公开(公告)号：US11991165B2

公开(公告)日：2024-05-21

申请号：US17044065

申请日：2019-04-02

Applicant: NEC CORPORATION

Inventor： Anand Raghawa Prasad ,  Sivakamy Lakshminarayanan ,  Sheeba Backia Mary Baskaran ,  Sivabalan Arumugam ,  Hironori Ito ,  Takahito Yoshizawa

IPC: G06F7/04 ,  G06F15/16 ,  H04L9/30 ,  H04L9/40 ,  H04L29/06 ,  H04W12/06 ,  H04W12/69

CPC classification number: H04L63/083 ,  H04L9/30 ,  H04L63/166 ,  H04L63/205 ,  H04W12/06 ,  H04W12/69

Abstract: The present disclosure relates to authentication methods supported by the User Equipment (UE) to the core network and authentication method (selected by the core network) to the UE. These can be used for negotiating any primary or secondary (or any) authentication method and are applicable when multiple authentication methods are supported at the UE and the network (authentication server). Further, the present disclosure also offers security solution to prevent modification or tampering of the parameters in the mechanisms in order to prevent attacks such as bidding-down, Denial of Service (DoS) and Man-In-The-Middle (MITM).

公开(公告)号：US11895499B2

公开(公告)日：2024-02-06

申请号：US17275518

申请日：2019-09-05

Applicant: NEC Corporation

Inventor： Hironori Ito ,  Anand Raghawa Prasad

IPC: H04W12/106 ,  H04W12/08

CPC classification number: H04W12/106 ,  H04W12/08

Abstract: An object is to provide a transmission apparatus which can suppress an increase in processing load in a communication apparatus such as a sender and a receiver due to an increase in the number of messages to be transmitted. A transmission apparatus (10) according to the present disclosure includes a generation unit (11) for generating authentication information used for confirming integrity of a plurality of data pieces using the plurality of data pieces and an integrity protection key transmitted at different timings, and a communication unit (12) for transmitting the plurality of data pieces and the authentication information to a reception apparatus (20) for confirming the integrity of the plurality of data pieces.

公开(公告)号：US11553345B2

公开(公告)日：2023-01-10

申请号：US17201280

申请日：2021-03-15

Applicant: NEC Corporation

Inventor： Hironori Ito ,  Anand Raghawa Prasad ,  Andreas Kunz ,  Sivabalan Arumugam ,  Sivakamy Lakshminarayanan ,  Sheeba Backia Mary Baskaran

IPC: H04W12/106 ,  H04W12/037 ,  H04W12/041 ,  H04W12/08 ,  H04W36/14 ,  H04W48/18

Abstract: A communication terminal (10) according to the present disclosure includes: a control unit (12) configured to, in a case of a movement from a communication area formed by the 5GS to a communication area formed by the EPS or a movement from a communication area formed by the EPS to a communication area formed by the 5GS, determine whether or not a communication system forming a communication area at a movement destination can satisfy requirements of services; and a communication unit (11) configured to, when it is determined that the communication system forming the communication area at the movement destination can satisfy the requirements of the services, send a connection request message to the communication system forming the communication area at the movement destination.

公开(公告)号：US11528599B2

公开(公告)日：2022-12-13

申请号：US17672274

申请日：2022-02-15

Applicant: NEC Corporation

Inventor： Sheeba Backia Mary Baskaran ,  Sivakamy Lakshminarayanan ,  Anand Raghawa Prasad ,  Sivabalan Arumugam ,  Hironori Ito ,  Takahito Yoshizawa

IPC: G06F7/04 ,  H04N7/16 ,  H04W12/02 ,  H04W12/06 ,  H04W12/10 ,  H04W12/03 ,  H04W12/72 ,  H04W12/0471

Abstract: A communication terminal (10) includes control means for generating a subscription concealed identifier (SUCI) including a subscription permanent identifier (SUPI) concealed using a predetermined protection scheme, and a protection scheme identifier identifying the protection scheme, and transmission means for sending the SUCI to a first network apparatus during a registration procedure, the SUCI being sent for a second network apparatus to de-conceal the SUPI from the SUCI based on the protection scheme used to generate the SUCI.

公开(公告)号：US11496882B2

公开(公告)日：2022-11-08

申请号：US16968624

申请日：2019-02-15

Applicant: NEC Corporation

Inventor： Sheeba Backia Mary Baskaran ,  Anand Raghawa Prasad ,  Sivakamy Lakshminarayanan ,  Sivabalan Arumugam ,  Hironori Ito ,  Takihito Yoshizawa

IPC: H04W60/00 ,  H04W8/20 ,  H04W8/08 ,  H04W48/16 ,  H04L101/654

Abstract: Methods for (i) finding/discovering the right UDM instances and (ii) ensuring the UDM instance security are provided. The method for (i), includes the steps of: (i-1) pre-provisioning of UDM instance discovery information/parameters to the UE/USIM, (i-2) sending the UDM instance discovery related parameters to a core network element, and (i-3) discovering the right UDM instance at the core network element based on the discovery parameters and related routing information either at the UDM consumer/NRF. The method for (ii) includes the steps of: (ii-1) Secured choice of parameter for UDM instance discovery (e.g. UDM instance identifier) to the core network element and (ii-2) the secured UDM instance identifier generation and management at the UDM to prevent attack on UDM instances. Also a method to identify the cleartext IMSI/SUPI is provided for the re-authentication scenario along with the relevant procedures.

公开(公告)号：US20220103540A1

公开(公告)日：2022-03-31

申请号：US17549156

申请日：2021-12-13

Applicant: NEC Corporation

Inventor： Anand Raghawa Prasad ,  Sivakamy Lakshminarayanan ,  Sheeba Backia Mary Baskaran ,  Sivabalan Arumugam ,  Hironori Ito ,  Takahito Yoshizawa

IPC: H04L29/06 ,  H04W12/69 ,  H04L9/30 ,  H04W12/06

Abstract: The present disclosure relates to authentication methods supported by the User Equipment (UE) to the core network and authentication method (selected by the core network) to the UE. These can be used for negotiating any primary or secondary (or any) authentication method and are applicable when multiple authentication methods are supported at the UE and the network (authentication server). Further, the present disclosure also offers security solution to prevent modification or tampering of the parameters in the mechanisms in order to prevent attacks such as bidding-down, Denial of Service (DoS) and Man-In-The-Middle (MITM).

公开(公告)号：US11284317B2

公开(公告)日：2022-03-22

申请号：US16388084

申请日：2019-04-18

Applicant: NEC CORPORATION

Inventor： Xiaowei Zhang ,  Anand Raghawa Prasad

IPC: H04W36/00 ,  H04W88/06

Abstract: A UE (10) provides information on potential S′eNB(s). The information is forwarded from an MeNB (20_1) to an M′eNB (20_2) such that the M′eNB (20_2) can determine, before the handover happens, whether the M′eNB (20_2) will configure a new SeNB (S′eNB) and which S′eNB the M′eNB (20_2) will configure. In one of options, the MeNB (20_1) derives a key S′-KeNB for communication protection between the UE (10) and the S′eNB (30_1), and send the S′-KeNB to the M′eNB (20_2). In another option, the M′eNB (20_2) derives the S′-KeNB from a key KeNB* received from the MeNB (20_1). The M′eNB (20_2) sends the S′-KeNB to the S′eNB (30_1). Moreover, there are also provided several variations to perform SeNB Release, SeNB Addition, Bearer Modification and the like, in which the order and/or timing thereof can be different during the handover procedure.

公开(公告)号：US11265705B2

公开(公告)日：2022-03-01

申请号：US16478348

申请日：2018-01-17

Applicant: NEC Corporation

Inventor： Hironori Ito ,  Anand Raghawa Prasad ,  Sivabalan Arumugam ,  Sivakamy Lakshminarayanan ,  Naoaki Suzuki ,  Andreas Kunz

IPC: H04L29/06 ,  H04W12/041 ,  H04L9/08 ,  H04W8/02 ,  H04W12/037 ,  H04W12/106 ,  H04W12/0431

Abstract: The present disclosure aims to provide a communication system capable of achieving advanced security in a 5G communication system. The communication system according to the present disclosure includes: a communication terminal (10); an Access and Mobility Management (AMF) entity (20) configured to execute Mobility Management (MM) processing regarding the communication terminal (10); and a Session Management Function (SMF) entity (30) configured to execute Session Management (SM) processing regarding the communication terminal (10), in which the communication terminal (10) sends an MM message used in the MM processing, a first security key having been applied to the MM message, between the communication terminal and the AMF entity (20), and sends an SM message used in the SM processing, a second security key having been applied to the SM message, between the communication terminal and the SMF entity (30) via the AMF entity (20).

公开(公告)号：US10986544B2

公开(公告)日：2021-04-20

申请号：US16146694

申请日：2018-09-28

Applicant: NEC Corporation

Inventor： Xiaowei Zhang ,  Anand Raghawa Prasad

IPC: H04W36/00 ,  H04W8/30 ,  H04W8/12 ,  H04W12/04 ,  H04W12/06 ,  H04W36/22 ,  H04L29/06

Abstract: There is provided a network system including one or more first MMEs (30), and a second MME (40) separated from the first MMEs (30). In one of operation cases, the first MME (30) pushes, to the second MME (40), security context for a UE (10) that attaches to the first MME (30). The second MME (40) stores the security context. The first MME (30) further pushes the latest security context to the second MME (40), during a switch-off procedure for the first MME (30). The second MME (40) updates the stored security context with the latest security context. The first MME (30) pulls the security context from the second MME (40), when the UE (10) re-attaches to the first MME (30) or is handovered from different one of the first MMEs (30).

公开(公告)号：US10554408B2

公开(公告)日：2020-02-04

申请号：US15549690

申请日：2016-02-12

Applicant: NEC Corporation

Inventor： Xiaowei Zhang ,  Anand Raghawa Prasad

IPC: H04L29/06 ,  H04L9/32 ,  H04L9/08 ,  H04L9/14

Abstract: A communication system includes a plurality of communication terminals that form a communication group and a node device that carries out an authentication process on each of the communication terminals. The node device derives first keys unique to the respective communication terminals by using information shared between the node device and each communication terminal through the authentication process, derives a second key common to the communication group, calculates an exclusive OR between each first key and the second key, and transmits respective XOR values obtained through the calculation to the respective communication terminals. Each communication terminal reproduces the second key by calculating an exclusive OR of between the first key unique to the own communication terminal derived by using the information and the XOR value received from the node device. Thus, the keys used in group communication are managed more securely.