Authentication server function selection in an authentication and key agreement

What is claimed is: 1 . A method for data communication, comprising: receiving, by a first network function, a first Authentication and Key Management Application (AKMA) key identifier, an identifier of a terminal, and a Serving Network Name (SNN) from a fourth network function, wherein the fourth network function received the first AKMA key identifier, the identifier of the terminal, and the SNN from the terminal via an application session request; transmitting, by the first network function, a first request to retrieve an identifier of a second network function that authenticated the terminal to a third network function, the first request including the SNN obtained from the application session request; receiving, by the first network function, a response from the third network function, the response including the identifier of the second network function that authenticated the terminal, the identifier of the second network function being identified based on the SNN; receiving, by the first network function, an AKMA key from the second network function, in response to transmitting a key request message to the second network function using the identifier of the second network function; generating, by the first network function, (i) a new random number (RAND) and (ii) a new AKMA key identifier for the AKMA key based on the new RAND, wherein the new AKMA key identifier generated based on the new RAND is different from the first AKMA key identifier included in the application session request originating from the terminal; and transmitting, by the first network function, the new AKMA key identifier to initiate communication with the terminal via an application session establishment response and update the first AKMA key identifier with the new AKMA key identifier, wherein the first network function comprises an Authentication and Key Management Application (AKMA) anchor function (AAnF), the second network function comprises an Authentication Server Function (AUSF), and the third network function comprises a unified data management (UDM) function. 2 . The method of claim 1 , wherein the response includes a subscriber permanent identifier (SUPI). 3 . The method of claim 2 , wherein the third network function is configured to identify, based on the SNN, a record in a database that corresponds to the second network function that authenticated the terminal and retrieve the identifier of the second network function that authenticated the terminal and the SUPI included in the record in the database. 4 . The method of claim 2 , further comprising transmitting, by the first network function, the key request message to the second network function that is identified based on the identifier of the second network function that authenticated the terminal, the key request message including the SUPI. 5 . The method of claim 1 , wherein function comprises an AKMA application function. 6 . An apparatus for communication comprising processor electronics and a memory storing instructions that, when executed by the processor electronics, cause the apparatus to: receive, by a first network function, a first Authentication and Key Management Application (AKMA) key identifier, an identifier of a terminal, and a Serving Network Name (SNN) from a fourth network function, wherein the fourth network function received the first AKMA key identifier, the identifier of the terminal, and the SNN from the terminal via an application session request; transmit, by the first network function, a first request to retrieve an identifier of a second network function that authenticated the terminal to a third network function, the first request including the SNN obtained from the application session request; receive, by the first network function, a response from the third network function, the response including the identifier of the second network function that authenticated the terminal, the identifier being identified based on the SNN; receive, by the first network function, an AKMA key from the second network function, in response to transmitting a key request message to the second network function using the identifier of the second network function; generate, by the first network function, (i) a new random number (RAND) and (ii) a new AKMA key identifier for the AKMA key based on the new RAND, wherein the new AKMA key identifier generated based on the new RAND is different from the first AKMA key identifier included in the application session request originating from the terminal; and transmit, by the first network function, the new AKMA key identifier to initiate communication with the terminal via an application session establishment response and update the first AKMA key identifier with the new AKMA key identifier, wherein the first network function comprises an Authentication and Key Management Application (AKMA) anchor function (AAnF), the second network function comprises an Authentication Server Function (AUSF), and the third network function comprises a unified data management (UDM) function. 7 . The apparatus of claim 6 , wherein the third network function is configured to identify, based on the SNN, a record in a database that corresponds to the second network function that authenticated the terminal and retrieve the identifier of the second network function that authenticated the terminal and a SUPI included in the record in the database. 8 . The method of claim 1 , further comprising deriving, by the first network function, an application function (AF) key based on the new RAND generated by the first network function. 9 . The method of claim 1 , wherein the generating the new AKMA key identifier for the AKMA key is by the first network function is further based on an identifier of the first network function. 10 . The method of claim 1 , wherein the new AKMA key identifier is transmitted by the first network function to an AKMA application function for provisioning to the terminal via the application session response that includes both (i) the new RAND and (ii) the new AKMA key identifier. 11 . The apparatus of claim 6 , wherein the response includes a subscriber permanent identifier (SUPI). 12 . The apparatus of claim 6 , wherein the instructions further cause the apparatus to transmit, from the first network function, the key request message to the second network function that is identified based on the identifier of the second network function that authenticated the terminal, the key request message including a SUPI. 13 . The apparatus of claim 6 , wherein the fourth network function comprises an AKMA application function. 14 . The apparatus of claim 6 , wherein the instructions further cause the apparatus to: derive, at the first network function, an application function (AF) key based on the new RAND generated by the first network function. 15 . The apparatus of claim 6 , wherein the new AKMA key identifier for the AKMA key is further generated by the first network function based on an identifier of the first network function. 16 . The apparatus of claim 6 , wherein the new AKMA key identifier is transmitted by the first network function to an AKMA application function for provisioning to the terminal via the application session response that includes both (i) the new RAND and (ii) the new AKMA key identifier.