WO2022087984A1 - Method and apparatus for software defined network handover - Google Patents

Method and apparatus for software defined network handover Download PDF

Info

Publication number
WO2022087984A1
WO2022087984A1 PCT/CN2020/124942 CN2020124942W WO2022087984A1 WO 2022087984 A1 WO2022087984 A1 WO 2022087984A1 CN 2020124942 W CN2020124942 W CN 2020124942W WO 2022087984 A1 WO2022087984 A1 WO 2022087984A1
Authority
WO
WIPO (PCT)
Prior art keywords
handover
base station
mobile terminal
target base
key
Prior art date
Application number
PCT/CN2020/124942
Other languages
French (fr)
Inventor
Dongsheng ZHAO
Mingjun Wang
Zheng Yan
Original Assignee
Nokia Technologies Oy
Nokia Technologies (Beijing) Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nokia Technologies Oy, Nokia Technologies (Beijing) Co., Ltd. filed Critical Nokia Technologies Oy
Priority to PCT/CN2020/124942 priority Critical patent/WO2022087984A1/en
Publication of WO2022087984A1 publication Critical patent/WO2022087984A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/0005Control or signalling for completing the hand-off
    • H04W36/0011Control or signalling for completing the hand-off for data sessions of end-to-end connection
    • H04W36/0033Control or signalling for completing the hand-off for data sessions of end-to-end connection with transfer of context information
    • H04W36/0038Control or signalling for completing the hand-off for data sessions of end-to-end connection with transfer of context information of security context information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • H04W12/037Protecting confidentiality, e.g. by encryption of the control plane, e.g. signalling traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0431Key distribution or pre-distribution; Key agreement
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • H04W12/75Temporary identity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/0005Control or signalling for completing the hand-off
    • H04W36/0083Determination of parameters used for hand-off, e.g. generation or modification of neighbour cell lists
    • H04W36/00837Determination of triggering parameters for hand-off
    • H04W36/008375Determination of triggering parameters for hand-off based on historical data

Definitions

  • Various example embodiments relate to software defined network handover.
  • the network heterogeneity and densification impose particular challenges for handovers as traffic may be conducted through a myriad of different access points, some of those being privately owned.
  • cells are ever smaller so that the handovers occur more frequently and also the latencies should be kept lower than before.
  • a 5G handover is classified into two main categories: horizontal handover and vertical handover.
  • Horizontal handover occurs when a User Equipment (UE) moves among wireless networks with the same RAT.
  • Vertical handover is defined as a technology procedure that occurs when a UE moves among wireless networks with different RATs, which is also known as Inter-RAT handover.
  • AS Authentication Server
  • CN Core Network
  • a method in a target base station for pre-computationally accelerated handovers comprising:
  • a handover ticket is found with a matching temporary identity, verifying using the handover ticket and a trust relationship with the controller whether the handover request indicates: that the mobile terminal has a trust relationship with the controller and that the mobile terminal has information based on which the handover ticket was produced;
  • a target base station session key based on at least: the temporary identity; the handover ticket; identity of the target base station; a first key hint contained by the handover request; and a second key hint provided by the target base station;
  • the information of the handover ticket may comprise all the information of the ticket. Alternatively, the information of the handover ticket may comprise sufficient information so that the target base station can derive the handover ticket.
  • the deriving of the handover ticket may be based on a generic function. The deriving of the handover ticket may be based on a secret of the target base station that is known or derivable by the controller.
  • the finding of the handover ticket with a matching temporary identity may refer to finding the information of a handover ticket representing the handover ticket in question.
  • the handover ticket may be stored or derived and stored on or after the receiving of the information of the handover ticket.
  • the handover request may be discarded. If the verifying of the handover request was not positive, normal handover authentication may be attempted.
  • the handover tickets may comprise respective temporary identities of the mobile terminals and temporary keys specific to both the respective mobile terminals and the target base stations.
  • Each handover ticket may be associated with or comprise a pre-code identifier.
  • At least the temporary key may be encrypted and decryptable by a secret key of the target base station.
  • the pre-code identifier and the temporary identity may be cryptographically bound with the temporary key at least for integrity proof.
  • the pre-code identifier may be cryptographically derivable from at least the temporary key.
  • the temporary identity may be encrypted in the handover ticket.
  • the handover confirmation may be based on the temporary key and the second key hint.
  • the handover confirmation may be obtained by receiving from the mobile terminal a handover acknowledgement comprising a second one-directional hash code based on second source information comprising the target base station session key.
  • the second information may differ from the first information.
  • the one-directional hash function used in producing the second one-direction hash code may differ from that used in producing the first one-directional hash code.
  • the handover confirmation may be obtained by detecting that the mobile terminal uses the target base station session key for communicating with the target base station.
  • the method may further comprise authenticating the mobile terminal by using the handover confirmation.
  • a predicted handover may refer to a handover of a specific mobile terminal from a specific source base station to and a specific target base station.
  • the method may comprise verifying that the mobile terminal had a trust relationship with the controller based on checking that the part of the temporary key was comprised in the temporary key of the handover ticket.
  • the method may comprise verifying that the mobile terminal had a trust relationship with the controller based on checking that the handover request comprised an authenticity credential signed by the controller.
  • the method may comprise verifying that the mobile terminal had information based on which the handover ticket was produced based on checking that the pre-code identifier was used in forming the handover request.
  • the derivative may be a first one-directional hash code formed based on first source information comprising the target base station session key.
  • the derivative may be based on the temporary key through use to decrypt information of the handover request using the temporary key.
  • the derivative may be formed by decryption.
  • the computing of the target base station session key may be further based on physical information of a wireless connection between the mobile terminal. Alternatively, or additionally, the computing of the target base station session key may be further based on the pre-code identifier.
  • a method in mobile terminal for pre-computationally accelerated handovers of an example embodiment comprising:
  • the handover request comprises an encryption portion encrypted using at least: a part of the temporary key; a first key hint; and the pre-code identifier;
  • a method in controller for pre-computationally accelerated handovers comprising:
  • computing for authentication of the predicted handover based on the trusted relationships and the shared secret of the controller and the mobile terminal a temporary key, a temporary identity of the mobile terminal; a pre-code identifier; a handover ticket for the target base station; and an authentication credential for the mobile terminal;
  • the target base station with the handover ticket and the temporary key so that the mobile terminal and the target base station are provided with sufficient information to perform mutual handover authentication using a temporary session key that is not derivable by other mobile terminals and base stations.
  • a computer program comprising computer executable program code configured to execute any of the methods.
  • the computer program may be stored in a computer readable memory medium.
  • Any foregoing memory medium may comprise a digital data storage such as a data disc or diskette, optical storage, magnetic storage, holographic storage, opto-magnetic storage, phase-change memory, resistive random access memory, magnetic random access memory, solid-electrolyte memory, ferroelectric random access memory, organic memory or polymer memory.
  • the memory medium may be formed into a device without other substantial functions than storing memory or it may be formed as part of a device with other functions, including but not limited to a memory of a computer, a chip set, and a sub assembly of an electronic device.
  • an apparatus comprising a memory and a processor that are configured to cause performing the method of the first example aspect.
  • an apparatus comprising a memory and a processor that are configured to cause performing the method of the second example aspect.
  • an apparatus comprising a memory and a processor that are configured to cause performing the method of the third example aspect.
  • an apparatus comprising means for performing the method of the first example aspect.
  • an apparatus comprising means for performing the method of the second example aspect.
  • an apparatus comprising means for performing the method of the third example aspect.
  • a system comprising two or more of the apparatuses selected from a group consisting of: the apparatus of the fifth or eighth example aspect; the apparatus of the sixth or ninth example aspect; the apparatus of the seventh or ninth example aspect.
  • a method for pre-computationally accelerating handovers of mobile terminals including: forming trusted relationships with a plurality of MTs and base stations, BS; forming shared secrets with MTs; receiving from the BSs signaling indicating movement of a MT in communication with a source BS; predicting a next handover of the MT to a target BS; computing for the predicted handover, with the trusted relationships and the shared secret of the controller and the mobile terminal: a temporary key, a temporary identity of the MT; a pre-code identifier; a handover ticket for the target BS; and an authentication credential for the MT; providing the MT with the access credential and the temporary key; and providing the target BS with the handover ticket and the temporary key to allow mutual handover authentication with a temporary session key not derivable by others.
  • Fig. 1 shows an architectural drawing of a system of an example embodiment
  • Fig. 2 shows a signaling chart of a first part of a process of an example embodiment
  • Fig. 3 shows a signaling chart of a second part of a process of an example embodiment
  • Fig. 4 a flow chart of a method of an example embodiment in a target base station for pre-computationally accelerated handovers in a target base station;
  • Fig. 5 shows a flow chart of a method of an example embodiment in a mobile terminal for pre-computationally accelerated handovers of an example embodiment
  • Fig. 6 shows a flow chart of a method of an example embodiment in a controller for pre-computationally accelerated handovers of an example embodiment
  • Fig. 7 shows a block diagram of an apparatus of an example embodiment.
  • Figs. 1 through 7 of the drawings An example embodiment of the present invention and its potential advantages are understood by referring to Figs. 1 through 7 of the drawings.
  • derivative refers to information that is obtained or derived in result of some function such as a cryptographic one-way hash function, key derivation function, extended or, truncation, padding, character rotation or any other manner in which information is modified in a reproducible manner.
  • some function such as a cryptographic one-way hash function, key derivation function, extended or, truncation, padding, character rotation or any other manner in which information is modified in a reproducible manner.
  • a required conversion of lengths or types is assumed to be performed.
  • Fig. 1 shows an architectural drawing of a system of an example embodiment.
  • Fig. 1 shows three base stations BS 110 of different types, i.e. a 5G BS, a 4G BS and a WLAN BS.
  • each may operate as a base station for a mobile terminal 120 that comprises a mobile terminal 120 that may comprise, for example, a 5G user equipment.
  • a mobile terminal 120 that comprises a mobile terminal 120 that may comprise, for example, a 5G user equipment.
  • base stations with same reference sign 110 even though their radio technologies differ. It is also notable that few base stations are drawn for illustration only.
  • Fig. 1 further shows a controller 130 in a core network 140 to which the base stations 110 are functionally connected.
  • the controller 130 may be a software defined network (SDN) controller.
  • the controller 130 comprises in an example embodiment an authentication and handover module (AHM) 132.
  • AHM authentication and handover module
  • Fig. 1 shows by a hatched line a trajectory 150 along which the mobile terminal 100 is moving from the coverage area of one base station 110 to another and then to yet another.
  • the communications between an access network and the core network 140 are assumed to be secure. However, communication channels that are used for establishing a handover between the mobile terminal 120 and the base station 110 are considered as open and vulnerable before authentication is performed with a new base station.
  • controllers 130 may exist, e.g., in a heterogeneous network (e.g., HetNet) since each one access network may have a controller.
  • HetNet heterogeneous network
  • two or more controllers joint operate, e.g., as a consultum. In such a case, such controllers trust each other and communicate through secure communication channels.
  • System 100 thus shows only one controller 130.
  • Fig. 2 shows a signaling chart of a first part of a process of an example embodiment illustrating operations of some entities of the system 100.
  • AHM and controller can be used interchangeably, as well as the UE and mobile terminal can be used interchangeable.
  • Fig. 2 shows following signals and events:
  • the controller obtains public and private keys PK AHM , SK AHM
  • a source base station SBS obtains public and private keys PK SBS , SK SBS .
  • a target base station TBS obtains public and private keys PK TBS , SK TBS .
  • the controller announces its public key PK AHM to the base stations for use in public key encryption and cryptographic signing of information.
  • 208. form trust relationships between UE and AHM, between UE and SBS, between SBS and AHM and between TBS and AHM, using a normal authentication such as 5G authentication and key agreement mechanism (AKA) or extensible authentication protocol (EAP) AKA.
  • AKA 5G authentication and key agreement mechanism
  • EAP extensible authentication protocol
  • controller session key K AHM is shared by the UE and AHM as a non-access stratum secret
  • source base station key K SBS is shared by the UE and the SBS as an access stratum secret.
  • a trusted relationship between the AHM and each base station is formed by the presence of the public key encryption system formed by the public and private keys of the base stations and the controller.
  • 5G AKA and EAP AKA are two authentication and key agreement protocols proposed by 3GPP for NR network in Release 15.
  • the protocols help UE and visited network, VN, or here the TBS, to mutually authenticate each other and consult keys for secure communication.
  • Two phases can be identified: 1) authentication data distribution and 2) user AKA.
  • the former step enables the home network of the UE (e.g., the AHM) to distribute authentication data (such as authentication credential and sequence number described in the following) to the SBS currently providing service to UE.
  • the latter step may be used to establish new session keys between the UE and the TBS.
  • the AHM sets a pre-code identifier such as a SEQ counter and gets a persistent identity of the UE, such as an IMSI.
  • a temporary identity of the UE, TID UE is computed based on Equation (1) from the controller session key K AHM and the pre-code identifier SEQ reversibly from the persistent identity:
  • H refers to a one-directional hash function
  • K AHM refers to a shared secret of the UE and the AHM.
  • An authentication credential AC UE is computed by the controller for the UE as a combination (e.g., string concatenation) of the temporary identity TID UE , security capability of the UE, security policy of the radio access network in question, expiry time T exp set for the authentication token and by signing the combination by the private key SK AHM of the AHM so that the components of the authentication credential AC UE remain visible and can be verified for authentic source with normal public key signature verification.
  • Equation (2) shows an example embodiment of forming the authentication credential AC UE :
  • comma ( “, ” ) represents combining data as subsequently separable items, such as a string concatenation.
  • the access credential is independent of the next handover target base station, it is bound to pre-code identifier and so usable only with next handover. This helps in obtaining forward and backward security.
  • Fig. 2 shows following signals and events:
  • the UE itself computes the access credential.
  • predicting next target base station or base stations for the UE by the controller 130 (or cause by the controller 130 such predicting be done elsewhere) .
  • the predicting may employ machine learning, for example.
  • a plurality of candidates are predicted as the next base station and treated in the following steps as the target base station.
  • the manner of forming the authentication credential AC UE independent of the target base station but only depending on the pre-code identifier allows also forming different handover tickets for each of the different candidates so that mutual authentication is possible forward and backward secrecy, user identity anonymity and conditional privacy as will next be further described.
  • Fig. 2 shows following signals and events:
  • a handover ticket for the predicted next base station i.e. the target base station, TBS.
  • the handover ticket is tailored specifically for the UE and the TBS and not to be usable by any other entities. This allows forward and backward security.
  • temporary key IK temp , CK temp ) computed for the predicted handover from the specific source base station SBS to the specific target based station TBS using equation (3) :
  • IK temp refers to a temporary integrity key for use with next handover between the UE and the TBS
  • CK temp refers to a temporary confidentiality key for use with next handover between the UE and the TBS
  • refers a concatenation of any kind, e.g. so that a first half or other portion of characters forms IK temp and the remainder forms CK temp , or every other character forms a part of IK temp , or alternate pairs of characters form a part of IK temp , for example;
  • H refers to a one-directional hash function such as SHA 2, SHA 256, RIPEMD 160, Whirlpool.
  • the temporary key is effectively used as a singular key, i.e. the entire hash result of equation (3) is used as integrity and confidentiality keys.
  • Fig. 2 further shows following signals and events:
  • the handover ticket is formed using equation (4) ,
  • Fig. 2 further shows the following signals and events:
  • the information of the handover ticket may comprise all the information of the ticket. Alternatively, the information of the handover ticket may comprise sufficient information so that the TBS can derive the handover ticket.
  • the deriving of the handover ticket may be based on a generic function. The deriving of the handover ticket may be based on a secret of the TBS that is known or derivable by the controller.
  • the handover ticket may be stored on receiving the information of the handover ticket that represents an entire handover ticket. The handover ticket may be stored on deriving the handover ticket.
  • the handover ticket either as such (in encrypted form) or as decrypted so that the content of the handover ticket is readily available on handover;
  • a temporary key that in an example embodiment comprises or consists of a confidentiality key CK temp and an integrity key IK temp , and form by the UE a first key hint N1 for an intended base station here denoted as the target base station TBS.
  • the intended base station is not any candidate base station for which the controller has provided a handover ticket for this mobile terminal, then the intended base station will simply not find a matching handover ticket and normal authentication will be performed instead a pre-computed one.
  • the temporary keys are formed by the UE based on its source base station session key.
  • Fig. 2 further shows the following signals and events:
  • the handover request comprises in an example embodiment: as cleartext, the temporary identity TID UE , optionally an identity of the target base station, ID TBS , to which handover is requested, some content encrypted using at least a portion of the temporary keys (e.g., CK temp ) , and optionally a first message authentication code computed with one-directional hash such as
  • MAC 1 H (IK temp , TID UE , ID TBS , N 1 , SEQ, AC UE ) (5)
  • the first message authentication code allows fast and computationally simple detection of integrity of the handover request message.
  • the TBS can verify the handover request was formed using of the temporary keys to encrypt the access credential that has been signed by the AHM.
  • the encrypted content comprises in an example embodiment the first key hint.
  • the encrypted content comprises in an example embodiment the pre-code identifier for use as yet another authentication measure as the pre-code identifier of the handover request should match with that of the handover ticket formed for same temporary identity TID UE .
  • Fig. 3 shows a signaling chart of a second part of a process of an example embodiment illustrating operations of some entities of the system 100.
  • Fig. 3 shows following signals and events:
  • UE sends the handover request to the TBS.
  • the checking may comprise finding a stored handover ticket corresponding to the temporary ID or finding information of a handover ticket that represents the handover ticket. If the corresponding handover ticket is not found, normal handover authentication is performed. Otherwise the process continues as follows.
  • This verifying comprises in an example embodiment checking whether the handover request comprises a valid pre-code identifier. If not, the handover request is discarded.
  • This verifying may further comprise using a first message authentication code MAC 1 , if the handover request comprises one, to confirm integrity of the handover request all the way from the UE to the TBS.
  • This verifying comprises in an example embodiment checking that the handover request contained an authentication credential that has been signed by the AHM.
  • This verifying comprises in an example embodiment checking that the handover request contained a portion encrypted using at least a part of the temporary key. This verifying comprises in an example embodiment checking that the access credential was contained in the portion encrypted using at least a part of the temporary key. If any of the verifications of this step fail, the handover request is discarded or normal handover authentication is attempted.
  • the TBS computes a target base station session key K TBS for the UE to use with the TBS based on at least: the temporary identity; the handover ticket; identity of the target base station; a first key hint contained by the handover request; a second key hint provided by the target base station; and the pre-code identifier.
  • the TBS session key K TBS is formed as follows:
  • KDF refers to a key derivation function known by the UE, the base stations and the AHM
  • physical information refers to information available to the UE and the TBS thanks to their common wireless connection.
  • the TBS may use for computing the target base station session key K TBS for the UE physical further information.
  • the further information may comprise the identity of the TBS.
  • the further information may comprise link information of a wireless connection between the mobile terminal.
  • the physical information may comprise a channel code; signal strength; timing advance; bit error rate; signal to noise ratio; a physical layer packet header information; or any direct or derived measure based on the physical connection.
  • Fig. 3 further shows the following signals and events:
  • the handover response forms a handover response by the TBS.
  • the handover response should enable the UE to also compute the TBS session key.
  • the handover response also comprises information suited to authenticate the TBS.
  • the handover response comprises the second key hint in a concealed form.
  • the concealed form may be obtained using encryption or by combining the second key hint with secret information shared by the TBS and the UE.
  • the handover response is simply formed using a reversible conversion function of the second key hint N 2 using the integrity key IK temp , e.g., as
  • the handover response comprises the signature of the access credential, its portion, or its derivative.
  • the handover response comprises the identity of the TBS or a derivative thereof, so that the UE can verify that the handover response originates from the same base station to which the UE sent its handover request.
  • handover response is formed using a reversible conversion function of the second key hint N 2 using a combination of the integrity key IK temp and identity of the TBS, such as
  • the handover response can be sent before the TBS session key has been computed by the TBS to further reduce delays.
  • the handover response is formed to contain although in some other embodiments, there is no pre-code identifier or its increment and/or MAC at all.
  • the encrypted information comprises also the first key hint and/or the integrity key.
  • This verifying of the handover response may indicate whether the TBS shared trust with the AHM by ensuring the TBS has successfully decrypted information of the handover request.
  • the verifying of the handover response may comprise checking that the handover response indicates awareness of the first key hint.
  • the indication of the awareness may correspond to the forming of the handover response in 332.
  • the indication of the awareness may be checked by taking a derivative of some information of the handover response and verifying whether similar locally produced information including the first key hint matches with data contained by the handover response.
  • the verifying of the handover response may comprise checking whether the handover response comprised the signature of the access credential or a portion or derivative of the signature.
  • step 350 The process returns to step 212 to forming or sending a new access credential and temporary ID to the UE, as described in the foregoing but now using the previous TBS as new SBS.
  • Fig. 4 shows a flow chart of a method of an example embodiment in a target base station for pre-computationally accelerated handovers in a target base station, comprising:
  • a handover ticket is found with a matching temporary identity, verifying using the handover ticket and a trust relationship with the controller whether the handover request indicates: that the mobile terminal has a trust relationship with the controller and that the mobile terminal has information based on which the handover ticket was produced; and if the verifying was positive:
  • a target base station session key based on at least: the temporary identity; the handover ticket; identity of the target base station; a first key hint contained by the handover request; and a second key hint provided by the target base station;
  • the handover confirmation is based on the temporary key and the second key hint.
  • Fig. 5 shows a flow chart of a method of an example embodiment in mobile terminal for pre-computationally accelerated handovers of an example embodiment, comprising:
  • the handover request may comprise a derivative of some information of the handover request.
  • the derivative may be the first message authentication code (5) .
  • the handover response may be configured to enable the mobile terminal to also compute the target base station session key.
  • the handover response also comprises information suited to authenticate the target base station.
  • the verifying of the handover response is based on trust relationships between the mobile terminal and the controller; and between the controller and the target base station.
  • the verifying of the handover response may authenticate the target base station using information based on trust relationships between the mobile terminal and the controller; and between the controller and the target base station.
  • the verifying of the handover response may comprise verifying that the target base station was aware of the first key hint.
  • the handover acknowledgement comprises a second one-directional hash code based on second source information comprising the target base station session key, wherein the second information may differ from the first information and/or the one-directional hash function used in producing the second one-direction hash code may differ from that used in producing the first one-directional hash code.
  • the handover confirmation comprises that the mobile terminal uses the target base station session key for communicating with the target base station.
  • Fig. 6 shows a flow chart of a method of an example embodiment in a controller for pre-computationally accelerated handovers of an example embodiment, comprising:
  • a temporary key a temporary identity of the mobile terminal; a pre-code identifier; a handover ticket for the target base station; and an authentication credential for the mobile terminal.
  • the temporary identity is computed using a reversible derivation function from at least: a persistent identity of the mobile terminal; and a shared secret of the controller and the mobile terminal.
  • the handover ticket and the authentication credential each are associated with the pre-code identifier.
  • Fig. 7 shows a block diagram of an apparatus 700 of an example embodiment, comprising a communication interface 710; a processor 720; a user interface 730; and a memory 740.
  • the communication interface 710 comprises in an embodiment a wired and/or wireless communication circuitry, such as Ethernet; Wireless LAN; Bluetooth; GSM; CDMA; WCDMA; LTE; and/or 5G circuitry.
  • the communication interface can be integrated in the apparatus 700 or provided as a part of an adapter, card or the like, that is attachable to the apparatus 700.
  • the communication interface 710 may support one or more different communication technologies.
  • the apparatus 700 may also or alternatively comprise more than one of the communication interfaces 710.
  • the processor 720 may be a central processing unit (CPU) , a microprocessor, a digital signal processor (DSP) , a graphics processing unit, an application specific integrated circuit (ASIC) , a field programmable gate array, a microcontroller or a combination of such elements.
  • CPU central processing unit
  • DSP digital signal processor
  • ASIC application specific integrated circuit
  • FPGA field programmable gate array
  • the user interface may comprise a circuitry for receiving input from a user of the apparatus 700, e.g., via a keyboard, graphical user interface shown on the display of the apparatus 700, speech recognition circuitry, or an accessory device, such as a headset, and for providing output to the user via, e.g., a graphical user interface or a loudspeaker.
  • the memory 740 comprises a work memory 742 and a persistent memory 744 configured to store computer program code 746 and data 748.
  • the memory 740 may comprise any one or more of: a read-only memory (ROM) ; a programmable read-only memory (PROM) ; an erasable programmable read-only memory (EPROM) ; a random-access memory (RAM) ; a flash memory; a data disk; an optical storage; a magnetic storage; a smart card; a solid state drive (SSD) .
  • the apparatus 700 may comprise a plurality of the memories 740.
  • the memory 740 may be constructed as a part of the apparatus 700 or as an attachment to be inserted into a slot, port, or the like of the apparatus 700 by a user or by another person or by a robot.
  • the memory 740 may serve the sole purpose of storing data, or be constructed as a part of an apparatus 700 serving other purposes, such as processing data.
  • the apparatus 700 may comprise other elements, such as microphones, displays, as well as additional circuitry such as input/output (I/O) circuitry, memory chips, application-specific integrated circuits (ASIC) , processing circuitry for specific purposes such as source coding/decoding circuitry, channel coding/decoding circuitry, ciphering/deciphering circuitry, and the like. Additionally, the apparatus 700 may comprise a disposable or rechargeable battery (not shown) for powering the apparatus 700 when external power if external power supply is not available. As used in this application, the term “circuitry” may refer to one or more or all of the following:
  • circuitry also covers an implementation of merely a hardware circuit or processor (or multiple processors) or portion of a hardware circuit or processor and its (or their) accompanying software and/or firmware.
  • circuitry also covers, for example and if applicable to the particular claim element, a baseband integrated circuit or processor integrated circuit for a mobile device or a similar integrated circuit in server, a cellular network device, or other computing or network device.
  • the apparatus 700 can be used as the mobile terminal, base station or controller. Some or all functionalities of the apparatus may be provided by cloud computing, virtualization, and/or distributed entities.
  • a technical effect of one or more of the example embodiments disclosed herein is that a handover authentication can be achieved with low communication and computation cost.
  • Another technical effect of one or more of the example embodiments disclosed herein is that forward security and/or backward security may be achieved by using temporary keys that are not derivable by mobile terminals and base stations from keys of previous or next handover keys.
  • Yet another technical effect of one or more of the example embodiments disclosed herein is that that a conditional privacy can be achieved for the mobile terminal by using the temporary identity as disclosed by some embodiments.
  • forward and backward privacy may be further enhanced using the physical information shared by the mobile terminal and base station without need to add any further signaling.
  • Embodiments of the present invention may be implemented in software, hardware, application logic or a combination of software, hardware and application logic.
  • the application logic, software or an instruction set is maintained on any one of various conventional computer-readable media.
  • a “computer-readable medium” may be any non-transitory media or means that can contain, store, communicate, propagate or transport the instructions for use by or in connection with an instruction execution system, apparatus, or device, such as a computer, with one example of a computer described and depicted in Fig. 7.
  • a computer-readable medium may comprise a computer-readable storage medium that may be any media or means that can contain or store the instructions for use by or in connection with an instruction execution system, apparatus, or device, such as a computer.
  • the different functions discussed herein may be performed in a different order and/or concurrently with each other. Furthermore, if desired, one or more of the before-described functions may be optional or may be combined.

Abstract

Pre-computationally accelerating handovers of mobile terminals, MT, including: forming trusted relationships with a plurality of MTs and base stations, BS; forming shared secrets with MTs; receiving from the BSs signaling indicating movement of a MT in communication with a source BS; predicting a next handover of the MT to a target BS; computing for the predicted handover, with the trusted relationships and the shared secret of the controller and the mobile terminal: a temporary key, a temporary identity of the MT; a pre-code identifier; a handover ticket for the target BS; and an authentication credential for the MT; providing the MT with the access credential and the temporary key; and providing the target BS with the handover ticket and the temporary key to allow mutual handover authentication with a temporary session key not derivable by others.

Description

METHOD AND APPARATUS FOR SOFTWARE DEFINED NETWORK HANDOVER TECHNICAL FIELD
Various example embodiments relate to software defined network handover.
BACKGROUND
This section illustrates useful background information without admission of any technique described herein representative of the state of the art.
In 5G, the network heterogeneity and densification impose particular challenges for handovers as traffic may be conducted through a myriad of different access points, some of those being privately owned. At the same time, cells are ever smaller so that the handovers occur more frequently and also the latencies should be kept lower than before.
Depending on that whether radio access technologies, RATs, are involved into a handover procedure, a 5G handover is classified into two main categories: horizontal handover and vertical handover. Horizontal handover occurs when a User Equipment (UE) moves among wireless networks with the same RAT. Vertical handover is defined as a technology procedure that occurs when a UE moves among wireless networks with different RATs, which is also known as Inter-RAT handover. In the horizontal handover, mutual authentication and session key generation is completed under the control of an Authentication Server (AS) in Core Network (CN) . Amid the handover process, the AS searches user registration database, i.e., UDM in 5G, Home Subscriber Server (HSS) in LTE, to check whether the UE is a valid user. In a vertical handover, there are more network entities in different kind of networks involved, which makes the authentication and session key generation more complicated and introduces high computation and communication overhead. Ordinarily, there is an interworking function or interface between different networks to make the handover perform normally. Both of these two handover categories need complex communication and complicated cryptographic computation to achieve mutual authentication and session key generation and update.
SUMMARY
The scope of protection sought for various embodiments of the invention is set out by the independent claims. The embodiments and features, if any, described in this specification that do not fall into the scope of the independent claims are to be interpreted as examples useful for understanding various embodiments of the invention.
According to a first example aspect of the present invention, there is provided a method in a target base station for pre-computationally accelerated handovers, comprising:
forming a trusted relationship with a controller of handover authentications, which controller has trusted relationships with mobile terminals;
receiving in advance from the controller information of one or more handover tickets for use to authenticate next handover of one or more mobile terminals;
receiving a handover request from a mobile terminal with a temporary identity of the mobile terminal comprising an encrypted portion encrypted using at least a part of a temporary key of one handover ticket;
if a handover ticket is found with a matching temporary identity, verifying using the handover ticket and a trust relationship with the controller whether the handover request indicates: that the mobile terminal has a trust relationship with the controller and that the mobile terminal has information based on which the handover ticket was produced;
computing a target base station session key based on at least: the temporary identity; the handover ticket; identity of the target base station; a first key hint contained by the handover request; and a second key hint provided by the target base station;
responding to the handover request with a handover response comprising the second key hint and a derivative formed using at least the first key hint and the temporary key, so that the mobile terminal can verify authenticity of the target base station by checking the derivative; and
obtaining from the mobile terminal a handover confirmation.
The information of the handover ticket may comprise all the  information of the ticket. Alternatively, the information of the handover ticket may comprise sufficient information so that the target base station can derive the handover ticket. The deriving of the handover ticket may be based on a generic function. The deriving of the handover ticket may be based on a secret of the target base station that is known or derivable by the controller.
The finding of the handover ticket with a matching temporary identity may refer to finding the information of a handover ticket representing the handover ticket in question. The handover ticket may be stored or derived and stored on or after the receiving of the information of the handover ticket.
If the verifying of the handover request was not positive, the handover request may be discarded. If the verifying of the handover request was not positive, normal handover authentication may be attempted.
The handover tickets may comprise respective temporary identities of the mobile terminals and temporary keys specific to both the respective mobile terminals and the target base stations. Each handover ticket may be associated with or comprise a pre-code identifier. At least the temporary key may be encrypted and decryptable by a secret key of the target base station. The pre-code identifier and the temporary identity may be cryptographically bound with the temporary key at least for integrity proof. The pre-code identifier may be cryptographically derivable from at least the temporary key. The temporary identity may be encrypted in the handover ticket.
The handover confirmation may be based on the temporary key and the second key hint. The handover confirmation may be obtained by receiving from the mobile terminal a handover acknowledgement comprising a second one-directional hash code based on second source information comprising the target base station session key. The second information may differ from the first information. Alternatively, or additionally, the one-directional hash function used in producing the second one-direction hash code may differ from that used in producing the first one-directional hash code.
The handover confirmation may be obtained by detecting that the mobile terminal uses the target base station session key for communicating with the target base station.
The method may further comprise authenticating the mobile terminal  by using the handover confirmation.
A predicted handover may refer to a handover of a specific mobile terminal from a specific source base station to and a specific target base station.
The method may comprise verifying that the mobile terminal had a trust relationship with the controller based on checking that the part of the temporary key was comprised in the temporary key of the handover ticket. The method may comprise verifying that the mobile terminal had a trust relationship with the controller based on checking that the handover request comprised an authenticity credential signed by the controller.
The method may comprise verifying that the mobile terminal had information based on which the handover ticket was produced based on checking that the pre-code identifier was used in forming the handover request.
The derivative may be a first one-directional hash code formed based on first source information comprising the target base station session key. The derivative may be based on the temporary key through use to decrypt information of the handover request using the temporary key. The derivative may be formed by decryption.
The computing of the target base station session key may be further based on physical information of a wireless connection between the mobile terminal. Alternatively, or additionally, the computing of the target base station session key may be further based on the pre-code identifier.
According to a second example aspect of the present invention, there is provided a method in mobile terminal for pre-computationally accelerated handovers of an example embodiment, comprising:
obtaining an authentication credential from a controller that has a trusted relationship with: the source base station; the target base station; and the mobile terminal;
obtaining a temporary identity using a reversible derivation function from at least: a persistent identity of the mobile terminal; and a shared secret of the controller and the mobile terminal;
obtaining a temporary key based on at least the temporary identity; identity of the target base station; and a session key or other shared secret of the mobile terminal and the source base station;
obtaining a pre-code identifier that is synchronized with the controller and synchronized by the controller to the target base station;
forming a handover request to the target base station with the temporary identity so that the handover request comprises an encryption portion encrypted using at least: a part of the temporary key; a first key hint; and the pre-code identifier;
receiving from the target base station a handover response;
verifying the handover response based on trust relationships between the mobile terminal and the controller; and between the controller and the target base station; and
confirming to the target base station a successful handover authentication.
According to a third example aspect of the present invention, there is provided a method in controller for pre-computationally accelerated handovers, comprising:
forming trusted relationships with a plurality of mobile terminals and base stations;
forming shared secrets with the mobile terminals;
receiving from the base stations signaling indicating movement of a mobile terminal that is in communication with a base station referred to as a source base station;
predicting a next handover of the mobile terminal to a target base station;
computing for authentication of the predicted handover based on the trusted relationships and the shared secret of the controller and the mobile terminal: a temporary key, a temporary identity of the mobile terminal; a pre-code identifier; a handover ticket for the target base station; and an authentication credential for the mobile terminal;
providing the mobile terminal with the access credential and the temporary key; and
providing the target base station with the handover ticket and the temporary key so that the mobile terminal and the target base station are provided with sufficient information to perform mutual handover authentication using a  temporary session key that is not derivable by other mobile terminals and base stations.
According to a fourth example aspect of the present invention, there is provided a computer program comprising computer executable program code configured to execute any of the methods.
The computer program may be stored in a computer readable memory medium.
Any foregoing memory medium may comprise a digital data storage such as a data disc or diskette, optical storage, magnetic storage, holographic storage, opto-magnetic storage, phase-change memory, resistive random access memory, magnetic random access memory, solid-electrolyte memory, ferroelectric random access memory, organic memory or polymer memory. The memory medium may be formed into a device without other substantial functions than storing memory or it may be formed as part of a device with other functions, including but not limited to a memory of a computer, a chip set, and a sub assembly of an electronic device.
According to a fifth example aspect of the present invention, there is provided an apparatus comprising a memory and a processor that are configured to cause performing the method of the first example aspect.
According to a sixth example aspect of the present invention, there is provided an apparatus comprising a memory and a processor that are configured to cause performing the method of the second example aspect.
According to a seventh example aspect of the present invention, there is provided an apparatus comprising a memory and a processor that are configured to cause performing the method of the third example aspect.
According to an eighth example aspect of the present invention, there is provided an apparatus comprising means for performing the method of the first example aspect.
According to a ninth example aspect of the present invention, there is provided an apparatus comprising means for performing the method of the second example aspect.
According to a tenth example aspect of the present invention, there is provided an apparatus comprising means for performing the method of the third example aspect.
According to an eleventh example aspect of the present invention, there is provided a system comprising two or more of the apparatuses selected from a group consisting of: the apparatus of the fifth or eighth example aspect; the apparatus of the sixth or ninth example aspect; the apparatus of the seventh or ninth example aspect.
According to a twelfth example aspect, there is provided a method for pre-computationally accelerating handovers of mobile terminals, MT, including: forming trusted relationships with a plurality of MTs and base stations, BS; forming shared secrets with MTs; receiving from the BSs signaling indicating movement of a MT in communication with a source BS; predicting a next handover of the MT to a target BS; computing for the predicted handover, with the trusted relationships and the shared secret of the controller and the mobile terminal: a temporary key, a temporary identity of the MT; a pre-code identifier; a handover ticket for the target BS; and an authentication credential for the MT; providing the MT with the access credential and the temporary key; and providing the target BS with the handover ticket and the temporary key to allow mutual handover authentication with a temporary session key not derivable by others.
Different non-binding example aspects and embodiments of the present invention have been illustrated in the foregoing. The embodiments in the foregoing are used merely to explain selected aspects or steps that may be utilized in implementations of the present invention. Some embodiments may be presented only with reference to certain example aspects of the invention. It should be appreciated that corresponding embodiments may apply to other example aspects as well.
BRIEF DESCRIPTION OF THE DRAWINGS
For a more complete understanding of example embodiments of the present invention, reference is now made to the following descriptions taken in connection with the accompanying drawings in which:
Fig. 1 shows an architectural drawing of a system of an example embodiment;
Fig. 2 shows a signaling chart of a first part of a process of an example embodiment;
Fig. 3 shows a signaling chart of a second part of a process of an example embodiment;
Fig. 4 a flow chart of a method of an example embodiment in a target base station for pre-computationally accelerated handovers in a target base station;
Fig. 5 shows a flow chart of a method of an example embodiment in a mobile terminal for pre-computationally accelerated handovers of an example embodiment;
Fig. 6 shows a flow chart of a method of an example embodiment in a controller for pre-computationally accelerated handovers of an example embodiment; and
Fig. 7 shows a block diagram of an apparatus of an example embodiment.
DETAILED DESCRIPTON OF THE DRAWINGS
An example embodiment of the present invention and its potential advantages are understood by referring to Figs. 1 through 7 of the drawings. In this document, like reference signs denote like parts or steps. In this document, derivative refers to information that is obtained or derived in result of some function such as a cryptographic one-way hash function, key derivation function, extended or, truncation, padding, character rotation or any other manner in which information is modified in a reproducible manner. In case of using comparing or combining data of different length or type and same length or type is needed, a required conversion of lengths or types is assumed to be performed.
Fig. 1 shows an architectural drawing of a system of an example embodiment. Fig. 1 shows three base stations BS 110 of different types, i.e. a 5G BS, a 4G BS and a WLAN BS. Regardless of the radio technology, each may operate as a base station for a mobile terminal 120 that comprises a mobile terminal 120 that may comprise, for example, a 5G user equipment. Hence, for the purposes of this description, they can all be referred to as base stations with same reference sign 110 even though their radio technologies differ. It is also notable that few base stations are drawn for illustration only.
Fig. 1 further shows a controller 130 in a core network 140 to which the base stations 110 are functionally connected. the controller 130 may be a  software defined network (SDN) controller. The controller 130 comprises in an example embodiment an authentication and handover module (AHM) 132. In the following, reference can be made simply to the controller without intention to define exactly which part of the controller is responsible. Some embodiments are described with reference to the authentication and handover module bearing in mind that similar steps could be performed by the controller in other example embodiments.
Fig. 1 shows by a hatched line a trajectory 150 along which the mobile terminal 100 is moving from the coverage area of one base station 110 to another and then to yet another.
It is also notable that different elements of the system 100 may be distributed or sometimes combined in one or more physical entities.
The communications between an access network and the core network 140 are assumed to be secure. However, communication channels that are used for establishing a handover between the mobile terminal 120 and the base station 110 are considered as open and vulnerable before authentication is performed with a new base station.
It is also possible that multiple controllers 130 may exist, e.g., in a heterogeneous network (e.g., HetNet) since each one access network may have a controller. However, in an example embodiment, two or more controllers joint operate, e.g., as a consultum. In such a case, such controllers trust each other and communicate through secure communication channels. System 100 thus shows only one controller 130.
Fig. 2 shows a signaling chart of a first part of a process of an example embodiment illustrating operations of some entities of the system 100. In the following, AHM and controller can be used interchangeably, as well as the UE and mobile terminal can be used interchangeable. Fig. 2 shows following signals and events:
200. the controller obtains public and private keys PK AHM, SK AHM
202. a source base station SBS obtains public and private keys PK SBS, SK SBS.
204. a target base station TBS obtains public and private keys PK TBS, SK TBS.
206. The controller announces its public key PK AHM to the base  stations for use in public key encryption and cryptographic signing of information.
208. form trust relationships between UE and AHM, between UE and SBS, between SBS and AHM and between TBS and AHM, using a normal authentication such as 5G authentication and key agreement mechanism (AKA) or extensible authentication protocol (EAP) AKA. In result, controller session key K AHM is shared by the UE and AHM as a non-access stratum secret, while a source base station key K SBS is shared by the UE and the SBS as an access stratum secret. A trusted relationship between the AHM and each base station is formed by the presence of the public key encryption system formed by the public and private keys of the base stations and the controller. It is noted that the 5G AKA and EAP AKA are two authentication and key agreement protocols proposed by 3GPP for NR network in Release 15. The protocols help UE and visited network, VN, or here the TBS, to mutually authenticate each other and consult keys for secure communication. Two phases can be identified: 1) authentication data distribution and 2) user AKA. The former step enables the home network of the UE (e.g., the AHM) to distribute authentication data (such as authentication credential and sequence number described in the following) to the SBS currently providing service to UE. The latter step may be used to establish new session keys between the UE and the TBS.
210. form initial authentication for the UE with a source base station SBS. In this phase, the AHM sets a pre-code identifier such as a SEQ counter and gets a persistent identity of the UE, such as an IMSI. A temporary identity of the UE, TID UE, is computed based on Equation (1) from the controller session key K AHM and the pre-code identifier SEQ reversibly from the persistent identity:
Figure PCTCN2020124942-appb-000001
wherein
Figure PCTCN2020124942-appb-000002
means a reversible conversion function such as XOR;
H refers to a one-directional hash function; and
K AHM refers to a shared secret of the UE and the AHM.
An authentication credential AC UE is computed by the controller for the UE as a combination (e.g., string concatenation) of the temporary identity TID UE, security capability of the UE, security policy of the radio access network in question, expiry time T exp set for the authentication token and by signing the combination by the private key SK AHM of the AHM so that the components of the authentication credential AC UE remain visible and can be verified for authentic source with normal  public key signature verification. Equation (2) shows an example embodiment of forming the authentication credential AC UE:
Figure PCTCN2020124942-appb-000003
wherein:
Figure PCTCN2020124942-appb-000004
denotes cryptographic signing by the private key SK AHM;
comma ( “, ” ) represents combining data as subsequently separable items, such as a string concatenation.
Notice that the access credential is independent of the next handover target base station, it is bound to pre-code identifier and so usable only with next handover. This helps in obtaining forward and backward security.
Fig. 2 shows following signals and events:
212 providing the access credential to the UE. In an alternative example embodiment, the UE itself computes the access credential.
214. predicting next target base station or base stations for the UE by the controller 130 (or cause by the controller 130 such predicting be done elsewhere) . The predicting may employ machine learning, for example.
In an example embodiment, a plurality of candidates are predicted as the next base station and treated in the following steps as the target base station. The manner of forming the authentication credential AC UE independent of the target base station but only depending on the pre-code identifier allows also forming different handover tickets for each of the different candidates so that mutual authentication is possible forward and backward secrecy, user identity anonymity and conditional privacy as will next be further described.
Fig. 2 shows following signals and events:
216. form by the controller, in advance, a handover ticket
Figure PCTCN2020124942-appb-000005
for the predicted next base station i.e. the target base station, TBS. Unlike the access credential, the handover ticket
Figure PCTCN2020124942-appb-000006
is tailored specifically for the UE and the TBS and not to be usable by any other entities. This allows forward and backward security. In preparation to forming the handover ticket
Figure PCTCN2020124942-appb-000007
temporary key (IK temp, CK temp) computed for the predicted handover from the specific source base station SBS to the specific target based station TBS using equation (3) :
(IK temp|CK temp) =H (K SBS, TID UE, ID TBS)         (3) ,
wherein:
IK temp refers to a temporary integrity key for use with next handover between the UE and the TBS;
CK temp refers to a temporary confidentiality key for use with next handover between the UE and the TBS;
pipe “|” refers a concatenation of any kind, e.g. so that a first half or other portion of characters forms IK temp and the remainder forms CK temp, or every other character forms a part of IK temp, or alternate pairs of characters form a part of IK temp, for example;
H refers to a one-directional hash function such as SHA 2, SHA 256, RIPEMD 160, Whirlpool.
In an alternative example embodiment, the temporary key is effectively used as a singular key, i.e. the entire hash result of equation (3) is used as integrity and confidentiality keys. Fig. 2 further shows following signals and events:
The handover ticket
Figure PCTCN2020124942-appb-000008
is formed using equation (4) ,
Figure PCTCN2020124942-appb-000009
wherein
Figure PCTCN2020124942-appb-000010
refers to encryption with PK TBS as an encryption key.
Fig. 2 further shows the following signals and events:
218. send information of the handover ticket
Figure PCTCN2020124942-appb-000011
from the controller to the TBS. The information of the handover ticket
Figure PCTCN2020124942-appb-000012
may comprise all the information of the ticket. Alternatively, the information of the handover ticket 
Figure PCTCN2020124942-appb-000013
may comprise sufficient information so that the TBS can derive the handover ticket. The deriving of the handover ticket may be based on a generic function. The deriving of the handover ticket may be based on a secret of the TBS that is known or derivable by the controller. The handover ticket may be stored on receiving the information of the handover ticket that represents an entire handover ticket. The handover ticket may be stored on deriving the handover ticket.
220. maintain by the TBS the handover ticket
Figure PCTCN2020124942-appb-000014
either as such (in encrypted form) or as decrypted so that the content of the handover ticket
Figure PCTCN2020124942-appb-000015
is readily available on handover; and
222. detect by the UE a need for handover to given new base station, that could be any of available base stations, but here happens to be the TBS.
224. generate by the UE a temporary key that in an example  embodiment comprises or consists of a confidentiality key CK temp and an integrity key IK temp, and form by the UE a first key hint N1 for an intended base station here denoted as the target base station TBS. Note: if the intended base station is not any candidate base station for which the controller has provided a handover ticket for this mobile terminal, then the intended base station will simply not find a matching handover ticket and normal authentication will be performed instead a pre-computed one. The temporary keys are formed by the UE based on its source base station session key. This a) indicates to the TBS that the UE has the trusted relationship with the controller and the UE has the persistent identity; b) the UE has the pre-code identifier without need for further signaling from the controller. (see equation (1) in the foregoing) . Fig. 2 further shows the following signals and events:
226. form by the UE a handover request message such as TID UE, ID TBS
Figure PCTCN2020124942-appb-000016
MAC 1. The handover request comprises in an example embodiment: as cleartext, the temporary identity TID UE, optionally an identity of the target base station, ID TBS, to which handover is requested, some content encrypted using at least a portion of the temporary keys (e.g., CK temp) , and optionally a first message authentication code computed with one-directional hash such as
MAC 1 = H (IK temp, TID UE, ID TBS, N 1, SEQ, AC UE)         (5)
Notice: the first message authentication code allows fast and computationally simple detection of integrity of the handover request message. In alternative embodiment in which the first message authentication code is not provided, the TBS can verify the handover request was formed using of the temporary keys to encrypt the access credential that has been signed by the AHM. The encrypted content comprises in an example embodiment the first key hint. The encrypted content comprises in an example embodiment the pre-code identifier for use as yet another authentication measure as the pre-code identifier of the handover request should match with that of the handover ticket formed for same temporary identity TID UE.
Fig. 3 shows a signaling chart of a second part of a process of an example embodiment illustrating operations of some entities of the system 100. Fig. 3 shows following signals and events:
328. UE sends the handover request to the TBS.
330. Check if a handover ticket is found corresponding to the temporary ID of the handover request. The checking may comprise finding a stored  handover ticket corresponding to the temporary ID or finding information of a handover ticket that represents the handover ticket. If the corresponding handover ticket is not found, normal handover authentication is performed. Otherwise the process continues as follows.
332. Verify using the handover ticket and a trust relationship with the controller whether the handover request indicates that the mobile terminal had a trust relationship with the controller and that the mobile terminal has information based on which the handover ticket was produced. This verifying comprises in an example embodiment checking whether the handover request comprises a valid pre-code identifier. If not, the handover request is discarded. This verifying may further comprise using a first message authentication code MAC 1, if the handover request comprises one, to confirm integrity of the handover request all the way from the UE to the TBS. This verifying comprises in an example embodiment checking that the handover request contained an authentication credential that has been signed by the AHM. This verifying comprises in an example embodiment checking that the handover request contained a portion encrypted using at least a part of the temporary key. This verifying comprises in an example embodiment checking that the access credential was contained in the portion encrypted using at least a part of the temporary key. If any of the verifications of this step fail, the handover request is discarded or normal handover authentication is attempted.
334. The TBS computes a target base station session key K TBS for the UE to use with the TBS based on at least: the temporary identity; the handover ticket; identity of the target base station; a first key hint contained by the handover request; a second key hint provided by the target base station; and the pre-code identifier. In an embodiment, the TBS session key K TBS is formed as follows:
Figure PCTCN2020124942-appb-000017
wherein KDF refers to a key derivation function known by the UE, the base stations and the AHM, and physical information refers to information available to the UE and the TBS thanks to their common wireless connection.
The TBS may use for computing the target base station session key K TBS for the UE physical further information. The further information may comprise the identity of the TBS. The further information may comprise link information of a wireless connection between the mobile terminal. The physical information may  comprise a channel code; signal strength; timing advance; bit error rate; signal to noise ratio; a physical layer packet header information; or any direct or derived measure based on the physical connection.
Fig. 3 further shows the following signals and events:
336. Form a handover response by the TBS. The handover response should enable the UE to also compute the TBS session key. In an example embodiment, the handover response also comprises information suited to authenticate the TBS. In an example embodiment, the handover response comprises the second key hint in a concealed form. The concealed form may be obtained using encryption or by combining the second key hint with secret information shared by the TBS and the UE. In an example embodiment, the handover response is simply formed using a reversible conversion function of the second key hint N 2 using the integrity key IK temp, e.g., as
Figure PCTCN2020124942-appb-000018
In an example embodiment, the handover response comprises the signature of the access credential, its portion, or its derivative. In an example embodiment, the handover response comprises the identity of the TBS or a derivative thereof, so that the UE can verify that the handover response originates from the same base station to which the UE sent its handover request. In an example embodiment, handover response is formed using a reversible conversion function of the second key hint N 2 using a combination of the integrity key IK temp and identity of the TBS, such as
Figure PCTCN2020124942-appb-000019
Figure PCTCN2020124942-appb-000020
338. Respond by TBS to the handover request by a handover response. Notice: in embodiments in which the handover response does not rely on the TBS session key, the handover response can be sent before the TBS session key has been computed by the TBS to further reduce delays. In an example embodiment, the handover response is formed to contain
Figure PCTCN2020124942-appb-000021
Figure PCTCN2020124942-appb-000022
although in some other embodiments, there is no pre-code identifier or its increment and/or MAC at all. In an example embodiment, the encrypted information comprises also the first key hint and/or the integrity key.
340. Verify the handover response and obtain a second key hint N 2. This verifying of the handover response may indicate whether the TBS shared trust with the AHM by ensuring the TBS has successfully decrypted information of the handover request. The verifying of the handover response may comprise checking  that the handover response indicates awareness of the first key hint. The indication of the awareness may correspond to the forming of the handover response in 332. The indication of the awareness may be checked by taking a derivative of some information of the handover response and verifying whether similar locally produced information including the first key hint matches with data contained by the handover response. The verifying of the handover response may comprise checking whether the handover response comprised the signature of the access credential or a portion or derivative of the signature.
342. compute the TBS session key as in the TBS;
344. (Optionally) acknowledge the successful handover (optionally) or directly:
346. perform the handover using the TBS session key indicative of a confirmation that the UE has succeeded to compute the TBS session key;
348. in the UE and the AHM, derive a new pre-code identifier (e.g., increment the sequence counter, or derive a new pre-code identifier from previous one and the previous temporary key and the shared secret of the UE and the AHM, e.g. as SEQ new = H (SEQ, K AHM) , or e.g. as a derivative of at least some of the temporary key; and/or the temporary identity, as then the pre-code identifier need not be separately signaled but can be computed by both the UE and the TBS.
350. The process returns to step 212 to forming or sending a new access credential and temporary ID to the UE, as described in the foregoing but now using the previous TBS as new SBS.
Fig. 4 shows a flow chart of a method of an example embodiment in a target base station for pre-computationally accelerated handovers in a target base station, comprising:
410. Forming a trusted relationship with a controller of handover authentications, which controller has trusted relationships with mobile terminals;
420. Receiving in advance from the controller information of one or more handover tickets for use to authenticate next handover of one or more mobile terminals;
430. Receiving a handover request from a mobile terminal with a temporary identity of the mobile terminal comprising an encrypted portion encrypted using at least a part of a temporary key of one handover ticket;
440. If a handover ticket is found with a matching temporary identity, verifying using the handover ticket and a trust relationship with the controller whether the handover request indicates: that the mobile terminal has a trust relationship with the controller and that the mobile terminal has information based on which the handover ticket was produced; and if the verifying was positive:
450. Computing a target base station session key based on at least: the temporary identity; the handover ticket; identity of the target base station; a first key hint contained by the handover request; and a second key hint provided by the target base station;
460. Responding to the handover request with a handover response comprising the second key hint and a derivative formed using at least the first key hint and the temporary key, so that the mobile terminal can verify authenticity of the target base station by checking the derivative; and
470. Obtaining from the mobile terminal a handover confirmation. In an example embodiment, the handover confirmation is based on the temporary key and the second key hint.
Fig. 5 shows a flow chart of a method of an example embodiment in mobile terminal for pre-computationally accelerated handovers of an example embodiment, comprising:
510. Obtaining an authentication credential from a controller that has a trusted relationship with: the source base station; the target base station; and the mobile terminal;
520. Obtaining a temporary identity using a reversible derivation function from at least a persistent identity of the mobile terminal; and a shared secret of the controller and the mobile terminal;
530. Obtaining a temporary key based on at least the temporary identity; identity of the target base station; and a session key or other shared secret of the mobile terminal and the source base station;
540. Obtaining a pre-code identifier that is synchronized with the controller and synchronized by the controller to the target base station;
550. Forming a handover request to the target base station with the temporary identity so that the handover request comprises an encryption portion encrypted using at least: a part of the temporary key; a first key hint; and the pre- code identifier. The handover request may comprise a derivative of some information of the handover request. The derivative may be the first message authentication code (5) .
560. Receiving from the target base station a handover response. The handover response may be configured to enable the mobile terminal to also compute the target base station session key. In an example embodiment, the handover response also comprises information suited to authenticate the target base station.
570. Verifying the handover response. In an example embodiment, the verifying of the handover response is based on trust relationships between the mobile terminal and the controller; and between the controller and the target base station. The verifying of the handover response may authenticate the target base station using information based on trust relationships between the mobile terminal and the controller; and between the controller and the target base station. The verifying of the handover response may comprise verifying that the target base station was aware of the first key hint.
580. Confirming to the target base station a successful handover authentication. The confirming may comprise sending to the target base station a handover acknowledgement. In an example embodiment, the handover acknowledgement comprises a second one-directional hash code based on second source information comprising the target base station session key, wherein the second information may differ from the first information and/or the one-directional hash function used in producing the second one-direction hash code may differ from that used in producing the first one-directional hash code.
In an example embodiment, the handover confirmation comprises that the mobile terminal uses the target base station session key for communicating with the target base station.
Fig. 6 shows a flow chart of a method of an example embodiment in a controller for pre-computationally accelerated handovers of an example embodiment, comprising:
610. Forming trusted relationships with a plurality of mobile terminals and base stations;
620. Forming shared secrets with the mobile terminals;
receiving from the base stations signaling indicating movement of a mobile terminal that is in communication with a base station referred to as a source base station;
630. Predicting a next handover of the mobile terminal to a target base station;
640. Computing for authentication of the predicted handover based on the trusted relationships and the shared secret of the controller and the mobile terminal: a temporary key, a temporary identity of the mobile terminal; a pre-code identifier; a handover ticket for the target base station; and an authentication credential for the mobile terminal. In an example embodiment, the temporary identity is computed using a reversible derivation function from at least: a persistent identity of the mobile terminal; and a shared secret of the controller and the mobile terminal. In an example embodiment, the handover ticket and the authentication credential each are associated with the pre-code identifier.
650. Providing the mobile terminal with the access credential and the temporary key; and
660. Providing the target base station with the handover ticket and the temporary key so that the mobile terminal and the target base station are provided with sufficient information to perform mutual handover authentication using a temporary session key that is not derivable by other mobile terminals and base stations.
Fig. 7 shows a block diagram of an apparatus 700 of an example embodiment, comprising a communication interface 710; a processor 720; a user interface 730; and a memory 740. The communication interface 710 comprises in an embodiment a wired and/or wireless communication circuitry, such as Ethernet; Wireless LAN; Bluetooth; GSM; CDMA; WCDMA; LTE; and/or 5G circuitry. The communication interface can be integrated in the apparatus 700 or provided as a part of an adapter, card or the like, that is attachable to the apparatus 700. The communication interface 710 may support one or more different communication technologies. The apparatus 700 may also or alternatively comprise more than one of the communication interfaces 710.
The processor 720 may be a central processing unit (CPU) , a microprocessor, a digital signal processor (DSP) , a graphics processing unit, an  application specific integrated circuit (ASIC) , a field programmable gate array, a microcontroller or a combination of such elements.
The user interface may comprise a circuitry for receiving input from a user of the apparatus 700, e.g., via a keyboard, graphical user interface shown on the display of the apparatus 700, speech recognition circuitry, or an accessory device, such as a headset, and for providing output to the user via, e.g., a graphical user interface or a loudspeaker.
The memory 740 comprises a work memory 742 and a persistent memory 744 configured to store computer program code 746 and data 748. The memory 740 may comprise any one or more of: a read-only memory (ROM) ; a programmable read-only memory (PROM) ; an erasable programmable read-only memory (EPROM) ; a random-access memory (RAM) ; a flash memory; a data disk; an optical storage; a magnetic storage; a smart card; a solid state drive (SSD) . The apparatus 700 may comprise a plurality of the memories 740. The memory 740 may be constructed as a part of the apparatus 700 or as an attachment to be inserted into a slot, port, or the like of the apparatus 700 by a user or by another person or by a robot. The memory 740 may serve the sole purpose of storing data, or be constructed as a part of an apparatus 700 serving other purposes, such as processing data.
A skilled person appreciates that in addition to the elements shown in Figure 7, the apparatus 700 may comprise other elements, such as microphones, displays, as well as additional circuitry such as input/output (I/O) circuitry, memory chips, application-specific integrated circuits (ASIC) , processing circuitry for specific purposes such as source coding/decoding circuitry, channel coding/decoding circuitry, ciphering/deciphering circuitry, and the like. Additionally, the apparatus 700 may comprise a disposable or rechargeable battery (not shown) for powering the apparatus 700 when external power if external power supply is not available. As used in this application, the term “circuitry” may refer to one or more or all of the following:
(a) hardware-only circuit implementations (such as implementations in only analog and/or digital circuitry) and;
(b) combinations of hardware circuits and software, such as (as applicable) :
(i) a combination of analog and/or digital hardware circuit (s) with software/firmware; and
(ii) any portions of hardware processor (s) with software (including digital signal processor (s) ) , software, and memory (ies) that work together to cause an apparatus, such as a mobile phone or server, to perform various functions) ; and
(c) hardware circuit (s) and or processor (s) , such as a microprocessor (s) or a portion of a microprocessor (s) , that requires software (e.g., firmware) for operation, but the software may not be present when it is not needed for operation.
This definition of circuitry applies to all uses of this term in this application, including in any claims. As a further example, as used in this application, the term circuitry also covers an implementation of merely a hardware circuit or processor (or multiple processors) or portion of a hardware circuit or processor and its (or their) accompanying software and/or firmware. The term circuitry also covers, for example and if applicable to the particular claim element, a baseband integrated circuit or processor integrated circuit for a mobile device or a similar integrated circuit in server, a cellular network device, or other computing or network device.
The apparatus 700 can be used as the mobile terminal, base station or controller. Some or all functionalities of the apparatus may be provided by cloud computing, virtualization, and/or distributed entities.
Without in any way limiting the scope, interpretation, or application of the claims appearing below, a technical effect of one or more of the example embodiments disclosed herein is that a handover authentication can be achieved with low communication and computation cost. Another technical effect of one or more of the example embodiments disclosed herein is that forward security and/or backward security may be achieved by using temporary keys that are not derivable by mobile terminals and base stations from keys of previous or next handover keys. Yet another technical effect of one or more of the example embodiments disclosed herein is that that a conditional privacy can be achieved for the mobile terminal by using the temporary identity as disclosed by some embodiments. Yet another technical effect of one or more of the example embodiments disclosed herein is that forward and backward privacy may be further enhanced using the physical information shared by the mobile terminal and base station without need to add any further signaling.
Embodiments of the present invention may be implemented in  software, hardware, application logic or a combination of software, hardware and application logic. In an example embodiment, the application logic, software or an instruction set is maintained on any one of various conventional computer-readable media. In the context of this document, a “computer-readable medium” may be any non-transitory media or means that can contain, store, communicate, propagate or transport the instructions for use by or in connection with an instruction execution system, apparatus, or device, such as a computer, with one example of a computer described and depicted in Fig. 7. A computer-readable medium may comprise a computer-readable storage medium that may be any media or means that can contain or store the instructions for use by or in connection with an instruction execution system, apparatus, or device, such as a computer.
If desired, the different functions discussed herein may be performed in a different order and/or concurrently with each other. Furthermore, if desired, one or more of the before-described functions may be optional or may be combined.
Although various aspects of the invention are set out in the independent claims, other aspects of the invention comprise other combinations of features from the described embodiments and/or the dependent claims with the features of the independent claims, and not solely the combinations explicitly set out in the claims.
It is also noted herein that while the foregoing describes example embodiments of the invention, these descriptions should not be viewed in a limiting sense. Rather, there are several variations and modifications which may be made without departing from the scope of the present invention as defined in the appended claims.

Claims (17)

  1. A method in a target base station for pre-computationally accelerated handovers, comprising:
    forming a trusted relationship with a controller of handover authentications, which controller has trusted relationships with mobile terminals;
    receiving in advance from the controller information of one or more handover tickets for use to authenticate next handover of one or more mobile terminals;
    receiving a handover request from a mobile terminal with a temporary identity of the mobile terminal comprising an encrypted portion encrypted using at least a part of a temporary key of one handover ticket;
    if a handover ticket is found with a matching temporary identity, verifying using the handover ticket and a trust relationship with the controller whether the handover request indicates: that the mobile terminal has a trust relationship with the controller and that the mobile terminal has information based on which the handover ticket was produced; and only if the verifying was positive:
    computing a target base station session key based on at least: the temporary identity; the handover ticket; identity of the target base station; a first key hint contained by the handover request; and a second key hint provided by the target base station;
    responding to the handover request with a handover response comprising the second key hint and a derivative formed using at least the first key hint and the temporary key, so that the mobile terminal can verify authenticity of the target base station by checking the derivative; and
    obtaining from the mobile terminal a handover confirmation.
  2. The method of claim 1, wherein the information of the handover ticket comprises all the information of the ticket.
  3. The method of claim 1, wherein the information of the handover ticket comprises sufficient information so that the target base station can derive the handover ticket.
  4. The method of any one of preceding claims, wherein the deriving of the handover ticket is based on a secret of the target base station that is known or  derivable by the controller.
  5. The method of any one of preceding claims, wherein the handover tickets may respective temporary identities of the mobile terminals and temporary keys specific to both the respective mobile terminals and the target base stations.
  6. The method of any one of preceding claims, wherein each handover ticket is associated with or comprises a pre-code identifier.
  7. The method of any one of preceding claims, wherein handover confirmation is based on the temporary key.
  8. The method of any one of preceding claims, wherein handover confirmation is based on the second key hint.
  9. The method of any one of preceding claims, further comprising verifying that the mobile terminal had a trust relationship with the controller based on checking that the part of the temporary key used for encrypting the encrypted portion was comprised in the temporary key of the handover ticket.
  10. The method of any one of preceding claims, further comprising verifying that the mobile terminal had information based on which the handover ticket was produced based on checking that the pre-code identifier was used in forming the handover request.
  11. The method of any one of preceding claims, wherein the computing of the target base station session key is further based on physical information of a wireless connection between the mobile terminal.
  12. The method of any one of preceding claims, wherein the computing of the target base station session key is further based on the pre-code identifier.
  13. A method in mobile terminal for pre-computationally accelerated handovers, comprising:
    obtaining an authentication credential from a controller that has a trusted relationship with: the source base station; the target base station; and the mobile  terminal;
    obtaining a temporary identity using a reversible derivation function from at least: a persistent identity of the mobile terminal; and a shared secret of the controller and the mobile terminal;
    obtaining a temporary key based on at least the temporary identity; identity of the target base station; and a session key or other shared secret of the mobile terminal and the source base station;
    obtaining a pre-code identifier that is synchronized with the controller and synchronized by the controller to the target base station;
    forming a handover request to the target base station with the temporary identity so that the handover request comprises an encryption portion encrypted using at least: a part of the temporary key; a first key hint; and the pre-code identifier;
    receiving from the target base station a handover response;
    verifying the handover response based on trust relationships between the mobile terminal and the controller; and between the controller and the target base station; and
    confirming to the target base station a successful handover authentication.
  14. A method in controller for pre-computationally accelerated handovers, comprising:
    forming trusted relationships with a plurality of mobile terminals and base stations;
    forming shared secrets with the mobile terminals;
    receiving from the base stations signaling indicating movement of a mobile terminal that is in communication with a base station referred to as a source base station;
    predicting a next handover of the mobile terminal to a target base station;
    computing for authentication of the predicted handover based on the trusted relationships and the shared secret of the controller and the mobile terminal: a temporary key, a temporary identity of the mobile terminal; a pre-code identifier; a handover ticket for the target base station; and an authentication credential for the mobile terminal;
    providing the mobile terminal with the access credential and the temporary key;  and
    providing the target base station with the handover ticket and the temporary key so that the mobile terminal and the target base station are provided with sufficient information to perform mutual handover authentication using a temporary session key that is not derivable by other mobile terminals and base stations.
  15. A computer program comprising computer executable program code configured to execute the method of any one of preceding claims.
  16. An apparatus comprising a memory and a processor that are configured to cause performing the method of any one of claims 1 to 14.
  17. A system comprising two or more of the apparatuses selected from a group consisting of: a mobile terminal configured to perform the method of claim 13; a base station configured to perform the method of any one of claims 1 to 12; and a controller configured to perform the method of claim 14.
PCT/CN2020/124942 2020-10-29 2020-10-29 Method and apparatus for software defined network handover WO2022087984A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/CN2020/124942 WO2022087984A1 (en) 2020-10-29 2020-10-29 Method and apparatus for software defined network handover

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2020/124942 WO2022087984A1 (en) 2020-10-29 2020-10-29 Method and apparatus for software defined network handover

Publications (1)

Publication Number Publication Date
WO2022087984A1 true WO2022087984A1 (en) 2022-05-05

Family

ID=81381758

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/124942 WO2022087984A1 (en) 2020-10-29 2020-10-29 Method and apparatus for software defined network handover

Country Status (1)

Country Link
WO (1) WO2022087984A1 (en)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180288670A1 (en) * 2015-09-23 2018-10-04 Convida Wireless, Llc Aggregated handover in integrated small cell and wifi networks

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180288670A1 (en) * 2015-09-23 2018-10-04 Convida Wireless, Llc Aggregated handover in integrated small cell and wifi networks

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
CATT: "Alignment of AS layer handling of EPS to 5GS handover with N2 handover", 3GPP DRAFT; S3-182826 ALIGNMENT OF AS LAYER HANDLING OF EPS TO 5GS HANDOVER WITH N2 HANDOVER, 3RD GENERATION PARTNERSHIP PROJECT (3GPP), MOBILE COMPETENCE CENTRE ; 650, ROUTE DES LUCIOLES ; F-06921 SOPHIA-ANTIPOLIS CEDEX ; FRANCE, vol. SA WG3, no. Harbin (China); 20180924 - 20180928, 21 September 2018 (2018-09-21), Mobile Competence Centre ; 650, route des Lucioles ; F-06921 Sophia-Antipolis Cedex ; France , XP051546298 *
ERICSSON: "Handling of key sets at Inter-RAT Handover", 3GPP DRAFT; R2-031724, 3RD GENERATION PARTNERSHIP PROJECT (3GPP), MOBILE COMPETENCE CENTRE ; 650, ROUTE DES LUCIOLES ; F-06921 SOPHIA-ANTIPOLIS CEDEX ; FRANCE, vol. RAN WG2, no. Budapest, Hungary; 20030820, 20 August 2003 (2003-08-20), Mobile Competence Centre ; 650, route des Lucioles ; F-06921 Sophia-Antipolis Cedex ; France , XP050124072 *
HUAWEI, HISILICON: "Changes on handover from EPS to 5GS over N26", 3GPP DRAFT; S3-192162_EDITORIAL_CHANGES, 3RD GENERATION PARTNERSHIP PROJECT (3GPP), MOBILE COMPETENCE CENTRE ; 650, ROUTE DES LUCIOLES ; F-06921 SOPHIA-ANTIPOLIS CEDEX ; FRANCE, vol. SA WG3, no. Sapporo (Japan); 20190524 - 20190528, 17 June 2019 (2019-06-17), Mobile Competence Centre ; 650, route des Lucioles ; F-06921 Sophia-Antipolis Cedex ; France , XP051753094 *
INTEL: "Security solution for UE to avoid connecting to the false base station during a handover procedure", 3GPP DRAFT; S3-191956, 3RD GENERATION PARTNERSHIP PROJECT (3GPP), MOBILE COMPETENCE CENTRE ; 650, ROUTE DES LUCIOLES ; F-06921 SOPHIA-ANTIPOLIS CEDEX ; FRANCE, vol. SA WG3, no. Sapporo(Japan); 20190624 - 20190628, 17 June 2019 (2019-06-17), Mobile Competence Centre ; 650, route des Lucioles ; F-06921 Sophia-Antipolis Cedex ; France , XP051752903 *

Similar Documents

Publication Publication Date Title
US8503376B2 (en) Techniques for secure channelization between UICC and a terminal
JP5576529B2 (en) Secure session key generation
AU2006210510C1 (en) Secure bootstrapping for wireless communications
US9392453B2 (en) Authentication
EP2756700B1 (en) Performing link setup and authentication
WO2017201809A1 (en) Communication method and system for terminal
Choudhury et al. Enhancing user identity privacy in LTE
KR100987899B1 (en) Method and apparatus for pseudo?secret key generation to generate a response to a challenge received from service provider
Saxena et al. Authentication protocol for an IoT-enabled LTE network
US20080046732A1 (en) Ad-hoc network key management
CN101233734A (en) Method for distributing security keys during hand-off in a wireless communication system
CN103002442A (en) Safe wireless local area network key distribution method
US20050086481A1 (en) Naming of 802.11 group keys to allow support of multiple broadcast and multicast domains
WO2020216047A1 (en) Authentication information processing method, terminal, and network device
Singh et al. Elliptic curve cryptography based mechanism for secure Wi-Fi connectivity
WO2022087984A1 (en) Method and apparatus for software defined network handover
Kumar et al. A secure, efficient and lightweight user authentication scheme for wireless LAN
Singh et al. A secure WLAN authentication scheme
Xenakis et al. Security architectures for B3G mobile networks
CN114760038A (en) Identity authentication method and device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20959147

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20959147

Country of ref document: EP

Kind code of ref document: A1