Search

US-20260129436-A1 - NETWORK-BASED AUTHENTICATION IN AN AMBIENT INTERNET OF THINGS ARCHITECTURE

US20260129436A1US 20260129436 A1US20260129436 A1US 20260129436A1US-20260129436-A1

Abstract

Various aspects of the present disclosure generally relate to wireless communication. In some aspects, an ambient Internet of Things (AIoT) device may perform an authentication and key agreement procedure with a network function to generate a root key. The AIoT device may receive, from an AIoT controller, a key confirmation message. The AIoT device may generate, using the key confirmation message and the root key, a protection key. The AIoT device may transmit, to the AIoT controller, a key confirmation acknowledgement using the protection key and in response to the key confirmation message. Numerous other aspects are described.

Inventors

  • Hongil KIM
  • Soo Bum Lee
  • Sebastian Speicher

Assignees

  • QUALCOMM INCORPORATED

Dates

Publication Date
20260507
Application Date
20251031

Claims (20)

  1. 1 . An ambient Internet of Things (AIoT) device, comprising: a processing system that includes one or more processors and one or more code-storing memories coupled with the one or more processors, the processing system configured to cause the AIoT device to: perform an authentication and key agreement (AKA) procedure with a network function to generate a root key; receive, from an AIoT controller, a key confirmation message; generate, using the key confirmation message and the root key, a protection key; and transmit, to the AIoT controller, a key confirmation acknowledgement using the protection key and in response to the key confirmation message.
  2. 2 . The AIoT device of claim 1 , wherein the AKA procedure comprises an extensible authentication protocol (EAP) AKAʹ procedure, and the network function comprises an authentication server function (AUSF).
  3. 3 . The AIoT device of claim 1 , wherein the root key is generated based on a master key that is generated as a result of the AKA procedure and using an identifier (ID) for the AIoT controller, a service ID, or combination thereof.
  4. 4 . The AIoT device of claim 1 , wherein the AKA procedure comprises a fifth generation (5G) AKA procedure, and the network function comprises an access and mobility management function (AMF).
  5. 5 . The AIoT device of claim 1 , wherein the processing system is configured to cause the AIoT device to: transmit, to the AIoT controller, an authentication request.
  6. 6 . The AIoT device of claim 5 , wherein the authentication request is transmitted in response to detecting that the AIoT device lacks security keys.
  7. 7 . The AIoT device of claim 1 , wherein the key confirmation message indicates a selected algorithm.
  8. 8 . The AIoT device of claim 7 , wherein the key confirmation message is integrity protected based on the protection key that is generated using the root key and the selected algorithm.
  9. 9 . The AIoT device of claim 1 , wherein the key confirmation acknowledgement is confidentiality and integrity protected based on the protection key.
  10. 10 . A method of wireless communication performed by an ambient Internet of Things (AIoT) device, comprising: performing an authentication and key agreement (AKA) procedure with a network function to generate a root key; receiving, from an AIoT controller, a key confirmation message; generating, using the key confirmation message and the root key, a protection key; and transmitting, to the AIoT controller, a key confirmation acknowledgement using the protection key and in response to the key confirmation message.
  11. 11 . The method of claim 10 , wherein the AKA procedure comprises an extensible authentication protocol (EAP) AKAʹ procedure, and the network function comprises an authentication server function (AUSF).
  12. 12 . The method of claim 10 , wherein the root key is generated based on a master key that is generated as a result of the AKA procedure and using an identifier (ID) for the AIoT controller, a service ID, or combination thereof.
  13. 13 . The method of claim 10 , wherein the AKA procedure comprises a fifth generation (5G) AKA procedure, and the network function comprises an access and mobility management function (AMF).
  14. 14 . The method of claim 10 , further comprising: transmitting, to the AIoT controller, an authentication request.
  15. 15 . The method of claim 14 , wherein the authentication request is transmitted in response to detecting that the AIoT device lacks security keys.
  16. 16 . The method of claim 10 , wherein the key confirmation message indicates a selected algorithm.
  17. 17 . The method of claim 16 , wherein the key confirmation message is integrity protected based on the protection key that is generated using the root key and the selected algorithm.
  18. 18 . The method of claim 10 , wherein the key confirmation acknowledgement is confidentiality and integrity protected based on the protection key.
  19. 19 . A non-transitory computer-readable medium storing a set of instructions for wireless communication, the set of instructions comprising: one or more instructions that, when executed by one or more processors of an ambient Internet of Thins (AIoT) device, cause the AIoT device to: perform an authentication and key agreement (AKA) procedure with a network function to generate a root key; receive, from an AIoT controller, a key confirmation message; generate, using the key confirmation message and the root key, a protection key; and transmit, to the AIoT controller, a key confirmation acknowledgement using the protection key and in response to the key confirmation message.
  20. 20 . The non-transitory computer-readable medium of claim 19 , wherein the AKA procedure comprises an extensible authentication protocol (EAP) AKAʹ procedure or a fifth generation (5G) AKA procedure.

Description

CROSS-REFERENCE TO RELATED APPLICATION This Patent Application claims priority to U.S. Provisional Patent Application No. 63/716,075, filed on November 4, 2024, entitled “NETWORK-BASED AUTHENTICATION IN AN AMBIENT INTERNET OF THINGS ARCHITECTURE,” and assigned to the assignee hereof. The disclosure of the prior Application is considered part of and is incorporated by reference into this Patent Application. FIELD OF THE DISCLOSURE Aspects of the present disclosure generally relate to wireless communication and specifically relate to techniques, apparatuses, and methods associated with network-based authentication in an ambient Internet of Things architecture. BACKGROUND Wireless communication systems are widely deployed to provide various services, which may involve carrying or supporting voice, text, other messaging, video, data, and/or other traffic. Typical wireless communication systems may employ multiple-access radio access technologies (RATs) capable of supporting communication among multiple wireless communication devices including user devices or other devices by sharing the available system resources (for example, time domain resources, frequency domain resources, spatial domain resources, and/or device transmit power, among other examples). Such multiple-access RATs are supported by technological advancements that have been adopted in various telecommunication standards, which define common protocols that enable different wireless communication devices to communicate on a local, municipal, national, regional, or global level. An example telecommunication standard is New Radio (NR). NR, which may also be referred to as 5G, is part of a continuous mobile broadband evolution promulgated by the Third Generation Partnership Project (3GPP). NR (and other RATs beyond NR) may be designed to better support enhanced mobile broadband (eMBB) access, Internet of things (IoT) networks or reduced capability device deployments, and ultra-reliable low latency communication (URLLC) applications. To support these verticals, NR systems may be designed to implement a modularized functional infrastructure, a disaggregated and service-based network architecture, network function virtualization, network slicing, multi-access edge computing, millimeter wave (mmWave) technologies including massive multiple-input multiple-output (MIMO), licensed and unlicensed spectrum access, non-terrestrial network (NTN) deployments, sidelink and other device-to-device direct communication technologies (for example, cellular vehicle-to-everything (CV2X) communication), multiple-subscriber implementations, high-precision positioning, and/or radio frequency (RF) sensing, among other examples. As the demand for connectivity continues to increase, further improvements in NR may be implemented, and other RATs, such as 6G and beyond, may be introduced to enable new applications and facilitate new use cases. SUMMARY Some aspects described herein relate to a method of wireless communication performed by an ambient Internet of Things (AIoT) device. The method may include performing an authentication and key agreement (AKA) procedure with a network function to generate a root key. The method may include receiving, from an AIoT controller, a key confirmation message. The method may include generating, using the key confirmation message and the root key, a protection key. The method may include transmitting, to the AIoT controller, a key confirmation acknowledgement using the protection key and in response to the key confirmation message. Some aspects described herein relate to a method of wireless communication performed by an AIoT controller. The method may include forwarding messages between an AIoT device and a network function to facilitate an AKA procedure. The method may include receiving, from the network function, a root key associated with the AIoT controller. The method may include transmitting, to the AIoT device, a key confirmation message. The method may include validating, from the AIoT device, a key confirmation acknowledgement using a protection key derived from the root key. Some aspects described herein relate to a method of wireless communication performed by a network function. The method may include receiving an authentication trigger request associated with an AIoT device. The method may include performing an AKA procedure with the AIoT device to generate a master key. The method may include generating, using the master key with an ID for an AIoT controller, a service ID, or a combination thereof, a root key associated with the AIoT controller. The method may include transmitting, to the AIoT controller, the root key. Some aspects described herein relate to an AIoT device. The AIoT device may include a processing system that includes one or more processors and one or more code-storing memories coupled with the one or more processors. The processing system may be configured to cause the AIoT device to perform an AKA procedure wi