Search

US-12621660-B2 - Key identification for mobile edge computing functions

US12621660B2US 12621660 B2US12621660 B2US 12621660B2US-12621660-B2

Abstract

Various aspects of the present disclosure relate to key identification for mobile edge computing functions. An apparatus includes at least one memory and at least one processor that is configured to generate a unique key set identifier (“KSI”) associated with a multi-access edge computing (“MEC”) service, derive a key for a network function based on a corresponding root key and the generated KSI, the KSI provided as input to a key derivation function (“KDF”), and transmit an application registration request message to the network function for establishing a secure connection to the network function using the key, the application registration request message comprising the KSI.

Inventors

  • Andreas Kunz
  • Sheeba Backia Mary BASKARAN

Assignees

  • LENOVO (SINGAPORE) PTE. LTD.

Dates

Publication Date
20260505
Application Date
20220208

Claims (20)

  1. 1 . A user equipment (“UE”) for wireless communication, comprising: at least one memory; and at least one processor coupled with the at least one memory and configured to cause the UE to: generate a unique key set identifier (“KSI”) associated with a multi-access edge computing (“MEC”) service; derive a key for a network function based on a corresponding root key and the unique KSI, the unique KSI provided as input to a key derivation function (“KDF”); and transmit an application registration request message to the network function for establishing a secure connection to the network function using the key, the application registration request message comprising the unique KSI.
  2. 2 . The UE of claim 1 , wherein the network function comprises an edge configuration server (“ECS”), an edge enabler server (“EES”), an edge application server (“EAS”), or a combination thereof.
  3. 3 . The UE of claim 2 , wherein the unique KSI is used to derive keys for each of the ECS, the EES, and EAS network functions using the KDF.
  4. 4 . The UE of claim 2 , wherein the at least one processor is configured to cause the UE to generate different unique KSIs to derive keys for each of the ECS, the EES, and EAS network functions using the KDF.
  5. 5 . The UE of claim 2 , wherein the corresponding root key is for one of an access and mobility management function (“AMF”), the ECS, and or the EES.
  6. 6 . The UE of claim 1 , wherein the unique KSI is valid for one or more of a duration of the MEC service, until an access and mobility management function (“AMF”) key is refreshed, until the AMF is changed, or a combination thereof.
  7. 7 . The UE of claim 1 , wherein the unique KSI is permanently assigned to the MEC service.
  8. 8 . The UE of claim 1 , wherein the unique KSI is a value of a counter that is adjusted with each new generated unique KSI.
  9. 9 . The UE of claim 1 , wherein the unique KSI is a randomly generated number based in part on a number of available MEC services.
  10. 10 . The UE of claim 1 , wherein the unique KSI is a static value that is pre-configured for the MEC service.
  11. 11 . The UE of claim 1 , wherein the unique KSI is a character string derived from one of a name or a description of the MEC service.
  12. 12 . A network equipment for wireless communication, comprising: at least one memory; and at least one processor coupled with the at least one memory and configured to cause the network equipment to: receive a key request message from a first network function via a second network function, the key request message comprising an application request message and a key set identifier (“KSI”) associated with a multi-access edge computing (“MEC”) service; derive a key for the first network function using an access and mobility management function (“AMF”) key and the KSI as inputs to a key derivation function (“KDF”); and transmit the key to the first network function, via the second network function.
  13. 13 . The network equipment of claim 12 , wherein the first network function comprises an edge configuration server (“ECS”) and the second network function comprises a network exposure function (“NEF”).
  14. 14 . A network equipment for wireless communication, comprising: at least one memory; and at least one processor coupled with the at least one memory and configured to cause the network equipment to: receive an application request message comprising a key set identifier (“KSI”) associated with a multi-access edge computing (“MEC”) service and a request for access to the MEC service; generate a key request message comprising the application request message and the KSI; transmit the key request message to a first network function; receive a key from the first network function in response to the request; and associate the key with the MEC service of the application request message using the KSI.
  15. 15 . The network equipment of claim 14 , wherein the network equipment comprises an edge configuration server (“ECS”), an edge enabler server (“EES”), an edge application server (“EAS”), or a combination thereof, and the first network function comprises a corresponding network exposure function (“NEF”), an ECS, an EES, or a combination thereof.
  16. 16 . A method performed by a user equipment (“UE”), comprising: generating a unique key set identifier (“KSI”) associated with a multi-access edge computing (“MEC”) service; and deriving a key for a network function based on a corresponding root key and the unique KSI, the unique KSI provided as input to a key derivation function (“KDF”); and transmitting an application registration request message to the network function for establishing a secure connection to the network function using the key, the application registration request message comprising the unique KSI.
  17. 17 . The method of claim 16 , wherein the network function comprises an edge configuration server (“ECS”), an edge enabler server (“EES”), an edge application server (“EAS”), or a combination thereof.
  18. 18 . The method of claim 17 , wherein the unique KSI is used to derive keys for each of the ECS, the EES, and EAS network functions using the KDF.
  19. 19 . The method of claim 17 , further comprising generating different unique KSIs to derive keys for each of the ECS, the EES, and EAS network functions using the KDF.
  20. 20 . The method of claim 17 , wherein the corresponding root key is for one of an access and mobility management function (“AMF”), the ECS, or the EES.

Description

CROSS-REFERENCES TO RELATED APPLICATIONS This application claims the benefit of U.S. Provisional Patent Application No. 63/147,148 entitled “APPARATUSES, METHODS, AND SYSTEMS FOR KEY IDENTIFICATION FOR UES WITH SEVERAL SERVICES TO THE SAME OR DIFFERENT MEC FUNCTIONS” and filed on Feb. 8, 2021, for Andreas Kunz, et al., which is incorporated herein by reference. FIELD The subject matter disclosed herein relates generally to wireless communications and more particularly relates to key identification for mobile edge computing functions. BACKGROUND A user equipment (“UE”) device may use different mobile edge computing (“MEC”) services with the same UE identities for the MEC platform. For example, a UE with the same Edge Enabler Client (“EEC”) identity or the same Generic Public Subscription Identifier (“GPSI”) may retrieve different services from the same or different MEC entities. Thus, there is no way in which to distinguish different keys for MEC entities. BRIEF SUMMARY Methods for key identification for mobile edge computing functions are disclosed. Apparatuses and systems also perform the functions of the methods. In one embodiment, a first apparatus includes a processor that generates a unique key set identifier (“KSI”) associated with a multi-access edge computing (“MEC”) service of a mobile wireless communication network and derives a key for a network function of the mobile wireless communication network based on a corresponding root key and the generated KSI, the KSI provided as input to a key derivation function (“KDF”). In one embodiment, the first apparatus includes a transceiver that transmits an application registration request message to the network function for establishing a secure connection to the network function using the key, the application registration request message comprising the KSI. In one embodiment, a first method includes generating a unique key set identifier (“KSI”) associated with a multi-access edge computing (“MEC”) service of a mobile wireless communication network and derives a key for a network function of the mobile wireless communication network based on a corresponding root key and the generated KSI, the KSI provided as input to a key derivation function (“KDF”). In one embodiment, the first method includes transmitting an application registration request message to the network function for establishing a secure connection to the network function using the key, the application registration request message comprising the KSI. In one embodiment, a second apparatus includes a transceiver that receives a key request message from a first network function via a second network function of a mobile wireless communication network, the key request message comprising an application request message and a key set identifier (“KSI”) associated with a multi-access edge computing (“MEC”) service of the mobile wireless communication network. In one embodiment, the second apparatus includes a processor that derives a key for the first network function using an AMF key and the KSI as inputs to a key derivation function (“KDF”). In one embodiment, the transceiver transmits the key to the first network function, via the second network function. In one embodiment, a second method includes receiving a key request message from a first network function via a second network function of a mobile wireless communication network, the key request message comprising an application request message and a key set identifier (“KSI”) associated with a multi-access edge computing (“MEC”) service of the mobile wireless communication network. In one embodiment, the second method includes deriving a key for the first network function using an AMF key and the KSI as inputs to a key derivation function (“KDF”). In one embodiment, the second method includes transmitting the key to the first network function, via the second network function. In one embodiment, a third apparatus includes a transceiver that receives, from a user equipment (“UE”) device, an application request message comprising a key set identifier (“KSI”) associated with a multi-access edge computing (“MEC”) service and a request for access to the MEC service. In one embodiment, the third apparatus includes a processor that generates a key request message comprising the application request message and the KSI. In one embodiment, the transceiver transmits the key request message to a first network function and receives a key from the first network function in response to the request. In one embodiment, the processor associates the received key to the MEC service of the application request message using the KSI. In one embodiment, a third method includes receiving, from a user equipment (“UE”) device, an application request message comprising a key set identifier (“KSI”) associated with a multi-access edge computing (“MEC”) service and a request for access to the MEC service. In one embodiment, the third method includes generating a key request mes