The LMF invokes the Nlmf_Broadcast_CipheringKeyData
Notify service operation towards the AMF carrying one or more ciphering keys used to cipher network assistance data that is broadcast to UEs according to the procedure in clause 6.14.1
. For each ciphering key, the LMF includes a ciphering key value, a ciphering key identifier, a validity period, a set of applicable tracking areas and a set of applicable types of broadcast assistance data.
The LMF may send a new ciphering key to the AMF at a time T1 if this will start to be used to cipher network assistance data at a later time T2 (e.g. will replace a previous ciphering key which expires at time T2). The value of (T2 - T1) should exceed the longest periodic registration timer of any UE subscribed to receive ciphering keys to ensure that periodic registration can be used to request new ciphering keys as described in note 2.
The AMF stores the ciphering keys including the validity periods, applicable tracking areas and the types of applicable broadcast assistance data.
A UE sends a Registration Request to a RAN node. The Registration Request may be sent as part of normal mobility management, A Registration Request may also be sent specifically to request and obtain ciphering keys. The UE includes in the Registration Request an indication that ciphering keys are requested. Other details of the Registration Request are as defined in TS 23.502
A UE should request new ciphering keys using a Registration Request caused by periodic registration if the remaining validity period for one or more ciphering keys received earlier by the UE is less than the periodic registration timer value. This can help avoid all UEs initiating a Registration procedure at the same time to obtain new ciphering keys when a validity period for a ciphering key is about to expire. A UE should also request new ciphering keys for a Registration Request caused by entering a new tracking area if previous ciphering keys are not applicable to the new tracking area.
The RAN node selects the AMF if the UE is in CM IDLE state or determines the AMF for CM CONNECTED state.
The RAN node forwards the Registration Request to the AMF.
The AMF returns a Registration Accept to the RAN node as defined in TS 23.502
. If the UE is subscribed to receive ciphered broadcast data, the AMF includes in the Registration Accept one or more ciphering keys applicable to the current tracking area for the UE. The AMF also includes for each ciphering key the ciphering key value, the ciphering key identifier, the validity period, the set of applicable tracking areas and the set of applicable types of broadcast assistance data.
The AMF does not need to keep a record of ciphering keys delivered to a UE and may instead send all ciphering keys stored at step 2 that are applicable to the current tracking area, for which the UE has a subscription and whose validity period has not yet expired.
The RAN node forwards the Registration Accept to the UE. The UE may start to use each ciphering key to decipher network assistance data that is broadcast according to the procedure in clause 6.14.1
once the validity period for the ciphering key has started and if the UE is currently in an applicable tracking area. The UE shall cease using a ciphering key when entering a tracking area not applicable to the ciphering key. The UE shall cease using and shall delete a ciphering key when the validity period for the ciphering key has expired.
A UE that receives no ciphering keys in response to a request for ciphering keys may assume that the UE does not have a subscription to receive ciphering keys in the serving PLMN.
The AMF deletes all information for a ciphering key when the validity period has expired.