4.7.1 Contents of 5GMM messages
38.508-13GPP5GSPart 1: Common test environmentRelease 17TSUser Equipment (UE) conformance specification
– Authentication request
Table 4.7.1-1: AUTHENTICATION REQUEST
|
Derivation Path: 24.501 clause 8.2.1 |
||||
|
Information Element |
Value/remark |
Comment |
Condition |
|
|
Extended protocol discriminator |
‘0111 1110’B |
5GS mobility management messages |
||
|
Security header type |
’0000’B |
Plain 5GS NAS message, not security protected |
||
|
Spare half octet |
‘0000’B |
|||
|
Authentication request message identity |
‘0101 0110’B |
|||
|
ngKSI |
||||
|
NAS key set identifier |
An arbitrarily selected value between ‘000’B and ‘110’B, different from the valid NAS key set identifier of the UE if such a value exists. |
|||
|
TSC |
‘0’B |
native security context (for KSIAMF) |
||
|
Spare half octet |
‘0000’B |
|||
|
ABBA |
‘0000 0000 0000 0000’B |
|||
|
Authentication parameter RAND (5G authentication challenge) |
Not Present |
EAP-AKA |
||
|
An arbitrarily selected 128 bits value |
5G-AKA |
|||
|
Authentication parameter AUTN (5G authentication challenge) |
Not Present |
EAP-AKA |
||
|
128 bits value generated according to TS 24.501 [28] subclause 9.11.3.15 |
5G-AKA |
|||
|
EAP message |
Not Present |
5G-AKA |
||
|
EAP message |
EAP-request/AKA’-challenge |
See Table 4.7.3.2-01 |
EAP-AKA |
|
|
Condition |
Explanation |
|
EAP_AKA |
EAP based primary authentication and key agreement procedure |
|
5G-AKA |
5G AKA based primary authentication and key agreement procedure |
NOTE: Within a test execution this message is sent without integrity protection before NAS security mode control procedure has been successfully completed; and sent integrity protected and ciphered within SECURITY PROTECTED 5GS NAS MESSAGE message after 5GS NAS security mode control procedure has been successfully completed. SS does not maintain information for 5GS NAS security mode control procedure after a TC is completed.
– Authentication response
Table 4.7.1-2: AUTHENTICATION RESPONSE
|
Derivation Path: 24.501 clause 8.2.2 |
||||
|
Information Element |
Value/remark |
Comment |
Condition |
|
|
Extended protocol discriminator |
5GMM |
|||
|
Security header type |
’0000’B |
Plain 5GS NAS message, not security protected |
||
|
Spare half octet |
‘0000’B |
|||
|
Authentication response message identity |
‘0101 0111’B |
|||
|
Authentication response parameter |
16 octets RES* value calculated according to TS 24.501 [28] subclause 9.11.3.17 |
5G-AKA |
||
|
Not Present |
EAP-AKA |
|||
|
EAP message |
EAP-response/AKA’-challenge |
See Table 4.7.3.2-02 |
EAP-AKA |
|
|
Condition |
Explanation |
|
EAP-AKA |
EAP based primary authentication and key agreement procedure |
|
5G-AKA |
5G AKA based primary authentication and key agreement procedure |
NOTE: When sent in response to an AUTHENTICATION REQUEST message which is not integrity protected and not ciphered, the AUTHENTICATION RESPONSE message is sent integrity protected when a valid security context exists and without integrity protection and ciphering otherwise.
– Authentication result
Table 4.7.1-3: AUTHENTICATION RESULT
|
Derivation Path: 24.501 clause 8.2.3 |
||||
|
Information Element |
Value/remark |
Comment |
Condition |
|
|
Extended protocol discriminator |
5GMM |
|||
|
Security header type |
’0000’B |
Plain 5GS NAS message, not security protected |
||
|
Spare half octet |
‘0000’B |
|||
|
Authentication result message identity |
‘0101 1010’B |
|||
|
ngKSI |
The same value as the last AUTHENTICATION REQUEST message |
|||
|
Spare half octet |
‘0000’B |
|||
|
EAP message |
EAP-Success |
See Table 4.7.3.2-03 |
||
|
ABBA |
‘0000 0000 0000 0000’B |
|||
NOTE: The security protection of this message is the same as the previous AUTHENTICATION REQUEST message.
– Authentication failure
Table 4.7.1-4: AUTHENTICATION FAILURE
|
Derivation Path: 24.501 clause 8.2.4 |
||||
|
Information Element |
Value/remark |
Comment |
Condition |
|
|
Extended protocol discriminator |
5GMM |
|||
|
Security header type |
’0000’B |
Plain 5GS NAS message, not security protected |
||
|
Spare half octet |
‘0000’B |
|||
|
Authentication failure message identity |
‘0101 1001’B |
|||
|
5GMM cause |
Present but contents not checked |
|||
|
Authentication failure parameter |
If present: contents not checked |
|||
NOTE: The security protection of this message is the same as the previous AUTHENTICATION REQUEST message.
– Authentication reject
Table 4.7.1-5: AUTHENTICATION REJECT
|
Derivation Path: 24.501 clause 8.2.5 |
||||
|
Information Element |
Value/remark |
Comment |
Condition |
|
|
Extended protocol discriminator |
5GMM |
|||
|
Security header type |
’0000’B |
Plain 5GS NAS message, not security protected |
||
|
Spare half octet |
‘0000’B |
|||
|
Authentication reject message identity |
‘0101 1000’B |
|||
|
EAP message |
Not present |
|||
|
EAP message |
EAP-Response/AKA-Authentication-Reject |
See Table 4.7.3.2-04 |
EAP-AKA |
|
|
Condition |
Explanation |
|
EAP-AKA |
EAP based primary authentication and key agreement procedure |
NOTE: This message is sent without integrity protection.
– Registration request
Table 4.7.1-6: REGISTRATION REQUEST
|
Derivation Path: 24.501 clause 8.2.6 |
||||
|
Information Element |
Value/remark |
Comment |
Condition |
|
|
Extended protocol discriminator |
‘0111 1110’B |
5GS mobility management messages |
||
|
Security header type |
’0000’B |
Plain 5GS NAS message, not security protected |
||
|
Spare half octet |
‘0000’B |
|||
|
Registration request message identity |
‘0100 0001’B |
|||
|
5GS registration type |
||||
|
5GS registration type value |
‘001’B |
Initial registration |
||
|
‘010’B |
MOBILITY |
|||
|
‘011’B |
PERIODIC |
|||
|
‘100’B |
EMERGENCY |
|||
|
FOR |
Present but contents not checked |
|||
|
FOR |
‘1’B |
Follow-on request pending |
EMERGENCY |
|
|
ngKSI |
Present but contents not checked |
|||
|
5GS mobile identity |
Present but contents not checked |
|||
|
Non-current native NAS key set identifier |
If present: contents not checked |
NON_CLEARTEXT_IE |
||
|
5GMM capability |
If present: contents not checked |
NON_CLEARTEXT_IE |
||
|
UE security capability |
If present: contents not checked |
|||
|
Requested NSSAI |
If present: contents not checked |
NON_CLEARTEXT_IE |
||
|
Last visited registered TAI |
If present: contents not checked |
NON_CLEARTEXT_IE |
||
|
S1 UE network capability |
If present: contents not checked |
NON_CLEARTEXT_IE |
||
|
Uplink data status |
If present: contents not checked |
NON_CLEARTEXT_IE |
||
|
PDU session status |
If present: contents not checked |
NON_CLEARTEXT_IE |
||
|
MICO indication |
If present: contents not checked |
NON_CLEARTEXT_IE |
||
|
UE status |
If present: contents not checked |
|||
|
Additional GUTI |
If present: contents not checked |
|||
|
Allowed PDU session status |
If present: contents not checked |
NON_CLEARTEXT_IE |
||
|
UE’s usage setting |
If present: contents not checked |
NOT pc_IMS AND NON_CLEARTEXT_IE |
||
|
UE’s usage setting |
Present but contents not checked |
NON_CLEARTEXT_IE |
||
|
Requested DRX parameters |
If present: contents not checked |
NON_CLEARTEXT_IE |
||
|
EPS NAS message container |
If present: contents not checked |
|||
|
LADN indication |
If present: contents not checked |
NON_CLEARTEXT_IE |
||
|
Payload container type |
If present: ‘0101’B |
UE policy container |
NON_CLEARTEXT_IE |
|
|
Payload container |
If present: contents not checked |
NON_CLEARTEXT_IE |
||
|
Network slicing indication |
If present: contents not checked |
NON_CLEARTEXT_IE |
||
|
5GS update type |
If present: contents not checked |
NON_CLEARTEXT_IE |
||
|
Mobile station classmark 2 |
If present: contents not checked |
NON_CLEARTEXT_IE |
||
|
Supported codecs |
If present: contents not checked |
NON_CLEARTEXT_IE |
||
|
NAS message container |
The complete, ciphered, REGISTRATION REQUEST message including all IEs. |
CIPHERED_MESSAGE |
||
|
EPS bearer context status |
If present: contents not checked |
NON_CLEARTEXT_IE |
||
|
Requested extended DRX parameters |
If present: contents not checked |
NON_CLEARTEXT_IE |
||
|
T3324 value |
If present: contents not checked |
NON_CLEARTEXT_IE |
||
|
UE radio capability ID |
If present: contents not checked |
NON_CLEARTEXT_IE |
||
|
Requested mapped NSSAI |
If present: contents not checked |
NON_CLEARTEXT_IE |
||
|
Additional information requested |
If present: contents not checked |
NON_CLEARTEXT_IE |
||
|
Requested WUS assistance information |
If present: contents not checked |
NON_CLEARTEXT_IE |
||
|
N5GC indication |
If present: contents not checked |
NON_CLEARTEXT_IE |
||
|
Requested NB-N1 mode DRX parameters |
If present: contents not checked |
NON_CLEARTEXT_IE |
||
|
Condition |
Explanation |
|
INITIAL |
Initial registration |
|
MOBILITY |
Mobility registration updating |
|
PERIODIC |
Periodic registration updating |
|
EMERGENCY |
Emergency registration |
|
NON_CLEARTEXT_IE |
An information element that is not allowed to be sent in cleartext and shall only be included in the complete REGISTRATION REQUEST message in the NAS message container IE. |
|
CIPHERED_MESSAGE |
If any of the IEs marked with the condition NON_CLEARTEXT_IE is present, and the UE has a valid 5G NAS security context, this condition applies. |
NOTE: This message is sent interity protected when a valid security context exists otherwise sent without integrity protection, including only cleartext IEs.
– Registration accept
Table 4.7.1-7: REGISTRATION ACCEPT
|
Derivation Path: 24.501 clause 8.2.7 |
||||
|
Information Element |
Value/remark |
Comment |
Condition |
|
|
Extended protocol discriminator |
‘0111 1110’B |
5GS mobility management messages |
||
|
Security header type |
’0000’B |
Plain 5GS NAS message, not security protected |
||
|
Spare half octet |
‘0000’B |
|||
|
Registration accept message identity |
‘0100 0010’B |
|||
|
5GS registration result |
||||
|
5GS registration result value |
‘001’B |
3GPP access |
||
|
SMS allowed |
‘0’B |
SMS over NAS not allowed |
||
|
5G-GUTI |
See Table 4.4.2-3 |
For 5GC NAS test cases see Table 6.3.2.2-1 |
||
|
Equivalent PLMNs |
Not Present |
|||
|
TAI list |
||||
|
Length of tracking area identity list contents |
‘0000 0111’B |
7 octets |
||
|
Partial tracking area identity list 1 |
||||
|
Number of elements |
‘0 0000’B |
1 element |
||
|
Type of list |
’00’B |
list of TACs belonging to one PLMN, with non-consecutive TAC values |
||
|
MCC |
See Table 4.4.2-3 |
For 5GC NAS test cases see Table 6.3.2.2-1 |
||
|
MNC |
See Table 4.4.2-3 |
For 5GC NAS test cases see Table 6.3.2.2-1 |
||
|
TAC 1 |
See Table 4.4.2-3 |
For 5GC NAS test cases see Table 6.3.2.2-1 |
||
|
Allowed NSSAI |
||||
|
Length of NSSAI contents |
4 entries |
Equal to the number of S-NSSAI values included |
||
|
S-NSSAI |
||||
|
Length of S-NSSAI contents |
‘0000 0001’B |
SST |
||
|
SST |
‘0000 0001’B |
SST value 1 (eMBB) |
||
|
S-NSSAI |
||||
|
Length of S-NSSAI contents |
‘0000 0001’B |
SST |
||
|
SST |
‘0000 0010’B |
SST value 2 (URLLC) |
||
|
S-NSSAI |
||||
|
Length of S-NSSAI contents |
‘0000 0001’B |
SST |
||
|
SST |
‘0000 0011’B |
SST value 3 (MIoT) |
||
|
S-NSSAI |
||||
|
Length of S-NSSAI contents |
‘0000 0001’B |
SST |
||
|
SST |
‘0000 0100’B |
SST value 4 (V2X) |
||
|
Rejected NSSAI |
Not Present |
|||
|
Configured NSSAI |
Not Present |
|||
|
5GS network feature support |
‘0000 1101 0000 0000 0000 0000’B |
IMS voice over PS session supported over 3GPP access, Emergency services supported in NR connected to 5GCN and E-UTRA connected to 5GCN. All other features set to "not supported" including the ‘Interworking without N26 interface not supported’. |
||
|
5GS network feature support |
Not Present |
SST_URLLC OR SST_V2X OR SST_MIOT |
||
|
PDU session status |
The same value as the PDU session status IEof the most recently received REGISTRATION REQUEST message |
|||
|
PDU session reactivation result |
Not Present |
|||
|
PDU session reactivation result error cause |
Not Present |
|||
|
LADN information |
Not Present |
|||
|
MICO indication |
Not Present |
|||
|
Network slicing indication |
Not Present |
|||
|
Service area list |
Not Present |
|||
|
T3512 value |
INITIAL |
|||
|
Timer value |
‘0 0000’B |
|||
|
Unit |
‘111’B |
value indicates that the timer is deactivated |
||
|
T3512 value |
Not Present |
|||
|
Non-3GPP de-registration timer value |
Not Present |
|||
|
T3502 value |
Not Present |
|||
|
Emergency number list |
Not Present |
|||
|
Extended emergency number list |
Not Present |
|||
|
SOR Transparent container |
Not Present |
|||
|
EAP message |
Not Present |
|||
|
NSSAI inclusion mode |
Not Present |
|||
|
Operator-defined access category definitions |
Not Present |
|||
|
Negotiated DRX parameters |
Not Present |
|||
|
Non-3GPP NW policies |
Not Present |
|||
|
EPS bearer context status |
The same value as the EPS bearer context status IE of the most recently received REGISTRATION REQUEST message |
|||
|
Negotiated extended DRX parameters |
Not Present |
|||
|
T3447 value |
Not Present |
|||
|
T3448 value |
Not Present |
|||
|
T3324 value |
Not Present |
|||
|
UE radio capability ID |
Not Present |
|||
|
UE radio capability ID |
The same value as received in UE radio capability ID; if any of the REGISTRATION REQUEST message |
pc_5GC_RACS |
||
|
UE radio capability ID deletion indication |
Not Present |
|||
|
Pending NSSAI |
Not Present |
|||
|
Ciphering key data |
Not Present |
|||
|
CAG information list |
Not Present |
|||
|
Truncated 5G-S-TMSI configuration |
Not Present |
|||
|
Negotiated WUS assistance information |
Not Present |
|||
|
Negotiated NB-N1 mode DRX parameters |
Not Present |
|||
|
Extended rejected NSSAI |
Not Present |
|||
|
Service-level-AA container |
Not Present |
|||
|
Negotiated PEIPS assistance information |
Not Present |
|||
|
5GS additional request result |
Not Present |
|||
|
NSSRG information |
Not Present |
|||
|
Disaster roaming wait range |
Not Present |
|||
|
Disaster return wait range |
Not Present |
|||
|
List of PLMNs to be used in disaster condition |
Not Present |
|||
|
Forbidden TAI(s) for the list of "5GS forbidden tracking areas for roaming" |
Not Present |
|||
|
Forbidden TAI(s) for the list of "5GS forbidden tracking areas for regional provision of service" |
Not Present |
|||
|
Extended CAG information list |
Not Present |
|||
|
NSAG information |
Not Present |
|||
|
Condition |
Explanation |
|
INITIAL |
Initial registration |
NOTE: This message is always sent within SECURITY PROTECTED 5GS NAS MESSAGE message.
– Registration complete
Table 4.7.1-8: REGISTRATION COMPLETE
|
Derivation Path: 24.501 clause 8.2.8 |
||||
|
Information Element |
Value/remark |
Comment |
Condition |
|
|
Extended protocol discriminator |
‘0111 1110’B |
5GS mobility management messages |
||
|
Security header type |
’0000’B |
Plain 5GS NAS message, not security protected |
||
|
Spare half octet |
‘0000’B |
|||
|
Registration complete message identity |
‘0100 0011’B |
|||
|
SOR transparent container |
If present: contents not checked |
|||
NOTE: This message is always sent within SECURITY PROTECTED 5GS NAS MESSAGE message.
– Registration reject
Table 4.7.1-9: REGISTRATION REJECT
|
Derivation Path: 24.501 clause 8.2.9 |
||||
|
Information Element |
Value/remark |
Comment |
Condition |
|
|
Extended protocol discriminator |
‘0111 1110’B |
5GS mobility management messages |
||
|
Security header type |
’0000’B |
Plain 5GS NAS message, not security protected |
||
|
Spare half octet |
‘0000’B |
|||
|
Registration reject message identity |
‘0100 0100’B |
|||
|
5GMM cause |
Set according to specific message content |
|||
|
T3346 value |
Not Present |
|||
|
T3502 value |
Not Present |
|||
|
EAP message |
Not Present |
|||
|
Rejected NSSAI |
Not Present |
|||
|
CAG information list |
Not Present |
|||
|
Extended rejected NSSAI |
Not Present |
|||
|
Disaster return wait range |
Not Present |
|||
|
Extended CAG information list |
Not Present |
|||
|
Lower bound timer value |
Not Present |
|||
|
Forbidden TAI(s) for the list of "5GS forbidden tracking areas for roaming" |
Not Present |
|||
|
Forbidden TAI(s) for the list of "5GS forbidden tracking areas for regional provision of service" |
Not Present |
|||
NOTE: This message is sent without integrity protection before the secure exchange of NAS messages has been established and sent within SECURITY PROTECTED 5GS NAS MESSAGE message after the secure exchange of NAS messages has been established.
– UL NAS transport
Table 4.7.1-10: UL NAS TRANSPORT
|
Derivation Path: 24.501 clause 8.2.10 |
||||
|
Information Element |
Value/remark |
Comment |
Condition |
|
|
Extended protocol discriminator |
‘0111 1110’B |
5GS mobility management messages |
||
|
Security header type |
’0000’B |
Plain 5GS NAS message, not security protected |
||
|
Spare half octet |
‘0000’B |
|||
|
UL NAS TRANSPORT message identity |
‘0110 0111’B |
|||
|
Payload container type |
Set according to specific message content |
|||
|
Payload container type |
‘0001’B |
N1 SM information |
INITIAL_PDU_REQUEST |
|
|
Spare half octet |
‘0000’B |
|||
|
Payload container |
Set according to specific message content |
|||
|
Payload container |
PDU SESSION ESTABLISHMENT REQUEST message |
INITIAL_PDU_REQUEST |
||
|
PDU session ID |
If present: contents not checked |
|||
|
PDU session ID |
Same PDU session ID as defined in the PDU SESSION ESTABLISHMENT REQUEST message in the Payload container |
INITIAL_PDU_REQUEST |
||
|
Old PDU session ID |
If present: contents not checked |
|||
|
Request type |
If present: contents not checked |
|||
|
Request type |
‘001’B |
initial request |
INITIAL_PDU_REQUEST |
|
|
S-NSSAI |
If present: contents not checked |
|||
|
DNN |
If present: contents not checked |
(NOTE 1) |
||
|
Additional information |
If present: contents not checked |
|||
|
MA PDU session information |
If present: contents not checked |
|||
|
Release assistance indication |
If present: contents not checked |
|||
|
NOTE 1: Although the contents of the IE is not required to be verified for PASS/FAIL purposes, the provided information shall be taken into account e.g. for the building the content of messages and allowing for specific UE behaviour as specified in Table 4.8.4-1. |
||||
|
Condition |
Explanation |
|
INITIAL_PDU_REQUEST |
The UL NAS TRANSPORT message is used to transport a PDU SESSION ESTABLISHMENT REQUEST message to establish a new PDU session. |
NOTE: This message is always sent within SECURITY PROTECTED 5GS NAS MESSAGE message.
– DL NAS transport
Table 4.7.1-11: DL NAS TRANSPORT
|
Derivation Path: 24.501 clause 8.2.11 |
||||
|
Information Element |
Value/remark |
Comment |
Condition |
|
|
Extended protocol discriminator |
‘0111 1110’B |
5GS mobility management messages |
||
|
Security header type |
’0000’B |
Plain 5GS NAS message, not security protected |
||
|
Spare half octet |
‘0000’B |
|||
|
DL NAS TRANSPORT message identity |
‘0110 1000’B |
|||
|
Payload container type |
Set according to specific message content |
|||
|
Payload container type |
‘0001’B |
N1 SM information |
5GSM_MESSAGE |
|
|
Spare half octet |
‘0000’B |
|||
|
Payload container |
Set according to specific message content |
|||
|
Payload container |
5GSM message |
5GSM_MESSAGE |
||
|
PDU session ID |
Not Present |
|||
|
PDU session ID |
Set to the same value as the PDU session ID of the 5GSM message in the Payload container. |
5GSM_MESSAGE |
||
|
Additional information |
Not Present |
|||
|
5GMM cause |
Not Present |
|||
|
Back-off timer value |
Not Present |
|||
|
Lower bound timer value |
Not Present |
|||
|
Condition |
Explanation |
|
5GSM_MESSAGE |
The DL NAS TRANSPORT message is used to transport a 5GSM message |
NOTE: This message is always sent within SECURITY PROTECTED 5GS NAS MESSAGE message.
– De-registration request (UE originating de-registration)
Table 4.7.1-12: DEREGISTRATION REQUEST_1
|
Derivation Path: 24.501 clause 8.2.12 |
||||
|
Information Element |
Value/remark |
Comment |
Condition |
|
|
Extended protocol discriminator |
‘0111 1110’B |
5GS mobility management messages |
||
|
Security header type |
’0000’B |
Plain 5GS NAS message, not security protected |
||
|
Spare half octet |
‘0000’B |
|||
|
De-registration request message identity |
‘0100 0101’B |
|||
|
De-registration type |
||||
|
Switch off |
‘0’B |
NORMAL |
||
|
‘1’B |
SWITCH_OFF |
|||
|
Re-registration required |
‘0’B |
|||
|
Access type |
‘01’B |
3GPP access |
||
|
ngKSI |
Present but contents not checked |
|||
|
5GS mobile identity |
Present but contents not checked |
|||
|
Condition |
Explanation |
|
NORMAL |
Normal de-registration |
|
SWITCH_OFF |
Switch off |
NOTE: If this message is sent as an initial NAS message, it is sent with integrity protection but without ciphering. Otherwise it is sent without integrity protection and ciphering before SS has started the ciphering and integrity and ciphered protected after SS has started the ciphering.
– De-registration accept (UE originating de-registration)
Table 4.7.1-13: DEREGISTRATION ACCEPT_1
|
Derivation Path: 24.501 clause 8.2.13 |
||||
|
Information Element |
Value/remark |
Comment |
Condition |
|
|
Extended protocol discriminator |
‘0111 1110’B |
5GS mobility management messages |
||
|
Security header type |
’0000’B |
Plain 5GS NAS message, not security protected |
||
|
Spare half octet |
‘0000’B |
|||
|
De-registration accept message identity |
‘0100 0110’B |
|||
NOTE: This message is sent using the same security protection as in the previous DETACH REQUEST message received from the UE.
– De-registration request (UE terminated de-registration)
Table 4.7.1-14: DEREGISTRATION REQUEST_2
|
Derivation Path: 24.501 clause 8.2.14 |
||||
|
Information Element |
Value/remark |
Comment |
Condition |
|
|
Extended protocol discriminator |
‘0111 1110’B |
5GS mobility management messages |
||
|
Security header type |
’0000’B |
Plain 5GS NAS message, not security protected |
||
|
Spare half octet |
‘0000’B |
|||
|
De-registration request message identity |
‘0100 0111’B |
|||
|
De-registration type |
Set according to specific message content |
|||
|
Spare half octet |
‘0000’B |
|||
|
5GMM cause |
Not Present |
|||
|
T3346 value |
Not Present |
|||
|
Rejected NSSAI |
Not Present |
|||
|
CAG information list |
Not Present |
|||
|
Extended rejected NSSAI |
Not Present |
|||
|
Disaster return wait range |
Not Present |
|||
|
Extended CAG information list |
Not Present |
|||
|
Lower bound timer value |
Not Present |
|||
|
Forbidden TAI(s) for the list of "5GS forbidden tracking areas for roaming" |
Not Present |
|||
|
Forbidden TAI(s) for the list of "5GS forbidden tracking areas for regional provision of service" |
Not Present |
|||
NOTE: This message is always sent within SECURITY PROTECTED 5GS NAS MESSAGE message.
– De-registration accept (UE terminated de-registration)
Table 4.7.1-15: DEREGISTRATION ACCEPT_2
|
Derivation Path: 24.501 clause 8.2.15 |
||||
|
Information Element |
Value/remark |
Comment |
Condition |
|
|
Extended protocol discriminator |
‘0111 1110’B |
5GS mobility management messages |
||
|
Security header type |
’0000’B |
Plain 5GS NAS message, not security protected |
||
|
Spare half octet |
‘0000’B |
|||
|
De-registration accept message identity |
‘0100 1000’B |
|||
NOTE: This message is always sent within SECURITY PROTECTED 5GS NAS MESSAGE message.
– Service request
Table 4.7.1-16: SERVICE REQUEST
|
Derivation Path: 24.501 clause 8.2.16 |
||||
|
Information Element |
Value/remark |
Comment |
Condition |
|
|
Extended protocol discriminator |
‘0111 1110’B |
5GS mobility management messages |
||
|
Security header type |
’0000’B |
Plain 5GS NAS message, not security protected |
||
|
Spare half octet |
‘0000’B |
|||
|
Service request message identity |
‘0100 1100’B |
|||
|
ngKSI |
||||
|
NAS key set identifier |
The valid NAS key set identifier of the UE |
|||
|
TSC |
‘0’B |
native security context (for KSIAMF) |
||
|
Service type |
‘0010’B |
mobile terminated services |
||
|
5G-S-TMSI |
The valid 5G-S-TMSI of the UE |
|||
|
Uplink data status |
If present: contents not checked |
NON_CLEARTEXT_IE |
||
|
PDU session status |
If present: contents not checked |
NON_CLEARTEXT_IE |
||
|
Allowed PDU session status |
If present: contents not checked |
NON_CLEARTEXT_IE |
||
|
NAS message container |
If present, the complete, ciphered, SERVICE REQUEST message including all IEs. |
CIPHERED_MESSAGE |
||
|
UE request type |
If present: contents not checked |
NON_CLEARTEXT_IE |
||
|
Paging restriction |
If present: contents not checked |
NON_CLEARTEXT_IE |
||
|
Condition |
Explanation |
|
NON_CLEARTEXT_IE |
An information element that is not allowed to be sent in cleartext and shall only be included in the complete SERIVICE REQUEST message in the NAS message container IE. NOTE: This condition is only applicable if the SERVICE REQUEST message is sent as an initial NAS message. |
|
CIPHERED_MESSAGE |
If any of the IEs marked with the condition NON_CLEARTEXT_IE is present, this condition applies. NOTE: This condition is only applicable if the SERVICE REQUEST message is sent as an initial NAS message. |
NOTE: This message is sent without integrity protection, including only cleartext IEs, before NAS security mode control procedure has been successfully completed and sent within SECURITY PROTECTED 5GS NAS MESSAGE message after NAS security mode control procedure has been successfully completed
– Service accept
Table 4.7.1-17: SERVICE ACCEPT
|
Derivation Path: 24.501 clause 8.2.17 |
||||
|
Information Element |
Value/remark |
Comment |
Condition |
|
|
Extended protocol discriminator |
‘0111 1110’B |
5GS mobility management messages |
||
|
Security header type |
’0000’B |
Plain 5GS NAS message, not security protected |
||
|
Spare half octet |
‘0000’B |
|||
|
Service accept message identity |
‘0100 1110’B |
|||
|
PDU session status |
Not Present |
|||
|
PDU session reactivation result |
Not Present |
|||
|
PDU session reactivation result error cause |
Not Present |
|||
|
EAP message |
Not Present |
|||
|
T3448 value |
Not Present |
|||
|
5GS additional request result |
Not Present |
|||
|
Forbidden TAI(s) for the list of "5GS forbidden tracking areas for roaming" |
Not Present |
|||
|
Forbidden TAI(s) for the list of "5GS forbidden tracking areas for regional provision of service" |
Not Present |
|||
NOTE: This message is always sent within SECURITY PROTECTED 5GS NAS MESSAGE message.
– Service reject
Table 4.7.1-18: SERVICE REJECT
|
Derivation Path: 24.501 clause 8.2.18 |
||||
|
Information Element |
Value/remark |
Comment |
Condition |
|
|
Extended protocol discriminator |
‘0111 1110’B |
5GS mobility management messages |
||
|
Security header type |
’0000’B |
Plain 5GS NAS message, not security protected |
||
|
Spare half octet |
‘0000’B |
|||
|
Service reject message identity |
’0100 1101’B |
|||
|
5GMM cause |
The value is set according to specific message content |
|||
|
PDU session status |
Not Present |
|||
|
T3346 value |
Not Present |
|||
|
EAP message |
Not Present |
|||
|
T3448 value |
Not Present |
|||
|
CAG information list |
Not Present |
|||
|
Disaster return wait range |
Not Present |
|||
|
Extended CAG information list |
Not Present |
|||
|
Lower bound timer value |
Not Present |
|||
|
Forbidden TAI(s) for the list of "5GS forbidden tracking areas for roaming" |
Not Present |
|||
|
Forbidden TAI(s) for the list of "5GS forbidden tracking areas for regional provision of service" |
Not Present |
|||
NOTE: This message is sent without integrity protection before NAS security mode control procedure has been successfully completed and sent within SECURITY PROTECTED 5GS NAS MESSAGE message after NAS security mode control procedure has been successfully completed
– Configuration update command
Table 4.7.1-19: CONFIGURATION UPDATE COMMAND
|
Derivation Path: 24.501 clause 8.2.19 |
||||
|
Information Element |
Value/remark |
Comment |
Condition |
|
|
Extended protocol discriminator |
‘0111 1110’B |
5GS mobility management messages |
||
|
Security header type |
’0000’B |
Plain 5GS NAS message, not security protected |
||
|
Spare half octet |
‘0000’B |
|||
|
Configuration update command message identity |
‘0101 0100’B |
|||
|
Configuration update indication |
Not Present |
|||
|
5G-GUTI |
Not Present |
|||
|
TAI list |
Not Present |
|||
|
Allowed NSSAI |
Not Present |
|||
|
Service area list |
Not Present |
|||
|
Full name for network |
Not Present |
|||
|
Short name for network |
Not Present |
|||
|
Local time zone |
Not Present |
|||
|
Universal time and local time zone |
Not Present |
|||
|
Network daylight saving time |
Not Present |
|||
|
LADN information |
Not Present |
|||
|
MICO indication |
Not Present |
|||
|
Network slicing indication |
Not Present |
|||
|
Configured NSSAI |
Not Present |
|||
|
Rejected NSSAI |
Not Present |
|||
|
Operator-defined access category definitions |
Not Present |
|||
|
SMS indication |
Not Present |
|||
|
T3447 value |
Not Present |
|||
|
CAG information list |
Not Present |
|||
|
UE radio capability ID |
Not Present |
|||
|
UE radio capability ID deletion indication |
Not Present |
|||
|
5GS registration result |
Not Present |
|||
|
Truncated 5G-S-TMSI configuration |
Not Present |
|||
|
Additional configuration indication |
Not Present |
|||
|
Extended rejected NSSAI |
Not Present |
|||
|
Service-level-AA container |
Not Present |
|||
|
NSSRG information |
Not Present |
|||
|
Disaster roaming wait range |
Not Present |
|||
|
Disaster return wait range |
Not Present |
|||
|
List of PLMNs to be used in disaster condition |
Not Present |
|||
|
Extended CAG information list |
Not Present |
|||
|
Updated PEIPS assistance information |
Not Present |
|||
|
NSAG information |
Not Present |
|||
|
Priority indicator |
Not Present |
|||
NOTE: This message is always sent within SECURITY PROTECTED 5GS NAS MESSAGE message.
– Configuration update complete
Table 4.7.1-20: CONFIGURATION UPDATE COMPLETE
|
Derivation Path: 24.501 clause 8.2.20 |
||||
|
Information Element |
Value/remark |
Comment |
Condition |
|
|
Extended protocol discriminator |
‘0111 1110’B |
5GS mobility management messages |
||
|
Security header type |
’0000’B |
Plain 5GS NAS message, not security protected |
||
|
Spare half octet |
‘0000’B |
|||
|
Configuration update complete message identity |
‘0101 0101’B |
|||
NOTE: This message is always sent within SECURITY PROTECTED 5GS NAS MESSAGE message.
– Identity request
Table 4.7.1-21: IDENTITY REQUEST
|
Derivation Path: 24.501 clause 8.2.21 |
||||
|
Information Element |
Value/remark |
Comment |
Condition |
|
|
Extended protocol discriminator |
‘0111 1110’B |
5GS mobility management messages |
||
|
Security header type |
’0000’B |
Plain 5GS NAS message, not security protected |
||
|
Spare half octet |
‘0000’B |
|||
|
Identity request message identity |
‘0101 1011’B |
|||
|
Identity type |
Set according to specific message contents |
|||
|
Spare half octet |
‘0000’B |
|||
NOTE: This message is sent without integrity protection before 5GS NAS security mode control procedure has been successfully completed and sent within SECURITY PROTECTED 5GS NAS MESSAGE message after 5GS NAS security mode control procedure has been successfully completed.
– Identity response
Table 4.7.1-22: IDENTITY RESPONSE
|
Derivation Path: 24.501 clause 8.2.22 |
||||
|
Information Element |
Value/remark |
Comment |
Condition |
|
|
Extended protocol discriminator |
‘0111 1110’B |
5GS mobility management messages |
||
|
Security header type |
’0000’B |
Plain 5GS NAS message, not security protected |
||
|
Spare half octet |
‘0000’B |
|||
|
Identity response message identity |
0101 1100’B |
|||
|
Mobile identity |
Present but contents not checked |
|||
NOTE: This message is sent without integrity protection before 5GS NAS security mode control procedure has been successfully completed and sent within SECURITY PROTECTED 5GS NAS MESSAGE message after 5GS NAS security mode control procedure has been successfully completed.
– Notification
Table 4.7.1-23: NOTIFICATION
|
Derivation Path: 24.501 clause 8.2.23 |
||||
|
Information Element |
Value/remark |
Comment |
Condition |
|
|
Extended protocol discriminator |
‘0111 1110’B |
5GS mobility management messages |
||
|
Security header type |
’0000’B |
Plain 5GS NAS message, not security protected |
||
|
Spare half octet |
‘0000’B |
|||
|
Notification message identity |
‘0110 0101’B |
|||
|
Access type |
‘01’B |
3GPP access |
||
|
Spare half octet |
‘0000’B |
|||
NOTE: This message is always sent within SECURITY PROTECTED 5GS NAS MESSAGE message.
– Notification response
Table 4.7.1-24: NOTIFICATION RESPONSE
|
Derivation Path: 24.501 clause 8.2.24 |
||||
|
Information Element |
Value/remark |
Comment |
Condition |
|
|
Extended protocol discriminator |
‘0111 1110’B |
5GS mobility management messages |
||
|
Security header type |
’0000’B |
Plain 5GS NAS message, not security protected |
||
|
Spare half octet |
‘0000’B |
|||
|
Notification response message identity |
‘0110 0110’B |
|||
|
PDU session status |
If present: contents not checked |
|||
NOTE: This message is always sent within SECURITY PROTECTED 5GS NAS MESSAGE message.
– Security mode command
Table 4.7.1-25: SECURITY MODE COMMAND
|
Derivation Path: 24.501 clause 8.2.25 |
||||
|
Information Element |
Value/remark |
Comment |
Condition |
|
|
Extended protocol discriminator |
‘0111 1110’B |
5GS mobility management messages |
||
|
Security header type |
’0000’B |
Plain 5GS NAS message, not security protected |
||
|
Spare half octet |
‘0000’B |
|||
|
Security mode command message identity |
‘0101 1101’B |
|||
|
Selected NAS security algorithms |
||||
|
Type of ciphering algorithm |
Set according to PIXIT px_NAS_5GC_CipheringAlgorithm for default ciphering algorithm |
|||
|
Type of ciphering algorithm |
‘0000’B |
5G encryption algorithm 5G EA0 (null ciphering algorithm) |
For RF |
|
|
Type of integrity protection algorithm |
Set according to PIXIT px_NAS_5GC_IntegrityProtAlgorithm for default integrity protection algorithm |
This value should not be equal to the null integrity algorithm. |
||
|
ngKSI |
||||
|
NAS key set identifier |
The valid NAS key set identifier |
|||
|
TSC |
‘0’B |
native security context (for KSIAMF) |
||
|
Spare half octet |
‘0000’B |
|||
|
Replayed UE security capabilities |
Set according to the received UE security capabilities |
|||
|
IMEISV request |
Not Present |
|||
|
Selected EPS NAS security algorithms |
Not Present |
|||
|
Selected EPS NAS security algorithms |
UE_S1_SUPPORTED |
|||
|
Type of ciphering algorithm |
Set according to PIXIT px_NAS_CipheringAlgorithm for default ciphering algorithm |
The px_NAS_CipheringAlgorithm PIXIT is defined in TS 36.523-3 [x] |
||
|
Type of integrity protection algorithm |
Set according to PIXIT px_NAS_IntegrityProtAlgorithmfor default integrity protection algorithm |
The px_NAS_IntegrityProtAlgorithm is defined in TS 36.523-3 [x] |
||
|
Additional 5G security information |
Not Present |
|||
|
Additional 5G security information |
NO_VALID_SS_SECURITY_CONTEXT |
|||
|
RINMR |
‘1’B |
Retransmission of the initial NAS message requested |
||
|
HDP |
‘0’B |
KAMF derivation is not required |
||
|
EAP message |
Not Present |
|||
|
EAP message |
EAP-Success |
See Table 4.7.3.2-03 |
EAP-AKA |
|
|
ABBA |
‘0000 0000 0000 0000’B |
EAP-AKA |
||
|
Replayed S1 UE security capabilities |
Not Present |
|||
|
Replayed S1 UE security capabilities |
Set according to the received UE security capabilities in the last REGISTRATION REQUEST message |
UE_S1_SUPPORTED |
||
|
Condition |
Explanation |
|
NO_VALID_SS_SECURITY_CONTEXT |
If the SS doesn’t have a valid security context |
|
EAP_AKA |
EAP based primary authentication and key agreement procedure |
|
For RF |
Used for RF/RRM test cases |
|
UE_S1_SUPPORTED |
The UE indicated support of S1 in the last REGISTRATION REQUEST message |
NOTE: This message is always sent integrity protected with new 5GS NAS security context.
– Security mode complete
Table 4.7.1-26: SECURITY MODE COMPLETE
|
Derivation Path: 24.501 clause 8.2.26 |
||||
|
Information Element |
Value/remark |
Comment |
Condition |
|
|
Extended protocol discriminator |
‘0111 1110’B |
5GS mobility management messages |
||
|
Security header type |
’0000’B |
Plain 5GS NAS message, not security protected |
||
|
Spare half octet |
‘0000’B |
|||
|
Security mode complete message identity |
‘0101 1110’B |
|||
|
IMEISV |
Not present |
|||
|
NAS message container |
Not present |
|||
|
Complete initial NAS message |
RINMR_INDICATED |
|||
|
non-IMEISV PEI |
Not present |
|||
|
Condition |
Explanation |
|
RINMR_INDICATED |
The SS requested retransmission of the initial NAS message in the last SECURITY MODE COMMAND |
NOTE: This message is always sent within SECURITY PROTECTED 5GS NAS MESSAGE message with new 5GS NAS security context.
– Security mode reject
Table 4.7.1-27: SECURITY MODE REJECT
|
Derivation Path: 24.501 clause 8.2.27 |
||||
|
Information Element |
Value/remark |
Comment |
Condition |
|
|
Extended protocol discriminator |
‘0111 1110’B |
5GS mobility management messages |
||
|
Security header type |
’0000’B |
Plain 5GS NAS message, not security protected |
||
|
Spare half octet |
‘0000’B |
|||
|
Security mode reject message identity |
‘0101 1111’B |
|||
|
5GMM cause |
The value is set according to specific message content |
|||
NOTE: This message is sent without integrity protection before 5GS NAS security mode control procedure has been successfully completed and sent within SECURITY PROTECTED 5GS NAS MESSAGE message after 5GS NAS security mode control procedure has been successfully completed.
– Security protected 5GS NAS message
Table 4.7.1-28: SECURITY PROTECTED 5GS NAS MESSAGE
|
Derivation Path: 24.501 clause 8.2.28 |
||||
|
Information Element |
Value/remark |
Comment |
Condition |
|
|
Extended protocol discriminator |
5GMM |
|||
|
Security header type |
‘0001’B |
Integrity protected |
UNCIPHERED |
|
|
‘0010’B |
Integrity protected and ciphered |
CIPHERED |
||
|
‘0011’B |
Integrity protected with new 5G NAS security context |
UNCIPHERED-NEW |
||
|
‘0100’B |
Integrity protected and ciphered with new 5G NAS security context |
CIPHERED-NEW |
||
|
Spare half octet |
‘0000’B |
|||
|
Message authentication code |
The calculated value of MAC-I for this message. |
The value of MAC-I is calculated by SS using Sequence number sent by UE. |
SENT-BY-SS |
|
|
The same value as the XMAC-I value calculated by SS. |
SENT-BY-UE |
|||
|
Sequence number |
The internal counter of the SS |
SENT-BY-SS |
||
|
Any allowed value |
SENT-BY-UE |
|||
|
Plain 5GS NAS message |
Set according to specific message content |
|||
|
Condition |
Explanation |
|
UNCIPHERED |
This condition applies to unciphered NAS message exchange |
|
CIPHERED |
This condition applies to ciphered NAS message exchange |
|
UNCIPHERED-NEW |
This condition applies to unciphered NAS message exchange with new 5G NAS security context |
|
CIPHERED-NEW |
This condition applies to ciphered NAS message exchange with new 5G NAS security context |
|
SENT-BY-SS |
Use for the message sent from SS to UE |
|
SENT-BY-UE |
Use for the message sent from UE to SS |
– 5GMM status
Table 4.7.1-29: 5GMM STATUS
|
Derivation Path: 24.501 clause 8.2.29 |
||||
|
Information Element |
Value/remark |
Comment |
Condition |
|
|
Extended protocol discriminator |
5GMM |
|||
|
Security header type |
’0000’B |
Plain 5GS NAS message, not security protected |
||
|
Spare half octet |
‘0000’B |
|||
|
5GMM STATUS message identity |
‘0110 0100’B |
|||
|
5GMM cause |
‘0110 1111’B |
Protocol error, unspecified |
SENT-BY-SS |
|
|
Present but contents not checked |
SENT-BY-UE |
|||
|
Condition |
Explanation |
|
SENT-BY-SS |
Use for the message sent from SS to UE |
|
SENT-BY-UE |
Use for the message sent from UE to SS |
NOTE: This message is always sent within SECURITY PROTECTED 5GS NAS MESSAGE message.
– Control plane service request
Table 4.7.1-30: CONTROL PLANE SERVICE REQUEST
|
Derivation Path: 24.501 clause 8.2.30 |
||||
|
Information Element |
Value/remark |
Comment |
Condition |
|
|
Extended protocol discriminator |
‘0111 1110’B |
5GS mobility management messages |
||
|
Security header type |
’0000’B |
Plain 5GS NAS message, not security protected |
||
|
Spare half octet |
‘0000’B |
|||
|
Control plane service request message identity |
‘0100 1111’B |
|||
|
Control plane service type |
‘001’B |
mobile terminated request |
||
|
ngKSI |
||||
|
NAS key set identifier |
The valid NAS key set identifier of the UE |
|||
|
TSC |
‘0’B |
native security context (for KSIAMF) |
||
|
CIoT small data container |
If present: contents not checked |
NON_CLEARTEXT_IE |
||
|
Payload container type |
If present: contents not checked |
NON_CLEARTEXT_IE |
||
|
Payload container |
If present: contents not checked |
NON_CLEARTEXT_IE |
||
|
PDU session ID |
If present: contents not checked |
NON_CLEARTEXT_IE |
||
|
PDU session status |
If present: contents not checked |
NON_CLEARTEXT_IE |
||
|
Release assistance indication |
If present: contents not checked |
NON_CLEARTEXT_IE |
||
|
Uplink data status |
If present: contents not checked |
NON_CLEARTEXT_IE |
||
|
NAS message container |
If present: contents not checked |
CIPHERED_MESSAGE |
||
|
Additional information |
If present: contents not checked |
NON_CLEARTEXT_IE |
||
|
Allowed PDU session status |
If present: contents not checked |
NON_CLEARTEXT_IE |
||
|
UE request type |
If present: contents not checked |
NON_CLEARTEXT_IE |
||
|
Paging restriction |
If present: contents not checked |
NON_CLEARTEXT_IE |
||
|
Condition |
Explanation |
|
NON_CLEARTEXT_IE |
An information element that is not allowed to be sent in cleartext and shall only be included in the complete CONTROL PLANE SERIVICE REQUEST message in the NAS message container IE. NOTE: This condition is only applicable if the CONTROL PLANE SERVICE REQUEST message is sent as an initial NAS message. |
|
CIPHERED_MESSAGE |
If any of the IEs marked with the condition NON_CLEARTEXT_IE is present, this condition applies. NOTE: This condition is only applicable if the CONTROL PLANE SERVICE REQUEST message is sent as an initial NAS message. |
NOTE: This message is sent without integrity protection, including only cleartext IEs, before NAS security mode control procedure has been successfully completed and sent within SECURITY PROTECTED 5GS NAS MESSAGE message after NAS security mode control procedure has been successfully completed
– Network slice-specific authentication command
Table 4.7.1-31: NETWORK SLICE-SPECIFIC AUTHENTICATION COMMAND
|
Derivation Path: 24.501 clause 8.2.31 |
||||
|
Information Element |
Value/remark |
Comment |
Condition |
|
|
Extended protocol discriminator |
‘0111 1110’B |
5GS mobility management messages |
||
|
Security header type |
’0000’B |
Plain 5GS NAS message, not security protected |
||
|
Spare half octet |
‘0000’B |
|||
|
NETWORK SLICE-SPECIFIC AUTHENTICATION COMMAND message identity |
‘0101 0000’B |
|||
|
S-NSSAI |
Set according to specific message content |
|||
|
EAP message |
Set according to Table 4.7.3.2-1 |
See TS 24.501 [25] subclause 9.11.2.2 |
||
NOTE: This message is always sent within SECURITY PROTECTED 5GS NAS MESSAGE message.
– Network slice-specific authentication complete
Table 4.7.1-32: NETWORK SLICE-SPECIFIC AUTHENTICATION COMPLETE
|
Derivation Path: 24.501 clause 8.2.32 |
||||
|
Information Element |
Value/remark |
Comment |
Condition |
|
|
Extended protocol discriminator |
‘0111 1110’B |
5GS mobility management messages |
||
|
Security header type |
’0000’B |
Plain 5GS NAS message, not security protected |
||
|
Spare half octet |
‘0000’B |
|||
|
NETWORK SLICE-SPECIFIC AUTHENTICATION COMPLETE message identity |
‘0101 0001’B |
|||
|
S-NSSAI |
Set according to specific message content |
|||
|
EAP message |
Set according to Table 4.7.3.2-2 |
See TS 24.501 [25] subclause 9.11.2.2 |
||
NOTE: This message is always sent within SECURITY PROTECTED 5GS NAS MESSAGE message.
– Network slice-specific authentication result
Table 4.7.1-33: NETWORK SLICE-SPECIFIC AUTHENTICATION RESULT
|
Derivation Path: 24.501 clause 8.2.33 |
||||
|
Information Element |
Value/remark |
Comment |
Condition |
|
|
Extended protocol discriminator |
‘0111 1110’B |
5GS mobility management messages |
||
|
Security header type |
’0000’B |
Plain 5GS NAS message, not security protected |
||
|
Spare half octet |
‘0000’B |
|||
|
NETWORK SLICE-SPECIFIC AUTHENTICATION COMPLETE message identity |
‘0101 0010’B |
|||
|
S-NSSAI |
Set according to specific message content |
|||
|
EAP message |
EAP-Success |
See Table 4.7.3.2-3 |
NSSAA Success |
|
|
EAP-Failure |
See Table 4.7.3.2-6 |
NSSAA Failure |
||
|
Condition |
Explanation |
|
NSSAA Success |
Network slice-specific authentication succeeds |
|
NSSAA Failure |
Network slice-specific authentication fails |
NOTE: This message is always sent within SECURITY PROTECTED 5GS NAS MESSAGE message.
– Relay key request
Table 4.7.1-34: RELAY KEY REQUEST
|
Derivation Path: 24.501 clause 8.2.34 |
||||
|
Information Element |
Value/remark |
Comment |
Condition |
|
|
Extended protocol discriminator |
‘0111 1110’B |
5GS mobility management messages |
||
|
Security header type |
’0000’B |
Plain 5GS NAS message, not security protected |
||
|
Spare half octet |
‘0000’B |
|||
|
Relay key request message identity |
‘0110 1001’B |
|||
|
PRTI |
FFS |
|||
|
Relay key request parameters |
FFS |
|||
NOTE: This message is always sent within SECURITY PROTECTED 5GS NAS MESSAGE message.
– Relay key accept
Table 4.7.1-35: RELAY KEY ACCEPT
|
Derivation Path: 24.501 clause 8.2.35 |
||||
|
Information Element |
Value/remark |
Comment |
Condition |
|
|
Extended protocol discriminator |
‘0111 1110’B |
5GS mobility management messages |
||
|
Security header type |
’0000’B |
Plain 5GS NAS message, not security protected |
||
|
Spare half octet |
‘0000’B |
|||
|
Relay key accept message identity |
‘0110 1010’B |
|||
|
PRTI |
FFS |
|||
|
EAP message |
FFS |
|||
|
Relay key response parameters |
FFS |
|||
NOTE: This message is always sent within SECURITY PROTECTED 5GS NAS MESSAGE message.
– Relay key reject
Table 4.7.1-36: RELAY KEY REJECT
|
Derivation Path: 24.501 clause 8.2.36 |
||||
|
Information Element |
Value/remark |
Comment |
Condition |
|
|
Extended protocol discriminator |
‘0111 1110’B |
5GS mobility management messages |
||
|
Security header type |
’0000’B |
Plain 5GS NAS message, not security protected |
||
|
Spare half octet |
‘0000’B |
|||
|
Relay key reject message identity |
‘0110 1011’B |
|||
|
PRTI |
FFS |
|||
|
EAP message |
FFS |
|||
NOTE: This message is always sent within SECURITY PROTECTED 5GS NAS MESSAGE message.
– Relay authentication request
Table 4.7.1-37: RELAY AUTHENTICATION REQUEST
|
Derivation Path: 24.501 clause 8.2.37 |
||||
|
Information Element |
Value/remark |
Comment |
Condition |
|
|
Extended protocol discriminator |
‘0111 1110’B |
5GS mobility management messages |
||
|
Security header type |
’0000’B |
Plain 5GS NAS message, not security protected |
||
|
Spare half octet |
‘0000’B |
|||
|
Relay authentication request message identity |
‘0110 1100’B |
|||
|
PRTI |
FFS |
|||
|
EAP message |
FFS |
|||
NOTE: This message is always sent within SECURITY PROTECTED 5GS NAS MESSAGE message.
– Relay authentication response
Table 4.7.1-38: RELAY AUTHENTICATION RESPONSE
|
Derivation Path: 24.501 clause 8.2.37 |
||||
|
Information Element |
Value/remark |
Comment |
Condition |
|
|
Extended protocol discriminator |
‘0111 1110’B |
5GS mobility management messages |
||
|
Security header type |
’0000’B |
Plain 5GS NAS message, not security protected |
||
|
Spare half octet |
‘0000’B |
|||
|
Relay authentication response message identity |
‘0110 1101’B |
|||
|
PRTI |
FFS |
|||
|
EAP message |
FFS |
|||
NOTE: This message is always sent within SECURITY PROTECTED 5GS NAS MESSAGE message.