5G - Secure Storage, Management & Processing of Subscription Credentials
Security is a driving factor in how 5G networks are built and operated - every element of a 5G network is required to have security controls in place for the purpose of delivering confidentiality, integrity and availability so that the network provides users with a secure communications platform.
The 5G security architecture depends on keeping many pieces of information private (e.g., subscriber credentials and encryption keys). Most of the security mechanisms are based on secure protocols and underlying cryptographic algorithms that all rest on the reliability to securely store secret keys. Operations that need to have access to these keys should always be executed within, and never outside of a secure hardware component*.
For user equipment, which could be any device used directly by an end-user to communicate; a solution for Authentication and Key Agreement (AKA) is a requirement.
Utimaco’s HSM-protected 5G creates a secure operational environment, supporting all relevant 3G, 4G and 5G Subscriber Authentication and Key Agreement (AKA) protocols.
*(ETSI TS 133 501 , Clause 5.2.4)
Business value
Industry grade HSM-based root of trust.
- Provides easy extension to support future versions of SIDF Profiles and AKA protocols, or even future quantum- safe algorithms
- Customizable to specific requirements of Mobile Network Operators
Secure, scalable open 5G environment
- Provides a unique product combination of a secure environment and integration API
- Provides a scalable and customizable solution for subscriber authentication and key agreement in mobile networks.
- Provides easy integration through a dedicated interface for authentication and key agreement (AKA) use cases.
- A solution especially designed to meet the needs of network element provider for subscriber identity de-concealing and authentication and key agreement in mobile networks
Compliance with security standards across industries
- Provides easy integration through dedicated interfaces for AKA use cases.
- Provides a secure environment that protects against physical attacks as required in 3GPP Technical Specification 33.501 “Security architecture and procedures for 5G System
- Assures security and compliance with FIPS 140-2, PCI HSM and Common Criteria proven Hardware Security Module and cryptographic algorithms
- Support of all relevant 3G, 4 and 5G Subscriber Authentication and Key Agreement (AKA) protocols
Secure & Centralized Key Management
- Processes subscriber data and generates keys within a secure and tamper-protected environment at unprecedented speed
- Provides a FIPS & PCI-PIN Certified Policy based key life cycle management including distribution control of keys
- A solution designed to unify an organization's existing HSM key management landscape by enabling consistent, centralized key lifecycle management
- Allows remote HSM operation & management of existing and additional HSMs
- Provides a single, easy to use interface, allowing organizations to generate, import and export keys both quickly and efficiently
- Provides effective audit and logging such as date and timestamp, user IDs, function performed, POS terminal details, key serial number and pass or fail status
Remote Access
- Extensive mechanisms for remote administration
- Efficient key management and firmware updates via remote access
- Automation of remote diagnosis via SNMP (Simple Network Management Protocol)
Software Simulator included
Included simulator allowing for the mobile TrustServer evaluation and integration testing to benchmark the best possible solution for each specific case
