Mobile Networks
The scalable and customizable solution for subscriber authentication and key agreement in mobile networks

5G Protect

Achieve security in mobile networks up to 5G for subscribers, keys, and network providers

5G Protect is the extension for Utimaco's General Purpose HSMs to allow subscriber identity de-concealing, authentication and key agreement in mobile networks within the tamper-proof environment of the Hardware Security Module.

  • Compliant with the latest 3GPP security requirements to ensure a secure operational environment
  • Safeguard against physical attacks through tamper protection and response mechanisms
  • For subscriber identity de-concealing, authentication and key agreement (AKA) in mobile networks
  • Easy integration through dedicated interface for AKA use case

Product Type:

Firmware

Delivery Time:

Ask our sales team
Key Benefits

Key Benefits

Icon

Fulfills 3GPP security requirements

Offers a secure environment that protects long-term keys K and Home Network Private keys from physical attacks.

Icon

Developed for network element providers

Specially designed to meet the needs of network element providers for subscriber identity de-concealing and authentication and key agreement in mobile networks.

Icon

Suitable for each network size

Available for small or private mobile networks to large networks with millions of subscribers.

Details

Details

The HSM application specially designed to meet the needs of network ele-ment providers in mobile networks

As a network solution vendor your solutions must comply with 3GPP security requirements as defined in Technical Specification 33.501. Therefore, your security architecture as well as related procedures for network elements must foresee a secure environment that protects long-term keys K and Home Net-work Private keys from physical attacks. Functions which process sensitive subscriber data, i.e., subscriber identity de-concealing as well as authentica-tion and key agreement, must also be executed in this secure environment.

5G Protect is an ideal solution to meet these requirements as it provides the unique combination of a certified secure environment and an integration API dedicated to subscriber identity de-concealing, authentication and key agree-ment. 5G Protect enables decryption of concealed subscriber identities in 5G mobile networks, and for key generation according to Authentication and Key Agreement (AKA) protocols in 2G, 3G, 4G and 5G mobile networks.

To provide you with the solution that exactly fits the processing requirements of your network, 5G Protect is available on our u.trust General Purpose HSM Se-Series, which offers entry-level and high-performance models.
 

Mobile network Trustserver Chart


 

Features

Unique product combination

  • Certified secure environment
  • Integration API dedicated to subscriber identity de-concealing, au-thentication and key agreement

Developed for network element provider

  • Specially designed to meet the needs for subscriber identity de-concealing and authentication and key agreement in mobile networks
  • Process subscriber data and key generation within a secure and tamper-protected environment

High Performance, Availability, and Scalability

  • Processes subscriber data and generates authentication vectors at un-precedented speed
  • High availability when running authentication and agreement protocols in a redundant system setup
  • Easy extension to support future versions of SIDF Profiles and AKA pro-tocols, including future quantum-safe algorithms
  • Customizable to specific requirements of Mobile Network Operators
  • Ensures the best fit for existing and future requirements, guaranteeing long-term investment security
     

For each network size

  • Suitable for several performance models
  • From the entry level model for mobile networks with low numbers of subscribers and limited dynamics to a high-performance option for large networks with millions of subscribers
     

Compliant with latest requirements

  • Secure environment that protects against physical attacks as re-quired in 3GPP Technical Specification 33.501 “Security architec-ture and procedures for 5G System”
  • FIPS 140-2, PCI HSM and Common Criteria proven Hardware Secu-rity Module and cryptographic algorithms
     

Subscriber identity de-concealing function (SIDF)

  • Decrypts the Subscriber Concealed Identifier (SUCI) with Subscriber Identity De-concealing Function (SIDF) in the home network
  • Secures storage and usage of the Home Network Private Key to ensure privacy of the permanent identifier SUPI.
  • Deconceals the SUCI inside the tamper protected HSM according to Profile A and Profile B.

Key Generation according to AKA protocols

  • Support of all relevant 2G, 3G, 4G and 5G Subscriber Authentication and Key Agreement (AKA) protocols
  • Derives the key material from the subscriber’s unique key K inside the tamper protected HSM.

Comprehensive API

  • MNAUTH API, the C-style application programming interface (API) dedicated for Mobile Network security use cases. Available for C and Java.
  • Easy Integration into mobile network functions by using MNAUTH API

 

On-premise

Our on-premise options allow hosting the product directly on-site in your own network or data center.

Contact us

We look forward to answering your questions.

How can we help you?

Talk to one of our specialists and find out how Utimaco can support you today.
You have selected two different types of downloads, so you need to submit different forms which you can select via the two tabs.

Your download request(s):

    By submitting below form you will receive links for your selected downloads.

    Your download request(s):

      For this type of documents, your e-mail address needs to be verified. You will receive the links for your selected downloads via e-mail after submitting below form.

      About Utimaco's Downloads

      Visit our Downloads section and select from resources such as brochures, data sheets, white papers and much more. You can view and save almost all of them directly (by clicking the download button).

      For some documents, your e-mail address needs to be verified. The button contains an e-mail icon.

      Download via e-mail

       

      A click on such a button opens an online form which we kindly ask you to fill and submit. You can collect several downloads of this type and receive the links via e-mail by simply submitting one form for all of them. Your current collection is empty.