FORM 2
THE PATENTS ACT, 1970 (39 OF 1970) & THE PATENT RULES, 2003
COMPLETE SPECIFICATION
(See section 10 and rule 13)

“A METHOD AND A SYSTEM FOR USER EQUIPMENT RECOVERY POST INTEGRITY VALIDATION FAILURE”
We, Jio Platforms Limited, an Indian National, of Office - 101, Saffron, Nr. Centre Point, Panchwati 5 Rasta, Ambawadi, Ahmedabad - 380006, Gujarat, India.
The following specification particularly describes the invention and the manner in which it is to be performed.

A METHOD AND A SYSTEM FOR USER EQUIPMENT RECOVERY POST INTEGRITY VALIDATION FAILURE
FIELD OF THE DISCLOSURE
5
[0001] The present disclosure relates generally to the field of wireless communication systems. More particularly, the present disclosure relates to a method and a system for user equipment recovery post integrity validation failure.
10 BACKGROUND
[0002] The following description of related art is intended to provide background information pertaining to the field of the disclosure. This section may include certain aspects of the art that may be related to various features of the present disclosure. However, 15 it should be appreciated that this section be used only to enhance the understanding of the reader with respect to the present disclosure, and not as admissions of prior art.
[0003] Wireless communication technology has rapidly evolved over the past few decades, with each generation bringing significant improvements and advancements. The 20 first generation of wireless communication technology was based on analog technology and offered only voice services. However, with the advent of the second-generation (2G) technology, digital communication and data services became possible, and text messaging was introduced. Further, the third-generation (3G) technology marked the introduction of high-speed internet access, mobile video calling, and location-based services. The fourth-25 generation (4G) technology revolutionized wireless communication with faster data speeds, better network coverage, and improved security. Currently, the fifth-generation (5G) technology is being deployed, promising even faster data speeds, low latency, and the ability to connect multiple devices simultaneously. With each generation, wireless communication technology has become more advanced, sophisticated, and capable of 30 delivering more services to its users.
[0004] In a communication network (typically in wireless networks such as 5G), the handling of a downlink sequence number (DL SN) mismatch plays an important role. The DL SN refers to a unique identifier assigned to each packet transmitted from the base
2

station (eNodeB or gNB) to the user equipment/ user device (UE). The handling of the downlink sequence number ensures reliability and integrity of data transmission in the wireless communication network by detecting mismatch between the sequence numbers of received downlink packets which may occur due to packet loss, corruption, out of order 5 delivery. This enables the network operators to retransmit and recover missing or corrupted packets from the transceivers. The handling also helps in resynchronization of the sequence number with the transmitting end to align subsequent packet reception correctly. An example of the prevalent handling for downlink sequence number mismatch (integrity validation failure at UE end) in conventional network is illustrated in Fig. 2. The downlink
10 sequence number mismatch (or integrity validation failure at UE end) refers to a situation when the UE detects that the integrity protection of received data packets are compromised. For addressing the mismatch, the UE generally follows predefined procedures that may involve retransmission request, failure notification, and taking appropriate security measures. The method [200] for handling downlink sequence number mismatch
15 conventionally in a network starts at step [202]. At step [204], a user equipment (UE) initiates a mobility request (MR)/a Periodic request (PR)/a Service request (SR) to an access and mobility management function (AMF). It is to be noted that the AMF manages a control plane of the 5G network, which is responsible for signaling and network management. The AMF ensures that one or more signaling messages are transmitted
20 correctly between one or more network functions and that one or more network resources are managed efficiently. Further, the mobility request (MR) is a request which is sent by the UE when it needs to handover (i.e., transfer an ongoing call or data session for ensuring continuous connectivity) its connection from one cell/ network node (eNodeB or gNB) to another. The MR request is triggered when the UE detects that the quality of the current
25 connection is degrading, or in scenarios where the UE ends up finding a better-serving cell/ node having stronger signal strength and improved performance. Basis the MR, the network decides whether to perform the handover in order to maintain seamless connectivity for the UE. The periodic request (PR) is often sent by the UE at regular intervals to inform the network about its presence and readiness to receive services. The PR in the network keeps
30 track of active UEs within its coverage area and optimizes resource allocation. The PR is often sent when the UE is not actively transmitting data thereby ensuring continuous monitoring and management of network resources. The service request (SR) is sent by the UE when it needs to establish a new connection or request specific services from the network. This may include initiating a call, sending a text message, or requesting data
3

transfer. The Service requests are triggered by user actions sitting on the UEs for setting up communication sessions between the UE and the network. At step [206], AMF implemented by a server sends an Initial Context Setup Request (ICSR/ ICS request) to radio access network (RAN) with registration/service accept non-access stratum (NAS) 5 message. It is important to note that the ICS request is part of the procedure for setting up the initial radio context between the UE and the network, enabling a subsequent data transmission and a communication services. The ICS request is a message used in the establishment of a radio connection between the UE and the base station (eNodeB or gNB) of the communication network. It is initiated by the UE and includes parameters that may
10 include UE identity, requested Quality of Service (QoS) etc. It is further important to note that the NAS message is a signaling message/s exchanged between the UE and the network. The NAS messages carry out functions including but limited to mobility management, session management, security, and network access control. For instance, the NAS message may include Attach Request, Authentication Request, Service Request, and Security Mode
15 Command. The NAS messages are often transmitted over the air interface between the UE and the core network's AMF. At step [208], the downlink sequence number and downlink overflow count values along with integrity keys stored at AMF is used to calculate a first Message Authentication Code (MAC) number, in a known way and send with registration/service accept NAS message. It is emphasized that the downlink overflow
20 count (DL-OC) values are used to track the number of times the downlink control channel (PDCCH) reaches its maximum capacity and experiences overflow. These values are included in system information broadcasts and are used by the UE to adjust their reception parameters accordingly. With the help of the DL-OC values, the UE can optimize their reception strategies to mitigate congestion and improve overall network performance. It is
25 also emphasized that an integrity key may include an integrity protection keys for various functions of the network such as an user plane data, a control plane signaling messages, an authentication vectors used during an authentication procedures, and downlink data integrity protection. The integrity keys ensure the confidentiality, integrity, and authenticity of data and signaling messages exchanged between the UE and core components of the
30 network. They play a crucial role in securing the communication links and protecting against an unauthorized access and a malicious attack. It is also to be noted that the MAC number is a cryptographic checksum generated using a secret key (like an integrity key) and a message. The MAC number is used for ensuring the integrity and authenticity of transmitted data, providing a way to verify that the message has not been tampered with or
4

altered during transmission. At step [210], a second MAC number is calculated with stored downlink sequence number/overflow downlink counter and integrity key and at the UE. At step [212], the first MAC number is calculated at AMF and the second MAC number is calculated at UE and then the first MAC number and second MAC number are 5 compared/matched at the UE. If the match is not found, then integrity validation fails at the UE end. At step [214], the UE re-transmits the mobility request (MR)/Periodic request (PR)/Service request (SR) to the AMF for a predefined number of times. At step [216], if the registration accept/service accept is not accepted by the UE for a predefined number of times, the UE re-registers with the AMF. The method [200] for handling downlink 10 sequence mismatch ends at step [218].
[0005] In the aforementioned method [200], the UE re-transmits the mobility request (MR)/Periodic request (PR)/Service request (SR), post the integrity validation failure at the UE end, for a predefined number of times and thereafter initiates initial registration (steps 15 [216] and [218]) resulting in increased network traffic. The increase in network traffic places undesired load on the network which hinders both performance and capacity of the network. Moreover, the aforementioned process is resource intensive and time consuming from the UE recovery point of view, as the UE invariably has to cycle through the predefined number of attempts before initiating re-registration.
20
[0006] Thus, there exists an imperative need in the art to immediately recover UE post integrity validation failure, which the present disclosure aims to address.
OBJECTS OF THE DISCLSOURE
25
[0007] Some of the objects of the present disclosure, which at least one embodiment disclosed herein satisfies are listed herein below.
[0008] It is an object of the present disclosure to provide a system and a method for user 30 equipment recovery post integrity validation failure.
[0009] It is another object of the present disclosure to provide a solution that recovers UE post integrity validation failure, without needing to cycle through pre-defined number of mobility request (MR)/Periodic request (PR)/Service request (SR).
5

[0010] It is yet another object of the present disclosure to provide a solution that reduces network load.
5 [0011] It is yet another object of the present disclosure to provide a solution that improves performance and capacity of the network.
SUMMARY
10 [0012] This section is provided to introduce certain aspects of the present disclosure in a simplified form that are further described below in the detailed description. This summary is not intended to identify the key features or the scope of the claimed subject matter.
[0013] An aspect of the present disclosure relates to a method for user equipment recovery
15 post integrity validation failure. The method comprises receiving at an access and mobility management function (AMF) module, by a first transceiver unit from a user device, a trigger procedure for initiating an initial context setup (ICS) request, wherein the initial context setup request is one of a periodic request, a service request, and a mobility request. The method further comprises sending, by the first transceiver unit at the AMF module to
20 a second transceiver unit at a connected network, the ICS request with one of a registration accept non-access stratum (NAS) message, and a service accept NAS message, wherein the connected network is a wireless communication network with which the user device is connected. The method further comprises calculating at the AMF module, by an analysis unit, a first media access control (MAC) number based on at least one of a downlink
25 sequence number stored at a storage unit, a downlink overflow count value stored at the storage unit and a set of integrity keys stored at the storage unit. Further, the method comprises transmitting at the AMF module, by the first transceiver unit to the user device, the first MAC number for matching with a second MAC number, wherein the second MAC number is calculated based on at least one of a downlink sequence number stored at the
30 user device, a downlink overflow count stored at the user device, and a set of integrity keys stored at the user device. The method further comprises receiving at the AMF module, by the first transceiver unit from the user device, a fifth-generation mobility management (5GMM) status message in an event of mismatch between the first MAC number and the second MAC number. The method further comprises storing at the AMF module, by the
6

storage unit, the 5GMM status message in a user context associated with the user device. Further, the method comprises receiving at the AMF module, by the first transceiver unit from the user device, the trigger procedure for reinitiating the ICS request. Thereafter, the method comprises initiating at the AMF module, by a loading unit, one of: a performance 5 of an authentication procedure, and a service reject procedure, wherein the performance of the authentication procedure is initiated in an event the user device re-transmits one of the mobility request and the periodic request, and the service reject procedure is initiated in an event the user device re-transmits the service request, the service reject procedure comprising sending, by the first transceiver unit, a service reject indication to the user 10 device with a cause message.
[0014] Further according to an aspect of the present disclosure, the performance of the authentication procedure comprises calculating at the AMF module, by the analysis unit, the first media access control (MAC) number based on at least one of the downlink
15 sequence number stored at the storage unit and associated with the reinitiated ICS request, the downlink overflow count value stored at the storage unit and associated with the reinitiated ICS request, and the set of integrity keys stored at the storage unit and associated with the reinitiated ICS request. Further, the performance of the authentication procedure comprises transmitting at the AMF module, by the first transmitter unit to the user device,
20 the first MAC number for matching with the second MAC number, wherein the second MAC number is calculated based on at least one of the downlink sequence numbers stored at the user device, the downlink overflow count stored at the user device, and the set of integrity keys stored at the user device. Thereafter, the performance of the authentication procedure comprises receiving at the AMF module, by the first transceiver unit from the
25 user device, a status message, wherein the status message is based on a result of the matching between the first MAC number and the second MAC number, wherein the result is one of a success match result and a mismatch result.
[0015] Further, according to an aspect of the present disclosure, the performance of the 30 authentication procedure further comprises resetting at the AMF module, by the loading unit, a security data, using security mode command (SMC) message.
[0016] Further according to an aspect of the present disclosure, the security data comprises an uplink sequence number associated with the reinitiated ICS request, the downlink
7

sequence number associated with the reinitiated ICS request, an uplink overflow count associated with the reinitiated ICS request, the downlink overflow count associated with the reinitiated ICS request, the set of integrity keys associated with the reinitiated ICS request, and a cipher key associated with the reinitiated ICS request.
5
[0017] Further according to an aspect of the present disclosure, the storing at the AMF module, by the storage unit, the 5GMM status message in a user context associated with the user device further comprises storing a cause detail related to the 5GMM status message.
10
[0018] Further according to an aspect of the present disclosure, the trigger procedure for initiating the ICS request is related to one of a periodic request, a service request, and a mobility request.
15 [0019] Another aspect of the present disclosure relates to a system for user equipment recovery post integrity validation failure. The system comprises a first transceiver unit configured to receive, from a user device, a trigger procedure for initiating an initial context setup (ICS) request, wherein the initial context setup request is one of a periodic request, a service request, and a mobility request. Further, the first transceiver unit is configured to
20 send, to a second transceiver unit at a connected network, the ICS request with one of a registration accept non-access stratum (NAS) message, and a service accept NAS message, wherein the connected network is a wireless communication network with which the user device is connected. The system further comprises an analysis unit connected to at least the first transceiver unit, wherein the analysis unit is configured to calculate, a first media
25 access control (MAC) number based on at least one of a number stored at a storage unit connected to the analysis unit, a downlink overflow count value stored at the storage unit and a set of integrity keys stored at the storage unit. The first transceiver unit of the system is further configured to transmit, to the user device, the first MAC number for matching with a second MAC number, wherein the second MAC number is calculated based on at
30 least one of a downlink sequence number stored at the user device, a downlink overflow count stored at the user device, and a set of integrity keys stored at the user device. The first transceiver unit is further configured receive, from the user device, a fifth-generation mobility management (5GMM) status message in an event of mismatch between the first MAC number and the second MAC number. The system further comprises the storage unit
8

connected to at least the analysis unit configured to store, the 5GMM status message in a user context associated with the user device. The first transceiver unit of the system is further configured to receive, from the user device, the trigger procedure for reinitiating the ICS request. Thereafter, the system comprises a loading unit connected to the storage unit, 5 wherein the loading unit is configured to initiate, one of: a performance of an authentication procedure, and a service reject procedure, wherein the performance of the authentication procedure is initiated in an event the user device re-transmits one of the mobility request and the periodic request, and the service reject procedure is initiated in an event the user device re-transmits the service request, the service reject procedure comprising sending, by 10 the first transceiver unit, a service reject indication to the user device with a cause message.
[0020] Yet another aspect of the present disclosure relates to a non-transitory computer readable storage medium storing instruction for user equipment recovery post integrity validation failure. The storage medium comprises executable code which, when executed
15 by one or more units of a system may cause, a first transceiver unit to: receive, from a user device, a trigger procedure for initiating an initial context setup (ICS) request, wherein the initial context setup request is one of a periodic request, a service request, and a mobility request, and send, to a second transceiver unit at a connected network, the ICS request with one of a registration accept non-access stratum (NAS) message, and a service accept NAS
20 message, wherein the connected network is a wireless communication network with which the user device is connected; the analysis unit to calculate, a first media access control (MAC) number based on at least one of a downlink sequence number stored at a storage unit connected to the analysis unit, a downlink overflow count value stored at the storage unit and a set of integrity keys stored at the storage unit; the first transceiver unit to transmit,
25 to the user device, the first MAC number for matching with a second MAC number, wherein the second MAC number is calculated based on at least one of a downlink sequence number stored at the user device, a downlink overflow count stored at the user device, and a set of integrity keys stored at the user device; the first transceiver unit to receive, from the user device, a fifth generation mobility management (5GMM) status
30 message in an event of mismatch between the first MAC number and the second MAC number; the storage unit to store, the 5GMM status message in a user context associated with the user device; the first transceiver unit to receive, from the user device, the trigger procedure for reinitiating the ICS request; and a loading unit to initiate, one of: a performance of an authentication procedure, and a service reject procedure, wherein the
9

performance of the authentication procedure is initiated in an event the user device re-transmits one of the mobility request and the periodic request, and the service reject procedure is initiated in an event the user device re-transmits the service request, the service reject procedure comprising sending, by the first transceiver unit, a service reject indication 5 to the user device with a cause message.
BRIEF DESCRIPTION OF DRAWINGS
[0021] The accompanying drawings, which are incorporated herein, and constitute a part 10 of this disclosure, illustrate exemplary embodiments of the disclosed methods and systems
in which like reference numerals refer to the same parts throughout the different drawings.
Components in the drawings are not necessarily to scale, emphasis instead being placed
upon clearly illustrating the principles of the present disclosure. Some drawings may
indicate the components using block diagrams and may not represent the internal circuitry 15 of each component. It will be appreciated by those skilled in the art that disclosure of such
drawings includes disclosure of electrical components, electronic components or circuitry
commonly used to implement such components.
[0022] FIG. 1A illustrates an exemplary block diagram representation of a 5th generation 20 core (5GC) network architecture.
[0023] FIG. 1B illustrates an exemplary block diagram comprising a system [100] for user equipment recovery post integrity validation failure, in accordance with exemplary embodiments of the present disclosure.
25
[0024] FIG. 2 illustrates an exemplary method [200] flow diagram indicating the process for handling downlink sequence number mismatch in conventional network.
[0025] FIG. 3 illustrates an exemplary method [300] flow diagram indicating the process 30 for user equipment recovery post integrity validation failure, in accordance with exemplary embodiments of the present disclosure.
[0026] The foregoing shall be more apparent from the following more detailed description of the disclosure.
10

DETAILED DESCRIPTION
[0027] In the following description, for the purposes of explanation, various specific 5 details are set forth in order to provide a thorough understanding of embodiments of the present disclosure. It will be apparent, however, that embodiments of the present disclosure may be practiced without these specific details. Several features described hereafter can each be used independently of one another or with any combination of other features. An individual feature may not address any of the problems discussed above or might address 10 only some of the problems discussed above. Some of the problems discussed above might not be fully addressed by any of the features described herein. Example embodiments of the present disclosure are described below, as illustrated in various drawings in which like reference numerals refer to the same parts throughout the different drawings.
15 [0028] The ensuing description provides exemplary embodiments only, and is not intended to limit the scope, applicability, or configuration of the disclosure. Rather, the ensuing description of the exemplary embodiments will provide those skilled in the art with an enabling description for implementing an exemplary embodiment. It should be understood that various changes may be made in the function and arrangement of elements
20 without departing from the spirit and scope of the disclosure as set forth.
[0029] It should be noted that the terms "mobile device", "user equipment", "user device", “communication device”, “device” and similar terms are used interchangeably for the purpose of describing the disclosure. These terms are not intended to limit the scope of the 25 disclosure or imply any specific functionality or limitations on the described embodiments. The use of these terms is solely for convenience and clarity of description. The disclosure is not limited to any particular type of device or equipment, and it should be understood that other equivalent terms or variations thereof may be used interchangeably without departing from the scope of the disclosure as defined herein.
30
[0030] Specific details are given in the following description to provide a thorough understanding of the embodiments. However, it will be understood by one of ordinary skill in the art that the embodiments may be practiced without these specific details. For example, circuits, systems, networks, processes, and other components may be shown as
11

components in block diagram form in order not to obscure the embodiments in unnecessary detail. In other instances, well-known circuits, processes, algorithms, structures, and techniques may be shown without unnecessary detail in order to avoid obscuring the embodiments.
5
[0031] Also, it is noted that individual embodiments may be described as a process which is depicted as a flowchart, a flow diagram, a data flow diagram, a structure diagram, or a block diagram. Although a flowchart may describe the operations as a sequential process, many of the operations can be performed in parallel or concurrently. In addition, the order 10 of the operations may be re-arranged. A process is terminated when its operations are completed but could have additional steps not included in a figure.
[0032] The word “exemplary” and/or “demonstrative” is used herein to mean serving as an example, instance, or illustration. For the avoidance of doubt, the subject matter
15 disclosed herein is not limited by such examples. In addition, any aspect or design described herein as “exemplary” and/or “demonstrative” is not necessarily to be construed as preferred or advantageous over other aspects or designs, nor is it meant to preclude equivalent exemplary structures and techniques known to those of ordinary skill in the art. Furthermore, to the extent that the terms “includes,” “has,” “contains,” and other similar
20 words are used in either the detailed description or the claims, such terms are intended to be inclusive—in a manner similar to the term “comprising” as an open transition word— without precluding any additional or other elements.
[0033] As used herein, an “electronic device”, or “portable electronic device”, or “user 25 device” or “communication device” or “user equipment” or “device” refers to any electrical, electronic, electromechanical and computing device. The user device is capable of receiving and/or transmitting one or parameters, performing function/s, communicating with other user devices and transmitting data to the other user devices. The user equipment may have a processor, a display, a memory, a battery and an input-means such as a hard 30 keypad and/or a soft keypad. The user equipment may be capable of operating on any radio access technology including but not limited to IP-enabled communication, Zig Bee, Bluetooth, Bluetooth Low Energy, Near Field Communication, Z-Wave, Wi-Fi, Wi-Fi direct, etc. For instance, the user equipment may include, but not limited to, a mobile phone, smartphone, virtual reality (VR) devices, augmented reality (AR) devices, laptop, a
12

general-purpose computer, desktop, personal digital assistant, tablet computer, mainframe computer, or any other device as may be obvious to a person skilled in the art for implementation of the features of the present disclosure.
5 [0034] Further, the user equipment (UE) may also comprise a “processor” or “processing unit” includes processing unit, wherein processor refers to any logic circuitry for processing instructions. The processor may be a general-purpose processor, a special purpose processor, a conventional processor, a digital signal processor, a plurality of microprocessors, one or more microprocessors in association with a DSP core, a controller, 10 a microcontroller, Application Specific Integrated Circuits, Field Programmable Gate Array circuits, any other type of integrated circuits, etc. The processor may perform signal coding data processing, input/output processing, and/or any other functionality that enables the working of the system according to the present disclosure. More specifically, the processor is a hardware processor.
15
[0035] As portable electronic devices and wireless technologies continue to improve and grow in popularity, the advancing wireless technologies for data transfer are also expected to evolve and replace the older generations of technologies. In the field of wireless data communications, the dynamic advancement of various generations of cellular technology 20 are also seen. The development, in this respect, has been incremental in the order of second generation (2G), third generation (3G), fourth generation (4G), and now fifth generation (5G), and more such generations are expected to continue in the forthcoming time.
[0036] Radio Access Technology (RAT) refers to the technology used by a mobile 25 devices/ user equipment (UE) to connect to a cellular network. It refers to the specific protocol and standards that govern the way devices communicate with one or more base stations, which are responsible for providing a wireless connection. Further, each RAT has its own set of protocols and standards for communication, which define a frequency bands, a modulation technique, and other parameters used for transmitting and receiving a data. 30 Examples of RATs include GSM (Global System for Mobile Communications), CDMA (Code Division Multiple Access), UMTS (Universal Mobile Telecommunications System), LTE (Long-Term Evolution), and 5G. The choice of RAT depends on a variety of factors, including a network infrastructure, an available spectrum, and the mobile device(s) capabilities. The Mobile device(s) often support multiple RATs, allowing them to connect
13

to different types of networks and provide optimal performance based on the available network resources.
[0037] All modules, units, components used herein or unit(s) that are a part of system 5 [100] may be software modules configured via hardware modules/processors, or hardware modules or hardware processors, the processors being a general-purpose processor, a special purpose processor, a conventional processor, a digital signal processor, a plurality of microprocessors, one or more microprocessors in association with a DSP core, a controller, a microcontroller, Application Specific Integrated Circuits, Field Programmable 10 Gate Array circuits, any other type of integrated circuits, etc.
[0038] As discussed in the background section, the current known solutions for recovering a user equipment post an integrity validation failure are time consuming and resource intensive and inefficient.
15
[0039] The present disclosure aims to overcome the above-mentioned and other existing problems in this field of technology by a method and a system for user equipment recovery post integrity validation failure.
20 [0040] Hereinafter, exemplary embodiments of the present disclosure will be described with reference to the accompanying drawings.
[0041] FIG. 1A illustrates an exemplary block diagram representation of 5th generation core (5GC) network architecture, in accordance with exemplary embodiment of the present
25 disclosure. As shown in FIG. 1, the 5GC network architecture [100] includes a user equipment (UE) [102], a radio access network (RAN) [104], an access and mobility management function (AMF) [106], a Session Management Function (SMF) [108], a Service Communication Proxy (SCP) [110], an Authentication Server Function (AUSF) [112], a Network Slice Specific Authentication and Authorization Function (NSSAAF)
30 [114], a Network Slice Selection Function (NSSF) [116], a Network Exposure Function (NEF) [118], a Network Repository Function (NRF) [120], a Policy Control Function (PCF) [122], a Unified Data Management (UDM) [124], an application function (AF) [126], a User Plane Function (UPF) [128], a data network (DN) [130], wherein all the
14

components are assumed to be connected to each other in a manner as obvious to the person skilled in the art for implementing features of the present disclosure.
[0042] The User Equipment (UE) [102] interfaces with the network via the Radio Access 5 Network (RAN) [104]; the Access and Mobility Management Function (AMF) [106] manages connectivity and mobility, while the Session Management Function (SMF) [108] administers session control; the service communication proxy (SCP) [110] routes and manages communication between network services, enhancing efficiency and security, and the Authentication Server Function (AUSF) [112] handles user authentication; the Network
10 Slice Specific Authentication and Authorization Function (NSSAAF) [114] for integrating the 5G core network with existing 4G LTE networks i.e., to enable Non-Standalone (NSA) 5G deployments, the Network Slice Selection Function (NSSF) [116], Network Exposure Function (NEF) [118], and Network Repository Function (NRF) [120] enable network customization, secure interfacing with external applications, and maintain network function
15 registries respectively; the Policy Control Function (PCF) [122] develops operational policies, and the Unified Data Management (UDM) [124] manages subscriber data; the Application Function (AF) [126] enables application interaction, the User Plane Function (UPF) [128] processes and forwards user data, and the Data Network (DN) [130] connects to external internet resources; collectively, these components are designed to enhance
20 mobile broadband, ensure low-latency communication, and support massive machine-type communication, solidifying the 5GC as the infrastructure for next-generation mobile networks.
[0043] Radio Access Network (RAN) [104] is the part of a mobile telecommunications 25 system that connects user equipment (UE) [102] to the core network (CN) and provides access to different types of networks (e.g., 5G network). It consists of radio base stations and the radio access technologies that enable wireless communication.
[0044] Access and Mobility Management Function (AMF) [106] is a 5G core network 30 function responsible for managing access and mobility aspects, such as UE registration, connection, and reachability. It also handles mobility management procedures like handovers and paging.
15

[0045] Session Management Function (SMF) [108] is a 5G core network function responsible for managing session-related aspects, such as establishing, modifying, and releasing sessions. It coordinates with the User Plane Function (UPF) for data forwarding and handles IP address allocation and QoS enforcement.
5
[0046] Service Communication Proxy (SCP) [110] is a network function in the 5G core network that facilitates communication between other network functions by providing a secure and efficient messaging service. It acts as a mediator for service-based interfaces.
10 [0047] Authentication Server Function (AUSF) [112] is a network function in the 5G core responsible for authenticating UEs during registration and providing security services. It generates and verifies authentication vectors and tokens.
[0048] Network Slice Specific Authentication and Authorization Function (NSSAAF) 15 [114] is a network function that provides authentication and authorization services specific to network slices. It ensures that UEs can access only the slices for which they are authorized.
[0049] Network Slice Selection Function (NSSF) [116] is a network function responsible 20 for selecting the appropriate network slice for a UE based on factors such as subscription, requested services, and network policies.
[0050] Network Exposure Function (NEF) [118] is a network function that exposes capabilities and services of the 5G network to external applications, enabling integration 25 with third-party services and applications.
[0051] Network Repository Function (NRF) [120] is a network function that acts as a central repository for information about available network functions and services. It facilitates the discovery and dynamic registration of network functions.
30
[0052] Policy Control Function (PCF) [122] is a network function responsible for policy control decisions, such as QoS, charging, and access control, based on subscriber information and network policies.
16

[0053] Unified Data Management (UDM) [124] is a network function that centralizes the management of subscriber data, including authentication, authorization, and subscription information.
5 [0054] Application Function (AF) [126] is a network function that represents external applications interfacing with the 5G core network to access network capabilities and services.
[0055] User Plane Function (UPF) [128] is a network function responsible for handling 10 user data traffic, including packet routing, forwarding, and QoS enforcement.
[0056] Data Network (DN) [130] refers to a network that provides data services to user equipment (UE) in a telecommunications system. The data services may include but are not limited to Internet services, private data network related services.
15
[0057] Referring to Figure 1B, an exemplary block diagram comprising a system [100], for user equipment recovery post integrity validation failure, is shown, in accordance with the exemplary embodiments of the present disclosure.
20 [0058] The system [100] comprises one or more unit(s). The system [100] may be implemented on a server of 5G communication network. Also, all of the components/ units of the system [100] are assumed to be connected to each other unless otherwise indicated below. Also, in Fig. 1B only a few units are shown, however, the system [100] may comprise multiple such units or the system [100] may comprise any such numbers of said
25 units, as required to implement the features of the present disclosure. The system [100] may reside in a server or a network entity. A user device [103] (also referred as UE) interacts with the system [100] in the communication network. The system [100] may reside partly in the server/ network entity and partly in the user device [103].
30 [0059] The system [100] is configured for user equipment recovery post integrity validation failure, with the help of the interconnection between the components/units of the system [100].
17

[0060] In an embodiment, the system [100] is configured for immediate user equipment recovery post integrity validation failure.
[0061] In order to immediately recover user equipment, post integrity validation failure 5 by the system [100] may be partially or completely configured at an access and mobility management function (AMF) module [106] implemented by the network entity. The system [100] comprises a first transceiver unit [105], an analysis unit [109] connected to the first transceiver unit [105], a storage unit [111] connected to the analysis unit [109] and a loading unit [113] connected to the storage unit [111]. The first transceiver unit [105] is
10 configured to receive a trigger procedure for initiating an initial context setup (ICS) request from the user device [103]. The trigger procedure for initiating the ICS request is related to one of a periodic request, a service request, and a mobility request. The first transceiver unit [105] is also configured to send the ICS request with one of a registration accept non-access stratum (also called as NAS) message, and a service accept NAS message to a
15 second transceiver unit [107] at a connected network (preferably a RAN). It is to be noted that the user device [103] interacts with the second transceiver unit [107]. It is further noted that the connected network is a wireless communication network with which the user device [103] is connected. The analysis unit [109] is configured to calculate a first media access control (MAC) number based on at least one of a downlink sequence number stored
20 at the storage unit [111] connected to the analysis unit [109], a downlink overflow count value stored at the storage unit [111] and a set of integrity keys stored at the storage unit [111]. It is to be noted that the downlink sequence number helps in ensuring proper sequencing and integration of the messages which are sent to the user equipment (UE). Thus, the consistency of the messages is maintained between the network and the UE by
25 implementing the proper order of the NAS messages. Further, the downlink overflow count value is a value responsible for keeping track of the messages by counting the number of times the downlink sequence number reached its maximum value. This further ensures the consistency and also helps in proper message sequencing and detection of any loss or duplication of messages. It is further noted that the set of integrity keys helps in
30 understanding the limit of the message. The first transceiver unit [105] is further configured to transmit the first MAC number to the user device [103] for matching with a second MAC number. It is to be noted that the second MAC number is calculated based on at least one of a downlink sequence number stored at the user device [103], a downlink overflow count stored at the user device [103], and a set of integrity keys stored at the user device [103].
18

[0062] The first transceiver unit [105] is further configured to receive a fifth generation mobility management (5GMM) status message from the user device [103] in an event of mismatch between the first MAC number and the second MAC number. The 5GMM status 5 message here refers to the status message exchanged between the user device [103] and the AMF module [106] in the communication network (preferably a 5G communication network). This 5GMM status message is used by the user device [103] to report its current mobility state, including information such as a registration status, a mobility management state, and an availability of network services. The 5GMM status message enables the 10 network to monitor and manage the mobility of the user device(s) [103] within the network and ensure seamless connectivity and service delivery. The storage unit [111] is further configured to store the 5GMM status message in a user context associated with the user device [103].
15 [0063] The storage unit [111] while storing the 5GMM status message in a user context associated with the user device [103] is further configured to store a cause detail related to the 5GMM status message. The first transceiver unit [105] is further configured to receive the trigger procedure from the user device [103] for reinitiating the ICS request. The loading unit [113] is further configured to initiate one of a performance of an authentication
20 procedure, and a service reject procedure. It is also to be noted that the service reject procedure is the procedure of the 5GMM that gets executed when the service request cannot be accepted. It is further noted that the performance of the authentication procedure is initiated in an event the user device [103] re-transmits one of the mobility requests and the periodic request, and the service reject procedure is initiated in an event the user device
25 [103] re-transmits the service request. It is also important to note that the service reject procedure comprises the loading unit [113] further configured send a service reject indication by the first transceiver unit [105] to the user device [103] with a cause message. For the performance of the authentication procedure, the analysis unit [109] is configured to calculate the first media access control (MAC) number based on at least one of the
30 downlink sequence number stored at the storage unit [111] and associated with the reinitiated ICS request, the downlink overflow count value stored at the storage unit [111] and associated with the reinitiated ICS request, and the set of integrity keys stored at the storage unit [111] and associated with the reinitiated ICS request. Further, for the performance of the authentication procedure, the first transceiver unit [105] is further
19

configured to transmit the first MAC number for matching with the second MAC number to the user device [103]. It is to be noted that the second MAC number is calculated based on at least one of the downlink sequence number stored at the user device [103], the downlink overflow count stored at the user device [103], and the set of integrity keys stored 5 at the user device [103].
[0064] Furthermore, for the performance of the authentication procedure, the first transceiver unit [105] is further configured to receive a status message from the user device [103]. It is to be noted that the status message is based on a result of the matching between
10 the first MAC number and the second MAC number. It is important to note that the result is one of a success match result and a mismatch result. Also, for the performance of the authentication procedure, the loading unit [113] is further configured to reset a security data, using security mode command (SMC) message. It is important to note that the security mode command message refers to the message sent by the AMF module [106] for
15 protection of the integrity of the NAS. The security data here comprises an uplink sequence number associated with the reinitiated ICS request, the downlink sequence number associated with the reinitiated ICS request, an uplink overflow count associated with the reinitiated ICS request, the downlink overflow count associated with the reinitiated ICS request, the set of integrity keys associated with the reinitiated ICS request, and a cipher
20 key associated with the reinitiated ICS request.
[0065] Yet another aspect of the present disclosure relates to a non-transitory computer readable storage medium storing instruction for user equipment recovery post integrity validation failure. The storage medium comprises executable code which, when executed
25 by one or more units of a system [100] may causes a first transceiver unit [105] configured to receive, from a user device [103], a trigger procedure for initiating an initial context setup (ICS) request, wherein the initial context setup request is one of a periodic request, a service request, and a mobility request, send to a second transceiver unit [107] at a connected network, the ICS request with one of a registration accept non-access stratum
30 (NAS) message, and a service accept NAS message, wherein the connected network is a wireless communication network with which the user device [103] is connected, an analysis unit [109] connected to at least the first transceiver unit [105], wherein the analysis unit [109] is configured to calculate a first media access control (MAC) number based on at least one of a downlink sequence number stored at a storage unit [111] connected to the
20

analysis unit [109], a downlink overflow count value stored at the storage unit [111] and a set of integrity keys stored at the storage unit [111], transmit to the user device [103], the first MAC number for matching with a second MAC number, wherein the second MAC number is calculated based on at least one of a downlink sequence number stored at the 5 user device [103], a downlink overflow count stored at the user device [103], and a set of integrity keys stored at the user device [103], receive from the user device [103], a fifth generation mobility management (5GMM) status message in an event of mismatch between the first MAC number and the second MAC number, the storage unit [111] connected to at least the analysis unit [109] configured to store the 5GMM status message in a user context
10 associated with the user device [103], receive from the user device [103], the trigger procedure for reinitiating the ICS request, and a loading unit [113] connected to the storage unit [111], wherein the loading unit [113] is configured to initiate one of: a performance of an authentication procedure, and a service reject procedure, wherein the performance of the authentication procedure is initiated in an event the user device [103] re-transmits one of
15 the mobility request and the periodic request, and the service reject procedure is initiated in an event the user device [103] re-transmits the service request, the service reject procedure comprising sending, by the first transceiver unit [105], a service reject indication to the user device [103] with a cause message.
20 [0066] Referring to Figure 3 an exemplary method [300] flow diagram, for user equipment recovery post integrity validation failure, in accordance with exemplary embodiments of the present disclosure is shown. In an implementation the method [300] is performed by the system [100]. As shown in Figure 3, the method [300] starts at step [302].
25 [0067] At step [304], the method [200] as disclosed by the present disclosure comprises receiving at an access and mobility management function (AMF) module [106], a trigger procedure for initiating an initial context setup (ICS) request by a first transceiver unit [105] from a user device [103]. It is emphasized that the initial context setup request is one of a periodic request, a service request, and a mobility request.
30
[0068] It is to be noted that the trigger procedure for initiating the ICS request is related to one of a periodic request, a service request, and a mobility request.
21

[0069] Next, at step [306], the method [300] as disclosed by the present disclosure comprises sending the ICS request with one of a registration accept non-access stratum (NAS) message and a service accept NAS message by the first transceiver unit [105] at the AMF module [106] to a second transceiver unit [107] at a connected network. It is 5 emphasized that the connected network is a wireless communication network with which the user device [103] is connected.
[0070] Next, at step [308], the method [300] as disclosed by the present disclosure comprises calculating at the AMF module [106], a first media access control (MAC) 10 number based on at least one of a downlink sequence number stored at a storage unit [111], a downlink overflow count value stored at the storage unit [111] and a set of integrity keys stored at the storage unit [111] by an analysis unit [109].
[0071] Next, at step [310], the method [300] as disclosed by the present disclosure 15 comprises transmitting at the AMF module [106], the first MAC number for matching with a second MAC number by the first transceiver unit [105] to the user device [103]. It is emphasized that the second MAC number is calculated based on at least one of a downlink sequence number stored at the user device [103], a downlink overflow count stored at the user device [103] and a set of integrity keys stored at the user device [103].
20
[0072] Next, at step [312], the method [300] as disclosed by the present disclosure comprises receiving a fifth generation mobility management (5GMM) status message at the AMF module [106] in an event of mismatch between the first MAC number and the second MAC number, by the first transceiver unit [105] from the user device [103].
25
[0073] Next, at step [314], the method [300] as disclosed by the present disclosure comprises storing at the AMF module [106], the 5GMM status message in a user context associated with the user device [103] by the storage unit [111].
30 [0074] It is to be noted that the storing at the AMF module [106], the 5GMM status message in a user context associated with the user device [103] by the storage unit [111] further comprises storing a cause detail related to the 5GMM status message. Here, the cause details refer to the cause sent when the downlink sequence number becomes out of sync at the user device [103] (for e.g. let’s suppose 0) and the AMF module [106] (for e.g.
22

let’s suppose 5). So now when the AMF module [106] wants to send message, then it might use the downlink sequence number 5 and the user device [103] uses the downlink sequence number as 1 for calculating MAC. Now when the user device [103] encounters this, it will send the 5GMM status having the cause.
5
[0075] Next, at step [316], the method [300] as disclosed by the present disclosure comprises receiving at the AMF module [106], the trigger procedure for reinitiating the ICS request by the first transceiver unit [105] from the user device [103].
10 [0076] Next, at step [318], the method [300] as disclosed by the present disclosure comprises initiating at the AMF module [106], one of a performance of an authentication procedure and a service reject procedure by a loading unit [113]. It is emphasized that the performance of the authentication procedure is initiated in an event the user device [103] re-transmits one of the mobility request and the periodic request, and the service reject
15 procedure is initiated in an event the user device [103] re-transmits the service request. It is to be noted that the service reject procedure comprises sending a service reject indication to the user device [103] with a cause message by the first transceiver unit [105].
[0077] It is to be noted that the performance of the authentication procedure comprises 20 calculating at the AMF module [106], the first media access control (MAC) number based on at least one of the downlink sequence number stored at the storage unit [111] and associated with the reinitiated ICS request, the downlink overflow count value stored at the storage unit [111] and associated with the reinitiated ICS request, and the set of integrity keys stored at the storage unit [111] and associated with the reinitiated ICS request by the 25 analysis unit [109]. The performance of the authentication procedure further comprises transmitting at the AMF module [106], the first MAC number for matching with the second MAC number by the first transceiver unit [105] to the user device [103]. It is to be noted that the second MAC number is calculated based on at least one of the downlink sequence number stored at the user device [103], the downlink overflow count stored at the user 30 device [103], and the set of integrity keys stored at the user device [103]. The performance of the authentication procedure further comprises receiving at the AMF module [106], a status message by the first transceiver unit [105] from the user device [103]. It is emphasized that the status message is based on a result of the matching between the first
23

MAC number and the second MAC number. It is to be noted that the result is one of a success match result and a mismatch result.
[0078] It is to be noted that the performance of the authentication procedure further 5 comprises resetting at the AMF module [106], a security data by the loading unit [113] using security mode command (SMC) message. It is important to note that the security mode command message refers to the message sent by the AMF module [106] for protection of the integrity of the NAS.
10 [0079] It is to be noted that the security data comprises an uplink sequence number, the downlink sequence number, an uplink overflow count associated with the reinitiated ICS request, the downlink overflow count associated with the reinitiated ICS request, the set of integrity keys associated with the reinitiated ICS request, and a cipher key associated with the reinitiated ICS request. It is important to note that the cipher key is required for
15 authentication in order to protect confidentiality of the NAS. The cipher key is used to secure the communication by preventing unauthorised access to the security mode command message of the NAS.

[0080]

Thereafter, the method terminates at step [320].

20
[0081] As is evident from the above, the present disclosure provides a technically advanced solution for user equipment/ device recovery post integrity validation failure. The system and method as disclosed by the present disclosure optimizes signalling and makes the user device (UE) recovery faster/immediate as compared to conventional systems and
25 methods for UE recovery post integrity validation failure. This is primarily because the solution as disclosed by the present disclosure does not require UE to cycle through pre¬defined number of attempts of sending Mobility Request/Periodic Request/Service Request to AMF. Moreover, the solution as disclosed by the present disclosure for user equipment recovery post integrity validation failure significantly reduces network traffic, thereby
30 reducing load on network and increasing network capacity and performance.
[0082] Further, in accordance with the present disclosure, it is to be acknowledged that the functionality described for the various the components/units can be implemented interchangeably. While specific embodiments may disclose a particular functionality of
24

these units for clarity, it is recognized that various configurations and combinations thereof are within the scope of the disclosure. The functionality of specific units as disclosed in the disclosure should not be construed as limiting the scope of the present disclosure. Consequently, alternative arrangements and substitutions of units, provided they achieve 5 the intended functionality described herein, are considered to be encompassed within the scope of the present disclosure.
[0083] While considerable emphasis has been placed herein on the disclosed embodiments, it will be appreciated that many embodiments can be made and that many 10 changes can be made to the embodiments without departing from the principles of the present disclosure. These and other changes in the embodiments of the present disclosure will be apparent to those skilled in the art, whereby it is to be understood that the foregoing descriptive matter to be implemented is illustrative and non-limiting.

We Claim:
1. A method [300] for user equipment recovery post integrity validation failure, the method comprising:
- receiving at an access and mobility management function (AMF)
5 module [106], by a first transceiver unit [105] from a user device
[103], a trigger procedure for initiating an initial context setup (ICS) request, wherein the initial context setup request is one of a periodic request, a service request, and a mobility request;
- sending, by the first transceiver unit [105] at the AMF module [106]
10 to a second transceiver unit [107] at a connected network, the ICS
request with one of a registration accept non-access stratum (NAS)
message, and a service accept NAS message,
wherein the connected network is a wireless communication network with
which the user device [103] is connected;
15 - calculating at the AMF module [106], by an analysis unit [109], a first
media access control (MAC) number based on at least one of a
downlink sequence number stored at a storage unit [111], a downlink
overflow count value stored at the storage unit [111] and a set of
integrity keys stored at the storage unit [111];
20 - transmitting at the AMF module [106], by the first transceiver unit
[105] to the user device [103], the first MAC number for matching
with a second MAC number, wherein o the second MAC number is calculated based on at least one of a
downlink sequence number stored at the user device [103], a downlink
25 overflow count stored at the user device [103], and a set of integrity
keys stored at the user device [103];
- receiving at the AMF module [106], by the first transceiver unit [105]
from the user device [103], a fifth generation mobility management
(5GMM) status message in an event of mismatch between the first
30 MAC number and the second MAC number;
- storing at the AMF module [106], by the storage unit [111], the 5GMM
status message in a user context associated with the user device [103];
26

-
-

receiving at the AMF module [106], by the first transceiver unit [105] from the user device [103], the trigger procedure for reinitiating the ICS request; and
initiating at the AMF module [106], by a loading unit [113], one of: a performance of an authentication procedure, and a service reject procedure, wherein the performance of the authentication procedure is initiated in an event the user device [103] re-transmits one of the mobility request and the periodic request, and the service reject procedure is initiated in an event the user device [103] re-transmits the service request, the service reject procedure comprising sending, by the first transceiver unit [105], a service reject indication to the user device [103] with a cause message.

2. The method [300] as claimed in claim 1, wherein the performance of the
15 authentication procedure comprises:
- calculating at the AMF module [106], by the analysis unit [109], the
first media access control (MAC) number based on at least one of the
downlink sequence number stored at the storage unit [111] and
associated with the reinitiated ICS request, the downlink overflow
20 count value stored at the storage unit [111] and associated with the
reinitiated ICS request, and the set of integrity keys stored at the storage unit [111] and associated with the reinitiated ICS request;
- transmitting at the AMF module [106], by the first transceiver unit
[105] to the user device [103], the first MAC number for matching
25 with the second MAC number, wherein the second MAC number is
calculated based on at least one of the downlink sequence number stored at the user device [103], the downlink overflow count stored at the user device [103], and the set of integrity keys stored at the user device [103]; and
30 - receiving at the AMF module [106], by the first transceiver unit [105]
from the user device [103], a status message, wherein the status message is based on a result of the matching between the first MAC number and the second MAC number, wherein the result is one of a success match result and a mismatch result.
27

3. The method [300] as claimed in claim 2, wherein the performance of the authentication procedure further comprises resetting at the AMF module [106], by the loading unit [113], a security data, using security mode command (SMC) message.
4. The method [300] as claimed in claim 3, wherein the security data comprises an
uplink sequence number associated with the reinitiated ICS request, the downlink
sequence number associated with the reinitiated ICS request, an uplink overflow
count associated with the reinitiated ICS request, the downlink overflow count
10 associated with the reinitiated ICS request, the set of integrity keys associated with
the reinitiated ICS request, and a cipher key associated with the reinitiated ICS request.
5. The method [300] as claimed in claim 1, wherein the storing at the AMF module
15 [106], by the storage unit [111], the 5GMM status message in a user context
associated with the user device [103] further comprises storing a cause detail related to the 5GMM status message.
6. The method [300] as claimed in claim 1, wherein the trigger procedure for initiating
20 the ICS request is related to one of a periodic request, a service request, and a
mobility request.
7. A system [100] for user equipment recovery post integrity validation failure, the
system [100] comprising:
25 o a first transceiver unit [105] configured to:
receive, from a user device [103], a trigger procedure for initiating an initial context setup (ICS) request, wherein the initial context setup request is one of a periodic request, a service request, and a mobility request, and
30 send, to a second transceiver unit [107] at a connected network, the
ICS request with one of a registration accept non-access stratum (NAS) message, and a service accept NAS message,
wherein the connected network is a wireless communication network with which the user device [103] is connected;

o an analysis unit [109] connected to at least the first transceiver unit [105], wherein the analysis unit [109] is configured to calculate, a first media access control (MAC) number based on at least one of a downlink sequence number stored at a storage unit [111] connected to the analysis unit [109], a downlink overflow count value stored at the storage unit [111] and a set of integrity keys stored at the storage unit [111],
wherein the first transceiver unit [105] is further configured to:
transmit, to the user device [103], the first MAC number for matching with a second MAC number, wherein the second MAC number is calculated based on at least one of a downlink sequence number stored at the user device [103], a downlink overflow count stored at the user device [103], and a set of integrity keys stored at the user device [103], and
receive, from the user device [103], a fifth generation mobility management (5GMM) status message in an event of mismatch between the first MAC number and the second MAC number,
- wherein the storage unit [111] connected to at least the analysis unit [109] is configured to store, the 5GMM status message in a user context associated with the user device [103],
- wherein the first transceiver unit [105] is further configured to receive, from the user device [103], the trigger procedure for reinitiating the ICS request; and
o a loading unit [113] connected to the storage unit [111], wherein the loading unit [113] is configured to initiate, one of: a performance of an authentication procedure, and a service reject procedure, wherein the performance of the authentication procedure is initiated in an event the user device [103] re-transmits one of the mobility request and the periodic request, and the service reject procedure is initiated in an event the user device [103] re-transmits the service request, the service reject procedure comprises the loading unit [113] further configured to

send, by the first transceiver unit [105], a service reject indication to the user device [103] with a cause message.
8. The system [100] as claimed in claim 7, wherein for the performance of the
5 authentication procedure comprises:
- the analysis unit [109] is configured to calculate, the first media access
control (MAC) number based on at least one of the downlink sequence
number stored at the storage unit [111] and associated with the
reinitiated ICS request, the downlink overflow count value stored at
10 the storage unit [111] and associated with the reinitiated ICS request,
and the set of integrity keys stored at the storage unit [111] and associated with the reinitiated ICS request, and
- the first transceiver unit [105] is further configured to:
transmit, to the user device [103], the first MAC number for
15 matching with the second MAC number, wherein the second MAC
number is calculated based on at least one of the downlink sequence
number stored at the user device [103], the downlink overflow count
stored at the user device [103], and the set of integrity keys stored at
the user device [103], and
20 receive, from the user device [103], a status message, wherein the
status message is based on a result of the matching between the first MAC number and the second MAC number, wherein the result is one of a success match result and a mismatch result.
25 9. The system [100] as claimed in claim 8, wherein for the performance of the
authentication procedure, the loading unit [113] is further configured to: reset a security data, using security mode command (SMC) message.
10. The system [100] as claimed in claim 9, wherein the security data comprises an
30 uplink sequence number associated with the reinitiated ICS request, the downlink
sequence number associated with the reinitiated ICS request, an uplink overflow
count associated with the reinitiated ICS request, the downlink overflow count
associated with the reinitiated ICS request, the set of integrity keys associated with

the reinitiated ICS request, and a cipher key associated with the reinitiated ICS request.
11. The system [100] as claimed in claim 7, wherein the storage unit [111] while
5 storing the 5GMM status message in a user context associated with the user device
[103], is further configured to store a cause detail related to the 5GMM status message.
12. The system [100] as claimed in claim 7, wherein the trigger procedure for initiating
10 the ICS request is related to one of a periodic request, a service request, and a
mobility request.
13. The system [100] as claimed in claim 7, wherein the system [100] is configured at
an access and mobility management function (AMF) module [106].