Patent application number | Description | Published |
20090275309 | SECURITY CAPABILITY NEGOTIATION METHOD, SYSTEM, AND EQUIPMENT - A security capability negotiation method is applicable to perform security capability negotiation during a mobile network handover. The method includes the following processes: a second network receives a handover request sent by a first network; an access network entity of the second network selects a corresponding security capability, or an access network entity and a core network (CN) entity of the second network respectively select a corresponding security capability; the second network sends the selected security capability to a user equipment (UE) via the first network. Moreover, a security capability negotiation system is also provided. Consistent with the provided system and method, it may be unnecessary for the MME to know the security capability of the corresponding eNB in a certain manner during a handover from a 2G/3G network to an LTE network. Meanwhile, during the handover from the LTE network to the 3G network, the SGSN does not need to introduce new requirements. | 11-05-2009 |
20090298471 | METHOD, SYSTEM, AND APPARATUS FOR PREVENTING BIDDING DOWN ATTACKS DURING MOTION OF USER EQUIPMENT - A method for preventing bidding down attacks during motion of a User Equipment (UE) is provided. The method includes the UE sends a Tracking Area Update (TAU) Request message to a new MME, the TAU Request carries UE's security capabilities, the UE receives UE's security capabilities sent by the MME, and the UE checks whether the received UE's security capabilities are consistent with the stored UE's security capabilities. A system, an MME, and a UE for preventing bidding down attacks during motion of the UE are also provided. When the UE performs security capability negotiation with the MME, the UE can check whether the received security capabilities are consistent with the stored security capabilities, and determine whether a bidding down attack exists, and therefore may prevent bidding down attacks. | 12-03-2009 |
20100095123 | METHOD, SYSTEM AND DEVICE FOR NEGOTIATING SECURITY CAPABILITY WHEN TERMINAL MOVES - A method for negotiating a security capability when a terminal moves is provided. When a user equipment (UE) moves from a second/third generation (2G/3G) network to a long term evolution (LTE) network, the method includes the following steps. A mobility management entity (MME) acquires a non-access signaling (NAS) security algorithm supported by the UE, and an authentication vector-related key or a root key derived according to the authentication vector-related key, selects an NAS security algorithm, derives an NAS protection key according to the authentication vector-related key or the root key, and sends a message carrying the selected NAS security algorithm to the UE. The UE derives an NAS protection key according to an authentication vector-related key thereof. A system for negotiating a security capability when a terminal moves, a UE, and an MME are further provided. | 04-15-2010 |
20100159882 | Method, System and Apparatus for Negotiating Security Capabilities During Movement of UE - A method for negotiating security capabilities during movement of a User Equipment (UE) includes the following steps: a target network entity receives a Routing Area Update (RAU) Request from the UE; the entity obtains Authentication Vector (AV)-related keys deduced according to a root key, and sends the selected security algorithm to the UE; and the UE deduces the AV-related keys according to the root key of the UE. A system, SGSN, and MME for negotiating security capabilities during movement of a UE are also disclosed. The present invention is applicable to security capability negotiation between the UE and the network. | 06-24-2010 |
20110201308 | METHOD OF AUTHENTICATION IN IP MULTIMEDIA SUBSYSTEM - A method of authentication in an IP Multimedia Subsystem (IMS) is provided. After receiving a Register message from a User Equipment (UE), a Proxy-Call Session Control Function (P-CSCF) locates a Connection Location Function (CLF) according to information contained in the Register message and a pre-configured corresponding relationship between the information contained in the Register message and the CLF. The P-CSCF obtains a query result by querying the CLF about attachment information of the UE in an access network, and sends the Register message carrying the query result to an Interrogating-Call Session Control Function (I-CSCF). The I-CSCF forwards the Register message carrying the query result to a Service-Call Session Control Function (S-CSCF). The S-CSCF authenticates the UE according to an authentication mechanism obtained from a User Profile Service Function (UPSF) or a Home Subscriber Server (HSS), and sends an authentication result to the UE. | 08-18-2011 |
20110265146 | METHOD AND SYSTEM FOR AUTHENTICATION PROCESSING, 3GPP AAA SERVER AND USER EQUIPMENT - The present invention relates to a method and a system for authentication processing, a 3 | 10-27-2011 |
20130100876 | Method, Base Station, Mobility Management Entity, and System for Implementing Service Processing - A method, a base station, a mobility management entity, and a system can be used for implementing service processing. The method includes acquiring the type of a subscribed user. If the type of the subscriber user is a UE, an S1-AP response message is sent to a Relay node and an access stratum AS security mechanism and/or a network domain security mechanism are used with the Relay node. If the type of the subscriber user is a relay base station Relay, radio resource control RRC reconfiguration process is initiated with the Relay node and an AS security mechanism is used with the Relay node. | 04-25-2013 |
20140120879 | Method, System and Device for Negotiating Security Capability when Terminal Moves - A method, user equipment (UE) and system are provided for negotiating a security capability during idle state mobility of the UE from a non-long term evolution (non-LTE) network to a long term evolution (LTE) network. The UE sends UE security capabilities supported by the UE to the LTE network for a non-access stratum (NAS) security algorithm selection use. The UE then receives from the LTE network selected NAS security algorithm. The UE further generates a root key from an authentication vector-related key stored at the UE and then derives, from the generated root key, a NAS protection key for security communication with the LTE network. | 05-01-2014 |
20140126723 | METHOD, APPARATUS, AND SYSTEM FOR PROTECTING CLOUD DATA SECURITY - The present invention relates to a method, an apparatus, and a system for protecting cloud data security. A key management center encrypts original data M sent by a first terminal using a key K, and uploads encrypted data C | 05-08-2014 |
20140295800 | Method, System and Device for Negotiating Security Capability when Terminal Moves - An MME negotiates security in case of idle state mobility for a UE from a first network to a LTE network. The UE sends its security capabilities including non-access stratum (NAS) security capabilities supported by the UE to the LTE network. The MME selects a NAS security algorithm, in accordance with the NAS security capabilities of the UE, and sends the selected NAS security algorithm to the UE, sharing the NAS security algorithm between the UE and the LTE network when the UE moves from the first network to the LTE network. The MME also derives, in accordance with the selected NAS security algorithm, a NAS protection key from an authentication vector-related key so as to security communication between the UE and the LTE network. | 10-02-2014 |