Patents by Inventor Ahmad Shawky Muhanna

Ahmad Shawky Muhanna has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 12047781
    Abstract: A method and apparatus are provided for delivering user equipment (UE) new radio (NR) security capabilities and mobility management entity interworking. In the embodiments, adding the UE NR security capabilities in a new information element over a non-access stratum (NAS) is compatible with a legacy mobility management entity and eliminate any potential of bidding-down attack and is more advantageous and serves the security solution better. As long as the UE is connected to the long term evolution (LTE) and all UE security capabilities including LTE security capabilities have been replayed correctly and successfully in the NAS security mode command (SMC) message, the UE may not consider the absence of the UE NR security capabilities in the NAS SMC as a security vulnerability.
    Type: Grant
    Filed: February 28, 2022
    Date of Patent: July 23, 2024
    Assignee: HUAWEI TECHNOLOGIES CO., LTD.
    Inventors: Ahmad Shawky Muhanna, He Li, Mazin Ali Al-Shalash
  • Patent number: 11895498
    Abstract: Embodiments of this disclosure provide techniques for communicating in a wireless communication system. In particular, a user equipment (UE) may receiving a security command message from a base station comprising an indication of an integrity protection algorithm and an indication of an encryption algorithm. The first security command message may trigger a radio resource control (RRC) traffic signaling protection procedure between the UE and the base station. The UE transmits a security command complete message to the base station. The security command complete message may trigger a packet data unit (PDU) session establishment procedure to establish a PDU session between the UE and the base station.
    Type: Grant
    Filed: April 4, 2022
    Date of Patent: February 6, 2024
    Inventors: Ahmad Shawky Muhanna, Xin Zeng
  • Publication number: 20230353379
    Abstract: This disclosure provides techniques for securely communicating user equipment (UE) specific information from a UE to a network-side device. In particular, the UE may either encrypt the UE specific information using an encryption key to form an encrypted portion, where the UE specific information includes subscriber identity information and the encryption key is calculated in accordance with a public key of a home network of the UE. The UE generates a message authentication code (MAC) signature based on the encrypted portion and a first integrity key, where the first integrity key is calculated in accordance with the public key of the home network. The UE sends, to a network-side device, a request message including the encrypted portion, the MAC signature and a network identifier of the home network.
    Type: Application
    Filed: July 7, 2023
    Publication date: November 2, 2023
    Applicant: Futurewei Technologies, Inc.
    Inventors: Ahmad Shawky Muhanna, Marcus Wong
  • Patent number: 11700131
    Abstract: Embodiments of this disclosure provide techniques for securely communicating an IMSI over the air from a UE to an SeAN, as well as for securely validating an unencrypted IMSI that the SeAN receives from the home network, during authentication protocols. In particular, the UE may either encrypt the IMSI assigned to the UE using an IMSI encryption key (KIMSIenc) or compute a hash of the IMSI assigned to the UE using an IMSI integrity key (KIMSIint), and then send the encrypted IMSI or the hash of the IMSI to the serving network. The encrypted IMSI or hash of the encrypted IMSI may then be used by the SeAN to validate an unencrypted IMSI that was previously received from an HSS in the home network of the UE.
    Type: Grant
    Filed: December 17, 2020
    Date of Patent: July 11, 2023
    Assignee: Futurewei Technologies, Inc.
    Inventors: Ahmad Shawky Muhanna, Marcus Wong
  • Patent number: 11418962
    Abstract: A method and apparatus are provided for delivering user equipment (UE) new radio (NR) security capabilities and mobility management entity interworking. In the embodiments, adding the UE NR security capabilities in a new information element over a non-access stratum (NAS) is compatible with a legacy mobility management entity and eliminate any potential of bidding-down attack and is more advantageous and serves the security solution better. As long as the UE is connected to the long term evolution (LTE) and all UE security capabilities including LTE security capabilities have been replayed correctly and successfully in the NAS security mode command (SMC) message, the UE may not consider the absence of the UE NR security capabilities in the NAS SMC as a security vulnerability.
    Type: Grant
    Filed: February 6, 2020
    Date of Patent: August 16, 2022
    Assignee: HUAWEI TECHNOLOGIES CO., LTD.
    Inventors: Ahmad Shawky Muhanna, He Li, Mazin Ali Al-Shalash
  • Publication number: 20220232384
    Abstract: Embodiments of this disclosure provide techniques for communicating in a wireless communication system. In particular, a user equipment (UE) may receiving a security command message from a base station comprising an indication of an integrity protection algorithm and an indication of an encryption algorithm. The first security command message may trigger a radio resource control (RRC) traffic signaling protection procedure between the UE and the base station. The UE transmits a security command complete message to the base station. The security command complete message may trigger a packet data unit (PDU) session establishment procedure to establish a PDU session between the UE and the base station.
    Type: Application
    Filed: April 4, 2022
    Publication date: July 21, 2022
    Applicant: Futurewei Technologies, Inc.
    Inventors: Ahmad Shawky Muhanna, Xin Zeng
  • Publication number: 20220225100
    Abstract: Embodiments of this disclosure provide techniques for communicating in a wireless communication system. In particular, a user equipment (UE) may receiving a security command message from a base station comprising an indication of an integrity protection algorithm and an indication of an encryption algorithm. The first security command message may trigger a radio resource control (RRC) traffic signaling protection procedure between the UE and the base station. The UE transmits a security command complete message to the base station. The security command complete message may trigger a packet data unit (PDU) session establishment procedure to establish a PDU session between the UE and the base station.
    Type: Application
    Filed: April 4, 2022
    Publication date: July 14, 2022
    Inventors: Ahmad Shawky Muhanna, Xin Zeng
  • Publication number: 20220191701
    Abstract: A method and apparatus are provided for delivering user equipment (UE) new radio (NR) security capabilities and mobility management entity interworking. In the embodiments, adding the UE NR security capabilities in a new information element over a non-access stratum (NAS) is compatible with a legacy mobility management entity and eliminate any potential of bidding-down attack and is more advantageous and serves the security solution better. As long as the UE is connected to the long term evolution (LTE) and all UE security capabilities including LTE security capabilities have been replayed correctly and successfully in the NAS security mode command (SMC) message, the UE may not consider the absence of the UE NR security capabilities in the NAS SMC as a security vulnerability.
    Type: Application
    Filed: February 28, 2022
    Publication date: June 16, 2022
    Inventors: Ahmad Shawky Muhanna, He Li, Mazin Ali Al-Shalash
  • Patent number: 11297502
    Abstract: Embodiments of this disclosure provide techniques for communicating in a wireless communication system. In particular, a user equipment (UE) may receiving a security command message from a base station comprising an indication of an integrity protection algorithm and an indication of an encryption algorithm. The first security command message may trigger a radio resource control (RRC) traffic signaling protection procedure between the UE and the base station. The UE transmits a security command complete message to the base station. The security command complete message may trigger a packet data unit (PDU) session establishment procedure to establish a PDU session between the UE and the base station.
    Type: Grant
    Filed: September 4, 2018
    Date of Patent: April 5, 2022
    Assignee: FUTUREWEI TECHNOLOGIES, INC.
    Inventors: Ahmad Shawky Muhanna, Xin Zeng
  • Patent number: 11265723
    Abstract: A method and apparatus are provided for delivering user equipment (UE) new radio (NR) security capabilities and mobility management entity interworking. In the embodiments, adding the UE NR security capabilities in a new information element over a non-access stratum (NAS) is compatible with a legacy mobility management entity and eliminate any potential of bidding-down attack and is more advantageous and serves the security solution better. As long as the UE is connected to the long term evolution (LTE) and all UE security capabilities including LTE security capabilities have been replayed correctly and successfully in the NAS security mode command (SMC) message, the UE may not consider the absence of the UE NR security capabilities in the NAS SMC as a security vulnerability.
    Type: Grant
    Filed: February 6, 2020
    Date of Patent: March 1, 2022
    Assignee: Huawei Technologies Co., Ltd.
    Inventors: Ahmad Shawky Muhanna, He Li, Mazin Ali Al-Shalash
  • Publication number: 20210211296
    Abstract: Embodiments of this disclosure provide techniques for securely communicating an IMSI over the air from a UE to an SeAN, as well as for securely validating an unencrypted IMSI that the SeAN receives from the home network, during authentication protocols. In particular, the UE may either encrypt the IMSI assigned to the UE using an IMSI encryption key (KIMSIenc) or compute a hash of the IMSI assigned to the UE using an IMSI integrity key (KIMSIint), and then send the encrypted IMSI or the hash of the IMSI to the serving network. The encrypted IMSI or hash of the encrypted IMSI may then be used by the SeAN to validate an unencrypted IMSI that was previously received from an HSS in the home network of the UE.
    Type: Application
    Filed: December 17, 2020
    Publication date: July 8, 2021
    Inventors: Ahmad Shawky Muhanna, Marcus Wong
  • Publication number: 20210135878
    Abstract: Embodiment mutual authentication and security agreement (MASA) protocols may use independently generated integrity and/or encryption keys to securely communicate private information exchanged between UEs and various network-side devices (e.g., base stations, MMEs, HSSs, etc.). In particular, embodiment MASA protocols may use an initial authentication request (IAR) encryption key (KIARENC) to encrypt UE specific information (e.g., an IMSI, etc.) in an IAR message and/or an initial authentication response (IAS) encryption key (KIASENC) to encrypt private information in an IAS message. Additionally, embodiment MASA protocols may use an IAR integrity protection key (KIARINT) to verify the integrity of information in an IAR message and/or an IAS integrity protection key (KIASINT) to verify the integrity of information in an IAS message. The KIARENC, KIARINT, KIASENC, and/or KIASINT may be independently computed by the UE and a home subscriber server (HSS).
    Type: Application
    Filed: January 11, 2021
    Publication date: May 6, 2021
    Inventors: Ahmad Shawky Muhanna, Marcus Wong
  • Patent number: 10887295
    Abstract: It is possible to reduce singling overhead in a radio access network by coordinating authentication of a group of UEs (e.g., IoT devices, etc.) via a master device. In particular, the master device may aggregate UE identifiers (UE_IDs) for UEs in the group, and send an identity message carrying the UE_IDs and a master device identifier (MD_ID) to a base station, which may then relay the identity message to a Security Anchor Node (SeAN). The SeAN may send an authentication data request carrying the UE_IDs and MD_ID to a Home Subscriber Server (HSS), which may return an authentication data response that includes a group authentication information. The group authentication information may then be used to achieve mutual authentication between the SeAN and each of the master device, group of UEs, and individual UEs.
    Type: Grant
    Filed: September 29, 2017
    Date of Patent: January 5, 2021
    Assignee: Futurewei Technologies, Inc.
    Inventors: Ahmad Shawky Muhanna, Xiang Xie
  • Patent number: 10873464
    Abstract: Embodiments of this disclosure provide techniques for securely communicating an IMSI over the air from a UE to an SeAN, as well as for securely validating an unencrypted IMSI that the SeAN receives from the home network, during authentication protocols. In particular, the UE may either encrypt the IMSI assigned to the UE using an IMSI encryption key (KIMSIenc) or compute a hash of the IMSI assigned to the UE using an IMSI integrity key (KIMSIint), and then send the encrypted IMSI or the hash of the IMSI to the serving network. The encrypted IMSI or hash of the encrypted IMSI may then be used by the SeAN to validate an unencrypted IMSI that was previously received from an HSS in the home network of the UE.
    Type: Grant
    Filed: August 7, 2017
    Date of Patent: December 22, 2020
    Assignee: Futurewei Technologies, Inc.
    Inventors: Ahmad Shawky Muhanna, Marcus Wong
  • Publication number: 20200178068
    Abstract: A method and apparatus are provided for delivering user equipment (UE) new radio (NR) security capabilities and mobility management entity interworking. In the embodiments, adding the UE NR security capabilities in a new information element over a non-access stratum (NAS) is compatible with a legacy mobility management entity and eliminate any potential of bidding-down attack and is more advantageous and serves the security solution better. As long as the UE is connected to the long term evolution (LTE) and all UE security capabilities including LTE security capabilities have been replayed correctly and successfully in the NAS security mode command (SMC) message, the UE may not consider the absence of the UE NR security capabilities in the NAS SMC as a security vulnerability.
    Type: Application
    Filed: February 6, 2020
    Publication date: June 4, 2020
    Inventors: Ahmad Shawky Muhanna, He Li, Mazin Ali Al-Shalash
  • Publication number: 20190288851
    Abstract: Embodiment mutual authentication and security agreement (MASA) protocols may use independently generated integrity and/or encryption keys to securely communicate private information exchanged between UEs and various network-side devices (e.g., base stations, MMEs, HSSs, etc.). In particular, embodiment MASA protocols may use an initial authentication request (IAR) encryption key (KIARENC) to encrypt UE specific information (e.g., an IMSI, etc.) in an IAR message and/or an initial authentication response (IAS) encryption key (KIASENC) to encrypt private information in an IAS message. Additionally, embodiment MASA protocols may use an IAR integrity protection key (KIARINT) to verify the integrity of information in an IAR message and/or an IAS integrity protection key (KIASINT) to verify the integrity of information in an IAS message. The KIARENC, KIARINT, KIASENC, and/or KIASINT may be independently computed by the UE and a home subscriber server (HSS).
    Type: Application
    Filed: June 6, 2019
    Publication date: September 19, 2019
    Inventors: Ahmad Shawky Muhanna, Marcus Wong
  • Patent number: 10412056
    Abstract: A method for establishing a trust relationship in an ultra dense network is provided. The method comprises receiving, by a user equipment (UE), a reconfiguration request from a macrocell; deriving, by the UE, a user plane encryption key according to information in the reconfiguration request; transmitting, by the UE, a first user plane signaling message to a first microcell in a group of microcells when the UE is attached to the first microcell; and transmitting, by the UE, a second user plane signaling message to a second microcell in the group of microcells when the UE is attached to the second microcell, wherein the first user plane signaling message and the second user plane signaling message are both encrypted according to the user plane encryption key.
    Type: Grant
    Filed: July 18, 2016
    Date of Patent: September 10, 2019
    Assignee: Futurewei Technologies, Inc.
    Inventors: Ahmad Shawky Muhanna, Zhibi Wang, Jiangsheng Wang
  • Patent number: 10382206
    Abstract: Embodiment mutual authentication and security agreement (MASA) protocols may use independently generated integrity and/or encryption keys to securely communicate private information exchanged between UEs and various network-side devices (e.g., base stations, MMEs, HSSs, etc.). In particular, embodiment MASA protocols may use an initial authentication request (IAR) encryption key (KIARENC) to encrypt UE specific information (e.g., an IMSI, etc.) in an IAR message and/or an initial authentication response (IAS) encryption key (KIASENC) to encrypt private information in an IAS message. Additionally, embodiment MASA protocols may use an IAR integrity protection key (KIARINT) to verify the integrity of information in an IAR message and/or an IAS integrity protection key (KIASINT) to verify the integrity of information in an IAS message. The KIARENC, KIARINT, KIASENC, and/or KIASINT may be independently computed by the UE and a home subscriber server (HSS).
    Type: Grant
    Filed: March 8, 2017
    Date of Patent: August 13, 2019
    Assignee: Futurewei Technologies, Inc.
    Inventors: Ahmad Shawky Muhanna, Marcus Wong
  • Patent number: 10375031
    Abstract: A method for establishing a trust relationship in an ultra dense network is provided. The method comprises receiving, by a user equipment (UE), a reconfiguration request from a macrocell; deriving, by the UE, a user plane encryption key according to information in the reconfiguration request; transmitting, by the UE, a first user plane signaling message to a first microcell in a group of microcells when the UE is attached to the first microcell; and transmitting, by the UE, a second user plane signaling message to a second microcell in the group of microcells when the UE is attached to the second microcell, wherein the first user plane signaling message and the second user plane signaling message are both encrypted according to the user plane encryption key.
    Type: Grant
    Filed: July 18, 2016
    Date of Patent: August 6, 2019
    Assignee: Futurewei Technologies, Inc.
    Inventors: Ahmad Shawky Muhanna, Zhibi Wang, Jiangsheng Wang
  • Publication number: 20190082325
    Abstract: Embodiments of this disclosure provide techniques for communicating in a wireless communication system. In particular, a user equipment (UE) may receiving a security command message from a base station comprising an indication of an integrity protection algorithm and an indication of an encryption algorithm. The first security command message may trigger a radio resource control (RRC) traffic signaling protection procedure between the UE and the base station. The UE transmits a security command complete message to the base station. The security command complete message may trigger a packet data unit (PDU) session establishment procedure to establish a PDU session between the UE and the base station.
    Type: Application
    Filed: September 4, 2018
    Publication date: March 14, 2019
    Inventors: Ahmad Shawky Muhanna, Xin Zeng