Search

US-12627470-B2 - Encryption key management for NB-IoT devices

US12627470B2US 12627470 B2US12627470 B2US 12627470B2US-12627470-B2

Abstract

A method performed by one or more network node(s) of a wireless telecommunications network to dynamically manage encryption keys for multiple narrowband Internet of Things (NB-IoT) devices of the network. The network node(s) can maintain a database that stores a device profile for each of the NB-IoT devices and obtain multiple encryption keys for the multiple NB-IoT devices. The encryption keys are associated with different encryption strengths ranging from high to ultra-low encryption strengths. The network node(s) can allocate the encryption keys to the NB-IoT devices, detect a change in the condition of the network, capability or communications service of NB-IoT devices, and refresh the encryption keys accordingly to ensure that the network nodes properly balance encryption while providing efficient network performance.

Inventors

  • Venson Shaw

Assignees

  • T-MOBILE USA, INC.

Dates

Publication Date
20260512
Application Date
20230508

Claims (20)

  1. 1 . A method performed by one or more network nodes of a telecommunications network to dynamically manage encryption keys for multiple narrowband Internet of Things (NB-IoT) devices supported by the telecommunications network, the method comprising: obtaining two or more encryption keys for the multiple NB-IoT devices, wherein the two or more encryption keys are associated with different encryption strengths; allocating the two or more encryption keys to the multiple NB-IoT devices, wherein allocating the two or more encryption keys to the multiple NB-IoT devices comprises: selecting the two or more encryption keys from available encryption keys, wherein the available encryption keys include a limited number of encryption keys in each of the different key strengths, wherein any encryption keys of lower encryption strength are allocated before allocating any encryption keys of higher encryption strength, and allocating a first encryption key of the two or more encryption keys to a first NB-IoT device of the multiple NB-IoT devices, wherein the first encryption key of a first encryption strength is allocated for a first NB-IoT device based on a first capability or a first communications service of the first NB-IoT device; in response to detecting a change in a condition of the telecommunications network or a change in the first capability or the first communications service of the first NB-IoT device, refreshing the first NB-IoT device with a second encryption key of the two or more encryption keys, wherein the second encryption key has a second encryption strength different from the first encryption strength.
  2. 2 . The method of claim 1 , wherein obtaining the two or more encryption keys for the multiple NB-IoT devices comprise: generating each of the two or more encryption keys based in part on a current condition of the telecommunications network, wherein the current condition of the telecommunications network includes a quantity or type of the multiple NB-IoT devices supported by the telecommunications network.
  3. 3 . The method of claim 1 , wherein: a high encryption strength key is a 256-bit encryption key, a moderate encryption strength key is a 128-bit encryption key, a low encryption strength key is a 64-bit encryption key, and a ultra-low encryption strength key is an 8-bit encryption key.
  4. 4 . The method of claim 1 , wherein allocating the two or more encryption keys to the multiple NB-IoT devices comprises two or more of: a high encryption strength key is allocated for an NB-IoT device that supports a high risk communications service, a moderate encryption strength key is allocated for an NB-IoT device that supports a moderate risk communications service, a low encryption strength key is allocated for an NB-IoT device that supports a low risk communications service, and an ultra-low encryption strength key is allocated for an NB-IoT device that supports an ultra-low risk communications service.
  5. 5 . The method of claim 1 , wherein the capability includes a security profile of the first NB-IoT such that the first encryption key strength is proportional to the security profile.
  6. 6 . The method of claim 1 , wherein the first communications service includes one of an emergency communications service, a commercial communications service, or a noncommercial communications service, and wherein each NB-IoT device is categorized into one of multiple priority levels based on the communications service of the NB-IoT device.
  7. 7 . The method of claim 1 , wherein the changed condition includes an increased network load and the second encryption strength is lower than the first encryption strength.
  8. 8 . The method of claim 1 , wherein the changed condition includes a decreased network load and the second encryption strength is higher than the first encryption strength.
  9. 9 . The method of claim 1 , wherein refreshing the first NB-IoT device with the second encryption key comprises replacing the first encryption key with the second encryption key.
  10. 10 . The method of claim 1 , wherein refreshing the first NB-IoT device with the second encryption key comprises updating the first encryption key with the second encryption key.
  11. 11 . At least one non-transitory computer-readable storage medium storing instructions to be executed by at least one processor, wherein execution of the instructions cause one or more network nodes of a telecommunications network to: obtain two or more encryption keys for multiple narrowband Internet-of-Things (NB-IoT) devices, wherein the two or more encryption keys are associated with different encryption strengths; allocate the two or more encryption keys to the multiple NB-IoT devices, wherein allocating the two or more encryption keys to the multiple NB-IoT devices comprises: selecting the two or more encryption keys from available encryption keys, wherein the available encryption keys include a limited number of encryption keys in each of the different key strengths, wherein any encryption keys of lower encryption strength are allocated before allocating any encryption keys of higher encryption strength, and allocating a first encryption key of the two or more encryption keys to a first NB-IoT device of the multiple NB-IoT devices, wherein the first encryption key of a first encryption strength is allocated for a first NB-IoT device based on a first capability or a first communications service of the first NB-IoT device; and in response to detecting a change in a condition of the telecommunications network or a change in the first capability or the first communications service of the first NB-IoT device, refresh the first NB-IoT device with a second encryption key of the two or more encryption keys, wherein the second encryption key has a second encryption strength different from the first encryption strength.
  12. 12 . The computer-readable storage medium of claim 11 , wherein obtaining the two or more encryption keys for the multiple NB-IoT devices comprises: generating each of the two or more encryption keys based in part on a current condition of the telecommunications network, wherein the current condition of the telecommunications network includes a quantity or type of the multiple NB-IoT devices supported by the telecommunications network.
  13. 13 . The computer-readable storage medium of claim 11 , wherein: a high encryption strength key is a 256-bit encryption key, a moderate encryption strength key is a 128-bit encryption key, a low encryption strength key is a 64-bit encryption key, and a ultra-low encryption strength key is an 8-bit encryption key.
  14. 14 . The computer-readable storage medium of claim 11 , wherein allocating the two or more encryption keys to the multiple NB-IoT devices comprises two or more of: a high encryption strength key is allocated for an NB-IoT device that supports a high risk communications service, a moderate encryption strength key is allocated for an NB-IoT device that supports a moderate risk communications service, a low encryption strength key is allocated for an NB-IoT device that supports a low risk communications service, and an ultra-low encryption strength key is allocated for an NB-IoT device that supports an ultra-low risk communications service.
  15. 15 . The computer-readable storage medium of claim 11 , wherein the capability includes a security profile of the first NB-IoT such that the first encryption key strength is proportional to the security profile.
  16. 16 . The computer-readable storage medium of claim 11 , wherein the first communications service includes one of an emergency communications service, a commercial communications service, or a noncommercial communications service, and wherein each NB-IoT device is categorized into one of multiple priority levels based on the communications service of the NB-IoT device.
  17. 17 . The computer-readable storage medium of claim 11 , wherein the changed condition includes an increased network load and the second encryption strength is lower than the first encryption strength.
  18. 18 . The computer-readable storage medium of claim 11 , wherein the changed condition includes a decreased network load and the second encryption strength is higher than the first encryption strength.
  19. 19 . The computer-readable storage medium of claim 11 , wherein refreshing the first NB-IoT device with the second encryption key comprises replacing the first encryption key with the second encryption key.
  20. 20 . The computer-readable storage medium of claim 11 , wherein refreshing the first NB-IoT device with the second encryption key comprises updating the first encryption key with the second encryption key.

Description

CROSS-REFERENCE TO RELATED APPLICATIONS This application is a continuation of U.S. patent application Ser. No. 16/945,682, filed on Jul. 31, 2020, entitled ENCRYPTION KEY MANAGEMENT FOR NB-IOT DEVICES, which is hereby incorporated by reference in its entirety. BACKGROUND Fifth generation (5G) technology aims to operationalize different wireless technologies such as millimeter wave (mW) bands, along with LTE, WiFi, Bluetooth, and legacy cellular standards. 5G can support applications that have never been supported before in any wireless technology, including augmented and virtual reality (AR/VR), internet-of-things (IoT), device-to-device (D2D) communication, machine type communication (MTC), carrier aggregation (CA), dual connectivity (DC), relay nodes, autonomous cars, mission-critical applications, industry automation and control, etc. 5G will be readily used by billions of subscribers around the world that want access to voice-centric technology and rich multimedia applications, video streaming, rich Internet browsing, chatting and voice over legacy IP networks. In addition, 5G networks will need to support billions more Narrowband Internet of Things (NB-IoT) devices. NB-IoT technology is a low power, wide area network (LPWAN) radio technology standard developed by 3GPP to enable a wide range of devices and services. NB-IoT devices have low-complexity, low power consumption, low data rates, use limited bandwidth, extended coverage, and low hardware cost. Some NB-IoT devices have no mobility support. NB-IoT devices can independently operate in licensed or unused bands of a 5G network and/or by using specific resource blocks allocated by base stations for NB-IoT communications. NB-IoT technology has a core protocol stack and can perform operations that are defined by 3GPP specifications. Examples of NB-IoT applications include smart metering (e.g., electricity, gas, water metering) for commercial services, intruder and fire alarms for homes and other properties for emergency services, and personal applications for measuring health parameters, tracking people, animals, or objects for non-commercial services. Other examples include smart city infrastructures such as smart lamps and connected industrial applications such as welding machines or air compressors. BRIEF DESCRIPTION OF THE DRAWINGS Embodiments of the present technology will be described and explained through the use of the accompanying drawings. FIG. 1 is a block diagram that illustrates a wireless communications system. FIG. 2 is a block diagram that illustrates an architecture of network functions of a 5G network. FIG. 3 is a flowchart that illustrates a method performed by one or more network nodes to update a connectivity schedule for intermittent connectivity between narrowband Internet-of-Things (NB-IoT) devices and a wireless telecommunications network. FIG. 4 is a flowchart that illustrates a method performed by one or more network nodes to configure a virtual integrated universal integrated circuit card (UICC) that is integrated in an NB-IoT device of a wireless telecommunications network. FIG. 5 is a flowchart that illustrates a method performed by one or more network nodes to dynamically manage encryption keys of varying encryption strengths for NB-IoT devices of a wireless telecommunications network. FIG. 6 is a block diagram that illustrates an example of a computing system in which at least some operations described herein can be implemented. Various features of the technologies described herein will become more apparent to those skilled in the art from a study of the Detailed Description in conjunction with the drawings. Embodiments are illustrated by way of example and not limitation in the drawings, in which like references may indicate similar elements. While the drawings depict various embodiments for the purpose of illustration, those skilled in the art will recognize that alternative embodiments may be employed without departing from the principles of the technologies. Accordingly, while specific embodiments are shown in the drawings, the technology is amenable to various modifications. DETAILED DESCRIPTION The disclosed technologies relate to solving problems that arise from having numerous internet-of-things devices, such as narrowband internet-of-things (NB-IoT) devices, on telecommunications networks (e.g., 5G networks). The NB-IoT devices have diverse capabilities and are generally designed as low-cost, low-power consumption devices that connect to a 5G network (“network”) to report sensor data. An aspect of the technology includes a connectivity scheduler for NB-IoT devices. A unified data management (UDM) function of a 5G network manages a connectivity schedule, which can be implemented as access policies of a policy control function (PCF). The UDM stores a device profile for each NB-IoT, which includes capability and service information. The capability or service information can be obtained from a session management fu