Identity privacy in wireless networks

What is claimed is: 1 . A method for network access by a user equipment (UE), comprising: sending, from the UE, a privacy mobile subscriber identity (PMSI) in place of an international mobile subscriber identity (IMSI) to identify the UE with an initial attach message to a serving network; receiving, from the serving network, an authentication request that includes a next PMSI determined by a server in communication with the serving network, the next PMSI being derived from the PMSI; and sending, from the UE, an acknowledgment of receipt of the next PMSI to the server via the serving network. 2 . The method of claim 1 , further comprising: determining, by the UE, the PMSI for network access based on an initial PMSI. 3 . The method of claim 2 , further comprising: receiving the initial PMSI during a subscriber registration of the UE with the server. 4 . The method of claim 2 , further comprising: provisioning the initial PMSI after a subscriber registration via an over-the-air communication with the server. 5 . The method of claim 4 , further comprising: generating, by the UE, a proposed PMSI; encrypting, by the UE, the generated PMSI using a server public key, wherein the server maintains a corresponding server private key; and receiving, at the UE, acknowledgement from the server to use the generated PMSI as the initial PMSI. 6 . The method of claim 1 , further comprising: determining a UE-based next PMSI; and comparing the UE-based next PMSI to the next PMSI received as part of the authentication request to determine if there is a match. 7 . The method of claim 6 , further comprising: generating an acknowledgement token in response to determining there is a match, the acknowledgement of receipt comprising the acknowledgement token; and storing the confirmed next PMSI at the UE for use in a next attach message. 8 . The method of claim 1 , wherein the receiving the authentication request further comprises: decrypting the next PMSI in the authentication request using an anonymity key, wherein the anonymity key is derived from a secret key shared between the UE and the server. 9 . A user equipment comprising: a memory configured to store a privacy mobile subscriber identity (PMSI); a transceiver configured to: send the PMSI in place of an international mobile subscriber identity (IMSI) to identify the UE with an initial attach message to a serving network; and receive, from the serving network, an authentication request that includes a next PMSI determined by a server in communication with the serving network, the next PMSI being derived from the PMSI; and a processor configured to generate an acknowledgment of receipt, wherein the transceiver is further configured send the acknowledgement of receipt to the server via the serving network. 10 . The user equipment of claim 9 , wherein the processor is further configured to: determine the PMSI for network access based on an initial PMSI stored in the memory. 11 . The user equipment of claim 10 , wherein the user equipment receives the initial PMSI during a subscriber registration of the UE with the server. 12 . The user equipment of claim 10 , wherein the user equipment is configured to provision the initial PMSI after a subscriber registration via an over-the-air communication with the server. 13 . The user equipment of claim 12 , wherein: the processor is further configured to generate a proposed initial PMSI and encrypt the generated PMSI using a server public key, wherein the server on the network maintains a corresponding server private key; and the transceiver is further configured to receive acknowledgement from the server to use the generated PMSI as the initial PMSI. 14 . The user equipment of claim 9 , wherein the processor is further configured to: determine a UE-based next PMSI and compare the UE-based next PMSI to the next PMSI received as part of the authentication request to determine if there is a match. 15 . The user equipment of claim 14 , wherein the processor is further configured to: generate an acknowledgement token in response to a determination that there is a match, the acknowledgement of receipt comprising the acknowledgement token. 16 . The user equipment of claim 14 , wherein the memory is further configured to store the next PMSI for use in a next attach message. 17 . The user equipment of claim 9 , wherein the processor is further configured to decrypt the next PMSI in the authentication request using an anonymity key, wherein the anonymity key is derived from a secret key shared between the UE and the server. 18 . A method for setting up network access with a server on a network, comprising: receiving, from a user equipment (UE) via one or more network elements in an intervening serving network, a privacy mobile subscriber identity (PMSI) in place of an international mobile subscriber identity (IMSI) to identify the UE from an initial attach message; determining, by the server, a next PMSI based on the PMSI; transmitting, from the server, authentication information to the serving network that includes the next PMSI, wherein the next PMSI is relayed by the serving network to the UE as part of authentication; and receiving, from the UE via the serving network, an acknowledgement of receipt that includes confirmation of the next PMSI. 19 . The method of claim 18 , further comprising: determining, by the server, the PMSI for network access based on an initial PMSI. 20 . The method of claim 19 , further comprising: receiving, at the server, the initial PMSI during a subscriber registration of the UE with the server. 21 . The method of claim 19 , further comprising: receiving, from the UE, a proposed initial PMSI; decrypting, by the server, the proposed initial PMSI using a server private key that was encrypted at the UE by a corresponding server public key; and transmitting, to the UE, an acknowledgement of the proposed initial PMSI as the initial PMSI. 22 . The method of claim 18 , further comprising: deriving an anonymity key from a secret key shared between the server and the UE; encrypting the next PMSI in the authentication information using the derived anonymity key; receiving, as part of the acknowledgment, an acknowledgement token acknowledging the next PMSI; and storing the next PMSI in place of the PMSI at the server for use in responding to a subsequent initial attach message from the UE. 23 . The method of claim 18 , wherein the determining further comprises: detecting a collision between the next PMSI and another existing PMSI associated with a different UE; and incrementing a PMSI index and determining a new next PMSI based on the next PMSI and the incremented PMSI index. 24 . The method of claim 18 , further comprising: receiving, from a mobility management entity (MME) on the serving network separate from a home network that the server is on, a request for the IMSI of the UE; and sending, in response to the request, the PMSI of the UE used in the initial attach message instead of the IMSI of the UE. 25 . The method of claim 18 , further comprising: searching one or more databases for a match to the PMSI included with the initial attach message; and sending, in response to not locating a match, a notice for the UE to modify a PMSI index maintained at the UE for generation of an updated PMSI at the UE.