System and method for selection of security algorithms

US 8,949,927 B2
Filed: 10/27/2008
Issued: 02/03/2015
Est. Priority Date: 10/31/2007
Status: Active Grant

First Claim

Patent Images

1. A method of managing security for a connection between a user device and an Long Term Evolution (LTE) communications network comprising at least one Evolved Universal Terrestrial Radio Access Network (E-UTRAN) base station and a core network, the method comprising:

receiving, at the core network, security capability information for the user device connecting to the communications network;

obtaining security capability information for one base station of the at least one base stations;

processing, at the core network, the security capability information for the user device and the security capability information for the base station to select a plurality of preferred security policies for a connection between the user device and the base station; and

transmitting the selected plurality of preferred security policies to the base station as a list of preferred security policies from which said base station can select a security policy,wherein the selected security policy relates to at least one of a Radio Resource Control (RRC), a User Plane (UP), and a Non-Access Stratum (NAS) security algorithm selection.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

There is described a method and apparatus for managing security for a connection between a user device and a communications network comprising at least one base station and a core network. In one embodiment, the method includes receiving at the core network security capability information for the user device connecting to the communications network. Security capability information for the base station is then obtained from memory or from the base station itself. The security capability information for the user device and the security capability information for the base station is then processed in the core network to select a security policy for a connection between the user device and the base station and the selected security policy is transmitted to the base station.

37 Citations

View as Search Results

30 Claims

1. A method of managing security for a connection between a user device and an Long Term Evolution (LTE) communications network comprising at least one Evolved Universal Terrestrial Radio Access Network (E-UTRAN) base station and a core network, the method comprising:
- receiving, at the core network, security capability information for the user device connecting to the communications network;
  
  obtaining security capability information for one base station of the at least one base stations;
  
  processing, at the core network, the security capability information for the user device and the security capability information for the base station to select a plurality of preferred security policies for a connection between the user device and the base station; and
  
  transmitting the selected plurality of preferred security policies to the base station as a list of preferred security policies from which said base station can select a security policy,wherein the selected security policy relates to at least one of a Radio Resource Control (RRC), a User Plane (UP), and a Non-Access Stratum (NAS) security algorithm selection.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 28)
- - 2. A method according to claim 1, further comprising:
    - obtaining security policy information for the core network; and
      
      selecting a security policy for a connection between the user device and the base station based on the security policy information for the core network.
  - 3. A method according to claim 2, wherein the security policy information for the core network comprises at least one preferred security policy.
  - 4. A method according to claim 2, wherein the security policy information comprises a prioritized list of security policies.
  - 5. A method according to claim 1, wherein the list of preferred security policies comprises a prioritized list of security policies.
  - 6. A method according to claim 1, further comprising, prior to said receiving said security capability information for the user device, receiving security capability information for each of a plurality of base stations in the communications network at the core network.
  - 7. A method according to claim 1, further comprising storing the security capability information for each base station in the core network.
  - 8. A method according to claim 7, wherein said storing the security capability information comprises storing security capability information in a context associated with the base station.
  - 9. A method according to claim 1, wherein said obtaining said security capability information for the base station comprises retrieving security capability information from a memory.
  - 10. A method according to claim 1, further comprising receiving security capability information for a base station following establishment of a connection between the base station and the core network.
  - 11. A method according to claim 1, wherein the security capability information is received in an S1 common message.
  - 12. A method according to claim 1, further comprising receiving security capability information for the base station and updating a database to store the security capability information.
  - 13. A method according to claim 1, further comprising selecting the plurality of preferred security policies upon reception of a request for attachment from the user device.
  - 14. A method according to claim 1, further comprising transmitting the selected plurality of preferred security policies to the base station using an S1 dedicated message.
  - 15. A method according to claim 1, further comprising:
    - receiving a notification regarding a transfer of the user device from a source base station to a target base station;
      
      obtaining security capability information for the target base station;
      
      determining whether a change in the plurality of preferred security policies is required for connection to the target base station; and
      
      transmitting the selected plurality of preferred security policies to the target base station.
  - 16. A method according to claim 15 wherein said determining whether the change in the plurality of preferred security policies is required for connection to the target base station comprises retrieving stored security capability information for the target base station.
  - 17. A method according to claim 15, wherein said determining whether said change in the plurality of preferred security policies is required for connection to the target base station comprises transmitting a request for security capability information to the target base station.
  - 18. A method according to claim 1 wherein said obtaining said security capability information for the base station comprises receiving security capability information from the base station.
  - 19. A method according to claim 18, wherein the security capability information is received as part of an attachment request message.
  - 20. A method according to claim 1, wherein the core network comprises at least one gateway component.
  - 21. A method according to claim 1, wherein said selecting the plurality of preferred security policies comprises assessing security capability information and security policy information for the core network.
  - 28. A non-transitory, machine readable, storage medium tangibly embodying a program of machine-readable instructions executable by a digital processing apparatus to perform a method according to claim 1.

22. A gateway for managing security for a connection between a user device and an Long Term Evolution (LTE) communications network comprising at least one Evolved Universal Terrestrial Radio Access Network (E-UTRAN) base station and a core network, the gateway comprising:
- a receiving unit configured to receive security capability information for the user device connecting to the communications network;
  
  an obtaining unit configured to obtain security capability information for a base station of the at least one base stations;
  
  a processing unit configured to process the security capability information for the user device and the security capability information for the base station to select a plurality of preferred security policies for a connection between the user device and the base station; and
  
  a transmitting unit configured to transmit the plurality of preferred selected security policies to the base station as a list of preferred security policies from which said base station can select a security policy,wherein the selected plurality of preferred security policies relates to at least one of a Radio Resource Control (RRC), a User Plane (UP), and a Non-Access Stratum (NAS) security algorithm selection.
- View Dependent Claims (23, 24, 25, 26)
- - 23. A gateway according to claim 22, further comprising a receiving unit configured to receive security capability information for each of the base stations in the communications network.
  - 24. A gateway according to claim 22, further comprising a storing unit configured to store the security capability information for the at least one base station in the core network.
  - 25. A gateway according to claim 22, wherein the obtaining unit is configured to receive security capability information from memory.
  - 26. A gateway according to claim 22, wherein the obtaining unit is configured to receive security capability information from the base station.

27. An Evolved Universal Terrestrial Radio Access Network (E-UTRAN) gateway for managing security for a connection between a user device and a communications network comprising at least one base station and a core network, the gateway comprising:
- a receiver for receiving security capability information for the user device connecting to the communications network;
  
  a device for obtaining security capability information for the base station;
  
  a processor for processing the security capability information for the user device and the security capability information for the base station to select a plurality of preferred security policies for a connection between a user device and the base station; and
  
  a transmitter for transmitting the selected plurality of preferred security to the base station as a list of preferred security policies from which said base station can select a security policy,wherein the selected security policy relates to at least one of a Radio Resource Control (RRC), a User Plane (UP), and a Non-Access Stratum (NAS) security algorithm selection.

29. A user device for connecting to a Long Term Evolution (LTE) communications network comprising at least one Evolved Universal Terrestrial Radio Access Network (E-UTRAN) base station and a core network, the user device comprising:
- a transmitter for transmitting security capability information for the user device to the core network; and
  
  a connection unit configured to establish a connection to the base station using a selected security policy;
  
  wherein the selected security policy is selected by the base station, from a preferred list of security policies comprising a plurality of preferred security policies selected by the core network based on the security capability information for the user device and security capability information for the base station; and
  
  wherein the selected security policy relates to at least one of Radio Resource Control (RRC), User Plane (UP) and Non-Access Stratum (NAS) security algorithm selection.

30. A method performed by a user device for connecting to a Long Term Evolution (LTE) communications network comprising at least one Evolved Universal Terrestrial Radio Access Network (E-UTRAN) base station and a core network, the method comprising:
- transmitting security capability information for the user device to the core network; and
  
  establishing a connection to the base station using a selected security policy;
  
  wherein the selected security policy is selected by the base station, from a preferred list of security policies comprising a plurality of preferred security policies selected by the core network based on the security capability information for the user device and security capability information for the base station; and
  
  wherein the selected security policy relates to at least one of Radio Resource Control (RRC), User Plane (UP) and Non-Access Stratum (NAS) security algorithm selection.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lenovo Innovations Ltd Hong Kong (Lenovo Group Ltd.)
Original Assignee
Lenovo Innovations Ltd Hong Kong (Lenovo Group Ltd.)
Inventors
Arnott, Robert, Serravalle, Francesca, Ahluwalia, Jagdeep Singh
Primary Examiner(s)
Najjar, Saleh
Assistant Examiner(s)
Pan, Peiliang

Application Number

US12/734,393
Publication Number

US 20100263021A1
Time in Patent Office

2,290 Days
Field of Search

726/1, 726/2, 380/255, 380/270, 380/272, 455/410, 455/411
US Class Current

726/1
CPC Class Codes

H04L 63/20   for managing network securi...

H04L 63/205   involving negotiation or de...

H04L 69/24   Negotiation of communicatio...

H04W 12/08   Access security

System and method for selection of security algorithms

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

37 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for selection of security algorithms

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

37 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links