公开(公告)号：US10091649B2

公开(公告)日：2018-10-02

申请号：US15160198

申请日：2016-05-20

Applicant: QUALCOMM Incorporated

Inventor： Soo Bum Lee ,  Gavin Bernard Horn ,  Anand Palanigounder ,  Adrian Edward Escott ,  Stefano Faccin

IPC: H04W12/04 ,  H04W40/02 ,  H04W68/00 ,  H04L29/06 ,  H04W12/02 ,  H04W4/70

Abstract: In an aspect, a network may support a number of client devices. In such a network, a client device transmits a request to communicate with a network, establishes a security context, and receives one or more encrypted client device contexts from the network. An encrypted client device context enables reconstruction of a context at the network for communication with the client device, where the context includes network state information associated with the client device. The client device transmits a message (e.g., including an uplink data packet) to the network that includes at least one encrypted client device context. Since the network device can reconstruct the context for the client device based on an encrypted client device context, the network device can reduce an amount of the context maintained at the network device in order to support a greater number of client devices.

公开(公告)号：US10034169B2

公开(公告)日：2018-07-24

申请号：US14539275

申请日：2014-11-12

Applicant: QUALCOMM Incorporated

Inventor： Soo Bum Lee ,  Abhishek Pramod Patil ,  George Cherian ,  Santosh Paul Abraham ,  Anand Palanigounder

IPC: H04W12/06 ,  H04L29/06 ,  H04L9/08 ,  H04W12/04

Abstract: Methods, systems, apparatuses, and devices are described for authenticating in a network. A mobile device may establish a group account with an authentication server associated with the group. Upon successfully completing group account establishment, the mobile device receives a group authentication token that includes information associated with the authentication server, the group, the mobile device, a group key, versioning information, etc. The mobile device may use the group authentication token to authenticate with another mobile device that is a member of the same group. The versioning information may support backwards-compatibility between the group authentication tokens having different versions.

公开(公告)号：US20180132293A1

公开(公告)日：2018-05-10

申请号：US15443981

申请日：2017-02-27

Applicant: QUALCOMM Incorporated

Inventor： Adrian Edward Escott ,  Mungal Singh Dhanda ,  Anand Palanigounder ,  Soo Bum Lee

IPC: H04W76/02 ,  H04W36/00

CPC classification number: H04W76/19 ,  H04L63/12 ,  H04W12/10 ,  H04W36/0055 ,  H04W36/305

Abstract: One feature pertains to a method that includes establishing a radio communication connection with a first radio access node (RAN) that uses control plane signaling connections to carry user plane data. The method also includes determining that the wireless communication device is experiencing radio link failure (RLF) with the first RAN and that the radio communication connection should be reestablished with a second RAN. A reestablishment request message is transmitted to the second RAN that includes parameters that enable a core network node communicatively coupled to the second RAN to authenticate the wireless communication device and allow or reject reestablishment of the radio communication connection. The parameters include at least a message authentication code (MAC) based in part on one or more bits of a non-access stratum (NAS) COUNT value maintained at the wireless communication device.

公开(公告)号：US20180115893A1

公开(公告)日：2018-04-26

申请号：US15849084

申请日：2017-12-20

Applicant: QUALCOMM Incorporated

Inventor： Soo Bum Lee ,  Gavin Bernard Horn ,  Anand Palanigounder

IPC: H04W12/04 ,  H04W76/02 ,  H04W60/00 ,  H04W48/02 ,  H04W12/08 ,  H04L29/06 ,  H04W8/18 ,  H04W8/04 ,  H04W4/00 ,  H04W12/06 ,  H04W8/20

CPC classification number: H04W12/04 ,  H04L63/0853 ,  H04L63/18 ,  H04W4/70 ,  H04W8/04 ,  H04W8/18 ,  H04W8/205 ,  H04W12/00403 ,  H04W12/00514 ,  H04W12/0052 ,  H04W12/06 ,  H04W12/08 ,  H04W48/02 ,  H04W60/00 ,  H04W76/14

Abstract: Methods, systems, and devices for wireless communication are described. A user equipment (UE) may obtain identification information for a device and may assist in establishing credentials by which the device accesses a wireless network. The UE may establish a connection with the wireless network using its own credentials, and register the device to access the wireless network by associating the identification information for the device with the credentials of the UE. The UE may receive or establish credentials by which the device accesses the wireless network and may communicate these credentials to the device over a local connection. In some cases, the UE may authenticate the device's identification information to determine whether the device is allowed to be registered with the wireless network.

公开(公告)号：US20170289799A1

公开(公告)日：2017-10-05

申请号：US15280836

申请日：2016-09-29

Applicant: QUALCOMM Incorporated

Inventor： Philip Hawkes ,  Anand Palanigounder ,  Rajat Prakash ,  Miguel Griot ,  Manu Sharma

IPC: H04W12/06 ,  H04W12/04 ,  H04L29/06

CPC classification number: H04W12/06 ,  H04L63/06 ,  H04L63/0823 ,  H04L63/083 ,  H04L63/0876 ,  H04L63/0892 ,  H04W12/04 ,  H04W88/02

Abstract: Various features pertain to the authentication of mobile devices or other User Equipment. In some aspects, a Retail-based Neutral Host LTE is provided for use with Long Term Evolution (LTE) networks that, among other features, provides a WiFi Alliance HotSpot 2.0 (HS2.0) user experience using LTE technology for non-mobile network operator (non-MNO) Service Providers (SPs), while maintaining high security assurances as with LTE. That is, in some examples, Retail Neutral Host-LTE is configured to provide the same or similar security assurances as with MNO-based LTE. Moreover, retail Neutral Host-LTE offers options for provisioning credentials and authentication with the AAA that are analogous to the options for HS2.0, that is: username/password, SP-issued certificate, and pre-configured mobile device certificate. This is achieved, at least in part, while providing or ensuring that Retail Neutral Host-LTE security provides similar security assurances to MNO-based LTE.

公开(公告)号：US09755837B2

公开(公告)日：2017-09-05

申请号：US14829459

申请日：2015-08-18

Applicant: QUALCOMM Incorporated

Inventor： Soo Bum Lee ,  Anand Palanigounder ,  Gavin Bernard Horn

IPC: H04L29/00 ,  H04L9/32 ,  H04L29/08 ,  H04L29/06 ,  H04W12/06 ,  H04W12/04 ,  H04W48/16 ,  H04W76/02 ,  H04L9/08 ,  H04W4/20 ,  H04W60/00

CPC classification number: H04L9/3247 ,  H04L9/0844 ,  H04L63/0823 ,  H04L63/126 ,  H04L63/168 ,  H04L67/16 ,  H04L2209/24 ,  H04L2209/72 ,  H04W4/20 ,  H04W12/04 ,  H04W12/06 ,  H04W48/16 ,  H04W60/00 ,  H04W76/11

Abstract: At least one feature pertains to a method operational at a user device that includes receiving, from an application service provider, an application-specific certificate associated with at least one application service provided by the application service provider. The method also includes determining that a wireless communication network provides application-specific access to the application service provided by the application service provider, and transmitting a registration request including the application-specific certificate to the wireless communication network for authentication of the user device. The application-specific certificate includes a user device public key. The method further includes performing authentication and key agreement with the wireless communication network, and communicating with the application service after authentication and key agreement is successfully performed. In one aspect, authentication and key agreement with the network is performed directly between the user device and the network and independent to the application service provider.

公开(公告)号：US09717003B2

公开(公告)日：2017-07-25

申请号：US14817123

申请日：2015-08-03

Applicant: QUALCOMM Incorporated

Inventor： Soo Bum Lee ,  Anand Palanigounder ,  Gavin Bernard Horn

IPC: H04M1/66 ,  H04W12/06 ,  H04L29/06

CPC classification number: H04W12/06 ,  H04L9/0643 ,  H04L9/085 ,  H04L63/0807 ,  H04L63/083 ,  H04L63/0892 ,  H04L63/18 ,  H04W12/08

Abstract: Systems and techniques are disclosed to facilitate the sponsored connectivity of a user equipment on a serving network so that the UE may access a service whose connectivity is sponsored by an application service provider. The application service provider provisions the serving network so that it is aware of the sponsored connectivity. In an attach attempt to the serving network, the UE provides a client token based on a pre-existing credential (established between the UE and the application service provider) instead of a subscriber identifier with the attach request. The application service provider's server validates the access credential to authenticate the UE and provides information that the serving network uses to mutually authenticate with the UE. The UE may then use the serving network to access the service via the sponsored connection, even where the UE does not have a subscriber identity and subscription with a cellular network.

公开(公告)号：US09655012B2

公开(公告)日：2017-05-16

申请号：US14133208

申请日：2013-12-18

Applicant: QUALCOMM Incorporated

Inventor： David William Craig ,  Gavin Bernard Horn ,  Anand Palanigounder ,  Arnaud Meylan

IPC: H04W36/00 ,  H04W12/04 ,  H04W88/06 ,  H04W84/12 ,  H04W36/14

CPC classification number: H04W36/0038 ,  H04L63/06 ,  H04L63/0892 ,  H04L2463/061 ,  H04W12/04 ,  H04W12/06 ,  H04W36/14 ,  H04W84/12 ,  H04W88/06

Abstract: Techniques for deriving a WLAN security context from an existing WWAN security context are provided. According to certain aspects, a user equipment (UE) establishes a secure connection with a wireless wide area network (WWAN). The UE may receive from the WWAN an indication of a wireless local area network (WLAN) for which to derive a security context. The UE then derives the security context for the WLAN, based on a security context for the WWAN obtained while establishing the secure connection with the WWAN and establishes a secure connection with the WLAN using the derived security context for the WLAN. This permits the UE to establish a Robust Security Network Association (RSNA) with the WLAN while avoiding lengthy authentication procedures with an AAA server, thus speeding up the association process.

公开(公告)号：US20170111339A1

公开(公告)日：2017-04-20

申请号：US15093537

申请日：2016-04-07

Applicant: QUALCOMM Incorporated

Inventor： Soo Bum Lee ,  Anand Palanigounder

IPC: H04L29/06

CPC classification number: H04L63/08 ,  H04L9/0836 ,  H04L9/0841 ,  H04L9/0866 ,  H04L63/06 ,  H04L2209/80 ,  H04W12/04 ,  H04W12/06

Abstract: A method is provided for facilitating service-specific security while avoiding a full authentication and key agreement exchange each time a service is activated on a device. Multiple services on a single device and sharing the same session link (e.g., radio link or radio bearer) and the same physical network may nonetheless obtain distinct service-specific network connectivity root keys from which service-specific security/session keys may be derived. In such case, instead of performing a full authentication and key agreement exchange with an operator or provider (e.g., home subscription server or HSS), the device may authenticate a network slice using a security credential established during a prior authentication with another network slice.

公开(公告)号：US20170013453A1

公开(公告)日：2017-01-12

申请号：US15160198

申请日：2016-05-20

Applicant: QUALCOMM Incorporated

Inventor： Soo Bum Lee ,  Gavin Bernard Horn ,  Anand Palanigounder ,  Adrian Edward Escott ,  Stefano Faccin

IPC: H04W12/06 ,  H04W12/04 ,  H04L29/06 ,  H04W68/00 ,  H04W40/02

CPC classification number: H04W12/04 ,  H04L63/0428 ,  H04L63/0457 ,  H04L63/06 ,  H04W4/70 ,  H04W12/02 ,  H04W40/02 ,  H04W68/005

Abstract: In an aspect, a network may support a number of client devices. In such a network, a client device transmits a request to communicate with a network, establishes a security context, and receives one or more encrypted client device contexts from the network. An encrypted client device context enables reconstruction of a context at the network for communication with the client device, where the context includes network state information associated with the client device. The client device transmits a message (e.g., including an uplink data packet) to the network that includes at least one encrypted client device context. Since the network device can reconstruct the context for the client device based on an encrypted client device context, the network device can reduce an amount of the context maintained at the network device in order to support a greater number of client devices.

Abstract translation: 在一方面，网络可以支持多个客户端设备。 在这种网络中，客户机设备发送与网络通信的请求，建立安全上下文，并从网络接收一个或多个加密的客户端设备上下文。 加密的客户端设备上下文使得能够重建网络上的上下文以与客户端设备进行通信，其中上下文包括与客户端设备相关联的网络状态信息。 客户端设备向包括至少一个加密的客户端设备上下文的网络发送消息（例如，包括上行链路数据分组）。 由于网络设备可以基于加密的客户端设备上下文重建客户端设备的上下文，所以网络设备可以减少在网络设备处维护的上下文的量，以便支持更多数量的客户端设备。