Security protocols for mobile operator networks

US 9,270,700 B2
Filed: 06/18/2009
Issued: 02/23/2016
Est. Priority Date: 12/12/2008
Status: Active Grant

First Claim

Patent Images

1. A method implemented by a computer device at a media content provider, the method comprising:

establishing a mobile communication link with a mobile device via a communication service provider with which the mobile device is registered for mobile communications, and via at least one roaming node network with which the communication service provider has a roaming service agreement;

receiving a security policy request from the mobile device to establish a security policy for end-to-end security of the mobile communication link between the media content provider and the mobile device for data communication security;

communicating a security policy response to the mobile device to establish the security policy for the end-to-end security of the mobile communication link;

communicating a challenge to the mobile device via the mobile communication link that is secure based on the security policy, the mobile communication link including the roaming node network and a mobile operator network that is managed by the communication service provider; and

receiving the challenge back from the mobile device via the mobile operator network and the communication service provider, the challenge including data added by the communication service provider, the added data comprising a billing identifier that is associated with the mobile device, the billing identifier being securely received from the communication service provider via the mobile communication link.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Security protocols for mobile operator networks are described. In embodiments, mobile communication link is established between a mobile phone and a media content provider via a communication service provider with which the mobile phone is registered for mobile communications, and via at least one roaming node network with which the communication service provider has a roaming service agreement. The media content provider receives a security policy request from the mobile phone to establish a security policy for end-to-end security of the mobile communication link between the media content provider and the mobile phone for data communication security. The media content provider then communicates a security policy response to the mobile phone to establish the security policy for the end-to-end security of the mobile communication link that is adaptable to security restrictions of the roaming node network.

19 Citations

View as Search Results

15 Claims

1. A method implemented by a computer device at a media content provider, the method comprising:
- establishing a mobile communication link with a mobile device via a communication service provider with which the mobile device is registered for mobile communications, and via at least one roaming node network with which the communication service provider has a roaming service agreement;
  
  receiving a security policy request from the mobile device to establish a security policy for end-to-end security of the mobile communication link between the media content provider and the mobile device for data communication security;
  
  communicating a security policy response to the mobile device to establish the security policy for the end-to-end security of the mobile communication link;
  
  communicating a challenge to the mobile device via the mobile communication link that is secure based on the security policy, the mobile communication link including the roaming node network and a mobile operator network that is managed by the communication service provider; and
  
  receiving the challenge back from the mobile device via the mobile operator network and the communication service provider, the challenge including data added by the communication service provider, the added data comprising a billing identifier that is associated with the mobile device, the billing identifier being securely received from the communication service provider via the mobile communication link.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. A method as recited in claim 1, wherein the security policy request that is received from the mobile device includes a region code corresponding to the roaming node network.
  - 3. A method as recited in claim 2, further comprising determining the encryption policy for the roaming node network based on the region code.
  - 4. A method as recited in claim 1, wherein the security policy request that is received from the mobile device is included with authentication data messages that are communicated between the mobile device and the media content provider.
  - 5. A method as recited in claim 4, wherein the security policy request includes a region code corresponding to the roaming node network, the region code being included with the authentication data messages.
  - 6. A method as recited in claim 1, further comprising:
    - receiving an indication that the roaming node network is changing to a different roaming node network to maintain the mobile communication link; and
      
      adapting the security policy for the end-to-end security of the mobile communication link for alternative security restrictions of the different roaming node network.

7. A method implemented by a mobile device, the method comprising:
- establishing a mobile communication link with a media content provider via a communication service provider with which the mobile device is registered for mobile communications, and via at least one roaming node network with which the communication service provider has a roaming service agreement;
  
  communicating a security policy request to the media content provider to establish a security policy for end-to-end security of the mobile communication link between the media content provider and the mobile device for data communication security, the security policy request including an encryption policy for the roaming node network that is obtained from a cache stored locally on the mobile device; and
  
  receiving a security policy response from the media content provider to establish the security policy for the end-to-end security of the mobile communication link that is adaptable to security restrictions of the roaming node network;
  
  receive a challenge from the media content provider via the mobile communication link that is secure based on the security policy, the mobile communication link including the roaming node network and a mobile operator network that is managed by the communication service provider, andcommunicate the challenge back to the media content prover via the mobile operator network and the communication service provider, the challenge including data added by the communication service provider, the data comprising a billing identifier that is associated with the mobile device.
- View Dependent Claims (8, 9)
- - 8. A method as recited in claim 7, wherein the security policy request further includes a region code that corresponds to the roaming node network.
  - 9. A method as recited in claim 7, wherein the security policy request and the security policy response are included with authentication data messages that are communicated between the mobile device and the media content provider.

10. A mobile communication system, comprising:
- a media content provider configured to establish a mobile communication link with a mobile device via a communication service provider with which the mobile device is registered for mobile communications, and via at least one roaming node network with which the communication service provider has a roaming agreement;
  
  a security protocol service implemented by a computer device at the media content provider, the security protocol service configured to;
  
  receive a security policy request from the mobile device to establish a security policy for end-to-end security of the mobile communication link between the media content provider and the mobile device for data communication security;
  
  determine an encryption policy for the roaming node network based on a region code that corresponds to the roaming node network; and
  
  initiate communication of a security policy response to the mobile device, the security policy response including the encryption policy that is utilized to establish the security policy for the end-to-end security of the mobile communication link that is adaptable to security restrictions of the roaming node network;
  
  communicate a challenge to the mobile device via the mobile communication link that is secure based on the security policy, the mobile communication link including the roaming node network and a mobile operator network that is managed by the communication service provider; and
  
  receive the challenge back from the mobile device via the mobile operator network and the communication service provider, the challenge including data added by the communication service provider, the data comprising a billing identifier that is associated with the mobile device, the billing identifier being securely received from the communication service provider via the mobile communication link.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. A mobile communication system as recited in claim 10, wherein the security policy request and the security policy response are included with authentication data messages that are communicated between the mobile device and the media content provider.
  - 12. A mobile communication system as recited in claim 10, wherein the security protocol service is further configured to receive the encryption policy for the roaming node network from the mobile device that maintains a cache of encryption policies stored locally on the mobile device.
  - 13. A mobile communication system as recited in claim 10, wherein the security protocol service is further configured to receive the region code that corresponds to the roaming node network from the communication service provider.
  - 14. A mobile communication system as recited in claim 10, wherein the security protocol service is further configured to:
    - receive an indication that the roaming node network is changing to a different roaming node network to maintain the mobile communication link; and
      
      adapt the security policy for the end-to-end security of the mobile communication link for alternative security restrictions of the different roaming node network.
  - 15. A mobile communication system as recited in claim 10, wherein the media content provider is further configured to:
    - communicate a challenge to the mobile device via the mobile communication link that is secure based on the security policy, the mobile communication link including the roaming node network and a mobile operator network that is managed by the communication service provider; and
      
      receive the challenge back from the mobile device via the mobile operator network and the communication service provider, the challenge including data added by the communication service provider.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Medvinsky, Gennady, Mercer, David E W
Primary Examiner(s)
VIANA DI PRISCO, GERMAN

Application Number

US12/486,946
Publication Number

US 20100151822A1
Time in Patent Office

2,441 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/0853   using an additional device,...

H04L 63/20   for managing network securi...

H04W 12/02   Protecting privacy or anony...

H04W 12/033   of the user plane, e.g. use...

H04W 12/08   Access security

H04W 76/10   Connection setup

Security protocols for mobile operator networks

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

19 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Security protocols for mobile operator networks

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

19 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links