Encrypted indentifiers in a wireless communication system

Abstract

A method and apparatus including units configured to send a request from a first network entity to a user equipment for an identifier and receive a message indicating that a public key is required from the user equipment by the first network entity. The method and apparatus also includes units configured to send, by the first network entity, the public key to the user equipment and receive an encrypted identifier by the first network entity, wherein upon authenticating the public key, the user equipment encrypts at least part of the identifier using the public key, thereby enabling further processing between the network entity and the user equipment.

Claims

1. An apparatus comprising: at least one processor; and at least one memory including computer program code, the at least one processor, the at least one memory, and the computer program code causing the apparatus to at least: send a request, from a network to a user equipment, for an identifier representative of the user equipment, the request including an indicator that the network supports encrypted identifiers, wherein the indicator is provided in a bit of the request; and receive an encrypted identifier by the network from the user equipment, wherein the encrypted identifier includes an encrypted international mobile equipment identity.

2. The apparatus of claim 1, wherein the request comprises an identity request message.

3. The apparatus of claim 1, wherein the identifier is encrypted using a public key sent by the network in response to a message from the user equipment to indicate that the public key is required.

4. A non-transitory computer-readable medium encoded with instructions that, when executed by at least one processor, perform at least the following: sending a request, from a network to a user equipment, for an identifier representative of the user equipment, the request including an indicator that the network supports encrypted identifiers, wherein the indicator is provided in a bit of the request; and receiving an encrypted identifier by the network from the user equipment, wherein the encrypted identifier includes an encrypted international mobile equipment identity.

5. The non-transitory computer readable medium of claim 4, wherein the request comprises an identity request message.

6. The non-transitory computer readable medium of claim 4, wherein the received encrypted identifier includes an indicator showing that the identifier has been encrypted.

7. The non-transitory computer readable medium of claim 6, wherein the indicator shows if a subscriber certificate or access network certificate has been used to encrypt the identifier.

8. The non-transitory computer readable medium of claim 4, wherein the network is a visited network.

9. The non-transitory computer readable medium of claim 4, wherein the identifier is encrypted using a public key sent by the network in response to a message from the user equipment to indicate that the public key is required.

10. The apparatus of claim 1, wherein the received encrypted identifier includes an indicator showing that the identifier has been encrypted.

11. The apparatus of claim 10, wherein the indicator shows if a subscriber certificate or access network certificate has been used to encrypt the identifier.

12. The apparatus of claim 1, wherein the network is a visited network.

13. A method comprising: sending a request, from a network to a user equipment, for an identifier representative of the user equipment, the request including an indicator that the network supports encrypted identifiers, wherein the indicator is provided in a bit of the request; and receiving an encrypted identifier by the network from the user equipment, wherein the encrypted identifier includes an encrypted international mobile equipment identity.

14. The method of claim 13, wherein the request comprises an identity request message.

15. The method of claim 13, wherein the received encrypted identifier includes an indicator showing that the identifier has been encrypted.

16. The method of claim 15, wherein the indicator shows if a subscriber certificate or access network certificate has been used to encrypt the identifier.

17. The method of claim 13, wherein the network is a visited network.

18. The method of claim 13, wherein the identifier is encrypted using a public key sent by the network in response to a message from the user equipment to indicate that the public key is required.

19. The apparatus of claim 1, wherein the encrypted international mobile equipment identity includes a software version number.

20. The non-transitory computer readable medium of claim 4, wherein the encrypted international mobile equipment identity includes a software version number.

21. The method of claim 13, wherein the encrypted international mobile equipment identity includes a software version number.

22. The apparatus of claim 1, wherein the network requests a secret key from a second network for decrypting the encrypted identifier.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

(1) The invention will now be described in further detail, by way of example only, with reference to the following examples and accompanying drawings, in which:

(2) FIG. 1 shows an example of an arrangement in which embodiments may be implemented;

(3) FIG. 2 shows a flowchart illustrating an embodiment;

(4) FIG. 3 shows a signaling flowchart illustrating an embodiment;

(5) FIG. 4 shows a known identity type information element; and

(6) FIG. 5 shows known bit values for the identity type information element.

DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS

(7) Certain embodiments for at least partially protecting identifiers will now be described by way of example with reference to an exemplifying mobile communication system. It is noted that the embodiments are examples only, and that the invention may be embodied in any other suitable form of a communication system. Also, although the following example is given in relation to identifiers such as the international mobile subscriber identity (IMSI) and the international mobile equipment identity (IMEI), the embodiments are also applicable to other identifiers.

(8) A reference is first made to FIG. 1 showing schematically two mobile communication networks 32 and 42. A communication device 30, referred to herein as the user equipment, is in wireless communication with a base station 31 of the network 32. The user equipment is roaming in the network 32, i.e. only visiting network 32, while it is a subscriber to the network 42. Hence the network 42 is referred to below as the home network. Each of the visited and the home network is provided with an appropriate mobility management entity 33 and 43, respectively. The networks are connected via appropriate gateway nodes 34 and 44. It is understood that a mobile network may comprise other elements than those shown, such as various controller and signalling nodes. These, however, are not shown for clarity.

(9) The mobility management entities 33 and 43 are provided with appropriate data processing element 35 and 45 and data storages 36 and 46 for enabling them to perform the operations of the embodiments as described below with reference to FIGS. 2 and 3.

(10) FIG. 2 shows a flowchart illustrating an embodiment.

(11) At step 100 a request is sent from a first network entity to a user equipment for an identifier. At step 102, in response, the user equipment sends a message to the first network entity indicating that a public key is required. At step 104, if the first network entity has an appropriate public key, for example, one which the user equipment can authorize, it may send the public key to the user equipment. Alternatively, the first network element must obtain a suitable public key from a second network entity following the steps below.

(12) At step 106, the first network entity sends a request for a public key to a second network entity. At step 108, the second network entity responds by sending the public key which is forwarded to the user equipment. At step 110, the user equipment then authenticates the public key. At step 112, once authenticated, the user equipment encrypts at least a part of the identifier using the public key and sends the encrypted identifier to the first network entity. At step 114, if the first network entity is capable of decrypting the identifier, it is then decrypted. An intended operation, for example an authentication procedure, may then follow.

(13) However, if decryption is not possible at the first network entity, the second network entity is asked for assistance in decrypting the encrypted identifier. This operation is set out in step 116. The first network entity can either send the encrypted identifier to the second network entity to decrypt the identifier on its behalf. Alternatively, it can request the necessary secret key from the second network entity for decrypting the encrypted identifier itself.

(14) FIG. 3 shows a signalling flowchart illustrating an embodiment implemented in the network arrangement shown in FIG. 1.

(15) A request is sent from the visited mobile management entity 33 to the user equipment 30 for an identifier. In response, the user equipment 30 sends a message to the visited mobile management entity 33 indicating that a public key is required. The visited mobile management entity 33 sends a request for a public key to the home mobile management entity 43. The home mobile management entity 43 responds by sending the public key which is forwarded on to the user equipment 30. The user equipment then authenticates the public key and, once authenticated, the user equipment encrypts at least a part of the identifier using the public key and sends the encrypted identifier to the visited mobile management entity 33. If the visited mobile management entity 33 is capable of decrypting the identifier, it is then decrypted. An intended operation, for example an authentication procedure, may then follow. However, if decryption is not possible at the visited mobile management entity 33 the home mobile management entity 43 is asked for assistance in decrypting the encrypted identifier. A processor of the home mobile management entity 43 may then decrypt the message based on information stored in a data storage thereof and return the identifier in decrypted format to the visited mobile management entity 33. Alternatively, the home mobile management entity 43 only sends back information that is required in the decryption by the visited mobile management entity 33.

(16) Once the visited mobile management entity 33 is in possession of the identifier in decrypted format, the user equipment is served by the visited network in the usual manner.

(17) User privacy, especially location privacy, can be protected by one of the following two examples: 1. The UE asks for a certificate (public key) from the network with an IMSI, where the MSIN part of the IMSI is omitted (for example, the MSIN part may be all zeros) thus not compromising user's privacy. The MCC and MNC parts of the IMSI are valid and based on these parts the network provides a proper (e.g. operator signed) certificate for the UE. The UE must be able to authenticate this certificate, for example, based on Nokia, operator, or trusted third party certificates pre-installed into the device. 2. The UE can use a subscriber certificate issued via the Generic Authentication Architecture (GAA). 3. The UE can use Identity Based Public Keys Cryptography (IBC)

(18) Implementations for the aforementioned examples include: 1. The UE uses an access network certificate signed by the UE's home operator (identified by the MCC and MNC parts of the IMSI) to encrypt the IMSI. 2. The UE uses a public key contained in an operator issued subscriber certificate to encrypt the IMSI.

(19) Embodiments provide an extension of the known identity request protocol. The UE may provide an encrypted identity or query the network to provide a proper public key certificate (e.g. signed with a common CA with the user equipment, like the user's home operator).

(20) In the identity request protocol an Identity Type information element is used to specify which identity is requested. The Identity Type information element is coded as shown in FIGS. 4 and 5. The Identity Type is a type 1 information element.

(21) The user equipment can send an identity response with existing “identity type” value 001 and set the MSIN digits to all zero, indicating that it has sent an IMSI without the MSIN part (“I don't have your certificate, and I don't have a subscriber certificate”). Optionally, the UE may include which options it has to validate a certificate (e.g. indicating that it has a Nokia or trusted third party root certificate).

(22) The network provides a certificate that is signed by a Certificate Authority (e.g. operator, trusted third party, Nokia) that the UE can identify (for example, the UE's home operator identified with the MCC/MNC parts of the IMSI).

(23) The UE's message triggers the network to respond with a new message that includes an access network certificate that the UE can verify. If the UE already has a corresponding access network certificate, then this is an optional step and the UE can provide an encrypted IMSI right away. If the network does not understand the encrypted IMSI, then it can answer as if the UE had requested a certificate.

(24) The UE uses either (A) the access network certificate or (B) a public key contained in the GAA subscriber certificate to encrypt the IMSI and uses the new “identity type” value 110 (“encrypted IMSI”). The encrypted IMSI thus shows if a subscriber certificate or access network certificate has been used to encrypt the IMSI. In case of encrypted IMEI the “identity type” value is 111.

(25) Using an access network certificate requires that the UE has a way to authenticate the certificate, e.g. a common Certificate Authority (CA) such as the home operator.

(26) Using a subscriber certificate requires that the access network contacts the subscribers home Bootstrapping Server Function (BSF) of the Generic Bootstrapping Architecture (GBA) system for IMSI decryption. Thus, the access network acts as a Network Application Function (NAF).

(27) The network queries the BSF or the UE's home operator network (MME or HSS (Home Subscriber Server)) to get a signed access network specific certificate. The BSF may be collocated with the HSS or connected to some other user database.

(28) Identity based public key cryptography (IBC) has proven to be secure in the area of public key cryptography and has the advantage of using identities themselves as public keys. This requires that the public IBC parameters are configured into the UE when provisioned to the customer. IBC allows the UE to take the visited network identity and use it as a public key to encrypt the IMSI (or other information). The benefit in this kind of setup is that the UE does not have to get or store any public keys or certificates. Thus, there is no need to provision certificates from the network to the UEs and to authenticate them in the UE.

(29) The home operator can always decrypt the encrypted IMSI provided that it knows which identity was used to encrypt the MSIN part of the IMSI. Based on the interface between the visited operator and the home operator, the home operator knows which visited network it is communicating with and thus also the identity used to encrypt the IMSI (or actually the MSIN part of the IMSI). As a result, the IBC has also the advantage that the UE authenticates the visited network via the home network before the IMSI is revealed for it.

(30) Thus, while IBC is known to use the recipients identity as a public key when encrypting the data, the usage to protect IMSIs in cellular networks by using the visited network identity as the public key is new, and is extremely suitable for this area, as the home network does not have to provide any keying material for the visited network. Using IBC, certificate chain verification and certificate provisioning is not needed.

(31) One possibility, although optional, is to provide a corresponding private key for the visited network operator to speed up the IMSI decryption process if needed. However, the visited network may need to get quintets for the UE from the home network anyway.

(32) An additional optional feature is that the network requests an encrypted IMSI or pseudonym like P-TMSI (Packet Temporary Mobile Subscriber Identity). In the identity request, the network can ask for a pseudonym (P-TMSI) or encrypted IMSI—new “identity type 2” value 110 (“encrypted IMSI or pseudonym”).

(33) An additional new feature is to use the spare bit 4 in octet 1 in the identity request message to indicate that the network supports encrypted identities (bit is set to 1). This is backwards compatible with UTRAN, as the user equipment that does not support encrypted identities and thus does not care about the spare bit if set to 1 (at least based on the specification, but implementations may differ for example if they do not mask the bit 4 away).

(34) In the identity request, the network can ask for an encrypted IMEI or IMEISV (International Mobile station Equipment Identity and Software Version Number)—new “identity type 2” value 111 (“encrypted IMEI or IMEISV”).

(35) Using certificates which the UE can authenticate may also provide network authentication. Note that the 3G AKA (Authentication and Key Agreement) authentication method does not distinguish between the networks and thus the UE may not be able to verify if it is in the home or a visited network.

(36) Furthermore, when needed, the certificate can be updated.

(37) The required data processing functions may be provided by means of one or more data processor entities. The required processing may be provided in the mobile user equipment or a network element such as the base station transceiver/Node B or equivalent. An appropriately adapted computer program code product may be used for implementing the embodiments, when loaded to a computer or processor. The program code product for providing the operation may be stored on and provided by means of a carrier medium such as a carrier disc, card, or tape. A possibility is to download the program code product via a data network. Implementation may be provided with appropriate software.

(38) While this invention has been particularly shown and described with reference to certain embodiments, it will be understood to those skilled in the art that various changes in form and detail may be made without departing from the scope of the invention.

(39) According to an aspect of the invention there is provided a method in which: in response to a request from a first network entity for an identifier, a message is sent from a user equipment to the first network entity indicating that a public key is required; the first network entity sends the public key to the user equipment; the user equipment authenticates the public key, encrypts at least part of an identifier using the public key, and sends the encrypted identifier to the first network entity.

(40) According to an embodiment, after receiving the message indicating that a public key is required, the first network entity sends a request to a second network entity for the public key and the second network entity sends the public key to the first network entity which forwards it to the user equipment.

(41) According to an embodiment, the message indicating that a public key is required also identifies the second network entity where the public key is stored and the first network entity determines the identity of the second network entity based on the message and sends the request to the second network entity for the public key based on this determination.

(42) According to an embodiment, after receiving the encrypted identifier, the first network entity can either decrypt the identifier or request for assistance in decryption of the identifier from the second network entity.

(43) According to an embodiment, if assistance is requested, either the second network entity decrypts the identifier based on information stored in a data storage thereof and returns the identifier in decrypted format to the first network entity, or the second network entity sends back information that is required in the decryption by the first network entity.

(44) According to an embodiment, the user equipment is able to authenticate the public key using information stored in the user equipment or by sending a request to a validation entity.

(45) According to an embodiment, the information includes one or more certificate authority (CA) root certificates.

(46) According to an embodiment, the message sent from the user equipment to the first network entity indicating that a public key is required also includes an indication of which options the user equipment has available for authenticating public keys.

(47) According to an embodiment, said indication includes which CA root certificates are available to the user equipment.

(48) According to an embodiment, the second network entity is a network entity of the home network of the user equipment.

(49) According to an embodiment, the second network entity is a mobile management entity of the home network.

(50) According to an embodiment, the second network entity is a network entity of a Generic Authentication Architecture (GAA).

(51) According to an embodiment, the public key is contained in an operator issued subscriber certificate.

(52) According to an embodiment, the operator certificate is provided in a subscriber certificate.

(53) According to an embodiment, the subscriber certificate is issued via a Generic Authentication Architecture (GAA).

(54) According to an embodiment, the message sent from the user equipment to the first network entity indicating that a public key is required is an international mobile subscriber identity (IMSI), where a mobile subscriber identification number (MSIN) part of the IMSI is omitted, the first network entity providing the public key based on a mobile country code (MCC) and a mobile network code (MNC) part of the IMSI.

(55) According to an embodiment, the message sent from the user equipment to the first network entity indicating that a public key is required comprises an identity response with an identity type value 001 and MSIN digits all zero, indicating that the user equipment doesn't have a public key.

(56) According to an embodiment, the encrypted identifier sent to the first network entity includes an indicator showing that the identifier has been encrypted.

(57) According to an embodiment, the indicator shows if a subscriber certificate or access network certificate has been used to encrypt the identifier.

(58) According to an embodiment, the request from the first network entity to the user equipment for an identifier includes an indication that the first network entity supports encrypted identifiers.

(59) According to an embodiment, the public key sent from the first network entity to the user equipment is an identifier of the first network entity and the user equipment uses said identifier to encrypt the identifier of the user equipment using identity based cryptography (IBC).

(60) According to an aspect of the invention there is provided a method in which: a request is sent from a network to a user equipment for an identifier; the user equipment uses an identifier of the network as a public key to encrypt the identifier of the user equipment using identity based cryptography (IBC); and the encrypted identifier is sent to the network.

(61) According to an embodiment, the network is a visited network.

(62) According to an embodiment, the identifier is an IMSI.

(63) According to an aspect of the invention there is provided a method in which: a request is sent from a network to a user equipment for an identifier, the request including an indicator that the network supports encrypted identifiers; the user equipment encrypts the identifier; and the encrypted identifier is sent to the network.

(64) According to an embodiment, the indicator is provided in a spare bit of an identity request message.

(65) According to an aspect of the invention there is provided a user equipment adapted to perform the method described above.

(66) According to an aspect of the invention there is provided a network entity adapted to perform the method described above.

(67) According to an aspect of the invention there is provided a communication system adapted to perform the method described above.

(68) According to an aspect of the invention there is provided a computer program comprising program code means adapted to perform the method described above when the program is run on a computer or on a processor.

(69) According to an aspect of the invention there is provided a computer program product comprising program code means stored in a computer readable medium, the program code means being adapted to perform the method described above when the program is run on a computer or on a processor.

Encrypted indentifiers in a wireless communication system

Assignee

Inventors

Cpc classification

Classification Explorer

H04W8/26

ELECTRICITY

Classification Explorer

H04W12/06

ELECTRICITY

Classification Explorer

H04L63/0869

ELECTRICITY

Classification Explorer

H04L9/32

ELECTRICITY

Classification Explorer

H04W12/02

ELECTRICITY

Classification Explorer

H04W12/033

ELECTRICITY

Classification Explorer

H04L63/0414

ELECTRICITY

Classification Explorer

H04L63/0823

ELECTRICITY

Classification Explorer

H04W12/122

ELECTRICITY

International classification

Classification Explorer

H04L9/32

ELECTRICITY

Classification Explorer

H04L29/06

ELECTRICITY

Classification Explorer

H04W12/06

ELECTRICITY

Abstract

Claims

Description