WO2017102249A1

WO2017102249A1 - Authentication in wireless system

Info

Publication number: WO2017102249A1
Application number: PCT/EP2016/078120
Authority: WO
Inventors: Srinivasan Selvaganapathy; Amaanat ALI; Mikko Saily; Juho Mikko Oskari Pirskanen; Sofonias HAILU
Original assignee: Nokia Solutions And Networks Oy
Priority date: 2015-12-18
Filing date: 2016-11-18
Publication date: 2017-06-22

Abstract

There is provided a solution for authenticating a terminal device. According to an aspect, a method comprises: receiving, by a network element, a random access initiation message from a terminal device; in response to the reception of the random access initiation message, authenticating the terminal device by the network element by using a message exchanged between the network element and the terminal device during a random access procedure associated with the random access initiation message.

Description

DESCRIPTION

TITLE

Authentication in Wireless System

TECHNICAL FIELD

The invention relates to wireless communications and, particularly, authentication of a terminal device in a wireless communication system.

BACKGROUND

Increasing demand for wireless communication services is constantly increasing and, as a result, traffic in cellular communication systems is also increasing. Optimization of performance of cellular communications is under constant development, and new evolution versions of cellular communication systems are designed. Some targets of the development are higher throughput and lower latencies in data transmissions.

Authentication may refer to verification of an identity of a terminal device associated with an access node. In some contexts, the authentication is used in association with integrity protection.

BRIEF DESCRIPTION

According to an aspect, there is provided the subject matter of the independent claims. Some embodiments are defined in the dependent claims.

One or more examples of implementations are set forth in more detail in the

accompanying drawings and the description below. Other features will be apparent from the description and drawings, and from the claims.

BRIEF DESCRIPTION OF DRAWINGS

In the following embodiments will be described in greater detail with reference to the attached drawings, in which Figure 1 illustrates a wireless communication system to which embodiments of the invention may be applied;

Figures 2 and 3 illustrate flow diagrams of processes for early authentication of a terminal device;

Figures 4 and 5 illustrate signaling diagrams of procedures for authenticating a terminal device by using a message received from the terminal device during a random access procedure according to some embodiments of the invention; Figure 6 illustrates an embodiment where an access node employs a core network element for performing the early authentication according to an embodiment of the invention;

Figure 7 illustrates an embodiment where a message transmitted from an access node to the terminal device is used for authenticating the terminal device in an implicit manner;

Figure 8 illustrates an embodiment where the early authentication is combined with early grant of uplink data transmission resources according to an embodiment of the invention; and

Figures 9 and 10 illustrate block diagrams of structures of apparatuses according to some embodiments of the invention.

DETAILED DESCRIPTION OF SOME EMBODIMENTS

The following embodiments are exemplifying. Although the specification may refer to "an", "one", or "some" embodiment(s) in several locations of the text, this does not necessarily mean that each reference is made to the same embodiment(s), or that a particular feature only applies to a single embodiment. Single features of different embodiments may also be combined to provide other embodiments.

Embodiments described may be implemented in a radio system, such as in at least one of the following: Universal Mobile Telecommunication System (UMTS, 3G) based on basic wideband-code division multiple access (W-CDMA), high-speed packet access (HSPA), Long Term Evolution (LTE), LTE-Advanced, and/or 5G system. The present embodiments are not, however, limited to these systems.

The embodiments are not, however, restricted to the system given as an example but a person skilled in the art may apply the solution to other communication systems provided with necessary properties. One example of a suitable communications system is the 5G system, as listed above. 5G is likely to use multiple-input-multiple-output (Ml MO) multi- antenna transmission techniques, many more base stations or nodes than the current network deployments of LTE (a so-called small cell concept), including macro sites operating in co-operation with smaller local area access nodes and perhaps also employing a variety of radio technologies for better coverage and enhanced data rates. 5G will likely be comprised of more than one radio access technology (RAT), each optimized for certain use cases and/or spectrum. 5G mobile communications will have a wider range of use cases and related applications including video streaming, augmented reality, different ways of data sharing and various forms of machine type applications, including vehicular safety, different sensors and real-time control. 5G is expected to have multiple radio interfaces, namely below 6GHz, cmWave and mmWave, and also being applicable to operating with or integrating to existing legacy radio access technologies, such as the LTE. Integration with the LTE may be implemented, at least in the early phase, as a system, where macro coverage is provided by the LTE and 5G radio interface access comes from small cells by aggregation to the LTE. In other words, 5G is planned to support both inter-RAT operability (such as LTE-5G) and inter-RI operability (inter-radio interface operability, such as below 6GHz - cmWave, below 6GHz - cmWave - mmWave). One of the concepts considered to be used in 5G networks is network slicing in which multiple independent and dedicated virtual sub-networks (network instances) may be created within the same infrastructure to run services that have different requirements on latency, reliability, throughput and mobility.

It should be appreciated that future networks will most probably utilize network functions virtualization (NFV) which is a network architecture concept that proposes virtualizing network element functions into "building blocks" or entities that may be operationally connected or linked together to provide services. A virtualized network function (VNF) may comprise one or more virtual machines running computer program codes using standard or general type servers instead of customized hardware. Cloud computing or cloud data storage may also be utilized. In radio communications this may mean node operations to be carried out, at least partly, in a server, host or node operationally coupled to a remote radio head. It is also possible that node operations will be distributed among a plurality of servers, nodes or hosts. It should also be understood that the distribution of labor between core network operations and base station operations may differ from that of the LTE or even be non-existent. Some other technology advancements probably to be used are Software-Defined Networking (SDN), Big Data, and all-IP, which may change the way networks are being constructed and managed.

Figure 1 illustrates an example of a cellular communication system to which embodiments of the invention may be applied. Cellular radio communication networks, such as the Long Term Evolution (LTE), the LTE-Advanced (LTE-A) of the 3^rd Generation Partnership Project (3GPP), or the predicted future 5G solutions, are typically composed of at least one network node, such as a network element 1 10, providing a cell 100. Each cell may be, e.g., a macro cell, a micro cell, femto, or a pico cell, for example. The network elementl 10 may be an evolved Node B (eNB) as in the LTE and LTE-A, or any other apparatus capable of controlling radio communication and managing radio resources within a cell. For 5G solutions, the implementation may be similar to LTE-A, as described above. The network element 1 10 may be called a base station or an access node. The cellular communication system may be composed of a radio access network of network elements 1 10, 1 12, e.g. eNBs, each controlling a respective cell or cells 100, 102. The network element 1 10 may control a macro cell 100 providing wide area coverage for terminal devices 120. The network elements 1 10 to 1 14 may also be called access nodes because they provide the terminal devices 120 with wireless access to other networks such as the Internet. Additionally, one or more local area access nodes 1 12 may be arranged within a control area of a network element 1 10 controlling a macro cell 100. The local area access node 1 12 may provide wireless access within a sub-cell 102 that may be comprised within a macro cell 100. Examples of the sub-cell may include a micro, pico and/or femto cell. Typically, the sub-cell provides a hot spot within a macro cell. The operation of the local area access node 1 12 may be controlled by a network elementi 10 under whose control area the sub-cell is provided.

In the case of multiple network elements in the communication network, the network elements may be connected to each other with an interface. LTE specifications call such an interface as X2 or S1 interface. Other communication methods between the network elements may also be possible. The network elements 1 10 to 1 12 may be further connected via another interface to a core network 130. The LTE specifications specify the core network as an evolved packet core (EPC), and the core network may comprise a mobility management entity (MME) 132 and a gateway node 134. The MME may handle mobility of terminal devices in a tracking area encompassing a plurality of cells and also handle signaling connections between the terminal devices and the core network 130. The gateway node 134 may handle data routing in the core network 130 and to/from the terminal devices. In the future networks, at least some functions of the core network may be implemented through cloud computing. The cloud computing may refer to a solution where a certain service is provided by one or more physical server computers such that a computing task of the service may be provided any one of the server computer, or the computing may be distributed such that a plurality of server computer cooperate when providing the service to a client device that requested for the service. For example, authenticating procedures involving a core network element described below may be realized by employing the cloud computing.

The radio system of Figure 1 may support Machine Type Communication (MTC). MTC may enable providing service for a large amount of MTC capable devices, such as the at least one terminal device 120. The at least one terminal device 120 may comprise mobile phones, smart phones, tablet computers, laptops and other devices used for user communication with the radio communication network, such as a MTC network. These devices may provide further functionality compared to the MTC scheme, such as communication link for voice, video and/or data transfer. However, in MTC perspective the at least one terminal device 120 may be understood as a MTC device. It needs to be understood that the at least one terminal device 120 may also comprise another MTC capable device, such as a sensor device providing position, acceleration and/or temperature information to name a few examples.

In MTC, the radio communication network may need to handle a massive amount of uncoordinated accesses by the MTC devices. As the amount of MTC devices may be quite high, network access may be a limiting factor, compared to the conventional network limitations, where interference and/or limited coverage may pose a problem. Most of the MTC devices may have a small amount of data to be transmitted in sporadic fashion. This may enable the MTC devices to spend majority of time in sleep mode, disconnected from the network elementi 10 to 1 16 and/or the cellular communication network. Thus, the MTC devices may have a requirement of very small energy small energy consumption. Some embodiments described below are implemented in the context of a random access procedure. The random access procedure may be considered as an initialization procedure for data transmission. The random access procedure may comprise:

transmitting, by the terminal device 120, a Random Access Preamble (RAP) to a network element 1 10. The network element 1 10 may respond with a Random Access Response (RAR) to the terminal device 120. The RAR may include an information element scheduling an uplink transmission resource for the terminal device 120. The terminal device 120 may then transmit a first scheduled transmission to the network element 1 10 in the scheduled uplink transmission resource. The network element 1 10 may respond to the first scheduled transmission with a contention resolution to the terminal device 120.

With respect to the core network, the MME 132 may be configured to control

communication between the terminal device 120 and the core network 130. The MME 132 may track mobility of an idle-mode terminal device 120 within a tracking area and control paging of the terminal device 120 when there is downlink data for the terminal device, for example. The paging may be defined as calling for the terminal device to start bidirectional communication between the terminal device and the network element 1 10 and/or the MME 132. The paging may be defined as a connection request for establishment of a connection or a bearer service for the terminal device but, in some embodiments, the paging may be used to establish connectionless bidirectional communication link between the terminal device and the radio access network or the core network of the cellular communication system. The MME 132 may also carry out authentication of the terminal device in connection with establishing a communication connection for data transfer between the terminal device 120 and the core network 130. The MME 132 may also carry out allocation of temporary identifiers and security keys to the terminal device 120.

With respect to the 5G networks, a stateless radio resource control (RRC) connection has been envisaged. The RRC connection in the LTE system defines states such as an RRC Idle state for an idle terminal device and an RRC Connected state for a terminal device that has established an RRC connection with a network element. As part of this stateless proposal, when the terminal device has no data to be transmitted or received and needs no connection with the network element, it may transit to an inactive state where both the terminal device and the network element preserve a context of the connection. At the network side, the context of the terminal device may be preserved at a core network which may be deployed in a cloud platform, as described above.

Let us now consider some steps in connection with initiating data transfer for an inactive terminal device. Steps involved in an access phase until transmission of a first data packet are called as a 'connectionless' part because, at this moment, an access node may not yet have the context of the terminal device. A second part where the access node has acquired the context may be called a 'connected' part. From the viewpoint of low latency, the connectionless part should be made as short as possible or otherwise optimized for low latency. One challenge relates to security aspects. In existing systems, this

connectionless part only allocates limited resources for transmission of signaling messages only. If the connectionless part were enhanced to transfer a data packet, the access node would allocate a larger amount of resources without any authentication. This may lead to uplink resource occupation by a rogue terminal device.

Generally, an initial access phase for an inactive terminal device may comprise the following steps:

Transmission of a random access preamble from the terminal device to the access node. The access node may broadcast a set of available preambles as system

information, or it may dedicate a preamble to a terminal device that has been previously authenticated. The terminal device may select a random access preamble from the set of available preambles or use a preamble dedicated to the terminal device and transmit the selected preamble in this step. The terminal device may additionally transmit a random access radio network temporary identifier (RA-RNTI) together with the preamble in this step. The identifier may be used for the access node to address the terminal device in the subsequent step. The identifier may be determined from a transmission timing of the random access preamble, as in the LTE system. The random access preamble may be transmitted on a random access channel.

- Transmission of a random access response (RAR) with an uplink grant from the access node to the terminal device. The RAR may be transmitted on a downlink shared channel as in the LTE, for example. The RAR may be addressed to the RA-RNTI received from the terminal device together with the random access preamble. The RAR allocates a resource for the terminal device to send control information such as an identifier of the terminal device and a buffer status report (BSR) indicating a need for uplink data transmission resources. The RAR may be used also to indicate a new temporary identifier to the terminal device, e.g. a cellular radio network temporary identifier (C-RNTI). The RAR may also include timing advance information allowing the terminal device to adjust uplink transmission timings.

- Transmission of a first message from the terminal device to the access node, carrying the C-RNTI and the BSR. This message may be a radio resource connection (RRC) connection request message in case the terminal device has not preconfigured RRC connection with the access node. In a case where the RRC connection has been established but is inactive, the first message may be a RRC resume request message. In both examples, the terminal device indicates with this message that it requests for the active RRC connection to communicate data.

- Transmission of uplink resource allocation from the access node to the terminal device and transmission of a data packet from the terminal device to the access node.

A random access procedure may be considered to span from the transmission of the random access preamble to the transmission of the uplink resource allocation, e.g. to include the steps of the initial access phase described above. Upon receiving the first message, the access node may initiate retrieval of the context of the terminal device and use the retrieved context for processing the received uplink data packet. The context may comprise at least one security key used by the access node to decrypt encryption of the uplink data packet. As a consequence, all the steps of the initial access phase may be considered as the connectionless part, and the access node grants the uplink resources without authentication of the terminal device. Therefore, a rogue terminal device may gain resources from the access node.

Figures 2 and 3 illustrate processes for performing or enabling authentication of the terminal device 120 during a random access procedure. Referring to Figure 2, the process comprises as performed by a network element such as an access node 1 10, 1 12:

receiving a random access initiation message from the terminal device 120 (block 200); in response to the receiving the random access initiation message, authenticating the terminal device by the network element by using a message exchanged between the network element and the terminal device during a random access procedure associated with the random access initiation message (block 202).

Referring to Figure 3, the process comprises as performed by an apparatus applicable to the terminal device 120: acquiring (block 300) at least one encryption key authenticating the terminal device and associated with a random access procedure; and processing (block 302) at least one message of the random access procedure with the encryption key.

Enabling early authentication of the terminal device 120 on the basis of a message exchanged during the random access procedure enables fast establishment of the identity of the terminal device 120. Accordingly, the network element can rapidly allocate uplink transmission resources to the terminal device 120 with high authentication reliability. Accordingly, latency in resource allocation is reduced, and also rogue terminal devices may be identified at an early stage and their access to the uplink transmission resources may be prevented.

Let us now describe some embodiments of the processes of Figures 2 and 3 with reference to signaling diagrams of Figures 4 to 8. Functions of the network element in Figures 4 to 8 may be considered as embodiments of Figure 2, and functions of the terminal device in Figures 4 to 8 may be considered as embodiments of Figure 3. Figure 4 illustrates an embodiment where the message used in the authentication is a first message transmitted by the terminal device 120 after receiving a response to the random access initiation message. Referring to Figure 4, the terminal device 120 may transmit a random access preamble in the random access initiation message in step 400. Upon receiving the random access preamble in step 400, the network element 1 10 (an access node 1 10 in this example) may allocate an uplink communication resource to the terminal device. The dimensions of the uplink communication resource, e.g. a time-frequency resource, may be matched with an amount of resources needed for the terminal device 120 to transmit an identifier of the terminal device 120 and the BSR or a corresponding indication of requested uplink transmission capacity. Upon allocating the uplink communication resource, the access node 1 10 may transmit a random access response message to the terminal device 120 in step 402. The random access response message may further comprise a timing advance indicator enabling the terminal device 120 to adjust its transmission timing. The random access response may further comprise a temporary identifier assigned by the access node to the terminal device, e.g. a random access radio network temporary identifier (RA-RNTI). The random access response may allocate sufficient uplink communication resource only for transmitting a subsequent control message.

Upon receiving the random access response message in step 402, the terminal device may generate an uplink resource request message. The message may comprise the temporary identifier, the BSR or other parameters specifying a request for uplink communication resources. The uplink resource request message may further comprise an authentication key enabling the access node 1 10 to authenticate the terminal device 120. In an embodiment, the authentication key refers to an encryption key received by the terminal device during an earlier connection with the access node and the core network. The terminal device 120 may encrypt at least some of the contents of the uplink resource request with the encryption key. For example, the terminal device may encrypt the temporary identifier and the BSR with the encryption key.

In another embodiment, the authentication key refers to an information element generated and added to the uplink resource request besides the temporary identifier and the BSR. In this context, the authentication key may be an authentication token that is inserted into the uplink resource request. In an embodiment, the information element is generated by processing an identifier of the access node 1 10 and at least some of the contents of the uplink resource request (e.g. the temporary identifier and/or the BSR) with a certain mapping algorithm. The identifier of the access node may be a globally unique identifier of the access node 1 10. The mapping algorithm may map the identifier of the access node and the contents of the message to a certain keyword, and the mapping algorithm may be defined by a mapping key received by the terminal device when earlier connecting to the core network. In step 404, the terminal device transmits the uplink resource request to the access node in the uplink communication resources indicated in the random access response message.

In an embodiment, the authentication key may be a cell-specific authentication key or a cell-group-specific authentication key. In the latter embodiment, the same authentication key may be applied in a plurality of neighboring cells, e.g. cells of a tracking area.

Accordingly, the access node has the authentication key readily available. Therefore, upon receiving the uplink resource request in step 404, the access node 1 10 is capable of using the authentication key to authenticate the terminal device in block 406. Depending on the embodiment described above, block 406 may comprise processing the information element with a reverse operation of the mapping algorithm. If the result is the temporary identifier of the terminal device 120 and correct contents of the uplink resource request or, in general, the sequence used as an input of the mapping algorithm known to be used in the terminal device, the access node may determine that the terminal device has been authenticated. Otherwise, the access node may determine that the terminal device cannot be allowed to access the communication resources managed by the access node.

In the embodiment where the contents of the uplink resource request has been encrypted with the encryption key in the terminal device 120, block 406 may comprise decrypting the contents of the uplink resource request with a decryption key. The contents of the decrypted uplink resource request may then be evaluated and, if the contents are reasonable, e.g. include the temporary identifier and the BSR, the access node 1 10 may determine that the terminal device 120 has been authenticated successfully.

When the terminal device 120 has been authenticated, the access node 1 10 may proceed to step 408 in which it allocates uplink transmission resources for data transmission and generates an uplink grant message indicating the allocated uplink transmission resources. Upon receiving the uplink grant message in step 408, the terminal device may prepare for uplink data transmission and transmit uplink data in the indicated uplink transmission resources in step 410. The access node 1 10 receives the uplink data in step 410.

In an embodiment, the authentication in block 406 is a first level authentication carried out by the access node 1 10 by using the authentication key available to the access node 1 10. The procedure may comprise a second level of authentication in block 412 in which the authentication may be carried out by using another authentication key acquired from a core network element 132 such as the MME. The second level of authentication may be carried out by the access node 1 10 or by the core network element 132.

Figure 5 illustrates an embodiment using the second level of authentication. The steps or operations denoted by the same reference numbers as in Figure 4 represent the same or substantially similar operations. Referring to Figure 5, upon successfully authenticating the terminal device 120 in block 406, the access node 1 10 may trigger retrieval of a previously stored context of the terminal device 120. As described above, the context may be stored in the core network element 132 for the duration of the inactivity of the terminal device 120. The context may define parameters for a connection between the terminal device and the core network 130 and also parameters needed by the access node to mediate messages between the terminal device 120 and the core network. The context may further comprise one or more authentication keys enabling the access node 1 10 to carry out the second level of authentication. The access node 1 10 may trigger the retrieval of the context by transmitting a context request message to the core network element 132 in step 500. While the retrieval of the context may be under process, the access node may receive at least a first uplink data packet from the terminal device 120 in step 410. Until the context retrieval has been completed, the access node 1 10 may buffer the uplink data packet in block 502. The terminal device 120 may still store the context for the duration of the inactivity and, as a consequence, it has the context readily available. The terminal device 120 may have encrypted the uplink data packet with an encryption key defined in the context.

Upon receiving the context request message in step 500, the core network element 132 may retrieve the context of the terminal device 120 and send the context to the access node 1 10 in step 504. Upon receiving the context and associated parameters from the core network element in step 504, the access node 1 10 may use the context to carry out the second level authentication. The second level of authentication in block 506 may comprise applying a decryption key to the received data packet buffered in block 506. The decrypted data packet may then be suspected to evaluation of whether or not the decryption was successful. In an embodiment, the evaluation comprises performing a cyclic redundancy check (CRC) for the decrypted data packet or a portion of the decrypted data packet. For example, a header of the data packet may comprise a CRC sequence encrypted by the terminal device. Upon decrypting the CRC sequence, the CRC operation will indicate whether or not the decryption key of the network element was matched with the encryption key of the terminal device. If the CRC is successful, the terminal device is authenticated correctly. The successful authentication implies that the terminal device authenticated in block 406 is matched correctly with the contex received in step 504. Upon successfully authentication the terminal device 120 in block 506, the access node may decipher the data packet with a data deciphering key defined in the retrieved context and forward the data to the core network in step 508, e.g. to the data routing network element 134.

The second level of authentication further improves the reliability of the authentication, reducing the probability of the terminal device 120 being a rogue.

In an embodiment using the second level authentication, the authentication key transmitted by the terminal device in step 404 and received by the network element comprises two parts. A first part of the authentication key may be used by the network element in the first level of authentication in block 406 in the above-described manner, for example. Upon successful authentication in block 406, the network element may store a second part of the authentication key until executing the second level of authentication in block 412 or 506. The second part may comprise a key sequence identifier or another identifier mapped to the context of the terminal device such that the network element may use the second part in retrieving the context of the terminal device in steps 500, 504, the context including the necessary key(s) used in the second level of authentication in block 506.

In another embodiment, the second part may be transmitted by the terminal device and received by the network element in step 410 instead of step 404.

Figure 6 illustrates an embodiment where the terminal device processes the uplink resource request message of step 404 with an authentication key of the context of the terminal device. Accordingly, the access node 1 10 may not have the authentication key readily available upon receiving the uplink resource request message in step 404.

Referring to Figure 6, the access node may then forward contents of the uplink resource request message to the core network element 132 storing the context in an authentication and context retrieval request in step 600. Upon receiving the request, the core network element 132 may carry out the authentication of the terminal device 120 in block 602 may employing an authentication key defined in the context of the terminal device 120. The authentication as such may be a similar procedure as in block 406. Upon successfully authenticating the terminal device, the core network element may send the context to the access node in step 604. Upon receiving the context in step 604, the access node 1 10 may start allocating uplink data transmission resources to the terminal device 120 (steps 408, 410). Upon receiving the uplink data packet in step 410, the access node may decipher the received data packet with a deciphering key of the context in block 606 and, thereafter, forward the deciphered data packet to the core network in step 508.

The embodiment of Figure 6 may employ an authentication key of a core network connection of the terminal device, e.g. a bearer service established between the terminal device and the core network element 132. In the context of the LTE, such an

authentication key may be called a non-access stratum (NAS) security key. However, the embodiment is equally applicable to the embodiment where the terminal device generates the authentication token. Then, the core network element may process the authentication token by using the identifier of the access node that forwarded the authentication token to the core network element, for example.

With respect to the authentication token, the cell-specific or cell-group-specific security key and associated algorithm may be provided to the terminal device during establishment of the connection between the terminal device and the core network element. The algorithm may define the input(s) to be used for generating the authentication token, e.g. the identifier of the serving access node. In another embodiment, an explicit authentication token or tokens is/are provided to the terminal device. In such an embodiment, the terminal device needs not to use any algorithm but simply insert the received token to the uplink resource request message.

The embodiment of Figure 6 is also applicable to a situation where the terminal device

120 has no stored context available and creation of a new context is initiated for the terminal device with the random access procedure. In such an embodiment, the authentication of the terminal device may be carried out in block 602 on the basis of the authentication key and/or the identifier of the terminal device communicated in step 404. In such an embodiment, the message transferred in step 600 may be an authentication request and the message transferred in step 604 may be an authentication response message. After successful authentication, the process may proceed in the access node 1 10 with the establishment of an RRC connection for the terminal device and with establishment of a core network connection between the core network element and the terminal device. In other words, the context is being established for the terminal device for the data transmission. This embodiment provides early authentication of the terminal device before the establishment of the actual RRC connection and the core network connection. Accordingly, the access node may even schedule data transmission resources for the terminal device before the establishment of the context.

In an embodiment, embodiments of Figure 5 and 6 may be combined. For example, the terminal device may send the uplink resource request message in step 404 to the access node and, additionally, send a request for resuming RRC connection to the core network element over, wherein both messages may be processed with the same or different authentication key. The uplink resource request may be processed with the cell-specific or cell-group-specific authentication key, while the message transmitted to the core network element may be processed with another authentication key of the context of the terminal device.

Figures 4 to 6 illustrate embodiments where the authentication is based on a further message received by the access node from the terminal device after the random access initiation message. The further message may still be received during the random access procedure, e.g. it may be the uplink resource request of the random access procedure.

Figure 7 illustrates an embodiment where the message used for authenticating the terminal device 120, e.g. as the first level of authentication, is a message transmitted from the access node 1 10 to the terminal device. Referring to Figure 7, upon receiving the random access initiation message in step 400, the access node may generate the contents of the random access response message in the above-described manner.

However, the access node 1 10 may process the random access response message with an encryption key and send the encrypted random access response message to the terminal device 120 in step 700.

The encryption key may be a cell-specific or a cell-group-specific encryption key.

Authenticated terminal devices may be provided with a corresponding decryption key when attaching to the core network element, e.g. when initiating a connection with the core network element or upon handing the terminal device off from one core network element to another. Such a handoff may be carried out because of mobility of the terminal device, e.g. the terminal device moving from a tracking area of one core network element to a tracking area of another core network element. Each tracking area may comprise a plurality of cells and/or a plurality of access nodes controlled by or associated with the same core network element. Accordingly, authenticated terminal devices should be able to decrypt the random access response message and send the uplink resource request in correct resources and with a correct timing advance.

Upon receiving the random access response in step 700, the terminal device uses the decryption key to decrypt the contents of the random access response. As a

consequence, the authenticated terminal device is able to derive the allocated uplink transmission resource for the uplink resource request message and transmit the message in step 704. Reception of the uplink resource request in the correct resources in step 704 is verification to the access node 1 10 that the terminal device 120 has successfully decrypted the random access response and, as a consequence, the access node 1 10 has authenticated the terminal device.

In the embodiment of Figure 7, the second level of authentication may be carried out in the above-described manner, as illustrated by steps 500 to 508.

In the embodiments of Figures 4 to 7 described above, the random access response message is used to allocated the uplink transmission resources only for the control signaling, e.g. transmission of the identifier of the terminal device and the BSR. In another embodiment, the access node allocates uplink data transmission resources to the terminal device upon receiving the random access initiation message, and the random access response message may indicate the allocated uplink data transmission resources. Figure 8 illustrates such an embodiment.

Referring to Figure 8, the access node 1 10 may divide transmission resources available for the transmission of the random access initiation message to a plurality of transmission resource units, wherein each transmission resource unit is associated with a different amount of requested uplink transmission resources. Similarly, the terminal device may store information on the transmission resource units and the association with the amount of requested uplink transmission resources. For example, the division may be made in a time domain such that a transmission interval of the random access initiation message is divided into a plurality of sub-intervals, wherein each sub-interval is associated with different amount of requested uplink transmission resources. The terminal device may thus indicate, with the transmission resources selected for the transmission of the random access initiation message, the amount of uplink transmission resources requested from the access node 1 10.

In block 800, the terminal device 120 may determine an amount of transmission resources to be requested from the access node and selects associated transmission resources for the random access initiation message, e.g. an associated timing. In step 802, the terminal device transmits the random access initiation message in the selected resources. Upon receiving the random access initiation message in step 802, the access node 1 10 may determine the transmission resources in which the random access initiation message was received (block 804). The access node may use the mapping to determine the amount of uplink transmission resources requested by the terminal device.

On the basis of the request, the access node may allocate the uplink transmission resources for both control and data transmission to the terminal device and send, in step 806, a random access response message comprising the above-described contents and, additionally, a resource allocation indicating an uplink data transmission resource. Upon receiving the random access response message in step 806, the terminal device may determine the allocated uplink transmission resources and carry out the data transmission as the first message after the random access response (step 808). With respect to the authentication, the authentication may be carried out according to any one of the above- described embodiments. Figure 8 uses the embodiment of Figure 6 where the terminal device provides the authentication key in the data packet and/or in a control message transmitted in step 808. The data packet may be encrypted by using an encryption key of the context.

The access node 1 10 may buffer the data packet in block 810 and send the authentication and context request to the core network element in block 600. The access node may send the control message comprising the identifier of the terminal device to the core network element for authentication. In another embodiment, the access node sends the data packet to the core network element for authentication in step 600. Upon receiving the context and the approval of authentication from the core network element, the access node may start deciphering the uplink data received from the terminal device.

In the embodiment where the access node sends the data packet for the authentication to the core network element, the core network element may forward the deciphered data packet to the data routing network element upon successful authentication and send the context to the access node 1 10. Thereafter, the access node may decipher the subsequent data packets.

The embodiment of Figure 8 provides for early allocation of uplink data transmission resources which further reduces the latency for data transmission.

In the embodiment of Figure 8, the transmission resources of the random access initiation message are used as an indicator of the requested amount of uplink data transmission resources. In another embodiment, the random access preambles may be divided into a plurality of sets, wherein each set is associated with a different amount of requested uplink data transmission resources. As a consequence, the random access preamble sequence serves as an indicator of the requested uplink data transmission resources. Then, block

804 may comprise determining the received random access preamble received in step 802 and finding a mapping of the preamble to an amount of uplink data transmission resources. The terminal device 120 may use the same mapping when selecting the random access preamble sequence in block 800.

In an embodiment of Figure 8 using the authentication token, the data packet transmitted in step 808 may be provided without ciphering, and the terminal device may start ciphering the data packets only upon receiving a message from the access node 1 10 or from the core network element indicating successful authentication and resumption of the connection. Let us remind that the terminal device 120 may remain in a connected state with respect to the core network element for the duration of the inactivity. The message may be a RRC connection resume complete message.

Figures 9 and 10 provide apparatuses according to some embodiments of the invention. Figure 9 illustrates an apparatus configured to carry out the functions described above in connection with the network element. In some embodiments, the network element may be the access node 1 10 but in other embodiments the network element may be the core network element 132. Figure 10 illustrates an apparatus configured to carry out the functions described above in connection with terminal device 120. Each apparatus may comprises a communication control circuitry 10, 30 such as at least one processor, and at least one memory 20, 40 including a computer program code (software) 22, 42 wherein the at least one memory and the computer program code (software) are configured, with the at least one processor, to cause the respective apparatus to carry out any one of the embodiments of each apparatus described above. The apparatus of Figure 9 and/or 10 may be an electronic circuit or a system of electronic circuits performing a particular function in an electronic device with a computer program code. The electronic circuit may comprise at least one processor and additionally at least one internal or external memory 20, 40.

The memories 20, 40 may be implemented using any suitable data storage technology, such as semiconductor based memory devices, flash memory, magnetic memory devices and systems, optical memory devices and systems, fixed memory and removable memory. The memory may comprise a configuration database 24, 44 for storing configuration data for services provided by the apparatus. For example, the configuration database 24 of the network element may store configuration parameters for RRC connections or bearer services established with terminal devices, e.g. the context of the terminal devices. The configuration database 44 may store the context of the terminal device 120 when the connection with the access node and the core network is active and also when it is inactive.

The apparatuses may further comprise a communication interface (TX/RX) 26, 46 comprising hardware and/or software for realizing communication connectivity according to one or more communication protocols. The communication interface may provide the apparatus with communication capabilities to communicate in the cellular communication system and enable communication between network elements, and/or between the network element and terminal devices, for example. The communication interface may comprise standard well-known components such as an amplifier, filter, frequency- converter, (de)modulator, and encoder/decoder circuitries and one or more antennas. The communication interface 26 of the network element may further comprise radio interface components providing the first network element with radio communication capability with terminal devices.

In an embodiment of Figure 9, at least some of the functionalities of the network element may be shared between two physically separate devices, forming one operational entity. Therefore, the apparatus may be seen to depict the operational entity comprising one or more physically separate devices for executing at least some of the described processes. Thus, the apparatus of Figure 9, utilizing such a shared architecture, may comprise a remote control unit (RCU), such as a host computer or a server computer, operatively coupled (e.g. via a wireless or wired network) to a remote radio head (RRH) located in a base station site. In an embodiment, at least some of the described processes of the network element may be performed by the RCU. In an embodiment, the execution of at least some of the described processes may be shared among the RRH and the RCU. In such a context, RCU may comprise the components illustrated in Figure 9, and the communication interface 26 may provide the RCU with the connection to the RRH. The RRH may then comprise radio frequency signal processing circuitries and antennas, for example.

In an embodiment, the RCU may generate a virtual network through which the RCU communicates with the RRH. In general, virtual networking may involve a process of combining hardware and software network resources and network functionality into a single, software-based administrative entity, a virtual network. Network virtualization may involve platform virtualization, often combined with resource virtualization. Network virtualization may be categorized as external virtual networking which combines many networks, or parts of networks, into the server computer or the host computer (i.e. to the RCU). External network virtualization is targeted to optimized network sharing. Another category is internal virtual networking which provides network-like functionality to the software containers on a single system. Virtual networking may also be used for testing the terminal device.

In an embodiment, the virtual network may provide flexible distribution of operations between the RRH and the RCU. In practice, any digital signal processing task may be performed in either the RRH or the RCU and the boundary where the responsibility is shifted between the RRH and the RCU may be selected according to implementation.

The network element (Figure 9) and the terminal device (Figure 10) may carry out data transmission and reception an, therefore, the respective memories 20, 40 may comprise a data buffer for temporary storage of data, e.g. for execution of blocks 502, 810. The apparatuses may also comprise, as a sub-circutiry of the communication control circuitries

10, 30, a data transmission control circuitry 16, 36 carrying out the data

transmission/reception in the cellular communication system in the above-described manner.

Referring to Figure 9, the apparatus may comprise a control circuitry 12 carrying out control plane signalling with the terminal devices. The control circuitry 12 may carry out the signalling in steps 400, 402, 404, 408, 700, 704, 802, 806 in the network element 1 10. The apparatus may further comprise an authentication circuitry 18 configured to carry out the authentication of the terminal device in step 406 or 506 and, in corresponding embodiments, cary out communication with the core network element with respect to the authentication in steps 412, 500, 504, 600, 604. The apparatus may further comprise a resource scheduler configured to schedule or allocate uplink transmission resources to the terminal devices. At least some of the resource allocations may be triggered only upon receiving an indication of successful authentication of a terminal device from the authentication circuitry 18. For example, the resource allocations described above in connection with step 408 may require successful authentication. However, the resource scheduler may carry out some resource allocations to the terminal device before the authentication, as described above. For example, the control circuitry 12 receiving the random access initiation message may call the resource scheduler 14 to allocate the uplink transmission resources to be transmitted in the random access response message in step 402. Additionally, the resource scheduler 14 may carry out block 804 without authentication.

Referring to Figure 10, the communication control circuitry 30 of the apparatus may comprise a control circuitry 32 carrying out control plane signalling with the network element. The control circuitry 12 may carry out the signalling in steps 400, 402, 404, 408, 700, 704, 802, 806 in the terminal device 120. The communication control circuitry may further comprise an authentication key manager 34 configured to handle encryption and/or decryption of messages with one or more authentication keys. The authentication key manager may be configured to carry out the processing related to the authentication keys in any one of the steps 404, 702, 808.

As used in this application, the term 'circuitry' refers to all of the following: (a) hardware- only circuit implementations, such as implementations in only analog and/or digital circuitry, and (b) combinations of circuits and soft-ware (and/or firmware), such as (as applicable): (i) a combination of processor(s) or (ii) portions of processor(s)/software including digital signal processor(s), software, and memory(ies) that work together to cause an apparatus to perform various functions, and (c) circuits, such as a

microprocessor(s) or a portion of a microprocessor(s), that require software or firmware for operation, even if the software or firmware is not physically present. This definition of 'circuitry' applies to all uses of this term in this application. As a further example, as used in this application, the term 'circuitry' would also cover an implementation of merely a processor (or multiple processors) or a portion of a processor and its (or their)

accompanying software and/or firmware. The term 'circuitry' would also cover, for example and if applicable to the particular element, a baseband integrated circuit or applications processor integrated circuit for a mobile phone or a similar integrated circuit in a server, a cellular network device, or another network device.

In an embodiment, at least some of the processes described in connection with Figures 2 to 8 may be carried out by an apparatus comprising corresponding means for carrying out at least some of the described processes. Some example means for carrying out the processes may include at least one of the following: detector, processor (including dual- core and multiple-core processors), digital signal processor, controller, receiver, transmitter, encoder, decoder, memory, RAM, ROM, software, firmware, display, user interface, display circuitry, user interface circuitry, user interface software, display software, circuit, antenna, antenna circuitry, and circuitry. In an embodiment, the at least one processor, the memory, and the computer program code form processing means or comprises one or more computer program code portions for carrying out one or more operations according to any one of the embodiments of Figures 2 to 13 or operations thereof. The techniques and methods described herein may be implemented by various means. For example, these techniques may be implemented in hardware (one or more devices), firmware (one or more devices), software (one or more modules), or combinations thereof. For a hardware implementation, the apparatus(es) of embodiments may be implemented within one or more application-specific integrated circuits (ASICs), digital signal processors (DSPs), digital signal processing devices (DSPDs), programmable logic devices (PLDs), field programmable gate arrays (FPGAs), processors, controllers, microcontrollers, microprocessors, other electronic units designed to perform the functions described herein, or a combination thereof. For firmware or software, the implementation can be carried out through modules of at least one chip set (e.g. procedures, functions, and so on) that perform the functions described herein. The software codes may be stored in a memory unit and executed by processors. The memory unit may be implemented within the processor or externally to the processor. In the latter case, it can be

communicatively coupled to the processor via various means, as is known in the art.

Additionally, the components of the systems described herein may be rearranged and/or complemented by additional components in order to facilitate the achievements of the various aspects, etc., described with regard thereto, and they are not limited to the precise configurations set forth in the given figures, as will be appreciated by one skilled in the art.

Embodiments as described may also be carried out in the form of a computer process defined by a computer program or portions thereof. Embodiments of the methods described in connection with Figures 2 to 8 may be carried out by executing at least one portion of a computer program comprising corresponding instructions. The computer program may be in source code form, object code form, or in some intermediate form, and it may be stored in some sort of carrier, which may be any entity or device capable of carrying the program. For example, the computer program may be stored on a computer program distribution medium readable by a computer or a processor. The computer program medium may be, for example but not limited to, a record medium, computer memory, read-only memory, electrical carrier signal, telecommunications signal, and software distribution package, for example. The computer program medium may be a non- transitory medium. Coding of software for carrying out the embodiments as shown and described is well within the scope of a person of ordinary skill in the art.

Even though the invention has been described above with reference to an example according to the accompanying drawings, it is clear that the invention is not restricted thereto but can be modified in several ways within the scope of the appended claims. Therefore, all words and expressions should be interpreted broadly and they are intended to illustrate, not to restrict, the embodiment. It will be obvious to a person skilled in the art that, as technology advances, the inventive concept can be implemented in various ways. Further, it is clear to a person skilled in the art that the described embodiments may, but are not required to, be combined with other embodiments in various ways.

Claims

1 . A method comprising: receiving, by a network element, a random access initiation message from a terminal device; in response to the reception of the random access initiation message, authenticating the terminal device by the network element by using a message exchanged between the network element and the terminal device during a random access procedure associated with the random access initiation message.

2. The method of claim 1 , wherein said authenticating is a first level of a authentication, the method further comprising as performed by the network element: performing a second level of authentication after said first level of authentication and after the random access procedure.

3. The method of claim 1 or 2, further comprising as performed by the network element: causing transmission of a response to the received random access initiation message, wherein the response comprises information element indicating an uplink transmission resource for the terminal device; receiving a further message from the terminal device in the uplink transmission resource; and authenticating the terminal device on the basis of the further message.

4. The method of claim 3, wherein the further message is encrypted with an encryption key, and wherein said authenticating is based on successfully decrypting the further message.

5. The method of claim 4, wherein the network element performs said decryption.

6. The method of claim 4, wherein the network element is configured to send the encrypted further message to another network element for the decryption, and wherein said authentication is based on receiving a confirmation of successful decryption of the further message from the other network element.

7. The method of any preceding claim, further comprising as performed by the network element: determining communication resources in which the random access initiation message was received; mapping the determined communication resources to an amount of resources requested by the terminal device for allocation; allocating, on the basis of the mapping, uplink communication resources to the terminal device; causing transmission of a response to the received random access initiation message, the response comprising an information element indicating the allocated uplink

communication resources; receiving, from the terminal device in the allocated uplink communication resources, uplink data and authentication information; and performing said authenticating the terminal device on the basis of the received

authentication information.

8. The method of claim 1 or 2, wherein at least one message of the random acess procedure is encrypted with a cell-specie or a cell-group-specific encryption key.

9. The method of claim 8, further comprising as performed by the network element: generating a response message to the received random access initiation message; encrypting the response message with the cell-specie or a cell-group-specific encryption key; and causing transmission of the encrypted response message to the terminal device.

10. The method of claim 8, wherein the at least one message comprises an uplink scheduling request requesting for allocation of uplink communication resources to the terminal device, and wherein the at least one message comprises an information element encrypted with the cell-specie or a cell-group-specific encryption key, the method further comprising in the network element: decrypting the information element with a decryption key; and performing said authentication of the terminal device on the basis of said decrypting.

1 1. A method comprising: acquiring, by a terminal device, at least one authentication key authenticating the terminal device and associated with a random access procedure; processing at least one message of the random access procedure with the authentication key.

12. The method of claim 1 1 , further comprising: causing transmission of a random access initiation message to a network element; receiving, from the network element, a response to the random access initiation message; processing the received response with the at least one authentication key to decrypt contents of the response; and upon successfully decrypting the contents of the response, generating a subsequent message and causing transmission of the subsequent message to the network element.

13. The method of claim 1 1 , wherein the at least one authentication key comprises at least one cell-specific or a cell-group-specific encryption key, and wherein said at least one message of the random access procedure is a message transmitted by the terminal device.

14. The method of claim 13, comprising as performed by the terminal device: generating an authentication token on the basis of the authentication key and at least one of an identifier of the network element and contents of the at least one message of the random access procedure; and inserting the authentication token to the at least one message of the random access procedure.

15. The method of claim 1 1 , further comprising as performed by the terminal device: receiving at least one encryption key as the at least one authentication key when associating the terminal device with a core network element; and encrypting the at least one message of the random access procedure with the at least one encryption key.

16. An apparatus comprising:

at least one processor, and

at least one memory comprising a computer program code, wherein the processor, the memory, and the computer program code are configured to cause the apparatus to: receive a random access initiation message from a terminal device; in response to the reception of the random access initiation message, authenticate the terminal device by using a message exchanged between the apparatus and the terminal device during a random access procedure associated with the random access initiation message.

17. The apparatus of claim 16, wherein said authenticating is a first level of a

authentication, and wherein the processor, the memory, and the computer program code are configured to cause the apparatus to perform a second level of authentication after said first level of authentication and after the random access procedure.

18. The apparatus of claim 16 or 17, wherein the processor, the memory, and the computer program code are configured to cause the apparatus to: cause transmission of a response to the received random access initiation message, wherein the response comprises information element indicating an uplink transmission resource for the terminal device; receive a further message from the terminal device in the uplink transmission resource; and authenticate the terminal device on the basis of the further message.

19. The apparatus of claim 18, wherein the further message is encrypted with an encryption key, and wherein said authentication is based on successfully decrypting the further message.

20. The apparatus of claim 19, wherein the processor, the memory, and the computer program code are configured to cause the apparatus to perform said decryption.

21. The apparatus of claim 19, wherein the processor, the memory, and the computer program code are configured to cause the apparatus to send the encrypted further message to a network element for the decryption, and to authenticate the terminal device by using a received confirmation of successful decryption of the further message from the network element.

22. The apparatus of any preceding claim 16 to 21 , wherein the processor, the memory, and the computer program code are configured to cause the apparatus to: determine communication resources in which the random access initiation message was received; map the determined communication resources to an amount of resources requested by the terminal device for allocation; allocate, on the basis of the mapping, uplink communication resources to the terminal device; cause transmission of a response to the received random access initiation message, the response comprising an information element indicating the allocated uplink

communication resources; receive, from the terminal device in the allocated uplink communication resources, uplink data and authentication information; and perform said authenticating the terminal device on the basis of the received authentication information.

23. The apparatus of claim 16 or 17, wherein at least one message of the random access procedure is encrypted with a cell-specific or a cell-group-specific encryption key.

24. The apparatus of claim 23, wherein the processor, the memory, and the computer program code are configured to cause the apparatus to: generate a response message to the received random access initiation message; encrypt the response message with the cell-specific or a cell-group-specific encryption key; and cause transmission of the encrypted response message to the terminal device.

25. The apparatus of claim 23, wherein the at least one message comprises an uplink scheduling request requesting for allocation of uplink communication resources to the terminal device, wherein the at least one message comprises an information element encrypted with the cell-specific or a cell-group-specific encryption key, and wherein the processor, the memory, and the computer program code are configured to cause the apparatus to: decrypt the information element with a decryption key; and perform said authentication of the terminal device on the basis of said decrypting.

26. An apparatus comprising:

at least one processor, and

at least one memory comprising a computer program code, wherein the processor, the memory, and the computer program code are configured to cause the apparatus to: acquire at least one authentication key authenticating the apparatus and associated with a random access procedure; process at least one message of the random access procedure with the authentication key.

27. The apparatus of claim 26, wherein the processor, the memory, and the computer program code are configured to cause the apparatus to: cause transmission of a random access initiation message to a network element; receive, from the network element, a response to the random access initiation message; process the received response with the at least one authentication key to decrypt contents of the response; and upon successfully decrypting the contents of the response, generate a subsequent message and causing transmission of the subsequent message to the network element.

28. The apparatus of claim 26, wherein the at least one authentication key comprises at least one cell-specific or a cell-group-specific encryption key, and wherein said at least one message of the random access procedure is a message transmitted by the apparatus.

29. The apparatus of claim 28, wherein the processor, the memory, and the computer program code are configured to cause the apparatus to: generate an authentication token on the basis of the authentication key and at least one of an identifier of the network element and contents of the at least one message of the random access procedure; and insert the authentication token to the at least one message of the random access procedure.

30. The apparatus of claim 26, wherein the processor, the memory, and the computer program code are configured to cause the apparatus to: receive at least one encryption key as the at least one authentication key when

associating the terminal device with a core network element; and encrypting the at least one message of the random access procedure with the at least one encryption key.

31. The apparatus of any preceding claim 16 to 30, further comprising a communication interface comprising hardware providing the apparatus with communication capability in a cellular communication system.

32. A system comprising the apparatus according to any preceding claim 16 to 25 and the apparatus according to any preceding claim 26 to 31.

33. An apparatus comprising means for carrying out all the steps of a method accordin any one of claims 1 to 15.

34. A computer program product embodied on a computer-readable medium and comprising a computer program code readable by a computer, wherein the computer program code configures the computer to carry out the method according to any preceding claim 1 to 15 when read by the computer.