A Method for Authentication a Secure Element Cooperating with a Mobile Equipment within a Terminal in a Telecommunication Network

Abstract

A system and method for authentication of a secure element cooperating with a Mobile Equipment forming a terminal in a telecommunication network is provided. The telecommunication network comprises a SEAF and a AUSF/UDM/ARPF. The method includes generating an anchor key (K.sub.SEAF_SRT) for the communication between the terminal and the SEAF according to 3GPP TS 33.501, wherein the anchor key (K.sub.SEAF_SRT) is indirectly derived from a key (K.sub.SRT) obtained by deriving from the long-term key K and a secure registration token SRT sent by the terminal to the AUSF/UDM/ARPF and concealed with the AUSF/UDM/ARPF public key along with its SUPI in the SUCI. Other embodiments are disclosed.

Claims

1. A method for authentication of a secure element cooperating with a terminal in a telecommunication network, said telecommunication network comprising a SEAF and a AUSF/UDM/ARPF, said method comprising: generating an anchor key (K.sub.SEAF_SRT) for communication between said terminal and the SEAF according to 3GPP TS 33.501, wherein said anchor key (K.sub.SEAF_SRT) is indirectly derived from a key (K.sub.SRT) obtained by derivation from a long-term key K and a secure registration token (SRT) sent by said terminal to said AUSF/UDM/ARPF and concealed with a AUSF/UDM/ARPF public key along with its SUPI in a SUCI.

2. The method according to claim 1 wherein: a. Said terminal performs step of generating said secure registration token (SRT), said SRT is a random number or a sequence number, said sequence number having been increased prior to this process; b. Said terminal performs step of registering to said AUSF/UDM/ARPF by sending said terminal said SUCI containing encryption of in addition to a subscriber identity of said SUPI, said secure registration token (SRT) via said SEAF; c. Said AUSF/UDM/ARPF, upon reception of a registration message responsive to said registering, performs step of retrieving said subscriber identity of said SUPI and said SRT, retrieving by said AUSF/UDM/ARPF the long-term key K associated with said subscriber identity of said SUPI; d. Said AUSF/UDM/ARPF performs step of computing said key K.sub.SRT, said K.sub.SRT is derived from said long-term key K and said SRT, and said AUSF/UDM/ARPF computing an authentication vector (AV.sub.SRT) based on said SRT and said long-term key K, said authentication vector containing a random challenge RAND, an authentication token AUTN.sub.SRT, a first expected challenge response XRES*.sub.SRT and a second expected challenge response HXRES*.sub.SRT, said HXRES*.sub.SRT is derived from said first expected challenge response XRES*.sub.SRT; e. Said AUSF/UDM/ARPF performs step of computing ean anchor key (K.sub.SEAF_SRT) for communication between said terminal and the SEAF according to 3GPP TS 33.501, wherein said anchor key (K.sub.SEAF_SRT) is indirectly derived from said key (K.sub.SRT); f. Said AUSF/UDM/ARPF performs step of sending to said SEAF said authentication vector AV.sub.SRT; g. Said SEAF performs step of storing locally said authentication vector and sending to terminal the random challenge RAND and authentication token AUTN.sub.SRT, thereby producing a locally stored authentication vector, said random challenge RAND and AUTN.sub.SRT are contained in said authentication vector accordingly to 3GPP TS 33.501; h. Said terminal performs step of verifying the validity of received said random challenge RAND and authentication token AUTN.sub.SRT, such validity verification is performed by said terminal by: i. deriving a registration key K.sub.SRT based on a locally stored Secure registration token SRT and a locally stored long-term key K, thereby producing a terminal locally stored long-term key that is stored in the secure element and has same value as said long-term key K stored at UDM/ARPF, ii. computing locally an expected AUTN.sub.SRT based on said terminal locally stored long-term key and said SRT, and iii. checking said expected AUTN.sub.SRT is equal to said AUTN.sub.SRT that is received from said SEAF; i. If said checking step in h.iii is successful, said terminal performs step of computing a challenge response RES*.sub.SRT based on said terminal key K.sub.SRT computed in step h.i and said random challenge RAND received; j. Said terminal performs step of generating another anchor key K.sub.SEAF_SRT for communication between said terminal and said SEAF according to 3GPP TS 33.501, wherein said another anchor key (K.sub.SEAF_SRT) is indirectly derived from said K.sub.SRT obtained by deriving from said terminal long-term key K and said secure registration token SRT; k. Said terminal performs step of sending to said SEAF, said challenge response RES*.sub.SRT computed by said terminal; l. Said SEAF performs step of deriving another HRES*.sub.SRT from received said RES*.sub.SRT and verifying that said HRES*.sub.SRT is equal to said HXRES*.sub.SRT contained in said locally stored authentication vector in step g; m. If said verification in step l is successful, said SEAF performs step of sending said RES*.sub.SRT checked to said AUSF/UDM/ARPF; n. Said AUSF/UDM/ARPF performs step of verifying that said received RES*.sub.SRT from AUSF is equal to said first expected challenge response XRES*.sub.SRT computed in step d; o. If said verification in step n is successful, then said terminal is authenticated by AUSF/UDM/ARPF, and said AUSF/UDM/ARPF sends an authentication result and said K.sub.SEAF_SRT computed in step e to said SEAF, said authentication result indicating a status of authentication of said terminal accordingly to 3GPP TS 33.501; and p. Said terminal and said SEAF thereafter use said another anchor key K.sub.SEAF_SRT for communication as specified in 3GPP TS 33.501.

3. The method according to claim 1 wherein: a. Said terminal performs step of generating said secure registration token (SRT), said SRT is a random number or a sequence number, said sequence number has been increased prior to this process; b. Said terminal performs step of registering to said AUSF/UDM/ARPF by sending said SUCI of said terminal containing encryption of in addition to said SUPI identifying said terminal, said secure registration token (SRT) via said SEAF; c. Said AUSF/UDM/ARPF upon reception of a registration message responsive to said registering, performs step of retrieving a subscriber identity of said SUPI and said SRT, retrieving by said AUSF/UDM/ARPF the long-term key K associated with said subscriber identity of said SUPI; d. Said AUSF/UDM/ARPF performs step of generating a random challenge RAND, deriving from said long-term key K and said random challenge RAND, an authentication token AUTN, a first expected challenge response XRES*, a first ciphering key CK, a first integrity key IK and a second expected challenge response HXRES*, said HXRES* being derived from first expected challenge response XRES* as specified in 3GPP TS 33.501; e. Said AUSF/UDM/ARPF performs step of generating a second ciphering key CK.sub.SRT and a second integrity key IK.sub.SRT, said second ciphering key CK.sub.SRT is derived from the first ciphering key QK and said SRT, and said second integrity key IK.sub.SRT derived from said first integrity key IK and said SRT; f. Said AUSF/UDM/ARPF performs step of computing an anchor key (K.sub.SEAF_SRT) for communication between said terminal and the SEAF according to 3GPP TS 33.501, wherein said anchor key is derived from a key (K.sub.AUSF_SRT), wherein said K.sub.AUSF_SRT is derived from said CK.sub.SRT and IK.sub.SRT; g. Said AUSF/UDM/ARPF performs step of sending to said SEAF an authentication vector AV.sub.SRT; h. Said SEAF performs step of storing locally said authentication vector and sending to said terminal said random challenge RAND and said authentication token AUTN, thereby producing a locally stored authentication vector, said random challenge RAND and AUTN are contained in said authentication vector accordingly to 3GPP TS 33.501 computed in step g; i. Said Terminal performs step of verifying validity of received said random challenge RAND and authentication token AUTN, such validity verification is performed by said terminal by: i. deriving from terminal locally stored long-term key K and said random challenge RAND received, an expected authentication token XAUTN, a terminal challenge response RES*, a first terminal ciphering key CK, a first terminal integrity key IK as specified in 3GPP TS 33.501; ii. Terminal-generating a second terminal ciphering key CK.sub.SRT and a second terminal integrity key IK.sub.SRT, said second terminal ciphering key is derived from the first terminal ciphering key and said SRT, and said second terminal integrity key is derived from said first terminal integrity key and said SRT; iii. computing another terminal anchor key (K.sub.SEAF_SRT) for the communication between said terminal and the SEAF according to 3GPP TS 33.501, wherein said another terminal anchor key is derived from a terminal key (K.sub.AUSF_SRT), wherein said terminal key (K.sub.AUSF_SRT) is derived from said terminal ciphering key CK.sub.SRT and terminal integrity key IK.sub.SRT; j. If said verification in step i is successful, said terminal performs step of sending to said SEAF, said terminal challenge response RES* computed by said terminal; k. Said SEAF performs step of deriving another HRES* from received said RES* and verifying that said another HRES* is equal to said HXRES* contained in said locally stored authentication vector in step h; I. If said verification in step k is successful, said SEAF performs step of sending said RES* successfully checked to said AUSF/UDM/ARPF; m. Said AUSF/UDM/ARPF performs step of verifying that said RES* received in step l from said AUSF is equal to said first expected challenge response XRES* computed in step d; n. If said verification in step m is successful, then said terminal is authenticated by AUSF/UDM/ARPF, and said AUSF/UDM/ARPF performs the step of sending an authentication result and said K.sub.SEAF_SRT computed in step f to said SEAF, said authentication result indicating a status of authentication of said terminal accordingly to 3GPP TS 33.501; and o. Said terminal and said SEAF thereafter use said K.sub.SEAF_SRT for communication as specified in 3GPP TS 33.501.

4. A method according to claim 1 wherein said secure registration token is a random number.

5. A method according to claim 1, wherein said secure registration token is modified by said secure element at each authentication request.

6. A secure element cooperates with a Mobile Equipment within a terminal in a telecommunication network, said telecommunication network comprising a SEAF and a AUSF/UDM/ARPF, wherein said secure element performs step of: generating a secure registration token (SRT) sent by said terminal to said AUSF/UDM/ARPF and concealed with a AUSF/UDM/ARPF public key along with its SUPI in a SUCI, in order that said AUSF/UDM/ARPF generates an anchor key (K.sub.SEAF_SRT) for communication between said terminal and said SEAF according to 3GPP TS 33.501, wherein said anchor key (K.sub.SEAF_SRT) is indirectly derived from a key (K.sub.SRT) obtained by deriving a long-term key K by said secure element and a secure registration token (SRT) sent by said terminal to said AUSF/UDM/ARPF and concealed with the AUSF/UDM/ARPF public key along with its SUPI in the SUCI.

7. An AUSF/UDM/ARPF of a telecommunication network comprising a SEAF and a secure element cooperates with a Mobile Equipment within a terminal in said telecommunication network, wherein said AUSF/UDM/ARPF performs step of: receiving a secure registration token (SRT) sent by said secure element along with its SUPI concealed in a, SUCI, in order that said AUSF/UDM/ARPF generates an anchor key (K.sub.SEAF_SRT) for communication between said terminal and said SEAF according to 3GPPTS 33.501, wherein said anchor key (K.sub.SEAF_SRT) is indirectly derived from a key (K.sub.SRT) obtained by deriving a long-term key K by said secure element and a secure registration token (SRT) sent by said terminal to said AUSF/UDM/ARPF and concealed with a AUSF/UDM/ARPF public key along with its SUPI in the SUCI.

8. The method of claim 1, wherein said secure element performs step of: generating said secure registration token (SRT) sent by said terminal to said AUSF/UDM/ARPF and concealed with said AUSF/UDM/ARPF public key along with its SUPI in said SUCI, in order that said AUSF/UDM/ARPF operates said anchor key (K.sub.SEAF_SRT) for communication between said terminal and said SEAF according to 3GPP IS 33.501.

9. The method of claim 8, wherein said AUSF/UDM/ARPF performs step of: receiving said secure registration token (SRT) sent by said secure element along with its SUPI concealed in said SUCI, in order that said AUSF/UDM/ARPF generates said anchor key (K.sub.SEAF_SRT) for communication between said terminal and said SEAF according to 3GPP TS 33.501.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

[0029] The features of the present invention, which are believed to be novel, are set forth with particularity in the appended claims. The invention, together with further objects and advantages thereof, may best be understood by reference to the following description, taken in conjunction with the accompanying drawings, in the several figures of which like reference numerals identify like elements, and in which:

[0030] FIG. 1 illustrates a flowchart explaining how authentication typically occurs in a 5G environment;

[0031] FIG. 2 illustrates how a SUCI (Subscription Concealed Identifier) may be generated;

[0032] FIG. 3 illustrates how an AUTN message is generated and the resulting AV;

[0033] FIG. 4 illustrates a first preferred embodiment of the invention, wherein a UE cooperating with an improved secure element exchanges messages with a SEAF and an improved AUSF/UDM/ARFP; and

[0034] FIG. 5 illustrates a second preferred embodiment of the invention, comprising same elements as in FIG. 4, but where the UE and the AUSF/UDM/ARPF have another behavior, thereby performing different method steps than those of the UE and the AUSF/UDM/ARPF shown in FIG. 4.

DETAILED DESCRIPTION

[0035] While the specification concludes with claims defining the features of the invention that are regarded as novel, it is believed that the invention will be better understood from a consideration of the following description in conjunction with the drawing figures, in which like reference numerals are carried forward.

[0036] As required, detailed embodiments of the present invention are disclosed herein; however, it is to be understood that the disclosed embodiments are merely exemplary of the invention, which can be embodied in various forms. Therefore, specific structural and functional details disclosed herein are not to be interpreted as limiting, but merely as a basis for the claims and as a representative basis for teaching one skilled in the art to variously employ the present invention in virtually any appropriately detailed structure. Further, the terms and phrases used herein are not intended to be limiting but rather to provide an understandable description of the invention.

[0037] For the purpose of this document the expressions terminal and User Equipment (UE) are used undifferentiated. The terminal or UE is composed of a Mobile Equipment and a secure element (xUICC) cooperating with the Mobile Equipment.

[0038] A list of acronyms referenced herein is provided, also available from the 3GPP specification TS 33.501, for example the version V15.3.1 dated 2018-12 for 5G networks, already incorporated by reference into this application in a preceding section.

Acronyms

[0039] AK—Anonymity Key [0040] AKA—authentication and key agreement [0041] AMF—Authentication Management Field [0042] ARPF—Authentication Credential Repository and Processing Function [0043] AUSF—Authentication Server Function [0044] AV—Authentication Vector [0045] CK—Cipher Key [0046] HRES—Hash Response [0047] HXRES—Hash Expected Response [0048] IK—Integrity Key [0049] MAC—Message Authentication Code [0050] ME—Mobile Equipment [0051] RAND—Random [0052] RES—Response [0053] SEAF—Security Anchor Function [0054] SUCI—Subscription Concealed Identifier [0055] SUPI—Subscription Permanent Identifier [0056] SRT—Secure Registration Token [0057] SQN—Sequence Number Counter [0058] UDM—Unified Data Management [0059] UE—User Equipment [0060] USIM—Universal SIM [0061] XAUTN—Expected Authentication Token [0062] XRES—Expected Response

[0063] FIG. 4 illustrates a first preferred embodiment, wherein a UE cooperating with an improved secure element exchanges messages with a SEAF and an improved AUSF/UDM/ARFP.

[0064] In this figure, a UE 30 composed of a Mobile Equipment (ME) cooperating with an improved secure element exchanges messages with a SEAF 31 (identical to SEAF 21 of FIG. 1) and an improved AUSF/UDM/ARFP 32.

[0065] The principle embodiments of the invention rely on deriving the pre-share secret key K based on a secure registration token (SRT) sent by the UE 30 (USIM) to the AUSF/UDM/ARPF 32, encrypted with the AUSF/UDM/ARPF 32 public key. Preferably, the secure registration token is a random number.

[0066] In a first step 40, the UE 30 sends to the AUSF/UDM/ARPF 32 through the SEAF 31 a SUCI comprising at least the MCC/MNC codes of the AUSF/UDM/ARPF 32, the MSIN and the secure registration token SRT cyphered with the public key of the AUSF/UDM/ARPF 32 and a key identifier of the key (for example for each one of a group of users). The secure registration token is preferably generated by the secure element.

[0067] The SUPI is for example an IMSI or a Network Specific identity in the form of a Network Access Identifier. For the purpose of this document IMSI and SUPI are used interchangeably and undifferentiated. The SRT is for instance a random number or a sequence number (this sequence number has been increased prior to this process). The SRT is concealed, along with the SUPI, in the SUCI by the public key of the AUSF/UDM/ARFP 32. So, the SRT is encrypted. In a second step 41, the AUSF/UDM/ARFP 32, upon reception of the registration message, retrieves the subscriber identity (the IMSI) and the SRT. From the IMSI, it retrieves the long-term key K associated to this IMSI.

[0068] Then, the AUSF/UDM/ARFP 32 generates thanks to the long-term key K and the SRT a key K.sub.SRT. So K.sub.SRT is derived from the long-term key K and SRT.

The AUSF/UDM/ARFP 32 then generates a random challenge RAND and from K.sub.SRT and RAND, generates an AUTN.sub.SRT, a first expected challenge response XRES*.sub.SRT and keys CK.sub.SRT (for confidentiality protection) and IK.sub.SRT (for integrity protection). From the first expected challenge response XRES*.sub.SRT the AUSF/UDM/ARFP 32 generates a second expected challenge response HXRES*.sub.SRT. From the keys CK.sub.SRT and IK.sub.SRT, the AUSF/UDM/ARFP 32 generates an anchor key (K.sub.SEAF_SRT) for the communication between the terminal 30 and the SEAF 31 according to 3GPP TS 33.501, wherein the anchor key is derived from an intermediate key K.sub.AUSF_SRT obtained from the keys CK.sub.SRT and IK.sub.SRT.

[0069] The AUSF/UDM/ARPF 32 then sends at step 42 an authentication vector AV.sub.SRT to the SEAF 31 containing RAND, AUTN.sub.SRT and HXRES*.sub.SRT. At step 43, the SEAF 31 stores locally the authentication vector and sends to UE 30 the RAND and authentication token AUTN.sub.SRT. The UE 30 then generates on its side, like the AUSF/UDM/ARFP 32, K.sub.SRT, the authentication token AUTN.sub.SRT, RES*.sub.SRT, CK.sub.SRT and IK.sub.SRT. It verifies also if AUTN.sub.SRT equals XAUTN.sub.SRT and generates K.sub.AUSF_SRT from the keys CK.sub.SRT and IK.sub.SRT and therefrom K.sub.SEAF_SRT.

[0070] So, at this step 44, the UE 30 verifies the validity of the received challenge RAND and authentication token AUTN.sub.SRT, this validity verification being performed by the terminal UE 30 by: [0071] Deriving a registration key K.sub.SRT based on the locally stored secure registration token SRT and the locally stored long-term key K, [0072] Computing locally expected XAUTN.sub.SRT based on the terminal locally stored long-term key and the SRT, [0073] Checking the expected XAUTN.sub.SRT is equal to the received AUTN.sub.SRT from the SEAF 31; [0074] If this checking is successful (AUTN.sub.SRT equals XAUTN.sub.SRT), the terminal 30 computes the challenge response RES*.sub.SRT based on the terminal key K.sub.SRT computed previously and the received challenge RAND; [0075] The terminal 30 generates another anchor key K.sub.SEAF_SRT for the communication between the terminal 30 and the SEAF 31 according to 3GPP TS 33.501, wherein the anchor key is indirectly derived from K.sub.SRT obtained by derivation from the terminal 30 long-term key K and the secure registration token SRT.

[0076] The check of XAUTN.sub.SRT being equal to AUTN.sub.SRT is a shortcut in this description. In fact, the USIM realizes the following steps: [0077] It computes the value of the SQN from the content of the AUTN; [0078] It computes XMAC; [0079] It verifies if XMAC is equal to MAC; [0080] It verifies the validity of the SQN.

[0081] At the next step 45, the UE 30 sends to the SEAF 31 the challenge response RES*.sub.SRT computed by the UE 30. At step 46, the SEAF 31 derives another HRES*.sub.SRT from the received RES*.sub.SRT and verifies that the HRES*.sub.SRT is equal to the HXRES*.sub.SRT contained in the locally stored authentication vector in step 42. If this verification step is successful, the SEAF 31 sends at step 47 the successfully checked RES*.sub.SRT to the AUSF/UDM/ARPF 32.

[0082] At step 48, the AUSF/UDM/ARPF 32 verifies that said received RES*.sub.SRT from AUSF 31 is equal to the expected challenge response XRES*.sub.SRT computed before. If they correspond, the AUSF/UDM/ARPF 32 considers that the UE 30 is authenticated and sends at step 49 the authentication result and the K.sub.SEAF_SRT to the SEAF 31, this authentication result indicating the status of the authentication of the terminal 30 accordingly to 3GPP TS 33.501. After that, the SEAF 31 and the UE 30 can use the anchor key K.sub.SEAF_SRT for communication as specified in 3GPP TS 33.501.

[0083] As thus explained, the embodiment of the invention above relies on the use of an anchor key K.sub.SEAF_SRT generated by the UE 30 indirectly derived from a key K.sub.SRT obtained by derivation from the long-term key K and a secure registration token SRT sent by the secure element/terminal 30 to the AUSF/UDM/ARPF 32 and concealed with the AUSF/UDM/ARPF public key along with the terminal/secure element SUPI in the SUCI.

[0084] FIG. 5 illustrates a second preferred embodiment, comprising same elements as in FIG. 4, but where the UE and the AUSF/UDM/ARPF have another behavior, thereby performing different method steps than those of the UE and the AUSF/UDM/ARPF shown in FIG. 4.

[0085] The SEAF 31 is the same as in FIG. 4 but the UE and the AUSF/UDM/ARPF are referenced 33 and 34 respectively as they have another behavior: At step 40, the UE 33 sends to the AUSF/UDM/ARPF 34 the same SUCI as in FIG. 4. This means that the UE 33 generates and sends a secure registration token (SRT), the SRT being for instance a random number or a sequence number, the sequence number having been increased prior to this process. The terminal 33 tries to register to the AUSF/UDM/ARPF 34 by sending the terminal SUCI containing encryption of in addition to the subscriber identity (SUPI), the secure registration token SRT through the SEAF 31.

[0086] At step 60, the AUSF/UDM/ARPF 34, upon reception of the registration message retrieving the terminal identity and the SRT, retrieves the long-term key K associated with the subscriber identity (IMSI or another unique reference of the secure element/terminal). The AUSF/UDM/ARPF 34 then generates a random challenge RAND. It derives from the long-term key K and the RAND, the authentication token AUTN, the expected challenge response XRES*, ciphering key CK, integrity key IK and a second expected challenge response HXRES*, the HXRES* being derived from first expected challenge response XRES* as specified in 3GPP TS 33.501.

[0087] The AUSF/UDM/ARPF 34 then generates a second ciphering key CK.sub.SRT and a second integrity key IK.sub.SRT, the second ciphering key being derived from the first ciphering key and the SRT, and the second integrity key being derived from the first integrity key and the SRT. The AUSF/UDM/ARPF 34 then computes the anchor key (K.sub.SEAF_SRT) for the communication between the terminal and the SEAF 31 according to 3GPP TS 33.501, wherein the anchor key is derived from a key (K.sub.AUSF_SRT), this key K.sub.AUSF_SRT being derived from CK.sub.SRT and IK.sub.SRT. At step 61, the AUSF/UDM/ARPF 34 sends to the SEAF 31 the authentication vector AV.sub.SRT. The SEAF 31 stores locally the authentication vector and sends to the terminal 33 (step 62) the RAND and the authentication token AUTN, the RAND and AUTN being contained in the authentication vector computed before accordingly to 3GPP TS 33.501.

[0088] At step 63, the UE 33 verifies the validity of received the challenge RAND and authentication token AUTN, the validity verification being performed by the UE 33 by: [0089] deriving from terminal locally stored long-term key K and the received challenge RAND, the expected authentication token XAUTN, the terminal challenge response RES*, terminal ciphering key CK, terminal integrity key IK as specified in 3GPP TS 33.501 (this corresponds to what already exists in 3GPP TS 33.501); [0090] generating a second terminal ciphering key CK.sub.SRT and a second terminal integrity key IK.sub.SRT, the second terminal ciphering key being derived from the first terminal ciphering key and the SRT, and the second terminal integrity key being derived from the first terminal integrity key and the SRT; [0091] computing another terminal anchor key (K.sub.SEAF_SRT) for the communication between the terminal and the SEAF 31 according to 3GPP TS 33.501, wherein the another terminal anchor key is derived from a terminal key (K.sub.AUSF_SRT), wherein the terminal K.sub.AUSF_SRT is derived from the terminal CK.sub.SRT and terminal IK.sub.SRT.

[0092] At step 64, if the verification is successful, the UE 33 sends to the SEAF 31 the challenge response RES* computed by the UE 33.

At step 65, the SEAF derives another HRES* from the received RES* and verifies that the HRES* is equal to the HXRES* contained in the locally stored authentication vector received at step 61.

[0093] If the verification is successful, the SEAF 31 sends the successfully checked RES* to the AUSF/UDM/ARPF 34 at step 66. The AUSF/UDM/ARPF 34 verifies at step 67 that the received RES* from the AUSF 31 is equal to the expected challenge response XRES* computed in step 60. If the verification at step 67 is successful, then the UE 33 is considered authenticated by the AUSF/UDM/ARPF 34, and the AUSF/UDM/ARPF 34 sends at step 68 the authentication result and the K.sub.SEAF_SRT computed in step 60 to the SEAF 31, the authentication result indicating the status of the authentication of the terminal accordingly to 3GPP TS 33.501. At step 69, the UE 33 and the SEAF 31 use the K.sub.SEAF_SRT for communication as specified in 3GPP TS 33.501.

[0094] The advantage of this second alternative is that it is possible for the Mobile Equipment part of the terminal (instead of the USIM) to perform the derivation of CK and IK based on a SRT, when the USIM is not able to perform the concealment of the SUPI and the SRT into the SUCI (encryption of the SUPI and SRT with AUSF/UDM/ARPF public key).

In this second alternative, the USIM (when capable) is able to perform the derivation of CK and IK based on the SRT, thus making the new process transparent to the terminal.
As said before, the secure registration token is preferably a random number and can be modified by the secure element at each authentication request. Advantageously, the secure registration token is modified by the secure element at each authentication request.

[0095] Embodiments of the invention also concern a secure element intended to cooperate with a Mobile Equipment within a terminal in a telecommunication network, the telecommunication network comprising a SEAF and a AUSF/UDM/ARPF, the secure element generating a secure registration token (SRT) sent by the terminal to the AUSF/UDM/ARPF and concealed with the AUSF/UDM/ARPF public key along with its SUPI in the SUCI, in order that AUSF/UDM/ARPF generates an anchor key (K.sub.SEAF_SRT) for the communication between the terminal and the SEAF according to 3GPP TS 33.501, wherein the anchor key (K.sub.SEAF_SRT) is derived indirectly from a key (K.sub.SRT) obtained by deriving the long-term key K from the secure element and a secure registration token (SRT) sent by the terminal to the AUSF/UDM/ARPF and concealed with the AUSF/UDM/ARPF public key along with its SUPI in the SUCI.

[0096] Embodiments of the invention also concerns an AUSF/UDM/ARPF of a telecommunication network comprising a SEAF and a secure element intended to cooperate with a Mobile Equipment within a terminal in the telecommunication network, the AUSF/UDM/ARPF receiving a secure registration token (SRT) sent by the terminal/secure element and concealed with the AUSF/UDM/ARPF public key along with its SUPI in the SUCI, in order that the AUSF/UDM/ARPF generates an anchor key (K.sub.SEAF_SRT) for the communication between the terminal and the SEAF according to 3GPP TS 33.501, wherein the anchor key (K.sub.SEAF_SRT) is indirectly derived from a key (K.sub.SRT) obtained by deriving the long-term key K stored in the secure element and a registration token (SRT) concealed with the AUSF/UDM/ARPF public key and sent by the terminal to the AUSF/UDM/ARPF and concealed with the AUSF/UDM/ARPF public key along with its SUPI in the SUCI.

[0097] Unlike all previous 3GPP authentication/registration process (from 2G to current 5G technology), the embodiments of the invention as described uses a Secure Registration Key (K.sub.SRT) as the basis of the key derivation. This Secure Registration Key is not known by the USIM manufacturer or device manufacturer, and only known by the AUSF/UDM/ARPF and the USIM on the field.

[0098] Unlike other solutions contemplated, the embodiments of this invention does not require changes in the intermediate nodes of the network (e.g. SEAF, AMF, Mobile Equipment) and thus can be implemented easily between the home network (AUSF/UDM/ARPF) and the USIM. Unlike other solutions contemplated, the embodiments of the invention uses existing public key assets inside the USIM used for Subscription Identity Privacy already defined in 3GPP TS 33.501, but in case the USIM is not able to perform the SUCI calculation and the Mobile Equipment is capable of providing SUPI privacy then the mechanism can also be performed by the Mobile Equipment part of the UE (second alternative). When supported by the USIM, the invention makes it transparent to the Mobile Equipment.

A Method for Authentication a Secure Element Cooperating with a Mobile Equipment within a Terminal in a Telecommunication Network

Assignee

Inventors

Cpc classification

Classification Explorer

H04W12/041

ELECTRICITY

Classification Explorer

H04W12/06

ELECTRICITY

Classification Explorer

G06F21/33

PHYSICS

Classification Explorer

H04W12/0431

ELECTRICITY

Classification Explorer

H04W12/40

ELECTRICITY

Classification Explorer

H04W12/069

ELECTRICITY

Classification Explorer

H04W12/10

ELECTRICITY

Classification Explorer

H04W12/03

ELECTRICITY

Classification Explorer

H04L63/064

ELECTRICITY

International classification

Classification Explorer

H04W12/069

ELECTRICITY

Classification Explorer

H04W12/03

ELECTRICITY

Classification Explorer

H04W12/041

ELECTRICITY

Classification Explorer

H04W12/0431

ELECTRICITY

Classification Explorer

H04W12/10

ELECTRICITY

Abstract

Claims

Description