公开(公告)号：AU2011239421B2

公开(公告)日：2014-06-05

申请号：AU2011239421

申请日：2011-04-15

Applicant: QUALCOMM INC

Inventor： ESCOTT ADRIAN EDWARD ,  PALANIGOUNDER ANAND

IPC: H04W36/00 ,  H04W12/04

Abstract: Disclosed is a method for transitioning a remote station from a current serving network node having an enhanced security context to a new serving network node. In the method, the remote station provides at least one legacy key, and generates at least one session key based on an information element associated with the enhanced security context. The remote station forwards a first message having the information element to the new serving network node. The remote station receives a second message, from the new serving network node, having a response based on either the legacy key or the session key. The remote station determines that the new serving network node does not support the enhanced security context if the response of the second message is based on the legacy key. Accordingly, the remote station protects communications based on the legacy key upon determining that the enhanced security context is not supported.

公开(公告)号：AU2011268287A1

公开(公告)日：2013-01-17

申请号：AU2011268287

申请日：2011-06-16

Applicant: QUALCOMM INC

Inventor： ESCOTT ADRIAN EDWARD ,  PALANIGOUNDER ANAND

IPC: H04W12/04 ,  H04L29/06 ,  H04W36/00 ,  H04W36/12 ,  H04W36/14

Abstract: Disclosed is a method for transitioning an enhanced security context from a UTRAN/GERAN-based serving network to an E-UTRAN-based serving network. In the method, the remote station the remote station generates first and second session keys, in accordance with the enhanced security context, using a first enhanced security context root key associated with a UTRAN/GERAN-based serving network and a first information element. The remote station receives a first message from the E-UTRAN-based serving network. The first message signals to the remote station to generate a second enhanced security context root key for use with the E-UTRAN-based serving network. The remote station generates, in response to the first message, the second enhanced security context root key from the first enhanced security context root key using the s first and second session keys as inputs. The remote station protects wireless communications, on the E-UTRAN-based serving network, based on the second enhanced security context root key.

公开(公告)号：SG185662A1

公开(公告)日：2012-12-28

申请号：SG2012085106

申请日：2011-06-16

Applicant: QUALCOMM INC

Inventor： ESCOTT ADRIAN EDWARD ,  PALANIGOUNDER ANAND

Abstract: An authentication method is provided between a device (e.g., a client device or access terminal) and a network entity. A removable storage device may be coupled to the device and stores a subscriber-specific key that may be used for subscriber authentication. A secure storage device may be coupled to the device and stores a device-specific key used for device authentication. Subscriber authentication may be performed between the device and a network entity. Device authentication may also be performed of the device with the network entity. A security key may then be generated that binds the subscriber authentication and the device authentication. The security key may be used to secure communications between the device and a serving network.

公开(公告)号：AR081175A1

公开(公告)日：2012-07-04

申请号：ARP110101317

申请日：2011-04-15

Applicant: QUALCOMM INC

Inventor： PALANIGOUNDER ANAND ,  ESCOTT ADRIAN EDWARD

IPC: H04L29/06 ,  H04L9/08

Abstract: Método para establecer un contexto de seguridad aumentado entre una estación remota y una red servidora. En el método, la estación remota envía un primer mensaje a la red servidora, en donde el primer mensaje incluye un elemento de información que senaliza que la estación remota soporta un contexto de seguridad aumentado. La estación remota genera al menos una clave de sesión, de acuerdo con el contexto de seguridad aumentado, usando el elemento de información. La estación remota recibe, en respuesta al primer mensaje, un segundo mensaje con una indicación que la red servidora soporta el contexto de seguridad aumentado. La estación remota, en respuesta al segundo mensaje, tiene las comunicaciones inalámbricas protegidas por al menos una clave de sesión.

公开(公告)号：CA2802488A1

公开(公告)日：2011-12-22

申请号：CA2802488

申请日：2011-06-16

Applicant: QUALCOMM INC

Inventor： ESCOTT ADRIAN EDWARD ,  PALANIGOUNDER ANAND

IPC: H04W12/04 ,  H04L29/06 ,  H04W36/00 ,  H04W36/12 ,  H04W36/14

Abstract: Disclosed is a method for transitioning an enhanced security context from a UTRAN/GERAN-based serving network to an E-UTRAN-based serving network. In the method, the remote station the remote station generates first and second session keys, in accordance with the enhanced security context, using a first enhanced security context root key associated with a UTRAN/GERAN-based serving network and a first information element. The remote station receives a first message from the E-UTRAN-based serving network. The first message signals to the remote station to generate a second enhanced security context root key for use with the E-UTRAN-based serving network. The remote station generates, in response to the first message, the second enhanced security context root key from the first enhanced security context root key using the s first and second session keys as inputs. The remote station protects wireless communications, on the E-UTRAN-based serving network, based on the second enhanced security context root key.

公开(公告)号：CA2800941A1

公开(公告)日：2011-12-22

申请号：CA2800941

申请日：2011-06-16

Applicant: QUALCOMM INC

Inventor： ESCOTT ADRIAN EDWARD ,  PALANIGOUNDER ANAND

IPC: H04W12/04 ,  H04L29/06

Abstract: An authentication method is provided between a device (e.g., a client device or access terminal) and a network entity. A removable storage device may be coupled to the device and stores a subscriber-specific key that may be used for subscriber authentication. A secure storage device may be coupled to the device and stores a device-specific key used for device authentication. Subscriber authentication may be performed between the device and a network entity. Device authentication may also be performed of the device with the network entity. A security key may then be generated that binds the subscriber authentication and the device authentication. The security key may be used to secure communications between the device and a serving network.

公开(公告)号：CA2796511A1

公开(公告)日：2011-10-20

申请号：CA2796511

申请日：2011-04-15

Applicant: QUALCOMM INC

Inventor： ESCOTT ADRIAN EDWARD ,  PALANIGOUNDER ANAND

IPC: H04W36/00 ,  H04W12/04

Abstract: Disclosed is a method for transitioning a remote station from a current serving network node having an enhanced security context to a new serving network node. In the method, the remote station provides at least one legacy key, and generates at least one session key based on an information element associated with the enhanced security context. The remote station forwards a first message having the information element to the new serving network node. The remote station receives a second message, from the new serving network node, having a response based on either the legacy key or the session key. The remote station determines that the new serving network node does not support the enhanced security context if the response of the second message is based on the legacy key. Accordingly, the remote station protects communications based on the legacy key upon determining that the enhanced security context is not supported.

公开(公告)号：WO2011159948A3

公开(公告)日：2012-04-19

申请号：PCT/US2011040773

申请日：2011-06-16

Applicant: QUALCOMM INC ,  ESCOTT ADRIAN EDWARD ,  PALANIGOUNDER ANAND

Inventor： ESCOTT ADRIAN EDWARD ,  PALANIGOUNDER ANAND

IPC: H04W12/04 ,  H04L29/06 ,  H04W36/00 ,  H04W36/12 ,  H04W36/14

CPC classification number: H04W12/04 ,  H04L9/08 ,  H04L63/06 ,  H04W36/0038

Abstract: Disclosed is a method for transitioning an enhanced security context from a UTRAN/GERAN-based serving network to an E-UTRAN-based serving network. In the method, the remote station the remote station generates first and second session keys, in accordance with the enhanced security context, using a first enhanced security context root key associated with a UTRAN/GERAN-based serving network and a first information element. The remote station receives a first message from the E-UTRAN-based serving network. The first message signals to the remote station to generate a second enhanced security context root key for use with the E-UTRAN-based serving network. The remote station generates, in response to the first message, the second enhanced security context root key from the first enhanced security context root key using the s first and second session keys as inputs. The remote station protects wireless communications, on the E-UTRAN-based serving network, based on the second enhanced security context root key.

Abstract translation: 公开了一种用于将增强的安全上下文从基于UTRAN / GERAN的服务网络转换到基于E-UTRAN的服务网络的方法。 在该方法中，远程站使用与基于UTRAN / GERAN的服务网络和第一信息元素相关联的第一增强型安全上下文根密钥，根据增强的安全上下文生成第一和第二会话密钥。 远程站从基于E-UTRAN的服务网络接收第一消息。 第一消息向远程站发信号以产生用于与基于E-UTRAN的服务网络一起使用的第二增强安全上下文根密钥。 响应于第一消息，远程站使用第一和第二会话密钥作为输入，从第一增强安全上下文根密钥生成第二增强安全上下文根密钥。 远程站基于第二增强安全上下文根密钥来保护基于E-UTRAN的服务网络上的无线通信。

公开(公告)号：WO2011133912A2

公开(公告)日：2011-10-27

申请号：PCT/US2011033642

申请日：2011-04-22

Applicant: QUALCOMM INC ,  ESCOTT ADRIAN EDWARD ,  PALANIGOUNDER ANAND ,  ROSENBERG BRIAN M

Inventor： ESCOTT ADRIAN EDWARD ,  PALANIGOUNDER ANAND ,  ROSENBERG BRIAN M

IPC: H04L29/06

CPC classification number: H04W12/06 ,  H04L63/0823 ,  H04L63/0869 ,  H04W48/02 ,  H04W76/02 ,  H04W88/02

Abstract: A method and apparatus are provided for a subsidizing service provider entity to personalize a subscriber device to ensure the subscriber device cannot be used in a network of a different service provider entity. As the service provider entity subsidizes the subscriber device, it desires to ensure that subscriber device is personalized such that the subscriber device may operate only in its network and not a network of a different service provider entity. The subscriber device is pre-configured with a plurality of provider-specific and/or unassociated root certificates by the manufacturer of the subscriber device. A communication service is established between the service provider entity and the subscriber device allowing for the mutual authentication of the subscriber device and the service provider entity. After mutual authentication, the service provider entity sends a command to the subscriber device to disable/delete some/all root certificates that are unassociated with the service provider entity.

Abstract translation: 提供了一种用于补贴服务提供商实体个性化用户设备以确保订户设备不能在不同服务提供商实体的网络中使用的方法和装置。 当服务提供商实体补贴订户设备时，它希望确保用户设备被个性化，使得用户设备可以仅在其网络而不是不同服务提供商实体的网络中操作。 订户设备由用户设备的制造商预先配置有多个提供商特定的和/或未相关的根证书。 在服务提供商实体和订户设备之间建立通信服务，允许用户设备和服务提供商实体的相互认证。 在相互认证之后，服务提供商实体向订户设备发送命令以禁用/删除与服务提供商实体不相关的一些/所有根证书。

公开(公告)号：WO2011133884A2

公开(公告)日：2011-10-27

申请号：PCT/US2011033607

申请日：2011-04-22

Applicant: QUALCOMM INC ,  DHARMARAJU DINESH ,  ESCOTT ADRIAN EDWARD ,  SURESHCHANDRAN SWAMINATHAN ,  KUMAR VANITHA ARAVADMUDHAN ,  KITAZOE MASATO ,  IYER REKHA S

Inventor： DHARMARAJU DINESH ,  ESCOTT ADRIAN EDWARD ,  SURESHCHANDRAN SWAMINATHAN ,  KUMAR VANITHA ARAVADMUDHAN ,  KITAZOE MASATO ,  IYER REKHA S

IPC: H04L29/06 ,  H04W12/04

CPC classification number: H04W12/04 ,  H04L2463/061

Abstract: A method and apparatus are provided for reducing latency and/or delays in performing a security activation exchange between a communication device and a network entity. The communication device may pre-compute a plurality of possible keys using a base key and a plurality of possible inputs in anticipation of receiving an indicator from the network entity that identifies a selected input to be used in generating a corresponding selected key. An indicator is then received from the network entity, where the indicator identifies the selected input from among the plurality of possible inputs. The communication device then selects a first key among the pre-computed plurality of possible keys as the selected key upon receipt of the indicator, wherein the first key is selected because it was pre-computed using the selected input. Because the first key is pre-computed, delays in responding to the network entity are reduced.

Abstract translation: 提供了一种用于减少在通信设备和网络实体之间执行安全激活交换的等待时间和/或延迟的方法和装置。 通信设备可以使用基本密钥和多个可能的输入来预先计算多个可能的密钥，预期从网络实体接收标识要用于生成相应的所选密钥的所选择的输入的指示符。 然后从网络实体接收指示符，其中指示符从多个可能输入中识别所选择的输入。 然后，通信设备在接收到指示符之后，将预先计算的多个可能密钥中的第一密钥选择为所选择的密钥，其中，由于使用所选择的输入预先计算了第一密钥。 因为第一个密钥是预先计算的，所以减少了响应网络实体的延迟。