SECURITY PROCEDURE AND APPARATUS FOR HANDOVER IN A 3GPP LONG TERM EVOLUTION SYSTEM

US 20100002883A1
Filed: 07/29/2008
Published: 01/07/2010
Est. Priority Date: 08/03/2007
Status: Abandoned Application

First Claim

Patent Images

1. A method for performing a security check in wireless communications, the method comprising:

receiving a message;

determining whether the message is attempting to change one or more security algorithms in use; and

performing a security action based on the determination.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for implementing a security procedure during handover of a wireless transmit/receive unit (WTRU) in wireless communications that controls the behavior of a handover target if it cannot support the required security algorithms. The handover source can detect that the target does not support the required security algorithms and the WTRU can detect that security algorithms may change during handover. Security procedures for the WTRU include contingencies for Radio Link Failure and if the public land mobile network (PLMN) changes.

112 Citations

View as Search Results

33 Claims

1. A method for performing a security check in wireless communications, the method comprising:
- receiving a message;
  
  determining whether the message is attempting to change one or more security algorithms in use; and
  
  performing a security action based on the determination.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1 wherein the message is a handover command.
  - 3. The method of claim 1 further comprising:
    - determining whether the handover command indicates security algorithms for use at a target.
  - 4. The method as in claim 1, wherein a wireless transmit/receive unit (WTRU) is performing at least one of a plurality of security actions in determining that a handover command does not indicate security algorithms for use at a target, the plurality of security actions include proceeding with handover if the security algorithms are unchanged, having an implementation specific behavior if the security algorithms are changed, ignoring the command if the security algorithms are changed, and taking predetermined steps if the security algorithms are changed.
  - 5. The method of claim 4, wherein taking predetermined steps includes at least one of the following:
    - setting the variable INCOMATIBLE_SECURITY_RECONFIGURATION to a value that indicates that a security reconfiguration is invalid;
      
      deciding against handover;
      
      indicating a decision not to handover;
      
      including a Cause information element (IE) in a message providing a reason for the decision;
      
      ignoring a message which indicates a change in algorithm;
      
      ignoring the message which indicates a change in algorithm unless received in the context of a new AKA or ATTACH procedure;
      
      increasing an offset;
      
      sending a NAS message;
      
      ignoring the handover command;
      
      transitioning to Idle Mode;
      
      performing actions defined for handover failure or radio link failure;
      
      sending an updated measurement report;
      
      continuing with the handover;
      
      reading a system information block (SIB) prior to making a decision;
      
      sending a notification of incompatible security configuration;
      
      deleting any combination of existing security keys; and
      
      maintaining a counter of the number of invalid handover commands.
  - 6. The method as in claim 1, further comprising:
    - selecting algorithms for use at a target.
  - 7. The method as in claim 6, further comprising:
    - determining whether the selected algorithms are acceptable.
  - 8. The method as in claim 7, wherein a wireless transmit/receive (WTRU) compares the selected algorithms with the acceptable algorithms.
  - 9. The method as in claim 7, wherein a wireless transmit/receive unit (WTRU) continues with the handover if the selected algorithms are acceptable.
  - 10. The method as in claim 7, wherein a wireless transmit/receive unit (WTRU) performs at least one of a plurality of security actions if the selected algorithms are not acceptable, the plurality of security actions include setting variable INCOMATIBLE_SECURITY_RECONFIGURATION to a value that indicates that a security reconfiguration is invalid;
    - deciding against handover;
      
      indicating a decision not to handover;
      
      including a Cause information element (IE) in a message providing a reason for the decision;
      
      ignoring a message which indicates a change in algorithm;
      
      ignoring a message which indicates a change in algorithm unless received in the context of a new AKA or ATTACH procedure;
      
      increasing an offset;
      
      sending a NAS message;
      
      ignoring the handover command;
      
      transitioning to Idle Mode;
      
      performing actions defined for handover failure or radio link failure;
      
      sending an updated measurement report;
      
      continuing with the handover;
      
      reading a system information block (SIB) prior to making a decision;
      
      sending a notification of incompatible security configuration;
      
      deleting any combination of existing security keys; and
      
      maintaining a counter of the number of invalid handover commands.

11. A method for performing a security action in wireless communications during a change in public land mobile network (PLMN), the method comprising:
- detecting a change in a current PLMN; and
  
  performing a security action.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 12. The method of claim 11, wherein the security action is deleting any stored security keys and an algorithm identifier.
  - 13. The method of claim 12, wherein the stored keys include at least one of K_ASME, CK, IK, K_NASenc, K_NASint, K_e-NB, K_RRCenc, K_RRCint, and K_UPenc.
  - 14. The method of claim 12, wherein the algorithm identifier is at least one of an identifier for the algorithm used in ciphering of non-access stratum (NAS) signaling, integrity protection of NAS signaling, ciphering of radio resource controller (RRC) signaling, integrity protection of RRC signaling and ciphering of user-plane traffic.
  - 15. The method of claim 11, wherein the security action is setting a key identifier to be invalid.
  - 16. The method of claim 15, wherein the key identifier is a Key Set Identifier (KSI).
  - 17. The method of claim 11, wherein the security action is prompting an authentication and key agreement (AKA) run during a subsequent ACTIVE mode transfer.
  - 18. The method of claim 11, wherein the security action is choosing not to delete valid root keys of a wireless transmit/receive unit (WTRU) when one of the following states is entered:
    - LTE_Idle and LTE_Detached.
  - 19. The method of claim 11, wherein the security action is choosing not to delete valid root keys of a wireless transmit/receive unit (WTRU) when no signaling connection exists to a multimedia message entity (MME).
  - 20. The method of claim 11, wherein the security action is choosing to delete keys when a new PLMN is selected.
  - 21. The method of claim 11, wherein the security action is choosing to delete keys when an associated timer times out.
  - 22. The method of claim 11, wherein the security action is generating keys upon transition to LTE_Active mode.
  - 23. The method of claim 11, wherein the security action is generating keys upon the initiation of an authentication and key agreement (AKA) run.

24. A wireless transmit/receive unit (WTRU) comprising:
- a receiver configured to receive a message; and
  
  a processor configured to determine whether the message indicates security algorithms for use at a target.
- View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32)
- - 25. The WTRU of claim 24, wherein the processor is configured to perform at least one of a plurality of security actions in determining that a handover command does not indicate security algorithms for use at the target;
    - the plurality of security actions include proceeding with handover if the security algorithms are unchanged, having an implementation specific behavior if the security algorithms are changed, ignoring the command if the security algorithms are changed, and taking predetermined steps if the security algorithms are changed.
  - 26. The WTRU of claim 25, wherein taking predetermined steps includes at least one of the following:
    - setting the variable INCOMATIBLE_SECURITY_RECONFIGURATION to a value that indicates that a security reconfiguration is invalid;
      
      deciding against handover;
      
      indicating a decision not to handover;
      
      including a Cause information element (IE) in a message providing a reason for the decision;
      
      ignoring a message which indicates a change in algorithm;
      
      ignoring a message which indicates a change in algorithm unless received in the context of a new AKA or ATTACH procedure;
      
      increasing an offset;
      
      sending a NAS message;
      
      ignoring the handover command;
      
      transitioning to Idle Mode;
      
      performing actions defined for handover failure or radio link failure;
      
      sending an updated measurement report;
      
      continuing with the handover;
      
      reading a system information block (SIB) prior to making a decision;
      
      sending a notification of incompatible security configuration;
      
      deleting any combination of existing security keys; and
      
      maintaining a counter of the number of invalid handover commands.
  - 27. The WTRU of claim 24, further comprising:
    - a selector configured to select algorithms for use at the target.
  - 28. The WTRU of claim 24, wherein the processor is further configured to determine whether selected algorithms are acceptable.
  - 29. The WTRU of claim 28, wherein the processor is configured to compare the selected algorithms with the acceptable algorithms.
  - 30. The WTRU of claim 28, wherein the processor is configured to continue with the handover if selected algorithms are acceptable.
  - 31. The WTRU of claim 24, wherein the processor is configured to perform at least one of a plurality of security actions if selected algorithms are not acceptable, the plurality of security actions include setting the variable INCOMATIBLE_SECURITY_RECONFIGURATION to a value that indicates that a security reconfiguration is invalid;
    - deciding against handover;
      
      indicating the decision not to handover;
      
      including a Cause information element (IE) in a message providing a reason for the decision;
      
      ignoring a message which indicates a change in algorithm;
      
      ignoring the message which indicates a change in algorithm unless received in the context of a new AKA or ATTACH procedure;
      
      increasing an offset;
      
      sending a NAS message;
      
      ignoring the handover command;
      
      transitioning to Idle Mode;
      
      performing actions defined for handover failure or radio link failure;
      
      sending an updated measurement report;
      
      continuing with the handover;
      
      reading a system information block (SIB) prior to making a decision;
      
      sending a notification of incompatible security configuration;
      
      deleting any combination of existing security keys; and
      
      maintaining a counter of the number of invalid handover commands.
  - 32. The WTRU of claim 24 further comprising:
    - a detector configured to detect a change in a current public land mobile network (PLMN); and
      
      wherein the processor is further configured to perform a security action.

33. An evolved Node-B (e-NB) comprising:
- a receiver configured to receive a message; and
  
  a processor configured to determine whether the message indicates security algorithms for use at a target.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
InterDigital Patent Holdings, Inc. (InterDigital, Inc.)
Original Assignee
InterDigital Patent Holdings, Inc. (InterDigital, Inc.)
Inventors
Somasundarm, Shankar, Mukherjee, Rajat P., Sammour, Mohammed

Application Number

US12/181,424
Publication Number

US 20100002883A1
Time in Patent Office

Days
Field of Search
US Class Current

380/272
CPC Class Codes

H04L 63/1416   Event detection, e.g. attac...

H04W 12/0431   Key distribution or pre-dis...

H04W 12/122   Counter-measures against at...

H04W 36/0038   of security context informa...

SECURITY PROCEDURE AND APPARATUS FOR HANDOVER IN A 3GPP LONG TERM EVOLUTION SYSTEM

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

112 Citations

33 Claims

Specification

Solutions

Use Cases

Quick Links

SECURITY PROCEDURE AND APPARATUS FOR HANDOVER IN A 3GPP LONG TERM EVOLUTION SYSTEM

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

112 Citations

33 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links