Method and apparatus for security protection of an original user identity in an initial signaling message
First Claim
1. A method for security protection of a user identity (ID) in an initial connection signaling message, the method comprising:
- activating a control plane (C-plane) packet data convergence protocol (C-PDCP) layer upon power up of a wireless transmit/receive unit (WTRU);
generating initial security parameters from system information received by the WTRU upon the power up of the WTRU;
loading the initial security parameters to the C-PDCP layer;
ciphering the initial connection signaling message including the user ID usingthe initial security parameters, an f8 algorithm being used for the ciphering and the initial security parameters including a ciphering key (CK), a COUNT-C value, a bearer ID, a direction value, and a length value, the COUNT-C value being a pre-arranged value; and
transmitting the ciphered initial connection signaling message and the user ID, the initial connection signaling message including a public land mobile network (PLMN) identity.
1 Assignment
0 Petitions
Accused Products
Abstract
A wireless transmit/receive unit (WTRU) includes a control plane (C-plane) packet data convergence protocol (C-PDCP) layer which performs ciphering of a signaling message. The C-PDCP layer is activated upon power up of the WTRU and initial security parameters are loaded to the C-PDCP layer. An initial connection signaling message and a user identity are ciphered using the initial security parameters even before the WTRU is authenticated. The initial security parameters including a ciphering key (CK) may be generated from system information broadcast from the network. The CK may be a public key for asymmetric encryption, and may be selected from a public key set broadcast by or derived from the network system information. An index of the selected public key may be separately encoded. Alternatively, the index may be communicated by using a Diffie-Hellman key exchange method.
37 Citations
68 Claims
-
1. A method for security protection of a user identity (ID) in an initial connection signaling message, the method comprising:
-
activating a control plane (C-plane) packet data convergence protocol (C-PDCP) layer upon power up of a wireless transmit/receive unit (WTRU); generating initial security parameters from system information received by the WTRU upon the power up of the WTRU; loading the initial security parameters to the C-PDCP layer; ciphering the initial connection signaling message including the user ID using the initial security parameters, an f8 algorithm being used for the ciphering and the initial security parameters including a ciphering key (CK), a COUNT-C value, a bearer ID, a direction value, and a length value, the COUNT-C value being a pre-arranged value; and transmitting the ciphered initial connection signaling message and the user ID, the initial connection signaling message including a public land mobile network (PLMN) identity. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
-
-
33. A method for security protection of a user identity (ID) in an initial connection signaling message, the method comprising:
-
activating a control plane (C-plane) packet data convergence protocol (C-PDCP) layer upon power up of a wireless transmit/receive unit (WTRU); receiving system information upon the power up of the WTRU; generating initial security parameters from the system information; loading the initial security parameters to the C-PDCP layer; ciphering the initial connection signaling message including the user ID using the initial security parameters and an f8 ciphering algorithm, the initial security parameters including a ciphering key (CK), a COUNT-C value, a bearer ID, a direction value, and a length value, and the COUNT-C value being a START value stored in a universal subscriber identity module (USIM) combined with a pre-agreed value; and transmitting the ciphered initial connection signaling message and the user ID, the initial connection signaling message including a public land mobile network (PLMN) identity. - View Dependent Claims (34)
-
-
35. A wireless transmit/receive unit (WTRU) for security protection of a user identity (ID) in an initial connection signaling message, the WTRU comprising:
-
a non-access stratum (NAS) layer configured to generate a first control signaling message and trigger a connection to a network; a radio resource control (RRC) layer configured to generate a second control signaling message and perform integrity protection of the first and second control signaling messages; and a control plane (C-plane) packet data convergence protocol (C-PDCP) layer configured to perform ciphering of at least one of the first and second control signaling messages including an initial connection signaling message and the user ID using initial security parameters that are loaded to the C-PDCP layer upon power up of the WTRU and send the ciphered initial connection signaling message and the user ID to a network, the initial security parameters generated from system information received by the WTRU upon the power up of the WTRU, an f8 algorithm being used for the ciphering and the initial security parameters including a ciphering key (CK), a COUNT-C value, a bearer ID, a direction value, and a length value, the COUNT-C value being a pre-arranged value and the initial connection signaling message including a public land mobile network (PLMN) identity. - View Dependent Claims (36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66)
-
-
67. A wireless transmit/receive unit (WTRU) for security protection of a user identity (ID) in an initial connection signaling message, the WTRU comprising:
-
a non-access stratum (NAS) layer configured to generate a first control signaling message and trigger a connection to a network; a radio resource control (RRC) layer configured to generate a second control signaling message and perform integrity protection of the first and second control signaling messages; and a control plane (C-plane) packet data convergence protocol (C-PDCP) layer configured, at least in part, to;
perform ciphering of at least one of the first and second control signalingmessages including an initial connection signaling message and the user ID using an f8 algorithm and initial security parameters, the initial security parameters being generated from system information received upon a power up of the WTRU, and the initial security parameters being loaded to the C-PDCP layer; and
send the ciphered initial connection signaling message and the user ID to a network, the initial security parameters including at least one of a ciphering key (CK), a COUNT-C value, a bearer ID, a direction value, and a length value, and the COUNT-C value being a START value stored in a universal subscriber identity module (USIM) combined with a pre-agreed value, the initial connection signaling message including a public land mobile network (PLMN) identity.- View Dependent Claims (68)
-
Specification