Methods and Systems for Bootstrapping an End-to-End Application Layer Session Security Keyset Based on a Subscriber Identity Master Security Credential

Abstract

An exemplary security key bootstrapping system determines an application layer session security keyset uniquely associated with a client device and based on a subscriber identity master security credential. The subscriber identity master security credential is permanently stored within a component of the client device and is also stored on a subscriber identity management server associated with a provider network by which the client device is communicatively coupled with an application server system. The security key bootstrapping system uses the application layer session security keyset as a credential to provide end-to-end security for an application layer session between the client device and the application server system over the provider network. Neither the component of the client device nor the subscriber identity management server obtains the subscriber identity master security credential from an exchange of the subscriber identity master security credential over the provider network.

Description

BACKGROUND INFORMATION[0001]Wireless communication network technologies continue to advance. For example, wireless communication service providers such as mobile phone service providers are deploying and expanding provider networks (e.g., Long Term Evolution (“LTE”) wireless communication networks) that are configured to provide not only voice services, but also data services whereby various computing devices connected to the provider networks (e.g., client devices, application servers, etc.) may exchange data over the provider networks. Thus, along with supporting voice calls between cell phones and / or other telephonic devices, provider networks may also support the exchange of data between various types of client devices (e.g., cell phones, tablet computers, Internet of Things (“IoT”) devices, etc.) and application servers to allow the client devices, for example, to access data services provided by the application servers, to report data or receive updates from the application se...

AI Technical Summary

Benefits of technology

This approach reduces processing and resource usage, enhances security by ensuring end-to-end encryption, and scales effectively with increasing numbers of connected devices, minimizing the risk of fraud and data compromise.

Problems solved by technology

Unfortunately, security protocols that do not extend from end-to-end on an application layer session between a mobile device and an application server may provide insufficient security for many situations (e.g., for fully securing application layer sessions).

Moreover, existing end-to-end application layer session security technologies may involve various aspects (e.g., transferring certificates, authenticating certificates by certificate authorities, managing public and private keys, exchanging multiple messages to derive session keys, etc.) that require inordinate amounts of processing and that will not scale sufficiently to keep up with increasing numbers of client devices that are being connected to provider networks.

As such, security technologies that may have been sufficient in the past may increasingly be found lacking as the future unfolds.

Images