The process 400 is performed on SMS data 405. In the case of a mobile-originated SMS message, the SMS data 405 is generated by user equipment. In the case of a mobile-terminated SMS message, the SMS data 405 is generated by an SMSF and provided to an AMF, which performs the process 400. The SMS data 405 and an encryption key 410 are provided to an encryption module 415. The encryption key 410 is stored in an NAS context associated with the user equipment and the AMF and copies of the encryption key 410 are stored at the user equipment and the AMF. Some embodiments of the encryption key 410 are NAS encryption keys. The encryption module 415 encrypts the SMS data 405 using the encryption key 410.

An NAS message 420 is formed by adding the encrypted SMS data 425 to a payload of the NAS message and appending an NAS header 430. Some embodiments of the NAS header 430 include information identifying an NAS link that is used to convey the NAS message 420. As discussed herein, the information identifying the NAS link can be used to identify the encryption key 410 in an NAS context and an integrity key 435 that is used to provide integrity protection for the NAS message 420.

An integrity protection module 440 uses the integrity key 435 to generate an integrity-protected NAS message 445. For example, information 450 generated based on the integrity key 435 can be appended to the NAS message 422 generate the integrity-protected NAS message 445.