WO2025233037A1

WO2025233037A1 - Method, apparatus and computer program

Info

Publication number: WO2025233037A1
Application number: PCT/EP2025/056988
Authority: WO
Inventors: Saurabh Khare; Srinivas GARIKIPATI; German PEINADO GOMEZ; Ranganathan MAVUREDDI DHANASEKARAN
Original assignee: Nokia Technologies Oy
Current assignee: Nokia Technologies Oy
Priority date: 2024-05-10
Filing date: 2025-03-14
Publication date: 2025-11-13
Anticipated expiration: 2026-11-10

Abstract

There is provided a method, apparatus, and computer program for causing an apparatus to perform: obtaining, from a user input of the apparatus, a user identifier of a user of the apparatus; providing, to a first network function, the user identifier during a registration and/or session establishment request service operation; obtaining an authentication challenge from the first network function in response to the registration and/or session establishment request service operation; obtaining, from the user input, a first user key; and authenticating the first network function using the first user key, and the authentication challenge.

Description

METHOD, APPARATUS AND COMPUTER PROGRAM

TECHNICAL FIELD

[0001] Various example embodiments of this disclosure relate to a method, apparatus, system and computer program and in particular but not exclusively to user authentication.

BACKGROUND

[0002]A communication network can be seen as a facility that enables communications between two or more communication devices, or provides communication devices access to a data network. A mobile or wireless communication network is one example of a communication network. A communication device may be provided with a service by an application server.

[0003] Such communication networks operate in according with standards such as those provided by 3GPP (Third Generation Partnership Project) or ETSI (European Telecommunications Standards Institute). Examples of standards are the so-called 5G (5th Generation) standards and 6G (6th Generation) standards provided by 3GPP.

SUMMARY

[0004] Some example embodiments of this disclosure will be described with respect to certain aspects. These aspects are not intended to indicate key or essential features of the embodiments of this disclosure, nor are they intended to be used to limit the scope of thereof. Other features, aspects, and elements will be readily apparent to a person skilled in the art in view of this disclosure.

[0005]According to a first aspect, there is provided an apparatus comprising means for performing: obtaining, from a user input of the apparatus, a user identifier of a user of the apparatus; obtaining, from the user input, a first input; providing, to a first network function, the user identifier during a registration and/or session establishment request service operation; obtaining an authentication challenge from the first network function in response to the registration and/or session establishment request service operation; and authenticating the first network function using the first input, the user identifier, and the authentication challenge. [0006]According to a second aspect, there is provided an apparatus comprising: at least one processor; and at least one memory comprising code that, when executed by the at least one processor, causes the apparatus to perform: obtaining, from a user input of the apparatus, a user identifier of a user of the apparatus; obtaining, from the user input, a first input; providing, to a first network function, the user identifier during a registration and/or session establishment request service operation; obtaining an authentication challenge from the first network function in response to the registration and/or session establishment request service operation; and authenticating the first network function using the first input, the user identifier, and the authentication challenge.

[0007]According to a third aspect, there is provided a method for an apparatus, the method comprising: obtaining, from a user input of the apparatus, a user identifier of a user of the apparatus; obtaining, from the user input, a first input; providing, to a first network function, the user identifier during a registration and/or session establishment request service operation; obtaining an authentication challenge from the first network function in response to the registration and/or session establishment request service operation; and authenticating the first network function using the first input, the user identifier, and the authentication challenge.

[0008]According to a fourth aspect, there is provided an apparatus comprising: obtaining circuitry for obtaining, from a user input of the apparatus, a user identifier of a user of the apparatus; obtaining circuitry for obtaining, from the user input, a first input; providing circuitry for providing, to a first network function, the user identifier during a registration and/or session establishment request service operation; obtaining circuitry for obtaining an authentication challenge from the first network function in response to the registration and/or session establishment request service operation; and authenticating circuitry for authenticating the first network function using the first input, the user identifier, and the authentication challenge.

[0009]The following may apply in respect of any (e.g., one or more, including all), of the above first to fourth aspects.

[0010] The apparatus may be caused to provide, to the first network function, an indication that the apparatus is configured to authenticate the user.

[0011]The apparatus may be caused to, before providing the user identifier to the first network function during a registration and/or session management request service operation, perform: obtaining, from the first network function, an identifier of the user; and verifying the user of the apparatus by determining that the obtained identifier of the user from the first network function is the same as the user identifier obtained from the user input.

[0012] The identifier of the user obtained from the first network function may be received with an access token and an indication of an expiry time corresponding to the access token, and the means for authenticating the first network function further comprises means for authenticating the first network function using the access token before the expiry time.

[0013]When the first input is a user key, the authenticating the first network function may further comprise: extracting a first encrypted nonce value and a first message authentication code from the authentication challenge; decrypting the first encrypted nonce value using the user key to obtain a first nonce value; and verifying the first message authentication code as originating from the first network function using the first nonce value.

[0014] The apparatus may be caused to perform: generating a second nonce value; using the second nonce value to generate a second message authentication code; encrypting the second nonce value using the user key to obtain an encrypted second nonce value; and providing, to the first network function, the first nonce value, the second message authentication code and the encrypted second nonce value as a response to the authentication challenge.

[0015]When the first input is a user key, the authenticating the first network function may further comprise: extracting a first message authentication code from the authentication challenge; and verifying the first message authentication code as originating from the first network function using a sequence number associated with the user that is maintained at the apparatus and the user identifier.

[0016] The apparatus may be caused to perform: using the user identifier and the sequence number and/or an incremented version of the sequence number to generate a second message authentication code; and providing, to the first network function, the second message authentication code as a response to the authentication challenge.

[0017] When the first input is a personal identification number of the user, the authenticating the first network function may further comprise: extracting a first nonce value and a first message authentication code from the authentication challenge; and verifying the first message authentication code as originating from the first network function using the first nonce value, and a limited time duration user secret previously configured at the apparatus.

[0018] The apparatus may be caused to perform: generating a second nonce value; using the second nonce value and the limited time duration user secret to generate a second message authentication code; and providing, to the first network function, the first nonce value, the second message authentication code and the second nonce value as a response to the authentication challenge.

[0019] The apparatus may be caused to perform receiving the limited time duration user secret during a user parameter update procedure.

[0020] When the first input is an access token, the apparatus may further be caused to perform: obtaining, from a certification authority, a certificate by providing the certification authority with the user identifier, wherein the authenticating is performed using the certificate.

[0021]The apparatus may be caused to perform: encrypting user traffic for transmission using at least one of: a user equipment key corresponding to the apparatus; or the user key.

[0022] The apparatus may be caused to perform outputting, via a display of the apparatus, at least one of: a request to receive the user identifier; a request to receive the first input; or an indication of whether the user has been successfully authenticated or not.

[0023]According to a fifth aspect, there is provided an apparatus comprising means for performing: obtaining, from a user equipment by a first network function, a user identifier of a user of the user equipment during a registration and/or session establishment request service operation; and providing, to the user equipment, an authentication challenge in response to the registration and/or session establishment request service operation based on the user identifier and subscription information corresponding to the user.

[0024] According to a sixth aspect, there is provided an apparatus comprising: at least one processor; and at least one memory comprising code that, when executed by the at least one processor, causes the apparatus to perform: obtaining, from a user equipment by a first network function, a user identifier of a user of the user equipment during a registration and/or session establishment request service operation; and providing, to the user equipment, an authentication challenge in response to the registration and/or session establishment request service operation based on the user identifier and subscription information corresponding to the user.

[0025]According to a seventh aspect, there is provided a method for an apparatus, the method comprising: obtaining, from a user equipment by a first network function, a user identifier of a user of the user equipment during a registration and/or session establishment request service operation; and providing, to the user equipment, an authentication challenge in response to the registration and/or session establishment request service operation based on the user identifier and subscription information corresponding to the user.

[0026]According to an eighth aspect, there is provided an apparatus comprising: obtaining circuitry for obtaining, from a user equipment by a first network function, a user identifier of a user of the user equipment during a registration and/or session establishment request service operation; and providing circuitry for providing, to the user equipment, an authentication challenge in response to the registration and/or session establishment request service operation based on the user identifier and subscription information corresponding to the user.

[0027]The following may be performed in respect of any (e.g., one or more including all) of the above fifth to eighth aspects.

[0028] The apparatus may be caused to perform: obtaining, from the user equipment, an indication that the apparatus is configured to authenticate the user.

[0029] The apparatus may be caused to perform: before obtaining the user identifier during the registration and/or session management request service operation: providing, to the user equipment, an identifier of the user.

[0030] The identifier of the user may be provided with an access token and an indication of an expiry time corresponding to the access token.

[0031]When the subscription information is a user key, the providing the authentication challenge may comprise: encrypting a first nonce value to obtain a first encrypted nonce value; obtaining a first message authentication code using the first encrypted nonce value; and providing the first message authentication code and the first encrypted nonce value to the user equipment in the authentication challenge.

[0032] The apparatus may be caused to perform: obtaining, from the user equipment, an encrypted second nonce value, the first nonce value, and a second message authentication code; decrypting the second encrypted nonce value using the user key to obtain a second nonce value; and verifying the second message authentication code as originating from the user equipment using the second nonce value.

[0033] When the subscription information is a user key and a sequence number, the the providing the authentication challenge may comprise: obtaining a first message authentication code using the sequence number and the user key; and providing the first message authentication code to the user equipment in the authentication challenge.

[0034] The apparatus may be caused to perform: obtaining, from the user equipment, a second message authentication code; and verifying the second message authentication code as originating from the user equipment using the user key and the sequence number and/or an incremented version of the sequence number.

[0035]When the subscription information is a personal identification number of the user and a limited time duration secret, the providing the authentication challenge may comprise: generating a first nonce value; using the first nonce value and the limited time duration user secret to generate a first message authentication code; and providing, to the user equipment, the first nonce value, and the first message authentication code in the authentication challenge.

[0036] The apparatus may be caused to perform: extracting, from a response to the authentication challenge, a second nonce value and a second message authentication code; and verifying the second message authentication code as originating from the user equipment using the second nonce value, and the limited time duration user secret.

[0037] The apparatus may be caused to perform: providing the user equipment with the limited time duration user secret during a user parameter update procedure.

[0038] When the subscription information is an access token, the apparatus may further be caused to perform: obtaining, from a certification authority, a certificate by providing the certification authority with the user identifier, wherein the providing the authentication challenge is performed using the certificate.

[0039]According to a ninth aspect, there is provided an apparatus comprising means for performing: obtaining, from a user input of the apparatus, a user identifier of a user of the apparatus; providing, to a first network function, the user identifier during a registration and/or session establishment request service operation; obtaining an authentication challenge from the first network function in response to the registration and/or session establishment request service operation; obtaining, from the user input, a first user key; and authenticating the first network function using the first user key, and the authentication challenge.

[0040] According to a tenth aspect, there is provided an apparatus comprising: at least one processor; and at least one memory comprising code that, when executed by the at least one processor, causes the apparatus to perform: obtaining, from a user input of the apparatus, a user identifier of a user of the apparatus; providing, to a first network function, the user identifier during a registration and/or session establishment request service operation; obtaining an authentication challenge from the first network function in response to the registration and/or session establishment request service operation; obtaining, from the user input, a first user key; and authenticating the first network function using the first user key, and the authentication challenge.

[0041]According to an eleventh aspect, there is provided a method for an apparatus, the method comprising: obtaining, from a user input of the apparatus, a user identifier of a user of the apparatus; providing, to a first network function, the user identifier during a registration and/or session establishment request service operation; obtaining an authentication challenge from the first network function in response to the registration and/or session establishment request service operation; obtaining, from the user input, a first user key; and authenticating the first network function using the first user key, and the authentication challenge.

[0042]According to a twelfth aspect, there is provided an apparatus comprising: obtaining circuitry for obtaining, from a user input of the apparatus, a user identifier of a user of the apparatus; providing circuitry for providing, to a first network function, the user identifier during a registration and/or session establishment request service operation; obtaining circuitry for obtaining an authentication challenge from the first network function in response to the registration and/or session establishment request service operation; obtaining circuitry for obtaining, from the user input, a first user key; and authenticating circuitry for authenticating the first network function using the first user key, and the authentication challenge.

[0043]The following may apply in respect of any (e.g., one or more, including all) of the ninth the twelfth aspects.

[0044] The apparatus may be caused to perform: providing, to the first network function, an indication that the apparatus is configured to authenticate the user.

[0045] The apparatus may be caused to perform, before providing the user identifier to the first network function during a registration and/or session management request service operation: obtaining, from the first network function, an identifier of the user; and verifying the user of the apparatus by determining that the obtained identifier of the user from the first network function is the same as the user identifier obtained from the user input.

[0046] The identifier of the user obtained from the first network function may be received with an access token and an indication of an expiry time corresponding to the access token, and the means for authenticating the first network function further comprises means for authenticating the first network function using the access token before the expiry time.

[0047] The authenticating the first network function may further comprise: extracting a first encrypted nonce value and a first message authentication code from the authentication challenge; decrypting the first encrypted nonce value using the user key to obtain a first nonce value; and verifying the first message authentication code as originating from the first network function using the first nonce value.

[0048] The apparatus may be caused to perform: generating a second nonce value; using the second nonce value to generate a second message authentication code; encrypting the second nonce value using the user key to obtain an encrypted second nonce value; and providing, to the first network function, the first nonce value, the second message authentication code and the encrypted second nonce value as a response to the authentication challenge.

[0049] The authenticating the first network function may further comprise: extracting a first message authentication code from the authentication challenge; and verifying the first message authentication code as originating from the first network function using a sequence number associated with the user that is maintained at the apparatus and the user identifier.

[0050] The apparatus may be caused to perform: using the user identifier and the sequence number and/or an incremented version of the sequence number to generate a second message authentication code; and providing, to the first network function, the second message authentication code as a response to the authentication challenge.

[0051]The apparatus may be caused to perform: encrypting user traffic for transmission using at least one of: a user equipment key corresponding to the apparatus; or the user key. [0052] The apparatus may be caused to perform: outputting, via a display of the apparatus, at least one of: a request to receive the user identifier; a request to receive the first input; or an indication of whether the user has been successfully authenticated or not.

[0053]According to a thirteenth aspect, there is provided an apparatus comprising means for performing: obtaining, from a user equipment at a first network function, a user identifier identifying a user of the user equipment during a registration and/or session establishment request service operation; and providing, to the user equipment, an authentication challenge in response to the registration and/or session establishment request service operation based on the user identifier and subscription information corresponding to the user, wherein the subscription information comprises a first user key.

[0054] According to a fourteenth aspect, there is provided an apparatus comprising: at least one processor; and at least one memory comprising code that, when executed by the at least one processor, causes the apparatus to perform: obtaining, from a user equipment at a first network function, a user identifier identifying a user of the user equipment during a registration and/or session establishment request service operation; and providing, to the user equipment, an authentication challenge in response to the registration and/or session establishment request service operation based on the user identifier and subscription information corresponding to the user, wherein the subscription information comprises a first user key.

[0055]According to a fifteenth aspect, there is provided a method for an apparatus, the method comprising: obtaining, from a user equipment at a first network function, a user identifier identifying a user of the user equipment during a registration and/or session establishment request service operation; and providing, to the user equipment, an authentication challenge in response to the registration and/or session establishment request service operation based on the user identifier and subscription information corresponding to the user, wherein the subscription information comprises a first user key.

[0056]According to a sixteenth aspect, there is provided an apparatus comprising: obtaining circuitry for obtaining, from a user equipment at a first network function, a user identifier identifying a user of the user equipment during a registration and/or session establishment request service operation; and providing circuitry for providing, to the user equipment, an authentication challenge in response to the registration and/or session establishment request service operation based on the user identifier and subscription information corresponding to the user, wherein the subscription information comprises a first user key.

[0057]The following may apply in respect of any (e.g., one or more, including all) of the thirteenth to sixteenth aspects.

[0058] The apparatus may be caused to perform: obtaining, from the user equipment, an indication that the apparatus is configured to authenticate the user.

[0059] The apparatus may be caused to perform, before obtaining the user identifier during the registration and/or session management request service operation: providing, to the user equipment, an identifier of the user.

[0060] The identifier of the user may be provided with an access token and an indication of an expiry time corresponding to the access token.

[0061]When the subscription information is a user key, the providing the authentication challenge may comprise: encrypting a first nonce value to obtain a first encrypted nonce value; obtaining a first message authentication code using the first encrypted nonce value; and providing the first message authentication code and the first encrypted nonce value to the user equipment in the authentication challenge.

[0062] The apparatus may be caused to perform: obtaining, from the user equipment, an encrypted second nonce value, the first nonce value, and a second message authentication code; decrypting the second encrypted nonce value using the user key to obtain a second nonce value; and verifying the second message authentication code as originating from the user equipment using the second nonce value.

[0063] When the subscription information is a user key and a sequence number, the providing the authentication challenge may comprise: obtaining a first message authentication code using the sequence number and the user key; and providing the first message authentication code to the user equipment in the authentication challenge.

[0064] The apparatus may be caused to perform: obtaining, from the user equipment, a second message authentication code; and verifying the second message authentication code as originating from the user equipment using the user key and the sequence number and/or an incremented version of the sequence number.

[0065]According to a seventeenth aspect, there is provided an apparatus comprising means for performing: obtaining, from a first network function, a limited time duration user secret corresponding to a user identifier of a user of the apparatus; obtaining, from a user input of the apparatus, the user identifier and a first input; providing, to a second network function, the user identifier during a registration and/or session establishment request service operation; obtaining an authentication challenge from the second network function in response to the registration and/or session establishment request service operation; and authenticating the second network function using the limited time duration user secret, the first input, the user identifier, and the authentication challenge.

[0066]According to an eighteenth aspect, there is provided an apparatus comprising: at least one processor; and at least one memory comprising code that, when executed by the at least one processor, causes the apparatus to perform: obtaining, from a first network function, a limited time duration user secret corresponding to a user identifier of a user of the apparatus; obtaining, from a user input of the apparatus, the user identifier and a first input; providing, to a second network function, the user identifier during a registration and/or session establishment request service operation; obtaining an authentication challenge from the second network function in response to the registration and/or session establishment request service operation; and authenticating the second network function using the limited time duration user secret, the first input, the user identifier, and the authentication challenge.

[0067]According to a nineteenth aspect, there is provided method for an apparatus, the method comprising: obtaining, from a first network function, a limited time duration user secret corresponding to a user identifier of a user of the apparatus; obtaining, from a user input of the apparatus, the user identifier and a first input; providing, to a second network function, the user identifier during a registration and/or session establishment request service operation; obtaining an authentication challenge from the second network function in response to the registration and/or session establishment request service operation; and authenticating the second network function using the limited time duration user secret, the first input, the user identifier, and the authentication challenge.

[0068]According to a twentieth aspect, there is provided an apparatus comprising: obtaining circuitry for obtaining, from a first network function, a limited time duration user secret corresponding to a user identifier of a user of the apparatus; obtaining circuitry for obtaining, from a user input of the apparatus, the user identifier and a first input; providing circuitry for providing, to a second network function, the user identifier during a registration and/or session establishment request service operation; obtaining circuitry for obtaining an authentication challenge from the second network function in response to the registration and/or session establishment request service operation; and authenticating circuitry for authenticating the second network function using the limited time duration user secret, the first input, the user identifier, and the authentication challenge.

[0069]The following may apply in respect of any (e.g., one or more, including all) of the seventeenth to twentieth aspects.

[0070] The first input may comprise a personal identification number corresponding to a subscription of the user may comprise receiving a user parameter update procedure comprising indications of the limited time duration user secret, an expiry time for the limited time duration user secret, and the user identifier.

[0071]The obtaining the user identifier from the user input may comprise: outputting, via a user output of the apparatus, a request for the user identifier and a secret code; and receiving, via a user input of the apparatus, the user identifier and the first input.

[0072] The authenticating the first network function may comprise: extracting a first nonce value and a first message authentication code from the authentication challenge; deriving the first message authentication code using the extracted first nonce value, the identity of the user, the first input, and the limited time duration user secret; and determining that the first network function is successfully authenticated when the derived message authentication code equals the extracted first message authentication code.

[0073] When the authentication challenge comprises a first nonce value, the apparatus may be caused to perform, subsequent to authenticating the first network function: determining a second message authentication code for enabling the first network function to authenticate the apparatus based on a second nonce value; and providing the second message authentication code, second nonce value, and first nonce value to the first network function.

[0074] The first and second network functions may be the same network function.

[0075] The first network function may comprise a certification authority, the second network function may comprise a network function, the limited time duration user secret may comprise a certificate, and wherein the obtaining the limited time duration user secret corresponding to the user identifier may be performed after the providing, to the first network function, the user identifier. [0076]According to a twenty first aspect, there is provided an apparatus comprising means for performing: obtaining, from a user equipment at a first network function, a user identifier identifying a user of the user equipment during a registration and/or session establishment request service operation; and providing, to the user equipment, an authentication challenge in response to the registration and/or session establishment request service operation based on subscription information for the user, the subscription information comprising, a limited time duration user secret.

[0077]According to a twenty second aspect, there is provided an apparatus comprising: at least one processor; and at least one memory comprising code that, when executed by the at least one processor, causes the apparatus to perform: obtaining, from a user equipment at a first network function, a user identifier identifying a user of the user equipment during a registration and/or session establishment request service operation; and providing, to the user equipment, an authentication challenge in response to the registration and/or session establishment request service operation based on subscription information for the user, the subscription information comprising, a limited time duration user secret.

[0078] According to a twenty third aspect, there is provided a method for an apparatus, the method comprising: obtaining, from a user equipment at a first network function, a user identifier identifying a user of the user equipment during a registration and/or session establishment request service operation; and providing, to the user equipment, an authentication challenge in response to the registration and/or session establishment request service operation based on subscription information for the user, the subscription information comprising, a limited time duration user secret.

[0079]According to a twenty fourth aspect, there is provided an apparatus comprising: obtaining circuitry for obtaining, from a user equipment at a first network function, a user identifier identifying a user of the user equipment during a registration and/or session establishment request service operation; and providing circuitry for providing, to the user equipment, an authentication challenge in response to the registration and/or session establishment request service operation based on subscription information for the user, the subscription information comprising, a limited time duration user secret.

[0080]The following may apply in respect of any (e.g., one or more, including all) of the twenty first to twenty fourth aspects. [0081]The subscription information may further comprise a personal identification number of the user.

[0082] The apparatus may further be cased to perform: providing the user equipment with the limited time duration user secret and an indication of an expiry time of the limited time duration user secret via a user parameter update procedure.

[0083]When the subscription information is a personal identification number of the user and a limited time duration secret, the providing the authentication challenge may comprise: generating a first nonce value; using the first nonce value and the limited time duration user secret to generate a first message authentication code; and providing, to the user equipment, the first nonce value, and the first message authentication code in the authentication challenge

[0084] The apparatus may further be caused to perform: extracting, from a response to the authentication challenge, a second nonce value and a second message authentication code; and verifying the second message authentication code as originating from the user equipment using the second nonce value, and the limited time duration user secret.

[0085] The apparatus may further be caused to perform: providing the user equipment with the limited time duration user secret during a user parameter update procedure. [0086] The first and second network functions may be the same network function.

[0087] The first network function may comprise a certification authority, the second network function may comprise a network function, and the limited time duration user secret may comprise a certificate.

[0088]According to an aspect, there is provided a non-transitory computer readable medium comprising program instructions that, when executed by an apparatus, cause the apparatus to perform at least the method according to any of the preceding aspects.

[0089] In the above, many different embodiments have been described. It should be appreciated that further embodiments may be provided by the combination of any two or more of the embodiments described above.

DESCRIPTION OF FIGURES

[0090] Some example embodiments will now be described, by way of non-limiting and illustrative example only, with reference to the accompanying Figures in which: [0091] Figure 1 shows a representation of a 5^th generation communication system; [0092] Figure 2 shows a representation of an apparatus for the communication system of Figure 1 according to some example embodiments;

[0093] Figure 3 shows a representation of an apparatus according to some example embodiments;

[0094] Figures 4 to 7 illustrate example capability signalling that may be performed by apparatus described herein;

[0095] Figures 8 to 9 illustrate example provisioning signalling by apparatus described herein;

[0096] Figures 10 to 13 illustrate example authentication signalling that may be performed by apparatus described herein; and

[0097] Figures 14 to 19 illustrate example methods that may be performed by apparatus described herein.

DETAILED DESCRIPTION

[0098] In the following various example embodiments are explained with reference to communication devices capable of communication with a communication system. Before explaining in detail the embodiments of the methods and apparatuses of the present disclosure, a 5^th generation (5G) communication system (5GS), an access network and a core network (5GC) thereof, and communication devices are briefly explained with reference to Figures 1 , 2 and 3. It is understood that the 5G system is simply provided as an example, and the presently described methods may be applied in respect of other communication systems, such as 6G and beyond.

[0099] Figure 1 shows a schematic representation of a 5G communication system (5GS). The 5GS may comprise a user equipment (UE), an access network such as a 5G radio access network (5G-RAN) or next generation radio access network (NG- RAN), a 5G core network (5GC), and one or more application functions. An application function may be deployed in the 5GS as trusted application function or may be deployed or host on one or more application servers of the data network. Such application functions are untrusted application functions. The 5GS connects the UE to a data network the access network and the 5GC (e.g., a UPF of the 5GC).

[0100]The 5G-RAN may comprise one or more radio access nodes, such as gNodeB (GNB). A gNB may include one or more gNodeB (GNB) distributed units connected to one or more gNodeB (GNB) centralized units . [0101]The 5GC may comprise the following network functions: Network Slice Selection Function (NSSF); Network Exposure Function; Network Repository Function (NRF); Policy Control Function (PCF); Unified Data Management (UDM); Application Function (AF); Authentication Server Function (AUSF); an Access and Mobility Management Function (AMF); and Session Management Function (SMF), and a user plane function (UPF). Figure 1 also shows the various interfaces (N1 , N2 etc.) that may be implemented between the various elements of the system.

[0102] Particular reference is made in the below to an AMF, an AUSF, and a UDM. A brief overview of some of roles these network functions may perform is provided to provide further context.

[0103] An AMF is responsible for handling connection and mobility management tasks for a UE connecting to the core network. As part of this, the AMF may receive signaling over an interface (e.g., an N1 and/or N2 interface) to and/or from a UE, and act as an access point to the 5GC.

[0104] Following an initial non-access stratum (NAS) message, the AMF may send an Authentication and Key Agreement (AKA) request to the UE. This precedes the subsequent UE authorisation process performed by the UDM as part of the 5GC service based architecture.

[0105] An AUSF is responsible for verifying the identify of a subscriber, validating their subscription data, and determining an appropriate security context for the subscriber. The AUSF further supports authentication and authorisation procedures for other network functions by verifying an identity of a subscriber (e.g., by authenticating the subscriber) and ensuring that that subscriber is authorised to access the network (e.g., by authorising the subscriber). The AUSF may interact with the AMF to manage subscriber mobility and handover procedures, and may interact with a UDM to manage subscriber data and profiles.

[0106]The AUSF supports the AKA protocol for mutual authentication between the subscriber and the network. The AUSF may further support the Extensible Authentication Protocol (EAP)-AKA protocol for mutual authentication. EAP-AKA is currently described in a variety of documents, including RFC 4187.

[0107]The UDM is responsible for managing subscriber data (also referred to herein as subscription information), and for providing support for authentication and authorisation services. [0108] Figure 2 illustrates an example of a control apparatus 200 for controlling a function of the access network (e.g., a 5G-RAN or the NG-RAN illustrated in Figure 1 ) illustrated on Figure 1. The control apparatus 200 may comprise at least one random access memory (RAM) 211 a, at least on read only memory (ROM) 211 b, at least one processor 212, 213 and an network interface 214. The at least one processor 212, 213 may be coupled to the RAM 211 a and the ROM 211 b. The at least one processor 212, 213 may be configured to execute an appropriate software code 215. Execution of the software code 215 may for example may cause the apparatus to perform operations for controlling a function of the access network. The software code 215 may be stored in the ROM 211 b. The control apparatus 200 may be interconnected with another control apparatus 200 for controlling another function of the 5G-RAN or the NG-RAN. In some embodiments, each function of the 5G-RAN or the NG-RAN is deployed or hosted on a control apparatus 200. In alternative embodiments, two or more functions of the 5G-RAN or the NG-RAN may share a control apparatus.

[0109] Figure 3 illustrates an example of a communication device 300, such as the UE illustrated on Figure 1. The communication device 300 may be provided by any device capable of sending and receiving radio signals. Non-limiting examples of a communication device 300 comprise a user equipment, a mobile station (MS) or mobile device such as a mobile phone or what is known as a ’smart phone’, a computer provided with a wireless interface card or other wireless interface facility (e.g., USB dongle), a personal data assistant (PDA) or a tablet provided with wireless communication capabilities, a machine-type communications (MTC) device, an Internet of things (loT) type communication device or any combinations of these or the like. The communication device 300 may comprise a transceiver for transmitting and/or receiving, for example, wireless signals carrying communications, for example radio signals. The communications may be one or more of voice, electronic mail (email), text messages, multimedia data, machine data and so on.

[0110]The communication device 300 may receive wireless signals (e.g., radio signals) over an air or radio interface 307 via appropriate apparatus for receiving and may transmit wireless signals via appropriate apparatus for transmitting radio signals. In Figure 3 transceiver is designated schematically by block 306. The transceiver 306 may comprise, for example, a radio part and associated antenna arrangement. The antenna arrangement may be arranged internally or externally to the mobile device and may comprise one or more antenna elements. The antenna arrangement may be a multi-input multi output (MIMO) antenna.

[0111]The communication device 300 may be provided with at least one processor 301 , at least one memory ROM 302a, at least one RAM 302b and other possible components 303 for use in software and hardware aided execution of tasks it is designed to perform, including control of access to and communications with access networks (e.g., the 5G-RAN or NG-RAN illustrated in Figure 1 ) and other communication devices. The at least one processor 301 is coupled to the RAM 302b and the ROM 302a. The at least one processor 301 may be configured to execute an appropriate software code 308. The software code 308 may for example allow to perform one or more operations of the communication device. The software code 308 may be stored in the ROM 302a.

[0112]The processor, the ROM, and the RAM, the transceiver and other circuitry of the communication device (e.g., a modem) can be provided on a circuit board, in chipsets, or in a system on chip. The circuit board, chipsets or system on chip is denoted by reference 304. The communication device 300 may optionally have a user interface such as key pad 305, touch sensitive screen or pad, combinations thereof or the like. Optionally one or more of a display, a speaker and a microphone may be provided depending on the type of communication device.

[0113] Reference is made in the below to a plurality of different identifiers. These are discussed here for future clarity:

[0114] Subscription Permanent Identifier (SUPI): The SUPI is a globally unique identifier that is assigned to each subscriber in the 3GPP system, and which is provisioned in the UDM. A SUPI comprises three parts that respectively represent the Mobile Country Code (MCC), the Mobile Network Code (MNC) identifying the network operator, and a the Mobile Subscriber identification number (MSIN). A SUPI identifies an individual user of a particular operator.

[0115] A communication device such as described in relation to Figure 3 may be considered as comprising a Mobile Equipment (ME) part and a Universal Subscriber Identity Module (USIM) part. One USIM may comprise multiple profiles, each destined for certain purposes. For example, where a user has multiple terminals (e.g., multiple ME), the user may interchange the USIM between multiple terminals in order to associate the subscription with the different terminal. [0116] Subscriber Concealed Identifier (SUCI): The SUCI is a concealed version of the SlIPI. The SUCI may be generated by a UE (e.g., the USIM and/or the ME of a UE) using a public key of the home network that is provisioned in the USIM of the UE. [0117] Globally unique Temporary UE Identifier (GUTI): The purpose of the GUTI is to provide an unambiguous identifier of the UE within the AMF that does not reveal the UE or the user's permanent identity. The GUTI is allocated to the UE and provisioned at the UE by the AMF, and a new GUTI value may be allocated and/or provisioned at the UE at any time by the AMF. The GUTI may comprise a part that identifies a network part (e.g., that identifies an AMF), and a part that identifies the UE. The GUTI may be labelled as a 5G-GUTI when it is used in a 5G core.

[0118] Generic Public Subscription Identifier (GPSI): The GPSI is used as a means of addressing a 3GPP subscription in data networks outside the 3GPP system. These are public identifiers such as MSISDN. The 3GPP system stores within the subscription data the association between the GPSI and the corresponding SUPI.

[0119] Recent key issues identified in 3GPP development relate to authentication and authorisation of a human user of a communication device of Figure 3. For clarity and brevity throughout the following, the communication device will be referred to as a UE, and the human user will simply be labelled as a user.

[0120] These key issues have identified that without an appropriate authentication and authorisation mechanism for a user, an attacker may impersonate the human user of a subscription registered at the UDM of the network. This may lead to the attacker gaining unauthorized access to services corresponding to that subscription.

[0121]There is also a concern related to what information corresponding to the user and/or the subscription is exposed to third parties, particularly when those third parties are outside of the 3GPP core and are configured to provide at least one service to the user.

[0122] The following aims to address at least one of the above-mentioned issues.

[0123] In more detail, the following envisions scenarios in which a user may access services through multiple UE that comprise respective USIM and ME. Stated differently, the user may provide additional subscriber-based information to the ME and/or the USIM that is to be used as part of an authentication and/or authorisation process being performed for authenticating and/or authorising the user for receiving at least one service. [0124] The following provides a plurality of methods for enabling user authentication and authorisation to be performed in at least one network function(s) of a core network (e.g., a 3GPP core network). An external party to the core network may subsequently base their provision of a service to the user on the authentication and/or authorisation of the user in the core network.

[0125]The methods may be performed when the ALISF and/or UDM believes that the UE is able to perform the authentication and/or authorisation of the user based on user input. Consequently, in some examples, the UE and/or a network function in the core network may provide the other entity with information related to whether the providing entity is able to perform authentication and/or authorisation of the user, although it is understood that this is not always performed. Further, the UE may be pre-provisioned with user information, such as a user identifier, and/or an access token (or some other access credential) for subsequently verifying the user in later authentication and/or authorisation procedures.

[0126]These presently described features are illustrated with respect to Figures 4 to 19, in which:

• Figures 4 to 7 illustrate signaling that may be performed in respect of all of the examples of Figures 8 to 19, and illustrate ways in which a UE and/or a core network may exchange indications relating to whether the UE and/or core network can perform the presently described methods of Figures 8 to 19;

• Figures 8 to 9 illustrate how a UE may (or may not) be provisioned (e.g., provided) with information corresponding to a user of the UE, depending on whether the network and the UE are able to perform the authentication and/or authorisation of the user according to Figures 10 to 19;

• Figures 10 to 13 illustrate the plurality of different authentication and/or authorisation methods that may be performed when a UE has been provisioned with information corresponding to a user in accordance with Figure 8; and

• Figures 14 to 19 illustrate features of the examples of Figures 10 to 13.

[0127] These will be discussed in more detail below.

[0128] Figures 4 to 7 illustrate examples regarding how capability information may be signaled between UE and a network function.

[0129] In more detail, in these examples of Figures 4 to 7, capability information is exchanged between a UE and a network function indicating whether the UE supports user authentication and/or whether the network function supports user authentication based on user input to the UE (e.g., using information input by a user).

[0130] Figures 4 to 6 illustrate how capability information indicating whether the UE supports user authentication based on user input to the UE may be signaled from a user equipment to a network function. Figure 7 illustrates how capability information indicating whether the network supports user authentication based on user input to the UE may be signaled from a network function to a UE.

[0131] In these examples of Figures 4 to 6, the capability information indicating whether the UE supports user authentication is performed during UE registration and/or UE authorization, and/or UE authentication. Stated differently, in the examples of Figures 4 to 6 illustrate examples in which user authentication and/or authentication information is provided as part of UE capability signaling. However, it is understood that these are merely examples, and this information may instead be provided as part of user-specific signaling.

[0132] It is further understood that where reference is made in the below to a capability of a UE to perform user authentication, this refers to a capability of the UE to perform user authentication using information received from a user via a user input of the UE. [0133] Figure 4 illustrates a first example signaling in an environment in which a user 403 may communicate with a network via at least one of a first UE that comprises a first USIM 401 and a first ME 402, or a second UE that comprises a second USIM 404 and a second ME 405. Figure 4 further illustrates a radio access network (RAN) apparatus 406, an AMF 407, and an AUSF and/or UDM 408.

[0134] During 4001 , the second ME 405 signals the AMF 407. This signaling may comprise an N1 message (e.g., a message signaled across an N1 interface, such as a registration message). This signaling may comprise a SUCI and/or 5G_GUTI. This signaling may comprise an indication that the second UE supports user authentication. The indication may be expressed in the form of a predetermined bit value in a predesignated field, where the absence of the predesignated field and/or another bit value in the predesignated field indicates that the second UE does not support user authentication.

[0135] During 4002, the AMF 407 signals the AUSF and/or UDM 408. This signaling may comprise, for example, a registration and/or authentication request on behalf of the second ME. This signaling may comprise a SUCI and/or SUPI. This signaling may comprise the indication that the second UE supports user authentication that was received during 4001 .

[0136] During 4003, the ALISF and/or UDM 408 updates a UE subscription for the second UE that is stored in the network to note that the second UE supports user authentication. This information may be stored by indexing the SUPI.

[0137] During 4004, the second UE is authenticated (e.g., according to clause 6.1.3 of 3GPP TS 33.501 ).

[0138] During 4005, the user of the second UE is authenticated. This may be as described below.

[0139] Figure 5 illustrates a second example signaling in an environment in which a user 503 may communicate with a network via at least one of a first UE that comprises a first USIM 501 and a first ME 502, or a second UE that comprises a second USIM 504 and a second ME 505. Figure 5 further illustrates a radio access network (RAN) apparatus 506, an AMF 507, and an AUSF and/or UDM 508.

[0140] Figure 5 illustrates an example in which the first UE does not support user authentication.

[0141] During 5001 , the first ME 502 signals the AMF 507. This signaling may comprise an N1 message (e.g., a registration message). This signaling may comprise a SUCI and/or 5G_GUTI. This signaling may comprise an indication that the first UE does not support user authentication. The indication may be expressed in the form of a predetermined bit value in a predesignated field, where the absence of the predesignated field and/or another bit value in the predesignated field indicates that the second UE does not support user authentication.

[0142] During 5002, the AMF 507 signals the AUSF and/or UDM 508. This signaling may comprise, for example, a registration and/or authentication request on behalf of the first ME. This signaling may comprise a SUCI and/or SUPI. This signaling may comprise the indication that the first UE does not support user authentication that was received during 4001 .

[0143] During 5003, the AUSF and/or UDM 508 updates a UE subscription for the first UE that is stored in the network to note that the first UE does not support user authentication. This information may be stored by indexing the SUPI.

[0144] During 5004, the first ME is authenticated (e.g., according to clause 6.1.3 of 3GPP TS 33.501 ). [0145] During 5005, the user of the first UE is not authenticated (e.g., in accordance with the signaling of 5002).

[0146] Figure 6 illustrates a third example signaling in an environment in which a user 603 may communicate with a network via at least one of a first UE that comprises a first USIM 601 and a first ME 602, or a second UE that comprises a second USIM 604 and a second ME 605. Figure 6 further illustrates a radio access network (RAN) apparatus 606, an AMF 607, and an AUSF and/or UDM 608.

[0147] During 6001 , the second ME 605 signals the AMF 607. This signaling may comprise an N1 message (e.g., a registration message). This signaling may comprise a SUCI and/or 5G_GUTI. This signaling may comprise an indication that the second UE does not support user authentication. The indication may be expressed in the form of an absence of a predesignated field, where the absence of the predesignated field indicates that the second UE does not support user authentication.

[0148] During 6002, the AMF 607 signals the AUSF and/or UDM 608. This signaling may comprise, for example, a registration and/or authentication request on behalf of the second ME. This signaling may comprise a SUCI and/or SUPI. This signaling may comprise the indication (e.g., the absence of the predesignated field) that the second UE does not support user authentication that was received during 6001 .

[0149] During 6003, the AUSF and/or UDM 608 updates a UE subscription for the second UE that is stored in the network to note that the second UE does not support user authentication. This information may be stored by indexing the SUPI.

[0150] During 6004, the second UE is authenticated (e.g., according to clause 6.1.3 of 3GPP TS 33.501 ).

[0151] During 6005, the user of the second UE is not authenticated, in accordance with the absence of the predesignated field in the signaling of 6002.

[0152] Figure 7 illustrates a fourth example signaling in an environment in which a user 703 may communicate with a network via at least one of a first UE that comprises a first USIM 701 and a first ME 702, or a second UE that comprises a second USIM 704 and a second ME 705. Figure 7 further illustrates a radio access network (RAN) apparatus 706, an AMF 707, and an AUSF and/or UDM 708.

[0153] Figure 7 illustrates an example in which the network does not support user authentication.

[0154] During 7001 , the first ME 702 signals the AMF 707. This signaling may comprise an N1 message (e.g., a registration message). This signaling may comprise a SUCI and/or 5G GlITI. This signaling may comprise an indication that the first UE supports user authentication. The indication may be expressed in the form of a predetermined bit value in a predesignated field, where the absence of the predesignated field and/or another bit value in the predesignated field indicates that the first UE does not support user authentication.

[0155] During 7002, the AMF 707 signals the AUSF and/or UDM 708. This signaling may comprise, for example, a registration and/or authentication request on behalf of the second ME. This signaling may comprise a SUCI and/or SUPI. This signaling may comprise the indication that the second UE supports user authentication that was received during 7001 .

[0156] During 7003, the AUSF and/or UDM 708 updates a UE subscription for the second UE that is stored in the network to note that the second UE supports user authentication and that the network does not support user authentication. This information may be stored by indexing the SUPI.

[0157] During 7004, the AUSF and/or UDM 708 signals the AMF 707. This signaling may comprise the registration and/or authentication request accept message. This signaling may comprise an indication that the network does not support user authentication. This signaling may comprise the SUPI.

[0158] During 7005, the AMF 707 signals the first ME 702. This signaling may indicate that the network does not support user authentication. This signaling may be comprised in a registration and/or authentication request accept message for the UE registration and/or authentication procedure(s) respectively. It is understood that where the UE capability is exchanged as part of user-specific signaling, that this indication that the network does not support user authentication may be provided in a user authentication rejection message.

[0159]These examples of Figures 4 to 7 relate to a UE and/or network function informing the other entity as to whether or not the UE and/or network function is capable of performing a user authentication using information received from a user via a user input.

[0160] For example, as part of the UE capability negotiation process, the UE may indicate to the network about its capability to support user authentication. Although not discussed in the above examples, the signaling may further provide an indication of when the user authentication may be performed. For example, the UE may be restricted to performing the user authentication during a registration procedure, and/or a packet data unit (PDU) session establishment method. Similarly, the network function may provide, with its indication indicating whether the network can support user authentication, when the user authentication may be performed (e.g., as part of a registration procedure, a PDU Session establishment procedure, and/or both).

[0161] Figures 8 and 9 illustrate examples in which a UE may or may not be provisioned with a user identifier for use in a later authentication procedure and/or authorization procedure of the user. It is understood that although the following refers to first and/or second UE, that the presently described techniques may be performed by any UE.

[0162] Figure 8 illustrates an example of how a UE may be provisioned with a user identifier. This provisioning may be performed based on (e.g., in response to) a determination that the user equipment is capable of participating in authenticating a user of the UE. The UE is also shown in the example of Figure 8 as authenticating the user based on (e.g., using) a user identifier provided by the network function and by a user input received from a user. Examples of the network function exchanging signaling with the UE for authenticating and/or authorizing the user within the core network are illustrated with respect to Figures 10 to 3.

[0163] Figure 8 illustrates a fourth example signaling in an environment in which a user 803 may communicate with a network via at least one of a first UE that comprises a first USIM 801 and a first ME 802, or a second UE that comprises a second USIM 804 and a second ME 805. Figure 8 further illustrates a radio access network (RAN) apparatus 806, an AMF 807, and an AUSF and/or UDM 808. In the example of Figure 8, the AUSF and/or UDM 808 is aware that the second UE is able to participate in authenticating the user of the second UE.

[0164] During 8001 , the AUSF and/or UDM 808 determines to provision the second UE with a user identifier. This user identifier may have been configured at the AUSF and/or UDM 808 as part of a subscription information corresponding to the user.

[0165] The AUSF and/or UDM 808 may use the user identifier to determine an integrity message authentication code (MAC-I) and to determine a token for the second UE. A Message Authentication Code (MAC) is used to authenticate the origin and nature of a message. MACs use authentication cryptography to verify the legitimacy of data sent through a network or transferred from one person to another.

[0166] The token may be determined by inputting an authentication key, KAUSF, the user identifier, and the SUPI into a first key derivation function. The first key derivation function is configured to output the token using these inputs. Further, the MAC-1 may be derived by inputting the authentication key, KAUSF, user parameter update information (such as the token and the user identifier), and a user parameter update counter value into a second key derivation function, which uses these inputs to output the MAC-1. The user parameter update procedure is a procedure defined in 3GPP for providing user information (e.g., subscription information stored in a UDM) to a UE.

[0167] During 8002, the ALISF and/or UDM 808 signals the AMF 807. This signaling may comprise user parameter update information, including the user identifier, the token, the MAC-I, and a timestamp indicating (or which may be used to indicate) a validity period of the user parameter update information. After the validity period has expired, the user parameter update information may be invalid. This signaling may be signaled using, for example, an Nudm_SDM_Notification service operation.

[0168] During 8003, the AMF 807 signals the second ME 805. This signaling may comprise the user parameter information signaled during 8002. This signaling may be signaled using, for example, a non-access stratum (NAS) signaling service operation, such as, for example, a downlink NAS transport signaling service operation.

[0169] During 8004, after MAC-I has been successfully verified, the user identifier, token, and timestamp are stored in at least one of the second ME 805 or the second USIM 804.

[0170] 8005 to 8007 refer to a later authentication procedure. It is understood that at least one of 8005 to 8007 may be performed as part of the authentication method of any of Figures 10 to 13.

[0171] During 8005, the user 803 inputs a user identifier (e.g., an identifier of the user 803) into the second UE via a user input of the second UE, which is received by the second ME 805. This user identifier may be input in response to the ME outputting to the user (e.g., via a display of the second UE) a request for this user identifier.

[0172] During 8006, the second USIM 804 and second ME 805 verify whether the input user identifier of 8005 matches the user identifier of 8003. When these are the same, the second UE determines that the user using the second UE has a provisioned service, and may receive a service from the network, and proceeds to 8007.

[0173] During 8007, the second UE and the AUSF and/or UDM 808 work together to authenticate the user and/or UE. This authentication of 8007 may be triggered (e.g., initiated) by the second UE, although it is understood that other entities may initiate this authentication. [0174] Figure 9 illustrates what may happen in the event that the network does not provision a user identifier at a UE (e.g., during 803). This may be the result, for example, of the UE previously indicating that the UE is unable to perform user authentication, and/or when the network is unable to perform user authentication.

[0175] Figure 9 illustrates a fourth example signaling in an environment in which a user 903 may communicate with a network via at least one of a first UE that comprises a first USIM 901 and a first ME 902, or a second UE that comprises a second USIM 904 and a second ME 905. Figure 9 further illustrates a radio access network (RAN) apparatus 906, an AMF 907, and an AUSF and/or UDM 908. In the example of Figure 9, the AUSF and/or UDM 908 is aware that the first UE is unable to participate in authenticating the user of the first UE.

[0176] During 9001 , the user 903 inputs a user identifier (e.g., an identifier of the user 903) into the first UE via a user input of the first UE, which is received by the first ME 902. This user identifier may be input in response to the ME outputting to the user (e.g., via a display of the second UE) a request for this user identifier.

[0177] During 9002, the first USIM 901 and second ME 902 verify whether the input user identifier of 9001 matches a user identifier received from the network. In this example, the network has not previously provisioned a user identifier at the first UE, and so the first UE determines that the user using the second UE does not have a provisioned service, and may not receive a service from the network. The method proceeds to 9003.

[0178] During 9003, the first UE outputs (e.g., via a user output, such as a display of the first UE) to the user an indication that the user identifier has not been authenticated. This may be provided with an indication as to why the authentication has failed, such as the network is not provisioned with a user identifier.

[0179] In this example of Figure 8 an AUSF and/or UDM uses a home network AUSF key KAUSF, a user parameter update counter and a user parameter update data signaling that has been enhanced to comprise user identifier and a token to authenticate the UE. The key KAUSF is an AKA-specific key that is derived for a specific UE in its home network.

[0180]The token may be generated using KAUSF, the user identifier and a subscriber identifier (e.g., SUPI) in order that the generated token is unique for that particular user and UE subscription. The AUSF and/or UDM may use the enhanced user parameter update procedure with user identifier and MAC-I and sends the user identifier and MAC-1 to the AMF with an expiry timestamp indicating a validity of the authentication procedure. The AMF sends this enhanced user parameter update data with user identifier, token, and expiry timestamp and MAC-1 towards the ME. The user identifier, token, and expiry timestamp may be stored in ME or in USIM.

[0181]When the user authentication with user identifier is subsequently requested by the user, then the UE will verify if the user identifier is matching with stored and received from the user. For the UEs that are not provisioned with a network-provided user identifier, the user authentication cannot be performed by the UE. This latter example is illustrated with respect to Figure 9.

[0182] Figures 10 to 13 provide examples that illustrate how a user may be authenticated by a network function according to a plurality of different methods.

[0183] For brevity and clarity, the following will consider the case of a single UE that is allowed to (e.g., able to) authenticate a user. However, it is understood that the present techniques may be applied in respect of any UE that is allowed to (e.g., able to) authenticate a user.

[0184] Figure 10 illustrates signaling that may be performed between a user 1001 , a first UE comprising a first USIM 1002 and a first ME 1003, a RAN 1004, an AMF 1005, and an AUSF and/or UDM 1006. The operations of Figure 10 may include the operations of at least one of 8006 to 8007.

[0185] During 10001 , the user 1001 may input, to the first UE via a user input of the first UE, an indication to trigger user authentication. This indication may comprise the user identifier.

[0186] During 10002, the first ME 1003 signals the AMF 1005. This signaling may comprise a non-access stratum request. For example, this signaling may comprise a registration request and/or a session establishment request (e.g., a packet data unit (PDU) session establishment request). This signaling may comprise the token and user identifier referred to in Figure 8. This signaling may further comprise the 5G- GUTI.

[0187] During 10003, the AMF 1005 signals the AUSF and/or UDM 1006. This signaling may comprise an authentication request. This authentication request may comprise the token and user identifier of 10002. This authentication request may comprise a subscriber identifier (such as, for example, SUPI).

[0188] During 10004, the AUSF and/or UDM 1006 verifies the token. This verification may be performed by retrieving a token stored in subscription data corresponding to the user at the UDM 1006 and determining that the retrieved token is the same as the received token of 10003. The ALISF and/or UDM 1006 may generate a first nonce (e.g., TNonceuser), and encrypt the first nonce using a user key, K_USer and the token, where K_USer is known to both the user and the network. The AUSF and/or UDM 1006 may generate an integrity message authentication code (MAC) for the user, MAC-l_USer. [0189] During 10005, the AUSF and/or UDM 1006 signals the first ME 1003. This signal may comprise a challenge request for authentication. For example, this signal may comprise an EAP request and/or EAP challenge. The EAP request may comprise a request for the UE to initiate an EAP-AKA procedure. The EAP challenge may comprise a challenge that may be used as part of an EAP-AKA procedure. This signaling may comprise the encrypted first nonce and MAC-l_USer.

[0190] During 10006, the first ME 803 causes a display of the second UE to output a notification to the user 1001 . This notification may cause the user 1001 to enter K_USer into an input of the first UE so that it is received by the first ME 803 during 10007.

[0191] During 10008, the first UE verifies MAC-l_USer. This may be performed using the first nonce and the user identifier. The first UE may therefore cause the encrypted first nonce to be decrypted using the K_USer received during 10007 and using the token. Further, the first UE generates a second nonce, NonceuE, and encrypts the second nonce using the token and K_USer to form an encrypted second nonce. Further, the first UE generates a new integrity MAC, MAC-I, for verifying the first UE to the AUSF and/or UDM 1006.

[0192] During 10009, the first ME 803 signals the AUSF and/or UDM 1006. This signaling may comprise a response to the signaling of 10005. For example, when the signaling of 10005 comprises an EAP request signaling operation, the signaling of 10009 may comprise an EAP challenge signaling operation. Further, when the signaling of 10005 comprises an EAP challenge signaling operation, the signaling of 10009 may comprise an EAP response signaling operation.

[0193] The signaling of 10009 may comprise the first nonce, the encrypted second nonce, and MAC-I.

[0194] During 10010, the AUSF and/or UDM 1006 verifies that the received first nonce is the same as the first nonce generated during 10004. Further, the AUSF and/or UDM decrypts the encrypted second nonce using key K_USer and the token.

[0195] During 10011 , the AUSF and/or UDM and the second ME 1003 exchange messages for completing the authentication process. At least part of this signaling may comprise MAC-1, the second nonce, and an indication that the EAP authentication process has been successful.

[0196] Subsequent to the successful authentication of the user, the second ME 1003 may transmit and/or receive user traffic during 10012.

[0197] The user traffic may be encrypted using a key that is specific to the first UE (e.g., that corresponds to the UE, and not to a specific user of that UE).

[0198] The user traffic may be encrypted using a key that is specific to the user (e.g., that may be used across multiple UE to which the user is providing an input). The key that is specific to the user (Kuser_traffic) may be generated independently by each of the AUSF and/or UDM 1106 and the second ME 1103 using, for example, K_USer, user identifier, a subscriber identifier (e.g., SUPI), and the sequence number (and/or a modified version of the sequence number). Alternatively, Kuser_traffic may be used as an authentication and authorization function key, KAUSF.

[0199] Kuser_traffic may be generated using (e.g., based on) at least one of the following parameters: the user identifier provisioned during Figure 8, SUPI, a sequence number (SQN) independently maintained at the UE and the AUSF and/or UDM, a serving network name (SNN), Tnonce (e.g., an AUSF generated nonce for an authentication challenge), or Ununce (e.g., a user equipment generated nonce for an authentication challenge).

[0200] For example, consider the case where P0 represents the User ID, L0 represents the length of the User ID, P1 represents SUPI, L1 represents the length of SUPI, P2 represents SQN, L2 represents the length of SQN. In this case, P0, P1 , P2, L0, L1 , and/or L2 may be used with root key, Kuser, to generate Kuser_traffic. Similarly, the optional parameter can be used along with above example parameters. [0201]When UE authentication is completed, then the UE’s previous authentication key, Kausf, may be used along with above mentioned parameters to generate Kuser_traffic.

[0202] In this example of Figure 10, a user identifier of the user 1001 and a token is generated by the network and provisioned in the UE. This provisioned user identifier is for the identification of the user at the UE. The token is an access token for a specific user subscription. Stated differently, this token may be SUPI-specific.

[0203] Subsequently, a nonce from a network function is exchanged in an encrypted format, with a user key for decrypting the nonce being known to the user and the network function. The decrypted nonce may be used by the UE to verify a MAC-I received from the network function. Similarly, another nonce is generated at the first UE and encrypted using the user Key, K_USer. This encrypted another nonce is sent, with another MAC-1 generated by the UE, to the network function for verification by the network function. With these steps, the user is authenticated by the network and the network is authenticated by the UE.

[0204] The user authentication procedure of any of Figures 10 to 19 may be triggered to begin by at least one of the user, UE, and/or a core network function (such as the AMF, AUSF, and/or UDM).

[0205] Figure 11 illustrates signaling that may be performed between a user 1101 , a first UE comprising a first USIM 1102 and a first ME 1103, a RAN 1104, an AMF 1105, and an AUSF and/or UDM 1106. The operations of Figure 11 may include the operations of at least one of 8006 to 8007.

[0206] During 11000A, the first UE may complete a primary authentication procedure for authenticating the first UE. It is understood that, in some examples, this primary authentication procedure may be optional. For example, the first UE may not complete the primary authentication procedure in cases in which the user traffic is transmitted using a user-based key encryption method, rather than a UE-based key encryption method.

[0207] During 11000B, the first ME 1103 is provisioned with user profile information from the AUSF and/or UDM 1106. This provisioning may be performed using a user parameter update procedure. This provisioning may be performed using an over-the- air procedure. This provisioning may cause the first ME 1103 to be provisioned with a sequence number, SQNuser, corresponding to the user 1101 , and a user identifier. This provisioning may be performed analogously to the method described above in relation to Figure 8.

[0208] During 11001 , the user 1101 may input, to the first UE via a user input of the first UE, an indication to trigger user authentication. This indication may comprise the user identifier.

[0209] During 11002, the first ME 1103 signals the AMF 1105. This signaling may comprise a non-access stratum request. For example, this signaling may comprise a registration request and/or a session establishment request (e.g., a packet data unit (PDU) session establishment request). This signaling may comprise the user identifier referred to in Figure 8. This signaling may further comprise the 5G-GUTI. [0210] During 11003, the AMF 1105 signals the AUSF and/or UDM 1106. This signaling may comprise an authentication request. This authentication request may comprise the token and user identifier of 11002. This authentication request may comprise a subscriber identifier (such as, for example, SUPI).

[0211] During 11004, the AUSF and/or UDM 1106 generates a user challenge using the sequence number and a user key, K_USer. The sequence number and the user key may be part of subscription information corresponding to the user 1101 that is stored at and/or by the UDM. The user 1101 may have knowledge of the user key and the user identifier (e.g., via an email and/or website notification).

[0212] During 11005, the AUSF and/or UDM 1106 signals the first ME 1103 via the AMF 1105. This signal may comprise a challenge and/or a challenge request for authentication as described above in relation to Figure 10. For example, this signal may comprise an EAP AKA challenge. This signaling may comprise the user challenge.

[0213] During 11006, the first ME 803 causes a display of the second UE to output a notification to the user 1101. This notification may cause the user 1101 to enter K_USer into an input of the first UE so that it is received by the first ME 803 during 11007.

[0214] During 11008, the first UE generates a response to the user challenge using the sequence number and the K_USer received during 1107.

[0215] During 11009, the first ME 803 signals the AUSF and/or UDM 1106 via the AMF 1105. This signaling may comprise a response to the signaling of 11005. For example, when the signaling of 11005 comprises the response to the user challenge generated during 11008. The signaling of 11009 may comprise an EAP response to an AKA’ challenge.

[0216] During 11010, the AUSF and/or UDM 1106 verifies the response to the user challenge received during 11009. This verification may be performed using the K_USer and the sequence number provisioned in the subscription information for the user 1101 at the AUSF and/or UDM 1106.

[0217] During 11011 , the AUSF and/or UDM signals the second ME 1103. This signaling may comprise an indication that the EAP authentication process has been successful.

[0218] Subsequent to the successful authentication of the user, the second ME 1103 may transmit and/or receive user traffic during 11012. [0219] The user traffic may be encrypted using a key that is specific to the first UE (e.g., that corresponds to the UE, and not to a specific user of that UE).

[0220] The user traffic may be encrypted using a key that is specific to the user (e.g., that may be used across multiple UE to which the user is providing an input). The key that is specific to the user (Kuser_traffic) may be generated independently by each of the AUSF and/or UDM 1106 and the second ME 1103 using, for example, K_USer, user identifier, a subscriber identifier (e.g., SUPI), and the sequence number (and/or a modified version of the sequence number). Alternatively, Kuser_traffic may be used as an authentication and authorization function key, KAUSF.

[0221] Kuser_traffic may be generated using (e.g., based on) at least one of the following parameters: the user identifier provisioned during Figure 8, SUPI, a sequence number (SQN) independently maintained at the UE and the AUSF and/or UDM, a serving network name (SNN), Tnonce (e.g., an AUSF generated nonce for an authentication challenge), or Unonce (e.g., a user equipment generated nonce for an authentication challenge).

[0222] For example, consider the case where P0 represents the User ID, L0 represents the length of the User ID, P1 represents SUPI, L1 represents the length of SUPI, P2 represents SQN, L2 represents the length of SQN. In this case, P0, P1 , P2, L0, L1 , and/or L2 may be used with root key, Kuser, to generate Kuser_traffic. Similarly, the optional parameter can be used along with above example parameters. [0223]When UE authentication is completed, then the UE’s previous authentication key, Kausf, may be used along with above mentioned parameters to generate Kuser_traffic.

[0224] In the example of Figure 11 , the user 1101 knows information such as, for example, user identifier and user key KUSER. The UDM 1106 may also store subscription information in user context, the subscription information comprising the user identifier, a sequence number corresponding to the user (SQNUSER), and the user key KUSER. The sequence number and user identifier may be provisioned in UE via over-the-air (OTA) and/or a user parameter update (user parameter update) procedure.

[0225] In the example of Figure 11 , the sequence number may be used to prevent a replay attack. For example, after a first authentication procedure has been performed for the user 1101 and/or a user-specific key has been generated for transmitting using traffic, the first ME and the AUSF and/or UDM may autonomously cause the sequence numbers respectively stored at the first UE and the ALISF and/or UDM to be modified in a predetermined way. A subsequent authentication procedure to be performed for the user may use the modified sequence number for forming the user challenge and response to the user challenge instead of the unmodified sequence number.

[0226] Figure 12 illustrates signaling that may be performed between a user 1201 , a first UE 1202, an AMF 1203, an AUSF 1204, and a UDM 1205. The operations of Figure 12 may include the operations of at least one of 8006 to 8007.

[0227] In the example of Figure 12, before any signaling is performed: the user has knowledge of the user identifier (e.g., NAI) and a secret value (e.g., a secret PIN, such as 1234); the UE is provisioned with the user identifier (e.g., NAI) and a time-limited access credential from the network (e.g., via the signaling of Figure 8); and the AUSF and/or UDM is provisioned with user data (also referred to herein as subscription data) comprising the user identifier (e.g., NAI), the secret value (e.g., secret PIN, such as 1234), and the time-limited access credential.

[0228] During 12000A, the first UE may complete a primary authentication procedure and register with the network comprising the UDM 1206. This may be as described in 3GPP TS 33.501 and TS 23.502. It is understood that, in some examples, this primary authentication procedure may be optional. For example, the first UE may not complete the primary authentication procedure in cases in which the user traffic is transmitted using a user-based key encryption method, rather than a UE-based key encryption method.

[0229] During 12000B, the user 1201 may purchase a user profile subscription with the network. This may cause the user to be provided with a user identifier corresponding to the user (e.g., unique to the user), and a secret value, such as a personal identification value (PIN). The user identifier and secret value may be provided to the user outside of network communication described herein. The UDM may also be provided (e.g., provisioned) with the user identifier and secret value.

[0230] During 12001 , the UDM 1205 determines to provision the first UE 1201 with user information comprised in subscription information available to (e.g., stored at the UDM 1205). The subscription information may comprise, for example, the user identifier, a timebound credential (e.g., a token having a limited validity period), and an indication of an expiration time of the timebound credential. The subscription information may be signaled during 12002 and 12003 using, for example, a user parameter update procedure. [0231] During 12002, the UDM 1205 signals the AMF 1203. This signaling may comprise the subscription information to be provisioned at the UE 1202. This siganling may further comprise an integrity MAC value (e.g., MAC-I) The signaling may be performed using, for example, an Nudm_SDM_Notification service procedure.

[0232] During 12003, the AMF 1203 signals the UE 1202. This signaling may comprise the subscription information and the MAC-I value. This signaling may be conveyed using a user parameter update procedure. This signaling may be provided using, for example, a downlink non-access stratum transport service operation.

[0233] During 12004, the UE 1202 successfully verifies the MAC-I value, and stores the user identifier, timebound credential, and expiration time of the timebound credential in at least one of a USIM and/or ME of the UE 1202.

[0234] During 12005, the user 1201 inputs, to the first UE via a user input of the first UE, an indication to trigger user authentication. This indication may comprise the user identifier and the secret value.

[0235] During 12006, the UE 1202 signals the AMF 1203. This signaling may comprise a non-access stratum request. For example, this signaling may comprise a registration request and/or a session establishment request (e.g., a packet data unit (PDU) session establishment request). This signaling may comprise the user identifier received from the user 1201 . This signaling may further comprise the 5G-GUTI.

[0236] During 12007, the AMF 1203 signals the AUSF 1204. This signaling may comprise an authentication request. This authentication request may comprise the user identifier of 12006. This authentication request may comprise a subscriber identifier (such as, for example, SUPI). The authentication request may comprise an NausfJJEAuthentication request.

[0237] During 12008, the AUSF 1204 signals the UDM 1205. This signaling may comprise a request for subscription information corresponding to the user 1201 . This signaling may comprise the user identifier and a subscriber identifier of the user (e.g., SUPI). This signaling may comprise, for example, an NudmJJEAuthentication service operation.

[0238] During 12009, the UDM 1205 verifies that the user 1201 is allowed to use the subscription identified by the subscriber identifier.

[0239] During 12010, the UDM 1205 signals the AUSF 1204. This signaling may comprise subscription information, such as the timebound credential and the secret value. This signaling may be comprised in an NudmJJE authentication service operation.

[0240] During 12011 , the ALISF 1204 generates a first nonce (e.g., TNonce), and encrypts the first nonce using the secret value and the user identifier. The ALISF 1204 may generate another integrity message authentication code for the user, MAC-1 .

[0241] During 12012, the ALISF 1204 signals the UE 1202. This signaling may comprise an authentication challenge. This signaling may the first nonce and MAC-1. This signaling may comprise an EAP-Request and/or challenge as described above.

[0242] During 12013, the UE 1202 verifies MAC-1 using the user identifier and secret value input by the user 1201 . The first UE further generates a second nonce, Unonce, and uses the second nonce to generate a new integrity MAC, MAC-2, for verifying the first UE to the AUSF 1204.

[0243] During 12014, the first UE 1202 signals the AUSF 1204. This signaling may comprise a response to the signaling of 12012. For example, when the signaling of 12012 comprises an EAP request signaling operation, the signaling of 12014 may comprise an EAP challenge signaling operation. Further, when the signaling of 12012 comprises an EAP challenge signaling operation, the signaling of 12014 may comprise an EAP response signaling operation.

[0244] The signaling of 12014 may comprise the first nonce, the second nonce, and MAC-2.

[0245] During 12015, the AUSF 1204 verifies that the received first nonce is the same as the first nonce generated during 12012, and verifies MAC-2 to authenticate the UE. [0246] During 12016, the AUSF 1204 signals the UE 1202. This signaling may comprise an indication that the EAP authentication process has been successful.

[0247] Subsequent to the successful authentication of the user, the UE 1202 may transmit and/or receive user traffic.

[0248] The user traffic may be encrypted using a key that is specific to the first UE (e.g., that corresponds to the UE, and not to a specific user of that UE). The user traffic may be encrypted using a key that is specific to the user (e.g., that may be used across multiple UE to which the user is providing an input). The key that is specific to the user (Kuser_traffic) may be generated independently by each of the AUSF and/or UDM 1106 and the second ME 1103 using, for example, K_USer, user identifier, a subscriber identifier (e.g., SUPI), and the sequence number (and/or a modified version of the sequence number). Alternatively, Kuser_traffic may be used as an authentication and authorization function key, KAUSF.

[0249] Kuser_traffic may be generated using (e.g., based on) at least one of the following parameters: the user identifier provisioned during Figure 8, SUPI, a sequence number (SQN) independently maintained at the UE and the ALISF and/or UDM, a serving network name (SNN), Tnonce (e.g., an ALISF generated nonce for an authentication challenge), or llnunce (e.g., a user equipment generated nonce for an authentication challenge).

[0250] For example, consider the case where P0 represents the User ID, L0 represents the length of the User ID, P1 represents SUPI, L1 represents the length of SUPI, P2 represents SQN, L2 represents the length of SQN. In this case, P0, P1 , P2, L0, L1 , and/or L2 may be used with root key, Kuser, to generate Kuser_traffic. Similarly, the optional parameter can be used along with above example parameters. [0251]When UE authentication is completed, then the UE’s previous authentication key, Kausf, may be used along with above mentioned parameters to generate Kuser_traffic.

[0252] The secret value of Figure 12 may have a one-time use. The user 1201 may use an app, a portal, or some other method outside of 3GPP to change the one time use secret value during some subsequent authentication operation. The User and the UDM may be considered to generate one-time common shared secret values independently. As another example, the network may be able to generate the secret value, which is subsequently provided to the user via the app, portal, or other means. [0253] The method of Figure 12 may be represented by the following method steps of 0 to 12, where the UE is labelled as UE-B:

0. UE-B is authenticated and registered in the network as defined in TS 33.501 and TS 23502.

1 . User-A bought the subscription from the operator and operator provides User Id and changeable PIN or one time password. User-A is also attached/linked with UE#B. User gets this information via the operator provided portal (outside the scope of 3GPP).

2. UDM decides the provision the User specific information to the UE-B. For this, UDM prepares UPU data with following elements: User id, TimeBoundCredential, expiry associated with the TimeBoundCredential. These credentials are unique per UE and User Id. Please refer to the clause 6.15.2 of TS 33.501 [x] for UPU data preparation and sends the UPU data to UE.

3. Once UE receives the UPU data, then UE validates the MAC and then stores the user information in the USIM/ME.

Step 2 and 3 are repeated for the UEs where User wants to be linked.

4. User logs in the UE-B and provide User Id and PIN.

NOTE: How user logs in the UE-B is outside the scope of 3GPP. Maybe it can be achieved via some operator provided app.

5. Once User logs in the UE-B, the UE-B initiates the NAS registration request where existing 5G-GUTI of the UE-B shall be provided as is and additionally, User id is also provided.

6. If AMF decides to perform the User authentication, the AMF initiates User authentication. For this, AMF sends Nausf_UEAuthentication_Authentication Req with SUPI and User id to AUSF.

7. The AUSF send Nudm_UEAuthentication_Authentication Get request to UDM with SUPI and User id. Based on the subscription data, the UDM authorizes the User-A can use the UE-B. After successful authorization, the UDM provides the TimeBoundCredential and PIN related of user-A to the AUSF.

8. The AUSF sends an EAP challenge packet to UE which contains a TNonce value and a Message Authentication Codel (MAC1 ) derived by using the User key derived using the TimeBoundCredential, PIN and User Id.

9. The UE derives an expected MAC1 (XMAC1 ) of TNonce using User key derived in a similar fashion and compares XMAC1 with the received MAC1. If they match, the network is authenticated by the UE.

The UE generates a UNonce and derives a MAC2 using User key, and with UNonce and TNonce.

10. The UE responds with a EAP Challenge containing UNonce, TNonce and MAC2.

11 . The AUSF derives an expected MAC2 (XMAC2) using User key and with UNonce and TNonce. Compares XMAC2 with the received MAC2. If they match, the UE is authenticated by AUSF.

12: The AUSF sends EAP-SUCCESS message to UE.

[0254] Figure 13 illustrates an example in which a user authentication is performed using a certificate provided by a certification authority. [0255] Figure 13 illustrates signaling that may be performed by a user 1301 , a UE comprising a USIM 1302 and an ME 1303, a RAN 1304, an AMF 1305, an ALISF and/or UDM 1306, and a certification authority 1307.

[0256] 13001 to 13008 relate to method steps that may be performed for provisioning a certificate for authenticating a user by a certification authority.

[0257] During 13001 , the certification authority 1307 and second UE are provisioned with a user identifier of the user 1301 and at least one access credential (e.g., an access token). The provisioning may be performed by the AUSF and/or UDM and/or some other network entity.

[0258] During 13002, the UE performs a UE primary authentication. It is understood that this may be optional, as per the other examples described above.

[0259] 13003 to 13008 relate to provisioning the UE with a certificate to be used during a later user authentication.

[0260] During 13003, the user provides the ME 1303 with the user identifier and the at least one access credential. This may be provided as part of a trigger that causes the ME 1303 to obtain a certificate on behalf of the user. This signaling may be provided in response to a display output by the UE that requests the user 1301 to input this information. The user identifier may comprise a network access identifier.

[0261] During 13004, the ME 1303 creates a private-public key pair corresponding to the user 1301. This may be performed using the user identifier and the at least one access credential. The ME 1303 may further create a certificate signing request (CSR) to send to the certification authority 1307. This CSR may comprise a subject alternative name (SAN) that comprises the user identifier, and that indicates that although the request is sent by a UE, that the certificate is requested for the user identified by the user identifier. The CSR may further comprise the at least one access credential.

[0262] During 13005, the ME signals the certification authority 1307. This signaling may comprise the CSR generated during 13004. For example, this signaling may comprise the SAN that comprises the identifier, and the at least one access credential. [0263] During 13006, the certification authority 1307 verifies the at least one access credential (e.g., by comparing it (or a value derived from the at least one access credential) to at least one access credential managed by the certification authority. The certification authority 1307 may generate a certificate in response to the successful verification of the at least one access credential. The certificate may be time-limited. Stated differently, the certificate may expire after a predetermined time, also referred to herein as an expiry time. The certificate may be generated based on the received user identifier comprised in the SAN. The certificate may comprise the user identifier and/or a subscriber identifier such as a GPSI.

[0264] During 13007, the certification authority 1307 signals the ME 1303. This signaling may comprise the certificate generated during 13006.

[0265] During 13008, the certificate is stored at the USIM 1302 and/or ME 1303.

[0266] 13009 to 13014 relate to a user authentication being performed based on the certificate received during 13007.

[0267] During 13009, the ME 1303 creates a user registration request for registering the user at the network. This user registration request may be generated in response to an input to received from a user input of the UE from the user 1301 . It is understood that the user registration request may be generated in response to any other trigger (e.g., in response to receiving the certificate during 13007).

[0268] During 13010, the ME 1303 signals the AMF 1304. This signaling may comprise the user registration request. This signaling may comprise the user identifier input during 13003. This signaling may comprise the GlITI.

[0269] During 13011 , the AMF 1304 signals the AUSF and/or UDM 1305. This signaling may comprise a user registration request. This signaling may comprise the user identifier received during 13003.

[0270] During 13012, the AUSF and/or UDM 1305 and the UE may perform an EAP procedure using an exchange of client and server certificates. As part of this, the certificate (and/or a part thereof) received during 13007 may be provided to the AUSF and/or UDM 1305 and/or the certification authority 1306.

[0271] During 13013, the AUSF and/or UDM 1305 signals the ME 1303. This signaling may comprise an indication that the EAP authentication procedure of 13012 has been successfully completed. Stated differently, the signaling of 13013 may indicate that the user has been successfully authenticated.

[0272] During 13014, the ME 1303 causes an output to be made to the user (e.g., via a user output, such as a display). This output may indicate that the user has been successfully authenticated. It is understood that where the signaling of 13013 instead indicates that the user has not been authenticated, the output of 13014 may instead indicate that the user has not been authenticated. [0273] During 13015, the certificate of 13007 expires. It is understood that the UE may be provided with an indication of the expiry time of the certificate may be provided to the UE during 13007.

[0274] Figures 14 to 19 illustrate methods that may be performed by apparatus described herein. The features of these apparatus may be further understood with reference to the above examples of Figures 4 to 13. In particular, the apparatus of Figures 14 to 19 may comprise and/or perform functionality analogous to at least one feature described in connection with at least one of Figure 4 to 13.

[0275] It is further understood that, in the following Figures 14 to 19, references to any network function may refer to a core network function, such as at least one of an AMF, an AUSF, a UDM, and/or a virtualised version thereof.

[0276] Figures 14 and 15 illustrate methods that may be performed by interacting apparatus.

[0277] Figure 14 illustrates features that may be performed by an apparatus. The apparatus may be comprised in a communication device, such as described in relation to Figure 3. For example, the apparatus may be comprised in, and/or be, a UE, ME and/or USIM.

[0278] During 1401 , the apparatus obtains, from a user input of the apparatus, a user identifier of a user of the apparatus.

[0279]The user may perform an action that provides the user input (e.g., via a keyboard of the apparatus, and/or display screen of the apparatus, and/or via a microphone of the apparatus). The user input may be considered as an interface between the user and the apparatus.

[0280] During 1402, the apparatus obtains, from the user input, a first input.

[0281]The first input may be received via the user input as part of a same operation that provides the user identifier of 1401. The first input may be received via the user input as part of a different operation to 1401 . The first input may comprise at least one of a secret value, secret user key, and/or sequence that is known to the user and to a network function comprised in a core network to which the apparatus may connect (e.g., to the first network function mentioned in 1403 and/or a certification authority).

[0282] During 1403, the apparatus provides, to a first network function, the user identifier during a registration and/or session establishment request service operation. Stated differently, the user identifier received during 1401 may be provided to the first network function using non-access stratum signalling, such as a registration request for the user, and/or a PDU session establishment request.

[0283] During 1404, the apparatus obtains an authentication challenge from the first network function in response to the registration and/or session establishment request service operation. The authentication challenge may comprise a value to be verified by the apparatus, and/or a request for an authentication challenge to be provided to the first network function from the apparatus.

[0284] During 1405, the apparatus authenticates the first network function using the first input, the user identifier, and the authentication challenge.

[0285]The following illustrates how features of Figure 10 may be implemented in the example of Figure 14.

[0286] The apparatus may be caused to authenticate itself to the first network function in response to receiving at least one challenge. For example, the first input may be a user key, and the authenticating the first network function may further comprise: extracting a first encrypted nonce value and a first message authentication code from the authentication challenge; decrypting the first encrypted nonce value using the user key to obtain a first nonce value; and verifying the first message authentication code as originating from the first network function using the first nonce value.

[0287] The apparatus may further be caused to provide an authentication challenge to the first network function for authenticating the first network function to the apparatus. For example, the apparatus may generate a second nonce value, use the second nonce value to generate a second message authentication code, encrypt the second nonce value using the user key to obtain an encrypted second nonce value, and provide, to the first network function, the first nonce value, the second message authentication code and the encrypted second nonce value as a response to the authentication challenge.

[0288]The following illustrates how features of Figure 11 may be implemented in the example of Figure 14.

[0289] The apparatus may be caused to authenticate itself to the first network function in response to receiving at least one challenge. For example, the first input may be a user key, and the authenticating the first network function may further comprise: extracting a first message authentication code from the authentication challenge; and verifying the first message authentication code as originating from the first network function using a sequence number associated with the user that is maintained at the apparatus and the user identifier.

[0290] The apparatus may further be caused to provide an authentication challenge to the first network function for authenticating the first network function to the apparatus. For example, the apparatus may use the user identifier and the sequence number and/or an incremented version of the sequence number to generate a second message authentication code, and provide, to the first network function, the second message authentication code as a response to the authentication challenge.

[0291]The following illustrates how features of Figure 12 may be implemented in the example of Figure 14.

[0292] The apparatus may be caused to authenticate itself to the first network function in response to receiving at least one challenge. For example, the first input may be a personal identification number of the user, and the authenticating the first network function may further comprise: extracting a first nonce value and a first message authentication code from the authentication challenge; and verifying the first message authentication code as originating from the first network function using the first nonce value, and a limited time duration user secret previously configured at the apparatus. [0293] The apparatus may further be caused to provide an authentication challenge to the first network function for authenticating the first network function to the apparatus. For example, the apparatus may generate a second nonce value, use the second nonce value and the limited time duration user secret to generate a second message authentication code, and provide, to the first network function, the first nonce value, the second message authentication code and the second nonce value as a response to the authentication challenge.

[0294]The apparatus may obtain (e.g., receive) the limited time duration user secret from the first network function during a user parameter update procedure.

[0295] The following illustrates how features of Figure 13 may be implemented in the example of Figure 14.

[0296] In this example, the first input may be an access token (or some other access credential), and the apparatus may obtain, from a certification authority, a certificate by providing the certification authority with the user identifier, wherein the authenticating is performed using the certificate.

[0297]The following may be performed in combination with any of the above disclosure up to the beginning of Figure 14. [0298] The apparatus may encrypt user traffic for transmission using at least one of: a user equipment key corresponding to the apparatus; or the user key. Stated differently, the user traffic that is signalled between from the apparatus to a core network function may be encrypted using a key that is user-equipment-specific, and/or that is userspecific. This may be as described above in relation to Figures 10 to 13.

[0299] The apparatus may output, via a display of the apparatus, at least one of: a request to receive the user identifier; a request to receive the first input; or an indication of whether the user has been successfully authenticated or not. The apparatus may receive the requested information in response to this request via a user input of the apparatus.

[0300] Figure 15 illustrates features that may be performed by an apparatus of a first network function. The first network function of Figure 15 may correspond to the first network function of Figure 14. The apparatus of Figure 15 may be as described in relation to Figure 2.

[0301] During 1501 , the apparatus obtains, from a user equipment by a first network function, a user identifier of a user of the user equipment during a registration and/or session establishment request service operation. Stated differently, the apparatus may obtain (e.g., receive) a user identifier of a (e.g., uniquely corresponding to) the user of the user equipment during a non-access stratum signalling operation

[0302] During 1502, the apparatus provides, to the user equipment, an authentication challenge in response to the registration and/or session establishment request service operation based on the user identifier and subscription information corresponding to the user. The subscription information may be stored at a UDM. The subscription information may be configured at the first network function and/or the UDM by a network operator when the user has purchased a subscription.

[0303]The following illustrates how features of Figure 10 may be implemented in the example of Figure 15.

[0304] The first network may cause the user equipment to be provide with an authentication challenge for enabling the user equipment to authenticate itself to the first network function in response to receiving at least one challenge. For example, the subscription information may be a user key, and the providing the authentication challenge may comprise: encrypting a first nonce value to obtain a first encrypted nonce value; obtaining a first message authentication code using the first encrypted nonce value; and providing the first message authentication code and the first encrypted nonce value to the user equipment in the authentication challenge.

[0305] The apparatus may further be caused to respond to an authentication challenge issued by the user equipment for authenticating the first network function to the user equipment. For example, the apparatus may obtain, from the user equipment, an encrypted second nonce value, the first nonce value, and a second message authentication code; decrypt the second encrypted nonce value using the user key to obtain a second nonce value; and verify the second message authentication code as originating from the user equipment using the second nonce value.

[0306]The following illustrates how features of Figure 11 may be implemented in the example of Figure 15.

[0307] The first network may cause the user equipment to be provide with an authentication challenge for enabling the user equipment to authenticate itself to the first network function in response to receiving at least one challenge. For example, the subscription information may be a user key and a sequence number, and the providing the authentication challenge may comprise: obtaining a first message authentication code using the sequence number and the user key; and providing the first message authentication code to the user equipment in the authentication challenge.

[0308] The apparatus may further be caused to respond to an authentication challenge issued by the user equipment for authenticating the first network function to the user equipment. For example, the apparatus may obtain, from the user equipment, a second message authentication code; and verify the second message authentication code as originating from the user equipment using the user key and the sequence number and/or an incremented version of the sequence number.

[0309]The following illustrates how features of Figure 12 may be implemented in the example of Figure 15.

[0310] The first network may cause the user equipment to be provide with an authentication challenge for enabling the user equipment to authenticate itself to the first network function in response to receiving at least one challenge. For example, the subscription information may be a personal identification number of the user and a limited time duration secret, and the providing the authentication challenge may comprise: generating a first nonce value; using the first nonce value and the limited time duration user secret to generate a first message authentication code; and providing, to the user equipment, the first nonce value, and the first message authentication code in the authentication challenge

[0311]The apparatus may further be caused to respond to an authentication challenge issued by the user equipment for authenticating the first network function to the user equipment. For example, the apparatus may extract, from a response to the authentication challenge, a second nonce value and a second message authentication code, and verify the second message authentication code as originating from the user equipment using the second nonce value, and the limited time duration user secret.

[0312] The apparatus may provide the user equipment with the limited time duration user secret during a user parameter update procedure.

[0313]The following illustrates how features of Figure 13 may be implemented in the example of Figure 15.

[0314] In this example, the subscription information may be an access token, and the apparatus may obtain, from a certification authority, a certificate by providing the certification authority with the user identifier, wherein the providing the authentication challenge is performed using the certificate.

[0315] Figures 16 and 17 illustrate methods that may be performed by interacting apparatus. Figures 16 and 17 illustrate features of the examples of Figures 10 to 11 .

[0316] Figure 16 illustrates features that may be performed by an apparatus. The apparatus may be comprised in a communication device, such as described in relation to Figure 3. For example, the apparatus may be comprised in, and/or be, a UE, ME and/or USIM.

[0317] During 1601 , the apparatus obtains, from a user input of the apparatus, a user identifier of a user of the apparatus.

[0318]The user may perform an action that provides the user input (e.g., via a keyboard of the apparatus, and/or display screen of the apparatus, and/or via a microphone of the apparatus). The user input may be considered as an interface between the user and the apparatus.

[0319] During 1602, the apparatus provides, to a first network function, the user identifier during a registration and/or session establishment request service operation. Stated differently, the user identifier received during 1401 may be provided to the first network function using non-access stratum signalling, such as a registration request for the user, and/or a PDU session establishment request. [0320] During 1603, the apparatus obtains an authentication challenge from the first network function in response to the registration and/or session establishment request service operation. The authentication challenge may comprise a value to be verified by the apparatus, and/or a request for an authentication challenge to be provided to the first network function from the apparatus.

[0321] During 1604, the apparatus obtains, from the user input, a first user key. The first user key may be received via the user input as part of a same operation that provides the user identifier of 1601. The first user key may be received via the user input as part of a different operation to 1601 . The first user key may comprise at least one of a secret value, secret key, and/or sequence that is known to the user and to a network function comprised in a core network to which the apparatus may connect (e.g., to the first network function mentioned in 1602 and/or a certification authority). It is understood that any reference to a user key in Figures 14 to 19 may refer to a userspecific key that is unique to a user, and so may be used across multiple UE.

[0322] During 1605, the apparatus authenticates the first network function using the first user key, and the authentication challenge.

[0323]The following illustrates how features of Figure 10 may be implemented in the example of Figure 16.

[0324] The apparatus may be caused to authenticate itself to the first network function in response to receiving at least one challenge. For example, the authenticating the first network function may further comprise: extracting a first encrypted nonce value and a first message authentication code from the authentication challenge; decrypting the first encrypted nonce value using the user key to obtain a first nonce value; and verifying the first message authentication code as originating from the first network function using the first nonce value.

[0325] The apparatus may further be caused to provide an authentication challenge to the first network function for authenticating the first network function to the apparatus. For example, the apparatus may generate a second nonce value, use the second nonce value to generate a second message authentication code, encrypt the second nonce value using the user key to obtain an encrypted second nonce value, and provide, to the first network function, the first nonce value, the second message authentication code and the encrypted second nonce value as a response to the authentication challenge. [0326]The following illustrates how features of Figure 11 may be implemented in the example of Figure 16.

[0327] The apparatus may be caused to authenticate itself to the first network function in response to receiving at least one challenge. For example, the authenticating the first network function may further comprise: extracting a first message authentication code from the authentication challenge; and verifying the first message authentication code as originating from the first network function using a sequence number associated with the user that is maintained at the apparatus and the user identifier.

[0328] The apparatus may further be caused to provide an authentication challenge to the first network function for authenticating the first network function to the apparatus. For example, the apparatus may use the user identifier and the sequence number and/or an incremented version of the sequence number to generate a second message authentication code, and provide, to the first network function, the second message authentication code as a response to the authentication challenge.

[0329]The following may be performed in combination with any of the above disclosure up to the beginning of Figure 16.

[0330] The apparatus may encrypt user traffic for transmission using at least one of: a user equipment key corresponding to the apparatus; or the user key. Stated differently, the user traffic that is signalled between from the apparatus to a core network function may be encrypted using a key that is user-equipment-specific, and/or that is userspecific. This may be as described above in relation to Figures 10 to 13.

[0331]The apparatus may output, via a display of the apparatus, at least one of: a request to receive the user identifier; a request to receive the first input; or an indication of whether the user has been successfully authenticated or not. The apparatus may receive the requested information in response to this request via a user input of the apparatus.

[0332] Figure 17 illustrates features that may be performed by an apparatus of a first network function. The first network function of Figure 17 may correspond to the first network function of Figure 16. The apparatus of Figure 17 may be as described in relation to Figure 2.

[0333] During 1701 , the apparatus obtains, from a user equipment at a first network function, a user identifier identifying a user of the user equipment during a registration and/or session establishment request service operation. Stated differently, the apparatus may obtain (e.g., receive) a user identifier of a (e.g., uniquely corresponding to) the user of the user equipment during a non-access stratum signalling operation [0334] During 1702, the apparatus provides, to the user equipment, an authentication challenge in response to the registration and/or session establishment request service operation based on the user identifier and subscription information corresponding to the user, wherein the subscription information comprises a first user key.

[0335] . The subscription information may be stored at a UDM. The subscription information may be configured at the first network function and/or the UDM by a network operator when the user has purchased a subscription.

[0336]The following illustrates how features of Figure 10 may be implemented in the example of Figure 17.

[0337] The first network may cause the user equipment to be provide with an authentication challenge for enabling the user equipment to authenticate itself to the first network function in response to receiving at least one challenge. For example, the subscription information may be a user key, and the providing the authentication challenge may comprise: encrypting a first nonce value to obtain a first encrypted nonce value; obtaining a first message authentication code using the first encrypted nonce value; and providing the first message authentication code and the first encrypted nonce value to the user equipment in the authentication challenge.

[0338] The apparatus may further be caused to respond to an authentication challenge issued by the user equipment for authenticating the first network function to the user equipment. For example, the apparatus may obtain, from the user equipment, an encrypted second nonce value, the first nonce value, and a second message authentication code; decrypt the second encrypted nonce value using the user key to obtain a second nonce value; and verify the second message authentication code as originating from the user equipment using the second nonce value.

[0339]The following illustrates how features of Figure 11 may be implemented in the example of Figure 17.

[0340] The first network may cause the user equipment to be provide with an authentication challenge for enabling the user equipment to authenticate itself to the first network function in response to receiving at least one challenge. For example, the subscription information may be a user key and a sequence number, and the providing the authentication challenge may comprise: obtaining a first message authentication code using the sequence number and the user key; and providing the first message authentication code to the user equipment in the authentication challenge.

[0341]The apparatus may further be caused to respond to an authentication challenge issued by the user equipment for authenticating the first network function to the user equipment. For example, the apparatus may obtain, from the user equipment, a second message authentication code; and verify the second message authentication code as originating from the user equipment using the user key and the sequence number and/or an incremented version of the sequence number.

[0342] Figures 18 and 19 illustrate methods that may be performed by interacting apparatus. Figures 18 and 19 illustrate features of the examples of Figures 12 and 13. [0343] Figure 18 illustrates features that may be performed by an apparatus. The apparatus may be comprised in a communication device, such as described in relation to Figure 3. For example, the apparatus may be comprised in, and/or be, a UE, ME and/or USIM.

[0344] During 1801 , the apparatus obtains, from a first network function, a limited time duration user secret corresponding to a user identifier of a user of the apparatus. The limited time duration user secret may comprise an access credential having an expiry time, and/or a certificate having an expiry time. This is further discussed below. The user secret is time-limited in that it has an associated expiry time, after which the user secret can no longer be used to authenticate the user.

[0345] During 1802, the apparatus obtains, from a user input of the apparatus, the user identifier and a first input. The user may perform an action that provides the user input (e.g., via a keyboard of the apparatus, and/or display screen of the apparatus, and/or via a microphone of the apparatus). The user input may be considered as an interface between the user and the apparatus.

[0346] The first input may be received via the user input as part of a same operation that provides the user identifier. The first input may be received via the user input as part of a different operation to when the user identifier is provided. The first input may comprise at least one of a secret value, secret key, and/or sequence that is known to the user and to a network function comprised in a core network to which the apparatus may connect (e.g., to the second network function mentioned in 1803, the first network function, and/or a certification authority).

[0347] During 1803, the apparatus provides, to a second network function, the user identifier during a registration and/or session establishment request service operation. Stated differently, the user identifier received during 1802 may be provided to the first network function using non-access stratum signaling, such as a registration request for the user, and/or a PDU session establishment request.

[0348] During 1804, the apparatus obtains an authentication challenge from the second network function in response to the registration and/or session establishment request service operation. The authentication challenge may comprise a value to be verified by the apparatus, and/or a request for an authentication challenge to be provided to the first network function from the apparatus.

[0349] During 1805, the apparatus authenticates the second network function using the limited time duration user secret, the first input, the user identifier, and the authentication challenge.

[0350] The first input may comprise a personal identification number corresponding to a subscription of the user.

[0351]The obtaining the limited time duration user secret may comprise receiving a user parameter update procedure comprising indications of the limited time duration user secret, an expiry time for the limited time duration user secret, and the user identifier.

[0352]The obtaining the user identifier from the user input may comprise: outputting, via a user output of the apparatus, a request for the user identifier and a secret code; and receiving, via a user input of the apparatus, the user identifier and the first input.

[0353] The authenticating the first network function may comprise: extracting a first nonce value and a first message authentication code from the authentication challenge; deriving the first message authentication code using the extracted first nonce value, the identity of the user, the first input, and the limited time duration user secret; and determining that the first network function is successfully authenticated when the derived message authentication code equals the extracted first message authentication code.

[0354] The authentication challenge may comprise a first nonce value, and the apparatus may, subsequent to authenticating the first network function: determine a second message authentication code for enabling the first network function to authenticate the apparatus based on a second nonce value; and provide the second message authentication code, second nonce value, and first nonce value to the first network function.

[0355] The first and second network functions may be a same network function. [0356] When the first network function comprises a certification authority and the second network function comprises a network function, the limited time duration user secret may comprise a certificate. In this case, which reflects the example of Figure 13, the obtaining the limited time duration user secret corresponding to the user identifier may be performed after the providing, to the first network function, the user identifier.

[0357] Figure 19 illustrates features that may be performed by an apparatus of a first network function. The first network function of Figure 19 may correspond to the first network function of Figure 18. The apparatus of Figure 19 may be as described in relation to Figure 2.

[0358] During 1901 , the apparatus obtains, from a user equipment at a first network function, a user identifier identifying a user of the user equipment during a registration and/or session establishment request service operation. Stated differently, the apparatus may obtain (e.g., receive) a user identifier of a (e.g., uniquely corresponding to) the user of the user equipment during a non-access stratum signalling operation.

[0359] During 1902, the apparatus provides, to the user equipment, an authentication challenge in response to the registration and/or session establishment request service operation based on subscription information for the user, the subscription information comprising, a limited time duration user secret. The subscription information may be stored at a UDM. The subscription information may be configured at the first network function and/or the UDM by a network operator when the user has purchased a subscription.

[0360]The subscription information may comprise a personal identification number of the user.

[0361]The apparatus may provide the user equipment with the limited time duration user secret and an indication of an expiry time of the limited time duration user secret via a user parameter update procedure.

[0362]When the subscription information is a personal identification number of the user and a limited time duration secret, the providing the authentication challenge may comprise: generating a first nonce value; using the first nonce value and the limited time duration user secret to generate a first message authentication code; and providing, to the user equipment, the first nonce value, and the first message authentication code in the authentication challenge. [0363] The apparatus may extract, from a response to the authentication challenge, a second nonce value and a second message authentication code, and verify the second message authentication code as originating from the user equipment using the second nonce value, and the limited time duration user secret.

[0364] The apparatus may provide the user equipment with the limited time duration user secret during a user parameter update procedure.

[0365] The first and second network functions may be the same network function.

[0366]The first network function may comprises a certification authority. The second network function may comprise a network function. The limited time duration user secret may comprise a certificate.

[0367]The following may apply in respect of any (e.g., one or more, including all) of the examples of Figures 14 to 19.

[0368] As mentioned above, at least one of the apparatus and the first network function may provide the other entity with an indication as to whether or not the apparatus (and/or the first network function) is able to perform and/or allow user authentication using a user input received from a user. Stated differently, the signalling of at least one of Figures 4 to 7 may be performed. Stated differently, capability information may be provided from the apparatus to the first network function (or vice versa) that indicates whether or not the apparatus (and/or the first network function) is able to perform and/or allow user authentication using a user input received from a user.

[0369] Consequently, the apparatus may provide to the first network function, an indication that the apparatus is configured to authenticate the user using a user input. [0370]Analogously, the first network function may provide to the apparatus, an indication that the first network function is configured to authenticate the user.

[0371] Similarly, the apparatus may provide to the first network function, an indication that the apparatus is not configured to authenticate the user to the network using a user input.

[0372] Further, the first network function may provide to the apparatus, an indication that the first network function is not configured to allow user authentication using a user input provided by a user.

[0373] When both the apparatus and first network function are able to perform and/or allow user authentication using a user input, the first network function may cause the apparatus to be provisioned with a user identifier corresponding to the user. This may be as described above with reference to Figure 8. [0374] Stated differently, before providing the user identifier to the first network function during a registration and/or session management request service operation, the apparatus may obtain from the first network function, an identifier of the user, and verify the user of the apparatus by determining that the obtained identifier of the user from the first network function is the same as the user identifier obtained from the user input.

[0375] The identifier of the user obtained from the first network function may be received with an access token (and/or some other type of access credential) and an indication of an expiry time corresponding to the access token. In this case. In such a case, the authenticating the first network function may further comprise authenticating the first network function using the access token before the expiry time.

[0376] It is understood that references in the above to various network functions (e.g., to an AMF, an SMF, TNF etc.) may comprise apparatus that perform at least some of the functionality associated with those network functions. Further, an apparatus comprising a network function may comprise a virtual network function instance of that network function.

[0377] It should be understood that the apparatuses may comprise or be coupled to other units or modules etc., such as radio parts or radio heads, used in or for transmission and/or reception. Although the apparatuses have been described as one entity, different modules and memory may be implemented in one or more physical or logical entities.

[0378] It is noted that whilst some embodiments have been described in relation to 5G networks, similar principles can be applied in relation to other networks and communication systems. Therefore, although certain embodiments were described above by way of example with reference to certain example architectures for wireless networks, technologies and standards, embodiments may be applied to any other suitable forms of communication systems than those illustrated and described herein. [0379] It is also noted herein that while the above describes example embodiments, there are several variations and modifications which may be made to the disclosed solution without departing from the scope of the present invention.

[0380] As used herein, “at least one of the following: <a list of two or more elements>” and “at least one of <a list of two or more elements>” and similar wording, where the list of two or more elements are joined by “and” or “or”, mean at least any one of the elements, or at least any two or more of the elements, or at least all the elements. [0381] In general, the various embodiments may be implemented in hardware or special purpose circuitry, software, logic or any combination thereof. Some aspects of the disclosure may be implemented in hardware, while other aspects may be implemented in firmware or software which may be executed by a controller, microprocessor or other computing device, although the disclosure is not limited thereto. While various aspects of the disclosure may be illustrated and described as block diagrams, flow charts, or using some other pictorial representation, it is well understood that these blocks, apparatus, systems, techniques or methods described herein may be implemented in, as non-limiting examples, hardware, software, firmware, special purpose circuits or logic, general purpose hardware or controller or other computing devices, or some combination thereof.

[0382]As used herein, the term “circuitry” may refer to one or more or all of the following:

(a) hardware-only circuit implementations (such as implementations in only analog and/or digital circuitry) and

(b) combinations of hardware circuits and software, such as (as applicable):

(i) a combination of analog and/or digital hardware circuit(s) with software/firmware and

(ii) any portions of hardware processor(s) with software (including digital signal processor(s)), software, and memory(ies) that work together to cause an apparatus, such as a mobile phone or server, to perform various functions) and

(c) hardware circuit(s) and or processor(s), such as a microprocessor(s) or a portion of a microprocessor(s), that requires software (e.g., firmware) for operation, but the software may not be present when it is not needed for operation.”

[0383]This definition of circuitry applies to all uses of this term herein, including in any claims. As a further example, as used herein, the term circuitry also covers an implementation of merely a hardware circuit or processor (or multiple processors) or portion of a hardware circuit or processor and its (or their) accompanying software and/or firmware. The term circuitry also covers, for example and if applicable to the particular claim element, a baseband integrated circuit or processor integrated circuit for a mobile device or a similar integrated circuit in server, a cellular network device, or other computing or network device.

[0384]The embodiments of this disclosure may be implemented by computer software executable by a data processor of the mobile device, such as in the processor entity, or by hardware, or by a combination of software and hardware. Computer software or program, also called program product, including software routines, applets and/or macros, may be stored in any apparatus-readable data storage medium and they comprise program instructions to perform particular tasks. A computer program product may comprise one or more computer-executable components which, when the program is run, are configured to carry out embodiments. The one or more computer-executable components may be at least one software code or portions of it. [0385] Further in this regard it should be noted that any blocks of the logic flow as in the Figures may represent program steps, or interconnected logic circuits, blocks and functions, or a combination of program steps and logic circuits, blocks and functions. The software may be stored on such physical media as memory chips, or memory blocks implemented within the processor, magnetic media such as hard disk or floppy disks, and optical media such as for example DVD and the data variants thereof, CD. The physical media is a non-transitory media.

[0386] The term “non-transitory,” as used herein, is a limitation of the medium itself (i.e., tangible, not a signal ) as opposed to a limitation on data storage persistency (e.g., RAM vs. ROM).

[0387] The memory may be of any type suitable to the local technical environment and may be implemented using any suitable data storage technology, such as semiconductor based memory devices, magnetic memory devices and systems, optical memory devices and systems, fixed memory and removable memory. The data processors may be of any type suitable to the local technical environment, and may comprise one or more of general purpose computers, special purpose computers, microprocessors, digital signal processors (DSPs), application specific integrated circuits (ASIC), FPGA, gate level circuits and processors based on multi core processor architecture, as non-limiting examples.

[0388]Various example embodiments of the disclosure may be practiced in various components such as integrated circuit modules. The design of integrated circuits is by and large a highly automated process. Complex and powerful software tools are available for converting a logic level design into a semiconductor circuit design ready to be etched and formed on a semiconductor substrate.

[0389]The scope of protection sought for various example embodiments of the disclosure is set out by the independent claims. The example embodiments and features thereof, if any, described in this disclosure that do not fall under the scope of the independent claims are to be interpreted as examples useful for understanding various example embodiments of the disclosure.

[0390]The foregoing description has provided, by way of non-limiting and illustrative examples, a full and informative description of the various example embodiments of this disclosure. However, various modifications and adaptations may become apparent to those skilled in the relevant arts in view of the foregoing description, when read in conjunction with the accompanying drawings and the claims. However, all such and similar modifications of the teachings will still fall within the various example embodiments of the disclosure as set forth in the claims. By way of non-limiting and illustrative example, there is a further example embodiment comprising a combination of one or more example embodiments with any of the other example embodiments previously discussed.

Claims

CLAIMS:

1 ) An apparatus comprising means for performing: obtaining, from a user input of the apparatus, a user identifier of a user of the apparatus; providing, to a first network function, the user identifier during a registration and/or session establishment request service operation; obtaining an authentication challenge from the first network function in response to the registration and/or session establishment request service operation; obtaining, from the user input, a first user key; and authenticating the first network function using the first user key, and the authentication challenge.

2) An apparatus as claimed in any preceding claim, further comprising means for: providing, to the first network function, an indication that the apparatus is configured to authenticate the user.

3) An apparatus as claimed in claim 2, further comprising means for, before providing the user identifier to the first network function during a registration and/or session management request service operation: obtaining, from the first network function, an identifier of the user; and verifying the user of the apparatus by determining that the obtained identifier of the user from the first network function is the same as the user identifier obtained from the user input.

4) An apparatus as claimed in claim 3, wherein the identifier of the user obtained from the first network function is received with an access token and an indication of an expiry time corresponding to the access token, and the means for authenticating the first network function further comprises means for authenticating the first network function using the access token before the expiry time. 5) An apparatus as claimed in any preceding claim, wherein the authenticating the first network function further comprises: extracting a first encrypted nonce value and a first message authentication code from the authentication challenge; decrypting the first encrypted nonce value using the user key to obtain a first nonce value; and verifying the first message authentication code as originating from the first network function using the first nonce value.

6) An apparatus as claimed in claim 5, further comprising means for performing: generating a second nonce value; using the second nonce value to generate a second message authentication code; encrypting the second nonce value using the user key to obtain an encrypted second nonce value; and providing, to the first network function, the first nonce value, the second message authentication code and the encrypted second nonce value as a response to the authentication challenge.

7) An apparatus as claimed in any of claims 1 to 4, wherein the authenticating the first network function further comprises: extracting a first message authentication code from the authentication challenge; and verifying the first message authentication code as originating from the first network function using a sequence number associated with the user that is maintained at the apparatus and the user identifier.

8) An apparatus as claimed in claim 7, further comprising means for performing: using the user identifier and the sequence number and/or an incremented version of the sequence number to generate a second message authentication code; and providing, to the first network function, the second message authentication code as a response to the authentication challenge. 9) An apparatus as claimed in any preceding claim, further comprising means for performing: encrypting user traffic for transmission using at least one of: a user equipment key corresponding to the apparatus; or the user key.

10) An apparatus as claimed in any preceding claim, further comprising means for outputting, via a display of the apparatus, at least one of: a request to receive the user identifier; a request to receive the first input; or an indication of whether the user has been successfully authenticated or not.

11 ) An apparatus comprising means for performing: obtaining, from a user equipment at a first network function, a user identifier identifying a user of the user equipment during a registration and/or session establishment request service operation; and providing, to the user equipment, an authentication challenge in response to the registration and/or session establishment request service operation based on the user identifier and subscription information corresponding to the user, wherein the subscription information comprises a first user key.

12) An apparatus as claimed in claim 11 , further comprising means for: obtaining, from the user equipment, an indication that the apparatus is configured to authenticate the user.

13) An apparatus as claimed in claim 12, further comprising means for, before obtaining the user identifier during the registration and/or session management request service operation: providing, to the user equipment, an identifier of the user. 14) An apparatus as claimed in claim 13, wherein the identifier of the user is provided with an access token and an indication of an expiry time corresponding to the access token.

15) An apparatus as claimed in any of claims 11 to 14, wherein the subscription information is a user key, and the providing the authentication challenge comprises: encrypting a first nonce value to obtain a first encrypted nonce value; obtaining a first message authentication code using the first encrypted nonce value; and providing the first message authentication code and the first encrypted nonce value to the user equipment in the authentication challenge.

16) An apparatus as claimed in claim 15, further comprising means for performing: obtaining, from the user equipment, an encrypted second nonce value, the first nonce value, and a second message authentication code; decrypting the second encrypted nonce value using the user key to obtain a second nonce value; and verifying the second message authentication code as originating from the user equipment using the second nonce value.

17) An apparatus as claimed in any of claims 11 to 16, wherein the subscription information is a user key and a sequence number, and the providing the authentication challenge comprises: obtaining a first message authentication code using the sequence number and the user key; and providing the first message authentication code to the user equipment in the authentication challenge.

18) An apparatus as claimed in claim 17, further comprising means for performing: obtaining, from the user equipment, a second message authentication code; and verifying the second message authentication code as originating from the user equipment using the user key and the sequence number and/or an incremented version of the sequence number.

19) A method for an apparatus, the method comprising: obtaining, from a user input of the apparatus, a user identifier of a user of the apparatus; providing, to a first network function, the user identifier during a registration and/or session establishment request service operation; obtaining an authentication challenge from the first network function in response to the registration and/or session establishment request service operation; obtaining, from the user input, a first user key; and authenticating the first network function using the first user key, and the authentication challenge.

20) A method for an apparatus, the method comprising: obtaining, from a user equipment at a first network function, a user identifier identifying a user of the user equipment during a registration and/or session establishment request service operation; and providing, to the user equipment, an authentication challenge in response to the registration and/or session establishment request service operation based on the user identifier and subscription information corresponding to the user, wherein the subscription information comprises a first user key.

21 ) A computer program comprising instructions which, when the program is executed by a computer of an apparatus, cause the computer to carry out: obtaining, from a user input of the apparatus, a user identifier of a user of the apparatus; providing, to a first network function, the user identifier during a registration and/or session establishment request service operation; obtaining an authentication challenge from the first network function in response to the registration and/or session establishment request service operation; obtaining, from the user input, a first user key; and authenticating the first network function using the first user key, and the authentication challenge.

22) A computer program comprising instructions which, when the program is executed by a computer of an apparatus, cause the computer to carry out: obtaining, from a user equipment at a first network function, a user identifier identifying a user of the user equipment during a registration and/or session establishment request service operation; and providing, to the user equipment, an authentication challenge in response to the registration and/or session establishment request service operation based on the user identifier and subscription information corresponding to the user, wherein the subscription information comprises a first user key.