methods and devices to facilitate synchronization of security settings

专利摘要:
ALL AND APPLIANCES TO FACILITATE THE SYNCHRONIZATION OF SECURITY SETTINGS. Methods and devices are provided for synchronizing security parameters between the access terminals and a wireless network. An access terminal and the network entity can conduct a security mode procedure where the access terminal sends a complete security mode message to the network entity. Upon receipt of the full security mode message, the network entity can update to new security parameters. The access terminal can initiate a mobility procedure while the mode and safety procedure is in progress and can, as a result, abort the safety mode procedure and revert to the old safety parameters. The access terminal can send a mobility update message to the network entity including a dedicated status indicator adapted to inform the network entity that the access terminal has reverted to the old security parameters, the network entity can revert to the old security parameters.
公开号:BR112012032233B1
申请号:R112012032233-8
申请日:2011-06-17
公开日:2021-03-02
发明作者:Kiran Kishanrao Patil；Suresh Sanka；Liangchi Hsu；Aziz Gholmieh
申请人:Qualcomm Incorporated；
IPC主号:

专利说明:

Priority Claim under 35.U.S.C.§119
This patent application claims priority of US provisional application No. 61 / 356,464, entitled “Methods and Apparatuses Facilitating Synchronization of Security Configurations” filed on June 18, 2010, and assigned to the assignee of this application and expressly incorporated here by reference . Field of the Invention
Several features refer to wireless communication devices and systems, and more particularly to the synchronization of security settings between access terminals and network entities. Description of the Prior Art
Security is an important factor in a wireless communication system. Security in some wireless communication systems can conventionally comprise two characteristics: “Data Integrity” and “Encryption”. “Data Integrity” is the feature that ensures that no rogue network can send unnecessary signaling messages with the intention of causing, or actually causing, any unwanted effect to an ongoing call. “Encryption” is the feature that ensures that all signaling and data messages are encrypted through the air interface to inhibit a third party so that it does not hear the message. In some wireless communication systems, such as a Universal Mobile Telecommunications System (UMTS), integrity protection is mandatory while encryption is optional. Integrity protection can be implemented only on radio signaling media, while encryption can be implemented on signaling in addition to radio data media.
In a conventional wireless network, an access terminal (AT) typically negotiates with the wireless network to establish security parameters, such as encryption keys for use in encrypting (or encrypting) communications between the access terminal and the network components. Such security parameters can be updated and / or changed occasionally to guarantee the confidentiality of the data transmitted between the access terminal and the network components.
An example of a conventional method for initiating or updating security parameters between the access terminal and the wireless network usually includes an access terminal receiving a wireless security mode command and updating its security parameters based on the safety mode command received. After the access terminal updates its security parameters, and before implementing new security parameters, the access terminal sends a complete security mode message to the wireless network. Upon receipt of the complete security mode message, the wireless network will begin using the new security parameters to protect any subsequent downlink messages sent to the access terminal.
However, the access terminal will not begin using the new security parameters to protect any uplink messages sent to the wireless network until a confirmation message is received from the wireless network in response to the full security mode message. sent through the access terminal. In other words, the access terminal does not start using the new security parameters for messages sent from the access terminal to the wireless network until the access terminal receives an acknowledgment from the wireless network that the mode message Complete security record has been received and authenticated.
As a result, there is a small window between the time when the safe mode procedure is completed on the wireless network (for example, when the safe mode termination message is received on the wireless network) and when the Security mode is complete at the access terminal (for example, when confirmation is received by the access terminal and the security parameters are updated). Due to this time window, it is possible for the wireless network to be updated to new security parameters, while the access terminal remains with the old security parameters. For example, conventional access terminals are typically adapted to abort the procedure in a safe manner when certain other procedures are initiated, such as a mobility procedure.
In cases where the wireless network is upgraded to the new security parameters, but the access terminal remains with the old security parameters, the wireless connection between the two typically fails, resulting in disconnected calls and frustration on the part of the user the access terminal. Therefore, it would be beneficial to provide methods and devices to avoid the status in which the wireless network is updated to new security parameters while the access terminal continues with the old security parameters and / or to synchronize the security parameters when such status to occur. Summary of the Invention
Several features facilitate the synchronization of security parameters between the access terminals and an access network. One feature provides access terminals adapted to facilitate such synchronization. According to one or more embodiments, an access terminal (AT) may comprise a wireless communications interface coupled to a processing circuit. The wireless communications interface can be adapted to facilitate wireless communications from the access terminal.
According to at least one implementation, the processing circuit can be adapted to conduct a safe mode procedure for reconfiguring the security parameters of the access terminal. While the safety mode procedure is in progress, the processing circuit can initiate a mobility procedure. The processing circuit can also abort the procedure in safe mode and revert to the old safety parameters as a result of initiating the mobility procedure. A mobility update message can be sent through the processing circuit via the wireless communications interface, where the mobility update message includes a dedicated security status indicator adapted to indicate that the access terminal has reverted to security parameters old ones.
According to at least one other implementation, the processing circuit can be adapted to conduct a safe mode procedure for reconfiguring the security parameters of the access terminal. While the safe mode procedure is in progress, the processing circuit can initiate a mobility procedure, including sending a mobility update message. The processing circuit can also abort the safety mode procedure and revert to the old safety parameters as a result of initiating the mobility procedure. The processing circuit can receive a mobility update confirmation message in response to a mobility update message via the wireless communication interface. If you are unable to decode the mobility update confirmation message using the old security parameters, the processing circuit can switch to the new security parameters.
According to at least one other implementation, the processing circuit can be adapted to conduct a safety mode procedure including sending a complete safety mode message to an access network via the radio communication interface. In response to the full security mode message, the processing circuit can receive a confirmation message via the wireless communication interface. The processing circuit can update to new security parameters, and send another confirmation message to the access network via the wireless communication interface, where the other confirmation message is adapted to indicate that the access terminal has been updated for the new safety parameters.
Operational methods in an access terminal are also provided according to a characteristic to facilitate the synchronization of security parameters between the access terminals and an access network. In at least one implementation of such methods, a security mode procedure can be conducted to reconfigure the security parameters of the access terminal. A mobility procedure can be started while the safety mode procedure is in progress. The security mode procedure can be aborted as a result of initiating the mobility update procedure and the access terminal can be reverted to the old security parameters. A mobility update message can be sent, where the mobility update message includes a dedicated status indicator adapted to indicate that the access terminal has reverted to the old security parameters.
In at least one other implementation, a security mode procedure can be conducted to reconfigure the security parameters of the access terminal. A mobility procedure can be started while the security mode procedure is in progress, including sending a message. mobility update. The security mode procedure can be aborted as a result of initiating the mobility update procedure and the access terminal can be reverted to the old security parameters. A mobility update confirmation message may be received in response to the mobility update message. The access terminal can be switched to the new security parameters if the access terminal is unable to decode the mobility update confirmation message using the old security parameters.
In one or more other implementations, such methods may include conducting a security mode procedure including sending a full security mode message to an access network. In response to the full security mode message, receiving a confirmation message. The access terminal can be upgraded to new security parameters. Another confirmation message can be sent to the access network, where the other confirmation message is adapted to indicate that the access terminal has updated to the new security parameters.
Another feature provides network entities adapted to facilitate the synchronization of security parameters between the access terminals and an access network. Such network entities may comprise a communications interface coupled with a processing circuit. In at least one implementation, the processing circuit can be adapted to receive a full security mode message from an access terminal via the communications interface. In response to the full safety mode message, the processing circuit can update to new safety parameters. The processing circuit can additionally receive a mobility update message from the access terminal via the communication interface. The mobility update message may include a dedicated security status indicator adapted to indicate that the access terminal has reverted to the old security parameters. In response to the mobility update message received, the processing circuit may revert to the old safety parameters.
In at least one other implementation, the processing circuit can be adapted to receive a full security mode message from an access terminal via the communications interface. In response to the full safety mode message, the processing circuit can update to new safety parameters. The processing circuit can receive a mobility update message from the access terminal, and can send a mobility update message to the access terminal in response to the mobility update message. If a response to the mobility update configuration message is not received from the access terminal, the processing circuit can revert to the old security parameters and can resend the mobility update confirmation message to the access terminal using the parameters old security methods to encrypt the message.
In one or more other implementations, the processing circuit can be adapted to receive a full security mode message from an access terminal via the communications interface. The processing circuit can send a confirmation message in response to the full security mode message. The processing circuit can receive another confirmation message from the access terminal indicating that the access terminal has updated to the new security parameters. In response to another confirmation message, the processing circuit can update to the new safety parameters.
Method operations in a network entity are also provided according to a characteristic to facilitate the synchronization of security parameters between the access terminals and an access network. In at least one implementation of such methods, a full security mode message can be received from an access terminal. In response to the full security mode message, the network entity can be updated to new security parameters. A mobility update message can be received from the access terminal, where the mobility update message includes a dedicated security status indicator adapted to indicate that the access terminal has reverted to the old security parameters. In response to the mobility update message, the network entity can be reverted to the old security parameters.
In at least one other implementation of such methods, a complete security mode message can be received from an access terminal. In response to the full security mode message, the network entity can be updated to new security parameters. A mobility update message can be received from the access terminal, and a mobility update confirmation message can be sent to the access terminal in response to the received mobility update message. If a response to the mobility update confirmation message is not received from the access terminal, the network entity can be reverted to the old security parameters and the mobility update confirmation message can be resent to the access terminal using the old security parameters to encrypt the mobility update confirmation message.
In one or more other implementations of such methods, the full security mode message can be received from an access terminal. A confirmation message can be sent in response to the full security mode message. Another confirmation message can be received from the access terminal indicating that the access terminal has updated to the new security parameters. In response to another confirmation message, the network entity can be updated to the new security parameters.
Brief Description of the Drawings Figure 1 is a block diagram illustrating a network environment in which several characteristics can be used according to at least one example. Figure 2 illustrates a typical key hierarchy that can be implemented within a typical wireless communication network. Figure 3 illustrates an exemplary protocol stack that can be implemented on a communication device operating on a packet-switched network. Figure 4 is a block diagram illustrating a network system in which the various security keys illustrated in figures 2 and 3 can be generated. Figure 5 (comprising figures 5a and 5b) is a flow chart illustrating an example of a security parameter synchronization operation in which an access terminal indicates to the access network that the security mode procedure has been aborted at the access terminal. access. Figure 6 is a flowchart illustrating an example of a security parameter synchronization operation by an access terminal when the security parameters in the access network are updated and the security parameters in the access terminal are not updated. Figure 7 is a flowchart illustrating an example of a security parameter synchronization operation for an access terminal, access network and core network to facilitate the updating of security parameters in the access network only after the security parameters have been set. updated at the access terminal. Figure 8 is a flowchart illustrating an example of a security parameter synchronization operation by an access network when the security parameters in the access network are updated and the security parameters of the access terminal are not. Figure 9 is a block diagram illustrating the selected components of an access terminal according to at least one modality. Figure 10 is a flowchart illustrating an example of an operating method on an access terminal to indicate to an access network when the access terminal has reverted to the old security parameters. Figure 11 is a flowchart illustrating an example of an operational method on an access terminal to determine a status of security parameters on an access network for communication with the access terminal. Figure 12 is a flowchart illustrating an example of an operating method on an access terminal to indicate to an access network when the access terminal has updated to new security parameters. Figure 13 is a block diagram illustrating components selected from a network entity according to at least one embodiment; Figure 14 is a flowchart illustrating an example of an operational method on a network entity to determine that an access terminal has reverted to the old security parameters. Figure 15 is a flowchart illustrating an example of an operational method on a network entity to determine that an access terminal has reverted to the old security parameters. Figure 16 is a flowchart illustrating an example of an operating method on a network entity for updating from old security parameters to new security parameters after the access terminal has updated to new security parameters. Detailed Description of the Invention
In the description that follows, specific details are provided to provide an in-depth understanding of the described implementations. However, it will be understood by those skilled in the art that various implementations can be practiced without these specific details. For example, circuits can be illustrated in block diagrams in order not to obscure implementations with unnecessary details. In other cases, well-known circuits, structures and techniques can be illustrated in detail in order not to obscure the described implementations.
The term "illustrative" is used here to mean "serving as an example, case or illustration". Any implementation or modality described here as "illustrative" should not necessarily be considered preferred or advantageous over other modalities or implementations. Likewise, the term “modalities” does not require that all modalities include the advantage feature or mode of operation discussed. The term “access terminal” may include user equipment and / or subscriber devices, such as mobile phones, pagers, wireless modems, personal digital assistants, personal information managers (PIMs), personal media devices, palmtop computers, laptop computers, and / or other mobile computing / communication devices that communicate, at least partially, over a wireless or cellular network. Overview
One or more features facilitate and / or resolve the synchronization of security parameters between an access terminal and one or more entities on a wireless network. According to one characteristic, an access terminal (AT) can indicate to a network entity that the access terminal has reverted to the old security parameters. For example, the access terminal can send an indicator with a mobility update message to inform the network entity about the reversal. In another example, the access terminal can send a message to the network entity to inform the network entity that the access terminal has been successfully updated to the new security parameters.
According to one characteristic, an access terminal can determine that a network entity has updated to the new security parameters and can, accordingly, update its own security parameters. For example, after aborting a safe mode procedure for updating to new security parameters, the access terminal may determine that it is unable to decode a message received from the network entity. In response to the decryption failure, the access terminal can update to the new security parameters and attempt to decode the received message using new security parameters. If the access terminal is successful in decoding the message received with the new security parameters, the access terminal can continue to use the new security parameters.
According to one characteristic, a network entity can determine that an access terminal has reverted to the old security parameters and can, accordingly, revert to its own security parameters. For example, after updating to new security parameters, the network entity can send a message to the access terminal that is encrypted according to the new security parameters. If the network entity fails to receive a reply to the message sent, the network entity can revert to the old security parameters and send the message using the old security parameters to encrypt the message. If the network entity receives a response to the message sent using the old security parameters, the network entity can continue to use the old security parameters.
Illustrative Network Environment Figure 1 is a block diagram illustrating a network environment in which several characteristics can be used according to at least one example. An access terminal 102 can be adapted to communicate wirelessly with an access network 104, which is communicatively coupled to a core network 106.
Generally speaking, access network 104 includes radio equipment adapted to allow access terminals 102 to access the network, while core network 106 includes switching and routing capabilities for connection to a circuit switched network (for example, the Public Switched Telephone Network (PTSN) / Integrated Services Digital Network (ISDN) 108) or a packet switched network (for example, the Internet 110). The core network 106 thus facilitates the mobility and management of subscriber location and authentication services. In some examples, as illustrated in Figure 1, core network 106 may be a network compatible with the Universal Mobile Telecommunications System (UMTS) or a network compatible with the Global System for Mobile Communications (GSM).
Access network 104 can include one or more access nodes 112 (e.g., base station, Node B, etc.) and a radio network controller (RNC) 114. Each access node 112 is typically associated with a cell , or sector, comprising a geographical area of reception and transmission coverage. Cells or sectors can overlap each other. The radio network controller (RNC) 114 can be adapted to control access nodes 112 that are communicatively connected to it. The radio network controller (RNC) 114 can be additionally adapted to perform radio resource management, some of the mobility management functions, and can be the point where encryption is performed before user data is sent to and access terminal 102. The radio network controller (RNC) 114 is communicatively coupled to the core network 106 via a General Packet Radio Service (GPRS) support node (SGSN) 116 for exchanged calls per packet and through a mobile switching center (MSC) 118, which may include a visitor location record (VLR), for circuit switched calls. A home location register (HLR) and an Authentication Center (AuC) 120 can be used to authenticate access terminals before providing communication services over the core 106 network. Note that, in other types of networks, the functions HLR / AuC 120 and other components (such as MSC / VLR 118) can be performed by other equivalent network entities. For example, in a Long Term Evolution (LTE) network, some or all of the HLR / AuC 120 functions can be performed by a home subscriber server (HSS). The core network 106 may also include a mobile management entity (MME) that performs the activation and deactivation of support of access terminals, assists in the authentication of access terminals and / or performs the tracking of access terminals and / or access procedures. alert (including retransmissions) to the access terminals coupled to the core network.
When an access terminal 102 attempts to connect to access network 104, access terminal 102 is initially authenticated to verify the identity of access terminal 102. Access terminal 102 also authenticates the network to verify that it is connected to a network. access network 104 that is authorized to use. Negotiation typically takes place between the access terminal 102 and the access network 104 and / or the core network 106 to establish security parameters, such as encryption keys for use in encrypting communications between the access terminal 102 and the access components. network (e.g., access network 104 and / or core network 106). Such security parameters can be updated and / or exchanged occasionally to guarantee the confidentiality of the data transmitted between the access terminal 102 and the network components. Figure 2 illustrates a typical key hierarchy 200 that can be implemented to establish security parameters (for example, encryption keys) for use in encrypting communications between access terminal 102 and network components (for example, the network switch 104 and / or the core network 106). Here, a Universal Subscriber Identity Module (USIM), at access terminal 102, and core network 106 (for example, an Authentication Center (HLR / AuC 120 in figure 1)) uses a K 202 master key to generate an encryption key (CK) 204 and integrity key (IK) 206. The encryption key (CK) 204 and integrity key (IK) 206 can then be used by the communication device and core network 106 (for example, a Home Location Record (HLR)) to generate an Access Security Management Entity key K_ASME 208. Security activation of an access terminal 102 can be performed through an Authentication and Key Agreement (AKA) procedure , No Access Statement (NAS) Security Mode (SMC) Setup procedure (SMC NAS) and Access Stratum (AS) Security Mode (SMC) Setup procedure (AS SMC). AKA is used to derive the K_ASME 208 key, which is then used as a base key for calculating NAS (Extract Without Access) keys 210 and 212 and AS (Access Stratum) keys 214, 216, 218 and 220. The terminal access 102 and the core network 106 can then use K_ASME 208 to generate one or more of these security keys.
Packet-swapped networks can be structured into multiple hierarchical protocol layers where the lower protocol layers provide services for the higher layers and each layer is responsible for different tasks. For example, figure 3 illustrates an illustrative protocol stack that can be implemented on a communication device operating on a packet-exchanged network. In this example, protocol stack 302 includes a Physical layer (PHY) 304, a Media Access Control Layer (MAC) 306, a Radio Link Control Layer (RLC) 308, a Data Convergence Protocol Layer in Package (PDCP) 310, a Radio Resource Control Layer (RRC) 312, an Extract Layer Without Access (NAS) 314, and an Application Layer (APP) 316.
The layers below the NAS Layer 314 are often referred to as the Access Stratum Layer (AS) 318. The RLC layer 308 can include one or more channels 320. The RRC layer 312 can implement several monitoring modes for the access terminal, including the connected state and the disconnected state. The No Access Statement (NA) Layer 314 can maintain the mobility management context of the communication device, packet data context and / or its IP addresses. Note that other layers may be present in protocol stack 302 (for example, above, below and / or between the layers illustrated), but have been omitted for purposes of illustration.
With reference to figures 1 to 3, the radio / session supports 322 can be established, for example, on Layer RRC 312 and / or Layer NAS 314. Consequently, Layer NAS 314 can be used by an access terminal 102 and the core network 106 to generate the security keys K_NAS-enc 210 and K_NAS-int 212 illustrated in figure 2. Similarly, the RRC Layer 312 can be used by the access terminal 102 and the access network 104 (for example, RNC 114) to generate the security keys of the Access Stratum (AS) K_UP-enc 216, K_RRC-enc 218 and K_RRC-int 220. While the security keys K_UP-enc 216, K_RRC-enc 218 and K_RRC-int 220 can be generated at Layer RRC 312, these keys can be used by Layer PDCP 310 to guarantee signaling and / or user / data communications. For example, the K_UP-enc 216 key can be used by the PDCP Layer 310 to ensure user plan / data (UP) communications, while the K_RRC-enc 218 and K_RRC-int 220 keys can be used to secure communications from signaling (that is, control) at the PDCP 310 layer.
In deriving these security keys, used for encryption and integrity algorithms, both AS (User plan and RRC) and NAS require that an individual algorithm identity be provided as one of the records. At the AS level, the algorithms to be used are provided by a Radio Resource Control (RRC) Safety Mode Command. Figure 4 is a block diagram illustrating a network system in which the various security keys illustrated in figures 2 and 3 can be generated. Here, an access terminal 402 can implement a communication stack that includes several layers (for example, APP, NAS, RRC, RLC, MAC and PHY). An access network 404 can provide wireless connectivity to access terminal 402 so that you can communicate with the network. An authentication center (AuC) 406 and access terminal 402 can both know or have access to a root key (K) that can be used to generate or obtain an encryption key (CK) and / or an integrity key ( IK). The access terminal 402 and / or a home location record (HLR) 408 can then use the encryption key (CK) and / or integrity key (IK) to generate an Access Security Management Entity key K_ASME. Using the K_ASME key, the access terminal 402 and a mobility management entity (MME) 410 can then generate the keys K_NAS-enc and K_NAS-int. The access terminal 402 and MME 410 can also generate a specific K_eNB / NH access network key. Using this specific access network key K_eNB / NH, access terminal 402 and access network 404 can generate the keys K_UP-enc and K_RRC-enc and K_RRC-int.
Details on the derivation of these keys can be provided in 3GPP STD-T63-33.401 "System Architecture Evolution (SAE) Security Architecture" (known as 3GPP TS 33.401) version 8, which is incorporated here by reference.
Referring again to figure 1, access terminal 102 is typically adapted to switch between cells (e.g., access nodes 112) to which it is actively connected. For example, as an access terminal 102 travels through a geographical area, different cells (for example, access nodes 112) may provide better connectivity (for example, a stronger signal). The access terminal 102 can accordingly switch from one cell (for example, access node 112) to another cell (for example, access node 112). In conventional networks, such mobility from an access terminal 102 requiring changes from one cell (for example, access node 112) to another cell (for example, access node 112) can result in the cancellation of any ongoing update of data parameters. security (for example, update to security parameters of Access Stratum K_UP-enc, K_RRC-enc and K_RRC-int). For example, as a result of mobility of access terminal 102, a mobility procedure can be initiated, resulting in the cancellation of an ongoing security mode procedure. By way of example and not limitation, a mobility procedure may include cell reselection, an irrecoverable Radio Link Control (RLC) error, out-of-service problem, etc. Accordingly, some non-limiting examples of the mobility update messages that can be sent as part of the mobility procedure may include a cell reselection message, an irretrievable radio link control (RLC) error message, and a form message. service, etc.
In cases in which a security mode procedure in progress is canceled there is a possibility that the security parameters may be updated in the access network 104, but not updated in the access terminal 102, as will be described in greater detail below. As a result of the security parameters being updated on the access network 104, but not on the access terminal 102, a permanent message / data decoding error and loss of connection between the access terminal 102 and the access network 104 can occur (for example, resulting in dropped calls).
According to one characteristic, when the access terminal 102 initiates a mobility procedure (for example, reselection of an access node 112) after the access network 104 has updated to new security parameters, the access terminal 102 can be adapted to send an indication to the access network 104 informing the access network 104 that the access terminal 102 has reverted to the old security parameters. For example, access terminal 102 may include an indication with the mobility update message sent to access network 104.
According to another feature, access network 104 can be adapted to switch back to the old security parameters when access terminal 102 fails to respond to an access network 104 mobility update confirmation message that is encrypted according to the new safety parameters. This is after the access network 104 has sent a mobility update confirmation message to the access terminal 102 a specific number of times without receiving a response from the access terminal 102, the access network 104 can revert to the parameters security messages and send the mobility update confirmation message encrypted according to the old security parameters. If the access terminal 102 then responds to the mobility update confirmation message that is encrypted according to the old security parameters, then the access network 104 knows that the update of the security parameters was not successful and the network Access 104 continues to use the old security parameters.
According to another feature, access network 104 can be adapted to update security parameters only after receiving an additional confirmation message from access terminal 102. That is, after a mobility update confirmation message is sent from the access network 104 to the access terminal 102, the access network 104 can wait for another confirmation message from the access terminal 102 before the access network 104 updates the security parameters. Thus, if the access terminal 102 has aborted the update of the security parameters, the access network 104 will not update without knowing its security parameters prematurely.
According to another feature, the access terminal 102 can be adapted to identify its failure to decode a mobility update confirmation message from the access network 104 after being sent a specific number of times. If access terminal 102 is unable to decode the message after the specified number of times, access terminal 102 can be adapted to switch to the new security parameters and attempt to decode the mobility update confirmation message using the new parameters . If the access terminal 102 is successful in decoding the mobility update confirmation message using the new parameters, then the access terminal 102 can continue from that point on to use the new security parameters when communicating with the access network. 104.
Illustrative Procedures for Synchronizing Security Parameters Between Access Terminals and Access Networks Figure 5 (comprising figures 5a and 5b) is a flowchart illustrating an example of a security parameter synchronization operation by an access network when the security parameters of the access network are updated and the security parameters of the access terminal are not. Although the example illustrated in figure 5 in addition to the examples in figures 6 to 8 are targeted at implementations involving an Access Stratum (AS) security mode procedure to initiate and update Access Stratum security parameters, the features described here can be implemented in other security mode procedures, such as No Access Statement (NAS) security mode procedures. Access terminal 102, access network 104 and core network 106 of figure 1 are used for illustrative purposes.
Initially, access terminal 102 can establish a radio resource control (RRC) connection 502 with access network 104. The message transmitted from access terminal 102 to access network 104 when the resource control connection from radio (RRC) is established may include the security capability information of the access terminal. Access terminal security capacity information is adapted to inform access network 104 about the encryption (or encryption) algorithms and capacity algorithms that are supported by access terminal 102. Security capacity information can also optionally include a class mark message indicating the GSM security algorithms supported by the access terminal 102 (for example, GSM class marks 2 and 3) and / or START values for the circuit exchanged service domain and the service domain exchanged per packet. The radio resource control (RRC) connection establishment message information can be stored 504 on the access network 104.
Access terminal 102 can then send an initial direct transfer message 506 to core network 106. Initial direct transfer message 506 may include, among other information, a user identity and a key set identifier (KSI) allocated by the circuit-switched service domain or packet-switched service domain at the last authentication for that core network 106. According to at least one implementation, the initial direct transfer message may comprise a layer 3 (L3) message, such as a location update request, CM service request, target area update request, attach request, alert response, or other L3 message. The initial direct transfer message can be sent, for example, to a visitor location record (VLR) for the circuit switched service domain of the core network 106 or a GPRS support node (SGSN) for the switched service domain per packet of the core 106 network.
Authentication of access terminal 102 and generation of new security keys (for example, integrity key (IK), encryption key (CK)) can be performed between access terminal 102 and core network 106 using a security procedure. authentication and key agreement (AKA) 508. As part of the authentication and key agreement 508, a new key set identifier (KSI) can be optionally allocated. encryption algorithm and integrity algorithm should be used in order of preference at 510. Core network 106 can then send an Access Stroke (AS) 512 security mode command message can be sent according to the part protocol radio access network (RANAP) application, and can be directed to the access network 104 radio network controller (RNC). This 512 security mode command message can include a list of allowed integrity algorithms in order of preference, and the integrity key (IK) to be used. If encryption is started, the security mode command message 512 may also include a list of encryption algorithms allowed in order of preference, and the encryption key (CK) to be used. If the authentication and key agreement (AKA) has been carried out, this will be indicated for access network 104 so that the START values are reset when new keys are initiated for use.
Access network 104 (for example, the radio network controller (RNC)) decides which algorithms (for example, integrity algorithm, encryption algorithm) to use, generates a random RAND value, and starts integrity protection at 514 Access network 104 can then generate a radio resource control (RRC) message 516 comprising an Access Stratum (AS) security mode command message, and send the message to access terminal 102. A AS 516 security mode command message can include the security capability of access terminal 102, the integrity algorithm and the random RAND value to be used. If encryption is started, message 516 may also include the encryption algorithm to be used. Additional information can also be included. Since access terminal 102 can have two encryption and integrity key sets, the network can indicate which key set should be used. Prior to sending the AS 516 security mode command message to access terminal 102, access network 104 generates a message authentication code for integrity (MAC-I) and appends that information to the security mode command message. security AS 516.
Turning now to figure 5b, the access terminal 102 receives the security mode command message AS, verifies that the security capacity is the same as that sent in the radio resource control connection (RRC) establishment message and verifies the message by comparing the MAC-I with an XMAC-I generated in 518. The access terminal 102 can compute XMAC-I in the received message using at least the indicated integrity algorithm and the received random value RAND parameter. If all checks are successful, then access terminal 102 sends a complete security layer message from Access Stratum (AS) 520 including a MAC-I. If the checks are not successful then a safe mode rejection message will have been sent.
When access network 104 receives a full AS security mode message, it verifies the integrity of the message by generating XMAC-I and comparing it with MAC-I included with the full AS security mode message 522. A full AS security mode 524 is sent from the access network 104 to the core network 106 as a radio access network application (RANAP) message indicating the selected algorithms for integrity and encryption. A confirmation message 526 is sent from access network 104 to access terminal 102 to acknowledge receipt of the full AS security mode message. According to at least some implementations, confirmation message 526 may comprise an L2 confirmation.
The full AS security mode message (e.g. 520) from access terminal 102 to access network 104 initiates downlink integrity protection, that is, subsequent downlink messages sent to access terminal 102 they are protected by integrity using the new security parameters. However, uplink integrity protection does not start until access terminal 102 receives the confirmation message at step 526 of access network 104, where access terminal 102 updates its security parameters at step 528. In other words, access terminal 102 does not start using the new security parameters of the Access Stratum (AS) for messages sent from access terminal 102 to access network 104 until access terminal 102 receives an acknowledgment from the network access 104 that the full Access Tier (AS) security mode message has been received and authenticated.
There is a small window between when the Access Tier (AS) security mode procedure is complete on access network 104 (for example, when the complete Access Tier (AS) security mode message 520 is received on the access network 104) and when the AS security mode procedure is complete on the access terminal 102 (for example, when the confirmation message 526 is received by the access terminal 102 and the security parameters of the Access Stratum ( AS) are updated in 528). Due to this time window, it is possible for the access network 104 to update to the new security parameters of the Access Stratum (AS), while the access terminal 102 remains with the old security parameters of the Access Stratum (AS). .
For example, access terminal 102 is typically adapted to abort the Access Stratum (AS) security mode procedure when a mobility procedure is initiated, such as when a mobility update message is sent from access terminal 102 for access network 104. Consequently, access terminal 102 can initiate a mobility procedure, including generating and sending a mobility update message 530 after the full Access Stratum (AS) security mode message 520 be sent to the access network 104, and before receipt of confirmation 526 and / or update of the security parameters of the access terminal. As a result of initiating the mobility procedure, access terminal 102 aborts the procedure in safe mode and reverts to the old security parameters of Access Stratum (AS) 528. Access terminal 102 can receive a confirmation 526 after the mobility procedure is initiated, but the access terminal 102 aborted the Access Stratum (AS) security mode procedure and therefore did not update to the new security stratum of the Access Stratum (AS), let alone the access network 104.
According to the implementation illustrated in figure 5b, the mobility update message 530 includes an indicator that informs the access network 104 that the access terminal 102 has aborted the security mode procedure
AS and reverted to the old AS security parameters. In at least some implementations, the indicator may comprise a new element of information (IE) in the mobility update message. In some implementations, the indicator may comprise one or more bits of mobility update message.
After receiving the mobility update message including the indicator, the access network 104 reverts to the old security parameters of Access Stratum (AS) 532. The access network 104 can then generate and send an update confirmation message. mobility 534 for access terminal 102 which is encrypted using the old AS security parameters.
According to another feature, the access terminal 102 can be adapted to adjust to new security parameters when it appears to the access terminal 102 that the access network 104 is operating with the new security parameters while the access terminal 102 is operating with the old security parameters. Figure 6 is a flowchart illustrating an example of a security parameter synchronization operation by an access terminal when the security parameters in the access network are updated and the security parameters in the access terminal are not. The steps illustrated in figure 6 correspond to the steps following all the steps described and illustrated in relation to figure 5a. That is, figure 6 should illustrate the steps that follow after the steps in figure 5a have been completed.
As noted above with reference to figure 5b, upon receipt of the Access Stratum (AS) security mode command message, access terminal 102 verifies that the security capability is the same as that sent in the connection establishment message. radio resource control (RRC), computes XMAC-I and verifies the integrity of the AS safe mode command message by comparing the MAC-I received with XMAC-I 602. If all checks are successful, then the access terminal 102 sends a complete Access Tier (AS) security mode message 604 including a MAC-I. If the checks are not successful then an Access Stratum (AS) security mode rejection message will have been sent. When access network 104 receives the AS complete security mode message, it checks the integrity of the message in step 606 and sends an AS complete security mode message 608 to core network 106 indicating the selected encryption and integrity algorithms.
As noted above, in some cases, access network 104 may update to the new security parameters of the Access Stratum (AS), while access terminal 102 fails to update to the new AS security parameters. For example, after the message has been sent and the AS 604 security mode is complete to the access network 104, and before receiving a confirmation and / or update of the security parameters of the Access Stratum (AS), the access terminal 102 can start a mobility procedure in which the access terminal 102 generates and sends a mobility update message 610 to the access network 104. In response to the initiation of the mobility procedure, the access terminal 102 aborts the procedure so security and revert to the old security parameters of Access Stratum (AS) 612. Access terminal 102 may receive a confirmation message 614 after starting the mobility procedure, but access terminal 102 will have already aborted the procedure Access Stratum (AS) security mode and therefore will not update to the new Access Stratum (AS) security parameters even further for the access network 104.
In such cases, the mobility update message sent in step 610 is typically unencrypted, resulting in access network 104 being able to receive and process the mobility update message even when access terminal 102 is operating with the parameters of security systems of Access Stratum (AS). In the implementation illustrated in figure 6, the access network 104 receives the mobility update message 610 and responds with a mobility update confirmation 616 which is encrypted with the new AS security parameters and, therefore, is not decoded by the terminal. access 102 using the old AS security parameters. When access network 104 fails to receive a response to the mobility update confirmation message, access network 104 resends the mobility update configuration. Access terminal 102 can be adapted to keep track of the number of times it receives and fails to decode the mobility update confirmation message. After a predetermined number of attempts (N), the access terminal 102 can switch to the new AS security parameters 618. After switching to the new AS security parameters, the access terminal 102 can try to decode the confirmation message mobility update using new AS security parameters. If successful, access terminal 102 will continue to use the new AS security parameters from that point on.
According to another feature, access network 104 can be adapted to complete the security mode procedure and update its security parameters only after receiving a final confirmation message from access terminal 102. Figure 7 is a flowchart illustrating an example of a security parameter synchronization operation for an access terminal 102, access network 104 and core network 106 to facilitate the updating of security parameters in access network 104 only after the security parameters are updated in the access terminal 102. The steps shown in figure 7 correspond to the steps following all the steps described and illustrated with respect to figure 5a. That is, figure 7 should illustrate the steps to follow after the steps in figure 5a are completed.
As noted above, with reference to figure 5b, upon receipt of the Access Stratum (AS) security mode command message, the access terminal 102 verifies that the security capability is the same as that sent in the establishment message. radio resource control (RRC) connection, computes XMAC-I and verifies the integrity of the message by comparing MAC-I received with generated XMAC-I 702. If all checks are successful, then access terminal 102 sends a message security layer of complete Access Stratum (AS) 704 including a MAC-I. If the checks are not successful then an AS safety mode rejection message will have been sent. When access network 104 receives the completed AS security mode message, it checks the integrity of the message in step 706, and sends a complete AS security mode message 708 to core network 106 indicating the selected encryption and integrity algorithms.
In the implementation illustrated in figure 7, access network 104 does not complete the security mode procedure
AS upon receipt and verification of a complete AS security mode message. That is, the access network 104 is adapted to not update the new AS security parameters by receiving and verifying the complete AS security mode message 704. Instead, the access network 104 sends a confirmation message 710 to the access terminal 102. Confirmation message 710 may comprise an acknowledgment message L2. In response to receiving confirmation message 710, access terminal 102 updates to the new AS security parameters 712. Access terminal 102 can send a confirmation message 714 to access network 104. For example, the access terminal access 102 can send an L3 acknowledgment message to access network 104 to indicate that it has updated to the new AS security parameters. Access network 104 then updates to the new AS security parameters 716 in response to receipt of confirmation message 714 from access terminal 102.
According to the implementation in figure 7, if the access terminal 102 aborts the Access Stratum (AS) security mode procedure (for example, initiates a mobility procedure) after sending the complete AS security mode message 704 for access network 104, but before updating to new security parameters, access network 104 does not receive confirmation 714 and will not update to new AS security parameters. In other words, if access terminal 102 aborts the AS safe mode procedure before the procedure is completed (for example, before updating to new AS security parameters), then confirmation message 714 will not be sent and the network access 104 will not be updated to the new AS security parameters.
According to another feature, the access network 104 can be adapted to revert to the old security parameters when it appears to the access network 104 that the access terminal 102 is operating with the old security parameters while the access network 104 is operating with new security parameters. Figure 8 is a flowchart illustrating an example of a security parameter synchronization operation by an access network when the security parameters of the access network are updated and the security parameters of the access terminal are not. The steps illustrated in figure 8 correspond to the steps following all the steps described and illustrated in relation to figure 5a. That is, figure 8 is intended to illustrate the steps that follow after the steps in figure 5a have been completed.
As noted above, with reference to figure 5b, upon receipt of the Access Stratum (AS) security mode command message, access terminal 102 verifies that the security capability is the same as that sent in the connection establishment message, computes XMAC-I and verifies the integrity of the AS safe mode command message by comparing the received MAC-I with the generated XMAC-I 802. If all checks are successful, then access terminal 102 sends a complete Access Tier (AS) security mode message 804 including a MAC-I. If the checks are not successful then an AS safety mode rejection message will have been sent. When access network 104 receives this AS full security mode message 804, it verifies the integrity of message 806 and sends an AS full security mode message 808 to core network 106 indicating the selected encryption and integrity algorithms.
As noted above, in some cases, access network 104 may update to new AS security parameters while access terminal 102 fails to update to new AS security parameters. For example, after sending the complete AS security mode message 804 to the access network 104 and before receiving an acknowledgment and / or update from the access terminal to the new AS security parameters, the access terminal 102 can initiate a mobility procedure, including generating and sending an 810 mobility update message. As a result of initiating the mobility procedure, access terminal 102 aborts the AS safe mode procedure, and reverts to the security parameters Old AS 812. Access terminal 102 may receive a confirmation message 814 after the start of the mobility procedure, but access terminal 102 will have aborted the AS security mode procedure and therefore will not update to the security parameters. new AS security, even more so for the access network 104.
In such cases, the mobility update message 810 is conventionally unencrypted, so that access network 104 can receive and process the mobility update message 810 even when access terminal 102 is operating with AS security parameters. old ones. However, when the access network 104 sends a mobility update confirmation message 816, that message 816 is encrypted with the new security parameters AS and therefore will not be decryptable by the access terminal 102.
In the implementation illustrated in Figure 8, access network 104 can be adapted to send confirmation of mobility update 816 one or more times. After the access network 104 has sent the message to the access terminal 102 a specified number of times without receiving a response from the access terminal 102, the access network can be adapted to revert to the old AS security parameters 518 and resend the mobility update confirmation message 820 using the old AS security parameters. If the access network 104 receives a response to the mobility update confirmation message sent using the old AS security parameters, then the access network 104 can continue to use the old AS security parameters.
Illustrative Access Terminal Figure 9 is a block diagram illustrating the selected components of an access terminal 900 according to at least one modality. Access terminal 900 generally includes a processing circuit 902 coupled to a storage medium 904 and a wireless communications interface 906.
The processing circuit 902 is arranged to obtain, process and / or send data, access and store control data, issue commands, and control other desired operations. The processing circuit 902 may comprise the circuit set configured to implement the desired programming provided by the appropriate media in at least one embodiment. For example, processing circuit 902 can be implemented as one or more of a processor, a controller, a plurality of processors and / or structure configured to execute executable instructions including, for example, software and / or firmware instructions, and / or hardware circuit set. The processing circuit 902 modalities may include a general purpose processor, a digital signal processor (DSP), an application specific integrated circuit (ASIC), a field programmable port assembly (FPGA) or other programmable logic component, discrete gate or transistor logic, discrete hardware components or any combination of them designed to perform the functions described here. A general purpose processor can be a microprocessor, but in the alternative, the processor can be any conventional processor, controller, micro controller, or state machine. A processor can also be implemented as a combination of computing components, such as a combination of a DSP and a microprocessor, a number of microprocessors, one or more microprocessors in conjunction with a DSP core, or any other configuration. These examples of processing circuit 902 serve purposes of illustration and other suitable configurations within the scope of the present description are also contemplated.
The processing circuit 902 may include an indication of safety parameters and / or determination module 908. The indication of safety parameters and / or determination module 908 may comprise a circuit and / or programming set adapted to carry out the indication of safety parameters and / or procedures for determining safety parameters.
The storage medium 904 can represent one or more devices for storing programming and / or data, such as code or instructions executable by processor (e.g., software, firmware), electronic data, databases or other digital information. The storage medium 904 can be any available medium that can be accessed by a general purpose or special processor. By way of example and not limitation, storage medium 904 may include read-only memory (for example, ROM, EPROM, EEPROM) random access memory (RAM), magnetic disk storage media, disk storage media optical, flash memory devices, and / or other non-transitory computer-readable media for storing information. Storage medium 904 can be coupled to processing circuit 902 so that processing circuit 902 can read information from and write information to storage medium 904. Alternatively, storage medium 904 can be integral with the processing circuit processing 902.
The storage medium 904 may include operations to indicate safety parameters and / or operations to determine safety parameters 910, according to one or more modalities. The security parameter indication operations and / or the security parameter determination operations 910 can be implemented by the processing circuit 902, for example, in the security parameter indication and / or determination module 908. In some implementations, the security parameter indication operations can comprise operations that can be implemented by the processing circuit 902 to indicate a security parameter status of the access terminal 900 for an access network, such as by including an indicator in a security message. mobility update that the access terminal 900 has reverted to the old security parameters and / or the sending of a message indicating that the access terminal 900 has successfully updated the new security parameters. In some implementations, security parameter determination operations may comprise operations that can be implemented by processing circuit 902 to determine a status of security parameters in an access network for communication with access terminal 900, such as by determining failure to decode a mobility update confirmation message received from the access network.
The communications interface 906 is configured to facilitate wireless communications from the access terminal 900. For example, the communications interface 906 can be configured to communicate information in a bidirectional manner with respect to an access network and / or other access terminals. . Communications circuit 906 may be coupled to an antenna (not shown) and may include the wireless transceiver circuit assembly, including at least one transmitter 912 and / or at least one receiver 914 (for example one or more transmitter streams and receiver).
According to one or more characteristics of the access terminal 900, the processing circuit 902 can be adapted to carry out any and all processes, functions, steps and / or routines related to the various access terminals described here above with reference to the figures of 1 to 8 (for example, access terminal 102 and / or 402). As used here, the term “adapted” with respect to processing circuit 902 can refer to processing circuit 902 being one or more of those configured, employed, implemented or programmed to perform a particular process, function, step and / or routine according to the various characteristics described here. Figure 10 is a flowchart illustrating an example of an operating method on an access terminal, such as access terminal 900, to indicate to an access network when the access terminal has reverted to the old security parameters. With reference to both figures 9 and 10, an access terminal 900 can conduct a security mode procedure in step 1002. For example, processing circuit 902 can communicate with an access network via communications interface 906 to conduct the procedure safely. As part of the security mode procedure, processing circuit 902 can generate and send a full security mode message to the access network. According to at least some implementations, the security mode procedure may comprise an Access Layer (AS) security mode procedure, where processing circuit 902 generates and sends an Access Layer security mode message ( AS) complete. The processing circuit 902 can send such a complete AS safe mode message using a radio stack control layer (RRC) from the protocol stack to communicate with the access network.
In step 1004, after the access terminal 900 sends a full security mode message to the access network, a mobility procedure can be initiated while the security mode procedure is still active. For example, as a result of the mobility of the access terminal 900, the processing circuit 902 can initiate a mobility procedure. Examples of mobility procedures may include cell reselection, irrecoverable radio link control (RLC) errors, and access terminal being out of service, etc.
In response to initiating a mobility procedure before updating its security parameters (for example, before receiving a confirmation of the full security mode message or before updating in response to the confirmation), access terminal 900 aborts the safety mode procedure in progress and revert to the old safety parameters in step 1006. For example, processing circuit 902 can abort the active safety mode procedure and revert to the use of old safety parameters (for example , the old Security Stratum (AS) security parameters), in response to the initiation of the mobility procedure.
In step 1008, access terminal 900 can generate and send a mobility update message to the access network. The mobility update message includes an indicator adapted to inform the access network that the access terminal 900 has reverted to the old security parameters. For example, processing circuit 902 can be adapted to generate a mobility update message including an information element (IE) that indicates that access terminal 900 has reverted to the old security parameters by aborting the security mode procedure in progress. In at least one implementation, the security parameter indication and / or determination module 908 may comprise a security parameter indication module that is adapted to perform security parameter indication operations 910 stored in storage medium 904 for generate the mobility update message with the information element (IE) comprising a dedicated security status indicator adapted to indicate that the access terminal 900 has reverted to the old security parameters.
The processing circuit 902 can send the generated mobility update message including the indicator to the access network via the communications interface 906. The mobility update message can be sent by the processing circuit 902 as a resource control message. radio (RRC) in the radio resource control layer (RRC) of the protocol stack. According to at least some implementations, the mobility update message sent by processing circuit 902 may not be encrypted (that is, it can be decrypted) so that the access network can receive and process the message without knowledge of the parameters security measures actively implemented by the access terminal 900. The mobility update message can comprise any message resulting from the mobility of the access terminal 900 such as, for example, a cell reselection message, an unrecoverable radio link control error message (RLC), an out-of-service message, etc.
The access terminal 900 can receive, in response to the mobility update message, a mobility update confirmation message that is encrypted according to the old security parameters. For example, processing circuit 902 can receive a mobility update confirmation message via communications interface 906. The mobility update confirmation message received is encrypted according to the old security parameters and can be decoded by the circuit process 902 employing the old security parameters according to an agreed algorithm. Figure 11 is a flowchart illustrating an example of an operational method on an access terminal, such as access terminal 900, for determining the status of security parameters in an access network for communication with the access terminal. With reference to both figures 9 and 11, an access terminal 900 can conduct a security mode procedure in step 1102. For example, processing circuit 902 can communicate with an access network via communications interface 906 to conduct the safe mode procedure. As part of the security mode procedure, processing circuit 902 can generate and send a full security mode message to the access network. Processing circuit 902 can send the full security mode message as a radio resource control (RRC) message to the access network.
In step 1104, after access terminal 900 sends a full security mode message to the access network, a mobility update procedure can be started while the security mode procedure is still active. For example, as a result of the mobility of the access terminal 900, the processing circuit 902 can initiate a mobility procedure. Examples of mobility procedures may include cell reselection, unrecoverable radio link control (RLC) errors, the access terminal being out of service, etc. As part of the mobility procedure, access terminal 900 sends a mobility update message to the access network.
In response to initiating a mobility procedure, and before updating its security parameters (for example, before receiving an L2 receipt view or before updating in response to L2 confirmation), access terminal 900 aborts the safe mode procedure in progress and revert to the old security parameters in step 1106. For example, processing circuit 902 can abort the active safe mode procedure and revert to using the old security parameters as a result of initiation of the mobility procedure.
In response to the mobility update message sent to the access network as part of the mobility procedure, access terminal 900 receives a mobility update confirmation message from the access network in step 1108. For example, the processing circuit 902 can receive a mobility update confirmation message via the communications interface 906. In step 1110, processing circuit 902 attempts to decode the mobility update confirmation message using the old security parameters. For example, processing circuit 902 may include a security parameter determination module 909 adapted to perform security parameter determination operations 910 stored in storage medium 904. If processing circuit 902 can decode the confirmation message mobility update, then the access terminal sends a response message to the access network in step 1112. In that case, the response message would be encrypted using the old security parameters.
If, however, processing circuit 902 (for example, the security parameter determination module 908) is unable to decode the mobility update confirmation message, then processing circuit 902 can switch to the safety parameters new in step 1114 and you can try to decode the mobility update confirmation message using the new security parameters. According to at least one implementation, processing circuit 902 (for example, the security parameter determination module 908) can be adapted to switch to the new security parameters after some predetermined number of failed message decryption attempts mobility update confirmation (for example, one or more attempts).
If processing circuit 902 is successful in decoding the mobility update confirmation message using the new security parameters, then processing circuit 902 can be adapted to continue using the new security parameters in step 1118. The circuit Processor 902 can then send a response message to the access network via communications interface 906 using the new security parameters in step 1112. If processing circuit 902 is successful in decoding the mobility update confirmation message using the new security parameters, then the call may fail. Figure 12 is a flowchart illustrating an example of an operating method on an access terminal, such as access terminal 900, for indication to an access network when the access terminal has updated to new security parameters. With reference to both figures 9 and 12, an access terminal 900 conducting a security mode procedure can generate and send a complete security mode message to the access network in step 1202. For example, processing circuit 902 (for example, a safety parameter display module 908) can generate and send a full safety mode message via the communications interface 906. Processing circuit 902 can send the complete safety mode message as a safety message. radio resource control (RRC) for the access network.
In step 1204, processing circuit 902 can receive a confirmation message from the access network via communications interface 906. The confirmation message is received in response to the full security mode message and can comprise an L2 transmission. The confirmation message can indicate to the processing circuit 902 that the full security mode message was successfully received by the access network. In response to receiving the confirmation message, processing circuit 902 updates the security parameters of access terminal 900 to the new security parameters in step 1206.
After the access terminal 900 has been updated to the new security parameters, processing circuit 902 sends an indication to the access network in step 908 to inform the access network that the access terminal 900 has successfully updated the access parameters. new security features. For example, processing circuit 902 (for example, the security parameter display module 908) can generate and send an L3 acknowledgment message to the access network via communications interface 906 to indicate that access terminal 900 successfully updated to the new security parameters. Illustrative Network Entity Figure 13 is a block diagram illustrating selected components of a 1300 network entity according to at least one modality. According to at least some implementations, the network entity 1300 may comprise a radio network controller (RNC) of an access network, such as RNC 114 in figure 1. The network entity 1300 generally includes a processing circuit 1302 coupled to a storage medium 1304 and a communications interface 1306.
Processing circuit 1302 is arranged to obtain, process and / or send data, access and store control data, issue commands, and control other desired operations. The processing circuit 1302 may comprise a circuit set configured to implement the desired programming provided by the appropriate media in at least one embodiment. For example, processing circuit 1302 can be implemented as one or more of a processor, a controller, a plurality of processors and / or another structure configured to execute executable instructions including, for example, software and / or firmware instructions, and / or a hardware circuit set. The processing circuit 1302 modalities may include a general purpose processor, a digital signal processor (DSP), an application specific integrated circuit (ASIC), a field programmable port assembly (FPGA) or other programmable logic component, discrete gate or transistor logic, discrete hardware components or any combination thereof, designed to perform the functions described here. A general purpose processor can be a microprocessor, but in the alternative, the processor can be any conventional processor, controller, micro controller, or state machine. A processor can also be implemented as a combination of computing components, such as a combination of a DSP and a microprocessor, a number of microprocessors, one or more microprocessors in conjunction with a DSP core, or any other similar configuration. These examples of processing circuit 1302 serve purposes of illustration and other suitable configurations within the scope of the present description are also contemplated.
The processing circuit 1302 may include a reversal and / or update module for safety parameters 1308. The reversal and / or update module for safety parameters 1308 may comprise a circuit set and / or programming adapted to perform the procedures for reversion to the old security parameters and / or procedures for updating to new security parameters, according to the various implementations.
Storage medium 1304 can represent one or more devices for storing programming and / or data, such as executable code per processor or instructions (e.g., software, firmware), electronic data, databases, or other digital information. The storage medium 1304 can be any available medium that can be accessed by a general purpose or special processor. By way of example and not by limitation, storage medium 1304 may include read-only memory (for example, ROM, EPROM, EEPROM), random access memory (RAM), magnetic disk storage media, optical storage media , flash memory devices, and / or other non-transitory, computer-readable media for storing information. The storage medium 1304 can be coupled to the processing circuit 1302 so that the processing circuit 1302 can read information from, and write information to, the storage medium 1304. Alternatively, the storage medium 1304 can be integral with the processing circuit 1302.
The storage medium 1304 can include reversing operations and / or updating security parameters 1310, according to one or more modalities. Reversal and / or update of security parameters 1310 can be implemented by processing circuit 1302, for example, in the reversal and / or update of security parameters 1308. In some implementations, reversal operations of security parameters security may comprise operations that can be implemented by processing circuit 1302 to determine whether it reverts to the old security parameters to perform the rollback to the old security parameters. In some implementations, security parameter update operations may comprise operations that can be implemented by processing circuit 1302 to update security parameters.
The communications interface 1306 is configured to facilitate the wireless communications of the network entity 1300. For example, the communications interface 1306 can be configured to communicate information in a bidirectional manner with respect to one or more access terminals and / or other entities network. Communications circuit 1306 may be coupled to an antenna (not shown) and may include a wireless transceiver circuit assembly, including at least one transmitter 1312 and / or at least one receiver 1314 (for example, one or more streams of transmitter and receiver).
According to one or more characteristics of the network entity 1300, the processing circuit 1302 can be adapted to carry out any and all processes, functions, steps and / or routines related to one or more of the various network entities described here above with reference 1 to 8 (for example, an access network entity 104, such as an access node 112 and / or radio network controller (RNC) 114, or a core network entity 106, such as a node support GPRS server (SGSN) 116 and / or mobile switching center (MSC) 118). As used here, the term "adapted" in relation to processing circuit 1302 can refer to processing circuit 1302 being one or more of those configured, employed, implemented, or programmed to perform a process, function, step and / or routine in particular according to several characteristics described here. Figure 14 is a flow chart illustrating an example of an operating method on a network entity, such as network entity 1300, to determine that an access terminal has reverted to the old security parameters. With reference to both figures 13 and 14, a network entity 1300 can receive a full security mode message from an access terminal in step 1402. For example, processing circuit 1302 can receive a security mode message. complete security via communications interface 1306. In at least some implementations, the full security mode message may comprise a full Access Stratum (AS) security mode message. The full AS safe mode message can be received via communication interface 1306 in a radio stack control layer (RRC) of the protocol stack.
In response to the full security mode message received from the access terminal, the network entity 1300 can update to new security parameters for communications between the network entity 1300 and the access terminal in step 1404. In at least one In implementation, processing circuit 1302 can be adapted to update the security parameters associated with the access terminal to new security parameters in response to receiving the full security mode message. In implementations in which the full security mode message comprises a full AS security mode message, the new security parameters may comprise new Access Stratum (AS) security parameters. The processing circuit 1302 can be adapted to retain the old safety parameters for a specified period of time after updating the new safety parameters. For example, the processing circuit 1302 can store the old security parameters in the storage medium 1304 for a period of time (for example, until a communication is received from the access terminal employed the new security parameters).
In step 1406, network entity 1300 may receive a mobility update message from the access terminal, where the mobility update message includes a dedicated security status indicator adapted to indicate to network entity 1300 that the network terminal access reverted to the old security parameters. For example, processing circuit 1302 can receive the mobility update message via the communications interface 1306. The mobility update message can be received as a radio resource control (RRC) message. According to at least one implementation, the mobility update message is not encrypted, and can be read by processing circuit 1302 without first decoding the message. The mobility update message may comprise a message sent by the access terminal for reasons of mobility. By way of example and not by limitation, the mobility update message may comprise a cell reselection message, a radio link control (RLC) unrecoverable error message, an out of service message, etc.
In some implementations, the dedicated status indicator included with the mobility update message may comprise an information element (IE) adapted to indicate that the access terminal has reverted to the old security parameters. In some deployments, the dedicated status indicator included with the mobility update message may comprise one or more bits adapted to indicate that the access terminal has reverted to the old security parameters.
In step 1408, the network entity 1300 reverts to the old security parameters. For example, processing circuit 1302 may revert to the old security parameters in response to the mobility update message received including the dedicated security status indicator. In some implementations, the 1308 security parameter rollback and / or update module can perform 1310 security parameter rollback and / or update operations after receiving the dedicated security status indicator informing the network entity 1300 that the access terminal reverted to the old security parameters. As part of the 1310 security parameter rollback and / or update operations, the 1308 security parameter rollback and / or update module can retain an association between the access terminal and the old security parameters in order to override the security parameters. new security settings by previous (or old) security parameters. In this way, processing circuit 1302 can employ the old security parameters for subsequent communications with the access terminal.
In response to the received mobility update message, network entity 1300 may send a mobility update confirmation message to the access terminal at step 1410 to acknowledge receipt of the mobility update message. The mobility update confirmation message can be encrypted according to the old security parameters. In at least some implementations, processing circuit 1302 can generate a mobility update confirmation message and can encrypt the mobility update confirmation message according to the old security parameters. The processing circuit 1302 can then send the encrypted mobility update confirmation message to the access terminal via the communication interface 1306. Figure 15 is a flow chart illustrating an example of an operational method on a network entity, such as the network entity 1300, to determine that an access terminal has reverted to the old security parameters. With reference to both figures 13 and 15, a network entity 1300 can receive a full security mode message from an access terminal in step 1502. For example, processing circuit 1302 can receive a full security mode message. through the 1306 communications interface.
In response to the full security mode message received from the access terminal, the network entity 1300 can update new security parameters for communications between the network entity 1300 and the access terminal in step 1504. In at least one implementation, the Processing circuit 1302 can be adapted to update the security parameters associated with the access terminal to new security parameters in response to receiving the full security mode message. Processing circuit 1302 can be adhered to retain the old safety parameters for a specified period of time after upgrading to new safety parameters. For example, processing circuit 1302 can store old security parameters in storage medium 1304 for a period of time (for example, until a communication is received from the access terminal using the new security parameters).
In step 1506, network entity 1300 may receive a mobility update message from the access terminal. For example, processing circuit 1302 can receive the mobility update message via the communications interface 1306. The mobility update message can be received as a radio resource control (RRC) message. According to at least one implementation, the mobility update message is not encrypted, and can be read by processing circuit 1302 without decoding the message first.
In response to the received mobility update message, network entity 1300 generates and sends a mobility update confirmation message at step 1508. For example, processing circuit 1302 can generate a mobility update confirmation message and can encrypt the message according to new security parameters. The processing circuit 1302 can then send the encrypted mobility update confirmation message via the communications interface 1306 to the access terminal.
In step 1510, network entity 1300 determines whether a response to the mobility update confirmation message was received from the access terminal. For example, processing circuit 1302 can monitor communications received through communications interface 1306 by responding to the mobility update confirmation message. In at least some implementations, the 1130 security parameter rollback and / or update operations may cause the 1308 security parameter rollback and / or update module to monitor for response received. If a response is received, processing circuit 1302 can continue to use the new safety parameters.
If no response is received, then the security parameters rollback and / or update module 1308 can revert to the old security parameters in step 1512 to determine whether the access terminal is employing the old security parameters. In some implementations, processing circuit 1302 (for example, reversing and / or updating security parameters 1310) can be adapted to resend the mobility update confirmation message after a failure to receive a response and awaits another response to the resubmitted mobility update confirmation message. If no response is received after a predetermined number of times the mobility update confirmation message has been sent, processing circuit 1302 (for example, reversing and / or updating security parameters 1310) can be adapted to revert to the old security parameters to determine if the access terminal is employing the old security parameters.
Using the old security parameters, network entity 1300 generates and sends another mobility update confirmation message in step 1514. In some implementations, processing circuit 1302 can generate a mobility update confirmation message and can encrypt the message. Unlike previous mobility update confirmation messages encrypted according to the new security parameters, this mobility update confirmation message is encrypted according to the old security parameters. The processing circuit 1302 can then send the encrypted mobility update confirmation message via the communications interface 1306 to the access terminal.
In step 1516, network entity 1300 determines whether a response to the encrypted mobility update confirmation message according to the old security parameters was received from the access terminal. For example, processing circuit 1302 can monitor communications received through communications interface 1306 for a response to the mobility update confirmation message. If a response is received for the encrypted mobility update confirmation message according to the old security parameters, the 1308 security parameters rollback and / or update module can determine that the access terminal has reverted to the security parameters and can cause the network entity 1300 to continue to use the old security parameters in step 1518. If no response is received for the encrypted mobility update confirmation message according to the old security parameters, the circuit Processing 1302 can cause the call to fail with the access terminal. Figure 16 is a flowchart illustrating an example of an operating method on a network entity, such as network entity 1300 for updating the old security parameters to the new security parameters after the access terminal has updated to the parameters new security features. With reference to both figures 13 and 16, a network entity 1300 can receive a full security mode message from an access terminal in step 1602. For example, processing circuit 1302 can receive a full security mode message. through the 1306 communications interface.
In response to the full security mode message, network entity 1300 sends a confirmation message to the access terminal at step 1604. The confirmation message can comprise an L2 transmission adapted to indicate to the access terminal that the security message Full security mode has been successfully received and verified by the network entity. According to at least one implementation, the processing circuit 1302 can generate and send the confirmation message to the access terminal via the communications interface 1306.
In step 1606, network entity 1300 receives a confirmation message from the access terminal. The confirmation message received may comprise an L3 confirmation message adapted to indicate that the access terminal has successfully updated the new security parameters. In at least one implementation, processing circuit 1302 (for example, the reversing and / or updating module of safety parameters 1308) can receive confirmation message L3 via communications interface 1306.
In response to receiving the confirmation message from the access terminal, the network entity 1300 can update the new security parameters for communications between the network entity 1300 and the access terminal in step 1608. For example, the processing circuit 1302 (for example, the security parameters rollback and / or update module 1308) can update the security parameters associated with the access terminal to the new security parameters in response to receiving the adapted confirmation message to indicate that the access terminal updated to the new security parameters. The processing circuit 1302 can then employ the new security parameters for subsequent communications with the access terminal.
One or more components, steps, characteristics and / or functions illustrated in figures 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 and / or 16 may have new provision and / or can be combined into a single component, step, characteristic or function or embodied in several components, steps or functions. Additional elements, components, steps and / or functions can also be added without departing from this description. The apparatus, devices and / or components illustrated in figures 1, 4, 9 and / or 13 can be configured to carry out one or more of the methods, characteristics or steps described with reference to figures 2, 3, 5, 6, 7, 8 , 10, 11, 12, 14, 15 and / or 16. The novelty algorithms described here can also be efficiently implemented in software and / or embedded in hardware.
In addition, it is noted that at least some implementations have been described as a process that is presented as a flowchart, a block diagram, a structure diagram, or a process diagram. Although a flowchart can describe operations as a sequential process, many of the operations can be performed in parallel or simultaneously. In addition, in order that the operations may have a new disposition, a process is terminated when its operations are completed. A process can correspond to a method, a function, a procedure, a subroutine, a subprogram, etc. When a process corresponds to a function, its thermal corresponds to a return from the function to the calling function or main function.
In addition, the modalities can be implemented by hardware, software, firmware, middleware, micro code or any combination thereof. When implemented in software, firmware, middleware or micro code, the program code or code segments to perform the necessary tasks can be stored in a machine-readable medium such as a storage medium or other stores. A processor can perform the necessary tasks. A code segment can represent a procedure, a function, a subprogram, a program, a routine, a subroutine, a module, a software package, a class or any combination of instructions, data structures, or program statements . A code segment can be coupled to another code segment by a hardware circuit by passing and / or receiving information, data, arguments, parameters, or memory content. Information, arguments, parameters, data, etc. they can be passed, sent or transmitted by any suitable means including memory sharing, message passing, token passing, network transmission, etc.
The terms "machine-readable medium", "computer-readable medium" and / or "processor-readable medium" may include, but are not limited to, portable or fixed storage devices, optical storage devices, and various other non-transitory media able to store, contain or carry instructions and / or data. In this way, the various methods described here can be partially or completely implemented by instructions and / or data that can be stored in a "machine-readable medium", "computer-readable medium" and / or "processor-readable medium" and executed by one or more processors, machines and / or devices.
The methods or algorithms described in relation to the examples described here can be embodied directly in hardware, in a software module executable by a processor or in a combination of both, in the form of a processing unit, programming instructions, or other instructions, and it can be contained on a single device or distributed across multiple devices. A software module can reside in RAM memory, flash memory, ROM memory, EPROM memory, EEPROM memory, registers, hard disk, removable disk, CD-ROM, or any other form of non-transitory storage medium known in the art. A storage medium can be coupled to the processor so that the processor can read information from and write information to the storage medium. Alternatively, the storage medium can be integral to the processor.
Those skilled in the art will additionally appreciate that the various logic blocks, modules, circuits and illustrative algorithm steps described in relation to the modalities described here can be implemented as electronic hardware, computer software, or combinations of both. In order to clearly illustrate this ability to exchange hardware and software, several illustrative components, blocks, modules, circuits and steps have been described above generally in terms of their functionality.
Whether such functionality will be implemented as hardware or software depends on the particular application and the design restrictions applied to the system as a whole.
The various features of the invention described here can be implemented in different systems without departing from the invention. It should be noted that the above modalities are merely illustrative and should not be considered as limiting the invention. The description of the modalities must be illustrative and does not limit the scope of the description. As such, the present teachings can be readily applied to other types of apparatus and many alternatives, modifications and variations will be apparent to those skilled in the art.

权利要求:
Claims (15)
[0001]
1. Access terminal (900), comprising: means for conducting a security mode procedure to reconfigure security parameters of the access terminal (902, 910); means for initiating a mobility procedure while the safety mode procedure is in progress (902, 910); means for aborting the safety mode procedure and reverting to old safety parameters as a result of initiating the mobility procedure (902, 910); the access terminal characterized by the fact that it additionally comprises: means for sending a mobility update message including a dedicated status indicator adapted to indicate that the access terminal has reverted to the old security parameters (902, 914).
[0002]
2. Access terminal, according to claim 1, characterized by the fact that the security mode procedure comprises an access layer security mode procedure using a radio resource control layer, RRC, from a stack protocols for reconfiguring Access Layer security parameters for the access terminal.
[0003]
3. Access terminal according to claim 1, characterized by the fact that the means are provided by a wireless communications interface adapted to facilitate wireless communications and a processing circuit, the processing circuit additionally adapted to: generate and sending a full security mode message to the access network via the wireless communications interface as part of the security mode procedure (804).
[0004]
4. Access terminal, according to claim 1, characterized by the fact that the mobility update message comprises: (i) a radio resource control message, RRC; or (ii) one of a cell reselection message, an unrecoverable radio link control error message, RLC, or an out of service message.
[0005]
5. Access terminal, according to claim 1, characterized by the fact that the dedicated security status indicator comprises: (i) an information element, IE, of the mobility update message; or (ii) one or more bits of the mobility update message.
[0006]
6. Access terminal according to claim 1, characterized by the fact that the means are provided by a wireless communications interface adapted to facilitate wireless communications and a processing circuit, the processing circuit is additionally adapted to abort the safety mode procedure and revert to the old safety parameters when a confirmation message is not received from the access network before the mobility procedure is started.
[0007]
7. Access terminal according to claim 1, characterized by the fact that the means are provided by a wireless communications interface adapted to facilitate wireless communications and a processing circuit, the processing circuit additionally adapted to: receive a mobility update confirmation message from the access network, in which the mobility update confirmation message is encrypted according to the old security parameters.
[0008]
8. An operational method in an access terminal, comprising: conducting a security mode procedure to reconfigure security parameters of the access terminal (1002); initiate a mobility procedure while the safety mode procedure is in progress (1004); abort the safety mode procedure and revert to old safety parameters as a result of initiating the mobility procedure (1006); the method characterized by the fact that it additionally comprises: sending a mobility update message including a dedicated status indicator adapted to indicate that the access terminal has reverted to the old security parameters (1008).
[0009]
9. Method, according to claim 8, characterized by the fact that: starting the mobility procedure comprises starting a cell update procedure; and sending the mobility update message comprises sending a cell update message from one of a cell reselection message, an unrecoverable radio link control error message, RLC, or an out of service message.
[0010]
10. Method, according to claim 8, characterized by the fact that sending the mobility update message including the dedicated status indicator adapted to indicate that the access terminal has reverted to the old security parameters comprises: sending the message of mobility update including: (i) an information element, IE, adapted to indicate that the access terminal has reverted to the old security parameters; or (ii) one or more bits adapted to indicate that the access terminal has reverted to the old security parameters.
[0011]
11. Operational method in a network entity, comprising: receiving a complete security mode message from an access terminal (1402; 1502); update to new security parameters in response to the full security mode message (1404, 1504); and revert to the old security parameters; the method characterized by the fact that it additionally comprises: receiving a mobility update message from the access terminal, the mobility update message including a dedicated security status indicator adapted to indicate that the access terminal has reverted to old security parameters (1406); where the step to revert to the old security parameters occurs in response to the mobility update message received (1408).
[0012]
12. Method, according to claim 11, characterized by the fact that it additionally comprises: sending a mobility update confirmation message to the access terminal, in which the mobility update confirmation message is encrypted according to old security parameters (1514).
[0013]
13. A network entity (1300), comprising: means for receiving a full security mode message from an access terminal (1314); means for updating to new security parameters in response to the full security mode message (1302, 1308, 1310); and means to revert to the old security parameters (1302, 1308, 1310); the network entity characterized by the fact that it further comprises: means for receiving a mobility update message from the access terminal (1314), the mobility update message including a dedicated security status indicator adapted to indicate that the access terminal access reverted to old security parameters; where the means to revert to the old security parameters respond to the mobility update message received.
[0014]
14. Network entity according to claim 13, characterized by the fact that the network entity comprises a radio network controller, RNC, (114).
[0015]
15. Memory characterized by the fact that it comprises instructions stored therein, instructions being executed by a computer to carry out the method as defined in any of claims 8 to 10 or 11 and 12.

类似技术:

---

公开号 | 公开日 | 专利标题

---

BR112012032233B1|2021-03-02|methods and devices to facilitate synchronization of security settings

---

BR112019019747A2|2020-04-14|improved registration procedure on a mobile system supporting network slicing

---

BRPI0808920A2|2014-09-02|DISTRIBUTION OF USER PROFILE, POLICY, AND PMIP KEY IN A WIRELESS COMMUNICATION NETWORK.

---

BRPI1008831B1|2022-01-18|METHOD FOR TRADING CRYPTOGRAPHY ALGORITICS AND CORE NETWORK ELEMENT

---

JP6902594B2|2021-07-14|Security when moving between systems

---

WO2019213946A1|2019-11-14|Subscriber identity privacy protection against fake base stations

---

US20210021993A1|2021-01-21|Subscriber identity privacy protection and network key management

---

BR112020014278A2|2020-12-08|METHOD AND APPARATUS FOR MULTIPLE RECORDS

---

BR112020002515A2|2020-08-04|triggering network authentication method and related device

---

ES2882071T3|2021-12-01|Network node for use in a communication network, communication device and methods of operation thereof

---

JP6651613B2|2020-02-19|Wireless communication

---

US20210297400A1|2021-09-23|Secured Authenticated Communication between an Initiator and a Responder

---

BR112020019602A2|2021-01-05|METHOD ON A WIRELESS DEVICE, METHOD ON ONE OR MORE NETWORK Nodes AND WIRELESS DEVICE CONFIGURED TO OPERATE ON A WIRELESS NETWORK

---

WO2020221175A1|2020-11-05|Registration method and apparatus

---

BR112021005537A2|2021-06-29|systems and method for message security protection in

---

BR112012007687B1|2021-10-19|METHOD FOR USE IN A SERVER RADIO NETWORK CONTROLLER AND APPARATUS FOR USE IN A RADIO NETWORK CONTROLLER

---

BR112012031924B1|2021-09-21|METHOD AND EQUIPMENT TO LINK SUBSCRIBER AUTHENTICATION AND DEVICE AUTHENTICATION IN COMMUNICATION SYSTEMS

---

BRPI1106663A2|2013-03-05|Methods and apparatus for storing and executing access control clients

同族专利:

---

公开号 | 公开日

---

US20160105800A1|2016-04-14|

---

US20110312299A1|2011-12-22|

---

RU2523695C1|2014-07-20|

---

SG185542A1|2012-12-28|

---

WO2011160073A1|2011-12-22|

---

KR101514579B1|2015-04-22|

---

CA2799467A1|2011-12-22|

---

IL226124A|2016-05-31|

---

JP2014116961A|2014-06-26|

---

KR20130054317A|2013-05-24|

---

JP2013535147A|2013-09-09|

---

CN105682091B|2019-08-27|

---

BR112012032233A2|2016-11-22|

---

HK1180509A1|2013-10-18|

---

UA105438C2|2014-05-12|

---

AU2011268157B2|2014-02-06|

---

CN105682091A|2016-06-15|

---

IL223057A|2016-07-31|

---

JP5462411B2|2014-04-02|

---

AR082765A1|2013-01-09|

---

ES2549496T3|2015-10-28|

---

AU2011268157A1|2012-12-06|

---

MX2012014243A|2013-01-28|

---

CA2799467C|2020-03-31|

---

RU2013102262A|2014-07-27|

---

TWI463856B|2014-12-01|

---

CN102948208B|2016-03-30|

---

US9930530B2|2018-03-27|

---

ZA201300462B|2018-12-19|

---

EP2583497B1|2015-08-26|

---

CN102948208A|2013-02-27|

---

IL226124D0|2013-06-27|

---

IL223057D0|2013-02-03|

---

TW201208329A|2012-02-16|

---

EP2583497A1|2013-04-24|

引用文献:

---

公开号 | 申请日 | 公开日 | 申请人 | 专利标题

---

---

US20020157024A1|2001-04-06|2002-10-24|Aki Yokote|Intelligent security association management server for mobile IP networks|

---

US7020455B2|2001-11-28|2006-03-28|Telefonaktiebolaget L M Ericsson |Security reconfiguration in a universal mobile telecommunications system|

---

CN100403673C|2002-12-26|2008-07-16|成都卫士通信息产业股份有限公司|Seamless key exchanging technology based on secret communication|

---

US7233671B2|2003-02-13|2007-06-19|Innovative Sonic Limited|Method for storing a security start value in a wireless communications system|

---

CN100591005C|2004-01-17|2010-02-17|神州亿品科技有限公司|Group key consultation and updating method for wireless LAN|

---

KR101213285B1|2006-01-04|2012-12-17|삼성전자주식회사|METHOD AND APPRATUS FOR Session Initiation Protocol DATA TRANSMISSION OF IDLE MODE USER EQUIPMENT IN A MOBILE COMMUNICATION SYSTEM|

---

CN101030849B|2006-03-01|2010-10-27|华为技术有限公司|Method and system for realizing packet key synchronization between multiple base stations|

---

US8948393B2|2006-04-28|2015-02-03|Qualcomm Incorporated|Uninterrupted transmission during a change in ciphering configuration|

---

DE102006038037A1|2006-08-14|2008-02-21|Siemens Ag|Method and system for providing an access-specific key|

---

GB0619499D0|2006-10-03|2006-11-08|Lucent Technologies Inc|Encrypted data in a wireless telecommunications system|

---

WO2008054158A2|2006-11-01|2008-05-08|Lg Electronics Inc.|Methods of transmitting and receiving downlink data in wireless communication system|

---

WO2008115447A2|2007-03-15|2008-09-25|Interdigital Technology Corporation|Methods and apparatus to facilitate security context transfer, rohc and pdcp sn context reinitialization during handover|

---

KR20080101185A|2007-05-16|2008-11-21|삼성전자주식회사|Mobile station skipping neighbor cell measurement process during sleep mode and power control method thereof|

---

US7817595B2|2007-05-17|2010-10-19|Htc Corporation|Communication system, user device thereof and synchronization method thereof|

---

JP4394730B1|2008-06-27|2010-01-06|株式会社エヌ・ティ・ティ・ドコモ|Mobile communication method and mobile station|

---

KR101475349B1|2008-11-03|2014-12-23|삼성전자주식회사|Security method and apparatus related mobile terminal security capability in mobile telecommunication system|

---

US8494451B2|2009-01-30|2013-07-23|Nokia Corporation|Method, apparatus and computer program product for providing ciphering problem recovery for unacknowledged mode radio bearer|

---

US9270706B2|2010-01-28|2016-02-23|Telefonaktiebolaget L M Ericsson |Method and arrangement for managing security reconfiguration in a cellular communication system|

---

US20110312299A1|2010-06-18|2011-12-22|Qualcomm Incorporated|Methods and apparatuses facilitating synchronization of security configurations|JP4818345B2|2007-12-05|2011-11-16|イノヴァティヴソニックリミテッド|Method and communication apparatus for processing security key change|

---

US20110312299A1|2010-06-18|2011-12-22|Qualcomm Incorporated|Methods and apparatuses facilitating synchronization of security configurations|

---

GB2480127B|2011-04-01|2012-05-16|Renesas Mobile Corp|Method, apparatus and computer program product for security configuration coordination during a cell update procedure|

---

US8417220B2|2011-04-01|2013-04-09|Renesas Mobile Corporation|Method, apparatus and computer program product for security configuration coordination during a cell update procedure|

---

WO2013086410A2|2011-12-08|2013-06-13|Interdigital Patent Holdings, Inc.|High-rate dual-band cellular communications|

---

CN103188663B|2011-12-27|2016-08-03|华为技术有限公司|The safe communication method of carrier aggregation and equipment between base station|

---

US9179309B2|2013-09-13|2015-11-03|Nvidia Corporation|Security mode configuration procedures in wireless devices|

---

US9338136B2|2013-12-05|2016-05-10|Alcatel Lucent|Security key generation for simultaneous multiple cell connections for mobile device|

---

GB2532043B|2014-11-06|2021-04-14|Honeywell Technologies Sarl|Methods and devices for communicating over a building management system network|

---

KR102213885B1|2014-11-28|2021-02-08|삼성전자주식회사|Apparatus and method for controlling security mode in wireless communication system|

---

JP6504630B2|2015-04-08|2019-04-24|華為技術有限公司Ｈｕａｗｅｉ Ｔｅｃｈｎｏｌｏｇｉｅｓ Ｃｏ．，Ｌｔｄ．|GPRS system key reinforcement method, SGSN device, UE, HLR / HSS, and GPRS system|

---

US20170019921A1|2015-07-16|2017-01-19|Qualcomm Incorporated|Ue recovery mechanism during hs-scch decode failure|

---

KR20170011216A|2015-07-22|2017-02-02|삼성전자주식회사|User equipment in mobile communication system and control method thereof|

---

US10555177B2|2015-10-05|2020-02-04|Telefonaktiebolaget Lm Ericsson |Method of operation of a terminal device in a cellular communications network|

---

RU2712428C2|2015-11-02|2020-01-28|Телефонактиеболагет Лм Эрикссон |Wireless communication|

---

US10298549B2|2015-12-23|2019-05-21|Qualcomm Incorporated|Stateless access stratum security for cellular internet of things|

---

US10028307B2|2016-01-13|2018-07-17|Qualcomm Incorporated|Configurable access stratum security|

---

WO2018138379A1|2017-01-30|2018-08-02|Telefonaktiebolaget Lm Ericsson |Methods for integrity protection of user plane data|

---

US10123210B2|2017-03-17|2018-11-06|Nokia Of America Corporation|System and method for dynamic activation and deactivation of user plane integrity in wireless networks|

---

CN109874139B|2017-05-05|2020-02-07|华为技术有限公司|Anchor key generation method, device and system|

---

WO2018201506A1|2017-05-05|2018-11-08|华为技术有限公司|Communication method and related device|

---

JP6977153B2|2017-10-02|2021-12-08|テレフオンアクチーボラゲット エルエム エリクソン（パブル）|Access stratum security in wireless communication systems|

法律状态:
2018-12-26| B06F| Objections, documents and/or translations needed after an examination request according [chapter 6.6 patent gazette]|

---

2020-05-12| B15K| Others concerning applications: alteration of classification|Free format text: AS CLASSIFICACOES ANTERIORES ERAM: H04W 36/00 , H04W 12/04 , H04L 29/06 Ipc: H04L 29/06 (2006.01), H04W 12/02 (2009.01) |

---

2020-05-12| B06U| Preliminary requirement: requests with searches performed by other patent offices: procedure suspended [chapter 6.21 patent gazette]|

---

2020-12-08| B09A| Decision: intention to grant [chapter 9.1 patent gazette]|

---

2021-03-02| B16A| Patent or certificate of addition of invention granted|Free format text: PRAZO DE VALIDADE: 20 (VINTE) ANOS CONTADOS A PARTIR DE 17/06/2011, OBSERVADAS AS CONDICOES LEGAIS. |

优先权:

---

申请号 | 申请日 | 专利标题

---

US35646410P| true| 2010-06-18|2010-06-18|

---

US61/356,464|2010-06-18|

---

US13/162,313|US20110312299A1|2010-06-18|2011-06-16|Methods and apparatuses facilitating synchronization of security configurations|

---

US13/162,313|2011-06-16|

---

PCT/US2011/040964|WO2011160073A1|2010-06-18|2011-06-17|Methods and apparatuses facilitating synchronization of security configurations|

---