Mobile Network TrustServer - The solution for mobile subscriber authentication and key agreement in mobile networks
- Compliant with the latest 3GPP security requirements to ensure a secure operational environment
- Safeguard against physical attacks through tamper protection and response mechanisms
- For subscriber identity de-concealing, authentication and key agreement (AKA) in mobile networks
- Easy integration through dedicated interface for AKA use case
Utimaco’s HSM solution specially designed to meet the needs of network element providers in mobile networks.
As network solution vendor your solutions must comply with 3GPP security requirements as defined in Technical Specification 33.501. Therefore, your security architecture as well as related procedures for network elements must foresee a secure environment that protects long-term keys K and Home Network Private keys from physical attacks. Functions which process sensitive subscriber data, i.e., subscriber identity de-concealing as well as authentication and key agreement, must also be executed in this secure environment.
Mobile Network TrustServer is an ideal solution to meet these requirements as it provides the unique combination of a certified secure environment and an integration API dedicated to subscriber identity de-concealing, authentication and key agreement.
Mobile Network TrustServer is suitable for decryption of concealed subscriber identities in 5G mobile networks, and for key generation according to Authentication and Key Agreement (AKA) protocols in 2G, 3G, 4G and 5G mobile networks.
New high performance model
To provide you with the solution that exactly fits the processing requirements of networks with multi-million subscribers, Mobile Network TrustServer is now also available on our high-performing u.trust Anchor HSM platform.
Mobile Network TrustServer ensures an easy implementation into an existing environment and effectively handles tasks related to subscriber identity de-concealing, authentication and key agreement efficiently; even without in-depth crypto knowledge.
Unique product combination
- Provides a unique combination of a certified secure environment and integration API dedicated to subscriber identity de-concealing, authentication and key agreement
Developed for network element provider
- Specially designed to meet the needs for subscriber identity de-concealing and authentication and key agreement in mobile networks
- Process subscriber data and key generation within a secure and tamper-protected environment
Compliant with latest requirements
- Secure environment that protects against physical attacks as required in 3GPP Technical Specification 33.501 “Security architecture and procedures for 5G System”
- FIPS 140-2, PCI HSM and Common Criteria proven Hardware Security Module and cryptographic algorithms
Subscriber identity de-concealing function (SIDF)
- Decrypts the Subscriber Concealed Identifier (SUCI) with Subscriber Identity De-concealing Function (SIDF) in the home network
- Secures storage and usage of the Home Network Private Key to ensure privacy of the permanent identifier SUPI.
- Deconceals the SUCI inside the tamper protected HSM according to Profile A and Profile B.
Key Generation according to AKA protocols
- Support of all relevant 2G, 3G, 4G and 5G Subscriber Authentication and Key Agreement (AKA) protocols
- Derives the key material from the subscriber’s unique key K inside the tamper protected HSM.
- MNAUTH API, the C-style application programming interface (API) dedicated for Mobile Network security use cases. Available for C and Java.
- Easy Integration into mobile network functions by using MNAUTH API
Unprecedented Speed and High Availability
- Processes subscriber data and generates authentication vectors at unprecedented speed
- High availability when running authentication and agreement protocols in a redundant system setup
Scalability and Customizability
- Easy extension to support future versions of SIDF Profiles and AKA protocols, including future quantum-safe algorithms
- Customizable to specific requirements of Mobile Network Operators
- Ensures the best fit for existing and future requirements, guaranteeing long-term investment security
For each network size
- Available in three performance options
From the entry level model for mobile networks with low numbers of subscribers and limited dynamics to a high-performance option for large networks with millions of subscribers
Our general-purpose Hardware Security Module designed to handle the most common business applications. It meets and fulfills numerous compliance requirements and industry standards and supports all common cryptographic algorithms and interfaces (APIs).
The centralized management and remote monitoring solution for Atalla AT1000, CryptoServer LAN V5 and u.trust Anchor HSMs.