Since 4G (LTE), mobile communications have implemented encryption and integrity protection during terminal (UE) access to ensure personal privacy and security during communication. The specific processes for these, along with service resources and data transmission, in the 5G (NR) system are as follows:
I. AS Security and RRC Reconfiguration: First, the AMF sends a UE Initial Context Establishment Request and Registration Acceptance Message to the gNB to update the UE context existing in the gNB. The gNB then performs the RRC reconfiguration and SMC procedures so that the UE can access the encrypted channel using derived keys (e.g., k-gNB, k-RRC, k-UP-int).
[17] AMF sends SAP
[1] Update the GUTI assigned to AMF SAP
[9] Process AMF AS SAP connection establishment request
[9] [16] Process AMF AS SAP connection establishment rejection
[9] Process AMF AS SAP connection establishment confirmation
[18] Notify AMF AS SAP that it needs to send a security mode command message to the UE
[9] Process AMF AS SAP security request primitive
[17] Set security request when data is transmitted to the lower layer
[1] Notify AS SAP that registration is rejected
[10] Obtain a new security context from the upper layer
[23] Encrypt/decrypt/decode Layer 3 NAS message
[8] Register UE context
[1] Execute registration signaling process
[1] Process registration completion message
[1] AMF sends registration acceptance message
II. Uplink (downlink) data transmission When the user plane is set to uplink or downlink purpose, the PDU session update message is transmitted from AMF to SMF. The specific process is as follows;
[3] Transfer gNB IP and TEID are stored in the corresponding SMF context
[3] Session creation response message received from SMF
[3] Prepare and send gN establishment response message to SMF via gRPC
[9] QoS flow establishment list
[20] Function to check if the maximum number of PDU sessions has been reached
