-
公开(公告)号:WO2023018608A1
公开(公告)日:2023-02-16
申请号:PCT/US2022/039521
申请日:2022-08-05
Applicant: QUALCOMM INCORPORATED
Inventor: PALANIGOUNDER, Anand , ESCOTT, Adrian Edward , LEE, Soo Bum , KIM, Hongil
IPC: H04W12/037 , H04W12/06
Abstract: Embodiments may include a user equipment (UE) configured to obtain a Mobile Subscriber Identification Number (MSIN) from an International Mobile Subscriber Identity (IMSI) of the UE, encrypt the MSIN to generate a Subscription Concealed Identifier (SUCI) in a Network Access Identifier (NAI) format, and send the SUCI to the non-3GPP access network for authentication of the UE, and a network element of a home 3GPP network configured to receive, by a 5G Non-seamless WLAN Offload (NSWO) Function, an authentication request including the SUCI from the non-3GPP access network, determine, by the 5G NSWO Function, based on the SUCI, that the UE should be authenticated by an authentication function of the home 3GPP network, and provide the authentication request including the SUCI to the authentication function of the home 3GPP network for processing based on the determination that the UE should be authenticated by the authentication function.
-
2.发明申请
公开(公告)号:WO2021067074A1
公开(公告)日:2021-04-08
申请号:PCT/US2020/052069
申请日:2020-09-22
Applicant: QUALCOMM INCORPORATED
Inventor: LEE, Soo Bum , ESCOTT, Adrian Edward , WATFA, Mahmoud , PALANIGOUNDER, Anand , LOPES, Luis Fernando Brisson
Abstract: Wireless communications systems and methods related to globally unique temporary identity, GUTI, reallocation for cellular-internet of thing, CloT, are provided. A user equipment, UE, receives (1110), from a network, a paging associated with a mobile-terminated early data transmission, MT-EDT. The UE transmits (1120), by the UE to the network, a data request in response to the paging. The UE receives (1130), from the network in response to the data request, a message including a global unique temporary identifier, GUTI, and at least one of data associated with the paging or a connection release indication.
-
公开(公告)号:WO2021066937A1
公开(公告)日:2021-04-08
申请号:PCT/US2020/045155
申请日:2020-08-06
Applicant: QUALCOMM INCORPORATED
Inventor: LEE, Soo Bum , ESCOTT, Adrian, Edward , PALANIGOUNDER, Anand , ZISIMOPOULOS, Haris
Abstract: Aspects relate to security mechanisms for protecting transmissions in wireless communication systems. Various examples provide and enable techniques for protecting transmissions of user equipment (UE) radio capability information. A UE may transmit a hash of its UE radio capability information to a network. The network can then utilize the hash to verify the integrity of the UE's radio capability information upon acquiring the full UE radio capability information during a UE Capability Enquiry procedure. Other aspects, embodiments, and features are also claimed and described.
-
4.发明申请
公开(公告)号:WO2020252189A1
公开(公告)日:2020-12-17
申请号:PCT/US2020/037272
申请日:2020-06-11
Applicant: QUALCOMM INCORPORATED
Inventor: LEE, Soo Bum , ESCOTT, Adrian Edward , TINA, Cogol , PALANIGOUNDER, Anand
Abstract: In an aspect, the present disclosure includes a method, apparatus, and computer readable medium for wireless communications for configuring of a NAS COUNT value of a mapped EPS security context associated with an intersystem change of a UE from a 5G system to an EPS. The aspect may include generating, by a UE, a mapped EPS security context associated with an intersystem change of the UE from a 5G system to an EPS, wherein the mapped EPS security context comprises security parameters created based a 5G security context used for the 5G system, the security parameters enabling security-related communications between the UE and a network entity; determining an UL NAS COUNT value and the DL NAS COUNT value for the mapped EPS security context; and transmitting, by the UE, a NAS message to the network entity, the NAS message including the UL NAS COUNT value of the mapped EPS security context.
-
公开(公告)号:WO2019140337A1
公开(公告)日:2019-07-18
申请号:PCT/US2019/013392
申请日:2019-01-12
Applicant: QUALCOMM INCORPORATED
Inventor: PALANIGOUNDER, Anand , ESCOTT, Adrian Edward , LEE, Soo Bum
Abstract: A user device having a security context with a first network based on a first key may establish a security context with a second network. In a method, the user device may generate a key identifier based on the first key and a network identifier of the second network. The user device may forward the key identifier to the second network for forwarding to the first network by the second network to enable the first network to identify the first key at the first network. The user device may receive a key count from the second network. The key count may be associated with a second key forwarded to the second network from the first network. The user device may generate the second key based on the first key and the received key count thereby establishing a security context between the second network and the user device.
-
Patent Agency Ranking
公开(公告)号:WO2018169743A1
公开(公告)日:2018-09-20
申请号:PCT/US2018/021371
申请日:2018-03-07
Applicant: QUALCOMM INCORPORATED
Inventor: LEE, Soo Bum , FACCIN, Stefano , PALANIGOUNDER, Anand , GRIOT, Miguel , ESCOTT, Adrian Edward
Abstract: The present disclosure provides techniques that may be applied, for example, in a multi-slice network for maintaining privacy when attempting to access the network. An exemplary method generally includes transmitting a registration request message to a serving network to register with the serving network; receiving a first confirmation message indicating a secure connection with the serving network has been established; transmitting, after receiving the first confirmation message, a secure message to the serving network comprising an indication of at least one configured network slice that the UE wants to communicate over, wherein the at least one configured network slice is associated with a privacy flag that is set; and receiving a second confirmation message from the serving network indicating that the UE is permitted to communicate over the at least one configured network slice.
-
公开(公告)号:WO2018057908A1
公开(公告)日:2018-03-29
申请号:PCT/US2017/052979
申请日:2017-09-22
Applicant: QUALCOMM INCORPORATED
Inventor: LEE, Soo Bum , KUBOTA, Keiichi , ESCOTT, Adrian Edward , HORN, Gavin Bernard , PALANIGOUNDER, Anand
Abstract: Certain aspects of the present disclosure provide techniques for managing security keys for enciphering and deciphering packets transmitted in a wireless communications system. According to certain aspects, a method of wireless communication by a user equipment (UE) is provided. The method generally includes obtaining an indication of a key area identifier (ID) of a first cell node, wherein the key area ID identifies a set of cell nodes that are associated with a network node that uses a first key for enciphering or deciphering messages and communicating a first set of messages with the first cell node using the first key for enciphering or deciphering the first set of messages.
Abstract translation: 本公开的某些方面提供了用于管理安全密钥以用于加密和解密在无线通信系统中发送的分组的技术。 根据某些方面,提供了一种由用户设备(UE)进行无线通信的方法。 该方法一般包括获得第一小区节点的关键区域标识符(ID)的指示,其中关键区域ID标识与使用第一密钥来加密或解密消息的网络节点相关联的一组小区节点,以及 使用第一密钥将第一组消息与第一小区节点进行通信,以对第一组消息进行加密或解密。
-
公开(公告)号:WO2017112491A2
公开(公告)日:2017-06-29
申请号:PCT/US2016/066702
申请日:2016-12-14
Applicant: QUALCOMM INCORPORATED
Inventor: LEE, Soo Bum , PALANIGOUNDER, Anand , ESCOTT, Adrian Edward
IPC: H04L29/06
CPC classification number: H04L63/0428 , G06F2221/2151 , H04L9/0822 , H04L9/14 , H04L41/08 , H04L63/062 , H04L63/123 , H04L63/1458 , H04L63/16 , H04L63/205 , H04L67/12 , H04W4/70 , H04W12/04 , H04W12/10 , H04W88/16
Abstract: Aspects of security schemes (e.g., integrity protection, encryption, or both) are described. A measure of access stratum security can be realized without overhead associated with establishing and/or maintaining the per-cellular-device access stratum security context at a Cellular Internet of Things (CIoT) base station (C-BS). A gateway (e.g., a CIoT Serving Gateway Node (C-SGN)) may derive a first key. The first key may be only known to the C-SGN. The C-SGN may derive a second key from the first key and a parameter unique to the C-BS. The C-SGN may also derive a third key from the second key and an identity of a cellular device. The C-SGN may send the second and third keys to the C-BS and cellular device, respectively. Small data messages encrypted and/or integrity protected by the cellular device may be decrypted and/or verified by the C-BS.
Abstract translation: 描述了安全方案的各个方面(例如,完整性保护,加密或两者)。 可以在无蜂窝物联网(C-BS)基站(C-BS)上建立和/或维护每个蜂窝设备接入层安全上下文的开销的情况下实现接入层安全性的度量。 网关(例如,CIoT服务网关节点(C-SGN))可以导出第一密钥。 第一把钥匙可能只有C-SGN才知道。 C-SGN可以从第一密钥和C-BS特有的参数中导出第二密钥。 C-SGN还可以从第二密钥和蜂窝设备的身份导出第三密钥。 C-SGN可以分别将第二和第三密钥发送到C-BS和蜂窝设备。 由蜂窝设备加密和/或完整性保护的小数据消息可以由C-BS解密和/或验证。
-
公开(公告)号:WO2017011114A1
公开(公告)日:2017-01-19
申请号:PCT/US2016/037068
申请日:2016-06-10
Applicant: QUALCOMM INCORPORATED
Inventor: LEE, Soo Bum , HORN, Gavin Bernard , PALANIGOUNDER, Anand
CPC classification number: H04L63/08 , H04L63/0428 , H04L63/06 , H04L67/42 , H04L2463/061 , H04W4/70 , H04W12/02 , H04W12/10
Abstract: In an aspect, a network supporting client devices includes one or more network nodes implementing network functions. Such network functions enable a client device to apply a security context to communications with the network when the client device is not in a connected mode. The client device obtains a user plane key shared with a user plane network function implemented at a first network node and/or a control plane key shared with a control plane network function implemented at a second network node. The client device protects a data packet with the user plane key or a control packet with the control plane key. The data packet includes first destination information indicating the first network node and the control packet includes second destination information indicating the second network node. The client device transmits the data packet or control packet.
Abstract translation: 在一方面,支持客户端设备的网络包括实现网络功能的一个或多个网络节点。 当客户端设备不处于连接模式时,这样的网络功能使得客户端设备能够将安全上下文应用于与网络的通信。 客户端设备获得与在第二网络节点处实现的控制平面网络功能共享的第一网络节点和/或控制平面密钥实现的用户平面网络功能共享的用户平面密钥。 客户机设备利用用户平面密钥或具有控制平面密钥的控制分组来保护数据分组。 数据分组包括指示第一网络节点的第一目的地信息,并且控制分组包括指示第二网络节点的第二目的地信息。 客户端设备发送数据包或控制包。
-
公开(公告)号:WO2016200482A1
公开(公告)日:2016-12-15
申请号:PCT/US2016/027436
申请日:2016-04-14
Applicant: QUALCOMM INCORPORATED
Inventor: LEE, Jangwon , PALANIGOUNDER, Anand , LEE, Soo Bum , PRAKASH, Rajat
IPC: H04L9/32
CPC classification number: H04L9/3268 , H04L9/0894 , H04L9/321 , H04L9/3247 , H04L9/3263
Abstract: A method includes: establishing a telecommunication link between a device and a service provider system via a telecommunication network; receiving a device public key via the telecommunication network from the device at the service provider system, the device public key predating the establishment of the telecommunication link; verifying, at the service provider system, that the device stores a device private key in a secure storage area of the device, the device private key corresponding to the device public key, the device public key and the device private key being a cryptographic key pair; and authorizing, by the service provider system, sign-up of the device for service enrollment in response to verifying that the device stores the device private key in the secure storage area of the device.
Abstract translation: 一种方法包括:经由电信网络在设备和服务提供商系统之间建立电信链路; 通过电信网络从服务提供商系统的设备接收设备公钥,该设备公钥预先建立电信链路; 在服务提供商系统处验证设备将设备私钥存储在设备的安全存储区域中,设备私钥对应于设备公钥,设备公钥和设备专用密钥是加密密钥对 ; 以及由所述服务提供商系统授权所述设备注册以响应于验证所述设备将所述设备私钥存储在所述设备的所述安全存储区域中。
-
-
-
-
-
-
-
-
-
Search Results
281
records
(took 0.04 seconds)
