Cryptographically generated device identifiers

We claim: 1. A method, comprising: receiving, from a wireless station (STA) and by a network device of an access network, a cryptographically generated device identifier (CGDI) and a public key relating to the STA; decrypting, by the network device, the CGDI using the public key to produce a first hash; generating, by the network device, a second hash by hashing an identifier of the access network and the public key; determining, by the network device, that the first hash matches the second hash; and based on determining that the first hash matches the second hash, identifying the STA in the access network using the CGDI based on binding the CGDI to a session associated with the STA and the access network. 2. The method of claim 1 , wherein the CGDI uniquely identifies the STA for the access network. 3. The method of claim 1 , further comprising: receiving one or more auxiliary parameters relating to the STA, wherein generating the second hash further uses the auxiliary parameters. 4. The method of claim 1 , comprising: receiving a second CGDI relating to the STA; and validating the second CGDI for the STA and a second access network, wherein the second CGDI is different from the CGDI, and wherein the second CGDI identifies the STA in the second access network. 5. The method of claim 1 , wherein the CGDI is received at the access network using a WiFi radio access technology. 6. The method of claim 5 , further comprising: receiving the CGDI at the access network a second time using a cellular radio access technology, wherein the CGDI is successfully validated for the access network after being received over both the cellular radio access technology and the WiFi radio access technology. 7. The method of claim 1 , wherein the CGDI is generated at the STA based on encrypting a one-way hash using a private key associated with the STA. 8. The method of claim 7 , wherein the STA generates the one-way hash based on an identifier for the access network and the public key. 9. A system, comprising: a processor; and a memory having instructions stored thereon which, when executed on the processor, performs operations comprising: receiving, from a wireless station (STA), a cryptographically generated device identifier (CGDI) and a public key relating to the STA; decrypting the CGDI using the public key to produce a first hash; generating a second hash by hashing an identifier of an access network and the public key; determining that the first hash matches the second hash; and based on determining that the first hash matches the second hash, identifying the STA in the access network using the CGDI based on binding the CGDI to a session associated with the STA and the access network. 10. The system of claim 9 , wherein the CGDI uniquely identifies the STA for the access network. 11. The system of claim 9 , the operations further comprising: receiving one or more auxiliary parameters relating to the STA, wherein generating the second hash further uses the auxiliary parameters. 12. The system of claim 9 , wherein the CGDI is received at the access network using a WiFi radio access technology. 13. The system of claim 12 , the operations further comprising: receiving the CGDI at the access network a second time using a cellular radio access technology, wherein the CGDI is successfully validated for the access network after being received over both the cellular radio access technology and the WiFi radio access technology. 14. A non-transitory computer-readable medium having instructions stored thereon which, when executed by a processor, performs operations comprising: receiving, from a wireless station (STA), a cryptographically generated device identifier (CGDI) and a public key relating to the STA; decrypting the CGDI using the public key to produce a first hash; generating a second hash by hashing an identifier of an access network and the public key; determining that the first hash matches the second hash; and based on determining that the first hash matches the second hash, identifying the STA in the access network using the CGDI based on binding the CGDI to a session associated with the STA and the access network. 15. The non-transitory computer-readable medium of claim 14 , wherein the CGDI uniquely identifies the STA for the access network. 16. The non-transitory computer-readable medium of claim 14 , the operations further comprising: receiving one or more auxiliary parameters relating to the STA, wherein generating the second hash further uses the auxiliary parameters. 17. The non-transitory computer-readable medium of claim 14 , wherein the CGDI is received at the access network using a WiFi radio access technology, the operations further comprising: receiving the CGDI at the access network a second time using a cellular radio access technology, wherein the CGDI is successfully validated for the access network after being received over both the cellular radio access technology and the WiFi radio access technology.