Identity privacy in wireless networks

US 10,237,729 B2
Filed: 07/24/2015
Issued: 03/19/2019
Est. Priority Date: 03/05/2015
Status: Active Grant

First Claim

Patent Images

1. A method for network access by a user equipment (UE), comprising:

sending, from the UE, a privacy mobile subscriber identity (PMSI) as a direct substitute for an international mobile subscriber identity (IMSI) to identify the UE with an initial attach message to a serving network;

receiving, from a server in communication with the serving network, an authentication request that includes a next PMSI and a tracking index;

deriving, by the UE, a UE-based next PMSI from the PMSI and tracking index;

generating, by the UE, an acknowledgement of receipt in response to the UE-based next PMSI and the next PMSI matching; and

sending, from the UE, the acknowledgment of receipt of the next PMSI to the server.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and techniques are disclosed to protect a user equipment'"'"'s international mobile subscriber identity by providing a privacy mobile subscriber identity instead. In an attach attempt to a serving network, the UE provides the PMSI instead of IMSI, protecting the IMSI from exposure. The PMSI is determined between a home network server and the UE so that intermediate node elements in the serving network do not have knowledge of the relationship between the PMSI and the IMSI. Upon receipt of the PMSI in the attach request, the server generates a next PMSI to be used in a subsequent attach request and sends the next PMSI to the UE for confirmation. The UE confirms the next PMSI to synchronize between the UE and server and sends an acknowledgment token to the server. The UE and the server then each update local copies of the current and next PMSI values.

10 Citations

48 Claims

1. A method for network access by a user equipment (UE), comprising:
- sending, from the UE, a privacy mobile subscriber identity (PMSI) as a direct substitute for an international mobile subscriber identity (IMSI) to identify the UE with an initial attach message to a serving network;
  
  receiving, from a server in communication with the serving network, an authentication request that includes a next PMSI and a tracking index;
  
  deriving, by the UE, a UE-based next PMSI from the PMSI and tracking index;
  
  generating, by the UE, an acknowledgement of receipt in response to the UE-based next PMSI and the next PMSI matching; and
  
  sending, from the UE, the acknowledgment of receipt of the next PMSI to the server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising:
    - determining, by the UE, the PMSI for network access based on an initial PMSI.
  - 3. The method of claim 2, further comprising:
    - receiving the initial PMSI during a subscriber registration of the UE with the server.
  - 4. The method of claim 2, further comprising:
    - provisioning the initial PMSI after a subscriber registration via an over-the-air communication with the server.
  - 5. The method of claim 4, wherein the plurality of values comprises a random number or a pseudo-random number, further comprising:
    - generating, by the UE from a number comprising the random number or the pseudo-random number generated at the UE, a proposed PMSI;
      
      encrypting, by the UE, the generated PMSI using a server public key, wherein the server maintains a corresponding server private key;
      
      sending, from the UE after the encrypting, the generated PMSI to the server; and
      
      receiving, at the UE, acknowledgement from the server to use the generated PMSI as the initial PMSI.
  - 6. The method of claim 1, further comprising:
    - comparing, prior to the generating, the UE-based next PMSI to the next PMSI received as part of the authentication request to determine if there is a match.
  - 7. The method of claim 1, further comprising:
    - storing the confirmed next PMSI at the UE for use in a next attach message.
  - 8. The method of claim 1, wherein the receiving the authentication request further comprises:
    - decrypting the next PMSI in the authentication request using an anonymity key, wherein the anonymity key is derived from a secret key shared between the UE and the server.
  - 9. The method of claim 1, wherein the next PMSI comprises a hash of the tracking index, concatenated to the PMSI, with a PMSI generation key.

10. A user equipment (UE) comprising:
- a memory configured to store a privacy mobile subscriber identity (PMSI);
  
  a transceiver configured to;
  
  send the PMSI as a direct substitute for an international mobile subscriber identity (IMSI) to identify the UE with an initial attach message to a serving network; and
  
  receive, from a server in communication with the serving network, an authentication request that includes a next PMSI and a tracking index; and
  
  a processor configured to;
  
  derive a UE-based next PMSI from the PMSI and the tracking index; and
  
  generate an acknowledgment of receipt in response to the UE-based next PMSI and the next PMSI matching,wherein the transceiver is further configured send the acknowledgement of receipt to the server.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The user equipment of claim 10, wherein the processor is further configured to:
    - determine the PMSI for network access based on an initial PMSI stored in the memory.
  - 12. The user equipment of claim 11, wherein the user equipment receives the initial PMSI during a subscriber registration of the UE with the server.
  - 13. The user equipment of claim 11, wherein the user equipment is configured to provision the initial PMSI after a subscriber registration via an over-the-air communication with the server.
  - 14. The user equipment of claim 13, wherein:
    - the plurality of values comprises a random or pseudo-random number generated at the UE;
      
      the processor is further configured to generate, from the number comprising the random or pseudo-random number generated at the UE, a proposed initial PMSI and encrypt the generated PMSI using a server public key, wherein the server on the serving network maintains a corresponding server private key; and
      
      the transceiver is further configured to transmit the generated PMSI after encryption to the server and receive acknowledgement from the server to use the generated PMSI as the initial PMSI.
  - 15. The user equipment of claim 10, wherein the processor is further configured to:
    - compare the UE-based next PMSI to the next PMSI received as part of the authentication request to determine if there is a match.
  - 16. The user equipment of claim 15, wherein the memory is further configured to store the next PMSI for use in a next attach message.
  - 17. The user equipment of claim 10, wherein the processor is further configured to decrypt the next PMSI in the authentication request using an anonymity key, wherein the anonymity key is derived from a secret key shared between the UE and the server.

18. A method for setting up network access with a server on a network, comprising:
- receiving, from a user equipment (UE) via one or more network elements in an intervening serving network, a privacy mobile subscriber identity (PMSI) as a direct substitute for an international mobile subscriber identity (IMSI) to identify the UE from an initial attach message;
  
  determining, by the server, a next PMSI based on the PMSI;
  
  transmitting, from the server, authentication information to the serving network that includes the next PMSI and a tracking index, as part of authentication; and
  
  receiving, from the UE via the serving network, an acknowledgement of receipt that includes confirmation of the next PMSI with an acknowledgement token generated in response to a UE-based next PMSI, derived by the UE from the PMSI and the tracking index, matching the next PMSI.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25)
- - 19. The method of claim 18, further comprising:
    - determining, by the server, the PMSI for network access based on an initial PMSI.
  - 20. The method of claim 19, further comprising:
    - receiving, at the server, the initial PMSI during a subscriber registration of the UE with the server.
  - 21. The method of claim 19, further comprising:
    - receiving, from the UE, a proposed initial PMSI;
      
      decrypting, by the server, the proposed initial PMSI using a server private key that was encrypted at the UE by a corresponding server public key;
      
      storing, by the server, the proposed initial PMSI as the initial PMSI associated with the UE; and
      
      transmitting, to the UE, an acknowledgement of the proposed initial PMSI as the initial PMSI.
  - 22. The method of claim 18, further comprising:
    - deriving an anonymity key from a secret key shared between the server and the UE;
      
      encrypting the next PMSI in the authentication information using the derived anonymity key; and
      
      storing the next PMSI in place of the PMSI at the server for use in responding to a subsequent initial attach message from the UE.
  - 23. The method of claim 18, wherein the determining further comprises:
    - detecting a collision between the next PMSI and another existing PMSI associated with a different UE; and
      
      incrementing the tracking index and determining a new next PMSI based on the next PMSI and the incremented tracking index.
  - 24. The method of claim 18, further comprising:
    - receiving, from a mobility management entity (MME) on the serving network separate from a home network that the server is on, a request for the IMSI of the UE; and
      
      sending, in response to the request, the PMSI of the UE used in the initial attach message instead of the IMSI of the UE.
  - 25. The method of claim 18, further comprising:
    - searching one or more databases for a match to the PMSI included with the initial attach message; and
      
      sending, in response to not locating a match, a notice for the UE to modify a PMSI index maintained at the UE for generation of an updated PMSI at the UE.

26. A server comprising:
- a database configured to store a plurality of privacy mobile subscriber identities (PMSI) of user equipment (UE);
  
  a transceiver configured to receive, via one or more network elements in an intervening serving network from a UE, a privacy mobile subscriber identity (PMSI) as a direct substitute for an international mobile subscriber identity (IMSI) to identify the UE from an initial attach message; and
  
  a processor configured to determine a next PMSI for the UE based on the PMSI;
  
  wherein the transceiver is further configured to transmit authentication information to the serving network that includes the next PMSI and a tracking index, as part of authentication, and receive an acknowledgement of receipt that includes confirmation of the next PMSI, with an acknowledgement token generated in response to a UE-based next PMSI derived from the PMSI and the tracking index matching the next PMSI, from the UE via the serving network.
- View Dependent Claims (27, 28, 29, 30, 31, 32, 33)
- - 27. The server of claim 26, wherein the processor is further configured to determine the PMSI for network access based on an initial PMSI.
  - 28. The server of claim 27, wherein the transceiver is further configured to receive the initial PMSI during a subscriber registration of the UE with the server.
  - 29. The server of claim 27, wherein:
    - the transceiver is further configured to receive, from the UE, a proposed initial PMSI;
      
      the processor is further configured to decrypt the proposed initial PMSI using a server private key that was encrypted at the UE by a corresponding server public key and store the proposed initial PMSI as the initial PMSI associated with the UE; and
      
      the transceiver is further configured to transmit, to the UE, an acknowledgement of the proposed initial PMSI as the initial PMSI.
  - 30. The server of claim 26, wherein:
    - the processor is further configured to derive an anonymity key from a secret key shared between the server and the UE and encrypt the next PMSI in the authentication information using the derived anonymity key; and
      
      the database is further configured to store the next PMSI in place of the PMSI for use in responding to a subsequent initial attach message from the UE.
  - 31. The server of claim 26, wherein the processor is further configured, as part of the determining, to:
    - detect a collision between the next PMSI and another existing PMSI associated with a different UE in the database; and
      
      increment the tracking index and determine a new next PMSI based on the next PMSI and the incremented tracking index.
  - 32. The server of claim 26, wherein the transceiver is further configured to:
    - receive, from a mobility management entity (MME) on the serving network separate from a home network that the server is on, a request for the IMSI of the UE; and
      
      send, in response to the request, the PMSI of the UE used in the initial attach message instead of the IMSI of the UE.
  - 33. The server of claim 26, wherein:
    - the processor is further configured to search the database for a match to the PMSI included with the initial attach message; and
      
      the transceiver is further configured to send, in response to not locating a match, a notice for the UE to modify a PMSI index maintained at the UE for generation of an updated PMSI at the UE.

34. A non-transitory computer-readable medium having program code recorded thereon, the program code comprising:
- code for causing a user equipment (UE) to send a privacy mobile subscriber identity (PMSI) as a direct substitute for an international mobile subscriber identity (IMSI) to identify the UE with an initial attach message to a serving network;
  
  code for causing the UE to receive, from a server in communication with the serving network, an authentication request that includes a next PMSI and a tracking index;
  
  code for causing the UE to derive a UE-based next PMSI from the PMSI and the tracking index;
  
  code for causing the UE to compare the UE-based next PMSI to the next PMSI received as part of the authentication request to determine if there is a match of PMSI synchronization between the UE and the server;
  
  code for causing the UE, in response to determining the match, to generate an acknowledgement of receipt in response to the UE-based next PMSI and the next PMSI matching; and
  
  code for causing the UE to send the acknowledgment of receipt of the next PMSI to the server.
- View Dependent Claims (35, 36, 37, 38, 39, 40)
- - 35. The non-transitory computer-readable medium of claim 34, further comprising:
    - code for causing the UE to determine the PMSI for network access based on an initial PMSI.
  - 36. The non-transitory computer-readable medium of claim 35, further comprising:
    - code for causing the UE to receive the initial PMSI during a subscriber registration of the UE with the server.
  - 37. The non-transitory computer-readable medium of claim 35, further comprising:
    - code for causing the UE to provision the initial PMSI after a subscriber registration via an over-the-air communication with the server.
  - 38. The non-transitory computer-readable medium of claim 37, further comprising:
    - code for causing the UE to generate a proposed PMSI;
      
      code for causing the UE to encrypt the generated PMSI using a server public key, wherein the server maintains a corresponding server private key;
      
      code for causing the UE to send, after the encryption, the generated PMSI to the server; and
      
      code for causing the UE to receive acknowledgement from the server to use the generated PMSI as the initial PMSI.
  - 39. The non-transitory computer-readable medium of claim 34, further comprising:
    - code for causing the UE to store the confirmed next PMSI at the UE for use in a next attach message.
  - 40. The non-transitory computer-readable medium of claim 34, further comprising:
    - code for causing the UE to decrypt the next PMSI in the authentication request using an anonymity key, wherein the anonymity key is derived from a secret key shared between the UE and the server.

41. A non-transitory computer-readable medium having program code recorded thereon, the program code comprising:
- code for causing a server to receive, from a user equipment (UE) via one or more network elements in an intervening serving network, a privacy mobile subscriber identity (PMSI) as a direct substitute for an international mobile subscriber identity (IMSI) to identify the UE from an initial attach message;
  
  code for causing the server to determine a next PMSI based on the PMSI;
  
  code for causing the server to transmit authentication information to the serving network that includes the next PMSI and a tracking index, as part of authentication; and
  
  code for causing the server to receive, from the UE via the serving network, an acknowledgement of receipt that includes confirmation of the next PMSI with an acknowledgement token generated in response to a UE-based next PMSI, derived by the UE from the PMSI and the tracking index, matching the next PMSI.
- View Dependent Claims (42, 43, 44, 45, 46, 47, 48)
- - 42. The non-transitory computer-readable medium of claim 41, further comprising:
    - code for causing the server to determine the PMSI for network access based on an initial PMSI.
  - 43. The non-transitory computer-readable medium of claim 42, further comprising:
    - code for causing the server to receive the initial PMSI during a subscriber registration of the UE with the server.
  - 44. The non-transitory computer-readable medium of claim 42, further comprising:
    - code for causing the server to receive, from the UE, a proposed initial PMSI;
      
      code for causing the server to decrypt the proposed initial PMSI using a server private key that was encrypted at the UE by a corresponding server public key; and
      
      code for causing the server to transmit, to the UE, an acknowledgement of the proposed initial PMSI as the initial PMSI.
  - 45. The non-transitory computer-readable medium of claim 41, further comprising:
    - code for causing the server to derive an anonymity key from a secret key shared between the server and the UE;
      
      code for causing the server to encrypt the next PMSI in the authentication information using the derived anonymity key; and
      
      code for causing the server to store the next PMSI in place of the PMSI at the server for use in responding to a subsequent initial attach message from the UE.
  - 46. The non-transitory computer-readable medium of claim 41, wherein the code for causing the server to determine the next PMSI further comprises:
    - code for causing the server to detect a collision between the next PMSI and another existing PMSI associated with a different UE; and
      
      code for causing the server to increment the tracking index and determine a new next PMSI based on the next PMSI and the incremented tracking index.
  - 47. The non-transitory computer-readable medium of claim 41, further comprising:
    - code for causing the server to receive, from a mobility management entity (MME) on the serving network separate from a home network that the server is on, a request for the IMSI of the UE; and
      
      code for causing the server to send, in response to the request, the PMSI of the UE used in the initial attach message instead of the IMSI of the UE.
  - 48. The non-transitory computer-readable medium of claim 41, further comprising:
    - code for causing the server to search one or more databases for a match to the PMSI included with the initial attach message; and
      
      code for causing the server to send, in response to not locating a match, a notice for the UE to modify a PMSI index maintained at the UE for generation of an updated PMSI at the UE.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Qualcomm, Inc.
Original Assignee
Qualcomm, Inc.
Inventors
Lee, Soo Bum, Palanigounder, Anand, Escott, Adrian Edward, Horn, Gavin Bernard
Primary Examiner(s)
Edwards, Linglan E
Assistant Examiner(s)
Carey, Forrest L

Application Number

US14/808,862
Publication Number

US 20160262015A1
Time in Patent Office

1,334 Days
Field of Search
US Class Current
CPC Class Codes

H04L 2101/654   International mobile subscr...

H04W 12/02   Protecting privacy or anony...

H04W 12/033   of the user plane, e.g. use...

H04W 12/04   Key management, e.g. using ...

H04W 12/06   Authentication

H04W 12/72   Subscriber identity

H04W 8/04   Registration at HLR or HSS ...

H04W 8/183   Processing at user equipmen...

Identity privacy in wireless networks

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

10 Citations

48 Claims

Specification

Solutions

Use Cases

Quick Links

Identity privacy in wireless networks

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

10 Citations

48 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links