System for ensuring encrypted communication after handover

US 8,121,293 B2
Filed: 06/23/2008
Issued: 02/21/2012
Est. Priority Date: 11/28/2000
Status: Expired due to Term

First Claim

Patent Images

1. An apparatus, comprising:

a processor configured to compose an integrity protected command message for sending from a radio access network to a multimode mobile station, said integrity protected command message including information relating to the encrypting algorithms supported by a multimode mobile station in a further radio access network, and comprising a payload and a message authentication code.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

During connection setup with a first radio access network, a multimode mobile station sends an unprotected initial signaling message that includes information about those encryption algorithms that the multimode mobile station supports when it communications in a second radio access network. The first radio access network saves some or all the information. Then it composes and sends an integrity-protected message that includes information about the encryption algorithms supported by the multimode mobile station in the second radio access network.

Citations

38 Claims

1. An apparatus, comprising:
- a processor configured to compose an integrity protected command message for sending from a radio access network to a multimode mobile station, said integrity protected command message including information relating to the encrypting algorithms supported by a multimode mobile station in a further radio access network, and comprising a payload and a message authentication code.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The apparatus of claim 1, wherein the processor is further configured to attach information about the encryption algorithms supported by the multimode mobile station in said further radio access network received in an unprotected signaling message from the multimode mobile station to said payload and to apply said payload in an algorithm computing said message authentication code.
  - 3. The apparatus of claim 1, wherein the processor is further configured to save an unprotected signaling message received from the multimode mobile station including information about encryption algorithms supported by the multimode mobile station in the further radio access network and to use the unprotected signaling message in an algorithm computing said message authentication code.
  - 4. The apparatus of claim 1, wherein the processor is further configured to save a payload of an unprotected signaling message received from the multimode mobile station including information about encryption algorithms supported by the multimode mobile station in the further radio access network and to use the payload of the unprotected signaling message in an algorithm computing said message authentication code.
  - 5. The apparatus of claim 1, wherein the processor is further configured to save information about the encryption algorithms supported by the multimode mobile station in said further radio access network and to use information about the encryption algorithms supported by the multimode mobile station in said further radio access network together with information about an encryption algorithm embedded in a command message received from a core network in computing said message authentication code.
  - 6. The apparatus of claim 1, wherein the processor is further configured to omit from the integrity protected command message information about the encryption algorithms supported by the multimode mobile station in said further radio access network and information about the security capability of said multimode mobile station in said radio access network.
  - 7. The apparatus of claim 1, wherein the processor is further configured to include in said integrity protected command message information about the encryption algorithms supported by the multimode mobile station in said further radio access network.
  - 8. The apparatus of claim 1, wherein the processor is further configured to receive said information about the encryption algorithms supported by the multimode mobile station in said further radio access network during connection setup, to save said information about the encryption algorithms, and to use said information about encryption algorithms in composing the integrity protected command message.
  - 9. The apparatus of claim 1, wherein the processor is further configured to send information about the encryption algorithms supported by the multimode mobile station in said further radio access network to a core network.
  - 10. The apparatus of claim 1, wherein the processor is further configured to receive a command message from a core network instructing the multimode mobile station to cipher further communications.
  - 11. The apparatus of claim 10, wherein the processor is further configured to send to said multimode mobile station said integrity protected command message after receiving said command message from the core network.
  - 12. The apparatus of claim 1, wherein said integrity protected command message is configured to instruct the multimode mobile station to cipher further communications.

13. An apparatus, comprising:
- a transmitter configured to send to a first radio access network an unprotected signaling message including information about encryption algorithms supported by a multimode mobile station in a second radio access network;
  
  a receiver configured to receive from the first radio access network an integrity protected command message including information relating to said encryption algorithms supported by the multimode mobile station in the second radio access network, said integrity protected command message comprising a payload and a message authentication code; and
  
  a processor configured to conclude whether said information relating to said encryption algorithms in said integrity protected command message corresponds to said information about said encryption algorithms in said unprotected signaling message.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21)
- - 14. The apparatus of claim 13, wherein said payload comprises information about encryption algorithms, said multimode mobile station configured to compare information about the encryption algorithms received in said payload with stored information about said encryption algorithms supported by the multimode mobile station.
  - 15. The apparatus of claim 13, wherein the processor is further configured to save the unprotected signaling message and to use the unprotected signaling message in an algorithm computing an expected message authentication code for the integrity protected command message.
  - 16. The apparatus of claim 13, wherein the processor is further configured to save a payload of the unprotected signaling message and to use the payload of the unprotected signaling message in an algorithm computing an expected message authentication code for the integrity protected command message.
  - 17. The apparatus of claim 13, wherein the processor is further configured to use information about the encryption algorithms supported by the multimode mobile station in said second radio access network together with information about an encryption algorithm for use with said first radio access network in computing an expected message authentication code for the integrity protected command message.
  - 18. The apparatus of claim 13, wherein said integrity protected command message omits information about the encryption algorithms supported by the multimode mobile station in said further radio access network and information about the security capability of said multimode mobile station in said radio access network.
  - 19. The apparatus of claim 13, wherein said integrity protected command message comprises information about the encryption algorithms supported by the multimode mobile station in said further radio access network.
  - 20. The apparatus of claim 13, wherein the processor is further configured to send said information about the encryption algorithms supported by the multimode mobile station in said second radio access network during connection setup.
  - 21. The apparatus of claim 13, wherein said integrity protected command message instructs the multimode mobile station to cipher further communications.

22. A method, comprising:
- composing an integrity protected command message, said integrity protected command message including information relating to the encrypting algorithms supported by the multimode mobile station in a second radio access network and including a payload and a message authentication code; and
  
  sending the composed integrity protected command message from a first radio access network to a multimode mobile station.
- View Dependent Claims (23, 24, 25)
- - 23. The method of claim 22, further comprising:
    - sending information about the encryption algorithms supported by the multimode mobile station in said second radio access network to a core network.
  - 24. The method of claim 22, further comprising:
    - receiving a command message from the core network, said command message instructing the multimode mobile station to cipher further communication.
  - 25. The method of claim 22, further comprising:
    - instructing the multimode mobile station to cipher further communications with said integrity protected command message.

26. A method, comprising:
- sending from a multimode mobile station to a first radio access network an unprotected signaling message including information about encryption algorithms supported by the multimode mobile station in a second radio access network;
  
  receiving from the first radio access network an integrity protected command message including information relating to said encryption algorithms supported by the multimode mobile station in the second radio access network, said integrity protected command message comprising a payload and a message authentication code; and
  
  concluding whether said information relating to said encryption algorithms in said integrity protected command message corresponds to said information about said encryption algorithms in said unprotected signaling message.
- View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34)
- - 27. The method of claim 26, wherein said payload comprises information about encryption algorithms, and wherein the method further comprises comparing information about the encryption algorithms received in said payload with stored information about said encryption algorithms supported by the multimode mobile station.
  - 28. The method of claim 26, further comprising:
    - saving the unprotected signaling message; and
      
      using the unprotected signaling message in an algorithm computing an expected message authentication code for the integrity protected command message.
  - 29. The method of claim 26, further comprising:
    - saving a payload of the unprotected signaling message; and
      
      using the payload of the unprotected signaling message in an algorithm computing an expected message authentication code for the integrity protected command message.
  - 30. The method of claim 26, further comprising:
    - using information about the encryption algorithms supported by the multimode mobile station in said second radio access network together with information about an encryption algorithm for use with said first radio access network in computing an expected message authentication code for the integrity protected command message.
  - 31. The method of claim 26, wherein said integrity protected command message omits information about the encryption algorithms supported by the multimode mobile station in said further radio access network and information about the security capability of said multimode mobile station in said radio access network.
  - 32. The method of claim 26, wherein said integrity protected command message comprises information about the encryption algorithms supported by the multimode mobile station in said further radio access network.
  - 33. The method of claim 26, further comprising:
    - sending said information about the encryption algorithms supported by the multimode mobile station in said second radio access network during connection setup.
  - 34. The method of claim 26, wherein said integrity protected command message instructs the multimode mobile station to cipher further communications.

35. An apparatus, comprising:
- a transmitter configured to send to a first radio access network an unprotected signaling message identifying encryption algorithms supported by a multimode mobile station in a second radio access network;
  
  a receiver configured to receive from the first radio access network an integrity protected command message identifying said encryption algorithms supported by the multimode mobile station in the second radio access network, said integrity protected command message comprising a payload and a message authentication code; and
  
  a processor configured to conclude whether identification of said encryption algorithms in said integrity protected command message corresponds to identification of said encryption algorithms in said unprotected signaling message.
- View Dependent Claims (36, 37, 38)
- - 36. The apparatus of claim 35, whereinsaid unprotected signaling message identifying encryption algorithms supported by a multimode mobile station in the second radio access network includes GSM classmark information relating to the security capability of the multimode mobile station in the second radio access network;
    - and whereinsaid integrity protected command message identifying said encryption algorithms supported by the multimode mobile station in the second radio access network includes said GSM classmark information relating to the security capability of the multimode mobile station in the second radio access network; and
      
      whereinsaid processor is configured to conclude whether said identifications of said encryption algorithms in the sent unprotected and received integrity protected messages, respectively, correspond by determining whether said GSM classmark information in the sent unprotected and received integrity protected messages, respectively, match.
  - 37. The apparatus of claim 36, wherein said first radio access network is a UMTS network and said second radio access network is a GSM network;
    - and whereinsaid unprotected signaling message identifying encryption algorithms supported by a multimode mobile station in the second radio access network further includes UE security capability information relating to the security capability of the multimode mobile station in the first radio access network; and
      
      whereinsaid integrity protected command message identifying said encryption algorithms supported by the multimode mobile station in the second radio access network further includes said UE security capability information relating to the security capability of the multimode mobile station in the first radio access network; and
      
      whereinsaid processor is configured to conclude whether said respective identifications of said encryption algorithms correspond by determining whether said GSM classmark information in the sent unprotected and received integrity protected messages, respectively is the same and whether said UE security capability information in the sent unprotected and received integrity protected messages, respectively, match.
  - 38. The apparatus of claim 36, wherein said GSM classmark information is used in calculating said message authentication code.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia Technologies Oy (Nokia Corporation)
Original Assignee
Nokia Corporation
Inventors
Vialen, Jukka, Niemi, Valtteri
Primary Examiner(s)
Smithers, Matthew

Application Number

US12/213,618
Publication Number

US 20080267405A1
Time in Patent Office

1,338 Days
Field of Search

380/272
US Class Current

380/272
CPC Class Codes

H04L 63/123   received data contents, e.g...

H04L 63/1475   Passive attacks, e.g. eaves...

H04W 12/02   Protecting privacy or anony...

H04W 12/037   of the control plane, e.g. ...

H04W 12/106   Packet or message integrity

H04W 12/108   Source integrity

H04W 12/121   Wireless intrusion detectio...

H04W 12/122   Counter-measures against at...

H04W 76/10   Connection setup

System for ensuring encrypted communication after handover

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

38 Claims

Specification

Solutions

Use Cases

Quick Links

System for ensuring encrypted communication after handover

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

38 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links