公开(公告)号：US10728756B2

公开(公告)日：2020-07-28

申请号：US15710991

申请日：2017-09-21

Applicant: QUALCOMM Incorporated

Inventor： Soo Bum Lee ,  Keiichi Kubota ,  Adrian Edward Escott ,  Gavin Bernard Horn ,  Anand Palanigounder

IPC: H04W12/04 ,  H04L29/06 ,  H04W12/00 ,  H04W36/00 ,  H04W48/16 ,  H04W24/02 ,  H04W48/18 ,  H04L9/08 ,  H04W12/06

Abstract: Certain aspects of the present disclosure provide techniques for managing security keys for enciphering and deciphering packets transmitted in a wireless communications system. According to certain aspects, a method of wireless communication by a user equipment (UE) is provided. The method generally includes obtaining an indication of a key area identifier (ID) of a first cell node, wherein the key area ID identifies a set of cell nodes that are associated with a network node that uses a first key for enciphering or deciphering messages and communicating a first set of messages with the first cell node using the first key for enciphering or deciphering the first set of messages.

公开(公告)号：US20200236554A1

公开(公告)日：2020-07-23

申请号：US16743927

申请日：2020-01-15

Applicant: QUALCOMM Incorporated

Inventor： Soo Bum Lee ,  Ozcan Ozturk ,  Gavin Bernard Horn ,  Adrian Edward Escott ,  Anand Palanigounder

IPC: H04W12/10 ,  H04W12/00 ,  H04W12/06 ,  H04W76/10

Abstract: Methods, systems, and devices for wireless communications are described. In some systems, devices may use information protection to detect fake base stations. A base station verified by a network may transmit first information to a user equipment (UE) in an unprotected message. If a fake base station intercepts and modifies the message before relaying the message to the UE, the UE may receive different information than the transmitted first information. The UE may then transmit an indication of the received information to the verified base station in a protected message. In some cases, based on the indication, the verified base station may re-transmit the first information to the UE in a message protected against modification by the fake base station. If the UE determines that the initially received information is different from the information received in the protected retransmission, the UE identifies message modification by the fake base station.

公开(公告)号：US20200015310A1

公开(公告)日：2020-01-09

申请号：US16575200

申请日：2019-09-18

Applicant: QUALCOMM Incorporated

Inventor： Adrian Edward Escott ,  Mungal Singh Dhanda ,  Anand Palanigounder ,  Soo Bum Lee

IPC: H04W76/19 ,  H04W36/00

Abstract: One feature pertains to a method that includes establishing a radio communication connection with a first radio access node (RAN) that uses control plane signaling connections to carry user plane data. The method also includes determining that the wireless communication device is experiencing radio link failure (RLF) with the first RAN and that the radio communication connection should be reestablished with a second RAN. A reestablishment request message is transmitted to the second RAN that includes parameters that enable a core network node communicatively coupled to the second RAN to authenticate the wireless communication device and allow or reject reestablishment of the radio communication connection. The parameters include at least a message authentication code (MAC) based in part on one or more bits of a non-access stratum (NAS) COUNT value maintained at the wireless communication device.

公开(公告)号：US10298549B2

公开(公告)日：2019-05-21

申请号：US15199924

申请日：2016-06-30

Applicant: QUALCOMM Incorporated

Inventor： Soo Bum Lee ,  Anand Palanigounder ,  Adrian Edward Escott

IPC: H04L29/06 ,  H04L29/08 ,  H04W88/16 ,  H04L12/24 ,  H04L9/08 ,  H04L9/14 ,  H04W4/70 ,  H04W12/04 ,  H04W12/10

Abstract: Aspects of security schemes (e.g., integrity protection, encryption, or both) are described. A measure of access stratum security can be realized without overhead associated with establishing and/or maintaining the per-cellular-device access stratum security context at a Cellular Internet of Things (CIoT) base station (C-BS). A gateway (e.g., a CIoT Serving Gateway Node (C-SGN)) may derive a first key. The first key may be only known to the C-SGN. The C-SGN may derive a second key from the first key and a parameter unique to the C-BS. The C-SGN may also derive a third key from the second key and an identity of a cellular device. The C-SGN may send the second and third keys to the C-BS and cellular device, respectively. Small data messages encrypted and/or integrity protected by the cellular device may be decrypted and/or verified by the C-BS.

公开(公告)号：US10015102B2

公开(公告)日：2018-07-03

申请号：US14168836

申请日：2014-01-30

Applicant: QUALCOMM INCORPORATED

Inventor： Gerardo Giaretta ,  Sivaramakrishna Veerepalli ,  Kalle Ilmari Ahmavaara ,  Roozbeh Atarius ,  John Wallace Nasielski ,  Anand Palanigounder

IPC: G06F15/16 ,  H04L12/851 ,  H04L12/26 ,  H04L29/08 ,  G06F11/34 ,  H04L12/24

CPC classification number: H04L47/2441 ,  G06F11/34 ,  H04L41/0893 ,  H04L43/062 ,  H04L67/22

Abstract: Systems, devices, and methods for reporting information in real time about traffic generated by each application for a device are described. In one aspect, the network can configure a list of applications user equipment (UE) devices need to report traffic information for and then when one of these applications starts a communication, the UE may send traffic descriptor(s) describing the traffic generated by the application. In this way the network can accurately identify the traffic and take actions based on UE report and local policy or subscription.

公开(公告)号：US09769665B2

公开(公告)日：2017-09-19

申请号：US15496502

申请日：2017-04-25

Applicant: QUALCOMM Incorporated

Inventor： Soo Bum Lee ,  Anand Palanigounder ,  Gavin Bernard Horn

IPC: H04M1/66 ,  H04W12/06 ,  H04L29/06 ,  H04W12/08 ,  H04L9/08 ,  H04L9/06

CPC classification number: H04W12/06 ,  H04L9/0643 ,  H04L9/085 ,  H04L63/0807 ,  H04L63/083 ,  H04L63/0892 ,  H04L63/18 ,  H04W12/08

Abstract: Systems and techniques are disclosed to facilitate the sponsored connectivity of a user equipment on a serving network so that the UE may access a service whose connectivity is sponsored by an application service provider. The application service provider provisions the serving network so that it is aware of the sponsored connectivity. In an attach attempt to the serving network, the UE provides a client token based on a pre-existing credential (established between the UE and the application service provider) instead of a subscriber identifier with the attach request. The application service provider's server validates the access credential to authenticate the UE and provides information that the serving network uses to mutually authenticate with the UE. The UE may then use the serving network to access the service via the sponsored connection, even where the UE does not have a subscriber identity and subscription with a cellular network.

公开(公告)号：US20170187691A1

公开(公告)日：2017-06-29

申请号：US15199924

申请日：2016-06-30

Applicant: QUALCOMM Incorporated

Inventor： Soo Bum Lee ,  Anand Palanigounder ,  Adrian Edward Escott

IPC: H04L29/06 ,  H04L9/14 ,  H04L12/24 ,  H04L9/08 ,  H04L29/08 ,  H04W88/16

CPC classification number: H04L63/0428 ,  G06F2221/2151 ,  H04L9/0822 ,  H04L9/14 ,  H04L41/08 ,  H04L63/062 ,  H04L63/123 ,  H04L63/1458 ,  H04L63/16 ,  H04L63/205 ,  H04L67/12 ,  H04W4/70 ,  H04W12/04 ,  H04W12/10 ,  H04W88/16 ,  Y04S40/18

Abstract: Aspects of security schemes (e.g., integrity protection, encryption, or both) are described. A measure of access stratum security can be realized without overhead associated with establishing and/or maintaining the per-cellular-device access stratum security context at a Cellular Internet of Things (CIoT) base station (C-BS). A gateway (e.g., a CIoT Serving Gateway Node (C-SGN)) may derive a first key. The first key may be only known to the C-SGN. The C-SGN may derive a second key from the first key and a parameter unique to the C-BS. The C-SGN may also derive a third key from the second key and an identity of a cellular device. The C-SGN may send the second and third keys to the C-BS and cellular device, respectively. Small data messages encrypted and/or integrity protected by the cellular device may be decrypted and/or verified by the C-BS.

公开(公告)号：US20170078874A1

公开(公告)日：2017-03-16

申请号：US15089396

申请日：2016-04-01

Applicant: QUALCOMM Incorporated

Inventor： Soo Bum Lee ,  Adrian Edward Escott ,  Gavin Bernard Horn ,  Anand Palanigounder

IPC: H04W12/04 ,  H04W36/00 ,  H04W12/08

CPC classification number: H04W12/04 ,  H04W12/02 ,  H04W36/0038 ,  H04W36/0055

Abstract: A device that identifies entry into a new service area, transmits a service area update request to a network device associated with a network, receives a control plane message from the network indicating control plane device relocation or a key refresh due to a service area change in response to transmitting the service area update request, and derives a first key based in part on data included in the control plane message and a second key shared between the device and a key management device. Another device that receives a handover command from a network device associated with a network, the handover command indicating a new service area, derives a first key based on data included in the handover command and on a second key shared between the device and a key management device, and sends a handover confirmation message that is secured based on the first key.

Abstract translation: 识别进入新服务区域的设备向与网络相关联的网络设备发送服务区域更新请求，从网络接收指示控制平面设备重定位的控制平面消息或由于服务区域改变引起的密钥刷新 响应于发送服务区域更新请求，并且部分地基于包括在控制平面消息中的数据和在设备和密钥管理设备之间共享的第二密钥来导出第一密钥。 从与网络相关联的网络设备接收切换命令的另一设备，指示新服务区域的切换命令基于包括在切换命令中的数据和在设备与密钥管理之间共享的第二密钥来导出第一密钥 并且发送基于第一密钥被保护的切换确认消息。

公开(公告)号：US20170012947A1

公开(公告)日：2017-01-12

申请号：US15160282

申请日：2016-05-20

Applicant: QUALCOMM Incorporated

Inventor： Soo Bum Lee ,  Gavin Bernard Horn ,  Anand Palanigounder

IPC: H04L29/06 ,  H04W76/02 ,  H04W12/06 ,  H04W8/08 ,  H04W12/04 ,  H04L12/24 ,  H04W52/02

CPC classification number: H04L63/0428 ,  H04L41/082 ,  H04L63/062 ,  H04L63/0876 ,  H04L63/0892 ,  H04W4/70 ,  H04W8/08 ,  H04W12/04 ,  H04W12/06 ,  H04W36/0038 ,  H04W52/0209 ,  H04W76/10 ,  Y02D70/1224 ,  Y02D70/1226 ,  Y02D70/1242 ,  Y02D70/1262 ,  Y02D70/21

Abstract: In an aspect, a network supporting a number of client devices includes a network device that generates a context for a client device. The client device context may include network state information for the client device that enables the network to communicate with the client device. The client device may obtain, from a network device that serves a first service area of the network, information that includes a first client device context. The client device may enter a second service area of the network served by a second network device. Instead of performing a service area update procedure with the network, the client device may transmit a packet in the different service area with the information that includes the client device context. The client device may receive a service relocation message including information associated with the different network device in response to the transmission.

Abstract translation: 在一方面，支持多个客户端设备的网络包括生成客户端设备的上下文的网络设备。 客户端设备上下文可以包括使得网络能够与客户端设备进行通信的客户端设备的网络状态信息。 客户端设备可以从服务于网络的第一服务区域的网络设备获得包括第一客户端设备上下文的信息。 客户端设备可以进入由第二网络设备服务的网络的第二服务区域。 客户端设备可以不使用网络执行服务区域更新过程，而是可以在不同的服务区域中发送包含客户端设备上下文的信息。 客户端设备可以响应于传输而接收包括与不同网络设备相关联的信息的服务重定位消息。

公开(公告)号：US20160262021A1

公开(公告)日：2016-09-08

申请号：US14817123

申请日：2015-08-03

Applicant: QUALCOMM Incorporated

Inventor： Soo Bum Lee ,  Anand Palanigounder ,  Gavin Bernard Horn

IPC: H04W12/08 ,  H04L29/06 ,  H04W12/06

CPC classification number: H04W12/06 ,  H04L9/0643 ,  H04L9/085 ,  H04L63/0807 ,  H04L63/083 ,  H04L63/0892 ,  H04L63/18 ,  H04W12/08

Abstract: Systems and techniques are disclosed to facilitate the sponsored connectivity of a user equipment on a serving network so that the UE may access a service whose connectivity is sponsored by an application service provider. The application service provider provisions the serving network so that it is aware of the sponsored connectivity. In an attach attempt to the serving network, the UE provides a client token based on a pre-existing credential (established between the UE and the application service provider) instead of a subscriber identifier with the attach request. The application service provider's server validates the access credential to authenticate the UE and provides information that the serving network uses to mutually authenticate with the UE. The UE may then use the serving network to access the service via the sponsored connection, even where the UE does not have a subscriber identity and subscription with a cellular network.

Abstract translation: 公开了系统和技术以促进服务网络上的用户设备的赞助连接，使得UE可以访问由应用服务提供商赞助其连接的服务。 应用服务提供商规定服务网络，以便它知道赞助的连接。 在对服务网络的附着尝试中，UE基于预先存在的凭证（在UE和应用服务提供商之间建立）而不是具有附加请求的订户标识符来提供客户端令牌。 应用服务提供商的服务器验证访问凭证以验证UE，并提供服务网络用于与UE相互认证的信息。 UE然后可以使用服务网络经由赞助的连接来访问服务，即使在UE没有用户标识和订阅蜂窝网络的情况下也是如此。