Method, System and Device for Negotiating Security Capability when Terminal Moves

US 20140120879A1
Filed: 01/03/2014
Published: 05/01/2014
Est. Priority Date: 08/31/2007
Status: Active Grant

First Claim

Patent Images

1. A user equipment (UE) comprising:

a transmitter configured to send, in situations where the UE moves in idle state from a non-long term evolution (non-LTE) network to a long term evolution (LTE) network, UE security capabilities supported by the UE to the LTE network for a non-access stratum (NAS) security algorithm selection use;

a receiver configured to receive a selected NAS security algorithm from the LTE network; and

a processor configured to generate a root key from an authentication vector-related key available at the UE and to derive, from the generated root key, a NAS protection key for communicating with the LTE network.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, user equipment (UE) and system are provided for negotiating a security capability during idle state mobility of the UE from a non-long term evolution (non-LTE) network to a long term evolution (LTE) network. The UE sends UE security capabilities supported by the UE to the LTE network for a non-access stratum (NAS) security algorithm selection use. The UE then receives from the LTE network selected NAS security algorithm. The UE further generates a root key from an authentication vector-related key stored at the UE and then derives, from the generated root key, a NAS protection key for security communication with the LTE network.

5 Citations

24 Claims

1. A user equipment (UE) comprising:
- a transmitter configured to send, in situations where the UE moves in idle state from a non-long term evolution (non-LTE) network to a long term evolution (LTE) network, UE security capabilities supported by the UE to the LTE network for a non-access stratum (NAS) security algorithm selection use;
  
  a receiver configured to receive a selected NAS security algorithm from the LTE network; and
  
  a processor configured to generate a root key from an authentication vector-related key available at the UE and to derive, from the generated root key, a NAS protection key for communicating with the LTE network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The UE of claim 1, wherein, in a situation where the moving of the UE is from a second generation (2G) network to the LTE network, the authentication vector-related key for generating the root key includes an encryption key (Kc).
  - 3. The UE of claim 1, wherein, in a situation where the moving of the UE is from a third generation (3G) network to the LTE network, the authentication vector-related key for generating the root key includes an integrity key (IK) and an encryption key (KC).
  - 4. The UE of claim 1, wherein the transmitter is configured to send the UE security capabilities through a tracking area update (TAU) request message.
  - 5. The UE of claim 1, wherein the receiver is configured to receive the selected NAS security algorithm through a NAS security mode command message.
  - 6. The UE of claim 1, wherein the receiver is configured to receive the selected NAS security algorithm through a tracking area update (TAU) accept message.
  - 7. The UE of claim 1, wherein the receiver is further configured to receive UE security capability information from the LTE network.
  - 8. The UE of claim 7, wherein the processor is further configured to compare whether the UE security capability information received from the LTE network is consistent with UE security capabilities information stored in the UE, and to determine that a security capability negotiation fails if the UE security capability information received from the LTE network is inconsistent with the UE security capabilities information stored in the UE.

9. A method for security capability negotiation during idle state mobility of a user equipment (UE), in a situation where the UE moves from a non-long term evolution (non-LTE) network to a long term evolution (LTE) network, the method comprising:
- sending, by the UE, UE security capabilities supported by the UE to the LTE network for a non-access stratum (NAS) security algorithm selection use;
  
  receiving, by the UE, a selected NAS security algorithm from the LTE network;
  
  generating, by the UE, a root key from an authentication vector-related key available at the UE; and
  
  deriving, by the UE, a NAS protection key according to the generated root key.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The method of claim 9, wherein in a situation where the moving of the UE is from a second generation (2G) network, the authentication vector-related key includes an encryption key (Kc).
  - 11. The method of claim 9, wherein in a situation where the moving of the UE is from a third generation (3G) network, the authentication vector-related key includes an integrity key (1K) and an encryption key (KC).
  - 12. The method of claim 9, wherein in the sending step, the UE security capabilities is sent by being included in a tracking area update (TAU) request message.
  - 13. The method of claim 9, wherein the receiving the selected NAS security algorithm comprises:
    - receiving, by the UE, a NAS security mode command message including the selected NAS security algorithm.
  - 14. The method of claim 9, wherein the selected NAS security algorithm is received by the UE through a tracking area update (TAU) accept message.
  - 15. The method of claim 9, further comprising:
    - receiving, by the UE, UE security capability information from the LTE network.
  - 16. The method of claim 15, further comprising:
    - comparing, by the UE, whether the UE security capability information received from the LTE network is consistent with UE security capabilities information stored in the UE; and
      
      determining, by the UE, the security capability negotiation fails if the UE security capability information received from the LTE network is inconsistent with the UE security capabilities information stored in the UE.

17. A system for security capability negotiation during idle state mobility, the system comprising:
- a user equipment (UE) configured to communicatively connect with a non-long term evolution (non-LTE) network or a long term evolution (LTE) network,wherein in situations where the UE in idle state moves from the non-LTE network to the LTE network, the UE is further configured to;
  
  send UE security capabilities supported by the UE to the LTE network for a non-access stratum (NAS) security algorithm selection use;
  
  receive a selected NAS security algorithm from the LTE network; and
  
  generate a root key from an authentication vector-related key available at the UE; and
  
  derive from with the generated root key a NAS protection key for communicating with the LTE network.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- - 18. The system of claim 17, wherein, in a situation where UE moves from a second generation (2G) network to the LTE network, the authentication vector-related key for generating the root key includes an encryption key (Kc).
  - 19. The system of claim 17, wherein, in a situation where the UE moves from a third generation (3G) network to the LTE network, the authentication vector-related key for generating the root key includes an integrity key (IK) and an encryption key (KC).
  - 20. The system of claim 17, wherein the UE security capabilities is sent to the LTE network by being included in a tracking area update (TAU) request message.
  - 21. The system of claim 17, wherein the UE is configured to receive the selected NAS security algorithm through a NAS security mode command message.
  - 22. The system of claim 17, wherein the UE is configured to receive the selected NAS security algorithm through a tracking area update (TAU) accept message.
  - 23. The system of claim 17, wherein the UE is further configured to receive UE security capability information from the LTE network.
  - 24. The system of claim 23, wherein the UE is further configured to compare whether the UE security capability information received from the LTE network is consistent with UE security capabilities information stored in the UE, and to determine that the security capability negotiation fails if the UE security capability information received from the LTE network is inconsistent with the UE security capabilities information stored in the UE.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Huawei Technologies Co., Ltd. (Huawei Investment & Holding Co., Ltd.)
Original Assignee
Huawei Technologies Co., Ltd. (Huawei Investment & Holding Co., Ltd.)
Inventors
He, Chengdong

Granted Patent

US 8,812,848 B2
Time in Patent Office

Days
Field of Search
US Class Current

455/411
CPC Class Codes

H04L 2463/061   applying further key deriva...

H04L 63/0492   by using a location-limited...

H04L 63/062   for key distribution, e.g. ...

H04L 63/0876   based on the identity of th...

H04L 63/1441   Countermeasures against mal...

H04L 63/20   for managing network securi...

H04L 63/205   involving negotiation or de...

H04L 69/24   Negotiation of communicatio...

H04L 9/0844   with user authentication or...

H04L 9/088   Usage controlling of secret...

H04W 12/041   Key generation or derivation

H04W 12/0431   Key distribution or pre-dis...

H04W 12/106   Packet or message integrity

H04W 12/122   Counter-measures against at...

H04W 36/0038   of security context informa...

H04W 8/02   Processing of mobility data...

Method, System and Device for Negotiating Security Capability when Terminal Moves

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

5 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Method, System and Device for Negotiating Security Capability when Terminal Moves

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

5 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links