Search

US-12627498-B2 - Key and identifier for session establishment

US12627498B2US 12627498 B2US12627498 B2US 12627498B2US-12627498-B2

Abstract

Method comprising: monitoring whether a network receives an authorization request for establishing a session of an AF with a UE, wherein the authorization request comprises a permanent identifier of the AF, a received temporary identifier of the AF, and a temporary identifier of a UE; if the authorization request is received: forming a key identifier based on the temporary identifier of the UE; retrieving, based on the key identifier, a stored key and a first permanent identifier of the UE; calculating a calculated temporary identifier of the AF based on the permanent identifier of the AF and the stored key; checking whether the calculated temporary identifier of the AF is identical with the received temporary identifier of the AF; inhibiting authorizing the AF for the establishing the session with the UE if the calculated temporary identifier of the AF is not identical with the received temporary identifier of the AF.

Inventors

  • Markus STAUFER
  • Peter Schneider
  • Ranganathan Mavureddi Dhanasekaran
  • Saurabh KHARE

Assignees

  • NOKIA TECHNOLOGIES OY

Dates

Publication Date
20260512
Application Date
20230810
Priority Date
20220812

Claims (16)

  1. 1 . Apparatus comprising: one or more processors and memory storing instructions that, when executed by the one or more processors, cause the apparatus to perform: calculating a temporary identifier for an establishment request based on a permanent identifier of an application function and a first key agreed between a terminal and a network by: calculating a temporary identifier of the application function using a first cryptographic one-way function with the permanent identifier of the application function and the first key or a derived key as input parameters, wherein the derived key is derived from the first key, and combining the temporary identifier of the application function with a temporary identifier of the terminal to obtain the temporary identifier for the establishment request by interleaving portions of the temporary identifier of the application function and portions of the temporary identifier of the terminal to obtain the temporary identifier for the establishment request; and requesting the application function, by an establishment request, to establish a session with the terminal, wherein the establishment request comprises the temporary identifier for the establishment request.
  2. 2 . The apparatus according to claim 1 , wherein the instructions, when executed by the one or more processors, further cause the apparatus to perform calculating the temporary identifier of the terminal by a second cryptographic one-way function with a permanent identifier of the terminal and one of the first key and the derived key, as input parameters.
  3. 3 . The apparatus according to claim 2 , wherein the first cryptographic one-way function is the same as the second cryptographic one-way function.
  4. 4 . The apparatus according to claim 2 , wherein the instructions, when executed by the one or more processors, cause the apparatus to perform the combining by one of concatenating the temporary identifier of the application function and the temporary identifier of the terminal to obtain the temporary identifier for the establishment request; and interleaving portions of the temporary identifier of the application function and portions of the temporary identifier of the terminal to obtain the temporary identifier for the establishment request.
  5. 5 . The apparatus according to claim 3 , wherein the instructions, when executed by the one or more processors, cause the apparatus to perform the combining by one of concatenating the temporary identifier of the application function and the temporary identifier of the terminal to obtain the temporary identifier for the establishment request; and interleaving portions of the temporary identifier of the application function and portions of the temporary identifier of the terminal to obtain the temporary identifier for the establishment request.
  6. 6 . The apparatus according to claim 1 , wherein the instructions, when executed by the one or more processors, cause the apparatus to perform the calculating the temporary identifier for the establishment request by inputting the permanent identifier of the application function, the first key or a derived key, and a permanent identifier of the terminal into a third cryptographic one-way function to obtain the temporary identifier for the establishment request as an output from the third cryptographic one-way function, wherein the derived key is derived from the first key.
  7. 7 . Apparatus comprising: one or more processors and memory storing instructions that, when executed by the one or more processors, cause the apparatus to perform: monitoring whether a network receives an authorization request for establishing a session of an application function with a terminal, wherein the authorization request comprises a permanent identifier of the application function, a received temporary identifier of the application function, and a temporary identifier of a terminal; if the authorization request is received: forming a key identifier based on the temporary identifier of the terminal; retrieving, from a data repository, based on the key identifier, a stored key and a first permanent identifier of the terminal; calculating a calculated temporary identifier of the application function based on the permanent identifier of the application function and the stored key; checking whether the calculated temporary identifier of the application function is identical with the received temporary identifier of the application function; inhibiting authorizing the application function for the establishing the session with the terminal if the calculated temporary identifier of the application function is not identical with the received temporary identifier of the application function.
  8. 8 . The apparatus according to claim 7 , wherein the instructions, when executed by the one or more processors, cause the apparatus to perform the forming the key identifier based on the temporary identifier of the terminal and a first key agreed between the terminal by the network.
  9. 9 . The apparatus according to claim 7 , wherein the instructions, when executed by the one or more processors, further cause the apparatus to perform authorizing the application function for the establishing the session with the terminal by an authorization message to the application function if the calculated temporary identifier of the application function is identical with the received temporary identifier of the application function, wherein the authorization message comprises a second permanent identifier of the terminal and a key for the establishing the session.
  10. 10 . The apparatus according to claim 8 , wherein the instructions, when executed by the one or more processors, further cause the apparatus to perform authorizing the application function for the establishing the session with the terminal by an authorization message to the application function if the calculated temporary identifier of the application function is identical with the received temporary identifier of the application function, wherein the authorization message comprises a second permanent identifier of the terminal and a key for the establishing the session.
  11. 11 . The apparatus according to claim 5 , wherein the instructions, when executed by the one or more processors, further cause the apparatus to perform retrieving the second permanent identifier of the terminal from the data repository based on the first permanent identifier of the terminal.
  12. 12 . The apparatus according to claim 10 , wherein the instructions, when executed by the one or more processors, further cause the apparatus to perform calculating the key for the establishing the session based on the permanent identifier of the application function and the first key.
  13. 13 . Apparatus comprising: one or more processors and memory storing instructions that, when executed by the one or more processors, cause the apparatus to perform: calculating, for each of one or more application functions and for each of one or more terminals, a pre-calculated temporary identifier for an establishment request for establishing a session between the respective terminal and the respective application function by inputting a first permanent identifier of the respective terminal, a permanent identifier of the respective application function, and a first key agreed between the respective terminal and a network into a cryptographic one-way function to obtain the pre-calculated temporary identifier for the establishment request for the establishing the session between the respective terminal and the respective application function as an output from the cryptographic one-way function; storing, for the permanent identifier of each of the one or more application functions, in a data repository, the pre-calculated temporary identifier for the establishment request for the establishing the session between the respective terminal and the respective application function along with a second permanent identifier of the respective terminal; monitoring whether the network receives an authorization request for authorizing one of the one or more application functions for establishing the session with the one of the one or more application functions, wherein the authorization request comprises a received temporary identifier for the establishment request and the permanent identifier of the one of the one or more application functions; if the network receives the authorization request: checking whether, for the permanent identifier of the one of the one or more application functions, one of the one or more stored pre-calculated temporary identifiers for the establishment request is identical with the received temporary identifier for the establishment request; inhibiting the authorizing the application function for the establishing the session with the one of the one or more application functions if, for the permanent identifier of the one of the one or more application functions, each of the one or more stored pre-calculated temporary identifiers for the establishment request is not identical with the received temporary identifier for the establishment request.
  14. 14 . The apparatus according to claim 13 wherein the instructions, when executed by the one or more processors, further cause the apparatus to perform, if, for the permanent identifier of the one of the one or more application functions, one of the one or more pre-calculated temporary identifiers for the establishment request is identical with the received temporary identifier for the establishment request: retrieving the second permanent identifier of a first terminal of the one or more terminals stored along with the respective pre-calculated temporary identifier for the establishment request being identical with the received temporary identifier for the establishment request; authorizing the one of the one or more application functions for the establishing the session between the first terminal and the one of the one or more application functions by an authorization message to the one of the one or more application functions, wherein the authorization message comprises a third permanent identifier of the first terminal and a key for the establishing the session between the first terminal and the respective application function.
  15. 15 . The apparatus according to claim 13 , wherein the instructions, when executed by the one or more processors, further cause the apparatus to perform calculating the key for the establishing the session between the first terminal and the respective application function based on the permanent identifier of the respective application function and the first key of the first terminal.
  16. 16 . The apparatus according to claim 15 , wherein the instructions, when executed by the one or more processors, further cause the apparatus to perform storing the key for the establishing the session between the first terminal and the respective application function along with the pre-calculated temporary identifier for the establishment request between the first terminal and the respective application function in the data repository; retrieving the key for the establishing the session stored for the one of the one or more application functions along with the one of the pre-calculated temporary identifiers for the establishment request if, for the one of the one or more application functions, the one of the pre-calculated temporary identifiers for the establishment request stored along with the second permanent identifier of the first terminal is identical with the received temporary identifier for the establishment request.

Description

FIELD OF THE INVENTION The present disclosure relates to Authentication and Key Management for Applications. Abbreviations 3GPP 3rd Generation Partnership Project5G/6G/7G 5th/6th/7th Generation5GS 5G SystemAAnF AKMA Anchor functionAF Application FunctionA-KID AKMA Key IdentifierA-KID-PRIV AKMA Key Identifier with PrivacyAKMA Authentication and Key Management for ApplicationsA-TAI AKMA Temporary AF identifierA-TID AKMA Temporary UE identifierA-TID-PRIV AKMA Temporary UE Identifier with PrivacyAUSF Authentication Server FunctionFQDN Fully Qualified Domain NameGPSI Global Public Subscriber IdentifierHN Home NetworkHNI Home Network IdentifierID IdentifierKDF Key Derivation FunctionNEF Network Exposure FunctionRID Routing IndicatorSUPI Subscription Permanent IdentifierTS Technical SpecificationUE User Equipment BACKGROUND In 3GPP TS 33.535, 3GPP has defined the AKMA mechanism, which allows to establish a UE and an Application Function (called AF) sharing a shared secret key (called KAF) which can be used for session establishment. The AKMA process defined in 3GPP TS 33.535 is illustrated in FIG. 1. As shown in FIG. 1, the actions are as follows: 1. UE and 5G system execute primary authentication and establish the key hierarchy, which includes the key KAUSF.2. After primary authentication (preferably: directly after primary authentication) 5G system (typically AUSF of the 5G system) executes AKMA Key Derivation and uses KAUSF to calculate KAKMA, and A-KID. A-KID is an identifier in format username@realm. Username includes RID (routing indicator) and A-TID (AKMA temporary UE ID), realm includes the HN identifier HNI. By A-TID, the UE and its AKMA key are identified within the HN. According to 3GPP TS 33.535, A-KID shall be globally unique. A-KID shall be usable as a key identifier in protocols used in the reference point Ua*. AKMA AF shall be able to identify the AAnF serving the UE from the A-KID.A-TID is calculated using a cryptographic one-way function (called KDF) with the UE's SUPI and KAUSF as input parameters as summarized in FIG. 2. The results, KAKMA and A-KID and the corresponding SUPI are stored in a database using A-KID as a key identifier. Depending on the implementation, also A-TID might be used as a key identifier instead of A-KID. 3. The UE initiates the AKMA procedure and uses KAUSF to calculate KAKMA and A-KID using the same algorithms as the 5G system. In addition the UE calculates KAF using KAKMA and AF_ID as input. The AF_ID is a concatenation of the FQDN of the AF and Ua* security protocol identifier. 4. The UE sends a Session Establishment Request to the AF, which contains the A-KID. Since the A-KID does not contain the identity of the UE in plain text, the privacy of the UE is protected.The request may also contain an indicator indicating that A-KID identifier identifies an AKMA key, for instance “3GPP-AKMA”. 5. The AF sends a AKMA AFKey Request via the Network Exposure Function (if the AF is external to the network and non-trusted) to AUSF (directly to AUSF if the AF is trusted or belongs to the 5G system) of the 5G system. The request contains the A-KID and the AF_ID.6. If the AF is external to the network and non-trusted, the NEF authorizes the request, i.e., the 5G system checks that the AF is allowed to make requests for the provided AF_ID.7. The 5G system (AAnF) uses A-KID (or depending on implementation A-TID) as a search key and fetches the KAKMA computed in step 2 and the SUPI from the database. The 5G system calculates KAF using KAKMA and AF_ID as input. 8. The 5G system returns the KAF together with the GPSI to the AF. The 5G system returns the Generic Public Subscriber Identifier because the SUPI is intended for usage only within the 5G system, and here, we assume an external AF (an internal AF would get the SUPI). 9. At this point of time, the AF knows the identity of the UE, and the UE and AF have a shared secret, i.e., KAF. Thus, AF and UE can continue with the Session Establishment. The AAnF is the anchor function in the HPLMN. The AAnF stores the AKMA Anchor Key (KAKMA) and SUPI for AKMA service, which is received from the AUSF after the UE completes a successful 5G primary authentication. The AAnF also generates the key material to be used between the UE and the Application Function (AF) and maintains UE AKMA contexts. The AAnF sends SUPI of the UE to AF located inside the operators network according to the AF request or sends GPSI to NEF if the AF is located outside the operator's network, unless the access request is anonymous. SUMMARY It is an object of the present invention to improve the prior art. According to a first aspect of the invention, there is provided an apparatus comprising: one or more processors and memory storing instructions that, when executed by the one or more processors, cause the apparatus to perform:calculating a temporary identifier for an establishment request based