Systems and methods for device-to-device communication in the absence of network coverage
First Claim
1. A method for coupling a first mobile device with a second mobile device in a one-to-one Proximity-based Services (ProSe) communication session comprising:
- the first mobile device discovering the presence of the second mobile device;
negotiating between the first mobile device and the second mobile device to determine which of the first mobile device and the second mobile device is to become a group owner of the communication session and which is to become a client of the communication session; and
wherein when the first mobile device is the client, the method includes conducting a mutual authentication with the group owner;
when the first mobile device is the group owner, the method includes receiving authentication information from the client; and
the connection between the first mobile device and the second mobile device is via a device-to-device (D2D) link,wherein conducting mutual authentication comprises;
transmitting a first certificate owned by the first mobile device to the second mobile device to permit the second mobile device to verify the first certificate; and
the first mobile device verifying a second certificate owned by the second mobile device; and
wherein;
the first certificate includes a first link identifier that identifies the first mobile device;
the second certificate includes a second link identifier that identifies the second mobile device;
the first certificate is arranged to confirm that the first mobile device is authorized; and
the second certificate is arranged to confirm that the second mobile device is authorized.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and system for establishing a secure device-to-device connection between two mobile devices involves the use of a WiFi Direct (LTE Direct or other similar protocols) link paired with an IP Multimedia Subsystems (IMS) link. A device detects the presence of another device that it wishes to connect to. The devices negotiate a group owner, then authenticate each other using a variety of techniques, such as a centrally issued certificate. Thereafter, the devices derive keys to be used for communication, both over the WiFi Direct link and via the IMS link. A WiFi Direct Link may be paired with a Push to Talk over Cellular (PoC) link in order to couple together more than two devices. In such a connection, devices transmit to a group owner, which then sends multicast versions to the rest of the group devices.
34 Citations
24 Claims
-
1. A method for coupling a first mobile device with a second mobile device in a one-to-one Proximity-based Services (ProSe) communication session comprising:
-
the first mobile device discovering the presence of the second mobile device; negotiating between the first mobile device and the second mobile device to determine which of the first mobile device and the second mobile device is to become a group owner of the communication session and which is to become a client of the communication session; and wherein when the first mobile device is the client, the method includes conducting a mutual authentication with the group owner; when the first mobile device is the group owner, the method includes receiving authentication information from the client; and the connection between the first mobile device and the second mobile device is via a device-to-device (D2D) link, wherein conducting mutual authentication comprises; transmitting a first certificate owned by the first mobile device to the second mobile device to permit the second mobile device to verify the first certificate; and the first mobile device verifying a second certificate owned by the second mobile device; and wherein; the first certificate includes a first link identifier that identifies the first mobile device; the second certificate includes a second link identifier that identifies the second mobile device; the first certificate is arranged to confirm that the first mobile device is authorized; and the second certificate is arranged to confirm that the second mobile device is authorized. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for coupling a first mobile device with a second mobile device in a Proximity-based Services (ProSe) group communication session comprising:
-
the first mobile device discovering the presence of the second mobile device; negotiating between the first mobile device and the second mobile device to determine which of the first mobile device and the second mobile device is to become a group owner of the communication session and which is to become a client of the communication session; initiating a certificate-based authentication procedure; establishing a device-to-device connection between the first mobile device and the second mobile device; and establishing a Push to Talk over Cellular (PoC) connection between the first mobile device and the second mobile device, wherein initiating a certificate-based authentication procedure comprises one of; a) the first mobile device asserting a D2D link layer identity and an application layer identity and receiving from the second mobile device an assertion of the D2D link layer identity and application layer identity; having the first mobile device assert its belonging to a group by providing an application layer identity belonging to the group and a link layer identity belonging to the group; having the first mobile device assert its knowledge of a group master key; deriving a group temporary key from the group master key; and using the group temporary key to protect multicast frames the first mobile device sends over the PoC connection, b) having the group owner receive a D2D link identifier for the client; having the group owner receive a pairwise master key that is shared with the client; and using the pairwise master key to transmit and receive data to and from the client, and c) having the client receive a D2D link identifier for the group owner; having the client receive a pairwise master key that is shared with the group owner; and using the pairwise master key to transmit and receive data with the group owner. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. A mobile device for communicating in a Proximity-based Services (ProSe) one-to-one communication session comprising:
-
a processor; a transceiver coupled to the processor and arranged to transmit and receive signals via an antenna assembly;
whereinthe processor is arranged to; discover the presence of a second mobile device; negotiate with the second mobile device to determine which of the mobile device and the second mobile device is to become a group owner of the communication session and which is to become a client of the communication session; and conduct a mutual authentication with the group owner, when the mobile device is a client of the communication session;
wherein,the connection between the first mobile device and the second mobile device is via a device-to-device (D2D) link, to conduct mutual authentication the processor is arranged to; cause the transceiver to transmit a first certificate owned by the mobile device to the second mobile device to permit the second mobile device to verify the first certificate; and verify a second certificate owned by the second mobile device; and wherein; the first certificate includes a first link identifier that identifies the mobile device; the second certificate includes a second link identifier that identifies the second mobile device; the first certificate is arranged to confirm that the mobile device is authorized; and the second certificate is arranged to confirm that the second mobile device is authorized. - View Dependent Claims (19, 20, 21)
-
-
22. A non-transitory machine-readable medium including instructions for coupling a first computing device with a computing mobile device in a Proximity-based Services (ProSe) one-to-one communication session, which when executed by the first computing device, cause the first computing device to:
-
discover the presence of a second computing device; negotiate between with the second computing device to determine which of the first computing device and the second computing device is to become a group owner of the communication session and which is to become a client of the communication session; and wherein when the first computing device is the client, initiate a mutual authentication with the second computing device; when the first computing device is the group owner, the instructions cause the first computing device to receive mutual authentication information from the second computing device; and the connection between the first computing device and the second computing device is via a device-to-device (D2D) link, wherein the instructions to initiate mutual authentication with the second computing device comprise instructions to; transmit a first certificate owned by the first computing device to the second computing device to permit the second computing device to verify the first certificate; and verify a second certificate owned by the second computing device; wherein; the first certificate includes a first link identifier that identifies the first computing device; the second certificate includes a second link identifier that identifies the second computing device; the first certificate is arranged to confirm that the first computing device is authorized; and the second certificate is arranged to confirm that the second computing device is authorized. - View Dependent Claims (23, 24)
-
Specification