Identity privacy in wireless networks
First Claim
1. A method for network access by a user equipment (UE), comprising:
- sending, from the UE, a privacy mobile subscriber identity (PMSI) as a direct substitute for an international mobile subscriber identity (IMSI) to identify the UE with an initial attach message to a serving network;
receiving, from a server in communication with the serving network, an authentication request that includes a next PMSI and a tracking index;
deriving, by the UE, a UE-based next PMSI from the PMSI and tracking index;
generating, by the UE, an acknowledgement of receipt in response to the UE-based next PMSI and the next PMSI matching; and
sending, from the UE, the acknowledgment of receipt of the next PMSI to the server.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and techniques are disclosed to protect a user equipment'"'"'s international mobile subscriber identity by providing a privacy mobile subscriber identity instead. In an attach attempt to a serving network, the UE provides the PMSI instead of IMSI, protecting the IMSI from exposure. The PMSI is determined between a home network server and the UE so that intermediate node elements in the serving network do not have knowledge of the relationship between the PMSI and the IMSI. Upon receipt of the PMSI in the attach request, the server generates a next PMSI to be used in a subsequent attach request and sends the next PMSI to the UE for confirmation. The UE confirms the next PMSI to synchronize between the UE and server and sends an acknowledgment token to the server. The UE and the server then each update local copies of the current and next PMSI values.
10 Citations
48 Claims
-
1. A method for network access by a user equipment (UE), comprising:
-
sending, from the UE, a privacy mobile subscriber identity (PMSI) as a direct substitute for an international mobile subscriber identity (IMSI) to identify the UE with an initial attach message to a serving network; receiving, from a server in communication with the serving network, an authentication request that includes a next PMSI and a tracking index; deriving, by the UE, a UE-based next PMSI from the PMSI and tracking index; generating, by the UE, an acknowledgement of receipt in response to the UE-based next PMSI and the next PMSI matching; and sending, from the UE, the acknowledgment of receipt of the next PMSI to the server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A user equipment (UE) comprising:
-
a memory configured to store a privacy mobile subscriber identity (PMSI); a transceiver configured to; send the PMSI as a direct substitute for an international mobile subscriber identity (IMSI) to identify the UE with an initial attach message to a serving network; and receive, from a server in communication with the serving network, an authentication request that includes a next PMSI and a tracking index; and a processor configured to; derive a UE-based next PMSI from the PMSI and the tracking index; and generate an acknowledgment of receipt in response to the UE-based next PMSI and the next PMSI matching, wherein the transceiver is further configured send the acknowledgement of receipt to the server. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. A method for setting up network access with a server on a network, comprising:
-
receiving, from a user equipment (UE) via one or more network elements in an intervening serving network, a privacy mobile subscriber identity (PMSI) as a direct substitute for an international mobile subscriber identity (IMSI) to identify the UE from an initial attach message; determining, by the server, a next PMSI based on the PMSI; transmitting, from the server, authentication information to the serving network that includes the next PMSI and a tracking index, as part of authentication; and receiving, from the UE via the serving network, an acknowledgement of receipt that includes confirmation of the next PMSI with an acknowledgement token generated in response to a UE-based next PMSI, derived by the UE from the PMSI and the tracking index, matching the next PMSI. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25)
-
-
26. A server comprising:
-
a database configured to store a plurality of privacy mobile subscriber identities (PMSI) of user equipment (UE); a transceiver configured to receive, via one or more network elements in an intervening serving network from a UE, a privacy mobile subscriber identity (PMSI) as a direct substitute for an international mobile subscriber identity (IMSI) to identify the UE from an initial attach message; and a processor configured to determine a next PMSI for the UE based on the PMSI; wherein the transceiver is further configured to transmit authentication information to the serving network that includes the next PMSI and a tracking index, as part of authentication, and receive an acknowledgement of receipt that includes confirmation of the next PMSI, with an acknowledgement token generated in response to a UE-based next PMSI derived from the PMSI and the tracking index matching the next PMSI, from the UE via the serving network. - View Dependent Claims (27, 28, 29, 30, 31, 32, 33)
-
-
34. A non-transitory computer-readable medium having program code recorded thereon, the program code comprising:
-
code for causing a user equipment (UE) to send a privacy mobile subscriber identity (PMSI) as a direct substitute for an international mobile subscriber identity (IMSI) to identify the UE with an initial attach message to a serving network; code for causing the UE to receive, from a server in communication with the serving network, an authentication request that includes a next PMSI and a tracking index; code for causing the UE to derive a UE-based next PMSI from the PMSI and the tracking index; code for causing the UE to compare the UE-based next PMSI to the next PMSI received as part of the authentication request to determine if there is a match of PMSI synchronization between the UE and the server; code for causing the UE, in response to determining the match, to generate an acknowledgement of receipt in response to the UE-based next PMSI and the next PMSI matching; and code for causing the UE to send the acknowledgment of receipt of the next PMSI to the server. - View Dependent Claims (35, 36, 37, 38, 39, 40)
-
-
41. A non-transitory computer-readable medium having program code recorded thereon, the program code comprising:
-
code for causing a server to receive, from a user equipment (UE) via one or more network elements in an intervening serving network, a privacy mobile subscriber identity (PMSI) as a direct substitute for an international mobile subscriber identity (IMSI) to identify the UE from an initial attach message; code for causing the server to determine a next PMSI based on the PMSI; code for causing the server to transmit authentication information to the serving network that includes the next PMSI and a tracking index, as part of authentication; and code for causing the server to receive, from the UE via the serving network, an acknowledgement of receipt that includes confirmation of the next PMSI with an acknowledgement token generated in response to a UE-based next PMSI, derived by the UE from the PMSI and the tracking index, matching the next PMSI. - View Dependent Claims (42, 43, 44, 45, 46, 47, 48)
-
Specification