5G Relay Key Procedure Explained
Introduction
Relay Key Procedure is the specialized 5G NAS security flow used when relay-specific key handling and relay authentication are needed.
This is not part of the normal registration path. It belongs to the relay security branch, where the network and relay participant exchange relay-key and relay-authentication information using dedicated NAS messages.
This page is most useful when read together with Relay Key Request, Relay Key Accept, Relay Key Reject, Relay Authentication Request, and Relay Authentication Response.
What Is Relay Key in Simple Terms?
A relay key is a relay-specific security value used when a UE participates in a 5G relay scenario. In beginner terms, think of it as a special-purpose security context for relay service, separate from the ordinary NAS security that already protects normal registration and service procedures.
The network needs this relay-specific key material so it can trust that the relay-related participant is allowed to continue the relay procedure. Without that, the network may allow normal 5G access but still block the relay feature itself.
This means a beginner should think of the relay key procedure like this:
- normal 5G registration proves the UE can access the network
- relay key handling proves the relay-specific branch can be secured
- relay authentication then checks that the later relay exchange is valid and consistent with that security context
So the relay key is not just another generic NAS field. It is part of the security setup that allows the relay feature to move from request stage into authenticated relay operation.
What the Relay Key Procedure Does
The procedure creates and validates relay-specific security state. In practical engineering terms, it answers two questions:
- can the network accept the relay key request?
- can the relay participant complete the later relay authentication branch?
| Procedure part | Why engineers care |
|---|---|
| Relay Key Request | Shows the relay-specific key request entering the network. |
| Relay Key Accept / Reject | Shows whether the key request was accepted or failed. |
| Relay Authentication Request | Starts the relay-specific challenge step. |
| Relay Authentication Response | Returns the challenge response and allows the network to continue or stop the procedure. |
Network Functions and Context
| Entity | Role in the relay key procedure |
|---|---|
| UE / relay participant | Sends relay key request and later relay authentication response. |
| Network NAS entity | Evaluates relay request parameters, returns key outcome, and drives relay authentication. |
| Relay transaction context | Keeps request, accept or reject, and authentication messages tied to the same relay-specific exchange. |
Relay Key Procedure Call Flow Position
UE / Relay Participant Network
|--- Relay Key Request ------------>|
|<-- Relay Key Accept / Reject -----|
|<-- Relay Authentication Request --|
|--- Relay Authentication Response ->|
If the network sends Relay Key Reject, the flow usually stops or retries with corrected context. If the network sends Relay Key Accept, the procedure typically moves into relay authentication.
Step-by-Step Relay Key Procedure
Step 1: Relay Key Request Is Sent
The relay participant sends Relay Key Request to start the relay key branch.
What to inspect
- ProSe relay transaction identity
- relay key request parameters
- whether the relay context is already valid before the request is sent
Step 2: Network Accepts or Rejects the Request
The network replies with either Relay Key Accept or Relay Key Reject.
What to inspect
- whether the transaction identity matches the request
- relay key response parameters in the accept case
- 5GMM cause in the reject case
Step 3: Relay Authentication Starts
If key handling succeeds, the network sends Relay Authentication Request.
What to inspect
- relay authentication parameters
- transaction continuity from the earlier key procedure
Step 4: Relay Authentication Response Returns
The relay participant answers with Relay Authentication Response.
What to inspect
- relay authentication response parameters
- whether the network accepts the response and continues the relay-specific feature flow
Common Failure Patterns
| Failure pattern | Typical engineering meaning |
|---|---|
| Immediate Relay Key Reject | The relay request or context was not acceptable to the network. |
| Relay Key Accept but later failure | The request succeeded, but the later authentication or continuation step failed. |
| No Relay Authentication Response | The relay participant did not process the challenge correctly or the uplink reply was not delivered. |
| Ordinary NAS looks fine but relay feature fails | The issue is isolated to the relay-specific security branch. |
What to Check in Logs and Traces
- transaction identity continuity across all relay messages
- relay key request and response parameters
- reject cause if the network returns Relay Key Reject
- relay authentication parameters and response data
- the exact step where the relay-specific branch stops progressing
Related Procedures
Recommended Reference Specifications
- 3GPP TS 24.501 - 5G NAS Protocol
- 3GPP TS 23.501 - 5G System Architecture
- 3GPP TS 23.502 - 5G System Procedures