公开(公告)号：US10313878B2

公开(公告)日：2019-06-04

申请号：US15485976

申请日：2017-04-12

Applicant: QUALCOMM Incorporated

Inventor： Soo Bum Lee ,  Adrian Edward Escott ,  Lenaig Genevieve Chaponniere

IPC: H04L9/08 ,  H04W8/26 ,  H04L29/06 ,  H04W12/04 ,  H04W12/06 ,  H04W12/10 ,  H04W76/25 ,  H04W60/04

Abstract: Methods, systems, and devices for wireless communication are described. A user equipment (UE) may determine that a security context with a network node has been established for more than a threshold time period. The UE may identify, based on a key hierarchy, a parent network node associated with the network node. The UE may transmit a key refresh request message to the parent network node to trigger a key refresh procedure between the parent network node and the network node. The UE may perform a procedure with the network node to establish a new security context based on the key refresh procedure.

公开(公告)号：US10298549B2

公开(公告)日：2019-05-21

申请号：US15199924

申请日：2016-06-30

Applicant: QUALCOMM Incorporated

Inventor： Soo Bum Lee ,  Anand Palanigounder ,  Adrian Edward Escott

IPC: H04L29/06 ,  H04L29/08 ,  H04W88/16 ,  H04L12/24 ,  H04L9/08 ,  H04L9/14 ,  H04W4/70 ,  H04W12/04 ,  H04W12/10

Abstract: Aspects of security schemes (e.g., integrity protection, encryption, or both) are described. A measure of access stratum security can be realized without overhead associated with establishing and/or maintaining the per-cellular-device access stratum security context at a Cellular Internet of Things (CIoT) base station (C-BS). A gateway (e.g., a CIoT Serving Gateway Node (C-SGN)) may derive a first key. The first key may be only known to the C-SGN. The C-SGN may derive a second key from the first key and a parameter unique to the C-BS. The C-SGN may also derive a third key from the second key and an identity of a cellular device. The C-SGN may send the second and third keys to the C-BS and cellular device, respectively. Small data messages encrypted and/or integrity protected by the cellular device may be decrypted and/or verified by the C-BS.

公开(公告)号：US20170187691A1

公开(公告)日：2017-06-29

申请号：US15199924

申请日：2016-06-30

Applicant: QUALCOMM Incorporated

Inventor： Soo Bum Lee ,  Anand Palanigounder ,  Adrian Edward Escott

IPC: H04L29/06 ,  H04L9/14 ,  H04L12/24 ,  H04L9/08 ,  H04L29/08 ,  H04W88/16

CPC classification number: H04L63/0428 ,  G06F2221/2151 ,  H04L9/0822 ,  H04L9/14 ,  H04L41/08 ,  H04L63/062 ,  H04L63/123 ,  H04L63/1458 ,  H04L63/16 ,  H04L63/205 ,  H04L67/12 ,  H04W4/70 ,  H04W12/04 ,  H04W12/10 ,  H04W88/16 ,  Y04S40/18

Abstract: Aspects of security schemes (e.g., integrity protection, encryption, or both) are described. A measure of access stratum security can be realized without overhead associated with establishing and/or maintaining the per-cellular-device access stratum security context at a Cellular Internet of Things (CIoT) base station (C-BS). A gateway (e.g., a CIoT Serving Gateway Node (C-SGN)) may derive a first key. The first key may be only known to the C-SGN. The C-SGN may derive a second key from the first key and a parameter unique to the C-BS. The C-SGN may also derive a third key from the second key and an identity of a cellular device. The C-SGN may send the second and third keys to the C-BS and cellular device, respectively. Small data messages encrypted and/or integrity protected by the cellular device may be decrypted and/or verified by the C-BS.

公开(公告)号：US20170180995A1

公开(公告)日：2017-06-22

申请号：US15052476

申请日：2016-02-24

Applicant: QUALCOMM Incorporated

Inventor： Yogesh Bhalchandra Deshpande ,  Mungal Singh Dhanda ,  Adrian Edward Escott

IPC: H04W12/10 ,  H04W12/04 ,  H04W72/04 ,  H04W68/00

CPC classification number: H04W12/10 ,  H04L9/0866 ,  H04L63/0414 ,  H04W12/02 ,  H04W12/04 ,  H04W12/06 ,  H04W68/00 ,  H04W68/005 ,  H04W72/042

Abstract: Methods, systems, and devices for wireless communication are described. A user equipment (UE) may receive a paging message that includes a secured UE identifier calculated based on a security configuration negotiated between the UE and a trusted source, e.g., a mobility management entity (MME) of the core network. The UE may determine whether the paging message is received from the trusted source or an untrusted source based on the secured UE identifier. The UE may transmit a connection request message based on the determination that the paging message is received from a trusted source.

公开(公告)号：US20170078874A1

公开(公告)日：2017-03-16

申请号：US15089396

申请日：2016-04-01

Applicant: QUALCOMM Incorporated

Inventor： Soo Bum Lee ,  Adrian Edward Escott ,  Gavin Bernard Horn ,  Anand Palanigounder

IPC: H04W12/04 ,  H04W36/00 ,  H04W12/08

CPC classification number: H04W12/04 ,  H04W12/02 ,  H04W36/0038 ,  H04W36/0055

Abstract: A device that identifies entry into a new service area, transmits a service area update request to a network device associated with a network, receives a control plane message from the network indicating control plane device relocation or a key refresh due to a service area change in response to transmitting the service area update request, and derives a first key based in part on data included in the control plane message and a second key shared between the device and a key management device. Another device that receives a handover command from a network device associated with a network, the handover command indicating a new service area, derives a first key based on data included in the handover command and on a second key shared between the device and a key management device, and sends a handover confirmation message that is secured based on the first key.

Abstract translation: 识别进入新服务区域的设备向与网络相关联的网络设备发送服务区域更新请求，从网络接收指示控制平面设备重定位的控制平面消息或由于服务区域改变引起的密钥刷新 响应于发送服务区域更新请求，并且部分地基于包括在控制平面消息中的数据和在设备和密钥管理设备之间共享的第二密钥来导出第一密钥。 从与网络相关联的网络设备接收切换命令的另一设备，指示新服务区域的切换命令基于包括在切换命令中的数据和在设备与密钥管理之间共享的第二密钥来导出第一密钥 并且发送基于第一密钥被保护的切换确认消息。

公开(公告)号：US20160337861A1

公开(公告)日：2016-11-17

申请号：US15217880

申请日：2016-07-22

Applicant: QUALCOMM Incorporated

Inventor： Philip Michael Hawkes ,  Andreas Klaus Wachter ,  Adrian Edward Escott ,  Stephen William Edge

IPC: H04W12/08 ,  H04W4/02 ,  H04L29/06 ,  H04W12/06 ,  H04W12/04

CPC classification number: H04W12/08 ,  H04L63/0442 ,  H04L63/062 ,  H04L63/0823 ,  H04L63/0869 ,  H04L63/0876 ,  H04L63/166 ,  H04L63/205 ,  H04W4/02 ,  H04W12/04 ,  H04W12/06

Abstract: A particular method includes generating, at a secure user plane location (SUPL) server, a message to be sent to a mobile device, the message including: a server certificate including an identifier of the SUPL server and a public key of the SUPL server; and a request for a device certificate of the mobile device. The method also includes receiving a reply from the mobile device that includes a device certificate of the mobile device; and authenticating the mobile device as associated with a SUPL user based on the device certificate.

Abstract translation: 特定方法包括在安全用户平面位置（SUPL）服务器处生成要发送到移动设备的消息，该消息包括：包括SUPL服务器的标识符和SUPL服务器的公钥的服务器证书; 以及对移动设备的设备证书的请求。 该方法还包括从移动设备接收包括移动设备的设备证书的回复; 以及基于所述设备证书将所述移动设备认证为与SUPL用户相关联。

公开(公告)号：US09119065B2

公开(公告)日：2015-08-25

申请号：US14097077

申请日：2013-12-04

Applicant: QUALCOMM Incorporated

Inventor： Philip Michael Hawkes ,  Andreas Klaus Wachter ,  Adrian Edward Escott ,  Stephen William Edge

IPC: H04W12/06 ,  H04W12/04 ,  H04L29/06 ,  H04W4/02 ,  H04W12/08

CPC classification number: H04W12/08 ,  H04L63/0442 ,  H04L63/062 ,  H04L63/0823 ,  H04L63/0869 ,  H04L63/0876 ,  H04L63/166 ,  H04L63/205 ,  H04W4/02 ,  H04W12/04 ,  H04W12/06

Abstract: A particular method includes receiving, at a secure user plane location (SUPL) server, an indication from a mobile device of one or more transport layer security (TLS) cipher suites supported by the mobile device; determining whether the one or more TLS cipher suites include a TLS pre-shared key (TLS-PSK) cipher suite that is supported by the SUPL server; in response to determining whether the one or more TLS cipher suites include the TLS-PSK cipher suite that is supported by the SUPL server, performing a generic bootstrapping architecture (GBA)-based authentication process to authenticate the mobile device, or determining whether the SUPL server supports a certificate-based authentication method; and in response to determining that the SUPL server supports the certificate-based authentication method, performing the certificate-based authentication method that includes sending a server certificate to the mobile device and receiving a device certificate from the mobile device.

Abstract translation: 一种特定方法包括在安全用户平面位置（SUPL）服务器处接收来自移动设备的由移动设备支持的一个或多个传输层安全（TLS）密码套件的指示; 确定一个或多个TLS密码套件是否包括由SUPL服务器支持的TLS预共享密钥（TLS-PSK）密码套件; 响应于确定一个或多个TLS密码套件是否包括由SUPL服务器支持的TLS-PSK密码套件，执行通用引导架构（GBA）的认证过程以认证移动设备，或者确定SUPL 服务器支持基于证书的身份验证方法; 并且响应于确定SUPL服务器支持基于证书的认证方法，执行包括向移动设备发送服务器证书并从移动设备接收设备证书的基于证书的认证方法。

公开(公告)号：US12206680B2

公开(公告)日：2025-01-21

申请号：US18499713

申请日：2023-11-01

Applicant: QUALCOMM Incorporated

Inventor： Soo Bum Lee ,  Adrian Edward Escott ,  Anand Palanigounder

IPC: H04L29/06 ,  H04L9/40 ,  H04W12/04 ,  H04W12/10 ,  H04W76/10

Abstract: The present disclosure provides techniques that may be applied, for example, for providing network policy information in a secure manner. In some cases, a UE may receive a first message for establishing a secure connection with a network, wherein the first message comprises network policy information, generate a first key based in part on the network policy information, and use the first key to verify the network policy information.

公开(公告)号：US12058783B2

公开(公告)日：2024-08-06

申请号：US17302677

申请日：2021-05-10

Applicant: QUALCOMM Incorporated

Inventor： Karthika Paladugu ,  Hong Cheng ,  Adrian Edward Escott ,  Soo Bum Lee ,  Gavin Bernard Horn

IPC: H04W88/04 ,  H04W40/22 ,  H04W76/11 ,  H04W76/14 ,  H04W92/18

CPC classification number: H04W88/04 ,  H04W40/22 ,  H04W76/11 ,  H04W76/14 ,  H04W92/18

Abstract: Various aspects of the present disclosure generally relate to wireless communication. In some aspects, a relay user equipment may establish a sidelink unicast link with a remote UE via a sidelink signaling interface; receive, from a network entity, configuration information comprising at least one of: remote UE link identifier information associated with the sidelink unicast link for a relay service, an RLC channel mapping between the one or more RLC channels of the sidelink unicast link and the link with the network entity, or data routing information associated with the relay service; configure the one or more RLC channels for the sidelink unicast link and the link with the network entity based at least in part on the configuration information; and relay communications between the remote UE and the network entity based at least in part on the configuration information. Numerous other aspects are provided.

公开(公告)号：US11533613B2

公开(公告)日：2022-12-20

申请号：US16880897

申请日：2020-05-21

Applicant: QUALCOMM Incorporated

Inventor： Adrian Edward Escott ,  William Whyte ,  Anand Palanigounder

IPC: H04W12/0431 ,  H04W12/033 ,  H04W12/041 ,  H04W12/106 ,  H04W4/40

Abstract: Embodiments include devices and methods for providing secure communications between a first computing device and a second computing device are disclosed. A processor of the first computing device may determine in a first application software first security key establishment information. The processor may provide the first security key establishment information to a communication layer of the first computing device for transmission to the second computing device. The processor may receive, in the first application software from the communication layer of the first computing device, second security key establishment information received from the second computing device. The processor may determine a first security key by the first application software based at least in part on the second security key establishment information. The processor may provide the first security key to the communication layer for protecting messages from the first application software to the second computing device.