公开(公告)号：US20210409939A1

公开(公告)日：2021-12-30

申请号：US17288968

申请日：2019-10-30

Applicant: NEC Corporation

Inventor： Sheeba Backia Mary BASKARAN ,  Sivabalan ARUMUGAM ,  Anand Raghawa PRASAD ,  Sander DE KIEVIT ,  Takahito YOSHIZAWA ,  Hironori ITO

IPC: H04W12/041 ,  H04W12/0431 ,  H04W12/06 ,  H04W60/04

Abstract: A method for providing a key derivation function (KDF) negotiation in a 5G network is provided. The method which includes: selecting a specific KDF at a UE and at the network for at least one security related key derivation; and transmitting, said selected KDF to the UE and to other network functions to indicate said selected KDF for generating specific security key at a receiver side.

公开(公告)号：US20210258837A1

公开(公告)日：2021-08-19

申请号：US17306125

申请日：2021-05-03

Applicant: NEC Corporation

Inventor： Xiaowei ZHANG ,  Anand Raghawa PRASAD

IPC: H04W36/00 ,  H04W8/30 ,  H04W8/12 ,  H04W12/041 ,  H04W12/06 ,  H04W36/22

Abstract: There is provided a network system including one or more first MMEs (30), and a second MME (40) separated from the first MMEs (30). In one of operation cases, the first MME (30) pushes, to the second MME (40), security context for a UE (10) that attaches to the first MME (30). The second MME (40) stores the security context. The first MME (30) further pushes the latest security context to the second MME (40), during a switch-off procedure for the first MME (30). The second MME (40) updates the stored security context with the latest security context. The first MME (30) pulls the security context from the second MME (40), when the UE (10) re-attaches to the first MME (30) or is handovered from different one of the first MMEs (30).

公开(公告)号：US20210144550A1

公开(公告)日：2021-05-13

申请号：US17044383

申请日：2019-04-03

Applicant: NEC CORPORATION

Inventor： Hironori ITO ,  Anand Raghawa PRASAD ,  Takahito YOSHIZAWA ,  Sheeba Backia Mary BASKARAN ,  Sivabalan ARUMUGAM ,  Sivakamy LAKSHMINARAYANAN

IPC: H04W12/06 ,  H04W12/069 ,  H04W84/18 ,  H04W28/02

Abstract: The present document proposes security procedures for 3GPP Common API Framework (CAPIF) to solve various security issues that can occur during various phases such as, (i) API invoker Onboarding, (ii) API invoker Offboarding, (iii) Service API publishing, (iv) Service API unpublishing, (v) Update service APIs, (vi) Service API discovery, (vii) API invoker obtaining authorization from CAPIF core function (CCF) to access service API, (viii) Authentication between API invoker and API exposing function (AEF) upon the service invocation, (ix) Retrieve service APIs, (x) CAPIF event subscription, (xi) CAPIF event unsubscription, and (xii) API invoker authorization to access service APIs.

公开(公告)号：US20210144135A1

公开(公告)日：2021-05-13

申请号：US17044065

申请日：2019-04-02

Applicant: NEC CORPORATION

Inventor： Anand Raghawa PRASAD ,  Sivakamy LAKSHMINARAYANAN ,  Sheeba Backia Mary BASKARAN ,  Sivabalan ARUMUGAM ,  Hironori ITO ,  Takahito YOSHIZAWA

IPC: H04L29/06 ,  H04W12/06 ,  H04W12/69 ,  H04L9/30

Abstract: The present disclosure relates to authentication methods supported by the User Equipment (UE) to the core network and authentication method (selected by the core network) to the UE. These can be used for negotiating any primary or secondary (or any) authentication method and are applicable when multiple authentication methods are supported at the UE and the network (authentication server). Further, the present disclosure also offers security solution to prevent modification or tampering of the parameters in the mechanisms in order to prevent attacks such as bidding-down, Denial of Service (DoS) and Man-In-The-Middle (MITM).

公开(公告)号：US20210076168A1

公开(公告)日：2021-03-11

申请号：US17101630

申请日：2020-11-23

Applicant: NEC Corporation

Inventor： Xiaowei ZHANG ,  Anand Raghawa PRASAD

IPC: H04W4/08 ,  H04W12/08 ,  H04W4/70 ,  H04L29/06 ,  H04L29/08

Abstract: A network node (21), which is placed within a core network, receives a message from a transmission source (30) placed outside the core network. The message includes an indicator indicating whether or not the message is addressed to a group of one or more MTC devices attached to the core network. The network node (21) determines to authorize the transmission source (30), when the indicator indicates that the message is addressed to the group. Further, the message includes an ID for identifying whether or not the message is addressed to the group. The MTC device determines to discard the message, when the ID does not coincide with an ID allocated for the MTC device itself. Furthermore, the MTC device communicates with the transmission source (30) by use of a pair of group keys shared therewith.

公开(公告)号：US20200280849A1

公开(公告)日：2020-09-03

申请号：US16650997

申请日：2018-09-27

Applicant: NEC Corporation

Inventor： Hironori ITO ,  Sivakamy LAKSHMINARAYANAN ,  Anand Raghawa PRASAD ,  Sivabalan ARUMUGAM ,  Sheeba Backia Mary BASKARAN

IPC: H04W12/04 ,  H04L29/06 ,  H04W12/06

Abstract: A communication terminal capable of preventing a reduction in security level that is caused at the time of establishing multiple connections via 3GPP Access and Non-3GPP Access. A communication terminal according to the present disclosure includes: a communication unit configured to communicate with gateway devices disposed in a preceding stage of a core network device via an Untrusted Non-3GPP Access; and a key derivation unit configured to derive a second security key used for security processing of a message transmitted using a defined protocol with the gateway device, from a first security key used for security processing of a message transmitted using a defined protocol with the core network device.

公开(公告)号：US20200236542A1

公开(公告)日：2020-07-23

申请号：US16842553

申请日：2020-04-07

Applicant: NEC Corporation

Inventor： Xiaowei ZHANG ,  Anand Raghawa PRASAD

IPC: H04W12/04 ,  H04W12/08

Abstract: In order for supporting separate ciphering at an MeNB (20) and an SeNB (30), the MeNB (20) derives separate first and second keys (KUPenc-M, KUPenc-S) from a third key (KeNB). The first key (KUPenc-M) is used for confidentially protecting first traffic transmitted over U-Plane between the MeNB (20) and a UE (10). The first key (KUPenc-M) may be the same as current KUPenc or a new key. The second key (KUPenc-S) is used for confidentially protecting second traffic transmitted over the U-Plane between the UE (10) and the SeNB (30). The MeNB (20) sends the second key (KUPenc-S) to the SeNB (30). The UE (10) negotiates with the MeNB (20), and derives the second key (KUPenc-S) based on a result of the negotiation.

公开(公告)号：US20200228543A1

公开(公告)日：2020-07-16

申请号：US16830970

申请日：2020-03-26

Applicant: NEC Corporation

Inventor： Xiaowei ZHANG ,  Anand Raghawa PRASAD

IPC: H04L29/06 ,  H04W12/08 ,  H04L29/08

Abstract: A method of forming a secure group in ProSe communication includes requesting a service request to a ProSe server from a requesting device (21), the service request indicating a request to communicate with a receiving device (22) from the requesting device (21), performing verification on the requesting and receiving devices (21) and (22) by the ProSe server 24, sending a ProSe Service Result to the requesting and receiving devices (21) and (22) to inform to be allowed a group member, and starting a group security establishment of the group including the requesting and receiving devices (21) and (22)

公开(公告)号：US20200153806A1

公开(公告)日：2020-05-14

申请号：US16744767

申请日：2020-01-16

Applicant: NEC Corporation

Inventor： Xiaowei ZHANG ,  Anand Raghawa PRASAD

IPC: H04L29/06 ,  H04W12/10 ,  H04W12/02 ,  H04L9/08 ,  H04L9/32 ,  H04W76/14 ,  H04W12/04

Abstract: A method of performing authentication and authorization in Proximity based Service (ProSe) communication by a requesting device which sends a request of a communication and a receiving device which receives the request from the requesting device, the method including deriving session keys Kpc and Kpi from an unique key Kp at the requesting and receiving devices, using the session keys Kpc and Kpi for ProSe communication setup and direct communication between the requesting and receiving devices, starting the direct communication with the requesting and receiving devices. The key Kpc is confidentiality key and the key Kpi is integrity protection key.

公开(公告)号：US20200099697A1

公开(公告)日：2020-03-26

申请号：US16696091

申请日：2019-11-26

Applicant: NEC Corporation

Inventor： Xiaowei ZHANG ,  Anand Raghawa PRASAD

IPC: H04L29/06 ,  H04L29/08 ,  H04W12/08

Abstract: A method of forming a secure group in ProSe communication includes requesting a service request to a ProSe server from a requesting device (21), the service request indicating a request to communicate with a receiving device (22) from the requesting device (21), performing verification on the requesting and receiving devices (21) and (22) by the ProSe server 24, sending a ProSe Service Result to the requesting and receiving devices (21) and (22) to inform to be allowed a group member, and starting a group security establishment of the group including the requesting and receiving devices (21) and (22)