Key-derivation verification in telecommunications network
First Claim
1. A method comprising, by a serving network:
- receiving, from a home-network node, identity data associated with a network terminal, wherein the identity data comprises a subscriber identifier (SID) and a terminal identifier (TID), wherein the TID is a Permanent Equipment Identifier (PEI);
determining a tied key using a tying key derivation function (TKDF) based on the SID and TID;
preparing an authentication request based on first security data, the preparing comprising at least one of;
encrypting the first security data based on the tied key to provide the authentication request;
ormarking the first security data to provide the authentication request, the marking comprising;
determining a first message authentication code (MAC) based on the tied key and the first security data; and
providing the authentication request comprising the first security data and the MAC; and
transmitting the authentication request to the network terminal.
3 Assignments
0 Petitions
Accused Products
Abstract
A telecommunications network includes a serving network and a home network. In some examples the serving network receives, from the home network, identity data associated with a network terminal. The serving network determines a tied key using a tying key derivation function (TKDF) based on the identity data, then prepares an authentication request based on the tied key and sends the request to the terminal. In some examples, the home network receives the identity data from the access network and determines a tied key using a TKDF. The home network then determines a confirmation message based on the first tied key. In some examples, the serving network receives the identity data from the home network, and receives a network-slice selector associated with the network terminal. The serving network determines a tied key using a TKDF based on the identity data and the network-slice selector.
15 Citations
19 Claims
-
1. A method comprising, by a serving network:
-
receiving, from a home-network node, identity data associated with a network terminal, wherein the identity data comprises a subscriber identifier (SID) and a terminal identifier (TID), wherein the TID is a Permanent Equipment Identifier (PEI); determining a tied key using a tying key derivation function (TKDF) based on the SID and TID; preparing an authentication request based on first security data, the preparing comprising at least one of; encrypting the first security data based on the tied key to provide the authentication request;
ormarking the first security data to provide the authentication request, the marking comprising; determining a first message authentication code (MAC) based on the tied key and the first security data; and providing the authentication request comprising the first security data and the MAC; and transmitting the authentication request to the network terminal. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. One or more non-transitory computer-readable media comprising instructions that, when executed by one or more processors, cause the one or more processors to perform operations comprising:
-
receiving, from a home-network node, identity data associated with a network terminal, wherein the identity data comprises a subscriber identifier (SID) and a terminal identifier (TIP), wherein the TIP is an International Mobile Equipment Identifier (IMEI); receiving a network-slice selector associated with the network terminal; determining a tied key using a tying key derivation function (TKDF) based on the SID, TIP, and the network-slice selector; preparing an authentication request based on first security data, the preparing comprising at least one of; encrypting the first security data based on the tied key to provide the authentication request;
ormarking the first security data to provide the authentication request, the marking comprising; determining a first message authentication code (MAC) based on the tied key and the first security data; and providing the authentication request comprising the first security data and the MAC; and transmitting the authentication request to the network terminal. - View Dependent Claims (9, 10, 11, 12)
-
-
13. A system of a serving network, comprising:
-
one or more processors; and programming instructions that, when executed by the one or more processors, cause the system to perform operations comprising; receiving, from a home-network node, identity data associated with a network terminal, wherein the identity data comprises a subscriber identifier (SID) and a terminal identifier (TID), wherein the TID is a Permanent Equipment Identifier (PEI); determining a tied key using a tying key derivation function (TKDF) based on the SID and TID data; preparing an authentication request based on first security data, the preparing comprising at least one of; encrypting the first security data based on the tied key to provide the authentication request;
ormarking the first security data to provide the authentication request, the marking comprising; determining a first message authentication code (MAC) based on the tied key and the first security data; and providing the authentication request comprising the first security data and the MAC; and transmitting the authentication request to the network terminal. - View Dependent Claims (14, 15, 16, 17, 18, 19)
-
Specification