Encrypting network slice credentials using a public key

1 . An apparatus comprising: a processor that: registers with a mobile communication network using a first set of credentials, the mobile communication network supporting a plurality of network slices; receives a public key for a network slice where slice-specific authentication is required; and encrypts a second set of credentials using the public key, the second set of credentials used for authentication with the network slice; and a transceiver that sends a message to the mobile communication network, wherein the message includes the encrypted second set of credentials. 2 . The apparatus of claim 1 , wherein encrypting the second set of credentials comprises generating a nonce, wherein the nonce is used to encrypt the second set of credentials. 3 . The apparatus of claim 2 , wherein the message to the mobile communication network includes the nonce. 4 . The apparatus of claim 1 , wherein the message to the mobile communication network initiates slice-specific authentication of the apparatus. 5 . A method comprising: registering with a mobile communication network using a first set of credentials, the mobile communication network supporting a plurality of network slices; receiving a public key for a network slice where slice-specific authentication is required; encrypting a second set of credentials using the public key, the second set of credentials used for authentication with the network slice; and sending a message to the mobile communication network, wherein the message includes the encrypted second set of credentials. 6 . An apparatus comprising: a transceiver that receives a registration request from a user equipment device (“UE”), wherein the UE registers with a mobile communication network using a first set of credentials; and a processor that: retrieves a public key for a network slice where slice-specific authentication is required; encrypts a second set of credentials using the public key, the second set of credentials used for authentication with the network slice; and sends a message to an authentication server, wherein the message includes the encrypted second set of credentials. 7 . The apparatus of claim 6 , wherein the first set of credentials is received from a Unified Data Management function (“UDM”). 8 . The apparatus of claim 7 , wherein the first set of credentials is received together with subscription data of the UE. 9 . The apparatus of claim 6 , wherein the second set of credentials is received from the UE. 10 . The apparatus of claim 6 , wherein encrypting the second set of credentials comprises generating a nonce, wherein the nonce is used to encrypt the second set of credentials. 11 . The apparatus of claim 10 , wherein the message to the authentication server includes the nonce. 12 . The apparatus of claim 6 , wherein the processor checks subscription data of the UE in response to the registration request, wherein the public key is stored with the subscription data. 13 . The apparatus of claim 6 , wherein the message to the authentication server initiates slice-specific authentication of the UE. 14 . A method comprising: receiving a registration request from a user equipment device (“UE”), wherein the UE registers with a mobile communication network using a first set of credentials; retrieving a public key for a network slice where slice-specific authentication is required; encrypting a second set of credentials using the public key, the second set of credentials used for authentication with the network slice; and sending a message to an authentication server, wherein the message includes the encrypted second set of credentials. 15 . The method of claim 14 , wherein the first set of credentials is received from a Unified Data Management function (“UDM”), wherein the first set of credentials is received together with subscription data of the UE. 16 . The method of claim 14 , wherein encrypting the second set of credentials comprises generating a nonce, wherein the nonce is used to encrypt the second set of credentials, wherein the message to the authentication server includes the nonce. 17 . The method of claim 14 , further comprising checking subscription data of the UE in response to the registration request, wherein the public key is stored with the subscription data. 18 . An apparatus comprising: a processor that provides network exposure services to a third-party service provider, the third-party service provider operating a slice authentication server; and a transceiver that receives a first set of credentials from the third-party service provider, the first set of credentials comprising a public key for a network slice where slice-specific authentication is required, wherein the processor provisions the public key to an Access and Mobility Management Function (“AMF”) as part of subscription data, wherein the subscription includes the network slice. 19 . The apparatus of claim 18 , wherein the first set of credentials is received via a network exposure function (“NEF”). 20 . A method comprising: providing network exposure services to a third-party service provider, the third-party service provider operating a slice authentication server; receiving a first set of credentials from the third-party service provider, the first set of credentials comprising a public key for a network slice where slice-specific authentication is required; and provisioning the public key to an Access and Mobility Management Function (“AMF”) as part of subscription data, wherein the subscription includes the network slice.