US20220377557A1 - Wireless communications - Google Patents
Wireless communications Download PDFInfo
- Publication number
- US20220377557A1 US20220377557A1 US17/837,918 US202217837918A US2022377557A1 US 20220377557 A1 US20220377557 A1 US 20220377557A1 US 202217837918 A US202217837918 A US 202217837918A US 2022377557 A1 US2022377557 A1 US 2022377557A1
- Authority
- US
- United States
- Prior art keywords
- terminal device
- user plane
- integrity protection
- plane data
- network node
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000004891 communication Methods 0.000 title description 3
- 230000010267 cellular communication Effects 0.000 claims abstract description 38
- 230000004913 activation Effects 0.000 claims abstract description 30
- 238000000034 method Methods 0.000 claims description 89
- 230000003213 activating effect Effects 0.000 claims description 45
- 230000004044 response Effects 0.000 claims description 28
- 238000004590 computer program Methods 0.000 claims description 12
- 230000001413 cellular effect Effects 0.000 abstract description 17
- 238000012545 processing Methods 0.000 description 13
- 230000006870 function Effects 0.000 description 11
- 230000011664 signaling Effects 0.000 description 7
- 238000005516 engineering process Methods 0.000 description 6
- 239000013256 coordination polymer Substances 0.000 description 4
- 238000010586 diagram Methods 0.000 description 4
- 230000001960 triggered effect Effects 0.000 description 4
- 241000700159 Rattus Species 0.000 description 3
- 230000007246 mechanism Effects 0.000 description 3
- 238000009795 derivation Methods 0.000 description 2
- 239000000463 material Substances 0.000 description 2
- 238000005259 measurement Methods 0.000 description 2
- 238000010295 mobile communication Methods 0.000 description 2
- 230000000737 periodic effect Effects 0.000 description 2
- 230000002776 aggregation Effects 0.000 description 1
- 238000004220 aggregation Methods 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 239000000969 carrier Substances 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000005265 energy consumption Methods 0.000 description 1
- 230000007774 longterm Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 229920000747 poly(lactic acid) Polymers 0.000 description 1
- 230000008569 process Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/041—Key generation or derivation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/10—Integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/10—Integrity
- H04W12/106—Packet or message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W84/00—Network topologies
- H04W84/02—Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
- H04W84/04—Large scale networks; Deep hierarchical networks
- H04W84/042—Public Land Mobile systems, e.g. cellular systems
Definitions
- This invention relates to a method of operation of a terminal device and one or more network nodes in a cellular communications network.
- the Cellular Internet of Things is a new radio technology that is able to provide extended coverage for harsh environments, for example, basements, and is designed to serve massive number of UEs (over 50,000 per base station) using a very limited bandwidth (e.g. 160 bps).
- GERAN GSM EDGE Radio Access Network
- GPRS General Packet Radio Service
- CIoT The assumption for CIoT is that the Universal Mobile Telecommunications System (UMTS) Authentication and Key Agreement (AKA) is run at the GPRS Mobility Management and Session Management (GMM/SM) layer creating the keying material, and the integrity protection is done at the Logical Link Control (LLC) layer using the integrity key (IK′) created with the key derivation function from the UMTS AKA session keys.
- UMTS Universal Mobile Telecommunications System
- AKA Authentication and Key Agreement
- GMM/SM GPRS Mobility Management and Session Management
- IK′ integrity key
- a method of operation of a terminal device in a cellular communications network comprises:
- the method may comprise, before activating integrity protection for the user plane data: sending a request message from the terminal device to a second network node, wherein the request message also indicates the ability of the terminal device to use integrity protection for user plane data.
- the request message may also specify at least one algorithm that the terminal device is capable of using for integrity protection of user plane data.
- the message may be a GMM Attach Request message, a EMM Attach Request message, a GMM Routing Area Update Request message, or a EMM Tracking Area Update Request message.
- the request message may further indicate whether or not the terminal device wishes to use integrity protection for user plane data.
- the method may comprise activating integrity protection for the user plane data in response to receiving a return message from the second network node, the return message specifying that integrity protection is to be used for the user plane data.
- the method may comprise activating integrity protection for the user plane data in the LLC layer, in response to an activation message from the GMM layer.
- the method may comprise activating integrity protection for the user plane data in the PDCP layer, in response to an activation message from the RRC layer.
- the method may comprise activating integrity protection for the user plane data in the RLC or MAC layer, in response to an activation message from the GMM layer.
- the activation message from the GMM layer to the LLC layer may specify an integrity key and an integrity algorithm to be used.
- the activation message from the RRC layer to the PDCP layer may specify an integrity key and an integrity algorithm to be used.
- the method comprises activating integrity protection for the user plane data in the RLC or MAC layer
- the activation message from the GMM layer to the RLC or MAC layer may specify an integrity key and an integrity algorithm to be used.
- the method may then comprise deriving said integrity key by running UMTS AKA on the USIM.
- the integrity algorithm to be used may be specified in a message received from the second network node.
- the first and second network nodes may be combined in an SGSN, or in an eNB, or in a Node-B or RNC, or the first network node may be a UPPE and the second network node an ASME.
- the entity taking the role of UPPE may be a 3G Node-B, or a 3G RNC.
- the method may comprise using null encryption for the user plane data.
- a method of operation of a network node in a cellular communications network comprises: activating integrity protection for user plane data transferred between the network node and a terminal device of the cellular communications network.
- the method may comprise, before activating integrity protection for the user plane data: receiving a request message from the terminal device, wherein the request message also indicates the ability of the terminal device to use integrity protection for user plane data.
- the request message may also specify at least one algorithm that the terminal device is capable of using for integrity protection of user plane data.
- the message may be a GMM Attach Request message, a EMM Attach Request message, a GMM Routing Area Update Request message, or a EMM Tracking Area Update Request message.
- the request message may further indicate whether or not the terminal device wishes to use integrity protection for user plane data.
- the method may comprise activating integrity protection for the user plane data after sending a return message to the terminal device, the return message specifying that integrity protection is to be used for the user plane data.
- the return message to the terminal device may specify an integrity key and an integrity algorithm to be used.
- the method may comprise activating integrity protection for the user plane data in the LLC layer, in response to an activation message from the GMM layer.
- the method may comprise activating integrity protection for the user plane data in the PDCP layer, in response to an activation message from the RRC layer.
- the method may comprise activating integrity protection for the user plane data in the RLC or MAC layer, in response to an activation message from the GMM layer.
- the activation message from the GMM layer to the LLC layer may specify an integrity key and an integrity algorithm to be used.
- the activation message from the RRC layer to the PDCP layer may specify an integrity key and an integrity algorithm to be used.
- the method comprises activating integrity protection for the user plane data in the RLC or MAC layer
- the activation message from the GMM layer to the RLC or MAC layer may specify an integrity key and an integrity algorithm to be used.
- the integrity key and integrity algorithm specified in the activation message may be the same as the integrity key and integrity algorithm specified in the return message.
- the method may comprise deriving said integrity key before specifying it in the return message or the activation message.
- the method may comprise determining the integrity algorithm to be used based on a message received from the terminal device specifying at least one algorithm that the terminal device is capable of using for integrity protection of user plane data.
- the method may comprise activating integrity protection for user plane data transferred between the network node and a terminal device of the cellular communications network in response to receiving a message from a further network node indicating the wish of the further network node to use integrity protection for said user plane data.
- the further network node may be a HSS, or a SCEF.
- the network node may be a SGSN, an eNB, Node-B or an RNC.
- the method may comprise using null encryption for the user plane data.
- a method of operation of a first network node in a cellular communications network comprises: activating integrity protection for user plane data transferred between the first network node and a terminal device of the cellular communications network.
- the method may comprise activating integrity protection for the user plane data in response to receiving a message from a second network node, said message specifying that integrity protection is to be used for the user plane data.
- the message from the second network node may specify an integrity key to be used for said integrity protection, and/or an integrity algorithm to be used for said integrity protection.
- the method may further comprise, before activating said integrity protection, negotiating with the terminal device an integrity algorithm to be used for said integrity protection.
- the method may comprise activating integrity protection for the user plane data in the LLC layer.
- the first network node may be a UPPE, or a 3G Node-B, or a 3G RNC, or a GGSN, or a P-GW, or an eNB, or a S-GW.
- the second network node may be an ASME.
- the method may comprise using null encryption for the user plane data.
- a method of operation of a second network node in a cellular communications network comprises: activating integrity protection for user plane data transferred between a first network node and a terminal device of the cellular communications network.
- the method may comprise, before activating integrity protection for the user plane data: receiving a request message from the terminal device, wherein the request message also indicates the ability of the terminal device to use integrity protection for user plane data.
- the request message may also specify at least one algorithm that the terminal device is capable of using for integrity protection of user plane data.
- the message may be a GMM Attach Request message, or a GMM Routing Area Update Request message.
- the request message may further indicate whether or not the terminal device wishes to use integrity protection for user plane data.
- the method may comprise activating integrity protection for the user plane data after sending a return message to the terminal device, the return message specifying that integrity protection is to be used for the user plane data.
- the return message to the terminal device may then specify an integrity key to be used, and/or an integrity algorithm to be used.
- the method may comprise activating integrity protection for the user plane data by sending a message to the first network node.
- the message to the first network node may specify an integrity key to be used, and/or may specify an integrity algorithm to be used.
- the method may comprise deriving said integrity key before specifying it in the return message or said message to the first network node.
- the method may comprise determining the integrity algorithm to be used based on a message received from the terminal device specifying at least one algorithm that the terminal device is capable of using for integrity protection of user plane data.
- the method may further comprise activating integrity protection for user plane data transferred between the network node and a terminal device of the cellular communications network in response to receiving a message from a further network node indicating the wish of the further network node to use integrity protection for said user plane data.
- the further network node may be a HSS, or a SCEF.
- the second network node may be an ASME.
- the first network node may be a UPPE, or a 3G Node-B, or a 3G RNC, or a GGSN, or a P-GW, or an eNB, or a S-GW.
- terminal devices and network nodes configured to operate in accordance with these aspects.
- a UE such as a Cellular IoT UE
- a network node such as a SGSN
- LLC layer integrity protection for both control plane and user plane data.
- Use of integrity protection for user data can be negotiated.
- the network node may wish to use user data integrity protection if null-encryption is used. It can also be used e.g. if the CIoT UE has limited security capabilities, or if the HN wishes so.
- FIG. 1 illustrates a part of a cellular communications network.
- FIG. 2 illustrates a terminal device in the network of FIG. 1 .
- FIG. 3 illustrates a network node in the network of FIG. 1 .
- FIG. 4 illustrates protocols in use in the network of FIG. 1 .
- FIG. 5 is a signalling diagram.
- FIG. 6 is a signalling diagram.
- FIG. 7 is a signalling diagram.
- FIG. 8 is a signalling diagram.
- FIG. 9 illustrates a terminal device in the network of FIG. 1 .
- FIG. 10 illustrates a network node in the network of FIG. 1 .
- FIG. 11 illustrates a first network node in a cellular communications network.
- FIG. 12 illustrates a second network node in the network of FIG. 1 .
- FIG. 13 is a flow chart, illustrating a method of operation of a terminal device in a cellular communications network.
- FIG. 14 is a flow chart, illustrating a method of operation of a network node in a cellular communications network.
- FIG. 15 is a flow chart, illustrating a method of operation of a first network node in a cellular communications network.
- FIG. 16 is a flow chart, illustrating a method of operation of a second network node in a cellular communications network.
- Nodes that communicate using the air interface also have suitable radio communications circuitry.
- the technology can additionally be considered to be embodied entirely within any form of computer-readable memory, such as solid-state memory, magnetic disk, or optical disk containing an appropriate set of computer instructions that would cause a processor to carry out the techniques described herein.
- Hardware implementation may include or encompass, without limitation, digital signal processor (DSP) hardware, a reduced instruction set processor, hardware (e.g., digital or analog) circuitry including but not limited to application specific integrated circuit(s) (ASIC) and/or field programmable gate array(s) (FPGA(s)), and (where appropriate) state machines capable of performing such functions.
- DSP digital signal processor
- ASIC application specific integrated circuit
- FPGA field programmable gate array
- a computer is generally understood to comprise one or more processors, one or more processing modules or one or more controllers, and the terms computer, processor, processing module and controller may be employed interchangeably.
- the functions may be provided by a single dedicated computer or processor or controller, by a single shared computer or processor or controller, or by a plurality of individual computers or processors or controllers, some of which may be shared or distributed.
- the term “processor” or “controller” also refers to other hardware capable of performing such functions and/or executing software, such as the example hardware recited above.
- UE user equipment
- UE user equipment
- a UE herein may comprise a UE (in its general sense) capable of operating or at least performing measurements in one or more frequencies, carrier frequencies, component carriers or frequency bands. It may be a “UE” operating in single- or multi-radio access technology (RAT) or multi-standard mode.
- RAT radio access technology
- mobile device and “terminal device” may be used interchangeably in the following description, and it will be appreciated that such a device does not necessarily have to be ‘mobile’ in the sense that it is carried by a user.
- mobile device encompasses any device that is capable of communicating with communication networks that operate according to one or more mobile communication standards, such as the Global System for Mobile communications, GSM, UMTS, Long-Term Evolution, LTE, etc.
- a cell is associated with a base station, where a base station comprises in a general sense any network node transmitting radio signals in the downlink (DL) and/or receiving radio signals in the uplink (UL).
- Some example base stations, or terms used for describing base stations are eNodeB, eNB, NodeB, macro/micro/pico/femto radio base station, home eNodeB (also known as femto base station), relay, repeater, sensor, transmitting-only radio nodes or receiving-only radio nodes, or WLAN access point (AP).
- a base station may operate or at least perform measurements in one or more frequencies, carrier frequencies or frequency bands and may be capable of carrier aggregation. It may also be a single-radio access technology (RAT), multi-RAT, or multi-standard node, e.g., using the same or different base band modules for different RATs.
- RAT radio access technology
- FIG. 1 illustrates a part of a network 10 .
- the network 10 comprises a basestation 12 connected to a Cellular Internet of Things (CIoT) terminal device (UE) 20 and a Serving GPRS Support Node (SGSN) 30 .
- CCIoT Cellular Internet of Things
- UE terminal device
- SGSN Serving GPRS Support Node
- the terminal device may be a user equipment device or may be a device that connects automatically to the network as required, and may be fixed or portable.
- FIG. 2 shows a terminal device (UE) 20 that can be adapted or configured to operate according to one or more of the non-limiting example embodiments described.
- the UE 20 comprises a processor or processing unit 22 that controls the operation of the UE 20 .
- the processing unit 22 is connected to a transceiver unit 24 (which comprises a receiver and a transmitter) with associated antenna(s) 26 which are used to transmit signals to and receive signals from a base station 12 in the network 10 .
- the UE 20 also comprises a memory or memory unit 28 that is connected to the processing unit 22 and that contains instructions or computer code executable by the processing unit 22 and other information or data required for the operation of the UE 20 .
- the memory or memory unit 28 may contain instructions executable by said processing unit 22 , whereby said terminal device is operative to activate integrity protection of user plane data transferred between the terminal device and a first network node of the cellular communications network.
- the terminal device is a Cellular Internet of Things UE.
- the same methods can be used by other UEs than Cellular IoT UEs.
- FIG. 3 shows a network node (which in this illustrated embodiment is a Serving GPRS Support Node (SGSN)) 30 that can be adapted or configured to operate according to one or more of the non-limiting example embodiments described.
- the SGSN 30 comprises a processor or processing unit 32 that controls the operation of the SGSN 30 .
- the processing unit 32 is connected to a transceiver unit 34 (which comprises a receiver and a transmitter) with associated antenna(s) 36 which are used to transmit signals to and receive signals from terminal device(s) 20 , via basestations 12 in the network 10 .
- a transceiver unit 34 which comprises a receiver and a transmitter
- antenna(s) 36 which are used to transmit signals to and receive signals from terminal device(s) 20 , via basestations 12 in the network 10 .
- the SGSN 30 also comprises a memory or memory unit 38 that is connected to the processing unit 32 and that contains instructions or computer code executable by the processing unit 32 and other information or data required for the operation of the SGSN 30 .
- the memory or memory unit 38 contains instructions executable by the processing unit 32 , whereby said network node is operative to activate integrity protection for user plane data transferred between the network node and a terminal device of the cellular communications network.
- the network node having essentially the same structure as shown in FIG.
- eNB 3 might take the form of an eNB, a Node-B or Radio Network Controller (RNC), or a UPPE, which may then be a 3G Node-B, a 3G RNC, a Gateway GPRS Support Node (GGSN), a PDN Gateway (P-GW), or a Serving Gateway (S-GW).
- RNC Radio Network Controller
- UPPE Packet Data Network Controller
- FIG. 4 illustrates a protocol layer control plane in Gb mode.
- the Universal Mobile Telecommunications System (UMTS) Authentication and Key Agreement (AKA) is run at the GPRS Mobility Management and Session Management (GMM/SM) layer creating the keying material (CK, IK).
- the integrity protection is done at the Logical Link Control (LLC) layer using the integrity key (IK′) created with the key derivation function from the UMTS AKA session keys.
- Integrity protection could be supported by the LLC layer in order to be able to protect layer 3 control signalling messages as GMM messages, SM messages and also SMS etc. As described herein, it could also be used to protect the user data.
- Null-encryption is assumed to be needed in certain CIoT markets where encryption is not allowed. This essentially means that the user plane data would be sent unprotected. This may cause significant increase to the frequency of authentication, and in this way, it shortens the expected lifetime of battery in CIoT UE.
- GERAN has been analysing the Power Saving modes for MTC Devices, for example in 3GPP TR 43.869 v13.0.0.
- the study focuses on specifying the Power Saving in the way that the energy consumption can be minimized, and consequently ten years of better lifetime for the CIoT UE can be guaranteed.
- the study assumes a limited use case, i.e. stationary CIoT UEs that are using the extended coverage offered by eGPRS but that are limited in reachability and battery capacity.
- the CIoT UE In network triggered traffic mode, the CIoT UE is sending a report to the network entity, typically only when triggered by the network to do so. This requires that the CIoT UE must be reachable as a result of network paging. There are two different phases in implementing the reachability. The first one is immediately after every report sending period when it can be guaranteed that that the CIoT UE is reachable long enough to receive triggers from the network. The second one is for making sure that the CIoT UE is reachable later within the sleeping mode, and wakes up periodically to see if there are new incoming paging messages. The longer the device can remain in the power saving state, the larger the power saving.
- FIG. 5 illustrates the network triggered traffic mode.
- the triggering packets are user plane data; however, they could also be part of control plane.
- the CIoT UE and BSS exchange some unprotected signalling messages before the CIoT UE starts sending user plane data.
- the user plane data can also be sent unprotected if encryption is not used.
- the CIoT UE In mobile autonomous reporting mode, the CIoT UE is sending data autonomously, e.g. in a periodic manner.
- the network may adjust the exact time for reporting in order to balance the network traffic load at specific times. Reachability may still be possible via paging or immediately after the reporting events but it is also possible that the reachability is not needed or used. In the most optimized case, there are no periodical RAUs if the RAU Timer value is configured to be just bigger than the periodic UE wake-up/reporting time.
- FIG. 6 illustrates the mobile autonomous reporting. It can be seen from the figure that the CIoT UE and BSS exchange some unprotected signalling messages before the CIoT UE starts sending user plane data. Again, according to all current solution proposals in TR 33.860 v0.3.0, the user plane data can also be sent unprotected if encryption is not used.
- the integrity protection mechanism that is currently being specified at LLC layer to protect the control plane is re-used to protect the user plane.
- This solution describes how the integrity protection of user data is negotiated between CIoT UE and SGSN.
- the CIoT UE may indicate the ability of using integrity protection for user plane protection to the network (e.g. SGSN) in e.g. the GMM Attach Request or GMM Routing Area Update Request, together with other CIoT UE security capabilities.
- the CIoT UE may also indicate the wish of using or not using integrity protection of user data.
- the SGSN may echo back the CIoT UE's security capabilities received in GMM Attach Request message or GMM Routing Area Update Request message back to the CIoT UE in an integrity protected GMM message, so that the CIoT UE is able to check if the received CIoT UE's security capabilities matches with the CIoT UE's security capability it sent in GMM Attach Request message or GMM Routing Area Update Request message to the SGSN.
- CIoT UE's security capabilities includes the supported integrity protect algorithms and the supported encryption algorithms in the CIoT UE. This invention would add the support of specified integrity protection algorithms for user plane protection too.
- the solution includes some variants for also Home Subscriber Server (HSS) or Service Capability Exposure Function (SCEF) to indicate the wish of using integrity protection of user data to SGSN.
- HSS Home Subscriber Server
- SCEF Service Capability Exposure Function
- the integrity protection could be tied to the use of null-encryption, in which case the use of user plane integrity protection would be an integral part of the use of null-encryption algorithm GEA0.
- FIG. 7 illustrates a method in which integrity protection for user plane data is established, in the case of a 3G network.
- the GMM layer in the CIoT UE should start or activate integrity protection of user plane in the LLC layer when a successful run of UMTS AKA on the USIM has taken place.
- the GMM layer sends an indication to the LLC layer to handle this.
- This indication is internal to the CIoT UE and SGSN. This applies to both CIoT UE and SGSN.
- the indication from the GMM layer to the LLC layer may include the integrity key Kti_UP and the selected integrity algorithm.
- the integrity key for user plane Kti_UP may be different from the integrity key for the control plane Kti_CP.
- the algorithm may be the same as for the integrity protection of control plane, and could be indicated using a single parameter. This applies to both CIoT UE and SGSN.
- the integrity algorithm negotiation procedure is described below, similar to cipher algorithm negotiation.
- integrity protection of user plane is activated in LLC layer after CIoT UE has received the Attach Accept message or Routing Area Update Accept from SGSN.
- the illustrated embodiment includes four new parameters: (1) UPI_cap (user plane integrity protection capability): this is a parameter in MS network capabilities indicating that the CIoT UE is capable of integrity protecting the user plane. (2) UPI_wish_UE (wish of using user plane integrity protection from UE side): this is an optional parameter that the UE may add to the Attach Request indicating that UE wish to use the integrity protection of user plane. (3) UPI_wish_HN (wish of using user plane integrity protection from the Home Network side): this is an optional parameter that the Home Network (e.g. HSS) may add to the AVs indicating that integrity protection of user plane should be used. (Note that in another variant, this is not a wish but a mandatory command for turning the integrity protection on.). (4) UPI (user plane integrity protection used): this is a parameter in Authentication and Ciphering Request indicating to the UE that user plane shall be integrity protected; this parameter is added by SGSN.
- UPI_cap user plane integrity protection capability
- the Cellular IoT UE sends attach request to SGSN.
- the cipher algorithms and integrity algorithms supported by the Cellular IoT UE are included in the MS network capability parameters (not shown in the Figure).
- the cellular IoT UE includes its IMSI, and the following new parameters: “UPI_cap: yes” indicating that the CIoT UE is capable of protecting the integrity of user plane, and, optionally, “UPI_wish_UE: yes” indicating that the CIoT UE is wishing to integrity protect the user plane. “UPI_cap” is also optional if all UEs support this feature.
- the owner of the CIoT UE could configure the use of integrity protection for the user data on/off using a Web interface.
- SCEF 3GPP Service Capability Exposure Function
- the SGSN obtains AVs (quintets) from HLR/HSS based on IMSI. It may include a new optional parameter “UPI_wish_HN: yes” indicating that the Home Network wishes that the integrity of the user plane was protected between UE and SGSN.
- the SGSN determines that the requesting UE is a cellular IoT UE based on the MS network capability parameters.
- the SGSN selects the control plane protection mode: a cipher algorithm and an integrity algorithm from the MS network capability and then derives cipher key (Ktc) and integrity key (Kti_CP) (not shown in FIG. 7 ).
- the SGSN also decides if the user plane shall be protected. This is a local decision, and can be based on several factors. For example, if SGSN does not support other encryption algorithms than null-encryption, it may want to protect the integrity of user plane.
- Kti_UP is in minimum 128 bits long.
- the SGSN sends the Authentication and Ciphering Request to the CIoT UE including 1) the chosen cipher algorithm and integrity algorithm, 2) the indication of using integrity protection also for user plane (UPI: yes), 3) an echo of the MS network capabilities (including the new UPI_cap parameter) indicated to it by the UE, and 4), if present, an echo of the optional parameter UPI_wish_UE.
- the Authentication and Ciphering Request message may be integrity protected.
- the Cellular IoT UE runs UMTS AKA with the USIM and derives Ktc, Kti_CP and Kti_UP from CK and IK.
- the Cellular IoT UE verifies the integrity of the message, then the Cellular IoT UE checks the echoed MS network capability and the optional UPI_wish_UE parameter.
- the CIoT UE verifies that there has been no attack on MS network capability or UPI_wish_UE originally sent by the Cellular IoT UE in the
- the CIoT UE can conclude that a Man-in-the-middle attack has taken place on the air-interface and drops the connection with the network.
- step 706 the Cellular IoT UE sends an Authentication and Ciphering Response message including the RES to the SGSN.
- the control plane between Cellular IoT UE and SGSN can now be confidentiality protected and integrity protected by using Ktc and Kti_CP.
- the SGSN sends Attach Accept message to the CIoT UE.
- step 708 the GMM layer in the CIoT UE activates integrity protection for the user plane in the LLC layer by assigning the integrity key Kti_UP.
- the selected algorithm is the same as for the integrity protection of control plane.
- step 709 the GMM layer in the SGSN activates integrity protection for the user plane in the LLC layer by assigning the integrity key Kti_UP.
- the selected algorithm is the same as for the integrity protection of control plane.
- the CIoT UE and SGSN can now send integrity protected user plane.
- the method can be used with 3GPP access network technologies such as 2G GPRS.
- 3GPP access network technologies such as 2G GPRS.
- a similar method could also be used in other 3GPP access network technologies as UTRAN and LTE. It could potentially be used also for end-to-middle security where the security endpoint for the user plane security would be an entity in the Home Network.
- FIG. 8 illustrates another embodiment, in which the negotiation of the user plane integrity protection is done between the UE and an Access Security Management Entity (ASME), and the user plane between the UE and a User Plane Protection Entity (UPPE) is integrity protected.
- ASME Access Security Management Entity
- UPPE User Plane Protection Entity
- This embodiment applies if the invention is used in 3G or LTE security where the role of UPPE is taken by the Node-B, RNC, or GGSN (in the case of 3G) or by the P-GW, eNodeB or Serving Gateway (S-GW) (in the case of LTE).
- UPPE may also be an entity in the Home Network, e.g. the HPLMN Security Endpoint (HSE) discussed in 3GPP TR 33.863, 14.0.0.
- HSE HPLMN Security Endpoint
- the HSE may be collocated with the GGSN/P-GW. This embodiment does not take a stand on how the UE and UPPE agree on which integrity protection algorithm to use. It could be part of the security capability negotiation between UE and ASME (steps 801 and 804 in FIG. 8 ), or part of the data exchange between the UE and UPPE (step 807 in FIG. 8 ).
- the UE sends a request to ASME.
- the cipher algorithms and integrity algorithms supported by the UE are included in the security capabilities parameter (not shown in FIG. 8 ).
- the UE includes its IMSI, and the following new parameters: “UPI_cap: yes” indicating that the UE is capable of protecting the integrity of user plane, and an optional parameter “UPI_wish_UE: yes” indicating that the UE is wishing to integrity protect the user plane. “UPI_cap” is also optional if all UEs support this feature.
- the owner of the CIoT UE could configure the use of integrity protection for the user data on/off using a Web interface.
- SCEF 3GPP Service Exposure Function
- the ASME may obtain AVs (quintets) from HLR/HSS based on IMSI (or it may have done this phase already earlier in the process).
- the response from HLR/HSS may include (or may have included) a new optional parameter “UPI_wish_HN: yes” indicating that the Home Network wishes that the integrity of the user plane was protected between UE and UPPE.
- the ASME decides if the user plane shall be protected. This may be a local decision, and can be based on several factors. For example, if ASME does not support other encryption algorithms than null-encryption, it may want to protect the integrity of user plane. Also, it may take the wishes from the UE or the HN indicated in “UPI_wish_UE” and “UPI_wish_HN” into account, and decide to integrity protect the user plane. If ASME decides to integrity protect the user plane, it derives the integrity key (Kti_UP). It indicates the use of integrity protection for user plane by adding the “UPI: yes” parameter.
- Kti_UP integrity key
- the ASME sends the Response to the UE including 1) the indication of using integrity protection also for user plane (UPI: yes), 2) the security capabilities (including the new UPI_cap parameter) and 3) the optional parameter UPI_wish_UE.
- the Response message is integrity protected by means outside the scope of this invention.
- step 805 the UE verifies the integrity of the message, then the UE checks the echoed security capabilities and the optional UPI_wish_UE parameter. The UE verifies that there has been no attack on security capabilities or the UPI_wish_UE originally sent by the UE in the Request. The UE derives Kti_UP from CK and IK. If the echoed parameters do not match those sent by the CIoT UE, then the CIoT UE can conclude that a Man-in-the-middle attack has taken place on the air-interface and drops the connection with the network.
- step 806 the ASME forwards the integrity algorithm and the Kti_UP to UPPE.
- the UE and UPPE may negotiate security parameters including which integrity algorithm to use.
- the integrity algorithm to be used may also come from ASME but is not specified in this embodiment.
- step 808 the UE activates integrity protection for the user plane by assigning the integrity key Kti_UP and the integrity protection algorithm.
- step 809 the UPPE activates integrity protection for the user plane by assigning the integrity key Kti_UP and the integrity protection algorithm.
- the UE and UPPE can now send integrity protected user plane.
- the SGSN/ASME it is not optional for the SGSN/ASME to follow the wish of the HLR/HSS. If the HLR/HSS indicates that user plane shall be protected (UPI_wish_HN: yes), the SGSN/ASME is mandated to enable integrity protection of user plane. There could be some additional conditions that would need to be met, e.g. if no encryption was used between the UE and the SGSN/ASME, fulfilling the HLR/HSS wish would be mandatory.
- FIG. 9 illustrates functional units in a terminal device which may execute any of the methods described above, for example according to computer readable instructions received from a computer program. It will be understood that the units illustrated in FIG. 9 are software implemented functional units, and may be realised in any appropriate combination of software modules.
- the terminal device 900 A comprises an activation means 902 A for activating integrity protection for user plane data transferred between the terminal device and a network node of the cellular communications network.
- the terminal device 900 A may also comprise a sending means 904 A for sending messages to the network node as described above.
- the terminal device 900 A may also comprise a receiving means 906 A for receiving messages from the network node as described above.
- FIG. 10 illustrates functional units in a network node for a cellular communications network which may execute any of the methods described above, for example according to computer readable instructions received from a computer program. It will be understood that the units illustrated in FIG. 10 are software implemented functional units, and may be realised in any appropriate combination of software modules.
- the network node 920 A comprises an activation means 922 A for activating integrity protection for user plane data transferred between a terminal device and the network node.
- the network node 920 A may also comprise a sending means 924 A for sending messages to the network node as described above.
- the terminal device 920 A may also comprise a receiving means 926 A for receiving messages from the network node as described above.
- FIG. 11 illustrates functional units in another embodiment of terminal device which may execute any of the methods described herein, for example according to computer readable instructions received from a computer program. It will be understood that the units illustrated in FIG. 11 are hardware implemented functional units, and may be realised in any appropriate combination of hardware elements.
- the terminal device 900 B comprises an activation unit 902 B for activating integrity protection for user plane data transferred between the terminal device and a network node of the cellular communications network.
- the terminal device 900 B may also comprise a sending unit 904 B for sending messages to the network node as described above.
- the terminal device 900 B may also comprise a receiving unit 906 B for receiving messages from the network node as described above.
- FIG. 12 illustrates functional units in another embodiment of network node for a cellular communications network which may execute any of the methods described herein, for example according to computer readable instructions received from a computer program. It will be understood that the units illustrated in FIG. 12 are hardware implemented functional units, and may be realised in any appropriate combination of hardware elements according to embodiments.
- the network node 920 B comprises an activation unit 922 B for activating integrity protection for user plane data transferred between a terminal device and the network node.
- the network node 920 B may also comprise a sending unit 924 B for sending messages to the network node as described above.
- the terminal device 920 B may also comprise a receiving unit 926 B for receiving messages from the network node as described above.
- FIG. 13 is a flow chart, illustrating a method of operation of a terminal device in a cellular communications network.
- the method comprises, as an optional first step 1301 , sending a request message from the terminal device to a second network node, wherein the request message also indicates the ability of the terminal device to use integrity protection for user plane data.
- the method then comprises, as step 1302 , activating integrity protection for user plane data transferred between the terminal device and a first network node of the cellular communications network.
- the terminal device may comprise an activation module, for activating integrity protection for user plane data transferred between the terminal device and a first network node of the cellular communications network.
- FIG. 14 is a flow chart, illustrating a method of operation of a network node in a cellular communications network.
- the method comprises, as an optional first step 1401 , receiving a request message from a terminal device of the cellular communications network, wherein the request message also indicates the ability of the terminal device to use integrity protection for user plane data.
- the method then comprises, as step 1402 , activating integrity protection for user plane data transferred between the network node and the terminal device.
- the network node may comprise an activation module, for activating integrity protection for user plane data transferred between the network node and a terminal device.
- FIG. 15 is a flow chart, illustrating a method of operation of a first network node in a cellular communications network.
- the method comprises, as an optional first step 1501 , receiving a message from a second network node, said message specifying that integrity protection is to be used for user plane data.
- the method then comprises, as step 1502 , activating integrity protection for the user plane data transferred between the first network node and a terminal device of the cellular communications network.
- the first network node may comprise an activation module, for activating integrity protection for user plane data transferred between the first network node and a terminal device of the cellular communications network.
- FIG. 16 is a flow chart, illustrating a method of operation of a second network node in a cellular communications network.
- the method comprises, as an optional first step 1601 , receiving a request message from a terminal device of the cellular communications network, wherein the request message also indicates the ability of the terminal device to use integrity protection for user plane data.
- the method then comprises activating integrity protection for user plane data transferred between a first network node and the terminal device.
- the second network node may comprise an activation module for activating integrity protection for user plane data transferred between a first network node and a terminal device.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
Description
- This application is a continuation of U.S. application Ser. No. 15/772,760, filed on May 1, 2018, which is the National Stage of International Patent Application No. PCT/EP2016/076408, filed Nov. 2, 2016, which claims priority to U.S. provisional application No. 62/249,538, filed on Nov. 2, 2015. The above identified applications are incorporated by this reference.
- This invention relates to a method of operation of a terminal device and one or more network nodes in a cellular communications network.
- The Cellular Internet of Things (CIoT) is a new radio technology that is able to provide extended coverage for harsh environments, for example, basements, and is designed to serve massive number of UEs (over 50,000 per base station) using a very limited bandwidth (e.g. 160 bps).
- The current assumption in 3GPP standardization is that the security mechanism for CIoT over GSM EDGE Radio Access Network (GERAN) would be based on enhancements of General Packet Radio Service (GPRS) security as introducing integrity protection for the control plane in Gb mode between the CIoT user equipment and the Serving GPRS Support Node (SGSN).
- The assumption for CIoT is that the Universal Mobile Telecommunications System (UMTS) Authentication and Key Agreement (AKA) is run at the GPRS Mobility Management and Session Management (GMM/SM) layer creating the keying material, and the integrity protection is done at the Logical Link Control (LLC) layer using the integrity key (IK′) created with the key derivation function from the UMTS AKA session keys.
- According to the present invention there is provided a method of operation of a terminal device in a cellular communications network. The method comprises:
- activating integrity protection for user plane data transferred between the terminal device and a first network node of the cellular communications network.
- The method may comprise, before activating integrity protection for the user plane data: sending a request message from the terminal device to a second network node, wherein the request message also indicates the ability of the terminal device to use integrity protection for user plane data. In that case, the request message may also specify at least one algorithm that the terminal device is capable of using for integrity protection of user plane data.
- The message may be a GMM Attach Request message, a EMM Attach Request message, a GMM Routing Area Update Request message, or a EMM Tracking Area Update Request message.
- The request message may further indicate whether or not the terminal device wishes to use integrity protection for user plane data.
- The method may comprise activating integrity protection for the user plane data in response to receiving a return message from the second network node, the return message specifying that integrity protection is to be used for the user plane data.
- The method may comprise activating integrity protection for the user plane data in the LLC layer, in response to an activation message from the GMM layer.
- The method may comprise activating integrity protection for the user plane data in the PDCP layer, in response to an activation message from the RRC layer.
- The method may comprise activating integrity protection for the user plane data in the RLC or MAC layer, in response to an activation message from the GMM layer.
- Where the method comprises activating integrity protection for the user plane data in the LLC layer, in response to an activation message from the GMM layer, the activation message from the GMM layer to the LLC layer may specify an integrity key and an integrity algorithm to be used.
- Where the method comprises activating integrity protection for the user plane data in the PDCP layer, in response to an activation message from the RRC layer, the activation message from the RRC layer to the PDCP layer may specify an integrity key and an integrity algorithm to be used.
- Where the method comprises activating integrity protection for the user plane data in the RLC or MAC layer, in response to an activation message from the GMM layer, the activation message from the GMM layer to the RLC or MAC layer may specify an integrity key and an integrity algorithm to be used.
- The method may then comprise deriving said integrity key by running UMTS AKA on the USIM.
- The integrity algorithm to be used may be specified in a message received from the second network node.
- The first and second network nodes may be combined in an SGSN, or in an eNB, or in a Node-B or RNC, or the first network node may be a UPPE and the second network node an ASME.
- The entity taking the role of UPPE may be a 3G Node-B, or a 3G RNC.
- The method may comprise using null encryption for the user plane data.
- According to the present invention there is provided a method of operation of a network node in a cellular communications network. The method comprises: activating integrity protection for user plane data transferred between the network node and a terminal device of the cellular communications network.
- The method may comprise, before activating integrity protection for the user plane data: receiving a request message from the terminal device, wherein the request message also indicates the ability of the terminal device to use integrity protection for user plane data. In that case, the request message may also specify at least one algorithm that the terminal device is capable of using for integrity protection of user plane data.
- The message may be a GMM Attach Request message, a EMM Attach Request message, a GMM Routing Area Update Request message, or a EMM Tracking Area Update Request message.
- The request message may further indicate whether or not the terminal device wishes to use integrity protection for user plane data.
- The method may comprise activating integrity protection for the user plane data after sending a return message to the terminal device, the return message specifying that integrity protection is to be used for the user plane data. The return message to the terminal device may specify an integrity key and an integrity algorithm to be used.
- The method may comprise activating integrity protection for the user plane data in the LLC layer, in response to an activation message from the GMM layer.
- The method may comprise activating integrity protection for the user plane data in the PDCP layer, in response to an activation message from the RRC layer.
- The method may comprise activating integrity protection for the user plane data in the RLC or MAC layer, in response to an activation message from the GMM layer.
- Where the method comprises activating integrity protection for the user plane data in the LLC layer, in response to an activation message from the GMM layer, the activation message from the GMM layer to the LLC layer may specify an integrity key and an integrity algorithm to be used.
- Where the method comprises activating integrity protection for the user plane data in the PDCP layer, in response to an activation message from the RRC layer, the activation message from the RRC layer to the PDCP layer may specify an integrity key and an integrity algorithm to be used.
- Where the method comprises activating integrity protection for the user plane data in the RLC or MAC layer, in response to an activation message from the GMM layer, the activation message from the GMM layer to the RLC or MAC layer may specify an integrity key and an integrity algorithm to be used.
- The integrity key and integrity algorithm specified in the activation message may be the same as the integrity key and integrity algorithm specified in the return message.
- The method may comprise deriving said integrity key before specifying it in the return message or the activation message.
- The method may comprise determining the integrity algorithm to be used based on a message received from the terminal device specifying at least one algorithm that the terminal device is capable of using for integrity protection of user plane data.
- The method may comprise activating integrity protection for user plane data transferred between the network node and a terminal device of the cellular communications network in response to receiving a message from a further network node indicating the wish of the further network node to use integrity protection for said user plane data. The further network node may be a HSS, or a SCEF.
- The network node may be a SGSN, an eNB, Node-B or an RNC.
- The method may comprise using null encryption for the user plane data.
- According to the present invention there is provided a method of operation of a first network node in a cellular communications network. The method comprises: activating integrity protection for user plane data transferred between the first network node and a terminal device of the cellular communications network.
- The method may comprise activating integrity protection for the user plane data in response to receiving a message from a second network node, said message specifying that integrity protection is to be used for the user plane data.
- The message from the second network node may specify an integrity key to be used for said integrity protection, and/or an integrity algorithm to be used for said integrity protection.
- The method may further comprise, before activating said integrity protection, negotiating with the terminal device an integrity algorithm to be used for said integrity protection.
- The method may comprise activating integrity protection for the user plane data in the LLC layer.
- The first network node may be a UPPE, or a 3G Node-B, or a 3G RNC, or a GGSN, or a P-GW, or an eNB, or a S-GW.
- The second network node may be an ASME.
- The method may comprise using null encryption for the user plane data.
- According to the present invention there is provided a method of operation of a second network node in a cellular communications network. The method comprises: activating integrity protection for user plane data transferred between a first network node and a terminal device of the cellular communications network.
- The method may comprise, before activating integrity protection for the user plane data: receiving a request message from the terminal device, wherein the request message also indicates the ability of the terminal device to use integrity protection for user plane data.
- The request message may also specify at least one algorithm that the terminal device is capable of using for integrity protection of user plane data.
- The message may be a GMM Attach Request message, or a GMM Routing Area Update Request message.
- The request message may further indicate whether or not the terminal device wishes to use integrity protection for user plane data.
- The method may comprise activating integrity protection for the user plane data after sending a return message to the terminal device, the return message specifying that integrity protection is to be used for the user plane data. The return message to the terminal device may then specify an integrity key to be used, and/or an integrity algorithm to be used.
- The method may comprise activating integrity protection for the user plane data by sending a message to the first network node. The message to the first network node may specify an integrity key to be used, and/or may specify an integrity algorithm to be used.
- The method may comprise deriving said integrity key before specifying it in the return message or said message to the first network node.
- The method may comprise determining the integrity algorithm to be used based on a message received from the terminal device specifying at least one algorithm that the terminal device is capable of using for integrity protection of user plane data.
- The method may further comprise activating integrity protection for user plane data transferred between the network node and a terminal device of the cellular communications network in response to receiving a message from a further network node indicating the wish of the further network node to use integrity protection for said user plane data. The further network node may be a HSS, or a SCEF.
- The second network node may be an ASME.
- The first network node may be a UPPE, or a 3G Node-B, or a 3G RNC, or a GGSN, or a P-GW, or an eNB, or a S-GW.
- According to other aspects of the present invention, there are provided terminal devices and network nodes configured to operate in accordance with these aspects.
- According to other aspects of the present invention, there are provided computer programs and computer program products containing instructions for causing devices to operate in accordance with these aspects.
- Thus, a UE, such as a Cellular IoT UE, and a network node such as a SGSN are able to use LLC layer integrity protection for both control plane and user plane data. Use of integrity protection for user data can be negotiated. The network node may wish to use user data integrity protection if null-encryption is used. It can also be used e.g. if the CIoT UE has limited security capabilities, or if the HN wishes so.
-
FIG. 1 illustrates a part of a cellular communications network. -
FIG. 2 illustrates a terminal device in the network ofFIG. 1 . -
FIG. 3 illustrates a network node in the network ofFIG. 1 . -
FIG. 4 illustrates protocols in use in the network ofFIG. 1 . -
FIG. 5 is a signalling diagram. -
FIG. 6 is a signalling diagram. -
FIG. 7 is a signalling diagram. -
FIG. 8 is a signalling diagram. -
FIG. 9 illustrates a terminal device in the network ofFIG. 1 . -
FIG. 10 illustrates a network node in the network ofFIG. 1 . -
FIG. 11 illustrates a first network node in a cellular communications network. -
FIG. 12 illustrates a second network node in the network ofFIG. 1 . -
FIG. 13 is a flow chart, illustrating a method of operation of a terminal device in a cellular communications network. -
FIG. 14 is a flow chart, illustrating a method of operation of a network node in a cellular communications network. -
FIG. 15 is a flow chart, illustrating a method of operation of a first network node in a cellular communications network. -
FIG. 16 is a flow chart, illustrating a method of operation of a second network node in a cellular communications network. - The following sets forth specific details, such as particular embodiments for purposes of explanation and not limitation. But it will be appreciated by one skilled in the art that other embodiments may be employed apart from these specific details. In some instances, detailed descriptions of well-known methods, nodes, interfaces, circuits, and devices are omitted so as not obscure the description with unnecessary detail. Those skilled in the art will appreciate that the functions described may be implemented in one or more nodes using hardware circuitry (e.g., analog and/or discrete logic gates interconnected to perform a specialized function, ASICs, PLAs, etc.) and/or using software programs and data in conjunction with one or more digital microprocessors or general purpose computers that are specially adapted to carry out the processing disclosed herein, based on the execution of such programs. Nodes that communicate using the air interface also have suitable radio communications circuitry. Moreover, the technology can additionally be considered to be embodied entirely within any form of computer-readable memory, such as solid-state memory, magnetic disk, or optical disk containing an appropriate set of computer instructions that would cause a processor to carry out the techniques described herein.
- Hardware implementation may include or encompass, without limitation, digital signal processor (DSP) hardware, a reduced instruction set processor, hardware (e.g., digital or analog) circuitry including but not limited to application specific integrated circuit(s) (ASIC) and/or field programmable gate array(s) (FPGA(s)), and (where appropriate) state machines capable of performing such functions.
- In terms of computer implementation, a computer is generally understood to comprise one or more processors, one or more processing modules or one or more controllers, and the terms computer, processor, processing module and controller may be employed interchangeably. When provided by a computer, processor, or controller, the functions may be provided by a single dedicated computer or processor or controller, by a single shared computer or processor or controller, or by a plurality of individual computers or processors or controllers, some of which may be shared or distributed. Moreover, the term “processor” or “controller” also refers to other hardware capable of performing such functions and/or executing software, such as the example hardware recited above.
- Although the description is given for user equipment (UE), it should be understood by the skilled in the art that “UE” is a non-limiting term comprising any mobile or wireless device or node equipped with a radio interface allowing for at least one of: transmitting signals in uplink (UL) and receiving and/or measuring signals in downlink (DL). A UE herein may comprise a UE (in its general sense) capable of operating or at least performing measurements in one or more frequencies, carrier frequencies, component carriers or frequency bands. It may be a “UE” operating in single- or multi-radio access technology (RAT) or multi-standard mode. As well as “UE”, the terms “mobile device” and “terminal device” may be used interchangeably in the following description, and it will be appreciated that such a device does not necessarily have to be ‘mobile’ in the sense that it is carried by a user. Instead, the term “mobile device” encompasses any device that is capable of communicating with communication networks that operate according to one or more mobile communication standards, such as the Global System for Mobile communications, GSM, UMTS, Long-Term Evolution, LTE, etc.
- A cell is associated with a base station, where a base station comprises in a general sense any network node transmitting radio signals in the downlink (DL) and/or receiving radio signals in the uplink (UL). Some example base stations, or terms used for describing base stations, are eNodeB, eNB, NodeB, macro/micro/pico/femto radio base station, home eNodeB (also known as femto base station), relay, repeater, sensor, transmitting-only radio nodes or receiving-only radio nodes, or WLAN access point (AP). A base station may operate or at least perform measurements in one or more frequencies, carrier frequencies or frequency bands and may be capable of carrier aggregation. It may also be a single-radio access technology (RAT), multi-RAT, or multi-standard node, e.g., using the same or different base band modules for different RATs.
-
FIG. 1 illustrates a part of a network 10. The network 10 comprises abasestation 12 connected to a Cellular Internet of Things (CIoT) terminal device (UE) 20 and a Serving GPRS Support Node (SGSN) 30. Of course, a network will typically include many basestations, and a very large number of terminal devices, but the presentFIG. 1 is sufficient for an understanding of the present invention. The terminal device may be a user equipment device or may be a device that connects automatically to the network as required, and may be fixed or portable. -
FIG. 2 shows a terminal device (UE) 20 that can be adapted or configured to operate according to one or more of the non-limiting example embodiments described. TheUE 20 comprises a processor or processing unit 22 that controls the operation of theUE 20. The processing unit 22 is connected to a transceiver unit 24 (which comprises a receiver and a transmitter) with associated antenna(s) 26 which are used to transmit signals to and receive signals from abase station 12 in the network 10. TheUE 20 also comprises a memory ormemory unit 28 that is connected to the processing unit 22 and that contains instructions or computer code executable by the processing unit 22 and other information or data required for the operation of theUE 20. Specifically, the memory ormemory unit 28 may contain instructions executable by said processing unit 22, whereby said terminal device is operative to activate integrity protection of user plane data transferred between the terminal device and a first network node of the cellular communications network. - Embodiments are described below, in which the terminal device is a Cellular Internet of Things UE. The same methods can be used by other UEs than Cellular IoT UEs.
-
FIG. 3 shows a network node (which in this illustrated embodiment is a Serving GPRS Support Node (SGSN)) 30 that can be adapted or configured to operate according to one or more of the non-limiting example embodiments described. TheSGSN 30 comprises a processor orprocessing unit 32 that controls the operation of theSGSN 30. Theprocessing unit 32 is connected to a transceiver unit 34 (which comprises a receiver and a transmitter) with associated antenna(s) 36 which are used to transmit signals to and receive signals from terminal device(s) 20, viabasestations 12 in the network 10. TheSGSN 30 also comprises a memory ormemory unit 38 that is connected to theprocessing unit 32 and that contains instructions or computer code executable by theprocessing unit 32 and other information or data required for the operation of theSGSN 30. Specifically, the memory ormemory unit 38 contains instructions executable by theprocessing unit 32, whereby said network node is operative to activate integrity protection for user plane data transferred between the network node and a terminal device of the cellular communications network. In other embodiments, the network node having essentially the same structure as shown inFIG. 3 might take the form of an eNB, a Node-B or Radio Network Controller (RNC), or a UPPE, which may then be a 3G Node-B, a 3G RNC, a Gateway GPRS Support Node (GGSN), a PDN Gateway (P-GW), or a Serving Gateway (S-GW). -
FIG. 4 illustrates a protocol layer control plane in Gb mode. - As can be seen from this figure, the Universal Mobile Telecommunications System (UMTS) Authentication and Key Agreement (AKA) is run at the GPRS Mobility Management and Session Management (GMM/SM) layer creating the keying material (CK, IK). The integrity protection is done at the Logical Link Control (LLC) layer using the integrity key (IK′) created with the key derivation function from the UMTS AKA session keys.
- The security feature of integrity protection was never standardized in 2G GPRS. This is a feature which could be introduced in Cellular IoT over GERAN. Integrity protection could be supported by the LLC layer in order to be able to protect layer 3 control signalling messages as GMM messages, SM messages and also SMS etc. As described herein, it could also be used to protect the user data.
- Null-encryption is assumed to be needed in certain CIoT markets where encryption is not allowed. This essentially means that the user plane data would be sent unprotected. This may cause significant increase to the frequency of authentication, and in this way, it shortens the expected lifetime of battery in CIoT UE.
- GERAN has been analysing the Power Saving modes for MTC Devices, for example in 3GPP TR 43.869 v13.0.0. The study focuses on specifying the Power Saving in the way that the energy consumption can be minimized, and consequently ten years of better lifetime for the CIoT UE can be guaranteed. The study assumes a limited use case, i.e. stationary CIoT UEs that are using the extended coverage offered by eGPRS but that are limited in reachability and battery capacity. There are two modes of operation, the Network triggered traffic mode, and the Mobile autonomous reporting mode. Note, however, that these may not be the only traffic modes that are relevant for EASE study. There may also be highly mobile CIoT UEs that have no battery limitations, that benefit from extended coverage and that require unlimited reachability.
- In network triggered traffic mode, the CIoT UE is sending a report to the network entity, typically only when triggered by the network to do so. This requires that the CIoT UE must be reachable as a result of network paging. There are two different phases in implementing the reachability. The first one is immediately after every report sending period when it can be guaranteed that that the CIoT UE is reachable long enough to receive triggers from the network. The second one is for making sure that the CIoT UE is reachable later within the sleeping mode, and wakes up periodically to see if there are new incoming paging messages. The longer the device can remain in the power saving state, the larger the power saving.
-
FIG. 5 illustrates the network triggered traffic mode. The figure assumes that the triggering packets are user plane data; however, they could also be part of control plane. It can be seen from the figure that the CIoT UE and BSS exchange some unprotected signalling messages before the CIoT UE starts sending user plane data. According to all current solution proposals in 3GPP TR 33.860 v0.3.0, the user plane data can also be sent unprotected if encryption is not used. - In mobile autonomous reporting mode, the CIoT UE is sending data autonomously, e.g. in a periodic manner. The network may adjust the exact time for reporting in order to balance the network traffic load at specific times. Reachability may still be possible via paging or immediately after the reporting events but it is also possible that the reachability is not needed or used. In the most optimized case, there are no periodical RAUs if the RAU Timer value is configured to be just bigger than the periodic UE wake-up/reporting time.
-
FIG. 6 illustrates the mobile autonomous reporting. It can be seen from the figure that the CIoT UE and BSS exchange some unprotected signalling messages before the CIoT UE starts sending user plane data. Again, according to all current solution proposals in TR 33.860 v0.3.0, the user plane data can also be sent unprotected if encryption is not used. - As described in more detail below, the integrity protection mechanism that is currently being specified at LLC layer to protect the control plane is re-used to protect the user plane. This solution describes how the integrity protection of user data is negotiated between CIoT UE and SGSN.
- In brief summary, in some embodiments, the CIoT UE may indicate the ability of using integrity protection for user plane protection to the network (e.g. SGSN) in e.g. the GMM Attach Request or GMM Routing Area Update Request, together with other CIoT UE security capabilities. The CIoT UE may also indicate the wish of using or not using integrity protection of user data.
- The SGSN may echo back the CIoT UE's security capabilities received in GMM Attach Request message or GMM Routing Area Update Request message back to the CIoT UE in an integrity protected GMM message, so that the CIoT UE is able to check if the received CIoT UE's security capabilities matches with the CIoT UE's security capability it sent in GMM Attach Request message or GMM Routing Area Update Request message to the SGSN. In the existing solutions, CIoT UE's security capabilities includes the supported integrity protect algorithms and the supported encryption algorithms in the CIoT UE. This invention would add the support of specified integrity protection algorithms for user plane protection too. If the UE's wish for using the integrity protection of user data was also added to the original GMM Attach Request or GMM Routing Area Update Request from the CIoT UE to SGSN, this wish would also need to be echoed back from SGSN to CIoT UE, and integrity protected.
- The solution includes some variants for also Home Subscriber Server (HSS) or Service Capability Exposure Function (SCEF) to indicate the wish of using integrity protection of user data to SGSN. The integrity protection could be tied to the use of null-encryption, in which case the use of user plane integrity protection would be an integral part of the use of null-encryption algorithm GEA0.
-
FIG. 7 illustrates a method in which integrity protection for user plane data is established, in the case of a 3G network. - As discussed in more detail below, it is the responsibility of the GMM layer to start or activate integrity protection of user plane in the LLC layer. This applies to both CIoT UE and SGSN. The GMM layer in the CIoT UE should start or activate integrity protection of user plane in the LLC layer when a successful run of UMTS AKA on the USIM has taken place.
- The GMM layer sends an indication to the LLC layer to handle this. This indication is internal to the CIoT UE and SGSN. This applies to both CIoT UE and SGSN. The indication from the GMM layer to the LLC layer may include the integrity key Kti_UP and the selected integrity algorithm. The integrity key for user plane Kti_UP may be different from the integrity key for the control plane Kti_CP. The algorithm may be the same as for the integrity protection of control plane, and could be indicated using a single parameter. This applies to both CIoT UE and SGSN.
- The integrity algorithm negotiation procedure is described below, similar to cipher algorithm negotiation.
- In this illustrated embodiment, integrity protection of user plane is activated in LLC layer after CIoT UE has received the Attach Accept message or Routing Area Update Accept from SGSN.
- The illustrated embodiment includes four new parameters: (1) UPI_cap (user plane integrity protection capability): this is a parameter in MS network capabilities indicating that the CIoT UE is capable of integrity protecting the user plane. (2) UPI_wish_UE (wish of using user plane integrity protection from UE side): this is an optional parameter that the UE may add to the Attach Request indicating that UE wish to use the integrity protection of user plane. (3) UPI_wish_HN (wish of using user plane integrity protection from the Home Network side): this is an optional parameter that the Home Network (e.g. HSS) may add to the AVs indicating that integrity protection of user plane should be used. (Note that in another variant, this is not a wish but a mandatory command for turning the integrity protection on.). (4) UPI (user plane integrity protection used): this is a parameter in Authentication and Ciphering Request indicating to the UE that user plane shall be integrity protected; this parameter is added by SGSN.
- Note that the mechanism described for integrity capability negotiation and integrity protection in
FIG. 7 applies to other mobility management procedures as well as Routing Area Update procedure. - In
step 701, the Cellular IoT UE sends attach request to SGSN. The cipher algorithms and integrity algorithms supported by the Cellular IoT UE are included in the MS network capability parameters (not shown in the Figure). The cellular IoT UE includes its IMSI, and the following new parameters: “UPI_cap: yes” indicating that the CIoT UE is capable of protecting the integrity of user plane, and, optionally, “UPI_wish_UE: yes” indicating that the CIoT UE is wishing to integrity protect the user plane. “UPI_cap” is also optional if all UEs support this feature. - If the solution is integrated to 3GPP Service Capability Exposure Function (SCEF) capabilities, the owner of the CIoT UE could configure the use of integrity protection for the user data on/off using a Web interface.
- In
step 702, the SGSN obtains AVs (quintets) from HLR/HSS based on IMSI. It may include a new optional parameter “UPI_wish_HN: yes” indicating that the Home Network wishes that the integrity of the user plane was protected between UE and SGSN. - The SGSN determines that the requesting UE is a cellular IoT UE based on the MS network capability parameters. In
step 703, the SGSN selects the control plane protection mode: a cipher algorithm and an integrity algorithm from the MS network capability and then derives cipher key (Ktc) and integrity key (Kti_CP) (not shown inFIG. 7 ). The SGSN also decides if the user plane shall be protected. This is a local decision, and can be based on several factors. For example, if SGSN does not support other encryption algorithms than null-encryption, it may want to protect the integrity of user plane. Also, it may take the wishes from the UE or the HN indicated in “UPI_wish_UE” and “UPI_wish_HN” into account, and decide to integrity protect the user plane. If SGSN decides to integrity protect the user plane, it chooses the integrity algorithm (assumed to be the same as for the control plane integrity protection), and derives the integrity key (Kti_UP). It indicates the use of integrity protection for user plane by adding the “UPI: yes” parameter. Kti_UP is in minimum 128 bits long. - In
step 704, the SGSN sends the Authentication and Ciphering Request to the CIoT UE including 1) the chosen cipher algorithm and integrity algorithm, 2) the indication of using integrity protection also for user plane (UPI: yes), 3) an echo of the MS network capabilities (including the new UPI_cap parameter) indicated to it by the UE, and 4), if present, an echo of the optional parameter UPI_wish_UE. The Authentication and Ciphering Request message may be integrity protected. - In
step 705, the Cellular IoT UE runs UMTS AKA with the USIM and derives Ktc, Kti_CP and Kti_UP from CK and IK. The Cellular IoT UE verifies the integrity of the message, then the Cellular IoT UE checks the echoed MS network capability and the optional UPI_wish_UE parameter. The CIoT UE verifies that there has been no attack on MS network capability or UPI_wish_UE originally sent by the Cellular IoT UE in the - GMM Attach Request. If the echoed parameters do not match those sent by the CIoT UE, then the CIoT UE can conclude that a Man-in-the-middle attack has taken place on the air-interface and drops the connection with the network.
- In
step 706, the Cellular IoT UE sends an Authentication and Ciphering Response message including the RES to the SGSN. - The control plane between Cellular IoT UE and SGSN can now be confidentiality protected and integrity protected by using Ktc and Kti_CP. In
step 707, the SGSN sends Attach Accept message to the CIoT UE. - In
step 708, the GMM layer in the CIoT UE activates integrity protection for the user plane in the LLC layer by assigning the integrity key Kti_UP. The selected algorithm is the same as for the integrity protection of control plane. - In
step 709, the GMM layer in the SGSN activates integrity protection for the user plane in the LLC layer by assigning the integrity key Kti_UP. The selected algorithm is the same as for the integrity protection of control plane. - As shown at 710, the CIoT UE and SGSN can now send integrity protected user plane.
- As described above, the method can be used with 3GPP access network technologies such as 2G GPRS. However, a similar method could also be used in other 3GPP access network technologies as UTRAN and LTE. It could potentially be used also for end-to-middle security where the security endpoint for the user plane security would be an entity in the Home Network.
-
FIG. 8 illustrates another embodiment, in which the negotiation of the user plane integrity protection is done between the UE and an Access Security Management Entity (ASME), and the user plane between the UE and a User Plane Protection Entity (UPPE) is integrity protected. This embodiment applies if the invention is used in 3G or LTE security where the role of UPPE is taken by the Node-B, RNC, or GGSN (in the case of 3G) or by the P-GW, eNodeB or Serving Gateway (S-GW) (in the case of LTE). UPPE may also be an entity in the Home Network, e.g. the HPLMN Security Endpoint (HSE) discussed in 3GPP TR 33.863, 14.0.0. The HSE may be collocated with the GGSN/P-GW. This embodiment does not take a stand on how the UE and UPPE agree on which integrity protection algorithm to use. It could be part of the security capability negotiation between UE and ASME (steps FIG. 8 ), or part of the data exchange between the UE and UPPE (step 807 inFIG. 8 ). - In
step 801, the UE sends a request to ASME. The cipher algorithms and integrity algorithms supported by the UE are included in the security capabilities parameter (not shown inFIG. 8 ). The UE includes its IMSI, and the following new parameters: “UPI_cap: yes” indicating that the UE is capable of protecting the integrity of user plane, and an optional parameter “UPI_wish_UE: yes” indicating that the UE is wishing to integrity protect the user plane. “UPI_cap” is also optional if all UEs support this feature. - If the solution is integrated to 3GPP Service Exposure Function (SCEF) capabilities, the owner of the CIoT UE could configure the use of integrity protection for the user data on/off using a Web interface.
- In
step 802, the ASME may obtain AVs (quintets) from HLR/HSS based on IMSI (or it may have done this phase already earlier in the process). The response from HLR/HSS may include (or may have included) a new optional parameter “UPI_wish_HN: yes” indicating that the Home Network wishes that the integrity of the user plane was protected between UE and UPPE. - In
step 803, the ASME decides if the user plane shall be protected. This may be a local decision, and can be based on several factors. For example, if ASME does not support other encryption algorithms than null-encryption, it may want to protect the integrity of user plane. Also, it may take the wishes from the UE or the HN indicated in “UPI_wish_UE” and “UPI_wish_HN” into account, and decide to integrity protect the user plane. If ASME decides to integrity protect the user plane, it derives the integrity key (Kti_UP). It indicates the use of integrity protection for user plane by adding the “UPI: yes” parameter. - In
step 804, the ASME sends the Response to the UE including 1) the indication of using integrity protection also for user plane (UPI: yes), 2) the security capabilities (including the new UPI_cap parameter) and 3) the optional parameter UPI_wish_UE. The Response message is integrity protected by means outside the scope of this invention. - In
step 805, the UE verifies the integrity of the message, then the UE checks the echoed security capabilities and the optional UPI_wish_UE parameter. The UE verifies that there has been no attack on security capabilities or the UPI_wish_UE originally sent by the UE in the Request. The UE derives Kti_UP from CK and IK. If the echoed parameters do not match those sent by the CIoT UE, then the CIoT UE can conclude that a Man-in-the-middle attack has taken place on the air-interface and drops the connection with the network. - In
step 806, the ASME forwards the integrity algorithm and the Kti_UP to UPPE. - As shown at
step 807, the UE and UPPE may negotiate security parameters including which integrity algorithm to use. The integrity algorithm to be used may also come from ASME but is not specified in this embodiment. - In
step 808, the UE activates integrity protection for the user plane by assigning the integrity key Kti_UP and the integrity protection algorithm. - In
step 809, the UPPE activates integrity protection for the user plane by assigning the integrity key Kti_UP and the integrity protection algorithm. - As shown at 810, the UE and UPPE can now send integrity protected user plane.
- In another variant, it is not optional for the SGSN/ASME to follow the wish of the HLR/HSS. If the HLR/HSS indicates that user plane shall be protected (UPI_wish_HN: yes), the SGSN/ASME is mandated to enable integrity protection of user plane. There could be some additional conditions that would need to be met, e.g. if no encryption was used between the UE and the SGSN/ASME, fulfilling the HLR/HSS wish would be mandatory.
- In another variant, none of the new UPI parameters are needed. The integrity protection of user data is tied directly to the null-encryption algorithm GEA0. Whenever GEA0 is used, the integrity protection of user data is always turned on.
-
FIG. 9 illustrates functional units in a terminal device which may execute any of the methods described above, for example according to computer readable instructions received from a computer program. It will be understood that the units illustrated inFIG. 9 are software implemented functional units, and may be realised in any appropriate combination of software modules. - Specifically, the
terminal device 900A comprises an activation means 902A for activating integrity protection for user plane data transferred between the terminal device and a network node of the cellular communications network. Theterminal device 900A may also comprise a sending means 904A for sending messages to the network node as described above. Theterminal device 900A may also comprise a receiving means 906A for receiving messages from the network node as described above. -
FIG. 10 illustrates functional units in a network node for a cellular communications network which may execute any of the methods described above, for example according to computer readable instructions received from a computer program. It will be understood that the units illustrated inFIG. 10 are software implemented functional units, and may be realised in any appropriate combination of software modules. - Specifically, the
network node 920A comprises an activation means 922A for activating integrity protection for user plane data transferred between a terminal device and the network node. Thenetwork node 920A may also comprise a sending means 924A for sending messages to the network node as described above. Theterminal device 920A may also comprise a receiving means 926A for receiving messages from the network node as described above. -
FIG. 11 illustrates functional units in another embodiment of terminal device which may execute any of the methods described herein, for example according to computer readable instructions received from a computer program. It will be understood that the units illustrated inFIG. 11 are hardware implemented functional units, and may be realised in any appropriate combination of hardware elements. - Specifically, the
terminal device 900B comprises anactivation unit 902B for activating integrity protection for user plane data transferred between the terminal device and a network node of the cellular communications network. Theterminal device 900B may also comprise a sendingunit 904B for sending messages to the network node as described above. Theterminal device 900B may also comprise a receivingunit 906B for receiving messages from the network node as described above. -
FIG. 12 illustrates functional units in another embodiment of network node for a cellular communications network which may execute any of the methods described herein, for example according to computer readable instructions received from a computer program. It will be understood that the units illustrated inFIG. 12 are hardware implemented functional units, and may be realised in any appropriate combination of hardware elements according to embodiments. - Specifically, the
network node 920B comprises anactivation unit 922B for activating integrity protection for user plane data transferred between a terminal device and the network node. Thenetwork node 920B may also comprise a sendingunit 924B for sending messages to the network node as described above. Theterminal device 920B may also comprise a receivingunit 926B for receiving messages from the network node as described above. -
FIG. 13 is a flow chart, illustrating a method of operation of a terminal device in a cellular communications network. The method comprises, as an optionalfirst step 1301, sending a request message from the terminal device to a second network node, wherein the request message also indicates the ability of the terminal device to use integrity protection for user plane data. The method then comprises, asstep 1302, activating integrity protection for user plane data transferred between the terminal device and a first network node of the cellular communications network. - The terminal device may comprise an activation module, for activating integrity protection for user plane data transferred between the terminal device and a first network node of the cellular communications network.
-
FIG. 14 is a flow chart, illustrating a method of operation of a network node in a cellular communications network. The method comprises, as an optionalfirst step 1401, receiving a request message from a terminal device of the cellular communications network, wherein the request message also indicates the ability of the terminal device to use integrity protection for user plane data. The method then comprises, asstep 1402, activating integrity protection for user plane data transferred between the network node and the terminal device. - The network node may comprise an activation module, for activating integrity protection for user plane data transferred between the network node and a terminal device.
-
FIG. 15 is a flow chart, illustrating a method of operation of a first network node in a cellular communications network. The method comprises, as an optionalfirst step 1501, receiving a message from a second network node, said message specifying that integrity protection is to be used for user plane data. The method then comprises, asstep 1502, activating integrity protection for the user plane data transferred between the first network node and a terminal device of the cellular communications network. - The first network node may comprise an activation module, for activating integrity protection for user plane data transferred between the first network node and a terminal device of the cellular communications network.
-
FIG. 16 is a flow chart, illustrating a method of operation of a second network node in a cellular communications network. The method comprises, as an optionalfirst step 1601, receiving a request message from a terminal device of the cellular communications network, wherein the request message also indicates the ability of the terminal device to use integrity protection for user plane data. The method then comprises activating integrity protection for user plane data transferred between a first network node and the terminal device. - The second network node may comprise an activation module for activating integrity protection for user plane data transferred between a first network node and a terminal device.
- There are thus described methods of operation of a terminal device and a network node that allow for integrity protection, as well as a terminal device itself and a network node itself.
- It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design many alternative embodiments without departing from the scope of the appended claims. The word “comprising” does not exclude the presence of elements or steps other than those listed in a claim, “a” or “an” does not exclude a plurality, and a single feature or other unit may fulfil the functions of several units recited in the claims. Any reference signs in the claims shall not be construed so as to limit their scope.
Claims (20)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US17/837,918 US20220377557A1 (en) | 2015-11-02 | 2022-06-10 | Wireless communications |
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US201562249538P | 2015-11-02 | 2015-11-02 | |
PCT/EP2016/076408 WO2017076891A1 (en) | 2015-11-02 | 2016-11-02 | Wireless communications |
US201815772760A | 2018-05-01 | 2018-05-01 | |
US17/837,918 US20220377557A1 (en) | 2015-11-02 | 2022-06-10 | Wireless communications |
Related Parent Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US15/772,760 Continuation US11374941B2 (en) | 2015-11-02 | 2016-11-02 | Wireless communications |
PCT/EP2016/076408 Continuation WO2017076891A1 (en) | 2015-11-02 | 2016-11-02 | Wireless communications |
Publications (1)
Publication Number | Publication Date |
---|---|
US20220377557A1 true US20220377557A1 (en) | 2022-11-24 |
Family
ID=57223690
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US15/772,760 Active 2037-06-07 US11374941B2 (en) | 2015-11-02 | 2016-11-02 | Wireless communications |
US17/837,918 Pending US20220377557A1 (en) | 2015-11-02 | 2022-06-10 | Wireless communications |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US15/772,760 Active 2037-06-07 US11374941B2 (en) | 2015-11-02 | 2016-11-02 | Wireless communications |
Country Status (6)
Country | Link |
---|---|
US (2) | US11374941B2 (en) |
EP (1) | EP3371950B1 (en) |
CN (2) | CN117354802A (en) |
DK (1) | DK3371950T3 (en) |
RU (1) | RU2712428C2 (en) |
WO (1) | WO2017076891A1 (en) |
Families Citing this family (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111800744B (en) * | 2016-11-29 | 2023-04-11 | 华为技术有限公司 | Communication method and device |
CN109756451B (en) * | 2017-11-03 | 2022-04-22 | 华为技术有限公司 | Information interaction method and device |
US10999780B2 (en) * | 2017-11-15 | 2021-05-04 | Apple Inc. | Bluetooth trigger for NAN |
WO2019095209A1 (en) | 2017-11-16 | 2019-05-23 | Zte Corporation | Method and computing device for carrying out data integrity protection |
CN110121168B (en) * | 2018-02-06 | 2021-09-21 | 华为技术有限公司 | Security negotiation method and device |
EP4242898A3 (en) | 2018-04-04 | 2023-11-15 | ZTE Corporation | Techniques to manage integrity protection |
WO2019233740A1 (en) * | 2018-06-08 | 2019-12-12 | Telefonaktiebolaget Lm Ericsson (Publ) | Application of integrity protection in a wireless communication network |
CN111641944A (en) * | 2019-03-01 | 2020-09-08 | 华为技术有限公司 | Communication method and device |
US11570616B2 (en) | 2019-08-08 | 2023-01-31 | Mediatek Inc. | Provide EPS security capability and receive eps security algorithm information in 5GS |
EP4014423A4 (en) * | 2019-08-13 | 2023-05-03 | Nokia Technologies Oy | Data security for network slice management |
CN112449323B (en) * | 2019-08-14 | 2022-04-05 | 华为技术有限公司 | Communication method, device and system |
CN114125918B (en) * | 2020-08-31 | 2024-01-26 | 大唐移动通信设备有限公司 | System, method and device for simulating and testing service performance of base station, base station and medium |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20110312299A1 (en) * | 2010-06-18 | 2011-12-22 | Qualcomm Incorporated | Methods and apparatuses facilitating synchronization of security configurations |
US20120066737A1 (en) * | 2009-04-03 | 2012-03-15 | Huawei Technologies Co., Ltd | Method and apparatus for security algorithm selection processing, network entity, and communication system |
US20170359719A1 (en) * | 2015-02-28 | 2017-12-14 | Huawei Technologies Co., Ltd. | Key generation method, device, and system |
US20180034635A1 (en) * | 2015-04-08 | 2018-02-01 | Huawei Technologies Co., Ltd. | GPRS System Key Enhancement Method, SGSN Device, UE, HLR/HSS, and GPRS System |
US20180249479A1 (en) * | 2015-09-04 | 2018-08-30 | Lg Electronics Inc. | Data transmission and reception method and device of terminal in wireless communication system |
US20180324160A1 (en) * | 2015-10-08 | 2018-11-08 | Telefonaktiebolaget Lm Ericsson (Publ) | A radio access node and a method of operating the same |
Family Cites Families (23)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB2429607B (en) * | 2005-08-26 | 2010-02-10 | Samsung Electronics Co Ltd | Improvements in mobile telecommunication security |
CN101406024A (en) | 2006-03-22 | 2009-04-08 | Lg电子株式会社 | Security considerations for the LTE of UMTS |
CN101001252A (en) * | 2006-06-25 | 2007-07-18 | 华为技术有限公司 | Registration method and consultation method and device of user safety algorithmic |
US20080076392A1 (en) | 2006-09-22 | 2008-03-27 | Amit Khetawat | Method and apparatus for securing a wireless air interface |
US8699711B2 (en) | 2007-07-18 | 2014-04-15 | Interdigital Technology Corporation | Method and apparatus to implement security in a long term evolution wireless device |
CN101378591B (en) | 2007-08-31 | 2010-10-27 | 华为技术有限公司 | Method, system and device for negotiating safety capability when terminal is moving |
US8532614B2 (en) * | 2007-10-25 | 2013-09-10 | Interdigital Patent Holdings, Inc. | Non-access stratum architecture and protocol enhancements for long term evolution mobile units |
EP2136501B1 (en) | 2008-06-20 | 2019-12-04 | LG Electronics Inc. | Method of delivering a PDCP data unit to an upper layer |
US9276909B2 (en) * | 2008-08-27 | 2016-03-01 | Qualcomm Incorporated | Integrity protection and/or ciphering for UE registration with a wireless network |
US8526617B2 (en) * | 2008-12-29 | 2013-09-03 | Htc Corporation | Method of handling security configuration in wireless communications system and related communication device |
CN102090093B (en) * | 2009-04-30 | 2013-04-17 | 华为技术有限公司 | Method and device for establishing security mechanism of air interface link |
CN102036256B (en) * | 2009-09-28 | 2013-03-20 | 华为技术有限公司 | Data transmission method, device and system |
US9398517B2 (en) | 2010-01-11 | 2016-07-19 | Blackberry Limited | System and method for enabling discovery of local service availability in local cellular coverage |
US8848916B2 (en) * | 2010-04-15 | 2014-09-30 | Qualcomm Incorporated | Apparatus and method for transitioning from a serving network node that supports an enhanced security context to a legacy serving network node |
CN102783212B (en) * | 2010-05-14 | 2016-02-17 | Lg电子株式会社 | Perform the method and apparatus of switching flow in a wireless communication system |
CN102487507B (en) * | 2010-12-01 | 2016-01-20 | 中兴通讯股份有限公司 | A kind of method and system realizing integrity protection |
CN102625307B (en) | 2011-01-31 | 2014-07-09 | 电信科学技术研究院 | Wireless network access system |
EP2689567B1 (en) * | 2011-03-22 | 2015-06-24 | Telefonaktiebolaget L M Ericsson (publ) | Network node and method to route through or around traffic detection function nodes |
CN103686704B (en) | 2012-09-19 | 2017-02-15 | 华为技术有限公司 | Method and device for communication between terminal and network side |
US8989807B2 (en) * | 2013-02-28 | 2015-03-24 | Intel Mobile Communications GmbH | Communication terminal device, communication device, communication network server and method for controlling |
WO2014169451A1 (en) * | 2013-04-17 | 2014-10-23 | 华为技术有限公司 | Method and device for data transmission |
EP3855797A1 (en) | 2014-03-31 | 2021-07-28 | Convida Wireless, LLC | Overload control and coordination between m2m service layer and 3gpp networks |
JP6548348B2 (en) * | 2015-08-13 | 2019-07-24 | ホアウェイ・テクノロジーズ・カンパニー・リミテッド | Message protection method and related device and system |
-
2016
- 2016-11-02 CN CN202311086074.7A patent/CN117354802A/en active Pending
- 2016-11-02 US US15/772,760 patent/US11374941B2/en active Active
- 2016-11-02 DK DK16790353.3T patent/DK3371950T3/en active
- 2016-11-02 RU RU2018119077A patent/RU2712428C2/en active
- 2016-11-02 CN CN201680077330.8A patent/CN108476211A/en active Pending
- 2016-11-02 WO PCT/EP2016/076408 patent/WO2017076891A1/en active Application Filing
- 2016-11-02 EP EP16790353.3A patent/EP3371950B1/en active Active
-
2022
- 2022-06-10 US US17/837,918 patent/US20220377557A1/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20120066737A1 (en) * | 2009-04-03 | 2012-03-15 | Huawei Technologies Co., Ltd | Method and apparatus for security algorithm selection processing, network entity, and communication system |
US20110312299A1 (en) * | 2010-06-18 | 2011-12-22 | Qualcomm Incorporated | Methods and apparatuses facilitating synchronization of security configurations |
US20170359719A1 (en) * | 2015-02-28 | 2017-12-14 | Huawei Technologies Co., Ltd. | Key generation method, device, and system |
US20180034635A1 (en) * | 2015-04-08 | 2018-02-01 | Huawei Technologies Co., Ltd. | GPRS System Key Enhancement Method, SGSN Device, UE, HLR/HSS, and GPRS System |
US20180249479A1 (en) * | 2015-09-04 | 2018-08-30 | Lg Electronics Inc. | Data transmission and reception method and device of terminal in wireless communication system |
US20180324160A1 (en) * | 2015-10-08 | 2018-11-08 | Telefonaktiebolaget Lm Ericsson (Publ) | A radio access node and a method of operating the same |
Also Published As
Publication number | Publication date |
---|---|
CN108476211A (en) | 2018-08-31 |
EP3371950B1 (en) | 2021-03-03 |
EP3371950A1 (en) | 2018-09-12 |
RU2712428C2 (en) | 2020-01-28 |
RU2018119077A (en) | 2019-12-05 |
CN117354802A (en) | 2024-01-05 |
WO2017076891A1 (en) | 2017-05-11 |
US11374941B2 (en) | 2022-06-28 |
RU2018119077A3 (en) | 2019-12-05 |
US20180359642A1 (en) | 2018-12-13 |
DK3371950T3 (en) | 2021-03-22 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20220377557A1 (en) | Wireless communications | |
US11039372B2 (en) | Non-access stratum transport for non-mobility management messages | |
EP2896247B1 (en) | Methods for mobility control for wi-fi offloading in wireless systems | |
US9344995B2 (en) | Method for transceiving paging message in wireless communication system and apparatus for same | |
US11252561B2 (en) | Refreshing a security context for a mobile device | |
CN109691154B (en) | On-demand network function re-authentication based on key refresh | |
EP3408984B1 (en) | Key management for ciot | |
US20170171737A1 (en) | Method in a wireless communication network for notifying a communication device that context storing is employed in the network | |
KR101873391B1 (en) | Decrease reassociation time for STAs connected to AP | |
CN113853809B (en) | UE, network node for handling UE category information | |
EP3360303B1 (en) | Wireless communications | |
US20180302785A1 (en) | Radio node, network node, methods therein, computer programs and computer-readable mediums comprising the computer programs, for establishing a direct control link | |
JP2023040195A (en) | Communication method and user device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
STPP | Information on status: patent application and granting procedure in general |
Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: NON FINAL ACTION MAILED |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: FINAL REJECTION MAILED |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: ADVISORY ACTION MAILED |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: NON FINAL ACTION MAILED |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: FINAL REJECTION MAILED |