Apparatus, method and computer program for securing the communication between a user equipment and a satellite network

A blockchain-based authentication system with public-private key pairs and Diffie-Hellman key exchanges addresses the security challenges in 6G satellite networks by ensuring only trusted satellites can communicate with user equipment, maintaining network integrity and preventing unauthorized access.

WO2026131766A1PCT designated stage Publication Date: 2026-06-25NOKIA TECHNOLOGIES OY

Patent Information

Authority / Receiving Office
WO · WO
Patent Type
Applications
Current Assignee / Owner
NOKIA TECHNOLOGIES OY
Filing Date
2025-12-16
Publication Date
2026-06-25

AI Technical Summary

Technical Problem

The increasing reliance on satellite networks in 6G Non-Terrestrial Networks introduces significant security challenges due to the dynamic nature of Low Earth Orbit satellites, which serve UEs for brief periods and often belong to different trust domains, creating vulnerabilities to unauthorized access, eavesdropping, and attacks without robust authorization mechanisms.

Method used

A blockchain-based authentication system ensures secure and transparent satellite authorization by using public-private key pairs and Diffie-Hellman key exchanges, logging all authentication steps and session key exchanges on an immutable ledger to maintain end-to-end security and trustworthiness in satellite communications.

Benefits of technology

The solution provides a decentralized, tamper-resistant mechanism to ensure only trusted satellites can communicate with user equipment, preventing unauthorized access and maintaining network integrity during satellite handovers and transitions.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure EP2025087288_25062026_PF_FP_ABST
    Figure EP2025087288_25062026_PF_FP_ABST
Patent Text Reader

Abstract

There is provided an apparatus comprising means for selecting, at a user equipment, a satellite from a group of at least one satellites, determining a key identifier associated with the selected satellite and a private key corresponding to the key identifier, generating a digital signature based on the key identifier, the private key and a random number associated with the satellite, providing the random number associated with the satellite, the key identifier and the digital signature to the selected satellite for verification, in response, receiving a public key of a Diffie-Hellman key pair, a further key identifier, and an encrypted message comprising the random number, a random number associated with the user equipment and a shared secret, decrypting the message based on a private key corresponding to the further key identifier, generating the shared secret using the public key of the Diffie-Hellman key pair, generating a session key based on the random number, the random number associated with the satellite and the shared secret, providing confirmation to the satellite of establishment of the session key, wherein the confirmation is encrypted with the session key and using the session key to secure data transmission with the satellite.
Need to check novelty before this filing date? Find Prior Art

Description

TITLEAPPARATUS, METHOD AND COMPUTER PROGRAMTECHNICAL FIELD

[0001] Various embodiments of this disclosure relate generally to methods, apparatus and computer programs, and in particular, but not exclusively, to satellite authentication, for example, in 6G NTN.BACKGROUND

[0002] A communication system can be seen as a facility that enables communication sessions between two or more communication devices, or provides communication devices access to a network. A mobile or wireless communication network is one example of a communication network. A communication device may be provided with a service by an application server.

[0003] A mobile or wireless communication network may operate in accordance with standard^), such as those provided by 3GPP (Third Generation Partnership Project) or ETSI (European Telecommunications Standards Institute). Examples of mobile or wireless communication network that operate in accordance with 3GPP standards are generally referred to as 4G (4th Generation) networks, 5G (5th Generation) network, 5G-Advanced networks and 6G networks.SUMMARY

[0004] Some embodiments of this disclosure will be described with respect to certain aspects. These aspects are not intended to indicate key or essential features of the various example embodiments of this disclosure, nor are they intended to be used to limit the scope of thereof. Other features, aspects, and elements will be readily apparent to a person skilled in the art in view of this disclosure. For example, it should be appreciated that further aspects may be provided by the combination of any two or more of the various aspects described herein.

[0005] In a first aspect there is provided a method comprising selecting, at a user equipment, a satellite from a group of at least one satellites, determining a key identifier associated with the selected satellite and a private key corresponding to the key identifier, generating a digital signature based on the key identifier, the private key and a random number associated with the satellite, providing the random number associated with the satellite, the key identifier and the digital signature to the selected satellite for verification, in response, receiving a public key of a Diffie-Hellman key pair, a further key identifier, and an encrypted message comprising the random number, a random number associated with the user equipment and a shared secret, decrypting the message based on a private key corresponding to the further key identifier, generating the shared secret using the public key of the Diffie-Hellman key pair, generating a session key based on the random number, the random number associated with the satellite and the shared secret, providingconfirmation to the satellite of establishment of the session key, wherein the confirmation is encrypted with the session key and using the session key to secure data transmission with the satellite.

[0006] The group of at least one satellites may comprise a static group of satellites or a dynamic group of satellites.

[0007] The group of at least one satellites may comprise untrusted satellites. Each satellite of the group may be associated with a common list of key identifiers.

[0008] The key identifier and the further key identifier may be associated with the same or different satellites.

[0009] In a second aspect there is provided a method comprising receiving, at a satellite from a user equipment, a random number associated with the satellite, a key identifier associated with the satellite and a digital signature, wherein the digital signature is generated based on the key identifier associated with the satellite, a private key corresponding to the key identifier associated with the satellite and the random number associated with the satellite, verifying the digital signature, in response to the verifying, generating a Diffie-Hellman key pair and selecting a further key identifier and provisioning a public key for the further key identifier, generating a shared secret based on a private key of the Diffie-Hellman key pair and the public key for the further key identifier, providing a public key of a Diffie-Hellman key pair, the further key identifier and an encrypted message to the user equipment, the encrypted message comprising a random number associated with the user equipment, the random number associated with the satellite and the shared secret, receiving confirmation from the user equipment of establishment of the session key based on the shared secret, wherein the confirmation is encrypted with the session key and using the session key to secure data transmission with the user equipment.

[0010] The key identifier and the further key identifier may be associated with the same or different satellites.

[0011] In a third aspect there is provided an apparatus comprising means for performing the method according to the first or second aspect.

[0012] In a fourth aspect there is provided an apparatus comprising at least one processor, and at least one memory storing instructions which, when executed by the at least one processor, cause the apparatus at least to perform a method according to the first or second aspect.

[0013] In a fifth aspect there is provided a non-transitory computer readable medium comprising instructions wherein the instructions when executed by at least one processor of an apparatus cause the apparatus to perform the method according to the first or second aspect.

[0014] In a sixth aspect there is provided a computer program comprising instructions which, when executed by an apparatus, cause the apparatus to perform at least the method according to the first or second aspect.

[0015] Some embodiments of the invention are defined in the dependent claims.

[0016] In the above, many different aspects have been described. As previously noted, it should be appreciated that further aspects may be provided by the combination of any two or more of the aspects described above (or otherwise in this disclosure).

[0017] Various other aspects are also described in the following detailed description and in the claims.BRIEF DESCRIPTION OF THE FIGURES

[0018] Some embodiments will be described, by way of non-limiting and illustrative example only, with reference to the figures, in which:

[0019] Fig. 1 shows an example of a communication network to which examples disclosed herein may be applied;

[0020] Fig. 2 shows a flowchart of a method according to an example;

[0021] Fig. 3 shows a flowchart of a method according to an example;

[0022] Fig. 4 shows a flowchart of a method according to an example;

[0023] Fig. 5 shows a block diagram of a system according to an example;

[0024] Fig. 6 shows a flowchart of a method according to an example;

[0025] Fig. 7 shows a flowchart of a method according to an example;

[0026] Fig. 8 shows an example signalling flow between a UE and a satellite;

[0027] Fig. 9 shows a block diagram of step 2 of Fig. 8;

[0028] Fig. 10 shows a block diagram of steps 5 and 7 of Fig. 8;

[0029] Fig.11 shows a signalling diagram between a UE, a first satellite, a second satellite and a third satellite according to an example;

[0030] Fig. 12 shows a schematic diagram of example satellite groups;

[0031] Fig. 13 shows an example of an apparatus.DETAILED DESCRIPTION

[0032] The following embodiments are provided by way of non-limiting and illustrative example. Although the specification may refer to “an”, “one”, or “some” embodiment(s) in several locations of the text, this does not necessarily mean that each reference is made to the same embodiment(s), or that a particular feature only applies to a single embodiment. Single features of different embodiments may also be combined to provide other embodiments. Further, when a particular feature, structure, or characteristic is described in connection of an embodiment, it intended such feature, structure, or characteristic may be applied in connection with other embodiments (whether or not explicitly described).

[0033] It shall be understood that although the terms “first,” “second” and the like may be used herein to describe various elements, these elements should not be limited by these terms. These terms are only used to distinguish one element from another.

[0034] For the purposes of this disclosure, the phrases “at least one of A or B”, “at least one of A and B”, and “A and / or B” means (A), (B), or (A and B). For the purposes of this disclosure, the phrase “A, B, and / or C” means (A), (B), (C), (A and B), (A and C), (B and C), or (A, B, and C).

[0035] As used herein, the term “or” refers to a non-exclusive “or” unless otherwise indicated (e.g., use of “or else” or “or in the alternative”).

[0036] As used herein, unless stated explicitly, performing a respective feature, step, or functionality “in response to A” does not indicate that the respective feature, step, or functionality is performed immediately after “A” occurs as one or more intervening features, steps, or functionalities may be performed (at least in part) between an occurrence of the respective feature, step, or function and “A”. Analogously, performing a respective feature, step, or functionality “based on A” does not indicate that the respective feature, step, or functionality is performed solely based on “A” as the respective feature, step, or functionality may be further based on one or more other features, steps, or functionalities in addition to “A”.

[0037] Embodiments described herein may be implemented in a communication network, such as any of the following radio access technologies (RATs): Worldwide Interoperability for Micro-wave Access (WiMAX), Global System for Mobile communications (GSM, 2G), GSM EDGE radio access Network (GERAN), General Packet Radio Service (GRPS), Universal Mobile Telecommunication System (UMTS, 3G) based on basic wideband-code division multiple access (W- CDMA), high-speed packet access (HSPA), Long Term Evolution (LTE), LTE-Advanced, and enhanced LTE (eLTE), 5G (also called NR), or any future RAT such as 6G. Moreover, communication within the communication network may utilize any proper wireless communication technology, comprising but not limited to: Code Division Multiple Access (CDMA), Frequency Division Multiple Access (FDMA), Time Division Multiple Access (TDMA), Frequency Division Duplex (FDD), Time Division Duplex (TDD), Multiple-Input Multiple-Output (MIMO), Orthogonal Frequency Division Multiple (OFDM), and / or Discrete Fourier Transform spread OFDM (DFT-s-OFDM).

[0038] As used herein, the term “network device” or “network node” refers to a node in a communication network via which user equipment may access the network and / or which is configured to control radio communication and managing radio resources within a cell. The network node or network device may be referred to as a base station (BS), an access point (AP) or an access node. The network device may be, depending on the applied technology, for example, a node B (NodeB or NB), an evolved NodeB (eNodeB or eNB), an NR NB (also referred to as a gNB), a Remote Radio Unit (RRU), a radio head (RH), a remote radio head (RRH), a relay, an Integrated Access and Backhaul (IAB) node, a low power node, a non-terrestrial network (NTN) or non-ground network device, such as a satellite network device, a low earth orbit (LEO) satellite and a geosynchronous earth orbit (GEO) satellite, or an aircraft network device.

[0039] Moreover, in connection of split radio access network (RAN), the network device may refer to a centralised unit (CU) of a base station and / or a distributed unit (DU) of a basestation. An interface between CU and DU may be referred to as an F1 interface in NR. In the split RAN architecture, node operations may be carried out, at least partly, in the central / centralized unit, CU, (e.g. server, host or node) operationally coupled to the DU, (e.g. a radio head / node). One CU may control one or more DUs, acting at least as transmit / receive (Tx / Rx) nodes. In some embodiments, the DUs may comprise e.g. a radio link control (RLC), medium access control (MAC) layer and a physical (PHY) layer, whereas the CU may comprise the layers above RLC layer, such as a packet data convergence protocol (PDCP) layer, a radio resource control (RRC) and an internet protocol (IP) layers. Other functional splits are possible too. In practice, any processing task may be performed in either the CU or the DU and the boundary where the responsibility is shifted between the CU and the DU may depend on the applied implementation.

[0040] The term “terminal device” refers to any end device that may be configured to perform wireless communication. By way of example, a terminal device may be referred to as a communication device, user equipment (UE), a Subscriber Station (SS), or a Mobile Station (MS). The terminal device may include a mobile phone, a cellular phone, a smart phone, voice over IP (VoIP) phones, wireless local loop phones a tablet, a wearable terminal device, a personal digital assistant (PDA), portable computers, desktop computer, image capture terminal devices such as digital cameras, gaming terminal devices, music storage and playback appliances, vehiclemounted wireless terminal devices, USB dongles, an Internet of Things (loT) device, a watch or other wearable, a head-mounted display (HMD), a vehicle, a drone, a medical device and applications (e.g., remote surgery), an industrial device and applications (e.g., a robot and / or other wireless devices operating in an industrial and / or an automated processing chain contexts), a consumer electronics device, a device operating on commercial and / or industrial wireless networks, and the like.

[0041] A term “resource”, as used herein, may refer to radio resources in time domain, in frequency domain, in space domain, and / or in code domain. Some examples of resources may include, e.g., a physical resource block (PRB), a radio frame, a subframe, a time slot, a subband, a frequency region, a sub-carrier, a beam, etc. The term “transmission” and / or “reception” may refer to wirelessly transmitting and / or receiving via a wireless propagation channel on radio resources.

[0042] Fig. 1 illustrates an example of a communication network to which examples disclosed herein may be applied. The communication network or a cellular communication network may comprise a network node 110 configured to provide one or more cells, such as cell 100, and a network node 1 12 configured to provide one or more other cells, such as cell 102. Each cell may, for example, be a macro cell, a micro cell, femto, or a pico cell. The cell may define a coverage area or a service area of the corresponding access node.

[0043] The network node (110, 1 12) may be configured to provide a user equipment (UE) 120 (one or more UEs) with wireless access to the communication network. The wireless accessmay comprise downlink (DL) communication from the network node (1 10, 112) to the LIE 120 and uplink (LIL) communication from the LIE 120 to the network node (110, 112). Examples of uplink channels may comprise physical uplink control channel (PLICCH) for transmitting control information and physical uplink shared channel (PUSCH) for transmitting data towards the network. Examples of downlink channels may comprise physical downlink control channel (PDCCH) for transmitting control information and physical downlink shared channel (PDSCH) for transmitting data towards the user equipment (UE).

[0044] There may be a plurality of UEs (120, 122) in the system. Each of the plurality of UEs may be served by the same or by different network nodes (110, 112). UE may be configured with dual connectivity (DC), wherein the UE, for example UE 120, may be connected to multiple network nodes (1 10, 112). The UEs (120, 122) may communicate with each other, in case device- to-device (D2D) communication interface is established between them via a so-called sidelink (SL). Such D2D communications may be referred to as machine-to-machine, peer-to-peer (P2P) communications, or vehicle-to-vehicle (V2V), for example.

[0045] In the case of multiple network nodes in the communication network, the network nodes may be connected to each other via an interface. LTE specifications, for example, refer to such an interface as an X2 interface. An interface between an LTE node and a 5G node, or between two 5G nodes may be called an Xn interface.

[0046] The network nodes 110 and 1 12 may be further connected via another interface to a core network 1 16 of the communication network. The LTE specifications specify the core network as an evolved packet core (EPC), and the core network may comprise a plurality of entities (e.g. a mobility management entity (MME) and a gateway node). The MME may handle mobility of terminal devices in a tracking area encompassing a plurality of cells and handle signalling connections between the terminal devices and the core network. The gateway node may handle data routing in the core network and to / from the terminal devices. The 5G specifications specify the core network as a 5G core (5GC). The 5GC may, for example, comprise an access and mobility management function (AMF) and a user plane function / gateway (UPF) and other functions. The AMF may handle termination of non-access stratum (NAS) signalling, NAS ciphering & integrity protection, registration management, connection management, mobility management, access authentication and authorization, security context management. The UPF node may, for example, support packet routing and forwarding, packet inspection and quality of service (QoS) handling.

[0047] NTNs in 6G may introduce a broader attack surface than traditional 5G networks considering the increased use, heterogeneous networks and increased use of AI / ML. This expanded attack surface may increase the likelihood of cyber threats targeting different components of the network. Regenerative satellites, which process signals onboard rather than relying solely on ground stations, may add another layer of complexity to the security environment.Regenerative satellites are designed to be more autonomous, which may make them attractive targets for sophisticated cyberattacks. If an adversary can hijack or disrupt a regenerative satellite, it could have significant consequences for the network’s operations. Therefore, ensuring the security of these satellites is important for maintaining the overall resilience of the network.

[0048] Unlike traditional terrestrial networks, satellite networks, especially those involving Low Earth Orbit (LEO) satellites, operate in a dynamic environment where satellites continuously move in and out of the coverage area of user equipment (UE). This dynamic nature necessitates frequent handovers between satellites, which may belong to different operators or trust domains. In such an environment, ensuring that only authorized and trusted satellites can communicate with the UE is important for maintaining the security and integrity of the communication links.

[0049] Satellite communications may not always have been designed with strong security measures in mind, e.g., for commercial and lower-cost satellites. Communication links may thus be vulnerable to various threats, including eavesdropping, signal spoofing, and unauthorized access. In the absence of robust authorization mechanisms, malicious actors could exploit these vulnerabilities to intercept, manipulate, or disrupt communications, leading to security breaches.

[0050] In a 6G NTN environment, a mix of trusted and untrusted satellites may be involved in the communication process. Without proper authorization controls, an untrusted, or compromised, satellite could be granted access to sensitive communications, potentially leading to data breaches or denial of service attacks. LEO satellites often serve a UE for a brief period, sometimes as little as 5 to 10 minutes, before handing off to another satellite. Each handover may present an opportunity for unauthorized access if robust authorization mechanisms are not in place.

[0051] A first trust domain may involve different operators. The operators may need to collaborate or share resources. There may be vulnerabilities such as misconfigured security settings, outdated software, or insufficient security measures

[0052] A second trust domain may involve ground stations. A compromised ground station could manipulate the data being sent to satellites, potentially disrupting services or relaying false information to other network components.

[0053] A third trust domain may involve a service provider. A service provider offering satellite-based internet could be targeted with a man-in-the-middle attack, compromising the integrity of the data being transmitted.

[0054] The increasing reliance on satellites in 6G Non-Terrestrial Networks may introduce significant security challenges, e.g., regarding the authorization of satellites to communicate with user equipment (UE). Given the dynamic nature of LEO satellites, which serve UEs for brief periods and often belong to different trust domains, a lack of inherent security in satellite communication links may create vulnerabilities to unauthorized access, eavesdropping, and attacks. The diversity in trust levels among satellites and the complexities of cross-domain trust may furthercomplicate the authorization process. Without a robust authorization mechanism, untrusted or compromised satellites could gain access to sensitive communications, leading to security breaches. Therefore, there is an urgent need for a decentralized, transparent, and tamper-resistant authorization system that ensures only trusted satellites can communicate with UEs, with blockchain technology offering a promising solution to address this problem.

[0055] Fig. 2 shows a flowchart of a method according to an example. The method may be performed at an apparatus. The apparatus may comprise, be, or be comprised in a user equipment.

[0056] At 201 , the method comprises performing authentication of a user equipment with a first satellite, wherein performing authentication with the first satellite comprises provision of a public-private key wherein the public-private key is associated with a key identifier of the first satellite and the user equipment.

[0057] At 202, the method comprises switching to a coverage area of a further satellite.

[0058] At 203, the method comprises providing a digital signature to the further satellite for verification, wherein the digital signature is signed by the private key associated with the key identifier of the first satellite and the user equipment.

[0059] At 204, the method comprises receiving an indication from the further satellite that the digital signature has been verified.

[0060] At 205, the method comprises, in response to the received indication, performing authentication of the user equipment with the further satellite.

[0061] Fig. 3 shows a flowchart of a method according to an example. The method may be performed at an apparatus. The apparatus may comprise, be, or be comprised in a satellite.

[0062] At 301 , the method comprises receiving a hash value from a first satellite at a further satellite, wherein the hash value comprises a key identifier associated with the first satellite and a user equipment.

[0063] At 302, the method comprises receiving a digital signature from the user equipment signed by a private key associated with the key identifier of the first satellite and the user equipment.

[0064] At 303, the method comprise verifying the digital signature based on the public key associated with the key identifier of the first satellite and the user equipment.

[0065] At 304, the method comprises, based on the verification, performing authentication of the user equipment with the further satellite.

[0066] Fig. 4 shows a flowchart of a method according to an example. The method may be performed at an apparatus. The apparatus may comprise, be, or be comprised in a satellite.

[0067] At 401 , the method comprises performing authentication of a user equipment with a first satellite, wherein performing authentication comprises generation provision of a public-private key wherein the public-private key is associated with a key identifier of the first satellite andthe user equipment.

[0068] At 402, the method comprises providing a hash value from the first satellite to a further satellite, wherein the hash value comprises the key identifier associated with the first satellite and the user equipment.

[0069] The method may provide a secure and transparent way to manage satellite authorization in a dynamic and complex network environment. The method involves an adaptation of block chain-based authentication. Blockchain adaptation ensures that all communication and key exchanges are transparent, secure, and tamper-proof. An immutable blockchain ledger stores all authentication steps, key generations, and session key exchanges, providing end-to-end security and trustworthiness in satellite-based communications.

[0070] Fig. 5 shows a high level block diagram of an example. The UE moves through different satellites (SAT#1 , SAT#2, SAT#3), i.e., switches from the coverage area of a first satellite to a further satellite. As it does so, the UE performs secure handover procedures by passing hash values and key identifiers. At each new satellite, the UE sends a new digital signature, e.g., provides a digital signature to the further satellite for verification, wherein the digital signature is signed by a private key associated with the key identifier of the first satellite and the user equipment and the satellite verifies it using the previous session’s keys (e.g., based on the public key associated with the key identifier of the first satellite and the user equipment). The UE and each satellite then repeat the key generation and session setup to maintain secure communication. Blockchain ensures that all handover and authentication steps are logged, providing security and transparency throughout the multi-satellite communication.

[0071] Fig. 6 shows a flowchart of a method according to an example. The method may be performed at an apparatus. The apparatus may comprise, be, or be comprised in a UE.

[0072] At 601 , the method comprises selecting, at a user equipment, a satellite from a group of at least one satellites.

[0073] At 602, the method comprises determining a key identifier associated with the selected satellite and a private key corresponding to the key identifier.

[0074] At 603, the method comprises generating a digital signature based on the key identifier, the private key and a random number associated with the satellite.

[0075] At 604, the method comprises providing the random number associated with the satellite, the key identifier and the digital signature to the selected satellite for verification.

[0076] At 605, the method comprises in response, receiving a public key of a Diffie-Hellman key pair, a further key identifier, and an encrypted message comprising the random number, a random number associated with the user equipment and a shared secret.

[0077] At 606, the method comprises decrypting the message based on a private key corresponding to the further key identifier.

[0078] At 607, the method comprises generating the shared secret using the public key ofthe Diffie-Hellman key pair.

[0079] At 608, the method comprises generating a session key based on the random number, the random number associated with the satellite and the shared secret.

[0080] At 609, the method comprises providing confirmation to the satellite of establishment of the session key, wherein the confirmation is encrypted with the session key.

[0081] At 610, the method comprises using the session key to secure data transmission with the satellite.

[0082] Fig. 7 shows a flowchart of a method according to an example. The method may be performed at an apparatus. The apparatus may comprise, be, or be comprised in a satellite.

[0083] At 701 , the method comprises receiving, at a satellite from a user equipment, a random number associated with the satellite, a key identifier associated with the satellite and a digital signature, wherein the digital signature is generated based on the key identifier associated with the satellite, a private key corresponding to the key identifier and the random number associated with the satellite.

[0084] At 702, the method comprises verifying the digital signature.

[0085] At 703, the method comprises in response to the verifying, generating a Diffie-Hellman key pair and selecting a further key identifier and provisioning a public key for the further key identifier.

[0086] At 704, the method comprises generating a shared secret based on a private key of the Diffie-Hellman kay pair and the public key for the further key identifier.

[0087] At 705, the method comprises providing a public key of a Diffie-Hellman key pair, the further key identifier and an encrypted message to the user equipment, the encrypted message comprising a random number associated with the user equipment, the random number associated with the satellite and the shared secret.

[0088] At 706, the method comprises receiving confirmation from the user equipment of establishment of the session key based on the shared secret, wherein the confirmation is encrypted with the session key.

[0089] At 707, the method comprises using the session key to secure data transmission with the user equipment.

[0090] Fig. 8 shows a signalling flow according to an example.

[0091] In step 1 , the UE selects one of the groups based on the available satellites in coverage. This is an example of selecting, at a user equipment, a satellite from a group of at least one satellites.

[0092] In step 2, the UE selects a SAT-UE-KID (key identifier) from the satellite and a corresponding private key (eg: UE-SAT-PRI-Key#4) to authenticate itself. The UE generates a random value (RAND_SAT#1 ) and a digital signature. This is an example of determining a key identifier associated with the selected satellite and a private key corresponding to the key identifier.Blockchain ensures that the selected key pairs are verified and authenticated from a decentralized ledger, preventing any tampering in the key management process.

[0093] In step 3, the UE sends an authentication request to SAT#1 containing the message and a digital signature (DIGI_SIGN). This is an example of generating a digital signature based on the key identifier, the private key and a random number associated with the satellite and providing the random number associated with the satellite, the key identifier and the digital signature to the selected satellite for verification. The message can be timestamped and added to a blockchain to ensure it is immutable and verifiable, enhancing the trustworthiness of the authentication process.

[0094] In step 4, SAT#1 verifies the digital signature, generates a new Diffie-Hellman (DH) key pair (DHpr, DHpu), selects a new SAT-UE-KID (this could be different key identifier than the one proposed by the UE), and selects the corresponding / associated public key (e.g., UE-SAT- PUB-Key#1 ). This is an example of verifying the digital signature and, in response to the verifying, generating a Diffie-Hellman key pair and selecting a further key identifier and provisioning a public key for the further key identifier. The satellite uses blockchain to validate the digital signature and the received keys, ensuring no man-in-the-middle attack. Blockchain stores and verifies the key generation process, adding another layer of trust.

[0095] In step 5, SAT#1 generates a new random value (RAND UE) and session secret (SS_SAT) using the DH private key and UE-SAT-PUB-Key#1 . This key is used to secure the communication channel. The session key (SS_SAT) can be stored and referenced in the blockchain. This is an example of generating a shared secret based on a private key of the Diffie- Hellman kay pair and the public key for the further key identifier.

[0096] In step 6, SAT#1 sends back an encrypted message containing the new session key and the SAT-UE-KID using UE-SAT-KID#1 . The encrypted communication and the session key exchange are timestamped and logged on the blockchain. This is an example of providing a public key of a Diffie-Hellman key pair, the further key identifier and an encrypted message to the user equipment, the encrypted message comprising a random number associated with the user equipment, the random number associated with the satellite and the shared secret

[0097] In step 7, the UE retrieves the private key (UE-SAT-P-Key#1 ), decrypts the message, and generates the session key (SS_SAT) using DH public keys (at UE side, the DH public key and UE-SAT-P-Key#1 is used to generate SS_SAT). The private keys are registered on the blockchain to provide proof of decryption and key validity. Blockchain verifies that only the rightful UE can access the session key. This is an example of generating a session key based on the random number, the random number associated with the satellite and the shared secret

[0098] In step 8, the UE sends a final notification to the SAT, encrypted with the session key, confirming the successful establishment of a session key and recording the successful authentication of the UE.

[0099] In step 9a, the UE finalizes the session key (SS_SAT) for secure communication. The blockchain network can store the cryptographic proof that this session key creation has followed the proper authentication steps, ensuring transparency. This is an example of using the session key to secure data transmission with the satellite.

[0100] In step 9b, SAT#1 similarly creates the session key for secure ongoing communication. Blockchain logs both ends of the communication, allowing traceability and ensuring that both the UE and SAT#1 follow the protocol, preventing tampering. This is an example of using the session key to secure data transmission with the user equipment.

[0101] Fig. 9 shows a block diagram of step 2 in more detail. In this example, the UE creates a hash of the key identifier (example: UE-SAT-KID#4) and the random number associated with the satellite (example: RAND SAT#1 ). The hash is encrypted with the private key associated with key identifier (example: UE-SAT-PRI-Key#4) to create a digital signature (DIGI_SIGN).

[0102] Fig. 10 shows a block diagram of steps 5 and 7 in more detail. In this example, the satellite uses the private key of a Diffie-Hellman pair and the public key of the further key identifier (UE-SAT-PUB-Key#1 ) to generate a shared secret (SSSAT#I). The shared secret, the random number associated with the UE (RANDUE) and a random number associated with the satellite (RANDSAT#I) are encrypted using the key associated with the further key identifier (UE-SAT- KID#1 ).

[0103] At step 7, the public key of the Diffie-Hellman pair is provided to the UE and used with the private key associated with he further ley identifier to generate the shared secret (SSSAT#I). The shared secret, the random number associated with the UE (RANDUE) and the random number associated with the satellite (RANDSAT#I) are then used to generate the session key.

[0104] Fig. 1 1 shows a signalling flow of an example according to Figs 2 to 4.

[0105] In step 10, which is a continuation from the previous steps (steps 1 to 9) shown in Fig. 8, where the UE performs the initial authentication and key generation with the first satellite (SAT#1 ). The initial communication setup between the UE and SAT#1 has been completed, and the UE is ready to move to a second satellite. This is an example of performing authentication of a user equipment with a first satellite, wherein performing authentication with the first satellite comprises provision of a public-private key wherein the public-private key is associated with a key identifier of the first satellite and the user equipment.

[0106] In step 1 1 , as the UE moves between satellite coverage areas (from SAT#1 to SAT#2), SAT#1 passes a hash value (HASH#1 ) and the key identifier (SAT-UE-KID#1 ) to SAT#2. This is an example of providing a hash value from a first satellite (SA#1 ) to a further satellite (SAT#2), wherein the hash value comprises the key identifier associated with the first satellite and the user equipment.

[0107] In step 12a, the UE sends a new digital signature to SAT#2, signed by the private key used in the previous session with SAT#1 (UE-SAT-PRI-Key#1 ). SAT#2 verifies this digitalsignature using the public key stored from SAT#1 's session. Blockchain can verify the UE’s identity and ensure that the private / public key pairs match and have not been altered or compromised. The signature verification ensures continuous security during satellite transitions. This is an example of providing a digital signature to the further satellite for verification, wherein the digital signature is signed by the private key associated with the key identifier of the first satellite (e.g., UE-SAT-PRI-Key#1 ) and the user equipment (e.g., UE-SAT-PRI-Key#1 ).

[0108] In step 12b, UE and SAT#2 repeat the steps previously performed during the initial authentication with SAT#1 (Steps 4 to 9 from the first diagram). This includes generating a new random value, Diffie-Hellman keys, and a session key, ensuring secure communication with SAT#2.

[0109] In step 13, the UE establishes a secure connection with SAT#2 after completing the authentication steps. This marks the completion of the second satellite handover. The UE prepares to transition to a third satellite (SAT#3) as mobility continues.

[0110] The group of at least one satellites may comprises a static group of satellites or a dynamic group of satellites.

[0111] Satellites may belong to any of the three groups- static, dynamic or ungrouped.

[0112] Static grouped satellites are group of trusted satellites especially those used for criticality services such as military communications, the assumption of trust does not eliminate the potential risks posed by malicious entities that may infiltrate the communication path or even the operator's trust domain. These risks necessitate additional layers of security beyond simply trusting the satellite itself. Even though static satellites are part of a known and trusted network, the communication path between the satellite and the ground stations or user equipment (UE) can be vulnerable to interception, jamming, or manipulation by malicious actors. Additionally, operators of these static satellites might be compromised, either through insider threats, supply chain vulnerabilities, or sophisticated attacks targeting their infrastructure. This means that the trust in static satellites must be continuously verified and protected from both internal and external threats.

[0113] Dynamic grouped satellites- are continuously added to the network and may include both trusted and untrusted entities, ensuring proper authentication becomes critical to maintaining the security and integrity of the network. The dynamic nature of these satellite groups introduces several security challenges. New satellites are regularly added, which requires real-time verification of their trustworthiness. Additionally, the presence of both trusted and non-trusted satellites within the same group increases the risk of unauthorized access, data breaches, and other cyber threats. Without proper authentication mechanisms, an untrusted satellite could be mistakenly granted access to the network, leading to potential security breaches.

[0114] Ungrouped Satellites - are inherently more difficult to trust due to their unknown origins, lack of verified credentials, and potential for being compromised or controlled by maliciousentities. Ungrouped satellites represent a significant security challenge in NTN due to their untrusted and unverified status. A blockchain-based solution can provide a robust framework for managing these risks by enforcing strict authentication, limiting access, and continuously monitoring satellite activities. The group of at least one satellites may comprise untrusted satellites. Each satellite of the group may be associated with a common list of key identifiers.

[0115] Table 1 and Fig. 12 shows the configuration available at SAT and UE / USIM in case of each group. For static and dynamic groups, the configuration details are the same except in the case of a static group, the of satellite IDs is pre-configured and which changes infrequently. For the dynamic grouping case, the list of Satellites changes frequently and may need an update, e.g., every 4 hours.

[0116] Fig. 13 shows, by way of example, a block diagram of an apparatus 10. The apparatus 10 comprises, for example, at least one processor 12 and at least one memory 14 storing instructions 15 that, when executed by the at least one processor, cause the apparatus 10 at least to perform the method or methods (or portion(s) thereof) as disclosed herein, and any of the embodiments (or respective portion(s) thereof). In an example, the at least one memory and the instructions (e.g. a computer program code, software), are configured, with the at least one processor, to cause the apparatus 10 to perform the method or methods (or portion(s) thereof) as disclosed herein, and any of the embodiments (or respective portion(s) thereof).

[0117] A processor 12 may comprise circuitry, or be constituted as circuitry or circuitries, the circuitry or circuitries being configured to perform phases of methods in accordance with embodiments described herein.

[0118] As used herein, the term “circuitry” may refer to one or more or all of the following: (a) hardware-only circuit implementations, such as implementations in only analog and / or digital circuitry, and (b) combinations of hardware circuits and software, such as, as applicable: (i) a combination of analog and / or digital hardware circuit(s) with software / firmware and (ii) any portions of hardware processor(s) with software (including digital signal processor(s)), software, andmemory(ies) that work together to cause an apparatus, such as a user equipment, to perform various functions) and (c) hardware circuit(s) and or processor(s), such as a microprocessor(s) or a portion of a microprocessor(s), that requires software (e.g., firmware) for operation, but the software may not be present when it is not needed for operation. This definition of circuitry applies to all uses of this term herein, including in any claims. As a further example, as used herein, the term circuitry also covers an implementation of merely a hardware circuit or processor (or multiple processors) or portion of a hardware circuit or processor and its (or their) accompanying software and / or firmware. The term circuitry also covers, for example and if applicable to the particular claim element, a baseband integrated circuit or processor integrated circuit for a mobile device or a similar integrated circuit in server, a cellular network device, or other computing or network device.

[0119] The memory 14 may be implemented using any suitable data storage technology. The memory may comprise a database for storing data. The memory 14 may, for example, be at least in part external to apparatus 10 but accessible to apparatus 10.

[0120] The instructions 15 may be comprised in a computer readable medium or a non- transitory computer readable medium. A term non-transitory, as used herein, is a limitation of the medium itself (i.e. tangible, not a signal) as opposed to a limitation on data storage persistency (e.g. random access memory, RAM, vs. read only memory, ROM).

[0121] For example, the apparatus 10 is a terminal device, such as a UE. As another example, the apparatus is comprised in such a terminal device, e.g. as a chipset configured to control the terminal device. The apparatus 10 may be caused or configured or comprise means to perform at least the method of Figs. 2 and / or 6 and / or any one or more of the embodiments described herein.

[0122] As another example, the apparatus 10 is a network entity. In another embodiment, the apparatus is comprised in such a network entity, e.g. as a chipset configured to control the network entity. The apparatus 10 may be caused or configured or comprise means to perform at least the method of Figs. 3, 4 and / or 8 and / or any one or more of the embodiments described herein.

[0123] The apparatus may comprise one or more entities of any of protocol layers, such as a MAC entity, an RRC entity, an RLC entity, a PDCP entity or a PHY entity. In some embodiments, the entity is configured to perform at least the method of Figs. 3, 4 and / or 8, and / or any one or more of the embodiments described.

[0124] The apparatus 10 comprises a radio interface 16. The radio interface 16 may provide the apparatus 10 with communication capabilities. The radio interface 16 may comprise a receiver configured to receive information in accordance with at least one cellular or non-cellular standard. The radio interface 16 may comprise a transmitter configured to transmit information in accordance with at least one cellular or non-cellular standard. The receiver may comprise morethan one receiver. The transmitter may comprise more than one transmitter. The radio interface 16 may comprise a transceiver configured to receive and transmit information in accordance with at least one cellular or non-cellular standard. The transceiver may comprise more than one transceiver.

[0125] The apparatus 10 may comprise a user interface 18 comprising, for example, at least one of a keypad, a microphone, a touch display, a display, a speaker, etc. The user interface 18 may be used to control the apparatus by the user. The user interface 18 may be external to the apparatus 10. For example, the apparatus 10 may be connected to another device, such as a computer, either via wireless or wired connection, and the apparatus 10 is controlled by the user via the computer.

[0126] In an embodiment, at least some of the processes described herein may be carried out by an apparatus comprising means for carrying out at least some of the described processes. Means for performing method steps as disclosed herein may include software and / or hardware components of the apparatus 10. For example, the at least one processor 12, the memory 14, and the computer program code form means for carrying out the method or methods (or portion(s) thereof) as disclosed herein, and any of the embodiments (or respective portion(s) thereof). As used herein the term “means” is to be construed in singular form, i.e. referring to a single element, or in plural form, i.e. referring to a combination of single elements. Therefore, terminology “means for [performing A, B, C]”, is to be interpreted to cover an apparatus in which there is only one means for performing A, B and C, or where there are separate means for performing A, B and C, or partially or fully overlapping means for performing A, B, C. Further, terminology “means for performing A, means for performing B, means for performing C” is to be interpreted to cover an apparatus in which there is only one means for performing A, B and C, or where there are separate means for performing A, B and C, or partially or fully overlapping means for performing A, B, C.

[0127] Even though this disclosure has been described above with reference to non-limiting and illustrative examples according to the accompanying figures, it is clear that the scope of this disclosure is not restricted thereto - but can be modified in many different ways. As technology advances, it will become apparent to a person skilled in art as to how the disclosure can be further implemented and / or modified in various ways. Further, it is clear to a person skilled in the art that the embodiments described herein may, but are not required to, be combined in various ways with other embodiments described herein.

Claims

WE CLAIM:1 . An apparatus comprising means for: selecting, at a user equipment, a satellite from a group of at least one satellites; determining a key identifier associated with the selected satellite and a private key corresponding to the key identifier; generating a digital signature based on the key identifier, the private key and a random number associated with the satellite; providing the random number associated with the satellite, the key identifier and the digital signature to the selected satellite for verification; in response, receiving a public key of a Diffie-Hellman key pair, a further key identifier, and an encrypted message comprising the random number, a random number associated with the user equipment and a shared secret; decrypting the message based on a private key corresponding to the further key identifier; generating the shared secret using the public key of the Diffie-Hellman key pair; generating a session key based on the random number, the random number associated with the satellite and the shared secret; providing confirmation to the satellite of establishment of the session key, wherein the confirmation is encrypted with the session key; and using the session key to secure data transmission with the satellite.

2. The apparatus according to claim 1 , wherein the group of at least one satellites comprises a static group of satellites or a dynamic group of satellites.

3. The apparatus according to claim 1 , wherein the group of at least one satellites comprises untrusted satellites and each satellite of the group is associated with a common list of key identifiers.

4. The apparatus according to any of claims 1 to 3, wherein the key identifier and the further key identifier are associated with the same or different satellites.

5. An apparatus comprising means for: receiving, at a satellite from a user equipment, a random number associated with the satellite, a key identifier associated with the satellite and a digital signature,wherein the digital signature is generated based on the key identifier associated with the satellite, a private key corresponding to the key identifier associated with the satellite and the random number associated with the satellite; verifying the digital signature; in response to the verifying, generating a Diffie-Hellman key pair and selecting a further key identifier and provisioning a public key for the further key identifier; generating a shared secret based on a private key of the Diffie-Hellman key pair and the public key for the further key identifier; providing a public key of a Diffie-Hellman key pair, the further key identifier and an encrypted message to the user equipment, the encrypted message comprising a random number associated with the user equipment, the random number associated with the satellite and the shared secret; receiving confirmation from the user equipment of establishment of the session key based on the shared secret, wherein the confirmation is encrypted with the session key; and using the session key to secure data transmission with the user equipment.

6. The apparatus according to claim 5, wherein the key identifier and the further key identifier are associated with the same or different satellites.

7. A method comprising: selecting, at a user equipment, a satellite from a group of at least one satellites; determining a key identifier associated with the selected satellite and a private key corresponding to the key identifier; generating a digital signature based on the key identifier, the private key and a random number associated with the satellite; providing the random number associated with the satellite, the key identifier and the digital signature to the selected satellite for verification; in response, receiving a public key of a Diffie-Hellman key pair, a further key identifier, and an encrypted message comprising the random number, a random number associated with the user equipment and a shared secret; decrypting the message based on a private key corresponding to the further key identifier; generating the shared secret using the public key of the Diffie-Hellman key pair; generating a session key based on the random number, the random number associated with the satellite and the shared secret; providing confirmation to the satellite of establishment of the session key, wherein the confirmation is encrypted with the session key; andusing the session key to secure data transmission with the satellite.

8. A method comprising: receiving, at a satellite from a user equipment, a random number associated with the satellite, a key identifier associated with the satellite and a digital signature, wherein the digital signature is generated based on the key identifier associated with the satellite, a private key corresponding to the key identifier associated with the satellite and the random number associated with the satellite; verifying the digital signature; in response to the verifying, generating a Diffie-Hellman key pair and selecting a further key identifier and provisioning a public key for the further key identifier; generating a shared secret based on a private key of the Diffie-Hellman key pair and the public key for the further key identifier; providing a public key of a Diffie-Hellman key pair, the further key identifier and an encrypted message to the user equipment, the encrypted message comprising a random number associated with the user equipment, the random number associated with the satellite and the shared secret; receiving confirmation from the user equipment of establishment of the session key based on the shared secret, wherein the confirmation is encrypted with the session key; and using the session key to secure data transmission with the user equipment.

9. An apparatus comprising at least one processor, and at least one memory storing instructions which, when executed by the at least one processor, cause the apparatus to perform at least: selecting, at a user equipment, a satellite from a group of at least one satellites; determining a key identifier associated with the selected satellite and a private key corresponding to the key identifier; generating a digital signature based on the key identifier, the private key and a random number associated with the satellite; providing the random number associated with the satellite, the key identifier and the digital signature to the selected satellite for verification; in response, receiving a public key of a Diffie-Hellman key pair, a further key identifier, and an encrypted message comprising the random number, a random number associated with the user equipment and a shared secret; decrypting the message based on a private key corresponding to the further key identifier; generating the shared secret using the public key of the Diffie-Hellman key pair;generating a session key based on the random number, the random number associated with the satellite and the shared secret; providing confirmation to the satellite of establishment of the session key, wherein the confirmation is encrypted with the session key; and using the session key to secure data transmission with the satellite.

10. An apparatus comprising at least one processor, and at least one memory storing instructions which, when executed by the at least one processor, cause the apparatus to perform at least: receiving, at a satellite from a user equipment, a random number associated with the satellite, a key identifier associated with the satellite and a digital signature, wherein the digital signature is generated based on the key identifier associated with the satellite, a private key corresponding to the key identifier associated with the satellite and the random number associated with the satellite; verifying the digital signature; in response to the verifying, generating a Diffie-Hellman key pair and selecting a further key identifier and provisioning a public key for the further key identifier; generating a shared secret based on a private key of the Diffie-Hellman key pair and the public key for the further key identifier; providing a public key of a Diffie-Hellman key pair, the further key identifier and an encrypted message to the user equipment, the encrypted message comprising a random number associated with the user equipment, the random number associated with the satellite and the shared secret; receiving confirmation from the user equipment of establishment of the session key based on the shared secret, wherein the confirmation is encrypted with the session key; and using the session key to secure data transmission with the user equipment.11 . A computer program comprising instructions which, when executed by an apparatus, cause the apparatus to perform at least: selecting, at a user equipment, a satellite from a group of at least one satellites; determining a key identifier associated with the selected satellite and a private key corresponding to the key identifier; generating a digital signature based on the key identifier, the private key and a random number associated with the satellite; providing the random number associated with the satellite, the key identifier and the digital signature to the selected satellite for verification;20in response, receiving a public key of a Diffie-Hellman key pair, a further key identifier, and an encrypted message comprising the random number, a random number associated with the user equipment and a shared secret; decrypting the message based on a private key corresponding to the further key identifier; generating the shared secret using the public key of the Diffie-Hellman key pair; generating a session key based on the random number, the random number associated with the satellite and the shared secret; providing confirmation to the satellite of establishment of the session key, wherein the confirmation is encrypted with the session key; and using the session key to secure data transmission with the satellite.

12. A computer program comprising instructions which, when executed by an apparatus, cause the apparatus to perform at least: receiving, at a satellite from a user equipment, a random number associated with the satellite, a key identifier associated with the satellite and a digital signature, wherein the digital signature is generated based on the key identifier associated with the satellite, a private key corresponding to the key identifier associated with the satellite and the random number associated with the satellite; verifying the digital signature; in response to the verifying, generating a Diffie-Hellman key pair and selecting a further key identifier and provisioning a public key for the further key identifier; generating a shared secret based on a private key of the Diffie-Hellman key pair and the public key for the further key identifier; providing a public key of a Diffie-Hellman key pair, the further key identifier and an encrypted message to the user equipment, the encrypted message comprising a random number associated with the user equipment, the random number associated with the satellite and the shared secret; receiving confirmation from the user equipment of establishment of the session key based on the shared secret, wherein the confirmation is encrypted with the session key; and using the session key to secure data transmission with the user equipment.21