Authentication method and apparatus for user equipment and LIPA network entities

US 9,137,661 B2
Filed: 07/03/2012
Issued: 09/15/2015
Est. Priority Date: 10/06/2011
Status: Active Grant

First Claim

Patent Images

1. An authentication method for local internet protocol access (LIPA) network entity and user equipment (UE), adapted to a cross-LIPA communication situation getting involved with a UE end, a visiting LIPA network entity end (LIPA_V), and a home LIPA network entity end (LIPA_H), and comprising:

successfully registering to a CN by said UE end via said LIPA_V, to attain mutual trust relationship of said UE end and said LIPA_V;

successfully registering to said CN by said UE end via said LIPA_H, to attain mutual trust relationship of said UE end and said LIPA_H; and

requesting said UE end by said LIPA_Hfor re-authentication and successfully re-authenticating said UE end via said LIPA_V, to attain mutual trust relationship of said LIPA_Vand said LIPA_H,wherein a mutual authentication of said UE end, said LIPA_V, and said LIPA_His attained by a user end triggered authentication procedure,wherein said mutual authentication procedure comprises;

sending a specific message to said LIPA_Hby said LIPA_Vto trigger said UE end to authenticate to said CN with said LIPA_Vand said LIPA_Hbeing involved, and said LIPA_Hforwarding said specific message to said CN, to enable said CN to authenticate said UE end;

in an existing universal mobile telecommunications system authentication and key agreement procedure, adding forwarding functions to said LIPA_Hand said LIPA_V, including sending a user authentication request message by said LIPA_V, forwarding a user authentication request message by said LIPA_H, and forwarding a user authentication response message by said LIPA_V; and

in an existing security mode control procedure, adding another forwarding function to said LIPA_Hand said LIPA_V, including forwarding a security mode command message by said LIPA_H, and forwarding a security mode completion message by said LIPA_V.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An authentication method for user equipment (UE) and LIPA network entities is applicable to a cross-LIPA communication environment having an UE end, a visiting LIPA network entity end (LIPA_V), and a home LIPA network entity end (LIPA_H). The UE end successfully registers to a core network (CN) via the LIPA_V, thereby attaining mutual trust relationship between the UE end and the LIPA_V. The UE end successfully registers to the CN via the LIPA_H, thereby attaining mutual trust relationship between the UE end and the LIPA_H. The LIPA_Hrequests the UE end via the LIPA_Vfor successfully re-authenticating the CN, thereby attaining mutual trust relationship between the LIPA_Vand the LIPA_H.

25 Citations

7 Claims

1. An authentication method for local internet protocol access (LIPA) network entity and user equipment (UE), adapted to a cross-LIPA communication situation getting involved with a UE end, a visiting LIPA network entity end (LIPA_V), and a home LIPA network entity end (LIPA_H), and comprising:
- successfully registering to a CN by said UE end via said LIPA_V, to attain mutual trust relationship of said UE end and said LIPA_V;
  
  successfully registering to said CN by said UE end via said LIPA_H, to attain mutual trust relationship of said UE end and said LIPA_H; and
  
  requesting said UE end by said LIPA_Hfor re-authentication and successfully re-authenticating said UE end via said LIPA_V, to attain mutual trust relationship of said LIPA_Vand said LIPA_H,wherein a mutual authentication of said UE end, said LIPA_V, and said LIPA_His attained by a user end triggered authentication procedure,wherein said mutual authentication procedure comprises;
  
  sending a specific message to said LIPA_Hby said LIPA_Vto trigger said UE end to authenticate to said CN with said LIPA_Vand said LIPA_Hbeing involved, and said LIPA_Hforwarding said specific message to said CN, to enable said CN to authenticate said UE end;
  
  in an existing universal mobile telecommunications system authentication and key agreement procedure, adding forwarding functions to said LIPA_Hand said LIPA_V, including sending a user authentication request message by said LIPA_V, forwarding a user authentication request message by said LIPA_H, and forwarding a user authentication response message by said LIPA_V; and
  
  in an existing security mode control procedure, adding another forwarding function to said LIPA_Hand said LIPA_V, including forwarding a security mode command message by said LIPA_H, and forwarding a security mode completion message by said LIPA_V.
- View Dependent Claims (2, 3)
- - 2. The authentication method as claimed in claim 1, wherein said UE end represents one or more UEs, said LIPA_Vrepresents one or more visiting LIPA network entities, said LIPA_Hrepresents one or more home LIPA network entities.
  - 3. The authentication method as claimed in claim 1, wherein the mutual authentication of said UE end, said LIPA_V, and said LIPA_His attained by an authentication procedure which is triggered by a RAU procedure in addition with a serving radio network subsystem (SRNS) relocation procedure.

4. An authentication method for local internet protocol access (LIPA) network entity and user equipment (UE), adapted to a cross-LIPA communication situation getting involved with a UE end, a visiting LIPA network entity end (LIPA_V), and a home LIPA network entity end (LIPA_H), and comprising:
- successfully registering to a CN by said UE end via said LIPA_Vto attain mutual trust relationship of said UE end and said LIPA_V;
  
  successfully registering to said CN by said UE end via said LIPA_H, to attain mutual trust relationship of said UE end and said LIPA_H; and
  
  requesting said UE end by said LIPA_Hfor re-authentication and successfully re-authenticating said UE end via said LIPA_V, to attain mutual trust relationship of said LIPA_Vand said LIPA_H,wherein a mutual authentication of said UE end, said LIPA_V, and said LIPA_His attained by an authentication procedure which is triggered by a simplified routing area update (RAU) procedure,wherein said authentication procedure triggered by said simplified RAU procedure comprises;
  
  sending a specific message of a RAU request by said LIPA_Vto said LIPA_H, to trigger said UE end to authenticate to said CN end with said LIPA_Vand said LIPA_Hbeing involved, forwarding said specific message of the RAU request to said CN by said LIPA_H, and verifying the content information of said specific message by said CN;
  
  in an existing universal mobile telecommunications system authentication and key agreement procedure, adding forwarding functions to said LIPA_Hand said LIPA_V, including forwarding a user authentication request message by said LIPA_H, forwarding a user authentication response message to said LIPA_Hby said LIPA_V, and forwarding a user authentication response message to said CN by said LIPA_H;
  
  in an existing security mode control procedure, adding another forwarding functions to said LIPA_Hand said LIPA_V, including forwarding a security mode command message by said LIPA_H, and forwarding a security mode completion message by said LIPA_V; and
  
  sending a RAU response to said LIPA_Hby said CN, and forwarding said RAU response to said LIPA_Vby said LIPA_Hto complete said simplified RAU procedure.
- View Dependent Claims (5, 6, 7)
- - 5. The authentication method as claimed in claim 4, wherein said authentication procedure triggered by said RAU procedure with a serving radio network system (SRNS) relocation procedure comprises:
    - performing said SRNS relocation procedure, including requesting said LIPA_Vfor the communication service data of said UE end kept in said LIPA_Vby said CN, sending to said CN said communication service data of said UE end kept in said LIPA_Vby said LIPA_V, and requesting said LIPA_Hby said CN to prepare corresponding communication service resources;
      
      performing a security procedure by said UE end, said LIPA_V, said LIPA_H, and said CN for key generation, exchange, and storage; and
      
      performing exchanging communication service data of said UE end between said LIPA_Vand said LIPA_H, then forwarding a RAU response message to said LIPA_Vby said LIPA_Hto complete said RAU procedure.
  - 6. The authentication method as claimed in claim 4, wherein said RAU response at least contains an updated UE ID, a valid location information of said updated UE ID, and a verification code for determining the legitimacy and the authenticity of said updated UE ID.
  - 7. The authentication method as claimed in claim 4, wherein said RAU request message at least contains a temporary UE ID, a valid location of said temporary UE ID, and a verification code of said temporary UE ID.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Industrial Technology Research Institute
Original Assignee
Industrial Technology Research Institute
Inventors
Cheng, Ching-Wen, Lin, Yung-Chun, Wu, Jia-Wei, Yang, Shun-Ren
Primary Examiner(s)
Kim, Jung
Assistant Examiner(s)
Wilcox, James J

Application Number

US13/541,123
Publication Number

US 20130091552A1
Time in Patent Office

1,169 Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 63/0869   for achieving mutual authen...

H04W 12/0431   Key distribution or pre-dis...

H04W 12/06   Authentication

H04W 8/06   Registration at serving net...

Authentication method and apparatus for user equipment and LIPA network entities

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

25 Citations

7 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication method and apparatus for user equipment and LIPA network entities

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

25 Citations

7 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links