公开(公告)号：US20220078599A1

公开(公告)日：2022-03-10

申请号：US17530776

申请日：2021-11-19

Applicant: Apple Inc.

Inventor： Vivek G. Gupta ,  Abhijeet Ashok Kolekar ,  Farid Adrangi

IPC: H04W8/04 ,  H04W8/16 ,  H04W76/38 ,  H04W76/50 ,  H04W36/00 ,  H04W76/27 ,  H04W12/06 ,  H04W12/102 ,  H04W12/108

Abstract: Systems and methods of providing steering of roaming (SOR) information in a 5G VPLMN are described. A UE receives a REGISTRATION ACCEPT message from an AMF of the VPLMN during initial or mobility registration of the UE in the VPLMN and DL NAS TRANSPORT message thereafter. The message has a Payload container information element (IE) set to secured packet. The SOR information indicates a list of preferred PLMN/access technology combinations, which is uploaded to a memory after a successful security check to verify that the list of preferred PLMN/access technology combinations is provided by the UDM of the HPLMN and is not tampered with by the VPLMN. When the message also contains a request for acknowledgment of successful security check of the list of preferred PLMN/access technology combinations, the UE transmits to the AMF the acknowledgment in a REGISTRATION COMPLETE or a DL NAS TRANSPORT message.

公开(公告)号：US11877149B2

公开(公告)日：2024-01-16

申请号：US17275980

申请日：2019-09-13

Applicant: Apple Inc.

Inventor： Alexandre Saso Stojanovski ,  Robert Zaus ,  Farid Adrangi ,  Raimund Wloka ,  Abhijeet Ashok Kolekar ,  Ahmed Soliman

IPC: H04W12/037 ,  H04W12/121 ,  H04W12/106 ,  H04L9/30 ,  H04W12/06 ,  H04W48/18 ,  H04W60/00 ,  H04W84/04

CPC classification number: H04W12/037 ,  H04L9/30 ,  H04W12/06 ,  H04W12/106 ,  H04W12/121 ,  H04W48/18 ,  H04W60/00 ,  H04L2209/34 ,  H04L2209/80 ,  H04W84/042

Abstract: Systems and methods of protecting an initial NAS message are described. Depending on whether a security context for a serving PLMN is stored, the UE uses either a public key from the serving PLMN or a key from the security context to encrypt parts of the initial NAS message. An initial NAS message containing the encrypted parts is then sent to an AMF of the serving PLMN. The serving PLMN public key is transmitted via a SIB. Prior to transmission of the initial NAS message or in parallel with it, an RRC message is sent to the base station. The RRC message contains the UE identifier and/or a NSSAI encrypted using the serving PLMN public key.

公开(公告)号：US11818579B2

公开(公告)日：2023-11-14

申请号：US17423362

申请日：2020-01-18

Applicant: Apple Inc.

Inventor： Abhijeet Kolekar ,  Farid Adrangi

IPC: H04W12/10 ,  H04W12/106 ,  H04W12/069 ,  H04W12/03 ,  H04W12/041 ,  H04W12/40 ,  H04W8/02

CPC classification number: H04W12/106 ,  H04W8/02 ,  H04W12/03 ,  H04W12/041 ,  H04W12/069 ,  H04W12/40

Abstract: Embodiments disclosed herein relate to allowing unauthenticated UEs to gain restricted access to an operator network to access network access subscription service. Once the unauthenticated UE successfully downloads a subscription profile for accessing the operator network, the unauthenticated UE can disconnect and can, thereafter, authenticate to the operator network using the subscription profile. Embodiments disclosed herein can perform one-way authentication to the operator network for obtaining a limited connectivity to reduce DoS attacks on the operator network. More specifically, these embodiments can support unauthenticated UEs to allow unauthenticated UEs to access the operator network for RLOS while minimizing DoS attack.

公开(公告)号：US11528607B2

公开(公告)日：2022-12-13

申请号：US17268152

申请日：2019-08-13

Applicant: Apple Inc.

Inventor： Farid Adrangi ,  Abhijeet Kolekar

IPC: H04W12/069 ,  H04W8/20 ,  H04W12/08 ,  H04W48/02 ,  H04W48/18 ,  H04W60/00 ,  H04W12/72 ,  H04W12/71 ,  H04L9/40

Abstract: Embodiments of the present disclosure describe methods, apparatuses, storage media, and systems for performing a restricted local operator services (RLOS) authorization procedure. Various embodiments enable a network to authorize a user equipment (UE) with an RLOS access or subscription properly while aiding in minimizing or preventing potential denial-of-service (DoS) attacks. Other embodiments may be described and claimed.

公开(公告)号：US11108754B2

公开(公告)日：2021-08-31

申请号：US16516904

申请日：2019-07-19

Applicant: Apple Inc.

Inventor： Alexandre Stojanovski ,  Muthaiah Venkatachalam ,  Ana Lucia A. Pinheiro ,  Farid Adrangi

IPC: H04L29/06 ,  H04L29/08 ,  H04L9/32 ,  H04W80/02 ,  H04W76/14 ,  H04W12/041 ,  H04W12/0431 ,  H04W12/0433 ,  H04W4/70

Abstract: Device to device (D2D) communication can be performed with packet data convergence protocol (PDCP) based encapsulation without internet protocol (IP) addressing. The non-IP D2D PDCP-encapsulated communication can further include two forms of secure data transfer. A first non-IP D2D PDCP-encapsulated communication can be a negotiated non-IP D2D PDCP-encapsulated communication. A second non-IP D2D PDCP-encapsulated communication can be a non-negotiated non-IP D2D communication. The non-negotiated non-IP D2D PDCP-encapsulated communication can include a common key management server (KMS) version and a distributed KMS version. The encapsulated communication can be used with various protocols, including a PC5 protocol (such as the PC5 Signaling Protocol) and wireless access in vehicular environments (WAVE) protocols.

公开(公告)号：US11026086B2

公开(公告)日：2021-06-01

申请号：US16074389

申请日：2016-04-15

Applicant: Apple Inc.

Inventor： Farid Adrangi ,  Ravikumar Balakrishnan ,  Zongrui Ding ,  Mohammad Mamunur Rashid

IPC: H04W12/06 ,  H04W12/069 ,  H04W4/70 ,  H04L9/32 ,  H04L9/14 ,  H04L9/08 ,  H04L29/06 ,  H04W8/18 ,  H04W12/041 ,  H04W12/71

Abstract: Non-pre-provisioned cellular Internet of things (IoT) devices can be added to an existing user's subscription with an operator and a service provider. The procedure can include obtaining a security association between a device and a user's smartphone using the operator's network. The operator and the service provider can verify the device with a certificate authority. In one embodiment, the smartphone reads (302) a URL pointer to the device certification and sends it (304) to the MME. The MME forwards (306) the URL to the HSS. The HSS verifies (312) the certificate and derives security credentials including the Master key K′. The HSS also derives another key K″ used to establish security context between the IoT device and the smartphone. The device uses its key deriving function KDF with K′ and Rand to generate K″.

公开(公告)号：US11863975B2

公开(公告)日：2024-01-02

申请号：US17290757

申请日：2019-10-30

Applicant: Apple Inc.

Inventor： Alexandre Saso Stojanovski ,  Robert Zaus ,  Farid Adrangi ,  Raimund Wloka ,  Abhijeet Ashok Kolekar ,  Ahmed Soliman ,  Sudeep K. Palat

IPC: H04L29/06 ,  H04W12/037 ,  H04W12/0431 ,  H04W12/041 ,  H04L9/30 ,  H04W48/10 ,  H04W74/08 ,  H04W84/04

CPC classification number: H04W12/037 ,  H04L9/30 ,  H04W12/041 ,  H04W12/0431 ,  H04W48/10 ,  H04L2209/80 ,  H04W74/0833 ,  H04W84/042

Abstract: Systems and methods of protecting an initial NAS message are described. The NAS message is encrypted using the home PLMN public key during initial registration with the network using a registration request message. An AMF of the serving PLMN sends a serving PLMN public key which is then used to encrypt information including an S-NSSAI of later initial NAS messages after initial registration is completed. The S-NSSAI may not be sent in the later initial NAS message if the S-NSSAI is provided at an access stratum level. The RRC message may contain an indication that the S-NSSAI is encrypted using the serving PLMN public key.

公开(公告)号：US11184756B2

公开(公告)日：2021-11-23

申请号：US16276968

申请日：2019-02-15

Applicant: Apple Inc.

Inventor： Vivek G. Gupta ,  Abhijeet Ashok Kolekar ,  Farid Adrangi

IPC: H04W8/04 ,  H04W8/06 ,  H04W8/16 ,  H04W76/38 ,  H04W76/50 ,  H04W36/00 ,  H04W76/27 ,  H04W12/06 ,  H04W12/102 ,  H04W12/108 ,  H04W84/04

Abstract: Systems and methods of providing steering of roaming (SOR) information in a 5G VPLMN are described. A UE receives a REGISTRATION ACCEPT message from an AMF of the VPLMN during initial or mobility registration of the UE in the VPLMN and DL NAS TRANSPORT message thereafter. The message has a Payload container information element (IE) set to secured packet. The SOR information indicates a list of preferred PLMN/access technology combinations, which is uploaded to a memory after a successful security check to verify that the list of preferred PLMN/access technology combinations is provided by the UDM of the HPLMN and is not tampered with by the VPLMN. When the message also contains a request for acknowledgment of successful security check of the list of preferred PLMN/access technology combinations, the UE transmits to the AMF the acknowledgment in a REGISTRATION COMPLETE or a DL NAS TRANSPORT message.

公开(公告)号：US20210058785A1

公开(公告)日：2021-02-25

申请号：US16074389

申请日：2016-04-15

Applicant: Apple Inc.

Inventor： Farid Adrangi ,  Ravikumar Balakrishnan ,  Zongrui Ding ,  Mohammad Mamunur Rashid

IPC: H04W12/06 ,  H04W4/70 ,  H04L9/32 ,  H04L9/14 ,  H04L9/08 ,  H04L29/06 ,  H04W12/04 ,  H04W8/18 ,  H04W12/00

Abstract: Non-pre-provisioned cellular Internet of things (IoT) devices can be added to an existing user's subscription with an operator and a service provider. The procedure can include obtaining a security association between a device and a user's smartphone using the operator's network. The operator and the service provider can verify the device with a certificate authority. In one embodiment, the smartphone reads (302) a URL pointer to the device certification and sends it (304) to the MME. The MME forwards (306) the URL to the HSS. The HSS verifies (312) the certificate and derives security credentials including the Master key K′. The HSS also derives another key K″ used to establish security context between the IoT device and the smartphone. The device uses its key deriving function KDF with K′ and Rand to generate K″.