Devices and method for MTC group key management
First Claim
1. A group gateway in a group communication system including a User Equipment (UE), an independent node deployed in a node different from a node in which the group gateway is deployed, the independent node being a Mobility Management Entity (MME) or a Serving GPRS Support Node (SGSN), and a network server, the group gateway comprising:
- a processor; and
a memory having stored thereon a set of instructions executable by the processor, wherein upon execution of the instructions the processor causes the group gateway to;
receive a group ID and a security related parameter from the network server;
derive a first key;
authenticate the UE based on a second key that is shared between the UE and the group gateway;
distribute, to the UE via the MME or the SGSN, the first key that is protected based on the second key; and
control a key lifetime for updating the first key.
1 Assignment
0 Petitions
Accused Products
Abstract
In order to improve security upon distributing a group key, there is provided a gateway (20) to a core network for a group of MTC devices (10_1-10_n) communicating with the core network. The gateway (20) protects confidentiality and integrity of a group key, and distributes the protected group key to each of the MTC devices (10_1-10_n). The protection is performed by using: a key (Kgr) that is preliminarily shared between the gateway (20) and each of the MTC devices (10_1-10_n), and that is used for the gateway (20) to authenticate each of the MTC devices (10_1-10_n) as a member of the group; or a key (K_iwf) that is shared between an MTC-IWF (50) and each of the MTC devices (10_1-10_n), and that is used to derive temporary keys for securely conducting individual communication between the MTC-IWF (50) and each of the MTC devices (10_1-10_n).
51 Citations
8 Claims
-
1. A group gateway in a group communication system including a User Equipment (UE), an independent node deployed in a node different from a node in which the group gateway is deployed, the independent node being a Mobility Management Entity (MME) or a Serving GPRS Support Node (SGSN), and a network server, the group gateway comprising:
-
a processor; and a memory having stored thereon a set of instructions executable by the processor, wherein upon execution of the instructions the processor causes the group gateway to; receive a group ID and a security related parameter from the network server; derive a first key; authenticate the UE based on a second key that is shared between the UE and the group gateway; distribute, to the UE via the MME or the SGSN, the first key that is protected based on the second key; and control a key lifetime for updating the first key. - View Dependent Claims (2)
-
-
3. A method of a group gateway in a group communication system including a User Equipment (UE), an independent node deployed in a node different from a node in which the group gateway is deployed, the independent node being a Mobility Management Entity (MME) or a Serving GPRS Support Node (SGSN), and a network server, the method comprising:
-
receiving a group ID and a security related parameter from the network server; deriving a first key; authenticating the UE based on a second key that is shared between the UE and the group gateway; distributing, to the UE via the MME or the SGSN, the first key that is protected based on the second key; and controlling a key lifetime for updating the first key. - View Dependent Claims (4)
-
-
5. A User Equipment (UE) in a group communication system including an independent node deployed in a node different from a node in which the group gateway is deployed, the independent node being a Mobility Management Entity (MME) or a Serving GPRS Support Node (SGSN), a network server and a group gateway, the UE comprising:
-
a processor; and a memory having stored thereon a set of instructions executable by the processor, wherein upon execution of the instructions the processor causes the UE to; cause the group gateway to authenticate the UE based on a second key that is shared between the UE and the group gateway; receive, from the group gateway via the MME or the SGSN, a first key protected based on the second key, wherein the group gateway receives a group ID and a security related parameter from the network server, derives the first key, and controls a key lifetime for updating the first key; and decrypt the protected first key using the second key. - View Dependent Claims (6)
-
-
7. A method of a UE (User Equipment) in a group communication system including an independent node deployed in a node different from a node in which the group gateway is deployed, the independent node being a Mobility Management Entity (MME) or a Serving GPRS Support Node (SGSN), a network server and a group gateway, the method comprising:
-
causing the group gateway to authenticate the UE based on a second key that is shared between the UE and the group gateway; receiving, from the group gateway via the MME or the SGSN, a first key protected based on the second key, wherein the group gateway receives a group ID and a security related parameter form the network server, derives the first key, and controls a key lifetime for updating the first key; and decrypting the protected first key using the second key. - View Dependent Claims (8)
-
Specification