System and method for selection of security algorithms

US 9,661,498 B2
Filed: 09/14/2012
Issued: 05/23/2017
Est. Priority Date: 10/31/2007
Status: Active Grant

First Claim

Patent Images

1. A method of managing security for a connection between a user device and a communications network comprising a plurality of base stations and a core network, the method comprising:

receiving security capability information at the core network for the connection between the user device and the communications network via a first base station of the plurality of base stations;

retrieving security capability information at the core network for the first base station from a database that stores security capability information for said plurality of base stations;

processing, at the core network, the security capability information for the user device and the security capability information for the first base station to select a plurality of preferred security policies for a connection between the user device and the first base station; and

transmitting the selected plurality of preferred security policies to the first base station as a list of preferred security policies from which said base station selects a security policy.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for managing security for a connection between a user device and a communications network comprising at least one base station and a core network is provided. The method includes processing, at the core network, the security capability information for the user device and the security capability information for the first base station to select a plurality of preferred security policies for a connection between the user device and the first base station. The method also includes transmitting the selected plurality of preferred security policies to the first base station as a list of preferred security policies from which said base station can select a security policy.

Citations

12 Claims

1. A method of managing security for a connection between a user device and a communications network comprising a plurality of base stations and a core network, the method comprising:
- receiving security capability information at the core network for the connection between the user device and the communications network via a first base station of the plurality of base stations;
  
  retrieving security capability information at the core network for the first base station from a database that stores security capability information for said plurality of base stations;
  
  processing, at the core network, the security capability information for the user device and the security capability information for the first base station to select a plurality of preferred security policies for a connection between the user device and the first base station; and
  
  transmitting the selected plurality of preferred security policies to the first base station as a list of preferred security policies from which said base station selects a security policy.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. A method according to claim 1, further comprising:
    - receiving a notification regarding a transfer of the user device from the first base station to a second base station;
      
      obtaining security capability information for the second base station; and
      
      determining whether a change in the security policy is required for a connection to the second base station.
  - 3. A method according to claim 2, wherein said determining whether a change in the security policy is required for the connection to the second base station comprises retrieving stored security capability information for the second base station.
  - 4. A method according to claim 2, wherein said determining whether a change in the security policy is required for the connection to the second base station comprises transmitting a request for security capability information to the first base station.
  - 5. A method according to claim 1, further comprising receiving security capability information for one of the base stations of the plurality of base stations and updating a database to store the security capability information.
  - 6. A method according to claim 1, wherein the security policy is selected upon reception of a request for attachment from the user device.

7. A gateway for managing security for a connection between a user device and a communication network comprising a plurality of base stations and a core network, the gateway comprising:
- a receiver to receive security capability information for the connection between the user device and the communications network via a first base station;
  
  a controller to retrieve the security capability information for the first base station from a database that stores security capability information for said plurality of base stations;
  
  a processor to process the security capability information for the user device and the security capability information for the first base station to select a plurality of preferred security policies for the connection between the user device and the first base station; and
  
  a transmitter to transmit the selected plurality of security policies to the first base station as a list of preferred security policies from which the first base station selects a security policy.
- View Dependent Claims (8)
- - 8. A gateway according to claim 7, further comprising a database for storing the security capability information for the first base station in the core network.

9. A method of providing a connection between a user device and a communications network comprising a plurality of base stations and a core network, the method comprising:
- establishing a connection between a first base station of the plurality of base stations and the core network, wherein the establishing the connection comprises transmitting from the first base station to the core network security capability information for the first base station for storage in a database that stores security capability information for said plurality of base stations for later retrieval by the core network;
  
  receiving from the core network a list of preferred security policies for the connection between the user device and the first base station wherein the list of preferred security policies comprises a plurality of security policies for a connection between the user device and the first base station of the plurality of base stations;
  
  selecting a security policy from the list of preferred security policies for the connection between the user device and the base station; and
  
  establishing a connection between the user device and the base station using the selected security policy.

10. A base station for providing a connection between a user device and a core network, the base station comprising:
- a transmitter to transmit from the base station to the core network security capability information for the base station for storage in a database that stores security capability information for a plurality of base stations for later retrieval by the core network;
  
  a receiver to receive from the core network a plurality of security policies for the connection to the user device as a list of preferred security policies from which said base station selects a security policy; and
  
  a controller to establish a connection to the user device using the selected security policy.

11. A method performed by a user device for connecting to a communications network comprising a plurality of base stations and a core network, the method comprising:
- transmitting security capability information for the user device to the core network via a first base station; and
  
  establishing a connection to the first base station using a selected security policy,wherein the selected security policy is selected by the core network based on the security capability information for the user device and security capability information for the first base station, and the selected security policy is selected from a plurality of preferred security policies for a connection between the user device and the first base station wherein the plurality of preferred security policies are retrieved from a database that stores security capability information for said plurality of base stations.

12. A user device for connecting to a communications network comprising a plurality of base stations and a core network, the user device comprising:
- a transmitter for transmitting security capability information for the user device to the core network via a first base station;
  
  wherein the transmitter is used to establish a connection to the first base station using a selected security policy, wherein the selected security policy is selected by the core network based on the security capability information for the user device and security capability information for the first base station, and the selected security policy is selected from a plurality of preferred security policies for a connection between the user device and the first base station wherein the plurality of preferred security policies are retrieved from a database that stores security capability information for said plurality of base stations.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lenovo Innovations Ltd Hong Kong (Lenovo Group Ltd.)
Original Assignee
Lenovo Innovations Ltd Hong Kong (Lenovo Group Ltd.)
Inventors
Ahluwalia, Jagdeep Singh, Arnott, Robert, Serravalle, Francesca
Primary Examiner(s)
Davis, Zachary A

Application Number

US13/619,946
Publication Number

US 20130014210A1
Time in Patent Office

1,712 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/20   for managing network securi...

H04L 63/205   involving negotiation or de...

H04L 69/24   Negotiation of communicatio...

H04W 12/08   Access security

System and method for selection of security algorithms

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for selection of security algorithms

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links