-
公开(公告)号:US20200099660A1
公开(公告)日:2020-03-26
申请号:US16484007
申请日:2018-02-06
Applicant: NEC CORPORATION
Inventor: Pradheepkumar SINGARAVELU , Anand Raghawa PRASAD , Sivabalan ARUMUGAM , Hironori ITO
Abstract: A VNF package signing system, comprises an orchestration unit sending an acknowledge of receiving a VNF package including the VNF image, in response to the receiving the VNF package from a sender, a storage unit storing the VNF package and generating a certificate for the VNF package using a private key for at least generating a certificate for signing the VNF package and a HISEE (Hardware Isolated Secured Execution Environment) unit providing the private key in response to the request from the storage unit. The orchestration unit sends the acknowledge of receiving a VNF package when the storage unit successes generating the certificate of the VNF package.
-
公开(公告)号:US20200059782A1
公开(公告)日:2020-02-20
申请号:US16663253
申请日:2019-10-24
Applicant: NEC Corporation
Inventor: Xiaowei ZHANG , Anand Raghawa PRASAD
Abstract: In order for supporting separate ciphering at an MeNB (20) and an SeNB (30), the MeNB (20) derives separate first and second keys (KUPenc-M, KUPenc-S) from a third key (KeNB). The first key (KUPenc-M) is used for confidentially protecting first traffic transmitted over U-Plane between the MeNB (20) and a UE (10). The first key (KUPenc-M) may be the same as current KUPenc or a new key. The second key (KUPenc-S) is used for confidentially protecting second traffic transmitted over the U-Plane between the UE (10) and the SeNB (30). The MeNB (20) sends the second key (KUPenc-S) to the SeNB (30). The UE (10) negotiates with the MeNB (20), and derives the second key (KUPenc-S) based on a result of the negotiation.
-
公开(公告)号:US20200053066A1
公开(公告)日:2020-02-13
申请号:US16567776
申请日:2019-09-11
Applicant: NEC Corporation
Inventor: Xiaowei ZHANG , Anand Raghawa PRASAD
Abstract: A method of performing authentication and authorization in Proximity based Service (ProSe) communication by a requesting device (31) which sends a request of a communication and a receiving device (32) which receives the request from the requesting device (31) and (32), the method including deriving session keys Kpc and Kpi from an unique key Kp at the requesting and receiving devices (31) and (32), using the session keys Kpc and Kpi for ProSe communication setup and direct communication between the requesting and receiving devices (31) and (32), starting the direct communication with the requesting and receiving devices (31) and (32). The key Kpc is confidentiality key and the key Kpi is integrity protection key.
-
94.发明申请公开(公告)号:US20190274039A1
公开(公告)日:2019-09-05
申请号:US16344966
申请日:2017-10-26
Applicant: NEC Corporation
Inventor: Anand Raghawa PRASAD , Sivakamy LAKSHMINARAYANAN , Sivabalan ARUMUGAM , Hironori ITO , Andreas KUNZ
Abstract: The present disclosure aims to provide a communication system configured to execute a security procedure that is necessary to apply an Attach Procedure to a NextGen System. The communication system according to the present disclosure includes: a communication terminal (10) configured to transmit an Attach Request message including Network Slice Selection Assistance Information (NSSAI) and User Equipment (UE) Security Capabilities; and a network apparatus (20) that is arranged in a mobile network (30) and receives an Attach Request message, in which the network apparatus (20) determines whether to allow the communication terminal (10) to be connected to a core network indicated by the NSSAI among a plurality of core networks partitioned by network slicing using the NSSAI and the UE Security Capabilities.
-
Patent Agency Ranking
公开(公告)号:US20190200231A1
公开(公告)日:2019-06-27
申请号:US16287806
申请日:2019-02-27
Applicant: NEC Corporation
Inventor: Xiaowei ZHANG , Anand Raghawa PRASAD , Andreas KUNZ , Genadi VELEV , Toshiyuki TAMURA
Abstract: In order for making MTC more efficient and/or secure, a base station forming a communication system connects a UE to a core network. A node serves as an entering point to the core network for a service provider, and transmits traffic between the service provider and the UE. The node establishes, as a connection to the base station, a first connection for directly transceiving messages between the node and the base station. Alternatively, the node establishes a second connection for transparently transceiving the messages through a different node that is placed within the core network and has established a different secure connection to the base station.
-
公开(公告)号:US20180077578A1
公开(公告)日:2018-03-15
申请号:US15808515
申请日:2017-11-09
Applicant: NEC Corporation
Inventor: Xiaowei ZHANG , Anand Raghawa PRASAD , Andreas KUNZ , Genadi VALEV , Toshiyuki TAMURA
CPC classification number: H04W12/12 , H04L63/1466 , H04W4/70 , H04W8/12 , H04W12/04 , H04W12/10 , H04W76/14
Abstract: In order for making MTC more efficient and/or secure, a base station forming a communication system connects a UE to a core network. A node serves as an entering point to the core network for a service provider, and transmits traffic between the service provider and the UE. The node establishes, as a connection to the base station, a first connection for directly transceiving messages between the node and the base station. Alternatively, the node establishes a second connection for transparently transceiving the messages through a different node that is placed within the core network and has established a different secure connection to the base station.
-
公开(公告)号:US20170078832A1
公开(公告)日:2017-03-16
申请号:US15360138
申请日:2016-11-23
Applicant: NEC Corporation
Inventor: Xiaowei ZHANG , Anand Raghawa PRASAD
Abstract: A network node (21), which is placed within a core network, stores a list of network elements (24) capable of forwarding a trigger message to a MTC device (10). The network node (21) receives the trigger message from a transmission source (30, 40) placed outside the core network, and then selects, based on the list, one of the network elements to forward the trigger message to the MTC device (10). The MTC device (10) validates the received trigger message, and then transmits, when the trigger message is not validated, to the network node (21) a reject message indicating that the trigger message is not accepted by the MTC device (10). Upon receiving the reject message, the network node (21) forwards the trigger message through a different one of the network elements, or forwards the reject message to transmission source (30, 40) to send the trigger message through user plane.
Abstract translation: 放置在核心网络内的网络节点(21)存储能够将触发消息转发到MTC设备(10)的网元(24)的列表。 网络节点(21)从放置在核心网络外的发送源(30,40)接收触发消息,然后基于该列表选择一个网元,将触发消息转发到MTC设备(10 )。 MTC设备(10)验证接收到的触发消息,然后当触发消息未被验证时向网络节点(21)发送指示触发消息未被MTC设备(10)接受的拒绝消息。 在接收到拒绝消息时,网络节点(21)通过不同的网络单元转发触发消息,或者将拒绝消息转发到发送源(30,40),以通过用户平面发送触发消息。
-
公开(公告)号:US20160182477A1
公开(公告)日:2016-06-23
申请号:US14908240
申请日:2014-07-07
Applicant: NEC CORPORATION
Inventor: Xiaowei ZHANG , Anand Raghawa PRASAD
IPC: H04L29/06
CPC classification number: H04L63/065 , H04L63/062 , H04L63/083 , H04L2463/061 , H04L2463/062 , H04W4/08 , H04W4/70 , H04W12/003 , H04W12/06 , H04W88/16
Abstract: In order to improve security upon distributing a group key, there is provided a gateway (20) to a core network for a group of MTC devices (10_1-10_n) communicating with the core network. The gateway (20) protects confidentiality and integrity of a group key, and distributes the protected group key to each of the MTC devices (10_1-10_n). The protection is performed by using: a key (Kgr) that is preliminarily shared between the gateway (20) and each of the MTC devices (10_1-10_n), and that is used for the gateway (20) to authenticate each of the MTC devices (10_1-10_n) as a member of the group; or a key (K_iwf) that is shared between an MTC-IWF (50) and each of the MTC devices (10_1-10_n), and that is used to derive temporary keys for securely conducting individual communication between the MTC-IWF (50) and each of the MTC devices (10_1-10_n).
Abstract translation: 为了在分配组密钥时提高安全性,向与核心网络通信的一组MTC设备(10_1-10_n)提供到核心网络的网关(20)。 网关(20)保护组密钥的机密性和完整性,并将保护组密钥分发给每个MTC设备(10_1-10_n)。 通过使用以下步骤执行保护:在网关(20)和每个MTC设备(10_1-10_n)之间预先共享的密钥(Kgr),并且用于网关(20)认证每个MTC 设备(10_1-10_n)作为组的成员; 或者在MTC-IWF(50)和每个MTC设备(10_1-10_n)之间共享的密钥(K_iwf),用于导出用于安全地执行MTC-IWF(50)之间的个人通信的临时密钥的密钥(K_iwf) 和每个MTC设备(10_1-10_n)。
-
公开(公告)号:US20150304841A1
公开(公告)日:2015-10-22
申请号:US14646523
申请日:2013-12-03
Applicant: NEC CORPORATION
Inventor: Xiaowei ZHANG , Anand Raghawa PRASAD
CPC classification number: H04W12/04 , H04L63/065 , H04L2463/061 , H04W4/70 , H04W12/02 , H04W88/16
Abstract: A root key (K_iwf) is derived at a network and sent to MTC UE (10). The K_iwf is used for deriving subkeys for protecting communication between MTC UE (10) and MTC-IWF (20). In a case where HSS (30) derives the K_iwf, HSS (30) send to MTC-IWF (20) the K_iwf in a new message (Update Subscriber Information). In a case where MME (40) derives the K_iwf, MME (40) sends the K_iwf through HSS (30) or directly to MTC-IWF (20). MTC-IWF (20) can derive the K_iwf itself. The K_iwf is sent through MME (40) to MTC UE (10) by use of a NAS SMC or Attach Accept message, or sent from MTC-IWF (20) directly to MTC UE (10). In a case where the K_iwf is sent from MME (40), MME (40) receives the K_iwf from HSS (30) in an Authentication Data Response message, or from MTC-IWF (20) directly.
Abstract translation: 根密钥(K_iwf)在网络上导出并发送到MTC UE(10)。 K_iwf用于导出用于保护MTC UE(10)和MTC-IWF(20)之间的通信的子密钥。 在HSS(30)派生K_iwf的情况下,HSS(30)在新消息(Update Subscriber Information)中向MTC-IWF(20)发送K_iwf。 在MME(40)派生K_iwf的情况下,MME(40)通过HSS(30)发送K_iwf或直接发送到MTC-IWF(20)。 MTC-IWF(20)可以导出K_iwf本身。 通过使用NAS SMC或附着接收消息,或者从MTC-IWF(20)直接向MTC UE(10)发送的K_iwf通过MME(40)发送到MTC UE(10)。 在从MME(40)发送K_iwf的情况下,MME(40)从认证数据响应消息中从HSS(30)或从MTC-IWF(20)直接接收K_iwf。
-
-
-
-
-
-
-
-
Search Results
99
records
(took 0.022 seconds)
