Unified key management in a communications network environment
By introducing a unified key management method in 6G communication networks, the problems of low efficiency and latency in user plane key generation under access stratum security contexts are solved, and efficient and secure user plane key generation and management are achieved.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- NOKIA TECHNOLOGIES OY
- Filing Date
- 2025-12-19
- Publication Date
- 2026-06-30
AI Technical Summary
In 6G communication networks, existing technologies suffer from inefficiencies and delays in user plane key generation and security management without an access layer security context, especially in non-converged radio access networks, leading to UP security failure.
A unified key management approach is adopted, which coordinates the generation of user plane security keys based on a single control plane key among UE, AUPF and ACMF. Independent of access layer security, key generation and management are performed using a unified signaling layer, including the generation of new UP keys derived from KACMF and the generation of KAUSF using unified data management functions.
It enables efficient user plane key generation in a security context without an access stratum, reducing network latency and processing burden, and improving the security and efficiency of 6G networks.
Smart Images

Figure CN122317618A_ABST
Abstract
Description
Technical Field
[0001] This field generally relates to communication networks, and more specifically, but not exclusively, to security management in such communication networks. Background Technology
[0002] This section introduces aspects that may help facilitate a better understanding of the invention. Therefore, the statements in this section will be interpreted from this perspective and should not be construed as an admission of what is prior art or what is not prior art.
[0003] In recent years, communication network technology has developed exceptionally rapidly.
[0004] Fourth-generation (4G) wireless mobile telecommunications technology, also known as Long Term Evolution (LTE) technology, provides high-capacity mobile multimedia with high data rates compared to previous generations of communication networks, especially for human-computer interaction.
[0005] Fifth-generation (5G) technology currently provides not only human-machine interaction use cases, but also machine-type communication in so-called Internet of Things (IoT) networks. 5G networks enable large-scale IoT services (e.g., numerous devices with limited capacity) and mission-critical IoT services (e.g., those requiring high reliability), while supporting improvements to 4G communication services in the form of enhanced mobile broadband (eMBB) services that provide improved wireless internet access for mobile devices.
[0006] The development of sixth-generation (6G) technology for communication networks differs from 5G in several ways, including significant improvements in speed and latency (for example, the Ultra Reliable Low Latency Communication (URLLC) service, which originated in 5G, is being refined and improved in 6G to meet more stringent connectivity requirements), and the ability to sense the physical environment through extended spectrum usage. This sensing capability enables the creation of digital twins of the physical environment, leading to new applications such as, but not limited to, highly precise positioning and immersive experiences.
[0007] However, in any communication network environment—especially in environments providing applications such as location services and immersive experiences—security management is a critical consideration. Furthermore, security management remains an ongoing consideration as efforts continue to improve the architecture and protocols associated with communication networks to enhance network efficiency and / or user convenience. Therefore, security management can present significant technical challenges. Summary of the Invention
[0008] The illustrative embodiments provide techniques for unified key management in a communication network environment.
[0009] In one illustrative embodiment, a method generates the same first cryptographic value independently of generating a first cryptographic value at a first network entity in a first communication network, wherein the first network entity includes access control and mobility functions, and the first cryptographic value is derived from a cryptographic value used for a security anchor function. The method generates the same set of one or more user plane cryptographic values from the first cryptographic value independently of generating a set of one or more user plane cryptographic values at the first network entity. Furthermore, the method uses this set of one or more user plane cryptographic values to securely communicate with a second network entity in the first communication network, wherein the second network entity includes access user plane functions. In another embodiment, the set of one or more user plane cryptographic values may alternatively be generated using a second cryptographic value used for access user plane functions.
[0010] In another illustrative embodiment, the method generates a set of one or more user plane keys at the user equipment, independently of the access control and mobility functions associated with the serving network to which the user equipment is connected. In the absence of an access network security context, the method uses this set of one or more user plane keys at the user equipment to establish a secure communication channel with the access user plane functions of the serving network.
[0011] Other illustrative embodiments are provided in the form of a non-transitory computer-readable medium in which executable program code is embodied, which, when executed by a processor, causes the processor to perform the above and / or other steps, operations, etc. Other illustrative embodiments include means having a processor and memory configured to perform the above and / or other steps, operations, etc. Some illustrative embodiments include systems configured to perform the above and / or other steps, operations, etc. Furthermore, some illustrative embodiments include means or systems comprising components for performing the above and / or other steps, operations, etc.
[0012] Advantageously, some illustrative embodiments provide a unified key management solution for user equipment (UE), access control and mobility functions (ACMF), and access user plane functions (AUPF) to define user plane keys when an access stratum (AS) security context is not required in the network architecture. In some illustrative embodiments, the unified key management solution described herein is particularly suitable for implementations of non-converged radio access networks in 6G architectures.
[0013] These and other features and advantages of the embodiments described herein will become more apparent from the accompanying drawings and the following detailed description. Attached Figure Description
[0014] Figure 1 This illustrates a communication network environment in which one or more illustrative embodiments can be implemented.
[0015] Figure 2 User equipment and entities in which one or more illustrative embodiments may be implemented are shown.
[0016] Figure 3 A network protocol stack with unified key management is shown according to an illustrative embodiment.
[0017] Figure 4 , 5A Figures 5B and 5B illustrate a unified key generation scheme according to a first illustrative embodiment.
[0018] Figures 6A-6B A unified key generation process in a communication network environment according to a first illustrative embodiment is shown.
[0019] Figure 7 A unified key generation scheme according to a second illustrative embodiment is shown.
[0020] Figures 8A-8B A unified key generation process in a communication network environment according to a second illustrative embodiment is shown. Detailed Implementation
[0021] This document describes embodiments in conjunction with example communication systems and related technologies for security management in communication systems. However, it should be understood that the scope of the claims is not limited to the specific type of communication system and / or process disclosed. Embodiments can be implemented using alternative processes and operations in various other types of communication systems. For example, although described in the context of wireless cellular systems utilizing 3GPP system elements such as 5G and 6G system elements, the disclosed embodiments are directly applicable to various other types of systems.
[0022] According to illustrative embodiments, one or more 3GPP technical specifications (TS) and technical reports (TRs) may be used to provide further explanations of network elements / functions and / or operations that can partially interact with the solutions of this invention, such as, but not limited to, 3GPP TS 29.281 entitled "Technical Specification Group Core Network and Terminals; General Packet Radio System (GPRS) Tunneling Protocol User Plane (GTPv1-U)", TS 29.244 entitled "Technical Specification Group Core Network and Terminals; Interface between the Control Plane and the User Plane Nodes; Stage 3", and TS 33.220 entitled "Technical Specification Group Services and System Aspects; Generic Authentication Architecture (GAA); Generic Bootstrapping". The publications of TS 33.501, entitled "Technical Specification Group Services and System Aspects; Security Architecture and Procedures for 5G System," are incorporated herein by reference in their entirety. Note that 3GPP TS / TR documents are merely non-limiting examples of communication network standards (e.g., specifications, procedures, reports, requirements, recommendations, etc.). While highly suitable for 3GPP standards, these embodiments are not necessarily intended to be limited to any particular standard.
[0023] It will be understood that, in some illustrative embodiments, the terms 5G network, 6G network, etc. (e.g., 5G or 6G system, 5G or 6G communication system, 5G or 6G environment, 5G or 6G communication environment, etc.) can be understood to include all or part of the access network and all or part of the core network. However, the terms 5G network or 6G network, etc., may occasionally be used interchangeably with the terms 5GC network or 6GC network, respectively, without loss of generality.
[0024] Before describing the illustrative embodiments, the following will be... Figure 1 and 2 A general description of some of the key components of 5G and / or 6G networks within the context of [the context].
[0025] Figure 1 A communication system 100 in which illustrative embodiments can be implemented is shown. It will be understood that the elements shown in the communication system 100 are intended to represent some of the main functions provided within the system, such as access nodes, control plane functions, user plane functions, etc. Therefore, Figure 1 The blocks shown refer to specific elements in 5G and / or 6G networks that provide some of these key functions. However, other network elements can be used to implement some or all of the key functions represented. Additionally, it will be understood that not all functions of 5G and / or 6G networks are represented in the same way. Figure 1 The figures below show only some of the functionalities that facilitate explanation of the embodiments. Subsequent figures may show additional elements / functionalities (i.e., network entities).
[0026] Therefore, as shown in the figure, the communication system 100 includes a user equipment (UE) 102. The UE 102 may be a mobile station, such as a mobile phone, computer, IoT device, or any other type of communication device. Therefore, as used herein, the term "user equipment" is intended to be interpreted broadly to include various different types of mobile stations, user stations, or more generally, communication devices, such as combinations of data cards inserted into other devices such as laptops or smartphones. Such communication devices are also intended to include devices commonly referred to as access terminals.
[0027] In one illustrative embodiment, UE 102 includes a Universal Integrated Circuit Card (UICC) portion and a Mobile Equipment (ME) portion. The UICC is the user-related portion of the UE and contains at least one Global Subscriber Identity Module (USIM) and appropriate application software. The USIM securely stores a permanent user identifier and its associated key, which is used to uniquely identify and authenticate users accessing the network. The ME is the user-related portion of the UE and includes Terminal Equipment (TE) functionality and various Mobile Termination (MT) functions. Alternative illustrative embodiments may not use UICC-based authentication, for example, using a Non-Public (NPN) network.
[0028] Note that in one example, the permanent subscriber identifier is the International Mobile Subscriber Identity (IMSI) unique to the UE. In one embodiment, the IMSI has a fixed length of 15 digits and includes a 3-digit Mobile Country Code (MCC), a 3-digit Mobile Network Code (MNC), and a 9-digit Mobile Station Identifier (MSIN). In 5G communication systems, the IMSI is referred to as the Subscriber Permanent Identifier (SUPI). When the IMSI is a SUPI, it provides the subscriber identifier. Therefore, typically only the MSIN portion of the IMSI needs to be encrypted. The MNC and MCC portions of the IMSI provide routing information, which the serving network uses to route to the correct home network. When the MSIN of the SUPI is encrypted, it is called the Subscriber Hidden Identifier (SUCI). Another example of a SUPI uses a Network Access Identifier (NAI). NAIs are commonly used in IoT communications.
[0029] Further as Figure 1 As shown, UE 102 communicates with access point 104 via an air interface. Access point 104 is an illustrative part of the radio access network or RAN of communication system 100. Such a radio access network may include, for example, multiple components, and more generally, these components may be considered as radio access entities or access nodes.
[0030] One embodiment implements a non-converged RAN architecture where the RAN is partitioned into Radio Units (RUs), Distributed Units (DUs), and Centralized Units (CUs), which can be further partitioned into components, such as one CU (CU-CP) for the control plane and another CU (CU-UP) for the user plane. A given RAN architecture may include multiple radio access entities, such as multiple RUs, multiple DUs, multiple CU-CPs, and / or multiple CU-UPs. Generally, for example, an RU manages radio frequency (RF) signals (converting them into digital signals) and performs signal processing to manage the interface between the antenna and the rest of the RAN. Generally, for example, a DU manages the lower layers of the network protocol stack, including real-time functions such as, for example, Radio Link Control (RLC), Media Access Control (MAC), and the Physical (PHY) layer, thus performing data processing and scheduling closer to the antenna to achieve low latency and efficient data transmission. Generally, for example, a CU manages the higher layers of the protocol stack, including functions such as, for example, Radio Resource Management (RRM), Mobility Management (MM), and data flow coordination and communication between the core network and the DU. In addition to other technological advantages, non-aggregated RAN architecture also allows for flexibility and scalability in network deployment. For example, network operators can deploy RUs, DUs, and CUs from different vendors, thereby enabling more customized and cost-effective networks.
[0031] like Figure 1 As shown, the UE communicates with an RU that is part of or associated with access point 104. However, it will be understood that UE 102 can be configured to communicate with the core network using one or more other types of access points (e.g., access functions, networks, etc.). By way of example only, access point 104 can be any 5G access network using a gNB, an untrusted non-3GPP access network using non-3GPP interoperability functions (N3IWF), a trusted non-3GPP network using trusted non-3GPP gateway functions (TNGF), or part of a wired access network using wired access gateway functions (W-AGF), or can correspond to a traditional access point (e.g., an eNB). Furthermore, access point 104 can be a wireless local area network (WLAN) access point.
[0032] In 5G network architecture, access point 104 is typically operatively coupled to a network function known as Access and Mobility Management Function (AM-SEAF), which, among other things, supports Mobility Management (MM) and Security Anchor (SEAF) functions. However, in 6G network architecture, as... Figure 1As shown, certain radio access entities can be merged with other network functions. For example, the DU and CU-UP of a non-aggregated RAN architecture can be merged into the Access User Plane Function (AUPF) 106, while the CU-CP and AMF functions can be merged into the Access Control and Mobility Function (ACMF) 108.
[0033] Further as Figure 1 As shown, AUPF 106 and ACMF 108, along with other network functions including Session Control and Management Function (SCMF) 112 and Central User Plane Function (CUPF) 114, are part of the Visited Public Land Mobile Network (VPLMN) 110 (also simply referred to as the Visited Network or Serving Network). SCMF 112 is operatively coupled to ACMF 108 and has functionality equivalent to Session Management Function (SMF) in a 5G network, while CUPF 114 is operatively coupled to AUPF 106 and has functionality equivalent to User Plane Function (UPF) in a 5G network. Additionally, as shown, AUPF 106 is operatively coupled to data network 116, while CUPF 114 is operatively coupled to data network 120.
[0034] Note that a UE typically subscribes to a so-called Home Public Land Mobile Network (HPLMN or Home Network), and if the UE is roaming (not in its home network), it typically connects to a VPLMN or serving network. Communication system 100 illustrates a roaming scenario where HPLMN 130 is the home network of UE 102, and VPLMN 110 is its (current) serving network. Therefore, UE 102 uses the network functions of its HPLMN 130 via the network functions of VPLMN 110. More specifically, the network functions of VPLMN 110 can communicate with the corresponding network functions of HPLMN 130. For example, HPLMN 130 includes SCMF 132 operatively coupled to SCMF 112 of VPLMN 110, and CUPF 134 operatively coupled to CUPF 114 of VPLMN 110. CUPF 134 is operatively coupled to data network 140.
[0035] In some examples, data transmitted between AUPF 106, CUPF 114, and CUPF 134 may be protected using the GPRS Tunneling Protocol (GTP), an Internet Protocol (IP)-based communication protocol used to carry General Packet Radio Service (GPRS) packets within 5G and / or 6G networks, see, for example, TS 29.281 above. Therefore, data networks 116, 120, and 140 can be private and / or public packet data networks.
[0036] Other network functions can include those that can act as service providers (NFp) and / or service consumers (NFc). Note that any network function can be a service provider of one service and a service consumer of another. Furthermore, when the service provided includes data, the NFp that provides the data is called a data provider, and the NFc that requests the data is called a data consumer. A data provider can also be an NF that generates data by modifying or otherwise processing data provided by another NF. Note that more generally, an NF can be referred to as a network entity; thus, a network entity that consumes one or more data and services can be considered a consumer network entity, and a network entity that provides one or more data and services can be considered a provider network entity.
[0037] It will be understood that this particular arrangement of system elements is merely an example, and in other embodiments, additional or alternative elements of other types and arrangements may be used to implement the communication system. For example, in other embodiments, the communication system 100 may include other elements / functions not explicitly shown herein.
[0038] therefore, Figure 1 The arrangement shown is just one example configuration for a wireless cellular system, and many alternative configurations of system components can be used. For example, although... Figure 1 The embodiments shown depict only a single element / function, but this is merely for the purpose of simplification and clarity. The given alternative embodiments may, of course, include a large number of such system elements, as well as additional or alternative elements of the type typically associated with conventional system implementations.
[0039] Also note that, although Figure 1 System components are shown as single functional blocks, but the various subnetworks that make up 5G and / or 6G networks are divided into so-called network slices. A network slice (network segmentation) is a logical network that provides specific network functions and characteristics, which can selectively use Network Function Virtualization (NFV) on a common physical infrastructure to support corresponding service types. Using NFV, network slices can be instantiated based on the needs of a given service, such as eMBB services, large-scale IoT services, and mission-critical IoT services. Therefore, when an instance of a network slice or function is created, that network slice or function is instantiated. In some embodiments, this involves installing or otherwise running the network slice or function on one or more host devices in the underlying physical infrastructure. UE 102 is configured to access one or more of these services via access point 104.
[0040] Figure 2This is a block diagram illustrating the computational architecture for various participants in a method according to an illustrative embodiment. More specifically, system 200 is shown as including user equipment (UE) 202 and multiple entities 204-1, ..., 204-N. For example, in the illustrative embodiment and referring back to reference Figure 1 UE 202 may represent UE 102, while entities 204-1, ..., 204-N may represent functions 106 and 108 (i.e., network entities, such as but not limited to AUPF, ACMF, SCMF, and CUPF) and access point 104 (i.e., radio access entities, such as but not limited to RAN nodes or RUs). It will be understood that UE 202 and entities 204-1, ..., 204-N are configured to interact to provide security management and other technologies described herein.
[0041] User equipment 202 includes a processor 212 coupled to memory 216 and interface circuitry 210. The processor 212 of user equipment 202 includes a security management processing module 214, which may be implemented at least partially in the form of software executed by the processor. The security management processing module 214 performs security management as described in conjunction with the following figures and elsewhere herein. The memory 216 of user equipment 202 includes a security management storage module 218 that stores data generated or used during security management operations.
[0042] Each entity (referred to herein individually or collectively as 204) includes a processor 222 (222-1, ..., 222-N) coupled to memories 226 (226-1, ..., 226-N) and interface circuitry 220 (220-1, ..., 220-N). Each processor 222 of each entity 204 includes a security management processing module 224 (224-1, ..., 224-N), which may be implemented at least partially in the form of software executed by the processor 222. The security management processing module 224 performs security management as described in conjunction with the following figures and elsewhere herein. Each memory 226 of each entity 204 includes a security management storage module 228 (228-1, ..., 228-N) that stores data generated or used during security management operations.
[0043] Processors 212 and 222 may include, for example, a microprocessor such as a central processing unit (CPU), an application-specific integrated circuit (ASIC), a digital signal processor (DSP) or other types of processing devices, and portions or combinations of such elements.
[0044] Memory 216 and 226 can be used to store one or more software programs that are executed by corresponding processor 212 and 222 to implement at least some of the functions described herein. For example, security management operations and other functions, in conjunction with the following figures and other places described herein, can be implemented directly using the software code executed by processor 212 and 222.
[0045] Therefore, one of the memories 216 and 226 can be considered as an example of what is more generally referred to herein as a computer program product, or even more generally as a computer or processor-readable (non-transitory or storage) medium embodying executable program code. Other examples of computer or processor-readable media may include magnetic disks or other types of magnetic or optical media taking any combination. Illustrative embodiments may include articles of manufacture containing such computer program products or other computer or processor-readable media.
[0046] Furthermore, and more specifically, memories 216 and 226 may, for example, comprise electronic random access memory (RAM), such as static RAM (SAM), dynamic RAM (DRAM), or other types of volatile or non-volatile electronic memory. The latter may, for example, comprise non-volatile memory, such as flash memory, magnetic RAM (MRAM), phase-change RAM (PC-RAM), or ferromagnetic RAM (FRAM). As used herein, the term "memory" is intended to be interpreted broadly and may, for example, additionally or alternatively include read-only memory (ROM), disk-based memory, or other types of storage devices, and portions or combinations thereof.
[0047] Interface circuits 210 and 220 illustratively include transceivers or other communication hardware or firmware that allows associated system components to communicate with each other in the manner described herein.
[0048] pass Figure 2 It is readily apparent that user equipment 202 and multiple entities 204 are configured as security management participants to communicate with each other via their respective interface circuits 210 and 220. This communication involves each participant sending data to one or more other participants and / or receiving data from one or more other participants. As used herein, the term "data" is intended to be interpreted broadly to include any type of information that can be sent between participants, including but not limited to identification data, key pairs, key indicators, tokens, secrets, security management messages, registration request / response messages and data, request / response messages, authorization and / or authentication request / response messages and data, metadata, control data, audio, video, multimedia, licensing data, other messages, etc.
[0049] Will understand, Figure 2The specific arrangement of components shown is merely an example, and many alternative configurations can be used in other embodiments. For example, any given network element / function and / or access point can be configured to include additional or alternative components and support other communication protocols.
[0050] Other system components ( Figure 1 Network functions and other components (not explicitly shown) can be configured to include components such as processors, memory, and network interfaces. Additionally, entities such as third-party applications and network operators can participate in the methods described herein via computing devices configured to include components such as processors, memory, and network interfaces. These elements and devices do not need to be implemented on separate, independent processing platforms, but can, for example, represent different functional portions of a single, common processing platform.
[0051] More generally, Figure 2 This can be considered as representing processing devices configured to provide corresponding security management functions and operatively coupled to each other in a communication system. By way of example only, all or part of UE 202 and each of the plurality of entities 204 (e.g., processor and memory) can be considered as examples of components for performing one or more operations, one or more steps, one or more functions, one or more processes, etc., as described herein.
[0052] Given the general description of the relevant features of the illustrative 6G network above, the problems with existing key management methods and solutions proposed according to illustrative embodiments will now be described below.
[0053] In the current 6G architecture proposal, it is assumed that after authentication, ACMF will generate K. AMF Then, a Non-Access Stratum (NAS) key, including the Control Plane (CP) key, is generated. Subsequently, the ACMF needs to generate User Plane (UP) keys and provide them to the AUPF so that the AUPF can use these keys to encrypt and protect the integrity of UP data services. However, the UP keys are currently based on K... gNB And generated.
[0054] Furthermore, in the current 6G architecture proposal, NAS security alone is considered sufficient; therefore, AS (CP) layer security is unnecessary. However, if AS layer security is disabled, UP security will fail because the UP key originates from K. gNB Derived. Even assuming that an AS(CP) key is generated but not used for AS(CP) security, some drawbacks of this method / assumption include: (i)K gNB Used to derive other keys that serve no purpose, and (ii) K gNBThe key generation needs to be performed at both the UE and the core network, which will result in additional processing at both the UE and the core network, thus delaying other processing. Therefore, improved key management methods and other functions are needed, especially for UP key generation.
[0055] The illustrative embodiments overcome the above and other technical deficiencies by providing a unified security key management method across UE, AUPF, and ACMF. Figure 3 An end-to-end protocol stack 300 (UE to network) with a unified signaling layer 301 for key management is illustrated according to an illustrative embodiment. As generally shown, UE 302, AUPF 304, and ACMF 306 coordinate the generation of UP security keys based on a single CP key across the unified signaling layer 301. For example, such UP keys can be used for service application access via ACMF 306 and SCMF 308. More specifically, where current 6G architecture proposals do not require AS (CP) security, the illustrative embodiment defines a security key from K... ACMF The exported new UP key will be described further below.
[0056] Figure 4 , 5A Figure 5B illustrates a unified key generation scheme according to a first illustrative embodiment. It will be understood that... Figures 5A-5B The key generation scheme 500 shown is Figure 4 A more detailed view of the key generation scheme 400 shown is provided (e.g., the key derivation / derivation function (KDF) and its inputs / outputs at each stage of key generation are shown). However, based on the detailed description herein, those skilled in the art will understand the KDF processing in the unified key generation scheme in a straightforward manner.
[0057] In one illustrative embodiment, key generation according to TS 33.220 above can be implemented, wherein the input parameters and their lengths are concatenated into a string S, as follows: 1. The length of each input parameter, measured in octets, is encoded into a string of two octets: (a) Represent the number of octets in the input parameter Pi as a number k in the range [0, 65535]. (b) Li is then a 16-bit / bit-length encoding of the number k. 2. The string S consists of n+1 input parameters, as follows:
[0058] S = FC || P0 || L0 || P1 || L1 || P2 || L2 || P3 || L3 ||... || Pn ||Ln
[0059] in:
[0060] FC is used to distinguish different instances of the algorithm and consists of a single octet or two octets of the form FC1||FC2, where FC1 = 0xFF and FC2 are single octets.
[0061] P0...Pn are the encodings of n+1 input parameters, and
[0062] L0...Ln is the two-octet representation of the length of the corresponding input parameter encoding P0...Pn.
[0063] 3. The final output, i.e., the derived key, is equal to the KDF computed on the string S using the key (represented as Key). In TS 33.220, the KDF is defined as follows:
[0064] Export key = HMAC-SHA-256(Key, S).
[0065] In other embodiments, additional or alternative key generation can be used.
[0066] In one illustrative embodiment, K ACMF (and K) ACMF The key generation can utilize a portion of the key generation scheme in TS 33.501 described above to generate K. AMF (K) AMF’ ),like Figures 5A-5B As shown in the diagram. For example, as shown in section 510 of key generation scheme 500, the Unified Data Management (UDM) function and the Authentication Credentials Repository and Processing (ARFP) function use a cryptographic key (CK) and an integrity (protection) key (IK) to implement the K for the Authentication Server Function (AUSF). AUSF The implementations of CK' and IK' (note that CK' and IK' are only generated when EAP AKA' is executed), the Authentication Server Function (AUSF), and then the implementation of K for the Security Anchor Function (SEAF) are then performed. SEAF The generation of K. Furthermore, K SEAF Used in conjunction with SUPI (from UE) and inter-architecture anti-bid descent (ABBA) parameters to generate K ACMF (Single CP key) for use in the ACMF section 520, AUPF section 530, and N3IWF section 540 of the key generation scheme 500.
[0067] In ACMF section 520, K is used. ACMF Generate K CPenc and K CPint K CPenc and KCPint Then it is truncated to form K separately. NASenc and K NASint .
[0068] In AUPF section 530, K ACMF Used in conjunction with the identifier (N-UP-enc-alg-ID) for the selected UP encryption algorithm and the identifier (N-UP-int-alg_ID) for the selected UP integrity algorithm to generate an uncrunted K UPenc and K UPint K UPenc and K UPint Then it is truncated to form K separately. UPenc and K UPint In some embodiments ( Figures 6A-6B ACMF generates K UPenc and K UPint And provide the UP key to AUPF, while in other embodiments ( Figure 7 , 8A (and 8B), AUPF generates K UPenc and K UPint Despite Figures 5A-5B It is not explicitly stated in the text (but in the text) Figure 4 (as shown in the image), but the UE independently receives K SEAF Generate (e.g., independent of VPLMN) the same K ACMF Then use K ACMF To generate the same K independently CPenc and K CPint and K UPenc and K UPint .
[0069] In N3IWF section 540, K ACMF Used in conjunction with CP uplink counting to generate K N3IWF .
[0070] According to an illustrative embodiment of unified key management, when K from ACMF and UE... ACMF When exporting the key for CP integrity and the CP encryption key or the UP encryption key and the UP integrity key, use the following parameters to form the string S: - FC = 0x69 - P0 = Algorithm type distinguisher - L0 = Length of the algorithm type distinguisher (e.g., 0x00 0x01) - P1 = Algorithm identifier - L1 = Length of the algorithm identifier (e.g., 0x00 0x01)
[0071] For the CP encryption algorithm, the algorithm type distinguisher is N-CP-enc-alg with a value of 0x01. For the CP integrity protection algorithm, the algorithm type distinguisher is N-CP-int-alg with a value of 0x02. For the UP encryption algorithm, the algorithm type distinguisher is N-UP-enc-alg with a value of 0x05. For the UP integrity protection algorithm, the algorithm type distinguisher is N-UP-int-alg with a value of 0x06.
[0072] In one illustrative embodiment, the algorithm identifier is placed in the four least significant bits of the eight-bit byte. Two of the four most significant bits are reserved for future use, and two of the most significant nibble bits are reserved for private use. All four most significant bits are set to all zeros.
[0073] Figures 6A-6B A process 600 using key generation scheme 500 (key generation scheme 400) according to a first illustrative embodiment is shown. As shown, process 600 involves UE 602, a serving network (VPLMN) 610 having AUPF 612 and ACMF (and SEAF) 614, and a home network (HPLMN) 620 having AUSF 622 and UDM (and ARPF and Subscriber Identity De-Hidden Function (SIDF)) 624.
[0074] In step 1, UE 602 hides its SUCI to generate SUPI.
[0075] In step 2, UE 602 sends a registration request to ACMF 614 of the serving network 610.
[0076] An authentication process for UE 602 is performed between the serving network 610 and the home network 620 (as shown in steps 3-9, 14-16b, 17a and 17b) and between the serving network 610 and UE 602 (as shown in steps 10-13).
[0077] In steps 16c-16e, UE 602 and ACMF 614 independently obtain K SEAF Generate K ACMF And from K ACMF Generate K CPenc and K CPint and K UPenc and K UPint (For example, as mentioned above) Figure 4 (as described in the context of 5).
[0078] In step 18a, ACMF 614 sends a K-type signal to AUPF 612.UPenc and K UPint The initial security context setting request.
[0079] In step 18b, UE 602 and AUPF 612 use K UPenc and K UPint To establish a secure data communication channel.
[0080] In alternative embodiments, such as Figure 7 Key generation scheme 700 and Figures 8A-8B The process illustrated in section 800 involves generating the CP key (K). CPenc and K CPint ) and UP key (K UPenc and K UPint More specifically, in generating K as described above... ACMF After that, from K ACMF Generate a separate K AUPF ,like Figure 7 As shown in the image. Then, further as... Figure 7 As shown, from K ACMF Generate K CPenc and K CPint And from K AUPF Generate K UPenc and K UPint .
[0081] When K from UE and ACMF ACMF Export key K from uplink NAS COUNT AUPF When using this method, the following parameters are used to form the input S of the KDF: - FC = 0x6E - P0 = Uplink NAS COUNT - L0 = Length of the uplink NAS COUNT (e.g., 0x00 0x04) - P1 = Access type distinguisher - L1 = Length of the access type distinguisher (e.g., 0x00 0x01)
[0082] The values used for the access type distinguisher are defined as follows. Values 0x00 and 0x03 to 0xf0 are reserved for future use, and values 0xf1 to 0xff are reserved for private use. When deriving K... AUPF At that time, the access type distinguisher is set to the value (0x01) used in 3GPP. When deducing K N3IWF At that time, the access type distinguisher is set to a value (0x02) used for non-3GPP applications.
[0083] The input key KEY is 256 bits / bit KACMF .
[0084] This feature is applicable when establishing a password-protected 5G radio bearer and when performing an in-run key change.
[0085] When K from ACMF and UE ACMF When exporting the key used for CP integrity and CP encryption, use the following parameters to form the string S: - FC = 0x69 - P0 = Algorithm type distinguisher - L0 = Length of the algorithm type distinguisher (e.g., 0x00 0x01) - P1 = Algorithm identifier - L1 = Length of the algorithm identifier (e.g., 0x00 0x01)
[0086] For the CP encryption algorithm, the algorithm type distinguisher is N-CP-enc-alg (value 0x01), and for the CP integrity protection algorithm, the algorithm type distinguisher is N-CP-int-alg (value 0x02).
[0087] The algorithm identifier is placed in the four least significant bits of the eight-bit byte. Two of the four most significant bits are reserved for future use, and two of the most significant nibble bits are reserved for private use. All four most significant bits are set to zero.
[0088] When K from AUPF and UE AUPF When exporting the key used for UP encryption and UP integrity, use the following parameters to form the string S: - FC = 0x69 - P0 = Algorithm type distinguisher - L0 = Length of the algorithm type distinguisher (e.g., 0x00 0x01) - P1 = Algorithm identifier - L1 = Length of the algorithm identifier (e.g., 0x00 0x01)
[0089] For the UP encryption algorithm, the algorithm type distinguisher is N-UP-enc-alg (value 0x01), and for the UP integrity protection algorithm, the algorithm type distinguisher is N-UP-int-alg (value 0x02).
[0090] The algorithm identifier is placed in the four least significant bits of the eight-bit byte. Two of the four most significant bits are reserved for future use, and two of the most significant nibble bits are reserved for private use. All four most significant bits are set to zero.
[0091] Now for reference Figures 8A-8B Process 800 uses a key generation scheme 700 according to a second illustrative embodiment. As shown, process 800 involves UE 802, a serving network (VPLMN) 810 having AUPF 812 and ACMF (and SEAF) 814, and a home network (HPLMN) 820 having AUSF 822 and UDM (and ARPF and Subscriber Identity De-Hidden Function (SIDF)) 824.
[0092] In step 1, UE 802 hides its SUCI to generate SUPI.
[0093] In step 2, UE 802 sends a registration request to ACMF 814 of the serving network 810.
[0094] An authentication process for UE 802 is performed between the serving network 810 and the home network 820 (as shown in steps 3-9, 14-16b, 17a and 17b) and between the serving network 810 and UE 802 (as shown in steps 10-13).
[0095] In steps 16c-16e, UE 802 and ACMF 814 independently obtain K SEAF Generate the same K ACMF From K ACMF Generate the same K CPenc and K CPint And from K ACMF Generate the same K AUPF (For example, as mentioned above) Figure 7 (As described in the context).
[0096] In step 18a, ACMF 814 sends a message with K to AUPF 812. AUPF The initial security context setting request.
[0097] In step 18b, UE 802 and AUPF 812 independently from K AUPF Generate the same K UPenc and K UPint .
[0098] In step 18c, UE 802 and AUPF 812 use K UPenc and K UPint To establish a secure data communication channel.
[0099] Therefore, in some embodiments, an apparatus includes at least one processor and at least one memory storing instructions that, when executed by the at least one processor, cause the apparatus to at least: generate the same first cryptographic value independently of generating a first cryptographic value at a first network entity in a first communication network, wherein the first network entity includes access control and mobility functions, and the first cryptographic value is derived from a cryptographic value for a security anchor function; generate the same set of one or more user plane cryptographic values from the first cryptographic value independently of generating a set of one or more user plane cryptographic values at the first network entity; and use the set of one or more user plane cryptographic values to securely communicate with a second network entity in the first communication network, wherein the second network entity includes access user plane functions.
[0100] In some other embodiments, the device may further be configured to generate the same set of one or more control plane cryptographic values from a first cryptographic value, independently of generating a set of one or more control plane cryptographic values at the first network entity. The first cryptographic value may be K. ACMF A set of one or more user plane cryptographic values may include a user plane encryption key and a user plane integrity key. A set of one or more control plane cryptographic values may include a control plane encryption key and a control plane integrity key. Parameters used to generate one or more of the user plane encryption key, user plane integrity key, control plane encryption key, and control plane integrity key may include one or more of the following: algorithm type distinguisher, algorithm identifier, length of the algorithm type distinguisher, and length of the algorithm identifier.
[0101] In some other embodiments, the device may be further configured to generate the same set of one or more control plane cryptographic values from a second cryptographic value, independently of generating such a set at the first network entity. The first cryptographic value can be derived from the second cryptographic value. The first cryptographic value may be K. AUPF And the second password value can be K. ACMF .
[0102] In some other embodiments, at least one processor and at least one memory are part of a user device.
[0103] In some other embodiments, a method includes: generating the same first cryptographic value independently of a user equipment and a first network entity in a first communication network, wherein the first network entity includes access control and mobility functions, and the first cryptographic value is derived from a cryptographic value for a security anchor function; generating the same set of one or more user plane cryptographic values from the first cryptographic value independently of a set of one or more user plane cryptographic values generated at the first network entity; and using the set of one or more user plane cryptographic values to securely communicate with a second network entity in the first communication network, wherein the second network entity includes access user plane functions.
[0104] In some embodiments, an apparatus includes at least one processor and at least one memory storing instructions that, when executed by the at least one processor, cause the apparatus to at least: generate the same first cryptographic value as generated at a user equipment connected to a first communication network, wherein the apparatus includes access control and mobility functions of the first communication network, and the first cryptographic value is derived from a cryptographic value for a security anchor function; generate the same set of one or more user plane cryptographic values from the first cryptographic value as generated at the user equipment, independently of generating one or more sets of user plane cryptographic values; and send the set of one or more user plane cryptographic values to the access user plane functions of the first communication network to enable secure communication with the user equipment.
[0105] In some embodiments, a method includes: generating the same first cryptographic value independently of a first network entity of a first communication network and generating a first cryptographic value at a user equipment connected to the first communication network, wherein the first network entity includes access control and mobility functions of the first communication network, and the first cryptographic value is derived from a cryptographic value for a security anchor function; generating the same set of one or more user plane cryptographic values from the first cryptographic value independently of generating a set of one or more user plane cryptographic values at the user equipment; and sending the set of one or more user plane cryptographic values to an access user plane function of the first communication network to enable secure communication with the user equipment.
[0106] In some embodiments, an apparatus includes at least one processor and at least one memory storing instructions that, when executed by the at least one processor, cause the apparatus to at least: generate the same first cryptographic value as generated at a user equipment connected to a first communication network, wherein the apparatus includes access control and mobility functions of the first communication network, and the first cryptographic value is derived from a cryptographic value for a secure anchor function; generate the same set of one or more control plane cryptographic values as the first cryptographic value as generated at the user equipment; generate the same second cryptographic value as the second cryptographic value as generated at the user equipment, wherein the second cryptographic value is derived from the first cryptographic value; and transmit the second cryptographic value to the access user plane function of the first communication network to enable the generation of one or more user plane cryptographic values for secure communication with the user equipment. For example, in some embodiments, the first cryptographic value is a key K. ACMF And the second password value is the key K. AUPF .
[0107] In some embodiments, a method includes: generating the same first cryptographic value independently of a first network entity of a first communication network and generating a first cryptographic value at a user equipment connected to the first communication network, wherein the first network entity includes access control and mobility functions of the first communication network, and the first cryptographic value is derived from a cryptographic value for a secure anchor function; generating the same set of one or more control plane cryptographic values from the first cryptographic value independently of generating one or more control plane cryptographic values at the user equipment; generating the same second cryptographic value independently of generating a second cryptographic value at the user equipment, wherein the second cryptographic value is derived from the first cryptographic value; and sending the second cryptographic value to an access user plane function of the first communication network by the first network entity to enable the generation of one or more user plane cryptographic values for secure communication with the user equipment.
[0108] In some embodiments, an apparatus includes at least one processor and at least one memory storing instructions that, when executed by the at least one processor, cause the apparatus to at least: generate a set of one or more user plane keys independently of access control and mobility functions associated with a serving network to which the apparatus is connected; and, in the absence of a secure access network security context, use the set of one or more user plane keys to establish a secure communication channel with the access user plane functions of the serving network.
[0109] In some other embodiments, the parameters used to generate a set of one or more user plane keys may include one or more of the following: an algorithm type distinguisher, an algorithm identifier, the length of the algorithm type distinguisher, and the length of the algorithm identifier. A set of one or more user plane keys may include a user plane encryption key and a user plane integrity key. The device may further be configured to: encrypt user plane data using the user plane encryption key; and send the encrypted user plane data to the user plane access function. The device may further be configured to: protect the integrity of user plane data using the user plane integrity key; and send the integrity-protected user plane data to the user plane access function.
[0110] In some embodiments, a method includes: independently generating a set of one or more user plane keys by a user equipment and access control and mobility functions associated with a serving network to which the user equipment is connected; and, in the absence of an access network security context, having the user equipment use the set of one or more user plane keys to establish a secure communication channel with the access user plane functions of the serving network.
[0111] In some embodiments, an apparatus includes at least one processor and at least one memory storing instructions that, when executed by the at least one processor, cause the apparatus to at least: generate a set of one or more user plane keys independently of an access user plane function associated with a serving network to which the apparatus is connected; and, in the absence of a secure access network security context, use the set of one or more user plane keys to establish a secure communication channel with the access user plane function of the serving network.
[0112] In some embodiments, a method includes: independently generating a set of one or more user plane keys by a user equipment and an access user plane function associated with a serving network to which the user equipment is connected; and, in the absence of a network security context for the access user plane, using the set of one or more user plane keys to establish a secure communication channel with the access user plane function of the serving network.
[0113] In some embodiments, an apparatus includes at least one processor and at least one memory storing instructions that, when executed by the at least one processor, cause the apparatus to at least: receive a set of one or more user plane keys from an access control and mobility function in a serving network to which the user equipment is connected; and, in the absence of a secure access network security context, use the set of one or more user plane keys to establish a secure communication channel with the user equipment. For example, in some embodiments, the at least one processor and the at least one memory are part of the access user plane function of the serving network.
[0114] In some embodiments, an apparatus includes at least one processor and at least one memory storing instructions that, when executed by the at least one processor, cause the apparatus to at least: receive a key from an access control and mobility function in a serving network to which the user equipment is connected; generate a set of one or more user plane keys based on the key; and, in the absence of a secure access network security context, use the set of one or more user plane keys to establish a secure communication channel with the user equipment. For example, in some embodiments, the at least one processor and the at least one memory are part of the access user plane function of the serving network.
[0115] It will be understood that the specific processing operations and other system functions described in conjunction with the schematic diagrams herein are presented as illustrative examples only and should not be construed as limiting the scope of this disclosure in any way. Alternative embodiments may use other types of processing operations and messaging protocols. For example, in other embodiments, the order of steps may vary, or certain steps may be performed at least partially concurrently with each other, rather than sequentially. Furthermore, one or more steps may be repeated periodically, or multiple instances of these methods may be performed in parallel with each other.
[0116] It should be emphasized again that the various embodiments described herein are given by way of illustrative example only and should not be construed as limiting the scope of the claims. For example, alternative embodiments may utilize different communication system configurations, user equipment configurations, base station configurations, authorization processes, messaging protocols, and message formats than those described above in the context of the illustrative embodiments. These and various other alternative embodiments within the scope of the appended claims will be readily understood by those skilled in the art.
Claims
1. A user equipment, comprising: At least one processor; as well as At least one memory storing instructions, which, when executed by the at least one processor, cause the user equipment to at least: The same first cryptographic value is generated independently of the first cryptographic value generated at the first network entity in the first communication network, wherein the first network entity includes access control and mobility functions, and the first cryptographic value is derived from the cryptographic value used for the security anchor function; Independent of generating one or more user plane password values at the first network entity, generating the same set of one or more user plane password values from the first password value; and Securely communicate with a second network entity of the first communication network using the set of one or more user plane password values, wherein the second network entity includes access user plane functionality.
2. The user equipment according to claim 1, wherein, Furthermore, the user equipment generates the same set of one or more control plane password values from the first password value, independently of generating a set of one or more control plane password values at the first network entity.
3. The user equipment according to claim 2, wherein, The first password value is K ACMF .
4. The user equipment according to claim 2, wherein, The set of one or more user plane cryptographic values includes a user plane encryption key and a user plane integrity key.
5. The user equipment according to claim 4, wherein, The set of one or more control plane cryptographic values includes a control plane encryption key and a control plane integrity key.
6. The user equipment according to claim 5, wherein, The parameters used to generate one or more of the user plane encryption key, the user plane integrity key, the control plane encryption key, and the control plane integrity key include one or more of the following: algorithm type distinguisher, algorithm identifier, length of the algorithm type distinguisher, and length of the algorithm identifier.
7. The user equipment according to any one of claims 1 to 6, wherein, Furthermore, the user equipment generates the same set of one or more control plane password values from the second password values, independently of generating a set of one or more control plane password values at the first network entity.
8. The user equipment according to claim 7, wherein, The first password value is derived from the second password value.
9. The user equipment according to claim 7, wherein, The first password value is K AUPF And the second password value is K ACMF .
10. A method for a user equipment, the method comprising: The same first cryptographic value is generated independently of the first cryptographic value generated at the first network entity in the first communication network, wherein the first network entity includes access control and mobility functions, and the first cryptographic value is derived from the cryptographic value used for the security anchor function; Independent of generating one or more user plane password values at the first network entity, generating the same set of one or more user plane password values from the first password value; and Securely communicate with a second network entity of the first communication network using the set of one or more user plane password values, wherein the second network entity includes access user plane functionality.
11. An apparatus for a first communication network, the apparatus comprising: Access control and mobility functions, which are configured to perform: The same first password value is generated independently of the first password value generated at the user equipment connected to the first communication network, wherein the first password value is derived from the password value used for the security anchor function; Independent of generating one or more user plane password values at the user equipment, generating the same set of one or more user plane password values from the first password value; and Send one or more user plane password values to the access user plane function of the first communication network to achieve secure communication with the user equipment.
12. The apparatus according to claim 11, wherein, Further enabling the access control and mobility functions to perform: generating the same set of one or more control plane password values from the first password value, independently of generating a set of one or more control plane password values at the user equipment.
13. The apparatus according to claim 12, wherein, The first password value is K ACMF .
14. The apparatus according to claim 12, wherein, The set of one or more user plane cryptographic values includes a user plane encryption key and a user plane integrity key.
15. The apparatus according to claim 14, wherein, The set of one or more control plane cryptographic values includes a control plane encryption key and a control plane integrity key.
16. The apparatus according to claim 15, wherein, The parameters used to generate one or more of the user plane encryption key, the user plane integrity key, the control plane encryption key, and the control plane integrity key include one or more of the following: algorithm type distinguisher, algorithm identifier, length of the algorithm type distinguisher, and length of the algorithm identifier.
17. The apparatus according to any one of claims 11 to 17, wherein, The first password value is the key K. ACMF .
18. A method for access control and mobility functions of a first communication network, the method comprising: The same first password value is generated independently of the first password value generated at the user equipment connected to the first communication network, wherein the first password value is derived from the password value used for the security anchor function; Independent of generating one or more user plane password values at the user equipment, generating the same set of one or more user plane password values from the first password value; and Send the set of one or more user plane password values to a second network entity of the first communication network that includes access user plane functionality to achieve secure communication with the user equipment.
19. An apparatus for a first communication network, the apparatus comprising: Access control and mobility functions, which are configured to perform: The same first password value is generated independently of the first password value generated at the user equipment connected to the first communication network, wherein the first password value is derived from the password value used for the security anchor function; A set of one or more control plane password values is generated from the first password value, independently of generating a set of one or more control plane password values at the user equipment. Independent of generating a second password value at the user equipment, an identical second password value is generated, wherein the second password value is derived from the first password value; and The second cipher value is sent to the access user plane function of the first communication network to enable the generation of one or more user plane cipher values for secure communication with the user equipment.
20. The apparatus according to claim 19, wherein, The first password value is the key K. ACMF And the second password value is the key K. AUPF .
21. A method for access control and mobility functions of a first communication network, the method comprising: The same first password value is generated independently of the first password value generated at the user equipment connected to the first communication network, wherein the first password value is derived from the password value used for the security anchor function; A set of one or more control plane password values is generated from the first password value, independently of generating a set of one or more control plane password values at the user equipment. Independent of generating a second password value at the user equipment, an identical second password value is generated, wherein the second password value is derived from the first password value; and The second cipher value is sent to a second network entity of the first communication network that includes access user plane functionality, so that a set of one or more user plane cipher values for secure communication with the user equipment can be generated.