The following procedure is used optionally by the gNB to periodically perform a local authentication. At the same time, the amount of data sent during the AS connection is periodically checked by the gNB and the UE for both up and down streams. If UE receives the Counter Check request, it shall respond with Counter Check Response message.
The gNB is monitoring the PDCP COUNT values associated to each radio bearer. The procedure is triggered whenever any of these values reaches a critical checking value. The granularity of these checking values and the values themselves are defined by the visited network. All messages in the procedure are integrity protected.
When a checking value is reached (e.g. the value in some fixed bit position in the hyperframe number is changed), a Counter Check message is sent by the gNB. The Counter Check message contains the most significant parts of the PDCP COUNT values (which reflect amount of data sent and received) from each active radio bearer.
If the gNB receives a counter check response message that does not contain any PDCP COUNT values, the procedure ends. If the gNB receives a counter check response that contains one or several PDCP COUNT values, the gNB may release the connection or report the difference of the PDCP COUNT values for the serving AMF or O&M server for further traffic analysis for e.g. detecting the attacker.