which includes a NAS message container IE, the AMF shall decipher the value part of the NAS message container IE. If the received initial NAS message is a REGISTRATION REQUEST, DEREGISTRATION REQUEST, or a SERVICE REQUEST message, the AMF shall consider the NAS message that is obtained from the NAS message container IE as the initial NAS message that triggered the procedure.
When the AMF receives a CONTROL PLANE SERVICE REQUEST message which includes a CIoT small data container IE, the AMF shall decipher the value part of the CIoT small data container IE and handle the message as specified in subclause 5.6.1.4.2.
If the UE:
  1. has 5G-EA0 as a selected 5G NAS security algorithm; and
  2. selects a PLMN other than Registered PLMN and EPLMN over one access;
the UE shall send an initial NAS message including cleartext IEs only via the access type associated with the newly selected PLMN as described in this subclause for the case when the UE does not have a valid 5G NAS security context.
If the UE:
  1. has 5G-EA0 as a selected 5G NAS security algorithm; and
  2. selects a PLMN other than Registered PLMN and EPLMN over one access, and the Registered PLMN or EPLMN is not registering or registered over other access;
the UE shall delete the 5G NAS security context.
Up

4.4.7  Protection of NAS IEs |R17|p. 70

The network can provide the SOR transparent container IE during the registration procedure to the UE in the REGISTRATION ACCEPT message. The SOR transparent container IE is integrity protected by the HPLMN or subscribed SNPN as specified in TS 33.501.
The UE can provide the SOR transparent container IE during the registration procedure to the network in the REGISTRATION COMPLETE message. The SoR-MAC-IUE in the SOR transparent container IE is generated by the UE as specified in TS 33.501.
The network can provide the Payload container IE during the Network-initiated NAS transport procedure to the UE in DL NAS TRANSPORT message. If the Payload container type IE is set to "SOR transparent container" or "UE parameters update transparent container", the Payload container IE is integrity protected by the HPLMN or subscribed SNPN as specified in TS 33.501. If the Payload container type IE is set to "Multiple payloads" and the payload container type field of the payload container entry is set to "SOR transparent container" or "UE parameters update transparent container", the payload container entry contents field of the payload container entry is integrity protected correspondingly.
The UE can provide the Payload container IE during the UE-initiated NAS transport procedure to the network in UL NAS TRANSPORT message. If the Payload container type IE is set to "SOR transparent container" or "UE parameters update transparent container", the SoR-MAC-IUE or UPU-MAC-IUE in the Payload container IE is generated by the UE as specified in TS 33.501. If the Payload container type IE is set to "Multiple payloads" and the payload container type field of the payload container entry is set to "SOR transparent container" or "UE parameters update transparent container", the SoR-MAC-IUE or UPU-MAC-IUE in the payload container entry contents field of the payload container entry is generated by the UE correspondingly.
Up

Up   Top   ToC