COMMUNICATION SYSTEM

US 20150365822A1
Filed: 12/10/2013
Published: 12/17/2015
Est. Priority Date: 01/17/2013
Status: Active Grant

First Claim

Patent Images

1. A mobile communication device for communicating user plane data via first communication apparatus, of a communication network, that operates a first communication cell, and for receiving control plane signalling related to user plane communication from second communication apparatus, of the communication network, that operates a second communication cell, said mobile communication device comprising:

a receiving circuit configured to receive security information;

an obtaining circuit configured to obtain, from said security information, at least one user plane security parameter for providing user plane security for said user plane communication via said first communication apparatus and at least one control plane security parameter for providing control plane security for control plane communication via said second communication apparatus; and

an applying circuit configured to apply said at least one user plane security parameter in said user plane communication via said first communication apparatus and configured to apply said at least one control plane security parameter in said control plane communication via said second communication apparatus.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A communication system is described in which user plane communication and control plane communication for a particular mobile communication device can be split between a base station that operates a small cell and a macro base station. Appropriate security for the user plane and control plane communications is safeguarded by ensuring that each base station is able to obtain or derive the correct security parameters for protecting the user plane or control plane communication for which it is responsible.

17 Citations

View as Search Results

48 Claims

1. A mobile communication device for communicating user plane data via first communication apparatus, of a communication network, that operates a first communication cell, and for receiving control plane signalling related to user plane communication from second communication apparatus, of the communication network, that operates a second communication cell, said mobile communication device comprising:
- a receiving circuit configured to receive security information;
  
  an obtaining circuit configured to obtain, from said security information, at least one user plane security parameter for providing user plane security for said user plane communication via said first communication apparatus and at least one control plane security parameter for providing control plane security for control plane communication via said second communication apparatus; and
  
  an applying circuit configured to apply said at least one user plane security parameter in said user plane communication via said first communication apparatus and configured to apply said at least one control plane security parameter in said control plane communication via said second communication apparatus.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. A mobile communication device as claimed in claim 1 wherein said mobile communication device is operable to receive an indicator that user plane and control plane are provided by different respective communication apparatus.
  - 3. A mobile communication device as claimed in claim 2 wherein said mobile communication device is operable to receive said indicator that said user plane and said control plane are provided by different respective communication apparatus from said second communication apparatus.
  - 4. A mobile communication device as claimed in claim 2 wherein said mobile communication device is operable to receive said indicator that said user plane and said control plane are provided by different respective communication apparatus from a communication entity of said communication network.
  - 5. A mobile communication device as claimed in claim 1 wherein said at least one user plane security parameter comprises a security key ‘
    - K_UPenc’
      
      for ciphering and/or deciphering user plane communication.
  - 6. A mobile communication device as claimed in claim 5 wherein said obtaining circuit is operable to obtain said security key ‘
    - K_UPenc’
      
      for ciphering and/or deciphering user plane communication from by deriving it using a further security key obtained from said security information.
  - 7. A mobile communication device as claimed in claim 5 wherein said obtaining circuit is operable to obtain said security key ‘
    - K_UPenc’
      
      for ciphering and/or deciphering without derivation requiring a further security key.
  - 8. A mobile communication device as claimed in claim 1 wherein said at least one user plane security parameter comprises a security key ‘
    - K_UPint’
      
      for integrity protection of user plane communication.
  - 9. A mobile communication device as claimed in claim 1 wherein said at least one control plane security parameter comprises a security key ‘
    - K_RRCenc’
      
      for ciphering and/or deciphering control plane communication.
  - 10. A mobile communication device as claimed in claim 1 wherein said at least one control plane security parameter comprises a security key ‘
    - K_RRCint’
      
      for integrity protection of control plane communication.

11. Communication apparatus for operating a communication cell via which a mobile communication device can engage in user plane communication, in a communication network in which further communication apparatus operates a further cell and provides control plane signalling related to said user plane communication, the communication apparatus comprising:
- an operating circuit configured to operate said communication cell via which said mobile communication device can engage in user plane communication;
  
  a receiving circuit configured to receive security information;
  
  an obtaining circuit configured to obtain, from said security information, at least one user plane security parameter for providing user plane security for said user plane communication; and
  
  an applying circuit configured to apply said user plane security parameter to user plane communication via said first communication apparatus.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 12. Communication apparatus according to claim 11 wherein said receiving circuit is operable to receive said security information from said further communication apparatus.
  - 13. Communication apparatus according to claim 12 wherein said receiving circuit is operable to receive said security information over an X2 interface.
  - 14. Communication apparatus according to claim 11 wherein said receiving circuit is operable to receive said security information from a communication entity of said communication network.
  - 15. Communication apparatus according to claim 14 wherein said receiving circuit is operable to receive said security information over an S1 interface.
  - 16. Communication apparatus according to claim 11 wherein said operating circuit is configured to operate a cell that is small relative to the further cell operated by the further communication apparatus.
  - 17. Communication apparatus according to claim 11 wherein said at least one user plane security parameter comprises a security key ‘
    - K_UPenc’
      
      for ciphering and/or deciphering user plane communication.
  - 18. Communication apparatus according to claim 17 wherein said obtaining means circuit is operable to obtain said security key ‘
    - K_UPenc’
      
      for ciphering and/or deciphering user plane communication directly from said security information.
  - 19. Communication apparatus according to claim 17 wherein said obtaining circuit is operable to obtain said security key ‘
    - K_UPenc’
      
      by deriving it using a further security key obtained from said security information.
  - 20. Communication apparatus according to claim 11 further comprising a transmitting circuit configured to transmit an indicator to said further communication apparatus that said user plane security parameter for providing user plane security requires changing.
  - 21. Communication apparatus according to claim 11 wherein said communication apparatus comprises a base station.
  - 22. Communication apparatus according to claim 21 wherein said base station comprises an Evolved Universal Terrestrial Radio Access Network (E-UTRAN) base station.

23. Communication apparatus for operating a communication cell via which control plane signalling is provided to a mobile communication device, in a communication network in which further communication apparatus operates a further cell via which said mobile communication device can engage in user plane communication to which said control plane signalling relates, the communication apparatus comprising:
- an operating circuit configured to operate said communication cell via which said control plane signalling is provided to a mobile communication device;
  
  a receiving circuit configured to receive security information from a communication entity of said communication network;
  
  an obtaining circuit configured to obtain, from said security information, at least one control plane security parameter for providing control plane security for said control plane signalling provided to said mobile communication device, and at least one further security parameter;
  
  a providing circuit configured to provide security information comprising said further security parameter to said further communication apparatus; and
  
  an applying circuit configured to apply said at least one control plane security parameter when providing said control plane signalling to said mobile communication device.
- View Dependent Claims (24, 25, 26, 27, 28)
- - 24. Communication apparatus according to claim 23 wherein said communication apparatus is operable to transmit, to said mobile communication device, an indicator that user plane and control plane are provided by different respective communication apparatus.
  - 25. Communication apparatus according to claim 23 further comprising a receiving circuit configured to receive an indicator from said further communication apparatus that a user plane security parameter for providing user plane security requires changing.
  - 26. Communication apparatus according to claim 25 further comprising an initiating circuit configured to initiate, in response to receiving said indicator that said user plane security parameter for providing user plane security requires changing, intra-cell handover whereby to provide a change in said user plane security parameter for providing user plane security.
  - 27. Communication apparatus according to claim 23 wherein said communication apparatus comprises a base station.
  - 28. Communication apparatus according to claim 27 wherein said base station comprises an Evolved Universal Terrestrial Radio Access Network (E-UTRAN) base station.

29. A communication entity for a communication network in which a mobile communication device engages in user plane communication via first communication apparatus that operates a first communication cell, and in which the mobile communication device receives control plane signalling related to said user plane communication from second communication apparatus that operates a second communication cell, said communication entity comprising:
- a receiving circuit configured to receive security information from a further communication entity of said communication network;
  
  an obtaining circuit configured to obtain, from said security information, at least one root security parameter which can be used in the derivation of;
  
  at least one user plane security parameter for providing user plane security for said user plane communication via said first communication apparatus; and
  
  at least one control plane security parameter for providing control plane security for control plane communication via said second communication apparatus; and
  
  a providing circuit configured to provide security information comprising said root security parameter to said first communication apparatus in a first message and to said second communication apparatus in a second message.
- View Dependent Claims (30, 31, 32, 33)
- - 30. A communication entity according to claim 29 comprising a core network entity.
  - 31. A communication entity according to claim 30 comprising a mobility management entity (MME).
  - 32. A communication entity according to claim 29 wherein said providing circuit is operable to provide said first and said second messages over an S1 interface.
  - 33. A communication entity according to claim 32 wherein said providing circuit is operable to provide said first and said second messages using an S1 application protocol ‘
    - S1-AP’
      
      .

34. Communication apparatus for operating a communication cell via which control plane signalling is provided to a mobile communication device, in a communication network in which further communication apparatus operates a further cell via which said mobile communication device can engage in user plane communication to which said control plane signalling relates, the communication apparatus comprising:
- an operating circuit configured to operate said communication cell via which said control plane signalling is provided to a mobile communication device;
  
  means for receiving a receiving circuit configured to receive security information from a communication entity of said communication network;
  
  an obtaining circuit configured to obtain, from said security information, at least one control plane security parameter for providing control plane security for said control plane signalling provided to said mobile communication device;
  
  a transmitting circuit configured to transmit, to said mobile communication device, an indicator that user plane and control plane are provided by different respective communication apparatus; and
  
  an applying circuit configured to apply said at least one control plane security parameter when providing said control plane signalling to said mobile communication device.
- View Dependent Claims (35)
- - 35. Communication apparatus according to claim 34 wherein said obtaining circuit is operable to obtain, from said security information, at least one further security parameter;
    - and further comprising a providing circuit configured to provide security information comprising said further security parameter to said further communication apparatus.

36. A mobile communication device for communicating user plane data via first communication apparatus, of a communication network, that operates a first communication cell, and for receiving control plane signalling related to user plane communication from second communication apparatus, of the communication network, that operates a second communication cell, said mobile communication device comprising:
- a first obtaining circuit configured to obtain a first set of security parameters for said user plane communication, from a first authenticated key agreement (AKA) procedure in respect of said first communication apparatus, and for generating an associated first security context;
  
  a second obtaining circuit configured to obtain a second set of security parameters for control plane communication, from a second authenticated key agreement (AKA) procedure in respect of said second communication apparatus, and for generating an associated second security context; and
  
  a maintaining circuit configured to maintain said first security context and said second security context.

37. A communication entity for a communication network in which a mobile communication device is able to engage in user plane communication via first communication apparatus that operates a first communication cell, and in which the mobile communication device is able to receive control plane signalling related to said user plane communication from second communication apparatus that operates a second communication cell, said communication entity comprising:
- a first performing circuit configured to perform a first authenticated key agreement (AKA) procedure, in respect of said first communication apparatus, for user plane communication and for generating an associated first security context;
  
  a second performing circuit configured to perform a second authenticated key agreement (AKA) procedure, in respect of said second communication apparatus, for control plane communication and for generating an associated second security context; and
  
  a maintaining circuit configured to maintain said first security context and said second security context.

38. A method performed by a mobile communication device that is able to communicate user plane data via first communication apparatus, of a communication network, that operates a first communication cell, and is able to receive control plane signalling related to user plane communication from second communication apparatus, of the communication network, that operates a second communication cell, said method comprising:
- receiving security information;
  
  obtaining, from said security information, at least one user plane security parameter for providing user plane security for said user plane communication via said first communication apparatus and at least one control plane security parameter for providing control plane security for control plane communication via said second communication apparatus; and
  
  applying said at least one user plane security parameter in said user plane communication via said first communication apparatus and applying said at least one control plane security parameter in said control plane communication via said second communication apparatus.
- View Dependent Claims (48)
- - 48. A computer program product comprising computer implementable instructions which, when implemented on a computer device, result in the computer device performing a method in accordance with claim 38.

39. A method performed by communication apparatus when operating a cell via which a mobile communication device can engage in user plane communication, in a communication network in which further communication apparatus operates a further cell and provides control plane signalling related to said user plane communication, the method comprising:
- receiving security information;
  
  obtaining, from said security information, at least one user plane security parameter for providing user plane security for said user plane communication; and
  
  applying said user plane security parameter to said user plane communication via said first communication apparatus.

40. A method performed by communication apparatus when operating a cell via which control plane signalling is provided to a mobile communication device, in a communication network in which further communication apparatus operates a further cell via which said mobile communication device can engage in user plane communication to which said control plane signalling relates, the method comprising:
- receiving security information from a communication entity of said communication network;
  
  obtaining, from said security information, at least one control plane security parameter for providing control plane security for said control plane signalling provided to said mobile communication device, and at least one further security parameter;
  
  providing security information comprising said further security parameter to said further communication apparatus; and
  
  applying said at least one control plane security parameter when providing said control plane signalling to said mobile communication device.

41. A method performed by a communication entity in a communication network in which a mobile communication device engages in user plane communication via first communication apparatus that operates a first communication cell, and in which the mobile communication device receives control plane signalling related to said user plane communication from second communication apparatus that operates a second communication cell, said method comprising:
- receiving security information from a further communication entity of said communication network;
  
  obtaining, from said security information, at least one root security parameter which can be used in the derivation of;
  
  at least one user plane security parameter for providing user plane security for said user plane communication via said first communication apparatus; and
  
  at least one control plane security parameter for providing control plane security for control plane communication via said second communication apparatus; and
  
  providing security information comprising said root security parameter to said first communication apparatus in a first message and to said second communication apparatus in a second message.

42. A method performed by communication apparatus when operating a communication cell via which control plane signalling is provided to a mobile communication device, in a communication network in which further communication apparatus operates a further cell via which said mobile communication device can engage in user plane communication to which said control plane signalling relates, the method comprising:
- operating said communication cell via which said control plane signalling is provided to a mobile communication device;
  
  receiving security information from a communication entity of said communication network;
  
  obtaining, from said security information, at least one control plane security parameter for providing control plane security for said control plane signalling provided to said mobile communication device;
  
  transmitting, to said mobile communication device, an indicator that user plane and control plane are provided by different respective communication apparatus; and
  
  applying said at least one control plane security parameter when providing said control plane signalling to said mobile communication device.

43. A method performed by a mobile communication device that is able to communicate user plane data via first communication apparatus, of a communication network, that operates a first communication cell, and that is able to receive control plane signalling related to user plane communication from second communication apparatus, of the communication network, that operates a second communication cell, said method comprising:
- obtaining a first set of security parameters for said user plane communication, from a first authenticated key agreement (AKA) procedure in respect of said first communication apparatus, and generating an associated first security context;
  
  obtaining a second set of security parameters for control plane communication, from a second authenticated key agreement (AKA) procedure in respect of said second communication apparatus, and generating an associated second security context; and
  
  maintaining said first security context and said second security context.

44. A method performed by a communication entity in a communication network in which a mobile communication device is able to engage in user plane communication via first communication apparatus that operates a first communication cell, and in which the mobile communication device is able to receive control plane signalling related to said user plane communication from second communication apparatus that operates a second communication cell, said method comprising:
- performing a first authenticated key agreement (AKA) procedure, in respect of said first communication apparatus, for said user plane communication and for generating an associated first security context;
  
  performing a second authenticated key agreement (AKA) procedure, in respect of said second communication apparatus, for control plane communication and for generating an associated second security context; and
  
  maintaining said first security context and said second security context.

45. (canceled)

46. (canceled)

47. (canceled)

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NEC Corporation
Original Assignee
NEC Corporation
Inventors
SHARMA, Vivek

Granted Patent

US 9,526,002 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 2209/24   Key scheduling, i.e. genera...

H04L 9/0861   Generation of secret inform...

H04W 12/02   Protecting privacy or anony...

H04W 12/033   of the user plane, e.g. use...

H04W 12/037   of the control plane, e.g. ...

H04W 12/04   Key management, e.g. using ...

H04W 12/041   Key generation or derivation

H04W 12/0431   Key distribution or pre-dis...

H04W 12/0433   Key management protocols

H04W 16/32   Hierarchical cell structures

H04W 36/0038   of security context informa...

H04W 36/0069   in case of dual connectivit...

H04W 36/00695   using split of the control ...

H04W 84/045   using private Base Stations...

COMMUNICATION SYSTEM

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

17 Citations

48 Claims

Specification

Solutions

Use Cases

Quick Links

COMMUNICATION SYSTEM

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

17 Citations

48 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links