Secure distributed handover signaling

US 7,864,731 B2
Filed: 12/27/2006
Issued: 01/04/2011
Est. Priority Date: 01/04/2006
Status: Expired due to Fees

First Claim

Patent Images

1. A method comprising:

sending a measurement report associated with a mobile communication device to a source base station, the measurement report including a first encryption parameter and wherein the measurement report is configured to cause the source base station to send a context push message to a target base station, wherein the context push message includes one or more encryption keys and a once associated with a network;

receiving, by the mobile communication device, a handover command including a second encryption parameter corresponding to the target base station from the source base station, wherein the mobile communication device is different from the target base station and the source base station; and

sending a handover confirmation message to the target base station, the handover confirmation message including identification information corresponding to at least one of the source base station and the target base station.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Provided are apparatuses and methods for providing security measures for a handover execution procedure in a communication network. In one example, the handover procedure is initiated by more than one base station. In another example, a base station may not launch a Denial or Service (DoS) attack towards other base stations or towards a core network using handover signaling messages. For example, a user device may send at least one encryption parameter, such as a Nonce associated with the user device to a source base station. Handover of the user device from the source base station to a target base station may be accomplished based on the at least one encryption parameter to avoid the DoS attack.

Citations

34 Claims

1. A method comprising:
- sending a measurement report associated with a mobile communication device to a source base station, the measurement report including a first encryption parameter and wherein the measurement report is configured to cause the source base station to send a context push message to a target base station, wherein the context push message includes one or more encryption keys and a once associated with a network;
  
  receiving, by the mobile communication device, a handover command including a second encryption parameter corresponding to the target base station from the source base station, wherein the mobile communication device is different from the target base station and the source base station; and
  
  sending a handover confirmation message to the target base station, the handover confirmation message including identification information corresponding to at least one of the source base station and the target base station.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1 wherein the measurement report includes a the Nonce associated with the mobile communication device.
  - 3. The method of claim 1 wherein the context push message further includes at least one of an identifier associated with the source base station, an identifier associated with the target base station, a Session Keys Context (SKC), a Nonce associated with a network, and a network context.
  - 4. The method of claim 1 further comprising receiving contents of a context confirm message from the source base station.
  - 5. The method of claim 4 wherein the mobile communication device determines a session key responsive to receiving the contents of the context confirm message.
  - 6. The method of claim 5 wherein the handover confirmation message further includes at least one of:
    - the Nonce associated with the mobile communication device and a Nonce associated with a network.

7. One or more computer readable media storing computer readable instructions that, when executed, cause an apparatus to:
- send a measurement report associated with a mobile communication device to a source base station, the measurement report including a first encryption parameter and wherein the measurement report is configured to cause the source base station to send a context push message to the target base station, wherein the context push message includes one or more encryption keys and a Nonce associated with the mobile communication device;
  
  receive a handover command including a second encryption parameter corresponding to a target base station from the source base station, wherein the apparatus is different from the target base station and the source base station; and
  
  send a handover confirmation message to the target base station, the handover confirmation message including identification information corresponding to at least one of the source base station or the target base station.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The one or more computer readable media of claim 7 wherein the measurement report includes the Nonce associated with the mobile communication device.
  - 9. The one or more computer readable media of claim 7 wherein the context push message further includes at least one of an identifier associated with the source base station, an identifier associated with the target base station, a Session Keys Context (SKC), a Nonce associated with a network, and a network context.
  - 10. The one or more computer readable media of claim 7 further including instructions for receiving contents of a context confirm message from the source base station.
  - 11. The one or more computer readable media of claim 10 wherein the mobile communication device determines a session key responsive to receiving the contents of the context confirm message.
  - 12. The one or more computer readable media of claim 11 wherein the handover confirmation message further includes at least one of:
    - the Nonce associated with the mobile communication device and a Nonce associated with a network.

13. An apparatus comprising:
- at least one processor; and
  
  at least one memory operatively coupled to the at least one processor and storing computer readable instructions that, when executed, cause the apparatus to;
  
  send a measurement report to a source base station, the measurement report including a first encryption parameter and wherein the measurement report is configured to cause the source base station to send a context push message to a target base station, wherein the context push message includes one or more encryption keys and a Nonce associated with a mobile communication device;
  
  receive a handover command including a second encryption parameter corresponding to the target base station from the source base station, the target base station and the source base station being different from the apparatus; and
  
  send a handover confirmation message to the target base station, the handover confirmation message including identification information corresponding to at least one of;
  
  the source base station or the target base station.
- View Dependent Claims (14, 15, 16)
- - 14. The apparatus of claim 13, wherein the apparatus comprises the mobile communication device.
  - 15. The apparatus of claim 13, wherein the memory further stores instructions for receiving contents of a context confirm message from the source base station.
  - 16. The apparatus of claim 13, wherein the handover confirmation message further includes at least one of:
    - the Nonce associated with the mobile communication device and a Nonce associated with a network.

17. One or more computer readable media storing computer readable instructions that, when executed, cause an apparatus to:
- receive, at a source base station, a measurement report associated with a mobile communication device, the measurement report including an encryption parameter;
  
  transmit a context push message to a target base station in response to receiving the measurement report, the context push message configured to initiate a handoff of the mobile communication device, and wherein the context push message includes one or more encryption keys and a Nonce associated with the mobile communication device;
  
  receive a context confirmation message from the target base station;
  
  transmit a handover command to the mobile communication device; and
  
  upon completion of the handover of the mobile communication device from the source base station to the target base station, receive a handover completion message from the target base station.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 18. The one or more computer readable media of claim 17, further comprising instructions for transmitting a change mapping message to a core network including at least one of the mobility management entity (MME) and the user plane entity (UPE).
  - 19. The one or more computer readable media of claim 17, further comprising instructions for transmitting a relocation indication message to a mobility management entity (MME) of a core network.
  - 20. The one or more computer readable media of claim 17 wherein the context push message further includes at least one of an identifier associated with the source base station, an identifier associated with the target base station, a Session Keys Context (SKC), a Nonce associated with a network, and a network context.
  - 21. The one or more computer readable media of claim 17 wherein the measurement report includes the Nonce associated with the mobile communication device.
  - 22. The one or more computer readable media of claim 17 wherein the handover command includes a second encryption parameter identifying the target base station.
  - 23. The one or more computer readable media of claim 17 wherein the context confirmation message further includes at least one of an identifier associated with the source base station, an identifier associated with the target base station, a Nonce associated with a network, a radio link ID associated with the target base station, and a context ID associated with the target base station.
  - 24. The one or more computer readable media of claim 17 wherein the context confirmation message is signed by the target base station with an integrity key.
  - 25. The one or more computer readable media of claim 24 wherein the integrity key is derived from an SKC Protection key (SPK) associated with the mobile communication device.
  - 26. The one or more computer readable media of claim 17 wherein the context push message includes a network context.

27. An apparatus comprising:
- means for sending a measurement report to a source base station, the measurement report including a first encryption parameter and wherein the measurement report is configured to cause the source base station to send a context push message to a target base station, and wherein the context push message includes one or more encryption keys and a Nonce associated with a mobile communication device;
  
  means for receiving a handover command including a second encryption parameter corresponding to the target base station from the source base station, wherein the target base station and the source base station are different from the apparatus; and
  
  means for sending a handover confirmation message to the target base station, the handover confirmation message including identification information corresponding to at least one of;
  
  the source base station or the target base station.
- View Dependent Claims (28)
- - 28. The apparatus of claim 27, wherein the measurement report includes the Nonce associated with the mobile communication device.

29. A method comprising:
- receiving, by a source base station, a measurement report associated with a mobile communication device, the measurement report including an encryption parameter;
  
  transmitting a context push message to a target base station in response to receiving the measurement report, the context push message configured to initiate a handoff of the mobile communication device, and wherein the context push message includes one or more encryption keys and a Nonce associated with the mobile communication device;
  
  receiving a context confirmation message from the target base station;
  
  transmitting a handover command to the mobile communication device; and
  
  upon completion of the handover of the mobile communication device from the source base station to the target base station, receiving a handover completion message from the target base station.
- View Dependent Claims (30, 31)
- - 30. The method of claim 29, further comprising transmitting a change mapping message to a core network including at least one of the mobility management entity (MME) and the user plane entity (UPE).
  - 31. The method of claim 29, further comprising transmitting a relocation indication message to a mobility management entity (MME) of a core network.

32. An apparatus comprising:
- at least one processor; and
  
  at least one memory operatively coupled to the at least one processor and storing computer readable instructions that, when executed, cause the apparatus to;
  
  receive, at a source base station, a measurement report associated with a mobile communication device, the measurement report including an encryption parameter;
  
  transmit a context push message to a target base station in response to receiving the measurement report, the context push message configured to initiate a handoff of the mobile communication device, and wherein the context push message includes one or more encryption keys and a Nonce associated with the mobile communication device;
  
  receive a context confirmation message from the target base station;
  
  transmit a handover command to the mobile communication device; and
  
  upon completion of the handover of the mobile communication device from the source base station to the target base station, receive a handover completion message from the target base station.
- View Dependent Claims (33, 34)
- - 33. The apparatus of claim 32, the at least one memory further comprising instructions for transmitting a change mapping message to a core network including at least one of the mobility management entity (MME) and the user plane entity (UPE).
  - 34. The apparatus of claim 32, the at least one memory further comprising instructions for transmitting a relocation indication message to a mobility management entity (MME) of a core network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia Technologies Oy (Nokia Corporation)
Original Assignee
Nokia Corporation
Inventors
Forsberg, Dan
Primary Examiner(s)
Nguyen; David Q

Application Number

US11/616,337
Publication Number

US 20070171871A1
Time in Patent Office

1,469 Days
Field of Search

370/331, 455/436
US Class Current

370/331
CPC Class Codes

H04W 12/033   of the user plane, e.g. use...

H04W 12/04   Key management, e.g. using ...

H04W 36/0038   of security context informa...

Secure distributed handover signaling

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

34 Claims

Specification

Solutions

Use Cases

Quick Links

Secure distributed handover signaling

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

34 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links