公开(公告)号：US20160088472A1

公开(公告)日：2016-03-24

申请号：US14957338

申请日：2015-12-02

Applicant: HUAWEI TECHNOLOGIES CO.,LTD.

Inventor： Chengdong HE

IPC: H04W12/04 ,  H04L9/08 ,  H04L29/06 ,  H04W12/06 ,  H04W12/10

CPC classification number: H04W12/04 ,  H04L9/0844 ,  H04L9/088 ,  H04L63/0492 ,  H04L63/062 ,  H04L63/0876 ,  H04L63/1441 ,  H04L63/20 ,  H04L63/205 ,  H04L69/24 ,  H04L2463/061 ,  H04W8/02 ,  H04W12/10 ,  H04W12/12 ,  H04W36/0038

Abstract: Methods of security negotiation for idle state mobility from a first network to a long term evolution (LTE) network are disclosed. In one embodiment, a service general packet radio service (GPRS) support node (SGSN) of the first network transmits an authentication vector-related key to a mobility management entity (MME). A user equipment (UE) sends its security capabilities including non-access stratum (NAS) security capabilities to the MME. The MME selects a NAS security algorithm, in accordance with the NAS security capabilities of the UE, and sends a message that indicates the selected NAS security algorithm to the UE. The MME also derives, in accordance with the selected NAS security algorithm, a NAS protection key from an authentication vector-related key so as to security communication between the UE and the LTE network.

Abstract translation: 公开了从第一网络到长期演进（LTE）网络的空闲状态移动性的安全协商的方法。 在一个实施例中，第一网络的服务通用分组无线服务（GPRS）支持节点（SGSN）向移动性管理实体（MME）发送认证向量相关密钥。 用户设备（UE）向MME发送包括非接入层（NAS）安全性能的安全功能。 MME根据UE的NAS安全能力选择NAS安全算法，并向UE发送指示选择的NAS安全算法的消息。 MME还根据所选择的NAS安全算法从认证向量相关的密钥导出NAS保护密钥，以便UE和LTE网络之间的安全通信。

公开(公告)号：US20160028703A1

公开(公告)日：2016-01-28

申请号：US14873504

申请日：2015-10-02

Applicant: Huawei Technologies Co., Ltd.

Inventor： Chengdong HE

IPC: H04L29/06 ,  H04W12/04 ,  H04W12/06

CPC classification number: H04W12/04 ,  H04L9/0844 ,  H04L9/088 ,  H04L63/0492 ,  H04L63/062 ,  H04L63/0876 ,  H04L63/1441 ,  H04L63/20 ,  H04L63/205 ,  H04L69/24 ,  H04L2463/061 ,  H04W8/02 ,  H04W12/10 ,  H04W12/12 ,  H04W36/0038

Abstract: An MME negotiates security in case of idle state mobility for a UE from a first network to a LTE network. The UE sends its security capabilities including non-access stratum (NAS) security capabilities supported by the UE to the LTE network. The MME selects a NAS security algorithm, in accordance with the NAS security capabilities of the UE, and sends the selected NAS security algorithm to the UE, sharing the NAS security algorithm between the UE and the LTE network when the UE moves from the first network to the LTE network. The MME also derives, in accordance with the selected NAS security algorithm, a NAS protection key from an authentication vector-related key so as to security communication between the UE and the LTE network.

Abstract translation: 在UE从第一网络到LTE网络的空闲状态移动性的情况下，MME协商安全性。 UE向LTE网络发送其安全能力，包括UE支持的非接入层（NAS）安全功能。 MME根据UE的NAS安全能力选择NAS安全算法，并将所选择的NAS安全算法发送给UE，当UE从第一个网络移动时，在UE和LTE网络之间共享NAS安全算法 到LTE网络。 MME还根据所选择的NAS安全算法从认证向量相关的密钥导出NAS保护密钥，以便UE和LTE网络之间的安全通信。

公开(公告)号：US20150264563A1

公开(公告)日：2015-09-17

申请号：US14728687

申请日：2015-06-02

Applicant: Huawei Technologies Co., Ltd.

Inventor： Chengdong HE

IPC: H04W12/04 ,  H04M1/66 ,  H04L29/06 ,  H04W60/04

CPC classification number: H04W12/08 ,  H04L63/06 ,  H04L63/083 ,  H04L63/107 ,  H04L63/205 ,  H04M1/66 ,  H04W8/02 ,  H04W8/22 ,  H04W12/04 ,  H04W12/06 ,  H04W60/04 ,  H04W80/02 ,  H04W88/12

Abstract: A method for negotiating security capabilities during movement of a User Equipment (UE) includes the following steps: a target network entity receives a Routing Area Update (RAU) Request from the UE; the entity obtains Authentication Vector (AV)-related keys deduced according to a root key, and sends the selected security algorithm to the UE; and the UE deduces the AV-related keys according to the root key of the UE. A system, SGSN, and MME for negotiating security capabilities during movement of a UE are also disclosed. The present invention is applicable to security capability negotiation between the UE and the network.

Abstract translation: 一种在用户设备（UE）移动期间协商安全能力的方法包括以下步骤：目标网络实体从UE接收路由区域更新（RAU）请求; 实体根据根密钥获得认证向量（AV）相关密钥，并将所选择的安全算法发送给UE; 并且UE根据UE的根密钥推断AV相关密钥。 还公开了用于在UE的移动期间协商安全能力的系统，SGSN和MME。 本发明适用于UE与网络之间的安全能力协商。