WO2016003750A1 - Techniques for securely receiving critical communication content associated with a critical communication service - Google Patents
Techniques for securely receiving critical communication content associated with a critical communication service Download PDFInfo
- Publication number
- WO2016003750A1 WO2016003750A1 PCT/US2015/037576 US2015037576W WO2016003750A1 WO 2016003750 A1 WO2016003750 A1 WO 2016003750A1 US 2015037576 W US2015037576 W US 2015037576W WO 2016003750 A1 WO2016003750 A1 WO 2016003750A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- message
- critical communication
- sip
- network
- encrypted
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/06—Selective distribution of broadcast services, e.g. multimedia broadcast multicast service [MBMS]; Services to user groups; One-way selective calling services
- H04W4/10—Push-to-Talk [PTT] or Push-On-Call services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/061—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/043—Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
- H04W12/0431—Key distribution or pre-distribution; Key agreement
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W60/00—Affiliation to network, e.g. registration; Terminating affiliation with the network, e.g. de-registration
- H04W60/04—Affiliation to network, e.g. registration; Terminating affiliation with the network, e.g. de-registration using triggered events
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W76/00—Connection management
- H04W76/10—Connection setup
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W8/00—Network data management
- H04W8/005—Discovery of network devices, e.g. terminals
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W80/00—Wireless network protocols or protocol adaptations to wireless operation
- H04W80/08—Upper layer protocols
- H04W80/10—Upper layer protocols adapted for application session management, e.g. SIP [Session Initiation Protocol]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/02—Details
- H04L12/16—Arrangements for providing special services to substations
- H04L12/18—Arrangements for providing special services to substations for broadcast or conference, e.g. multicast
- H04L12/189—Arrangements for providing special services to substations for broadcast or conference, e.g. multicast in combination with wireless systems
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W76/00—Connection management
- H04W76/10—Connection setup
- H04W76/14—Direct-mode setup
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W76/00—Connection management
- H04W76/40—Connection management for selective distribution or broadcast
- H04W76/45—Connection management for selective distribution or broadcast for Push-to-Talk [PTT] or Push-to-Talk over cellular [PoC] services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W88/00—Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
- H04W88/02—Terminal devices
- H04W88/04—Terminal devices adapted for relaying to or from another terminal or user
Definitions
- Examples described herein are generally related to wireless communication devices.
- a communication service such as a Push to Talk (PTT) service provides ways by which two or more users may engage in communication. Users may request permission to transmit a communication (e.g., traditionally by pressing a button).
- An evolving type of critical communication service is referred to as Mission Critical Push To Talk over LTE (MCPTT).
- MCPTT supports an enhanced PTT service that is suitable for mission critical scenarios and is based upon 3GPP Evolved Packet System (EPS) services.
- EPS Evolved Packet System
- FIG. 1 illustrates an example of a system.
- FIG. 2 illustrates an example scheme
- FIG. 3 illustrates an example first process
- FIG. 4 illustrates an example second process
- FIG. 5 illustrates an example block diagram for a first apparatus.
- FIG. 6 illustrates an example of a first logic flow.
- FIG. 7 illustrates an example of a first storage medium.
- FIG. 8 illustrates an example block diagram for a second apparatus.
- FIG. 9 illustrates an example of a second logic flow.
- FIG. 10 illustrates an example of a second storage medium.
- FIG. 11 illustrates an example block diagram for a third apparatus.
- FIG. 12 illustrates an example of a third logic flow.
- FIG. 13 illustrates an example of a third storage medium.
- FIG. 14 illustrates an example of a device.
- FIG. 15 illustrates an example of a broadband wireless access system.
- Wireless mobile broadband technologies may include any wireless technologies suitable for use with wireless devices or user equipment (UE), such as one or more third generation (3G), fourth generation (4G) or emerging fifth generation (5G) wireless standards, revisions, progeny and variants.
- 3G third generation
- 4G fourth generation
- 5G emerging fifth generation
- wireless mobile broadband technologies may include without limitation any of the Institute of Electrical and Electronics Engineers (IEEE) 802.16m and 802.16p standards, 3rd Generation Partnership Project (3GPP) Long Term Evolution (LTE) and LTE-Advanced (LTE- A) standards, and International Mobile Telecommunications Advanced (IMT-ADV) standards, including their revisions, progeny and variants.
- IEEE Institute of Electrical and Electronics Engineers
- 3GPP 3rd Generation Partnership Project
- LTE Long Term Evolution
- LTE- A LTE-Advanced
- IMT-ADV International Mobile Telecommunications Advanced
- GSM Global System for Mobile Communications
- EDGE Universal Mobile Telecommunications System
- UMTS Universal Mobile Telecommunications System
- High Speed Packet Access WiMAX II technologies
- CDMA 2000 system technologies e.g., CDMA2000 IxRTT, CDMA2000 EV-DO, CDMA EV-DV, and so forth
- High Performance Radio Metropolitan Area Network HIPERMAN
- ETSI European Telecommunications Standards Institute
- BRAN Broadband Radio Access Networks
- WiBro Wireless Broadband
- HSDPA High Speed Downlink Packet Access
- HSDPA High Speed Orthogonal Frequency -Division
- OFDM Orthogonal Fret Access
- HOPA High-Speed Uplink Packet Access
- SAE System Architecture Evolution
- Universal Terrestrial Radio Access Network UTRAN
- E-UTRAN 3 GPP Evolved Universal Terrestrial Radio Access Network
- 3GPP's suite of UMTS and LTE/LTE- Advanced Technical Specifications in case of LTE/LTE-Advanced collectively "3GPP LTE Specifications" according to the 36 Series of Technical Specifications
- IEEE 802.16 standards such as the IEEE 802.16-2009 standard and current third revision to IEEE 802.16 referred to as "802.16Rev3" consolidating standards 802.16-2009, 802.16h-2010 and 802.16m-201 1, and the IEEE 802.16p draft standards including IEEE P802.16.1b/D2 January 2012 titled "Draft Amendment to IEEE Standard for WirelessMAN-Advanced Air Interface for Broadband Wireless Access Systems, Enhancements to Support Machine-to-Machine Applications" (collectively “IEEE 802.16 Standards”), and any drafts, revisions or variants of the 3 GPP LTE Specifications and the IEEE 802.16 Standards.
- IEEE 802.16 Standards any drafts
- MCPTT supports an enhanced PTT service, suitable for mission critical scenarios and is based upon 3GPP EPS services.
- MCPTT is typically a session initiation protocol (SIP) based service that may be provided via a centralized MCPTT server residing in a network (e.g., a 3GPP EPS network).
- the MCPTT server may be an IP Multimedia Subsystem (IMS) application server, but the MCPTT server may also be a non-IMS based SIP server.
- IMS IP Multimedia Subsystem
- UEs may directly attach to the network to receive critical communication services from an MCPTT server.
- Some UEs may also utilize Proximity Services (ProSe) capabilities to indirectly attach to the network through a relay UE.
- ProSe Proximity Services
- remote UEs may utilize a relay UE's direct attachment to the network to receive critical communication services from the MCPTT server.
- the relay UE may be on the signaling path of all SIP messages that may include critical communication content destined for the remote UE.
- the remote UE may desire that the relay UE is not able to eavesdrop on these SIP messages including critical communication content.
- a solution is needed to allow the remote UE to agree to common key material with the MCPTT server that can be used to securely relay a master session key.
- the master session key may be for use by only the remote UE to decrypt encrypted critical
- methods are implemented for securely relaying critical communication content associated with a critical communication service. These methods may include registering, at a first UE capable of operating in compliance with one or more 3GPP LTE standards including LTE-A, for critical communication services responsive to a security association with a network arranged to provide the critical communication services. The methods may also include establishing a direct link with a second UE responsive to mutual authentication with the second UE. The methods may also include acting as a trusted node authentication (TNA) node between the network and the second UE to serve as a relay UE for the second UE. The methods may also include receiving a first message including critical communication content via use of unicast or multicast delivery modes. The methods may also include sending the critical communication content in a second message over the direct link, the second message to be sent via use of unicast or multicast delivery modes.
- TMA trusted node authentication
- methods are implemented for securely relaying critical communication content associated with a critical communication service. These methods may include discovering, at a first UE capable of operating in compliance with one or 3GPP LTE standards including LTE-A, a second UE capable of serving as a relay UE to or from a network arranged to provide critical communication services. The methods may also include establishing a direct link with a second UE responsive to mutual authentication with the second UE. The methods may also include registering for the critical communication services responsive to a security association with the network and receiving encrypted critical communication content originating from the network over the direct link via use of unicast or multicast delivery modes.
- methods are implemented for securely sending critical communication content associated with a critical communication service. These methods may include receiving, at a server for a network providing critical communication services, a first registration request to register a first UE for the critical communication services. The methods may also include establishing a first security association with the first UE responsive to the first registration request. The methods may also include receiving a second registration request from a second UE to register the second UE for the critical communication services. The second registration request may be relayed through the first UE that is capable of acting as a TNA node between the network and the second UE. The methods may also include establishing a second security association with the second UE responsive to the second registration request. The methods may also include sending encrypted critical communication content destined for the second UE via use of unicast or multicast delivery modes to the first UE.
- FIG. 1 illustrates an example system 100.
- elements of system 100 may be arranged for providing critical communication services to one or more UEs.
- These critical communication services may include mission critical push to talk (MCPTT) services as specified in a 3GPP technical specification (TS) 22.179, entitled “Technical Specification Group Services and System Aspects; Mission Critical Push to Talk (MCPTT) over LTE, Stage 1", Release 13, V13.0.1, published in January of 2015, and/or previous or subsequent releases or versions (hereinafter referred to as 3GPP TS 22.179).
- MCP mission critical push to talk
- a network 101 may include an MCPTT server 120 that may serve as centralized server to enable network 101 to provide a SIP -based critical communication service to UEs 130, 140 or 150.
- MCPTT server 120 may be arranged as an IMS application server or may be arranged as a non-IMS based SIP server.
- access/core 1 10 may include elements of network 101 typically associated with 3GPP E-UTRAN access and 3GPP E-UTRAN core elements.
- a UE such as UE 130 may gain access to network 101 via an LTE-Uu interface (not shown) through Uu 1 17 coupled to evolved Node B (eNB) 102.
- eNB evolved Node B
- MCPTT server 120 may couple to various access/core 1 10 elements.
- MCPTT server 120 may couple to a policy and charging rules function (PCRF) 1 10 via Rx 1 11 that may represent an Rx interface reference point.
- PCRF policy and charging rules function
- MCPTT server 120 may also couple to a serving policy and charging rules function
- SGW/PWG gateway/packet data gateway 112 via SGi 113 that may represent an SGi interface reference point.
- MCPTT server 120 may also couple to a broadcast/multicast - service center (BM-SC) 1 114 via MB2 1 15 that may represent an MB2 reference point.
- BM-SC broadcast/multicast - service center
- Mobile management entity (MME) 104 and multimedia broadcast/multicast service gateway (MBMS GW) 106 may provide core 3 GPP E-UTRAN services to MCPTT server 120 and/or UEs 130, 140 and 150 to facilitate the providing of critical communication services by network 101.
- MME mobile management entity
- MBMS GW multimedia broadcast/multicast service gateway
- UE 130 may attach directly to MCPTT server 120.
- UE 130 may include an MCPTT client 132 that may be arranged as a SIP -based MCPTT client for communication with MCPTT server 120.
- MCPTT server 120 may be arranged as a type of group communication service application server (GCS AS) and GC1 121 may represent a GC1 reference point through which MCPTT server 120 couples with MCPTT client 132 at UE 130.
- GCS AS group communication service application server
- UEs such as UE 140 may also attach to MCPTT server 120 of network 101 through an application layer gateway (ALG) relay.
- ALG application layer gateway
- An ALG relay may also be referred to as an MCPTT proxy.
- UE 140 includes an MCPTT proxy 142 and GC1 123 may represent a GC1 reference point through which MCPTT server 120 couples with MCPTT proxy 142.
- MCPTT server 120 may provide a SIP- based critical communication service, which may mean the MCPTT proxy 142 may be a SIP proxy acting as a back-to-back user agent (B2BUA) for other UEs and thus may serve as a UE-to-network relay for out of network coverage UEs.
- B2BUA back-to-back user agent
- UEs out of network coverage of network 101 may still be able to obtain critical communication service by coupling through UEs serving as UE-to- network relays such as UE 140.
- UE 150 having an MCPTT client 152 may be able to indirectly couple to MCPTT server 120 through MCPTT proxy 142 and GCl-bis 143 may represent a signaling path for GCl-bis signaling between MCPTT client 152 and MCPTT proxy 142.
- UE 140 acting as an UE-to-network relay may need to be able to relay traffic from MCPTT server 120 only for authorized UEs and/or authorized groups of UEs (e.g., belonging to an MCPTT group). Also, UE 140 may need to be able to act as an UE-to-network relay for groups of which it is not a member. As described more below, a relay UE such as UE 140 may include logic and/or features to enable the relay UE to act as a trusted node authentication (TNA) node between an MCPTT server and a remote UE such as UE 150.
- TAA trusted node authentication
- UE 140 acting as a TNA node may be arranged in accordance with 3GPP TS 33.203, entitled "Technical Specification Group Services and System Aspects; 3G security; Access security for IP -based services", Release 12, V12.8.0, published in December of 2014, and/or previous or subsequent releases or versions (hereinafter referred to as 3GPP TS 33.203).
- Acting as a TNA node may allow the relay UE to securely relay information between the MCPTT server and the remote UE. The remote UE may then be enable to establish a security association with the MCPTT server responsive to the remote UE registering for critical communication services.
- Acting as a TNA node may further allow the relay UE to securely relay critical communication content from the MCPTT server associated with the registered critical communication services.
- critical communication content may be delivered to directly coupled UEs such as UEs 130 or 140 in either a unicast mode (e.g., via EPS bearers) or in multicast mode (e.g., via evolved MBMS (eMBMS) bearers).
- eMBMS bearers may be justified in cases where a sufficient number of UEs are physically located within a same coverage area or cell.
- MCPTT server 120 may include logic and/or features capable of monitoring the number of UEs in a cell and then adjust a delivery mode accordingly.
- UE 140 and UE 150 may be able to establish a direct link that is shown in FIG. 1 as PC5 145.
- PC5 145 may represent the direct link through a PC5 interface (not shown) associated with the ProSe capabilities.
- Establishment of the direct link may include relay discovery, mutual authentication and IP address assignment.
- Establishment of the direct link may also include UE 140 and UE 150 setting up a wireless local area network (WLAN) direct connection.
- the WLAN direct connection may be arranged to operate according to Ethernet wireless standards (including progenies and variants) associated with the IEEE Standard for Information technology - Telecommunications and information exchange between systems— Local and metropolitan area networks— Specific requirements Part 1 1 : WLAN Media Access Controller (MAC) and Physical Layer (PHY) Specifications, published March 2012, and/or later versions of this standard (“IEEE 802.11").
- logic and/or features of a relay UE such as UE 140 may choose a unicast or multicast delivery mode to relay information (e.g., critical communication content) to one or more remote UEs such as UE 150 via a PC5 interface.
- information e.g., critical communication content
- a direct link between UEs 140 and 150 may also be establish via an LTE-Uu interface. Since UE 140 includes the ALG relay serving as MCPTT proxy 142 it may be possible to selectively choose whether to use the PC5 or the LTE-Uu interface to relay information to UE 140. Thus, it may be possible to use unicast delivery via the LTE-Uu interface and multicast delivery via the PC5 interface, or vice versa.
- MCPTT proxy 142 may be a SIP B2BUA and is thus on a signaling path of all SIP messages exchanged between MCPTT server 120 and UE 140. Not being able to eavesdrop may be needed when UE 140 is not a member of the MCPTT group that is registered to receive the critical communication content. This may be regardless of whether the delivery mode is unicast or multicast.
- the various security measures may include a way to allow a remote UE such as UE 140 to agree to common key material with an MCPTT server such as MCPTT server 120 that can be subsequently used to deliver a master session key (MSK) such as an MBMS MSK.
- MSK master session key
- the MSK may then be used to encrypt and then decrypt critical communication content destined for the remote UE.
- the security measures used to agree to common key material may include use of identity-based cryptography mechanisms, schemes or algorithms.
- Identity- based cryptography schemes may be based on industry standards including Request for Comments (RFC) 6507, "Elliptic Curve-Based Certificateless Signatures for Identity-Based Encryption (ECCSI)", published in February 2012 by the Internet Engineering Task Force (IETF), and hereinafter referred to as the ECCSI signature scheme.
- Identity-based cryptography algorithms may be based on industry standards including RFC 6508, "Sakai- Kasahara Key Encryption (SAKKE)”, published in February 2012 by the IETF, hereinafter referred to as the SAKKE algorithm.
- FIG. 2 illustrates an example scheme 200.
- scheme 200 includes interactions between a key management service 210, an MCPTT server 220 and a remote UE 230 to establish a security association that includes mutual
- MCPTT server 220 may represent a server of a network (e.g., network 101) capable of providing critical communication services.
- scheme 200 may be a way in which both mutual authentication between remote UE 230 and MCPTT server 220 may be obtain and remote UE 230 may agree to common key material with MCPTT server 220.
- the common key material may be subsequently used to deliver an MSK such as an MBMS MSK for use to encrypt and then decrypt critical communication content associated with the critical communication services provided by the network.
- square or rectangle shapes shown in FIG. 2 may represent elements of an ECCSI signature scheme and pentagon shapes may represent elements of implementing a SAKKE algorithm.
- circular and octagon shapes may represent elements shared between MCPTT server 220 and remote UE 230 as part of identity -based cryptography scheme based on using either the ECCSI signature scheme or the SAKKE algorithm.
- the ECCSI signature scheme may be implemented as part of mutual authentication between MCPTT server 220 and UE 230.
- MCPTT server 220 and remote UE 230 may have a common root of trust that is shown in FIG. 2 as key management service 210.
- key management service 210 For these examples, key
- KMS key management service
- KPAK public authentication key
- both UE 230 and MCPTT server 220 may have a publicly known identity.
- public known identities for remote UE 230 and MCPTT server 220 are represented in FIG. 2 as ID_ue and ID_nw, respectively.
- both MCPTT server 220 and remote UE 230 may be able to serve the role as a signer and a verifier to allow for mutual authentication.
- both MCPTT server 220 and UE 230 need to apply to key management service 210 for a secret signing key (SSK) and a public validation token (PVT).
- SSK secret signing key
- PVT public validation token
- MCPTT server 220 may apply for and receive SSK_nw and PVT_nw from key management service 210.
- UE 230 may apply for and receive SSK_ue and PVT_ue from key management service 210.
- MCPTT server 220 while acting as a signer, may use KPAK, SSK_nw and PVT_nw to produce a digital signature (SIGN) according to the ECCSI signature scheme.
- UE 230 while also acting as a signer may use KPAK, SSK_ue and PVT_nw to produce SIGN.
- the separate SIGNs produced by MCPTT server 220 and UE 230 may be decoded or decrypted by respective verifiers using KPAK and the signer's public identity (ID_ue or ID nw) to perform a verification algorithm according to the ECCSI signature scheme in order to complete mutual authentication.
- the SAKKE algorithm may be used to arrive at an agreement of common key material between MCPTT server 220 and UE 230.
- key management service 210 may again act as a common root of trust.
- Key management service 210 has a KMS public key that is provided to both remote UE 230 and MCPTT server 220.
- Remote UE 230 may also apply for and receive a receiver secret key (RSK) shown in FIG. 2 as RSK_ue from key management service 210.
- RSK_ue receiver secret key
- ID ue publically known identity
- a new or different publically known ID for MCPTT server 220 may be used as demonstrated in FIG. 2 as ID_nw in the octagon shape.
- MCPTT server 220 may use the KMS public key and its ID nw to encode the common key material (the common key material may also be referred to as a shared secret value (SSV)) to generate a SAKKE payload.
- SSV shared secret value
- remote UE 230 may use the KMS public key, RSK_ue and ID_ue to decrypt the SAKKE encrypted payload according to a decryption algorithm described in RFC 6508 in order to obtain the common key material or SSV.
- a relay UE similar to UE 140 shown in FIG. 1 may be on a same SIP signaling path that runs between remote UE 230 and MCPTT server 220.
- the relay UE is unable to decrypt the agreed common key material or SSV that is conveyed from MCPTT server 220 in the SAKKE encrypted payload.
- FIG. 3 illustrates a first example process.
- the first example process includes process 300.
- Process 300 may be for establishing security associations between a relay UE and a network including an MCPTT server and between a remote UE and the network.
- elements of system 100 as shown in FIG. 1 such as UEs 140 and 150 or MCPTT server 120 may be related to process 300.
- Scheme 200 shown in FIG. 2 may also be related to process 300.
- the example process 300 is not limited to implementations using elements of system 100 or scheme 200 shown in FIGS. 1-2.
- logic and/or features at MCPTT server 120 and UE 140 may be capable of establishing a transport layer security (TSL) connection for SIP signaling.
- TLS transport layer security
- the TLS connection may be established between MCPTT server 120 and MCPTT proxy 142 over GCl 123.
- the TLS connection may be established according to 3 GPP TS 33.203, Annex 0.
- logic and/or features at UE 140 may send a SIP REGISTER message to MCPTT server 120 that includes a publically known ID for UE 140.
- the SIP REGISTER message is signed using the publically known ID for UE 140 (ID_uel40) and this may be part of a mutual authentication between UE 140 and MCPTT server 120.
- SIP OK SSV, ID_nwl20, SIGN, SAKKE
- logic and/or features at MCPTT 120 may send a SIP OK message (e.g., a SIP 200 OK message).
- the SIP OK message may be signed using MCPTT 120's publically known ID (ID_nwl20).
- MCPTT 120 may generate an SSV or common key material and forward it as an encrypted SAKKE payload.
- logic and/or feature at UE 140 may be able to decrypted the encrypted SAKKE payload using UE 140's publically known ID as well as a KMS public key and RSK received from a key management service.
- the decrypted SAKKE payload may enable UE 140 to obtain the SSV or common key material in order to establish a security association.
- the security association may be established over GCl 123. Also, at this time, UE 140 may not know that it will be solicited to act as an UE-to-network relay UE.
- logic and/or features at UE 140 and UE 150 may be capable of establishing a direct link.
- UE 140 and UE 150 may perform ProSe UE-network-relay discovery and establishing a secure point-to-point link (e.g., through a PC5 interface or an LTE-Uu interface).
- logic and/or features at UE 150 may be mutually authenticated with UE 140 and may be assigned an IP address/prefix by UE 140.
- Mutual authentication for example, may include implementation of the ECCSI signature scheme.
- logic and/or features at UE 150 may initiate registration for a critical communication service such as MCPTT via an MCPTT proxy 142 residing in UE 140 by first sending a SIP REGISTER message to UE 150 via GClbis 143.
- the SIP REGISTER message may include signer information as described above for the ECCSI signature scheme portion of scheme 200 to enable MCPTT server 120 to verify UE 140's authenticity for receiving the critical communication services.
- logic and/or features at MCPTT server 120 may receive the SIP REGISTER message forwarded from UE 140.
- UE 140 starts acting as a TNA node and may initially block all traffic other than SIP signaling stemming or originating from UE 150.
- all SIP signaling messages flowing from/to UE 150 may be routed over GC1 123 using UE 140's security association established with MCPTT server 120.
- SIP OK SSV, ID_nwl20, SIGN, SAKKE
- logic and/or features at MCPTT server 120 may send a SIP OK message (e.g., a SIP 200 OK message) destined for UE 150.
- the SIP OK message may be signed using MCPTT 120's publically known ID (ID_nwl20).
- ID_nwl20 publically known ID
- MCPTT 120 may generate a second SSV or second common key material and forward it as an encrypted SAKKE payload.
- the SIP OK message may include similar information as described above for the SAKKE algorithm portion of scheme 200.
- SIP OK SSV, ID_nwl20, SIGN, SAKKE
- logic and/or features at UE 140 may relay or forward the SIP OK message to UE 150 via GClbis 143.
- logic and/or feature at UE 140 may be able to decrypted the encrypted SAKKE payload included in the SIP OK message using UE 150's publically known ID as well as a KMS public key and RSK received from a key management service.
- the decrypted SAKKE payload may enable UE 150 to obtain the second SSV or second common key material in order to establish a security association.
- the second SSV or second common key material may then enable UE 150 and MCPTT 120 to conduct subsequent communications without UE 140 being able to eavesdrop on those communications.
- Process 300 may then come to an end.
- FIG. 4 illustrates a second example process.
- the second example process includes process 400.
- Process 400 may be for securely receiving critical communication content (e.g., MCPTT content) following establishment of separate security associations by a remote UE and a relay UE with a network capable of providing critical communication services.
- critical communication content e.g., MCPTT content
- elements of system 100 as shown in FIG. 1 such as UEs 140 and 150 or MCPTT server 120 may be related to process 400.
- Scheme 200 shown in FIG. 2 may also be related to process 400.
- the example process 400 is not limited to implementations using elements of system 100 or scheme 200 shown in FIGS. 1-2.
- a first security association may be established between MCPTT server 120 and UE 140 as mentioned above for process 300.
- the first security association may be established over GC1 123.
- a second security association may be established between MCPTT sever 120 and UE 150 as mentioned above for process 300.
- the second security association may be established over a combination of GC1 123 and GClbis 147 with UE 140 acting as a TNA node.
- UE 150 may generate and send an SIP INVITE message towards MCPTT server 120 that includes a Group ID.
- UE 150 may wish to joint an MCPTT group that may be defined with an application-layer identifier Group ID (typically a SIP URI).
- logic and/or features at MCPTT server 120 may generate and send a SIP OK or 200 OK response message towards UE 150 that is routed through UE 140.
- logic and/or features at MCPTT server 120 may request establishment an eMBMS bearer based on a number of UEs in a cell or within a coverage area of network 101.
- a temporary mobile group identity TMGI
- TMGI temporary mobile group identity
- logic and/or features at MCPTT server 120 may generate and send a SIP INFO message that include the TMGI and a protected master session key (MSK).
- MSK protected master session key
- the protected MSK may be an MBMS MSK that is protected by being encrypted using common key material or SSV shared with UE 150 when establishing the second security association. For these examples, UE 140 does not have the common key material or SSV and thus is unable to decrypt the protected MSK.
- logic and/or features at UE 150 may respond with a SIP OK or 200 OK response message that is relayed by UE 140 to MCPTT server 120.
- logic and/or features at UE 140 may tune to the eMBMS bearer established by MCPTT server 120 to relay encrypted critical communication content through UE 140.
- logic and/or features at MCPTT server 120 may encrypt critical communication content (e.g., MCPTT content) using the MSK (e.g., an MBMS MSK) and send the encrypted critical
- logic and/or features of UE 140 may deliver encrypted critical communication content to UE 150.
- UE 150 may then use the MSK received at process 4.5 to decrypt the encrypted critical communication content.
- UE 140 may dynamically assign a Layer-2 identifier to be used for multicast delivery through a PC5 interface.
- the Layer-2 identifier may be the ProSe Layer-2 Group ID parameter described in 3GPP TS 23.303 publication entitled "Technical Specification Group Services and System Aspects; Proximity-based services (ProSe); State 2, Release 12, V12.3.0, published December 2014 and/or previous or subsequent releases or versions (hereinafter referred to as 3GPP TS 23.303).
- 3GPP TS 23.303 all UEs to include UE 150 that depend on UE 140 for relaying information from MCPTT server 120 and listening to the same MCPTT group may be associated with a same ProSe Layer-2 Group ID.
- UE 150 may also know that encrypted critical communication content associated with the MCPTT group identified with the ProSe Layer-2 Group ID may be delivered through the PC5 interface using either unicast mode or multicast mode. Process 400 may then come to an end.
- FIG. 5 illustrates a block diagram for an example first apparatus.
- the example first apparatus includes apparatus 500.
- apparatus 500 shown in FIG. 5 has a limited number of elements in a certain topology, it may be appreciated that the apparatus 500 may include more or less elements in alternate topologies as desired for a given implementation.
- apparatus 500 may be implemented in an UE (e.g., UE 140) capable of operating in compliance with one or more 3 GPP LTE Specifications including LTE-A.
- UE e.g., UE 140
- LTE-A 3 GPP LTE Specifications
- apparatus 500 includes circuitry 520.
- Circuitry 520 can be any of various commercially available processors, including without limitation an AMD® Athlon®, Duron® and Opteron® processors; ARM® application, embedded and secure processors; Qualcomm® Qualcomm® Qualcomm® Qualcomm® Qualcomm® Qualcomm® Qualcomm® Qualcomm® Qualcomm® Qualcomm® Qualcomm® Qualcomm® Qualcomm® Qualcomm® Qualcomm® Qualcomm® Qualcomm® Qualcomm® Qualcomm® Qualcomm® Qualcomm® Qualcomm® Qualcomm® Qualcomm® Qualcomm® Qualcomm® Qualcomm®, IBM®, Motorola® DragonBall®,
- circuitry 520 may also be an application specific integrated circuit (ASIC) and at least some modules 522-a may be implemented as hardware elements of the ASIC.
- ASIC application specific integrated circuit
- the logic of apparatus 500 may include a register module 522-1.
- Register module 522-1 may be executed by circuitry 520 to register a first UE.
- Register module 522-1 may register the first UE for critical communication services responsive to a security association with a network arranged to provide the critical communication services.
- security association 505 may represent mutual authentication (e.g., using ECCSI signature scheme) and an agreement of common key material between register module 522-1 and the network (e.g., using SAKKE algorithm).
- the critical communication services may include mission critical communication services and the network may include an MCPTT server (e.g., MCPTT server 120) arranged to provide the mission critical communication services.
- the logic of apparatus 500 may also include a direct link module 522-2.
- Direct link module 522-2 may be executed by circuitry 520 to establish a direct link with a second UE responsive to mutual authentication with the second UE.
- the second UE may be a remote UE (e.g., UE 150) outside of a coverage area of the network.
- Direct link 510 may represent the mutual authentication between the first and second UEs that may include implementation of the ECCSI signature scheme.
- the logic of apparatus 500 may also include a relay module 522-3.
- Relay module 522-3 may be executed by circuitry 520 to act as a TNA node between the network and the second UE to serve as a relay UE for the second UE to the network.
- Relay module 522-3 may be arranged to receive a first message (e.g., message 530) that includes encrypted critical communication content sent from the network via use of unicast or multicast delivery mode.
- Relay module 522-3 may also be arranged to send the encrypted critical communication content in a second message (e.g., message 540) over the direct link with the second UE, the second message to be sent from the first UE via use of unicast or multicast delivery modes.
- a first message e.g., message 530
- Relay module 522-3 may also be arranged to send the encrypted critical communication content in a second message (e.g., message 540) over the direct link with the second UE, the second message to be sent from the first
- relay module 522-3 may generate a multicast link-layer identifier specific to the encrypted communication content to be sent on the direct link with the second UE and then send the multicast link-layer identifier to the second UE in the second message.
- modules of apparatus 500 and a device implementing apparatus 500 may be communicatively coupled to each other by various types of communications media to coordinate operations.
- the coordination may involve the uni-directional or bi-directional exchange of information.
- the modules may communicate information in the form of signals communicated over the communications media.
- the information can be implemented as signals allocated to various signal lines. In such allocations, each message is a signal.
- Further embodiments, however, may alternatively employ data messages. Such data messages may be sent across various connections.
- Example connections include parallel interfaces, serial interfaces, and bus interfaces.
- a logic flow may be implemented in software, firmware, and/or hardware.
- a logic flow may be implemented by computer executable instructions stored on at least one non-transitory computer readable medium or machine readable medium, such as an optical, magnetic or semiconductor storage. The embodiments are not limited in this context.
- FIG. 6 illustrates an example of a first logic flow.
- the first logic flow includes logic flow 600.
- Logic flow 600 may be representative of some or all of the operations executed by one or more logic, features, or devices described herein, such as apparatus 600. More particularly, logic flow 600 may be implemented by register module 522-1, direct link module 522-2 or relay module 522-3.
- logic flow 600 at block 602 may register, at a first UE, for critical communication services responsive to a security association with a network arranged to provide the critical communication services.
- register module 522-1 may register for the critical communications services responsive to the security association.
- logic flow 600 at block 604 may establish a direct link with a second UE responsive to mutual authentication with the second UE.
- direct link module 522-2 may establish the direct link.
- logic flow 600 at block 606 may act as a TNA node between the network and the second UE to serve as a relay UE for the second UE.
- relay module 522-3 may be capable of acting as a TNA node to serve as the relay UE.
- logic flow 600 at block 608 may receive a first message including critical communication content via use of unicast or multicast delivery modes.
- relay module 522-3 may receive the first message.
- logic flow 600 at block 610 may send the critical communication content in a second message over the direct link, the second message to be sent via use of unicast or multicast delivery modes.
- relay module 522-3 may send the second message.
- FIG. 7 illustrates an embodiment of a first storage medium.
- the first storage medium includes storage medium 700.
- Storage medium 700 may comprise an article of manufacture.
- storage medium 700 may include any non- transitory computer readable medium or machine readable medium, such as an optical, magnetic or semiconductor storage.
- Storage medium 700 may store various types of computer executable instructions, such as instructions to implement logic flow 600.
- Examples of a computer readable or machine readable storage medium may include any tangible media capable of storing electronic data, including volatile memory or non-volatile memory, removable or non-removable memory, erasable or non-erasable memory, writeable or re-writeable memory, and so forth.
- Examples of computer executable instructions may include any suitable type of code, such as source code, compiled code, interpreted code, executable code, static code, dynamic code, object-oriented code, visual code, and the like. The examples are not limited in this context.
- FIG. 8 illustrates a block diagram for an example second apparatus.
- the example second apparatus includes apparatus 800.
- apparatus 800 shown in FIG. 8 has a limited number of elements in a certain topology, it may be appreciated that the apparatus 800 may include more or less elements in alternate topologies as desired for a given implementation.
- apparatus 800 may be implemented in an UE (e.g., UE 150) capable of operating in compliance with one or more 3 GPP LTE Specifications including LTE-A.
- UE 150 e.g., UE 150
- LTE-A 3 GPP LTE Specifications
- apparatus 800 includes circuitry 820.
- Circuitry 820 can be any of various commercially available processors to include but not limited to the processors mentioned above for apparatus 500. Also, according to some examples, circuitry 820 may also be an ASIC and at least some modules 822-a may be implemented as hardware elements of the ASIC.
- the logic of apparatus 800 may be included in a first UE (e.g., UE 150) and may include a discovery module 822-1.
- Discovery module 822-1 may be executed by circuitry 820 to discover a second UE (e.g., UE 140) capable of serving as a relay UE to or from a network arranged to provide critical communication services.
- the logic of apparatus 800 may also include a direct link module 822-2.
- Direct link module 822-2 may be executed by circuitry 820 to establish a direct link with a second UE responsive to mutual authentication with the second UE.
- direct link 805 may represent the mutual authentication with the second UE (e.g., using ECCSI signature scheme).
- the logic of apparatus 800 may also include a register module 822-3.
- Register module 822-3 may be executed by circuitry 820 to register for the critical communication services responsive to a security association with the network.
- security association 810 may represent the security association with the network (e.g., using both the ECCSI signature scheme and SAKKE algorithm).
- the logic of apparatus 800 may also include a receive module 822-4.
- Receive module 822-4 may be executed by circuitry 820 to receive encrypted critical communication content originating from the network over the direct link with the second UE, the encrypted critical communication content sent from the second UE via use of unicast or multicast delivery modes.
- the encrypted critical communication content may be included in encrypted critical communication content 830.
- encrypted MBMS MSK 815 may include an MBMS MSK that may have been encrypted using common key material that was obtain by register module 822-3 as part of the security association 810 with the network.
- the MBMS MSK may have been used by the network to encrypt the critical communication content.
- the logic of apparatus 800 may also include a decrypt module 822-5.
- Decrypt module 822-5 may be executed by circuitry 820 to use the MBMS master session key to decrypt the encrypted critical communication content received by the receive module over the direct link with the second UE.
- decrypt module 822-5 may maintain the MBMS MSK with MBMS master session key 824-a.
- MBMS master session key 824-a may be a data structure such as a lookup table (LUT).
- modules of apparatus 800 and a device implementing apparatus 800 may be communicatively coupled to each other by various types of communications media to coordinate operations.
- the coordination may involve the uni-directional or bi-directional exchange of information.
- the modules may communicate information in the form of signals communicated over the communications media.
- the information can be implemented as signals allocated to various signal lines. In such allocations, each message is a signal.
- Further embodiments, however, may alternatively employ data messages. Such data messages may be sent across various connections.
- Example connections include parallel interfaces, serial interfaces, and bus interfaces.
- FIG. 9 illustrates an example of a second logic flow.
- the second logic flow include logic flow 900.
- Logic flow 900 may be representative of some or all of the operations executed by one or more logic, features, or devices described herein, such as apparatus 800. More particularly, logic flow 900 may be implemented by discovery module 822-1, direct link module 822-2, register module 822-3, receive module 822-4 or decrypt module 822-5.
- logic flow 900 at block 902 may discover, at a first UE, a second UE capable of serving as a relay UE to or from a network arranged to provide critical communication services.
- discover module 822-1 may discover the second UE.
- logic flow 900 at block 904 may establish a direct link with a second UE responsive to mutual authentication with the second UE.
- direct link module 822-2 may establish the direct link.
- logic flow 900 at block 906 may register for the critical
- register module 822-3 may register for the critical communication services.
- logic flow 900 at block 908 may receive encrypted critical communication content originating from the network over the direct link via use of unicast or multicast delivery modes.
- receive module 822-4 may receive the encrypted critical communication content.
- decrypt module 822-5 may be capable of decrypting the encrypted critical communication content based on a previously received MBMS MSK that was received from the network.
- FIG. 10 illustrates an embodiment of a second storage medium.
- the second storage medium includes storage medium 1000.
- Storage medium 1000 may comprise an article of manufacture.
- storage medium 1000 may include any non-transitory computer readable medium or machine readable medium, such as an optical, magnetic or semiconductor storage.
- Storage medium 1000 may store various types of computer executable instructions, such as instructions to implement logic flow 900.
- Examples of a computer readable or machine readable storage medium may include any tangible media capable of storing electronic data, including volatile memory or non-volatile memory, removable or non-removable memory, erasable or non-erasable memory, writeable or re-writeable memory, and so forth.
- Examples of computer executable instructions may include any suitable type of code, such as source code, compiled code, interpreted code, executable code, static code, dynamic code, object-oriented code, visual code, and the like. The examples are not limited in this context.
- FIG. 11 illustrates a block diagram for an example third apparatus.
- the example third apparatus includes apparatus 1100.
- apparatus 1 100 shown in FIG. 1 1 has a limited number of elements in a certain topology, it may be appreciated that the apparatus 1 100 may include more or less elements in alternate topologies as desired for a given implementation.
- apparatus 1 100 may be implemented in network equipment such as server (e.g., MCPTT server 120) for a network capable of providing critical communication services.
- the server may be capable of operating in compliance with one or more 3 GPP LTE Specifications including LTE-A.
- LTE-A 3 GPP LTE Specifications
- apparatus 1100 includes circuitry 1120.
- Circuitry 1 120 can be any of various commercially available processors to include but not limited to the processors mentioned above for apparatus 500. Also, according to some examples, circuitry 1 120 may also be an ASIC and at least some modules 1122-a may be implemented as hardware elements of the ASIC.
- apparatus 1100 may be included in a server (e.g., MCPTT 120) for a network capable of providing critical communication services to one or more UEs (e.g., UE 150).
- the logic of apparatus 1100 may include a request module 1122-1.
- Request module 1122-1 may be executed by circuitry 1 120 to receive a first registration request 1105 from a first UE for the first UE to register for the critical communication services.
- the registration request may be included in registration request 1105.
- the logic of apparatus 1 100 may also include an association module 1 122-2.
- Association module 1 122-2 may be executed by circuitry 1120 to establish a first security association with the first UE (e.g., UE 140) responsive to first registration request.
- security association 11 10 may represent the security association with the first UE that may include mutual authentication and an agreement of common key material (e.g., using both the ECCSI signature scheme and SAKKE algorithm).
- request module 1 122-1 may receive a second registration request 1 130 from a second UE (UE 150). Second registration request 1 130 may be relayed through the first UE that is capable of acting as a TNA node between the network and the second UE. For these examples, association module 1 122-2 may then establish a second security association with the second UE responsive to second registration request 1 130. In some examples, security association 1 130 may represent the security association with the second UE that may include mutual authentication and an agreement of common key material. For these examples, request module 1122-1 may use common key material agreed upon during establishment of the second security association to send an encrypted MBMS MSK included in encrypted MBMS MSK 1 140 to the second UE. Request module 1122-1 may maintain or have access to the MBMS MSK in MBMS master session key 1 124-a. MBMS master session key 1124-a may be a data structure such as a lookup table.
- the logic of apparatus 1100 may also include a content module 1122-3.
- Content module 1122-3 may be executed by circuitry 1 120 to send encrypted critical communication content destined for the second UE via use of unicast or multicast delivery modes to the first UE.
- Content module 1122-3 may maintain or have access to the MBMS MSK in MBMS master session key 1 124-a and may use the MBMS MSK to encrypt the critical communication content destined for the second UE.
- the encrypted critical communication content may be included in encrypted critical communication content 1145.
- modules of apparatus 1 100 and a device implementing apparatus 1100 may be communicatively coupled to each other by various types of communications media to coordinate operations.
- the coordination may involve the uni-directional or bi-directional exchange of information.
- the modules may communicate information in the form of signals communicated over the communications media.
- the information can be implemented as signals allocated to various signal lines. In such allocations, each message is a signal.
- Further embodiments, however, may alternatively employ data messages. Such data messages may be sent across various connections.
- Example connections include parallel interfaces, serial interfaces, and bus interfaces.
- FIG. 12 illustrates an example of a third logic flow.
- the third logic flow include logic flow 1200.
- Logic flow 1200 may be representative of some or all of the operations executed by one or more logic, features, or devices described herein, such as apparatus 800. More particularly, logic flow 1200 may be implemented by request module 1 122-1, association module 1 122-2 or content module 1 122-3.
- logic flow 1200 at block 1202 may receive, at a server for a network providing critical communication services, a first registration request to register a first UE for the critical communication services.
- request module 1122-1 may receive the first registration request.
- logic flow 1200 at block 1204 may establish a first security association with the first UE responsive to the first registration request.
- association module 1122-2 may establish the first security association.
- logic flow 1200 at block 1206 may receive a second registration request from a second UE to register the second UE for the critical communication services, the second registration request relayed through the first UE that is capable of acting as a TNA node between the network and the second UE.
- request module 1122-1 may receive the second registration request.
- logic flow 1200 at block 1208 may establish a second security association with the second UE responsive to the second registration request.
- association module 1122-2 may establish the second security association.
- logic flow 1200 at block 1210 may send encrypted critical communication content destined for the second UE via use of unicast or multicast delivery modes to the first UE.
- content module 1 122-3 may send the encrypted critical communication content via use of unicast or multicast delivery modes to the first UE.
- FIG. 13 illustrates an embodiment of a third storage medium.
- the third storage medium includes storage medium 1300.
- Storage medium 1300 may comprise an article of manufacture.
- storage medium 1300 may include any non- transitory computer readable medium or machine readable medium, such as an optical, magnetic or semiconductor storage.
- Storage medium 1300 may store various types of computer executable instructions, such as instructions to implement logic flow 1200.
- Examples of a computer readable or machine readable storage medium may include any tangible media capable of storing electronic data, including volatile memory or non-volatile memory, removable or non-removable memory, erasable or non-erasable memory, writeable or re-writeable memory, and so forth.
- Examples of computer executable instructions may include any suitable type of code, such as source code, compiled code, interpreted code, executable code, static code, dynamic code, object-oriented code, visual code, and the like. The examples are not limited in this context.
- FIG. 14 illustrates an embodiment of a device 1400 for use in a broadband wireless access network.
- Device 1400 may implement, for example, apparatus 500/800/1100, storage medium 700/1000/1300 and/or a logic circuit 1470.
- the logic circuit 1470 may include physical circuits to perform operations described for apparatus 500/800/1 100.
- device 1400 may include a radio interface 1410, baseband circuitry 1420, and computing platform 1430, although examples are not limited to this configuration.
- the device 1400 may implement some or all of the structure and/or operations for the apparatus 500/800/1 100, storage medium 700/1000/1300 and/or logic circuit 1470 in a single computing entity, such as entirely within a single device.
- the device 1400 may distribute portions of the structure and/or operations for apparatus 500/800/1100, storage medium 700/1000/1300 and/or logic circuit 1470 across multiple computing entities using a distributed system architecture, such as a client-server architecture, a 3 -tier architecture, an N- tier architecture, a tightly-coupled or clustered architecture, a peer-to-peer architecture, a master-slave architecture, a shared database architecture, and other types of distributed systems.
- a distributed system architecture such as a client-server architecture, a 3 -tier architecture, an N- tier architecture, a tightly-coupled or clustered architecture, a peer-to-peer architecture, a master-slave architecture, a shared database architecture, and other types of distributed systems.
- a distributed system architecture such as
- radio interface 1410 may include a component or combination of components adapted for transmitting and/or receiving single carrier or multi-carrier modulated signals (e.g., including complementary code keying (CCK) and/or orthogonal frequency division multiplexing (OFDM) symbols and/or single carrier frequency division multiplexing (SC-FDM) symbols) although the embodiments are not limited to any specific over-the-air interface or modulation scheme.
- Radio interface 1410 may include, for example, a receiver 1412, a transmitter 1416 and/or a frequency synthesizer 1414.
- Radio interface 1410 may include bias controls, a crystal oscillator and/or one or more antennas 1418-/ In another embodiment, radio interface 1410 may use external voltage-controlled oscillators (VCOs), surface acoustic wave filters, intermediate frequency (IF) filters and/or RF filters, as desired. Due to the variety of potential RF interface designs an expansive description thereof is omitted.
- VCOs voltage-controlled oscillators
- IF intermediate frequency
- Baseband circuitry 1420 may communicate with radio interface 1410 to process receive and/or transmit signals and may include, for example, an analog-to-digital converter 1422 for down converting received signals, a digital-to-analog converter 1424 for up converting signals for transmission. Further, baseband circuitry 1420 may include a baseband or physical layer (PHY) processing circuit 1426 for PHY link layer processing of respective receive/transmit signals. Baseband circuitry 1420 may include, for example, a processing circuit 1428 for medium access control (MAC)/data link layer processing. Baseband circuitry 1420 may include a memory controller 1432 for communicating with MAC processing circuit 1428 and/or a computing platform 1430, for example, via one or more interfaces 1434.
- PHY physical layer
- PHY processing circuit 1426 may include a frame construction and/or detection module, in combination with additional circuitry such as a buffer memory, to construct and/or deconstruct communication frames (e.g., containing subframes).
- additional circuitry such as a buffer memory
- MAC processing circuit 1428 may share processing for certain of these functions or perform these processes independent of PHY processing circuit 1426.
- MAC and PHY processing may be integrated into a single circuit.
- Computing platform 1430 may provide computing functionality for device 1400. As shown, computing platform 1430 may include a processing component 1440. In addition to, or alternatively of, baseband circuitry 1420 of device 1400 may execute processing operations or logic for apparatus 500/800/1100, storage medium 700/1000/1300, and logic circuit 1470 using the processing component 1430. Processing component 1440 (and/or PHY 1426 and/or MAC 1428) may comprise various hardware elements, software elements, or a combination of both.
- Examples of hardware elements may include devices, logic devices, components, processors, microprocessors, circuitry (e.g., circuitry 520, 820 or 1 120), processor circuits, circuit elements (e.g., transistors, resistors, capacitors, inductors, and so forth), integrated circuits, application specific integrated circuits (ASIC), programmable logic devices (PLD), digital signal processors (DSP), field programmable gate array (FPGA), memory units, logic gates, registers, semiconductor device, chips, microchips, chip sets, and so forth.
- circuitry e.g., circuitry 520, 820 or 1 120
- processor circuits e.g., circuitry 520, 820 or 1 120
- circuit elements e.g., transistors, resistors, capacitors, inductors, and so forth
- integrated circuits e.g., application specific integrated circuits (ASIC), programmable logic devices (PLD), digital signal processors (DSP), field programmable gate array (FPGA), memory units, logic
- Examples of software elements may include software components, programs, applications, computer programs, application programs, system programs, software development programs, machine programs, operating system software, middleware, firmware, software modules, routines, subroutines, functions, methods, procedures, software interfaces, application program interfaces (API), instruction sets, computing code, computer code, code segments, computer code segments, words, values, symbols, or any combination thereof. Determining whether an example is implemented using hardware elements and/or software elements may vary in accordance with any number of factors, such as desired computational rate, power levels, heat tolerances, processing cycle budget, input data rates, output data rates, memory resources, data bus speeds and other design or performance constraints, as desired for a given example.
- Computing platform 1430 may further include other platform components 1450.
- Other platform components 1450 include common computing elements, such as one or more processors, multi-core processors, co-processors, memory units, chipsets, controllers, peripherals, interfaces, oscillators, timing devices, video cards, audio cards, multimedia input/output (I/O) components (e.g., digital displays), power supplies, and so forth.
- processors multi-core processors
- co-processors memory units, chipsets, controllers, peripherals, interfaces, oscillators, timing devices, video cards, audio cards, multimedia input/output (I/O) components (e.g., digital displays), power supplies, and so forth.
- I/O multimedia input/output
- Examples of memory units may include without limitation various types of computer readable and machine readable storage media in the form of one or more higher speed memory units, such as read-only memory (ROM), random-access memory (RAM), dynamic RAM (DRAM), Double-Data-Rate DRAM (DDRAM), synchronous DRAM (SDRAM), static RAM (SRAM), programmable ROM (PROM), erasable programmable ROM (EPROM), electrically erasable programmable ROM (EEPROM), flash memory, polymer memory such as ferroelectric polymer memory, ovonic memory, phase change or ferroelectric memory, silicon-oxide- nitride-oxide-silicon (SONOS) memory, magnetic or optical cards, an array of devices such as Redundant Array of Independent Disks (RAID) drives, solid state memory devices (e.g., USB memory, solid state drives (SSD) and any other type of storage media suitable for storing information.
- ROM read-only memory
- RAM random-access memory
- DRAM dynamic RAM
- DDRAM
- Computing platform 1430 may further include a network interface 1460.
- network interface 1460 may include logic and/or features to support wireless network interfaces as described in one or more 3 GPP LTE or LTE-A specifications or standards.
- network interface 1460 may enable an apparatus 1500 or 1800 located at network equipment such as an MTC-IWF or SC.
- Device 1400 may be, for example, a computer, a personal computer (PC), a desktop computer, a laptop computer, an ultrabook computer, a smartphone, a tablet computer, a notebook computer, a netbook computer, a work station, a mini-computer, multiprocessor system, processor-based system, wireless access point, or combination thereof. Accordingly, functions and/or specific configurations of device 1400 described herein, may be included or omitted in various embodiments of device 1400, as suitably desired. In some embodiments, device 1400 may be configured to be compatible with protocols and frequencies associated one or more of the 3GPP LTE Specifications and/or IEEE 802.16 Standards for WMANs, and/or other broadband wireless networks, cited herein, although the examples are not limited in this respect.
- Embodiments of device 1400 may be implemented using single input single output (SISO) architectures.
- certain implementations may include multiple antennas (e.g., antennas 1418-/) for transmission and/or reception using adaptive antenna techniques for beamforming or spatial division multiple access (SDMA) and/or using multiple input multiple output (MIMO) communication techniques.
- multiple antennas e.g., antennas 1418-/
- SDMA spatial division multiple access
- MIMO multiple input multiple output
- device 1400 may be implemented using any combination of discrete circuitry, application specific integrated circuits (ASICs), logic gates and/or single chip architectures. Further, the features of device 1400 may be implemented using microcontrollers, programmable logic arrays and/or microprocessors or any combination of discrete circuitry, application specific integrated circuits (ASICs), logic gates and/or single chip architectures. Further, the features of device 1400 may be implemented using microcontrollers, programmable logic arrays and/or microprocessors or any combination of discrete circuitry, application specific integrated circuits (ASICs), logic gates and/or single chip architectures. Further, the features of device 1400 may be implemented using microcontrollers, programmable logic arrays and/or microprocessors or any combination of discrete circuitry, application specific integrated circuits (ASICs), logic gates and/or single chip architectures. Further, the features of device 1400 may be implemented using microcontrollers, programmable logic arrays and/or microprocessors or any combination of discrete circuitry, application specific integrated
- FIG. 15 illustrates an embodiment of a broadband wireless access system 1500.
- broadband wireless access system 1500 may be an internet protocol (IP) type network comprising an internet 1510 type network or the like that is capable of supporting mobile wireless access and/or fixed wireless access to internet 1510.
- IP internet protocol
- broadband wireless access system 1500 may comprise any type of orthogonal frequency division multiple access (OFDMA) and/or multiple single carrier frequency division multiple access (multiple SC-FDMA) based wireless network, such as a system compliant with one or more of the 3GPP LTE Specifications and/or IEEE 802.16 Standards, and the scope of this disclosure is not limited in these respects.
- OFDMA orthogonal frequency division multiple access
- multiple SC-FDMA multiple single carrier frequency division multiple access
- access service networks (ASN) 1514, 1518 are capable of coupling with base stations (BS) 1514, 1520 (RRHs or eNBs), respectively, to provide wireless communication between one or more fixed devices 1516 and internet 1510, or one or more mobile devices 1515 and Internet 1510.
- BS base stations
- RRHs or eNBs base stations
- One example of a fixed device 1516 and a mobile device 1522 is UE 150 (see FIG. 1), with the fixed device 1516 comprising a stationary version of UE 150 and the mobile device 1522 comprising a mobile version of UE 150.
- ASN 1512 may implement profiles that are capable of defining the mapping of network functions to one or more physical entities on broadband wireless access system 1500.
- Base stations 1514, 1520 may comprise radio equipment to provide RF communication with fixed device 1516 and mobile device 1522, such as described with reference to device 1500, and may comprise, for example, the PHY, MAC, RLC or PDCP layer equipment in compliance with a 3GPP LTE Specification or an IEEE 802.16 Standard.
- Base stations 1514, 1520 may further comprise an IP backplane to couple to Internet 1510 via ASN 1512, 1518, respectively, although the scope of the claimed subject matter is not limited in these respects.
- Broadband wireless access system 1500 may further comprise a visited connectivity service network (CSN) 1524 capable of providing one or more network functions including but not limited to proxy and/or relay type functions, for example authentication, authorization and accounting (AAA) functions, dynamic host configuration protocol (DHCP) functions, or domain name service controls or the like, domain gateways such as public switched telephone network (PSTN) gateways or voice over internet protocol (VoIP) gateways, and/or internet protocol (IP) type server functions, or the like.
- AAA authentication, authorization and accounting
- DHCP dynamic host configuration protocol
- domain gateways such as public switched telephone network (PSTN) gateways or voice over internet protocol (VoIP) gateways
- IP internet protocol type server functions
- Visited CSN 1524 may be referred to as a visited CSN in the case where visited CSN 1524 is not part of the regular service provider of fixed device 1516 or mobile device 1522, for example where fixed 1516 or mobile device 1522 is roaming away from their respective home CSN 1526, or where broadband wireless access system 1500 is part of the regular service provider of fixed device 1516 or mobile device 1522 but where broadband wireless access system 1500 may be in another location or state that is not the main or home location of fixed device 1516 or mobile device 1522.
- Fixed device 1516 may be located anywhere within range of one or both base stations 1514, 1520, such as in or near a home or business to provide home or business customer broadband access to Internet 1510 via base stations 1514, 1520 and ASN 1512, 1518, respectively, and home CSN 1526. It is worthy to note that although fixed device 1516 is generally disposed in a stationary location, it may be moved to different locations as needed. Mobile device 1522 may be utilized at one or more locations if mobile device 1522 is within range of one or both base stations 1514, 1520, for example.
- operation support system (OSS) 1528 may be part of broadband wireless access system 1500 to provide management functions for broadband wireless access system 1500 and to provide interfaces between functional entities of broadband wireless access system 1500.
- Broadband wireless access system 1500 of FIG. 15 is merely one type of wireless network showing a certain number of the components of broadband wireless access system 1500, and the scope of the claimed subject matter is not limited in these respects.
- Coupled may indicate that two or more elements are in direct physical or electrical contact with each other.
- An example apparatus may include logic for a first UE capable of operating in compliance with one or more 3 GPP LTE standards including LTE-A, at least a portion of the logic in hardware.
- the logic may include a register module to register for critical communication services responsive to a security association with a network arranged to provide the critical communication services.
- the logic may also include a direct link module to establish a direct link with a second UE responsive to mutual authentication with the second UE.
- the logic may also include a relay module to act as a TNA node between the network and the second UE to serve as a relay UE for the second UE, the relay module arranged to receive a first message that includes encrypted critical communication content via use of unicast or multicast delivery modes and send the encrypted critical communication content in a second message over the direct link.
- the second message may be sent via use of unicast or multicast delivery modes.
- Example 2 The apparatus of example 1, the security association with the network may include mutual authentication and an agreement of common key material between the register module and the network.
- Example 3 The apparatus of example 2, the mutual authentication may include implementing an ECCSI signature scheme.
- Example 4 The apparatus of example 3, implementing the ECCSI signature scheme may include sending a SIP REGISTER message to the network.
- the SIP REGISTER message may include a first ECCSI signature payload and an identifier for the first UE.
- Implementing the ECCSI signature scheme may also include receiving a SIP OK message from the network.
- the SIP OK message may include a second ECCSI signature payload and an identifier for the network.
- Example 5 The apparatus of example 2, the agreement of common key material between the register module and the network may include the register module to receive common key material generated using a SAKKE algorithm.
- Example 6 The apparatus of example 5, the common key material received as a SAKKE payload in a SIP OK message.
- Example 7 The apparatus of example 1, the relay module may act as a TNA node to include relaying SIP messages using the security association with the network.
- Example 8 The apparatus of example 1, the relay module may send the encrypted critical communication content in the second message to the second UE via use of a multicast delivery mode that may include the relay module to generate a multicast link-layer identifier specific to the encrypted critical communication content and provide the multicast link-layer identifier to the second UE a SIP message.
- a multicast delivery mode may include the relay module to generate a multicast link-layer identifier specific to the encrypted critical communication content and provide the multicast link-layer identifier to the second UE a SIP message.
- Example 9 The apparatus of example 8, the SIP message may include a SIP INFO message.
- Example 10 The apparatus of example 1, the direct link may include a WLAN direct connection.
- Example 11 The apparatus of example 1 , the critical communication services may include mission critical communication services associated with an MCPTT server.
- Example 12 The apparatus of example 1 may include a digital display to present a user interface view.
- An example method may include registering, at a first UE capable of operating in compliance with one or more 3 GPP LTE standards including LTE-A, for critical communication services responsive to a security association with a network arranged to provide the critical communication services.
- the method may also include establishing a direct link with a second UE responsive to mutual authentication with the second UE.
- the method may also include acting as a TNA node between the network and the second UE to serve as a relay UE for the second UE.
- the method may also include receiving a first message including encrypted critical communication content via use of unicast or multicast delivery modes.
- the method may also include sending the encrypted critical communication content in a second message over the direct link, the second message to be sent via use of unicast or multicast delivery modes.
- Example 14 The method of example 13, the security association with the network may include mutual authentication and an agreement of common key material between the first UE and the network.
- Example 15 The method of example 14, mutual authentication may include implementing an ECCSI signature scheme.
- Example 16 The method of example 15, implementing the ECCSI signature scheme for mutual authentication may include sending a SIP REGISTER message, the SIP
- REGISTER message including a first ECCSI signature payload and an identifier for the first UE.
- Implementing the ECCSI signature scheme for mutual authentication may also include receiving a SIP OK message, the SIP OK message including a second ECCSI signature payload and an identifier for the network.
- Example 17 The method of example 14, the agreement of common key material may include receiving common key material generated using a SAKKE algorithm.
- Example 18 The method of example 17 may include receiving the common key material as a SAKKE payload in a SIP OK message.
- Example 19 The method of example 13, acting as a TNA node may include relaying SIP messages using the security association with the network.
- Example 20 The method of example 13, sending the encrypted critical
- Sending the encrypted critical communication content in the second message may include generating a multicast link-layer identifier specific to the encrypted critical communication content and providing the multicast link-layer identifier to the second UE in a SIP message.
- Example 21 The method of example 20, the SIP message may include a SIP INFO message.
- Example 22 The method of claim 13, the direct link may include a WLAN direct connection.
- Example 23 The method of example 13, the critical communication services may include mission critical communication services associated with an MCPTT server.
- Example 24 An example at least one non-transitory machine readable medium comprising a plurality of instructions that in response to being executed on a system at UE may cause the system to carry out a method according to any one of examples 13 to 23.
- Example 25 An example apparatus may include means for performing the methods of any one of examples 13 to 23.
- An example at least one non-transitory machine readable medium may include a plurality of instructions that in response to being executed on a system for a first UE capable of operating in compliance with one or more or more 3GPP LTE standards including LTE-A, causes the system to register for critical communication services responsive to a security association with a network arranged to provide the critical communication services.
- the instructions may also cause the system to establish a direct link with a second UE responsive to mutual authentication with the second UE.
- the instructions may also cause the system to act as a TNA node between the network and the second UE to serve as a relay UE for the second UE.
- the instructions may also cause the system to receive a first message including encrypted critical communication content via use of unicast or multicast delivery modes.
- the instructions may also cause the system to send the encrypted critical communication content in a second message over the direct link, the second message to be sent via use of unicast or multicast delivery modes.
- Example 27 The at least one non-transitory machine readable medium of example
- the security association with the network may include mutual authentication and an agreement of common key material between the first UE and the network.
- Example 28 The at least one non-transitory machine readable medium of example
- the mutual authentication may include the instructions to further cause the system to implement an ECCSI signature scheme.
- Example 29 The at least one non-transitory machine readable medium of example
- the instruction may cause the system to implement the ECCSI signature scheme for mutual authentication may include the instructions to further cause the system to send a SIP REGISTER message, the SIP REGISTER message including a first ECCSI signature payload and an identifier for the first UE.
- the instruction may further cause the system to receive a SIP OK message, the SIP OK message including a second ECCSI signature payload and an identifier for the network.
- Example 30 The at least one non-transitory machine readable medium of example 27, the agreement of common key material may include the instructions to further cause the system to receive common key material generated using a SAKKE algorithm.
- Example 31 The at least one non-transitory machine readable medium of example 30, the instructions may further cause the system to receive the common key material as a SAKKE payload in a SIP OK message.
- Example 32 The at least one non-transitory machine readable medium of example 26, to act as a TNA node may include the instructions to cause the system to relay SIP messages using the security association with the network.
- Example 33 The at least one non-transitory machine readable medium of example 26, to send the encrypted critical communication content in the second message to the second UE via use of a multicast delivery mode, may include the instructions to further cause the system to generate a multicast link-layer identifier specific to the encrypted critical communication content.
- the instructions may further cause the system to provide the multicast link-layer identifier to the second UE in a SIP message.
- Example 34 The at least one non-transitory machine readable medium of example 33, the second message may include a SIP INFO message.
- Example 35 The at least one non-transitory machine readable medium of example 26, the direct link may include a WLAN direct connection.
- Example 36 The at least one non-transitory machine readable medium of example 26, the critical communication services may include mission critical communication services associated with an MCPTT server.
- An example apparatus may include logic for a first UE capable of operating in compliance with one or more 3 GPP LTE standards including LTE-A, at least a portion of the logic in hardware.
- the logic may include a discovery module to discover a second UE capable of serving as a relay UE to or from a network arranged to provide critical communication services.
- the logic may also include a direct link module to establish a direct link with the second UE responsive to mutual authentication with the second UE.
- the logic may also include a register module to register for the critical communication services responsive to a security association with the network.
- the logic may also include a receive module to receive encrypted critical communication content originating from the network over the direct link via use of unicast or multicast delivery modes.
- Example 38 The apparatus of example 37, the security association with the network may include mutual authentication and an agreement of common key material between the register module and the network.
- Example 39 The apparatus of example 38, mutual authentication may include implementing an ECCSI signature scheme.
- Example 40 The apparatus of example 39, implementing the ECCSI signature scheme may include sending a SIP REGISTER message to the network, the SIP REGISTER message to include a first ECCSI signature payload and an identifier for the first UE.
- Implementing the ECCSI signature scheme may also include receiving a SIP OK message from the network, the SIP OK message to include a second ECCSI signature payload and an identifier for the network.
- Example 41 The apparatus of example 38, the agreement of common key material between the register module and the network may include the register module arranged to receive common key material generated using a SAKKE algorithm.
- Example 42 The apparatus of example 41, the common key material may be received as a SAKKE payload in a SIP OK message.
- Example 43 The apparatus of example 42, the receive module may receive a message from the second UE over the direct link. The message may enable decryption of the encrypted critical communication content via use of an MBMS master session key.
- Example 44 The apparatus of example 43, the message may include a SIP INFO message that includes the MBMS master session key and a corresponding TMGI. The MBMS master session key may be encrypted based on the common key material.
- Example 45 The apparatus of example 43, the logic may also include a decrypt module arranged to use the MBMS master session key to decrypt the encrypted critical communication content.
- Example 46 The apparatus of example 37, the receive module may receive a message over the direct link that enables use of a multicast delivery mode to receive the encrypted critical communication content.
- the message may include a multicast link-layer identifier specific to encrypted critical communication content to be sent over the direct link.
- Example 47 The apparatus of example 46, the message may include a SIP INFO message.
- Example 48 The apparatus of example 37, the direct link may include a WLAN direct connection.
- Example 49 The apparatus of example 37, the critical communication services may include mission critical communication services associated with an MCPTT server.
- Example 50 The apparatus of example 37, may include a digital display to present a user interface view.
- An example method may include discovering, at a first UE capable of operating in compliance with one or more 3 GPP LTE standards including LTE-A, a second UE capable of serving as a relay UE to or from a network arranged to provide critical communication services.
- the method may also include establishing a direct link with the second UE responsive to mutual authentication with the second UE.
- the method may also include registering for the critical communication services responsive to a security association with the network.
- the method may also include receiving encrypted critical communication content originating from the network over the direct link via use of unicast or multicast delivery modes.
- Example 52 The method of example 51 , the security association with the network may include mutual authentication and an agreement of common key material between the first UE and the network.
- Example 53 The method of example 52, mutual authentication may include implementing an ECCSI signature scheme.
- Example 54 The method of example 53, implementing the ECCSI signature scheme may include sending a SIP REGISTER message to the network, the SIP REGISTER message to include a first ECCSI signature payload and an identifier for the first UE.
- Implementing the ECCSI signature scheme may also include receiving a SIP OK message from the network, the SIP OK message to include a second ECCSI signature payload and an identifier for the network.
- Example 55 The method of example 52, the agreement of common key material may include receiving common key material generated using a SAKKE algorithm.
- Example 56 The method of example 55, may include receiving the common key material as a SAKKE payload in a SIP OK message.
- Example 57 The method of example 51, may include receiving a message from the second UE over the direct link.
- the message may enable decryption of the encrypted critical communication content via use of an MBMS master session key.
- Example 58 The method of example 57, the message may include a SIP INFO message that includes the MBMS master session key and a corresponding TMGI.
- the MBMS master session key may be encrypted based on the common key material.
- Example 59 The method of example 58, may include decrypting the encrypted critical communication content using the MBMS master session key.
- Example 60 The method of example 51, may include receiving a message over the direct link that enables use of a multicast delivery mode to receive the encrypted critical communication content.
- the message may include a multicast link-layer identifier specific to encrypted critical communication content to be sent over the direct link.
- Example 61 The method of example 60, the message may include a SIP INFO message.
- Example 62 The method of example 51 , the direct link may include a WLAN direct connection.
- Example 63 The method of example 51 , the critical communication services may include mission critical communication services associated with an MCPTT server.
- Example 64 An example at least one non-transitory machine readable medium may include a plurality of instructions that in response to being executed on a system at user equipment (UE) may cause the system to carry out a method according to any one of examples 51 to 63.
- UE user equipment
- Example 65 An example apparatus may include means for performing the methods of any one of examples 51 to 63.
- At least one non-transitory machine readable medium may include a plurality of instructions that in response to being executed on a system for a first UE capable of operating in compliance with one or more 3 GPP LTE standards including LTE-A that may cause the system to discover a second UE capable of serving as a relay UE to or from a network arranged to provide critical communication services.
- the instructions may also cause the system to establish a direct link with the second UE responsive to mutual authentication with the second UE.
- the instructions may also cause the system to register for the critical communication services responsive to a security association with the network.
- the instructions may also cause the system to receive encrypted critical communication content originating from the network over the direct link via use of unicast or multicast delivery modes.
- Example 67 The at least one non-transitory machine readable medium of example
- the security association with the network may include mutual authentication and an agreement of common key material between the first UE and the network.
- Example 68 The at least one non-transitory machine readable medium of example
- mutual authentication with the network may include the instructions to further cause the system to implement an ECCSI signature scheme.
- Example 69 The at least one non-transitory machine readable medium of example
- the instruction may cause the system to implement the ECCSI signature scheme may include the instructions to further cause the system to send a SIP REGISTER message to the network, the SIP REGISTER message including a first ECCSI signature payload and an identifier for the first UE.
- the instruction may further cause the system to receive a SIP OK message from the network, the SIP OK message including a second ECCSI signature payload and an identifier for the network.
- Example 70 The at least one non-transitory machine readable medium of example 67, the agreement of common key material may include the instructions to further cause the system to receive common key material generated using a SAKKE algorithm.
- Example 71 The at least one non-transitory machine readable medium of example 70, the instructions to further cause the system to receive the common key material as a SAKKE payload in a SIP OK message.
- Example 72 The at least one non-transitory machine readable medium of example 66, the instructions may further cause the system to receive a message from the second UE over the direct link, the message to enable decryption of the encrypted critical communication content via use of an MBMS master session key.
- Example 73 The at least one non-transitory machine readable medium of example 72, the message may include a SIP INFO message relayed from the network that includes the MBMS master session key and a corresponding TMGI.
- the MBMS master session key may be encrypted based on the common key material.
- Example 74 The at least one non-transitory machine readable medium of example 73, the instructions may further cause the system to decrypt the received encrypted critical communication content via use of the MBMS master session key.
- Example 75 The at least one non-transitory machine readable medium of example 66, the instructions may further cause the system to receive a message over the direct link that enables use of a multicast delivery mode to receive the encrypted critical communication content, the message to include a multicast link-layer identifier specific to the encrypted critical communication content to be sent on the direct link.
- Example 76 The at least one non-transitory machine readable medium of example 75, the message may include a SIP INFO message.
- Example 77 The at least one non-transitory machine readable medium of example 66, the direct link may include a WLAN direct connection.
- Example 78 The at least one non-transitory machine readable medium of example 66, the critical communication services may include mission critical communication services associated with an MCPTT server.
- An example apparatus may include logic at a server for a network providing critical communication services, at least a portion of the logic in hardware.
- the logic may include a request module to receive a first registration request to register a first UE for the critical communication services.
- the logic may also include an association module to establish a first security association with the first UE responsive to the first registration request.
- the logic may also include the request module to receive a second registration request from a second UE to register the second UE for the critical communication services, the second registration request relayed through the first UE that is capable of acting as a TNA node between the network and the second UE.
- the logic may also include the association module to establish a second security association with the second UE responsive to the second registration request.
- the logic may also include a content module to send encrypted critical communication content destined for the second UE via use of unicast or multicast delivery modes to the first UE.
- Example 80 The apparatus of example 79, the first security association with the first UE and the second security association with the second UE including respective mutual authentications and agreements of common key material.
- Example 81 The apparatus of example 80, the respective mutual authentications may include the association module implementing an ECCSI signature scheme.
- Example 82 The apparatus of example 81, implementing the ECCSI signature scheme may include receiving a SIP REGISTER messages from the first UE including a first ECCSI signature payload and an identifier for the first UE. Implementing the ECCSI signature scheme may also include receiving a SIP REGISTER message from the second UE including a second ECCSI signature payload and an identifier for the second UE.
- Implementing the ECCSI signature scheme may also include causing separate SIP OK messages to be sent to the first and second UEs, a first SIP OK message sent to the first UE to include a third ECCSI signature payload and an identifier for the server.
- a second SIP OK message sent to the second UE may include a fourth ECCSI signature payload and the identifier for the server.
- Example 83 The apparatus of example 80, the respective agreements of common key material may include the authentication module to generate a first common key material for the first UE and a second common key material for the second UE.
- the authentication module may also separately encrypt the first and second common key material using a SAKKE algorithm and cause the encrypted first common key material to be sent in a first SIP OK message to the first UE and the encrypted second common key material to be sent in a second SIP OK message to the second UE.
- Example 84 The apparatus of example 83, the first UE capable of acting as the TNA node may include the first UE arranged to relay SIP messages between the second UE and the server by use of the first security association established with the association module.
- Example 85 The apparatus of example 84, may include the request module to encrypt an MBMS master session key using the second common key material.
- the request module may also cause the encrypted MBMS master session key to be sent to the second UE in a SIP INFO message.
- the SIP INFO message may also include a TMGI.
- the SIP INFO message may be routed through the first UE acting as the TNA node.
- the second UE may be capable of decrypting the encrypted MBMS master session key via use of the second common key material and using the MBMS master session key to decrypt encrypted critical communication content sent by the content module.
- Example 86 The apparatus of example 79, the critical communication services may include mission critical communication services and the server is an MCPTT server.
- the content module may send the encrypted critical communication content as part of providing the mission critical communication services.
- Example 87 The apparatus of example 79, may include a digital display to present a user interface view.
- An example method may include receiving, at a server for a network providing critical communication services, a first registration request to register a first UE for the critical communication services. The method may also include establishing a first security association with the first UE responsive to the first registration request. The method may also include receiving a second registration request from a second UE to register the second UE for the critical communication services. The second registration request may be relayed through the first UE that is capable of acting as a TNA node between the network and the second UE. The method may also include establishing a second security association with the second UE responsive to the second registration request. The method may also include sending encrypted critical communication content destined for the second UE via use of unicast or multicast delivery modes to the first UE.
- Example 89 The method of example 88, the first security association with the first UE and the second security association with the second UE may include respective mutual authentications and agreements of common key material.
- Example 90 The method of example 89, the respective mutual authentications may include implementing an ECCSI signature scheme.
- Example 91 The method of example 90, implementing the ECCSI signature scheme may include receiving a SIP REGISTER message from the first UE including a first ECCSI signature payload and an identifier for the first UE.
- Implementing the ECCSI signature scheme may also include receiving a SIP REGISTER message from the second UE including a second ECCSI signature payload and an identifier for the second UE.
- Implementing the ECCSI signature scheme may also include sending separate SIP OK messages to the first and second UEs, a first SIP OK message sent to the first UE to include a third ECCSI signature payload and an identifier for the server.
- a second SIP OK message may be sent to the second UE to include a fourth ECCSI signature payload and the identifier for the server.
- the respective agreements of common key material may include generating a first common key material for the first UE and a second common key material for the second UE.
- the respective agreements of common key material may also include separately encrypting the first and second common key material using a SAKKE algorithm.
- the respective agreements of common key material may also include sending the encrypted first common key material in a first SIP OK message to the first UE and the encrypted second common key material in a second SIP OK message to the second UE.
- the first UE capable of acting as the TNA node may include the first UE arranged to relay SIP messages between the second UE and the server by use of the first security association.
- Example 94 The method of example 93, may include encrypting an MBMS master session key using the second common key material causing the encrypted MBMS master session key to be sent to the second UE in a SIP INFO message.
- the SIP INFO message may also include a TMGI.
- the SIP INFO message may be routed through the first UE acting as the TNA node.
- the second UE may be capable of decrypting the encrypted MBMS master session key via use of the second common key material and using the MBMS master session key to decrypt sent encrypted critical communication content.
- Example 95 The method of example 88, the critical communication services may include mission critical communication services and the server is an MCPTT server.
- the encrypted critical communication content may be sent as part of providing the mission critical communication services.
- Example 96 An example at least one non-transitory machine readable medium may include a plurality of instructions that in response to being executed on a system at a server for a network providing critical communication services to one or more UEs may cause the system to carry out a method according to any one of examples 88 to 95.
- Example 97 An example apparatus may include means for performing the methods of any one of examples 88 to 95.
- An example at least one non-transitory machine readable medium may include a plurality of instructions that in response to being executed on a system for a server for a network providing critical communication services may cause the system to receive a first registration request to register a first UE for the critical communication services.
- the instructions may also cause the system to receive a second registration request from a second UE to register the second UE for the critical communication services.
- the second registration request may be relayed through the first UE that is capable of acting as a TNA node between the network and the second UE.
- the instructions may also cause the system to establish a second security association with the second UE responsive to the second registration request.
- the instructions may also cause the system to send encrypted critical communication content destined for the second UE via use of unicast or multicast delivery modes to the first UE.
- Example 99 The at least one non-transitory machine readable medium of example 98, the first security association with the first UE and the second security association with the second UE may include respective mutual authentications and agreements of common key material.
- Example 100 The at least one non-transitory machine readable medium of example
- the respective mutual authentications with the first and second UEs may include implementing an ECCSI signature scheme.
- Example 101 The at least one non-transitory machine readable medium of example
- implementing the ECCSI signature scheme may include receiving a SIP REGISTER messages from the first UE including a first ECCSI signature payload and an identifier for the first UE.
- Implementing the ECCSI signature scheme may also include receiving a SIP REGISTER message from the second UE including a second ECCSI signature payload and an identifier for the second UE.
- Implementing the ECCSI signature scheme may also include causing separate SIP OK messages to be sent to the first and second UEs.
- a first SIP OK message may be sent to the first UE to include a third ECCSI signature payload and an identifier for the server.
- a second SIP OK message may be sent to the second UE to include a fourth ECCSI signature payload and the identifier for the server.
- Example 102 The at least one non-transitory machine readable medium of example
- the separate agreements of common key material may include generating a first common key material for the first UE and a second common key material for the second UE.
- the separate agreements of common key material may also include separately encrypting the first and second common key material using a SAKKE algorithm.
- the separate agreements of common key material may also include causing the encrypted first common key material to be sent in a first SIP OK message to the first UE and the encrypted second common key material to be sent in a second SIP OK message to the second UE.
- Example 103 The at least one non-transitory machine readable medium of example
- the first UE capable of acting as the TNA node may include the first UE arranged to relay SIP messages between the second UE and the server by use of the first security association.
- Example 104 The at least one non-transitory machine readable medium of example
- the SIP INFO message may also include a TMGI.
- the SIP INFO message may be routed through the first UE acting as the TNA node.
- the second UE may be capable of decrypting the encrypted MBMS master session key via use of the second common key material and using the MBMS master session key to decrypt received encrypted critical communication content sent by the server.
- the at least one non-transitory machine readable medium of example 98, the critical communication services may include mission critical communication services and the server may be an MCPTT server.
- the encrypted critical communication content may be sent as part of providing the mission critical communication services.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Multimedia (AREA)
- Databases & Information Systems (AREA)
- Mobile Radio Communication Systems (AREA)
- Telephonic Communication Services (AREA)
Abstract
Description
Claims
Priority Applications (5)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP15815068.0A EP3162105A4 (en) | 2014-06-30 | 2015-06-25 | Techniques for securely receiving critical communication content associated with a critical communication service |
KR1020167033675A KR101915373B1 (en) | 2014-06-30 | 2015-06-25 | Techniques for securely receiving critical communication content associated with a critical communication service |
BR112016028184A BR112016028184A2 (en) | 2014-06-30 | 2015-06-25 | techniques for securely receiving critical communication content associated with a critical communication service |
CN201580027401.9A CN106471834B (en) | 2014-06-30 | 2015-06-25 | Method and apparatus for securely receiving critical communication content associated with a critical communication service |
JP2016572496A JP6386098B2 (en) | 2014-06-30 | 2015-06-25 | Technology for securely receiving critical communications content related to critical communications services |
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US201462019309P | 2014-06-30 | 2014-06-30 | |
US62/019,309 | 2014-06-30 | ||
US14/670,233 | 2015-03-26 | ||
US14/670,233 US10079822B2 (en) | 2014-06-30 | 2015-03-26 | Techniques for securely receiving critical communication content associated with a critical communication service |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2016003750A1 true WO2016003750A1 (en) | 2016-01-07 |
Family
ID=55019845
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2015/037576 WO2016003750A1 (en) | 2014-06-30 | 2015-06-25 | Techniques for securely receiving critical communication content associated with a critical communication service |
Country Status (7)
Country | Link |
---|---|
US (1) | US10079822B2 (en) |
EP (1) | EP3162105A4 (en) |
JP (1) | JP6386098B2 (en) |
KR (1) | KR101915373B1 (en) |
CN (1) | CN106471834B (en) |
BR (1) | BR112016028184A2 (en) |
WO (1) | WO2016003750A1 (en) |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2018010182A1 (en) * | 2016-07-15 | 2018-01-18 | 华为技术有限公司 | Transmission method, apparatus, and device for group communications |
WO2018062940A1 (en) * | 2016-10-01 | 2018-04-05 | Samsung Electronics Co., Ltd. | Method for managing mission critical video (mcvideo) communications in off-network mcvideo communication system |
WO2018083320A1 (en) | 2016-11-07 | 2018-05-11 | Koninklijke Kpn N.V. | Handover of a device which uses another device as relay |
WO2018083327A1 (en) * | 2016-11-07 | 2018-05-11 | Telefonaktiebolaget Lm Ericsson (Publ) | Mission-critical push-to-talk |
WO2018083298A1 (en) | 2016-11-07 | 2018-05-11 | Koninklijke Kpn N.V. | Deriving a security key for relayed communication |
CN109076308A (en) * | 2016-05-24 | 2018-12-21 | 华为技术有限公司 | The correlating method and relevant device of emergency task user and its user equipment |
EP3432655A4 (en) * | 2016-04-05 | 2020-01-01 | LG Electronics Inc. -1- | Method for transmitting and receiving data by using relay terminal |
US10938921B2 (en) | 2017-10-10 | 2021-03-02 | Samsung Electronics Co., Ltd | Method and apparatus for associating services in an electronic device |
Families Citing this family (40)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10079822B2 (en) * | 2014-06-30 | 2018-09-18 | Intel IP Corporation | Techniques for securely receiving critical communication content associated with a critical communication service |
WO2016039579A1 (en) * | 2014-09-11 | 2016-03-17 | 엘지전자 주식회사 | Method for establishing mcptt group call in wireless communication system and device therefor |
US9941954B2 (en) * | 2014-12-19 | 2018-04-10 | Futurewei Technologies, Inc. | System and method for radio link sharing |
CN106068625A (en) * | 2015-01-07 | 2016-11-02 | 华为技术有限公司 | Signal transmission method and relevant device is controlled under a kind of MCPTT framework |
WO2016140507A1 (en) | 2015-03-02 | 2016-09-09 | Samsung Electronics Co., Ltd. | Method and apparatus for providing service in wireless communication system |
US10250653B2 (en) * | 2015-03-27 | 2019-04-02 | Qualcomm Incorporated | Proximity service signaling protocol for multimedia broadcast multicast service operations |
EP3284277A4 (en) * | 2015-04-02 | 2018-04-18 | Samsung Electronics Co., Ltd. | Method for performing multiple authentications within service registration procedure |
WO2016159559A1 (en) * | 2015-04-03 | 2016-10-06 | 엘지전자 주식회사 | Method and apparatus for changing, by terminal, priority in mcptt |
WO2016186414A1 (en) | 2015-05-15 | 2016-11-24 | 엘지전자 주식회사 | Method for providing broadcast service in wireless communication system and apparatus therefor |
KR102273533B1 (en) * | 2015-06-15 | 2021-07-06 | 삼성전자 주식회사 | Method and apparatus for providing a service in wireless communication system |
BR112017027805B1 (en) * | 2015-06-29 | 2023-05-02 | Huawei Technologies Co., Ltd | METHOD, APPLIANCE, STORAGE MEDIA, AND SYSTEM FOR ENVIRONMENTAL ACCESS CONTROL IN MULTIPLE PRESSING SYSTEMS TO TALK ABOUT MISSION CRITICAL |
US11297111B2 (en) | 2015-06-30 | 2022-04-05 | Blackberry Limited | Establishing a session initiation protocol session |
ES2794566T3 (en) | 2015-08-07 | 2020-11-18 | Samsung Electronics Co Ltd | Terminal and its communication procedure |
US9690934B1 (en) * | 2015-08-27 | 2017-06-27 | Symantec Corporation | Systems and methods for protecting computing devices from imposter accessibility services |
US10149122B2 (en) * | 2015-09-14 | 2018-12-04 | Qualcomm Incorporated | Techniques for in-band signaling of service description updates in RTP |
US10425450B2 (en) * | 2016-02-27 | 2019-09-24 | Ofinno, Llc | Mission critical communications |
US20170257751A1 (en) * | 2016-03-05 | 2017-09-07 | Ofinno Technologies, Llc | Off-Network Wireless Mission Critical Session Initiation |
BR112019000622A2 (en) * | 2016-07-15 | 2019-04-24 | Huawei Technologies Co., Ltd. | method for requesting media transmission permission, and method and apparatus for canceling media transmission permission |
CN109997334B (en) * | 2016-10-06 | 2022-08-09 | 康维达无线有限责任公司 | Session management with relaying and charging for indirect connectivity of internet of things applications in 3GPP networks |
CN108011715B (en) * | 2016-10-31 | 2021-03-23 | 华为技术有限公司 | Key distribution method, related equipment and system |
US10735915B2 (en) * | 2016-11-04 | 2020-08-04 | Samsung Electronics Co., Ltd. | Method of operating terminal mission critical push to talk group participating in mission critical push to talk group call in off network |
CN108574570B (en) | 2017-03-08 | 2022-05-17 | 华为技术有限公司 | Private key generation method, device and system |
CN109151907A (en) * | 2017-06-15 | 2019-01-04 | 鸿海精密工业股份有限公司 | Network dicing method and device |
US10638524B2 (en) | 2017-07-31 | 2020-04-28 | Samsung Electronics Co., Ltd. | Method and system for providing mission critical service (MCX) in wireless communication network |
JP6456451B1 (en) * | 2017-09-25 | 2019-01-23 | エヌ・ティ・ティ・コミュニケーションズ株式会社 | COMMUNICATION DEVICE, COMMUNICATION METHOD, AND PROGRAM |
US10631224B2 (en) * | 2017-10-05 | 2020-04-21 | Blackberry Limited | Authenticating user equipments through relay user equipments |
JP6837609B1 (en) * | 2018-01-04 | 2021-03-03 | シグニファイ ホールディング ビー ヴィSignify Holding B.V. | Systems and methods for end-to-end secure communication in device-to-device communication networks |
EP3675542B1 (en) * | 2018-12-31 | 2022-02-23 | Bull Sas | Device and method for managing mutual authentication for direct communication between mobile structures of a mobile radio communication system |
KR102303882B1 (en) * | 2019-01-04 | 2021-09-23 | 아서스테크 컴퓨터 인코포레이션 | Method and apparatus for supporting vehicle-to-everything (v2x) services on single one-to-one sidelink communication link in a wireless communication system |
CN111432470B (en) * | 2019-01-09 | 2023-04-07 | 成都鼎桥通信技术有限公司 | Method and device for processing application layer paging message |
CN111586734B (en) * | 2019-02-15 | 2023-03-31 | 成都鼎桥通信技术有限公司 | Meticulous monitoring method and meticulous monitoring system for group in LTE broadband cluster |
EP3939200A4 (en) * | 2019-03-12 | 2022-12-07 | Nokia Technologies Oy | Communication network-anchored cryptographic key sharing with third-party application |
US11632235B2 (en) * | 2019-04-09 | 2023-04-18 | Samsung Electronics Co., Ltd. | Method and apparatus for handling security procedure in mc communication system |
EP3997920A1 (en) * | 2019-07-12 | 2022-05-18 | IPCom GmbH & Co. KG | Side link establishment for low power devices |
WO2021092480A1 (en) * | 2019-11-07 | 2021-05-14 | Idac Holdings, Inc. | Wtru-to-network relay |
US11564280B2 (en) * | 2020-01-03 | 2023-01-24 | Qualcomm Incorporated | User equipment to network relay |
KR20230022894A (en) * | 2020-07-15 | 2023-02-16 | 엘지전자 주식회사 | relay communication |
CN112584379A (en) * | 2020-12-04 | 2021-03-30 | 广东以诺通讯有限公司 | Direct connection communication security key negotiation method based on 5G D2D technology |
WO2022231244A1 (en) * | 2021-04-26 | 2022-11-03 | Samsung Electronics Co., Ltd. | Systems and methods for supporting ad hoc group call for mcx services |
KR102637942B1 (en) * | 2022-04-08 | 2024-02-20 | 주식회사 케이티 | MCPTT(Mission Critical Push To Talk) SERVER, METHOD AND COMPUTER PROGRAM FOR PROVIDING eMBMS SERVICE |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20130205378A1 (en) * | 2012-02-03 | 2013-08-08 | Kabushiki Kaisha Toshiba | Communication apparatus, server apparatus, relay apparatus, control apparatus, and computer program product |
US20130235792A1 (en) * | 2012-03-08 | 2013-09-12 | Qualcomm Incorporated | Systems and methods for establishing a connection setup through relays |
Family Cites Families (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20040049676A1 (en) * | 2001-04-26 | 2004-03-11 | Bruno Dutertre | Methods and protocols for intrusion-tolerant management of collaborative network groups |
US8676242B2 (en) * | 2007-02-16 | 2014-03-18 | Qualcomm Incorporated | Method and apparatus for registration of location information of wireless devices in a wireless communication network supporting multicast calls |
US8229346B2 (en) | 2007-05-15 | 2012-07-24 | Nvidia Corporation | Method and apparatus for providing multimedia broadcasting multicasting services |
JP5241275B2 (en) | 2008-03-04 | 2013-07-17 | 三菱電機株式会社 | Group communication server, communication terminal and communication system |
JP5173865B2 (en) | 2009-01-21 | 2013-04-03 | Kddi株式会社 | Location registration method and system for connecting SIP client compatible device to IP subsystem network |
US9338811B2 (en) * | 2009-03-06 | 2016-05-10 | Apple Inc. | Methods and apparatus for providing selective access to wireless network resources using detailed information |
US8208891B2 (en) * | 2009-05-01 | 2012-06-26 | At&T Intellectual Property I, L.P. | Methods and systems for relaying out of range emergency information |
EP2534809B1 (en) | 2010-02-12 | 2019-04-10 | Telefonaktiebolaget LM Ericsson (publ) | Trust discovery in a communications network |
JP5865358B2 (en) | 2010-06-04 | 2016-02-17 | ボード・オブ・リージエンツ,ザ・ユニバーシテイ・オブ・テキサス・システム | Wireless communication system, system and computer program product |
US9674877B2 (en) | 2012-09-27 | 2017-06-06 | Kyocera Corporation | Mobile communication system, user terminal, processor, and base station |
EP2915354A4 (en) * | 2012-11-01 | 2016-06-29 | Lg Electronics Inc | Method and apparatus of providing integrity protection for proximity-based service discovery with extended discovery range |
US9800635B2 (en) * | 2013-08-07 | 2017-10-24 | C21 Patents, Llc | System for selectively displaying information in a secured manner and method thereof |
US10756804B2 (en) * | 2014-05-08 | 2020-08-25 | Apple Inc. | Lawful intercept reporting in wireless networks using public safety relays |
US10079822B2 (en) * | 2014-06-30 | 2018-09-18 | Intel IP Corporation | Techniques for securely receiving critical communication content associated with a critical communication service |
US9893894B2 (en) * | 2015-03-13 | 2018-02-13 | Intel IP Corporation | Systems, methods, and devices for secure device-to-device discovery and communication |
CN107925848B (en) * | 2015-07-31 | 2021-12-03 | 三星电子株式会社 | Method and system for identity management across multiple planes |
-
2015
- 2015-03-26 US US14/670,233 patent/US10079822B2/en active Active
- 2015-06-25 BR BR112016028184A patent/BR112016028184A2/en not_active Application Discontinuation
- 2015-06-25 JP JP2016572496A patent/JP6386098B2/en active Active
- 2015-06-25 EP EP15815068.0A patent/EP3162105A4/en not_active Withdrawn
- 2015-06-25 KR KR1020167033675A patent/KR101915373B1/en active IP Right Grant
- 2015-06-25 WO PCT/US2015/037576 patent/WO2016003750A1/en active Application Filing
- 2015-06-25 CN CN201580027401.9A patent/CN106471834B/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20130205378A1 (en) * | 2012-02-03 | 2013-08-08 | Kabushiki Kaisha Toshiba | Communication apparatus, server apparatus, relay apparatus, control apparatus, and computer program product |
US20130235792A1 (en) * | 2012-03-08 | 2013-09-12 | Qualcomm Incorporated | Systems and methods for establishing a connection setup through relays |
Non-Patent Citations (4)
Title |
---|
"3GPP; TSG SA; Mission Critical Push to Talk MCPTT (Release 13", 3GPP TS 22.179 V0.4.0, 13 June 2014 (2014-06-13), XP055250466, Retrieved from the Internet <URL:http://www.3gpp.org/DynaReport/22179.htm> * |
M. GROVES: "Elliptic Curve-Based Certificateless Signatures for Identity-Based Encryption (ECCSI", ITEF RFC 6507, February 2012 (2012-02-01), XP055250458, Retrieved from the Internet <URL:http://tools.ietf.org/html/rfc6507> * |
SAMANEH SADAT MOUSAVI-NIK ET AL.: "Proposed SecureSIP Authentication Scheme based on Elliptic Curve Cryptography", INTERNATIONAL JOURNAL OF COMPUTER APPLICATIONS (0975 - 8887, vol. 58, no. 8, November 2012 (2012-11-01), XP055250462, Retrieved from the Internet <URL:http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.253.19&rep=repl&ty=e=pdf> * |
See also references of EP3162105A4 * |
Cited By (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP3432655A4 (en) * | 2016-04-05 | 2020-01-01 | LG Electronics Inc. -1- | Method for transmitting and receiving data by using relay terminal |
CN109076308A (en) * | 2016-05-24 | 2018-12-21 | 华为技术有限公司 | The correlating method and relevant device of emergency task user and its user equipment |
WO2018010182A1 (en) * | 2016-07-15 | 2018-01-18 | 华为技术有限公司 | Transmission method, apparatus, and device for group communications |
WO2018062940A1 (en) * | 2016-10-01 | 2018-04-05 | Samsung Electronics Co., Ltd. | Method for managing mission critical video (mcvideo) communications in off-network mcvideo communication system |
US20210297748A1 (en) * | 2016-10-01 | 2021-09-23 | Samsung Electronics Co., Ltd. | Method for managing mission critical video (mcvideo) communications in off-network mcvideo communication system |
CN109923884A (en) * | 2016-11-07 | 2019-06-21 | 瑞典爱立信有限公司 | Mission-critical push to speak |
WO2018083298A1 (en) | 2016-11-07 | 2018-05-11 | Koninklijke Kpn N.V. | Deriving a security key for relayed communication |
WO2018083327A1 (en) * | 2016-11-07 | 2018-05-11 | Telefonaktiebolaget Lm Ericsson (Publ) | Mission-critical push-to-talk |
US11039346B2 (en) | 2016-11-07 | 2021-06-15 | Koninklijke Kpn N.V. | Handover of a device which uses another device as relay |
WO2018083320A1 (en) | 2016-11-07 | 2018-05-11 | Koninklijke Kpn N.V. | Handover of a device which uses another device as relay |
US11283770B2 (en) | 2016-11-07 | 2022-03-22 | Koninklijke Kpn N.V. | Deriving a security key for relayed communication |
US11564087B2 (en) | 2016-11-07 | 2023-01-24 | Telefonaktiebolaget Lm Ericsson (Publ) | Mission-critical push-to-talk |
US10938921B2 (en) | 2017-10-10 | 2021-03-02 | Samsung Electronics Co., Ltd | Method and apparatus for associating services in an electronic device |
Also Published As
Publication number | Publication date |
---|---|
JP2017519442A (en) | 2017-07-13 |
EP3162105A4 (en) | 2018-02-28 |
US10079822B2 (en) | 2018-09-18 |
US20160344726A1 (en) | 2016-11-24 |
KR20170002532A (en) | 2017-01-06 |
BR112016028184A2 (en) | 2017-08-22 |
EP3162105A1 (en) | 2017-05-03 |
KR101915373B1 (en) | 2018-11-05 |
CN106471834A (en) | 2017-03-01 |
JP6386098B2 (en) | 2018-09-05 |
CN106471834B (en) | 2020-01-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10079822B2 (en) | Techniques for securely receiving critical communication content associated with a critical communication service | |
JP6732763B2 (en) | Systems, methods and devices for secure device-to-device discovery and communication | |
US10939288B2 (en) | Cellular unicast link establishment for vehicle-to-vehicle (V2V) communication | |
US10631162B2 (en) | Method and apparatus to perform device to device communication in wireless communication network | |
CN104662997B (en) | The system and method for device-to-device communication in the case of for lacking the network coverage | |
US10694376B2 (en) | Network authentication method, network device, terminal device, and storage medium | |
US10091648B2 (en) | Method and apparatus for new key derivation upon handoff in wireless networks | |
CN106465111B (en) | Lawful interception reporting in wireless networks using public safety relays | |
US20160286395A1 (en) | Apparatus, system and method of securing communication between wireless devices | |
EP3479597A1 (en) | Core network connectionless small data transfer | |
JP2015149739A (en) | Certificate validation and channel binding | |
US10588019B2 (en) | Secure signaling before performing an authentication and key agreement | |
US11824972B2 (en) | Method and system for onboarding client devices to a key management server | |
US20210092706A1 (en) | Secure paging for service prioritization | |
US11212321B2 (en) | Group communication service enabler security | |
US9154527B2 (en) | Security key creation | |
US20240146702A1 (en) | Traffic management with asymmetric traffic encryption in 5g networks |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 15815068 Country of ref document: EP Kind code of ref document: A1 |
|
REEP | Request for entry into the european phase |
Ref document number: 2015815068 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2015815068 Country of ref document: EP |
|
ENP | Entry into the national phase |
Ref document number: 20167033675 Country of ref document: KR Kind code of ref document: A |
|
ENP | Entry into the national phase |
Ref document number: 2016572496 Country of ref document: JP Kind code of ref document: A |
|
REG | Reference to national code |
Ref country code: BR Ref legal event code: B01A Ref document number: 112016028184 Country of ref document: BR |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
ENP | Entry into the national phase |
Ref document number: 112016028184 Country of ref document: BR Kind code of ref document: A2 Effective date: 20161130 |