| Patent application number | Description | Published |
|---|
| 20100120420 | METHOD AND APPARATUS TO ENABLE PATCHING OF USER EQUIPMENT CONTEXT THROUGH RETRIEVAL OF PARTIAL CONTEXTS FROM VARIOUS NETWORK SERVERS - Devices and methods are provided for the patching of a UE context via retrieval of partial contexts when a UE transitions from a source system (e.g., UTRAN) to a target system (e.g., an LTE network). In one embodiment, the method may involve receiving a first identifier for a source system server (e.g., SGSN) storing first context information, and a second identifier for a target system server (e.g., MME) storing second context information. The method may involve retrieving and combining the first and second context information to generate the patched context for the UE. | 05-13-2010 |
| 20100177737 | CONTEXT FETCHING AFTER INTER-SYSTEM HANDOVER - Systems and methodologies are described that facilitate fetching a native security context between network nodes in a core network after an inter-system handover of a mobile device. For instance, a mobility message that is integrity protected by a security context (e.g., the native security context, a mapped security context, . . . ) can be obtained at a network node from the mobile device. Further, the network node can send a request to a disparate network node within a core network. The request can include information that can be used by the disparate network node to establish that the mobile device is authenticated. Moreover, the native security context can be received from the disparate network node in response to the request. Accordingly, the native security context need not be recreated between the network node and the mobile device. | 07-15-2010 |
| Patent application number | Description | Published |
|---|
| 20110159841 | SYSTEMS, APPARATUS AND METHODS TO FACILITATE HANDOVER SECURITY - Systems, methods and apparatus for facilitating handover security are provided. In some embodiments, the method can include deriving a key value for handover from a GERAN/UTRAN system to an E-UTRAN system using a first input value. The method can also include deriving a key value for a connection establishment using a second input value, wherein the first input value is different from the second input value and is different from input values derived subsequent to the second input value, and wherein the first input value, the second input value and the input values derived subsequent to the second input value are configured to be input to a same key derivation function configured to output a key for use between a network entity and user equipment. | 06-30-2011 |
| 20110185397 | Method And Apparatus For Securing Wireless Relay Nodes - In order to mitigate the security risk posed by the insertion of a relay node within a communication network, both device authentication and subscriber authentication are performed on the relay node. Device and subscriber authentication may be bound together so that a relay node is granted access to operate within the network only if both device and subscriber authentication are successful. Additionally, a communication network (or authentication node) may further verify that a subscriber identifier (received as part of subscriber authentication) is associated with the corresponding device type (identified by the device identifier in the corresponding device authentication) as part of the subscriber authentication process. | 07-28-2011 |
| 20110255691 | APPARATUS AND METHOD FOR TRANSITIONING ENHANCED SECURITY CONTEXT FROM A UTRAN-BASED SERVING NETWORK TO A GERAN-BASED SERVING NETWORK - Disclosed is a method for transitioning an enhanced security context from a UTRAN-based serving network to a GERAN-based serving network. In the method, the remote station the remote station generates first and second session keys, in accordance with the enhanced security context, using an enhanced security context root key and a first information element. The remote station receives a first message from the UTRAN-based serving network. The first message includes a second information element signaling to the remote station to generate third and fourth session keys for use with the GERAN-based serving network. The remote station generates, in response to the first message, the third and fourth session keys using the second information element and the first and second session keys. The remote station protects wireless communications, on the GERAN-based serving network, based on the third and fourth session keys. | 10-20-2011 |
| 20110255693 | Apparatus and method for transitioning from a serving network node that supports an enhanced security context to a legacy serving network node - Disclosed is a method for transitioning a remote station from a current serving network node having an enhanced security context to a new serving network node. In the method, the remote station provides at least one legacy key, and generates at least one session key based on an information element associated with the enhanced security context. The remote station forwards a first message having the information element to the new serving network node. The remote station receives a second message, from the new serving network node, having a response based on either the legacy key or the session key. The remote station determines that the new serving network node does not support the enhanced security context if the response of the second message is based on the legacy key. Accordingly, the remote station protects communications based on the legacy key upon determining that the enhanced security context is not supported. | 10-20-2011 |
| 20110258445 | Apparatus and method for signaling enhanced security context for session encryption and integrity keys - Disclosed is a method for establishing an enhanced security context between a remote station and a serving network. In the method, the remote station forwards a first message to the serving network, wherein the first message includes an information element signaling that the remote station supports an enhanced security context. The remote station generates at least one session key, in accordance with the enhanced security context, using the information element. The remote station receives, in response to the first message, a second message having an indication that the serving network supports the enhanced security context. The remote station, in response to the second message, has wireless communications protected by the at least one session key. | 10-20-2011 |
| 20110261961 | REDUCTION IN BEARER SETUP TIME - A method and apparatus are provided for reducing latency and/or delays in performing a security activation exchange between a communication device and a network entity. The communication device may pre-compute a plurality of possible keys using a base key and a plurality of possible inputs in anticipation of receiving an indicator from the network entity that identifies a selected input to be used in generating a corresponding selected key. An indicator is then received from the network entity, where the indicator identifies the selected input from among the plurality of possible inputs. The communication device then selects a first key among the pre-computed plurality of possible keys as the selected key upon receipt of the indicator, wherein the first key is selected because it was pre-computed using the selected input. Because the first key is pre-computed, delays in responding to the network entity are reduced. | 10-27-2011 |
| 20110263225 | METHOD AND APPARATUS FOR NETWORK PERSONALIZATION OF SUBSCRIBER DEVICES - A method and apparatus are provided for a subsidizing service provider entity to personalize a subscriber device to ensure the subscriber device cannot be used in a network of a different service provider entity. As the service provider entity subsidizes the subscriber device, it desires to ensure that subscriber device is personalized such that the subscriber device may operate only in its network and not a network of a different service provider entity. The subscriber device is pre-configured with a plurality of provider-specific and/or unassociated root certificates by the manufacturer of the subscriber device. A communication service is established between the service provider entity and the subscriber device allowing for the mutual authentication of the subscriber device and the service provider entity. After mutual authentication, the service provider entity sends a command to the subscriber device to disable/delete some/all root certificates that are unassociated with the service provider entity. | 10-27-2011 |
| 20110311053 | Apparatus and method for transitioning enhanced security context from a UTRAN/GERAN-based serving network to an E-UTRAN-based serving network - Disclosed is a method for transitioning an enhanced security context from a UTRAN/GERAN-based serving network to an E-UTRAN-based serving network. In the method, the remote station the remote station generates first and second session keys, in accordance with the enhanced security context, using a first enhanced security context root key associated with a UTRAN/GERAN-based serving network and a first information element. The remote station receives a first message from the E-UTRAN-based serving network. The first message signals to the remote station to generate a second enhanced security context root key for use with the E-UTRAN-based serving network. The remote station generates, in response to the first message, the second enhanced security context root key from the first enhanced security context root key using the s first and second session keys as inputs. The remote station protects wireless communications, on the E-UTRAN-based serving network, based on the second enhanced security context root key. | 12-22-2011 |
| 20110314287 | Method and apparatus for binding subscriber authentication and device authentication in communication systems - An authentication method is provided between a device (e.g., a client device or access terminal) and a network entity. A removable storage device may be coupled to the device and stores a subscriber-specific key that may be used for subscriber authentication. A secure storage device may be coupled to the device and stores a device-specific key used for device authentication. Subscriber authentication may be performed between the device and a network entity. Device authentication may also be performed of the device with the network entity. A security key may then be generated that binds the subscriber authentication and the device authentication. The security key may be used to secure communications between the device and a serving network. | 12-22-2011 |
| 20110314522 | Method and apparatus for relay node management and authorization - Methods and apparatuses are provided for deploying relay nodes in a communication network. A relay node can initially be wirelessly authenticated to a network entity using initial security credentials. In response to a successful authentication, the relay node is authorized to wirelessly communicate with the communication network for a limited purpose of configuring the relay node for relay device operations. The relay node can receive new security credentials from the communication network, and is subsequently re-authenticated to the network entity using the new security credentials. In response to a successful re-authentication, the relay node is authorized by the network to operate as a relay device for conveying traffic between one or more access terminals and the communication network. | 12-22-2011 |
