公开(公告)号：SG11201912077YA

公开(公告)日：2020-02-27

申请号：SG11201912077Y

申请日：2018-07-16

Applicant: QUALCOMM INC

Inventor： LEE SOO BUM ,  ESCOTT ADRIAN ,  PALANIGOUNDER ANAND

IPC: H04W36/00

Abstract: Methods, systems, and devices for wireless communication are described that support security key derivation for handover. A network entity (e.g., an access and mobility function (AMF)) may establish an access stratum (AS) key to ensure secure communications between a user equipment (UE) and a base station. If the UE relocates to a new network entity (e.g., target network entity), the initial network entity (e.g., source network entity) may perform a handover procedure to the target network entity. In some aspects, the network entities may derive a unified AS key for the handover procedure. Additionally, the network entities may utilize one or more intermediate keys (e.g., refreshed intermediate keys) derived from, in part, respective freshness parameters for the handover procedure. The target network entity may then utilize the derived intermediate keys to derive the AS key for the handover procedure and establish communications with the UE.

公开(公告)号：NZ723094A

公开(公告)日：2018-11-30

申请号：NZ72309415

申请日：2015-01-30

Applicant: QUALCOMM INC

Inventor： CHENG HONG ,  BAGHEL SUDHIR ,  ESCOTT ADRIAN

IPC: H04L29/06 ,  H04W12/10

Abstract: Methods, systems, and devices for device-to-device (D2D) wireless communication are disclosed. In an embodiment, a method includes receiving a timing variable and a timing offset allowance from a network at a device, the timing variable being received while the device is in a connected mode. The device may then use the timing variable and the timing offset for D2D discovery message authentication by comparing the timing variable with a local timing variable to determine whether a difference between the two variables is within the timing offset allowance. Embodiments of the disclosure may enhance the security of devices participating in D2D discovery communications.

公开(公告)号：SG182649A1

公开(公告)日：2012-08-30

申请号：SG2012053963

申请日：2011-01-24

Applicant: QUALCOMM INC

Inventor： ESCOTT ADRIAN ,  PALANIGOUNDER ANAND ,  ULUPINAR FATIH ,  ROSENBERG BRIAN M

Abstract: In order to mitigate the security risk posed by the insertion of a relay node within a communication network, both device authentication and subscriber authentication are performed on the relay node. Device and subscriber authentication may be bound together so that a relay node is granted access to operate within the network only if both device and subscriber authentication are successful. Additionally, a communication network (or authentication node) may further verify that a subscriber identifier (received as part of subscriber authentication) is associated with the corresponding device type (identified by the device identifier in the corresponding device authentication) as part of the subscriber authentication process.

公开(公告)号：CA2787826A1

公开(公告)日：2011-07-28

申请号：CA2787826

申请日：2011-01-24

Applicant: QUALCOMM INC

Inventor： ESCOTT ADRIAN ,  PALANIGOUNDER ANAND ,  ULUPINAR FATIH ,  ROSENBERG BRIAN M

IPC: H04B7/26 ,  H04W12/06 ,  H04W16/26

Abstract: In order to mitigate the security risk posed by the insertion of a relay node within a communication network, both device authentication and subscriber authentication are performed on the relay node. Device and subscriber authentication may be bound together so that a relay node is granted access to operate within the network only if both device and subscriber authentication are successful. Additionally, a communication network (or authentication node) may further verify that a subscriber identifier (received as part of subscriber authentication) is associated with the corresponding device type (identified by the device identifier in the corresponding device authentication) as part of the subscriber authentication process.

公开(公告)号：BRPI0706372A2

公开(公告)日：2011-03-22

申请号：BRPI0706372

申请日：2007-01-12

Applicant: QUALCOMM INC

Inventor： ESCOTT ADRIAN ,  SEMPLE JAMES

IPC: H04L9/08 ,  H04L9/32 ,  H04L29/06

Abstract: Methods and apparatus for protecting user privacy in a shared key system. According to one aspect, a user generates a derived identity based on a key and a session variable, and sends the derived identity to an application. In one embodiment, a key server may be used to receive the derived identity from the application, and return a sub-key to the application to use for encrypting communications with the user.

公开(公告)号：WO2008052137A3

公开(公告)日：2008-07-17

申请号：PCT/US2007082566

申请日：2007-10-25

Applicant: QUALCOMM INC ,  PADDON MICHAEL ,  ESCOTT ADRIAN ,  ROSE GREGORY GORDON ,  HAWKES PHILIP M

Inventor： PADDON MICHAEL ,  ESCOTT ADRIAN ,  ROSE GREGORY GORDON ,  HAWKES PHILIP M

IPC: H04L9/32 ,  H04L29/06 ,  H04W12/10

CPC classification number: H04L63/123 ,  H04L9/3242 ,  H04L47/36 ,  H04L2209/60 ,  H04W12/10

Abstract: Prior to transmission, a message is divided into multiple transmission units. A sub-message authentication code is obtained for each of the transmission units. A composed message authentication code is obtained for the whole message based on the sub-message authentication codes of the multiple transmission units. The multiple transmission units and the composed message authentication code are then transmitted. A receiver of the message receives a plurality of transmission units corresponding to the message. A local sub-message authentication code is calculated by the receiver for each transmission unit. A local composed message authentication code is calculated by the receiver based on the local sub-message authentication codes for the plurality of transmission units. The local composed message authentication code is compared to a received composed message authentication code to determine the integrity and/or authenticity of the received message.

Abstract translation: 在传输之前，消息被分成多个传输单元。 为每个发送单元获得子消息认证码。 基于多个发送单元的子消息认证码，为整个消息获得组合消息认证码。 然后发送多个发送单元和合成消息认证码。 消息的接收者接收对应于消息的多个发送单元。 每个传输单元由接收机计算一个本地子消息认证码。 基于多个发送单元的本地子消息认证码，接收机计算出本地组合消息认证码。 将本地组合消息认证码与接收到的组合消息认证码进行比较，以确定接收到的消息的完整性和/或真实性。

公开(公告)号：WO2010081168A2

公开(公告)日：2010-07-15

申请号：PCT/US2010020806

申请日：2010-01-12

Applicant: QUALCOMM INC ,  SONG OSOK ,  ESCOTT ADRIAN ,  AGASHE PARAG A ,  SUBRAMANIAN RAMACHANDRAN ,  ULUPINAR FATIH

Inventor： SONG OSOK ,  ESCOTT ADRIAN ,  AGASHE PARAG A ,  SUBRAMANIAN RAMACHANDRAN ,  ULUPINAR FATIH

IPC: H04W36/00

CPC classification number: H04W36/0038 ,  H04L63/12 ,  H04W12/06 ,  H04W12/10

Abstract: Systems and methodologies are described that facilitate fetching a native security context between network nodes in a core network after an inter-system handover of a mobile device. For instance, a mobility message that is integrity protected by a security context (e.g., the native security context, a mapped security context,..) can be obtained at a network node from the mobile device. Further, the network node can send a request to a disparate network node within a core network. The request can include information that can be used by the disparate network node to establish that the mobile device is authenticated. Moreover, the native security context can be received from the disparate network node in response to the request. Accordingly, the native security context need not be recreated between the network node and the mobile device.

Abstract translation: 描述了在移动设备的系统间切换之后促进在核心网络中的网络节点之间获取本地安全上下文的系统和方法。 例如，可以在来自移动设备的网络节点处获得由安全上下文（例如，本地安全上下文，映射的安全上下文，...）完整性保护的移动性消息。 此外，网络节点可以向核心网络内的不同网络节点发送请求。 该请求可以包括可由不同网络节点使用以确定移动设备被认证的信息。 此外，响应于该请求，可以从不同的网络节点接收本地安全上下文。 因此，不需要在网络节点和移动设备之间重建本地安全上下文。

公开(公告)号：EP2567499A4

公开(公告)日：2014-01-15

申请号：EP10850950

申请日：2010-05-04

Applicant: QUALCOMM INC

Inventor： ZHU XIPENG ,  GRANZOW WOLFGANG ,  ESCOTT ADRIAN

IPC: H04L9/00 ,  H04L29/06 ,  H04W12/00 ,  H04W36/00

CPC classification number: H04L63/06 ,  H04L9/0841 ,  H04L9/0869 ,  H04L9/3271 ,  H04L2209/80 ,  H04W12/04 ,  H04W36/0022 ,  H04W36/0038

公开(公告)号：WO2010081168A8

公开(公告)日：2011-03-10

申请号：PCT/US2010020806

申请日：2010-01-12

Applicant: QUALCOMM INC ,  SONG OSOK ,  ESCOTT ADRIAN ,  AGASHE PARAG A ,  SUBRAMANIAN RAMACHANDRAN ,  ULUPINAR FATIH

Inventor： SONG OSOK ,  ESCOTT ADRIAN ,  AGASHE PARAG A ,  SUBRAMANIAN RAMACHANDRAN ,  ULUPINAR FATIH

IPC: H04W36/00

CPC classification number: H04W36/0038 ,  H04L63/12 ,  H04W12/06 ,  H04W12/10

Abstract: Systems and methodologies are described that facilitate fetching a native security context between network nodes in a core network after an inter-system handover of a mobile device. For instance, a mobility message that is integrity protected by a security context (e.g., the native security context, a mapped security context,..) can be obtained at a network node from the mobile device. Further, the network node can send a request to a disparate network node within a core network. The request can include information that can be used by the disparate network node to establish that the mobile device is authenticated. Moreover, the native security context can be received from the disparate network node in response to the request. Accordingly, the native security context need not be recreated between the network node and the mobile device.

Abstract translation: 描述了在移动设备的系统间切换之后促进在核心网络中的网络节点之间获取本地安全上下文的系统和方法。 例如，可以在来自移动设备的网络节点处获得由安全上下文（例如，本地安全上下文，映射的安全上下文，...）完整性保护的移动性消息。 此外，网络节点可以向核心网络内的不同网络节点发送请求。 该请求可以包括可由不同网络节点使用以确定移动设备被认证的信息。 此外，响应于该请求，可以从不同的网络节点接收本地安全上下文。 因此，不需要在网络节点和移动设备之间重建本地安全上下文。

公开(公告)号：WO2007084863A3

公开(公告)日：2007-09-20

申请号：PCT/US2007060519

申请日：2007-01-12

Applicant: QUALCOMM INC ,  ESCOTT ADRIAN ,  SEMPLE JAMES

Inventor： ESCOTT ADRIAN ,  SEMPLE JAMES

IPC: H04L9/08 ,  H04L9/32 ,  H04L29/06

CPC classification number: H04L63/0414 ,  H04L9/083 ,  H04L9/3236 ,  H04L9/3297 ,  H04L63/061 ,  H04L63/062

Abstract: Methods and apparatus for protecting user privacy in a shared key system (100). According to one aspect, a user (114) generates a derived identity (108) based on a key (102) and a session variable, and sends the derived identity to an application (116). In one embondiment, a key server (126) may be used to receive the derived identity from the application, and return a sub-key (138) to the application to use for encrypting communications with the user.

Abstract translation: 用于在共享密钥系统（100）中保护用户隐私的方法和装置。 根据一个方面，用户（114）基于密钥（102）和会话变量生成导出的身份（108），并将所导出的身份发送到应用（116）。 在一个装置中，密钥服务器（126）可以用于从应用程序接收导出的身份，并将子密钥（138）返回到应用程序以用于加密与用户的通信。