Increasingly, public safety agencies utilize mobile wireless devices, including, for example, smart phones and tablet computers. The wireless devices operate on wireless data communications networks, using protocols including, for example, long term evolution (LTE), 2G, 3G, 4G, and 5G. These networks and wireless devices can be used by public safety first responders to ensure effective interagency response to emergency or similar incidents. When public safety agencies respond in environments where there is no fixed network service, for example, rural areas, wilderness areas, or areas where catastrophic events have disabled pre-existing networks, deployable wireless communications networks can be used to establish or re-establish secure data networks for public safety use. A deployable wireless communications network can include components of a radio access network (RAN), the enhanced packet core (EPC), and packet data networks (PDNs) that contain applications and services utilized by the wireless devices.
Existing network authentication methods use shared symmetric keys (Ki) and require access to a home subscriber server (HSS) for authentication. The wireless devices store their shared symmetric keys on a physically secured universal integrated circuit card (UICC). The shared symmetric key is also stored at, and is associated with, a home subscriber server. At an incident scene or remote location where there is no fixed network service, there are few, if any, options for connecting visiting wireless devices with their corresponding home subscriber servers. In order to provide remotely operable wireless data communications networks, the deployable wireless data communications networks have their own local home subscriber servers. In order to support isolated, securely-authenticated service operation, sensitive security information for each wireless device (e.g., a shared symmetric key) from multiple remote home subscriber server databases, must be replicated on the local home subscriber server. In some cases, it may not be possible to acquire this data, and duplicating the data poses security risks. Therefore, existing authentication methods are not practical where users from multiple agencies require their wireless devices to access the same deployable wireless data communications network.
Accordingly, there is a need for bootstrapping secure connections for deployable networks.
Skilled artisans will appreciate that elements in the figures are illustrated for simplicity and clarity and have not necessarily been drawn to scale. For example, the dimensions of some of the elements in the figures may be exaggerated relative to other elements to help to improve understanding of embodiments of the present invention.
The apparatus and method components have been represented where appropriate by conventional symbols in the drawings, showing only those specific details that are pertinent to understanding the embodiments of the present invention so as not to obscure the disclosure with details that will be readily apparent to those of ordinary skill in the art having the benefit of the description herein.