Ø If the SECURITY MODE COMMAND message can be acceptable to the UE, then the UE shall send a SECURITY MODE COMPLETE message to the network
Ø If the MME requests IMEISV in the SECURITY MODE COMMAND message then the UE shall include its IMEISV in the SECURITY MODE COMPLETE message
Ø The SECURITY MODE COMPLETE message shall be integrity protected with the selected NAS integrity algorithm and the EPS NAS integrity key based on the KASME/K'ASME
Ø Also, the UE shall cipher the SECURITY MODE COMPLETE message with the selected NAS ciphering algorithm and the EPS NAS ciphering key based on the KASME/K'ASME
Ø After sending SECURITY MODE COMPLETE message, the UE shall cipher and integrity protect all the subsequent NAS messages with the selected NAS ciphering and integrity algorithms respectively
Ø After receiving SECURITY MODE COMPLETE message, the MME shall integrity protect and encipher all signalling messages with the selected NAS integrity and ciphering algorithms respectively
Reference: 3GPP TS 24.301
Example: SECURITY MODE COMPLETE
Can the eNB request IMEISV within an Identity Request message prior to the security mode?
ReplyDeleteThe MME may include "IMEISV request" IE in the SECURITY MODE COMMAND message to request the UE to send its IMEISV with the corresponding SECURITY MODE COMPLETE message.
ReplyDeleteSo I don't think that there is a need for this to be part of Identity procedure. Do you have any experience of this?