CN119256574A

CN119256574A - Apparatus, method, and computer program for privacy protection of subscription identifiers

Info

Publication number: CN119256574A
Application number: CN202380042233.5A
Authority: CN
Inventors: R·马乌雷迪·达纳塞卡兰; R·普拉文钱德拉·巴特
Original assignee: Nokia Technologies Oy
Current assignee: Nokia Technologies Oy
Priority date: 2022-06-17
Filing date: 2023-05-26
Publication date: 2025-01-03
Also published as: WO2023241899A1

Abstract

There is provided an apparatus comprising means for receiving an indication of a length of at least part of a subscription identifier, determining the subscription identifier based on the received indication, encrypting the determined subscription identifier, and providing the encrypted subscription identifier to a network.

Description

Apparatus, method, and computer program for privacy protection of subscription identifiers

Technical Field

The present application relates to a method, apparatus, system, and computer program, in particular, but not limited to, privacy protection of distinguishable length NAI identifiers.

Background

A communication system may be considered a facility that enables communication sessions between two or more entities, such as user terminals, base stations, and/or other nodes, by providing carriers between the various entities involved in the communication path. For example, the communication system may be provided by means of a communication network and one or more compatible communication devices. The communication session may include, for example, communications for carrying data such as voice, video, electronic mail (email), text messages, multimedia, and/or content data, among others. Non-limiting examples of services provided include bi-or multi-directional calls, data communications, or multimedia services, and access to data network systems such as the internet.

In a wireless communication system, at least part of a communication session between at least two stations occurs over a wireless link. Examples of wireless systems include Public Land Mobile Networks (PLMNs), satellite-based communication systems, and different wireless local area networks, such as Wireless Local Area Networks (WLANs). Some wireless systems may be divided into cells and are therefore commonly referred to as cellular systems.

The user may access the communication system by means of a suitable communication device or terminal. The user's communication equipment may be referred to as User Equipment (UE) or user equipment. The communication device is provided with suitable signal receiving and transmitting means for enabling communication, for example enabling access to a communication network or communication directly with other users. A communication device may access a carrier provided by a station (e.g., a base station of a cell) and transmit and/or receive communications on the carrier.

Communication systems and associated devices typically operate in accordance with a given standard or specification which sets out what the various entities associated with the system are permitted to do and how that should be achieved. Communication protocols and/or parameters which have been used for the connection are also typically defined. One example of a communication system is UTRAN (3G radio). Other examples of communication systems are the Long Term Evolution (LTE) of the Universal Mobile Telecommunications System (UMTS) radio access technology and so-called 5G or new wireless (NR) networks. NR is being standardized by the third generation partnership project (3 GPP).

Disclosure of Invention

In a first aspect, an apparatus is provided that includes means for receiving an indication of a length of at least a portion of a subscription identifier, determining the subscription identifier based on the received indication, encrypting the determined subscription identifier, and providing the encrypted subscription identifier to a network.

The apparatus may include means for extending at least a portion of the subscription identifier to the length.

The apparatus may include means for truncating at least a portion of the subscription identifier to the length.

The length may be fixed or variable.

The length may be a maximum length.

The apparatus may include means for receiving the indication from a home network.

The apparatus may include means for receiving the indication from an operator.

The subscription identifier may include a network access identifier.

At least part of the subscription identifier may include a user name.

The apparatus may include a universal subscription identifier module, USIM, and means for providing an indication of the subscription identifier to a terminal comprising the USIM.

In a second aspect, an apparatus is provided that includes means for providing an indication of a length of at least a portion of a subscription identifier to a universal subscription identifier module, USIM, and receiving an encrypted subscription identifier from the USIM, wherein the subscription identifier is determined at a user equipment based on the provided indication.

At least part of the subscription identifier may extend to this length.

The apparatus may include means for decrypting the encrypted subscription identifier and using at least a portion of the subscription identifier other than the extension.

At least part of the subscription identifier may be truncated to the length.

The length may be fixed or variable.

The length may be a maximum length.

The apparatus may include means for providing the indication from a home network.

The apparatus may include means for providing the indication from an operator.

The subscription identifier may include a network access identifier.

At least part of the subscription identifier may include a user name.

In a third aspect, a method is provided that includes receiving an indication of a length of at least a portion of a subscription identifier, determining the subscription identifier based on the received indication, encrypting the determined subscription identifier, and providing the encrypted subscription identifier to a network.

The method may include extending at least a portion of the subscription identifier to the length.

The method may include truncating at least a portion of the subscription identifier to the length.

The length may be fixed or variable.

The length may be a maximum length.

The method may include receiving the indication from a home network.

The method may include receiving the indication from an operator.

The subscription identifier may include a network access identifier.

At least part of the subscription identifier may include a user name.

The method may include providing an indication of the subscription identifier to a terminal comprising the USIM.

In a fourth aspect, a method is provided comprising providing an indication of a length of at least part of a subscription identifier to a universal subscription identifier module, USIM, and receiving an encrypted subscription identifier from the USIM, wherein the subscription identifier is determined at a user equipment based on the provided indication.

At least part of the subscription identifier may extend to this length.

The method may include decrypting the encrypted subscription identifier and using at least a portion of the subscription identifier other than the extension.

At least part of the subscription identifier may be truncated to the length.

The length may be fixed or variable.

The length may be a maximum length.

The method may include providing the indication from the home network.

The method may include providing the indication from an operator.

The subscription identifier may include a network access identifier.

At least part of the subscription identifier may include a user name.

In a fifth aspect, an apparatus is provided that includes at least one processor and at least one memory storing instructions that, when executed by the at least one processor, cause the apparatus at least to receive an indication of a length of at least a portion of a subscription identifier, determine the subscription identifier based on the received indication, encrypt the determined subscription identifier, and provide the encrypted subscription identifier to a network.

The apparatus may be caused to extend at least part of the subscription identifier to the length.

The apparatus may be caused to truncate at least part of the subscription identifier to the length.

The length may be fixed or variable.

The length may be a maximum length.

The apparatus may be caused to receive the indication from the home network.

The apparatus may be caused to receive the indication from an operator.

The subscription identifier may include a network access identifier.

At least part of the subscription identifier may include a user name.

The apparatus may comprise a universal subscription identifier module USIM and be caused to provide an indication of the subscription identifier to a terminal comprising the USIM.

In a sixth aspect, an apparatus is provided that includes at least one processor and at least one memory storing instructions that, when executed by the at least one processor, cause the apparatus to at least provide an indication of a length of at least a portion of a subscription identifier to a universal subscription identifier module, USIM, and receive an encrypted subscription identifier from the USIM, wherein the subscription identifier is determined at the USIM based on the provided indication.

At least part of the subscription identifier may extend to this length.

The apparatus may be caused to decrypt the encrypted subscription identifier and use at least a portion of the subscription identifier other than the extension.

At least part of the subscription identifier may be truncated to the length.

The length may be fixed or variable.

The length may be a maximum length.

The apparatus may be caused to provide the indication from the home network.

The apparatus may be caused to provide the indication from an operator.

The subscription identifier may include a network access identifier.

At least part of the subscription identifier may include a user name.

In a seventh aspect, a computer readable medium is provided that includes program instructions for causing an apparatus to at least receive an indication of a length of at least a portion of a subscription identifier, determine the subscription identifier based on the received indication, encrypt the determined subscription identifier, and provide the encrypted subscription identifier to a network.

The apparatus may be caused to perform expanding at least a portion of the subscription identifier to the length.

The apparatus may be caused to perform truncating at least a portion of the subscription identifier to the length.

The length may be fixed or variable.

The length may be a maximum length.

The apparatus may be caused to perform receiving the indication from a home network.

The apparatus may be caused to perform receiving the indication from an operator.

The subscription identifier may include a network access identifier.

At least part of the subscription identifier may include a user name.

The apparatus may include a universal subscription identifier module USIM and be caused to perform providing an indication of the subscription identifier to a terminal including the USIM.

In an eighth aspect, a computer readable medium is provided that includes program instructions for causing an apparatus to at least provide an indication of a length of at least a portion of a subscription identifier to a universal subscription identifier module, USIM, and receive an encrypted subscription identifier from the USIM, wherein the subscription identifier is determined at the USIM based on the provided indication.

At least part of the subscription identifier may extend to this length.

The apparatus may be caused to perform decrypting the encrypted subscription identifier and using at least a portion of the subscription identifier other than the extension.

At least part of the subscription identifier may be truncated to the length.

The length may be fixed or variable.

The length may be a maximum length.

The apparatus may be caused to perform providing the indication from the home network.

The apparatus may be caused to perform providing the indication from an operator.

The subscription identifier may include a network access identifier.

At least part of the subscription identifier may include a user name.

In a ninth aspect, there is provided a non-transitory computer readable medium comprising program instructions for causing an apparatus to perform at least the method according to the third or fourth aspect.

In the foregoing, many different embodiments have been described. It should be appreciated that additional embodiments may be provided by combinations of any two or more of the above embodiments.

Drawings

Embodiments will now be described, by way of example only, with reference to the accompanying drawings, in which:

fig. 1 shows a schematic diagram of an example 5GS communication system;

FIG. 2 shows a schematic diagram of an example mobile communication device;

FIG. 3 illustrates a schematic diagram of an example control device;

FIG. 4 illustrates a block diagram of an example encryption for generating SUCI SUPI;

fig. 5 shows a block diagram of 3gpp supi_nai and 3gpp supi_nai;

FIG. 6 shows a distribution diagram of identifier lengths;

FIG. 7 shows a flow chart of a method according to an example embodiment;

FIG. 8 shows a flow chart of a method according to an example embodiment;

fig. 9 shows block diagrams of SUPI_NAI and SUCI _NAI in accordance with an example embodiment, and

Fig. 10 shows a signaling flow according to an example embodiment.

Detailed Description

Before explaining examples in detail, certain general principles of wireless communication systems and mobile communication devices are briefly explained with reference to fig. 1-3 to help understand the techniques behind the described examples.

An example of a suitable communication system is the 5G system (5 GS). The network architecture in 5GS may be similar to LTE-advanced. The base station of the NR system may be referred to as a next generation Node B (gNB). The network architecture may vary depending on the need to support various radio technologies and finer QoS support, as well as some on-demand requirements, such as QoS levels for supporting user-perspective QoE. In addition, network aware services and applications, as well as service and application aware networks, can bring about changes to the architecture. These are related to Information Centric Networking (ICN) and user centric content delivery networking (UC-CDN) approaches. NR may use multiple-input multiple-output (MIMO) antennas with more base stations or nodes than LTE (so-called small cell concept), including macro sites operating in cooperation with smaller base stations, possibly with various radio technologies to obtain better coverage and enhanced data rates.

The 5G network may utilize Network Function Virtualization (NFV), a network architecture concept that proposes to virtualize network node functions as "building blocks" or entities that may be operatively connected or linked together to provide services. A Virtualized Network Function (VNF) may comprise one or more virtual machines running computer program code using standard or generic types of servers instead of custom hardware. Cloud computing or data storage may also be utilized. In radio communications, this may mean that the node operations are performed at least in part in a server, host, or node operatively coupled to the remote radio heads. Node operations may also be distributed among multiple servers, nodes, or hosts. It should also be appreciated that the allocation of work between core network operation and base station operation may be different from LTE, or even non-existent.

Fig. 1 shows a schematic diagram of a 5G system (5 GS) 100. The 5GS may include a User Equipment (UE) 102 (which may also be referred to as a communication device or terminal), a 5G radio access network (5 GRAN) 104, a 5G core network (5 GCN) 106, one or more Application Functions (AFs) 108, and one or more Data Networks (DNs) 110.

An example 5G Core Network (CN) includes functional entities. The 5gcn 106 may include one or more access and mobility management functions (AMFs) 112, one or more Session Management Functions (SMFs) 114, an authentication server function (AUSF) 116, a Unified Data Management (UDM) 118, one or more User Plane Functions (UPFs) 120, a unified data store (UDR) 122, and/or a Network Exposure Function (NEF) 124. The UPF is controlled by an SMF (session management function) that receives policies from a PCF (policy control function).

The CN is connected to the terminal device via a Radio Access Network (RAN). The 5GRAN may include one or more gNodeB distributed unit functions connected to one or more GNodeB (GNB) centralized unit functions. The RAN may include one or more access nodes.

The UPF (user plane function), whose role is called PSA (protocol data unit (PDU) session anchor), may be responsible for forwarding frames back and forth between the Data Network (DN) and the establishment of tunnels through the 5G towards the UE(s) exchanging traffic with the DN.

A possible mobile communication device will now be described in more detail with reference to fig. 2, fig. 2 showing a schematic partial cross-sectional view of a communication device 200. Such communication devices are often referred to as User Equipment (UE) or terminals. A suitable mobile communication device may be provided by any device capable of transmitting and receiving radio signals. Non-limiting examples include Mobile Stations (MS) or mobile devices such as mobile phones or so-called "smartphones", computers equipped with wireless interface cards or other wireless interface facilities (e.g., USB dongles), personal Data Assistants (PDAs) or tablet computers equipped with wireless communication functions, voice over IP (VoIP) phones, portable computers, desktop computers, image capture terminal devices such as digital cameras, game terminal devices, music storage and playback devices, in-vehicle wireless terminal devices, wireless endpoints, mobile stations, notebook computer embedded devices (LEEs), notebook computer installation devices (LMEs), smart devices, wireless Customer Premise Equipment (CPE), or any combination of these devices, etc. For example, a mobile communication device may provide communications for carrying data such as voice, electronic mail (email), text messages, multimedia, and the like. Thus, a user can be provided and provided with various services via his communication device. Non-limiting examples of such services include two-way or multi-way calls, data communications or multimedia services, or simply access to a data communications network system, such as the internet. Broadcast or multicast data may also be provided to the user. Non-limiting examples of content include downloads, television and radio programming, video, advertisements, various alerts, and other information.

The mobile device is typically equipped with at least one data processing entity 201, at least one memory 202, and other possible components 203 for software and hardware assisted execution of the tasks it is designed to perform, including controlling access to and communication with access systems and other communication devices. Data processing, storage, and other related control means may be provided on a suitable circuit board and/or in a chipset. This feature is indicated by reference numeral 204. The user may control the operation of the mobile device by means of a suitable user interface, such as a lower keypad 205, voice commands, a touch sensitive screen or touchpad, combinations thereof, and the like. A display 208, a speaker, and a microphone may also be provided. In addition, the mobile communication device may include suitable connectors (wired or wireless) to other devices and/or for connecting external accessories (e.g., hands-free devices).

The mobile device 200 may receive signals over the air or radio interface 207 via suitable means for receiving and may transmit signals via suitable means for transmitting radio signals. In fig. 2, the transceiver device is schematically represented by block 206. The transceiver means 206 may be provided, for example, by means of a radio and an associated antenna arrangement. The antenna arrangement may be arranged inside or outside the mobile device.

Fig. 3 shows an example of a control apparatus 300 for a communication system, e.g. a station to be coupled to and/or for controlling an access system, such as a RAN node, e.g. a base station, eNB or gNB, a relay node, or a core network node, such as a Mobility Management Entity (MME) or S-GW or P-GW, or a core network function, such as an AMF/SMF, or a server or host. The method may be implemented in a single control device or across more than one control device. The control means may be integrated with or external to a node or module of the core network or RAN. In some embodiments, the base station includes a separate control device unit or module. In other embodiments, the control device may be another network element, such as a radio network controller or a spectrum controller. In some embodiments, each base station may have such a control device, as well as a control device provided in a radio network controller. The control means 300 may be arranged to provide control of the communication in the service area of the system. The control device 300 comprises at least one memory 301, at least one data processing unit 302, 303, and an input/output interface 304. Via this interface, the control means may be coupled to the receiver and the transmitter of the base station. The receiver and/or the transmitter may be implemented as a radio front-end or a remote radio head.

So-called International Mobile Subscriber Identity (IMSI) traps are intended to attack the anonymity of subscribers, thereby tracking and monitoring associated UEs. To prevent IMSI capturers, the 5G standard introduces encrypting a subscription permanent identifier (SUPI) into a subscription hidden identifier (SUCI) using the public key of the home network.

Each subscriber is assigned a 5G globally unique SUPI. SUCI is a privacy preserving identifier containing a hidden SUPI.

Elliptic Curve Integrated Encryption Scheme (ECIES) was used to encrypt SUCI to SUPI, as shown in FIG. 4.

ECIES is a hybrid scheme in which key exchange is based on asymmetric cryptography and key derivation and encryption is based on symmetric cryptography. ECIES is a probabilistic encryption scheme in which the same plaintext of multiple encryptions yields disparate ciphertext that cannot be concatenated with each other or with the plaintext. Three protection schemes, null scheme, profile a, and profile B, have been standardized by 3 GPP. The "null scheme" does not perform any actual encryption, but produces the same output as the input. Profiles A and B use Curve25519 or secp256r1, AES-128-CTR and HMAC-SHA-256.

The SUPI type may be an International Mobile Subscriber Identity (IMSI) or a Network Specific Identifier (NSI).

SUCI include SUPI type, home network identifier, other parameters, and hidden identifier. Only the hidden identifier portion is encrypted by SUCI.

When the SUPI is of the IMSI type, the home network identifier consists of a 3-Mobile Country Code (MCC) and a 2-3 Mobile Network Code (MNC), and the hidden identifier contains an encrypted 9-10 Mobile Subscription Identification Number (MSIN).

As previously described, the existing 5G standard allows the use of a Network Specific Identifier (NSI) as the SUPI.

The NSI may take the form of a Network Access Identifier (NAI) defined in the 3GPP standard.

When the type of SUPI is NSI, the home network identifier consists of a variable length string called a domain, and the hidden identifier contains a variable length encrypted string called a user name.

In other words, the NAI of the SUPI should have the form username@realm, which may have a variable length username as specified in the 3GPP standard.

Fig. 5 shows 3GPP supi_nai and SUCI _nai specified in the 3GPP standard. The SUPI containing a network specific identifier takes the form of a Network Access Identifier (NAI). The NAI of SUPI has the format username@realm. In the SNPN scenario, the field portion of the NAI includes MCC, MNC, and NID of SNPN. For the NAI of SUCI, the user name is encrypted.

The existing mechanisms for computing SUCI cannot provide complete indistinguishability of SUCI when the corresponding SUPIs are of different lengths.

For SUCI, as shown in FIG. 4, the symmetric encryption scheme used is AES-128 (AES-128-CTR) in "Counter (CTR) mode". CTR mode is a typical block cipher mode of operation using a block cipher algorithm. In this CTR mode, the plaintext and corresponding ciphertext are the same in length (AES-128-CTR is 128 bits). In addition, in symmetric key settings, the security concepts of true or random, left or right, or semantic security are defined in the context of the same plaintext length. Thus, according to these concepts, the security of AES-128 in CTR mode is only significant if the plaintext lengths of interest are similar.

The network may have a username portion of the NAI created from the real world name because both the early and current use of such identifiers (e.g., in ISIM (IP multimedia services identity module)) are based on the real world name.

Researchers analyzed the name length data of the entire sweden (millions of people) and four areas of an internal company (sweden, china, india, and united states) and found that the length distribution had a tail. SUCI whose length is far from the average (left or right) has a lower anonymity and, in the worst case, can be distinguished completely. In other words, SUCI may be uniquely identified for long or short (away from average) lengths of NAI used in SUPI. This affects subscriber privacy and may be misused by the IMSI capturer.

A sixth padding scheme "tail perceived block length" padding (taBlk-l-m-r) as shown in fig. 6 is currently used. The intuition behind this is that the tail of a typical distribution has the lowest frequency (representing less anonymity) and benefits most from padding. The middle part of the distribution typically has higher frequencies and filling these frequencies only promotes message expansion without significantly increasing privacy. Thus taBlk-l-m-r fill is shown in FIG. 6, i.e., length below left (l) is filled to l, length between l and middle (m) is not filled, and length above m is filled to right (r). Such selective padding may result in a reduction of the overall message extension.

Fig. 7 shows a flow chart of a method according to an example embodiment. The method may be performed at the USIM. The USIM is associated with a Mobile Equipment (ME), in other words, a user equipment.

In S1, the method includes receiving an indication of a length of at least a portion of a subscription identifier.

In S2, the method comprises determining a subscription identifier based on the received indication.

In S3, the method comprises encrypting the determined subscription identifier.

In S4, the method includes providing the encrypted subscription identifier to the network.

Fig. 8 shows a flow chart of a method according to an example embodiment. The method may be performed at a network function (e.g., UDM) of a Home Network (HN).

In T1, the method includes providing an indication of a length of at least a portion of a subscription identifier to a Universal Subscription Identifier Module (USIM).

In T2 the method comprises receiving an encrypted subscription identifier from the USIM, wherein the subscription identifier is determined at the USIM based on the provided indication.

The subscription identifier may be a NAI. At least part of the subscription identifier may be a user name of the NAI.

Determining the subscription identifier may include expanding or truncating at least a portion of the subscription identifier to the length.

The length may be fixed or variable. The length may be a maximum length.

In other words, the USIM may be configured with a fixed or variable username length, with the result that each SUCI is fixed, or each iteration generation results in a different SUCI size for the same UE.

The method provides for the addition of an extension of the user name included in the NSI (which has the form of a NAI) for the case where the NAI length is shorter than the average length, or for the truncation of the user name in the NSI (which has the form of a NAI) for the case where the NAI length is longer than the average length.

The expansion or truncation scheme may be derived statistically automatically, whether or not there is any input by the operator.

This approach may ensure that the length of the NSI is constant, which is part of the SUPI and used to generate SUCI.

The extension of the username in the SUPI NAI may be configured in the USIM by the UDM or operator.

The method may include receiving an indication of the length from an operator or home network (e.g., from a function of the HN such as UDM).

SUCI NAI generated for all users within the same operator may be the same length as the encrypted text because SUCI generation considers plaintext to add an extension.

The extension may be operator configurable and thus operator specific, so the user name is a constant length with the user name extension.

The extended subscription identifier may be in the form of a username | anonymity@realm. For example, the NAI of SUPI may have the form username | extension@realm.

The content of the username extension is not operator configured and is filled in by the user using any "non-empty string" following "|" in the username.

In other words, during unhidden, the UDM ignores octets following "|" in the user name.

Each operator may have its own specific extension length. For example, the maximum length of the user name extension of PLMN a is 200 bytes. Although each user within the same PLMN a may have a different user name and user name length, an extension after "|" in the user name is used in the supi_nai, so the maximum length of the user name for each user in PLMN a is 200 octets.

Suppose PLMN B allows a user name extension of a maximum length of 253 octets. The USIM under the operator will have a different username size. Thus, the user name of each user is extended with "|", and each user adds "any non-empty string".

Privacy protection of SUPI NAI or SUCI NAI may be achieved

Fig. 9 shows NAI of SUPI according to an example embodiment. The supi_nai includes an extension of the user name for anonymity. The username with anonymity is encrypted to form SUCI _nai. The SUCI _nai has the same length as the supi_nai.

Each user within the same operator has a predefined or configured maximum length of the user name portion. The input length calculated by SUCI becomes constant and the total number of characters is equal to the maximum length defined by the operator. This provides consistency between different users of the same operator.

Table 1 shows an example of encoding when the SUPI type is a network specific identifier.

TABLE 1

The network-specific identifier in NAI format is a NAI constructed and encoded as UTF-8 string as specified by the standard. The network-specific identifier extension may or may not be set (the user name extension for anonymity is set to "variable" or "fixed"), which is optionally configured by the operator. The network specific identifier extension length (conditionally valid only if the extension is set to "fixed") is the maximum octet allowed in the user name, so additional octets can be added after the network specific identifier.

If the operator configures a fixed NAI for the UE, the content of the user name must be filled in with bytes after "|" each time it is generated using SUCI of NAI format, e.g., the length of "username | extension_of_useid" is always the same as the maximum length configured by the operator. Regardless of the number of times SUCI is generated, the size of each time is the same for the same UE.

If the operator configures the variable NAI for the UE, the content of the user name must be filled in with bytes after "|" each time it is generated using SUCI of NAI format, e.g. the length of "username | extension_of_userid" is variable each time. Regardless of the number of times SUCI is generated, the size of the sui is different each time for the same UE. After unhiding, the operator will ignore the content after "|".

Assuming that the network specific identifier is user17 | extension_of_user_for_ anonymity@example.com, the routing indicator is 678, and the home network public key identifier is 27, the NAI format of the sui takes the following form for the null scheme:

type1.rid678.schid0.useriduser17!extension_of_userid_for_anonymity@example.com

the following form is adopted for anonymity SUCI:

type1.rid678.schidi0.useridononymous? for anonymity@example.com (where the user name corresponds to "anonymous"), or (b)

Type1.rid678.schidi0.userid? for_ anonymity@example.com (wherein the user name corresponds to an empty string)

The following form is adopted for the profile < a > protection scheme:

type1.rid678 schid1.hnkey 27.eccey < ECC temporary public key >. Cip < encryption with extended user17 >. Mac < mac tag value > @ example com.

Fig. 10 shows a signaling flow according to an example embodiment.

In step 1, successful primary authentication is performed using SUCI as IMSI format.

Steps 2 and 3 are two potential ways to update the configuration in the USIM.

In step 2, the Home Network (HN) updates the USIM with NSI extension and length to be used using the existing UPU or SoR procedure.

Alternatively or additionally, as shown in step 3, the operator updates and expands the information using the existing USIM Over The Air (OTA). This step may be performed even if the UE is in idle mode.

In step 4, the operator configures the SUPI NAI to a fixed maximum or specific length.

In step 5, SUCI NAI is generated as described in the 3GPP standard. The supi_nai includes an extension value after the user name.

In step 6, the ME sends a supi_nai request and reads the EF file of supi_nai with anonymity configuration user name from the USIM.

In step 7, the ME requests SUCI _nai and the USIM shares the generated SUCI.

In step 8, the ME sends SUCI _nai to the HN.

In step 9, after the unmasking of SUCI _nai, the UDM retrieves the supi_nai as "username | anonymity@realm". The UDM ignores the content after "|", and considers only the username portion.

The following example data set corresponds to SUCI calculations in the UE based on the SUPI and ECIES profile a of the network-specific identifier.

SUPI is:

verylongusername1!extension_anonymity_username@3gpp.com

the ECIES scheme output is calculated in the UE as described in TS 33.501, clause C.3.2, using the following example data.

Home network private key:

‘C53C22208B61860B06C62E5406A7B330C2B577AA555898151

0D128247D38BD1D’

Home network public key:

‘5A8D38864820197C3394B92613B20B91633CBD897119273BF

8e4A6f4EEC0A650’

eph private key:

‘BE9EFF3E9F22A4B42A3D236E7A6C500B3F2E7E0C7449988BA800D664BF4FCD97’

Eph public key:

‘977D8B2FDAA7B64AA700D04227D5B440630EA4EC50F9082

273A26BB678C92222’

Eph shared key:

‘511C1DF473BB88317F923501F8BA944FD3B667D25699DCB5

52DBCEF60BBDC56D’

eph.enc. Key:

‘FE77B87D87F40428EDD71BCA69D79059’

Plaintext block:

‘766572796C6F6E67757365726E616D6531796C6F6E677573657

26E501F8BA944FD3B667D25699D’

Ciphertext value:

‘8E358A1582ADB15322C10E515141D2039Ae61af4ebdbd293ea

4f942696b9e8156a7b3f6709a079’

Eph.mac key:

‘D87B69F4FE8CD6B211264EA5E69F682F151A82252684CDB1

5A047E6EF0595028’

MAC tag value:

‘12E1D7783A97F1AC’

Scheme output:

ecckey977D8B2FDAA7B64AA700D04227D5B440630EA4EC50F

9082273A26BB678C92222.cip8E358A1582ADB15322C10E51514

1D2039Ae61af4ebdbd293ea4f942696b9e8156a7b3f6709a079.mac1

2E1D7783A97F1AC

An apparatus may include means for receiving an indication of a length of at least a portion of a subscription identifier, determining the subscription identifier based on the received indication, encrypting the determined subscription identifier, and providing the encrypted subscription identifier to a network.

Alternatively or additionally, an apparatus may include means for providing an indication of a length of at least a portion of a subscription identifier to a universal subscription identifier module, USIM, and receiving an encrypted subscription identifier from the USIM, wherein the subscription identifier is determined at the USIM based on the provided indication.

It should be understood that these means may comprise or be coupled to other units or modules etc. for transmission and/or reception, such as radio parts or radio heads. Although these means are described as one entity, the different modules and memories may be implemented in one or more physical or logical entities.

It should be noted that while some embodiments have been described with respect to 5G networks, similar principles may also be applied to other networks and communication systems. Thus, while certain embodiments have been described above by way of example with reference to certain example architectures of wireless networks, technologies, and standards, embodiments may be applied to any other suitable form of communication system than that shown and described herein.

It should also be noted herein that while the above describes exemplifying embodiments, there are several variations and modifications which may be made to the disclosed solution without departing from the scope of the present invention.

In general, the various embodiments may be implemented in hardware or special purpose circuits, software, logic or any combination thereof. Some aspects of the disclosure may be implemented in hardware, while other aspects may be implemented in firmware or software which may be executed by a controller, microprocessor or other computing device, but the disclosure is not limited thereto. While various aspects of the disclosure may be illustrated and described as block diagrams, flow charts, or using some other pictorial representation, it is well understood that these blocks, apparatus, systems, techniques or methods described herein may be implemented in, as non-limiting examples, hardware, software, firmware, special purpose circuits or logic, general purpose hardware or controller or other computing devices, or some combination thereof.

As used herein, the term "circuitry" may refer to one or more or all of the following:

(a) Hardware-only circuit implementations (such as implementations in analog and/or digital circuitry only) and

(B) A combination of hardware circuitry and software, such as (as applicable):

(i) Combination of analog and/or digital hardware circuit(s) and software/firmware, and

(Ii) Any portion of the hardware processor(s), including digital signal processor(s), software, and memory(s) having software that work in concert to cause a device such as a mobile phone or server to perform various functions), and (c) hardware circuit(s) and/or processor(s), such as microprocessor(s) or portion of microprocessor(s), that require software (e.g., firmware) to operate, but when not required, software may not be present.

This definition of circuitry applies to all uses of this term in this application, including in any claims. As another example, as used in this disclosure, the term circuitry also encompasses hardware-only circuitry or a processor (or multiple processors) or an implementation of hardware circuitry or a portion of a processor and its accompanying software and/or firmware. For example, if applicable to the particular claim element, the term circuitry also includes a baseband integrated circuit or processor integrated circuit for a mobile device, or a similar integrated circuit in a server, a cellular network device, or other computing or network device.

Embodiments of the present disclosure may be implemented by computer software executable by a data processor of a mobile device, such as in a processor entity, or by hardware, or by a combination of software and hardware. Computer software or programs (also referred to as program products, including software routines, applets, and/or macros) can be stored in any apparatus-readable data storage medium and they include program instructions for performing particular tasks. The computer program product may include one or more computer-executable components configured to perform embodiments when the program is run. The one or more computer-executable components may be at least one software code or portion thereof.

Further in this regard, it should be noted that any blocks of the logic flows as shown in the figures may represent program steps, or interconnected logic circuits, blocks and functions, or a combination of program steps and logic circuits, blocks and functions. The software may be stored on a physical medium implemented within a processor such as a memory chip or memory block, a magnetic medium such as a hard disk or floppy disk, and an optical medium such as a DVD and its data variants CD. The physical medium is a non-transitory medium.

The memory may be of any type suitable to the local technical environment and may be implemented using any suitable data storage technology, such as semiconductor-based memory devices, magnetic memory devices and systems, optical memory devices and systems, fixed memory, and removable memory. The data processor may be of any type suitable to the local technical environment and may include one or more of a general purpose computer, a special purpose computer, a microprocessor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA), a gate level circuit, and a processor based on a multi-core processor architecture, as non-limiting examples.

Embodiments of the present disclosure may be implemented in various components, such as integrated circuit modules. The design of integrated circuits is generally a highly automated process. Complex and powerful software tools are available for converting a logic level design into a semiconductor circuit design for etching and forming on a semiconductor substrate.

The independent claims define the scope of protection sought for the various embodiments of the present disclosure. Embodiments and features (if any) described in this specification that do not fall within the scope of the independent claims are to be construed as examples of various embodiments that aid in the understanding of this disclosure.

The foregoing description provides a complete and informative description of the exemplary embodiments of the present disclosure by way of non-limiting example. However, various modifications and adaptations may become apparent to those skilled in the relevant arts in view of the foregoing description, when read in conjunction with the accompanying drawings and the appended claims. However, all such and similar modifications of the teachings of this disclosure will still fall within the scope of this invention as defined in the appended claims. Indeed, still other embodiments may include combinations of one or more embodiments with any of the other embodiments previously discussed.

Claims

1. An apparatus, comprising: at least one processor; and at least one memory storing instructions, wherein when the instructions are executed by the at least one processor, the apparatus at least:

receiving an indication of a length of at least a portion of a subscription identifier;

determining the subscription identifier based on the received indication;

encrypting the determined subscription identifier; and

The encrypted subscription identifier is provided to a network.

2 . The apparatus of claim 1 , wherein the apparatus is caused to extend the at least portion of the subscription identifier to the length.

3. The apparatus of claim 1, wherein the apparatus is caused to truncate the at least portion of the subscription identifier to the length.

4. The device according to any one of claims 1 to 3, wherein the length is fixed or variable.

5. The device according to any one of claims 1 to 4, wherein the length is a maximum length.

6. An apparatus according to any one of claims 1 to 5, wherein the apparatus is caused to receive the indication from a home network.

7. The apparatus according to any one of claims 1 to 6, wherein the apparatus is configured to receive the indication from an operator.

8. The apparatus of any one of claims 1 to 7, wherein the subscription identifier comprises a network access identifier.

9. The apparatus of claim 8, wherein the at least portion of the subscription identifier comprises a username.

10. An apparatus according to any one of claims 1 to 9, wherein the apparatus comprises a Universal Subscription Identifier Module (USIM) and is caused to provide an indication of the subscription identifier to a terminal comprising the USIM.

11. An apparatus, comprising: at least one processor; and at least one memory storing instructions, wherein when the instructions are executed by the at least one processor, the apparatus at least:

providing an indication of the length of at least part of the subscription identifier to a universal subscription identifier module USIM; and

An encrypted subscription identifier is received from the USIM, wherein the subscription identifier is determined at the USIM based on the provided indication.

12. The apparatus of claim 11, wherein the at least portion of the subscription identifier is extended to the length.

13. An apparatus according to claim 12, wherein the apparatus is caused to decrypt the encrypted subscription identifier and use the at least part of the subscription identifier other than the extension part.

14. The apparatus of claim 11, wherein the at least portion of the subscription identifier is truncated to the length.

15. The device according to any one of claims 11 to 14, wherein the length is fixed or variable.

16. The device according to any one of claims 11 to 15, wherein the length is a maximum length.

17. An apparatus according to any one of claims 11 to 16, wherein the apparatus is caused to provide the indication from a home network.

18. An apparatus according to any one of claims 11 to 17, wherein the apparatus is caused to provide the indication from an operator.

19. The apparatus of any one of claims 11 to 18, wherein the subscription identifier comprises a network access identifier.

20. The apparatus of claim 19, wherein the at least portion of the subscription identifier comprises a username.

21. A method comprising:

determining the subscription identifier based on the received indication;

encrypting the determined subscription identifier; and

The encrypted subscription identifier is provided to a network.

22. A method comprising:

23. An apparatus comprising components for:

determining the subscription identifier based on the received indication;

encrypting the determined subscription identifier; and

The encrypted subscription identifier is provided to a network.

24. An apparatus comprising components for:

An encrypted subscription identifier is received from the USIM, wherein the subscription identifier is determined at the user equipment based on the provided indication.

25. A computer-readable medium comprising program instructions for causing an apparatus to at least perform the following:

determining the subscription identifier based on the received indication;

encrypting the determined subscription identifier; and

The encrypted subscription identifier is provided to a network.

26. A computer-readable medium comprising program instructions for causing an apparatus to at least perform the following: