US 12,328,305 B2
Method, device, and system for anchor key generation and management in a communication network for encrypted communication with service applications
Shilin You, Guangdong (CN); Jiyan Cai, Guangdong (CN); Jin Peng, Guangdong (CN); Wantao Yu, Guangdong (CN); Yuze Liu, Guangdong (CN); Zhaoji Lin, Guangdong (CN); Yuxin Mao, Guangdong (CN); and Jigang Wang, Guangdong (CN)
Assigned to ZTE Corporation, Shenzhen (CN)
Filed by ZTE Corporation, Guangdong (CN)
Filed on Jul. 6, 2022, as Appl. No. 17/858,271.
Application 17/858,271 is a continuation of application No. PCT/CN2020/072444, filed on Jan. 16, 2020.
Prior Publication US 2022/0368684 A1, Nov. 17, 2022
Int. Cl. H04L 9/40 (2022.01); H04L 9/08 (2006.01)
CPC H04L 63/062 (2013.01) [H04L 9/0861 (2013.01); H04L 63/0428 (2013.01); H04L 63/08 (2013.01)] 17 Claims
OG exemplary drawing
 
1. A method for generation of an anchor key in a network device in a communication network, the method being performed by the network device and comprising:
obtaining a subscription data packet associated with an application security subscription of a user network module to an anchor key management service, the anchor key management service being user-subscribable separate from a subscription to accessing the communication network;
extracting from the subscription data packet a subscription dataset, wherein the subscription dataset comprises a subscription permanent identifier, SUPI, and an identifier of an application key management network node in the communication network that is associated with a service application;
generating a base authentication key upon successful completion of an authentication process for registering the user network module with the communication network;
generating the anchor key based on the base authentication key and the SUPI;
generating a unique identifier for the anchor key based on the identifier of the application key management network node; and
wherein the anchor key is used for a user equipment associated with the user network module and the service application to generate an application encryption key for encrypted communication therebetween.