公开(公告)号：US10462656B2

公开(公告)日：2019-10-29

申请号：US15787575

申请日：2017-10-18

Applicant: QUALCOMM Incorporated

Inventor： Soo Bum Lee ,  Adrian Edward Escott ,  Gavin Bernard Horn ,  Anand Palanigounder

IPC: H04W12/04 ,  H04W36/00 ,  H04W12/02

Abstract: A device that identifies entry into a new service area, transmits a service area update request to a network device associated with a network, receives a control plane message from the network indicating control plane device relocation or a key refresh due to a service area change in response to transmitting the service area update request, and derives a first key based in part on data included in the control plane message and a second key shared between the device and a key management device. Another device that receives a handover command from a network device associated with a network, the handover command indicating a new service area, derives a first key based on data included in the handover command and on a second key shared between the device and a key management device, and sends a handover confirmation message that is secured based on the first key.

公开(公告)号：US10455414B2

公开(公告)日：2019-10-22

申请号：US14923223

申请日：2015-10-26

Applicant: QUALCOMM Incorporated

Inventor： Soo Bum Lee ,  Gavin Bernard Horn ,  Anand Palanigounder

IPC: H04W12/04 ,  H04L9/32 ,  H04L29/06 ,  H04W12/06 ,  H04W12/00 ,  H04W88/02

Abstract: Securing user-plane data traffic between a device and a packet data network gateway (P-GW) may be accomplished at the device (e.g., chip component, client device) by obtaining, at the device, a first shared key, and obtaining, at the device, a second shared key based on the first shared key. The second shared key may be for securing user-plane data traffic during transit between the device and the P-GW. The second shared key is shared by the device and the P-GW. The data traffic may be secured based on the second shared key to produce first secured data traffic. The first secured data traffic may be sent to the P-GW via an access node. The P-GW and the access node are distinct network entities. The second shared key is unknown to the access node. The P-GW obtains the second shared key from a network entity that is distinct from the device.

公开(公告)号：US10433174B2

公开(公告)日：2019-10-01

申请号：US15913771

申请日：2018-03-06

Applicant: QUALCOMM Incorporated

Inventor： Soo Bum Lee ,  Stefano Faccin ,  Anand Palanigounder ,  Miguel Griot ,  Adrian Edward Escott

IPC: H04W12/08 ,  H04W12/04 ,  H04W12/02 ,  H04L9/32 ,  H04W12/06 ,  H04L29/06

Abstract: The present disclosure provides techniques that may be applied, for example, in a multi-slice network for maintaining privacy when attempting to access the network. An exemplary method generally includes transmitting a registration request message to a serving network to register with the serving network; receiving a first confirmation message indicating a secure connection with the serving network has been established; transmitting, after receiving the first confirmation message, a secure message to the serving network comprising an indication of at least one configured network slice that the UE wants to communicate over, wherein the at least one configured network slice is associated with a privacy flag that is set; and receiving a second confirmation message from the serving network indicating that the UE is permitted to communicate over the at least one configured network slice.

公开(公告)号：US10433163B2

公开(公告)日：2019-10-01

申请号：US15489670

申请日：2017-04-17

Applicant: QUALCOMM Incorporated

Inventor： Soo Bum Lee ,  Anand Palanigounder ,  Adrian Edward Escott

IPC: H04W12/04 ,  H04W12/06 ,  H04L29/06

Abstract: Techniques are described for wireless communication. A method for wireless communication at a user equipment (UE) includes performing an extensible authentication protocol (EAP) procedure with an authentication server via an authenticator. The EAP procedure is based at least in part on a set of authentication credentials exchanged between the UE and the authentication server. The method also includes deriving, as part of performing the EAP procedure, a master session key (MSK) and an extended master session key (EMSK) that are based at least in part on the authentication credentials and a first set of parameters; determining a network type associated with the authenticator; and performing, based at least in part on the determined network type, at least one authentication procedure with the authenticator. The at least one authentication procedure is based on an association of the MSK or the EMSK with the determined network type.

公开(公告)号：US10412013B2

公开(公告)日：2019-09-10

申请号：US15993452

申请日：2018-05-30

Applicant: QUALCOMM Incorporated

Inventor： Gerardo Giaretta ,  Sivaramakrishna Veerepalli ,  Kalle Ilmari Ahmavaara ,  Roozbeh Atarius ,  John Wallace Nasielski ,  Anand Palanigounder

IPC: H04L12/851 ,  H04L12/26 ,  H04L29/08 ,  H04L12/24 ,  G06F11/34

Abstract: Systems, devices, and methods for reporting information in real time about traffic generated by each application for a device are described. In one aspect, the network can configure a list of applications user equipment (UE) devices need to report traffic information for and then when one of these applications starts a communication, the UE may send traffic descriptor(s) describing the traffic generated by the application. In this way the network can accurately identify the traffic and take actions based on UE report and local policy or subscription.

公开(公告)号：US10321309B2

公开(公告)日：2019-06-11

申请号：US15913823

申请日：2018-03-06

Applicant: QUALCOMM Incorporated

Inventor： Soo Bum Lee ,  Gavin Bernard Horn ,  Anand Palanigounder

IPC: H04W12/04 ,  H04W12/06

Abstract: One feature pertains to a method operational at a device. The method includes performing key agreement with a core network device, and generating an authentication session key based in part on a secret key shared with a home subscriber server (HSS), where the authentication session key is known to the core network device. The method further includes generating a mobility session key based in part on the authentication session key, where the mobility session key is known to a mobility management entity (MME) served by the core network device and serving the device. The method also includes cryptographically securing data sent from the device to a wireless communication network using the mobility session key.

公开(公告)号：US20190037454A1

公开(公告)日：2019-01-31

申请号：US16035239

申请日：2018-07-13

Applicant: QUALCOMM Incorporated

Inventor： Soo Bum Lee ,  Adrian Edward Escott ,  Anand Palanigounder

IPC: H04W36/00 ,  H04W36/32 ,  H04W12/04 ,  H04W12/06 ,  H04L29/06

Abstract: Methods, systems, and devices for wireless communication are described that support security key derivation for handover. A network entity (e.g., an access and mobility function (AMF)) may establish an access stratum (AS) key to ensure secure communications between a user equipment (UE) and a base station. If the UE relocates to a new network entity (e.g., target network entity), the initial network entity (e.g., source network entity) may perform a handover procedure to the target network entity. In some aspects, the network entities may derive a unified AS key for the handover procedure. Additionally, the network entities may utilize one or more intermediate keys (e.g., refreshed intermediate keys) derived from, in part, respective freshness parameters for the handover procedure. The target network entity may then utilize the derived intermediate keys to derive the AS key for the handover procedure and establish communications with the UE.

公开(公告)号：US10129235B2

公开(公告)日：2018-11-13

申请号：US15093537

申请日：2016-04-07

Applicant: QUALCOMM Incorporated

Inventor： Soo Bum Lee ,  Anand Palanigounder

IPC: H04L29/06 ,  H04L9/08 ,  H04W12/04 ,  H04W12/06 ,  H04L9/00

Abstract: A method is provided for facilitating service-specific security while avoiding a full authentication and key agreement exchange each time a service is activated on a device. Multiple services on a single device and sharing the same session link (e.g., radio link or radio bearer) and the same physical network may nonetheless obtain distinct service-specific network connectivity root keys from which service-specific security/session keys may be derived. In such case, instead of performing a full authentication and key agreement exchange with an operator or provider (e.g., home subscription server or HSS), the device may authenticate a network slice using a security credential established during a prior authentication with another network slice.

公开(公告)号：US10104544B2

公开(公告)日：2018-10-16

申请号：US15280836

申请日：2016-09-29

Applicant: QUALCOMM Incorporated

Inventor： Philip Hawkes ,  Anand Palanigounder ,  Rajat Prakash ,  Miguel Griot ,  Manu Sharma

IPC: H04W12/06 ,  H04L29/06 ,  H04W12/04 ,  H04W88/02

Abstract: Various features pertain to the authentication of mobile devices or other User Equipment. In some aspects, a Retail-based Neutral Host LTE is provided for use with Long Term Evolution (LTE) networks that, among other features, provides a WiFi Alliance HotSpot 2.0 (HS2.0) user experience using LTE technology for non-mobile network operator (non-MNO) Service Providers (SPs), while maintaining high security assurances as with LTE. That is, in some examples, Retail Neutral Host-LTE is configured to provide the same or similar security assurances as with MNO-based LTE. Moreover, retail Neutral Host-LTE offers options for provisioning credentials and authentication with the AAA that are analogous to the options for HS2.0, that is: username/password, SP-issued certificate, and pre-configured mobile device certificate. This is achieved, at least in part, while providing or ensuring that Retail Neutral Host-LTE security provides similar security assurances to MNO-based LTE.

公开(公告)号：US20180227302A1

公开(公告)日：2018-08-09

申请号：US15783260

申请日：2017-10-13

Applicant: QUALCOMM Incorporated

Inventor： Soo Bum Lee ,  Adrian Edward Escott ,  Anand Palanigounder

IPC: H04L29/06 ,  H04W48/02 ,  H04L9/08

CPC classification number: H04L63/10 ,  H04L9/083 ,  H04L9/0861 ,  H04L9/3234 ,  H04L9/3273 ,  H04L63/06 ,  H04L63/062 ,  H04L63/0861 ,  H04L63/0892 ,  H04L63/102 ,  H04L63/162 ,  H04L2209/80 ,  H04W12/04 ,  H04W12/0401 ,  H04W12/06 ,  H04W12/08 ,  H04W48/02 ,  H04W84/042

Abstract: Techniques are described that provide a session management authorization token by receiving a session request message to establish a protocol data unit (PDU) session for a logical data network associated with a user equipment (UE), the session request message may include one or more session parameters; verifying that the UE is authorized to establish the PDU session for the logical data network; receiving a key associated with the PDU session; generating an authorization token based on the received key and the session parameters; and transmitting a session response message including the generated authorization token to the UE.