公开(公告)号：US20190253939A1

公开(公告)日：2019-08-15

申请号：US16388084

申请日：2019-04-18

Applicant: NEC CORPORATION

Inventor： Xiaowei ZHANG ,  Anand Raghawa PRASAD

IPC: H04W36/00

CPC classification number: H04W36/0055 ,  H04W36/0038 ,  H04W36/0069 ,  H04W88/06

Abstract: A UE (10) provides information on potential S′eNB(s). The information is forwarded from an MeNB (20_1) to an M′eNB (20_2) such that the M′eNB (20_2) can determine, before the handover happens, whether the M′eNB (20_2) will configure a new SeNB (S′eNB) and which S′eNB the M′eNB (20_2) will configure. In one of options, the MeNB (20_1) derives a key S′-KeNB for communication protection between the UE (10) and the S′eNB (30_1), and send the S′-KeNB to the M′eNB (20_2). In another option, the M′eNB (20_2) derives the S′-KeNB from a key KeNB* received from the MeNB (20_1). The M′eNB (20_2) sends the S′-KeNB to the S′eNB (30_1). Moreover, there are also provided several variations to perform SeNB Release, SeNB Addition, Bearer Modification and the like, in which the order and/or timing thereof can be different during the handover procedure.

公开(公告)号：US20190215748A1

公开(公告)日：2019-07-11

申请号：US16354273

申请日：2019-03-15

Applicant: NEC CORPORATION

Inventor： Xiaowei ZHANG ,  Anand Raghawa PRASAD

IPC: H04W36/28 ,  H04W28/08 ,  H04W36/00 ,  H04W12/04 ,  H04W76/27

CPC classification number: H04W36/28 ,  H04W12/04 ,  H04W28/08 ,  H04W36/0055 ,  H04W36/0069 ,  H04W76/27 ,  H04W88/08 ,  H04W92/20

Abstract: An SeNB (30) informs an MeNB (20) that it can configure bearers for the given UE (10). At this time, the MeNB (20) manages the DRB status, and then sends a key S-KeNB to the SeNB (30). The MeNB (20) also sends a KSI for the S-KeNB to both of the UE (10) and the SeNB (30). After this procedure, the MeNB (20) informs an EPC (MME (40) and S-GW (50)) about the new bearer configured at the SeNB (30), such that the S-GW 50 can start offloading the bearer(s) to the SeNB 30. Prior to the offloading, the EPC network entity (MME (40) or S-GW (50)) performs verification that: 1) whether the request is coming from authenticated source (MeNB); and 2) whether the SeNB (30) is a valid eNB to which the traffic can be offload.

公开(公告)号：US20180026788A1

公开(公告)日：2018-01-25

申请号：US15549690

申请日：2016-02-12

Applicant: NEC Corporation

Inventor： Xiaowei ZHANG ,  Anand Raghawa PRASAD

IPC: H04L9/32 ,  H04L9/08 ,  H04L9/14

Abstract: A communication system includes a plurality of communication terminals that form a communication group and a node device that carries out an authentication process on each of the communication terminals. The node device derives first keys unique to the respective communication terminals by using information shared between the node device and each communication terminal through the authentication process, derives a second key common to the communication group, calculates an exclusive OR between each first key and the second key, and transmits respective XOR values obtained through the calculation to the respective communication terminals. Each communication terminal reproduces the second key by calculating an exclusive OR of between the first key unique to the own communication terminal derived by using the information and the XOR value received from the node device. Thus, the keys used in group communication are managed more securely.

公开(公告)号：US20170078940A1

公开(公告)日：2017-03-16

申请号：US15123494

申请日：2015-03-05

Applicant: NEC CORPORATION

Inventor： Xiaowei ZHANG ,  Anand Raghawa PRASAD

IPC: H04W36/28 ,  H04W28/08 ,  H04W76/04 ,  H04W12/04 ,  H04W36/00

CPC classification number: H04W36/28 ,  H04W12/04 ,  H04W28/08 ,  H04W36/0055 ,  H04W36/0069 ,  H04W76/27 ,  H04W88/08 ,  H04W92/20

Abstract: An SeNB informs an MeNB that it can configure bearers for the given UE. At this time, the MeNB manages the DRB status, and then sends a key S-KeNB to the SeNB. The MeNB also sends a KSI for the S-KeNB to both of the UE and the SeNB. After this procedure, the MeNB informs an EPC (MME and S-GW) about the new bearer configured at the SeNB, such that the S-GW 50 can start offloading the bearer(s) to the SeNB 30. Prior to the offloading, the EPC network entity (MME or S-GW) performs verification that: 1) whether the request is coming from authenticated source (MeNB); and 2) whether the SeNB is a valid eNB to which the traffic can be offload.

Abstract translation: SeNB通知MeNB可以配置给定UE的承载。 此时，MeNB管理DRB状态，然后向SeNB发送密钥S-KeNB。 MeNB还向UE和SeNB两者发送S-KeNB的KSI。 在该过程之后，MeNB向EPC（MME和S-GW）通知关于在SeNB配置的新承载，使得S-GW 50可以开始将承载卸载到SeNB 30.在卸载之前， EPC网络实体（MME或S-GW）执行以下验证：1）请求是否来自认证源（MeNB）; 和2）SeNB是否可以卸载流量的有效eNB。

公开(公告)号：US20170026482A1

公开(公告)日：2017-01-26

申请号：US15039224

申请日：2014-09-04

Applicant: NEC Corporation

Inventor： Xiaowei ZHANG ,  Anand Raghawa PRASAD

IPC: H04L29/08 ,  H04L29/06 ,  H04W4/00

CPC classification number: H04L67/2833 ,  H04L45/16 ,  H04L67/2814 ,  H04L67/2838 ,  H04L67/322 ,  H04L69/22 ,  H04W4/70 ,  H04W28/06 ,  H04W88/16

Abstract: In order for efficiently managing communications between a UE (10) and multiple SCSs (20_1-20_n), the UE (10) includes, in one message, multiple pieces of data to be transmitted to the SCSs (20_1-20_n), and sends the message to an MTC-IWF (30). The MTC-IWF (30) receives the message from the UE (10), and distributes the date to the SCSs (20_1-20_n). Each of the SCSs sends (20_1-20_n), to the MTC-IWF (30), data to be transmitted to the UE (10) and an indicator that indicates for the SCSs (20_1-20_n) the time tolerance until the data is transmitted to the UE (10). The MTC-IWF (30) receives the data and the indicators from the SCSs (20_1-20_n), and determines when to forward the data to the UE (10) based on the indicators.

Abstract translation: 为了有效地管理UE（10）和多个SCS（20_1-20_n）之间的通信，UE（10）在一个消息中包括要发送到SCS（20_1-20_n）的多条数据，并发送 向MTC-IWF发送消息（30）。 MTC-IWF（30）从UE（10）接收消息，并将日期分配给SCS（20_1-20_n）。 每个SCS向MTC-IWF（30）发送要发送给UE的数据（20_1-20_n）和指示SCS（20_1-20_n）的时间容限的指示符，直到数据为 发送到UE（10）。 MTC-IWF（30）从SCS（20_1-20_n）接收数据和指示符，并根据指标确定何时将数据转发给UE（10）。

公开(公告)号：US20160330617A1

公开(公告)日：2016-11-10

申请号：US15107640

申请日：2014-11-20

Applicant: NEC CORPORATION

Inventor： Xiaowei ZHANG ,  Anand PRASAD

IPC: H04W12/04 ,  H04W12/08

Abstract: In order for supporting separate ciphering at an MeNB (20) and an SeNB (30), the MeNB (20) derives separate first and second keys (KUPenc-M, KUPenc-S) from a third key (KeNB). The first key (KUPenc-M) is used for confidentially protecting first traffic transmitted over U-Plane between the MeNB (20) and a UE (10). The first key (KUPenc-M) may be the same as current KUPenc or a new key. The second key (KUPenc-S) is used for confidentially protecting second traffic transmitted over the U-Plane between the UE (10) and the SeNB (30). The MeNB (20) sends the second key (KUPenc-S) to the SeNB (30). The UE (10) negotiates with the MeNB (20), and derives the second key (KUPenc-S) based on a result of the negotiation.

Abstract translation: 为了支持在MeNB（20）和SeNB（30）处的单独加密，MeNB（20）从第三密钥（KeNB）导出分开的第一和第二密钥（KUPenc-M，KUPenc-S）。 第一个密钥（KUPenc-M）用于保密地保护MeNB（20）和UE（10）之间在U平面上传输的第一个流量。 第一个键（KUPenc-M）可能与当前的KUPenc或新的键相同。 第二密钥（KUPenc-S）用于保密地保护在UE（10）和SeNB（30）之间通过U平面传输的第二业务。 MeNB（20）将第二个密钥（KUPenc-S）发送给SeNB（30）。 UE（10）与MeNB（20）协商，并根据协商结果得出第二密钥（KUPenc-S）。

公开(公告)号：US20160269903A1

公开(公告)日：2016-09-15

申请号：US15033278

申请日：2014-08-27

Applicant: NEC CORPORATION

Inventor： Xiaowei ZHANG ,  Anand Raghawa PRASAD

IPC: H04W12/08 ,  H04W12/04

CPC classification number: H04W12/08 ,  H04L63/065 ,  H04W12/04 ,  H04W76/14

Abstract: In order for effectively ensuring security for direct communication in ProSe, a ProSe Function acquires from a 3rd party root keys for each of UEs to derive a pair of session keys for securely conducting direct communication with different UEs, and distributes the acquired root keys to each of the UEs. Each of the UEs derives the session keys by using one of the distributed root keys. Moreover, a plurality of UEs, which form a communication system, and are allowed to conduct direct communication with each other when the UEs are in proximity to each other, share public keys of the UEs therebetween through a node which supports the direct communication upon successfully registering the UEs with the node. Each of the UEs verifies at least a request for the direct communication by using one of the public keys.

Abstract translation: 为了有效地确保ProSe中直接通信的安全性，ProSe功能从每个UE的第三方根密钥获取导出一对会话密钥，用于安全地与不同的UE进行直接通信，并将获取的根密钥分配给每个 的UE。 每个UE通过使用分布式根密钥之一来导出会话密钥。 此外，形成通信系统并且当UE彼此接近时被允许彼此进行直接通信的多个UE通过成功地支持直接通信的节点共享其间的公共密钥 向所述节点注册所述UE。 每个UE通过使用其中一个公钥来至少验证直接通信的请求。

公开(公告)号：US20160226668A1

公开(公告)日：2016-08-04

申请号：US15021492

申请日：2014-08-04

Applicant: NEC CORPORATION

Inventor： Xiaowei ZHANG ,  Anand Raghawa PRASAD

IPC: H04L12/14 ,  H04W4/24 ,  H04B7/155 ,  H04W4/00

CPC classification number: H04L12/1403 ,  H04B7/155 ,  H04L12/1425 ,  H04L12/1432 ,  H04L12/1467 ,  H04M15/64 ,  H04M15/8214 ,  H04M15/8221 ,  H04W4/24 ,  H04W4/70

Abstract: In order for charging SDT and MTC device trigger over control plane, there is provided a network node (40) that relays messages over a control plane (T5 and Tsp) between an MTC device (10) and an SCS (50). The network node (40) counts the number of messages successfully relayed, and generates a CDR in accordance with the counted number. The messages are SDT messages delivered from the MTC device (10) to the SCS (50), SDT messages delivered from the SCS (50) to the MTC device (10), or MTC device trigger messages delivered from the SCS (50) to the MTC device (10). The network node (40) transfers the CDR to an OCF (31) or a CDF (32).

Abstract translation: 为了在控制平面上对SDT和MTC设备进行触发，提供了一种网络节点（40），其通过MTC设备（10）和SCS（50）之间的控制平面（T5和Tsp）来中继消息。 网络节点（40）对成功中继的消息数进行计数，并根据计数产生CDR。 消息是从MTC设备（10）传递到SCS（50）的SDT消息，从SCS（50）传送到MTC设备（10）的SDT消息，或者MTC设备触发从SCS（50）发送到 MTC设备（10）。 网络节点（40）将CDR传送到OCF（31）或CDF（32）。

公开(公告)号：US20220407846A1

公开(公告)日：2022-12-22

申请号：US17875613

申请日：2022-07-28

Applicant: NEC Corporation

Inventor： Xiaowei ZHANG ,  Anand Raghawa Prasad

IPC: H04L9/40 ,  H04W4/70 ,  H04W12/50

Abstract: In order to improve security upon distributing a group key, there is provided a gateway (20) to a core network for a group of MTC devices (10_1-10_n) communicating with the core network. The gateway (20) protects confidentiality and integrity of a group key, and distributes the protected group key to each of the MTC devices (10_1-10_n). The protection is performed by using: a key (Kgr) that is preliminarily shared between the gateway (20) and each of the MTC devices (10_1-10_n), and that is used for the gateway (20) to authenticate each of the MTC devices (10_1-10_n) as a member of the group; or a key (K_iwf) that is shared between an MTC-IWF (50) and each of the MTC devices (10_1-10_n), and that is used to derive temporary keys for securely conducting individual communication between the MTC-IWF (50) and each of the MTC devices (10_1-10_n).

公开(公告)号：US20220029975A1

公开(公告)日：2022-01-27

申请号：US17497383

申请日：2021-10-08

Applicant: NEC Corporation

Inventor： Xiaowei ZHANG ,  Anand Raghawa PRASAD

IPC: H04L29/06 ,  H04L9/08 ,  H04L9/32 ,  H04W12/02 ,  H04W76/14 ,  H04W12/03 ,  H04W12/104 ,  H04W12/106 ,  H04W12/108 ,  H04W12/0431

Abstract: A method of performing authentication and authorization in Proximity based Service (ProSe) communication by a requesting device which sends a request of a communication and a receiving device which receives the request from the requesting device, the method including deriving session keys Kpc and Kpi from an unique key Kp at the requesting and receiving devices, using the session keys Kpc and Kpi for ProSe communication setup and direct communication between the requesting and receiving devices, starting the direct communication with the requesting and receiving devices. The key Kpc is confidentiality key and the key Kpi is integrity protection key.