[go: up one dir, main page]

WO2025008884A1 - Method and system for continued subscriber authentication - Google Patents

Method and system for continued subscriber authentication Download PDF

Info

Publication number
WO2025008884A1
WO2025008884A1 PCT/IN2024/050754 IN2024050754W WO2025008884A1 WO 2025008884 A1 WO2025008884 A1 WO 2025008884A1 IN 2024050754 W IN2024050754 W IN 2024050754W WO 2025008884 A1 WO2025008884 A1 WO 2025008884A1
Authority
WO
WIPO (PCT)
Prior art keywords
prn
pool
qrn
unit
determination
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
PCT/IN2024/050754
Other languages
French (fr)
Inventor
Adityakar Jha
Aayush Bhatnagar
Boddireddy Ajith REDDY
Deepak KATHURIA
Himanshu Singh CHAUHAN
Nitin Verma
Yog VASHISHTH
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jio Platforms Ltd
Original Assignee
Jio Platforms Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jio Platforms Ltd filed Critical Jio Platforms Ltd
Publication of WO2025008884A1 publication Critical patent/WO2025008884A1/en
Anticipated expiration legal-status Critical
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/065Continuous authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F7/00Methods or arrangements for processing data by operating upon the order or content of the data handled
    • G06F7/58Random or pseudo-random number generators

Definitions

  • the present disclosure relates generally to the field of wireless communication systems. More particularly, the present disclosure relates to methods and systems for continued subscriber authentication.
  • authentication keys are generated at said network servers.
  • UDM unified data management
  • HSS home subscriber server
  • HLR home subscriber register
  • QRNGs quantum random number generators
  • a QRNG module is a module that generates a series of random numbers for subscriber authentication and stores them in a local buffer or pool (for e.g., a Quantum Random Number (QRN) pool).
  • QRN Quantum Random Number
  • the QRN pool i.e., a pool of quantum random numbers generated by the QRNG module gets exhausted and authentication service is no longer available by the network servers (e.g., the U DM, the HSS, or the HLR). This impacts subscriber services and leads to service outages, which is not desirable.
  • Another object of the present disclosure is to ensure an uninterrupted operation and a dynamic facility for subscriber services by providing a fall-back mechanism in an event of occurrence of unexpected resource constraints.
  • Yet another object of the present disclosure is to provide continued service availability by offering support of fall back to a Pseudo Random Number (PRN) pool during quantum random number generator (Q.RNG) device faults.
  • PRN Pseudo Random Number
  • Q.RNG quantum random number generator
  • An aspect of the present disclosure may relate to a method for continued subscriber authentication.
  • the method comprises receiving, by a transceiver unit at a network server, a request for performing a subscriber authentication procedure from a user device. Further, the method includes determining, by a determination unit at the network server, one of an availability and an unavailability of at least one quantum random number (QRN) in a QRN pool stored at a storage unit.
  • QRN quantum random number
  • the method includes determining, by the determination unit at the network server, one of an availability and an unavailability of at least one pseudo random number (PRN) in a PRN pool stored at the storage unit in an event of determination of the unavailability of the at least one QRN in the Q.RN pool. Further, the method includes performing one of: retrieving, by a collection unit at the network server, a PRN from among the at least one PRN from the PRN pool in an event of determination of the availability of the at least one PRN in the PRN pool; and generating, by the collection unit at the network server, a PRN using a pseudo random number generator (PRNG) module in an event of determination of the unavailability of the at least one PRN in the PRN pool.
  • PRNG pseudo random number generator
  • the method includes performing, by an authentication unit at the network server, an authentication of the user device based at least on a random number from one of the PRN retrieved from the PRN pool, and the PRN generated by the PRNG module.
  • the network server is one of a unified data management (UDM) server, a home subscriber server (HSS), and a home location register (HLR) server.
  • UDM unified data management
  • HSS home subscriber server
  • HLR home location register
  • the method comprises generating, by a notification unit, a notification for display at a user interface, the notification indicating the determination of the unavailability of the at least one QRN in the QRN pool.
  • the method comprises retrieving, by the collection unit, a QRN from the QRN pool in an event of determination of the availability of the at least one QRN in the QRN pool.
  • the performing, by the authentication unit, the authentication of the user device is further based on a random number retrieved from the QRN pool.
  • Another aspect of the present disclosure may relate to a system for continued subscriber authentication.
  • the system is in connection with a network server, the system comprises a transceiver unit configured to receive a request for performing a subscriber authentication procedure from a user device. Further, the system comprises a determination unit connected to at least a storage unit and the transceiver unit, the determination unit configured to: determine one of an availability and an unavailability of at least one quantum random number (QRN) in a QRN pool stored at the storage unit; and determine one of an availability and an unavailability of at least one pseudo random number (PRN) in a PRN pool stored at the storage unit in an event of determination of the unavailability of the at least one QRN in the QRN pool.
  • QRN quantum random number
  • PRN pseudo random number
  • the system comprises a collection unit connected at least to the storage unit, the collection unit configured to perform one of: a retrieval of a PRN from among the at least one PRN from the PRN pool in an event of determination of the availability of the at least one PRN in the PRN pool, and a generation of a PRN using a pseudo random number generator (PRNG) module in an event of determination of the unavailability of the at least one PRN in the PRN pool.
  • PRNG pseudo random number generator
  • the system comprises an authentication unit connected to at least the collection unit and the storage unit, the authentication unit configured to perform an authentication of the user device based at least on a random number from one of the PRN retrieved from the PRN pool, and the PRN generated by the PRNG module.
  • Yet another aspect of the present disclosure may relate to a user device for continued subscriber authentication, the user device comprising a transceiver unit, the transceiver unit is configured to: transmit, to a system connected to a network server, a request for performing a subscriber authentication procedure; and receive, from the system, an indication of a performance of an authentication of the user device based on the request for performing the subscriber authentication procedure, wherein said performance of the authentication is based on: receiving, by a transceiver unit of the system at the network server, the request for performing the subscriber authentication procedure from the user device; determining, by a determination unit of the system at the network server, one of: an availability and an unavailability of at least one quantum random number (QRN) in a QRN pool stored at a storage unit; determining, by the determination unit of the system at the network server, one of an availability and an unavailability of at least one pseudo random number (PRN) in a PRN pool stored at the storage unit in an event of determination of the un
  • FIG.l illustrates an exemplary block diagram of a computing device upon which the features of the present disclosure may be implemented in accordance with exemplary implementation of the present disclosure.
  • FIG.1A illustrates an exemplary block diagram representing interconnection between a user device, a network server and a system, in accordance with exemplary implementations of the present disclosure.
  • FIG.2 illustrates an exemplary block diagram of a system for continued subscriber authentication, in accordance with exemplary implementations of the present disclosure.
  • FIG.3 illustrates an exemplary method flow diagram Indicating the process for continued subscriber authentication, in accordance with exemplary implementations of the present disclosure.
  • FIG.4 illustrates an exemplary method flow diagram indicating the process for continued subscriber authentication, in accordance with exemplary implementations of the present disclosure.
  • exemplary and/or “demonstrative” is used herein to mean serving as an example, instance, or illustration. For the avoidance of doubt, the subject matter disclosed herein is not limited by such examples.
  • any aspect or design described herein as “exemplary” and/or “demonstrative” is not necessarily to be construed as preferred or advantageous over other aspects or designs, nor is it meant to preclude equivalent exemplary structures and techniques known to those of ordinary skill in the art.
  • an "electronic device”, or “portable electronic device”, or “user device” or “communication device” or “user equipment” or “device” refers to any electrical, electronic, electromechanical and computing device.
  • the user device is capable of receiving and/or transmitting one or parameters, performing function/s, communicating with other user devices and transmitting data to the other user devices.
  • the user equipment may have a processor, a display, a memory, a battery and an input-means such as a hard keypad and/or a soft keypad.
  • the user equipment may be capable of operating on any radio access technology including but not limited to IP-enabled communication, Zig Bee, Bluetooth, Bluetooth Low Energy, Near Field Communication, Z-Wave, Wi-Fi, Wi-Fi direct, etc.
  • the user equipment may include, but not limited to, a mobile phone, smartphone, virtual reality (VR) devices, augmented reality (AR) devices, laptop, a general-purpose computer, desktop, personal digital assistant, tablet computer, mainframe computer, or any other device as may be obvious to a person skilled in the art for implementation of the features of the present disclosure.
  • the user device may contain at least one input means configured to receive an input from unit(s) which are required to implement the features of the present disclosure.
  • the user device may also comprise a "processor” or "processing unit” includes processing unit, wherein processor refers to any logic circuitry for processing instructions.
  • the processor may be a general-purpose processor, a special purpose processor, a conventional processor, a digital signal processor, a plurality of microprocessors, one or more microprocessors in association with a DSP core, a controller, a microcontroller, Application Specific Integrated Circuits, Field Programmable Gate Array circuits, any other type of integrated circuits, etc.
  • the processor may perform signal coding data processing, input/output processing, and/or any other functionality that enables the working of the system according to the present disclosure. More specifically, the processor is a hardware processor. [0035] As portable electronic devices and wireless technologies continue to improve and grow in popularity, the advancing wireless technologies for data transfer are also expected to evolve and replace the older generations of technologies.
  • Radio Access Technology refers to the technology used by mobile devices/ user equipment (UE) to connect to a cellular network. It refers to the specific protocol and standards that govern the way devices communicate with base stations, which are responsible for providing the wireless connection. Further, each RAT has its own set of protocols and standards for communication, which define the frequency bands, modulation techniques, and other parameters used for transmitting and receiving data. Examples of RATs include GSM (Global System for Mobile Communications), CDMA (Code Division Multiple Access), UMTS (Universal
  • RAT Mobile Telecommunications System
  • LTE Long-Term Evolution
  • 5G 5th Generation
  • the choice of RAT depends on a variety of factors, including the network infrastructure, the available spectrum, and the mobile device's/device's capabilities. Mobile devices often support multiple RATs, allowing them to connect to different types of networks and provide optimal performance based on the available network resources.
  • the current known solutions for continued subscriber authentication during long standing hardware faults have certain limitations, wherein the long standing hardware faults refer to hardware failures or issues (power outage, sensor and components failures, peripheral malfunctions, and memory errors etc.) that occur in various components of a physical device and that persist over an extended period without being immediately resolved.
  • the long standing hardware faults refer to hardware failures or issues (power outage, sensor and components failures, peripheral malfunctions, and memory errors etc.) that occur in various components of a physical device and that persist over an extended period without being immediately resolved.
  • the network server such as a unified data management (UDM) server, a home subscriber server (HSS), and a home location register (HLR) server is unable to generate authentication keys, thus impacting subscriber services.
  • UDM unified data management
  • HSS home subscriber server
  • HLR home location register
  • Fig. 1 illustrates an exemplary block diagram of a computing device [1000] (or referred to herein as a computer system [1000]) upon which the features of the present disclosure may be implemented in accordance with exemplary implementation of the present disclosure.
  • the computing device [1000] may be in communication with a communication network (such as including but not limited to a 5th generation network) and may implement a method for continued subscriber authentication during long standing hardware faults utilising the system.
  • a communication network such as including but not limited to a 5th generation network
  • the computing device [1000] in communication with the communication network itself implements the method for continued subscriber authentication during long standing hardware faults using one or more units configured within the computing device [1000], wherein a person skilled in the art would appreciate that said one or more units are capable of implementing the features as disclosed in the present disclosure.
  • the computing device [1000] may include a bus [1002] or other communication mechanism for communicating information, and a hardware processor [1004] coupled with bus [1002] for processing information.
  • the hardware processor [1004] may be, for example, a general purpose microprocessor.
  • the computing device [1000] may also include a main memory [1006], such as a random access memory (RAM), or other dynamic storage device, coupled to the bus [1002] for storing information and instructions to be executed by the processor [1004],
  • the main memory [1006] also may be used for storing temporary variables or other intermediate information during execution of the instructions to be executed by the processor [1004],
  • Such instructions when stored in non-transitory storage media accessible to the processor [1004], render the computing device [1000] into a special-purpose machine that is customized to perform the operations specified in the instructions.
  • the computing device [1000] further includes a read only memory (ROM) [1008] or other static storage device coupled to the bus [1002] for storing static information and instructions for the processor [1004], [0042]
  • ROM read only memory
  • a storage device [1010], such as a magnetic disk, opticai disk, or soiid-state drive is provided and coupled to the bus [1002] for storing information and instructions.
  • the computing device [1000] may be coupled via the bus [1002] to a display [1012], such as a cathode ray tube (CRT), Liquid crystal Display (LCD), Light Emitting Diode (LED) display, Organic LED (OLED) display, etc. for displaying information to a computer user.
  • CTR cathode ray tube
  • LCD Liquid crystal Display
  • LED Light Emitting Diode
  • OLED Organic LED
  • An input device [1014] including alphanumeric and other keys, touch screen input means, etc. may be coupled to the bus [1002] for communicating information and command selections to the processor [1004],
  • Another type of user input device may be a cursor controller [1016], such as a mouse, a trackball, or cursor direction keys, for communicating direction information and command selections to the processor [1004], and for controlling cursor movement on the display [1012],
  • This input device typically has two degrees of freedom in two axes, a first axis (e.g., x) and a second axis (e.g., y), that allow the device to specify positions in a plane.
  • the computing device [1000] may implement the techniques described herein using customized hard-wired logic, one or more ASICs or FPGAs, firmware and/or program logic which in combination with the computing device [1000] causes or programs the computing device [1000] to be a special-purpose machine.
  • the techniques herein are performed by the computing device [1000] in response to the processor [1004] executing one or more sequences of one or more instructions contained in the main memory [1006], Such instructions may be read into the main memory [1006] from another storage medium, such as the storage device [1010], Execution of the sequences of instructions contained in the main memory [1006] causes the processor [1004] to perform the process steps described herein.
  • hard-wired circuitry may be used in place of or in combination with software instructions.
  • the computing device [1000] also may include a communication interface [1018] coupled to the bus [1002],
  • the communication interface [1018] provides a two-way data communication coupling to a network link [1020] that is connected to a local network [1022].
  • the communication interface [1018] may be an integrated services digital network (ISDN) card, cable modem, satellite modem, or a modem to provide a data communication connection to a corresponding type of telephone line.
  • the communication interface [1018] may be a local area network (LAN) card to provide a data communication connection to a compatible LAN.
  • LAN local area network
  • Wireless links may also be implemented, in any such implementation, the communication interface [1018] sends and receives electrical, electromagnetic or optical signals that carry digital data streams representing various types of information.
  • the computing device [1000] can send messages and receive data, including program code, through the network(s), the network link [1020] and the communication interface [1018].
  • a server [1030] might transmit a requested code for an application program through the Internet [1028], the ISP [1026], the local network [1022], the host [1024] and the communication interface [1018],
  • the received code may be executed by the processor [1004] as it is received, and/or stored in the storage device [1010], or other non-volatile storage for later execution.
  • FIG.1A illustrates an exemplary block diagram representing interconnection between a user device, a network server and a system, in accordance with exemplary implementations of the present disclosure.
  • the user device [101] comprises a transceiver unit [101a] and the transceiver unit [101a] is configured to transmit, to a system [200] connected to a network server [201], a request for performing a subscriber authentication procedure, and receives, from the system [200], an indication of a performance of an authentication of the user device [101] based on the request for performing the subscriber authentication procedure.
  • the performance of the authentication is based on: receiving, by a transceiver unit [202] of the system [200] at the network server [201], the request for performing the subscriber authentication procedure from the user device; determining, by a determination unit [204] of the system [200] at the network server [201], one of an availability and an unavailability of at least one quantum random number (QRN) in a QRN pool [210a] stored at a storage unit [210]; determining, by the determination unit [204] of the system [200] at the network server [201], one of an availability and an unavailability of at least one pseudo random number (PRN) in a PRN pool [210b] stored at the storage unit [210] in an event of determination of the unavailability of the at least one QRN in the QRN pool [210a], Further the performance of the authentication is based on performing one of: retrieving, by a collection unit [206] of the system [200] at the network server [201], a PRN from among the at least one PRN
  • a PRN using a pseudo random number generator (PRNG) module [212] in an event of determination of the unavailability of the at least one PRN in the PRN pool [210b]; and performing, by an authentication unit [208] of the system [200] at the network server [201], an authentication of the user device [101] based at ieast on a random number from one of the PRN retrieved from the PRN pool [210b], and the PRN generated by the PRNG module [212],
  • PRNG pseudo random number generator
  • FIG.2 illustrates an exemplary block diagram of a system for continued subscriber authentication, in accordance with exemplary implementations of the present disclosure.
  • the system [200] is in connection with at least one network server [201], the system [200] comprises at least one transceiver unit [202], at least one determination unit [204], at least one collection unit [206], at least one authentication unit [208], at least one storage unit [210], at least one Pseudo Random Number Generator (PRNG) Module [212] and at least one notification unit [214],
  • the storage unit [210] comprises a Quantum Random Number (Q.RN) pool [210a] and a Pseudo Random Number (PRN) pool [210b],
  • the network server [201] is one of a unified data management (UDM) server, a home subscriber server (HSS), and a home location register (HLR) server.
  • UDM unified data management
  • HSS home subscriber server
  • HLR home location register
  • system [200] may comprise multiple such units or the system [200] may comprise any such numbers of said units, as required to implement the features of the present disclosure.
  • system [200] may be present in the network server [201] to implement the features of the present disclosure.
  • the system [200] may be a part of a server or a network entity.
  • the system [200] may be connected to the network server [201] to implement the features of the present disclosure.
  • the system [200] is configured for continued subscriber authentication, with the help of the interconnection between the components/units of the system [200],
  • the continued subscriber authentication is provided during long standing hardware faults, where the long standing hardware faults refer to hardware failures or issues (power outage, sensor and components failures, peripheral malfunctions, and memory errors etc.) that occur in various components of a physical device and that persist over an extended period without being immediately resolved.
  • the transceiver unit [202] comprises a transmitter module and a receiver moduie.
  • the transceiver unit [202] is a device that combines the functionaiities of both transmitting and receiving data in telecommunications or networking systems.
  • the transceiver unit [202] is connected to a user device [101] over a network.
  • the network may be wired or wireless, including but not limited to local area networks (LANs), wide area networks (WANs), cellular networks, or any combination thereof.
  • the transceiver unit [202] receives a request to perform a subscriber authentication procedure, from the user device.
  • subscriber authentication procedure may correspond to a process of verifying the identity of a subscriber or user before granting access to network resources or services.
  • the user device [101] may be selected from but is not limited to, smartphones, tablets, laptops, desktop computers, wearable devices, and any other electronic devices capable of communication over the network.
  • the determination unit [204] receives the request to perform subscriber authentication from the transceiver unit [202.].
  • the determination unit [204] is connected to the transceiver unit [2.02] and the storage unit [210].
  • the determination unit [204] is configured to: determine one of an availability and an unavailability of at least one quantum random number (QRN) in a quantum random number (QRN) pool [210a] stored at the storage unit [210].
  • Quantum random number herein may correspond to a random number generated using quantum mechanical processes, specifically for use in the QRN pool [210a] for subscriber authentication.
  • QR pool herein may correspond to a repository or collection of quantum random numbers.
  • the determination unit [204] determines the unavailability of the at least one QRN number.
  • PRNs pseudo random number(s)
  • pseudo random numbers may correspond to sequences of numbers generated by deterministic techniques (for example, a pseudo random number generator (PRNG) module [212]) rather than by truly random processes.
  • PRNG pseudo random number generator
  • PRN pool may correspond to a repository or collection of pseudo random numbers.
  • the notification unit [214] is configured to generate a notification indicating the determination of the unavailability of the at least one QRN in the QRN pool [210a] to display it over a user interface (Ul).
  • the Ul may be a graphical user interface and the Ul is rendered on a screen or display of the user device.
  • the determination unit [204] is configured to determine one of the availability and the unavailability of the at least one PRN in the PRN pool [210b] stored at the storage unit [210] in an event of determination of the unavailability of the at least one QRN in the QRN pool
  • the collection unit [206] is connected to the storage unit [210], Further, the collection unit [206] is configured to perform one of: a retrieval of a PRN from among the at least one PRN from the PRN pool [210b] in an event of determination of the availability of the at least one PRN in the PRN pool [210b]; and a generation of a PRN using the PRNG module [212] in an event of determination of the unavailability of the at least one PRN in the PRN pool [210b], The collection unit [206] also retrieves a QRN from the QRN pool [210a] in the event of determination of the availability of the at least one QRN in the Q.RN pool [210a],
  • the present disclosure discioses utilization of the at least one PRN from the PRN pool [210b] when the Q.RN pool [210a] is exhausted and QRN source (for example, the QRNG module employed at the network server side) is not available, to continuously perform subscriber authentication and avoids impact on service availability. Once such QRN source recovers from the faults, auto fallback to the QRN pool [210a] is implemented by the system [200].
  • QRN source for example, the QRNG module employed at the network server side
  • the authentication unit [208] is connected to the collection unit [206] and the storage unit [210],
  • the storage unit [210] stores the Q.RN pool [210a] and PRN pool [210b]
  • the authentication unit [208] is configured to perform an authentication of the user device [101] based at least on a random number from one of the PRN retrieved from the PRN pool [210b], and the PRN generated by the PRNG module [212], Alternatively, in an event when the random number is retrieved from the QRN pool [210a], the authentication unit [208] performs the authentication of the user device [101] based on a random number retrieved from the QRN pool [210a],
  • the authentication of the user device [101] using the at least one PRN from the PRN pool [210b] avoids any service outage by continuously performing subscriber authentication. This way the present disclosure provides a fall back mechanism implemented by the PRNG module [212].
  • an exemplary method flow diagram [300], for continued subscriber authentication, in accordance with exemplary implementations of the present disclosure is shown.
  • the method [300] is performed by the system [200].
  • the system [200] may be present in a network server [201] or may be connected to the network server [201] to implement the features of the present disclosure.
  • the continued subscriber authentication is provided during long standing hardware faults, where the long standing hardware faults refer to hardware failures or issues (power outage, sensor and components failures, peripheral malfunctions, and memory errors etc.) that occur in various components of a physical device and that persist over an extended period without being immediately resolved.
  • the method [300] as disclosed by the present disclosure comprises receiving, by a transceiver unit [202] at the network server [201], a request for performing a subscriber authentication procedure from a user device [101],
  • the network server [201] is one of a unified data management (UDM) server, a home subscriber server (HSS), and a home location register (HLR) server.
  • UDM unified data management
  • HSS home subscriber server
  • HLR home location register
  • the transceiver unit [202] is connected to the user device [101] over a network associated with the network server [201],
  • the network may be wired or wireless, including but not limited to local area networks (LANs), wide area networks (WANs), cellular networks, or any combination thereof.
  • LANs local area networks
  • WANs wide area networks
  • cellular networks or any combination thereof.
  • the transceiver unit [202] comprises receiving the request to perform the subscriber authentication procedure, from the user device.
  • subscriber authentication procedure refers to a process of verifying the identity of a subscriber or a user who is attempting to access a service or network.
  • the method [300] as disclosed by the present disclosure comprises determining, by a determination unit [204] at the network server [201], one of an availability and an unavailability of at least one quantum random number (QRN) in a QRN pool [210a] stored at a storage unit [210],
  • QRN quantum random number
  • the term "quantum random number” herein may correspond to a random number generated using quantum mechanical processes, specifically for use in the QRN pool [210a] for subscriber authentication.
  • QRN poor herein may correspond to a repository or collection of quantum random numbers.
  • the method comprises receiving, by the determination unit [204], the request to perform subscriber authentication from the transceiver unit [202] and storing the request into the storage unit [210],
  • the determination unit [204] determines the unavailability of the at least one QRN number.
  • PRNs pseudo random number(s)
  • Pseudo random numbers may correspond to sequences of numbers generated by deterministic techniques (for example, Pseudo Random Number Generator (PRNG) module [212]) rather than by truly random processes.
  • PRNG Pseudo Random Number Generator
  • PRN pool may correspond to a repository or collection of pseudo random numbers.
  • the method as disclosed by the present disclosure comprises generating, by a notification unit [214], a notification indicating the determination of the unavailability of the at least one QRN in the QRN pool [210a] for displaying at a user interface (UI).
  • UI user interface
  • the Ul may be a graphical user interface and the Ul is rendered on a screen or display of the user device.
  • the method [300] as disclosed by the present disclosure comprises determining, by the determination unit [204] at the network server [201], one of the availability and the unavailability of at least one pseudo random number (PRN) in a PRN pool [210b] stored at the storage unit [210] in an event of determination of the unavailability of the at least one QRN in the QRN pool [210a].
  • PRN pseudo random number
  • the method [300] as disclosed by the present disclosure comprises performing one of: retrieving, by a collection unit [206] at the network server [201], a PRN from among the at least one PRN from the PRN pool [210b] in an event of determination of the availability of the at least one PRN in the PRN pool [210b]; and generating, by the collection unit
  • a PRN using a pseudo random number generator (PRNG) module [212] in an event of determination of the unavailability of the at least one PRN in the PRN pool [210b].
  • the collection unit [206] also retrieves a QRN from the QRN pool [210a] in the event of determination of the availability of the at least one QRN in the QRN pool [210a],
  • the present disclosure discloses utilization of the at least one PRN from the PRN pool [210b] when the QRN pool [210a] is exhausted and QRN source is not available, to continuously perform subscriber authentication and avoids impact on service availability. Once such QRN source recover from the faults, auto fallback to the QRN pool [210a] is implemented by the system [200].
  • the method [300] as disclosed by the present disclosure comprises performing, by an authentication unit [208] at the network server [201], an authentication of the user device [101] based at least on a random number from one of the PRN retrieved from the PRN pool [210b], and the PRN generated by the PRNG module [212], Alternatively, in an event when the random number is retrieved from the QRN pool [210a], the authentication unit [208] performs the authentication of the user device [101] based on a random number retrieved from the QRN pool [210a], [0082] The authentication of the user device [101] using the at least one PRN from the PRN pool avoids any service outage by continuously performing subscriber authentication. This way the present disclosure provides a fall back mechanism implemented to the PRNG module [212], Thereafter, the method terminates at step [314].
  • Fig. 4 illustrates an exemplary flow chart [400j indicating the decision making involved in the method and process for continued subscriber authentication during long standing hardware faults, in accordance with exemplary embodiments of the present disclosure.
  • the network server [201] is started and receives a request from a user device [101] or a user equipment for subscriber authentication and the network server [201] reads a pool configuration file (such as a quantum random number (QRN) pool [210a]) at step 404.
  • QRN quantum random number
  • the method checks whether a pseudo random number (PRN) pool [210b] and the QRN pool [210a] are filled or not at steps 408 and 406, respectively.
  • PRN pseudo random number
  • the method encompasses waiting for a key generation request from the user device.
  • step 414 the QRN pool [210a] is checked for presence of at least one QRN in the QRN pool [210a], If the at least one QRN in the QRN pool [210a] is available, then the method proceeds to step 418 wherein a random number (RN) or a quantum random number (QRN) is retrieved from the QRN pool [210a], If the QRN pool [210a] is exhausted/not available, then the PRN pool [210b] is checked at step 416. If at least one PRN is available in the PRN pool
  • the method fall back from the QRN pool [210a] to the PRN pool [210b] and proceeds to step 420 wherein a pseudo random number (PRN) is retrieved from the PRN pool [210b]. If the PRN pool [210b] is also exhausted/ not available, the method proceeds to step 422 wherein the RN is generated locally by using by a pseudo random number generator (PRNG) module [212]. At step 424, the generated/ retrieved key, as the case may be, is returned and the process continues upon reception of any new key generation request.
  • PRNG pseudo random number generator
  • an aspect of the present disclosure may relate to a non-transitory computer readable storage medium storing instructions for continued subscriber authentication, the instructions include executable code which, when executed by a one or more units of a system
  • a transceiver unit [202] of the system [200] causes: a transceiver unit [202] of the system [200] to receive, at a network server [201], a request for performing a subscriber authentication procedure from a user device; a determination unit [204] of the system [200] to determine, at the network server [201], one of an availability and an unavailability of at least one quantum random number (QRN) in a QRN pool [210a] stored at a storage unit [210]; the determination unit [204] of the system [200] to determine, at the network server [201], one of an availability and an unavailability of at least one pseudo random number (PRN) in a PRN pool [210b] stored at the storage unit [210] in an event of determination of the unavailability of the at least one QRN in the QRN pool [210a]; a collection unit [206] of the system [200] to perform one of: a retrieval of a PRN from among the at least one PRN from the PRN
  • Yet another aspect of the present disclosure may relate to a user device [101] for continued subscriber authentication, the user device [101] comprising a transceiver unit [101], the transceiver unit [101a] is configured to transmit, to a system [200] connected to a network server [201], a request for performing a subscriber authentication procedure, and receive, from the system [200], an indication of a performance of an authentication of the user device [101] based on the request for performing the subscriber authentication procedure.
  • the performance of the authentication is based on: receiving, by the transceiver unit [202] of the system [200] at the network server [201], the request for performing the subscriber authentication procedure from the user device; determining, by a determination unit [204] of the system [200] at the network server [201], one of an availability and an unavailability of at least one quantum random number (QRN) in a QRN pool [210a] stored at a storage unit [210]; determining, by the determination unit [204] of the system [200] at the network server [201], one of an availability and an unavailability of at least one pseudo random number (PRN) in a PRN pool [210b] stored at the storage unit [210] in an event of determination of the unavailability of the at least one QRN in the QRN pool [210a]; performing one of: retrieving, by a collection unit [206] of the system [200] at the network server [201], a PRN from among the at least one PRN from the PRN pool [210b] in

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The present disclosure relates to a method and a system for continued subscriber authentication. The disclosure encompasses: receiving, at a network server [201], a request for performing a subscriber authentication procedure from a user device [101]; determining, an availability or an unavailability of: 1) a quantum random number (QRN) in a QRN pool [210a], and 2) a pseudo random number (PRN) in a PRN pool [210b] based on the unavailability of the QRN; retrieving a PRN from the PRN pool [210b] upon the availability of the PRN in the PRN pool; generating a PRN using a PRNG module [212] in an event of determination of the unavailability of the PRN; and performing an authentication of the user device [101] based at least on a random number from one of the PRN retrieved from the PRN pool [210b] or the generated PRN.

Description

METHOD AND SYSTEM FOR CONTINUED SUBSCRIBER AUTHENTICATION
FIELD OF THE DISCLOSURE
[0001] The present disclosure relates generally to the field of wireless communication systems. More particularly, the present disclosure relates to methods and systems for continued subscriber authentication.
BACKGROUND
[0002] The following description of related art is intended to provide background information pertaining to the field of the disclosure. This section may include certain aspects of the art that may be related to various features of the present disclosure. However, it should be appreciated that this section be used only to enhance the understanding of the reader with respect to the present disclosure, and not as admissions of prior art.
[0003] Wireless communication technology has rapidly evolved over the past few decades, with each generation bringing significant improvements and advancements. The first generation of wireless communication technology was based on analog technology and offered only voice services. However, with the advent of the second-generation (2G) technology, digital communication and data services became possible, and text messaging was introduced. Third generation (3G) technology marked the introduction of high-speed internet access, mobile video calling, and location-based services. The fourth-generation (4G) technology revolutionized wireless communication with faster data speeds, better network coverage, and improved security. Currently, the fifth-generation (5G) technology is being deployed, promising even faster data speeds, low latency, and the ability to connect multiple devices simultaneously. With each generation, wireless communication technology has become more advanced, sophisticated, and capable of delivering more services to its users.
[0004] When a user device that is connected to a wireless communication network is switched ON, or when any periodic authentication of a user device is performed by network servers of the wireless communication network such as a unified data management (UDM) server, a home subscriber server (HSS) or a home subscriber register (HLR) etc., authentication keys are generated at said network servers. These authentication keys may be based on any of the existing techniques, for example, the pseudo random number keys, quantum random numbers, etc.
[0005] One prevailing challenge in the existing solutions is long standing faults in quantum random number generators (QRNGs) modules, wherein long standing faults (or as referred herein as long standing hardware faults) refer to hardware failures or issues (e.g., power outage, sensor and components failures, peripheral malfunctions, and memory errors etc.) that occur in various components of a physical device and that persist over an extended period without being immediately resolved. Also, a QRNG module is a module that generates a series of random numbers for subscriber authentication and stores them in a local buffer or pool (for e.g., a Quantum Random Number (QRN) pool). During long standing faults the QRNG module is offline for a long duration, the QRN pool (i.e., a pool of quantum random numbers generated by the QRNG module) gets exhausted and authentication service is no longer available by the network servers (e.g., the U DM, the HSS, or the HLR). This impacts subscriber services and leads to service outages, which is not desirable.
[0006] Thus, there exists an imperative need in the art to provide methods and systems that provide continued subscriber authentication during long standing hardware faults, which the present disclosure aims to address.
OBJECTS OF THE INVENTION
[0007] Some of the objects of the present disclosure, which at least one embodiment disclosed herein satisfies are listed herein below.
[0008] It is an object of the present disclosure to provide a system and a method for continued subscriber authentication during long standing hardware faults, wherein long-standing hardware faults refer to hardware failures or issues (power outage, sensor and components failures, peripheral malfunctions, and memory errors etc.) that occur in various components of a physical device and that persist over an extended period without being immediately resolved. [0009] Another object of the present disclosure is to ensure an uninterrupted operation and a dynamic facility for subscriber services by providing a fall-back mechanism in an event of occurrence of unexpected resource constraints. [0010] Yet another object of the present disclosure is to provide continued service availability by offering support of fall back to a Pseudo Random Number (PRN) pool during quantum random number generator (Q.RNG) device faults.
SUMMARY
[0011] This section is provided to introduce certain aspects of the present disclosure in a simplified form that are further described below in the detailed description. This summary is not intended to identify the key features or the scope of the claimed subject matter. [0012] An aspect of the present disclosure may relate to a method for continued subscriber authentication. The method comprises receiving, by a transceiver unit at a network server, a request for performing a subscriber authentication procedure from a user device. Further, the method includes determining, by a determination unit at the network server, one of an availability and an unavailability of at least one quantum random number (QRN) in a QRN pool stored at a storage unit. Further, the method includes determining, by the determination unit at the network server, one of an availability and an unavailability of at least one pseudo random number (PRN) in a PRN pool stored at the storage unit in an event of determination of the unavailability of the at least one QRN in the Q.RN pool. Further, the method includes performing one of: retrieving, by a collection unit at the network server, a PRN from among the at least one PRN from the PRN pool in an event of determination of the availability of the at least one PRN in the PRN pool; and generating, by the collection unit at the network server, a PRN using a pseudo random number generator (PRNG) module in an event of determination of the unavailability of the at least one PRN in the PRN pool. Thereafter, the method includes performing, by an authentication unit at the network server, an authentication of the user device based at least on a random number from one of the PRN retrieved from the PRN pool, and the PRN generated by the PRNG module. [0013] In an exemplary aspect of the present disclosure, the network server is one of a unified data management (UDM) server, a home subscriber server (HSS), and a home location register (HLR) server. [0014] In an exemplary aspect of the present disclosure, prior to the determining, by the determination unit, one of the availability and the unavailability of the at least one PRN in the PRN pool, the method comprises generating, by a notification unit, a notification for display at a user interface, the notification indicating the determination of the unavailability of the at least one QRN in the QRN pool.
[0015] In an exemplary aspect of the present disclosure, the method comprises retrieving, by the collection unit, a QRN from the QRN pool in an event of determination of the availability of the at least one QRN in the QRN pool. [0016] In an exemplary aspect of the present disclosure, the performing, by the authentication unit, the authentication of the user device is further based on a random number retrieved from the QRN pool.
[0017] Another aspect of the present disclosure may relate to a system for continued subscriber authentication. The system is in connection with a network server, the system comprises a transceiver unit configured to receive a request for performing a subscriber authentication procedure from a user device. Further, the system comprises a determination unit connected to at least a storage unit and the transceiver unit, the determination unit configured to: determine one of an availability and an unavailability of at least one quantum random number (QRN) in a QRN pool stored at the storage unit; and determine one of an availability and an unavailability of at least one pseudo random number (PRN) in a PRN pool stored at the storage unit in an event of determination of the unavailability of the at least one QRN in the QRN pool. Further, the system comprises a collection unit connected at least to the storage unit, the collection unit configured to perform one of: a retrieval of a PRN from among the at least one PRN from the PRN pool in an event of determination of the availability of the at least one PRN in the PRN pool, and a generation of a PRN using a pseudo random number generator (PRNG) module in an event of determination of the unavailability of the at least one PRN in the PRN pool. Further, the system comprises an authentication unit connected to at least the collection unit and the storage unit, the authentication unit configured to perform an authentication of the user device based at least on a random number from one of the PRN retrieved from the PRN pool, and the PRN generated by the PRNG module. Yet another aspect of the present disclosure may relate to a non-transitory computer readable storage medium storing instructions for continued subscriber authentication, the instructions include executable code which, when executed by a one or more units of a system, causes: a transceiver unit of the system to receive, at a network server, a request for performing a subscriber authentication procedure from a user device; a determination unit of the system to determine, at the network server, one of an availability and an unavailability of at least one quantum random number (QRN) in a Q.RN pool stored at a storage unit; the determination unit of the system to determine, at the network server, one of an availability and an unavailability of at least one pseudo random number (PRN) in a PRN pool stored at the storage unit in an event of determination of the unavailability of the at least one QRN in the QRN pool; a collection unit of the system to perform one of: a retrieval of a PRN from among the at least one PRN from the PRN pool in an event of determination of the availability of the at least one PRN in the PRN pool, and a generation of a PRN using a pseudo random number generator (PRNG) module in an event of determination of the unavailability of the at least one PRN in the PRN pool; and an authentication unit of the system to perform an authentication of the user device based at least on a random number from one of the PRN retrieved from the PRN pool, and the PRN generated by the PRNG module.
[0018] Yet another aspect of the present disclosure may relate to a user device for continued subscriber authentication, the user device comprising a transceiver unit, the transceiver unit is configured to: transmit, to a system connected to a network server, a request for performing a subscriber authentication procedure; and receive, from the system, an indication of a performance of an authentication of the user device based on the request for performing the subscriber authentication procedure, wherein said performance of the authentication is based on: receiving, by a transceiver unit of the system at the network server, the request for performing the subscriber authentication procedure from the user device; determining, by a determination unit of the system at the network server, one of: an availability and an unavailability of at least one quantum random number (QRN) in a QRN pool stored at a storage unit; determining, by the determination unit of the system at the network server, one of an availability and an unavailability of at least one pseudo random number (PRN) in a PRN pool stored at the storage unit in an event of determination of the unavailability of the at least one QRN in the Q.RN pool; performing one of: retrieving, by a collection unit of the system at the network server, a PRN from among the at least one PRN from the PRN pool in an event of determination of the availability of the at least one PRN in the PRN pool, and generating, by the collection unit at the network server, a PRN using a pseudo random number generator (PRNG) module in an event of determination of the unavailability of the at least one PRN in the PRN pool; and performing, by an authentication unit of the system at the network server, an authentication of the user device based at least on a random number from one of the PRN retrieved from the PRN pool, and the PRN generated by the PRNG module. BRIEF DESCRIPTION OF DRAWINGS
[0019] The accompanying drawings, which are incorporated herein, and constitute a part of this disclosure, illustrate exemplary embodiments of the disclosed methods and systems in which like reference numerals refer to the same parts throughout the different drawings. Components in the drawings are not necessarily to scale, emphasis instead being placed upon clearly illustrating the principles of the present disclosure. Some drawings may indicate the components using block diagrams and may not represent the internal circuitry of each component. It will be appreciated by those skilled in the art that disclosure of such drawings includes disclosure of electrical components, electronic components or circuitry commonly used to implement such components.
[0020] FIG.l illustrates an exemplary block diagram of a computing device upon which the features of the present disclosure may be implemented in accordance with exemplary implementation of the present disclosure.
[0021] FIG.1A illustrates an exemplary block diagram representing interconnection between a user device, a network server and a system, in accordance with exemplary implementations of the present disclosure. [0022] FIG.2 illustrates an exemplary block diagram of a system for continued subscriber authentication, in accordance with exemplary implementations of the present disclosure. [0023] FIG.3 illustrates an exemplary method flow diagram Indicating the process for continued subscriber authentication, in accordance with exemplary implementations of the present disclosure. [0024] FIG.4 illustrates an exemplary method flow diagram indicating the process for continued subscriber authentication, in accordance with exemplary implementations of the present disclosure.
[0025] The foregoing shall be more apparent from the following more detailed description of the disclosure.
DETAILED DESCRIPTION
[0026] In the following description, for the purposes of explanation, various specific details are set forth in order to provide a thorough understanding of embodiments of the present disclosure.
It will be apparent, however, that embodiments of the present disclosure may be practiced without these specific details. Several features described hereafter can each be used independently of one another or with any combination of other features. An individual feature may not address any of the problems discussed above or might address only some of the problems discussed above. Some of the problems discussed above might not be fully addressed by any of the features described herein. Example embodiments of the present disclosure are described below, as illustrated in various drawings in which like reference numerals refer to the same parts throughout the different drawings. [0027] The ensuing description provides exemplary embodiments only, and is not intended to limit the scope, applicability, or configuration of the disclosure. Rather, the ensuing description of the exemplary embodiments will provide those skilled in the art with an enabling description for implementing an exemplary embodiment. It should be understood that various changes may be made in the function and arrangement of elements without departing from the spirit and scope of the disclosure as set forth.
[0028] Further, in accordance with the present disclosure, it is to be acknowledged that the functionality described for the various the components/units can be implemented interchangeably. While specific embodiments may disclose a particular functionality of these units for clarity, it is recognized that various configurations and combinations thereof are within the scope of the disclosure. The functionality of specific units as disclosed in the disclosure should not be construed as limiting the scope of the present disclosure. Consequently, alternative arrangements and substitutions of units, provided they achieve the intended functionality described herein, are considered to be encompassed within the scope of the present disclosure.
[0029] It should be noted that the terms "mobile device", "user equipment", "user device”, "communication device", "device" and similar terms are used interchangeably for the purpose of describing the invention. These terms are not intended to limit the scope of the invention or imply any specific functionality or limitations on the described embodiments. The use of these terms is solely for convenience and clarity of description. The invention is not limited to any particular type of device or equipment, and it should be understood that other equivalent terms or variations thereof may be used interchangeably without departing from the scope of the invention as defined herein.
[0030] Specific details are given in the following description to provide a thorough understanding of the embodiments. However, it will be understood by one of ordinary skill in the art that the embodiments may be practiced without these specific details. For example, circuits, systems, networks, processes, and other components may be shown as components in block diagram form in order not to obscure the embodiments in unnecessary detail. In other instances, well-known circuits, processes, algorithms, structures, and techniques may be shown without unnecessary detail in order to avoid obscuring the embodiments. [0031] Also, it is noted that individual embodiments may be described as a process which is depicted as a flowchart, a flow diagram, a data flow diagram, a structure diagram, or a block diagram. Although a flowchart may describe the operations as a sequential process, many of the operations can be performed in parallel or concurrently. In addition, the order of the operations may be re-arranged. A process is terminated when its operations are completed but could have additional steps not included in a figure.
[0032] The word "exemplary" and/or "demonstrative" is used herein to mean serving as an example, instance, or illustration. For the avoidance of doubt, the subject matter disclosed herein is not limited by such examples. In addition, any aspect or design described herein as "exemplary" and/or "demonstrative" is not necessarily to be construed as preferred or advantageous over other aspects or designs, nor is it meant to preclude equivalent exemplary structures and techniques known to those of ordinary skill in the art. Furthermore, to the extent that the terms "includes," "has," "contains," and other similar words are used in either the detailed description or the claims, such terms are intended to be inclusive-in a manner similar to the term "comprising" as an open transition word— without precluding any additional or other elements.
[0033] As used herein, an "electronic device", or "portable electronic device", or "user device" or "communication device" or "user equipment" or "device" refers to any electrical, electronic, electromechanical and computing device. The user device is capable of receiving and/or transmitting one or parameters, performing function/s, communicating with other user devices and transmitting data to the other user devices. The user equipment may have a processor, a display, a memory, a battery and an input-means such as a hard keypad and/or a soft keypad. The user equipment may be capable of operating on any radio access technology including but not limited to IP-enabled communication, Zig Bee, Bluetooth, Bluetooth Low Energy, Near Field Communication, Z-Wave, Wi-Fi, Wi-Fi direct, etc. For instance, the user equipment may include, but not limited to, a mobile phone, smartphone, virtual reality (VR) devices, augmented reality (AR) devices, laptop, a general-purpose computer, desktop, personal digital assistant, tablet computer, mainframe computer, or any other device as may be obvious to a person skilled in the art for implementation of the features of the present disclosure. Also, the user device may contain at least one input means configured to receive an input from unit(s) which are required to implement the features of the present disclosure. [0034] Further, the user device may also comprise a "processor" or "processing unit" includes processing unit, wherein processor refers to any logic circuitry for processing instructions. The processor may be a general-purpose processor, a special purpose processor, a conventional processor, a digital signal processor, a plurality of microprocessors, one or more microprocessors in association with a DSP core, a controller, a microcontroller, Application Specific Integrated Circuits, Field Programmable Gate Array circuits, any other type of integrated circuits, etc. The processor may perform signal coding data processing, input/output processing, and/or any other functionality that enables the working of the system according to the present disclosure. More specifically, the processor is a hardware processor. [0035] As portable electronic devices and wireless technologies continue to improve and grow in popularity, the advancing wireless technologies for data transfer are also expected to evolve and replace the older generations of technologies. In the field of wireless data communications, the dynamic advancement of various generations of cellular technology are also seen. The development, in this respect, has been incremental in the order of second generation (2G), third generation (3G), fourth generation (4G), and now fifth generation (5G), and more such generations are expected to continue in the forthcoming time.
[0036] Radio Access Technology (RAT) refers to the technology used by mobile devices/ user equipment (UE) to connect to a cellular network. It refers to the specific protocol and standards that govern the way devices communicate with base stations, which are responsible for providing the wireless connection. Further, each RAT has its own set of protocols and standards for communication, which define the frequency bands, modulation techniques, and other parameters used for transmitting and receiving data. Examples of RATs include GSM (Global System for Mobile Communications), CDMA (Code Division Multiple Access), UMTS (Universal
Mobile Telecommunications System), LTE (Long-Term Evolution), and 5G. The choice of RAT depends on a variety of factors, including the network infrastructure, the available spectrum, and the mobile device's/device's capabilities. Mobile devices often support multiple RATs, allowing them to connect to different types of networks and provide optimal performance based on the available network resources.
[0037] As discussed in the background section, in the wireless communication technologies, the current known solutions for continued subscriber authentication during long standing hardware faults have certain limitations, wherein the long standing hardware faults refer to hardware failures or issues (power outage, sensor and components failures, peripheral malfunctions, and memory errors etc.) that occur in various components of a physical device and that persist over an extended period without being immediately resolved. More specifically, in the existing solutions when a Quantum Random Number (Q.RN) pool comprising quantum random numbers for subscriber authentication generated by a Quantum Random Number Generator (QRNG) module gets exhausted and the QRNG module is still down, the network server such as a unified data management (UDM) server, a home subscriber server (HSS), and a home location register (HLR) server is unable to generate authentication keys, thus impacting subscriber services. [0038] The present disclosure aims to overcome the above-mentioned and other existing probiems in this field of technology by providing a method and a system for continued subscriber authentication during long standing hardware faults. [0039] Hereinafter, exemplary embodiments of the present disclosure will be described with reference to the accompanying drawings.
[0040] Fig. 1 illustrates an exemplary block diagram of a computing device [1000] (or referred to herein as a computer system [1000]) upon which the features of the present disclosure may be implemented in accordance with exemplary implementation of the present disclosure. In an implementation, the computing device [1000] may be in communication with a communication network (such as including but not limited to a 5th generation network) and may implement a method for continued subscriber authentication during long standing hardware faults utilising the system. In another implementation, the computing device [1000] in communication with the communication network, itself implements the method for continued subscriber authentication during long standing hardware faults using one or more units configured within the computing device [1000], wherein a person skilled in the art would appreciate that said one or more units are capable of implementing the features as disclosed in the present disclosure. [0041] The computing device [1000] may include a bus [1002] or other communication mechanism for communicating information, and a hardware processor [1004] coupled with bus [1002] for processing information. The hardware processor [1004] may be, for example, a general purpose microprocessor. The computing device [1000] may also include a main memory [1006], such as a random access memory (RAM), or other dynamic storage device, coupled to the bus [1002] for storing information and instructions to be executed by the processor [1004], The main memory [1006] also may be used for storing temporary variables or other intermediate information during execution of the instructions to be executed by the processor [1004], Such instructions, when stored in non-transitory storage media accessible to the processor [1004], render the computing device [1000] into a special-purpose machine that is customized to perform the operations specified in the instructions. The computing device [1000] further includes a read only memory (ROM) [1008] or other static storage device coupled to the bus [1002] for storing static information and instructions for the processor [1004], [0042] A storage device [1010], such as a magnetic disk, opticai disk, or soiid-state drive is provided and coupled to the bus [1002] for storing information and instructions. The computing device [1000] may be coupled via the bus [1002] to a display [1012], such as a cathode ray tube (CRT), Liquid crystal Display (LCD), Light Emitting Diode (LED) display, Organic LED (OLED) display, etc. for displaying information to a computer user. An input device [1014], including alphanumeric and other keys, touch screen input means, etc. may be coupled to the bus [1002] for communicating information and command selections to the processor [1004], Another type of user input device may be a cursor controller [1016], such as a mouse, a trackball, or cursor direction keys, for communicating direction information and command selections to the processor [1004], and for controlling cursor movement on the display [1012], This input device typically has two degrees of freedom in two axes, a first axis (e.g., x) and a second axis (e.g., y), that allow the device to specify positions in a plane.
[0043] The computing device [1000] may implement the techniques described herein using customized hard-wired logic, one or more ASICs or FPGAs, firmware and/or program logic which in combination with the computing device [1000] causes or programs the computing device [1000] to be a special-purpose machine. According to one implementation, the techniques herein are performed by the computing device [1000] in response to the processor [1004] executing one or more sequences of one or more instructions contained in the main memory [1006], Such instructions may be read into the main memory [1006] from another storage medium, such as the storage device [1010], Execution of the sequences of instructions contained in the main memory [1006] causes the processor [1004] to perform the process steps described herein. In alternative implementations of the present disclosure, hard-wired circuitry may be used in place of or in combination with software instructions.
[0044] The computing device [1000] also may include a communication interface [1018] coupled to the bus [1002], The communication interface [1018] provides a two-way data communication coupling to a network link [1020] that is connected to a local network [1022], For example, the communication interface [1018] may be an integrated services digital network (ISDN) card, cable modem, satellite modem, or a modem to provide a data communication connection to a corresponding type of telephone line. As another example, the communication interface [1018] may be a local area network (LAN) card to provide a data communication connection to a compatible LAN. Wireless links may also be implemented, in any such implementation, the communication interface [1018] sends and receives electrical, electromagnetic or optical signals that carry digital data streams representing various types of information.
[0045] The computing device [1000] can send messages and receive data, including program code, through the network(s), the network link [1020] and the communication interface [1018].
In the Internet example, a server [1030] might transmit a requested code for an application program through the Internet [1028], the ISP [1026], the local network [1022], the host [1024] and the communication interface [1018], The received code may be executed by the processor [1004] as it is received, and/or stored in the storage device [1010], or other non-volatile storage for later execution.
[0046] FIG.1A illustrates an exemplary block diagram representing interconnection between a user device, a network server and a system, in accordance with exemplary implementations of the present disclosure. As shown, the user device [101] comprises a transceiver unit [101a] and the transceiver unit [101a] is configured to transmit, to a system [200] connected to a network server [201], a request for performing a subscriber authentication procedure, and receives, from the system [200], an indication of a performance of an authentication of the user device [101] based on the request for performing the subscriber authentication procedure. The performance of the authentication is based on: receiving, by a transceiver unit [202] of the system [200] at the network server [201], the request for performing the subscriber authentication procedure from the user device; determining, by a determination unit [204] of the system [200] at the network server [201], one of an availability and an unavailability of at least one quantum random number (QRN) in a QRN pool [210a] stored at a storage unit [210]; determining, by the determination unit [204] of the system [200] at the network server [201], one of an availability and an unavailability of at least one pseudo random number (PRN) in a PRN pool [210b] stored at the storage unit [210] in an event of determination of the unavailability of the at least one QRN in the QRN pool [210a], Further the performance of the authentication is based on performing one of: retrieving, by a collection unit [206] of the system [200] at the network server [201], a PRN from among the at least one PRN from the PRN pool [210b] in an event of determination of the availability of the at least one PRN in the PRN pool [210b]; and generating, by the collection unit
[206] at the network server [201], a PRN using a pseudo random number generator (PRNG) module [212] in an event of determination of the unavailability of the at least one PRN in the PRN pool [210b]; and performing, by an authentication unit [208] of the system [200] at the network server [201], an authentication of the user device [101] based at ieast on a random number from one of the PRN retrieved from the PRN pool [210b], and the PRN generated by the PRNG module [212],
[0047] FIG.2 illustrates an exemplary block diagram of a system for continued subscriber authentication, in accordance with exemplary implementations of the present disclosure. The system [200] is in connection with at least one network server [201], the system [200] comprises at least one transceiver unit [202], at least one determination unit [204], at least one collection unit [206], at least one authentication unit [208], at least one storage unit [210], at least one Pseudo Random Number Generator (PRNG) Module [212] and at least one notification unit [214], The storage unit [210] comprises a Quantum Random Number (Q.RN) pool [210a] and a Pseudo Random Number (PRN) pool [210b], The network server [201] is one of a unified data management (UDM) server, a home subscriber server (HSS), and a home location register (HLR) server. Also, all of the components/ units of the system [200] are assumed to be connected to each other unless otherwise indicated below. Also, in Fig. 2 only a few units are shown, however, the system [200] may comprise multiple such units or the system [200] may comprise any such numbers of said units, as required to implement the features of the present disclosure. Further, in an implementation, the system [200] may be present in the network server [201] to implement the features of the present disclosure. The system [200] may be a part of a server or a network entity. In another implementation, the system [200] may be connected to the network server [201] to implement the features of the present disclosure.
[0048] The system [200] is configured for continued subscriber authentication, with the help of the interconnection between the components/units of the system [200], In an implementation the continued subscriber authentication is provided during long standing hardware faults, where the long standing hardware faults refer to hardware failures or issues (power outage, sensor and components failures, peripheral malfunctions, and memory errors etc.) that occur in various components of a physical device and that persist over an extended period without being immediately resolved. [0049] As referred herein, the transceiver unit [202] comprises a transmitter module and a receiver moduie. The transceiver unit [202] is a device that combines the functionaiities of both transmitting and receiving data in telecommunications or networking systems. [0050] in one implementation, the transceiver unit [202] is connected to a user device [101] over a network. The network may be wired or wireless, including but not limited to local area networks (LANs), wide area networks (WANs), cellular networks, or any combination thereof.
[0051] For continued subscriber authentication during long standing hardware faults, at first, the transceiver unit [202] receives a request to perform a subscriber authentication procedure, from the user device.
[0052] The term "subscriber authentication procedure" as used herein may correspond to a process of verifying the identity of a subscriber or user before granting access to network resources or services.
[0053] It is to be noted that a user operates the user device [101], The user device [101] may be selected from but is not limited to, smartphones, tablets, laptops, desktop computers, wearable devices, and any other electronic devices capable of communication over the network.
[0054] Further, the determination unit [204] receives the request to perform subscriber authentication from the transceiver unit [202.]. In one implementation, the determination unit [204] is connected to the transceiver unit [2.02] and the storage unit [210]. The determination unit [204] is configured to: determine one of an availability and an unavailability of at least one quantum random number (QRN) in a quantum random number (QRN) pool [210a] stored at the storage unit [210].
[0055] The term "quantum random number" herein may correspond to a random number generated using quantum mechanical processes, specifically for use in the QRN pool [210a] for subscriber authentication.
[0056] The term "QRN pool" herein may correspond to a repository or collection of quantum random numbers. [0057] For example, sometimes physical devices such as the QRNG module employed at the network server side may undergo some long-duration faults that lead to the exhaustion of the QRN pool [210a] due to lack of generation of QRNs, in such cases the determination unit [204] determines the unavailability of the at least one QRN number. It is to be noted that the present disclosure offers the support to fall back to pseudo random number(s) (PRNs) from a PRN pool [210b], to avoid any service impact due to the unavailability of the at least one QRN number.
[0058] The term "pseudo random numbers” as used herein may correspond to sequences of numbers generated by deterministic techniques (for example, a pseudo random number generator (PRNG) module [212]) rather than by truly random processes.
[0059] The term "PRN pool" as used herein may correspond to a repository or collection of pseudo random numbers.
[0060] In one implementation, before determination of one of an availability and an unavailability of at least one PRN in a PRN pool [210b] by the determination unit [204], the notification unit [214] is configured to generate a notification indicating the determination of the unavailability of the at least one QRN in the QRN pool [210a] to display it over a user interface (Ul). The Ul may be a graphical user interface and the Ul is rendered on a screen or display of the user device.
[0061] Further, the determination unit [204] is configured to determine one of the availability and the unavailability of the at least one PRN in the PRN pool [210b] stored at the storage unit [210] in an event of determination of the unavailability of the at least one QRN in the QRN pool
[210a],
[0062] The collection unit [206] is connected to the storage unit [210], Further, the collection unit [206] is configured to perform one of: a retrieval of a PRN from among the at least one PRN from the PRN pool [210b] in an event of determination of the availability of the at least one PRN in the PRN pool [210b]; and a generation of a PRN using the PRNG module [212] in an event of determination of the unavailability of the at least one PRN in the PRN pool [210b], The collection unit [206] also retrieves a QRN from the QRN pool [210a] in the event of determination of the availability of the at least one QRN in the Q.RN pool [210a],
[0063] it is to be noted that the present disclosure discioses utilization of the at least one PRN from the PRN pool [210b] when the Q.RN pool [210a] is exhausted and QRN source (for example, the QRNG module employed at the network server side) is not available, to continuously perform subscriber authentication and avoids impact on service availability. Once such QRN source recovers from the faults, auto fallback to the QRN pool [210a] is implemented by the system [200].
[0064] In case of unavailability of the at least one PRN in the PRN pool [210b], where the PRN pool [210b] is exhausted, then a PRN is generated on demand to avoid the service outage by the PRNG module [212]. [0065] Further, the authentication unit [208] is connected to the collection unit [206] and the storage unit [210], The storage unit [210] stores the Q.RN pool [210a] and PRN pool [210b], The authentication unit [208] is configured to perform an authentication of the user device [101] based at least on a random number from one of the PRN retrieved from the PRN pool [210b], and the PRN generated by the PRNG module [212], Alternatively, in an event when the random number is retrieved from the QRN pool [210a], the authentication unit [208] performs the authentication of the user device [101] based on a random number retrieved from the QRN pool [210a],
[0066] The authentication of the user device [101] using the at least one PRN from the PRN pool [210b] avoids any service outage by continuously performing subscriber authentication. This way the present disclosure provides a fall back mechanism implemented by the PRNG module [212].
[0067] Referring to Figure 3, an exemplary method flow diagram [300], for continued subscriber authentication, in accordance with exemplary implementations of the present disclosure is shown. In an implementation the method [300] is performed by the system [200]. Further, in an implementation, the system [200] may be present in a network server [201] or may be connected to the network server [201] to implement the features of the present disclosure. Also, in an implementation the continued subscriber authentication is provided during long standing hardware faults, where the long standing hardware faults refer to hardware failures or issues (power outage, sensor and components failures, peripheral malfunctions, and memory errors etc.) that occur in various components of a physical device and that persist over an extended period without being immediately resolved.
Also, as shown in Figure 3, the method [300] starts at step [302],
[0068] At step [304], the method [300] as disclosed by the present disclosure comprises receiving, by a transceiver unit [202] at the network server [201], a request for performing a subscriber authentication procedure from a user device [101],
[0069] It is also important to note that the network server [201] is one of a unified data management (UDM) server, a home subscriber server (HSS), and a home location register (HLR) server.
[0070] In one implementation, the transceiver unit [202] is connected to the user device [101] over a network associated with the network server [201], The network may be wired or wireless, including but not limited to local area networks (LANs), wide area networks (WANs), cellular networks, or any combination thereof. For continued subscriber authentication during long standing hardware faults, at first, the transceiver unit [202] comprises receiving the request to perform the subscriber authentication procedure, from the user device.
The term "subscriber authentication procedure" refers to a process of verifying the identity of a subscriber or a user who is attempting to access a service or network.
[0071] It is to be noted that a user operates the user device. The user device [101] may be selected from but is not limited to, smartphones, tablets, laptops, desktop computers, wearable devices, and any other electronic devices capable of communication over the network. [0072] At step [306], the method [300] as disclosed by the present disclosure comprises determining, by a determination unit [204] at the network server [201], one of an availability and an unavailability of at least one quantum random number (QRN) in a QRN pool [210a] stored at a storage unit [210], The term "quantum random number" herein may correspond to a random number generated using quantum mechanical processes, specifically for use in the QRN pool [210a] for subscriber authentication. The term "QRN poor herein may correspond to a repository or collection of quantum random numbers.
[0073] The method comprises receiving, by the determination unit [204], the request to perform subscriber authentication from the transceiver unit [202] and storing the request into the storage unit [210],
[0074] For example, sometimes physical devices such as the QRNG module employed at the network server side may undergo some long-duration faults that lead to the exhaustion of the QRN pool [210a] due to lack of generation of QRNs, in such cases the determination unit [204] determines the unavailability of the at least one QRN number. It is to be noted that the present disclosure offers the support to fall back to pseudo random number(s) (PRNs) from a PRN pool [210b], to avoid any service impact due to the unavailability of the at least one QRN number.
The term "pseudo random numbers" as used herein may correspond to sequences of numbers generated by deterministic techniques (for example, Pseudo Random Number Generator (PRNG) module [212]) rather than by truly random processes.
[0075] The term "PRN pool" as used herein may correspond to a repository or collection of pseudo random numbers.
[0076] In one implementation, prior to the determining, by the determination unit [204], one of an availability and an unavailability of at least one PRN in a PRN pool [210b], the method as disclosed by the present disclosure comprises generating, by a notification unit [214], a notification indicating the determination of the unavailability of the at least one QRN in the QRN pool [210a] for displaying at a user interface (UI). The Ul may be a graphical user interface and the Ul is rendered on a screen or display of the user device. [0077] Next, at step [308], the method [300] as disclosed by the present disclosure comprises determining, by the determination unit [204] at the network server [201], one of the availability and the unavailability of at least one pseudo random number (PRN) in a PRN pool [210b] stored at the storage unit [210] in an event of determination of the unavailability of the at least one QRN in the QRN pool [210a].
[0078] Next, at step [310], the method [300] as disclosed by the present disclosure comprises performing one of: retrieving, by a collection unit [206] at the network server [201], a PRN from among the at least one PRN from the PRN pool [210b] in an event of determination of the availability of the at least one PRN in the PRN pool [210b]; and generating, by the collection unit
[206] at the network server [201], a PRN using a pseudo random number generator (PRNG) module [212] in an event of determination of the unavailability of the at least one PRN in the PRN pool [210b]. The collection unit [206] also retrieves a QRN from the QRN pool [210a] in the event of determination of the availability of the at least one QRN in the QRN pool [210a],
[0079] It is to be noted that the present disclosure discloses utilization of the at least one PRN from the PRN pool [210b] when the QRN pool [210a] is exhausted and QRN source is not available, to continuously perform subscriber authentication and avoids impact on service availability. Once such QRN source recover from the faults, auto fallback to the QRN pool [210a] is implemented by the system [200].
[0080] In case of unavailability of the at least one PRN in the PRN pool [210b], where the PRN pool [210b] is exhausted then a PRN is generated on demand to avoid the service outage by the PRNG module [212].
[0081] Next, at step [312], the method [300] as disclosed by the present disclosure comprises performing, by an authentication unit [208] at the network server [201], an authentication of the user device [101] based at least on a random number from one of the PRN retrieved from the PRN pool [210b], and the PRN generated by the PRNG module [212], Alternatively, in an event when the random number is retrieved from the QRN pool [210a], the authentication unit [208] performs the authentication of the user device [101] based on a random number retrieved from the QRN pool [210a], [0082] The authentication of the user device [101] using the at least one PRN from the PRN pool avoids any service outage by continuously performing subscriber authentication. This way the present disclosure provides a fall back mechanism implemented to the PRNG module [212], Thereafter, the method terminates at step [314].
[0083] Fig. 4 illustrates an exemplary flow chart [400j indicating the decision making involved in the method and process for continued subscriber authentication during long standing hardware faults, in accordance with exemplary embodiments of the present disclosure. At step 402, the network server [201] is started and receives a request from a user device [101] or a user equipment for subscriber authentication and the network server [201] reads a pool configuration file (such as a quantum random number (QRN) pool [210a]) at step 404. The method checks whether a pseudo random number (PRN) pool [210b] and the QRN pool [210a] are filled or not at steps 408 and 406, respectively. Next, at step 410, the method encompasses waiting for a key generation request from the user device. Once the request is received at step 412, the method proceeds to step 414 wherein the QRN pool [210a] is checked for presence of at least one QRN in the QRN pool [210a], If the at least one QRN in the QRN pool [210a] is available, then the method proceeds to step 418 wherein a random number (RN) or a quantum random number (QRN) is retrieved from the QRN pool [210a], If the QRN pool [210a] is exhausted/not available, then the PRN pool [210b] is checked at step 416. If at least one PRN is available in the PRN pool
[210b], then the method fall back from the QRN pool [210a] to the PRN pool [210b] and proceeds to step 420 wherein a pseudo random number (PRN) is retrieved from the PRN pool [210b]. If the PRN pool [210b] is also exhausted/ not available, the method proceeds to step 422 wherein the RN is generated locally by using by a pseudo random number generator (PRNG) module [212]. At step 424, the generated/ retrieved key, as the case may be, is returned and the process continues upon reception of any new key generation request.
[0084] Further an aspect of the present disclosure may relate to a non-transitory computer readable storage medium storing instructions for continued subscriber authentication, the instructions include executable code which, when executed by a one or more units of a system
[200], causes: a transceiver unit [202] of the system [200] to receive, at a network server [201], a request for performing a subscriber authentication procedure from a user device; a determination unit [204] of the system [200] to determine, at the network server [201], one of an availability and an unavailability of at least one quantum random number (QRN) in a QRN pool [210a] stored at a storage unit [210]; the determination unit [204] of the system [200] to determine, at the network server [201], one of an availability and an unavailability of at least one pseudo random number (PRN) in a PRN pool [210b] stored at the storage unit [210] in an event of determination of the unavailability of the at least one QRN in the QRN pool [210a]; a collection unit [206] of the system [200] to perform one of: a retrieval of a PRN from among the at least one PRN from the PRN pool [210b] in an event of determination of the availability of the at least one PRN in the PRN pool [210b], and a generation of a PRN using a pseudo random number generator (PRNG) module in an event of determination of the unavailability of the at least one PRN in the PRN pool [210b]; and an authentication unit [208] of the system [200]to perform an authentication of the user device [101] based at least on a random number from one of the PRN retrieved from the PRN pool [210b], and the PRN generated by the PRNG module [212].
[0085] Yet another aspect of the present disclosure may relate to a user device [101] for continued subscriber authentication, the user device [101] comprising a transceiver unit [101], the transceiver unit [101a] is configured to transmit, to a system [200] connected to a network server [201], a request for performing a subscriber authentication procedure, and receive, from the system [200], an indication of a performance of an authentication of the user device [101] based on the request for performing the subscriber authentication procedure. The performance of the authentication is based on: receiving, by the transceiver unit [202] of the system [200] at the network server [201], the request for performing the subscriber authentication procedure from the user device; determining, by a determination unit [204] of the system [200] at the network server [201], one of an availability and an unavailability of at least one quantum random number (QRN) in a QRN pool [210a] stored at a storage unit [210]; determining, by the determination unit [204] of the system [200] at the network server [201], one of an availability and an unavailability of at least one pseudo random number (PRN) in a PRN pool [210b] stored at the storage unit [210] in an event of determination of the unavailability of the at least one QRN in the QRN pool [210a]; performing one of: retrieving, by a collection unit [206] of the system [200] at the network server [201], a PRN from among the at least one PRN from the PRN pool [210b] in an event of determination of the availability of the at least one PRN in the PRN pool [210b]; and generating, by the collection unit [206] at the network server [201], a PRN using a pseudo random number generator (PRNG) module [212] in an event of determination of the unavailability of the at least one PRN in the PRN pool [210b]; and performing, by an authentication unit [208] of the system [200] at the network server [201], an authentication of the user device [101] based at least on a random number from one of the PRN retrieved from the PRN pool [210b], and the PRN generated by the PRNG module [212], [0086] As is evident from the above, the present disclosure provides a technically advanced solution for continued subscriber authentication during long standing hardware faults. The system and the method disclosed by the present disclosure continues to authenticate subscriber by implementing a fall back mechanism which utilizes the PRN pool in case unavailability of the QRNs and auto fall back after the recovery of the Q.RNG during long standing hardware faults in the QRNG module, thereby not impacting subscriber services and avoiding undesired network outages.
[0087] While considerable emphasis has been placed herein on the disclosed embodiments, it will be appreciated that many embodiments can be made and that many changes can be made to the embodiments without departing from the principles of the present disclosure. These and other changes in the embodiments of the present disclosure will be apparent to those skilled in the art, whereby it is to be understood that the foregoing descriptive matter to be implemented is illustrative and non-limiting.

Claims

We Claim:
1. A method (300) for continued subscriber authentication, the method (300) comprising: - receiving, by a transceiver unit [202] at a network server [201], a request for performing a subscriber authentication procedure from a user device [101]; - determining, by a determination unit [204] at the network server [201], one of an availability and an unavailability of at least one quantum random number (QRN) in a QRN pool [210a] stored at a storage unit [210]; - determining, by the determination unit [204] at the network server [201], one of an availability and an unavailability of at least one pseudo random number (PRN) in a PRN pool [210b] stored at the storage unit [210] in an event of determination of the unavailability of the at least one Q.RN in the QRN pool [210a]; - performing one of: o retrieving, by a coilection unit [206] at the network server [201], a PRN from among the at least one PRN from the PRN pool [210b] in an event of determination of the availability of the at least one PRN in the PRN pool [210b], and o generating, by the collection unit [206] at the network server [201], a PRN using a pseudo random number generator (PRNG) module [212] in an event of determination of the unavailability of the at least one PRN in the PRN pool [210b]; and - performing, by an authentication unit [208] at the network server [201], an authentication of the user device [101] based at least on a random number from one of the PRN retrieved from the PRN pool [210b], and the PRN generated by the PRNG module [212],
2. The method (300) as claimed in claim 1, wherein the network server [201] is one of a unified data management (UDM) server, a home subscriber server (HSS), and a home location register (HLR) server.
3. The method (300) as claimed in claim 1, wherein prior to the determining, by the determination unit [204], one of the availability and the unavailability of the at least one PRN in the PRN pool [210b], the method comprises: - generating, by a notification unit [214], a notification for display at a user interface, the notification indicating the determination of the unavailability of the at least one QRN in the QRN pool [210a].
4. The method (300) as claimed in claim 1, the method comprises retrieving, by the collection unit [206], a QRN from the QRN pool [210a] in an event of determination of the availability of the at least one QRN in the QRN pool [210a].
5. The method (300) as claimed in claim 4, wherein the performing, by the authentication unit [208], the authentication of the user device [101] is further based on a random number retrieved from the QRN pool [210a],
6. A system [200] for continued subscriber authentication, the system [200] is in connection with a network server [201], the system [200] comprises: - a transceiver unit [202] configured to receive a request for performing a subscriber authentication procedure from a user device; - a determination unit [204] connected to at least the transceiver unit [202] and a storage unit [210], the determination unit [204] configured to: o determine one of an availability and an unavailability of at least one quantum random number (QRN) in a QRN pool [210a] stored at the storage unit [210]; o determine one of an availability and an unavailability of at least one pseudo random number (PRN) in a PRN pool [210b] stored at the storage unit [210] in an event of determination of the unavailability of the at least one QRN in the QRN pool [210a]; - a collection unit [206] connected at least to the storage unit [210], the collection unit [206] configured to perform one of: o a retrieval of a PRN from among the at least one PRN from the PRN pool [210b] in an event of determination of the availability of the at least one PRN in the PRN pool [210b]; o a generation of a PRN using a pseudo random number generator (PRNG) module [212] in an event of determination of the unavailability of the at least one PRN in the PRN pool [210b]; and - an authentication unit [208] connected to at least the collection unit [206] and the storage unit [210], the authentication unit [208] configured to perform an authentication of the user device [101] based at least on a random number from one of the PRN retrieved from the PRN pool [210b], and the PRN generated by the PRNG module [212],
7. The system [200] as claimed in claim 6, wherein the network server [201] is one of a unified data management (UDM) server, a home subscriber server (HSS), and a home location register (HLR) server.
8. The system [200] as claimed in claim 6, the system [200] further comprises a notification unit [214], wherein prior to the determination of one of the availability and the unavailability of the at least one PRN in the PRN pool [210b] by the determination unit [204], the notification unit [214] is configured to:
- generate a notification for display at a user interface, the notification indicating the determination of the unavailability of the at least one QRN in the QRN pool [210a].
9. The system [200] as claimed in claim 6 wherein the collection unit [206] is configured to retrieve a QRN from the QRN pool [210a] in an event of determination of the availability of the at least one QRN in the QRN pool [210a],
10. The system [200] as claimed in claim 9 wherein the authentication unit [208] is configured to perform the authentication of the user device [101] based on a random number retrieved from the Q.RN pool [210a],
11. A user device [101] for continued subscriber authentication, the user device [101] comprising: - a transceiver unit [101a] configured to: transmit, to a system [200] connected to a network server [201], a request for performing a subscriber authentication procedure, and receive, from the system [200], an indication of a performance of an authentication of the user device [101] based on the request for performing the subscriber authentication procedure, wherein said performance of the authentication is based on: receiving, by a transceiver unit [202] of the system [200] at the network server [201], the request for performing the subscriber authentication procedure from the user device, determining, by a determination unit [204] of the system [200] at the network server [201], one of an availability and an unavailability of at least one quantum random number (QRN) in a QRN pool [210a] stored at a storage unit [210], determining, by the determination unit [204] of the system [200] at the network server [201], one of an availability and an unavailability of at least one pseudo random number (PRN) in a PRN pool [210b] stored at the storage unit [210] in an event of determination of the unavailability of the at least one QRN in the QRN pool [210a], performing one of: retrieving, by a collection unit [206] of the system [200] at the network server [201], a PRN from among the at least one PRN from the PRN pool [210b] in an event of determination of the availability of the at least one PRN in the PRN pool [210b], and generating, by the collection unit [206] at the network server [201], a PRN using a pseudo random number generator (PRNG) module [212] in an event of determination of the unavailability of the at least one PRN in the PRN pool [210b], and performing, by an authentication unit [208] of the system [200] at the network server [201], an authentication of the user device [101] based at least on a random number from one of the PRN retrieved from the PRN pool [210b], and the PRN generated by the PRNG module [212],
12. A non-transitory computer readable storage medium storing instructions for continued subscriber authentication, the storage medium comprising executable code which, when executed by one or more units of a system [200], causes: - a transceiver unit [202] of the system [200] to receive, at a network server [201], a request for performing a subscriber authentication procedure from, a user device;- a determination unit [204] of the system [200] to determine, at the network server [201], one of an availability and an unavailability of at least one quantum random number (QRN) in a QRN pool [210a] stored at a storage unit [210]; - the determination unit [204] of the system [200] to determine, at the network sever [201], one of an availability and an unavailability of at least one pseudo random number (PRN) in a PRN pool [210b] stored at the storage unit [210] in an event of determination of the unavailability of the at least one QRN in the QRN pool [210a]; - a collection unit [206] of the system [200] to perform one of: o a retrieval of a PRN from among the at least one PRN from the PRN pool [210b] in an event of determination of the availability of the at least one PRN in the PRN pool [210b]; o a generation of a PRN using a pseudo random number generator (PRNG) module [212] in an event of determination of the unavailability of the at least one PRN in the PRN pool [210b]; and
- an authentication unit [208] of the system [200] to perform an authentication of the user device [101] based at least on a random number from one of the PRN retrieved from the PRN pool [210b], and the PRN generated by the PRNG module [212],
PCT/IN2024/050754 2023-07-05 2024-06-11 Method and system for continued subscriber authentication Pending WO2025008884A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
IN202321045219 2023-07-05
IN202321045219 2023-07-05

Publications (1)

Publication Number Publication Date
WO2025008884A1 true WO2025008884A1 (en) 2025-01-09

Family

ID=94171349

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IN2024/050754 Pending WO2025008884A1 (en) 2023-07-05 2024-06-11 Method and system for continued subscriber authentication

Country Status (1)

Country Link
WO (1) WO2025008884A1 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050074122A1 (en) * 2003-10-07 2005-04-07 Koolspan, Inc. Mass subscriber management
US20140075532A1 (en) * 2011-06-16 2014-03-13 Telefonaktiebolaget L M Ericsson (Publ) Authentication Server and Communication Device
EP3429286A1 (en) * 2016-03-09 2019-01-16 ZTE Corporation Verification method and device, and terminal

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050074122A1 (en) * 2003-10-07 2005-04-07 Koolspan, Inc. Mass subscriber management
US20140075532A1 (en) * 2011-06-16 2014-03-13 Telefonaktiebolaget L M Ericsson (Publ) Authentication Server and Communication Device
EP3429286A1 (en) * 2016-03-09 2019-01-16 ZTE Corporation Verification method and device, and terminal

Similar Documents

Publication Publication Date Title
US9445286B2 (en) Protocol version negotiation method, mobile terminal, base station and communications system
CN103037195A (en) Method and device used for setting video call parameters and transmission capacity parameters
CN109684114A (en) Message distributing method, device, terminal and medium based on iOS system
EP2830373B1 (en) Method and apparatus compatible with multi-version for storing wireless resource
US20230363019A1 (en) Method for information transmission
CN116056177B (en) Network type switching method and communication equipment
WO2025008884A1 (en) Method and system for continued subscriber authentication
WO2025008895A1 (en) Method and system for performing handover from wlan to new radio (nr) in a wireless network
CN103024202A (en) Method and device for displaying operator icon in status bar of mobile phone
WO2024060234A1 (en) Information reporting method, and apparatus
US20240080751A1 (en) Exchange method and apparatus for multi-subscriber identification module characteristic information, and communication device
CN116744346A (en) Network fault handling methods, terminals, access network equipment and core network equipment
WO2025013074A1 (en) Method and system for performing backup and restoration of application
CN115189807A (en) Method, device, terminal and network side equipment for determining and indicating HARQ (hybrid automatic repeat request) process number
WO2025012954A1 (en) Method and system for optimising availability of an updated data at a secondary site
WO2025008885A1 (en) Method and system for optimizing routing of a call related to a special number
WO2025008942A1 (en) Method and system for performing handover in a wireless communication network
WO2025069069A1 (en) Method and system for service continuity of a network node
WO2024022398A1 (en) Method for acquiring network selection information of hosted network, terminal, and network side device
WO2025013061A1 (en) Method and system for software upgrade management
WO2025013023A1 (en) Method and system for visualization of alarms in a network
WO2025013030A1 (en) Method and system for managing performance data and associate performance data of a network node
WO2025012945A1 (en) Method and system for provisioning and registration of a network node in self-organizing network
WO2025012942A1 (en) Method and system for modification of cell level parameters in a cellular communication network
WO2025008951A1 (en) Method and system for memory management in a communication network

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 24835606

Country of ref document: EP

Kind code of ref document: A1