Patents by Inventor Ahmad Shawky Muhanna
Ahmad Shawky Muhanna has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11418962Abstract: A method and apparatus are provided for delivering user equipment (UE) new radio (NR) security capabilities and mobility management entity interworking. In the embodiments, adding the UE NR security capabilities in a new information element over a non-access stratum (NAS) is compatible with a legacy mobility management entity and eliminate any potential of bidding-down attack and is more advantageous and serves the security solution better. As long as the UE is connected to the long term evolution (LTE) and all UE security capabilities including LTE security capabilities have been replayed correctly and successfully in the NAS security mode command (SMC) message, the UE may not consider the absence of the UE NR security capabilities in the NAS SMC as a security vulnerability.Type: GrantFiled: February 6, 2020Date of Patent: August 16, 2022Assignee: HUAWEI TECHNOLOGIES CO., LTD.Inventors: Ahmad Shawky Muhanna, He Li, Mazin Ali Al-Shalash
-
Publication number: 20220232384Abstract: Embodiments of this disclosure provide techniques for communicating in a wireless communication system. In particular, a user equipment (UE) may receiving a security command message from a base station comprising an indication of an integrity protection algorithm and an indication of an encryption algorithm. The first security command message may trigger a radio resource control (RRC) traffic signaling protection procedure between the UE and the base station. The UE transmits a security command complete message to the base station. The security command complete message may trigger a packet data unit (PDU) session establishment procedure to establish a PDU session between the UE and the base station.Type: ApplicationFiled: April 4, 2022Publication date: July 21, 2022Applicant: Futurewei Technologies, Inc.Inventors: Ahmad Shawky Muhanna, Xin Zeng
-
Publication number: 20220225100Abstract: Embodiments of this disclosure provide techniques for communicating in a wireless communication system. In particular, a user equipment (UE) may receiving a security command message from a base station comprising an indication of an integrity protection algorithm and an indication of an encryption algorithm. The first security command message may trigger a radio resource control (RRC) traffic signaling protection procedure between the UE and the base station. The UE transmits a security command complete message to the base station. The security command complete message may trigger a packet data unit (PDU) session establishment procedure to establish a PDU session between the UE and the base station.Type: ApplicationFiled: April 4, 2022Publication date: July 14, 2022Inventors: Ahmad Shawky Muhanna, Xin Zeng
-
Publication number: 20220191701Abstract: A method and apparatus are provided for delivering user equipment (UE) new radio (NR) security capabilities and mobility management entity interworking. In the embodiments, adding the UE NR security capabilities in a new information element over a non-access stratum (NAS) is compatible with a legacy mobility management entity and eliminate any potential of bidding-down attack and is more advantageous and serves the security solution better. As long as the UE is connected to the long term evolution (LTE) and all UE security capabilities including LTE security capabilities have been replayed correctly and successfully in the NAS security mode command (SMC) message, the UE may not consider the absence of the UE NR security capabilities in the NAS SMC as a security vulnerability.Type: ApplicationFiled: February 28, 2022Publication date: June 16, 2022Inventors: Ahmad Shawky Muhanna, He Li, Mazin Ali Al-Shalash
-
Patent number: 11297502Abstract: Embodiments of this disclosure provide techniques for communicating in a wireless communication system. In particular, a user equipment (UE) may receiving a security command message from a base station comprising an indication of an integrity protection algorithm and an indication of an encryption algorithm. The first security command message may trigger a radio resource control (RRC) traffic signaling protection procedure between the UE and the base station. The UE transmits a security command complete message to the base station. The security command complete message may trigger a packet data unit (PDU) session establishment procedure to establish a PDU session between the UE and the base station.Type: GrantFiled: September 4, 2018Date of Patent: April 5, 2022Assignee: FUTUREWEI TECHNOLOGIES, INC.Inventors: Ahmad Shawky Muhanna, Xin Zeng
-
Patent number: 11265723Abstract: A method and apparatus are provided for delivering user equipment (UE) new radio (NR) security capabilities and mobility management entity interworking. In the embodiments, adding the UE NR security capabilities in a new information element over a non-access stratum (NAS) is compatible with a legacy mobility management entity and eliminate any potential of bidding-down attack and is more advantageous and serves the security solution better. As long as the UE is connected to the long term evolution (LTE) and all UE security capabilities including LTE security capabilities have been replayed correctly and successfully in the NAS security mode command (SMC) message, the UE may not consider the absence of the UE NR security capabilities in the NAS SMC as a security vulnerability.Type: GrantFiled: February 6, 2020Date of Patent: March 1, 2022Assignee: Huawei Technologies Co., Ltd.Inventors: Ahmad Shawky Muhanna, He Li, Mazin Ali Al-Shalash
-
Publication number: 20210211296Abstract: Embodiments of this disclosure provide techniques for securely communicating an IMSI over the air from a UE to an SeAN, as well as for securely validating an unencrypted IMSI that the SeAN receives from the home network, during authentication protocols. In particular, the UE may either encrypt the IMSI assigned to the UE using an IMSI encryption key (KIMSIenc) or compute a hash of the IMSI assigned to the UE using an IMSI integrity key (KIMSIint), and then send the encrypted IMSI or the hash of the IMSI to the serving network. The encrypted IMSI or hash of the encrypted IMSI may then be used by the SeAN to validate an unencrypted IMSI that was previously received from an HSS in the home network of the UE.Type: ApplicationFiled: December 17, 2020Publication date: July 8, 2021Inventors: Ahmad Shawky Muhanna, Marcus Wong
-
Publication number: 20210135878Abstract: Embodiment mutual authentication and security agreement (MASA) protocols may use independently generated integrity and/or encryption keys to securely communicate private information exchanged between UEs and various network-side devices (e.g., base stations, MMEs, HSSs, etc.). In particular, embodiment MASA protocols may use an initial authentication request (IAR) encryption key (KIARENC) to encrypt UE specific information (e.g., an IMSI, etc.) in an IAR message and/or an initial authentication response (IAS) encryption key (KIASENC) to encrypt private information in an IAS message. Additionally, embodiment MASA protocols may use an IAR integrity protection key (KIARINT) to verify the integrity of information in an IAR message and/or an IAS integrity protection key (KIASINT) to verify the integrity of information in an IAS message. The KIARENC, KIARINT, KIASENC, and/or KIASINT may be independently computed by the UE and a home subscriber server (HSS).Type: ApplicationFiled: January 11, 2021Publication date: May 6, 2021Inventors: Ahmad Shawky Muhanna, Marcus Wong
-
Patent number: 10887295Abstract: It is possible to reduce singling overhead in a radio access network by coordinating authentication of a group of UEs (e.g., IoT devices, etc.) via a master device. In particular, the master device may aggregate UE identifiers (UE_IDs) for UEs in the group, and send an identity message carrying the UE_IDs and a master device identifier (MD_ID) to a base station, which may then relay the identity message to a Security Anchor Node (SeAN). The SeAN may send an authentication data request carrying the UE_IDs and MD_ID to a Home Subscriber Server (HSS), which may return an authentication data response that includes a group authentication information. The group authentication information may then be used to achieve mutual authentication between the SeAN and each of the master device, group of UEs, and individual UEs.Type: GrantFiled: September 29, 2017Date of Patent: January 5, 2021Assignee: Futurewei Technologies, Inc.Inventors: Ahmad Shawky Muhanna, Xiang Xie
-
Patent number: 10873464Abstract: Embodiments of this disclosure provide techniques for securely communicating an IMSI over the air from a UE to an SeAN, as well as for securely validating an unencrypted IMSI that the SeAN receives from the home network, during authentication protocols. In particular, the UE may either encrypt the IMSI assigned to the UE using an IMSI encryption key (KIMSIenc) or compute a hash of the IMSI assigned to the UE using an IMSI integrity key (KIMSIint), and then send the encrypted IMSI or the hash of the IMSI to the serving network. The encrypted IMSI or hash of the encrypted IMSI may then be used by the SeAN to validate an unencrypted IMSI that was previously received from an HSS in the home network of the UE.Type: GrantFiled: August 7, 2017Date of Patent: December 22, 2020Assignee: Futurewei Technologies, Inc.Inventors: Ahmad Shawky Muhanna, Marcus Wong
-
Publication number: 20200178068Abstract: A method and apparatus are provided for delivering user equipment (UE) new radio (NR) security capabilities and mobility management entity interworking. In the embodiments, adding the UE NR security capabilities in a new information element over a non-access stratum (NAS) is compatible with a legacy mobility management entity and eliminate any potential of bidding-down attack and is more advantageous and serves the security solution better. As long as the UE is connected to the long term evolution (LTE) and all UE security capabilities including LTE security capabilities have been replayed correctly and successfully in the NAS security mode command (SMC) message, the UE may not consider the absence of the UE NR security capabilities in the NAS SMC as a security vulnerability.Type: ApplicationFiled: February 6, 2020Publication date: June 4, 2020Inventors: Ahmad Shawky Muhanna, He Li, Mazin Ali Al-Shalash
-
Publication number: 20190288851Abstract: Embodiment mutual authentication and security agreement (MASA) protocols may use independently generated integrity and/or encryption keys to securely communicate private information exchanged between UEs and various network-side devices (e.g., base stations, MMEs, HSSs, etc.). In particular, embodiment MASA protocols may use an initial authentication request (IAR) encryption key (KIARENC) to encrypt UE specific information (e.g., an IMSI, etc.) in an IAR message and/or an initial authentication response (IAS) encryption key (KIASENC) to encrypt private information in an IAS message. Additionally, embodiment MASA protocols may use an IAR integrity protection key (KIARINT) to verify the integrity of information in an IAR message and/or an IAS integrity protection key (KIASINT) to verify the integrity of information in an IAS message. The KIARENC, KIARINT, KIASENC, and/or KIASINT may be independently computed by the UE and a home subscriber server (HSS).Type: ApplicationFiled: June 6, 2019Publication date: September 19, 2019Inventors: Ahmad Shawky Muhanna, Marcus Wong
-
Patent number: 10412056Abstract: A method for establishing a trust relationship in an ultra dense network is provided. The method comprises receiving, by a user equipment (UE), a reconfiguration request from a macrocell; deriving, by the UE, a user plane encryption key according to information in the reconfiguration request; transmitting, by the UE, a first user plane signaling message to a first microcell in a group of microcells when the UE is attached to the first microcell; and transmitting, by the UE, a second user plane signaling message to a second microcell in the group of microcells when the UE is attached to the second microcell, wherein the first user plane signaling message and the second user plane signaling message are both encrypted according to the user plane encryption key.Type: GrantFiled: July 18, 2016Date of Patent: September 10, 2019Assignee: Futurewei Technologies, Inc.Inventors: Ahmad Shawky Muhanna, Zhibi Wang, Jiangsheng Wang
-
Patent number: 10382206Abstract: Embodiment mutual authentication and security agreement (MASA) protocols may use independently generated integrity and/or encryption keys to securely communicate private information exchanged between UEs and various network-side devices (e.g., base stations, MMEs, HSSs, etc.). In particular, embodiment MASA protocols may use an initial authentication request (IAR) encryption key (KIARENC) to encrypt UE specific information (e.g., an IMSI, etc.) in an IAR message and/or an initial authentication response (IAS) encryption key (KIASENC) to encrypt private information in an IAS message. Additionally, embodiment MASA protocols may use an IAR integrity protection key (KIARINT) to verify the integrity of information in an IAR message and/or an IAS integrity protection key (KIASINT) to verify the integrity of information in an IAS message. The KIARENC, KIARINT, KIASENC, and/or KIASINT may be independently computed by the UE and a home subscriber server (HSS).Type: GrantFiled: March 8, 2017Date of Patent: August 13, 2019Assignee: Futurewei Technologies, Inc.Inventors: Ahmad Shawky Muhanna, Marcus Wong
-
Patent number: 10375031Abstract: A method for establishing a trust relationship in an ultra dense network is provided. The method comprises receiving, by a user equipment (UE), a reconfiguration request from a macrocell; deriving, by the UE, a user plane encryption key according to information in the reconfiguration request; transmitting, by the UE, a first user plane signaling message to a first microcell in a group of microcells when the UE is attached to the first microcell; and transmitting, by the UE, a second user plane signaling message to a second microcell in the group of microcells when the UE is attached to the second microcell, wherein the first user plane signaling message and the second user plane signaling message are both encrypted according to the user plane encryption key.Type: GrantFiled: July 18, 2016Date of Patent: August 6, 2019Assignee: Futurewei Technologies, Inc.Inventors: Ahmad Shawky Muhanna, Zhibi Wang, Jiangsheng Wang
-
Publication number: 20190082325Abstract: Embodiments of this disclosure provide techniques for communicating in a wireless communication system. In particular, a user equipment (UE) may receiving a security command message from a base station comprising an indication of an integrity protection algorithm and an indication of an encryption algorithm. The first security command message may trigger a radio resource control (RRC) traffic signaling protection procedure between the UE and the base station. The UE transmits a security command complete message to the base station. The security command complete message may trigger a packet data unit (PDU) session establishment procedure to establish a PDU session between the UE and the base station.Type: ApplicationFiled: September 4, 2018Publication date: March 14, 2019Inventors: Ahmad Shawky Muhanna, Xin Zeng
-
Patent number: 10219152Abstract: A method of establishing a group trust relationship in an Internet of Things (IoT) system using a first IoT device within a group of IoT devices is provided. The method includes generating, by the first IoT device, a first set of keys corresponding to the first IoT device, deriving, by the first IoT device, a group set of keys corresponding the group of IoT devices, and discarding the first set of keys and storing the group set of keys after the first IoT device transmits data toward a base station and goes idle, wherein the group set of keys is used by each IoT device within the group of IoT devices for subsequent transmissions of data to the base station.Type: GrantFiled: September 13, 2016Date of Patent: February 26, 2019Assignee: Futurewei Technologies, Inc.Inventors: Ahmad Shawky Muhanna, Mazin Al-Shalash, Jiangsheng Wang
-
Publication number: 20180115539Abstract: It is possible to reduce singling overhead in a radio access network by coordinating authentication of a group of UEs (e.g., IoT devices, etc.) via a master device. In particular, the master device may aggregate UE identifiers (UE_IDs) for UEs in the group, and send an identity message carrying the UE_IDs and a master device identifier (MD_ID) to a base station, which may then relay the identity message to a Security Anchor Node (SeAN). The SeAN may send an authentication data request carrying the UE_IDs and MD_ID to a Home Subscriber Server (HSS), which may return an authentication data response that includes a group authentication information. The group authentication information may then be used to achieve mutual authentication between the SeAN and each of the master device, group of UEs, and individual UEs.Type: ApplicationFiled: September 29, 2017Publication date: April 26, 2018Inventors: Ahmad Shawky Muhanna, Xiang Xie
-
Publication number: 20180013568Abstract: Embodiments of this disclosure provide techniques for securely communicating an IMSI over the air from a UE to an SeAN, as well as for securely validating an unencrypted IMSI that the SeAN receives from the home network, during authentication protocols. In particular, the UE may either encrypt the IMSI assigned to the UE using an IMSI encryption key (KIMSIenc) or compute a hash of the IMSI assigned to the UE using an IMSI integrity key (KIMSIint), and then send the encrypted IMSI or the hash of the IMSI to the serving network. The encrypted IMSI or hash of the encrypted IMSI may then be used by the SeAN to validate an unencrypted IMSI that was previously received from an HSS in the home network of the UE.Type: ApplicationFiled: August 7, 2017Publication date: January 11, 2018Inventors: Ahmad Shawky Muhanna, Marcus Wong
-
Patent number: 9867039Abstract: A system and method of detecting fake base stations. A first wireless device such as a user equipment (UE) or a base station (BS) may identify multiple parameters associated with a discovery signal transmitted by a second wireless device, the second wireless device advertising as a BS. The first wireless device may compare the multiple parameters with a set of parameters assigned to, or otherwise associated with, a cluster of neighboring BSs, and determine that the second wireless device is a fake BS when an inconsistency between the multiple parameters and the set of parameters associated with the cluster of neighboring BSs exceeds a threshold. The UE or the BS may also transmit the multiple parameters to a central controller, and the central controller may aggregate, correlate, and analyze the parameters, historical data, and other data from other sources associated with the second wireless device to determine whether the second wireless device is a fake BS.Type: GrantFiled: June 21, 2016Date of Patent: January 9, 2018Assignee: Futurewei Technologies, Inc.Inventors: Zhibi Wang, Jianying Qian, Ahmad Shawky Muhanna