公开(公告)号：US20180091485A1

公开(公告)日：2018-03-29

申请号：US15710991

申请日：2017-09-21

Applicant: QUALCOMM Incorporated

Inventor： Soo Bum LEE ,  Keiichi KUBOTA ,  Adrian Edward ESCOTT ,  Gavin Bernard HORN ,  Anand PALANIGOUNDER

IPC: H04L29/06 ,  H04W76/04 ,  H04W12/04

Abstract: Certain aspects of the present disclosure provide techniques for managing security keys for enciphering and deciphering packets transmitted in a wireless communications system. According to certain aspects, a method of wireless communication by a user equipment (UE) is provided. The method generally includes obtaining an indication of a key area identifier (ID) of a first cell node, wherein the key area ID identifies a set of cell nodes that are associated with a network node that uses a first key for enciphering or deciphering messages and communicating a first set of messages with the first cell node using the first key for enciphering or deciphering the first set of messages.

公开(公告)号：US20180020347A1

公开(公告)日：2018-01-18

申请号：US15708174

申请日：2017-09-19

Applicant: QUALCOMM Incorporated

Inventor： Anand PALANIGOUNDER

IPC: H04W12/04 ,  H04L9/30 ,  H04L29/06 ,  H04L9/08 ,  H04W12/06 ,  H04L9/32

CPC classification number: H04W12/04 ,  H04L9/0841 ,  H04L9/085 ,  H04L9/0891 ,  H04L9/3066 ,  H04L9/3242 ,  H04L63/0428 ,  H04L63/067 ,  H04L63/0869 ,  H04W12/06

Abstract: Systems and methods for providing authentication key agreement (AKA) with perfect forward secrecy (PFS) are disclosed. In one embodiment, a network according to the disclosure may receive an attach request from a UE, provide an authentication request including a network support indicator to a network resource, receive an authentication token from the network resource, such that the authentication token includes an indication that a network supports PFS, provide the authentication token to the UE, receive an authentication response including a UE public key value, obtain a network public key value and a network private key value, determine a shared key value based on the network private key value and the UE public key value, bind the shared key value with a session key value to create a bound shared key value, and use the bound shared key value to protect subsequent network traffic.

公开(公告)号：US20160365984A1

公开(公告)日：2016-12-15

申请号：US14736055

申请日：2015-06-10

Applicant: QUALCOMM Incorporated

Inventor： Jangwon LEE ,  Anand PALANIGOUNDER ,  Soo Bum LEE ,  Rajat PRAKASH

IPC: H04L9/32

CPC classification number: H04L9/3268 ,  H04L9/0894 ,  H04L9/321 ,  H04L9/3247 ,  H04L9/3263

Abstract: A method includes: establishing a telecommunication link between a device and a service provider system via a telecommunication network; receiving a device public key via the telecommunication network from the device at the service provider system, the device public key predating the establishment of the telecommunication link; verifying, at the service provider system, that the device stores a device private key in a secure storage area of the device, the device private key corresponding to the device public key, the device public key and the device private key being a cryptographic key pair; and authorizing, by the service provider system, sign-up of the device for service enrollment in response to verifying that the device stores the device private key in the secure storage area of the device.

Abstract translation: 一种方法包括：经由电信网络在设备和服务提供商系统之间建立电信链路; 通过电信网络从服务提供商系统的设备接收设备公钥，该设备公钥预先建立电信链路; 在服务提供商系统处验证设备将设备私钥存储在设备的安全存储区域中，设备私钥对应于设备公钥，设备公钥和设备专用密钥是加密密钥对 ; 以及由所述服务提供商系统授权所述设备注册以响应于验证所述设备将所述设备私钥存储在所述设备的所述安全存储区域中。

公开(公告)号：US20160241705A1

公开(公告)日：2016-08-18

申请号：US14622742

申请日：2015-02-13

Applicant: QUALCOMM Incorporated

Inventor： Olivier Jean BENOIT ,  Rishab NITHYANAND ,  Rosario CAMMAROTA ,  Anand PALANIGOUNDER

IPC: H04M1/725 ,  H04W12/06

CPC classification number: H04M1/72577 ,  H04L63/1425 ,  H04W12/06 ,  H04W12/12

Abstract: Techniques for authenticating a user of a mobile device at a computing platform are provided. A method according to these techniques includes generating a first profile and second profile of user behavior for the user of the mobile device, the first profile comprising a first type of profile having at least a first duration and the second profile comprising a second type of profile having a second duration that is shorter than the first duration, monitoring user behavior to generate usage behavior data, comparing the usage behavior data to the first profile and the second profile, performing a first type of authentication action responsive to the usage behavior data deviating from the first profile, and performing a second type of authentication action responsive to the usage behavior data deviating from the second profile.

Abstract translation: 提供了用于在计算平台上认证移动设备的用户的技术。 根据这些技术的方法包括为移动设备的用户生成用户行为的第一简档和第二简档，第一简档包括具有至少第一持续时间的第一类型的简档，并且第二简档包括第二类型的简档 具有比第一持续时间短的第二持续时间，监视用户行为以生成使用行为数据，将使用行为数据与第一配置文件和第二配置文件进行比较，响应于偏离的使用行为数据执行第一类型的认证动作 所述第一简档，以及响应于偏离所述第二简档的所述使用行为数据执行第二类型的认证动作。

公开(公告)号：US20150043734A1

公开(公告)日：2015-02-12

申请号：US14489833

申请日：2014-09-18

Applicant: QUALCOMM Incorporated

Inventor： Adrian ESCOTT ,  Anand PALANIGOUNDER

IPC: H04W12/04 ,  H04L9/14

CPC classification number: H04W12/04 ,  H04L9/14 ,  H04L2209/24 ,  H04W36/0038

Abstract: Disclosed is a method for transitioning a remote station from a current serving network node having an enhanced security context to a new serving network node. In the method, the remote station provides at least one legacy key, and generates at least one session key based on a calculation using a root key and using an information element associated with the enhanced security context. The remote station forwards a first message having the information element to the new serving network node. The remote station receives a second message, from the new serving network node, having a response based on either the legacy key or the session key. The remote station determines that the new serving network node does not support the enhanced security context if the response of the second message is based on the legacy key. Accordingly, the remote station protects communications based on the legacy key upon determining that the enhanced security context is not supported.

Abstract translation: 公开了一种用于将远程站从具有增强的安全上下文的当前服务网络节点转换到新的服务网络节点的方法。 在该方法中，远程站提供至少一个遗留密钥，并且基于使用根密钥的计算并使用与增强的安全上下文相关联的信息元素来生成至少一个会话密钥。 远程站将具有信息元素的第一消息转发到新的服务网络节点。 远程站从新的服务网络节点接收具有基于传统密钥或会话密钥的响应的第二消息。 如果第二消息的响应基于传统密钥，则远程站确定新的服务网络节点不支持增强的安全上下文。 因此，当确定不支持增强的安全上下文时，远程站保护基于传统密钥的通信。