OPERATION OF A SERVING NODE IN A NETWORK

US 20140369315A1
Filed: 04/24/2012
Published: 12/18/2014
Est. Priority Date: 01/26/2012
Status: Active Grant

First Claim

Patent Images

1. A serving node for use in a telecommunications network, comprising:

a communications unit for sending and receiving data;

a storage medium for storing data; and

a control unit for controlling the operation of the communications unit and the storage medium;

wherein;

the communications unit is configured to receive security capabilities of a terminal when the terminal registers with the serving node;

the storage medium is configured to store the security capabilities;

the communications unit is configured to receive a path switch request message, the path switch request including another indication of security capabilities of the terminal; and

the communications unit is configured to send the stored security capabilities towards a target base station.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention provides a system and method for repairing corrupt security information. At a serving node in a telecommunications network, security capabilities of a terminal are received when the terminal registers with the serving node. The received security capabilities are stored. A path switch request message is received from a target base station following an X2 handover request sent from a source base station to the target base station for handover of the terminal, the path switch request including the security capabilities of the terminal. The serving node determines whether the security capabilities of the terminal stored in the storage medium should be sent to the target base station. If so, the serving node sends the stored security capabilities of the terminal to the target base station for use in reselecting security algorithms to be used in communications between the target base station and terminal following the handover.

Citations

26 Claims

1. A serving node for use in a telecommunications network, comprising:
- a communications unit for sending and receiving data;
  
  a storage medium for storing data; and
  
  a control unit for controlling the operation of the communications unit and the storage medium;
  
  wherein;
  
  the communications unit is configured to receive security capabilities of a terminal when the terminal registers with the serving node;
  
  the storage medium is configured to store the security capabilities;
  
  the communications unit is configured to receive a path switch request message, the path switch request including another indication of security capabilities of the terminal; and
  
  the communications unit is configured to send the stored security capabilities towards a target base station.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 9)
- - 2. The serving node of claim 1, wherein the control unit is configured to determine whether the stored security capabilities should be sent to the target base station, and the communications unit is configured to send the stored security capabilities on the basis of the determination carried out by the control unit.
  - 3. The serving node of claim 2, wherein:
    - the storage medium is configured to store security upgrade details of base stations in the network; and
      
      the control unit is configured to instruct the communications unit to send the stored security capabilities to the target base station if the security of a source base station, from which the handover originated, has not been upgraded.
  - 4. The serving node of claim 3, wherein an upgrade in the security of the source base station results in the selection of improved security parameters with the terminal.
  - 5. The serving node of claim 1, wherein the control unit is configured to instruct the communications unit to send the stored security capabilities to the target base station if the security of the target base station has been upgraded.
  - 6. The serving node of claim 1, wherein the control unit is configured to instruct the communications unit to send the stored security capabilities to the target base station if the other indication of the security capabilities of the terminal received in the path switch request message do not match the stored security capabilities.
  - 7. The serving node of claim 1, wherein the communications unit is configured to send the stored security capabilities to the target base station in a context modification request.
  - 9. The serving node of claim 1, wherein the network is an LTE network and the serving node is optionally an MME.

8. The serving node of 1, wherein the communications unit is configured to send the stored security capabilities to the target base station in a path switch request acknowledgement message.

10. A base station for use in a telecommunications network, comprising:
- a communications unit for sending and receiving data;
  
  a storage medium for storing data; and
  
  a control unit for controlling the operation of the communications unit and the storage medium;
  
  whereinthe communications unit is configured to receive an X2 handover request for handover of a terminal from a source base station, the X2 handover request including security capabilities of the terminal;
  
  the control unit is configured to select security algorithms for use in communications between the base station and the terminal following the handover, the selection of the security algorithms being based on the received security capabilities of the terminal;
  
  the communications unit is configured to send a path switch request to a serving node, the path switch request including the received security capabilities;
  
  the communications unit is configured to receive a message comprising replacement security capabilities of the terminal;
  
  the control unit is configured to select new security algorithms for use in communications between the base station and the terminal based on at least the replacement security capabilities; and
  
  the communications unit is configured to send to the terminal an indication of the new selected security algorithms.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The base station of claim 10, wherein the control unit is configured to determine whether the replacement security capabilities received from the serving node are different to the security capabilities received in the X2 handover request, and only to select new security algorithms if so.
  - 12. The base station of claim 10, wherein the communications unit is configured to receive the replacement security capabilities in a context modification request from the serving node.
  - 13. The base station of claim 10, wherein the communications unit is configured to receive the replacement security capabilities in a path switch request acknowledgement message.
  - 14. The base station of claim 10, wherein the communications unit is configured to send a handover command message to the terminal before sending a path switch request to the serving node, the handover command message including an indication of the selected security algorithms.
  - 15. The base station of claim 10, wherein the network is an LTE network and the base station is optionally an eNB.

16. A method of operating a serving node in a telecommunications network, comprising:
- receiving security capabilities of a terminal when the terminal registers with the serving node;
  
  storing the received security capabilities;
  
  receiving a path switch request message, the path switch request including the security capabilities of the terminal; and
  
  sending the stored security capabilities towards a target base station.
- View Dependent Claims (17, 18)
- - 17. The method of claim 16, wherein the stored terminal security capabilities are sent to the target base station in a context modification request.
  - 18. The method of claim 16, wherein the stored terminal security capabilities are sent to the target base station in a path switch request acknowledgement message.

19. A method of operating a base station in a telecommunications network, comprising:
- receiving an X2 handover request for handover of a terminal from a source base station, the X2 handover request including security capabilities of the terminal;
  
  selecting security algorithms for use in communications between the base station and the terminal following the handover, the selection of the security algorithms being based on the received security capabilities of the terminal;
  
  sending a path switch request to a serving node, the path switch request including the security capabilities of the terminal;
  
  receiving a message comprising replacement security capabilities of the terminal;
  
  selecting new security algorithms for use in communications between the base station and the terminal based on at least the replacement security capabilities; and
  
  indicating the selection of the new security algorithms to the terminal.

20. A method of operating a telecommunications network, comprising:
- registering a terminal with a serving node;
  
  sending security capabilities of the terminal to the serving node;
  
  storing the security capabilities at the serving node;
  
  sending an X2 handover request to a target base station for handover of the terminal from a source base station, the X2 handover request including an additional indication of security capabilities of the terminal;
  
  at the target base station, selecting security algorithms for use in communications between the target base station and the terminal following the handover, the selection of the security algorithms being based on the received additional indication of the security capabilities of the terminal;
  
  sending a handover command message from the target base station to the terminal, the handover command message including an indication of the selected security algorithms;
  
  sending a path switch request to the serving node, the path switch request including the additional indication of the security capabilities of the terminal;
  
  sending the security capabilities stored at the serving node to the target base station;
  
  at the target base station, selecting new security algorithms for use in communications between the base station and the terminal based on at least the security capabilities stored at and sent from the serving node; and
  
  sending an indication of the selection of the new security algorithms to the terminal.

21. A computer program product comprising code adapted to be executed on a serving node in a telecommunications network, the code operable to cause the serving node to:
- receive security capabilities of a terminal when the terminal registers with the serving node;
  
  store the received security capabilities;
  
  receive a path switch request message, the path switch request including the security capabilities of the terminal; and
  
  send the stored security capabilities towards a target base station.
- View Dependent Claims (23)
- - 23. The computer program product of claim 21, carried on a carrier medium.

22. A computer program product comprising code adapted to be executed on a base station in a telecommunications network, the code operable to cause the base station to:
- receive an X2 handover request for handover of a terminal from a source base station, the X2 handover request including security capabilities of the terminal;
  
  select security algorithms for use in communications between the base station and the terminal following the handover, the selection of the security algorithms being based on the received security capabilities of the terminal;
  
  send a path switch request to a serving node, the path switch request including the security capabilities of the terminal;
  
  receive a message comprising replacement security capabilities;
  
  select new security algorithms for use in communications between the base station and the terminal based on at least the replacement security capabilities; and
  
  indicate the new security algorithms to the terminal.

24. A computer program, comprising computer readable code which, when operated by a serving node in a telecommunications network, causes the serving node to:
- receive security capabilities of a terminal when the terminal registers with the serving node;
  
  store the received security capabilities;
  
  receive a path switch request message following an X2 handover request sent from a source base station to a target base station for handover of the terminal, the path switch request including the security capabilities of the terminal; and
  
  send the stored security capabilities to the target base station.
- View Dependent Claims (26)
- - 26. A computer program product comprising a non-transitory computer readable medium and a computer program according to claim 24, wherein the computer program is stored on the computer readable medium.

25. A computer program, comprising computer readable code which, when operated by a base station in a telecommunications network, causes the base station to:
- receive an X2 handover request for handover of a terminal from a source base station, the X2 handover request including security capabilities of the terminal;
  
  select security algorithms for use in communications between the base station and the terminal following the handover, the selection of the security algorithms being based on the received security capabilities of the terminal;
  
  send a path switch request to a serving node, the path switch request including the security capabilities of the terminal;
  
  receive a message comprising replacement security capabilities;
  
  select new security algorithms for use in communications between the base station and the terminal based on at least the replacement security capabilities; and
  
  indicate the new security algorithms to the terminal.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Telefonaktiebolaget LM Ericsson
Original Assignee
Telefonaktiebolaget LM Ericsson
Inventors
Norrman, Karl

Granted Patent

US 9,661,534 B2
Time in Patent Office

Days
Field of Search
US Class Current

370/331
CPC Class Codes

H04L 63/1466   Active attacks involving in...

H04L 63/20   for managing network securi...

H04L 63/205   involving negotiation or de...

H04W 12/08   Access security

H04W 12/12   Detection or prevention of ...

H04W 36/0038   of security context informa...

H04W 36/0083   Determination of parameters...

H04W 36/00837   Determination of triggering...

H04W 36/08   Reselecting an access point

H04W 40/04   based on wireless node reso...

OPERATION OF A SERVING NODE IN A NETWORK

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

OPERATION OF A SERVING NODE IN A NETWORK

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links