Patent application number | Description | Published |
20080220759 | Automatic Device Capabilites Change Notification - The present invention relates to an improved approach to mobile device capability management. Heretofore, a capability management device is provided at a mobile communication network. Upon change of a mobile device capability, a related notification is sent to the capability management device which applies a policy decision whether to track the capability change at the network side or not. Should the decision be ‘yes’, the capability management device starts a device management session to collect further information on a mobile device capability change beyond the information made available with the mobile device capability change notification. After retrieval of the mobile device capability change information, the capability management device will update its mobile device capability state accordingly. Optionally, the capability management device may share the generated information with third party cooperating with the mobile device for, e.g., service delivery. | 09-11-2008 |
20080273704 | Method and Apparatus for Delivering Keying Information - A method of delivering an application key or keys to an application server for use in securing data exchanged between the application server and a user equipment, the user equipment accessing a communications network via an access domain. The method comprises running an Authentication and Key Agreement procedure between the user equipment and a home domain in order to make keying material available to the user equipment and to an access enforcement point. At least a part of said keying material is used to secure a communication tunnel between the user equipment and the access enforcement point, and one or more application keys are derived within the home domain using at least part of said keying material. Said application key(s) is(are) provided to said application server, and the same application key(s) derived at the user equipment, wherein said access enforcement point is unable to derive or have access to said application key(s). | 11-06-2008 |
20080301434 | METHOD AND APPARATUS FOR COMBINING INTERNET PROTOCOL AUTHENTICATION AND MOBILITY SIGNALING - Methods and apparatuses for combining internet protocol layer authentication and mobility signaling are disclosed. Various embodiments for providing authentication and mobility signaling when a mobile node moves from a 3GPP access network to a non 3GPP access network and vice versa are described. | 12-04-2008 |
20080307528 | Protection of Data Delivered Out-of-Order - A basic idea of the invention is to separate ordered delivery data and unordered delivery data in a security protocol running on top of a reliable transport protocol, and perform a first type of security processing for ordered delivery data and a second different type of security processing for unordered delivery data in the security protocol. Preferably, data messages using ordered delivery and data messages using unordered delivery within a secure data stream are separated into two message sequence spaces on the security protocol layer, and data security processing is then performed differently in these two spaces. The invention is particularly suitable for a reliable transport protocol such as SCTP (Stream Control Transmission Protocol). The security protocol running on top of the transport protocol is preferably based on the TLS (Transport Layer Security) or a TLS-like protocol with a security processing extension for unordered delivery. | 12-11-2008 |
20100263040 | Method and Arrangement for Security Activation Detection in a Telecommunication System - A method and apparatus is provided for detecting the start of a secure mode by a user terminal ( | 10-14-2010 |
20100267363 | Methods and Apparatuses Generating a Radio Base Station Key in a Cellular Radio System - In a method and a system for providing secure communication in a cellular radio system radio base station key is generated by determining a set of data bits known to both the UE and the radio base station, and creating the radio base station key in response to the determined set of data. | 10-21-2010 |
20100268937 | KEY MANAGEMENT FOR SECURE COMMUNICATION - A method and arrangement is disclosed for managing session keys for secure communication between a first and at least a second user device in a communications network. The method is characterized being independent of what type of credential each user device implements for security operations. A first user receives from a first key management server keying information and a voucher and generates a first session key. The voucher is forwarded to at least a responding user device that, with support from a second key management server communicating with the first key management server, resolves the voucher and determines a second session keys. First and second session keys are, thereafter, used for secure communication. In one embodiment the communication traverses an intermediary whereby first and second session keys protect communication with respective leg to intermediary. | 10-21-2010 |
20100281262 | Method for Digital Rights Management in a Mobile Communications Network - The present invention relates to a method and an operator network node for enabling a user-defined DRM domain of *SIMs hosted by *SIM-enabled devices. The operator network node is connectable to a *SIM based device and to a content provider node, and comprises means for establishing a secure channel between a *SIM-based device and an operator network node, means for creating a DRM domain defined by at least one user of *SIM-based devices, means for receiving at the operator network node a registration request from the *SIM-based device to register the *SIM of the *SIM-based device into the created user-defined DRM domain, means for registering at the operator network node the *SIM of the *SIM-based device into the registered user-defined DRM domain, and means for making the registered information associated with the user-defined DRM domain available to the content provider. The invention also relates to a further method and the content provider comprising means for accessing in the operator network node registered information associated with a registered user-defined DRM domain comprising *SIMs of a user, and means for establishing a content provider defined DRM domain comprising at least one of the *SIMs of the user-defined DRM domain. | 11-04-2010 |
20100284368 | Wireless LAN Mobility - A method of performing hand-off of a Mobile Node from a previous Access Point to a new Access Point within a WLAN domain, where the previous and new Access Points are connected respectively to previous and new Access Routers. The method comprises, following a MAC authentication exchange between the Mobile Node and the new Access Point, sending a MAC Reassociation Request from the Mobile Node to the New Access Point, forwarding said Reassociation Request to said new Access Router, and sending the Reassociation Request from said new Access Router to said previous Access Router within an IP hand-off request, and authenticating the Reassociation Request at the previous Access Router and initiating the tunnelling of IP packets received at the previous Access Router and destined for said Mobile Node, towards said new Access Router. | 11-11-2010 |
20100293595 | Security Policy Distribution to Communication Terminals - A method and arrangement for distributing a security policy to a communication terminal having an association with a home communication network, but being present in a visited communication network. The home communication network ( | 11-18-2010 |
20100316223 | Method and Arrangement in a Telecommunication System - A security key, K_eNB, for protecting RRC/UP traffic between a User Equipment, UE, and a serving eNodeB is established by a method and an arrangement in a Mobility Management Entity, MME, and in said UE, of an Evolved Packet System, EPS. The MME and the UE derives the security key, K_eNB, from at least an NAS uplink sequence number, NAS_U_SEQ, sent from the UE to the MME, and from an Access Security Management Entity-key, K_ASME, shared between the MME and the UE. | 12-16-2010 |
20100325412 | APPARATUS FOR RECONFIGURATION OF A TECHNICAL SYSTEM BASED ON SECURITY ANALYSIS AND A CORRESPONDING TECHNICAL DECISION SUPPORT SYSTEM AND COMPUTER PROGRAM PRODUCT - The invention relates to an apparatus for analyzing and reconfiguring a technical system ( | 12-23-2010 |
20110010768 | Method and Apparatuses for End-to-Edge Media Protection in ANIMS System - An IMS system includes an IMS initiator user entity. The system includes an IMS responder user entity that is called by the initiator user entity. The system includes a calling side S-CSCF in communication with the caller entity which receives an INVITE having a first protection offer and parameters for key establishment from the caller entity, removes the first protection offer from the INVITE and forwards the INVITE without the first protection offer. The system includes a receiving end S-CSCF in communication with the responder user entity and the calling side S-CSCF which receives the INVITE without the first protection offer and checks that the responder user entity supports the protection, inserts a second protection offer into the INVITE and forwards the INVITE to the responder user entity, wherein the responder user entity accepts the INVITE including the second protection offer and answers with an acknowledgment having a first protection accept. A method for supporting a call by a telecommunications node. | 01-13-2011 |
20110035787 | Access Through Non-3GPP Access Networks - When setting up communication from a user equipment UE ( | 02-10-2011 |
20110047209 | METHOD AND NETWORK FOR DELIVERING STREAMING DATA - In a procedure for delivering streaming media, a Client first requests the media from an Order Server. The Order Server authenticates the Client and sends a ticket to the Client. Then, the Client sends the ticket to a Streaming Server. The Streaming Server checks the ticket for validity and if found valid encrypts the streaming data using a standardized real-time protocol such as the SRTP and transmits the encrypted data to the Client. The Client receives the data and decrypts them. Copyrighted material adapted to streaming can be securely delivered to the Client. The robust protocol used is very well suited for in particular wireless clients and similar devices having a low capacity such as cellular telephones and PDAs. | 02-24-2011 |
20110055566 | Verifying a Message in a Communication Network - A method and apparatus for verifying a request for service in a communication network. An authentication node generates a secret and transmits the secret to a node providing a service. The authentication node then receives a request for authentication from a requesting node, and once the requesting node is authenticated, the authorisation node sends an identifier for the requesting node and a first token, which is derived using the secret and the identifier. A service providing node subsequently receives a request for service from the requesting node, the request including the identifier for the requesting node and the first token. The service providing node derives a second token using the identifier and the secret. If the first token and the second token match, then the service providing node allows the request, and if the first token and the second token do not match, then the request is refused. | 03-03-2011 |
20110059736 | IDENTIFICATION OF A MANIPULATED OR DEFECT BASE STATION DURING HANDOVER - A method of and arrangement for detecting a manipulated or defect base station of a communication network is disclosed, wherein a target base station, having selected one or more algorithms on the basis of a prioritized algorithm list (PAL) and a UE security capabilities (SCAP), reports UE SCAP related information to a core network node. The core network node having knowledge of the UE SCAP compares this information or parts of this information with the retrieved UE SCAP related information in order to be able to identify a manipulated or defect base station when a comparison fails to match. | 03-10-2011 |
20110091036 | Cryptographic Key Generation - A technique for generating a cryptographic key ( | 04-21-2011 |
20110093609 | Sending Secure Media Streams - A method and apparatus for sending a first secured media stream having a payload via an intermediate node. The intermediate node receives from a sender the first secured media stream. An end-to-end context identifier and a hop-by-hop context identifier are determined for the first secured media stream, where the hop-by-hop context identifier relates to the intermediate node and the end-to-end identifier relates to the sender. A second secured media stream is generated, which includes at least the payload of the first secured media stream and the context identifiers to identify the first secured media stream. The second secured media stream is sent to a receiving node, and the context identifiers are also sent to the receiving node. The context identifiers are usable by the receiving node to recover the first secured media stream. | 04-21-2011 |
20110093698 | SENDING MEDIA DATA VIA AN INTERMEDIATE NODE - A method and apparatus for sending protected media data from a data source node to a client node via an intermediate node. The data source node establishes a first hop-by-hop key to be shared with the intermediate node and an end-to-end key to be shared with the client node. A single security protocol instance is configured and used to trans-protocol form data from a media stream into transformed data using the keys. The transformed data is then sent to the intermediate node. The intermediate node uses the first hop-by-hop key to apply a security processing to the transformed data, and establishes a second hop-by-hop key with the client node. A second transformation is performed on the transformed data using the second hop-by-hop key to produce further transformed media data, which is then sent to the client node. At the client node a single security protocol instance is configured with the second hop-by-hop key and the end-to-end key, which are used to apply further security processing to the transformed media data. | 04-21-2011 |
20110107082 | Storing and Forwarding Media Data - A method apparatus for storing and forwarding media data in a communication network. An intermediate node disposed between a media data source node and a client node receives encrypted media data packets from the media data source node. The intermediate node stores the received media data packets in a memory for later sending to the client node, and adjusts fields in the original header of each stored media data packet to create modified media data packets having a modified header, and sends adjustment information to the client node. The adjustment information allows the client node to recreate the original headers from the modified headesr, before decrypting the encrypted media packets with keying materials already sent between the media data source node and the client node. The modified media data packets are then sent to the client node for decryption. This allows the intermediate node to “store and forward” SRTP data without being able to access the encrypted data content. | 05-05-2011 |
20110206206 | Key Management in a Communication Network - A method and apparatus for key management in a communication network. A Key Management Terminal KMS Terminal Server (KMS) receives from a first device a request for a token associated with a user identity, the user identity being associated with a second device. The KMS then sends the requested token and a user key associated with the user to the first device. The KMS subsequently receives the token from the second device. A second device key is generated using the user key and a modifying parameter associated with the second device. The modifying parameter is available to the first device for generating the second device key. The second device key is then sent from the KMS to the second device. The second device key can be used by the second device to authenticate itself to the first device, or for the first device to secure communications to the second device. | 08-25-2011 |
20110255695 | KEY MANAGEMENT METHOD - The present invention relates to a key management method to establish selective secret information in multiple disjoint groups, more specifically to a method of reducing the broadcast size in access hierarchies and localize and facilitate management in said access hierarchies. The key management method selects a number of subgroups. Each subgroup supports an instance of a key distribution method for receiving distributed key material, and is capable of computing a usage security key based on the distributed key material and predefined user group key material. | 10-20-2011 |
20110256850 | METHOD AND ARRANGEMENT FOR CREATION OF ASSOCIATION BETWEEN USER EQUIPMENT AND AN ACCESS POINT - Methods, apparatus, and computer program products for creating an association between a first user equipment and at least one access point assisted by a registration server in a telecommunication network are disclosed. The registration server responds to a first contact request carried out using a first association number for the access point, provided by the first user equipment, receives a first association request for the association with the access point, provided by the first user equipment, authorizes the first association request based on a first authorization information provided by the first user equipment; registers the association between the first user equipment and the access point responsive to authorization of the first association request. The first user equipment is associated with the access point and the association is administered by the registration server. | 10-20-2011 |
20110264913 | METHOD AND APPARATUS FOR INTERWORKING WITH SINGLE SIGN-ON AUTHENTICATION ARCHITECTURE - A method is provided for use in interworking a single sign-on authentication architecture and a further authentication architecture in a split terminal scenario. The split terminal scenario is one in which authentication under the single sign-on authentication architecture is required of a browsing agent ( | 10-27-2011 |
20110269426 | Methods and Arrangements for Communication Channel Re-Establishment - The present invention relates to Radio Resource Control, RRC Connection re-establishments of unauthenticated calls or sessions between MEs, and one or more eNodeBs. By making use of the Cell Identity of the cell in which a ME having radio connection malfunction resides, in the calculation of a Message Authentication Code for data Integrity, MAC-I a ME unique MAC-I can be calculated which is used for the identification and verification of MEs by a target base station such as a eNodeB, in RRC Connection re-establishment of unauthenticated calls. | 11-03-2011 |
20110302627 | USER AUTHENTICATON - A method of authenticating access to a service comprises: a) receiving at a mobile terminal, over a bi-directional near-field communication channel between the mobile terminal and a browser, at least part of the identifier of a service; b) comparing, at the mobile terminal, at least part of the identifier received at the mobile terminal with a set of identifiers stored in the mobile device; and c) authenticating access to the service on the basis of whether at least part of the identifier received at the mobile terminal matches an identifier in the set. The mobile terminal may stored a set of URLs, and may compare a received URL (or part URL) with the set of stored URLs. It may generate an alert to the user if at least part of the URL received at the mobile terminal does not match a stored URL. User names and keys are not required to be stored on the web-browser, so the web-browser does not need to maintain a password database. This improves security, since a password database would be vulnerable to malicious code. | 12-08-2011 |
20110305339 | Key Establishment for Relay Node in a Wireless Communication System - Techniques for providing additional security for the wireless interface between a relay node and a donor base station are based on a security association established between the relay node and the donor base station. In an example method implemented in a relay node, communications with a donor base station are established and a first cryptographic key is generated according to a radio access protocol. A security association between the relay node and the donor base station is then established, using a credential stored at the relay node, and a second cryptographic key is derived from the first cryptographic key, using the stored credential, or one or more parameters relating to the security association, or information exchanged within the security association. The second key is used to protect user plane data relayed from one or more mobile terminals to the donor base station. | 12-15-2011 |
20120166802 | METHOD AND APPARATUS FOR ESTABLISHING A SECURITY ASSOCIATION - A method for establishing a security association between a client and a service node for the purpose of pushing information from the service node to the client, where the client and a key server share a base secret. The method comprises sending a request for generation and provision of a service key from the service node to a key server, the request identifying the client and the service node, generating a service key at the key server using the identities of the client and the service node, the base secret, and additional information, and sending the service key to the service node together with said additional information, forwarding said additional information from the service node to the client, and at the client, generating said service key using the received additional information and the base key. A similar approach may be used to provide p2p key management. | 06-28-2012 |
20120198527 | IP Multimedia Security - A method of establishing keys for at least partially securing media plane data exchanged between first and second end users via respective first and second media plane network nodes. The method comprises sending session set-up signalling from said first end point towards said second end point, said session set-up signalling including a session key generated by said first end point. The set-up signalling is intercepted at a first signalling plane network node and a determination made as to whether or not a signalling plane key has already been established for securing the signalling plane between said first end point and said first signalling plane network node. If a signalling plane key has already been established, then a media plane key is derived from that signalling plane key, and the media plane key sent to said first media plane network node for securing the media plane between said first end user and said first media plane network node. If a signalling plane key has not already been established, then an alternative media plane key is derived from said session key and sent to said first media plane network node for securing the media plane between said first end user and said first media plane network node. | 08-02-2012 |
20120254997 | METHODS AND APPARATUSES FOR AVOIDING DAMAGE IN NETWORK ATTACKS - Methods and apparatuses in a client terminal ( | 10-04-2012 |
20130003967 | Enhanced Key Management For SRNS Relocation - A method comprises maintaining, in a first node serving a mobile terminal over a connection protected by at least one first key, said first key and information about the key management capabilities of the mobile terminal. Upon relocation of the mobile terminal to a second node the method includes: if, and only if, said key management capabilities indicate an enhanced key management capability supported by the mobile terminal, modifying, by said first node, the first key, thereby creating a second key, sending, from the first node to the second node, the second key, and transmitting to the second node the information about the key management capabilities of the mobile terminal. | 01-03-2013 |
20130124757 | Methods and Apparatus for Secure Routing of Data Packets - Methods and arrangements for supporting a forwarding process in routers when routing data packets through a packet-switched network, by employing hierarchical parameters in which the hops of a predetermined transmission path between a sender and a receiver are encoded. A name server generates and distributes router-associated keys to routers in the network which keys are used for computing the hierarchical parameters. | 05-16-2013 |
20130156182 | Cryptographic Key Generation - A technique for generating a cryptographic key is provided. The technique is particularly useful for protecting the communication between two entities cooperatively running a distributed security operation. The technique comprises providing at least two parameters, the first parameter comprising or deriving from some cryptographic keys which have been computed by the first entity by running the security operation; and the second parameter comprising or deriving from a token, where the token comprises an exclusive OR of a sequence number (SQN) and an Anonymity Key (AK). A key derivation function is applied to the provided parameters to generate the desired cryptographic key. | 06-20-2013 |
20130195268 | Call Handover Between Cellular Communication System Nodes That Support Different Security Contexts - In the context of facilitating a circuit switched to packet switched handover of a call in a cellular communication system, a first node (e.g., packet switched target node) generates a security context for a client whose call is being handed over. This involves the first node receiving at least one cryptographic key from a second node (e.g., a circuit switched node supporting the existing connection) and receiving identities of security algorithms supported by the client from a third node (e.g., a packet switched node supporting the existing connection); The first node uses the at least one cryptographic key and the identities to generate the security context for the client. | 08-01-2013 |
20130268681 | Method and Apparatuses for End-to-Edge Media Protection in ANIMS System - An IMS system includes an IMS initiator user entity. The system includes an IMS responder user entity that is called by the initiator user entity. The system includes a calling side S-CSCF in communication with the caller entity which receives an INVITE having a first protection offer and parameters for key establishment from the caller entity, removes the first protection offer from the INVITE and forwards the INVITE without the first protection offer. The system includes a receiving end S-CSCF in communication with the responder user entity and the calling side S-CSCF which receives the INVITE without the first protection offer and checks that the responder user entity supports the protection, inserts a second protection offer into the INVITE and forwards the INVITE to the responder user entity, wherein the responder user entity accepts the INVITE including the second protection offer and answers with an acknowledgment having a first protection accept. A method for supporting a call by a telecommunications node. | 10-10-2013 |
20130291071 | Method and Apparatus for Authenticating a Communication Device - According to an aspect of the present invention there is provided a method of operating a communication device, the communication device being part of a group comprising two or more communication devices that share a subscription to a communication network. The method comprises receiving a group authentication challenge from the network, at least part of the group authentication challenge having been generated using group authentication information that is associated with the shared subscription. The device then generates a device specific response to the group authentication challenge using the group authentication information and device specific authentication information and sends the device specific response to the network. The device is for example a member of a machine-type communication device group. | 10-31-2013 |
20130294603 | CENTRALIZED KEY MANAGEMENT IN EMBMS - A split architecture eMBMS with distributed BMSCs providing the same eMBMS service allows for a centralized key service where each BMSC is able to derive a set of MTKs from the MSK using the MTK-IDs as the differentiating input. This avoids the need to send MTKs to the BMSCs. | 11-07-2013 |
20140038566 | Identification of a Manipulated or Defect Base Station During Handover - A method of and arrangement for detecting a manipulated or defect base station of a communication network is disclosed, wherein a target base station, having selected one or more algorithms on the basis of a prioritized algorithm list (PAL) and a UE security capabilities (SCAP), reports UE SCAP related information to a core network node. The core network node having knowledge of the UE SCAP compares this information or parts of this information with the retrieved UE SCAP related information in order to be able to identify a manipulated or defect base station when a comparison fails to match. | 02-06-2014 |
20140053241 | Authenticating a Device in a Network - There is disclosed a system for authentication of a device in a network by establishing a second security context between the device and a serving network node when a first security context has previously been established, assisted by an authentication server, based on a random value and a secret shared between an identity module associated with the device and the authentication server. First re-use information from the establishment of the first security context is stored at the authentication server and at the device, the first re-use information enabling secure generation of the second security context from the random value and the secret. Second re-use information may be generated or stored at the device. A context regeneration request is generated at the device, the context regeneration request authenticated at least partly based on the secret. The context regeneration request is sent to the serving network node. The context regeneration request is sent from the serving network node to the authentication server. The context regeneration request is verified at the authentication server. The second security context is generated at the authentication server based on at least the secret, the random value, and the first and second re-use information. The second security context is communicated from the authentication server to the serving network node. | 02-20-2014 |
20140096193 | ACCESS THROUGH NON-3GPP ACCESS NETWORKS - When setting up communication from a user equipment UE ( | 04-03-2014 |
20140126562 | BASE-STATION-TO-BASE-STATION GATEWAY AND RELATED DEVICES, METHODS, AND SYSTEMS - The present disclosure relates to a base-station-to-base-station (BS-BS) gateway in a Long Term Evolution (LTE) cellular communication network and methods of operation thereof. In one embodiment, the BS-BS gateway receives information from a first base station which includes a hostname and a network address of the first base station. The BS-BS gateway then stores a mapping between the hostname and the network address. Thereafter, in one embodiment, the BS-BS gateway enables a second base station to address messages to the first base station using the hostname of the first base station. In this manner, changes in the network address of the first base station will not affect the ability of the second base station to address messages to the first base station. In some embodiments, the first base station is a low-power base station (LP-BS) and the second base station is a high-power base station (HP-BS). | 05-08-2014 |
20140128086 | METHODS FOR BASE-STATION-TO-BASE-STATION CONNECTION MANAGEMENT - The present disclosure relates to a base station in a cellular communication network and methods of operation thereof. In one embodiment, a base station determines that the base station is transitioning to an unavailable state. The base station then notifies one or more radio network nodes with which the base station conducts base-station-to-node communication that the base station is unavailable. Thereafter, in one embodiment, the one or more radio network nodes cease communication attempts with the base station. In this manner, the radio network nodes can avoid spending additional resources on attempts to re-establish communication connections to base stations that tend to be offline more often (e.g., low-power base stations (LP-BSs)). | 05-08-2014 |
20140150064 | Authentication of Warning Messages in a Network - There is described herein a device ( | 05-29-2014 |
20140304768 | SECURITY AND PRIVACY ENHANCEMENTS FOR SECURITY DEVICES - A tamper-resistant security device, such as a subscriber identity module or equivalent, has an AKA (Authentication and Key Agreement) module for performing an AKA process with a security key stored in the device, as well as means for external communication. The tamper-resistant security device includes an application that cooperates with the AKA module and an internal interface for communications between the AKA module and the application. The application cooperating with the AKA module is preferably a security and/or privacy enhancing application. For increased security, the security device may also detect whether it is operated in its normal secure environment or a foreign less secure environment and set access rights to resident files or commands that could expose the AKA process or corresponding parameters accordingly. | 10-09-2014 |
20140351595 | Key Management in a Communication Network - A method and apparatus for key management in a communication network. A Key Management Server (KMS) receives from a first device a request for a token associated with a user identity, the user identity being associated with a second device. The KMS then sends the requested token and a user key associated with the user to the first device. The KMS subsequently receives the token from the second device. A second device key is generated using the user key and a modifying parameter associated with the second device. The modifying parameter is available to the first device for generating the second device key. The second device key is then sent from the KMS to the second device. The second device key can be used by the second device to authenticate itself to the first device, or for the first device to secure communications to the second device. | 11-27-2014 |
20140369315 | OPERATION OF A SERVING NODE IN A NETWORK - The invention provides a system and method for repairing corrupt security information. At a serving node in a telecommunications network, security capabilities of a terminal are received when the terminal registers with the serving node. The received security capabilities are stored. A path switch request message is received from a target base station following an X2 handover request sent from a source base station to the target base station for handover of the terminal, the path switch request including the security capabilities of the terminal. The serving node determines whether the security capabilities of the terminal stored in the storage medium should be sent to the target base station. If so, the serving node sends the stored security capabilities of the terminal to the target base station for use in reselecting security algorithms to be used in communications between the target base station and terminal following the handover. | 12-18-2014 |
20150023499 | Cryptographic Key Generation - A technique for generating a cryptographic key is provided. The technique is particularly useful for protecting the communication between two entities cooperatively running a distributed security operation. The technique comprises providing at least two parameters, the first parameter comprising or deriving from some cryptographic keys which have been computed by the first entity by running the security operation; and the second parameter comprising or deriving from a token, where the token comprises an exclusive OR of a sequence number (SQN) and an Anonymity Key (AK). A key derivation function is applied to the provided parameters to generate the desired cryptographic key. | 01-22-2015 |
20150038144 | METHOD AND APPARATUS IN A NETWORK NODE FOR ESTABLISHING NEIGHBOR CELL RELATIONS IN A WIRELESS NETWORK - Disclosed is a method in a network node ( | 02-05-2015 |
20150058980 | Methods and Apparatuses for Avoiding Damage in Network Attacks - Methods and apparatuses in a client terminal and a web server for enabling safe communication between said terminal and server. When the terminal obtains a web page from the server in a session, the terminal creates a context-specific key, Ks_NAF′, based on one or more context parameters, P1, . . . Pn, pertaining to said session and/or web page. The terminal then indicates the context-specific key in a login request to the server, and the server determines a context-specific key, Ks_NAF′, in the same manner to verify the client if the context-specific key determined in the web server matches the context-specific key received from the client terminal. The context-specific key is thus bound to and valid for the present context or session only and cannot be used in other contexts or sessions. | 02-26-2015 |
20150065083 | TECHNOLOGY FOR OPERATING NETWORK NODES OF A COMMUNICATION NETWORK - A method includes: a) assigning, at a MME, after initiation of a user session of an UE, a correlation ID to the user session; b) defining, at the MME, in response to an initiation of a first trace session of the UE during the user session, a first mapping correlation which maps a first trace ID reflecting the first trace session, to the correlation ID, and sending the first mapping correlation to a TCE; and c) defining, at the MME, in response to an initiation of a second trace session of the UE during the user session, a second mapping correlation which maps a second trace ID reflecting the second trace session, to the correlation ID, and sending the second mapping correlation to the TCE. The first and second mapping correlation enable the TCE to assign trace session information to the user session. | 03-05-2015 |
20150065092 | Methods and Apparatuses Generating a Radio Base Station Key in a Cellular Radio System - A Terminal Identity Token is created for identifying a User Equipment (UE) connected to a radio base station in a radio system. The UE communicates with the radio base station via a secure communication associated with an existing cryptographic key. The Terminal Identity Token is created based on a physical cell identity of a target cell known to both the UE and the radio base station, the terminal identity, and the existing key. By using the Terminal Identity Token, a secure communication can be established and enhanced without having to provide for additional security network components or additional signaling. | 03-05-2015 |
20150074396 | Lawful Interception of Encrypted Communications - A method and apparatus for providing access to an encrypted communication between a sending node and a receiving node to a Law Enforcement Agency (LEA). A Key Management Server (KMS) function stores cryptographic information used to encrypt the communication at a database. The cryptographic information is associated with an identifier used to identify the encrypted communication between the sending node and the receiving node. The KMS receives a request for Lawful Interception, the request including an identity of a Lawful Interception target. The KMS uses the target identity to determine the identifier, and retrieves the cryptographic information associated with the identifier from the database. The cryptographic information can be used to decrypt the encrypted communication. The KMS then sends either information derived from the cryptographic information or a decrypted communication towards the LEA. This allows the LEA to obtain a decrypted version of the communication. | 03-12-2015 |
20150079941 | Secure Paging - There is described a device for communicating with a network. The device receives a series of paging messages from a serving node in the network, where each paging message includes identification and authentication information sufficient to identify at least one device and authenticate the message, at least some of the information having been protected according to a sequence such that it varies between successive paging messages. The device verifies the protected part of the information using a cryptographic function and knowledge of the sequence and identifies whether the information indicates that message is an authentic message intended for that device. The device may act in response to the received paging message. | 03-19-2015 |