A METHOD SYSTEM AND DEVICE FOR SECURITY FUNCTION NEGOTIATION

Abstract

A security capability negotiation method is applicable to perform security capability negotiation during a mobile network handover. The method includes the following processes: a second network receives a handover request sent by a first network; an access network entity of the second network selects a corresponding security capability or an access network entity and a core network (CN) entity of the second network respectively select a corresponding security capability; the second network sends the selected security capability to a user equipment (UE) via the first network. Moreover a security capability negotiation system is also provided. Therefore in the present invention it is unnecessary for the MME to know the security capability of the corresponding eNB in a certain manner during a handover from a 2G/3G network to an LTE network. Meanwhile during the handover from the LTE network to the 3G network the SGSN does not need to introduce new requirements.

SEP Database Augmented SEP Database

Explicitly Disclosed

Patent Type

Technology	Declaration Information			Specification Information				Explicitly Disclosed	Patent Type
Technology	Declaration Date	Declaration Reference	Declaring Company	Specification Number				Explicitly Disclosed	Patent Type
5G	22/10/2018	ISLD-201810-040	HUAWEI	S1 TS Number: TS 123 501 Version No: Illustrative part: ---- Release: S2 TS Number: TS 123 502 Version No: Illustrative part: ---- Release: S3 TS Number: TS 123 503 Version No: Illustrative part: ---- Release: S4 TS Number: TS 133 501 Version No: Illustrative part: ---- Release: +3 -3				Yes	Family Member

Specification Information

Spec Number

Version Number

Section Number

Specification Information

Spec Number

Version Number

Section Number

Technologies

2G 3G 4G 5G

Family Information

All Granted Patents In Patent Family :	----
All Pending Patents In Patent Family :	----

SEP Database Augmented SEP Database

Explicitly Disclosed

Patent Type

Publication No	Technology	Declaration Information			Specification Information	Explicitly Disclosed	Patent Type
Publication No	Technology	Declaration Date	Declaration Reference	Declaring Company	Specification Number	Explicitly Disclosed	Patent Type
CN101304600A	5G	22/10/2018	ISLD-201810-040	HUAWEI	S1 TS Number: TS 123 501 Version No: ---- Section No: Release : ---- S2 TS Number: TS 123 502 Version No: ---- Section No: Release : ---- S3 TS Number: TS 123 503 Version No: ---- Section No: Release : ---- S4 TS Number: TS 133 501 Version No: ---- Section No: Release : ---- +3 -3	Yes	Family Member
CN101304600B	5G	22/10/2018	ISLD-201810-040	HUAWEI	S1 TS Number: TS 123 501 Version No: ---- Section No: Release : ---- S2 TS Number: TS 123 502 Version No: ---- Section No: Release : ---- S3 TS Number: TS 123 503 Version No: ---- Section No: Release : ---- S4 TS Number: TS 133 501 Version No: ---- Section No: Release : ---- +3 -3	Yes	Family Member
EP2117248A4	5G	22/10/2018	ISLD-201810-040	HUAWEI	S1 TS Number: TS 123 501 Version No: ---- Section No: Release : ---- S2 TS Number: TS 123 502 Version No: ---- Section No: Release : ---- S3 TS Number: TS 123 503 Version No: ---- Section No: Release : ---- S4 TS Number: TS 133 501 Version No: ---- Section No: Release : ---- +3 -3	Yes	Family Member
EP2117248B1	5G	22/10/2018	ISLD-201810-040	HUAWEI	S1 TS Number: TS 123 501 Version No: ---- Section No: Release : ---- S2 TS Number: TS 123 502 Version No: ---- Section No: Release : ---- S3 TS Number: TS 123 503 Version No: ---- Section No: Release : ---- S4 TS Number: TS 133 501 Version No: ---- Section No: Release : ---- +3 -3	Yes	Family Member
US2009275309A1	5G	22/10/2018	ISLD-201810-040	HUAWEI	S1 TS Number: TS 123 501 Version No: ---- Section No: Release : ---- S2 TS Number: TS 123 502 Version No: ---- Section No: Release : ---- S3 TS Number: TS 123 503 Version No: ---- Section No: Release : ---- S4 TS Number: TS 133 501 Version No: ---- Section No: Release : ---- +3 -3	Yes	Family Member
US8774759B2	5G	22/10/2018	ISLD-201810-040	HUAWEI	S1 TS Number: TS 123 501 Version No: ---- Section No: Release : ---- S2 TS Number: TS 123 502 Version No: ---- Section No: Release : ---- S3 TS Number: TS 123 503 Version No: ---- Section No: Release : ---- S4 TS Number: TS 133 501 Version No: ---- Section No: Release : ---- +3 -3	Yes	Family Member
WO2008134986A1	5G	22/10/2018	ISLD-201810-040	HUAWEI	S1 TS Number: TS 123 501 Version No: ---- Section No: Release : ---- S2 TS Number: TS 123 502 Version No: ---- Section No: Release : ---- S3 TS Number: TS 123 503 Version No: ---- Section No: Release : ---- S4 TS Number: TS 133 501 Version No: ---- Section No: Release : ---- +3 -3	Yes	Family Member
JP2010521905A	5G	22/10/2018	ISLD-201810-040	HUAWEI	S1 TS Number: TS 123 501 Version No: ---- Section No: Release : ---- S2 TS Number: TS 123 502 Version No: ---- Section No: Release : ---- S3 TS Number: TS 123 503 Version No: ---- Section No: Release : ---- S4 TS Number: TS 133 501 Version No: ---- Section No: Release : ---- +3 -3	Yes	Family Member
JP5010690B2	5G	22/10/2018	ISLD-201810-040	HUAWEI	S1 TS Number: TS 123 501 Version No: ---- Section No: Release : ---- S2 TS Number: TS 123 502 Version No: ---- Section No: Release : ---- S3 TS Number: TS 123 503 Version No: ---- Section No: Release : ---- S4 TS Number: TS 133 501 Version No: ---- Section No: Release : ---- +3 -3	Yes	Family Member
US2018070275A1	5G	22/10/2018	ISLD-201810-040	HUAWEI	S1 TS Number: TS 123 501 Version No: ---- Section No: Release : ---- S2 TS Number: TS 123 502 Version No: ---- Section No: Release : ---- S3 TS Number: TS 123 503 Version No: ---- Section No: Release : ---- S4 TS Number: TS 133 501 Version No: ---- Section No: Release : ---- +3 -3	Yes	Basis Patent
ES2554808T3	5G	22/10/2018	ISLD-201810-040	HUAWEI	S1 TS Number: TS 123 501 Version No: ---- Section No: Release : ---- S2 TS Number: TS 123 502 Version No: ---- Section No: Release : ---- S3 TS Number: TS 123 503 Version No: ---- Section No: Release : ---- S4 TS Number: TS 133 501 Version No: ---- Section No: Release : ---- +3 -3	Yes	Family Member
US2016150449A1	5G	22/10/2018	ISLD-201810-040	HUAWEI	S1 TS Number: TS 123 501 Version No: ---- Section No: Release : ---- S2 TS Number: TS 123 502 Version No: ---- Section No: Release : ---- S3 TS Number: TS 123 503 Version No: ---- Section No: Release : ---- S4 TS Number: TS 133 501 Version No: ---- Section No: Release : ---- +3 -3	Yes	Family Member
US9668182B2	5G	22/10/2018	ISLD-201810-040	HUAWEI	S1 TS Number: TS 123 501 Version No: ---- Section No: Release : ---- S2 TS Number: TS 123 502 Version No: ---- Section No: Release : ---- S3 TS Number: TS 123 503 Version No: ---- Section No: Release : ---- S4 TS Number: TS 133 501 Version No: ---- Section No: Release : ---- +3 -3	Yes	Family Member
EP2966889B1	-----	-----	-----	-----	-----	-----	-----
EP3554112B1	-----	-----	-----	-----	-----	-----	-----
US10383017B2	-----	-----	-----	-----	-----	-----	-----
US2020068467A1	-----	-----	-----	-----	-----	-----	-----
US10958692B2	-----	-----	-----	-----	-----	-----	-----

Publication No	Technology	Declaration Information			Specification Information				Explicitly Disclosed	Patent Type	Status	National Phase Entries
Publication No	Technology	Declaration Date	Declaration Reference	Declaring Company	Specification Information				Explicitly Disclosed	Patent Type	Status	National Phase Entries
-----	-----	-----	-----	-----	S1 TS Number: ----- Version No: ----- Section No:----- Release:----- + -				-----	-----	-----	-----

Technologies

Mobility and handover

Product

Mobility Management Entity (MME)

Base Station (eNB/gNB)

Use Cases

Not Available

Services

Mobility Management

Claim

1. A method for security capability negotiation, which is applicable to perform security capability negotiation during a mobile network handover, comprising:
A. receiving, by a second network, a handover request sent by a first network; B. selecting, by an access network entity of the second network, a corresponding security capability; or selecting, respectively by the access network entity and a core network entity of the second network, a corresponding security capability; C. sending, by the second network, the selected security capability to an UE via the first network.', 'A. receiving, by a second network, a handover request sent by a first network;', 'B. selecting, by an access network entity of the second network, a corresponding security capability; or selecting, respectively by the access network entity and a core network entity of the second network, a corresponding security capability;', 'C. sending, by the second network, the selected security capability to an UE via the first network.

2. The method according to claim 1, wherein step A further comprises:
A1. sending, by a core network entity of the first network, a handover request message to an access network entity of the first network; and A1. sending, by the core network entity of the first network, a handover preparation request message to the core network entity of the second network, wherein the handover preparation request message carries security capability sets supported by the UE.', 'A1. sending, by a core network entity of the first network, a handover request message to an access network entity of the first network; and', 'A1. sending, by the core network entity of the first network, a handover preparation request message to the core network entity of the second network, wherein the handover preparation request message carries security capability sets supported by the UE.

3. The method according to claim 2, wherein before the step A2, the core network entity of the first network obtains a security capability set supported by the UE via the following methods: the core network entity directly requests the UE to send the security capability sets supported by the UE; or the access network entity of the first network first determines to initiate a handover, then requests the UE for the security capability sets supported by the UE, and sends the capability set carried in the handover request message to the core network entity of the first network in step A1.

4. The method according to claim 1, wherein the first network is 2G or 3G network, the access network entity of the 2G network comprises a base station (BTS) and a base station controller (BSC), the access network entity of the 3G network comprises a NodeB and a radio network controller (RNC), the core network entity of the 2G or 3G network comprises a SGSN; the second network is a long term evolution (LTE) access network, the access network entity of the second network is an evolved node B (eNodeB), and the core network entity of the second network is a mobility management entity (MME); in step B the eNodeB and the MME respectively select the corresponding security capabilities.

5. The method according to claim 4, wherein the step B comprises:
B1. sending, by the MME, a handover preparation request message to the eNodeB, the handover preparation request message carrying a radio resource control (RRC) integrity protection algorithm and encryption algorithm, and user plane (UP) encryption algorithm; and B2. selecting, by the eNodeB, the RRC integrity protection algorithm and encryption algorithm, and UP encryption algorithm which are supported by the UE and the eNodeB, according to the RRC integrity protection algorithm and encryption algorithm, and the UP encryption algorithm supported by the UE and the RRC integrity protection algorithm and encryption algorithm, and the UP encryption algorithm supported by the eNodeB.', 'B1. sending, by the MME, a handover preparation request message to the eNodeB, the handover preparation request message carrying a radio resource control (RRC) integrity protection algorithm and encryption algorithm, and user plane (UP) encryption algorithm; and', 'B2. selecting, by the eNodeB, the RRC integrity protection algorithm and encryption algorithm, and UP encryption algorithm which are supported by the UE and the eNodeB, according to the RRC integrity protection algorithm and encryption algorithm, and the UP encryption algorithm supported by the UE and the RRC integrity protection algorithm and encryption algorithm, and the UP encryption algorithm supported by the eNodeB.

6. The method according to claim 5, wherein the step B comprises:
B1. sending, by the MME, an RRC integrity protection algorithm and encryption algorithm, and UP encryption algorithm allowed by a system to the eNodeB; and B2. selecting, by the eNodeB, the selected RRC integrity protection algorithm and encryption algorithm, and the UP encryption algorithm by combining the RRC integrity protection algorithm and encryption algorithm, and the UP encryption algorithm allowed by the system.', 'B1. sending, by the MME, an RRC integrity protection algorithm and encryption algorithm, and UP encryption algorithm allowed by a system to the eNodeB; and', 'B2. selecting, by the eNodeB, the selected RRC integrity protection algorithm and encryption algorithm, and the UP encryption algorithm by combining the RRC integrity protection algorithm and encryption algorithm, and the UP encryption algorithm allowed by the system.

7. The method according to claim 5, wherein the step B comprises:
selecting, by the MME, a Non-Access signaling (NAS) integrity protection algorithm and encryption algorithm supported by the UE, a system and the MME, according to a NAS integrity protection algorithm and encryption algorithm supported by the UE, a NAS integrity protection algorithm and encryption algorithm supported by the system and a NAS integrity protection algorithm and encryption algorithm supported by the MME.', 'selecting, by the MME, a Non-Access signaling (NAS) integrity protection algorithm and encryption algorithm supported by the UE, a system and the MME, according to a NAS integrity protection algorithm and encryption algorithm supported by the UE, a NAS integrity protection algorithm and encryption algorithm supported by the system and a NAS integrity protection algorithm and encryption algorithm supported by the MME.

8. The method according to claim 5, wherein the step C further comprises:
C1. sending, by the eNodeB, a handover preparation acknowledgement message carrying the selected RRC integrity protection algorithm and encryption algorithm, and UP encryption algorithm to the MME; C2. sending, by the MME, a handover preparation acknowledgement message carrying the selected NAS integrity protection algorithm and encryption algorithm, RRC integrity protection algorithm and encryption algorithm, and UP encryption algorithm to the SGSN; and C3. sending, by the SGSN, a handover command to the UE via the 2G/3G access network to indicate the UE to hand over to the LTE network, wherein the handover command carries the selected NAS integrity protection algorithm and encryption algorithm, RRC integrity protection algorithm and encryption algorithm, and UP encryption algorithm.', 'C1. sending, by the eNodeB, a handover preparation acknowledgement message carrying the selected RRC integrity protection algorithm and encryption algorithm, and UP encryption algorithm to the MME;', 'C2. sending, by the MME, a handover preparation acknowledgement message carrying the selected NAS integrity protection algorithm and encryption algorithm, RRC integrity protection algorithm and encryption algorithm, and UP encryption algorithm to the SGSN; and', 'C3. sending, by the SGSN, a handover command to the UE via the 2G/3G access network to indicate the UE to hand over to the LTE network, wherein the handover command carries the selected NAS integrity protection algorithm and encryption algorithm, RRC integrity protection algorithm and encryption algorithm, and UP encryption algorithm.

9. The method according to claim 8, wherein before the MME sends the handover preparation acknowledgement message in the step C2, the MME selects the NAS integrity protection algorithm and encryption algorithm supported by the UE, the system and the MME according to the NAS integrity protection algorithm and encryption algorithm supported by the UE, the NAS integrity protection algorithm and encryption algorithm allowed by the system, together with NAS integrity protection algorithm and encryption algorithm supported by the MME.', '10. The method according to claim 1, wherein the first network is a long term evolution (LTE) access network, the access network entity of the first network is eNodeB, the core network entity of the first network is MME; the second network is a 3G network, the access network entity of the second network is a radio network controller (RNC), the core network entity of the second network is a serving GPRS support node (SGSN); and the method comprising:
selecting, by the RNC, the corresponding security capability.', 'selecting, by the RNC, the corresponding security capability.', '11. The method according to claim 3, wherein the core network entity of the first network obtains the 3G security capability set supported by the UE carried in an initial Layer 3 message.', '12. The method according to claim 10, wherein the step B comprises:
sending, by the SGSN, a handover preparation request message to the RNC, the handover preparation request message carrying a 3G security capability supported by the UE and a 3G security capability allowed by a system, the 3G security capabilities comprising an encryption algorithm and integrity protection algorithm, and selecting, by the RNC, the 3G security capability supported by the UE, the system and the RNC, according to the 3G security capability supported by the UE, the 3G security capability supported by the system and the 3G security capability supported by the RNC.', 'sending, by the SGSN, a handover preparation request message to the RNC, the handover preparation request message carrying a 3G security capability supported by the UE and a 3G security capability allowed by a system, the 3G security capabilities comprising an encryption algorithm and integrity protection algorithm, and', 'selecting, by the RNC, the 3G security capability supported by the UE, the system and the RNC, according to the 3G security capability supported by the UE, the 3G security capability supported by the system and the 3G security capability supported by the RNC.', "13. The method according to claim 12, wherein the step C comprises:
C1'. sending, by the RNC, a handover preparation acknowledgement message carrying the selected 3G security capability to the SGSN; C2'. sending, by the SGSN, a handover preparation acknowledgement message carrying the selected 3G security capability to the MME; and C3'. sending, by the MME, a handover command to the UE via the eNodeB to indicate the UE to hand over to the 3G network, wherein the handover command carries the selected 3G security capability.", "C1'. sending, by the RNC, a handover preparation acknowledgement message carrying the selected 3G security capability to the SGSN;", "C2'. sending, by the SGSN, a handover preparation acknowledgement message carrying the selected 3G security capability to the MME; and", "C3'. sending, by the MME, a handover command to the UE via the eNodeB to indicate the UE to hand over to the 3G network, wherein the handover command carries the selected 3G security capability.", '14. A system for security capability negotiation, which is applicable to perform security capability negotiation during a mobile network handover, comprising:
an access network entity and a core network entity of a first network, and an access network entity and a core network entity of a second network, wherein, the access network entity of the second network is configured to select a corresponding security capability when the first network requests to hand over to the second network; the core network entity of the second network is configured to select a corresponding security capability when the first network requests to hand over to the second network; and the access network entity and the core network entity of the first network are configured to send the selected security capability to a user equipment (UE).', 'an access network entity and a core network entity of a first network, and an access network entity and a core network entity of a second network, wherein,', 'the access network entity of the second network is configured to select a corresponding security capability when the first network requests to hand over to the second network;', 'the core network entity of the second network is configured to select a corresponding security capability when the first network requests to hand over to the second network; and', 'the access network entity and the core network entity of the first network are configured to send the selected security capability to a user equipment (UE).', '11. The system according to claim 10, wherein the first network is a 2G or 3G network, the second network is a long term evolution (LTE) access network, the access network entity of the second network is an evolved node B (eNodeB), and the core network entity of the second network is a mobility management entity (MME).', '15. The system according to claim 14, wherein the first network is a 2G or 3G network, the second network is a long term evolved (LTE) network, the access network entity of the second network is eNodeB, the core network entity of the first network is MME; the security capability comprises a Non-Access signaling (NAS) integrity protection algorithm and encryption algorithm, a radio resource control (RRC) integrity protection algorithm and encryption algorithm and a user plane (UP) encryption algorithm; the MME is configured to select the NAS integrity protection algorithm and encryption algorithm, the eNodeB is configured to select the RRC integrity protection algorithm and encryption algorithm, and UP encryption algorithm.', '16. The system according to claim 14, wherein the first network is a long term evolution (LTE) access network, the access network entity of the first network is eNodeB, the core network entity of the first network is a MME; the second network is a 3G network, the access network entity of the second network is a RNC, the core network entity of the second network is a GGSN; the security capability comprises a 3G security capability set comprising an encryption algorithm, integrity protection algorithm; the RNC is configured to select the 3G security capability.', '17. A network, comprising:
an access network entity, configured to receive a handover request sent by a peer-end network; a core network entity, configured to select and send a corresponding security capability to the UE via the peer-end network together with the access network entity of the network when the peer-end network requests to hand over to the current network', 'an access network entity, configured to receive a handover request sent by a peer-end network;', 'a core network entity, configured to select and send a corresponding security capability to the UE via the peer-end network together with the access network entity of the network when the peer-end network requests to hand over to the current network']

Associated Portfolios

Licensor Claim Chart

Claim Chart	Technology	Creation Date	Download
Claim charts will soon be available!

Patent claim chart for sale

SUMMARY

Please Place the order to get the claim chart for the patent

ClaimChart-EP2117248A1-STO

Patent number:EP2117248A1

Claim Chart Type : SEP Claim Chart

Price: 200 €

Add To Cart

Note:

The information in blue was extracted from the third parties (Standard Setting Organisation, Espacenet)

The information in grey was provided by the patent holder

The information in purple was extracted from the FrandAvenue

Explicitly disclosed patent:openly and comprehensibly describes all details of the invention in the patent document.

Implicitly disclosed patent:does not explicitly state certain aspects of the invention, but still allows for these to be inferred from the information provided.

Basis patent:The core patent in a family, outlining the fundamental invention from which related patents or applications originate.

Family member:related patents or applications that share a common priority or original filing.