System and Method for Wireless Network Access Protection and Security Architecture
First Claim
1. A method for wireless network access protection, the method comprising:
- obtaining, by a base station, a wireless network (WN) specific key assigned to a wireless network to which the base station belongs;
establishing a wireless connection between the base station and a user equipment (UE);
receiving encrypted data from the UE over the wireless connection, the encrypted data having first and second layers of encryption;
decrypting the first layer of encryption using the WN specific key to obtain partially decrypted data; and
forwarding the partially decrypted data to a gateway in the WN.
1 Assignment
0 Petitions
Accused Products
Abstract
Wireless network specific (WN-specific) key can be used to provide access protection over the radio access link. A WN-specific key may be associated with (or assigned to) a wireless network, and distributed to access points of the wireless network, as well as to user equipments (UEs) following UE authentication. The WN-specific key is then used to encrypt/decrypt data transported over the radio access link. The WN-specific key can be used in conjunction with the UE-specific keys to provide multi-level access protection. In some embodiments, WN-specific keys are shared between neighboring wireless networks to reduce the frequency of key exchanges during handovers. Service-specific keys may be used to provide access protection to machine to machine (M2M) services. Group-specific keys may be used to provide access protection to traffic communicated between members of a private social network.
-
Citations
24 Claims
-
1. A method for wireless network access protection, the method comprising:
-
obtaining, by a base station, a wireless network (WN) specific key assigned to a wireless network to which the base station belongs; establishing a wireless connection between the base station and a user equipment (UE); receiving encrypted data from the UE over the wireless connection, the encrypted data having first and second layers of encryption; decrypting the first layer of encryption using the WN specific key to obtain partially decrypted data; and forwarding the partially decrypted data to a gateway in the WN. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A base station comprising:
-
a processor; and a computer readable storage medium storing programming for execution by the processor, the programming including instructions to; obtaining, by a base station, a wireless network (WN) specific key assigned to a wireless network to which the base station belongs; establish a wireless connection between the base station and a user equipment (UE); receive encrypted data from the UE over the wireless connection, the encrypted data having first and second layers of encryption; decrypt the first layer of encryption using the WN specific key to obtain partially decrypted data; and forward the partially decrypted data to a gateway in the WN.
-
-
13. A method for distributing keys in wireless networks, the method comprising:
-
generating a wireless network (WN) specific key at a WN key controller, the WN specific key being assigned to a first wireless network; and distributing the WN specific key to base stations in the first wireless network, wherein the WN specific key is configured to provide access protection over radio access interfaces established between the base stations and user equipments (UEs) accessing the wireless network. - View Dependent Claims (14, 15)
-
-
16. A key controller comprising:
-
a processor; and a computer readable storage medium storing programming for execution by the processor, the programming including instructions to; generate a wireless network (WN) specific key at a WN key controller, the WN specific key being assigned to a first wireless network; and distribute the WN specific key to base stations in the first wireless network, wherein the WN specific key is configured to provide access protection over radio access interfaces established between the base stations and user equipments (UEs) accessing the wireless network.
-
-
17. A key management architecture comprising:
a wireless network (WN) protection controller adapted to obtain user equipment (UE) specific keys assigned to the UEs accessing a wireless network, and to distribute the UE specific keys to a serving gateway (SGW) in the wireless network, wherein the UE specific keys are adapted to provide access protection over bearer channels extending between the UE and the SGW. - View Dependent Claims (18, 19)
-
20. A method for authenticating a mobile device, the method comprising:
-
receiving, by a wireless network (WN) protection controller, a UE specific key, wherein the WN protection controller is assigned to distribute keys throughout a wireless network; identifying, by the WN protection controller, a wireless network domain that corresponds to a UE identifier specified by the UE specific key; and distributing, by the WN protection controller, the UE specific key to a serving gateway (SGW) in the wireless network domain, wherein UE specific key is adapted to provide access protection to a bearer channel extending between the UE and the SGW. - View Dependent Claims (21, 22)
-
-
23. A wireless network (WN) protection controller comprising:
-
a processor; and a computer readable storage medium storing programming for execution by the processor, the programming including instructions to; receive a UE specific key from a third party key management entity, wherein the WN protection controller is assigned to distribute keys throughout a wireless network, and wherein the third party key management entity is operated by a third party administrator that is different than an operator of the wireless network; identify a wireless network domain that corresponds to a UE identifier specified by the UE specific key; and distribute the UE specific key to a serving gateway (SGW) in the wireless network domain, wherein UE specific key is adapted to provide access protection to a bearer channel extending between the UE and the SGW.
-
-
24-34. -34. (canceled)
Specification