US20150334560A1 - Mtc key management for key derivation at both ue and network - Google Patents
Mtc key management for key derivation at both ue and network Download PDFInfo
- Publication number
- US20150334560A1 US20150334560A1 US14/652,456 US201414652456A US2015334560A1 US 20150334560 A1 US20150334560 A1 US 20150334560A1 US 201414652456 A US201414652456 A US 201414652456A US 2015334560 A1 US2015334560 A1 US 2015334560A1
- Authority
- US
- United States
- Prior art keywords
- iwf
- mtc
- subkeys
- master key
- algorithm
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/70—Services for machine-to-machine communication [M2M] or machine type communication [MTC]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/041—Key generation or derivation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/043—Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
- H04W12/0433—Key management protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/10—Integrity
-
- H04W4/005—
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/081—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying self-generating credentials, e.g. instead of receiving credentials from an authority or from another peer, the credentials are generated at the entity itself
Definitions
- the present invention relates to key management in MTC (Machine-Type Communication) system, in particular to a technique to derive a key at both of a UE (User Equipment) and a network.
- MTC Machine-Type Communication
- MTC-IVVF MTC Inter-Working Function
- MTC device is a UE equipped for MTC, which will be sometimes referred to as “MTC UE” or “UE” in the following explanation.
- NPL 1 3GPP TR 33.868, “Security aspects of Machine-Type and other Mobile Data Applications Communications Enhancements; (Release 12)”, V0.10.0, 2012-09
- NPL 2 3GPP TS 33.401, “3GPP System Architecture Evolution (SAE); Security architecture (Release 12)”, V12.5.1, 2012-10.
- SAE System Architecture Evolution
- SAE Security architecture
- an exemplary object of the present invention is to ensure secure communication between an MTC device and an MTC-IWF.
- this invention deals with the following issues: Deriving the same root key at both UE and network side.
- K_iwf root key K_iwf separately. There is no key sent between them.
- Key derivation parameters can be either sent from network to UE or from UE to network. Inside the core network, the key derivation parameters can be sent from HSS (Home Subscriber Server) to MTC-IWF and MME (Mobility Management Entity), or from MTC-IWF to HSS or MME.
- HSS Home Subscriber Server
- MTC-IWF and MME Mobility Management Entity
- MTC-IWF Mobility Management Entity
- a communication system includes: an MTC-IWF; and a UE.
- the MTC-IWF stores a master key, derives subkeys for confidentiality and integrity protection, and informs the UE about an algorithm for key derivation.
- the UE derives, by using the algorithm, the master key and the subkeys such that the UE shares the same master key and the same subkeys with the MTC-IWF.
- Security association is established between the UE and the MTC-IWF by using the shared master key and subkeys.
- An MTC-IWF is configured to store a master key, derive subkeys for confidentiality and integrity protection, and inform a UE about an algorithm for key derivation to cause the UE to derive the master key and the subkeys such that the UE shares the same master key and the same subkeys with the MTC-IWF.
- Security association is established between the UE and the MTC-IWF by using the shared master key and subkeys.
- a UE is configured to derive, by using an algorithm for key derivation informed from an MTC-IWF, a master key and subkeys for confidentiality and integrity protection such that the UE shares the master key and the subkeys with the MTC-IWF.
- Security association is established between the UE and the MTC-IWF by using the shared master key and subkeys.
- An HSS is configured to derive a master key, and to send the master key to an MTC-IWF.
- the master key is shared between the MTC-IWF and a UE, and used for establishing security association between the MTC-IWF and the UE.
- An MME is configured to carry, to a UE, a NAS SMC message that includes an IWF SMC message for informing the UE about an algorithm for key derivation.
- the algorithm is used for the UE and an MTC-IWF to share a master key and subkeys for confidentiality and integrity protection, and security association is established between the UE and the MTC-IWF by using the shared master key and subkeys.
- a method provides a method of securing MTC communication.
- This method includes: storing, by an MTC-IWF, a master key; deriving, by the MTC-IWF, subkeys for confidentiality and integrity protection; informing, by the MTC-IWF, a UE about an algorithm for key derivation; and deriving, by the UE using the algorithm, the master key and the subkeys such that the UE shares the same master key and the same subkeys with the MTC-IWF.
- Security association is established between the UE and the MTC-IWF by using the shared master key and subkeys.
- FIG. 1 is a block diagram showing a configuration example of a communication system according to an exemplary embodiment of the present invention.
- FIG. 2 is a sequence diagram showing one example of IWF SMC procedure in the communication system according to the exemplary embodiment.
- FIG. 3 is a sequence diagram showing another example of the IWF SMC procedure in a case where IWF SMC is carried in NAS SMC.
- FIG. 4 is a sequence diagram showing an example of root key derivation at both UE and network in a case where communication is triggered by an SCS.
- FIG. 5 is a block diagram showing a configuration example of an MTC device according to the exemplary embodiment.
- FIG. 6 is a block diagram showing a configuration example of a network node according to the exemplary embodiment.
- a communication system includes a core network (3GPP network), and one or more MTC UEs 10 which are UEs equipped for MTC and connect to the core network through a RAN (Radio Access Network). While the illustration is omitted, the RAN is formed by a plurality of base stations (i.e., eNBs (evolved Node Bs)).
- eNBs evolved Node Bs
- the MTC UE 10 attaches to the core network.
- the MTC UE 10 can host one or multiple MTC Applications.
- the corresponding MTC Applications in the external network are hosted on an SCS (Service Capability Server) 50 .
- the SCS 50 connects to the core network to communicate with the MTC UE 10 .
- the core network includes an MTC-IWF 20 as one of its network nodes.
- the MTC-IWF 20 serves as a gateway to the core network for the SCS 50 .
- the MTC-IWF 20 relays messages between the MTC UE 10 and the SCS 50 .
- the core network includes, as other network nodes, an HSS (Home Subscriber Server) 40 , an MME, an SGSN (Serving GPRS (General Packet Radio Service) Support Node), an MSC (Mobile Switching Centre) and the like.
- HSS Home Subscriber Server
- MME Mobility Management Entity
- SGSN Serving GPRS (General Packet Radio Service) Support Node
- MSC Mobile Switching Centre
- FIG. 2 shows IWF SMC procedure using SAE/LTE (Long Term Evolution) NAS (Non Access Stratum) SMC mechanism for establishing security association between UE 10 and MTC-IWF 20 . This procedure will be described below.
- SAE/LTE Long Term Evolution
- NAS Non Access Stratum
- the subkeys include at least an integrity key for checking the integrity of messages transferred between the MTC UE 10 and the MTC-IWF 20 (hereinafter, this key will be referred to as “integrity subkey”).
- the subkeys may also include a confidentiality key for encrypting and decrypting messages transferred between the MTC UE 10 and the MTC-IWF 20 .
- MTC-IWF 20 sends IWF SMC message to UE 10 , with key derivation parameters (optional) and algorithm ID.
- the IWF SMC message is protected by the integrity subkey. Integrity protection at downlink is started.
- S 12 UE 10 derives K_iwf and subkeys, by using the key derivation parameters and algorithm sent from MTC-IWF 20 .
- UE 10 verifies the received IWF SMC message with the derived integrity subkey. Integrity protection at uplink is started. UE 10 sends IWF SMC Reject message if the verification fails.
- Step S 16 If the verification at Step S 15 is successful, the security association is established between UE 10 and MTC-IWF 20 and they can start secure communication.
- IWF SMC messages can also be carried in NAS SMC procedure.
- MTC-IWF 20 sends integrity protected IWF SMC message (same as Step S 11 in FIG. 2 ) or the necessary parameters for UE 10 to perform key derivation, with UE ID to MME 30 .
- MME 30 carries the IWF SMC message with NAS SMC message and sends it to UE 10 .
- UE 10 sends NAS SMC Reject message carrying IWF SMC Reject message to MME 30 .
- MME 30 forwards the IWF SMC Reject message to MTC-IWF 20 .
- UE 10 performs integrity verification on the IWF SMC, if the IWF SMC message was sent at Step S 21 with integrity protection.
- the integrity verification is by using the integrity subkey derived by UE 10 .
- UE 10 sends the NAS SMC Complete carrying IWF SMC Complete to MME 30 .
- the IWF SMC Complete message can be integrity protected.
- UE 10 sends IWF SMC Reject message carried in NAS SMC Complete, if the verification at Step S 26 fails.
- MME 30 forwards the IWF SMC Complete or IWF SMC Reject message to MTC-IWF 20 .
- MTC-IWF 20 performs integrity verification on the IWF SMC Complete message, if it was integrity protected.
- Step S 30 Security association is established between UE 10 and MTC-IWF 20 and they can start secure communication. If MTC-IWF 20 received IWF SMC Complete, and integrity verification is passed at Step S 29 (when it is carried).
- the initial key derivation at both sides of the UE and the core network can be triggered by:
- S 32 SCS 50 sends MTC device trigger message to MTC-IWF 20 , including target UE ID.
- the msg type is to indicate HSS 40 that the request from SCS 50 is trigger.
- UE 10 can send some key derivation parameters to network in NAS message.
- Steps S 36 to S 38 are performed.
- HSS 40 can send them to MTC-IWF 20 in Subscriber Information Response message.
- FIG. 2 or embedded in NAS SMS procedure as shown in FIG. 3 .
- Steps S 46 to S 48 are performed.
- HSS 40 derives the K_iwf. If MTC-IWF 20 has the key derivation parameters, it can send it to HSS 40 at Step S 33 .
- HSS 40 sends K_iwf to MTC-IWF 20 in Subscriber Information Response message.
- IWF SMC procedure is carried, either as an independent procedure or embedded in NAS SMS procedure.
- Steps S 56 to S 60 are performed.
- HSS 40 sends the key derivation parameters, algorithm ID to MME 30 in Authentication data response or Insert Subscriber Data.
- MME 30 sends the derived K_iwf to MTC-IWF 20 , in any one of the following two ways, for example.
- MME 30 sends K_iwf in a new message to HSS 40 , then HSS 40 sends it to MTC-IWF 20 in a new message called Update Subscriber Information message.
- MME 30 directly sends K_iwf over interface T 5 in a new message or in a Report message to MTC-IWF 20 .
- IWF SMC procedure is carried, either as an independent procedure or embedded in NAS SMS procedure.
- the IWF SMC procedure is the same for the case where UE 10 initiates communication.
- the above-mentioned Update Subscriber Information can be used for HSS 40 to send key derivation parameter or K_iwf.
- the MTC UE 10 includes a negotiation unit 11 which negotiates with the MTC-IWF 20 to establish the security association with the MTC UE 10 and the MTC-IWF 20 as shown in FIGS. 2 to 4 .
- the negotiation unit 11 can transfer messages for the negotiation to the MTC-IWF 20 thorough the MME 30 as shown in FIG. 3 .
- the negotiation unit 11 can send the key derivation parameters to the core network as shown at Step S 35 in FIG. 4 .
- the negotiation unit 11 can receive the algorithm ID from the MTC-IWF 20 as shown at Step S 11 in FIG. 2 .
- the negotiation unit 11 can further receive the key derivation parameters from the MTC-IWF 20 .
- the negotiation unit 11 can derive the root key K_iwf and subkeys as shown at Step S 12 in FIG. 2 , and can verify the IWF SMC message received from the MTC-IWF 20 with the derived integrity subkey as shown at Step S 13 . As shown at Step S 14 , upon succeeding in the verification, the negotiation unit 11 protects the IWF SMC Complete message with the integrity subkey, and sends the protected IWF SMC Complete message to the MTC-IWF 20 . Upon failing in the verification, the negotiation unit 11 sends the IWF SMC Reject message to the MTC-IWF 20 .
- This negotiation unit 11 can be configured by, for example, a transceiver which conducts communication with the MTC-IWF 20 through the MME 30 and the RAN, a controller such as a CPU (Central Processing Unit) which controls this transceiver.
- a transceiver which conducts communication with the MTC-IWF 20 through the MME 30 and the RAN, a
- the MTC-IWF 20 includes a negotiation unit 21 which negotiates with the MTC UE 10 to establish the security association with the MTC UE 10 and the MTC-IWF 20 as shown in FIGS. 2 to 4 .
- the negotiation unit 21 can transfer messages for the negotiation to the MTC UE 10 thorough the MME 30 as shown in FIG. 3 .
- the negotiation unit 21 can send the algorithm ID to the MTC UE 10 as shown at Step S 11 in FIG. 2 .
- the negotiation unit 21 can further send the key derivation parameters to the MTC UE 10 .
- the negotiation unit 21 can protect the IWF SMC message with the integrity subkey.
- the negotiation unit 21 can verify the IWF SMC Complete message received from the MTC UE 10 with the integrity subkey as shown at Step S 15 in FIG. 2 .
- This negotiation unit 21 can be configured by, for example, a transceiver which conducts communication with the MTC UE 10 through the MME 30 and the RAN, a controller such as a CPU which controls this transceiver.
- application security between SCS and UE can protect trigger with confidentiality and integrity protection from eavesdropping or alteration.
- MME and UE can establish NAS security.
- the trigger forwarded from MME to UE can have NAS security protection but MME was not designed for MTC purposed such that it does not perform any verification of SCS or the trigger from it.
- MME forwards any trigger it receives, which makes NAS security insufficient.
- hop-by-hop security among MTC-IWF, MME and UE requires MME performing encryption/decryption, integrity check on both direction with MTC-IWF and UE when each trigger and response is received.
- the large amount of communication between UE and SCS will overload MME and NAS layer communication.
- MTC-IWF as the entrance element in the 3GPP network domain, authorizes SCS and its trigger request to a given UE, with support from HSS. MTC-IWF retrieves subscriber information and forwards the trigger from SCS to UE.
- MitM attack can happen over the interface for a roaming UE.
- a compromised MTC-IWF can replay, discard or alter the trigger message.
- the UE which is mutually authenticated to MME and HSS and has NAS security context established with MME, trusts messages received from MME. Thus a fake trigger will be easily delivered to UE since MME does not perform any verification.
- MTC-IWF should ensure the security of trigger delivery, provide the proof when SCS is authenticated and authorized to the network.
- Communication between UE and MTC-IWF should have confidentiality and integrity protection using the subkeys.
- the key hierarchy constitutes of a root key and a pair of confidentiality and integrity protection subkeys. Using a pair of subkeys makes it easy to perform key management. When the subkeys are expired or exposed, UE and MTC-IWF can simply derive another pair of subkeys from the root key they hold, instead of going all over again for key derivation and allocation.
- K_IWF is a root key that should be shared only between UE and MTC-IWF. It is used to derive a pair of subkeys K_IWFe and K_IWFi at UE and MTC-IWF separately. K_IWFe is the confidentiality key and K_IWFi is the integrity key. The two subkeys are used for protecting the control plane communication between UE and MTC-IWF.
- HSS send Kasme to MTC-IWF over interface S6m, and MTC-IWF derives the root key K_IWF from Kasme.
- the K_IWF should be stored in MTC-IWF and used for subkeys derivation.
- MTC-IWF derived subkeys from the root key After MTC-IWF derived subkeys from the root key, it indicates the parameters and algorithms to UE in the IWF SMC message.
- the message is integrity protected with integrity subkey K_IWFi.
- the UE should verify the integrity of the IWF security mode command message. If successfully verified, UE should start uplink confidentiality and integrity security protection. UE sends the IWF security mode complete message to MTC-IWF with integrity protection by using the integrity subkey K_IWFi it derived.
- the MTC-IWF should check the integrity protection on the IWF Security Mode Complete message using K_IWFi.
- the downlink ciphering at the MTC-IWF with the subkeys can start after receiving the IWF Security mode complete message.
- the uplink deciphering at the MTC-IWF with the subkeys can start after sending the IWF security mode command message.
- the UE should reply with a IWF security mode reject message.
- the IWF SMC procedure can be an independent procedure or carried in NAS SMC procedure, with the full message or necessary parameters only.
- KDF Key derivation function
- Root key should be renewed when a new Kasme is derived and sent to MTC-IWF. For handover between MMEs, there is no need to renew root key. For handover between MTC-IWF, a new root key should be derived.
- the subkeys K_IWFe and K_IWFi should be derived once after the root key is derived.
- the subkeys derivation also uses the same KDF, with K_IWF as input key.
- the truncation procedure as described in [TS33.401] can be used to obtain the subkeys K_IWFe and K_IWFi.
- Other input parameters include: counter, length of counter.
- K_IWFe is a key, which shall only be used for the protection of traffic between UE and MTC-IWF with a particular encryption algorithm.
- K_IWFi is a key, which shall only be used for the protection of traffic between UE and MTC-IWF with a particular integrity algorithm.
- New IWF SMC procedure for establishing security association between UE and MTC-IWF is a procedure for establishing security association between UE and MTC-IWF.
- MTC-IWF sends key derivation parameters (optional) and algorithm ID to UE in the IWF SMC message.
- IWF SMC message is protected by integrity subkey.
- K_iwf and subkeys verify the received IWF SMC message with the derived integrity subkey.
- MTC-IWF performs integrity verification of IWF SMC Complete with the integrity subkey it derived.
- HSS or MME sends MTC-IWF the algorithm ID that they used to derive K_iwf.
- HSS sends key derivation parameters and algorithm ID (optional) to MME.
- a communication system comprising:
- a node that is included in a network relaying traffic between an MTC device and a server being able to communicate with the MTC device, and that serves as a gateway to the network for the server, the node comprising:
- the node according to Supplementary note 31 wherein the negotiation means is configured to transfer messages for the negotiation to the MTC device through a different node that is included in the network and that can establish confidentiality and integrity protected connection with the MTC device.
- the node according to Supplementary note 31 or 32 wherein the negotiation means is configured to send an algorithm identifier to the MTC device, the algorithm identifier instructing the MTC device to select one of algorithms for deriving a root key, the root key being used for deriving at least a subkey to check the integrity of messages transferred between the MTC device and the node.
- the node according to Supplementary note 33 wherein the negotiation means is configured to further send, to the MTC device, parameters for the MTC device to derive the root key.
- the node according to any one of Supplementary notes 31 to 36 , comprising an MTC-IWF (MTC Inter-Working Function).
- MTC-IWF MTC Inter-Working Function
- An MTC device that communicates with a server through a network relaying traffic between the MTC device and the server, the MTC device comprising:
- the MTC device according to Supplementary note 38 , wherein the negotiation means is configured to transfer messages for the negotiation to the first node through a second node that is included in the network and that can establish confidentiality and integrity protected connection with the MTC device.
- the MTC device according to Supplementary note 39 , wherein the negotiation means is configured to send, to the network that can be confidential and integrity protected, parameters for the network to derive a root key, the root key being used for deriving at least a subkey to check the integrity of messages transferred between the MTC device and the first node.
- the MTC device according to Supplementary note 38 or 39 , wherein the negotiation means is configured to receive an algorithm identifier from the first node, the algorithm identifier instructing the MTC device to select one of algorithms for deriving a root key, the root key being used for deriving at least a subkey to check the integrity of messages transferred between the MTC device and the first node.
- the MTC device according to Supplementary note 41 , wherein the negotiation means is configured to further receive, from the first node, parameters for the MTC device to derive the root key.
- the MTC device according to Supplementary note 43 , wherein upon succeeding in the verification, the negotiation means is configured to:
- the MTC device according to Supplementary note 43 or 44 , wherein upon failing in the verification, the negotiation means is configured to send to the first node a response message indicating the failure.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Mobile Radio Communication Systems (AREA)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US16/444,517 US11122405B2 (en) | 2013-01-10 | 2019-06-18 | MTC key management for key derivation at both UE and network |
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2013-002981 | 2013-01-10 | ||
JP2013002981 | 2013-01-10 | ||
PCT/JP2014/000015 WO2014109283A1 (en) | 2013-01-10 | 2014-01-07 | Mtc key management for key derivation at both ue and network |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2014/000015 A-371-Of-International WO2014109283A1 (en) | 2013-01-10 | 2014-01-07 | Mtc key management for key derivation at both ue and network |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US16/444,517 Continuation US11122405B2 (en) | 2013-01-10 | 2019-06-18 | MTC key management for key derivation at both UE and network |
Publications (1)
Publication Number | Publication Date |
---|---|
US20150334560A1 true US20150334560A1 (en) | 2015-11-19 |
Family
ID=50000063
Family Applications (3)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US14/652,456 Abandoned US20150334560A1 (en) | 2013-01-10 | 2014-01-07 | Mtc key management for key derivation at both ue and network |
US16/444,517 Active US11122405B2 (en) | 2013-01-10 | 2019-06-18 | MTC key management for key derivation at both UE and network |
US17/394,930 Pending US20210368314A1 (en) | 2013-01-10 | 2021-08-05 | Mtc key management for key derivation at both ue and network |
Family Applications After (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US16/444,517 Active US11122405B2 (en) | 2013-01-10 | 2019-06-18 | MTC key management for key derivation at both UE and network |
US17/394,930 Pending US20210368314A1 (en) | 2013-01-10 | 2021-08-05 | Mtc key management for key derivation at both ue and network |
Country Status (6)
Country | Link |
---|---|
US (3) | US20150334560A1 (ko) |
EP (2) | EP3606001A1 (ko) |
JP (1) | JP2016500977A (ko) |
KR (4) | KR102123210B1 (ko) |
CN (1) | CN104919777A (ko) |
WO (1) | WO2014109283A1 (ko) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20160301673A1 (en) * | 2013-10-25 | 2016-10-13 | Zte Corporation | Method for Realizing Secure Communications among Machine Type Communication Devices and Network Entity |
US20170127277A1 (en) * | 2014-03-17 | 2017-05-04 | Zte Corporation | Method of establishing small data secure transmission connection for mtc device group, and hss and system |
US10075827B1 (en) | 2017-03-07 | 2018-09-11 | At&T Intellectual Proprety I, L.P. | System and method for machine to machine subscriber information and retrieval protection |
US20190058767A1 (en) * | 2016-01-22 | 2019-02-21 | Nokia Solutions And Networks Oy | Application relocation between clouds |
US10454909B2 (en) * | 2014-12-23 | 2019-10-22 | Zte Corporation | Key negotiation method and system, network entity and computer storage medium |
US20190387404A1 (en) * | 2016-01-05 | 2019-12-19 | Huawei Technologies Co., Ltd. | Mobile communication method, apparatus, and device |
US20220053325A1 (en) * | 2019-04-28 | 2022-02-17 | Huawei Technologies Co., Ltd. | Information obtaining method and apparatus |
Families Citing this family (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP4027576B1 (en) | 2014-01-13 | 2023-11-22 | Visa International Service Association | Efficient methods for protecting identity in authenticated transmissions |
CN111355749A (zh) | 2014-06-18 | 2020-06-30 | 维萨国际服务协会 | 用于已认证的通信的高效方法 |
US9992670B2 (en) * | 2014-08-12 | 2018-06-05 | Vodafone Ip Licensing Limited | Machine-to-machine cellular communication security |
CN111756533B (zh) | 2014-08-29 | 2023-07-04 | 维萨国际服务协会 | 用于安全密码生成的系统、方法和存储介质 |
WO2016123264A1 (en) | 2015-01-27 | 2016-08-04 | Visa International Service Association | Methods for secure credential provisioning |
CN107251476A (zh) | 2015-02-13 | 2017-10-13 | 维萨国际服务协会 | 保密通信管理 |
ITUB20159820A1 (it) * | 2015-12-31 | 2017-07-01 | Merendels S R L | Sistema di criptazione per le comunicazioni nell?internet delle cose |
SG11201807726QA (en) | 2016-06-07 | 2018-10-30 | Visa Int Service Ass | Multi-level communication encryption |
US11540125B2 (en) | 2017-03-17 | 2022-12-27 | Nec Corporation | Authentication device, network device, communication system, authentication method, and non-transitory computer readable medium |
US11831655B2 (en) | 2017-10-02 | 2023-11-28 | Qualcomm Incorporated | Incorporating network policies in key generation |
Citations (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20100095123A1 (en) * | 2007-08-31 | 2010-04-15 | Huawei Technologies Co., Ltd. | Method, system and device for negotiating security capability when terminal moves |
US20100159882A1 (en) * | 2007-09-29 | 2010-06-24 | Huawei Technologies Co., Ltd. | Method, System and Apparatus for Negotiating Security Capabilities During Movement of UE |
US20100291933A1 (en) * | 2007-12-24 | 2010-11-18 | Sung Ho Choi | System and method of handover decision for inter rat handover |
US8116775B2 (en) * | 2006-09-28 | 2012-02-14 | Samsung Electronics Co., Ltd | System and method of providing user equipment initiated and assisted backward handover in heterogeneous wireless networks |
US20120207094A1 (en) * | 2011-02-16 | 2012-08-16 | Liao Ching-Yu | Service networks and methods for handling machine type communication device triggering |
US20120263298A1 (en) * | 2009-12-31 | 2012-10-18 | Samsung Electronics Co. Ltd. | Method and system for supporting security in a mobile communication system |
US20120297193A1 (en) * | 2010-01-29 | 2012-11-22 | Huawei Technologies Co., Ltd. | Mtc device authentication method, mtc gateway, and related device |
US20140038549A1 (en) * | 2012-08-02 | 2014-02-06 | Openet Telecom Ltd. | System and Method for Controlling Advanced Triggering Operations in a Telecommunication Network |
US9031535B2 (en) * | 2009-02-16 | 2015-05-12 | Telefonaktiebolaget L M Ericsson (Publ) | Un-ciphered network operation solution |
US20150172909A1 (en) * | 2012-06-22 | 2015-06-18 | Nokia Solutions And Networks Oy | Machine type communication interworking function |
US20170257843A1 (en) * | 2011-12-14 | 2017-09-07 | Interdigital Patent Holdings, Inc. | Method and apparatus for triggering machine type communications applications |
Family Cites Families (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7574599B1 (en) * | 2002-10-11 | 2009-08-11 | Verizon Laboratories Inc. | Robust authentication and key agreement protocol for next-generation wireless networks |
WO2005101793A1 (en) * | 2004-04-14 | 2005-10-27 | Nortel Networks Limited | Securing home agent to mobile node communication with ha-mn key |
JP4664050B2 (ja) * | 2004-07-01 | 2011-04-06 | 株式会社エヌ・ティ・ティ・ドコモ | 認証ベクトル生成装置、加入者認証モジュール、移動通信システム、認証ベクトル生成方法、演算方法及び加入者認証方法 |
WO2009088252A2 (en) * | 2008-01-09 | 2009-07-16 | Lg Electronics Inc. | Pre-authentication method for inter-rat handover |
ES2393577T3 (es) * | 2008-04-02 | 2012-12-26 | Nokia Siemens Networks Oy | Seguridad para un acceso no 3GPP a un sistema de paquetes evolucionado |
US8195991B2 (en) * | 2008-06-20 | 2012-06-05 | Qualcomm Incorporated | Handling of integrity check failure in a wireless communication system |
EP2315371A4 (en) * | 2008-08-15 | 2015-10-14 | Samsung Electronics Co Ltd | SAFETY PROTECTED METHOD FOR SUPPORTING NON-ACCESSIBLE LAYER PROTOCOL OPERATION IN A MOBILE TELECOMMUNICATIONS SYSTEM |
CN101600205B (zh) * | 2009-07-10 | 2011-05-04 | 华为技术有限公司 | Sim卡用户设备接入演进网络的方法和相关设备 |
WO2011085810A1 (en) * | 2010-01-14 | 2011-07-21 | Nokia Siemens Networks Oy | Method and device for data processing in a wireless network |
US9385862B2 (en) * | 2010-06-16 | 2016-07-05 | Qualcomm Incorporated | Method and apparatus for binding subscriber authentication and device authentication in communication systems |
JP2013002981A (ja) | 2011-06-17 | 2013-01-07 | Seiko Epson Corp | センサーデバイス、およびその製造方法 |
BR112015008453A2 (pt) * | 2012-10-29 | 2017-07-04 | Ericsson Telefon Ab L M | proteção de uma carga útil enviada em uma rede de comunicações |
-
2014
- 2014-01-07 KR KR1020207005588A patent/KR102123210B1/ko active IP Right Grant
- 2014-01-07 CN CN201480004552.8A patent/CN104919777A/zh active Pending
- 2014-01-07 US US14/652,456 patent/US20150334560A1/en not_active Abandoned
- 2014-01-07 KR KR1020177034893A patent/KR101978084B1/ko active IP Right Grant
- 2014-01-07 KR KR1020157021336A patent/KR101807487B1/ko active IP Right Grant
- 2014-01-07 EP EP19191610.5A patent/EP3606001A1/en active Pending
- 2014-01-07 KR KR1020197012917A patent/KR102084902B1/ko active IP Right Grant
- 2014-01-07 EP EP14701131.6A patent/EP2944067B1/en active Active
- 2014-01-07 JP JP2015538835A patent/JP2016500977A/ja active Pending
- 2014-01-07 WO PCT/JP2014/000015 patent/WO2014109283A1/en active Application Filing
-
2019
- 2019-06-18 US US16/444,517 patent/US11122405B2/en active Active
-
2021
- 2021-08-05 US US17/394,930 patent/US20210368314A1/en active Pending
Patent Citations (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8116775B2 (en) * | 2006-09-28 | 2012-02-14 | Samsung Electronics Co., Ltd | System and method of providing user equipment initiated and assisted backward handover in heterogeneous wireless networks |
US20100095123A1 (en) * | 2007-08-31 | 2010-04-15 | Huawei Technologies Co., Ltd. | Method, system and device for negotiating security capability when terminal moves |
US20100159882A1 (en) * | 2007-09-29 | 2010-06-24 | Huawei Technologies Co., Ltd. | Method, System and Apparatus for Negotiating Security Capabilities During Movement of UE |
US20100291933A1 (en) * | 2007-12-24 | 2010-11-18 | Sung Ho Choi | System and method of handover decision for inter rat handover |
US9031535B2 (en) * | 2009-02-16 | 2015-05-12 | Telefonaktiebolaget L M Ericsson (Publ) | Un-ciphered network operation solution |
US20120263298A1 (en) * | 2009-12-31 | 2012-10-18 | Samsung Electronics Co. Ltd. | Method and system for supporting security in a mobile communication system |
US20120297193A1 (en) * | 2010-01-29 | 2012-11-22 | Huawei Technologies Co., Ltd. | Mtc device authentication method, mtc gateway, and related device |
US20120207094A1 (en) * | 2011-02-16 | 2012-08-16 | Liao Ching-Yu | Service networks and methods for handling machine type communication device triggering |
US20170257843A1 (en) * | 2011-12-14 | 2017-09-07 | Interdigital Patent Holdings, Inc. | Method and apparatus for triggering machine type communications applications |
US20150172909A1 (en) * | 2012-06-22 | 2015-06-18 | Nokia Solutions And Networks Oy | Machine type communication interworking function |
US20140038549A1 (en) * | 2012-08-02 | 2014-02-06 | Openet Telecom Ltd. | System and Method for Controlling Advanced Triggering Operations in a Telecommunication Network |
Non-Patent Citations (1)
Title |
---|
Jain, Puneet, Peter Hedman, and Haris Zisimopoulos. "Machine type communications in 3GPP systems." IEEE Communications Magazine 50.11 (2012): 28-35. (Year: 2012) * |
Cited By (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20160301673A1 (en) * | 2013-10-25 | 2016-10-13 | Zte Corporation | Method for Realizing Secure Communications among Machine Type Communication Devices and Network Entity |
US20170127277A1 (en) * | 2014-03-17 | 2017-05-04 | Zte Corporation | Method of establishing small data secure transmission connection for mtc device group, and hss and system |
US10454909B2 (en) * | 2014-12-23 | 2019-10-22 | Zte Corporation | Key negotiation method and system, network entity and computer storage medium |
US11310266B2 (en) * | 2016-01-05 | 2022-04-19 | Huawei Technologies Co., Ltd. | Mobile communication method, apparatus, and device |
US20240098112A1 (en) * | 2016-01-05 | 2024-03-21 | Huawei Technologies Co., Ltd. | Mobile communication method, apparatus, and device |
US20190387404A1 (en) * | 2016-01-05 | 2019-12-19 | Huawei Technologies Co., Ltd. | Mobile communication method, apparatus, and device |
US10944786B2 (en) * | 2016-01-05 | 2021-03-09 | Huawei Technologies Co., Ltd. | Mobile communication method, apparatus, and device |
US11736519B2 (en) * | 2016-01-05 | 2023-08-22 | Huawei Technologies Co., Ltd. | Mobile communication method, apparatus, and device |
US20220321599A1 (en) * | 2016-01-05 | 2022-10-06 | Huawei Technologies Co., Ltd. | Mobile communication method, apparatus, and device |
US20190058767A1 (en) * | 2016-01-22 | 2019-02-21 | Nokia Solutions And Networks Oy | Application relocation between clouds |
US10547991B2 (en) | 2017-03-07 | 2020-01-28 | At&T Intellectual Property I, L.P. | System and method for machine to machine subscriber information and retrieval protection |
US10952053B2 (en) | 2017-03-07 | 2021-03-16 | At&T Intellectual Property I, L.P. | System and method for machine to machine subscriber information and retrieval protection |
US10075827B1 (en) | 2017-03-07 | 2018-09-11 | At&T Intellectual Proprety I, L.P. | System and method for machine to machine subscriber information and retrieval protection |
US20220053325A1 (en) * | 2019-04-28 | 2022-02-17 | Huawei Technologies Co., Ltd. | Information obtaining method and apparatus |
US11877150B2 (en) * | 2019-04-28 | 2024-01-16 | Huawei Technologies Co., Ltd. | Information obtaining method and apparatus |
Also Published As
Publication number | Publication date |
---|---|
EP2944067B1 (en) | 2023-03-01 |
US20210368314A1 (en) | 2021-11-25 |
WO2014109283A1 (en) | 2014-07-17 |
KR101978084B1 (ko) | 2019-05-13 |
KR102084902B1 (ko) | 2020-03-04 |
KR20190051086A (ko) | 2019-05-14 |
KR20150104189A (ko) | 2015-09-14 |
EP2944067A1 (en) | 2015-11-18 |
US20190306684A1 (en) | 2019-10-03 |
KR102123210B1 (ko) | 2020-06-15 |
KR20200023531A (ko) | 2020-03-04 |
JP2016500977A (ja) | 2016-01-14 |
KR101807487B1 (ko) | 2017-12-11 |
KR20170138581A (ko) | 2017-12-15 |
US11122405B2 (en) | 2021-09-14 |
CN104919777A (zh) | 2015-09-16 |
EP3606001A1 (en) | 2020-02-05 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11122405B2 (en) | MTC key management for key derivation at both UE and network | |
CN107079023B (zh) | 用于下一代蜂窝网络的用户面安全 | |
EP2140606B1 (en) | Key refresh sae/lte system | |
US20130163762A1 (en) | Relay node device authentication mechanism | |
US20110305339A1 (en) | Key Establishment for Relay Node in a Wireless Communication System | |
US20190036694A1 (en) | Operator-Assisted Key Establishment | |
US20150229620A1 (en) | Key management in machine type communication system | |
US11388568B2 (en) | MTC key management for sending key from network to UE | |
US11570161B2 (en) | Devices and method for MTC group key management | |
KR101670743B1 (ko) | 트래픽 카운트 키 및 키 카운트 관리 방법 및 장치 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: NEC CORPORATION, JAPAN Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:ZHANG, XIAOWEI;PRASAD, ANAND RAGHAWA;REEL/FRAME:036564/0591 Effective date: 20150909 |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: FINAL REJECTION MAILED |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: ADVISORY ACTION MAILED |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: NON FINAL ACTION MAILED |
|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |