[go: up one dir, main page]

WO2025045352A1 - Accès assisté par réseau à des données locales sécurisées - Google Patents

Accès assisté par réseau à des données locales sécurisées Download PDF

Info

Publication number
WO2025045352A1
WO2025045352A1 PCT/EP2023/073667 EP2023073667W WO2025045352A1 WO 2025045352 A1 WO2025045352 A1 WO 2025045352A1 EP 2023073667 W EP2023073667 W EP 2023073667W WO 2025045352 A1 WO2025045352 A1 WO 2025045352A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
memory
network node
access
access key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
PCT/EP2023/073667
Other languages
English (en)
Inventor
Niklas LINDSKOG
Patrik Salmela
Jukka Ylitalo
Jaime JIMÉNEZ
Petri Mikael Johansson
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Telefonaktiebolaget LM Ericsson AB
Original Assignee
Telefonaktiebolaget LM Ericsson AB
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Telefonaktiebolaget LM Ericsson AB filed Critical Telefonaktiebolaget LM Ericsson AB
Priority to PCT/EP2023/073667 priority Critical patent/WO2025045352A1/fr
Publication of WO2025045352A1 publication Critical patent/WO2025045352A1/fr
Pending legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/63Location-dependent; Proximity-dependent
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/107Network architectures or network communication protocols for network security for controlling access to devices or network resources wherein the security policies are location-dependent, e.g. entities privileges depend on current location or allowing specific operations only from locally connected terminals
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/63Location-dependent; Proximity-dependent
    • H04W12/64Location-dependent; Proximity-dependent using geofenced areas
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2111Location-sensitive, e.g. geographical location, GPS
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless

Definitions

  • This disclosure relates to network-assisted access to secured local data.
  • 5G fifth generation
  • NPN non-public networks
  • an NPN can be deployed without relying on network functions provided by a public land mobile network (PLMN).
  • PLMN public land mobile network
  • This NPN is called a standalone NPN (SNPN).
  • SNPN is a standalone 5G network which does not rely on network functions provided by a PLMN but may possibly utilize a radio access network (RAN) of a PLMN.
  • RAN radio access network
  • SNPN may be operated by an entity that is not a wireless carrier.
  • entity is an enterprise.
  • an NPN can be deployed by at least partly utilizing the infrastructure of a PLMN.
  • This NPN is called a public network integrated NPN (PNI-NPN).
  • PNI-NPN public network integrated NPN
  • the subscription credentials are managed by the PLMN.
  • PNI-NPN can be deployed as a network slice in the PLMN or as an external data network in which some network functions (NFs) of the NPN can be run.
  • NFs network functions
  • the NFs in the PLMN and the NFs in the external data network may communicate with each other (e.g., performing service-based architecture (SBA)-based communication between the NFs) over a secure connection, e.g., an IPsec tunnel.
  • SBA service-based architecture
  • CSG Closed Subscriber Groups
  • CAG Closed Access Groups
  • CSG defined in 3GPP Technical Specification (TS) 23.401
  • CAG Closed Access Groups
  • Both provide access control on a cell level, meaning that one can reserve a cell and radio resources to a subset of subscriptions. This can be used, for example, to provide more reliable performance to those subscriptions and isolate their traffic from other subscribers’ traffic.
  • CSG which is meant for small cells
  • UEs user equipments
  • subscriptions that are authorized to access a CSG cell will have a corresponding CSG ID in their subscription information.
  • the CSG ID and/or the subscription information may be available to the UE and stored in the core network (e.g., home subscriber server (HSS)).
  • HSS home subscriber server
  • the network e.g., mobility management entity (MME)
  • MME mobility management entity
  • the eNBs may advertise the CSG(s) they support so the UE knows where the UE can and/or cannot try to attach.
  • CAG is basically very similar to CSG.
  • the addition introduced with CAG is that it is possible to restrict a UE to only attach to CAG cells, while, with CSG, both CSG cells and non-CSG cells can always be used by the UE/subscription.
  • the primary usage of CAG is for limiting access to cells dedicated for NPN use.
  • a factory deploying an NPN may rely on RAN access from a public operator. They might have an agreement that, in a certain factory location, certain cells should be dedicated for NPN use to guarantee radio performance for factory equipments, even in high network load times (e.g., new year, etc.), and to provide isolation for traffic associated with the factory equipments.
  • An external application function can interact with a mobile network operator (MNO) and get information via an NEF.
  • MNO mobile network operator
  • the AF can get an AF specific external identifier for UE(s) and/or subscription(s) (e.g., as disclosed in 3GPP TS 23.5024. 15.10/4.15.3.2.13), and can later use it to address specific UE(s) with requests via the NEF.
  • the AF can subscribe to and/or unsubscribe from events via the NEF.
  • the NEF can be requested to monitor certain event(s) (e.g., as disclosed in 3GPP TS 23.502, 4.15.3.1), and may perform a reporting based on the monitoring of the event(s).
  • One type of the reporting is “Location Reporting,” which can be a one-time reporting or a continuous location reporting.
  • the continuous location reporting may provide information when an access management function (AMF) is made aware of a location change of a UE.
  • AMF access management function
  • the AMF can provide a notification when the UE moves in and/or moves out of “Area of Interest” (e.g., see TS 23.502 5.2.2.3.1/D.1).
  • the granularity of a location can be based on a cell level (e.g., using a cell identifier (ID)) or a tracking area (TA) level.
  • the granularity of a location may be based on a geodetic shape (e.g., polygons, circles, etc.) and/or civic addresses.
  • One way to prevent such exposure is limiting where the data can be handled by the user (e.g., accessed by the user).
  • the company may limit such that the stored data can only be handled in a secure environment (e.g., within the company’s premise).
  • the data owner cannot easily and securely limit where the stored data can be handled. For example, even when the user’s access to the confidential data stored in the user’s device is set to be limited based on a GPS coordinate of the user’s device, the GPS coordinate can be easily spoofed. Thus, limiting the user’s access to the confidential data based on the device’s GPS coordinate may not be safe. Also, once the data owner gives the user an access to the data locally stored in the user’s device, it may be difficult for the data owner to block and/or restrict the user’s access to the data at a later stage. Furthermore, in case the user accesses the confidential data without the data owner’s authorization, it may be difficult for the data owner to apply a penalty to the user for the user’s unauthorized access.
  • a method performed by a first network node.
  • the method comprises obtaining location information which indicates a location of a user equipment (UE), and based on the location of the UE, determining whether to transmit, to the UE, an access key for accessing secured data stored in at least one memory of the UE.
  • the method further comprises, based on the determination, transmitting the access key to the UE.
  • UE user equipment
  • a method performed by a user equipment comprises receiving, from a network node, an access key for accessing secured data stored in at least one memory of the UE, and using the access key, accessing the secured data stored in said at least one memory of the UE, wherein transmission of the access key from the network node to the UE is performed based on a determined location of the UE.
  • a carrier containing the computer program of the above embodiment, wherein the carrier is one of an electronic signal, an optical signal, a radio signal, and a computer readable storage medium.
  • a first network node configured to obtain location information which indicates a location of a user equipment (UE).
  • the first network node is further configured to, based on the location of the UE, determine whether to transmit, to the UE, an access key for accessing secured data stored in at least one memory of the UE.
  • the first network node is further configured to, based on the determination, transmit the access key to the UE.
  • a user equipment UE.
  • the UE is configured to receive, from a network node, an access key for accessing secured data stored in at least one memory of the UE; and using the access key, access the secured data stored in said at least one memory of the UE, wherein transmission of the access key from the network node to the UE is performed based on a determined location of the UE.
  • an apparatus comprising a processing circuitry; and a memory, said memory containing instructions executable by said processing circuitry, whereby the apparatus is operative to perform the method of any one of the above embodiments.
  • some embodiments of this disclosure allow the data owner to detect the user’s non-compliance (e.g., the user’s continued unauthorized access to the confidential/sensitive data even after the data owner requested the user to stop accessing the data), to request for the user’s compliance, and to limit the user’s unauthorized access after the user’s non-compliance. Additionally, by providing a trusted component within the UE, in some embodiments, other components of the UE don’t have to be trusted as long as the integrity of the trusted component is intact.
  • FIG. 1 shows a system according to some embodiments.
  • FIG. 2 shows a user equipment (UE) according to some embodiments.
  • FIG. 3 shows a process according to some embodiments.
  • FIG. 4 shows a process according to some embodiments.
  • FIG. 5 shows a process according to some embodiments.
  • FIG. 6 shows an apparatus according to some embodiments.
  • FIG. 7 shows an apparatus according to some embodiments.
  • FIG. 1 shows a system 100 according to some embodiments.
  • the system 100 may comprise a base station (e.g., gNB, eNB, a WiFi router, etc.) 104 providing networks for areas 112, 114, and 116, and a base station 106 providing a network for area 118.
  • a base station e.g., gNB, eNB, a WiFi router, etc.
  • Each of the areas 112-118 may correspond to a different geographical area and/or a different cell area.
  • each area may be associated with a different cell identifier (ID).
  • ID cell identifier
  • the base station 104 may provide networks for all three areas 112-116, and the base station 106 may provide a network for the area 118. But, in different embodiments, a different base station may be used to provide a network for each of the areas 112-118.
  • a base station may be broadly referred as a network node.
  • the base station 104 may provide a network for a certain company. More specifically, the base station 104 may be configured to provide a network for the employees’ UEs (e.g., a UE 102) located within the company’s premises 120. In this exemplary scenario, the areas 112-116 may be included within the company’s premises 120 while the area 118 is located outside the company’s premises 120.
  • the employees’ UEs e.g., a UE 102 located within the company’s premises 120.
  • the areas 112-116 may be included within the company’s premises 120 while the area 118 is located outside the company’s premises 120.
  • the UE 102 may include one or more memories (hereinafter “UE memory”) 204 and an access management component (AMC) 202.
  • the UE memory 204 may be configured to store secured data (e.g., locked data), and the AMC 202 may be configured to store a security key (e.g., a private key of the AMC 202) and control handling of the secured data (e.g., controlling access to the secured data).
  • the secured data may be the company’s confidential information.
  • the data stored in the UE memory 204 may be “secured” in different ways.
  • the UE 102 may freely access the UE memory 204, but the data stored in the UE memory 204 may be encrypted, thereby “securing” the data.
  • the UE 102 may access the UE memory 204, retrieve the encrypted data, and then decrypt the encrypted data using an access key, in order to read the data.
  • the UE 102 may encrypt, using an access key, data to be written, and then write the encrypted data into the UE memory 204.
  • the data stored in the UE memory 204 may be “secured” by locking the UE memory 204, meaning that the UE 102 cannot freely access the UE memory 204.
  • the UE 102 in order to access the secured data stored in the UE memory 204, the UE 102 must unlock the locked UE memory 204 first using an access key, and then access the data stored in the UE memory 204.
  • the UE 102 in order to write data into the UE memory 204, the UE 102 must first unlock the locked UE memory 204 using an access key, and then write data into the unlocked UE memory 204.
  • the AMC 202 of the UE 102 may be referred as a “trusted component” because it is entrusted to control handling of the secured data.
  • the AMC 202 of the UE 102 may include an inline component placed between the UE memory 204 and the controller of the UE memory 204, and the AMC 202 may be configured to encrypt data to be written to the UE memory 204 and/or decrypt data read from the UE memory 204.
  • the AMC 202 of the UE 102 may include a component responsible for encrypting (locking) and/or decrypting (unlocking) a memory region.
  • the AMC 202 of the UE 102 may include a memory controller which is configured to authorize accessing the UE memory 204 when it has an access key (e.g., a token) in its register and/or block access to the UE memory 204 when it does not have the access key.
  • the AMC 202 of the UE 102 may be configured to perform a self-test functionality for determining whether the AMC 202 has been tampered.
  • the company in case the secured data is the company’s confidential information, it may be desirable for the company to restrict the employee’s access to the secured data such that the secured data can only be accessed when the UE 102 is in the company’s premises 120. In other words, it may be desirable to restrict the UE 102’s access to the secured data such that the UE 102 can access the secured data only when the UE 102 is in one of the areas 112-116. On the other hand, in case the UE 102 is in the area 108 which is outside the company’s premises 120, it may be desirable for the company not to allow the UE 102 to access the secured data.
  • a process 300 shown in FIG. 3 for managing the UE 102’s access to the secured data is provided.
  • the process 300 may begin with step s302.
  • the step s302 comprises the UE 102 successfully connecting to a network provided by the base station 104 within the area 112.
  • the network may be a public network, a non-public network, or may correspond to a closed access group (CAG) cell.
  • CAG closed access group
  • the step s304 comprises the UE 102 transmitting, to the network node 122, a request for the access key.
  • a request for the access key may be either an explicit request or an implicit request.
  • the UE 102 may be triggered to transmit, to the network node 122, an explicit request for the access key.
  • the UE 102 may simply inform the network node 122 that the UE 102 is now connected to a certain part of the network (e.g., a network within the area 112). More specifically, the UE 102 may transmit, to the network node 122, a notification message indicating that the UE 102 is currently connected to a network within the area 112.
  • the notification message may include a cell ID identifying a cell corresponding to the area 112.
  • FIG. 3 shows that the request for the access key is transmitted by the UE 102. However, in some embodiments, such request may be transmitted to the network node 122 by a different network entity.
  • the network node 124 may analyze the measurements of the strengths of the received signals, thereby triangulating the position of the UE 102.
  • the request for the access key that the UE 102 transmitted to the network node 122 in step s304 may already include the location information indicating the current location of the UE 102.
  • the steps s306 and s308 may be skipped.
  • the steps s306 and s308 may be performed even when the request for the access key that the UE 102 transmitted to the network node 122 includes the location information.
  • the network node 122 may compare the location information it received from the UE 102 with the location information that it received from the network node 124, and the process 300 may proceed to step s308 only when the location information the network node 122 received from the UE 102 and the location information the network node 122 received from the network node 124 are the same.
  • the process 300 may proceed to step s310 only when the location information the network node 122 received from the UE 102 and the location information the network node 122 received from the network node 124 are the same.
  • the process 300 may proceed to step s314.
  • the network node 122 may check whether the UE 102 is currently in at least one of the areas where the UE 102 is allowed to access the secured data stored in the UE memory 204. More specifically, in some embodiments, the network node 122 may include one or more memories (hereinafter, “network memory”) storing a list of one or more area IDs identifying areas where the UE 102 is allowed to access the secured data stored in the UE memory 204.
  • network memory hereinafter, “network memory”
  • the UE 102 is allowed to access the secured data when the UE 102 is in any one or more of the areas 112-116 and, as shown below, a list of cell IDs identifying cells corresponding to the areas 112-116 may be stored in the network memory.
  • the network node 122 may check whether the cell ID identifying the current location of the UE is included in the list of cell IDs identifying cells where the UE 102 is allowed access the secured data stored in the UE memory 204.
  • the network node 122 may transmit, to the UE 102, the access key and optionally a value of a freshness parameter, which indicates the freshness of the access key. For example, when the network node 122 transmits, to the UE 102, an access key at time t 0 , the network node 122 may transmit a value of the freshness parameter FP 0 .
  • the network node 122 may transmit a value of the freshness parameter FP .
  • the UE 102 may determine that the network node 122’s transmission of the second access key is not a retransmission.
  • the value of the freshness parameter may be a value of a counter which hinders a previously sent message, e.g., containing the access key, to be accepted by the AMC.
  • the freshness of the access key may indicate how long ago the access key was generated and/or how long ago the access key was transmitted from the network node 122.
  • the network node 122 may encrypt and optionally protect the integrity of the access key (and the value of the freshness parameter), and transmit the encrypted key (and the encrypted value of the freshness parameter) to the UE 102.
  • the network node 122 may encrypt and/or protect the integrity of the access key and/or the value of the freshness parameter using security key(s) (e.g., encryption key(s)).
  • security key(s) is a public key of the AMC 202 of the UE 102.
  • the network node 122 may transmit, to the UE 102, a rejection message indicating that the UE 102’s request is rejected or a notification indicating that the UE 102 is not authorized to access the secured data and/or the UE memory of the UE 102.
  • the network node 122 may choose not to respond to the UE 102 if it is not in any of the areas where the UE 102 is allowed to access the secured data.
  • the UE 102 may provide the received access key to the AMC 202 of the UE 102.
  • the AMC 202 of the UE 102 may decrypt the encrypted access key using a decryption key.
  • the encryption key and the decryption key are the same. But, in other embodiments, the encryption key and the decryption key are different.
  • the encryption key may be a public key of the AMC 202 while the decryption key may be a private key of the AMC 202.
  • the AMC 202 of the UE 102 may also check the integrity of the access key and determine whether the integrity of the access key is valid.
  • the UE 102 may determine that the current access key is fresh only if the value of the freshness parameter FP 1 (corresponding to the later received access key) is greater than the value of the freshness parameter FP 0 (corresponding to the earlier received access key).
  • the value of the freshness parameter must be previously unseen or strictly larger than the last freshness value.
  • the UE 102 may compare the value of the freshness parameter to a threshold value and determine that the access key is fresh (and thus it is okay to use the access key to access the secured data) in case the value of the freshness parameter is less than the threshold value.
  • the value of the freshness parameter may indicate how long ago the access key was transmitted from the network node 122, and the UE 102 may be configured to determine that the access key is fresh only if the value of the freshness parameter is less than a threshold time period.
  • the process 200 may proceed to step s318.
  • the AMC 202 of the UE 102 may store the decrypted (and optionally verified) access key into a storage medium (e.g., a memory of a crypto component) and use the access key to access the secured data.
  • the AMC 202 of the UE 102 may access the encrypted data and decrypt the encrypted data using the access key.
  • the AMC 202 of the UE 102 may unlock (e.g., decrypt) the UE memory 204, and access and read the data stored in the unlocked UE memory 204.
  • the UE 102 may write new data in the UE memory 204.
  • the UE 102 may encrypt the new data and store the encrypted new data in the UE memory 204.
  • the UE 102 may store the new data in the UE memory 204 and lock (e.g., encrypt) the UE memory 204 after the storing.
  • These processes of encrypting, decrypting, locking, and unlocking may be performed seamlessly (e.g., without the process and/or the application requiring the access to the secured data being aware of the occurrences of the processes).
  • the processes of encrypting, decrypting, locking, and unlocking may be performed by configuring the process and/or the application to directly interact with the AMC 202 of the UE 102 and to explicitly request the occurrences of the processes.
  • the UE 102 may read data stored in the UE memory 204 or write data into the UE memory 204 (which is network-protected). But the UE 102 may not move, from the UE memory 204, data stored in the UE memory 204, or copy data stored in the UE memory 204.
  • the AMC 202 of the UE 102 (or an external memory controller controlling the UE memory 204) may prevent the UE 102’s attempt to move or copy the data stored in the UE memory 204.
  • the AMC may further require other means for the UE 102 to extract the data, e.g., taking screenshots, to be disabled when accessing the data.
  • step s320 There may be a scenario where, after the UE 102 obtains access to the secured data, in step s320, the UE 102 moves to another area (e.g., the area 108) where the UE is not allowed to access the secured data and/or becomes to be connected (and/or authenticated to) to a different network at which the UE is not allowed to access the secured data.
  • the UE 102 may detect the UE 102’s such movement and/or such connection to a different network, and then, in step s324, the UE 102 may inform the AMC 202 the UE 102’s such movement and/or such connection to the different network.
  • the AMC 202 of the UE 102 may automatically delete the access key (e.g., from the crypto component). Additionally, the AMC 202 (and/or other component(s) in the UE 102) may notify the network node 122 that the UE 102 has deleted the access key. For example, in step s328, the UE 102 may transmit to the network node 122 a proof-of-removal of the access key. In some embodiments, this proof-of-removal may be encrypted and/or the integrity of the proof-of-removal may be protected using security key(s) (e.g., a private key of the AMC 202 of the UE 102). Alternatively, or additionally, when transmitting the proof-of- removal, the UE 102 may also transmit a value of a freshness parameter, which indicates the freshness of the proof-of removal.
  • security key(s) e.g., a private key of the AMC 202 of the UE 102
  • the network node 122 may decrypt, using a security key (e.g., the public key of the AMC of the UE 102) the encrypted proof-of removal and the encrypted value of the freshness parameter, check the integrity of the proof-of-removal and the value of the freshness parameter, and/or check the freshness of the proof-of-removal.
  • a security key e.g., the public key of the AMC of the UE 102
  • the way that the network node 122 checks the value of the freshness parameter for the proof-of-removal is similar to the way that the UE 102 checks the value of the freshness parameter for the access key.
  • the network node 124 may notify the network node 122 that the UE 102 has exited the area where the UE 102 is allowed to access the secured data.
  • the network node 122 may request the network node 124 to transmit a notification to the network node 122 when the UE 102 exists the area 112 (i.e., the area where the UE 102 is allowed to access the secured data stored in the UE memory).
  • the network node 122 may request the network node 124 to continuously report the current location of the UE 102. Alternatively, the network node 122 may request the network node 124 to report the current location of the UE 102 only when the UE 102 exits the area where the UE 102 is allowed to access the secured data and/or only when the UE 102 enters into the area where the UE 102 is allowed to access the secured data. [0070] Once the network node 122 receives such notification from the network node 124, the network node 122 would know that it should receive, from the UE 102, the proof-of-removal of the access key.
  • the network node 122 may wait for a predetermined time interval and in case the network node 122 does not receive such proof-of removal from the UE 102 within the predetermined time period, in step s332, the network node 122 may contact the UE 102 and explicitly requests the UE 102 to delete the access key and transmit, to the network node 122, the proof-of removal.
  • the AMC in the UE may require the UE 102 to continuously report the details of the network it is connected to (e.g., cell ID). Absence of said information for more than a threshold of time, may trigger the AMC to perform the step s326 without any indication received from the network.
  • the network node 122 may mark the UE 102 as a non-compliant UE and take an appropriate action against the UE 102.
  • One example of the action that can be taken against the non-compliant UE is the network node 122 instructing the UE’s home network (e.g., via an NEF) to temporarily block the UE’s access to the network. Note that, even in case that the UE 102’s access to the network is temporarily blocked, the UE 102 may still be allowed to transmit the proof-of- removal to the network node 122.
  • the action against the UE 102 may result in the subscription currently being used to access the network using the UE and / or the International Mobile Subscriber Identity (IMSI) of the UE being blacklisted by the network until compliance have been re-established.
  • IMSI International Mobile Subscriber Identity
  • Network node 122 e.g., a key enterprise server
  • the network node 122 may transmit, to the UE 102, a request to delete the access key.
  • the UE 102 is a malicious UE, and thus attempts to access the secured data even after exiting the allowed area.
  • the UE 102 may prevent the AMC 202 of the UE 102 from receiving the deletion request transmitted from the network node 122.
  • the network node 122 may be configured to continuously transmit, to the UE 102, a message (which is encrypted and/or signed by the network node 122) with a value of a freshness parameter indicating the freshness of the message.
  • the AMC 202 of the UE 102 may be configured to monitor the receipt of such message, and in case, the AMC 202 does not receive such message within a predefined threshold time interval, the AMC 202 may be configured to delete the access key.
  • the malicious UE may attempt to perform replay attacks, e.g., re-transmitting, to the network node 122, an old proof-of-removal message.
  • replay attacks e.g., re-transmitting
  • the UE 102 may be configured to transmit a value of a freshness parameter (e.g., timestamps and/or counter values), which indicates the freshness of the proof-of-removal message.
  • a freshness parameter e.g., timestamps and/or counter values
  • the AMC 202 of the UE 102 may receive the next access key from the network node 122.
  • the AMC 202 may derive the next access key using a key derivation function based on the current access key.
  • an instruction to lock (e.g., encrypt) data e.g., re-encrypting the secured data and/or the UE memory
  • the UE 102 may use the next access key to re-encrypt data before deleting both keys from its memory.
  • the UE 102 may receive the next access key as well as another next access key.
  • the AMC 202 of the UE 102 is equipped with self-test circuitry which is supplied as input to the crypto component. This can be used to corrupt the signature if the self-test is not OK or to add a bit indicating the status into the proof-of-removal message, signed by the AMC 202.
  • the network node 122 may ask, via a network exposure function (NEF), a mobile network operator (MNO) to verify the location of the UE 102 using UE assisted measurements.
  • NEF network exposure function
  • MNO mobile network operator
  • the MNO may transmit to the UE 102 a request to measure beacons heard from surrounding base stations and provide its feedback to the MNO, where the location management function (LMF) can estimate the location of the UE 102 based on the measurements.
  • LMF location management function
  • This communication may be protected with control plane security such that a Man-in-the-middle (MITM) cannot modify it.
  • MITM Man-in-the-middle
  • the user of the UE 102 may further need to authenticate itself using non-network credentials, e.g., signum and password, prior to receiving the access key. Said credentials may be verified by an enterprise server or security function connected to the enterprise server, as a part of the methods described.
  • non-network credentials e.g., signum and password
  • FIG. 4 shows a process 400 performed by the network node 122 according to some embodiments.
  • the process 400 may begin with step s402.
  • the step s402 comprises obtaining location information which indicates a location of the UE 102.
  • Step s404 comprises based on the location of the UE, determining whether to transmit, to the UE, an access key for accessing secured data stored in at least one memory of the UE.
  • Step s406 comprises, based on the determination, transmitting the access key to the UE.
  • the process 400 comprises transmitting, to a second network node, a request for the location information, wherein obtaining the location information comprises receiving the location information from the second network node based on transmitting the request to the second network node.
  • the request for the location information is a request for the second network node to provide, to the first network node, the location information only when a certain condition is satisfied.
  • the certain condition is that the UE has entered or left a certain area.
  • the first network node includes at least one memory, and one or more area identifiers identifying one or more areas in which the UE is allowed to access the secured data stored in said at least one memory of the UE are stored in said at least one memory of the first network node.
  • determining whether to transmit the access key to the UE comprises determining whether the location of the UE is in at least one of the areas identified by the area identifiers.
  • the process 400 comprises determining that the location of the UE is in a first area identified by one of the area identifiers; and transmitting, to the second network node, a request to notify the first network node when the UE leaves the first area.
  • the UE is configured to store the access key in a memory of the UE
  • the process 400 comprises: receiving, from the second network node, a notification indicating that the UE has left the first area; and based on receiving the notification, waiting for the UE to transmit, to the first network node, a deletion confirmation message indicating that the UE has deleted the access key stored in the memory of the UE.
  • the process 400 comprises determining that the deletion confirmation message is not received within a predefined time period; and based at least on the determination, (i) transmitting, to the UE, a deletion request, requesting the UE to delete the access key, (ii) flagging the UE, and/or (iii) transmitting a request to block the UE’s access to a network.
  • the process 400 comprises receiving the deletion confirmation message indicating that the UE has deleted the access key, wherein the deletion confirmation message includes a signature created using an integrity protection key; and verifying the signature of the deletion confirmation message using an integrity verification key, wherein the integrity protection key and the integrity verification key are the same or different.
  • the integrity protection key and the integrity verification key are different, the integrity protection key is a private key of the UE’s access management component, AMC, for managing access to the secured data stored in said at least one memory of the UE, and the integrity verification key is a public key of the AMC.
  • the deletion confirmation message comprises a value of a freshness parameter associated with the deletion confirmation message, and the value of the freshness parameter indicates freshness of the deletion confirmation message.
  • the transmitted access key is encrypted using an encryption key.
  • the UE comprises an access management component, AMC, for managing access to the secured data stored in said at least one memory of the UE, and the AMC is configured to decrypt the encrypted access key using a decryption key.
  • AMC access management component
  • the encryption key for encrypting the transmitted access key and the decryption key for decrypting the encrypted access key are the same.
  • the encryption key for encrypting the transmitted access key is a public key of the AMC; and the decryption key for decrypting the encrypted access key is a private key of the AMC.
  • the process 400 comprises transmitting a value of a freshness parameter, which indicates freshness of the access key, wherein the AMC of the UE is configured to: check the freshness of the access key based on the value of the freshness parameter; and access the secured data stored in said at least one memory of the UE using the access key based on the checked freshness of the access key.
  • the process 400 comprises receiving, from the UE, a message (i) indicating that the UE is connected to a network and/or (ii) requesting for the access key, wherein whether to transmit the access key to the UE is determined based at least on receiving the message.
  • the process 400 comprises transmitting a request to verify a validity of the location of the UE; and receiving a response to the request indicating whether the validity of the location of the UE is confirmed or not, wherein the validity of the location of the UE is checked based on one or more measurements performed by the UE.
  • the process 400 comprises transmitting a request to provide, to the first network node, a location of the UE which is determined based on a measurement performed by the UE; receiving a response to the request, which indicates the location of the UE determined based on the measurement performed by the UE; and verifying a validity of the location of the UE indicated in the location information using the location of the UE which is determined based on the measurement performed by the UE.
  • FIG. 5 shows a process 500 performed by the UE 102 according to some embodiments.
  • the process 500 may begin with step s502.
  • the step s502 comprises receiving, from the network node 122, an access key for accessing secured data stored in at least one memory of the UE.
  • Step s504 comprises, using the access key, accessing the secured data stored in said at least one memory of the UE, wherein transmission of the access key from the network node to the UE is performed based on a determined location of the UE.
  • the process 500 comprises receiving one or more signals transmitted via a cellular network; and reporting the signal strength of said one or more signals received via the cellular network, wherein the location of the UE is determined based on the reporting of the signal strength of said one or more signals.
  • accessing the secured data stored in said at least one memory of the UE comprises: accessing said at least one memory, decrypting encrypted data stored in said at least one memory, and reading the decrypted data; or unlocking said at least one memory which is locked, accessing the unlocked memory, and reading data stored in the unlocked memory.
  • the network node includes at least one memory, and one or more area identifiers identifying one or more areas in which the UE is allowed to access the secured data stored in said at least one memory of the UE are stored in said at least one memory of the network node.
  • the transmission of the access key from the network node to the UE is performed based on determining that the location of the UE is in at least one of the areas identified by the area identifiers.
  • the UE comprises an access management component, AMC, for managing access to the secured data stored in said at least one memory of the UE, and the encryption key is a public key of the AMC.
  • AMC access management component
  • the process 500 comprises decrypting the access key using a decryption key of the AMC.
  • the process 500 comprises receiving, from the network node, a value of a freshness parameter associated with the access key, wherein the value of the freshness parameter indicates freshness of the access key; and checking the freshness of the access key, wherein accessing the secured data stored in said at least one memory of the UE using the access key is performed based on the checked freshness of the access key.
  • the process 500 comprises storing the decrypted access key in a different memory of the UE; detecting (i) that the UE has moved from a first location to a second location, (ii) that a network associated with the first location is no longer available to the UE, or (iii) that a time threshold has been reached since last receiving an area identifier from the UE; and based on the detection, deleting the access key stored in the different memory of the UE.
  • the process 500 comprises based on the detection, encrypting the decrypted data stored in said at least one memory using an encryption key; or based on the detection, locking said at least one memory using an encryption key.
  • the process 500 comprises transmitting to the network node a deletion confirmation message indicating that the UE has deleted the access key.
  • integrity of the deletion confirmation message is protected using the private key of the AMC.
  • the deletion confirmation message comprises a value of a freshness parameter associated with the deletion confirmation message, and the value of the freshness parameter indicates freshness of the deletion confirmation message.
  • the process 500 comprises transmitting, to the network node, a message (i) indicating that the UE is connected to a network and/or (ii) requesting for the access key, wherein the UE receives the access key from the network node based on transmitting the message.
  • FIG. 6 is a block diagram of the UE 102, according to some embodiments.
  • UE 102 may comprise: processing circuitry (PC) 602, which may include one or more processors (P) 655 (e.g., one or more general purpose microprocessors and/or one or more other processors, such as an application specific integrated circuit (ASIC), field-programmable gate arrays (FPGAs), and the like); communication circuitry 648, which is coupled to an antenna arrangement 649 comprising one or more antennas and which comprises a transmitter (Tx) 645 and a receiver (Rx) 647 for enabling UE 102 to transmit data and receive data (e.g., wirelessly transmit/receive data); and a storage unit (a.k.a., “data storage system”) 608, which may include one or more non-volatile storage devices and/or one or more volatile storage devices.
  • PC processing circuitry
  • P processors
  • ASIC application specific integrated circuit
  • FPGAs field-programmable gate arrays
  • a computer readable storage medium may be provided.
  • CRSM 642 may store a computer program (CP) 643 comprising computer readable instructions (CRI) 644.
  • CP computer program
  • CRI computer readable instructions
  • CRSM 642 may be a non-transitory computer readable medium, such as, magnetic media (e.g., a hard disk), optical media, memory devices (e.g., random access memory, flash memory), and the like.
  • the CRI 644 of computer program 643 is configured such that when executed by PC 602, the CRI causes UE 102 to perform steps described herein (e.g., steps described herein with reference to the flow charts).
  • UE 102 may be configured to perform steps described herein without the need for code. That is, for example, PC 602 may consist merely of one or more ASICs. Hence, the features of the embodiments described herein may be implemented in hardware and/or software.
  • FIG. 7 is a block diagram of a network node 700 which can implement any of the network nodes 122 and 124, according to some embodiments.
  • network node 700 may comprise: processing circuitry (PC) 702, which may include one or more processors (P) 755 (e.g., one or more general purpose microprocessors and/or one or more other processors, such as an application specific integrated circuit (ASIC), field-programmable gate arrays (FPGAs), and the like), which processors may be co-located in a single housing or in a single data center or may be geographically distributed (e.g., network node 700 may be a distributed computing apparatus comprising two or more computers or a monolithic computing apparatus consisting of a single computer); at least one network interface 748 (e.g., a physical interface or air interface) comprising a transmitter (Tx) 745 and a receiver (Rx) 747 for enabling network node 700 to transmit data to and receive data from other nodes connected to network
  • PC processing circuitry
  • a computer readable storage medium (CRSM) 742 may be provided.
  • CRSM 742 may store a computer program (CP) 743 comprising computer readable instructions (CRI) 744.
  • CP computer program
  • CRSM 742 may be a non-transitory computer readable medium, such as, magnetic media (e.g., a hard disk), optical media, memory devices (e.g., random access memory, flash memory), and the like.
  • the CRI 744 of computer program 743 is configured such that when executed by PC 702, the CRI causes network node 700 to perform steps described herein (e.g., steps described herein with reference to the flow charts).
  • network node 700 may be configured to perform steps described herein without the need for code. That is, for example, PC 702 may consist merely of one or more ASICs. Hence, the features of the embodiments described herein may be implemented in hardware and/or software.
  • transmitting a message “to” or “toward” an intended recipient encompasses transmitting the message directly to the intended recipient or transmitting the message indirectly to the intended recipient (i.e., one or more other nodes are used to relay the message from the source node to the intended recipient).
  • receiving a message “from” a sender encompasses receiving the message directly from the sender or indirectly from the sender (i.e., one or more nodes are used to relay the message from the sender to the receiving node).

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • Bioethics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Computing Systems (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

L'invention concerne un procédé mis en œuvre par un premier nœud de réseau. Le procédé consiste à obtenir des informations d'emplacement qui indiquent un emplacement d'un équipement utilisateur (UE), et sur la base de l'emplacement de l'UE, à déterminer s'il faut transmettre, à l'UE, une clé d'accès pour accéder à des données sécurisées stockées dans au moins une mémoire de l'UE. Le procédé consiste en outre, sur la base de la détermination, à transmettre la clé d'accès à l'UE
PCT/EP2023/073667 2023-08-29 2023-08-29 Accès assisté par réseau à des données locales sécurisées Pending WO2025045352A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/EP2023/073667 WO2025045352A1 (fr) 2023-08-29 2023-08-29 Accès assisté par réseau à des données locales sécurisées

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/EP2023/073667 WO2025045352A1 (fr) 2023-08-29 2023-08-29 Accès assisté par réseau à des données locales sécurisées

Publications (1)

Publication Number Publication Date
WO2025045352A1 true WO2025045352A1 (fr) 2025-03-06

Family

ID=87863406

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2023/073667 Pending WO2025045352A1 (fr) 2023-08-29 2023-08-29 Accès assisté par réseau à des données locales sécurisées

Country Status (1)

Country Link
WO (1) WO2025045352A1 (fr)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020177449A1 (en) * 2000-05-24 2002-11-28 Mcdonnell James Thomas Edward Location-based data access control
US9330275B1 (en) * 2013-03-28 2016-05-03 Amazon Technologies, Inc. Location based decryption
US20170155505A1 (en) * 2015-11-29 2017-06-01 International Business Machines Corporation Securing enterprise data on mobile devices
US20170308713A1 (en) * 2016-04-22 2017-10-26 International Business Machines Corporation Context-Driven On-Device Data Protection

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020177449A1 (en) * 2000-05-24 2002-11-28 Mcdonnell James Thomas Edward Location-based data access control
US9330275B1 (en) * 2013-03-28 2016-05-03 Amazon Technologies, Inc. Location based decryption
US20170155505A1 (en) * 2015-11-29 2017-06-01 International Business Machines Corporation Securing enterprise data on mobile devices
US20170308713A1 (en) * 2016-04-22 2017-10-26 International Business Machines Corporation Context-Driven On-Device Data Protection

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
"3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; Procedures for the 5G System (5GS); Stage 2 (Release 15)", 19 March 2020 (2020-03-19), XP052454778, Retrieved from the Internet <URL:https://ftp.3gpp.org/tsg_sa/WG2_Arch/Latest_SA2_Specs/DRAFT_INTERIM/Archive/23502-f90_CRs_Implemented.zip 23502-f90_CRs_Implemented.docx> [retrieved on 20200319] *
3GPP TS 23.502

Similar Documents

Publication Publication Date Title
US20250211591A1 (en) Security lifecycle management of devices in a communications network
EP2630816B1 (fr) Authentification d&#39;identités de terminaux d&#39;accès dans des réseaux itinérants
US10162959B2 (en) Method and apparatus for providing subscriber identity module-based data encryption and remote management of portable storage devices
CN110312305B (zh) 终端设备的位置确定方法和设备
CN114268943B (zh) 授权方法及装置
US10897709B2 (en) Wireless network authorization using a trusted authenticator
CN102204305B (zh) 家用节点b设备以及安全协议
CN107018676B (zh) 用户设备与演进分组核心之间的相互认证
KR101869368B1 (ko) 보안 사용자 평면 위치(supl) 시스템들에서의 인증
US10440034B2 (en) Network assisted fraud detection apparatus and methods
US9674219B2 (en) Authenticating public land mobile networks to mobile stations
CN110537356A (zh) 对电信终端配置的安全更新
CN119547383A (zh) 加入通信网络的方法
US11522702B1 (en) Secure onboarding of computing devices using blockchain
CN115022850B (zh) 一种d2d通信的认证方法、装置、系统、电子设备及介质
EP3673675B1 (fr) Enregistrement d&#39;équipement utilisateur auprès d&#39;un réseau mobile terrestre public visité
EP3518491A1 (fr) Enregistrement ou authentification d&#39;un équipement utilisateur dans un réseau mobile terrestre public visité
WO2025045352A1 (fr) Accès assisté par réseau à des données locales sécurisées
WO2022183427A1 (fr) Procédé, dispositif et système de protection de numéro de séquence dans un réseau sans fil
EP4529251A2 (fr) Gestion d&#39;informations de consentement de propriétaire de ressource
WO2025239816A1 (fr) Procédés de mise en service d&#39;un véhicule aérien sans équipage lorsque l&#39;itinéraire de vol passe à travers des zones géographiques administrées par différents fournisseurs de services de système aérien sans équipage
WO2025082581A1 (fr) Authentification de référence multifactorielle
Ghasemi Najm et al. Making HeNB More Secure with Improved Secure Access Protocol and Analyzing It

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 23762246

Country of ref document: EP

Kind code of ref document: A1