公开(公告)号：US11937079B2

公开(公告)日：2024-03-19

申请号：US16650997

申请日：2018-09-27

Applicant: NEC Corporation

Inventor： Hironori Ito ,  Sivakamy Lakshminarayanan ,  Anand Raghawa Prasad ,  Sivabalan Arumugam ,  Sheeba Backia Mary Baskaran

IPC: H04W12/041 ,  H04L9/40 ,  H04W12/06

CPC classification number: H04W12/041 ,  H04L63/18 ,  H04W12/06

Abstract: A communication terminal capable of preventing a reduction in security level that is caused at the time of establishing multiple connections via 3GPP Access and Non-3GPP Access. A communication terminal according to the present disclosure includes: a communication unit configured to communicate with gateway devices disposed in a preceding stage of a core network device via an Untrusted Non-3GPP Access; and a key derivation unit configured to derive a second security key used for security processing of a message transmitted using a defined protocol with the gateway device, from a first security key used for security processing of a message transmitted using a defined protocol with the core network device.

公开(公告)号：US11910232B2

公开(公告)日：2024-02-20

申请号：US17542658

申请日：2021-12-06

Applicant: NEC Corporation

Inventor： Sander De Kievit ,  Hironori Ito ,  Anand Raghawa Prasad ,  Takahito Yoshizawa

IPC: H04W4/00 ,  H04W28/04 ,  H04L1/20 ,  H04W8/24 ,  H04W12/10

CPC classification number: H04W28/04 ,  H04L1/203 ,  H04W8/24 ,  H04W12/10

Abstract: This invention introduces methods and mechanisms of partial integrity protection in mobile systems. A user equipment (UE), comprising: a memory configured to store instructions; and a processor configured to execute the instructions to: receive, from a network device, user plane data having integrity protection; send an error indication indicating an integrity protection error relating to the user plane data; and receive retransmitted user plane data from the network device with a reduced data rate, based on the error indication.

公开(公告)号：US11902776B2

公开(公告)日：2024-02-13

申请号：US18078174

申请日：2022-12-09

Applicant: NEC Corporation

Inventor： Sheeba Backia Mary Baskaran ,  Anand Raghawa Prasad ,  Sivabalan Arumugam ,  Sivakamy Lakshminarayanan ,  Hironori Ito ,  Andreas Kunz

IPC: H04W12/0431 ,  G06F7/58 ,  H04L9/32 ,  H04L12/04 ,  H04L12/06 ,  H04W12/041 ,  H04W12/062

CPC classification number: H04W12/0431 ,  G06F7/582 ,  H04L9/32 ,  H04L12/04 ,  H04L12/06 ,  H04W12/041 ,  H04W12/062 ,  H04L2463/081

Abstract: Provided is an authentication device capable of generating a master key suited to a UE in a 5GS. The authentication device (10) includes a communication unit (11) configured to, in registration processing of user equipment (UE), acquire UE key derivation function (KDF) capabilities indicating a pseudo random function supported by the UE, a selection unit (12) configured to select a pseudo random function used for generation of a master key related to the UE by use of the UE KDF capabilities, and a key generation unit (13) configured to generate a master key related to the UE by use of the selected pseudo random function.

公开(公告)号：US11863425B2

公开(公告)日：2024-01-02

申请号：US17546216

申请日：2021-12-09

Applicant: NEC Corporation

Inventor： Xiaowei Zhang ,  Anand Raghawa Prasad

IPC: H04W4/70 ,  H04L45/125 ,  H04W28/02 ,  H04W40/02 ,  H04W52/02 ,  H04W88/16

CPC classification number: H04L45/125 ,  H04W4/70 ,  H04W28/0289 ,  H04W40/02 ,  H04W52/0209 ,  H04W88/16 ,  Y02D30/70

Abstract: A network node (21), which is placed within a core network, stores a list of network elements (24) capable of forwarding a trigger message to a MTC device (10). The network node (21) receives the trigger message from a transmission source (30, 40) placed outside the core network, and then selects, based on the list, one of the network elements to forward the trigger message to the MTC device (10). The MTC device (10) validates the received trigger message, and then transmits, when the trigger message is not validated, to the network node (21) a reject message indicating that the trigger message is not accepted by the MTC device (10). Upon receiving the reject message, the network node (21) forwards the trigger message through a different one of the network elements, or forwards the reject message to transmission source (30, 40) to send the trigger message through user plane.

公开(公告)号：US20230328601A1

公开(公告)日：2023-10-12

申请号：US18204770

申请日：2023-06-01

Applicant: NEC Corporation

Inventor： Xiaowei ZHANG ,  Anand Raghawa Prasad

IPC: H04W36/00

CPC classification number: H04W36/0069 ,  H04W36/0038 ,  H04W36/0058 ,  H04W88/06

Abstract: A UE (10) provides information on potential S′eNB(s). The information is forwarded from an MeNB (20_1) to an M′eNB (20_2) such that the M′eNB (20_2) can determine, before the handover happens, whether the M′eNB (20_2) will configure a new SeNB (S′eNB) and which S′eNB the M′eNB (20_2) will configure. In one of options, the MeNB (20_1) derives a key S′-KeNB for communication protection between the UE (10) and the S′eNB (30_1), and send the S′-KeNB to the M′eNB (20_2). In another option, the M′eNB (20_2) derives the S′-KeNB from a key KeNB* received from the MeNB (20_1). The M′eNB (20_2) sends the S′-KeNB to the S′eNB (30_1). Moreover, there are also provided several variations to perform SeNB Release, SeNB Addition, Bearer Modification and the like, in which the order and/or timing thereof can be different during the handover procedure.

公开(公告)号：US11284322B2

公开(公告)日：2022-03-22

申请号：US16413643

申请日：2019-05-16

Applicant: NEC CORPORATION

Inventor： Xiaowei Zhang ,  Anand Raghawa Prasad

IPC: H04W36/28 ,  H04W76/27 ,  H04W12/041 ,  H04W12/0433 ,  H04W28/08 ,  H04W36/00 ,  H04W12/122 ,  H04W88/08 ,  H04W92/20

Abstract: An SeNB informs an MeNB that it can configure bearers for the given UE. At this time, the MeNB manages the DRB status, and then sends a key S-KeNB to the SeNB. The MeNB also sends a KSI for the S-KeNB to both of the UE and the SeNB. After this procedure, the MeNB informs an EPC (MME and S-GW) about the new bearer configured at the SeNB, such that the S-GW 50 can start offloading the bearer(s) to the SeNB 30. Prior to the offloading, the EPC network entity (MME or S-GW) performs verification that: 1) whether the request is coming from authenticated source (MeNB); and 2) whether the SeNB is a valid eNB to which the traffic can be offload.

公开(公告)号：US11258766B2

公开(公告)日：2022-02-22

申请号：US16484007

申请日：2018-02-06

Applicant: NEC CORPORATION

Inventor： Pradheepkumar Singaravelu ,  Anand Raghawa Prasad ,  Sivabalan Arumugam ,  Hironori Ito

IPC: H04L29/06 ,  G06F21/33 ,  H04L9/08 ,  H04L9/32 ,  H04L12/24

Abstract: A VNF package signing system, comprises an orchestration unit sending an acknowledge of receiving a VNF package including the VNF image, in response to the receiving the VNF package from a sender, a storage unit storing the VNF package and generating a certificate for the VNF package using a private key for at least generating a certificate for signing the VNF package and a HISEE (Hardware Isolated Secured Execution Environment) unit providing the private key in response to the request from the storage unit. The orchestration unit sends the acknowledge of receiving a VNF package when the storage unit successes generating the certificate of the VNF package.

公开(公告)号：US11246085B2

公开(公告)日：2022-02-08

申请号：US16481275

申请日：2018-01-26

Applicant: NEC Corporation

Inventor： Anand Raghawa Prasad ,  Sivakamy Lakshminarayanan ,  Sivabalan Arumugam ,  Hironori Ito ,  Andreas Kunz

IPC: H04W48/16 ,  H04W36/14 ,  H04W36/32 ,  H04W8/20

Abstract: An object is to provide a communication terminal capable of using a newly-generated network slice or service. A communication terminal (10) according to the present disclosure includes a communication unit (11) configured to receive a parameter related to SM-NSSAI (Session Management-Network Slice Selection Assistance Information) from a core network when subscriber information of the communication terminal itself managed in the core network or a location of the communication terminal itself is changed, and a control unit (12) configured to update NSSAI by using the parameter related to the SM-NSSAI, the NSSAI being managed to select a network slice.

公开(公告)号：US11032747B2

公开(公告)日：2021-06-08

申请号：US16985763

申请日：2020-08-05

Applicant: NEC Corporation

Inventor： Xiaowei Zhang ,  Anand Raghawa Prasad

IPC: H04W36/00 ,  H04W8/30 ,  H04W8/12 ,  H04W12/04 ,  H04W12/06 ,  H04W36/22 ,  H04L29/06 ,  H04W12/041

Abstract: There is provided a network system including one or more first MMEs (30), and a second MME (40) separated from the first MMEs (30). In one of operation cases, the first MME (30) pushes, to the second MME (40), security context for a UE (10) that attaches to the first MME (30). The second MME (40) stores the security context. The first MME (30) further pushes the latest security context to the second MME (40), during a switch-off procedure for the first MME (30). The second MME (40) updates the stored security context with the latest security context. The first MME (30) pulls the security context from the second MME (40), when the UE (10) re-attaches to the first MME (30) or is handovered from different one of the first MMEs (30).

公开(公告)号：US11019495B2

公开(公告)日：2021-05-25

申请号：US16494600

申请日：2018-03-16

Applicant: NEC Corporation

Inventor： Hironori Ito ,  Anand Raghawa Prasad ,  Andreas Kunz ,  Sivabalan Arumugam ,  Sivakamy Lakshminarayanan ,  Sheeba Backia Mary Baskaran

IPC: H04M3/42 ,  H04W12/106 ,  H04W12/037 ,  H04W12/041 ,  H04W12/08 ,  H04W36/14 ,  H04W48/18

Abstract: A communication terminal (10) according to the present disclosure includes: a control unit (12) configured to, in a case of a movement from a communication area formed by the 5GS to a communication area formed by the EPS or a movement from a communication area formed by the EPS to a communication area formed by the 5GS, determine whether or not a communication system forming a communication area at a movement destination can satisfy requirements of services; and a communication unit (11) configured to, when it is determined that the communication system forming the communication area at the movement destination can satisfy the requirements of the services, send a connection request message to the communication system forming the communication area at the movement destination.