Call handover between cellular communication system nodes that support different security contexts

US 10,433,161 B2
Filed: 11/15/2012
Issued: 10/01/2019
Est. Priority Date: 01/30/2012
Status: Active Grant

First Claim

Patent Images

1. A method of operating a first node to generate a security context for a client in a cellular communication system, wherein the first node comprises processing circuitry, the method comprising:

the first node performing, as part of a handover in the cellular communication system;

receiving at least one cryptographic key from a second node;

receiving identities of security algorithms supported by the client from a third node;

using the at least one cryptographic key and the identities to generate the security context for the client; and

using the generated security context to, at least in part, control security-related signaling between the client and the cellular communication system,wherein the first node is a target packet switched node, the third node is a source packet switched node, and the second node is a source circuit switched node.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In the context of facilitating a circuit switched to packet switched handover of a call in a cellular communication system, a first node (e.g., packet switched target node) generates a security context for a client whose call is being handed over. This involves the first node receiving at least one cryptographic key from a second node (e.g., a circuit switched node supporting the existing connection) and receiving identities of security algorithms supported by the client from a third node (e.g., a packet switched node supporting the existing connection); The first node uses the at least one cryptographic key and the identities to generate the security context for the client.

62 Citations

View as Search Results

20 Claims

1. A method of operating a first node to generate a security context for a client in a cellular communication system, wherein the first node comprises processing circuitry, the method comprising:
- the first node performing, as part of a handover in the cellular communication system;
  
  receiving at least one cryptographic key from a second node;
  
  receiving identities of security algorithms supported by the client from a third node;
  
  using the at least one cryptographic key and the identities to generate the security context for the client; and
  
  using the generated security context to, at least in part, control security-related signaling between the client and the cellular communication system,wherein the first node is a target packet switched node, the third node is a source packet switched node, and the second node is a source circuit switched node.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the first node is an MME, the second node is an MSC and the third node is an SGSN.
  - 3. The method of claim 1, wherein the first node is a first SGSN, the second node is an MSC and the third node is a second SGSN.
  - 4. The method of claim 1, further comprising:
    - causing the first node to receive one or more authentication vectors from the second node; and
      
      discarding the authentication vectors received from the second node.
  - 5. The method of claim 1, wherein the first node is an SGSN, and wherein the method further comprises:
    - using one or more of the at least one cryptographic key to protect traffic between a fourth node and the client.
  - 6. The method of claim 1, wherein the first node is an MME, and wherein the method further comprises:
    - deriving a key for an Access Security Management Entity (K_ASME) from one or more of the at least one cryptographic key.
  - 7. The method of claim 1, further comprising:
    - receiving, from the third node, packet switched encryption keys for use in a packet switched connection; and
      
      discarding the packet switched encryption keys.
  - 8. The method of claim 1, further comprising:
    - receiving at least one authentication vector from the third node; and
      
      storing the received at least one authentication vector.
  - 9. The method of claim 1, further comprising receiving additional information from the third node;
    - andwherein using the at least one cryptographic key and the identities to generate the security context for the client comprises using the at least one cryptographic key and the identities and the additional information to generate the security context for the client.

10. A method of operating first and second, nodes in a cellular communication system, the method operating to generate a security context as part of a process of handing over support of a client from the second node to the first node, wherein the first and second nodes each comprise processing circuitry, the method comprising:
- the second node generating at least one new cryptographic key from at least one existing key associated with the client and a nonce generated by the second node;
  
  the second node communicating the at least one new cryptographic key to the first node;
  
  the first node receiving identities of security algorithms supported by the client from a third node;
  
  the first node using the at least one new cryptographic key and the identities to generate the security context for the client; and
  
  using the generated security context to, at least in part, control security-related signaling between the client and the cellular communication system,wherein the first node is a target packet switched node, the third node is a source packet switched node, and the second node is a source circuit switched node.

11. An apparatus for operating a first node to generate a security context for a client in a cellular communication system, the apparatus comprising:
- circuitry configured to receive at least one cryptographic key from a second node;
  
  circuitry configured to receive identities of security algorithms supported by the client from a third node;
  
  circuitry configured to use, as part of a handover in the cellular communication system, the at least one cryptographic key and the identities to generate the security context for the client; and
  
  circuitry configured to use the generated security context to, at least in part, control security-related signaling between the client and cellular communication system,wherein the first node is a target packet switched node, the third node is a source packet switched node, and the second node is a source circuity switched node.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The apparatus of claim 11, wherein the first node is an MME, the second node is an MSC and the third node is an SGSN.
  - 13. The apparatus of claim 11, wherein the first node is a first SGSN, the second node is an MSC and the third node is a second SGSN.
  - 14. The apparatus of claim 11, further comprising:
    - circuitry configured to receive one or more authentication vectors from the second node; and
      
      circuitry configured to discard the authentication vectors received from the second node.
  - 15. The apparatus of claim 11, wherein the first node is an SGSN, and wherein the apparatus further comprises:
    - circuitry configured to use one or more of the at least one cryptographic key to protect traffic between a fourth node and the client.
  - 16. The apparatus of claim 11, wherein the first node is an MME, and wherein the apparatus further comprises:
    - circuitry configured to derive a key for an Access Security Management Entity (K_ASME) from one or more of the at least one cryptographic key.
  - 17. The apparatus of claim 11, further comprising:
    - circuitry configured to receive, from the third node, packet switched encryption keys for use in a packet switched connection; and
      
      circuitry configured to discard the packet switched encryption keys.
  - 18. The apparatus of claim 11, further comprising:
    - circuitry configured to receive at least one authentication vector from the third node;
      
      and circuitry configured to store the received at least one authentication vector.
  - 19. The apparatus of claim 11, further comprising circuitry configured to receive additional information from the third node;
    - andwherein the circuitry configured to use the at least one cryptographic key and the identities to generate the security context for the client comprises circuitry configured to use the at least one cryptographic key and the identities and the additional information to generate the security context for the client.

20. An apparatus for operating first and second nodes in a cellular communication system, the apparatus operating to generate a security context as part of a process of handing over support of a client from the second node to the first node, the apparatus comprising:
- second node circuitry configured to generate at least one new cryptographic key from at least one existing key associated with the client and a nonce generated by the second node;
  
  second node circuitry configured to communicate the at least one new cryptographic key to the first node;
  
  first node circuitry configured to receive identities of security algorithms supported by the client from a third node;
  
  first node circuitry configured to use the at least one new cryptographic key and the identities to generate the security context for the client; and
  
  circuitry configured to use the generated security context to, at least in part, control security-related signaling between the client and the cellular communication system,wherein the first node is a target packet switched node, the third node is a source packet switched node, and the second node is a source circuity switched node.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Telefonaktiebolaget LM Ericsson
Original Assignee
Telefonaktiebolaget LM Ericsson
Inventors
Norrman, Karl, Wifvesson, Monica
Primary Examiner(s)
Nguyen, Thu Ha

Application Number

US13/677,451
Publication Number

US 20130195268A1
Time in Patent Office

2,511 Days
Field of Search

380247, 380 44, 380227, 380229, 455413
US Class Current
CPC Class Codes

H04L 2463/061   applying further key deriva...

H04W 12/041   Key generation or derivation

H04W 36/0038   of security context informa...

H04W 36/0066   of control information betw...

Call handover between cellular communication system nodes that support different security contexts

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

62 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Call handover between cellular communication system nodes that support different security contexts

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

62 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links