Security reconfiguration in a universal mobile telecommunications system
First Claim
1. A method for protecting the security of a communication between a mobile radio and a radio access network (RAN), comprising:
- establishing a connection through the RAN to support a communication with the mobile radio;
configuring the connection with a first security configuration;
sending one or more messages over the connection using the first security connection, each message having a message sequence number;
determining a need to reconfigure the connection to a second security configuration;
setting an activation message sequence number associated with the reconfiguration; and
when the second security configuration is to be activated, sending a next message with the activation message sequence number,wherein the sending step is performed to apply the second security configuration even when the activation message sequence number of messages has not been transmitted at the time that the security reconfiguration is completed.
8 Assignments
0 Petitions
Accused Products
Abstract
The invention protects the security of a communication between a mobile radio and a radio access network (RAN). A connection is established through the RAN to support a communication with the mobile radio. The connection is configured with a first security configuration. One or more messages are sent over the connection using the first security configuration, each message having a message sequence number. When the connection needs to be configured to a second security configuration, an activation message sequence number associated with the reconfiguration is set. When the reconfiguration process is complete and the second security configuration is to be activated, the next message is sent over the connection with the activation message sequence number. Until that time and during the reconfiguration, when the mobile radio transmits a message with a message sequence number lower than the activation message sequence number to the RAN, it uses the first security configuration. An example of such a message is a cell update message or an area update message.
54 Citations
42 Claims
-
1. A method for protecting the security of a communication between a mobile radio and a radio access network (RAN), comprising:
-
establishing a connection through the RAN to support a communication with the mobile radio; configuring the connection with a first security configuration; sending one or more messages over the connection using the first security connection, each message having a message sequence number; determining a need to reconfigure the connection to a second security configuration; setting an activation message sequence number associated with the reconfiguration; and when the second security configuration is to be activated, sending a next message with the activation message sequence number, wherein the sending step is performed to apply the second security configuration even when the activation message sequence number of messages has not been transmitted at the time that the security reconfiguration is completed. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A mobile radio configured to communicate with an entity via a connection established through a radio access network (RAN), comprising:
-
radio transceiving circuitry, and data processing circuitry configured to perform the following tasks; establish a first security configuration for the connection; send one or more messages over the connection using the first security connection, each message having a message sequence number; determine if the connection is to be reconfigured to a second security configuration; determine an activation message sequence number associated with the reconfiguration; and when the second security configuration is to be activated, send a next message with the activation message sequence number, wherein the data processing circuitry is configured to apply the second security configuration even when the activation number of messages has not been transmitted when the security reconfiguration is completed. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
-
-
30. A radio access network (RAN) node for establishing a mobile radio connection through the RAN to support communications involving the mobile radio, comprising:
data processing circuitry configured to perform the following functions; establish a first security configuration parameters for the connection; send or receive one or more messages over the connection using the first security connection, each message having a message sequence number; determine if the connection is to be reconfigured to a second security configuration; send a security configuration change message to the mobile radio that indicates to the mobile radio to apply the second security configuration even when the activation number of messages has not been transmitted when the security reconfiguration is completed; detect a next message from the mobile radio with the activation message sequence number; and upon detecting the next message, activate the second security configuration for the connection. - View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42)
Specification