5G New Radio - Avoiding Redundant AS Security Checks

US 20200137574A1
Filed: 10/23/2019
Published: 04/30/2020
Est. Priority Date: 10/31/2018
Status: Active Grant

First Claim

Patent Images

1. A user equipment device (UE), comprising:

at least one antenna;

at least one radio, wherein the at least one radio is configured to perform cellular communication using at least one radio access technology (RAT);

one or more processors coupled to the at least one radio, wherein the one or more processors and the at least one radio are configured to perform voice and/or data communications;

wherein the one or more processors are configured to cause the UE to;

determine that an on-demand system information block (SIB) request is pending transmission;

buffer, in response to determining that a connection establishment procedure will be initiated within a specified time period, the on-demand SIB request for at least the specified time period;

perform a unified security procedure for the on-demand SIB request and the connection establishment procedure, including confirming connection security; and

in response to confirming connection security, use an on-demand SIB received from the network without confirming a corresponding on-demand SIB signature.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Apparatuses, systems, and methods for a wireless device to perform methods for improvements to security checks in a fifth generation (5G) New Radio (NR) network, including mechanisms to avoid redundant access stratum (AS) security checks. The wireless device may determine that an on-demand system information block (SIB) request is pending transmission and may buffer the on-demand SIB in response to determining that a connection establishment procedure will be initiated within a specified time period. The wireless device may then perform a unified security procedure for the on-demand SIB request and the connection establishment procedure, including confirming connection security. Further, in response to confirming connection security, the wireless device may use an on-demand SIB received from the network without confirming a corresponding on-demand SIB signature.

6 Citations

20 Claims

1. A user equipment device (UE), comprising:
- at least one antenna;
  
  at least one radio, wherein the at least one radio is configured to perform cellular communication using at least one radio access technology (RAT);
  
  one or more processors coupled to the at least one radio, wherein the one or more processors and the at least one radio are configured to perform voice and/or data communications;
  
  wherein the one or more processors are configured to cause the UE to;
  
  determine that an on-demand system information block (SIB) request is pending transmission;
  
  buffer, in response to determining that a connection establishment procedure will be initiated within a specified time period, the on-demand SIB request for at least the specified time period;
  
  perform a unified security procedure for the on-demand SIB request and the connection establishment procedure, including confirming connection security; and
  
  in response to confirming connection security, use an on-demand SIB received from the network without confirming a corresponding on-demand SIB signature.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The UE according to claim 1,wherein, to perform the unified security procedure, the one or more processors are further configured to cause the UE to:
    - initiate, responsive to receiving an on-demand SIB response and corresponding on-demand SIB signature, a timer, wherein during a duration of the timer, the UE will not process the on-demand SIB signature; and
      
      confirm the connection security via the connection establishment procedure prior to expiration of the timer.
  - 3. The UE according to claim 2,wherein, to confirm the connection security via the connection establishment procedure, the one or more processors are further configured to cause the UE to perform ciphering and an integrity check based on contents of an access stratum (AS) security message received from the network.
  - 4. The UE according to claim 2,wherein the one or more processors are further configured to cause the UE to:
    - process, responsive to expiration of the timer and failure of connection security confirmation via the connection establishment procedure, the on-demand SIB signature; and
      
      confirm the connection security via the on-demand SIB signature.
  - 5. The UE according to claim 2,wherein the duration of the timer is configurable by one of the UE or the network.
  - 6. The UE according to claim 2,wherein the duration of the timer is determined, based at least in part on, at least one of:
    - traffic conditions on the network;
      
      conditions at the UE;
      
      orreference to a standard.
  - 7. The UE according to claim 1,wherein the specified period is configurable by one of the UE or the network.
  - 8. The UE according to claim 1,wherein the specified time period is determined, based at least in part on, at least one of:
    - traffic conditions on the network;
      
      conditions at the UE;
      
      orreference to a standard.
  - 9. The UE according to claim 1,wherein the unified security procedure is a unified random-access channel (RACH) procedure, and wherein the unified RACH procedure is indicated via a RACH preamble.

10. An apparatus, comprising:
- a memory; and
  
  one or more processors in communication with the memory, wherein the one or more processors are configured to;
  
  determine that an on-demand system information block (SIB) request is pending transmission;
  
  buffer, in response to determining that a connection establishment procedure will be initiated within a specified time period, the on-demand SIB request for at least the specified time period;
  
  generate instructions to perform a unified security procedure for the on-demand SIB request and the connection establishment procedure, including confirming connection security; and
  
  in response to confirming connection security, use an on-demand SIB received from the network without confirming a corresponding on-demand SIB signature.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The apparatus according to claim 10,wherein, to generate instructions perform the unified security procedure, the one or more processors are further configured to:
    - initiate, responsive to receiving an on-demand SIB response and corresponding on-demand SIB signature, a timer, wherein during a duration of the timer, the UE will not process the on-demand SIB signature; and
      
      confirm the connection security via the connection establishment procedure prior to expiration of the timer, including performing ciphering and an integrity check based on contents of an access stratum (AS) security message received from the network.
  - 12. The apparatus according to claim 11,wherein the one or more processors are further configured to:
    - process, responsive to expiration of the timer and failure of connection security confirmation via the connection establishment procedure, the on-demand SIB signature; and
      
      confirm the connection security via the on-demand SIB signature.
  - 13. The apparatus according to claim 11,wherein the duration of the timer is determined, based at least in part on, at least one of:
    - traffic conditions on the network;
      
      conditions at the apparatus;
      
      orreference to a standard.
  - 14. The apparatus according to claim 10,wherein the specified time period is determined, based at least in part on, at least one of:
    - traffic conditions on the network;
      
      conditions at the apparatus;
      
      orreference to a standard.
  - 15. The apparatus according to claim 10,wherein the unified security procedure is a unified random-access channel (RACH) procedure, and wherein the unified RACH procedure is indicated via a RACH preamble.

16. A non-transitory computer readable memory medium storing program instructions executable by processing circuitry to cause a network node to:
- receive, from a user equipment device (UE), an indication of a unified security procedure, wherein the unified security procedure includes an establish connection request and an on-demand system information block (SIB) request; and
  
  perform at least one of;
  
  delaying transmission of an on-demand SIB response until completion of security confirmation of the connection request;
  
  ortransmitting an on-demand SIB response without a corresponding on-demand SIB signature, thereby triggering the UE to confirm security via the connection request.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The non-transitory computer readable memory medium according to claim 16,wherein a duration of the delay in transmission of the on-demand SIB response is configurable by one of the network node or the UE.
  - 18. The non-transitory computer readable memory medium according to claim 16,wherein the duration of the delay is determined, based at least in part on, at least one of:
    - traffic conditions on the network;
      
      conditions at the UE;
      
      orreference to a standard.
  - 19. The non-transitory computer readable memory medium according to claim 16,wherein the program instructions are further executable by processing circuitry to cause the network node to:
    - transmit, after the duration of the delay, the on-demand SIB response and corresponding on-demand SIB signature.
  - 20. The non-transitory computer readable memory medium according to claim 16,wherein the program instructions are further executable by processing circuitry to cause the network node to:
    - upon failure to confirm connection security via the connection request, receive, from the UE, an on-demand SIB request to begin a random-access channel (RACH) procedure for the one-demand SIB.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Apple Inc.
Inventors
Dhanapal, Muthukumaran, Su, Li, Venkataraman, Vijay

Granted Patent

US 11,611,879 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

H04L 49/90   Buffering arrangements

H04W 12/03   Protecting confidentiality,...

H04W 12/08   Access security

H04W 12/10   Integrity

H04W 12/106   Packet or message integrity

H04W 12/122   Counter-measures against at...

H04W 12/61   Time-dependent

H04W 28/0231   based on communication cond...

H04W 48/14   using user query or user de...

H04W 74/0833   Random access procedures, e...

H04W 76/10   Connection setup

H04W 76/18   Management of setup rejecti...

5G New Radio - Avoiding Redundant AS Security Checks

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

6 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

5G New Radio - Avoiding Redundant AS Security Checks

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

6 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links