Systems, methods, and devices for secure device-to-device discovery and communication

US 9,893,894 B2
Filed: 09/23/2015
Issued: 02/13/2018
Est. Priority Date: 03/13/2015
Status: Active Grant

First Claim

Patent Images

1. User equipment (UE), comprising:

a memory device to store instructions; and

a baseband processor to execute the instructions to;

process a discovery response message from a peer UE to determine whether or not the discovery response message includes a payload comprising first a shared secret value (SSV);

generate a direct communication request to the peer UE, wherein the direct communication request comprises a first signature authenticating an identity of a user of the UE;

if the discovery response message includes the payload comprising the first SSV, use the first SSV provided in the payload of the discovery response message to encrypt the direct communication request;

if the discovery response message does not include the payload comprising the first SSV, generate a second SSV to share with the peer UE and encode the second SSV into a payload of the direct communication request;

decrypt, using the first SSV if included in the discovery response message, or using the second SSV if the first SSV is not included in the discovery response message, a direct communication response from the peer UE to authenticate an identity of the peer UE, wherein the direct communication response comprises a second signature authenticating the identity of a user of the peer UE; and

in response to the direct communication response from the peer UE to authenticate the identity of the peer UE, engage in direct communication with the peer UE using the first SSV if included in the discovery response message, or using the second SSV if the first SSV is not included in the discovery response message,wherein common key material, for communication between the UE and the peer UE, is generated and communicated between the UE and the peer UE based on a Sakai-Kasahara Key Encryption (SAKKE) scheme.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A user equipment (UE) is configured to send a direct communication request to a peer UE, wherein the direct communication request comprises a signature authenticating an identity of the UE. The UE is configured to process a direct communication response from the peer UE to authenticate an identity of the peer UE, wherein the direct communication response comprises a signature authenticating the identity of the peer UE. In response to processing the direct communication response from the peer UE to authenticate the identity of the peer UE, the UE is configured to engage in direct communication with the peer UE.

13 Citations

View as Search Results

11 Claims

1. User equipment (UE), comprising:
- a memory device to store instructions; and
  
  a baseband processor to execute the instructions to;
  
  process a discovery response message from a peer UE to determine whether or not the discovery response message includes a payload comprising first a shared secret value (SSV);
  
  generate a direct communication request to the peer UE, wherein the direct communication request comprises a first signature authenticating an identity of a user of the UE;
  
  if the discovery response message includes the payload comprising the first SSV, use the first SSV provided in the payload of the discovery response message to encrypt the direct communication request;
  
  if the discovery response message does not include the payload comprising the first SSV, generate a second SSV to share with the peer UE and encode the second SSV into a payload of the direct communication request;
  
  decrypt, using the first SSV if included in the discovery response message, or using the second SSV if the first SSV is not included in the discovery response message, a direct communication response from the peer UE to authenticate an identity of the peer UE, wherein the direct communication response comprises a second signature authenticating the identity of a user of the peer UE; and
  
  in response to the direct communication response from the peer UE to authenticate the identity of the peer UE, engage in direct communication with the peer UE using the first SSV if included in the discovery response message, or using the second SSV if the first SSV is not included in the discovery response message,wherein common key material, for communication between the UE and the peer UE, is generated and communicated between the UE and the peer UE based on a Sakai-Kasahara Key Encryption (SAKKE) scheme.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The UE of claim 1, wherein one or more of the first signature authenticating the identity of the user of the UE and the second signature authenticating the identity of the user of the peer UE comprise a signature based on an Elliptic Curve-based Certificateless Signatures for Identity-based Encryption (ECCSI) signature scheme.
  - 3. The UE of claim 1, wherein one or more of the direct communication request and the direct communication response comprise messages for establishment of a secure layer-2 link between the UE and the peer UE.
  - 4. The UE of claim 1, wherein the baseband processor is further configured to agree on the common key material for communication between the UE and the peer UE, wherein the common key material is used for encoding or decoding communications between the UE and the peer UE.
  - 5. The UE in claim 4, wherein the baseband processor is configured to agree on the common key material by generating the common key material for communication to the peer UE or processing the common key material received from the peer UE.
  - 6. The UE in claim 5, wherein the common key material is included as part of a SAKKE payload within the direct communication request or the direct communication response.
  - 7. The UE of claim 1, wherein one or more of the first signature authenticating the identity of the user of the UE and the second signature authenticating the identity of the user of the peer UE is computed over one or more other parameters in a corresponding message for message integrity protection.

8. A baseband processor comprising:
- memory to store an identity of a user corresponding to the baseband processor; and
  
  circuitry to;
  
  discover, based on a discovery response message, a proximal user equipment (UE);
  
  determine whether the discovery response message includes a first shared secret value (SSV);
  
  format a message comprising a payload authenticating the identity of the user corresponding to the baseband processor to send to the proximal UE;
  
  if the discovery response message includes the first SSV, encrypt the message comprising the payload using the first SSV;
  
  if the discovery response message does not include the first SSV, generate a second SSV to include in the payload to share with the proximal UE;
  
  authenticate an identity of a user of the proximal UE; and
  
  communicate directly with the proximal UE to encrypt and decrypt direct messages using the first or second SSV,wherein common key material, for communication with the proximal UE, is generated and communicated with the proximal UE based on a Sakai-Kasahara Key Encryption (SAKKE) scheme.
- View Dependent Claims (9, 10, 11)
- - 9. The baseband processor of claim 8, wherein the message comprises a message to establish direct communication between a UE corresponding to the baseband processor and the at least one of the one or more proximal UE.
  - 10. The baseband processor of claim 8, wherein the circuitry is further configured to determine a secret key for communication between the proximal UE and a UE corresponding to the baseband processor, wherein the circuitry is configured to encode or decode communications between the proximal UE and a UE corresponding to the baseband processor based on the secret key.
  - 11. The baseband processor of claim 8, wherein the payload comprises the identity of the user corresponding to the baseband processor and a signature based on an Elliptic Curve-based Certificateless Signatures for Identity-based Encryption (ECCSI) signature scheme.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Intel IP Corporation (Intel Corporation)
Inventors
Stojanovski, Alexandre S., Adrangi, Farid
Primary Examiner(s)
Patel, Ashok
Assistant Examiner(s)
Almamun, Abdullah

Application Number

US14/863,168
Publication Number

US 20160269185A1
Time in Patent Office

874 Days
Field of Search

713176
US Class Current
CPC Class Codes

H04L 2209/24   Key scheduling, i.e. genera...

H04L 2209/72   Signcrypting, i.e. digital ...

H04L 2209/80   Wireless network architectu...

H04L 9/083   involving central third par...

H04L 9/0844   with user authentication or...

H04L 9/3066   involving algebraic varieti...

H04L 9/3247   involving digital signatures

H04L 9/3252   using DSA or related signat...

H04W 12/069   using certificates or pre-s...

H04W 76/14   Direct-mode setup

H04W 8/005   Discovery of network device...

Systems, methods, and devices for secure device-to-device discovery and communication

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

13 Citations

11 Claims

Specification

Use Cases

Quick Links

Others

Systems, methods, and devices for secure device-to-device discovery and communication

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

13 Citations

11 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others