WO2023082222A1 - Methods and systems for authentication in wireless networks - Google Patents

Methods and systems for authentication in wireless networks Download PDF

Info

Publication number
WO2023082222A1
WO2023082222A1 PCT/CN2021/130512 CN2021130512W WO2023082222A1 WO 2023082222 A1 WO2023082222 A1 WO 2023082222A1 CN 2021130512 W CN2021130512 W CN 2021130512W WO 2023082222 A1 WO2023082222 A1 WO 2023082222A1
Authority
WO
WIPO (PCT)
Prior art keywords
authentication
network
ausf
user device
udm
Prior art date
Application number
PCT/CN2021/130512
Other languages
French (fr)
Inventor
Jin Peng
Shilin You
Yuze LIU
Zhen XING
Zhaoji Lin
Original Assignee
Zte Corporation
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zte Corporation filed Critical Zte Corporation
Priority to PCT/CN2021/130512 priority Critical patent/WO2023082222A1/en
Publication of WO2023082222A1 publication Critical patent/WO2023082222A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0841Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
    • H04L9/0844Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols with user authentication or key authentication, e.g. ElGamal, MTI, MQV-Menezes-Qu-Vanstone protocol or Diffie-Hellman protocols using implicitly-certified keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless

Definitions

  • This patent document is directed generally to wireless communications.
  • Wireless communication technologies are moving the world toward an increasingly connected and networked society.
  • the rapid growth of wireless communications and advances in technology has led to greater demand for capacity and connectivity.
  • Other aspects, such as energy consumption, device cost, spectral efficiency, and latency are also important to meeting the needs of various communication scenarios.
  • next generation systems and wireless communication techniques need to provide support for an increased number of users and devices, as well as support an increasingly mobile society.
  • This patent document describes, among other things, techniques, and apparatuses for authentication in wireless networks.
  • the disclosed technology can be implemented in some embodiments to provide security methods for authentication and refreshing shared keys in UE and Home Network.
  • a method of wireless communication includes initiating, by a first network, an authentication procedure for a user device to establish or refresh shared keys between the user device and the first network, and verifying, by the first network, an identity of the user device based on a message generated by the user device.
  • another method for wireless communications includes receiving, by a user device, an authentication request that includes authentication information generated by a first network that initiates an authentication procedure for the user device to establish or refresh shared keys between the user device and the first network; performing, by the user device, a computation on the authentication information; and transmitting, by the user device, an authentication response to the first network based on the computation.
  • a wireless communication apparatus comprising a processor configured to implement a method described herein is disclosed.
  • computer readable medium including executable instructions to implement a method described herein is disclosed.
  • FIG. 1 shows an example of a base station (BS) and user equipment (UE) in wireless communication.
  • BS base station
  • UE user equipment
  • FIG. 2 is a block diagram representation of a portion of an apparatus that can be used to implement methods and/or techniques of the presently disclosed technology.
  • FIG. 3 shows an example of the initiation of an authentication procedure and selection of authentication method.
  • FIG. 4 shows an example of an authentication procedure for a transformed Extensible Authentication Protocol Authentication and Key Agreement (EAP-AKA') .
  • EAP-AKA' Extensible Authentication Protocol Authentication and Key Agreement
  • FIG. 5 shows an example of an authentication procedure for 5G Authentication and Key Agreement (5G AKA) .
  • FIG. 6 shows an example of an authentication procedure implemented based on some embodiments of the disclosed technology.
  • FIG. 7 shows another example of an authentication procedure implemented based on some embodiments of the disclosed technology.
  • FIG. 8 shows another example of an authentication procedure implemented based on some embodiments of the disclosed technology.
  • FIG. 9 shows an example of a wireless communication method based on some embodiments of the disclosed technology.
  • FIG. 10 shows another example of a wireless communication method based on some embodiments of the disclosed technology.
  • FIG. 1 shows an example of a wireless communication system (e.g., a long term evolution (LTE) , 5G or NR cellular network) that includes a BS 120 and one or more user equipment (UE) 111, 112 and 113.
  • the uplink transmissions (131, 132, 133) can include uplink control information (UCI) , higher layer signaling (e.g., UE assistance information or UE capability) , or uplink information.
  • the downlink transmissions (141, 142, 143) can include DCI or high layer signaling or downlink information.
  • the UE may be, for example, a smartphone, a tablet, a mobile computer, a machine to machine (M2M) device, a terminal, a mobile device, an Internet of Things (IoT) device, and so on.
  • M2M machine to machine
  • IoT Internet of Things
  • FIG. 2 is a block diagram representation of a portion of an apparatus that can be used to implement methods and/or techniques of the presently disclosed technology.
  • an apparatus 205 such as a network device or a base station or a wireless device (or UE) , can include processor electronics 210 such as a microprocessor that implements one or more of the techniques presented in this document.
  • the apparatus 205 can include transceiver electronics 215 to send and/or receive wireless signals over one or more communication interfaces such as antenna (s) 220.
  • the apparatus 205 can include other communication interfaces for transmitting and receiving data.
  • Apparatus 205 can include one or more memories (not explicitly shown) configured to store information such as data and/or instructions.
  • the processor electronics 210 can include at least a portion of the transceiver electronics 215. In some embodiments, at least some of the disclosed techniques, modules or functions are implemented using the apparatus 205.
  • the disclosed technology can be implemented in some embodiments to provide a security method of authentication and refreshing shared keys in UE and Home Network.
  • the security method implemented based on some embodiments of the disclosed technology can refresh K AUSF in UE and AUSF without involving network functions in the serving network.
  • the primary authentication produces a key K AUSF which is shared between UE and the home network.
  • UE and home network may further derive more shared keys from the K AUSF such as K AKMA and K AF in the AKMA service. These shared keys are used to secure communications of home network services between UE and the home network.
  • the disclosed technology can be implemented in some embodiments to refresh the shared keys in UE and the home network, thereby ensuring sustainable security.
  • the home network is not able to initiate the primary authentication, and only the SEAF in the serving network is able to initiate the primary authentication.
  • the 3GPP discussion paper proposes a network driven method, in which the AUSF requests the AMF to initiate primary authentication for the UE to generate a new K AUSF .
  • This discussion paper also proposes a UE driven method, in which the UE shall sends a NAS message with ngKSI set to 111 to initiate the primary authentication and generate a new K AUSF .
  • both methods initiate the primary authentication, which involves the serving network. In cases the operator policy of the serving network does not allow a home network triggered or UE triggered primary authentication, these methods does not work.
  • FIG. 3 shows an example of the initiation of an authentication procedure and selection of authentication method.
  • SEAF Security Anchor Functionality
  • the SEAF 320 may initiate an authentication with UE 310 during a procedure establishing a signaling connection with the UE 310, according to the policy of the SEAF 320.
  • the UE 310 may use Subscription Concealed Identifier (SUCI) or 5G-Globally Unique Temporary UE Identity (5G-GUTI) in the Registration Request.
  • SUCI Subscription Concealed Identifier
  • 5G-GUTI 5G-Globally Unique Temporary UE Identity
  • the SEAF 320 may invoke Nausf_UEAuthentication service by sending a Nausf_UEAuthentication_Authenticate Request message to an Authentication Server Function (AUSF) 330 when the SEAF 320 wishes to initiate an authentication.
  • AUSF Authentication Server Function
  • Nausf_UEAuthentication_Authenticate Request message may include SUCI or Subscription Permanent Identifier (SUPI) and information associated with the serving network name.
  • SUPI Subscription Permanent Identifier
  • the AUSF 330 may check that the requesting SEAF in the serving network is entitled to use the serving network name in the Nausf_UEAuthentication_Authenticate Request by comparing the serving network name with the expected serving network name.
  • Unified Data Management (UDM) 340 may invoke Subscription Identifier De-concealing Function (SIDF) if an SUCI is received.
  • SIDF Subscription Identifier De-concealing Function
  • the SIDF may de-conceal SUCI to gain SUPI before UDM can process the request.
  • the UDM/Authentication credential Repository and Processing Function (ARPF) 340 may choose the authentication method.
  • FIG. 4 shows an example of an authentication procedure for a transformed Extensible Authentication Protocol Authentication and Key Agreement (EAP-AKA') .
  • EAP-AKA' Extensible Authentication Protocol Authentication and Key Agreement
  • the K SEAF needs to be derived by AUSF 430 and UE, and SEAF 420 in the serving network may store the K SEAF . These operations are not needed if K AUSF is refreshed.
  • UDM/ARPF 440 may generate an authentication vector (AV) and transmit Nudm_UEAuthentication_Get Response message to the AUSF 430.
  • the AUSF 430 transmits EAP-Request/AKA'-Challenge message to the SEAF 420 in an ausf_UEAuthentication_Authenticate Response message, and the SEAF 420 transmits EAP-Request/AKA'-Challenge message and ngKSI and ABBA to the UE 410.
  • the UE 410 Upon receipt of the EAP-Request/AKA'-Challenge message and ngKSI and ABBA, the UE 410 calculates an authentication response.
  • the UE 410 shall send the EAP-Response/AKA'-Challenge message to the SEAF in an Auth-Resp message.
  • the SEAF 420 transmits the EAP-Response/AKA'-Challenge message to the AUSF 430 in Nausf_UEAuthentication_Authenticate Request message.
  • the AUSF 430 may verify the message.
  • FIG. 5 shows an example of an authentication procedure for 5G Authentication and Key Agreement (5G AKA) .
  • AUSF 530 generates 5G Authentication Vector (5G AV) from 5G Home Environment Authentication Vector (5G HE AV) .
  • SEAF 520 in the serving network may challenge UE 510 and store K SEAF , and the UE 510 needs to derive K SEAF . These operations are not needed if K AUSF is refreshed .
  • UDM/ARPF 540 generates an authentication vector (AV) and transmits, to AUSF 530, 5G HE AV together with an indication that the 5G HE AV in a Nudm_UEAuthentication_Get Response.
  • the AUSF 530 stores XRES*and calculate HXRES*, and transmits, to SEAF 520, 5G SE AV (e.g., RAND, AUTN, HXRES*) .
  • SEAF 520 transmits Authentication Request to UE 510, and upon receipt of the Authentication Request, the UE 510 calculates Authentication Response (e.g., RES*) and compares to HXRES*and then transmits the Authentication Response to the SEAF 520.
  • Authentication Response e.g., RES*
  • the SEAF 520 sends the RES*in a Nausf_UEAuthentication_Authenticate Request message to the AUSF 530.
  • the AUSF 530 receives as authentication confirmation the Nausf_UEAuthentication_Authenticate Request message including a RES*it may verify whether the AV has expired.
  • the disclosed technology can be implemented in some embodiments to perform an authentication and refresh shared keys in UE and the home network without involving the serving network.
  • FIG. 6 shows an example of an authentication procedure implemented based on some embodiments of the disclosed technology.
  • AUSF in the home network initiates the procedure of authentication and refreshing K AUSF in the UE and the AUSF based on EAP-AKA’.
  • the AUSF 630 sends, to the UDM 640, an Nudm_UEAuthentication_Get Request including the UE identity (e.g., SUPI) .
  • the UE identity e.g., SUPI
  • the UDM upon receipt of the Nudm_UEAuthentication_Get Request, the UDM generates an authentication vector (AV) .
  • the UDM/ARPF 640 computes a transformed cipher key (CK’) and a transformed integrity key (IK’) and replace cipher key (CK) and integrity key (IK) with CK' and IK'.
  • the UDM 640 subsequently sends this transformed authentication vector AV' (RAND, AUTN, XRES, CK', IK') to the AUSF 630 from which it received the Nudm_UEAuthentication_Get Request together with an indication that the AV' is to be used for EAP-AKA' using a Nudm_UEAuthentication_Get Response message.
  • AV' RAND, AUTN, XRES, CK', IK'
  • the AUSF 630 sends the EAP-Request/HN-AKA'-Challenge message to the SEAF in a Namf_UEAuthentication_Authenticate Request message.
  • the SEAF 620 transparently forwards the EAP-Request/HN-AKA'-Challenge message to the UE 610 in a NAS message Authentication Request message.
  • the Mobile Equipment (ME) forwards Random Challenge (RAND) and Authentication Token (AUTN) received in EAP-Request/HN-AKA'-Challenge message to the USIM.
  • RAND Random Challenge
  • AUTN Authentication Token
  • the USIM verifies the freshness of the AV' by checking whether AUTN can be accepted. If so, the USIM computes a response RES. The USIM may return RES, CK, IK to the ME. If the USIM computes a Kc (e.g., GPRS Kc) from CK and IK using conversion function c3, and sends it to the ME, then the ME ignores such GPRS Kc and does not store the GPRS Kc on USIM or in ME. The ME derives CK' and IK'.
  • Kc e.g., GPRS Kc
  • the UE 610 sends the EAP-Response/HN-AKA'-Challenge message to the SEAF 620 in a NAS message Auth-Resp message.
  • the SEAF 620 transparently forwards the EAP-Response/HN-AKA'-Challenge message to the AUSF630 in Namf_UEAuthentication_Authenticate Response message.
  • the AUSF 630 verifies the message by comparing the XRES and RES, and if the AUSF 630 has successfully verified this message, it continues as follows, otherwise it returns an error message to the SEAF 620.
  • the AUSF 630 informs UDM 640 of the authentication result.
  • the AUSF 630 and the UE 610 may exchange EAP-Request/HN-AKA'-Notification and EAP-Response/HN-AKA'-Notification messages via the SEAF 620.
  • the SEAF 620 may transparently forward these messages.
  • the AUSF 630 derives Extended Master Session Key (EMSK) from CK’ and IK’.
  • EMSK Extended Master Session Key
  • the AUSF uses the most significant 256 bits of EMSK as the K AUSF .
  • the AUSF shall send an Extensible Authentication Protocol (EAP) Success message in Namf_UEAuthentication_Authenticate Request to the SEAF 620, which transparently forwards it to the UE 610.
  • EAP Extensible Authentication Protocol
  • the SEAF 620 sends the EAP Success message to the UE 610 in the N1 message.
  • the UE 610 Upon receiving the EAP-Success message, the UE 610 derives EMSK from CK’ and IK’.
  • the ME uses the most significant 256 bits of the EMSK as the KAUSF.
  • FIG. 7 shows another example of an authentication procedure implemented based on some embodiments of the disclosed technology.
  • the AUSF in the home network initiates the procedure of authentication and refreshing K AUSF in the UE and the AUSF based on 5G Authentication and Key Agreement (AKA) .
  • AKA 5G Authentication and Key Agreement
  • the AUSF sends an Nudm_UEAuthentication_Get Request to the UDM, including the UE identity (e.g., SUPI) .
  • the UE identity e.g., SUPI
  • the UDM/ARPF 740 creates a 5G HE AV.
  • the UDM/ARPF 740 derives K AUSF and calculate XRES*.
  • the UDM/ARPF also creates a 5G HE AV from RAND, AUTN, XRES*, and K AUSF .
  • the UDM 740 returns, to the AUSF 730, the 5G HE AV together with an indication that the 5G HE AV is to be used for 5G AKA, in a Nudm_UEAuthentication_Get Response.
  • the AUSF 730 temporarily stores the XRES*together with the SUPI.
  • the AUSF 730 returns, to the SEAF 720, RAND and AUTN in a Namf_UEAuthentication_Authenticate Request.
  • the SEAF 720 sends RAND, AUTN to the UE 710 in a NAS message HN Authentication Request.
  • the ME forwards the RAND and AUTN received in NAS message HN Authentication Request to the USIM.
  • the USIM verifies the freshness of the received values by checking whether Authentication Token (AUTN) can be accepted as described in TS 33.102. If so, the USIM computes a response RES. The USIM returns RES, CK, IK to the ME. The ME calculates K AUSF from CK
  • AUTN Authentication Token
  • the UE 710 shall return RES*to the SEAF 720 in a NAS message HN Authentication Response.
  • the SEAF 720 sends RES*, as received from the UE, in a Namf_UEAuthentication_Authenticate Response message to the AUSF 730.
  • the AUSF may verify whether the 5G AV has expired. If the 5G AV has expired, the AUSF may consider the authentication as unsuccessful from the home network point of view. Upon successful authentication, the AUSF stores the K AUSF . The AUSF 730 compares the received RES*with the stored XRES*. If the RES*matches XRES*, the AUSF considers the authentication as successful from the home network point of view. The AUSF 730 informs the UDM 740 of the authentication result.
  • FIG. 8 shows another example of an authentication procedure implemented based on some embodiments of the disclosed technology.
  • the UDM in the home network initiates the procedure of authentication and establishing or refreshing K AUSF in the UE and the AUSF.
  • the UDM 840 when it decides to establish or refresh the K AUSF , it generates an authentication vector (AV) .
  • the UDM/ARPF 840 computes CK' and IK' and replaces CK and IK with CK' and IK'.
  • the UDM 840 selects an AUSF if there is no AUSF related to this registration.
  • the UDM 840 sends, to the AUSF 830, the AMF ID along with the AV’.
  • the UDM 840 subsequently sends, to the AUSF 830, this transformed authentication vector AV' (RAND, AUTN, XRES, CK', IK') together with an indication that the AV' is to be used for EAP-AKA' using a Nausf_UEAuthentication Request message.
  • the AUSF 830 sends the EAP-Request/HN-AKA'-Challenge message to the SEAF 820 identified by the AMF ID received in a Namf_UEAuthentication_Authenticate Request message.
  • the SEAF 820 transparently forwards the EAP-Request/HN-AKA'-Challenge message to the UE 810 in a NAS message Authentication Request message.
  • the ME forwards the RAND and AUTN received in EAP-Request/HN-AKA'-Challenge message to the USIM.
  • the USIM verifies the freshness of the AV' by checking whether AUTN can be accepted. If so, the USIM computes a response RES. The USIM shall return RES, CK, IK to the ME. If the USIM computes a Kc (e.g., GPRS Kc) from CK and IK using conversion function c3 as described in TS 33.102 and sends it to the ME, then the ME ignores such GPRS Kc and does not store the GPRS Kc on USIM or in ME. The ME derives CK' and IK'.
  • Kc e.g., GPRS Kc
  • the UE 810 send the EAP-Response/HN-AKA'-Challenge message to the SEAF 820 in a NAS message Auth-Resp message.
  • the SEAF 820 transparently forwards the EAP-Response/HN-AKA'-Challenge message to the AUSF 830 in Namf_UEAuthentication_Authenticate Response message.
  • the AUSF 830 verifies the message by comparing the XRES and RES, and if the AUSF 830 has successfully verified this message, it continues as follows, otherwise it returns an error message to the SEAF 820.
  • the AUSF 80 informs the UDM 840 of the authentication result.
  • the AUSF 830 and the UE 810 may exchange EAP-Request/HN-AKA'-Notification and EAP-Response /HN-AKA'-Notification messages via the SEAF 820.
  • the SEAF 820 transparently forwards these messages.
  • the AUSF 830 derives EMSK from CK’ and IK’.
  • the AUSF 830 uses the most significant 256 bits of EMSK as the K AUSF .
  • the AUSF 830 sends an EAP Success message in Namf_UEAuthentication_Authenticate Request to the SEAF 820, which transparently forwards it to the UE 810.
  • the SEAF 820 sends the EAP Success message to the UE 810 in the N1 message.
  • the UE 810 Upon receiving the EAP-Success message, the UE 810 derives EMSK from CK’ and IK’.
  • the ME uses the most significant 256 bits of the EMSK as the K AUSF .
  • the AUSF 830 sends, to the UDM 840, a success indication in Nausf_UEAuthentication Response message.
  • the disclosed technology can be implemented in some embodiments to provide security methods for authentication and refreshing shared keys in UE and Home Network.
  • the AUSF initiates the primary authentication by sending an Nudm_UEAuthentication_Get Request to the UDM, and by sending, to the SEAF, the EAP-Request/HN-AKA'-Challenge message in a Namf_UEAuthentication_Authenticate Request message.
  • the SEAF transparently forwards messages between the AUSF and the UE.
  • K SEAF is not derived either in the AUSF or the UE.
  • 5G AKA based authentication is re-used with tailoring off process on the SEAF.
  • the UDM initiates the authentication procedure.
  • FIG. 9 shows an example of a wireless communication method based on some embodiments of the disclosed technology.
  • a wireless communication method 900 includes, at 910, initiating, by a first network, an authentication procedure for a user device to establish or refresh shared keys between the user device and the first network, and at 920, verifying, by the first network, an identity of the user device based on a message generated by the user device.
  • the authentication procedure is initiated for the user device to access a second network, establish or refresh shared keys between the user device and the first network, or access the second network and establish or refresh the shared keys between the user device and the first network.
  • the verifying of the identity of the user device is performed based on the message generated by the user device and forwarded by the second network during the authentication procedure.
  • the first network is a home network
  • the second network is a serving network.
  • FIG. 10 shows another example of a wireless communication method based on some embodiments of the disclosed technology.
  • a wireless communication method 1000 includes, at 1010, receiving, by a user device, an authentication request that includes authentication information generated by a first network that initiates an authentication procedure for the user device to establish or refresh shared keys between the user device and the first network, at 1020, performing, by the user device, a computation on the authentication information, and at 1030, transmitting, by the user device, an authentication response to the first network based on the computation.
  • the first network is a home network
  • the second network is a serving network
  • a wireless device or wireless communication device may be user equipment (UE) , mobile station, or any other wireless terminal including fixed nodes such as base stations.
  • a network device includes a base station including a next generation Node B (gNB) , enhanced Node B (eNB) , or any other device that performs as a base station, or a core network device that can perform the network functions discussed in this patent document.
  • gNB next generation Node B
  • eNB enhanced Node B
  • the base station and/or core network perform the various functions including UDM, PCF, Network Exposure Function (NEF) , DDNMF (e.g., 5GDDNMF) , Unified Data Repository (UDR) , AMF (Access and Mobility Management Function) , Session Management Function (SMF) , User Plane Function (UPF) .
  • NEF Network Exposure Function
  • DDNMF e.g., 5GDDNMF
  • UDR Unified Data Repository
  • AMF Access and Mobility Management Function
  • SMF Session Management Function
  • UPF User Plane Function
  • a method of wireless communication comprising: initiating, by a first network, an authentication procedure for a user device to establish or refresh shared keys between the user device and the first network; and verifying, by the first network, an identity of the user device based on a message generated by the user device.
  • the first network is a home network.
  • Clause 2 The method of clause 1, wherein the initiating of the authentication procedure includes transmitting a first authentication request message from an authentication server function (AUSF) of the first network to a unified data management (UDM) of the first network.
  • AUSF authentication server function
  • UDM unified data management
  • Clause 3 The method of clause 2, wherein the first authentication request message includes an identity of the user device.
  • Clause 5 The method of clause 1, wherein the initiating of the authentication procedure includes generating authentication information by a UDM of the first network in response to a request from the AUSF.
  • Clause 6 The method of clause 1, wherein the initiating of the authentication procedure includes generating authentication information by a UDM of the first network regardless of a request from the AUSF.
  • Clause 7 The method of clause 1, wherein the initiating of the authentication procedure includes receiving, at the AUSF, authentication information from the UDM.
  • Clause 8 The method of clause 7, wherein the authentication information includes a transformed authentication vector that is generated by transforming keys in an authentication vector (AV) .
  • AV authentication vector
  • the authentication information includes a home environment authentication vector (HE AV) that is generated by deriving an intermediate key stored in the AUSF of the first network and transforming an expected response (XRES) .
  • HE AV home environment authentication vector
  • Clause 13 The method of clause 1, wherein the initiating of the authentication procedure includes transmitting a second authentication request message from an authentication server function (AUSF) in the first network to a security anchor functionality (SEAF) of a second network.
  • AUSF authentication server function
  • SEAF security anchor functionality
  • Clause 14 The method of clause 13, wherein the second authentication request message includes a first authentication information, and wherein the first authentication information is forwarded to the user device by the SEAF of the second network.
  • Clause 15 The method of clause 13, wherein the second authentication request message includes a first authentication information, and wherein the SEAF of the second network transmits, to the user device, a second authentication information generated by adjusting the first authentication information.
  • Clause 16 The method of any of clauses 13-15, wherein the first network and the user device exchange messages associated with the authentication procedure through the SEAF of the second network.
  • Clause 17 The method of clause 16, wherein the AUSF of the first network verifies the messages from the user device to perform the authentication procedure.
  • Clause 18 The method of clause 17, further comprising notifying, by the first network, the second network of a result of the authentication procedure with respect to the user device.
  • Clause 19 The method of any of clauses 1-17, further comprising transmitting, by the AUSF of the first network, to the UDM of the first network, an indication of a successful authentication with respect to the user device.
  • Clause 20 The method of any of clauses 1-17, further comprising generating an intermediate key of the AUSF on the use device and the first network upon a successful authentication with respect to the user device.
  • a method of wireless communication comprising: receiving, by a user device, an authentication request that includes authentication information generated by a first network that initiates an authentication procedure for the user device to establish or refresh shared keys between the user device and the first network; performing, by the user device, a computation on the authentication information; and transmitting, by the user device, an authentication response to the first network based on the computation.
  • the first network is a home network.
  • Clause 22 The method of clause 21, wherein the authentication information is forwarded by a second network to the user device.
  • Clause 24 The method of clause 21, wherein the first network initiates the authentication procedure by transmitting an authentication request message from an AUSF of the first network to a UDM of the first network.
  • Clause 25 The method of clause 21, wherein the first network initiates the authentication procedure by generating authentication information by a UDM of the first network in response to a request from the AUSF.
  • Clause 26 The method of clause 21, wherein the first network initiates the authentication procedure by generating authentication information by a UDM of the first network regardless of a request from the AUSF.
  • Clause 27 The method of any of clauses 25-26, wherein the authentication information includes a transformed authentication vector that is generated by transforming keys in an authentication vector (AV) .
  • AV authentication vector
  • Clause 28 The method of clause 27, wherein the authentication procedure is performed based on an extensible authentication protocol (EAP) authentication and key agreement (AKA) .
  • EAP extensible authentication protocol
  • AKA authentication and key agreement
  • Clause 29 The method of any of clauses 25-26, wherein the authentication information includes a home environment authentication vector (HE AV) that is generated by deriving an intermediate key stored in the AUSF of the first network and transforming an expected response (XRES) .
  • HE AV home environment authentication vector
  • Clause 30 The method of clause 29, wherein the AUSF of the first network stores the transformed XRES.
  • Clause 31 The method of clause 29, wherein the authentication procedure is performed based on 5G authentication and key agreement (AKA) .
  • AKA 5G authentication and key agreement
  • Clause 32 The method of any of clauses 2-31, wherein the first network is a home network and the second network is a serving network.
  • Clause 33 An apparatus for wireless communication, comprising a processor, wherein the processor is configured to implement a method recited in any of clauses 1 to 32.
  • Clause 34 A computer readable program storage medium having code stored thereon, the code, when executed by a processor, causing the processor to implement a method recited in any of clauses 1 to 32.
  • the disclosed and other embodiments, modules and the functional operations described in this document can be implemented in digital electronic circuitry, or in computer software, firmware, or hardware, including the structures disclosed in this document and their structural equivalents, or in combinations of one or more of them.
  • the disclosed and other embodiments can be implemented as one or more computer program products, i.e., one or more modules of computer program instructions encoded on a computer readable medium for execution by, or to control the operation of, data processing apparatus.
  • the computer readable medium can be a machine-readable storage device, a machine-readable storage substrate, a memory device, a composition of matter effecting a machine-readable propagated signal, or a combination of one or more them.
  • data processing apparatus encompasses all apparatus, devices, and machines for processing data, including by way of example a programmable processor, a computer, or multiple processors or computers.
  • the apparatus can include, in addition to hardware, code that creates an execution environment for the computer program in question, e.g., code that constitutes processor firmware, a protocol stack, a database management system, an operating system, or a combination of one or more of them.
  • a propagated signal is an artificially generated signal, e.g., a machine-generated electrical, optical, or electromagnetic signal, that is generated to encode information for transmission to suitable receiver apparatus.
  • a computer program (also known as a program, software, software application, script, or code) can be written in any form of programming language, including compiled or interpreted languages, and it can be deployed in any form, including as a stand-alone program or as a module, component, subroutine, or other unit suitable for use in a computing environment.
  • a computer program does not necessarily correspond to a file in a file system.
  • a program can be stored in a portion of a file that holds other programs or data (e.g., one or more scripts stored in a markup language document) , in a single file dedicated to the program in question, or in multiple coordinated files (e.g., files that store one or more modules, sub programs, or portions of code) .
  • a computer program can be deployed to be executed on one computer or on multiple computers that are located at one site or distributed across multiple sites and interconnected by a communication network.
  • the processes and logic flows described in this document can be performed by one or more programmable processors executing one or more computer programs to perform functions by operating on input data and generating output.
  • the processes and logic flows can also be performed by, and apparatus can also be implemented as, special purpose logic circuitry, e.g., an FPGA (field programmable gate array) or an ASIC (application specific integrated circuit) .
  • processors suitable for the execution of a computer program include, by way of example, both general and special purpose microprocessors, and any one or more processors of any kind of digital computer.
  • a processor will receive instructions and data from a read only memory or a random-access memory or both.
  • the essential elements of a computer are a processor for performing instructions and one or more memory devices for storing instructions and data.
  • a computer will also include, or be operatively coupled to receive data from or transfer data to, or both, one or more mass storage devices for storing data, e.g., magnetic, magneto optical disks, or optical disks.
  • mass storage devices for storing data, e.g., magnetic, magneto optical disks, or optical disks.
  • a computer need not have such devices.
  • Computer readable media suitable for storing computer program instructions and data include all forms of non-volatile memory, media and memory devices, including by way of example semiconductor memory devices, e.g., EPROM, EEPROM, and flash memory devices; magnetic disks, e.g., internal hard disks or removable disks; magneto optical disks; and CD ROM and DVD-ROM disks.
  • semiconductor memory devices e.g., EPROM, EEPROM, and flash memory devices
  • magnetic disks e.g., internal hard disks or removable disks
  • magneto optical disks e.g., CD ROM and DVD-ROM disks.
  • the processor and the memory can be supplemented by, or incorporated in, special purpose logic circuitry.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

This patent document describes, among other things, techniques, and apparatuses for authentication in wireless networks. In one aspect, a method of wireless communication is disclosed. The method includes initiating, by a first network, an authentication procedure for a user device to establish or refresh shared keys between the user device and the first network; and verifying, by the first network, an identity of the user device based on a message generated by the user device.

Description

METHODS AND SYSTEMS FOR AUTHENTICATION IN WIRELESS NETWORKS TECHNICAL FIELD
This patent document is directed generally to wireless communications.
BACKGROUND
Wireless communication technologies are moving the world toward an increasingly connected and networked society. The rapid growth of wireless communications and advances in technology has led to greater demand for capacity and connectivity. Other aspects, such as energy consumption, device cost, spectral efficiency, and latency are also important to meeting the needs of various communication scenarios. In comparison with the existing wireless networks, next generation systems and wireless communication techniques need to provide support for an increased number of users and devices, as well as support an increasingly mobile society.
SUMMARY
This patent document describes, among other things, techniques, and apparatuses for authentication in wireless networks. The disclosed technology can be implemented in some embodiments to provide security methods for authentication and refreshing shared keys in UE and Home Network.
In one aspect, a method of wireless communication is disclosed. The method includes initiating, by a first network, an authentication procedure for a user device to establish or refresh shared keys between the user device and the first network, and verifying, by the first network, an identity of the user device based on a message generated by the user device.
In another aspect, another method for wireless communications is disclosed. The method includes receiving, by a user device, an authentication request that includes authentication information generated by a first network that initiates an authentication procedure for the user device to establish or refresh shared keys between the user device and the first network; performing, by the user device, a computation on the authentication information; and transmitting, by the user device, an authentication response to the first network based on the computation.
In another aspect, a wireless communication apparatus comprising a processor configured to implement a method described herein is disclosed.
In another aspect, computer readable medium including executable instructions to implement a method described herein is disclosed.
These, and other, aspects are described in the present document.
BRIEF DESCRIPTION OF DRAWINGS
FIG. 1 shows an example of a base station (BS) and user equipment (UE) in wireless communication.
FIG. 2 is a block diagram representation of a portion of an apparatus that can be used to implement methods and/or techniques of the presently disclosed technology.
FIG. 3 shows an example of the initiation of an authentication procedure and selection of authentication method.
FIG. 4 shows an example of an authentication procedure for a transformed Extensible Authentication Protocol Authentication and Key Agreement (EAP-AKA') .
FIG. 5 shows an example of an authentication procedure for 5G Authentication and Key Agreement (5G AKA) .
FIG. 6 shows an example of an authentication procedure implemented based on some embodiments of the disclosed technology.
FIG. 7 shows another example of an authentication procedure implemented based on some embodiments of the disclosed technology.
FIG. 8 shows another example of an authentication procedure implemented based on some embodiments of the disclosed technology.
FIG. 9 shows an example of a wireless communication method based on some embodiments of the disclosed technology.
FIG. 10 shows another example of a wireless communication method based on some embodiments of the disclosed technology.
DETAILED DESCRIPTION
Section headings are used in the present document only for ease of understanding and do not limit scope of the embodiments to the section in which they are described. Furthermore,  while embodiments are described with reference to 5G examples, the disclosed techniques may be applied to wireless systems that use protocols other than 5G or 3GPP protocols.
FIG. 1 shows an example of a wireless communication system (e.g., a long term evolution (LTE) , 5G or NR cellular network) that includes a BS 120 and one or more user equipment (UE) 111, 112 and 113. In some embodiments, the uplink transmissions (131, 132, 133) can include uplink control information (UCI) , higher layer signaling (e.g., UE assistance information or UE capability) , or uplink information. In some embodiments, the downlink transmissions (141, 142, 143) can include DCI or high layer signaling or downlink information. The UE may be, for example, a smartphone, a tablet, a mobile computer, a machine to machine (M2M) device, a terminal, a mobile device, an Internet of Things (IoT) device, and so on.
FIG. 2 is a block diagram representation of a portion of an apparatus that can be used to implement methods and/or techniques of the presently disclosed technology.
In some implementations, an apparatus 205 such as a network device or a base station or a wireless device (or UE) , can include processor electronics 210 such as a microprocessor that implements one or more of the techniques presented in this document. The apparatus 205 can include transceiver electronics 215 to send and/or receive wireless signals over one or more communication interfaces such as antenna (s) 220. The apparatus 205 can include other communication interfaces for transmitting and receiving data. Apparatus 205 can include one or more memories (not explicitly shown) configured to store information such as data and/or instructions. In some implementations, the processor electronics 210 can include at least a portion of the transceiver electronics 215. In some embodiments, at least some of the disclosed techniques, modules or functions are implemented using the apparatus 205.
The disclosed technology can be implemented in some embodiments to provide a security method of authentication and refreshing shared keys in UE and Home Network. The security method implemented based on some embodiments of the disclosed technology can refresh K AUSF in UE and AUSF without involving network functions in the serving network.
The primary authentication produces a key K AUSF which is shared between UE and the home network. UE and home network may further derive more shared keys from the K AUSF such as K AKMA and K AF in the AKMA service. These shared keys are used to secure communications of home network services between UE and the home network. The disclosed technology can be implemented in some embodiments to refresh the shared keys in UE and the home network,  thereby ensuring sustainable security.
In the 3GPP TS 33.501, the home network is not able to initiate the primary authentication, and only the SEAF in the serving network is able to initiate the primary authentication.
The 3GPP discussion paper (S3-212901) proposes a network driven method, in which the AUSF requests the AMF to initiate primary authentication for the UE to generate a new K AUSF. This discussion paper also proposes a UE driven method, in which the UE shall sends a NAS message with ngKSI set to 111 to initiate the primary authentication and generate a new K AUSF. However, both methods initiate the primary authentication, which involves the serving network. In cases the operator policy of the serving network does not allow a home network triggered or UE triggered primary authentication, these methods does not work.
FIG. 3 shows an example of the initiation of an authentication procedure and selection of authentication method.
In this architecture, only Security Anchor Functionality (SEAF) in the serving network is able to initiates the primary authentication. While the home network is not able to initiate the primary authentication.
Referring to FIG. 3, the SEAF 320 may initiate an authentication with UE 310 during a procedure establishing a signaling connection with the UE 310, according to the policy of the SEAF 320. The UE 310 may use Subscription Concealed Identifier (SUCI) or 5G-Globally Unique Temporary UE Identity (5G-GUTI) in the Registration Request.
The SEAF 320 may invoke Nausf_UEAuthentication service by sending a Nausf_UEAuthentication_Authenticate Request message to an Authentication Server Function (AUSF) 330 when the SEAF 320 wishes to initiate an authentication.
Nausf_UEAuthentication_Authenticate Request message may include SUCI or Subscription Permanent Identifier (SUPI) and information associated with the serving network name.
Upon receiving Nausf_UEAuthentication_Authenticate Request message, the AUSF 330 may check that the requesting SEAF in the serving network is entitled to use the serving network name in the Nausf_UEAuthentication_Authenticate Request by comparing the serving network name with the expected serving network name.
Upon receiving Nudm_UEAuthentication_Get Request, Unified Data Management  (UDM) 340 may invoke Subscription Identifier De-concealing Function (SIDF) if an SUCI is received. The SIDF may de-conceal SUCI to gain SUPI before UDM can process the request. Based on SUPI, the UDM/Authentication credential Repository and Processing Function (ARPF) 340 may choose the authentication method.
FIG. 4 shows an example of an authentication procedure for a transformed Extensible Authentication Protocol Authentication and Key Agreement (EAP-AKA') .
In this procedure, the K SEAF needs to be derived by AUSF 430 and UE, and SEAF 420 in the serving network may store the K SEAF. These operations are not needed if K AUSF is refreshed.
Referring to FIG. 4, UDM/ARPF 440 may generate an authentication vector (AV) and transmit Nudm_UEAuthentication_Get Response message to the AUSF 430. The AUSF 430 transmits EAP-Request/AKA'-Challenge message to the SEAF 420 in an ausf_UEAuthentication_Authenticate Response message, and the SEAF 420 transmits EAP-Request/AKA'-Challenge message and ngKSI and ABBA to the UE 410. Upon receipt of the EAP-Request/AKA'-Challenge message and ngKSI and ABBA, the UE 410 calculates an authentication response. The UE 410 shall send the EAP-Response/AKA'-Challenge message to the SEAF in an Auth-Resp message. The SEAF 420 transmits the EAP-Response/AKA'-Challenge message to the AUSF 430 in Nausf_UEAuthentication_Authenticate Request message. The AUSF 430 may verify the message.
FIG. 5 shows an example of an authentication procedure for 5G Authentication and Key Agreement (5G AKA) .
In this procedure, AUSF 530 generates 5G Authentication Vector (5G AV) from 5G Home Environment Authentication Vector (5G HE AV) . SEAF 520 in the serving network may challenge UE 510 and store K SEAF, and the UE 510 needs to derive K SEAF. These operations are not needed if K AUSF is refreshed .
UDM/ARPF 540 generates an authentication vector (AV) and transmits, to  AUSF  530, 5G HE AV together with an indication that the 5G HE AV in a Nudm_UEAuthentication_Get Response. The AUSF 530 stores XRES*and calculate HXRES*, and transmits, to  SEAF  520, 5G SE AV (e.g., RAND, AUTN, HXRES*) . The SEAF 520 transmits Authentication Request to UE 510, and upon receipt of the Authentication Request, the UE 510 calculates Authentication Response (e.g., RES*) and compares to HXRES*and then transmits the Authentication Response to the SEAF 520. The SEAF 520 sends the RES*in a  Nausf_UEAuthentication_Authenticate Request message to the AUSF 530. When the AUSF 530 receives as authentication confirmation the Nausf_UEAuthentication_Authenticate Request message including a RES*it may verify whether the AV has expired.
The disclosed technology can be implemented in some embodiments to perform an authentication and refresh shared keys in UE and the home network without involving the serving network.
Embodiment 1
FIG. 6 shows an example of an authentication procedure implemented based on some embodiments of the disclosed technology.
In some embodiments of the disclosed technology, AUSF in the home network initiates the procedure of authentication and refreshing K AUSF in the UE and the AUSF based on EAP-AKA’.
At 601, the AUSF 630 sends, to the UDM 640, an Nudm_UEAuthentication_Get Request including the UE identity (e.g., SUPI) .
At 602, upon receipt of the Nudm_UEAuthentication_Get Request, the UDM generates an authentication vector (AV) . The UDM/ARPF 640 computes a transformed cipher key (CK’) and a transformed integrity key (IK’) and replace cipher key (CK) and integrity key (IK) with CK' and IK'.
At 603, the UDM 640 subsequently sends this transformed authentication vector AV' (RAND, AUTN, XRES, CK', IK') to the AUSF 630 from which it received the Nudm_UEAuthentication_Get Request together with an indication that the AV' is to be used for EAP-AKA' using a Nudm_UEAuthentication_Get Response message.
At 604, the AUSF 630 sends the EAP-Request/HN-AKA'-Challenge message to the SEAF in a Namf_UEAuthentication_Authenticate Request message.
At 605, the SEAF 620 transparently forwards the EAP-Request/HN-AKA'-Challenge message to the UE 610 in a NAS message Authentication Request message. The Mobile Equipment (ME) forwards Random Challenge (RAND) and Authentication Token (AUTN) received in EAP-Request/HN-AKA'-Challenge message to the USIM.
At 606, upon receipt of the RAND and AUTN, the USIM verifies the freshness of the AV' by checking whether AUTN can be accepted. If so, the USIM computes a response RES. The USIM may return RES, CK, IK to the ME. If the USIM computes a Kc (e.g., GPRS Kc)  from CK and IK using conversion function c3, and sends it to the ME, then the ME ignores such GPRS Kc and does not store the GPRS Kc on USIM or in ME. The ME derives CK' and IK'.
At 607, the UE 610 sends the EAP-Response/HN-AKA'-Challenge message to the SEAF 620 in a NAS message Auth-Resp message.
At 608, the SEAF 620 transparently forwards the EAP-Response/HN-AKA'-Challenge message to the AUSF630 in Namf_UEAuthentication_Authenticate Response message.
At 609, the AUSF 630 verifies the message by comparing the XRES and RES, and if the AUSF 630 has successfully verified this message, it continues as follows, otherwise it returns an error message to the SEAF 620. The AUSF 630 informs UDM 640 of the authentication result.
At 610, the AUSF 630 and the UE 610 may exchange EAP-Request/HN-AKA'-Notification and EAP-Response/HN-AKA'-Notification messages via the SEAF 620. The SEAF 620 may transparently forward these messages.
At 611, the AUSF 630 derives Extended Master Session Key (EMSK) from CK’ and IK’. The AUSF uses the most significant 256 bits of EMSK as the K AUSF. The AUSF shall send an Extensible Authentication Protocol (EAP) Success message in Namf_UEAuthentication_Authenticate Request to the SEAF 620, which transparently forwards it to the UE 610.
At 612, the SEAF 620 sends the EAP Success message to the UE 610 in the N1 message. Upon receiving the EAP-Success message, the UE 610 derives EMSK from CK’ and IK’. The ME uses the most significant 256 bits of the EMSK as the KAUSF.
Embodiment 2
FIG. 7 shows another example of an authentication procedure implemented based on some embodiments of the disclosed technology.
In some embodiments of the disclosed technology, the AUSF in the home network initiates the procedure of authentication and refreshing K AUSF in the UE and the AUSF based on 5G Authentication and Key Agreement (AKA) .
At 701, the AUSF sends an Nudm_UEAuthentication_Get Request to the UDM, including the UE identity (e.g., SUPI) .
At 702, for each Nudm_Authenticate_Get Request, the UDM/ARPF 740 creates a 5G HE AV. The UDM/ARPF 740 derives K AUSF and calculate XRES*. The UDM/ARPF also creates a 5G HE AV from RAND, AUTN, XRES*, and K AUSF.
At 703, the UDM 740 returns, to the AUSF 730, the 5G HE AV together with an indication that the 5G HE AV is to be used for 5G AKA, in a Nudm_UEAuthentication_Get Response.
At 704, the AUSF 730 temporarily stores the XRES*together with the SUPI.
At 705, the AUSF 730 returns, to the SEAF 720, RAND and AUTN in a Namf_UEAuthentication_Authenticate Request.
At 706, the SEAF 720 sends RAND, AUTN to the UE 710 in a NAS message HN Authentication Request. The ME forwards the RAND and AUTN received in NAS message HN Authentication Request to the USIM.
At 707, upon receipt of the RAND and AUTN, the USIM verifies the freshness of the received values by checking whether Authentication Token (AUTN) can be accepted as described in TS 33.102. If so, the USIM computes a response RES. The USIM returns RES, CK, IK to the ME. The ME calculates K AUSF from CK||IK.
At 708, the UE 710 shall return RES*to the SEAF 720 in a NAS message HN Authentication Response.
At 709, the SEAF 720 sends RES*, as received from the UE, in a Namf_UEAuthentication_Authenticate Response message to the AUSF 730.
At 710, when the AUSF receives, as an authentication confirmation, the Namf_UEAuthentication_Authenticate Response message including a RES*, it may verify whether the 5G AV has expired. If the 5G AV has expired, the AUSF may consider the authentication as unsuccessful from the home network point of view. Upon successful authentication, the AUSF stores the K AUSF. The AUSF 730 compares the received RES*with the stored XRES*. If the RES*matches XRES*, the AUSF considers the authentication as successful from the home network point of view. The AUSF 730 informs the UDM 740 of the authentication result.
Embodiment 3
FIG. 8 shows another example of an authentication procedure implemented based on some embodiments of the disclosed technology.
In some embodiments of the disclosed technology, the UDM in the home network initiates the procedure of authentication and establishing or refreshing K AUSF in the UE and the AUSF.
At 801, when the UDM 840 decides to establish or refresh the K AUSF, it generates an authentication vector (AV) . The UDM/ARPF 840 computes CK' and IK' and replaces CK and IK with CK' and IK'. The UDM 840 selects an AUSF if there is no AUSF related to this registration.
At 802, if the AUSF 830 is not related to this registration, the UDM 840 sends, to the AUSF 830, the AMF ID along with the AV’. The UDM 840 subsequently sends, to the AUSF 830, this transformed authentication vector AV' (RAND, AUTN, XRES, CK', IK') together with an indication that the AV' is to be used for EAP-AKA' using a Nausf_UEAuthentication Request message.
At 803, the AUSF 830 sends the EAP-Request/HN-AKA'-Challenge message to the SEAF 820 identified by the AMF ID received in a Namf_UEAuthentication_Authenticate Request message.
At 804, the SEAF 820 transparently forwards the EAP-Request/HN-AKA'-Challenge message to the UE 810 in a NAS message Authentication Request message. The ME forwards the RAND and AUTN received in EAP-Request/HN-AKA'-Challenge message to the USIM.
At 805, upon receipt of the RAND and AUTN, the USIM verifies the freshness of the AV' by checking whether AUTN can be accepted. If so, the USIM computes a response RES. The USIM shall return RES, CK, IK to the ME. If the USIM computes a Kc (e.g., GPRS Kc) from CK and IK using conversion function c3 as described in TS 33.102 and sends it to the ME, then the ME ignores such GPRS Kc and does not store the GPRS Kc on USIM or in ME. The ME derives CK' and IK'.
At 806, the UE 810 send the EAP-Response/HN-AKA'-Challenge message to the SEAF 820 in a NAS message Auth-Resp message.
At 807, the SEAF 820 transparently forwards the EAP-Response/HN-AKA'-Challenge message to the AUSF 830 in Namf_UEAuthentication_Authenticate Response message.
At 808, the AUSF 830 verifies the message by comparing the XRES and RES, and if the AUSF 830 has successfully verified this message, it continues as follows, otherwise it returns an error message to the SEAF 820. The AUSF 80 informs the UDM 840 of the authentication result.
At 809, the AUSF 830 and the UE 810 may exchange EAP-Request/HN-AKA'-Notification and EAP-Response /HN-AKA'-Notification messages via the SEAF 820. The SEAF 820 transparently forwards these messages.
At 810, the AUSF 830 derives EMSK from CK’ and IK’. The AUSF 830 uses the most  significant 256 bits of EMSK as the K AUSF. The AUSF 830 sends an EAP Success message in Namf_UEAuthentication_Authenticate Request to the SEAF 820, which transparently forwards it to the UE 810.
At 811, the SEAF 820 sends the EAP Success message to the UE 810 in the N1 message. Upon receiving the EAP-Success message, the UE 810 derives EMSK from CK’ and IK’. The ME uses the most significant 256 bits of the EMSK as the K AUSF.
At 812, the AUSF 830 sends, to the UDM 840, a success indication in Nausf_UEAuthentication Response message.
As discussed above, the disclosed technology can be implemented in some embodiments to provide security methods for authentication and refreshing shared keys in UE and Home Network.
In some embodiments of the disclosed technology, the AUSF initiates the primary authentication by sending an Nudm_UEAuthentication_Get Request to the UDM, and by sending, to the SEAF, the EAP-Request/HN-AKA'-Challenge message in a Namf_UEAuthentication_Authenticate Request message. In some implementations, the SEAF transparently forwards messages between the AUSF and the UE. In some implementations, K SEAF is not derived either in the AUSF or the UE.
In some embodiments of the disclosed technology, 5G AKA based authentication is re-used with tailoring off process on the SEAF.
In some embodiments of the disclosed technology, the UDM initiates the authentication procedure.
FIG. 9 shows an example of a wireless communication method based on some embodiments of the disclosed technology.
In some embodiments of the disclosed technology, a wireless communication method 900 includes, at 910, initiating, by a first network, an authentication procedure for a user device to establish or refresh shared keys between the user device and the first network, and at 920, verifying, by the first network, an identity of the user device based on a message generated by the user device. In some implementations, the authentication procedure is initiated for the user device to access a second network, establish or refresh shared keys between the user device and the first network, or access the second network and establish or refresh the shared keys between the user device and the first network. In some implementations, the verifying of the identity of  the user device is performed based on the message generated by the user device and forwarded by the second network during the authentication procedure. In some implementations, the first network is a home network, and the second network is a serving network.
FIG. 10 shows another example of a wireless communication method based on some embodiments of the disclosed technology.
In some embodiments of the disclosed technology, a wireless communication method 1000 includes, at 1010, receiving, by a user device, an authentication request that includes authentication information generated by a first network that initiates an authentication procedure for the user device to establish or refresh shared keys between the user device and the first network, at 1020, performing, by the user device, a computation on the authentication information, and at 1030, transmitting, by the user device, an authentication response to the first network based on the computation.
In some implementations, the first network is a home network, and the second network is a serving network.
Some embodiments may preferably implement one or more of the following solutions, listed in clause-format. The following clauses are supported and further described above and throughout this document. As used in the clauses below and in the claims, a wireless device or wireless communication device may be user equipment (UE) , mobile station, or any other wireless terminal including fixed nodes such as base stations. A network device includes a base station including a next generation Node B (gNB) , enhanced Node B (eNB) , or any other device that performs as a base station, or a core network device that can perform the network functions discussed in this patent document. As noted above, the base station and/or core network perform the various functions including UDM, PCF, Network Exposure Function (NEF) , DDNMF (e.g., 5GDDNMF) , Unified Data Repository (UDR) , AMF (Access and Mobility Management Function) , Session Management Function (SMF) , User Plane Function (UPF) .
Clause 1. A method of wireless communication, comprising: initiating, by a first network, an authentication procedure for a user device to establish or refresh shared keys between the user device and the first network; and verifying, by the first network, an identity of the user device based on a message generated by the user device. In some implementations, the first network is a home network.
Clause 2. The method of clause 1, wherein the initiating of the authentication procedure  includes transmitting a first authentication request message from an authentication server function (AUSF) of the first network to a unified data management (UDM) of the first network.
Clause 3. The method of clause 2, wherein the first authentication request message includes an identity of the user device.
Clause 4. The method of clause 3, wherein the identity of the user device includes a subscription permanent identifier (SUPI) .
Clause 5. The method of clause 1, wherein the initiating of the authentication procedure includes generating authentication information by a UDM of the first network in response to a request from the AUSF.
Clause 6. The method of clause 1, wherein the initiating of the authentication procedure includes generating authentication information by a UDM of the first network regardless of a request from the AUSF.
Clause 7. The method of clause 1, wherein the initiating of the authentication procedure includes receiving, at the AUSF, authentication information from the UDM.
Clause 8. The method of clause 7, wherein the authentication information includes a transformed authentication vector that is generated by transforming keys in an authentication vector (AV) .
Clause 9. The method of clause 8, wherein the authentication procedure is performed based on an extensible authentication protocol (EAP) authentication and key agreement (AKA) .
Clause 10. The method of clause 7, wherein the authentication information includes a home environment authentication vector (HE AV) that is generated by deriving an intermediate key stored in the AUSF of the first network and transforming an expected response (XRES) .
Clause 11. The method of clause 10, wherein the AUSF of the first network stores the transformed XRES.
Clause 12. The method of clause 10, wherein the authentication procedure is performed based on 5G authentication and key agreement (AKA) .
Clause 13. The method of clause 1, wherein the initiating of the authentication procedure includes transmitting a second authentication request message from an authentication server function (AUSF) in the first network to a security anchor functionality (SEAF) of a second network.
Clause 14. The method of clause 13, wherein the second authentication request message  includes a first authentication information, and wherein the first authentication information is forwarded to the user device by the SEAF of the second network.
Clause 15. The method of clause 13, wherein the second authentication request message includes a first authentication information, and wherein the SEAF of the second network transmits, to the user device, a second authentication information generated by adjusting the first authentication information.
Clause 16. The method of any of clauses 13-15, wherein the first network and the user device exchange messages associated with the authentication procedure through the SEAF of the second network.
Clause 17. The method of clause 16, wherein the AUSF of the first network verifies the messages from the user device to perform the authentication procedure.
Clause 18. The method of clause 17, further comprising notifying, by the first network, the second network of a result of the authentication procedure with respect to the user device.
Clause 19. The method of any of clauses 1-17, further comprising transmitting, by the AUSF of the first network, to the UDM of the first network, an indication of a successful authentication with respect to the user device.
Clause 20. The method of any of clauses 1-17, further comprising generating an intermediate key of the AUSF on the use device and the first network upon a successful authentication with respect to the user device.
Clause 21. A method of wireless communication, comprising: receiving, by a user device, an authentication request that includes authentication information generated by a first network that initiates an authentication procedure for the user device to establish or refresh shared keys between the user device and the first network; performing, by the user device, a computation on the authentication information; and transmitting, by the user device, an authentication response to the first network based on the computation. In some implementations, the first network is a home network.
Clause 22. The method of clause 21, wherein the authentication information is forwarded by a second network to the user device.
Clause 23. The method of clause 22, wherein the authentication response is forwarded by the second network to the first network.
Clause 24. The method of clause 21, wherein the first network initiates the  authentication procedure by transmitting an authentication request message from an AUSF of the first network to a UDM of the first network.
Clause 25. The method of clause 21, wherein the first network initiates the authentication procedure by generating authentication information by a UDM of the first network in response to a request from the AUSF.
Clause 26. The method of clause 21, wherein the first network initiates the authentication procedure by generating authentication information by a UDM of the first network regardless of a request from the AUSF.
Clause 27. The method of any of clauses 25-26, wherein the authentication information includes a transformed authentication vector that is generated by transforming keys in an authentication vector (AV) .
Clause 28. The method of clause 27, wherein the authentication procedure is performed based on an extensible authentication protocol (EAP) authentication and key agreement (AKA) .
Clause 29. The method of any of clauses 25-26, wherein the authentication information includes a home environment authentication vector (HE AV) that is generated by deriving an intermediate key stored in the AUSF of the first network and transforming an expected response (XRES) .
Clause 30. The method of clause 29, wherein the AUSF of the first network stores the transformed XRES.
Clause 31. The method of clause 29, wherein the authentication procedure is performed based on 5G authentication and key agreement (AKA) .
Clause 32. The method of any of clauses 2-31, wherein the first network is a home network and the second network is a serving network.
Clause 33. An apparatus for wireless communication, comprising a processor, wherein the processor is configured to implement a method recited in any of clauses 1 to 32.
Clause 34. A computer readable program storage medium having code stored thereon, the code, when executed by a processor, causing the processor to implement a method recited in any of clauses 1 to 32.
The disclosed and other embodiments, modules and the functional operations described in this document can be implemented in digital electronic circuitry, or in computer software, firmware, or hardware, including the structures disclosed in this document and their structural  equivalents, or in combinations of one or more of them. The disclosed and other embodiments can be implemented as one or more computer program products, i.e., one or more modules of computer program instructions encoded on a computer readable medium for execution by, or to control the operation of, data processing apparatus. The computer readable medium can be a machine-readable storage device, a machine-readable storage substrate, a memory device, a composition of matter effecting a machine-readable propagated signal, or a combination of one or more them. The term “data processing apparatus” encompasses all apparatus, devices, and machines for processing data, including by way of example a programmable processor, a computer, or multiple processors or computers. The apparatus can include, in addition to hardware, code that creates an execution environment for the computer program in question, e.g., code that constitutes processor firmware, a protocol stack, a database management system, an operating system, or a combination of one or more of them. A propagated signal is an artificially generated signal, e.g., a machine-generated electrical, optical, or electromagnetic signal, that is generated to encode information for transmission to suitable receiver apparatus.
A computer program (also known as a program, software, software application, script, or code) can be written in any form of programming language, including compiled or interpreted languages, and it can be deployed in any form, including as a stand-alone program or as a module, component, subroutine, or other unit suitable for use in a computing environment. A computer program does not necessarily correspond to a file in a file system. A program can be stored in a portion of a file that holds other programs or data (e.g., one or more scripts stored in a markup language document) , in a single file dedicated to the program in question, or in multiple coordinated files (e.g., files that store one or more modules, sub programs, or portions of code) . A computer program can be deployed to be executed on one computer or on multiple computers that are located at one site or distributed across multiple sites and interconnected by a communication network.
The processes and logic flows described in this document can be performed by one or more programmable processors executing one or more computer programs to perform functions by operating on input data and generating output. The processes and logic flows can also be performed by, and apparatus can also be implemented as, special purpose logic circuitry, e.g., an FPGA (field programmable gate array) or an ASIC (application specific integrated circuit) .
Processors suitable for the execution of a computer program include, by way of example,  both general and special purpose microprocessors, and any one or more processors of any kind of digital computer. Generally, a processor will receive instructions and data from a read only memory or a random-access memory or both. The essential elements of a computer are a processor for performing instructions and one or more memory devices for storing instructions and data. Generally, a computer will also include, or be operatively coupled to receive data from or transfer data to, or both, one or more mass storage devices for storing data, e.g., magnetic, magneto optical disks, or optical disks. However, a computer need not have such devices. Computer readable media suitable for storing computer program instructions and data include all forms of non-volatile memory, media and memory devices, including by way of example semiconductor memory devices, e.g., EPROM, EEPROM, and flash memory devices; magnetic disks, e.g., internal hard disks or removable disks; magneto optical disks; and CD ROM and DVD-ROM disks. The processor and the memory can be supplemented by, or incorporated in, special purpose logic circuitry.

Claims (34)

  1. A method of wireless communication, comprising:
    initiating, by a first network, an authentication procedure for a user device to establish or refresh shared keys between the user device and the first network; and
    verifying, by the first network, an identity of the user device based on a message generated by the user device.
  2. The method of claim 1, wherein the initiating of the authentication procedure includes transmitting a first authentication request message from an authentication server function (AUSF) of the first network to a unified data management (UDM) of the first network.
  3. The method of claim 2, wherein the first authentication request message includes an identity of the user device.
  4. The method of claim 3, wherein the identity of the user device includes a subscription permanent identifier (SUPI) .
  5. The method of claim 1, wherein the initiating of the authentication procedure includes generating authentication information by a UDM of the first network in response to a request from the AUSF.
  6. The method of claim 1, wherein the initiating of the authentication procedure includes generating authentication information by a UDM of the first network regardless of a request from the AUSF.
  7. The method of claim 1, wherein the initiating of the authentication procedure includes receiving, at the AUSF, authentication information from the UDM.
  8. The method of claim 7, wherein the authentication information includes a transformed authentication vector that is generated by transforming keys in an authentication vector (AV) .
  9. The method of claim 8, wherein the authentication procedure is performed based on an extensible authentication protocol (EAP) authentication and key agreement (AKA) .
  10. The method of claim 7, wherein the authentication information includes a home environment authentication vector (HE AV) that is generated by deriving an intermediate key stored in the AUSF of the first network and transforming an expected response (XRES) .
  11. The method of claim 10, wherein the AUSF of the first network stores the transformed XRES.
  12. The method of claim 10, wherein the authentication procedure is performed based on 5G authentication and key agreement (AKA) .
  13. The method of claim 1, wherein the initiating of the authentication procedure includes transmitting a second authentication request message from an authentication server function (AUSF) in the first network to a security anchor functionality (SEAF) of a second network.
  14. The method of claim 13, wherein the second authentication request message includes a first authentication information, and wherein the first authentication information is forwarded to the user device by the SEAF of the second network.
  15. The method of claim 13, wherein the second authentication request message includes a first authentication information, and wherein the SEAF of the second network transmits, to the user device, a second authentication information generated by adjusting the first authentication information.
  16. The method of any of claims 13-15, wherein the first network and the user device exchange messages associated with the authentication procedure through the SEAF of the second network.
  17. The method of claim 16, wherein the AUSF of the first network verifies the messages from the user device to perform the authentication procedure.
  18. The method of claim 17, further comprising notifying, by the first network, the second network of a result of the authentication procedure with respect to the user device.
  19. The method of any of claims 1-17, further comprising transmitting, by the AUSF of the first network, to the UDM of the first network, an indication of a successful authentication with respect to the user device.
  20. The method of any of claims 1-17, further comprising generating an intermediate key of the AUSF on the user device and the first network upon a successful authentication with respect to the user device.
  21. A method of wireless communication, comprising:
    receiving, by a user device, an authentication request that includes authentication information generated by a first network that initiates an authentication procedure for the user device to establish or refresh shared keys between the user device and the first network;
    performing, by the user device, a computation on the authentication information; and
    transmitting, by the user device, an authentication response to the first network based on the computation.
  22. The method of claim 21, wherein the authentication information is forwarded by a second network to the user device.
  23. The method of claim 22, wherein the authentication response is forwarded by the second network to the first network.
  24. The method of claim 21, wherein the first network initiates the authentication procedure by transmitting an authentication request message from an AUSF of the first network to a UDM of the first network.
  25. The method of claim 21, wherein the first network initiates the authentication procedure by generating authentication information by a UDM of the first network in response to a request from the AUSF.
  26. The method of claim 21, wherein the first network initiates the authentication procedure by generating authentication information by a UDM of the first network regardless of a request from the AUSF.
  27. The method of any of claims 25-26, wherein the authentication information includes a transformed authentication vector that is generated by transforming keys in an authentication vector (AV) .
  28. The method of claim 27, wherein the authentication procedure is performed based on an extensible authentication protocol (EAP) authentication and key agreement (AKA) .
  29. The method of any of claims 25-26, wherein the authentication information includes a home environment authentication vector (HE AV) that is generated by deriving an intermediate key stored in the AUSF of the first network and transforming an expected response (XRES) .
  30. The method of claim 29, wherein the AUSF of the first network stores the transformed XRES.
  31. The method of claim 29, wherein the authentication procedure is performed based on 5G authentication and key agreement (AKA) .
  32. The method of any of claims 2-31, wherein the first network is a home network and the second network is a serving network.
  33. An apparatus for wireless communication, comprising a processor, wherein the processor is configured to implement a method recited in any of claims 1 to 32.
  34. A computer readable program storage medium having code stored thereon, the code, when executed by a processor, causing the processor to implement a method recited in any of claims 1 to 32.
PCT/CN2021/130512 2021-11-15 2021-11-15 Methods and systems for authentication in wireless networks WO2023082222A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/CN2021/130512 WO2023082222A1 (en) 2021-11-15 2021-11-15 Methods and systems for authentication in wireless networks

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2021/130512 WO2023082222A1 (en) 2021-11-15 2021-11-15 Methods and systems for authentication in wireless networks

Publications (1)

Publication Number Publication Date
WO2023082222A1 true WO2023082222A1 (en) 2023-05-19

Family

ID=86334888

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/130512 WO2023082222A1 (en) 2021-11-15 2021-11-15 Methods and systems for authentication in wireless networks

Country Status (1)

Country Link
WO (1) WO2023082222A1 (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110800331A (en) * 2017-07-20 2020-02-14 华为国际有限公司 Network verification method, related equipment and system
US20210320788A1 (en) * 2018-12-29 2021-10-14 Huawei Technologies Co., Ltd. Communication method and related product

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110800331A (en) * 2017-07-20 2020-02-14 华为国际有限公司 Network verification method, related equipment and system
US20210320788A1 (en) * 2018-12-29 2021-10-14 Huawei Technologies Co., Ltd. Communication method and related product

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; Study on authentication and key management for applications; based on 3GPP credential in 5G (Release 16)", 3GPP TR 33.835, no. V0.4.0, 1 April 2019 (2019-04-01), pages 1 - 64, XP051723261 *

Similar Documents

Publication Publication Date Title
US10849191B2 (en) Unified authentication for heterogeneous networks
US9992671B2 (en) On-line signup server for provisioning of certificate credentials to wireless devices
EP3338473B1 (en) Method and apparatus for authentication of wireless devices
US8887251B2 (en) Handover method of mobile terminal between heterogeneous networks
RU2367098C1 (en) System and method for authentication in communication system
KR20230124621A (en) UE authentication method and system for non-3GPP service access
EP3718330A1 (en) Session key establishment
WO2020249068A1 (en) Authentication method, device, and system
WO2020146998A1 (en) Method and device for preventing user tracking, storage medium and electronic device
US20220124092A1 (en) Authentication Processing Method and Device, Storage Medium, and Electronic Device
WO2023082222A1 (en) Methods and systems for authentication in wireless networks
WO2020208294A1 (en) Establishing secure communication paths to multipath connection server with initial connection over public network
CN115280803B (en) Multimedia broadcast multicast service authentication method, device, equipment and medium
KR20230079179A (en) Method, terminal, and network entity for handling secure key synchronization in a wireless network
US20230413047A1 (en) Network relay security
US20230336992A1 (en) Method and apparatus for authenticating user equipment in wireless communication system
US20230413055A1 (en) Security methods for protecting discovery procedures in wireless networks
US20240073212A1 (en) Communication method and apparatus
WO2023178689A1 (en) Security implementation method and apparatus, device, and network element
WO2023142102A1 (en) Security configuration update in communication networks
WO2024103509A1 (en) Enabling authentication and key management for application service for roaming users
CN115174653B (en) Node pairing method
WO2023245351A1 (en) Refreshing authentication keys for proximity based services
US20240179525A1 (en) Secure communication method and apparatus
US20240022908A1 (en) Authentication using a digital identifier for ue access

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21963670

Country of ref document: EP

Kind code of ref document: A1