Content for  TS 24.501  Word version:  18.1.0

The UE shall support acting as EAP-AKA' peer as specified in IETF RFC 5448. The AUSF may support acting as EAP-AKA' server as specified in IETF RFC 5448. The AAA server of the Credentials Holder (CH) or the Default Credentials Server (DCS) may support acting as EAP-AKA' server as specified in IETF RFC 5448. The EAP-AKA' enables mutual authentication of the UE and the network. The UE can reject the EAP-request/AKA'-challenge message sent by the network. The UE shall proceed with an EAP-request/AKA'-challenge message only if a USIM is present. During a successful EAP based primary authentication and key agreement procedure, the CK and IK are computed by the USIM. CK and IK are then used by the ME as key material to generate an EMSK or MSK.

In order to initiate the EAP based primary authentication and key agreement procedure using EAP-AKA', the AUSF or the AAA server of the CH or the DCS shall send an EAP-request/AKA'-challenge message as specified in IETF RFC 5448. The AUSF or the AAA server of the CH or the DCS shall set the AT_KDF_INPUT attribute of the EAP-request/AKA'-challenge message to the SNN. The SNN is in format described in subclause 9.12.1. The AUSF or the AAA server of the CH or the DCS may include AT_RESULT_IND attribute in the EAP-request/AKA'-challenge message. The network shall select an ngKSI value. If an ngKSI is contained in an initial NAS message during a 5GMM procedure, the network shall select a different ngKSI value. The network shall send the selected ngKSI value to the UE along with each EAP message. The network shall send the ABBA value as described in subclause 9.11.3.10 to the UE along with the EAP request message and EAP-success message. Upon receiving an EAP-request/AKA'-challenge message, the UE shall check whether the UE has a USIM, shall check the key derivation function indicated in AT_KDF attributes as specified in RFC 5448, and if the value of the Key derivation function field within the received AT_KDF attribute, is of value 1, shall check:

1. whether the network name field of the AT_KDF_INPUT attribute is the SNN constructed according to subclause 9.12.1; and
2. whether the network name field of the AT_KDF_INPUT attribute matches the PLMN identity or the SNPN identity of the selected SNPN saved in the UE.

When not operating in SNPN access operation mode, the PLMN identity the UE uses for the above network name check is as follows:

1. when the UE moves from 5GMM-IDLE mode to 5GMM-CONNECTED mode, until the first handover, the UE shall use the PLMN identity of the selected PLMN; and
2. after handover or inter-system change to N1 mode in 5GMM-CONNECTED mode:
   1. if the target cell is not a shared network cell, the UE shall use the PLMN identity received as part of the broadcast system information;
   2. if the target cell is a shared network cell and the UE has a valid 5G-GUTI, the UE shall use the PLMN identity that is part of the 5G-GUTI; and
   3. if the target cell is a shared network cell and the UE has a valid 4G-GUTI, but not a valid 5G-GUTI, the UE shall use the PLMN identity that is part of the 4G-GUTI.

When operating in SNPN access operation mode, the SNPN identity the UE uses for the above network name check is the SNPN identity of the selected SNPN.

If a USIM is present and the SNN check is successful, the UE shall handle the EAP-request/AKA'-challenge message as specified in IETF RFC 5448. The USIM shall derive CK and IK and compute the authentication response (RES) using the 5G authentication challenge data received from the ME, and pass RES to the ME. The ME shall derive CK' and IK' from CK and IK, and if the UE operates in SNPN access operation mode and the credentials in the USIM contain an indication to use MSK for derivation of KAUSF after success of primary authentication and key agreement procedure then derive MSK from CK' and IK' otherwise derive EMSK from CK' and IK'. Furthermore, if the UE operates in SNPN access operation mode and the credentials in the USIM contain an indication to use MSK for derivation of KAUSF after success of primary authentication and key agreement procedure then the ME may generate a new KAUSF from the MSK otherwise the ME may generate a new KAUSF from the EMSK. If the ME generates a new KAUSF, the ME shall generate a new KSEAF from the new KAUSF, and the KAMF from the ABBA received together with the EAP-request/AKA'-challenge message, and the new KSEAF as described in TS 33.501, and create a partial native 5G NAS security context identified by the ngKSI value received together with the EAP-request/AKA'-challenge message in subclause 5.4.1.2.4.2 in the volatile memory of the ME. If the KAMF and the partial native 5G NAS security context are created, the ME shall store the KAMF in the created partial native 5G NAS security context, and shall send an EAP-response/AKA'-challenge message as specified in RFC 5448. The ME shall not use the new KAUSF in the verification of SOR transparent container and UE parameters update transparent container, if any are received, until receipt of an EAP-success message. If the EAP-request/AKA'-challenge message contains AT_RESULT_IND attribute, the UE may include AT_RESULT_IND attribute in the EAP-response/AKA'-challenge message as specified in RFC 5448.

If a USIM is present, the SNN check fails or the UE does not accept AUTN during handling of the EAP-request/AKA'-challenge message as specified in RFC 5448, the UE shall send an EAP-response/AKA'-authentication-reject message as specified in RFC 5448. If a USIM is present, the SNN check is successful but the UE detects that the sequence number in AUTN is not correct during handling of the EAP-request/AKA'-challenge message as specified in RFC 5448, the UE shall send an EAP-response/AKA'-synchronization-failure message as specified in RFC 5448. If a USIM is present, the SNN check is successful, the sequence number in AUTN is correct and the UE detects another error during handling of the EAP-request/AKA'-challenge message as specified in RFC 5448, the UE shall send an EAP-response/AKA'-client-error message as specified in RFC 5448. If a USIM is not present, the UE shall send an EAP-response/AKA'-client-error message as specified in RFC 5448. For any of the above, the UE shall start timer T3520 when the AUTHENTICATION RESPONSE message containing the EAP-response message is sent. Furthermore, the UE shall stop any of the timers T3510, T3517 or T3521 (if they were running). Upon receiving an AUTHENTICATION REQUEST message with the EAP message IE containing an EAP-request/AKA'-challenge from the network, the UE shall stop timer T3520, if running, and then process the EAP-request/AKA'-challenge information as normal.

Upon reception of the EAP-response/AKA'-challenge message, if procedures for handling an EAP-response/AKA'-challenge message as specified in IETF RFC 5448 are successful and:

1. the AUSF acts as the EAP-AKA' server, the AUSF shall generate EMSK, the KAUSF from the EMSK, and the KSEAF from the KAUSF as described in TS 33.501; or
2. the AAA server of the CH or the DCS acts as the EAP-AKA' server, the AAA server of the CH or the DCS shall generate MSK as described in TS 33.501;

and:

1. if the AUSF or the AAA server of the CH or the DCS included the AT_RESULT_IND attribute in the EAP-request/AKA'-challenge message and the AT_RESULT_IND attribute is included in the corresponding EAP-response/AKA'-challenge message, the AUSF or the AAA server of the CH or the DCS shall send an EAP-request/AKA'-notification message as specified in IETF RFC 5448; or
2. if the AUSF or the AAA server of the CH or the DCS:
   1. included the AT_RESULT_IND attribute in the EAP-request/AKA'-challenge message and the AT_RESULT_IND attribute is not included in the EAP-response/AKA'-challenge message; or
   2. did not include the AT_RESULT_IND attribute in the EAP-request/AKA'-challenge message;
   then the AUSF or the AAA server of the CH or the DCS shall send an EAP-success message as specified in IETF RFC 5448 and shall consider the procedure complete.

Upon receiving an EAP-request/AKA'-notification message, the UE shall send an EAP-response/AKA'-notification message as specified in RFC 5448.

If the AUSF or the AAA server of the CH or the DCS decides to initiate the EAP based identification procedure, the AUSF or the AAA server of the CH or the DCS shall send an EAP-Request/Identity or EAP-Request/AKA'-Identity message as specified in IETF RFC 5448. The AMF shall encapsulate the EAP-Request/Identity or EAP-Request/AKA'-Identity message in the AUTHENTICATION REQUEST message and send it to the UE.

Upon receipt of the AUTHENTICATION REQUEST message with EAP-Request/Identity message the UE shall send an AUTHENTICATION RESPONSE message with EAP-Response/Identity to the network. In the EAP-Response/Identity message, the UE shall provide the requested identity according to TS 33.501 Annex F.2, in the UE identity in the EAP-Response/Identity message as specified in RFC 5448. Upon receipt of the AUTHENTICATION REQUEST message with EAP-Request/AKA'-Identity message the UE shall send an AUTHENTICATION RESPONSE message with EAP-Response/AKA'-Identity to the network. Based on the attribute received in the EAP-Request/AKA'-Identity, the UE shall provide the requested identity according to TS 33.501 Annex F.2, in the EAP-Response/AKA'-Identity message, as specified in RFC 5448. If the EAP-Request/AKA'-Identity carries the AT_PERMANENT_REQ, the UE shall respond with EAP-Response/AKA'-Client-Error with the error code "unable to process packet".

Upon reception of the EAP-response/AKA'-notification message, if earlier procedures for handling an EAP-request/AKA'-challenge message as specified in IETF RFC 5448 were successful, the AUSF or the AAA server of the CH or the DCS shall send an EAP-success message as specified in IETF RFC 5448 and shall consider the procedure complete.

Upon receiving an EAP-success message, the ME shall:

1. delete the valid KAUSF and the valid KSEAF, if any;
2. if the ME has not generated a new KAUSF and a new KSEAF and has not created a partial native 5G NAS security context as described in subclause 5.4.1.2.2.3:
   1. if the UE operates in SNPN access operation mode and the credentials in the USIM contain an indication to use MSK for derivation of KAUSF after success of primary authentication and key agreement procedure then generate a new KAUSF from the MSK otherwise generate a new KAUSF from the EMSK;
   2. When the UE is registering or registered for onboarding services in SNPN, credentials in the USIM do not contain an indication to use MSK for derivation of KAUSF after success of primary authentication and key agreement procedure.
   3. generate a new KSEAF from the new KAUSF, and the KAMF from the ABBA that was received with the EAP-success message, and the new KSEAF as described in TS 33.501;
   4. create a partial native 5G NAS security context identified by the ngKSI value in the volatile memory of the ME; and
   5. store the KAMF in the created partial native 5G NAS security context; and
3. consider the new KAUSF to be the valid KAUSF, and the new KSEAF to be the valid KSEAF, reset the SOR counter and the UE parameter update counter to zero, and store the valid KAUSF, the valid KSEAF, the SOR counter and the UE parameter update counter as specified in Annex C, and use the valid KAUSF in the verification of SOR transparent container and UE parameters update transparent container, if any are received.

The UE shall consider the procedure complete.

Upon reception of the EAP-response/AKA'-challenge message, if procedures for handling an EAP-response/AKA'-challenge message as specified in IETF RFC 5448 are not successful, the AUSF or the AAA server of the CH or the DCS shall send an EAP-request/AKA'-notification message that implies failure as specified in IETF RFC 5448.

Upon reception of the EAP-response/AKA'-notification message, if earlier procedures for handling an EAP-request/AKA'-challenge message as specified in IETF RFC 5448 were not successful, the AUSF or the AAA server of the CH or the DCS shall send an EAP-failure message as specified in IETF RFC 5448 and shall consider the procedure complete. If the authentication response (RES) returned by the UE in the AT_RES attribute of the EAP-response/AKA'-challenge message is not valid, the network handling depends upon the type of identity used by the UE in the initial NAS message, that is:

• if the 5G-GUTI was used; or
• if the SUCI was used.

If the 5G-GUTI was used, the network should transport the EAP-failure message in the AUTHENTICATION RESULT message of the EAP result message transport procedure, initiate an identification procedure to retrieve SUCI from the UE and restart the EAP based primary authentication and key agreement procedure with the received SUCI. If the SUCI was used for identification in the initial NAS message or in a restarted EAP based primary authentication and key agreement procedure, or the network decides not to initiate the identification procedure to retrieve SUCI from the UE after an unsuccessful EAP based primary authentication and key agreement procedure, the network should transport the EAP-failure message in an AUTHENTICATION REJECT message of the EAP result message transport procedure. Depending on local requirements or operator preference for emergency services, if the UE initiates a registration procedure with 5GS registration type IE set to "emergency registration" and the AMF is configured to allow emergency registration without user identity, the AMF needs not follow the procedures specified for transporting the EAP-failure message in the AUTHENTICATION REJECT message of the EAP result message transport procedure in the present subclause. The AMF may include the EAP-failure message in a response of the current 5GMM specific procedure or in the AUTHENTICATION RESULT of the EAP result message transport procedure.

Upon receiving an EAP-failure message, the UE shall delete the partial native 5G NAS security context and shall delete the new KAUSF and the new KSEAF, if any were created as described in subclause 5.4.1.2.2.3. The UE shall consider the procedure complete. If the EAP-failure message is received in an AUTHENTICATION REJECT message:

1. if the AUTHENTICATION REJECT message has been successfully integrity checked by the NAS:
   • the UE shall set the update status to 5U3 ROAMING NOT ALLOWED, delete the stored 5G-GUTI, TAI list, last visited registered TAI and ngKSI;
     In case of PLMN, the USIM shall be considered invalid until switching off the UE or the UICC containing the USIM is removed.
     In case of SNPN, if the UE is neither registered for onboarding services in SNPN nor performing initial registration for onboarding services in SNPN and the UE does not support access to an SNPN using credentials from a credentials holder, the entry of the "list of subscriber data" with the SNPN identity of the current SNPN shall be considered invalid until the UE is switched off or the entry is updated. Additionally, the UE shall consider the USIM as invalid for the current SNPN until switching off or the UICC containing the USIM is removed.
     In case of SNPN, if the UE is neither registered for onboarding services in SNPN nor performing initial registration for onboarding services in SNPN and the UE supports access to an SNPN using credentials from a credentials holder, the UE shall consider the selected entry of the "list of subscriber data" as invalid until the UE is switched off or the entry is updated. Additionally, the UE shall consider the USIM as invalid for the entry until switching off or the UICC containing the USIM is removed.
     If the UE is registered for onboarding services in SNPN or is performing initial registration for onboarding services in SNPN, the UE shall store the SNPN identity in the "permanently forbidden SNPNs" list for onboarding services, enter state 5GMM-DEREGISTERED.PLMN-SEARCH, and perform an SNPN selection or an SNPN selection for onboarding services according to TS 23.122;
   • if the UE is neither registered for onboarding services in SNPN nor performing initial registration for onboarding services in SNPN, the UE shall set:
     1. the counter for "SIM/USIM considered invalid for GPRS services" events, the counter for "USIM considered invalid for 5GS services over non-3GPP access" events, and the counter for "SIM/USIM considered invalid for non-GPRS services" events if maintained by the UE, in case of PLMN; or
     2. the counter for "the entry for the current SNPN considered invalid for 3GPP access" events and the counter for "the entry for the current SNPN considered invalid for non-3GPP access" events in case of SNPN;
     to UE implementation-specific maximum value.
     If the UE is registered for onboarding services in SNPN or performing initial registration for onboarding services in SNPN, the UE shall set the SNPN-specific attempt counter for the current SNPN to the UE implementation-specific maximum value; and
   • if the UE is operating in single-registration mode, the UE shall handle EMM parameters, 4G-GUTI, last visited registered TAI, TAI list and eKSI as specified in TS 24.301 for the case when the authentication procedure is not accepted by the network. The USIM shall be considered as invalid also for non-EPS services until switching off or the UICC containing the USIM is removed; and
2. if the AUTHENTICATION REJECT message is received without integrity protection, the UE shall start timer T3247 with a random value uniformly drawn from the range between 30 minutes and 60 minutes, if the timer is not running (see subclause 5.3.20).
   Additionally, if the UE is neither registered for onboarding services in SNPN nor performing initial registration for onboarding services in SNPN, the UE shall:
   1. if the AUTHENTICATION REJECT message is received over 3GPP access, and the counter for "SIM/USIM considered invalid for GPRS services" events in case of PLMN or the counter for "the entry for the current SNPN considered invalid for 3GPP access" events in case of SNPN has a value less than a UE implementation-specific maximum value, proceed as specified in subclause 5.3.20, list item 1)-a) of subclause 5.3.20.2 (if the UE is not operating in SNPN access operation mode) or list item a)-1) of subclause 5.3.20.3 (if the UE is operating in SNPN access operation mode) for the case that the 5GMM cause value received is #3;
   2. if the AUTHENTICATION REJECT message is received over non-3GPP access, and the counter for "USIM considered invalid for 5GS services over non-3GPP access" events in case of PLMN or the counter for "the entry for the current SNPN considered invalid for non-3GPP access" events in case of SNPN has a value less than a UE implementation-specific maximum value, proceed as specified in subclause 5.3.20, list item 1)-b) of subclause 5.3.20.2 (if the UE is not operating in SNPN access operation mode) or list item a)-2) of subclause 5.3.20.3 (if the UE is operating in SNPN access operation mode) for the case that the 5GMM cause value received is #3;
   3. otherwise:
      1. if the AUTHENTICATION REJECT message is received over 3GPP access:
         • The UE shall set the update status for 3GPP access to 5U3 ROAMING NOT ALLOWED, delete for 3GPP access only the stored 5G-GUTI, TAI list, last visited registered TAI and ngKSI.
         • In case of PLMN, the UE shall consider the USIM as invalid for 5GS services via 3GPP access and invalid for non-EPS service until switching off the UE or the UICC containing the USIM is removed.
           In case of SNPN, if the UE does not support access to an SNPN using credentials from a credentials holder, the UE shall consider the entry of the "list of subscriber data" with the SNPN identity of the current SNPN as invalid for 3GPP access until the UE is switched off or the entry is updated. Additionally, the UE shall consider the USIM as invalid for the current SNPN via 3GPP access until switching off or the UICC containing the USIM is removed.
           In case of SNPN, if the UE supports access to an SNPN using credentials from a credentials holder, the UE shall consider the selected entry of the "list of subscriber data" as invalid for 3GPP access until the UE is switched off or the entry is updated. Additionally, the UE shall consider the USIM as invalid for the entry via 3GPP access until switching off or the UICC containing the USIM is removed.
         • The UE shall set:
           • the counter for "SIM/USIM considered invalid for GPRS services" events and the counter for "SIM/USIM considered invalid for non-GPRS services" events if maintained by the UE, in case of PLMN; or
           • the counter for "the entry for the current SNPN considered invalid for 3GPP access" events in case of SNPN;
           to UE implementation-specific maximum value.
         • If the UE is operating in single-registration mode, the UE shall handle 4G-GUTI, TAI list and eKSI as specified in TS 24.301 for the case when the authentication procedure is not accepted by the network. The USIM shall be considered as invalid also for non-EPS services until switching off or the UICC containing the USIM is removed; and
      2. if the AUTHENTICATION REJECT message is received over non-3GPP access:
         • the UE shall set the update status for non-3GPP access to 5U3 ROAMING NOT ALLOWED, delete for non-3GPP access only the stored 5G-GUTI, TAI list, last visited registered TAI and ngKSI;
         • in case of PLMN, the UE shall consider the USIM as invalid for 5GS services via non-3GPP access until switching off the UE or the UICC containing the USIM is removed.
           In case of SNPN, the UE shall consider the entry of the "list of subscriber data" with the SNPN identity of the current SNPN as invalid for non-3GPP access until the UE is switched off or the entry is updated. Additionally, the UE shall consider the USIM as invalid for the current SNPN and for non-3GPP access until switching off or the UICC containing the USIM is removed; and
         • the UE shall set:
           • the counter for "USIM considered invalid for 5GS services over non-3GPP access" events to UE implementation-specific maximum value in case of PLMN; or
           • the counter for "the entry for the current SNPN considered invalid for non-3GPP access" events to UE implementation-specific maximum value in case of SNPN.
   If the UE is registered for onboarding services in SNPN or performing initial registration for onboarding services in SNPN, the UE shall:
   1. if the SNPN-specific attempt counter for the SNPN sending the AUTHENTICATION REJECT message has a value less than a UE implementation-specific maximum value, increment the SNPN-specific attempt counter for the SNPN; or
   2. otherwise, the UE shall set the update status to 5U3.ROAMING NOT ALLOWED, delete the stored 5G-GUTI, TAI list, last visited registered TAI, and ngKSI, store the SNPN identity in the "permanently forbidden SNPNs" list for onboarding services, enter state 5GMM-DEREGISTERED.PLMN-SEARCH, and perform an SNPN selection or an SNPN selection for onboarding services according to TS 23.122.

If the AUTHENTICATION REJECT message is received by the UE, the UE shall abort any 5GMM signalling procedure, stop any of the timers T3510, T3517, T3519 or T3521 (if they were running), enter state 5GMM-DEREGISTERED and delete any stored SUCI.

The following abnormal cases can be identified:

1. EAP-request/AKA'-challenge message with the key derivation function indicated in AT_KDF attributes set to a value other than 1.
   The UE shall act as specified in Section 3.2 of RFC 5448 for the case when the AUTN had been incorrect.

The UE may support acting as EAP-TLS peer as specified in TS 33.501. The AUSF may support acting as EAP-TLS server as specified in TS 33.501. The AAA server of the CH or the DCS may support acting as EAP server of such EAP method as specified in TS 23.501. The EAP-TLS enables mutual authentication of the UE and the network. When initiating an EAP based primary authentication and key agreement procedure using EAP-TLS, the network shall select an ngKSI value. If an ngKSI is contained in an initial NAS message during a 5GMM procedure, the network shall select a different ngKSI value. The network shall send the selected ngKSI value to the UE along with each EAP message. The network shall send the ABBA value as described in subclause 9.11.3.10 to the UE along with the EAP-request message and EAP-success message. When the EAP based primary authentication and key agreement procedure uses EAP-TLS:

1. if the UE operates in SNPN access operation mode and:
   1. the default UE credentials for primary authentication, if the UE is registering or registered for onboarding services in SNPN; or
   2. credentials in the selected entry of the "list of subscriber data", if the UE is not registering or registered for onboarding services in SNPN;
   contain an indication to use MSK for derivation of KAUSF after success of primary authentication and key agreement procedure then the ME shall generate MSK as described in TS 33.501 otherwise the ME shall generate EMSK as described in TS 33.501;
2. if the AUSF acts as the EAP-TLS server, the AUSF shall generate EMSK as described in TS 33.501; and
3. if the AAA server of the CH or the DCS acts as the EAP-TLS server, the AAA server of the CH or the DCS shall generate MSK as described in TS 33.501.

When handling of an EAP-request message results into generation of MSK or EMSK, if the UE operates in SNPN access operation mode and:

1. the default UE credentials for primary authentication, if the UE is registering or registered for onboarding services in SNPN; or
2. credentials in the selected entry of the "list of subscriber data", if the UE is not registering or registered for onboarding services in SNPN;

contain an indication to use MSK for derivation of KAUSF after success of primary authentication and key agreement procedure, then the ME may generate a new KAUSF from the MSK otherwise the ME may generate a new KAUSF from the EMSK. If the ME generates a new KAUSF, the ME shall generate a new KSEAF from the new KAUSF, and the KAMF from the ABBA received together with the EAP-request message, and the new KSEAF as described in TS 33.501, and create a partial native 5G NAS security context identified by the ngKSI value received together with the EAP-request message in subclause 5.4.1.2.4.2, in the volatile memory of the ME. If the KAMF and the partial native 5G NAS security context are created, the ME shall store the KAMF in the created partial native 5G NAS security context. The ME shall not use the new KAUSF in the verification of SOR transparent container and UE parameters update transparent container, if any are received, until receipt of an EAP-success message. When the AUSF acts as the EAP-TLS server and handling of an EAP response message results into generation of EMSK, the AUSF shall generate the KAUSF from the EMSK, and the KSEAF from the KAUSF as described in TS 33.501. If the UE does not accept the server certificate of the network, the UE shall start timer T3520 when the AUTHENTICATION RESPONSE message containing the EAP-response message is sent. Furthermore, the UE shall stop any of the retransmission timers that are running (e.g. T3510, T3517 or T3521). Upon receiving an AUTHENTICATION REQUEST message with the EAP message IE containing an EAP-request message from the network, the UE shall stop timer T3520, if running, and then process the EAP-request message as normally. If the network does not accept the client certificate of the UE, the network handling depends upon the type of identity used by the UE in the initial NAS message, that is:

• if the 5G-GUTI was used; or
• if the SUCI was used.

If the 5G-GUTI was used, the network should transport the EAP-failure message in the AUTHENTICATION RESULT message of the EAP result message transport procedure, initiate an identification procedure to retrieve SUCI from the UE and restart the EAP based primary authentication and key agreement procedure with the received SUCI. If the SUCI was used for identification in the initial NAS message or in a restarted EAP based primary authentication and key agreement procedure, or the network decides not to initiate the identification procedure to retrieve SUCI from the UE after an unsuccessful the EAP based primary authentication and key agreement procedure, the network should transport the EAP-failure message in an AUTHENTICATION REJECT message of the EAP result message transport procedure. Depending on local requirements or operator preference for emergency services, if the UE initiates a registration procedure with 5GS registration type IE set to "emergency registration" and the AMF is configured to allow emergency registration without user identity, the AMF needs not follow the procedures specified for transporting the EAP-failure message in the AUTHENTICATION REJECT message of the EAP result message transport procedure in the present subclause. The AMF may include the EAP-failure message in a response of the current 5GMM specific procedure or in the AUTHENTICATION RESULT of the EAP result message transport procedure. If the EAP-failure message is received in an AUTHENTICATION REJECT message:

1. if the AUTHENTICATION REJECT message has been successfully integrity checked by the NAS:
   1. the UE shall set the update status to 5U3 ROAMING NOT ALLOWED, delete the stored 5G-GUTI, TAI list, last visited registered TAI and ngKSI.
      In case of PLMN, the USIM shall be considered invalid until switching off the UE or the UICC containing the USIM is removed.
      In case of SNPN, if the UE is neither registered for onboarding services in SNPN nor performing initial registration for onboarding services in SNPN and the UE does not support access to an SNPN using credentials from a credentials holder, the entry of the "list of subscriber data" with the SNPN identity of the current SNPN shall be considered invalid until the UE is switched off or the entry is updated;
      In case of SNPN, if the UE is neither registered for onboarding services in SNPN nor performing initial registration for onboarding services in SNPN and the UE supports access to an SNPN using credentials from a credentials holder, the UE shall consider the selected entry of the "list of subscriber data" as invalid until the UE is switched off or the entry is updated.
      If the UE is registered for onboarding services in SNPN or is performing initial registration for onboarding services in SNPN, the UE shall store the SNPN identity in the "permanently forbidden SNPNs" list for onboarding services, enter state 5GMM-DEREGISTERED.PLMN-SEARCH, and perform an SNPN selection or an SNPN selection for onboarding services according to TS 23.122;
   2. if the UE is neither registered for onboarding services in SNPN nor performing initial registration for onboarding services in SNPN, the UE shall set:
      1. the counter for "SIM/USIM considered invalid for GPRS services" events, the counter for "USIM considered invalid for 5GS services over non-3GPP access" events, and the counter for "SIM/USIM considered invalid for non-GPRS services" events if maintained by the UE, in case of PLMN; or
      2. the counter for "the entry for the current SNPN considered invalid for 3GPP access" events and the counter for "the entry for the current SNPN considered invalid for non-3GPP access" events in case of SNPN;
      to UE implementation-specific maximum value.
      If the UE is registered for onboarding services in SNPN or performing initial registration for onboarding services in SNPN, the UE shall set the SNPN-specific attempt counter for the current SNPN to the UE implementation-specific maximum value; and
   3. if the UE is operating in single-registration mode, the UE shall handle EMM parameters, 4G-GUTI, last visited registered TAI, TAI list and eKSI as specified in TS 24.301 for the case when the authentication procedure is not accepted by the network. The USIM shall be considered as invalid also for non-EPS services until switching off or the UICC containing the USIM is removed; and
2. if the AUTHENTICATION REJECT message is received without integrity protection, the UE shall start timer T3247 with a random value uniformly drawn from the range between 30 minutes and 60 minutes, if the timer is not running (see subclause 5.3.20).
   Additionally, if the UE is neither registered for onboarding services in SNPN nor performing initial registration for onboarding services in SNPN, the UE shall:
   1. if the AUTHENTICATION REJECT message is received over 3GPP access, and the counter for "SIM/USIM considered invalid for GPRS services" events in case of PLMN or the counter for "the entry for the current SNPN considered invalid for 3GPP access" events in case of SNPN has a value less than a UE implementation-specific maximum value, proceed as specified in subclause 5.3.20, list item 1)-a) of subclause 5.3.20.2 (if the UE is not SNPN enabled or is not operating in SNPN access operation mode) or list item a) 1) of subclause 5.3.20.3 (if the UE is operating in SNPN access operation mode) for the case that the 5GMM cause value received is #3;
   2. if the AUTHENTICATION REJECT message is received over non-3GPP access, and the counter for "USIM considered invalid for 5GS services over non-3GPP access" events in case of PLMN or the counter for "the entry for the current SNPN considered invalid for non-3GPP access" events in case of SNPN has a value less than a UE implementation-specific maximum value, proceed as specified in subclause 5.3.20, list item 1)-b) of subclause 5.3.20.2 (if the UE is not operating in SNPN access operation mode) or list item a)-2) of subclause 5.3.20.3 (if the UE is operating in SNPN access operation mode) for the case that the 5GMM cause value received is #3; or
   3. otherwise:
      1. if the AUTHENTICATION REJECT message is received over 3GPP access:
         1. the UE shall set the update status for 3GPP access to 5U3 ROAMING NOT ALLOWED, delete for 3GPP access only the stored 5G-GUTI, TAI list, last visited registered TAI and ngKSI.
            In case of PLMN, the UE shall consider the USIM as invalid for 5GS services via 3GPP access and invalid for non-EPS service until switching off the UE or the UICC containing the USIM is removed.
            In case of SNPN, if the UE does not support access to an SNPN using credentials from a credentials holder, the UE shall consider the entry of the "list of subscriber data" with the SNPN identity of the current SNPN as invalid for 3GPP access until the UE is switched off or the entry is updated;
            In case of SNPN, if the UE supports access to an SNPN using credentials from a credentials holder, the UE shall consider the selected entry of the "list of subscriber data" as invalid for 3GPP access until the UE is switched off or the entry is updated;
         2. the UE shall set:
            • the counter for "SIM/USIM considered invalid for GPRS services" events and the counter for "SIM/USIM considered invalid for non-GPRS services" events if maintained by the UE, in case of PLMN; or
            • the counter for "the entry for the current SNPN considered invalid for 3GPP access" events in case of SNPN;
            to UE implementation-specific maximum value; and
         3. If the UE is operating in single-registration mode, the UE shall handle 4G-GUTI, TAI list and eKSI as specified in TS 24.301 for the case when the authentication procedure is not accepted by the network. The USIM shall be considered as invalid also for non-EPS services until switching off or the UICC containing the USIM is removed; and
      2. if the AUTHENTICATION REJECT message is received over non-3GPP access:
         1. the UE shall set the update status for non-3GPP access to 5U3 ROAMING NOT ALLOWED, delete for non-3GPP access only the stored 5G-GUTI, TAI list, last visited registered TAI and ngKSI. In case of PLMN, the USIM shall be considered invalid for 5GS services via non-3GPP access until switching off the UE or the UICC containing the USIM is removed. In case of SNPN, the UE shall consider the entry of the "list of subscriber data" with the SNPN identity of the current SNPN shall be considered invalid for non-3GPP access until the UE is switched off or the entry is updated; and
         2. the UE shall set the counter for "USIM considered invalid for 5GS services over non-3GPP access" events in case of PLMN or the counter for "the entry for the current SNPN considered invalid for non-3GPP access" events in case of SNPN to UE implementation-specific maximum value.
      If the UE is registered for onboarding services in SNPN or performing initial registration for onboarding services in SNPN, the UE shall:
      1. if the SNPN-specific attempt counter for the SNPN sending the AUTHENTICATION REJECT message has a value less than a UE implementation-specific maximum value, increment the SNPN-specific attempt counter for the SNPN; or
      2. otherwise, the UE shall set the update status to 5U3.ROAMING NOT ALLOWED, delete the stored 5G-GUTI, TAI list, last visited registered TAI, and ngKSI, store the SNPN identity in the "permanently forbidden SNPNs" list for onboarding services, enter state 5GMM-DEREGISTERED.PLMN-SEARCH, and perform an SNPN selection or an SNPN selection for onboarding services according to TS 23.122.

If the AUTHENTICATION REJECT message is received by the UE, the UE shall abort any 5GMM signalling procedure, stop any of the timers T3510, T3517, T3519 or T3521 (if they were running), enter state 5GMM-DEREGISTERED and delete any stored SUCI. Upon receiving an EAP-success message, the ME shall:

1. delete the valid KAUSF and the valid KSEAF, if any;
2. if the ME has not generated a new KAUSF and a new KSEAF and has not created a partial native 5G NAS security context when handling the EAP-request message which resulted into generation of EMSK or MSK as described above:
   1. if the UE operates in SNPN access operation mode and:
      1. the default UE credentials for primary authentication, if the UE is registering or registered for onboarding services in SNPN; or
      2. credentials in the selected entry of the "list of subscriber data", if the UE is not registering or registered for onboarding services in SNPN;
      contain an indication to use MSK for derivation of KAUSF after success of primary authentication and key agreement procedure then generate a new KAUSF from the MSK otherwise generate a new KAUSF from the EMSK;
   2. generate a new KSEAF from the new KAUSF, and the KAMF from the ABBA that was received with the EAP-success message, and the new KSEAF as described in TS 33.501;
   3. create a partial native 5G NAS security context identified by the ngKSI value in the volatile memory of the ME; and
   4. store the KAMF in the created partial native 5G NAS security context; and
3. consider the new KAUSF to be the valid KAUSF, and the new KSEAF to be the valid KSEAF, reset the SOR counter and the UE parameter update counter to zero, store the valid KAUSF, the valid KSEAF, the SOR counter and the UE parameter update counter as specified in Annex C, and use the valid KAUSF in the verification of SOR transparent container and UE parameters update transparent container, if any are received.

The UE shall consider the procedure complete. Upon receiving an EAP-failure message, the UE shall delete the partial native 5G NAS security context and shall delete the new KAUSF and the new KSEAF, if any were created when handling the EAP-request message which resulted into generation of EMSK or MSK as described above. The UE shall consider the procedure complete.

This subclause applies when an EAP method:

1. supporting mutual authentication;
2. supporting EMSK or MSK generation; and
3. other than EAP-AKA' and EAP-TLS;

is used for primary authentication and key agreement in an SNPN. The UE may support acting as EAP peer of such EAP method as specified in TS 33.501. The AUSF may support acting as EAP server of such EAP method as specified in TS 33.501. The AAA server of the CH or the DCS may support acting as EAP server of such EAP method as specified in TS 23.501. When initiating an EAP based primary authentication and key agreement procedure using such EAP method, the network shall select an ngKSI value. If an ngKSI is contained in an initial NAS message during a 5GMM procedure, the network shall select a different ngKSI value. The network shall send the selected ngKSI value to the UE along with each EAP message. The network shall send the ABBA value as described in subclause 9.11.3.10 to the UE along with the EAP-request message and EAP-success message. When the EAP based primary authentication and key agreement procedure uses such EAP method:

1. if:
   1. the default UE credentials for primary authentication, if the UE is registering or registered for onboarding services in SNPN; or
   2. credentials in the selected entry of the "list of subscriber data", if the UE is not registering or registered for onboarding services in SNPN;
   contain an indication to use MSK for derivation of KAUSF after success of primary authentication and key agreement procedure then the ME shall generate MSK as described in TS 33.501 otherwise the ME shall generate EMSK as described in TS 33.501;
2. if the AUSF acts as the EAP server, the AUSF shall generate EMSK as described in TS 33.501; and
3. if the AAA server of the CH or the DCS acts as the EAP server, the AAA server of the CH or the DCS shall generate MSK as described in TS 33.501.

When handling of an EAP-request message results into generation of MSK or EMSK, if:

1. the default UE credentials for primary authentication, if the UE is registering or registered for onboarding services in SNPN; or
2. credentials in the selected entry of the "list of subscriber data", if the UE is not registering or registered for onboarding services in SNPN;

contain an indication to use MSK for derivation of KAUSF after success of primary authentication and key agreement procedure then the ME may generate a new KAUSF from the MSK otherwise the ME may generate a new KAUSF from the EMSK. If the ME generates a new KAUSF, the ME shall generate a new KSEAF from the new KAUSF, and the KAMF from the ABBA received together with the EAP-request message, and the new KSEAF as described in TS 33.501, and create a partial native 5G NAS security context identified by the ngKSI value received together with the EAP-request message in subclause 5.4.1.2.4.2, in the volatile memory of the ME. If the KAMF and the partial native 5G NAS security context are created, the ME shall store the KAMF in the created partial native 5G NAS security context. The ME shall not use the new KAUSF in the verification of SOR transparent container and UE parameters update transparent container, if any are received, until receipt of an EAP-success message. When the AUSF acts as the EAP server and handling of an EAP response message results into generation of EMSK, the AUSF shall generate the KAUSF from the EMSK, and the KSEAF from the KAUSF as described in TS 33.501. If the UE fails to authenticate the network, the UE shall start timer T3520 when the AUTHENTICATION RESPONSE message containing the EAP-response message is sent. Furthermore, the UE shall stop any of the retransmission timers that are running (e.g. T3510, T3517 or T3521). Upon receiving an AUTHENTICATION REQUEST message with the EAP message IE containing an EAP-request message from the network, the UE shall stop timer T3520, if running, and then process the EAP-request message as normally. If the network fails to authenticate the UE, the network handling depends upon the type of identity used by the UE in the initial NAS message, that is:

• if the 5G-GUTI was used; or
• if the SUCI was used.

If the 5G-GUTI was used, the network should transport the EAP-failure message in the AUTHENTICATION RESULT message of the EAP result message transport procedure, initiate an identification procedure to retrieve SUCI from the UE and restart the EAP based primary authentication and key agreement procedure with the received SUCI. If the SUCI was used for identification in the initial NAS message or in a restarted EAP based primary authentication and key agreement procedure, or the network decides not to initiate the identification procedure to retrieve SUCI from the UE after an unsuccessful the EAP based primary authentication and key agreement procedure, the network should transport the EAP-failure message in an AUTHENTICATION REJECT message of the EAP result message transport procedure. If the EAP-failure message is received in an AUTHENTICATION REJECT message:

1. if the AUTHENTICATION REJECT message has been successfully integrity checked by the NAS:
   1. the UE shall set the update status to 5U3 ROAMING NOT ALLOWED, delete the stored 5G-GUTI, TAI list, last visited registered TAI and ngKSI.
      In case of SNPN, if the UE is neither registered for onboarding services in SNPN nor performing initial registration for onboarding services in SNPN and the UE does not support access to an SNPN using credentials from a credentials holder, the entry of the "list of subscriber data" with the SNPN identity of the current SNPN shall be considered invalid until the UE is switched off or the entry is updated;
      In case of SNPN, if the UE is neither registered for onboarding services in SNPN nor performing initial registration for onboarding services in SNPN and the UE supports access to an SNPN using credentials from a credentials holder, the UE shall consider the selected entry of the "list of subscriber data" as invalid until the UE is switched off or the entry is updated.
      In case of SNPN, if the UE is registered for onboarding services in SNPN or is performing initial registration for onboarding services in SNPN, the UE shall store the SNPN identity in the "permanently forbidden SNPNs" list for onboarding services, enter state 5GMM-DEREGISTERED.PLMN-SEARCH, and perform an SNPN selection or an SNPN selection for onboarding services according to TS 23.122; and
   2. if the UE is neither registered for onboarding services in SNPN nor performing initial registration for onboarding services in SNPN, the UE shall set the counter for "the entry for the current SNPN considered invalid for 3GPP access" events and the counter for "the entry for the current SNPN considered invalid for non-3GPP access" events in case of SNPN to UE implementation-specific maximum value.
      If the UE is registered for onboarding services in SNPN or performing initial registration for onboarding services in SNPN, the UE shall set the SNPN-specific attempt counter for the current SNPN to the UE implementation-specific maximum value; and
2. if the AUTHENTICATION REJECT message is received without integrity protection, the UE shall start timer T3247 with a random value uniformly drawn from the range between 30 minutes and 60 minutes, if the timer is not running (see subclause 5.3.20).
   Additionally, if the UE is neither registered for onboarding services in SNPN nor performing initial registration for onboarding services in SNPN, the UE shall:
   1. if the AUTHENTICATION REJECT message is received over 3GPP access, and the counter for "the entry for the current SNPN considered invalid for 3GPP access" events has a value less than a UE implementation-specific maximum value, proceed as specified in list item a) 1) of subclause 5.3.20.3 for the case that the 5GMM cause value received is #3;
   2. if the AUTHENTICATION REJECT message is received over non-3GPP access, and the counter for "the entry for the current SNPN considered invalid for non-3GPP access" events has a value less than a UE implementation-specific maximum value, proceed as specified in list item a)-2) of subclause 5.3.20.3 for the case that the 5GMM cause value received is #3; or
   3. otherwise:
      1. if the AUTHENTICATION REJECT message is received over 3GPP access:
         • the UE shall set the update status for 3GPP access to 5U3 ROAMING NOT ALLOWED, delete for 3GPP access only the stored 5G-GUTI, TAI list, last visited registered TAI and ngKSI;
           In case of SNPN, if the UE does not support access to an SNPN using credentials from a credentials holder, the entry of the "list of subscriber data" with the SNPN identity of the current SNPN shall be considered invalid for 3GPP access until the UE is switched off or the entry is updated;
           In case of SNPN, if the UE supports access to an SNPN using credentials from a credentials holder, the UE shall consider the selected entry of the "list of subscriber data" as invalid until the UE is switched off or the entry is updated; and
         • the UE shall set the counter for "the entry for the current SNPN considered invalid for 3GPP access" events to UE implementation-specific maximum value; and
      2. if the AUTHENTICATION REJECT message is received over non-3GPP access:
         • the UE shall set the update status for non-3GPP access to 5U3 ROAMING NOT ALLOWED, delete for non-3GPP access only the stored 5G-GUTI, TAI list, last visited registered TAI and ngKSI. The entry of the "list of subscriber data" with the SNPN identity of the current SNPN shall be considered invalid for non-3GPP access until the UE is switched off or the entry is updated; and
         • the UE shall set the counter for "the entry for the current SNPN considered invalid for non-3GPP access" events to UE implementation-specific maximum value.
      If the UE is registered for onboarding services in SNPN or performing initial registration for onboarding services in SNPN, the UE shall:
      1. if the SNPN-specific attempt counter for the SNPN sending the AUTHENTICATION REJECT message has a value less than a UE implementation-specific maximum value, increment the SNPN-specific attempt counter for the SNPN; or
      2. otherwise, the UE shall set the update status to 5U3.ROAMING NOT ALLOWED, delete the stored 5G-GUTI, TAI list, last visited registered TAI, and ngKSI, store the SNPN identity in the "permanently forbidden SNPNs" list for onboarding services, enter state 5GMM-DEREGISTERED.PLMN-SEARCH, and perform an SNPN selection or an SNPN selection for onboarding services according to TS 23.122.

If the AUTHENTICATION REJECT message is received by the UE, the UE shall abort any 5GMM signalling procedure, stop any of the timers T3510, T3517, T3519 or T3521 (if they were running), enter state 5GMM-DEREGISTERED and delete any stored SUCI. Upon receiving an EAP-success message, the ME shall:

1. delete the valid KAUSF and the valid KSEAF, if any;
2. if the ME has not generated a new KAUSF and a new KSEAF and has not created a partial native 5G NAS security context when handling the EAP-request message which resulted into generation of EMSK as described above:
   1. if:
      1. the default UE credentials for primary authentication, if the UE is registering or registered for onboarding services in SNPN; or
      2. credentials in the selected entry of the "list of subscriber data", if the UE is not registering or registered for onboarding services in SNPN;
      contain an indication to use MSK for derivation of KAUSF after success of primary authentication and key agreement procedure then generate a new KAUSF from the MSK otherwise generate a new KAUSF from the EMSK;
   2. generate a new KSEAF from the new KAUSF, and the KAMF from the ABBA that was received with the EAP-success message, and the KSEAF as described in TS 33.501;
   3. create a partial native 5G NAS security context identified by the ngKSI value in the volatile memory of the ME; and
   4. store the KAMF in the created partial native 5G NAS security context; and
3. consider the new KAUSF to be the valid KAUSF, and the new KSEAF to be the valid KSEAF, reset the SOR counter and the UE parameter update counter to zero, store the valid KAUSF, the valid KSEAF, the SOR counter and the UE parameter update counter as specified in Annex C, and use the valid KAUSF in the verification of SOR transparent container and UE parameters update transparent container, if any are received.

The UE shall consider the procedure complete. Upon receiving an EAP-failure message, the UE shall delete the partial native 5G NAS security context and shall delete the new KAUSF and the new KSEAF, if any were created when handling the EAP-request message which resulted into generation of EMSK or MSK as described above. The UE shall consider the procedure complete.

The UE may support acting as EAP peer of EAP-TTLS with two phases of authentication as specified in TS 33.501 and acting as peer of a legacy authentication protocol as specified in TS 33.501. The AUSF may support acting as EAP server of EAP-TTLS with two phases of authentication as specified in TS 33.501. The AAA server of the CH or the DCS may support acting a server of a legacy authentication protocol as specified in TS 33.501. When EAP-TTLS with two phases of authentication as specified in TS 33.501 is used for primary authentication and key agreement in an SNPN:

1. requirements in subclause 5.4.1.2.3A.1 shall apply in addition to requirements specified in TS 33.501 Annex U;
2. indication to use MSK for derivation of KAUSF after success of primary authentication and key agreement procedure is not included in:
   1. the default UE credentials for primary authentication, if the UE is registering or registered for onboarding services in SNPN; or
   2. credentials in the selected entry of the "list of subscriber data", if the UE is not registering or registered for onboarding services in SNPN; and
3. the SUPI of the UE is in the form of a SUPI with the SUPI format "network specific identifier" containing a network-specific identifier.

This subclause applies when an EAP method:

1. supporting mutual authentication; and
2. other than EAP-AKA',

is used for primary authentication of an N5GC device, when an W-AGF supports acting on behalf of the N5GC device, the AMF supports serving the W-AGF acting on behalf of the N5GC device and the AUSF supports authentication of the N5GC device. EAP-TLS is an example of such EAP method. The AUSF supporting authentication of the N5GC device shall support acting as EAP server of at least one such EAP method as specified in Annex O of TS 33.501. The N5GC device shall support acting as EAP peer of at least one such EAP method as specified in Annex O of TS 33.501, which is also supported by the AUSF. The W-AGF acting on behalf of the N5GC device provides to the N5GC device an EAP-request message, an EAP-success message or an EAP-failure message received from the network according to subclause 5.4.1.2.1 and sends to the network according to subclause 5.4.1.2.1 an EAP-response provided by the N5GC device. The N5GC device can inform the W-AGF acting on behalf of the N5GC device that the N5GC device fails to authenticate the network. Details of communication between the N5GC device and the W-AGF acting on behalf of the N5GC device are out of scope of this specification. When initiating an EAP based primary authentication and key agreement procedure using such EAP method, the network shall select an ngKSI value. The network shall send the selected ngKSI value to the W-AGF acting on behalf of the N5GC device along with each EAP message. The network shall send the ABBA value as described in subclause 9.11.3.10 to the W-AGF acting on behalf of the N5GC device along with the EAP-request message and EAP-success message. The W-AGF acting on behalf of the N5GC device shall not forward the ngKSI value or the ABBA value to the N5GC device. If the N5GC device fails to authenticate the network, the W-AGF acting on behalf of the N5GC device shall start timer T3520 when the AUTHENTICATION RESPONSE message containing the EAP-response message is sent. Furthermore, the W-AGF acting on behalf of the N5GC device shall stop any of the retransmission timers that are running (e.g. T3510, T3517 or T3521). Upon receiving an AUTHENTICATION REQUEST message with the EAP message IE containing an EAP-request message from the network, the W-AGF acting on behalf of the N5GC device shall stop timer T3520, if running, and then provides the EAP-request message to the N5GC device as normally. If the network fails to authenticate the N5GC device, the network handling depends upon the type of identity used by the W-AGF acting on behalf of the N5GC device in the initial NAS message, that is:

1. if the 5G-GUTI was used; or
2. if the SUCI was used.

If the 5G-GUTI was used, the network should transport the EAP-failure message in the AUTHENTICATION RESULT message of the EAP result message transport procedure, initiate an identification procedure to retrieve SUCI from the W-AGF acting on behalf of the N5GC device and restart the EAP based primary authentication and key agreement procedure with the received SUCI. If the SUCI was used for identification in the initial NAS message or in a restarted EAP based primary authentication and key agreement procedure, or the network decides not to initiate the identification procedure to retrieve SUCI from the W-AGF acting on behalf of the N5GC device after an unsuccessful EAP based primary authentication and key agreement procedure, the network should transport the EAP-failure message in an AUTHENTICATION REJECT message of the EAP result message transport procedure. If the EAP-failure message is received in an AUTHENTICATION REJECT message, the W-AGF acting on behalf of the N5GC device shall start timer T3247 with a random value uniformly drawn from the range between 30 minutes and 60 minutes, if the timer is not running (see subclause 5.3.20). Additionally, the W-AGF acting on behalf of the N5GC device shall:

1. if the counter for "USIM considered invalid for 5GS services over non-3GPP access" events has a value less than a W-AGF implementation-specific maximum value, proceed as specified in list item 1)-b) of subclause 5.3.20.2 for the case that the 5GMM cause value received is #3; or
2. otherwise, set the update status to 5U3 ROAMING NOT ALLOWED, delete the stored 5G-GUTI, TAI list, last visited registered TAI and ngKSI. The USIM shall be considered invalid for 5GS services via non-3GPP access until switching off or the UICC containing the USIM is removed.

If the AUTHENTICATION REJECT message is received by the W-AGF acting on behalf of the N5GC device, the W-AGF acting on behalf of the N5GC device shall abort any 5GMM signalling procedure, stop any of the timers T3510, T3517, T3519 or T3521 (if they were running), enter state 5GMM-DEREGISTERED and delete any stored SUCI. Upon receiving an EAP-success message, the W-AGF acting on behalf of the N5GC device shall consider the procedure complete. Upon receiving an EAP-failure message, the W-AGF acting on behalf of the N5GC device shall consider the procedure complete.

The purpose of the EAP message reliable transport procedure is to provide a reliable transport of an EAP-request message, the ngKSI and the ABBA from the network to the UE and of an EAP-response message from the UE to the network. The EAP message reliable transport procedure is initiated by an AUTHENTICATION REQUEST message with the EAP message IE.

In order to initiate the EAP message reliable transport procedure, the AMF shall create an AUTHENTICATION REQUEST message. The AMF shall set the EAP message IE of the AUTHENTICATION REQUEST message to the EAP-request message to be sent to the UE. The AMF shall set the ngKSI IE of the AUTHENTICATION REQUEST message to the ngKSI value selected in subclause 5.4.1.2.2.2, subclause 5.4.1.2.3.1 or subclause 5.4.1.2.3A.1. In this release of specification, the AMF shall set the ABBA IE of the AUTHENTICATION REQUEST message with the length of ABBA IE to 2 and the ABBA contents to be 2 octets in length with value 0000H as described in subclause 9.11.3.10. The AMF shall send the AUTHENTICATION REQUEST message to the UE, and the AMF shall start timer T3560 (see example in Figure 5.4.1.2.4.2.1).

Upon receipt of an AUTHENTICATION REQUEST message with the EAP message IE, the UE handles the EAP message received in the EAP message IE and the ABBA of the AUTHENTICATION REQUEST message.

The UE shall create an AUTHENTICATION RESPONSE message. If the received EAP message is an EAP-request message, the UE shall set the EAP message IE of the AUTHENTICATION RESPONSE message to the EAP-response message responding to the received EAP-request message. The UE shall send the AUTHENTICATION RESPONSE message to the AMF. Upon receipt of an AUTHENTICATION RESPONSE message, the AMF shall stop timer T3560. If the EAP message IE is included in the AUTHENTICATION RESPONSE message, the AMF handles the EAP message received in the EAP message IE of the AUTHENTICATION RESPONSE message.

The following abnormal cases can be identified:

1. Expiry of timer T3560.
   The AMF shall, on the first expiry of the timer T3560, retransmit the AUTHENTICATION REQUEST message and shall reset and start timer T3560. This retransmission is repeated four times, i.e. on the fifth expiry of timer T3560, the AMF shall abort the EAP based primary authentication and key agreement procedure and any ongoing 5GMM specific procedure, and release the N1 NAS signalling connection.
2. Lower layers indication of non-delivered NAS PDU due to handover.
   If the AUTHENTICATION REQUEST message could not be delivered due to an intra AMF handover and the target TA is included in the TAI list, then upon successful completion of the intra AMF handover the AMF shall retransmit the AUTHENTICATION REQUEST message. If a failure of handover procedure is reported by the lower layer and the N1 NAS signalling connection exists, the AMF shall retransmit the AUTHENTICATION REQUEST message.

The following abnormal cases can be identified:

1. Authentication failure (5GMM cause #71 "ngKSI already in use").
   The UE shall send an AUTHENTICATION FAILURE message, with 5GMM cause #71 "ngKSI already in use", to the network and start the timer T3520 (see example in Figure 5.4.1.3.7.1). Furthermore, the UE shall stop any of the retransmission timers that are running (e.g. T3510, T3517 or T3521). Upon the first receipt of an AUTHENTICATION FAILURE message from the UE with 5GMM cause #71 "ngKSI already in use", the network performs necessary actions to select a new ngKSI and send the same EAP-request message to the UE.
   Upon receiving a new AUTHENTICATION REQUEST message with the EAP message IE containing an EAP-request message from the network, the UE shall stop timer T3520, if running, process the EAP-request message as normal.
   If the network is validated successfully (an AUTHENTICATION REQUEST message that contains a valid ngKSI and EAP-request message is received), the UE shall send the AUTHENTICATION RESPONSE message to the network and shall start any retransmission timers (e.g. T3510, T3517 or T3521) if they were running and stopped when the UE received the first failed AUTHENTICATION REQUEST message.
2. Transmission failure of AUTHENTICATION RESPONSE message or AUTHENTICATION FAILURE message indication from lower layers (if the EAP based primary authentication and key agreement procedure is triggered by a registration procedure).
   The UE shall stop the timer T3520, if running, and re-initiate the registration procedure.
3. Transmission failure of AUTHENTICATION RESPONSE message or AUTHENTICATION FAILURE message indication with change in the current TAI (if the EAP based primary authentication and key agreement procedure is triggered by a service request procedure).
   The UE shall stop the timer T3520, if running.
   If the current TAI is not in the TAI list, the EAP based primary authentication and key agreement procedure shall be aborted and a registration procedure for mobility and periodic registration update shall be initiated.
   If the current TAI is still part of the TAI list, it is up to the UE implementation how to re-run the ongoing procedure that triggered the EAP based primary authentication and key agreement procedure.
4. Transmission failure of AUTHENTICATION RESPONSE message or AUTHENTICATION FAILURE message indication without change in the current TAI (if the authentication procedure is triggered by a service request procedure).
   The UE shall stop the timer T3520, if running. It is up to the UE implementation how to re-run the ongoing procedure that triggered the EAP based primary authentication and key agreement procedure.
5. Network failing the authentication check.
   If the UE deems that the network has failed the authentication check, then it shall request RRC to locally release the RRC connection and treat the active cell as barred (see TS 38.304 or TS 36.304). The UE shall start any retransmission timers (e.g. T3510, T3517 or T3521), if they were running and stopped when the UE received the first AUTHENTICATION REQUEST message containing an ngKSI that was already in use.
6. Change in the current TAI.
   If that the current TAI is not in the TAI list before the AUTHENTICATION RESPONSE message is sent, the UE may discard sending the AUTHENTICATION RESPONSE message to the network and continue with the initiation of the registration procedure for mobility and periodic registration update as described in subclause 5.5.1.3.2.

For item e, if no emergency service is started or is ongoing: For item e if there is an emergency service started or is ongoing:

The purpose of the EAP result message transport procedure is to provide an EAP-success message or an EAP-failure message, and ngKSI from the network to the UE, when the EAP message cannot be piggybacked by another NAS message. The EAP result message transport procedure is initiated:

• by an AUTHENTICATION RESULT message with the EAP message IE carrying the EAP-success message or the EAP-failure message; or
• by an AUTHENTICATION REJECT message with the EAP message IE carrying the EAP-failure message.

In order to initiate the EAP result message transport procedure, the AMF shall create an AUTHENTICATION RESULT message or an AUTHENTICATION REJECT message. The AMF shall set the EAP message IE of the AUTHENTICATION RESULT message to an EAP-success message or an EAP-failure message to be sent to the UE. The AMF shall set the EAP message IE of the AUTHENTICATION REJECT message to an EAP-failure message to be sent to the UE. The AMF shall set the ngKSI IE of the AUTHENTICATION RESULT message or the AUTHENTICATION REJECT message to the ngKSI value selected in subclause 5.4.1.2.2.2, subclause 5.4.1.2.3.1 or subclause 5.4.1.2.3A.1. The AMF shall send the AUTHENTICATION RESULT message or the AUTHENTICATION REJECT message to the UE (see example in Figure 5.4.1.2.5.2.1).

Upon receipt of an AUTHENTICATION RESULT message or an AUTHENTICATION REJECT message with the EAP message IE, the UE handles the EAP message received in the EAP message IE and the ABBA if received of the AUTHENTICATION RESULT message or in the AUTHENTICATION REJECT message.