公开(公告)号：US09191812B2

公开(公告)日：2015-11-17

申请号：US14489833

申请日：2014-09-18

Applicant: QUALCOMM Incorporated

Inventor： Adrian Escott ,  Anand Palanigounder

IPC: H04L29/06 ,  H04W12/04 ,  H04W36/00 ,  H04L9/14

CPC classification number: H04W12/04 ,  H04L9/14 ,  H04L2209/24 ,  H04W36/0038

Abstract: Disclosed is a method for transitioning a remote station from a current serving network node having an enhanced security context to a new serving network node. In the method, the remote station provides at least one legacy key, and generates at least one session key based on a calculation using a root key and using an information element associated with the enhanced security context. The remote station forwards a first message having the information element to the new serving network node. The remote station receives a second message, from the new serving network node, having a response based on either the legacy key or the session key. The remote station determines that the new serving network node does not support the enhanced security context if the response of the second message is based on the legacy key. Accordingly, the remote station protects communications based on the legacy key upon determining that the enhanced security context is not supported.

Abstract translation: 公开了一种用于将远程站从具有增强的安全上下文的当前服务网络节点转换到新的服务网络节点的方法。 在该方法中，远程站提供至少一个遗留密钥，并且基于使用根密钥的计算并使用与增强的安全上下文相关联的信息元素来生成至少一个会话密钥。 远程站将具有信息元素的第一消息转发到新的服务网络节点。 远程站从新的服务网络节点接收具有基于传统密钥或会话密钥的响应的第二消息。 如果第二消息的响应基于传统密钥，则远程站确定新的服务网络节点不支持增强的安全上下文。 因此，当确定不支持增强的安全上下文时，远程站保护基于传统密钥的通信。

公开(公告)号：US09185559B2

公开(公告)日：2015-11-10

申请号：US13917381

申请日：2013-06-13

Applicant: QUALCOMM Incorporated

Inventor： Adrian Escott ,  Anand Palanigounder ,  Brian M Rosenberg

IPC: H04W48/02 ,  H04W12/06 ,  H04L29/06 ,  H04W76/02 ,  H04W88/02

CPC classification number: H04W12/06 ,  H04L63/0823 ,  H04L63/0869 ,  H04W48/02 ,  H04W76/10 ,  H04W88/02

Abstract: A method and apparatus are provided for a subsidizing service provider entity to personalize a subscriber device to ensure the subscriber device cannot be used in a network of a different service provider entity. As the service provider entity subsidizes the subscriber device, it desires to ensure that subscriber device is personalized such that the subscriber device may operate only in its network and not a network of a different service provider entity. The subscriber device is pre-configured with a plurality of provider-specific and/or unassociated root certificates by the manufacturer of the subscriber device. A communication service is established between the service provider entity and the subscriber device allowing for the mutual authentication of the subscriber device and the service provider entity. After mutual authentication, the service provider entity sends a command to the subscriber device to disable/delete some/all root certificates that are unassociated with the service provider entity.

Abstract translation: 提供了一种用于补贴服务提供商实体个人化用户设备以确保订户设备不能在不同服务提供商实体的网络中使用的方法和装置。 当服务提供商实体补贴用户设备时，它希望确保订户设备被个性化，使得订户设备可以仅在其网络中操作，而不是不同于不同服务提供商实体的网络。 用户设备由用户设备的制造商预先配置有多个提供者特定和/或未相关的根证书。 在服务提供商实体和用户设备之间建立通信服务，允许用户设备和服务提供商实体的相互认证。 在相互认证之后，服务提供商实体向用户设备发送命令以禁用/删除与服务提供商实体不相关的一些/所有根证书。