Authentication Proxy Use in Authentication and Key Management for Applications

1 . A method, comprising: performing functions of an application function (AF) by an authentication proxy (AP) in a cellular network, the functions of the AF performed by the AP comprising: receiving a request to establish a first application session from a wireless device; performing authentication of the wireless device with an authentication anchor function (AAnF) associated with the cellular network to obtain an authentication result for the wireless device; and providing an indication of the authentication result associated with the first application session. 2 . The method of claim 1 , wherein the indication of the authentication result is provided to a first application server (AS) based at least in part on the request to establish the first application session. 3 . The method of claim 1 , wherein the method further comprises: receiving a request for the authentication result from a first application server (AS), wherein the indication of the authentication result is provided to the first AS based at least in part on the request for the authentication result from the first AS. 4 . The method of claim 1 , wherein the indication of the authentication result includes wireless device identification information. 5 . The method of claim 4 , wherein the wireless device identification information includes one or more of: a generic public subscription identifier (GPSI); or a subscription permanent identifier (SUPI). 6 . The method of claim 1 , wherein the method further comprises: storing relationship mapping information between application servers and wireless devices that are authenticated to those application servers. 7 . The method of claim 1 , wherein the method further comprises: receiving an indication of whether a new transport layer security (TLS) tunnel is requested for the first application session from the wireless device; determining to establish a new TLS tunnel for the first application session if the indication from the wireless device requests a new TLS tunnel for the first application session; and determining to use an existing TLS tunnel for the first application session if the indication from the wireless device does not request a new TLS tunnel for the first application session. 8 . The method of claim 7 , wherein the request to establish the first application session includes the indication of whether a new TLS tunnel is requested for the first application session. 9 . The method of claim 7 , wherein the indication of whether a new TLS tunnel is requested for the first application session is provided separately from the request to establish the first application session. 10 . The method of claim 1 , wherein the method further comprises: determining whether to establish a new transport layer security (TLS) tunnel for the first application session based at least in part on a number of application sessions served by one or more existing TLS tunnels between the wireless device and the authentication proxy, wherein a new TLS tunnel is not established for the first application session if an existing TLS tunnel between the wireless device and the authentication proxy serves fewer than a threshold number of application sessions, wherein a new TLS tunnel is established for the first application session if each existing TLS tunnel between the wireless device and the authentication proxy serves at least the threshold number of application sessions. 11 . The method of claim 1 , wherein an authentication proxy-application server interface for communication between the authentication proxy and the first AS includes use of one or more of: Hypertext Transfer Protocol (HTTP); HTTP secure (HTTPS); Internet Protocol Security (IPSec); or Internet Key Exchange Version 2 (IKEv2). 12 . An apparatus, comprising: a processor configured to, when executing instructions stored in a memory, perform operations comprising: transmitting, to an authentication proxy (AP) authentication proxy in a cellular network, a request to establish a first application session, the request to establish the first application session useable for: performing authentication of the wireless device with an authentication anchor function (AAnF) associated with the cellular network to obtain an authentication result; and providing an indication of the authentication result associated with the first application session. 13 . The apparatus of claim 12 , wherein the indication of the authentication result includes wireless device identification information. 14 . The apparatus of claim 13 , wherein the wireless device identification information includes a generic public subscription identifier (GPSI). 15 . The apparatus of claim 13 , wherein the wireless device identification information includes a subscription permanent identifier (SUPI). 16 . The apparatus of claim 12 , the operations further comprising: transmitting, to the AP, an indication of whether a new transport layer security (TLS) tunnel is requested for the first application session. 17 . A method, comprising: transmitting, to an authentication proxy (AP) authentication proxy in a cellular network, a request to establish a first application session, the request to establish the first application session useable for: performing authentication of the wireless device with an authentication anchor function (AAnF) associated with the cellular network to obtain an authentication result; and providing an indication of the authentication result associated with the first application session. 18 . The method of claim 17 , wherein the indication of the authentication result includes wireless device identification information. 19 . The apparatus method of claim 18 , wherein the wireless device identification information includes at least one of: a generic public subscription identifier (GPSI); or a subscription permanent identifier (SUPI). 20 . The method of claim 17 , the operations further comprising: transmitting, to the AP, an indication of whether a new transport layer security (TLS) tunnel is requested for the first application session.