Communication method and device

US 10,595,198 B2
Filed: 06/29/2018
Issued: 03/17/2020
Est. Priority Date: 08/31/2007
Status: Active Grant

First Claim

Patent Images

1. A mobility management entity (MME) performing security negotiation for idle state mobility of a user equipment (UE) from a third generation (3G) network to a long term evolution (LTE) network, comprising:

a receiver configured to receive from the UE security capabilities of the UE including non-access stratum (NAS) security capabilities of the UE, and receive an authentication vector-related key from a service general packet radio service (GPRS) support node (SGSN) in the 3G network;

a processor configured to derive a root key with the authentication vector-related key, select a NAS security algorithm supported by the NAS security capabilities of the UE, and derive a NAS protection key with the selected NAS security algorithm and the root key; and

a transmitter configured to send a message that indicates the selected NAS security algorithm to the UE.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A communication method includes receiving by a SGSN a context request message from a mobility management entity (MME), obtaining by the SGSN an authentication vector-related key, and calculating by the SGSN a root key according to the authentication vector-related key. In addition, the method further includes sending by the SGSN a context response message including the root key to the MME, wherein the MME derives a NAS protection key according to the root key.

58 Citations

20 Claims

1. A mobility management entity (MME) performing security negotiation for idle state mobility of a user equipment (UE) from a third generation (3G) network to a long term evolution (LTE) network, comprising:
- a receiver configured to receive from the UE security capabilities of the UE including non-access stratum (NAS) security capabilities of the UE, and receive an authentication vector-related key from a service general packet radio service (GPRS) support node (SGSN) in the 3G network;
  
  a processor configured to derive a root key with the authentication vector-related key, select a NAS security algorithm supported by the NAS security capabilities of the UE, and derive a NAS protection key with the selected NAS security algorithm and the root key; and
  
  a transmitter configured to send a message that indicates the selected NAS security algorithm to the UE.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The MME of claim 1, wherein the receiver is configured to receive the NAS security capabilities of the UE through a tracking area update (TAU) request message.
  - 3. The MME of claim 1, wherein the message that indicates the selected NAS security algorithm is a NAS security mode command message.
  - 4. The MME of claim 1, wherein the message that indicates the selected NAS security algorithm is a tracking area update (TAU) accept message.
  - 5. The MME of claim 1, wherein the processor is further configured to protect the message that indicates the selected NAS security algorithm with the derived NAS protection key.
  - 6. The MME of claim 1, wherein the authentication vector-related key includes an integrity key (IK) and an encryption key (CK).
  - 7. The MME of claim 2, wherein the message that indicates the selected NAS security algorithm is a NAS security mode command message.
  - 8. The MME of claim 7, wherein the receiver is configured to receive the authentication vector-related key through a context response message.
  - 9. The MME of claim 8, wherein the processor is further configured to protect the message that indicates the selected NAS security algorithm with the derived NAS protection key.
  - 10. The MME of claim 9, wherein the authentication vector-related key includes an integrity key (IK) and an encryption key (CK).

11. A communications system that provides security negotiation for idle state mobility of a user equipment (UE) from a third generation (3G) network to a long term evolution (LTE) network, the system comprising:
- a service general packet radio service (GPRS) support node (SGSN) in the 3G network and a mobility management entity (MME) in the LTE network, whereinthe SGSN is configured to send an authentication vector-related key to the MME; and
  
  the MME is configured to receive security capabilities of the UE including non-access stratum (NAS) security capabilities of the UE from the UE, derive a root key with the authentication vector-related key, select a NAS security algorithm supported by the NAS security capabilities of the UE, send a message that indicates the selected NAS security algorithm to the UE, and derive a NAS protection key with the selected NAS security algorithm and the root key.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The system of claim 11, wherein the MME is configured to receive the NAS security capabilities of the UE in a tracking area update (TAU) request message.
  - 13. The system of claim 11, wherein the message that indicates the selected NAS security algorithm is one of a NAS security mode command message and a tracking area update (TAU) accept message.
  - 14. The system of claim 11, wherein the MME is further configured to protect the message that indicates the selected NAS security algorithm with the derived NAS protection key.
  - 15. The system of claim 11, wherein the authentication vector-related key includes an integrity key (IK) and an encryption key (CK).
  - 16. The system of claim 11, wherein the SGSN is configured to send the authentication vector-related key through a context response message.
  - 17. The system of claim 12, wherein the message that indicates the selected NAS security algorithm is a NAS security mode command message.
  - 18. The system of claim 17, wherein the SGSN is configured to send the authentication vector-related key through a context response message.
  - 19. The system of claim 18, wherein the MME is further configured to protect the message that indicates the selected NAS security algorithm with the derived NAS protection key.
  - 20. The system of claim 19, wherein the authentication vector-related key includes an integrity key (IK) and an encryption key (CK).

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Huawei Technologies Co., Ltd. (Huawei Investment & Holding Co., Ltd.)
Original Assignee
Huawei Technologies Co., Ltd. (Huawei Investment & Holding Co., Ltd.)
Inventors
He, Chengdong
Primary Examiner(s)
Avery, Jeremiah L

Application Number

US16/023,324
Publication Number

US 20180310170A1
Time in Patent Office

627 Days
Field of Search

None
US Class Current
CPC Class Codes

H04L 2463/061   applying further key deriva...

H04L 63/0492   by using a location-limited...

H04L 63/062   for key distribution, e.g. ...

H04L 63/0876   based on the identity of th...

H04L 63/1441   Countermeasures against mal...

H04L 63/20   for managing network securi...

H04L 63/205   involving negotiation or de...

H04L 69/24   Negotiation of communicatio...

H04L 9/0844   with user authentication or...

H04L 9/088   Usage controlling of secret...

H04W 12/041   Key generation or derivation

H04W 12/0431   Key distribution or pre-dis...

H04W 12/106   Packet or message integrity

H04W 12/122   Counter-measures against at...

H04W 36/0038   of security context informa...

H04W 8/02   Processing of mobility data...

Communication method and device

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

58 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Communication method and device

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

58 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links