Patent application number | Description | Published |
20080205650 | Changing radio access network security algorithm during handover - The invention allows changing a Radio Access Network security algorithm during handover in a manner that is efficient and secure. A security message is received at a mobile station previously using a first security algorithm in communication with a first access point, which message instructs to use a second security algorithm required by a second access point. In response, the mobile station is changed to use the second security algorithm. | 08-28-2008 |
20080207168 | Fast update message authentication with key derivation in mobile IP systems - The present invention performs a Binding Update or a Location Update message authentication independently and terminal-specifically in a home SAE gateway. A key, which is derived in a home AAA server from an initially set long term key, is given to a visited network for encrypting the update messages in Proxy Mobile IP. In Client Mobile IP, the key is transmitted to a mobile node for update message encryption. When the update message is received in the home SAE gateway, the key can be derived independently in the home SAE gateway without any key requests between the gateway and the home AAA server. Thus, it is possible to authenticate the binding or location update messages by verifying the two signatures. The present invention can also be implemented on a lower hierarchy of the system. The invention can be implemented in 3GPP standard releases enhanced with LTE technology, for instance. | 08-28-2008 |
20080233963 | Apparatus, method and computer program product providing auxiliary handover command - An auxiliary handover message is sent from a target eNB to a UE being handed over from a source eNB. The auxiliary handover message includes a context identifier that is established between the source eNB and the UE, which the source eNB provides to the target eNB during context data exchange when preparing for the handover. The UE uses the context identifier to verify that the auxiliary handover message is valid. Various approaches are detailed for minimizing signaling overhead and minimizing the time the UE must monitor the separate channel for the auxiliary handover message in the event the UE does not properly receive the original handover message from the source eNB. The context identifier may be a random number, a C-RNTI, an eNB-ID, or a token. The auxiliary handover command sent from the target eNB may be the context identifier with or without a copy of the handover command. | 09-25-2008 |
20090111428 | System and Method for Authenticating a Context Transfer - The user equipment (UE) and the Mobility Management Entity (MME) in an evolved 3GPP system generate authentication material that can be carried inside a packet switched network temporary mobile station identifier (P-TMSI) signature field of a Universal Mobile Telecommunications System (UMTS) signaling message from the UE to a UMTS/GPRS serving GPRS support node (SGSN) in a UMTS or GPRS Terrestrial Radio Access Network (UTRAN) or in a GSM/Edge Radio Access Network (GERAN), as well as from the SGSN to the MME of the evolved 3GPP system. The MME authenticates a context transfer request from the UTRAN/GERAN system based on the transferred authentication material and knowledge of how to create or to verify the authentication material. Additionally, the MME and the UE derive or verify authentication material, based on at least one user-specific key, for embedding in the P-TMSI signature field in legacy 3GPP signalling. | 04-30-2009 |
20090271623 | Intersystem mobility security context handling between different radio access networks - A method and apparatus for intersystem mobility security context handling between different radio access networks which can include a receiver configured to receive a tracking area update message from a user terminal. The message can include a first key identifier configured to identify a mapped security context and a second key identifier configured to identify a cached security context. A verifier can be configured to verify the tracking area update message with a key identified by the first or second key identifier. | 10-29-2009 |
20100088225 | METHODS, APPARATUSES, AND COMPUTER PROGRAM PRODUCTS FOR PROVIDING ELECTRONIC VALUE CERTIFICATES - A method, apparatus, and computer program product are provided, which may provide electronic value certificates. An apparatus may include a processor configured to access a moblet template from a moblet template provider. The processor may also be configured to customize the moblet template to define a moblet. The processor may further be configured to add value to the moblet. The processor may additionally be configured to provide the moblet to a remote device. The processor may also be configured to receive an update to the moblet. Corresponding methods and computer program products are also provided. | 04-08-2010 |
20100111308 | KEY HANDLING IN COMMUNICATION SYSTEMS - In a method for key handling in mobile communication systems, first and second numbers are exchanged between entities of the mobile communication system. The first and second numbers are respectively used only once with respect to the respective system parameters of the communication system and therefore allowing greater security in the communication system. | 05-06-2010 |
20110191576 | INTEGRATION OF PRE REL-8 HOME LOCATION REGISTERS IN EVOLVED PACKET SYSTEM - Cryptographic network separation functionality is provided on a user device. An option to store information about a type of database where a user is homed is provided in an indicator on a storage medium. An interface is provided between the user device and the storage medium for accessing the indicator. In case the information about the type of database cannot be obtained from the storage medium, it is determined not to enforce the cryptographic network separation functionality on the user device. | 08-04-2011 |
20130003971 | Identifiers in a Communication System - An identifier containing at least one encrypted part is received at a first network entity. A second network entity may then be determined based on the identifier. A request for assistance in decryption of the identifier from the second network entity may be sent from the first entity to the second network entity. The second network entity may then assist the first networks entity in an appropriate manner. | 01-03-2013 |
20130007457 | EXCHANGE OF KEY MATERIAL - A communication network manages key material. A method generates and provides session keys from a security node to an access node for further propagation during handoff procedures, without requiring the security node to take part in the handoff procedures. | 01-03-2013 |
20130080779 | INDENTIFIERS IN A COMMUNICATION SYSTEM - A method and apparatus including units configured to send a request from a first network entity to a user equipment for an identifier and receive a message indicating that a public key is required from the user equipment by the first network entity. The method and apparatus also includes units configured to send, by the first network entity, the public key to the user equipment and receive an encrypted identifier by the first network entity, wherein upon authenticating the public key, the user equipment encrypts at least part of the identifier using the public key, thereby enabling further processing between the network entity and the user equipment. | 03-28-2013 |
20140293857 | Method and apparatus for managing terminals - In accordance with an example embodiment of the present invention, there is provided an apparatus comprising at least one memory configured to store an identity of a terminal, at least one processing core configured to use a terminal-specific inactivity timer value and to associate the terminal-specific inactivity timer value with the identity to provide terminal- or user-specific inactivity timers to manage state transitions in mobiles. | 10-02-2014 |