Mobility related control signalling authentication in mobile communications system

US 8,145,195 B2
Filed: 04/14/2008
Issued: 03/27/2012
Est. Priority Date: 04/14/2008
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

transmitting a first control message from a mobile device to a first network entity due to change of the mobile device to an access system of the first network entity, the control message comprising an authentication code,receiving the first control message at the first network entity,transmitting a second control message to a second network entity, the second control message including the authentication code as received from the mobile device, andauthenticating the second control message on the basis of verification of the received authentication code,wherein the authentication code is generated on the basis of a previous authentication code stored in connection with a previous authentication code generation event;

and further comprising padding a value of the previous authentication code in response to no previous authentication code being stored.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In a non-limiting and exemplary embodiment, a method is provided for arranging authentication of mobility related signalling messages in a mobile communications system. An authentication code is generated on the basis of a previous authentication code stored in connection with a preceding authentication code generation event. The newly generated authentication code is stored for subsequent authentication code generation event. In response to change of the mobile device to an access network of the network entity, a control message comprising the authentication code is transmitted from a mobile device to a first network entity, for verifying the authentication code by the first network entity or by a second network entity of a previous access system.

13 Citations

View as Search Results

37 Claims

1. A method comprising:
- transmitting a first control message from a mobile device to a first network entity due to change of the mobile device to an access system of the first network entity, the control message comprising an authentication code,receiving the first control message at the first network entity,transmitting a second control message to a second network entity, the second control message including the authentication code as received from the mobile device, andauthenticating the second control message on the basis of verification of the received authentication code,wherein the authentication code is generated on the basis of a previous authentication code stored in connection with a previous authentication code generation event;
  
  and further comprising padding a value of the previous authentication code in response to no previous authentication code being stored.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method according to claim 1, wherein the first message is a location update request message.
  - 3. The method according to claim 2, wherein the second message is a context transfer request, further comprising:
    - transferring a requested context to the first network entity in response to successful verification of the authentication code.
  - 4. The method according to claim 1, wherein the first message is a handover complete or confirmation message.
  - 5. The method according to claim 4, wherein the second message is one of a relocation complete message, a forward relocation complete message, or a handover notify message.
  - 6. The method of claim 1, wherein the first network entity is a network element of one of a legacy 3^rdGeneration Partnership (3GPP) Universal Mobile Telecommunications System (UMTS) system and a legacy 3GPP General Packet Radio Service (GPRS), and wherein the second network entity is a network element of an evolved 3GPP system.
  - 7. The method of claim 6, wherein the first network entity is one of a radio network controller, a serving general packet radio service support node SGSN, an eNodeB, or a mobility management entity MME, and the second network entity is an MME.
  - 8. The method of claim 1, wherein the authentication code is included in a packet switched network temporary mobile station identifier (P-TMSI) signature information field.
  - 9. The method of claim 1, wherein the authentication code is a non-access stratum token derived from a previous non-access stratum token and a user equipment specific non-access stratum key.
  - 10. The method of claim 1, wherein the authentication code is derived from concatenation of a previous non-access stratum token and an access security management key.

11. A method comprising:
- generating an authentication code on the basis of a previous authentication code stored in connection with a preceding authentication code generation event,storing the generated authentication code for subsequent authentication code generation event, andtransmitting a control message comprising the authentication code from a mobile device to a first network entity in response to an access network change for the mobile device, for verifying the authentication code by the first network entity or by a second network entity of a previous access network;
  
  further comprising padding a value of the previous authentication code in response to no previous authentication code being stored.
- View Dependent Claims (12, 13, 14)
- - 12. The method according to claim 11, wherein the message is included in one of a location update request message, a tracking area update request message, a routing area update request message, a handover complete, or a handover confirmation message.
  - 13. The method according to claim 11, wherein the authentication code is included in a packet switched network temporary mobile station identifier (P-TMSI) signature information field.
  - 14. The method of claim 11, wherein the authentication code is a non-access stratum token derived from a previous non-access stratum token and a user equipment specific non-access stratum key.

15. A method comprising:
- generating an authentication code on the basis of a previous authentication code stored in connection with a preceding authentication code generation event,storing the generated authentication code for subsequent authentication code generation event, andusing the generated authentication code when authenticating or authorizing a received control message including an authentication code from a mobile device in response to an access network change due to mobility of the mobile device;
  
  further comprising padding a value of the previous authentication code in response to no previous authentication code being stored.
- View Dependent Claims (16, 17, 18)
- - 16. The method of claim 15, wherein the message is a context transfer request from a network entity of a target system to which the mobile device has entered, further comprising:
    - transferring a requested context to the network entity in response to successful verification of the authentication code.
  - 17. The method of claim 15, wherein the message is one of a relocation complete message, a forward relocation complete message, or a handover notify message.
  - 18. The method of claim 15, wherein the generated authentication code is a non-access stratum token derived from a previous non-access stratum token and a user equipment specific non-access stratum key of an evolved 3GPP system.

19. An apparatus comprising:
- a generator configured to generate an authentication code on the basis of a previous authentication code retrieved from a memory,a storage to store the generated authentication code or an input parameter used to generate the generated authentication code for subsequent authentication code generation event, anda transmitter to transmit a control message comprising the generated authentication code from a mobile device to a first network entity in response to change of an access network for the mobile device;
  
  wherein the apparatus is configured to pad a value of the previous authentication code in response to no previous authentication code being stored.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26)
- - 20. The apparatus of claim 19, wherein the authentication code is a non-access stratum token derived from a previous non-access stratum token and a user equipment specific key.
  - 21. The apparatus of claim 19, wherein the apparatus is configured to generate the authentication code by applying a key definition function to a previous non-access stratum token and an access security management key.
  - 22. The apparatus of claim 19, wherein the apparatus is a user equipment device configured to transmit the generated authentication code in a control message to an evolved Universal Terrestrial Radio Access Network (E-UTRAN), UTRAN, or GSM/EDGE radio access network (GERAN).
  - 23. The apparatus of claim 19, wherein the apparatus is configured to transmit the generated authentication code in a location update request message, a tracking area update request message or a routing area update request message.
  - 24. The apparatus of claim 19, wherein the apparatus is configured to transmit the generated authentication code in a packet switched network temporary mobile station identifier (P-TMSI) signature information field.
  - 25. The apparatus of claim 19, wherein the apparatus is configured to transmit the generated authentication code in a handover complete or confirmation message.
  - 26. The apparatus of claim 19, wherein the apparatus is a chipset for a mobile communications device.

27. An apparatus comprising:
- a generator configured to generate an authentication code on the basis of a previous authentication code retrieved from a memory,a storage to store the generated authentication code for subsequent authentication code generation event, andan authenticator configured to use the generated authentication code when authenticating or authorizing a received control message including an authentication code from a mobile device in response to an access network change for the mobile devicewherein the apparatus is configured to pad a value of the previous authentication code in response to no previous authentication code being stored.
- View Dependent Claims (28, 29, 30, 31)
- - 28. The apparatus of claim 27, wherein the generated authentication code is a non-access stratum token derived from a previous non-access stratum token and a user equipment specific key.
  - 29. The apparatus of claim 27, wherein the apparatus is configured to derive the generated authentication code by applying a key definition function to a previous non-access stratum token and an access security management key.
  - 30. The apparatus of claim 27, wherein the apparatus is configured to function as a mobility management entity MME of an evolved 3GPP system.
  - 31. The apparatus of claim 27, wherein the received control message is one of a relocation complete message, a forward relocation complete message, or a handover notify message.

32. A computer readable storage medium encoding a computer process for authentication code generation control in a communications device, the computer process comprising:
- generating an authentication code on the basis of a previous authentication code stored in connection with a preceding authentication code generation event,storing the generated authentication code for subsequent authentication code generation event, andtransmitting a control message comprising the authentication code from a mobile device to a first network entity in response to an access network change for the mobile device, for verifying the authentication code by the first network entity or by a second network entity of a previous access system;
  
  further comprising padding a value of the previous authentication code in response to no previous authentication code being stored.
- View Dependent Claims (33)
- - 33. A computer readable storage medium of claim 32, wherein the authentication code is a non-access stratum token derived from a previous non-access stratum token and a user equipment specific key.

34. A computer readable storage medium encoding a computer process for authentication code generation control in a communications device, the computer process comprising:
- generating an authentication code on the basis of a previous authentication code storedin connection with a preceding authentication code generation event,storing the generated authentication code for subsequent authentication code generation event, andusing the generated authentication code when authenticating or authorizing a received control message including an authentication code from a mobile device in response to an access network change for the mobile device;
  
  further comprising padding a value of the previous authentication code in response to no previous authentication code being stored.
- View Dependent Claims (35)
- - 35. The computer readable storage medium of claim 34, wherein the generated authentication code is a non-access stratum token derived from a previous non-access stratum token and a user equipment specific key.

36. An apparatus comprising:
- means for generating an authentication code on the basis of a previous authentication code retrieved from the memory,means for storing the generated authentication code for subsequent authentication code generation event,means for transmitting a control message comprising the authentication code from a mobile device to a network entity in response to change of the mobile device to an access network of the network entity; and
  
  means for padding a value of the previous authentication code in response to no previous authentication code being stored.
- View Dependent Claims (37)
- - 37. The apparatus of claim 36, wherein the authentication code is a non-access stratum token derived from a previous non-access stratum token and a user equipment specific key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia Technologies Oy (Nokia Corporation)
Original Assignee
Nokia Corporation
Inventors
Forsberg, Dan Lars Anders, Niemi, Valtteri
Primary Examiner(s)
Beamer, Temica M

Application Number

US12/081,306
Publication Number

US 20090258631A1
Time in Patent Office

1,443 Days
Field of Search

455/411, 455436-440, 370/331, 380247-250
US Class Current

455/411
CPC Class Codes

H04L 63/08   for authentication of entit...

H04W 12/062   Pre-authentication

H04W 12/068   using credential vaults, e....

H04W 36/0005   Control or signalling for c...

H04W 60/04   using triggered events

Mobility related control signalling authentication in mobile communications system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

13 Citations

37 Claims

Specification

Solutions

Use Cases

Quick Links

Mobility related control signalling authentication in mobile communications system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

13 Citations

37 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links