A UE transitioning between RRC_IDLE to RRC_CONNECTED must have its RRC and UP protection keys generation while NAS and higher layer protection keys are assumed to be already available in the MME. Higher layer keys may have been established in the MME as a result of an AKA run, or as a result of transfer from another MME during handover or idle mode mobility.
When transitioning between RRC_CONNECTED to RRC_IDLE, eNBs delete all the keys they store such that the state for IDLE mode has be maintained only at in the MME. The eNB will also not be storing any state information about the corresponding UE. Specifically, both the eNB and the UE will delete NH, KeNB, KRRCenc, KRRCint, KUPenc and related NCC, but the MME and the UE will maintain the KASME, KNASint and KNASenc.
During mobility, the key hierarchy does not allow explicit RRC and UP key updates, but RRC and UP keys are derived based on algorithm identifiers and KeNB which results with new RRC and UP keys at every handover. Figure 14.4 shows the model for key handling during handover. The handling proceeds as follows.
Whenever an initial AS security context needs to be established between UE and eNB, MME and the UE shall derivate a KeNB a NH, both of which are derived from the K