Accessing a denied network resource

The invention claimed is: 1 . A method at a user equipment (UE), the method comprising: transmitting a first registration request to register with a mobile communication network, the first registration request comprising a set of one or more network slices; receiving a registration response comprising an empty allowed network slice selection assistance information (“NSSAI”) parameter; determining, based on the empty allowed NSSAI parameter, to avoid other network services except emergency services; receiving an authentication message associated with a network slice specific authentication and authorization procedure; transmitting an authentication response in response to the authentication message; receiving a first reply message from a network function in the mobile communication network indicating that the UE's access to a network slice in the mobile communication network is denied due to an authentication failure or an authorization specific failure, wherein the authentication failure or authorization specific failure is one of: failed Network-Slice-Specific Authentication and Authorization (“NSSAA”) of the UE, or revoked authorization of the UE; monitoring for an authorization specific condition corresponding to the authentication failure or the authorization specific failure to be met prior to the UE initiating a second registration request to register with the network slice that is denied due to the authentication failure or the authorization specific failure; and initiating signaling towards the mobile communication network to register with the network slice that is denied due to the authentication failure or the authorization specific failure in response to the authorization specific condition corresponding to the authentication failure or the authorization specific failure being met. 2 . The method of claim 1 , wherein the first reply message includes a cause value indicating a reason for a denial of the UE to access to the network slice, wherein the cause value indicates that the UE's access to the network slice in the mobile communication network is denied due to one of: failed NSSAA of the UE, revoked authorization for the UE, or incomplete authentication of the UE. 3 . The method of claim 1 , wherein the first reply message further indicates the authorization specific condition to be met before the UE initiates signaling to request that the UE be provided access to the network slice for which access is denied to the UE. 4 . The method of claim 1 , wherein the empty allowed NSSAI parameter comprises an empty list of network slice identifiers. 5 . The method of claim 1 , wherein the first reply message indicates that the UE's registration to the network slice is rejected due to the authentication failure or the authorization specific failure, and wherein the UE's access to all requested network resources is denied. 6 . The method of claim 1 , wherein the authorization specific condition to be met comprises one of: the UE receiving a second reply message from the network that revokes the indication of the network slice that is denied to the UE due to the authentication failure or the authorization specific failure, or an expiration of a network slice unavailability timer, and wherein the first reply message includes a value for the network slice unavailability timer. 7 . The method of claim 1 , further comprising maintaining a list of denied network slice identities, and deleting an entry from the list of denied network slice identities upon occurrence of an event selected from the set comprising: a UE transition to a deregistered state, universal integrated circuit card (“UICC”) removal at the UE, UE route selection policy (“URSP”) policy update, trigger from upper layers, expiration of a network slice unavailability timer, or a combination thereof. 8 . A User Equipment (“UE”) apparatus comprising: at least one memory; and at least one processor coupled with the at least one memory and configured to cause the UE to: transmit, to a network function in a mobile communication network, a first registration request to register with the mobile communication network, the first registration request comprising a set of one or more network slices; receive a registration response comprising an empty allowed network slice selection assistance information (“NSSAI”) parameter; determine based on the empty allowed NSSAI parameter, to avoid other network services except emergency services; receive an authentication message associated with a network slice specific authentication and authorization procedure; transmit an authentication response in response to the authentication message; receive, from the network function, a first reply message indicating that the UE apparatus's access to a network slice in the mobile communication network is denied due to an authentication failure or an authorization specific failure, wherein the authentication failure or authorization specific failure is one of: failed Network-Slice-Specific Authentication and Authorization (“NSSAA”) of the UE apparatus, or revoked authorization of the UE apparatus; monitor for an authorization specific condition corresponding to the authentication failure or the authorization specific failure to be met prior to initiating a second registration request to register with the network slice that is denied due to the authentication failure or the authorization specific failure; and initiate signaling towards the mobile communication network to register with the network slice that is denied due to the authentication failure or the authorization specific failure in response to the authorization specific condition corresponding to the authentication failure or the authorization specific failure being met. 9 . The apparatus of claim 8 , wherein the first reply message includes a cause value indicating a reason for a denial of the UE apparatus's access to the network slice, and wherein the cause value further indicates that the UE apparatus's access to the network slice in the mobile communication network is denied due to one of: failed NSSAA of the UE apparatus, revoked authorization for the UE apparatus, or incomplete authentication of the UE apparatus. 10 . The apparatus of claim 8 , wherein the first reply message indicates the authorization specific condition to be met before initiating signaling to request access to the network slice that is denied due to the authentication failure or the authorization specific failure for which access is denied. 11 . A method comprising: receiving, from a user equipment (“UE”), a first registration request to register with a mobile communication network, the first registration request comprising a set of one or more network slices; transmitting a registration response comprising an empty allowed network slice selection assistance information (“NSSAI”) parameter; transmitting an authentication message associated with a network slice specific authentication and authorization procedure; receiving, from the UE, an authentication response in response to the authentication message; receiving, at a network function, a first reply message from a network resource in the mobile communication network indicating unavailability of a network slice to the UE due to an authentication failure or an authorization specific failure for the UE, wherein the authentication failure or authorization specific failure is one of: failed Network-Slice-Specific Authentication and Authorization (“NSSAA”) of the UE, or revoked authorization of the UE; determining one or more authorization specific conditions corresponding to the authentication failure or the authorization specifi