公开(公告)号：US20230209337A1

公开(公告)日：2023-06-29

申请号：US17593296

申请日：2021-05-10

Applicant: APPLE INC.

Inventor： Shu GUO ,  Dawei ZHANG ,  Haijing HU ,  Huarui LIANG

IPC: H04W12/06 ,  H04W12/0433 ,  H04W60/04 ,  H04W12/041

CPC classification number: H04W12/06 ,  H04W12/041 ,  H04W12/0433 ,  H04W60/04

Abstract: Disclosed are embodiments of a user equipment (UE) configured to communicate in a 5G network and to perform authentication between an edge enabler client (EEC) of the UE and an edge configuration server (ECS) or an edge enabler server (EES) based on an architecture for authentication and key management for applications (AKMA). The techniques include performing primary authentication with the 5G network to obtain a KAUSF; generating a KAKMA and an A-KID; providing to the EEC the KAKMA and an EEC identifier (ID) for the EEC to generate a Kedge, the KAKMA and the EEC ID being used by the EEC to compute a MACEEC; and sending to the ECS or the EES an application registration request, the application registration request including the EEC ID, the MACEEC, and the A-KID.

公开(公告)号：US20230065637A1

公开(公告)日：2023-03-02

申请号：US17855760

申请日：2022-06-30

Applicant: APPLE INC.

Inventor： Anikethan Ramakrishna Vijaya Kumar ,  Huarui LIANG ,  Nirlesh KOSHTA ,  Shu GUO ,  Sridhar PRAKASAM

IPC: H04W12/06 ,  H04W12/71 ,  H04W12/122 ,  H04W28/06

Abstract: A UE may receive a first GUTI from a network. The UE may transition to a Connected mode in response to a paging procedure with the network. The UE may take actions to ensure that a second GUTI is obtained from the network. Other aspects are described.

公开(公告)号：US20230064165A1

公开(公告)日：2023-03-02

申请号：US17885469

申请日：2022-08-10

Applicant: APPLE INC.

Inventor： Anikethan Ramakrishna Vijaya Kumar ,  Huarui LIANG ,  Nirlesh KOSHTA ,  Shu GUO ,  Sridhar PRAKASAM

IPC: H04W12/06 ,  H04W12/71 ,  H04W12/122 ,  H04W28/06

Abstract: A UE may receive a first GUTI from a network. The UE may transition to a Connected mode in response to a paging procedure with the network. The UE may take actions to ensure that a second GUTI is obtained from the network. Other aspects are described.

公开(公告)号：US20220303823A1

公开(公告)日：2022-09-22

申请号：US17437735

申请日：2020-04-30

Applicant: APPLE INC.

Inventor： Shu GUO ,  Dawei ZHANG ,  Fangli XU ,  Haijing HU ,  Huarui LIANG ,  Xiangying YANG ,  Yuqin CHEN

IPC: H04W28/02 ,  H04W28/08 ,  H04W12/106 ,  H04W76/20

Abstract: Systems, apparatuses, methods, and program products to provision a user plane (UP) security policy at a granularity level that is per data radio bearer (DRB) within a protocol data unit (PDU) session or per quality of service (QoS) flow within one or more DRB of the PDU session.

公开(公告)号：US20250106612A1

公开(公告)日：2025-03-27

申请号：US18290938

申请日：2023-02-06

Applicant: Apple Inc.

Inventor： Walter FEATHERSTONE ,  Haijing HU ,  Mona AGNEL ,  Robert ZAUS ,  Shu GUO ,  Sudeep MANITHARA VAMANAN

IPC: H04W8/14 ,  H04W24/02

Abstract: An edge computing component is configured to receive application specific user information for a first application client (AC) user from a first user equipment (UE) with a first AC, receive application specific user information for a second AC user from a second UE with a second AC, identify a condition related to a location of the first AC relative to one or more service areas related to edge computing and transmit a notification to the second UE, the notification indicating a presence of the first AC user relative to the one or more service areas.

公开(公告)号：US20240187849A1

公开(公告)日：2024-06-06

申请号：US17755493

申请日：2021-05-07

Applicant: Apple Inc.

Inventor： Shu GUO ,  Dawei ZHANG ,  Fangli XU ,  Haijing HU ,  Huarui LIANG ,  Lanpeng CHEN ,  Xiaoyu QIAO ,  Yuqin CHEN

IPC: H04W12/041 ,  H04W4/06 ,  H04W12/0431

CPC classification number: H04W12/041 ,  H04W4/06 ,  H04W12/0431

Abstract: A user equipment (UE) is configured to join a multicast broadcast service (MBS) session. The UE sends, to a network function, a protocol data unit (PDU) modification request comprising a request to join a multicast broadcast service (MBS) session, generates a first key (KMBS-UE), receives a PDU session modification complete message comprising an encrypted second key (KMBS) and a key identification (KID) corresponding to the KMBS and decrypts the Kiss using the KMBS-UE.

公开(公告)号：US20230164559A1

公开(公告)日：2023-05-25

申请号：US18150771

申请日：2023-01-05

Applicant: Apple Inc.

Inventor： Xiangying YANG ,  Huarui LIANG ,  Lijia ZHANG ,  Shu GUO ,  Haijing HU ,  Fangli XU ,  Yuqin CHEN ,  Dawei ZHANG ,  Li LI

IPC: H04W12/069 ,  H04W12/72 ,  H04W12/0433 ,  H04W12/03 ,  H04W12/122 ,  H04W12/041 ,  H04L9/08 ,  H04L9/16 ,  H04L9/32 ,  H04W12/02

CPC classification number: H04W12/069 ,  H04W12/72 ,  H04W12/0433 ,  H04W12/03 ,  H04W12/122 ,  H04W12/041 ,  H04L9/0822 ,  H04L9/0825 ,  H04L9/0844 ,  H04L9/0891 ,  H04L9/16 ,  H04L9/3228 ,  H04W12/02

Abstract: Techniques to protect a subscriber identity, by encrypting a subscription permanent identifier (SUPI) to form one-time use subscription concealed identifiers (SUCIs) using a set of one-time ephemeral asymmetric keys, generated by a user equipment (UE), and network provided keys are disclosed. Encryption of the SUPI to form the SUCIs can mitigate snooping by rogue network entities, such as fake base stations. The UE is restricted from providing the unencrypted SUPI over an unauthenticated connection to a network entity. In some instances, the UE uses a trusted symmetric fallback encryption key KFB or trusted asymmetric fallback public key PKFB to verify messages from an unauthenticated network entity and/or to encrypt the SUPI to form a fallback SUCIFB for communication of messages with the unauthenticated network entity.

公开(公告)号：US20220304079A1

公开(公告)日：2022-09-22

申请号：US17593422

申请日：2020-09-16

Applicant: Apple Inc.

Inventor： Shu GUO ,  Dawei ZHANG ,  Fangli XU ,  Haijing HU ,  Huarui LIANG ,  Mona AGNEL ,  Ralf ROSSBACH ,  Sudeep Manithara VAMANAN ,  Yuqin CHEN

IPC: H04W76/10 ,  H04W60/00 ,  H04W48/18 ,  H04W8/02

Abstract: The exemplary embodiments relate to a user equipment (UE) providing an indication of user consent to a network for access to UE information. The UE may perform operations including transmitting an indication of user consent to a first network. The user consent corresponds to a network function acquiring UE information. The operations also include transmitting the UE information to the first network and establishing a connection with a second network. The network function performs operations related to establishing the connection between the UE and the second network using the UE information.

公开(公告)号：US20210092603A1

公开(公告)日：2021-03-25

申请号：US17054148

申请日：2018-05-11

Applicant: Apple Inc.

Inventor： Xiangying YANG ,  Huarui LIANG ,  Lijia ZHANG ,  Shu GUO ,  Haijing HU ,  Fangli XU ,  Yuqin CHEN ,  Dawei ZHANG ,  Li LI

IPC: H04W12/06 ,  H04L9/08 ,  H04L9/16 ,  H04L9/32 ,  H04W12/02 ,  H04W12/00 ,  H04W12/04 ,  H04W12/12

Abstract: Techniques to protect a subscriber identity, by encrypting a subscription permanent identifier (SUPI) to form one-time use subscription concealed identifiers (SUCIs) using a set of one-time ephemeral asymmetric keys, generated by a user equipment (UE), and network provided keys are disclosed. Encryption of the SUPI to form the SUCIs can mitigate snooping by rogue network entities, such as fake base stations. The UE is restricted from providing the unencrypted SUPI over an unauthenticated connection to a network entity. In some instances, the UE uses a trusted symmetric fallback encryption key KFB or trusted asymmetric fallback public key PKFB to verify messages from an unauthenticated network entity and/or to encrypt the SUPI to form a fallback SUCIFB for communication of messages with the unauthenticated network entity.

公开(公告)号：US20200021993A1

公开(公告)日：2020-01-16

申请号：US16293521

申请日：2019-03-05

Applicant: Apple Inc.

Inventor： Xiangying YANG ,  Shu GUO ,  Lijia ZHANG ,  Qian SUN ,  Huarui LIANG ,  Fangli XU ,  Yuqin CHEN ,  Haijing HU ,  Dawei ZHANG ,  Hao DUO ,  Lanpeng CHEN

IPC: H04W12/10 ,  H04W72/04 ,  H04W74/00 ,  H04W12/04 ,  H04W12/06 ,  H04L9/32

Abstract: Techniques for identity-based message integrity protection and verification between a user equipment (UE) and a wireless network entity, include use of signatures derived from identity-based keys. To protect against attacks from rogue network entities before activation of a security context with a network entity, the UE verifies integrity of messages by checking a signature using an identity-based public key PKID derived by the UE based on (i) an identity value (ID) of the network entity and (ii) a separate public key PKPKG of a private key generator (PKG) server. The network entity generates signatures for messages using an identity-based private key SKID obtained from the PKG server, which generates the identity-based private key SKID using (i) the ID value of the network entity and (ii) a private key SKPKG that is known only by the PKG server and corresponds to the public key PKPKG.