System for ensuring encrypted communication after handover

US 7,403,621 B2
Filed: 11/06/2001
Issued: 07/22/2008
Est. Priority Date: 11/28/2000
Status: Active Grant

- Alert
- Pin

First Claim

Patent Images

1. An apparatus, comprising:

a receiver, of a radio access network, configured to receive via a radio interface an unprotected signaling message including information about encryption algorithms supported by a multimode mobile station in a further radio access network, the further radio access network being different from the radio access network;

wherein said radio access network is configured to compose an integrity protected command message including information relating to the encrypting algorithms supported by the multimode mobile station in said further radio access network, said integrity protected command message comprising a payload and a message authentication code; and

a sender configured to send said integrity protected command message to said multimode mobile station.

View all claims

2 Assignments

Timeline View

Assignment View

Litigations

0 Petitions

Accused Products

Abstract

During connection setup with a first radio access network, a multimode mobile station sends an unprotected initial signaling message that includes information about those encryption algorithms that the multimode mobile station supports when it communicates in a second radio access network. The first radio access network saves some or all the information. Then it composes and sends an integrity-protected message that includes information about the encryption algorithms supported by the multimode mobile station in the second radio access network.

50 Citations

View as Search Results

47 Claims

1. An apparatus, comprising:
- a receiver, of a radio access network, configured to receive via a radio interface an unprotected signaling message including information about encryption algorithms supported by a multimode mobile station in a further radio access network, the further radio access network being different from the radio access network;
  
  wherein said radio access network is configured to compose an integrity protected command message including information relating to the encrypting algorithms supported by the multimode mobile station in said further radio access network, said integrity protected command message comprising a payload and a message authentication code; and
  
  a sender configured to send said integrity protected command message to said multimode mobile station.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The apparatus as defined in claim 1, wherein the radio access network is configured to attach information about the encryption algorithms supported by the multimode mobile station in said further radio access network received in said unprotected signaling message to said payload and to apply said payload in an algorithm computing said message authentication code.
  - 3. The apparatus as defined in claim 1, wherein the radio access network is configured to save the unprotected signaling message and to use the unprotected signaling message in an algorithm computing said message authentication code.
  - 4. The apparatus as defined in claim 1, wherein the radio access network is configured to save a payload of the unprotected signaling message and to use the payload of the unprotected signaling message in an algorithm computing said message authentication code.
  - 5. The apparatus as defined in claim 1, wherein the radio access network is configured to save information about the encryption algorithms supported by the multimode mobile station in said farther radio access network and to use information about the encryption algorithms supported by the multimode mobile station in said farther radio access network together with information about encryption algorithm embedded in a command message received from a core network in computing said message authentication code.
  - 6. The apparatus as defined in claim 1, wherein the radio access network is configured to omit information about the encryption algorithms supported by the multimode mobile station in said farther radio access network and information about the security capability of said multimode mobile station in said radio access network in the integrity protected command message.
  - 7. The apparatus as defined in claim 1, wherein the radio access network is configured to include information about the encryption algorithms supported by the multimode mobile station in said further radio access network in the integrity protected command message.
  - 8. The apparatus as defined in claim 1, wherein the multimode mobile station sends said information about file encryption algorithms supported by the multimode mobile station in said further radio access network during connection setup, said radio access network configured to save said information about the encryption algorithms and to use said information about encryption algorithms in composing the integrity protected command message.
  - 9. The apparatus as defined in claim 1, wherein the radio access network is configured to send information about the encryption algorithms supported by the multimode mobile station in said further radio access network to a core network.
  - 10. The apparatus as defined in claim 1, wherein the radio access network is configured to receive a command message from a core network instructing the mobile station to cipher farther communications.
  - 11. The apparatus as defined in claim 10, wherein the radio access network is configured to send to said multimode mobile station said protected command message after receiving said command message from the core network.
  - 12. The apparatus as defined in claim 1, wherein said integrity protected command message instructs the multimode mobile station to cipher further communications.

13. An apparatus comprising:
- a sender, of a multimode mobile station, configured to send to a first radio access network an unprotected signaling message including information about encryption algorithms supported by the multimode mobile station in a second radio access network,a receiver configured to receive from the first radio access network an integrity protected command message including information relating to said encryption algorithms supported by the multimode mobile station in the second radio access network, said integrity protected command message comprising a payload and a message authentication code, andwherein said mobile station is configured to conclude whether said information relating to said encryption algorithms in said integrity protected command message corresponds to said information about said encryption algorithms in said unprotected signaling message.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21)
- - 14. The apparatus as defined in claim 13, wherein said payload comprises information about encryption algorithms, said multimode mobile station configured to compare information about the encryption algorithms received in said payload with stored information about said encryption algorithms supported by the multimode mobile station.
  - 15. The apparatus as defined in claim 13, wherein the multimode mobile station is configured to save the unprotected signaling message and to use the unprotected signaling message in an algorithm computing an expected message authentication code for the integrity protected command message.
  - 16. The apparatus as defined in claim 13, wherein the multimode mobile station is configured to save a payload of the unprotected signaling message and to use the payload of the unprotected signaling message in an algorithm computing an expected message authentication code for the integrity protected command message.
  - 17. The apparatus as defined in claim 13, wherein the multimode mobile station is configured to use information about the encryption algorithms supported by the multimode mobile station in said second radio access network together with information about an encryption algorithm for use with said first radio access network in computing an expected message authentication code for the integrity protected command message.
  - 18. The apparatus as defined in claim 13, wherein said integrity protected command message omits information about the encryption algorithms supported by the multimode mobile station in said second radio access network and information about the security capability of said multimode mobile station in said first radio access network.
  - 19. The apparatus as defined in claim 13, wherein said integrity protected command message comprises information about the encryption algorithms supported by the multimode mobile station in said second radio access network.
  - 20. The apparatus as defined in claim 13, wherein the multimode mobile station is configured to send said information about the encryption algorithms supported by the multimode mobile station in said second radio access network during connection setup.
  - 21. The apparatus as defined in claim 13, wherein said integrity protected command message instructs the multimode mobile station to cipher further communications.

22. A system, comprising:
- a radio access network comprising a receiver configured to receive via a radio interface an unprotected signaling message including information about encryption algorithms supported by a multimode mobile station in a further radio access network, the further radio access network being different from the radio access network,the radio access network being configured to compose an integrity protected command message including information relating to the encrypting algorithms supported by the multimode mobile station in said further radio access network, said integrity protected command message comprising a payload and a message authentication code, andthe radio access network also comprises a sender configured to send said integrity protected command message to said multimode mobile station; and
  
  a core network for receiving information about file encryption algorithms supported by the multimode mobile station in said further radio access network.
- View Dependent Claims (23, 24)
- - 23. The system as defined claim 22, comprising a further radio access network.
  - 24. The system as defined claim 22, comprising at least one multimode mobile station, configured to:
    - send to said radio access network an unprotected signaling message including information about encryption algorithms supported by the multimode mobile station in said further radio access network;
      
      receive from the radio access network an integrity protected command message including information relating to said encryption algorithms supported by the multimode mobile station in the further radio access network, said integrity protected command message comprising a payload and a message authentication code; and
      
      conclude whether said information relating to said encryption algorithms in said integrity protected command message corresponds to said information about said encryption algorithms in said unprotected signaling message.

25. A method comprising:
- receiving from a multimode mobile station via a radio interface of a first radio access network an unprotected signaling message including information about encryption algorithms supported by the multimode mobile station in a second radio access network;
  
  composing an integrity protected command message including information relating to the encrypting algorithms supported by the multimode mobile station in said second radio access network, said integrity protected command message including a payload and a message authentication code; and
  
  sending said integrity protected command message to said multimode mobile station.
- View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
- - 26. A method as defined in claim 25, comprising sending information about the encryption algorithms supported by the multimode mobile station in said second radio access network to a core network.
  - 27. A method as defined in claim 25, comprising receiving a command message from the core network, said command message instructing the multimode mobile station to cipher further communication.
  - 28. The method as defined in claim 27, further comprising sending to said multimode mobile station said protected command message after receiving said command message from the core network.
  - 29. A method as defined in claim 25, comprising instructing the multimode mobile station to cipher further communications with said integrity protected command message.
  - 30. The method in claim 25, further comprising attaching information about the encryption algorithms supported by the multimode mobile station in said second radio access network received in said unprotected signaling message to said payload, and applying said payload in an algorithm computing said message authentication code.
  - 31. The method as defined in claim 25, further comprising saving the unprotected signaling message, and using the unprotected signaling message in an algorithm computing said message authentication code.
  - 32. The method as defined in claim 25, further comprising saving a payload of the unprotected signaling message, and using the payload of the unprotected signaling message in an algorithm computing said message authentication code.
  - 33. The method as defined in claim 25, further comprising saving information about the encryption algorithms supported by the multimode mobile station in said second radio access network, and using information about the encryption algorithms supported by the multimode mobile station in said second radio access network together with information about encryption algorithm embedded in a command message received from a core network in computing said message authentication code.
  - 34. The method as defined in claim 25, further comprising omitting information about the encryption algorithms supported by the multimode mobile station in said second radio access network and information about the security capability of said multimode mobile station in said first radio access network in the integrity protected command message.
  - 35. The method as defined in claim 25, further comprising including information about the encryption algorithms supported by the multimode mobile station in said second radio access network in the integrity protected command message.
  - 36. The method as defined in claim 25, further comprising receiving said information about the encryption algorithms supported by the multimode mobile station in said second radio access network during connection setup, saving said information about the encryption algorithms at said first radio access network, and using said information about encryption algorithms in composing the integrity protected command message.

37. An apparatus comprising:
- receiving means for receiving via a radio interface an unprotected signaling message including information about encryption algorithms supported by a multimode mobile station in a further radio access network;
  
  wherein a first radio access network is configured for composing an integrity protected command message including information relating to the encrypting algorithms supported by the multimode mobile station in said farther radio access network, said integrity protected command message comprising a payload and a message authentication code;
  
  sending means for sending said integrity protected command message to said multimode mobile station; and
  
  providing means for providing multimode mobile stations with access to at least one core network.

38. A method, comprising:
- sending from a multimode mobile station to a first radio access network an unprotected signaling message including information about encryption algorithms supported by the multimode mobile station in a second radio access network;
  
  receiving at the multimode mobile station from the first radio access network an integrity protected command message including information relating to the encrypting algorithms supported by the multimode mobile station in said second radio access network, said integrity protected command message comprising a payload and a message authentication code; and
  
  concluding whether the information relating to the encryption algorithms in the integrity protected command message corresponds to the information about the encryption algorithms in the unprotected signaling message.
- View Dependent Claims (39, 40, 41, 42, 43, 44, 45, 46)
- - 39. The method as defined in claim 38, wherein said payload comprises information about encryption algorithms, and further comprising comparing at said multimode mobile station information about the encryption algorithms received in said payload with stored information about said encryption algorithms supported by file multimode mobile station.
  - 40. The method as defined in claim 38, further comprising saving the unprotected signaling message at said multimode mobile station, and using the unprotected signaling message in an algorithm computing an expected message authentication code for the integrity protected command message.
  - 41. The method as defined in claim 38, further comprising saving at the multimode mobile station a payload of the unprotected signaling message, and using the payload of the unprotected signaling message in an algorithm computing an expected message authentication code for the integrity protected command message.
  - 42. The method as defined in claim 38, farther comprising using information about the encryption algorithms supported by the multimode mobile station in said second radio access network together with information about an encryption algorithm for use with said first radio access network in computing an expected message authentication code for the integrity protected command message.
  - 43. The method as defined in claim 38, wherein said integrity protected command message omits information about the encryption algorithms supported by the multimode mobile station in said second radio access network and information about the security capability of said multimode mobile station in said first radio access network.
  - 44. The method as defined in claim 38, wherein said integrity protected command message comprises information about the encryption algorithms supported by the multimode mobile station in said second radio access network.
  - 45. The method as defined in claim 38, further comprising sending from the multimode mobile station said information about the encryption algorithms supported by the multimode mobile station in said second radio access network during connection setup.
  - 46. The method as defined in claim 38, wherein said integrity protected command message instructs the multimode mobile station to cipher further communications.

47. An apparatus, comprising:
- sending means for sending from a multimode mobile station to a first radio access network an unprotected signaling message including information about encryption algorithms supported by the multimode mobile station in a second radio access network;
  
  receiving means for receiving at the multimode mobile station from the first radio access network an integrity protected command message including information relating to the encrypting algorithms supported by the multimode mobile station in said second radio access network, said integrity protected command message comprising a payload and a message authentication code; and
  
  wherein said mobile station is configured to conclude whether the information relating to the encryption algorithms in the integrity protected command message corresponds to the information about the encryption algorithms in the unprotected signaling message.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
Nokia Technologies Oy (Nokia Corporation)
Original Assignee
Nokia Corporation
Inventors
Niemi, Valtteri, Vialèn, Jukka
Primary Examiner(s)
Smithers; Matthew B

Application Number

US10/013,257
Publication Number

US 20020066011A1
Time in Patent Office

2,450 Days
Field of Search

380/270, 380/272, 380/37, 380/42, 380/283, 380/29, 380/28, 380/47, 380/46, 380/44
US Class Current

380/272
CPC Class Codes

H04L 63/123   received data contents, e.g...

H04L 63/1475   Passive attacks, e.g. eaves...

H04W 12/02   Protecting privacy or anony...

H04W 12/037   of the control plane, e.g. ...

H04W 12/106   Packet or message integrity

H04W 12/108   Source integrity

H04W 12/121   Wireless intrusion detectio...

H04W 12/122   Counter-measures against at...

H04W 76/10   Connection setup

System for ensuring encrypted communication after handover

First Claim

2 Assignments

Litigations

0 Petitions

Accused Products

Abstract

50 Citations

47 Claims

Specification

Solutions

Use Cases

Quick Links

System for ensuring encrypted communication after handover

First Claim

2 Assignments

Subscription Required

Subscription Required

Litigations

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

50 Citations

47 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links