A method, an apparatus, and a system for solving and managing security problems, which may occur during a handover of a User Equipment (UE) between PLMNs in a mobile communication network, by using a Non-Access Stratum (NAS) protocol are provided. By the method, a UE can perform a security mode command and an authentication with a network. Further, the method can prevent interruption of communication due to authentication or security during a handover of a UE between Public land mobile Networks (PLMNs).
|
18. A method for performing a security procedure by a terminal in a mobile communication system, the method comprising:
transmitting, to a mobility management entity (MME), a tracking area update (tau) request message including a public land mobile network identity (plmn id) after a handover of the terminal; and
receiving, from the MME, an authentication request message if the plmn id included in the tau request message is different from a plmn id of a cell and a tau procedure is complete,
wherein the plmn id is included in a globally unique temporary identifier (GUTI) included in the tau request message.
1. A method for performing a security procedure by a mobility management entity (MME) in a mobile communication system, the method comprising:
receiving, from a terminal, a tracking area update (tau) request message including a public land mobile network identity (plmn id) after a handover of the terminal;
comparing the plmn id included in the tau request message with a plmn id of a cell; and
transmitting, to the terminal, an authentication request message if the plmn id included in the tau request message is different from the plmn id of the cell and a tau procedure is complete,
wherein the plmn id is included in a globally unique temporary identifier (GUTI) included in the tau request message.
25. A terminal apparatus for performing a security procedure by a terminal in a mobile communication system, the apparatus comprising:
a transceiver configured to transmit and receive messages; and
a controller configured to:
transmit, to a mobility management entity (MME), a tracking area update (tau) request message including a public land mobile network identity (plmn id) after a handover of the terminal, and
receive, from the MME, an authentication request message if the plmn id included in the tau request message is different from a plmn id of a cell and a tau procedure is complete,
wherein the plmn id is included in a globally unique temporary identifier (GUTI) included in the tau request message.
10. A mobility management entity (MME) apparatus for performing a security procedure in a mobile communication system, the apparatus comprising:
a transceiver configured to transmit and receive messages; and
a controller configured to:
receive, from a terminal, a tracking area update (tau) request message including a public land mobile network identity (plmn id),
after a handover of the terminal, compare the plmn id included in the tau request message with a plmn id of a cell, and
transmit, to the terminal, an authentication request message if the plmn id included in the tau request message is different from the plmn id of the cell and a tau procedure is complete,
wherein the plmn id is included in a globally unique temporary identifier (GUTI) included in the tau request message.
3. The method of
transmitting a tau response message in response to the tau request message to the terminal.
4. The method of
receiving an authentication response message from the terminal if an authentication vector is verified.
5. The method of
transmitting a security mode command (SMC) message to the terminal if the plmn id included in the tau request message is different from the plmn id of the cell and the tau procedure is complete.
6. The method of
7. The method of
transmitting, by a source MME/SGSN, a relocation command message to a source evolved Node B/radio network controller (eNB/RNC);
transmitting, by the source eNB/RNC, a handover command message to the terminal; and
transmitting, by a target eNB, to a target serving GPRS support node (SGSN) a handover notification message if the terminal completes the handover to the target eNB.
8. The method of
generating a request for an identity of the terminal to the terminal;
receiving the identity of the terminal from the terminal;
transmitting the received identity of the terminal and the plmn id of the cell to a home subscriber server (HSS);
receiving an authentication key (KASME) and an authentication vector from the HSS;
transmitting an authentication request message including the authentication key, the authentication vector, and the plmn id of the cell to the terminal; and
receiving a response message to the authentication request message from the terminal.
9. The method of
verifying if the response message is an authentication response message received from the terminal, to which the MME has sent the authentication request message, by comparing an authentication key included in the response message with an expected authentication key.
12. The apparatus of
a transmitter configured to transmit a tau response message in response to the tau request message to the terminal.
13. The apparatus of
a receiver configured to receive an authentication response message from the terminal if an authentication vector is verified.
14. The apparatus of
15. The apparatus of
16. The apparatus of
generate a request for an identity of the terminal to the terminal, to receive the identity of the terminal from the terminal,
transmit the received identity of the terminal and the plmn id of the cell to a home subscriber server (HSS),
receive an authentication key (KASME) and an authentication vector from the HSS,
transmit an authentication request message including the authentication key, the authentication vector, and the plmn id of the cell to the terminal, and
receive a response message to the authentication request message from the terminal.
17. The apparatus of
20. The method of
receiving, by the terminal, a tau response message in response to the tau request message from the MME.
21. The method of
transmitting an authentication response message to the MME if an authentication vector is verified.
22. The method of
receiving a security mode command (SMC) message from the MME if the plmn id included in the tau request message is different from the plmn id of the cell and the tau procedure is complete.
23. The method of
24. The method of
transmitting an identity response message including an identity of the terminal to the MME as a response to a request for the identity of the terminal from the terminal;
receiving an authentication request message including an authentication key, an authentication vector, and the plmn id of the cell from the MME;
verifying the authentication vector and calculating the authentication key by using a new plmn id; and
transmitting an authentication response message including the calculated authentication key to the MME as a response to the authentication request message.
27. The apparatus of
a receiver configured to receive a tau response message in response to the tau request message from the MME.
28. The apparatus of
a transmitter configured to transmit an authentication response message to the MME if an authentication vector is verified.
29. The apparatus of
30. The apparatus of
31. The apparatus of
transmit an identity response message including an identity of the terminal to the MME as a response to a request for the identity of the terminal from the terminal,
receive an authentication request message including an authentication key, an authentication vector, and the plmn id of the cell from the MME,
verify the authentication vector and to calculate the authentication key by using a new plmn id, and
transmit an authentication response message including the calculated authentication key to the MME as a response to the authentication request message.
|
This application is a continuation application of prior application Ser. No. 14/532,421, filed on Nov. 4, 2014, which will issue as U.S. Pat. No. 9,131,380 on Sep. 8, 2015 and claimed the benefit under 35 U.S.C §119(a) of a U.S. patent application filed on Apr. 27, 2012 in the U.S. Patent and Trademark Office and assigned Ser. No. 13/504,786, which issued as U.S. Pat. No. 8,881,237 on Nov. 4, 2014, and which was the U.S. National Stage application under 35 U.S.C. §371 of an International Application filed on Oct. 27, 2010 and assigned application number PCT/KR2010/007430, which claimed the benefit under 35 U.S.C. §365(b) of a Korean patent application filed in the Korean Industrial Property Office on Oct. 27, 2009 and assigned Serial number 10-2009-0102501, the entire disclosure of each of which is hereby incorporated by reference.
1. Field of the Invention
The present invention relates to a mobile communication system. More particularly, the present invention relates to a method and a system for managing a security and an authentication of a User Equipment (UE) and a network in an environment in which the UE performs a handover.
2. Description of the Related Art
The 3rd Generation Partnership Project (3GPP), which is a representative organization for establishing standards for a mobile communication system, has defined an Evolved Packet System (EPS) for the next generation communication and has employed the Mobility Management Entity (MME) as a mobility management entity of a network. For the mobile communication system as described above, a solution improved from the Non-Access Stratum (NAS) protocol, which has been used in the conventional mobile communication systems, such as a 3GPP communication system, has been presented in order to provide a high speed communication service in the next generation mobile communication. In the improved solution, a security management scheme has been enhanced by employing, in performing a security mode, the concept of a NAS protocol, which provides a security to a NAS, in addition to a security process performed in a wireless access stratum and a conventional authentication process.
However, according to the current NAS protocol definition and the current NAS protocol security definition, the security may not be ensured or the communication may be interrupted in supporting a handover between Public Land Mobile Networks (PLMNs). Therefore, a need exists for a method capable of supporting the communication, the security, and the authentication between a UE and a network in an efficient and incessant manner even though the PLMN changes, through an improvement of a NAS security mode command process introduced in order to enhance the NAS protocol and the authentication process.
The above information is presented as background information only to assist with an understanding of the present disclosure. No determination has been made, and no assertion is made, as to whether any of the above might be applicable as prior art with regard to the present invention.
Aspects of the present invention are to address at least the above-mentioned problems and/or disadvantages and to provide at least the advantages described below. Accordingly, an aspect of the present invention is to provide a system and a method for security management using a Non-Access Stratum (NAS) protocol during a handover of a UE by a mobility management entity in a mobile communication system.
Another aspect of the present invention is to provide a system and a method for security management in a mobile communication system, which enables smooth operations of authentication and security modes even during a handover of a User Equipment (UE) between Public Land Mobile Networks (PLMNs) by using a NAS protocol, thereby achieving an efficient mobility management of the UE.
In accordance with an aspect of the present invention, a method of managing a security during a handover of a User Equipment (UE) by a Mobility Management Entity (MME) of a mobile communication system is provided. The method includes comparing a network identity included in a Tracking Area Update (TAU) request message received from the UE with a network identity of the MME, and determining whether to transmit an authentication request message, based on a result of the comparison between the network identities.
In accordance with another aspect of the present invention, a method of managing a security during a handover of a UE in a mobile communication system is provided. The method includes transmitting a TAU request message to an MME, and receiving an authentication request message from the MME according to a result of comparison between a network identity included in the TAU request message and a network identity of the MME.
In accordance with another aspect of the present invention, a method of managing a security during a handover of a UE by an MME of a mobile communication system is provided. The method includes receiving a TAU request message from the UE, comparing a network identity included in the TAU request message with a network identity of the MME, and determining whether to transmit a Security Mode Command (SMC) message to the UE as a result of the comparison.
In accordance with another aspect of the present invention, a method of managing a security during a handover of a UE in a mobile communication system is provided. The method includes transmitting a TAU request message to an MME, and receiving an SMC message from the MME according to a result of comparison between a network identity included in the TAU request message and a network identity of the MME.
In accordance with another aspect of the present invention, an apparatus for managing a security during a handover of a UE by an MME of a mobile communication system is provided. The apparatus includes a control unit for comparing a network identity included in a TAU request message received from the UE with a network identity of the MME, and for determining whether to transmit an authentication request message, based on a result of the comparison between the network identities.
In accordance with another aspect of the present invention, an apparatus for managing a security during a handover of a UE in a mobile communication system is provided. The apparatus includes a control unit for transmitting a TAU request message to an MME, and for receiving an authentication request message from the MME according to a result of comparison between a network identity included in the TAU request message and a network identity of the MME.
In accordance with another aspect of the present invention, an apparatus for managing a security during a handover of a UE in a mobile communication system is provided. The apparatus includes a control unit for transmitting a TAU request message to an MME, and for receiving an SMC message from the MME according to a result of comparison between a network identity included in the TAU request message and a network identity of the MME.
Other aspects, advantages, and salient features of the invention will become apparent to those skilled in the art from the following detailed description, which, taken in conjunction with the annexed drawings, discloses exemplary embodiments of the invention.
The above and other aspects, features, and advantages of certain exemplary embodiments of the present invention will be more apparent from the following description taken in conjunction with the accompanying drawings, in which:
Throughout the drawings, it should be noted that like reference numbers are used to depict the same or similar elements, features, and structures.
The following description with reference to the accompanying drawings is provided to assist in a comprehensive understanding of exemplary embodiments of the invention as defined by the claims and their equivalents. It includes various specific details to assist in that understanding but these are to be regarded as merely exemplary. Accordingly, those of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the invention. In addition, descriptions of well-known functions and constructions may be omitted for clarity and conciseness.
The terms and words used in the following description and claims are not limited to the bibliographical meanings, but, are merely used by the inventor to enable a clear and consistent understanding of the invention. Accordingly, it should be apparent to those skilled in the art that the following description of exemplary embodiments of the present invention is provided for illustration purpose only and not for the purpose of limiting the invention as defined by the appended claims and their equivalents.
It is to be understood that the singular forms “a,” “an,” and “the” include plural referents unless the context clearly dictates otherwise. Thus, for example, reference to “a component surface” includes reference to one or more of such surfaces.
A main idea of the exemplary embodiments of the present invention is to provide an incessant mobile communication for a mobile communication system during a handover of a User Equipment (UE) between Public Land Mobile Networks (PLMNs) by using a Non-Access Stratum (NAS) protocol which is a protocol between a UE and a Mobility Management Entity (MME). Further, exemplary embodiments of the present invention provide a method of supporting an authentication and the security and management of a NAS protocol, which is a protocol between a UE and an MME for authentication. The following detailed description of exemplary embodiments of the present invention discusses a 3GPP-based Evolved Packet System (EPS) system, Universal Terrestrial Radio Access Network (UTRAN), and GSM EDGE Radio Access Network(GERAN), although exemplary embodiments of the present invention can be used by another mobile communication system using a NAS protocol.
Meanwhile, as shown in
Referring to
Meanwhile, a Mobility Management Entity (MME)/Serving GPRS Support Node (SGSN) 135 performs a mobility management, a location management, and a registration of a UE. Further, a Home Subscriber Server (HSS) 121 for managing authentication information and service information for a user and a UE is connected to the MME/SGSN 135 through an interface.
A data path exists between the eNB/RNC 133 and the Serving GW 116, and a control path or an interface for managing the mobility of a UE exists between the MME/SGSN 135 and the Serving GW 116. According to exemplary embodiments of the present invention, the UE 110 and the MME/SGSN 135 communicate with each other using a NAS protocol stack, thereby performing the mobility management and session management.
Exemplary embodiments of the present invention address a situation in which a UE 110 connected to a source network performs a handover. It is assumed that the source network may be one RAT among various types of RATs, such as a EUTRAN, UTRAN, and GERAN, and the PLMN of the source network is different from the PLMN to which the UE 110 will move. That is, exemplary embodiments of the present invention attempt to resolve problems associated with a handover situation of a UE 110 in which the PLMN changes from PLMN A to PLMN B during the handoff of the UE 110 from a source network to a target network and the target network supports the EUTRAN. Therefore, when the UE 110 performs a handover from a source network to a target network, the UE 110 is connected to the target eNB 112, the target MME 114, and the target HSS 141, and receives a service from them.
Step 201 corresponds to a handover preparation step. That is, step 201 corresponds to a step of requesting a core network to provide resources, which includes a step of making requests for resource preparation by the target eNB 112, the target MME 114, and the serving GW 116. In this step, a bearer context or mobility management context is transmitted from a source system to a target system for the requesting.
The handover preparation step includes the following sub-steps. When the source eNB/RNC 133 transmits a “relocation required” message to the source MME/SGSN 135 in step 201-1, the source MME/SGSN 135 forwards a relocation request message to the target MME 114 in step 201-3. Then, in step 201-5, the target MME 114 forwards a relocation response message to the source MME/SGSN 135.
In step 211, the source MME/SGSN 135 sends a relocation command message to the source eNB/RNC 133, thereby notifying the source eNB/RNC 133 that the handover preparation step has been completed. Then, the source eNB/RNC 133 transmits a handover command message to the UE 110 in step 213, and the UE 110 issues a handover command to the target eNB 112 in step 215. When the UE 110 has performed a handover to the target eNB 112, the target eNB 112 transmits a handover notification message to the target MME 114 in step 217. Thereafter, in step 219, if there is a change in the serving GW 116, a bearer modification request is made by the target MME 114, the serving GW 116, or the PDN GW 118. In step 221, during the handover process, the UE 110 transmits a Tracking Area Update (TAU) request message to the target MME 114. Thereafter, the target MME 114 inserts a PLMN Identity (ID) in a TAU response message, which is not shown in the drawings, and then sends the TAU response message to the UE 110. Then, the UE 110 can obtain a network ID of the serving network, which provides a service to the UE 110. The network ID includes a serving network ID and the PLMN ID. Therefore, even though the authentication thereafter is started in the target MME 114, no problem occurs in the authentication because the UE 110 and the target MME 114 share the PLMN ID (e.g., the ID of the PLMN B).
Referring to
Referring to
Step 301 corresponds to a handover preparation step. Step 301 is identical to the handover preparation step 201, so a detailed description thereof will be omitted here.
In step 311, the source MME/SGSN 135 sends a relocation command message to the source eNB/RNC 133, thereby notifying the source eNB/RNC 133 that the handover preparation step has been completed. Then, the source eNB/RNC 133 transmits a handover command message to the UE 110 in step 313, and the UE 110 issues a handover command to the target eNB 112. When the UE 110 completes the handover process to the target eNB 112 in step 315, the target eNB 112 transmits a handover notification message to the target MME 114 in step 317. Thereafter, in step 319, if there is a change in the serving GW 116, etc., a bearer modification request is made by the target MME 114, the serving GW 116, or the PDN GW 118. In step 321, during the handover process, the UE 110 transmits a Tracking Area Update (TAU) request message to the target MME 114. Thereafter, the target MME 114 inserts a PLMN Identity (ID) in a TAU response message, which is not shown in the drawings, and then sends the TAU response message to the UE 110. Then, the UE 110 can obtain a network ID of the serving network, which provides a service to the UE 110. Therefore, even though the security mode command process thereafter is started in the target MME 114, no problem occurs in executing the security mode command since the UE 110 and the target MME 114 share the PLMN ID (e.g., the ID of the PLMN B).
However, referring to
Referring to
Step 401 corresponds to a handover preparation step. Step 401 is identical to the handover preparation step 201, so a detailed description thereof will be omitted here.
In step 411, the source MME/SGSN 135 sends a relocation command message to the source eNB/RNC 133, thereby notifying the source eNB/RNC 133 that the handover preparation step has been completed. Then, the source eNB/RNC 133 transmits a handover command message to the UE 110 in step 413, and the UE 110 issues a handover command to the target eNB 112. When the UE 110 completes the handover process to the target eNB 112 in step 415, the target eNB 112 transmits a handover notification message to the target MME 114 in step 417. Thereafter, in step 419, if there is a change in the serving GW 116, etc., a bearer modification request is made by the target MME 114, the serving GW 116, the PDN GW 118, etc. In step 421, during the handover process, the UE 110 transmits a Tracking Area Update (TAU) request message to the target MME 114. Thereafter, in step 423, the MME 114 compares the PLMN ID of the MME 114 itself and the PLMN ID included in the information transmitted from the UE 110. When the two IDs are different, the MME 114 sends an identity request message to the UE 110 in step 425. In step 427, the UE 110 transmits an identity response message including an International Mobile Station Identity (IMSI) of itself to the target MME 114. In step 429, the target MME 114 transmits an authentication data request message to the HSS 141. In step 431, the HSS 141 calculates an authentication vector based on a new PLMN identity. Then, the HSS 141 transmits a random number (RAND), an authentication key (KASME), and an authentication token (AUTN) to the target MME 114 through an authentication data response step as step 433. Thereafter, the target MME 114 transmits an authentication request message including a serving network identity (i.e. PLMN identity) to the UE 110 in step 441. The authentication request message further includes an AUTN and a random challenge (RAND), which are a part of the authentication vector, in addition to the PLMN identity. In step 443, the UE 110 verifies the authentication vector and calculates the authentication key (KASME) by using the new PLMN identity transmitted from the MME 114. Thereafter, in step 445, the UE 110 transmits an authentication response message to the target MME 114 in step 445. At this time, the authentication response message sent from the UE 110 to the target MME 114 includes an RES, which is a response parameter calculated by the UE 110. The RES may include the calculated authentication key (KASME).
In the meantime, the target MME 114 verifies if a received authentication response message is an authentication response message transmitted from the UE, to which the target MME itself has sent the authentication request, by comparing the RES included in the received authentication response message with an expected response (XRES).
Although
Referring to
Step 501 corresponds to a handover preparation step. Step 501 is identical to the handover preparation step 201, so a detailed description thereof will be omitted here.
In step 511, the source MME/SGSN 135 sends a relocation command message to the source eNB/RNC 133, thereby notifying the source eNB/RNC 133 that the handover preparation step has been completed. Then, the source eNB/RNC 133 transmits a handover command message to the UE 110 in step 513, and the UE 110 issues a handover command to the target eNB 112. When the UE 110 completes the handover process to the target eNB 112 in step 515, the target eNB 112 transmits a handover notification message to the target MME 114 in step 517. Thereafter, in step 519, if there is a change in the serving GW 116, etc., a bearer modification request is made by the target MME 114, the serving GW 116, the PDN GW 118, etc. In step 521, during the handover process, the UE 110 transmits a Tracking Area Update (TAU) request message to the target MME 114. Thereafter, in step 523, the target MME 114 compares the PLMN ID of the MME 114 itself with the PLMN ID included in the information transmitted from the UE 110. Then, in step 541, when the two IDs are different, which implies that the serving network identities (PLMN identities) are different, the MME 114 does not send an authentication request message to the UE 110 until the processing of the TAU request message in step 521 is completed.
Referring to
Step 601 corresponds to a handover preparation step. Step 601 is identical to the handover preparation step 201, so a detailed description thereof will be omitted here.
In step 611, the source MME/SGSN 135 sends a relocation command message to the source eNB/RNC 133, thereby notifying the source eNB/RNC 133 that the handover preparation step has been completed. Then, the source eNB/RNC 133 transmits a handover command message to the UE 110 in step 613, and the UE 110 issues a handover command to the target eNB 112. When the UE 110 completes the handover process to the target eNB 112 in step 615, the target eNB 112 transmits a handover notification message to the target MME 116 in step 617. Thereafter, in step 619, if there is a change in the serving GW 116, etc., a bearer modification request is made by the target MME 116, the serving GW 116, the PDN GW 118, etc. In step 621, during the handover process, the UE 110 transmits a Tracking Area Update (TAU) request message to the target MME 116. Thereafter, in step 623, the target MME 116 compares the PLMN ID of the MME 116 itself with the PLMN ID included in the information transmitted from the UE 110. When the two IDs are different and the target MME 114 has acquired an authentication key (KASME) for a new PLMN identity, the target MME 114 generates a NAS integrity key (KNASint) and a NAS encryption key (KNASenc) in step 625. Thereafter, in step 641, the target MME 114 inserts a serving network identity (i.e., a PLMN identity) in a Security Mode Command (SMC) message and transmits the SMC message to the UE 110. In step 643, the UE 110 acquires an authentication key through a NAS Key Set Identity (eKSI). At this time, the UE 110 acquires the authentication key through an eKSI corresponding to the corresponding PLMN identity by using the newly received PLMN identity information, and generates a NAS integrity key (KNASint) and a NAS encryption key (KNASenc) from the authentication key. Thereafter, in step 645, the UE 110 verifies a NAS Message Authentication Code (MAC) by using the NAS integrity key (KNASint). When the verification is a success, the UE 110 transmits a NAS security mode completion message in step 647.
Although
Referring to
Step 701 corresponds to a handover preparation step. Step 701 is identical to the handover preparation step 201, so a detailed description thereof will be omitted here.
In step 711, the source MME/SGSN 135 sends a relocation command message to the source eNB/RNC 133, thereby notifying the source eNB/RNC 133 that the handover preparation step has been completed. Then, the source eNB/RNC 133 transmits a handover command message to the UE 110 in step 713, and the UE 110 issues a handover command to the target eNB 112. When the UE 110 completes the handover process to the target eNB 112 in step 715, the target eNB 112 transmits a handover notification message to the target MME 114 in step 717. Thereafter, in step 719, if there is a change in the serving GW 116, etc., a bearer modification request is made by the target MME 114, the serving GW 116, the PDN GW 118, etc. In step 721, during the handover process, the UE 110 transmits a Tracking Area Update (TAU) request message to the target MME 114. Thereafter, in step 723, the target MME 114 compares the PLMN ID of the MME 114 itself with the PLMN ID included in the information transmitted from the UE 110. Then, in step 741, when the two PLMN identities are different and the target MME 114 has acquired an authentication key (KASME) for a new PLMN identity through an authentication process, the target MME 114 does not send an SMC message based on the new authentication key to the UE 110 until the processing of the TAU request message is completed.
Referring to
Referring to
Referring to
Referring to
According to exemplary embodiments of the present invention, as described above with reference to
Table 1 below shows types of authentication request messages according to exemplary embodiments of the present invention. Although the message types shown in Table 1 are used when the messages are transmitted from the target MME 114 to the UE 110 as in step 441 of
TABLE 1
Information
IEI
element
Type/Reference
Presence
Format
Length
Protocol
Protocol discriminator
M
V
½
discriminator
9.2
Security header
Security header type
M
V
½
type
9.3.1
Authentication
Message type
M
V
1
request message
9.8
type
NAS key set
NAS key set identifier
M
V
½
identifierASME
9.9.3.21
Spare half octet
Spare half octet
M
V
½
9.9.2.9
Authentication
Authentication
M
V
16
parameter RAND
parameter RAND
(EPS challenge)
9.9.3.3
Authentication
Authentication
M
LV
17
parameter AUTN
parameter AUTN
(EPS challenge)
9.9.3.2
PLMN Identity
PLMN identity
O
V
3
x.x.x.x (spec section
number)
Table 2 below shows types of SMC messages according to exemplary embodiments of the present invention. Although the message types shown in Table 2 are used when the messages are transmitted from the target MME 114 to the UE 110 as in step 641 of
TABLE 2
Information
IEI
Element
Type/Reference
Presence
Format
Length
Protocol
Protocol discriminator
M
V
½
discriminator
9.2
Security header
Security header type
M
V
½
type
9.3.1
Security mode
Message type
M
V
1
command
9.8
message identity
Selected NAS
NAS security
M
V
1
security
algorithms
algorithms
9.9.3.23
NAS key set
NAS key set identifier
M
V
½
identifier
9.9.3.21
Spare half octet
Spare half octet
M
V
½
9.9.2.9
Replayed UE
UE security capability
M
LV
3-6
security
9.9.3.36
capabilities
C-
IMEISV
IMEISV request
O
TV
1
request
9.9.3.18
55
Replayed
Nonce
O
TV
5
nonceUE
9.9.3.25
56
NonceMME
Nonce
O
TV
5
9.9.3.25
PLMN
PLMN identity
O
V
3
Identity
x.x.x.x
Table 3 below shows PLMN ID Information Elements (IEs) included in the authentication request message or the SMC message of Tables 1 and 2 according to exemplary embodiments of the present invention, which correspond to IEs for notifying of information to be included in order to send the PLMN identities to the UE 110. Further, the PLMN ID IEs are not limited to the message types shown in Table 3. The PLMN ID IEs are IEs of type 3 and have a length of 4 octets. The MCC indicates a Mobile Country Code, in which octet 2 and octet 3 are configured in bits 1 to 4, and the MNC indicates a Mobile Network Code, in which octet 4 and octet 3 are configured in bits 5 to 8.
TABLE 3
##STR00001##
MCC, Mobile country code (octet 3, octet 4 bits 1 to 4)
The MCC field is coded as in ITU-T Rec. E212, Annex A.
MNC, Mobile network code (octet 5, octet 4 bits 5 to 8). The coding of this field is the responsibility of each administration but BCD coding shall be used. The MNC shall consist of 2 or 3 digits. For PCS 1900 for NA, Federal regulation mandates that a 3-digit MNC shall be used. However a network operator may decide to use only two digits in the MNC over the radio interface. In this case, bits 5 to 8 of octet 4 shall be coded as “1111”. Mobile equipment shall accept MNC coded in such a way.
In a mobile communication network according to exemplary embodiments of the present invention, when a UE performs a handover between PLMNs, especially when a UE performs a handover from a EUTRAN or another RAT (e.g., such as GETRAN or UTRAN) to another EUTRAN, it is possible to resolve problems associated with the authentication and security of the UE, thereby preventing interruption of communication.
Further, exemplary embodiments of the present invention propose a method capable of smoothly performing an authentication of a UE and a security mode command for the UE even during a handover of the UE between PLMNs by using a NAS protocol, so as to achieve an efficient mobility management of the UE.
While the invention has been shown and described with reference to certain exemplary embodiments thereof, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims and their equivalents.
Suh, Kyung-Joo, Lim, Chae-Gwon
Patent | Priority | Assignee | Title |
Patent | Priority | Assignee | Title |
8144877, | Sep 28 2007 | Huawei Technologies Co., Ltd. | Method and apparatus for updating a key in an active state |
20080267407, | |||
20090061878, | |||
20090305699, | |||
20100054472, | |||
20100081435, | |||
EP1860904, | |||
EP2007162, | |||
EP2018083, |
Executed on | Assignor | Assignee | Conveyance | Frame | Reel | Doc |
Sep 03 2015 | Samsung Electronics Co., Ltd. | (assignment on the face of the patent) | / |
Date | Maintenance Fee Events |
Jul 14 2016 | ASPN: Payor Number Assigned. |
Jul 19 2019 | M1551: Payment of Maintenance Fee, 4th Year, Large Entity. |
Jul 17 2023 | M1552: Payment of Maintenance Fee, 8th Year, Large Entity. |
Date | Maintenance Schedule |
Feb 23 2019 | 4 years fee payment window open |
Aug 23 2019 | 6 months grace period start (w surcharge) |
Feb 23 2020 | patent expiry (for year 4) |
Feb 23 2022 | 2 years to revive unintentionally abandoned end. (for year 4) |
Feb 23 2023 | 8 years fee payment window open |
Aug 23 2023 | 6 months grace period start (w surcharge) |
Feb 23 2024 | patent expiry (for year 8) |
Feb 23 2026 | 2 years to revive unintentionally abandoned end. (for year 8) |
Feb 23 2027 | 12 years fee payment window open |
Aug 23 2027 | 6 months grace period start (w surcharge) |
Feb 23 2028 | patent expiry (for year 12) |
Feb 23 2030 | 2 years to revive unintentionally abandoned end. (for year 12) |