Field
The present disclosure relates generally to an improved key hierarchy for a cellular network.
Background
A current cellular network architecture 100, shown in FIG. 1, uses a mobility management entity (MME) 110 to implement procedures for controlling access to the cellular network by a user equipment (UE) 120. Typically, the MME 110 is owned and operated by a network service provider (system operator) as a core network 102 element, and is located in a secure location controlled by the network service provider. The core network 102 has a control plane including a Home Subscriber Server (HSS) 130 and the MME 110, and a user plane including a Packet Data Network (P-DN) Gateway (PGW) 140 and a Serving Gateway (S-GW) 150. The MME 110 is connected to radio access node 160 (e.g., an evolved Node B (eNB)). The RAN 160 provides radio interfaces (e.g., radio resource control (RRC) 180 and packet data convergence protocol (PDCP)/radio link control (RLC) 190) with the UE 120.
In future cellular network architectures it is envisioned that the MMEs 110 or network components that perform many of the functions of the MMEs 110 will be pushed out towards the network edge where they are less secure either because they are physically more accessible and/or are not isolated from other network operators. As network functions are moved to, for example, the cloud (e.g., internet), it may not be assumed that they are secure because they may have a lower level of physical isolation, or no physical isolation. Further, network equipment may not be owned by a single network service provider. As an example, multiple MME instances may be hosted within a single physical hardware device. As a result, the keys sent to the MMEs may need refreshing more frequently and hence it may not be advisable to forward the authentication vectors (AVs) to the MMEs.
There is a need for improved apparatuses and methods that provide additional security for the cellular network architectures of the future where MME functions are performed close to the network edge.