Patent application number | Description | Published |
20100235890 | Communication of Session-Specific Information to User Equipment from an Access Network - In conjunction with establishment of a session between an access network and user equipment of a communication system, session-specific information is transmitted from the access network to the user equipment. The session-specific information transmitted from the access network to the user equipment comprises information to be utilized in an authentication protocol carried out between the user equipment and an authentication server of the system. For example, the session-specific information transmitted from the access network to the user equipment may comprise an identifier of a gateway coupled between the access network and the authentication server. | 09-16-2010 |
20100303238 | Session Key Generation and Distribution with Multiple Security Associations per Protocol Instance - A single instance of a session key generation protocol is executed in a manner that generates a plurality of security associations between user equipment and a first network element of a communication system. In one aspect, a first one of the security associations is utilized to secure data sent between the user equipment and the first network element in an ongoing communication. In conjunction with a handoff of the ongoing communication from the first network element to a second network element of the communication system, another one of the security associations is selected, and the other selected security association is utilized to secure data sent between the user equipment and the second network element in the ongoing communication. The security associations may comprise respective sets of session keys derived from a single pairwise master key. | 12-02-2010 |
20110188469 | METHOD AND APPARATUS FOR COMMUNICATION BETWEEN WIRELESS TELECOMMUNICATIONS NETWORKS OF DIFFERENT TECHNOLOGY TYPES - For handover between wireless telecommunications networks of different technology types, an air interface is set up between a first node | 08-04-2011 |
20120238245 | PREVENTION OF EAVESDROPPING TYPE OF ATTACK IN HYBRID COMMUNICATION SYSTEM - Techniques are disclosed for use in securing communications in environments comprising hybrid communication systems. For example, a method comprises, in a hybrid communication system wherein at least one computing device is configured to selectively operate in a first communication mode or a second communication mode, preventing the at least one computing device from completing an attachment process in the first communication mode when it is determined that authentication data being used to authenticate the at least one computing device in the first communication mode was generated for an authentication process in the second communication mode. | 09-20-2012 |
20120288092 | DISCOVERY OF SECURITY ASSOCIATIONS FOR KEY MANAGEMENT RELYING ON PUBLIC KEYS - Techniques are disclosed for forming a discoverable security association in communication environments and for lawfully discovering security associations formed in communication environments. For example, a method for forming a discoverable security association between a first computing device and a second computing device comprises the following steps. The first computing device obtains from a key management entity: (i) a first private key assigned to the first computing device, which is computationally associative with a first public key associated with the first computing device; and (ii) a first root key assigned to the first computing device. The first computing device chooses a first random value and generating a first nonce, wherein the first nonce is a result of an encryption of the first random value using the first root key. The first computing device generates a first key component based on the first random value. The first computing device encrypts the first nonce and the first key component with a second public key associated with the second computing device using an identity-based encryption process and sends the encrypted first nonce and the encrypted first key component to the second computing device so as to establish a security association with the second computing device. The security association is discoverable by a third computing device unbeknownst to the first computing device and the second computing device. | 11-15-2012 |
20130072156 | PREVENTION OF MISMATCH OF AUTHENTICATION PARAMETER IN HYBRID COMMUNICATION SYSTEM - Techniques include, in response to a first communication network of a hybrid communication system being aware of a potential for a mismatch of reported authentication parameters associated with a second communication network of the hybrid communication system, wherein the first communication network is used to transport the reported authentication parameters to the second communication network, the first communication network preventing the mismatch of the reported authentication parameters. In one example, the first communication network is an LTE network and the second communication network is a CDMA2000 network. | 03-21-2013 |
20130104247 | Verification Of Content Possession By An Announcing Peer In A Peer-To-Peer Content Distribution System - A tracker node verifies content possession by a peer node in a peer-to-peer content distribution system. Upon receiving an announcement that a peer node claims to possess a content item, the tracker node in one embodiment obtains the content item, selects a random portion of the content item; formulates a challenge based on the random portion of the content item and determines an expected challenge response. The challenge may comprise, for example, a request for a hash of the random portion (or alternatively, a hash of the random portion and a random seed value). The tracker node issues the challenge to the announcing node and verifies the announcing node's possession of the content item if the challenge response from the announcing node matches the expected challenge response. | 04-25-2013 |
20130104249 | Verification Of Integrity Of Peer-Received Content In A Peer-To-Peer Content Distribution System - Structures and methods are disclosed for verifying integrity of peer-supplied content in a peer-to-peer content distribution system, for example, to verify that content supplied from a sending peer node to a receiving peer node corresponds to the content that was requested by the receiving node. | 04-25-2013 |
20130179679 | Methods And Apparatuses For Secure Information Sharing In Social Networks Using Randomly-Generated Keys - There can be problems with the security of social networking communications. For example, there may be occasions when a number of friends wish to communicate securely through a social network infrastructure, such that non-trusted 3 | 07-11-2013 |
20130179951 | Methods And Apparatuses For Maintaining Secure Communication Between A Group Of Users In A Social Network - Embodiments address various methods and apparatuses that attempt to minimize the time that the security communication between group members may be at risk due to a user joining or leaving. For example, embodiments include methods of minimizing the time for which a joining member receives a secure commonly shared key and other embodiments include methods of minimizing the time that a user leaving the group has access to data shared within the group through updating the secure commonly shared key. | 07-11-2013 |
20130182848 | SECURE GROUP MESSAGING - A method for securing at least one message transferred in a communication system from a first computing device to a second computing device in a peer-to-peer manner. At the first computing device, an identity based authenticated key exchange session is established with a third computing device operating as a peer authenticator. The identity based authenticated key exchange session has an identity based authenticated session key associated therewith. The first computing device obtains from the third computing device a random key component of the second computing device, wherein the random key component of the second computing device is encrypted by the third computing device using the identity based authenticated session key prior to sending the random key component of the second computing device to the first computing device. A peer-to-peer messaging key is computed at the first computing device using the random key component of the second computing device. | 07-18-2013 |
20130185372 | MANAGEMENT OF USER EQUIPMENT SECURITY STATUS FOR PUBLIC WARNING SYSTEM - Techniques are disclosed for making one or more computing devices in a communication network aware of a public warning system security policy of at least one entity. In one example, a method comprises the following steps. An indicator of a public warning system security policy of at least one entity is associated with a control plane message. The control plane message, with the indicator of the public warning system security policy of the at least one entity, is generated by a first computing device of a communication network. The first computing device transmits the control plane message, with the indicator of the public warning system security policy of the at least one entity, to a second computing device of the communication network. The second computing device is made aware of the public warning system security policy of the at least one entity. | 07-18-2013 |
20130185561 | MANAGEMENT OF PUBLIC KEYS FOR VERIFICATION OF PUBLIC WARNING MESSAGES - Techniques are disclosed for managing one or more public keys used for verification of one or more messages transferred over a communication network associated with a public warning system. In one example, a method comprises the following steps. A computing device of a communication network obtains key material for at least one source of a message generated for a public warning system. The computing device also obtains an identity of the source. A public key is computed by the computing device from the key material and the identity of the source. The public key is thus useable by the computing device to verify a message received from the source that is digitally signed using a corresponding private key of the source. In one example, the computing device comprises user equipment. | 07-18-2013 |
20130254277 | Methods And Networks For Device To Device Communication - At least one example embodiment discloses a method of controlling communications between first and second user equipments (UEs) by a base station in a network. The method includes obtaining an indication, the indication indicating if the first and second UEs are within a communication range of each other and controlling a direct communication link between the first and second UEs if the first and second UEs are within a communication range of each other. The controlling includes allocating at least a first portion of an uplink channel of the network to the direct communication link. | 09-26-2013 |
20130290696 | SECURE COMMUNICATIONS FOR COMPUTING DEVICES UTILIZING PROXIMITY SERVICES - Techniques are disclosed for establishing secure communications between computing devices utilizing proximity services in a communication system. For example, a method for providing secure communications in a communications system comprises the following steps. At least one key is sent from at least one network element of an access network to a first computing device and at least a second computing device. The first computing device and the second computing device utilize the access network to access the communication system and are authenticated by the access network prior to the key being sent. The key is useable by the first computing device and the second computing device to securely communicate with one another when in proximity of one another without communications between the first computing device and the second computing device going through the access network. | 10-31-2013 |
20130343538 | MANIPULATION AND RESTORATION OF AUTHENTICATION CHALLENGE PARAMETERS IN NETWORK AUTHENTICATION PROCEDURES - A challenge manipulation and restoration capability is provided for use during network authentication. A mobile device (MD) and a subscriber server (SS) each have provisioned therein a binding key (B-KEY) that is associated with a subscriber identity of a network authentication module (NAM) of the MD. The SS obtains an authentication vector (AV) in response to a request from a Radio Access Network (RAN) when the MD attempts to attach to the RAN. The AV includes an original authentication challenge parameter (ACP). The SS encrypts the original ACP based on its B-KEY, and updates the AV by replacing the original ACP with the encrypted ACP. The MD receives the encrypted ACP, and decrypts the encrypted ACP based on its B-KEY to recover the original ACP. The MD provides the original ACP to the NAM for use in computing an authentication response for validation by the RAN. | 12-26-2013 |
20140004796 | DISCOVERING PROXIMITY DEVICES IN BROADBAND NETWORKS | 01-02-2014 |
20140254794 | SESSION KEY GENERATION AND DISTRIBUTION WITH MULTIPLE SECURITY ASSOCIATIONS PER PROTOCOL INSTANCE - A single instance of a session key generation protocol is executed in a manner that generates a plurality of security associations between user equipment and a first network element of a communication system. In one aspect, a first one of the security associations is utilized to secure data sent between the user equipment and the first network element in an ongoing communication. In conjunction with a handoff of the ongoing communication from the first network element to a second network element of the communication system, another one of the security associations is selected, and the other selected security association is utilized to secure data sent between the user equipment and the second network element in the ongoing communication. The security associations may comprise respective sets of session keys derived from a single pairwise master key. | 09-11-2014 |
20140335815 | POLICY DECISIONS BASED ON SUBSCRIBER SPENDING LIMITS - A policy and charging rules function node of a network may receive from the network an indication of an element of user equipment connecting to the network, query a subscription profile repository to receive a subscriber profile associated with the user equipment, the subscriber profile including indicators used in the selection of subscriber policies associated with the subscriber, and create a spending limit session based on the subscriber profile without waiting to receive a request from the user equipment for data services. The node may receive the request for data services from the element of user equipment, identify the spending limit session specifically corresponding to the user equipment, and respond to the request according to spending limit rules of the spending limit session associated with the element of user equipment. The node may also respond to the request according to default spending limit rules without waiting for creation of the spending limit session. | 11-13-2014 |