Search

US-12627491-B2 - Key and counter management in wireless systems

US12627491B2US 12627491 B2US12627491 B2US 12627491B2US-12627491-B2

Abstract

Disclosed are wireless communications systems and techniques. For example, a wireless communication device (e.g., a user equipment (UE)) compares a first key identifier (generated from a key stored in a first storage unit, such as a universal subscriber identity module) to a second key identifier (stored in a second storage unit, such as non-volatile memory) to identify a mismatch between the key identifiers. Based on the mismatch, the device replaces, in the second storage unit, the second key identifier. In some examples, the device verifies integrity of a message using the key, replaces the second key identifier with the first key identifier, and updates a counter based on the message. In a second illustrative example, the device replaces the key with a replacement key, replaces the second key identifier with the third key identifier based on the replacement key, and resets a counter.

Inventors

  • Anand Palanigounder
  • Adrian Edward Escott

Assignees

  • QUALCOMM INCORPORATED

Dates

Publication Date
20260512
Application Date
20240722

Claims (20)

  1. 1 . An apparatus for wireless communications, comprising: at least one memory comprising instructions; and at least one processor coupled to the at least one memory and configured to: identify a change associated with a removable storage unit; set, in response to the change, a Key Set Identifier (KSI) to a predetermined value; and invalidate, in response to the change, a security context, wherein the security context is not the KSI.
  2. 2 . The apparatus of claim 1 , wherein the at least one processor is configured to: delete, in response to the change, a key.
  3. 3 . The apparatus of claim 2 , wherein the key is an Authentication Server Function (AUSF) key K AUSF .
  4. 4 . The apparatus of claim 2 , wherein the at least one processor is configured to: initiate an authentication procedure to cause a new instance of the key to be generated to replace the key.
  5. 5 . The apparatus of claim 1 , wherein the removable storage unit is a universal subscriber identity module (USIM) that corresponds to the security context, and wherein the change associated with the removable storage unit includes a removal of the USIM from the apparatus.
  6. 6 . The apparatus of claim 5 , wherein the at least one processor is configured to: delete, in response to the change, a key that corresponds to the USIM.
  7. 7 . The apparatus of claim 1 , wherein the removable storage unit is a first universal subscriber identity module (USIM) that corresponds to the security context, and wherein the change associated with the removable storage unit includes a change from the first USIM to a second USIM.
  8. 8 . The apparatus of claim 7 , wherein the at least one processor is configured to: delete, in response to the change, a key that corresponds to the first USIM.
  9. 9 . The apparatus of claim 1 , wherein the removable storage unit is a universal subscriber identity module (USIM) that corresponds to the security context, and wherein the change associated with the removable storage unit includes a key being stored on the USIM and a counter being not present on the USIM, wherein the counter is associated with at least one of Steering of Roaming (SoR) or User equipment Parameters Update (UPU).
  10. 10 . The apparatus of claim 9 , wherein the at least one processor is configured to: delete, in response to the change, a key that corresponds to the USIM.
  11. 11 . The apparatus of claim 1 , wherein the removable storage unit is a universal subscriber identity module (USIM) that corresponds to the security context and that stores a first instance of a key, and wherein the change associated with the removable storage unit includes the USIM storing a second instance of the key that is different from the first instance of the key.
  12. 12 . The apparatus of claim 11 , wherein the at least one processor is configured to: delete, in response to the change, the second instance of the key from the USIM.
  13. 13 . The apparatus of claim 11 , wherein the at least one processor is configured to: delete, in response to the change, the first instance of the key from a second storage unit.
  14. 14 . The apparatus of claim 1 , wherein the predetermined value is 111.
  15. 15 . The apparatus of claim 1 , wherein the predetermined value indicates that a key is invalid.
  16. 16 . The apparatus of claim 1 , wherein the at least one processor is configured to: initiate an authentication procedure to cause a new security context to be generated to replace the security context.
  17. 17 . The apparatus of claim 1 , wherein the at least one processor is configured to: initiate an authentication procedure based on the KSI being set to the predetermined value.
  18. 18 . The apparatus of claim 1 , wherein the KSI is a next-generation KSI (ngKSI) associated with a fifth-generation (5G) cellular network.
  19. 19 . The apparatus of claim 1 , wherein the security context includes at least one of Steering of Roaming (SoR) context or User equipment Parameters Update (UPU) context.
  20. 20 . The apparatus of claim 1 , wherein, to invalidate the security context, the at least one processor is configured to delete the security context.

Description

CROSS-REFERENCE TO RELATED APPLICATIONS This application claims the benefit of U.S. Provisional Application No. 63/517,794, filed Aug. 4, 2023, and titled “Key and Counter Management in Wireless Systems,” which is hereby incorporated by reference in its entirety and for all purposes. FIELD The present disclosure generally relates to wireless communications. For example, aspects of the present disclosure relate to systems and techniques for managing a key (e.g., key KAUSF associated with the Authentication Server Function (AUSF)), one or more key identifier(s) for the key, and/or one or more counters used to prevent replay attacks (e.g., counter CounterSoR associated with Steering of Roaming (SoR) and/or counter CounterUPU associated with User Equipment (UE) Parameters Update (UPU)). BACKGROUND Wireless communications systems are deployed to provide various telecommunications and data services, including telephony, video, data, messaging, and broadcasts. Broadband wireless communications systems have developed through various generations, including a first-generation analog wireless phone service (1G), a second-generation (2G) digital wireless phone service (including interim 2.5G networks), a third-generation (3G) high speed data, Internet-capable wireless device, and a fourth-generation (4G) service (e.g., Long-Term Evolution (LTE), WiMax). Examples of wireless communications systems include code division multiple access (CDMA) systems, time division multiple access (TDMA) systems, frequency division multiple access (FDMA) systems, orthogonal frequency division multiple access (OFDMA) systems, Global System for Mobile communication (GSM) systems, etc. Other wireless communications technologies include 802.11 Wi-Fi, Bluetooth, among others. A fifth-generation (5G) mobile standard calls for higher data transfer speeds, greater number of connections, and better coverage, among other improvements. The 5G standard (also referred to as “New Radio” or “NR”), according to Next Generation Mobile Networks Alliance, is designed to provide data rates of several tens of megabits per second to each of tens of thousands of users, with 1 gigabit per second to tens of workers on an office floor. Several hundreds of thousands of simultaneous connections should be supported in order to support large sensor deployments. SUMMARY The following presents a simplified summary relating to one or more aspects disclosed herein. Thus, the following summary should not be considered an extensive overview relating to all contemplated aspects, nor should the following summary be considered to identify key or critical elements relating to all contemplated aspects or to delineate the scope associated with any particular aspect. Accordingly, the following summary presents certain concepts relating to one or more aspects relating to the mechanisms disclosed herein in a simplified form to precede the detailed description presented below. Disclosed are systems, methods, apparatuses, and computer-readable media for performing wireless communications. In one illustrative example, an apparatus for wireless communications is provided that includes at least one memory and at least one processor (e.g., implemented in circuitry) coupled to the at least one memory. The at least one processor is configured to: compare a first key identifier to a second key identifier to identify a mismatch between the first key identifier and the second key identifier, wherein the first key identifier is generated from a key that is stored in a first storage unit of the apparatus, wherein the second key identifier is stored in a second storage unit of the apparatus; and replace, in the second storage unit of the apparatus, the second key identifier based on the mismatch. In another example, a method for wireless communications is provided. The method comprises: comparing a first key identifier to a second key identifier to identify a mismatch between the first key identifier and the second key identifier, wherein the first key identifier is generated from a key that is stored in a first storage unit of a user equipment (UE), wherein the second key identifier is stored in a second storage unit of the UE; and replacing, in the second storage unit of the UE, the second key identifier based on the mismatch. As another example, a non-transitory computer-readable medium is provided having stored thereon instructions that, when executed by at least one processor, cause the at least one processor to: compare a first key identifier to a second key identifier to identify a mismatch between the first key identifier and the second key identifier, wherein the first key identifier is generated from a key that is stored in a first storage unit of a user equipment (UE), wherein the second key identifier is stored in a second storage unit of the UE; and replace, in the second storage unit of the UE, the second key identifier based on the mismatch. In another example, an apparatus for wi