公开(公告)号：US20160315938A1

公开(公告)日：2016-10-27

申请号：US15105310

申请日：2014-12-18

Applicant: NEC Corporation

Inventor： Andreas KUNZ ,  Xiaowei ZHANG ,  Anand Raghawa PRASAD

IPC: H04L29/06

CPC classification number: H04L63/0892 ,  H04L63/0807 ,  H04L63/10 ,  H04L65/1016 ,  H04L65/1073 ,  H04L65/608 ,  H04L67/02 ,  H04L2463/141 ,  H04W12/06 ,  H04W12/12

Abstract: There is provided a solution as to how the authentication and thus the authorization of the webRTC IMS Client can be achieved in the IMS of the mobile network operator. The WIC (20) is using an ID to register with IMS, which may be an IMPU, an IMPI, gGRUU etc. The WIC (20) may be preconfigured by the WWSF (30) with the eP-CSCF (40) address and authentication information, but if not, then this information should be retrieved via the WWSF (30) or from the IMS directly or via other device management procedures e.g. OMA DM. It is further assumed that the subscriber has already a valid webRTC account/membership and this can be validated, authenticated and authorized by the WWSF (30).

Abstract translation: 提供了关于如何在移动网络运营商的IMS中实现webRTC IMS Client的认证以及授权的解决方案。 WIC（20）正在使用ID来注册IMS，IMS可以是IMPU，IMPI，gGRUU等.WIC（20）可以由具有eP-CSCF（40）地址的WWSF（30）预先配置， 认证信息，但是如果没有，那么该信息应该通过WWSF（30）或者从IMS直接或通过其他设备管理程序例如 OMA DM。 进一步假设用户已经有一个有效的webRTC账户/会员资格，这可以被WWSF验证，认证和授权（30）。

公开(公告)号：US20160149876A1

公开(公告)日：2016-05-26

申请号：US14899785

申请日：2014-06-13

Applicant: NEC CORPORATION

Inventor： Xiaowei ZHANG ,  Anand Raghawa PRASAD

IPC: H04L29/06

CPC classification number: H04L63/06 ,  H04L9/0833 ,  H04L9/088 ,  H04L9/3242 ,  H04L63/08 ,  H04L2209/80 ,  H04W4/80 ,  H04W12/02 ,  H04W12/10 ,  H04W76/10 ,  H04W76/14

Abstract: A method of performing authentication and authorization in Proximity based Service (ProSe) communication by a requesting device (31) which sends a request of a communication and a receiving device (32) which receives the request from the requesting device (31) and (32), the method including deriving session keys Kpc and Kpi from an unique key Kp at the requesting and receiving devices (31) and (32), using the session keys Kpc and Kpi for ProSe communication setup and direct communication between the requesting and receiving devices (31) and (32), starting the direct communication with the requesting and receiving devices (31) and (32). The key Kpc is confidentiality key and the key Kpi is integrity protection key.

Abstract translation: 一种通过发送通信请求的请求设备（31）和接收来自请求设备（31）和（32）的请求的接收设备（32）的请求设备（ProSe）通信中的认证和授权的方法， ），该方法包括使用用于ProSe通信建立的会话密钥Kpc和Kpi来在请求和接收设备（31）和（32）处从唯一密钥Kp导出会话密钥Kpc和Kpi，以及请求和接收设备之间的直接通信 （31）和（32），开始与请求和接收设备（31）和（32）的直接通信。 密钥Kpc是机密密钥，密钥Kpi是完整性保护密钥。

公开(公告)号：US20150358816A1

公开(公告)日：2015-12-10

申请号：US14760319

申请日：2013-12-04

Applicant: NEC CORPORATION

Inventor： Xiaowei ZHANG ,  Anand Raghawa PRASAD

IPC: H04W12/06 ,  H04L29/06

CPC classification number: H04W12/06 ,  H04L63/02 ,  H04L63/065 ,  H04L63/08 ,  H04L63/0869 ,  H04L63/0884 ,  H04L63/104 ,  H04W4/70 ,  H04W12/04

Abstract: Each of a group of MTC UEs (10—1 to 10_n) is configured with a first group key (Kgr) for a group GW (20) to authenticate each of the MTC UEs (10—1 to 10_n) as a member of the group. The group GW (20) is also configured with the first group key (Kgr) for authenticating each of the MTC UEs (10—1 to 10_n) as the member of the group. The group GW (20) can be configured with a second group key (Kgw) for an MME (30) to determine whether or not to allow the group GW (20) to broadcast a message to the MTC UEs (10—1 to 10_n).

Abstract translation: 一组MTC UE（10-1至10_n）中的每一个被配置有用于组GW（20）的第一组密钥（Kgr），以将每个MTC UE（10-1至10_n）认证为 组。 组GW（20）还配置有用于认证每个MTC UE（10-1至10_n）作为组的成员的第一组密钥（Kgr）。 组GW（20）可以配置有用于MME（30）的第二组密钥（Kgw），以确定是否允许组GW（20）向MTC UE（10-1至10_n）广播消息 ）。

公开(公告)号：US20150319172A1

公开(公告)日：2015-11-05

申请号：US14648798

申请日：2013-12-04

Applicant: NEC CORPORATION

Inventor： Xiaowei ZHANG ,  Anand Raghawa PRASAD

IPC: H04L29/06 ,  H04W12/06 ,  H04W12/04

CPC classification number: H04L63/0869 ,  H04L63/065 ,  H04W4/70 ,  H04W12/0052 ,  H04W12/02 ,  H04W12/04 ,  H04W12/06

Abstract: An SCS (60) sends out a trigger message for activating a group of MTC devices (10—1 to 10—n) through a network. An HSS (40) verifies whether or not to transfer the trigger message to the given MTC devices (10—1 to 10—n) based on subscription information of the group. A group GW (20) broadcasts the trigger message. Further, An MME (30) concatenates DL (downlink) messages addressed to the MTC devices (10—1 to 10—n). The group GW (20) distributes, to the MTC devices (10—1 to 10—n), the DL messages included in the concatenated message. Furthermore, the group GW (20) concatenates UL (uplink) messages received from the MTC devices (10—1 to 10—n). The MME (30) processes the UL messages included in the concatenated message.

Abstract translation: SCS（60）通过网络发送用于激活一组MTC设备（10-1至10-n）的触发消息。 HSS（40）基于组的订阅信息来验证是否将触发消息传送到给定的MTC设备（10-1至10-n）。 组GW（20）广播触发消息。 此外，MME（30）连接到寻址到MTC设备（10-1至10-n）的DL（下行链路）消息。 组GW（20）向MTC设备（10-1至10-n）分发包括在级联消息中的DL消息。 此外，组GW（20）连接从MTC设备（10-1至10-n）接收的UL（上行链路）消息。 MME（30）处理包括在级联消息中的UL消息。

公开(公告)号：US20220303741A1

公开(公告)日：2022-09-22

申请号：US17832762

申请日：2022-06-06

Applicant: NEC Corporation

Inventor： Xiaowei ZHANG ,  Anand Raghawa Prasad

IPC: H04W4/70 ,  H04W12/02 ,  H04W12/03 ,  H04W12/041 ,  H04W12/0431 ,  H04W12/0471

Abstract: A root key (K_iwf) is derived at a network and sent to MTC UE (10). The K_iwf is used for deriving subkeys for protecting communication between MTC UE (10) and MTC-IWF (20). In a case where HSS (30) derives the K_iwf, HSS (30) send to MTC-IWF (20) the K_iwf in a new message (Update Subscriber Information). In a case where MME (40) derives the K_iwf, MME (40) sends the K_iwf through HSS (30) or directly to MTC-IWF (20). MTC-IWF (20) can derive the K_iwf itself. The K_iwf is sent through MME (40) to MTC UE (10) by use of a NAS SMC or Attach Accept message, or sent from MTC-IWF (20) directly to MTC UE (10). In a case where the K_iwf is sent from MME (40), MME (40) receives the K_iwf from HSS (30) in an Authentication Data Response message, or from MTC-IWF (20) directly.

公开(公告)号：US20220159537A1

公开(公告)日：2022-05-19

申请号：US17587228

申请日：2022-01-28

Applicant: NEC Corporation

Inventor： Xiaowei ZHANG ,  Anand Raghawa PRASAD

IPC: H04W36/28 ,  H04W76/27 ,  H04W12/041 ,  H04W12/0433 ,  H04W28/08

Abstract: An SeNB (30) informs an MeNB (20) that it can configure bearers for the given UE (10). At this time, the MeNB (20) manages the DRB status, and then sends a key S-KeNB to the SeNB (30). The MeNB (20) also sends a KSI for the S-KeNB to both of the UE (10) and the SeNB (30). After this procedure, the MeNB (20) informs an EPC (MME (40) and S-GW (50)) about the new bearer configured at the SeNB (30), such that the S-GW 50 can start offloading the bearer(s) to the SeNB 30. Prior to the offloading, the EPC network entity (MME (40) or S-GW (50)) performs verification that: 1) whether the request is coming from authenticated source (MeNB); and 2) whether the SeNB (30) is a valid eNB to which the traffic can be offload.

公开(公告)号：US20220132379A1

公开(公告)日：2022-04-28

申请号：US17568779

申请日：2022-01-05

Applicant: NEC Corporation

Inventor： Xiaowei ZHANG ,  Anand Raghawa PRASAD

IPC: H04W36/00

Abstract: A UE (10) provides information on potential S′eNB(s). The information is forwarded from an MeNB (20_1) to an M′eNB (20_2) such that the M′eNB (20_2) can determine, before the handover happens, whether the M′eNB (20_2) will configure a new SeNB (S′eNB) and which S′eNB the M′eNB (20_2) will configure. In one of options, the MeNB (20_1) derives a key S′-KeNB for communication protection between the UE (10) and the S′eNB (30_1), and send the S′-KeNB to the M′eNB (20_2). In another option, the M′eNB (20_2) derives the S′-KeNB from a key KeNB* received from the MeNB (20_1). The M′eNB (20_2) sends the S′-KeNB to the S′eNB (30_1). Moreover, there are also provided several variations to perform SeNB Release, SeNB Addition, Bearer Modification and the like, in which the order and/or timing thereof can be different during the handover procedure.

公开(公告)号：US20220060890A1

公开(公告)日：2022-02-24

申请号：US17515631

申请日：2021-11-01

Applicant: NEC Corporation

Inventor： Xiaowei ZHANG ,  Anand Raghawa Prasad

IPC: H04W12/04 ,  H04W12/0431 ,  H04W12/08

Abstract: In order for supporting separate ciphering at an MeNB (20) and an SeNB (30), the MeNB (20) derives separate first and second keys (KUPenc-M, KUPenc-S) from a third key (KeNB). The first key (KUPenc-M) is used for confidentially protecting first traffic transmitted over U-Plane between the MeNB (20) and a UE (10). The first key (KUPenc-M) may be the same as current KUPenc or a new key. The second key (KUPenc-S) is used for confidentially protecting second traffic transmitted over the U-Plane between the UE (10) and the SeNB (30). The MeNB (20) sends the second key (KUPenc-S) to the SeNB (30). The UE (10) negotiates with the MeNB (20), and derives the second key (KUPenc-S) based on a result of the negotiation.

公开(公告)号：US20210258837A1

公开(公告)日：2021-08-19

申请号：US17306125

申请日：2021-05-03

Applicant: NEC Corporation

Inventor： Xiaowei ZHANG ,  Anand Raghawa PRASAD

IPC: H04W36/00 ,  H04W8/30 ,  H04W8/12 ,  H04W12/041 ,  H04W12/06 ,  H04W36/22

Abstract: There is provided a network system including one or more first MMEs (30), and a second MME (40) separated from the first MMEs (30). In one of operation cases, the first MME (30) pushes, to the second MME (40), security context for a UE (10) that attaches to the first MME (30). The second MME (40) stores the security context. The first MME (30) further pushes the latest security context to the second MME (40), during a switch-off procedure for the first MME (30). The second MME (40) updates the stored security context with the latest security context. The first MME (30) pulls the security context from the second MME (40), when the UE (10) re-attaches to the first MME (30) or is handovered from different one of the first MMEs (30).

公开(公告)号：US20210076168A1

公开(公告)日：2021-03-11

申请号：US17101630

申请日：2020-11-23

Applicant: NEC Corporation

Inventor： Xiaowei ZHANG ,  Anand Raghawa PRASAD

IPC: H04W4/08 ,  H04W12/08 ,  H04W4/70 ,  H04L29/06 ,  H04L29/08

Abstract: A network node (21), which is placed within a core network, receives a message from a transmission source (30) placed outside the core network. The message includes an indicator indicating whether or not the message is addressed to a group of one or more MTC devices attached to the core network. The network node (21) determines to authorize the transmission source (30), when the indicator indicates that the message is addressed to the group. Further, the message includes an ID for identifying whether or not the message is addressed to the group. The MTC device determines to discard the message, when the ID does not coincide with an ID allocated for the MTC device itself. Furthermore, the MTC device communicates with the transmission source (30) by use of a pair of group keys shared therewith.