公开(公告)号：US09998449B2

公开(公告)日：2018-06-12

申请号：US14675676

申请日：2015-03-31

Applicant: QUALCOMM Incorporated

Inventor： Soo Bum Lee ,  Gavin Horn ,  Anand Palanigounder

IPC: H04L29/06 ,  H04W12/04 ,  H04W12/06 ,  H04W76/04 ,  H04W88/02 ,  H04W12/12

CPC classification number: H04L63/0823 ,  H04L63/06 ,  H04L63/0853 ,  H04L63/0869 ,  H04W12/04 ,  H04W12/06 ,  H04W12/12 ,  H04W76/27 ,  H04W88/02

Abstract: A method, an apparatus, and a computer program product for wireless communication are provided. A method includes transmitting a request to a serving network with a nonce and a signature request directed to a network function of the serving network, receiving a response to the request from the serving network, and authenticating the serving network based on the signature of the network function. The nonce may provide replay protection. The response may include a signature of the network function. The request sent to the serving network may include a radio resource control (RRC) message or a tracking area update (TAU) request. The serving network may be authenticated using a trusted third party to verify a certificate associated with the serving network.

公开(公告)号：US20180063707A1

公开(公告)日：2018-03-01

申请号：US15787575

申请日：2017-10-18

Applicant: QUALCOMM Incorporated

Inventor： Soo Bum Lee ,  Adrian Edward Escott ,  Gavin Bernard Horn ,  Anand Palanigounder

IPC: H04W12/04 ,  H04W36/00

Abstract: A device that identifies entry into a new service area, transmits a service area update request to a network device associated with a network, receives a control plane message from the network indicating control plane device relocation or a key refresh due to a service area change in response, to transmitting the service area update request, and derives a first key based in part on data included in the control plane message and a second key shared between the device and a key management device. Another device that receives a handover command from a network device associated with a network, the handover command indicating a new service area, derives a first key based on data included in the handover command and on a second key shared between the device and a key management device, and sends a handover confirmation message that is secured based on the first key.

公开(公告)号：US20180020351A1

公开(公告)日：2018-01-18

申请号：US15449079

申请日：2017-03-03

Applicant: QUALCOMM Incorporated

Inventor： Soo Bum Lee ,  Anand Palanigounder ,  Adrian Edward Escott

IPC: H04W12/06 ,  H04L29/12 ,  H04L9/14 ,  H04L9/08 ,  H04W12/02 ,  H04L29/06

Abstract: Methods, systems, and devices for wireless communication are described. A user equipment (UE) may perform authentication procedures using an alternative identity (e.g., a privacy mobile subscriber identity (PMSI)) instead of an international mobile subscriber identity (IMSI) to protect the privacy of the user. If the UE does not have a PMSI, it may include a request for a PMSI initialization in an attach request. In some cases, the PMSI may be used once, and a new PMSI may be generated for the next attachment procedure. In some cases, a universal subscriber identity module (USIM) of the UE may not support storage of a PMSI. So a privacy module of the UE may communicate with the USIM according to the USIM's capabilities and may maintain a PMSI separately for communication with the network.

公开(公告)号：US20170325094A1

公开(公告)日：2017-11-09

申请号：US15345077

申请日：2016-11-07

Applicant: QUALCOMM Incorporated

Inventor： Soo Bum Lee ,  Lenaig Genevieve Chaponniere ,  Anand Palanigounder ,  Adrian Edward Escott ,  Gavin Bernard Horn

IPC: H04W12/08 ,  H04W12/06 ,  H04W12/04

CPC classification number: H04W12/08 ,  H04L63/0823 ,  H04L63/166 ,  H04W12/0017 ,  H04W12/04 ,  H04W12/06 ,  H04W12/0602

Abstract: Techniques are described for wireless communication. A method of wireless communication at a wireless communication device includes generating a secured query message based at least in part on a security credential of the wireless communication device, where the secured query message is generated prior to performing an authentication and key agreement (AKA) with a network; transmitting the secured query message to the network; receiving a response to the secured query message; and determining whether to perform the AKA with the network based at least in part on the received response.

公开(公告)号：US20170318463A1

公开(公告)日：2017-11-02

申请号：US15286002

申请日：2016-10-05

Applicant: QUALCOMM Incorporated

Inventor： Soo Bum Lee ,  Anand Palanigounder ,  Adrian Edward Escott

IPC: H04W12/06 ,  H04W48/02 ,  H04L29/06 ,  H04L9/08 ,  H04W12/04 ,  H04W60/00 ,  H04W12/10

CPC classification number: H04W12/06 ,  H04L9/0838 ,  H04L63/0428 ,  H04L63/0869 ,  H04L2209/80 ,  H04W8/24 ,  H04W12/02 ,  H04W12/04 ,  H04W12/10 ,  H04W36/0038 ,  H04W48/02 ,  H04W60/00

Abstract: A user equipment (UE) may be configured to transmit a registration message to a network to establish a secure connection for non-access stratum (NAS) messages between the network and a UE, the secure connection based at least in part on a UE identifier and security capabilities of the UE included in the registration message. The UE may then exchange NAS methods with the network over the secure connection. The UE may also establish, in response to the registration message, an authentication protocol with the network and encrypt subsequent NAS messages based in part on the authentication protocol.

公开(公告)号：US09717004B2

公开(公告)日：2017-07-25

申请号：US14829432

申请日：2015-08-18

Applicant: QUALCOMM Incorporated

Inventor： Soo Bum Lee ,  Anand Palanigounder ,  Gavin Bernard Horn

IPC: H04L29/00 ,  H04W12/06 ,  H04L29/08 ,  H04L29/06 ,  H04W76/02 ,  H04W4/20 ,  H04W60/00

CPC classification number: H04W12/06 ,  H04L63/126 ,  H04L67/16 ,  H04W4/20 ,  H04W60/00 ,  H04W76/11

Abstract: At least one feature pertains to a method operational at a user device. The method includes receiving and storing a shared key from an application service provider, and determining that a wireless communication network provides application-specific access to an application service provided by the application service provider. The method further includes transmitting a registration request that includes a device identifier and an application identifier associated with the application service to the wireless communication network. The registration request is transmitted to the application service provider using a data connection through a packet data network. The method further includes receiving authentication information derived at the application service provider that is based on the shared key, and performing authentication and key agreement with the network based on the authentication information and the stored shared key. The user device may then communicate with the application service after authentication and key agreement is successfully performed.

公开(公告)号：US20170111755A1

公开(公告)日：2017-04-20

申请号：US15337071

申请日：2016-10-28

Applicant: QUALCOMM Incorporated

Inventor： GEORGE CHERIAN ,  Jun Wang ,  Anand Palanigounder ,  John Nasielski

IPC: H04W4/00 ,  H04W76/02

CPC classification number: H04W4/70 ,  H04L45/00 ,  H04W76/11

Abstract: Systems and methods for control and triggering of machine to machine (M2M) devices (e.g., smart meters). More specifically how to allow an M2M service provider (e.g., utility company) to use an operator's network to communicate with the M2M device connected with a UE/GW associated with the operator's network. The M2M service provider may receive identification of the UE/GW, but not for the M2M device. By transmitting an identifier for the M2M device along with an identifier for the UE/GW, the network operator may define establish and maintain a communication path specific to M2M devices. Similar techniques may be incorporated to allow the M2M service provider to locate and trigger the M2M device.

公开(公告)号：US09491618B2

公开(公告)日：2016-11-08

申请号：US14674763

申请日：2015-03-31

Applicant: QUALCOMM Incorporated

Inventor： Soo Bum Lee ,  Anand Palanigounder ,  Gavin Horn

IPC: H04W12/04 ,  H04L9/08

CPC classification number: H04W12/04 ,  H04L9/0822 ,  H04L9/0825 ,  H04L9/3247 ,  H04L9/3271 ,  H04L63/0892 ,  H04L2209/80 ,  H04L2463/062 ,  H04W12/06

Abstract: A method, an apparatus, and a computer program product for wireless communication are provided. The method may include establishing a connection with a serving network, transmitting an encrypted authentication credential that includes a randomly selected key encryption key (KEK) and a serving network identifier to the serving network, receiving authentication information and a signature from the serving network, and authenticating the serving network by verifying the signature based on the KEK. The encrypted authentication credential may be operative to identify the serving network. The signature may be generated using the KEK.

Abstract translation: 提供了一种用于无线通信的方法，装置和计算机程序产品。 该方法可以包括建立与服务网络的连接，向服务网络发送包括随机选择的密钥加密密钥（KEK）和服务网络标识符的加密认证凭证，从服务网络接收认证信息和签名，以及 通过验证基于KEK的签名来认证服务网络。 加密的认证证书可以用于识别服务网络。 签名可以使用KEK生成。

公开(公告)号：US20160262015A1

公开(公告)日：2016-09-08

申请号：US14808862

申请日：2015-07-24

Applicant: QUALCOMM Incorporated

Inventor： Soo Bum Lee ,  Anand Palanigounder ,  Adrian Edward Escott ,  Gavin Bernard Horn

IPC: H04W12/02 ,  H04L29/12 ,  H04W12/04 ,  H04W12/06

CPC classification number: H04W12/02 ,  H04L61/6054 ,  H04W8/04 ,  H04W8/183 ,  H04W12/04 ,  H04W12/06

Abstract: Systems and techniques are disclosed to protect a user equipment's international mobile subscriber identity by providing a privacy mobile subscriber identity instead. In an attach attempt to a serving network, the UE provides the PMSI instead of IMSI, protecting the IMSI from exposure. The PMSI is determined between a home network server and the UE so that intermediate node elements in the serving network do not have knowledge of the relationship between the PMSI and the IMSI. Upon receipt of the PMSI in the attach request, the server generates a next PMSI to be used in a subsequent attach request and sends the next PMSI to the UE for confirmation. The UE confirms the next PMSI to synchronize between the UE and server and sends an acknowledgment token to the server. The UE and the server then each update local copies of the current and next PMSI values.

Abstract translation: 公开了通过提供隐私移动用户身份来保护用户设备的国际移动用户身份的系统和技术。 在对服务网络的附着尝试中，UE提供PMSI而不是IMSI，保护IMSI免受暴露。 在家庭网络服务器和UE之间确定PMSI，使得服务网络中的中间节点元素不知道PMSI和IMSI之间的关系。 在附件请求中接收到PMSI后，服务器生成下一个PMSI以便在随后的附加请求中使用，并将下一个PMSI发送给UE进行确认。 UE确认下一个PMSI以在UE和服务器之间同步，并向服务器发送确认令牌。 然后，UE和服务器每个更新当前和下一个PMSI值的本地副本。

公开(公告)号：US09363736B2

公开(公告)日：2016-06-07

申请号：US14528848

申请日：2014-10-30

Applicant: QUALCOMM Incorporated

Inventor： Miguel Griot ,  Gavin Bernard Horn ,  Anand Palanigounder ,  Kalle Ilmari Ahmavaara

IPC: H04M1/66 ,  H04M1/68 ,  H04M3/16 ,  H04W48/08 ,  H04W12/08 ,  H04W74/08 ,  H04L29/06 ,  H04W12/04 ,  H04W4/00

CPC classification number: H04W48/08 ,  H04L63/10 ,  H04L63/162 ,  H04L63/205 ,  H04W4/50 ,  H04W12/04 ,  H04W12/08 ,  H04W74/08 ,  H04W84/12

Abstract: A method, an apparatus, and a computer program product for wireless communication in which provisioning of credentials for network deployments are provided. As such, the method, apparatus, and computer program product may provision a user equipment (UE) even though the UE does not have any valid security credentials, so as to provide access to a network (e.g., a network using a contention based frequency band such as a Long Term Evolution (LTE) Advanced network in the contention based radio frequency band). Accordingly, in some aspects, the present method, apparatus, and computer program product may enable the UE to perform a provisioning procedure with one or more network entities to obtain one or more security credential parameters.

Abstract translation: 一种用于无线通信的方法，装置和计算机程序产品，其中提供用于网络部署的凭证的提供。 因此，即使UE没有任何有效的安全凭证，方法，装置和计算机程序产品也可以提供用户设备（UE），以便提供对网络的访问（例如，使用基于竞争的频率的网络 例如基于竞争的无线电频带中的长期演进（LTE）高级网络）。 因此，在一些方面，本方法，装置和计算机程序产品可以使UE能够与一个或多个网络实体执行供应过程以获得一个或多个安全凭证参数。