OA-20452-A - Subscription concealed identifier

Abstract

A method performed by an authentication server (14) in a home network (3) of a user equipment (1), UE, for obtaining a subscription permanent identifier, SUPI. The method comprises: - receiving a subscription concealed identifier, SUCI, which comprises an encrypted part in which at least a part of the SUPI is encrypted, and a clear-text part which comprises a home network identifier and an encryption scheme identifier that identifies an encryption scheme used by the UE to encrypt the SUPI in the SUCI, - determining a de-concealing server (19) to use to decrypt the encrypted part of the SUCI; - sending the SUCI to the de-concealing server (19), and - receiving the SUPI in response. Methods performed by a UE and a de-concealing server are also disclosed. Furthermore, UEs, deconcealing servers, authentication servers, computer program (133) and a memory circuitry (12) are also disclosed.

Inventors

• BEN HENDA, Noamen
• CASTELLANOS ZAMORA, DAVID
• TORVINEN, VESA
• NAKARMI, Prajwol, Kumar
• WIFVESSON, MONICA
• SAARINEN, Pasi

Assignees

• TELEFONAKTIEBOLAGET LM ERICSSON

Dates

Publication Date

20220905

Application Date

20180717

Priority Date

20170725

Claims (17)

1. 1. A method performed by an authentication server in a home network of a user equipment (UE) for obtaining a subscription permanent identifier (SUPI), wherein the SUPI is a globally unique identifier allocated to a subscriber and the SUPI comprises a home network identifier identifying a home network of the subscriber and a subscription identifier identifying a subscription within the home network, the method comprising: the authentication server receiving a subscription concealed identifier (SUCI) generated by the UE, wherein the SUCI comprises an encrypted part and a clear-text part, and wherein a) the encrypted part of the SUCI generated by the UE comprises the subscription identifier identifying the subscription within the home network, but the encrypted part of the SUCI generated by the UE does not include the home network identifier and b) the clear-text part of the SUCI generated by the UE comprises i) the home network identifier, ii) an encryption scheme identifier that identifies an encryption scheme used by the UE to encrypt the subscription identifier in the SUCI, and iii) a public key identifier for a public key of the home network, but the clear-text part of the SUCI generated by the UE does not comprise the subscription identifier; the authentication server determining a de-concealing server to use to decrypt the encrypted part of the SUCI; the authentication server sending the SUCI to the de-concealing server; and after the authentication server sends the SUCI to the de-concealing server, the authentication server receiving the SUPI in response.
2. 2. The method of claim 1, wherein the de-concealing server is one of a plurality of deconcealing servers, and the determining of the de-concealing server is based on information received from the UE.
3. 3. The method of claim 1, further comprising receiving the SUCI from the UE as part of a registration procedure for registering the UE with a wireless communication network.
4. 4. The method of claim 1, further comprising receiving the SUCI from the UE via an authentication request from a Security Anchor Function.
5. 5. The method of claim 1, further comprising sending the SUCI and a request for an authentication vector for authenticating the UE to the determined de-concealing server in the same message.
6. 6. The method of claim 1, wherein the home network identifier consists of a Mobile Country Code and a Mobile Network Code, and the subscription identifier is a Mobile Subscription Identification Number (MSIN).
7. 7. The method of claim 1, wherein the SUPI is a Network Access Identifier.
8. 8. The method of claim 1, wherein the encryption scheme is an Elliptic Curve Integrated Encryption Scheme (ECIES).
9. 9. A method, performed by a de-concealing server, for providing a subscription permanent identifier (SUPI) to an authentication server, wherein the SUPI is a globally unique identifier allocated to a subscriber and the SUPI comprises a home network identifier identifying a home network of the subscriber and a subscription identifier identifying a subscription within the home network, the method comprising: the de-concealing server receiving, from the authentication server, a subscription concealed identifier (SUCI) generated by the UE, wherein the SUCI comprises an encrypted part and a cleartext part, and wherein a) the encrypted part of the SUCI generated by the UE comprises the subscription identifier identifying the subscription within the home network, but the encrypted part of the SUCI generated by the UE does not include the home network identifier and b) the clear-text part of the SUCI generated by the UE comprises i) the home network identifier, ii) an encryption scheme identifier that identifies an encryption scheme used by the UE to encrypt the subscription identifier in the SUCI, and iii) a public key identifier for a public key of the home network, but the clear-text part of the SUCI generated by the UE does not comprise the subscription identifier; the de-concealing server decrypting the encrypted part of the SUCI, using the encryption scheme indicated by the encryption scheme identifier to obtain the SUPI; and the de-concealing server sending the SUPI to the authentication server.
10. 10. A method performed by a user equipment (UE) for concealing a subscription permanent identifier (SUPI), wherein the SUPI is a globally unique identifier allocated to a subscriber and the SUPI comprises a home network identifier identifying a home network of the subscriber and a subscription identifier identifying a subscription within the home network, the method comprising: the UE generating a subscription concealed identifier (SUCI) which comprises an encrypted part and a clear-text part, wherein a) the encrypted part of the SUCI generated by the UE comprises the subscription identifier identifying the subscription within a home network, but the encrypted part of the SUCI generated by the UE does not include the home network identifier and b) the clear-text part of the SUCI generated by the UE comprises i) the home network identifier, ii) an encryption scheme identifier that identifies an encryption scheme used by the UE to encrypt the subscription identifier in the SUCI, and iii) a public key identifier for a public key of the home network, but the clear-text part of the SUCI generated by the UE does not comprise the subscription identifier; and the UE transmitting the SUCI to an authentication server for forwarding of the SUCI to a deconcealing server capable of decrypting the encrypted part.
11. 11. The method of claim 10, wherein the SUCI is transmitted in a request to register with a wireless communication network (30).
12. 12. The method of claim 10, wherein generating the SUCI comprises using a tamper résistant secure hardware component of the UE to generate the SUCI.
13. 13. The method of claim 10, wherein transmitting the SUCI to the authentication server comprises transmitting the SUCI to the authentication server in response to an identifier request message received from an Authentication and Mobility management Function, AMF, as part of a procedure for registering the UE with a wireless communication network.
14. 14. The method of claim 10, wherein the encryption scheme is an Elliptic Curve Integrated Encryption Scheme.
15. 15. A user equipment (UE) for concealing a subscription permanent identifier (SUPI), wherein the SUPI is a globally unique identifier allocated to a subscriber and the SUPI comprises a home network identifier identifying a home network of the subscriber and a subscription identifier identifying a subscription within the home network, the UE comprising: processing circuitry and memory circuitry, the memory circuitry containing instructions exécutable by the processing circuitry, wherein the UE is operative to: generate a subscription concealed identifier (SUCI) which comprises an encrypted part and a clear-text part, wherein a) the encrypted part of the SUCI generated by the UE comprises the subscription identifier identifying the subscription within a home network, but the encrypted part of the SUCI generated by the UE does not include the home network identifier and b) the clear-text part of the SUCI generated by the UE comprises i) the home network identifier, ii) an encryption scheme identifier that identifies an encryption scheme used by the UE to encrypt the subscription identifier in the SUCI, and iii) a public key identifier for a public key of the home network, but the clear-text part of the SUCI generated by the UE does not comprise the subscription identifier; and transmit the SUCI to an authentication server for forwarding of the SUCI to a de-concealing server capable of decrypting the SUPI.
16. 16. The UE of claim 10, wherein the SUPI comprises a Mobile Subscription Identification Number.
17. 17. The UE of daim 10, wherein the SUPI is a Network Access Identifier.

Description

SUBSCRIPTION CONCEALED IDENTIFIER TECHNICAL FIELD The invention relates to methods performed by an authentication server, a de-concealing server and a Useï Equipment (UE), respectively. Furthermore, UEs, de-concealing servers, authentication servers, a computer program and a memory circuitry are also disclosed. BACKGROUND It is important to maintain the confïdentiality of a user equipment's (UE's) long-term subscription identifier (e.g., an IMSI (International Mobile Subscriber Identity)). Early génération 3GPP Systems (e.g., 4G/LTE, 3G/UMTS, 2G/GSM) included a partial mechanism for long-term subscription identifier confïdentiality using one or more short-term subscription identifiers. GUTI (Globally Unique Temporary ID) and C-RNTI (Cell-Radio Network Temporary Identifier) are examples of short-term subscription identifiers in 4G/LTE Systems. However, the legacy partial mechanism may expose the long-term subscription identifier in clear text over the air interface. For example, socalled IMSI catchers could simply ask the long-term identifier from the UE, e.g., using identifier request/response messages. The 3rd Génération Partnership Project (3GPP) currently discusses how security, such as privacy, can be improved in communications networks. With respect to 5G, the 3GPP TS 33.501 V0.2.0 mentions a Subscription Permanent Identifier (SUPI) and it is there noted that the SUPI may be concealed, e.g. in the form of a pseudonym or a public-key encrypted SUPI. SUMMARY An obj ect of the invention is to facilitate security in communication between a UE and a communications network. A first aspect of the invention relates to a method performed by an authentication server in a home network of a UE for obtaining a SUPI. The method comprises: receiving a subscription concealed identifier, SUCI, which comprises an encrypted part in which at least a part of the SUPI is encrypted, and a clear-text part which comprises a home network identifier and an encryption scheme identifier that identifies an encryption scheme used by the UE to encrypt the SUPI in the SUCI, determining a de-concealing server to use to decrypt the encrypted part of the SUCI; sending the SUCI to the de-concealing server, and receiving the SUPI in response. The clear-text part of the SUCI may comprise a public key identifier for a public key of the home network. The de-concealing server may be one of a plurality of de-concealing servers, and the determining of the de-concealing server may be based on information received from the UE. In such a case, the information may be a public key identifier for a public key of the home network. The public key identifier may be comprised in the clear-text part of the SUCI. The information may be the encryption scheme identifier , and the determined de-concealing server is then supporting decryption according to the encryption scheme. The method may in an embodiment further comprise receiving the SUCI from the UE as part of a registration procedure for registering the UE with a wireless communication network. The method may in an embodiment further comprise receiving the SUCI from the UE via an authentication request from a Security Anchor Function. The authentication server may be one of the plurality of de-concealing servers. The method may further comprise sending the SUCI and a request for an authentication vector for authenticating the UE to the determined de-concealing server in the same message. The method may further comprise receiving the authentication vector and the SUPI from the determined de-concealing server in the same response. The SUPI may comprise a Mobile Subscription Identification Number, MSIN, a Mobile Country Code, MCC, and a Mobile Network Code, MNC. The MSIN may in such an embodiment be is encrypted in the encrypted part of the SUCI, and the MCC and the MNC are the home network identifier in the clear-text part of the SUCI. The SUPI may in an alternative embodiment be a Network Access Identifier. A second aspect of the invention relates to a method, performed by a de-concealing server, for providing a SUPI to an authentication server. The method comprises: receiving, from the authentication server, a SUCI which comprises an encrypted part in which at least a part of the SUPI is encrypted, and a clear-text part which comprises a home network identifier and an encryption scheme identifier that identifies an encryption scheme used by a UE to encrypt the SUPI in the SUCI and which is supported by the de-concealing server; decrypting the encrypted part of the SUCI using the encryption scheme indicated by the encryption scheme identifier to obtain the SUPI; and sending the SUPI to the authentication server. The clear-text part of the SUCI may also comprise a key identifier used for identifying a decryption key used for decrypting the SUPI. The key identifier may also be used for identifying the deconcealing server. A key corresponding to the key identifier may be a public key of a home network of th